From 2ef72a0364ab5e031b11902d7a9ba9d15d24f941 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 12 Oct 2023 11:00:58 +0200 Subject: [PATCH 1/3] API changes --- README.md | 6 +++++- activitypub.php | 2 +- includes/rest/class-inbox.php | 4 ++-- includes/rest/class-server.php | 2 +- readme.txt | 6 +++++- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 34991a5..d9b7dfc 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **Tags:** OStatus, fediverse, activitypub, activitystream **Requires at least:** 4.7 **Tested up to:** 6.3 -**Stable tag:** 1.0.5 +**Stable tag:** 1.0.6 **Requires PHP:** 5.6 **License:** MIT **License URI:** http://opensource.org/licenses/MIT @@ -105,6 +105,10 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). +### 1.0.6 ### + +* Fixed: more restrictive request verification + ### 1.0.5 ### * Fixed: compatibility with WebFinger and NodeInfo plugin diff --git a/activitypub.php b/activitypub.php index 3ae2be9..8999a0a 100644 --- a/activitypub.php +++ b/activitypub.php @@ -3,7 +3,7 @@ * Plugin Name: ActivityPub * Plugin URI: https://github.com/pfefferle/wordpress-activitypub/ * Description: The ActivityPub protocol is a decentralized social networking protocol based upon the ActivityStreams 2.0 data format. - * Version: 1.0.5 + * Version: 1.0.6 * Author: Matthias Pfefferle & Automattic * Author URI: https://automattic.com/ * License: MIT diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php index 4ac2b7f..5d65b9b 100644 --- a/includes/rest/class-inbox.php +++ b/includes/rest/class-inbox.php @@ -38,7 +38,7 @@ class Inbox { '/inbox', array( array( - 'methods' => WP_REST_Server::EDITABLE, + 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( self::class, 'shared_inbox_post' ), 'args' => self::shared_inbox_post_parameters(), 'permission_callback' => '__return_true', @@ -51,7 +51,7 @@ class Inbox { '/users/(?P[\w\-\.]+)/inbox', array( array( - 'methods' => WP_REST_Server::EDITABLE, + 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( self::class, 'user_inbox_post' ), 'args' => self::user_inbox_post_parameters(), 'permission_callback' => '__return_true', diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php index d15831a..e1a1037 100644 --- a/includes/rest/class-server.php +++ b/includes/rest/class-server.php @@ -86,7 +86,7 @@ class Server { } // POST-Requets are always signed - if ( 'post' === \strtolower( $request->get_method() ) ) { + if ( 'get' !== \strtolower( $request->get_method() ) ) { $verified_request = Signature::verify_http_signature( $request ); if ( \is_wp_error( $verified_request ) ) { return $verified_request; diff --git a/readme.txt b/readme.txt index 7faed3d..c4bcb7b 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nur Tags: OStatus, fediverse, activitypub, activitystream Requires at least: 4.7 Tested up to: 6.3 -Stable tag: 1.0.5 +Stable tag: 1.0.6 Requires PHP: 5.6 License: MIT License URI: http://opensource.org/licenses/MIT @@ -105,6 +105,10 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). += 1.0.6 = + +* Fixed: more restrictive request verification + = 1.0.5 = * Fixed: compatibility with WebFinger and NodeInfo plugin From d564915fdf4aa3ddfa9dd928325e40d3dd356af4 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 12 Oct 2023 13:25:50 +0200 Subject: [PATCH 2/3] fix function call (#503) --- includes/class-mention.php | 1 + integration/class-webfinger.php | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/includes/class-mention.php b/includes/class-mention.php index 4aedfb0..d55e5f2 100644 --- a/includes/class-mention.php +++ b/includes/class-mention.php @@ -2,6 +2,7 @@ namespace Activitypub; use WP_Error; +use Activitypub\Webfinger; /** * ActivityPub Mention Class diff --git a/integration/class-webfinger.php b/integration/class-webfinger.php index e7e3935..177b417 100644 --- a/integration/class-webfinger.php +++ b/integration/class-webfinger.php @@ -1,6 +1,7 @@ Date: Thu, 12 Oct 2023 15:52:11 +0200 Subject: [PATCH 3/3] add filter to check if blog is public (#504) --- activitypub.php | 3 ++- includes/functions.php | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/activitypub.php b/activitypub.php index 8999a0a..2c8dcdc 100644 --- a/activitypub.php +++ b/activitypub.php @@ -15,6 +15,7 @@ namespace Activitypub; +use function Activitypub\is_blog_public; use function Activitypub\site_supports_blocks; require_once __DIR__ . '/includes/compat.php'; @@ -52,7 +53,7 @@ function rest_init() { Rest\Collection::init(); // load NodeInfo endpoints only if blog is public - if ( \get_option( 'blog_public', 1 ) ) { + if ( is_blog_public() ) { Rest\NodeInfo::init(); } } diff --git a/includes/functions.php b/includes/functions.php index df630d4..d5cd9f6 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -472,3 +472,12 @@ function site_supports_blocks() { function is_json( $data ) { return \is_array( \json_decode( $data, true ) ) ? true : false; } + +/** + * Check if a blog is public based on the `blog_public` option + * + * @return bollean True if public, false if not + */ +function is_blog_public() { + return (bool) apply_filters( 'activitypub_is_blog_public', \get_option( 'blog_public', 1 ) ); +}