Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

endpoints/track: Exit with 403 code and eventually display 403 page when subscriber token doesn't match [MAILPOET-782]

Browse Source
This commit is contained in:
Rostislav Wolny
2018-03-03 11:39:41 +01:00
parent c2c74d7524
commit b7e492e20e
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/Router/Endpoints/Track.php
View File

@ -65,7 +65,9 @@ class Track {
if(!$data->subscriber || !$data->queue || !$data->newsletter) return false;
$subscriber_token_match =
Subscriber::verifyToken($data->subscriber->email, $data->subscriber_token);
if(!$subscriber_token_match) return false;
if(!$subscriber_token_match) {
$this->terminate(403);
}
// return if this is a WP user previewing the newsletter
if($data->subscriber->isWPUser() && $data->preview) {
return $data;
@ -75,4 +77,10 @@ class Track {
$data :
false;
}
private function terminate($code) {
status_header($code);
get_template_part((string)$code);
exit;
}
}

5
tests/unit/Router/Endpoints/TrackTest.php
View File

@ -1,6 +1,7 @@
<?php
namespace MailPoet\Test\Router\Endpoints;
use AspectMock\Test as Mock;
use MailPoet\Models\Newsletter;
use MailPoet\Models\NewsletterLink;
use MailPoet\Models\SendingQueue;
@ -69,7 +70,9 @@ class TrackTest extends \MailPoetTest {
)
);
$data->subscriber->email = 'random@email.com';
expect($this->track->_validateTrackData($data))->false();
$track = Mock::double($this->track, array('terminate' => null));
$track->_validateTrackData($data);
$track->verifyInvokedOnce('terminate', array(403));
}
function testItFailsWhenSubscriberIsNotOnProcessedList() {