bgme/mastodon
1
0
Fork 0
mirror of https://github.com/yingziwu/mastodon.git synced 2026-02-04 03:25:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Merge commit from fork

Browse source 
* Refuse granting quote authorization for reblogs

* Add validation to reject quotes of reblogs

* Do not process quotes of reblogs as potentially valid quotes

* Refuse to serve quoted reblogs over REST API
This commit is contained in:
Claire 2025-10-21 15:00:28 +02:00 committed by GitHub
parent 2b9e4294fe
commit 405a49df44
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 146 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/models/quote.rb
View file

@ -39,6 +39,7 @@ class Quote < ApplicationRecord
validates :activity_uri, presence: true, if: -> { account.local? && quoted_account&.remote? }
validates :approval_uri, absence: true, if: -> { quoted_account&.local? }
validate :validate_visibility
validate :validate_original_quoted_status
after_create_commit :increment_counter_caches!
after_destroy_commit :decrement_counter_caches!
@ -85,6 +86,10 @@ class Quote < ApplicationRecord
errors.add(:quoted_status_id, :visibility_mismatch)
end
def validate_original_quoted_status
errors.add(:quoted_status_id, :reblog_unallowed) if quoted_status&.reblog?
end
def set_activity_uri
self.activity_uri = [ActivityPub::TagManager.instance.uri_for(account), '/quote_requests/', SecureRandom.uuid].join
end