aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2022-11-13 19:43:12 +0000
committerMario <mario@mariovavti.com>2022-11-13 19:43:12 +0000
commitca6ba92d824b528f197a7253c043fd2aae5b4d7c (patch)
tree88e7cac94e22a24429a42cc5960116d6d96b70ec
parent8c6c43d762652d5f6470db99b3b2bd089d1bea23 (diff)
parent04516b787ac1230d7da4bd7445f7a8bc76bd65a1 (diff)
downloadvolse-hubzilla-ca6ba92d824b528f197a7253c043fd2aae5b4d7c.tar.gz
volse-hubzilla-ca6ba92d824b528f197a7253c043fd2aae5b4d7c.tar.bz2
volse-hubzilla-ca6ba92d824b528f197a7253c043fd2aae5b4d7c.zip
Merge branch 'dev'
-rw-r--r--CHANGELOG8
-rw-r--r--Zotlabs/Lib/Activity.php7
-rw-r--r--Zotlabs/Lib/Libsync.php11
-rw-r--r--Zotlabs/Module/Activity.php2
-rw-r--r--Zotlabs/Module/Cdav.php34
-rw-r--r--Zotlabs/Module/Display.php21
-rw-r--r--Zotlabs/Module/Oep.php1
-rw-r--r--Zotlabs/Web/WebServer.php3
-rw-r--r--include/feedutils.php4
-rw-r--r--include/items.php3
10 files changed, 55 insertions, 39 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 1731eceb8..548f98c78 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,11 @@
+Hubzilla 7.8.5 (2022-11-13)
+ - Fix outbound edit activity not of type update
+ - Fix mod display not falling through to fetch public item
+ - Fix more PHP warnings
+ - Fix regression in items_fetch() which resulted in empty atom feed
+ - Pubcrawl: cleanup and slightly restructre mod inbox
+
+
Hubzilla 7.8.4 (2022-11-09)
- Fix new uuid created when editing a post
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 963a8ff75..9dbb15c28 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -545,6 +545,7 @@ class Activity {
call_hooks('encode_item', $hookinfo);
+
return $hookinfo['encoded'];
}
@@ -821,8 +822,12 @@ class Activity {
}
$ret['published'] = ((isset($i['created'])) ? datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME) : datetime_convert());
- if (isset($i['created'], $i['edited']) && $i['created'] !== $i['edited'])
+ if (isset($i['created'], $i['edited']) && $i['created'] !== $i['edited']) {
$ret['updated'] = datetime_convert('UTC', 'UTC', $i['edited'], ATOM_TIME);
+ if ($ret['type'] === 'Create') {
+ $ret['type'] = 'Update';
+ }
+ }
if (isset($i['app']) && $i['app']) {
$ret['generator'] = ['type' => 'Application', 'name' => $i['app']];
diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php
index 9851ce52a..09b81dc83 100644
--- a/Zotlabs/Lib/Libsync.php
+++ b/Zotlabs/Lib/Libsync.php
@@ -184,6 +184,8 @@ class Libsync {
require_once('include/import.php');
+hz_syslog(print_r($arr, true));
+
$result = [];
$keychange = ((array_key_exists('keychange', $arr)) ? true : false);
@@ -192,7 +194,10 @@ class Libsync {
dbesc($sender)
);
- $DR = new DReport(z_root(), $sender, $d, 'sync');
+ $mid = 'sync';
+
+
+ $DR = new DReport(z_root(), $sender, $d, $mid);
if (!$r) {
$DR->update('recipient not found');
@@ -202,7 +207,6 @@ class Libsync {
$channel = $r[0];
- $mid = 'sync';
$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
@@ -297,7 +301,7 @@ class Libsync {
if (array_key_exists('item', $arr) && $arr['item']) {
sync_items($channel, $arr['item'], ((array_key_exists('relocate', $arr)) ? $arr['relocate'] : null));
- $mid = $arr['item']['mid'] . '#sync';
+ $mid = $arr['item'][0]['message_id'] . '#sync';
}
// deprecated, maintaining for a few months for upward compatibility
@@ -750,7 +754,6 @@ class Libsync {
$result[] = $DR->get();
}
-
return $result;
}
diff --git a/Zotlabs/Module/Activity.php b/Zotlabs/Module/Activity.php
index 2fbc35274..4ddfe602d 100644
--- a/Zotlabs/Module/Activity.php
+++ b/Zotlabs/Module/Activity.php
@@ -182,7 +182,7 @@ class Activity extends Controller {
return;
}
- $ob_authorise = false;
+ $ob_authorize = false;
$item_uid = 0;
$bear = ZlibActivity::token_from_request();
diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php
index e68b2e5b4..8e77515ce 100644
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
@@ -332,9 +332,9 @@ class Cdav extends Controller {
} while ($duplicate == true);
$properties = [
- '{DAV:}displayname' => $_REQUEST['{DAV:}displayname'],
- '{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color'],
- '{urn:ietf:params:xml:ns:caldav}calendar-description' => $channel['channel_name']
+ '{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname']),
+ '{http://apple.com/ns/ical/}calendar-color' => escape_tags($_REQUEST['color']),
+ '{urn:ietf:params:xml:ns:caldav}calendar-description' => escape_tags($channel['channel_name'])
];
$id = $caldavBackend->createCalendar($principalUri, $calendarUri, $properties);
@@ -366,7 +366,7 @@ class Cdav extends Controller {
$allday = $_REQUEST['allday'];
- $title = $_REQUEST['title'];
+ $title = escape_tags($_REQUEST['title']);
$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
$dtstart = new \DateTime($start);
@@ -374,8 +374,8 @@ class Cdav extends Controller {
$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
$dtend = new \DateTime($end);
}
- $description = $_REQUEST['description'];
- $location = $_REQUEST['location'];
+ $description = escape_tags($_REQUEST['description']);
+ $location = escape_tags($_REQUEST['location']);
do {
$duplicate = false;
@@ -441,8 +441,8 @@ class Cdav extends Controller {
$cdavdata = $this->get_cdav_data($id[0], 'calendarinstances');
$mutations = [
- '{DAV:}displayname' => $_REQUEST['{DAV:}displayname'],
- '{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color']
+ '{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname']),
+ '{http://apple.com/ns/ical/}calendar-color' => escape_tags($_REQUEST['color'])
];
$patch = new \Sabre\DAV\PropPatch($mutations);
@@ -471,18 +471,18 @@ class Cdav extends Controller {
$timezone = ((x($_POST,'timezone_select')) ? escape_tags(trim($_POST['timezone_select'])) : '');
$tz = (($timezone) ? $timezone : date_default_timezone_get());
- $allday = $_REQUEST['allday'];
+ $allday = intval($_REQUEST['allday']);
- $uri = $_REQUEST['uri'];
- $title = $_REQUEST['title'];
+ $uri = escape_tags($_REQUEST['uri']);
+ $title = escape_tags($_REQUEST['title']);
$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
$dtstart = new \DateTime($start);
if($_REQUEST['dtend']) {
$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
$dtend = new \DateTime($end);
}
- $description = $_REQUEST['description'];
- $location = $_REQUEST['location'];
+ $description = escape_tags($_REQUEST['description']);
+ $location = escape_tags($_REQUEST['location']);
$object = $caldavBackend->getCalendarObject($id, $uri);
@@ -654,7 +654,7 @@ class Cdav extends Controller {
$duplicate = true;
} while ($duplicate == true);
- $properties = ['{DAV:}displayname' => $_REQUEST['{DAV:}displayname']];
+ $properties = ['{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname'])];
$carddavBackend->createAddressBook($principalUri, $addressbookUri, $properties);
@@ -668,9 +668,9 @@ class Cdav extends Controller {
}
//edit addressbook
- if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && intval($_REQUEST['id'])) {
+ if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && $_REQUEST['id']) {
- $id = $_REQUEST['id'];
+ $id = intval($_REQUEST['id']);
if(! cdav_perms($id,$addressbooks))
return;
@@ -678,7 +678,7 @@ class Cdav extends Controller {
$cdavdata = $this->get_cdav_data($id, 'addressbooks');
$mutations = [
- '{DAV:}displayname' => $_REQUEST['{DAV:}displayname']
+ '{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname'])
];
$patch = new \Sabre\DAV\PropPatch($mutations);
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 0aac96f4a..1a1c09d7c 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -213,27 +213,27 @@ class Display extends \Zotlabs\Web\Controller {
$observer_hash = get_observer_hash();
$item_normal = item_normal();
$item_normal_update = item_normal_update();
-
- $sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
+ $sql_extra = '';
+ $r = [];
if($noscript_content || $load) {
-
require_once('include/channel.php');
$sys = get_sys_channel();
// in case somebody turned off public access to sys channel content using permissions
// make that content unsearchable by ensuring the owner uid can't match
$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
- $r = null;
-
if(local_channel()) {
$r = q("SELECT item.id AS item_id FROM item WHERE uid = %d AND mid = '%s' $item_normal LIMIT 1",
intval(local_channel()),
dbesc($target_item['parent_mid'])
);
+
}
- if($r === null) {
+ if(!$r) {
+ $sql_extra = item_permissions_sql(0, $observer_hash);
+
$r = q("SELECT item.id AS item_id FROM item
WHERE ((mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
@@ -257,7 +257,6 @@ class Display extends \Zotlabs\Web\Controller {
// make that content unsearchable by ensuring the owner uid can't match
$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
- $r = null;
if(local_channel()) {
$r = q("SELECT item.parent AS item_id from item
WHERE uid = %d
@@ -270,7 +269,9 @@ class Display extends \Zotlabs\Web\Controller {
);
}
- if($r === null) {
+ if(!$r) {
+ $sql_extra = item_permissions_sql(0, $observer_hash);
+
$r = q("SELECT item.id as item_id from item
WHERE ((parent_mid = '%s'
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
@@ -287,10 +288,6 @@ class Display extends \Zotlabs\Web\Controller {
}
}
- else {
- $r = [];
- }
-
if($r) {
$parents_str = ids_to_querystr($r,'item_id');
if($parents_str) {
diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php
index d3ef05e16..bf17e6436 100644
--- a/Zotlabs/Module/Oep.php
+++ b/Zotlabs/Module/Oep.php
@@ -343,6 +343,7 @@ class Oep extends \Zotlabs\Web\Controller {
if(! ($chn && $res))
return;
+
$c = q("select * from channel where channel_address = '%s' limit 1",
dbesc($chn)
);
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index 9fa5a7797..f43ae10a4 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -50,7 +50,8 @@ class WebServer {
else
unset($_SESSION['language']);
}
- if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
+
+ if ((x($_SESSION, 'language')) && ($_SESSION['language'] !== \App::$language)) {
\App::$language = $_SESSION['language'];
load_translation_table(\App::$language);
}
diff --git a/include/feedutils.php b/include/feedutils.php
index 814e9c163..eea908fe8 100644
--- a/include/feedutils.php
+++ b/include/feedutils.php
@@ -1904,7 +1904,7 @@ function atom_entry($item, $type, $author, $owner, $comment = false, $cid = 0, $
if(! $item['parent'])
return;
- if($item['deleted'])
+ if($item['item_deleted'])
return '<at:deleted-entry ref="' . xmlify($item['mid']) . '" when="' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '" />' . "\r\n";
create_export_photo_body($item);
@@ -2024,7 +2024,7 @@ function atom_entry($item, $type, $author, $owner, $comment = false, $cid = 0, $
}
}
- if($item['term']) {
+ if (isset($item['term']) && $item['term']) {
foreach($item['term'] as $term) {
$scheme = '';
$label = '';
diff --git a/include/items.php b/include/items.php
index 96e3980f1..4e4869aa8 100644
--- a/include/items.php
+++ b/include/items.php
@@ -4608,9 +4608,10 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
$items = array();
}
- if($parents_str && $arr['mark_seen'])
+ if ($parents_str && (isset($arr['mark_seen']) && $arr['mark_seen'])) {
$update_unseen = ' AND parent IN ( ' . dbesc($parents_str) . ' )';
/** @FIXME finish mark unseen sql */
+ }
}
return $items;