From 3d9266a8cbf7e1d0979ad7e17dd553851e73d81e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 17 Nov 2018 20:43:43 +0000 Subject: [PATCH] federator: do origin containment when processing inbound messages --- lib/pleroma/web/federator/federator.ex | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex index 962cacfa3..33e6db9b9 100644 --- a/lib/pleroma/web/federator/federator.ex +++ b/lib/pleroma/web/federator/federator.ex @@ -101,8 +101,11 @@ defmodule Pleroma.Web.Federator do params = Utils.normalize_params(params) + # NOTE: we use the actor ID to do the containment, this is fine because an + # actor shouldn't be acting on objects outside their own AP server. with {:ok, _user} <- ap_enabled_actor(params["actor"]), nil <- Activity.normalize(params["id"]), + :ok <- Transmogrifier.contain_origin_from_id(params["actor"], params), {:ok, _activity} <- Transmogrifier.handle_incoming(params) do else %Activity{} -> -- 2.45.2