bgme/mastodon
1
0
Fork 0
mirror of https://github.com/yingziwu/mastodon.git synced 2026-03-05 00:10:54 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge commit from fork

Browse source 
* Refuse granting quote authorization for reblogs

* Add validation to reject quotes of reblogs

* Do not process quotes of reblogs as potentially valid quotes

* Refuse to serve quoted reblogs over REST API
This commit is contained in:
Claire 2025-10-21 15:00:28 +02:00 committed by GitHub
parent 2b9e4294fe
commit 405a49df44
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 146 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/lib/activitypub/activity/quote_request.rb
View file

@ -7,7 +7,7 @@ class ActivityPub::Activity::QuoteRequest < ActivityPub::Activity
return if non_matching_uri_hosts?(@account.uri, @json['id'])
quoted_status = status_from_uri(object_uri)
return if quoted_status.nil? || !quoted_status.account.local? || !quoted_status.distributable?
return if quoted_status.nil? || !quoted_status.account.local? || !quoted_status.distributable? || quoted_status.reblog?
if StatusPolicy.new(@account, quoted_status).quote?
accept_quote_request!(quoted_status)