hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Prevent remote access of local-only posts via /objects

Browse source 
Ref: fix-local-public
This commit is contained in:
Tusooa Zhu 2022-05-05 18:07:30 -04:00
commit fe933b9bf2
No known key found for this signature in database
GPG key ID: 7B467EDE43A08224
2 changed files with 25 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/pleroma/web/activity_pub/visibility.ex
View file

@ -84,7 +84,10 @@ defmodule Pleroma.Web.ActivityPub.Visibility do
when module in [Activity, Object] do
x = [user.ap_id | User.following(user)]
y = [message.data["actor"]] ++ message.data["to"] ++ (message.data["cc"] || [])
is_public?(message) || Enum.any?(x, &(&1 in y))
user_is_local = user.local
federatable = not is_local_public?(message)
(is_public?(message) || Enum.any?(x, &(&1 in y))) and (user_is_local || federatable)
end
def entire_thread_visible_for_user?(%Activity{} = activity, %User{} = user) do