diff --git a/includes/class-activity-dispatcher.php b/includes/class-activity-dispatcher.php index b21da0f..dc3d31c 100644 --- a/includes/class-activity-dispatcher.php +++ b/includes/class-activity-dispatcher.php @@ -103,7 +103,7 @@ class Activity_Dispatcher { } if ( ! $user_id ) { - $user_id = $transformer->get_wp_user_id(); + $user_id = $transformer->get_wp_user_id(); } if ( is_user_disabled( $user_id ) ) { @@ -115,8 +115,8 @@ class Activity_Dispatcher { // TODO: properly fix this for the instance-to-instance federation with Mobilizon. // Error: // Failed to map identity from signature (payload actor mismatch) - // key_id=http://wp.lan/wp-json/activitypub/1.0/application, actor=http://wp.lan/@blog - // Of course, the announce must be sent as the Application actor because he also signed it! + // key_id=http://wp.lan/wp-json/activitypub/1.0/application, actor=http://wp.lan/@blog + // Of course, the announce must be sent as the Application actor because he also signed it! if ( Users::APPLICATION_USER_ID === $user_id ) { $activity->set_actor( get_rest_url_by_path( 'application' ) ); } diff --git a/includes/collection/class-follow-requests.php b/includes/collection/class-follow-requests.php index 7f75d48..be7afad 100644 --- a/includes/collection/class-follow-requests.php +++ b/includes/collection/class-follow-requests.php @@ -26,8 +26,8 @@ class Follow_Requests { * @return \Activitypub\Model\Follow|null The Follower object or null */ public static function get_follow_requests_for_user( $user_id, $per_page, $page, $args ) { - $order = isset($args['order']) && strtolower($args['order']) === 'asc' ? 'ASC' : 'DESC'; - $orderby = isset($args['orderby']) ? sanitize_text_field($args['orderby']) : 'published'; + $order = isset( $args['order'] ) && strtolower( $args['order'] ) === 'asc' ? 'ASC' : 'DESC'; + $orderby = isset( $args['orderby'] ) ? sanitize_text_field( $args['orderby'] ) : 'published'; global $wpdb; $follow_requests = $wpdb->get_results( @@ -39,14 +39,16 @@ class Follow_Requests { WHERE follow_request.post_type = 'ap_follow_request' AND meta.meta_key = 'activitypub_user_id' AND meta.meta_value = %s - ORDER BY {$orderby} {$order} + ORDER BY %s %s LIMIT %d OFFSET %d", + $orderby, + $order, $user_id, $per_page, 0 ) ); - $total_items = $wpdb->get_var("SELECT FOUND_ROWS()"); + $total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' ); return compact( 'follow_requests', 'total_items' ); } diff --git a/includes/collection/class-followers.php b/includes/collection/class-followers.php index a70bd5e..8d83805 100644 --- a/includes/collection/class-followers.php +++ b/includes/collection/class-followers.php @@ -253,7 +253,7 @@ class Followers { return $query->found_posts; } - + /** * Returns all Inboxes fo a Users Followers * @@ -266,7 +266,7 @@ class Followers { // $inboxes = wp_cache_get( $cache_key, 'activitypub' ); // if ( $inboxes ) { - // return $inboxes; + // return $inboxes; // } // get all Followers of a ID of the WordPress User @@ -318,7 +318,7 @@ class Followers { 'key' => 'activitypub_user_id', 'value' => $user_id, ), - ), + ), ) ); } @@ -335,7 +335,7 @@ class Followers { $follower_ids ) ); - + $inboxes = array_filter( $results ); wp_cache_set( $cache_key, $inboxes, 'activitypub' ); diff --git a/includes/handler/class-follow.php b/includes/handler/class-follow.php index 4e97653..e935cfd 100644 --- a/includes/handler/class-follow.php +++ b/includes/handler/class-follow.php @@ -56,14 +56,13 @@ class Follow { // we can not get the Remote-Inbox return; } - + // save follow request by this follower $follow_request = Follow_Request::save( $follower, $user_id, $activity['id'] ); if ( ! $user->get_manually_approves_followers() ) { $follow_request->approve(); } - } /** diff --git a/includes/model/class-application-user.php b/includes/model/class-application-user.php index 1d1d414..9a671b2 100644 --- a/includes/model/class-application-user.php +++ b/includes/model/class-application-user.php @@ -31,7 +31,7 @@ class Application_User extends Blog_User { /** * The instance actor by default must manually approve all followers. - * + * * @var boolean */ protected $manually_approves_followers = true; diff --git a/includes/model/class-follow-request.php b/includes/model/class-follow-request.php index be83c79..bcb9edf 100644 --- a/includes/model/class-follow-request.php +++ b/includes/model/class-follow-request.php @@ -24,7 +24,7 @@ class Follow_Request extends Base_Object { /** * Stores theinternal WordPress post id of the post of type ap_follow_request - * + * * @var string */ protected $_id; @@ -61,13 +61,13 @@ class Follow_Request extends Base_Object { */ public static function get_follow_request_id_by_uri( $uri ) { global $wpdb; - return $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE guid=%s", esc_sql( $uri ) ) ); + return $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE guid=%s", esc_sql( $uri ) ) ); } /** * Check if the follow request is valid which means it fits to the already stored data. - * + * * @param Follow_Request $follow_request The follow request to be checked. * @return bool Whether the follow request is valid. */ @@ -79,11 +79,11 @@ class Follow_Request extends Base_Object { return false; } - $id = self::get_follow_request_id_by_uri( $follow_request->get_id() ); + $id = self::get_follow_request_id_by_uri( $follow_request->get_id() ); if ( ! $id || is_wp_error( $id ) ) { return false; } - if ( self::FOLLOW_REQUEST_POST_TYPE != get_post_type( $id) ) { + if ( self::FOLLOW_REQUEST_POST_TYPE != get_post_type( $id ) ) { return false; } @@ -100,12 +100,12 @@ class Follow_Request extends Base_Object { * @return Follow_Request $follow_request */ public static function from_wp_id( $id ) { - if ( self::FOLLOW_REQUEST_POST_TYPE != get_post_type( $id ) ){ + if ( self::FOLLOW_REQUEST_POST_TYPE != get_post_type( $id ) ) { return; } $post = get_post( $id ); - $follow_request = new static; + $follow_request = new static(); $follow_request->set_id( $post->guid ); $follow_request->set__id( $post->ID ); $follow_request->set_type( 'Follow' ); @@ -133,24 +133,23 @@ class Follow_Request extends Base_Object { 'post_status' => 'pending', 'post_parent' => $follower_id, 'meta_input' => $meta_input, - 'mime_type' => 'text/plain' + 'mime_type' => 'text/plain', ); $post_id = wp_insert_post( $args ); - return self::from_wp_id( $post_id ); } /** * Check if the user is allowed to handle this follow request. - * + * * Usually needed for the ajax functions. * @return bool Whether the user is allowed. */ public function can_handle_follow_request() { - $target_actor = get_post_meta( $this->get__id(), 'activitypub_user_id'); - if ( get_current_user_id() == $target_actor || current_user_can( 'manage_options' )) { + $target_actor = get_post_meta( $this->get__id(), 'activitypub_user_id' ); + if ( get_current_user_id() == $target_actor || current_user_can( 'manage_options' ) ) { return true; } } @@ -159,7 +158,7 @@ class Follow_Request extends Base_Object { * Reject the follow request */ public function reject() { - wp_update_post( + wp_update_post( array( 'ID' => $this->get__id(), 'post_status' => 'rejected', @@ -173,7 +172,7 @@ class Follow_Request extends Base_Object { * Approve the follow request */ public function approve() { - wp_update_post( + wp_update_post( array( 'ID' => $this->get__id(), 'post_status' => 'approved', @@ -184,7 +183,7 @@ class Follow_Request extends Base_Object { /** * Delete the follow request - * + * * This should only be called after it has been rejected. */ public function delete() { @@ -195,12 +194,12 @@ class Follow_Request extends Base_Object { * Prepere the sending of the follow request response and hand it over to the sending handler. */ public function send_response( $type ) { - $user_id = get_post_meta( $this->get__id(), 'activitypub_user_id')[0]; + $user_id = get_post_meta( $this->get__id(), 'activitypub_user_id' )[0]; $user = Users::get_by_id( $user_id ); $follower_id = wp_get_post_parent_id( $this->get__id() ); $follower = Follower::init_from_cpt( get_post( $follower_id ) ); - + $actor = $follower->get_id(); $object = array( @@ -210,6 +209,6 @@ class Follow_Request extends Base_Object { 'object' => $user, ); - do_action( 'activitypub_send_follow_response', $user, $follower, $object, $type); + do_action( 'activitypub_send_follow_response', $user, $follower, $object, $type ); } } diff --git a/includes/model/class-follower.php b/includes/model/class-follower.php index 591f01a..442db0a 100644 --- a/includes/model/class-follower.php +++ b/includes/model/class-follower.php @@ -40,7 +40,7 @@ class Follower extends Actor { public function get__id() { return $this->_id; } - + /** * Get the Summary. * diff --git a/includes/table/class-follow-requests.php b/includes/table/class-follow-requests.php index 5cbd965..696fe36 100644 --- a/includes/table/class-follow-requests.php +++ b/includes/table/class-follow-requests.php @@ -51,7 +51,7 @@ class Follow_Requests extends WP_List_Table { public function get_sortable_columns() { $sortable_columns = array( - 'status' => array( 'status', false), + 'status' => array( 'status', false ), 'name' => array( 'name', true ), 'modified' => array( 'modified', false ), 'published' => array( 'published', false ), @@ -179,21 +179,30 @@ class Follow_Requests extends WP_List_Table { } public function ajax_response() { - $follow_action = $_REQUEST['follow_action']; - $id = $_REQUEST['follow_request']; - wp_verify_nonce( $_REQUEST['_wpnonce'], "activitypub_{$follow_action}_follow_request" ); - $follow_request = Follow_Request::from_wp_id( $id ); + global $_REQUEST; + $follow_action = isset( $_REQUEST['follow_action'] ) ? sanitize_title( wp_unslash( $_REQUEST['follow_action'] ) ) : null; + $follow_request_id = isset( $_REQUEST['follow_request'] ) ? (int) $_REQUEST['follow_request'] : null; + $wp_nonce = isset( $_REQUEST['_wpnonce'] ) ? (int) $_REQUEST['_wpnonce'] : null; + if ( ! $follow_action || ! $follow_request_id || ! $wp_nonce ) { + return; + } + wp_verify_nonce( $wp_nonce, "activitypub_{$follow_action}_follow_request" ); + $follow_request = Follow_Request::from_wp_id( $follow_request_id ); + if ( $follow_request->can_handle_follow_request() ) { switch ( $follow_action ) { case 'approve': $follow_request->approve(); wp_die( 'approved' ); + break; case 'reject': $follow_request->reject(); wp_die( 'rejected' ); + break; case 'delete': $follow_request->delete(); wp_die( 'deleted' ); + break; } } return; @@ -214,39 +223,53 @@ class Follow_Requests extends WP_List_Table { } else { $type = 'hidden'; } + switch ( $follow_action ) { + case 'approve': + $follow_action_text = __( 'Approve', 'activitypub' ); + break; + case 'delete': + $follow_action_text = __( 'Delete', 'activitypub' ); + break; + case 'reject': + $follow_action_text = __( 'Reject', 'activitypub' ); + break; + default: + return; + } + printf( '', esc_attr( $type ), - esc_attr__( ucfirst( $follow_action ), 'activitypub' ), + esc_attr( $follow_action_text ), esc_url( $url ) ); } - public function column_action($item) { + public function column_action( $item ) { $status = $item['status']; - printf('
' ); } public function process_action() {