aboutsummaryrefslogtreecommitdiffstats
path: root/include/zot.php
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-05-22 22:44:13 -0700
committerredmatrix <git@macgirvin.com>2016-05-22 22:44:13 -0700
commitbbc71343bdfc724425927ebab404b035c65f569c (patch)
treeee3c193ee84025ef37705a11179c3e986ba6c617 /include/zot.php
parenta1aa3d906159e4ad563779e5f220dddbfbd744c4 (diff)
downloadvolse-hubzilla-bbc71343bdfc724425927ebab404b035c65f569c.tar.gz
volse-hubzilla-bbc71343bdfc724425927ebab404b035c65f569c.tar.bz2
volse-hubzilla-bbc71343bdfc724425927ebab404b035c65f569c.zip
change the signed token format. We don't folks to be able to submit random text for signing by us, as they could then use these to generate known signatures.
Diffstat (limited to 'include/zot.php')
-rw-r--r--include/zot.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/zot.php b/include/zot.php
index 4b780db2a..8ba03ff5c 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -3818,7 +3818,7 @@ function zotinfo($arr) {
// Communication details
if($token)
- $ret['signed_token'] = base64url_encode(rsa_sign($token,$e['channel_prvkey']));
+ $ret['signed_token'] = base64url_encode(rsa_sign('token.' . $token,$e['channel_prvkey']));
$ret['guid'] = $e['xchan_guid'];