From b50a3ed169c4e55c65a177c76d430e77fe95ad69 Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Wed, 23 Feb 2022 10:24:22 +0100
Subject: [PATCH] Champ `backup_cles` sur spip_auteurs, et `secret_du_site`
 hors de spip_meta

Upgrade de base pour ajouter un champ `backup_cles` sur spip_auteurs qui
permet aux webmestres de conserver une copie des cles

Le secret_du_site est fourni via SpipCles et plus via spip_meta, il est
supprime de la base (on le reinit au passage, mais c'est pas tres grave)
---
 ecrire/base/objets.php          |  3 ++-
 ecrire/inc/securiser_action.php | 26 ++++----------------------
 ecrire/inc_version.php          |  2 +-
 ecrire/maj/2021.php             |  5 +++++
 4 files changed, 12 insertions(+), 24 deletions(-)

diff --git a/ecrire/base/objets.php b/ecrire/base/objets.php
index 8c10d8709d..9a8d59f44e 100644
--- a/ecrire/base/objets.php
+++ b/ecrire/base/objets.php
@@ -249,7 +249,8 @@ function lister_tables_objets_sql(?string $table_sql = null, $desc = []) {
 					'cookie_oubli' => 'tinytext',
 					'source' => "VARCHAR(10) DEFAULT 'spip' NOT NULL",
 					'lang' => "VARCHAR(10) DEFAULT '' NOT NULL",
-					'imessage' => "VARCHAR(3) DEFAULT '' NOT NULL"
+					'imessage' => "VARCHAR(3) DEFAULT '' NOT NULL",
+					'backup_cles' => "mediumtext DEFAULT '' NOT NULL",
 				],
 				'key' => [
 					'PRIMARY KEY' => 'id_auteur',
diff --git a/ecrire/inc/securiser_action.php b/ecrire/inc/securiser_action.php
index 8450f9b4bf..43717ac1cd 100644
--- a/ecrire/inc/securiser_action.php
+++ b/ecrire/inc/securiser_action.php
@@ -298,29 +298,11 @@ function verifier_action_auteur($action, $hash) {
  * @return string
  */
 function secret_du_site() {
-	if (!isset($GLOBALS['meta']['secret_du_site'])) {
-		include_spip('base/abstract_sql');
-		$GLOBALS['meta']['secret_du_site'] = sql_getfetsel('valeur', 'spip_meta', "nom='secret_du_site'");
-	}
-	if (
-		!isset($GLOBALS['meta']['secret_du_site'])
-		or (strlen($GLOBALS['meta']['secret_du_site']) < 64)
-	) {
-		include_spip('inc/acces');
-		include_spip('auth/sha256.inc');
-		ecrire_meta(
-			'secret_du_site',
-			spip_sha256(
-				$_SERVER['DOCUMENT_ROOT']
-				. ($_SERVER['SERVER_SIGNATURE'] ?? '')
-				. creer_uniqid()
-			),
-			'non'
-		);
-		lire_metas(); // au cas ou ecrire_meta() ne fonctionne pas
-	}
+	include_spip('inc/chiffrer');
+	$cles = Spip\Core\Chiffrer\SpipCles::instance();
+	$secret = $cles->getSecretSite();
 
-	return $GLOBALS['meta']['secret_du_site'];
+	return $secret;
 }
 
 /**
diff --git a/ecrire/inc_version.php b/ecrire/inc_version.php
index b365763a60..17541fd7dc 100644
--- a/ecrire/inc_version.php
+++ b/ecrire/inc_version.php
@@ -452,7 +452,7 @@ define('_DEV_VERSION_SPIP_COMPAT', '4.0.99');
 // (= date de leur derniere modif cassant la compatibilite et/ou necessitant un recalcul des squelettes)
 $spip_version_code = 2022_01_16;
 // version de la base SQL (= Date + numero incremental a 2 chiffres YYYYMMDDXX)
-$spip_version_base = 2021_02_18_00;
+$spip_version_base = 2022_02_23_02;
 
 // version de l'interface a la base
 $spip_sql_version = 1;
diff --git a/ecrire/maj/2021.php b/ecrire/maj/2021.php
index 0519a4083a..272074aca9 100644
--- a/ecrire/maj/2021.php
+++ b/ecrire/maj/2021.php
@@ -26,3 +26,8 @@ $GLOBALS['maj'][2021_02_18_00] = [
 	['sql_alter', "TABLE spip_auteurs CHANGE imessage imessage VARCHAR(3) DEFAULT '' NOT NULL" ],
 	['sql_updateq', 'spip_auteurs', ['imessage' => 'oui'], "imessage != 'non' OR imessage IS NULL" ],
 ];
+
+$GLOBALS['maj'][2022_02_23_02] = [
+	['sql_alter', "TABLE spip_auteurs ADD backup_cles mediumtext DEFAULT '' NOT NULL" ],
+	['sql_delete', "spip_meta","nom='secret_du_site'" ],
+];
-- 
GitLab