Fix issue #201

[mirkos93]

• Added domains_in_content to the SentEmail model: This field will store a list of domains that are allowed to be clicked on in emails. This will help to prevent users from clicking on malicious links.
• Implemented a second check in MailTrackerController: This check will make sure that the domain of the link where the user is trying to go is actually in the domains_in_content list. If it is not, then the user will be redirected to the config('mail-tracker.redirect-missing-links-to') URL.

[jdavidbakr]

I like this concept - there are a couple of changes I'd like to see to this PR:

• If domains_in_context is empty it should ignore this check to ensure backwards compatibility for anyone who doesn't set it
• Be sure to add this to the test suite
• I didn't notice any changes to the default config file to include this new attribute
• Also please update the readme to include instructions about how to use this

[mirkos93]

If domains_in_context is empty it should ignore this check to ensure backwards compatibility for anyone who doesn't set it

I renamed domains_in_content to domains_in_context and added a check for empty($tracker->domains_in_context), although I believe that the linkClicked function cannot be called (logically speaking) if domains_in_context is empty, as this would mean that there are no domains in the content of the email. Please let me know if I'm misreading what you asked.

Be sure to add this to the test suite

I added the test MailTrackerTest.php it_redirects_to_fallback_for_invalid_domain, and I also modified and renamed the test it_redirects_even_if_no_sent_email_exists to it_redirects_to_fallback_if_the_sent_email_does_not_exists because, at least in the pull request I created, for security reasons, there should be no redirects that can be arbitrarily modified

I didn't notice any changes to the default config file to include this new attribute

There should be no need to add changes to the configuration file: mail-tracker.redirect-missing-links-to is already present in the configuration file.

Also please update the readme to include instructions about how to use this

I don't think there are any specific instructions to implement in the README, because this change cannot be disabled, it is a small security measure that ensures that redirects are always consistent with the body of the reference email.

[jdavidbakr]

Ok, I see what you did, I didn't fully understand it. I do like what you did. I'll take a closer look at it when I get a chance before merging it but I think it's going to work.