Changeset 107198 in spip-zone for _plugins_/mailsubscribers/trunk


Ignore:
Timestamp:
Oct 29, 2017, 12:27:26 PM (13 months ago)
Author:
cedric@…
Message:

Compat SPIP 3.2 : ne pas sanitizer l'argument url qui contient un bouton html dans les mails de notifications car cela declenche a tort la protection anti XSS ajoutee sur les apples a _T()

Location:
_plugins_/mailsubscribers/trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • _plugins_/mailsubscribers/trunk/notifications/mailsubscriber_confirm.html

    r98864 r107198  
    2020
    2121[(#SET{url,[<br><center>(#INCLURE{fond=emails/inc-button,url=[(#EMAIL*|mailsubscriber_url_confirm{#JETON*[+(#ID_MAILSUBSCRIBINGLIST)]}|url_absolue)],label=<:newsletter:bouton_subscribe:>,width=250px})</center><br>]})]
    22 <p><:mailsubscriber:confirmsubscribe_texte_email_2{url_confirmsubscribe=#GET{url}}:></p>
     22<p>[(#VAL{mailsubscriber:confirmsubscribe_texte_email_2}|_T{#ARRAY{url_confirmsubscribe,#GET{url}},#ARRAY{sanitize,0}})]</p>
    2323
    2424<br />
  • _plugins_/mailsubscribers/trunk/notifications/mailsubscriber_invite_confirm.html

    r98864 r107198  
    2626
    2727[(#SET{url,[<br><center>(#INCLURE{fond=emails/inc-button,url=[(#EMAIL*|mailsubscriber_url_confirm{#JETON*[+(#ID_MAILSUBSCRIBINGLIST)]}|url_absolue)],label=<:newsletter:bouton_subscribe:>,width=250px})</center><br>]})]
    28 <p><:mailsubscriber:confirmsubscribe_texte_email_2{url_confirmsubscribe=#GET{url}}:></p>
     28<p>[(#VAL{mailsubscriber:confirmsubscribe_texte_email_2}|_T{#ARRAY{url_confirmsubscribe,#GET{url}},#ARRAY{sanitize,0}})]</p>
     29
    2930
    3031<br />
  • _plugins_/mailsubscribers/trunk/notifications/mailsubscriber_subscribe.html

    r98864 r107198  
    2525<br />
    2626[(#SET{url,[<br><center>(#INCLURE{fond=emails/inc-button,url=[(#EMAIL*|mailsubscriber_url_unsubscribe{#JETON*[+(#ID_MAILSUBSCRIBINGLIST)]}|url_absolue)],label=<:newsletter:bouton_unsubscribe:>,width=250px,bgcolor=#aaaaaa,bordercolor=#888888})</center>]})]
    27 <p><small><:mailsubscriber:subscribe_texte_email_3{url_unsubscribe=#GET{url}}:></small></p>
     27<p><small>[(#VAL{mailsubscriber:subscribe_texte_email_3}|_T{#ARRAY{url_unsubscribe,#GET{url}},#ARRAY{sanitize,0}})]</small></p>
     28
    2829</body>
    2930</BOUCLE_susc>
  • _plugins_/mailsubscribers/trunk/notifications/mailsubscriber_unsubscribe.html

    r98864 r107198  
    2020<br/>
    2121[(#SET{url,[<br><center>(#INCLURE{fond=emails/inc-button,url=[(#EMAIL*|mailsubscriber_url_subscribe{#JETON*[+(#ID_MAILSUBSCRIBINGLIST)]}|url_absolue)],label=<:newsletter:bouton_subscribe:>,width=250px})</center>]})]
    22 <p><small><:mailsubscriber:unsubscribe_texte_email_3{url_subscribe=#GET{url}}:></small></p>
     22<p><small>[(#VAL{mailsubscriber:unsubscribe_texte_email_3}|_T{#ARRAY{url_subscribe,#GET{url}},#ARRAY{sanitize,0}})]</small></p>
     23
    2324</body>
    2425</BOUCLE_susc>
  • _plugins_/mailsubscribers/trunk/paquet.xml

    r106951 r107198  
    22        prefix="mailsubscribers"
    33        categorie="communication"
    4         version="2.5.0"
     4        version="2.5.1"
    55        etat="test"
    66        compatibilite="[3.0.0;3.2.*]"
Note: See TracChangeset for help on using the changeset viewer.