Skip to content

Commit

Permalink
[4.4] Escape unsafe tags in mail copy to sender and notification to a…
Browse files Browse the repository at this point in the history 
…dmin and don't escape custom email fields (#43981)

* Escape also copy to sender in contact form email

* Escape also new user notification email to admins

* Remove customfields from unsafe tags
  • Loading branch information
@richard67
richard67 authored Aug 26, 2024
1 parent ddf3f3b commit 2d7667e
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
3 changes: 2 additions & 1 deletion components/com_contact/src/Controller/ContactController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,7 +271,7 @@ private function _sendEmail($data, $contact, $emailCopyToSender)
$mailer->addRecipient($contact->email_to);
$mailer->setReplyTo($templateData['email'], $templateData['name']);
$mailer->addTemplateData($templateData);
$mailer->addUnsafeTags(['name', 'email', 'body', 'customfields']);
$mailer->addUnsafeTags(['name', 'email', 'body']);
$sent = $mailer->send();

// If we are supposed to copy the sender, do so.
Expand All @@ -280,6 +280,7 @@ private function _sendEmail($data, $contact, $emailCopyToSender)
$mailer->addRecipient($templateData['email']);
$mailer->setReplyTo($templateData['email'], $templateData['name']);
$mailer->addTemplateData($templateData);
$mailer->addUnsafeTags(['name', 'email', 'body']);
$sent = $mailer->send();
}
} catch (MailDisabledException | phpMailerException $exception) {
Expand Down
1 change: 1 addition & 0 deletions components/com_users/src/Model/RegistrationModel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -555,6 +555,7 @@ public function register($temp)
$mailer = new MailTemplate('com_users.registration.admin.new_notification', $app->getLanguage()->getTag());
$mailer->addTemplateData($data);
$mailer->addRecipient($row->email);
$mailer->addUnsafeTags(['username', 'name']);
$return = $mailer->send();
} catch (\Exception $exception) {
try {
Expand Down

0 comments on commit 2d7667e

Please sign in to comment.