From 58c9f516b3e62a6bc168de35dcff759dae01b5d7 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 9 Aug 2015 01:18:36 -0700 Subject: private mail isues --- include/items.php | 8 ++++---- include/message.php | 6 ++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/include/items.php b/include/items.php index 78c9cb4dd..f4bc2e876 100755 --- a/include/items.php +++ b/include/items.php @@ -1584,12 +1584,10 @@ function get_mail_elements($x) { $arr['mail_obscured'] = 1; if($arr['body']) { $arr['body'] = str_rot47(base64url_encode($arr['body'])); - $arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false); } if($arr['title']) { $arr['title'] = str_rot47(base64url_encode($arr['title'])); - $arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false); } if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); @@ -3453,8 +3451,10 @@ function mail_store($arr) { return 0; } - if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) - $arr['body'] = escape_tags($arr['body']); + if(! $arr['mail_obscured']) { + if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) + $arr['body'] = escape_tags($arr['body']); + } if(array_key_exists('attach',$arr) && is_array($arr['attach'])) $arr['attach'] = json_encode($arr['attach']); diff --git a/include/message.php b/include/message.php index 46f113cf4..5720d2da4 100644 --- a/include/message.php +++ b/include/message.php @@ -170,11 +170,11 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' - $r = q("INSERT INTO mail ( account_id, convid, mail_flags, channel_id, from_xchan, to_xchan, title, body, attach, mid, parent_mid, created, expires ) + $r = q("INSERT INTO mail ( account_id, convid, mail_obscured, channel_id, from_xchan, to_xchan, title, body, attach, mid, parent_mid, created, expires ) VALUES ( %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($channel['channel_account_id']), intval($convid), - intval(MAIL_OBSCURED), + intval(1), intval($channel['channel_id']), dbesc($channel['channel_hash']), dbesc($recipient), @@ -330,6 +330,7 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee } } + if($updateseen) { $r = q("UPDATE `mail` SET mail_seen = 1 where mail_seen = 0 and id = %d AND channel_id = %d", dbesc($messageitem_id), @@ -416,6 +417,7 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda } + if($updateseen) { $r = q("UPDATE `mail` SET mail_seen = 1 where mail_seen = 0 and parent_mid = '%s' AND channel_id = %d", dbesc($r[0]['parent_mid']), -- cgit v1.2.3