From b228da628da51337a28ecb1d5f7416717489496c Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Sun, 21 Mar 2010 15:46:28 -0700 Subject: Accept 'tag' and other non-http id URIs in Ostatus_profile::getActivityObjectProfileURI(). (If there's not a valid ID we fall back to the link, which we do still validate as http/s.) --- plugins/OStatus/classes/Ostatus_profile.php | 36 ++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 11 deletions(-) (limited to 'plugins/OStatus/classes/Ostatus_profile.php') diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index 4ee1a86b4..5595a9d29 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -1140,35 +1140,49 @@ class Ostatus_profile extends Memcached_DataObject /** * @param Activity $activity * @return mixed matching Ostatus_profile or false if none known + * @throws ServerException if feed info invalid */ public static function getActorProfile($activity) { return self::getActivityObjectProfile($activity->actor); } + /** + * @param ActivityObject $activity + * @return mixed matching Ostatus_profile or false if none known + * @throws ServerException if feed info invalid + */ protected static function getActivityObjectProfile($object) { $uri = self::getActivityObjectProfileURI($object); return Ostatus_profile::staticGet('uri', $uri); } - protected static function getActorProfileURI($activity) - { - return self::getActivityObjectProfileURI($activity->actor); - } - /** - * @param Activity $activity + * Get the identifier URI for the remote entity described + * by this ActivityObject. This URI is *not* guaranteed to be + * a resolvable HTTP/HTTPS URL. + * + * @param ActivityObject $object * @return string - * @throws ServerException + * @throws ServerException if feed info invalid */ protected static function getActivityObjectProfileURI($object) { - $opts = array('allowed_schemes' => array('http', 'https')); - if ($object->id && Validate::uri($object->id, $opts)) { - return $object->id; + if ($object->id) { + // Possibly an upstream bug; tag: URIs are rejected unless you + // explicitly ask for them. All other schemes are accepted for + // basic URI validation without asking. + if (Validate::uri($object->id) || + Validate::uri($object->id, array('allowed_scheme' => array('tag')))) { + return $object->id; + } } - if ($object->link && Validate::uri($object->link, $opts)) { + + // If the id is missing or invalid (we've seen feeds mistakenly listing + // things like local usernames in that field) then we'll use the profile + // page link, if valid. + if ($object->link && common_valid_http_url($object->link)) { return $object->link; } throw new ServerException("No author ID URI found"); -- cgit v1.2.3-54-g00ecf From fcb614d0eb1f98bf8704654ed06e1f9d9733d359 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Sun, 21 Mar 2010 16:25:12 -0700 Subject: Pull info as well as when we have an old-style ActivityStreams feed. This fixes subscription setup for Cliqset feeds, which currently have a bogus activity:actor/atom:id but a good atom:author/atom:uri --- lib/activityobject.php | 21 +++++++++++++++++++-- lib/activityutils.php | 22 ++++++++++++++++++++++ plugins/OStatus/classes/Ostatus_profile.php | 6 +----- 3 files changed, 42 insertions(+), 7 deletions(-) (limited to 'plugins/OStatus/classes/Ostatus_profile.php') diff --git a/lib/activityobject.php b/lib/activityobject.php index e5cea727b..0a358ccab 100644 --- a/lib/activityobject.php +++ b/lib/activityobject.php @@ -156,7 +156,11 @@ class ActivityObject { $this->type = self::PERSON; // XXX: is this fair? $this->title = $this->_childContent($element, self::NAME); - $this->id = $this->_childContent($element, self::URI); + + $id = $this->_childContent($element, self::URI); + if (ActivityUtils::validateUri($id)) { + $this->id = $id; + } if (empty($this->id)) { $email = $this->_childContent($element, self::EMAIL); @@ -169,6 +173,15 @@ class ActivityObject private function _fromAtomEntry($element) { + if ($element->localName == 'actor') { + // Old-fashioned ... + // First pull anything from , then we'll add on top. + $author = ActivityUtils::child($element->parentNode, 'author'); + if ($author) { + $this->_fromAuthor($author); + } + } + $this->type = $this->_childContent($element, Activity::OBJECTTYPE, Activity::SPEC); @@ -176,7 +189,11 @@ class ActivityObject $this->type = ActivityObject::NOTE; } - $this->id = $this->_childContent($element, self::ID); + $id = $this->_childContent($element, self::ID); + if (ActivityUtils::validateUri($id)) { + $this->id = $id; + } + $this->summary = ActivityUtils::childHtmlContent($element, self::SUMMARY); $this->content = ActivityUtils::getContent($element); diff --git a/lib/activityutils.php b/lib/activityutils.php index c85a3db55..a7e99fb11 100644 --- a/lib/activityutils.php +++ b/lib/activityutils.php @@ -240,4 +240,26 @@ class ActivityUtils throw new ClientException(_("Can't handle embedded Base64 content yet.")); } } + + /** + * Is this a valid URI for remote profile/notice identification? + * Does not have to be a resolvable URL. + * @param string $uri + * @return boolean + */ + static function validateUri($uri) + { + if (Validate::uri($uri)) { + return true; + } + + // Possibly an upstream bug; tag: URIs aren't validated properly + // unless you explicitly ask for them. All other schemes are accepted + // for basic URI validation without asking. + if (Validate::uri($uri, array('allowed_scheme' => array('tag')))) { + return true; + } + + return false; + } } diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index 5595a9d29..e33509c47 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -1170,11 +1170,7 @@ class Ostatus_profile extends Memcached_DataObject protected static function getActivityObjectProfileURI($object) { if ($object->id) { - // Possibly an upstream bug; tag: URIs are rejected unless you - // explicitly ask for them. All other schemes are accepted for - // basic URI validation without asking. - if (Validate::uri($object->id) || - Validate::uri($object->id, array('allowed_scheme' => array('tag')))) { + if (ActivityUtils::validateUri($object->id)) { return $object->id; } } -- cgit v1.2.3-54-g00ecf From edee1fc09e304616fbce4ad1d1dae6097655c4e7 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 22 Mar 2010 08:17:14 -0400 Subject: ignore unrecognized object types --- plugins/OStatus/classes/Ostatus_profile.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'plugins/OStatus/classes/Ostatus_profile.php') diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index e33509c47..0eb5b8b82 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -442,6 +442,17 @@ class Ostatus_profile extends Memcached_DataObject { $activity = new Activity($entry, $feed); + switch ($activity->object->type) { + case ActivityObject::ARTICLE: + case ActivityObject::BLOGENTRY: + case ActivityObject::NOTE: + case ActivityObject::STATUS: + case ActivityObject::COMMENT: + break; + default: + throw new ClientException("Can't handle that kind of post."); + } + if ($activity->verb == ActivityVerb::POST) { $this->processPost($activity, $source); } else { -- cgit v1.2.3-54-g00ecf