harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

validate the security context

Browse Source
This commit is contained in:
zotlabs
2017-09-03 23:50:18 -07:00
parent 3d0a7f4fc5
commit fc62f07a08
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/zot.php
View File

@@ -4621,6 +4621,7 @@ function zot_reply_auth_check($data,$encrypted_packet) {
// First verify their signature. We will have obtained a zot-info packet from them as part of the sender
// verification.
// needs a nonce!!!!
if ((! $y) || (! rsa_verify($data['secret'], base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
$ret['message'] .= 'sender not found or sig invalid ' . print_r($y,true) . EOL;