From b8b683b44e0e08d0904d4e8dd58a89b70d8f0b07 Mon Sep 17 00:00:00 2001 From: Greg Ross Date: Mon, 8 Jan 2024 18:17:38 -0500 Subject: [PATCH 1/2] Fix post search Search uses tokens for authentication so check to see if we have a current token in addition to a logged in user. Cleanup the parameter passing to $this->get_posts() as well as otherwise some values can be set to null which break wp_getposts() in some circumstances. --- includes/class-mastodon-api.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/includes/class-mastodon-api.php b/includes/class-mastodon-api.php index 831b6133..0c38e54f 100644 --- a/includes/class-mastodon-api.php +++ b/includes/class-mastodon-api.php @@ -1574,10 +1574,16 @@ public function api_search( $request ) { ); } } - } elseif ( is_user_logged_in() ) { - $args['s'] = $request->get_param( 'q' ); - $args['offset'] = $request->get_param( 'offset' ); - $args['posts_per_page'] = $request->get_param( 'limit' ); + } elseif ( is_user_logged_in() || $this->oauth->get_token() ) { + $q_param = $request->get_param( 'q' ); + if( $q_param != null ) { $args['s'] = $q_param; } + + $offset_param = $request->get_param( 'offset' ); + if( $offset_param != null ) { $args['offset'] = $offset_param; } + + $ppp_param = $request->get_param( 'limit' ); + if( $ppp_param != null ) { $args['posts_per_page'] = $ppp_param; } + $ret['statuses'] = array_merge( $ret['statuses'], $this->get_posts( $args ) ); } } From bb08445751e5513e21e94d222dbfabc14c83eff9 Mon Sep 17 00:00:00 2001 From: Greg Ross Date: Wed, 10 Jan 2024 20:20:57 -0500 Subject: [PATCH 2/2] Use logged in permissions instead of token And remove the toke permission as it is no longer used. --- includes/class-mastodon-api.php | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/includes/class-mastodon-api.php b/includes/class-mastodon-api.php index 0c38e54f..b113dd7e 100644 --- a/includes/class-mastodon-api.php +++ b/includes/class-mastodon-api.php @@ -598,7 +598,7 @@ public function add_rest_routes() { array( 'methods' => array( 'GET', 'OPTIONS' ), 'callback' => array( $this, 'api_search' ), - 'permission_callback' => array( $this, 'have_token_permission' ), + 'permission_callback' => array( $this, 'logged_in_permission' ), ) ); @@ -774,18 +774,6 @@ public function logged_in_permission( $request ) { return is_user_logged_in(); } - public function have_token_permission( $request ) { - $this->allow_cors(); - $token = $this->oauth->get_token(); - if ( ! $token ) { - return is_user_logged_in(); - } - OAuth2\AccessTokenStorage::was_used( $token['access_token'] ); - $this->app = Mastodon_App::get_by_client_id( $token['client_id'] ); - $this->app->was_used( $request ); - return true; - } - public function logged_in_for_private_permission( $request ) { $post_id = $request->get_param( 'post_id' ); if ( ! $post_id ) { @@ -1574,15 +1562,21 @@ public function api_search( $request ) { ); } } - } elseif ( is_user_logged_in() || $this->oauth->get_token() ) { + } elseif ( is_user_logged_in() ) { $q_param = $request->get_param( 'q' ); - if( $q_param != null ) { $args['s'] = $q_param; } + if ( null !== $q_param ) { + $args['s'] = $q_param; + } $offset_param = $request->get_param( 'offset' ); - if( $offset_param != null ) { $args['offset'] = $offset_param; } + if ( null !== $offset_param ) { + $args['offset'] = $offset_param; + } $ppp_param = $request->get_param( 'limit' ); - if( $ppp_param != null ) { $args['posts_per_page'] = $ppp_param; } + if ( null !== $ppp_param ) { + $args['posts_per_page'] = $ppp_param; + } $ret['statuses'] = array_merge( $ret['statuses'], $this->get_posts( $args ) ); }