Skip to content

Commit

Permalink
Sanitize Mass Message from admin panel
Browse files Browse the repository at this point in the history
  • Loading branch information
fuzegit committed Dec 14, 2023
1 parent 2c9aec8 commit 1d9205b
Showing 1 changed file with 20 additions and 27 deletions.
47 changes: 20 additions & 27 deletions system/controllers/messages/backend/actions/pmailing.php
Expand Up @@ -6,37 +6,36 @@ public function run($group_id = 0) {

$form = $this->getForm('pmailing');

$mailing = array('groups' => array($group_id));
$mailing = ['groups' => [$group_id]];

if ($this->request->has('submit')) {

$mailing = $form->parse($this->request, true);

$errors = $form->validate($this, $mailing);

if($mailing['sender_user_email']){
if ($mailing['sender_user_email']) {

$user = $this->model_users->getUserByEmail($mailing['sender_user_email']);
if(!$user && !$errors){
if (!$user && !$errors) {
$errors['sender_user_email'] = ERR_USER_NOT_FOUND;
}

}

if (!$errors) {

$sender = !empty($user['id']) ? $user : $this->cms_user;
$sender_id = is_object($sender) ? $sender->id : $sender['id'];
$sender = !empty($user['id']) ? $user : $this->cms_user;
$sender_id = is_object($sender) ? $sender->id : $sender['id'];
$sender_nickname = is_object($sender) ? $sender->nickname : $sender['nickname'];

if ($mailing['groups']) {
$this->model_users->filterGroups($mailing['groups']);
}

$recipients = $this->model_users->
filterIsNull('is_locked')->
filterIsNull('is_deleted')->
limit(false)->getUsersIds();
filterIsNull('is_locked')->
filterIsNull('is_deleted')->
limit(false)->getUsersIds();

if ($recipients) {
if (isset($recipients[$sender_id])) {
Expand All @@ -48,51 +47,48 @@ public function run($group_id = 0) {

$this->controller_messages->addRecipients(array_keys($recipients))->setSender($sender_id);

$mailing['message_text'] = cmsEventsManager::hook('html_filter', $mailing['message_text']);

if ($mailing['type'] === 'message') {

$messages_ids = $this->controller_messages->sendMessage($mailing['message_text']);

$count = is_array($messages_ids) ? count($messages_ids) : ($messages_ids ? 1 : 0);

if($count){
if ($count) {

$this->controller_messages->clearRecipients();

foreach ($recipients as $user_id) {

if($this->model->getNewMessagesCount($user_id) == 1){
if ($this->model->getNewMessagesCount($user_id) == 1) {
$this->controller_messages->addRecipient($user_id);
}

}

$this->controller_messages->sendNoticeEmail('messages_new', array(
$this->controller_messages->sendNoticeEmail('messages_new', [
'user_url' => href_to_profile($sender, false, true),
'user_nickname' => $sender_nickname,
'message' => strip_tags($mailing['message_text'])
));

]);
}

}

if ($mailing['type'] === 'notify') {

$mailing['message_text'] = cmsEventsManager::hook('html_filter', $mailing['message_text']);

$notices_ids = $this->controller_messages->sendNoticePM(array(
'content' => $mailing['message_text']
));

$count = is_array($notices_ids) ? count($notices_ids) : ($notices_ids ? 1 : 0);

}

if ($mailing['type'] === 'email') {

$emails = $this->model_users->
filterIn('id', array_keys($recipients))->
limit(false)->selectOnly('i.email', 'email')->select('nickname')->get('{users}', function($user){
limit(false)->selectOnly('i.email', 'email')->select('nickname')->
get('{users}', function ($user) {
return $user['nickname'];
}, 'email');

Expand All @@ -107,29 +103,26 @@ public function run($group_id = 0) {

cmsUser::addSessionMessage(sprintf(
LANG_PM_PMAILING_SENDED,
html_spellcount($count, string_lang('LANG_PM_'.$mailing['type']), false, false, 0)
html_spellcount($count, string_lang('LANG_PM_' . $mailing['type']), false, false, 0)
), ($count ? 'success' : 'info'));

}

if (!$recipients) {
cmsUser::addSessionMessage(LANG_PM_PMAILING_NOT_RECIPIENTS, 'info');
}

$this->redirectToAction('pmailing', ($group_id ? $group_id : false));

return $this->redirectToAction('pmailing', ($group_id ? $group_id : false));
}

if ($errors) {
cmsUser::addSessionMessage(LANG_FORM_ERRORS, 'error');
}
}

return $this->cms_template->render('backend/pmailing', array(
return $this->cms_template->render('backend/pmailing', [
'mailing' => $mailing,
'form' => $form,
'errors' => isset($errors) ? $errors : false
));
]);
}

}

0 comments on commit 1d9205b

Please sign in to comment.