harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'mike/master' into dev

Browse Source
This commit is contained in:
Mario Vavti 2018-10-12 09:42:57 +02:00
commit 81d9258e80
2 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Zotlabs/Web/HTTPSig.php
View File

@ -52,6 +52,7 @@ class HTTPSig {
$h = new \Zotlabs\Web\HTTPHeaders($data['header']);
$headers = $h->fetcharr();
$body = $data['body'];
$headers['(request-target)'] = $data['request_target'];
}
else {
@ -60,6 +61,7 @@ class HTTPSig {
strtolower($_SERVER['REQUEST_METHOD']) . ' ' .
$_SERVER['REQUEST_URI'];
$headers['content-type'] = $_SERVER['CONTENT_TYPE'];
$headers['content-length'] = $_SERVER['CONTENT_LENGTH'];
foreach($_SERVER as $k => $v) {
if(strpos($k,'HTTP_') === 0) {
@ -104,10 +106,6 @@ class HTTPSig {
if(strpos($h,'.')) {
$spoofable = true;
}
if($h === 'host' && (strpos(strtolower(\App::get_hostname()),strtolower($headers[$h])) === false)) {
logger('bad host: ' . $sig_block['keyId'] . ' != ' . $headers[$h]);
return $result;
}
if($h === 'date') {
$d = new \DateTime($headers[$h]);
$d->setTimeZone(new \DateTimeZone('UTC'));

24
include/network.php
View File

@ -48,6 +48,10 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
if(($redirects > 8) || (! $ch))
return $ret;
if(! array_key_exists('request_target',$opts)) {
$opts['request_target'] = 'get ' . get_request_string($url);
}
@curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLINFO_HEADER_OUT, true);
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
@ -179,6 +183,7 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
}
$ret['body'] = substr($s,strlen($header));
$ret['header'] = $header;
$ret['request_target'] = $opts['request_target'];
if(x($opts,'debug')) {
$ret['debug'] = $curl_info;
@ -227,6 +232,10 @@ function z_post_url($url, $params, $redirects = 0, $opts = array()) {
if(($redirects > 8) || (! $ch))
return $ret;
if(! array_key_exists('request_target',$opts)) {
$opts['request_target'] = 'get ' . get_request_string($url);
}
@curl_setopt($ch, CURLOPT_HEADER, true);
@curl_setopt($ch, CURLINFO_HEADER_OUT, true);
@curl_setopt($ch, CURLOPT_CAINFO, get_capath());
@ -359,6 +368,7 @@ function z_post_url($url, $params, $redirects = 0, $opts = array()) {
$ret['body'] = substr($s, strlen($header));
$ret['header'] = $header;
$ret['request_target'] = $opts['request_target'];
if(x($opts,'debug')) {
$ret['debug'] = $curl_info;
@ -2080,3 +2090,17 @@ function jsonld_document_loader($url) {
return [];
}
/**
* @brief Given a URL, return everything after the host portion.
* example https://foobar.com/gravy?g=5&y=6
* returns /gravy?g=5&y=6
* result always returns the leading slash
*/
function get_request_string($url) {
$a = explode('/',$url,4);
return '/' . ((count($a) > 3) ? $a[3] : EMPTY_STR);
}