From: Michael <heluecht@pirati.ca>
Date: Wed, 26 May 2021 20:52:39 +0000 (+0000)
Subject: Issue 10262: Don't accept BCC posts from non followers
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=a3c323b366e58c154e5a43f56d85412762e0ac83;p=friendica.git

Issue 10262: Don't accept BCC posts from non followers
---

diff --git a/src/Protocol/ActivityPub/Processor.php b/src/Protocol/ActivityPub/Processor.php
index ecbecb9551..aba285c180 100644
--- a/src/Protocol/ActivityPub/Processor.php
+++ b/src/Protocol/ActivityPub/Processor.php
@@ -602,6 +602,12 @@ class Processor
 				continue;
 			}
 
+			if (!$item['isForum'] && ($receiver != 0) && ($item['gravity'] == GRAVITY_PARENT) &&
+				($item['post-reason'] == Item::PR_BCC) && !Contact::isSharingByURL($activity['author'], $receiver)) {
+				Logger::info('Top level post via BCC from a non follower, ignoring', ['uid' => $receiver, 'contact' => $item['contact-id']]);
+				continue;
+			}
+
 			if (DI::pConfig()->get($receiver, 'system', 'accept_only_sharer', false) && ($receiver != 0) && ($item['gravity'] == GRAVITY_PARENT)) {
 				$skip = !Contact::isSharingByURL($activity['author'], $receiver);