diff --git a/includes/collection/class-followers.php b/includes/collection/class-followers.php index 98971b9..f520702 100644 --- a/includes/collection/class-followers.php +++ b/includes/collection/class-followers.php @@ -2,6 +2,7 @@ namespace Activitypub\Collection; use WP_Error; +use Exception; use WP_Term_Query; use Activitypub\Webfinger; use Activitypub\Model\Activity; @@ -67,7 +68,9 @@ class Followers { array( 'type' => 'string', 'single' => true, - //'sanitize_callback' => array( self::class, 'validate_displayname' ), + 'sanitize_callback' => function( $value ) { + return sanitize_user( $value ); + }, ) ); @@ -77,7 +80,9 @@ class Followers { array( 'type' => 'string', 'single' => true, - //'sanitize_callback' => array( self::class, 'validate_username' ), + 'sanitize_callback' => function( $value ) { + return sanitize_user( $value, true ); + }, ) ); @@ -87,7 +92,13 @@ class Followers { array( 'type' => 'string', 'single' => true, - //'sanitize_callback' => array( self::class, 'validate_avatar' ), + 'sanitize_callback' => function( $value ) { + if ( filter_var( $value, FILTER_VALIDATE_URL ) === false ) { + return ''; + } + + return esc_url_raw( $value ); + }, ) ); @@ -97,7 +108,29 @@ class Followers { array( 'type' => 'string', 'single' => true, - //'sanitize_callback' => array( self::class, 'validate_inbox' ), + 'sanitize_callback' => function( $value ) { + if ( filter_var( $value, FILTER_VALIDATE_URL ) === false ) { + throw new Exception( '"inbox" has to be a valid URL' ); + } + + return esc_url_raw( $value ); + }, + ) + ); + + register_term_meta( + self::TAXONOMY, + 'shared_inbox', + array( + 'type' => 'string', + 'single' => true, + 'sanitize_callback' => function( $value ) { + if ( filter_var( $value, FILTER_VALIDATE_URL ) === false ) { + return null; + } + + return esc_url_raw( $value ); + }, ) ); @@ -107,7 +140,13 @@ class Followers { array( 'type' => 'string', 'single' => true, - //'sanitize_callback' => array( self::class, 'validate_updated_at' ), + 'sanitize_callback' => function( $value ) { + if ( ! is_numeric( $value ) && (int) $value !== $value ) { + $value = strtotime( 'now' ); + } + + return $value; + }, ) ); diff --git a/includes/model/class-follower.php b/includes/model/class-follower.php index 84c6b0a..f3f8f7b 100644 --- a/includes/model/class-follower.php +++ b/includes/model/class-follower.php @@ -229,21 +229,21 @@ class Follower { foreach ( $this->map_meta as $remote => $internal ) { if ( ! empty( $meta[ $remote ] ) ) { - update_term_meta( $this->id, $internal, esc_html( $meta[ $remote ] ), true ); + update_term_meta( $this->id, $internal, $meta[ $remote ], true ); $this->$internal = $meta[ $remote ]; } } if ( ! empty( $meta['icon']['url'] ) ) { - update_term_meta( $this->id, 'avatar', esc_url_raw( $meta['icon']['url'] ), true ); + update_term_meta( $this->id, 'avatar', $meta['icon']['url'], true ); $this->avatar = $meta['icon']['url']; } if ( ! empty( $meta['endpoints']['sharedInbox'] ) ) { - update_term_meta( $this->id, 'shared_inbox', esc_url_raw( $meta['endpoints']['sharedInbox'] ), true ); + update_term_meta( $this->id, 'shared_inbox', $meta['endpoints']['sharedInbox'], true ); $this->shared_inbox = $meta['endpoints']['sharedInbox']; } elseif ( ! empty( $meta['inbox'] ) ) { - update_term_meta( $this->id, 'shared_inbox', esc_url_raw( $meta['inbox'] ), true ); + update_term_meta( $this->id, 'shared_inbox', $meta['inbox'], true ); $this->shared_inbox = $meta['inbox']; }