From afbdcf8938c503323e448b6bb35e7b3b812b2e86 Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Fri, 19 Feb 2016 00:10:05 +0100
Subject: [PATCH] Don't publish mbox_sha1sum in FOAF by default.

We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
---
 actions/foaf.php | 2 +-
 lib/default.php  | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/actions/foaf.php b/actions/foaf.php
index 260388ba44..bf9cf1b957 100644
--- a/actions/foaf.php
+++ b/actions/foaf.php
@@ -90,7 +90,7 @@ class FoafAction extends ManagedAction
 
         // Would be nice to tell if they were a Person or not (e.g. a #person usertag?)
         $this->elementStart('Agent', array('rdf:about' => $this->user->getUri()));
-        if ($this->user->email) {
+        if (common_config('foaf', 'mbox_sha1sum') && $this->user->email) {
             $this->element('mbox_sha1sum', null, sha1('mailto:' . $this->user->email));
         }
         if ($this->profile->fullname) {
diff --git a/lib/default.php b/lib/default.php
index 3518bb4cb9..1b420684b6 100644
--- a/lib/default.php
+++ b/lib/default.php
@@ -142,6 +142,10 @@ $default =
               'path' => $_path . '/avatar/',
               'ssl' => null,
               'maxsize' => 300),
+        'foaf' =>
+        array(
+              'mbox_sha1sum' => false,
+            ),
         'public' =>
         array('localonly' => false,
               'blacklist' => array(),