LemmyNet
/
lemmy
3
2
Fork 3
Code Pull Requests 1 Releases Wiki Activity

Dont allow localhost or raw IPs in activitypub IDs (ref #1221)

This commit is contained in:
Felix Ableitner 2020-10-22 18:12:43 +02:00
parent dd99e77881
commit b08e0a6415
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lemmy_apub/src/lib.rs
View File

@ -27,6 +27,7 @@ use lemmy_structs::blocking;
use lemmy_utils::{location_info, settings::Settings, LemmyError};
use lemmy_websocket::LemmyContext;
use serde::Serialize;
use std::net::IpAddr;
use url::{ParseError, Url};
/// Activitystreams type for community
@ -72,6 +73,12 @@ fn check_is_apub_id_valid(apub_id: &Url) -> Result<(), LemmyError> {
};
}
let host = apub_id.host_str().context(location_info!())?;
let host_as_ip = host.parse::<IpAddr>();
if host == "localhost" || host_as_ip.is_ok() {
return Err(anyhow!("invalid hostname: {:?}", host).into());
}
if apub_id.scheme() != Settings::get().get_protocol_string() {
return Err(anyhow!("invalid apub id scheme: {:?}", apub_id.scheme()).into());
}