Escape html characters in email links and include discussion excerpts closes #8

4363f5ae · Luke Ward · 7242e371 · 4363f5ae · 4363f5ae · 4363f5ae
Commit 4363f5ae authored Nov 26, 2019 by Luke Ward
Showing with 45 additions and 11 deletions

src/lib/Notification.php src/lib/Notification.php +29 -11

src/lib/utils/Emailer.php src/lib/utils/Emailer.php +3 -0

src/templates/emails/notification.twig src/templates/emails/notification.twig +13 -0

No files found.
--- a/src/lib/Notification.php
+++ b/src/lib/Notification.php
@@ -98,9 +98,8 @@
                $this->parse($this->_notification);
                $message = $this->_notification->message;

-                if ($message->subject) {
-                    $this->_notification->message = $message->full;
-                    \dtw\utils\Emailer::send($this->_notification->to, $message->subject, 'notification', $this->_notification);
+                if ($message->email) {
+                    \dtw\utils\Emailer::send($this->_notification->to, $message->email->subject, 'notification', $message->email);
                }
            }
        }
@@ -161,6 +160,7 @@
            $DtW->load('Discussions');
            try {
                $thread = $DtW->discussions->getThread($data->thread);
+                $post = $DtW->discussions->getPost($thread->ID, $data->post);
            } catch (\Exception $e) {
                $messages = new \stdClass();
                $message = "%s posted a new mesage in a deleted thread";
@@ -169,7 +169,7 @@
                return $messages;
            }

-            $url = $thread->permalink . '?notification=' . $this->_notification->id . '#post-' . $data->post;
+            $url = $thread->permalink . '?notification=' . $this->_notification->id . '#post-' . $post->ID;

            $messages = new \stdClass();
            $message = "%s posted a new mesage in <a href='%s'>%s</a>";
@@ -177,8 +177,12 @@
            $message = "Reply in <a href='%s'>%s</a>";
            $messages->short = sprintf($message, $url, $thread->title);

+            $messages->email = new \stdClass();
            $message = "%s posted a new mesage in \"%s\"";
-            $messages->subject = sprintf($message, $this->_notification->from->username, $thread->title);
+            $messages->email->subject = sprintf($message, $this->_notification->from->username, htmlspecialchars($thread->title));
+            $message = "%s posted a new mesage in <a href='%s'>%s</a>";
+            $messages->email->message = sprintf($message, $this->_notification->from->getLink(), $url, htmlspecialchars($thread->title));
+            $messages->email->excerpt = nl2br($post->message->safe);

            return $messages;
        }
@@ -197,6 +201,7 @@
            $DtW->load('Discussions');
            try {
                $thread = $DtW->discussions->getThread($data->thread);
+                $post = $DtW->discussions->getPost($thread->ID);
            } catch (\Exception $e) {
                $messages = new \stdClass();
                $message = "%s mentioned you in a deleted thread";
@@ -205,7 +210,7 @@
                return $messages;
            }

-            $url = $thread->permalink . '?notification=' . $this->_notification->id . '#post-' . $data->post;
+            $url = $thread->permalink . '?notification=' . $this->_notification->id . '#post-' . $post->ID;

            $messages = new \stdClass();
            $message = "%s mentioned you in <a href='%s'>%s</a>";
@@ -213,8 +218,12 @@
            $message = "Mentioned in <a href='%s'>%s</a>";
            $messages->short = sprintf($message, $url, $thread->title);

+            $messages->email = new \stdClass();
            $message = "%s mentioned you in \"%s\"";
-            $messages->subject = sprintf($message, $this->_notification->from->username, $thread->title);
+            $messages->email->subject = sprintf($message, $this->_notification->from->username, htmlspecialchars($thread->title));
+            $message = "%s mentioned you in <a href='%s'>%s</a>";
+            $messages->email->message = sprintf($message, $this->_notification->from->getLink(), $url, htmlspecialchars($thread->title));
+            $messages->email->excerpt = nl2br($post->message->safe);

            return $messages;
        }
@@ -300,8 +309,11 @@
            $message = "<a href='%s'>%s</a> %s";
            $messages->short = sprintf($message, $url, $article->title, $data->status);

+            $messages->email = new \stdClass();
            $message = "Your article %s was %s";
-            $messages->subject = sprintf($message, $article->title, $data->status);
+            $messages->email->subject = sprintf($message, $article->title, $data->status);
+            $message = "Your article <a href='%s'>%s</a> was %s";
+            $messages->email->message = sprintf($message, $url, htmlspecialchars($article->title), $data->status);

            return $messages;
        }
@@ -346,7 +358,9 @@
            $message = "Reply to <a href='%s'>Ticket #%d</a>";
            $messages->short = sprintf($message, $url, $data->ticket);

-            $messages->subject = "A reply has been added to a ticket";
+            $messages->email = new \stdClass();
+            $messages->email->subject = "A reply has been added to a ticket";
+            $messages->email->message = $messages->full;

            return $messages;
        }
@@ -368,8 +382,10 @@
            $message = "<a href='%s'>Ticket #%d</a> %s";
            $messages->short = sprintf($message, $url, $data->ticket, $data->status);

+            $messages->email = new \stdClass();
            $message = "Your ticket has been marked as %s";
-            $messages->subject = sprintf($message, $data->status);
+            $messages->email->subject = sprintf($message, $data->status);
+            $messages->email->message = $messages->full;

            return $messages;
        }
@@ -391,8 +407,10 @@
            $message = "New <a href='%s'>PM</a> from %s";
            $messages->short = sprintf($message, $url, $this->_notification->from->getLink());

+            $messages->email = new \stdClass();
            $message = "%s sent you a new private message";
-            $messages->subject = sprintf($message, $this->_notification->from->username, $thread->title);
+            $messages->email->subject = sprintf($message, $this->_notification->from->username, $thread->title);
+            $messages->email->message = $messages->full;

            return $messages;
        }

--- a/src/lib/utils/Emailer.php
+++ b/src/lib/utils/Emailer.php
@@ -85,6 +85,9 @@
        private static function dispatch($item) {
            $mail = new \PHPMailer\PHPMailer\PHPMailer();

+            var_dump($item->body);
+            die();
+
            $config = \dtw\DtW::$config->get('smtp');
            if ($config) {
                $mail->isSMTP();

--- a/src/templates/emails/notification.twig
+++ b/src/templates/emails/notification.twig
@@ -10,6 +10,19 @@
    <tr>
        <td style="font-family: 'Lato', sans-serif; font-size:14px; color:#757575; line-height:24px; font-weight: 300;" align="center">
            {{ message|raw }}
+
+            {% if excerpt %}
+                <table align="center" border="0" cellpadding="10" cellspacing="0" width="90%" style="max-width:500px;">
+                    <tr><td height="0"></td></tr>
+                    <tr>
+                        <td bgcolor="#2d3b4f" style="font-family: 'Lato', sans-serif; font-size:12px; color: #FFFFFF">
+                            <p>
+                                {{ excerpt|raw }}
+                            </p>
+                        </td>
+                    </tr>
+                </table>
+            {% endif %}
        </td>
    </tr>
 {% endblock %}
\ No newline at end of file