aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-12-23 15:13:09 -0800
committerfriendica <info@friendica.com>2013-12-23 15:13:09 -0800
commit63a42480c7eb36bdc8b63b31b2a4d222ba5751cd (patch)
treeb0bd80b8f114e2711152ce0374783a7106e068b1
parent4517bdcff1aa75c5389f9fb29947012fca5df4e1 (diff)
downloadvolse-hubzilla-63a42480c7eb36bdc8b63b31b2a4d222ba5751cd.tar.gz
volse-hubzilla-63a42480c7eb36bdc8b63b31b2a4d222ba5751cd.tar.bz2
volse-hubzilla-63a42480c7eb36bdc8b63b31b2a4d222ba5751cd.zip
add account_level, is_foreigner and is_member functions; convert all e2ee user input and prompts to hex to avoid javascipt's lame handling of quotes. !!This breaks all prior encrypted posts.!!
-rwxr-xr-xboot.php2
-rw-r--r--include/bbcode.php11
-rw-r--r--include/identity.php32
-rw-r--r--install/database.sql4
-rw-r--r--install/update.php11
-rw-r--r--js/crypto.js10
-rw-r--r--js/main.js9
-rw-r--r--mod/chanview.php12
-rw-r--r--mod/post.php5
9 files changed, 80 insertions, 16 deletions
diff --git a/boot.php b/boot.php
index 7d9075af2..777d927d2 100755
--- a/boot.php
+++ b/boot.php
@@ -46,7 +46,7 @@ define ( 'RED_PLATFORM', 'Red Matrix' );
define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'R');
define ( 'ZOT_REVISION', 1 );
-define ( 'DB_UPDATE_VERSION', 1086 );
+define ( 'DB_UPDATE_VERSION', 1087 );
define ( 'EOL', '<br />' . "\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
diff --git a/include/bbcode.php b/include/bbcode.php
index 271cace73..6374675f1 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -105,21 +105,24 @@ function bb_parse_crypt($match) {
$attributes = $match[1];
$algorithm = "";
+
preg_match("/alg='(.*?)'/ism", $attributes, $matches);
if ($matches[1] != "")
- $algorithm = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8');
+ $algorithm = $matches[1];
preg_match("/alg=\&quot\;(.*?)\&quot\;/ism", $attributes, $matches);
if ($matches[1] != "")
- $algorithm = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8');
+ $algorithm = $matches[1];
$hint = "";
+
+
preg_match("/hint='(.*?)'/ism", $attributes, $matches);
if ($matches[1] != "")
- $hint = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8');
+ $hint = $matches[1];
preg_match("/hint=\&quot\;(.*?)\&quot\;/ism", $attributes, $matches);
if ($matches[1] != "")
- $hint = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8');
+ $hint = $matches[1];
$x = random_string();
diff --git a/include/identity.php b/include/identity.php
index be4e4be93..63b05f4bb 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -1138,3 +1138,35 @@ function get_default_profile_photo($size = 175) {
$scheme = 'rainbow_man';
return 'images/default_profile_photos/' . $scheme . '/' . $size . '.jpg';
}
+
+
+/**
+ *
+ * @function is_foreigner($s)
+ * Test whether a given identity is NOT a member of the Red Matrix
+ * @param string $s;
+ * xchan_hash of the identity in question
+ *
+ * @returns boolean true or false
+ *
+ */
+
+function is_foreigner($s) {
+ return((strpbrk($s,':@')) ? true : false);
+}
+
+
+/**
+ *
+ * @function is_member($s)
+ * Test whether a given identity is a member of the Red Matrix
+ * @param string $s;
+ * xchan_hash of the identity in question
+ *
+ * @returns boolean true or false
+ *
+ */
+
+function is_member($s) {
+ return((is_foreigner($s)) ? false : true);
+} \ No newline at end of file
diff --git a/install/database.sql b/install/database.sql
index f73460937..cb332c75b 100644
--- a/install/database.sql
+++ b/install/database.sql
@@ -54,6 +54,7 @@ CREATE TABLE IF NOT EXISTS `account` (
`account_expires` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`account_expire_notified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`account_service_class` char(32) NOT NULL DEFAULT '',
+ `account_level` int(10) unsigned NOT NULL DEFAULT 0,
PRIMARY KEY (`account_id`),
KEY `account_email` (`account_email`),
KEY `account_service_class` (`account_service_class`),
@@ -63,7 +64,8 @@ CREATE TABLE IF NOT EXISTS `account` (
KEY `account_lastlog` (`account_lastlog`),
KEY `account_expires` (`account_expires`),
KEY `account_default_channel` (`account_default_channel`),
- KEY `account_external` (`account_external`)
+ KEY `account_external` (`account_external`),
+ KEY `account_level` (`account_level`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `addon` (
diff --git a/install/update.php b/install/update.php
index 817e4b6bc..c731eab06 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
<?php
-define( 'UPDATE_VERSION' , 1086 );
+define( 'UPDATE_VERSION' , 1087 );
/**
*
@@ -948,3 +948,12 @@ function update_r1085() {
return UPDATE_FAILED;
}
+
+function update_r1086() {
+ $r = q("ALTER TABLE `account` ADD `account_level` INT UNSIGNED NOT NULL DEFAULT '0',
+ADD INDEX ( `account_level` )");
+ if($r)
+ return UPDATE_SUCCESS;
+ return UPDATE_FAILED;
+}
+
diff --git a/js/crypto.js b/js/crypto.js
index a144e03ea..2e6402c62 100644
--- a/js/crypto.js
+++ b/js/crypto.js
@@ -43,7 +43,7 @@ function red_encrypt(alg, elem,text) {
// key and hint need to be localised
- var enc_key = prompt(aStr['passphrase']);
+ var enc_key = bin2hex(prompt(aStr['passphrase']));
// If you don't provide a key you get rot13, which doesn't need a key
// but consequently isn't secure.
@@ -59,7 +59,7 @@ function red_encrypt(alg, elem,text) {
// This is the prompt we're going to use when the receiver tries to open it.
// Maybe "Grandma's maiden name" or "our secret place" or something.
- var enc_hint = prompt(aStr['passhint']);
+ var enc_hint = bin2hex(prompt(aStr['passhint']));
enc_text = CryptoJS.AES.encrypt(text,enc_key);
@@ -72,7 +72,7 @@ function red_encrypt(alg, elem,text) {
// This is the prompt we're going to use when the receiver tries to open it.
// Maybe "Grandma's maiden name" or "our secret place" or something.
- var enc_hint = prompt(aStr['passhint']);
+ var enc_hint = bin2hex(prompt(aStr['passhint']));
enc_text = CryptoJS.Rabbit.encrypt(text,enc_key);
encrypted = enc_text.toString();
@@ -84,7 +84,7 @@ function red_encrypt(alg, elem,text) {
// This is the prompt we're going to use when the receiver tries to open it.
// Maybe "Grandma's maiden name" or "our secret place" or something.
- var enc_hint = prompt(aStr['passhint']);
+ var enc_hint = bin2hex(prompt(aStr['passhint']));
enc_text = CryptoJS.TripleDES.encrypt(text,enc_key);
encrypted = enc_text.toString();
@@ -135,7 +135,7 @@ function red_decrypt(alg,hint,text,elem) {
if(alg == 'rot13' || alg == 'triple-rot13')
dec_text = str_rot13(text);
else {
- var enc_key = prompt((hint.length) ? hint : aStr['passphrase']);
+ var enc_key = bin2hex(prompt((hint.length) ? hex2bin(hint) : aStr['passphrase']));
}
if(alg == 'aes256') {
diff --git a/js/main.js b/js/main.js
index 70d11bfd3..c8e9fc9a2 100644
--- a/js/main.js
+++ b/js/main.js
@@ -873,6 +873,15 @@ function updateConvItems(mode,data) {
return a.join('');
}
+ function hex2bin(hex) {
+ var bytes = [], str;
+
+ for(var i=0; i< hex.length-1; i+=2)
+ bytes.push(parseInt(hex.substr(i, 2), 16));
+
+ return String.fromCharCode.apply(String, bytes);
+ }
+
function groupChangeMember(gid, cid, sec_token) {
$('body .fakelink').css('cursor', 'wait');
$.get('group/' + gid + '/' + cid + "?t=" + sec_token, function(data) {
diff --git a/mod/chanview.php b/mod/chanview.php
index 55f7e95d6..c4942b938 100644
--- a/mod/chanview.php
+++ b/mod/chanview.php
@@ -78,10 +78,14 @@ function chanview_content(&$a) {
return;
}
- $url = (($observer)
- ? z_root() . '/magic?f=&dest=' . $a->poi['xchan_url'] . '&addr=' . $a->poi['xchan_addr']
- : $a->poi['xchan_url']
- );
+ if(is_foreigner($a->poi['xchan_hash']))
+ $url = $a->poi['xchan_url'];
+ else {
+ $url = (($observer)
+ ? z_root() . '/magic?f=&dest=' . $a->poi['xchan_url'] . '&addr=' . $a->poi['xchan_addr']
+ : $a->poi['xchan_url']
+ );
+ }
// let somebody over-ride the iframed viewport presentation
diff --git a/mod/post.php b/mod/post.php
index 7f495140e..965ba09a3 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -69,6 +69,7 @@ function post_init(&$a) {
* "success":1,
* "confirm":"q0Ysovd1u..."
* "service_class":(optional)
+ * "level":(optional)
* }
*
* 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the
@@ -150,6 +151,7 @@ function post_init(&$a) {
$remote = remote_user();
$result = null;
$remote_service_class = '';
+ $remote_level = 0;
$remote_hub = $x[0]['hubloc_url'];
// Also check that they are coming from the same site as they authenticated with originally.
@@ -210,6 +212,8 @@ function post_init(&$a) {
}
if(array_key_exists('service_class',$j))
$remote_service_class = $j['service_class'];
+ if(array_key_exists('level',$j))
+ $remote_level = $j['level'];
}
// everything is good... maybe
if(local_user()) {
@@ -241,6 +245,7 @@ function post_init(&$a) {
$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
$_SESSION['my_address'] = $address;
$_SESSION['remote_service_class'] = $remote_service_class;
+ $_SESSION['remote_level'] = $remote_level;
$_SESSION['remote_hub'] = $remote_hub;
$arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);