[bugfix] check remote status permissibility (#2703)

* add more stringent checks for remote status permissibility * add check for inreplyto of a remote status being a boost * do not permit inReplyTo boost wrapper statuses * change comment wording * fix calls to NewFederator() * add code comments for NotPermitted() and SetNotPermitted() * improve comment * check that existing != nil before attempting delete * ensure replying account isn't suspended * use a debug log instead of info. check for boost using ID * shorten log string length. make info level * add note that replying to boost wrapper status shouldn't be able to happen anyways * update to use onFail() function
2025-10-29 04:42:25 -05:00 · 2024-03-04 12:30:12 +00:00 · 2024-03-04 12:30:12 +00:00 · d85727e184
commit d85727e184
parent f487fc5d4b
9 changed files with 154 additions and 16 deletions
--- a/cmd/gotosocial/action/server/server.go
+++ b/cmd/gotosocial/action/server/server.go
@ -148,7 +148,7 @@ var Start action.GTSAction = func(ctx context.Context) error {
 	spamFilter := spam.NewFilter(&state)
 	federatingDB := federatingdb.New(&state, typeConverter, visFilter, spamFilter)
 	transportController := transport.NewController(&state, federatingDB, &federation.Clock{}, client)
-	federator := federation.NewFederator(&state, federatingDB, transportController, typeConverter, mediaManager)
+	federator := federation.NewFederator(&state, federatingDB, transportController, typeConverter, visFilter, mediaManager)

 	// Decide whether to create a noop email
 	// sender (won't send emails) or a real one.