Skip to content

Federate comments only when the parent post is federated#3374

Merged
pfefferle merged 1 commit into
trunkfrom
fix/comment-federation-parent-state
Jun 8, 2026
Merged

Federate comments only when the parent post is federated#3374
pfefferle merged 1 commit into
trunkfrom
fix/comment-federation-parent-state

Conversation

@pfefferle

Copy link
Copy Markdown
Member

Proposed changes:

Comments are now federated only when their parent post is federated.

Previously, Comment::should_be_federated() decided whether to federate a comment based on the comment author alone, without considering the parent post. This change adds a parent-post check so a brand-new comment is federated only when the post it belongs to is itself federated.

  • Adds is_post_federated() in includes/functions-post.php: a post is federated when its stored federation state is federated and it is still publicly queryable (is_post_publicly_queryable() — post type enabled for ActivityPub, public status, not password-protected, allowed content visibility, and respecting the activitypub_is_post_publicly_queryable filter).
  • Comment::should_be_federated() now gates brand-new comments on is_post_federated(). Comments that were already sent (was_sent()) are unaffected, so their Update and Delete activities continue to federate and keep remote copies in sync.

Combining the stored state with the live queryability check means a federated state left over from a later visibility or status change does not cause a comment to be federated.

Other information:

  • Have you written new tests for your changes, if applicable?

Testing instructions:

  • Create a post that is federated, add an approved comment from an ActivityPub-enabled user, and confirm a Create is added to the outbox as before.
  • Set a post to a private status (or local content visibility), add an approved comment from an ActivityPub-enabled user, and confirm no comment activity is added to the outbox.
  • Confirm an already-federated comment still produces Update/Delete activities after its parent post changes status.
  • npm run env-test -- --filter='Test_Comment|Test_Functions_Post' — all green.

Changelog entry

A changelog entry is included in this PR (.github/changelog/fix-comment-federation-parent-state), so the automatic entry box is left unchecked.

Copilot AI review requested due to automatic review settings June 8, 2026 07:51
@pfefferle pfefferle self-assigned this Jun 8, 2026
@pfefferle pfefferle requested a review from a team June 8, 2026 07:51

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens comment federation so newly-created comments are only federated when their parent post is truly federated (stored state is federated and the post is still publicly queryable), preventing leakage of replies on private/local/unsupported content while preserving Update/Delete federation for comments that were already sent.

Changes:

  • Added Activitypub\is_post_federated() to combine stored federation state with live public-queryability checks.
  • Updated Comment::should_be_federated() to gate new comments on the parent post being federated (while allowing already-sent comments through).
  • Added/updated PHPUnit coverage for the new helper and the new comment-federation behavior.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
tests/phpunit/tests/includes/scheduler/class-test-comment.php Adjusts scheduler tests to ensure the parent post is marked federated for comment scheduling scenarios.
tests/phpunit/tests/includes/class-test-functions-post.php Adds unit tests for is_post_federated() across multiple post visibility/state scenarios.
tests/phpunit/tests/includes/class-test-comment.php Adds regression tests ensuring comments aren’t federated when the parent post was never federated, plus coverage for already-sent comments.
includes/functions-post.php Introduces is_post_federated() helper combining object state and public-queryability.
includes/class-comment.php Updates should_be_federated() to block new comments when the parent post isn’t federated.
.github/changelog/fix-comment-federation-parent-state Adds a security changelog entry describing the tightened comment federation behavior.

Comment thread tests/phpunit/tests/includes/scheduler/class-test-comment.php Outdated
Comment thread tests/phpunit/tests/includes/class-test-functions-post.php Outdated
Only federate brand-new comments when the parent post is federated itself.
Comments on posts that are not federated (e.g. private posts, posts switched
to local visibility, password-protected posts, or non-ActivityPub post types)
are no longer added to the outbox, so their content stays within the post
type's own read rules.

Adds an is_post_federated() helper that combines the stored federation state
with is_post_publicly_queryable(), so a stale 'federated' status left behind by
a later visibility or status change cannot leak comments, and integration
filters and attachment parent visibility are honored.

Already-sent comments are allowed through so their Update and Delete activities
still federate (keeping remote copies in sync and tearing them down). Adds
regression tests for the helper and the blocked and allowed comment cases.
@pfefferle pfefferle force-pushed the fix/comment-federation-parent-state branch from f46c52a to 506e674 Compare June 8, 2026 08:01
@pfefferle

Copy link
Copy Markdown
Member Author

Thanks @copilot — both addressed in 506e674:

  1. Data-provider null staticself::$comment_post_ID is now initialized to 0. PHPUnit evaluates data providers before set_up(), so a null static made isset() false and the substitution in test_no_activity_scheduled() silently skipped, building comments with an invalid post ID. Initializing to 0 keeps the provider output non-null so the substitution picks up the real federated post assigned in set_up().
  2. Filter cleanup on failure — the activitypub_is_post_publicly_queryable filter add/assert/remove is now wrapped in try/finally, so the filter cannot leak into subsequent tests if the assertion fails.

CI remains green across PHP 7.4 / 8.3 / 8.5.

@pfefferle pfefferle merged commit 5f92596 into trunk Jun 8, 2026
11 checks passed
@pfefferle pfefferle deleted the fix/comment-federation-parent-state branch June 8, 2026 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants