diff options
| author | zotlabs <mike@macgirvin.com> | 2017-04-09 20:25:41 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-04-09 20:25:41 -0700 |
| commit | 063577c19ea45918e332ec640fb7369bf757b348 (patch) | |
| tree | 5396a0f3e691e7ab8494d21133fa0a4ae033f617 /include/items.php | |
| parent | e682b93883ecada4e0d2953d90901f8c3aa763d1 (diff) | |
| download | volse-hubzilla-063577c19ea45918e332ec640fb7369bf757b348.tar.gz volse-hubzilla-063577c19ea45918e332ec640fb7369bf757b348.tar.bz2 volse-hubzilla-063577c19ea45918e332ec640fb7369bf757b348.zip | |
some signatures showing as invalid because of recent import_author_zot() changes.
Diffstat (limited to 'include/items.php')
| -rwxr-xr-x | include/items.php | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/include/items.php b/include/items.php index c3b57f6cb..f290b5ec1 100755 --- a/include/items.php +++ b/include/items.php @@ -625,14 +625,17 @@ function get_item_elements($x,$allow_code = false) { return array(); // save a potentially expensive lookup if author == owner + if($arr['author_xchan'] === make_xchan_hash($x['owner']['guid'],$x['owner']['guid_sig'])) $arr['owner_xchan'] = $arr['author_xchan']; else { $xchan_hash = import_author_xchan($x['owner']); - if($xchan_hash) + if($xchan_hash) { $arr['owner_xchan'] = $xchan_hash; - else + } + else { return array(); + } } // Check signature on the body text received. @@ -649,10 +652,25 @@ function get_item_elements($x,$allow_code = false) { $r = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($arr['author_xchan']) ); - if($r && rsa_verify($x['body'],base64url_decode($arr['sig']),$r[0]['xchan_pubkey'])) - $arr['item_verified'] = 1; - else - logger('get_item_elements: message verification failed.'); + if($r) { + if($r[0]['xchan_pubkey']) { + if(rsa_verify($x['body'],base64url_decode($arr['sig']),$r[0]['xchan_pubkey'])) { + $arr['item_verified'] = 1; + } + else { + logger('get_item_elements: message verification failed.'); + } + } + else { + + // If we don't have a public key, strip the signature so it won't show as invalid. + // This won't happen in normal use, but could happen if import_author_xchan() + // failed to load the zot-info packet due to a server failure and had + // to create an alternate xchan with network 'unknown' + + unset($arr['sig']); + } + } } // if the input is markdown, remove one level of html escaping. @@ -1107,7 +1125,7 @@ function encode_item_xchan($xchan) { $ret['address'] = $xchan['xchan_addr']; $ret['url'] = $xchan['xchan_url']; $ret['network'] = $xchan['xchan_network']; - $ret['photo'] = array('mimetype' => $xchan['xchan_photo_mimetype'], 'src' => $xchan['xchan_photo_m']); + $ret['photo'] = [ 'mimetype' => $xchan['xchan_photo_mimetype'], 'src' => $xchan['xchan_photo_m'] ]; $ret['guid'] = $xchan['xchan_guid']; $ret['guid_sig'] = $xchan['xchan_guid_sig']; |