|
|
@@ -372,6 +372,10 @@ class Helpers {
|
|
|
$idDomain = parse_url($id, PHP_URL_HOST);
|
|
|
$urlDomain = parse_url($url, PHP_URL_HOST);
|
|
|
|
|
|
+ if($idDomain && $urlDomain && strtolower($idDomain) !== strtolower($urlDomain)) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
if(!self::validateUrl($id)) {
|
|
|
return;
|
|
|
}
|
|
|
@@ -455,14 +459,21 @@ class Helpers {
|
|
|
|
|
|
public static function storeStatus($url, $profile, $activity)
|
|
|
{
|
|
|
+ $originalUrl = $url;
|
|
|
$id = isset($activity['id']) ? self::pluckval($activity['id']) : self::pluckval($activity['url']);
|
|
|
$url = isset($activity['url']) && is_string($activity['url']) ? self::pluckval($activity['url']) : self::pluckval($id);
|
|
|
$idDomain = parse_url($id, PHP_URL_HOST);
|
|
|
$urlDomain = parse_url($url, PHP_URL_HOST);
|
|
|
+ $originalUrlDomain = parse_url($originalUrl, PHP_URL_HOST);
|
|
|
if(!self::validateUrl($id) || !self::validateUrl($url)) {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
+ if( strtolower($originalUrlDomain) !== strtolower($idDomain) ||
|
|
|
+ strtolower($originalUrlDomain) !== strtolower($urlDomain) ) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
$reply_to = self::getReplyTo($activity);
|
|
|
|
|
|
$ts = self::pluckval($activity['published']);
|
|
|
@@ -763,7 +774,11 @@ class Helpers {
|
|
|
if(!$res || isset($res['id']) == false) {
|
|
|
return;
|
|
|
}
|
|
|
+ $urlDomain = parse_url($url, PHP_URL_HOST);
|
|
|
$domain = parse_url($res['id'], PHP_URL_HOST);
|
|
|
+ if(strtolower($urlDomain) !== strtolower($domain)) {
|
|
|
+ return;
|
|
|
+ }
|
|
|
if(!isset($res['preferredUsername']) && !isset($res['nickname'])) {
|
|
|
return;
|
|
|
}
|
|
|
@@ -831,6 +846,9 @@ class Helpers {
|
|
|
|
|
|
public static function sendSignedObject($profile, $url, $body)
|
|
|
{
|
|
|
+ if(app()->environment() !== 'production') {
|
|
|
+ return;
|
|
|
+ }
|
|
|
ActivityPubDeliveryService::queue()
|
|
|
->from($profile)
|
|
|
->to($url)
|
Daniel Supernault