diff options
Diffstat (limited to 'Zotlabs/Web')
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 10 | ||||
| -rw-r--r-- | Zotlabs/Web/Session.php | 2 |
2 files changed, 6 insertions, 6 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 35b8054e6..0ab315eee 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -207,7 +207,7 @@ class HTTPSig { $key = (($fetched_key) ? $fetched_key : $cached_key); - $result['portable_id'] = $key['portable_id']; + $result['portable_id'] = $key['portable_id'] ?? ''; $result['header_valid'] = true; if (in_array('digest', $signed_headers)) { @@ -303,7 +303,7 @@ class HTTPSig { // $force is used to ignore the local cache and only use the remote data; for instance the cached key might be stale if (!$force) { - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where (hubloc_id_url = '%s' or hubloc_hash = '%s') and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", + $x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where (hubloc_id_url = '%s' or hubloc_hash = '%s') and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", dbesc($url), dbesc($url) ); @@ -378,7 +378,7 @@ class HTTPSig { $best = []; if (!$force) { - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", + $x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", dbesc($id) ); @@ -427,7 +427,7 @@ class HTTPSig { $best = []; if (!$force) { - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network = 'zot6' order by hubloc_id desc", + $x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network = 'zot6' order by hubloc_id desc", dbesc($id) ); @@ -631,7 +631,7 @@ class HTTPSig { if (preg_match('/signature="(.*?)"/ism', $header, $matches)) $ret['signature'] = base64_decode(preg_replace('/\s+/', '', $matches[1])); - if (($ret['signature']) && ($ret['algorithm']) && (!$ret['headers'])) + if (isset($ret['signature']) && isset($ret['algorithm']) && !isset($ret['headers'])) $ret['headers'] = ['date']; return $ret; diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 443a02d20..14c054d20 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -203,7 +203,7 @@ class Session { // first check if we're enforcing that sessions can't change IP address // @todo what to do with IPv6 addresses - if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { + if(isset($_SESSION['addr']) && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); $partial1 = substr($_SESSION['addr'], 0, strrpos($_SESSION['addr'], '.')); |