From f4e16a42d75a97ea266eb9b0ae7616e53981cb28 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 23 Feb 2021 16:25:37 +0100 Subject: [PATCH] misc: use non-autoescaping template render for email text bodies and subjects (#51374) --- .../user_change_email_notification_body.txt | 4 ++-- ...user_change_email_notification_subject.txt | 2 +- src/authentic2/settings.py | 22 +++++++++++++++++++ .../account_delete_notification_body.txt | 3 +-- .../account_delete_notification_subject.txt | 2 +- .../authentic2/account_deletion_code_body.txt | 3 +-- .../account_deletion_code_subject.txt | 2 +- .../change_email_notification_body.txt | 4 ++-- .../change_email_notification_subject.txt | 2 +- .../authentic2/registration_success_body.txt | 4 +--- .../registration_success_subject.txt | 2 +- .../authentic2/unused_account_alert_body.txt | 5 +---- .../unused_account_alert_subject.txt | 7 +----- .../authentic2/unused_account_delete_body.txt | 8 ++----- .../unused_account_delete_subject.txt | 2 +- .../registration/activation_email.txt | 4 ++-- .../registration/activation_email_subject.txt | 2 +- .../registration/password_reset_subject.txt | 4 +--- src/authentic2/utils/__init__.py | 4 ++-- 19 files changed, 45 insertions(+), 41 deletions(-) diff --git a/src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_body.txt b/src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_body.txt index 86135045..d6ddaa51 100644 --- a/src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_body.txt +++ b/src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_body.txt @@ -1,4 +1,4 @@ -{% load i18n %}{% autoescape off %}{% if email_is_not_unique%}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} ! +{% load i18n %}{% if email_is_not_unique%}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} ! An administrator requested for changing your email on {{ domain }} from: @@ -32,4 +32,4 @@ To validate this change please click on the following link: This link will be valid for {{ token_lifetime }}. -- -{{ domain }}{% endblocktrans %}{% endif %}{% endautoescape %} +{{ domain }}{% endblocktrans %}{% endif %} diff --git a/src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_subject.txt b/src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_subject.txt index 6fab6fa5..53bd1f6a 100644 --- a/src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_subject.txt +++ b/src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_subject.txt @@ -1 +1 @@ -{% load i18n %}{% autoescape off %}{% blocktrans %}Change email on {{ domain }} requested by an administrator{% endblocktrans %}{% endautoescape %} +{% load i18n %}{% blocktrans %}Change email on {{ domain }} requested by an administrator{% endblocktrans %} diff --git a/src/authentic2/settings.py b/src/authentic2/settings.py index cce65c88..00d1ab32 100644 --- a/src/authentic2/settings.py +++ b/src/authentic2/settings.py @@ -84,6 +84,28 @@ TEMPLATES = [ ], }, }, + { + 'NAME': 'plain_text', + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [ + os.path.join(BASE_DIR, 'templates'), + ], + 'APP_DIRS': True, + 'OPTIONS': { + 'autoescape': False, + 'context_processors': [ + 'django.contrib.auth.context_processors.auth', + 'django_rbac.context_processors.auth', + 'django.template.context_processors.debug', + 'django.template.context_processors.i18n', + 'django.template.context_processors.media', + 'django.template.context_processors.request', + 'django.contrib.messages.context_processors.messages', + 'django.template.context_processors.static', + 'authentic2.context_processors.a2_processor', + ], + }, + }, ] diff --git a/src/authentic2/templates/authentic2/account_delete_notification_body.txt b/src/authentic2/templates/authentic2/account_delete_notification_body.txt index 3184478a..4937c49a 100644 --- a/src/authentic2/templates/authentic2/account_delete_notification_body.txt +++ b/src/authentic2/templates/authentic2/account_delete_notification_body.txt @@ -1,8 +1,7 @@ -{% load i18n %}{% autoescape off %}{% blocktrans %}{{ full_name }},{% endblocktrans %} +{% load i18n %}{% blocktrans %}{{ full_name }},{% endblocktrans %} {% blocktrans %} Your account on {{ site }} has been deleted. All related data will be deleted today. You cannot log in with it anymore. {% endblocktrans %} -{% endautoescape %} diff --git a/src/authentic2/templates/authentic2/account_delete_notification_subject.txt b/src/authentic2/templates/authentic2/account_delete_notification_subject.txt index 0383ad14..bde2275f 100644 --- a/src/authentic2/templates/authentic2/account_delete_notification_subject.txt +++ b/src/authentic2/templates/authentic2/account_delete_notification_subject.txt @@ -1 +1 @@ -{% load i18n %}{% autoescape off %}{% blocktrans %}Account deletion on {{ site }}{% endblocktrans %}{% endautoescape %} +{% load i18n %}{% blocktrans %}Account deletion on {{ site }}{% endblocktrans %} diff --git a/src/authentic2/templates/authentic2/account_deletion_code_body.txt b/src/authentic2/templates/authentic2/account_deletion_code_body.txt index 892d56fe..c0d04eea 100644 --- a/src/authentic2/templates/authentic2/account_deletion_code_body.txt +++ b/src/authentic2/templates/authentic2/account_deletion_code_body.txt @@ -1,4 +1,4 @@ -{% load i18n %}{% autoescape off %}{% blocktrans %}{{ full_name }},{% endblocktrans %} +{% load i18n %}{% blocktrans %}{{ full_name }},{% endblocktrans %} {% blocktrans %} Please click on {{ deletion_url }} @@ -7,4 +7,3 @@ if you want to validate your account deletion request on If so, all related data will be deleted in the next few hours. You won't be able to log in with this account anymore. {% endblocktrans %} -{% endautoescape %} diff --git a/src/authentic2/templates/authentic2/account_deletion_code_subject.txt b/src/authentic2/templates/authentic2/account_deletion_code_subject.txt index 91226f19..74b5fa40 100644 --- a/src/authentic2/templates/authentic2/account_deletion_code_subject.txt +++ b/src/authentic2/templates/authentic2/account_deletion_code_subject.txt @@ -1 +1 @@ -{% load i18n %}{% autoescape off %}{% blocktrans %}Validate account deletion request on {{ site }}{% endblocktrans %}{% endautoescape %} +{% load i18n %}{% blocktrans %}Validate account deletion request on {{ site }}{% endblocktrans %} diff --git a/src/authentic2/templates/authentic2/change_email_notification_body.txt b/src/authentic2/templates/authentic2/change_email_notification_body.txt index fa80a9f7..841ab94c 100644 --- a/src/authentic2/templates/authentic2/change_email_notification_body.txt +++ b/src/authentic2/templates/authentic2/change_email_notification_body.txt @@ -1,4 +1,4 @@ -{% load i18n %}{% autoescape off %}{% if email_is_not_unique%}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} ! +{% load i18n %}{% if email_is_not_unique%}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} ! You asked for changing your email on {{ domain }} from: @@ -32,4 +32,4 @@ To validate this change please click on the following link: This link will be valid for {{ token_lifetime }}. -- -{{ domain }}{% endblocktrans %}{% endif %}{% endautoescape %} +{{ domain }}{% endblocktrans %}{% endif %} diff --git a/src/authentic2/templates/authentic2/change_email_notification_subject.txt b/src/authentic2/templates/authentic2/change_email_notification_subject.txt index ed727690..b6a47ed5 100644 --- a/src/authentic2/templates/authentic2/change_email_notification_subject.txt +++ b/src/authentic2/templates/authentic2/change_email_notification_subject.txt @@ -1 +1 @@ -{% load i18n %}{% autoescape off %}{% blocktrans %}Change email on {{ domain }}{% endblocktrans %}{% endautoescape %} +{% load i18n %}{% blocktrans %}Change email on {{ domain }}{% endblocktrans %} diff --git a/src/authentic2/templates/authentic2/registration_success_body.txt b/src/authentic2/templates/authentic2/registration_success_body.txt index 140db24f..53abc26e 100644 --- a/src/authentic2/templates/authentic2/registration_success_body.txt +++ b/src/authentic2/templates/authentic2/registration_success_body.txt @@ -1,4 +1,4 @@ -{% load i18n %}{% autoescape off %}{% blocktrans with full_name=user.get_full_name %}Hi {{ full_name }} ! +{% load i18n %}{% blocktrans with full_name=user.get_full_name %}Hi {{ full_name }} ! Your registration on {{ site }} was successful! @@ -10,5 +10,3 @@ You can login on: {% trans "Email:" %} {{ user.email }}{% if user.first_name %} {% trans "First name:" %} {{ user.first_name }}{% endif %}{% if user.last_name %} {% trans "Last name:" %} {{ user.last_name }}{% endif %} - -{% endautoescape %} diff --git a/src/authentic2/templates/authentic2/registration_success_subject.txt b/src/authentic2/templates/authentic2/registration_success_subject.txt index cfc922c4..da691208 100644 --- a/src/authentic2/templates/authentic2/registration_success_subject.txt +++ b/src/authentic2/templates/authentic2/registration_success_subject.txt @@ -1 +1 @@ -{% load i18n %}{% autoescape off %}{% trans "You successfully registered on" %} {{ site }}{% endautoescape %} +{% load i18n %}{% trans "You successfully registered on" %} {{ site }} diff --git a/src/authentic2/templates/authentic2/unused_account_alert_body.txt b/src/authentic2/templates/authentic2/unused_account_alert_body.txt index d02ee878..5cb15814 100644 --- a/src/authentic2/templates/authentic2/unused_account_alert_body.txt +++ b/src/authentic2/templates/authentic2/unused_account_alert_body.txt @@ -1,8 +1,5 @@ -{% load i18n humanize %} -{% autoescape off %} -{% blocktrans %}Hi {{ user.get_full_name }},{% endblocktrans %} +{% load i18n humanize %}{% blocktrans %}Hi {{ user.get_full_name }},{% endblocktrans %} {% blocktrans with last_login_date=user.last_login|naturaltime %}Your last logging was {{ last_login_date }}.{% endblocktrans %} {% blocktrans %}In order to keep your account, you must log in within {{ days_to_deletion }} days.{% endblocktrans %} {% trans "Otherwise, it will be deleted after this time." %} -{% endautoescape %} diff --git a/src/authentic2/templates/authentic2/unused_account_alert_subject.txt b/src/authentic2/templates/authentic2/unused_account_alert_subject.txt index 0649ed5d..a3c4988e 100644 --- a/src/authentic2/templates/authentic2/unused_account_alert_subject.txt +++ b/src/authentic2/templates/authentic2/unused_account_alert_subject.txt @@ -1,6 +1 @@ -{% load i18n humanize %} -{% autoescape off %} -{% blocktrans trimmed with last_login_date=user.last_login|naturaltime %} -Alert: {{ user.get_full_name }} your last login was {{ last_login_date }} -{% endblocktrans %} -{% endautoescape %} +{% load i18n humanize %}{% blocktrans trimmed with last_login_date=user.last_login|naturaltime %}Alert: {{ user.get_full_name }} your last login was {{ last_login_date }}{% endblocktrans %} diff --git a/src/authentic2/templates/authentic2/unused_account_delete_body.txt b/src/authentic2/templates/authentic2/unused_account_delete_body.txt index 002456ae..cf5fd35c 100644 --- a/src/authentic2/templates/authentic2/unused_account_delete_body.txt +++ b/src/authentic2/templates/authentic2/unused_account_delete_body.txt @@ -1,8 +1,4 @@ -{% load i18n humanize %} -{% autoescape off %} -{% blocktrans with last_login_date=user.last_login|naturaltime %} +{% load i18n humanize %}{% blocktrans with last_login_date=user.last_login|naturaltime %} Hi {{ user }}, -Since your last logging was {{ last_login_date }}, your account has been deleted. -{% endblocktrans %} -{% endautoescape %} +Since your last logging was {{ last_login_date }}, your account has been deleted.{% endblocktrans %} diff --git a/src/authentic2/templates/authentic2/unused_account_delete_subject.txt b/src/authentic2/templates/authentic2/unused_account_delete_subject.txt index 712831d9..31f6fbca 100644 --- a/src/authentic2/templates/authentic2/unused_account_delete_subject.txt +++ b/src/authentic2/templates/authentic2/unused_account_delete_subject.txt @@ -1 +1 @@ -{% load i18n %}{% autoescape off %}{% blocktrans %}Notification: {{ user }}, your account has been deleted{% endblocktrans %}{% endautoescape %} +{% load i18n %}{% blocktrans %}Notification: {{ user }}, your account has been deleted{% endblocktrans %} diff --git a/src/authentic2/templates/registration/activation_email.txt b/src/authentic2/templates/registration/activation_email.txt index e623ef6d..74a9db4a 100644 --- a/src/authentic2/templates/registration/activation_email.txt +++ b/src/authentic2/templates/registration/activation_email.txt @@ -1,4 +1,4 @@ -{% load i18n %}{% autoescape off %}{% if not existing_accounts %}{% blocktrans %}You requested registration on {{ site }}. +{% load i18n %}{% if not existing_accounts %}{% blocktrans %}You requested registration on {{ site }}. To finish your registration, please go to: {{ registration_url }} @@ -12,4 +12,4 @@ You already have an account. To login please go to: {% if expiration_days > 1 %}{% blocktrans %}Link is valid for {{ expiration_days }} days.{% endblocktrans %} {% else %}{% blocktrans %}Link is valid for 24 hours.{% endblocktrans %}{% endif %} -{% blocktrans %}If you did not register on {{ site }}, ignore this email.{% endblocktrans %}{% endautoescape %} +{% blocktrans %}If you did not register on {{ site }}, ignore this email.{% endblocktrans %} diff --git a/src/authentic2/templates/registration/activation_email_subject.txt b/src/authentic2/templates/registration/activation_email_subject.txt index 96d6f318..b453a288 100644 --- a/src/authentic2/templates/registration/activation_email_subject.txt +++ b/src/authentic2/templates/registration/activation_email_subject.txt @@ -1 +1 @@ -{% load i18n %}{% autoescape off %}{% trans "You requested registration on" %} {{ site }}{% endautoescape %} +{% load i18n %}{% trans "You requested registration on" %} {{ site }} diff --git a/src/authentic2/templates/registration/password_reset_subject.txt b/src/authentic2/templates/registration/password_reset_subject.txt index 0f2520ef..44f58aa8 100644 --- a/src/authentic2/templates/registration/password_reset_subject.txt +++ b/src/authentic2/templates/registration/password_reset_subject.txt @@ -1,3 +1 @@ -{% load i18n %}{% autoescape off %} -{% blocktrans with hostname=request.get_host %}Password reset on {{ hostname }}{% endblocktrans %} -{% endautoescape %} +{% load i18n %}{% blocktrans with hostname=request.get_host %}Password reset on {{ hostname }}{% endblocktrans %} diff --git a/src/authentic2/utils/__init__.py b/src/authentic2/utils/__init__.py index 84a9eb1f..4f7c040b 100644 --- a/src/authentic2/utils/__init__.py +++ b/src/authentic2/utils/__init__.py @@ -651,11 +651,11 @@ def send_templated_mail(user_or_email, template_names, context=None, with_html=T subject_template_names = [template_name + '_subject.txt' for template_name in template_names] subject_template_names += legacy_subject_templates or [] - subject = render_to_string(subject_template_names, ctx, request=request).strip() + subject = render_to_string(subject_template_names, ctx, request=request, using='plain_text').strip() body_template_names = [template_name + '_body.txt' for template_name in template_names] body_template_names += legacy_body_templates or [] - body = render_to_string(body_template_names, ctx, request=request) + body = render_to_string(body_template_names, ctx, request=request, using='plain_text') html_body = None html_body_template_names = [template_name + '_body.html' for template_name in template_names] -- 2.30.0