techhub/mastodon
2
0
Fork 0
Code Activity

Merge commit from fork

Browse Source 
* Refuse granting quote authorization for reblogs

* Add validation to reject quotes of reblogs

* Do not process quotes of reblogs as potentially valid quotes

* Refuse to serve quoted reblogs over REST API
This commit is contained in:
Claire
2025-10-21 15:00:28 +02:00
committed by GitHub
parent 2b9e4294fe
commit 405a49df44
8 changed files with 146 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/services/activitypub/verify_quote_service.rb
View File

@@ -73,7 +73,7 @@ class ActivityPub::VerifyQuoteService < BaseService
status ||= ActivityPub::FetchRemoteStatusService.new.call(uri, on_behalf_of: @quote.account.followers.local.first, prefetched_body:, request_id: @request_id, depth: @depth + 1)
@quote.update(quoted_status: status) if status.present?
@quote.update(quoted_status: status) if status.present? && !status.reblog?
rescue Mastodon::RecursionLimitExceededError, Mastodon::UnexpectedResponseError, *Mastodon::HTTP_CONNECTION_ERRORS => e
@fetching_error = e
end
@@ -91,7 +91,7 @@ class ActivityPub::VerifyQuoteService < BaseService
status = ActivityPub::FetchRemoteStatusService.new.call(object['id'], prefetched_body: object, on_behalf_of: @quote.account.followers.local.first, request_id: @request_id, depth: @depth)
if status.present?
if status.present? && !status.reblog?
@quote.update(quoted_status: status)
true
else