diff options
| author | friendica <info@friendica.com> | 2012-11-02 16:25:59 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2012-11-02 16:25:59 -0700 |
| commit | a47a1d5eb9d8e28a646540c5d19e05ffe35774cc (patch) | |
| tree | 55d8e2802a8a477a4d324a6dcbaa509b744e4dcb /mod/zfinger.php | |
| parent | aca2e3b52ae44b5abe2681bc03351feb150e47ef (diff) | |
| download | volse-hubzilla-a47a1d5eb9d8e28a646540c5d19e05ffe35774cc.tar.gz volse-hubzilla-a47a1d5eb9d8e28a646540c5d19e05ffe35774cc.tar.bz2 volse-hubzilla-a47a1d5eb9d8e28a646540c5d19e05ffe35774cc.zip | |
secure permission discovery
Diffstat (limited to 'mod/zfinger.php')
| -rw-r--r-- | mod/zfinger.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/mod/zfinger.php b/mod/zfinger.php index 5567f85cf..80411d16c 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -78,10 +78,12 @@ function zfinger_init(&$a) { // FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery. - $ret['permissions'] = get_all_perms($e['channel_id'],(($ztarget && $zsig) + + $permissions = get_all_perms($e['channel_id'],(($ztarget && $zsig) ? base64url_encode(hash('whirlpool',$ztarget . $zsig,true)) : '' ),false); + $ret['permissions'] = (($ztarget) ? aes_encapsulate(json_encode($permissions),$zkey) : $permissions); // $ret['profile'] = $profile; |