diff options
| author | Mario Vavti <mario@mariovavti.com> | 2018-10-10 13:33:15 +0200 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2018-10-10 13:33:15 +0200 |
| commit | d2e366a46fbdb40c7c6704b3a7f55ad235c93bf3 (patch) | |
| tree | f815c87d37bdbb7f8a8ee0a7bc2f0074bd8ed1bc /Zotlabs/Web/HTTPSig.php | |
| parent | c06b37b798d604a8e5768b8c9b52422b4b34ae36 (diff) | |
| parent | c6f3298f7864756f4a9b7827e8490a3ee859f82f (diff) | |
| download | volse-hubzilla-d2e366a46fbdb40c7c6704b3a7f55ad235c93bf3.tar.gz volse-hubzilla-d2e366a46fbdb40c7c6704b3a7f55ad235c93bf3.tar.bz2 volse-hubzilla-d2e366a46fbdb40c7c6704b3a7f55ad235c93bf3.zip | |
Merge remote-tracking branch 'mike/master' into dev
Diffstat (limited to 'Zotlabs/Web/HTTPSig.php')
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index df66ecf5c..ec7bb0d67 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -104,6 +104,21 @@ class HTTPSig { if(strpos($h,'.')) { $spoofable = true; } + if($h === 'host' && (strpos(strtolower(\App::get_hostname()),strtolower($headers[$h])) === false)) { + logger('bad host: ' . $sig_block['keyId'] . ' != ' . $headers[$h]); + return $result; + } + if($h === 'date') { + $d = new \DateTime($headers[$h]); + $d->setTimeZone(new \DateTimeZone('UTC')); + $dplus = datetime_convert('UTC','UTC','now + 1 day'); + $dminus = datetime_convert('UTC','UTC','now - 1 day'); + $c = $d->format('Y-m-d H:i:s'); + if($c > $dplus || $c < $dminus) { + logger('bad time: ' . $c); + return $result; + } + } } $signed_data = rtrim($signed_data,"\n"); |