diff options
| author | friendica <info@friendica.com> | 2013-07-19 02:45:44 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-07-19 02:45:44 -0700 |
| commit | b4f4b8cb13bd9d629cad03477f9219fc613f0a55 (patch) | |
| tree | 0c10646c2177e6bfa725f2497a3e68fec8fe7212 /include/items.php | |
| parent | ade81747503fe64fc3c7f99e0e3ff34b7d6cc3e7 (diff) | |
| download | volse-hubzilla-b4f4b8cb13bd9d629cad03477f9219fc613f0a55.tar.gz volse-hubzilla-b4f4b8cb13bd9d629cad03477f9219fc613f0a55.tar.bz2 volse-hubzilla-b4f4b8cb13bd9d629cad03477f9219fc613f0a55.zip | |
private mail is just a little more private now. Not encrypted and the obfuscation is easily reversible, but not casually readable by browsing logfiles or mysql dumps.
This isn't backward compatible - folks will have to upgrade if they can't read their mail.
Diffstat (limited to 'include/items.php')
| -rwxr-xr-x | include/items.php | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/include/items.php b/include/items.php index b94992815..eb58f9f0a 100755 --- a/include/items.php +++ b/include/items.php @@ -801,8 +801,13 @@ function encode_mail($item) { $x['from'] = encode_item_xchan($item['from']); $x['to'] = encode_item_xchan($item['to']); + $x['flags'] = array(); + + if($item['mail_flags'] & MAIL_OBSCURED) + $x['flags'][] = 'obscured'; + if($item['mail_flags'] & MAIL_RECALLED) { - $x['flags'] = 'recalled'; + $x['flags'][] = 'recalled'; $x['title'] = ''; $x['body'] = ''; } @@ -816,7 +821,8 @@ function get_mail_elements($x) { $arr = array(); - $arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : ''); + $arr['body'] = (($x['body']) ? htmlentities($x['body'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['title'] = (($x['title'])? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : ''); $arr['created'] = datetime_convert('UTC','UTC',$x['created']); @@ -824,7 +830,17 @@ function get_mail_elements($x) { if($x['flags'] && is_array($x['flags'])) { if(in_array('recalled',$x['flags'])) { - $arr['mail_flags'] &= MAIL_RECALLED; + $arr['mail_flags'] |= MAIL_RECALLED; + } + if(in_array('obscured',$x['flags'])) { + + $arr['mail_flags'] |= MAIL_OBSCURED; + $arr['body'] = base64url_decode($arr['body']); + $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false); + $arr['body'] = base64url_encode($arr['body']); + $arr['title'] = base64url_decode($arr['title']); + $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false); + $arr['title'] = base64url_encode($arr['title']); } } @@ -832,8 +848,7 @@ function get_mail_elements($x) { if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); - $arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : ''); $arr['parent_mid'] = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : ''); |