e107 icon indicating copy to clipboard operation
e107 copied to clipboard

Published 20 hours ago verified publisher icon e107inc

different rules for email option in forum and email.php itself

Open Jimmi08 opened this issue 4 years ago • 5 comments

Bug Description

Option Email is displayed for everyone

image

No check in function sc_postoptions() $text .= "<li class='dropdown-item text-right text-end float-right float-right'><a href='" . e_HTTP . "email.php?plugin:forum." . $threadID . "'>" . LAN_FORUM_2044 . " " . $tp->toGlyph('fa-envelope') . "</a></li>";

but email.php itself has this check:

if (!check_class(varset($pref['email_item_class'],e_UC_MEMBER)))
{
	e107::redirect('Location: '.e_BASE.'index.php');
	exit();
}

It is this pref: image

Before this pref was used this way: (1.0.4 code)

News email icon:

SC_BEGIN EMAILICON
if (!check_class(varset($pref['email_item_class'],e_UC_MEMBER)))
{
	return '';
}
$news_item = getcachedvars('current_news_item');
$param = getcachedvars('current_news_param');
require_once(e_HANDLER.'emailprint_class.php');
return emailprint::render_emailprint('news', $news_item['news_id'], 1);
SC_END

Forum email icon:

SC_BEGIN EMAILITEM
global $post_info, $tp;
if($post_info['thread_parent'] == 0)
{
	return $tp->parseTemplate("{EMAIL_ITEM=".FORLAN_101."^plugin:forum.{$post_info['thread_id']}}");
}
SC_END

General email button: {EMAIL_ITEM}

if (!check_class(varset($pref['email_item_class'],e_UC_MEMBER)))
{
	return '';
}

Now news email doesn't use this solution at all and the forum option ignores this.

When you click on the forum on this option, nothing happens (at least redirection should be there, shouldn't it?).
But I got a warning from the Google search console :

image

Jimmi08 avatar Mar 17 '21 09:03 Jimmi08

This should be replaced with the same mechanism used in the social plugin for "Email to someone".

eg.

mailto:EMAIL_RECIPIENT?subject=(TITLE)&body=".rawurlencode($emailMessage))

CaMer0n avatar Mar 17 '21 18:03 CaMer0n

Do you mean like in news?

If yes, it is not the same solution, because it launches a mail client and if you don't have any installed, it is useless. It is just sharing by email. not sent somebody an email directly via the website with your comment.

Jimmi08 avatar Mar 17 '21 19:03 Jimmi08

@Jimmi08 Correct. The old 'solution' is prone to abuse.

CaMer0n avatar Mar 17 '21 21:03 CaMer0n

It was fixed with other issues. No problem anymore.

Jimmi08 avatar Mar 20 '22 10:03 Jimmi08

It still doesn't work for the quest

This line in email.php is causing issues:

e107::redirect('Location: '.e_BASE.'index.php');

Jimmi08 avatar Mar 20 '22 11:03 Jimmi08