Merge pull request #4276 from MrPetovan/bug/4272-upgrade-php-encryption
Remove RINO2
This commit is contained in:
Michael Vogel
GitHub
commit
ce411da958
|
|
@ -18,7 +18,6 @@
|
|||
"ezyang/htmlpurifier": "~4.7.0",
|
||||
"mobiledetect/mobiledetectlib": "2.8.*",
|
||||
"league/html-to-markdown": "~4.4.1",
|
||||
"defuse/php-encryption": "1.*",
|
||||
"pear/Text_LanguageDetect": "1.*",
|
||||
"pear/Text_Highlighter": "dev-master",
|
||||
"paragonie/random_compat": "^2.0",
|
||||
|
|
|
|||
47
composer.lock
generated
47
composer.lock
generated
|
|
@ -4,7 +4,7 @@
|
|||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "6cf3b635594e443a7268a3bd9100d62d",
|
||||
"content-hash": "7fcbb730be98076fe8318b03c858f41c",
|
||||
"packages": [
|
||||
{
|
||||
"name": "bower-asset/Chart-js",
|
||||
|
|
@ -69,51 +69,6 @@
|
|||
"description": "Base64 encoding and decoding",
|
||||
"time": "2017-03-25T21:16:21+00:00"
|
||||
},
|
||||
{
|
||||
"name": "defuse/php-encryption",
|
||||
"version": "v1.2.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/defuse/php-encryption.git",
|
||||
"reference": "b87737b2eec06b13f025cabea847338fa203d1b4"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/defuse/php-encryption/zipball/b87737b2eec06b13f025cabea847338fa203d1b4",
|
||||
"reference": "b87737b2eec06b13f025cabea847338fa203d1b4",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"ext-mcrypt": "*",
|
||||
"ext-openssl": "*",
|
||||
"php": ">=5.4.0"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"files": [
|
||||
"Crypto.php"
|
||||
]
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Taylor Hornby",
|
||||
"email": "havoc@defuse.ca"
|
||||
}
|
||||
],
|
||||
"description": "Secure PHP Encryption Library",
|
||||
"keywords": [
|
||||
"aes",
|
||||
"cipher",
|
||||
"encryption",
|
||||
"mcrypt",
|
||||
"security"
|
||||
],
|
||||
"time": "2015-03-14T20:27:45+00:00"
|
||||
},
|
||||
{
|
||||
"name": "ezyang/htmlpurifier",
|
||||
"version": "v4.7.0",
|
||||
|
|
|
|||
|
|
@ -61,10 +61,9 @@ $a->config['system']['maximagesize'] = 800000;
|
|||
$a->config['php_path'] = 'php';
|
||||
|
||||
// Server-to-server private message encryption (RINO) is allowed by default.
|
||||
// Encryption will only be provided if this setting is set to a non zero value
|
||||
// set to 0 to disable, 2 to enable, 1 is deprecated
|
||||
// set to 0 to disable, 1 to enable
|
||||
|
||||
$a->config['system']['rino_encrypt'] = 2;
|
||||
$a->config['system']['rino_encrypt'] = 1;
|
||||
|
||||
// allowed themes (change this from admin panel after installation)
|
||||
|
||||
|
|
|
|||
|
|
@ -488,7 +488,7 @@ function validate_url($url)
|
|||
/// @TODO Really suppress function outcomes? Why not find them + debug them?
|
||||
$h = @parse_url($url);
|
||||
|
||||
if ((is_array($h)) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) {
|
||||
if ((is_array($h)) && (@dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) {
|
||||
return $url;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1336,7 +1336,7 @@ function admin_page_site(App $a)
|
|||
|
||||
'$relocate_url' => ['relocate_url', t("New base url"), System::baseUrl(), t("Change base url for this server. Sends relocate message to all Friendica and Diaspora* contacts of all users.")],
|
||||
|
||||
'$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), ["Disabled", "RINO1 (deprecated)", "RINO2"]],
|
||||
'$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), [0 => "Disabled", 1 => "Enabled"]],
|
||||
|
||||
'$worker_queues' => ['worker_queues', t("Maximum number of parallel workers"), Config::get('system','worker_queues'), t("On shared hosters set this to 2. On larger systems, values of 10 are great. Default value is 4.")],
|
||||
'$worker_dont_fork' => ['worker_dont_fork', t("Don't use 'proc_open' with the worker"), Config::get('system','worker_dont_fork'), t("Enable this if your system doesn't allow the use of 'proc_open'. This can happen on shared hosters. If this is enabled you should increase the frequency of worker calls in your crontab.")],
|
||||
|
|
|
|||
|
|
@ -143,7 +143,7 @@ function dfrn_notify_post(App $a) {
|
|||
|
||||
// if local rino is lower than remote rino, abort: should not happen!
|
||||
// but only for $remote_rino > 1, because old code did't send rino version
|
||||
if ($rino_remote_version > 1 && $rino < $rino_remote) {
|
||||
if ($rino_remote > 1 && $rino < $rino_remote) {
|
||||
logger("rino version '$rino_remote' is lower than supported '$rino'");
|
||||
xml_status(0, "rino version '$rino_remote' is lower than supported '$rino'");
|
||||
}
|
||||
|
|
@ -166,44 +166,18 @@ function dfrn_notify_post(App $a) {
|
|||
}
|
||||
}
|
||||
|
||||
#logger('rino: received key : ' . $final_key);
|
||||
|
||||
switch($rino_remote) {
|
||||
case 0:
|
||||
case 1:
|
||||
/*
|
||||
*we got a key. old code send only the key, without RINO version.
|
||||
* we assume RINO 1 if key and no RINO version
|
||||
*/
|
||||
// we got a key. old code send only the key, without RINO version.
|
||||
// we assume RINO 1 if key and no RINO version
|
||||
$data = DFRN::aesDecrypt(hex2bin($data), $final_key);
|
||||
break;
|
||||
case 2:
|
||||
try {
|
||||
$data = \Crypto::decrypt(hex2bin($data), $final_key);
|
||||
} catch (\InvalidCiphertextException $ex) { // VERY IMPORTANT
|
||||
/*
|
||||
* Either:
|
||||
* 1. The ciphertext was modified by the attacker,
|
||||
* 2. The key is wrong, or
|
||||
* 3. $ciphertext is not a valid ciphertext or was corrupted.
|
||||
* Assume the worst.
|
||||
*/
|
||||
logger('The ciphertext has been tampered with!');
|
||||
xml_status(0, 'The ciphertext has been tampered with!');
|
||||
} catch (\CryptoTestFailedException $ex) {
|
||||
logger('Cannot safely perform dencryption');
|
||||
xml_status(0, 'CryptoTestFailed');
|
||||
} catch (\CannotPerformOperationException $ex) {
|
||||
logger('Cannot safely perform decryption');
|
||||
xml_status(0, 'Cannot safely perform decryption');
|
||||
}
|
||||
break;
|
||||
default:
|
||||
logger("rino: invalid sent version '$rino_remote'");
|
||||
xml_status(0, "Invalid sent version '$rino_remote'");
|
||||
}
|
||||
|
||||
|
||||
logger('rino: decrypted data: ' . $data, LOGGER_DATA);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ function install_post(App $a) {
|
|||
$timezone = notags(trim($_POST['timezone']));
|
||||
$language = notags(trim($_POST['language']));
|
||||
$adminmail = notags(trim($_POST['adminmail']));
|
||||
$rino = 2;
|
||||
$rino = 1;
|
||||
|
||||
// connect to db
|
||||
dba::connect($dbhost, $dbuser, $dbpass, $dbdata, true);
|
||||
|
|
|
|||
|
|
@ -22,11 +22,14 @@ use Friendica\Model\Term;
|
|||
use Friendica\Model\User;
|
||||
use Friendica\Object\Image;
|
||||
use Friendica\Protocol\OStatus;
|
||||
use Friendica\Util\Crypto;
|
||||
use Friendica\Util\XML;
|
||||
|
||||
use dba;
|
||||
use DOMDocument;
|
||||
use DOMXPath;
|
||||
use HTMLPurifier;
|
||||
use HTMLPurifier_Config;
|
||||
|
||||
require_once 'boot.php';
|
||||
require_once 'include/dba.php';
|
||||
|
|
@ -1291,31 +1294,9 @@ class DFRN
|
|||
|
||||
switch ($rino_remote_version) {
|
||||
case 1:
|
||||
// Deprecated rino version!
|
||||
$key = openssl_random_pseudo_bytes(16);
|
||||
$data = self::aesEncrypt($postvars['data'], $key);
|
||||
break;
|
||||
case 2:
|
||||
// RINO 2 based on php-encryption
|
||||
try {
|
||||
$key = \Crypto::CreateNewRandomKey();
|
||||
} catch (\CryptoTestFailedException $ex) {
|
||||
logger('Cannot safely create a key');
|
||||
return -4;
|
||||
} catch (\CannotPerformOperationException $ex) {
|
||||
logger('Cannot safely create a key');
|
||||
return -5;
|
||||
}
|
||||
try {
|
||||
$data = \Crypto::Encrypt($postvars['data'], $key);
|
||||
} catch (\CryptoTestFailedException $ex) {
|
||||
logger('Cannot safely perform encryption');
|
||||
return -6;
|
||||
} catch (\CannotPerformOperationException $ex) {
|
||||
logger('Cannot safely perform encryption');
|
||||
return -7;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
logger("rino: invalid requested version '$rino_remote_version'");
|
||||
return -8;
|
||||
|
|
@ -1324,9 +1305,6 @@ class DFRN
|
|||
$postvars['rino'] = $rino_remote_version;
|
||||
$postvars['data'] = bin2hex($data);
|
||||
|
||||
//logger('rino: sent key = ' . $key, LOGGER_DEBUG);
|
||||
|
||||
|
||||
if ($dfrn_version >= 2.1) {
|
||||
if (($contact['duplex'] && strlen($contact['pubkey']))
|
||||
|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
|
||||
|
|
@ -2177,8 +2155,6 @@ class DFRN
|
|||
* valid community action. Also forum_mode makes it valid for sure.
|
||||
* If neither, it's not.
|
||||
*/
|
||||
|
||||
/// @TODO Maybe merge these if() blocks into one?
|
||||
if ($is_a_remote_action && $community && (!$r[0]["forum_mode"]) && (!$r[0]["wall"])) {
|
||||
$is_a_remote_action = false;
|
||||
logger("not a community action");
|
||||
|
|
@ -2380,21 +2356,12 @@ class DFRN
|
|||
$title = "";
|
||||
foreach ($links as $link) {
|
||||
foreach ($link->attributes as $attributes) {
|
||||
/// @TODO Rewrite these repeated (same) if () statements to a switch()
|
||||
if ($attributes->name == "href") {
|
||||
$href = $attributes->textContent;
|
||||
}
|
||||
if ($attributes->name == "rel") {
|
||||
$rel = $attributes->textContent;
|
||||
}
|
||||
if ($attributes->name == "type") {
|
||||
$type = $attributes->textContent;
|
||||
}
|
||||
if ($attributes->name == "length") {
|
||||
$length = $attributes->textContent;
|
||||
}
|
||||
if ($attributes->name == "title") {
|
||||
$title = $attributes->textContent;
|
||||
switch ($attributes->name) {
|
||||
case "href" : $href = $attributes->textContent; break;
|
||||
case "rel" : $rel = $attributes->textContent; break;
|
||||
case "type" : $type = $attributes->textContent; break;
|
||||
case "length": $length = $attributes->textContent; break;
|
||||
case "title" : $title = $attributes->textContent; break;
|
||||
}
|
||||
}
|
||||
if (($rel != "") && ($href != "")) {
|
||||
|
|
@ -2489,13 +2456,13 @@ class DFRN
|
|||
|
||||
$item['body'] = OEmbed::HTML2BBCode($item['body']);
|
||||
|
||||
$config = \HTMLPurifier_Config::createDefault();
|
||||
$config = HTMLPurifier_Config::createDefault();
|
||||
$config->set('Cache.DefinitionImpl', null);
|
||||
|
||||
// we shouldn't need a whitelist, because the bbcode converter
|
||||
// will strip out any unsupported tags.
|
||||
|
||||
$purifier = new \HTMLPurifier($config);
|
||||
$purifier = new HTMLPurifier($config);
|
||||
$item['body'] = $purifier->purify($item['body']);
|
||||
|
||||
$item['body'] = @html2bbcode($item['body']);
|
||||
|
|
@ -2645,16 +2612,6 @@ class DFRN
|
|||
if (($item["network"] != $author["network"]) && ($author["network"] != "")) {
|
||||
$item["network"] = $author["network"];
|
||||
}
|
||||
|
||||
/// @TODO maybe remove this old-lost code then?
|
||||
// This code was taken from the old DFRN code
|
||||
// When activated, forums don't work.
|
||||
// And: Why should we disallow commenting by followers?
|
||||
// the behaviour is now similar to the Diaspora part.
|
||||
//if ($importer["rel"] == CONTACT_IS_FOLLOWER) {
|
||||
// logger("Contact ".$importer["id"]." is only follower. Quitting", LOGGER_DEBUG);
|
||||
// return;
|
||||
//}
|
||||
}
|
||||
|
||||
if ($entrytype == DFRN_REPLY_RC) {
|
||||
|
|
@ -2671,13 +2628,12 @@ class DFRN
|
|||
$ev = bbtoevent($item["body"]);
|
||||
if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) {
|
||||
logger("Event in item ".$item["uri"]." was found.", LOGGER_DEBUG);
|
||||
/// @TODO Mixure of "/' ahead ...
|
||||
$ev["cid"] = $importer["id"];
|
||||
$ev["uid"] = $importer["uid"];
|
||||
$ev["uri"] = $item["uri"];
|
||||
$ev["edited"] = $item["edited"];
|
||||
$ev['private'] = $item['private'];
|
||||
$ev["guid"] = $item["guid"];
|
||||
$ev["cid"] = $importer["id"];
|
||||
$ev["uid"] = $importer["uid"];
|
||||
$ev["uri"] = $item["uri"];
|
||||
$ev["edited"] = $item["edited"];
|
||||
$ev["private"] = $item["private"];
|
||||
$ev["guid"] = $item["guid"];
|
||||
|
||||
$r = q(
|
||||
"SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
|
||||
|
|
|
|||
|
|
@ -49,10 +49,9 @@ $a->config['php_path'] = '/usr/bin/php';
|
|||
|
||||
|
||||
// Server-to-server private message encryption (RINO) is allowed by default.
|
||||
// Encryption will only be provided if this setting is true and the
|
||||
// PHP mcrypt extension is installed on both systems
|
||||
// set to 0 to disable, 1 to enable
|
||||
|
||||
$a->config['system']['rino_encrypt'] = true;
|
||||
$a->config['system']['rino_encrypt'] = 1;
|
||||
|
||||
// default system theme
|
||||
|
||||
|
|
|
|||
|
|
@ -78,8 +78,7 @@ $a->config['max_import_size'] = 200000;
|
|||
$a->config['system']['maximagesize'] = 800000;
|
||||
|
||||
// Server-to-server private message encryption (RINO) is allowed by default.
|
||||
// Encryption will only be provided if this setting is set to a non zero value
|
||||
// set to 0 to disable, 2 to enable, 1 is deprecated
|
||||
// set to 0 to disable, 1 to enable
|
||||
|
||||
$a->config['system']['rino_encrypt'] = {{$rino}};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue