diff options
| author | zotlabs <mike@macgirvin.com> | 2018-04-15 21:04:09 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2018-04-15 21:04:09 -0700 |
| commit | 19888b95cc99a4a1333431909067b8147de7892c (patch) | |
| tree | c58a0cc27b974b1b56425c26dc23a063ea7b5292 /Zotlabs/Web | |
| parent | 3e6a55a295271db8529a30b3bb4a9e78d8bb5001 (diff) | |
| download | volse-hubzilla-19888b95cc99a4a1333431909067b8147de7892c.tar.gz volse-hubzilla-19888b95cc99a4a1333431909067b8147de7892c.tar.bz2 volse-hubzilla-19888b95cc99a4a1333431909067b8147de7892c.zip | |
draft-cavage issues
Diffstat (limited to 'Zotlabs/Web')
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 9bcc2e5ec..255511ede 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -59,6 +59,8 @@ class HTTPSig { $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; + $headers['content-type'] = $_SERVER['CONTENT_TYPE']; + foreach($_SERVER as $k => $v) { if(strpos($k,'HTTP_') === 0) { $field = str_replace('_','-',strtolower(substr($k,5))); @@ -67,6 +69,10 @@ class HTTPSig { } } + // logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL); + + // logger('headers: ' . print_r($headers,true), LOGGER_ALL); + $sig_block = null; if(array_key_exists('signature',$headers)) { @@ -194,10 +200,10 @@ class HTTPSig { if($r) { $j = json_decode($r,true); - if($j['id'] !== $id) - return false; - if(array_key_exists('publicKey',$j) && array_key_exists('publicKeyPem',$j['publicKey'])) { + if((array_key_exists('id',$j['publicKey']) && $j['publicKey']['id'] !== $id) && $j['id'] !== $id) + return false; + return($j['publicKey']['publicKeyPem']); } } |