From 482a8369d0a18a6191d5792701909a29bc6ca69c Mon Sep 17 00:00:00 2001
From: Per Cederqvist <ceder@lysator.liu.se>
Date: Sun, 3 Sep 2000 19:45:26 +0000
Subject: [PATCH] (send_async_sub_recipient): Use filter_secret_info() so that
the exact same visibility is used by async-sub-recipient and
get-text-stat. (filter_secret_info): Don't allow the author of a text to see
bcc-recpt which are secret to him. Simplify the code slightly.
(send_async_add_recipient): Use filter_secret_info() so that the exact
same visibility is used by async-add-recipient and get-text-stat.
---
src/server/text.c | 129 +++++++++++++++++-----------------------------
1 file changed, 47 insertions(+), 82 deletions(-)
diff --git a/src/server/text.c b/src/server/text.c
index 6ce5f44e0..40e49326d 100644
--- a/src/server/text.c
+++ b/src/server/text.c
@@ -1,5 +1,5 @@
/*
- * $Id: text.c,v 0.78 2000/09/02 20:06:15 ceder Exp $
+ * $Id: text.c,v 0.79 2000/09/03 19:45:26 ceder Exp $
* Copyright (C) 1991-1999 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
@@ -34,7 +34,7 @@
#endif
static const char *
-rcsid = "$Id: text.c,v 0.78 2000/09/02 20:06:15 ceder Exp $";
+rcsid = "$Id: text.c,v 0.79 2000/09/03 19:45:26 ceder Exp $";
#include "rcs.h"
USE(rcsid);
@@ -83,6 +83,11 @@ do_create_text(const String message,
Bool anonymous,
Text_stat **ret_stat);
+static void
+filter_secret_info(Text_stat *result,
+ const Text_stat *original,
+ const Connection *viewer_conn,
+ Bool output_bcc);
/*
* Static functions
@@ -592,43 +597,23 @@ send_async_sub_recipient(Text_no text_no,
{
Connection *cptr;
Session_no i = 0;
- Membership *mship;
- if (type != bcc_recpt)
- {
- while ((i = traverse_connections(i)) != 0)
- {
- cptr = get_conn_by_number(i);
- /*
- * Send messate if connection is logged on, the user is a member
- * in a recipient and the subtracted recipient is visible to the
- * user
- */
- if (cptr->person != NULL
- && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE
- && access_perm(conf_no, cptr, read_protected) > none)
- {
- async_sub_recipient(cptr, text_no, conf_no, type);
- }
- }
- }
- else
+ while ((i = traverse_connections(i)) != 0)
{
- while ((i = traverse_connections(i)) != 0)
- {
- cptr = get_conn_by_number(i);
- if (cptr->person != NULL)
+ cptr = get_conn_by_number(i);
+ if (cptr->person != NULL
+ && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE)
+ {
+ Text_stat copy;
+
+ filter_secret_info(©, text_s, cptr, TRUE);
+ if (find_recipient(conf_no, ©) != -1
+ && is_member_in_recpt(cptr->person, ©, TRUE) == TRUE)
{
- mship = locate_membership(conf_no, cptr->person);
- if (mship != NULL
- && !mship->type.passive
- && access_perm(conf_no, cptr, read_protected) > none)
- {
- async_sub_recipient(cptr, text_no, conf_no, type);
- }
- }
- }
- }
+ async_sub_recipient(cptr, text_no, conf_no, type);
+ }
+ }
+ }
}
/*
@@ -1256,11 +1241,12 @@ filter_secret_info(Text_stat *result,
case bcc_recpt:
/*
- * We will send this if ...
- * The viewer is the recipient or
- * The recipient is an open conference
- * The viewer sent the BCC
- * The viewer is the author
+ * We will send this if any of the following is true:
+ * - The viewer is the recipient.
+ * - The recipient is an open conference.
+ * - The viewer sent the BCC.
+ * - The viewer is supervisor of the author, and allowed
+ * to know that the recipient exists.
*/
if (viewer_p != NULL
@@ -1271,21 +1257,15 @@ filter_secret_info(Text_stat *result,
|| recp_sent_by(
orig, original->misc_items + original->no_of_misc,
viewer, viewer_p)
- || is_supervisor(original->author, viewer, viewer_p)))
+ || (is_supervisor(original->author, viewer, viewer_p)
+ && (access_perm(orig->datum.bcc_recipient,
+ viewer_conn, read_protected)
+ >= read_protected))))
{
+ *copy++ = *orig++;
+ ++result->no_of_misc;
if (!output_bcc)
- {
- *copy = *orig;
- copy->type = cc_recpt;
- copy++;
- orig++;
- ++result->no_of_misc;
- }
- else
- {
- *copy++ = *orig++;
- ++result->no_of_misc;
- }
+ copy[-1].type = cc_recpt;
}
else
{
@@ -2819,38 +2799,23 @@ send_async_add_recipient(Text_no text_no,
Info_type type)
{
Connection *cptr;
- Membership *mship;
Session_no i = 0;
- if (type != bcc_recpt)
- {
- while ((i = traverse_connections(i)) != 0)
- {
- cptr = get_conn_by_number(i);
- if (cptr->person != NULL
- && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE
- && access_perm(conf_no, cptr, read_protected) > none)
- {
- async_new_recipient(cptr, text_no, conf_no, type);
- }
- }
- }
- else
+ while ((i = traverse_connections(i)) != 0)
{
- while ((i = traverse_connections(i)) != 0)
- {
- cptr = get_conn_by_number(i);
- if (cptr->person != NULL)
+ cptr = get_conn_by_number(i);
+ if (cptr->person != NULL
+ && is_member_in_recpt(cptr->person, text_s, TRUE) == TRUE)
+ {
+ Text_stat copy;
+
+ filter_secret_info(©, text_s, cptr, TRUE);
+ if (find_recipient(conf_no, ©) != -1
+ && is_member_in_recpt(cptr->person, ©, TRUE) == TRUE)
{
- mship = locate_membership(conf_no, cptr->person);
- if (mship != NULL
- && !mship->type.passive
- && access_perm(conf_no, cptr, read_protected) > none)
- {
- async_new_recipient(cptr, text_no, conf_no, type);
- }
- }
- }
+ async_new_recipient(cptr, text_no, conf_no, type);
+ }
+ }
}
}
--
GitLab