From 3346f2ebf403f7522577255d818664ef94bb4f2f Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Fri, 27 Mar 2015 23:16:34 +0100 Subject: [PATCH] Possible hack for tags from private dents in public profile or wrong scope (both privacy leak). Signed-off-by: Roland Haeder --- actions/publictagcloud.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/actions/publictagcloud.php b/actions/publictagcloud.php index 6d0d4237e9..1f169cfc5f 100644 --- a/actions/publictagcloud.php +++ b/actions/publictagcloud.php @@ -110,6 +110,8 @@ class PublictagcloudAction extends Action */ $tags->selectAdd(); $tags->selectAdd('tag'); + $tags->selectAdd('notice_id'); + $tags->selectAdd('scope'); // Add the aggregated columns... $tags->selectAdd('max(notice_id) as last_notice_id'); @@ -117,6 +119,7 @@ class PublictagcloudAction extends Action $cutoff = sprintf("notice_tag.created > '%s'", common_sql_date(time() - common_config('tag', 'cutoff'))); $tags->selectAdd($calc . ' as weight'); + $tags->joinAdd(array('notice_id', 'notice:id')); $tags->whereAdd($cutoff); $tags->groupBy('tag'); $tags->orderBy('weight DESC'); @@ -132,6 +135,28 @@ class PublictagcloudAction extends Action $tw = array(); $sum = 0; while ($tags->fetch()) { + // Check scope: + + // 1) Get notice object and set id + $notice = new Notice(); + $notice->id = $tags->notice_id; + $notice->scope = $tags->scope; + + // Is it private scope? + if ($notice->isPrivateScope()) { + // 2) Get current profile + $profile = Profile::current(); + + // Is the profile not set? + if (!$profile instanceof Profile) { + // Public viewer shall not see a tag from a private dent (privacy leak) + continue; + } elseif (!$notice->inScope($profile)) { + // Current profile is not in scope (not allowed to see) of notice + continue; + } + } + $tw[$tags->tag] = $tags->weight; $sum += $tags->weight; } -- 2.39.5