Issue 10262: Don't accept BCC posts from non followers

[friendica.git] / src / Protocol / ActivityPub / Processor.php

diff --git a/src/Protocol/ActivityPub/Processor.php b/src/Protocol/ActivityPub/Processor.php
index e36e2e7038778602adab9543cf7d013a60d67b61..aba285c1800e941029d0deaaa2449e610e7477d7 100644 (file)
--- a/src/Protocol/ActivityPub/Processor.php
+++ b/src/Protocol/ActivityPub/Processor.php
@@ -21,7 +21,6 @@
 
 namespace Friendica\Protocol\ActivityPub;
 
-use Friendica\Content\PageInfo;
 use Friendica\Content\Text\BBCode;
 use Friendica\Content\Text\HTML;
 use Friendica\Content\Text\Markdown;
@@ -464,6 +463,7 @@ class Processor
                if (!empty($activity['source'])) {
                        $item['body'] = $activity['source'];
                        $item['raw-body'] = $content;
+                       $item['body'] = Item::improveSharedDataInBody($item);
                } else {
                        if (empty($activity['directmessage']) && ($item['thr-parent'] != $item['uri']) && ($item['gravity'] == GRAVITY_COMMENT)) {
                                $item_private = !in_array(0, $activity['item_receiver']);
@@ -602,6 +602,12 @@ class Processor
                                continue;
                        }
 
+                       if (!$item['isForum'] && ($receiver != 0) && ($item['gravity'] == GRAVITY_PARENT) &&
+                               ($item['post-reason'] == Item::PR_BCC) && !Contact::isSharingByURL($activity['author'], $receiver)) {
+                               Logger::info('Top level post via BCC from a non follower, ignoring', ['uid' => $receiver, 'contact' => $item['contact-id']]);
+                               continue;
+                       }
+
                        if (DI::pConfig()->get($receiver, 'system', 'accept_only_sharer', false) && ($receiver != 0) && ($item['gravity'] == GRAVITY_PARENT)) {
                                $skip = !Contact::isSharingByURL($activity['author'], $receiver);