M receiver.php → receiver.php

@@ -212,14 +212,14 @@
 		// check if source url is transmitted
 		if ( ! isset( $_POST['source'] ) ) {
 			status_header( 400 );
-			echo '"source" is missing';
+			echo "no source";
 			exit;
 		}
 
 		// check if target url is transmitted
 		if ( ! isset( $_POST['target'] ) ) {
 			status_header( 400 );
-			echo '"target" is missing';
+			echo "no target";
 			exit;
 		}
 
@@ -228,13 +228,29 @@ $source = filter_var( $_POST['source'], FILTER_SANITIZE_URL );
 
 		if ( false === filter_var( $target, FILTER_VALIDATE_URL ) ) {
 			status_header( 400 );
-			echo '"target" is an invalid URL';
+			echo "{$target} is an invalid URL";
 			exit;
 		}
 
 		if ( false === filter_var( $source, FILTER_VALIDATE_URL ) ) {
 			status_header( 400 );
-			echo '"source" is an invalid URL';
+			echo "{$source} is an invalid URL";
+			exit;
+		}
+
+		$local = parse_url ( get_bloginfo('url'), PHP_URL_HOST );
+
+		// walk away if we're not the target
+		if ( ! stristr( $target, $local ) ) {
+			status_header( 400 );
+			echo "{$target} is pointing to another domain which is not this one";
+			exit;
+		}
+
+		// prevent selfpings
+		if ( stristr( $source, $local ) && stristr( $target, $local ) ) {
+			status_header( 400 );
+			echo "selfpings are disabled on this domain";
 			exit;
 		}
 
@@ -242,14 +258,14 @@ $post_id = static::validate_local( $target );
 
 		if (! $post_id || 0 == $post_id ) {
 			status_header( 404 );
-			echo '"target" POST not found.';
+			echo "can't find target entry for {$target}";
 			exit;
 		}
 
 		// check if pings are allowed
 		if ( ! pings_open( $post_id ) ) {
 			status_header( 403 );
-			echo 'Pings are disabled for this post';
+			echo "pings and webmentions are not accepted for this entry";
 			exit;
 		}
 
@@ -530,16 +546,92 @@ //process content
 		$content = '';
 		if ( isset( $item['properties']['content'] ) && isset( $item['properties']['content']['html'] ) )
 			$content = $item['properties']['content']['html'];
-		if ( isset( $item['properties']['content'] ) && isset( $item['properties']['content']['value'] ) )
+		elseif ( isset( $item['properties']['content'] ) && isset( $item['properties']['content']['value'] ) )
 			$content = $item['properties']['content']['value'];
-
-		$c['comment_content'] = wp_filter_kses ( $content );
 
 		// REACJI
 		$emoji = EmojiRecognizer::isSingleEmoji( $content );
 
 		if ( $emoji )
 			$c['comment_type'] = 'reacji';
+
+		$content = apply_filters ( 'wp_webmention_again_comment_content', $content );
+		//$c['comment_content'] = wp_filter_kses ( $content );
+		//$c['comment_content'] = wp_kses_post ( $content );
+		//static::debug( 'before kses: ' . $content );
+
+		$allowed_tags = apply_filters ( 'wp_webmention_again_kses_allowed_tags', array(
+				'a' => array(
+					'href' => true,
+					'rel' => true,
+				),
+				'abbr' => array(),
+				'acronym' => array(),
+				'b' => array(),
+				'blockquote' => array(),
+				'br' => array(),
+				'cite' => array(),
+				'code' => array(),
+				'del' => array(
+					'datetime' => true,
+				),
+				'dd' => array(),
+				'dfn' => array(),
+				'dl' => array(),
+				'dt' => array(),
+				'em' => array(),
+				'h1' => array(),
+				'h2' => array(),
+				'h3' => array(),
+				'h4' => array(),
+				'h5' => array(),
+				'h6' => array(),
+				'hr' => array(),
+				'i' => array(),
+				'img' => array(
+						'alt' => true,
+						'hspace' => true,
+						'longdesc' => true,
+						'vspace' => true,
+						'src' => true,
+				),
+				'ins' => array(
+						'datetime' => true,
+						'cite' => true,
+				),
+				'li' => array(),
+				'p' => array(),
+				'pre' => array(),
+				'q' => array(
+						'cite' => true,
+				),
+				'strike' => array(),
+				'strong' => array(),
+				'sub' => array(),
+				'sup' => array(),
+				'table' => array(
+				),
+				'td' => array(
+					'colspan' => true,
+					'rowspan' => true,
+				),
+				'th' => array(
+					'colspan' => true,
+					'rowspan' => true,
+				),
+				'thead' => array(),
+				'tbody' => array(),
+				'tr' => array(),
+				'tt' => array(),
+				'u' => array(),
+				'ul' => array(),
+				'ol' => array(
+					'start' => true,
+				),
+		));
+
+		//static::debug( 'after kses: ' . $content );
+		$c['comment_content'] = trim ( wp_kses( $content, $allowed_tags ) );
 
 		// process date
 		if ( isset( $item['properties']['modified'] ) )

M sender.php → sender.php

@@ -4,6 +4,7 @@ class WP_Webmention_Again_Sender extends WP_Webmention_Again {
 
 	// cron handle for processing outgoing
 	const cron = 'webmention_send';
+	const pung = '_webmention_pung';
 
 	/**
 	 * regular cron interval for processing incoming
@@ -57,14 +58,14 @@ // register the action for processing received
 		add_action( static::cron, array( &$this, 'process' ) );
 
 		// register new posts
-		add_action( 'transition_post_status', array( &$this, 'queue' ), 98, 5 );
+		add_action( 'transition_post_status', array( &$this, 'queue_post' ), 98, 5 );
 
 	}
 
 	public function init () {
 
 		// get_pung is not restrictive enough
-		add_filter ( 'get_pung', array( &$this, 'get_pung' ) );
+		//add_filter ( 'get_pung', array( &$this, 'get_pung' ) );
 
 		if ( ! wp_get_schedule( static::cron ) )
 			wp_schedule_event( time(), static::cron, static::cron );
@@ -91,8 +92,8 @@ * @param array $pung array of pinged urls
 	 *
 	 * @return array a better array of pinged urls
 	 *
-	 */
-	public function get_pung ( $pung ) {
+	 *
+	public static function get_pung ( $post ) {
 
 		foreach ($pung as $k => $e )
 			$pung[ $k ] = strtolower( $e );
@@ -111,7 +112,7 @@ * @param string $new_status New post status
 	 * @param string $old_status Previous post status
 	 * @param object $post WP Post object
 	 */
-	public static function queue( $new_status, $old_status, $post ) {
+	public static function queue_post( $new_status, $old_status, $post ) {
 
 		if ( ! static::is_post( $post ) ) {
 			static::debug( "Whoops, this is not a post." );
@@ -142,7 +143,21 @@ foreach ( $urls as $k => $url )
 			$urls[ $k ] = strtolower( $url );
 
 		// remove all already pinged urls
-		$pung = get_pung( $post->ID );
+		$pung = get_post_meta( $post->ID, static::pung, false );
+
+		/*
+		// retrofill pung from pingback field, temporary
+		if ( empty ($pung) ) {
+			$_pung = get_pung ( $post->ID );
+			if ( ! empty ($_pung) ) {
+				$pung = $_pung;
+				foreach ( $_pung as $url ) {
+					add_post_meta( $post->ID, static::pung, $url, false );
+				}
+			}
+		}
+		*/
+
 		$urls = array_diff ( $urls, $pung );
 
 		foreach ( $urls as $target ) {
@@ -209,8 +224,10 @@ else {
 				static::debug( "  sending succeeded!" );
 
 				$post_types = get_post_types( '', 'names' );
-				if ( in_array( $send->object_type, $post_types ) && 0 != $send->object_id )
-					add_ping( $send->object_id, $send->target );
+				if ( in_array( $send->object_type, $post_types ) && 0 != $send->object_id ) {
+					add_post_meta ( $send->object_id, static::pung, $send->target, false );
+					//add_ping( $send->object_id, $send->target );
+				}
 
 				static::queue_done ( $send->id, $s );
 			}

M wp-webmention-again.php → wp-webmention-again.php

@@ -622,8 +622,8 @@
 
 // global send_webmention function
 if ( ! function_exists( 'send_webmention' ) ) {
-	function send_webmention( $source, $target ) {
-		return WP_Webmention_Again_Sender::queue ( 'out', $source, $target );
+	function send_webmention( $source, $target, $object = '', $object_id = 0 ) {
+		return WP_Webmention_Again_Sender::queue_add ( 'out', $source, $target, $object, $object_id );
 	}
 }