Commit 4384e747 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Remove wwwroot from notification urls (bug #849716)



Urls stored in the url field of notification_internal_activity contain
the site's wwwroot.  This leads to broken links when the wwwroot is
changed.  It also dangerously turns what should be local links into
remote ones when for example a production database is copied into a
test Mahara instance.

This patch does three things:
- Removes the wwwroot from urls passed to ActivityType constructors
- Adds the wwwroot back on the url when sending email and emaildigest
  notifications, and when displaying them on the site.
- Removes the wwwroot from the url in all existing rows of
  notification_internal_activity.

Change-Id: I00ae1abc65be79030ed4c572ce951edc43f7a034
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent e6144927
......@@ -652,16 +652,19 @@ class ArtefactTypeComment extends ArtefactType {
return empty($this->deletedby);
}
public function get_view_url($viewid, $showcomment=true) {
public function get_view_url($viewid, $showcomment=true, $full=true) {
if ($artefact = $this->get('onartefact')) {
$url = get_config('wwwroot') . 'view/artefact.php?view=' . $viewid . '&artefact=' . $artefact;
$url = 'view/artefact.php?view=' . $viewid . '&artefact=' . $artefact;
}
else {
$url = get_config('wwwroot') . 'view/view.php?id=' . $viewid;
$url = 'view/view.php?id=' . $viewid;
}
if ($showcomment) {
$url .= '&showcomment=' . $this->get('id');
}
if ($full) {
$url = get_config('wwwroot') . $url;
}
return $url;
}
......@@ -744,7 +747,8 @@ function make_public_submit(Pieform $form, $values) {
$comment = new ArtefactTypeComment((int) $values['comment']);
$url = $comment->get_view_url($view->get('id'));
$relativeurl = $comment->get_view_url($view->get('id'), true, false);
$url = get_config('wwwroot') . $relativeurl;
$author = $comment->get('author');
$owner = $comment->get('owner');
......@@ -802,7 +806,7 @@ function make_public_submit(Pieform $form, $values) {
),
),
'users' => array($userid),
'url' => $url,
'url' => $relativeurl,
);
activity_occurred('maharamessage', $data);
db_commit();
......@@ -828,10 +832,10 @@ function delete_comment_submit(Pieform $form, $values) {
$viewid = $view->get('id');
if ($artefact = $comment->get('onartefact')) {
$url = get_config('wwwroot') . 'view/artefact.php?view=' . $viewid . '&artefact=' . $artefact;
$url = 'view/artefact.php?view=' . $viewid . '&artefact=' . $artefact;
}
else {
$url = get_config('wwwroot') . 'view/view.php?id=' . $viewid;
$url = 'view/view.php?id=' . $viewid;
}
db_begin();
......@@ -883,7 +887,7 @@ function delete_comment_submit(Pieform $form, $values) {
db_commit();
$SESSION->add_ok_msg(get_string('commentremoved', 'artefact.comment'));
redirect($url);
redirect(get_config('wwwroot') . $url);
}
function add_feedback_form_validate(Pieform $form, $values) {
......@@ -955,7 +959,8 @@ function add_feedback_form_submit(Pieform $form, $values) {
$comment->commit();
$goto = $comment->get_view_url($view->get('id'));
$url = $comment->get_view_url($view->get('id'), true, false);
$goto = get_config('wwwroot') . $url;
if (isset($data->requestpublic) && $data->requestpublic === 'author' && $data->owner) {
$arg = $author ? display_name($USER, null, true) : $data->authorname;
......@@ -979,7 +984,7 @@ function add_feedback_form_submit(Pieform $form, $values) {
),
),
'users' => array($data->owner),
'url' => $goto,
'url' => $url,
);
}
......@@ -1094,8 +1099,7 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
$userid = $artefactinstance->get('owner');
}
if (empty($this->url)) {
$this->url = get_config('wwwroot') . 'view/artefact.php?artefact='
. $onartefact . '&view=' . $this->viewid;
$this->url = 'view/artefact.php?artefact=' . $onartefact . '&view=' . $this->viewid;
}
}
else { // feedback on view.
......@@ -1105,7 +1109,7 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
}
$userid = $viewrecord->owner;
if (empty($this->url)) {
$this->url = get_config('wwwroot') . 'view/view.php?id=' . $onview;
$this->url = 'view/view.php?id=' . $onview;
}
}
if (empty($userid)) {
......@@ -1139,11 +1143,11 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
// Email
$this->users[0]->htmlmessage = get_string_from_language(
$lang, 'feedbackdeletedhtml', 'artefact.comment',
hsc($title), $removedbyline, clean_html($body), $this->url, hsc($title)
hsc($title), $removedbyline, clean_html($body), get_config('wwwroot') . $this->url, hsc($title)
);
$this->users[0]->emailmessage = get_string_from_language(
$lang, 'feedbackdeletedtext', 'artefact.comment',
$title, $removedbyline, trim(html2text($body)), $title, $this->url
$title, $removedbyline, trim(html2text($body)), $title, get_config('wwwroot') . $this->url
);
return;
}
......@@ -1164,11 +1168,11 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
$this->users[0]->htmlmessage = get_string_from_language(
$lang, 'feedbacknotificationhtml', 'artefact.comment',
hsc($authorname), hsc($title), $posttime, clean_html($body), $this->url
hsc($authorname), hsc($title), $posttime, clean_html($body), get_config('wwwroot') . $this->url
);
$this->users[0]->emailmessage = get_string_from_language(
$lang, 'feedbacknotificationtext', 'artefact.comment',
$authorname, $title, $posttime, trim(html2text($body)), $this->url
$authorname, $title, $posttime, trim(html2text($body)), get_config('wwwroot') . $this->url
);
}
......
......@@ -9,12 +9,12 @@
</td>
<td>
{if $i->message}
<a href="{if $i->url}{$i->url}{else}{$WWWROOT}account/activity{/if}" class="inbox-showmessage{if !$i->read} unread{/if}">{$i->subject}</a>
<a href="{if $i->url}{$WWWROOT}{$i->url}{else}{$WWWROOT}account/activity{/if}" class="inbox-showmessage{if !$i->read} unread{/if}">{$i->subject}</a>
<div class="inbox-message hidden messagebody messagebody-{$i->type}" id="inbox-message-{$i->id}">{$i->message|safe}
{if $i->url}<br><a href="{$i->url}">{if $i->urltext}{$i->urltext} &raquo;{else}{str tag="more..."}{/if}</a>{/if}
{if $i->url}<br><a href="{$WWWROOT}{$i->url}">{if $i->urltext}{$i->urltext} &raquo;{else}{str tag="more..."}{/if}</a>{/if}
</div>
{elseif $i->url}
<a href="{$i->url}">{$i->subject}</a>
<a href="{$WWWROOT}{$i->url}">{$i->subject}</a>
{else}
{$i->subject}
{/if}
......
......@@ -100,7 +100,7 @@ function requestjoingroup_submit(Pieform $form, $values) {
'users' => array($groupadmin),
'subject' => get_string_from_language($adminlang, 'grouprequestsubject', 'group'),
'message' => $message,
'url' => get_config('wwwroot') . 'group/members.php?id=' . $group->id . '&membershiptype=request',
'url' => 'group/members.php?id=' . $group->id . '&membershiptype=request',
'strings' => (object) array(
'urltext' => (object) array(
'key' => 'pendingmembers',
......
......@@ -102,7 +102,7 @@ function addmembers_submit(Pieform $form, $values) {
'args' => array(display_name($USER), hsc($group->name), get_config('sitename')),
),
),
'url' => get_config('wwwroot') . 'group/view.php?id=' . GROUP,
'url' => 'group/view.php?id=' . GROUP,
'urltext' => hsc($group->name),
));
......
......@@ -797,7 +797,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
$post->textbody = trim(html2text($post->body));
$post->htmlbody = clean_html($post->body);
$this->url = get_config('wwwroot') . 'interaction/forum/topic.php?id=' . $post->topicid . '#post' . $this->postid;
$this->url = 'interaction/forum/topic.php?id=' . $post->topicid . '#post' . $this->postid;
$this->add_urltext(array(
'key' => 'Topic',
......@@ -827,7 +827,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
display_name($post->poster, $user),
$post->posttime,
$post->textbody,
$this->url,
get_config('wwwroot') . $this->url,
$user->subscribetype,
$unsubscribelink
);
......@@ -842,7 +842,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
hsc(display_name($post->poster, $user)),
$post->posttime,
$post->htmlbody,
$this->url,
get_config('wwwroot') . $this->url,
$unsubscribelink,
$user->subscribetype
);
......
......@@ -523,7 +523,7 @@ class ActivityTypeContactus extends ActivityTypeAdmin {
function __construct($data, $cron=false) {
parent::__construct($data, $cron);
if (!empty($this->fromuser)) {
$this->url = get_config('wwwroot') . 'user/view.php?id=' . $this->fromuser;
$this->url = 'user/view.php?id=' . $this->fromuser;
}
else {
$this->customheaders = array(
......@@ -581,10 +581,10 @@ class ActivityTypeObjectionable extends ActivityTypeAdmin {
}
if (empty($this->artefact)) {
$this->url = $this->view->get_url();
$this->url = $this->view->get_url(false);
}
else {
$this->url = get_config('wwwroot') . 'view/artefact.php?artefact=' . $this->artefact->get('id') . '&view=' . $this->view->get('id');
$this->url = 'view/artefact.php?artefact=' . $this->artefact->get('id') . '&view=' . $this->view->get('id');
}
if (empty($this->strings->subject)) {
......@@ -720,12 +720,12 @@ class ActivityTypeInstitutionmessage extends ActivityType {
public function __construct($data, $cron=false) {
parent::__construct($data, $cron);
if ($this->messagetype == 'request') {
$this->url = get_config('wwwroot') . 'admin/users/institutionusers.php';
$this->url = 'admin/users/institutionusers.php';
$this->users = activity_get_users($this->get_id(), null, null, null,
array($this->institution->name));
$this->add_urltext(array('key' => 'institutionmembers', 'section' => 'admin'));
} else if ($this->messagetype == 'invite') {
$this->url = get_config('wwwroot') . 'account/institutions.php';
$this->url = 'account/institutions.php';
$this->users = activity_get_users($this->get_id(), $this->users);
$this->add_urltext(array('key' => 'institutionmembership', 'section' => 'mahara'));
}
......@@ -789,7 +789,7 @@ class ActivityTypeUsermessage extends ActivityType {
}
protected function update_url($internalid) {
$this->url = get_config('wwwroot') . 'user/sendmessage.php?id=' . $this->userfrom . '&replyto=' . $internalid . '&returnto=inbox';
$this->url = 'user/sendmessage.php?id=' . $this->userfrom . '&replyto=' . $internalid . '&returnto=inbox';
return true;
}
......@@ -836,9 +836,10 @@ class ActivityTypeWatchlist extends ActivityType {
WHERE (p.activity = ? OR p.activity IS NULL)
AND wv.view = ?
';
$this->users = get_records_sql_array($sql,
array(get_config('wwwroot') . 'view/view.php?id='
. $this->view, $this->get_id(), $this->view));
$this->users = get_records_sql_array(
$sql,
array('view/view.php?id=' . $this->view, $this->get_id(), $this->view)
);
// Remove the view from the watchlist of users who can no longer see it
if ($this->users) {
......@@ -893,7 +894,7 @@ class ActivityTypeNewview extends ActivityType {
throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view));
}
$this->url = get_config('wwwroot') . 'view/view.php?id=' . $this->view;
$this->url = 'view/view.php?id=' . $this->view;
// add users on friendslist or userlist...
$this->users = activity_get_viewaccess_users($this->view, $this->owner, $this->get_id());
......@@ -943,7 +944,7 @@ class ActivityTypeViewaccess extends ActivityType {
}
throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view));
}
$this->url = get_config('wwwroot') . 'view/view.php?id=' . $this->view;
$this->url = 'view/view.php?id=' . $this->view;
$this->users = array_diff_key(
activity_get_viewaccess_users($this->view, $this->owner, $this->get_id()),
$this->oldusers
......
......@@ -928,7 +928,7 @@ function group_invite_user($group, $userid, $userfrom, $role='member', $delay=nu
'users' => array($user->id),
'subject' => get_string_from_language($lang, 'invitetogroupsubject', 'group'),
'message' => get_string_from_language($lang, 'invitetogroupmessage', 'group', display_name($userfrom, $user), $group->name),
'url' => get_config('wwwroot') . 'group/view.php?id=' . $group->id,
'url' => 'group/view.php?id=' . $group->id,
'urltext' => $group->name,
);
activity_occurred('maharamessage', $activitydata, null, null, $delay);
......
......@@ -1826,7 +1826,7 @@ function addfriend_submit(Pieform $form, $values) {
// notification info
$n = new StdClass;
$n->url = get_config('wwwroot') . 'user/view.php?id=' . $loggedinid;
$n->url = 'user/view.php?id=' . $loggedinid;
$n->users = array($user->id);
$lang = get_user_language($user->id);
$displayname = display_name($USER, $user);
......
......@@ -1051,7 +1051,7 @@ class View {
ArtefactType::update_locked($this->owner);
db_commit();
$ownerlang = get_user_language($this->get('owner'));
$url = get_config('wwwroot') . 'view/view.php?id=' . $this->get('id');
$url = 'view/view.php?id=' . $this->get('id');
require_once('activity.php');
activity_occurred('maharamessage',
array(
......@@ -3605,7 +3605,7 @@ class View {
/**
* Makes a URL for a view page
*/
public function get_url() {
public function get_url($full=true) {
if ($this->type == 'profile') {
$url = 'user/view.php?id=' . (int) $this->owner;
}
......@@ -3618,7 +3618,7 @@ class View {
else {
$url = 'view/view.php?id=' . (int) $this->id;
}
return get_config('wwwroot') . $url;
return $full ? (get_config('wwwroot') . $url) : $url;
}
......
......@@ -69,6 +69,11 @@ class PluginNotificationEmail extends PluginNotification {
$messagebody .= $separator . "\n\n";
$messagebody .= get_string_from_language($lang, 'subject') . ': ' . $data->subject . "\n\n";
if ($data->url && stripos($data->url, 'http://') !== 0 && stripos($data->url, 'https://') !== 0) {
$data->url = get_config('wwwroot') . $data->url;
}
if ($data->activityname == 'usermessage') {
// Do not include the message body in user messages when they are sent by email
// because it encourages people to reply to the email.
......
......@@ -111,6 +111,9 @@ class PluginNotificationEmaildigest extends PluginNotification {
$body .= "\n" . $entry->message;
}
if (!empty($entry->url)) {
if (stripos($entry->url, 'http://') !== 0 && stripos($entry->url, 'https://') !== 0) {
$entry->url = get_config('wwwroot') . $entry->url;
}
$body .= "\n" . $entry->url;
}
$body .= "\n\n";
......
<?php
/**
* Mahara: Electronic portfolio, weblog, resume builder and social networking
* Copyright (C) 2011 Catalyst IT Ltd and others; see:
* http://wiki.mahara.org/Contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package mahara
* @subpackage notification-internal
* @author Richard Mansfield
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
*
*/
defined('INTERNAL') || die();
function xmldb_notification_internal_upgrade($oldversion=0) {
if ($oldversion < 2011112300) {
execute_sql("
UPDATE {notification_internal_activity}
SET url = REPLACE(url, ?, '')
WHERE url IS NOT NULL",
array(get_config('wwwroot'))
);
}
return true;
}
......@@ -28,5 +28,5 @@
defined('INTERNAL') || die();
$config = new StdClass;
$config->version = 2009012700;
$config->release = '1.0.1';
$config->version = 2011112300;
$config->release = '1.0.2';
......@@ -7,10 +7,10 @@
{if $item->message}
<a href="" onclick="showHideMessage({$item->id}); return false;">{$item->subject}</a>
<div id="message-{$item->id}" class="hidden">{$item->message|safe}
{if $item->url}<br><a href="{$item->url}">{if $item->urltext}{$item->urltext} &raquo;{else}{str tag="more..."}{/if}</a>{/if}
{if $item->url}<br><a href="{$WWWROOT}{$item->url}">{if $item->urltext}{$item->urltext} &raquo;{else}{str tag="more..."}{/if}</a>{/if}
</div>
{elseif $item->url}
<a href="{$item->url}">{$item->subject}</a>
<a href="{$WWWROOT}{$item->url}">{$item->subject}</a>
{else}
{$item->subject}
{/if}
......
......@@ -79,7 +79,7 @@ function denyrequest_submit(Pieform $form, $values) {
// notification info
$n = new StdClass;
$n->url = get_config('wwwroot') . 'user/view.php?id=' . $loggedinid;
$n->url = 'user/view.php?id=' . $loggedinid;
$n->users = array($user->id);
$lang = get_user_language($user->id);
$displayname = display_name($USER, $user);
......
......@@ -77,7 +77,7 @@ function removefriend_submit(Pieform $form, $values) {
// notification info
$n = new StdClass;
$n->url = get_config('wwwroot') . 'user/view.php?id=' . $loggedinid;
$n->url = 'user/view.php?id=' . $loggedinid;
$n->users = array($user->id);
$lang = get_user_language($user->id);
$displayname = display_name($USER, $user);
......
......@@ -96,7 +96,7 @@ function requestfriendship_submit(Pieform $form, $values) {
// notification info
$n = new StdClass;
$n->url = get_config('wwwroot') . 'user/view.php?id=' . $loggedinid;
$n->url = 'user/view.php?id=' . $loggedinid;
$n->users = array($user->id);
$n->fromuser = $loggedinid;
$lang = get_user_language($user->id);
......
......@@ -312,7 +312,7 @@ function addmember_submit(Pieform $form, $values) {
'users' => array($userid),
'subject' => get_string_from_language($lang, 'addedtogroupsubject', 'group'),
'message' => get_string_from_language($lang, 'addedtogroupmessage', 'group', display_name($USER, $adduser), $ctitle),
'url' => get_config('wwwroot') . 'group/view.php?id=' . $values['group'],
'url' => 'group/view.php?id=' . $values['group'],
'urltext' => $ctitle,
));
$SESSION->add_ok_msg(get_string('useradded', 'group'));
......
......@@ -96,7 +96,7 @@ function submitview_submit(Pieform $form, $values) {
'viewowner' => $USER->get('id'),
'group' => $groupid,
'roles' => $roles,
'url' => get_config('wwwroot') . 'view/view.php?id=' . $viewid,
'url' => 'view/view.php?id=' . $viewid,
'strings' => (object) array(
'urltext' => (object) array('key' => 'view'),
'subject' => (object) array(
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment