From 8ad0a300b95798bb62412e1d5d2e3e0f175e288f Mon Sep 17 00:00:00 2001
From: Maxence Lange <maxence@artificial-owl.com>
Date: Sun, 12 Jun 2022 11:02:53 -0100
Subject: [PATCH] confirmKey must be uuid

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
---
 lib/Service/RemoteStreamService.php |  2 +-
 lib/Tools/Traits/TStringTools.php   | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/Service/RemoteStreamService.php b/lib/Service/RemoteStreamService.php
index 8ff9232dd..4f1fa6646 100644
--- a/lib/Service/RemoteStreamService.php
+++ b/lib/Service/RemoteStreamService.php
@@ -133,7 +133,7 @@ public function getAppSignatory(bool $generate = true, string $confirmKey = ''):
 		$this->fillSimpleSignatory($app, $generate);
 		$app->setUidFromKey();
 
-		if ($confirmKey !== '') {
+		if ($this->isUuid($confirmKey)) {
 			$app->setAuthSigned($this->signString($confirmKey, $app));
 		}
 
diff --git a/lib/Tools/Traits/TStringTools.php b/lib/Tools/Traits/TStringTools.php
index 38641caa5..b9a96f2fe 100644
--- a/lib/Tools/Traits/TStringTools.php
+++ b/lib/Tools/Traits/TStringTools.php
@@ -85,6 +85,19 @@ protected function uuid(int $length = 0): string {
 	}
 
 
+	/**
+	 * @param string $uuid
+	 *
+	 * @return bool
+	 */
+	protected function isUuid(string $uuid): bool {
+		if ($uuid === '') {
+			return false;
+		}
+
+		return (preg_match('/^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i', $uuid) === 1);
+	}
+
 	/**
 	 * @param string $line
 	 * @param int $length