Commit 21190336 authored by Richard Mansfield's avatar Richard Mansfield

Rewrite xmlrpc jump links by regex in all email notifications; remove url from...

Rewrite xmlrpc jump links by regex in all email notifications; remove url from link contents in forum post html email (avoids thunderbird scam warning)
Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 3067fd9b
......@@ -969,27 +969,48 @@ class PluginAuthXmlrpc extends PluginAuth {
return $values;
}
public static function get_jump_link($hostwwwroot, $hostapp, $href) {
$jumpurl = $hostwwwroot . '/';
$jumpurl .= $hostapp == 'moodle' ? 'auth/mnet/jump.php' : 'auth/xmlrpc/jump.php';
// Remove trailing slash on wwwroot
$jumpurl .= '?hostwwwroot=' . substr(get_config('wwwroot'), 0, -1) . '&wantsurl=';
$localpart='';
$urlparts = parse_url($href);
if ($urlparts) {
if (isset($urlparts['path'])) {
$localpart .= $urlparts['path'];
}
if (isset($urlparts['query'])) {
$localpart .= '?'.$urlparts['query'];
}
if (isset($urlparts['fragment'])) {
$localpart .= '#'.$urlparts['fragment'];
}
public static function get_jump_url_prefix($hostwwwroot, $hostapp) {
return $hostwwwroot . '/' . ($hostapp == 'moodle' ? 'auth/mnet/jump.php' : 'auth/xmlrpc/jump.php')
. '?hostwwwroot=' . substr(get_config('wwwroot'), 0, -1) . '&wantsurl=';
}
}
/**
* Lifted from Moodle.
*
* Inline function to modify a url string so that mnet users are requested to
* log in at their mnet identity provider (if they are not already logged in)
* before ultimately being directed to the original url.
*
* uses global IDPJUMPURL - the url which user should initially be directed to
* @param array $url array with 3 elements
* 0 - context the url was taken from, possibly just the url, possibly href="url"
* 1 - the destination url
* 2 - the destination url, without the wwwroot part
* @return string the url the remote user should be supplied with.
*/
function localurl_to_jumpurl($url) {
global $IDPJUMPURL;
$localpart='';
$urlparts = parse_url($url[2]);
if ($urlparts) {
if (isset($urlparts['path'])) {
$localpart .= $urlparts['path'];
}
$href = $jumpurl . urlencode($localpart);
return $href;
if (isset($urlparts['query'])) {
$localpart .= '?'.$urlparts['query'];
}
if (isset($urlparts['fragment'])) {
$localpart .= '#'.$urlparts['fragment'];
}
}
$indirecturl = $IDPJUMPURL . urlencode($localpart);
//If we matched on more than just a url (ie an html link), return the url to an href format
if ($url[0] != $url[1]) {
$indirecturl = 'href="'.$indirecturl.'"';
}
return $indirecturl;
}
?>
......@@ -75,8 +75,8 @@ $string['forumposthtmltemplate'] = "<div style=\"padding: 0.5em 0; border-bottom
<div style=\"margin: 1em 0;\">%s</div>
<div style=\"font-size: smaller; border-top: 1px solid #999;\">
<p>To see and reply to the post online, follow this link:<br><a href=\"%s\">%s</a></p>
<p>To unsubscribe from this %s, visit: <a href=\"%s\">%s</a></p>
<p><a href=\"%s\">Reply to this post online</a></p>
<p><a href=\"%s\">Unsubscribe from this %s</a></p>
</div>";
$string['forumposttemplate'] = "%s by %s
%s
......
......@@ -500,9 +500,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
$posttime = strftime(get_string('strftimedaydatetime'), $post->ctime);
$htmlbody = $post->body;
$textbody = trim(html2text($post->body));
$postlink = 'interaction/forum/topic.php?id=' . $post->topicid . '#post' . $this->postid;
$localpostlink = get_config('wwwroot') . $postlink;
$postlink = get_config('wwwroot') . 'interaction/forum/topic.php?id=' . $post->topicid . '#post' . $this->postid;
foreach ($this->users as &$user) {
$lang = (empty($user->lang) || $user->lang == 'default') ? get_config('lang') : $user->lang;
......@@ -517,23 +515,12 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
$unsubscribeid = $post->{$type . 'id'};
$unsubscribelink = get_config('wwwroot') . 'interaction/forum/unsubscribe.php?' . $type . '=' . $unsubscribeid . '&key=' . $subscribers[$user->id]->key;
if ($user->mnethostwwwroot) {
if (!isset($mnetpostlink)) {
require_once(get_config('docroot') . 'auth/xmlrpc/lib.php');
}
$userpostlink = $mnetpostlink = PluginAuthXmlrpc::get_jump_link($user->mnethostwwwroot, $user->mnethostapp, $postlink);
}
else {
$userpostlink = $localpostlink;
}
$user->message = get_string_from_language($lang, 'forumposttemplate', 'interaction.forum',
$post->subject ? $post->subject : get_string_from_language($lang, 're', 'interaction.forum', $post->topicsubject),
display_name($post->poster, $user),
$posttime,
$textbody,
$userpostlink,
$postlink,
$type,
$unsubscribelink
);
......@@ -542,9 +529,9 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
display_name($post->poster, $user),
$posttime,
$htmlbody,
$userpostlink, $userpostlink,
$type,
$unsubscribelink, $unsubscribelink
$postlink,
$unsubscribelink,
$type
);
}
}
......
......@@ -269,6 +269,9 @@ function get_profile_field($userid, $field) {
* @throws EmailException
*/
function email_user($userto, $userfrom, $subject, $messagetext, $messagehtml='', $customheaders=null) {
global $IDPJUMPURL;
static $mnetjumps = array();
if (!get_config('sendemail')) {
// You can entirely disable Mahara from sending any e-mail via the
// 'sendemail' configuration variable
......@@ -279,6 +282,29 @@ function email_user($userto, $userfrom, $subject, $messagetext, $messagehtml='',
throw new InvalidArgumentException("empty user given to email_user");
}
// If the user is a remote xmlrpc user, trawl through the email text for URLs
// to our wwwroot and modify the url to direct the user's browser to login at
// their home site before hitting the link on this site
if (!empty($userto->mnethostwwwroot) && !empty($userto->mnethostapp)) {
require_once(get_config('docroot') . 'auth/xmlrpc/lib.php');
// Form the request url to hit the idp's jump.php
if (isset($mnetjumps[$userto->mnethostwwwroot])) {
$IDPJUMPURL = $mnetjumps[$userto->mnethostwwwroot];
} else {
$mnetjumps[$userto->mnethostwwwroot] = $IDPJUMPURL = PluginAuthXmlrpc::get_jump_url_prefix($userto->mnethostwwwroot, $userto->mnethostapp);
}
$wwwroot = get_config('wwwroot');
$messagetext = preg_replace_callback('%(' . $wwwroot . '([\w_:\?=#&@/;.~-]*))%',
'localurl_to_jumpurl',
$messagetext);
$messagehtml = preg_replace_callback('%href=["\'`](' . $wwwroot . '([\w_:\?=#&@/;.~-]*))["\'`]%',
'localurl_to_jumpurl',
$messagehtml);
}
require_once('phpmailer/class.phpmailer.php');
$mail = new phpmailer();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment