some improvement

  • Hrohh

    (@hrohh)


    8 years, 3 months ago

    log-detail.php
    not needed sanitize post_content, if is html, i want html!

    <tr>
	<th><?php echo esc_html_x('Message', 'content of email', 'log-emails'); ?></th>
	<?php if (!empty($content_type) && strpos($content_type, 'text/html') !== false && empty($_GET['raw'])): ?>
		<td>
			<p><a href="<?php echo esc_url($current . '&raw=1'); ?>"><?php esc_html_e('view raw message', 'log-emails'); ?></a></p>
			<?php echo $post->post_content; ?>
		</td>
	<?php else: ?>
		<td>
			<?php if (!empty($content_type) && strpos($content_type, 'text/html') !== false && !empty($_GET['raw'])): ?>
				<p><a href="<?php echo esc_url($current); ?>"><?php esc_html_e('view HTML message', 'log-emails'); ?></a></p>
			<?php endif; ?>
			<?php echo nl2br(esc_html($post->post_content)); ?>
		</td>
	<?php endif; ?>
</tr>

    remove filter sanitization

    public static function createLog($subject, $message, $alt_message, $fields) {
		do_action('log_emails_cache_pause');

		remove_all_filters("content_save_pre");
		// create post for message
		$post_id = wp_insert_post(array(

    Im using MyMail plugin for newsletters. There is option to override all system email via MyMail templates, so if I want log this email -> 

    add_action('mymail_presend','mymail_log_email' );
function mymail_log_email($email){
    if (class_exists('LogEmailsPostTypeLog')) {
        $fields = array();
        $fields['_log_emails_log_from'] = sprintf('%s <%s>', $email->from_name, $email->from);
        /*
        if (!empty($cc)) {
            $fields['_log_emails_log_cc'] = implode(', ', $cc);
        }
        if (!empty($bcc)) {
            $fields['_log_emails_log_bcc'] = implode(', ', $bcc);
        }
        */
        $fields['_log_emails_log_to'] = $email->to;
        $fields['_log_emails_log_content-type'] = 'text/html';    

        new LogEmailsPostTypeLog();
        LogEmailsPostTypeLog::createLog($email->subject, $email->content, $email->plaintext, $fields);
    }
}

    better css handle with html email

    .log-emails-log-details {

	width: 96%;

	> tbody > tr > th {
		text-align: right;
		vertical-align: top;
		padding: 3px;
		width: 8em;
	}

	> tbody > tr > td {
		padding: 3px;
		border: 1px solid #ccc;
		background-color: white;
	}

}

.log-emails-log-details * {
	margin: inherit;
}

    add i18n to menu

    public function adminMenu() {
		add_options_page(__('Email Logs', 'log-emails'), __('Email Logs', 'log-emails'), 'manage_options', 'log-emails', array($this, 'settingsPage'));
	}

    https://wordpress.org/plugins/log-emails/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author webaware

    (@webaware)

    8 years, 3 months ago

    G’day Hrohh,

    Thanks for your enhancements. I’ll review for incorporation into the plugin core. If I don’t incorporate them all, I’ll add some actions / filters to let you handle those items yourself so that you can receive plugin updates without losing functionality.

    The reason I sanitise the post content is that it’s possible to create a cross-site scripting (XSS) vulnerability if I allow some things through. Logged emails can contain user-submitted content, so I must be careful there. I’ll look at how I can better balance that requirement with the need to show the email’s HTML though.

    cheers,
    Ross

    Thread Starter Hrohh

    (@hrohh)

    8 years, 3 months ago

    Ok, thank you. You’re absolutely right about XSS.

    I have some strange behaviour about columns in table list.
    My plugins are Anything Order, Admin Columns Pro and Admin Bookmarks. Can you look at it?

    Plugin Author webaware

    (@webaware)

    8 years, 3 months ago

    No worries, I’ve added that to my bug tracker too. I’ll probably give this plugin a revamp in February sometime, so will give your suggestions and bug reports some attention then.

    cheers,
    Ross

    Thread Starter Hrohh

    (@hrohh)

    8 years, 3 months ago

    also I have some trouble with plugins, which add some columns (Anything Order, My Admin Bookmarks, Peters Post Notes)
    so my filter is

    add_filter('manage_' . self::POST_TYPE . '_posts_columns', array($this, 'adminManageColumns'), PHP_INT_MAX);
add_action('manage_' . self::POST_TYPE . '_posts_custom_column', array($this, 'adminManageCustomColumn'), 10, 2);
add_filter('manage_edit-' . self::POST_TYPE . '_columns', array($this, 'adminManageColumns'), PHP_INT_MAX);

public function adminManageColumns($posts_columns) {

	$posts_columns = array_intersect_key( $posts_columns, array_flip( array('date') ) );

	$posts_columns['_log_emails_title'] = _x('Subject', 'email subject', 'log-emails');
	$posts_columns['_log_emails_log_to'] = _x('Recipients', 'email recipients (To:)', 'log-emails');
	$posts_columns = array_merge(array_flip(array('_log_emails_title', '_log_emails_log_to', 'date')), $posts_columns);

	return $posts_columns;
}
    Thread Starter Hrohh

    (@hrohh)

    8 years, 3 months ago

    for XSS, maybe remove iframes, javascript and only allow insert files from internet with *.jpg, *.gif, *.png, so some preg replace to looking for tags and remove them.

    Im using MyMail plugin, which send newsletters with nice template compatible with Outlook, Thunderbird, Gmail etc..

    Thread Starter Hrohh

    (@hrohh)

    8 years, 1 month ago

    fix for checkbox ->

    $posts_columns = array_intersect_key( $posts_columns, array_flip( array('cb','date') ) );
$posts_columns = array_merge(array_flip(array('cb', '_log_emails_title', '_log_emails_log_to', 'date')), $posts_columns);

    and in mymail presend fix for array

    add_action('mymail_presend','mymail_log_email' );
$fields['_log_emails_log_to'] = reset($email->to);

    in register_post_type you have in ‘capabilities’ ‘do_not_allow’..why? it should be simply false

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘some improvement’ is closed to new replies.