FIX Bad use/detetion of text/html when forging template email.

htdocs/admin/mails.php

@@ -36,24 +36,25 @@ if (!$user->admin) accessforbidden();
 
 $usersignature = $user->signature;
 // For action = test or send, we ensure that content is not html, even for signature, because this we want a test with NO html.
+
 if ($action == 'test' || $action == 'send')
 {
-	$usersignature = dol_string_nohtmltag($usersignature);
+	$usersignature = dol_string_nohtmltag($usersignature, 2);
 }
 
 $substitutionarrayfortest = array(
-'__DOL_MAIN_URL_ROOT__'=>DOL_MAIN_URL_ROOT,
-'__ID__' => 'RecipientIdRecord',
-//'__EMAIL__' => 'RecipientEMail',				// Done into actions_sendmails
-'__CHECK_READ__' => (is_object($object) && is_object($object->thirdparty)) ? '<img src="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-read.php?tag='.$object->thirdparty->tag.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" width="1" height="1" style="width:1px;height:1px" border="0"/>' : '',
-'__USER_SIGNATURE__' => (($user->signature && empty($conf->global->MAIN_MAIL_DO_NOT_USE_SIGN)) ? $usersignature : ''), // Done into actions_sendmails
-'__LOGIN__' => 'RecipientLogin',
-'__LASTNAME__' => 'RecipientLastname',
-'__FIRSTNAME__' => 'RecipientFirstname',
-'__ADDRESS__'=> 'RecipientAddress',
-'__ZIP__'=> 'RecipientZip',
-'__TOWN_'=> 'RecipientTown',
-'__COUNTRY__'=> 'RecipientCountry'
+	'__DOL_MAIN_URL_ROOT__'=>DOL_MAIN_URL_ROOT,
+	'__ID__' => 'RecipientIdRecord',
+	//'__EMAIL__' => 'RecipientEMail',				// Done into actions_sendmails
+	'__CHECK_READ__' => (is_object($object) && is_object($object->thirdparty)) ? '<img src="'.DOL_MAIN_URL_ROOT.'/public/emailing/mailing-read.php?tag='.$object->thirdparty->tag.'&securitykey='.urlencode($conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY).'" width="1" height="1" style="width:1px;height:1px" border="0"/>' : '',
+	'__USER_SIGNATURE__' => (($user->signature && empty($conf->global->MAIN_MAIL_DO_NOT_USE_SIGN)) ? $usersignature : ''), // Done into actions_sendmails
+	'__LOGIN__' => 'RecipientLogin',
+	'__LASTNAME__' => 'RecipientLastname',
+	'__FIRSTNAME__' => 'RecipientFirstname',
+	'__ADDRESS__'=> 'RecipientAddress',
+	'__ZIP__'=> 'RecipientZip',
+	'__TOWN_'=> 'RecipientTown',
+	'__COUNTRY__'=> 'RecipientCountry'
 );
 complete_substitutions_array($substitutionarrayfortest, $langs);
 

htdocs/core/class/doleditor.class.php

@@ -88,7 +88,12 @@ class DolEditor
     	// Define some properties
         if (in_array($this->tool, array('textarea', 'ckeditor', 'ace')))
         {
-    	    $this->content = $content;
+        	if (! dol_textishtml($content) && $this->tool != 'textarea') {	// We force content into HTML if we are using an advanced editor if content is not HTML.
+        		$this->content = dol_nl2br($content);
+        	}
+        	else {
+    	    	$this->content = $content;
+        	}
     	    $this->htmlname 			= $htmlname;
     	    $this->toolbarname = $shorttoolbarname;
     	    $this->toolbarstartexpanded = $toolbarstartexpanded;
@@ -125,11 +130,6 @@ class DolEditor
     	$found = 0;
 		$out = '';
 
-        if ($this->tool == 'fckeditor') // not used anymore
-        {
-			$found = 1;
-            $this->editor->Create();
-        }
         if (in_array($this->tool, array('textarea', 'ckeditor')))
         {
             $found = 1;

htdocs/core/class/html.formmail.class.php

@@ -307,8 +307,8 @@ class FormMail extends Form
 	/**
 	 *	Get the form to input an email
 	 *  this->withfile: 0=No attaches files, 1=Show attached files, 2=Can add new attached files
-	 *  this->withfile
 	 *  this->param:	Contains more parameters like email templates info
+	 *  this->withfckeditor: 1=We use an advanced editor, so we switch content into HTML
 	 *
 	 *	@param	string	$addfileaction		Name of action when posting file attachments
 	 *	@param	string	$removefileaction	Name of action when removing file attachments
@@ -940,7 +940,7 @@ class FormMail extends Form
 					$this->substit['__ONLINE_PAYMENT_URL__'] = '';
 				}
 
-				//Add lines substitution key from each line
+				// Add lines substitution key from each line
 				$lines = '';
 				$defaultlines = $arraydefaultmessage->content_lines;
 				if (isset($defaultlines))
@@ -954,14 +954,30 @@ class FormMail extends Form
 
 				$defaultmessage = str_replace('\n', "\n", $defaultmessage);
 
-				// Deal with format differences between message and signature (text / HTML)
-				if (dol_textishtml($defaultmessage) && !dol_textishtml($this->substit['__USER_SIGNATURE__'])) {
-					$this->substit['__USER_SIGNATURE__'] = dol_nl2br($this->substit['__USER_SIGNATURE__']);
-				} elseif (!dol_textishtml($defaultmessage) && dol_textishtml($this->substit['__USER_SIGNATURE__'])) {
-					$defaultmessage = dol_nl2br($defaultmessage);
+				// Deal with format differences between message and some substitution variables (text / HTML)
+				$atleastonecomponentishtml = 0;
+				if (strpos($defaultmessage, '__USER_SIGNATURE__') !== false && dol_textishtml($this->substit['__USER_SIGNATURE__'])) {
+					$atleastonecomponentishtml++;
+				}
+				if (strpos($defaultmessage, '__ONLINE_PAYMENT_TEXT_AND_URL__') !== false && dol_textishtml($this->substit['__ONLINE_PAYMENT_TEXT_AND_URL__'])) {
+					$atleastonecomponentishtml++;
+				}
+				if (dol_textishtml($defaultmessage)) {
+					$atleastonecomponentishtml++;
+				}
+				if ($atleastonecomponentishtml) {
+					if (! dol_textishtml($this->substit['__USER_SIGNATURE__'])) {
+						$this->substit['__USER_SIGNATURE__'] = dol_nl2br($this->substit['__USER_SIGNATURE__']);
+					}
+					if (! dol_textishtml($this->substit['__ONLINE_PAYMENT_TEXT_AND_URL__'])) {
+						$this->substit['__ONLINE_PAYMENT_TEXT_AND_URL__'] = dol_nl2br($this->substit['__ONLINE_PAYMENT_TEXT_AND_URL__']);
+					}
+					if (! dol_textishtml($defaultmessage)) {
+						$defaultmessage = dol_nl2br($defaultmessage);
+					}
 				}
 
-				if (isset($_POST["message"]) && !$_POST['modelselected']) $defaultmessage = $_POST["message"];
+				if (GETPOSTISSET("message") && !$_POST['modelselected']) $defaultmessage = $_POST["message"];
 				else
 				{
 					$defaultmessage = make_substitutions($defaultmessage, $this->substit);
@@ -969,6 +985,7 @@ class FormMail extends Form
 					$defaultmessage = preg_replace("/^(<br>)+/", "", $defaultmessage);
 					$defaultmessage = preg_replace("/^\n+/", "", $defaultmessage);
 				}
+
 				$out .= '<tr>';
 				$out .= '<td class="tdtop">';
 				$out .= $form->textwithpicto($langs->trans('MailText'), $helpforsubstitution, 1, 'help', '', 0, 2, 'substittooltipfrombody');

htdocs/core/tpl/card_presend.tpl.php

@@ -258,7 +258,6 @@ if ($action == 'presend')
 		}
 	}
 
-	$custcontact = '';
 	$contactarr = array();
 	$contactarr = $tmpobject->liste_contact(-1, 'external');
 

htdocs/langs/en_US/other.lang

@@ -85,8 +85,8 @@ MaxSize=Maximum size
 AttachANewFile=Attach a new file/document
 LinkedObject=Linked object
 NbOfActiveNotifications=Number of notifications (no. of recipient emails)
-PredefinedMailTest=__(Hello)__\nThis is a test mail sent to __EMAIL__.\nThe two lines are separated by a carriage return.\n\n__USER_SIGNATURE__
-PredefinedMailTestHtml=__(Hello)__\nThis is a <b>test</b> mail (the word test must be in bold).<br>The two lines are separated by a carriage return.<br><br>__USER_SIGNATURE__
+PredefinedMailTest=__(Hello)__\nThis is a test mail sent to __EMAIL__.\nThe lines are separated by a carriage return.\n\n__USER_SIGNATURE__
+PredefinedMailTestHtml=__(Hello)__<br>This is a <b>test</b> mail sent to __EMAIL__ (the word test must be in bold).<br>The lines are separated by a carriage return.<br><br>__USER_SIGNATURE__
 PredefinedMailContentContract=__(Hello)__\n\n\n__(Sincerely)__\n\n__USER_SIGNATURE__
 PredefinedMailContentSendInvoice=__(Hello)__\n\nPlease find invoice __REF__ attached \n\n__ONLINE_PAYMENT_TEXT_AND_URL__\n\n__(Sincerely)__\n\n__USER_SIGNATURE__
 PredefinedMailContentSendInvoiceReminder=__(Hello)__\n\nWe would like to remind you that the invoice  __REF__ seems to have not been paid. A copy of the invoice is attached as a reminder.\n\n__ONLINE_PAYMENT_TEXT_AND_URL__\n\n__(Sincerely)__\n\n__USER_SIGNATURE__