Commit 22c4ba5b authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Escape body of html emails (bug #772860)



Change-Id: I139ed268e27634507f56ab66ee0a097371493274
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent bee83251
......@@ -1122,7 +1122,7 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
// Email
$this->users[0]->htmlmessage = get_string_from_language(
$lang, 'feedbackdeletedhtml', 'artefact.comment',
$title, $removedbyline, $body, $this->url, $title
hsc($title), $removedbyline, clean_html($body), $this->url, hsc($title)
);
$this->users[0]->emailmessage = get_string_from_language(
$lang, 'feedbackdeletedtext', 'artefact.comment',
......@@ -1147,7 +1147,7 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
$this->users[0]->htmlmessage = get_string_from_language(
$lang, 'feedbacknotificationhtml', 'artefact.comment',
$authorname, $title, $posttime, $body, $this->url
hsc($authorname), hsc($title), $posttime, clean_html($body), $this->url
);
$this->users[0]->emailmessage = get_string_from_language(
$lang, 'feedbacknotificationtext', 'artefact.comment',
......
......@@ -781,6 +781,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
$this->message = strip_tags(str_shorten_html($post->body, 200, true)); // For internal notifications.
$post->textbody = trim(html2text($post->body));
$post->htmlbody = clean_html($post->body);
$this->url = get_config('wwwroot') . 'interaction/forum/topic.php?id=' . $post->topicid . '#post' . $this->postid;
$this->add_urltext(array(
......@@ -822,10 +823,10 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
$unsubscribeid = $post->{$user->subscribetype . 'id'};
$unsubscribelink = get_config('wwwroot') . 'interaction/forum/unsubscribe.php?' . $user->subscribetype . '=' . $unsubscribeid . '&key=' . $user->unsubscribekey;
return get_string_from_language($user->lang, 'forumposthtmltemplate', 'interaction.forum',
$post->subject ? $post->subject : get_string_from_language($user->lang, 're', 'interaction.forum', $post->topicsubject),
display_name($post->poster, $user),
$post->subject ? hsc($post->subject) : get_string_from_language($user->lang, 're', 'interaction.forum', hsc($post->topicsubject)),
hsc(display_name($post->poster, $user)),
$post->posttime,
$post->body,
$post->htmlbody,
$this->url,
$unsubscribelink,
$user->subscribetype
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment