From e550ad7bbe65fec2b4515d40c67ddea41ae40e48 Mon Sep 17 00:00:00 2001
From: Ferdinand Thiessen <opensource@fthiessen.de>
Date: Wed, 29 Jan 2025 19:52:05 +0100
Subject: fix(FediverseAction): Ensure valid fediverse links are generated

Harden also for existing values of the profile.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
---
 lib/private/Profile/Actions/FediverseAction.php | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/private/Profile/Actions/FediverseAction.php b/lib/private/Profile/Actions/FediverseAction.php
index 1076027629d..b48f1db5c50 100644
--- a/lib/private/Profile/Actions/FediverseAction.php
+++ b/lib/private/Profile/Actions/FediverseAction.php
@@ -10,6 +10,7 @@ declare(strict_types=1);
 namespace OC\Profile\Actions;
 
 use OCP\Accounts\IAccountManager;
+use OCP\Accounts\PropertyDoesNotExistException;
 use OCP\IURLGenerator;
 use OCP\IUser;
 use OCP\L10N\IFactory;
@@ -27,8 +28,13 @@ class FediverseAction implements ILinkAction {
 	}
 
 	public function preload(IUser $targetUser): void {
-		$account = $this->accountManager->getAccount($targetUser);
-		$this->value = $account->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getValue();
+		try {
+			$account = $this->accountManager->getAccount($targetUser);
+			$this->value = $account->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getValue();
+		} catch (PropertyDoesNotExistException) {
+			// `getTarget` will return null to skip this action
+			$this->value = '';
+		}
 	}
 
 	public function getAppId(): string {
@@ -57,11 +63,18 @@ class FediverseAction implements ILinkAction {
 	}
 
 	public function getTarget(): ?string {
-		if (empty($this->value)) {
+		if ($this->value === '') {
+			return null;
+		}
+
+		$handle = $this->value[0] === '@' ? substr($this->value, 1) : $this->value;
+		[$username, $instance] = [...explode('@', $handle, 2), ''];
+
+		if (($username === '') || ($instance === '')) {
+			return null;
+		} elseif (str_contains($username, '/') || str_contains($instance, '/')) {
 			return null;
 		}
-		$username = $this->value[0] === '@' ? substr($this->value, 1) : $this->value;
-		[$username, $instance] = explode('@', $username);
 		return 'https://' . $instance . '/@' . $username;
 	}
 }
-- 
cgit v1.2.3