diff --git a/includes/class-activitypub.php b/includes/class-activitypub.php index e9498d1..6f654c5 100644 --- a/includes/class-activitypub.php +++ b/includes/class-activitypub.php @@ -39,8 +39,6 @@ class Activitypub { \add_action( 'in_plugin_update_message-' . ACTIVITYPUB_PLUGIN_BASENAME, array( self::class, 'plugin_update_message' ) ); - \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 15, 2 ); - // register several post_types self::register_post_types(); } @@ -337,32 +335,6 @@ class Activitypub { ); } - /** - * Adds line breaks to the list of allowed comment tags. - * - * @param array $allowed_tags Allowed HTML tags. - * @param string $context Context. - * - * @return array Filtered tag list. - */ - public static function allowed_comment_html( $allowed_tags, $context = '' ) { - if ( 'pre_comment_content' !== $context ) { - // Do nothing. - return $allowed_tags; - } - - // Add `p` and `br` to the list of allowed tags. - if ( ! array_key_exists( 'br', $allowed_tags ) ) { - $allowed_tags['br'] = array(); - } - - if ( ! array_key_exists( 'p', $allowed_tags ) ) { - $allowed_tags['p'] = array(); - } - - return $allowed_tags; - } - /** * Register the "Followers" Taxonomy * diff --git a/includes/collection/class-interactions.php b/includes/collection/class-interactions.php index 9ffa5da..08d6062 100644 --- a/includes/collection/class-interactions.php +++ b/includes/collection/class-interactions.php @@ -55,7 +55,7 @@ class Interactions { 'comment_post_ID' => $comment_post_id, 'comment_author' => \esc_attr( $meta['name'] ), 'comment_author_url' => \esc_url_raw( $meta['url'] ), - 'comment_content' => \addslashes( \wp_kses( $activity['object']['content'], 'pre_comment_content' ) ), + 'comment_content' => \addslashes( $activity['object']['content'] ), 'comment_type' => 'comment', 'comment_author_email' => '', 'comment_parent' => $parent_comment ? $parent_comment->comment_ID : 0, @@ -72,7 +72,6 @@ class Interactions { // disable flood control \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 ); - // do not require email for AP entries \add_filter( 'pre_option_require_name_email', '__return_false' ); // No nonce possible for this submission route @@ -82,11 +81,12 @@ class Interactions { return 'inactive'; } ); + \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 ); $comment = \wp_new_comment( $commentdata, true ); + \remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10 ); \remove_filter( 'pre_option_require_name_email', '__return_false' ); - // re-add flood control \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); @@ -113,14 +113,13 @@ class Interactions { //found a local comment id $commentdata = \get_comment( $object_comment_id, ARRAY_A ); $commentdata['comment_author'] = \esc_attr( $meta['name'] ? $meta['name'] : $meta['preferredUsername'] ); - $commentdata['comment_content'] = \addslashes( \wp_kses( $activity['object']['content'], 'pre_comment_content' ) ); + $commentdata['comment_content'] = \addslashes( $activity['object']['content'] ); if ( isset( $meta['icon']['url'] ) ) { $commentdata['comment_meta']['avatar_url'] = \esc_url_raw( $meta['icon']['url'] ); } // disable flood control \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 ); - // do not require email for AP entries \add_filter( 'pre_option_require_name_email', '__return_false' ); // No nonce possible for this submission route @@ -130,11 +129,12 @@ class Interactions { return 'inactive'; } ); + \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 ); $comment = \wp_update_comment( $commentdata, true ); + \remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10 ); \remove_filter( 'pre_option_require_name_email', '__return_false' ); - // re-add flood control \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); @@ -204,4 +204,30 @@ class Interactions { $comment_query = new WP_Comment_Query( $args ); return $comment_query->comments; } + + /** + * Adds line breaks to the list of allowed comment tags. + * + * @param array $allowed_tags Allowed HTML tags. + * @param string $context Context. + * + * @return array Filtered tag list. + */ + public static function allowed_comment_html( $allowed_tags, $context = '' ) { + if ( 'pre_comment_content' !== $context ) { + // Do nothing. + return $allowed_tags; + } + + // Add `p` and `br` to the list of allowed tags. + if ( ! array_key_exists( 'br', $allowed_tags ) ) { + $allowed_tags['br'] = array(); + } + + if ( ! array_key_exists( 'p', $allowed_tags ) ) { + $allowed_tags['p'] = array(); + } + + return $allowed_tags; + } } diff --git a/tests/test-class-activitypub-interactions.php b/tests/test-class-activitypub-interactions.php index 18bc734..6345095 100644 --- a/tests/test-class-activitypub-interactions.php +++ b/tests/test-class-activitypub-interactions.php @@ -82,9 +82,31 @@ class Test_Activitypub_Interactions extends WP_UnitTestCase { public function test_handle_create_rich() { $comment_id = Activitypub\Collection\Interactions::add_comment( $this->create_test_rich_object() ); - $comment = get_comment( $comment_id, ARRAY_A ); + $comment = get_comment( $comment_id, ARRAY_A ); $this->assertEquals( 'Hello
example

example

', $comment['comment_content'] ); + + $commentarray = array( + 'comment_post_ID' => $this->post_id, + 'comment_author' => 'Example User', + 'comment_author_url' => $this->user_url, + 'comment_content' => 'Hello
example

example

', + 'comment_type' => 'comment', + 'comment_author_email' => '', + 'comment_parent' => 0, + 'comment_meta' => array( + 'source_id' => 'https://example.com/123', + 'source_url' => 'https://example.com/example', + 'protocol' => 'activitypub', + ), + ); + + \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 ); + $comment_id = wp_new_comment( $commentarray ); + \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); + $comment = get_comment( $comment_id, ARRAY_A ); + + $this->assertEquals( 'Helloexampleexample', $comment['comment_content'] ); } public function test_convert_object_to_comment_not_reply_rejected() {