diff options
author | friendica <info@friendica.com> | 2013-08-01 18:50:36 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2013-08-01 18:50:36 -0700 |
commit | 222fe08420802f7eacd4a544953f507d536c3fb8 (patch) | |
tree | 26a031f9a1c066402a7a0d475e3429830e291707 /include/items.php | |
parent | 6197f945adb62da9d1aeb2a8f4058ed4651fa3b6 (diff) | |
download | volse-hubzilla-222fe08420802f7eacd4a544953f507d536c3fb8.tar.gz volse-hubzilla-222fe08420802f7eacd4a544953f507d536c3fb8.tar.bz2 volse-hubzilla-222fe08420802f7eacd4a544953f507d536c3fb8.zip |
ensure that no unencrypted content leaks through item_store which is private - we typically do this in mod/item, but some functions
bypass mod/item to create private posts
Diffstat (limited to 'include/items.php')
-rwxr-xr-x | include/items.php | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/include/items.php b/include/items.php index 13d891736..b1ec3b14f 100755 --- a/include/items.php +++ b/include/items.php @@ -1356,18 +1356,33 @@ function item_store($arr,$force_parent = false) { if(array_key_exists('parent',$arr)) unset($arr['parent']); - $arr['lang'] = detect_language($arr['body']); - $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); + // only detect language if we have text content, and if the post is private but not yet + // obscured, make it so. + + if(! ($arr['item_flags'] & ITEM_OBSCURED)) { + $arr['lang'] = detect_language($arr['body']); + + $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); - if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { - $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); - call_hooks('item_translate', $translate); - if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { - logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); - return; + if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { + $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); + call_hooks('item_translate', $translate); + if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { + logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); + return; + } + $arr = $translate['item']; } - $arr = $translate['item']; + if($arr['item_private']) { + $key = get_config('system','pubkey'); + $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; + if($arr['title']) + $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + if($arr['body']) + $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + } + } // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin. |