Event-Federation/wordpress-activitypub
Event-Federation/wordpress-activitypub
7
1
Fork 0
Code Issues 5 Pull requests Projects Releases Wiki Activity Actions 1

Switch secure_mode to a filter

Browse source
This commit is contained in:
Django Doucet 2023-05-14 22:53:11 -06:00
parent 7456d36834
commit 12724a3681
5 changed files with 15 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
activitypub.php
View file

@ -25,6 +25,7 @@ function init() {
\defined( 'ACTIVITYPUB_HASHTAGS_REGEXP' ) || \define( 'ACTIVITYPUB_HASHTAGS_REGEXP', '(?:(?<=\s)|(?<=<p>)|(?<=<br>)|^)#([A-Za-z0-9_]+)(?:(?=\s|[[:punct:]]|$))' ); \defined( 'ACTIVITYPUB_HASHTAGS_REGEXP' ) || \define( 'ACTIVITYPUB_HASHTAGS_REGEXP', '(?:(?<=\s)|(?<=<p>)|(?<=<br>)|^)#([A-Za-z0-9_]+)(?:(?=\s|[[:punct:]]|$))' );
\defined( 'ACTIVITYPUB_USERNAME_REGEXP' ) || \define( 'ACTIVITYPUB_USERNAME_REGEXP', '(?:([A-Za-z0-9_-]+)@((?:[A-Za-z0-9_-]+\.)+[A-Za-z]+))' ); \defined( 'ACTIVITYPUB_USERNAME_REGEXP' ) || \define( 'ACTIVITYPUB_USERNAME_REGEXP', '(?:([A-Za-z0-9_-]+)@((?:[A-Za-z0-9_-]+\.)+[A-Za-z]+))' );
\defined( 'ACTIVITYPUB_CUSTOM_POST_CONTENT' ) || \define( 'ACTIVITYPUB_CUSTOM_POST_CONTENT', "<p><strong>[ap_title]</strong></p>\n\n[ap_content]\n\n<p>[ap_hashtags]</p>\n\n<p>[ap_shortlink]</p>" ); \defined( 'ACTIVITYPUB_CUSTOM_POST_CONTENT' ) || \define( 'ACTIVITYPUB_CUSTOM_POST_CONTENT', "<p><strong>[ap_title]</strong></p>\n\n[ap_content]\n\n<p>[ap_hashtags]</p>\n\n<p>[ap_shortlink]</p>" );
\defined( 'ACTIVITYPUB_SECURE_MODE' ) || \define( 'ACTIVITYPUB_SECURE_MODE', apply_filters( 'activitypub_secure_mode', $value = false ) );
\define( 'ACTIVITYPUB_PLUGIN_DIR', plugin_dir_path( __FILE__ ) ); \define( 'ACTIVITYPUB_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
\define( 'ACTIVITYPUB_PLUGIN_BASENAME', plugin_basename( __FILE__ ) ); \define( 'ACTIVITYPUB_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );

2
includes/class-activitypub.php
View file

@ -78,7 +78,7 @@ class Activitypub {
\in_array( 'application/ld+json', $accept, true ) || \in_array( 'application/ld+json', $accept, true ) ||
\in_array( 'application/json', $accept, true ) \in_array( 'application/json', $accept, true )
) { ) {
if ( \get_option( 'activitypub_use_secure_mode', '0' ) ) { if ( ACTIVITYPUB_SECURE_MODE ) {
$verification = Signature::verify_http_signature( $_SERVER ); $verification = Signature::verify_http_signature( $_SERVER );
if ( \is_wp_error( $verification ) ) { if ( \is_wp_error( $verification ) ) {
// fallback as template_loader can't return http headers // fallback as template_loader can't return http headers

18
includes/class-admin.php
View file

@ -144,15 +144,15 @@ class Admin {
'default' => array( 'post', 'pages' ), 'default' => array( 'post', 'pages' ),
) )
); );
\register_setting( // \register_setting(
'activitypub', // 'activitypub',
'activitypub_use_secure_mode', // 'activitypub_use_secure_mode',
array( // array(
'type' => 'boolean', // 'type' => 'boolean',
'description' => \__( 'Secure mode allows blocking servers from fetching public activities', 'activitypub' ), // 'description' => \__( 'Secure mode allows blocking servers from fetching public activities', 'activitypub' ),
'default' => 0, // 'default' => 0,
) // )
); // );
} }
public static function schedule_migration() { public static function schedule_migration() {

2
includes/rest/class-server.php
View file

@ -94,7 +94,7 @@ class Server {
} else { } else {
if ( '/activitypub/1.0/webfinger' !== $route ) { if ( '/activitypub/1.0/webfinger' !== $route ) {
// SecureMode/Authorized fetch. // SecureMode/Authorized fetch.
if ( \get_option( 'activitypub_use_secure_mode', '0' ) ) { if ( ACTIVITYPUB_SECURE_MODE ) {
$verified_request = Signature::verify_http_signature( $request ); $verified_request = Signature::verify_http_signature( $request );
if ( \is_wp_error( $verified_request ) ) { if ( \is_wp_error( $verified_request ) ) {
return $verified_request; return $verified_request;

6
templates/settings.php
View file

@ -171,7 +171,7 @@
</tbody> </tbody>
</table> </table>
<table class="form-table"> <!-- <table class="form-table">
<tbody> <tbody>
<tr> <tr>
<th scope="row"> <th scope="row">
@ -179,12 +179,12 @@
</th> </th>
<td> <td>
<p> <p>
<label><input type="checkbox" name="activitypub_use_secure_mode" id="activitypub_use_secure_mode" value="1" <?php echo \checked( '1', \get_option( 'activitypub_use_secure_mode', '0' ) ); ?> /> <?php echo wp_kses( \__( 'In secure mode every ActivityPub request must be signed. This disallows anonymous requests and prevents serving content to servers listed in the Blocklist.', 'activitypub' ), 'default' ); ?></label> <label><input type="checkbox" name="activitypub_use_secure_mode" id="activitypub_use_secure_mode" value="1" <?php echo \checked( '1', \get_option( 'activitypub_use_secure_mode', '0' ) ); ?> /> <?php echo wp_kses( \__( 'In secure mode every ActivityPub request must be signed. This disallows anonymous requests and prevents serving content to servers listed in the Blocklist. WARNING this disallows caching so will affect server performance', 'activitypub' ), 'default' ); ?></label>
</p> </p>
</td> </td>
</tr> </tr>
</tbody> </tbody>
</table> </table> -->
<?php \do_settings_fields( 'activitypub', 'server' ); ?> <?php \do_settings_fields( 'activitypub', 'server' ); ?>