diff options
| author | Mike Macgirvin <mike@macgirvin.com> | 2010-08-05 02:57:03 -0700 |
|---|---|---|
| committer | Mike Macgirvin <mike@macgirvin.com> | 2010-08-05 02:57:03 -0700 |
| commit | 40a06771ff2a22f3801dfe174ca318cf4f67c1b1 (patch) | |
| tree | 118bb7d76726b68d2155229b8039170e5c500d9e /include/poller.php | |
| parent | b294ff63024da5629a0d7b6f66aaa9af6d1dd400 (diff) | |
| download | volse-hubzilla-40a06771ff2a22f3801dfe174ca318cf4f67c1b1.tar.gz volse-hubzilla-40a06771ff2a22f3801dfe174ca318cf4f67c1b1.tar.bz2 volse-hubzilla-40a06771ff2a22f3801dfe174ca318cf4f67c1b1.zip | |
reciprocal verification on notify, poll
Diffstat (limited to 'include/poller.php')
| -rw-r--r-- | include/poller.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/include/poller.php b/include/poller.php index e0b4d79b2..be073b93b 100644 --- a/include/poller.php +++ b/include/poller.php @@ -84,11 +84,21 @@ echo "XML: " . $xml; $res = simplexml_load_string($xml); - if((intval($res->status) != 0) || (! strlen($res->challenge)) || ($res->dfrn_id != $contact['dfrn-id'])) + if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id))) continue; $postvars = array(); + $sent_dfrn_id = hex2bin($res->dfrn_id); + + $final_dfrn_id = ''; + openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']); + $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); + if($final_dfrn_id != $contact['dfrn-id']) { + // did not decode properly - cannot trust this site + continue; + } + $postvars['dfrn_id'] = $contact['dfrn-id']; $challenge = hex2bin($res->challenge); |