From 289031b69195fe216a15068ae83b9685d76c50a3 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Fri, 19 Jan 2024 17:39:28 -0500
Subject: [PATCH] Updated Cron Mail Queuer - Removed HTMLPurify and HTML
 Encoding using HTMLEntities as these are unnessaery and were cuasing extra
 cpu load and possible data corruption and are passed off to PHPMailer which
 handles this by default plus recipient email clients should handle XSS as
 well

---
 cron_mail_queue.php | 40 ++++++++++++++++------------------------
 1 file changed, 16 insertions(+), 24 deletions(-)

diff --git a/cron_mail_queue.php b/cron_mail_queue.php
index cad46435..5f9933cf 100644
--- a/cron_mail_queue.php
+++ b/cron_mail_queue.php
@@ -1,16 +1,8 @@
 <?php
 
 require_once "config.php";
-
 require_once "functions.php";
 
-//Initialize the HTML Purifier to prevent XSS
-require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
-
-$purifier_config = HTMLPurifier_Config::createDefault();
-$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
-$purifier = new HTMLPurifier($purifier_config);
-
 $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
 
 $row = mysqli_fetch_array($sql_settings);
@@ -74,14 +66,14 @@ $sql_queue = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email_status
 if (mysqli_num_rows($sql_queue) > 0) {
     while ($row = mysqli_fetch_array($sql_queue)) {
         $email_id = intval($row['email_id']);
-        $email_from = nullable_htmlentities($row['email_from']);
-        $email_from_name = nullable_htmlentities($row['email_from_name']);
-        $email_recipient = nullable_htmlentities($row['email_recipient']);
-        $email_recipient_name = nullable_htmlentities($row['email_recipient_name']);
-        $email_subject = $purifier->purify($row['email_subject']);
-        $email_content = $purifier->purify($row['email_content']);
-        $email_queued_at = nullable_htmlentities($row['email_queued_at']);
-        $email_sent_at = nullable_htmlentities($row['email_sent_at']);
+        $email_from = $row['email_from'];
+        $email_from_name = $row['email_from_name'];
+        $email_recipient = $row['email_recipient'];
+        $email_recipient_name = $row['email_recipient_name'];
+        $email_subject = $row['email_subject'];
+        $email_content = $row['email_content'];
+        $email_queued_at = $row['email_queued_at'];
+        $email_sent_at = $row['email_sent_at'];
 
         // Sanitized Input
         $email_recipient_logging = sanitizeInput($row['email_recipient']);
@@ -129,14 +121,14 @@ $sql_failed_queue = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email
 if (mysqli_num_rows($sql_failed_queue) > 0) {
     while ($row = mysqli_fetch_array($sql_failed_queue)) {
         $email_id = intval($row['email_id']);
-        $email_from = nullable_htmlentities($row['email_from']);
-        $email_from_name = nullable_htmlentities($row['email_from_name']);
-        $email_recipient = nullable_htmlentities($row['email_recipient']);
-        $email_recipient_name = nullable_htmlentities($row['email_recipient_name']);
-        $email_subject = $purifier->purify($row['email_subject']);
-        $email_content = $purifier->purify($row['email_content']);
-        $email_queued_at = nullable_htmlentities($row['email_queued_at']);
-        $email_sent_at = nullable_htmlentities($row['email_sent_at']);
+        $email_from = $row['email_from'];
+        $email_from_name = $row['email_from_name'];
+        $email_recipient = $row['email_recipient'];
+        $email_recipient_name = $row['email_recipient_name'];
+        $email_subject = $row['email_subject'];
+        $email_content = $row['email_content'];
+        $email_queued_at = $row['email_queued_at'];
+        $email_sent_at = $row['email_sent_at'];
         // Increment the attempts
         $email_attempts = intval($row['email_attempts']) + 1;