remove FEED_CRYPT_KEY and everything related to it
always assume auth_pass_encrypted is false
This commit is contained in:
Andrew Dolgov
parent
eb43d9f4a8
commit
069aea5989
|
|
@ -513,8 +513,6 @@ class Pref_Feeds extends Handler_Protected {
|
|||
print '<div dojoType="dijit.layout.TabContainer" style="height : 450px">
|
||||
<div dojoType="dijit.layout.ContentPane" title="'.__('General').'">';
|
||||
|
||||
$auth_pass_encrypted = $row["auth_pass_encrypted"];
|
||||
|
||||
$title = htmlspecialchars($row["title"]);
|
||||
|
||||
print_hidden("id", "$feed_id");
|
||||
|
|
@ -615,14 +613,8 @@ class Pref_Feeds extends Handler_Protected {
|
|||
print "</div>";
|
||||
|
||||
$auth_login = htmlspecialchars($row["auth_login"]);
|
||||
$auth_pass = $row["auth_pass"];
|
||||
$auth_pass = htmlspecialchars($row["auth_pass"]);
|
||||
|
||||
if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
|
||||
require_once "crypt.php";
|
||||
$auth_pass = decrypt_string($auth_pass);
|
||||
}
|
||||
|
||||
$auth_pass = htmlspecialchars($auth_pass);
|
||||
$auth_enabled = $auth_login !== '' || $auth_pass !== '';
|
||||
|
||||
$auth_style = $auth_enabled ? '' : 'display: none';
|
||||
|
|
|
|||
|
|
@ -218,24 +218,15 @@ class RSSUtils {
|
|||
|
||||
$pdo = Db::pdo();
|
||||
|
||||
$sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login,auth_pass_encrypted
|
||||
$sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login
|
||||
FROM ttrss_feeds WHERE id = ?");
|
||||
$sth->execute([$feed]);
|
||||
|
||||
if ($row = $sth->fetch()) {
|
||||
|
||||
$owner_uid = $row["owner_uid"];
|
||||
|
||||
$auth_pass_encrypted = $row["auth_pass_encrypted"];
|
||||
|
||||
$auth_login = $row["auth_login"];
|
||||
$auth_pass = $row["auth_pass"];
|
||||
|
||||
if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
|
||||
require_once "crypt.php";
|
||||
$auth_pass = decrypt_string($auth_pass);
|
||||
}
|
||||
|
||||
$fetch_url = $row["feed_url"];
|
||||
|
||||
$pluginhost = new PluginHost();
|
||||
|
|
@ -347,7 +338,6 @@ class RSSUtils {
|
|||
|
||||
$owner_uid = $row["owner_uid"];
|
||||
$mark_unread_on_update = $row["mark_unread_on_update"];
|
||||
$auth_pass_encrypted = $row["auth_pass_encrypted"];
|
||||
|
||||
$sth = $pdo->prepare("UPDATE ttrss_feeds SET last_update_started = NOW()
|
||||
WHERE id = ?");
|
||||
|
|
@ -355,16 +345,11 @@ class RSSUtils {
|
|||
|
||||
$auth_login = $row["auth_login"];
|
||||
$auth_pass = $row["auth_pass"];
|
||||
|
||||
if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
|
||||
require_once "crypt.php";
|
||||
$auth_pass = decrypt_string($auth_pass);
|
||||
}
|
||||
|
||||
$stored_last_modified = $row["last_modified"];
|
||||
$last_unconditional = $row["last_unconditional"];
|
||||
$cache_images = $row["cache_images"];
|
||||
$fetch_url = $row["feed_url"];
|
||||
|
||||
$feed_language = mb_strtolower($row["feed_language"]);
|
||||
if (!$feed_language) $feed_language = 'english';
|
||||
|
||||
|
|
|
|||
|
|
@ -24,12 +24,6 @@
|
|||
// You need to set this option correctly otherwise several features
|
||||
// including PUSH, bookmarklets and browser integration will not work properly.
|
||||
|
||||
define('FEED_CRYPT_KEY', '');
|
||||
// WARNING: mcrypt is deprecated in php 7.1. This directive exists for backwards
|
||||
// compatibility with existing installs, new passwords are NOT going to be encrypted.
|
||||
// Use update.php --decrypt-feeds to decrypt existing passwords in the database while
|
||||
// mcrypt is still available.
|
||||
|
||||
// Key used for encryption of passwords for password-protected feeds
|
||||
// in the database. A string of 24 random characters. If left blank, encryption
|
||||
// is not used. Requires mcrypt functions.
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
<?php
|
||||
function decrypt_string($str) {
|
||||
$pair = explode(":", $str);
|
||||
|
||||
if (count($pair) == 2) {
|
||||
@$iv = base64_decode($pair[0]);
|
||||
@$encstr = base64_decode($pair[1]);
|
||||
|
||||
if ($iv && $encstr) {
|
||||
$key = hash('SHA256', FEED_CRYPT_KEY, true);
|
||||
|
||||
$str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $encstr,
|
||||
MCRYPT_MODE_CBC, $iv);
|
||||
|
||||
if ($str) return rtrim($str);
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
|
@ -70,14 +70,6 @@
|
|||
array_push($errors, "Javascript cache is not writable (chmod -R 777 ".CACHE_DIR."/js)");
|
||||
}
|
||||
|
||||
if (strlen(FEED_CRYPT_KEY) > 0 && strlen(FEED_CRYPT_KEY) != 24) {
|
||||
array_push($errors, "FEED_CRYPT_KEY should be exactly 24 characters in length.");
|
||||
}
|
||||
|
||||
if (strlen(FEED_CRYPT_KEY) > 0 && !function_exists("mcrypt_decrypt")) {
|
||||
array_push($errors, "FEED_CRYPT_KEY requires mcrypt functions which are not found.");
|
||||
}
|
||||
|
||||
if (GENERATED_CONFIG_CHECK != EXPECTED_CONFIG_VERSION) {
|
||||
array_push($errors,
|
||||
"Configuration option checker sanity_config.php is outdated, please recreate it using ./utils/regen_config_checks.sh");
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
<?php # This file has been generated at: Tue, May 16, 2017 10:37:57 AM
|
||||
<?php # This file has been generated at: Mon Aug 13 15:48:51 MSK 2018
|
||||
define('GENERATED_CONFIG_CHECK', 26);
|
||||
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?>
|
||||
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?>
|
||||
|
|
|
|||
33
update.php
33
update.php
|
|
@ -417,39 +417,6 @@
|
|||
exit($rc);
|
||||
}
|
||||
|
||||
if (isset($options["decrypt-feeds"])) {
|
||||
|
||||
if (!function_exists("mcrypt_decrypt")) {
|
||||
_debug("mcrypt functions not available.");
|
||||
return;
|
||||
}
|
||||
|
||||
$res = $pdo->query("SELECT id, auth_pass FROM ttrss_feeds WHERE auth_pass_encrypted = true");
|
||||
|
||||
require_once "crypt.php";
|
||||
|
||||
$total = 0;
|
||||
|
||||
$pdo->beginTransaction();
|
||||
|
||||
$usth = $pdo->prepare("UPDATE ttrss_feeds SET auth_pass_encrypted = false, auth_pass = ?
|
||||
WHERE id = ?");
|
||||
|
||||
while ($line = $res->fetch()) {
|
||||
_debug("processing feed id " . $line["id"]);
|
||||
|
||||
$auth_pass = decrypt_string($line["auth_pass"]);
|
||||
|
||||
$usth->execute([$auth_pass, $line['id']]);
|
||||
|
||||
++$total;
|
||||
}
|
||||
|
||||
$pdo->commit();
|
||||
|
||||
_debug("$total feeds processed.");
|
||||
}
|
||||
|
||||
PluginHost::getInstance()->run_commands($options);
|
||||
|
||||
if (file_exists(LOCK_DIRECTORY . "/$lock_filename"))
|
||||
|
|
|
|||
Loading…
Reference in New Issue