From f47776e265a45859aaf8519d7de85c6f35fdf40a Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 19 Mar 2018 10:23:42 +0100 Subject: Sanitize invalid actor description --- server/helpers/custom-validators/activitypub/actor.ts | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'server/helpers/custom-validators') diff --git a/server/helpers/custom-validators/activitypub/actor.ts b/server/helpers/custom-validators/activitypub/actor.ts index df0edc30e..9908be4d3 100644 --- a/server/helpers/custom-validators/activitypub/actor.ts +++ b/server/helpers/custom-validators/activitypub/actor.ts @@ -1,5 +1,6 @@ import * as validator from 'validator' import { CONSTRAINTS_FIELDS } from '../../../initializers' +import { normalizeActor } from '../../../lib/activitypub' import { exists } from '../misc' import { isActivityPubUrlValid, isBaseActivityValid, setValidAttributedTo } from './misc' @@ -52,6 +53,7 @@ function isActorObjectValid (actor: any) { isActorPublicKeyObjectValid(actor.publicKey) && isActorEndpointsObjectValid(actor.endpoints) && setValidAttributedTo(actor) && + // If this is not an account, it should be attributed to an account // In PeerTube we use this to attach a video channel to a specific account (actor.type === 'Person' || actor.attributedTo.length !== 0) @@ -83,6 +85,8 @@ function isActorRejectActivityValid (activity: any) { } function isActorUpdateActivityValid (activity: any) { + normalizeActor(activity.object) + return isBaseActivityValid(activity, 'Update') && isActorObjectValid(activity.object) } -- cgit v1.2.3