Commit 1c022eed authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Remove unnecessary sanitisation from forum notifications (bug #882894)

In commit 93c012f2

, the forum and group name were added to the body
of forum post email notifications, each wrapped in a call to
clean_html (htmlpurifier).  This crashes cron due to out-of-memory
errors whenever there are more than a few subscribers, and stops
notifications from being sent out at all.

The forum and group name only need to be rendered once per forum post,
so this could be fixed by moving the clean_html call up to the
activity constructor, rather than doing it in the get_emailmessage,
get_htmlmessage functions.  These functions get called for every
single subscriber notification, to ensure the string is displayed in
the subscriber's language.

But because group and forum names are never rendered as html, we don't
need to use htmlpurifier - html escaping is more appropriate and less
memory-hungry.

Change-Id: I0a4133b0a11e0e0004bdab1c29984ab4fc5dfbbf
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 10b13ad2
......@@ -827,11 +827,9 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
$post = $this->temp->post;
$unsubscribeid = $post->{$user->subscribetype . 'id'};
$unsubscribelink = get_config('wwwroot') . 'interaction/forum/unsubscribe.php?' . $user->subscribetype . '=' . $unsubscribeid . '&key=' . $user->unsubscribekey;
$cleanforumname = str_replace('"', "'", strip_tags($post->forumtitle));
$cleangroupname = str_replace('"', "'", strip_tags($post->groupname));
return get_string_from_language($user->lang, 'forumposttemplate', 'interaction.forum',
$cleanforumname,
$cleangroupname,
$post->forumtitle,
$post->groupname,
$post->textbody,
get_config('wwwroot') . $this->url,
$user->subscribetype,
......@@ -843,11 +841,9 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
$post = $this->temp->post;
$unsubscribeid = $post->{$user->subscribetype . 'id'};
$unsubscribelink = get_config('wwwroot') . 'interaction/forum/unsubscribe.php?' . $user->subscribetype . '=' . $unsubscribeid . '&key=' . $user->unsubscribekey;
$cleanforumname = str_replace('"', "'", clean_html($post->forumtitle));
$cleangroupname = str_replace('"', "'", clean_html($post->groupname));
return get_string_from_language($user->lang, 'forumposthtmltemplate', 'interaction.forum',
$cleanforumname,
$cleangroupname,
hsc($post->forumtitle),
hsc($post->groupname),
$post->htmlbody,
get_config('wwwroot') . $this->url,
$unsubscribelink,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment