XSS vulnerability when remote-subscribing

[quix0rs-gnu-social.git] / plugins / OStatus / tests / slap.php

diff --git a/plugins/OStatus/tests/slap.php b/plugins/OStatus/tests/slap.php
old mode 100644 (file)
new mode 100755 (executable)
index b5f9d3e..e3f5439
--- a/plugins/OStatus/tests/slap.php
+++ b/plugins/OStatus/tests/slap.php
@@ -43,7 +43,7 @@ if (!have_option('--notice')) {
 
 $notice_id = get_option_value('--notice');
 
-$notice = Notice::staticGet('id', $notice_id);
+$notice = Notice::getKV('id', $notice_id);
 $profile = $notice->getProfile();
 $entry = $notice->asAtomEntry(true);
 
@@ -51,15 +51,18 @@ echo "== Original entry ==\n\n";
 print $entry;
 print "\n\n";
 
-$salmon = new Salmon();
-$envelope = $salmon->createMagicEnv($entry, $profile);
+$magic_env = MagicEnvelope::signAsUser($entry, $profile->getUser());
+$envxml = $magic_env->toXML();
 
 echo "== Signed envelope ==\n\n";
-print $envelope;
+print $envxml;
 print "\n\n";
 
 echo "== Testing local verification ==\n\n";
-$ok = $salmon->verifyMagicEnv($envelope);
+$magic_env = new MagicEnvelope($envxml);
+$activity = new Activity($magic_env->getPayload()->documentElement);
+$actprofile = Profile::fromUri($activity->actor->id);
+$ok = $magic_env->verify($actprofile);
 if ($ok) {
     print "OK\n\n";
 } else {
@@ -72,7 +75,7 @@ if (have_option('--verify')) {
     print "Sending for verification to $url ...\n";
 
     $client = new HTTPClient();
-    $response = $client->post($url, array(), array('magic_env' => $envelope));
+    $response = $client->post($url, array(), array('magic_env' => $envxml));
 
     print $response->getStatus() . "\n\n";
     print $response->getBody() . "\n\n";
@@ -83,7 +86,7 @@ if (have_option('--slap')) {
     echo "== Remote salmon slap ==\n\n";
     print "Sending signed Salmon slap to $url ...\n";
 
-    $ok = $salmon->post($url, $entry, $profile);
+    $ok = Salmon::post($url, $entry, $profile->getUser());
     if ($ok) {
         print "OK\n\n";
     } else {