Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Rewrite view-in-browser to always require newsletter ID and hash, refactor

Browse Source 
[MAILPOET-2430]
This commit is contained in:
Jan Jakeš
2020-02-05 13:45:37 +01:00
committed by Jack Kitterhing
parent ddfc9647dd
commit 3cd5af448e
2 changed files with 53 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
lib/Newsletter/ViewInBrowser.php
View File

@ -2,6 +2,9 @@
namespace MailPoet\Newsletter; namespace MailPoet\Newsletter;
use MailPoet\Models\Newsletter;
use MailPoet\Models\SendingQueue;
use MailPoet\Models\Subscriber;
use MailPoet\Newsletter\Links\Links; use MailPoet\Newsletter\Links\Links;
use MailPoet\Newsletter\Renderer\Renderer; use MailPoet\Newsletter\Renderer\Renderer;
use MailPoet\Newsletter\Shortcodes\Shortcodes; use MailPoet\Newsletter\Shortcodes\Shortcodes;
@ -14,26 +17,18 @@ class ViewInBrowser {
/** @var bool */ /** @var bool */
private $isTrackingEnabled; private $isTrackingEnabled;
public function __construct(Emoji $emoji, $isTrackingEnabled) { public function __construct(Emoji $emoji, bool $isTrackingEnabled) {
$this->isTrackingEnabled = $isTrackingEnabled;
$this->emoji = $emoji; $this->emoji = $emoji;
$this->isTrackingEnabled = $isTrackingEnabled;
} }
public function view(array $data) { public function view(
$wpUserPreview = ( bool $isPreview,
($data['subscriber'] && $data['subscriber']->isWPUser() && $data['preview']) Newsletter $newsletter,
|| Subscriber $subscriber = null,
($data['preview'] && $data['newsletter_hash']) SendingQueue $queue = null
); ) {
return $this->renderNewsletter( $wpUserPreview = $isPreview;
$data['newsletter'],
$data['subscriber'],
$data['queue'],
$wpUserPreview
);
}
public function renderNewsletter($newsletter, $subscriber, $queue, $wpUserPreview) {
if ($queue && $queue->getNewsletterRenderedBody()) { if ($queue && $queue->getNewsletterRenderedBody()) {
$newsletterBody = $queue->getNewsletterRenderedBody('html'); $newsletterBody = $queue->getNewsletterRenderedBody('html');
$newsletterBody = $this->emoji->decodeEmojisInBody($newsletterBody); $newsletterBody = $this->emoji->decodeEmojisInBody($newsletterBody);

102
lib/Router/Endpoints/ViewInBrowser.php
View File

@ -16,10 +16,12 @@ use MailPoet\WP\Functions as WPFunctions;
class ViewInBrowser { class ViewInBrowser {
const ENDPOINT = 'view_in_browser'; const ENDPOINT = 'view_in_browser';
const ACTION_VIEW = 'view'; const ACTION_VIEW = 'view';
public $allowedActions = [self::ACTION_VIEW]; public $allowedActions = [self::ACTION_VIEW];
public $permissions = [ public $permissions = [
'global' => AccessControl::NO_ACCESS_RESTRICTION, 'global' => AccessControl::NO_ACCESS_RESTRICTION,
]; ];
/** @var AccessControl */ /** @var AccessControl */
private $accessControl; private $accessControl;
@ -39,81 +41,59 @@ class ViewInBrowser {
$this->emoji = $emoji; $this->emoji = $emoji;
} }
public function view($data) { public function view(array $data) {
$data = $this->_processBrowserPreviewData($data);
$viewInBrowser = new NewsletterViewInBrowser($this->emoji, (bool)$this->settings->get('tracking.enabled'));
return $this->_displayNewsletter($viewInBrowser->view($data));
}
public function _processBrowserPreviewData(array $data) {
$data = NewsletterUrl::transformUrlDataObject($data); $data = NewsletterUrl::transformUrlDataObject($data);
return $this->_validateBrowserPreviewData($data) ?: $this->_abort(); $isPreview = !empty($data['preview']);
}
/** // newsletter - ID is mandatory hash must be set and valid
* @param array $data $newsletter = empty($data['newsletter_id']) ? null : Newsletter::findOne($data['newsletter_id']);
* @return array|false if (!$newsletter || empty($data['newsletter_hash']) || $data['newsletter_hash'] !== $newsletter->hash) {
*/ return $this->_abort();
public function _validateBrowserPreviewData(array $data) {
// either newsletter ID or hash must be defined, and newsletter must exist
if (empty($data['newsletter_id']) && empty($data['newsletter_hash'])) {
return false;
}
$data['newsletter'] = (!empty($data['newsletter_hash']))
? Newsletter::getByHash($data['newsletter_hash'])
: Newsletter::findOne($data['newsletter_id']);
if (!$data['newsletter']) {
return false;
} }
// subscriber is optional; if exists, token must validate // subscriber is optional; if exists, token must validate
$data['subscriber'] = !empty($data['subscriber_id']) ? Subscriber::findOne($data['subscriber_id']) : false; $subscriber = empty($data['subscriber_id']) ? null : Subscriber::findOne($data['subscriber_id']);
if ($data['subscriber']) { $subscriberToken = $data['subscriber_token'] ?? null;
if (empty($data['subscriber_token']) || !$this->linkTokens->verifyToken($data['subscriber'], $data['subscriber_token'])) { if ($subscriber && (!$subscriberToken || !$this->linkTokens->verifyToken($subscriber, $subscriberToken))) {
return false; return $this->_abort();
}
} else if (!$data['subscriber'] && !empty($data['preview'])) {
// if this is a preview and subscriber does not exist,
// attempt to set subscriber to the current logged-in WP user
$data['subscriber'] = Subscriber::getCurrentWPUser();
} }
// if newsletter hash is not provided but newsletter ID is defined then subscriber must exist // if this is a preview and subscriber does not exist,
if (empty($data['newsletter_hash']) && $data['newsletter_id'] && !$data['subscriber']) { // attempt to set subscriber to the current logged-in WP user
return false; if (!$subscriber && $isPreview) {
} $subscriber = Subscriber::getCurrentWPUser();
// queue is optional; try to find it if it's not defined and this is not a welcome email
if ($data['newsletter']->type !== Newsletter::TYPE_WELCOME) {
$data['queue'] = (!empty($data['queue_id']))
? SendingQueue::findOne($data['queue_id'])
: SendingQueue::where('newsletter_id', $data['newsletter']->id)->findOne();
} else {
$data['queue'] = false;
}
// reset queue when automatic email is being previewed
if ($data['newsletter']->type === Newsletter::TYPE_AUTOMATIC && !empty($data['preview'])) {
$data['queue'] = false;
} }
// allow users with permission to manage emails to preview any newsletter // allow users with permission to manage emails to preview any newsletter
if (!empty($data['preview']) && $this->accessControl->validatePermission(AccessControl::PERMISSION_MANAGE_EMAILS)) { $canView = $isPreview && $this->accessControl->validatePermission(AccessControl::PERMISSION_MANAGE_EMAILS);
return $data;
}
// allow others to preview newsletters only when newsletter hash is defined
if (!empty($data['preview']) && empty($data['newsletter_hash'])) {
return false;
}
// if queue and subscriber exist, subscriber must have received the newsletter // if queue and subscriber exist, subscriber must have received the newsletter
if ($data['queue'] instanceof SendingQueue && $data['subscriber'] && !$data['queue']->isSubscriberProcessed($data['subscriber']->id)) { $queue = $this->getQueue($newsletter, $data);
return false; if (!$canView && $queue && $subscriber && !$queue->isSubscriberProcessed($subscriber->id)) {
return $this->_abort();
} }
return $data; $viewInBrowser = new NewsletterViewInBrowser($this->emoji, (bool)$this->settings->get('tracking.enabled'));
$viewData = $viewInBrowser->view($isPreview, $newsletter, $subscriber, $queue);
return $this->_displayNewsletter($viewData);
}
private function getQueue(Newsletter $newsletter, array $data) {
// queue is optional; try to find it if it's not defined and this is not a welcome email
if ($newsletter->type === Newsletter::TYPE_WELCOME) {
return null;
}
// reset queue when automatic email is being previewed
if ($newsletter->type === Newsletter::TYPE_AUTOMATIC && !empty($data['preview'])) {
return null;
}
$queue = !empty($data['queue_id'])
? SendingQueue::findOne($data['queue_id'])
: SendingQueue::where('newsletter_id', $newsletter->id)->findOne();
return $queue ?: null;
} }
public function _displayNewsletter($result) { public function _displayNewsletter($result) {