Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-28 02:30:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Avoid local network communication / invalid url requests

Browse source
This commit is contained in:
Michael 2023-01-27 05:55:45 +00:00
parent 6bedd190b9
commit ba4860b787
12 changed files with 96 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/Worker/Notifier.php
View file

@ -517,7 +517,11 @@ class Notifier
foreach ($contacts as $contact) {
// Direct delivery of local contacts
if (!in_array($cmd, [Delivery::RELOCATION, Delivery::SUGGESTION, Delivery::DELETION, Delivery::MAIL]) && $target_uid = User::getIdForURL($contact['url'])) {
if (!in_array($cmd, [Delivery::RELOCATION, Delivery::SUGGESTION, Delivery::MAIL]) && $target_uid = User::getIdForURL($contact['url'])) {
if ($cmd == Delivery::DELETION) {
Logger::info('No need to deliver deletions internally', ['uid' => $target_uid, 'guid' => $target_item['guid'], 'uri-id' => $target_item['uri-id'], 'uri' => $target_item['uri']]);
continue;
}
if ($target_item['origin'] || ($target_item['network'] != Protocol::ACTIVITYPUB)) {
if ($target_uid != $target_item['uid']) {
$fields = ['protocol' => Conversation::PARCEL_LOCAL_DFRN, 'direction' => Conversation::PUSH, 'post-reason' => Item::PR_DIRECT];
@ -839,7 +843,11 @@ class Notifier
if ((count($receivers) == 1) && Network::isLocalLink($inbox)) {
$contact = Contact::getById($receivers[0], ['url']);
if (!in_array($cmd, [Delivery::RELOCATION, Delivery::SUGGESTION, Delivery::DELETION, Delivery::MAIL]) && ($target_uid = User::getIdForURL($contact['url']))) {
if (!in_array($cmd, [Delivery::RELOCATION, Delivery::SUGGESTION, Delivery::MAIL]) && ($target_uid = User::getIdForURL($contact['url']))) {
if ($cmd == Delivery::DELETION) {
Logger::info('No need to deliver deletions internally', ['uid' => $target_uid, 'guid' => $target_item['guid'], 'uri-id' => $target_item['uri-id'], 'uri' => $target_item['uri']]);
continue;
}
if ($target_item['origin'] || ($target_item['network'] != Protocol::ACTIVITYPUB)) {
if ($target_uid != $target_item['uid']) {
$fields = ['protocol' => Conversation::PARCEL_LOCAL_DFRN, 'direction' => Conversation::PUSH, 'post-reason' => Item::PR_BCC];

6
src/Worker/OnePoll.php
View file

@ -38,6 +38,7 @@ use Friendica\Protocol\ActivityPub;
use Friendica\Protocol\Email;
use Friendica\Protocol\Feed;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
class OnePoll
@ -157,6 +158,11 @@ class OnePoll
return false;
}
if (!Network::isValidHttpUrl($contact['poll'])) {
Logger::notice('Poll address is not valid', ['id' => $contact['id'], 'uid' => $contact['uid'], 'url' => $contact['url'], 'poll' => $contact['poll']]);
return false;
}
$cookiejar = tempnam(System::getTempPath(), 'cookiejar-onepoll-');
$curlResult = DI::httpClient()->get($contact['poll'], HttpClientAccept::FEED_XML, [HttpClientOptions::COOKIEJAR => $cookiejar]);
unlink($cookiejar);