The rest of the library and backend changes to support client-side e2ee and deprecate previous uses of item_obscured.

4 files changed, 10 insertions, 19 deletions

diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php
index d7612b165..629bdd3fd 100644
--- a/Zotlabs/Module/Editpost.php
+++ b/Zotlabs/Module/Editpost.php
@@ -31,7 +31,10 @@ class Editpost extends \Zotlabs\Web\Controller {
 			dbesc(get_observer_hash())
 		);
 
-		if(! count($itm)) {
+		// don't allow web editing of potentially binary content (item_obscured = 1)
+		// @FIXME how do we do it instead?
+
+		if((! $itm) || intval($itm[0]['item_obscured'])) {
 			notice( t('Item is not editable') . EOL);
 			return;
 		}
@@ -44,14 +47,6 @@ class Editpost extends \Zotlabs\Web\Controller {
 
 		$channel = \App::get_channel();
 
-		if(intval($itm[0]['item_obscured'])) {
-			$key = get_config('system','prvkey');
-			if($itm[0]['title'])
-				$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
-			if($itm[0]['body'])
-				$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
-		}
-
 		$category = '';
 		$catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : '');
 
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php
index 03b2aeab9..db33cd1db 100644
--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -100,19 +100,14 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			intval($owner)
 		);
 
-		if(! $itm) {
+		// don't allow web editing of potentially binary content (item_obscured = 1)
+		// @FIXME how do we do it instead?
+
+		if((! $itm) || intval($itm[0]['item_obscured'])) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
 
-		if(intval($itm[0]['item_obscured'])) {
-			$key = get_config('system','prvkey');
-			if($itm[0]['title'])
-				$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
-			if($itm[0]['body'])
-				$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
-		}
-
 		$item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1",
 			intval($itm[0]['id'])
 		);
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 71f410b2a..9fddafee6 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -110,6 +110,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$preview     = ((x($_REQUEST,'preview'))     ? intval($_REQUEST['preview'])        : 0);
 		$categories  = ((x($_REQUEST,'category'))    ? escape_tags($_REQUEST['category'])  : '');
 		$webpage     = ((x($_REQUEST,'webpage'))     ? intval($_REQUEST['webpage'])        : 0);
+		$item_obscured = ((x($_REQUEST,'obscured'))  ? intval($_REQUEST['obscured'])        : 0);
 		$pagetitle   = ((x($_REQUEST,'pagetitle'))   ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '');
 		$layout_mid  = ((x($_REQUEST,'layout_mid'))  ? escape_tags($_REQUEST['layout_mid']): '');
 		$plink       = ((x($_REQUEST,'permalink'))   ? escape_tags($_REQUEST['permalink']) : '');
diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php
index f84eddc69..54ab89e81 100644
--- a/Zotlabs/Module/Viewsrc.php
+++ b/Zotlabs/Module/Viewsrc.php
@@ -36,7 +36,7 @@ class Viewsrc extends \Zotlabs\Web\Controller {
 	
 			if($r) {
 				if(intval($r[0]['item_obscured']))
-					$r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey')); 
+					$dload = true;
 
 				if($dload) {
 					header('Content-type: ' . $r[0]['mimetype']);