diff --git a/code/Control/UserDefinedFormController.php b/code/Control/UserDefinedFormController.php index e670ce7..55949fa 100644 --- a/code/Control/UserDefinedFormController.php +++ b/code/Control/UserDefinedFormController.php @@ -276,7 +276,9 @@ JS $emailData = [ 'Sender' => Security::getCurrentUser(), - 'Fields' => $submittedFields + 'HideFormData' => false, + 'Fields' => $submittedFields, + 'Body' => '', ]; $this->extend('updateEmailData', $emailData, $attachments); @@ -285,9 +287,10 @@ JS if ($recipients = $this->FilteredEmailRecipients($data, $form)) { foreach ($recipients as $recipient) { $email = Email::create() - ->setHTMLTemplate('email/SubmittedFormEmail.ss') - ->setPlainTemplate('email/SubmittedFormEmail.ss'); + ->setHTMLTemplate('email/SubmittedFormEmail') + ->setPlainTemplate('email/SubmittedFormEmail'); + // Merge fields are used for CMS authors to reference specific form fields in email content $mergeFields = $this->getMergeFieldsMap($emailData['Fields']); if ($attachments) { @@ -305,19 +308,21 @@ JS } } - $parsedBody = SSViewer::execute_string($recipient->getEmailBodyContent(), $mergeFields); - if (!$recipient->SendPlain && $recipient->emailTemplateExists()) { $email->setHTMLTemplate($recipient->EmailTemplate); } - $email->setData($recipient); + // Add specific template data for the current recipient + $emailData['HideFormData'] = (bool) $recipient->HideFormData; + // Include any parsed merge field references from the CMS editor - this is already escaped + $emailData['Body'] = SSViewer::execute_string($recipient->getEmailBodyContent(), $mergeFields); + + // Push the template data to the Email's data foreach ($emailData as $key => $value) { $email->addData($key, $value); } $email->setFrom($recipient->EmailFrom); - $email->setBody($parsedBody); $email->setTo($recipient->EmailAddress); $email->setSubject($recipient->EmailSubject); @@ -353,11 +358,11 @@ JS $this->extend('updateEmail', $email, $recipient, $emailData); - if ($recipient->SendPlain) { + if ((bool)$recipient->SendPlain) { $body = strip_tags($recipient->getEmailBodyContent()) . "\n"; - if (isset($emailData['Fields']) && !$recipient->HideFormData) { - foreach ($emailData['Fields'] as $Field) { - $body .= $Field->Title . ': ' . $Field->Value . " \n"; + if (isset($emailData['Fields']) && !$emailData['HideFormData']) { + foreach ($emailData['Fields'] as $field) { + $body .= $field->Title . ': ' . $field->Value . " \n"; } } diff --git a/templates/email/SubmittedFormEmail.ss b/templates/email/SubmittedFormEmail.ss index 15913ed..02414f7 100755 --- a/templates/email/SubmittedFormEmail.ss +++ b/templates/email/SubmittedFormEmail.ss @@ -1,4 +1,5 @@ -$Body +<%-- Note: content is already escaped in UserDefinedFormController::process --%> +$Body.RAW <% if not $HideFormData %>
diff --git a/tests/Control/UserDefinedFormControllerTest.php b/tests/Control/UserDefinedFormControllerTest.php index 630913f..59280b5 100644 --- a/tests/Control/UserDefinedFormControllerTest.php +++ b/tests/Control/UserDefinedFormControllerTest.php @@ -5,15 +5,13 @@ namespace SilverStripe\UserForms\Tests\Control; use SilverStripe\Core\Config\Config; use SilverStripe\Dev\CSSContentParser; use SilverStripe\Dev\FunctionalTest; -use SilverStripe\Dev\TestOnly; use SilverStripe\Forms\FieldList; use SilverStripe\Forms\FormAction; use SilverStripe\ORM\DataObject; -use SilverStripe\Security\Member; +use SilverStripe\UserForms\Control\UserDefinedFormController; use SilverStripe\UserForms\Model\EditableFormField\EditableTextField; use SilverStripe\UserForms\Model\Submission\SubmittedFormField; use SilverStripe\UserForms\Model\UserDefinedForm; -use SilverStripe\UserForms\Control\UserDefinedFormController; use SilverStripe\View\ArrayData; use SilverStripe\View\SSViewer; @@ -30,7 +28,7 @@ class UserDefinedFormControllerTest extends FunctionalTest { parent::setUp(); - Config::modify()->set(SSViewer::class, 'themes', ['simple', '$default']); + Config::modify()->merge(SSViewer::class, 'themes', ['simple', '$default']); } public function testProcess() @@ -51,7 +49,7 @@ class UserDefinedFormControllerTest extends FunctionalTest // should have a submitted form field now $submitted = DataObject::get(SubmittedFormField::class, "\"Name\" = 'basic-text-name'"); - $this->assertDOSAllMatch( + $this->assertListAllMatch( [ 'Name' => 'basic-text-name', 'Value' => 'Basic Value', @@ -86,7 +84,7 @@ class UserDefinedFormControllerTest extends FunctionalTest $parser = new CSSContentParser($nodata['Content']); $list = $parser->getBySelector('dl'); - $this->assertFalse(isset($list[0]), 'Email contains no fields'); + $this->assertEmpty($list, 'Email contains no fields'); // check to see if the user was redirected (301) $this->assertEquals($response->getStatusCode(), 302); @@ -281,12 +279,10 @@ class UserDefinedFormControllerTest extends FunctionalTest protected function setupFormFrontend($fixtureName = 'basic-form-page') { $form = $this->objFromFixture(UserDefinedForm::class, $fixtureName); - $this->logInWithPermission('ADMIN'); - $form->publishRecursive(); - - $member = Member::currentUser(); - $member->logOut(); + $this->actWithPermission('ADMIN', function () use ($form) { + $form->publishRecursive(); + }); return $form; }