From cb10da3eef0fcf5e9f64f002932f9879de3310dc Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 9 Sep 2014 22:45:26 -0700 Subject: Did I ever mention how much I HATE hacking crypto? If you've got a protocol doc that says how you sign something, you damm well better sign it that way. --- include/diaspora.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/diaspora.php b/include/diaspora.php index 0c15bfd46..e7a6cb8ea 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1804,7 +1804,15 @@ function diaspora_like($importer,$xml,$msg) { who sent the salmon */ - $signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle; +// $signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle; + + // 2014-09-10 let's try this: signatures are failing. I'll try and make a signable string from + // the parameters in the order they were presented in the post. This is how D* creates the signable string. + + + $signed_data = $positive . ';' . $guid . ';' . $target_type . ';' . $parent_guid . ';' . $diaspora_handle; + + $key = $msg['key']; @@ -1841,6 +1849,9 @@ function diaspora_like($importer,$xml,$msg) { // } } } + + + logger('diaspora_like: signature check complete.',LOGGER_DEBUG); // Phew! Everything checks out. Now create an item. -- cgit v1.2.3