Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

endpoints/track: Exit with 403 code and eventually display 403 page when subscriber token doesn't match [MAILPOET-782]

Browse Source
This commit is contained in:
Rostislav Wolny
2018-03-03 11:39:41 +01:00
parent c2c74d7524
commit b7e492e20e
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/Router/Endpoints/Track.php
View File

@ -65,7 +65,9 @@ class Track {
if(!$data->subscriber || !$data->queue || !$data->newsletter) return false;
$subscriber_token_match =
Subscriber::verifyToken($data->subscriber->email, $data->subscriber_token);
if(!$subscriber_token_match) return false;
if(!$subscriber_token_match) {
$this->terminate(403);
}
// return if this is a WP user previewing the newsletter
if($data->subscriber->isWPUser() && $data->preview) {
return $data;
@ -75,4 +77,10 @@ class Track {
$data :
false;
}
private function terminate($code) {
status_header($code);
get_template_part((string)$code);
exit;
}
}