diff --git a/lib/Router/Endpoints/ViewInBrowser.php b/lib/Router/Endpoints/ViewInBrowser.php index 59a074e041..626101e575 100644 --- a/lib/Router/Endpoints/ViewInBrowser.php +++ b/lib/Router/Endpoints/ViewInBrowser.php @@ -37,9 +37,9 @@ class ViewInBrowser { function _validateBrowserPreviewData($data) { // either newsletter ID or hash must be defined, and newsletter must exist if(empty($data->newsletter_id) && empty($data->newsletter_hash)) return false; - $data->newsletter = (!empty($data->newsletter_id)) ? - Newsletter::findOne($data->newsletter_id) : - Newsletter::getByHash($data->newsletter_hash); + $data->newsletter = (!empty($data->newsletter_hash)) ? + Newsletter::getByHash($data->newsletter_hash) : + Newsletter::findOne($data->newsletter_id); if(!$data->newsletter) return false; // subscriber is optional; if exists, token must validate diff --git a/tests/unit/Router/Endpoints/ViewInBrowserTest.php b/tests/unit/Router/Endpoints/ViewInBrowserTest.php index b3bae4e7ab..a6cb5da8be 100644 --- a/tests/unit/Router/Endpoints/ViewInBrowserTest.php +++ b/tests/unit/Router/Endpoints/ViewInBrowserTest.php @@ -89,6 +89,20 @@ class ViewInBrowserRouterTest extends MailPoetTest { expect($this->view_in_browser->_validateBrowserPreviewData($data))->false(); } + function testItValidatesThatNewsletterExistsByCheckingHashFirst() { + $newsletter_1 = $this->newsletter; + $newsletter_2 = Newsletter::create(); + $newsletter_2->type = 'type'; + $newsletter_2 = $newsletter_2->save(); + $data = (object)$this->browser_preview_data; + $data->newsletter_hash = $newsletter_2->hash; + $result = $this->view_in_browser->_validateBrowserPreviewData($data); + expect($result->newsletter->id)->equals($newsletter_2->id); + $data->newsletter_hash = false; + $result = $this->view_in_browser->_validateBrowserPreviewData($data); + expect($result->newsletter->id)->equals($newsletter_1->id); + } + function testItFailsValidationWhenPreviewIsEnabledButNewsletterHashNotProvided() { $data = (object)$this->browser_preview_data; $data->newsletter_hash = false;