From 6943eee6237d18cf6e98c888749f524484ce7a5b Mon Sep 17 00:00:00 2001
From: Diogo Cordeiro <diogo@fc.up.pt>
Date: Wed, 1 Aug 2018 01:09:34 +0100
Subject: [PATCH 1/4] testing

---
 actions/inbox/Create.php       | 2 +-
 classes/Activitypub_notice.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/actions/inbox/Create.php b/actions/inbox/Create.php
index 0c55bdd..e999130 100755
--- a/actions/inbox/Create.php
+++ b/actions/inbox/Create.php
@@ -144,7 +144,7 @@ ToSelector::fillActivity($this, $act, $options);
 
 $actobj = new ActivityObject();
 $actobj->type = ActivityObject::NOTE;
-$actobj->content = common_render_content($content, $actor_profile, $inReplyTo);
+$actobj->content = $content; //common_render_content($content, $actor_profile, $inReplyTo);
 
 // Finally add the activity object to our activity
 $act->objects[] = $actobj;
diff --git a/classes/Activitypub_notice.php b/classes/Activitypub_notice.php
index f0227e9..7409de5 100755
--- a/classes/Activitypub_notice.php
+++ b/classes/Activitypub_notice.php
@@ -82,7 +82,7 @@ class Activitypub_notice extends Managed_DataObject
             'cc'           => common_local_url('apActorFollowers', ['id' => $profile->getID()]),
             'atomUri'      => $notice->getUrl(),
             'conversation' => $notice->getConversationUrl(),
-            'content'      => $notice->getContent(),
+            'content'      => $notice->getRendered(),
             'isLocal'      => $notice->isLocal(),
             'attachment'   => $attachments,
             'tag'          => $tags

From 42bfb7818461a390176835e3b2a87eaa9cd566ab Mon Sep 17 00:00:00 2001
From: Diogo Cordeiro <diogo@fc.up.pt>
Date: Wed, 1 Aug 2018 01:32:41 +0100
Subject: [PATCH 2/4] No XSS

---
 actions/inbox/Create.php | 2 +-
 actions/inbox/Like.php   | 2 +-
 actions/inbox/Undo.php   | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/actions/inbox/Create.php b/actions/inbox/Create.php
index e999130..592b5cc 100755
--- a/actions/inbox/Create.php
+++ b/actions/inbox/Create.php
@@ -144,7 +144,7 @@ ToSelector::fillActivity($this, $act, $options);
 
 $actobj = new ActivityObject();
 $actobj->type = ActivityObject::NOTE;
-$actobj->content = $content; //common_render_content($content, $actor_profile, $inReplyTo);
+$actobj->content = strip_tags($content,'<p><b><i><u><a><ul><ol><li>');
 
 // Finally add the activity object to our activity
 $act->objects[] = $actobj;
diff --git a/actions/inbox/Like.php b/actions/inbox/Like.php
index 35091e7..94d7d06 100755
--- a/actions/inbox/Like.php
+++ b/actions/inbox/Like.php
@@ -36,7 +36,7 @@ try {
         ActivityPubReturn::error("Invalid Object specified.");
     }
     Fave::addNew($actor_profile, $object_notice);
-    ActivityPubReturn::answer(Activitypub_like::like_to_array($data->actor, $object_notice));
+    ActivityPubReturn::answer(Activitypub_like::like_to_array($data->actor, $data->object));
 } catch (Exception $e) {
     ActivityPubReturn::error($e->getMessage(), 403);
 }
diff --git a/actions/inbox/Undo.php b/actions/inbox/Undo.php
index d42e1bc..05f3973 100755
--- a/actions/inbox/Undo.php
+++ b/actions/inbox/Undo.php
@@ -76,11 +76,11 @@ case "Follow":
                                             Activitypub_accept::accept_to_array(
                                              Activitypub_follow::follow_to_array(
                                                  $actor_profile->getUrl(),
-                                                                                  $object_profile->getUrl()
+                                                 $object_profile->getUrl()
                                              )
                                             )
-                )
-                                          );
+                    )
+            );
         } else {
             ActivityPubReturn::error("You are not following this person already.", 409);
         }

From 69b252b244f911d90255858d042ae886a6e8c3ee Mon Sep 17 00:00:00 2001
From: Diogo Cordeiro <diogo@fc.up.pt>
Date: Wed, 1 Aug 2018 01:50:27 +0100
Subject: [PATCH 3/4] Proper Attentions

---
 actions/inbox/Create.php       | 23 ++---------------------
 classes/Activitypub_notice.php |  8 ++++----
 2 files changed, 6 insertions(+), 25 deletions(-)

diff --git a/actions/inbox/Create.php b/actions/inbox/Create.php
index 592b5cc..a101733 100755
--- a/actions/inbox/Create.php
+++ b/actions/inbox/Create.php
@@ -78,28 +78,9 @@ $act->context->attention = common_get_attentions($content, $actor_profile, $inRe
 
 $discovery = new Activitypub_explorer;
 if ($to_profiles == "https://www.w3.org/ns/activitystreams#Public") {
-    $to_profiles = array();
-}
-// Generate To objects
-if (is_array($data->object->to)) {
-    // Remove duplicates from To actors set
-    array_unique($data->object->to);
-    foreach ($data->object->to as $to_url) {
-        try {
-            $to_profiles = array_merge($to_profiles, $discovery->lookup($to_url));
-        } catch (Exception $e) {
-            // Invalid actor found, just let it go.
-        }
-    }
-} elseif (empty($data->object->to) || in_array($data->object->to, $public_to)) {
-    // No need to do anything else at this point, let's just break out the if
-} else {
-    try {
-        $to_profiles = array_merge($to_profiles, $discovery->lookup($data->object->to));
-    } catch (Exception $e) {
-        // Invalid actor found, just let it go.
-    }
+    $to_profiles = [];
 }
+
 // Generate Cc objects
 if (isset($data->object->cc) && is_array($data->object->cc)) {
     // Remove duplicates from Cc actors set
diff --git a/classes/Activitypub_notice.php b/classes/Activitypub_notice.php
index 7409de5..8df0316 100755
--- a/classes/Activitypub_notice.php
+++ b/classes/Activitypub_notice.php
@@ -62,9 +62,9 @@ class Activitypub_notice extends Managed_DataObject
             }
         }
 
-        $to = [];
+        $cc = [common_local_url('apActorFollowers', ['id' => $profile->getID()])];
         foreach ($notice->getAttentionProfiles() as $to_profile) {
-            $to[]  = $href = $to_profile->getUri();
+            $cc[]  = $href = $to_profile->getUri();
             $tags[] = Activitypub_mention_tag::mention_tag_to_array_from_values($href, $to_profile->getNickname().'@'.parse_url($href, PHP_URL_HOST));
         }
 
@@ -78,8 +78,8 @@ class Activitypub_notice extends Managed_DataObject
             'published'    => str_replace(' ', 'T', $notice->getCreated()).'Z',
             'url'          => $notice->getUrl(),
             'atributtedTo' => ActivityPubPlugin::actor_uri($profile),
-            'to'           => $to,
-            'cc'           => common_local_url('apActorFollowers', ['id' => $profile->getID()]),
+            'to'           => ['https://www.w3.org/ns/activitystreams#Public'],
+            'cc'           => $cc,
             'atomUri'      => $notice->getUrl(),
             'conversation' => $notice->getConversationUrl(),
             'content'      => $notice->getRendered(),

From d76ac3760b9bc9d9fcbbed03c4f33ec67f79d747 Mon Sep 17 00:00:00 2001
From: Diogo Cordeiro <diogo@fc.up.pt>
Date: Wed, 1 Aug 2018 01:58:31 +0100
Subject: [PATCH 4/4] Improve debug messages

---
 ActivityPubPlugin.php | 6 ++++--
 utils/explorer.php    | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ActivityPubPlugin.php b/ActivityPubPlugin.php
index 094fe56..090d09b 100755
--- a/ActivityPubPlugin.php
+++ b/ActivityPubPlugin.php
@@ -99,10 +99,12 @@ class ActivityPubPlugin extends Plugin
                 if ($candidate->getUrl() == $url) { // Sanity check
                     return $candidate;
                 } else {
-                    throw new Exception("Notice not found.");
+                    common_debug ('ActivityPubPlugin Notice Grabber: '.$candidate->getUrl(). ' is different of '.$url);
+                    throw new Exception('Notice not found.');
                 }
             } catch (Exception $e) {
-                throw new Exception("Notice not found.");
+                common_debug ('ActivityPubPlugin Notice Grabber failed to find: '.$url);
+                throw new Exception('Notice not found.');
             }
         }
     }
diff --git a/utils/explorer.php b/utils/explorer.php
index b2be14c..7779497 100755
--- a/utils/explorer.php
+++ b/utils/explorer.php
@@ -101,7 +101,7 @@ class Activitypub_explorer
             $this->temp_res = $res;
             return true;
         } else {
-            common_debug('ActivityPub Explorer: Invalid potential remote actor while ensuring URI: '.$url. '. He returned the following: '.json_encode($res, JSON_PRETTY_PRINT));
+            common_debug('ActivityPub Explorer: Invalid potential remote actor while ensuring URI: '.$url. '. He returned the following: '.json_encode($res, JSON_UNESCAPED_SLASHES));
         }
 
         return false;
@@ -208,7 +208,7 @@ class Activitypub_explorer
             $this->discovered_actor_profiles[]= $this->store_profile($res);
             return true;
         } else {
-            common_debug('ActivityPub Explorer: Invalid potential remote actor while grabbing remotely: '.$url. '. He returned the following: '.json_encode($res, JSON_PRETTY_PRINT));
+            common_debug('ActivityPub Explorer: Invalid potential remote actor while grabbing remotely: '.$url. '. He returned the following: '.json_encode($res, JSON_UNESCAPED_SLASHES));
         }
 
         return false;