diff --git a/lib/Router/Endpoints/ViewInBrowser.php b/lib/Router/Endpoints/ViewInBrowser.php index 418e035e20..ab61e6c446 100644 --- a/lib/Router/Endpoints/ViewInBrowser.php +++ b/lib/Router/Endpoints/ViewInBrowser.php @@ -39,11 +39,6 @@ class ViewInBrowser { Newsletter::getByHash($data->newsletter_hash); if(!$data->newsletter) return false; - // queue is optional; if defined, get it - $data->queue = (!empty($data->queue_id)) ? - SendingQueue::findOne($data->queue_id) : - SendingQueue::where('newsletter_id', $data->newsletter->id)->findOne(); - // subscriber is optional; if exists, token must validate $data->subscriber = (!empty($data->subscriber_id)) ? Subscriber::findOne($data->subscriber_id) : @@ -53,6 +48,15 @@ class ViewInBrowser { !Subscriber::verifyToken($data->subscriber->email, $data->subscriber_token) ) return false; } + + // if newsletter ID is defined then subscriber must exist + if($data->newsletter_id && !$data->subscriber) return false; + + // queue is optional; if defined, get it + $data->queue = (!empty($data->queue_id)) ? + SendingQueue::findOne($data->queue_id) : + SendingQueue::where('newsletter_id', $data->newsletter->id)->findOne(); + // if queue and subscriber exist and newsletter is not being previewed, // subscriber must have received the newsletter if(empty($data->preview) && diff --git a/tests/unit/Router/Endpoints/ViewInBrowserTest.php b/tests/unit/Router/Endpoints/ViewInBrowserTest.php index 58edf88ad9..a152f3b0ff 100644 --- a/tests/unit/Router/Endpoints/ViewInBrowserTest.php +++ b/tests/unit/Router/Endpoints/ViewInBrowserTest.php @@ -37,7 +37,7 @@ class ViewInBrowserRouterTest extends MailPoetTest { function testItAbortsWhenBrowserPreviewDataIsMissing() { $view_in_browser = Stub::make($this->view_in_browser, array( - '_abort' => Stub::exactly(2, function () { }) + '_abort' => Stub::exactly(2, function() { }) ), $this); // newsletter ID is required $data = $this->browser_preview_data; @@ -51,7 +51,7 @@ class ViewInBrowserRouterTest extends MailPoetTest { function testItAbortsWhenBrowserPreviewDataIsInvalid() { $view_in_browser = Stub::make($this->view_in_browser, array( - '_abort' => Stub::exactly(3, function () { }) + '_abort' => Stub::exactly(3, function() { }) ), $this); // newsletter ID is invalid $data = $this->browser_preview_data; @@ -72,7 +72,7 @@ class ViewInBrowserRouterTest extends MailPoetTest { $subscriber = $this->subscriber; $subscriber->email = 'random@email.com'; $subscriber->save(); - $data = (object) array_merge( + $data = (object)array_merge( $this->browser_preview_data, array( 'queue' => $this->queue, @@ -83,8 +83,14 @@ class ViewInBrowserRouterTest extends MailPoetTest { expect($this->view_in_browser->_validateBrowserPreviewData($data))->false(); } + function testItFailsValidationWhenNewsletterIdIsProvidedButSubscriberDoesNotExist() { + $data = (object)$this->browser_preview_data; + $data->subscriber_id = false; + expect($this->view_in_browser->_validateBrowserPreviewData($data))->false(); + } + function testItFailsValidationWhenSubscriberIsNotOnProcessedList() { - $data = (object) $this->browser_preview_data; + $data = (object)$this->browser_preview_data; $result = $this->view_in_browser->_validateBrowserPreviewData($data); expect($result)->notEmpty(); $queue = $this->queue; @@ -95,7 +101,7 @@ class ViewInBrowserRouterTest extends MailPoetTest { } function testItDoesNotRequireWpUsersToBeOnProcessedListWhenPreviewIsEnabled() { - $data = (object) array_merge( + $data = (object)array_merge( $this->browser_preview_data, array( 'queue' => $this->queue, @@ -117,7 +123,7 @@ class ViewInBrowserRouterTest extends MailPoetTest { function testItReturnsViewActionResult() { $view_in_browser = Stub::make($this->view_in_browser, array( - '_displayNewsletter' => Stub::exactly(1, function () { }) + '_displayNewsletter' => Stub::exactly(1, function() { }) ), $this); $view_in_browser->data = $view_in_browser->_processBrowserPreviewData($this->browser_preview_data); $view_in_browser->view();