From 058d204f412a5cafa19b064da51c0a72ecc2caa7 Mon Sep 17 00:00:00 2001
From: Marcus Schwemer <marcus.schwemer@in2code.de>
Date: Wed, 18 Sep 2024 20:30:29 +0200
Subject: [PATCH] [WIP][BUGFIX] Prevent exception, when invalid mail uid is
 given

Related: in2code-de/powermail#969
---
 Classes/Controller/FormController.php | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/Classes/Controller/FormController.php b/Classes/Controller/FormController.php
index 4d91e4a48..0e48f3ad7 100644
--- a/Classes/Controller/FormController.php
+++ b/Classes/Controller/FormController.php
@@ -37,6 +37,8 @@
 use Throwable;
 use TYPO3\CMS\Core\Configuration\Exception\ExtensionConfigurationExtensionNotConfiguredException;
 use TYPO3\CMS\Core\Configuration\Exception\ExtensionConfigurationPathDoesNotExistException;
+use TYPO3\CMS\Core\Http\PropagateResponseException;
+use TYPO3\CMS\Core\Http\RedirectResponse;
 use TYPO3\CMS\Core\Utility\ArrayUtility;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Extbase\Annotation as ExtbaseAnnotation;
@@ -220,6 +222,7 @@ public function checkCreateAction(Mail $mail): ResponseInterface
      * @throws ExtensionConfigurationPathDoesNotExistException
      * @throws InvalidQueryException
      * @throws NoSuchArgumentException
+     * @throws PropagateResponseException
      */
     public function initializeCreateAction(): void
     {
@@ -234,6 +237,11 @@ public function initializeCreateAction(): void
             throw new PropagateResponseException($response);
         }
 
+        $response = $this->forwardIfMailUidDoesNotExist();
+        if ($response !== null) {
+            throw new PropagateResponseException($response, 1726683851);
+        }
+
         $this->reformatParamsForAction();
         $this->debugVariables();
     }
@@ -594,6 +602,21 @@ protected function forwardIfMailParamEmpty(): ?ForwardResponse
         return null;
     }
 
+    /**
+     * @return RedirectResponse|null
+     * @throws PropagateResponseException
+     */
+    private function forwardIfMailUidDoesNotExist(): ?RedirectResponse
+    {
+        $arguments = $this->request->getArguments();
+        $mail = $this->mailRepository->findByUid($arguments['mail']);
+        if ($mail === null) {
+            $returnUrl = $this->request->getUri()->getPath();
+            return new RedirectResponse($returnUrl, 200);
+        }
+        return null;
+    }
+
     /**
      * Forward to formAction if wrong form in plugin variables given
      *        used in optinConfirmAction()