[ActivityPub] Fix security issue concerning remote profile deletes
Reported by kaniini
This commit is contained in:
parent
5fb1e26a4c
commit
b12c2d17d5
@ -224,7 +224,8 @@ class Activitypub_inbox_handler
|
|||||||
* Handles a Delete Activity received by our inbox.
|
* Handles a Delete Activity received by our inbox.
|
||||||
*
|
*
|
||||||
* @throws NoProfileException
|
* @throws NoProfileException
|
||||||
* @author Diogo Cordeiro <diogo@fc.up.pt>
|
* @throws Exception
|
||||||
|
* @author Bruno Casteleiro <brunoccast@fc.up.pt>
|
||||||
*/
|
*/
|
||||||
private function handle_delete()
|
private function handle_delete()
|
||||||
{
|
{
|
||||||
@ -234,8 +235,8 @@ class Activitypub_inbox_handler
|
|||||||
}
|
}
|
||||||
|
|
||||||
// profile deletion ?
|
// profile deletion ?
|
||||||
$aprofile = Activitypub_explorer::get_aprofile_by_url($object);
|
if ($this->activity['actor'] == $object) {
|
||||||
if ($aprofile instanceof Activitypub_profile) {
|
$aprofile = Activitypub_profile::from_profile($this->actor);
|
||||||
$this->handle_delete_profile($aprofile);
|
$this->handle_delete_profile($aprofile);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -248,7 +249,7 @@ class Activitypub_inbox_handler
|
|||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
// either already deleted or not a notice at all
|
// either already deleted or not an object at all
|
||||||
// nothing to do..
|
// nothing to do..
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user