bgme/mastodon
1
0
Fork 0
mirror of https://github.com/yingziwu/mastodon.git synced 2026-02-04 03:25:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 13

Merge commit from fork

Browse source 
* Refuse granting quote authorization for reblogs

* Add validation to reject quotes of reblogs

* Do not process quotes of reblogs as potentially valid quotes

* Refuse to serve quoted reblogs over REST API
This commit is contained in:
Claire 2025-10-21 15:00:28 +02:00 committed by GitHub
parent 2b9e4294fe
commit 405a49df44
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 146 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/services/activitypub/verify_quote_service.rb
View file

@ -73,7 +73,7 @@ class ActivityPub::VerifyQuoteService < BaseService
status ||= ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: @quote.account.followers.local.first, prefetched_body:, request_id: @request_id, depth: @depth + 1)
@quote.update(quoted_status: status) if status.present?
@quote.update(quoted_status: status) if status.present? && !status.reblog?
rescue Mastodon::RecursionLimitExceededError, Mastodon::UnexpectedResponseError, *Mastodon::HTTP_CONNECTION_ERRORS => e
@fetching_error = e
end
@ -91,7 +91,7 @@ class ActivityPub::VerifyQuoteService < BaseService
status = ActivityPub::FetchRemoteStatusService.new.call(object['id'], prefetched_body: object, on_behalf_of: @quote.account.followers.local.first, request_id: @request_id, depth: @depth)
if status.present?
if status.present? && !status.reblog?
@quote.update(quoted_status: status)
true
else