From dc8e1e0f3e5fe4edf4bd65d89bd165f47a25888b Mon Sep 17 00:00:00 2001 From: Django Doucet Date: Fri, 5 May 2023 23:50:49 -0600 Subject: [PATCH] fix request-target route, remove $actor from verify_http_signature --- includes/class-signature.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/includes/class-signature.php b/includes/class-signature.php index 7310e3a..2a4ea53 100644 --- a/includes/class-signature.php +++ b/includes/class-signature.php @@ -134,13 +134,11 @@ class Signature { public static function verify_http_signature( $request ) { if ( is_object( $request ) ) { // REST Request object $headers = $request->get_headers(); - $actor = isset( json_decode( $request->get_body() )->actor ) ? json_decode( $request->get_body() )->actor : ''; - $headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /wp-json' . $request->get_route(); + $headers['(request-target)'][0] = strtolower( $request->get_method() ) . ' /' . rest_get_url_prefix() . $request->get_route(); } else { $request = self::format_server_request( $request ); $headers = $request['headers']; // $_SERVER array $headers['(request-target)'][0] = strtolower( $headers['request_method'][0] ) . ' ' . $headers['request_uri'][0]; - $actor = ''; } if ( ! isset( $headers['signature'] ) ) {