private mail is just a little more private now. Not encrypted and the obfuscation is easily reversible, but not casually readable by browsing logfiles or mysql dumps.
This isn't backward compatible - folks will have to upgrade if they can't read their mail.
This commit is contained in:
friendica
parent
ade8174750
commit
b4f4b8cb13
1
boot.php
1
boot.php
@ -270,6 +270,7 @@ define ( 'MAIL_REPLIED', 0x0002);
|
||||
define ( 'MAIL_ISREPLY', 0x0004);
|
||||
define ( 'MAIL_SEEN', 0x0008);
|
||||
define ( 'MAIL_RECALLED', 0x0010);
|
||||
define ( 'MAIL_OBSCURED', 0x0020);
|
||||
|
||||
|
||||
define ( 'ATTACH_FLAG_DIR', 0x0001);
|
||||
|
||||
@ -801,8 +801,13 @@ function encode_mail($item) {
|
||||
$x['from'] = encode_item_xchan($item['from']);
|
||||
$x['to'] = encode_item_xchan($item['to']);
|
||||
|
||||
$x['flags'] = array();
|
||||
|
||||
if($item['mail_flags'] & MAIL_OBSCURED)
|
||||
$x['flags'][] = 'obscured';
|
||||
|
||||
if($item['mail_flags'] & MAIL_RECALLED) {
|
||||
$x['flags'] = 'recalled';
|
||||
$x['flags'][] = 'recalled';
|
||||
$x['title'] = '';
|
||||
$x['body'] = '';
|
||||
}
|
||||
@ -816,7 +821,8 @@ function get_mail_elements($x) {
|
||||
|
||||
$arr = array();
|
||||
|
||||
$arr['body'] = (($x['body']) ? htmlentities($x['body'],ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['body'] = (($x['body']) ? htmlentities($x['body'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['title'] = (($x['title'])? htmlentities($x['title'],ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
$arr['created'] = datetime_convert('UTC','UTC',$x['created']);
|
||||
|
||||
@ -824,7 +830,17 @@ function get_mail_elements($x) {
|
||||
|
||||
if($x['flags'] && is_array($x['flags'])) {
|
||||
if(in_array('recalled',$x['flags'])) {
|
||||
$arr['mail_flags'] &= MAIL_RECALLED;
|
||||
$arr['mail_flags'] |= MAIL_RECALLED;
|
||||
}
|
||||
if(in_array('obscured',$x['flags'])) {
|
||||
|
||||
$arr['mail_flags'] |= MAIL_OBSCURED;
|
||||
$arr['body'] = base64url_decode($arr['body']);
|
||||
$arr['body'] = htmlentities($arr['body'],ENT_COMPAT,'UTF-8',false);
|
||||
$arr['body'] = base64url_encode($arr['body']);
|
||||
$arr['title'] = base64url_decode($arr['title']);
|
||||
$arr['title'] = htmlentities($arr['title'],ENT_COMPAT,'UTF-8',false);
|
||||
$arr['title'] = base64url_encode($arr['title']);
|
||||
}
|
||||
}
|
||||
|
||||
@ -832,7 +848,6 @@ function get_mail_elements($x) {
|
||||
if($arr['created'] > datetime_convert())
|
||||
$arr['created'] = datetime_convert();
|
||||
|
||||
$arr['title'] = (($x['title']) ? htmlentities($x['title'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['mid'] = (($x['message_id']) ? htmlentities($x['message_id'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
$arr['parent_mid'] = (($x['message_parent']) ? htmlentities($x['message_parent'], ENT_COMPAT,'UTF-8',false) : '');
|
||||
|
||||
|
||||
@ -57,14 +57,15 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
|
||||
}
|
||||
|
||||
|
||||
$r = q("INSERT INTO mail ( account_id, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created )
|
||||
VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
|
||||
$r = q("INSERT INTO mail ( account_id, mail_flags, channel_id, from_xchan, to_xchan, title, body, mid, parent_mid, created )
|
||||
VALUES ( %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
|
||||
intval($channel['channel_account_id']),
|
||||
intval(MAIL_OBSCURED),
|
||||
intval($channel['channel_id']),
|
||||
dbesc($channel['channel_hash']),
|
||||
dbesc($recipient),
|
||||
dbesc($subject),
|
||||
dbesc($body),
|
||||
dbesc(base64url_encode($subject)),
|
||||
dbesc(base64url_encode($body)),
|
||||
dbesc($mid),
|
||||
dbesc($replyto),
|
||||
dbesc(datetime_convert())
|
||||
@ -169,6 +170,12 @@ function private_messages_list($uid, $mailbox = '', $start = 0, $numitems = 0) {
|
||||
$r[$k]['from'] = find_xchan_in_array($rr['from_xchan'],$c);
|
||||
$r[$k]['to'] = find_xchan_in_array($rr['to_xchan'],$c);
|
||||
$r[$k]['seen'] = (($rr['mail_flags'] & MAIL_SEEN) ? 1 : 0);
|
||||
if($r[$k]['mail_flags'] & MAIL_OBSCURED) {
|
||||
$r[$k]['title'] = base64url_decode($r[$k]['title']);
|
||||
$r[$k]['body'] = base64url_decode($r[$k]['body']);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
return $r;
|
||||
@ -201,6 +208,10 @@ function private_messages_fetch_message($channel_id, $messageitem_id, $updatesee
|
||||
foreach($messages as $k => $message) {
|
||||
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
|
||||
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
|
||||
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
|
||||
$messages[$k]['title'] = base64url_decode($messages[$k]['title']);
|
||||
$messages[$k]['body'] = base64url_decode($messages[$k]['body']);
|
||||
}
|
||||
}
|
||||
|
||||
if($updateseen) {
|
||||
@ -282,6 +293,11 @@ function private_messages_fetch_conversation($channel_id, $messageitem_id, $upda
|
||||
foreach($messages as $k => $message) {
|
||||
$messages[$k]['from'] = find_xchan_in_array($message['from_xchan'],$c);
|
||||
$messages[$k]['to'] = find_xchan_in_array($message['to_xchan'],$c);
|
||||
if($messages[$k]['mail_flags'] & MAIL_OBSCURED) {
|
||||
$messages[$k]['title'] = base64url_decode($messages[$k]['title']);
|
||||
$messages[$k]['body'] = base64url_decode($messages[$k]['body']);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user