From 35ed9b9b72cd2f8440c80ef395e119282bcd6383 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Sat, 24 Dec 2016 15:00:37 -0800
Subject: issue with post signatures if posted from api and logged in locally
 with a different identity.

---
 include/items.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/items.php')

diff --git a/include/items.php b/include/items.php
index 9bd256d58..57a9022da 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1527,7 +1527,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
 		// apply the input filter here - if it is obscured it has been filtered already
 		$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
 
-		if(local_channel() && (! $arr['sig'])) {
+		if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
 			$channel = App::get_channel();
 			if($channel['channel_hash'] === $arr['author_xchan']) {
 				$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
@@ -1944,7 +1944,7 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
         // apply the input filter here - if it is obscured it has been filtered already
         $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
 
-        if(local_channel() && (! $arr['sig'])) {
+		if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
             $channel = App::get_channel();
             if($channel['channel_hash'] === $arr['author_xchan']) {
                 $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
-- 
cgit v1.2.3