Secure URL use to CheckRead and Unsubcribe with security key in

configuration screen

htdocs/admin/mailing.php

@@ -34,6 +34,8 @@ if (!$user->admin)
 
 $action = GETPOST('action','alpha');
 
+   
+
 /*
  * Actions
  */
@@ -45,13 +47,36 @@ if ($action == 'setvalue' && $user->admin)
 	$mailfrom = GETPOST('MAILING_EMAIL_FROM','alpha');
 	$mailerror = GETPOST('MAILING_EMAIL_ERRORSTO','alpha');
 	$checkread = GETPOST('value','alpha');
+	$checkread_key = GETPOST('MAILING_EMAIL_UNSUBSCRIBE_KEY','alpha');
+
+	
 
 	$res=dolibarr_set_const($db, "MAILING_EMAIL_FROM",$mailfrom,'chaine',0,'',$conf->entity);
 	if (! $res > 0) $error++;
 	$res=dolibarr_set_const($db, "MAILING_EMAIL_ERRORSTO",$mailerror,'chaine',0,'',$conf->entity);
 	if (! $res > 0) $error++;
-	//$res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",$checkread,'chaine',0,'',$conf->entity);
-	//if (! $res > 0) $error++;
+	if ($checkread=='on')
+	{
+		$res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",1,'chaine',0,'',$conf->entity);
+		if (! $res > 0) $error++;
+	}
+	else if ($checkread=='off')
+	{
+		$res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE",0,'chaine',0,'',$conf->entity);
+		if (! $res > 0) $error++;
+	}
+	
+	//Create temporary encryption key if nedded
+	if (($conf->global->MAILING_EMAIL_UNSUBSCRIBE==1) && (empty($checkread_key)))
+	{
+		$chars = "abcdef(ghijklmnopqrstuvwxyz;!ABCDEFGH,IJKLMNOPQRSTUVWXYZ01_23456789";
+	    mt_srand(10000000*(double)microtime());
+	    for ($i = 0, $str = '', $lc = strlen($chars)-1; $i < 30; $i++) {
+	        $checkread_key .= $chars[mt_rand(0, $lc)];
+	    }
+	}
+	$res=dolibarr_set_const($db, "MAILING_EMAIL_UNSUBSCRIBE_KEY",$checkread_key,'chaine',0,'',$conf->entity);
+	if (! $res > 0) $error++;
 
  	if (! $error)
     {
@@ -104,24 +129,31 @@ print '<input size="32" type="text" name="MAILING_EMAIL_ERRORSTO" value="'.$conf
 if (!empty($conf->global->MAILING_EMAIL_ERRORSTO) && ! isValidEmail($conf->global->MAILING_EMAIL_ERRORSTO)) print ' '.img_warning($langs->trans("BadEMail"));
 print '</td></tr>';
 
-/*
+
 $var=!$var;
 print '<tr '.$bc[$var].'><td>';
 print $langs->trans("ActivateCheckRead").'</td><td>';
 if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE==1)
 {
-	print '<a href="'.$_SERVER["PHP_SELF"].'?action=setvalue&value=0">';
+	print '<a href="'.$_SERVER["PHP_SELF"].'?action=setvalue&value=off">';
 	print img_picto($langs->trans("Enabled"),'switch_on');
 	print '</a>';
+	$readonly='';
 }
 else
 {
-	print '<a href="'.$_SERVER["PHP_SELF"].'?action=setvalue&value=1">';
+	print '<a href="'.$_SERVER["PHP_SELF"].'?action=setvalue&value=on">';
 	print img_picto($langs->trans("Disabled"),'switch_off');
 	print '</a>';
+	$readonly='disabled="disabled"';
 }
 print '</td></tr>';
-*/
+
+$var=!$var;
+print '<tr '.$bc[$var].'><td>';
+print $langs->trans("ActivateCheckReadKey").'</td><td>';
+print '<input size="32" type="text" name="MAILING_EMAIL_UNSUBSCRIBE_KEY" '.$readonly.' value="'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY.'">';
+print '</td></tr>';
 
 
 print '<tr><td colspan="3" align="center"><input type="submit" class="button" value="'.$langs->trans("Modify").'"></td></tr>';

htdocs/comm/mailing/fiche.php

@@ -64,7 +64,7 @@ if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE)
 			$substitutionarray,
 			array(
 					'__CHECK_READ__' => 'CheckMail',
-					'__UNSUSCRIBE__' => 'Unsuscribe'
+					'__UNSUSCRIBE__' => 'Unsubscribe'
 			)
 	);
 }
@@ -89,7 +89,7 @@ if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE)
     		$substitutionarrayfortest,
     		array(
     				'__CHECK_READ__' => 'TESTCheckMail',
-    				'__UNSUSCRIBE__' => 'TESTCheckMail'
+    				'__UNSUSCRIBE__' => 'TESTUnsubscribe'
     		)
     );
 }

htdocs/core/modules/mailings/modules_mailings.php

@@ -143,6 +143,8 @@ class MailingTargets    // This can't be abstract as it is used for some method
      */
     function add_to_target($mailing_id, $cibles)
     {
+    	global $conf;
+    	
     	$this->db->begin();
 
         // Insert emailing targest from array into database
@@ -162,7 +164,10 @@ class MailingTargets    // This can't be abstract as it is used for some method
             $sql .= "'".$this->db->escape($cibles[$i]['other'])."',";
             $sql .= "'".$this->db->escape($cibles[$i]['source_url'])."',";
             $sql .= "'".$this->db->escape($cibles[$i]['source_id'])."',";
-            $sql .= "'".$this->db->escape(md5($cibles[$i]['email'].';'.$cibles[$i]['name'].';'.$mailing_id))."',";
+            if ($conf->global->MAILING_EMAIL_UNSUBSCRIBE==1)
+            {
+            	$sql .= "'".$this->db->escape(md5($cibles[$i]['email'].';'.$cibles[$i]['name'].';'.$mailing_id.';'.$conf->global->MAILING_EMAIL_UNSUBSCRIBE_KEY))."',";
+            }
             $sql .= "'".$this->db->escape($cibles[$i]['source_type'])."')";
             $result=$this->db->query($sql);
             if ($result)

htdocs/langs/en_US/mails.lang

@@ -77,6 +77,7 @@ CheckRead=Read Receipt
 YourMailUnsubcribeOK=The email <b>%s</b>  is correctly unsubcribe from mailing list
 MailtoEMail=Hyper link to email
 ActivateCheckRead=Activate Read receipt and unsubcribe tag
+ActivateCheckReadKey=Key use to encrypt URL use for Read Receipt and unsubcribe function
 
 # Libelle des modules de liste de destinataires mailing
 MailingModuleDescContactCompanies=Contacts of all third parties (customer, prospect, supplier, ...)

htdocs/langs/fr_FR/mails.lang

@@ -77,6 +77,7 @@ CheckRead=Accusé de lecture
 YourMailUnsubcribeOK=L'adresse e-mail <b>%s</b> est bien désincrite de la liste.
 MailtoEMail=Ecrire a e-mail (lien)
 ActivateCheckRead=Activer les tags d'accusé de lecture et de désincription
+ActivateCheckReadKey=Clef de sécurité utilisée pour l'encryption des URL utilisées dans les fonctions d'accusé de lecture et de désincription
 
 # Libelle des modules de liste de destinataires mailing
 MailingModuleDescContactCompanies=Contacts de tiers (prospects, clients, fournisseurs...)