From 1ffbaa2924a84bb6fab19062d73996fb13de8e9b Mon Sep 17 00:00:00 2001 From: Floatingghost Date: Mon, 6 Jan 2025 11:43:41 +0000 Subject: [PATCH] don't allow a nil inbox to obliterate federation --- CHANGELOG.md | 3 +++ lib/pleroma/web/activity_pub/publisher.ex | 4 +++- test/pleroma/web/activity_pub/publisher_test.exs | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 07b758ac6..42ed630fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## Unreleased +## 2025.01.01 + +Hotfix: Federation could break if a null value found its way into `should_federate?\1` ## 2025.01 diff --git a/lib/pleroma/web/activity_pub/publisher.ex b/lib/pleroma/web/activity_pub/publisher.ex index 4fe394be6..07f430805 100644 --- a/lib/pleroma/web/activity_pub/publisher.ex +++ b/lib/pleroma/web/activity_pub/publisher.ex @@ -112,7 +112,7 @@ defp allowed_instances do Config.get([:mrf_simple, :accept]) end - def should_federate?(url) do + def should_federate?(url) when is_binary(url) do %{host: host} = URI.parse(url) with {nil, false} <- {nil, is_nil(host)}, @@ -137,6 +137,8 @@ def should_federate?(url) do end end + def should_federate?(_), do: false + @spec recipients(User.t(), Activity.t()) :: list(User.t()) | [] defp recipients(actor, activity) do followers = diff --git a/test/pleroma/web/activity_pub/publisher_test.exs b/test/pleroma/web/activity_pub/publisher_test.exs index eeec59cfb..5896568b8 100644 --- a/test/pleroma/web/activity_pub/publisher_test.exs +++ b/test/pleroma/web/activity_pub/publisher_test.exs @@ -519,6 +519,9 @@ test "publish to url with with different ports" do test "should not obliterate itself if the inbox URL is bad" do url = "/inbox" refute Pleroma.Web.ActivityPub.Publisher.should_federate?(url) + + url = nil + refute Pleroma.Web.ActivityPub.Publisher.should_federate?(url) end end end