From a47a1d5eb9d8e28a646540c5d19e05ffe35774cc Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Fri, 2 Nov 2012 16:25:59 -0700
Subject: secure permission discovery

---
 include/follow.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/follow.php b/include/follow.php
index 2b65e389e..b3591b8ba 100644
--- a/include/follow.php
+++ b/include/follow.php
@@ -80,7 +80,20 @@ function new_contact($uid,$url,$channel,$interactive = false) {
 
 	$global_perms = get_perms();
 
-	foreach($j->permissions as $k => $v) {
+	if($j->permissions->data) {
+		$permissions = aes_unencapsulate(array(
+			'data' => $j->permissions->data,
+			'key'  => $j->permissions->key,
+			'iv'   => $j->permissions->iv),
+			$channel['channel_prvkey']);
+		if($permissions)
+			$permissions = json_decode($permissions);
+		logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA);
+	}
+	else
+		$permissions = $j->permissions;
+
+	foreach($permissions as $k => $v) {
 		if($v) {
 			$their_perms = $their_perms | intval($global_perms[$k][1]);
 		}
-- 
cgit v1.2.3