harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

The rest of the library and backend changes to support client-side e2ee and deprecate previous uses of item_obscured.

Browse Source
This commit is contained in:
zotlabs 2017-04-20 20:19:15 -07:00
parent 2d90b831f0
commit 94f15e3551
6 changed files with 20 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Zotlabs/Module/Editpost.php
View File

@ -31,7 +31,10 @@ class Editpost extends \Zotlabs\Web\Controller {
dbesc(get_observer_hash()) dbesc(get_observer_hash())
); );
if(! count($itm)) { // don't allow web editing of potentially binary content (item_obscured = 1)
// @FIXME how do we do it instead?
if((! $itm) || intval($itm[0]['item_obscured'])) {
notice( t('Item is not editable') . EOL); notice( t('Item is not editable') . EOL);
return; return;
} }
@ -44,14 +47,6 @@ class Editpost extends \Zotlabs\Web\Controller {
$channel = \App::get_channel(); $channel = \App::get_channel();
if(intval($itm[0]['item_obscured'])) {
$key = get_config('system','prvkey');
if($itm[0]['title'])
$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
if($itm[0]['body'])
$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
}
$category = ''; $category = '';
$catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : ''); $catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : '');

13
Zotlabs/Module/Editwebpage.php
View File

@ -100,19 +100,14 @@ class Editwebpage extends \Zotlabs\Web\Controller {
intval($owner) intval($owner)
); );
if(! $itm) { // don't allow web editing of potentially binary content (item_obscured = 1)
// @FIXME how do we do it instead?
if((! $itm) || intval($itm[0]['item_obscured'])) {
notice( t('Permission denied.') . EOL); notice( t('Permission denied.') . EOL);
return; return;
} }
if(intval($itm[0]['item_obscured'])) {
$key = get_config('system','prvkey');
if($itm[0]['title'])
$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
if($itm[0]['body'])
$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
}
$item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1", $item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1",
intval($itm[0]['id']) intval($itm[0]['id'])
); );

1
Zotlabs/Module/Item.php
View File

@ -110,6 +110,7 @@ class Item extends \Zotlabs\Web\Controller {
$preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0);
$categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : ''); $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : '');
$webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0);
$item_obscured = ((x($_REQUEST,'obscured')) ? intval($_REQUEST['obscured']) : 0);
$pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : ''); $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '');
$layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): '');
$plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : '');

2
Zotlabs/Module/Viewsrc.php
View File

@ -36,7 +36,7 @@ class Viewsrc extends \Zotlabs\Web\Controller {
if($r) { if($r) {
if(intval($r[0]['item_obscured'])) if(intval($r[0]['item_obscured']))
$r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey')); $dload = true;
if($dload) { if($dload) {
header('Content-type: ' . $r[0]['mimetype']); header('Content-type: ' . $r[0]['mimetype']);

35
include/items.php
View File

@ -605,6 +605,9 @@ function get_item_elements($x,$allow_code = false) {
if(in_array('notshown',$x['flags'])) if(in_array('notshown',$x['flags']))
$arr['item_notshown'] = 1; $arr['item_notshown'] = 1;
if(in_array('obscured',$x['flags']))
$arr['item_obscured'] = 1;
// hidden item are no longer propagated - notshown may be a suitable alternative // hidden item are no longer propagated - notshown may be a suitable alternative
if(in_array('hidden',$x['flags'])) if(in_array('hidden',$x['flags']))
@ -707,7 +710,7 @@ function get_item_elements($x,$allow_code = false) {
// local only $arr['item_relay'] = $x['item_relay']; // local only $arr['item_relay'] = $x['item_relay'];
$arr['item_mentionsme'] = $x['item_mentionsme']; $arr['item_mentionsme'] = $x['item_mentionsme'];
$arr['item_nocomment'] = $x['item_nocomment']; $arr['item_nocomment'] = $x['item_nocomment'];
// local only $arr['item_obscured'] = $x['item_obscured']; $arr['item_obscured'] = $x['item_obscured'];
// local only $arr['item_verified'] = $x['item_verified']; // local only $arr['item_verified'] = $x['item_verified'];
$arr['item_retained'] = $x['item_retained']; $arr['item_retained'] = $x['item_retained'];
$arr['item_rss'] = $x['item_rss']; $arr['item_rss'] = $x['item_rss'];
@ -955,13 +958,6 @@ function encode_item($item,$mirror = false) {
$key = get_config('system','prvkey'); $key = get_config('system','prvkey');
if(array_key_exists('item_obscured',$item) && intval($item['item_obscured'])) {
if($item['title'])
$item['title'] = crypto_unencapsulate(json_decode($item['title'],true),$key);
if($item['body'])
$item['body'] = crypto_unencapsulate(json_decode($item['body'],true),$key);
}
// If we're trying to backup an item so that it's recoverable or for export/imprt, // If we're trying to backup an item so that it's recoverable or for export/imprt,
// add all the attributes we need to recover it // add all the attributes we need to recover it
@ -1309,7 +1305,9 @@ function encode_item_flags($item) {
$ret[] = 'nsfw'; $ret[] = 'nsfw';
if(intval($item['item_consensus'])) if(intval($item['item_consensus']))
$ret[] = 'consensus'; $ret[] = 'consensus';
if(intval($item['item_private'])) if(intval($item['item_obscured']))
$ret[] = 'obscured';
if(intval($item['item_privat']))
$ret[] = 'private'; $ret[] = 'private';
return $ret; return $ret;
@ -2479,15 +2477,7 @@ function tag_deliver($uid, $item_id) {
// Now let's check if this mention was inside a reshare so we don't spam a forum // Now let's check if this mention was inside a reshare so we don't spam a forum
// If it's private we may have to unobscure it momentarily so that we can parse it. // If it's private we may have to unobscure it momentarily so that we can parse it.
$body = ''; $body = $item['body'];
if(intval($item['item_obscured'])) {
$key = get_config('system','prvkey');
if($item['body'])
$body = crypto_unencapsulate(json_decode($item['body'],true),$key);
}
else
$body = $item['body'];
$body = preg_replace('/\[share(.*?)\[\/share\]/','',$body); $body = preg_replace('/\[share(.*?)\[\/share\]/','',$body);
@ -2638,11 +2628,6 @@ function tgroup_check($uid,$item) {
$body = $item['body']; $body = $item['body'];
if(array_key_exists('item_obscured',$item) && intval($item['item_obscured']) && $body) {
$key = get_config('system','prvkey');
$body = crypto_unencapsulate(json_decode($body,true),$key);
}
$body = preg_replace('/\[share(.*?)\[\/share\]/','',$body); $body = preg_replace('/\[share(.*?)\[\/share\]/','',$body);
// $pattern = '/@\!?\[zrl\=' . preg_quote($term['url'],'/') . '\]' . preg_quote($term['term'] . '+','/') . '\[\/zrl\]/'; // $pattern = '/@\!?\[zrl\=' . preg_quote($term['url'],'/') . '\]' . preg_quote($term['term'] . '+','/') . '\[\/zrl\]/';
@ -2736,7 +2721,6 @@ function start_delivery_chain($channel, $item, $item_id, $parent) {
$item_origin = 1; $item_origin = 1;
$item_uplink = 0; $item_uplink = 0;
$item_nocomment = 0; $item_nocomment = 0;
$item_obscured = 0;
$flag_bits = $item['item_flags']; $flag_bits = $item['item_flags'];
@ -2759,11 +2743,10 @@ function start_delivery_chain($channel, $item, $item_id, $parent) {
$title = $item['title']; $title = $item['title'];
$body = $item['body']; $body = $item['body'];
$r = q("update item set item_uplink = %d, item_nocomment = %d, item_obscured = %d, item_flags = %d, owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', $r = q("update item set item_uplink = %d, item_nocomment = %d, item_flags = %d, owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s',
deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s', item_wall = %d, item_origin = %d where id = %d", deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s', item_wall = %d, item_origin = %d where id = %d",
intval($item_uplink), intval($item_uplink),
intval($item_nocomment), intval($item_nocomment),
intval($item_obscured),
intval($flag_bits), intval($flag_bits),
dbesc($channel['channel_hash']), dbesc($channel['channel_hash']),
dbesc($channel['channel_allow_cid']), dbesc($channel['channel_allow_cid']),

15
include/text.php
View File

@ -1372,20 +1372,7 @@ function link_compare($a, $b) {
function unobscure(&$item) { function unobscure(&$item) {
if(array_key_exists('item_obscured',$item) && intval($item['item_obscured'])) { return;
$key = get_config('system','prvkey');
if($item['title'])
$item['title'] = crypto_unencapsulate(json_decode($item['title'],true),$key);
if($item['body'])
$item['body'] = crypto_unencapsulate(json_decode($item['body'],true),$key);
if(get_config('system','item_cache')) {
q("update item set title = '%s', body = '%s', item_obscured = 0 where id = %d",
dbesc($item['title']),
dbesc($item['body']),
intval($item['id'])
);
}
}
} }
function unobscure_mail(&$item) { function unobscure_mail(&$item) {