From b4f4b8cb13bd9d629cad03477f9219fc613f0a55 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 19 Jul 2013 02:45:44 -0700 Subject: private mail is just a little more private now. Not encrypted and the obfuscation is easily reversible, but not casually readable by browsing logfiles or mysql dumps. This isn't backward compatible - folks will have to upgrade if they can't read their mail. --- boot.php | 1 + include/items.php | 25 ++++++++++++++++++++----- include/message.php | 24 ++++++++++++++++++++---- 3 files changed, 41 insertions(+), 9 deletions(-) diff --git a/boot.php b/boot.php index af9fa6cfa..559fc7657 100755 --- a/boot.php +++ b/boot.php @@ -270,6 +270,7 @@ define ( 'MAIL_REPLIED', 0x0002); define ( 'MAIL_ISREPLY', 0x0004); define ( 'MAIL_SEEN', 0x0008); define ( 'MAIL_RECALLED', 0x0010); +define ( 'MAIL_OBSCURED', 0x0020); define ( 'ATTACH_FLAG_DIR', 0x0001); diff --git a/include/items.php b/include/items.php index b94992815..eb58f9f0a 100755 --- a/include/items.php +++ b/include/items.php @@ -801,8 +801,13 @@ function encode_mail($item) { $x['from'] = encode_item_xchan($item['from']); $x['to'] = encode_item_xchan($item['to']); + $x['flags'] = array(); + + if($item['mail_flags'] & MAIL_OBSCURED) + $x['flags'][] = 'obscured'; + if($item['mail_flags'] & MAIL_RECALLED) { - $x['flags'] = 'recalled'; + $x['flags'][] = 'recalled'; $x['title'] = ''; $x['body'] = ''; } @@ -816,7 +821,8 @@ function get_mail_elements($x) { $arr = array(); - $arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : ''); + $arr['body'] = (($x['body']) ? htmlentities($x['body'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['title'] = (($x['title'])? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : ''); $arr['created'] = datetime_convert('UTC','UTC',$x['created']); @@ -824,7 +830,17 @@ function get_mail_elements($x) { if($x['flags'] && is_array($x['flags'])) { if(in_array('recalled',$x['flags'])) { - $arr['mail_flags'] &= MAIL_RECALLED; + $arr['mail_flags'] |= MAIL_RECALLED; + } + if(in_array('obscured',$x['flags'])) { + + $arr['mail_flags'] |= MAIL_OBSCURED; + $arr['body'] = base64url_decode($arr['body']); + $arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false); + $arr['body'] = base64url_encode($arr['body']); + $arr['title'] = base64url_decode($arr['title']); + $arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false); + $arr['title'] = base64url_encode($arr['title']); } } @@ -832,8 +848,7 @@ function get_mail_elements($x) { if($arr['created'] > datetime_convert()) $arr['created'] = datetime_convert(); - $arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : ''); $arr['parent_mid'] = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : ''); diff --git a/include/message.php b/include/message.php index 8b7ed5d03..6c44a54f3 100644 --- a/include/message.php +++ b/include/message.php @@ -57,14 +57,15 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto=' } - $r = q("INSERT INTO mail ( account_id, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) - VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", + $r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created ) + VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($channel['channel_account_id']), + intval(MAIL_OBSCURED), intval($channel['channel_id']), dbesc($channel['channel_hash']), dbesc($recipient), - dbesc($subject), - dbesc($body), + dbesc(base64url_encode($subject)), + dbesc(base64url_encode($body)), dbesc($mid), dbesc($replyto), dbesc(datetime_convert()) @@ -169,6 +170,12 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) { $r[$k]['from'] = find_xchan_in_array($rr['from_xchan'],$c); $r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c); $r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0); + if($r[$k]['mail_flags'] & MAIL_OBSCURED) { + $r[$k]['title'] = base64url_decode($r[$k]['title']); + $r[$k]['body'] = base64url_decode($r[$k]['body']); + } + + } return $r; @@ -201,6 +208,10 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee foreach($messages as $k => $message) { $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); + if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { + $messages[$k]['title'] = base64url_decode($messages[$k]['title']); + $messages[$k]['body'] = base64url_decode($messages[$k]['body']); + } } if($updateseen) { @@ -282,6 +293,11 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda foreach($messages as $k => $message) { $messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c); $messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c); + if($messages[$k]['mail_flags'] & MAIL_OBSCURED) { + $messages[$k]['title'] = base64url_decode($messages[$k]['title']); + $messages[$k]['body'] = base64url_decode($messages[$k]['body']); + } + } -- cgit v1.2.3