diff options
| author | friendica <info@friendica.com> | 2013-07-31 02:32:41 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-07-31 02:32:41 -0700 |
| commit | c00c550c58f0125785b194c9413a98e114a7ab98 (patch) | |
| tree | ca889fb3fcadeedc2bff623c9c8f0bf0ce57ee99 | |
| parent | c45ebdf97f2170e575648ebdad2db0c52c2dcb4a (diff) | |
| download | volse-hubzilla-c00c550c58f0125785b194c9413a98e114a7ab98.tar.gz volse-hubzilla-c00c550c58f0125785b194c9413a98e114a7ab98.tar.bz2 volse-hubzilla-c00c550c58f0125785b194c9413a98e114a7ab98.zip | |
better mail obscuring
| -rwxr-xr-x | boot.php | 2 | ||||
| -rw-r--r-- | include/enotify.php | 17 | ||||
| -rwxr-xr-x | include/items.php | 30 | ||||
| -rw-r--r-- | include/message.php | 94 | ||||
| -rw-r--r-- | install/database.sql | 2 | ||||
| -rw-r--r-- | install/update.php | 10 | ||||
| -rw-r--r-- | version.inc | 2 |
7 files changed, 96 insertions, 61 deletions
@@ -43,7 +43,7 @@ require_once('include/taxonomy.php'); define ( 'RED_PLATFORM', 'Red Matrix' ); define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'R'); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1055 ); +define ( 'DB_UPDATE_VERSION', 1056 ); define ( 'EOL', '<br />' . "\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); diff --git a/include/enotify.php b/include/enotify.php index 3b7a643ed..fc8eb6439 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -33,7 +33,7 @@ function notification($params) { push_lang($recip['account_language']); // should probably have a channel language - $banner = t('Red Notification'); + $banner = t('Red Matrix Notification'); $product = RED_PLATFORM; $siteurl = $a->get_baseurl(true); $thanks = t('Thank You,'); @@ -89,7 +89,7 @@ function notification($params) { intval($recip['channel_id']) ); if($p) { - logger('notification comment already notified'); + logger('notification: comment already notified'); pop_lang(); return; } @@ -168,6 +168,19 @@ function notification($params) { } if($params['type'] == NOTIFY_TAGSELF) { + + $p = null; + $p = q("select id from notify where link = '%s' and uid = %d limit 1", + dbesc($params['link']), + intval($recip['channel_id']) + ); + if($p) { + logger('enotify: tag: already notified about this post'); + pop_lang(); + return; + } + + $subject = sprintf( t('[Red:Notify] %s tagged you') , $sender['xchan_name']); $preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename); $epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') , diff --git a/include/items.php b/include/items.php index 38ee5df58..49e3dd3de 100755 --- a/include/items.php +++ b/include/items.php @@ -491,7 +491,6 @@ function title_is_body($title, $body) { function get_item_elements($x) { $arr = array(); - $arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : ''); $arr['created'] = datetime_convert('UTC','UTC',$x['created']); @@ -804,7 +803,13 @@ function encode_mail($item) { $x = array(); $x['type'] = 'mail'; - logger('encode_mail: ' . print_r($item,true)); + if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) { + $key = get_config('system','prvkey'); + if($item['title']) + $item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key); + if($item['body']) + $item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key); + } $x['message_id'] = $item['mid']; $x['message_parent'] = $item['parent_mid']; @@ -816,9 +821,6 @@ function encode_mail($item) { $x['flags'] = array(); - if($item['mail_flags'] & MAIL_OBSCURED) - $x['flags'][] = 'obscured'; - if($item['mail_flags'] & MAIL_RECALLED) { $x['flags'][] = 'recalled'; $x['title'] = ''; @@ -845,18 +847,16 @@ function get_mail_elements($x) { if(in_array('recalled',$x['flags'])) { $arr['mail_flags'] |= MAIL_RECALLED; } - if(in_array('obscured',$x['flags'])) { - - $arr['mail_flags'] |= MAIL_OBSCURED; - $arr['body'] = base64url_decode($arr['body']); - $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false); - $arr['body'] = base64url_encode($arr['body']); - $arr['title'] = base64url_decode($arr['title']); - $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false); - $arr['title'] = base64url_encode($arr['title']); - } } + $key = get_config('system','pubkey'); + $arr['mail_flags'] |= MAIL_OBSCURED; + $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false); + if($arr['body']) + $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false); + if($arr['title']) + $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); diff --git a/include/message.php b/include/message.php index 6c44a54f3..d6294cdba 100644 --- a/include/message.php +++ b/include/message.php @@ -2,6 +2,7 @@ /* Private Message backend API */ +require_once('include/crypto.php'); // send a private message @@ -56,6 +57,28 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' $replyto = $mid; } + /** + * + * When a photo was uploaded into the message using the (profile wall) ajax + * uploader, The permissions are initially set to disallow anybody but the + * owner from seeing it. This is because the permissions may not yet have been + * set for the post. If it's private, the photo permissions should be set + * appropriately. But we didn't know the final permissions on the post until + * now. So now we'll look for links of uploaded messages that are in the + * post and set them to the same permissions as the post itself. + * + */ + + $match = null; + $images = null; + if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) + $images = $match[1]; + + $key = get_config('system','pubkey'); + if($subject) + $subject = json_encode(aes_encapsulate($subject,$key)); + if($body) + $body = json_encode(aes_encapsulate($body,$key)); $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", @@ -64,8 +87,8 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' intval($channel['channel_id']), dbesc($channel['channel_hash']), dbesc($recipient), - dbesc(base64url_encode($subject)), - dbesc(base64url_encode($body)), + dbesc($subject), + dbesc($body), dbesc($mid), dbesc($replyto), dbesc(datetime_convert()) @@ -84,35 +107,18 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' return $ret; } - /** - * - * When a photo was uploaded into the message using the (profile wall) ajax - * uploader, The permissions are initially set to disallow anybody but the - * owner from seeing it. This is because the permissions may not yet have been - * set for the post. If it's private, the photo permissions should be set - * appropriately. But we didn't know the final permissions on the post until - * now. So now we'll look for links of uploaded messages that are in the - * post and set them to the same permissions as the post itself. - * - */ - - $match = null; - - if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) { - $images = $match[1]; - if(count($images)) { - foreach($images as $image) { - if(! stristr($image,$a->get_baseurl() . '/photo/')) - continue; - $image_uri = substr($image,strrpos($image,'/') + 1); - $image_uri = substr($image_uri,0, strpos($image_uri,'-')); - $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'", - dbesc('<' . $recipient . '>'), - dbesc($image_uri), - intval($channel['channel_id']), - dbesc('<' . $channel['channel_hash'] . '>') - ); - } + if(count($images)) { + foreach($images as $image) { + if(! stristr($image,$a->get_baseurl() . '/photo/')) + continue; + $image_uri = substr($image,strrpos($image,'/') + 1); + $image_uri = substr($image_uri,0, strpos($image_uri,'-')); + $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'", + dbesc('<' . $recipient . '>'), + dbesc($image_uri), + intval($channel['channel_id']), + dbesc('<' . $channel['channel_hash'] . '>') + ); } } @@ -171,11 +177,14 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c); $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); if($r[$k]['mail_flags'] & MAIL_OBSCURED) { - $r[$k]['title'] = base64url_decode($r[$k]['title']); - $r[$k]['body'] = base64url_decode($r[$k]['body']); - } - + logger('unencrypting'); + $key = get_config('system','prvkey'); + if($r[$k]['title']) + $r[$k]['title'] = aes_unencapsulate(json_decode($r[$k]['title'],true),$key); + if($r[$k]['body']) + $r[$k]['body'] = aes_unencapsulate(json_decode($r[$k]['body'],true),$key); + } } return $r; @@ -209,8 +218,11 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { - $messages[$k]['title'] = base64url_decode($messages[$k]['title']); - $messages[$k]['body'] = base64url_decode($messages[$k]['body']); + $key = get_config('system','prvkey'); + if($messages[$k]['title']) + $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key); + if($messages[$k]['body']) + $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key); } } @@ -294,10 +306,12 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { - $messages[$k]['title'] = base64url_decode($messages[$k]['title']); - $messages[$k]['body'] = base64url_decode($messages[$k]['body']); + $key = get_config('system','prvkey'); + if($messages[$k]['title']) + $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key); + if($messages[$k]['body']) + $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key); } - } diff --git a/install/database.sql b/install/database.sql index 29ee19a2d..dee9734fc 100644 --- a/install/database.sql +++ b/install/database.sql @@ -524,7 +524,7 @@ CREATE TABLE IF NOT EXISTS `mail` ( `to_xchan` char(255) NOT NULL DEFAULT '', `account_id` int(10) unsigned NOT NULL DEFAULT '0', `channel_id` int(10) unsigned NOT NULL, - `title` char(255) NOT NULL, + `title` text NOT NULL, `body` mediumtext NOT NULL, `mid` char(255) NOT NULL, `parent_mid` char(255) NOT NULL, diff --git a/install/update.php b/install/update.php index 1ea9aa377..f357dbba2 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ <?php -define( 'UPDATE_VERSION' , 1055 ); +define( 'UPDATE_VERSION' , 1056 ); /** * @@ -648,3 +648,11 @@ function update_r1054() { return UPDATE_SUCCESS; return UPDATE_FAILED; } + +function update_r1055() { + $r = q("ALTER TABLE `mail` CHANGE `title` `title` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '' "); + if($r) + return UPDATE_SUCCESS; + return UPDATE_FAILED; +} + diff --git a/version.inc b/version.inc index 83e1d47a6..6a69b86d5 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-07-30.390 +2013-07-31.391 |