fix some privacy leakage in logs

2013-07-31 18:57:14 -07:00 · 2013-07-31 18:57:14 -07:00 · 0d22e1eefb
commit 0d22e1eefb
parent c00c550c58
3 changed files with 29 additions and 25 deletions
--- a/include/items.php
+++ b/include/items.php
@ -532,6 +532,21 @@ function get_item_elements($x) {
 	$arr['item_private'] = ((array_key_exists('flags',$x) && is_array($x['flags']) && in_array('private',$x['flags'])) ? 1 : 0);
 	$arr['item_flags'] = 0;
 	// if it's a private post, encrypt it in the DB.
 	// We have to do that here because we need to cleanse the input and prevent bad stuff from getting in,
 	// and we need plaintext to do that. 
 	if(intval($arr['item_private'])) {
 		$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
 		$key = get_config('system','pubkey');
 		if($arr['title'])
 			$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
 		if($arr['body'])
 			$arr['body']  = json_encode(aes_encapsulate($arr['body'],$key));
 	}
 	if(array_key_exists('flags',$x) && in_array('deleted',$x['flags']))
 		$arr['item_restrict'] = ITEM_DELETED; 
--- a/include/zot.php
+++ b/include/zot.php
@ -834,20 +834,6 @@ function zot_import($arr) {
 				if($i['message']['type'] === 'activity') {
 					$arr = get_item_elements($i['message']);
 					// if it's a private post, encrypt it in the DB.
 					// We have to do that here because we need to cleanse the input and prevent bad stuff from getting in,
 					// and we need plaintext to do that. 
 					if(array_key_exists('item_private',$arr) && intval($arr['item_private'])) {
 						logger('Encrypting local storage');
 						$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
 						$key = get_config('system','pubkey');
 						if($arr['title'])
 							$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
 						if($arr['body'])
 							$arr['body']  = json_encode(aes_encapsulate($arr['body'],$key));
 					}
 					if(! array_key_exists('created',$arr)) {
 						logger('Activity rejected: probable failure to lookup author/owner. ' . print_r($i['message'],true));
 						continue;
--- a/mod/item.php
+++ b/mod/item.php
@ -44,7 +44,7 @@ function item_post(&$a) {
 	call_hooks('post_local_start', $_REQUEST);
-	logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
+//	logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
 	$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
@ -130,14 +130,15 @@ function item_post(&$a) {
 		//if(($parid) && ($parid != $parent))
 			$thr_parent = $parent_mid;
-		if($parent_item['contact-id'] && $uid) {
+//		if($parent_item['contact-id'] && $uid) {
-			$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+//			$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
-				intval($parent_item['contact-id']),
+//				intval($parent_item['contact-id']),
-				intval($uid)
+//				intval($uid)
-			);
+//			);
-			if(count($r))
+//			if(count($r))
-				$parent_contact = $r[0];
+//				$parent_contact = $r[0];
-		}
+//		}
 	}
 	if($parent) {
@ -203,6 +204,10 @@ function item_post(&$a) {
 			goaway($a->get_baseurl() . "/" . $return_path );
 		killme();
 	}
 	if($observer) {
 		logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG);
 	}
 	if($orig_post) {
@ -333,8 +338,6 @@ function item_post(&$a) {
 			$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
 	}
 	/**
 	 * fix naked links by passing through a callback to see if this is a red site
 	 * (already known to us) which will get a zrl, otherwise link with url