Skip to:
Content

BuddyPress.org

Changeset 10761


Ignore:
Timestamp:
05/14/2016 04:54:40 PM (3 years ago)
Author:
r-a-y
Message:

Emails: Ensure that the email subject is HTML entity-decoded.

Fixes an issue when using email tokens that contain HTML special characters
in the email subject.

See #6966 (trunk)

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/bp-core/bp-core-filters.php

    r10616 r10761  
    5959add_filter( 'bp_email_set_content_plaintext', 'wp_strip_all_tags', 6 );
    6060add_filter( 'bp_email_set_subject', 'sanitize_text_field', 6 );
    61 
    6261
    6362/**
     
    354353 * @since 2.5.0
    355354 *
    356  * @param string $retval Current email content.
    357  * @param string $prop   Email property to check against.
    358  */
    359 function bp_email_plaintext_entity_decode( $retval, $prop ) {
    360     if ( 'content_plaintext' !== $prop ) {
    361         return $retval;
    362     }
    363 
    364     return html_entity_decode( $retval, ENT_QUOTES );
    365 }
    366 add_filter( 'bp_email_get_property', 'bp_email_plaintext_entity_decode', 10, 2 );
     355 * @param string $retval    Current email content.
     356 * @param string $prop      Email property to check against.
     357 * @param string $transform Either 'raw' or 'replace-tokens'.
     358 */
     359function bp_email_plaintext_entity_decode( $retval, $prop, $transform ) {
     360    switch ( $prop ) {
     361        case 'content_plaintext' :
     362        case 'subject' :
     363            // Only decode if 'replace-tokens' is the current type.
     364            if ( 'replace-tokens' === $transform ) {
     365                return html_entity_decode( $retval, ENT_QUOTES );
     366            } else {
     367                return $retval;
     368            }
     369            break;
     370
     371        default :
     372            return $retval;
     373            break;
     374    }
     375}
     376add_filter( 'bp_email_get_property', 'bp_email_plaintext_entity_decode', 10, 3 );
    367377
    368378/**
  • trunk/tests/phpunit/testcases/core/class-bp-email.php

    r10669 r10761  
    268268        $this->assertTrue( $result );
    269269    }
     270
     271    public function test_html_entities_are_decoded_in_email_subject() {
     272        // Emulate custom post title for an email post type.
     273        $subject = "It's pretty <new & magical.";
     274
     275        $email = new BP_Email( 'activity-at-message' );
     276        $email->set_subject( $subject )->set_tokens( array( 'poster.name' => 'blah' ) );
     277
     278        // Subject always has to have tokens replaced before sending.
     279        $this->assertSame( $subject, $email->get_subject( 'replace-tokens' ) );
     280    }
     281
     282    public function test_html_entities_are_decoded_in_email_recipient_names() {
     283        // Raw display name.
     284        $name = "Test o'Toole";
     285
     286        // Emulate rendered {poster.name} token.
     287        $token = apply_filters( 'bp_core_get_user_displayname', $name );
     288
     289        $email = new BP_Email( 'activity-at-message' );
     290        $email->set_subject( '{{poster.name}}' )->set_tokens( array( 'poster.name' => $token ) );
     291
     292        // Subject always has to have tokens replaced before sending.
     293        $this->assertSame( $name, $email->get_subject( 'replace-tokens' ) );
     294    }
     295
    270296}
Note: See TracChangeset for help on using the changeset viewer.