On Tue, Jun 10, 2014 at 11:50 AM, Ferenc Kovacs <[email protected]> wrote: > Commit: 399ecb7fbc24279b0b04b887c99ef08397358e1b > Author: kovacs.ferenc <[email protected]> Tue, 10 Jun 2014 > 20:50:50 +0200 > Parents: acbafe16189ee1b8ab8bd1ef061f13456880ebcd > Branches: master > > Link: > http://git.php.net/?p=web/master.git;a=commitdiff;h=399ecb7fbc24279b0b04b887c99ef08397358e1b > > Log: > fix the signature verification > > Changed paths: > M github-webhook.php > > > Diff: > diff --git a/github-webhook.php b/github-webhook.php > index 70f15e8..8b57684 100644 > --- a/github-webhook.php > +++ b/github-webhook.php > @@ -6,18 +6,19 @@ $config = array( > 'pecl-' => '[email protected]', > ), > ); > -if ( > - !isset($_SERVER['HTTP_X_HUB_SIGNATURE'], > $_SERVER['HTTP_X_GITHUB_EVENT']) > - && $_SERVER['HTTP_X_HUB_SIGNATURE'] !== > 'sha1=e2a3e7a586aa08d7c9d3c73482e618164c7c75b1' > -) { > + > +$body = file_get_contents("php://input"); > + > +if (!verify_signature($body)) { > header('HTTP/1.1 403 Forbidden'); > exit; > } > + > switch ($_SERVER['HTTP_X_GITHUB_EVENT']) { > case 'ping': > break; > case 'pull_request': > - $payload = json_decode(file_get_contents("php://input")); > + $payload = json_decode($body);
There is already a $body variable used here few lines below... Maybe picka different name? -Hannes -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
