diff options
author | Chocobozzz <me@florianbigard.com> | 2018-03-19 10:23:42 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-03-19 10:32:51 +0100 |
commit | f47776e265a45859aaf8519d7de85c6f35fdf40a (patch) | |
tree | 73ff2ff46204b3e129202b10e17eba4c0ebbad6f /server/helpers/custom-validators | |
parent | f6aec1b0f64b18a767b458286e0d6a5f6549a573 (diff) | |
download | PeerTube-f47776e265a45859aaf8519d7de85c6f35fdf40a.tar.gz PeerTube-f47776e265a45859aaf8519d7de85c6f35fdf40a.tar.zst PeerTube-f47776e265a45859aaf8519d7de85c6f35fdf40a.zip |
Sanitize invalid actor description
Diffstat (limited to 'server/helpers/custom-validators')
-rw-r--r-- | server/helpers/custom-validators/activitypub/actor.ts | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/server/helpers/custom-validators/activitypub/actor.ts b/server/helpers/custom-validators/activitypub/actor.ts index df0edc30e..9908be4d3 100644 --- a/server/helpers/custom-validators/activitypub/actor.ts +++ b/server/helpers/custom-validators/activitypub/actor.ts | |||
@@ -1,5 +1,6 @@ | |||
1 | import * as validator from 'validator' | 1 | import * as validator from 'validator' |
2 | import { CONSTRAINTS_FIELDS } from '../../../initializers' | 2 | import { CONSTRAINTS_FIELDS } from '../../../initializers' |
3 | import { normalizeActor } from '../../../lib/activitypub' | ||
3 | import { exists } from '../misc' | 4 | import { exists } from '../misc' |
4 | import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' | 5 | import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' |
5 | 6 | ||
@@ -52,6 +53,7 @@ function isActorObjectValid (actor: any) { | |||
52 | isActorPublicKeyObjectValid(actor.publicKey) && | 53 | isActorPublicKeyObjectValid(actor.publicKey) && |
53 | isActorEndpointsObjectValid(actor.endpoints) && | 54 | isActorEndpointsObjectValid(actor.endpoints) && |
54 | setValidAttributedTo(actor) && | 55 | setValidAttributedTo(actor) && |
56 | |||
55 | // If this is not an account, it should be attributed to an account | 57 | // If this is not an account, it should be attributed to an account |
56 | // In PeerTube we use this to attach a video channel to a specific account | 58 | // In PeerTube we use this to attach a video channel to a specific account |
57 | (actor.type === 'Person' || actor.attributedTo.length !== 0) | 59 | (actor.type === 'Person' || actor.attributedTo.length !== 0) |
@@ -83,6 +85,8 @@ function isActorRejectActivityValid (activity: any) { | |||
83 | } | 85 | } |
84 | 86 | ||
85 | function isActorUpdateActivityValid (activity: any) { | 87 | function isActorUpdateActivityValid (activity: any) { |
88 | normalizeActor(activity.object) | ||
89 | |||
86 | return isBaseActivityValid(activity, 'Update') && | 90 | return isBaseActivityValid(activity, 'Update') && |
87 | isActorObjectValid(activity.object) | 91 | isActorObjectValid(activity.object) |
88 | } | 92 | } |