@ -372,6 +372,10 @@ class Helpers {
$idDomain = parse_url($id, PHP_URL_HOST);
$urlDomain = parse_url($url, PHP_URL_HOST);
if($idDomain & & $urlDomain & & strtolower($idDomain) !== strtolower($urlDomain)) {
return;
}
if(!self::validateUrl($id)) {
return;
}
@ -455,14 +459,21 @@ class Helpers {
public static function storeStatus($url, $profile, $activity)
{
$originalUrl = $url;
$id = isset($activity['id']) ? self::pluckval($activity['id']) : self::pluckval($activity['url']);
$url = isset($activity['url']) & & is_string($activity['url']) ? self::pluckval($activity['url']) : self::pluckval($id);
$idDomain = parse_url($id, PHP_URL_HOST);
$urlDomain = parse_url($url, PHP_URL_HOST);
$originalUrlDomain = parse_url($originalUrl, PHP_URL_HOST);
if(!self::validateUrl($id) || !self::validateUrl($url)) {
return;
}
if( strtolower($originalUrlDomain) !== strtolower($idDomain) ||
strtolower($originalUrlDomain) !== strtolower($urlDomain) ) {
return;
}
$reply_to = self::getReplyTo($activity);
$ts = self::pluckval($activity['published']);
@ -763,7 +774,11 @@ class Helpers {
if(!$res || isset($res['id']) == false) {
return;
}
$urlDomain = parse_url($url, PHP_URL_HOST);
$domain = parse_url($res['id'], PHP_URL_HOST);
if(strtolower($urlDomain) !== strtolower($domain)) {
return;
}
if(!isset($res['preferredUsername']) & & !isset($res['nickname'])) {
return;
}
@ -831,6 +846,9 @@ class Helpers {
public static function sendSignedObject($profile, $url, $body)
{
if(app()->environment() !== 'production') {
return;
}
ActivityPubDeliveryService::queue()
->from($profile)
->to($url)