]> git.mxchange.org Git - friendica.git/blobdiff - src/Protocol/ActivityPub/Processor.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Issue 10262: Don't accept BCC posts from non followers
[friendica.git] / src / Protocol / ActivityPub / Processor.php
diff --git a/src/Protocol/ActivityPub/Processor.php b/src/Protocol/ActivityPub/Processor.php
index ecbecb9551b5b8f5ad1ece9cb95f0caa6b5ba1ad..aba285c1800e941029d0deaaa2449e610e7477d7 100644 (file)
--- a/src/Protocol/ActivityPub/Processor.php
+++ b/src/Protocol/ActivityPub/Processor.php
@@ -602,6 +602,12 @@ class Processor
                                continue;
                        }
 
+                       if (!$item['isForum'] && ($receiver != 0) && ($item['gravity'] == GRAVITY_PARENT) &&
+                               ($item['post-reason'] == Item::PR_BCC) && !Contact::isSharingByURL($activity['author'], $receiver)) {
+                               Logger::info('Top level post via BCC from a non follower, ignoring', ['uid' => $receiver, 'contact' => $item['contact-id']]);
+                               continue;
+                       }
+
                        if (DI::pConfig()->get($receiver, 'system', 'accept_only_sharer', false) && ($receiver != 0) && ($item['gravity'] == GRAVITY_PARENT)) {
                                $skip = !Contact::isSharingByURL($activity['author'], $receiver);
 
Unnamed repository; edit this file 'description' to name the repository.