From 222fe08420802f7eacd4a544953f507d536c3fb8 Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 1 Aug 2013 18:50:36 -0700 Subject: ensure that no unencrypted content leaks through item_store which is private - we typically do this in mod/item, but some functions bypass mod/item to create private posts --- include/ItemObject.php | 2 +- include/items.php | 33 ++++++++++++++++++++++++--------- include/text.php | 2 +- mod/mood.php | 3 ++- 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/include/ItemObject.php b/include/ItemObject.php index b31e60cbc..8c8c0ee2a 100644 --- a/include/ItemObject.php +++ b/include/ItemObject.php @@ -262,7 +262,7 @@ class Item extends BaseObject { } } - $result['private'] = $item['private']; + $result['private'] = $item['item_private']; $result['toplevel'] = ($this->is_toplevel() ? 'toplevel_item' : ''); if($this->is_threaded()) { diff --git a/include/items.php b/include/items.php index 13d891736..b1ec3b14f 100755 --- a/include/items.php +++ b/include/items.php @@ -1356,18 +1356,33 @@ function item_store($arr,$force_parent = false) { if(array_key_exists('parent',$arr)) unset($arr['parent']); - $arr['lang'] = detect_language($arr['body']); - $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); + // only detect language if we have text content, and if the post is private but not yet + // obscured, make it so. + + if(! ($arr['item_flags'] & ITEM_OBSCURED)) { + $arr['lang'] = detect_language($arr['body']); + + $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); - if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { - $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); - call_hooks('item_translate', $translate); - if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { - logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); - return; + if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { + $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); + call_hooks('item_translate', $translate); + if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { + logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); + return; + } + $arr = $translate['item']; } - $arr = $translate['item']; + if($arr['item_private']) { + $key = get_config('system','pubkey'); + $arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED; + if($arr['title']) + $arr['title'] = json_encode(aes_encapsulate($arr['title'],$key)); + if($arr['body']) + $arr['body'] = json_encode(aes_encapsulate($arr['body'],$key)); + } + } // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin. diff --git a/include/text.php b/include/text.php index 890355aea..66fa668a9 100755 --- a/include/text.php +++ b/include/text.php @@ -1258,7 +1258,7 @@ function feed_salmonlinks($nick) { function get_plink($item) { $a = get_app(); - if (x($item,'plink') && ($item['private'] != 1)) { + if (x($item,'plink') && ($item['item_private'] != 1)) { return array( 'href' => $item['plink'], 'title' => t('link to source'), diff --git a/mod/mood.php b/mod/mood.php index 0c611997c..7b6a0c392 100755 --- a/mod/mood.php +++ b/mod/mood.php @@ -38,7 +38,7 @@ function mood_init(&$a) { ); if(count($r)) { $parent_mid = $r[0]['mid']; - $private = $r[0]['private']; + $private = $r[0]['item_private']; $allow_cid = $r[0]['allow_cid']; $allow_gid = $r[0]['allow_gid']; $deny_cid = $r[0]['deny_cid']; @@ -80,6 +80,7 @@ function mood_init(&$a) { $arr['allow_gid'] = $allow_gid; $arr['deny_cid'] = $deny_cid; $arr['deny_gid'] = $deny_gid; + $arr['item_private'] = $private; $arr['verb'] = $activity; $arr['body'] = $action; -- cgit v1.2.3