Merge pull request #5344 from pixelfed/staging

Update AP helpers, reject statuses with invalid dates

CHANGELOG.md

@@ -1,6 +1,7 @@
 # Release Notes
 
 ## [Unreleased](https://github.com/pixelfed/pixelfed/compare/v0.12.3...dev)
+- Update AP helpers, reject statuses with invalid dates ([960f3849](https://github.com/pixelfed/pixelfed/commit/960f3849))
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 ## [v0.12.4 (2024-11-08)](https://github.com/pixelfed/pixelfed/compare/v0.12.4...dev)

app/Util/ActivityPub/Helpers.php

@@ -298,6 +298,22 @@ class Helpers
         return null;
     }
 
+    public static function validateTimestamp($timestamp)
+    {
+        try {
+            $date = Carbon::parse($timestamp);
+            $now = Carbon::now();
+            $tenYearsAgo = $now->copy()->subYears(10);
+            $isMoreThanTenYearsOld = $date->lt($tenYearsAgo);
+            $tomorrow = $now->copy()->addDay();
+            $isMoreThanOneDayFuture = $date->gt($tomorrow);
+
+            return ! ($isMoreThanTenYearsOld || $isMoreThanOneDayFuture);
+        } catch (\Exception $e) {
+            return false;
+        }
+    }
+
     public static function statusFirstOrFetch($url, $replyTo = false)
     {
         $url = self::validateUrl($url);
@@ -329,6 +345,10 @@ class Helpers
             return;
         }
 
+        if (! self::validateTimestamp($res['published'])) {
+            return;
+        }
+
         if (config('autospam.live_filters.enabled')) {
             $filters = config('autospam.live_filters.filters');
             if (! empty($filters) && isset($res['content']) && ! empty($res['content']) && strlen($filters) > 3) {