friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Remove 'headers' option occurrences and add a warning if used.

This commit is contained in:
Philipp Holzer 2020-10-18 22:31:26 +02:00
parent c19f1a83ce
commit a74d88c4ee
No known key found for this signature in database
GPG Key ID: 9A28B7D4FF5667BD
4 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Model/GServer.php
View File

@ -1639,7 +1639,7 @@ class GServer
if (!empty($accesstoken)) {
$api = 'https://instances.social/api/1.0/instances/list?count=0';
$header = ['Authorization: Bearer '.$accesstoken];
$curlResult = DI::httpRequest()->get($api, ['headers' => $header]);
$curlResult = DI::httpRequest()->get($api, ['header' => $header]);
if ($curlResult->isSuccess()) {
$servers = json_decode($curlResult->getBody(), true);

12
src/Module/Magic.php
View File

@ -88,19 +88,19 @@ class Magic extends BaseModule
$exp = explode('/profile/', $contact['url']);
$basepath = $exp[0];
$headers = [];
$headers['Accept'] = 'application/x-dfrn+json, application/x-zot+json';
$headers['X-Open-Web-Auth'] = Strings::getRandomHex();
$header = [];
$header['Accept'] = 'application/x-dfrn+json, application/x-zot+json';
$header['X-Open-Web-Auth'] = Strings::getRandomHex();
// Create a header that is signed with the local users private key.
$headers = HTTPSignature::createSig(
$headers,
$header = HTTPSignature::createSig(
$header,
$user['prvkey'],
'acct:' . $user['nickname'] . '@' . DI::baseUrl()->getHostname() . (DI::baseUrl()->getUrlPath() ? '/' . DI::baseUrl()->getUrlPath() : '')
);
// Try to get an authentication token from the other instance.
$curlResult = DI::httpRequest()->get($basepath . '/owa', ['headers' => $headers]);
$curlResult = DI::httpRequest()->get($basepath . '/owa', ['header' => $header]);
if ($curlResult->isSuccess()) {
$j = json_decode($curlResult->getBody(), true);

1
src/Network/HTTPRequest.php
View File

@ -141,6 +141,7 @@ class HTTPRequest implements IHTTPRequest
curl_setopt($ch, CURLOPT_ENCODING, '');
if (!empty($opts['headers'])) {
$this->logger->warning('Wrong option \'headers\' used.');
@curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
}

10
src/Util/HTTPSignature.php
View File

@ -411,7 +411,7 @@ class HTTPSignature
*/
public static function fetchRaw($request, $uid = 0, $binary = false, $opts = [])
{
$headers = [];
$header = [];
if (!empty($uid)) {
$owner = User::getOwnerDataById($uid);
@ -431,21 +431,21 @@ class HTTPSignature
$path = parse_url($request, PHP_URL_PATH);
$date = DateTimeFormat::utcNow(DateTimeFormat::HTTP);
$headers = ['Date: ' . $date, 'Host: ' . $host];
$header = ['Date: ' . $date, 'Host: ' . $host];
$signed_data = "(request-target): get " . $path . "\ndate: ". $date . "\nhost: " . $host;
$signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256'));
$headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"';
$header[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"';
}
if (!empty($opts['accept_content'])) {
$headers[] = 'Accept: ' . $opts['accept_content'];
$header[] = 'Accept: ' . $opts['accept_content'];
}
$curl_opts = $opts;
$curl_opts['header'] = $headers;
$curl_opts['header'] = $header;
if ($opts['nobody']) {
$curlResult = DI::httpRequest()->head($request, $curl_opts);