diff options
| -rw-r--r-- | include/api_zot.php | 15 | ||||
| -rw-r--r-- | include/network.php | 2 | ||||
| -rw-r--r-- | include/security.php | 4 | ||||
| -rw-r--r-- | util/zotsh/easywebdav/__init__.pyc | bin | 483 -> 457 bytes | |||
| -rw-r--r-- | util/zotsh/easywebdav/__version__.pyc | bin | 187 -> 174 bytes | |||
| -rw-r--r-- | util/zotsh/easywebdav/client.pyc | bin | 9211 -> 8886 bytes |
6 files changed, 18 insertions, 3 deletions
diff --git a/include/api_zot.php b/include/api_zot.php index 287720484..8f621d998 100644 --- a/include/api_zot.php +++ b/include/api_zot.php @@ -1,7 +1,9 @@ <?php function zot_api_init() { - api_register_func('api/red/version','api_zot_version',false); + api_register_func('api/z/1.0/verify','api_verify', true); + + api_register_func('api/red/version','api_zot_version',false); api_register_func('api/z/1.0/version','api_zot_version',false); api_register_func('api/export/basic','api_export_basic', true); api_register_func('api/red/channel/export/basic','api_export_basic', true); @@ -47,6 +49,17 @@ return; } + function api_verify($type) { + if (api_user() === false) { + logger('no channel'); + return false; + } + $channel = channelx_by_n(api_user()); + // logger('channel: ' . print_r($channel,true)); + + json_return_and_die($channel); + } + function api_zot_version($type) { diff --git a/include/network.php b/include/network.php index aada36fba..d9d534cd7 100644 --- a/include/network.php +++ b/include/network.php @@ -1101,7 +1101,7 @@ function discover_by_webbie($webbie, $protocol = '') { $network = null; $x = webfinger_rfc7033($webbie, true); - if($x && array_key_exists('links',$x) && $x['links']) { + if($x && array_key_exists('links',$x) && is_array($x['links'])) { foreach($x['links'] as $link) { if(array_key_exists('rel',$link)) { diff --git a/include/security.php b/include/security.php index 38cb72263..c9df00f1e 100644 --- a/include/security.php +++ b/include/security.php @@ -594,9 +594,11 @@ function check_form_security_token($typename = '', $formname = 'form_security_to $hash = $_REQUEST[$formname]; $max_livetime = 10800; // 3 hours + $min_livetime = 3; // 3 sec $x = explode('.', $hash); - if (time() > (IntVal($x[0]) + $max_livetime)) return false; + if (time() > (IntVal($x[0]) + $max_livetime) || time() < (IntVal($x[0]) + $min_livetime)) + return false; $sec_hash = hash('whirlpool', App::$observer['xchan_guid'] . ((local_channel()) ? App::$channel['channel_prvkey'] : '') . session_id() . $x[0] . $typename); diff --git a/util/zotsh/easywebdav/__init__.pyc b/util/zotsh/easywebdav/__init__.pyc Binary files differindex b69303d1b..61b28285f 100644 --- a/util/zotsh/easywebdav/__init__.pyc +++ b/util/zotsh/easywebdav/__init__.pyc diff --git a/util/zotsh/easywebdav/__version__.pyc b/util/zotsh/easywebdav/__version__.pyc Binary files differindex bdc53441f..ceb251aeb 100644 --- a/util/zotsh/easywebdav/__version__.pyc +++ b/util/zotsh/easywebdav/__version__.pyc diff --git a/util/zotsh/easywebdav/client.pyc b/util/zotsh/easywebdav/client.pyc Binary files differindex d53caed92..86dd3aece 100644 --- a/util/zotsh/easywebdav/client.pyc +++ b/util/zotsh/easywebdav/client.pyc |