diff --git a/README.md b/README.md
index 34991a5..93f3e85 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
**Tags:** OStatus, fediverse, activitypub, activitystream
**Requires at least:** 4.7
**Tested up to:** 6.3
-**Stable tag:** 1.0.5
+**Stable tag:** 1.0.7
**Requires PHP:** 5.6
**License:** MIT
**License URI:** http://opensource.org/licenses/MIT
@@ -105,6 +105,15 @@ Where 'blog' is the path to the subdirectory at which your blog resides.
Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub).
+### 1.0.7 ###
+
+* Fixed: broken function call
+* Add: filter to hook into "is blog public" check
+
+### 1.0.6 ###
+
+* Fixed: more restrictive request verification
+
### 1.0.5 ###
* Fixed: compatibility with WebFinger and NodeInfo plugin
diff --git a/activitypub.php b/activitypub.php
index 3ae2be9..521a379 100644
--- a/activitypub.php
+++ b/activitypub.php
@@ -3,7 +3,7 @@
* Plugin Name: ActivityPub
* Plugin URI: https://github.com/pfefferle/wordpress-activitypub/
* Description: The ActivityPub protocol is a decentralized social networking protocol based upon the ActivityStreams 2.0 data format.
- * Version: 1.0.5
+ * Version: 1.0.7
* Author: Matthias Pfefferle & Automattic
* Author URI: https://automattic.com/
* License: MIT
@@ -15,6 +15,7 @@
namespace Activitypub;
+use function Activitypub\is_blog_public;
use function Activitypub\site_supports_blocks;
require_once __DIR__ . '/includes/compat.php';
@@ -52,7 +53,7 @@ function rest_init() {
Rest\Collection::init();
// load NodeInfo endpoints only if blog is public
- if ( \get_option( 'blog_public', 1 ) ) {
+ if ( is_blog_public() ) {
Rest\NodeInfo::init();
}
}
diff --git a/includes/class-mention.php b/includes/class-mention.php
index cf9b95a..8f782b5 100644
--- a/includes/class-mention.php
+++ b/includes/class-mention.php
@@ -2,6 +2,7 @@
namespace Activitypub;
use WP_Error;
+use Activitypub\Webfinger;
/**
* ActivityPub Mention Class
diff --git a/includes/functions.php b/includes/functions.php
index a00c213..afb9d51 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -79,7 +79,7 @@ function get_remote_metadata_by_actor( $actor, $cached = true ) {
}
$short_timeout = function() {
- return 3;
+ return 10;
};
add_filter( 'activitypub_remote_get_timeout', $short_timeout );
$response = Http::get( $actor );
@@ -715,3 +715,12 @@ function site_supports_blocks() {
function is_json( $data ) {
return \is_array( \json_decode( $data, true ) ) ? true : false;
}
+
+/**
+ * Check if a blog is public based on the `blog_public` option
+ *
+ * @return bollean True if public, false if not
+ */
+function is_blog_public() {
+ return (bool) apply_filters( 'activitypub_is_blog_public', \get_option( 'blog_public', 1 ) );
+}
diff --git a/includes/help.php b/includes/help.php
index 3f0c7b9..d593d3e 100644
--- a/includes/help.php
+++ b/includes/help.php
@@ -11,7 +11,7 @@
'' . \wp_kses( __( 'The post\'s title.', 'activitypub' ), array( 'code' => array() ) ) . '' .
'[ap_content apply_filters="yes"]' .
'' . \wp_kses( __( 'The post\'s content. With apply_filters you can decide if filters (apply_filters( \'the_content\', $content )) should be applied or not (default is yes). The values can be yes or no. apply_filters attribute is optional.', 'activitypub' ), array( 'code' => array() ) ) . '' .
- '[ap_excerpt lenght="400"]' .
+ '[ap_excerpt length="400"]' .
'' . \wp_kses( __( 'The post\'s excerpt (default 400 chars). length attribute is optional.', 'activitypub' ), array( 'code' => array() ) ) . '' .
'[ap_permalink type="url"]' .
'' . \wp_kses( __( 'The post\'s permalink. type can be either: url or html (an <a /> tag). type attribute is optional.', 'activitypub' ), array( 'code' => array() ) ) . '' .
diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php
index 9010df8..7901c78 100644
--- a/includes/rest/class-inbox.php
+++ b/includes/rest/class-inbox.php
@@ -38,7 +38,7 @@ class Inbox {
'/inbox',
array(
array(
- 'methods' => WP_REST_Server::EDITABLE,
+ 'methods' => WP_REST_Server::CREATABLE,
'callback' => array( self::class, 'shared_inbox_post' ),
'args' => self::shared_inbox_post_parameters(),
'permission_callback' => '__return_true',
@@ -51,7 +51,7 @@ class Inbox {
'/users/(?P[\w\-\.]+)/inbox',
array(
array(
- 'methods' => WP_REST_Server::EDITABLE,
+ 'methods' => WP_REST_Server::CREATABLE,
'callback' => array( self::class, 'user_inbox_post' ),
'args' => self::user_inbox_post_parameters(),
'permission_callback' => '__return_true',
diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php
index d15831a..e1a1037 100644
--- a/includes/rest/class-server.php
+++ b/includes/rest/class-server.php
@@ -86,7 +86,7 @@ class Server {
}
// POST-Requets are always signed
- if ( 'post' === \strtolower( $request->get_method() ) ) {
+ if ( 'get' !== \strtolower( $request->get_method() ) ) {
$verified_request = Signature::verify_http_signature( $request );
if ( \is_wp_error( $verified_request ) ) {
return $verified_request;
diff --git a/integration/class-webfinger.php b/integration/class-webfinger.php
index e7e3935..177b417 100644
--- a/integration/class-webfinger.php
+++ b/integration/class-webfinger.php
@@ -1,6 +1,7 @@