Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Fix unbounded recursion in account discovery (#22025)

Browse source 
* Fix trying to fetch posts from other users when fetching featured posts

* Rate-limit discovery of new subdomains

* Put a limit on recursively discovering new accounts
This commit is contained in:
Claire 2022-12-07 00:15:24 +01:00 committed by GitHub
parent 98a9347dd7
commit c8849d6cee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 147 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/services/activitypub/fetch_featured_collection_service.rb
View file

@ -46,9 +46,9 @@ class ActivityPub::FetchFeaturedCollectionService < BaseService
next unless item.is_a?(String) || item['type'] == 'Note'
uri = value_or_id(item)
next if ActivityPub::TagManager.instance.local_uri?(uri)
next if ActivityPub::TagManager.instance.local_uri?(uri) || invalid_origin?(uri)
status = ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: local_follower)
status = ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: local_follower, expected_actor_uri: @account.uri, request_id: @options[:request_id])
next unless status&.account_id == @account.id
status.id