Simplify newsletter body data repair

[MAILPOET-3430]

lib/API/JSON/v1/NewsletterTemplates.php

@@ -61,8 +61,10 @@ class NewsletterTemplates extends APIEndpoint {
 
   public function save($data = []) {
     ignore_user_abort(true);
-    $body = $this->apiDataSanitizer->sanitizeBody(json_decode($data['body'], true));
-    $data['body'] = json_encode($body);
+    if (!empty($data['body'])) {
+      $body = $this->apiDataSanitizer->sanitizeBody(json_decode($data['body'], true));
+      $data['body'] = json_encode($body);
+    }
     try {
       $template = $this->newsletterTemplatesRepository->createOrUpdate($data);
       if (!empty($data['categories']) && $data['categories'] === NewsletterTemplatesRepository::RECENTLY_SENT_CATEGORIES) {

lib/Newsletter/ApiDataSanitizer.php

@@ -6,27 +6,24 @@ class ApiDataSanitizer {
   /** @var NewsletterHtmlSanitizer */
   private $htmlSanitizer;
 
+  private const SANITIZE_KEY_WHITELIST = [
+    'text',
+  ];
+
   public function __construct(NewsletterHtmlSanitizer $htmlSanitizer) {
     $this->htmlSanitizer = $htmlSanitizer;
   }
 
   public function sanitizeBody(array $body): array {
     foreach ($body as $blockName => $block) {
-      $sanitizedBlock = is_array($block) ? $this->sanitizeBlock($block) : $this->htmlSanitizer->sanitize($block);
+      if (is_array($block)) {
+        $sanitizedBlock = $this->sanitizeBody($block);
+      } else {
+        $sanitizedBlock = $block && in_array($blockName, self::SANITIZE_KEY_WHITELIST, true) ? $this->htmlSanitizer->sanitize($block) : $block;
+      }
       $body[$blockName] = $sanitizedBlock;
     }
 
     return $body;
   }
-
-  private function sanitizeBlock(array $block): array {
-    foreach ($block as $name => $value) {
-      if (is_array($value)) {
-        $block[$name] = $this->sanitizeBlock($value);
-      } else {
-        $block[$name] = $value ? $this->htmlSanitizer->sanitize($value) : $value;
-      }
-    }
-    return $block;
-  }
 }

lib/Newsletter/NewsletterSaveController.php

@@ -107,8 +107,7 @@ class NewsletterSaveController {
     if (!empty($data['template_id'])) {
       $template = $this->newsletterTemplatesRepository->findOneById($data['template_id']);
       if ($template) {
-        $body = $this->dataSanitizer->sanitizeBody($template->getBody() ?: []);
-        $data['body'] = json_encode($body);
+        $data['body'] = json_encode($template->getBody());
       }
     }
 

tests/integration/Newsletter/ApiDataSanitizerTest.php

@@ -24,9 +24,9 @@ class ApiDataSanitizerTest extends \MailPoetTest {
       ],
     ],
     [
-      'type' => 'image',
+      'type' => 'header',
       'link' => '',
-      'src' => 'http://some.url/wp-c\'"><img src=x onerror=alert(2)>ontent/fake-logo.png',
+      'text' => 'http://some.url/wp-c\'"><img src=x onerror=alert(2)>ontent/fake-logo.png',
     ],
   ];
 
@@ -46,8 +46,8 @@ class ApiDataSanitizerTest extends \MailPoetTest {
     expect($block2['type'])->equals('footer');
     expect($block2['text'])->equals('<p><a href="[link:subscription_unsubscribe_url]">Unsubscribe</a><br />Add your postal address here!</p>');
     $image = $result[1];
-    expect($image['type'])->equals('image');
+    expect($image['type'])->equals('header');
     expect($image['link'])->equals('');
-    expect($image['src'])->equals('http://some.url/wp-c\'"&gt;ontent/fake-logo.png');
+    expect($image['text'])->equals('http://some.url/wp-c\'"&gt;ontent/fake-logo.png');
   }
 }