|
|
@@ -210,6 +210,18 @@ class Helpers {
|
|
|
$activity = ['object' => $res];
|
|
|
}
|
|
|
|
|
|
+ $idDomain = parse_url($activity['id'], PHP_URL_HOST);
|
|
|
+ $urlDomain = parse_url($url, PHP_URL_HOST);
|
|
|
+ $actorDomain = parse_url($activity['object']['attributedTo'], PHP_URL_HOST);
|
|
|
+
|
|
|
+ if(
|
|
|
+ $idDomain !== $urlDomain ||
|
|
|
+ $actorDomain !== $urlDomain ||
|
|
|
+ $idDomain !== $actorDomain
|
|
|
+ ) {
|
|
|
+ abort(400, 'Invalid object');
|
|
|
+ }
|
|
|
+
|
|
|
$profile = self::profileFirstOrNew($activity['object']['attributedTo']);
|
|
|
if(isset($activity['object']['inReplyTo']) && !empty($activity['object']['inReplyTo']) && $replyTo == true) {
|
|
|
$reply_to = self::statusFirstOrFetch($activity['object']['inReplyTo'], false);
|
Daniel Supernault