friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

IMproved handling of untrusted posts

This commit is contained in:
Michael 2022-07-24 21:58:09 +00:00
parent 5ab94ea921
commit b546173747
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Protocol/ActivityPub/Processor.php
View File

@ -466,7 +466,7 @@ class Processor
*
* @return boolean
*/
private static function isActivityGone(string $url): bool
public static function isActivityGone(string $url): bool
{
$curlResult = HTTPSignature::fetchRaw($url, 0);
@ -1346,6 +1346,7 @@ class Processor
{
$uid = User::getIdForURL($activity['object_id']);
if (empty($uid)) {
Queue::remove($activity);
return;
}

12
src/Protocol/ActivityPub/Receiver.php
View File

@ -274,7 +274,7 @@ class Receiver
{
$id = JsonLD::fetchElement($activity, '@id');
$object_id = JsonLD::fetchElement($activity, 'as:object', '@id');
if (!empty($id) && !$trust_source) {
$fetch_uid = $uid ?: self::getBestUserForActivity($activity);
@ -291,7 +291,7 @@ class Receiver
Logger::info('Fetched data is the object instead of the activity', ['id' => $id]);
unset($object['@context']);
$activity['as:object'] = $object;
}
}
} else {
Logger::info('Activity id is not equal', ['id' => $id, 'fetched' => $fetched_id]);
}
@ -371,6 +371,10 @@ class Receiver
$object_data['object_object'] = JsonLD::fetchElement($activity['as:object'], 'as:object');
$object_data['object_type'] = JsonLD::fetchElement($activity['as:object'], '@type');
$object_data['push'] = $push;
if ($type == 'as:Delete') {
$apcontact = APContact::getByURL($object_data['object_id'], true);
$trust_source = ($apcontact['type'] == 'Tombstone');
}
} elseif (in_array($type, ['as:Create', 'as:Update', 'as:Announce', 'as:Invite']) || strpos($type, '#emojiReaction')) {
// Fetch the content only on activities where this matters
// We can receive "#emojiReaction" when fetching content from Hubzilla systems
@ -425,6 +429,10 @@ class Receiver
if (($type == 'as:Undo') && !empty($object_data['object_object'])) {
$object_data['object_object_type'] = self::fetchObjectType([], $object_data['object_object'], $fetch_uid);
}
if (($type == 'as:Delete') && in_array($object_data['object_type'], array_merge(['as:Tombstone'], self::CONTENT_TYPES))) {
$trust_source = Processor::isActivityGone($object_data['object_id']);
}
}
$object_data = self::addActivityFields($object_data, $activity);