mirror of
https://github.com/jointakahe/takahe.git
synced 2024-11-28 18:21:00 +00:00
Ignore badly formed ActivityPub object data (#406)
This commit is contained in:
parent
cb66b9559d
commit
81fa9a6d34
1 changed files with 7 additions and 3 deletions
|
@ -737,9 +737,13 @@ class Post(StatorModel):
|
|||
Raises DoesNotExist if it's not found and create is False,
|
||||
or it's from a blocked domain.
|
||||
"""
|
||||
try:
|
||||
# Ensure the domain of the object's actor and ID match to prevent injection
|
||||
if urlparse(data["id"]).hostname != urlparse(data["attributedTo"]).hostname:
|
||||
raise ValueError("Object's ID domain is different to its author")
|
||||
except (TypeError, KeyError):
|
||||
raise ValueError("Object data is not a recognizable ActivityPub object")
|
||||
|
||||
# Do we have one with the right ID?
|
||||
created = False
|
||||
try:
|
||||
|
|
Loading…
Reference in a new issue