From bd2f29eb00e7d476f3262e9bf5ad2ad7ae635226 Mon Sep 17 00:00:00 2001 From: James Date: Mon, 20 Aug 2018 21:32:53 +0100 Subject: [PATCH] +Improved sanitisation --- src/Loggers/Logger.php | 9 ++++++++- src/Models/Logs.php | 5 +++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/Loggers/Logger.php b/src/Loggers/Logger.php index 0e76a1e..ab0df49 100644 --- a/src/Loggers/Logger.php +++ b/src/Loggers/Logger.php @@ -77,7 +77,7 @@ protected function getMailArgs($args) 'time' => time(), 'email_to' => GeneralHelper::arrayToString($args['to']), 'subject' => $args['subject'], - 'message' => strip_tags($args['message']), + 'message' => $this->sanitiseInput($args['message']), 'backtrace_segment' => json_encode($this->getBacktrace()), 'status' => 1, 'attachments' => json_encode($this->getAttachmentLocations($args['attachments'])), @@ -133,6 +133,13 @@ protected function getAttachmentLocations($attachments) return $result; } + protected function sanitiseInput($input) + { + return htmlspecialchars( + preg_replace('#(.*?)#is', '', $input) + ); + } + /** * Get the details of the method that originally triggered wp_mail * diff --git a/src/Models/Logs.php b/src/Models/Logs.php index 5dddddf..c661097 100644 --- a/src/Models/Logs.php +++ b/src/Models/Logs.php @@ -80,12 +80,13 @@ static private function dbResultTransform($results, $args = []) if (GeneralHelper::doesArrayContainSubString($result['additional_headers'], 'text/html')) { $result['is_html'] = true; - $result['message'] = str_replace('\\', '', $result['message']); } else { $result['is_html'] = false; - $result['message'] = nl2br(htmlspecialchars($result['message'])); + $result['message'] = htmlspecialchars_decode($result['message']); } + $result['message'] = stripslashes($result['message']); + if (!empty($result['attachments'])) { foreach ($result['attachments'] as &$attachment) { if ($attachment['id'] == -1) {