mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-12-25 01:05:36 +00:00
Update FederationController
This commit is contained in:
parent
55ca00ba30
commit
fedcdb204d
1 changed files with 8 additions and 0 deletions
|
@ -191,6 +191,14 @@ XML;
|
||||||
$id = Helpers::validateUrl($bodyDecoded['id']);
|
$id = Helpers::validateUrl($bodyDecoded['id']);
|
||||||
$keyDomain = parse_url($keyId, PHP_URL_HOST);
|
$keyDomain = parse_url($keyId, PHP_URL_HOST);
|
||||||
$idDomain = parse_url($id, PHP_URL_HOST);
|
$idDomain = parse_url($id, PHP_URL_HOST);
|
||||||
|
if(isset($bodyDecoded['object'])
|
||||||
|
&& is_array($bodyDecoded['object'])
|
||||||
|
&& isset($bodyDecoded['object']['attributedTo'])
|
||||||
|
) {
|
||||||
|
if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $idDomain) {
|
||||||
|
abort(400, 'Invalid request');
|
||||||
|
}
|
||||||
|
}
|
||||||
if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
|
if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
|
||||||
abort(400, 'Invalid request');
|
abort(400, 'Invalid request');
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue