From e3c11f76ae9dbf18b1751b50e1c33b8392eb7acb Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Sat, 15 Jun 2019 23:30:12 -0600
Subject: [PATCH] Update Helpers

---
 app/Util/ActivityPub/Helpers.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index 28c370734..f2c1169db 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -284,6 +284,12 @@ class Helpers {
 				}
 			}
 
+			if(!self::validateUrl($res['id']) ||
+			   !self::validateUrl($activity['object']['attributedTo'])
+			) {
+				abort(400, 'Invalid object url');
+			}
+
 			$idDomain = parse_url($res['id'], PHP_URL_HOST);
 			$urlDomain = parse_url($url, PHP_URL_HOST);
 			$actorDomain = parse_url($activity['object']['attributedTo'], PHP_URL_HOST);