From 89f49712acae3cd5b20b73975ee584ebcab2efcd Mon Sep 17 00:00:00 2001 From: multiple creatures Date: Mon, 26 Aug 2019 01:19:30 -0500 Subject: don't process incoming media or polls until sure the post is going to be saved in the first place --- app/lib/activitypub/activity/create.rb | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index a2353bc3d..3c0883180 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -56,20 +56,12 @@ class ActivityPub::Activity::Create < ActivityPub::Activity process_status_params return reject_payload! if twitter_retweet? || recipient_rejects_replies? + process_tags process_audience - return reject_payload! if potential_scope_leak? - @params[:visibility] = :unlisted if @params[:visibility] == :public && @account.force_unlisted? - @params[:sensitive] = true if @account.force_sensitive? - - if @options[:imported] - @params.except!(:uri, :url) - @params[:content_type] = 'text/html' - @params[:imported] = true - @params[:origin] = @origin_hash unless @origin_hash.nil? - end + postprocess_status_params ApplicationRecord.transaction do @status = Status.create!(@params) @@ -123,12 +115,27 @@ class ActivityPub::Activity::Create < ActivityPub::Activity thread: replied_to_status, conversation: conversation_from_uri(@object['conversation']), reject_replies: @object['rejectReplies'] || false, - media_attachment_ids: process_attachments.take(6).map(&:id), - poll: process_poll, } end end + def postprocess_status_params + begin + @params[:visibility] = :unlisted if @params[:visibility] == :public && @account.force_unlisted? + @params[:sensitive] = true if @account.force_sensitive? + + if @options[:imported] + @params.except!(:uri, :url) + @params[:content_type] = 'text/html' + @params[:imported] = true + @params[:origin] = @origin_hash unless @origin_hash.nil? + end + + @params[:media_attachment_ids] = process_attachments.take(6).map(&:id) + @params[:poll] = process_poll + end + end + def process_audience (as_array(@object['to']) + as_array(@object['cc'])).uniq.each do |audience| next if audience == ActivityPub::TagManager::COLLECTIONS[:public] -- cgit