notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/federation] Only allow fetching of replies collection for local notes

Browse source
This commit is contained in:
Laura Hausmann 2024-10-20 22:35:42 +02:00
parent 39ebc7a457
commit fd7d3eabb2
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Iceshrimp.Backend/Controllers/Federation/ActivityPubController.cs
View file

@ -85,7 +85,7 @@ public class ActivityPubController(
var actor = HttpContext.GetActor();
var note = await db.Notes
.EnsureVisibleFor(actor)
.FirstOrDefaultAsync(p => p.Id == id) ??
.FirstOrDefaultAsync(p => p.Id == id && p.User.IsLocalUser) ??
throw GracefulException.NotFound("Note not found");
var replies = await db.Notes