STW: add checkbox to subscribe to newsletter #1061
レビューアなし
ラベル
ラベルなし
bug
build
cgi Scripting
design
disruptive
documentation
duplicate
easy
feature-request
help wanted
javascript
priority/low
question
system-hackers
tagging
text
translations
wait/bugfix
wait/inprogress
wait/misc
wait/proofread
wontfix
xsl
マイルストーンなし
担当者なし
2 人の参加者
通知
期日
期日は未設定です。
依存関係
依存関係が設定されていません。
リファレンス: FSFE/fsfe-website#1061
読み込み中…
新しいイシューから参照
説明はありません。
ブランチ "max.mehl/fsfe-website:feature/stw-submails-nl" の削除
ブランチの削除は恒久的です。 実際に削除されるまでの短い期間、ブランチが存在したままになることもありますが、たいていは元に戻すことはできません。 続行しますか?
I've finally managed to let people ordering promo material subscribe to our newsletter. The problem was caused by Mailman's anti-bot measurements, and them accepting the generated CSRF token only after a few seconds.
Missing so far:
the script subscribes user to English newsletter only. We could make this depending on the used languageSTW: add checkbox to subscribe to newsletterから WIP: STW: add checkbox to subscribe to newsletter に変更Language detection also working, at least from those pages which are actually translated.
Ready for review :)
WIP: STW: add checkbox to subscribe to newsletterから STW: add checkbox to subscribe to newsletter に変更I'm not allowed to push into your branch. Maybe next time open the PR in the fsfe-website repo.
Here is the promotion curl code without exec:
Depending on the PHP version on the server some options may differ. @max.mehl which version do we have there?
And here the suggestion for the second exec:
Simple golden rule: do not pass anything not under you control unescaped as exec param. Like the name parts coming from
$_POST
.Thank you for the review!
I modified the curl request a bit because it takes quite some time to complete if the newsletter option is requested. So I set a very small timeout.
Regarding odtfill, $name and $address already have been escaped before, but I'll take your code because it is more clean.
Please feel free to review again :)
I crawled the PHP doc https://www.php.net/manual/en/function.exec.php and found
→ exec should work for background tasks
In the end it calls another PHP script in the same directory. So why curl anyway? :)
promotion.php
mail-signup.php
I somehow can't test that in my environment. Maybe we can work having that running in my docker setup when we meet next time :)
I like, thanks! That's a good approach, will try to implement it soon :)
Implemented. I guess it's fine for now. Will merge and test with the live system