Browse Source

remove FEED_CRYPT_KEY and everything related to it
always assume auth_pass_encrypted is false

Andrew Dolgov 2 years ago
parent
commit
069aea5989
7 changed files with 5 additions and 95 deletions
  1. 1 9
      classes/pref/feeds.php
  2. 2 17
      classes/rssutils.php
  3. 0 6
      config.php-dist
  4. 0 20
      include/crypt.php
  5. 0 8
      include/sanity_check.php
  6. 2 2
      include/sanity_config.php
  7. 0 33
      update.php

+ 1 - 9
classes/pref/feeds.php

@@ -513,8 +513,6 @@ class Pref_Feeds extends Handler_Protected {
 			print '<div dojoType="dijit.layout.TabContainer" style="height : 450px">
         		<div dojoType="dijit.layout.ContentPane" title="'.__('General').'">';
 
-			$auth_pass_encrypted = $row["auth_pass_encrypted"];
-
 			$title = htmlspecialchars($row["title"]);
 
 			print_hidden("id", "$feed_id");
@@ -615,14 +613,8 @@ class Pref_Feeds extends Handler_Protected {
 			print "</div>";
 
 			$auth_login = htmlspecialchars($row["auth_login"]);
-			$auth_pass = $row["auth_pass"];
-
-			if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
-				require_once "crypt.php";
-				$auth_pass = decrypt_string($auth_pass);
-			}
+			$auth_pass = htmlspecialchars($row["auth_pass"]);
 
-			$auth_pass = htmlspecialchars($auth_pass);
 			$auth_enabled = $auth_login !== '' || $auth_pass !== '';
 
 			$auth_style = $auth_enabled ? '' : 'display: none';

+ 2 - 17
classes/rssutils.php

@@ -218,24 +218,15 @@ class RSSUtils {
 
 		$pdo = Db::pdo();
 
-		$sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login,auth_pass_encrypted
+		$sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login
 				FROM ttrss_feeds WHERE id = ?");
 		$sth->execute([$feed]);
 
 		if ($row = $sth->fetch()) {
 
 			$owner_uid = $row["owner_uid"];
-
-			$auth_pass_encrypted = $row["auth_pass_encrypted"];
-
 			$auth_login = $row["auth_login"];
 			$auth_pass = $row["auth_pass"];
-
-			if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
-				require_once "crypt.php";
-				$auth_pass = decrypt_string($auth_pass);
-			}
-
 			$fetch_url = $row["feed_url"];
 
 			$pluginhost = new PluginHost();
@@ -347,7 +338,6 @@ class RSSUtils {
 
 			$owner_uid = $row["owner_uid"];
 			$mark_unread_on_update = $row["mark_unread_on_update"];
-			$auth_pass_encrypted = $row["auth_pass_encrypted"];
 
 			$sth = $pdo->prepare("UPDATE ttrss_feeds SET last_update_started = NOW()
 				WHERE id = ?");
@@ -355,16 +345,11 @@ class RSSUtils {
 
 			$auth_login = $row["auth_login"];
 			$auth_pass = $row["auth_pass"];
-
-			if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
-				require_once "crypt.php";
-				$auth_pass = decrypt_string($auth_pass);
-			}
-
 			$stored_last_modified = $row["last_modified"];
 			$last_unconditional = $row["last_unconditional"];
 			$cache_images = $row["cache_images"];
 			$fetch_url = $row["feed_url"];
+
 			$feed_language = mb_strtolower($row["feed_language"]);
 			if (!$feed_language) $feed_language = 'english';
 

+ 0 - 6
config.php-dist

@@ -24,12 +24,6 @@
 	// You need to set this option correctly otherwise several features
 	// including PUSH, bookmarklets and browser integration will not work properly.
 
-	define('FEED_CRYPT_KEY', '');
-	// WARNING: mcrypt is deprecated in php 7.1. This directive exists for backwards
-	// compatibility with existing installs, new passwords are NOT going to be encrypted.
-	// Use update.php --decrypt-feeds to decrypt existing passwords in the database while
-	// mcrypt is still available.
-
 	// Key used for encryption of passwords for password-protected feeds
 	// in the database. A string of 24 random characters. If left blank, encryption
 	// is not used. Requires mcrypt functions.

+ 0 - 20
include/crypt.php

@@ -1,20 +0,0 @@
-<?php
-	function decrypt_string($str) {
-		$pair = explode(":", $str);
-
-		if (count($pair) == 2) {
-			@$iv = base64_decode($pair[0]);
-			@$encstr = base64_decode($pair[1]);
-
-			if ($iv && $encstr) {
-				$key = hash('SHA256', FEED_CRYPT_KEY, true);
-
-				$str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $encstr,
-					MCRYPT_MODE_CBC, $iv);
-
-				if ($str) return rtrim($str);
-			}
-		}
-
-		return false;
-	}

+ 0 - 8
include/sanity_check.php

@@ -70,14 +70,6 @@
 				array_push($errors, "Javascript cache is not writable (chmod -R 777 ".CACHE_DIR."/js)");
 			}
 
-			if (strlen(FEED_CRYPT_KEY) > 0 && strlen(FEED_CRYPT_KEY) != 24) {
-				array_push($errors, "FEED_CRYPT_KEY should be exactly 24 characters in length.");
-			}
-
-			if (strlen(FEED_CRYPT_KEY) > 0 && !function_exists("mcrypt_decrypt")) {
-				array_push($errors, "FEED_CRYPT_KEY requires mcrypt functions which are not found.");
-			}
-
 			if (GENERATED_CONFIG_CHECK != EXPECTED_CONFIG_VERSION) {
 				array_push($errors,
 					"Configuration option checker sanity_config.php is outdated, please recreate it using ./utils/regen_config_checks.sh");

+ 2 - 2
include/sanity_config.php

@@ -1,3 +1,3 @@
-<?php # This file has been generated at:  Tue, May 16, 2017 10:37:57 AM
+<?php # This file has been generated at:  Mon Aug 13 15:48:51 MSK 2018
 define('GENERATED_CONFIG_CHECK', 26);
-$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?>
+$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?>

+ 0 - 33
update.php

@@ -417,39 +417,6 @@
 		exit($rc);
 	}
 
-	if (isset($options["decrypt-feeds"])) {
-
-		if (!function_exists("mcrypt_decrypt")) {
-			_debug("mcrypt functions not available.");
-			return;
-		}
-
-		$res = $pdo->query("SELECT id, auth_pass FROM ttrss_feeds WHERE auth_pass_encrypted = true");
-
-		require_once "crypt.php";
-
-		$total = 0;
-
-		$pdo->beginTransaction();
-
-		$usth = $pdo->prepare("UPDATE ttrss_feeds SET auth_pass_encrypted = false, auth_pass = ?
-				WHERE id = ?");
-
-		while ($line = $res->fetch()) {
-			_debug("processing feed id " . $line["id"]);
-
-			$auth_pass = decrypt_string($line["auth_pass"]);
-
-			$usth->execute([$auth_pass, $line['id']]);
-
-			++$total;
-		}
-
-		$pdo->commit();
-
-		_debug("$total feeds processed.");
-	}
-
 	PluginHost::getInstance()->run_commands($options);
 
 	if (file_exists(LOCK_DIRECTORY . "/$lock_filename"))