Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Simplify newsletter body data repair

Browse Source 
[MAILPOET-3430]
This commit is contained in:
Jan Lysý
2021-02-24 15:41:56 +01:00
committed by Veljko V
parent 78717509c8
commit 878e3eb28f
4 changed files with 18 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/API/JSON/v1/NewsletterTemplates.php
View File

@ -61,8 +61,10 @@ class NewsletterTemplates extends APIEndpoint {
public function save($data = []) { public function save($data = []) {
ignore_user_abort(true); ignore_user_abort(true);
if (!empty($data['body'])) {
$body = $this->apiDataSanitizer->sanitizeBody(json_decode($data['body'], true)); $body = $this->apiDataSanitizer->sanitizeBody(json_decode($data['body'], true));
$data['body'] = json_encode($body); $data['body'] = json_encode($body);
}
try { try {
$template = $this->newsletterTemplatesRepository->createOrUpdate($data); $template = $this->newsletterTemplatesRepository->createOrUpdate($data);
if (!empty($data['categories']) && $data['categories'] === NewsletterTemplatesRepository::RECENTLY_SENT_CATEGORIES) { if (!empty($data['categories']) && $data['categories'] === NewsletterTemplatesRepository::RECENTLY_SENT_CATEGORIES) {

21
lib/Newsletter/ApiDataSanitizer.php
View File

@ -6,27 +6,24 @@ class ApiDataSanitizer {
/** @var NewsletterHtmlSanitizer */ /** @var NewsletterHtmlSanitizer */
private $htmlSanitizer; private $htmlSanitizer;
private const SANITIZE_KEY_WHITELIST = [
'text',
];
public function __construct(NewsletterHtmlSanitizer $htmlSanitizer) { public function __construct(NewsletterHtmlSanitizer $htmlSanitizer) {
$this->htmlSanitizer = $htmlSanitizer; $this->htmlSanitizer = $htmlSanitizer;
} }
public function sanitizeBody(array $body): array { public function sanitizeBody(array $body): array {
foreach ($body as $blockName => $block) { foreach ($body as $blockName => $block) {
$sanitizedBlock = is_array($block) ? $this->sanitizeBlock($block) : $this->htmlSanitizer->sanitize($block); if (is_array($block)) {
$sanitizedBlock = $this->sanitizeBody($block);
} else {
$sanitizedBlock = $block && in_array($blockName, self::SANITIZE_KEY_WHITELIST, true) ? $this->htmlSanitizer->sanitize($block) : $block;
}
$body[$blockName] = $sanitizedBlock; $body[$blockName] = $sanitizedBlock;
} }
return $body; return $body;
} }
private function sanitizeBlock(array $block): array {
foreach ($block as $name => $value) {
if (is_array($value)) {
$block[$name] = $this->sanitizeBlock($value);
} else {
$block[$name] = $value ? $this->htmlSanitizer->sanitize($value) : $value;
}
}
return $block;
}
} }

3
lib/Newsletter/NewsletterSaveController.php
View File

@ -107,8 +107,7 @@ class NewsletterSaveController {
if (!empty($data['template_id'])) { if (!empty($data['template_id'])) {
$template = $this->newsletterTemplatesRepository->findOneById($data['template_id']); $template = $this->newsletterTemplatesRepository->findOneById($data['template_id']);
if ($template) { if ($template) {
$body = $this->dataSanitizer->sanitizeBody($template->getBody() ?: []); $data['body'] = json_encode($template->getBody());
$data['body'] = json_encode($body);
} }
} }

8
tests/integration/Newsletter/ApiDataSanitizerTest.php
View File

@ -24,9 +24,9 @@ class ApiDataSanitizerTest extends \MailPoetTest {
], ],
], ],
[ [
'type' => 'image', 'type' => 'header',
'link' => '', 'link' => '',
'src' => 'http://some.url/wp-c\'"><img src=x onerror=alert(2)>ontent/fake-logo.png', 'text' => 'http://some.url/wp-c\'"><img src=x onerror=alert(2)>ontent/fake-logo.png',
], ],
]; ];
@ -46,8 +46,8 @@ class ApiDataSanitizerTest extends \MailPoetTest {
expect($block2['type'])->equals('footer'); expect($block2['type'])->equals('footer');
expect($block2['text'])->equals('<p><a href="[link:subscription_unsubscribe_url]">Unsubscribe</a><br />Add your postal address here!</p>'); expect($block2['text'])->equals('<p><a href="[link:subscription_unsubscribe_url]">Unsubscribe</a><br />Add your postal address here!</p>');
$image = $result[1]; $image = $result[1];
expect($image['type'])->equals('image'); expect($image['type'])->equals('header');
expect($image['link'])->equals(''); expect($image['link'])->equals('');
expect($image['src'])->equals('http://some.url/wp-c\'"&gt;ontent/fake-logo.png'); expect($image['text'])->equals('http://some.url/wp-c\'"&gt;ontent/fake-logo.png');
} }
} }