harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SECURITY: signature issue

Browse Source
This commit is contained in:
zotlabs
2018-10-09 22:37:53 -07:00
parent 2cb52f8875
commit c6f3298f78
4 changed files with 29 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Zotlabs/Zot/Finger.php
View File

@@ -71,6 +71,11 @@ class Finger {
$url = 'https://' . $host;
}
$m = parse_url($url);
if($m) {
$parsed_host = strtolower($m['host']);
}
$rhs = '/.well-known/zot-info';
$https = ((strpos($url,'https://') === 0) ? true : false);
@@ -88,6 +93,8 @@ class Finger {
$headers = [];
$headers['X-Zot-Channel'] = $channel['channel_address'] . '@' . \App::get_hostname();
$headers['X-Zot-Nonce'] = random_string();
$headers['Host'] = $parsed['host'];
$xhead = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false);