Commit graph

468 commits

Author SHA1 Message Date
Django Doucet
3d4ae84573 Add secure mode to content negotiated requests 2023-05-05 14:40:30 -06:00
Django Doucet
9202c19730 Add secure mode to REST get requests 2023-05-05 14:39:33 -06:00
Django Doucet
6c95a23d10 phpcbf 2023-05-05 13:45:38 -06:00
Django Doucet
0b4bada2b6 enable secure mode 2023-05-05 13:24:59 -06:00
Django Doucet
656a2b0f44 remove unneeded filter 2023-05-05 13:22:47 -06:00
Django Doucet
14f3c3985b code style 2023-05-05 13:00:21 -06:00
Django Doucet
9d30f2c1dd phpcbf 2023-05-05 12:55:12 -06:00
Django Doucet
c5ca061805 Add helper format_server_request 2023-05-05 12:53:43 -06:00
Django Doucet
35496f5026 get_public_key support application actor 2023-05-05 12:52:24 -06:00
Django Doucet
e827221ee6 service actor as application actor 2023-05-05 12:09:12 -06:00
Django Doucet
27636b62d5 Add Service actor for signing get requests 2023-05-05 12:02:12 -06:00
Django
2bebc88b78
fix undefined get_remote_metadata_by_actor
Not tested
2023-05-05 11:47:52 -06:00
Django Doucet
3a0fef27e0 Merge branch 'master' into signature_verification 2023-05-05 09:54:16 -06:00
Django Doucet
6b68f0763d hold off secure mode 2023-05-05 07:49:27 -06:00
Matthias Pfefferle
6ba8156e50 fix #320 2023-05-05 14:40:17 +02:00
Matthias Pfefferle
8aa3f53dbd no need to use Followers any more 2023-05-05 10:22:01 +02:00
Matthias Pfefferle
e57dd0590d
Merge branch 'master' into signature_verification 2023-05-05 10:15:26 +02:00
Matthias Pfefferle
77112c441f formatting 2023-05-05 09:57:47 +02:00
Jeremy Herve
a914495215
Profile settings: use string instead of constant
Follow-up from #304

Since we do not use a constant anywhere else just yet, let's keep using a string in the settings page.
2023-05-05 09:35:21 +02:00
Jeremy Herve
c7dc55047d
Merge pull request #309 from jeherve/update/jetpack-photon-filter 2023-05-04 18:02:10 +02:00
Matthias Pfefferle
f1eb095add
Merge branch 'master' into schedule 2023-05-04 15:18:02 +02:00
Matthias Pfefferle
cec4ed2e3f init follower update scheduler 2023-05-04 15:17:05 +02:00
Matthias Pfefferle
26e5a1d3f6
Merge branch 'master' into rewrite-followers 2023-05-04 09:33:55 +02:00
Matthias Pfefferle
e489a04880 remove unused constants 2023-05-04 09:32:52 +02:00
Matthias Pfefferle
144356bf8a remove unused second param 2023-05-04 08:50:44 +02:00
Matthias Pfefferle
f07869c7d1 be sure to always update date 2023-05-03 15:11:20 +02:00
Matthias Pfefferle
7127b0a568 oops 2023-05-03 14:54:34 +02:00
Matthias Pfefferle
72f72e79b8 use custom (more error tolerant) version for migration 2023-05-03 14:50:36 +02:00
Matthias Pfefferle
be0f25f3d3 fail if get_remote_metadata_by_actor returns error
because it is not even possible to send `Accept` or `Reject` response.
2023-05-03 14:50:16 +02:00
Matthias Pfefferle
dea5f38561 better error handling 2023-05-02 14:39:25 +02:00
Matthias Pfefferle
077c43bf95 single migration scripts should not be public 2023-05-02 14:35:53 +02:00
Matthias Pfefferle
66942e6c62 fix error detection 2023-05-02 13:54:21 +02:00
Matthias Pfefferle
958b712e5b Merge branch 'signature_verification' of https://github.com/mediaformat/wordpress-activitypub into pr/299 2023-05-02 09:50:11 +02:00
Matthias Pfefferle
857fae9db1 serve_request is not needed any more
this was only for handling the signing, so no more need for that
2023-05-02 09:50:08 +02:00
Matthias Pfefferle
654cdd4174
Update includes/class-migration.php
Co-authored-by: Alex Kirk <akirk@users.noreply.github.com>
2023-05-02 09:37:11 +02:00
Matthias Pfefferle
725fc0cecd fix function call 2023-05-02 09:29:29 +02:00
Matthias Pfefferle
22946ec779 change migration script to match plugin version
/cc @akirk
2023-05-02 09:27:35 +02:00
Matthias Pfefferle
be73f99b59
Update includes/class-migration.php
Co-authored-by: Alex Kirk <akirk@users.noreply.github.com>
2023-04-28 18:13:59 +02:00
Matthias Pfefferle
9cd33ad544
Update includes/class-migration.php
Co-authored-by: Alex Kirk <akirk@users.noreply.github.com>
2023-04-28 18:13:16 +02:00
Matthias Pfefferle
a673504d36
Merge branch 'master' into rewrite-followers 2023-04-28 17:38:30 +02:00
Matthias Pfefferle
7c47f9a07c clean up admin settings 2023-04-28 15:12:30 +02:00
Matthias Pfefferle
02e0acdf69 fix indents 2023-04-28 14:39:33 +02:00
Matthias Pfefferle
9966427fd3
Merge branch 'master' into feature/165/fediverse-biography 2023-04-28 14:36:17 +02:00
Matthias Pfefferle
f2355cd960 fix typo 2023-04-28 11:23:40 +02:00
Matthias Pfefferle
5ef41dea02 schedule migration because it takes quite some time 2023-04-28 09:54:09 +02:00
Matthias Pfefferle
fb3d6d2634 fix phpcs 2023-04-27 14:49:39 +02:00
Matthias Pfefferle
b97d364140
Merge pull request #311 from pfefferle/ignore-www
ignore `www` subdomain when comparing hosts
2023-04-27 14:46:06 +02:00
Matthias Pfefferle
02e3488fd7 remove debugging stuff 2023-04-27 14:45:38 +02:00
Matthias Pfefferle
230aaa5b24 prepare migration 2023-04-27 14:34:54 +02:00
Matthias Pfefferle
ec822535c9 Follower object should not make any remote calls 2023-04-27 09:57:50 +02:00
Matthias Pfefferle
b8c86915b5 add missing phpdoc 2023-04-26 17:24:27 +02:00
Matthias Pfefferle
0ee1266c30 add sanitize callbacks 2023-04-26 17:23:28 +02:00
Matthias Pfefferle
4a4a06de37 get_follower requires user_id check 2023-04-26 17:22:44 +02:00
Jeremy Herve
bd75603fc7
Remove comment about Jetpack's Photon 2023-04-26 10:47:49 +02:00
Jeremy Herve
e16e119e6c
Switch to general actions and filter
As a result, we will not modify the images within the ActivityPub plugin, but the hooks will allow third-parties to do it on their end.

See discussion: https://github.com/pfefferle/wordpress-activitypub/pull/309#issuecomment-1521488186
2023-04-26 10:45:35 +02:00
Matthias Pfefferle
c70080a0c6
Merge pull request #312 from akirk/protect-img-tags
Protect img tags from replacing mentions
2023-04-26 10:11:15 +02:00
Alex Kirk
98619dc319 Protect img tags from replacing mentions 2023-04-26 10:08:22 +02:00
Matthias Pfefferle
ca646588d2 ignore www subdomain when comparing hosts
fix #290
2023-04-25 20:44:54 +02:00
Matthias Pfefferle
d1f6973d9b re-add mention functionality
not perfect but works as expected
2023-04-25 11:59:08 +02:00
Jeremy Herve
da63763ddc
Compat: only disable Jetpack's image CDN via filter
This follows the discussion in #307.

1. Do not disable Jetpack's image CDN in ActivityPub requests by default.
2. Add a new filter, activitypub_images_use_jetpack_image_cdn, that site owners can use to disable Jetpack's Image CDN if they'd like to.
3. Extract image getting into its own method for improved readability.
2023-04-25 10:54:21 +02:00
Matthias Pfefferle
764a091046 fix unit tests 2023-04-25 09:31:28 +02:00
Matthias Pfefferle
377fc94161 php doc 2023-04-25 09:09:07 +02:00
Matthias Pfefferle
84a82c2ac4 added follower model 2023-04-24 20:46:51 +02:00
Jeremy Herve
56d2b7e8be
Update to handle both old and new versions of Jetpack
See https://github.com/Automattic/jetpack/pull/30050/
2023-04-24 09:51:08 +02:00
Jeremy Herve
3f4c44db05
Compatibility: do not serve images with Jetpack CDN when active
When Jetpack's image CDN is active, core calls to retrieve images return an image served by the CDN.

Since Fediverse instances usually fetch and cache the data themselves, we do not need to use the CDN for those images when returned by the ActivityPub plugin. In fact, we really do not want that to happen, as Fediverse instances may get errors when trying to fetch images from the CDN (they may get blocked / rate-limited / ...).

Let's hook into Jetpack's CDN to avoid that.
2023-04-24 09:51:08 +02:00
Matthias Pfefferle
47dc2f72d1 fix "bulk replace" issue 2023-04-24 09:49:06 +02:00
Matthias Pfefferle
77415ef510 Remove "(Fediverse)" 2023-04-23 22:57:03 +02:00
Matthias Pfefferle
28c077e422 Add URL 2023-04-23 22:56:45 +02:00
Django Doucet
b641cb03f3 fix phpcs 2023-04-21 16:16:52 -06:00
Django Doucet
023ba25f38 PHPDoc 2023-04-21 15:27:02 -06:00
Django Doucet
f396c6da4e Optimize verification code and returns WP_Errors 2023-04-21 15:25:39 -06:00
Alex Kirk
4ed4d06fd5 Add comment 2023-04-21 17:41:04 +02:00
Django Doucet
7dbce74a96 ensure signature block has algorithm 2023-04-21 09:36:17 -06:00
Alex Kirk
45ae73bb06 Add Vary header 2023-04-21 17:20:48 +02:00
Django Doucet
1631f1c7dc fix rest api endpoint 2023-04-21 09:18:24 -06:00
Django Doucet
d23ff46073 fix merge omission 2023-04-21 08:45:10 -06:00
Matthias Pfefferle
ef536cc977 verify requests 2023-04-21 16:40:46 +02:00
Matthias Pfefferle
ebc9b6ac8d naming improvements 2023-04-21 16:34:47 +02:00
Matthias Pfefferle
3c86e94d9a remove followers 2023-04-21 16:25:15 +02:00
Matthias Pfefferle
32194c31df phpDoc 2023-04-21 15:57:49 +02:00
Matthias Pfefferle
734750b796 use collection also for rest endpoints 2023-04-21 15:57:41 +02:00
Matthias Pfefferle
75e9b1e281 deprecate old functions 2023-04-21 15:57:21 +02:00
Django Doucet
036ee3180b move signature verification to callback 2023-04-21 07:53:12 -06:00
Django Doucet
bb21803b18 Add Secure mode setting 2023-04-21 07:48:19 -06:00
Django Doucet
038bf25b2e remove guessing function 2023-04-21 07:48:19 -06:00
Matthias Pfefferle
7769d76849 use a taxonomy to save the list of followers 2023-04-21 14:56:22 +02:00
Matthias Pfefferle
a8b963ec26 some code cleanups 2023-04-21 08:51:38 +02:00
Matthias Pfefferle
5faddba511 this function should not work without $request 2023-04-21 08:51:25 +02:00
Matthias Pfefferle
804ef25822 count only users that can publish_posts 2023-04-21 08:42:51 +02:00
Matthias Pfefferle
5a6f8aff02
Merge branch 'master' into signature_verification 2023-04-20 22:23:15 +02:00
Matthias Pfefferle
eeb3ba2952 remove unused "use function" 2023-04-20 15:32:38 +02:00
Matthias Pfefferle
c32eec2390 some code cleanup 2023-04-20 15:22:11 +02:00
Matthias Pfefferle
cf426ab8ab
Merge pull request #265 from pfefferle/optimize-publish
optimize publishing
2023-04-20 15:04:34 +02:00
Django Doucet
590c990e21 phpcs 2023-04-14 23:59:04 -06:00
Django Doucet
30d78417d8 Fixes key retrieval 2023-04-14 23:53:43 -06:00
Matthias Pfefferle
15adf639a8
Merge pull request #302 from jeherve/fix/warning-webfinger-no-user 2023-04-10 16:41:40 +02:00
Jeremy Herve
643c47dcb7
Webfinger info: avoid PHP warning when user isn't defined
This should avoid warnings like this one:

```
PHP Warning:  Attempt to read property "user_login" on bool in /var/www/html/wp-content/plugins/activitypub/includes/class-webfinger.php on line 27
```
2023-04-10 13:10:46 +02:00
Django Doucet
e1722cd4d3 Simplify signature_algorithm 2023-04-05 13:25:39 -06:00
Django Doucet
3a0f62b092 phpcs 2023-04-04 20:36:25 -06:00
Django Doucet
9eb903ac15 phpcs compat 2023-04-04 20:33:00 -06:00
Django Doucet
502bf8b5a6 Get actor from key with non-standard uri 2023-04-04 19:58:08 -06:00
Django Doucet
d6169f4bc3 Add content-length header if present in sig headers 2023-04-02 20:38:10 -06:00
Django Doucet
2293c0b3d7 use verify_http_signature in validate_callback
rename verify_signature
2023-04-02 16:38:39 -06:00
Django Doucet
90b45438b2 cleanup 2023-04-02 00:30:17 -06:00
Django Doucet
504bbb9999 code style phpcs 2023-04-01 23:59:49 -06:00
Django Doucet
0c7cec3eba Fix signature parse verification 2023-04-01 10:17:56 -06:00
Sören Wrede
7d11d3e208 Fix documentation and typos. 2023-03-23 08:35:26 +01:00
Edward Ficklin
aed033c03e nonce verification 2023-03-14 20:47:30 -04:00
Edward Ficklin
8b92e9d47e escape output 2023-03-14 20:35:14 -04:00
Edward Ficklin
01532692f1 template helper function for displaying fedi bio, if set 2023-03-14 13:36:47 -04:00
Edward Ficklin
3ed96471de add profile field and save handling for fediverse specific bio 2023-03-14 13:36:12 -04:00
Django Doucet
8f80a70ee5 Merge branch 'master' into signature_verification 2023-03-11 16:12:05 -07:00
Django Doucet
a6b057b69d Merge branch 'master' into signature_verification 2023-03-11 16:10:29 -07:00
Matthias Pfefferle
c99d25b12e whitelist more html elements
fix #285
2023-03-03 08:56:15 +01:00
Matthias Pfefferle
753f964ce9 fix #286 2023-03-03 08:55:23 +01:00
Matthias Pfefferle
2274bd0074 check if post is password protected 2023-02-27 08:15:02 +01:00
Matthias Pfefferle
72f12de96a remove scripts later in the queue 2023-02-20 21:18:03 +01:00
Matthias Pfefferle
08ce46a1a4
Merge branch 'master' into optimize-publish 2023-02-20 18:22:17 +01:00
Matthias Pfefferle
21cff7f24b version bump 2023-02-20 18:17:02 +01:00
Matthias Pfefferle
73ae7a5d75 fix content creation
and added tests
2023-02-20 18:08:10 +01:00
Matthias Pfefferle
b0149739fa remove line breaks 2023-02-20 08:58:12 +01:00
Matthias Pfefferle
873066115d strip style and script elements 2023-02-20 08:55:23 +01:00
Matthias Pfefferle
e2c1dc28b5 fix #281 2023-02-16 09:12:01 +01:00
Matthias Pfefferle
92b11a3926 use html version of the link as before 2023-02-08 10:06:22 +01:00
Matthias Pfefferle
c89d8f2265 fix #269 2023-02-02 18:13:21 +01:00
Matthias Pfefferle
70859212d6 fix #196 2023-02-02 08:50:17 +01:00
Matthias Pfefferle
531bdc17b0 fix #266 2023-02-02 08:18:10 +01:00
Matthias Pfefferle
73ae47e377 PHPDoc 2023-02-02 07:24:27 +01:00
Matthias Pfefferle
de32cb7b73 add changes also to the object 2023-02-02 02:36:29 +01:00
Matthias Pfefferle
365d5dd499 fix outbox 2023-02-02 02:35:57 +01:00
Matthias Pfefferle
e52181fd37 fix tests 2023-02-02 02:04:06 +01:00
Matthias Pfefferle
3c84be1691 fix unit tests 2023-02-02 01:50:20 +01:00
Matthias Pfefferle
e015da7f8f optimize publishing 2023-02-02 01:42:15 +01:00
Matthias Pfefferle
d4b1edcf39 fix update and delete dispatcher 2023-02-01 00:13:55 +01:00
Matthias Pfefferle
bc8cb19c5d add an option to disable content filters 2023-01-31 18:43:11 +01:00
Matthias Pfefferle
24648d6d74 fix server config
See: https://wordpress.org/support/topic/jetpack-conflict-15/
2023-01-31 09:56:48 +01:00
Alex Kirk
7e3a5f4e68 Handle double protect 2023-01-27 17:23:25 +01:00
Alex Kirk
6ea46c5024 Protect cdata 2023-01-27 16:59:15 +01:00
Alex Kirk
e7894f4c4a Also protect <pre> 2023-01-27 16:55:52 +01:00
Alex Kirk
cbfe6ea431 Protect code HTML 2023-01-27 16:50:04 +01:00
Alex Kirk
3706e61842 Revert adding an argument 2023-01-27 15:48:29 +01:00
Alex Kirk
840d144327 Avoid replacing mentions inside links 2023-01-27 15:48:29 +01:00
Alex Kirk
b3e71ff803 Short-circuit well-known example domains 2023-01-27 15:48:28 +01:00
Alex Kirk
3db9489b5c phpcs 2023-01-27 15:48:28 +01:00
Alex Kirk
8391e713c9 Cache more metadata and webfinger results 2023-01-27 15:48:28 +01:00
Alex Kirk
7d598d92a8 Revert erroneous changes 2023-01-27 15:48:28 +01:00
Alex Kirk
0925405430 Fix missing id 2023-01-27 15:48:28 +01:00
Alex Kirk
483e0a85b2 Extract mentions from the unmodified post content. 2023-01-27 15:48:28 +01:00
Alex Kirk
99b316db34 Rework inboxes for cc 2023-01-27 15:48:28 +01:00
Alex Kirk
05575fe6e7 Add test for a normal dispatch activity 2023-01-27 15:48:28 +01:00