From fffbb3b789f037cd6f240e84a4edcf4641ae41a3 Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Wed, 20 Dec 2023 09:49:54 +1100 Subject: [PATCH] Change default settings for more privacy --- Code/Lib/Activity.php | 2 +- Code/Module/Admin/Security.php | 2 +- Code/Module/Album.php | 2 +- Code/Module/Channel.php | 7 ++++--- Code/Module/Item.php | 4 ++-- Code/Module/Lists.php | 2 +- Code/Module/New_channel.php | 4 ++-- Code/Module/Outbox.php | 2 +- Code/Module/Photo.php | 2 +- 9 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Code/Lib/Activity.php b/Code/Lib/Activity.php index 0b84e2b25..749259c8e 100644 --- a/Code/Lib/Activity.php +++ b/Code/Lib/Activity.php @@ -885,7 +885,7 @@ class Activity $activity['directMessage'] = true; } - $actor = self::encode_person(($item['author'], false); + $actor = self::encode_person($item['author'], false); if ($actor) { $activity['actor'] = $actor; } else { diff --git a/Code/Module/Admin/Security.php b/Code/Module/Admin/Security.php index 35044211c..f714cf408 100644 --- a/Code/Module/Admin/Security.php +++ b/Code/Module/Admin/Security.php @@ -151,7 +151,7 @@ class Security '$title' => t('Administration'), '$page' => t('Security'), '$form_security_token' => get_form_security_token('admin_security'), - '$require_authenticated_fetch' => ['require_authenticated_fetch', t('Require signed fetch requests'), Config::Get('system','require_authenticated_fetch'), ''], + '$require_authenticated_fetch' => ['require_authenticated_fetch', t('Require signed fetch requests'), Config::Get('system','require_authenticated_fetch', true), ''], '$accept_unsigned_relay' => ['accept_unsigned_relay', t('Accept unsigned relayed activities'), Config::Get('system','accept_unsigned_relay'),''], '$block_public_search' => array('block_public_search', t("Block public search"), get_config('system', 'block_public_search', 1), t("Prevent access to search content unless you are currently authenticated.")), '$block_public_dir' => ['block_public_directory', t('Block directory from visitors'), get_config('system', 'block_public_directory', true), t('Only allow authenticated access to directory.')], diff --git a/Code/Module/Album.php b/Code/Module/Album.php index 33f05901c..ac36b17ca 100644 --- a/Code/Module/Album.php +++ b/Code/Module/Album.php @@ -34,7 +34,7 @@ class Album extends Controller http_status_exit(403, 'Permission denied'); } observer_auth($portable_id); - } elseif (Config::get('system', 'require_authenticated_fetch', false)) { + } elseif (Config::Get('system', 'require_authenticated_fetch', true)) { http_status_exit(403, 'Permission denied'); } diff --git a/Code/Module/Channel.php b/Code/Module/Channel.php index 98ac1faa5..603634962 100644 --- a/Code/Module/Channel.php +++ b/Code/Module/Channel.php @@ -149,7 +149,7 @@ class Channel extends Controller observer_auth($portable_id); } - elseif (Config::Get('system', 'require_authenticated_fetch', false)) { + elseif (Config::Get('system', 'require_authenticated_fetch', true)) { http_status_exit(403, 'Permission denied'); } @@ -184,8 +184,9 @@ class Channel extends Controller if ($s && $s[0]['hubloc_sitekey'] && $s[0]['site_crypto']) { $data = json_encode(Crypto::encapsulate($data, $s[0]['hubloc_sitekey'], Libzot::best_algorithm($s[0]['site_crypto']))); } - } else { - if (Config::Get('system', 'require_authenticated_fetch', false)) { + } + else { + if (Config::Get('system', 'require_authenticated_fetch', true)) { http_status_exit(403, 'Permission denied'); } $data = json_encode(Libzot::zotinfo(['guid_hash' => $channel['channel_hash']])); diff --git a/Code/Module/Item.php b/Code/Module/Item.php index 392b726d7..74cac9ca0 100644 --- a/Code/Module/Item.php +++ b/Code/Module/Item.php @@ -99,7 +99,7 @@ class Item extends Controller dbesc($r[0]['parent_mid']), dbesc($portable_id) ); - } elseif (Config::Get('system', 'require_authenticated_fetch', false)) { + } elseif (Config::Get('system', 'require_authenticated_fetch', true)) { http_status_exit(403, 'Permission denied'); } // if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access @@ -249,7 +249,7 @@ class Item extends Controller dbesc($portable_id) ); } - elseif (Config::Get('system', 'require_authenticated_fetch', false)) { + elseif (Config::Get('system', 'require_authenticated_fetch', true)) { http_status_exit(403, 'Permission denied'); } diff --git a/Code/Module/Lists.php b/Code/Module/Lists.php index ee55675df..54e9f5294 100644 --- a/Code/Module/Lists.php +++ b/Code/Module/Lists.php @@ -56,7 +56,7 @@ class Lists extends Controller http_status_exit(403, 'Permission denied'); } observer_auth($portable_id); - } elseif (Config::Get('system', 'require_authenticated_fetch')) { + } elseif (Config::Get('system', 'require_authenticated_fetch', true)) { http_status_exit(403, 'Permission denied'); } diff --git a/Code/Module/New_channel.php b/Code/Module/New_channel.php index 7d071ec6d..309345297 100644 --- a/Code/Module/New_channel.php +++ b/Code/Module/New_channel.php @@ -155,7 +155,7 @@ class New_channel extends Controller intval($aid) ); if ($r && (!intval($r[0]['total']))) { - $default_role = get_config('system', 'default_permissions_role', 'social'); + $default_role = get_config('system', 'default_permissions_role', 'social_restricted'); } $limit = ServiceClass::account_fetch(get_account_id(), 'total_identities'); @@ -187,7 +187,7 @@ class New_channel extends Controller $name = ['name', t('Channel name'), ((x($_REQUEST, 'name')) ? $_REQUEST['name'] : ''), $name_help, "*"]; $nickname = ['nickname', t('Choose a short nickname'), ((x($_REQUEST, 'nickname')) ? $_REQUEST['nickname'] : ''), $nick_help, "*"]; - $role = ['permissions_role', t('Channel role and privacy'), ($privacy_role) ?: 'social', t('Select a channel permission role compatible with your usage needs and privacy requirements.'), $perm_roles]; + $role = ['permissions_role', t('Channel role and privacy'), ($privacy_role) ?: 'social_restricted', t('Select a channel permission role compatible with your usage needs and privacy requirements.'), $perm_roles]; return replace_macros(Theme::get_template('new_channel.tpl'), [ '$title' => t('Create a Channel'), diff --git a/Code/Module/Outbox.php b/Code/Module/Outbox.php index 5b4379b27..ff36e9153 100644 --- a/Code/Module/Outbox.php +++ b/Code/Module/Outbox.php @@ -229,7 +229,7 @@ class Outbox extends Controller http_status_exit(403, 'Permission denied'); } observer_auth($portable_id); - } elseif (Config::Get('system', 'require_authenticated_fetch', false)) { + } elseif (Config::Get('system', 'require_authenticated_fetch', true)) { http_status_exit(403, 'Permission denied'); } $observer_hash = get_observer_hash(); diff --git a/Code/Module/Photo.php b/Code/Module/Photo.php index e0a958c70..739c93040 100644 --- a/Code/Module/Photo.php +++ b/Code/Module/Photo.php @@ -33,7 +33,7 @@ class Photo extends Controller http_status_exit(403, 'Permission denied'); } observer_auth($portable_id); - } elseif (Config::Get('system', 'require_authenticated_fetch', false)) { + } elseif (Config::Get('system', 'require_authenticated_fetch', true)) { http_status_exit(403, 'Permission denied'); }