summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/activityobject.php21
-rw-r--r--lib/activityutils.php22
2 files changed, 41 insertions, 2 deletions
diff --git a/lib/activityobject.php b/lib/activityobject.php
index e5cea727b..0a358ccab 100644
--- a/lib/activityobject.php
+++ b/lib/activityobject.php
@@ -156,7 +156,11 @@ class ActivityObject
{
$this->type = self::PERSON; // XXX: is this fair?
$this->title = $this->_childContent($element, self::NAME);
- $this->id = $this->_childContent($element, self::URI);
+
+ $id = $this->_childContent($element, self::URI);
+ if (ActivityUtils::validateUri($id)) {
+ $this->id = $id;
+ }
if (empty($this->id)) {
$email = $this->_childContent($element, self::EMAIL);
@@ -169,6 +173,15 @@ class ActivityObject
private function _fromAtomEntry($element)
{
+ if ($element->localName == 'actor') {
+ // Old-fashioned <activity:actor>...
+ // First pull anything from <author>, then we'll add on top.
+ $author = ActivityUtils::child($element->parentNode, 'author');
+ if ($author) {
+ $this->_fromAuthor($author);
+ }
+ }
+
$this->type = $this->_childContent($element, Activity::OBJECTTYPE,
Activity::SPEC);
@@ -176,7 +189,11 @@ class ActivityObject
$this->type = ActivityObject::NOTE;
}
- $this->id = $this->_childContent($element, self::ID);
+ $id = $this->_childContent($element, self::ID);
+ if (ActivityUtils::validateUri($id)) {
+ $this->id = $id;
+ }
+
$this->summary = ActivityUtils::childHtmlContent($element, self::SUMMARY);
$this->content = ActivityUtils::getContent($element);
diff --git a/lib/activityutils.php b/lib/activityutils.php
index c85a3db55..a7e99fb11 100644
--- a/lib/activityutils.php
+++ b/lib/activityutils.php
@@ -240,4 +240,26 @@ class ActivityUtils
throw new ClientException(_("Can't handle embedded Base64 content yet."));
}
}
+
+ /**
+ * Is this a valid URI for remote profile/notice identification?
+ * Does not have to be a resolvable URL.
+ * @param string $uri
+ * @return boolean
+ */
+ static function validateUri($uri)
+ {
+ if (Validate::uri($uri)) {
+ return true;
+ }
+
+ // Possibly an upstream bug; tag: URIs aren't validated properly
+ // unless you explicitly ask for them. All other schemes are accepted
+ // for basic URI validation without asking.
+ if (Validate::uri($uri, array('allowed_scheme' => array('tag')))) {
+ return true;
+ }
+
+ return false;
+ }
}