diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/bbcode.php | 2 | ||||
-rw-r--r-- | include/crypto.php | 37 | ||||
-rw-r--r-- | include/feedutils.php | 3 | ||||
-rwxr-xr-x | include/items.php | 2 |
4 files changed, 35 insertions, 9 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 86fd24696..03a46444b 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -438,7 +438,7 @@ function bb_summary($match) { $rnd3 = mt_rand(); $rnd4 = mt_rand(); - return $match[1] . '<div style="display: block;" id="opendiv-' . $rnd2 . '">' . $match[2] . '</div><div style="display: block;" id="opendiv-' . $rnd3 . '" onclick="openClose(\'opendiv-' . $rnd1 . '\'); openClose(\'opendiv-' . $rnd2 . '\'); openClose(\'opendiv-' . $rnd3 . '\'); openClose(\'opendiv-' . $rnd4 . '\'); return false;" class="fakelink">' . t('View article') . '</div><div style="display: none;" id="opendiv-' . $rnd4 . '" onclick="openClose(\'opendiv-' . $rnd1 . '\'); openClose(\'opendiv-' . $rnd2 . '\'); openClose(\'opendiv-' . $rnd3 . '\'); openClose(\'opendiv-' . $rnd4 . '\'); return false;" class="fakelink">' . t('View summary') . '</div><div id="opendiv-' . $rnd1 . '" style="display: none;">' . $match[3] . '</div>'; + return $match[1] . '<div style="display: block;" id="opendiv-' . $rnd2 . '">' . $match[2] . '</div><div style="display: block;" id="opendiv-' . $rnd3 . '" onclick="openClose(\'opendiv-' . $rnd1 . '\'); openClose(\'opendiv-' . $rnd2 . '\'); openClose(\'opendiv-' . $rnd3 . '\'); openClose(\'opendiv-' . $rnd4 . '\'); return false;" class="fakelink view-article">' . t('View article') . '</div><div style="display: none;" id="opendiv-' . $rnd4 . '" onclick="openClose(\'opendiv-' . $rnd1 . '\'); openClose(\'opendiv-' . $rnd2 . '\'); openClose(\'opendiv-' . $rnd3 . '\'); openClose(\'opendiv-' . $rnd4 . '\'); return false;" class="fakelink view-summary">' . t('View summary') . '</div><div id="opendiv-' . $rnd1 . '" style="display: none;">' . $match[3] . '</div>'; } diff --git a/include/crypto.php b/include/crypto.php index 105c1c54f..ab33ba096 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -122,7 +122,18 @@ function other_encapsulate($data,$pubkey,$alg) { if(! $pubkey) logger('no key. data: ' . $data); - $fn = strtoupper($alg) . '_encrypt'; + $oaep = false; + + if(strpos($alg,'.oaep')) { + $oaep = true; + $subalg = substr($alg,0,-5); + } + else { + $subalg = $alg; + } + + + $fn = strtoupper($subalg) . '_encrypt'; if(function_exists($fn)) { // A bit hesitant to use openssl_random_pseudo_bytes() as we know @@ -140,14 +151,14 @@ function other_encapsulate($data,$pubkey,$alg) { $iv = openssl_random_pseudo_bytes(256); $result['data'] = base64url_encode($fn($data,$key,$iv),true); // log the offending call so we can track it down - if(! openssl_public_encrypt($key,$k,$pubkey)) { + if(! openssl_public_encrypt($key,$k,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING))) { $x = debug_backtrace(); logger('RSA failed. ' . print_r($x[0],true)); } $result['alg'] = $alg; $result['key'] = base64url_encode($k,true); - openssl_public_encrypt($iv,$i,$pubkey); + openssl_public_encrypt($iv,$i,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); $result['iv'] = base64url_encode($i,true); return $result; } @@ -166,7 +177,7 @@ function crypto_methods() { // The actual methods are responsible for deriving the actual key/iv from the provided parameters; // possibly by truncation or segmentation - though many other methods could be used. - $r = [ 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; + $r = [ 'aes256ctr.oaep', 'camellia256cfb.oaep', 'cast5cfb.oaep', 'aes256ctr', 'camellia256cfb', 'cast5cfb', 'aes256cbc', 'aes128cbc', 'cast5cbc' ]; call_hooks('crypto_methods',$r); return $r; @@ -207,6 +218,7 @@ function aes_encapsulate($data,$pubkey) { function crypto_unencapsulate($data,$prvkey) { if(! $data) return; + $alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc'); if($alg === 'aes256cbc') return aes_unencapsulate($data,$prvkey); @@ -216,10 +228,21 @@ function crypto_unencapsulate($data,$prvkey) { } function other_unencapsulate($data,$prvkey,$alg) { - $fn = strtoupper($alg) . '_decrypt'; + + $oaep = false; + + if(strpos($alg,'.oaep')) { + $oaep = true; + $subalg = substr($alg,0,-5); + } + else { + $subalg = $alg; + } + + $fn = strtoupper($subalg) . '_decrypt'; if(function_exists($fn)) { - openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey); - openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey); + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); return $fn(base64url_decode($data['data']),$k,$i); } else { diff --git a/include/feedutils.php b/include/feedutils.php index c4e9790de..369193fce 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -436,6 +436,9 @@ function get_atom_elements($feed, $item) { $summary = unxmlify($item->get_description(true)); + if($summary === $res['body']) + $summary = ''; + if(($summary) && ((strpos($summary,'<') !== false) || (strpos($summary,'>') !== false))) { $summary = purify_html($summary); $summary = html2bbcode($summary); diff --git a/include/items.php b/include/items.php index 04962ec76..68fa4c3b2 100755 --- a/include/items.php +++ b/include/items.php @@ -3477,7 +3477,7 @@ function item_expire($uid,$days) { AND item_thread_top = 1 AND resource_type = '' AND item_starred = 0 - $sql_extra $item_normal ORDER BY created ASC LIMIT $expire_limit ", + $sql_extra $item_normal LIMIT $expire_limit ", intval($uid), db_utcnow(), db_quoteinterval(intval($days).' DAY') |