bitPickups/friendica_2020-09-1_sharedHosting
1
0
Fork 0
Code Pull requests Activity

Remove 'headers' option occurrences and add a warning if used.

Browse source
This commit is contained in:
Philipp Holzer 2020-10-18 22:31:26 +02:00
parent c19f1a83ce
commit a74d88c4ee
No known key found for this signature in database
GPG key ID: 9A28B7D4FF5667BD
4 changed files with 13 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Model/GServer.php
View file

@ -1639,7 +1639,7 @@ class GServer
if (!empty($accesstoken)) { if (!empty($accesstoken)) {
$api = 'https://instances.social/api/1.0/instances/list?count=0'; $api = 'https://instances.social/api/1.0/instances/list?count=0';
$header = ['Authorization: Bearer '.$accesstoken]; $header = ['Authorization: Bearer '.$accesstoken];
$curlResult = DI::httpRequest()->get($api, ['headers' => $header]); $curlResult = DI::httpRequest()->get($api, ['header' => $header]);
if ($curlResult->isSuccess()) { if ($curlResult->isSuccess()) {
$servers = json_decode($curlResult->getBody(), true); $servers = json_decode($curlResult->getBody(), true);

12
src/Module/Magic.php
View file

@ -88,19 +88,19 @@ class Magic extends BaseModule
$exp = explode('/profile/', $contact['url']); $exp = explode('/profile/', $contact['url']);
$basepath = $exp[0]; $basepath = $exp[0];
$headers = []; $header = [];
$headers['Accept'] = 'application/x-dfrn+json, application/x-zot+json'; $header['Accept'] = 'application/x-dfrn+json, application/x-zot+json';
$headers['X-Open-Web-Auth'] = Strings::getRandomHex(); $header['X-Open-Web-Auth'] = Strings::getRandomHex();
// Create a header that is signed with the local users private key. // Create a header that is signed with the local users private key.
$headers = HTTPSignature::createSig( $header = HTTPSignature::createSig(
$headers, $header,
$user['prvkey'], $user['prvkey'],
'acct:' . $user['nickname'] . '@' . DI::baseUrl()->getHostname() . (DI::baseUrl()->getUrlPath() ? '/' . DI::baseUrl()->getUrlPath() : '') 'acct:' . $user['nickname'] . '@' . DI::baseUrl()->getHostname() . (DI::baseUrl()->getUrlPath() ? '/' . DI::baseUrl()->getUrlPath() : '')
); );
// Try to get an authentication token from the other instance. // Try to get an authentication token from the other instance.
$curlResult = DI::httpRequest()->get($basepath . '/owa', ['headers' => $headers]); $curlResult = DI::httpRequest()->get($basepath . '/owa', ['header' => $header]);
if ($curlResult->isSuccess()) { if ($curlResult->isSuccess()) {
$j = json_decode($curlResult->getBody(), true); $j = json_decode($curlResult->getBody(), true);

1
src/Network/HTTPRequest.php
View file

@ -141,6 +141,7 @@ class HTTPRequest implements IHTTPRequest
curl_setopt($ch, CURLOPT_ENCODING, ''); curl_setopt($ch, CURLOPT_ENCODING, '');
if (!empty($opts['headers'])) { if (!empty($opts['headers'])) {
$this->logger->warning('Wrong option \'headers\' used.');
@curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']); @curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
} }

10
src/Util/HTTPSignature.php
View file

@ -411,7 +411,7 @@ class HTTPSignature
*/ */
public static function fetchRaw($request, $uid = 0, $binary = false, $opts = []) public static function fetchRaw($request, $uid = 0, $binary = false, $opts = [])
{ {
$headers = []; $header = [];
if (!empty($uid)) { if (!empty($uid)) {
$owner = User::getOwnerDataById($uid); $owner = User::getOwnerDataById($uid);
@ -431,21 +431,21 @@ class HTTPSignature
$path = parse_url($request, PHP_URL_PATH); $path = parse_url($request, PHP_URL_PATH);
$date = DateTimeFormat::utcNow(DateTimeFormat::HTTP); $date = DateTimeFormat::utcNow(DateTimeFormat::HTTP);
$headers = ['Date: ' . $date, 'Host: ' . $host]; $header = ['Date: ' . $date, 'Host: ' . $host];
$signed_data = "(request-target): get " . $path . "\ndate: ". $date . "\nhost: " . $host; $signed_data = "(request-target): get " . $path . "\ndate: ". $date . "\nhost: " . $host;
$signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256')); $signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256'));
$headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"'; $header[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"';
} }
if (!empty($opts['accept_content'])) { if (!empty($opts['accept_content'])) {
$headers[] = 'Accept: ' . $opts['accept_content']; $header[] = 'Accept: ' . $opts['accept_content'];
} }
$curl_opts = $opts; $curl_opts = $opts;
$curl_opts['header'] = $headers; $curl_opts['header'] = $header;
if ($opts['nobody']) { if ($opts['nobody']) {
$curlResult = DI::httpRequest()->head($request, $curl_opts); $curlResult = DI::httpRequest()->head($request, $curl_opts);