From 174d6a2dbb3b2aad17170928cf6e16ce30ee4ac7 Mon Sep 17 00:00:00 2001 From: christer kahasha <62720246+christer77@users.noreply.github.com> Date: Wed, 5 Jun 2024 11:20:15 +0200 Subject: [PATCH] Like Gmail, warn if you are about to reply to a new contact (and perhaps disclose sensitive data) --- modules/contacts/modules.php | 52 ++++++++++++++++++++++++++++++++++++ modules/contacts/setup.php | 9 ++++++- modules/smtp/site.js | 41 ++++++++++++++++++++++++++-- 3 files changed, 99 insertions(+), 3 deletions(-) diff --git a/modules/contacts/modules.php b/modules/contacts/modules.php index bfa5caaa74..74af76e5fe 100644 --- a/modules/contacts/modules.php +++ b/modules/contacts/modules.php @@ -144,6 +144,8 @@ public function process() { } $this->out('contact_page', $page); $this->out('contact_store', $contacts, false); + $this->out('enable_warn_contacts_cc_not_exist_in_list_contact', $this->user_config->get('enable_warn_contacts_cc_not_exist_in_list_contact_setting', false)); + } } @@ -429,6 +431,56 @@ protected function output() { } } +/** + * @subpackage contacts/output + */ +class Hm_Output_load_contact_mails extends Hm_Output_Module { + protected function output() { + if (!$this->get("enable_warn_contacts_cc_not_exist_in_list_contact")) { + return ""; + } + $contact_store = $this->get('contact_store'); + $emails = []; + foreach ($contact_store->dump() as $contact) { + $email = $contact->value('email_address'); + if ($email) { + $emails[] = $email; + } + } + $emails = json_encode($emails); + return ""; + } +} + +/** + * @subpackage contacts/output + */ +class Hm_Output_enable_warn_contacts_cc_not_exist_in_list_contact extends Hm_Output_Module { + protected function output() { + $settings = $this->get('user_settings'); + if (array_key_exists('enable_warn_contacts_cc_not_exist_in_list_contact', $settings) && $settings['enable_warn_contacts_cc_not_exist_in_list_contact']) { + $checked = ' checked="checked"'; + $reset = ''; + } + else { + $checked = ''; + $reset=''; + } + return ''. + ''.$reset.''; + } +} + +class Hm_Handler_process_enable_warn_contacts_cc_not_exist_in_list_contact extends Hm_Handler_Module { + public function process() { + function enable_warn_contacts_cc_not_exist_in_list_contact_callback($val) { return $val; } + process_site_setting('enable_warn_contacts_cc_not_exist_in_list_contact', $this, 'enable_warn_contacts_cc_not_exist_in_list_contact_callback', false, true); + } +} + + /** * @subpackage contacts/functions */ diff --git a/modules/contacts/setup.php b/modules/contacts/setup.php index 0a00bf9f85..352d5450fd 100644 --- a/modules/contacts/setup.php +++ b/modules/contacts/setup.php @@ -47,6 +47,11 @@ add_handler('export_contact', 'process_export_contacts', true, 'contacts', 'load_contacts', 'after'); add_handler('settings', 'process_contact_auto_collect_setting', true, 'contacts', 'date', 'after'); +add_output('compose', 'load_contact_mails', true, 'contacts', 'compose_form_end', 'after'); + +add_handler('settings', 'process_enable_warn_contacts_cc_not_exist_in_list_contact', true, 'contacts', 'save_user_settings', 'before'); +add_output('settings', 'enable_warn_contacts_cc_not_exist_in_list_contact', true, 'contacts', 'start_general_settings', 'after'); + return array( 'allowed_pages' => array( 'contacts', @@ -75,7 +80,9 @@ 'add_contact' => FILTER_SANITIZE_FULL_SPECIAL_CHARS, 'contact_source' => FILTER_SANITIZE_FULL_SPECIAL_CHARS, 'contact_type' => FILTER_SANITIZE_FULL_SPECIAL_CHARS, - 'contact_auto_collect' => FILTER_VALIDATE_BOOLEAN + 'contact_auto_collect' => FILTER_VALIDATE_BOOLEAN, + 'enable_warn_contacts_cc_not_exist_in_list_contact' => FILTER_VALIDATE_INT + ), 'allowed_get' => array( 'contact_id' => FILTER_SANITIZE_FULL_SPECIAL_CHARS, diff --git a/modules/smtp/site.js b/modules/smtp/site.js index e08c0df92b..5a9b6e79f2 100644 --- a/modules/smtp/site.js +++ b/modules/smtp/site.js @@ -419,6 +419,29 @@ var force_send_message = function() { } } +var check_cc_exist_in_contacts_list = function(e) { + var compose_cc = $(".compose_cc").val().trim(); + var list_cc = null; + var list_cc_not_exist_in_my_contact = []; + if (compose_cc.length > 0) { + list_cc = compose_cc.split(","); + var list_html = "
    "; + list_cc.forEach(cc => { + cc = cc.trim().split(" "); + if (! list_emails.includes(cc.slice(-1)[0])) { + list_cc_not_exist_in_my_contact.push(cc.slice(-1)[0]) + list_html += `
  1. ${cc.slice(-1)[0]}
    2. `; + } + }); + list_html += "
"; + + if (list_cc_not_exist_in_my_contact) { + return list_html; + } + } + return ""; +}; + $(function () { if (!hm_is_logged()) { return; @@ -467,6 +490,7 @@ $(function () { let modalContentHeadline = ''; let dontWanValueInStorage = ''; + let showBtnSendAnywayDontWarnFuture = true; // If the subject is empty, we should warn the user if (!subject) { @@ -486,6 +510,17 @@ $(function () { modalContentHeadline = "Your subject and body are empty!"; } + // if contact_cc not exist in contact list for user + var checkInList = ""; + if (list_emails) { + checkInList = check_cc_exist_in_contacts_list(e); + if (checkInList) { + modalContentHeadline = "Adress mail not exist in your contact liste"; + showBtnSendAnywayDontWarnFuture = false; + } + } + + // If the user has disabled the warning, we should send the message if (Boolean(Hm_Utils.get_from_local_storage(dontWanValueInStorage))) { handleSendAnyway(); @@ -508,9 +543,11 @@ $(function () { function showModal() { if (! modal.modalContent.html()) { modal.addFooterBtn(hm_trans('Send anyway'), 'btn-warning', handleSendAnyway); - modal.addFooterBtn(hm_trans("Send anyway and don't warn in the future"), 'btn-warning', handleSendAnywayAndDontWarnMe); + if (showBtnSendAnywayDontWarnFuture) { + modal.addFooterBtn(hm_trans("Send anyway and don't warn in the future"), 'btn-warning', handleSendAnywayAndDontWarnMe); + } } - modal.setContent(modalContentHeadline + `

${hm_trans('Are you sure you want to send this message?')}

`); + modal.setContent(modalContentHeadline + checkInList + `

${hm_trans('Are you sure you want to send this message?')}

`); modal.open(); }