Add item user owner data check in Model\Item::isValid

- Prevents deleted users from posting any item, manually or automatically through mirroring

diff --git a/src/Model/Item.php b/src/Model/Item.php
index dec3716d0169206637cddfb1ebe898caa4c8c8ae..cd5c2b169c80b9a400eca8c640d7ce8025203905 100644 (file)
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -1385,6 +1385,19 @@ class Item
                        return false;
                }
 
+               if (!empty($item['uid'])) {
+                       $owner = User::getOwnerDataById($item['uid'], false);
+                       if (!$owner) {
+                               Logger::notice('Missing item user owner data', ['uid' => $item['uid']]);
+                               return false;
+                       }
+
+                       if ($owner['deleted'] || $owner['account_expired'] || $owner['account_removed']) {
+                               Logger::notice('Item user has been deleted/expired/removed', ['uid' => $item['uid'], 'deleted' => $owner['deleted'], 'account_expired' => $owner['account_expired'], 'account_removed' => $owner['account_removed']]);
+                               return false;
+                       }
+               }
+
                if (!empty($item['author-id']) && Contact::isBlocked($item['author-id'])) {
                        Logger::notice('Author is blocked node-wide', ['author-link' => $item['author-link'], 'item-uri' => $item['uri']]);
                        return false;