From 2f2184cf12d12a30b713d827e08fb1a4c6f41530 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Mon, 14 Jan 2019 16:03:13 +0000
Subject: [PATCH] Date check added for HTTP signatures

---
 src/Util/HTTPSignature.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php
index 2b9e396241..32785a60aa 100644
--- a/src/Util/HTTPSignature.php
+++ b/src/Util/HTTPSignature.php
@@ -459,7 +459,14 @@ class HTTPSignature
 			}
 		}
 
-		/// @todo Check if the signed date field is in an acceptable range
+		//  Check if the signed date field is in an acceptable range
+		if (in_array('date', $sig_block['headers'])) {
+			$diff = abs(strtotime($headers['date']) - time());
+			if ($diff > 300) {
+				Logger::log("Header date '" . $headers['date'] . "' is with " . $diff . " seconds out of the 300 second frame. The signature is invalid.");
+				return false;
+			}
+		}
 
 		// Check the content-length when it is part of the signed data
 		if (in_array('content-length', $sig_block['headers'])) {
-- 
2.39.5