Merge pull request #13921 from annando/content-type

Check for activity pub mime types
This commit is contained in:
Hypolite Petovan 2024-02-19 05:57:47 -05:00 committed by GitHub
commit bb7d25dfc9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 5 deletions

View File

@ -208,6 +208,9 @@ class APContact
if (!$failed && ($curlResult->getReturnCode() == 410)) {
$data = ['@context' => ActivityPub::CONTEXT, 'id' => $url, 'type' => 'Tombstone'];
} elseif (!$failed && !HTTPSignature::isValidContentType($curlResult->getContentType())) {
Logger::debug('Unexpected content type', ['content-type' => $curlResult->getContentType(), 'url' => $url]);
$failed = true;
}
} catch (\Exception $exception) {
Logger::notice('Error fetching url', ['url' => $url, 'exception' => $exception]);

View File

@ -1610,11 +1610,6 @@ class Processor
}
if (empty($object) || !is_array($object)) {
$element = explode(';', $curlResult->getContentType());
if (!in_array($element[0], ['application/activity+json', 'application/ld+json', 'application/json'])) {
Logger::debug('Unexpected content-type', ['url' => $url, 'content-type' => $curlResult->getContentType()]);
return null;
}
Logger::notice('Invalid JSON data', ['url' => $url, 'content-type' => $curlResult->getContentType(), 'body' => $body]);
return '';
}
@ -1623,6 +1618,11 @@ class Processor
return '';
}
if (!HTTPSignature::isValidContentType($curlResult->getContentType())) {
Logger::notice('Unexpected content type', ['content-type' => $curlResult->getContentType(), 'url' => $url]);
return '';
}
$ldobject = JsonLD::compact($object);
$signer = [];

View File

@ -443,9 +443,25 @@ class HTTPSignature
return [];
}
if (!self::isValidContentType($curlResult->getContentType())) {
Logger::notice('Unexpected content type', ['content-type' => $curlResult->getContentType(), 'url' => $request]);
return [];
}
return $content;
}
/**
* Check if the provided content type is a valid LD JSON mime type
*
* @param string $contentType
* @return boolean
*/
public static function isValidContentType(string $contentType): bool
{
return in_array(current(explode(';', $contentType)), ['application/activity+json', 'application/ld+json']);
}
/**
* Fetches raw data for a user
*