IMproved handling of untrusted posts

diff --git a/src/Protocol/ActivityPub/Processor.php b/src/Protocol/ActivityPub/Processor.php
index 1ca6fce9021f2e66bcd7b2b2c5747d94ee1825ab..d012498ab2a5f777afa6c8024705f984ca7f281a 100644 (file)
--- a/src/Protocol/ActivityPub/Processor.php
+++ b/src/Protocol/ActivityPub/Processor.php
@@ -466,7 +466,7 @@ class Processor
         *
         * @return boolean
         */
-       private static function isActivityGone(string $url): bool
+       public static function isActivityGone(string $url): bool
        {
                $curlResult = HTTPSignature::fetchRaw($url, 0);
 
@@ -1346,6 +1346,7 @@ class Processor
        {
                $uid = User::getIdForURL($activity['object_id']);
                if (empty($uid)) {
+                       Queue::remove($activity);
                        return;
                }
 

diff --git a/src/Protocol/ActivityPub/Receiver.php b/src/Protocol/ActivityPub/Receiver.php
index 2655da9f0e3b11302f1071cbe4bf442ed76561fe..66653579ea7f6739b0250dfbe373699f9cf7ed94 100644 (file)
--- a/src/Protocol/ActivityPub/Receiver.php
+++ b/src/Protocol/ActivityPub/Receiver.php
@@ -274,7 +274,7 @@ class Receiver
        {
                $id = JsonLD::fetchElement($activity, '@id');
                $object_id = JsonLD::fetchElement($activity, 'as:object', '@id');
-               
+
                if (!empty($id) && !$trust_source) {
                        $fetch_uid = $uid ?: self::getBestUserForActivity($activity);
 
@@ -291,7 +291,7 @@ class Receiver
                                                Logger::info('Fetched data is the object instead of the activity', ['id' => $id]);
                                                unset($object['@context']);
                                                $activity['as:object'] = $object;
-                                       }                                       
+                                       }
                                } else {
                                        Logger::info('Activity id is not equal', ['id' => $id, 'fetched' => $fetched_id]);
                                }
@@ -371,6 +371,10 @@ class Receiver
                        $object_data['object_object'] = JsonLD::fetchElement($activity['as:object'], 'as:object');
                        $object_data['object_type'] = JsonLD::fetchElement($activity['as:object'], '@type');
                        $object_data['push'] = $push;
+                       if ($type == 'as:Delete') {
+                               $apcontact = APContact::getByURL($object_data['object_id'], true);
+                               $trust_source = ($apcontact['type'] == 'Tombstone');
+                       }
                } elseif (in_array($type, ['as:Create', 'as:Update', 'as:Announce', 'as:Invite']) || strpos($type, '#emojiReaction')) {
                        // Fetch the content only on activities where this matters
                        // We can receive "#emojiReaction" when fetching content from Hubzilla systems
@@ -425,6 +429,10 @@ class Receiver
                        if (($type == 'as:Undo') && !empty($object_data['object_object'])) {
                                $object_data['object_object_type'] = self::fetchObjectType([], $object_data['object_object'], $fetch_uid);
                        }
+
+                       if (($type == 'as:Delete') && in_array($object_data['object_type'], array_merge(['as:Tombstone'], self::CONTENT_TYPES))) {
+                               $trust_source = Processor::isActivityGone($object_data['object_id']);
+                       }
                }
 
                $object_data = self::addActivityFields($object_data, $activity);