From 29cb62af3dba0a6a2891800cfe97578c1a2819ae Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 28 Feb 2019 17:51:13 -0800 Subject: [PATCH 01/60] translate name of content filter (addon) app. --- Zotlabs/Lib/Apps.php | 1 + 1 file changed, 1 insertion(+) diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php index 56283ff76..7541c68a4 100644 --- a/Zotlabs/Lib/Apps.php +++ b/Zotlabs/Lib/Apps.php @@ -327,6 +327,7 @@ class Apps { 'Report Bug' => t('Report Bug'), 'Bookmarks' => t('Bookmarks'), 'Chatrooms' => t('Chatrooms'), + 'Content Filter' => t('Content Filter'), 'Connections' => t('Connections'), 'Remote Diagnostics' => t('Remote Diagnostics'), 'Suggest Channels' => t('Suggest Channels'), From 2244bf2ba2e8611017de51fbeb3c449efef906f0 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Fri, 1 Mar 2019 14:16:19 +0100 Subject: [PATCH 02/60] iron out some kinks with scrollToItem() in combination with collapsed content and images --- view/js/main.js | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/view/js/main.js b/view/js/main.js index b1af29846..1322c2112 100644 --- a/view/js/main.js +++ b/view/js/main.js @@ -770,7 +770,7 @@ function updateConvItems(mode,data) { mediaPlaying = false; }); - var bimgs = ((preloadImages) ? false : $(".wall-item-body img, .wall-photo-item img").not(function() { return this.complete; })); + var bimgs = $(".wall-item-body img, .wall-photo-item img").not(function() { return this.complete; }); var bimgcount = bimgs.length; if (bimgcount) { @@ -778,16 +778,22 @@ function updateConvItems(mode,data) { bimgcount--; if (! bimgcount) { collapseHeight(); + + if(bParam_mid && mode === 'replace') + scrollToItem(); + + $(document.body).trigger("sticky_kit:recalc"); } }); } else { collapseHeight(); + + if(bParam_mid && mode === 'replace') + scrollToItem(); + + $(document.body).trigger("sticky_kit:recalc"); } - if(bParam_mid && mode === 'replace') - scrollToItem(); - - $(document.body).trigger("sticky_kit:recalc"); } function scrollToItem() { From 5febc3e07dd1c1aeda68c09b4092d5d4219f39b5 Mon Sep 17 00:00:00 2001 From: "DM42.Net (Matt Dent)" Date: Fri, 1 Mar 2019 10:50:10 -0500 Subject: [PATCH 03/60] Use sender hash --- include/zot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/zot.php b/include/zot.php index 3b089831b..c9c01103c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1840,7 +1840,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ intval($channel['channel_id']) ); if ($parent) { - $allowed = can_comment_on_post($d['hash'],$parent[0]); + $allowed = can_comment_on_post($sender['hash'],$parent[0]); } } From 747ce9b1f15d3f656ed8ca816c1790c351decec9 Mon Sep 17 00:00:00 2001 From: mike Date: Sat, 2 Mar 2019 12:21:59 +0300 Subject: [PATCH 04/60] Mention php-zip module dependency in administrator guide --- doc/admin/administrator_guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/admin/administrator_guide.md b/doc/admin/administrator_guide.md index 5f1d40428..2b1c84180 100644 --- a/doc/admin/administrator_guide.md +++ b/doc/admin/administrator_guide.md @@ -95,7 +95,7 @@ PHP might differ from the _webserver_ version php.ini file * and with no hosting provider restrictions on the use of exec() and proc_open(). -* curl, gd (with at least jpeg and png support), mysqli, mbstring, mcrypt, +* curl, gd (with at least jpeg and png support), mysqli, mbstring, mcrypt, zip, and openssl extensions. The imagick extension is not required but desirable. * xml extension is required if you want webdav to work. From 117a8cafca6982e7d976fe00f32ecb0df66b2899 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 2 Mar 2019 15:50:53 +0100 Subject: [PATCH 05/60] while in legacy zot $sender is expected to be an array, in zot6 $sender is expected to be a string (xchan_hash) --- Zotlabs/Lib/Libzot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 019237568..6190c9970 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -1385,7 +1385,7 @@ class Libzot { /** * @brief * - * @param array $sender + * @param string $sender * @param array $arr * @param array $deliveries * @param boolean $relay From e26de9c1d11dc8175ea520be091f0437d99ea5e0 Mon Sep 17 00:00:00 2001 From: mike Date: Sun, 3 Mar 2019 18:24:36 +0300 Subject: [PATCH 06/60] Addressing new 'support@zotadel.net' support forum instead of old 'support@gravizot.de' --- doc/bugs.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/bugs.bb b/doc/bugs.bb index f773da025..3bf2a0e29 100644 --- a/doc/bugs.bb +++ b/doc/bugs.bb @@ -21,7 +21,7 @@ If you get a blank white screen when doing something, this is almost always a co [h3]I'm stumped. I can't figure out what is wrong.[/h3] -At this point it might be worthwhile discussing the issue on one of the online forums. There may be several of these and some may be more suited to your spoken language. At this time, the 'Hubzilla Support' channel (support@gravizot.de) is the recommended forum for discussing bugs. +At this point it might be worthwhile discussing the issue on one of the online forums. There may be several of these and some may be more suited to your spoken language. At this time, the 'Hubzilla Support' channel (support@zotadel.net) is the recommended forum for discussing bugs. If community members with software engineering training/expertise can't help you right away, understand that they are volunteers and may have a lot of other work and demands on their time. At this point you need to file a bug report. You will need an account on framagit.org to do this. So register, and then visit https://framagit.org/hubzilla/core/issues . Create an issue here and provide all the same information that you provided online. Don't leave out anything. @@ -29,4 +29,4 @@ Then you wait. If it's a high profile issue, it may get fixed quickly. But nobod Other people working to fix the problem may need to find out more, so do your homework and document what is happening and everything you've tried. Don't say "I did xyz and it didn't work." That doesn't tell us anything. Tell us precisely what steps you took and what you expected the result to be, and precisely what happened as a result. What page/URL were you looking at or what form were you filling in? If there were any error messages, don't say "there was an error message". Tell us exactly what the message said. Also tell us what hub you are using, what software version you're running and any other details that may be unique about your site configuration. It is understood that you might wish to keep some information and your connections private, however if you aren't willing to share the information other people need to reproduce/fix the problem, it may not get fixed. - \ No newline at end of file + From 938fcdd1a6e8db47d2e66d68f8face9925bb7963 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 4 Mar 2019 20:07:01 -0800 Subject: [PATCH 07/60] mod_oep: photos/album/xxxxx is no longer hex2bin/bin2hex but the album hash and is throwing php warnings when trying to decode --- Zotlabs/Module/Oep.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php index c0d8e15e5..3977ac8dd 100644 --- a/Zotlabs/Module/Oep.php +++ b/Zotlabs/Module/Oep.php @@ -456,7 +456,7 @@ class Oep extends \Zotlabs\Web\Controller { if(preg_match('|//(.*?)/(.*?)/(.*?)/album/|',$url,$matches)) { $chn = $matches[3]; - $res = hex2bin(basename($url)); + $res = basename($url); } if(! ($chn && $res)) From 8e50fecccca5dd72a49869502e541db03632cd86 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 4 Mar 2019 20:09:47 -0800 Subject: [PATCH 08/60] remove clones from delivery recipients for top-level posts - they will get the post via clone sync --- Zotlabs/Daemon/Notifier.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php index df73d977d..4e0c0d49c 100644 --- a/Zotlabs/Daemon/Notifier.php +++ b/Zotlabs/Daemon/Notifier.php @@ -412,6 +412,12 @@ class Notifier { $private = false; $recipients = collect_recipients($parent_item,$private); + + if ($top_level_post) { + // remove clones who will receive the post via sync + $recipients = array_diff($recipients, [ $target_item['owner_xchan'] ]); + } + // FIXME add any additional recipients such as mentions, etc. // don't send deletions onward for other people's stuff From 47001c33039e6915f12b95a3e948caae6cf21d41 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 4 Mar 2019 20:11:43 -0800 Subject: [PATCH 09/60] api_router - allow parameters as final path argument --- Zotlabs/Lib/Api_router.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Zotlabs/Lib/Api_router.php b/Zotlabs/Lib/Api_router.php index 404678bd9..6e3f231a9 100644 --- a/Zotlabs/Lib/Api_router.php +++ b/Zotlabs/Lib/Api_router.php @@ -12,8 +12,16 @@ class Api_router { } static function find($path) { - if(array_key_exists($path,self::$routes)) + if (array_key_exists($path,self::$routes)) { return self::$routes[$path]; + } + + $with_params = dirname($path) . '/[id]'; + + if (array_key_exists($with_params,self::$routes)) { + return self::$routes[$with_params]; + } + return null; } From 98b1c7a38c3f3ef8ba7d36b77d9366691c3fbf15 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 5 Mar 2019 16:57:32 -0800 Subject: [PATCH 10/60] maintain compatibility with recent zot6 changes --- Zotlabs/Lib/Libzot.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 6190c9970..7dca2e78a 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -685,8 +685,14 @@ class Libzot { $adult_changed = 1; if(intval($r[0]['xchan_deleted']) != intval($arr['deleted'])) $deleted_changed = 1; + // old style if(intval($r[0]['xchan_pubforum']) != intval($arr['public_forum'])) $pubforum_changed = 1; + // new style 6-MAR-2019 + if(array_key_exists('channel_type',$arr) && intval($arr['channel_type']) < 2 && intval($r[0]['xchan_pubforum']) !== intval($arr['channel_type'])) { + $pubforum_changed = 1; + $arr['public_forum'] = $arr['channel_type']; + } if($arr['protocols']) { $protocols = implode(',',$arr['protocols']); From 26e7da0b969c834cc6c2ff7c00713c7be05cb5c4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 5 Mar 2019 17:06:42 -0800 Subject: [PATCH 11/60] channel_type is not integer --- Zotlabs/Lib/Libzot.php | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 7dca2e78a..4efd869f3 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -685,14 +685,26 @@ class Libzot { $adult_changed = 1; if(intval($r[0]['xchan_deleted']) != intval($arr['deleted'])) $deleted_changed = 1; + + // new style 6-MAR-2019 + + if(array_key_exists('channel_type',$arr)) { + if($arr['channel_type'] === 'collection') { + // do nothing at this time. + } + elseif($arr['channel_type'] === 'group') { + $arr['public_forum'] = 1; + } + else { + $arr['public_forum'] = 0; + } + } + // old style + if(intval($r[0]['xchan_pubforum']) != intval($arr['public_forum'])) $pubforum_changed = 1; - // new style 6-MAR-2019 - if(array_key_exists('channel_type',$arr) && intval($arr['channel_type']) < 2 && intval($r[0]['xchan_pubforum']) !== intval($arr['channel_type'])) { - $pubforum_changed = 1; - $arr['public_forum'] = $arr['channel_type']; - } + if($arr['protocols']) { $protocols = implode(',',$arr['protocols']); From 0c05e6593e020180ca678dff6d60c095e23b34cd Mon Sep 17 00:00:00 2001 From: "M. Dent" Date: Wed, 6 Mar 2019 09:52:26 +0100 Subject: [PATCH 12/60] Add CURLOPT_CONNECTTIMEOUT --- include/network.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/network.php b/include/network.php index 8ac71011e..12f2ad4e9 100644 --- a/include/network.php +++ b/include/network.php @@ -114,6 +114,13 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) { @curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60)); } + if(x($opts,'connecttimeout') && intval($opts['connecttimeout'])) { + @curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, intval($opts['connecttimeout'])); + } + else { + $curl_contime = intval(@get_config('system','curl_connecttimeout')); + @curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, (($curl_contime !== false) ? $curl_contime : 30)); + } if(x($opts,'http_auth')) { // "username" . ':' . "password" From 08725c44c6874bdbbb46649645a9ac818f0abe36 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 6 Mar 2019 21:08:56 +0100 Subject: [PATCH 13/60] changelog --- CHANGELOG | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 0e3e89a9e..4c9385b24 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,107 @@ +Hubzilla 4.0 (2019-??-??) + - Add CURLOPT_CONNECTTIMEOUT option + - Allow parameters as final path argument in API router + - Remove clones from delivery recipients for top-level posts in favor of clone sync + - Mention php-zip module dependency in administrator guide + - Iron out some kinks with scrollToItem() in combination with collapsed content and images + - Zot API changes to support combined content (items+files) import addon + - Update PHP Version check during setup - min version is now 7.1 + - Urlencode links in category widget + - Implement ability for channel visitors to be able to delete their own content + - Support zot location independent urls + - MySQL 8 admin summary compatibility + - Improved gitlab-ci environment + - Deprecate and remove addon settings in favour of per app settings + - Refactor PhotoDriver class and add tests + - Convert affinity tool to app + - Refactor linkify_tags() so it works with xchans across multiple protocols + - Add the actual mid to viewsrc for debuging reasons + - Add filter hooks and the ability to add buttons to the default status editor + - Prevent Hubzilla usage for SEO backlinks + - Implement privacy warning for forum posts via !-tag + - Set document title when title changes on a page update + - Cache embeds in the background on initial storage rather than on first access + - Custom sessionhandler support + - Update nginx and lighttpd sample server configs to explicit disallow access to util + - Introduce command line tool for managing site admins + - Various doxygen improvements + - Add privacygroup_extras_post/drop hooks + - Add collect_public_recipients hook + - Prevent memory exhaustion on zot message pickup with large message queue + - Remove experimental worker queue from core + - Add get_base_apps hook + - Improve handling of notification updates while commenting + - Add warning if upload_filesize < 4MB + - Add ITEM_TYPE_CUSTOM and hooks for processing custom item types + - Set min/maxversion for plugins to STD_VERSION unless otherwise specified + - Add option to make affinity slider 'sticky' across page loads + - Add photo_view_filter hook + - Reset page title if article has no title + - Implement the zot6 protocol + - Add PHOTO_CACHE photo type + - Basic support for HTTP3 + - Add native summary support + - Disable image caching if personal or group permissions enabled + + Bugfixes + - Fix regression where mod oep was still using hex2bin/bin2hex instead of album hash + - Fix regression when selecting multiple images in embed images + - Fix broken sync_an_item() + - Fix page jumping on like if comments are expanded (show all x comments) + - Fix regression in mod display where an page update could display items from multiple channels + - Fix starring and filing allowed for other unsupported item types + - Fix wrong variable in z_get_temp_dir() + - Fix page jumping when liking a collapsed/expanded post + - Fix tags detection in URL + - Fix warnings in mod embedphotos + - Fix wrong variable in can_comment_on_post() + - Fix mod new_channel counting removed channels + - Fix regression where not all content variables were sslified + - Fix default values for affinity tool and other information which could be lost when approving a connection + - Fix regression in linkdropper() + - Fix issue with unset auto_save_draft variable which resultet in a javascript error + - Fix home notifications won't expand if there are more than 300 unseen network notifications ahead of them + - Fix total_identities count + - Fix delayed items propagate before publication on cloned channels + + Addons + - twitter_api: fedilab needs profile_image_url_https + - New addon: content_import - imports items and files to cloned channels (this obsoletes hzfiles) + - Diaspora: prevent processing of incomplete messages in various places + - hzfiles: fix add missing load/unload functions + - chess: do not look for games if we have no game_id - improves initial pageload performance + - chess: convert to app + - channelreputation: convert to app + - irc: convert to per app + - Provide the addon_common directory for common addon libraries + - fuzzloc: convert to app + - flattrwidget: convert to app + - jappixmini: convert to app + - xmpp: convert to app + - visage: convert to app + - diaspora: reflect linkify_tags() rewrite + - twitter: convert to app + - smileybutton: convert to app + - skeleton: convert to app + - planets: convert to app + - pumpio: convert to app + - pageheader: convert to app + - nsabait: convert to app + - dwpost: convert to app + - diaspora: set the preserve_lf option in various places + - diaspora: fix comments from unknown persons are not accpted + - nofed: convert to app + - ljpost: convert to app + - diaspora: call update_queue_item() if delivery failed + - pubcrawl: call update_queue_item() if delivery failed + - libertree: convert to app + - New addon: queueworker advanced - queue handling (experimental) + - gallery: extended functionality: implements stream image viewer, converts images at the beginning of a post to a gallery + - authchoose: correction to query, add affinity setting + - New addon: photocache - local caching for public photos + - New addon: totp - two factor authentication using time-based one-time passwords + + Hubzilla 3.8.9 (2018-02-03) - Fix typos in mod oep - Fix page jumping when liking collapsed/expanded post From 0b2213dd41a7ef275766725c070e16f8ba94d5a5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 6 Mar 2019 19:01:28 -0800 Subject: [PATCH 14/60] guest access tokens: xchan record not created on URL login --- include/channel.php | 1 + 1 file changed, 1 insertion(+) diff --git a/include/channel.php b/include/channel.php index 466d2eab9..f705ba4d2 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1836,6 +1836,7 @@ function zat_init() { ); if($r) { $xchan = atoken_xchan($r[0]); + atoken_create_xchan($xchan); atoken_login($xchan); } } From 04fe7e61deb19b9b05c87bff037b7bbf1d7bc662 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 7 Mar 2019 09:32:12 +0100 Subject: [PATCH 15/60] update changelog --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index 4c9385b24..cc6880f6c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -44,6 +44,7 @@ Hubzilla 4.0 (2019-??-??) - Disable image caching if personal or group permissions enabled Bugfixes + - Fix guest access token xchan record not created on URL login - Fix regression where mod oep was still using hex2bin/bin2hex instead of album hash - Fix regression when selecting multiple images in embed images - Fix broken sync_an_item() From 1f7622e4c42bf71d1d38dd88c40c903d83a8d6c0 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Mar 2019 15:45:42 -0800 Subject: [PATCH 16/60] fetch private objects using delivery channel credentials --- Zotlabs/Lib/Libzot.php | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 4efd869f3..bc0826189 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -1125,9 +1125,14 @@ class Libzot { logger('Activity rejected: ' . print_r($data,true)); return; } - $arr = Activity::decode_note($AS); + if (is_array($AS->obj)) { + $arr = Activity::decode_note($AS); + } + else { + $arr = []; + } - logger($AS->debug()); + logger($AS->debug(),LOGGER_DATA); } @@ -1230,7 +1235,7 @@ class Libzot { $relay = (($env['type'] === 'response') ? true : false ); - $result = self::process_delivery($env['sender'],$arr,$deliveries,$relay,false,$message_request); + $result = self::process_delivery($env['sender'],$AS,$arr,$deliveries,$relay,false,$message_request); } elseif($env['type'] === 'sync') { // $arr = get_channelsync_elements($data); @@ -1412,7 +1417,7 @@ class Libzot { * @return array */ - static function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $request = false) { + static function process_delivery($sender, $act, $arr, $deliveries, $relay, $public = false, $request = false) { $result = []; @@ -1441,6 +1446,24 @@ class Libzot { $DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>'); + if(($act) && ($act->obj) && (! is_array($act->obj))) { + // The initial object fetch failed using the sys channel credentials. + // Try again using the delivery channel credentials. + // We will also need to re-parse the $item array, + // but preserve any values that were set during anonymous parsing. + + $o = Activity::fetch($act->obj,$channel); + if($o) { + $act->obj = $o; + $arr = array_merge(Activity::decode_note($act),$arr); + } + else { + $DR->update('Incomplete or corrupt activity'); + $result[] = $DR->get(); + continue; + } + } + /** * We need to block normal top-level message delivery from our clones, as the delivered * message doesn't have ACL information in it as the cloned copy does. That copy @@ -1859,7 +1882,7 @@ class Libzot { logger('FOF Activity received: ' . print_r($arr,true), LOGGER_DATA, LOG_DEBUG); logger('FOF Activity recipient: ' . $channel['channel_portable_id'], LOGGER_DATA, LOG_DEBUG); - $result = self::process_delivery($arr['owner_xchan'],$arr, [ $channel['channel_portable_id'] ],false,false,true); + $result = self::process_delivery($arr['owner_xchan'],$AS, $arr, [ $channel['channel_portable_id'] ],false,false,true); if ($result) { $ret = array_merge($ret, $result); } From ce0067d8ebf1f7363bfb238bb73fb24078783261 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Mar 2019 20:01:41 -0800 Subject: [PATCH 17/60] It is in fact the 'Content Import' app string that needs to be translated. A previous commit errantly included the string 'Content Filter'. But don't remove 'Content Filter'. That is actually a thing in Zap and will eventually make its way to Hubzilla. --- Zotlabs/Lib/Apps.php | 1 + 1 file changed, 1 insertion(+) diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php index 7541c68a4..fefc6639d 100644 --- a/Zotlabs/Lib/Apps.php +++ b/Zotlabs/Lib/Apps.php @@ -328,6 +328,7 @@ class Apps { 'Bookmarks' => t('Bookmarks'), 'Chatrooms' => t('Chatrooms'), 'Content Filter' => t('Content Filter'), + 'Content Import' => t('Content Import'), 'Connections' => t('Connections'), 'Remote Diagnostics' => t('Remote Diagnostics'), 'Suggest Channels' => t('Suggest Channels'), From 507c71f64c68cc0de0f090f1abdd024866e91068 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 8 Mar 2019 05:45:02 +0100 Subject: [PATCH 18/60] $sender is supposed to be string in libzot --- Zotlabs/Lib/Libzot.php | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index bc0826189..fd1538f0b 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -1895,8 +1895,7 @@ class Libzot { /** * @brief Remove community tag. * - * @param array $sender an associative array with - * * \e string \b hash a xchan_hash + * @param string $sender * @param array $arr an associative array * * \e int \b verb * * \e int \b obj_type @@ -1969,7 +1968,7 @@ class Libzot { * * @see item_store_update() * - * @param array $sender + * @param string $sender * @param array $item * @param array $orig * @param int $uid @@ -2020,7 +2019,7 @@ class Libzot { /** * @brief Deletes an imported item. * - * @param array $sender + * @param string $sender * * \e string \b hash a xchan_hash * @param array $item * @param int $uid @@ -2038,9 +2037,9 @@ class Libzot { $r = q("select id, author_xchan, owner_xchan, source_xchan, item_deleted from item where ( author_xchan = '%s' or owner_xchan = '%s' or source_xchan = '%s' ) and mid = '%s' and uid = %d limit 1", - dbesc($sender['hash']), - dbesc($sender['hash']), - dbesc($sender['hash']), + dbesc($sender), + dbesc($sender), + dbesc($sender), dbesc($item['mid']), intval($uid) ); @@ -2195,8 +2194,7 @@ class Libzot { * * @see import_directory_profile() * - * @param array $sender an associative array - * * \e string \b hash a xchan_hash + * @param string $sender * @param array $arr * @param array $deliveries (unused) * @return void @@ -2206,7 +2204,7 @@ class Libzot { logger('process_profile_delivery', LOGGER_DEBUG); $r = q("select xchan_addr from xchan where xchan_hash = '%s' limit 1", - dbesc($sender['hash']) + dbesc($sender) ); if($r) { Libzotdir::import_directory_profile($sender, $arr, $r[0]['xchan_addr'], UPDATE_FLAGS_UPDATED, 0); @@ -2217,8 +2215,7 @@ class Libzot { /** * @brief * - * @param array $sender an associative array - * * \e string \b hash a xchan_hash + * @param string $sender * @param array $arr * @param array $deliveries (unused) deliveries is irrelevant * @return void From 73c96f35c1b1e50518179f430ceaa3ebc0a7d643 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Fri, 8 Mar 2019 10:48:01 +0000 Subject: [PATCH 19/60] update changelog (cherry picked from commit 5b3824917d591b27c4797971c8253ed67b41dc5a) --- CHANGELOG | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index cc6880f6c..0a57efa9d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,4 +1,4 @@ -Hubzilla 4.0 (2019-??-??) +Hubzilla 4.0 (2019-03-08) - Add CURLOPT_CONNECTTIMEOUT option - Allow parameters as final path argument in API router - Remove clones from delivery recipients for top-level posts in favor of clone sync From b5ed3edc8f3e2a442d836ddef8ffa9114b49e523 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 8 Mar 2019 14:51:30 -0800 Subject: [PATCH 20/60] port zot_record_preferred --- Zotlabs/Lib/Libzot.php | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index bc0826189..50053a2fd 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -1197,12 +1197,14 @@ class Libzot { //logger($AS->debug()); - $r = q("select hubloc_hash from hubloc where hubloc_id_url = '%s' and hubloc_network = 'zot6' limit 1", + $r = q("select hubloc_hash, hubloc_network from hubloc where hubloc_id_url = '%s' ", dbesc($AS->actor['id']) ); if($r) { - $arr['author_xchan'] = $r[0]['hubloc_hash']; + // selects a zot6 hash if available, otherwise use whatever we have + $r = self::zot_record_preferred($r); + $arr['author_xchan'] = $r['hubloc_hash']; } @@ -3099,4 +3101,22 @@ class Libzot { return(($x) ? true : false); } + + static public function zot_record_preferred($arr, $check = 'hubloc_network') { + + if(! $arr) { + return $arr; + } + + foreach($arr as $v) { + if($v[$check] === 'zot6') { + + return $v; + } + } + + return $arr[0]; + + } + } From 51024d382172c5e2e62bacc6d9103a1caa40e4a5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 9 Mar 2019 12:58:03 -0800 Subject: [PATCH 21/60] authenticated fetch fixes --- Zotlabs/Lib/ActivityStreams.php | 5 +++- Zotlabs/Module/Item.php | 1 + include/zid.php | 48 +++++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 1 deletion(-) diff --git a/Zotlabs/Lib/ActivityStreams.php b/Zotlabs/Lib/ActivityStreams.php index a357b6d69..006744aff 100644 --- a/Zotlabs/Lib/ActivityStreams.php +++ b/Zotlabs/Lib/ActivityStreams.php @@ -319,7 +319,10 @@ class ActivityStreams { function get_compound_property($property, $base = '', $namespace = '', $first = false) { $x = $this->get_property_obj($property, $base, $namespace); if($this->is_url($x)) { - $x = $this->fetch_property($x); + $y = $this->fetch_property($x); + if (is_array($y)) { + $x = $y; + } } // verify and unpack JSalmon signature if present diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index ebcf632ef..b247df0fd 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -55,6 +55,7 @@ class Item extends Controller { $sigdata = HTTPSig::verify(EMPTY_STR); if($sigdata['portable_id'] && $sigdata['header_valid']) { $portable_id = $sigdata['portable_id']; + observer_auth($portable_id); } $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; diff --git a/include/zid.php b/include/zid.php index a37ebe1f6..0b12689ef 100644 --- a/include/zid.php +++ b/include/zid.php @@ -352,3 +352,51 @@ function owt_init($token) { logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); } + + +function observer_auth($ob_hash) { + + if($ob_hash === false) { + return; + } + + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' order by hubloc_id desc", + dbesc($ob_hash), + dbesc($ob_hash), + dbesc($ob_hash) + ); + + if(! $r) { + // finger them if they can't be found. + $wf = discover_by_webbie($ob_hash); + if($wf) { + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' order by hubloc_id desc", + dbesc($ob_hash), + dbesc($ob_hash), + dbesc($ob_hash) + ); + } + } + if(! $r) { + logger('unable to finger ' . $ob_hash); + return; + } + + $hubloc = $r[0]; + + $_SESSION['authenticated'] = 1; + + // normal visitor (remote_channel) login session credentials + $_SESSION['visitor_id'] = $hubloc['xchan_hash']; + $_SESSION['my_url'] = $hubloc['xchan_url']; + $_SESSION['my_address'] = $hubloc['hubloc_addr']; + $_SESSION['remote_hub'] = $hubloc['hubloc_url']; + $_SESSION['DNT'] = 1; + + \App::set_observer($hubloc); + require_once('include/security.php'); + \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + +} From cada0b6df12dab6e91aa7b560eccdf9f334f2b98 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 10 Mar 2019 15:50:45 -0700 Subject: [PATCH 22/60] init_groups_visitor: include xchans from all zot-like networks --- include/security.php | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/include/security.php b/include/security.php index 493d34699..4af46c257 100644 --- a/include/security.php +++ b/include/security.php @@ -575,11 +575,29 @@ function init_groups_visitor($contact_id) { } } - // physical groups this channel is a member of - - $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan = '%s' ", + $x = q("select * from xchan where xchan_hash = '%s'", dbesc($contact_id) ); + + if (! $x) { + return $groups; + } + + // include xchans for all zot-like networks + + $xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ", + dbesc($contact_id), + dbesc($x[0]['xchan_guid']), + dbesc($x[0]['xchan_pubkey']) + ); + + if($xchans) { + $hashes = ids_to_querystr($xchans,'xchan_hash',true); + } + + // physical groups this identity is a member of + + $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) " ); if($r) { foreach($r as $rr) $groups[] = $rr['hash']; From 4e97fb0e587eed6875b1d3a2615b0997a7f13c63 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 10 Mar 2019 22:32:37 -0700 Subject: [PATCH 23/60] testing init_groups_visitor changes - also add virtual groups for both zot identities --- include/security.php | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/include/security.php b/include/security.php index 4af46c257..44cd605dc 100644 --- a/include/security.php +++ b/include/security.php @@ -564,17 +564,6 @@ function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'f function init_groups_visitor($contact_id) { $groups = []; - // private profiles are treated as a virtual group - - $r = q("SELECT abook_profile from abook where abook_xchan = '%s' and abook_profile != '' ", - dbesc($contact_id) - ); - if($r) { - foreach($r as $rv) { - $groups[] = 'vp.' . $rv['abook_profile']; - } - } - $x = q("select * from xchan where xchan_hash = '%s'", dbesc($contact_id) ); @@ -594,10 +583,19 @@ function init_groups_visitor($contact_id) { if($xchans) { $hashes = ids_to_querystr($xchans,'xchan_hash',true); } - + + // private profiles are treated as a virtual group + + $r = q("SELECT abook_profile from abook where abook_xchan in ( " . protect_sprintf($hashes) . " ) and abook_profile != '' "); + if($r) { + foreach($r as $rv) { + $groups[] = 'vp.' . $rv['abook_profile']; + } + } + // physical groups this identity is a member of - $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) " ); + $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) "); if($r) { foreach($r as $rr) $groups[] = $rr['hash']; From 5fb0d38ad8b59bef92655b56cf7145cc979b6dea Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 11 Mar 2019 16:29:12 -0700 Subject: [PATCH 24/60] security updates for multiple xchans --- include/security.php | 248 +++++++++++++++++++++++++++++++++---------- 1 file changed, 189 insertions(+), 59 deletions(-) diff --git a/include/security.php b/include/security.php index 44cd605dc..b9705a0e4 100644 --- a/include/security.php +++ b/include/security.php @@ -306,6 +306,7 @@ function change_channel($change_channel) { * * @return string additional SQL where statement */ + function permissions_sql($owner_id, $remote_observer = null, $table = '') { $local_channel = local_channel(); @@ -316,7 +317,7 @@ function permissions_sql($owner_id, $remote_observer = null, $table = '') { * default permissions - anonymous user */ - if($table) + if ($table) $table .= '.'; $sql = " AND {$table}allow_cid = '' @@ -329,38 +330,63 @@ function permissions_sql($owner_id, $remote_observer = null, $table = '') { * Profile owner - everything is visible */ - if(($local_channel) && ($local_channel == $owner_id)) { - $sql = ''; + if (($local_channel) && ($local_channel == $owner_id)) { + return EMPTY_STR; } /** - * Authenticated visitor. Unless pre-verified, - * check that the contact belongs to this $owner_id - * and load the groups the visitor belongs to. - * If pre-verified, the caller is expected to have already - * done this and passed the groups into this function. + * Authenticated visitor. */ else { + $observer = ((! is_null($remote_observer)) ? $remote_observer : get_observer_hash()); - if($observer) { - $groups = init_groups_visitor($observer); - $gs = '<<>>'; // should be impossible to match + if ($observer) { - if(is_array($groups) && count($groups)) { - foreach($groups as $g) - $gs .= '|<' . $g . '>'; + $sec = get_security_ids($owner_id,$observer); + + // always allow the channel owner, even if authenticated as a visitor + + if ($sec['channel_id']) { + foreach ($sec['channel_id'] as $ch) { + if ($observer === $ch) { + return EMPTY_STR; + } + } + } + + if (is_array($sec['allow_cid']) && count($sec['allow_cid'])) { + $ca = []; + foreach ($sec['allow_cid'] as $c) { + $ca[] = '<' . $c . '>'; + } + $cs = implode('|',$ca); } + else { + $cs = '<<>>'; // should be impossible to match + } + + if (is_array($sec['allow_gid']) && count($sec['allow_gid'])) { + $ga = []; + foreach ($sec['allow_gid'] as $g) { + $ga[] = '<' . $g . '>'; + } + $gs = implode('|',$ga); + } + else { + $gs = '<<>>'; // should be impossible to match + } + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND ( NOT ({$table}deny_cid like '%s' OR {$table}deny_gid $regexop '%s') - AND ( {$table}allow_cid like '%s' OR {$table}allow_gid $regexop '%s' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '') ) + " AND ( NOT ({$table}deny_cid regexop '%s' OR {$table}deny_gid $regexop '%s') + AND ( {$table}allow_cid regexop '%s' OR {$table}allow_gid $regexop '%s' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '') ) ) ", - dbesc(protect_sprintf( '%<' . $observer . '>%')), + dbesc($cs), dbesc($gs), - dbesc(protect_sprintf( '%<' . $observer . '>%')), + dbesc($cs), dbesc($gs) ); } @@ -377,6 +403,7 @@ function permissions_sql($owner_id, $remote_observer = null, $table = '') { * * @return string additional SQL where statement */ + function item_permissions_sql($owner_id, $remote_observer = null) { $local_channel = local_channel(); @@ -398,37 +425,59 @@ function item_permissions_sql($owner_id, $remote_observer = null) { } /** - * Authenticated visitor. Unless pre-verified, - * check that the contact belongs to this $owner_id - * and load the groups the visitor belongs to. - * If pre-verified, the caller is expected to have already - * done this and passed the groups into this function. + * Authenticated visitor. */ else { - $observer = (($remote_observer) ? $remote_observer : get_observer_hash()); - if($observer) { + $observer = (($remote_observer) ? $remote_observer : get_observer_hash()); - $s = scopes_sql($owner_id,$observer); + if($observer) { - $groups = init_groups_visitor($observer); + $scope = scopes_sql($owner_id,$observer); + $sec = get_security_ids($owner_id,$observer); - $gs = '<<>>'; // should be impossible to match + // always allow the channel owner, even if authenticated as a visitor - if(is_array($groups) && count($groups)) { - foreach($groups as $g) - $gs .= '|<' . $g . '>'; + if($sec['channel_id']) { + foreach($sec['channel_id'] as $ch) { + if($observer === $ch) { + return EMPTY_STR; + } + } + } + + if (is_array($sec['allow_cid']) && count($sec['allow_cid'])) { + $ca = []; + foreach ($sec['allow_cid'] as $c) { + $ca[] = '<' . $c . '>'; + } + $cs = implode('|',$ca); } + else { + $cs = '<<>>'; // should be impossible to match + } + + if (is_array($sec['allow_gid']) && count($sec['allow_gid'])) { + $ga = []; + foreach ($sec['allow_gid'] as $g) { + $ga[] = '<' . $g . '>'; + } + $gs = implode('|',$ga); + } + else { + $gs = '<<>>'; // should be impossible to match + } + $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') - AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) - ) OR ( item_private = 1 $s )) + " AND (( NOT (deny_cid regexop '%s' OR deny_gid $regexop '%s') + AND ( allow_cid regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) + ) OR ( item_private = 1 $scope )) ", - dbesc(protect_sprintf( '%<' . $observer . '>%')), + dbesc($cs), dbesc($gs), - dbesc(protect_sprintf( '%<' . $observer . '>%')), + dbesc($cs), dbesc($gs) ); } @@ -465,40 +514,57 @@ function scopes_sql($uid,$observer) { } - - - - - /** * @param string $observer_hash * * @return string additional SQL where statement */ + function public_permissions_sql($observer_hash) { - $groups = init_groups_visitor($observer_hash); + $owner_id = 0; - $gs = '<<>>'; // should be impossible to match + if ($observer_hash) { + + $sec = get_security_ids($owner_id,$observer_hash); + + if (is_array($sec['allow_cid']) && count($sec['allow_cid'])) { + $ca = []; + foreach ($sec['allow_cid'] as $c) { + $ca[] = '<' . $c . '>'; + } + $cs = implode('|',$ca); + } + else { + $cs = '<<>>'; // should be impossible to match + } + + if (is_array($sec['allow_gid']) && count($sec['allow_gid'])) { + $ga = []; + foreach ($sec['allow_gid'] as $g) { + $ga[] = '<' . $g . '>'; + } + $gs = implode('|',$ga); + } + else { + $gs = '<<>>'; // should be impossible to match + } - if(is_array($groups) && count($groups)) { - foreach($groups as $g) - $gs .= '|<' . $g . '>'; - } - $sql = ''; - if($observer_hash) { $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " OR (( NOT (deny_cid like '%s' OR deny_gid $regexop '%s') - AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 ) ) - )) + " AND ( NOT (deny_cid regexop '%s' OR deny_gid $regexop '%s') + AND ( allow_cid regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0) ) + ) ", - dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), + dbesc($cs), dbesc($gs), - dbesc(protect_sprintf( '%<' . $observer_hash . '>%')), + dbesc($cs), dbesc($gs) ); } + else { + $sql = EMPTY_STR; + } return $sql; } @@ -510,7 +576,7 @@ function public_permissions_sql($observer_hash) { * In this implementation, a security token is reusable (if the user submits a form, goes back and resubmits the form, maybe with small changes; * or if the security token is used for ajax-calls that happen several times), but only valid for a certain amout of time (3hours). * The "typename" seperates the security tokens of different types of forms. This could be relevant in the following case: - * A security token is used to protekt a link from CSRF (e.g. the "delete this profile"-link). + * A security token is used to protect a link from CSRF (e.g. the "delete this profile"-link). * If the new page contains by any chance external elements, then the used security token is exposed by the referrer. * Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are, * so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types). @@ -587,8 +653,8 @@ function init_groups_visitor($contact_id) { // private profiles are treated as a virtual group $r = q("SELECT abook_profile from abook where abook_xchan in ( " . protect_sprintf($hashes) . " ) and abook_profile != '' "); - if($r) { - foreach($r as $rv) { + if ($r) { + foreach ($r as $rv) { $groups[] = 'vp.' . $rv['abook_profile']; } } @@ -596,8 +662,8 @@ function init_groups_visitor($contact_id) { // physical groups this identity is a member of $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) "); - if($r) { - foreach($r as $rr) + if ($r) { + foreach ($r as $rr) $groups[] = $rr['hash']; } return $groups; @@ -605,6 +671,70 @@ function init_groups_visitor($contact_id) { + +function get_security_ids($channel_id, $ob_hash) { + + $ret = [ + 'channel_id' => [], + 'allow_cid' => [], + 'allow_gid' => [] + ]; + + if($channel_id) { + $ch = q("select channel_hash, portable_id from channel where channel_id = %d", + intval($channel_id) + ); + if($ch) { + $ret['channel_id'][] = $ch[0]['channel_hash']; + $ret['channel_id'][] = $ch[0]['portable_id']; + } + } + + $groups = []; + + $x = q("select * from xchan where xchan_hash = '%s'", + dbesc($ob_hash) + ); + + if ($x) { + + // include xchans for all zot-like networks + + $xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ", + dbesc($ob_hash), + dbesc($x[0]['xchan_guid']), + dbesc($x[0]['xchan_pubkey']) + ); + + if ($xchans) { + $ret['allow_cid'] = ids_to_array($xchans,'xchan_hash'); + $hashes = ids_to_querystr($xchans,'xchan_hash',true); + + // private profiles are treated as a virtual group + + $r = q("SELECT abook_profile from abook where abook_xchan in ( " . protect_sprintf($hashes) . " ) and abook_profile != '' "); + if($r) { + foreach ($r as $rv) { + $groups[] = 'vp.' . $rv['abook_profile']; + } + } + + // physical groups this identity is a member of + + $r = q("SELECT hash FROM pgrp left join pgrp_member on pgrp.id = pgrp_member.gid WHERE xchan in ( " . protect_sprintf($hashes) . " ) "); + if($r) { + foreach ($r as $rv) { + $groups[] = $rv['hash']; + } + } + $ret['allow_gid'] = $groups; + } + } + + return $ret; +} + + // This is used to determine which uid have posts which are visible to the logged in user (from the API) for the // public_timeline, and we can use this in a community page by making // $perms = (PERMS_NETWORK|PERMS_PUBLIC) unless logged in. From 3ec06705caed8459045875d03b8906e72405d6bb Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Tue, 12 Mar 2019 16:12:29 +1100 Subject: [PATCH 25/60] perform zot6 discovery in import_author_xchan --- include/items.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/items.php b/include/items.php index 51aa81017..c6dcd32c6 100755 --- a/include/items.php +++ b/include/items.php @@ -914,6 +914,15 @@ function import_author_xchan($x) { if(array_key_exists('network',$x) && $x['network'] === 'zot') return $y; + // perform zot6 discovery + + if($x['url']) { + $y = discover_by_webbie($x['url'],'zot6'); + if($y) { + return $y; + } + } + if($x['network'] === 'rss') { $y = import_author_rss($x); } From a9172129d2f537eddcd273255895712718fe9543 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 11 Mar 2019 22:17:36 -0700 Subject: [PATCH 26/60] check zot6 in import_author_xchan --- include/items.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/items.php b/include/items.php index 51aa81017..9287c81db 100755 --- a/include/items.php +++ b/include/items.php @@ -914,6 +914,15 @@ function import_author_xchan($x) { if(array_key_exists('network',$x) && $x['network'] === 'zot') return $y; + // perform zot6 discovery + + if($x['url']) { + $y = discover_by_webbie($x['url'],'zot6'); + if($y) { + return $y; + } + } + if($x['network'] === 'rss') { $y = import_author_rss($x); } From 11116bdcb77eb9fc62db92fdf87cf2cc1d8e5708 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 12 Mar 2019 03:40:43 -0700 Subject: [PATCH 27/60] typos --- include/security.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/include/security.php b/include/security.php index b9705a0e4..38cb72263 100644 --- a/include/security.php +++ b/include/security.php @@ -380,8 +380,8 @@ function permissions_sql($owner_id, $remote_observer = null, $table = '') { $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND ( NOT ({$table}deny_cid regexop '%s' OR {$table}deny_gid $regexop '%s') - AND ( {$table}allow_cid regexop '%s' OR {$table}allow_gid $regexop '%s' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '') ) + " AND ( NOT ({$table}deny_cid $regexop '%s' OR {$table}deny_gid $regexop '%s') + AND ( {$table}allow_cid $regexop '%s' OR {$table}allow_gid $regexop '%s' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '') ) ) ", dbesc($cs), @@ -471,8 +471,8 @@ function item_permissions_sql($owner_id, $remote_observer = null) { $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND (( NOT (deny_cid regexop '%s' OR deny_gid $regexop '%s') - AND ( allow_cid regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) + " AND (( NOT (deny_cid $regexop '%s' OR deny_gid $regexop '%s') + AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0 )) ) OR ( item_private = 1 $scope )) ", dbesc($cs), @@ -552,8 +552,8 @@ function public_permissions_sql($observer_hash) { $regexop = db_getfunc('REGEXP'); $sql = sprintf( - " AND ( NOT (deny_cid regexop '%s' OR deny_gid $regexop '%s') - AND ( allow_cid regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0) ) + " AND ( NOT (deny_cid $regexop '%s' OR deny_gid $regexop '%s') + AND ( allow_cid $regexop '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '' AND item_private = 0) ) ) ", dbesc($cs), @@ -681,12 +681,12 @@ function get_security_ids($channel_id, $ob_hash) { ]; if($channel_id) { - $ch = q("select channel_hash, portable_id from channel where channel_id = %d", + $ch = q("select channel_hash, channel_portable_id from channel where channel_id = %d", intval($channel_id) ); if($ch) { $ret['channel_id'][] = $ch[0]['channel_hash']; - $ret['channel_id'][] = $ch[0]['portable_id']; + $ret['channel_id'][] = $ch[0]['channel_portable_id']; } } From 72384ff2cb28afa74f93a15738fdbd95efe1443b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 12 Mar 2019 15:17:25 -0700 Subject: [PATCH 28/60] add owner permission checks to AS item fetch --- Zotlabs/Module/Item.php | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index b247df0fd..980d7308d 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -62,9 +62,44 @@ class Item extends Controller { $sql_extra = item_permissions_sql(0); - $r = q("select * from item where mid = '%s' $item_normal $sql_extra limit 1", - dbesc(z_root() . '/item/' . $item_id) + $r = null; + + + // first see if we have this item owned by the current signer + + $x = q("select * from xchan where xchan_hash = '%s'", + dbesc($sigdata['portable_id']) ); + + if ($x) { + + // include xchans for all zot-like networks - these will have the same guid and public key + + $xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ", + dbesc($sigdata['portable_id']), + dbesc($x[0]['xchan_guid']), + dbesc($x[0]['xchan_pubkey']) + ); + + if ($xchans) { + $hashes = ids_to_querystr($xchans,'xchan_hash',true); + $r = q("select * from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) ", + dbesc(z_root() . '/item/' . $item_id) + ); + } + } + + // then see if we can access it as a visitor + + if (! $r) { + + $r = q("select * from item where mid = '%s' $item_normal $sql_extra limit 1", + dbesc(z_root() . '/item/' . $item_id) + ); + } + + // fetch once more with no extra conditions to see what error condition applies + if(! $r) { From cf5a310286079b22ac3d716c28feae115a59539d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 12 Mar 2019 16:17:34 -0700 Subject: [PATCH 29/60] rework authenticated item fetches (check ACL on the parent, not on the requested item) --- Zotlabs/Module/Item.php | 115 +++++++++++++++++----------------------- 1 file changed, 50 insertions(+), 65 deletions(-) diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 980d7308d..df9a80583 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -40,92 +40,78 @@ class Item extends Controller { function init() { - if(Libzot::is_zot_request()) { + if (Libzot::is_zot_request()) { $conversation = false; $item_id = argv(1); - if(! $item_id) + if (! $item_id) http_status_exit(404, 'Not found'); - $portable_id = EMPTY_STR; + $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + + $i = null; + + // do we have the item (at all)? + + $r = q("select * from item where mid = '%s' $item_normal limit 1", + dbesc(z_root() . '/item/' . $item_id) + ); + + if (! $r) { + http_status_exit(404,'Not found'); + } + + // process an authenticated fetch + $sigdata = HTTPSig::verify(EMPTY_STR); if($sigdata['portable_id'] && $sigdata['header_valid']) { $portable_id = $sigdata['portable_id']; observer_auth($portable_id); + + // first see if we have a copy of this item's parent owned by the current signer + // include xchans for all zot-like networks - these will have the same guid and public key + + $x = q("select * from xchan where xchan_hash = '%s'", + dbesc($sigdata['portable_id']) + ); + + if ($x) { + $xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ", + dbesc($sigdata['portable_id']), + dbesc($x[0]['xchan_guid']), + dbesc($x[0]['xchan_pubkey']) + ); + + if ($xchans) { + $hashes = ids_to_querystr($xchans,'xchan_hash',true); + $i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) ", + dbesc($r[0]['parent_mid']) + ); + } + } } - $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; + // if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access $sql_extra = item_permissions_sql(0); - $r = null; - - - // first see if we have this item owned by the current signer - - $x = q("select * from xchan where xchan_hash = '%s'", - dbesc($sigdata['portable_id']) - ); - - if ($x) { - - // include xchans for all zot-like networks - these will have the same guid and public key - - $xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ", - dbesc($sigdata['portable_id']), - dbesc($x[0]['xchan_guid']), - dbesc($x[0]['xchan_pubkey']) - ); - - if ($xchans) { - $hashes = ids_to_querystr($xchans,'xchan_hash',true); - $r = q("select * from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) ", - dbesc(z_root() . '/item/' . $item_id) - ); - } - } - - // then see if we can access it as a visitor - - if (! $r) { - - $r = q("select * from item where mid = '%s' $item_normal $sql_extra limit 1", - dbesc(z_root() . '/item/' . $item_id) + if (! $i) { + $i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra limit 1", + dbesc($r[0]['parent_mid']) ); } - // fetch once more with no extra conditions to see what error condition applies - - if(! $r) { - - - $r = q("select * from item where mid = '%s' $item_normal limit 1", - dbesc(z_root() . '/item/' . $item_id) - ); - if($r) { - http_status_exit(403, 'Forbidden'); - } - http_status_exit(404, 'Not found'); + if(! $i) { + http_status_exit(403,'Forbidden'); } - - $items = q("select parent as item_id from item where mid = '%s' and uid = %d $item_normal $sql_extra ", - dbesc($r[0]['parent_mid']), - intval($r[0]['uid']) - ); - if(! $items) { - http_status_exit(404, 'Not found'); - } - - $r = $items; - - $parents_str = ids_to_querystr($r,'item_id'); + $parents_str = ids_to_querystr($i,'item_id'); - $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal $sql_extra ", + $items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal ", dbesc($parents_str) ); @@ -133,9 +119,8 @@ class Item extends Controller { http_status_exit(404, 'Not found'); } - $r = $items; - xchan_query($r,true); - $items = fetch_post_tags($r,true); + xchan_query($items,true); + $items = fetch_post_tags($items,true); $observer = App::get_observer(); $parent = $items[0]; From 088a93e023aa23d089dad2a06d61b540d3ea47a1 Mon Sep 17 00:00:00 2001 From: Mike Macgirvin Date: Wed, 13 Mar 2019 13:21:04 +1100 Subject: [PATCH 30/60] limit 1 --- Zotlabs/Module/Item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index df9a80583..c466e7c82 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -88,7 +88,7 @@ class Item extends Controller { if ($xchans) { $hashes = ids_to_querystr($xchans,'xchan_hash',true); - $i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) ", + $i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) limit 1", dbesc($r[0]['parent_mid']) ); } From a3e94855f91c1c66fbd4c9ca5ca77386b944febd Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 13 Mar 2019 17:48:00 +0100 Subject: [PATCH 31/60] add zot6 to clonable networks --- Zotlabs/Module/Connedit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index a587324df..acd7cb769 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -848,7 +848,7 @@ class Connedit extends \Zotlabs\Web\Controller { $locstr = unpunify($contact['xchan_url']); $clone_warn = ''; - $clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false); + $clonable = (in_array($contact['xchan_network'],['zot', 'zot6', 'rss']) ? true : false); if(! $clonable) { $clone_warn = ''; $clone_warn .= ((intval($contact['abook_not_here'])) From a5a5ac60ba626b0d863627e5f0144afbbaeb8e66 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 13 Mar 2019 16:27:52 -0700 Subject: [PATCH 32/60] find unregistered z6 clones on hubzilla sites (does not happen automatically since z6 is not the default protocol on hubzilla). This will need to be pushed to master for the next point release. --- Zotlabs/Daemon/Cron_daily.php | 1 + Zotlabs/Daemon/Poller.php | 1 + include/hubloc.php | 36 +++++++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+) diff --git a/Zotlabs/Daemon/Cron_daily.php b/Zotlabs/Daemon/Cron_daily.php index f0351fcdd..dbfcff439 100644 --- a/Zotlabs/Daemon/Cron_daily.php +++ b/Zotlabs/Daemon/Cron_daily.php @@ -85,6 +85,7 @@ class Cron_daily { Master::Summon(array('Cli_suggest')); remove_obsolete_hublocs(); + z6_discover(); call_hooks('cron_daily',datetime_convert()); diff --git a/Zotlabs/Daemon/Poller.php b/Zotlabs/Daemon/Poller.php index a8cf34ce2..84bf7e923 100644 --- a/Zotlabs/Daemon/Poller.php +++ b/Zotlabs/Daemon/Poller.php @@ -199,6 +199,7 @@ class Poller { set_config('system','lastpoll',datetime_convert()); //All done - clear the lockfile + @unlink($lockfile); return; diff --git a/include/hubloc.php b/include/hubloc.php index b2903b0ee..7cb00f788 100644 --- a/include/hubloc.php +++ b/include/hubloc.php @@ -305,3 +305,39 @@ function ping_site($url) { return $ret; } + + +function z6_discover() { + + // find unregistered zot6 clone hublocs + + $c = q("select channel_hash, portable_id from channel where channel_deleted = 0"); + if ($c) { + foreach ($c as $entry) { + $q1 = q("select * from hubloc left join site on hubloc_url = site_url where hubloc_deleted = 0 and site_dead = 0 and hubloc_hash = '%s' and hubloc_url != '%s'", + dbesc($entry['channel_hash']), + dbesc(z_root()) + ); + if (! $q1) { + // channel has no zot clones + continue; + } + // does this particular server have a zot6 clone registered on our site for this channel? + foreach ($q1 as $q) { + $q2 = q("select * from hubloc left join site on hubloc_url = site_url where hubloc_deleted = 0 and site_dead = 0 and hubloc_hash = '%s' and hubloc_url = '%s'", + dbesc($entry['portable_id']), + dbesc($q['hubloc_url']) + ); + if ($q2) { + continue; + } + // zot6 hubloc not found. + if(strpos($entry['site_project'],'hubzilla') !== false && version_compare($entry['site_version'],'4.0') >= 0) { + // probe and store results - only for zot6 (over-ride the zot default) + discover_by_webbie($entry['hubloc_addr'],'zot6'); + } + } + } + } + +} \ No newline at end of file From 05bcbfa28cafae0febcfb63bd39fdcb249f7def0 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 13 Mar 2019 16:31:37 -0700 Subject: [PATCH 33/60] signature issue for zot6 content imported from zotfeeds to hubzilla --- include/items.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/items.php b/include/items.php index 6bb453bc8..c9c2e2d48 100755 --- a/include/items.php +++ b/include/items.php @@ -763,11 +763,11 @@ function get_item_elements($x,$allow_code = false) { // check the supplied signature against the supplied content. // Note that we will purify the content which could change it. - $r = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", + $r = q("select xchan_pubkey, xchan_network from xchan where xchan_hash = '%s' limit 1", dbesc($arr['author_xchan']) ); if($r) { - if($r[0]['xchan_pubkey']) { + if($r[0]['xchan_pubkey'] && $r[0]['xchan_network'] === 'zot') { if(rsa_verify($x['body'],base64url_decode($arr['sig']),$r[0]['xchan_pubkey'])) { $arr['item_verified'] = 1; } From ebc3666c6f9a14db7efba849c4837d45688f030f Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 15 Mar 2019 02:51:51 +0100 Subject: [PATCH 34/60] Cleanup and fixes --- Zotlabs/Lib/Activity.php | 18 +++++++++-------- Zotlabs/Zot6/HTTPSig.php | 3 ++- Zotlabs/Zot6/Zot6Handler.php | 3 +-- include/account.php | 38 +++++++++++++++++------------------- include/acl_selectors.php | 2 +- include/attach.php | 32 ++++++++++++------------------ include/channel.php | 2 +- include/nav.php | 11 +++++++---- include/taxonomy.php | 2 -- include/text.php | 17 +--------------- include/xchan.php | 1 + 11 files changed, 55 insertions(+), 74 deletions(-) diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 9aaf6d866..e5a8e0075 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -2,6 +2,7 @@ namespace Zotlabs\Lib; +use Zotlabs\Daemon\Master; use Zotlabs\Zot6\HTTPSig; class Activity { @@ -868,7 +869,7 @@ class Activity { // Send an Accept back to them set_abconfig($channel['channel_id'],$person_obj['id'],'pubcrawl','their_follow_id', $their_follow_id); - \Zotlabs\Daemon\Master::Summon([ 'Notifier', 'permissions_accept', $contact['abook_id'] ]); + Master::Summon([ 'Notifier', 'permissions_accept', $contact['abook_id'] ]); return; case 'Accept': @@ -969,9 +970,9 @@ class Activity { if($my_perms && $automatic) { // send an Accept for this Follow activity - \Zotlabs\Daemon\Master::Summon([ 'Notifier', 'permissions_accept', $new_connection[0]['abook_id'] ]); + Master::Summon([ 'Notifier', 'permissions_accept', $new_connection[0]['abook_id'] ]); // Send back a Follow notification to them - \Zotlabs\Daemon\Master::Summon([ 'Notifier', 'permissions_create', $new_connection[0]['abook_id'] ]); + Master::Summon([ 'Notifier', 'permissions_create', $new_connection[0]['abook_id'] ]); } $clone = array(); @@ -1162,7 +1163,7 @@ class Activity { $photos = import_xchan_photo($icon,$url); $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", - dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])), + dbescdate(datetime_convert('UTC','UTC',$photos[5])), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), @@ -1406,7 +1407,7 @@ class Activity { if($parent) { if($s['owner_xchan'] === $channel['channel_hash']) { // We are the owner of this conversation, so send all received comments back downstream - Zotlabs\Daemon\Master::Summon(array('Notifier','comment-import',$x['item_id'])); + Master::Summon(array('Notifier','comment-import',$x['item_id'])); } $r = q("select * from item where id = %d limit 1", intval($x['item_id']) @@ -1790,7 +1791,7 @@ class Activity { $s['item_private'] = 1; set_iconfig($s,'activitypub','recips',$act->raw_recips); - + // @FIXME: $parent is not defined if($parent) { set_iconfig($s,'activitypub','rawmsg',$act->raw,1); } @@ -1921,10 +1922,11 @@ class Activity { if(is_array($x) && $x['item_id']) { + // @FIXME: $parent is not defined if($parent) { if($s['owner_xchan'] === $channel['channel_hash']) { // We are the owner of this conversation, so send all received comments back downstream - Zotlabs\Daemon\Master::Summon(array('Notifier','comment-import',$x['item_id'])); + Master::Summon(array('Notifier','comment-import',$x['item_id'])); } $r = q("select * from item where id = %d limit 1", intval($x['item_id']) @@ -2060,7 +2062,7 @@ class Activity { if($result['success']) { // if the message isn't already being relayed, notify others if(intval($parent_item['item_origin'])) - Zotlabs\Daemon\Master::Summon(array('Notifier','comment-import',$result['item_id'])); + Master::Summon(array('Notifier','comment-import',$result['item_id'])); sync_an_item($channel['channel_id'],$result['item_id']); } diff --git a/Zotlabs/Zot6/HTTPSig.php b/Zotlabs/Zot6/HTTPSig.php index 72785b1e9..d3a09b858 100644 --- a/Zotlabs/Zot6/HTTPSig.php +++ b/Zotlabs/Zot6/HTTPSig.php @@ -5,6 +5,7 @@ namespace Zotlabs\Zot6; use Zotlabs\Lib\ActivityStreams; use Zotlabs\Lib\Webfinger; use Zotlabs\Web\HTTPHeaders; +use Zotlabs\Lib\Libzot; /** * @brief Implements HTTP Signatures per draft-cavage-http-signatures-10. @@ -324,7 +325,7 @@ class HTTPSig { if($l['rel'] === 'http://purl.org/zot/protocol/6.0' && array_key_exists('href',$l) && $l['href'] !== EMPTY_STR) { $z = \Zotlabs\Lib\Zotfinger::exec($l['href']); if($z) { - $i = Zotlabs\Lib\Libzot::import_xchan($z['data']); + $i = Libzot::import_xchan($z['data']); if($i['success']) { $key['portable_id'] = $i['hash']; diff --git a/Zotlabs/Zot6/Zot6Handler.php b/Zotlabs/Zot6/Zot6Handler.php index 8f8957037..37ce11980 100644 --- a/Zotlabs/Zot6/Zot6Handler.php +++ b/Zotlabs/Zot6/Zot6Handler.php @@ -151,8 +151,7 @@ class Zot6Handler implements IHandler { /* * fetch the requested conversation */ - /// @FIXME $sender_hash is undefined - $messages = zot_feed($c[0]['channel_id'],$sender_hash, [ 'message_id' => $data['message_id'], 'encoding' => 'activitystreams' ]); + $messages = zot_feed($c[0]['channel_id'], $sender, [ 'message_id' => $data['message_id'], 'encoding' => 'activitystreams' ]); return (($messages) ? : [] ); } diff --git a/include/account.php b/include/account.php index 2ab99ce19..5f0c8737f 100644 --- a/include/account.php +++ b/include/account.php @@ -142,12 +142,10 @@ function create_account($arr) { $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); $password = ((x($arr,'password')) ? trim($arr['password']) : ''); - $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); $parent = ((x($arr,'parent')) ? intval($arr['parent']) : 0 ); $flags = ((x($arr,'account_flags')) ? intval($arr['account_flags']) : ACCOUNT_OK); $roles = ((x($arr,'account_roles')) ? intval($arr['account_roles']) : 0 ); $expires = ((x($arr,'expires')) ? intval($arr['expires']) : NULL_DATE); - $techlevel = ((array_key_exists('techlevel',$arr)) ? intval($arr['techlevel']) : intval(get_config('system','techlevel'))); $default_service_class = get_config('system','default_service_class'); @@ -264,9 +262,8 @@ function create_account($arr) { function verify_email_address($arr) { if(array_key_exists('resend',$arr)) { - $email = $arr['email']; $a = q("select * from account where account_email = '%s' limit 1", - dbesc($arr['email']) + dbesc($arr['email']) ); if(! ($a && ($a[0]['account_flags'] & ACCOUNT_UNVERIFIED))) { return false; @@ -285,7 +282,7 @@ function verify_email_address($arr) { else { $hash = random_string(24); - $r = q("INSERT INTO register ( hash, created, uid, password, lang ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ", + q("INSERT INTO register ( hash, created, uid, password, lang ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ", dbesc($hash), dbesc(datetime_convert()), intval($arr['account']['account_id']), @@ -304,7 +301,7 @@ function verify_email_address($arr) { '$email' => $arr['email'], '$uid' => $account['account_id'], '$hash' => $hash, - '$details' => $details + '$details' => '' ] ); @@ -318,9 +315,7 @@ function verify_email_address($arr) { pop_lang(); - if($res) - $delivered ++; - else + if(! $res) logger('send_reg_approval_email: failed to account_id: ' . $arr['account']['account_id']); return $res; @@ -442,16 +437,17 @@ function account_allow($hash) { if(! $account) return $ret; - $r = q("DELETE FROM register WHERE hash = '%s'", + q("DELETE FROM register WHERE hash = '%s'", dbesc($register[0]['hash']) ); - $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", + q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", + + q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']) @@ -516,11 +512,11 @@ function account_deny($hash) { if(! $account) return false; - $r = q("DELETE FROM account WHERE account_id = %d", + q("DELETE FROM account WHERE account_id = %d", intval($register[0]['uid']) ); - $r = q("DELETE FROM register WHERE id = %d", + q("DELETE FROM register WHERE id = %d", dbesc($register[0]['id']) ); notice( sprintf(t('Registration revoked for %s'), $account[0]['account_email']) . EOL); @@ -551,21 +547,23 @@ function account_approve($hash) { if(! $account) return $ret; - $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify'", + q("DELETE FROM register WHERE hash = '%s' and password = 'verify'", dbesc($register[0]['hash']) ); - $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", + q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", + + q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", + + q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED), intval($register[0]['uid']) @@ -620,7 +618,7 @@ function downgrade_accounts() { foreach($r as $rr) { if(($basic) && ($rr['account_service_class']) && ($rr['account_service_class'] != $basic)) { - $x = q("UPDATE account set account_service_class = '%s', account_expires = '%s' + q("UPDATE account set account_service_class = '%s', account_expires = '%s' where account_id = %d", dbesc($basic), dbesc(NULL_DATE), @@ -631,7 +629,7 @@ function downgrade_accounts() { logger('downgrade_accounts: Account id ' . $rr['account_id'] . ' downgraded.'); } else { - $x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d", + q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d", intval(ACCOUNT_EXPIRED), intval($rr['account_id']) ); diff --git a/include/acl_selectors.php b/include/acl_selectors.php index c7a87afee..35e385058 100644 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -84,7 +84,7 @@ function populate_acl($defaults = null,$show_jotnets = true, $emptyACL_descripti ); if($r) { foreach($r as $rv) { - $selected = (($single_group && 'vp.' . $rr['hash'] === $allow_gid[0]) ? ' selected = "selected" ' : ''); + $selected = (($single_group && 'vp.' . $rv['profile_guid'] === $allow_gid[0]) ? ' selected = "selected" ' : ''); $groups .= '' . "\r\n"; } } diff --git a/include/attach.php b/include/attach.php index 17a47d9ac..f6594b154 100644 --- a/include/attach.php +++ b/include/attach.php @@ -321,7 +321,6 @@ function attach_can_view_folder($uid,$ob_hash,$folder_hash) { $sql_extra = permissions_sql($uid,$ob_hash); $hash = $folder_hash; - $result = false; if(! $folder_hash) { return perm_is_allowed($uid,$ob_hash,'view_storage'); @@ -352,7 +351,7 @@ function attach_can_view_folder($uid,$ob_hash,$folder_hash) { * @param string $hash * @param string $observer_hash * @param int $rev (optional) revision default 0 - * @return associative array with everything except data + * @return array (associative) with everything except data * * \e boolean \b success boolean true or false * * \e string \b message (optional) only when success is false * * \e array \b data array of attach DB entry without data component @@ -1224,7 +1223,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { $ret['success'] = true; // update the parent folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", + q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($created), dbesc($arr['folder']), intval($channel_id) @@ -1270,8 +1269,6 @@ function attach_mkdirp($channel, $observer_hash, $arr = null) { $ret = array('success' => false); $channel_id = $channel['channel_id']; - $sql_options = ''; - $basepath = 'store/' . $channel['channel_address']; logger('basepath: ' . $basepath); @@ -1374,7 +1371,7 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi } } - $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d", + q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d", dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), @@ -1383,7 +1380,7 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi intval($channel_id) ); if($r[0]['is_photo']) { - $x = q("update photo set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where resource_id = '%s' and uid = %d", + q("update photo set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where resource_id = '%s' and uid = %d", dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), @@ -1482,7 +1479,7 @@ function attach_delete($channel_id, $resource, $is_photo = 0) { } // delete from database - $z = q("DELETE FROM attach WHERE hash = '%s' AND uid = %d", + q("DELETE FROM attach WHERE hash = '%s' AND uid = %d", dbesc($resource), intval($channel_id) ); @@ -1493,7 +1490,7 @@ function attach_delete($channel_id, $resource, $is_photo = 0) { // update the parent folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", + q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc(datetime_convert()), dbesc($r[0]['folder']), intval($channel_id) @@ -1815,7 +1812,7 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $u_jsonobject = json_encode($object); //we have got the relevant info - delete the old item before we create the new one - $z = q("DELETE FROM item WHERE obj_type = '%s' AND verb = '%s' AND mid = '%s'", + q("DELETE FROM item WHERE obj_type = '%s' AND verb = '%s' AND mid = '%s'", dbesc(ACTIVITY_OBJ_FILE), dbesc(ACTIVITY_POST), dbesc($y[0]['mid']) @@ -1946,7 +1943,6 @@ function attach_recursive_perms($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $ $ret = array(); $parent_arr = array(); $count_values = array(); - $poster = App::get_observer(); //lookup all channels in sharee group and add them to sharee $arr_allow_cid if($arr_allow_gid) { @@ -2351,7 +2347,6 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { if(! $n) return false; - $newdirname = $n[0]['filename']; $newalbumname = $n[0]['display_path']; $newstorepath = dbunescbin($n[0]['content']) . '/' . $resource_id; } @@ -2359,7 +2354,6 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { // root directory - $newdirname = EMPTY_STR; $newalbumname = EMPTY_STR; $newstorepath = 'store/' . $c['channel_address'] . '/' . $resource_id; } @@ -2428,7 +2422,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { } } - $t = q("update attach set content = '%s', folder = '%s', filename = '%s' where id = %d", + q("update attach set content = '%s', folder = '%s', filename = '%s' where id = %d", dbescbin($newstorepath), dbesc($new_folder_hash), dbesc($filename), @@ -2438,7 +2432,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { $x = attach_syspaths($channel_id,$resource_id); - $t1 = q("update attach set os_path = '%s', display_path = '%s' where id = %d", + q("update attach set os_path = '%s', display_path = '%s' where id = %d", dbesc($x['os_path']), dbesc($x['path']), intval($r[0]['id']) @@ -2446,7 +2440,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { if($r[0]['is_photo']) { - $t = q("update photo set album = '%s', filename = '%s', os_path = '%s', display_path = '%s' + q("update photo set album = '%s', filename = '%s', os_path = '%s', display_path = '%s' where resource_id = '%s' and uid = %d", dbesc($newalbumname), dbesc($filename), @@ -2456,7 +2450,7 @@ function attach_move($channel_id, $resource_id, $new_folder_hash) { intval($channel_id) ); - $t = q("update photo set content = '%s' where resource_id = '%s' and uid = %d and imgscale = 0", + q("update photo set content = '%s' where resource_id = '%s' and uid = %d and imgscale = 0", dbescbin($newstorepath), dbesc($resource_id), intval($channel_id) @@ -2587,12 +2581,12 @@ function attach_upgrade() { foreach($r as $rv) { $x = attach_syspaths($rv['uid'],$rv['hash']); if($x) { - $w = q("update attach set os_path = '%s', display_path = '%s' where id = %d", + q("update attach set os_path = '%s', display_path = '%s' where id = %d", dbesc($x['os_path']), dbesc($x['path']), intval($rv['id']) ); - $y = q("update photo set os_path = '%s', display_path = '%s' where uid = %d and resource_id = '%s'", + q("update photo set os_path = '%s', display_path = '%s' where uid = %d and resource_id = '%s'", dbesc($x['os_path']), dbesc($x['path']), intval($rv['uid']), diff --git a/include/channel.php b/include/channel.php index f705ba4d2..7646de151 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1439,7 +1439,7 @@ function profile_edit_menu($uid) { * @param boolean $show_connect (optional) default true * @param mixed $zcard (optional) default false * - * @return HTML string suitable for sidebar inclusion + * @return string (HTML) suitable for sidebar inclusion * Exceptions: Returns empty string if passed $profile is wrong type or not populated */ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = false) { diff --git a/include/nav.php b/include/nav.php index 58e13dd93..9baadc9b2 100644 --- a/include/nav.php +++ b/include/nav.php @@ -42,6 +42,10 @@ function nav($template = 'default') { require_once('include/conversation.php'); + $nav_apps = []; + $navbar_apps = []; + $channel_apps = []; + $channel_apps[] = channel_apps($is_owner, App::$profile['channel_address']); @@ -378,16 +382,15 @@ function channel_apps($is_owner = false, $nickname = null) { if(App::$is_sys) return ''; - if(! get_pconfig($uid, 'system', 'channelapps','1')) - return ''; - $channel = App::get_channel(); if($channel && is_null($nickname)) $nickname = $channel['channel_address']; $uid = ((App::$profile['profile_uid']) ? App::$profile['profile_uid'] : local_channel()); - $account_id = ((App::$profile['profile_uid']) ? App::$profile['channel_account_id'] : App::$channel['channel_account_id']); + + if(! get_pconfig($uid, 'system', 'channelapps','1')) + return; if($uid == local_channel()) { return; diff --git a/include/taxonomy.php b/include/taxonomy.php index 46d95458c..b0304de5b 100644 --- a/include/taxonomy.php +++ b/include/taxonomy.php @@ -543,8 +543,6 @@ function article_catblock($uid,$count = 0,$authors = '',$owner = '', $flags = 0, function dir_tagblock($link,$r) { $o = ''; - $observer = get_observer_hash(); - if(! $r) $r = App::$data['directory_keywords']; diff --git a/include/text.php b/include/text.php index ec3eb7b10..41603f6e4 100644 --- a/include/text.php +++ b/include/text.php @@ -20,7 +20,7 @@ define('RANDOM_STRING_TEXT', 0x01 ); /** * @brief This is our template processor. * - * @param string|SmartyEngine $s the string requiring macro substitution, + * @param string SmartyEngine $s the string requiring macro substitution, * or an instance of SmartyEngine * @param array $r key value pairs (search => replace) * @@ -2550,15 +2550,6 @@ function design_tools() { */ function website_portation_tools() { - $channel = App::get_channel(); - $sys = false; - - if(App::$is_sys && is_site_admin()) { - require_once('include/channel.php'); - $channel = get_sys_channel(); - $sys = true; - } - return replace_macros(get_markup_template('website_portation_tools.tpl'), [ '$title' => t('Import'), '$import_label' => t('Import website...'), @@ -2726,7 +2717,6 @@ function handle_tag(&$body, &$str_tags, $profile_uid, $tag, $in_network = true) $name = substr($tag,(($exclusive) ? 2 : 1)); $newname = $name; // make a copy that we can mess with - $tagcid = 0; $r = null; @@ -2785,14 +2775,9 @@ function handle_tag(&$body, &$str_tags, $profile_uid, $tag, $in_network = true) } - - - - $fn_results = []; $access_tag = EMPTY_STR; - // $r is set if we found something if($r) { diff --git a/include/xchan.php b/include/xchan.php index 4cbfb42c5..4fcdf9fce 100644 --- a/include/xchan.php +++ b/include/xchan.php @@ -1,6 +1,7 @@ Date: Thu, 14 Mar 2019 21:18:17 -0700 Subject: [PATCH 35/60] email_header_encode() producing lines of illegal length because header field length was not considered in length calculation. --- include/network.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/network.php b/include/network.php index 12f2ad4e9..3e8134a32 100644 --- a/include/network.php +++ b/include/network.php @@ -874,13 +874,16 @@ function xml2array($contents, $namespaces = true, $get_attributes=1, $priority = } -function email_header_encode($in_str, $charset = 'UTF-8') { +function email_header_encode($in_str, $charset = 'UTF-8', $header = 'Subject') { + + $out_str = $in_str; $need_to_convert = false; for($x = 0; $x < strlen($in_str); $x ++) { if((ord($in_str[$x]) == 0) || ((ord($in_str[$x]) > 128))) { $need_to_convert = true; + break; } } @@ -896,7 +899,7 @@ function email_header_encode($in_str, $charset = 'UTF-8') { // determine length of encoded text within chunks // and ensure length is even - $length = 75 - strlen($start) - strlen($end); + $length = 75 - strlen($start) - strlen($end) - (strlen($header) + 2); /* [EDIT BY danbrown AT php DOT net: The following From 769dd174bd3d87fd3494537b4f9429454654584b Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Fri, 15 Mar 2019 23:10:17 +0100 Subject: [PATCH 36/60] fix dreport redeliver --- Zotlabs/Module/Dreport.php | 15 +++++++++------ view/tpl/dreport.tpl | 8 ++++---- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index 2c125b7a9..1538ea278 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -16,17 +16,20 @@ class Dreport extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $mid = ((argc() > 1) ? argv(1) : ''); + $encoded_mid = ''; - if(strpos($mid,'b64.') === 0) + if(strpos($mid,'b64.') === 0) { + $encoded_mid = $mid; $mid = @base64url_decode(substr($mid,4)); - - + } if($mid === 'push') { $table = 'push'; $mid = ((argc() > 2) ? argv(2) : ''); - if(strpos($mid,'b64.') === 0) + if(strpos($mid,'b64.') === 0) { + $encoded_mid = $mid; $mid = @base64url_decode(substr($mid,4)); + } if($mid) { $i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ", @@ -40,7 +43,7 @@ class Dreport extends \Zotlabs\Web\Controller { } } sleep(3); - goaway(z_root() . '/dreport/' . urlencode($mid)); + goaway(z_root() . '/dreport/' . (($encoded_mid) ? $encoded_mid : $mid)); } if($mid === 'mail') { @@ -158,7 +161,7 @@ class Dreport extends \Zotlabs\Web\Controller { $o = replace_macros(get_markup_template('dreport.tpl'), array( '$title' => sprintf( t('Delivery report for %1$s'),basename($mid)) . '...', '$table' => $table, - '$mid' => urlencode($mid), + '$mid' => (($encoded_mid) ? $encoded_mid : $mid), '$options' => t('Options'), '$push' => t('Redeliver'), '$entries' => $entries diff --git a/view/tpl/dreport.tpl b/view/tpl/dreport.tpl index 1f5915609..a6b05b326 100644 --- a/view/tpl/dreport.tpl +++ b/view/tpl/dreport.tpl @@ -3,11 +3,11 @@ {{if $table == 'item'}}
- +
+ {{$push}} +
{{/if}}

{{$title}}

From 3c701e780c31a497c8c81ad0a66221e90b6078a4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 16 Mar 2019 15:23:17 -0700 Subject: [PATCH 37/60] use the php_eol constant for encoded subjects --- Zotlabs/Module/Dreport.php | 1 + include/network.php | 2 +- view/tpl/dreport.tpl | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index 2c125b7a9..e45f49d7c 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -159,6 +159,7 @@ class Dreport extends \Zotlabs\Web\Controller { '$title' => sprintf( t('Delivery report for %1$s'),basename($mid)) . '...', '$table' => $table, '$mid' => urlencode($mid), + '$safe_mid' => urlencode(gen_link_id($mid)), '$options' => t('Options'), '$push' => t('Redeliver'), '$entries' => $entries diff --git a/include/network.php b/include/network.php index 3e8134a32..4ef976df0 100644 --- a/include/network.php +++ b/include/network.php @@ -895,7 +895,7 @@ function email_header_encode($in_str, $charset = 'UTF-8', $header = 'Subject') { // define start delimimter, end delimiter and spacer $end = "?="; $start = "=?" . $charset . "?B?"; - $spacer = $end . "\r\n " . $start; + $spacer = $end . PHP_EOL . " " . $start; // determine length of encoded text within chunks // and ensure length is even diff --git a/view/tpl/dreport.tpl b/view/tpl/dreport.tpl index 1f5915609..8e52f33bc 100644 --- a/view/tpl/dreport.tpl +++ b/view/tpl/dreport.tpl @@ -6,7 +6,7 @@ {{/if}} From a976f418e35a8f4651441a952c8f4c037cb8d2f9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 16 Mar 2019 15:28:21 -0700 Subject: [PATCH 38/60] use php_eol for all mail header generation --- Zotlabs/Lib/Enotify.php | 24 ++++++++++++------------ include/network.php | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php index 5e5798cac..a7082f45a 100644 --- a/Zotlabs/Lib/Enotify.php +++ b/Zotlabs/Lib/Enotify.php @@ -754,9 +754,9 @@ class Enotify { // generate a multipart/alternative message header $messageHeader = $params['additionalMailHeader'] . - "From: $fromName <{$params['fromEmail']}>\n" . - "Reply-To: $fromName <{$params['replyTo']}>\n" . - "MIME-Version: 1.0\n" . + "From: $fromName <{$params['fromEmail']}>" . PHP_EOL . + "Reply-To: $fromName <{$params['replyTo']}>" . PHP_EOL . + "MIME-Version: 1.0" . PHP_EOL . "Content-Type: multipart/alternative; boundary=\"{$mimeBoundary}\""; // assemble the final multipart message body with the text and html types included @@ -764,15 +764,15 @@ class Enotify { $htmlBody = chunk_split(base64_encode($params['htmlVersion'])); $multipartMessageBody = - "--" . $mimeBoundary . "\n" . // plain text section - "Content-Type: text/plain; charset=UTF-8\n" . - "Content-Transfer-Encoding: base64\n\n" . - $textBody . "\n" . - "--" . $mimeBoundary . "\n" . // text/html section - "Content-Type: text/html; charset=UTF-8\n" . - "Content-Transfer-Encoding: base64\n\n" . - $htmlBody . "\n" . - "--" . $mimeBoundary . "--\n"; // message ending + "--" . $mimeBoundary . PHP_EOL . // plain text section + "Content-Type: text/plain; charset=UTF-8" . PHP_EOL . + "Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL . + $textBody . PHP_EOL . + "--" . $mimeBoundary . PHP_EOL . // text/html section + "Content-Type: text/html; charset=UTF-8" . PHP_EOL . + "Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL . + $htmlBody . PHP_EOL . + "--" . $mimeBoundary . "--" . PHP_EOL; // message ending // send the message $res = mail( diff --git a/include/network.php b/include/network.php index 4ef976df0..c754625cd 100644 --- a/include/network.php +++ b/include/network.php @@ -1799,8 +1799,8 @@ function z_mail($params) { $messageHeader = $params['additionalMailHeader'] . - "From: $fromName <{$params['fromEmail']}>\n" . - "Reply-To: $fromName <{$params['replyTo']}>\n" . + "From: $fromName <{$params['fromEmail']}>" . PHP_EOL . + "Reply-To: $fromName <{$params['replyTo']}>" . PHP_EOL . "Content-Type: text/plain; charset=UTF-8"; // send the message From e123f7c743f2f13a25f2dd1e4fa3e0409faf7cad Mon Sep 17 00:00:00 2001 From: Mario Date: Sun, 17 Mar 2019 21:42:14 +0100 Subject: [PATCH 39/60] add phpmd and phpcs to require-dev --- composer.json | 4 +- composer.lock | 159 +++++++++++++++++++++++++- vendor/composer/autoload_classmap.php | 5 + vendor/composer/autoload_static.php | 5 + 4 files changed, 171 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index e6cefa241..cb14083f0 100644 --- a/composer.json +++ b/composer.json @@ -49,7 +49,9 @@ "behat/mink-extension": "@stable", "behat/mink-goutte-driver": "@stable", "php-mock/php-mock-phpunit": "@stable", - "phpunit/dbunit": "@stable" + "phpunit/dbunit": "@stable", + "phpmd/phpmd": "^2.6", + "squizlabs/php_codesniffer": "*" }, "autoload" : { "psr-4" : { diff --git a/composer.lock b/composer.lock index c4fba0975..2631b8dac 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "fe5e71d7076eeddf1c174be4a5c052dd", + "content-hash": "8da1fe9aabe6c20d116a21f63fff8ac2", "packages": [ { "name": "blueimp/jquery-file-upload", @@ -2038,6 +2038,46 @@ ], "time": "2018-06-11T23:09:50+00:00" }, + { + "name": "pdepend/pdepend", + "version": "2.5.2", + "source": { + "type": "git", + "url": "https://github.com/pdepend/pdepend.git", + "reference": "9daf26d0368d4a12bed1cacae1a9f3a6f0adf239" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/pdepend/pdepend/zipball/9daf26d0368d4a12bed1cacae1a9f3a6f0adf239", + "reference": "9daf26d0368d4a12bed1cacae1a9f3a6f0adf239", + "shasum": "" + }, + "require": { + "php": ">=5.3.7", + "symfony/config": "^2.3.0|^3|^4", + "symfony/dependency-injection": "^2.3.0|^3|^4", + "symfony/filesystem": "^2.3.0|^3|^4" + }, + "require-dev": { + "phpunit/phpunit": "^4.8|^5.7", + "squizlabs/php_codesniffer": "^2.0.0" + }, + "bin": [ + "src/bin/pdepend" + ], + "type": "library", + "autoload": { + "psr-4": { + "PDepend\\": "src/main/php/PDepend" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "description": "Official version of pdepend to be handled with Composer", + "time": "2017-12-13T13:21:38+00:00" + }, { "name": "phar-io/manifest", "version": "1.0.3", @@ -2460,6 +2500,72 @@ ], "time": "2017-07-14T14:27:02+00:00" }, + { + "name": "phpmd/phpmd", + "version": "2.6.0", + "source": { + "type": "git", + "url": "https://github.com/phpmd/phpmd.git", + "reference": "4e9924b2c157a3eb64395460fcf56b31badc8374" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/phpmd/phpmd/zipball/4e9924b2c157a3eb64395460fcf56b31badc8374", + "reference": "4e9924b2c157a3eb64395460fcf56b31badc8374", + "shasum": "" + }, + "require": { + "ext-xml": "*", + "pdepend/pdepend": "^2.5", + "php": ">=5.3.9" + }, + "require-dev": { + "phpunit/phpunit": "^4.0", + "squizlabs/php_codesniffer": "^2.0" + }, + "bin": [ + "src/bin/phpmd" + ], + "type": "project", + "autoload": { + "psr-0": { + "PHPMD\\": "src/main/php" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Manuel Pichler", + "email": "github@manuel-pichler.de", + "homepage": "https://github.com/manuelpichler", + "role": "Project Founder" + }, + { + "name": "Other contributors", + "homepage": "https://github.com/phpmd/phpmd/graphs/contributors", + "role": "Contributors" + }, + { + "name": "Marc Würth", + "email": "ravage@bluewin.ch", + "homepage": "https://github.com/ravage84", + "role": "Project Maintainer" + } + ], + "description": "PHPMD is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD.", + "homepage": "http://phpmd.org/", + "keywords": [ + "mess detection", + "mess detector", + "pdepend", + "phpmd", + "pmd" + ], + "time": "2017-01-20T14:41:10+00:00" + }, { "name": "phpspec/prophecy", "version": "1.8.0", @@ -3614,6 +3720,57 @@ "homepage": "https://github.com/sebastianbergmann/version", "time": "2016-10-03T07:35:21+00:00" }, + { + "name": "squizlabs/php_codesniffer", + "version": "3.4.0", + "source": { + "type": "git", + "url": "https://github.com/squizlabs/PHP_CodeSniffer.git", + "reference": "379deb987e26c7cd103a7b387aea178baec96e48" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/squizlabs/PHP_CodeSniffer/zipball/379deb987e26c7cd103a7b387aea178baec96e48", + "reference": "379deb987e26c7cd103a7b387aea178baec96e48", + "shasum": "" + }, + "require": { + "ext-simplexml": "*", + "ext-tokenizer": "*", + "ext-xmlwriter": "*", + "php": ">=5.4.0" + }, + "require-dev": { + "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0" + }, + "bin": [ + "bin/phpcs", + "bin/phpcbf" + ], + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.x-dev" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Greg Sherwood", + "role": "lead" + } + ], + "description": "PHP_CodeSniffer tokenizes PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.", + "homepage": "http://www.squizlabs.com/php-codesniffer", + "keywords": [ + "phpcs", + "standards" + ], + "time": "2018-12-19T23:57:18+00:00" + }, { "name": "symfony/browser-kit", "version": "v4.2.1", diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php index de9c63bdc..64d0c0cfb 100644 --- a/vendor/composer/autoload_classmap.php +++ b/vendor/composer/autoload_classmap.php @@ -380,6 +380,9 @@ return array( 'Psr\\Log\\LoggerInterface' => $vendorDir . '/psr/log/Psr/Log/LoggerInterface.php', 'Psr\\Log\\LoggerTrait' => $vendorDir . '/psr/log/Psr/Log/LoggerTrait.php', 'Psr\\Log\\NullLogger' => $vendorDir . '/psr/log/Psr/Log/NullLogger.php', + 'Psr\\Log\\Test\\DummyTest' => $vendorDir . '/psr/log/Psr/Log/Test/LoggerInterfaceTest.php', + 'Psr\\Log\\Test\\LoggerInterfaceTest' => $vendorDir . '/psr/log/Psr/Log/Test/LoggerInterfaceTest.php', + 'Psr\\Log\\Test\\TestLogger' => $vendorDir . '/psr/log/Psr/Log/Test/TestLogger.php', 'Ramsey\\Uuid\\BinaryUtils' => $vendorDir . '/ramsey/uuid/src/BinaryUtils.php', 'Ramsey\\Uuid\\Builder\\DefaultUuidBuilder' => $vendorDir . '/ramsey/uuid/src/Builder/DefaultUuidBuilder.php', 'Ramsey\\Uuid\\Builder\\DegradedUuidBuilder' => $vendorDir . '/ramsey/uuid/src/Builder/DegradedUuidBuilder.php', @@ -882,6 +885,7 @@ return array( 'Zotlabs\\Lib\\Verify' => $baseDir . '/Zotlabs/Lib/Verify.php', 'Zotlabs\\Lib\\Webfinger' => $baseDir . '/Zotlabs/Lib/Webfinger.php', 'Zotlabs\\Lib\\XConfig' => $baseDir . '/Zotlabs/Lib/XConfig.php', + 'Zotlabs\\Lib\\ZotURL' => $baseDir . '/Zotlabs/Lib/ZotURL.php', 'Zotlabs\\Lib\\Zotfinger' => $baseDir . '/Zotlabs/Lib/Zotfinger.php', 'Zotlabs\\Module\\Achievements' => $baseDir . '/Zotlabs/Module/Achievements.php', 'Zotlabs\\Module\\Acl' => $baseDir . '/Zotlabs/Module/Acl.php', @@ -961,6 +965,7 @@ return array( 'Zotlabs\\Module\\Home' => $baseDir . '/Zotlabs/Module/Home.php', 'Zotlabs\\Module\\Hostxrd' => $baseDir . '/Zotlabs/Module/Hostxrd.php', 'Zotlabs\\Module\\Hq' => $baseDir . '/Zotlabs/Module/Hq.php', + 'Zotlabs\\Module\\Id' => $baseDir . '/Zotlabs/Module/Id.php', 'Zotlabs\\Module\\Impel' => $baseDir . '/Zotlabs/Module/Impel.php', 'Zotlabs\\Module\\Import' => $baseDir . '/Zotlabs/Module/Import.php', 'Zotlabs\\Module\\Import_items' => $baseDir . '/Zotlabs/Module/Import_items.php', diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php index d4daa13e6..0c60181b1 100644 --- a/vendor/composer/autoload_static.php +++ b/vendor/composer/autoload_static.php @@ -548,6 +548,9 @@ class ComposerStaticInit7b34d7e50a62201ec5d5e526a5b8b35d 'Psr\\Log\\LoggerInterface' => __DIR__ . '/..' . '/psr/log/Psr/Log/LoggerInterface.php', 'Psr\\Log\\LoggerTrait' => __DIR__ . '/..' . '/psr/log/Psr/Log/LoggerTrait.php', 'Psr\\Log\\NullLogger' => __DIR__ . '/..' . '/psr/log/Psr/Log/NullLogger.php', + 'Psr\\Log\\Test\\DummyTest' => __DIR__ . '/..' . '/psr/log/Psr/Log/Test/LoggerInterfaceTest.php', + 'Psr\\Log\\Test\\LoggerInterfaceTest' => __DIR__ . '/..' . '/psr/log/Psr/Log/Test/LoggerInterfaceTest.php', + 'Psr\\Log\\Test\\TestLogger' => __DIR__ . '/..' . '/psr/log/Psr/Log/Test/TestLogger.php', 'Ramsey\\Uuid\\BinaryUtils' => __DIR__ . '/..' . '/ramsey/uuid/src/BinaryUtils.php', 'Ramsey\\Uuid\\Builder\\DefaultUuidBuilder' => __DIR__ . '/..' . '/ramsey/uuid/src/Builder/DefaultUuidBuilder.php', 'Ramsey\\Uuid\\Builder\\DegradedUuidBuilder' => __DIR__ . '/..' . '/ramsey/uuid/src/Builder/DegradedUuidBuilder.php', @@ -1050,6 +1053,7 @@ class ComposerStaticInit7b34d7e50a62201ec5d5e526a5b8b35d 'Zotlabs\\Lib\\Verify' => __DIR__ . '/../..' . '/Zotlabs/Lib/Verify.php', 'Zotlabs\\Lib\\Webfinger' => __DIR__ . '/../..' . '/Zotlabs/Lib/Webfinger.php', 'Zotlabs\\Lib\\XConfig' => __DIR__ . '/../..' . '/Zotlabs/Lib/XConfig.php', + 'Zotlabs\\Lib\\ZotURL' => __DIR__ . '/../..' . '/Zotlabs/Lib/ZotURL.php', 'Zotlabs\\Lib\\Zotfinger' => __DIR__ . '/../..' . '/Zotlabs/Lib/Zotfinger.php', 'Zotlabs\\Module\\Achievements' => __DIR__ . '/../..' . '/Zotlabs/Module/Achievements.php', 'Zotlabs\\Module\\Acl' => __DIR__ . '/../..' . '/Zotlabs/Module/Acl.php', @@ -1129,6 +1133,7 @@ class ComposerStaticInit7b34d7e50a62201ec5d5e526a5b8b35d 'Zotlabs\\Module\\Home' => __DIR__ . '/../..' . '/Zotlabs/Module/Home.php', 'Zotlabs\\Module\\Hostxrd' => __DIR__ . '/../..' . '/Zotlabs/Module/Hostxrd.php', 'Zotlabs\\Module\\Hq' => __DIR__ . '/../..' . '/Zotlabs/Module/Hq.php', + 'Zotlabs\\Module\\Id' => __DIR__ . '/../..' . '/Zotlabs/Module/Id.php', 'Zotlabs\\Module\\Impel' => __DIR__ . '/../..' . '/Zotlabs/Module/Impel.php', 'Zotlabs\\Module\\Import' => __DIR__ . '/../..' . '/Zotlabs/Module/Import.php', 'Zotlabs\\Module\\Import_items' => __DIR__ . '/../..' . '/Zotlabs/Module/Import_items.php', From 136b2ae37f36d0b772166f7c8fac5a27b4b8a4d3 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 17 Mar 2019 15:49:01 -0700 Subject: [PATCH 40/60] calling unserialize on array in util/service_class --- util/service_class | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/util/service_class b/util/service_class index 50f01afff..b8a1f2386 100755 --- a/util/service_class +++ b/util/service_class @@ -93,7 +93,12 @@ if($argc == 1) { if(is_array(App::$config['service_class']) && App::$config['service_class']) { foreach(App::$config['service_class'] as $class=>$props) { echo "$class:\n"; - $d = unserialize($props); + + $d = ((! is_array($props)) && (preg_match('|^a:[0-9]+:{.*}$|s', $props)) + ? unserialize($props) + : $props + ); + if(is_array($d) && $d) { foreach($d as $k => $v) { echo "\t$k = $v\n"; From 026b96b8f2aebff50f594aa2a184a60a66cc3fd4 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 17 Mar 2019 17:56:29 -0700 Subject: [PATCH 41/60] clone systems apps to the extent possible, auto-configure imagick thumbnail binary during setup if possible --- Zotlabs/Module/Import.php | 3 ++ Zotlabs/Module/Setup.php | 6 +++ include/channel.php | 12 ++++++ include/import.php | 88 ++++++++++++++++++++++++++++++++++++++- 4 files changed, 108 insertions(+), 1 deletion(-) diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 0daf28aa9..9d047ed7b 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -472,6 +472,9 @@ class Import extends \Zotlabs\Web\Controller { if(is_array($data['app'])) import_apps($channel,$data['app']); + if(is_array($data['sysapp'])) + import_sysapps($channel,$data['sysapp']); + if(is_array($data['chatroom'])) import_chatrooms($channel,$data['chatroom']); diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index ce0538099..c809ff5ec 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -732,6 +732,12 @@ class Setup extends \Zotlabs\Web\Controller { // install the standard theme set_config('system', 'allowed_themes', 'redbasic'); + // if imagick converter is installed, use it + if(@is_executable('/usr/bin/convert')) { + set_config('system','imagick_convert_path','/usr/bin/convert'); + } + + // Set a lenient list of ciphers if using openssl. Other ssl engines // (e.g. NSS used in RedHat) require different syntax, so hopefully // the default curl cipher list will work for most sites. If not, diff --git a/include/channel.php b/include/channel.php index 7646de151..654bbdb05 100644 --- a/include/channel.php +++ b/include/channel.php @@ -948,6 +948,18 @@ function identity_basic_export($channel_id, $sections = null) { } $ret['app'] = $r; } + $r = q("select * from app where app_channel = %d and app_system = 1", + intval($channel_id) + ); + if($r) { + for($x = 0; $x < count($r); $x ++) { + $r[$x]['term'] = q("select * from term where otype = %d and oid = %d", + intval(TERM_OBJ_APP), + intval($r[$x]['id']) + ); + } + $ret['sysapp'] = $r; + } } if(in_array('chatrooms',$sections)) { diff --git a/include/import.php b/include/import.php index f391400bd..8d1a19202 100644 --- a/include/import.php +++ b/include/import.php @@ -147,7 +147,9 @@ function import_config($channel, $configs) { foreach($configs as $config) { unset($config['id']); $config['uid'] = $channel['channel_id']; - + if($config['cat'] === 'system' && $config['k'] === 'import_system_apps') { + continue; + } create_table_from_array('pconfig', $config); } @@ -364,6 +366,9 @@ function import_apps($channel, $apps) { if($channel && $apps) { foreach($apps as $app) { + if(array_key_exists('app_system',$app) && intval($app['app_system'])) + continue; + $term = ((array_key_exists('term',$app) && is_array($app['term'])) ? $app['term'] : null); unset($app['id']); @@ -413,6 +418,9 @@ function sync_apps($channel, $apps) { $exists = false; $term = ((array_key_exists('term',$app)) ? $app['term'] : null); + if(array_key_exists('app_system',$app) && intval($app['app_system'])) + continue; + $x = q("select * from app where app_id = '%s' and app_channel = %d limit 1", dbesc($app['app_id']), intval($channel['channel_id']) @@ -504,6 +512,84 @@ function sync_apps($channel, $apps) { } } + + +/** + * @brief Import system apps. + * System apps from the original server may not exist on this system + * (e.g. apps associated with addons that are not installed here). + * Check the system apps that were provided in the import file to see if they + * exist here and if so, install them locally. Preserve categories that + * might have been added by this channel on the other server. + * Do not use any paths from the original as they will point to a different server. + * @param array $channel + * @param array $apps + */ +function import_sysapps($channel, $apps) { + + if($channel && $apps) { + + $sysapps = \Zotlabs\Lib\Apps::get_system_apps(false); + + foreach($apps as $app) { + + if(array_key_exists('app_system',$app) && (! intval($app['app_system']))) + continue; + + $term = ((array_key_exists('term',$app) && is_array($app['term'])) ? $app['term'] : null); + + foreach($sysapps as $sysapp) { + if($app['app_id'] === hash('whirlpool',$sysapp['app_name'])) { + // install this app on this server + $newapp = $sysapp; + $newapp['uid'] = $channel['channel_id']; + $newapp['guid'] = hash('whirlpool',$newapp['name']); + + $installed = q("select id from app where app_id = '%s' and app_channel = %d limit 1", + dbesc($newapp['guid']), + intval($channel['channel_id']) + ); + if($installed) { + break; + } + + $newapp['system'] = 1; + if($term) { + $s = EMPTY_STR; + foreach($term as $t) { + if($s) { + $s .= ','; + } + $s .= $t['term']; + } + $newapp['categories'] = $s; + } + \Zotlabs\Lib\Apps::app_install($channel['channel_id'],$newapp); + } + } + } + } +} + +/** + * @brief Sync system apps. + * + * @param array $channel + * @param array $apps + */ +function sync_sysapps($channel, $apps) { + + if($channel && $apps) { + + // we do not currently sync system apps + + } +} + + + + + /** * @brief Import chatrooms. * From ea9925f489602529891c0ed468cf35117e7ef454 Mon Sep 17 00:00:00 2001 From: Zot Date: Mon, 18 Mar 2019 09:35:53 +0100 Subject: [PATCH 42/60] clone systems apps to the extent possible, auto-configure imagick thumbnail binary during setup if possible --- Zotlabs/Lib/Enotify.php | 24 +++++------ Zotlabs/Module/Dreport.php | 3 +- Zotlabs/Module/Import.php | 3 ++ Zotlabs/Module/Setup.php | 6 +++ include/channel.php | 12 ++++++ include/import.php | 88 +++++++++++++++++++++++++++++++++++++- include/network.php | 6 +-- util/service_class | 7 ++- view/tpl/dreport.tpl | 2 +- 9 files changed, 132 insertions(+), 19 deletions(-) diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php index 5e5798cac..a7082f45a 100644 --- a/Zotlabs/Lib/Enotify.php +++ b/Zotlabs/Lib/Enotify.php @@ -754,9 +754,9 @@ class Enotify { // generate a multipart/alternative message header $messageHeader = $params['additionalMailHeader'] . - "From: $fromName <{$params['fromEmail']}>\n" . - "Reply-To: $fromName <{$params['replyTo']}>\n" . - "MIME-Version: 1.0\n" . + "From: $fromName <{$params['fromEmail']}>" . PHP_EOL . + "Reply-To: $fromName <{$params['replyTo']}>" . PHP_EOL . + "MIME-Version: 1.0" . PHP_EOL . "Content-Type: multipart/alternative; boundary=\"{$mimeBoundary}\""; // assemble the final multipart message body with the text and html types included @@ -764,15 +764,15 @@ class Enotify { $htmlBody = chunk_split(base64_encode($params['htmlVersion'])); $multipartMessageBody = - "--" . $mimeBoundary . "\n" . // plain text section - "Content-Type: text/plain; charset=UTF-8\n" . - "Content-Transfer-Encoding: base64\n\n" . - $textBody . "\n" . - "--" . $mimeBoundary . "\n" . // text/html section - "Content-Type: text/html; charset=UTF-8\n" . - "Content-Transfer-Encoding: base64\n\n" . - $htmlBody . "\n" . - "--" . $mimeBoundary . "--\n"; // message ending + "--" . $mimeBoundary . PHP_EOL . // plain text section + "Content-Type: text/plain; charset=UTF-8" . PHP_EOL . + "Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL . + $textBody . PHP_EOL . + "--" . $mimeBoundary . PHP_EOL . // text/html section + "Content-Type: text/html; charset=UTF-8" . PHP_EOL . + "Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL . + $htmlBody . PHP_EOL . + "--" . $mimeBoundary . "--" . PHP_EOL; // message ending // send the message $res = mail( diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index 1538ea278..0fc36dc29 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -161,7 +161,8 @@ class Dreport extends \Zotlabs\Web\Controller { $o = replace_macros(get_markup_template('dreport.tpl'), array( '$title' => sprintf( t('Delivery report for %1$s'),basename($mid)) . '...', '$table' => $table, - '$mid' => (($encoded_mid) ? $encoded_mid : $mid), + '$mid' => urlencode($mid), + '$safe_mid' => urlencode(gen_link_id($mid)), '$options' => t('Options'), '$push' => t('Redeliver'), '$entries' => $entries diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index 0daf28aa9..9d047ed7b 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -472,6 +472,9 @@ class Import extends \Zotlabs\Web\Controller { if(is_array($data['app'])) import_apps($channel,$data['app']); + if(is_array($data['sysapp'])) + import_sysapps($channel,$data['sysapp']); + if(is_array($data['chatroom'])) import_chatrooms($channel,$data['chatroom']); diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index ce0538099..c809ff5ec 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -732,6 +732,12 @@ class Setup extends \Zotlabs\Web\Controller { // install the standard theme set_config('system', 'allowed_themes', 'redbasic'); + // if imagick converter is installed, use it + if(@is_executable('/usr/bin/convert')) { + set_config('system','imagick_convert_path','/usr/bin/convert'); + } + + // Set a lenient list of ciphers if using openssl. Other ssl engines // (e.g. NSS used in RedHat) require different syntax, so hopefully // the default curl cipher list will work for most sites. If not, diff --git a/include/channel.php b/include/channel.php index 7646de151..654bbdb05 100644 --- a/include/channel.php +++ b/include/channel.php @@ -948,6 +948,18 @@ function identity_basic_export($channel_id, $sections = null) { } $ret['app'] = $r; } + $r = q("select * from app where app_channel = %d and app_system = 1", + intval($channel_id) + ); + if($r) { + for($x = 0; $x < count($r); $x ++) { + $r[$x]['term'] = q("select * from term where otype = %d and oid = %d", + intval(TERM_OBJ_APP), + intval($r[$x]['id']) + ); + } + $ret['sysapp'] = $r; + } } if(in_array('chatrooms',$sections)) { diff --git a/include/import.php b/include/import.php index f391400bd..8d1a19202 100644 --- a/include/import.php +++ b/include/import.php @@ -147,7 +147,9 @@ function import_config($channel, $configs) { foreach($configs as $config) { unset($config['id']); $config['uid'] = $channel['channel_id']; - + if($config['cat'] === 'system' && $config['k'] === 'import_system_apps') { + continue; + } create_table_from_array('pconfig', $config); } @@ -364,6 +366,9 @@ function import_apps($channel, $apps) { if($channel && $apps) { foreach($apps as $app) { + if(array_key_exists('app_system',$app) && intval($app['app_system'])) + continue; + $term = ((array_key_exists('term',$app) && is_array($app['term'])) ? $app['term'] : null); unset($app['id']); @@ -413,6 +418,9 @@ function sync_apps($channel, $apps) { $exists = false; $term = ((array_key_exists('term',$app)) ? $app['term'] : null); + if(array_key_exists('app_system',$app) && intval($app['app_system'])) + continue; + $x = q("select * from app where app_id = '%s' and app_channel = %d limit 1", dbesc($app['app_id']), intval($channel['channel_id']) @@ -504,6 +512,84 @@ function sync_apps($channel, $apps) { } } + + +/** + * @brief Import system apps. + * System apps from the original server may not exist on this system + * (e.g. apps associated with addons that are not installed here). + * Check the system apps that were provided in the import file to see if they + * exist here and if so, install them locally. Preserve categories that + * might have been added by this channel on the other server. + * Do not use any paths from the original as they will point to a different server. + * @param array $channel + * @param array $apps + */ +function import_sysapps($channel, $apps) { + + if($channel && $apps) { + + $sysapps = \Zotlabs\Lib\Apps::get_system_apps(false); + + foreach($apps as $app) { + + if(array_key_exists('app_system',$app) && (! intval($app['app_system']))) + continue; + + $term = ((array_key_exists('term',$app) && is_array($app['term'])) ? $app['term'] : null); + + foreach($sysapps as $sysapp) { + if($app['app_id'] === hash('whirlpool',$sysapp['app_name'])) { + // install this app on this server + $newapp = $sysapp; + $newapp['uid'] = $channel['channel_id']; + $newapp['guid'] = hash('whirlpool',$newapp['name']); + + $installed = q("select id from app where app_id = '%s' and app_channel = %d limit 1", + dbesc($newapp['guid']), + intval($channel['channel_id']) + ); + if($installed) { + break; + } + + $newapp['system'] = 1; + if($term) { + $s = EMPTY_STR; + foreach($term as $t) { + if($s) { + $s .= ','; + } + $s .= $t['term']; + } + $newapp['categories'] = $s; + } + \Zotlabs\Lib\Apps::app_install($channel['channel_id'],$newapp); + } + } + } + } +} + +/** + * @brief Sync system apps. + * + * @param array $channel + * @param array $apps + */ +function sync_sysapps($channel, $apps) { + + if($channel && $apps) { + + // we do not currently sync system apps + + } +} + + + + + /** * @brief Import chatrooms. * diff --git a/include/network.php b/include/network.php index 3e8134a32..c754625cd 100644 --- a/include/network.php +++ b/include/network.php @@ -895,7 +895,7 @@ function email_header_encode($in_str, $charset = 'UTF-8', $header = 'Subject') { // define start delimimter, end delimiter and spacer $end = "?="; $start = "=?" . $charset . "?B?"; - $spacer = $end . "\r\n " . $start; + $spacer = $end . PHP_EOL . " " . $start; // determine length of encoded text within chunks // and ensure length is even @@ -1799,8 +1799,8 @@ function z_mail($params) { $messageHeader = $params['additionalMailHeader'] . - "From: $fromName <{$params['fromEmail']}>\n" . - "Reply-To: $fromName <{$params['replyTo']}>\n" . + "From: $fromName <{$params['fromEmail']}>" . PHP_EOL . + "Reply-To: $fromName <{$params['replyTo']}>" . PHP_EOL . "Content-Type: text/plain; charset=UTF-8"; // send the message diff --git a/util/service_class b/util/service_class index 50f01afff..b8a1f2386 100755 --- a/util/service_class +++ b/util/service_class @@ -93,7 +93,12 @@ if($argc == 1) { if(is_array(App::$config['service_class']) && App::$config['service_class']) { foreach(App::$config['service_class'] as $class=>$props) { echo "$class:\n"; - $d = unserialize($props); + + $d = ((! is_array($props)) && (preg_match('|^a:[0-9]+:{.*}$|s', $props)) + ? unserialize($props) + : $props + ); + if(is_array($d) && $d) { foreach($d as $k => $v) { echo "\t$k = $v\n"; diff --git a/view/tpl/dreport.tpl b/view/tpl/dreport.tpl index a6b05b326..89188891d 100644 --- a/view/tpl/dreport.tpl +++ b/view/tpl/dreport.tpl @@ -6,7 +6,7 @@
- {{$push}} + {{$push}}
{{/if}} From a086745ec021add5638a0527d4e8e14835591e93 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 18 Mar 2019 13:19:24 +0100 Subject: [PATCH 43/60] ENT_COMPAT will only take care of double-quotes. Use double-quotes here to prevent XSS --- Zotlabs/Module/Connections.php | 2 +- Zotlabs/Module/Directory.php | 2 +- Zotlabs/Module/Photos.php | 4 ++-- Zotlabs/Module/Viewconnections.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 967e9521d..8e3730875 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -329,7 +329,7 @@ class Connections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ""; + $o .= ''; $o .= replace_macros(get_markup_template('connections.tpl'),array( '$header' => t('Connections') . (($head) ? ': ' . $head : ''), '$tabs' => $tabs, diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index c29fa8326..04bcb7f0a 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -399,7 +399,7 @@ class Directory extends \Zotlabs\Web\Controller { $dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory')); - $o .= ""; + $o .= ''; $o .= replace_macros($tpl, array( '$search' => $search, '$desc' => t('Find'), diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index a761dbd14..161141c3b 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -848,7 +848,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ""; + $o .= ''; $tpl = get_markup_template('photo_album.tpl'); $o .= replace_macros($tpl, array( '$photos' => $photos, @@ -1396,7 +1396,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ""; + $o .= ''; $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array( '$title' => t('Recent Photos'), diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index 0a5e86907..14a5ccb86 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ""; + $o .= ''; $tpl = get_markup_template("viewcontact_template.tpl"); $o .= replace_macros($tpl, array( '$title' => t('View Connections'), From 2ec3e4a912777501f232d6255fe8ba5d0c147eee Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 18 Mar 2019 13:29:08 +0100 Subject: [PATCH 44/60] use urlencode --- Zotlabs/Module/Connections.php | 2 +- Zotlabs/Module/Directory.php | 2 +- Zotlabs/Module/Photos.php | 4 ++-- Zotlabs/Module/Viewconnections.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 8e3730875..6a93b3462 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -329,7 +329,7 @@ class Connections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ''; + $o .= ""; $o .= replace_macros(get_markup_template('connections.tpl'),array( '$header' => t('Connections') . (($head) ? ': ' . $head : ''), '$tabs' => $tabs, diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 04bcb7f0a..5448a4816 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -399,7 +399,7 @@ class Directory extends \Zotlabs\Web\Controller { $dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory')); - $o .= ''; + $o .= ""; $o .= replace_macros($tpl, array( '$search' => $search, '$desc' => t('Find'), diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 161141c3b..3a6d77f00 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -848,7 +848,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ''; + $o .= ""; $tpl = get_markup_template('photo_album.tpl'); $o .= replace_macros($tpl, array( '$photos' => $photos, @@ -1396,7 +1396,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ''; + $o .= ""; $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array( '$title' => t('Recent Photos'), diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index 14a5ccb86..30df0b9e4 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ''; + $o .= ""; $tpl = get_markup_template("viewcontact_template.tpl"); $o .= replace_macros($tpl, array( '$title' => t('View Connections'), From 43753ec1133e1078f87cd609da008db9e935e998 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 18 Mar 2019 12:19:24 +0000 Subject: [PATCH 45/60] ENT_COMPAT will only take care of double-quotes. Use double-quotes here to prevent XSS (cherry picked from commit a086745ec021add5638a0527d4e8e14835591e93) --- Zotlabs/Module/Connections.php | 2 +- Zotlabs/Module/Directory.php | 2 +- Zotlabs/Module/Photos.php | 4 ++-- Zotlabs/Module/Viewconnections.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 967e9521d..8e3730875 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -329,7 +329,7 @@ class Connections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ""; + $o .= ''; $o .= replace_macros(get_markup_template('connections.tpl'),array( '$header' => t('Connections') . (($head) ? ': ' . $head : ''), '$tabs' => $tabs, diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index c29fa8326..04bcb7f0a 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -399,7 +399,7 @@ class Directory extends \Zotlabs\Web\Controller { $dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory')); - $o .= ""; + $o .= ''; $o .= replace_macros($tpl, array( '$search' => $search, '$desc' => t('Find'), diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index a761dbd14..161141c3b 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -848,7 +848,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ""; + $o .= ''; $tpl = get_markup_template('photo_album.tpl'); $o .= replace_macros($tpl, array( '$photos' => $photos, @@ -1396,7 +1396,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ""; + $o .= ''; $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array( '$title' => t('Recent Photos'), diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index 0a5e86907..14a5ccb86 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ""; + $o .= ''; $tpl = get_markup_template("viewcontact_template.tpl"); $o .= replace_macros($tpl, array( '$title' => t('View Connections'), From 8893d9edc4a2f861a0f5aac2638140fa3ceea235 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 18 Mar 2019 12:29:08 +0000 Subject: [PATCH 46/60] use urlencode (cherry picked from commit 2ec3e4a912777501f232d6255fe8ba5d0c147eee) --- Zotlabs/Module/Connections.php | 2 +- Zotlabs/Module/Directory.php | 2 +- Zotlabs/Module/Photos.php | 4 ++-- Zotlabs/Module/Viewconnections.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 8e3730875..6a93b3462 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -329,7 +329,7 @@ class Connections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ''; + $o .= ""; $o .= replace_macros(get_markup_template('connections.tpl'),array( '$header' => t('Connections') . (($head) ? ': ' . $head : ''), '$tabs' => $tabs, diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index 04bcb7f0a..5448a4816 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -399,7 +399,7 @@ class Directory extends \Zotlabs\Web\Controller { $dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory')); - $o .= ''; + $o .= ""; $o .= replace_macros($tpl, array( '$search' => $search, '$desc' => t('Find'), diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 161141c3b..3a6d77f00 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -848,7 +848,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ''; + $o .= ""; $tpl = get_markup_template('photo_album.tpl'); $o .= replace_macros($tpl, array( '$photos' => $photos, @@ -1396,7 +1396,7 @@ class Photos extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ''; + $o .= ""; $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array( '$title' => t('Recent Photos'), diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index 14a5ccb86..30df0b9e4 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller { killme(); } else { - $o .= ''; + $o .= ""; $tpl = get_markup_template("viewcontact_template.tpl"); $o .= replace_macros($tpl, array( '$title' => t('View Connections'), From 968c6ed8be580c1098587738fefa27b31dc4f5ef Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 18 Mar 2019 21:30:25 +0100 Subject: [PATCH 47/60] some more xss prevention --- Zotlabs/Module/Channel.php | 4 ++-- Zotlabs/Module/Display.php | 2 +- Zotlabs/Module/Hq.php | 2 +- Zotlabs/Module/Network.php | 18 +++++++++--------- Zotlabs/Module/Pubstream.php | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 5fdefd805..65eaee408 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -414,12 +414,12 @@ class Channel extends Controller { '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), '$search' => $search, '$xchan' => '', - '$order' => $order, + '$order' => (($order) ? urlencode($order) : ''),, '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$file' => '', '$cats' => (($category) ? urlencode($category) : ''), '$tags' => (($hashtags) ? urlencode($hashtags) : ''), - '$mid' => $mid, + '$mid' => (($mid) ? urlencode($mid) : ''),, '$verb' => '', '$net' => '', '$dend' => $datequery, diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 04e5f9fce..258aac556 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -233,7 +233,7 @@ class Display extends \Zotlabs\Web\Controller { '$dbegin' => '', '$verb' => '', '$net' => '', - '$mid' => $mid + '$mid' => (($mid) ? urlencode($mid) : '') )); head_add_link([ diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 3535ac71a..848fe3e25 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -194,7 +194,7 @@ class Hq extends \Zotlabs\Web\Controller { '$dbegin' => '', '$verb' => '', '$net' => '', - '$mid' => $mid + '$mid' => (($mid) ? urlencode($mid) : '') ]); } diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 2019082ed..1c16e34ef 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -368,19 +368,19 @@ class Network extends \Zotlabs\Web\Controller { '$static' => $static, '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), - '$search' => (($search) ? $search : ''), - '$xchan' => $xchan, + '$search' => (($search) ? urlencode($search) : ''), + '$xchan' => (($xchan) ? urlencode($xchan) : ''), '$order' => $order, - '$file' => $file, - '$cats' => urlencode($category), - '$tags' => urlencode($hashtags), + '$file' => (($file) ? urlencode($file) : ''), + '$cats' => (($category) ? urlencode($category) : ''), + '$tags' => (($hashtags) ? urlencode($hashtags) : ''), '$dend' => $datequery, '$mid' => '', - '$verb' => $verb, - '$net' => $net, + '$verb' => (($verb) ? urlencode($verb) : ''), + '$net' => (($net) ? urlencode($net) : ''), '$dbegin' => $datequery2, - '$pf' => (($pf) ? $pf : '0'), - '$unseen' => $unseen + '$pf' => (($pf) ? intval($pf) : 0), + '$unseen' => (($unseen) ? urlencode($unseen) : '') )); } diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index 94df29984..84ac42f72 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -149,11 +149,11 @@ class Pubstream extends \Zotlabs\Web\Controller { '$order' => 'comment', '$file' => '', '$cats' => '', - '$tags' => $hashtags, + '$tags' => (($hashtags) ? urlencode($hashtags) : ''), '$dend' => '', - '$mid' => $mid, + '$mid' => (($mid) ? urlencode($mid) : ''), '$verb' => '', - '$net' => $net, + '$net' => (($net) ? urlencode($net) : ''), '$dbegin' => '' )); } From 85593343397347452629a223ef56ba66b9b50dd1 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 18 Mar 2019 20:30:25 +0000 Subject: [PATCH 48/60] some more xss prevention (cherry picked from commit 968c6ed8be580c1098587738fefa27b31dc4f5ef) --- Zotlabs/Module/Channel.php | 4 ++-- Zotlabs/Module/Display.php | 2 +- Zotlabs/Module/Hq.php | 2 +- Zotlabs/Module/Network.php | 18 +++++++++--------- Zotlabs/Module/Pubstream.php | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 5fdefd805..65eaee408 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -414,12 +414,12 @@ class Channel extends Controller { '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), '$search' => $search, '$xchan' => '', - '$order' => $order, + '$order' => (($order) ? urlencode($order) : ''),, '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$file' => '', '$cats' => (($category) ? urlencode($category) : ''), '$tags' => (($hashtags) ? urlencode($hashtags) : ''), - '$mid' => $mid, + '$mid' => (($mid) ? urlencode($mid) : ''),, '$verb' => '', '$net' => '', '$dend' => $datequery, diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 04e5f9fce..258aac556 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -233,7 +233,7 @@ class Display extends \Zotlabs\Web\Controller { '$dbegin' => '', '$verb' => '', '$net' => '', - '$mid' => $mid + '$mid' => (($mid) ? urlencode($mid) : '') )); head_add_link([ diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index 3535ac71a..848fe3e25 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -194,7 +194,7 @@ class Hq extends \Zotlabs\Web\Controller { '$dbegin' => '', '$verb' => '', '$net' => '', - '$mid' => $mid + '$mid' => (($mid) ? urlencode($mid) : '') ]); } diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php index 2019082ed..1c16e34ef 100644 --- a/Zotlabs/Module/Network.php +++ b/Zotlabs/Module/Network.php @@ -368,19 +368,19 @@ class Network extends \Zotlabs\Web\Controller { '$static' => $static, '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), - '$search' => (($search) ? $search : ''), - '$xchan' => $xchan, + '$search' => (($search) ? urlencode($search) : ''), + '$xchan' => (($xchan) ? urlencode($xchan) : ''), '$order' => $order, - '$file' => $file, - '$cats' => urlencode($category), - '$tags' => urlencode($hashtags), + '$file' => (($file) ? urlencode($file) : ''), + '$cats' => (($category) ? urlencode($category) : ''), + '$tags' => (($hashtags) ? urlencode($hashtags) : ''), '$dend' => $datequery, '$mid' => '', - '$verb' => $verb, - '$net' => $net, + '$verb' => (($verb) ? urlencode($verb) : ''), + '$net' => (($net) ? urlencode($net) : ''), '$dbegin' => $datequery2, - '$pf' => (($pf) ? $pf : '0'), - '$unseen' => $unseen + '$pf' => (($pf) ? intval($pf) : 0), + '$unseen' => (($unseen) ? urlencode($unseen) : '') )); } diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index 94df29984..84ac42f72 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -149,11 +149,11 @@ class Pubstream extends \Zotlabs\Web\Controller { '$order' => 'comment', '$file' => '', '$cats' => '', - '$tags' => $hashtags, + '$tags' => (($hashtags) ? urlencode($hashtags) : ''), '$dend' => '', - '$mid' => $mid, + '$mid' => (($mid) ? urlencode($mid) : ''), '$verb' => '', - '$net' => $net, + '$net' => (($net) ? urlencode($net) : ''), '$dbegin' => '' )); } From d486b030896d1b4d798dc3ea1806e492cdd4983a Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 18 Mar 2019 21:58:18 +0100 Subject: [PATCH 49/60] fix typos --- Zotlabs/Module/Channel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 65eaee408..d4ef94e06 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -414,12 +414,12 @@ class Channel extends Controller { '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), '$search' => $search, '$xchan' => '', - '$order' => (($order) ? urlencode($order) : ''),, + '$order' => (($order) ? urlencode($order) : ''), '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$file' => '', '$cats' => (($category) ? urlencode($category) : ''), '$tags' => (($hashtags) ? urlencode($hashtags) : ''), - '$mid' => (($mid) ? urlencode($mid) : ''),, + '$mid' => (($mid) ? urlencode($mid) : ''), '$verb' => '', '$net' => '', '$dend' => $datequery, From 578230e32c7599043830abd49a571f69bbbe4e51 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Mon, 18 Mar 2019 20:58:18 +0000 Subject: [PATCH 50/60] fix typos (cherry picked from commit d486b030896d1b4d798dc3ea1806e492cdd4983a) --- Zotlabs/Module/Channel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 65eaee408..d4ef94e06 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -414,12 +414,12 @@ class Channel extends Controller { '$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1), '$search' => $search, '$xchan' => '', - '$order' => (($order) ? urlencode($order) : ''),, + '$order' => (($order) ? urlencode($order) : ''), '$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0), '$file' => '', '$cats' => (($category) ? urlencode($category) : ''), '$tags' => (($hashtags) ? urlencode($hashtags) : ''), - '$mid' => (($mid) ? urlencode($mid) : ''),, + '$mid' => (($mid) ? urlencode($mid) : ''), '$verb' => '', '$net' => '', '$dend' => $datequery, From b028667de17a122d3255b8db285866c66fda9fcf Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 18 Mar 2019 19:09:12 -0700 Subject: [PATCH 51/60] messagefilter enhancements, fix edge case in unsupported advisory privacy --- Zotlabs/Lib/MessageFilter.php | 16 +++++++++++++++- include/zot.php | 8 ++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/Zotlabs/Lib/MessageFilter.php b/Zotlabs/Lib/MessageFilter.php index eb0fc3d2c..750d6d424 100644 --- a/Zotlabs/Lib/MessageFilter.php +++ b/Zotlabs/Lib/MessageFilter.php @@ -19,7 +19,7 @@ class MessageFilter { $lang = null; - if((strpos($incl,'lang=') !== false) || (strpos($excl,'lang=') !== false)) { + if((strpos($incl,'lang=') !== false) || (strpos($excl,'lang=') !== false) || (strpos($incl,'lang!=') !== false) || (strpos($excl,'lang!=') !== false)) { $lang = detect_language($text); } @@ -39,10 +39,17 @@ class MessageFilter { if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*'))) return false; } + elseif(substr($word,0,1) === '$' && $tags) { + foreach($tags as $t) + if(($t['ttype'] == TERM_CATEGORY) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*'))) + return false; + } elseif((strpos($word,'/') === 0) && preg_match($word,$text)) return false; elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0)) return false; + elseif((strpos($word,'lang!=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,6))) != 0)) + return false; elseif(stristr($text,$word) !== false) return false; } @@ -60,10 +67,17 @@ class MessageFilter { if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*'))) return true; } + elseif(substr($word,0,1) === '$' && $tags) { + foreach($tags as $t) + if(($t['ttype'] == TERM_CATEGORY) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*'))) + return true; + } elseif((strpos($word,'/') === 0) && preg_match($word,$text)) return true; elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0)) return true; + elseif((strpos($word,'lang!=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,6))) != 0)) + return true; elseif(stristr($text,$word) !== false) return true; } diff --git a/include/zot.php b/include/zot.php index c9c01103c..227d82a13 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1712,13 +1712,17 @@ function allowed_public_recips($msg) { $condensed_recips[] = $rr['hash']; $results = array(); - $r = q("select channel_hash as hash from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and channel_removed = 0 ", + $r = q("select channel_hash as hash, channel_id from channel left join abook on abook_channel = channel_id where abook_xchan = '%s' and channel_removed = 0 ", dbesc($hash) ); if($r) { - foreach($r as $rr) + foreach($r as $rr) { + $cfg = get_abconfig($rr['channel_id'],$rr['hash'],'their_perms','view_stream'); + if((! $cfg) && $scope !== 'any connections') + continue; if(in_array($rr['hash'],$condensed_recips)) $results[] = array('hash' => $rr['hash']); + } } return $results; } From 8e1f02281046d13d34a720ab5b3af7044b25fa6a Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 18 Mar 2019 20:41:59 -0700 Subject: [PATCH 52/60] share encoding issue between hz and zap --- Zotlabs/Lib/Activity.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index e5a8e0075..5b9d356bb 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -527,6 +527,10 @@ class Activity { else return []; + if(strpos($i['body'],'[/share]') !== false) { + $i['obj'] = null; + } + if($i['obj']) { if(! is_array($i['obj'])) { $i['obj'] = json_decode($i['obj'],true); From fad26a49beb9d067ad101798f4c0b2b15dcb035c Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Tue, 19 Mar 2019 10:52:10 +0100 Subject: [PATCH 53/60] mysql: remove some unused indices and add thr_parent index. pgsql: sync indices with mysql indices after testing on hub.disroot.org and add thr_parent --- Zotlabs/Update/_1231.php | 73 +++++++++++++++++++++++++++++++++++++ boot.php | 2 +- install/schema_mysql.sql | 7 +--- install/schema_postgres.sql | 32 +++++++--------- 4 files changed, 89 insertions(+), 25 deletions(-) create mode 100644 Zotlabs/Update/_1231.php diff --git a/Zotlabs/Update/_1231.php b/Zotlabs/Update/_1231.php new file mode 100644 index 000000000..a685c5b28 --- /dev/null +++ b/Zotlabs/Update/_1231.php @@ -0,0 +1,73 @@ + Date: Wed, 20 Mar 2019 03:17:01 +0100 Subject: [PATCH 54/60] Video --- include/bbcode.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/include/bbcode.php b/include/bbcode.php index 7531bd774..bc11241f3 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -117,6 +117,26 @@ function tryzrlvideo($match) { return ''; } +function videowithopts($match) { + $link = $match[2]; + $zrl = is_matrix_url($link); + if($zrl) + $link = zid($link); + + $attributes = $match[1]; + + $poster = ""; + + preg_match("/poster='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $poster = 'poster="' . (($zrl) ? zid($matches[1]) : $matches[1]) . '"'; + + return ''; +} + + + + // [noparse][i]italic[/i][/noparse] turns into // [noparse][ i ]italic[ /i ][/noparse], // to hide them from parser. @@ -1251,12 +1271,14 @@ function bbcode($Text, $options = []) { // html5 video and audio if (strpos($Text,'[/video]') !== false) { + $Text = preg_replace_callback("/\[video (.*?)\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mpeg|mpg))\[\/video\]/ism", 'videowithopts', $Text); $Text = preg_replace_callback("/\[video\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mpeg|mpg))\[\/video\]/ism", 'tryzrlvideo', $Text); } if (strpos($Text,'[/audio]') !== false) { $Text = preg_replace_callback("/\[audio\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mp3|opus|m4a))\[\/audio\]/ism", 'tryzrlaudio', $Text); } if (strpos($Text,'[/zvideo]') !== false) { + $Text = preg_replace_callback("/\[zvideo (.*?)\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mpeg|mpg))\[\/zvideo\]/ism", 'videowithopts', $Text); $Text = preg_replace_callback("/\[zvideo\](.*?\.(ogg|ogv|oga|ogm|webm|mp4|mpeg|mpg))\[\/zvideo\]/ism", 'tryzrlvideo', $Text); } if (strpos($Text,'[/zaudio]') !== false) { From b2b776169b147377b443ec26b2757b43a5f71fc1 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Wed, 20 Mar 2019 14:02:18 +0100 Subject: [PATCH 55/60] just whitespace to trigger a new build test --- include/bbcode.php | 1 - 1 file changed, 1 deletion(-) diff --git a/include/bbcode.php b/include/bbcode.php index bc11241f3..36f943e46 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -1382,4 +1382,3 @@ function bbcode($Text, $options = []) { return $Text; } - From 75c3bda8665b78b9a44863b87c08d4f9e8a5b547 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 20 Mar 2019 16:09:34 -0700 Subject: [PATCH 56/60] hubzilla core issue #1356 , permissions not getting decrypted on follow --- include/follow.php | 1 + 1 file changed, 1 insertion(+) diff --git a/include/follow.php b/include/follow.php index db77a0160..1b35f1b32 100644 --- a/include/follow.php +++ b/include/follow.php @@ -119,6 +119,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) if( array_key_exists('permissions',$j) && array_key_exists('data',$j['permissions'])) { $permissions = crypto_unencapsulate(array( 'data' => $j['permissions']['data'], + 'alg' => $j['permissions']['alg'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), $channel['channel_prvkey']); From 322bc5dc87cebeeae470e11f011d363520ac4ed2 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 21 Mar 2019 09:37:23 +0100 Subject: [PATCH 57/60] another whitespace to trigger tests --- include/nav.php | 1 - 1 file changed, 1 deletion(-) diff --git a/include/nav.php b/include/nav.php index 9baadc9b2..3e1acd306 100644 --- a/include/nav.php +++ b/include/nav.php @@ -183,7 +183,6 @@ function nav($template = 'default') { $search_form_action = 'search'; } - $nav['search'] = ['search', t('Search'), "", t('Search site @name, !forum, #tag, ?docs, content'), $search_form_action]; /** From aab515b16c99543ae173c41a2d62f160353cc0cf Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 21 Mar 2019 11:01:01 +0100 Subject: [PATCH 58/60] optimize autoload cache and update changelog --- CHANGELOG | 30 +++++++++++++++++++++++++++ vendor/composer/autoload_classmap.php | 4 +--- vendor/composer/autoload_static.php | 4 +--- 3 files changed, 32 insertions(+), 6 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 0a57efa9d..eeba6c6d8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,33 @@ +Hubzilla 4.0.1 (2019-03-21) + - Fix permissions not getting decrypted on follow + - Add option to add a poster to the video bbcode + - Fix SQL performance issue with queries including thr_parent + - Fix share encoding issue between hz and zap + - Fix edge case in unsupported advisory privacy + - Messagefilter enhancements + - Fix XSS issues + - Clone systems apps to the extent possible + - Auto-configure imagick thumbnail binary during setup if possible + - Fix array not unserialized in util/service_class + - Add phpmd and phpcs to composer require-dev for code linting + - Fix issue with email encoding + - Fix signature issue for zot6 content imported from zotfeeds to hubzilla + - Find unregistered z6 clones on hubzilla sites + - Add zot6 to clonable networks + - Add owner permission checks to AS item fetch + - Perform zot6 discovery in import_author_xchan + - Fix authenticated fetches + - Port zot_record_preferred() from zap + + Addons: + - Pubcrawl: deliver comments to abook contacts and thread participants + - Pubcrawl: fix can_comment_on_post() + - Deliverynotice: do not save empty postopts + - Gravatar: fix URL and use z_fetch_url() + - Pubcrawl: improve SQL queries in pubcrawl_item_mod_init() + - Pubcrawl: fix authenticated item fetch + + Hubzilla 4.0 (2019-03-08) - Add CURLOPT_CONNECTTIMEOUT option - Allow parameters as final path argument in API router diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php index 64d0c0cfb..ba7b1d85c 100644 --- a/vendor/composer/autoload_classmap.php +++ b/vendor/composer/autoload_classmap.php @@ -380,9 +380,6 @@ return array( 'Psr\\Log\\LoggerInterface' => $vendorDir . '/psr/log/Psr/Log/LoggerInterface.php', 'Psr\\Log\\LoggerTrait' => $vendorDir . '/psr/log/Psr/Log/LoggerTrait.php', 'Psr\\Log\\NullLogger' => $vendorDir . '/psr/log/Psr/Log/NullLogger.php', - 'Psr\\Log\\Test\\DummyTest' => $vendorDir . '/psr/log/Psr/Log/Test/LoggerInterfaceTest.php', - 'Psr\\Log\\Test\\LoggerInterfaceTest' => $vendorDir . '/psr/log/Psr/Log/Test/LoggerInterfaceTest.php', - 'Psr\\Log\\Test\\TestLogger' => $vendorDir . '/psr/log/Psr/Log/Test/TestLogger.php', 'Ramsey\\Uuid\\BinaryUtils' => $vendorDir . '/ramsey/uuid/src/BinaryUtils.php', 'Ramsey\\Uuid\\Builder\\DefaultUuidBuilder' => $vendorDir . '/ramsey/uuid/src/Builder/DefaultUuidBuilder.php', 'Ramsey\\Uuid\\Builder\\DegradedUuidBuilder' => $vendorDir . '/ramsey/uuid/src/Builder/DegradedUuidBuilder.php', @@ -1354,6 +1351,7 @@ return array( 'Zotlabs\\Update\\_1228' => $baseDir . '/Zotlabs/Update/_1228.php', 'Zotlabs\\Update\\_1229' => $baseDir . '/Zotlabs/Update/_1229.php', 'Zotlabs\\Update\\_1230' => $baseDir . '/Zotlabs/Update/_1230.php', + 'Zotlabs\\Update\\_1231' => $baseDir . '/Zotlabs/Update/_1231.php', 'Zotlabs\\Web\\Controller' => $baseDir . '/Zotlabs/Web/Controller.php', 'Zotlabs\\Web\\HTTPHeaders' => $baseDir . '/Zotlabs/Web/HTTPHeaders.php', 'Zotlabs\\Web\\HTTPSig' => $baseDir . '/Zotlabs/Web/HTTPSig.php', diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php index 0c60181b1..37a73de45 100644 --- a/vendor/composer/autoload_static.php +++ b/vendor/composer/autoload_static.php @@ -548,9 +548,6 @@ class ComposerStaticInit7b34d7e50a62201ec5d5e526a5b8b35d 'Psr\\Log\\LoggerInterface' => __DIR__ . '/..' . '/psr/log/Psr/Log/LoggerInterface.php', 'Psr\\Log\\LoggerTrait' => __DIR__ . '/..' . '/psr/log/Psr/Log/LoggerTrait.php', 'Psr\\Log\\NullLogger' => __DIR__ . '/..' . '/psr/log/Psr/Log/NullLogger.php', - 'Psr\\Log\\Test\\DummyTest' => __DIR__ . '/..' . '/psr/log/Psr/Log/Test/LoggerInterfaceTest.php', - 'Psr\\Log\\Test\\LoggerInterfaceTest' => __DIR__ . '/..' . '/psr/log/Psr/Log/Test/LoggerInterfaceTest.php', - 'Psr\\Log\\Test\\TestLogger' => __DIR__ . '/..' . '/psr/log/Psr/Log/Test/TestLogger.php', 'Ramsey\\Uuid\\BinaryUtils' => __DIR__ . '/..' . '/ramsey/uuid/src/BinaryUtils.php', 'Ramsey\\Uuid\\Builder\\DefaultUuidBuilder' => __DIR__ . '/..' . '/ramsey/uuid/src/Builder/DefaultUuidBuilder.php', 'Ramsey\\Uuid\\Builder\\DegradedUuidBuilder' => __DIR__ . '/..' . '/ramsey/uuid/src/Builder/DegradedUuidBuilder.php', @@ -1522,6 +1519,7 @@ class ComposerStaticInit7b34d7e50a62201ec5d5e526a5b8b35d 'Zotlabs\\Update\\_1228' => __DIR__ . '/../..' . '/Zotlabs/Update/_1228.php', 'Zotlabs\\Update\\_1229' => __DIR__ . '/../..' . '/Zotlabs/Update/_1229.php', 'Zotlabs\\Update\\_1230' => __DIR__ . '/../..' . '/Zotlabs/Update/_1230.php', + 'Zotlabs\\Update\\_1231' => __DIR__ . '/../..' . '/Zotlabs/Update/_1231.php', 'Zotlabs\\Web\\Controller' => __DIR__ . '/../..' . '/Zotlabs/Web/Controller.php', 'Zotlabs\\Web\\HTTPHeaders' => __DIR__ . '/../..' . '/Zotlabs/Web/HTTPHeaders.php', 'Zotlabs\\Web\\HTTPSig' => __DIR__ . '/../..' . '/Zotlabs/Web/HTTPSig.php', From 9b696a872bf8712875dc0851b1873ec3353591be Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 21 Mar 2019 11:01:57 +0100 Subject: [PATCH 59/60] bump version --- boot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot.php b/boot.php index cf421c1b4..118443df9 100755 --- a/boot.php +++ b/boot.php @@ -50,7 +50,7 @@ require_once('include/attach.php'); require_once('include/bbcode.php'); define ( 'PLATFORM_NAME', 'hubzilla' ); -define ( 'STD_VERSION', '4.1' ); +define ( 'STD_VERSION', '4.1.1' ); define ( 'ZOT_REVISION', '6.0a' ); define ( 'DB_UPDATE_VERSION', 1231 ); From 33ac85f637be3c7888142d175d822e14d7cb6bd2 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 21 Mar 2019 11:16:35 +0100 Subject: [PATCH 60/60] bump version --- boot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot.php b/boot.php index 118443df9..338a3e3ae 100755 --- a/boot.php +++ b/boot.php @@ -50,7 +50,7 @@ require_once('include/attach.php'); require_once('include/bbcode.php'); define ( 'PLATFORM_NAME', 'hubzilla' ); -define ( 'STD_VERSION', '4.1.1' ); +define ( 'STD_VERSION', '4.0.1' ); define ( 'ZOT_REVISION', '6.0a' ); define ( 'DB_UPDATE_VERSION', 1231 );