Opened 6 years ago

Last modified 10 months ago

#1484686 new Feature Requests

dereferrer for links in mails

Reported by: igor Owned by:
Priority: 5 Milestone: later
Component: Security Version: git-master
Severity: minor Keywords:
Cc:

Description (last modified by alec)

a dereferrer would be nice, because its not nice that other website owners could look witch email-id it is, or wich domain...

I use at the moment a extern one.

its very easy...

index.php

<?php
function tpl ($template)
  {
    if (file_exists ('tpl/' . $template . '.html'))
    {
      include 'tpl/' . $template . '.html';
    }
  }

  function logfile ()
  {
    global $link_url;
    global $config;
    if ($config['log'] == 1)
    {
   	 $fp = fopen ('log/logfile.txt', 'a');
	 fwrite($fp, "$link_url");
	 fwrite($fp, "\n");
     fclose ($fp);
    }
  }

  $config['prcl'] = 'http';
  $config['time'] = 0;
  $config['log'] = 1;
  $link_url = urldecode($_SERVER['QUERY_STRING']);
  if ($link_url != '')
  {
  /*  if (substr($link_url, 0, 7)!='http://') || substr($link_url, 0, 8)!='https://' || substr($link_url, 0, 6)!='ftp://'
    {
      $link_url = $config['prcl'] . '://' . $link_url;
    }
    */
    $link_head = $link_url;
    $link_time = $config['time'];
    logfile ();
    tpl ('page_redirect');
    exit ();
  }

  tpl ('page');
  exit ();
  
  ?>

Template:

<?
global $link_head;
global $link_time;
?>
<?
global $link_head;
global $link_time;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<head>
<title>Weiterleitung zu <?=$link_head?></title>

<meta http-equiv="refresh" content="<?=$link_time?>; URL=<?=$link_head?>">

</head>
<body>


<p align="center" valign="center">
	Bitte warte <?=$link_time?> Sekunden <br>
    Umleitung auf: <a href="<?=$link_head?>"><?=$link_head?></a>
</p>
</body>
</html>

it would be nice if it could be includet.
new window like "print view" with meta refresh
and a link like _action=deref&target=http://test.com/

Change History (8)

comment:1 Changed 6 years ago by thomasb

  • Description modified (diff)
  • Severity changed from normal to minor

Corrected wiki syntax

comment:2 Changed 6 years ago by seansan

  • Milestone set to 0.1.5

Review in 0.1.5

comment:3 Changed 6 years ago by thomasb

  • Milestone changed from 0.1.5 to later

comment:4 Changed 3 years ago by patrick

That would indeed be a good thing to have. The HTTP "Referer" header, after clicking on a link in Roundcube, contains the address of the Roundcube installation, the name of the mailbox the mail was in (at least if you use the preview feature), and the UID of the mail. I consider this "oversharing".

comment:5 Changed 13 months ago by alec

  • Component changed from Client Scripts to Security
  • Description modified (diff)
  • Milestone changed from later to 1.0-beta

We can at least use rel="noreferrer" which is supported by Webkit browsers. There are also JS solutions like https://github.com/knu/noreferrer

comment:6 Changed 13 months ago by alec

rel="noreferrer" added in 1e32540839683c1309db012c4d5b9aff35ec6ae3. Now, we can implement Javascript noreferrer solution for other browsers.

comment:8 Changed 10 months ago by alec

  • Milestone changed from 1.0-beta to later
  • Version changed from 0.1-rc2 to git-master
Note: See TracTickets for help on using tickets.