From 6efed287fe2f0298af5bc8ef0dfb9eaf18e5478e Mon Sep 17 00:00:00 2001 From: bhavayAnand9 Date: Sat, 8 May 2021 20:56:55 +0530 Subject: [PATCH 1/2] [FIX ISSUE 21986] Fixed issue where generated user passwords are translated incorrectly in the sent email. --- app/mailer/server/api.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/app/mailer/server/api.js b/app/mailer/server/api.js index 26839474bc01f..e54d98cc712d1 100644 --- a/app/mailer/server/api.js +++ b/app/mailer/server/api.js @@ -25,7 +25,13 @@ settings.get('Language', (key, value) => { lng = value || 'en'; }); -export const replacekey = (str, key, value = '') => str.replace(new RegExp(`(\\[${ key }\\]|__${ key }__)`, 'igm'), escapeHTML(value)); +const nonEscapeKeys = ['room_path', 'password']; + +export const replacekey = (str, key, value = '') => str.replace( + new RegExp(`(\\[${ key }\\]|__${ key }__)`, 'igm'), + nonEscapeKeys.includes(key) ? value : escapeHTML(value), +); + export const translate = (str) => replaceVariables(str, (match, key) => TAPi18n.__(key, { lng })); export const replace = function replace(str, data = {}) { if (!str) { @@ -44,8 +50,6 @@ export const replace = function replace(str, data = {}) { return Object.entries(options).reduce((ret, [key, value]) => replacekey(ret, key, value), translate(str)); }; -const nonEscapeKeys = ['room_path']; - export const replaceEscaped = (str, data = {}) => replace(str, { Site_Name: escapeHTML(settings.get('Site_Name')), Site_Url: escapeHTML(settings.get('Site_Url')), From 8d480bc677e1b855c71b24ea5799d917ca04f16d Mon Sep 17 00:00:00 2001 From: bhavayAnand9 Date: Sat, 8 May 2021 22:07:22 +0530 Subject: [PATCH 2/2] [FIX ISSUE 21986] removed redundant calls to escapeHTML function. --- app/lib/server/functions/saveUser.js | 7 +++---- app/mailer/server/api.js | 6 ++++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/app/lib/server/functions/saveUser.js b/app/lib/server/functions/saveUser.js index bc986a54bd325..b738a3af1c352 100644 --- a/app/lib/server/functions/saveUser.js +++ b/app/lib/server/functions/saveUser.js @@ -11,7 +11,6 @@ import { passwordPolicy } from '../lib/passwordPolicy'; import { validateEmailDomain } from '../lib'; import { validateUserRoles } from '../../../../ee/app/authorization/server/validateUserRoles'; import { saveUserIdentity } from './saveUserIdentity'; -import { escapeHTML } from '../../../../lib/escapeHTML'; import { checkEmailAvailability, checkUsernameAvailability, setUserAvatar, setEmail, setStatusText } from '.'; @@ -34,13 +33,13 @@ function _sendUserEmail(subject, html, userData) { subject, html, data: { - email: escapeHTML(userData.email), - password: escapeHTML(userData.password), + email: userData.email, + password: userData.password, }, }; if (typeof userData.name !== 'undefined') { - email.data.name = escapeHTML(userData.name); + email.data.name = userData.name; } try { diff --git a/app/mailer/server/api.js b/app/mailer/server/api.js index e54d98cc712d1..7156559f0003b 100644 --- a/app/mailer/server/api.js +++ b/app/mailer/server/api.js @@ -25,11 +25,10 @@ settings.get('Language', (key, value) => { lng = value || 'en'; }); -const nonEscapeKeys = ['room_path', 'password']; export const replacekey = (str, key, value = '') => str.replace( new RegExp(`(\\[${ key }\\]|__${ key }__)`, 'igm'), - nonEscapeKeys.includes(key) ? value : escapeHTML(value), + value, ); export const translate = (str) => replaceVariables(str, (match, key) => TAPi18n.__(key, { lng })); @@ -50,6 +49,8 @@ export const replace = function replace(str, data = {}) { return Object.entries(options).reduce((ret, [key, value]) => replacekey(ret, key, value), translate(str)); }; +const nonEscapeKeys = ['room_path']; + export const replaceEscaped = (str, data = {}) => replace(str, { Site_Name: escapeHTML(settings.get('Site_Name')), Site_Url: escapeHTML(settings.get('Site_Url')), @@ -58,6 +59,7 @@ export const replaceEscaped = (str, data = {}) => replace(str, { return ret; }, {}), }); + export const wrap = (html, data = {}) => { if (settings.get('email_plain_text_only')) { return replace(html, data);