Merge pull request #685 from pixelfed/frontend-ui-refactor

Frontend ui refactor

app/Util/ActivityPub/Helpers.php

@@ -210,6 +210,18 @@ class Helpers {
 				$activity = ['object' => $res];
 			}
 
+			$idDomain = parse_url($activity['id'], PHP_URL_HOST);
+			$urlDomain = parse_url($url, PHP_URL_HOST);
+			$actorDomain = parse_url($activity['object']['attributedTo'], PHP_URL_HOST);
+
+			if(
+				$idDomain !== $urlDomain || 
+				$actorDomain !== $urlDomain || 
+				$idDomain !== $actorDomain
+			) {
+				abort(400, 'Invalid object');
+			}
+
 			$profile = self::profileFirstOrNew($activity['object']['attributedTo']);
 			if(isset($activity['object']['inReplyTo']) && !empty($activity['object']['inReplyTo']) && $replyTo == true) {
 				$reply_to = self::statusFirstOrFetch($activity['object']['inReplyTo'], false);

config/pixelfed.php

@@ -23,7 +23,7 @@ return [
     | This value is the version of your PixelFed instance.
     |
     */
-    'version' => '0.7.3',
+    'version' => '0.7.4',
 
     /*
     |--------------------------------------------------------------------------