• log-detail.php
    not needed sanitize post_content, if is html, i want html!

    	<th><?php echo esc_html_x('Message', 'content of email', 'log-emails'); ?></th>
    	<?php if (!empty($content_type) && strpos($content_type, 'text/html') !== false && empty($_GET['raw'])): ?>
    			<p><a href="<?php echo esc_url($current . '&raw=1'); ?>"><?php esc_html_e('view raw message', 'log-emails'); ?></a></p>
    			<?php echo $post->post_content; ?>
    	<?php else: ?>
    			<?php if (!empty($content_type) && strpos($content_type, 'text/html') !== false && !empty($_GET['raw'])): ?>
    				<p><a href="<?php echo esc_url($current); ?>"><?php esc_html_e('view HTML message', 'log-emails'); ?></a></p>
    			<?php endif; ?>
    			<?php echo nl2br(esc_html($post->post_content)); ?>
    	<?php endif; ?>

    remove filter sanitization

    public static function createLog($subject, $message, $alt_message, $fields) {
    		// create post for message
    		$post_id = wp_insert_post(array(

    Im using MyMail plugin for newsletters. There is option to override all system email via MyMail templates, so if I want log this email ->

    add_action('mymail_presend','mymail_log_email' );
    function mymail_log_email($email){
        if (class_exists('LogEmailsPostTypeLog')) {
            $fields = array();
            $fields['_log_emails_log_from'] = sprintf('%s <%s>', $email->from_name, $email->from);
            if (!empty($cc)) {
                $fields['_log_emails_log_cc'] = implode(', ', $cc);
            if (!empty($bcc)) {
                $fields['_log_emails_log_bcc'] = implode(', ', $bcc);
            $fields['_log_emails_log_to'] = $email->to;
            $fields['_log_emails_log_content-type'] = 'text/html';    
            new LogEmailsPostTypeLog();
            LogEmailsPostTypeLog::createLog($email->subject, $email->content, $email->plaintext, $fields);

    better css handle with html email

    .log-emails-log-details {
    	width: 96%;
    	> tbody > tr > th {
    		text-align: right;
    		vertical-align: top;
    		padding: 3px;
    		width: 8em;
    	> tbody > tr > td {
    		padding: 3px;
    		border: 1px solid #ccc;
    		background-color: white;
    .log-emails-log-details * {
    	margin: inherit;

    add i18n to menu

    public function adminMenu() {
    		add_options_page(__('Email Logs', 'log-emails'), __('Email Logs', 'log-emails'), 'manage_options', 'log-emails', array($this, 'settingsPage'));


Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author webaware


    G’day Hrohh,

    Thanks for your enhancements. I’ll review for incorporation into the plugin core. If I don’t incorporate them all, I’ll add some actions / filters to let you handle those items yourself so that you can receive plugin updates without losing functionality.

    The reason I sanitise the post content is that it’s possible to create a cross-site scripting (XSS) vulnerability if I allow some things through. Logged emails can contain user-submitted content, so I must be careful there. I’ll look at how I can better balance that requirement with the need to show the email’s HTML though.


    Thread Starter Hrohh


    Ok, thank you. You’re absolutely right about XSS.

    I have some strange behaviour about columns in table list.
    My plugins are Anything Order, Admin Columns Pro and Admin Bookmarks. Can you look at it?

    Plugin Author webaware


    No worries, I’ve added that to my bug tracker too. I’ll probably give this plugin a revamp in February sometime, so will give your suggestions and bug reports some attention then.


    Thread Starter Hrohh


    also I have some trouble with plugins, which add some columns (Anything Order, My Admin Bookmarks, Peters Post Notes)
    so my filter is

    add_filter('manage_' . self::POST_TYPE . '_posts_columns', array($this, 'adminManageColumns'), PHP_INT_MAX);
    add_action('manage_' . self::POST_TYPE . '_posts_custom_column', array($this, 'adminManageCustomColumn'), 10, 2);
    add_filter('manage_edit-' . self::POST_TYPE . '_columns', array($this, 'adminManageColumns'), PHP_INT_MAX);
    public function adminManageColumns($posts_columns) {
    	$posts_columns = array_intersect_key( $posts_columns, array_flip( array('date') ) );
    	$posts_columns['_log_emails_title'] = _x('Subject', 'email subject', 'log-emails');
    	$posts_columns['_log_emails_log_to'] = _x('Recipients', 'email recipients (To:)', 'log-emails');
    	$posts_columns = array_merge(array_flip(array('_log_emails_title', '_log_emails_log_to', 'date')), $posts_columns);
    	return $posts_columns;
    Thread Starter Hrohh


    for XSS, maybe remove iframes, javascript and only allow insert files from internet with *.jpg, *.gif, *.png, so some preg replace to looking for tags and remove them.

    Im using MyMail plugin, which send newsletters with nice template compatible with Outlook, Thunderbird, Gmail etc..

    Thread Starter Hrohh


    fix for checkbox ->

    $posts_columns = array_intersect_key( $posts_columns, array_flip( array('cb','date') ) );
    $posts_columns = array_merge(array_flip(array('cb', '_log_emails_title', '_log_emails_log_to', 'date')), $posts_columns);

    and in mymail presend fix for array

    add_action('mymail_presend','mymail_log_email' );
    $fields['_log_emails_log_to'] = reset($email->to);

    in register_post_type you have in ‘capabilities’ ‘do_not_allow’..why? it should be simply false

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘some improvement’ is closed to new replies.