diff --git a/www/common/drive-ui.js b/www/common/drive-ui.js index 8c8d7f5f1..b86da80ec 100644 --- a/www/common/drive-ui.js +++ b/www/common/drive-ui.js @@ -1097,7 +1097,7 @@ define([ var priv = metadataMgr.getPrivateData(); var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); - if (useUnsafe !== false) { // true of undefined: use unsafe links + if (useUnsafe === true) { return void window.open(APP.origin + href); } diff --git a/www/common/inner/access.js b/www/common/inner/access.js index 55a4dbbe9..190af4279 100644 --- a/www/common/inner/access.js +++ b/www/common/inner/access.js @@ -874,7 +874,7 @@ define([ // Use hidden hash if needed (we're an owner of this pad so we know it is stored) var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); var href = (priv.readOnly && data.roHref) ? data.roHref : data.href; - if (useUnsafe === false) { + if (useUnsafe !== true) { var newParsed = Hash.parsePadUrl(href); var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass); var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {}); diff --git a/www/common/migrate-user-object.js b/www/common/migrate-user-object.js index 18bc9c61b..231c39ebd 100644 --- a/www/common/migrate-user-object.js +++ b/www/common/migrate-user-object.js @@ -7,9 +7,10 @@ define([ '/common/cryptget.js', '/common/outer/mailbox.js', '/customize/messages.js', + '/common/common-realtime.js', '/bower_components/nthen/index.js', '/bower_components/chainpad-crypto/crypto.js', -], function (AppConfig, Feedback, Hash, Util, Messaging, Crypt, Mailbox, Messages, nThen, Crypto) { +], function (AppConfig, Feedback, Hash, Util, Messaging, Crypt, Mailbox, Messages, Realtime, nThen, Crypto) { // Start migration check // Versions: // 1: migrate pad attributes @@ -456,6 +457,37 @@ define([ if (version < 10) { fixTodo(); } + }).nThen(function (waitFor) { + if (version >= 11) { return; } + // Migration 11: alert users of safe links as the new default + + var done = function () { + Feedback.send('Migrate-11', true); + userObject.version = version = 11; + }; + + /* userObject.settings.security.unsafeLinks + undefined => the user has never touched it + false => the user has explicitly enabled "safe links" + true => the user has explicitly disabled "safe links" + */ + var unsafeLinks = Util.find(userObject, [ 'settings', 'security', 'unsafeLinks' ]); + if (unsafeLinks !== undefined) { return void done(); } + + var ctx = { + store: store, + }; + var myData = Messaging.createData(userObject); + + Mailbox.sendTo(ctx, 'SAFE_LINKS_DEFAULT', { + user: myData, + }, { + channel: myData.notifications, + curvePublic: myData.curvePublic + }, waitFor(function (obj) { + if (obj && obj.error) { return void console.error(obj); } + done(); + })); /*}).nThen(function (waitFor) { // Test progress bar in the loading screen var i = 0; @@ -467,7 +499,7 @@ define([ }, 500); progress(0, 0);*/ }).nThen(function () { - setTimeout(cb); + Realtime.whenRealtimeSyncs(store.realtime, Util.bake(cb)); }); }; }); diff --git a/www/common/notifications.js b/www/common/notifications.js index 3abc40ca8..94c2dcb15 100644 --- a/www/common/notifications.js +++ b/www/common/notifications.js @@ -387,6 +387,21 @@ define([ } }; + handlers['SAFE_LINKS_DEFAULT'] = function (common, data) { + Messages.settings_safeLinkDefault = "SAFE LINKS ARE NOW DEFAULT"; // XXX + + var content = data.content; + content.getFormatText = function () { + return Messages.settings_safeLinkDefault; + }; + + content.handler = function () { + common.openURL('/settings/#security'); + }; + if (!content.archived) { + content.dismissHandler = defaultDismiss(common, data); + } + }; // NOTE: don't forget to fixHTML everything returned by "getFormatText" diff --git a/www/common/outer/mailbox-handlers.js b/www/common/outer/mailbox-handlers.js index a55a2d63d..6d10b089f 100644 --- a/www/common/outer/mailbox-handlers.js +++ b/www/common/outer/mailbox-handlers.js @@ -515,6 +515,12 @@ define([ cb(); }; + handlers["SAFE_LINKS_DEFAULT"] = function (ctx, box, data, cb) { // XXX + var curve = ctx.store.proxy.curvePublic; + if (data.msg.author !== curve) { return void cb(true); } + cb(); + }; + // Hide duplicates when receiving a SHARE_PAD notification: // Keep only one notification per channel: the stronger and more recent one var comments = {}; diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index b5baf6301..71ecd6dcf 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -823,7 +823,7 @@ define([ var opts = parsed.getOptions(); var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts); var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']); - if (useUnsafe === false && window.history && window.history.replaceState) { + if (useUnsafe !== true && window.history && window.history.replaceState) { if (!/^#/.test(hash)) { hash = '#' + hash; } window.history.replaceState({}, window.document.title, hash); } @@ -854,6 +854,7 @@ define([ path: initialPathInDrive, // Where to store the pad if we don't have it in our drive forceSave: true }; + // XXX copypaste from above... Cryptpad.setPadTitle(data, function (err) { if (!err && !(obj && obj.notStored)) { // No error and the pad was correctly stored @@ -861,7 +862,7 @@ define([ var opts = parsed.getOptions(); var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts); var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']); - if (useUnsafe === false && window.history && window.history.replaceState) { + if (useUnsafe !== true && window.history && window.history.replaceState) { if (!/^#/.test(hash)) { hash = '#' + hash; } window.history.replaceState({}, window.document.title, hash); }