]> git.wh0rd.org Git - tt-rss.git/commitdiff
remove FEED_CRYPT_KEY and everything related to it
authorAndrew Dolgov <noreply@fakecake.org>
Mon, 13 Aug 2018 12:59:24 +0000 (15:59 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Mon, 13 Aug 2018 12:59:24 +0000 (15:59 +0300)
always assume auth_pass_encrypted is false

classes/pref/feeds.php
classes/rssutils.php
config.php-dist [changed mode: 0644->0755]
include/crypt.php [deleted file]
include/sanity_check.php
include/sanity_config.php
update.php

index 459fbbe2ac05e47943816ed99011d47cdf43f4e3..4c9574cd26ae8769f95fc09d7613ab76bbcb070c 100755 (executable)
@@ -513,8 +513,6 @@ class Pref_Feeds extends Handler_Protected {
                        print '<div dojoType="dijit.layout.TabContainer" style="height : 450px">
                        <div dojoType="dijit.layout.ContentPane" title="'.__('General').'">';
 
-                       $auth_pass_encrypted = $row["auth_pass_encrypted"];
-
                        $title = htmlspecialchars($row["title"]);
 
                        print_hidden("id", "$feed_id");
@@ -615,14 +613,8 @@ class Pref_Feeds extends Handler_Protected {
                        print "</div>";
 
                        $auth_login = htmlspecialchars($row["auth_login"]);
-                       $auth_pass = $row["auth_pass"];
-
-                       if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
-                               require_once "crypt.php";
-                               $auth_pass = decrypt_string($auth_pass);
-                       }
+                       $auth_pass = htmlspecialchars($row["auth_pass"]);
 
-                       $auth_pass = htmlspecialchars($auth_pass);
                        $auth_enabled = $auth_login !== '' || $auth_pass !== '';
 
                        $auth_style = $auth_enabled ? '' : 'display: none';
index af5fd057ce33278a0d1988a88a5dd0f9a116f93e..bd20a6b480154195fa116502e1a396a168ca2cdd 100755 (executable)
@@ -218,24 +218,15 @@ class RSSUtils {
 
                $pdo = Db::pdo();
 
-               $sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login,auth_pass_encrypted
+               $sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login
                                FROM ttrss_feeds WHERE id = ?");
                $sth->execute([$feed]);
 
                if ($row = $sth->fetch()) {
 
                        $owner_uid = $row["owner_uid"];
-
-                       $auth_pass_encrypted = $row["auth_pass_encrypted"];
-
                        $auth_login = $row["auth_login"];
                        $auth_pass = $row["auth_pass"];
-
-                       if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
-                               require_once "crypt.php";
-                               $auth_pass = decrypt_string($auth_pass);
-                       }
-
                        $fetch_url = $row["feed_url"];
 
                        $pluginhost = new PluginHost();
@@ -347,7 +338,6 @@ class RSSUtils {
 
                        $owner_uid = $row["owner_uid"];
                        $mark_unread_on_update = $row["mark_unread_on_update"];
-                       $auth_pass_encrypted = $row["auth_pass_encrypted"];
 
                        $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_update_started = NOW()
                                WHERE id = ?");
@@ -355,16 +345,11 @@ class RSSUtils {
 
                        $auth_login = $row["auth_login"];
                        $auth_pass = $row["auth_pass"];
-
-                       if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
-                               require_once "crypt.php";
-                               $auth_pass = decrypt_string($auth_pass);
-                       }
-
                        $stored_last_modified = $row["last_modified"];
                        $last_unconditional = $row["last_unconditional"];
                        $cache_images = $row["cache_images"];
                        $fetch_url = $row["feed_url"];
+
                        $feed_language = mb_strtolower($row["feed_language"]);
                        if (!$feed_language) $feed_language = 'english';
 
old mode 100644 (file)
new mode 100755 (executable)
index 7a076d9..7821fe2
        // You need to set this option correctly otherwise several features
        // including PUSH, bookmarklets and browser integration will not work properly.
 
-       define('FEED_CRYPT_KEY', '');
-       // WARNING: mcrypt is deprecated in php 7.1. This directive exists for backwards
-       // compatibility with existing installs, new passwords are NOT going to be encrypted.
-       // Use update.php --decrypt-feeds to decrypt existing passwords in the database while
-       // mcrypt is still available.
-
        // Key used for encryption of passwords for password-protected feeds
        // in the database. A string of 24 random characters. If left blank, encryption
        // is not used. Requires mcrypt functions.
diff --git a/include/crypt.php b/include/crypt.php
deleted file mode 100644 (file)
index 3e26dfd..0000000
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-       function decrypt_string($str) {
-               $pair = explode(":", $str);
-
-               if (count($pair) == 2) {
-                       @$iv = base64_decode($pair[0]);
-                       @$encstr = base64_decode($pair[1]);
-
-                       if ($iv && $encstr) {
-                               $key = hash('SHA256', FEED_CRYPT_KEY, true);
-
-                               $str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $encstr,
-                                       MCRYPT_MODE_CBC, $iv);
-
-                               if ($str) return rtrim($str);
-                       }
-               }
-
-               return false;
-       }
\ No newline at end of file
index 94578b4040c495c604bd52eb7093b6c5e4d4e490..5166adee0116f2348e93fbe00141f6d43b05d8a2 100755 (executable)
                                array_push($errors, "Javascript cache is not writable (chmod -R 777 ".CACHE_DIR."/js)");
                        }
 
-                       if (strlen(FEED_CRYPT_KEY) > 0 && strlen(FEED_CRYPT_KEY) != 24) {
-                               array_push($errors, "FEED_CRYPT_KEY should be exactly 24 characters in length.");
-                       }
-
-                       if (strlen(FEED_CRYPT_KEY) > 0 && !function_exists("mcrypt_decrypt")) {
-                               array_push($errors, "FEED_CRYPT_KEY requires mcrypt functions which are not found.");
-                       }
-
                        if (GENERATED_CONFIG_CHECK != EXPECTED_CONFIG_VERSION) {
                                array_push($errors,
                                        "Configuration option checker sanity_config.php is outdated, please recreate it using ./utils/regen_config_checks.sh");
index 0e9944361d88ac06f66129ba8b139f878190ae59..d9ae18a8bde8890b2f176a0193c2ac56737b78f1 100644 (file)
@@ -1,3 +1,3 @@
-<?php # This file has been generated at:  Tue, May 16, 2017 10:37:57 AM
+<?php # This file has been generated at:  Mon Aug 13 15:48:51 MSK 2018
 define('GENERATED_CONFIG_CHECK', 26);
-$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?>
+$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?>
index 553175c8cea7f3983f316422709d61a7775284a1..2abb756bafe958c9ca4b309f684ce3aed2576988 100755 (executable)
                exit($rc);
        }
 
-       if (isset($options["decrypt-feeds"])) {
-
-               if (!function_exists("mcrypt_decrypt")) {
-                       _debug("mcrypt functions not available.");
-                       return;
-               }
-
-               $res = $pdo->query("SELECT id, auth_pass FROM ttrss_feeds WHERE auth_pass_encrypted = true");
-
-               require_once "crypt.php";
-
-               $total = 0;
-
-               $pdo->beginTransaction();
-
-               $usth = $pdo->prepare("UPDATE ttrss_feeds SET auth_pass_encrypted = false, auth_pass = ?
-                               WHERE id = ?");
-
-               while ($line = $res->fetch()) {
-                       _debug("processing feed id " . $line["id"]);
-
-                       $auth_pass = decrypt_string($line["auth_pass"]);
-
-                       $usth->execute([$auth_pass, $line['id']]);
-
-                       ++$total;
-               }
-
-               $pdo->commit();
-
-               _debug("$total feeds processed.");
-       }
-
        PluginHost::getInstance()->run_commands($options);
 
        if (file_exists(LOCK_DIRECTORY . "/$lock_filename"))