diff --git a/dev/App/User.js b/dev/App/User.js index 51d3a272f..de7d691c1 100644 --- a/dev/App/User.js +++ b/dev/App/User.js @@ -317,25 +317,6 @@ class AppUser extends AbstractApp { setTimeout(() => Remote.request('AppDelayStart'), 35000); - // When auto-login is active - if ( - SettingsGet('AccountSignMe') && - navigator.registerProtocolHandler - ) { - setTimeout(() => { - try { - navigator.registerProtocolHandler( - 'mailto', - location.protocol + '//' + location.host + location.pathname + '?mailto&to=%s', - (SettingsGet('Title') || 'SnappyMail') - ); - } catch (e) {} // eslint-disable-line no-empty - - value = SettingsGet('MailToEmail'); - value && mailToHelper(value); - }, 500); - } - // add pointermove ? addEventsListener(doc, ['touchstart','mousemove','keydown'], SettingsUserStore.delayLogout, {passive:true}); SettingsUserStore.delayLogout(); @@ -356,6 +337,21 @@ class AppUser extends AbstractApp { setInterval(reloadTime(), 60000); PgpUserStore.init(); + + // When auto-login is active + if (navigator.registerProtocolHandler) { + try { + navigator.registerProtocolHandler( + 'mailto', + location.protocol + '//' + location.host + location.pathname + '?mailto&to=%s', + (SettingsGet('Title') || 'SnappyMail') + ); + } catch (e) {} // eslint-disable-line no-empty + } + setTimeout(() => { + value = SettingsGet('MailToEmail'); + value && mailToHelper(value); + }, 500); } else { this.logout(); } diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php index 9fd13fd7e..9004b8bfe 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php @@ -818,16 +818,14 @@ class Actions } } - if ($aResult['AccountSignMe']) { - $sToken = Utils::GetCookie(self::AUTH_MAILTO_TOKEN_KEY, null); - if (null !== $sToken) { - Utils::ClearCookie(self::AUTH_MAILTO_TOKEN_KEY); + $sToken = Utils::GetCookie(self::AUTH_MAILTO_TOKEN_KEY, null); + if (null !== $sToken) { + Utils::ClearCookie(self::AUTH_MAILTO_TOKEN_KEY); - $mMailToData = Utils::DecodeKeyValuesQ($sToken); - if (!empty($mMailToData['MailTo']) && - 'MailTo' === $mMailToData['MailTo'] && !empty($mMailToData['To'])) { - $aResult['MailToEmail'] = $mMailToData['To']; - } + $mMailToData = Utils::DecodeKeyValuesQ($sToken); + if (!empty($mMailToData['MailTo']) && + 'MailTo' === $mMailToData['MailTo'] && !empty($mMailToData['To'])) { + $aResult['MailToEmail'] = $mMailToData['To']; } } diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/User.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/User.php index f20f3b8a7..6f2c4ae14 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/User.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/User.php @@ -32,18 +32,6 @@ trait User return $this->oSuggestionsProvider; } - public function SetMailtoRequest(string $sTo): void - { - if (!empty($sTo)) { - Utils::SetCookie(self::AUTH_MAILTO_TOKEN_KEY, - Utils::EncodeKeyValuesQ(array( - 'Time' => \microtime(true), - 'MailTo' => 'MailTo', - 'To' => $sTo - )), 0); - } - } - /** * @throws \MailSo\Base\Exceptions\Exception */ diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Service.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Service.php index a2f761bc8..598b30341 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Service.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Service.php @@ -112,7 +112,7 @@ abstract class Service $sResult = ''; if (\count($aPaths) && !empty($aPaths[0]) && 'index' !== \strtolower($aPaths[0])) { - if (!\SnappyMail\HTTP\SecFetch::isSameOrigin()) { + if ('mailto' !== \strtolower($aPaths[0]) && !\SnappyMail\HTTP\SecFetch::isSameOrigin()) { \MailSo\Base\Http::StatusHeader(403); echo $oServiceActions->ErrorTemplates('Access Denied.', "Disallowed Sec-Fetch diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/ServiceActions.php b/snappymail/v/0.0.0/app/libraries/RainLoop/ServiceActions.php index 403dcaef3..c7f147fea 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/ServiceActions.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/ServiceActions.php @@ -620,17 +620,15 @@ class ServiceActions public function ServiceMailto() : string { $this->oHttp->ServerNoCache(); - $sTo = \trim($_GET['to'] ?? ''); - if (!empty($sTo) && \preg_match('/^mailto:/i', $sTo)) - { - $oAccount = $this->oActions->GetAccountFromSignMeToken(); - if ($oAccount) - { - $this->oActions->SetMailtoRequest($sTo); - } + if (!empty($sTo) && \preg_match('/^mailto:/i', $sTo)) { + Utils::SetCookie(\RainLoop\Actions::AUTH_MAILTO_TOKEN_KEY, + Utils::EncodeKeyValuesQ(array( + 'Time' => \microtime(true), + 'MailTo' => 'MailTo', + 'To' => $sTo + )), 0); } - $this->oActions->Location('./'); return ''; }