geonode icon indicating copy to clipboard operation
geonode copied to clipboard

Published 20 hours ago verified publisher icon GeoNode

Space in sitename not escaped in invitation mail body

Open EHJ-52n opened this issue 2 years ago • 2 comments

Expected Behavior

When filling the "user is inviting you to GeoNode" mail template, I expected that the space in my sitename is correctly URL encoded with + or %20:

[...]
Once you receive the confirmation that your account is activated, you can notify admin that you wish to join her/his group(s) through this link

https://geonode.example.com/messages/create/1000/?subject=Request%20to%20join%20your%20group&content=Dear%20group%20manager%2C%0A%0AI%20am%20now%20a%20member%20of%20Project%20Name%20GeoNode%2C%20and%20I%20would%20like%20to%20join%20the%20group%20that%20you%20are%20managing.%0APlease%20add%20me%20to%20your%20group.%0A%0AThank%20you.

user is a member of the following group(s):

- Registered Members

We look forward to seeing you on the platform,

The GeoNode team.

It is the section Project%20Name%20GeoNode in the rather long link.

Actual Behavior

[...]
Once you receive the confirmation that your account is activated, you can notify admin that you wish to join her/his group(s) through this link

https://geonode.example.com/messages/create/1000/?subject=Request%20to%20join%20your%20group&content=Dear%20group%20manager%2C%0A%0AI%20am%20now%20a%20member%20of%20Project Name GeoNode%2C%20and%20I%20would%20like%20to%20join%20the%20group%20that%20you%20are%20managing.%0APlease%20add%20me%20to%20your%20group.%0A%0AThank%20you.

user is a member of the following group(s):

- Registered Members

We look forward to seeing you on the platform,

The GeoNode team.

Steps to Reproduce the Problem

  1. Clone [email protected]:GeoNode/geonode-project.git
  2. Set-Up mailing feature to be able to send mails
  3. Log-in as default admin
  4. Invite a user using the invite feature

Specifications

  • GeoNode version: 3.2.1
  • Installation method (manual, GeoNode Docker, SPCGeoNode Docker):
  • Platform:
  • Additional details:

Potential Solution

Use jinja2 urlencode filter in email template for html and txt mails:

  • ./geonode/templates/invitations/email/email_invite_message.txt
  • ./geonode/templates/invitations/email/email_invite_message.html

Replace {{ site_name }} with {{ site_name|urlencode }} in the created link.

By the way, clicking on the fixed link did not fill the "Create Message" form. Maybe, the whole feature needs a review, if possible.

EHJ-52n avatar Nov 24 '21 10:11 EHJ-52n

I have just checked that this fix has created a side effect: site_name is not properly expanded on the template, since it has the urlencode filter attached 😞

So, I suggest a different approach using the blocktrans block in a different way, like this:

<p><strong>{{ inviter_name }}</strong> {% blocktrans with site_name=site_name|urlencode %}is inviting you to join ({{ site_name }}).{% endblocktrans %}</p>

This way the name is properly expanded and escaped.

This strategy should be also applied to other templates that have variables with filter inside blocktrans blocks, but at least we should start fixing this template.

So, should we open a new issue or reopen this one?

miceno avatar Apr 06 '22 20:04 miceno

let's reopen this one, thanks.

afabiani avatar Apr 07 '22 08:04 afabiani