*** Privacy Leak fixed: ***

- isCurrentProfileInScope() is now more asked if the current profile is allowed
  to see the given notice. It was possible (with upstream master) to see private
  messages in RSS and (possible) JSON feeds

Signed-off-by: Roland Haeder <roland@mxchange.org>

diff --git a/actions/apisearchatom.php b/actions/apisearchatom.php
index 18a1aa24cc4418f861e18d45923c0e876e7597e5..c1aa43483e4549b1cc04b2b45d48997e301a78a8 100644 (file)
--- a/actions/apisearchatom.php
+++ b/actions/apisearchatom.php
@@ -167,6 +167,12 @@ class ApiSearchAtomAction extends ApiPrivateAuthAction
 
         if ($this->cnt > 0) {
             while ($notice->fetch()) {
+                // Check scope of notice to current profile (including guests)
+                if (!$notice->isCurrentProfileInScope()) {
+                    // Not in scope
+                    continue;
+                }
+
                 ++$cnt;
 
                 if (!$this->max_id) {

diff --git a/actions/apisearchjson.php b/actions/apisearchjson.php
index 424773f12bf6bb41e7aea20b4ca780f447e764d8..4b46109b982e1d1988e3531a0c0539d641aa8f43 100644 (file)
--- a/actions/apisearchjson.php
+++ b/actions/apisearchjson.php
@@ -118,7 +118,16 @@ class ApiSearchJSONAction extends ApiPrivateAuthAction
         $search_engine->limit(($this->page - 1) * $this->rpp, $this->rpp + 1);
         if ($search_engine->query($this->query)) {
             $cnt = $notice->find();
-            $this->notices = $notice->fetchAll();
+            foreach ($notice->fetchAll() as $testNotice) {
+                // Must be true
+                assert($testNotice instanceof Notice);
+
+                // Check scope of notice to current profile (including guests)
+                if ($testNotice->isCurrentProfileInScope()) {
+                    // In scope
+                    $this->notices[] = $testNotice;
+                }
+            } // END - if
         }
 
        $this->showJsonTimeline($this->notices);

diff --git a/actions/noticesearchrss.php b/actions/noticesearchrss.php
index b12ea8de9cab4ffeac8aa94431fa451254ce128f..f52d69dfdfd0f992895697801d89d933ed7e075c 100644 (file)
--- a/actions/noticesearchrss.php
+++ b/actions/noticesearchrss.php
@@ -80,7 +80,11 @@ class NoticesearchrssAction extends Rss10Action
 
         if ($cnt > 0) {
             while ($notice->fetch()) {
-                $notices[] = clone($notice);
+                // Check scope of notice to current profile (including guests)
+                if ($notice->isCurrentProfileInScope()) {
+                    // Is in scope
+                    $notices[] = clone($notice);
+                }
             }
         }
 

diff --git a/classes/Notice.php b/classes/Notice.php
index 7b9cfd9e5b020c9f6a5fc312707ebfb537a15748..15e50acbe0de0c748199e6fc606f1c3125299844 100644 (file)
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -2944,4 +2944,37 @@ class Notice extends Managed_DataObject
             $notice->_setReplies($ids);
         }
     }
+
+    /**
+     * Checks whether the current profile is allowed (in scope) to see this notice.
+     *
+     * @return $inScope Whether the current profile is allowed to see this notice
+     */
+    function isCurrentProfileInScope () {
+        // Check scope, default is allowed
+        $inScope = TRUE;
+
+        //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',this->id=' . $this->id . ',this->scope=' . $this->scope);
+
+        // Is it private scope?
+        if ($this->isPrivateScope()) {
+            // 2) Get current profile
+            $profile = Profile::current();
+
+            // Is the profile not set?
+            if (!$profile instanceof Profile) {
+                // Public viewer shall not see a tag from a private dent (privacy leak)
+                //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] Not logged in (public view).');
+                $inScope = FALSE;
+            } elseif (!$this->inScope($profile)) {
+                // Current profile is not in scope (not allowed to see) of notice
+                //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] profile->id=' . $profile->id . ' is not allowed to see this notice.');
+                $inScope = FALSE;
+            }
+        }
+
+        // Return result
+        //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',this->weight=' . $this->weight . ',inScope=' . intval($inScope) . ' - EXIT!');
+        return $inScope;
+    }
 }

diff --git a/classes/Notice_tag.php b/classes/Notice_tag.php
index d921b07594c4c99b9343ceb8bc376879466f64f9..78ef5136bd95aa49b697fefdb5c7a6f0cd80e8f5 100644 (file)
--- a/classes/Notice_tag.php
+++ b/classes/Notice_tag.php
@@ -107,21 +107,7 @@ class Notice_tag extends Managed_DataObject
         //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',notice->id=' . $notice->id . ',notice->scope=' . $notice->scope);
 
         // Is it private scope?
-        if ($notice->isPrivateScope()) {
-            // 2) Get current profile
-            $profile = Profile::current();
-
-            // Is the profile not set?
-            if (!$profile instanceof Profile) {
-                // Public viewer shall not see a tag from a private dent (privacy leak)
-                //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] Not logged in (public view).');
-                $inScope = FALSE;
-            } elseif (!$notice->inScope($profile)) {
-                // Current profile is not in scope (not allowed to see) of notice
-                //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] profile->id=' . $profile->id . ' is not allowed to see this tag.');
-                $inScope = FALSE;
-            }
-        }
+        $inScope = $notice->isCurrentProfileInScope();
 
         // Return result
         //* NOISY-DEBUG: */ common_debug('[' . __METHOD__ . ':' . __LINE__ . '] this->tag=' . $this->tag . ',this->weight=' . $this->weight . ',inScope=' . intval($inScope) . ' - EXIT!');

diff --git a/lib/search_engines.php b/lib/search_engines.php
index 7f1684a3e756b0a2cd7ea3b4ba79970bb4486915..6014c89923e302e8584fff2f5f0b5aac555d394f 100644 (file)
--- a/lib/search_engines.php
+++ b/lib/search_engines.php
@@ -84,7 +84,6 @@ class MySQLSearch extends SearchEngine
                 $this->target->whereAdd('MATCH(nickname, fullname, location, bio, homepage) ' .
                                         'AGAINST (\''.$this->target->escape(strtolower($q)).'\' IN BOOLEAN MODE)', 'OR');
             }
-            return true;
         } else if ('notice' === $this->table) {
 
             // Don't show imported notices
@@ -100,10 +99,11 @@ class MySQLSearch extends SearchEngine
                                          'AGAINST (\''.$this->target->escape($q).'\' IN BOOLEAN MODE)');
             }
 
-            return true;
         } else {
             throw new ServerException('Unknown table: ' . $this->table);
         }
+
+        return true;
     }
 }
 

diff --git a/lib/tagcloudsection.php b/lib/tagcloudsection.php
index 268540cf9be4a97193035ea82d9919acd06ce6b7..5da138fd32061f6cc6fd7aaabc311d36e3d749ea 100644 (file)
--- a/lib/tagcloudsection.php
+++ b/lib/tagcloudsection.php
@@ -64,6 +64,7 @@ class TagCloudSection extends Section
         $sum = 0;
 
         while ($tags->fetch() && ++$cnt <= TAGS_PER_SECTION) {
+            // Check scope of tag to current profile (including guests)
             if ($tags->isCurrentProfileInScope()) {
                 $tw[$tags->tag] = $tags->weight;
                 $sum += $tags->weight;