diff --git a/lib/Models/Subscriber.php b/lib/Models/Subscriber.php index f84e70d894..a08886c134 100644 --- a/lib/Models/Subscriber.php +++ b/lib/Models/Subscriber.php @@ -115,16 +115,6 @@ class Subscriber extends Model { return self::where('wp_user_id', $wp_user->ID)->findOne(); } - function verifyToken($token) { - $database_token = (new LinkTokens)->getToken($this); - $request_token = substr($token, 0, strlen($database_token)); - return call_user_func( - 'hash_equals', - $database_token, - $request_token - ); - } - static function filterOutReservedColumns(array $subscriber_data) { $reserved_columns = [ 'id', diff --git a/lib/Router/Endpoints/Track.php b/lib/Router/Endpoints/Track.php index 5a403a7476..4679b1d3bd 100644 --- a/lib/Router/Endpoints/Track.php +++ b/lib/Router/Endpoints/Track.php @@ -10,6 +10,7 @@ use MailPoet\Models\Subscriber; use MailPoet\Newsletter\Links\Links; use MailPoet\Statistics\Track\Clicks; use MailPoet\Statistics\Track\Opens; +use MailPoet\Subscribers\LinkTokens; use MailPoet\Tasks\Sending as SendingTask; use MailPoet\WP\Functions as WPFunctions; @@ -31,9 +32,13 @@ class Track { /** @var Opens */ private $opens; - public function __construct(Clicks $clicks, Opens $opens) { + /** @var LinkTokens */ + private $link_tokens; + + public function __construct(Clicks $clicks, Opens $opens, LinkTokens $link_tokens) { $this->clicks = $clicks; $this->opens = $opens; + $this->link_tokens = $link_tokens; } function click($data) { @@ -70,7 +75,7 @@ class Track { function _validateTrackData($data) { if (!$data->subscriber || !$data->queue || !$data->newsletter) return false; - $subscriber_token_match = $data->subscriber->verifyToken($data->subscriber_token); + $subscriber_token_match = $this->link_tokens->verifyToken($data->subscriber, $data->subscriber_token); if (!$subscriber_token_match) { $this->terminate(403); } diff --git a/lib/Router/Endpoints/ViewInBrowser.php b/lib/Router/Endpoints/ViewInBrowser.php index 4283d84ac0..80bc1cfd02 100644 --- a/lib/Router/Endpoints/ViewInBrowser.php +++ b/lib/Router/Endpoints/ViewInBrowser.php @@ -9,6 +9,7 @@ use MailPoet\Models\Subscriber; use MailPoet\Newsletter\Url as NewsletterUrl; use MailPoet\Newsletter\ViewInBrowser as NewsletterViewInBrowser; use MailPoet\Settings\SettingsController; +use MailPoet\Subscribers\LinkTokens; use MailPoet\WP\Functions as WPFunctions; class ViewInBrowser { @@ -24,9 +25,13 @@ class ViewInBrowser { /** @var SettingsController */ private $settings; - function __construct(AccessControl $access_control, SettingsController $settings) { + /** @var LinkTokens */ + private $link_tokens; + + function __construct(AccessControl $access_control, SettingsController $settings, LinkTokens $link_tokens) { $this->access_control = $access_control; $this->settings = $settings; + $this->link_tokens = $link_tokens; } function view($data) { @@ -60,7 +65,7 @@ class ViewInBrowser { false; if ($data->subscriber) { if (empty($data->subscriber_token) || - !$data->subscriber->verifyToken($data->subscriber_token) + !$this->link_tokens->verifyToken($data->subscriber, $data->subscriber_token) ) return false; } else if (!$data->subscriber && !empty($data->preview)) { // if this is a preview and subscriber does not exist, diff --git a/lib/Subscription/Manage.php b/lib/Subscription/Manage.php index c03c9d70af..482d264600 100644 --- a/lib/Subscription/Manage.php +++ b/lib/Subscription/Manage.php @@ -5,6 +5,7 @@ namespace MailPoet\Subscription; use MailPoet\Form\Util\FieldNameObfuscator; use MailPoet\Models\CustomField; use MailPoet\Models\Subscriber; +use MailPoet\Subscribers\LinkTokens; use MailPoet\Util\Url as UrlHelper; class Manage { @@ -15,9 +16,13 @@ class Manage { /** @var FieldNameObfuscator */ private $field_name_obfuscator; - function __construct(UrlHelper $url_helper, FieldNameObfuscator $field_name_obfuscator) { + /** @var LinkTokens */ + private $link_tokens; + + function __construct(UrlHelper $url_helper, FieldNameObfuscator $field_name_obfuscator, LinkTokens $link_tokens) { $this->url_helper = $url_helper; $this->field_name_obfuscator = $field_name_obfuscator; + $this->link_tokens = $link_tokens; } function onSave() { @@ -32,7 +37,7 @@ class Manage { if (!empty($subscriber_data['email'])) { $subscriber = Subscriber::where('email', $subscriber_data['email'])->findOne(); - if ($subscriber && $subscriber->verifyToken($token)) { + if ($subscriber && $this->link_tokens->verifyToken($subscriber, $token)) { if ($subscriber_data['email'] !== Pages::DEMO_EMAIL) { $subscriber = Subscriber::createOrUpdate($this->filterOutEmptyMandatoryFields($subscriber_data)); $subscriber->getErrors(); diff --git a/lib/Subscription/Pages.php b/lib/Subscription/Pages.php index aad0966e0f..376b53a6e2 100644 --- a/lib/Subscription/Pages.php +++ b/lib/Subscription/Pages.php @@ -110,7 +110,7 @@ class Pages { } $subscriber = Subscriber::where('email', $email)->findOne(); - return ($subscriber && $subscriber->verifyToken($token)) ? $subscriber : false; + return ($subscriber && $this->link_tokens->verifyToken($subscriber, $token)) ? $subscriber : false; } function confirm() {