Skip to content

Commit

Permalink
Escaping content for email messages
Browse files Browse the repository at this point in the history
  • Loading branch information
@marcelfolaron
marcelfolaron committed Feb 17, 2025
1 parent 5fdb464 commit 20c4ba6
Show file tree
Hide file tree
Showing 15 changed files with 32 additions and 32 deletions.
2 changes: 1 addition & 1 deletion app/Domain/Canvas/Controllers/BoardDialog.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
"<a href='".$actual_link."'>".$values['title'].'</a>'
"<a href='".$actual_link."'>".strip_tags($values['title']).'</a>'
);
$mailer->setHtml($message);

Expand Down
4 changes: 2 additions & 2 deletions app/Domain/Canvas/Controllers/EditCanvasItem.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ public function post($params)
$message = sprintf(
$this->language->__('email_notifications.canvas_item_update_message'),
session('userdata.name'),
$canvasItem['description']
strip_tags($canvasItem['description'])
);

$notification = app()->make(NotificationModel::class);
Expand Down Expand Up @@ -236,7 +236,7 @@ public function post($params)
$message = sprintf(
$this->language->__('email_notifications.canvas_item_created_message'),
session('userdata.name'),
$canvasItem['description']
strip_tags($canvasItem['description'])
);

$notification = app()->make(NotificationModel::class);
Expand Down
4 changes: 2 additions & 2 deletions app/Domain/Canvas/Controllers/ShowCanvas.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
"<a href='".$actual_link."'>".$values['title'].'</a>'
"<a href='".$actual_link."'>".strip_tags($values['title']).'</a>'
);
$mailer->setHtml($message);

Expand Down Expand Up @@ -232,7 +232,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_imported_message'),
session('userdata.name'),
"<a href='".$actual_link."'>".$canvas[0]['title'].'</a>'
"<a href='".$actual_link."'>".strip_tags($canvas[0]['title']).'</a>'
);
$mailer->setHtml($message);

Expand Down
8 changes: 4 additions & 4 deletions app/Domain/Comments/Services/Comments.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,14 +66,14 @@ public function addComment($values, $module, $entityId, $entity): bool

switch ($module) {
case 'ticket':
$subject = sprintf($this->language->__('email_notifications.new_comment_todo_with_type_subject'), $this->language->__('label.'.strtolower($entity->type)), $entity->id, $entity->headline);
$message = sprintf($this->language->__('email_notifications.new_comment_todo_with_type_message'), session('userdata.name'), $this->language->__('label.'.strtolower($entity->type)), $entity->headline, $values['text']);
$subject = sprintf($this->language->__('email_notifications.new_comment_todo_with_type_subject'), $this->language->__('label.'.strtolower($entity->type)), $entity->id, strip_tags($entity->headline));
$message = sprintf($this->language->__('email_notifications.new_comment_todo_with_type_message'), session('userdata.name'), $this->language->__('label.'.strtolower($entity->type)), strip_tags($entity->headline), strip_tags($values['text']));
$linkLabel = $this->language->__('email_notifications.new_comment_todo_cta');
$currentUrl = BASE_URL.'#/tickets/showTicket/'.$entity->id;
break;
case 'project':
$subject = sprintf($this->language->__('email_notifications.new_comment_project_subject'), $entityId, $entity['name']);
$message = sprintf($this->language->__('email_notifications.new_comment_project_message'), session('userdata.name'), $entity['name']);
$subject = sprintf($this->language->__('email_notifications.new_comment_project_subject'), $entityId, strip_tags($entity['name']));
$message = sprintf($this->language->__('email_notifications.new_comment_project_message'), session('userdata.name'), strip_tags($entity['name']));
$linkLabel = $this->language->__('email_notifications.new_comment_project_cta');
break;
default:
Expand Down
4 changes: 2 additions & 2 deletions app/Domain/Files/Services/Files.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,8 @@ public function uploadFile($file, $module, $entityId, $entity = null): array|boo

switch ($module) {
case 'ticket':
$subject = sprintf($this->language->__('email_notifications.new_file_todo_subject'), $entity->id, $entity->headline);
$message = sprintf($this->language->__('email_notifications.new_file_todo_subject'), session('userdata.name'), $entity->headline);
$subject = sprintf($this->language->__('email_notifications.new_file_todo_subject'), $entity->id, strip_tags($entity->headline));
$message = sprintf($this->language->__('email_notifications.new_file_todo_subject'), session('userdata.name'), strip_tags($entity->headline));
$linkLabel = $this->language->__('email_notifications.new_file_todo_cta');
break;
default:
Expand Down
4 changes: 2 additions & 2 deletions app/Domain/Goalcanvas/Controllers/Dashboard.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
"<a href='".$actual_link."'>".$values['title'].'</a>'
"<a href='".$actual_link."'>".strip_tags($values['title']).'</a>'
);
$mailer->setHtml($message);

Expand Down Expand Up @@ -279,7 +279,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_imported_message'),
session('userdata.name'),
"<a href='".$actual_link."'>".$canvas[0]['title'].'</a>'
"<a href='".$actual_link."'>".strip_tags($canvas[0]['title']).'</a>'
);
$mailer->setHtml($message);

Expand Down
4 changes: 2 additions & 2 deletions app/Domain/Goalcanvas/Controllers/EditCanvasItem.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ public function post($params): Response
$message = sprintf(
$this->language->__('email_notifications.canvas_item_update_message'),
session('userdata.name'),
$canvasItem['description']
strip_tags($canvasItem['description'])
);

$notification = app()->make(NotificationModel::class);
Expand Down Expand Up @@ -280,7 +280,7 @@ public function post($params): Response
$message = sprintf(
$this->language->__('email_notifications.canvas_item_created_message'),
session('userdata.name'),
$canvasItem['description']
strip_tags($canvasItem['description'])
);

$notification = app()->make(NotificationModel::class);
Expand Down
4 changes: 2 additions & 2 deletions app/Domain/Goalcanvas/Controllers/ShowCanvas.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
"<a href='".$actual_link."'>".$values['title'].'</a>'
"<a href='".$actual_link."'>".strip_tags($values['title']).'</a>'
);
$mailer->setHtml($message);

Expand Down Expand Up @@ -232,7 +232,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_imported_message'),
session('userdata.name'),
"<a href='".$actual_link."'>".$canvas[0]['title'].'</a>'
"<a href='".$actual_link."'>".strip_tags($canvas[0]['title']).'</a>'
);
$mailer->setHtml($message);

Expand Down
2 changes: 1 addition & 1 deletion app/Domain/Ideas/Controllers/AdvancedBoards.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ public function run()
$users = $this->projectService->getUsersToNotify(session('currentProject'));

$mailer->setSubject($this->language->__('email_notifications.idea_board_created_subject'));
$message = sprintf($this->language->__('email_notifications.idea_board_created_message'), session('userdata.name'), "<a href='".CURRENT_URL."'>".$values['title'].'</a>.<br />');
$message = sprintf($this->language->__('email_notifications.idea_board_created_message'), session('userdata.name'), "<a href='".CURRENT_URL."'>".strip_tags($values['title']).'</a>.<br />');

$mailer->setHtml($message);
// $mailer->sendMail($users, session("userdata.name"));
Expand Down
2 changes: 1 addition & 1 deletion app/Domain/Ideas/Controllers/BoardDialog.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.canvas_created_message'),
session('userdata.name'),
"<a href='".$actual_link."'>".$values['title'].'</a>'
"<a href='".$actual_link."'>".strip_tags($values['title']).'</a>'
);
$mailer->setHtml($message);

Expand Down
4 changes: 2 additions & 2 deletions app/Domain/Ideas/Controllers/IdeaDialog.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ public function post($params)
$message = sprintf(
$this->language->__('notification.idea_edited'),
session('userdata.name'),
$params['description']
strip_tags($params['description'])
);

$notification = app()->make(NotificationModel::class);
Expand Down Expand Up @@ -232,7 +232,7 @@ public function post($params)

$subject = $this->language->__('email_notifications.idea_created_subject');
$actual_link = BASE_URL.'#/ideas/ideaDialog/'.$id;
$message = sprintf($this->language->__('email_notifications.idea_created_message'), session('userdata.name'), $params['description']);
$message = sprintf($this->language->__('email_notifications.idea_created_message'), session('userdata.name'), strip_tags($params['description']));

$notification = app()->make(NotificationModel::class);
$notification->url = [
Expand Down
2 changes: 1 addition & 1 deletion app/Domain/Ideas/Controllers/ShowBoards.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ public function run()
$users = $this->projectService->getUsersToNotify(session('currentProject'));

$mailer->setSubject($this->language->__('email_notifications.idea_board_created_subject'));
$message = sprintf($this->language->__('email_notifications.idea_board_created_message'), session('userdata.name'), "<a href='".CURRENT_URL."'>".$values['title'].'</a>.<br />');
$message = sprintf($this->language->__('email_notifications.idea_board_created_message'), session('userdata.name'), "<a href='".CURRENT_URL."'>".strip_tags($values['title']).'</a>.<br />');

$mailer->setHtml($message);
// $mailer->sendMail($users, session("userdata.name"));
Expand Down
2 changes: 1 addition & 1 deletion app/Domain/Projects/Controllers/NewProject.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ public function run()
$mailer->setContext('project_created');
$mailer->setSubject($this->language->__('email_notifications.project_created_subject'));
$actual_link = BASE_URL.'/projects/showProject/'.$id.'';
$message = sprintf($this->language->__('email_notifications.project_created_message'), $actual_link, $id, $projectName, session('userdata.name'));
$message = sprintf($this->language->__('email_notifications.project_created_message'), $actual_link, $id, strip_tags($projectName), session('userdata.name'));
$mailer->setHtml($message);

$to = [];
Expand Down
2 changes: 1 addition & 1 deletion app/Domain/Projects/Controllers/ShowProject.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ public function run()
$message = sprintf(
$this->language->__('email_notifications.project_update_message'),
session('userdata.name'),
$values['name']
strip_tags($values['name'])
);

$linkLabel = $this->language->__('email_notifications.project_update_cta');
Expand Down
16 changes: 8 additions & 8 deletions app/Domain/Tickets/Services/Tickets.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1300,7 +1300,7 @@ public function quickAddTicket($params): array|bool
if ($result > 0) {
$values['id'] = $result;
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$result;
$message = sprintf($this->language->__('email_notifications.new_todo_message'), session('userdata.name'), $params['headline']);
$message = sprintf($this->language->__('email_notifications.new_todo_message'), session('userdata.name'), strip_tags($params['headline']));
$subject = $this->language->__('email_notifications.new_todo_subject');

$notification = app()->make(NotificationModel::class);
Expand Down Expand Up @@ -1445,9 +1445,9 @@ public function addTicket($values): array|int|bool

if ($addTicketResponse !== false) {
$values['id'] = $addTicketResponse;
$subject = sprintf($this->language->__('email_notifications.new_todo_subject'), $addTicketResponse, $values['headline']);
$subject = sprintf($this->language->__('email_notifications.new_todo_subject'), $addTicketResponse, strip_tags($values['headline']));
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$addTicketResponse;
$message = sprintf($this->language->__('email_notifications.new_todo_message'), session('userdata.name'), $values['headline']);
$message = sprintf($this->language->__('email_notifications.new_todo_message'), session('userdata.name'), strip_tags($values['headline']));

$notification = app()->make(NotificationModel::class);
$notification->url = [
Expand Down Expand Up @@ -1545,7 +1545,7 @@ public function updateTicket($values): array|bool

// Update Ticket
if ($this->ticketRepository->updateTicket($values, $values['id']) === true) {
$subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $values['id'], $values['headline']);
$subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $values['id'], strip_tags($values['headline']));
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$values['id'];
$message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), $values['headline']);

Expand Down Expand Up @@ -1590,9 +1590,9 @@ public function patch($id, $params): bool
// Todo: create events and move notification logic to notification module
if (isset($params['status']) && $return) {
$ticket = $this->getTicket($id);
$subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $id, $ticket->headline);
$subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $id, strip_tags($ticket->headline));
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$id;
$message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), $ticket->headline);
$message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), strip_tags($ticket->headline));

$notification = app()->make(NotificationModel::class);
$notification->url = [
Expand Down Expand Up @@ -1797,9 +1797,9 @@ public function updateTicketStatusAndSorting($params, $handler = null): bool
$ticket = $this->getTicket($id);

if ($ticket) {
$subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $id, $ticket->headline);
$subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $id, strip_tags($ticket->headline));
$actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$id;
$message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), $ticket->headline);
$message = sprintf($this->language->__('email_notifications.todo_update_message'), session('userdata.name'), strip_tags($ticket->headline));

$notification = app()->make(NotificationModel::class);
$notification->url = [
Expand Down

0 comments on commit 20c4ba6

Please sign in to comment.