From 63a42480c7eb36bdc8b63b31b2a4d222ba5751cd Mon Sep 17 00:00:00 2001 From: friendica Date: Mon, 23 Dec 2013 15:13:09 -0800 Subject: add account_level, is_foreigner and is_member functions; convert all e2ee user input and prompts to hex to avoid javascipt's lame handling of quotes. !!This breaks all prior encrypted posts.!! --- boot.php | 2 +- include/bbcode.php | 11 +++++++---- include/identity.php | 32 ++++++++++++++++++++++++++++++++ install/database.sql | 4 +++- install/update.php | 11 ++++++++++- js/crypto.js | 10 +++++----- js/main.js | 9 +++++++++ mod/chanview.php | 12 ++++++++---- mod/post.php | 5 +++++ 9 files changed, 80 insertions(+), 16 deletions(-) diff --git a/boot.php b/boot.php index 7d9075af2..777d927d2 100755 --- a/boot.php +++ b/boot.php @@ -46,7 +46,7 @@ define ( 'RED_PLATFORM', 'Red Matrix' ); define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'R'); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1086 ); +define ( 'DB_UPDATE_VERSION', 1087 ); define ( 'EOL', '
' . "\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); diff --git a/include/bbcode.php b/include/bbcode.php index 271cace73..6374675f1 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -105,21 +105,24 @@ function bb_parse_crypt($match) { $attributes = $match[1]; $algorithm = ""; + preg_match("/alg='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") - $algorithm = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8'); + $algorithm = $matches[1]; preg_match("/alg=\"\;(.*?)\"\;/ism", $attributes, $matches); if ($matches[1] != "") - $algorithm = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8'); + $algorithm = $matches[1]; $hint = ""; + + preg_match("/hint='(.*?)'/ism", $attributes, $matches); if ($matches[1] != "") - $hint = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8'); + $hint = $matches[1]; preg_match("/hint=\"\;(.*?)\"\;/ism", $attributes, $matches); if ($matches[1] != "") - $hint = html_entity_decode($matches[1],ENT_QUOTES,'UTF-8'); + $hint = $matches[1]; $x = random_string(); diff --git a/include/identity.php b/include/identity.php index be4e4be93..63b05f4bb 100644 --- a/include/identity.php +++ b/include/identity.php @@ -1138,3 +1138,35 @@ function get_default_profile_photo($size = 175) { $scheme = 'rainbow_man'; return 'images/default_profile_photos/' . $scheme . '/' . $size . '.jpg'; } + + +/** + * + * @function is_foreigner($s) + * Test whether a given identity is NOT a member of the Red Matrix + * @param string $s; + * xchan_hash of the identity in question + * + * @returns boolean true or false + * + */ + +function is_foreigner($s) { + return((strpbrk($s,':@')) ? true : false); +} + + +/** + * + * @function is_member($s) + * Test whether a given identity is a member of the Red Matrix + * @param string $s; + * xchan_hash of the identity in question + * + * @returns boolean true or false + * + */ + +function is_member($s) { + return((is_foreigner($s)) ? false : true); +} \ No newline at end of file diff --git a/install/database.sql b/install/database.sql index f73460937..cb332c75b 100644 --- a/install/database.sql +++ b/install/database.sql @@ -54,6 +54,7 @@ CREATE TABLE IF NOT EXISTS `account` ( `account_expires` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `account_expire_notified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `account_service_class` char(32) NOT NULL DEFAULT '', + `account_level` int(10) unsigned NOT NULL DEFAULT 0, PRIMARY KEY (`account_id`), KEY `account_email` (`account_email`), KEY `account_service_class` (`account_service_class`), @@ -63,7 +64,8 @@ CREATE TABLE IF NOT EXISTS `account` ( KEY `account_lastlog` (`account_lastlog`), KEY `account_expires` (`account_expires`), KEY `account_default_channel` (`account_default_channel`), - KEY `account_external` (`account_external`) + KEY `account_external` (`account_external`), + KEY `account_level` (`account_level`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; CREATE TABLE IF NOT EXISTS `addon` ( diff --git a/install/update.php b/install/update.php index 817e4b6bc..c731eab06 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ poi['xchan_url'] . '&addr=' . $a->poi['xchan_addr'] - : $a->poi['xchan_url'] - ); + if(is_foreigner($a->poi['xchan_hash'])) + $url = $a->poi['xchan_url']; + else { + $url = (($observer) + ? z_root() . '/magic?f=&dest=' . $a->poi['xchan_url'] . '&addr=' . $a->poi['xchan_addr'] + : $a->poi['xchan_url'] + ); + } // let somebody over-ride the iframed viewport presentation diff --git a/mod/post.php b/mod/post.php index 7f495140e..965ba09a3 100644 --- a/mod/post.php +++ b/mod/post.php @@ -69,6 +69,7 @@ function post_init(&$a) { * "success":1, * "confirm":"q0Ysovd1u..." * "service_class":(optional) + * "level":(optional) * } * * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the @@ -150,6 +151,7 @@ function post_init(&$a) { $remote = remote_user(); $result = null; $remote_service_class = ''; + $remote_level = 0; $remote_hub = $x[0]['hubloc_url']; // Also check that they are coming from the same site as they authenticated with originally. @@ -210,6 +212,8 @@ function post_init(&$a) { } if(array_key_exists('service_class',$j)) $remote_service_class = $j['service_class']; + if(array_key_exists('level',$j)) + $remote_level = $j['level']; } // everything is good... maybe if(local_user()) { @@ -241,6 +245,7 @@ function post_init(&$a) { $_SESSION['visitor_id'] = $x[0]['xchan_hash']; $_SESSION['my_address'] = $address; $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_level'] = $remote_level; $_SESSION['remote_hub'] = $remote_hub; $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); -- cgit v1.2.3