From 802cf6a4c53175c7da17ded39cf75679fa352385 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Wed, 22 Aug 2018 20:55:14 +0200
Subject: Improve federated ID validation (#8372)

* Fix URI not being sufficiently validated with prefetched JSON

* Add additional id validation to OStatus documents, when possible
---
 app/helpers/jsonld_helper.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'app/helpers')

diff --git a/app/helpers/jsonld_helper.rb b/app/helpers/jsonld_helper.rb
index 9d2b6cf00..532397272 100644
--- a/app/helpers/jsonld_helper.rb
+++ b/app/helpers/jsonld_helper.rb
@@ -73,8 +73,10 @@ module JsonLdHelper
     end
   end
 
-  def body_to_json(body)
-    body.is_a?(String) ? Oj.load(body, mode: :strict) : body
+  def body_to_json(body, compare_id: nil)
+    json = body.is_a?(String) ? Oj.load(body, mode: :strict) : body
+    return if compare_id.present? && json['id'] != compare_id
+    json
   rescue Oj::ParseError
     nil
   end
-- 
cgit 


From 56f882aed6fc81bbe4fb8821f11ba196795c99a8 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Wed, 22 Aug 2018 20:55:50 +0200
Subject: Avoid deleted attributes when building a Status from action log
 (fixes #8371) (#8373)

---
 app/helpers/admin/action_logs_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/helpers')

diff --git a/app/helpers/admin/action_logs_helper.rb b/app/helpers/admin/action_logs_helper.rb
index 85bd30304..c28f0be6b 100644
--- a/app/helpers/admin/action_logs_helper.rb
+++ b/app/helpers/admin/action_logs_helper.rb
@@ -33,7 +33,7 @@ module Admin::ActionLogsHelper
     when 'DomainBlock', 'EmailDomainBlock'
       link_to attributes['domain'], "https://#{attributes['domain']}"
     when 'Status'
-      tmp_status = Status.new(attributes)
+      tmp_status = Status.new(attributes.except('reblogs_count', 'favourites_count'))
       if tmp_status.account
         link_to tmp_status.account&.acct || "##{tmp_status.account_id}", admin_account_path(tmp_status.account_id)
       else
-- 
cgit