From 5bf8c895a9614bd442ca6d526228042be744f408 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 22 Nov 2019 18:39:51 +0000 Subject: [PATCH 1/2] Improvement for PR 7854: Avoid leaking of BCC header data --- src/Protocol/ActivityPub/Transmitter.php | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/src/Protocol/ActivityPub/Transmitter.php b/src/Protocol/ActivityPub/Transmitter.php index 7fc0f5d990..b9a00c4817 100644 --- a/src/Protocol/ActivityPub/Transmitter.php +++ b/src/Protocol/ActivityPub/Transmitter.php @@ -498,7 +498,13 @@ class Transmitter } } - return ['to' => array_values($data['to']), 'cc' => array_values($data['cc']), 'bcc' => array_values($data['bcc'])]; + $receivers = ['to' => array_values($data['to']), 'cc' => array_values($data['cc']), 'bcc' => array_values($data['bcc'])]; + + if (!$blindcopy) { + unset($receivers['bcc']); + } + + return $receivers; } /** @@ -693,18 +699,6 @@ class Transmitter $mail = self::ItemArrayFromMail($mail_id); $object = self::createNote($mail); - if (!empty($object['cc'])) { - $object['to'] = array_merge($object['to'], $object['cc']); - unset($object['cc']); - } - - if (!empty($object['bcc'])) { - $object['to'] = array_merge($object['to'], $object['bcc']); - unset($object['bcc']); - } - - $object['tag'] = [['type' => 'Mention', 'href' => $object['to'][0], 'name' => 'test']]; - if (!$object_mode) { $data = ['@context' => ActivityPub::CONTEXT]; } else { @@ -730,6 +724,8 @@ class Transmitter unset($data['bcc']); $object['to'] = $data['to']; + $object['tag'] = [['type' => 'Mention', 'href' => $object['to'][0], 'name' => 'test']]; + unset($object['cc']); unset($object['bcc']); From e539c74fa4f0d6659278f2dff1bd72f5ae21e063 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 22 Nov 2019 19:47:35 +0000 Subject: [PATCH 2/2] Removed the word "test" --- src/Protocol/ActivityPub/Transmitter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Protocol/ActivityPub/Transmitter.php b/src/Protocol/ActivityPub/Transmitter.php index b9a00c4817..fa8e4bf46f 100644 --- a/src/Protocol/ActivityPub/Transmitter.php +++ b/src/Protocol/ActivityPub/Transmitter.php @@ -724,7 +724,7 @@ class Transmitter unset($data['bcc']); $object['to'] = $data['to']; - $object['tag'] = [['type' => 'Mention', 'href' => $object['to'][0], 'name' => 'test']]; + $object['tag'] = [['type' => 'Mention', 'href' => $object['to'][0], 'name' => '']]; unset($object['cc']); unset($object['bcc']);