From 2ef72a0364ab5e031b11902d7a9ba9d15d24f941 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 12 Oct 2023 11:00:58 +0200 Subject: [PATCH] API changes --- README.md | 6 +++++- activitypub.php | 2 +- includes/rest/class-inbox.php | 4 ++-- includes/rest/class-server.php | 2 +- readme.txt | 6 +++++- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 34991a5..d9b7dfc 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **Tags:** OStatus, fediverse, activitypub, activitystream **Requires at least:** 4.7 **Tested up to:** 6.3 -**Stable tag:** 1.0.5 +**Stable tag:** 1.0.6 **Requires PHP:** 5.6 **License:** MIT **License URI:** http://opensource.org/licenses/MIT @@ -105,6 +105,10 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). +### 1.0.6 ### + +* Fixed: more restrictive request verification + ### 1.0.5 ### * Fixed: compatibility with WebFinger and NodeInfo plugin diff --git a/activitypub.php b/activitypub.php index 3ae2be9..8999a0a 100644 --- a/activitypub.php +++ b/activitypub.php @@ -3,7 +3,7 @@ * Plugin Name: ActivityPub * Plugin URI: https://github.com/pfefferle/wordpress-activitypub/ * Description: The ActivityPub protocol is a decentralized social networking protocol based upon the ActivityStreams 2.0 data format. - * Version: 1.0.5 + * Version: 1.0.6 * Author: Matthias Pfefferle & Automattic * Author URI: https://automattic.com/ * License: MIT diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php index 4ac2b7f..5d65b9b 100644 --- a/includes/rest/class-inbox.php +++ b/includes/rest/class-inbox.php @@ -38,7 +38,7 @@ class Inbox { '/inbox', array( array( - 'methods' => WP_REST_Server::EDITABLE, + 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( self::class, 'shared_inbox_post' ), 'args' => self::shared_inbox_post_parameters(), 'permission_callback' => '__return_true', @@ -51,7 +51,7 @@ class Inbox { '/users/(?P[\w\-\.]+)/inbox', array( array( - 'methods' => WP_REST_Server::EDITABLE, + 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( self::class, 'user_inbox_post' ), 'args' => self::user_inbox_post_parameters(), 'permission_callback' => '__return_true', diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php index d15831a..e1a1037 100644 --- a/includes/rest/class-server.php +++ b/includes/rest/class-server.php @@ -86,7 +86,7 @@ class Server { } // POST-Requets are always signed - if ( 'post' === \strtolower( $request->get_method() ) ) { + if ( 'get' !== \strtolower( $request->get_method() ) ) { $verified_request = Signature::verify_http_signature( $request ); if ( \is_wp_error( $verified_request ) ) { return $verified_request; diff --git a/readme.txt b/readme.txt index 7faed3d..c4bcb7b 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nur Tags: OStatus, fediverse, activitypub, activitystream Requires at least: 4.7 Tested up to: 6.3 -Stable tag: 1.0.5 +Stable tag: 1.0.6 Requires PHP: 5.6 License: MIT License URI: http://opensource.org/licenses/MIT @@ -105,6 +105,10 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). += 1.0.6 = + +* Fixed: more restrictive request verification + = 1.0.5 = * Fixed: compatibility with WebFinger and NodeInfo plugin