Commit aaef1107 authored by mmn's avatar mmn

Default of Magicsig keypair toString should be secure

Prevent crappy coders from leaking private keys.
parent 629cbede
......@@ -1349,7 +1349,7 @@ class OStatusPlugin extends Plugin
if ($magicsig instanceof Magicsig) {
$xrd->links[] = new XML_XRD_Element_Link(Magicsig::PUBLICKEYREL,
'data:application/magic-public-key,'. $magicsig->toString(false));
'data:application/magic-public-key,'. $magicsig->toString());
// TODO - finalize where the redirect should go on the publisher
......@@ -169,10 +169,10 @@ class Magicsig extends Managed_DataObject
* Encode the keypair or public key as a string.
* @param boolean $full_pair set to false to leave out the private key.
* @param boolean $full_pair set to true to include the private key.
* @return string
public function toString($full_pair = true)
public function toString($full_pair=false)
$mod = Magicsig::base64_url_encode($this->publicKey->modulus->toBytes());
$exp = Magicsig::base64_url_encode($this->publicKey->exponent->toBytes());
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment