From fc62f07a089daf698953e6e4197668fbf8aebef9 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sun, 3 Sep 2017 23:50:18 -0700
Subject: validate the security context

---
 Zotlabs/Zot/Auth.php | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Zotlabs/Zot')

diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php
index 92b0fff78..afb7b1535 100644
--- a/Zotlabs/Zot/Auth.php
+++ b/Zotlabs/Zot/Auth.php
@@ -43,6 +43,12 @@ class Auth {
 			$this->Finalise();
 		}
 
+		if(strpbrk($this->sec,'.:')) {
+			logger('illegal security context');
+			$this->Debug('illegal security context.');
+			$this->Finalise();
+		}
+
 		$x = $this->GetHublocs($this->address);
 
 		if($x) {
@@ -153,6 +159,7 @@ class Auth {
 			dbesc($hubloc['hubloc_url'])
 		);
 
+		// needs a nonce!!!!
 		$p = zot_build_packet($channel,$type = 'auth_check', 
 			array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), 
 			$hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec);
-- 
cgit v1.2.3