Closed justingit closed 2 years ago
This actually works, except for very specific times. For example, the following can work as an unsubscription link,
<!-- tmpl_var list_unsubscribe_link -->
The HTML entities are, "fixed" before being parsed, but not before the template sanity test is done. So, if someone writes,
<!-- tmpl_var list_unsubscribe_link __>
The message will try to be sent, but will fail. Unescaping these template tags is done in, DADA::App::FormatMessages::Filters::UnescapeTemplateTags::unescape_template_tags, which still should have been called (round about-ly) to have this check done, so hmm.
This problem can be recreated without using send url, but just pasting the bad link in the regular HTML text box.
OK, the problem isn't that the unescape template tags isn't done before template validation, it's that there is an issue with unescaping the template tags. If the lines don't wrap correctly, the template tags will be unescaped incorrectly.
This may just mean the regex needs to match multiple lines.
I still don't understand why the template tag would be unescaped, as it doesn't match the regex,
$str =~ s/(<!--(\s+)tmpl_)(.*?)(-->)/<!-- tmpl_$3-->/gs;
$str =~ s/(<!--(\s+)TMPL_)(.*?)(-->)/<!-- TMPL_$3-->/gs;
My guess is that one of the HTML Tree Parsers(?) is turning unescaping the tag, before the template validator can see it?
This str will cause problems, but will get past the template validator,
This is all that's needed:
<a href="<!-- tmpl_var list_unsubscribe_link __>">blah</a>
This has been fixed in v11.18.1
If there's any template syntax errors in messages grabbed from a URL, they need to be shown before you try to send them out as a mass message. If you don't, a mass mailing will fail in mysterious ways to the end use