aboutsummaryrefslogtreecommitdiffstats
path: root/include/items.php
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-04-21 18:51:53 +0000
committerMario <mario@mariovavti.com>2021-04-21 18:51:53 +0000
commit07525c5b4594858b2b9a748a1d0cbc571fa49c7c (patch)
tree2498e688f67296d096f640a32bbfef46b1c17bf1 /include/items.php
parent35df50c39d95e19dcd7e67bd3328059dbb591b66 (diff)
downloadvolse-hubzilla-07525c5b4594858b2b9a748a1d0cbc571fa49c7c.tar.gz
volse-hubzilla-07525c5b4594858b2b9a748a1d0cbc571fa49c7c.tar.bz2
volse-hubzilla-07525c5b4594858b2b9a748a1d0cbc571fa49c7c.zip
next batch of fixes
Diffstat (limited to 'include/items.php')
-rw-r--r--include/items.php56
1 files changed, 43 insertions, 13 deletions
diff --git a/include/items.php b/include/items.php
index 0d1047e13..29160c01d 100644
--- a/include/items.php
+++ b/include/items.php
@@ -758,22 +758,34 @@ function get_item_elements($x,$allow_code = false) {
// and not enough info to be able to look you up from your hash - which is the only thing stored with the post.
$xchan_hash = import_author_xchan($x['author']);
- if($xchan_hash)
+ if($xchan_hash) {
$arr['author_xchan'] = $xchan_hash;
- else
- return array();
+ }
+ else {
+ return [];
+ }
// save a potentially expensive lookup if author == owner
+ $legacy_sig = false;
+ $owner_hash = '';
+ if(isset($x['owner']['id']) && isset($x['owner']['key']) && isset($x['owner']['network']) && $x['owner']['network'] === 'zot6') {
+ $owner_hash = Libzot::make_xchan_hash($x['owner']['id'], $x['owner']['key']);
+ }
+ else {
+ $owner_hash = make_xchan_hash($x['owner']['guid'],$x['owner']['guid_sig']);
+ $legacy_sig = true;
+ }
- if($arr['author_xchan'] === make_xchan_hash($x['owner']['guid'],$x['owner']['guid_sig']))
+ if($arr['author_xchan'] === $owner_hash) {
$arr['owner_xchan'] = $arr['author_xchan'];
+ }
else {
$xchan_hash = import_author_xchan($x['owner']);
if($xchan_hash) {
$arr['owner_xchan'] = $xchan_hash;
}
else {
- return array();
+ return [];
}
}
@@ -793,7 +805,15 @@ function get_item_elements($x,$allow_code = false) {
);
if($r) {
if($r[0]['xchan_pubkey'] && $r[0]['xchan_network'] === 'zot6') {
- if(Libzot::verify($x['body'], $arr['sig'], $r[0]['xchan_pubkey'])) {
+ $item_verified = false;
+ if($legacy_sig) {
+ $item_verified = Crypto::verify($x['body'], base64url_decode($arr['sig']), $r[0]['xchan_pubkey']);
+ }
+ else {
+ $item_verified = Libzot::verify($x['body'], $arr['sig'], $r[0]['xchan_pubkey']);
+ }
+
+ if($item_verified) {
$arr['item_verified'] = 1;
}
else {
@@ -908,6 +928,7 @@ function get_item_elements($x,$allow_code = false) {
$arr['item_type'] = ITEM_TYPE_DOC;
}
}
+
return $arr;
}
@@ -935,22 +956,31 @@ function import_author_xchan($x) {
$y = Libzot::import_author_zot($x);
}
- if(!isset($x['network']) || $x['network'] === 'zot') {
- $y = import_author_zot($x);
+ if(!$y && isset($x['url']) && isset($x['network']) && $x['network'] === 'zot6') {
+ $r = q("SELECT xchan_hash FROM xchan WHERE xchan_url = '%s' AND xchan_network = 'zot6'",
+ dbesc($x['url'])
+ );
+ if($r)
+ $y = $r[0]['xchan_hash'];
+ else
+ $y = discover_by_webbie($x['url'], 'zot6');
}
// if we were told that it's a zot6 connection, don't probe/import anything else
- if(isset($x['network']) && $x['network'] === 'zot6') {
+
+ if($y)
return $y;
+
+ if(!$y && !isset($x['network']) || $x['network'] === 'zot') {
+ $y = import_author_zot($x);
}
- if(isset($x['network']) && $x['network'] === 'zot') {
+ if(isset($x['network']) || $x['network'] === 'zot') {
if($x['url']) {
// check if we already have the zot6 xchan of this xchan_url. if not import it.
$r = q("SELECT xchan_hash FROM xchan WHERE xchan_url = '%s' AND xchan_network = 'zot6'",
dbesc($x['url'])
);
-
if(! $r)
discover_by_webbie($x['url'], 'zot6');
}
@@ -1700,14 +1730,14 @@ function item_sign(&$item) {
if(array_key_exists('sig',$item) && $item['sig'])
return;
- $r = q("select channel_prvkey from channel where channel_id = %d and channel_hash = '%s' ",
+ $r = q("select * from channel where channel_id = %d and channel_hash = '%s' ",
intval($item['uid']),
dbesc($item['author_xchan'])
);
if(! $r)
return;
- $item['sig'] = base64url_encode(Crypto::sign($item['body'], $r[0]['channel_prvkey']));
+ $item['sig'] = Libzot::sign($item['body'], $r[0]['channel_prvkey']);
$item['item_verified'] = 1;
}