Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Check Custom HTML in form on save

Browse Source 
[MAILPOET-3415]
This commit is contained in:
Rostislav Wolny
2021-02-10 16:01:59 +01:00
committed by Veljko V
parent 08b5fae173
commit d00e667b96
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/API/JSON/v1/Forms.php
View File

@ -3,7 +3,9 @@
namespace MailPoet\API\JSON\v1;
use MailPoet\API\JSON\Endpoint as APIEndpoint;
use MailPoet\API\JSON\Error;
use MailPoet\API\JSON\Error as APIError;
use MailPoet\API\JSON\Response;
use MailPoet\API\JSON\ResponseBuilders\FormsResponseBuilder;
use MailPoet\Config\AccessControl;
use MailPoet\Entities\FormEntity;
@ -228,6 +230,14 @@ class Forms extends APIEndpoint {
$settings['segments_selected_by'] = 'admin';
}
// Check Custom HTML block permissions
$customHtmlBlocks = $formEntity->getBlocksByType(FormEntity::HTML_BLOCK_TYPE);
if (count($customHtmlBlocks) && !$this->wp->currentUserCan('administrator')) {
return $this->errorResponse([
Error::FORBIDDEN => __('Only administrator can edit forms containing Custom HTML block.', 'mailpoet'),
], [], Response::STATUS_FORBIDDEN);
}
if ($body !== null) {
$body = $this->emoji->sanitizeEmojisInFormBody($body);
}