From a2d1c18f846d7e589eb6e8e11fd67927eb89e383 Mon Sep 17 00:00:00 2001 From: Roland Haeder Date: Fri, 27 Mar 2015 23:16:34 +0100 Subject: [PATCH] Possible hack for tags from private dents in public profile or wrong scope (both privacy leak). Signed-off-by: Roland Haeder --- plugins/TagCloud/actions/publictagcloud.php | 25 +++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/plugins/TagCloud/actions/publictagcloud.php b/plugins/TagCloud/actions/publictagcloud.php index e557b75fd0..d2f5a3d640 100644 --- a/plugins/TagCloud/actions/publictagcloud.php +++ b/plugins/TagCloud/actions/publictagcloud.php @@ -108,6 +108,8 @@ class PublictagcloudAction extends Action #even though MySQL seems to let it slide... $tags->selectAdd(); $tags->selectAdd('tag'); + $tags->selectAdd('notice_id'); + $tags->selectAdd('scope'); #Add the aggregated columns... $tags->selectAdd('max(notice_id) as last_notice_id'); @@ -115,6 +117,7 @@ class PublictagcloudAction extends Action $cutoff = sprintf("notice_tag.created > '%s'", common_sql_date(time() - common_config('tag', 'cutoff'))); $tags->selectAdd($calc . ' as weight'); + $tags->joinAdd(array('notice_id', 'notice:id')); $tags->whereAdd($cutoff); $tags->groupBy('tag'); $tags->orderBy('weight DESC'); @@ -130,6 +133,28 @@ class PublictagcloudAction extends Action $tw = array(); $sum = 0; while ($tags->fetch()) { + // Check scope: + + // 1) Get notice object and set id + $notice = new Notice(); + $notice->id = $tags->notice_id; + $notice->scope = $tags->scope; + + // Is it private scope? + if ($notice->isPrivateScope()) { + // 2) Get current profile + $profile = Profile::current(); + + // Is the profile not set? + if (!$profile instanceof Profile) { + // Public viewer shall not see a tag from a private dent (privacy leak) + continue; + } elseif (!$notice->inScope($profile)) { + // Current profile is not in scope (not allowed to see) of notice + continue; + } + } + $tw[$tags->tag] = $tags->weight; $sum += $tags->weight; } -- 2.39.5