Changeset 742

Timestamp:

07/21/2005 08:02:45 PM (3 years ago)

Author:

dmorton

Message:

Trunk - Ticket #42

adding support for emailed quarantine digests which allow a user to view the quarantine contents, and log in and manage messages based off of a tokenized URL.

Fixed silly sql errors, and '==' instead of '='
Added ham cache to digest
Changed order of columns in digest email
Refactored code from ham-cache.php into db.php

Still TODO:

Template touchup.
confirm release/report?

Location:

trunk

Files:

• php/confirm.php (modified) (1 diff)
• php/db.php (modified) (1 diff)
• php/rescue.php (modified) (11 diffs)
• scripts/send-quarantine-digests.pl (modified) (5 diffs)
• templates/digest.tpl (modified) (2 diffs)

trunk/php/confirm.php

@@ -110 +110 @@
     require_once ("./locale/$display_language/reportspam.php");
 
+    if ($HTTP_GET_VARS['manage'] == 'true') {
+        header("Location: welcome.php");
+        exit;
+    }
+
     $cutoff_date = $timestamp;
 

trunk/php/db.php

@@ -1919 +1919 @@
                         delete_mail_reference($user_id, $mail_id);
                     }
+                } else {
+                    trigger_error("rescue attempt failed!");
                 }
             }

trunk/php/rescue.php

@@ -113 +113 @@
     require_once ("./locale/$display_language/quarantine.php");
     require_once ("./locale/$display_language/reportspam.php");
+    require_once ("./locale/$display_language/wblist.php");
 
         $message = "";
@@ -118 +119 @@
       case "ham":  //Ok, this isn't really "releasing", but the logic is the same.
         $reported = 0;
-        $select = "SELECT maia_mail.id " .
+        $select = "SELECT maia_mail.id, maia_mail.sender_email " .
                   "FROM maia_mail, maia_mail_recipients " .
                   "WHERE maia_mail.id = maia_mail_recipients.mail_id " .
@@ -129 +130 @@
         {
             $mail_id = $row["id"];
+            $sender  = $row["sender_email"];
+            if (array_key_exists('wblist', $HTTP_GET_VARS)) {
+              $message .= $lang[add_address_to_wb_list($euid, $sender, "B")];
+              $message .= "<br>";
+            }
             report_spam($euid, $mail_id);
             $reported++;
@@ -140 +146 @@
       case "spam":
         $rescued = 0;
-        $select = "SELECT maia_mail.id " .
+        $select = "SELECT maia_mail.id, maia_mail.sender_email " .
                   "FROM maia_mail, maia_mail_recipients " .
                   "WHERE maia_mail.id = maia_mail_recipients.mail_id " .
@@ -151 +157 @@
         {
             $mail_id = $row["id"];
+            $sender  = $row["sender_email"];
+            if (array_key_exists('wblist', $HTTP_GET_VARS)) {
+              $message .= $lang[add_address_to_wb_list($euid, $sender, "W")];
+              $message .= "<br>";
+            }
             rescue_item($euid, $mail_id);
             $rescued++;
@@ -162 +173 @@
      case "virus":
         $rescued = 0;
-        $select = "SELECT maia_mail.id " .
+        $select = "SELECT maia_mail.id, maia_mail.sender_email " .
                   "FROM maia_mail, maia_mail_recipients " .
                   "WHERE maia_mail.id = maia_mail_recipients.mail_id " .
@@ -172 +183 @@
         {
             $mail_id = $row["id"];
+            $sender  = $row["sender_email"];
+            if (array_key_exists('wblist', $HTTP_GET_VARS)) {
+              $message .= $lang[add_address_to_wb_list($euid, $sender, "W")];
+              $message .= "<br>";
+            }
             rescue_item($euid, $mail_id);
             $rescued++;
@@ -183 +199 @@
      case "bad_attachment":
         $rescued = 0;
-        $select = "SELECT maia_mail.id " .
+        $select = "SELECT maia_mail.id, maia_mail.sender_email " .
                   "FROM maia_mail, maia_mail_recipients " .
                   "WHERE maia_mail.id = maia_mail_recipients.mail_id " .
@@ -193 +209 @@
         {
             $mail_id = $row["id"];
+            $sender  = $row["sender_email"];
+            if (array_key_exists('wblist', $HTTP_GET_VARS)) {
+              $message .= $lang[add_address_to_wb_list($euid, $sender, "W")];
+              $message .= "<br>";
+            }
             rescue_item($euid, $mail_id);
             $rescued++;
@@ -203 +224 @@
      case "bad_header":
         $rescued = 0;
-        $select = "SELECT maia_mail.id " .
+        $select = "SELECT maia_mail.id, maia_mail.sender_email " .
                   "FROM maia_mail, maia_mail_recipients " .
                   "WHERE maia_mail.id = maia_mail_recipients.mail_id " .
@@ -213 +234 @@
         {
             $mail_id = $row["id"];
+            $sender  = $row["sender_email"];
+            if (array_key_exists('wblist', $HTTP_GET_VARS)) {
+              $message .= $lang[add_address_to_wb_list($euid, $sender, "W")];
+              $message .= "<br>";
+            }
             rescue_item($euid, $mail_id);
             $rescued++;

trunk/scripts/send-quarantine-digests.pl

@@ -255 +255 @@
             $rowcount = 0;
             while (@row = $sth->fetchrow_array()) {
-                $token = $1 if $row[0] =~ /^([a-f0-9]{32})$/si; # untaint
+                $token = $1 if $row[0] =~ /^([a-zA-Z0-9]{32})$/si; # untaint
                 $received_date = $1 if $row[1] =~ /^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})$/si; # untaint
                 $score = $1 if $row[2] =~ /^(\d+\.\d+)$/si; # untaint
@@ -291 +291 @@
             $rowcount = 0;
             while (@row = $sth->fetchrow_array()) {
-                $token = $1 if $row[0] =~ /^([a-f0-9]{32})$/si; # untaint
+                $token = $1 if $row[0] =~ /^([a-zA-Z0-9]{32})$/si; # untaint
                 $received_date = $1 if $row[1] =~ /^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})$/si; # untaint
                 $score = $1 if $row[2] =~ /^(\d+\.\d+)$/si; # untaint
@@ -327 +327 @@
             $rowcount = 0;
             while (@row = $sth->fetchrow_array()) {
+                $token = $1 if $row[0] =~ /^([a-zA-Z0-9]{32})$/si; # untaint
                 $received_date = $1 if $row[1] =~ /^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})$/si; # untaint
                 $sender = $1 if $row[2] =~ /^(.+\@.+\..+)$/si; # untaint
@@ -359 +360 @@
             $rowcount = 0;
             while (@row = $sth->fetchrow_array()) {
-                $token = $1 if $row[0] =~ /^([a-f0-9]{32})$/si; # untaint
+                $token = $1 if $row[0] =~ /^([a-zA-Z0-9]{32})$/si; # untaint
                 $received_date = $1 if $row[1] =~ /^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})$/si; # untaint
                 $sender = $1 if $row[2] =~ /^(.+\@.+\..+)$/si; # untaint
@@ -393 +394 @@
             $rowcount = 0;
             while (@row = $sth->fetchrow_array()) {
-                $token = $1 if $row[0] =~ /^([a-f0-9]{32})$/si; # untaint
+                $token = $1 if $row[0] =~ /^([a-zA-Z0-9]{32})$/si; # untaint
                 $received_date = $1 if $row[1] =~ /^(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})$/si; # untaint
                 $sender = $1 if $row[2] =~ /^(.+\@.+\..+)$/si; # untaint

trunk/templates/digest.tpl

@@ -9 +9 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html><body>
+<div align="center">
+<a href="[% baseurl %]/confirm.php?id=[% maia_user_id %]&ts=[% date %]&token=[% confirm_token %]&manage=true">[Log in]</a> to manage your Maia account</a>
+</div>
 [% FOREACH l IN list %] 
 [% FOREACH l.value %]
@@ -29 +32 @@
 <tr>
 <td bgcolor="#ffffff" align="center">
-<a href="[% baseurl %]/rescue.php?id=[% maia_user_id %]&token=[% token %]&type=[% l.key %]">[% IF l.key == 'ham' %]Report[% ELSE %]Release[% END %]</a></td>
+<a href="[% baseurl %]/rescue.php?id=[% maia_user_id %]&token=[% token %]&type=[% l.key %]">[% IF l.key == 'ham' %]Report[% ELSE %]Release[% END %]</a><br>
+<a href="[% baseurl %]/rescue.php?id=[% maia_user_id %]&token=[% token %]&type=[% l.key %]&wblist=true">[% IF l.key == 'ham' %]Blacklist[% ELSE %]Whitelist[% END %]</a>
+</td>
 <td bgcolor="#ffffff">[% received_date %]</td>
 <td bgcolor="#ffffff">[% sender %]</td>