From 8a952c137bc185ae40fd5d3c48f7ff28d056d51d Mon Sep 17 00:00:00 2001 From: Kailash Nadh Date: Mon, 26 Nov 2018 17:36:05 +0530 Subject: [PATCH] Add regexp template tag validation --- models/models.go | 2 +- templates.go | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/models/models.go b/models/models.go index eaf082e..2400222 100644 --- a/models/models.go +++ b/models/models.go @@ -208,7 +208,7 @@ func (s SubscriberAttribs) Scan(src interface{}) error { } // CompileTemplate compiles a campaign body template into its base -// template and sets the resultant template to Campaign.Tpl +// template and sets the resultant template to Campaign.Tpl. func (c *Campaign) CompileTemplate(f template.FuncMap) error { // Compile the base template. t := regexpLinkTag.ReplaceAllString(c.TemplateBody, regexpLinkTagReplace) diff --git a/templates.go b/templates.go index 220c61d..a1c2555 100644 --- a/templates.go +++ b/templates.go @@ -5,8 +5,8 @@ import ( "errors" "fmt" "net/http" + "regexp" "strconv" - "strings" "github.com/asaskevich/govalidator" "github.com/knadh/listmonk/models" @@ -32,6 +32,10 @@ type dummyMessage struct { UnsubscribeURL string } +var ( + regexpTplTag = regexp.MustCompile(`{{(\s+)?template\s+?"content"(\s+)?\.(\s+)?}}`) +) + // handleGetTemplates handles retrieval of templates. func handleGetTemplates(c echo.Context) error { var ( @@ -76,7 +80,7 @@ func handlePreviewTemplate(c echo.Context) error { ) if body != "" { - if strings.Count(body, tplTag) != 1 { + if !regexpTplTag.MatchString(body) { return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Template body should contain the %s placeholder exactly once", tplTag)) } @@ -243,7 +247,7 @@ func validateTemplate(o models.Template) error { return errors.New("invalid length for `name`") } - if strings.Count(o.Body, tplTag) != 1 { + if !regexpTplTag.MatchString(o.Body) { return fmt.Errorf("template body should contain the %s placeholder exactly once", tplTag) }