diff options
author | friendica <info@friendica.com> | 2012-11-02 14:48:33 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2012-11-02 14:48:33 -0700 |
commit | 78884195bcbf57a9ebf92daf112d9332dbf2707e (patch) | |
tree | ed4eb03ee2793e9e2963ec91d358f91d6db41c5f /mod/zfinger.php | |
parent | 4fb898a0a336ac0843054b8c22dd26d695d718f7 (diff) | |
download | volse-hubzilla-78884195bcbf57a9ebf92daf112d9332dbf2707e.tar.gz volse-hubzilla-78884195bcbf57a9ebf92daf112d9332dbf2707e.tar.bz2 volse-hubzilla-78884195bcbf57a9ebf92daf112d9332dbf2707e.zip |
fixme note about discovered permission encryption
Diffstat (limited to 'mod/zfinger.php')
-rw-r--r-- | mod/zfinger.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/mod/zfinger.php b/mod/zfinger.php index c1ab8dc7d..ea8da0c23 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -68,6 +68,8 @@ function zfinger_init(&$a) { $ret['target'] = $ztarget; $ret['target_sig'] = $zsig; +// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery. + $ret['permissions'] = get_all_perms($e['channel_id'],(($ztarget && $zsig) ? base64url_encode(hash('whirlpool',$ztarget . $zsig,true)) : '' ),false); |