Commit graph

702 commits

Author SHA1 Message Date
Matthias Pfefferle
336f3e5a62
Fix various encoding issues (#477)
* fix html-entity issue in username

* remove kses

let other platforms decide what to allow and what not

* Remove html_entity_decode to prevent encoding issues (#454)

I've tested this on content which includes MarkDown, HTML, encoded entities, unencoded entities, etc.

Fixes #445

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>

* remove allowed tags

---------

Co-authored-by: Terence Eden <edent@users.noreply.github.com>
2023-10-02 17:11:56 +02:00
Matthias Pfefferle
46b1b4797a update text
thanks @mattwiebe
2023-09-28 17:26:39 +02:00
Matthias Pfefferle
ebc6433213 better mastodon compatibility 2023-09-28 14:38:48 +02:00
Matthias Pfefferle
0b8997d4ff
check if blog-user collides with a username (#471)
* check if blog-user collides with a username

See #470

* added changes proposed by @mattwiebe
2023-09-28 09:15:48 +02:00
Matthias Pfefferle
4cec52189a fix text 2023-09-27 11:20:05 +02:00
Matthias Pfefferle
b3e5bad89c
reduce number of checks when system cron is not used (#472)
* reduce number of checks when system cron is not used

* add health check
2023-09-27 11:14:52 +02:00
Matthias Pfefferle
bcb88eb06f
add moderators as attributed_to (#473) 2023-09-27 11:08:55 +02:00
Matthias Pfefferle
444c4b2837
Fixes PHP warnings and remote delete (#468)
* fix #463

* fix delete

/cc #465 @janboddez

* add disclaimer to not use the same name as an author login

see #470

* check if url is cached before trashing it
2023-09-27 11:05:11 +02:00
Matthias Pfefferle
20d15bc95d
fix is_single_user (#474) 2023-09-26 21:04:51 +02:00
Aslak Raanes
963b2795a6
Move [ap_hashtags] last in post in Content (#462) 2023-09-23 00:15:10 +02:00
Matthias Pfefferle
0d635d5dd1
More Group meta-data to play nicely with existing platforms (#441)
* more group friendly settings

* change http code

* Fix Actor-Type

* fix check if value is set

* only ignore null

* better posting_restricted_to_mods handling

* remove user namespace from moderators endpoint

thanks for the feedback @mattwiebe
2023-09-22 09:38:59 +02:00
Matt Wiebe
dd29775ae4
Activity: try to parse image IDs using blocks (#460)
This will prevent the issue of attaching images that don't were uploaded to the post but not used in the post

The post needs to be using blocks to get the introspection required.
2023-09-22 09:21:49 +02:00
Alex Kirk
008ae52a53
Hashtags, Mentions: Use a tag stack instead of regex for protecting tags (#455)
* Use a tag stack instead of regex for protecting tags

* Use the placeholder in the test

* Add comments

* Update comment

* ignor html comments

thanks @marcS0H

---------

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
2023-09-21 17:03:57 +02:00
Matthias Pfefferle
addd7dd8a1
better handling when data is missing (#444)
* better handling when data is missing

* WP_Error: add translation key and status

* do not use cache for cleanup and update

* better queries
2023-09-21 16:26:17 +02:00
Matthias Pfefferle
55e39a0b24 fix https://github.com/Automattic/wordpress-activitypub/issues/399#issuecomment-1725167874 2023-09-21 10:49:19 +02:00
Matthias Pfefferle
4a94eae877
add path to route (#438)
* add path to route

fix #421

* added changelog entry
2023-09-21 09:04:51 +02:00
Matthias Pfefferle
0763316009
add status message if it might be returned by API (#448) 2023-09-21 09:03:24 +02:00
Jeremy Herve
fe07d5eb32
Blocks: short-circuit early on sites that do not support blocks (#431)
* Blocks: short-circuit early on sites that do not support blocks

Fixes #430

This is typically only the case for sites using a custom version of WordPress, like ClassicPress.

* let grunt build the markdown

* Check for block support earlier and add filter

One can now deactivate the blocks registered by ActivityPub like so:

```
add_filter( 'activitypub_site_supports_blocks', '__return_false' );
```

* Fix readme (gotta remember to use grunt)

* alias function

---------

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
2023-09-15 10:38:47 +02:00
Jeremy Herve
2568f6651d
Post images: fix a typo in the hook name (#429)
* Post images: fix a typo in the hook name

Follow-up to #309

It should be '_post', not twice '_pre'.

* let grunt create the readme.md

---------

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
2023-09-14 19:50:27 +02:00
Terence Eden
163d9e931c
Follow redirects in class-webfinger.php (#423)
Fixes #422
2023-09-13 19:29:41 +02:00
Matthias Pfefferle
5fbf931d41 sanitize user_login 2023-09-11 11:33:31 +02:00
Matt Wiebe
8a74aa5891
Store keypairs as options keyed to user IDs. (#416) 2023-09-07 22:04:39 +02:00
Matthias Pfefferle
8dcbe0c6fd
fix Secops issues (#411) 2023-09-05 21:03:25 +02:00
Django
2ad9bf9148
Link remote comments to source url (#415) 2023-09-05 08:48:50 +02:00
Matt Wiebe
a91c1c23c8
Add default blog user icon (#412)
* add a default WP icon for the blog user

---------

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
2023-09-01 12:08:27 -05:00
Matthias Pfefferle
2705172b77
Fix some signature and application user issues (#410)
* Fix some signature and application user issues

* it seems that firefish needs at least an inbox also for application users

* prepare domain change

* use https

* fix PHPDoc

* remove image check

---------

Co-authored-by: Matt Wiebe <wiebe@automattic.com>
2023-09-01 18:32:56 +02:00
Dennis
26ad8975d7
Normalize Hashtag behavior in Mastodon Apps (#407)
* Update class-hashtag.php

* Update class-shortcodes.php

* fix unit tests

* missed two tests

---------

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
2023-08-31 15:04:17 +02:00
Matt Wiebe
c748d12d89
fix lint issues (#406) 2023-08-30 14:23:20 -05:00
Matt Wiebe
7aea1e8263
Add "Follow Me" block (#395)
The Follow Me block helps site visitors to follow you in the fediverse
---------

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
2023-08-30 14:14:57 -05:00
Matt Wiebe
d38bf60d11
add site logo support to blog user (#400) 2023-08-16 21:39:55 -05:00
Matt Wiebe
9e73081668
deactivate the akismet nonce when processing our comments (#391) 2023-08-16 10:12:31 -05:00
Matt Wiebe
78870cd206
Revert User::get_webfinger_identifier (#398)
we already have `User::get_resource` to do the same
2023-08-16 07:52:26 -05:00
Matt Wiebe
d6ff82b337
adds a get_webfinger_identifier method (#397)
also `get_at_url` needed an update for the Blog User, who would throw an error otherwise
2023-08-15 18:22:58 -05:00
Matthias Pfefferle
14b91cf760
remote-follow endpoint (#392)
Some checks failed
PHP_CodeSniffer / phpcs (push) Failing after 2s
Unit Testing / phpunit (5.6, 6.2) (push) Failing after 2s
Unit Testing / phpunit (7.0) (push) Failing after 2s
Unit Testing / phpunit (7.2) (push) Failing after 2s
Unit Testing / phpunit (7.3) (push) Failing after 2s
Unit Testing / phpunit (7.4) (push) Failing after 2s
Unit Testing / phpunit (8.0) (push) Failing after 2s
Unit Testing / phpunit (8.1) (push) Failing after 2s
Unit Testing / phpunit (8.2) (push) Failing after 2s
Unit Testing / phpunit (latest) (push) Failing after 2s
Plugin asset/readme update / Push to master (push) Failing after 1s
Adds an endpoint at `users/$user_id/follow-me` to return the follow template for a remote user, to enable following them more easily.
2023-08-11 17:41:34 -05:00
Matthias Pfefferle
69ba1c87e1 fix sticky posts endpoint
Some checks failed
PHP_CodeSniffer / phpcs (push) Failing after 2s
Unit Testing / phpunit (5.6, 6.2) (push) Failing after 2s
Unit Testing / phpunit (7.0) (push) Failing after 2s
Unit Testing / phpunit (7.2) (push) Failing after 2s
Unit Testing / phpunit (7.3) (push) Failing after 3s
Unit Testing / phpunit (7.4) (push) Failing after 2s
Unit Testing / phpunit (8.0) (push) Failing after 3s
Unit Testing / phpunit (8.1) (push) Failing after 2s
Unit Testing / phpunit (8.2) (push) Failing after 3s
Unit Testing / phpunit (latest) (push) Failing after 2s
Plugin asset/readme update / Push to master (push) Failing after 18s
2023-08-11 11:16:06 +02:00
Matthias Pfefferle
626203002a only include the minimum required fields for Accept call 2023-08-11 09:24:45 +02:00
Matthias Pfefferle
30eb07ba17 add missing "type"
see https://git.joinfirefish.org/firefish/firefish/-/issues/10650#note_1011
2023-08-11 09:23:49 +02:00
Matthias Pfefferle
bc7e173fe0 also allow JSON 2023-08-11 09:22:46 +02:00
Matthias Pfefferle
6e2656311b oops 2023-08-10 15:35:10 +02:00
Matthias Pfefferle
1fd0cca185 fix check! 2023-08-10 15:10:07 +02:00
Matthias Pfefferle
fcc9603920 fix typo 2023-08-09 14:15:05 +02:00
Matthias Pfefferle
7de3696c2c fix @context 2023-08-09 14:13:58 +02:00
Matthias Pfefferle
21afec8586 fix rewrite rule 2023-08-09 13:58:42 +02:00
Matthias Pfefferle
049046be70
update endpoints (#390)
* add collection endpoint

* show featured posts

* more consistant wording

* backwards compatibility with php7.x

* compatibility with php5.6

* use ACTIVITYPUB_AUTHORIZED_FETCH instead

because the ACTIVITYPUB_SECURE_MODE could be misinterpreted with disabling the security mechanisms completely.

* the blog user follows all authors of a blog

if not in single_user mode

* phpdoc

* adding changes based on feedback from @jeherve

* global namespace

* better hashtag handling

should also fix #373 #239

thanks @jeherve for help and feedback!

* fix workflow
2023-08-09 13:07:30 +02:00
Matt Wiebe
48632a7e1b
Add inbox create/react actions (#387)
This will help us to debug why comments fail
2023-08-02 12:03:32 -05:00
Matthias Pfefferle
062c2af4c6 use 'comment' instead of empty string 2023-08-02 18:19:21 +02:00
Matthias Pfefferle
2ba6f6b8a7 Add upgrade notice 2023-08-02 10:44:56 +02:00
Matthias Pfefferle
3c0ee1aeba add actions pre running the http GET/POST requests
/cc @mattwiebe
2023-08-02 09:00:45 +02:00
Matthias Pfefferle
338c63d3e1
re-add post model (#386) 2023-08-01 18:37:16 +02:00
Matthias Pfefferle
3afed5b296
Add/small improvements (#384)
* flush rewrite rules after migration

* some activity improvements

* equate usernames with and without `.`

Can we equate `@notiz.blog@notiz.blog` with `@notizblog@notiz.blog`?

* better NodeInfo compatibility check

* fix `extract_name_from_uri`

* reset user check

* re-added action

* fix check
2023-07-31 20:15:11 +02:00
Matt Wiebe
02ffa27498
Followers block: don't disable frontend links (#381)
* only disable follower links in Editor
* allow updating the title
* Enable selectable users based on settings
2023-07-28 10:56:04 -05:00
Matthias Pfefferle
a89a106f21 fall back to preferred username 2023-07-28 15:18:48 +02:00
Matthias Pfefferle
070c9cae85 small improvements 2023-07-28 10:34:10 +02:00
Matthias Pfefferle
835af08848 some small fixes 2023-07-28 10:28:55 +02:00
Matthias Pfefferle
d2af87c259 ignore phpcs warning 2023-07-28 09:50:30 +02:00
Matthias Pfefferle
799280a808 fix default username 2023-07-28 00:47:20 +02:00
Matthias Pfefferle
e12cfa44ac
workaround for special chars (#379) 2023-07-28 00:39:22 +02:00
Matt Wiebe
f49e15bfbf
Ensure everything is loaded properly after #376 (#378)
Also fixes an spl_autoload bug
2023-07-27 19:35:28 +02:00
Matthias Pfefferle
be26a18214
fix issue with where multiple migrations run at the same time (#377) 2023-07-27 18:27:41 +02:00
Matthias Pfefferle
c0867de4c0
fix domain change issue on .com (#374)
This should fix the issue on .com that saves the subdomain.wordpress.com domain to the options table before custom domain is set.
2023-07-27 10:40:29 -05:00
Matthias Pfefferle
d456e86d1a fix escaping 2023-07-27 17:30:35 +02:00
Matt Wiebe
5b9dadd6fd
Followers Block (#344)
Introduces a new Followers block. Proudly display your Fediverse followers to the world!

---------

Co-authored-by: Matthias Pfefferle <pfefferle@users.noreply.github.com>
2023-07-26 15:05:41 -05:00
Matthias Pfefferle
b25231a355
Remove obsolete code
https://github.com/Automattic/wordpress-activitypub/pull/370#issuecomment-1652053210
2023-07-26 19:16:36 +02:00
Jeremy Herve
4ed4143d21
Post class: declare $attachments property
This should avoid PHP notices like this one when running PHP 8.2:

PHP Deprecated:  Creation of dynamic property Activitypub\Transformer\Post::$attachments is deprecated in /var/www/html/wp-content/plugins/activitypub/includes/transformer/class-post.php on line 249
2023-07-26 12:02:18 +02:00
Matthias Pfefferle
3834288922 fix issue with API endpoint of WordPress.com 2023-07-25 14:34:14 +02:00
Matthias Pfefferle
38cd0b973b fix ID 2023-07-25 13:47:49 +02:00
Matthias Pfefferle
921ca0c1c6 fix actions 2023-07-25 10:47:59 +02:00
Matthias Pfefferle
36a139698d update URLs 2023-07-24 13:59:29 +02:00
Matthias Pfefferle
dd1c0a3bb5
Merge pull request #365 from Automattic/fix/cleanup 2023-07-20 23:30:39 +02:00
Matthias Pfefferle
3b88d5e36c update checks 2023-07-20 15:19:19 +02:00
Matthias Pfefferle
f734e511f7 fix tests 2023-07-20 14:53:34 +02:00
Matthias Pfefferle
44a81742aa Add settings to en/disable user types (for .org users) 2023-07-20 14:21:32 +02:00
Matthias Pfefferle
98143d9a90 phpcs:ignores 2023-07-20 13:25:28 +02:00
Matthias Pfefferle
c288fbe021 some more checks if a blog is in single user mode or not 2023-07-20 10:57:14 +02:00
Matthias Pfefferle
201ee16f37 fix some issues and re-add "ACTIVITYPUB_SINGLE_USER_MODE" const 2023-07-20 10:12:59 +02:00
Matt Wiebe
3512206d48 phpcbf fixes 2023-07-19 20:39:58 -05:00
Matt Wiebe
cc168c7d40 more lint nom 2023-07-18 15:13:53 -05:00
Matt Wiebe
2596713213 Lint: now clean 2023-07-18 15:02:27 -05:00
Matthias Pfefferle
7b83fddfe0 fix predictability and collision 2023-07-18 14:36:33 +02:00
Matthias Pfefferle
ee3574a8a3
Merge pull request #362 from Automattic/short-code-hardening
Hardening the use of a shortcode
2023-07-18 08:31:11 +02:00
Matthias Pfefferle
f4c8264e9a move function to Shortcode class 2023-07-18 08:20:09 +02:00
Matthias Pfefferle
bf8acf9f51 use wp_rand and change hashtags too 2023-07-18 08:14:28 +02:00
Alex Kirk
ab6aefe446 Add missing output escaping 2023-07-18 06:30:06 +02:00
Matthias Pfefferle
964ceee869 fix tests 2023-07-17 17:23:13 +02:00
Matthias Pfefferle
d7e9d54063 Checks if item (WP_Post) is "public", a supported post type and not password protected. 2023-07-17 15:25:30 +02:00
Matthias Pfefferle
0f54ea465e fix CSRF flaw 2023-07-17 14:37:17 +02:00
Matthias Pfefferle
626616a747 always use host as default username 2023-07-14 11:29:03 +02:00
Matthias Pfefferle
5ae978a8bc user_id could be an int and meta always returns strings
remove strict comparison in this case and add tests to verify the correct behaviour
2023-07-13 10:35:15 +02:00
Matthias Pfefferle
00fbc296b3 fix #343 2023-07-11 14:48:49 +02:00
Matthias Pfefferle
4a82edcd22 Revert "fix #358"
This reverts commit ad18edbcea.
2023-07-11 14:48:04 +02:00
Matthias Pfefferle
ad18edbcea fix #358 2023-07-11 14:40:31 +02:00
Matthias Pfefferle
002d4e7981 refactoring 2023-07-11 14:34:11 +02:00
Matthias Pfefferle
e0d767ed98 Fix WebFinger endpoint 2023-07-11 14:26:07 +02:00
Matthias Pfefferle
57bc4214b7 If the Blog is in "single user" mode, return "Person" insted of "Group". 2023-07-11 09:28:10 +02:00
Matthias Pfefferle
befd0d4f1e do not persist data in a getter! 2023-07-11 09:21:16 +02:00
Matthias Pfefferle
a461ea3b1f some refactorings 2023-07-11 09:09:37 +02:00
Matthias Pfefferle
0ab61b6441 make is_user_disabled filterable 2023-07-11 08:58:50 +02:00
Matthias Pfefferle
d5a389420d some fixes based on the feedback of @mattwiebe 2023-07-11 08:53:18 +02:00
Matthias Pfefferle
8920c60c61 final fixes and more tests 2023-07-10 15:14:37 +02:00
Matthias Pfefferle
be6d8a1792 fix activity 2023-07-10 14:59:12 +02:00