From fedcdb204db420368401db92b81273764c1c18d6 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Tue, 25 Dec 2018 18:06:12 -0700
Subject: [PATCH] Update FederationController

---
 app/Http/Controllers/FederationController.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/Http/Controllers/FederationController.php b/app/Http/Controllers/FederationController.php
index b1e7d18cd..27b657b3a 100644
--- a/app/Http/Controllers/FederationController.php
+++ b/app/Http/Controllers/FederationController.php
@@ -191,6 +191,14 @@ XML;
         $id = Helpers::validateUrl($bodyDecoded['id']);
         $keyDomain = parse_url($keyId, PHP_URL_HOST);
         $idDomain = parse_url($id, PHP_URL_HOST);
+        if(isset($bodyDecoded['object']) 
+            && is_array($bodyDecoded['object'])
+            && isset($bodyDecoded['object']['attributedTo'])
+        ) {
+            if(parse_url($bodyDecoded['object']['attributedTo'], PHP_URL_HOST) !== $idDomain) {
+                abort(400, 'Invalid request');
+            }
+        }
         if(!$keyDomain || !$idDomain || $keyDomain !== $idDomain) {
             abort(400, 'Invalid request');
         }