diff options
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Lib/Activity.php | 25 | ||||
| -rw-r--r-- | Zotlabs/Module/Magic.php | 8 |
2 files changed, 24 insertions, 9 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 1ea42acd3..90d7af8e8 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -3054,13 +3054,6 @@ class Activity { } $a = new ActivityStreams($n); - if ($a->type === 'Announce' && is_array($a->obj) - && array_key_exists('object', $a->obj) && array_key_exists('actor', $a->obj)) { - // This is a relayed/forwarded Activity (as opposed to a shared/boosted object) - // Reparse the encapsulated Activity and use that instead - logger('relayed activity', LOGGER_DEBUG); - $a = new ActivityStreams($a->obj); - } logger($a->debug(), LOGGER_DATA); @@ -3069,6 +3062,24 @@ class Activity { break; } + if (in_array($a->type, ['Add', 'Remove']) + && is_array($a->obj) + && array_key_exists('object', $a->obj) + && array_key_exists('actor', $a->obj) + && !empty($a->tgt)) { + + logger('unsupported collection operation', LOGGER_DEBUG); + return; + } + + if ($a->type === 'Announce' && is_array($a->obj) + && array_key_exists('object', $a->obj) && array_key_exists('actor', $a->obj)) { + // This is a relayed/forwarded Activity (as opposed to a shared/boosted object) + // Reparse the encapsulated Activity and use that instead + logger('relayed activity', LOGGER_DEBUG); + $a = new ActivityStreams($a->obj); + } + $item = Activity::decode_note($a); if (!$item) { diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 8259f7d39..deda4255d 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -40,7 +40,11 @@ class Magic extends Controller { goaway($dest); } - $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (isset($parsed['port']) ? ':' . $parsed['port'] : ''); + $basepath = unparse_url(array_filter( + $parsed, + fn (string $key) => in_array($key, ['scheme', 'host', 'port']), + ARRAY_FILTER_USE_KEY + )); $owapath = SConfig::get($basepath,'system','openwebauth', $basepath . '/owa'); // This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. @@ -106,7 +110,7 @@ class Magic extends Controller { $headers['Content-Type'] = 'application/x-zot+json' ; $headers['X-Open-Web-Auth'] = random_string(); $headers['Host'] = $parsed['host']; - $headers['(request-target)'] = 'get ' . '/owa'; + $headers['(request-target)'] = 'get /owa'; $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512'); $redirects = 0; |