From fe91db12190759f4dd96baa06e0c126bbc4a2f6c Mon Sep 17 00:00:00 2001
From: piuvas <mail@piuvas.net>
Date: Tue, 3 Jun 2025 12:24:42 -0300
Subject: [PATCH] validate type of attributionDomains.

---
 .../backend/src/core/activitypub/models/ApPersonService.ts    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/core/activitypub/models/ApPersonService.ts b/packages/backend/src/core/activitypub/models/ApPersonService.ts
index ef8b58ff87..ae417b83ac 100644
--- a/packages/backend/src/core/activitypub/models/ApPersonService.ts
+++ b/packages/backend/src/core/activitypub/models/ApPersonService.ts
@@ -445,7 +445,7 @@ export class ApPersonService implements OnModuleInit, OnApplicationShutdown {
 					makeNotesFollowersOnlyBefore: (person as any).makeNotesFollowersOnlyBefore ?? null,
 					makeNotesHiddenBefore: (person as any).makeNotesHiddenBefore ?? null,
 					emojis,
-					attributionDomains: person.attributionDomains ?? [],
+					attributionDomains: person.attributionDomains?.every(x => typeof x === 'string') ? person.attributionDomains : [],
 				})) as MiRemoteUser;
 
 				let _description: string | null = null;
@@ -629,7 +629,7 @@ export class ApPersonService implements OnModuleInit, OnApplicationShutdown {
 			// We use "!== false" to handle incorrect types, missing / null values, and "default to true" logic.
 			hideOnlineStatus: person.hideOnlineStatus !== false,
 			isExplorable: person.discoverable !== false,
-			attributionDomains: person.attributionDomains ?? [],
+			attributionDomains: person.attributionDomains?.every(x => typeof x === 'string') ? person.attributionDomains : [],
 			...(await this.resolveAvatarAndBanner(exist, person.icon, person.image, person.backgroundUrl).catch(() => ({}))),
 		} as Partial<MiRemoteUser> & Pick<MiRemoteUser, 'isBot' | 'isCat' | 'speakAsCat' | 'isLocked' | 'movedToUri' | 'alsoKnownAs' | 'isExplorable'>;