Commit: 399ecb7fbc24279b0b04b887c99ef08397358e1b Author: kovacs.ferenc <[email protected]> Tue, 10 Jun 2014 20:50:50 +0200 Parents: acbafe16189ee1b8ab8bd1ef061f13456880ebcd Branches: master
Link: http://git.php.net/?p=web/master.git;a=commitdiff;h=399ecb7fbc24279b0b04b887c99ef08397358e1b Log: fix the signature verification Changed paths: M github-webhook.php Diff: diff --git a/github-webhook.php b/github-webhook.php index 70f15e8..8b57684 100644 --- a/github-webhook.php +++ b/github-webhook.php @@ -6,18 +6,19 @@ $config = array( 'pecl-' => '[email protected]', ), ); -if ( - !isset($_SERVER['HTTP_X_HUB_SIGNATURE'], $_SERVER['HTTP_X_GITHUB_EVENT']) - && $_SERVER['HTTP_X_HUB_SIGNATURE'] !== 'sha1=e2a3e7a586aa08d7c9d3c73482e618164c7c75b1' -) { + +$body = file_get_contents("php://input"); + +if (!verify_signature($body)) { header('HTTP/1.1 403 Forbidden'); exit; } + switch ($_SERVER['HTTP_X_GITHUB_EVENT']) { case 'ping': break; case 'pull_request': - $payload = json_decode(file_get_contents("php://input")); + $payload = json_decode($body); $action = $payload->action; $PRNumber = $payload->number; $PR = $payload->pull_request; @@ -50,4 +51,14 @@ switch ($_SERVER['HTTP_X_GITHUB_EVENT']) { break; default: header('HTTP/1.1 501 Not Implemented'); +} + +function verify_signature($requestBody) { + if(isset($_SERVER['HTTP_X_HUB_SIGNATURE'])){ + $parts = explode("=", $_SERVER['HTTP_X_HUB_SIGNATURE'], 1); + if (count($parts) == 2) { + return hash_hmac($parts[0], $requestBody, getenv('GITHUB_SECRET')) === $parts[1]; + } + } + return false; } \ No newline at end of file -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
