aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornobody <nobody@zotlabs.com>2021-08-29 04:54:50 -0700
committernobody <nobody@zotlabs.com>2021-08-29 04:54:50 -0700
commit8343f63964c6cc992c2a8c90aa2a1080d5804323 (patch)
tree18354c0612f28b3e287c5829a515b7c4f1cbfb65
parent2866c0b1737f571c77731eabb0d60d6660caee3b (diff)
downloadvolse-hubzilla-8343f63964c6cc992c2a8c90aa2a1080d5804323.tar.gz
volse-hubzilla-8343f63964c6cc992c2a8c90aa2a1080d5804323.tar.bz2
volse-hubzilla-8343f63964c6cc992c2a8c90aa2a1080d5804323.zip
OWA: very difficult to trace failures due to empty public key record. The signature might succeed because an empty key triggers an external key fetch. But the empty key cannot encrypt the token. This has been observed in the wild on a number of sites/projects.
-rw-r--r--Zotlabs/Module/Owa.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 9a3513f34..e30aa5fb4 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -32,14 +32,14 @@ class Owa extends Controller {
$keyId = $sigblock['keyId'];
if ($keyId) {
$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
- WHERE hubloc_id_url = '%s'",
+ WHERE hubloc_id_url = '%s' AND xchan_pubkey != '' ",
dbesc($keyId)
);
if (! $r) {
$found = discover_by_webbie(str_replace('acct:','',$keyId));
if ($found) {
$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
- WHERE hubloc_id_url = '%s'",
+ WHERE hubloc_id_url = '%s' AND xchan_pubkey != '' ",
dbesc($keyId)
);
}