reggieofarrell · April 19, 2024 23:17
diff --git a/email-templates-allow-style-tags.php b/email-templates-allow-style-tags.php
 <?php
 /*
 Plugin Name: Email Templates - Allow Style Tags
 Description: Keeps the Email Templates Customizer and Designer for WordPress and WooCommerce from stripping out style tags.
 Version: 0.0.1
 Author: Reggie O'Farrell
 ============================================================================================================
 This software is provided "as is" and any express or implied warranties, including, but not limited to, the
 implied warranties of merchantibility and fitness for a particular purpose are disclaimed. In no event shall
 the copyright owner or contributors be liable for any direct, indirect, incidental, special, exemplary, or
 consequential damages(including, but not limited to, procurement of substitute goods or services; loss of
 use, data, or profits; or business interruption) however caused and on any theory of liability, whether in
 contract, strict liability, or tort(including negligence or otherwise) arising in any way out of the use of
 this software, even if advised of the possibility of such damage.
 ============================================================================================================
 */

 add_action('plugins_loaded', function() {

  $random_file_identifier = bin2hex(random_bytes(10));

  /**
   * Adds a filter to modify the email content before it is sent.
   *
   * This function uses a closure to modify the email content. It first defines a set of allowed HTML tags
   * for sanitization purposes, specifically allowing the 'style' tag with a 'type' attribute. It then sanitizes
   * the content using the wp_kses function and the defined allowed tags. After sanitization, it saves the sanitized
   * content into a temporary file within the 'uploads/temp-email-content' directory, appending a unique random string
   * to the filename for differentiation. The original (unsanitized) content is then returned without modification.
   *
   * @param string $content The original email content.
   * @return string The unmodified email content.
   */
  add_filter( 'mailtpl/email_content', function($content) use ($random_file_identifier) {
    // if content does not contain <style> tag, return original content
    if (!str_contains($content, '<style>')) {
      return $content;
    }

    // Define allowed HTML tags for content sanitization, including 'style' tag with 'type' attribute.
    $allowed_tags = wp_kses_allowed_html( 'post' );
    $allowed_tags['style'] = array(
      'type' => true
    );
    // Sanitize the content using the defined allowed tags.
    $sanitized = wp_kses( $content, $allowed_tags );
    // Define the directory path for storing the sanitized content.
    $dir = WP_CONTENT_DIR . '/uploads/temp-email-content';
    // Ensure the directory exists, creating it if necessary.
    wp_mkdir_p( $dir );
    // Save the sanitized content into a temporary file within the specified directory.
    file_put_contents($dir. '/email-content-' . $random_file_identifier . '.txt', $sanitized);

    // Return the original, unmodified content.
    return $content;
  }, -5 );

  /**
   * Retrieves and returns the sanitized email content from a temporary file, then deletes the file.
   *
   * This filter hook retrieves the sanitized email content stored in a temporary file within the
   * 'uploads/temp-email-content' directory. The filename includes a unique identifier to ensure it matches
   * the correct email content. If the file does not exist, it returns the original content. After retrieving
   * the content, it deletes the temporary file to clean up the directory.
   *
   * @param string $content The original email content.
   * @return string The sanitized email content if the temporary file exists, otherwise the original content.
   */
  add_filter( 'mailtpl/email_content', function($content) use ($random_file_identifier) {
    // Construct the file path using the unique identifier.
    $file = WP_CONTENT_DIR . '/uploads/temp-email-content/email-content-' . $random_file_identifier . '.txt';

    // Check if the temporary file exists. If not, return the original content.
    if (!file_exists($file)) {
      return $content;
    }

    // Retrieve the sanitized email content from the temporary file.
    $email_content = file_get_contents($file);
    // Delete the temporary file to clean up.
    unlink($file);
    // Return the sanitized email content.
    return $email_content;
  }, 99 );
 });
	<?php
	/*
	Plugin Name: Email Templates - Allow Style Tags
	Description: Keeps the Email Templates Customizer and Designer for WordPress and WooCommerce from stripping out style tags.
	Version: 0.0.1
	Author: Reggie O'Farrell
	============================================================================================================
	This software is provided "as is" and any express or implied warranties, including, but not limited to, the
	implied warranties of merchantibility and fitness for a particular purpose are disclaimed. In no event shall
	the copyright owner or contributors be liable for any direct, indirect, incidental, special, exemplary, or
	consequential damages(including, but not limited to, procurement of substitute goods or services; loss of
	use, data, or profits; or business interruption) however caused and on any theory of liability, whether in
	contract, strict liability, or tort(including negligence or otherwise) arising in any way out of the use of
	this software, even if advised of the possibility of such damage.
	============================================================================================================
	*/

	add_action('plugins_loaded', function() {

	$random_file_identifier = bin2hex(random_bytes(10));

	/**
	* Adds a filter to modify the email content before it is sent.
	*
	* This function uses a closure to modify the email content. It first defines a set of allowed HTML tags
	* for sanitization purposes, specifically allowing the 'style' tag with a 'type' attribute. It then sanitizes
	* the content using the wp_kses function and the defined allowed tags. After sanitization, it saves the sanitized
	* content into a temporary file within the 'uploads/temp-email-content' directory, appending a unique random string
	* to the filename for differentiation. The original (unsanitized) content is then returned without modification.
	*
	* @param string $content The original email content.
	* @return string The unmodified email content.
	*/
	add_filter( 'mailtpl/email_content', function($content) use ($random_file_identifier) {
	// if content does not contain <style> tag, return original content
	if (!str_contains($content, '<style>')) {
	return $content;
	}

	// Define allowed HTML tags for content sanitization, including 'style' tag with 'type' attribute.
	$allowed_tags = wp_kses_allowed_html( 'post' );
	$allowed_tags['style'] = array(
	'type' => true
	);
	// Sanitize the content using the defined allowed tags.
	$sanitized = wp_kses( $content, $allowed_tags );
	// Define the directory path for storing the sanitized content.
	$dir = WP_CONTENT_DIR . '/uploads/temp-email-content';
	// Ensure the directory exists, creating it if necessary.
	wp_mkdir_p( $dir );
	// Save the sanitized content into a temporary file within the specified directory.
	file_put_contents($dir. '/email-content-' . $random_file_identifier . '.txt', $sanitized);

	// Return the original, unmodified content.
	return $content;
	}, -5 );

	/**
	* Retrieves and returns the sanitized email content from a temporary file, then deletes the file.
	*
	* This filter hook retrieves the sanitized email content stored in a temporary file within the
	* 'uploads/temp-email-content' directory. The filename includes a unique identifier to ensure it matches
	* the correct email content. If the file does not exist, it returns the original content. After retrieving
	* the content, it deletes the temporary file to clean up the directory.
	*
	* @param string $content The original email content.
	* @return string The sanitized email content if the temporary file exists, otherwise the original content.
	*/
	add_filter( 'mailtpl/email_content', function($content) use ($random_file_identifier) {
	// Construct the file path using the unique identifier.
	$file = WP_CONTENT_DIR . '/uploads/temp-email-content/email-content-' . $random_file_identifier . '.txt';

	// Check if the temporary file exists. If not, return the original content.
	if (!file_exists($file)) {
	return $content;
	}

	// Retrieve the sanitized email content from the temporary file.
	$email_content = file_get_contents($file);
	// Delete the temporary file to clean up.
	unlink($file);
	// Return the sanitized email content.
	return $email_content;
	}, 99 );
	});