[ofbiz-plugins] branch trunk updated: Fixed: Link in verification email for Newsletter gives security error (OFBIZ-9804)
Locked
[ofbiz-plugins] branch trunk updated: Fixed: Link in verification email for Newsletter gives security error (OFBIZ-9804)
 
|
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git The following commit(s) were added to refs/heads/trunk by this push: new 045f97b Fixed: Link in verification email for Newsletter gives security error (OFBIZ-9804) 045f97b is described below commit 045f97b9563f26a3c81260154837cb7ca27687e5 Author: Jacques Le Roux <[hidden email]> AuthorDate: Sun Nov 10 10:59:01 2019 +0100 Fixed: Link in verification email for Newsletter gives security error (OFBIZ-9804) Changes ContactListEmailTemplate.ftl to also use GET. Because we dont' want a form to ask, but only to hide parameters. See details in Jira. Handles the emails also in ecomseo after OFBIZ-11278 I have still to see why I get this message at the end of the process: "Invalid verify code for the New Product Announcements" ie when using the link in the last (3rd) email: "Subscribe Contact List New Product Announcements" This will be another Jira..! --- .../template/email/ContactListEmailTemplate.ftl | 22 +++++++++------------- .../template/email/ContactListSubscribeEmail.ftl | 4 +++- .../template/email/ContactListUnsubscribeEmail.ftl | 7 ------- .../email/ContactListUnsubscribeVerifyEmail.ftl | 3 +++ .../template/email/ContactListVerifyEmail.ftl | 3 +++ 5 files changed, 18 insertions(+), 21 deletions(-) diff --git a/ecommerce/template/email/ContactListEmailTemplate.ftl b/ecommerce/template/email/ContactListEmailTemplate.ftl index eb0fed5..71ee21e 100644 --- a/ecommerce/template/email/ContactListEmailTemplate.ftl +++ b/ecommerce/template/email/ContactListEmailTemplate.ftl @@ -21,18 +21,14 @@ under the License. <div> ${content} </div> - <#assign verifyUrl = baseEcommerceSecureUrl + "updateContactListPartyNoUserLogin" /> - <form method="post" action="${verifyUrl}"> - <fieldset> - <label>E-mail: ${emailAddress}</label> - <input type="hidden" name="contactListId" value="${contactListId}"/> - <input type="hidden" name="partyId" value="${partyId}"/> - <input type="hidden" name="preferredContactMechId" value="${preferredContactMechId!}"/> - <input type="hidden" name="fromDate" value="${fromDate}"/> - <input type="hidden" name="statusId" value="CLPT_UNSUBS_PENDING"/> - <input type="hidden" name="optInVerifyCode" value="${optInVerifyCode!}"/> - <input type="submit" name="submitButton" value="Click here to unsubscribe your newsletter subscription."/> - </fieldset> - </form> + <#if baseLocation == "/ecomseo"> + <#assign baseLocation = "/ecommerce"> + </#if> + <#assign verifyUrl = baseEcommerceSecureUrl +'updateContactListPartyNoUserLogin?contactListId='+contactListId+'&partyId='+partyId+'&fromDate='+fromDate+'&statusId=CLPT_UNSUBS_PENDING&optInVerifyCode='+optInVerifyCode+'&baseLocation='+baseLocation!> + <#if preferredContactMechId??> + <#assign verifyUrl= verifyUrl+"&preferredContactMechId="+preferredContactMechId> + </#if> + <a href="${verifyUrl}">Click here to unsubscribe your newsletter subscription.</a> + </body> </html> diff --git a/ecommerce/template/email/ContactListSubscribeEmail.ftl b/ecommerce/template/email/ContactListSubscribeEmail.ftl index 52149a0..ab8896a 100644 --- a/ecommerce/template/email/ContactListSubscribeEmail.ftl +++ b/ecommerce/template/email/ContactListSubscribeEmail.ftl @@ -20,7 +20,9 @@ under the License. <body> <p>Hello ${partyName.firstName!} ${partyName.lastName!} ${partyName.groupName!}!</p> <p>Successfully subscribed from ${contactList.contactListName} contact list.</p> - + <#if baseLocation == "/ecomseo"> + <#assign baseLocation = "/ecommerce"> + </#if> <#assign verifyUrl = baseEcommerceSecureUrl +'updateContactListPartyNoUserLogin?contactListId='+contactListParty.contactListId+'&partyId='+contactListParty.partyId+'&fromDate='+contactListParty.fromDate+'&statusId=CLPT_UNSUBS_PENDING&optInVerifyCode='+contactListPartyStatus.optInVerifyCode+'&baseLocation='+baseLocation!> <#if (contactListParty.preferredContactMechId)??> <#assign verifyUrl= verifyUrl+"&preferredContactMechId="+contactListParty.preferredContactMechId> diff --git a/ecommerce/template/email/ContactListUnsubscribeEmail.ftl b/ecommerce/template/email/ContactListUnsubscribeEmail.ftl index 2ea24e2..09c7140 100644 --- a/ecommerce/template/email/ContactListUnsubscribeEmail.ftl +++ b/ecommerce/template/email/ContactListUnsubscribeEmail.ftl @@ -20,12 +20,5 @@ under the License. <body> <p>Hello ${partyName.firstName!} ${partyName.lastName!} ${partyName.groupName!}!</p> <p>Successfully unsubscribed from ${contactList.contactListName} contact list.</p> - - <#--assign verifyUrl = baseEcommerceSecureUrl +'updateContactListPartyNoUserLogin?contactListId='+contactListParty.contactListId+'&partyId='+contactListParty.partyId+'&fromDate='+contactListParty.fromDate+'&statusId=CLPT_SUBS_PENDING&optInVerifyCode='+contactListPartyStatus.optInVerifyCode+'&baseLocation='+baseLocation!> - <#if (contactListParty.preferredContactMechId)??> - <#assign verifyUrl= verifyUrl+"&preferredContactMechId="+contactListParty.preferredContactMechId> - </#if> - <a href="${verifyUrl}">If this was by mistake, click here subscribe again.</a--> - </body> </html> diff --git a/ecommerce/template/email/ContactListUnsubscribeVerifyEmail.ftl b/ecommerce/template/email/ContactListUnsubscribeVerifyEmail.ftl index 86ef198..d87f6c1 100644 --- a/ecommerce/template/email/ContactListUnsubscribeVerifyEmail.ftl +++ b/ecommerce/template/email/ContactListUnsubscribeVerifyEmail.ftl @@ -32,6 +32,9 @@ under the License. <p>We have received a request for unsubscription to the ${contactList.contactListName} contact list.</p> <p>To complete your unsubscription click the on the following link:</p> + <#if baseLocation == "/ecomseo"> + <#assign baseLocation = "/ecommerce"> + </#if> <#assign verifyUrl = baseEcommerceSecureUrl+'contactListOptOut?contactListId='+contactListParty.contactListId+'&communicationEventId='+communicationEventId!+'&partyId='+contactListParty.partyId+'&fromDate='+contactListParty.fromDate+'&statusId=CLPT_UNSUBSCRIBED&optInVerifyCode='+contactListPartyStatus.optInVerifyCode> <#if (contactListParty.preferredContactMechId)??> <#assign verifyUrl= verifyUrl+"&preferredContactMechId="+contactListParty.preferredContactMechId> diff --git a/ecommerce/template/email/ContactListVerifyEmail.ftl b/ecommerce/template/email/ContactListVerifyEmail.ftl index 1ce8965..78c322d 100644 --- a/ecommerce/template/email/ContactListVerifyEmail.ftl +++ b/ecommerce/template/email/ContactListVerifyEmail.ftl @@ -32,6 +32,9 @@ under the License. <p>We have received a request for subscription to the ${contactList.contactListName} contact list.</p> <p>To complete your subscription click the on the following link:</p> + <#if baseLocation == "/ecomseo"> + <#assign baseLocation = "/ecommerce"> + </#if> <#assign verifyUrl = baseEcommerceSecureUrl+'/'+'updateContactListPartyNoUserLogin?contactListId='+contactListParty.contactListId+'&partyId='+contactListParty.partyId+'&fromDate='+contactListParty.fromDate+'&statusId=CLPT_ACCEPTED&optInVerifyCode='+contactListPartyStatus.optInVerifyCode+'&baseLocation='+baseLocation!> <#if (contactListParty.preferredContactMechId)??> <#assign verifyUrl= verifyUrl+"&preferredContactMechId="+contactListParty.preferredContactMechId> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |