From 21218c794bf3633be114053edb837da0ef8a6ebb Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Thu, 9 Nov 2023 02:47:20 -0700
Subject: [PATCH] Update AP helpers, improve preferredUsername validation

---
 app/Util/ActivityPub/Helpers.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index 1304f0811..989334926 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -760,6 +760,13 @@ class Helpers {
         if(!isset($res['preferredUsername']) && !isset($res['nickname'])) {
             return;
         }
+        // skip invalid usernames
+        if(!ctype_alnum($res['preferredUsername'])) {
+            $tmpUsername = str_replace(['_', '.', '-'], '', $res['preferredUsername']);
+            if(!ctype_alnum($tmpUsername)) {
+                return;
+            }
+        }
         $username = (string) Purify::clean($res['preferredUsername'] ?? $res['nickname']);
         if(empty($username)) {
             return;