diff options
| author | zotlabs <mike@macgirvin.com> | 2017-04-09 20:25:41 -0700 |
|---|---|---|
| committer | Mario Vavti <mario@mariovavti.com> | 2017-04-12 07:03:20 +0200 |
| commit | ed5abe59810743bbae6f7f13c0b7d0043715eecc (patch) | |
| tree | 612de380a468488548c62463e0a162dfa54d43b7 /include | |
| parent | 1f951e2bd325b62d76fbdeb78d49da52aa44fa3e (diff) | |
| download | volse-hubzilla-ed5abe59810743bbae6f7f13c0b7d0043715eecc.tar.gz volse-hubzilla-ed5abe59810743bbae6f7f13c0b7d0043715eecc.tar.bz2 volse-hubzilla-ed5abe59810743bbae6f7f13c0b7d0043715eecc.zip | |
some signatures showing as invalid because of recent import_author_zot() changes.
Diffstat (limited to 'include')
| -rwxr-xr-x | include/items.php | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/include/items.php b/include/items.php index 933b9ef81..2e46ee3bd 100755 --- a/include/items.php +++ b/include/items.php @@ -632,14 +632,17 @@ function get_item_elements($x,$allow_code = false) { return array(); // save a potentially expensive lookup if author == owner + if($arr['author_xchan'] === make_xchan_hash($x['owner']['guid'],$x['owner']['guid_sig'])) $arr['owner_xchan'] = $arr['author_xchan']; else { $xchan_hash = import_author_xchan($x['owner']); - if($xchan_hash) + if($xchan_hash) { $arr['owner_xchan'] = $xchan_hash; - else + } + else { return array(); + } } // Check signature on the body text received. @@ -656,10 +659,25 @@ function get_item_elements($x,$allow_code = false) { $r = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($arr['author_xchan']) ); - if($r && rsa_verify($x['body'],base64url_decode($arr['sig']),$r[0]['xchan_pubkey'])) - $arr['item_verified'] = 1; - else - logger('get_item_elements: message verification failed.'); + if($r) { + if($r[0]['xchan_pubkey']) { + if(rsa_verify($x['body'],base64url_decode($arr['sig']),$r[0]['xchan_pubkey'])) { + $arr['item_verified'] = 1; + } + else { + logger('get_item_elements: message verification failed.'); + } + } + else { + + // If we don't have a public key, strip the signature so it won't show as invalid. + // This won't happen in normal use, but could happen if import_author_xchan() + // failed to load the zot-info packet due to a server failure and had + // to create an alternate xchan with network 'unknown' + + unset($arr['sig']); + } + } } // if the input is markdown, remove one level of html escaping. @@ -1123,7 +1141,7 @@ function encode_item_xchan($xchan) { $ret['address'] = $xchan['xchan_addr']; $ret['url'] = $xchan['xchan_url']; $ret['network'] = $xchan['xchan_network']; - $ret['photo'] = array('mimetype' => $xchan['xchan_photo_mimetype'], 'src' => $xchan['xchan_photo_m']); + $ret['photo'] = [ 'mimetype' => $xchan['xchan_photo_mimetype'], 'src' => $xchan['xchan_photo_m'] ]; $ret['guid'] = $xchan['xchan_guid']; $ret['guid_sig'] = $xchan['xchan_guid_sig']; |