aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-04-20 20:19:15 -0700
committerzotlabs <mike@macgirvin.com>2017-04-20 20:19:15 -0700
commit94f15e355166f0abd3698414948abff2397a7ad0 (patch)
tree48202430a91a6498aca71a0f4bf3ae90076169ba /Zotlabs
parent2d90b831f0af1c276cc590a5fcec427de3eb32f8 (diff)
downloadvolse-hubzilla-94f15e355166f0abd3698414948abff2397a7ad0.tar.gz
volse-hubzilla-94f15e355166f0abd3698414948abff2397a7ad0.tar.bz2
volse-hubzilla-94f15e355166f0abd3698414948abff2397a7ad0.zip
The rest of the library and backend changes to support client-side e2ee and deprecate previous uses of item_obscured.
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Editpost.php13
-rw-r--r--Zotlabs/Module/Editwebpage.php13
-rw-r--r--Zotlabs/Module/Item.php1
-rw-r--r--Zotlabs/Module/Viewsrc.php2
4 files changed, 10 insertions, 19 deletions
diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php
index d7612b165..629bdd3fd 100644
--- a/Zotlabs/Module/Editpost.php
+++ b/Zotlabs/Module/Editpost.php
@@ -31,7 +31,10 @@ class Editpost extends \Zotlabs\Web\Controller {
dbesc(get_observer_hash())
);
- if(! count($itm)) {
+ // don't allow web editing of potentially binary content (item_obscured = 1)
+ // @FIXME how do we do it instead?
+
+ if((! $itm) || intval($itm[0]['item_obscured'])) {
notice( t('Item is not editable') . EOL);
return;
}
@@ -44,14 +47,6 @@ class Editpost extends \Zotlabs\Web\Controller {
$channel = \App::get_channel();
- if(intval($itm[0]['item_obscured'])) {
- $key = get_config('system','prvkey');
- if($itm[0]['title'])
- $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
- if($itm[0]['body'])
- $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
- }
-
$category = '';
$catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : '');
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php
index 03b2aeab9..db33cd1db 100644
--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -100,19 +100,14 @@ class Editwebpage extends \Zotlabs\Web\Controller {
intval($owner)
);
- if(! $itm) {
+ // don't allow web editing of potentially binary content (item_obscured = 1)
+ // @FIXME how do we do it instead?
+
+ if((! $itm) || intval($itm[0]['item_obscured'])) {
notice( t('Permission denied.') . EOL);
return;
}
- if(intval($itm[0]['item_obscured'])) {
- $key = get_config('system','prvkey');
- if($itm[0]['title'])
- $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
- if($itm[0]['body'])
- $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
- }
-
$item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1",
intval($itm[0]['id'])
);
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 71f410b2a..9fddafee6 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -110,6 +110,7 @@ class Item extends \Zotlabs\Web\Controller {
$preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0);
$categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : '');
$webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0);
+ $item_obscured = ((x($_REQUEST,'obscured')) ? intval($_REQUEST['obscured']) : 0);
$pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '');
$layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): '');
$plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : '');
diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php
index f84eddc69..54ab89e81 100644
--- a/Zotlabs/Module/Viewsrc.php
+++ b/Zotlabs/Module/Viewsrc.php
@@ -36,7 +36,7 @@ class Viewsrc extends \Zotlabs\Web\Controller {
if($r) {
if(intval($r[0]['item_obscured']))
- $r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey'));
+ $dload = true;
if($dload) {
header('Content-type: ' . $r[0]['mimetype']);