From 423c36f67b3809e58396ebea3ccbf9c15b7ab3c9 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 14 Feb 2024 18:07:29 +0000 Subject: improved checks in HTTPSig::find_headers() --- Zotlabs/Web/HTTPSig.php | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 439ca472b..793b8cb45 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -44,37 +44,42 @@ class HTTPSig { } } - static function find_headers($data, &$body) { + public static function find_headers($data, &$body) { // decide if $data arrived via controller submission or curl + // changes $body for the caller - if (is_array($data) && $data['header']) { - if (!$data['success']) + if (is_array($data) && array_key_exists('header', $data)) { + if (!$data['success']) { + $body = EMPTY_STR; return []; + } - $h = new HTTPHeaders($data['header']); - $headers = $h->fetcharr(); - $body = $data['body']; - $headers['(request-target)'] = $data['request_target']; - } + if (!$data['header']) { + $body = EMPTY_STR; + return []; + } - else { - $headers = []; + $h = new HTTPHeaders($data['header']); + $headers = $h->fetcharr(); + $body = $data['body']; + $headers['(request-target)'] = $data['request_target']; + } else { + $headers = []; $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; - $headers['content-type'] = $_SERVER['CONTENT_TYPE']; - $headers['content-length'] = $_SERVER['CONTENT_LENGTH']; + $headers['content-type'] = $_SERVER['CONTENT_TYPE']; + $headers['content-length'] = $_SERVER['CONTENT_LENGTH']; foreach ($_SERVER as $k => $v) { if (strpos($k, 'HTTP_') === 0) { - $field = str_replace('_', '-', strtolower(substr($k, 5))); + $field = str_replace('_', '-', strtolower(substr($k, 5))); $headers[$field] = $v; } } } //logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL); - - //logger('headers: ' . print_r($headers,true), LOGGER_ALL); + //logger('found_headers: ' . print_r($headers,true), LOGGER_ALL); return $headers; } @@ -102,6 +107,10 @@ class HTTPSig { if (!$headers) return $result; + if (is_array($body)) { + btlogger('body is array:' . print_r($body, true)); + } + $sig_block = null; if (array_key_exists('signature', $headers)) { @@ -217,8 +226,10 @@ class HTTPSig { $result['content_signed'] = true; $digest = explode('=', $headers['digest'], 2); $digest[0] = strtoupper($digest[0]); + if ($digest[0] === 'SHA-256') $hashalg = 'sha256'; + if ($digest[0] === 'SHA-512') $hashalg = 'sha512'; -- cgit v1.2.3