From 0e2af403298599737b41a44a0b6b3e0a1204b108 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 9 Jan 2021 13:05:31 +0000 Subject: fix error in sql query --- Zotlabs/Module/Owa.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index d6aeb8af5..9a3513f34 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -39,7 +39,7 @@ class Owa extends Controller { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if ($found) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE OR hubloc_id_url = '%s'", + WHERE hubloc_id_url = '%s'", dbesc($keyId) ); } -- cgit v1.2.3 From 7cfb230a5e90986b62a5c1df86ce48c894c0578c Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 9 Jan 2021 13:22:43 +0000 Subject: streamline keyid --- Zotlabs/Module/Cdav.php | 2 +- Zotlabs/Module/Dav.php | 2 +- Zotlabs/Module/Getfile.php | 40 ++++++++++++++++++++-------------------- 3 files changed, 22 insertions(+), 22 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index f7e43e436..f5c5f4384 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -50,7 +50,7 @@ class Cdav extends Controller { if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { - $r = q("select * from hubloc where hubloc_addr = '%s'", + $r = q("select * from hubloc where hubloc_id_url = '%s'", dbesc($keyId) ); if($r) { diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 949b89950..82d773139 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -51,7 +51,7 @@ class Dav extends \Zotlabs\Web\Controller { if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { - $r = q("select * from hubloc where hubloc_addr = '%s'", + $r = q("select * from hubloc where hubloc_id_url = '%s'", dbesc($keyId) ); if($r) { diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 17d1c84b8..20cc23ac0 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -6,20 +6,20 @@ use Zotlabs\Lib\Libzot; /** * module: getfile - * + * * used for synchronising files and photos across clones - * + * * The site initiating the file operation will send a sync packet to known clones. * They will respond by building the DB structures they require, then will provide a * post request to this site to grab the file data. This is sent as a stream direct to * disk at the other end, avoiding memory issues. * * Since magic-auth cannot easily be used by the CURL process at the other end, - * we will require a signed request which includes a timestamp. This should not be - * used without SSL and is potentially vulnerable to replay if an attacker decrypts + * we will require a signed request which includes a timestamp. This should not be + * used without SSL and is potentially vulnerable to replay if an attacker decrypts * the SSL traffic fast enough. The amount of time slop is configurable but defaults * to 3 minutes. - * + * */ @@ -54,13 +54,13 @@ class Getfile extends \Zotlabs\Web\Controller { $keyId = $sigblock['keyId']; if($keyId) { - $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where hubloc_addr = '%s'", + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where hubloc_id_url = '%s'", dbesc(str_replace('acct:','',$keyId)) ); if($r) { $hubloc = Libzot::zot_record_preferred($r); - $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']); + $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid'] && $hash == $hubloc['hubloc_hash']) { $header_verified = true; } @@ -74,15 +74,15 @@ class Getfile extends \Zotlabs\Web\Controller { logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO); if($header_verified) { logger('HTTPSig verified'); - } - + } + $channel = channelx_by_hash($hash); if((! $channel) || (! $time) || (! $sig)) { logger('error: missing info'); killme(); } - + if(isset($_POST['resolution'])) $resolution = intval($_POST['resolution']); elseif(substr($resource,-2,1) == '-') { @@ -91,21 +91,21 @@ class Getfile extends \Zotlabs\Web\Controller { } else { $resolution = (-1); - } + } $slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop')); if($slop < 1) $slop = 3; - + $d1 = datetime_convert('UTC','UTC',"now + $slop minutes"); - $d2 = datetime_convert('UTC','UTC',"now - $slop minutes"); - + $d2 = datetime_convert('UTC','UTC',"now - $slop minutes"); + if(! $header_verified) { if(($time > $d1) || ($time < $d2)) { logger('time outside allowable range'); killme(); } - + if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) { logger('verify failed.'); killme(); @@ -137,20 +137,20 @@ class Getfile extends \Zotlabs\Web\Controller { else { echo dbunescbin($r[0]['content']); } - } + } killme(); } $r = attach_by_hash($resource,$channel['channel_hash'],$revision); - + if(! $r['success']) { logger('attach_by_hash failed: ' . $r['message']); notice( $r['message'] . EOL); return; } - + $unsafe_types = array('text/html','text/css','application/javascript'); - + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) { header('Content-type: text/plain'); } -- cgit v1.2.3 From 61e782389c20a0d22749985177370149af4ae119 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 9 Jan 2021 13:24:32 +0000 Subject: more streamline keyid --- Zotlabs/Module/Zfinger.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Zfinger.php b/Zotlabs/Module/Zfinger.php index 533f0a5db..ce7117ad8 100644 --- a/Zotlabs/Module/Zfinger.php +++ b/Zotlabs/Module/Zfinger.php @@ -7,7 +7,7 @@ use Zotlabs\Lib\Libzot; class Zfinger extends \Zotlabs\Web\Controller { function init() { - + require_once('include/zot.php'); require_once('include/crypto.php'); @@ -26,7 +26,7 @@ class Zfinger extends \Zotlabs\Web\Controller { if($chan) { $headers['Digest'] = HTTPSig::generate_digest_header($ret); - $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],'acct:' . channel_reddress($chan)); + $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'], channel_url($chan)); HTTPSig::set_headers($h); } else { @@ -37,7 +37,7 @@ class Zfinger extends \Zotlabs\Web\Controller { echo $ret; killme(); - + } - + } -- cgit v1.2.3 From 2522d42c71baee9caba181566948ae4c899885bd Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 9 Jan 2021 20:22:47 +0100 Subject: fix some php8 fatal errors --- Zotlabs/Module/Sse_bs.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index 534c63d46..396e07001 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -123,7 +123,7 @@ class Sse_bs extends Controller { $mids[] = '\'' . dbesc(@base64url_decode(substr($a,4))) . '\''; } - $str = implode($mids, ','); + $str = implode(',', $mids); $x = [ 'channel_id' => self::$uid, 'update' => 'unset' ]; call_hooks('update_unseen',$x); -- cgit v1.2.3 From ff100a499a2813c1ffa31db04936b04d4b2c8eb4 Mon Sep 17 00:00:00 2001 From: Mario Date: Sat, 9 Jan 2021 19:57:55 +0000 Subject: keyid adapt for backward compatibility to current release --- Zotlabs/Module/Getfile.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 20cc23ac0..a867f5ff7 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -54,9 +54,10 @@ class Getfile extends \Zotlabs\Web\Controller { $keyId = $sigblock['keyId']; if($keyId) { - $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where hubloc_id_url = '%s'", - dbesc(str_replace('acct:','',$keyId)) + $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash + WHERE hubloc_addr = '%s' OR hubloc_id_url = '%s'", + dbesc(str_replace('acct:','',$keyId)), + dbesc($keyId) ); if($r) { $hubloc = Libzot::zot_record_preferred($r); -- cgit v1.2.3