Skip to:
Content

BuddyPress.org

Changeset 10760


Ignore:
Timestamp:
05/14/2016 04:52:11 PM (3 years ago)
Author:
r-a-y
Message:

Emails: Ensure that the email subject is HTML entity-decoded.

Fixes an issue when using email tokens that contain HTML special characters
in the email subject.

Fixes #6966 (2.5-branch)

Location:
branches/2.5
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/2.5/src/bp-core/bp-core-filters.php

    r10616 r10760  
    5959add_filter( 'bp_email_set_content_plaintext', 'wp_strip_all_tags', 6 );
    6060add_filter( 'bp_email_set_subject', 'sanitize_text_field', 6 );
    61 
    6261
    6362/**
     
    354353 * @since 2.5.0
    355354 *
    356  * @param string $retval Current email content.
    357  * @param string $prop   Email property to check against.
    358  */
    359 function bp_email_plaintext_entity_decode( $retval, $prop ) {
    360     if ( 'content_plaintext' !== $prop ) {
    361         return $retval;
    362     }
    363 
    364     return html_entity_decode( $retval, ENT_QUOTES );
    365 }
    366 add_filter( 'bp_email_get_property', 'bp_email_plaintext_entity_decode', 10, 2 );
     355 * @param string $retval    Current email content.
     356 * @param string $prop      Email property to check against.
     357 * @param string $transform Either 'raw' or 'replace-tokens'.
     358 */
     359function bp_email_plaintext_entity_decode( $retval, $prop, $transform ) {
     360    switch ( $prop ) {
     361        case 'content_plaintext' :
     362        case 'subject' :
     363            // Only decode if 'replace-tokens' is the current type.
     364            if ( 'replace-tokens' === $transform ) {
     365                return html_entity_decode( $retval, ENT_QUOTES );
     366            } else {
     367                return $retval;
     368            }
     369            break;
     370
     371        default :
     372            return $retval;
     373            break;
     374    }
     375}
     376add_filter( 'bp_email_get_property', 'bp_email_plaintext_entity_decode', 10, 3 );
    367377
    368378/**
  • branches/2.5/tests/phpunit/testcases/core/class-bp-email.php

    r10541 r10760  
    251251        $this->assertSame( $new_recipient, $addresses[1]->get_address() );
    252252    }
     253
     254    public function test_html_entities_are_decoded_in_email_subject() {
     255        // Emulate custom post title for an email post type.
     256        $subject = "It's pretty <new & magical.";
     257
     258        $email = new BP_Email( 'activity-at-message' );
     259        $email->set_subject( $subject )->set_tokens( array( 'poster.name' => 'blah' ) );
     260
     261        // Subject always has to have tokens replaced before sending.
     262        $this->assertSame( $subject, $email->get_subject( 'replace-tokens' ) );
     263    }
     264
     265    public function test_html_entities_are_decoded_in_email_recipient_names() {
     266        // Raw display name.
     267        $name = "Test o'Toole";
     268
     269        // Emulate rendered {poster.name} token.
     270        $token = apply_filters( 'bp_core_get_user_displayname', $name );
     271
     272        $email = new BP_Email( 'activity-at-message' );
     273        $email->set_subject( '{{poster.name}}' )->set_tokens( array( 'poster.name' => $token ) );
     274
     275        // Subject always has to have tokens replaced before sending.
     276        $this->assertSame( $name, $email->get_subject( 'replace-tokens' ) );
     277    }
     278
    253279}
Note: See TracChangeset for help on using the changeset viewer.