aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-07-31 02:32:41 -0700
committerfriendica <info@friendica.com>2013-07-31 02:32:41 -0700
commitc00c550c58f0125785b194c9413a98e114a7ab98 (patch)
treeca889fb3fcadeedc2bff623c9c8f0bf0ce57ee99 /include
parentc45ebdf97f2170e575648ebdad2db0c52c2dcb4a (diff)
downloadvolse-hubzilla-c00c550c58f0125785b194c9413a98e114a7ab98.tar.gz
volse-hubzilla-c00c550c58f0125785b194c9413a98e114a7ab98.tar.bz2
volse-hubzilla-c00c550c58f0125785b194c9413a98e114a7ab98.zip
better mail obscuring
Diffstat (limited to 'include')
-rw-r--r--include/enotify.php17
-rwxr-xr-xinclude/items.php30
-rw-r--r--include/message.php94
3 files changed, 84 insertions, 57 deletions
diff --git a/include/enotify.php b/include/enotify.php
index 3b7a643ed..fc8eb6439 100644
--- a/include/enotify.php
+++ b/include/enotify.php
@@ -33,7 +33,7 @@ function notification($params) {
push_lang($recip['account_language']); // should probably have a channel language
- $banner = t('Red Notification');
+ $banner = t('Red Matrix Notification');
$product = RED_PLATFORM;
$siteurl = $a->get_baseurl(true);
$thanks = t('Thank You,');
@@ -89,7 +89,7 @@ function notification($params) {
intval($recip['channel_id'])
);
if($p) {
- logger('notification comment already notified');
+ logger('notification: comment already notified');
pop_lang();
return;
}
@@ -168,6 +168,19 @@ function notification($params) {
}
if($params['type'] == NOTIFY_TAGSELF) {
+
+ $p = null;
+ $p = q("select id from notify where link = '%s' and uid = %d limit 1",
+ dbesc($params['link']),
+ intval($recip['channel_id'])
+ );
+ if($p) {
+ logger('enotify: tag: already notified about this post');
+ pop_lang();
+ return;
+ }
+
+
$subject = sprintf( t('[Red:Notify] %s tagged you') , $sender['xchan_name']);
$preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename);
$epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') ,
diff --git a/include/items.php b/include/items.php
index 38ee5df58..49e3dd3de 100755
--- a/include/items.php
+++ b/include/items.php
@@ -491,7 +491,6 @@ function title_is_body($title, $body) {
function get_item_elements($x) {
$arr = array();
-
$arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : '');
$arr['created'] = datetime_convert('UTC','UTC',$x['created']);
@@ -804,7 +803,13 @@ function encode_mail($item) {
$x = array();
$x['type'] = 'mail';
- logger('encode_mail: ' . print_r($item,true));
+ if(array_key_exists('mail_flags',$item) && ($item['mail_flags'] & MAIL_OBSCURED)) {
+ $key = get_config('system','prvkey');
+ if($item['title'])
+ $item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key);
+ if($item['body'])
+ $item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key);
+ }
$x['message_id'] = $item['mid'];
$x['message_parent'] = $item['parent_mid'];
@@ -816,9 +821,6 @@ function encode_mail($item) {
$x['flags'] = array();
- if($item['mail_flags'] & MAIL_OBSCURED)
- $x['flags'][] = 'obscured';
-
if($item['mail_flags'] & MAIL_RECALLED) {
$x['flags'][] = 'recalled';
$x['title'] = '';
@@ -845,18 +847,16 @@ function get_mail_elements($x) {
if(in_array('recalled',$x['flags'])) {
$arr['mail_flags'] |= MAIL_RECALLED;
}
- if(in_array('obscured',$x['flags'])) {
-
- $arr['mail_flags'] |= MAIL_OBSCURED;
- $arr['body'] = base64url_decode($arr['body']);
- $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
- $arr['body'] = base64url_encode($arr['body']);
- $arr['title'] = base64url_decode($arr['title']);
- $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
- $arr['title'] = base64url_encode($arr['title']);
- }
}
+ $key = get_config('system','pubkey');
+ $arr['mail_flags'] |= MAIL_OBSCURED;
+ $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
+ if($arr['body'])
+ $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
+ $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
+ if($arr['title'])
+ $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
if($arr['created'] > datetime_convert())
$arr['created'] = datetime_convert();
diff --git a/include/message.php b/include/message.php
index 6c44a54f3..d6294cdba 100644
--- a/include/message.php
+++ b/include/message.php
@@ -2,6 +2,7 @@
/* Private Message backend API */
+require_once('include/crypto.php');
// send a private message
@@ -56,6 +57,28 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
$replyto = $mid;
}
+ /**
+ *
+ * When a photo was uploaded into the message using the (profile wall) ajax
+ * uploader, The permissions are initially set to disallow anybody but the
+ * owner from seeing it. This is because the permissions may not yet have been
+ * set for the post. If it's private, the photo permissions should be set
+ * appropriately. But we didn't know the final permissions on the post until
+ * now. So now we'll look for links of uploaded messages that are in the
+ * post and set them to the same permissions as the post itself.
+ *
+ */
+
+ $match = null;
+ $images = null;
+ if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match))
+ $images = $match[1];
+
+ $key = get_config('system','pubkey');
+ if($subject)
+ $subject = json_encode(aes_encapsulate($subject,$key));
+ if($body)
+ $body = json_encode(aes_encapsulate($body,$key));
$r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created )
VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
@@ -64,8 +87,8 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
intval($channel['channel_id']),
dbesc($channel['channel_hash']),
dbesc($recipient),
- dbesc(base64url_encode($subject)),
- dbesc(base64url_encode($body)),
+ dbesc($subject),
+ dbesc($body),
dbesc($mid),
dbesc($replyto),
dbesc(datetime_convert())
@@ -84,35 +107,18 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
return $ret;
}
- /**
- *
- * When a photo was uploaded into the message using the (profile wall) ajax
- * uploader, The permissions are initially set to disallow anybody but the
- * owner from seeing it. This is because the permissions may not yet have been
- * set for the post. If it's private, the photo permissions should be set
- * appropriately. But we didn't know the final permissions on the post until
- * now. So now we'll look for links of uploaded messages that are in the
- * post and set them to the same permissions as the post itself.
- *
- */
-
- $match = null;
-
- if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) {
- $images = $match[1];
- if(count($images)) {
- foreach($images as $image) {
- if(! stristr($image,$a->get_baseurl() . '/photo/'))
- continue;
- $image_uri = substr($image,strrpos($image,'/') + 1);
- $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
- $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'",
- dbesc('<' . $recipient . '>'),
- dbesc($image_uri),
- intval($channel['channel_id']),
- dbesc('<' . $channel['channel_hash'] . '>')
- );
- }
+ if(count($images)) {
+ foreach($images as $image) {
+ if(! stristr($image,$a->get_baseurl() . '/photo/'))
+ continue;
+ $image_uri = substr($image,strrpos($image,'/') + 1);
+ $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
+ $r = q("UPDATE photo SET allow_cid = '%s' WHERE resource_id = '%s' AND uid = %d and allow_cid = '%s'",
+ dbesc('<' . $recipient . '>'),
+ dbesc($image_uri),
+ intval($channel['channel_id']),
+ dbesc('<' . $channel['channel_hash'] . '>')
+ );
}
}
@@ -171,11 +177,14 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
$r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c);
$r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0);
if($r[$k]['mail_flags'] & MAIL_OBSCURED) {
- $r[$k]['title'] = base64url_decode($r[$k]['title']);
- $r[$k]['body'] = base64url_decode($r[$k]['body']);
- }
-
+ logger('unencrypting');
+ $key = get_config('system','prvkey');
+ if($r[$k]['title'])
+ $r[$k]['title'] = aes_unencapsulate(json_decode($r[$k]['title'],true),$key);
+ if($r[$k]['body'])
+ $r[$k]['body'] = aes_unencapsulate(json_decode($r[$k]['body'],true),$key);
+ }
}
return $r;
@@ -209,8 +218,11 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
- $messages[$k]['title'] = base64url_decode($messages[$k]['title']);
- $messages[$k]['body'] = base64url_decode($messages[$k]['body']);
+ $key = get_config('system','prvkey');
+ if($messages[$k]['title'])
+ $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key);
+ if($messages[$k]['body'])
+ $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key);
}
}
@@ -294,10 +306,12 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
- $messages[$k]['title'] = base64url_decode($messages[$k]['title']);
- $messages[$k]['body'] = base64url_decode($messages[$k]['body']);
+ $key = get_config('system','prvkey');
+ if($messages[$k]['title'])
+ $messages[$k]['title'] = aes_unencapsulate(json_decode($messages[$k]['title'],true),$key);
+ if($messages[$k]['body'])
+ $messages[$k]['body'] = aes_unencapsulate(json_decode($messages[$k]['body'],true),$key);
}
-
}