Skip to content

Commit 11e098c

Browse files
pfefferlepfefferle
committed
Improve Undo handler object validation and defaults
Adds a default value for the 'type' field in handle_undo to prevent undefined index errors. Updates object attribute validation to only check required fields if 'object' is an array, allowing string/URI objects. Adds a test case to ensure URI objects pass validation.
1 parent f90bdb0 commit 11e098c

File tree

2 files changed

+22
-13
lines changed

2 files changed

+22
-13
lines changed

includes/handler/class-undo.php

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ public static function init() {
3333
* @param int|null $user_id The ID of the user who initiated the "Undo" activity.
3434
*/
3535
public static function handle_undo( $activity, $user_id ) {
36-
$type = $activity['object']['type'];
36+
$type = $activity['object']['type'] ?? 'Announce';
3737
$success = false;
3838
$result = null;
3939

@@ -48,10 +48,7 @@ public static function handle_undo( $activity, $user_id ) {
4848
$success = Followers::remove( $post, $user_id );
4949
}
5050
}
51-
}
52-
53-
// Handle "Undo" requests for "Like" and "Create" activities.
54-
if ( in_array( $type, array( 'Like', 'Create', 'Announce' ), true ) ) {
51+
} if ( in_array( $type, array( 'Like', 'Create', 'Announce' ), true ) ) { // Handle "Undo" requests for "Like" and "Create" activities.
5552
if ( ! ACTIVITYPUB_DISABLE_INCOMING_INTERACTIONS ) {
5653
$object_id = object_to_uri( $activity['object'] );
5754
$result = Comment::object_id_to_comment( esc_url_raw( $object_id ) );
@@ -107,15 +104,17 @@ public static function validate_object( $valid, $param, $request ) {
107104
return false;
108105
}
109106

110-
$required_object_attributes = array(
111-
'id',
112-
'type',
113-
'actor',
114-
'object',
115-
);
107+
if ( \is_array( $json_params['object'] ) ) {
108+
$required_object_attributes = array(
109+
'id',
110+
'type',
111+
'actor',
112+
'object',
113+
);
116114

117-
if ( ! empty( \array_diff( $required_object_attributes, \array_keys( $json_params['object'] ) ) ) ) {
118-
return false;
115+
if ( ! empty( \array_diff( $required_object_attributes, \array_keys( $json_params['object'] ) ) ) ) {
116+
return false;
117+
}
119118
}
120119

121120
return $valid;

tests/includes/handler/class-test-undo.php

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -452,6 +452,16 @@ public function validate_object_provider() {
452452
false,
453453
'Missing object.object should fail validation',
454454
),
455+
'uri_object' => array(
456+
array(
457+
'type' => 'Undo',
458+
'actor' => 'https://example.com/actor',
459+
'object' => 'https://example.com/activity/123',
460+
),
461+
true,
462+
true,
463+
'URI object should pass validation',
464+
),
455465
);
456466
}
457467

0 commit comments

Comments
 (0)