diff --git a/CHANGELOG.md b/CHANGELOG.md index af4435de..66f6bec4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Release Notes for Campaign +## 2.12.2 - Unreleased + +### Security + +- Improved escaping of table values in the plugins settings. +- Removed the ability to use `contact` and `mailingList` variables in sendout subjects. + ## 2.12.1 - 2024-01-08 ### Changed diff --git a/composer.json b/composer.json index 82a7b572..2dd014a0 100644 --- a/composer.json +++ b/composer.json @@ -1,7 +1,7 @@ { "name": "putyourlightson/craft-campaign", "description": "Send and manage email campaigns, contacts and mailing lists.", - "version": "2.12.1", + "version": "2.12.2", "type": "craft-plugin", "homepage": "https://putyourlightson.com/plugins/campaign", "license": "proprietary", diff --git a/src/services/SendoutsService.php b/src/services/SendoutsService.php index d6b9c24c..e074cee5 100755 --- a/src/services/SendoutsService.php +++ b/src/services/SendoutsService.php @@ -190,9 +190,6 @@ public function sendTest(SendoutElement $sendout, ContactElement $contact): bool // Set the current site from the sendout's site ID Craft::$app->getSites()->setCurrentSite($sendout->siteId); - // Get subject - $subject = Craft::$app->getView()->renderString($sendout->subject, ['contact' => $contact]); - // Get body, catching template rendering errors try { $htmlBody = $campaign->getHtmlBody($contact, $sendout); @@ -213,7 +210,7 @@ public function sendTest(SendoutElement $sendout, ContactElement $contact): bool $message = Campaign::$plugin->mailer->compose() ->setFrom([$sendout->fromEmail => $sendout->fromName]) ->setTo($contact->email) - ->setSubject('[Test] ' . $subject) + ->setSubject('[Test] ' . $sendout->subject) ->setHtmlBody($htmlBody) ->setTextBody($plaintextBody); @@ -277,12 +274,6 @@ public function sendEmail(SendoutElement $sendout, ContactElement $contact, int $mailingList = $mailingListId ? $this->_getMailingListById($mailingListId) : null; - // Get subject - $subject = Craft::$app->getView()->renderString($sendout->subject, [ - 'contact' => $contact, - 'mailingList' => $mailingList, - ]); - // Get body, catching template rendering errors try { $htmlBody = $campaign->getHtmlBody($contact, $sendout, $mailingList); @@ -317,7 +308,7 @@ public function sendEmail(SendoutElement $sendout, ContactElement $contact, int $message = Campaign::$plugin->mailer->compose() ->setFrom([$sendout->fromEmail => $sendout->fromName]) ->setTo($contact->email) - ->setSubject($subject) + ->setSubject($sendout->subject) ->setHtmlBody($htmlBody) ->setTextBody($plaintextBody); diff --git a/src/templates/_settings/campaigntypes/index.twig b/src/templates/_settings/campaigntypes/index.twig index b90b7cf4..7e44d7f6 100644 --- a/src/templates/_settings/campaigntypes/index.twig +++ b/src/templates/_settings/campaigntypes/index.twig @@ -32,7 +32,6 @@ {% for campaignType in craft.campaign.getAllCampaignTypes() %} {% set tableData = tableData|merge([{ id: campaignType.id, - name: campaignType.name|e, title: campaignType.name|e, url: campaignType.cpEditUrl, handle: campaignType.handle|e, diff --git a/src/templates/_settings/mailinglisttypes/index.twig b/src/templates/_settings/mailinglisttypes/index.twig index d03f8ba6..301a6ec6 100644 --- a/src/templates/_settings/mailinglisttypes/index.twig +++ b/src/templates/_settings/mailinglisttypes/index.twig @@ -31,7 +31,6 @@ {% for mailingListType in craft.campaign.getAllMailingListTypes() %} {% set tableData = tableData|merge([{ id: mailingListType.id, - name: mailingListType.name|e, title: mailingListType.name|e, url: mailingListType.cpEditUrl, handle: mailingListType.handle|e,