From 2ef72a0364ab5e031b11902d7a9ba9d15d24f941 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 12 Oct 2023 11:00:58 +0200 Subject: [PATCH 1/8] API changes --- README.md | 6 +++++- activitypub.php | 2 +- includes/rest/class-inbox.php | 4 ++-- includes/rest/class-server.php | 2 +- readme.txt | 6 +++++- 5 files changed, 14 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 34991a5..d9b7dfc 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **Tags:** OStatus, fediverse, activitypub, activitystream **Requires at least:** 4.7 **Tested up to:** 6.3 -**Stable tag:** 1.0.5 +**Stable tag:** 1.0.6 **Requires PHP:** 5.6 **License:** MIT **License URI:** http://opensource.org/licenses/MIT @@ -105,6 +105,10 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). +### 1.0.6 ### + +* Fixed: more restrictive request verification + ### 1.0.5 ### * Fixed: compatibility with WebFinger and NodeInfo plugin diff --git a/activitypub.php b/activitypub.php index 3ae2be9..8999a0a 100644 --- a/activitypub.php +++ b/activitypub.php @@ -3,7 +3,7 @@ * Plugin Name: ActivityPub * Plugin URI: https://github.com/pfefferle/wordpress-activitypub/ * Description: The ActivityPub protocol is a decentralized social networking protocol based upon the ActivityStreams 2.0 data format. - * Version: 1.0.5 + * Version: 1.0.6 * Author: Matthias Pfefferle & Automattic * Author URI: https://automattic.com/ * License: MIT diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php index 4ac2b7f..5d65b9b 100644 --- a/includes/rest/class-inbox.php +++ b/includes/rest/class-inbox.php @@ -38,7 +38,7 @@ class Inbox { '/inbox', array( array( - 'methods' => WP_REST_Server::EDITABLE, + 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( self::class, 'shared_inbox_post' ), 'args' => self::shared_inbox_post_parameters(), 'permission_callback' => '__return_true', @@ -51,7 +51,7 @@ class Inbox { '/users/(?P[\w\-\.]+)/inbox', array( array( - 'methods' => WP_REST_Server::EDITABLE, + 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( self::class, 'user_inbox_post' ), 'args' => self::user_inbox_post_parameters(), 'permission_callback' => '__return_true', diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php index d15831a..e1a1037 100644 --- a/includes/rest/class-server.php +++ b/includes/rest/class-server.php @@ -86,7 +86,7 @@ class Server { } // POST-Requets are always signed - if ( 'post' === \strtolower( $request->get_method() ) ) { + if ( 'get' !== \strtolower( $request->get_method() ) ) { $verified_request = Signature::verify_http_signature( $request ); if ( \is_wp_error( $verified_request ) ) { return $verified_request; diff --git a/readme.txt b/readme.txt index 7faed3d..c4bcb7b 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nur Tags: OStatus, fediverse, activitypub, activitystream Requires at least: 4.7 Tested up to: 6.3 -Stable tag: 1.0.5 +Stable tag: 1.0.6 Requires PHP: 5.6 License: MIT License URI: http://opensource.org/licenses/MIT @@ -105,6 +105,10 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). += 1.0.6 = + +* Fixed: more restrictive request verification + = 1.0.5 = * Fixed: compatibility with WebFinger and NodeInfo plugin From d564915fdf4aa3ddfa9dd928325e40d3dd356af4 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 12 Oct 2023 13:25:50 +0200 Subject: [PATCH 2/8] fix function call (#503) --- includes/class-mention.php | 1 + integration/class-webfinger.php | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/includes/class-mention.php b/includes/class-mention.php index 4aedfb0..d55e5f2 100644 --- a/includes/class-mention.php +++ b/includes/class-mention.php @@ -2,6 +2,7 @@ namespace Activitypub; use WP_Error; +use Activitypub\Webfinger; /** * ActivityPub Mention Class diff --git a/integration/class-webfinger.php b/integration/class-webfinger.php index e7e3935..177b417 100644 --- a/integration/class-webfinger.php +++ b/integration/class-webfinger.php @@ -1,6 +1,7 @@ Date: Thu, 12 Oct 2023 15:52:11 +0200 Subject: [PATCH 3/8] add filter to check if blog is public (#504) --- activitypub.php | 3 ++- includes/functions.php | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/activitypub.php b/activitypub.php index 8999a0a..2c8dcdc 100644 --- a/activitypub.php +++ b/activitypub.php @@ -15,6 +15,7 @@ namespace Activitypub; +use function Activitypub\is_blog_public; use function Activitypub\site_supports_blocks; require_once __DIR__ . '/includes/compat.php'; @@ -52,7 +53,7 @@ function rest_init() { Rest\Collection::init(); // load NodeInfo endpoints only if blog is public - if ( \get_option( 'blog_public', 1 ) ) { + if ( is_blog_public() ) { Rest\NodeInfo::init(); } } diff --git a/includes/functions.php b/includes/functions.php index df630d4..d5cd9f6 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -472,3 +472,12 @@ function site_supports_blocks() { function is_json( $data ) { return \is_array( \json_decode( $data, true ) ) ? true : false; } + +/** + * Check if a blog is public based on the `blog_public` option + * + * @return bollean True if public, false if not + */ +function is_blog_public() { + return (bool) apply_filters( 'activitypub_is_blog_public', \get_option( 'blog_public', 1 ) ); +} From b1773b5a0c723fe71b9eada80d59a09d768e41e7 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Fri, 13 Oct 2023 11:02:56 +0200 Subject: [PATCH 4/8] version bump --- README.md | 7 ++++++- activitypub.php | 2 +- readme.txt | 7 ++++++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d9b7dfc..93f3e85 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **Tags:** OStatus, fediverse, activitypub, activitystream **Requires at least:** 4.7 **Tested up to:** 6.3 -**Stable tag:** 1.0.6 +**Stable tag:** 1.0.7 **Requires PHP:** 5.6 **License:** MIT **License URI:** http://opensource.org/licenses/MIT @@ -105,6 +105,11 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). +### 1.0.7 ### + +* Fixed: broken function call +* Add: filter to hook into "is blog public" check + ### 1.0.6 ### * Fixed: more restrictive request verification diff --git a/activitypub.php b/activitypub.php index 2c8dcdc..521a379 100644 --- a/activitypub.php +++ b/activitypub.php @@ -3,7 +3,7 @@ * Plugin Name: ActivityPub * Plugin URI: https://github.com/pfefferle/wordpress-activitypub/ * Description: The ActivityPub protocol is a decentralized social networking protocol based upon the ActivityStreams 2.0 data format. - * Version: 1.0.6 + * Version: 1.0.7 * Author: Matthias Pfefferle & Automattic * Author URI: https://automattic.com/ * License: MIT diff --git a/readme.txt b/readme.txt index c4bcb7b..03e9b39 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nur Tags: OStatus, fediverse, activitypub, activitystream Requires at least: 4.7 Tested up to: 6.3 -Stable tag: 1.0.6 +Stable tag: 1.0.7 Requires PHP: 5.6 License: MIT License URI: http://opensource.org/licenses/MIT @@ -105,6 +105,11 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). += 1.0.7 = + +* Fixed: broken function call +* Add: filter to hook into "is blog public" check + = 1.0.6 = * Fixed: more restrictive request verification From c10c52dafc53dca1e56749c961227e09ae084656 Mon Sep 17 00:00:00 2001 From: Tim Serong Date: Sun, 15 Oct 2023 02:38:08 +1100 Subject: [PATCH 5/8] Fix typo "lenght" in help page (#511) --- includes/help.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/help.php b/includes/help.php index 3f0c7b9..d593d3e 100644 --- a/includes/help.php +++ b/includes/help.php @@ -11,7 +11,7 @@ '
' . \wp_kses( __( 'The post\'s title.', 'activitypub' ), array( 'code' => array() ) ) . '
' . '
[ap_content apply_filters="yes"]
' . '
' . \wp_kses( __( 'The post\'s content. With apply_filters you can decide if filters (apply_filters( \'the_content\', $content )) should be applied or not (default is yes). The values can be yes or no. apply_filters attribute is optional.', 'activitypub' ), array( 'code' => array() ) ) . '
' . - '
[ap_excerpt lenght="400"]
' . + '
[ap_excerpt length="400"]
' . '
' . \wp_kses( __( 'The post\'s excerpt (default 400 chars). length attribute is optional.', 'activitypub' ), array( 'code' => array() ) ) . '
' . '
[ap_permalink type="url"]
' . '
' . \wp_kses( __( 'The post\'s permalink. type can be either: url or html (an <a /> tag). type attribute is optional.', 'activitypub' ), array( 'code' => array() ) ) . '
' . From 7d96f67cb2cd226d5025ca329b15507330a0721a Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Mon, 16 Oct 2023 19:04:21 +0200 Subject: [PATCH 6/8] increase timeout (#518) because of several issues fix #514 --- includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/functions.php b/includes/functions.php index d5cd9f6..883cd3f 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -79,7 +79,7 @@ function get_remote_metadata_by_actor( $actor, $cached = true ) { } $short_timeout = function() { - return 3; + return 10; }; add_filter( 'activitypub_remote_get_timeout', $short_timeout ); $response = Http::get( $actor ); From c4daffe5c60c95d06c0b88aeba4d0537cb9813bb Mon Sep 17 00:00:00 2001 From: Matt Wiebe Date: Wed, 18 Oct 2023 16:20:06 -0500 Subject: [PATCH 7/8] Shortcodes: only register when needed --- activitypub.php | 1 - includes/class-shortcodes.php | 20 +++++++++++++------- includes/transformer/class-post.php | 6 ++++++ 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/activitypub.php b/activitypub.php index 521a379..f232c57 100644 --- a/activitypub.php +++ b/activitypub.php @@ -69,7 +69,6 @@ function plugin_init() { \add_action( 'init', array( __NAMESPACE__ . '\Collection\Followers', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Admin', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Hashtag', 'init' ) ); - \add_action( 'init', array( __NAMESPACE__ . '\Shortcodes', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Mention', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Health_Check', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Scheduler', 'init' ) ); diff --git a/includes/class-shortcodes.php b/includes/class-shortcodes.php index 43be17b..708aa61 100644 --- a/includes/class-shortcodes.php +++ b/includes/class-shortcodes.php @@ -5,14 +5,9 @@ use function Activitypub\esc_hashtag; class Shortcodes { /** - * Class constructor, registering WordPress then Shortcodes + * Register the shortcodes */ - public static function init() { - // do not load on admin pages - if ( is_admin() ) { - return; - } - + public static function register() { foreach ( get_class_methods( self::class ) as $shortcode ) { if ( 'init' !== $shortcode ) { add_shortcode( 'ap_' . $shortcode, array( self::class, $shortcode ) ); @@ -20,6 +15,17 @@ class Shortcodes { } } + /** + * Unregister the shortcodes + */ + public static function unregister() { + foreach ( get_class_methods( self::class ) as $shortcode ) { + if ( 'init' !== $shortcode ) { + remove_shortcode( 'ap_' . $shortcode ); + } + } + } + /** * Generates output for the 'ap_hashtags' shortcode * diff --git a/includes/transformer/class-post.php b/includes/transformer/class-post.php index 6e2f0aa..9250afe 100644 --- a/includes/transformer/class-post.php +++ b/includes/transformer/class-post.php @@ -5,6 +5,7 @@ use WP_Post; use Activitypub\Collection\Users; use Activitypub\Model\Blog_User; use Activitypub\Activity\Base_Object; +use Activitypub\Shortcodes; use function Activitypub\esc_hashtag; use function Activitypub\is_single_user; @@ -466,6 +467,8 @@ class Post { $post = $this->wp_post; $content = $this->get_post_content_template(); + // Register our shortcodes just in time. + Shortcodes::register(); // Fill in the shortcodes. setup_postdata( $post ); $content = do_shortcode( $content ); @@ -477,6 +480,9 @@ class Post { $content = \apply_filters( 'activitypub_the_content', $content, $post ); + // Don't need these any more, should never appear in a post. + Shortcodes::unregister(); + return $content; } From ff58070a5e9cc25223b5504645aab3fa4789f476 Mon Sep 17 00:00:00 2001 From: Matt Wiebe Date: Wed, 18 Oct 2023 16:21:20 -0500 Subject: [PATCH 8/8] Revert "Shortcodes: only register when needed" This reverts commit c4daffe5c60c95d06c0b88aeba4d0537cb9813bb. --- activitypub.php | 1 + includes/class-shortcodes.php | 20 +++++++------------- includes/transformer/class-post.php | 6 ------ 3 files changed, 8 insertions(+), 19 deletions(-) diff --git a/activitypub.php b/activitypub.php index f232c57..521a379 100644 --- a/activitypub.php +++ b/activitypub.php @@ -69,6 +69,7 @@ function plugin_init() { \add_action( 'init', array( __NAMESPACE__ . '\Collection\Followers', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Admin', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Hashtag', 'init' ) ); + \add_action( 'init', array( __NAMESPACE__ . '\Shortcodes', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Mention', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Health_Check', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Scheduler', 'init' ) ); diff --git a/includes/class-shortcodes.php b/includes/class-shortcodes.php index 708aa61..43be17b 100644 --- a/includes/class-shortcodes.php +++ b/includes/class-shortcodes.php @@ -5,9 +5,14 @@ use function Activitypub\esc_hashtag; class Shortcodes { /** - * Register the shortcodes + * Class constructor, registering WordPress then Shortcodes */ - public static function register() { + public static function init() { + // do not load on admin pages + if ( is_admin() ) { + return; + } + foreach ( get_class_methods( self::class ) as $shortcode ) { if ( 'init' !== $shortcode ) { add_shortcode( 'ap_' . $shortcode, array( self::class, $shortcode ) ); @@ -15,17 +20,6 @@ class Shortcodes { } } - /** - * Unregister the shortcodes - */ - public static function unregister() { - foreach ( get_class_methods( self::class ) as $shortcode ) { - if ( 'init' !== $shortcode ) { - remove_shortcode( 'ap_' . $shortcode ); - } - } - } - /** * Generates output for the 'ap_hashtags' shortcode * diff --git a/includes/transformer/class-post.php b/includes/transformer/class-post.php index 9250afe..6e2f0aa 100644 --- a/includes/transformer/class-post.php +++ b/includes/transformer/class-post.php @@ -5,7 +5,6 @@ use WP_Post; use Activitypub\Collection\Users; use Activitypub\Model\Blog_User; use Activitypub\Activity\Base_Object; -use Activitypub\Shortcodes; use function Activitypub\esc_hashtag; use function Activitypub\is_single_user; @@ -467,8 +466,6 @@ class Post { $post = $this->wp_post; $content = $this->get_post_content_template(); - // Register our shortcodes just in time. - Shortcodes::register(); // Fill in the shortcodes. setup_postdata( $post ); $content = do_shortcode( $content ); @@ -480,9 +477,6 @@ class Post { $content = \apply_filters( 'activitypub_the_content', $content, $post ); - // Don't need these any more, should never appear in a post. - Shortcodes::unregister(); - return $content; }