From f8931dc7cde60c166a79a254105e455fc9c411a1 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Wed, 6 Apr 2022 01:01:10 -0600 Subject: [PATCH 1/3] Update AP Inbox, fixes #3332 --- app/Util/ActivityPub/Inbox.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/Util/ActivityPub/Inbox.php b/app/Util/ActivityPub/Inbox.php index dd0182d2c..e6cd96a98 100644 --- a/app/Util/ActivityPub/Inbox.php +++ b/app/Util/ActivityPub/Inbox.php @@ -623,7 +623,10 @@ class Inbox break; case 'Tombstone': - $profile = Helpers::profileFetch($actor); + $profile = Profile::whereRemoteUrl($actor)->first(); + if(!$profile || $profile->private_key != null) { + return; + } $status = Status::whereProfileId($profile->id) ->whereUri($id) ->orWhere('url', $id) From 4287f14bc530008a2a03b6ead6a7f81c15d9864d Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Wed, 6 Apr 2022 01:03:05 -0600 Subject: [PATCH 2/3] Update InboxPipeline, fixes #3332 --- app/Jobs/InboxPipeline/InboxValidator.php | 5 ++--- app/Jobs/InboxPipeline/InboxWorker.php | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/app/Jobs/InboxPipeline/InboxValidator.php b/app/Jobs/InboxPipeline/InboxValidator.php index 4fc1b75a2..481844bb2 100644 --- a/app/Jobs/InboxPipeline/InboxValidator.php +++ b/app/Jobs/InboxPipeline/InboxValidator.php @@ -167,9 +167,8 @@ class InboxValidator implements ShouldQueue && is_array($bodyDecoded['object']) && isset($bodyDecoded['object']['attributedTo']) ) { - if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) { + if(parse_url(Helpers::pluckval($bodyDecoded['object']['attributedTo']), PHP_URL_HOST) !== $keyDomain) { return; - abort(400, 'Invalid request'); } } if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) { @@ -178,7 +177,7 @@ class InboxValidator implements ShouldQueue } $actor = Profile::whereKeyId($keyId)->first(); if(!$actor) { - $actorUrl = is_array($bodyDecoded['actor']) ? $bodyDecoded['actor'][0] : $bodyDecoded['actor']; + $actorUrl = Helpers::pluckval($bodyDecoded['actor']); $actor = Helpers::profileFirstOrNew($actorUrl); } if(!$actor) { diff --git a/app/Jobs/InboxPipeline/InboxWorker.php b/app/Jobs/InboxPipeline/InboxWorker.php index 44e3a1cb0..f475b2dc5 100644 --- a/app/Jobs/InboxPipeline/InboxWorker.php +++ b/app/Jobs/InboxPipeline/InboxWorker.php @@ -157,7 +157,7 @@ class InboxWorker implements ShouldQueue && is_array($bodyDecoded['object']) && isset($bodyDecoded['object']['attributedTo']) ) { - if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) { + if(parse_url(Helpers::pluckval($bodyDecoded['object']['attributedTo']), PHP_URL_HOST) !== $keyDomain) { return; } } @@ -166,7 +166,7 @@ class InboxWorker implements ShouldQueue } $actor = Profile::whereKeyId($keyId)->first(); if(!$actor) { - $actorUrl = is_array($bodyDecoded['actor']) ? $bodyDecoded['actor'][0] : $bodyDecoded['actor']; + $actorUrl = Helpers::pluckval($bodyDecoded['actor']); $actor = Helpers::profileFirstOrNew($actorUrl); } if(!$actor) { From afb5ea18e58cc693840246b7e6b67b495d71c797 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Wed, 6 Apr 2022 01:03:30 -0600 Subject: [PATCH 3/3] Update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index effcccab6..332fc6a30 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -122,6 +122,8 @@ - Updated DiscoverController, improve tag feed performance. ([d8ff40eb](https://github.com/pixelfed/pixelfed/commit/d8ff40eb)) - Updated ApiV1Controller, fix timeline pagination. ([a5cdc28b](https://github.com/pixelfed/pixelfed/commit/a5cdc28b)) - Updated ApiV1Controller, add missing pagination header. ([5649873a](https://github.com/pixelfed/pixelfed/commit/5649873a)) +- Updated CollectionController, limit unpublished collections to owner. ([a0061eb5](https://github.com/pixelfed/pixelfed/commit/a0061eb5)) +- Updated AP Inbox, fixes #3332. ([f8931dc7](https://github.com/pixelfed/pixelfed/commit/f8931dc7)) - ([](https://github.com/pixelfed/pixelfed/commit/)) ## [v0.11.2 (2022-01-09)](https://github.com/pixelfed/pixelfed/compare/v0.11.1...v0.11.2)