[#1434] phishing warning
Summary phishing warning
Queue IMP
Queue Version HEAD
Type Enhancement
State Resolved
Priority 1. Low
Owners slusarz (at) horde (dot) org
Requester tmerritt (at) email (dot) arizona (dot) edu
Created 2005-02-24 (5807 days ago)
Updated 2005-03-01 (5802 days ago)
Resolved 2005-03-01 (5802 days ago)
Patch No

2005-03-01 06:52:20 Michael Slusarz Comment #10
State ⇒ Resolved
Reply to this comment
Committed to HEAD.  Some cleanups implemented.  Use a MIME_Contents 
object to display the status message.  We are not currently using the 
fourth parameter to formatStatusMsg (the class parameter) since there 
is no current style that renders the status message satisfactorily at 
this time.  I leave this to those who a) know CSS better than I and b) 
have some sort of design talent.  Further development should be done 
via the dev@ list rather than the bug tracking system.
2005-02-28 18:01:57 tmerritt (at) email (dot) arizona (dot) edu Comment #9 Reply to this comment
the html viewer in imp is passed a mime_contents object from which it 
extracts a mime_part to send to _cleanHTML from the horde html viewer. 
  _cleanHTML could take an optional second parameter containing the 
mime_contents object, that seems redundant though.  Perhaps the 
warning should just be in the imp html driver ?
2005-02-28 17:37:51 Jan Schneider Comment #8
Assigned to Michael Slusarz
Reply to this comment
See IMP's html driver for a reference how to get the object. Perhaps 
Michael could jump in with a good idea too.
2005-02-28 16:34:01 tmerritt (at) email (dot) arizona (dot) edu Comment #7 Reply to this comment
That's what I tried to do originally, but it is the html viewer is 
passed a mime_part object, not a mime_contents object and I couldn't 
find a way to get to a mime_contents object without creating a new 
one.  I'll do that if that's acceptable, but it seems like a waste, 
and viewAsAttachment already has that functionality.
2005-02-28 16:28:55 Jan Schneider Comment #6 Reply to this comment
Heh, no. :-)

MIME_Contents::formatStatusMessage was only a hint to the method, it 
shouldn't be called statically. I don't know exactly off my head, but 
I guess it would be something like 
2005-02-28 16:06:26 tmerritt (at) email (dot) arizona (dot) edu Comment #5
New Attachment: imp.phish2.patch Download
Reply to this comment
- I replaced \s+ with \s*

- It now uses MIME_Contents::formatStatusMessage to display the status 
box.  I had to modify the function to allow it to be called as 
MIME_Contents::formatStatusMsg(), replacing this->viewAsAttachment 
with MIME_Contents::viewAsAttachment.  I also modified it to accept a 
style as an optional 4th css parameter.

- The warning is now a gettext message

2005-02-28 14:36:04 Jan Schneider Comment #4
State ⇒ Feedback
Reply to this comment
This looks good as a first glance. I have some suggestions though:

- In the first two preg_match calls, why do you expect a whitespace 
like 'href= http://...' if the href attribute is *not* enclosed in 
quotes? |\s+ should probably be |\s*

- You should use MIME_Contents::formatStatusMessage() for showing the 
phishing warnings, see imp/lib/MIME/Viewer/html.php for examples. It 
might also be a good thing to extend this method to also accept an 
optional class name for the status box. That wouldn't break BC and 
allows to show boxes that look more like warnings like the current 
ones that even have a fixed style.

- The message could probably be tweaked to sound less diffuse. But 
that could be done later. But at least it has to be a gettext message.
2005-02-28 13:28:55 tmerritt (at) email (dot) arizona (dot) edu Comment #3
New Attachment: imp.phish.patch Download
Reply to this comment
Here's a first pass at an implementation.
2005-02-24 20:03:26 Jan Schneider Comment #2
State ⇒ Accepted
Reply to this comment
This is already on the TODO list: http://www.horde.org/imp/docs/?f=TODO.html
2005-02-24 19:11:00 tmerritt (at) email (dot) arizona (dot) edu Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 1. Low
Summary ⇒ phishing warning
Queue ⇒ IMP
Reply to this comment
gmail now displays a red banner warning on messages it thinks are 
phising scams.  I'd like to see something similar in imp.  It would be 
trivial enough to do in a way that would work in my environment using 
checking for spam assassin test matches, but I don't know if that is 
general purpose enough to be mainline.   How does this idea sound, and 
is there a more flexible way to implement it ?

Saved Queries