diff --git a/composer.json b/composer.json index 77322add0..19fa2b1c3 100644 --- a/composer.json +++ b/composer.json @@ -18,7 +18,6 @@ "ezyang/htmlpurifier": "~4.7.0", "mobiledetect/mobiledetectlib": "2.8.*", "league/html-to-markdown": "~4.4.1", - "defuse/php-encryption": "1.*", "pear/Text_LanguageDetect": "1.*", "pear/Text_Highlighter": "dev-master", "paragonie/random_compat": "^2.0", diff --git a/composer.lock b/composer.lock index ce9741ae1..a67eb0e1c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "6cf3b635594e443a7268a3bd9100d62d", + "content-hash": "7fcbb730be98076fe8318b03c858f41c", "packages": [ { "name": "bower-asset/Chart-js", @@ -69,51 +69,6 @@ "description": "Base64 encoding and decoding", "time": "2017-03-25T21:16:21+00:00" }, - { - "name": "defuse/php-encryption", - "version": "v1.2.1", - "source": { - "type": "git", - "url": "https://github.com/defuse/php-encryption.git", - "reference": "b87737b2eec06b13f025cabea847338fa203d1b4" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/defuse/php-encryption/zipball/b87737b2eec06b13f025cabea847338fa203d1b4", - "reference": "b87737b2eec06b13f025cabea847338fa203d1b4", - "shasum": "" - }, - "require": { - "ext-mcrypt": "*", - "ext-openssl": "*", - "php": ">=5.4.0" - }, - "type": "library", - "autoload": { - "files": [ - "Crypto.php" - ] - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Taylor Hornby", - "email": "havoc@defuse.ca" - } - ], - "description": "Secure PHP Encryption Library", - "keywords": [ - "aes", - "cipher", - "encryption", - "mcrypt", - "security" - ], - "time": "2015-03-14T20:27:45+00:00" - }, { "name": "ezyang/htmlpurifier", "version": "v4.7.0", diff --git a/htconfig.php b/htconfig.php index 67db66e86..1661dd30e 100644 --- a/htconfig.php +++ b/htconfig.php @@ -61,10 +61,9 @@ $a->config['system']['maximagesize'] = 800000; $a->config['php_path'] = 'php'; // Server-to-server private message encryption (RINO) is allowed by default. -// Encryption will only be provided if this setting is set to a non zero value -// set to 0 to disable, 2 to enable, 1 is deprecated +// set to 0 to disable, 1 to enable -$a->config['system']['rino_encrypt'] = 2; +$a->config['system']['rino_encrypt'] = 1; // allowed themes (change this from admin panel after installation) diff --git a/include/network.php b/include/network.php index fe502bdb5..de7069a6d 100644 --- a/include/network.php +++ b/include/network.php @@ -488,7 +488,7 @@ function validate_url($url) /// @TODO Really suppress function outcomes? Why not find them + debug them? $h = @parse_url($url); - if ((is_array($h)) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) { + if ((is_array($h)) && (@dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR) || filter_var($h['host'], FILTER_VALIDATE_IP) )) { return $url; } diff --git a/mod/admin.php b/mod/admin.php index eabbe36d3..9c286c11d 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -1336,7 +1336,7 @@ function admin_page_site(App $a) '$relocate_url' => ['relocate_url', t("New base url"), System::baseUrl(), t("Change base url for this server. Sends relocate message to all Friendica and Diaspora* contacts of all users.")], - '$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), ["Disabled", "RINO1 (deprecated)", "RINO2"]], + '$rino' => ['rino', t("RINO Encryption"), intval(Config::get('system','rino_encrypt')), t("Encryption layer between nodes."), [0 => "Disabled", 1 => "Enabled"]], '$worker_queues' => ['worker_queues', t("Maximum number of parallel workers"), Config::get('system','worker_queues'), t("On shared hosters set this to 2. On larger systems, values of 10 are great. Default value is 4.")], '$worker_dont_fork' => ['worker_dont_fork', t("Don't use 'proc_open' with the worker"), Config::get('system','worker_dont_fork'), t("Enable this if your system doesn't allow the use of 'proc_open'. This can happen on shared hosters. If this is enabled you should increase the frequency of worker calls in your crontab.")], diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index b81f26db9..8903d66e3 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -143,7 +143,7 @@ function dfrn_notify_post(App $a) { // if local rino is lower than remote rino, abort: should not happen! // but only for $remote_rino > 1, because old code did't send rino version - if ($rino_remote_version > 1 && $rino < $rino_remote) { + if ($rino_remote > 1 && $rino < $rino_remote) { logger("rino version '$rino_remote' is lower than supported '$rino'"); xml_status(0, "rino version '$rino_remote' is lower than supported '$rino'"); } @@ -166,44 +166,18 @@ function dfrn_notify_post(App $a) { } } - #logger('rino: received key : ' . $final_key); - switch($rino_remote) { case 0: case 1: - /* - *we got a key. old code send only the key, without RINO version. - * we assume RINO 1 if key and no RINO version - */ + // we got a key. old code send only the key, without RINO version. + // we assume RINO 1 if key and no RINO version $data = DFRN::aesDecrypt(hex2bin($data), $final_key); break; - case 2: - try { - $data = \Crypto::decrypt(hex2bin($data), $final_key); - } catch (\InvalidCiphertextException $ex) { // VERY IMPORTANT - /* - * Either: - * 1. The ciphertext was modified by the attacker, - * 2. The key is wrong, or - * 3. $ciphertext is not a valid ciphertext or was corrupted. - * Assume the worst. - */ - logger('The ciphertext has been tampered with!'); - xml_status(0, 'The ciphertext has been tampered with!'); - } catch (\CryptoTestFailedException $ex) { - logger('Cannot safely perform dencryption'); - xml_status(0, 'CryptoTestFailed'); - } catch (\CannotPerformOperationException $ex) { - logger('Cannot safely perform decryption'); - xml_status(0, 'Cannot safely perform decryption'); - } - break; default: logger("rino: invalid sent version '$rino_remote'"); xml_status(0, "Invalid sent version '$rino_remote'"); } - logger('rino: decrypted data: ' . $data, LOGGER_DATA); } diff --git a/mod/install.php b/mod/install.php index 2989f7fbe..b39e7c949 100644 --- a/mod/install.php +++ b/mod/install.php @@ -63,7 +63,7 @@ function install_post(App $a) { $timezone = notags(trim($_POST['timezone'])); $language = notags(trim($_POST['language'])); $adminmail = notags(trim($_POST['adminmail'])); - $rino = 2; + $rino = 1; // connect to db dba::connect($dbhost, $dbuser, $dbpass, $dbdata, true); diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index c05b5b3d6..0d92d598c 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -22,11 +22,14 @@ use Friendica\Model\Term; use Friendica\Model\User; use Friendica\Object\Image; use Friendica\Protocol\OStatus; +use Friendica\Util\Crypto; use Friendica\Util\XML; use dba; use DOMDocument; use DOMXPath; +use HTMLPurifier; +use HTMLPurifier_Config; require_once 'boot.php'; require_once 'include/dba.php'; @@ -1291,31 +1294,9 @@ class DFRN switch ($rino_remote_version) { case 1: - // Deprecated rino version! $key = openssl_random_pseudo_bytes(16); $data = self::aesEncrypt($postvars['data'], $key); break; - case 2: - // RINO 2 based on php-encryption - try { - $key = \Crypto::CreateNewRandomKey(); - } catch (\CryptoTestFailedException $ex) { - logger('Cannot safely create a key'); - return -4; - } catch (\CannotPerformOperationException $ex) { - logger('Cannot safely create a key'); - return -5; - } - try { - $data = \Crypto::Encrypt($postvars['data'], $key); - } catch (\CryptoTestFailedException $ex) { - logger('Cannot safely perform encryption'); - return -6; - } catch (\CannotPerformOperationException $ex) { - logger('Cannot safely perform encryption'); - return -7; - } - break; default: logger("rino: invalid requested version '$rino_remote_version'"); return -8; @@ -1324,9 +1305,6 @@ class DFRN $postvars['rino'] = $rino_remote_version; $postvars['data'] = bin2hex($data); - //logger('rino: sent key = ' . $key, LOGGER_DEBUG); - - if ($dfrn_version >= 2.1) { if (($contact['duplex'] && strlen($contact['pubkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey'])) @@ -2177,8 +2155,6 @@ class DFRN * valid community action. Also forum_mode makes it valid for sure. * If neither, it's not. */ - - /// @TODO Maybe merge these if() blocks into one? if ($is_a_remote_action && $community && (!$r[0]["forum_mode"]) && (!$r[0]["wall"])) { $is_a_remote_action = false; logger("not a community action"); @@ -2380,21 +2356,12 @@ class DFRN $title = ""; foreach ($links as $link) { foreach ($link->attributes as $attributes) { - /// @TODO Rewrite these repeated (same) if () statements to a switch() - if ($attributes->name == "href") { - $href = $attributes->textContent; - } - if ($attributes->name == "rel") { - $rel = $attributes->textContent; - } - if ($attributes->name == "type") { - $type = $attributes->textContent; - } - if ($attributes->name == "length") { - $length = $attributes->textContent; - } - if ($attributes->name == "title") { - $title = $attributes->textContent; + switch ($attributes->name) { + case "href" : $href = $attributes->textContent; break; + case "rel" : $rel = $attributes->textContent; break; + case "type" : $type = $attributes->textContent; break; + case "length": $length = $attributes->textContent; break; + case "title" : $title = $attributes->textContent; break; } } if (($rel != "") && ($href != "")) { @@ -2489,13 +2456,13 @@ class DFRN $item['body'] = OEmbed::HTML2BBCode($item['body']); - $config = \HTMLPurifier_Config::createDefault(); + $config = HTMLPurifier_Config::createDefault(); $config->set('Cache.DefinitionImpl', null); // we shouldn't need a whitelist, because the bbcode converter // will strip out any unsupported tags. - $purifier = new \HTMLPurifier($config); + $purifier = new HTMLPurifier($config); $item['body'] = $purifier->purify($item['body']); $item['body'] = @html2bbcode($item['body']); @@ -2645,16 +2612,6 @@ class DFRN if (($item["network"] != $author["network"]) && ($author["network"] != "")) { $item["network"] = $author["network"]; } - - /// @TODO maybe remove this old-lost code then? - // This code was taken from the old DFRN code - // When activated, forums don't work. - // And: Why should we disallow commenting by followers? - // the behaviour is now similar to the Diaspora part. - //if ($importer["rel"] == CONTACT_IS_FOLLOWER) { - // logger("Contact ".$importer["id"]." is only follower. Quitting", LOGGER_DEBUG); - // return; - //} } if ($entrytype == DFRN_REPLY_RC) { @@ -2671,13 +2628,12 @@ class DFRN $ev = bbtoevent($item["body"]); if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) { logger("Event in item ".$item["uri"]." was found.", LOGGER_DEBUG); - /// @TODO Mixure of "/' ahead ... - $ev["cid"] = $importer["id"]; - $ev["uid"] = $importer["uid"]; - $ev["uri"] = $item["uri"]; - $ev["edited"] = $item["edited"]; - $ev['private'] = $item['private']; - $ev["guid"] = $item["guid"]; + $ev["cid"] = $importer["id"]; + $ev["uid"] = $importer["uid"]; + $ev["uri"] = $item["uri"]; + $ev["edited"] = $item["edited"]; + $ev["private"] = $item["private"]; + $ev["guid"] = $item["guid"]; $r = q( "SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", diff --git a/util/htconfig.vagrant.php b/util/htconfig.vagrant.php index cc4ade758..d5cb23357 100644 --- a/util/htconfig.vagrant.php +++ b/util/htconfig.vagrant.php @@ -49,10 +49,9 @@ $a->config['php_path'] = '/usr/bin/php'; // Server-to-server private message encryption (RINO) is allowed by default. -// Encryption will only be provided if this setting is true and the -// PHP mcrypt extension is installed on both systems +// set to 0 to disable, 1 to enable -$a->config['system']['rino_encrypt'] = true; +$a->config['system']['rino_encrypt'] = 1; // default system theme diff --git a/view/templates/htconfig.tpl b/view/templates/htconfig.tpl index f9771c88d..1ecd9a2b4 100644 --- a/view/templates/htconfig.tpl +++ b/view/templates/htconfig.tpl @@ -78,8 +78,7 @@ $a->config['max_import_size'] = 200000; $a->config['system']['maximagesize'] = 800000; // Server-to-server private message encryption (RINO) is allowed by default. -// Encryption will only be provided if this setting is set to a non zero value -// set to 0 to disable, 2 to enable, 1 is deprecated +// set to 0 to disable, 1 to enable $a->config['system']['rino_encrypt'] = {{$rino}};