aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-04-15 21:04:09 -0700
committerzotlabs <mike@macgirvin.com>2018-04-15 21:04:09 -0700
commit19888b95cc99a4a1333431909067b8147de7892c (patch)
treec58a0cc27b974b1b56425c26dc23a063ea7b5292
parent3e6a55a295271db8529a30b3bb4a9e78d8bb5001 (diff)
downloadvolse-hubzilla-19888b95cc99a4a1333431909067b8147de7892c.tar.gz
volse-hubzilla-19888b95cc99a4a1333431909067b8147de7892c.tar.bz2
volse-hubzilla-19888b95cc99a4a1333431909067b8147de7892c.zip
draft-cavage issues
-rw-r--r--Zotlabs/Web/HTTPSig.php12
1 files changed, 9 insertions, 3 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 9bcc2e5ec..255511ede 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -59,6 +59,8 @@ class HTTPSig {
$headers['(request-target)'] =
strtolower($_SERVER['REQUEST_METHOD']) . ' ' .
$_SERVER['REQUEST_URI'];
+ $headers['content-type'] = $_SERVER['CONTENT_TYPE'];
+
foreach($_SERVER as $k => $v) {
if(strpos($k,'HTTP_') === 0) {
$field = str_replace('_','-',strtolower(substr($k,5)));
@@ -67,6 +69,10 @@ class HTTPSig {
}
}
+ // logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL);
+
+ // logger('headers: ' . print_r($headers,true), LOGGER_ALL);
+
$sig_block = null;
if(array_key_exists('signature',$headers)) {
@@ -194,10 +200,10 @@ class HTTPSig {
if($r) {
$j = json_decode($r,true);
- if($j['id'] !== $id)
- return false;
-
if(array_key_exists('publicKey',$j) && array_key_exists('publicKeyPem',$j['publicKey'])) {
+ if((array_key_exists('id',$j['publicKey']) && $j['publicKey']['id'] !== $id) && $j['id'] !== $id)
+ return false;
+
return($j['publicKey']['publicKeyPem']);
}
}