avoid processing incoming posts that have invisible participants

author: multiple creatures <dev@multiple-creature.party> 2019-08-25 23:18:04 -0500
committer: multiple creatures <dev@multiple-creature.party> 2019-08-25 23:18:04 -0500
commit: 050a65c7d8ef229a92a97005c22703a8efa79267 (patch)
tree: 08230f1d39f5bf50fc143410d2cd26e8246009c7 /app
parent: 363438a241e2c44077b83e29859b37af2714c1fe (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index c95317646..59a962fe7 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -138,7 +138,16 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
       # control anyway
       account = account_from_uri(audience)
 
-      next if account.nil? || @mentions.any? { |mention| mention.account_id == account.id }
+      if account.nil?
+        if @options[:requested]
+          @potential_scope_leak = true unless Account.where(followers_url: audience, suspended_at: nil).exists?
+        else
+          @potential_scope_leak = true unless Account.where(followers_url: audience, known: true, suspended_at: nil).exists?
+        end
+        next
+      end
+
+      next if @mentions.any? { |mention| mention.account_id == account.id }
 
       @mentions << Mention.new(account: account, silent: true)
author	multiple creatures <dev@multiple-creature.party>	2019-08-25 23:18:04 -0500
committer	multiple creatures <dev@multiple-creature.party>	2019-08-25 23:18:04 -0500
commit	050a65c7d8ef229a92a97005c22703a8efa79267 (patch)
tree	08230f1d39f5bf50fc143410d2cd26e8246009c7 /app
parent	363438a241e2c44077b83e29859b37af2714c1fe (diff)