aboutsummaryrefslogtreecommitdiffstats
path: root/mod/message.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-12-05 18:39:07 -0800
committerfriendica <info@friendica.com>2012-12-05 18:39:07 -0800
commit186163a5ce0be821587a2f888234a4cad993adbf (patch)
treee5d959450bd8596d0e31388b412e0d74d7915a23 /mod/message.php
parent270266357d76392660703d290ab159774cfc2081 (diff)
downloadvolse-hubzilla-186163a5ce0be821587a2f888234a4cad993adbf.tar.gz
volse-hubzilla-186163a5ce0be821587a2f888234a4cad993adbf.tar.bz2
volse-hubzilla-186163a5ce0be821587a2f888234a4cad993adbf.zip
check permissions for mail to non-connected people, reject if no permission - but you can try and send mail to any webbie. We probably should check for this before you send the message but perhaps we can find another way to let you know if it's allowed or not without an expensive probe. Like mod_follow, a webbie without an @ is treated as a local address.
Diffstat (limited to 'mod/message.php')
-rw-r--r--mod/message.php63
1 files changed, 59 insertions, 4 deletions
diff --git a/mod/message.php b/mod/message.php
index 9e8a54fed..e3a67b23e 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -2,6 +2,7 @@
require_once('include/acl_selectors.php');
require_once('include/message.php');
+require_once('include/zot.php');
function message_init(&$a) {
$tabs = array();
@@ -45,10 +46,64 @@ function message_post(&$a) {
return;
}
- $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : '');
- $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : '');
- $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
- $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : '');
+ $replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : '');
+ $subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : '');
+ $body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
+ $recipient = ((x($_REQUEST,'messageto')) ? notags(trim($_REQUEST['messageto'])) : '');
+ $rstr = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : '');
+
+ if(! $recipient) {
+ $channel = $a->get_channel();
+
+ $ret = zot_finger($rstr,$channel);
+
+ if(! $ret) {
+ notice( t('Unable to lookup recipient.') . EOL);
+ return;
+ }
+ $j = json_decode($ret['body'],true);
+
+ logger('message_post: lookup: ' . $url . ' ' . print_r($j,true));
+
+ if(! ($j['success'] && $j['guid'])) {
+ notice( t('Unable to communicate with requested channel.'));
+ return;
+ }
+
+ $x = import_xchan($j);
+
+ if(! $x['success']) {
+ notice( t('Cannot verify requested channel.'));
+ return;
+ }
+
+ $recipient = $x['hash'];
+
+ $their_perms = 0;
+
+ $global_perms = get_perms();
+
+ if($j['permissions']['data']) {
+ $permissions = aes_unencapsulate($j['permissions'],$channel['channel_prvkey']);
+ if($permissions)
+ $permissions = json_decode($permissions);
+ logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA);
+ }
+ else
+ $permissions = $j['permissions'];
+
+ foreach($permissions as $k => $v) {
+ if($v) {
+ $their_perms = $their_perms | intval($global_perms[$k][1]);
+ }
+ }
+
+ if(! ($their_perms & PERMS_W_MAIL)) {
+ notice( t('Selected channel has private message restrictions. Send failed.'));
+ return;
+ }
+ }
+
if(feature_enabled(local_user(),'richtext')) {
$body = fix_mce_lf($body);