From a3c323b366e58c154e5a43f56d85412762e0ac83 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 26 May 2021 20:52:39 +0000 Subject: [PATCH] Issue 10262: Don't accept BCC posts from non followers --- src/Protocol/ActivityPub/Processor.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Protocol/ActivityPub/Processor.php b/src/Protocol/ActivityPub/Processor.php index ecbecb9551..aba285c180 100644 --- a/src/Protocol/ActivityPub/Processor.php +++ b/src/Protocol/ActivityPub/Processor.php @@ -602,6 +602,12 @@ class Processor continue; } + if (!$item['isForum'] && ($receiver != 0) && ($item['gravity'] == GRAVITY_PARENT) && + ($item['post-reason'] == Item::PR_BCC) && !Contact::isSharingByURL($activity['author'], $receiver)) { + Logger::info('Top level post via BCC from a non follower, ignoring', ['uid' => $receiver, 'contact' => $item['contact-id']]); + continue; + } + if (DI::pConfig()->get($receiver, 'system', 'accept_only_sharer', false) && ($receiver != 0) && ($item['gravity'] == GRAVITY_PARENT)) { $skip = !Contact::isSharingByURL($activity['author'], $receiver);