remove FEED_CRYPT_KEY and everything related to it

always assume auth_pass_encrypted is false
This commit is contained in:
Andrew Dolgov 2018-08-13 15:59:24 +03:00
parent eb43d9f4a8
commit 069aea5989
7 changed files with 5 additions and 95 deletions

View File

@ -513,8 +513,6 @@ class Pref_Feeds extends Handler_Protected {
print '<div dojoType="dijit.layout.TabContainer" style="height : 450px"> print '<div dojoType="dijit.layout.TabContainer" style="height : 450px">
<div dojoType="dijit.layout.ContentPane" title="'.__('General').'">'; <div dojoType="dijit.layout.ContentPane" title="'.__('General').'">';
$auth_pass_encrypted = $row["auth_pass_encrypted"];
$title = htmlspecialchars($row["title"]); $title = htmlspecialchars($row["title"]);
print_hidden("id", "$feed_id"); print_hidden("id", "$feed_id");
@ -615,14 +613,8 @@ class Pref_Feeds extends Handler_Protected {
print "</div>"; print "</div>";
$auth_login = htmlspecialchars($row["auth_login"]); $auth_login = htmlspecialchars($row["auth_login"]);
$auth_pass = $row["auth_pass"]; $auth_pass = htmlspecialchars($row["auth_pass"]);
if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
require_once "crypt.php";
$auth_pass = decrypt_string($auth_pass);
}
$auth_pass = htmlspecialchars($auth_pass);
$auth_enabled = $auth_login !== '' || $auth_pass !== ''; $auth_enabled = $auth_login !== '' || $auth_pass !== '';
$auth_style = $auth_enabled ? '' : 'display: none'; $auth_style = $auth_enabled ? '' : 'display: none';

View File

@ -218,24 +218,15 @@ class RSSUtils {
$pdo = Db::pdo(); $pdo = Db::pdo();
$sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login,auth_pass_encrypted $sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login
FROM ttrss_feeds WHERE id = ?"); FROM ttrss_feeds WHERE id = ?");
$sth->execute([$feed]); $sth->execute([$feed]);
if ($row = $sth->fetch()) { if ($row = $sth->fetch()) {
$owner_uid = $row["owner_uid"]; $owner_uid = $row["owner_uid"];
$auth_pass_encrypted = $row["auth_pass_encrypted"];
$auth_login = $row["auth_login"]; $auth_login = $row["auth_login"];
$auth_pass = $row["auth_pass"]; $auth_pass = $row["auth_pass"];
if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
require_once "crypt.php";
$auth_pass = decrypt_string($auth_pass);
}
$fetch_url = $row["feed_url"]; $fetch_url = $row["feed_url"];
$pluginhost = new PluginHost(); $pluginhost = new PluginHost();
@ -347,7 +338,6 @@ class RSSUtils {
$owner_uid = $row["owner_uid"]; $owner_uid = $row["owner_uid"];
$mark_unread_on_update = $row["mark_unread_on_update"]; $mark_unread_on_update = $row["mark_unread_on_update"];
$auth_pass_encrypted = $row["auth_pass_encrypted"];
$sth = $pdo->prepare("UPDATE ttrss_feeds SET last_update_started = NOW() $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_update_started = NOW()
WHERE id = ?"); WHERE id = ?");
@ -355,16 +345,11 @@ class RSSUtils {
$auth_login = $row["auth_login"]; $auth_login = $row["auth_login"];
$auth_pass = $row["auth_pass"]; $auth_pass = $row["auth_pass"];
if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
require_once "crypt.php";
$auth_pass = decrypt_string($auth_pass);
}
$stored_last_modified = $row["last_modified"]; $stored_last_modified = $row["last_modified"];
$last_unconditional = $row["last_unconditional"]; $last_unconditional = $row["last_unconditional"];
$cache_images = $row["cache_images"]; $cache_images = $row["cache_images"];
$fetch_url = $row["feed_url"]; $fetch_url = $row["feed_url"];
$feed_language = mb_strtolower($row["feed_language"]); $feed_language = mb_strtolower($row["feed_language"]);
if (!$feed_language) $feed_language = 'english'; if (!$feed_language) $feed_language = 'english';

6
config.php-dist Normal file → Executable file
View File

@ -24,12 +24,6 @@
// You need to set this option correctly otherwise several features // You need to set this option correctly otherwise several features
// including PUSH, bookmarklets and browser integration will not work properly. // including PUSH, bookmarklets and browser integration will not work properly.
define('FEED_CRYPT_KEY', '');
// WARNING: mcrypt is deprecated in php 7.1. This directive exists for backwards
// compatibility with existing installs, new passwords are NOT going to be encrypted.
// Use update.php --decrypt-feeds to decrypt existing passwords in the database while
// mcrypt is still available.
// Key used for encryption of passwords for password-protected feeds // Key used for encryption of passwords for password-protected feeds
// in the database. A string of 24 random characters. If left blank, encryption // in the database. A string of 24 random characters. If left blank, encryption
// is not used. Requires mcrypt functions. // is not used. Requires mcrypt functions.

View File

@ -1,20 +0,0 @@
<?php
function decrypt_string($str) {
$pair = explode(":", $str);
if (count($pair) == 2) {
@$iv = base64_decode($pair[0]);
@$encstr = base64_decode($pair[1]);
if ($iv && $encstr) {
$key = hash('SHA256', FEED_CRYPT_KEY, true);
$str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $encstr,
MCRYPT_MODE_CBC, $iv);
if ($str) return rtrim($str);
}
}
return false;
}

View File

@ -70,14 +70,6 @@
array_push($errors, "Javascript cache is not writable (chmod -R 777 ".CACHE_DIR."/js)"); array_push($errors, "Javascript cache is not writable (chmod -R 777 ".CACHE_DIR."/js)");
} }
if (strlen(FEED_CRYPT_KEY) > 0 && strlen(FEED_CRYPT_KEY) != 24) {
array_push($errors, "FEED_CRYPT_KEY should be exactly 24 characters in length.");
}
if (strlen(FEED_CRYPT_KEY) > 0 && !function_exists("mcrypt_decrypt")) {
array_push($errors, "FEED_CRYPT_KEY requires mcrypt functions which are not found.");
}
if (GENERATED_CONFIG_CHECK != EXPECTED_CONFIG_VERSION) { if (GENERATED_CONFIG_CHECK != EXPECTED_CONFIG_VERSION) {
array_push($errors, array_push($errors,
"Configuration option checker sanity_config.php is outdated, please recreate it using ./utils/regen_config_checks.sh"); "Configuration option checker sanity_config.php is outdated, please recreate it using ./utils/regen_config_checks.sh");

View File

@ -1,3 +1,3 @@
<?php # This file has been generated at: Tue, May 16, 2017 10:37:57 AM <?php # This file has been generated at: Mon Aug 13 15:48:51 MSK 2018
define('GENERATED_CONFIG_CHECK', 26); define('GENERATED_CONFIG_CHECK', 26);
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?> $requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?>

View File

@ -417,39 +417,6 @@
exit($rc); exit($rc);
} }
if (isset($options["decrypt-feeds"])) {
if (!function_exists("mcrypt_decrypt")) {
_debug("mcrypt functions not available.");
return;
}
$res = $pdo->query("SELECT id, auth_pass FROM ttrss_feeds WHERE auth_pass_encrypted = true");
require_once "crypt.php";
$total = 0;
$pdo->beginTransaction();
$usth = $pdo->prepare("UPDATE ttrss_feeds SET auth_pass_encrypted = false, auth_pass = ?
WHERE id = ?");
while ($line = $res->fetch()) {
_debug("processing feed id " . $line["id"]);
$auth_pass = decrypt_string($line["auth_pass"]);
$usth->execute([$auth_pass, $line['id']]);
++$total;
}
$pdo->commit();
_debug("$total feeds processed.");
}
PluginHost::getInstance()->run_commands($options); PluginHost::getInstance()->run_commands($options);
if (file_exists(LOCK_DIRECTORY . "/$lock_filename")) if (file_exists(LOCK_DIRECTORY . "/$lock_filename"))