aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5972 from intentionally-left-nil/fix-id-domain-mismatch

Browse Source 
Fix id domain mismatch
pull/5984/head
daniel 4 months ago committed by GitHub
parent 4e938a8ffa e3b7f1d7cd
commit 2b4bccdfb1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 17 deletions
Show Stats Download Patch File Download Diff File

22
app/Util/ActivityPub/Helpers.php
Unescape Escape View File

@ -554,9 +554,7 @@ class Helpers
$idDomain = parse_url($id, PHP_URL_HOST); $idDomain = parse_url($id, PHP_URL_HOST);
$urlDomain = parse_url($url, PHP_URL_HOST); $urlDomain = parse_url($url, PHP_URL_HOST);
return $idDomain && return $idDomain && $urlDomain;
$urlDomain &&
strtolower($idDomain) === strtolower($urlDomain);
} }
/** /**
@ -586,13 +584,12 @@ class Helpers
*/ */
public static function storeStatus(string $url, Profile $profile, array $activity): Status public static function storeStatus(string $url, Profile $profile, array $activity): Status
{ {
$originalUrl = $url;
$id = self::getStatusId($activity, $url); $id = self::getStatusId($activity, $url);
$url = self::getStatusUrl($activity, $id); $url = self::getStatusUrl($activity, $id);
if ((! isset($activity['type']) || if ((! isset($activity['type']) ||
in_array($activity['type'], ['Create', 'Note'])) && in_array($activity['type'], ['Create', 'Note'])) &&
! self::validateStatusDomains($originalUrl, $id, $url)) { ! self::validateStatusDomains($id, $url)) {
throw new \Exception('Invalid status domains'); throw new \Exception('Invalid status domains');
} }
@ -647,20 +644,11 @@ class Helpers
} }
/** /**
* Validate status domain consistency * Validate the status URL and ID are valid
*/ */
public static function validateStatusDomains(string $originalUrl, string $id, string $url): bool public static function validateStatusDomains(string $id, string $url): bool
{ {
if (! self::validateUrl($id) || ! self::validateUrl($url)) { return self::validateUrl($id) && self::validateUrl($url);
return false;
}
$originalDomain = parse_url($originalUrl, PHP_URL_HOST);
$idDomain = parse_url($id, PHP_URL_HOST);
$urlDomain = parse_url($url, PHP_URL_HOST);
return strtolower($originalDomain) === strtolower($idDomain) &&
strtolower($originalDomain) === strtolower($urlDomain);
} }
/** /**

Write Preview
Loading…
Cancel
Save