aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/identity.php2
-rwxr-xr-xinclude/items.php2
-rw-r--r--include/zot.php26
-rw-r--r--mod/post.php10
-rw-r--r--mod/zfinger.php2
5 files changed, 29 insertions, 13 deletions
diff --git a/include/identity.php b/include/identity.php
index 6c28f23d6..e210b37ab 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -201,7 +201,7 @@ function create_identity($arr) {
$sig = base64url_encode(rsa_sign($guid,$key['prvkey']));
- $hash = base64url_encode(hash('whirlpool',$guid . $sig,true));
+ $hash = make_xchan_hash($guid,$sig);
// Force a few things on the short term until we can provide a theme or app with choice
diff --git a/include/items.php b/include/items.php
index 26d2fbe1c..10daa85f2 100755
--- a/include/items.php
+++ b/include/items.php
@@ -734,7 +734,7 @@ function get_item_elements($x) {
return array();
// save a potentially expensive lookup if author == owner
- if($arr['author_xchan'] === base64url_encode(hash('whirlpool',$x['owner']['guid'] . $x['owner']['guid_sig'], true)))
+ if($arr['author_xchan'] === make_xchan_hash($x['owner']['guid'],$x['owner']['guid_sig']))
$arr['owner_xchan'] = $arr['author_xchan'];
else {
if(($xchan_hash = import_author_xchan($x['owner'])) !== false)
diff --git a/include/zot.php b/include/zot.php
index 4442bd748..1b02f8d69 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -35,6 +35,20 @@ function zot_new_uid($channel_nick) {
/**
+ *
+ * function make_xchan_hash($guid,$guid_sig)
+ *
+ * Generates a portable hash identifier for the channel identified by $guid and signed with $guid_sig
+ * This ID is portable across the network but MUST be calculated locally by verifying the signature
+ * and can not be trusted as an identity.
+ *
+ */
+
+function make_xchan_hash($guid,$guid_sig) {
+ return base64url_encode(hash('whirlpool',$guid . $guid_sig, true));
+}
+
+/**
* @function zot_get_hublocs($hash)
* Given a zot hash, return all distinct hubs.
* This function is used in building the zot discovery packet
@@ -538,7 +552,7 @@ function zot_register_hub($arr) {
if($arr['url'] && $arr['url_sig'] && $arr['guid'] && $arr['guid_sig']) {
- $guid_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
+ $guid_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']);
$url = $arr['url'] . '/.well-known/zot-info/?f=&guid_hash=' . $guid_hash;
@@ -612,7 +626,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
}
- $xchan_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
+ $xchan_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']);
$import_photos = false;
if(! rsa_verify($arr['guid'],base64url_decode($arr['guid_sig']),$arr['key'])) {
@@ -1167,14 +1181,14 @@ function zot_import($arr, $sender_url) {
}
- $i['notify']['sender']['hash'] = base64url_encode(hash('whirlpool',$i['notify']['sender']['guid'] . $i['notify']['sender']['guid_sig'], true));
+ $i['notify']['sender']['hash'] = make_xchan_hash($i['notify']['sender']['guid'],$i['notify']['sender']['guid_sig']);
$deliveries = null;
if(array_key_exists('recipients',$i['notify']) && count($i['notify']['recipients'])) {
logger('specific recipients');
$recip_arr = array();
foreach($i['notify']['recipients'] as $recip) {
- $recip_arr[] = base64url_encode(hash('whirlpool',$recip['guid'] . $recip['guid_sig'], true));
+ $recip_arr[] = make_xchan_hash($recip['guid'],$recip['guid_sig']);
}
stringify_array_elms($recip_arr);
$recips = implode(',',$recip_arr);
@@ -1390,7 +1404,7 @@ function allowed_public_recips($msg) {
if(array_key_exists('public_scope',$msg['message']))
$scope = $msg['message']['public_scope'];
- $hash = base64url_encode(hash('whirlpool',$msg['notify']['sender']['guid'] . $msg['notify']['sender']['guid_sig'], true));
+ $hash = make_xchan_hash($msg['notify']['sender']['guid'],$msg['notify']['sender']['guid_sig']);
if($scope === 'public' || $scope === 'network: red')
return $recips;
@@ -2336,7 +2350,7 @@ function get_rpost_path($observer) {
}
function import_author_zot($x) {
- $hash = base64url_encode(hash('whirlpool',$x['guid'] . $x['guid_sig'], true));
+ $hash = make_xchan_hash($x['guid'],$x['guid_sig']);
$r = q("select hubloc_url from hubloc where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and (hubloc_flags & %d) limit 1",
dbesc($x['guid']),
dbesc($x['guid_sig']),
diff --git a/mod/post.php b/mod/post.php
index bd68baa17..3b4f66baf 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -715,7 +715,7 @@ function post_post(&$a) {
}
$arr = $data['sender'];
- $sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
+ $sender_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']);
// garbage collect any old unused notifications
q("delete from verify where type = 'auth' and created < UTC_TIMESTAMP() - INTERVAL 10 MINUTE");
@@ -742,7 +742,7 @@ function post_post(&$a) {
if($data['recipients']) {
$arr = $data['recipients'][0];
- $recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
+ $recip_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']);
$c = q("select channel_id, channel_account_id, channel_prvkey from channel where channel_hash = '%s' limit 1",
dbesc($recip_hash)
);
@@ -787,6 +787,8 @@ function post_post(&$a) {
$ret['DNT'] = true;
if(! perm_is_allowed($c[0]['channel_id'],'','view_profile'))
$ret['DNT'] = true;
+ if(get_pconfig($c[0]['channel_id'],'system','do_not_track'))
+ $ret['DNT'] = true;
json_return_and_die($ret);
@@ -808,7 +810,7 @@ function post_post(&$a) {
if($r) {
$r = q("select abook_id from abook where uid = %d and abook_xchan = '%s' limit 1",
intval($r[0]['channel_id']),
- dbesc(base64url_encode(hash('whirlpool',$sender['guid'] . $sender['guid_sig'], true)))
+ dbesc(make_xchan_hash($sender['guid'],$sender['guid_sig']))
);
if($r) {
contact_remove($r[0]['channel_id'],$r[0]['abook_id']);
@@ -819,7 +821,7 @@ function post_post(&$a) {
else {
// Unfriend everybody - basically this means the channel has committed suicide
$arr = $data['sender'];
- $sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
+ $sender_hash = make_xchan_hash($arr['guid'],$arr['guid_sig']);
require_once('include/Contact.php');
remove_all_xchan_resources($sender_hash);
diff --git a/mod/zfinger.php b/mod/zfinger.php
index bd1463591..d1493da03 100644
--- a/mod/zfinger.php
+++ b/mod/zfinger.php
@@ -188,7 +188,7 @@ function zfinger_init(&$a) {
$ret['follow_url'] = z_root() . '/follow?f=&url=%s';
$ztarget_hash = (($ztarget && $zsig)
- ? base64url_encode(hash('whirlpool',$ztarget . $zsig,true))
+ ? make_xchan_hash($ztarget,$zsig)
: '' );
$permissions = get_all_perms($e['channel_id'],$ztarget_hash,false);