From 1a2f69e0e770f83bd4cbe5e5ad21ce44ca5c2521 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=AB=8F=E8=A8=AA=E5=AD=90?= <suwako@076.moe>
Date: Mon, 26 May 2025 09:58:50 +0900
Subject: [PATCH] fix(settings): add link check in webfinger
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 諏訪子 <suwako@076.moe>
---
 lib/private/Accounts/AccountManager.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php
index d28451dd401..bf0fc363991 100644
--- a/lib/private/Accounts/AccountManager.php
+++ b/lib/private/Accounts/AccountManager.php
@@ -741,6 +741,23 @@ class AccountManager implements IAccountManager {
 					if (!is_array($decoded) || ($decoded['subject'] ?? '') !== "acct:{$username}@{$instance}") {
 						throw new InvalidArgumentException();
 					}
+					// check for activitypub link
+					if (is_array($decoded['links']) && isset($decoded['links'])) {
+						$found = false;
+						foreach ($decoded['links'] as $link) {
+							// have application/activity+json or application/ld+json
+							if (isset($link['type']) && (
+								$link['type'] === 'application/activity+json' ||
+								$link['type'] === 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
+							)) {
+								$found = true;
+								break;
+							}
+						}
+						if (!$found) {
+							throw new InvalidArgumentException();
+						}
+					}
 				} catch (InvalidArgumentException) {
 					throw new InvalidArgumentException(self::PROPERTY_FEDIVERSE);
 				} catch (\Exception $error) {