Add service for fixing newsletter API data
[MAILPOET-3430]
This commit is contained in:
Jan Lysý
Veljko V
@ -288,11 +288,13 @@ class ContainerConfigurator implements IContainerConfigurator {
|
||||
$container->autowire(\MailPoet\Subscription\Registration::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Subscription\SubscriptionUrlFactory::class)->setPublic(true);
|
||||
// Newsletter
|
||||
$container->autowire(\MailPoet\Newsletter\ApiDataSanitizer::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Newsletter\AutomatedLatestContent::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Newsletter\NewsletterSaveController::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Newsletter\NewsletterPostsRepository::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Newsletter\NewslettersRepository::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Newsletter\AutomaticEmailsRepository::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Newsletter\NewsletterHtmlSanitizer::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Newsletter\Listing\NewsletterListingRepository::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Newsletter\Options\NewsletterOptionsRepository::class)->setPublic(true);
|
||||
$container->autowire(\MailPoet\Newsletter\Options\NewsletterOptionFieldsRepository::class)->setPublic(true);
|
||||
|
||||
32
lib/Newsletter/ApiDataSanitizer.php
Normal file
32
lib/Newsletter/ApiDataSanitizer.php
Normal file
@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
namespace MailPoet\Newsletter;
|
||||
|
||||
class ApiDataSanitizer {
|
||||
/** @var NewsletterHtmlSanitizer */
|
||||
private $htmlSanitizer;
|
||||
|
||||
public function __construct(NewsletterHtmlSanitizer $htmlSanitizer) {
|
||||
$this->htmlSanitizer = $htmlSanitizer;
|
||||
}
|
||||
|
||||
public function sanitizeBody(array $body): array {
|
||||
foreach ($body as $blockName => $block) {
|
||||
$sanitizedBlock = is_array($block) ? $this->sanitizeBlock($block) : $this->htmlSanitizer->sanitize($block);
|
||||
$body[$blockName] = $sanitizedBlock;
|
||||
}
|
||||
|
||||
return $body;
|
||||
}
|
||||
|
||||
private function sanitizeBlock(array $block): array {
|
||||
foreach ($block as $name => $value) {
|
||||
if (is_array($value)) {
|
||||
$block[$name] = $this->sanitizeBlock($value);
|
||||
} else {
|
||||
$block[$name] = $value ? $this->htmlSanitizer->sanitize($value) : $value;
|
||||
}
|
||||
}
|
||||
return $block;
|
||||
}
|
||||
}
|
||||
100
lib/Newsletter/NewsletterHtmlSanitizer.php
Normal file
100
lib/Newsletter/NewsletterHtmlSanitizer.php
Normal file
@ -0,0 +1,100 @@
|
||||
<?php
|
||||
|
||||
namespace MailPoet\Newsletter;
|
||||
|
||||
use MailPoet\WP\Functions as WPFunctions;
|
||||
|
||||
class NewsletterHtmlSanitizer {
|
||||
/** @var WPFunctions */
|
||||
private $wp;
|
||||
|
||||
/**
|
||||
* @var array
|
||||
* Configuration of allowed tags for form blocks that may contain some html.
|
||||
* Covers all tags available in the form editor's Rich Text component
|
||||
*/
|
||||
private $allowedHtml = [
|
||||
'p' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'span' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'a' => [
|
||||
'href' => true,
|
||||
'class' => true,
|
||||
'title' => true,
|
||||
'target' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'h1' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'h2' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'h3' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'ol' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'ul' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'li' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'strong' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'em' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'strike' => [],
|
||||
'br' => [],
|
||||
'blockquote' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'table' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'tr' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'th' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'td' => [
|
||||
'class' => true,
|
||||
'style' => true,
|
||||
],
|
||||
'del' => [],
|
||||
];
|
||||
|
||||
public function __construct(WPFunctions $wp) {
|
||||
$this->wp = $wp;
|
||||
}
|
||||
|
||||
public function sanitize(string $html): string {
|
||||
// Because wpKses break shortcodes we prefix shortcodes with http protocol
|
||||
$html = str_replace('href="[', 'href="http://[', $html);
|
||||
$html = $this->wp->wpKses($html, $this->allowedHtml);
|
||||
$html = str_replace('href="http://[', 'href="[', $html);
|
||||
return $html;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user