Merge pull request #1683 from fabrixxm/issue-1655

author Michael Vogel <icarus@dabo.de>

Sat, 27 Jun 2015 15:39:00 +0000 (17:39 +0200)

committer Michael Vogel <icarus@dabo.de>

Sat, 27 Jun 2015 15:39:00 +0000 (17:39 +0200)
author Michael Vogel <icarus@dabo.de>
Sat, 27 Jun 2015 15:39:00 +0000 (17:39 +0200)
committer Michael Vogel <icarus@dabo.de>
Sat, 27 Jun 2015 15:39:00 +0000 (17:39 +0200)
diff --combined include/items.php

index 2ff7bffbe3adccbafe7511c0bbcfddd3d796694e,a13abf28656808d6a50a616c5544fd77bead158b..475980d2dc972584aaef409cbf64134566b53c1a
--- 1/include/items.php
--- 2/include/items.php
+++ b/include/items.php
@@@ -15,6 -15,9 +15,9 @@@ require_once('include/plaintext.php')
   require_once('include/ostatus.php');
   require_once('mod/share.php');
   
+ require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
+ 
+ 
   function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false) {
   
   
@@@ -38,7 -41,7 +41,7 @@@
   
         // default permissions - anonymous user
   
- -      $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid`  = '' AND `deny_gid`  = '' ";
+ +      $sql_extra = " AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' ";
   
         $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`
                 FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`
@@@ -118,10 -121,9 +121,10 @@@
   
         // Include answers to status.net posts in pubsub feeds
         if($forpubsub) {
- -              $sql_post_table = "INNER JOIN `thread` ON `thread`.`iid` = `item`.`parent` ";
- -              $visibility = sprintf("AND (`item`.`parent` = `item`.`id`) OR (`item`.`network` = '%s' AND `thread`.`network`='%s')",
- -                                      dbesc(NETWORK_DFRN), dbesc(NETWORK_OSTATUS));
+ +              $sql_post_table = "INNER JOIN `thread` ON `thread`.`iid` = `item`.`parent`
+ +                              LEFT JOIN `item` AS `thritem` ON `thritem`.`uri`=`item`.`thr-parent` AND `thritem`.`uid`=`item`.`uid`";
+ +              $visibility = sprintf("AND (`item`.`parent` = `item`.`id`) OR (`item`.`network` = '%s' AND ((`thread`.`network`='%s') OR (`thritem`.`network` = '%s')))",
+ +                                      dbesc(NETWORK_DFRN), dbesc(NETWORK_OSTATUS), dbesc(NETWORK_OSTATUS));
                 $date_field = "`received`";
                 $sql_order = "`item`.`received` DESC";
         } else {
@@@ -1983,13 -1985,13 +1986,13 @@@ function dfrn_deliver($owner,$contact,$
         if($contact['duplex'] && $contact['issued-id'])
                 $idtosend = '1:' . $orig_id;
   
-       $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
- 
-       $rino_enable = get_config('system','rino_encrypt');
+     
+       $rino = get_config('system','rino_encrypt');
+       $rino = intval($rino);
   
-       if(! $rino_enable)
-               $rino = 0;
+    
   
+       
         $ssl_val = intval(get_config('system','ssl_policy'));
         $ssl_policy = '';
   
@@@ -2006,7 -2008,7 +2009,7 @@@
                         break;
         }
   
-       $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
+       $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino='.$rino : '');
   
         logger('dfrn_deliver: ' . $url);
   
@@@ -2037,7 -2039,7 +2040,7 @@@
         $challenge    = hex2bin((string) $res->challenge);
         $perm         = (($res->perm) ? $res->perm : null);
         $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
-       $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
+       $rino_remote_version = intval($res->rino);
         $page         = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
   
         if($owner['page-flags'] == PAGE_PRVGROUP)
@@@ -2098,11 -2100,46 +2101,46 @@@
         if($page)
                 $postvars['page'] = $page;
   
-       if($rino && $rino_allowed && (! $dissolve)) {
-               $key = substr(random_string(),0,16);
-               $data = bin2hex(aes_encrypt($postvars['data'],$key));
-               $postvars['data'] = $data;
-               logger('rino: sent key = ' . $key, LOGGER_DEBUG);
+ 
+       if($rino>0 && $rino_remote_version>0 && (! $dissolve)) {
+               logger('rino version: '. $rino_remote_version);
+ 
+               switch($rino_remote_version) {
+                       case 1:
+                               // Deprecated rino version!
+                               $key = substr(random_string(),0,16);
+                               $data = aes_encrypt($postvars['data'],$key);
+                               break;
+                       case 2:
+                               // RINO 2 based on php-encryption
+                               try {
+                                       $key = Crypto::createNewRandomKey();
+                               } catch (CryptoTestFailed $ex) {
+                                       logger('Cannot safely create a key');
+                                       return -1;
+                               } catch (CannotPerformOperation $ex) {
+                                       logger('Cannot safely create a key');
+                                       return -1; 
+                               }
+                               try {
+                                       $data = Crypto::encrypt($postvars['data'], $key);
+                               } catch (CryptoTestFailed $ex) {
+                                       logger('Cannot safely perform encryption');
+                                       return -1; 
+                               } catch (CannotPerformOperation $ex) {
+                                       logger('Cannot safely perform encryption');
+                                       return -1; 
+                               }
+                               break;
+                       default:
+                               logger("rino: invalid requested verision '$rino_remote_version'");
+                               return -1;
+               }
+               
+               $postvars['rino'] = $rino_remote_version;
+               $postvars['data'] = bin2hex($data);
+               
+               #logger('rino: sent key = ' . $key, LOGGER_DEBUG);
   
   
                 if($dfrn_version >= 2.1) {
@@@ -2129,6 -2166,7 +2167,7 @@@
   
                 $postvars['key'] = bin2hex($postvars['key']);
         }
+       
   
         logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA);
   
diff --combined mod/admin.php

index abdf7162dfec79afa7b678369e97672adc8f1937,e3bade1a998f671d13bc393976fe3af8ab0b1c05..28a7a91e4be2eb14445147c5ca68355f4e07ab5d
--- 1/mod/admin.php
--- 2/mod/admin.php
+++ b/mod/admin.php
@@@ -379,7 -379,9 +379,9 @@@ function admin_page_site_post(&$a)
         $proxy_disabled         =       ((x($_POST,'proxy_disabled'))           ? True                                          : False);
         $old_pager              =       ((x($_POST,'old_pager'))                ? True                                          : False);
         $only_tag_search        =       ((x($_POST,'only_tag_search'))          ? True                                          : False);
- 
+       $rino                   =       ((x($_POST,'rino'))                             ? intval($_POST['rino'])                                : 0);
+       
+       
         if($ssl_policy != intval(get_config('system','ssl_policy'))) {
                 if($ssl_policy == SSL_POLICY_FULL) {
                         q("update `contact` set
@@@ -432,6 -434,7 +434,7 @@@
         set_config('system','suppress_tags',$suppress_tags);
         set_config('system','shortcut_icon',$shortcut_icon);
         set_config('system','touch_icon',$touch_icon);
+       
         if ($banner==""){
                 // don't know why, but del_config doesn't work...
                 q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
@@@ -515,6 -518,9 +518,9 @@@
         set_config('system','old_pager', $old_pager);
         set_config('system','only_tag_search', $only_tag_search);
   
+       set_config('system','rino_encrypt', $rino);
+       
+       
         info( t('Site settings updated.') . EOL);
         goaway($a->get_baseurl(true) . '/admin/site' );
         return; // NOTREACHED
@@@ -695,7 -701,10 +701,10 @@@ function admin_page_site(&$a) 
                 '$only_tag_search'      => array('only_tag_search', t("Only search in tags"), get_config('system','only_tag_search'), t("On large systems the text search can slow down the system extremely.")),
   
                 '$relocate_url'     => array('relocate_url', t("New base url"), $a->get_baseurl(), "Change base url for this server. Sends relocate message to all DFRN contacts of all users."),
-       '$form_security_token' => get_form_security_token("admin_site")
+               
+               '$rino'                 => array('rino', t("RINO Encryption"), intval(get_config('system','rino_encrypt')), t("Encryption layer between nodes."), array("Disabled", "RINO1 (deprecated)", "RINO2")),
+               
+               '$form_security_token' => get_form_security_token("admin_site")
   
         ));
   
@@@ -792,7 -801,7 +801,7 @@@ function admin_page_users_post(&$a)
         $nu_nickname = ( x($_POST, 'new_user_nickname') ? $_POST['new_user_nickname'] : '');
         $nu_email = ( x($_POST, 'new_user_email') ? $_POST['new_user_email'] : '');
   
- -      check_form_security_token_redirectOnErr('/admin/users', 'admin_users');
+ +      check_form_security_token_redirectOnErr($a->get_baseurl().'/admin/users', 'admin_users');
   
         if (!($nu_name==="") && !($nu_email==="") && !($nu_nickname==="")) {
                 require_once('include/user.php');
@@@ -946,8 -955,11 +955,8 @@@ function admin_page_users(&$a)
                                 intval($a->pager['itemspage'])
                                 );
   
- -      function _setup_users($e){
- -              $a = get_app();
- -
- -              $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
- -
+ +      $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
+ +      $_setup_users = function ($e) use ($adminlist){
                 $accounts = Array(
                         t('Normal Account'),
                         t('Soapbox Account'),
@@@ -960,11 -972,10 +969,11 @@@
                 $e['lastitem_date'] = relative_date($e['lastitem_date']);
                 //$e['is_admin'] = ($e['email'] === $a->config['admin_email']);
                 $e['is_admin'] = in_array($e['email'], $adminlist);
+ +              $e['is_deletable'] = (intval($e['uid']) != local_user());
                 $e['deleted'] = ($e['account_removed']?relative_date($e['account_expires_on']):False);
                 return $e;
- -      }
- -      $users = array_map("_setup_users", $users);
+ +      };
+ +      $users = array_map($_setup_users, $users);
   
   
         // Get rid of dashes in key names, Smarty3 can't handle them
author	Michael Vogel <icarus@dabo.de>
	Sat, 27 Jun 2015 15:39:00 +0000 (17:39 +0200)
committer	Michael Vogel <icarus@dabo.de>
	Sat, 27 Jun 2015 15:39:00 +0000 (17:39 +0200)
		1	2
include/items.php	patch \|	diff1 \|	diff2 \|	blob \| history
mod/admin.php	patch \|	diff1 \|	diff2 \|	blob \| history