fedi privacy - reject incoming out-of-scope posts addressed to private/unresolvable accounts & not addressed to any local users
parent
e496fd473f
commit
a4b7b5c132
|
@ -52,12 +52,15 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
|
||||||
@tags = []
|
@tags = []
|
||||||
@mentions = []
|
@mentions = []
|
||||||
@params = {}
|
@params = {}
|
||||||
|
@potential_scope_leak = false
|
||||||
|
|
||||||
process_status_params
|
process_status_params
|
||||||
return reject_payload! if twitter_retweet? || recipient_rejects_replies?
|
return reject_payload! if twitter_retweet? || recipient_rejects_replies?
|
||||||
process_tags
|
process_tags
|
||||||
process_audience
|
process_audience
|
||||||
|
|
||||||
|
return reject_payload! if potential_scope_leak?
|
||||||
|
|
||||||
@params[:visibility] = :unlisted if @params[:visibility] == :public && @account.force_unlisted?
|
@params[:visibility] = :unlisted if @params[:visibility] == :public && @account.force_unlisted?
|
||||||
@params[:sensitive] = true if @account.force_sensitive?
|
@params[:sensitive] = true if @account.force_sensitive?
|
||||||
|
|
||||||
|
@ -197,6 +200,10 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def potential_scope_leak?
|
||||||
|
@potential_scope_leak && @mentions.blank?
|
||||||
|
end
|
||||||
|
|
||||||
def process_hashtag(tag)
|
def process_hashtag(tag)
|
||||||
return if tag['name'].blank?
|
return if tag['name'].blank?
|
||||||
|
|
||||||
|
@ -222,7 +229,10 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
|
||||||
account = account_from_uri(tag['href'])
|
account = account_from_uri(tag['href'])
|
||||||
account = ::FetchRemoteAccountService.new.call(tag['href']) if account.nil?
|
account = ::FetchRemoteAccountService.new.call(tag['href']) if account.nil?
|
||||||
|
|
||||||
return if account.nil?
|
if account.nil?
|
||||||
|
@potential_scope_leak = true
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
@mentions << Mention.new(account: account, silent: false)
|
@mentions << Mention.new(account: account, silent: false)
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue