Commit 4363f5ae authored by Luke Ward's avatar Luke Ward
Browse files

Escape html characters in email links and include discussion excerpts closes #8

parent 7242e371
......@@ -98,9 +98,8 @@
$this->parse($this->_notification);
$message = $this->_notification->message;
if ($message->subject) {
$this->_notification->message = $message->full;
\dtw\utils\Emailer::send($this->_notification->to, $message->subject, 'notification', $this->_notification);
if ($message->email) {
\dtw\utils\Emailer::send($this->_notification->to, $message->email->subject, 'notification', $message->email);
}
}
}
......@@ -161,6 +160,7 @@
$DtW->load('Discussions');
try {
$thread = $DtW->discussions->getThread($data->thread);
$post = $DtW->discussions->getPost($thread->ID, $data->post);
} catch (\Exception $e) {
$messages = new \stdClass();
$message = "%s posted a new mesage in a deleted thread";
......@@ -169,7 +169,7 @@
return $messages;
}
$url = $thread->permalink . '?notification=' . $this->_notification->id . '#post-' . $data->post;
$url = $thread->permalink . '?notification=' . $this->_notification->id . '#post-' . $post->ID;
$messages = new \stdClass();
$message = "%s posted a new mesage in <a href='%s'>%s</a>";
......@@ -177,8 +177,12 @@
$message = "Reply in <a href='%s'>%s</a>";
$messages->short = sprintf($message, $url, $thread->title);
$messages->email = new \stdClass();
$message = "%s posted a new mesage in \"%s\"";
$messages->subject = sprintf($message, $this->_notification->from->username, $thread->title);
$messages->email->subject = sprintf($message, $this->_notification->from->username, htmlspecialchars($thread->title));
$message = "%s posted a new mesage in <a href='%s'>%s</a>";
$messages->email->message = sprintf($message, $this->_notification->from->getLink(), $url, htmlspecialchars($thread->title));
$messages->email->excerpt = nl2br($post->message->safe);
return $messages;
}
......@@ -197,6 +201,7 @@
$DtW->load('Discussions');
try {
$thread = $DtW->discussions->getThread($data->thread);
$post = $DtW->discussions->getPost($thread->ID);
} catch (\Exception $e) {
$messages = new \stdClass();
$message = "%s mentioned you in a deleted thread";
......@@ -205,7 +210,7 @@
return $messages;
}
$url = $thread->permalink . '?notification=' . $this->_notification->id . '#post-' . $data->post;
$url = $thread->permalink . '?notification=' . $this->_notification->id . '#post-' . $post->ID;
$messages = new \stdClass();
$message = "%s mentioned you in <a href='%s'>%s</a>";
......@@ -213,8 +218,12 @@
$message = "Mentioned in <a href='%s'>%s</a>";
$messages->short = sprintf($message, $url, $thread->title);
$messages->email = new \stdClass();
$message = "%s mentioned you in \"%s\"";
$messages->subject = sprintf($message, $this->_notification->from->username, $thread->title);
$messages->email->subject = sprintf($message, $this->_notification->from->username, htmlspecialchars($thread->title));
$message = "%s mentioned you in <a href='%s'>%s</a>";
$messages->email->message = sprintf($message, $this->_notification->from->getLink(), $url, htmlspecialchars($thread->title));
$messages->email->excerpt = nl2br($post->message->safe);
return $messages;
}
......@@ -300,8 +309,11 @@
$message = "<a href='%s'>%s</a> %s";
$messages->short = sprintf($message, $url, $article->title, $data->status);
$messages->email = new \stdClass();
$message = "Your article %s was %s";
$messages->subject = sprintf($message, $article->title, $data->status);
$messages->email->subject = sprintf($message, $article->title, $data->status);
$message = "Your article <a href='%s'>%s</a> was %s";
$messages->email->message = sprintf($message, $url, htmlspecialchars($article->title), $data->status);
return $messages;
}
......@@ -346,7 +358,9 @@
$message = "Reply to <a href='%s'>Ticket #%d</a>";
$messages->short = sprintf($message, $url, $data->ticket);
$messages->subject = "A reply has been added to a ticket";
$messages->email = new \stdClass();
$messages->email->subject = "A reply has been added to a ticket";
$messages->email->message = $messages->full;
return $messages;
}
......@@ -368,8 +382,10 @@
$message = "<a href='%s'>Ticket #%d</a> %s";
$messages->short = sprintf($message, $url, $data->ticket, $data->status);
$messages->email = new \stdClass();
$message = "Your ticket has been marked as %s";
$messages->subject = sprintf($message, $data->status);
$messages->email->subject = sprintf($message, $data->status);
$messages->email->message = $messages->full;
return $messages;
}
......@@ -391,8 +407,10 @@
$message = "New <a href='%s'>PM</a> from %s";
$messages->short = sprintf($message, $url, $this->_notification->from->getLink());
$messages->email = new \stdClass();
$message = "%s sent you a new private message";
$messages->subject = sprintf($message, $this->_notification->from->username, $thread->title);
$messages->email->subject = sprintf($message, $this->_notification->from->username, $thread->title);
$messages->email->message = $messages->full;
return $messages;
}
......
......@@ -85,6 +85,9 @@
private static function dispatch($item) {
$mail = new \PHPMailer\PHPMailer\PHPMailer();
var_dump($item->body);
die();
$config = \dtw\DtW::$config->get('smtp');
if ($config) {
$mail->isSMTP();
......
......@@ -10,6 +10,19 @@
<tr>
<td style="font-family: 'Lato', sans-serif; font-size:14px; color:#757575; line-height:24px; font-weight: 300;" align="center">
{{ message|raw }}
{% if excerpt %}
<table align="center" border="0" cellpadding="10" cellspacing="0" width="90%" style="max-width:500px;">
<tr><td height="0"></td></tr>
<tr>
<td bgcolor="#2d3b4f" style="font-family: 'Lato', sans-serif; font-size:12px; color: #FFFFFF">
<p>
{{ excerpt|raw }}
</p>
</td>
</tr>
</table>
{% endif %}
</td>
</tr>
{% endblock %}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment