Changeset 10760

Timestamp:

05/14/2016 04:52:11 PM (9 years ago)

Author:

r-a-y

Message:

Emails: Ensure that the email subject is HTML entity-decoded.

Fixes an issue when using email tokens that contain HTML special characters
in the email subject.

Fixes #6966 (2.5-branch)

Location:

branches/2.5

Files:

• src/bp-core/bp-core-filters.php (modified) (2 diffs)
• tests/phpunit/testcases/core/class-bp-email.php (modified) (1 diff)

branches/2.5/src/bp-core/bp-core-filters.php

@@ -59 +59 @@
 add_filter( 'bp_email_set_content_plaintext', 'wp_strip_all_tags', 6 );
 add_filter( 'bp_email_set_subject', 'sanitize_text_field', 6 );
-
 
 /**
@@ -354 +353 @@
  * @since 2.5.0
  *
- * @param string $retval Current email content.
- * @param string $prop   Email property to check against.
- */
-function bp_email_plaintext_entity_decode( $retval, $prop ) {
-    if ( 'content_plaintext' !== $prop ) {
-        return $retval;
-    }
-
-    return html_entity_decode( $retval, ENT_QUOTES );
-}
-add_filter( 'bp_email_get_property', 'bp_email_plaintext_entity_decode', 10, 2 );
+ * @param string $retval    Current email content.
+ * @param string $prop      Email property to check against.
+ * @param string $transform Either 'raw' or 'replace-tokens'.
+ */
+function bp_email_plaintext_entity_decode( $retval, $prop, $transform ) {
+    switch ( $prop ) {
+        case 'content_plaintext' :
+        case 'subject' :
+            // Only decode if 'replace-tokens' is the current type.
+            if ( 'replace-tokens' === $transform ) {
+                return html_entity_decode( $retval, ENT_QUOTES );
+            } else {
+                return $retval;
+            }
+            break;
+
+        default :
+            return $retval;
+            break;
+    }
+}
+add_filter( 'bp_email_get_property', 'bp_email_plaintext_entity_decode', 10, 3 );
 
 /**

branches/2.5/tests/phpunit/testcases/core/class-bp-email.php

@@ -251 +251 @@
         $this->assertSame( $new_recipient, $addresses[1]->get_address() );
     }
+
+    public function test_html_entities_are_decoded_in_email_subject() {
+        // Emulate custom post title for an email post type.
+        $subject = "It's pretty <new & magical.";
+
+        $email = new BP_Email( 'activity-at-message' );
+        $email->set_subject( $subject )->set_tokens( array( 'poster.name' => 'blah' ) );
+
+        // Subject always has to have tokens replaced before sending.
+        $this->assertSame( $subject, $email->get_subject( 'replace-tokens' ) );
+    }
+
+    public function test_html_entities_are_decoded_in_email_recipient_names() {
+        // Raw display name.
+        $name = "Test o'Toole";
+
+        // Emulate rendered {poster.name} token.
+        $token = apply_filters( 'bp_core_get_user_displayname', $name );
+
+        $email = new BP_Email( 'activity-at-message' );
+        $email->set_subject( '{{poster.name}}' )->set_tokens( array( 'poster.name' => $token ) );
+
+        // Subject always has to have tokens replaced before sending.
+        $this->assertSame( $name, $email->get_subject( 'replace-tokens' ) );
+    }
+
 }