Federate comments only when the parent post is federated#3374
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR tightens comment federation so newly-created comments are only federated when their parent post is truly federated (stored state is federated and the post is still publicly queryable), preventing leakage of replies on private/local/unsupported content while preserving Update/Delete federation for comments that were already sent.
Changes:
- Added
Activitypub\is_post_federated()to combine stored federation state with live public-queryability checks. - Updated
Comment::should_be_federated()to gate new comments on the parent post being federated (while allowing already-sent comments through). - Added/updated PHPUnit coverage for the new helper and the new comment-federation behavior.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/phpunit/tests/includes/scheduler/class-test-comment.php | Adjusts scheduler tests to ensure the parent post is marked federated for comment scheduling scenarios. |
| tests/phpunit/tests/includes/class-test-functions-post.php | Adds unit tests for is_post_federated() across multiple post visibility/state scenarios. |
| tests/phpunit/tests/includes/class-test-comment.php | Adds regression tests ensuring comments aren’t federated when the parent post was never federated, plus coverage for already-sent comments. |
| includes/functions-post.php | Introduces is_post_federated() helper combining object state and public-queryability. |
| includes/class-comment.php | Updates should_be_federated() to block new comments when the parent post isn’t federated. |
| .github/changelog/fix-comment-federation-parent-state | Adds a security changelog entry describing the tightened comment federation behavior. |
Only federate brand-new comments when the parent post is federated itself. Comments on posts that are not federated (e.g. private posts, posts switched to local visibility, password-protected posts, or non-ActivityPub post types) are no longer added to the outbox, so their content stays within the post type's own read rules. Adds an is_post_federated() helper that combines the stored federation state with is_post_publicly_queryable(), so a stale 'federated' status left behind by a later visibility or status change cannot leak comments, and integration filters and attachment parent visibility are honored. Already-sent comments are allowed through so their Update and Delete activities still federate (keeping remote copies in sync and tearing them down). Adds regression tests for the helper and the blocked and allowed comment cases.
f46c52a to
506e674
Compare
Member
Author
|
Thanks @copilot — both addressed in 506e674:
CI remains green across PHP 7.4 / 8.3 / 8.5. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed changes:
Comments are now federated only when their parent post is federated.
Previously,
Comment::should_be_federated()decided whether to federate a comment based on the comment author alone, without considering the parent post. This change adds a parent-post check so a brand-new comment is federated only when the post it belongs to is itself federated.is_post_federated()inincludes/functions-post.php: a post is federated when its stored federation state isfederatedand it is still publicly queryable (is_post_publicly_queryable()— post type enabled for ActivityPub, public status, not password-protected, allowed content visibility, and respecting theactivitypub_is_post_publicly_queryablefilter).Comment::should_be_federated()now gates brand-new comments onis_post_federated(). Comments that were already sent (was_sent()) are unaffected, so theirUpdateandDeleteactivities continue to federate and keep remote copies in sync.Combining the stored state with the live queryability check means a
federatedstate left over from a later visibility or status change does not cause a comment to be federated.Other information:
Testing instructions:
Createis added to the outbox as before.Update/Deleteactivities after its parent post changes status.npm run env-test -- --filter='Test_Comment|Test_Functions_Post'— all green.Changelog entry
A changelog entry is included in this PR (
.github/changelog/fix-comment-federation-parent-state), so the automatic entry box is left unchecked.