imrpoved unsubscribe process and error page layout

2025-03-06 17:32:43 +01:00 · 2025-03-06 17:32:43 +01:00 · 9e03a6c56c
commit 9e03a6c56c
parent 5d04b1f04d
6 changed files with 35 additions and 18 deletions
--- a/content/images/sonstiges/cover-aventurischer-bote-1.webp
+++ b/content/images/sonstiges/cover-aventurischer-bote-1.webp
--- a/content/pages/error.md
+++ b/content/pages/error.md
@ -15,6 +15,8 @@ featured_image:

 Verflixt, es ist ein Fehler bei der Newsletter-Verwaltung aufgetreten. Vielleicht hilft dir die Fehlermeldung weiter? 

+`suche Fehlermeldung`{: #error-msg}
+
 <script src="{static}/js/Message.js"></script>

 [&larr; zur Startseite](/)
--- a/content/pages/index.md
+++ b/content/pages/index.md
@ -3,7 +3,7 @@ title: Index
 date: 2025-02-25
 template: index
 index_cards:
-  - pic: images/kurzprosa/mockup-aw-phantastische-geschichten-2.png 
+  - pic: images/kurzprosa/cover-aw-phantastische-geschichten-2.jpg
    link: werke/
    alt: Phantastik, Belletristik, Lyrik & mehr
  - pic: images/tr/live-microphone-2.jpg
--- a/content/php/unsubscribe.php
+++ b/content/php/unsubscribe.php
@ -35,16 +35,37 @@ function RemoveSubscriberFromDB($subscriberAddress) {
  return TRUE;
 }

-// check if hash and email parameters are both set
-if ( ! (isset($_GET['c']) and isset($_GET['e'])) ) {
-  GracefulExit($errorURL, "{$err}: Fehlende Emailadresse oder Hash");
+
+// check request method – unsubscribe forms use POST but links use GET 
+$method = $_SERVER['REQUEST_METHOD'];
+
+// check and sanitize email address
+if ( $method == 'GET' ) {
+  if ( ! isset($_GET['e']) ) {
+    GracefulExit($errorURL, "{$err}: Fehlende Emailadresse");
+  } else {
+    $e = filter_var($_GET['e'], FILTER_SANITIZE_STRING);
+  }
+} elseif ( $method == 'POST' ) {
+  if ( ! isset($_POST['e']) ) {
+    GracefulExit($errorURL, "{$err}: Fehlende Emailadresse");
+  } else {
+    $e = filter_var($_POST['e'], FILTER_SANITIZE_STRING);
+  }
+} else {
+  GracefulExit($errorURL, "{$err}: Fehlerhafter HTTP-Request");
 }
  
-// check if hash is correct
-$c = filter_var($_GET['c'], FILTER_SANITIZE_STRING);
-$e = filter_var($_GET['e'], FILTER_SANITIZE_STRING);
-if ( ! GetConfirmationHash($e) === $c ) {
-  GracefulExit($errorURL, "{$err}: Fehlerhafter Hash");
+// check, sanitize and validate hash (only required for GET requests)
+if ($method == 'GET') {
+  if ( ! isset($_GET['c']) ) {
+    GracefulExit($errorURL, "{$err}: Fehlende Emailadresse oder Hash");
+  } else {
+    $c = filter_var($_GET['c'], FILTER_SANITIZE_STRING);
+    if ( ! GetConfirmationHash($e) === $c ) {
+      GracefulExit($errorURL, "{$err}: Fehlerhafter Hash");
+    }
+  }
 }

 // remove email from database
--- a/theme/static/css/custom.css
+++ b/theme/static/css/custom.css
@ -287,16 +287,10 @@ a {
  text-align: center;
 }

-pre {
-  width: 80%;
-  min-width: var(--tr-smallest-width);
-  margin-left: auto;
-  margin-right: auto;
-}
-
 .featured-image {
  text-align: center;
 }
+
 figcaption {
  text-align: center;
  font-size: 0.8em;
--- a/theme/templates/includes/unsubscribe.html
+++ b/theme/templates/includes/unsubscribe.html
@ -2,7 +2,7 @@
  <h2>Newsletter-Abmeldung</h2>
  <p>Komm gerne wieder, irgendwann.</p>
 </hgroup>
-<form class="newsletter-form" method="get" action="{{ SITEURL }}/newsletter/unsubscribe.php">
+<form class="newsletter-form" method="post" action="{{ SITEURL }}/newsletter/unsubscribe.php">
  <input class="newsletter-email" type="email" name="e" placeholder="Emailadresse" autocomplete="email" aria-label="Emailadresse" required/>
  <input class="newsletter-submit" type="submit" value="Abmelden" />
 </form>