diff options
author | nobody <nobody@zotlabs.com> | 2021-08-29 04:54:50 -0700 |
---|---|---|
committer | nobody <nobody@zotlabs.com> | 2021-08-29 04:54:50 -0700 |
commit | 8343f63964c6cc992c2a8c90aa2a1080d5804323 (patch) | |
tree | 18354c0612f28b3e287c5829a515b7c4f1cbfb65 /Zotlabs | |
parent | 2866c0b1737f571c77731eabb0d60d6660caee3b (diff) | |
download | volse-hubzilla-8343f63964c6cc992c2a8c90aa2a1080d5804323.tar.gz volse-hubzilla-8343f63964c6cc992c2a8c90aa2a1080d5804323.tar.bz2 volse-hubzilla-8343f63964c6cc992c2a8c90aa2a1080d5804323.zip |
OWA: very difficult to trace failures due to empty public key record. The signature might succeed because an empty key triggers an external key fetch. But the empty key cannot encrypt the token. This has been observed in the wild on a number of sites/projects.
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Owa.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 9a3513f34..e30aa5fb4 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -32,14 +32,14 @@ class Owa extends Controller { $keyId = $sigblock['keyId']; if ($keyId) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE hubloc_id_url = '%s'", + WHERE hubloc_id_url = '%s' AND xchan_pubkey != '' ", dbesc($keyId) ); if (! $r) { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if ($found) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE hubloc_id_url = '%s'", + WHERE hubloc_id_url = '%s' AND xchan_pubkey != '' ", dbesc($keyId) ); } |