diff options
author | zotlabs <mike@macgirvin.com> | 2016-12-24 15:00:37 -0800 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2016-12-24 15:00:37 -0800 |
commit | 35ed9b9b72cd2f8440c80ef395e119282bcd6383 (patch) | |
tree | d5a40da68f79081a70996725e0299d08bdf562ec /include/items.php | |
parent | 1e535283631b99b43e087c8dea292ed3b4dd2e6b (diff) | |
download | volse-hubzilla-35ed9b9b72cd2f8440c80ef395e119282bcd6383.tar.gz volse-hubzilla-35ed9b9b72cd2f8440c80ef395e119282bcd6383.tar.bz2 volse-hubzilla-35ed9b9b72cd2f8440c80ef395e119282bcd6383.zip |
issue with post signatures if posted from api and logged in locally with a different identity.
Diffstat (limited to 'include/items.php')
-rwxr-xr-x | include/items.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/items.php b/include/items.php index 9bd256d58..57a9022da 100755 --- a/include/items.php +++ b/include/items.php @@ -1527,7 +1527,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) { // apply the input filter here - if it is obscured it has been filtered already $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); - if(local_channel() && (! $arr['sig'])) { + if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) { $channel = App::get_channel(); if($channel['channel_hash'] === $arr['author_xchan']) { $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey'])); @@ -1944,7 +1944,7 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { // apply the input filter here - if it is obscured it has been filtered already $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); - if(local_channel() && (! $arr['sig'])) { + if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) { $channel = App::get_channel(); if($channel['channel_hash'] === $arr['author_xchan']) { $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey'])); |