@fedify/fedify 0.12.2 → 0.12.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGES.md +10 -0
- package/esm/vocab/actor.js +3 -0
- package/package.json +1 -1
- package/types/vocab/actor.d.ts.map +1 -1
package/CHANGES.md
CHANGED
|
@@ -3,6 +3,16 @@
|
|
|
3
3
|
Fedify changelog
|
|
4
4
|
================
|
|
5
5
|
|
|
6
|
+
Version 0.12.3
|
|
7
|
+
--------------
|
|
8
|
+
|
|
9
|
+
Released on August 18, 2024.
|
|
10
|
+
|
|
11
|
+
- Fixed a vulnerability where the `getActorHandle()` function had trusted
|
|
12
|
+
the hostname of WebFinger aliases that had not matched the hostname of the
|
|
13
|
+
actor ID (URI).
|
|
14
|
+
|
|
15
|
+
|
|
6
16
|
Version 0.12.2
|
|
7
17
|
--------------
|
|
8
18
|
|
package/esm/vocab/actor.js
CHANGED
|
@@ -86,6 +86,9 @@ export async function getActorHandle(actor, options = {}) {
|
|
|
86
86
|
for (const alias of aliases) {
|
|
87
87
|
const match = alias.match(/^acct:([^@]+)@([^@]+)$/);
|
|
88
88
|
if (match != null) {
|
|
89
|
+
const hostname = new URL(`https://${match[2]}/`).hostname;
|
|
90
|
+
if (hostname !== actorId.hostname)
|
|
91
|
+
continue;
|
|
89
92
|
return normalizeActorHandle(`@${match[1]}@${match[2]}`, options);
|
|
90
93
|
}
|
|
91
94
|
}
|
package/package.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actor.d.ts","sourceRoot":"","sources":["../../src/vocab/actor.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE/E;;;GAGG;AACH,MAAM,MAAM,KAAK,GAAG,WAAW,GAAG,KAAK,GAAG,YAAY,GAAG,MAAM,GAAG,OAAO,CAAC;AAE1E;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,IAAI,KAAK,CAQxD;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,aAAa,GACb,OAAO,GACP,cAAc,GACd,QAAQ,GACR,SAAS,CAAC;AAEd;;;;GAIG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,KAAK,GACX,aAAa,CAOf;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,aAAa,GAErB,OAAO,WAAW,GAClB,OAAO,KAAK,GACZ,OAAO,YAAY,GACnB,OAAO,MAAM,GACb,OAAO,OAAO,CAcjB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,cAAc,CAClC,KAAK,EAAE,KAAK,GAAG,GAAG,EAClB,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,IAAI,MAAM,IAAI,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"actor.d.ts","sourceRoot":"","sources":["../../src/vocab/actor.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE/E;;;GAGG;AACH,MAAM,MAAM,KAAK,GAAG,WAAW,GAAG,KAAK,GAAG,YAAY,GAAG,MAAM,GAAG,OAAO,CAAC;AAE1E;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,IAAI,KAAK,CAQxD;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,aAAa,GACb,OAAO,GACP,cAAc,GACd,QAAQ,GACR,SAAS,CAAC;AAEd;;;;GAIG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,KAAK,GACX,aAAa,CAOf;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,aAAa,GAErB,OAAO,WAAW,GAClB,OAAO,KAAK,GACZ,OAAO,YAAY,GACnB,OAAO,MAAM,GACb,OAAO,OAAO,CAcjB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,cAAc,CAClC,KAAK,EAAE,KAAK,GAAG,GAAG,EAClB,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,IAAI,MAAM,IAAI,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAAC,CA6BzD;AAED;;;GAGG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;OAGG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB;;;OAGG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,2BAAgC,GACxC,IAAI,MAAM,IAAI,MAAM,EAAE,GAAG,GAAG,MAAM,IAAI,MAAM,EAAE,CAahD;AAED;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB;;OAEG;IACH,QAAQ,CAAC,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;IAExB;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,IAAI,CAAC;IAE7B;;OAEG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE;QACnB;;WAEG;QACH,WAAW,EAAE,GAAG,GAAG,IAAI,CAAC;KACzB,GAAG,IAAI,CAAC;CACV"}
|