aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-08-01 18:50:36 -0700
committerfriendica <info@friendica.com>2013-08-01 18:50:36 -0700
commit222fe08420802f7eacd4a544953f507d536c3fb8 (patch)
tree26a031f9a1c066402a7a0d475e3429830e291707
parent6197f945adb62da9d1aeb2a8f4058ed4651fa3b6 (diff)
downloadvolse-hubzilla-222fe08420802f7eacd4a544953f507d536c3fb8.tar.gz
volse-hubzilla-222fe08420802f7eacd4a544953f507d536c3fb8.tar.bz2
volse-hubzilla-222fe08420802f7eacd4a544953f507d536c3fb8.zip
ensure that no unencrypted content leaks through item_store which is private - we typically do this in mod/item, but some functions
bypass mod/item to create private posts
-rw-r--r--include/ItemObject.php2
-rwxr-xr-xinclude/items.php33
-rwxr-xr-xinclude/text.php2
-rwxr-xr-xmod/mood.php3
4 files changed, 28 insertions, 12 deletions
diff --git a/include/ItemObject.php b/include/ItemObject.php
index b31e60cbc..8c8c0ee2a 100644
--- a/include/ItemObject.php
+++ b/include/ItemObject.php
@@ -262,7 +262,7 @@ class Item extends BaseObject {
}
}
- $result['private'] = $item['private'];
+ $result['private'] = $item['item_private'];
$result['toplevel'] = ($this->is_toplevel() ? 'toplevel_item' : '');
if($this->is_threaded()) {
diff --git a/include/items.php b/include/items.php
index 13d891736..b1ec3b14f 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1356,18 +1356,33 @@ function item_store($arr,$force_parent = false) {
if(array_key_exists('parent',$arr))
unset($arr['parent']);
- $arr['lang'] = detect_language($arr['body']);
- $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
+ // only detect language if we have text content, and if the post is private but not yet
+ // obscured, make it so.
+
+ if(! ($arr['item_flags'] & ITEM_OBSCURED)) {
+ $arr['lang'] = detect_language($arr['body']);
+
+ $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
- if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
- $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
- call_hooks('item_translate', $translate);
- if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
- logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
- return;
+ if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
+ $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
+ call_hooks('item_translate', $translate);
+ if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
+ logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
+ return;
+ }
+ $arr = $translate['item'];
}
- $arr = $translate['item'];
+ if($arr['item_private']) {
+ $key = get_config('system','pubkey');
+ $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
+ if($arr['title'])
+ $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
+ if($arr['body'])
+ $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key));
+ }
+
}
// Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin.
diff --git a/include/text.php b/include/text.php
index 890355aea..66fa668a9 100755
--- a/include/text.php
+++ b/include/text.php
@@ -1258,7 +1258,7 @@ function feed_salmonlinks($nick) {
function get_plink($item) {
$a = get_app();
- if (x($item,'plink') && ($item['private'] != 1)) {
+ if (x($item,'plink') && ($item['item_private'] != 1)) {
return array(
'href' => $item['plink'],
'title' => t('link to source'),
diff --git a/mod/mood.php b/mod/mood.php
index 0c611997c..7b6a0c392 100755
--- a/mod/mood.php
+++ b/mod/mood.php
@@ -38,7 +38,7 @@ function mood_init(&$a) {
);
if(count($r)) {
$parent_mid = $r[0]['mid'];
- $private = $r[0]['private'];
+ $private = $r[0]['item_private'];
$allow_cid = $r[0]['allow_cid'];
$allow_gid = $r[0]['allow_gid'];
$deny_cid = $r[0]['deny_cid'];
@@ -80,6 +80,7 @@ function mood_init(&$a) {
$arr['allow_gid'] = $allow_gid;
$arr['deny_cid'] = $deny_cid;
$arr['deny_gid'] = $deny_gid;
+ $arr['item_private'] = $private;
$arr['verb'] = $activity;
$arr['body'] = $action;