diff options
author | Mike Macgirvin <mike@macgirvin.com> | 2010-10-11 04:01:24 -0700 |
---|---|---|
committer | Mike Macgirvin <mike@macgirvin.com> | 2010-10-11 04:01:24 -0700 |
commit | 6b67d00fce5daaa26afa738beb06a91a4b10ccac (patch) | |
tree | cf13fc54bf085163c58b692f1e5fe6ccdcb02d6d | |
parent | eafd225bdd84eae667aa933c62c32d279be2e990 (diff) | |
download | volse-hubzilla-6b67d00fce5daaa26afa738beb06a91a4b10ccac.tar.gz volse-hubzilla-6b67d00fce5daaa26afa738beb06a91a4b10ccac.tar.bz2 volse-hubzilla-6b67d00fce5daaa26afa738beb06a91a4b10ccac.zip |
if pubkey is encrypted, it will also be packaged for safe transport
-rw-r--r-- | mod/dfrn_confirm.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 77f436374..dd50e82a0 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -89,10 +89,6 @@ function dfrn_confirm_post(&$a) { // or later) then we encrypt the personal public key we send them using AES-256-CBC and a // random key which is encrypted with their site public key. - // Note: We can send any of these things as binary blobs because they are being POST'ed. - // Any protocol conversations (notify, poll) which perform GET require bin2hex of all the - // binary stuff. - $src_aes_key = random_string(); $result = ''; @@ -292,10 +288,18 @@ function dfrn_confirm_post(&$a) { $public_key = $_POST['public_key']; $dfrn_id = hex2bin($_POST['dfrn_id']); $source_url = hex2bin($_POST['source_url']); - $aes_key = hex2bin($_POST['aes_key']); + $aes_key = $_POST['aes_key']; $duplex = $_POST['duplex']; $version_id = $_POST['dfrn_version']; + + // If $aes_key is set, both of these items require unpacking from the hex transport encoding. + + if(x($aes_key)) { + $aes_key = hex2bin($aes_key); + $public_key = hex2bin($public_key); + } + // Find our user's account $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", |