From 53e176e938c282ad886fcab3dad59c52e84dcb3d Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Wed, 9 Oct 2024 12:47:09 +0200 Subject: [PATCH 1/4] fix callback issue --- includes/rest/class-inbox.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php index d4a104f6..ea550295 100644 --- a/includes/rest/class-inbox.php +++ b/includes/rest/class-inbox.php @@ -13,7 +13,6 @@ use Activitypub\Activity\Activity; use Activitypub\Collection\Users as User_Collection; use function Activitypub\get_context; -use function Activitypub\object_to_uri; use function Activitypub\url_to_authorid; use function Activitypub\get_rest_url_by_path; use function Activitypub\get_masked_wp_version; @@ -244,7 +243,7 @@ class Inbox { $params['actor'] = array( 'required' => true, - 'sanitize_callback' => 'object_to_uri', + 'sanitize_callback' => '\Activitypub\object_to_uri', ); $params['type'] = array( From 37d34ab50e4cca2bf248c51c116b7fdde016203f Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Wed, 9 Oct 2024 12:57:00 +0200 Subject: [PATCH 2/4] version bump --- CHANGELOG.md | 12 ++++++++++++ README.md | 8 +++++++- activitypub.php | 4 ++-- readme.txt | 8 +++++++- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03439708..87baccb2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [3.3.3] - 2024-10-09 + +### Fixed + +* Sanitization callback + +### Improved + +* A lot of PHPCS cleanups +* Prepare multi-lang support + ## [3.3.2] - 2024-10-02 ### Fixed @@ -958,6 +969,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * initial +[3.3.3]: https://github.com/Automattic/wordpress-activitypub/compare/3.3.2...3.3.3 [3.3.2]: https://github.com/Automattic/wordpress-activitypub/compare/3.3.1...3.3.2 [3.3.1]: https://github.com/Automattic/wordpress-activitypub/compare/3.3.0...3.3.1 [3.3.0]: https://github.com/Automattic/wordpress-activitypub/compare/3.2.5...3.3.0 diff --git a/README.md b/README.md index 1aebc86b..b67eaab9 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **Tags:** OStatus, fediverse, activitypub, activitystream **Requires at least:** 5.5 **Tested up to:** 6.6 -**Stable tag:** 3.3.2 +**Stable tag:** 3.3.3 **Requires PHP:** 7.0 **License:** MIT **License URI:** http://opensource.org/licenses/MIT @@ -150,6 +150,12 @@ For reasons of data protection, it is not possible to see the followers of other ## Changelog ## +### 3.3.3 ### + +* Fixed: Sanitization callback +* Improved: A lot of PHPCS cleanups +* Improved: Prepare multi-lang support + ### 3.3.2 ### * Fixed: Keep priority of Icons diff --git a/activitypub.php b/activitypub.php index 69ecbaaf..145f5182 100644 --- a/activitypub.php +++ b/activitypub.php @@ -3,7 +3,7 @@ * Plugin Name: ActivityPub * Plugin URI: https://github.com/pfefferle/wordpress-activitypub/ * Description: The ActivityPub protocol is a decentralized social networking protocol based upon the ActivityStreams 2.0 data format. - * Version: 3.3.2 + * Version: 3.3.3 * Author: Matthias Pfefferle & Automattic * Author URI: https://automattic.com/ * License: MIT @@ -22,7 +22,7 @@ use WP_CLI; require_once __DIR__ . '/includes/compat.php'; require_once __DIR__ . '/includes/functions.php'; -\define( 'ACTIVITYPUB_PLUGIN_VERSION', '3.3.2' ); +\define( 'ACTIVITYPUB_PLUGIN_VERSION', '3.3.3' ); /** * Initialize the plugin constants. diff --git a/readme.txt b/readme.txt index 72f72284..ebe777b0 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nur Tags: OStatus, fediverse, activitypub, activitystream Requires at least: 5.5 Tested up to: 6.6 -Stable tag: 3.3.2 +Stable tag: 3.3.3 Requires PHP: 7.0 License: MIT License URI: http://opensource.org/licenses/MIT @@ -148,6 +148,12 @@ For reasons of data protection, it is not possible to see the followers of other == Changelog == += 3.3.3 = + +* Fixed: Sanitization callback +* Improved: A lot of PHPCS cleanups +* Improved: Prepare multi-lang support + = 3.3.2 = * Fixed: Keep priority of Icons From ded55bd4df9118b8e1fe4eec608f2e34dab95578 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Wed, 9 Oct 2024 17:28:56 +0200 Subject: [PATCH 3/4] optimize validation --- includes/handler/class-create.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/includes/handler/class-create.php b/includes/handler/class-create.php index ebc3722b..ce3d370d 100644 --- a/includes/handler/class-create.php +++ b/includes/handler/class-create.php @@ -95,6 +95,10 @@ class Create { public static function validate_object( $valid, $param, $request ) { $json_params = $request->get_json_params(); + if ( empty( $json_params['type'] ) ) { + return false; + } + if ( 'Create' !== $json_params['type'] || is_wp_error( $request ) @@ -109,6 +113,10 @@ class Create { 'content', ); + if ( ! is_array( $object ) ) { + return false; + } + if ( array_intersect( $required, array_keys( $object ) ) !== $required ) { return false; } From d532f8be06f0e3539f30ba1500dab95d391a99c6 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Wed, 9 Oct 2024 17:40:27 +0200 Subject: [PATCH 4/4] A shared Inbox does not need a User-ID. --- includes/rest/class-inbox.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php index ea550295..b5f5fa9b 100644 --- a/includes/rest/class-inbox.php +++ b/includes/rest/class-inbox.php @@ -276,6 +276,9 @@ class Inbox { public static function shared_inbox_post_parameters() { $params = self::user_inbox_post_parameters(); + // A shared Inbox does not need a User-ID. + unset( $params['user_id'] ); + $params['to'] = array( 'required' => false, 'sanitize_callback' => function ( $param ) {