Conversation
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Added support for editing user profiles via the 'edit_user_profile' action. Enhanced user lookup to prioritize custom 'webfinger_resource' meta before falling back to user_nicename and user_login. Improved null handling in get_username and removed unused functions from class-webfinger.php. Fixed is_same_host logic to properly compare hosts.
Replaces Docker Compose and Grunt-based workflows with @wordpress/wp-env for local development. Adds .wp-env.json configuration, updates package.json scripts and devDependencies, and removes Gruntfile.js and docker-compose.yml.
There was a problem hiding this comment.
Pull request overview
This PR represents a major refactoring of the WebFinger plugin, upgrading it to version 4.0.0. The primary goal is to modernize the codebase through modularization, introducing namespaces, and separating concerns into dedicated classes for user management, admin functionality, and legacy support. The refactoring improves code maintainability, security, and follows WordPress coding standards more closely.
Key Changes:
- Introduced namespace
Webfingeracross all classes and migrated from global class names to namespaced architecture - Created new
UserandAdminclasses to separate user-related WebFinger logic and admin interface management from the coreWebfingerclass - Migrated legacy functionality to a dedicated
Legacyclass with improved documentation and output escaping - Updated all classes to use a static
init()method pattern for registering WordPress hooks
Reviewed changes
Copilot reviewed 14 out of 15 changed files in this pull request and generated 19 comments.
Show a summary per file
| File | Description |
|---|---|
| webfinger.php | Main plugin file refactored to use namespaced functions and classes; delegates initialization to new modular class structure |
| includes/class-user.php | New class encapsulating user-related WebFinger logic including resource resolution, generation, and host validation |
| includes/class-admin.php | New class managing user profile integration with nonce verification and input validation for WebFinger resources |
| includes/class-webfinger.php | Core class refactored to use new User class for resource handling; removed user-related methods moved to User class |
| includes/class-legacy.php | Renamed and namespaced legacy class with improved documentation and output escaping |
| templates/profile-settings.php | New template for user profile settings with WebFinger resource configuration |
| includes/functions.php | Helper functions updated with strict comparison operators and reference to new namespaced classes |
| includes/deprecated.php | New file providing backward compatibility stubs for old class names |
| readme.md | Updated version to 4.0.0 and tested up to WordPress 6.7 |
| languages/webfinger.pot | Added translation strings for new profile settings template |
| docker-compose.yml | Added platform specification for better cross-architecture compatibility |
Comments suppressed due to low confidence (2)
includes/class-legacy.php:19
- Typo in comment: "recource" should be "resource".
includes/class-legacy.php:156 - Typo in comment: "generade" should be "generate".
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Replaced hardcoded directory paths with new plugin-related constants for improved maintainability and clarity. Updated all require and template loading calls to use WEBFINGER_PLUGIN_DIR and related constants.
Refactored is_same_host from User class to a standalone function in functions.php for broader accessibility. Updated references in class-user.php and class-webfinger.php to use the new global function.
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Sanitizes nonce and input fields more robustly in admin actions, updates deprecated function calls to suggest 'acct:[email protected]', and improves escaping in profile settings template. Removes unnecessary 'meta_compare' arguments from user queries for cleaner code.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 14 out of 15 changed files in this pull request and generated 9 comments.
Comments suppressed due to low confidence (2)
includes/class-legacy.php:19
- Typo in comment: "recource" should be "resource"
includes/class-legacy.php:156 - Typo in comment: "generade" should be "generate"
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Add PSR-4 style autoloader for plugin classes - Update phpcs.xml with ActivityPub-style configuration - Add phpunit.xml and proper test structure under tests/phpunit/ - Add comprehensive unit tests for User, Webfinger, and helper functions - Update composer.json with PHP 7.2+ requirement and test dependencies - Fix all PHPCS errors and warnings: - Add file doc comments with @Package tags - Prefix all global functions with backslash - Replace parse_url() with wp_parse_url() - Fix Yoda conditions and inline comment formatting - Rename reserved keyword parameters (resource -> resource_uri) - Update .wp-env.json with custom ports (8686/8687) to avoid collisions - Update .distignore for new file structure 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
- Add phpcs.yml workflow for coding standards checks - Add phpunit.yml workflow for unit testing across PHP 7.2, 8.3, 8.4 - Update bin/install-wp-tests.sh script for CI environment
Fixes: - Fix incorrect property name: author->nicename to author->user_nicename - Fix get_user_by_uri inconsistent result access via get_results() - Fix get_resources adding duplicate acct: URI for user_login - Fix get_user_by_various checking wp_get_current_user() for null - Fix template escaping: build full URL before esc_url() - Add null check for author in generate_post_data Modernization: - Use PHP 7.2+ type declarations in Autoloader - Use class constant for autoloader type prefixes - Use null coalescing operator (??) where applicable - Use short ternary operator (?:) for fallbacks - Use array_filter with closure for rel filtering - Simplify conditionals with early returns - Extract helper methods: send_error, get_rel_params, get_user_query_args - Remove deprecated IM scheme handlers (aim, ymsgr, xmpp) - Fix URI scheme regex to follow RFC 3986
- Rename test files to match class names (PHPUnit 10 requirement) - Update phpunit.xml for PHPUnit 10 configuration - Improve bootstrap.php polyfills path detection - Add .phpunit.result.cache to .gitignore
Deleted the composer.lock file to remove all locked PHP dependencies from version control. This may be in preparation for a fresh dependency install or to stop tracking lock file changes.
Updated .gitignore to exclude composer.lock from version control, preventing accidental commits of dependency lock files.
- Remove wildcard characters (* and %) to prevent SQL injection via LIKE queries - Sanitize scheme with esc_attr() and host with sanitize_text_field() - Add additional null check for both host and uri
- Test SQL wildcard injection prevention (% and * characters) - Test XSS sanitization in scheme and host - Test URL-encoded wildcard handling - Test empty/null input handling
- Add permalinks check to verify pretty permalinks are enabled - Add endpoint check to test .well-known/webfinger accessibility - Include troubleshooting guidance for common issues
This pull request introduces several significant updates and refactoring to the codebase, focusing on modularizing and modernizing the WebFinger plugin for WordPress. The changes include the introduction of new classes for user and admin management, migration to namespaced classes, and improvements to Docker configuration for better compatibility. Below are the most important changes grouped by theme:
WebFinger Plugin Refactoring and Modularization
Userclass inincludes/class-user.phpto encapsulate all user-related WebFinger logic, such as resource resolution, resource generation, and host validation. This centralizes and streamlines user handling for WebFinger queries.Adminclass inincludes/class-admin.phpto manage user profile integration, including adding profile fields, handling meta updates, and error validation for the WebFinger resource, with appropriate WordPress hooks and nonce verification for security.Legacyclass (formerlyWebfinger_Legacy) inincludes/class-legacy.php, updated to use namespaces, improved documentation, and safer output handling (e.g., escaping output). [1] [2] [3] [4] [5] [6] [7]WebFinger Core Enhancements
Webfingerclass inincludes/class-webfinger.phpto use the newUserclass for user resolution and resource handling, improved method documentation, and enhanced filter/action usage for extensibility. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]Infrastructure and Compatibility
docker-compose.ymlto explicitly set the platform tolinux/amd64for both thedbandwordpressservices, improving compatibility with different host architectures. [1] [2]