harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

verify some edge case http signatures

Browse Source
This commit is contained in:
zotlabs
2018-10-11 21:28:47 -07:00
parent c6f3298f78
commit c6bfd5e7be
2 changed files with 26 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Zotlabs/Web/HTTPSig.php
View File

@@ -52,6 +52,7 @@ class HTTPSig {
$h = new \Zotlabs\Web\HTTPHeaders($data['header']);
$headers = $h->fetcharr();
$body = $data['body'];
$headers['(request-target)'] = $data['request_target'];
}
else {
@@ -60,6 +61,7 @@ class HTTPSig {
strtolower($_SERVER['REQUEST_METHOD']) . ' ' .
$_SERVER['REQUEST_URI'];
$headers['content-type'] = $_SERVER['CONTENT_TYPE'];
$headers['content-length'] = $_SERVER['CONTENT_LENGTH'];
foreach($_SERVER as $k => $v) {
if(strpos($k,'HTTP_') === 0) {
@@ -104,10 +106,6 @@ class HTTPSig {
if(strpos($h,'.')) {
$spoofable = true;
}
if($h === 'host' && (strpos(strtolower(\App::get_hostname()),strtolower($headers[$h])) === false)) {
logger('bad host: ' . $sig_block['keyId'] . ' != ' . $headers[$h]);
return $result;
}
if($h === 'date') {
$d = new \DateTime($headers[$h]);
$d->setTimeZone(new \DateTimeZone('UTC'));