mirror of
https://github.com/friendica/friendica
synced 2024-11-17 19:43:40 +00:00
Improved Content-Type check on incoming requests
This commit is contained in:
parent
f60638787e
commit
11a16589da
3 changed files with 36 additions and 30 deletions
46
database.sql
46
database.sql
|
@ -2000,7 +2000,7 @@ CREATE TABLE IF NOT EXISTS `worker-ipc` (
|
|||
-- VIEW application-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `application-view`;
|
||||
CREATE VIEW `application-view` AS SELECT
|
||||
CREATE VIEW `application-view` AS SELECT
|
||||
`application`.`id` AS `id`,
|
||||
`application-token`.`uid` AS `uid`,
|
||||
`application`.`name` AS `name`,
|
||||
|
@ -2024,7 +2024,7 @@ CREATE VIEW `application-view` AS SELECT
|
|||
-- VIEW circle-member-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `circle-member-view`;
|
||||
CREATE VIEW `circle-member-view` AS SELECT
|
||||
CREATE VIEW `circle-member-view` AS SELECT
|
||||
`group_member`.`id` AS `id`,
|
||||
`group`.`uid` AS `uid`,
|
||||
`group_member`.`contact-id` AS `contact-id`,
|
||||
|
@ -2055,7 +2055,7 @@ CREATE VIEW `circle-member-view` AS SELECT
|
|||
-- VIEW post-counts-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `post-counts-view`;
|
||||
CREATE VIEW `post-counts-view` AS SELECT
|
||||
CREATE VIEW `post-counts-view` AS SELECT
|
||||
`post-counts`.`uri-id` AS `uri-id`,
|
||||
`post-counts`.`vid` AS `vid`,
|
||||
`verb`.`name` AS `verb`,
|
||||
|
@ -2069,7 +2069,7 @@ CREATE VIEW `post-counts-view` AS SELECT
|
|||
-- VIEW post-timeline-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `post-timeline-view`;
|
||||
CREATE VIEW `post-timeline-view` AS SELECT
|
||||
CREATE VIEW `post-timeline-view` AS SELECT
|
||||
`post-user`.`uid` AS `uid`,
|
||||
`post-user`.`uri-id` AS `uri-id`,
|
||||
`post-user`.`gravity` AS `gravity`,
|
||||
|
@ -2114,7 +2114,7 @@ CREATE VIEW `post-timeline-view` AS SELECT
|
|||
-- VIEW post-searchindex-user-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `post-searchindex-user-view`;
|
||||
CREATE VIEW `post-searchindex-user-view` AS SELECT
|
||||
CREATE VIEW `post-searchindex-user-view` AS SELECT
|
||||
`post-thread-user`.`uid` AS `uid`,
|
||||
`post-searchindex`.`uri-id` AS `uri-id`,
|
||||
`post-searchindex`.`owner-id` AS `owner-id`,
|
||||
|
@ -2146,7 +2146,7 @@ CREATE VIEW `post-searchindex-user-view` AS SELECT
|
|||
-- VIEW post-user-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `post-user-view`;
|
||||
CREATE VIEW `post-user-view` AS SELECT
|
||||
CREATE VIEW `post-user-view` AS SELECT
|
||||
`post-user`.`id` AS `id`,
|
||||
`post-user`.`id` AS `post-user-id`,
|
||||
`post-user`.`uid` AS `uid`,
|
||||
|
@ -2332,7 +2332,7 @@ CREATE VIEW `post-user-view` AS SELECT
|
|||
-- VIEW post-thread-user-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `post-thread-user-view`;
|
||||
CREATE VIEW `post-thread-user-view` AS SELECT
|
||||
CREATE VIEW `post-thread-user-view` AS SELECT
|
||||
`post-user`.`id` AS `id`,
|
||||
`post-user`.`id` AS `post-user-id`,
|
||||
`post-thread-user`.`uid` AS `uid`,
|
||||
|
@ -2516,7 +2516,7 @@ CREATE VIEW `post-thread-user-view` AS SELECT
|
|||
-- VIEW post-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `post-view`;
|
||||
CREATE VIEW `post-view` AS SELECT
|
||||
CREATE VIEW `post-view` AS SELECT
|
||||
`item-uri`.`uri` AS `uri`,
|
||||
`post`.`uri-id` AS `uri-id`,
|
||||
`parent-item-uri`.`uri` AS `parent-uri`,
|
||||
|
@ -2663,7 +2663,7 @@ CREATE VIEW `post-view` AS SELECT
|
|||
-- VIEW post-thread-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `post-thread-view`;
|
||||
CREATE VIEW `post-thread-view` AS SELECT
|
||||
CREATE VIEW `post-thread-view` AS SELECT
|
||||
`item-uri`.`uri` AS `uri`,
|
||||
`post-thread`.`uri-id` AS `uri-id`,
|
||||
`parent-item-uri`.`uri` AS `parent-uri`,
|
||||
|
@ -2811,7 +2811,7 @@ CREATE VIEW `post-thread-view` AS SELECT
|
|||
-- VIEW category-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `category-view`;
|
||||
CREATE VIEW `category-view` AS SELECT
|
||||
CREATE VIEW `category-view` AS SELECT
|
||||
`post-category`.`uri-id` AS `uri-id`,
|
||||
`post-category`.`uid` AS `uid`,
|
||||
`post-category`.`type` AS `type`,
|
||||
|
@ -2825,7 +2825,7 @@ CREATE VIEW `category-view` AS SELECT
|
|||
-- VIEW collection-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `collection-view`;
|
||||
CREATE VIEW `collection-view` AS SELECT
|
||||
CREATE VIEW `collection-view` AS SELECT
|
||||
`post-collection`.`uri-id` AS `uri-id`,
|
||||
`post-collection`.`type` AS `type`,
|
||||
`post-collection`.`author-id` AS `cid`,
|
||||
|
@ -2846,7 +2846,7 @@ CREATE VIEW `collection-view` AS SELECT
|
|||
-- VIEW media-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `media-view`;
|
||||
CREATE VIEW `media-view` AS SELECT
|
||||
CREATE VIEW `media-view` AS SELECT
|
||||
`post-media`.`uri-id` AS `uri-id`,
|
||||
`post-media`.`type` AS `type`,
|
||||
`post`.`received` AS `received`,
|
||||
|
@ -2864,7 +2864,7 @@ CREATE VIEW `media-view` AS SELECT
|
|||
-- VIEW tag-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `tag-view`;
|
||||
CREATE VIEW `tag-view` AS SELECT
|
||||
CREATE VIEW `tag-view` AS SELECT
|
||||
`post-tag`.`uri-id` AS `uri-id`,
|
||||
`post-tag`.`type` AS `type`,
|
||||
`post-tag`.`tid` AS `tid`,
|
||||
|
@ -2880,7 +2880,7 @@ CREATE VIEW `tag-view` AS SELECT
|
|||
-- VIEW network-item-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `network-item-view`;
|
||||
CREATE VIEW `network-item-view` AS SELECT
|
||||
CREATE VIEW `network-item-view` AS SELECT
|
||||
`post-user`.`uri-id` AS `uri-id`,
|
||||
`post-thread-user`.`post-user-id` AS `parent`,
|
||||
`post-user`.`received` AS `received`,
|
||||
|
@ -2910,7 +2910,7 @@ CREATE VIEW `network-item-view` AS SELECT
|
|||
-- VIEW network-thread-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `network-thread-view`;
|
||||
CREATE VIEW `network-thread-view` AS SELECT
|
||||
CREATE VIEW `network-thread-view` AS SELECT
|
||||
`post-thread-user`.`uri-id` AS `uri-id`,
|
||||
`post-thread-user`.`post-user-id` AS `parent`,
|
||||
`post-thread-user`.`received` AS `received`,
|
||||
|
@ -2938,7 +2938,7 @@ CREATE VIEW `network-thread-view` AS SELECT
|
|||
-- VIEW owner-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `owner-view`;
|
||||
CREATE VIEW `owner-view` AS SELECT
|
||||
CREATE VIEW `owner-view` AS SELECT
|
||||
`contact`.`id` AS `id`,
|
||||
`contact`.`uid` AS `uid`,
|
||||
`contact`.`created` AS `created`,
|
||||
|
@ -3066,7 +3066,7 @@ CREATE VIEW `owner-view` AS SELECT
|
|||
-- VIEW account-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `account-view`;
|
||||
CREATE VIEW `account-view` AS SELECT
|
||||
CREATE VIEW `account-view` AS SELECT
|
||||
`contact`.`id` AS `id`,
|
||||
`contact`.`url` AS `url`,
|
||||
`contact`.`nurl` AS `nurl`,
|
||||
|
@ -3154,7 +3154,7 @@ CREATE VIEW `account-view` AS SELECT
|
|||
-- VIEW account-user-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `account-user-view`;
|
||||
CREATE VIEW `account-user-view` AS SELECT
|
||||
CREATE VIEW `account-user-view` AS SELECT
|
||||
`ucontact`.`id` AS `id`,
|
||||
`contact`.`id` AS `pid`,
|
||||
`ucontact`.`uid` AS `uid`,
|
||||
|
@ -3260,7 +3260,7 @@ CREATE VIEW `account-user-view` AS SELECT
|
|||
-- VIEW pending-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `pending-view`;
|
||||
CREATE VIEW `pending-view` AS SELECT
|
||||
CREATE VIEW `pending-view` AS SELECT
|
||||
`register`.`id` AS `id`,
|
||||
`register`.`hash` AS `hash`,
|
||||
`register`.`created` AS `created`,
|
||||
|
@ -3282,7 +3282,7 @@ CREATE VIEW `pending-view` AS SELECT
|
|||
-- VIEW tag-search-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `tag-search-view`;
|
||||
CREATE VIEW `tag-search-view` AS SELECT
|
||||
CREATE VIEW `tag-search-view` AS SELECT
|
||||
`post-tag`.`uri-id` AS `uri-id`,
|
||||
`post-user`.`uid` AS `uid`,
|
||||
`post-user`.`id` AS `iid`,
|
||||
|
@ -3304,7 +3304,7 @@ CREATE VIEW `tag-search-view` AS SELECT
|
|||
-- VIEW workerqueue-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `workerqueue-view`;
|
||||
CREATE VIEW `workerqueue-view` AS SELECT
|
||||
CREATE VIEW `workerqueue-view` AS SELECT
|
||||
`process`.`pid` AS `pid`,
|
||||
`workerqueue`.`priority` AS `priority`
|
||||
FROM `process`
|
||||
|
@ -3315,7 +3315,7 @@ CREATE VIEW `workerqueue-view` AS SELECT
|
|||
-- VIEW profile_field-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `profile_field-view`;
|
||||
CREATE VIEW `profile_field-view` AS SELECT
|
||||
CREATE VIEW `profile_field-view` AS SELECT
|
||||
`profile_field`.`id` AS `id`,
|
||||
`profile_field`.`uid` AS `uid`,
|
||||
`profile_field`.`label` AS `label`,
|
||||
|
@ -3335,7 +3335,7 @@ CREATE VIEW `profile_field-view` AS SELECT
|
|||
-- VIEW diaspora-contact-view
|
||||
--
|
||||
DROP VIEW IF EXISTS `diaspora-contact-view`;
|
||||
CREATE VIEW `diaspora-contact-view` AS SELECT
|
||||
CREATE VIEW `diaspora-contact-view` AS SELECT
|
||||
`diaspora-contact`.`uri-id` AS `uri-id`,
|
||||
`item-uri`.`uri` AS `url`,
|
||||
`item-uri`.`guid` AS `guid`,
|
||||
|
|
|
@ -77,6 +77,11 @@ class Inbox extends BaseApi
|
|||
throw new \Friendica\Network\HTTPException\BadRequestException();
|
||||
}
|
||||
|
||||
if (!HTTPSignature::isValidContentType($this->server['CONTENT_TYPE'] ?? '')) {
|
||||
Logger::notice('Unexpected content type', ['content-type' => $this->server['CONTENT_TYPE'] ?? '', 'agent' => $this->server['HTTP_USER_AGENT'] ?? '']);
|
||||
throw new \Friendica\Network\HTTPException\UnsupportedMediaTypeException();
|
||||
}
|
||||
|
||||
if (DI::config()->get('debug', 'ap_inbox_log')) {
|
||||
if (HTTPSignature::getSigner($postdata, $_SERVER)) {
|
||||
$filename = 'signed-activitypub';
|
||||
|
|
|
@ -95,16 +95,17 @@ class ActivityPub
|
|||
public static function isRequest(): bool
|
||||
{
|
||||
header('Vary: Accept', false);
|
||||
|
||||
$isrequest = stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/activity+json') ||
|
||||
stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/json') ||
|
||||
stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/ld+json');
|
||||
|
||||
if ($isrequest) {
|
||||
if (stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/activity+json') || stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/ld+json')) {
|
||||
Logger::debug('Is AP request', ['accept' => $_SERVER['HTTP_ACCEPT'], 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '']);
|
||||
return true;
|
||||
}
|
||||
|
||||
return $isrequest;
|
||||
if (stristr($_SERVER['HTTP_ACCEPT'] ?? '', 'application/json')) {
|
||||
Logger::debug('Is JSON request', ['accept' => $_SERVER['HTTP_ACCEPT'], 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '']);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private static function getAccountType(array $apcontact): int
|
||||
|
|
Loading…
Reference in a new issue