Did I ever mention how much I HATE hacking crypto? If you've got a protocol doc that says how you sign something, you damm well better sign it that way.

2014-09-09 22:45:26 -07:00 · 2014-09-09 22:45:26 -07:00 · cb10da3eef
commit cb10da3eef
parent e7b005b1f8
1 changed files with 12 additions and 1 deletions
--- a/include/diaspora.php
+++ b/include/diaspora.php
@ -1804,7 +1804,15 @@ function diaspora_like($importer,$xml,$msg) {
 	     who sent the salmon
 	*/

-	$signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle;
+//	$signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle;
+
+	// 2014-09-10 let's try this: signatures are failing. I'll try and make a signable string from
+	// the parameters in the order they were presented in the post. This is how D* creates the signable string.
+
+
+	$signed_data = $positive . ';' . $guid . ';' . $target_type . ';' . $parent_guid . ';' . $diaspora_handle;
+
+

 	$key = $msg['key'];

@ -1842,6 +1850,9 @@ function diaspora_like($importer,$xml,$msg) {
 		}
 	}
 	
+
+	logger('diaspora_like: signature check complete.',LOGGER_DEBUG);
+
 	// Phew! Everything checks out. Now create an item.

 	// Find the original comment author information.