imrpoved unsubscribe process and error page layout

content/pages/error.md

@@ -15,6 +15,8 @@ featured_image:
 
 Verflixt, es ist ein Fehler bei der Newsletter-Verwaltung aufgetreten. Vielleicht hilft dir die Fehlermeldung weiter? 
 
+`suche Fehlermeldung`{: #error-msg}
+
 <script src="{static}/js/Message.js"></script>
 
 [&larr; zur Startseite](/)

content/pages/index.md

@@ -3,7 +3,7 @@ title: Index
 date: 2025-02-25
 template: index
 index_cards:
-  - pic: images/kurzprosa/mockup-aw-phantastische-geschichten-2.png 
+  - pic: images/kurzprosa/cover-aw-phantastische-geschichten-2.jpg
     link: werke/
     alt: Phantastik, Belletristik, Lyrik & mehr
   - pic: images/tr/live-microphone-2.jpg

content/php/unsubscribe.php

@@ -35,16 +35,37 @@ function RemoveSubscriberFromDB($subscriberAddress) {
   return TRUE;
 }
 
-// check if hash and email parameters are both set
+
-if ( ! (isset($_GET['c']) and isset($_GET['e'])) ) {
+// check request method – unsubscribe forms use POST but links use GET 
-  GracefulExit($errorURL, "{$err}: Fehlende Emailadresse oder Hash");
+$method = $_SERVER['REQUEST_METHOD'];
+
+// check and sanitize email address
+if ( $method == 'GET' ) {
+  if ( ! isset($_GET['e']) ) {
+    GracefulExit($errorURL, "{$err}: Fehlende Emailadresse");
+  } else {
+    $e = filter_var($_GET['e'], FILTER_SANITIZE_STRING);
+  }
+} elseif ( $method == 'POST' ) {
+  if ( ! isset($_POST['e']) ) {
+    GracefulExit($errorURL, "{$err}: Fehlende Emailadresse");
+  } else {
+    $e = filter_var($_POST['e'], FILTER_SANITIZE_STRING);
+  }
+} else {
+  GracefulExit($errorURL, "{$err}: Fehlerhafter HTTP-Request");
 }
   
-// check if hash is correct
+// check, sanitize and validate hash (only required for GET requests)
-$c = filter_var($_GET['c'], FILTER_SANITIZE_STRING);
+if ($method == 'GET') {
-$e = filter_var($_GET['e'], FILTER_SANITIZE_STRING);
+  if ( ! isset($_GET['c']) ) {
-if ( ! GetConfirmationHash($e) === $c ) {
+    GracefulExit($errorURL, "{$err}: Fehlende Emailadresse oder Hash");
+  } else {
+    $c = filter_var($_GET['c'], FILTER_SANITIZE_STRING);
+    if ( ! GetConfirmationHash($e) === $c ) {
       GracefulExit($errorURL, "{$err}: Fehlerhafter Hash");
+    }
+  }
 }
 
 // remove email from database

theme/static/css/custom.css

@@ -287,16 +287,10 @@ a {
   text-align: center;
 }
 
-pre {
-  width: 80%;
-  min-width: var(--tr-smallest-width);
-  margin-left: auto;
-  margin-right: auto;
-}
-
 .featured-image {
   text-align: center;
 }
+
 figcaption {
   text-align: center;
   font-size: 0.8em;

theme/templates/includes/unsubscribe.html

@@ -2,7 +2,7 @@
   <h2>Newsletter-Abmeldung</h2>
   <p>Komm gerne wieder, irgendwann.</p>
 </hgroup>
-<form class="newsletter-form" method="get" action="{{ SITEURL }}/newsletter/unsubscribe.php">
+<form class="newsletter-form" method="post" action="{{ SITEURL }}/newsletter/unsubscribe.php">
   <input class="newsletter-email" type="email" name="e" placeholder="Emailadresse" autocomplete="email" aria-label="Emailadresse" required/>
   <input class="newsletter-submit" type="submit" value="Abmelden" />
 </form>