From: Michael Date: Sun, 24 Jul 2022 21:58:09 +0000 (+0000) Subject: IMproved handling of untrusted posts X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=b5461737478fa65f983d6001000acda23790f2aa;p=friendica.git IMproved handling of untrusted posts --- diff --git a/src/Protocol/ActivityPub/Processor.php b/src/Protocol/ActivityPub/Processor.php index 1ca6fce902..d012498ab2 100644 --- a/src/Protocol/ActivityPub/Processor.php +++ b/src/Protocol/ActivityPub/Processor.php @@ -466,7 +466,7 @@ class Processor * * @return boolean */ - private static function isActivityGone(string $url): bool + public static function isActivityGone(string $url): bool { $curlResult = HTTPSignature::fetchRaw($url, 0); @@ -1346,6 +1346,7 @@ class Processor { $uid = User::getIdForURL($activity['object_id']); if (empty($uid)) { + Queue::remove($activity); return; } diff --git a/src/Protocol/ActivityPub/Receiver.php b/src/Protocol/ActivityPub/Receiver.php index 2655da9f0e..66653579ea 100644 --- a/src/Protocol/ActivityPub/Receiver.php +++ b/src/Protocol/ActivityPub/Receiver.php @@ -274,7 +274,7 @@ class Receiver { $id = JsonLD::fetchElement($activity, '@id'); $object_id = JsonLD::fetchElement($activity, 'as:object', '@id'); - + if (!empty($id) && !$trust_source) { $fetch_uid = $uid ?: self::getBestUserForActivity($activity); @@ -291,7 +291,7 @@ class Receiver Logger::info('Fetched data is the object instead of the activity', ['id' => $id]); unset($object['@context']); $activity['as:object'] = $object; - } + } } else { Logger::info('Activity id is not equal', ['id' => $id, 'fetched' => $fetched_id]); } @@ -371,6 +371,10 @@ class Receiver $object_data['object_object'] = JsonLD::fetchElement($activity['as:object'], 'as:object'); $object_data['object_type'] = JsonLD::fetchElement($activity['as:object'], '@type'); $object_data['push'] = $push; + if ($type == 'as:Delete') { + $apcontact = APContact::getByURL($object_data['object_id'], true); + $trust_source = ($apcontact['type'] == 'Tombstone'); + } } elseif (in_array($type, ['as:Create', 'as:Update', 'as:Announce', 'as:Invite']) || strpos($type, '#emojiReaction')) { // Fetch the content only on activities where this matters // We can receive "#emojiReaction" when fetching content from Hubzilla systems @@ -425,6 +429,10 @@ class Receiver if (($type == 'as:Undo') && !empty($object_data['object_object'])) { $object_data['object_object_type'] = self::fetchObjectType([], $object_data['object_object'], $fetch_uid); } + + if (($type == 'as:Delete') && in_array($object_data['object_type'], array_merge(['as:Tombstone'], self::CONTENT_TYPES))) { + $trust_source = Processor::isActivityGone($object_data['object_id']); + } } $object_data = self::addActivityFields($object_data, $activity);