Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor EncryptionChannelSend and EncryptionChannelManager to remove UUID and checksum validation, and add timestamp range check

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/18
This commit is contained in:
netkas 2025-03-08 00:44:44 -05:00
parent 4e79783617
commit 4f35485005
3 changed files with 32 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/Socialbox/Managers/EncryptionChannelManager.php
View file

@ -527,10 +527,29 @@
throw new InvalidArgumentException('Invalid UUID V4 of the message');
}
if(!Validator::validateUuid($channelUuid))
{
throw new InvalidArgumentException('Invalid UUID V4 of the channel');
}
if(!Cryptography::validateSha512($checksum))
{
throw new InvalidArgumentException('Invalid checksum, must be SHA512');
}
if(empty($data))
{
throw new InvalidArgumentException('Data cannot be empty');
}
if($messageTimestamp === null)
{
$messageTimestamp = time();
}
elseif(!Validator::isTimestampInRange($messageTimestamp, 3600))
{
throw new InvalidArgumentException('Invalid timestamp, must be within 1 hour');
}
$currentMessageCount = self::getMessageCount($channelUuid);
if($currentMessageCount > Configuration::getPoliciesConfiguration()->getEncryptionChannelMaxMessages())