From f203d2a3b0955211b00743d2cc6c3a8a1347bbdd Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 23 Sep 2014 20:36:10 -0700 Subject: diaspora private mail seems to work now - but there's an obfuscation leak via the conversation structure that needs to be dealt with. --- boot.php | 1 + include/diaspora.php | 21 +++++++++++---------- include/items.php | 3 ++- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/boot.php b/boot.php index d412e82e4..dc94f202e 100755 --- a/boot.php +++ b/boot.php @@ -553,6 +553,7 @@ define ( 'ITEM_NOCOMMENT', 0x0800); // commenting/followups are disabled define ( 'ITEM_OBSCURED', 0x1000); // bit-mangled to protect from casual browsing by site admin define ( 'ITEM_VERIFIED', 0x2000); // Signature verification was successful define ( 'ITEM_RETAINED', 0x4000); // We looked at this item once to decide whether or not to expire it, and decided not to. +define ( 'ITEM_RSS', 0x8000); // Item comes from a feed. Use this to decide whether to link the title // Don't make us evaluate this same item again. /** * diff --git a/include/diaspora.php b/include/diaspora.php index 39fa29de5..f9fd3b4ee 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1622,6 +1622,7 @@ function diaspora_message($importer,$xml,$msg) { $reply = 0; + $subject = $conversation['subject']; $body = diaspora2bb($msg_text); $message_id = $msg_diaspora_handle . ':' . $msg_guid; @@ -1631,8 +1632,8 @@ function diaspora_message($importer,$xml,$msg) { $author_signature = base64_decode($msg_author_signature); $person = find_diaspora_person_by_handle($msg_diaspora_handle); - if(is_array($person) && x($person,'pubkey')) - $key = $person['pubkey']; + if(is_array($person) && x($person,'xchan_pubkey')) + $key = $person['xchan_pubkey']; else { logger('diaspora_message: unable to find author details'); return; @@ -1643,7 +1644,7 @@ function diaspora_message($importer,$xml,$msg) { return; } - $r = q("select id from mail where mid = '%s' and uid = %d limit 1", + $r = q("select id from mail where mid = '%s' and channel_id = %d limit 1", dbesc($message_id), intval($importer['channel_id']) ); @@ -1663,7 +1664,7 @@ function diaspora_message($importer,$xml,$msg) { intval($conversation['id']), dbesc($person['xchan_hash']), dbesc($importer['xchan_hash']), - dbesc($conversation['subject']), + dbesc($subject), dbesc($body), intval(MAIL_OBSCURED), dbesc($msg_guid), @@ -2394,7 +2395,7 @@ function diaspora_send_images($item,$owner,$contact,$images,$public_batch = fals function diaspora_send_followup($item,$owner,$contact,$public_batch = false) { $a = get_app(); - $myaddr = $owner['channel_address'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $myaddr = $owner['channel_address'] . '@' . get_app()->get_hostname(); $theiraddr = $contact['xchan_addr']; // Diaspora doesn't support threaded comments, but some @@ -2485,7 +2486,7 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { $a = get_app(); - $myaddr = $owner['channel_address'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $myaddr = $owner['channel_address'] . '@' . get_app()->get_hostname(); $text = bb2diaspora_itembody($item); @@ -2627,7 +2628,7 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { function diaspora_send_retraction($item,$owner,$contact,$public_batch = false) { $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $myaddr = $owner['channel_address'] . '@' . get_app()->get_hostname(); // Check whether the retraction is for a top-level post or whether it's a relayable if( $item['mid'] !== $item['parent_mid'] ) { @@ -2658,7 +2659,7 @@ function diaspora_send_retraction($item,$owner,$contact,$public_batch = false) { function diaspora_send_mail($item,$owner,$contact) { $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $myaddr = $owner['channel_address'] . '@' . get_app()->get_hostname(); $r = q("select * from conv where id = %d and uid = %d limit 1", intval($item['convid']), @@ -2691,13 +2692,13 @@ function diaspora_send_mail($item,$owner,$contact) { $body = bb2diaspora($item['body']); $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C'); - $signed_text = $item['guid'] . ';' . $cnv['guid'] . ';' . $body . ';' + $signed_text = $item['mid'] . ';' . $cnv['guid'] . ';' . $body . ';' . $created . ';' . $myaddr . ';' . $cnv['guid']; $sig = base64_encode(rsa_sign($signed_text,$owner['channel_prvkey'],'sha256')); $msg = array( - 'guid' => xmlify($item['guid']), + 'guid' => xmlify($item['mid']), 'parent_guid' => xmlify($cnv['guid']), 'parent_author_signature' => (($item['reply']) ? null : xmlify($sig)), 'author_signature' => xmlify($sig), diff --git a/include/items.php b/include/items.php index 53a0b25a9..dbea5779c 100755 --- a/include/items.php +++ b/include/items.php @@ -1428,6 +1428,8 @@ function get_atom_elements($feed,$item,&$author) { $res['title'] = unxmlify($item->get_title()); $res['body'] = unxmlify($item->get_content()); $res['plink'] = unxmlify($item->get_link(0)); + $res['item_flags'] = ITEM_RSS; + // removing the content of the title if its identically to the body // This helps with auto generated titles e.g. from tumblr @@ -3196,7 +3198,6 @@ function mail_store($arr) { } - /** * * consume_feed - process atom feed and update anything/everything we might need to update -- cgit v1.2.3