diff options
| author | friendica <info@friendica.com> | 2013-12-04 23:54:46 -0800 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-12-04 23:54:46 -0800 |
| commit | cc1e906825dd30f74d0a30190a7dd2a26d6b1642 (patch) | |
| tree | 9217329af3b4751d921ffa125be1907377ea9cea /mod | |
| parent | 04f61dd4a1e2d44291265855df68521933bedb04 (diff) | |
| download | volse-hubzilla-cc1e906825dd30f74d0a30190a7dd2a26d6b1642.tar.gz volse-hubzilla-cc1e906825dd30f74d0a30190a7dd2a26d6b1642.tar.bz2 volse-hubzilla-cc1e906825dd30f74d0a30190a7dd2a26d6b1642.zip | |
generate a small amount of entropy to avoid duplicate notifications from essentially simultaneous deliveries.
Diffstat (limited to 'mod')
| -rw-r--r-- | mod/post.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/mod/post.php b/mod/post.php index 627e13fa0..e589378dc 100644 --- a/mod/post.php +++ b/mod/post.php @@ -127,7 +127,7 @@ function post_init(&$a) { goaway($desturl); } - logger('mod_zot: auth request received from ' . $x[0]['xchan_addr'] ); + logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] ); // check credentials and access @@ -139,7 +139,9 @@ function post_init(&$a) { $remote_service_class = ''; $remote_hub = $x[0]['hubloc_url']; - $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote)) ? true : false); + // Also check that they are coming from the same site as they authenticated with originally. + + $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); if(! $already_authed) { |