Skip to content

Commit cc57281

Browse files
Merge pull request #525 from OCSInventory-NG/notification-improvement
Notification improvement
2 parents 148d6bc + ba03a8d commit cc57281

File tree

5 files changed

+68
-16
lines changed

5 files changed

+68
-16
lines changed

Diff for: plugins/language/en_GB/en_GB.txt

100755100644
+2
Original file line numberDiff line numberDiff line change
@@ -1543,3 +1543,5 @@
15431543
8017 This file is not an html file
15441544
8018 Subject
15451545
8019 Notification OCSInventory
1546+
8020 WARNING : Mail template file not found
1547+
8021 The uploaded file need to have .html extension to be valid

Diff for: plugins/language/fr_FR/fr_FR.txt

+2
Original file line numberDiff line numberDiff line change
@@ -1541,3 +1541,5 @@
15411541
8016 Ici vous pouvez télécharger votre modèle de notification personnalisé:</br>• Le fichier doit être un fichier html.</br></br>Informations:</br>• Pour avoir les traduction mettez {{g.(numéro de la traduction)}} dans votre code html - Exemple: {{g.49}} = Nom</br>• Pour le moment vous disposez de deux choix de rapport d'inventaire: </br> {{Report.Software}} - Nombre de logiciels par catégorie de logiciel </br> {{Report.Asset}} - Nombre de machines par catégorie d'actifs
15421542
8017 Ce fichier n'est pas un fichier html
15431543
8018 Sujet
1544+
8020 WARNING : Fichier de template personnalisé non trouvé
1545+
8021 Le fichier upload doit avoir pour extension .html

Diff for: plugins/main_sections/ms_config/ms_notification.php

+4-1
Original file line numberDiff line numberDiff line change
@@ -192,10 +192,13 @@
192192

193193
//Perso
194194
$info = $mail->get_all_information('PERSO');
195+
$output = $mail->replace_value($mail->get_template_perso(), 'PERSO');
196+
if(!$output){
197+
$output = $l->g(8020);
198+
}
195199
echo "<div id=perso_mail ".$style_perso.">";
196200
echo "<div class='form-group'><label class='control-label col-sm-2' for='subject'>".$l->g(8018)."</label><div class='col-sm-8'>
197201
<input type='text' class='form-control' id='subject' name='subject' size='50' maxlength='255' value='".$info['PERSO']['SUBJECT']."'/></div></div>";
198-
$output = $mail->replace_value($mail->get_template_perso(), 'PERSO');
199202
echo $output;
200203
echo "</div>";
201204

Diff for: require/mail/NotificationMail.php

+49-15
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,8 @@ class NotificationMail
4848
);
4949
private $week = array('MON' => 'MON', 'TUE' => 'TUE', 'WED' => 'WED', 'THURS' => 'THURS', 'FRI' => 'FRI', 'SAT' => 'SAT', 'SUN' => 'SUN');
5050

51+
const HTML_EXT = 'html';
52+
5153
public function __construct($language){
5254
global $l;
5355
$l = new language($language);
@@ -180,20 +182,27 @@ public function config_mailer(){
180182
* @return void
181183
*/
182184
public function send_notification($subject, $body, $altBody = '', $selected, $isHtml = false ){
183-
$body = $this->replace_value($body, $selected);
184-
try{
185-
// Content
186-
$this->notif->isHTML(false);
187-
$this->notif->Subject = $subject;
188-
$this->notif->Body = $body;
189-
$this->notif->AltBody = $altBody;
190-
191-
$this->notif->send();
192-
error_log('Message has been sent');
193-
} catch (Exception $e) {
194-
$msg = 'Message could not be sent. Mailer Error: '. $mail->ErrorInfo;
195-
error_log($msg);
196-
}
185+
186+
$body = $this->replace_value($body, $selected);
187+
188+
if(!$body){
189+
error_log('Error reading custom template');
190+
return false;
191+
}
192+
193+
try{
194+
// Content
195+
$this->notif->isHTML(false);
196+
$this->notif->Subject = $subject;
197+
$this->notif->Body = $body;
198+
$this->notif->AltBody = $altBody;
199+
200+
$this->notif->send();
201+
error_log('Message has been sent');
202+
} catch (Exception $e) {
203+
$msg = 'Message could not be sent. Mailer Error: '. $mail->ErrorInfo;
204+
error_log($msg);
205+
}
197206
}
198207

199208
/**
@@ -214,7 +223,11 @@ public function replace_value($file, $selected){
214223
if($selected == 'DEFAULT'){
215224
$template = file_get_contents(TEMPLATE.'OCS_template.html', true);
216225
}else{
217-
$template = file_get_contents($file, true);
226+
if(file_exists($file)){
227+
$template = file_get_contents($file, true);
228+
}else{
229+
return false;
230+
}
218231
}
219232

220233
if(strpos($template, "{{") !== false){
@@ -263,6 +276,11 @@ public function replace_value($file, $selected){
263276
public function upload_file($file, $subject){
264277
global $l;
265278
$uploadFile = TEMPLATE . basename($file['template']['name']);
279+
280+
if(!$this->is_html_extension($uploadFile)){
281+
msg_error($l->g(8021));
282+
return false;
283+
}
266284

267285
if($file['template']['type'] == 'text/html'){
268286
if (move_uploaded_file($_FILES['template']['tmp_name'], $uploadFile)) {
@@ -280,6 +298,22 @@ public function upload_file($file, $subject){
280298
return false;
281299
}
282300
}
301+
302+
/**
303+
* Check if file respect naming convention
304+
* And have extension .html
305+
*
306+
* @param array $uploaded_file
307+
*/
308+
private function is_html_extension($uploaded_file_name){
309+
$ext = end((explode(".", $uploaded_file_name)));
310+
var_dump($ext);
311+
if($ext == self::HTML_EXT){
312+
return true;
313+
}else{
314+
return false;
315+
}
316+
}
283317

284318
/**
285319
* Get directory template perso

Diff for: templates/.htaccess

+11
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
# Prevent direct access to folder
2+
3+
# Apache 2.2
4+
<IfModule !mod_authz_core.c>
5+
Deny from all
6+
</IfModule>
7+
8+
# Apache 2.4
9+
<IfModule mod_authz_core.c>
10+
Require all denied
11+
</IfModule>

0 commit comments

Comments
 (0)