View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0018345||phplist application||Statistics||public||23-09-16 11:35||13-10-16 22:41|
|Target Version||3.2.6||Fixed in Version||3.2.6|
|Summary||0018345: Link clicking in test messges is restricted to admins|
|Description||In 3.2.6 RC1 there is some new processing that restricts clicking links in test messages to admins who are currently logged-in to phplist.|
This looks to be a significant break of how phplist currently works and I expect it will surprise many people. One scenario is that an admin composes a message and then sends a test message to several subscribers for review. Suddenly clicking a link in the test email will give a 404 error.
What's the reason for the change? Possibly it can be controlled by a config setting, with the default to work as it currently does.
|Tags||No tags attached.|
||The change is part of general hardening. But I can see your point. I will review the change and think of a way to handle it.|
Reminder sent to: michiel
We should update the check and only disallow the personalised links
||I've now updated it, so that only the "unsubscribe" and "preference" links are blocked.|
The $allowPersonalised is set incorrectly. it should be true instead of false.
The validation of whether a campaign has been sent at all could cause a problem. Consider a campaign being sent, then edited and a test email sent to a new subscriber. That would currently fail with a 404 error.
||We may want to encode the "test message" status in the links, instead of reading it from the DB. I've merged your PR.|
||M, can you push these changes to the HOSTED6 and HOSTED6 plus, we still have tests failing with this issue|
Personalised links are disallowed, but other links will work.
I will open a new ticket to review this for a sent campaign being re-edited and then test emails being created.