Remove wwwroot from notification urls (bug #849716)

Urls stored in the url field of notification_internal_activity contain
the site's wwwroot.  This leads to broken links when the wwwroot is
changed.  It also dangerously turns what should be local links into
remote ones when for example a production database is copied into a
test Mahara instance.

This patch does three things:
- Removes the wwwroot from urls passed to ActivityType constructors
- Adds the wwwroot back on the url when sending email and emaildigest
  notifications, and when displaying them on the site.
- Removes the wwwroot from the url in all existing rows of
  notification_internal_activity.

Change-Id: I00ae1abc65be79030ed4c572ce951edc43f7a034
Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

htdocs/artefact/comment/lib.php

@@ -652,16 +652,19 @@ class ArtefactTypeComment extends ArtefactType {
         return empty($this->deletedby);
     }
 
-    public function get_view_url($viewid, $showcomment=true) {
+    public function get_view_url($viewid, $showcomment=true, $full=true) {
         if ($artefact = $this->get('onartefact')) {
-            $url = get_config('wwwroot') . 'view/artefact.php?view=' . $viewid . '&artefact=' . $artefact;
+            $url = 'view/artefact.php?view=' . $viewid . '&artefact=' . $artefact;
         }
         else {
-            $url = get_config('wwwroot') . 'view/view.php?id=' . $viewid;
+            $url = 'view/view.php?id=' . $viewid;
         }
         if ($showcomment) {
             $url .= '&showcomment=' . $this->get('id');
         }
+        if ($full) {
+            $url = get_config('wwwroot') . $url;
+        }
         return $url;
     }
 
@@ -744,7 +747,8 @@ function make_public_submit(Pieform $form, $values) {
 
     $comment = new ArtefactTypeComment((int) $values['comment']);
 
-    $url = $comment->get_view_url($view->get('id'));
+    $relativeurl = $comment->get_view_url($view->get('id'), true, false);
+    $url = get_config('wwwroot') . $relativeurl;
 
     $author    = $comment->get('author');
     $owner     = $comment->get('owner');
@@ -802,7 +806,7 @@ function make_public_submit(Pieform $form, $values) {
             ),
         ),
         'users'     => array($userid),
-        'url'       => $url,
+        'url'       => $relativeurl,
     );
     activity_occurred('maharamessage', $data);
     db_commit();
@@ -828,10 +832,10 @@ function delete_comment_submit(Pieform $form, $values) {
 
     $viewid = $view->get('id');
     if ($artefact = $comment->get('onartefact')) {
-        $url = get_config('wwwroot') . 'view/artefact.php?view=' . $viewid . '&artefact=' . $artefact;
+        $url = 'view/artefact.php?view=' . $viewid . '&artefact=' . $artefact;
     }
     else {
-        $url = get_config('wwwroot') . 'view/view.php?id=' . $viewid;
+        $url = 'view/view.php?id=' . $viewid;
     }
 
     db_begin();
@@ -883,7 +887,7 @@ function delete_comment_submit(Pieform $form, $values) {
     db_commit();
 
     $SESSION->add_ok_msg(get_string('commentremoved', 'artefact.comment'));
-    redirect($url);
+    redirect(get_config('wwwroot') . $url);
 }
 
 function add_feedback_form_validate(Pieform $form, $values) {
@@ -955,7 +959,8 @@ function add_feedback_form_submit(Pieform $form, $values) {
 
     $comment->commit();
 
-    $goto = $comment->get_view_url($view->get('id'));
+    $url = $comment->get_view_url($view->get('id'), true, false);
+    $goto = get_config('wwwroot') . $url;
 
     if (isset($data->requestpublic) && $data->requestpublic === 'author' && $data->owner) {
         $arg = $author ? display_name($USER, null, true) : $data->authorname;
@@ -979,7 +984,7 @@ function add_feedback_form_submit(Pieform $form, $values) {
                 ),
             ),
             'users'     => array($data->owner),
-            'url'       => $goto,
+            'url'       => $url,
         );
     }
 
@@ -1094,8 +1099,7 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
                 $userid = $artefactinstance->get('owner');
             }
             if (empty($this->url)) {
-                $this->url = get_config('wwwroot') . 'view/artefact.php?artefact='
-                    . $onartefact . '&view=' . $this->viewid;
+                $this->url = 'view/artefact.php?artefact=' . $onartefact . '&view=' . $this->viewid;
             }
         }
         else { // feedback on view.
@@ -1105,7 +1109,7 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
             }
             $userid = $viewrecord->owner;
             if (empty($this->url)) {
-                $this->url = get_config('wwwroot') . 'view/view.php?id=' . $onview;
+                $this->url = 'view/view.php?id=' . $onview;
             }
         }
         if (empty($userid)) {
@@ -1139,11 +1143,11 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
             // Email
             $this->users[0]->htmlmessage = get_string_from_language(
                 $lang, 'feedbackdeletedhtml', 'artefact.comment',
-                hsc($title), $removedbyline, clean_html($body), $this->url, hsc($title)
+                hsc($title), $removedbyline, clean_html($body), get_config('wwwroot') . $this->url, hsc($title)
             );
             $this->users[0]->emailmessage = get_string_from_language(
                 $lang, 'feedbackdeletedtext', 'artefact.comment',
-                $title, $removedbyline, trim(html2text($body)), $title, $this->url
+                $title, $removedbyline, trim(html2text($body)), $title, get_config('wwwroot') . $this->url
             );
             return;
         }
@@ -1164,11 +1168,11 @@ class ActivityTypeArtefactCommentFeedback extends ActivityTypePlugin {
 
         $this->users[0]->htmlmessage = get_string_from_language(
             $lang, 'feedbacknotificationhtml', 'artefact.comment',
-            hsc($authorname), hsc($title), $posttime, clean_html($body), $this->url
+            hsc($authorname), hsc($title), $posttime, clean_html($body), get_config('wwwroot') . $this->url
         );
         $this->users[0]->emailmessage = get_string_from_language(
             $lang, 'feedbacknotificationtext', 'artefact.comment',
-            $authorname, $title, $posttime, trim(html2text($body)), $this->url
+            $authorname, $title, $posttime, trim(html2text($body)), get_config('wwwroot') . $this->url
         );
     }
 

htdocs/blocktype/inbox/theme/raw/inbox.tpl

@@ -9,12 +9,12 @@
     </td>
     <td>
   {if $i->message}
-      <a href="{if $i->url}{$i->url}{else}{$WWWROOT}account/activity{/if}" class="inbox-showmessage{if !$i->read} unread{/if}">{$i->subject}</a>
+      <a href="{if $i->url}{$WWWROOT}{$i->url}{else}{$WWWROOT}account/activity{/if}" class="inbox-showmessage{if !$i->read} unread{/if}">{$i->subject}</a>
       <div class="inbox-message hidden messagebody messagebody-{$i->type}" id="inbox-message-{$i->id}">{$i->message|safe}
-      {if $i->url}<br><a href="{$i->url}">{if $i->urltext}{$i->urltext} &raquo;{else}{str tag="more..."}{/if}</a>{/if}
+      {if $i->url}<br><a href="{$WWWROOT}{$i->url}">{if $i->urltext}{$i->urltext} &raquo;{else}{str tag="more..."}{/if}</a>{/if}
       </div>
   {elseif $i->url}
-      <a href="{$i->url}">{$i->subject}</a>
+      <a href="{$WWWROOT}{$i->url}">{$i->subject}</a>
   {else}
       {$i->subject}
   {/if}

htdocs/group/requestjoin.php

@@ -100,7 +100,7 @@ function requestjoingroup_submit(Pieform $form, $values) {
             'users'   => array($groupadmin),
             'subject' => get_string_from_language($adminlang, 'grouprequestsubject', 'group'),
             'message' => $message,
-            'url'     => get_config('wwwroot') . 'group/members.php?id=' . $group->id . '&membershiptype=request',
+            'url'     => 'group/members.php?id=' . $group->id . '&membershiptype=request',
             'strings' => (object) array(
                 'urltext' => (object) array(
                     'key'     => 'pendingmembers',

htdocs/group/suggest.php

@@ -102,7 +102,7 @@ function addmembers_submit(Pieform $form, $values) {
                 'args'    => array(display_name($USER), hsc($group->name), get_config('sitename')),
             ),
         ),
-        'url'     => get_config('wwwroot') . 'group/view.php?id=' . GROUP,
+        'url'     => 'group/view.php?id=' . GROUP,
         'urltext' => hsc($group->name),
     ));
 

htdocs/interaction/forum/lib.php

@@ -797,7 +797,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
 
         $post->textbody = trim(html2text($post->body));
         $post->htmlbody = clean_html($post->body);
-        $this->url = get_config('wwwroot') . 'interaction/forum/topic.php?id=' . $post->topicid . '#post' . $this->postid;
+        $this->url = 'interaction/forum/topic.php?id=' . $post->topicid . '#post' . $this->postid;
 
         $this->add_urltext(array(
             'key'     => 'Topic',
@@ -827,7 +827,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
             display_name($post->poster, $user),
             $post->posttime,
             $post->textbody,
-            $this->url,
+            get_config('wwwroot') . $this->url,
             $user->subscribetype,
             $unsubscribelink
         );
@@ -842,7 +842,7 @@ class ActivityTypeInteractionForumNewPost extends ActivityTypePlugin {
             hsc(display_name($post->poster, $user)),
             $post->posttime,
             $post->htmlbody,
-            $this->url,
+            get_config('wwwroot') . $this->url,
             $unsubscribelink,
             $user->subscribetype
         );

htdocs/lib/activity.php

@@ -523,7 +523,7 @@ class ActivityTypeContactus extends ActivityTypeAdmin {
     function __construct($data, $cron=false) { 
         parent::__construct($data, $cron);
         if (!empty($this->fromuser)) {
-            $this->url = get_config('wwwroot') . 'user/view.php?id=' . $this->fromuser;
+            $this->url = 'user/view.php?id=' . $this->fromuser;
         }
         else {
             $this->customheaders = array(
@@ -581,10 +581,10 @@ class ActivityTypeObjectionable extends ActivityTypeAdmin {
         }
 
         if (empty($this->artefact)) {
-            $this->url = $this->view->get_url();
+            $this->url = $this->view->get_url(false);
         }
         else {
-            $this->url = get_config('wwwroot') . 'view/artefact.php?artefact=' . $this->artefact->get('id') . '&view=' . $this->view->get('id');
+            $this->url = 'view/artefact.php?artefact=' . $this->artefact->get('id') . '&view=' . $this->view->get('id');
         }
 
         if (empty($this->strings->subject)) {
@@ -720,12 +720,12 @@ class ActivityTypeInstitutionmessage extends ActivityType {
     public function __construct($data, $cron=false) {
         parent::__construct($data, $cron);
         if ($this->messagetype == 'request') {
-            $this->url = get_config('wwwroot') . 'admin/users/institutionusers.php';
+            $this->url = 'admin/users/institutionusers.php';
             $this->users = activity_get_users($this->get_id(), null, null, null,
                                               array($this->institution->name));
             $this->add_urltext(array('key' => 'institutionmembers', 'section' => 'admin'));
         } else if ($this->messagetype == 'invite') {
-            $this->url = get_config('wwwroot') . 'account/institutions.php';
+            $this->url = 'account/institutions.php';
             $this->users = activity_get_users($this->get_id(), $this->users);
             $this->add_urltext(array('key' => 'institutionmembership', 'section' => 'mahara'));
         }
@@ -789,7 +789,7 @@ class ActivityTypeUsermessage extends ActivityType {
     }
 
     protected function update_url($internalid) {
-        $this->url = get_config('wwwroot') . 'user/sendmessage.php?id=' . $this->userfrom . '&replyto=' . $internalid . '&returnto=inbox';
+        $this->url = 'user/sendmessage.php?id=' . $this->userfrom . '&replyto=' . $internalid . '&returnto=inbox';
         return true;
     }
 
@@ -836,9 +836,10 @@ class ActivityTypeWatchlist extends ActivityType {
                     WHERE (p.activity = ? OR p.activity IS NULL)
                     AND wv.view = ?
                ';
-        $this->users = get_records_sql_array($sql, 
-                                       array(get_config('wwwroot') . 'view/view.php?id=' 
-                                             . $this->view, $this->get_id(), $this->view));
+        $this->users = get_records_sql_array(
+            $sql,
+            array('view/view.php?id=' . $this->view, $this->get_id(), $this->view)
+        );
 
         // Remove the view from the watchlist of users who can no longer see it
         if ($this->users) {
@@ -893,7 +894,7 @@ class ActivityTypeNewview extends ActivityType {
             throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view));
         }
 
-        $this->url = get_config('wwwroot') . 'view/view.php?id=' . $this->view;
+        $this->url = 'view/view.php?id=' . $this->view;
 
         // add users on friendslist or userlist...
         $this->users = activity_get_viewaccess_users($this->view, $this->owner, $this->get_id()); 
@@ -943,7 +944,7 @@ class ActivityTypeViewaccess extends ActivityType {
             }
             throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view));
         }
-        $this->url = get_config('wwwroot') . 'view/view.php?id=' . $this->view;
+        $this->url = 'view/view.php?id=' . $this->view;
         $this->users = array_diff_key(
             activity_get_viewaccess_users($this->view, $this->owner, $this->get_id()),
             $this->oldusers

htdocs/lib/group.php

@@ -928,7 +928,7 @@ function group_invite_user($group, $userid, $userfrom, $role='member', $delay=nu
         'users'   => array($user->id),
         'subject' => get_string_from_language($lang, 'invitetogroupsubject', 'group'),
         'message' => get_string_from_language($lang, 'invitetogroupmessage', 'group', display_name($userfrom, $user), $group->name),
-        'url'     => get_config('wwwroot') . 'group/view.php?id=' . $group->id,
+        'url'     => 'group/view.php?id=' . $group->id,
         'urltext' => $group->name,
     );
     activity_occurred('maharamessage', $activitydata, null, null, $delay);

htdocs/lib/user.php

@@ -1826,7 +1826,7 @@ function addfriend_submit(Pieform $form, $values) {
 
     // notification info
     $n = new StdClass;
-    $n->url = get_config('wwwroot') . 'user/view.php?id=' . $loggedinid;
+    $n->url = 'user/view.php?id=' . $loggedinid;
     $n->users = array($user->id);
     $lang = get_user_language($user->id);
     $displayname = display_name($USER, $user);

htdocs/lib/view.php

@@ -1051,7 +1051,7 @@ class View {
         ArtefactType::update_locked($this->owner);
         db_commit();
         $ownerlang = get_user_language($this->get('owner'));
-        $url = get_config('wwwroot') . 'view/view.php?id=' . $this->get('id');
+        $url = 'view/view.php?id=' . $this->get('id');
         require_once('activity.php');
         activity_occurred('maharamessage', 
             array(
@@ -3605,7 +3605,7 @@ class View {
     /**
      * Makes a URL for a view page
      */
-    public function get_url() {
+    public function get_url($full=true) {
         if ($this->type == 'profile') {
             $url = 'user/view.php?id=' . (int) $this->owner;
         }
@@ -3618,7 +3618,7 @@ class View {
         else {
             $url = 'view/view.php?id=' . (int) $this->id;
         }
-        return get_config('wwwroot') . $url;
+        return $full ? (get_config('wwwroot') . $url) : $url;
     }
 
 

htdocs/notification/email/lib.php

@@ -69,6 +69,11 @@ class PluginNotificationEmail extends PluginNotification {
             $messagebody .= $separator . "\n\n";
 
             $messagebody .= get_string_from_language($lang, 'subject') . ': ' . $data->subject . "\n\n";
+
+            if ($data->url && stripos($data->url, 'http://') !== 0 && stripos($data->url, 'https://') !== 0) {
+                $data->url = get_config('wwwroot') . $data->url;
+            }
+
             if ($data->activityname == 'usermessage') {
                 // Do not include the message body in user messages when they are sent by email
                 // because it encourages people to reply to the email.

htdocs/notification/emaildigest/lib.php

@@ -111,6 +111,9 @@ class PluginNotificationEmaildigest extends PluginNotification {
                     $body .= "\n" . $entry->message;
                 }
                 if (!empty($entry->url)) {
+                    if (stripos($entry->url, 'http://') !== 0 && stripos($entry->url, 'https://') !== 0) {
+                        $entry->url = get_config('wwwroot') . $entry->url;
+                    }
                     $body .= "\n" . $entry->url;
                 }
                 $body .= "\n\n";

htdocs/notification/internal/db/upgrade.php

+<?php
+/**
+ * Mahara: Electronic portfolio, weblog, resume builder and social networking
+ * Copyright (C) 2011 Catalyst IT Ltd and others; see:
+ *                    http://wiki.mahara.org/Contributors
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @package    mahara
+ * @subpackage notification-internal
+ * @author     Richard Mansfield
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
+ *
+ */
+
+defined('INTERNAL') || die();
+
+function xmldb_notification_internal_upgrade($oldversion=0) {
+
+    if ($oldversion < 2011112300) {
+        execute_sql("
+            UPDATE {notification_internal_activity}
+            SET url = REPLACE(url, ?, '')
+            WHERE url IS NOT NULL",
+            array(get_config('wwwroot'))
+        );
+    }
+
+    return true;
+}
+

htdocs/notification/internal/version.php

@@ -28,5 +28,5 @@
 defined('INTERNAL') || die();
 
 $config = new StdClass;
-$config->version = 2009012700;
-$config->release = '1.0.1';
+$config->version = 2011112300;
+$config->release = '1.0.2';

htdocs/theme/raw/templates/account/activity/activitylist.tpl

@@ -7,10 +7,10 @@
   {if $item->message}
       <a href="" onclick="showHideMessage({$item->id}); return false;">{$item->subject}</a>
       <div id="message-{$item->id}" class="hidden">{$item->message|safe}
-      {if $item->url}<br><a href="{$item->url}">{if $item->urltext}{$item->urltext} &raquo;{else}{str tag="more..."}{/if}</a>{/if}
+      {if $item->url}<br><a href="{$WWWROOT}{$item->url}">{if $item->urltext}{$item->urltext} &raquo;{else}{str tag="more..."}{/if}</a>{/if}
       </div>
   {elseif $item->url}
-      <a href="{$item->url}">{$item->subject}</a>
+      <a href="{$WWWROOT}{$item->url}">{$item->subject}</a>
   {else}
       {$item->subject}
   {/if}

htdocs/user/denyrequest.php

@@ -79,7 +79,7 @@ function denyrequest_submit(Pieform $form, $values) {
     
     // notification info
     $n = new StdClass;
-    $n->url = get_config('wwwroot') . 'user/view.php?id=' . $loggedinid;
+    $n->url = 'user/view.php?id=' . $loggedinid;
     $n->users = array($user->id);
     $lang = get_user_language($user->id);
     $displayname = display_name($USER, $user);

htdocs/user/removefriend.php

@@ -77,7 +77,7 @@ function removefriend_submit(Pieform $form, $values) {
     
     // notification info
     $n = new StdClass;
-    $n->url = get_config('wwwroot') . 'user/view.php?id=' . $loggedinid;
+    $n->url = 'user/view.php?id=' . $loggedinid;
     $n->users = array($user->id);
     $lang = get_user_language($user->id);
     $displayname = display_name($USER, $user);

htdocs/user/requestfriendship.php

@@ -96,7 +96,7 @@ function requestfriendship_submit(Pieform $form, $values) {
     
     // notification info
     $n = new StdClass;
-    $n->url = get_config('wwwroot') . 'user/view.php?id=' . $loggedinid;
+    $n->url = 'user/view.php?id=' . $loggedinid;
     $n->users = array($user->id);
     $n->fromuser = $loggedinid;
     $lang = get_user_language($user->id);

htdocs/user/view.php

@@ -312,7 +312,7 @@ function addmember_submit(Pieform $form, $values) {
             'users'   => array($userid),
             'subject' => get_string_from_language($lang, 'addedtogroupsubject', 'group'),
             'message' => get_string_from_language($lang, 'addedtogroupmessage', 'group', display_name($USER, $adduser), $ctitle),
-            'url'     => get_config('wwwroot') . 'group/view.php?id=' . $values['group'],
+            'url'     => 'group/view.php?id=' . $values['group'],
             'urltext' => $ctitle,
         ));
         $SESSION->add_ok_msg(get_string('useradded', 'group'));

htdocs/view/submit.php

@@ -96,7 +96,7 @@ function submitview_submit(Pieform $form, $values) {
         'viewowner'     => $USER->get('id'),
         'group'         => $groupid,
         'roles'         => $roles,
-        'url'           => get_config('wwwroot') . 'view/view.php?id=' . $viewid,
+        'url'           => 'view/view.php?id=' . $viewid,
         'strings'       => (object) array(
             'urltext' => (object) array('key' => 'view'),
             'subject' => (object) array(