Merge branch 'glitch'

author: pluralcafe-docker <docker@plural.cafe> 2018-08-23 06:16:14 +0000
committer: pluralcafe-docker <docker@plural.cafe> 2018-08-23 06:16:14 +0000
commit: 0fa521de89168ef33423fc7306a33d4a1c3badf3 (patch)
tree: ce3663d75ca93ea2d32e10de532eb18a230cf6e0 /app/services/fetch_remote_account_service.rb
parent: a4935a8e24dcfa865fb330693d8ec90beca1aa98 (diff)
parent: 8aa58e34bb2b62192a997ac7ea8919b22fc45f80 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/services/fetch_remote_account_service.rb b/app/services/fetch_remote_account_service.rb
index a0f031a44..cfc560022 100644
--- a/app/services/fetch_remote_account_service.rb
+++ b/app/services/fetch_remote_account_service.rb
@@ -27,7 +27,7 @@ class FetchRemoteAccountService < BaseService
 
     account = author_from_xml(xml.at_xpath('/xmlns:feed', xmlns: OStatus::TagManager::XMLNS), false)
 
-    UpdateRemoteProfileService.new.call(xml, account) unless account.nil?
+    UpdateRemoteProfileService.new.call(xml, account) if account.present? && trusted_domain?(url, account)
 
     account
   rescue TypeError
@@ -37,4 +37,9 @@ class FetchRemoteAccountService < BaseService
     Rails.logger.debug 'Invalid XML or missing namespace'
     nil
   end
+
+  def trusted_domain?(url, account)
+    domain = Addressable::URI.parse(url).normalized_host
+    domain.casecmp(account.domain).zero? || domain.casecmp(Addressable::URI.parse(account.remote_url.presence || account.uri).normalized_host).zero?
+  end
 end
author	pluralcafe-docker <docker@plural.cafe>	2018-08-23 06:16:14 +0000
committer	pluralcafe-docker <docker@plural.cafe>	2018-08-23 06:16:14 +0000
commit	0fa521de89168ef33423fc7306a33d4a1c3badf3 (patch)
tree	ce3663d75ca93ea2d32e10de532eb18a230cf6e0 /app/services/fetch_remote_account_service.rb
parent	a4935a8e24dcfa865fb330693d8ec90beca1aa98 (diff)
parent	8aa58e34bb2b62192a997ac7ea8919b22fc45f80 (diff)