Automattic · obenland · Oct 6, 2025 · Oct 2, 2025 · Oct 3, 2025 · Oct 3, 2025
diff --git a/includes/handler/class-accept.php b/includes/handler/class-accept.php
@@ -72,36 +72,25 @@ public static function handle_accept( $accept, $user_id ) {
 	 * @return bool The validation state: true if valid, false if not.
 	 */
 	public static function validate_object( $valid, $param, $request ) {
-		$json_params = $request->get_json_params();
+		$activity = $request->get_json_params();
 
-		if ( empty( $json_params['type'] ) ) {
+		if ( empty( $activity['type'] ) ) {
 			return false;
 		}
 
-		if (
-			'Accept' !== $json_params['type'] ||
-			\is_wp_error( $request )
-		) {
+		if ( 'Accept' !== $activity['type'] ) {
 			return $valid;
 		}
 
-		$required_attributes = array(
-			'actor',
-			'object',
-		);
-
-		if ( ! empty( \array_diff( $required_attributes, \array_keys( $json_params ) ) ) ) {
+		if ( ! isset( $activity['actor'], $activity['object'] ) ) {
 			return false;
 		}
 
-		$required_object_attributes = array(
-			'id',
-			'type',
-			'actor',
-			'object',
-		);
+		if ( ! \is_array( $activity['object'] ) ) {
+			return false;
+		}
 
-		if ( ! empty( \array_diff( $required_object_attributes, \array_keys( $json_params['object'] ) ) ) ) {
+		if ( ! isset( $activity['object']['id'], $activity['object']['type'], $activity['object']['actor'], $activity['object']['object'] ) ) {
 			return false;
 		}
 

diff --git a/includes/handler/class-create.php b/includes/handler/class-create.php
@@ -90,31 +90,21 @@ public static function handle_create( $activity, $user_id, $activity_object = nu
 	 * @return bool The validation state: true if valid, false if not.
 	 */
 	public static function validate_object( $valid, $param, $request ) {
-		$json_params = $request->get_json_params();
+		$activity = $request->get_json_params();
 
-		if ( empty( $json_params['type'] ) ) {
+		if ( empty( $activity['type'] ) ) {
 			return false;
 		}
 
-		if (
-			'Create' !== $json_params['type'] ||
-			is_wp_error( $request )
-		) {
+		if ( 'Create' !== $activity['type'] ) {
 			return $valid;
 		}
 
-		$object = $json_params['object'];
-
-		if ( ! is_array( $object ) ) {
+		if ( ! isset( $activity['object'] ) || ! \is_array( $activity['object'] ) ) {
 			return false;
 		}
 
-		$required = array(
-			'id',
-			'content',
-		);
-
-		if ( array_intersect( $required, array_keys( $object ) ) !== $required ) {
+		if ( ! isset( $activity['object']['id'], $activity['object']['content'] ) ) {
 			return false;
 		}
 

diff --git a/includes/handler/class-quote-request.php b/includes/handler/class-quote-request.php
@@ -207,27 +207,17 @@ public static function queue_reject( $activity_object, $user_id ) {
 	 * @return bool The validation state: true if valid, false if not.
 	 */
 	public static function validate_object( $valid, $param, $request ) {
-		if ( \is_wp_error( $request ) ) {
-			return $valid;
-		}
-
-		$json_params = $request->get_json_params();
+		$activity = $request->get_json_params();
 
-		if ( empty( $json_params['type'] ) ) {
+		if ( empty( $activity['type'] ) ) {
 			return false;
 		}
 
-		if ( 'QuoteRequest' !== $json_params['type'] ) {
+		if ( 'QuoteRequest' !== $activity['type'] ) {
 			return $valid;
 		}
 
-		$required_attributes = array(
-			'actor',
-			'object',
-			'instrument',
-		);
-
-		if ( ! empty( \array_diff( $required_attributes, \array_keys( $json_params ) ) ) ) {
+		if ( ! isset( $activity['actor'], $activity['object'], $activity['instrument'] ) ) {
 			return false;
 		}
 

diff --git a/includes/handler/class-reject.php b/includes/handler/class-reject.php
@@ -87,20 +87,17 @@ private static function reject_follow( $reject, $user_id ) {
 	 * @return bool The validation state: true if valid, false if not.
 	 */
 	public static function validate_object( $valid, $param, $request ) {
-		$json_params = $request->get_json_params();
+		$activity = $request->get_json_params();
 
-		if ( empty( $json_params['type'] ) ) {
+		if ( empty( $activity['type'] ) ) {
 			return false;
 		}
 
-		if (
-			'Reject' !== $json_params['type'] ||
-			\is_wp_error( $request )
-		) {
+		if ( 'Reject' !== $activity['type'] ) {
 			return $valid;
 		}
 
-		if ( empty( $json_params['actor'] ) || empty( $json_params['object'] ) ) {
+		if ( ! isset( $activity['actor'], $activity['object'] ) ) {
 			return false;
 		}
 

diff --git a/includes/handler/class-undo.php b/includes/handler/class-undo.php
@@ -85,36 +85,25 @@ public static function handle_undo( $activity, $user_id ) {
 	 * @return bool The validation state: true if valid, false if not.
 	 */
 	public static function validate_object( $valid, $param, $request ) {
-		$json_params = $request->get_json_params();
+		$activity = $request->get_json_params();
 
-		if ( empty( $json_params['type'] ) ) {
+		if ( empty( $activity['type'] ) ) {
 			return false;
 		}
 
-		if (
-			'Undo' !== $json_params['type'] ||
-			\is_wp_error( $request )
-		) {
+		if ( 'Undo' !== $activity['type'] ) {
 			return $valid;
 		}
 
-		$required_attributes = array(
-			'actor',
-			'object',
-		);
-
-		if ( ! empty( \array_diff( $required_attributes, \array_keys( $json_params ) ) ) ) {
+		if ( ! isset( $activity['actor'], $activity['object'] ) ) {
 			return false;
 		}
 
-		$required_object_attributes = array(
-			'id',
-			'type',
-			'actor',
-			'object',
-		);
+		if ( ! \is_array( $activity['object'] ) ) {
+			return false;
+		}
 
-		if ( ! empty( \array_diff( $required_object_attributes, \array_keys( $json_params['object'] ) ) ) ) {
+		if ( ! isset( $activity['object']['id'], $activity['object']['type'], $activity['object']['actor'], $activity['object']['object'] ) ) {
 			return false;
 		}
 

diff --git a/includes/rest/class-actors-inbox-controller.php b/includes/rest/class-actors-inbox-controller.php
@@ -90,10 +90,10 @@ public function register_routes() {
 								/**
 								 * Filter the ActivityPub object validation.
 								 *
-								 * @param bool   $validate The validation result.
-								 * @param array  $param    The object data.
-								 * @param object $request  The request object.
-								 * @param string $key      The key.
+								 * @param bool             $validate The validation result.
+								 * @param array            $param    The object data.
+								 * @param \WP_REST_Request $request  The request object.
+								 * @param string           $key      The key.
 								 */
 								return \apply_filters( 'activitypub_validate_object', true, $param, $request, $key );
 							},

diff --git a/includes/rest/class-inbox-controller.php b/includes/rest/class-inbox-controller.php
@@ -75,10 +75,10 @@ public function register_routes() {
 								/**
 								 * Filter the ActivityPub object validation.
 								 *
-								 * @param bool   $validate The validation result.
-								 * @param array  $param    The object data.
-								 * @param object $request  The request object.
-								 * @param string $key      The key.
+								 * @param bool             $validate The validation result.
+								 * @param array            $param    The object data.
+								 * @param \WP_REST_Request $request  The request object.
+								 * @param string           $key      The key.
 								 */
 								return \apply_filters( 'activitypub_validate_object', true, $param, $request, $key );
 							},

diff --git a/phpunit/tests/includes/handler/class-test-quote-request.php b/phpunit/tests/includes/handler/class-test-quote-request.php
@@ -446,19 +446,6 @@ public function test_validate_object_no_type() {
 		$this->assertFalse( $result, 'Request without type should fail validation' );
 	}
 
-	/**
-	 * Test validate_object with WP_Error request.
-	 *
-	 * @covers ::validate_object
-	 */
-	public function test_validate_object_with_wp_error() {
-		$request = new \WP_Error( 'invalid_request', 'Invalid request' );
-
-		$result = Quote_Request::validate_object( true, 'object', $request );
-
-		$this->assertTrue( $result, 'Should pass through original validation result when request is WP_Error' );
-	}
-
 	/**
 	 * Test that init method properly registers hooks.
 	 *