diff --git a/Classes/DirectMailUtility.php b/Classes/DirectMailUtility.php
index 2d3b6351b..d7e217769 100644
--- a/Classes/DirectMailUtility.php
+++ b/Classes/DirectMailUtility.php
@@ -413,7 +413,7 @@ public static function getStaticIdList($table, $uid)
* @param string $table The table to select from
* @param array $group The direct_mail group record
*
- * @return string The resulting query.
+ * @return array The resulting query.
*/
public static function getSpecialQueryIdList(MailSelect &$queryGenerator, $table, array $group)
{
@@ -421,16 +421,17 @@ public static function getSpecialQueryIdList(MailSelect &$queryGenerator, $table
if ($group['query']) {
$queryGenerator->init('dmail_queryConfig', $table);
$queryGenerator->queryConfig = $queryGenerator->cleanUpQueryConfig(unserialize($group['query']));
- $whereClause = $queryGenerator->getQuery($queryGenerator->queryConfig) . BackendUtility::deleteClause($table);
- $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
- $table . '.uid',
- $table,
- $whereClause
- );
- while (($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))) {
- $outArr[] = $row['uid'];
+ $queryGenerator->extFieldLists['queryFields'] = 'uid';
+ $select = $queryGenerator->getSelectQuery();
+ $res = $GLOBALS['TYPO3_DB']->sql_query($select);
+
+ if ($GLOBALS['TYPO3_DB']->sql_num_rows($res) > 0) {
+ while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
+ $outArr[] = $row['uid'];
+ }
}
+
$GLOBALS['TYPO3_DB']->sql_free_result($res);
}
return $outArr;
diff --git a/Classes/Hooks/JumpurlController.php b/Classes/Hooks/JumpurlController.php
index 60e68da76..d514c4633 100644
--- a/Classes/Hooks/JumpurlController.php
+++ b/Classes/Hooks/JumpurlController.php
@@ -155,10 +155,9 @@ public function preprocessRequest($parameter, $parentObject)
// set juHash as done for external_url in core: http://forge.typo3.org/issues/46071
GeneralUtility::_GETset(GeneralUtility::hmac($jumpurl, 'jumpurl'), 'juHash');
$responseType = -1;
- } elseif (GeneralUtility::isValidUrl($jumpurl) && preg_match('#^(http://|https://)#', $jumpurl)) {
- // Also allow jumpurl to be a valid URL
- GeneralUtility::_GETset(GeneralUtility::hmac($jumpurl, 'jumpurl'), 'juHash');
- $responseType = -1;
+ } elseif (GeneralUtility::isValidUrl($jumpurl)) {
+ // if it's a valid URL, throw exception
+ throw new \Exception('direct_mail: Invalid JumpURL parameter.', 1578347190);
}
// to count the dmailerping correctly, we need something unique
@@ -166,6 +165,7 @@ public function preprocessRequest($parameter, $parentObject)
}
if ($responseType != 0) {
+ $logTable = 'sys_dmail_maillog';
$insertFields = array(
// the message ID
'mid' => intval($mid),
@@ -173,11 +173,31 @@ public function preprocessRequest($parameter, $parentObject)
'url' => $jumpurl,
'response_type' => intval($responseType),
'url_id' => intval($urlId),
- 'rtbl' => $recipientTable,
- 'rid' => $recipientUid
+ 'rtbl' => $recipientTable,
+ 'rid' => $recipientUid
);
- $db->exec_INSERTquery('sys_dmail_maillog', $insertFields);
+ // check if entry exists in the last 10 seconds
+ $existingLog = $db->exec_SELECTcountRows(
+ '*',
+ $logTable,
+ implode(' AND ',
+ array(
+ 'mid = ' . $insertFields['mid'],
+ 'url = ' . $db->fullQuoteStr($insertFields['url'], $logTable),
+ 'response_type = ' . $insertFields['response_type'],
+ 'url_id = ' . $insertFields['url_id'],
+ 'rtbl = ' . $db->fullQuoteStr($insertFields['rtbl'], $logTable),
+ 'rid = ' . $db->fullQuoteStr($insertFields['rid'], $logTable),
+ 'tstamp <= ' . $insertFields['tstamp'],
+ 'tstamp >= ' . intval($insertFields['tstamp']-10),
+ )
+ )
+ );
+
+ if ($existingLog === 0) {
+ $db->exec_INSERTquery($logTable, $insertFields);
+ }
}
}
diff --git a/Classes/Module/RecipientList.php b/Classes/Module/RecipientList.php
index 10783d617..e820e8533 100644
--- a/Classes/Module/RecipientList.php
+++ b/Classes/Module/RecipientList.php
@@ -609,7 +609,19 @@ public function cmd_displayMailGroup($result)
if ($csvValue == 'PLAINLIST') {
$this->downloadCSV($idLists['PLAINLIST']);
} elseif (GeneralUtility::inList('tt_address,fe_users,' . $this->userTable, $csvValue)) {
- $this->downloadCSV(DirectMailUtility::fetchRecordsListValues($idLists[$csvValue], $csvValue, (($csvValue == 'fe_users') ? str_replace('phone', 'telephone', $this->fieldList) : $this->fieldList) . ',tstamp'));
+ if($GLOBALS['BE_USER']->check('tables_select', $csvValue)) {
+ $this->downloadCSV(DirectMailUtility::fetchRecordsListValues($idLists[$csvValue], $csvValue, (($csvValue == 'fe_users') ? str_replace('phone', 'telephone', $this->fieldList) : $this->fieldList) . ',tstamp'));
+ } else {
+ /* @var $flashMessage FlashMessage */
+ $flashMessage = GeneralUtility::makeInstance(
+ 'TYPO3\\CMS\\Core\\Messaging\\FlashMessage',
+ '',
+ $this->getLanguageService()->getLL('mailgroup_table_disallowed_csv'),
+ FlashMessage::ERROR
+ );
+ $csvError = GeneralUtility::makeInstance(FlashMessageRenderer::class)->render($flashMessage);
+ }
+
}
}
@@ -634,25 +646,29 @@ public function cmd_displayMailGroup($result)
default:
if (is_array($idLists['tt_address']) && count($idLists['tt_address'])) {
- $recipContent = $this->getLanguageService()->getLL('mailgroup_recip_number') . ' ' . count($idLists['tt_address']) . '
' . $this->getLanguageService()->getLL('mailgroup_download') . '';
+ $recipContent = $csvError . $this->getLanguageService()->getLL('mailgroup_recip_number') . ' ' . count($idLists['tt_address']) .
+ '
' . $this->getLanguageService()->getLL('mailgroup_download') . '';
$theOutput.= $this->doc->section($this->getLanguageService()->getLL('mailgroup_table_address'), $recipContent);
$theOutput.= '';
}
if (is_array($idLists['fe_users']) && count($idLists['fe_users'])) {
- $recipContent = $this->getLanguageService()->getLL('mailgroup_recip_number') . ' ' . count($idLists['fe_users']) . '
' . $this->getLanguageService()->getLL('mailgroup_download') . '';
+ $recipContent = $csvError . $this->getLanguageService()->getLL('mailgroup_recip_number') . ' ' . count($idLists['fe_users']) .
+ '
' . $this->getLanguageService()->getLL('mailgroup_download') . '';
$theOutput.= $this->doc->section($this->getLanguageService()->getLL('mailgroup_table_fe_users'), $recipContent);
$theOutput.= '';
}
if (is_array($idLists['PLAINLIST']) && count($idLists['PLAINLIST'])) {
- $recipContent = $this->getLanguageService()->getLL('mailgroup_recip_number') . ' ' . count($idLists['PLAINLIST']) . '
' . $this->getLanguageService()->getLL('mailgroup_download') . '';
+ $recipContent = $csvError . $this->getLanguageService()->getLL('mailgroup_recip_number') . ' ' . count($idLists['PLAINLIST']) .
+ '
' . $this->getLanguageService()->getLL('mailgroup_download') . '';
$theOutput.= $this->doc->section($this->getLanguageService()->getLL('mailgroup_plain_list'), $recipContent);
$theOutput.= '';
}
if (is_array($idLists[$this->userTable]) && count($idLists[$this->userTable])) {
- $recipContent = $this->getLanguageService()->getLL('mailgroup_recip_number') . ' ' . count($idLists[$this->userTable]) . '
' . $this->getLanguageService()->getLL('mailgroup_download') . '';
+ $recipContent = $csvError . $this->getLanguageService()->getLL('mailgroup_recip_number') . ' ' . count($idLists[$this->userTable]) .
+ '
' . $this->getLanguageService()->getLL('mailgroup_download') . '';
$theOutput.= $this->doc->section($this->getLanguageService()->getLL('mailgroup_table_custom'), $recipContent);
$theOutput.= '';
}
diff --git a/Resources/Private/Language/locallang_mod2-6.xlf b/Resources/Private/Language/locallang_mod2-6.xlf
index 3572f1288..c9213a9e1 100644
--- a/Resources/Private/Language/locallang_mod2-6.xlf
+++ b/Resources/Private/Language/locallang_mod2-6.xlf
@@ -595,6 +595,9 @@
Missing permission to display data
+
+ CSV export failed. Insufficient access right.
+
Assign categories to content elements
diff --git a/ext_emconf.php b/ext_emconf.php
index 9491b240f..f9de973ed 100644
--- a/ext_emconf.php
+++ b/ext_emconf.php
@@ -15,7 +15,7 @@
'description' => 'Advanced Direct Mail/Newsletter mailer system with sophisticated options for personalization of emails including response statistics.',
'category' => 'module',
'shy' => 0,
- 'version' => '5.2.3',
+ 'version' => '5.2.4',
'dependencies' => 'cms,tt_address',
'conflicts' => 'sr_direct_mail_ext,it_dmail_fix,plugin_mgm,direct_mail_123',
'priority' => '',