From e9a5af6109a4a83a644432a2f39b47eb96303f4f Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Thu, 16 Mar 2017 18:19:03 -0700
Subject: simplify the message signing spaghetti

---
 include/items.php  | 61 ++++++++++++++++++++++++++----------------------------
 include/photos.php | 15 --------------
 2 files changed, 29 insertions(+), 47 deletions(-)

(limited to 'include')

diff --git a/include/items.php b/include/items.php
index 8ae7ca818..304a7acfc 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1457,6 +1457,26 @@ function get_profile_elements($x) {
 }
 
 
+
+
+function item_sign(&$item) {
+
+	if(array_key_exists('sig',$item) && $item['sig'])
+		return;
+
+	$r = q("select channel_prvkey from channel where channel_id = %d and channel_hash = '%s' ",
+			intval($item['uid']),
+			dbesc($item['author_xchan'])
+	);
+	if(! $r)
+		return;
+
+	$item['sig'] = base64url_encode(rsa_sign($item['body'],$r[0]['channel_prvkey']));
+	$item['item_verified'] = 1;
+
+}
+
+
 /**
  * @brief
  *
@@ -1537,24 +1557,12 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
 
 
 	$arr['lang'] = detect_language($arr['body']);
+
 	// apply the input filter here
 
-	if(array_key_exists('input_filtered_signed',$arr)) {
-		unset($arr['input_filtered_signed']);
-	}
-	else {
-		$arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec));
-
-		if(local_channel() && (local_channel() == $arr['uid'])) {
-			if(! $arr['sig']) {
-				$channel = App::get_channel();
-				if($channel['channel_hash'] === $arr['author_xchan']) {
-					$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
-					$arr['item_verified'] = 1;
-				}
-			}
-		}
-	}
+	$arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec));
+
+	item_sign($arr);
 
 	if(! array_key_exists('sig',$arr))
 		$arr['sig'] = '';
@@ -1967,22 +1975,11 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
 
 	$arr['lang'] = detect_language($arr['body']);
 
-	if(array_key_exists('input_filtered_signed',$arr)) {
-		unset($arr['input_filtered_signed']);
-	}
-	else {
-		$arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec));
-
-		if(local_channel() && (local_channel() == $arr['uid'])) {
-			if(! $arr['sig']) {
-				$channel = App::get_channel();
-				if($channel['channel_hash'] === $arr['author_xchan']) {
-					$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
-					$arr['item_verified'] = 1;
-				}
-			}
-		}
-	}
+	// apply the input filter here
+
+	$arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec));
+
+	item_sign($arr);
 
 	$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
 
diff --git a/include/photos.php b/include/photos.php
index dff45a0bc..62c7f1c12 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -344,21 +344,6 @@ function photo_upload($channel, $observer, $args) {
 				$item['tgt_type'] = ACTIVITY_OBJ_ALBUM;
 				$item['target']	= json_encode($target);
 
-				$item['body'] = trim(z_input_filter($item['body'],$item['mimetype'],false));
-
-				if($item['author_xchan'] === $channel['channel_hash']) {
-					$item['sig'] = base64url_encode(rsa_sign($item['body'],$channel['channel_prvkey']));
-					$item['item_verified']  = 1;
-				}
-				else {
-					$item['sig'] = '';
-				}
-
-				// notify item_store or item_store_update that the input has been filtered and signed already.
-				// The signing procedure in those functions uses local_channel() which may not apply here.
-
-				$item['input_filtered_signed'] = true;
-
 				$force = true;
 
 			}
-- 
cgit v1.2.3