aboutsummaryrefslogtreecommitdiffstats
path: root/include/zot.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/zot.php')
-rw-r--r--include/zot.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/include/zot.php b/include/zot.php
index 8e053ed6f..ed0e84775 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -3798,6 +3798,9 @@ function zotinfo($arr) {
function check_zotinfo($channel,$locations,&$ret) {
+
+// logger('locations: ' . print_r($locations,true),LOGGER_DATA);
+
// This function will likely expand as we find more things to detect and fix.
// 1. Because magic-auth is reliant on it, ensure that the system channel has a valid hubloc
// Force this to be the case if anything is found to be wrong with it.
@@ -3808,10 +3811,15 @@ function check_zotinfo($channel,$locations,&$ret) {
// the sys channel must have a location (hubloc)
$valid_location = false;
if((count($locations) === 1) && ($locations[0]['primary']) && (! $locations[0]['deleted'])) {
- $valid_location = true;
+ if((rsa_verify($locations[0]['url'],base64url_decode($locations[0]['url_sig']),$channel['channel_pubkey']))
+ && ($locations[0]['sitekey'] === get_config('system','pubkey'))
+ && ($locations[0]['url'] === z_root()))
+ $valid_location = true;
+ else
+ logger('sys channel: invalid url signature');
}
- if((! $locations) || (! $valid_locations)) {
+ if((! $locations) || (! $valid_location)) {
logger('System channel locations are not valid. Attempting repair.');