aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2012-11-02 16:25:59 -0700
committerfriendica <info@friendica.com>2012-11-02 16:25:59 -0700
commita47a1d5eb9d8e28a646540c5d19e05ffe35774cc (patch)
tree55d8e2802a8a477a4d324a6dcbaa509b744e4dcb /mod
parentaca2e3b52ae44b5abe2681bc03351feb150e47ef (diff)
downloadvolse-hubzilla-a47a1d5eb9d8e28a646540c5d19e05ffe35774cc.tar.gz
volse-hubzilla-a47a1d5eb9d8e28a646540c5d19e05ffe35774cc.tar.bz2
volse-hubzilla-a47a1d5eb9d8e28a646540c5d19e05ffe35774cc.zip
secure permission discovery
Diffstat (limited to 'mod')
-rw-r--r--mod/zfinger.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/mod/zfinger.php b/mod/zfinger.php
index 5567f85cf..80411d16c 100644
--- a/mod/zfinger.php
+++ b/mod/zfinger.php
@@ -78,10 +78,12 @@ function zfinger_init(&$a) {
// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery.
- $ret['permissions'] = get_all_perms($e['channel_id'],(($ztarget && $zsig)
+
+ $permissions = get_all_perms($e['channel_id'],(($ztarget && $zsig)
? base64url_encode(hash('whirlpool',$ztarget . $zsig,true))
: '' ),false);
+ $ret['permissions'] = (($ztarget) ? aes_encapsulate(json_encode($permissions),$zkey) : $permissions);
// $ret['profile'] = $profile;