From 35b84985a8b9e57cfd3ffac8a0e3937d3c7a1167 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 9 Jan 2018 19:35:10 +0100
Subject: [PATCH] Skip ActivityPub Announces of non-public objects (#6230)

* Skip ActivityPub Announces of non-public objects

* Skip OStatus reblogs of non-public statuses
---
 app/lib/activitypub/activity/announce.rb | 6 +++++-
 app/lib/ostatus/activity/creation.rb     | 3 +++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/lib/activitypub/activity/announce.rb b/app/lib/activitypub/activity/announce.rb
index b840989330..abf2b9b80b 100644
--- a/app/lib/activitypub/activity/announce.rb
+++ b/app/lib/activitypub/activity/announce.rb
@@ -5,7 +5,7 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
     original_status   = status_from_uri(object_uri)
     original_status ||= fetch_remote_original_status
 
-    return if original_status.nil? || delete_arrived_first?(@json['id'])
+    return if original_status.nil? || delete_arrived_first?(@json['id']) || !announceable?(original_status)
 
     status = Status.find_by(account: @account, reblog: original_status)
 
@@ -33,4 +33,8 @@ class ActivityPub::Activity::Announce < ActivityPub::Activity
       ::FetchRemoteStatusService.new.call(@object['url'])
     end
   end
+
+  def announceable?(status)
+    status.public_visibility? || status.unlisted_visibility?
+  end
 end
diff --git a/app/lib/ostatus/activity/creation.rb b/app/lib/ostatus/activity/creation.rb
index f210e134ab..b38407cd3d 100644
--- a/app/lib/ostatus/activity/creation.rb
+++ b/app/lib/ostatus/activity/creation.rb
@@ -26,6 +26,9 @@ class OStatus::Activity::Creation < OStatus::Activity::Base
     cached_reblog = reblog
     status = nil
 
+    # Skip if the reblogged status is not public
+    return if cached_reblog && !(cached_reblog.public_visibility? || cached_reblog.unlisted_visibility?)
+
     media_attachments = save_media
 
     ApplicationRecord.transaction do
-- 
GitLab