clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Tighten profile restriction feature

Browse Source 
- Prevent feed access to restricted profiles
- Rework display of restricted profiles with a redirect to the profile/restricted route
- Normalize permission checking with IHandleUserSession->isAuthenticated
- Remove unusable "nocache" parameter in feed module because session isn't initialized
- Reword setting name and description
This commit is contained in:
Hypolite Petovan
2022-11-30 13:50:52 -05:00
parent 0d53c69610
commit b83526ad0b
16 changed files with 135 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Module/ActivityPub/Objects.php
View File

@@ -29,6 +29,7 @@ use Friendica\DI;
use Friendica\Model\Contact;
use Friendica\Model\Item;
use Friendica\Model\Post;
use Friendica\Model\User;
use Friendica\Network\HTTPException;
use Friendica\Protocol\ActivityPub;
use Friendica\Util\HTTPSignature;
@@ -74,7 +75,9 @@ class Objects extends BaseModule
throw new HTTPException\NotFoundException();
}
$validated = in_array($item['private'], [Item::PUBLIC, Item::UNLISTED]);
$owner = User::getById($item['uid'], ['hidewall']);
$validated = empty($owner['hidewall']) && in_array($item['private'], [Item::PUBLIC, Item::UNLISTED]);
if (!$validated) {
$requester = HTTPSignature::getSigner('', $_SERVER);