diff options
author | zotlabs <mike@macgirvin.com> | 2017-04-20 20:19:15 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-04-20 20:19:15 -0700 |
commit | 94f15e355166f0abd3698414948abff2397a7ad0 (patch) | |
tree | 48202430a91a6498aca71a0f4bf3ae90076169ba /Zotlabs | |
parent | 2d90b831f0af1c276cc590a5fcec427de3eb32f8 (diff) | |
download | volse-hubzilla-94f15e355166f0abd3698414948abff2397a7ad0.tar.gz volse-hubzilla-94f15e355166f0abd3698414948abff2397a7ad0.tar.bz2 volse-hubzilla-94f15e355166f0abd3698414948abff2397a7ad0.zip |
The rest of the library and backend changes to support client-side e2ee and deprecate previous uses of item_obscured.
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Editpost.php | 13 | ||||
-rw-r--r-- | Zotlabs/Module/Editwebpage.php | 13 | ||||
-rw-r--r-- | Zotlabs/Module/Item.php | 1 | ||||
-rw-r--r-- | Zotlabs/Module/Viewsrc.php | 2 |
4 files changed, 10 insertions, 19 deletions
diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index d7612b165..629bdd3fd 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -31,7 +31,10 @@ class Editpost extends \Zotlabs\Web\Controller { dbesc(get_observer_hash()) ); - if(! count($itm)) { + // don't allow web editing of potentially binary content (item_obscured = 1) + // @FIXME how do we do it instead? + + if((! $itm) || intval($itm[0]['item_obscured'])) { notice( t('Item is not editable') . EOL); return; } @@ -44,14 +47,6 @@ class Editpost extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); - if(intval($itm[0]['item_obscured'])) { - $key = get_config('system','prvkey'); - if($itm[0]['title']) - $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key); - if($itm[0]['body']) - $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key); - } - $category = ''; $catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : ''); diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php index 03b2aeab9..db33cd1db 100644 --- a/Zotlabs/Module/Editwebpage.php +++ b/Zotlabs/Module/Editwebpage.php @@ -100,19 +100,14 @@ class Editwebpage extends \Zotlabs\Web\Controller { intval($owner) ); - if(! $itm) { + // don't allow web editing of potentially binary content (item_obscured = 1) + // @FIXME how do we do it instead? + + if((! $itm) || intval($itm[0]['item_obscured'])) { notice( t('Permission denied.') . EOL); return; } - if(intval($itm[0]['item_obscured'])) { - $key = get_config('system','prvkey'); - if($itm[0]['title']) - $itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key); - if($itm[0]['body']) - $itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key); - } - $item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1", intval($itm[0]['id']) ); diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 71f410b2a..9fddafee6 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -110,6 +110,7 @@ class Item extends \Zotlabs\Web\Controller { $preview = ((x($_REQUEST,'preview')) ? intval($_REQUEST['preview']) : 0); $categories = ((x($_REQUEST,'category')) ? escape_tags($_REQUEST['category']) : ''); $webpage = ((x($_REQUEST,'webpage')) ? intval($_REQUEST['webpage']) : 0); + $item_obscured = ((x($_REQUEST,'obscured')) ? intval($_REQUEST['obscured']) : 0); $pagetitle = ((x($_REQUEST,'pagetitle')) ? escape_tags(urlencode($_REQUEST['pagetitle'])) : ''); $layout_mid = ((x($_REQUEST,'layout_mid')) ? escape_tags($_REQUEST['layout_mid']): ''); $plink = ((x($_REQUEST,'permalink')) ? escape_tags($_REQUEST['permalink']) : ''); diff --git a/Zotlabs/Module/Viewsrc.php b/Zotlabs/Module/Viewsrc.php index f84eddc69..54ab89e81 100644 --- a/Zotlabs/Module/Viewsrc.php +++ b/Zotlabs/Module/Viewsrc.php @@ -36,7 +36,7 @@ class Viewsrc extends \Zotlabs\Web\Controller { if($r) { if(intval($r[0]['item_obscured'])) - $r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'],true),get_config('system','prvkey')); + $dload = true; if($dload) { header('Content-type: ' . $r[0]['mimetype']); |