indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Extra actor validation

main
Bob Mottram 2022-12-26 11:25:51 +00:00
parent 9dea2a8d2a
commit 13d3159262
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
inbox.py
View File

@ -18,6 +18,7 @@ from languages import understood_post_language
from like import update_likes_collection from like import update_likes_collection
from reaction import update_reaction_collection from reaction import update_reaction_collection
from reaction import valid_emoji_content from reaction import valid_emoji_content
from utils import contains_invalid_actor_url_chars
from utils import is_quote_toot from utils import is_quote_toot
from utils import acct_handle_dir from utils import acct_handle_dir
from utils import is_account_dir from utils import is_account_dir
@ -2756,13 +2757,16 @@ def _receive_announce(recent_posts_cache: {},
# so that their avatar can be shown # so that their avatar can be shown
lookup_actor = None lookup_actor = None
if post_json_object.get('attributedTo'): if post_json_object.get('attributedTo'):
if isinstance(post_json_object['attributedTo'], str): attrib = post_json_object['attributedTo']
lookup_actor = post_json_object['attributedTo'] if isinstance(attrib, str):
if not contains_invalid_actor_url_chars(attrib):
lookup_actor = attrib
else: else:
if has_object_dict(post_json_object): if has_object_dict(post_json_object):
if post_json_object['object'].get('attributedTo'): if post_json_object['object'].get('attributedTo'):
attrib = post_json_object['object']['attributedTo'] attrib = post_json_object['object']['attributedTo']
if isinstance(attrib, str): if isinstance(attrib, str):
if not contains_invalid_actor_url_chars(attrib):
lookup_actor = attrib lookup_actor = attrib
if lookup_actor: if lookup_actor:
if has_users_path(lookup_actor): if has_users_path(lookup_actor):

4
outbox.py
View File

@ -15,6 +15,7 @@ from posts import outbox_message_create_wrap
from posts import save_post_to_box from posts import save_post_to_box
from posts import send_to_followers_thread from posts import send_to_followers_thread
from posts import send_to_named_addresses_thread from posts import send_to_named_addresses_thread
from utils import contains_invalid_actor_url_chars
from utils import get_attachment_property_value from utils import get_attachment_property_value
from utils import get_account_timezone from utils import get_account_timezone
from utils import has_object_string_type from utils import has_object_string_type
@ -321,6 +322,9 @@ def post_message_to_outbox(session, translate: {},
'.' not in message_json['actor']: '.' not in message_json['actor']:
return False return False
if contains_invalid_actor_url_chars(message_json['actor']):
return False
# sent by an actor on a local network address? # sent by an actor on a local network address?
if not allow_local_network_access: if not allow_local_network_access:
local_network_pattern_list = get_local_network_addresses() local_network_pattern_list = get_local_network_addresses()