M activity.go → activity.go

@@ -661,6 +661,11 @@ if !isUpdate && !needbonkid(user, xid) {
 				return nil
 			}
 			bonker, _ = item.GetString("actor")
+			if originate(bonker) != origin {
+				ilog.Printf("out of bounds actor in bonk: %s not from %s", bonker, origin)
+				item.Write(ilog.Writer())
+				return nil
+			}
 			origin = originate(xid)
 			if ok && originate(id) == origin {
 				dlog.Printf("using object in announce for %s", xid)
@@ -682,7 +687,7 @@ if !ok {
 				xid, _ = item.GetString("object")
 				dlog.Printf("getting created honk: %s", xid)
 				if originate(xid) != origin {
-					ilog.Printf("out of bounds %s not from %s", xid, origin)
+					ilog.Printf("out of bounds object in create: %s not from %s", xid, origin)
 					return nil
 				}
 				obj, err = GetJunkHardMode(user.ID, xid)
@@ -788,6 +793,11 @@ xonk.UserID = user.ID
 		xonk.Honker, _ = item.GetString("actor")
 		if xonk.Honker == "" {
 			xonk.Honker, _ = item.GetString("attributedTo")
+		}
+		if originate(xonk.Honker) != origin {
+			ilog.Printf("out of bounds honker %s from %s", xonk.Honker, origin)
+			item.Write(ilog.Writer())
+			return nil
 		}
 		if obj != nil {
 			if xonk.Honker == "" {