encrypt private messages on disk - there are still a couple of places where the text is leaked in the logs during processing.

include/items.php

@@ -599,6 +599,14 @@ function encode_item($item) {
 	$scope = map_scope($public_scope);
 	$c_scope = map_scope($comment_scope);
 
+	if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
+		$key = get_config('system','prvkey');
+		if($item['title'])
+			$item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key);
+		if($item['body'])
+			$item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key);
+	}
+
 	if($item['item_restrict']  & ITEM_DELETED) {
 		$x['message_id'] = $item['mid'];
 		$x['created']    = $item['created'];
@@ -1553,7 +1561,7 @@ function item_store($arr,$force_parent = false) {
  	if(strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid))
 		$private = 1;
 	else
-		$private = $arr['private']; 
+		$private = $arr['item_private']; 
 
 	// Set parent id - and also make sure to inherit the parent's ACL's.
 
@@ -1574,7 +1582,7 @@ function item_store($arr,$force_parent = false) {
 	$arr['allow_gid'] = $allow_gid;
 	$arr['deny_cid']  = $deny_cid;
 	$arr['deny_gid']  = $deny_gid;
-	$arr['private']   = $private;
+	$arr['item_private']   = $private;
 	
 	// Store taxonomy
 

include/text.php

@@ -980,8 +980,19 @@ function link_compare($a,$b) {
 function prepare_body($item,$attach = false) {
 
 	$a = get_app();
+
+
+
 	call_hooks('prepare_body_init', $item); 
 
+	if(array_key_exists('item_flags',$item) && ($item['item_flags'] & ITEM_OBSCURED)) {
+		$key = get_config('system','prvkey');
+		if($item['title'])
+			$item['title'] = aes_unencapsulate(json_decode($item['title'],true),$key);
+		if($item['body'])
+			$item['body'] = aes_unencapsulate(json_decode($item['body'],true),$key);
+	}
+
 	$s = prepare_text($item['body'],$item['mimetype']);
 
 	$prep_arr = array('item' => $item, 'html' => $s);
@@ -992,6 +1003,7 @@ function prepare_body($item,$attach = false) {
 		return $s;
 	}
 
+
 	$arr = json_decode($item['attach'],true);
 	if(count($arr)) {
 		$s .= '<div class="body-attach">';

include/zot.php

@@ -770,8 +770,6 @@ function zot_fetch($arr) {
 
 function zot_import($arr) {
 
-//	logger('zot_import: ' . print_r($arr,true), LOGGER_DATA);
-
 	$data = json_decode($arr['body'],true);
 
 	if(! $data) {
@@ -783,8 +781,6 @@ function zot_import($arr) {
 		$data = json_decode(aes_unencapsulate($data,get_config('system','prvkey')),true);
     }
 
-	logger('zot_import: data' . print_r($data,true), LOGGER_DATA);
-
 	$incoming = $data['pickup'];
 
 	$return = array();
@@ -837,6 +833,21 @@ function zot_import($arr) {
 			if($i['message']) { 
 				if($i['message']['type'] === 'activity') {
 					$arr = get_item_elements($i['message']);
+
+					// if it's a private post, encrypt it in the DB.
+					// We have to do that here because we need to cleanse the input and prevent bad stuff from getting in,
+					// and we need plaintext to do that. 
+
+					if(array_key_exists('item_private',$arr) && intval($arr['item_private'])) {
+						logger('Encrypting local storage');
+						$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
+						$key = get_config('system','pubkey');
+						if($arr['title'])
+							$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
+						if($arr['body'])
+							$arr['body']  = json_encode(aes_encapsulate($arr['body'],$key));
+					}
+
 					if(! array_key_exists('created',$arr)) {
 						logger('Activity rejected: probable failure to lookup author/owner. ' . print_r($i['message'],true));
 						continue;
@@ -1565,7 +1576,7 @@ function build_sync_packet($uid = 0, $packet = null) {
 
 			// don't pass these elements, they should not be synchronised
 
-			$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey');
+			$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address');
 
 			if(in_array($k,$disallowed))
 				continue;
@@ -1636,7 +1647,7 @@ function process_channel_sync_delivery($sender,$arr,$deliveries) {
 		}
 
 		if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) {
-			$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey');
+			$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey', 'channel_address');
 
 			$clean = array();
 			foreach($arr['channel'] as $k => $v) {

mod/item.php

@@ -580,6 +580,19 @@ function item_post(&$a) {
 	}
 
 
+	if(array_key_exists('item_private',$datarray) && $datarray['item_private']) {
+		logger('Encrypting local storage');
+		$key = get_config('system','pubkey');
+		$datarray['item_flags'] = $datarray['item_flags'] | ITEM_OBSCURED;
+		if($datarray['title'])
+			$datarray['title'] = json_encode(aes_encapsulate($datarray['title'],$key));
+		if($datarray['body'])
+			$datarray['body']  = json_encode(aes_encapsulate($datarray['body'],$key));
+	}
+
+
+
+
 	if($orig_post) {
 		$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `attach` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
 			dbesc($datarray['title']),
@@ -602,6 +615,23 @@ function item_post(&$a) {
 		);
 
 
+		if(count($post_tags)) {
+			foreach($post_tags as $tag) {
+				if(strlen(trim($tag['term']))) {
+					q("insert into term (uid,oid,otype,type,term,url) values (%d,%d,%d,%d,'%s','%s')",
+						intval($tag['uid']),
+						intval($post_id),
+						intval($tag['otype']),
+						intval($tag['type']),
+						dbesc(trim($tag['term'])),
+						dbesc(trim($tag['url']))
+					);
+				}
+			}
+		}
+
+
+
 		proc_run('php', "include/notifier.php", 'edit_post', $post_id);
 		if((x($_REQUEST,'return')) && strlen($return_path)) {
 			logger('return: ' . $return_path);