From ca646588d2b64af1621221b4a862b9275b02f4c6 Mon Sep 17 00:00:00 2001
From: Matthias Pfefferle <pfefferle@users.noreply.github.com>
Date: Tue, 25 Apr 2023 20:44:54 +0200
Subject: [PATCH] ignore `www` subdomain when comparing hosts

fix #290
---
 includes/rest/class-webfinger.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/includes/rest/class-webfinger.php b/includes/rest/class-webfinger.php
index d41cf25..10dcfa4 100644
--- a/includes/rest/class-webfinger.php
+++ b/includes/rest/class-webfinger.php
@@ -54,15 +54,16 @@ class Webfinger {
 		$resource = \str_replace( 'acct:', '', $resource );
 
 		$resource_identifier = \substr( $resource, 0, \strrpos( $resource, '@' ) );
-		$resource_host = \substr( \strrchr( $resource, '@' ), 1 );
+		$resource_host = \str_replace( 'www.', '', \substr( \strrchr( $resource, '@' ), 1 ) );
+		$blog_host = \str_replace( 'www.', '', \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) );
 
-		if ( \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) !== $resource_host ) {
+		if ( $blog_host !== $resource_host ) {
 			return new WP_Error( 'activitypub_wrong_host', \__( 'Resource host does not match blog host', 'activitypub' ), array( 'status' => 404 ) );
 		}
 
 		$user = \get_user_by( 'login', \esc_sql( $resource_identifier ) );
 
-		if ( ! $user || ! user_can( $user, 'publish_posts' ) ) {
+		if ( ! $user || ! \user_can( $user, 'publish_posts' ) ) {
 			return new WP_Error( 'activitypub_user_not_found', \__( 'User not found', 'activitypub' ), array( 'status' => 404 ) );
 		}