Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Ed Linklater
newsletter
Commits
aad27822
Commit
aad27822
authored
Dec 20, 2012
by
Normann Lou
Browse files
FIX: Sanitize User input
obey code conversion - rules for 120 chars
parent
4c6dd56d
Changes
2
Hide whitespace changes
Inline
Side-by-side
code/controllers/UnsubscribeController.php
View file @
aad27822
...
...
@@ -29,10 +29,11 @@ class UnsubscribeController extends Page_Controller {
$mailingListID
=
(
int
)
$this
->
urlParams
[
'MailingList'
];
if
(
$mailingListID
)
{
return
$mailingList
=
DataObject
::
get_by_id
(
"NewsletterType"
,
$mailingListID
);
return
$mailingList
=
DataObject
::
get_by_id
(
"NewsletterType"
,
Convert
::
raw2sql
(
$mailingListID
)
)
;
}
else
{
if
(
isset
(
$_GET
[
'MailingLists'
])
&&
!
empty
(
$_GET
[
'MailingLists'
])
&&
is_array
(
$_GET
[
'MailingLists'
])){
return
DataObject
::
get
(
"NewsletterType"
,
"ID IN ("
.
implode
(
","
,
$_GET
[
'MailingLists'
])
.
")"
);
return
DataObject
::
get
(
"NewsletterType"
,
"ID IN ("
.
implode
(
","
,
Convert
::
raw2sql
(
$_GET
[
'MailingLists'
]))
.
")"
);
};
}
}
...
...
@@ -49,7 +50,8 @@ class UnsubscribeController extends Page_Controller {
// then unsubscribe the user
if
(
$member
&&
isset
(
$mailingList
)
&&
$mailingList
->
exists
()
&&
$member
->
inGroup
(
$mailingList
->
GroupID
))
{
$this
->
unsubscribeFromList
(
$member
,
$mailingList
);
$url
=
Director
::
absoluteBaseURL
()
.
$this
->
RelativeLink
(
'done'
)
.
"/"
.
$member
->
AutoLoginHash
.
"/"
.
$mailingList
->
ID
;
$url
=
Director
::
absoluteBaseURL
()
.
$this
->
RelativeLink
(
'done'
)
.
"/"
.
$member
->
AutoLoginHash
.
"/"
.
$mailingList
->
ID
;
Director
::
redirect
(
$url
);
return
$url
;
}
elseif
(
$member
)
{
...
...
@@ -75,7 +77,8 @@ class UnsubscribeController extends Page_Controller {
}
elseif
(
is_a
(
$mailingList
,
"NewsletterType"
)){
$nlTypes
=
$mailingList
->
Title
;
}
self
::
$done_message
=
sprintf
(
_t
(
'Unsubscribe.REMOVESUCCESS'
,
'Thank you. %s will no longer receive the %s.'
),
$email
,
$nlTypes
);
self
::
$done_message
=
sprintf
(
_t
(
'Unsubscribe.REMOVESUCCESS'
,
'Thank you. %s will no longer receive the %s.'
),
$email
,
$nlTypes
);
}
$form
->
setMessage
(
self
::
$done_message
,
'good'
);
self
::
$done_message
=
null
;
...
...
@@ -89,13 +92,16 @@ class UnsubscribeController extends Page_Controller {
$form
=
new
Form
(
$this
,
"UnsubscribeLinkSent"
,
new
FieldSet
(),
new
FieldSet
);
if
(
isset
(
$_GET
[
'SendEmail'
])
&&
$_GET
[
'SendEmail'
]){
$form
->
setMessage
(
sprintf
(
_t
(
'Unsubscribe.LINKSENTTO'
,
"The unsubscribe link has been sent to %s"
),
$_GET
[
'SendEmail'
]),
"good"
);
$form
->
setMessage
(
sprintf
(
_t
(
'Unsubscribe.LINKSENTTO'
,
"The unsubscribe link has been sent to %s"
),
$_GET
[
'SendEmail'
]),
"good"
);
return
$this
->
customise
(
array
(
'Title'
=>
_t
(
'Unsubscribe.LINKSENT'
,
'Unsubscrib Link Sent'
),
'Form'
=>
$form
))
->
renderWith
(
'Page'
);
}
elseif
(
isset
(
$_GET
[
'SendError'
])
&&
$_GET
[
'SendError'
]){
$form
->
setMessage
(
sprintf
(
_t
(
'Unsubscribe.LINKSENDERR'
,
"Sorry, currently we have internal error, and can't send the unsubscribe link to %s"
),
$_GET
[
'SendError'
]),
"good"
);
$form
->
setMessage
(
sprintf
(
_t
(
'Unsubscribe.LINKSENDERR'
,
"Sorry, currently we have internal error, and can't send the unsubscribe link to %s"
),
$_GET
[
'SendError'
]),
"good"
);
return
$this
->
customise
(
array
(
'Title'
=>
_t
(
'Unsubscribe.LINKNOTSEND'
,
'Unsubscrib Link Can\'t Be Sent'
),
'Form'
=>
$form
...
...
@@ -125,7 +131,7 @@ class UnsubscribeController extends Page_Controller {
*/
function
sendmeunsubscribelink
(
$data
)
{
if
(
isset
(
$data
[
'Email'
])
&&
$data
[
'Email'
])
{
$member
=
DataObject
::
get_one
(
"Member"
,
"Email = '"
.
$data
[
'Email'
]
.
"'"
);
$member
=
DataObject
::
get_one
(
"Member"
,
"Email = '"
.
Convert
::
raw2sql
(
$data
[
'Email'
]
)
.
"'"
);
if
(
$member
){
if
(
!
$from
=
Email
::
getAdminEmail
()){
$from
=
'noreply@'
.
Director
::
BaseURL
();
...
...
@@ -154,13 +160,16 @@ HTML
$email
=
new
Email
(
$from
,
$to
,
$subject
,
$body
);
$result
=
$email
->
send
();
if
(
$result
){
Director
::
redirect
(
Director
::
absoluteBaseURL
()
.
$this
->
RelativeLink
(
'linksent'
)
.
"?SendEmail="
.
$data
[
'Email'
]);
Director
::
redirect
(
Director
::
absoluteBaseURL
()
.
$this
->
RelativeLink
(
'linksent'
)
.
"?SendEmail="
.
$data
[
'Email'
]);
}
else
{
Director
::
redirect
(
Director
::
absoluteBaseURL
()
.
$this
->
RelativeLink
(
'linksent'
)
.
"?SendError="
.
$data
[
'Email'
]);
Director
::
redirect
(
Director
::
absoluteBaseURL
()
.
$this
->
RelativeLink
(
'linksent'
)
.
"?SendError="
.
$data
[
'Email'
]);
}
}
else
{
$form
=
$this
->
EmailAddressForm
();
$message
=
sprintf
(
_t
(
"Unsubscribe.NOTSIGNUP"
,
"Sorry, '%s' doesn't appear to be an sign-up member with us"
),
$data
[
'Email'
]);
$message
=
sprintf
(
_t
(
"Unsubscribe.NOTSIGNUP"
,
"Sorry, '%s' doesn't appear to be an sign-up member with us"
),
$data
[
'Email'
]);
$form
->
sessionMessage
(
$message
,
'bad'
);
Director
::
redirectBack
();
}
...
...
@@ -180,15 +189,18 @@ HTML
if
(
$data
[
'MailingLists'
]
)
{
$mailingLists
=
array
();
foreach
(
array_keys
(
$data
[
'MailingLists'
]
)
as
$listID
){
$list
=
DataObject
::
get_by_id
(
'NewsletterType'
,
$listID
);
$list
=
DataObject
::
get_by_id
(
'NewsletterType'
,
Convert
::
raw2sql
(
$listID
)
);
$this
->
unsubscribeFromList
(
$member
,
$list
);
$mailingLists
[]
=
"MailingLists[]="
.
$listID
;
}
$liststring
=
implode
(
"&"
,
$mailingLists
);
Director
::
redirect
(
Director
::
absoluteBaseURL
()
.
$this
->
RelativeLink
(
'done'
)
.
"/"
.
$member
->
AutoLoginHash
.
"?"
.
$liststring
);
Director
::
redirect
(
Director
::
absoluteBaseURL
()
.
$this
->
RelativeLink
(
'done'
)
.
"/"
.
$member
->
AutoLoginHash
.
"?"
.
$liststring
);
return
;
}
else
{
$form
->
addErrorMessage
(
'MailingLists'
,
_t
(
'Unsubscribe.NOMLSELECTED'
,
'You need to select at least one mailing list to unsubscribe from.'
),
'bad'
);
$form
->
addErrorMessage
(
'MailingLists'
,
_t
(
'Unsubscribe.NOMLSELECTED'
,
'You need to select at least one mailing list to unsubscribe from.'
),
'bad'
);
Director
::
redirectBack
();
}
}
...
...
code/pages/SubscriptionPage.php
View file @
aad27822
...
...
@@ -261,7 +261,7 @@ JS
if
(
isset
(
$data
[
"NewsletterSelection"
])){
foreach
(
$data
[
"NewsletterSelection"
]
as
$n
){
$newsletterType
=
DataObject
::
get_by_id
(
"NewsletterType"
,
$n
);
$newsletterType
=
DataObject
::
get_by_id
(
"NewsletterType"
,
Convert
::
raw2sql
(
$n
)
)
;
if
(
$newsletterType
->
exists
()){
$newsletters
[]
=
$newsletterType
;
...
...
@@ -328,7 +328,7 @@ JS
function
complete
(){
if
(
$id
=
$this
->
urlParams
[
'ID'
]){
$memberData
=
DataObject
::
get_by_id
(
"Member"
,
$id
)
->
getAllFields
();
$memberData
=
DataObject
::
get_by_id
(
"Member"
,
Convert
::
raw2sql
(
$id
)
)
->
getAllFields
();
}
return
$this
->
customise
(
array
(
'Title'
=>
_t
(
'SubscriptionCompleted'
,
'Subscription completed!'
),
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment