From: Michael <heluecht@pirati.ca>
Date: Thu, 10 Jan 2019 22:51:03 +0000 (+0000)
Subject: Don't accept private answers to public parents
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=e3576fa0bd3bda254db99f985840e09085a04654;p=friendica.git

Don't accept private answers to public parents
---

diff --git a/src/Protocol/ActivityPub/Processor.php b/src/Protocol/ActivityPub/Processor.php
index 057457ef3a..d3c616a7e0 100644
--- a/src/Protocol/ActivityPub/Processor.php
+++ b/src/Protocol/ActivityPub/Processor.php
@@ -264,6 +264,19 @@ class Processor
 		}
 
 		$item['uri'] = $activity['id'];
+
+		if (($item['parent-uri'] != $item['uri']) && ($item['gravity'] == GRAVITY_COMMENT)) {
+			$item_private = !in_array(0, $activity['item_receiver']);
+			$parent = Item::selectFirst(['private'], ['uri' => $item['parent-uri']]);
+			if (!DBA::isResult($parent)) {
+				return;
+			}
+			if ($item_private && !$parent['private']) {
+				Logger::log('Item ' . $item['uri'] . ' is private but the parent ' . $item['parent-uri'] . ' is not. So we drop it.');
+				return;
+			}
+		}
+
 		$item['created'] = $activity['published'];
 		$item['edited'] = $activity['updated'];
 		$item['guid'] = $activity['diaspora:guid'];
diff --git a/src/Protocol/ActivityPub/Receiver.php b/src/Protocol/ActivityPub/Receiver.php
index 7fe1f128f4..5459bca346 100644
--- a/src/Protocol/ActivityPub/Receiver.php
+++ b/src/Protocol/ActivityPub/Receiver.php
@@ -233,6 +233,7 @@ class Receiver
 
 		$object_data['type'] = $type;
 		$object_data['actor'] = $actor;
+		$object_data['item_receiver'] = $receivers;
 		$object_data['receiver'] = array_merge(defaults($object_data, 'receiver', []), $receivers);
 
 		Logger::log('Processing ' . $object_data['type'] . ' ' . $object_data['object_type'] . ' ' . $object_data['id'], Logger::DEBUG);