ensure that no unencrypted content leaks through item_store which is private - we typically do this in mod/item, but some functions
bypass mod/item to create private posts
This commit is contained in:
friendica
parent
6197f945ad
commit
222fe08420
@ -262,7 +262,7 @@ class Item extends BaseObject {
|
||||
}
|
||||
}
|
||||
|
||||
$result['private'] = $item['private'];
|
||||
$result['private'] = $item['item_private'];
|
||||
$result['toplevel'] = ($this->is_toplevel() ? 'toplevel_item' : '');
|
||||
|
||||
if($this->is_threaded()) {
|
||||
|
||||
@ -1356,18 +1356,33 @@ function item_store($arr,$force_parent = false) {
|
||||
if(array_key_exists('parent',$arr))
|
||||
unset($arr['parent']);
|
||||
|
||||
$arr['lang'] = detect_language($arr['body']);
|
||||
|
||||
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
|
||||
// only detect language if we have text content, and if the post is private but not yet
|
||||
// obscured, make it so.
|
||||
|
||||
if(! ($arr['item_flags'] & ITEM_OBSCURED)) {
|
||||
$arr['lang'] = detect_language($arr['body']);
|
||||
|
||||
$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
|
||||
|
||||
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
|
||||
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
|
||||
call_hooks('item_translate', $translate);
|
||||
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
|
||||
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
|
||||
return;
|
||||
if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
|
||||
$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
|
||||
call_hooks('item_translate', $translate);
|
||||
if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
|
||||
logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
|
||||
return;
|
||||
}
|
||||
$arr = $translate['item'];
|
||||
}
|
||||
$arr = $translate['item'];
|
||||
if($arr['item_private']) {
|
||||
$key = get_config('system','pubkey');
|
||||
$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
|
||||
if($arr['title'])
|
||||
$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
|
||||
if($arr['body'])
|
||||
$arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin.
|
||||
|
||||
@ -1258,7 +1258,7 @@ function feed_salmonlinks($nick) {
|
||||
|
||||
function get_plink($item) {
|
||||
$a = get_app();
|
||||
if (x($item,'plink') && ($item['private'] != 1)) {
|
||||
if (x($item,'plink') && ($item['item_private'] != 1)) {
|
||||
return array(
|
||||
'href' => $item['plink'],
|
||||
'title' => t('link to source'),
|
||||
|
||||
@ -38,7 +38,7 @@ function mood_init(&$a) {
|
||||
);
|
||||
if(count($r)) {
|
||||
$parent_mid = $r[0]['mid'];
|
||||
$private = $r[0]['private'];
|
||||
$private = $r[0]['item_private'];
|
||||
$allow_cid = $r[0]['allow_cid'];
|
||||
$allow_gid = $r[0]['allow_gid'];
|
||||
$deny_cid = $r[0]['deny_cid'];
|
||||
@ -80,6 +80,7 @@ function mood_init(&$a) {
|
||||
$arr['allow_gid'] = $allow_gid;
|
||||
$arr['deny_cid'] = $deny_cid;
|
||||
$arr['deny_gid'] = $deny_gid;
|
||||
$arr['item_private'] = $private;
|
||||
$arr['verb'] = $activity;
|
||||
$arr['body'] = $action;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user