encrypt diaspora_meta since it may contain private message contents
This commit is contained in:
friendica
parent
6ab21b3d4f
commit
de89bdc45f
@ -263,10 +263,19 @@ function bb2dmention_callback($match) {
|
||||
function bb2diaspora_itembody($item) {
|
||||
|
||||
if($item['diaspora_meta']) {
|
||||
$j = json_decode($item['diaspora_meta'],true);
|
||||
if($j && $j['body']) {
|
||||
logger('bb2diaspora_itembody: cached ');
|
||||
return $j['body'];
|
||||
$diaspora_meta = json_decode($item['diaspora_meta'],true);
|
||||
if($diaspora_meta) {
|
||||
if(array_key_exists('iv',$diaspora_meta)) {
|
||||
$key = get_config('system','prvkey');
|
||||
$meta = json_decode(crypto_unencapsulate($diaspora_meta,$key),true);
|
||||
}
|
||||
else {
|
||||
$meta = $diaspora_meta;
|
||||
}
|
||||
if($meta) {
|
||||
logger('bb2diaspora_itembody: cached ');
|
||||
return $meta['body'];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1364,8 +1364,10 @@ function diaspora_comment($importer,$xml,$msg) {
|
||||
$datarray['app'] = 'Diaspora';
|
||||
|
||||
if(! $parent_author_signature) {
|
||||
$datarray['diaspora_meta'] = array('signer' => $diaspora_handle, 'body' => $text,
|
||||
'signed_text' => $signed_data, 'signature' => base64_encode($author_signature));
|
||||
$key = get_config('system','pubkey');
|
||||
$x = array('signer' => $diaspora_handle, 'body' => $text,
|
||||
'signed_text' => $signed_data, 'signature' => base64_encode($author_signature));
|
||||
$datarray['diaspora_meta'] = json_encode(crypto_encapsulate(json_encode($x),$key));
|
||||
}
|
||||
|
||||
$result = item_store($datarray);
|
||||
@ -1934,8 +1936,10 @@ function diaspora_like($importer,$xml,$msg) {
|
||||
$arr['object'] = $object;
|
||||
|
||||
if(! $parent_author_signature) {
|
||||
$datarray['diaspora_meta'] = array('signer' => $diaspora_handle, 'body' => $text,
|
||||
'signed_text' => $signed_data, 'signature' => base64_encode($author_signature));
|
||||
$key = get_config('system','pubkey');
|
||||
$x = array('signer' => $diaspora_handle, 'body' => $text,
|
||||
'signed_text' => $signed_data, 'signature' => base64_encode($author_signature));
|
||||
$arr['diaspora_meta'] = json_encode(crypto_encapsulate(json_encode($x),$key));
|
||||
}
|
||||
|
||||
$x = item_store($arr);
|
||||
@ -2430,13 +2434,19 @@ function diaspora_send_followup($item,$owner,$contact,$public_batch = false) {
|
||||
}
|
||||
|
||||
if($item['diaspora_meta'] && ! $like) {
|
||||
$j = json_decode($item['diaspora_meta'],true);
|
||||
if($j) {
|
||||
$signed_text = $j['signed_text'];
|
||||
$text = $j['body'];
|
||||
$signer = $j['signer'];
|
||||
$authorsig = $j['signature'];
|
||||
$diaspora_meta = json_decode($item['diaspora_meta'],true);
|
||||
if($diaspora_meta) {
|
||||
if(array_key_exists('iv',$diaspora_meta)) {
|
||||
$key = get_config('system','prvkey');
|
||||
$meta = json_decode(crypto_unencapsulate($diaspora_meta,$key),true);
|
||||
}
|
||||
else
|
||||
$meta = $diaspora_meta;
|
||||
}
|
||||
$signed_text = $meta['signed_text'];
|
||||
$authorsig = $meta['signature'];
|
||||
$signer = $meta['signer'];
|
||||
$text = $meta['body'];
|
||||
}
|
||||
else {
|
||||
$text = bb2diaspora_itembody($item);
|
||||
@ -2534,10 +2544,16 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) {
|
||||
|
||||
$diaspora_meta = (($item['diaspora_meta']) ? json_decode($item['diaspora_meta'],true) : '');
|
||||
if($diaspora_meta) {
|
||||
$sender_signed_text = $diaspora_meta['signed_text'];
|
||||
$authorsig = $diaspora_meta['signature'];
|
||||
$handle = $diaspora_meta['signer'];
|
||||
$text = $diaspora_meta['body'];
|
||||
if(array_key_exists('iv',$diaspora_meta)) {
|
||||
$key = get_config('system','prvkey');
|
||||
$meta = json_decode(crypto_unencapsulate($diaspora_meta,$key),true);
|
||||
}
|
||||
else
|
||||
$meta = $diaspora_meta;
|
||||
$sender_signed_text = $meta['signed_text'];
|
||||
$authorsig = $meta['signature'];
|
||||
$handle = $meta['signer'];
|
||||
$text = $meta['body'];
|
||||
}
|
||||
else
|
||||
logger('diaspora_send_relay: original author signature not found');
|
||||
|
||||
@ -2394,8 +2394,11 @@ function store_diaspora_comment_sig($datarray, $channel, $parent_item, $post_id)
|
||||
|
||||
$x = array('signer' => $diaspora_handle, 'body' => $signed_body, 'signed_text' => $signed_text, 'signature' => base64_encode($authorsig));
|
||||
|
||||
$key = get_config('system','pubkey');
|
||||
$y = crypto_encapsulate(json_encode($x),$key);
|
||||
|
||||
$r = q("update item set diaspora_meta = '%s' where id = %d limit 1",
|
||||
dbesc(json_encode($x)),
|
||||
dbesc(json_encode($y)),
|
||||
intval($post_id)
|
||||
);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user