]> git.mxchange.org Git - friendica.git/blobdiff - src/Module/Objects.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent settings/userexport to be used by anonymous users
[friendica.git] / src / Module / Objects.php
diff --git a/src/Module/Objects.php b/src/Module/Objects.php
index cbe2e53fe044efdee01dbba2adeea65909f1e9dd..8f1bbf2a5f7a1bb6d3f99a2e520c64d0b441a247 100644 (file)
--- a/src/Module/Objects.php
+++ b/src/Module/Objects.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2021, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -28,6 +28,7 @@ use Friendica\Database\DBA;
 use Friendica\DI;
 use Friendica\Model\Contact;
 use Friendica\Model\Item;
+use Friendica\Model\Post;
 use Friendica\Network\HTTPException;
 use Friendica\Protocol\ActivityPub;
 use Friendica\Util\HTTPSignature;
@@ -68,7 +69,7 @@ class Objects extends BaseModule
                        }
                }
 
-               $item = Item::selectFirst(['id', 'uid', 'origin', 'author-link', 'changed', 'private', 'psid', 'gravity'],
+               $item = Post::selectFirst(['id', 'uid', 'origin', 'author-link', 'changed', 'private', 'psid', 'gravity', 'deleted', 'parent-uri-id'],
                        ['uri-id' => $itemuri['id']], ['order' => ['origin' => true]]);
 
                if (!DBA::isResult($item)) {
@@ -92,8 +93,16 @@ class Objects extends BaseModule
                        }
                }
 
-               // Valid items are original post or posted from this node (including in the case of a forum)
-               if (!$validated || !$item['origin'] && (parse_url($item['author-link'], PHP_URL_HOST) != parse_url(DI::baseUrl()->get(), PHP_URL_HOST))) {
+               if ($validated) {
+                       // Valid items are original post or posted from this node (including in the case of a forum)
+                       $validated = ($item['origin'] || (parse_url($item['author-link'], PHP_URL_HOST) == parse_url(DI::baseUrl()->get(), PHP_URL_HOST)));
+
+                       if (!$validated && $item['deleted']) {
+                               $validated = Post::exists(['origin' => true, 'uri-id' => $item['parent-uri-id']]);
+                       }
+               }
+
+               if (!$validated) {
                        throw new HTTPException\NotFoundException();
                }
 
Unnamed repository; edit this file 'description' to name the repository.