Projet

Général

Profil

0001-misc-use-non-autoescaping-template-render-for-email-.patch

Benjamin Dauvergne, 24 février 2021 22:57

Télécharger (15,9 ko)

Voir les différences:

Subject: [PATCH] misc: use non-autoescaping template render for email text
 bodies and subjects (#51374)

 .../manager/user_change_email_notification_body.txt  |  4 ++--
 .../user_change_email_notification_subject.txt       |  2 +-
 .../authentic2/account_delete_notification_body.txt  |  3 +--
 .../account_delete_notification_subject.txt          |  2 +-
 .../authentic2/account_deletion_code_body.txt        |  3 +--
 .../authentic2/account_deletion_code_subject.txt     |  2 +-
 .../authentic2/change_email_notification_body.txt    |  4 ++--
 .../authentic2/change_email_notification_subject.txt |  2 +-
 .../authentic2/registration_success_body.txt         |  4 +---
 .../authentic2/registration_success_subject.txt      |  2 +-
 .../authentic2/unused_account_alert_body.txt         |  5 +----
 .../authentic2/unused_account_alert_subject.txt      |  7 +------
 .../authentic2/unused_account_delete_body.txt        |  8 ++------
 .../authentic2/unused_account_delete_subject.txt     |  2 +-
 .../templates/registration/activation_email.txt      |  4 ++--
 .../registration/activation_email_subject.txt        |  2 +-
 .../registration/password_reset_subject.txt          |  4 +---
 src/authentic2/utils/__init__.py                     | 12 +++++++++---
 18 files changed, 30 insertions(+), 42 deletions(-)
src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_body.txt
1
{% load i18n %}{% autoescape off %}{% if email_is_not_unique%}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} !
1
{% load i18n %}{% if email_is_not_unique%}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} !
2 2

  
3 3
An administrator requested for changing your email on {{ domain }} from:
4 4

  
......
32 32
This link will be valid for {{ token_lifetime }}.
33 33

  
34 34
--
35
{{ domain }}{% endblocktrans %}{% endif %}{% endautoescape %}
35
{{ domain }}{% endblocktrans %}{% endif %}
src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_subject.txt
1
{% load i18n %}{% autoescape off %}{% blocktrans %}Change email on {{ domain }} requested by an administrator{% endblocktrans %}{% endautoescape %}
1
{% load i18n %}{% blocktrans %}Change email on {{ domain }} requested by an administrator{% endblocktrans %}
src/authentic2/templates/authentic2/account_delete_notification_body.txt
1
{% load i18n %}{% autoescape off %}{% blocktrans %}{{ full_name }},{% endblocktrans %}
1
{% load i18n %}{% blocktrans %}{{ full_name }},{% endblocktrans %}
2 2

  
3 3
{% blocktrans %}
4 4
Your account on {{ site }} has been deleted.
5 5
All related data will be deleted today.
6 6
You cannot log in with it anymore.
7 7
{% endblocktrans %}
8
{% endautoescape %}
src/authentic2/templates/authentic2/account_delete_notification_subject.txt
1
{% load i18n %}{% autoescape off %}{% blocktrans %}Account deletion on {{ site }}{% endblocktrans %}{% endautoescape %}
1
{% load i18n %}{% blocktrans %}Account deletion on {{ site }}{% endblocktrans %}
src/authentic2/templates/authentic2/account_deletion_code_body.txt
1
{% load i18n %}{% autoescape off %}{% blocktrans %}{{ full_name }},{% endblocktrans %}
1
{% load i18n %}{% blocktrans %}{{ full_name }},{% endblocktrans %}
2 2

  
3 3
{% blocktrans %}
4 4
Please click on {{ deletion_url }}
......
7 7
If so, all related data will be deleted in the next few hours.
8 8
You won't be able to log in with this account anymore.
9 9
{% endblocktrans %}
10
{% endautoescape %}
src/authentic2/templates/authentic2/account_deletion_code_subject.txt
1
{% load i18n %}{% autoescape off %}{% blocktrans %}Validate account deletion request on {{ site }}{% endblocktrans %}{% endautoescape %}
1
{% load i18n %}{% blocktrans %}Validate account deletion request on {{ site }}{% endblocktrans %}
src/authentic2/templates/authentic2/change_email_notification_body.txt
1
{% load i18n %}{% autoescape off %}{% if email_is_not_unique%}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} !
1
{% load i18n %}{% if email_is_not_unique%}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} !
2 2

  
3 3
You asked for changing your email on {{ domain }} from:
4 4

  
......
32 32
This link will be valid for {{ token_lifetime }}.
33 33

  
34 34
--
35
{{ domain }}{% endblocktrans %}{% endif %}{% endautoescape %}
35
{{ domain }}{% endblocktrans %}{% endif %}
src/authentic2/templates/authentic2/change_email_notification_subject.txt
1
{% load i18n %}{% autoescape off %}{% blocktrans %}Change email on {{ domain }}{% endblocktrans %}{% endautoescape %}
1
{% load i18n %}{% blocktrans %}Change email on {{ domain }}{% endblocktrans %}
src/authentic2/templates/authentic2/registration_success_body.txt
1
{% load i18n %}{% autoescape off %}{% blocktrans with full_name=user.get_full_name %}Hi {{ full_name }} !
1
{% load i18n %}{% blocktrans with full_name=user.get_full_name %}Hi {{ full_name }} !
2 2

  
3 3
Your registration on {{ site }} was successful!
4 4

  
......
10 10
	{% trans "Email:" %} {{ user.email }}{% if user.first_name %}
11 11
	{% trans "First name:" %} {{ user.first_name }}{% endif %}{% if user.last_name %}
12 12
	{% trans "Last name:" %} {{ user.last_name }}{% endif %}
13

  
14
{% endautoescape %}
src/authentic2/templates/authentic2/registration_success_subject.txt
1
{% load i18n %}{% autoescape off %}{% trans "You successfully registered on" %} {{ site }}{% endautoescape %}
1
{% load i18n %}{% trans "You successfully registered on" %} {{ site }}
src/authentic2/templates/authentic2/unused_account_alert_body.txt
1
{% load i18n humanize %}
2
{% autoescape off %}
3
{% blocktrans %}Hi {{ user.get_full_name }},{% endblocktrans %}
1
{% load i18n humanize %}{% blocktrans %}Hi {{ user.get_full_name }},{% endblocktrans %}
4 2

  
5 3
{% blocktrans with last_login_date=user.last_login|naturaltime %}Your last logging was {{ last_login_date }}.{% endblocktrans %}
6 4
{% blocktrans %}In order to keep your account, you must log in within {{ days_to_deletion }} days.{% endblocktrans %}
7 5
{% trans "Otherwise, it will be deleted after this time." %}
8
{% endautoescape %}
src/authentic2/templates/authentic2/unused_account_alert_subject.txt
1
{% load i18n humanize %}
2
{% autoescape off %}
3
{% blocktrans trimmed with last_login_date=user.last_login|naturaltime %}
4
Alert: {{ user.get_full_name }} your last login was {{ last_login_date }}
5
{% endblocktrans %}
6
{% endautoescape %}
1
{% load i18n humanize %}{% blocktrans trimmed with last_login_date=user.last_login|naturaltime %}Alert: {{ user.get_full_name }} your last login was {{ last_login_date }}{% endblocktrans %}
src/authentic2/templates/authentic2/unused_account_delete_body.txt
1
{% load i18n humanize %}
2
{% autoescape off %}
3
{% blocktrans with last_login_date=user.last_login|naturaltime %}
1
{% load i18n humanize %}{% blocktrans with last_login_date=user.last_login|naturaltime %}
4 2
Hi {{ user }},
5 3

  
6
Since your last logging was {{ last_login_date }}, your account has been deleted.
7
{% endblocktrans %}
8
{% endautoescape %}
4
Since your last logging was {{ last_login_date }}, your account has been deleted.{% endblocktrans %}
src/authentic2/templates/authentic2/unused_account_delete_subject.txt
1
{% load i18n %}{% autoescape off %}{% blocktrans %}Notification: {{ user }}, your account has been deleted{% endblocktrans %}{% endautoescape %}
1
{% load i18n %}{% blocktrans %}Notification: {{ user }}, your account has been deleted{% endblocktrans %}
src/authentic2/templates/registration/activation_email.txt
1
{% load i18n %}{% autoescape off %}{% if not existing_accounts %}{% blocktrans %}You requested registration on {{ site }}.
1
{% load i18n %}{% if not existing_accounts %}{% blocktrans %}You requested registration on {{ site }}.
2 2
To finish your registration, please go to:
3 3

  
4 4
  {{ registration_url }}
......
12 12
{% if expiration_days > 1 %}{% blocktrans %}Link is valid for {{ expiration_days }} days.{% endblocktrans %}
13 13
{% else %}{% blocktrans %}Link is valid for 24 hours.{% endblocktrans %}{% endif %}
14 14

  
15
{% blocktrans %}If you did not register on {{ site }}, ignore this email.{% endblocktrans %}{% endautoescape %}
15
{% blocktrans %}If you did not register on {{ site }}, ignore this email.{% endblocktrans %}
src/authentic2/templates/registration/activation_email_subject.txt
1
{% load i18n %}{% autoescape off %}{% trans "You requested registration on" %} {{ site }}{% endautoescape %}
1
{% load i18n %}{% trans "You requested registration on" %} {{ site }}
src/authentic2/templates/registration/password_reset_subject.txt
1
{% load i18n %}{% autoescape off %}
2
{% blocktrans with hostname=request.get_host %}Password reset on {{ hostname }}{% endblocktrans %}
3
{% endautoescape %}
1
{% load i18n %}{% blocktrans with hostname=request.get_host %}Password reset on {{ hostname }}{% endblocktrans %}
src/authentic2/utils/__init__.py
43 43
from django.utils.translation import ugettext as _, ungettext
44 44
from django.utils.six.moves.urllib import parse as urlparse
45 45
from django.shortcuts import resolve_url
46
from django.template.loader import render_to_string, TemplateDoesNotExist
46
from django.template.loader import render_to_string, TemplateDoesNotExist, select_template
47
from django.template.context import make_context
47 48
from django.core.mail import send_mail
48 49
from django.core import signing
49 50
from django.core.cache import cache
......
622 623
    return fields, labels
623 624

  
624 625

  
626
def render_plain_text_template_to_string(template_names, ctx, request=None):
627
    template = select_template(template_names)
628
    return template.template.render(make_context(ctx, request=request, autoescape=False))
629

  
630

  
625 631
def send_templated_mail(user_or_email, template_names, context=None, with_html=True,
626 632
                        from_email=None, request=None, legacy_subject_templates=None,
627 633
                        legacy_body_templates=None, legacy_html_body_templates=None,
......
651 657

  
652 658
    subject_template_names = [template_name + '_subject.txt' for template_name in template_names]
653 659
    subject_template_names += legacy_subject_templates or []
654
    subject = render_to_string(subject_template_names, ctx, request=request).strip()
660
    subject = render_plain_text_template_to_string(subject_template_names, ctx, request=request).strip()
655 661

  
656 662
    body_template_names = [template_name + '_body.txt' for template_name in template_names]
657 663
    body_template_names += legacy_body_templates or []
658
    body = render_to_string(body_template_names, ctx, request=request)
664
    body = render_plain_text_template_to_string(body_template_names, ctx, request=request)
659 665

  
660 666
    html_body = None
661 667
    html_body_template_names = [template_name + '_body.html' for template_name in template_names]
662
-