harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

diaspora private mail seems to work now - but there's an obfuscation leak via the conversation structure that needs to be dealt with.

Browse Source
This commit is contained in:
friendica 2014-09-23 20:36:10 -07:00
parent 2b466ccb8c
commit f203d2a3b0
3 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
boot.php
View File

@ -553,6 +553,7 @@ define ( 'ITEM_NOCOMMENT', 0x0800); // commenting/followups are disabled
define ( 'ITEM_OBSCURED', 0x1000); // bit-mangled to protect from casual browsing by site admin define ( 'ITEM_OBSCURED', 0x1000); // bit-mangled to protect from casual browsing by site admin
define ( 'ITEM_VERIFIED', 0x2000); // Signature verification was successful define ( 'ITEM_VERIFIED', 0x2000); // Signature verification was successful
define ( 'ITEM_RETAINED', 0x4000); // We looked at this item once to decide whether or not to expire it, and decided not to. define ( 'ITEM_RETAINED', 0x4000); // We looked at this item once to decide whether or not to expire it, and decided not to.
define ( 'ITEM_RSS', 0x8000); // Item comes from a feed. Use this to decide whether to link the title
// Don't make us evaluate this same item again. // Don't make us evaluate this same item again.
/** /**
* *

21
include/diaspora.php
View File

@ -1622,6 +1622,7 @@ function diaspora_message($importer,$xml,$msg) {
$reply = 0; $reply = 0;
$subject = $conversation['subject'];
$body = diaspora2bb($msg_text); $body = diaspora2bb($msg_text);
$message_id = $msg_diaspora_handle . ':' . $msg_guid; $message_id = $msg_diaspora_handle . ':' . $msg_guid;
@ -1631,8 +1632,8 @@ function diaspora_message($importer,$xml,$msg) {
$author_signature = base64_decode($msg_author_signature); $author_signature = base64_decode($msg_author_signature);
$person = find_diaspora_person_by_handle($msg_diaspora_handle); $person = find_diaspora_person_by_handle($msg_diaspora_handle);
if(is_array($person) && x($person,'pubkey')) if(is_array($person) && x($person,'xchan_pubkey'))
$key = $person['pubkey']; $key = $person['xchan_pubkey'];
else { else {
logger('diaspora_message: unable to find author details'); logger('diaspora_message: unable to find author details');
return; return;
@ -1643,7 +1644,7 @@ function diaspora_message($importer,$xml,$msg) {
return; return;
} }
$r = q("select id from mail where mid = '%s' and uid = %d limit 1", $r = q("select id from mail where mid = '%s' and channel_id = %d limit 1",
dbesc($message_id), dbesc($message_id),
intval($importer['channel_id']) intval($importer['channel_id'])
); );
@ -1663,7 +1664,7 @@ function diaspora_message($importer,$xml,$msg) {
intval($conversation['id']), intval($conversation['id']),
dbesc($person['xchan_hash']), dbesc($person['xchan_hash']),
dbesc($importer['xchan_hash']), dbesc($importer['xchan_hash']),
dbesc($conversation['subject']), dbesc($subject),
dbesc($body), dbesc($body),
intval(MAIL_OBSCURED), intval(MAIL_OBSCURED),
dbesc($msg_guid), dbesc($msg_guid),
@ -2394,7 +2395,7 @@ function diaspora_send_images($item,$owner,$contact,$images,$public_batch = fals
function diaspora_send_followup($item,$owner,$contact,$public_batch = false) { function diaspora_send_followup($item,$owner,$contact,$public_batch = false) {
$a = get_app(); $a = get_app();
$myaddr = $owner['channel_address'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $myaddr = $owner['channel_address'] . '@' . get_app()->get_hostname();
$theiraddr = $contact['xchan_addr']; $theiraddr = $contact['xchan_addr'];
// Diaspora doesn't support threaded comments, but some // Diaspora doesn't support threaded comments, but some
@ -2485,7 +2486,7 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) {
$a = get_app(); $a = get_app();
$myaddr = $owner['channel_address'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $myaddr = $owner['channel_address'] . '@' . get_app()->get_hostname();
$text = bb2diaspora_itembody($item); $text = bb2diaspora_itembody($item);
@ -2627,7 +2628,7 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) {
function diaspora_send_retraction($item,$owner,$contact,$public_batch = false) { function diaspora_send_retraction($item,$owner,$contact,$public_batch = false) {
$a = get_app(); $a = get_app();
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $myaddr = $owner['channel_address'] . '@' . get_app()->get_hostname();
// Check whether the retraction is for a top-level post or whether it's a relayable // Check whether the retraction is for a top-level post or whether it's a relayable
if( $item['mid'] !== $item['parent_mid'] ) { if( $item['mid'] !== $item['parent_mid'] ) {
@ -2658,7 +2659,7 @@ function diaspora_send_retraction($item,$owner,$contact,$public_batch = false) {
function diaspora_send_mail($item,$owner,$contact) { function diaspora_send_mail($item,$owner,$contact) {
$a = get_app(); $a = get_app();
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $myaddr = $owner['channel_address'] . '@' . get_app()->get_hostname();
$r = q("select * from conv where id = %d and uid = %d limit 1", $r = q("select * from conv where id = %d and uid = %d limit 1",
intval($item['convid']), intval($item['convid']),
@ -2691,13 +2692,13 @@ function diaspora_send_mail($item,$owner,$contact) {
$body = bb2diaspora($item['body']); $body = bb2diaspora($item['body']);
$created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C'); $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C');
$signed_text = $item['guid'] . ';' . $cnv['guid'] . ';' . $body . ';' $signed_text = $item['mid'] . ';' . $cnv['guid'] . ';' . $body . ';'
. $created . ';' . $myaddr . ';' . $cnv['guid']; . $created . ';' . $myaddr . ';' . $cnv['guid'];
$sig = base64_encode(rsa_sign($signed_text,$owner['channel_prvkey'],'sha256')); $sig = base64_encode(rsa_sign($signed_text,$owner['channel_prvkey'],'sha256'));
$msg = array( $msg = array(
'guid' => xmlify($item['guid']), 'guid' => xmlify($item['mid']),
'parent_guid' => xmlify($cnv['guid']), 'parent_guid' => xmlify($cnv['guid']),
'parent_author_signature' => (($item['reply']) ? null : xmlify($sig)), 'parent_author_signature' => (($item['reply']) ? null : xmlify($sig)),
'author_signature' => xmlify($sig), 'author_signature' => xmlify($sig),

3
include/items.php
View File

@ -1428,6 +1428,8 @@ function get_atom_elements($feed,$item,&$author) {
$res['title'] = unxmlify($item->get_title()); $res['title'] = unxmlify($item->get_title());
$res['body'] = unxmlify($item->get_content()); $res['body'] = unxmlify($item->get_content());
$res['plink'] = unxmlify($item->get_link(0)); $res['plink'] = unxmlify($item->get_link(0));
$res['item_flags'] = ITEM_RSS;
// removing the content of the title if its identically to the body // removing the content of the title if its identically to the body
// This helps with auto generated titles e.g. from tumblr // This helps with auto generated titles e.g. from tumblr
@ -3196,7 +3198,6 @@ function mail_store($arr) {
} }
/** /**
* *
* consume_feed - process atom feed and update anything/everything we might need to update * consume_feed - process atom feed and update anything/everything we might need to update