aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-09-10 16:32:19 -0700
committerfriendica <info@friendica.com>2014-09-10 16:32:19 -0700
commit79bd45163156b30de0c102fb55181f08c756634f (patch)
treee3a76d4bd2d648f9a159c73ad9ca74b1285e9c82
parent08638f3ec88e86def618ff89bdedb9ae9696d218 (diff)
downloadvolse-hubzilla-79bd45163156b30de0c102fb55181f08c756634f.tar.gz
volse-hubzilla-79bd45163156b30de0c102fb55181f08c756634f.tar.bz2
volse-hubzilla-79bd45163156b30de0c102fb55181f08c756634f.zip
fix the like signatures to the "new ordering" - inbound and outbound
-rwxr-xr-xinclude/diaspora.php32
1 files changed, 12 insertions, 20 deletions
diff --git a/include/diaspora.php b/include/diaspora.php
index 30e79c5c5..7d8c43ae2 100755
--- a/include/diaspora.php
+++ b/include/diaspora.php
@@ -1783,10 +1783,7 @@ function diaspora_like($importer,$xml,$msg) {
// It looks like "RelayableRetractions" are used for "unlike" instead
if($positive === 'false') {
logger('diaspora_like: received a like with positive set to "false"...ignoring');
-/* q("UPDATE `item` SET `deleted` = 1 WHERE `id` = %d AND `uid` = %d",
- intval($r[0]['id']),
- intval($importer['channel_id'])
- );*/
+ // perhaps call drop_item()
// FIXME--actually don't unless it turns out that Diaspora does indeed send out "false" likes
// send notification via proc_run()
return;
@@ -1820,16 +1817,12 @@ function diaspora_like($importer,$xml,$msg) {
who sent the salmon
*/
-// $signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle;
-
// 2014-09-10 let's try this: signatures are failing. I'll try and make a signable string from
// the parameters in the order they were presented in the post. This is how D* creates the signable string.
$signed_data = $positive . ';' . $guid . ';' . $target_type . ';' . $parent_guid . ';' . $diaspora_handle;
-
-
$key = $msg['key'];
if($parent_author_signature) {
@@ -1840,12 +1833,12 @@ function diaspora_like($importer,$xml,$msg) {
$parent_author_signature = base64_decode($parent_author_signature);
if(! rsa_verify($signed_data,$parent_author_signature,$key,'sha256')) {
-// if (intval(get_config('system','ignore_diaspora_like_signature')))
+ if (intval(get_config('system','ignore_diaspora_like_signature')))
logger('diaspora_like: top-level owner verification failed. Proceeding anyway.');
-// else {
-// logger('diaspora_like: top-level owner verification failed.');
-// return;
-// }
+ else {
+ logger('diaspora_like: top-level owner verification failed.');
+ return;
+ }
}
}
else {
@@ -1857,16 +1850,15 @@ function diaspora_like($importer,$xml,$msg) {
$author_signature = base64_decode($author_signature);
if(! rsa_verify($signed_data,$author_signature,$key,'sha256')) {
-// if (intval(get_config('system','ignore_diaspora_like_signature')))
+ if (intval(get_config('system','ignore_diaspora_like_signature')))
logger('diaspora_like: like creator verification failed. Proceeding anyway');
-// else {
-// logger('diaspora_like: like creator verification failed.');
-// return;
-// }
+ else {
+ logger('diaspora_like: like creator verification failed.');
+ return;
+ }
}
}
-
logger('diaspora_like: signature check complete.',LOGGER_DEBUG);
// Phew! Everything checks out. Now create an item.
@@ -2577,7 +2569,7 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) {
if($relay_retract)
$sender_signed_text = $item['mid'] . ';' . $target_type;
elseif($like)
- $sender_signed_text = $item['mid'] . ';' . $target_type . ';' . $parent['mid'] . ';' . $positive . ';' . $handle;
+ $sender_signed_text = $positive . ';' . $item['mid'] . ';' . $target_type . ';' . $parent['mid'] . ';' . $handle;
else
$sender_signed_text = $item['mid'] . ';' . $parent['mid'] . ';' . $text . ';' . $handle;
}