Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

Reject requests without mandatory custom fields

Browse Source 
We need to make sure subscribers cannot be created without custom fields
Users require GDPR consent and we need to make sure there are no way to
create a subscriber without mandatory custom fields

[MAILPOET-1405]
This commit is contained in:
Pavel Dohnal
2018-08-21 09:30:44 +02:00
parent 5cfe8e3368
commit ac33e11c60
7 changed files with 152 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/API/JSON/API.php
View File

@@ -58,13 +58,13 @@ class API {
$this->setRequestData($_POST);
$ignoreToken = (
Setting::getValue('re_captcha.enabled') &&
$this->_request_endpoint === 'subscribers' &&
Setting::getValue('re_captcha.enabled') &&
$this->_request_endpoint === 'subscribers' &&
$this->_request_method === 'subscribe'
);
);
if(!$ignoreToken && $this->checkToken() === false) {
$error_message = __('Sorry, but we couldn\'t connect to the MailPoet server. Please refresh the web page and try again.', 'mailpoet');
$error_message = __("Sorry, but we couldn't connect to the MailPoet server. Please refresh the web page and try again.", 'mailpoet');
$error_response = $this->createErrorResponse(Error::UNAUTHORIZED, $error_message, Response::STATUS_UNAUTHORIZED);
return $error_response->send();
}