-
assigned issue to
Janos SUTO
bcc: recipients visible in web UI "To" and in "X-Envelope-To" header
Issue #526
resolved
Piler 1.1.0 build 884. MTA is Kerio Connect 8.4.1 (www.kerio.com). Kerio is set to always bcc: archive@pilerhostid.
When a bcc: recipient searches Piler in the web UI, they see all bcc: recipients listed in the "To" column. They should only see to:, cc: and maybe their own bcc: address but not other bcc: recipients. Is it possible to suppress the display of other (or all) bcc: recipients in the web UI for a recipient's search result?
The X-Envelope-To: header is visible to all recipients through "View heders", revealing any bcc: addresses. Can the display of X-Envelope-To: be suppressed in the web UI (at least for recipients)? I understand why that header is an important part of Piler processing: I just want to hide it for some users.
It would be ideal if the sender could still see either the bcc: "To" recipients or the X-Envelope-To: header (or both). An Auditor should obviously see the X-Envelope-To: header.
I have reviewed the related Issue #335, but the suggested postfix "sub-addressing" mapping option is not available, unless I insert a postfix relay between Kerio and Piler.
Comments (8)
-
reporter
-
repo owner
The problem is that piler puts all recipients to the to[] buffer, so after parsing the message there's no way to tell if an address is for the To/Cc or Bcc headers. A workaround may be possible to process the email header, parse it, then check if the recipients addresses match the current user address. And perhaps to simply remove the group icon from the upper pane.
To remove X-Envelope-To: header locate get_message_headers() in model/search/message.php, and add the following line right after "$has_journal = $this->remove_journal($msg);"
if(Registry::get('auditor_user') == 0) { $msg = preg_replace("/" . HEADER_LINE_TO_HIDE . ".{1,}\n/i", "", $msg); }Finally add this to config.php:
$config['HEADER_LINE_TO_HIDE'] = 'X-Envelope-To:';I'll think about the issue later...
-
reporter
The X-Envelope-To: header suppression works perfectly. I appreciate the fast and substantive response. Thanks also for considering the second issue.
-
repo owner
I have an idea, not sure if it may work out for you, though. In case of a regular user (ie. not auditor) let's display only the first recipient of the message in the upper pane. Usually it's the To: address. Thus an ordinary user can't see a Bcc recipient.
-
repo owner
For 1. apply the following diff:
diff --git a/webui/model/search/message.php b/webui/model/search/message.php index f825a75..c6d3df5 100644 --- a/webui/model/search/message.php +++ b/webui/model/search/message.php @@ -190,7 +190,8 @@ class ModelSearchMessage extends Model { $has_journal = $this->remove_journal($msg); if(Registry::get('auditor_user') == 0 && HEADER_LINE_TO_HIDE) { - $msg = preg_replace("/" . HEADER_LINE_TO_HIDE . ".{1,}\n/i", "", $msg); + $msg = preg_replace("/" . HEADER_LINE_TO_HIDE . ".{1,}(\n(\ |\t){1,}.{1,}){0,}" . "\n/i", "", $msg); + } -
repo owner
For 2. apply this diff as well:
diff --git a/webui/model/search/message.php b/webui/model/search/message.php index f825a75..13712ec 100644 --- a/webui/model/search/message.php +++ b/webui/model/search/message.php @@ -137,6 +137,10 @@ class ModelSearchMessage extends Model { } + if(Registry::get('auditor_user') == 0 && HEADER_LINE_TO_HIDE) { + $s = preg_replace("/" . HEADER_LINE_TO_HIDE . ".{1,}(\n(\ |\t){1,}.{1,}){0,}" . "\n/i", "", $s); + } + return $s; } -
repo owner
I've added a fix to the model/search/message.php, so it adds only the first email address to the recipients list:
diff --git a/webui/model/search/search.php b/webui/model/search/search.php index f4d1120..d18cdd3 100644 --- a/webui/model/search/search.php +++ b/webui/model/search/search.php @@ -506,7 +508,7 @@ class ModelSearchSearch extends Model { $rcpt[$r['id']] = $r['to']; } else { - $rcpt[$r['id']] .= ",\n" . $r['to']; + if(Registry::get('auditor_user') == 1) { $rcpt[$r['id']] .= ",\n" . $r['to']; } } } } -
repo owner
- changed status to resolved
- Log in to comment
