aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2024-02-14 18:07:29 +0000
committerMario <mario@mariovavti.com>2024-02-14 18:07:29 +0000
commit423c36f67b3809e58396ebea3ccbf9c15b7ab3c9 (patch)
treec85416a499101190a9e4dc9a7299f27267cda6f2
parent30271bb32f0b452f1fb2da364c8b2790fbcdda2d (diff)
downloadvolse-hubzilla-423c36f67b3809e58396ebea3ccbf9c15b7ab3c9.tar.gz
volse-hubzilla-423c36f67b3809e58396ebea3ccbf9c15b7ab3c9.tar.bz2
volse-hubzilla-423c36f67b3809e58396ebea3ccbf9c15b7ab3c9.zip
improved checks in HTTPSig::find_headers()
-rw-r--r--Zotlabs/Web/HTTPSig.php41
1 files changed, 26 insertions, 15 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 439ca472b..793b8cb45 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -44,37 +44,42 @@ class HTTPSig {
}
}
- static function find_headers($data, &$body) {
+ public static function find_headers($data, &$body) {
// decide if $data arrived via controller submission or curl
+ // changes $body for the caller
- if (is_array($data) && $data['header']) {
- if (!$data['success'])
+ if (is_array($data) && array_key_exists('header', $data)) {
+ if (!$data['success']) {
+ $body = EMPTY_STR;
return [];
+ }
- $h = new HTTPHeaders($data['header']);
- $headers = $h->fetcharr();
- $body = $data['body'];
- $headers['(request-target)'] = $data['request_target'];
- }
+ if (!$data['header']) {
+ $body = EMPTY_STR;
+ return [];
+ }
- else {
- $headers = [];
+ $h = new HTTPHeaders($data['header']);
+ $headers = $h->fetcharr();
+ $body = $data['body'];
+ $headers['(request-target)'] = $data['request_target'];
+ } else {
+ $headers = [];
$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
- $headers['content-type'] = $_SERVER['CONTENT_TYPE'];
- $headers['content-length'] = $_SERVER['CONTENT_LENGTH'];
+ $headers['content-type'] = $_SERVER['CONTENT_TYPE'];
+ $headers['content-length'] = $_SERVER['CONTENT_LENGTH'];
foreach ($_SERVER as $k => $v) {
if (strpos($k, 'HTTP_') === 0) {
- $field = str_replace('_', '-', strtolower(substr($k, 5)));
+ $field = str_replace('_', '-', strtolower(substr($k, 5)));
$headers[$field] = $v;
}
}
}
//logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL);
-
- //logger('headers: ' . print_r($headers,true), LOGGER_ALL);
+ //logger('found_headers: ' . print_r($headers,true), LOGGER_ALL);
return $headers;
}
@@ -102,6 +107,10 @@ class HTTPSig {
if (!$headers)
return $result;
+ if (is_array($body)) {
+ btlogger('body is array:' . print_r($body, true));
+ }
+
$sig_block = null;
if (array_key_exists('signature', $headers)) {
@@ -217,8 +226,10 @@ class HTTPSig {
$result['content_signed'] = true;
$digest = explode('=', $headers['digest'], 2);
$digest[0] = strtoupper($digest[0]);
+
if ($digest[0] === 'SHA-256')
$hashalg = 'sha256';
+
if ($digest[0] === 'SHA-512')
$hashalg = 'sha512';