Bridge is a low level service that processes requests and responses to/from Bridge API.
This change is needed so that we can remove dependency on MailPoet\Util\License\Features\Subscribers
service from the Bridge. The dependecy is a higher level service and may easily cause a circular dependency issue.
The SettingsChangeHandler is service for handling side effects
when saving settings. This feels as a better place to put the functionality.
[MAILPOET-5191]
Bridge is a low level service that processes requests and responses to/from Bridge API.
This change is needed so that we can remove dependency on MailPoet\Util\License\Features\Subscribers
service from the Bridge. The dependecy is a higher level service and may easily cause a circular dependency issue.
[MAILPOET-5191]
This is the olny staically called method from the service. In this commit I refactored it to non-static so that it works properly with injected services.
[MAILPOET-5191]
The probability of the routine to run is 5% so it should run approximately 5 times
per 100 writes. So the limit 1000 should be pretty safe to prevent the table from bloating.
[MAILPOET-5071]
This commit changes the way that we are passing data from Twig to JS
variables. Before we were using the raw value of the variable which
could be insecure depending on the source of the variable. Malicious
code could be injected in the variable that would result in JS code
being executed in the browser.
Now we are escaping the value of the variable and then parsing it with
JSON.parse(). This should ensure that whatever is the content of the
Twig variable, it is never possible to inject code that is executed by
the browser.
[MAILPOET-5238]
Before this commit, whenever we needed to output HTML from a function
call in a Twig template, we would use the raw filter that allows any
kind of HTML to be outputted.
This commit adds a new filter called wpKses that internally calls
wp_kses(). We can use this filter instead of raw, this way we can define
the list of allowed HTML and the output becomes more secure.
This commit also replaces all the instances where we were using raw.
[MAILPOET-5238]
In this particular template, using raw was not necessary as the HTML
markup encapsulated the full translatable string. So I removed the call
to raw, and added the HTML markup directly to the template.
[MAILPOET-5238]
I found this file as part of the ticket to investigate Twig templates in
the context of the security scan ([MAILPOET-5238]) as it use the `raw`
filter. It seems this file is not used anymore, so instead of fixing the
use of `raw`, I'm removing it.
As far as I can check, we stopped using this view back in 2016, when
this commit f8efb3934b replaced the homepage
with the newsletter page.
Currently there is only one person per week who is supposed to review
dependabot PRs, so it makes the most sense to me to simply skip this
workflow for any dependabot PRs.
I took this solution from here: https://github
.com/flowwer-dev/pull-request-stats/issues/47
#issuecomment-1221583794
MAILPOET-5260
We were running Tracy 2.9.1 and this version was generating warnings
when running PHP 8.2. Example:
```
ErrorException: Creation of dynamic property Tracy\DefaultBarPanel::$time is deprecated in phar:///var/www/html/wp-content/plugins/mailpoet/tools/vendor/tracy.phar/Tracy/Bar/panels/info.tab.phtml:2
```
[MAILPOET-5265]
