After review 0

Author: tatevikg1

assets/vue/api.js

@@ -29,7 +29,7 @@ const redirectToLogin = () => {
         return;
     }
     isAuthenticationRedirectInProgress = true;
-    const redirectTarget = `${window.location.pathname}${window.location.search}${window.location.hash}`;
+    const redirectTarget = `${window.location.pathname}${window.location.search}`;
     const search = new URLSearchParams({ redirect: redirectTarget }).toString();
     window.location.href = `${AUTHENTICATION_REDIRECT_PATH}?${search}`;
 };

assets/vue/components/campaigns/ViewCampaignModal.vue

@@ -93,7 +93,6 @@
                         type="checkbox"
                         :value="list.id"
                         class="h-4 w-4 rounded border-slate-300 text-slate-900 accent-ext-wf1"
-                        data-testid="send-btn"
                     >
                     <span>{{ list.name }}</span>
                   </label>

assets/vue/components/public-pages/PublicPageEditor.vue

@@ -547,9 +547,10 @@ const applyLoadedDataToForm = (page = null) => {
   const ownerIdFromPage = page?.owner?.id ? String(page.owner.id) : ''
   form.value.ownerId = getDataValue('owner_id', ownerIdFromPage)
 
+  const pageDataItems = Array.isArray(page?.data) ? page.data : []
   const config = {}
   form.value.attributes.split(',').forEach((attributeId) => {
-    const attribute = page.data.find(
+    const attribute = pageDataItems.find(
         (attr) => attr.key === `attribute${String(attributeId).padStart(3, '0')}`
     )
 
@@ -631,7 +632,7 @@ const persistDataItems = async () => {
     ['button', form.value.button],
     ['htmlchoice', form.value.htmlChoice],
     ['emaildoubleentry', form.value.displayEmailConfirmationField === '1' ? 'yes' : 'no'],
-    ['showcategories', form.value.displayListCategories ? 'yes' : 'no'],
+    ['showcategories', form.value.displayListCategories === '1' ? 'yes' : 'no'],
     ['lists', selectedListIds],
     ['preselectlist', normalizedPreselectedId],
     ['subscribesubject', form.value.subscribeSubject],

assets/vue/components/public-pages/PublicPagesDirectory.vue

@@ -33,7 +33,7 @@
           <tr class="hover:bg-slate-50 transition-colors">
             <td class="px-6 py-4 text-slate-600">{{ page.id }}</td>
             <td class="px-6 py-4 font-medium text-slate-900">{{ page.title || `Subscribe page #${page.id}` }}</td>
-            <td class="px-6 py-4 text-slate-700">{{ page.owner.loginName }}</td>
+            <td class="px-6 py-4 text-slate-700">{{ page.owner?.loginName || page.owner?.email || 'No owner' }}</td>
             <td class="px-6 py-4">
               <label class="inline-flex items-center cursor-pointer">
                 <input
@@ -122,7 +122,7 @@
             <div>
               <p class="text-xs uppercase tracking-wide text-slate-500">#{{ page.id }}</p>
               <p class="font-semibold text-slate-900">{{ page.title || `Subscribe page #${page.id}` }}</p>
-              <p class="text-xs text-slate-500 mt-1">Owner: {{ page.owner.loginName }}</p>
+              <p class="text-xs text-slate-500 mt-1">Owner: {{ page.owner?.loginName || page.owner?.email || 'No owner' }}</p>
             </div>
             <div class="text-xs text-slate-500">
               {{ isRowBusy(page.id) ? 'Updating...' : '' }}

config/packages/security.yaml

@@ -21,6 +21,6 @@ security:
   access_control:
     - { path: ^/(?:app(?:_test)?\.php/)?login(?:/|$), roles: PUBLIC_ACCESS }
     - { path: ^/(?:app(?:_test)?\.php/)?api/v2(?:/|$), roles: PUBLIC_ACCESS }
-    - { path: ^/(?:app(?:_test)?\.php/)?subscribe, roles: PUBLIC_ACCESS }
-    - { path: ^/(?:app(?:_test)?\.php/)?unsubscribe, roles: PUBLIC_ACCESS }
+    - { path: ^/(?:app(?:_test)?\.php/)?subscribe(?:/|$), roles: PUBLIC_ACCESS }
+    - { path: ^/(?:app(?:_test)?\.php/)?unsubscribe(?:/|$), roles: PUBLIC_ACCESS }
     - { path: ^/, roles: ROLE_ADMIN }

src/Controller/PublicSubscribeController.php

@@ -15,6 +15,7 @@
 use PhpList\WebFrontend\Service\LanguageService;
 use PhpList\WebFrontend\Service\PublicSubscribeFormBuilder;
 use PhpList\WebFrontend\Service\PublicSubscribeFormValidator;
+use RuntimeException;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -65,19 +66,26 @@ public function unsubscribe(Request $request, int $pageId): Response
         ]);
     }
 
-    #[Route('/subscribe/styles/{fileName}', name: 'subscribe_styles')]
-    public function getStylesheets(string $fileName): Response
-    {
-        $applicationRoot = (new ApplicationStructure())->getApplicationRoot();
-        return $this->file($applicationRoot . '/public/build/' . $fileName);
-    }
-
-    #[Route('/subscribe/images/{fileName}', name: 'subscribe_images')]
-    #[Route('/unsubscribe/images/{fileName}', name: 'unsubscribe_images')]
+    #[Route('/subscribe/images/{fileName}', name: 'sub_images', requirements: ['fileName' => '[A-Za-z0-9._-]+'])]
+    #[Route('/subscribe/styles/{fileName}', name: 'sub_styles', requirements: ['fileName' => '[A-Za-z0-9._-]+'])]
+    #[Route('/unsubscribe/images/{fileName}', name: 'unsub_images', requirements: ['fileName' => '[A-Za-z0-9._-]+'])]
     public function getImages(string $fileName): Response
     {
         $applicationRoot = (new ApplicationStructure())->getApplicationRoot();
-        return $this->file($applicationRoot . '/public/' . $fileName);
+
+        $baseDir = realpath($applicationRoot . '/public/build');
+
+        if ($baseDir === false) {
+            throw new RuntimeException('Build directory not found.');
+        }
+
+        $path = realpath($baseDir . DIRECTORY_SEPARATOR . $fileName);
+
+        if ($path === false || !str_starts_with($path, $baseDir . DIRECTORY_SEPARATOR)) {
+            throw $this->createNotFoundException();
+        }
+
+        return $this->file($path);
     }
 
     #[Route('/subscribe/{pageId}', name: 'subscribe', requirements: ['pageId' => '\d+'], methods: ['GET', 'POST'])]

src/Service/ListSelectionService.php

@@ -27,13 +27,13 @@ public function parseAvailableListIds(string|array|null $rawListIds): array
     public function validateSelection(array $selectedLists, array $availableListIds): ?string
     {
         if ($selectedLists === []) {
-            return 'Please select a newsletter to subscribe to.';
+            return 'error.select_newsletter';
         }
 
         $allowedListLookup = array_fill_keys($availableListIds, true);
         foreach ($selectedLists as $selectedListId) {
             if (!isset($allowedListLookup[$selectedListId])) {
-                return 'One or more selected lists are not available.';
+                return 'error.invalid_selected_lists';
             }
         }
 

src/Service/PhpListTranslationLoader.php

@@ -67,13 +67,16 @@ private function extractVariables(string $filePath): array
 
     private function mapLocaleToPhpListFile(string $locale): string
     {
+        $normalized = strtolower(str_replace('-', '_', $locale));
+        $baseLocale = strtok($normalized, '_') ?: 'en';
+
         $map = [
             'en' => 'english.php',
             'es' => 'spanish.php',
             'fr' => 'french.php',
         ];
 
-        return $map[$locale] ?? 'english.php';
+        return $map[$baseLocale] ?? 'english.php';
     }
 }
 

src/Service/PublicSubscribeFormValidator.php

@@ -31,7 +31,8 @@ public function validateFormData(
         $errors = [];
         $email = trim((string) ($formData['email'] ?? ''));
         $emailConfirm = trim((string) ($formData['email_confirm'] ?? ''));
-        $selectedLists = array_values(array_unique(array_map('intval', $formData['selected_lists'] ?? [])));
+        $rawSelectedLists = is_array($formData['selected_lists'] ?? null) ? $formData['selected_lists'] : [];
+        $selectedLists = array_values(array_unique(array_map('intval', $rawSelectedLists)));
 
         if (($formData['honeypot'] ?? '') !== '') {
             $errors[] = 'Submission rejected.';