Use verifyToken()
[MAILPOET-2340]
This commit is contained in:
Amine Ben hammou
committed by
Jack Kitterhing
Jack Kitterhing
parent
bc31ca6c6d
commit
e588ebcee9
@ -115,16 +115,6 @@ class Subscriber extends Model {
|
||||
return self::where('wp_user_id', $wp_user->ID)->findOne();
|
||||
}
|
||||
|
||||
function verifyToken($token) {
|
||||
$database_token = (new LinkTokens)->getToken($this);
|
||||
$request_token = substr($token, 0, strlen($database_token));
|
||||
return call_user_func(
|
||||
'hash_equals',
|
||||
$database_token,
|
||||
$request_token
|
||||
);
|
||||
}
|
||||
|
||||
static function filterOutReservedColumns(array $subscriber_data) {
|
||||
$reserved_columns = [
|
||||
'id',
|
||||
|
||||
@ -10,6 +10,7 @@ use MailPoet\Models\Subscriber;
|
||||
use MailPoet\Newsletter\Links\Links;
|
||||
use MailPoet\Statistics\Track\Clicks;
|
||||
use MailPoet\Statistics\Track\Opens;
|
||||
use MailPoet\Subscribers\LinkTokens;
|
||||
use MailPoet\Tasks\Sending as SendingTask;
|
||||
use MailPoet\WP\Functions as WPFunctions;
|
||||
|
||||
@ -31,9 +32,13 @@ class Track {
|
||||
/** @var Opens */
|
||||
private $opens;
|
||||
|
||||
public function __construct(Clicks $clicks, Opens $opens) {
|
||||
/** @var LinkTokens */
|
||||
private $link_tokens;
|
||||
|
||||
public function __construct(Clicks $clicks, Opens $opens, LinkTokens $link_tokens) {
|
||||
$this->clicks = $clicks;
|
||||
$this->opens = $opens;
|
||||
$this->link_tokens = $link_tokens;
|
||||
}
|
||||
|
||||
function click($data) {
|
||||
@ -70,7 +75,7 @@ class Track {
|
||||
|
||||
function _validateTrackData($data) {
|
||||
if (!$data->subscriber || !$data->queue || !$data->newsletter) return false;
|
||||
$subscriber_token_match = $data->subscriber->verifyToken($data->subscriber_token);
|
||||
$subscriber_token_match = $this->link_tokens->verifyToken($data->subscriber, $data->subscriber_token);
|
||||
if (!$subscriber_token_match) {
|
||||
$this->terminate(403);
|
||||
}
|
||||
|
||||
@ -9,6 +9,7 @@ use MailPoet\Models\Subscriber;
|
||||
use MailPoet\Newsletter\Url as NewsletterUrl;
|
||||
use MailPoet\Newsletter\ViewInBrowser as NewsletterViewInBrowser;
|
||||
use MailPoet\Settings\SettingsController;
|
||||
use MailPoet\Subscribers\LinkTokens;
|
||||
use MailPoet\WP\Functions as WPFunctions;
|
||||
|
||||
class ViewInBrowser {
|
||||
@ -24,9 +25,13 @@ class ViewInBrowser {
|
||||
/** @var SettingsController */
|
||||
private $settings;
|
||||
|
||||
function __construct(AccessControl $access_control, SettingsController $settings) {
|
||||
/** @var LinkTokens */
|
||||
private $link_tokens;
|
||||
|
||||
function __construct(AccessControl $access_control, SettingsController $settings, LinkTokens $link_tokens) {
|
||||
$this->access_control = $access_control;
|
||||
$this->settings = $settings;
|
||||
$this->link_tokens = $link_tokens;
|
||||
}
|
||||
|
||||
function view($data) {
|
||||
@ -60,7 +65,7 @@ class ViewInBrowser {
|
||||
false;
|
||||
if ($data->subscriber) {
|
||||
if (empty($data->subscriber_token) ||
|
||||
!$data->subscriber->verifyToken($data->subscriber_token)
|
||||
!$this->link_tokens->verifyToken($data->subscriber, $data->subscriber_token)
|
||||
) return false;
|
||||
} else if (!$data->subscriber && !empty($data->preview)) {
|
||||
// if this is a preview and subscriber does not exist,
|
||||
|
||||
@ -5,6 +5,7 @@ namespace MailPoet\Subscription;
|
||||
use MailPoet\Form\Util\FieldNameObfuscator;
|
||||
use MailPoet\Models\CustomField;
|
||||
use MailPoet\Models\Subscriber;
|
||||
use MailPoet\Subscribers\LinkTokens;
|
||||
use MailPoet\Util\Url as UrlHelper;
|
||||
|
||||
class Manage {
|
||||
@ -15,9 +16,13 @@ class Manage {
|
||||
/** @var FieldNameObfuscator */
|
||||
private $field_name_obfuscator;
|
||||
|
||||
function __construct(UrlHelper $url_helper, FieldNameObfuscator $field_name_obfuscator) {
|
||||
/** @var LinkTokens */
|
||||
private $link_tokens;
|
||||
|
||||
function __construct(UrlHelper $url_helper, FieldNameObfuscator $field_name_obfuscator, LinkTokens $link_tokens) {
|
||||
$this->url_helper = $url_helper;
|
||||
$this->field_name_obfuscator = $field_name_obfuscator;
|
||||
$this->link_tokens = $link_tokens;
|
||||
}
|
||||
|
||||
function onSave() {
|
||||
@ -32,7 +37,7 @@ class Manage {
|
||||
|
||||
if (!empty($subscriber_data['email'])) {
|
||||
$subscriber = Subscriber::where('email', $subscriber_data['email'])->findOne();
|
||||
if ($subscriber && $subscriber->verifyToken($token)) {
|
||||
if ($subscriber && $this->link_tokens->verifyToken($subscriber, $token)) {
|
||||
if ($subscriber_data['email'] !== Pages::DEMO_EMAIL) {
|
||||
$subscriber = Subscriber::createOrUpdate($this->filterOutEmptyMandatoryFields($subscriber_data));
|
||||
$subscriber->getErrors();
|
||||
|
||||
@ -110,7 +110,7 @@ class Pages {
|
||||
}
|
||||
|
||||
$subscriber = Subscriber::where('email', $email)->findOne();
|
||||
return ($subscriber && $subscriber->verifyToken($token)) ? $subscriber : false;
|
||||
return ($subscriber && $this->link_tokens->verifyToken($subscriber, $token)) ? $subscriber : false;
|
||||
}
|
||||
|
||||
function confirm() {
|
||||
|
||||
Reference in New Issue
Block a user