XSS vulnerability when remote-subscribing

[quix0rs-gnu-social.git] / plugins / OStatus / tests / slap.php

diff --git a/plugins/OStatus/tests/slap.php b/plugins/OStatus/tests/slap.php
old mode 100644 (file)
new mode 100755 (executable)
index 99fb6c6..e3f5439
--- a/plugins/OStatus/tests/slap.php
+++ b/plugins/OStatus/tests/slap.php
@@ -51,7 +51,7 @@ echo "== Original entry ==\n\n";
 print $entry;
 print "\n\n";
 
-$magic_env = MagicEnvelope::signForProfile($entry, $profile);
+$magic_env = MagicEnvelope::signAsUser($entry, $profile->getUser());
 $envxml = $magic_env->toXML();
 
 echo "== Signed envelope ==\n\n";
@@ -60,7 +60,9 @@ print "\n\n";
 
 echo "== Testing local verification ==\n\n";
 $magic_env = new MagicEnvelope($envxml);
-$ok = $magic_env->verify();
+$activity = new Activity($magic_env->getPayload()->documentElement);
+$actprofile = Profile::fromUri($activity->actor->id);
+$ok = $magic_env->verify($actprofile);
 if ($ok) {
     print "OK\n\n";
 } else {
@@ -84,7 +86,7 @@ if (have_option('--slap')) {
     echo "== Remote salmon slap ==\n\n";
     print "Sending signed Salmon slap to $url ...\n";
 
-    $ok = $salmon->post($url, $entry, $profile);
+    $ok = Salmon::post($url, $entry, $profile->getUser());
     if ($ok) {
         print "OK\n\n";
     } else {