From 7c0cb7f3e81176d8428239ba1edec469a24bfad5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20H=C3=BCsken?= <mail@danielhuesken.de>
Date: Mon, 14 Oct 2024 11:23:07 +0200
Subject: [PATCH 1/4] Fixfor urls and hashtags in profiles are not converted
 (#940)

---
 includes/class-hashtag.php | 6 +++---
 includes/class-link.php    | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/includes/class-hashtag.php b/includes/class-hashtag.php
index db62f436..5b1738c9 100644
--- a/includes/class-hashtag.php
+++ b/includes/class-hashtag.php
@@ -33,11 +33,11 @@ class Hashtag {
 	 */
 	public static function filter_activity_object( $activity ) {
 		/* phpcs:ignore Squiz.PHP.CommentedOutCode.Found
-		Removed until this is merged: https://github.com/mastodon/mastodon/pull/28629
-		if ( ! empty( $activity['summary'] ) ) {
+		Only changed it for Person and Group as long is not merged: https://github.com/mastodon/mastodon/pull/28629
+		*/
+		if ( ! empty( $activity['summary'] ) && in_array( $activity['type'], array( 'Person', 'Group' ), true ) ) {
 			$activity['summary'] = self::the_content( $activity['summary'] );
 		}
-		*/
 
 		if ( ! empty( $activity['content'] ) ) {
 			$activity['content'] = self::the_content( $activity['content'] );
diff --git a/includes/class-link.php b/includes/class-link.php
index 3c53f3bb..6da1233c 100644
--- a/includes/class-link.php
+++ b/includes/class-link.php
@@ -29,11 +29,11 @@ class Link {
 	 */
 	public static function filter_activity_object( $activity ) {
 		/* phpcs:ignore Squiz.PHP.CommentedOutCode.Found
-		Removed until this is merged: https://github.com/mastodon/mastodon/pull/28629
-		if ( ! empty( $activity['summary'] ) ) {
+		Only changed it for Person and Group as long is not merged: https://github.com/mastodon/mastodon/pull/28629
+		*/
+		if ( ! empty( $activity['summary'] ) && in_array( $activity['type'], array( 'Person', 'Group' ), true ) ) {
 			$activity['summary'] = self::the_content( $activity['summary'] );
 		}
-		*/
 
 		if ( ! empty( $activity['content'] ) ) {
 			$activity['content'] = self::the_content( $activity['content'] );

From 2ca33fdacdd0b233a2bb2f045a3a8f2d31bba53d Mon Sep 17 00:00:00 2001
From: Matthias Pfefferle <pfefferle@users.noreply.github.com>
Date: Tue, 15 Oct 2024 11:01:41 +0200
Subject: [PATCH 2/4] Make Intent-URL filterable (#936)

* Make Intent-URL filterable

Allow plugins to extend the Intent-URL with a custom-post type for example.

This PR also adds `post_type` to the "Query parameters" section.

See: https://github.com/Automattic/jetpack/pull/39738

* ensure that `in_reply_to` is the last param
---
 includes/functions.php | 38 +++++++++++++++++++++++++++++++++-----
 templates/toolbox.php  |  8 ++++++--
 templates/welcome.php  |  4 ++--
 3 files changed, 41 insertions(+), 9 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 8aad9766..799af97f 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1135,16 +1135,44 @@ function normalize_host( $host ) {
 	return \str_replace( 'www.', '', $host );
 }
 
+/**
+ * Get the reply intent URI as a JavaScript URI.
+ *
+ * @return string The reply intent URI.
+ */
+function get_reply_intent_js() {
+	return sprintf(
+		'javascript:(()=>{window.open(\'%s\'+encodeURIComponent(window.location.href));})();',
+		get_reply_intent_url()
+	);
+}
+
 /**
  * Get the reply intent URI.
  *
  * @return string The reply intent URI.
  */
-function get_reply_intent_uri() {
-	return sprintf(
-		'javascript:(()=>{window.open(\'%s\'+encodeURIComponent(window.location.href));})();',
-		esc_url( \admin_url( 'post-new.php?in_reply_to=' ) )
-	);
+function get_reply_intent_url() {
+	/**
+	 * Filters the reply intent parameters.
+	 *
+	 * @param array $params The reply intent parameters.
+	 */
+	$params = \apply_filters( 'activitypub_reply_intent_params', array() );
+
+	$params += array( 'in_reply_to' => '' );
+	$query   = \http_build_query( $params );
+	$path    = 'post-new.php?' . $query;
+	$url     = \admin_url( $path );
+
+	/**
+	 * Filters the reply intent URL.
+	 *
+	 * @param string $url The reply intent URL.
+	 */
+	$url = \apply_filters( 'activitypub_reply_intent_url', $url );
+
+	return esc_url_raw( $url );
 }
 
 /**
diff --git a/templates/toolbox.php b/templates/toolbox.php
index adc0b80b..21d786e3 100644
--- a/templates/toolbox.php
+++ b/templates/toolbox.php
@@ -16,7 +16,7 @@
 		<h3><?php esc_html_e( 'Install Bookmarklet', 'activitypub' ); ?></h3>
 		<p><?php esc_html_e( 'Drag and drop this button to your browser’s bookmark bar or save this bookmarklet to reply to posts on other websites from your blog! When visiting a post on another site, click the bookmarklet to start a reply.', 'activitypub' ); ?></p>
 		<p class="activitypub-bookmarklet-wrapper">
-			<a class="activitypub-bookmarklet button" onclick="return false;" href="<?php echo esc_url( \Activitypub\get_reply_intent_uri() ); ?>" style="cursor: grab;">
+			<a class="activitypub-bookmarklet button" onclick="return false;" href="<?php echo esc_attr( \Activitypub\get_reply_intent_js() ); ?>" style="cursor: grab;">
 				<?php // translators: The host (domain) of the Blog. ?>
 				<?php printf( esc_html__( 'Reply from %s', 'activitypub' ), esc_attr( \wp_parse_url( \home_url(), PHP_URL_HOST ) ) ); ?>
 			</a>
@@ -26,7 +26,7 @@
 				<?php esc_html_e( 'Or copy the following code and create a new bookmark. Paste the code into the new bookmark&#8217;s URL field.', 'activitypub' ); ?>
 			</p>
 			<p>
-				<textarea id="activitypub-bookmarklet-code" class="large-text activitypub-code" rows="5" readonly="readonly" aria-labelledby="activitypub-code-desc"><?php echo esc_textarea( \Activitypub\get_reply_intent_uri() ); ?></textarea>
+				<textarea id="activitypub-bookmarklet-code" class="large-text activitypub-code" rows="5" readonly="readonly" aria-labelledby="activitypub-code-desc"><?php echo esc_textarea( \Activitypub\get_reply_intent_js() ); ?></textarea>
 			</p>
 			<p><span class="dashicons dashicons-clipboard"></span> <a href="javascript:;" class="copy-activitypub-bookmarklet-code" style="cursor: copy;"><?php esc_html_e( 'Copy to clipboard', 'activitypub' ); ?></a></p>
 		</div>
@@ -68,6 +68,10 @@
 				<td>in_reply_to</td>
 				<td><?php esc_html_e( 'The URL of the content you want to reply to.', 'activitypub' ); ?></td>
 			</tr>
+			<tr>
+				<td>post_type</td>
+				<td><?php esc_html_e( 'The Post-Type you want to use for replies.', 'activitypub' ); ?></td>
+			</tr>
 		</tbody>
 	</table>
 	<p><?php esc_html_e( 'There might be more query parameters in the future.', 'activitypub' ); ?></p>
diff --git a/templates/welcome.php b/templates/welcome.php
index 7a27f141..71169da9 100644
--- a/templates/welcome.php
+++ b/templates/welcome.php
@@ -27,13 +27,13 @@
 
 		<p>
 			<?php
-			$bookmarklet_url = \Activitypub\get_reply_intent_uri();
+			$bookmarklet_js = \Activitypub\get_reply_intent_js();
 
 			/* translators: %s is the domain of this site */
 			$reply_from_template = __( 'Reply from %s', 'activitypub' );
 			$button              = sprintf(
 				'<a href="%s" class="button">%s</a>',
-				esc_url( $bookmarklet_url ), // Need to escape quotes for the bookmarklet.
+				esc_attr( $bookmarklet_js ), // Need to escape quotes for the bookmarklet.
 				sprintf( $reply_from_template, \wp_parse_url( \home_url(), PHP_URL_HOST ) )
 			);
 			/* translators: %s is where the button HTML will be rendered. */

From 700180e0b82594f7849c0a9206cb7cc2d01a696a Mon Sep 17 00:00:00 2001
From: Matthias Pfefferle <pfefferle@users.noreply.github.com>
Date: Tue, 15 Oct 2024 11:02:09 +0200
Subject: [PATCH 3/4] Only validate POST params and do not fall back (#934)

* Only validate POST params and do not fall back

Do not fall back to GET or other params if they are not available in the post!

thanks @obenland

* move to sever class, because it affects every endpoint
---
 includes/rest/class-server.php | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php
index aac34982..e7cf57b2 100644
--- a/includes/rest/class-server.php
+++ b/includes/rest/class-server.php
@@ -8,6 +8,7 @@
 namespace Activitypub\Rest;
 
 use WP_Error;
+use WP_REST_Server;
 use WP_REST_Response;
 use Activitypub\Signature;
 use Activitypub\Model\Application;
@@ -28,6 +29,7 @@ class Server {
 
 		\add_filter( 'rest_request_before_callbacks', array( self::class, 'validate_activitypub_requests' ), 9, 3 );
 		\add_filter( 'rest_request_before_callbacks', array( self::class, 'authorize_activitypub_requests' ), 10, 3 );
+		\add_filter( 'rest_request_parameter_order', array( self::class, 'request_parameter_order' ), 10, 2 );
 	}
 
 	/**
@@ -181,4 +183,32 @@ class Server {
 
 		return $response;
 	}
+
+	/**
+	 * Modify the parameter priority order for a REST API request.
+	 *
+	 * @param string[]        $order   Array of types to check, in order of priority.
+	 * @param WP_REST_Request $request The request object.
+	 *
+	 * @return string[] The modified order of types to check.
+	 */
+	public static function request_parameter_order( $order, $request ) {
+		$route = $request->get_route();
+
+		// Check if it is an activitypub request and exclude webfinger and nodeinfo endpoints.
+		if ( ! \str_starts_with( $route, '/' . ACTIVITYPUB_REST_NAMESPACE ) ) {
+			return $order;
+		}
+
+		$type = $request->get_method();
+
+		if ( WP_REST_Server::CREATABLE !== $type ) {
+			return $order;
+		}
+
+		return array(
+			'POST',
+			'defaults',
+		);
+	}
 }

From f0d72c9c57099868c65047f023fd9cad45e2a5fc Mon Sep 17 00:00:00 2001
From: Matthias Pfefferle <pfefferle@users.noreply.github.com>
Date: Tue, 15 Oct 2024 11:14:51 +0200
Subject: [PATCH 4/4] install svn

---
 .github/workflows/phpunit.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml
index 9d056164..dc1f257c 100644
--- a/.github/workflows/phpunit.yml
+++ b/.github/workflows/phpunit.yml
@@ -23,6 +23,10 @@ jobs:
           - wp-version: '6.5'
             php-versions: '7.1'
     steps:
+      - name: Install svn
+        run: |
+          sudo apt-get update
+          sudo apt-get install subversion
       - name: Checkout
         uses: actions/checkout@v2