version bump

changelog
use the hubzilla icons
2017-09-18 16:39:43 +02:00 · 2017-09-18 16:37:55 +02:00 · 2017-09-18 16:33:22 +02:00 · 2017-09-18 16:21:01 +02:00 · 2017-09-14 10:00:47 +02:00 · 2017-09-14 07:19:56 +10:00
8 changed files with 93 additions and 69 deletions
--- a/21
+++ b/21
@@ -1,3 +1,24 @@
 Hubzilla 2.6.3 (2017-09-18)
 	- Fix anonymous comments/likes on photos - this is not yet implemented
 	- Fix favicon not displayed on certain pages
 	- Fix hubzilla logo icon for favicon and email notifications
 	- Fix an issue with displaying selected theme in settings/display
 	- [SECURITY] Restrict the input characters we accept in token verification strings to hex digits
 	- Remove hubzilla.nl from fallback directory servers
 Hubzilla 2.6.2 (2017-08-31)
 	- Fix webfinger returns invalid XML (github issue #851)
 Hubzilla 2.6.1 (2017-08-18)
 	- Fix a regression with dav clients
 	- Raise install requirements
 	Plugins/Addon
 	- Diaspora: fix PHP warning
 	- GNU-Social: fix PHP warning 
 Hubzilla 2.6 (2017-08-16)
 	- Upgrade to bootstrap-4 beta
 	- Consolidate disable_discover_tab config
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -1036,7 +1036,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				$likebuttons = '';
-				if($can_post || $can_comment) {
+				if($observer && ($can_post || $can_comment)) {
 					$likebuttons = [
 						'id'       => $link_item['id'],
 						'likethis' => t("I like this \x28toggle\x29"),
@@ -1048,7 +1048,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				$comments = '';
 				if(! count($r)) {
-					if($can_post || $can_comment) {
+					if($observer && ($can_post || $can_comment)) {
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '', 
 							'$mode' => 'photos',
@@ -1167,7 +1167,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					}
-					if($can_post || $can_comment) {
+					if($observer && ($can_post || $can_comment)) {
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '',
 							'$jsreload' => $return_url,
--- a/Zotlabs/Module/Settings/Display.php
+++ b/Zotlabs/Module/Settings/Display.php
@@ -24,34 +24,34 @@ class Display {
 		$mobile_theme      = ((x($_POST,'mobile_theme')) ? notags(trim($_POST['mobile_theme']))  : '');
 		$preload_images    = ((x($_POST,'preload_images')) ? intval($_POST['preload_images'])  : 0);
 		$user_scalable     = ((x($_POST,'user_scalable')) ? intval($_POST['user_scalable'])  : 0);
-		$nosmile           = ((x($_POST,'nosmile')) ? intval($_POST['nosmile'])  : 0); 
+		$nosmile           = ((x($_POST,'nosmile')) ? intval($_POST['nosmile'])  : 0);
-		$title_tosource    = ((x($_POST,'title_tosource')) ? intval($_POST['title_tosource'])  : 0);		 
+		$title_tosource    = ((x($_POST,'title_tosource')) ? intval($_POST['title_tosource'])  : 0);
 		$channel_list_mode = ((x($_POST,'channel_list_mode')) ? intval($_POST['channel_list_mode']) : 0);
 		$network_list_mode = ((x($_POST,'network_list_mode')) ? intval($_POST['network_list_mode']) : 0);
 		$manual_update     = ((array_key_exists('manual_update',$_POST)) ? intval($_POST['manual_update']) : 0);
-	
+
 		$channel_divmore_height = ((x($_POST,'channel_divmore_height')) ? intval($_POST['channel_divmore_height']) : 400);
 		if($channel_divmore_height < 50)
 			$channel_divmore_height = 50;
 		$network_divmore_height = ((x($_POST,'network_divmore_height')) ? intval($_POST['network_divmore_height']) : 400);
 		if($network_divmore_height < 50)
 			$network_divmore_height = 50;
-	
+
 		$browser_update   = ((x($_POST,'browser_update')) ? intval($_POST['browser_update']) : 0);
 		$browser_update   = $browser_update * 1000;
 		if($browser_update < 10000)
 			$browser_update = 10000;
-	
+
 		$itemspage   = ((x($_POST,'itemspage')) ? intval($_POST['itemspage']) : 20);
 		if($itemspage > 100)
 			$itemspage = 100;
-		
+
-		if ($mobile_theme == "---") 
+		if ($mobile_theme == "---")
 			del_pconfig(local_channel(),'system','mobile_theme');
 		else {
 			set_pconfig(local_channel(),'system','mobile_theme',$mobile_theme);
 		}
-	
+
 		set_pconfig(local_channel(),'system','preload_images',$preload_images);
 		set_pconfig(local_channel(),'system','user_scalable',$user_scalable);
 		set_pconfig(local_channel(),'system','update_interval', $browser_update);
@@ -63,7 +63,7 @@ class Display {
 		set_pconfig(local_channel(),'system','channel_divmore_height', $channel_divmore_height);
 		set_pconfig(local_channel(),'system','network_divmore_height', $network_divmore_height);
 		set_pconfig(local_channel(),'system','manual_conversation_update', $manual_update);
-	
+
 		$newschema = '';
 		if($theme){
 			// call theme_post only if theme has not been changed
@@ -76,7 +76,7 @@ class Display {
 					if(array_key_exists($_POST['schema'],$schemas))
 						$newschema = $_POST['schema'];
 					if($newschema === '---')
-						$newschema = '';	
+						$newschema = '';
 					$theme_config->post();
 				}
 			}
@@ -85,18 +85,18 @@ class Display {
 		logger('theme: ' . $theme . (($newschema) ? ':' . $newschema : ''));
 		$_SESSION['theme'] = $theme . (($newschema) ? ':' . $newschema : '');
-	
+
 		$r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d",
 				dbesc($theme . (($newschema) ? ':' . $newschema : '')),
 				intval(local_channel())
 		);
-		
+
 		call_hooks('display_settings_post', $_POST);
 		build_sync_packet();
 		goaway(z_root() . '/settings/display' );
 		return; // NOTREACHED
 	}
-	
+
 	function get() {
@@ -115,16 +115,16 @@ class Display {
 		$default_mobile_theme = get_config('system','mobile_theme');
 		if(! $mobile_default_theme)
 			$mobile_default_theme = 'none';
-	
+
 		$allowed_themes_str = get_config('system','allowed_themes');
 		$allowed_themes_raw = explode(',',$allowed_themes_str);
 		$allowed_themes = array();
 		if(count($allowed_themes_raw))
-			foreach($allowed_themes_raw as $x) 
+			foreach($allowed_themes_raw as $x)
 				if(strlen(trim($x)) && is_dir("view/theme/$x"))
 					$allowed_themes[] = trim($x);
-			
+
 		$themes = array();
 		$files = glob('view/theme/*');
 		if($allowed_themes) {
@@ -144,7 +144,7 @@ class Display {
 				$is_library = file_exists('view/theme/'. $th . '/library');
 				$mobile_themes['---'] = t("No special theme for mobile devices");
-				if (!$is_experimental or ($is_experimental && (get_config('experimentals','exp_themes')==1 or get_config('experimentals','exp_themes')===false))){ 
+				if (!$is_experimental or ($is_experimental && (get_config('experimentals','exp_themes')==1 or get_config('experimentals','exp_themes')===false))){
 					$theme_name = (($is_experimental) ?  sprintf(t('%s - (Experimental)'), $f) : $f);
 					if (! $is_library) {
 						if($is_mobile) {
@@ -160,26 +160,30 @@ class Display {
 		$theme_selected = ((array_key_exists('theme',$_SESSION) && $_SESSION['theme']) ? $_SESSION['theme'] : $theme);
 		if (strpos($theme_selected, ':')) {
 			$theme_selected = explode(':', $theme_selected)[0];
 		}
 		$mobile_theme_selected = (!x($_SESSION,'mobile_theme')? $default_mobile_theme : $_SESSION['mobile_theme']);
-	
+
 		$preload_images = get_pconfig(local_channel(),'system','preload_images');
 		$preload_images = (($preload_images===false)? '0': $preload_images); // default if not set: 0
-	
+
 		$user_scalable = get_pconfig(local_channel(),'system','user_scalable');
 		$user_scalable = (($user_scalable===false)? '0': $user_scalable); // default if not set: 0
-			
+
 		$browser_update = intval(get_pconfig(local_channel(), 'system','update_interval'));
 		$browser_update = (($browser_update == 0) ? 80 : $browser_update / 1000); // default if not set: 40 seconds
-	
+
 		$itemspage = intval(get_pconfig(local_channel(), 'system','itemspage'));
 		$itemspage = (($itemspage > 0 && $itemspage < 101) ? $itemspage : 20); // default if not set: 20 items
-			
+
 		$nosmile = get_pconfig(local_channel(),'system','no_smilies');
 		$nosmile = (($nosmile===false)? '0': $nosmile); // default if not set: 0
-	
+
 		$title_tosource = get_pconfig(local_channel(),'system','title_tosource');
 		$title_tosource = (($title_tosource===false)? '0': $title_tosource); // default if not set: 0
-	
+
 		$theme_config = "";
 		if(($themeconfigfile = $this->get_theme_config_file($theme)) != null){
 			require_once($themeconfigfile);
@@ -192,18 +196,18 @@ class Display {
 		}
 		// logger('schemas: ' . print_r($schemas,true));
-			
+
 		$tpl = get_markup_template("settings_display.tpl");
 		$o = replace_macros($tpl, array(
 			'$ptitle' 	=> t('Display Settings'),
-			'$d_tset'       => t('Theme Settings'), 
+			'$d_tset'       => t('Theme Settings'),
-			'$d_ctset'      => t('Custom Theme Settings'), 
+			'$d_ctset'      => t('Custom Theme Settings'),
 			'$d_cset'       => t('Content Settings'),
 			'$form_security_token' => get_form_security_token("settings_display"),
 			'$submit' 	=> t('Submit'),
 			'$baseurl' => z_root(),
 			'$uid' => local_channel(),
-			
+
 			'$theme'	=> (($themes) ? array('theme', t('Display Theme:'), $theme_selected, '', $themes, 'preview') : false),
 			'$schema'   => array('schema', t('Select scheme'), $existing_schema, '' , $schemas),
@@ -222,11 +226,11 @@ class Display {
 			'$network_list_mode' => array('network_list_mode', t('Use blog/list mode on grid page'), get_pconfig(local_channel(),'system','network_list_mode'), t('(comments displayed separately)'), $yes_no),
 			'$channel_divmore_height' => array('channel_divmore_height', t('Channel page max height of content (in pixels)'), ((get_pconfig(local_channel(),'system','channel_divmore_height')) ? get_pconfig(local_channel(),'system','channel_divmore_height') : 400), t('click to expand content exceeding this height')),
 			'$network_divmore_height' => array('network_divmore_height', t('Grid page max height of content (in pixels)'), ((get_pconfig(local_channel(),'system','network_divmore_height')) ? get_pconfig(local_channel(),'system','network_divmore_height') : 400) , t('click to expand content exceeding this height')),
-	
+
-	
+
 		));
-		call_hooks('display_settings',$o);			
+		call_hooks('display_settings',$o);
 		return $o;
 	}
@@ -234,10 +238,10 @@ class Display {
 	function get_theme_config_file($theme){
 		$base_theme = \App::$theme_info['extends'];
-	
+
 		if (file_exists("view/theme/$theme/php/config.php")){
 			return "view/theme/$theme/php/config.php";
-		} 
+		}
 		if (file_exists("view/theme/$base_theme/php/config.php")){
 			return "view/theme/$base_theme/php/config.php";
 		}
@@ -246,5 +250,5 @@ class Display {
-			
+
 }
--- a/Zotlabs/Module/Xrd.php
+++ b/Zotlabs/Module/Xrd.php
@@ -57,7 +57,7 @@ class Xrd extends \Zotlabs\Web\Controller {
 			'$poco_url'    => z_root() . '/poco/'          . $r[0]['channel_address'],
 			'$photo'       => z_root() . '/photo/profile/l/' . $r[0]['channel_id'],
 			'$modexp'      => 'data:application/magic-public-key,'  . $salmon_key,
-			'$subscribe'   => z_root() . '/follow?f=&url={uri}',
+			'$subscribe'   => z_root() . '/follow?f=&amp;url={uri}',
 		));
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -187,7 +187,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
    }
 	protected function check_module_access($channel_id) {
-		if($channel_id && \App::$module === 'cdav') {
+		if($channel_id && in_array(\App::$module,[ 'dav', 'cdav', 'snap'] )) {
 			return true;
 		}
 		$this->module_disabled = true;
--- a/boot.php
+++ b/boot.php
@@ -49,7 +49,7 @@ require_once('include/hubloc.php');
 require_once('include/attach.php');
 define ( 'PLATFORM_NAME',           'hubzilla' );
-define ( 'STD_VERSION',             '2.6' );
+define ( 'STD_VERSION',             '2.6.3' );
 define ( 'ZOT_REVISION',            '1.2' );
 define ( 'DB_UPDATE_VERSION',       1193  );
@@ -80,10 +80,10 @@ define ( 'DIRECTORY_MODE_STANDALONE',  0x0100); // A detached (off the grid) hub
 define ( 'DIRECTORY_REALM',            'RED_GLOBAL');
 define ( 'DIRECTORY_FALLBACK_MASTER',  'https://gravizot.de');
-$DIRECTORY_FALLBACK_SERVERS = array( 
+$DIRECTORY_FALLBACK_SERVERS = array(
 	'https://hubzilla.zottel.net',
 	'https://my.federated.social',
-	'https://hubzilla.nl',
+	//'https://hubzilla.nl',
 	'https://gravizot.de'
 );
@@ -205,7 +205,7 @@ define ( 'PAGE_PREMIUM',           0x0010 );
 define ( 'PAGE_ADULT',             0x0020 );
 define ( 'PAGE_CENSORED',          0x0040 ); // Site admin has blocked this channel from appearing in casual search results and site feeds
 define ( 'PAGE_SYSTEM',            0x1000 );
-define ( 'PAGE_HUBADMIN',          0x2000 ); // set this to indicate a preferred admin channel rather than the 
+define ( 'PAGE_HUBADMIN',          0x2000 ); // set this to indicate a preferred admin channel rather than the
 											 // default channel of any accounts with the admin role.
 define ( 'PAGE_REMOVED',           0x8000 );
@@ -599,13 +599,15 @@ function sys_boot() {
 	if(! defined('DEFAULT_PLATFORM_ICON')) {
-		define( 'DEFAULT_PLATFORM_ICON', '/images/rm-32.png' );
+		define( 'DEFAULT_PLATFORM_ICON', '/images/hz-32.png' );
 	}
 	if(! defined('DEFAULT_NOTIFY_ICON')) {
-		define( 'DEFAULT_NOTIFY_ICON', '/images/rm-32.png' );
+		define( 'DEFAULT_NOTIFY_ICON', '/images/hz-white-64.png' );
 	}
 	App::head_set_icon(DEFAULT_PLATFORM_ICON);
 	/*
 	 * Try to open the database;
 	 */
@@ -936,8 +938,6 @@ class App {
 		self::$is_mobile = $mobile_detect->isMobile();
 		self::$is_tablet = $mobile_detect->isTablet();
 		self::head_set_icon(DEFAULT_PLATFORM_ICON);
 		/*
 		 * register template engines
 		 */
@@ -1113,7 +1113,7 @@ class App {
 		 * being first
 		 */
-		self::$page['htmlhead'] = replace_macros(get_markup_template('head.tpl'), 
+		self::$page['htmlhead'] = replace_macros(get_markup_template('head.tpl'),
 			[
 				'$preload_images'  => $preload_images,
 				'$user_scalable'   => $user_scalable,
@@ -1145,7 +1145,7 @@ class App {
 	public static function register_template_engine($class, $name = '') {
 		if(! $name) {
 			$v = get_class_vars($class);
-			if(x($v, "name")) { 
+			if(x($v, "name")) {
 				$name = $v['name'];
 			}
 		}
@@ -1187,7 +1187,7 @@ class App {
 			}
 		}
-		echo "template engine <tt>$template_engine</tt> is not registered!\n"; 
+		echo "template engine <tt>$template_engine</tt> is not registered!\n";
 		killme();
 	}
@@ -1314,7 +1314,7 @@ function os_mkdir($path, $mode = 0777, $recursive = false) {
 	$oldumask = @umask(0);
 	$result = @mkdir($path, $mode, $recursive);
 	@umask($oldumask);
-	return $result; 
+	return $result;
 }
@@ -1664,8 +1664,8 @@ function get_account_id() {
 * @return int|bool channel_id or false
 */
 function local_channel() {
-	if(session_id() 
+	if(session_id()
-		&& array_key_exists('authenticated',$_SESSION) && $_SESSION['authenticated'] 
+		&& array_key_exists('authenticated',$_SESSION) && $_SESSION['authenticated']
 		&& array_key_exists('uid',$_SESSION) && intval($_SESSION['uid']))
 		return intval($_SESSION['uid']);
@@ -1685,8 +1685,8 @@ function local_channel() {
 * @return string|bool visitor_id or false
 */
 function remote_channel() {
-	if(session_id() 
+	if(session_id()
-		&& array_key_exists('authenticated',$_SESSION) && $_SESSION['authenticated'] 
+		&& array_key_exists('authenticated',$_SESSION) && $_SESSION['authenticated']
 		&& array_key_exists('visitor_id',$_SESSION) && $_SESSION['visitor_id'])
 		return $_SESSION['visitor_id'];
@@ -1705,8 +1705,8 @@ function notice($s) {
 	if(! x($_SESSION, 'sysmsg')) $_SESSION['sysmsg'] = array();
-	// ignore duplicated error messages which haven't yet been displayed 
+	// ignore duplicated error messages which haven't yet been displayed
-	// - typically seen as multiple 'permission denied' messages 
+	// - typically seen as multiple 'permission denied' messages
 	// as a result of auto-reloading a protected page with &JS=1
 	if(in_array($s,$_SESSION['sysmsg']))
@@ -1728,7 +1728,7 @@ function notice($s) {
 function info($s) {
 	if(! session_id())
 		return;
-	if(! x($_SESSION, 'sysmsg_info')) 
+	if(! x($_SESSION, 'sysmsg_info'))
 		$_SESSION['sysmsg_info'] = array();
 	if(App::$interactive)
 		$_SESSION['sysmsg_info'][] = $s;
@@ -1804,7 +1804,7 @@ function proc_run(){
 		proc_close(proc_open($cmd, array(), $foo));
 	}
 	else {
-		if(get_config('system','use_proc_open')) 
+		if(get_config('system','use_proc_open'))
 			proc_close(proc_open($cmdline ." &", array(), $foo));
 		else
 			exec($cmdline . ' > /dev/null &');
@@ -1817,8 +1817,8 @@ function proc_run(){
 * @return bool true if we run on M$ Windows
 *
 * It's possible you might be able to run on WAMP or XAMPP, and this
- * has been accomplished, but is not officially supported. Good luck. 
+ * has been accomplished, but is not officially supported. Good luck.
- * 
+ *
 */
 function is_windows() {
 	return ((strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? true : false);
@@ -2167,7 +2167,7 @@ function construct_page() {
 	if(App::$config['system']['x_security_headers']) {
 		header("X-Frame-Options: SAMEORIGIN");
 		header("X-Xss-Protection: 1; mode=block;");
-		header("X-Content-Type-Options: nosniff");	
+		header("X-Content-Type-Options: nosniff");
 	}
 	if(App::$config['system']['public_key_pins']) {
@@ -2280,7 +2280,7 @@ function z_check_cert() {
 				cert_bad_email();
 		}
 	}
-} 
+}
 /**
@@ -2389,7 +2389,7 @@ function check_for_new_perms() {
 function check_cron_broken() {
 	$d = get_config('system','lastcron');
-	
+
 	if((! $d) || ($d < datetime_convert('UTC','UTC','now - 4 hours'))) {
 		Zotlabs\Daemon\Master::Summon(array('Cron'));
 		set_config('system','lastcron',datetime_convert());
@@ -2434,9 +2434,8 @@ function check_cron_broken() {
 function observer_prohibited($allow_account = false) {
-	if($allow_account) 
+	if($allow_account)
 		return (((get_config('system','block_public')) && (! get_account_id()) && (! remote_channel())) ? true : false );
 	return (((get_config('system','block_public')) && (! local_channel()) && (! remote_channel())) ? true : false );
 }
--- a/include/zot.php
+++ b/include/zot.php
@@ -133,7 +133,7 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot
 	}
 	if ($secret) {
-		$data['secret'] = $secret;
+		$data['secret'] = preg_replace('/[^0-9a-fA-F]/','',$secret);
 		$data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey']));
 	}
--- a/install/INSTALL.txt
+++ b/install/INSTALL.txt
@@ -104,7 +104,7 @@ technical abilities.
 	Example config scripts are available for these platforms in the install 
 	directory. Apache and nginx have the most support. 
-    - PHP 5.5 or later. 
+    - PHP 5.6 or later. 
    - PHP *command line* access with register_argc_argv set to true in the 
    php.ini file - and with no hosting provider restrictions on the use of 
@@ -116,7 +116,7 @@ technical abilities.
    - some form of email server or email gateway such that PHP mail() works.
-    - Mysql 5.x or MariaDB or postgres database server.
+    - Mysql 5.5.3 or later or MariaDB or postgres database server.
    - ability to schedule jobs with cron.
Author	SHA1	Message	Date
Mario	d11d36040d	version bump	2017-09-18 16:39:43 +02:00
Mario	46daaa11fd	changelog	2017-09-18 16:37:55 +02:00
Mario Vavti	cca2b1621f	use the hubzilla icons	2017-09-18 16:33:22 +02:00
Mario Vavti	807776cb15	anonymous comments are not implemented for photos.	2017-09-18 16:21:01 +02:00
git-marijus	235ba81f25	Merge pull request #859 from subrealist/short_icon_admin_fix #858: Fix: Shortcut icon isn't dysplayed when 'Admin' or 'Channel Manager' panel are opened	2017-09-14 10:00:47 +02:00
Sergey Lukin	d5bd5cda97	hubzilla issue #858 : Fix: Shortcut icon is not dysplayed when Admin or Channel Manager panels are opened	2017-09-14 07:19:56 +10:00
git-marijus	d77872de50	Merge pull request #856 from subrealist/displaying_selected_theme hubzilla issue #855: fix for some problems with displaying selected theme	2017-09-12 21:17:59 +02:00
Sergey Lukin	91ed3b357d	hubzilla issue #855 : fix for some problems with displaying selected theme after panel Settings->Display loading	2017-09-13 04:00:59 +10:00
zotlabs	1305584d77	avoid a security patch and resultant compatibility issues; instead restrict the input characters we accept in token verification strings to hex digits. This will all be changing in the coming weeks/months anyway.	2017-09-06 13:38:33 +02:00
Mario Vavti	03b31932d1	remove hubzilla.nl from fallback directory servers	2017-09-04 10:15:00 +02:00
git-marijus	0ee2378cec	bump version	2017-08-31 10:23:09 +02:00
git-marijus	f3c0db0f39	changelog	2017-08-31 10:22:05 +02:00
zotlabs	3a52af6327	hubzilla issue #851	2017-08-31 10:15:23 +02:00
zotlabs	f9dd4188b4	update installation requirements - php 5.6 and mysql 5.5.3	2017-08-18 13:04:30 +02:00
Mario Vavti	557aa18526	update changelog	2017-08-18 13:04:20 +02:00
git-marijus	2a2abf14bb	bugfix release 2.6.1	2017-08-18 08:28:37 +02:00
git-marijus	b553ecbb18	update changelog	2017-08-18 08:27:34 +02:00
zotlabs	3443416540	hubzilla issue #846	2017-08-18 08:20:04 +02:00