Extra actor validation

main
Bob Mottram 2022-12-26 11:25:51 +00:00
parent 9dea2a8d2a
commit 13d3159262
2 changed files with 11 additions and 3 deletions

View File

@ -18,6 +18,7 @@ from languages import understood_post_language
from like import update_likes_collection
from reaction import update_reaction_collection
from reaction import valid_emoji_content
from utils import contains_invalid_actor_url_chars
from utils import is_quote_toot
from utils import acct_handle_dir
from utils import is_account_dir
@ -2756,14 +2757,17 @@ def _receive_announce(recent_posts_cache: {},
# so that their avatar can be shown
lookup_actor = None
if post_json_object.get('attributedTo'):
if isinstance(post_json_object['attributedTo'], str):
lookup_actor = post_json_object['attributedTo']
attrib = post_json_object['attributedTo']
if isinstance(attrib, str):
if not contains_invalid_actor_url_chars(attrib):
lookup_actor = attrib
else:
if has_object_dict(post_json_object):
if post_json_object['object'].get('attributedTo'):
attrib = post_json_object['object']['attributedTo']
if isinstance(attrib, str):
lookup_actor = attrib
if not contains_invalid_actor_url_chars(attrib):
lookup_actor = attrib
if lookup_actor:
if has_users_path(lookup_actor):
if '/statuses/' in lookup_actor:

View File

@ -15,6 +15,7 @@ from posts import outbox_message_create_wrap
from posts import save_post_to_box
from posts import send_to_followers_thread
from posts import send_to_named_addresses_thread
from utils import contains_invalid_actor_url_chars
from utils import get_attachment_property_value
from utils import get_account_timezone
from utils import has_object_string_type
@ -321,6 +322,9 @@ def post_message_to_outbox(session, translate: {},
'.' not in message_json['actor']:
return False
if contains_invalid_actor_url_chars(message_json['actor']):
return False
# sent by an actor on a local network address?
if not allow_local_network_access:
local_network_pattern_list = get_local_network_addresses()