miklo
/
friendica
sforkowany z mirror/friendica
1
0
Forkuj 0
Kod Zgłoszenia Oczekujące zmiany Packages Projekty Wydania Wiki Aktywność

Add item user owner data check in Model\Item::isValid 

- Prevents deleted users from posting any item, manually or automatically through mirroring
2022.09-rc
Hypolite Petovan 2020-12-15 09:41:58 -05:00
rodzic 8c17a6b4d9
commit 0951a50bcd
1 zmienionych plików z 13 dodań i 0 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

13
src/Model/Item.php
Wyświetl plik

@ -1385,6 +1385,19 @@ class Item
return false; return false;
} }
if (!empty($item['uid'])) {
$owner = User::getOwnerDataById($item['uid'], false);
if (!$owner) {
Logger::notice('Missing item user owner data', ['uid' => $item['uid']]);
return false;
}
if ($owner['deleted'] || $owner['account_expired'] || $owner['account_removed']) {
Logger::notice('Item user has been deleted/expired/removed', ['uid' => $item['uid'], 'deleted' => $owner['deleted'], 'account_expired' => $owner['account_expired'], 'account_removed' => $owner['account_removed']]);
return false;
}
}
if (!empty($item['author-id']) && Contact::isBlocked($item['author-id'])) { if (!empty($item['author-id']) && Contact::isBlocked($item['author-id'])) {
Logger::notice('Author is blocked node-wide', ['author-link' => $item['author-link'], 'item-uri' => $item['uri']]); Logger::notice('Author is blocked node-wide', ['author-link' => $item['author-link'], 'item-uri' => $item['uri']]);
return false; return false;