yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Html encodes the user's name in the invite email. (#18343)

Browse Source
This commit is contained in:
Andy Butland
2025-02-17 12:25:12 +01:00
committed by GitHub
parent 8c2b1ebdc5
commit def7ebd48c
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Umbraco.Web.BackOffice/Controllers/UsersController.cs
View File

@@ -664,10 +664,11 @@ public class UsersController : BackOfficeNotificationsController
var emailSubject = _localizedTextService.Localize("user", "inviteEmailCopySubject",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(to?.Language, _localizedTextService, _globalSettings));
var name = userDisplay is null ? string.Empty : System.Web.HttpUtility.HtmlEncode(userDisplay.Name);
var emailBody = _localizedTextService.Localize("user", "inviteEmailCopyFormat",
// Ensure the culture of the found user is used for the email!
UmbracoUserExtensions.GetUserCulture(to?.Language, _localizedTextService, _globalSettings),
new[] { userDisplay?.Name, from, WebUtility.HtmlEncode(message)!.ReplaceLineEndings("<br/>"), inviteUri.ToString(), senderEmail });
new[] { name, from, WebUtility.HtmlEncode(message)!.ReplaceLineEndings("<br/>"), inviteUri.ToString(), senderEmail });
// This needs to be in the correct mailto format including the name, else
// the name cannot be captured in the email sending notification.