aboutsummaryrefslogtreecommitdiffstats
path: root/include/items.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2016-12-24 15:00:37 -0800
committerzotlabs <mike@macgirvin.com>2016-12-24 15:00:37 -0800
commit35ed9b9b72cd2f8440c80ef395e119282bcd6383 (patch)
treed5a40da68f79081a70996725e0299d08bdf562ec /include/items.php
parent1e535283631b99b43e087c8dea292ed3b4dd2e6b (diff)
downloadvolse-hubzilla-35ed9b9b72cd2f8440c80ef395e119282bcd6383.tar.gz
volse-hubzilla-35ed9b9b72cd2f8440c80ef395e119282bcd6383.tar.bz2
volse-hubzilla-35ed9b9b72cd2f8440c80ef395e119282bcd6383.zip
issue with post signatures if posted from api and logged in locally with a different identity.
Diffstat (limited to 'include/items.php')
-rwxr-xr-xinclude/items.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/items.php b/include/items.php
index 9bd256d58..57a9022da 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1527,7 +1527,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
// apply the input filter here - if it is obscured it has been filtered already
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
- if(local_channel() && (! $arr['sig'])) {
+ if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
$channel = App::get_channel();
if($channel['channel_hash'] === $arr['author_xchan']) {
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
@@ -1944,7 +1944,7 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
// apply the input filter here - if it is obscured it has been filtered already
$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
- if(local_channel() && (! $arr['sig'])) {
+ if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
$channel = App::get_channel();
if($channel['channel_hash'] === $arr['author_xchan']) {
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));