Disallow nil hosts in should_federate
This commit is contained in:
parent
6cb40bee26
commit
063e3c0d34
3 changed files with 13 additions and 1 deletions
|
@ -16,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
|
|
||||||
## Fixed
|
## Fixed
|
||||||
- Documentation issue in which a non-existing nginx file was referenced
|
- Documentation issue in which a non-existing nginx file was referenced
|
||||||
|
- Issue where a bad inbox URL could break federation
|
||||||
|
|
||||||
## 2023.08
|
## 2023.08
|
||||||
|
|
||||||
|
|
|
@ -115,13 +115,17 @@ defmodule Pleroma.Web.ActivityPub.Publisher do
|
||||||
def should_federate?(url) do
|
def should_federate?(url) do
|
||||||
%{host: host} = URI.parse(url)
|
%{host: host} = URI.parse(url)
|
||||||
|
|
||||||
with allowed <- allowed_instances(),
|
with {:nil, false} <- {:nil, is_nil(host)},
|
||||||
|
allowed <- allowed_instances(),
|
||||||
false <- Enum.empty?(allowed) do
|
false <- Enum.empty?(allowed) do
|
||||||
allowed
|
allowed
|
||||||
|> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples()
|
|> Pleroma.Web.ActivityPub.MRF.instance_list_from_tuples()
|
||||||
|> Pleroma.Web.ActivityPub.MRF.subdomains_regex()
|
|> Pleroma.Web.ActivityPub.MRF.subdomains_regex()
|
||||||
|> Pleroma.Web.ActivityPub.MRF.subdomain_match?(host)
|
|> Pleroma.Web.ActivityPub.MRF.subdomain_match?(host)
|
||||||
else
|
else
|
||||||
|
# oi!
|
||||||
|
{:nil, true} ->
|
||||||
|
false
|
||||||
_ ->
|
_ ->
|
||||||
quarantined_instances =
|
quarantined_instances =
|
||||||
blocked_instances()
|
blocked_instances()
|
||||||
|
|
|
@ -487,4 +487,11 @@ defmodule Pleroma.Web.ActivityPub.PublisherTest do
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "should_federate/1" do
|
||||||
|
test "should not obliterate itself if the inbox URL is bad" do
|
||||||
|
url = "/inbox"
|
||||||
|
refute Pleroma.Web.ActivityPub.Publisher.should_federate?(url)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue