diff --git a/receiver.php b/receiver.php index cd1451e..47ec3dc 100644 --- a/receiver.php +++ b/receiver.php @@ -212,14 +212,14 @@ class WP_Webmention_Again_Receiver extends WP_Webmention_Again { // check if source url is transmitted if ( ! isset( $_POST['source'] ) ) { status_header( 400 ); - echo '"source" is missing'; + echo "no source"; exit; } // check if target url is transmitted if ( ! isset( $_POST['target'] ) ) { status_header( 400 ); - echo '"target" is missing'; + echo "no target"; exit; } @@ -228,13 +228,29 @@ class WP_Webmention_Again_Receiver extends WP_Webmention_Again { if ( false === filter_var( $target, FILTER_VALIDATE_URL ) ) { status_header( 400 ); - echo '"target" is an invalid URL'; + echo "{$target} is an invalid URL"; exit; } if ( false === filter_var( $source, FILTER_VALIDATE_URL ) ) { status_header( 400 ); - echo '"source" is an invalid URL'; + echo "{$source} is an invalid URL"; + exit; + } + + $local = parse_url ( get_bloginfo('url'), PHP_URL_HOST ); + + // walk away if we're not the target + if ( ! stristr( $target, $local ) ) { + status_header( 400 ); + echo "{$target} is pointing to another domain which is not this one"; + exit; + } + + // prevent selfpings + if ( stristr( $source, $local ) && stristr( $target, $local ) ) { + status_header( 400 ); + echo "selfpings are disabled on this domain"; exit; } @@ -242,14 +258,14 @@ class WP_Webmention_Again_Receiver extends WP_Webmention_Again { if (! $post_id || 0 == $post_id ) { status_header( 404 ); - echo '"target" POST not found.'; + echo "can't find target entry for {$target}"; exit; } // check if pings are allowed if ( ! pings_open( $post_id ) ) { status_header( 403 ); - echo 'Pings are disabled for this post'; + echo "pings and webmentions are not accepted for this entry"; exit; } @@ -530,17 +546,93 @@ class WP_Webmention_Again_Receiver extends WP_Webmention_Again { $content = ''; if ( isset( $item['properties']['content'] ) && isset( $item['properties']['content']['html'] ) ) $content = $item['properties']['content']['html']; - if ( isset( $item['properties']['content'] ) && isset( $item['properties']['content']['value'] ) ) + elseif ( isset( $item['properties']['content'] ) && isset( $item['properties']['content']['value'] ) ) $content = $item['properties']['content']['value']; - $c['comment_content'] = wp_filter_kses ( $content ); - // REACJI $emoji = EmojiRecognizer::isSingleEmoji( $content ); if ( $emoji ) $c['comment_type'] = 'reacji'; + $content = apply_filters ( 'wp_webmention_again_comment_content', $content ); + //$c['comment_content'] = wp_filter_kses ( $content ); + //$c['comment_content'] = wp_kses_post ( $content ); + //static::debug( 'before kses: ' . $content ); + + $allowed_tags = apply_filters ( 'wp_webmention_again_kses_allowed_tags', array( + 'a' => array( + 'href' => true, + 'rel' => true, + ), + 'abbr' => array(), + 'acronym' => array(), + 'b' => array(), + 'blockquote' => array(), + 'br' => array(), + 'cite' => array(), + 'code' => array(), + 'del' => array( + 'datetime' => true, + ), + 'dd' => array(), + 'dfn' => array(), + 'dl' => array(), + 'dt' => array(), + 'em' => array(), + 'h1' => array(), + 'h2' => array(), + 'h3' => array(), + 'h4' => array(), + 'h5' => array(), + 'h6' => array(), + 'hr' => array(), + 'i' => array(), + 'img' => array( + 'alt' => true, + 'hspace' => true, + 'longdesc' => true, + 'vspace' => true, + 'src' => true, + ), + 'ins' => array( + 'datetime' => true, + 'cite' => true, + ), + 'li' => array(), + 'p' => array(), + 'pre' => array(), + 'q' => array( + 'cite' => true, + ), + 'strike' => array(), + 'strong' => array(), + 'sub' => array(), + 'sup' => array(), + 'table' => array( + ), + 'td' => array( + 'colspan' => true, + 'rowspan' => true, + ), + 'th' => array( + 'colspan' => true, + 'rowspan' => true, + ), + 'thead' => array(), + 'tbody' => array(), + 'tr' => array(), + 'tt' => array(), + 'u' => array(), + 'ul' => array(), + 'ol' => array( + 'start' => true, + ), + )); + + //static::debug( 'after kses: ' . $content ); + $c['comment_content'] = trim ( wp_kses( $content, $allowed_tags ) ); + // process date if ( isset( $item['properties']['modified'] ) ) $c['comment_date'] = date( "Y-m-d H:i:s", strtotime( $item['properties']['modified'] )); diff --git a/sender.php b/sender.php index 7fde448..ceaa4c3 100644 --- a/sender.php +++ b/sender.php @@ -4,6 +4,7 @@ class WP_Webmention_Again_Sender extends WP_Webmention_Again { // cron handle for processing outgoing const cron = 'webmention_send'; + const pung = '_webmention_pung'; /** * regular cron interval for processing incoming @@ -57,14 +58,14 @@ class WP_Webmention_Again_Sender extends WP_Webmention_Again { add_action( static::cron, array( &$this, 'process' ) ); // register new posts - add_action( 'transition_post_status', array( &$this, 'queue' ), 98, 5 ); + add_action( 'transition_post_status', array( &$this, 'queue_post' ), 98, 5 ); } public function init () { // get_pung is not restrictive enough - add_filter ( 'get_pung', array( &$this, 'get_pung' ) ); + //add_filter ( 'get_pung', array( &$this, 'get_pung' ) ); if ( ! wp_get_schedule( static::cron ) ) wp_schedule_event( time(), static::cron, static::cron ); @@ -91,8 +92,8 @@ class WP_Webmention_Again_Sender extends WP_Webmention_Again { * * @return array a better array of pinged urls * - */ - public function get_pung ( $pung ) { + * + public static function get_pung ( $post ) { foreach ($pung as $k => $e ) $pung[ $k ] = strtolower( $e ); @@ -111,7 +112,7 @@ class WP_Webmention_Again_Sender extends WP_Webmention_Again { * @param string $old_status Previous post status * @param object $post WP Post object */ - public static function queue( $new_status, $old_status, $post ) { + public static function queue_post( $new_status, $old_status, $post ) { if ( ! static::is_post( $post ) ) { static::debug( "Whoops, this is not a post." ); @@ -142,7 +143,21 @@ class WP_Webmention_Again_Sender extends WP_Webmention_Again { $urls[ $k ] = strtolower( $url ); // remove all already pinged urls - $pung = get_pung( $post->ID ); + $pung = get_post_meta( $post->ID, static::pung, false ); + + /* + // retrofill pung from pingback field, temporary + if ( empty ($pung) ) { + $_pung = get_pung ( $post->ID ); + if ( ! empty ($_pung) ) { + $pung = $_pung; + foreach ( $_pung as $url ) { + add_post_meta( $post->ID, static::pung, $url, false ); + } + } + } + */ + $urls = array_diff ( $urls, $pung ); foreach ( $urls as $target ) { @@ -209,8 +224,10 @@ class WP_Webmention_Again_Sender extends WP_Webmention_Again { static::debug( " sending succeeded!" ); $post_types = get_post_types( '', 'names' ); - if ( in_array( $send->object_type, $post_types ) && 0 != $send->object_id ) - add_ping( $send->object_id, $send->target ); + if ( in_array( $send->object_type, $post_types ) && 0 != $send->object_id ) { + add_post_meta ( $send->object_id, static::pung, $send->target, false ); + //add_ping( $send->object_id, $send->target ); + } static::queue_done ( $send->id, $s ); } diff --git a/wp-webmention-again.php b/wp-webmention-again.php index ff52f44..3031470 100644 --- a/wp-webmention-again.php +++ b/wp-webmention-again.php @@ -622,8 +622,8 @@ $WP_Webmention_Again_Receiver = new WP_Webmention_Again_Receiver(); // global send_webmention function if ( ! function_exists( 'send_webmention' ) ) { - function send_webmention( $source, $target ) { - return WP_Webmention_Again_Sender::queue ( 'out', $source, $target ); + function send_webmention( $source, $target, $object = '', $object_id = 0 ) { + return WP_Webmention_Again_Sender::queue_add ( 'out', $source, $target, $object, $object_id ); } }