STW: add checkbox to subscribe to newsletter #1061
No reviewers
Tunnisteet
Ei tunnistetta
bug
build
cgi Scripting
design
disruptive
documentation
duplicate
easy
feature-request
help wanted
javascript
priority/low
question
system-hackers
tagging
text
translations
wait/bugfix
wait/inprogress
wait/misc
wait/proofread
wontfix
xsl
Ei merkkipaalua
Ei käsittelijää
2 osallistujaa
Ilmoitukset
Määräpäivä
Määräpäivää ei asetettu.
Riippuvuudet
Riippuvuuksia ei asetettu.
Reference: FSFE/fsfe-website#1061
Ladataan…
Viittaa uudesa ongelmassa
No description provided.
Delete Branch "max.mehl/fsfe-website:feature/stw-submails-nl"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I've finally managed to let people ordering promo material subscribe to our newsletter. The problem was caused by Mailman's anti-bot measurements, and them accepting the generated CSRF token only after a few seconds.
Missing so far:
the script subscribes user to English newsletter only. We could make this depending on the used languageSTW: add checkbox to subscribe to newsletterotsikoksi WIP: STW: add checkbox to subscribe to newsletterLanguage detection also working, at least from those pages which are actually translated.
Ready for review :)
WIP: STW: add checkbox to subscribe to newsletterotsikoksi STW: add checkbox to subscribe to newsletterI'm not allowed to push into your branch. Maybe next time open the PR in the fsfe-website repo.
Here is the promotion curl code without exec:
Depending on the PHP version on the server some options may differ. @max.mehl which version do we have there?
And here the suggestion for the second exec:
Simple golden rule: do not pass anything not under you control unescaped as exec param. Like the name parts coming from
$_POST
.Thank you for the review!
I modified the curl request a bit because it takes quite some time to complete if the newsletter option is requested. So I set a very small timeout.
Regarding odtfill, $name and $address already have been escaped before, but I'll take your code because it is more clean.
Please feel free to review again :)
I crawled the PHP doc https://www.php.net/manual/en/function.exec.php and found
→ exec should work for background tasks
In the end it calls another PHP script in the same directory. So why curl anyway? :)
promotion.php
mail-signup.php
I somehow can't test that in my environment. Maybe we can work having that running in my docker setup when we meet next time :)
I like, thanks! That's a good approach, will try to implement it soon :)
Implemented. I guess it's fine for now. Will merge and test with the live system