harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

secure permission discovery

Browse Source
This commit is contained in:
friendica
2012-11-02 16:25:59 -07:00
parent aca2e3b52a
commit a47a1d5eb9
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mod/zfinger.php
View File

@@ -78,10 +78,12 @@ function zfinger_init(&$a) {
// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery.
$ret['permissions'] = get_all_perms($e['channel_id'],(($ztarget && $zsig)
$permissions = get_all_perms($e['channel_id'],(($ztarget && $zsig)
? base64url_encode(hash('whirlpool',$ztarget . $zsig,true))
: '' ),false);
$ret['permissions'] = (($ztarget) ? aes_encapsulate(json_encode($permissions),$zkey) : $permissions);
// $ret['profile'] = $profile;