Skip to content

Outbox: Properly handle username requests #1559

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 10, 2025
Merged

Outbox: Properly handle username requests #1559

merged 4 commits into from
Apr 10, 2025

Conversation

@obenland
Copy link
Member

@obenland obenland commented Apr 9, 2025

The Outbox endpoint accepts a string user_id and tests it with Actors:get_by_various(), suggesting that passing a username as the user_id should work. The endpoint however passes the user_id straight to WP_Query, which expects a true, numeric user_id, leading to errors.

Proposed changes:

  • Grabs user_id from the User object to make sure it's a numeric ID.
  • Adds unit test.

Other information:

  • Have you written new tests for your changes, if applicable?

Testing instructions:

  • Call the Outbox URL of an actor on your test and make sure it returns the correct content.

Changelog entry

  • Automatically create a changelog entry from the details below.
Changelog Entry Details

Significance

  • Patch
  • Minor
  • Major

Type

  • Added - for new features
  • Changed - for changes in existing functionality
  • Deprecated - for soon-to-be removed features
  • Removed - for now removed features
  • Fixed - for any bug fixes
  • Security - in case of vulnerabilities

Message

Outbox endpoint bug where non-numeric usernames caused errors when querying Outbox data.

@obenland obenland requested a review from pfefferle April 9, 2025 19:48
@obenland obenland self-assigned this Apr 9, 2025
@obenland obenland merged commit afb8fe5 into trunk Apr 10, 2025
11 checks passed
@obenland obenland deleted the fix/outbox-error branch April 10, 2025 12:23
jsit added a commit to jsit/wordpress-activitypub that referenced this pull request Nov 1, 2025
@jsit
Merge tag '5.7.0' into fix/nicename
fd1508e 
* tag '5.7.0': (29 commits)
  Release 5.7.0 (Automattic#1574)
  Fix: Show error if site uses "Almost Pretty Permalink" structure (Automattic#1570)
  Admin: Add padding to extra fields nav links (Automattic#1569)
  Signature: Add compat for more key encodings (Automattic#1557)
  Reply block: Improve fallback embed (Automattic#1560)
  Add label for "Health Check" and "REST API" (Automattic#1571)
  change changelog items (Automattic#1572)
  Transformers: Allow setting properties to false. (Automattic#1567)
  Upgrades: Delete orphaned extra fields (Automattic#1566)
  Fix: Missing Actor in Outbox-Activities (Automattic#1564)
  Outbox: Properly handle username requests (Automattic#1559)
  Import: Load on admin_init (Automattic#1561)
  Move: support same-server domain migrations (Automattic#1530)
  Follow Me: add a button-only mode (Automattic#1133)
  Tests: Convert timestamp to int for comparison (Automattic#1556)
  Reply: Make Mastodon embeds work (Automattic#1555)
  Add: `Vary` header settings (Automattic#1552)
  Actors: Don't convert non-numeric strings to Blog user id (Automattic#1554)
  Add: Shared Inbox setting (Automattic#1553)
  Add: New Health checks (Automattic#1524)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pfefferle pfefferle pfefferle approved these changes

Assignees

@obenland obenland

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@obenland @pfefferle @matticbot