diff options
| -rw-r--r-- | apps/dav/lib/CalDAV/Schedule/IMipPlugin.php | 42 | ||||
| -rw-r--r-- | config/config.sample.php | 27 |
2 files changed, 65 insertions, 4 deletions
diff --git a/apps/dav/lib/CalDAV/Schedule/IMipPlugin.php b/apps/dav/lib/CalDAV/Schedule/IMipPlugin.php index 3ff3ed0c569..4375c081d55 100644 --- a/apps/dav/lib/CalDAV/Schedule/IMipPlugin.php +++ b/apps/dav/lib/CalDAV/Schedule/IMipPlugin.php @@ -144,11 +144,11 @@ class IMipPlugin extends SabreIMipPlugin { $summary = $iTipMessage->message->VEVENT->SUMMARY; - if (parse_url($iTipMessage->sender, PHP_URL_SCHEME) !== 'mailto') { + if (strcasecmp(parse_url($iTipMessage->sender, PHP_URL_SCHEME), 'mailto') !== 0) { return; } - if (parse_url($iTipMessage->recipient, PHP_URL_SCHEME) !== 'mailto') { + if (strcasecmp(parse_url($iTipMessage->recipient, PHP_URL_SCHEME), 'mailto') !== 0) { return; } @@ -239,9 +239,44 @@ class IMipPlugin extends SabreIMipPlugin { $meetingAttendeeName, $meetingInviteeName); $this->addBulletList($template, $l10n, $meetingWhen, $meetingLocation, $meetingDescription, $meetingUrl); - $this->addResponseButtons($template, $l10n, $iTipMessage, $lastOccurrence); + + + // Only add response buttons to invitation requests: Fix Issue #11230 + if ($method == self::METHOD_REQUEST) { + + /* + ** Only offer invitation accept/reject buttons, which link back to the + ** nextcloud server, to recipients who can access the nextcloud server via + ** their internet/intranet. Issue #12156 + ** + ** For nextcloud servers accessible to the public internet, the default + ** "dav.invitation_link_recipients" value "true" (all recipients) is appropriate. + ** + ** When the nextcloud server is restricted behind a firewall, accessible + ** only via an internal network or via vpn, you can set "dav.invitation_link_recipients" + ** to the email address or email domain, or array of addresses or domains, + ** of recipients who can access the server. + ** + ** To deliver URL's always, set invitation_link_recipients to boolean "true". + ** To suppress URL's entirely, set invitation_link_recipients to boolean "false". + */ + + $recipientDomain = substr(strrchr($recipient, "@"), 1); + $invitationLinkRecipients = $this->config->getSystemValue('dav.invitation_link_recipients', true); + if (is_array($invitationLinkRecipients)) { + $invitationLinkRecipients = array_map('strtolower', $invitationLinkRecipients); // for case insensitive in_array + } + if ($invitationLinkRecipients === true + || (is_string($invitationLinkRecipients) && strcasecmp($recipient, $invitationLinkRecipients) === 0) + || (is_string($invitationLinkRecipients) && strcasecmp($recipientDomain, $invitationLinkRecipients) === 0) + || (is_array($invitationLinkRecipients) && in_array(strtolower($recipient), $invitationLinkRecipients)) + || (is_array($invitationLinkRecipients) && in_array(strtolower($recipientDomain), $invitationLinkRecipients))) { + $this->addResponseButtons($template, $l10n, $iTipMessage, $lastOccurrence); + } + } $template->addFooter(); + $message->useTemplate($template); $attachment = $this->mailer->createAttachment( @@ -447,7 +482,6 @@ class IMipPlugin extends SabreIMipPlugin { $template->setSubject('Invitation: ' . $summary); $template->addHeading($l10n->t('%1$s invited you to »%2$s«', [$inviteeName, $summary]), $l10n->t('Hello %s,', [$attendeeName])); } - } /** diff --git a/config/config.sample.php b/config/config.sample.php index 9c3cc470995..5f1eee4e945 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -1697,6 +1697,33 @@ $CONFIG = array( ), /** +* The caldav server sends invitation emails to invitees, attaching the ICS +* file for the invitation. It also may include, in the body of the e-mail, +* invitation accept/reject web links referencing URL's that point to the nextcloud server. +* +* Although any recipient can read and reply to the ICS file via the iMip protocol, +* we must only present the web links to recipients who can access the nextcloud +* web server via their internet/intranet. +* +* When your nextcloud server is restricted behind a firewall, accessible +* only via an internal network or via vpn, you can set "dav.invitation_link_recipients" +* to the email address or email domain, or array of addresses or domains, +* of recipients who can access the server. Only those recipients will get web links. External +* users can accept/reject invitations by emailing back ICS files containing appropriate +* messages, using the iMip protocol. Many mail clients support this functionality. +* +* To suppress iMip web links entirely, set dav.invitation_link_recipients to false. +* To deliver iMip web links always, set dav.invitation_link_recipients to true. +* +* Examples: +* 'dav.invitation_link_recipients' => 'internal.example.com', +* 'dav.invitation_link_recipients' => array( 'internal.example.com', 'pat@roadwarrior.example.com' ), +* 'dav.invitation_link_recipients' => false, +* +*/ +'dav.invitation_link_recipients' => '*', // always include accept/reject server links in iMip emails + +/** * By default there is on public pages a link shown that allows users to * learn about the "simple sign up" - see https://nextcloud.com/signup/ * |