private mail isues

This commit is contained in:
redmatrix
2015-08-09 01:18:36 -07:00
parent 8ce4814835
commit 58c9f516b3
2 changed files with 8 additions and 6 deletions

View File

@@ -1584,12 +1584,10 @@ function get_mail_elements($x) {
$arr['mail_obscured'] = 1; $arr['mail_obscured'] = 1;
if($arr['body']) { if($arr['body']) {
$arr['body'] = str_rot47(base64url_encode($arr['body'])); $arr['body'] = str_rot47(base64url_encode($arr['body']));
$arr['body'] = htmlspecialchars($arr['body'],ENT_COMPAT,'UTF-8',false);
} }
if($arr['title']) { if($arr['title']) {
$arr['title'] = str_rot47(base64url_encode($arr['title'])); $arr['title'] = str_rot47(base64url_encode($arr['title']));
$arr['title'] = htmlspecialchars($arr['title'],ENT_COMPAT,'UTF-8',false);
} }
if($arr['created'] > datetime_convert()) if($arr['created'] > datetime_convert())
$arr['created'] = datetime_convert(); $arr['created'] = datetime_convert();
@@ -3453,8 +3451,10 @@ function mail_store($arr) {
return 0; return 0;
} }
if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false)) if(! $arr['mail_obscured']) {
$arr['body'] = escape_tags($arr['body']); if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
$arr['body'] = escape_tags($arr['body']);
}
if(array_key_exists('attach',$arr) && is_array($arr['attach'])) if(array_key_exists('attach',$arr) && is_array($arr['attach']))
$arr['attach'] = json_encode($arr['attach']); $arr['attach'] = json_encode($arr['attach']);

View File

@@ -170,11 +170,11 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
$r = q("INSERT INTO mail ( account_id, convid, mail_flags, channel_id, from_xchan, to_xchan, title, body, attach, mid, parent_mid, created, expires ) $r = q("INSERT INTO mail ( account_id, convid, mail_obscured, channel_id, from_xchan, to_xchan, title, body, attach, mid, parent_mid, created, expires )
VALUES ( %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", VALUES ( %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
intval($channel['channel_account_id']), intval($channel['channel_account_id']),
intval($convid), intval($convid),
intval(MAIL_OBSCURED), intval(1),
intval($channel['channel_id']), intval($channel['channel_id']),
dbesc($channel['channel_hash']), dbesc($channel['channel_hash']),
dbesc($recipient), dbesc($recipient),
@@ -330,6 +330,7 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
} }
} }
if($updateseen) { if($updateseen) {
$r = q("UPDATE `mail` SET mail_seen = 1 where mail_seen = 0 and id = %d AND channel_id = %d", $r = q("UPDATE `mail` SET mail_seen = 1 where mail_seen = 0 and id = %d AND channel_id = %d",
dbesc($messageitem_id), dbesc($messageitem_id),
@@ -416,6 +417,7 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
} }
if($updateseen) { if($updateseen) {
$r = q("UPDATE `mail` SET mail_seen = 1 where mail_seen = 0 and parent_mid = '%s' AND channel_id = %d", $r = q("UPDATE `mail` SET mail_seen = 1 where mail_seen = 0 and parent_mid = '%s' AND channel_id = %d",
dbesc($r[0]['parent_mid']), dbesc($r[0]['parent_mid']),