mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #8026 from nextcloud/feature/noid/allow-custom-html-in-html-emails 

Allow custom HTML in HTML Emails
This commit is contained in:
Joas Schilling 2018-02-26 13:38:39 +01:00 committed by GitHub
parent 695e32d0a6 a097ecded7
commit 226e63695f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 28 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/sharebymail/lib/ShareByMailProvider.php
View File

@ -404,7 +404,7 @@ class ShareByMailProvider implements IShareProvider {
$text = $this->l->t('%s shared »%s« with you.', [$initiatorDisplayName, $filename]); $text = $this->l->t('%s shared »%s« with you.', [$initiatorDisplayName, $filename]);
$emailTemplate->addBodyText( $emailTemplate->addBodyText(
$text . ' ' . $this->l->t('Click the button below to open it.'), htmlspecialchars($text . ' ' . $this->l->t('Click the button below to open it.')),
$text $text
); );
$emailTemplate->addBodyButton( $emailTemplate->addBodyButton(
@ -476,7 +476,7 @@ class ShareByMailProvider implements IShareProvider {
$emailTemplate->setSubject($this->l->t('Password to access »%s« shared to you by %s', [$filename, $initiatorDisplayName])); $emailTemplate->setSubject($this->l->t('Password to access »%s« shared to you by %s', [$filename, $initiatorDisplayName]));
$emailTemplate->addHeader(); $emailTemplate->addHeader();
$emailTemplate->addHeading($this->l->t('Password to access »%s«', [$filename]), false); $emailTemplate->addHeading($this->l->t('Password to access »%s«', [$filename]), false);
$emailTemplate->addBodyText($htmlBodyPart, $plainBodyPart); $emailTemplate->addBodyText(htmlspecialchars($htmlBodyPart), $plainBodyPart);
$emailTemplate->addBodyText($this->l->t('It is protected with the following password: %s', [$password])); $emailTemplate->addBodyText($this->l->t('It is protected with the following password: %s', [$password]));
// The "From" contains the sharers name // The "From" contains the sharers name

4
core/Controller/LostController.php
View File

@ -321,12 +321,12 @@ class LostController extends Controller {
$emailTemplate->addHeading($this->l10n->t('Password reset')); $emailTemplate->addHeading($this->l10n->t('Password reset'));
$emailTemplate->addBodyText( $emailTemplate->addBodyText(
$this->l10n->t('Click the following button to reset your password. If you have not requested the password reset, then ignore this email.'), htmlspecialchars($this->l10n->t('Click the following button to reset your password. If you have not requested the password reset, then ignore this email.')),
$this->l10n->t('Click the following link to reset your password. If you have not requested the password reset, then ignore this email.') $this->l10n->t('Click the following link to reset your password. If you have not requested the password reset, then ignore this email.')
); );
$emailTemplate->addBodyButton( $emailTemplate->addBodyButton(
$this->l10n->t('Reset your password'), htmlspecialchars($this->l10n->t('Reset your password')),
$link, $link,
false false
); );

28
lib/private/Mail/EMailTemplate.php
View File

@ -420,7 +420,7 @@ EOF;
/** /**
* Adds a paragraph to the body of the email * Adds a paragraph to the body of the email
* *
* @param string $text * @param string $text Note: When $plainText falls back to this, HTML is automatically escaped in the HTML email
* @param string|bool $plainText Text that is used in the plain text email * @param string|bool $plainText Text that is used in the plain text email
* if empty the $text is used, if false none will be used * if empty the $text is used, if false none will be used
*/ */
@ -430,11 +430,12 @@ EOF;
} }
if ($plainText === '') { if ($plainText === '') {
$plainText = $text; $plainText = $text;
$text = htmlspecialchars($text);
} }
$this->ensureBodyIsOpened(); $this->ensureBodyIsOpened();
$this->htmlBody .= vsprintf($this->bodyText, [htmlspecialchars($text)]); $this->htmlBody .= vsprintf($this->bodyText, [$text]);
if ($plainText !== false) { if ($plainText !== false) {
$this->plainBody .= $plainText . PHP_EOL . PHP_EOL; $this->plainBody .= $plainText . PHP_EOL . PHP_EOL;
} }
@ -443,8 +444,8 @@ EOF;
/** /**
* Adds a list item to the body of the email * Adds a list item to the body of the email
* *
* @param string $text * @param string $text Note: When $plainText falls back to this, HTML is automatically escaped in the HTML email
* @param string $metaInfo * @param string $metaInfo Note: When $plainMetaInfo falls back to this, HTML is automatically escaped in the HTML email
* @param string $icon Absolute path, must be 16*16 pixels * @param string $icon Absolute path, must be 16*16 pixels
* @param string $plainText Text that is used in the plain text email * @param string $plainText Text that is used in the plain text email
* if empty the $text is used, if false none will be used * if empty the $text is used, if false none will be used
@ -457,14 +458,16 @@ EOF;
if ($plainText === '') { if ($plainText === '') {
$plainText = $text; $plainText = $text;
$text = htmlspecialchars($text);
} }
if ($plainMetaInfo === '') { if ($plainMetaInfo === '') {
$plainMetaInfo = $metaInfo; $plainMetaInfo = $metaInfo;
$metaInfo = htmlspecialchars($metaInfo);
} }
$htmlText = htmlspecialchars($text); $htmlText = $text;
if ($metaInfo) { if ($metaInfo) {
$htmlText = '<em style="color:#777;">' . htmlspecialchars($metaInfo) . '</em><br>' . $htmlText; $htmlText = '<em style="color:#777;">' . $metaInfo . '</em><br>' . $htmlText;
} }
if ($icon !== '') { if ($icon !== '') {
$icon = '<img src="' . htmlspecialchars($icon) . '" alt="&bull;">'; $icon = '<img src="' . htmlspecialchars($icon) . '" alt="&bull;">';
@ -503,9 +506,9 @@ EOF;
/** /**
* Adds a button group of two buttons to the body of the email * Adds a button group of two buttons to the body of the email
* *
* @param string $textLeft Text of left button * @param string $textLeft Text of left button; Note: When $plainTextLeft falls back to this, HTML is automatically escaped in the HTML email
* @param string $urlLeft URL of left button * @param string $urlLeft URL of left button
* @param string $textRight Text of right button * @param string $textRight Text of right button; Note: When $plainTextRight falls back to this, HTML is automatically escaped in the HTML email
* @param string $urlRight URL of right button * @param string $urlRight URL of right button
* @param string $plainTextLeft Text of left button that is used in the plain text version - if unset the $textLeft is used * @param string $plainTextLeft Text of left button that is used in the plain text version - if unset the $textLeft is used
* @param string $plainTextRight Text of right button that is used in the plain text version - if unset the $textRight is used * @param string $plainTextRight Text of right button that is used in the plain text version - if unset the $textRight is used
@ -521,10 +524,12 @@ EOF;
} }
if ($plainTextLeft === '') { if ($plainTextLeft === '') {
$plainTextLeft = $textLeft; $plainTextLeft = $textLeft;
$textLeft = htmlspecialchars($textLeft);
} }
if ($plainTextRight === '') { if ($plainTextRight === '') {
$plainTextRight = $textRight; $plainTextRight = $textRight;
$textRight = htmlspecialchars($textRight);
} }
$this->ensureBodyIsOpened(); $this->ensureBodyIsOpened();
@ -533,7 +538,7 @@ EOF;
$color = $this->themingDefaults->getColorPrimary(); $color = $this->themingDefaults->getColorPrimary();
$textColor = $this->themingDefaults->getTextColorPrimary(); $textColor = $this->themingDefaults->getTextColorPrimary();
$this->htmlBody .= vsprintf($this->buttonGroup, [$color, $color, $urlLeft, $color, $textColor, $textColor, htmlspecialchars($textLeft), $urlRight, htmlspecialchars($textRight)]); $this->htmlBody .= vsprintf($this->buttonGroup, [$color, $color, $urlLeft, $color, $textColor, $textColor, $textLeft, $urlRight, $textRight]);
$this->plainBody .= $plainTextLeft . ': ' . $urlLeft . PHP_EOL; $this->plainBody .= $plainTextLeft . ': ' . $urlLeft . PHP_EOL;
$this->plainBody .= $plainTextRight . ': ' . $urlRight . PHP_EOL . PHP_EOL; $this->plainBody .= $plainTextRight . ': ' . $urlRight . PHP_EOL . PHP_EOL;
@ -542,7 +547,7 @@ EOF;
/** /**
* Adds a button to the body of the email * Adds a button to the body of the email
* *
* @param string $text Text of button * @param string $text Text of button; Note: When $plainText falls back to this, HTML is automatically escaped in the HTML email
* @param string $url URL of button * @param string $url URL of button
* @param string $plainText Text of button in plain text version * @param string $plainText Text of button in plain text version
* if empty the $text is used, if false none will be used * if empty the $text is used, if false none will be used
@ -559,11 +564,12 @@ EOF;
if ($plainText === '') { if ($plainText === '') {
$plainText = $text; $plainText = $text;
$text = htmlspecialchars($text);
} }
$color = $this->themingDefaults->getColorPrimary(); $color = $this->themingDefaults->getColorPrimary();
$textColor = $this->themingDefaults->getTextColorPrimary(); $textColor = $this->themingDefaults->getTextColorPrimary();
$this->htmlBody .= vsprintf($this->button, [$color, $color, $url, $color, $textColor, $textColor, htmlspecialchars($text)]); $this->htmlBody .= vsprintf($this->button, [$color, $color, $url, $color, $textColor, $textColor, $text]);
if ($plainText !== false) { if ($plainText !== false) {
$this->plainBody .= $plainText . ': '; $this->plainBody .= $plainText . ': ';

2
lib/private/Share20/Manager.php
View File

@ -735,7 +735,7 @@ class Manager implements IManager {
$text = $l->t('%s shared »%s« with you.', [$initiatorDisplayName, $filename]); $text = $l->t('%s shared »%s« with you.', [$initiatorDisplayName, $filename]);
$emailTemplate->addBodyText( $emailTemplate->addBodyText(
$text . ' ' . $l->t('Click the button below to open it.'), htmlspecialchars($text . ' ' . $l->t('Click the button below to open it.')),
$text $text
); );
$emailTemplate->addBodyButton( $emailTemplate->addBodyButton(

12
lib/public/Mail/IEMailTemplate.php
View File

@ -85,7 +85,7 @@ interface IEMailTemplate {
/** /**
* Adds a paragraph to the body of the email * Adds a paragraph to the body of the email
* *
* @param string $text * @param string $text; Note: When $plainText falls back to this, HTML is automatically escaped in the HTML email
* @param string|bool $plainText Text that is used in the plain text email * @param string|bool $plainText Text that is used in the plain text email
* if empty the $text is used, if false none will be used * if empty the $text is used, if false none will be used
* *
@ -96,8 +96,8 @@ interface IEMailTemplate {
/** /**
* Adds a list item to the body of the email * Adds a list item to the body of the email
* *
* @param string $text * @param string $text; Note: When $plainText falls back to this, HTML is automatically escaped in the HTML email
* @param string $metaInfo * @param string $metaInfo; Note: When $plainMetaInfo falls back to this, HTML is automatically escaped in the HTML email
* @param string $icon Absolute path, must be 16*16 pixels * @param string $icon Absolute path, must be 16*16 pixels
* @param string $plainText Text that is used in the plain text email * @param string $plainText Text that is used in the plain text email
* if empty the $text is used, if false none will be used * if empty the $text is used, if false none will be used
@ -110,9 +110,9 @@ interface IEMailTemplate {
/** /**
* Adds a button group of two buttons to the body of the email * Adds a button group of two buttons to the body of the email
* *
* @param string $textLeft Text of left button * @param string $textLeft Text of left button; Note: When $plainTextLeft falls back to this, HTML is automatically escaped in the HTML email
* @param string $urlLeft URL of left button * @param string $urlLeft URL of left button
* @param string $textRight Text of right button * @param string $textRight Text of right button; Note: When $plainTextRight falls back to this, HTML is automatically escaped in the HTML email
* @param string $urlRight URL of right button * @param string $urlRight URL of right button
* @param string $plainTextLeft Text of left button that is used in the plain text version - if empty the $textLeft is used * @param string $plainTextLeft Text of left button that is used in the plain text version - if empty the $textLeft is used
* @param string $plainTextRight Text of right button that is used in the plain text version - if empty the $textRight is used * @param string $plainTextRight Text of right button that is used in the plain text version - if empty the $textRight is used
@ -124,7 +124,7 @@ interface IEMailTemplate {
/** /**
* Adds a button to the body of the email * Adds a button to the body of the email
* *
* @param string $text Text of button * @param string $text Text of button; Note: When $plainText falls back to this, HTML is automatically escaped in the HTML email
* @param string $url URL of button * @param string $url URL of button
* @param string $plainText Text of button in plain text version * @param string $plainText Text of button in plain text version
* if empty the $text is used, if false none will be used * if empty the $text is used, if false none will be used