From 1dd162a5f75e6c2ef1813cd477e6d938127220d9 Mon Sep 17 00:00:00 2001 From: lain Date: Fri, 31 Jul 2020 09:57:30 +0200 Subject: [PATCH] SimplePolicy: Fix problem with DM leaks. --- lib/pleroma/web/activity_pub/mrf/simple_policy.ex | 8 ++++++-- test/web/activity_pub/mrf/simple_policy_test.exs | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex index ffaac767e..bb193475a 100644 --- a/lib/pleroma/web/activity_pub/mrf/simple_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/simple_policy.ex @@ -109,6 +109,10 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do {:ok, object} end + defp intersection(list1, list2) do + list1 -- list1 -- list2 + end + defp check_followers_only(%{host: actor_host} = _actor_info, object) do followers_only = Config.get([:mrf_simple, :followers_only]) @@ -125,8 +129,8 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicy do cc = FollowingRelationship.followers_ap_ids(user, fixed_cc) object - |> Map.put("to", [user.follower_address] ++ to) - |> Map.put("cc", cc) + |> Map.put("to", intersection([user.follower_address | to], fixed_to)) + |> Map.put("cc", intersection([user.follower_address | cc], fixed_cc)) else _ -> object end diff --git a/test/web/activity_pub/mrf/simple_policy_test.exs b/test/web/activity_pub/mrf/simple_policy_test.exs index 9a1a7bdc8..d7dde62c4 100644 --- a/test/web/activity_pub/mrf/simple_policy_test.exs +++ b/test/web/activity_pub/mrf/simple_policy_test.exs @@ -308,7 +308,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do Config.put([:mrf_simple, :followers_only], [actor_domain]) assert {:ok, new_activity} = SimplePolicy.filter(activity) - assert actor.follower_address in new_activity["to"] + assert actor.follower_address in new_activity["cc"] assert following_user.ap_id in new_activity["to"] refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["to"] refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["cc"] -- 2.45.2