2022-01-01 13:38:12 +00:00
|
|
|
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
2021-06-01 12:20:20 +00:00
|
|
|
|
2016-04-13 23:40:37 +00:00
|
|
|
class NotificationFactory::Template
|
|
|
|
|
2016-11-11 10:17:53 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
examples how to use
|
|
|
|
|
2016-11-11 15:57:25 +00:00
|
|
|
cleaned_template = NotificationFactory::Template.new(
|
2016-11-13 18:33:12 +00:00
|
|
|
'some template <b>#{ticket.title}</b> #{config.fqdn}',
|
|
|
|
true,
|
2021-09-23 10:04:18 +00:00
|
|
|
false, # Allow ERB tags in the template?
|
2016-11-11 15:57:25 +00:00
|
|
|
).to_s
|
2016-11-11 10:17:53 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2021-09-23 10:04:18 +00:00
|
|
|
def initialize(template, escape, trusted)
|
2016-04-13 23:40:37 +00:00
|
|
|
@template = template
|
2021-09-23 10:04:18 +00:00
|
|
|
@escape = escape
|
|
|
|
@trusted = trusted
|
2016-04-13 23:40:37 +00:00
|
|
|
end
|
|
|
|
|
2016-11-11 15:57:25 +00:00
|
|
|
def to_s
|
2021-09-23 10:04:18 +00:00
|
|
|
result = @template
|
|
|
|
result.gsub!(%r{<%(?!%)}, '<%%') if !@trusted
|
|
|
|
result.gsub(%r{\#{\s*(.*?)\s*}}m) do
|
2019-02-12 06:46:04 +00:00
|
|
|
# some browsers start adding HTML tags
|
|
|
|
# fixes https://github.com/zammad/zammad/issues/385
|
2021-05-12 11:37:44 +00:00
|
|
|
input_template = $1.gsub(%r{\A<.+?>\s*|\s*<.+?>\z}, '')
|
2019-02-12 06:46:04 +00:00
|
|
|
|
|
|
|
case input_template
|
2021-05-12 11:37:44 +00:00
|
|
|
when %r{\At\('(.+?)'\)\z}m
|
2019-02-12 06:46:04 +00:00
|
|
|
%(<%= t "#{sanitize_text($1)}", #{@escape} %>)
|
2021-05-12 11:37:44 +00:00
|
|
|
when %r{\At\((.+?)\)\z}m
|
2019-02-12 06:46:04 +00:00
|
|
|
%(<%= t d"#{sanitize_object_name($1)}", #{@escape} %>)
|
2021-05-12 11:37:44 +00:00
|
|
|
when %r{\Aconfig\.(.+?)\z}m
|
2019-02-12 06:46:04 +00:00
|
|
|
%(<%= c "#{sanitize_object_name($1)}", #{@escape} %>)
|
2016-11-13 18:33:12 +00:00
|
|
|
else
|
2019-02-12 06:46:04 +00:00
|
|
|
%(<%= d "#{sanitize_object_name(input_template)}", #{@escape} %>)
|
2016-11-13 18:33:12 +00:00
|
|
|
end
|
|
|
|
end
|
2016-04-13 23:40:37 +00:00
|
|
|
end
|
2016-11-13 18:33:12 +00:00
|
|
|
|
2019-02-12 06:46:04 +00:00
|
|
|
def sanitize_text(string)
|
|
|
|
string&.tr("\t\r\n", '')
|
2021-05-12 11:37:44 +00:00
|
|
|
&.gsub(%r{(?<!\\)(?=")}, '\\')
|
2016-11-13 18:33:12 +00:00
|
|
|
end
|
|
|
|
|
2019-02-12 06:46:04 +00:00
|
|
|
def sanitize_object_name(string)
|
|
|
|
string&.tr("\t\r\n\f \"'§;", '')
|
2016-11-13 18:33:12 +00:00
|
|
|
end
|
|
|
|
|
2016-04-13 23:40:37 +00:00
|
|
|
end
|