From eff60ed5ddca8be8ee5b5a0f9f3ea31e16460b3e Mon Sep 17 00:00:00 2001 From: Alex Kirk Date: Sun, 6 Nov 2022 16:49:53 -0700 Subject: [PATCH] Fix the signature for HTTP GET requests --- includes/class-signature.php | 6 +++--- includes/functions.php | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/includes/class-signature.php b/includes/class-signature.php index 5caf8846..f78b87dc 100644 --- a/includes/class-signature.php +++ b/includes/class-signature.php @@ -70,7 +70,7 @@ class Signature { \update_user_meta( $user_id, 'magic_sig_public_key', $detail['key'] ); } - public static function generate_signature( $user_id, $url, $date, $digest = null ) { + public static function generate_signature( $user_id, $http_method, $url, $date, $digest = null ) { $key = self::get_private_key( $user_id ); $url_parts = \wp_parse_url( $url ); @@ -89,9 +89,9 @@ class Signature { } if ( ! empty( $digest ) ) { - $signed_string = "(request-target): post $path\nhost: $host\ndate: $date\ndigest: SHA-256=$digest"; + $signed_string = "(request-target): $http_method $path\nhost: $host\ndate: $date\ndigest: SHA-256=$digest"; } else { - $signed_string = "(request-target): post $path\nhost: $host\ndate: $date"; + $signed_string = "(request-target): $http_method $path\nhost: $host\ndate: $date"; } $signature = null; diff --git a/includes/functions.php b/includes/functions.php index 1c1470f1..1b1269c8 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -35,7 +35,7 @@ function get_context() { function safe_remote_post( $url, $body, $user_id ) { $date = \gmdate( 'D, d M Y H:i:s T' ); $digest = \Activitypub\Signature::generate_digest( $body ); - $signature = \Activitypub\Signature::generate_signature( $user_id, $url, $date, $digest ); + $signature = \Activitypub\Signature::generate_signature( $user_id, 'post', $url, $date, $digest ); $wp_version = \get_bloginfo( 'version' ); $user_agent = \apply_filters( 'http_headers_useragent', 'WordPress/' . $wp_version . '; ' . \get_bloginfo( 'url' ) ); @@ -63,7 +63,7 @@ function safe_remote_post( $url, $body, $user_id ) { function safe_remote_get( $url, $user_id ) { $date = \gmdate( 'D, d M Y H:i:s T' ); - $signature = \Activitypub\Signature::generate_signature( $user_id, $url, $date ); + $signature = \Activitypub\Signature::generate_signature( $user_id, 'get', $url, $date ); $wp_version = \get_bloginfo( 'version' ); $user_agent = \apply_filters( 'http_headers_useragent', 'WordPress/' . $wp_version . '; ' . \get_bloginfo( 'url' ) );