Ensure request.body isn't emptied out before signature verification (#10432)

author ThibG <thib@sitedethib.com>

Sun, 31 Mar 2019 15:27:24 +0000 (17:27 +0200)

committer Eugen Rochko <eugen@zeonfederated.com>

Sun, 31 Mar 2019 15:27:24 +0000 (17:27 +0200)
author ThibG <thib@sitedethib.com>
Sun, 31 Mar 2019 15:27:24 +0000 (17:27 +0200)
committer Eugen Rochko <eugen@zeonfederated.com>
Sun, 31 Mar 2019 15:27:24 +0000 (17:27 +0200)
diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb

index 1501b914ec30fdd814f73151a3b0ace578588af9..a0b7532c2e0ccedd25ba86504d635eea4ec519ea 100644 (file)
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@@ -32,7 +32,10 @@ class ActivityPub::InboxesController < Api::BaseController
    end
  
    def body
-    @body ||= request.body.read.force_encoding('UTF-8')
+    return @body if defined?(@body)
+    @body = request.body.read.force_encoding('UTF-8')
+    request.body.rewind if request.body.respond_to?(:rewind)
+    @body
    end
  
    def upgrade_account
author	ThibG <thib@sitedethib.com>
	Sun, 31 Mar 2019 15:27:24 +0000 (17:27 +0200)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Sun, 31 Mar 2019 15:27:24 +0000 (17:27 +0200)