aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-07-31 18:57:14 -0700
committerfriendica <info@friendica.com>2013-07-31 18:57:14 -0700
commit0d22e1eefbb09b3b4e2c16845131a9db89d52a6e (patch)
tree4c2e04a598eae264a490f1b9c8eca55e4702cd2f
parentc00c550c58f0125785b194c9413a98e114a7ab98 (diff)
downloadvolse-hubzilla-0d22e1eefbb09b3b4e2c16845131a9db89d52a6e.tar.gz
volse-hubzilla-0d22e1eefbb09b3b4e2c16845131a9db89d52a6e.tar.bz2
volse-hubzilla-0d22e1eefbb09b3b4e2c16845131a9db89d52a6e.zip
fix some privacy leakage in logs
-rwxr-xr-xinclude/items.php15
-rw-r--r--include/zot.php14
-rw-r--r--mod/item.php25
3 files changed, 29 insertions, 25 deletions
diff --git a/include/items.php b/include/items.php
index 49e3dd3de..13d891736 100755
--- a/include/items.php
+++ b/include/items.php
@@ -532,6 +532,21 @@ function get_item_elements($x) {
$arr['item_private'] = ((array_key_exists('flags',$x) && is_array($x['flags']) && in_array('private',$x['flags'])) ? 1 : 0);
+ $arr['item_flags'] = 0;
+
+ // if it's a private post, encrypt it in the DB.
+ // We have to do that here because we need to cleanse the input and prevent bad stuff from getting in,
+ // and we need plaintext to do that.
+
+ if(intval($arr['item_private'])) {
+ $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
+ $key = get_config('system','pubkey');
+ if($arr['title'])
+ $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
+ if($arr['body'])
+ $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
+ }
+
if(array_key_exists('flags',$x) && in_array('deleted',$x['flags']))
$arr['item_restrict'] = ITEM_DELETED;
diff --git a/include/zot.php b/include/zot.php
index c53e6c267..b4e005076 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -834,20 +834,6 @@ function zot_import($arr) {
if($i['message']['type'] === 'activity') {
$arr = get_item_elements($i['message']);
- // if it's a private post, encrypt it in the DB.
- // We have to do that here because we need to cleanse the input and prevent bad stuff from getting in,
- // and we need plaintext to do that.
-
- if(array_key_exists('item_private',$arr) && intval($arr['item_private'])) {
- logger('Encrypting local storage');
- $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
- $key = get_config('system','pubkey');
- if($arr['title'])
- $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
- if($arr['body'])
- $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
- }
-
if(! array_key_exists('created',$arr)) {
logger('Activity rejected: probable failure to lookup author/owner. ' . print_r($i['message'],true));
continue;
diff --git a/mod/item.php b/mod/item.php
index 0509d8fab..990acd2f0 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -44,7 +44,7 @@ function item_post(&$a) {
call_hooks('post_local_start', $_REQUEST);
- logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
+// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
@@ -130,14 +130,15 @@ function item_post(&$a) {
//if(($parid) && ($parid != $parent))
$thr_parent = $parent_mid;
- if($parent_item['contact-id'] && $uid) {
- $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
- intval($parent_item['contact-id']),
- intval($uid)
- );
- if(count($r))
- $parent_contact = $r[0];
- }
+// if($parent_item['contact-id'] && $uid) {
+// $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+// intval($parent_item['contact-id']),
+// intval($uid)
+// );
+// if(count($r))
+// $parent_contact = $r[0];
+// }
+
}
if($parent) {
@@ -203,6 +204,10 @@ function item_post(&$a) {
goaway($a->get_baseurl() . "/" . $return_path );
killme();
}
+
+ if($observer) {
+ logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG);
+ }
if($orig_post) {
@@ -333,8 +338,6 @@ function item_post(&$a) {
$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
}
-
-
/**
* fix naked links by passing through a callback to see if this is a red site
* (already known to us) which will get a zrl, otherwise link with url