aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/helpers/custom-validators
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-03-19 10:23:42 +0100
committerChocobozzz <me@florianbigard.com>2018-03-19 10:32:51 +0100
commitf47776e265a45859aaf8519d7de85c6f35fdf40a (patch)
tree73ff2ff46204b3e129202b10e17eba4c0ebbad6f /server/helpers/custom-validators
parentf6aec1b0f64b18a767b458286e0d6a5f6549a573 (diff)
downloadPeerTube-f47776e265a45859aaf8519d7de85c6f35fdf40a.tar.gz
PeerTube-f47776e265a45859aaf8519d7de85c6f35fdf40a.tar.zst
PeerTube-f47776e265a45859aaf8519d7de85c6f35fdf40a.zip
Sanitize invalid actor description
Diffstat (limited to 'server/helpers/custom-validators')
-rw-r--r--server/helpers/custom-validators/activitypub/actor.ts4
1 files changed, 4 insertions, 0 deletions
diff --git a/server/helpers/custom-validators/activitypub/actor.ts b/server/helpers/custom-validators/activitypub/actor.ts
index df0edc30e..9908be4d3 100644
--- a/server/helpers/custom-validators/activitypub/actor.ts
+++ b/server/helpers/custom-validators/activitypub/actor.ts
@@ -1,5 +1,6 @@
1import * as validator from 'validator' 1import * as validator from 'validator'
2import { CONSTRAINTS_FIELDS } from '../../../initializers' 2import { CONSTRAINTS_FIELDS } from '../../../initializers'
3import { normalizeActor } from '../../../lib/activitypub'
3import { exists } from '../misc' 4import { exists } from '../misc'
4import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' 5import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc'
5 6
@@ -52,6 +53,7 @@ function isActorObjectValid (actor: any) {
52 isActorPublicKeyObjectValid(actor.publicKey) && 53 isActorPublicKeyObjectValid(actor.publicKey) &&
53 isActorEndpointsObjectValid(actor.endpoints) && 54 isActorEndpointsObjectValid(actor.endpoints) &&
54 setValidAttributedTo(actor) && 55 setValidAttributedTo(actor) &&
56
55 // If this is not an account, it should be attributed to an account 57 // If this is not an account, it should be attributed to an account
56 // In PeerTube we use this to attach a video channel to a specific account 58 // In PeerTube we use this to attach a video channel to a specific account
57 (actor.type === 'Person' || actor.attributedTo.length !== 0) 59 (actor.type === 'Person' || actor.attributedTo.length !== 0)
@@ -83,6 +85,8 @@ function isActorRejectActivityValid (activity: any) {
83} 85}
84 86
85function isActorUpdateActivityValid (activity: any) { 87function isActorUpdateActivityValid (activity: any) {
88 normalizeActor(activity.object)
89
86 return isBaseActivityValid(activity, 'Update') && 90 return isBaseActivityValid(activity, 'Update') &&
87 isActorObjectValid(activity.object) 91 isActorObjectValid(activity.object)
88} 92}