[geeklog-hg] geeklog: Fix bug which allowed users to try to send email to use...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Tue Nov 10 10:14:53 EST 2015
changeset 9648:4c4d6bac76cc
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/4c4d6bac76cc
user: Tom
date: Tue Nov 10 10:14:38 2015 -0500
description:
Fix bug which allowed users to try to send email to users without an email address (OAuth users). Added more indepth checks of the "to" email address and messages to Admin explaining the error (if he is the one sending the email).
diffstat:
language/english.php | 5 ++++-
language/english_utf-8.php | 5 ++++-
language/japanese_utf-8.php | 5 ++++-
public_html/profiles.php | 41 ++++++++++++++++++++++++++++++++++++-----
4 files changed, 48 insertions(+), 8 deletions(-)
diffs (110 lines):
diff -r a5e13f09b8aa -r 4c4d6bac76cc language/english.php
--- a/language/english.php Tue Nov 10 10:09:09 2015 -0500
+++ b/language/english.php Tue Nov 10 10:14:38 2015 -0500
@@ -487,7 +487,10 @@
37 => 'Send me a copy of this email',
38 => "This is a copy of the email that you sent to %s from <{$_CONF['site_url']}>:",
39 => 'Your last message was ',
- 40 => " seconds ago. This site requires at least {$_CONF['speedlimit']} seconds between sending messages"
+ 40 => " seconds ago. This site requires at least {$_CONF['speedlimit']} seconds between sending messages",
+ 41 => "This user doesn't exist.",
+ 42 => "This users email address doesn't exist. This most likely means is is an OAuth user account.",
+ 43 => 'This users email address is invalid.'
);
###############################################################################
diff -r a5e13f09b8aa -r 4c4d6bac76cc language/english_utf-8.php
--- a/language/english_utf-8.php Tue Nov 10 10:09:09 2015 -0500
+++ b/language/english_utf-8.php Tue Nov 10 10:14:38 2015 -0500
@@ -487,7 +487,10 @@
37 => 'Send me a copy of this email',
38 => "This is a copy of the email that you sent to %s from <{$_CONF['site_url']}>:",
39 => 'Your last message was ',
- 40 => " seconds ago. This site requires at least {$_CONF['speedlimit']} seconds between sending messages"
+ 40 => " seconds ago. This site requires at least {$_CONF['speedlimit']} seconds between sending messages",
+ 41 => "This user doesn't exist.",
+ 42 => "This users email address doesn't exist. This most likely means is is an OAuth user account.",
+ 43 => 'This users email address is invalid.'
);
###############################################################################
diff -r a5e13f09b8aa -r 4c4d6bac76cc language/japanese_utf-8.php
--- a/language/japanese_utf-8.php Tue Nov 10 10:09:09 2015 -0500
+++ b/language/japanese_utf-8.php Tue Nov 10 10:14:38 2015 -0500
@@ -495,7 +495,10 @@
37 => 'èªåå®ã«ã³ãã¼ãéä¿¡ãã',
38 => "ããã¯ããªãã<{$_CONF['site_url']}>ãã %s ã¸éä¿¡ããã¡ã¼ã«ã®ã³ãã¼ã§ã:",
39 => 'ããªãã¯ã¡ãã»ã¼ã¸ã ',
- 40 => " ç§åã«éä¿¡ãã¦ãã¾ããå°ãªãã¨ã{$_CONF['speedlimit']}ç§å¾
ã£ã¦ã次ã®ã¡ãã»ã¼ã¸ãéä¿¡ãã¦ãã ããã"
+ 40 => " ç§åã«éä¿¡ãã¦ãã¾ããå°ãªãã¨ã{$_CONF['speedlimit']}ç§å¾
ã£ã¦ã次ã®ã¡ãã»ã¼ã¸ãéä¿¡ãã¦ãã ããã",
+ 41 => "This user doesn't exist.",
+ 42 => "This users email address doesn't exist. This most likely means is is an OAuth user account.",
+ 43 => 'This users email address is invalid.'
);
###############################################################################
diff -r a5e13f09b8aa -r 4c4d6bac76cc public_html/profiles.php
--- a/public_html/profiles.php Tue Nov 10 10:09:09 2015 -0500
+++ b/public_html/profiles.php Tue Nov 10 10:14:38 2015 -0500
@@ -186,17 +186,48 @@
($_CONF['emailuserloginrequired'] == 1))) {
$retval .= SEC_loginRequiredForm();
} else {
- $result = DB_query ("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '$uid'");
- $P = DB_fetchArray ($result);
if (SEC_inGroup ('Root') || SEC_hasRights ('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
+ // Check email address okay and user preference regarding email
+ $continue = false;
+ $msg_no_mail = $LANG08[35];
+
+ $result = DB_query ("SELECT email FROM {$_TABLES['users']} WHERE uid = '$uid'");
+ $nrows = DB_numRows($result);
+
+ if ($nrows == 1) {
+ $P = DB_fetchArray ($result);
+ if (!empty($P['email'])) {
+ if (COM_isEMail($P['email'])) {
+ $continue = true;
+ } elseif ($isAdmin ) {
+ $msg_no_mail = $LANG08[43]; // Email invalid
+ }
+ } elseif ($isAdmin ) {
+ $msg_no_mail = $LANG08[42]; // Email doesn't exist
+ }
+ } elseif ($isAdmin ) {
+ $msg_no_mail = $LANG08[41]; // User doesn't exist
+ }
+
+ // Check if User wants mail from someone
+ if ($continue) {
+ $result = DB_query ("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '$uid'");
+ $P = DB_fetchArray ($result);
+
+ if ($continue && ((($P['emailfromadmin'] == 1) && $isAdmin) || (($P['emailfromuser'] == 1) && !$isAdmin))) {
+ $continue = true;
+ } else {
+ $continue = false;
+ }
+ }
+
$displayname = COM_getDisplayName ($uid);
- if ((($P['emailfromadmin'] == 1) && $isAdmin) ||
- (($P['emailfromuser'] == 1) && !$isAdmin)) {
+ if ($continue) {
if ($cc) {
$cc = ' checked="checked"';
@@ -252,7 +283,7 @@
$retval .= $mail_template->finish($mail_template->get_var('output'));
$retval .= COM_endBlock();
} else {
- $retval = COM_showMessageText($LANG08[35], $LANG08[10] . ' ' . $displayname);
+ $retval = COM_showMessageText($msg_no_mail, $LANG08[10] . ' ' . $displayname);
}
}
More information about the geeklog-cvs
mailing list