Merge branch 'dev' of https://framagit.org/hubzilla/core into dev

doc/hook/attach_delete.bb

@@ -0,0 +1,11 @@
+[h2]attach_delete[/h2]
+
+Invoked when an attachment is deleted using attach_delete().
+
+[code]
+$arr = ['channel_id' => $channel_id, 'resource' => $resource, 'is_photo'=>$is_photo];
+call_hooks("attach_delete",$arr);
+[/code]
+
+
+See include/attach.php

doc/hook/content_security_policy.bb

@@ -0,0 +1,39 @@
+[h2]content_security_policy[/h2]
+
+Called to modify CSP settings prior to the output of the Content-Security-Policy header.
+
+This hook permits addons to modify the content-security-policy if necessary to allow loading of foreign js libraries or css styles.
+
+[code]
+if(App::$config['system']['content_security_policy']) {
+        $cspsettings = Array (
+                'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"),
+                'style-src' => Array ("'self'","'unsafe-inline'")
+        );
+        call_hooks('content_security_policy',$cspsettings);
+
+        // Legitimate CSP directives (cxref: https://content-security-policy.com/)
+        $validcspdirectives=Array(
+                "default-src", "script-src", "style-src",
+                "img-src", "connect-src", "font-src",
+                "object-src", "media-src", 'frame-src',
+                'sandbox', 'report-uri', 'child-src',
+                'form-action', 'frame-ancestors', 'plugin-types'
+        );
+        $cspheader = "Content-Security-Policy:";
+        foreach ($cspsettings as $cspdirective => $csp) {
+                if (!in_array($cspdirective,$validcspdirectives)) {
+                        logger("INVALID CSP DIRECTIVE: ".$cspdirective,LOGGER_DEBUG);
+                        continue;
+                }
+                $cspsettingsarray=array_unique($cspsettings[$cspdirective]);
+                $cspsetpolicy = implode(' ',$cspsettingsarray);
+                if ($cspsetpolicy) {
+                        $cspheader .= " ".$cspdirective." ".$cspsetpolicy.";";
+                }
+        }
+        header($cspheader);
+}
+[/code]
+
+see: boot.php

doc/hook/dreport_process.bb

@@ -0,0 +1,7 @@
+[h2]dreport_process[/h2]
+
+Called for each delivery report received
+
+Passed a delivery_report array.
+
+see: include/zot.php

doc/hook/dropdown_extras.bb

@@ -0,0 +1,17 @@
+[h2]dropdown_extras[/h2]
+
+Modify the dropdown menu available through the cog of items as displayed by conv_item.tpl
+
+This hook allows plugins to add arbitrary html to the cog dropdown of thread items displayed with the conv_item.tpl template.
+
+It is fed an array of ['item' => $item, 'dropdown_extras' => ''].  Any additions to the cog menu should be prepended/appended to
+the ['dropdown_extras'] element.
+
+[code]
+$dropdown_extras_arr = [ 'item' => $item , 'dropdown_extras' => '' ];
+call_hooks('dropdown_extras',$dropdown_extras_arr);
+$dropdown_extras = $dropdown_extras_arr['dropdown_extras'];
+[/code]
+
+see: Zotlabs/Lib/ThreadItem.php
+see: view/tpl/conv_item.tpl

doc/hooklist.bb

@@ -52,6 +52,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/app_menu]app_menu[/zrl]
 	Called when generating the app_menu dropdown (may be obsolete)
 
+[zrl=[baseurl]/help/hook/attach_delete]attach_delete[/zrl]
+	Called when attachments are deleted from the attach table
+
 [zrl=[baseurl]/help/hook/atom_author]atom_author[/zrl]
 	Called when generating an author or owner element for an Atom ActivityStream feed
 
@@ -151,6 +154,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/contact_select_options]contact_select_options[/zrl]
 	Deprecated/unused
 
+[zrl=[baseurl]/help/hook/content_security_policy]content_security_policy[/zrl]
+	Called prior to output of the Content-Security-Policy header
+
 [zrl=[baseurl]/help/hook/conversation_start]conversation_start[/zrl]
 	Called in the beginning of rendering a conversation (message or message collection or stream)
 
@@ -202,6 +208,12 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/dreport_is_storable]dreport_is_storable[/zrl]
 	called before storing a dreport record to determine whether to store it
 
+[zrl=[baseurl]/help/hook/dreport_process]dreport_process[/zrl]
+	called for each valid delivery report
+
+[zrl=[baseurl]/help/hook/dropdown_extras]dropdown_extras[/zrl]
+	Add additional items to the dropdown cog when item/threads are displayed.
+
 [zrl=[baseurl]/help/hook/drop_item]drop_item[/zrl]
 	called when an 'item' is removed
 
@@ -457,6 +469,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/permissions_update]permissions_update[/zrl]
 	Called when a permissions refresh is transmitted
 
+[zrl=[baseurl]/help/hook/permit_hook]permit_hook[/zrl]
+	Called before a registered hook is actually executed to determine if it should be allowed or blocked
+
 [zrl=[baseurl]/help/hook/personal_xrd]personal_xrd[/zrl]
 	Called when generating the personal XRD for "old webfinger" (Diaspora)
 

include/plugin.php

@@ -458,6 +458,25 @@ function call_hooks($name, &$data = null) {
 
 	if (isset(App::$hooks[$name])) { 
 		foreach(App::$hooks[$name] as $hook) {
+
+			if ($name != 'permit_hook') { // avoid looping
+				$checkhook = [
+ 					'name'=>$name,
+ 					'hook'=>$hook,
+                                        'data'=>$data,
+						// Note: Since PHP uses COPY-ON-WRITE
+                                                // for variables, there is no cost to
+						// passing the $data structure (unless
+						// the permit_hook processors change the
+						// information it contains.
+ 					'permit'=>true
+ 					];
+ 				call_hooks('permit_hook',$checkhook);
+ 				if (!$checkhook['permit']) {
+ 					continue;
+ 				}
+				$data = $checkhook['data'];
+			}
 			$origfn = $hook[1];
 			if($hook[0])
 				@include_once($hook[0]);