From 960f3849f24c30d02d482e1c66addc79d9ea5cbd Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Mon, 11 Nov 2024 21:47:47 -0700
Subject: [PATCH 1/3] Update AP helpers, reject statuses with invalid dates

---
 app/Util/ActivityPub/Helpers.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index 782404836..c54dc8e3d 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -298,6 +298,21 @@ class Helpers
         return null;
     }
 
+    public static function validateTimestamp($timestamp)
+    {
+        try {
+            $date = Carbon::parse($timestamp);
+            $now = Carbon::now();
+            $tenYearsAgo = $now->copy()->subYears(10);
+            $isMoreThanTenYearsOld = $date->lt($tenYearsAgo);
+            $tomorrow = $now->copy()->addDay();
+            $isMoreThanOneDayFuture = $date->gt($tomorrow);
+            return !($isMoreThanTenYearsOld || $isMoreThanOneDayFuture);
+        } catch (\Exception $e) {
+            return false;
+        }
+    }
+
     public static function statusFirstOrFetch($url, $replyTo = false)
     {
         $url = self::validateUrl($url);
@@ -329,6 +344,10 @@ class Helpers
             return;
         }
 
+        if(!self::validateTimestamp($res['published'])) {
+            return;
+        }
+
         if (config('autospam.live_filters.enabled')) {
             $filters = config('autospam.live_filters.filters');
             if (! empty($filters) && isset($res['content']) && ! empty($res['content']) && strlen($filters) > 3) {

From bdc395dc8e1e10812f15e34d42e392e45de348bf Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Mon, 11 Nov 2024 21:48:49 -0700
Subject: [PATCH 2/3] Update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5aa1f0fda..783781abb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,7 @@
 # Release Notes
 
 ## [Unreleased](https://github.com/pixelfed/pixelfed/compare/v0.12.3...dev)
+- Update AP helpers, reject statuses with invalid dates ([960f3849](https://github.com/pixelfed/pixelfed/commit/960f3849))
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 ## [v0.12.4 (2024-11-08)](https://github.com/pixelfed/pixelfed/compare/v0.12.4...dev)

From cf38a508cae1d8451c0a4aef488a63098224015b Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Mon, 11 Nov 2024 21:49:41 -0700
Subject: [PATCH 3/3] Lint

---
 app/Util/ActivityPub/Helpers.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index c54dc8e3d..93cab7754 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -307,7 +307,8 @@ class Helpers
             $isMoreThanTenYearsOld = $date->lt($tenYearsAgo);
             $tomorrow = $now->copy()->addDay();
             $isMoreThanOneDayFuture = $date->gt($tomorrow);
-            return !($isMoreThanTenYearsOld || $isMoreThanOneDayFuture);
+
+            return ! ($isMoreThanTenYearsOld || $isMoreThanOneDayFuture);
         } catch (\Exception $e) {
             return false;
         }
@@ -344,7 +345,7 @@ class Helpers
             return;
         }
 
-        if(!self::validateTimestamp($res['published'])) {
+        if (! self::validateTimestamp($res['published'])) {
             return;
         }