clones/friendica
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #13921 from annando/content-type 

Check for activity pub mime types
This commit is contained in:
Hypolite Petovan 2024-02-19 05:57:47 -05:00 committed by GitHub
parent d5c0f086bd 892e0a5623
commit bb7d25dfc9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/Model/APContact.php
View File

@ -208,6 +208,9 @@ class APContact
if (!$failed && ($curlResult->getReturnCode() == 410)) { if (!$failed && ($curlResult->getReturnCode() == 410)) {
$data = ['@context' => ActivityPub::CONTEXT, 'id' => $url, 'type' => 'Tombstone']; $data = ['@context' => ActivityPub::CONTEXT, 'id' => $url, 'type' => 'Tombstone'];
} elseif (!$failed && !HTTPSignature::isValidContentType($curlResult->getContentType())) {
Logger::debug('Unexpected content type', ['content-type' => $curlResult->getContentType(), 'url' => $url]);
$failed = true;
} }
} catch (\Exception $exception) { } catch (\Exception $exception) {
Logger::notice('Error fetching url', ['url' => $url, 'exception' => $exception]); Logger::notice('Error fetching url', ['url' => $url, 'exception' => $exception]);

10
src/Protocol/ActivityPub/Processor.php
View File

@ -1610,11 +1610,6 @@ class Processor
} }
if (empty($object) || !is_array($object)) { if (empty($object) || !is_array($object)) {
$element = explode(';', $curlResult->getContentType());
if (!in_array($element[0], ['application/activity+json', 'application/ld+json', 'application/json'])) {
Logger::debug('Unexpected content-type', ['url' => $url, 'content-type' => $curlResult->getContentType()]);
return null;
}
Logger::notice('Invalid JSON data', ['url' => $url, 'content-type' => $curlResult->getContentType(), 'body' => $body]); Logger::notice('Invalid JSON data', ['url' => $url, 'content-type' => $curlResult->getContentType(), 'body' => $body]);
return ''; return '';
} }
@ -1623,6 +1618,11 @@ class Processor
return ''; return '';
} }
if (!HTTPSignature::isValidContentType($curlResult->getContentType())) {
Logger::notice('Unexpected content type', ['content-type' => $curlResult->getContentType(), 'url' => $url]);
return '';
}
$ldobject = JsonLD::compact($object); $ldobject = JsonLD::compact($object);
$signer = []; $signer = [];

16
src/Util/HTTPSignature.php
View File

@ -443,9 +443,25 @@ class HTTPSignature
return []; return [];
} }
if (!self::isValidContentType($curlResult->getContentType())) {
Logger::notice('Unexpected content type', ['content-type' => $curlResult->getContentType(), 'url' => $request]);
return [];
}
return $content; return $content;
} }
/**
* Check if the provided content type is a valid LD JSON mime type
*
* @param string $contentType
* @return boolean
*/
public static function isValidContentType(string $contentType): bool
{
return in_array(current(explode(';', $contentType)), ['application/activity+json', 'application/ld+json']);
}
/** /**
* Fetches raw data for a user * Fetches raw data for a user
* *