indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Check that replyTo field is a string

merge-requests/30/head
Bob Mottram 2020-08-28 15:45:07 +01:00
parent 10a21e797b
commit 41607d1542
4 changed files with 29 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
inbox.py
View File

@ -272,6 +272,8 @@ def inboxPermittedMessage(domain: str, messageJson: {},
return False
if messageJson['object'].get('inReplyTo'):
inReplyTo = messageJson['object']['inReplyTo']
if not isinstance(inReplyTo, str):
return False
if not urlPermitted(inReplyTo, federationList, "inbox:write"):
return False
@ -1596,6 +1598,8 @@ def populateReplies(baseDir: str, httpPrefix: str, domain: str,
if not messageJson['object'].get('to'):
return False
replyTo = messageJson['object']['inReplyTo']
if not isinstance(replyTo, str):
return False
if debug:
print('DEBUG: post contains a reply')
# is this a reply to a post on this domain?
@ -1760,6 +1764,9 @@ def obtainAvatarForReplyPost(session, baseDir: str, httpPrefix: str,
if not lookupActor:
return
if not isinstance(lookupActor, str):
return
if not ('/users/' in lookupActor or
'/accounts/' in lookupActor or
'/channel/' in lookupActor or

33
posts.py
View File

@ -388,15 +388,16 @@ def getPosts(session, outboxUrl: str, maxPosts: int,
inReplyTo = ''
if item['object'].get('inReplyTo'):
if item['object']['inReplyTo']:
# No replies to non-permitted domains
if not urlPermitted(item['object']['inReplyTo'],
federationList,
"objects:read"):
if debug:
print('url not permitted ' +
item['object']['inReplyTo'])
continue
inReplyTo = item['object']['inReplyTo']
if isinstance(item['object']['inReplyTo'], str):
# No replies to non-permitted domains
if not urlPermitted(item['object']['inReplyTo'],
federationList,
"objects:read"):
if debug:
print('url not permitted ' +
item['object']['inReplyTo'])
continue
inReplyTo = item['object']['inReplyTo']
conversation = ''
if item['object'].get('conversation'):
@ -483,10 +484,11 @@ def getPostDomains(session, outboxUrl: str, maxPosts: int,
if not isinstance(item['object'], dict):
continue
if item['object'].get('inReplyTo'):
postDomain, postPort = \
getDomainFromActor(item['object']['inReplyTo'])
if postDomain not in postDomains:
postDomains.append(postDomain)
if isinstance(item['object']['inReplyTo'], str):
postDomain, postPort = \
getDomainFromActor(item['object']['inReplyTo'])
if postDomain not in postDomains:
postDomains.append(postDomain)
if item['object'].get('tag'):
for tagItem in item['object']['tag']:
@ -2675,8 +2677,9 @@ def isReply(postJsonObject: {}, actor: str) -> bool:
postJsonObject['object']['type'] != 'Article':
return False
if postJsonObject['object'].get('inReplyTo'):
if postJsonObject['object']['inReplyTo'].startswith(actor):
return True
if isinstance(postJsonObject['object']['inReplyTo'], str):
if postJsonObject['object']['inReplyTo'].startswith(actor):
return True
if not postJsonObject['object'].get('tag'):
return False
if not isinstance(postJsonObject['object']['tag'], list):

2
question.py
View File

@ -25,6 +25,8 @@ def questionUpdateVotes(baseDir: str, nickname: str, domain: str,
return None
if not replyJson['object']['inReplyTo']:
return None
if not isinstance(replyJson['object']['inReplyTo'], str):
return None
if not replyJson['object'].get('name'):
return None
inReplyTo = replyJson['object']['inReplyTo']

2
utils.py
View File

@ -473,6 +473,8 @@ def isReplyToBlogPost(baseDir: str, nickname: str, domain: str,
return False
if not postJsonObject['object'].get('inReplyTo'):
return False
if not isinstance(postJsonObject['object']['inReplyTo'], str):
return False
blogsIndexFilename = baseDir + '/accounts/' + \
nickname + '@' + domain + '/tlblogs.index'
if not os.path.isfile(blogsIndexFilename):