Check for activity pub mime types

diff --git a/src/Model/APContact.php b/src/Model/APContact.php
index 032dd37..d71e182 100644 (file)
--- a/src/Model/APContact.php
+++ b/src/Model/APContact.php
@@ -208,6 +208,9 @@ class APContact
 
                                if (!$failed && ($curlResult->getReturnCode() == 410)) {
                                        $data = ['@context' => ActivityPub::CONTEXT, 'id' => $url, 'type' => 'Tombstone'];
+                               } elseif (!$failed && !HTTPSignature::isValidContentType($curlResult->getContentType())) {
+                                       Logger::debug('Unexpected content type', ['content-type' => $curlResult->getContentType(), 'url' => $url]);
+                                       $failed = true;
                                }
                        } catch (\Exception $exception) {
                                Logger::notice('Error fetching url', ['url' => $url, 'exception' => $exception]);

diff --git a/src/Protocol/ActivityPub/Processor.php b/src/Protocol/ActivityPub/Processor.php
index 35ae4e5..040634b 100644 (file)
--- a/src/Protocol/ActivityPub/Processor.php
+++ b/src/Protocol/ActivityPub/Processor.php
@@ -1610,11 +1610,6 @@ class Processor
                }
 
                if (empty($object) || !is_array($object)) {
-                       $element = explode(';', $curlResult->getContentType());
-                       if (!in_array($element[0], ['application/activity+json', 'application/ld+json', 'application/json'])) {
-                               Logger::debug('Unexpected content-type', ['url' => $url, 'content-type' => $curlResult->getContentType()]);
-                               return null;
-                       }
                        Logger::notice('Invalid JSON data', ['url' => $url, 'content-type' => $curlResult->getContentType(), 'body' => $body]);
                        return '';
                }
@@ -1623,6 +1618,11 @@ class Processor
                        return '';
                }
 
+               if (!HTTPSignature::isValidContentType($curlResult->getContentType())) {
+                       Logger::notice('Unexpected content type', ['content-type' => $curlResult->getContentType(), 'url' => $url]);
+                       return '';
+               }
+
                $ldobject = JsonLD::compact($object);
 
                $signer = [];

diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php
index 01f7577..bf5d632 100644 (file)
--- a/src/Util/HTTPSignature.php
+++ b/src/Util/HTTPSignature.php
@@ -443,9 +443,25 @@ class HTTPSignature
                        return [];
                }
 
+               if (!self::isValidContentType($curlResult->getContentType())) {
+                       Logger::notice('Unexpected content type', ['content-type' => $curlResult->getContentType(), 'url' => $request]);
+                       return [];
+               }
+
                return $content;
        }
 
+       /**
+        * Check if the provided content type is a valid LD JSON mime type
+        *
+        * @param string $contentType
+        * @return boolean
+        */
+       public static function isValidContentType(string $contentType): bool
+       {
+               return in_array(current(explode(';', $contentType)), ['application/activity+json', 'application/ld+json']);
+       }
+
        /**
         * Fetches raw data for a user
         *