Don't publish mbox_sha1sum in FOAF by default.

We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum

diff --git a/actions/foaf.php b/actions/foaf.php
index 260388ba447b72819ea0f908e4da35e9ade80391..bf9cf1b957bdb5b8abeb6940437396b373547e19 100644 (file)
--- a/actions/foaf.php
+++ b/actions/foaf.php
@@ -90,7 +90,7 @@ class FoafAction extends ManagedAction
 
         // Would be nice to tell if they were a Person or not (e.g. a #person usertag?)
         $this->elementStart('Agent', array('rdf:about' => $this->user->getUri()));
-        if ($this->user->email) {
+        if (common_config('foaf', 'mbox_sha1sum') && $this->user->email) {
             $this->element('mbox_sha1sum', null, sha1('mailto:' . $this->user->email));
         }
         if ($this->profile->fullname) {

diff --git a/lib/default.php b/lib/default.php
index 3518bb4cb9e73aaf2bd9b3865366b632ab8b96ab..1b420684b664ba87d1b20faea71606332514e32f 100644 (file)
--- a/lib/default.php
+++ b/lib/default.php
@@ -142,6 +142,10 @@ $default =
               'path' => $_path . '/avatar/',
               'ssl' => null,
               'maxsize' => 300),
+        'foaf' =>
+        array(
+              'mbox_sha1sum' => false,
+            ),
         'public' =>
         array('localonly' => false,
               'blacklist' => array(),