fix: Do not allow fetching cached remote users' profiles over federation

This commit is contained in:
Nyaaori 2022-12-21 17:46:01 +01:00
parent 3ac3bdbac0
commit f458916919
No known key found for this signature in database
GPG key ID: E7819C3ED4D1F82E

View file

@ -1716,6 +1716,13 @@ pub async fn get_profile_information_route(
return Err(Error::bad_config("Federation is disabled.")); return Err(Error::bad_config("Federation is disabled."));
} }
if body.user_id.server_name() != services().globals.server_name() {
return Err(Error::BadRequest(
ErrorKind::NotFound,
"User does not belong to this server",
));
}
let mut displayname = None; let mut displayname = None;
let mut avatar_url = None; let mut avatar_url = None;
let mut blurhash = None; let mut blurhash = None;