From 0951a50bcd4ddb846fb8a66cdafae5ca834daf6f Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Tue, 15 Dec 2020 09:41:58 -0500
Subject: [PATCH] Add item user owner data check in Model\Item::isValid

- Prevents deleted users from posting any item, manually or automatically through mirroring
---
 src/Model/Item.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/Model/Item.php b/src/Model/Item.php
index dec3716d01..cd5c2b169c 100644
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -1385,6 +1385,19 @@ class Item
 			return false;
 		}
 
+		if (!empty($item['uid'])) {
+			$owner = User::getOwnerDataById($item['uid'], false);
+			if (!$owner) {
+				Logger::notice('Missing item user owner data', ['uid' => $item['uid']]);
+				return false;
+			}
+
+			if ($owner['deleted'] || $owner['account_expired'] || $owner['account_removed']) {
+				Logger::notice('Item user has been deleted/expired/removed', ['uid' => $item['uid'], 'deleted' => $owner['deleted'], 'account_expired' => $owner['account_expired'], 'account_removed' => $owner['account_removed']]);
+				return false;
+			}
+		}
+
 		if (!empty($item['author-id']) && Contact::isBlocked($item['author-id'])) {
 			Logger::notice('Author is blocked node-wide', ['author-link' => $item['author-link'], 'item-uri' => $item['uri']]);
 			return false;