forked from mirrors/akkoma
transmogrifier: reject activities lacking a valid ID
This commit is contained in:
parent
d5bdd55b5d
commit
52b44184b4
1 changed files with 6 additions and 0 deletions
|
@ -177,6 +177,12 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do
|
|||
|
||||
def fix_content_map(object), do: object
|
||||
|
||||
# disallow objects with bogus IDs
|
||||
def handle_incoming(%{"id" => nil}), do: :error
|
||||
def handle_incoming(%{"id" => ""}), do: :error
|
||||
# length of https:// = 8, should validate better, but good enough for now.
|
||||
def handle_incoming(%{"id" => id}) when not (is_binary(id) and length(id) > 8), do: :error
|
||||
|
||||
# TODO: validate those with a Ecto scheme
|
||||
# - tags
|
||||
# - emoji
|
||||
|
|
Loading…
Reference in a new issue