From 21218c794bf3633be114053edb837da0ef8a6ebb Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Thu, 9 Nov 2023 02:47:20 -0700 Subject: [PATCH 1/2] Update AP helpers, improve preferredUsername validation --- app/Util/ActivityPub/Helpers.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php index 1304f0811..989334926 100644 --- a/app/Util/ActivityPub/Helpers.php +++ b/app/Util/ActivityPub/Helpers.php @@ -760,6 +760,13 @@ class Helpers { if(!isset($res['preferredUsername']) && !isset($res['nickname'])) { return; } + // skip invalid usernames + if(!ctype_alnum($res['preferredUsername'])) { + $tmpUsername = str_replace(['_', '.', '-'], '', $res['preferredUsername']); + if(!ctype_alnum($tmpUsername)) { + return; + } + } $username = (string) Purify::clean($res['preferredUsername'] ?? $res['nickname']); if(empty($username)) { return; From d24c60576f740137646c4aba8a6b0f88fc16d2a2 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Thu, 9 Nov 2023 02:50:09 -0700 Subject: [PATCH 2/2] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47c05e1d4..1ded48d3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,7 @@ - Update AccountImport ([5a2d7e3e](https://github.com/pixelfed/pixelfed/commit/5a2d7e3e)) - Update ImportPostController, fix IG bug with missing spaces between hashtags ([9c24157a](https://github.com/pixelfed/pixelfed/commit/9c24157a)) - Update ApiV1Controller, fix mutes in home feed ([ddc21714](https://github.com/pixelfed/pixelfed/commit/ddc21714)) +- Update AP helpers, improve preferredUsername validation ([21218c79](https://github.com/pixelfed/pixelfed/commit/21218c79)) - ([](https://github.com/pixelfed/pixelfed/commit/)) ## [v0.11.9 (2023-08-21)](https://github.com/pixelfed/pixelfed/compare/v0.11.8...v0.11.9)