diff options
| author | friendica <info@friendica.com> | 2014-09-10 19:02:00 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-09-10 19:02:00 -0700 |
| commit | de89bdc45f4a940e58694537ebb82a234f0f59d9 (patch) | |
| tree | d2879160f61a52d0aa162c517e47cb77f9f94246 /include/diaspora.php | |
| parent | 6ab21b3d4f3b3cde6e967257490781815dbec103 (diff) | |
| download | volse-hubzilla-de89bdc45f4a940e58694537ebb82a234f0f59d9.tar.gz volse-hubzilla-de89bdc45f4a940e58694537ebb82a234f0f59d9.tar.bz2 volse-hubzilla-de89bdc45f4a940e58694537ebb82a234f0f59d9.zip | |
encrypt diaspora_meta since it may contain private message contents
Diffstat (limited to 'include/diaspora.php')
| -rwxr-xr-x | include/diaspora.php | 44 |
1 files changed, 30 insertions, 14 deletions
diff --git a/include/diaspora.php b/include/diaspora.php index 7d8c43ae2..cc224d258 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1364,8 +1364,10 @@ function diaspora_comment($importer,$xml,$msg) { $datarray['app'] = 'Diaspora'; if(! $parent_author_signature) { - $datarray['diaspora_meta'] = array('signer' => $diaspora_handle, 'body' => $text, - 'signed_text' => $signed_data, 'signature' => base64_encode($author_signature)); + $key = get_config('system','pubkey'); + $x = array('signer' => $diaspora_handle, 'body' => $text, + 'signed_text' => $signed_data, 'signature' => base64_encode($author_signature)); + $datarray['diaspora_meta'] = json_encode(crypto_encapsulate(json_encode($x),$key)); } $result = item_store($datarray); @@ -1934,8 +1936,10 @@ function diaspora_like($importer,$xml,$msg) { $arr['object'] = $object; if(! $parent_author_signature) { - $datarray['diaspora_meta'] = array('signer' => $diaspora_handle, 'body' => $text, - 'signed_text' => $signed_data, 'signature' => base64_encode($author_signature)); + $key = get_config('system','pubkey'); + $x = array('signer' => $diaspora_handle, 'body' => $text, + 'signed_text' => $signed_data, 'signature' => base64_encode($author_signature)); + $arr['diaspora_meta'] = json_encode(crypto_encapsulate(json_encode($x),$key)); } $x = item_store($arr); @@ -2430,13 +2434,19 @@ function diaspora_send_followup($item,$owner,$contact,$public_batch = false) { } if($item['diaspora_meta'] && ! $like) { - $j = json_decode($item['diaspora_meta'],true); - if($j) { - $signed_text = $j['signed_text']; - $text = $j['body']; - $signer = $j['signer']; - $authorsig = $j['signature']; + $diaspora_meta = json_decode($item['diaspora_meta'],true); + if($diaspora_meta) { + if(array_key_exists('iv',$diaspora_meta)) { + $key = get_config('system','prvkey'); + $meta = json_decode(crypto_unencapsulate($diaspora_meta,$key),true); + } + else + $meta = $diaspora_meta; } + $signed_text = $meta['signed_text']; + $authorsig = $meta['signature']; + $signer = $meta['signer']; + $text = $meta['body']; } else { $text = bb2diaspora_itembody($item); @@ -2534,10 +2544,16 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { $diaspora_meta = (($item['diaspora_meta']) ? json_decode($item['diaspora_meta'],true) : ''); if($diaspora_meta) { - $sender_signed_text = $diaspora_meta['signed_text']; - $authorsig = $diaspora_meta['signature']; - $handle = $diaspora_meta['signer']; - $text = $diaspora_meta['body']; + if(array_key_exists('iv',$diaspora_meta)) { + $key = get_config('system','prvkey'); + $meta = json_decode(crypto_unencapsulate($diaspora_meta,$key),true); + } + else + $meta = $diaspora_meta; + $sender_signed_text = $meta['signed_text']; + $authorsig = $meta['signature']; + $handle = $meta['signer']; + $text = $meta['body']; } else logger('diaspora_send_relay: original author signature not found'); |