Skip to content
Permalink
Browse files

Prevent DMs with links to users who don't follow the sender

  • Loading branch information...
muffinista committed Mar 12, 2019
1 parent a91349d commit 45b0720bfaf7020385e00028f0929c40a637e679
Showing with 26 additions and 0 deletions.
  1. +1 −0 app/models/status.rb
  2. +24 −0 app/validators/allowed_following_status_validator.rb
  3. +1 −0 config/locales/en.yml
@@ -66,6 +66,7 @@ class Status < ApplicationRecord
validates :text, presence: true, unless: -> { with_media? || reblog? }
validates_with StatusLengthValidator
validates_with DisallowedHashtagsValidator
validates_with AllowedFollowingStatusValidator
validates :reblog, uniqueness: { scope: :account }, if: :reblog?

default_scope { recent }
@@ -0,0 +1,24 @@
# frozen_string_literal: true

class AllowedFollowingStatusValidator < ActiveModel::Validator
def validate(status)
@status = status
return unless status.direct_visibility? && !accounts.empty?
return if status.text !~ /http:/ && status.text !~ /https:/

not_following_accounts = accounts.reject { |a|
a && !a.following?(status.account)
}

status.errors.add(:text, I18n.t('statuses.cannot_send')) unless not_following_accounts.empty?
end

private

def accounts
@accounts ||= @status.text.scan(Account::MENTION_RE).collect do |match|
username, domain = Regexp.last_match(1).split('@')
mentioned_account = Account.find_remote(username, domain)
end
end
end
@@ -820,6 +820,7 @@ en:
one: "%{count} video"
other: "%{count} videos"
boosted_from_html: Boosted from %{acct_link}
cannot_send: You cannot send this toot
content_warning: 'Content warning: %{warning}'
disallowed_hashtags:
one: 'contained a disallowed hashtag: %{tags}'

0 comments on commit 45b0720

Please sign in to comment.
You can’t perform that action at this time.