diff --git a/DNN Platform/DotNetNuke.Web/InternalServices/MessagingServiceController.cs b/DNN Platform/DotNetNuke.Web/InternalServices/MessagingServiceController.cs
index 790d6f6216e..a1ca97129de 100644
--- a/DNN Platform/DotNetNuke.Web/InternalServices/MessagingServiceController.cs
+++ b/DNN Platform/DotNetNuke.Web/InternalServices/MessagingServiceController.cs
@@ -1,7 +1,9 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-// See the LICENSE file in the project root for more information
-
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information
+
+using DotNetNuke.Security;
+
namespace DotNetNuke.Web.InternalServices
{
using System;
@@ -64,7 +66,9 @@ public HttpResponseMessage Create(CreateDTO postData)
users = userIdsList.Select(id => UserController.Instance.GetUser(portalId, id)).Where(user => user != null).ToList();
}
- var message = new Message { Subject = HttpUtility.UrlDecode(postData.Subject), Body = HttpUtility.UrlDecode(postData.Body) };
+ var body = HttpUtility.UrlDecode(postData.Body);
+ body = PortalSecurity.Instance.InputFilter(body, PortalSecurity.FilterFlag.NoMarkup);
+ var message = new Message { Subject = HttpUtility.UrlDecode(postData.Subject), Body = body };
MessagingController.Instance.SendMessage(message, roles, users, fileIdsList);
return this.Request.CreateResponse(HttpStatusCode.OK, new { Result = "success", Value = message.MessageID });
}
diff --git a/DNN Platform/Library/Services/Social/Messaging/Internal/Views/MessageConversationView.cs b/DNN Platform/Library/Services/Social/Messaging/Internal/Views/MessageConversationView.cs
index e3e75e5a75e..0fb6d260812 100644
--- a/DNN Platform/Library/Services/Social/Messaging/Internal/Views/MessageConversationView.cs
+++ b/DNN Platform/Library/Services/Social/Messaging/Internal/Views/MessageConversationView.cs
@@ -155,7 +155,7 @@ public void Fill(IDataReader dr)
this.To = Null.SetNullString(dr["To"]);
this.From = Null.SetNullString(dr["From"]);
this.Subject = Null.SetNullString(dr["Subject"]);
- this.Body = Null.SetNullString(dr["Body"]);
+ this.Body = HtmlUtils.ConvertToHtml(Null.SetNullString(dr["Body"]));
this.ConversationId = Null.SetNullInteger(dr["ConversationID"]);
this.ReplyAllAllowed = Null.SetNullBoolean(dr["ReplyAllAllowed"]);
this.SenderUserID = Convert.ToInt32(dr["SenderUserID"]);
diff --git a/DNN Platform/Library/Services/Social/Messaging/Scheduler/CoreMessagingScheduler.cs b/DNN Platform/Library/Services/Social/Messaging/Scheduler/CoreMessagingScheduler.cs
index d9c84c45516..daca6eab6d5 100644
--- a/DNN Platform/Library/Services/Social/Messaging/Scheduler/CoreMessagingScheduler.cs
+++ b/DNN Platform/Library/Services/Social/Messaging/Scheduler/CoreMessagingScheduler.cs
@@ -1,4 +1,4 @@
-// Licensed to the .NET Foundation under one or more agreements.
+// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information
@@ -126,6 +126,7 @@ private static string GetEmailBody(string template, string messageBody, PortalSe
template = template.Replace("[PORTALNAME]", portalSettings.PortalName);
template = template.Replace("[LOGOURL]", GetPortalLogoUrl(portalSettings));
template = template.Replace("[UNSUBSCRIBEURL]", GetSubscriptionsUrl(portalSettings, recipientUser.UserID));
+ template = template.Replace("[YEAR]", DateTime.Now.Year.ToString());
template = ResolveUrl(portalSettings, template);
return template;
@@ -144,7 +145,7 @@ private static string GetEmailItemContent(PortalSettings portalSettings, Message
var emailItemContent = itemTemplate;
emailItemContent = emailItemContent.Replace("[TITLE]", messageDetails.Subject);
- emailItemContent = emailItemContent.Replace("[CONTENT]", messageDetails.Body);
+ emailItemContent = emailItemContent.Replace("[CONTENT]", HtmlUtils.ConvertToHtml(messageDetails.Body));
emailItemContent = emailItemContent.Replace("[PROFILEPICURL]", GetProfilePicUrl(portalSettings, authorId));
emailItemContent = emailItemContent.Replace("[PROFILEURL]", GetProfileUrl(portalSettings, authorId));
emailItemContent = emailItemContent.Replace("[DISPLAYNAME]", GetDisplayName(portalSettings, authorId));
diff --git a/DNN Platform/Modules/CoreMessaging/Services/MessagingServiceController.cs b/DNN Platform/Modules/CoreMessaging/Services/MessagingServiceController.cs
index 9d3ca30ac4a..0d1e8232969 100644
--- a/DNN Platform/Modules/CoreMessaging/Services/MessagingServiceController.cs
+++ b/DNN Platform/Modules/CoreMessaging/Services/MessagingServiceController.cs
@@ -1,7 +1,7 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-// See the LICENSE file in the project root for more information
-
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information
+
namespace DotNetNuke.Modules.CoreMessaging.Services
{
using System;
@@ -11,8 +11,9 @@ namespace DotNetNuke.Modules.CoreMessaging.Services
using System.Net.Http;
using System.Web;
using System.Web.Http;
-
+
using DotNetNuke.Common;
+ using DotNetNuke.Common.Utilities;
using DotNetNuke.Entities.Modules;
using DotNetNuke.Entities.Portals;
using DotNetNuke.Entities.Users;
@@ -117,8 +118,9 @@ public HttpResponseMessage Reply(ReplyDTO postData)
{
try
{
- postData.Body = HttpUtility.UrlDecode(postData.Body);
- var messageId = InternalMessagingController.Instance.ReplyMessage(postData.ConversationId, postData.Body, postData.FileIds);
+ var body = HttpUtility.UrlDecode(postData.Body);
+ body = PortalSecurity.Instance.InputFilter(body, PortalSecurity.FilterFlag.NoMarkup);
+ var messageId = InternalMessagingController.Instance.ReplyMessage(postData.ConversationId, body, postData.FileIds);
var message = this.ToExpandoObject(InternalMessagingController.Instance.GetMessage(messageId));
var portalId = PortalController.GetEffectivePortalId(UserController.Instance.GetCurrentUserInfo().PortalID);
diff --git a/DNN Platform/Modules/CoreMessaging/View.ascx b/DNN Platform/Modules/CoreMessaging/View.ascx
index c55287d5ae9..62d47584ad2 100644
--- a/DNN Platform/Modules/CoreMessaging/View.ascx
+++ b/DNN Platform/Modules/CoreMessaging/View.ascx
@@ -114,7 +114,7 @@
- <%=LocalizeString("From")%>:
<%=LocalizeString("SentTo")%>:
-
+
@@ -176,7 +176,7 @@
-
+
<%=LocalizeString("Attachments")%>:
diff --git a/DNN Platform/Website/App_GlobalResources/GlobalResources.resx b/DNN Platform/Website/App_GlobalResources/GlobalResources.resx
index 587d6e18297..b25fa26de30 100644
--- a/DNN Platform/Website/App_GlobalResources/GlobalResources.resx
+++ b/DNN Platform/Website/App_GlobalResources/GlobalResources.resx
@@ -1,17 +1,17 @@
-
-
-
+
+
@@ -1417,4 +1417,502 @@ Sincerely,
This website uses cookies to ensure you get the best experience on our website.
-
+
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+ <html xmlns="https://www.w3.org/1999/xhtml">
+
+
+ font-size:0.83em;
+
+
+ </table>
+
+
+ <!-- // End Template Sub Header \\ -->
+
+
+ </td>
+
+
+ </tr>
+
+
+ <tr>
+
+
+ <td align="center" valign="top" bgcolor="#ffffff">
+
+
+ <!-- // Begin Template Body \\ -->
+
+
+ <table border="0" cellpadding="0" cellspacing="0" width="600" id="templateBody">
+
+
+ <tr>
+
+
+ <td valign="top" class="bodyContent">
+
+
+ color:#333;
+
+
+ <!-- // Begin Module: Standard Content \\ -->
+
+
+ <table border="0" cellpadding="30" cellspacing="0" width="100%">
+
+
+ <tr>
+
+
+ <td valign="top">
+
+
+ [MESSAGEBODY]
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table>
+
+
+ <!-- // End Module: Standard Content \\ -->
+
+
+ </td>
+
+
+ }
+
+
+ </tr>
+
+
+ </table>
+
+
+ <!-- // End Template Body \\ -->
+
+
+ </td>
+
+
+ </tr>
+
+
+ <tr>
+
+
+ <td align="center" valign="top">
+
+
+ <table border="0" cellpadding="30" cellspacing="0" width="600" id="templateFooter">
+
+
+ <tr>
+
+
+ <td valign="top" class="footerContent">
+
+
+ img{border:0; height:auto; line-height:100%; outline:none; text-decoration:none;}
+
+
+ <table border="0" cellpadding="0" cellspacing="0" width="100%">
+
+
+ <tr>
+
+
+ <td align="center">
+
+
+ <a href="[UNSUBSCRIBEURL]" > Manage your Subscriptions</a> | <a href="[NOTIFICATIONURL]" > View online</a>
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table>
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table>
+
+
+ table td{border-collapse:collapse;}
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table><!-- // End Template Body \\ -->
+
+
+ <!-- // Begin Template footer \\ -->
+
+
+ <table border="0" cellpadding="0" cellspacing="0" id="bodyTemplateFooter" width="600">
+
+
+ <tr>
+
+
+ <td valign="top" class="bodyFooterContent">
+
+
+ <!-- // Begin Module: Standard Preheader \ -->
+
+
+ <table border="0" cellpadding="0" cellspacing="0" align="center" >
+
+
+ <tr>
+
+
+ p{margin: 0 0 1.6em 0;}
+
+
+ <td align="center">
+
+
+ <p>Copyright [YEAR] <a href="[SITEURL]">[PORTALNAME]</a> All rights reserved.</p>
+
+
+ <p>If you wish to no longer receive emails in the future, please <a href="[UNSUBSCRIBEURL]">unsubscribe</a> here.</p>
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table>
+
+
+ <!-- // End Module: Standard Preheader \ -->
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table>
+
+
+ a{color:#417CD3;}
+
+
+ <!-- // End Template footer \\ -->
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table><!-- wrapper table -->
+
+
+ </body>
+
+
+ </html>
+
+
+ #backgroundTable{height:100% !important; margin:0; padding:0; width:100% !important;}
+
+
+ body{ background-color:#fafafa; }
+
+
+ #templateContainer{
+
+
+ <head>
+
+
+ border: 1px solid #eeeeee;
+
+
+ box-shadow: 0px 0px 3px 0px #eee;
+
+
+ }
+
+
+ /* Pre Header Styles */
+
+
+ .preheaderContent{
+
+
+ padding:15px 0 5px 0;
+
+
+ font-size:0.9em;
+
+
+ color:#999;
+
+
+ }
+
+
+ .headerContent {background-color:#bbb;}
+
+
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+
+
+ .headerContent a{display:block;}
+
+
+ .headerContent img{ margin-bottom:0;}
+
+
+ /* Sub Header Styles */
+
+
+ #templateSubHeader{ color:#ffffff; }
+
+
+ #templateSubHeader td{ padding:5px 20px; }
+
+
+ /* Template Footer Styles */
+
+
+ .footerContent table td{
+
+
+ padding-top:20px;
+
+
+ border-top:1px solid #ddd;
+
+
+ font-size:0.8em;
+
+
+ <style type="text/css">
+
+
+ }
+
+
+ /* Body Template Footer Styles */
+
+
+ #bodyTemplateFooter{
+
+
+ padding:15px 0 5px 0;
+
+
+ font-size:0.9em;
+
+
+ color:#999;
+
+
+ }
+
+
+ </style>
+
+
+ </head>
+
+
+ <body leftmargin="0" marginwidth="0" topmargin="0" marginheight="0" offset="0">
+
+
+ /* Reset Styles */
+
+
+ <table cellpadding="0" cellspacing="0" border="0" width="100%" height="100%" id="backgroundTable">
+
+
+ <tr>
+
+
+ <td align="center" valign="top">
+
+
+ <!-- // Begin Template Preheader \\ -->
+
+
+ <table border="0" cellpadding="0" cellspacing="0" id="templatePreheader" width="600">
+
+
+ <tr align="right">
+
+
+ <td valign="top" class="preheaderContent" style="border-top:5px solid #417CD3;">
+
+
+ <!-- // Begin Module: Standard Preheader \ -->
+
+
+ <table border="0" cellpadding="0" cellspacing="0" >
+
+
+ <tr>
+
+
+ html, body{height:100%;width:100%;}
+
+
+ <td align="right">
+
+
+ <p>Problem viewing email? <a href="[NOTIFICATIONURL]"><span>Click here to view online.</span></a></p>
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table>
+
+
+ <!-- // End Module: Standard Preheader \ -->
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table>
+
+
+ <!-- // End Template Preheader \\ -->
+
+
+ body{
+
+
+ <!-- // Begin Template body \\ -->
+
+
+ <table border="0" cellpadding="0" cellspacing="0" width="600" id="templateContainer" style="border:1px solid #eeeeee; " >
+
+
+ <tr >
+
+
+ <td align="center" valign="top">
+
+
+ <!-- // Begin Template Header \\ -->
+
+
+ <table border="0" cellpadding="30" cellspacing="0" width="600" id="templateHeader">
+
+
+ <tr>
+
+
+ <td class="headerContent">
+
+
+ <a href="[SITEURL]">
+
+
+ <!--<img src="[LOGOURL]" style="max-width:600px;" id="headerImage campaign-icon" />-->
+
+
+ margin:0; padding:0;
+
+
+ <img src="[LOGOURL]" style="max-width:600px;" id="headerImage campaign-icon" width="200" />
+
+
+ </a>
+
+
+ </td>
+
+
+ </tr>
+
+
+ </table>
+
+
+ <!-- // End Template Header \\ -->
+
+
+ </td>
+
+
+ </tr>
+
+
+ <tr >
+
+
+ <td align="center" valign="top">
+
+
+ font-family:sans-serif;
+
+
+ <!-- // Begin Template Sub Header \\ -->
+
+
+ <table border="0" cellpadding="0" cellspacing="0" width="600" id="templateSubHeader">
+
+
+ <tr>
+
+
+ <td class="subHeaderContent" bgcolor="#417CD3" width="66%" align="left">
+
+
+ <h2 style="color:#fff; font-weight:100; font-size:24px;">Notifications</h2>
+
+
+ </td><!--close subHeaderContent-->
+
+
+ <td width="33%" bgcolor="#417CD3" align="right">
+
+
+ <p style="color:#fff;"></p>
+
+
+ </td>
+
+
+ </tr>
+
+
\ No newline at end of file