Add validation for sender_addresses within scheduled and automatic emails
[MAILPOET-2022]
This commit is contained in:
Rostislav Wolny
committed by
M. Shull
M. Shull
parent
f86c0c9612
commit
70f897e61e
@@ -3,6 +3,7 @@
|
||||
namespace MailPoet\Services;
|
||||
|
||||
use Carbon\Carbon;
|
||||
use MailPoet\Models\Newsletter;
|
||||
use MailPoet\Settings\SettingsController;
|
||||
|
||||
if (!defined('ABSPATH')) exit;
|
||||
@@ -34,8 +35,11 @@ class AuthorizedEmailsController {
|
||||
if ($authorized_emails === false) {
|
||||
return;
|
||||
}
|
||||
$authorized_emails = array_map('strtolower', $authorized_emails);
|
||||
|
||||
$result = $this->validateAddressesInSettings($authorized_emails);
|
||||
$result = [];
|
||||
$result = $this->validateAddressesInSettings($authorized_emails, $result);
|
||||
$result = $this->validateAddressesInScheduledAndAutomaticEmails($authorized_emails, $result);
|
||||
$this->settings->set(self::AUTHORIZED_EMAIL_ADDRESSES_ERROR_SETTING, $result ?: null);
|
||||
}
|
||||
|
||||
@@ -50,15 +54,49 @@ class AuthorizedEmailsController {
|
||||
private function validateAddressesInSettings($authorized_emails, $result = []) {
|
||||
$default_sender_address = $this->settings->get('sender.address');
|
||||
$signup_confirmation_address = $this->settings->get('signup_confirmation.from.address');
|
||||
$authorized_emails = array_map('strtolower', $authorized_emails);
|
||||
|
||||
if (!in_array(strtolower($default_sender_address), $authorized_emails, true)) {
|
||||
if (!$this->validateAuthorizedEmail($authorized_emails, $default_sender_address)) {
|
||||
$result['invalid_sender_address'] = $default_sender_address;
|
||||
}
|
||||
if (!in_array(strtolower($signup_confirmation_address), $authorized_emails, true)) {
|
||||
if (!$this->validateAuthorizedEmail($authorized_emails, $signup_confirmation_address)) {
|
||||
$result['invalid_confirmation_address'] = $signup_confirmation_address;
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
private function validateAddressesInScheduledAndAutomaticEmails($authorized_emails, $result = []) {
|
||||
$condittion = sprintf(
|
||||
"(`type` = '%s' AND `status` = '%s') OR (`type` IN ('%s') AND `status` = '%s')",
|
||||
Newsletter::TYPE_STANDARD,
|
||||
Newsletter::STATUS_SCHEDULED,
|
||||
implode("', '", [ Newsletter::TYPE_WELCOME, Newsletter::TYPE_NOTIFICATION, Newsletter::TYPE_AUTOMATIC ]),
|
||||
Newsletter::STATUS_ACTIVE
|
||||
);
|
||||
|
||||
$newsletters = Newsletter::whereRaw($condittion)->findMany();
|
||||
|
||||
$invalid_senders_in_newsletters = [];
|
||||
foreach ($newsletters as $newsletter) {
|
||||
if ($this->validateAuthorizedEmail($authorized_emails, $newsletter->sender_address)) {
|
||||
continue;
|
||||
}
|
||||
$invalid_senders_in_newsletters[] = [
|
||||
'newsletter_id' => $newsletter->id,
|
||||
'subject' => $newsletter->subject,
|
||||
'sender_address' => $newsletter->sender_address,
|
||||
];
|
||||
}
|
||||
|
||||
if (!count($invalid_senders_in_newsletters)) {
|
||||
return $result;
|
||||
}
|
||||
|
||||
$result['invalid_senders_in_newsletters'] = $invalid_senders_in_newsletters;
|
||||
return $result;
|
||||
}
|
||||
|
||||
private function validateAuthorizedEmail($authorized_emails, $email) {
|
||||
return in_array(strtolower($email), $authorized_emails, true);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user