modified file w3-total-cache

wp-content/upgrade-temp-backup/plugins/activitypub/includes/collection/class-followers.php

@@ -182,7 +182,7 @@ class Followers {
 		$query = new WP_Query( $args );
 		$total = $query->found_posts;
 		$followers = array_map(
-			function( $post ) {
+			function ( $post ) {
 				return Follower::init_from_cpt( $post );
 			},
 			$query->get_posts()

wp-content/upgrade-temp-backup/plugins/activitypub/includes/collection/class-interactions.php

@@ -31,12 +31,13 @@ class Interactions {
 			return false;
 		}
 
-		$in_reply_to     = \esc_url_raw( $activity['object']['inReplyTo'] );
-		$comment_post_id = \url_to_postid( $in_reply_to );
-		$parent_comment  = object_id_to_comment( $in_reply_to );
+		$in_reply_to        = \esc_url_raw( $activity['object']['inReplyTo'] );
+		$comment_post_id    = \url_to_postid( $in_reply_to );
+		$parent_comment_id  = url_to_commentid( $in_reply_to );
 
 		// save only replys and reactions
-		if ( ! $comment_post_id && $parent_comment ) {
+		if ( ! $comment_post_id && $parent_comment_id ) {
+			$parent_comment  = get_comment( $parent_comment_id );
 			$comment_post_id = $parent_comment->comment_post_ID;
 		}
 
@@ -53,15 +54,14 @@ class Interactions {
 
 		$commentdata = array(
 			'comment_post_ID' => $comment_post_id,
-			'comment_author' => \esc_attr( $meta['name'] ),
+			'comment_author' => isset( $meta['name'] ) ? \esc_attr( $meta['name'] ) : \esc_attr( $meta['preferredUsername'] ),
 			'comment_author_url' => \esc_url_raw( $meta['url'] ),
 			'comment_content' => \addslashes( $activity['object']['content'] ),
 			'comment_type' => 'comment',
 			'comment_author_email' => '',
-			'comment_parent' => $parent_comment ? $parent_comment->comment_ID : 0,
+			'comment_parent' => $parent_comment_id ? $parent_comment_id : 0,
 			'comment_meta' => array(
 				'source_id'  => \esc_url_raw( $activity['object']['id'] ),
-				'source_url' => \esc_url_raw( $activity['object']['url'] ),
 				'protocol'   => 'activitypub',
 			),
 		);
@@ -70,6 +70,10 @@ class Interactions {
 			$commentdata['comment_meta']['avatar_url'] = \esc_url_raw( $meta['icon']['url'] );
 		}
 
+		if ( isset( $activity['object']['url'] ) ) {
+			$commentdata['comment_meta']['source_url'] = \esc_url_raw( $activity['object']['url'] );
+		}
+
 		// disable flood control
 		\remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 );
 		// do not require email for AP entries
@@ -77,7 +81,7 @@ class Interactions {
 		// No nonce possible for this submission route
 		\add_filter(
 			'akismet_comment_nonce',
-			function() {
+			function () {
 				return 'inactive';
 			}
 		);
@@ -98,20 +102,20 @@ class Interactions {
 	 *
 	 * @param array $activity The activity-object
 	 *
-	 * @return array|false The commentdata or false on failure
+	 * @return array|string|int|\WP_Error|false The commentdata or false on failure
 	 */
 	public static function update_comment( $activity ) {
 		$meta = get_remote_metadata_by_actor( $activity['actor'] );
 
 		//Determine comment_ID
-		$object_comment_id = url_to_commentid( \esc_url_raw( $activity['object']['id'] ) );
+		$comment     = object_id_to_comment( \esc_url_raw( $activity['object']['id'] ) );
+		$commentdata = \get_comment( $comment, ARRAY_A );
 
-		if ( ! $object_comment_id ) {
+		if ( ! $commentdata ) {
 			return false;
 		}
 
 		//found a local comment id
-		$commentdata = \get_comment( $object_comment_id, ARRAY_A );
 		$commentdata['comment_author'] = \esc_attr( $meta['name'] ? $meta['name'] : $meta['preferredUsername'] );
 		$commentdata['comment_content'] = \addslashes( $activity['object']['content'] );
 		if ( isset( $meta['icon']['url'] ) ) {
@@ -125,20 +129,24 @@ class Interactions {
 		// No nonce possible for this submission route
 		\add_filter(
 			'akismet_comment_nonce',
-			function() {
+			function () {
 				return 'inactive';
 			}
 		);
 		\add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 );
 
-		$comment = \wp_update_comment( $commentdata, true );
+		$state = \wp_update_comment( $commentdata, true );
 
 		\remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10 );
 		\remove_filter( 'pre_option_require_name_email', '__return_false' );
 		// re-add flood control
 		\add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 );
 
-		return $comment;
+		if ( 1 === $state ) {
+			return $commentdata;
+		} else {
+			return $state; // Either `false` or a `WP_Error` instance or `0` or `1`!
+		}
 	}
 
 	/**

wp-content/upgrade-temp-backup/plugins/activitypub/includes/collection/class-users.php

@@ -7,6 +7,7 @@ use Activitypub\Model\User;
 use Activitypub\Model\Blog_User;
 use Activitypub\Model\Application_User;
 
+use function Activitypub\url_to_authorid;
 use function Activitypub\is_user_disabled;
 
 class Users {
@@ -103,6 +104,8 @@ class Users {
 			return self::get_by_id( $user->results[0] );
 		}
 
+		$username = str_replace( array( '*', '%' ), '', $username );
+
 		// check for login or nicename.
 		$user = new WP_User_Query(
 			array(
@@ -133,29 +136,79 @@ class Users {
 	 * @return \Acitvitypub\Model\User The User.
 	 */
 	public static function get_by_resource( $resource ) {
-		if ( \strpos( $resource, '@' ) === false ) {
-			return new WP_Error(
-				'activitypub_unsupported_resource',
-				\__( 'Resource is invalid', 'activitypub' ),
-				array( 'status' => 400 )
-			);
+		$scheme = 'acct';
+		$match = array();
+		// try to extract the scheme and the host
+		if ( preg_match( '/^([a-zA-Z^:]+):(.*)$/i', $resource, $match ) ) {
+			// extract the scheme
+			$scheme = esc_attr( $match[1] );
 		}
 
-		$resource = \str_replace( 'acct:', '', $resource );
+		switch ( $scheme ) {
+			// check for http(s) URIs
+			case 'http':
+			case 'https':
+				$url_parts = wp_parse_url( $resource );
 
-		$resource_identifier = \substr( $resource, 0, \strrpos( $resource, '@' ) );
-		$resource_host = self::normalize_host( \substr( \strrchr( $resource, '@' ), 1 ) );
-		$blog_host = self::normalize_host( \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) );
+				// check for http(s)://blog.example.com/@username
+				if (
+					isset( $url_parts['path'] ) &&
+					str_starts_with( $url_parts['path'], '/@' )
+				) {
+					$identifier = str_replace( '/@', '', $url_parts['path'] );
+					$identifier = untrailingslashit( $identifier );
 
-		if ( $blog_host !== $resource_host ) {
-			return new WP_Error(
-				'activitypub_wrong_host',
-				\__( 'Resource host does not match blog host', 'activitypub' ),
-				array( 'status' => 404 )
-			);
+					return self::get_by_username( $identifier );
+				}
+
+				// check for http(s)://blog.example.com/author/username
+				$user_id = url_to_authorid( $resource );
+
+				if ( $user_id ) {
+					return self::get_by_id( $user_id );
+				}
+
+				// check for http(s)://blog.example.com/
+				if (
+					self::normalize_url( site_url() ) === self::normalize_url( $resource ) ||
+					self::normalize_url( home_url() ) === self::normalize_url( $resource )
+				) {
+					return self::get_by_id( self::BLOG_USER_ID );
+				}
+
+				return new WP_Error(
+					'activitypub_no_user_found',
+					\__( 'User not found', 'activitypub' ),
+					array( 'status' => 404 )
+				);
+			// check for acct URIs
+			case 'acct':
+				$resource   = \str_replace( 'acct:', '', $resource );
+				$identifier = \substr( $resource, 0, \strrpos( $resource, '@' ) );
+				$host       = self::normalize_host( \substr( \strrchr( $resource, '@' ), 1 ) );
+				$blog_host  = self::normalize_host( \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) );
+
+				if ( $blog_host !== $host ) {
+					return new WP_Error(
+						'activitypub_wrong_host',
+						\__( 'Resource host does not match blog host', 'activitypub' ),
+						array( 'status' => 404 )
+					);
+				}
+
+				// prepare wildcards https://github.com/mastodon/mastodon/issues/22213
+				if ( in_array( $identifier, array( '_', '*', '' ), true ) ) {
+					return self::get_by_id( self::BLOG_USER_ID );
+				}
+
+				return self::get_by_username( $identifier );
+			default:
+				return new WP_Error(
+					'activitypub_wrong_scheme',
+					\__( 'Wrong scheme', 'activitypub' ),
+					array( 'status' => 404 )
+				);
 		}
-
-		return self::get_by_username( $resource_identifier );
 	}
 
 	/**
@@ -168,7 +221,12 @@ class Users {
 	public static function get_by_various( $id ) {
 		if ( is_numeric( $id ) ) {
 			return self::get_by_id( $id );
-		} elseif ( filter_var( $id, FILTER_VALIDATE_URL ) ) {
+		} elseif (
+			// is URL
+			filter_var( $id, FILTER_VALIDATE_URL ) ||
+			// is acct
+			str_starts_with( $id, 'acct:' )
+		) {
 			return self::get_by_resource( $id );
 		} else {
 			return self::get_by_username( $id );
@@ -176,7 +234,7 @@ class Users {
 	}
 
 	/**
-	 * Normalize the host.
+	 * Normalize a host.
 	 *
 	 * @param string $host The host.
 	 *
@@ -186,6 +244,22 @@ class Users {
 		return \str_replace( 'www.', '', $host );
 	}
 
+	/**
+	 * Normalize a URL.
+	 *
+	 * @param string $url The URL.
+	 *
+	 * @return string The normalized URL.
+	 */
+	public static function normalize_url( $url ) {
+		$url = \untrailingslashit( $url );
+		$url = \str_replace( 'https://', '', $url );
+		$url = \str_replace( 'http://', '', $url );
+		$url = \str_replace( 'www.', '', $url );
+
+		return $url;
+	}
+
 	/**
 	 * Get the User collection.
 	 *