diff options
author | redmatrix <git@macgirvin.com> | 2016-05-22 22:44:13 -0700 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-05-22 22:44:13 -0700 |
commit | bbc71343bdfc724425927ebab404b035c65f569c (patch) | |
tree | ee3c193ee84025ef37705a11179c3e986ba6c617 /Zotlabs | |
parent | a1aa3d906159e4ad563779e5f220dddbfbd744c4 (diff) | |
download | volse-hubzilla-bbc71343bdfc724425927ebab404b035c65f569c.tar.gz volse-hubzilla-bbc71343bdfc724425927ebab404b035c65f569c.tar.bz2 volse-hubzilla-bbc71343bdfc724425927ebab404b035c65f569c.zip |
change the signed token format. We don't folks to be able to submit random text for signing by us, as they could then use these to generate known signatures.
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Zot/Finger.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index 63fdd4a4c..07798fbb1 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -110,7 +110,7 @@ class Finger { if($x) { $signed_token = ((is_array($x) && array_key_exists('signed_token',$x)) ? $x['signed_token'] : null); if($signed_token) { - $valid = rsa_verify(self::$token,base64url_decode($signed_token),$x['key']); + $valid = rsa_verify('token.' . self::$token,base64url_decode($signed_token),$x['key']); if(! $valid) { logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_WARN); return $ret; |