federator: do origin containment when processing inbound messages

author: William Pitcock <nenolod@dereferenced.org> 2018-11-17 20:43:43 +0000
committer: William Pitcock <nenolod@dereferenced.org> 2018-11-17 20:43:43 +0000
commit: 3d9266a8cbf7e1d0979ad7e17dd553851e73d81e (patch)
tree: 4b97bbf8d1b4ae11f5ab8514d428314511689e7e
parent: 55640c4804d1fe1c39b155f8acd5f820425fb7f6 (diff)
download: pleroma-3d9266a8cbf7e1d0979ad7e17dd553851e73d81e.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/pleroma/web/federator/federator.ex b/lib/pleroma/web/federator/federator.ex
index 962cacfa3..33e6db9b9 100644
--- a/lib/pleroma/web/federator/federator.ex
+++ b/lib/pleroma/web/federator/federator.ex
@@ -101,8 +101,11 @@ defmodule Pleroma.Web.Federator do
 
     params = Utils.normalize_params(params)
 
+    # NOTE: we use the actor ID to do the containment, this is fine because an
+    # actor shouldn't be acting on objects outside their own AP server.
     with {:ok, _user} <- ap_enabled_actor(params["actor"]),
          nil <- Activity.normalize(params["id"]),
+         :ok <- Transmogrifier.contain_origin_from_id(params["actor"], params),
          {:ok, _activity} <- Transmogrifier.handle_incoming(params) do
     else
       %Activity{} ->
author	William Pitcock <nenolod@dereferenced.org>	2018-11-17 20:43:43 +0000
committer	William Pitcock <nenolod@dereferenced.org>	2018-11-17 20:43:43 +0000
commit	3d9266a8cbf7e1d0979ad7e17dd553851e73d81e (patch)
tree	4b97bbf8d1b4ae11f5ab8514d428314511689e7e
parent	55640c4804d1fe1c39b155f8acd5f820425fb7f6 (diff)
download	pleroma-3d9266a8cbf7e1d0979ad7e17dd553851e73d81e.tar.gz