From 8c17a6b4d9cc31b7b89f2a1a39cfa99812978283 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Tue, 15 Dec 2020 09:41:10 -0500
Subject: [PATCH 1/3] Rename Model\User::getOwnerDataById parameter to better
 reflect intent

---
 src/Model/User.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/Model/User.php b/src/Model/User.php
index bcd555a0e..d3f3dfd1a 100644
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -370,12 +370,12 @@ class User
 	/**
 	 * Get owner data by user id
 	 *
-	 * @param int $uid
-	 * @param boolean $check_valid Test if data is invalid and correct it
+	 * @param int     $uid
+	 * @param boolean $repairMissing Repair the owner data if it's missing
 	 * @return boolean|array
 	 * @throws Exception
 	 */
-	public static function getOwnerDataById(int $uid, bool $check_valid = true)
+	public static function getOwnerDataById(int $uid, bool $repairMissing = true)
 	{
 		if ($uid == 0) {
 			return self::getSystemAccount();
@@ -387,7 +387,7 @@ class User
 
 		$owner = DBA::selectFirst('owner-view', [], ['uid' => $uid]);
 		if (!DBA::isResult($owner)) {
-			if (!DBA::exists('user', ['uid' => $uid]) || !$check_valid) {
+			if (!DBA::exists('user', ['uid' => $uid]) || !$repairMissing) {
 				return false;
 			}
 			Contact::createSelfFromUserId($uid);
@@ -398,7 +398,7 @@ class User
 			return false;
 		}
 
-		if (!$check_valid) {
+		if (!$repairMissing) {
 			return $owner;
 		}
 

From 0951a50bcd4ddb846fb8a66cdafae5ca834daf6f Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Tue, 15 Dec 2020 09:41:58 -0500
Subject: [PATCH 2/3] Add item user owner data check in Model\Item::isValid

- Prevents deleted users from posting any item, manually or automatically through mirroring
---
 src/Model/Item.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/Model/Item.php b/src/Model/Item.php
index dec3716d0..cd5c2b169 100644
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -1385,6 +1385,19 @@ class Item
 			return false;
 		}
 
+		if (!empty($item['uid'])) {
+			$owner = User::getOwnerDataById($item['uid'], false);
+			if (!$owner) {
+				Logger::notice('Missing item user owner data', ['uid' => $item['uid']]);
+				return false;
+			}
+
+			if ($owner['deleted'] || $owner['account_expired'] || $owner['account_removed']) {
+				Logger::notice('Item user has been deleted/expired/removed', ['uid' => $item['uid'], 'deleted' => $owner['deleted'], 'account_expired' => $owner['account_expired'], 'account_removed' => $owner['account_removed']]);
+				return false;
+			}
+		}
+
 		if (!empty($item['author-id']) && Contact::isBlocked($item['author-id'])) {
 			Logger::notice('Author is blocked node-wide', ['author-link' => $item['author-link'], 'item-uri' => $item['uri']]);
 			return false;

From 6d3864a16b3d841144c49c1963e7e79610078785 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Tue, 15 Dec 2020 14:24:42 -0500
Subject: [PATCH 3/3] Remove owner.deleted check in user deletion check in
 Model/Item

---
 src/Model/Item.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Model/Item.php b/src/Model/Item.php
index cd5c2b169..75c3d0838 100644
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -1392,7 +1392,7 @@ class Item
 				return false;
 			}
 
-			if ($owner['deleted'] || $owner['account_expired'] || $owner['account_removed']) {
+			if ($owner['account_expired'] || $owner['account_removed']) {
 				Logger::notice('Item user has been deleted/expired/removed', ['uid' => $item['uid'], 'deleted' => $owner['deleted'], 'account_expired' => $owner['account_expired'], 'account_removed' => $owner['account_removed']]);
 				return false;
 			}