Commit 21190336 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Rewrite xmlrpc jump links by regex in all email notifications; remove url from...


Rewrite xmlrpc jump links by regex in all email notifications; remove url from link contents in forum post html email (avoids thunderbird scam warning)
Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 3067fd9b
...@@ -969,27 +969,48 @@ class PluginAuthXmlrpc extends PluginAuth { ...@@ -969,27 +969,48 @@ class PluginAuthXmlrpc extends PluginAuth {
return $values; return $values;
} }
public static function get_jump_link($hostwwwroot, $hostapp, $href) { public static function get_jump_url_prefix($hostwwwroot, $hostapp) {
$jumpurl = $hostwwwroot . '/'; return $hostwwwroot . '/' . ($hostapp == 'moodle' ? 'auth/mnet/jump.php' : 'auth/xmlrpc/jump.php')
$jumpurl .= $hostapp == 'moodle' ? 'auth/mnet/jump.php' : 'auth/xmlrpc/jump.php'; . '?hostwwwroot=' . substr(get_config('wwwroot'), 0, -1) . '&wantsurl=';
// Remove trailing slash on wwwroot }
$jumpurl .= '?hostwwwroot=' . substr(get_config('wwwroot'), 0, -1) . '&wantsurl=';
$localpart=''; }
$urlparts = parse_url($href);
if ($urlparts) { /**
if (isset($urlparts['path'])) { * Lifted from Moodle.
$localpart .= $urlparts['path']; *
} * Inline function to modify a url string so that mnet users are requested to
if (isset($urlparts['query'])) { * log in at their mnet identity provider (if they are not already logged in)
$localpart .= '?'.$urlparts['query']; * before ultimately being directed to the original url.
} *
if (isset($urlparts['fragment'])) { * uses global IDPJUMPURL - the url which user should initially be directed to
$localpart .= '#'.$urlparts['fragment']; * @param array $url array with 3 elements
} * 0 - context the url was taken from, possibly just the url, possibly href="url"
* 1 - the destination url
* 2 - the destination url, without the wwwroot part
* @return string the url the remote user should be supplied with.
*/
function localurl_to_jumpurl($url) {
global $IDPJUMPURL;
$localpart='';
$urlparts = parse_url($url[2]);
if ($urlparts) {
if (isset($urlparts['path'])) {
$localpart .= $urlparts['path'];
} }
$href = $jumpurl . urlencode($localpart); if (isset($urlparts['query'])) {
return $href; $localpart .= '?'.$urlparts['query'];
}
if (isset($urlparts['fragment'])) {
$localpart .= '#'.$urlparts['fragment'];
}
}
$indirecturl = $IDPJUMPURL . urlencode($localpart);
//If we matched on more than just a url (ie an html link), return the url to an href format
if ($url[0] != $url[1]) {
$indirecturl = 'href="'.$indirecturl.'"';
} }
return $indirecturl;
} }
?> ?>
...@@ -75,8 +75,8 @@ $string['forumposthtmltemplate'] = "<div style=\"padding: 0.5em 0; border-bottom ...@@ -75,8 +75,8 @@ $string['forumposthtmltemplate'] = "<div style=\"padding: 0.5em 0; border-bottom
<div style=\"margin: 1em 0;\">%s</div> <div style=\"margin: 1em 0;\">%s</div>
<div style=\"font-size: smaller; border-top: 1px solid #999;\"> <div style=\"font-size: smaller; border-top: 1px solid #999;\">
<p>To see and reply to the post online, follow this link:<br><a href=\"%s\">%s</a></p> <p><a href=\"%s\">Reply to this post online</a></p>
<p>To unsubscribe from this %s, visit: <a href=\"%s\">%s</a></p> <p><a href=\"%s\">Unsubscribe from this %s</a></p>
</div>"; </div>";
$string['forumposttemplate'] = "%s by %s $string['forumposttemplate'] = "%s by %s
%s %s
......
...@@ -500,9 +500,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin { ...@@ -500,9 +500,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
$posttime = strftime(get_string('strftimedaydatetime'), $post->ctime); $posttime = strftime(get_string('strftimedaydatetime'), $post->ctime);
$htmlbody = $post->body; $htmlbody = $post->body;
$textbody = trim(html2text($post->body)); $textbody = trim(html2text($post->body));
$postlink = get_config('wwwroot') . 'interaction/forum/topic.php?id=' . $post->topicid . '#post' . $this->postid;
$postlink = 'interaction/forum/topic.php?id=' . $post->topicid . '#post' . $this->postid;
$localpostlink = get_config('wwwroot') . $postlink;
foreach ($this->users as &$user) { foreach ($this->users as &$user) {
$lang = (empty($user->lang) || $user->lang == 'default') ? get_config('lang') : $user->lang; $lang = (empty($user->lang) || $user->lang == 'default') ? get_config('lang') : $user->lang;
...@@ -517,23 +515,12 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin { ...@@ -517,23 +515,12 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
$unsubscribeid = $post->{$type . 'id'}; $unsubscribeid = $post->{$type . 'id'};
$unsubscribelink = get_config('wwwroot') . 'interaction/forum/unsubscribe.php?' . $type . '=' . $unsubscribeid . '&key=' . $subscribers[$user->id]->key; $unsubscribelink = get_config('wwwroot') . 'interaction/forum/unsubscribe.php?' . $type . '=' . $unsubscribeid . '&key=' . $subscribers[$user->id]->key;
if ($user->mnethostwwwroot) {
if (!isset($mnetpostlink)) {
require_once(get_config('docroot') . 'auth/xmlrpc/lib.php');
}
$userpostlink = $mnetpostlink = PluginAuthXmlrpc::get_jump_link($user->mnethostwwwroot, $user->mnethostapp, $postlink);
}
else {
$userpostlink = $localpostlink;
}
$user->message = get_string_from_language($lang, 'forumposttemplate', 'interaction.forum', $user->message = get_string_from_language($lang, 'forumposttemplate', 'interaction.forum',
$post->subject ? $post->subject : get_string_from_language($lang, 're', 'interaction.forum', $post->topicsubject), $post->subject ? $post->subject : get_string_from_language($lang, 're', 'interaction.forum', $post->topicsubject),
display_name($post->poster, $user), display_name($post->poster, $user),
$posttime, $posttime,
$textbody, $textbody,
$userpostlink, $postlink,
$type, $type,
$unsubscribelink $unsubscribelink
); );
...@@ -542,9 +529,9 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin { ...@@ -542,9 +529,9 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
display_name($post->poster, $user), display_name($post->poster, $user),
$posttime, $posttime,
$htmlbody, $htmlbody,
$userpostlink, $userpostlink, $postlink,
$type, $unsubscribelink,
$unsubscribelink, $unsubscribelink $type
); );
} }
} }
......
...@@ -269,6 +269,9 @@ function get_profile_field($userid, $field) { ...@@ -269,6 +269,9 @@ function get_profile_field($userid, $field) {
* @throws EmailException * @throws EmailException
*/ */
function email_user($userto, $userfrom, $subject, $messagetext, $messagehtml='', $customheaders=null) { function email_user($userto, $userfrom, $subject, $messagetext, $messagehtml='', $customheaders=null) {
global $IDPJUMPURL;
static $mnetjumps = array();
if (!get_config('sendemail')) { if (!get_config('sendemail')) {
// You can entirely disable Mahara from sending any e-mail via the // You can entirely disable Mahara from sending any e-mail via the
// 'sendemail' configuration variable // 'sendemail' configuration variable
...@@ -279,6 +282,29 @@ function email_user($userto, $userfrom, $subject, $messagetext, $messagehtml='', ...@@ -279,6 +282,29 @@ function email_user($userto, $userfrom, $subject, $messagetext, $messagehtml='',
throw new InvalidArgumentException("empty user given to email_user"); throw new InvalidArgumentException("empty user given to email_user");
} }
// If the user is a remote xmlrpc user, trawl through the email text for URLs
// to our wwwroot and modify the url to direct the user's browser to login at
// their home site before hitting the link on this site
if (!empty($userto->mnethostwwwroot) && !empty($userto->mnethostapp)) {
require_once(get_config('docroot') . 'auth/xmlrpc/lib.php');
// Form the request url to hit the idp's jump.php
if (isset($mnetjumps[$userto->mnethostwwwroot])) {
$IDPJUMPURL = $mnetjumps[$userto->mnethostwwwroot];
} else {
$mnetjumps[$userto->mnethostwwwroot] = $IDPJUMPURL = PluginAuthXmlrpc::get_jump_url_prefix($userto->mnethostwwwroot, $userto->mnethostapp);
}
$wwwroot = get_config('wwwroot');
$messagetext = preg_replace_callback('%(' . $wwwroot . '([\w_:\?=#&@/;.~-]*))%',
'localurl_to_jumpurl',
$messagetext);
$messagehtml = preg_replace_callback('%href=["\'`](' . $wwwroot . '([\w_:\?=#&@/;.~-]*))["\'`]%',
'localurl_to_jumpurl',
$messagehtml);
}
require_once('phpmailer/class.phpmailer.php'); require_once('phpmailer/class.phpmailer.php');
$mail = new phpmailer(); $mail = new phpmailer();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment