mirror of https://gitlab.com/bashrc2/epicyon
Extra actor validation
parent
9dea2a8d2a
commit
13d3159262
10
inbox.py
10
inbox.py
|
@ -18,6 +18,7 @@ from languages import understood_post_language
|
||||||
from like import update_likes_collection
|
from like import update_likes_collection
|
||||||
from reaction import update_reaction_collection
|
from reaction import update_reaction_collection
|
||||||
from reaction import valid_emoji_content
|
from reaction import valid_emoji_content
|
||||||
|
from utils import contains_invalid_actor_url_chars
|
||||||
from utils import is_quote_toot
|
from utils import is_quote_toot
|
||||||
from utils import acct_handle_dir
|
from utils import acct_handle_dir
|
||||||
from utils import is_account_dir
|
from utils import is_account_dir
|
||||||
|
@ -2756,14 +2757,17 @@ def _receive_announce(recent_posts_cache: {},
|
||||||
# so that their avatar can be shown
|
# so that their avatar can be shown
|
||||||
lookup_actor = None
|
lookup_actor = None
|
||||||
if post_json_object.get('attributedTo'):
|
if post_json_object.get('attributedTo'):
|
||||||
if isinstance(post_json_object['attributedTo'], str):
|
attrib = post_json_object['attributedTo']
|
||||||
lookup_actor = post_json_object['attributedTo']
|
if isinstance(attrib, str):
|
||||||
|
if not contains_invalid_actor_url_chars(attrib):
|
||||||
|
lookup_actor = attrib
|
||||||
else:
|
else:
|
||||||
if has_object_dict(post_json_object):
|
if has_object_dict(post_json_object):
|
||||||
if post_json_object['object'].get('attributedTo'):
|
if post_json_object['object'].get('attributedTo'):
|
||||||
attrib = post_json_object['object']['attributedTo']
|
attrib = post_json_object['object']['attributedTo']
|
||||||
if isinstance(attrib, str):
|
if isinstance(attrib, str):
|
||||||
lookup_actor = attrib
|
if not contains_invalid_actor_url_chars(attrib):
|
||||||
|
lookup_actor = attrib
|
||||||
if lookup_actor:
|
if lookup_actor:
|
||||||
if has_users_path(lookup_actor):
|
if has_users_path(lookup_actor):
|
||||||
if '/statuses/' in lookup_actor:
|
if '/statuses/' in lookup_actor:
|
||||||
|
|
|
@ -15,6 +15,7 @@ from posts import outbox_message_create_wrap
|
||||||
from posts import save_post_to_box
|
from posts import save_post_to_box
|
||||||
from posts import send_to_followers_thread
|
from posts import send_to_followers_thread
|
||||||
from posts import send_to_named_addresses_thread
|
from posts import send_to_named_addresses_thread
|
||||||
|
from utils import contains_invalid_actor_url_chars
|
||||||
from utils import get_attachment_property_value
|
from utils import get_attachment_property_value
|
||||||
from utils import get_account_timezone
|
from utils import get_account_timezone
|
||||||
from utils import has_object_string_type
|
from utils import has_object_string_type
|
||||||
|
@ -321,6 +322,9 @@ def post_message_to_outbox(session, translate: {},
|
||||||
'.' not in message_json['actor']:
|
'.' not in message_json['actor']:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
if contains_invalid_actor_url_chars(message_json['actor']):
|
||||||
|
return False
|
||||||
|
|
||||||
# sent by an actor on a local network address?
|
# sent by an actor on a local network address?
|
||||||
if not allow_local_network_access:
|
if not allow_local_network_access:
|
||||||
local_network_pattern_list = get_local_network_addresses()
|
local_network_pattern_list = get_local_network_addresses()
|
||||||
|
|
Loading…
Reference in New Issue