keith
/
friendica
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IMproved handling of untrusted posts

This commit is contained in:
Michael 2022-07-24 21:58:09 +00:00
parent 5ab94ea921
commit b546173747
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Protocol/ActivityPub/Processor.php
View File

@ -466,7 +466,7 @@ class Processor
* *
* @return boolean * @return boolean
*/ */
private static function isActivityGone(string $url): bool public static function isActivityGone(string $url): bool
{ {
$curlResult = HTTPSignature::fetchRaw($url, 0); $curlResult = HTTPSignature::fetchRaw($url, 0);
@ -1346,6 +1346,7 @@ class Processor
{ {
$uid = User::getIdForURL($activity['object_id']); $uid = User::getIdForURL($activity['object_id']);
if (empty($uid)) { if (empty($uid)) {
Queue::remove($activity);
return; return;
} }

12
src/Protocol/ActivityPub/Receiver.php
View File

@ -274,7 +274,7 @@ class Receiver
{ {
$id = JsonLD::fetchElement($activity, '@id'); $id = JsonLD::fetchElement($activity, '@id');
$object_id = JsonLD::fetchElement($activity, 'as:object', '@id'); $object_id = JsonLD::fetchElement($activity, 'as:object', '@id');
if (!empty($id) && !$trust_source) { if (!empty($id) && !$trust_source) {
$fetch_uid = $uid ?: self::getBestUserForActivity($activity); $fetch_uid = $uid ?: self::getBestUserForActivity($activity);
@ -291,7 +291,7 @@ class Receiver
Logger::info('Fetched data is the object instead of the activity', ['id' => $id]); Logger::info('Fetched data is the object instead of the activity', ['id' => $id]);
unset($object['@context']); unset($object['@context']);
$activity['as:object'] = $object; $activity['as:object'] = $object;
} }
} else { } else {
Logger::info('Activity id is not equal', ['id' => $id, 'fetched' => $fetched_id]); Logger::info('Activity id is not equal', ['id' => $id, 'fetched' => $fetched_id]);
} }
@ -371,6 +371,10 @@ class Receiver
$object_data['object_object'] = JsonLD::fetchElement($activity['as:object'], 'as:object'); $object_data['object_object'] = JsonLD::fetchElement($activity['as:object'], 'as:object');
$object_data['object_type'] = JsonLD::fetchElement($activity['as:object'], '@type'); $object_data['object_type'] = JsonLD::fetchElement($activity['as:object'], '@type');
$object_data['push'] = $push; $object_data['push'] = $push;
if ($type == 'as:Delete') {
$apcontact = APContact::getByURL($object_data['object_id'], true);
$trust_source = ($apcontact['type'] == 'Tombstone');
}
} elseif (in_array($type, ['as:Create', 'as:Update', 'as:Announce', 'as:Invite']) || strpos($type, '#emojiReaction')) { } elseif (in_array($type, ['as:Create', 'as:Update', 'as:Announce', 'as:Invite']) || strpos($type, '#emojiReaction')) {
// Fetch the content only on activities where this matters // Fetch the content only on activities where this matters
// We can receive "#emojiReaction" when fetching content from Hubzilla systems // We can receive "#emojiReaction" when fetching content from Hubzilla systems
@ -425,6 +429,10 @@ class Receiver
if (($type == 'as:Undo') && !empty($object_data['object_object'])) { if (($type == 'as:Undo') && !empty($object_data['object_object'])) {
$object_data['object_object_type'] = self::fetchObjectType([], $object_data['object_object'], $fetch_uid); $object_data['object_object_type'] = self::fetchObjectType([], $object_data['object_object'], $fetch_uid);
} }
if (($type == 'as:Delete') && in_array($object_data['object_type'], array_merge(['as:Tombstone'], self::CONTENT_TYPES))) {
$trust_source = Processor::isActivityGone($object_data['object_id']);
}
} }
$object_data = self::addActivityFields($object_data, $activity); $object_data = self::addActivityFields($object_data, $activity);