Merge pull request #12597 from annando/activity-distribution

Don't distribute unsigned remote activities
This commit is contained in:
Hypolite Petovan 2023-01-01 19:19:25 -05:00 committed by GitHub
commit 931ccde90d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -42,6 +42,7 @@ use Friendica\Protocol\Diaspora;
use Friendica\Protocol\Delivery; use Friendica\Protocol\Delivery;
use Friendica\Protocol\OStatus; use Friendica\Protocol\OStatus;
use Friendica\Protocol\Salmon; use Friendica\Protocol\Salmon;
use Friendica\Util\LDSignature;
use Friendica\Util\Network; use Friendica\Util\Network;
use Friendica\Util\Strings; use Friendica\Util\Strings;
@ -795,6 +796,7 @@ class Notifier
} }
Logger::info('Origin item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Origin item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
$check_signature = false;
} elseif (!Post\Activity::exists($target_item['uri-id'])) { } elseif (!Post\Activity::exists($target_item['uri-id'])) {
Logger::info('Remote item is no AP post. It will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Remote item is no AP post. It will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
return ['count' => 0, 'contacts' => []]; return ['count' => 0, 'contacts' => []];
@ -806,6 +808,7 @@ class Notifier
} }
Logger::info('Remote item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Remote item will be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
$check_signature = ($target_item['gravity'] == Item::GRAVITY_ACTIVITY);
} else { } else {
Logger::info('Remote activity will not be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Remote activity will not be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
return ['count' => 0, 'contacts' => []]; return ['count' => 0, 'contacts' => []];
@ -817,12 +820,17 @@ class Notifier
} }
// Fill the item cache // Fill the item cache
$cache = ActivityPub\Transmitter::createCachedActivityFromItem($target_item['id'], true); $activity = ActivityPub\Transmitter::createCachedActivityFromItem($target_item['id'], true);
if (empty($cache)) { if (empty($activity)) {
Logger::info('Item cache was not created. The post will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]); Logger::info('Item cache was not created. The post will not be distributed.', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
return ['count' => 0, 'contacts' => []]; return ['count' => 0, 'contacts' => []];
} }
if ($check_signature && !LDSignature::isSigned($activity)) {
Logger::info('Unsigned remote activity will not be distributed', ['id' => $target_item['id'], 'url' => $target_item['uri'], 'verb' => $target_item['verb']]);
return ['count' => 0, 'contacts' => []];
}
$delivery_queue_count = 0; $delivery_queue_count = 0;
$contacts = []; $contacts = [];