Merge pull request #682 from pixelfed/frontend-ui-refactor

Update FederationController
2018-12-25 18:07:51 -07:00 · 2018-12-25 18:07:51 -07:00 · a88b6e6b68
parent c837f5aea9 eaaf8fbcd7
commit a88b6e6b68
1 changed files with 8 additions and 0 deletions
--- a/app/Http/Controllers/FederationController.php
+++ b/app/Http/Controllers/FederationController.php
@ -191,6 +191,14 @@ XML;
        $id = Helpers::validateUrl($bodyDecoded['id']);
        $keyDomain = parse_url($keyId, PHP_URL_HOST);
        $idDomain = parse_url($id, PHP_URL_HOST);
+        if(isset($bodyDecoded['object']) 
+            && is_array($bodyDecoded['object'])
+            && isset($bodyDecoded['object']['attributedTo'])
+        ) {
+            if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $keyDomain) {
+                abort(400, 'Invalid request');
+            }
+        }
        if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
            abort(400, 'Invalid request');
        }