TudbuT/conduit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: Do not allow fetching cached remote users' profiles over federation (nyaaori)

Browse source 
Signed-off-by: girlbossceo <june@girlboss.ceo>
This commit is contained in:
girlbossceo 2023-09-13 21:16:31 -04:00
parent 1b75d384d7
commit ebd2ec45b1
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/api/server_server.rs
View file

@ -1909,6 +1909,13 @@ pub async fn get_profile_information_route(
return Err(Error::bad_config("Federation is disabled.")); return Err(Error::bad_config("Federation is disabled."));
} }
if body.user_id.server_name() != services().globals.server_name() {
return Err(Error::BadRequest(
ErrorKind::NotFound,
"User does not belong to this server",
));
}
let mut displayname = None; let mut displayname = None;
let mut avatar_url = None; let mut avatar_url = None;
let mut blurhash = None; let mut blurhash = None;