Use verifyToken()
[MAILPOET-2340]
This commit is contained in:
Amine Ben hammou
committed by
Jack Kitterhing
Jack Kitterhing
parent
bc31ca6c6d
commit
e588ebcee9
@ -115,16 +115,6 @@ class Subscriber extends Model {
|
|||||||
return self::where('wp_user_id', $wp_user->ID)->findOne();
|
return self::where('wp_user_id', $wp_user->ID)->findOne();
|
||||||
}
|
}
|
||||||
|
|
||||||
function verifyToken($token) {
|
|
||||||
$database_token = (new LinkTokens)->getToken($this);
|
|
||||||
$request_token = substr($token, 0, strlen($database_token));
|
|
||||||
return call_user_func(
|
|
||||||
'hash_equals',
|
|
||||||
$database_token,
|
|
||||||
$request_token
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
static function filterOutReservedColumns(array $subscriber_data) {
|
static function filterOutReservedColumns(array $subscriber_data) {
|
||||||
$reserved_columns = [
|
$reserved_columns = [
|
||||||
'id',
|
'id',
|
||||||
|
|||||||
@ -10,6 +10,7 @@ use MailPoet\Models\Subscriber;
|
|||||||
use MailPoet\Newsletter\Links\Links;
|
use MailPoet\Newsletter\Links\Links;
|
||||||
use MailPoet\Statistics\Track\Clicks;
|
use MailPoet\Statistics\Track\Clicks;
|
||||||
use MailPoet\Statistics\Track\Opens;
|
use MailPoet\Statistics\Track\Opens;
|
||||||
|
use MailPoet\Subscribers\LinkTokens;
|
||||||
use MailPoet\Tasks\Sending as SendingTask;
|
use MailPoet\Tasks\Sending as SendingTask;
|
||||||
use MailPoet\WP\Functions as WPFunctions;
|
use MailPoet\WP\Functions as WPFunctions;
|
||||||
|
|
||||||
@ -31,9 +32,13 @@ class Track {
|
|||||||
/** @var Opens */
|
/** @var Opens */
|
||||||
private $opens;
|
private $opens;
|
||||||
|
|
||||||
public function __construct(Clicks $clicks, Opens $opens) {
|
/** @var LinkTokens */
|
||||||
|
private $link_tokens;
|
||||||
|
|
||||||
|
public function __construct(Clicks $clicks, Opens $opens, LinkTokens $link_tokens) {
|
||||||
$this->clicks = $clicks;
|
$this->clicks = $clicks;
|
||||||
$this->opens = $opens;
|
$this->opens = $opens;
|
||||||
|
$this->link_tokens = $link_tokens;
|
||||||
}
|
}
|
||||||
|
|
||||||
function click($data) {
|
function click($data) {
|
||||||
@ -70,7 +75,7 @@ class Track {
|
|||||||
|
|
||||||
function _validateTrackData($data) {
|
function _validateTrackData($data) {
|
||||||
if (!$data->subscriber || !$data->queue || !$data->newsletter) return false;
|
if (!$data->subscriber || !$data->queue || !$data->newsletter) return false;
|
||||||
$subscriber_token_match = $data->subscriber->verifyToken($data->subscriber_token);
|
$subscriber_token_match = $this->link_tokens->verifyToken($data->subscriber, $data->subscriber_token);
|
||||||
if (!$subscriber_token_match) {
|
if (!$subscriber_token_match) {
|
||||||
$this->terminate(403);
|
$this->terminate(403);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -9,6 +9,7 @@ use MailPoet\Models\Subscriber;
|
|||||||
use MailPoet\Newsletter\Url as NewsletterUrl;
|
use MailPoet\Newsletter\Url as NewsletterUrl;
|
||||||
use MailPoet\Newsletter\ViewInBrowser as NewsletterViewInBrowser;
|
use MailPoet\Newsletter\ViewInBrowser as NewsletterViewInBrowser;
|
||||||
use MailPoet\Settings\SettingsController;
|
use MailPoet\Settings\SettingsController;
|
||||||
|
use MailPoet\Subscribers\LinkTokens;
|
||||||
use MailPoet\WP\Functions as WPFunctions;
|
use MailPoet\WP\Functions as WPFunctions;
|
||||||
|
|
||||||
class ViewInBrowser {
|
class ViewInBrowser {
|
||||||
@ -24,9 +25,13 @@ class ViewInBrowser {
|
|||||||
/** @var SettingsController */
|
/** @var SettingsController */
|
||||||
private $settings;
|
private $settings;
|
||||||
|
|
||||||
function __construct(AccessControl $access_control, SettingsController $settings) {
|
/** @var LinkTokens */
|
||||||
|
private $link_tokens;
|
||||||
|
|
||||||
|
function __construct(AccessControl $access_control, SettingsController $settings, LinkTokens $link_tokens) {
|
||||||
$this->access_control = $access_control;
|
$this->access_control = $access_control;
|
||||||
$this->settings = $settings;
|
$this->settings = $settings;
|
||||||
|
$this->link_tokens = $link_tokens;
|
||||||
}
|
}
|
||||||
|
|
||||||
function view($data) {
|
function view($data) {
|
||||||
@ -60,7 +65,7 @@ class ViewInBrowser {
|
|||||||
false;
|
false;
|
||||||
if ($data->subscriber) {
|
if ($data->subscriber) {
|
||||||
if (empty($data->subscriber_token) ||
|
if (empty($data->subscriber_token) ||
|
||||||
!$data->subscriber->verifyToken($data->subscriber_token)
|
!$this->link_tokens->verifyToken($data->subscriber, $data->subscriber_token)
|
||||||
) return false;
|
) return false;
|
||||||
} else if (!$data->subscriber && !empty($data->preview)) {
|
} else if (!$data->subscriber && !empty($data->preview)) {
|
||||||
// if this is a preview and subscriber does not exist,
|
// if this is a preview and subscriber does not exist,
|
||||||
|
|||||||
@ -5,6 +5,7 @@ namespace MailPoet\Subscription;
|
|||||||
use MailPoet\Form\Util\FieldNameObfuscator;
|
use MailPoet\Form\Util\FieldNameObfuscator;
|
||||||
use MailPoet\Models\CustomField;
|
use MailPoet\Models\CustomField;
|
||||||
use MailPoet\Models\Subscriber;
|
use MailPoet\Models\Subscriber;
|
||||||
|
use MailPoet\Subscribers\LinkTokens;
|
||||||
use MailPoet\Util\Url as UrlHelper;
|
use MailPoet\Util\Url as UrlHelper;
|
||||||
|
|
||||||
class Manage {
|
class Manage {
|
||||||
@ -15,9 +16,13 @@ class Manage {
|
|||||||
/** @var FieldNameObfuscator */
|
/** @var FieldNameObfuscator */
|
||||||
private $field_name_obfuscator;
|
private $field_name_obfuscator;
|
||||||
|
|
||||||
function __construct(UrlHelper $url_helper, FieldNameObfuscator $field_name_obfuscator) {
|
/** @var LinkTokens */
|
||||||
|
private $link_tokens;
|
||||||
|
|
||||||
|
function __construct(UrlHelper $url_helper, FieldNameObfuscator $field_name_obfuscator, LinkTokens $link_tokens) {
|
||||||
$this->url_helper = $url_helper;
|
$this->url_helper = $url_helper;
|
||||||
$this->field_name_obfuscator = $field_name_obfuscator;
|
$this->field_name_obfuscator = $field_name_obfuscator;
|
||||||
|
$this->link_tokens = $link_tokens;
|
||||||
}
|
}
|
||||||
|
|
||||||
function onSave() {
|
function onSave() {
|
||||||
@ -32,7 +37,7 @@ class Manage {
|
|||||||
|
|
||||||
if (!empty($subscriber_data['email'])) {
|
if (!empty($subscriber_data['email'])) {
|
||||||
$subscriber = Subscriber::where('email', $subscriber_data['email'])->findOne();
|
$subscriber = Subscriber::where('email', $subscriber_data['email'])->findOne();
|
||||||
if ($subscriber && $subscriber->verifyToken($token)) {
|
if ($subscriber && $this->link_tokens->verifyToken($subscriber, $token)) {
|
||||||
if ($subscriber_data['email'] !== Pages::DEMO_EMAIL) {
|
if ($subscriber_data['email'] !== Pages::DEMO_EMAIL) {
|
||||||
$subscriber = Subscriber::createOrUpdate($this->filterOutEmptyMandatoryFields($subscriber_data));
|
$subscriber = Subscriber::createOrUpdate($this->filterOutEmptyMandatoryFields($subscriber_data));
|
||||||
$subscriber->getErrors();
|
$subscriber->getErrors();
|
||||||
|
|||||||
@ -110,7 +110,7 @@ class Pages {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$subscriber = Subscriber::where('email', $email)->findOne();
|
$subscriber = Subscriber::where('email', $email)->findOne();
|
||||||
return ($subscriber && $subscriber->verifyToken($token)) ? $subscriber : false;
|
return ($subscriber && $this->link_tokens->verifyToken($subscriber, $token)) ? $subscriber : false;
|
||||||
}
|
}
|
||||||
|
|
||||||
function confirm() {
|
function confirm() {
|
||||||
|
|||||||
Reference in New Issue
Block a user