diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/zfinger.php | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/mod/zfinger.php b/mod/zfinger.php index ea8da0c23..5567f85cf 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -7,11 +7,19 @@ function zfinger_init(&$a) { $ret = array('success' => false); - $zguid = ((x($_REQUEST,'guid')) ? $_REQUEST['guid'] : ''); - $zaddr = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : ''); - $ztarget = ((x($_REQUEST,'target')) ? trim($_REQUEST['target']) : ''); - $zsig = ((x($_REQUEST,'target_sig')) ? trim($_REQUEST['target_sig']) : ''); - + $zguid = ((x($_REQUEST,'guid')) ? $_REQUEST['guid'] : ''); + $zaddr = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : ''); + $ztarget = ((x($_REQUEST,'target')) ? $_REQUEST['target'] : ''); + $zsig = ((x($_REQUEST,'target_sig')) ? $_REQUEST['target_sig'] : ''); + $zkey = ((x($_REQUEST,'key')) ? $_REQUEST['key'] : ''); + + if($ztarget) { + if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) { + logger('zfinger: invalid target signature'); + $ret['message'] = t("invalid target signature"); + json_return_and_die($ret); + } + } $r = null; |