X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FProtocol%2FActivityPub%2FReceiver.php;h=7fe1f128f496b746efbed1bd24ccf854964913d6;hb=5abc22f6c536b4fea7a5becd53561959ba0e7512;hp=c958b9d6c3c46de6bf99ee0f3069cd1eee6c2c74;hpb=cd2c7f782f31dea6eb7e82c819393ea65d611665;p=friendica.git diff --git a/src/Protocol/ActivityPub/Receiver.php b/src/Protocol/ActivityPub/Receiver.php index c958b9d6c3..7fe1f128f4 100644 --- a/src/Protocol/ActivityPub/Receiver.php +++ b/src/Protocol/ActivityPub/Receiver.php @@ -5,18 +5,19 @@ namespace Friendica\Protocol\ActivityPub; use Friendica\Database\DBA; -use Friendica\Util\HTTPSignature; use Friendica\Core\Logger; use Friendica\Core\Protocol; use Friendica\Model\Contact; use Friendica\Model\APContact; +use Friendica\Model\Conversation; use Friendica\Model\Item; use Friendica\Model\User; -use Friendica\Util\JsonLD; -use Friendica\Util\LDSignature; use Friendica\Protocol\ActivityPub; -use Friendica\Model\Conversation; use Friendica\Util\DateTimeFormat; +use Friendica\Util\HTTPSignature; +use Friendica\Util\JsonLD; +use Friendica\Util\LDSignature; +use Friendica\Util\Strings; /** * @brief ActivityPub Receiver Protocol class @@ -308,6 +309,16 @@ class Receiver } + // Don't trust the source if "actor" differs from "attributedTo". The content could be forged. + if ($trust_source && ($type == 'as:Create') && is_array($activity['as:object'])) { + $actor = JsonLD::fetchElement($activity, 'as:actor'); + $attributed_to = JsonLD::fetchElement($activity['as:object'], 'as:attributedTo'); + $trust_source = ($actor == $attributed_to); + if (!$trust_source) { + Logger::log('Not trusting actor: ' . $actor . '. It differs from attributedTo: ' . $attributed_to, Logger::DEBUG); + } + } + // $trust_source is called by reference and is set to true if the content was retrieved successfully $object_data = self::prepareObjectData($activity, $uid, $trust_source); if (empty($object_data)) { @@ -455,7 +466,7 @@ class Receiver if (($receiver == self::PUBLIC_COLLECTION) && !empty($actor)) { // This will most likely catch all OStatus connections to Mastodon - $condition = ['alias' => [$actor, normalise_link($actor)], 'rel' => [Contact::SHARING, Contact::FRIEND] + $condition = ['alias' => [$actor, Strings::normaliseLink($actor)], 'rel' => [Contact::SHARING, Contact::FRIEND] , 'archive' => false, 'pending' => false]; $contacts = DBA::select('contact', ['uid'], $condition); while ($contact = DBA::fetch($contacts)) { @@ -472,7 +483,7 @@ class Receiver } // Fetching all directly addressed receivers - $condition = ['self' => true, 'nurl' => normalise_link($receiver)]; + $condition = ['self' => true, 'nurl' => Strings::normaliseLink($receiver)]; $contact = DBA::selectFirst('contact', ['uid', 'contact-type'], $condition); if (!DBA::isResult($contact)) { continue; @@ -482,7 +493,7 @@ class Receiver // Exception: The receiver is targetted via "to" or this is a comment if ((($element != 'as:to') && empty($replyto)) || ($contact['contact-type'] == Contact::ACCOUNT_TYPE_COMMUNITY)) { $networks = [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::DIASPORA, Protocol::OSTATUS]; - $condition = ['nurl' => normalise_link($actor), 'rel' => [Contact::SHARING, Contact::FRIEND], + $condition = ['nurl' => Strings::normaliseLink($actor), 'rel' => [Contact::SHARING, Contact::FRIEND], 'network' => $networks, 'archive' => false, 'pending' => false, 'uid' => $contact['uid']]; // Forum posts are only accepted from forum contacts @@ -516,7 +527,7 @@ class Receiver { $receivers = []; $networks = [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::DIASPORA, Protocol::OSTATUS]; - $condition = ['nurl' => normalise_link($actor), 'rel' => [Contact::SHARING, Contact::FRIEND, Contact::FOLLOWER], + $condition = ['nurl' => Strings::normaliseLink($actor), 'rel' => [Contact::SHARING, Contact::FRIEND, Contact::FOLLOWER], 'network' => $networks, 'archive' => false, 'pending' => false]; $contacts = DBA::select('contact', ['uid', 'rel'], $condition); while ($contact = DBA::fetch($contacts)) { @@ -588,8 +599,9 @@ class Receiver $photo = defaults($profile, 'photo', null); unset($profile['photo']); unset($profile['baseurl']); + unset($profile['guid']); - $profile['nurl'] = normalise_link($profile['url']); + $profile['nurl'] = Strings::normaliseLink($profile['url']); DBA::update('contact', $profile, ['id' => $cid]); Contact::updateAvatar($photo, $uid, $cid); @@ -614,12 +626,12 @@ class Receiver } foreach ($receivers as $receiver) { - $contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'nurl' => normalise_link($actor)]); + $contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'nurl' => Strings::normaliseLink($actor)]); if (DBA::isResult($contact)) { self::switchContact($contact['id'], $receiver, $actor); } - $contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'alias' => [normalise_link($actor), $actor]]); + $contact = DBA::selectFirst('contact', ['id'], ['uid' => $receiver, 'network' => Protocol::OSTATUS, 'alias' => [Strings::normaliseLink($actor), $actor]]); if (DBA::isResult($contact)) { self::switchContact($contact['id'], $receiver, $actor); }