From 24d12de8ec3d28b8ebfa96deb8020fe469823e1d Mon Sep 17 00:00:00 2001
From: Matt Wiebe <wiebe@automattic.com>
Date: Fri, 10 Nov 2023 12:56:53 -0600
Subject: [PATCH 1/3] Follow Me: improve styles for dark themes (#557)

---
 build/follow-me/style-index.css |  2 +-
 src/follow-me/style.scss        | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/build/follow-me/style-index.css b/build/follow-me/style-index.css
index 0a43568..7c6db77 100644
--- a/build/follow-me/style-index.css
+++ b/build/follow-me/style-index.css
@@ -1 +1 @@
-.activitypub-follow-me-block-wrapper{width:100%}.activitypub-follow-me-block-wrapper.has-background .activitypub-profile,.activitypub-follow-me-block-wrapper.has-border-color .activitypub-profile{padding-left:1rem;padding-right:1rem}.activitypub-follow-me-block-wrapper .activitypub-profile{align-items:center;display:flex;padding:1rem 0}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__avatar{border-radius:50%;height:75px;margin-right:1rem;width:75px}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__content{flex:1;min-width:0}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__handle,.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__name{line-height:1.2;margin:0;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__name{font-size:1.25em}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__follow{align-self:center;background-color:var(--wp--preset--color--black);color:var(--wp--preset--color--white);margin-left:1rem}.activitypub-profile__confirm.components-modal__frame{background-color:#f7f7f7;color:#333}.activitypub-profile__confirm.components-modal__frame .components-modal__header-heading,.activitypub-profile__confirm.components-modal__frame h4{color:#333;letter-spacing:inherit;word-spacing:inherit}.activitypub-follow-me__dialog{max-width:30em}.activitypub-follow-me__dialog h4{line-height:1;margin:0}.activitypub-follow-me__dialog .apmfd__section{margin-bottom:2em}.activitypub-follow-me__dialog .apfmd-description{font-size:var(--wp--preset--font-size--normal,.75rem);margin:.33em 0 1em}.activitypub-follow-me__dialog .apfmd__button-group{display:flex;justify-content:flex-end}.activitypub-follow-me__dialog .apfmd__button-group svg{height:21px;margin-right:.5em;width:21px}.activitypub-follow-me__dialog .apfmd__button-group input{flex:1;padding-left:1em;padding-right:1em}
+.activitypub-follow-me-block-wrapper{width:100%}.activitypub-follow-me-block-wrapper.has-background .activitypub-profile,.activitypub-follow-me-block-wrapper.has-border-color .activitypub-profile{padding-left:1rem;padding-right:1rem}.activitypub-follow-me-block-wrapper .activitypub-profile{align-items:center;display:flex;padding:1rem 0}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__avatar{border-radius:50%;height:75px;margin-right:1rem;width:75px}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__content{flex:1;min-width:0}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__handle,.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__name{line-height:1.2;margin:0;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__name{font-size:1.25em}.activitypub-follow-me-block-wrapper .activitypub-profile .activitypub-profile__follow{align-self:center;background-color:var(--wp--preset--color--black);color:var(--wp--preset--color--white);margin-left:1rem}.activitypub-profile__confirm.components-modal__frame{background-color:#f7f7f7;color:#333}.activitypub-profile__confirm.components-modal__frame .components-modal__header-heading,.activitypub-profile__confirm.components-modal__frame h4{color:#333;letter-spacing:inherit;word-spacing:inherit}.activitypub-follow-me__dialog{max-width:30em}.activitypub-follow-me__dialog h4{line-height:1;margin:0}.activitypub-follow-me__dialog .apmfd__section{margin-bottom:2em}.activitypub-follow-me__dialog .apfmd-description{font-size:var(--wp--preset--font-size--normal,.75rem);margin:.33em 0 1em}.activitypub-follow-me__dialog .apfmd__button-group{align-items:flex-end;display:flex;justify-content:flex-end}.activitypub-follow-me__dialog .apfmd__button-group svg{height:21px;margin-right:.5em;width:21px}.activitypub-follow-me__dialog .apfmd__button-group input{background-color:var(--wp--preset--color--white);border:1px solid var(--wp--preset--color--black);color:var(--wp--preset--color--black);flex:1;padding:6px 12px}
diff --git a/src/follow-me/style.scss b/src/follow-me/style.scss
index e50ef12..ffa8203 100644
--- a/src/follow-me/style.scss
+++ b/src/follow-me/style.scss
@@ -73,6 +73,7 @@
 	.apfmd__button-group {
 		display: flex;
 		justify-content: flex-end;
+		align-items: flex-end;
 
 		svg {
 			margin-right: .5em;
@@ -82,10 +83,11 @@
 
 		input {
 			flex: 1;
-			padding: {
-				left: 1em;
-				right: 1em;
-			}
+			padding: 6px 12px;
+			background-color: var( --wp--preset--color--white );
+			color: var( --wp--preset--color--black );
+			border: 1px solid var( --wp--preset--color--black );
 		}
+
 	}
 }

From 6810884c526620378fafdae7e087182326d38b1e Mon Sep 17 00:00:00 2001
From: Matthias Pfefferle <pfefferle@users.noreply.github.com>
Date: Sat, 11 Nov 2023 06:00:20 +0100
Subject: [PATCH 2/3] have a filter to defer signature verification (#435)

---
 includes/rest/class-server.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php
index 0e6e4cc..bf89038 100644
--- a/includes/rest/class-server.php
+++ b/includes/rest/class-server.php
@@ -89,6 +89,23 @@ class Server {
 			return $response;
 		}
 
+		/**
+		 * Filter to defer signature verification
+		 *
+		 * Skip signature verification for debugging purposes or to reduce load for
+		 * certain Activity-Types, like "Delete".
+		 *
+		 * @param bool            $defer   Whether to defer signature verification.
+		 * @param WP_REST_Request $request The request used to generate the response.
+		 *
+		 * @return bool Whether to defer signature verification.
+		 */
+		$defer = \apply_filters( 'activitypub_defer_signature_verification', false, $request );
+
+		if ( $defer ) {
+			return $response;
+		}
+
 		// POST-Requets are always signed
 		if ( 'GET' !== $request->get_method() ) {
 			$verified_request = Signature::verify_http_signature( $request );

From efd98acd0bf3f2c42f0ffc3d8f10920e74cb8512 Mon Sep 17 00:00:00 2001
From: Jan Boddez <jan.boddez@gmail.com>
Date: Mon, 13 Nov 2023 10:19:35 +0100
Subject: [PATCH 3/3] Fix #493 (#497)

* Fix #493

* Fix parenthesis

* Allow `p` and `br` tags only for AP comments

---------

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
---
 includes/rest/class-inbox.php | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php
index 9088993..2cedf15 100644
--- a/includes/rest/class-inbox.php
+++ b/includes/rest/class-inbox.php
@@ -366,7 +366,7 @@ class Inbox {
 			'comment_post_ID' => $comment_post_id,
 			'comment_author' => \esc_attr( $meta['name'] ),
 			'comment_author_url' => \esc_url_raw( $object['actor'] ),
-			'comment_content' => \wp_filter_kses( $object['object']['content'] ),
+			'comment_content' => addslashes( \wp_kses( $object['object']['content'], 'pre_comment_content' ) ),
 			'comment_type' => 'comment',
 			'comment_author_email' => '',
 			'comment_parent' => 0,
@@ -391,8 +391,11 @@ class Inbox {
 			}
 		);
 
+		\add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 );
+
 		$state = \wp_new_comment( $commentdata, true );
 
+		\remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ) );
 		\remove_filter( 'pre_option_require_name_email', '__return_false' );
 
 		// re-add flood control
@@ -483,4 +486,29 @@ class Inbox {
 
 		return in_array( 'https://www.w3.org/ns/activitystreams#Public', $recipients, true );
 	}
+
+	/**
+	 * Adds line breaks to the list of allowed comment tags.
+	 *
+	 * @param  array  $allowedtags Allowed HTML tags.
+	 * @param  string $context     Context.
+	 * @return array               Filtered tag list.
+	 */
+	public static function allowed_comment_html( $allowedtags, $context = '' ) {
+		if ( 'pre_comment_content' !== $context ) {
+			// Do nothing.
+			return $allowedtags;
+		}
+
+		// Add `p` and `br` to the list of allowed tags.
+		if ( ! array_key_exists( 'br', $allowedtags ) ) {
+			$allowedtags['br'] = array();
+		}
+
+		if ( ! array_key_exists( 'p', $allowedtags ) ) {
+			$allowedtags['p'] = array();
+		}
+
+		return $allowedtags;
+	}
 }