"ezyang/htmlpurifier": "~4.7.0",\r
"mobiledetect/mobiledetectlib": "2.8.*",\r
"league/html-to-markdown": "~4.4.1",\r
- "defuse/php-encryption": "1.*",\r
"pear/Text_LanguageDetect": "1.*",\r
"pear/Text_Highlighter": "dev-master",\r
"paragonie/random_compat": "^2.0",\r
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
- "content-hash": "6cf3b635594e443a7268a3bd9100d62d",
+ "content-hash": "7fcbb730be98076fe8318b03c858f41c",
"packages": [
{
"name": "bower-asset/Chart-js",
"description": "Base64 encoding and decoding",
"time": "2017-03-25T21:16:21+00:00"
},
- {
- "name": "defuse/php-encryption",
- "version": "v1.2.1",
- "source": {
- "type": "git",
- "url": "https://github.com/defuse/php-encryption.git",
- "reference": "b87737b2eec06b13f025cabea847338fa203d1b4"
- },
- "dist": {
- "type": "zip",
- "url": "https://api.github.com/repos/defuse/php-encryption/zipball/b87737b2eec06b13f025cabea847338fa203d1b4",
- "reference": "b87737b2eec06b13f025cabea847338fa203d1b4",
- "shasum": ""
- },
- "require": {
- "ext-mcrypt": "*",
- "ext-openssl": "*",
- "php": ">=5.4.0"
- },
- "type": "library",
- "autoload": {
- "files": [
- "Crypto.php"
- ]
- },
- "notification-url": "https://packagist.org/downloads/",
- "license": [
- "MIT"
- ],
- "authors": [
- {
- "name": "Taylor Hornby",
- "email": "havoc@defuse.ca"
- }
- ],
- "description": "Secure PHP Encryption Library",
- "keywords": [
- "aes",
- "cipher",
- "encryption",
- "mcrypt",
- "security"
- ],
- "time": "2015-03-14T20:27:45+00:00"
- },
{
"name": "ezyang/htmlpurifier",
"version": "v4.7.0",
$a->config['php_path'] = 'php';
// Server-to-server private message encryption (RINO) is allowed by default.
-// Encryption will only be provided if this setting is set to a non zero value
-// set to 0 to disable, 2 to enable, 1 is deprecated
+// set to 0 to disable, 1 to enable
-$a->config['system']['rino_encrypt'] = 2;
+$a->config['system']['rino_encrypt'] = 1;
// allowed themes (change this from admin panel after installation)
/// @TODO Really suppress function outcomes? Why not find them + debug them?
$h = @parse_url($url);
- if ((is_array($h)) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) {
+ if ((is_array($h)) && (@dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) {
return $url;
}
'$relocate_url' => ['relocate_url', t("New base url"), System::baseUrl(), t("Change base url for this server. Sends relocate message to all Friendica and Diaspora* contacts of all users.")],
- '$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), ["Disabled", "RINO1 (deprecated)", "RINO2"]],
+ '$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), [0 => "Disabled", 1 => "Enabled"]],
'$worker_queues' => ['worker_queues', t("Maximum number of parallel workers"), Config::get('system','worker_queues'), t("On shared hosters set this to 2. On larger systems, values of 10 are great. Default value is 4.")],
'$worker_dont_fork' => ['worker_dont_fork', t("Don't use 'proc_open' with the worker"), Config::get('system','worker_dont_fork'), t("Enable this if your system doesn't allow the use of 'proc_open'. This can happen on shared hosters. If this is enabled you should increase the frequency of worker calls in your crontab.")],
// if local rino is lower than remote rino, abort: should not happen!
// but only for $remote_rino > 1, because old code did't send rino version
- if ($rino_remote_version > 1 && $rino < $rino_remote) {
+ if ($rino_remote > 1 && $rino < $rino_remote) {
logger("rino version '$rino_remote' is lower than supported '$rino'");
xml_status(0, "rino version '$rino_remote' is lower than supported '$rino'");
}
}
}
- #logger('rino: received key : ' . $final_key);
-
switch($rino_remote) {
case 0:
case 1:
- /*
- *we got a key. old code send only the key, without RINO version.
- * we assume RINO 1 if key and no RINO version
- */
+ // we got a key. old code send only the key, without RINO version.
+ // we assume RINO 1 if key and no RINO version
$data = DFRN::aesDecrypt(hex2bin($data), $final_key);
break;
- case 2:
- try {
- $data = \Crypto::decrypt(hex2bin($data), $final_key);
- } catch (\InvalidCiphertextException $ex) { // VERY IMPORTANT
- /*
- * Either:
- * 1. The ciphertext was modified by the attacker,
- * 2. The key is wrong, or
- * 3. $ciphertext is not a valid ciphertext or was corrupted.
- * Assume the worst.
- */
- logger('The ciphertext has been tampered with!');
- xml_status(0, 'The ciphertext has been tampered with!');
- } catch (\CryptoTestFailedException $ex) {
- logger('Cannot safely perform dencryption');
- xml_status(0, 'CryptoTestFailed');
- } catch (\CannotPerformOperationException $ex) {
- logger('Cannot safely perform decryption');
- xml_status(0, 'Cannot safely perform decryption');
- }
- break;
default:
logger("rino: invalid sent version '$rino_remote'");
xml_status(0, "Invalid sent version '$rino_remote'");
}
-
logger('rino: decrypted data: ' . $data, LOGGER_DATA);
}
$timezone = notags(trim($_POST['timezone']));
$language = notags(trim($_POST['language']));
$adminmail = notags(trim($_POST['adminmail']));
- $rino = 2;
+ $rino = 1;
// connect to db
dba::connect($dbhost, $dbuser, $dbpass, $dbdata, true);
use Friendica\Model\User;
use Friendica\Object\Image;
use Friendica\Protocol\OStatus;
+use Friendica\Util\Crypto;
use Friendica\Util\XML;
use dba;
use DOMDocument;
use DOMXPath;
+use HTMLPurifier;
+use HTMLPurifier_Config;
require_once 'boot.php';
require_once 'include/dba.php';
switch ($rino_remote_version) {
case 1:
- // Deprecated rino version!
$key = openssl_random_pseudo_bytes(16);
$data = self::aesEncrypt($postvars['data'], $key);
break;
- case 2:
- // RINO 2 based on php-encryption
- try {
- $key = \Crypto::CreateNewRandomKey();
- } catch (\CryptoTestFailedException $ex) {
- logger('Cannot safely create a key');
- return -4;
- } catch (\CannotPerformOperationException $ex) {
- logger('Cannot safely create a key');
- return -5;
- }
- try {
- $data = \Crypto::Encrypt($postvars['data'], $key);
- } catch (\CryptoTestFailedException $ex) {
- logger('Cannot safely perform encryption');
- return -6;
- } catch (\CannotPerformOperationException $ex) {
- logger('Cannot safely perform encryption');
- return -7;
- }
- break;
default:
logger("rino: invalid requested version '$rino_remote_version'");
return -8;
$postvars['rino'] = $rino_remote_version;
$postvars['data'] = bin2hex($data);
- //logger('rino: sent key = ' . $key, LOGGER_DEBUG);
-
-
if ($dfrn_version >= 2.1) {
if (($contact['duplex'] && strlen($contact['pubkey']))
|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
* valid community action. Also forum_mode makes it valid for sure.
* If neither, it's not.
*/
-
- /// @TODO Maybe merge these if() blocks into one?
if ($is_a_remote_action && $community && (!$r[0]["forum_mode"]) && (!$r[0]["wall"])) {
$is_a_remote_action = false;
logger("not a community action");
$title = "";
foreach ($links as $link) {
foreach ($link->attributes as $attributes) {
- /// @TODO Rewrite these repeated (same) if () statements to a switch()
- if ($attributes->name == "href") {
- $href = $attributes->textContent;
- }
- if ($attributes->name == "rel") {
- $rel = $attributes->textContent;
- }
- if ($attributes->name == "type") {
- $type = $attributes->textContent;
- }
- if ($attributes->name == "length") {
- $length = $attributes->textContent;
- }
- if ($attributes->name == "title") {
- $title = $attributes->textContent;
+ switch ($attributes->name) {
+ case "href" : $href = $attributes->textContent; break;
+ case "rel" : $rel = $attributes->textContent; break;
+ case "type" : $type = $attributes->textContent; break;
+ case "length": $length = $attributes->textContent; break;
+ case "title" : $title = $attributes->textContent; break;
}
}
if (($rel != "") && ($href != "")) {
$item['body'] = OEmbed::HTML2BBCode($item['body']);
- $config = \HTMLPurifier_Config::createDefault();
+ $config = HTMLPurifier_Config::createDefault();
$config->set('Cache.DefinitionImpl', null);
// we shouldn't need a whitelist, because the bbcode converter
// will strip out any unsupported tags.
- $purifier = new \HTMLPurifier($config);
+ $purifier = new HTMLPurifier($config);
$item['body'] = $purifier->purify($item['body']);
$item['body'] = @html2bbcode($item['body']);
if (($item["network"] != $author["network"]) && ($author["network"] != "")) {
$item["network"] = $author["network"];
}
-
- /// @TODO maybe remove this old-lost code then?
- // This code was taken from the old DFRN code
- // When activated, forums don't work.
- // And: Why should we disallow commenting by followers?
- // the behaviour is now similar to the Diaspora part.
- //if ($importer["rel"] == CONTACT_IS_FOLLOWER) {
- // logger("Contact ".$importer["id"]." is only follower. Quitting", LOGGER_DEBUG);
- // return;
- //}
}
if ($entrytype == DFRN_REPLY_RC) {
$ev = bbtoevent($item["body"]);
if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) {
logger("Event in item ".$item["uri"]." was found.", LOGGER_DEBUG);
- /// @TODO Mixure of "/' ahead ...
- $ev["cid"] = $importer["id"];
- $ev["uid"] = $importer["uid"];
- $ev["uri"] = $item["uri"];
- $ev["edited"] = $item["edited"];
- $ev['private'] = $item['private'];
- $ev["guid"] = $item["guid"];
+ $ev["cid"] = $importer["id"];
+ $ev["uid"] = $importer["uid"];
+ $ev["uri"] = $item["uri"];
+ $ev["edited"] = $item["edited"];
+ $ev["private"] = $item["private"];
+ $ev["guid"] = $item["guid"];
$r = q(
"SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
// Server-to-server private message encryption (RINO) is allowed by default.
-// Encryption will only be provided if this setting is true and the
-// PHP mcrypt extension is installed on both systems
+// set to 0 to disable, 1 to enable
-$a->config['system']['rino_encrypt'] = true;
+$a->config['system']['rino_encrypt'] = 1;
// default system theme
$a->config['system']['maximagesize'] = 800000;
// Server-to-server private message encryption (RINO) is allowed by default.
-// Encryption will only be provided if this setting is set to a non zero value
-// set to 0 to disable, 2 to enable, 1 is deprecated
+// set to 0 to disable, 1 to enable
$a->config['system']['rino_encrypt'] = {{$rino}};