Multisite: ensure that user_ids only work for users of this site #158
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When browsing Followers, they can have a
user_id
on their own instance that Mastodon clients then try to retrieve from their own instance. Eg say that a user is followed by mymattwiebe@mastodon.onlinne
account. When the client queries themastodon.online
instance, it gets this:But when browsing profiles, some clients (Ivory in my case) tries to query that ID against the current instance, doing
api/v1/accounts/110770996307846062
against EMA. For wpcom, that particular ID is above our highest user_id, but many will produce a false positive for a user in the network who isn't even a member of the blog.This doesn't fix for user ID collisions where the user ID from a remote user is the same as one that is also a member of the blog, but it's a good start.