Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Merge pull request from GHSA-3fjr-858r-92rw

Browse source 
* Fix insufficient origin validation

* Bump version to 4.3.0-alpha.1
This commit is contained in:
Claire 2024-02-01 15:56:46 +01:00 committed by GitHub
parent 9cdc60ecc6
commit 1726085db5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
17 changed files with 37 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/lib/activitypub/activity.rb
View file

@ -154,7 +154,7 @@ class ActivityPub::Activity
if object_uri.start_with?('http')
return if ActivityPub::TagManager.instance.local_uri?(object_uri)
ActivityPub::FetchRemoteStatusService.new.call(object_uri, id: true, on_behalf_of: @account.followers.local.first, request_id: @options[:request_id])
ActivityPub::FetchRemoteStatusService.new.call(object_uri, on_behalf_of: @account.followers.local.first, request_id: @options[:request_id])
elsif @object['url'].present?
::FetchRemoteStatusService.new.call(@object['url'], request_id: @options[:request_id])
end

2
app/lib/activitypub/linked_data_signature.rb
View file

@ -19,7 +19,7 @@ class ActivityPub::LinkedDataSignature
return unless type == 'RsaSignature2017'
creator = ActivityPub::TagManager.instance.uri_to_actor(creator_uri)
creator = ActivityPub::FetchRemoteKeyService.new.call(creator_uri, id: false) if creator&.public_key.blank?
creator = ActivityPub::FetchRemoteKeyService.new.call(creator_uri) if creator&.public_key.blank?
return if creator.nil?