mirror of
https://github.com/jointakahe/takahe.git
synced 2024-11-25 00:30:59 +00:00
Ignore badly formed ActivityPub object data (#406)
This commit is contained in:
parent
cb66b9559d
commit
81fa9a6d34
1 changed files with 7 additions and 3 deletions
|
@ -737,9 +737,13 @@ class Post(StatorModel):
|
||||||
Raises DoesNotExist if it's not found and create is False,
|
Raises DoesNotExist if it's not found and create is False,
|
||||||
or it's from a blocked domain.
|
or it's from a blocked domain.
|
||||||
"""
|
"""
|
||||||
# Ensure the domain of the object's actor and ID match to prevent injection
|
try:
|
||||||
if urlparse(data["id"]).hostname != urlparse(data["attributedTo"]).hostname:
|
# Ensure the domain of the object's actor and ID match to prevent injection
|
||||||
raise ValueError("Object's ID domain is different to its author")
|
if urlparse(data["id"]).hostname != urlparse(data["attributedTo"]).hostname:
|
||||||
|
raise ValueError("Object's ID domain is different to its author")
|
||||||
|
except (TypeError, KeyError):
|
||||||
|
raise ValueError("Object data is not a recognizable ActivityPub object")
|
||||||
|
|
||||||
# Do we have one with the right ID?
|
# Do we have one with the right ID?
|
||||||
created = False
|
created = False
|
||||||
try:
|
try:
|
||||||
|
|
Loading…
Reference in a new issue