From bbc71343bdfc724425927ebab404b035c65f569c Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Sun, 22 May 2016 22:44:13 -0700
Subject: change the signed token format. We don't folks to be able to submit
 random text for signing by us, as they could then use these to generate known
 signatures.

---
 include/zot.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/zot.php')

diff --git a/include/zot.php b/include/zot.php
index 4b780db2a..8ba03ff5c 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -3818,7 +3818,7 @@ function zotinfo($arr) {
 	// Communication details
 
 	if($token)
-		$ret['signed_token'] = base64url_encode(rsa_sign($token,$e['channel_prvkey']));
+		$ret['signed_token'] = base64url_encode(rsa_sign('token.' . $token,$e['channel_prvkey']));
 
 
 	$ret['guid']           = $e['xchan_guid'];
-- 
cgit v1.2.3