From dc42e16ff1f079ba134fb3486c683a20698195be Mon Sep 17 00:00:00 2001 From: FHenry Date: Mon, 30 Apr 2012 13:49:29 +0200 Subject: [PATCH] Secure URL use to CheckRead and Unsubcribe with security key in configuration screen --- htdocs/admin/mailing.php | 44 ++++++++++++++++--- htdocs/comm/mailing/fiche.php | 4 +- .../modules/mailings/modules_mailings.php | 7 ++- htdocs/langs/en_US/mails.lang | 1 + htdocs/langs/fr_FR/mails.lang | 1 + 5 files changed, 48 insertions(+), 9 deletions(-) diff --git a/htdocs/admin/mailing.php b/htdocs/admin/mailing.php index a0f0f095019..bab078a418c 100644 --- a/htdocs/admin/mailing.php +++ b/htdocs/admin/mailing.php @@ -34,6 +34,8 @@ if (!$user->admin) $action = GETPOST('action','alpha'); + + /* * Actions */ @@ -45,13 +47,36 @@ if ($action == 'setvalue' && $user->admin) $mailfrom = GETPOST('MAILING_EMAIL_FROM','alpha'); $mailerror = GETPOST('MAILING_EMAIL_ERRORSTO','alpha'); $checkread = GETPOST('value','alpha'); + $checkread_key = GETPOST('MAILING_EMAIL_UNSUBSCRIBE_KEY','alpha'); + + $res=dolibarr_set_const($db, "MAILING_EMAIL_FROM",$mailfrom,'chaine',0,'',$conf->entity); if (! $res > 0) $error++; $res=dolibarr_set_const($db, "MAILING_EMAIL_ERRORSTO",$mailerror,'chaine',0,'',$conf->entity); if (! $res > 0) $error++; - //$res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",$checkread,'chaine',0,'',$conf->entity); - //if (! $res > 0) $error++; + if ($checkread=='on') + { + $res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",1,'chaine',0,'',$conf->entity); + if (! $res > 0) $error++; + } + else if ($checkread=='off') + { + $res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",0,'chaine',0,'',$conf->entity); + if (! $res > 0) $error++; + } + + //Create temporary encryption key if nedded + if (($conf->global->MAILING_EMAIL_UNSUBSCRIBE==1) && (empty($checkread_key))) + { + $chars = "abcdef(ghijklmnopqrstuvwxyz;!ABCDEFGH,IJKLMNOPQRSTUVWXYZ01_23456789"; + mt_srand(10000000*(double)microtime()); + for ($i = 0, $str = '', $lc = strlen($chars)-1; $i < 30; $i++) { + $checkread_key .= $chars[mt_rand(0, $lc)]; + } + } + $res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE_KEY",$checkread_key,'chaine',0,'',$conf->entity); + if (! $res > 0) $error++; if (! $error) { @@ -104,24 +129,31 @@ print ''; -/* + $var=!$var; print ''; print $langs->trans("ActivateCheckRead").''; if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE==1) { - print ''; + print ''; print img_picto($langs->trans("Enabled"),'switch_on'); print ''; + $readonly=''; } else { - print ''; + print ''; print img_picto($langs->trans("Disabled"),'switch_off'); print ''; + $readonly='disabled="disabled"'; } print ''; -*/ + +$var=!$var; +print ''; +print $langs->trans("ActivateCheckReadKey").''; +print ''; +print ''; print ''; diff --git a/htdocs/comm/mailing/fiche.php b/htdocs/comm/mailing/fiche.php index bcea8ad2a22..b2f875583f4 100644 --- a/htdocs/comm/mailing/fiche.php +++ b/htdocs/comm/mailing/fiche.php @@ -64,7 +64,7 @@ if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE) $substitutionarray, array( '__CHECK_READ__' => 'CheckMail', - '__UNSUSCRIBE__' => 'Unsuscribe' + '__UNSUSCRIBE__' => 'Unsubscribe' ) ); } @@ -89,7 +89,7 @@ if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE) $substitutionarrayfortest, array( '__CHECK_READ__' => 'TESTCheckMail', - '__UNSUSCRIBE__' => 'TESTCheckMail' + '__UNSUSCRIBE__' => 'TESTUnsubscribe' ) ); } diff --git a/htdocs/core/modules/mailings/modules_mailings.php b/htdocs/core/modules/mailings/modules_mailings.php index 75032bbab9e..53729e812e3 100644 --- a/htdocs/core/modules/mailings/modules_mailings.php +++ b/htdocs/core/modules/mailings/modules_mailings.php @@ -143,6 +143,8 @@ class MailingTargets // This can't be abstract as it is used for some method */ function add_to_target($mailing_id, $cibles) { + global $conf; + $this->db->begin(); // Insert emailing targest from array into database @@ -162,7 +164,10 @@ class MailingTargets // This can't be abstract as it is used for some method $sql .= "'".$this->db->escape($cibles[$i]['other'])."',"; $sql .= "'".$this->db->escape($cibles[$i]['source_url'])."',"; $sql .= "'".$this->db->escape($cibles[$i]['source_id'])."',"; - $sql .= "'".$this->db->escape(md5($cibles[$i]['email'].';'.$cibles[$i]['name'].';'.$mailing_id))."',"; + if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE==1) + { + $sql .= "'".$this->db->escape(md5($cibles[$i]['email'].';'.$cibles[$i]['name'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY))."',"; + } $sql .= "'".$this->db->escape($cibles[$i]['source_type'])."')"; $result=$this->db->query($sql); if ($result) diff --git a/htdocs/langs/en_US/mails.lang b/htdocs/langs/en_US/mails.lang index d5deed6ec64..a252859f964 100644 --- a/htdocs/langs/en_US/mails.lang +++ b/htdocs/langs/en_US/mails.lang @@ -77,6 +77,7 @@ CheckRead=Read Receipt YourMailUnsubcribeOK=The email %s is correctly unsubcribe from mailing list MailtoEMail=Hyper link to email ActivateCheckRead=Activate Read receipt and unsubcribe tag +ActivateCheckReadKey=Key use to encrypt URL use for Read Receipt and unsubcribe function # Libelle des modules de liste de destinataires mailing MailingModuleDescContactCompanies=Contacts of all third parties (customer, prospect, supplier, ...) diff --git a/htdocs/langs/fr_FR/mails.lang b/htdocs/langs/fr_FR/mails.lang index 45b5dd24263..11b0aa4e0e1 100644 --- a/htdocs/langs/fr_FR/mails.lang +++ b/htdocs/langs/fr_FR/mails.lang @@ -77,6 +77,7 @@ CheckRead=Accusé de lecture YourMailUnsubcribeOK=L'adresse e-mail %s est bien désincrite de la liste. MailtoEMail=Ecrire a e-mail (lien) ActivateCheckRead=Activer les tags d'accusé de lecture et de désincription +ActivateCheckReadKey=Clef de sécurité utilisée pour l'encryption des URL utilisées dans les fonctions d'accusé de lecture et de désincription # Libelle des modules de liste de destinataires mailing MailingModuleDescContactCompanies=Contacts de tiers (prospects, clients, fournisseurs...)