aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Access/PermissionRoles.php2
-rw-r--r--Zotlabs/Lib/PConfig.php1
-rw-r--r--Zotlabs/Module/Setup.php82
-rw-r--r--boot.php26
-rw-r--r--include/account.php12
-rw-r--r--include/channel.php10
-rw-r--r--include/environment.php9
-rw-r--r--include/language.php14
-rw-r--r--include/permissions.php25
9 files changed, 98 insertions, 83 deletions
diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php
index 2bcce4eb4..998b6d8d2 100644
--- a/Zotlabs/Access/PermissionRoles.php
+++ b/Zotlabs/Access/PermissionRoles.php
@@ -317,4 +317,4 @@ class PermissionRoles {
return $roles;
}
-} \ No newline at end of file
+}
diff --git a/Zotlabs/Lib/PConfig.php b/Zotlabs/Lib/PConfig.php
index c08c11e75..765131f0d 100644
--- a/Zotlabs/Lib/PConfig.php
+++ b/Zotlabs/Lib/PConfig.php
@@ -132,6 +132,7 @@ class PConfig {
// manage array value
$dbvalue = ((is_array($value)) ? serialize($value) : $value);
$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue) : $dbvalue);
+ $new = false;
$now = datetime_convert();
if (! $updated) {
diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php
index 541e4fa21..ca8c19600 100644
--- a/Zotlabs/Module/Setup.php
+++ b/Zotlabs/Module/Setup.php
@@ -63,15 +63,15 @@ class Setup extends \Zotlabs\Web\Controller {
return;
// implied break;
case 3:
- $dbhost = trim($_POST['dbhost']);
- $dbport = intval(trim($_POST['dbport']));
- $dbuser = trim($_POST['dbuser']);
- $dbpass = trim($_POST['dbpass']);
- $dbdata = trim($_POST['dbdata']);
- $dbtype = intval(trim($_POST['dbtype']));
- $phpath = trim($_POST['phpath']);
- $adminmail = trim($_POST['adminmail']);
- $siteurl = trim($_POST['siteurl']);
+ $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '');
+ $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : '');
+ $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0);
+ $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : '');
+ $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : '');
+ $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0);
+ $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : '');
+ $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : '');
+ $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : '');
// $siteurl should not have a trailing slash
@@ -88,16 +88,16 @@ class Setup extends \Zotlabs\Web\Controller {
return;
// implied break;
case 4:
- $dbhost = trim($_POST['dbhost']);
- $dbport = intval(trim($_POST['dbport']));
- $dbuser = trim($_POST['dbuser']);
- $dbpass = trim($_POST['dbpass']);
- $dbdata = trim($_POST['dbdata']);
- $dbtype = intval(trim($_POST['dbtype']));
- $phpath = trim($_POST['phpath']);
- $timezone = trim($_POST['timezone']);
- $adminmail = trim($_POST['adminmail']);
- $siteurl = trim($_POST['siteurl']);
+ $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '');
+ $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : '');
+ $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0);
+ $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : '');
+ $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : '');
+ $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0);
+ $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : '');
+ $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : '');
+ $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : '');
+ $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : '');
if($siteurl != z_root()) {
$test = z_fetch_url($siteurl."/setup/testrewrite");
@@ -108,12 +108,14 @@ class Setup extends \Zotlabs\Web\Controller {
}
}
- if(! \DBA::$dba->connected) {
+ $db = null;
+
+ if(! isset(\DBA::$dba->connected)) {
// connect to db
$db = \DBA::dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true);
}
- if(! \DBA::$dba->connected) {
+ if(! isset(\DBA::$dba->connected)) {
echo 'CRITICAL: DB not connected.';
killme();
}
@@ -126,7 +128,7 @@ class Setup extends \Zotlabs\Web\Controller {
'$dbpass' => $dbpass,
'$dbdata' => $dbdata,
'$dbtype' => $dbtype,
- '$server_role' => 'pro',
+ '$server_role' => '',
'$timezone' => $timezone,
'$siteurl' => $siteurl,
'$site_id' => random_string(),
@@ -267,14 +269,14 @@ class Setup extends \Zotlabs\Web\Controller {
case 2: { // Database config
- $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1');
- $dbuser = trim($_POST['dbuser']);
- $dbport = intval(trim($_POST['dbport']));
- $dbpass = trim($_POST['dbpass']);
- $dbdata = trim($_POST['dbdata']);
- $dbtype = intval(trim($_POST['dbtype']));
- $phpath = trim($_POST['phpath']);
- $adminmail = trim($_POST['adminmail']);
+ $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1');
+ $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : '');
+ $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0);
+ $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : '');
+ $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : '');
+ $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0);
+ $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : '');
+ $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : '');
$tpl = get_markup_template('install_db.tpl');
$o .= replace_macros($tpl, array(
@@ -307,17 +309,17 @@ class Setup extends \Zotlabs\Web\Controller {
}; break;
case 3: { // Site settings
require_once('include/datetime.php');
- $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1');
- $dbport = intval(trim($_POST['dbuser']));
- $dbuser = trim($_POST['dbuser']);
- $dbpass = trim($_POST['dbpass']);
- $dbdata = trim($_POST['dbdata']);
- $dbtype = intval(trim($_POST['dbtype']));
- $phpath = trim($_POST['phpath']);
-
- $adminmail = trim($_POST['adminmail']);
- $timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles');
+ $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1');
+ $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : '');
+ $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0);
+ $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : '');
+ $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : '');
+ $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0);
+ $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : '');
+ $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : 'America/Los_Angeles');
+ $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : '');
+ $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : '');
$tpl = get_markup_template('install_settings.tpl');
$o .= replace_macros($tpl, array(
diff --git a/boot.php b/boot.php
index b8e260341..28ca02f84 100644
--- a/boot.php
+++ b/boot.php
@@ -1183,14 +1183,18 @@ class App {
if($interval < 10000)
$interval = 80000;
- if(! x(self::$page,'title'))
+ if(! isset(self::$page['title']) && isset(self::$config['system']['sitename']))
self::$page['title'] = self::$config['system']['sitename'];
- $pagemeta = [ 'og:title' => self::$page['title'] ];
+ if(isset(self::$page['title']))
+ $pagemeta = [ 'og:title' => self::$page['title'] ];
call_hooks('page_meta',$pagemeta);
- foreach ($pagemeta as $metaproperty => $metavalue) {
- self::$meta->set($metaproperty,$metavalue);
+
+ if($pagemeta) {
+ foreach ($pagemeta as $metaproperty => $metavalue) {
+ self::$meta->set($metaproperty,$metavalue);
+ }
}
self::$meta->set('generator', Zotlabs\Lib\System::get_platform_name());
@@ -1226,10 +1230,10 @@ class App {
'$linkrel' => head_get_links(),
'$js_strings' => js_strings(),
'$zid' => get_my_address(),
- '$channel_id' => self::$profile['uid'],
- '$auto_save_draft' => ((feature_enabled(self::$profile['uid'], 'auto_save_draft')) ? "true" : "false")
+ '$channel_id' => self::$profile['uid'] ?? 0,
+ '$auto_save_draft' => ((isset(self::$profile['uid']) && feature_enabled(self::$profile['uid'], 'auto_save_draft')) ? "true" : "false")
]
- ) . self::$page['htmlhead'];
+ ) . ((isset(self::$page['htmlhead'])) ? self::$page['htmlhead'] : '');
// always put main.js at the end
self::$page['htmlhead'] .= head_get_main_js();
@@ -2351,7 +2355,7 @@ function construct_page() {
App::build_pagehead();
- if(App::$page['pdl_content']) {
+ if(isset(App::$page['pdl_content'])) {
App::$page['content'] = App::$comanche->region(App::$page['content']);
}
@@ -2418,7 +2422,7 @@ function construct_page() {
if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header'])
header("Strict-Transport-Security: max-age=31536000");
- if(App::$config['system']['content_security_policy']) {
+ if(isset(App::$config['system']['content_security_policy'])) {
$cspsettings = Array (
'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"),
'style-src' => Array ("'self'","'unsafe-inline'")
@@ -2448,13 +2452,13 @@ function construct_page() {
header($cspheader);
}
- if(App::$config['system']['x_security_headers']) {
+ if(isset(App::$config['system']['x_security_headers'])) {
header("X-Frame-Options: SAMEORIGIN");
header("X-Xss-Protection: 1; mode=block;");
header("X-Content-Type-Options: nosniff");
}
- if(App::$config['system']['public_key_pins']) {
+ if(isset(App::$config['system']['public_key_pins'])) {
header("Public-Key-Pins: " . App::$config['system']['public_key_pins']);
}
diff --git a/include/account.php b/include/account.php
index 34936c33f..fefe61d15 100644
--- a/include/account.php
+++ b/include/account.php
@@ -605,8 +605,8 @@ function account_approve($hash) {
*/
function downgrade_accounts() {
- $r = q("select * from account where not ( account_flags & %d ) > 0
- and account_expires > '%s'
+ $r = q("select * from account where not ( account_flags & %d ) > 0
+ and account_expires > '%s'
and account_expires < %s ",
intval(ACCOUNT_EXPIRED),
dbesc(NULL_DATE),
@@ -746,8 +746,8 @@ function service_class_fetch($uid, $property) {
$service_class = App::$account['account_service_class'];
}
else {
- $r = q("select account_service_class as service_class
- from channel c, account a
+ $r = q("select account_service_class as service_class
+ from channel c, account a
where c.channel_account_id=a.account_id and c.channel_id= %d limit 1",
intval($uid)
);
@@ -780,6 +780,8 @@ function service_class_fetch($uid, $property) {
*/
function account_service_class_fetch($aid, $property) {
+ $service_class = null;
+
$r = q("select account_service_class as service_class from account where account_id = %d limit 1",
intval($aid)
);
@@ -787,7 +789,7 @@ function account_service_class_fetch($aid, $property) {
$service_class = $r[0]['service_class'];
}
- if(! x($service_class))
+ if(! isset($service_class))
return false; // everything is allowed
$arr = get_config('service_class', $service_class);
diff --git a/include/channel.php b/include/channel.php
index c6ca673eb..d1095115d 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -303,8 +303,8 @@ function create_identity($arr) {
$photo_type = null;
$z = [
- 'account' => $a[0],
- 'channel' => $r[0],
+ 'account' => $a[0] ?? [],
+ 'channel' => $r[0] ?? [],
'photo_url' => ''
];
/**
@@ -1098,11 +1098,11 @@ function identity_basic_export($channel_id, $sections = null, $zap_compat = fals
// @fixme - Not totally certain how to handle $zot_compat for the event timezone which exists
// in Hubzilla but is stored with the item and not the event. In Zap, stored information is
- // always UTC and localised on access as per standard conventions for working with global time data.
+ // always UTC and localised on access as per standard conventions for working with global time data.
// Older Zot (pre-Zot6) records aren't translated correctly w/r/t AS2 so only include events for the last year or so if
- // migrating to Zap.
-
+ // migrating to Zap.
+
$sqle = (($zap_compat) ? " and created > '2020-01-01 00:00:00' " : '');
$r = q("select * from event where uid = %d $sqle",
diff --git a/include/environment.php b/include/environment.php
index 96a614821..274eca214 100644
--- a/include/environment.php
+++ b/include/environment.php
@@ -52,17 +52,18 @@ function getPhpiniUploadLimits() {
*/
function phpiniSizeToBytes($val) {
$val = trim($val);
+ $num = (double)$val;
$unit = strtolower($val[strlen($val)-1]);
switch($unit) {
case 'g':
- $val *= 1024;
+ $num *= 1024;
case 'm':
- $val *= 1024;
+ $num *= 1024;
case 'k':
- $val *= 1024;
+ $num *= 1024;
default:
break;
}
- return (int)$val;
+ return (int)$num;
}
diff --git a/include/language.php b/include/language.php
index 622b9614d..d291deb63 100644
--- a/include/language.php
+++ b/include/language.php
@@ -77,7 +77,7 @@ function get_best_language() {
if(! isset($preferred)) {
/*
- * We could find no perfect match for any of the preferred languages.
+ * We could find no perfect match for any of the preferred languages.
* For cases where the preference is fr-fr and we have fr but *not* fr-fr
* run the test again and only look for the language base
* which should provide an interface they can sort of understand
@@ -262,11 +262,15 @@ function tt($singular, $plural, $count, $ctx = ''){
* @return string
*/
function ta($k){
+ $t = null;
- $t = App::$strings[$k];
- if (is_array($t))
- $t = implode("/", $t);
- return ($t == "" ? $k : $t);
+ if(isset(App::$strings[$k]))
+ $t = App::$strings[$k];
+
+ if (is_array($t))
+ $t = implode("/", $t);
+
+ return ($t == "" ? $k : $t);
}
/**
diff --git a/include/permissions.php b/include/permissions.php
index c7eee11f4..9dd503132 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -6,7 +6,7 @@ require_once('include/security.php');
* @file include/permissions.php
*
* This file conntains functions to check and work with permissions.
- *
+ *
*/
@@ -27,7 +27,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_
$api = App::get_oauth_key();
if($api)
- return get_all_api_perms($uid,$api);
+ return get_all_api_perms($uid,$api);
$global_perms = \Zotlabs\Access\Permissions::Perms();
@@ -210,7 +210,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_
$ret[$perm_name] = false;
continue;
}
-
+
$ret[$perm_name] = true;
continue;
}
@@ -294,14 +294,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock =
if($channel_perm & PERMS_AUTHED)
return true;
- $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash
+ $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash
where abook_channel = %d and abook_xchan = '%s' and abook_self = 0 limit 1",
intval($uid),
dbesc($observer_xchan)
);
// If they're blocked - they can't read or write
-
+
if(($x) && intval($x[0]['abook_blocked']))
return false;
@@ -324,9 +324,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock =
// This requires an explanation and the effects are subtle.
// The following line creates a fake connection, and this allows
- // access tokens to have specific permissions even though they are
+ // access tokens to have specific permissions even though they are
// not actual connections.
- // The existence of this fake entry must be checked when dealing
+ // The existence of this fake entry must be checked when dealing
// with connection related permissions.
$x = array(pseudo_abook($y[0]));
@@ -343,7 +343,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock =
return false;
// Check if this $uid is actually the $observer_xchan
- // you will have full access unless the channel was moved -
+ // you will have full access unless the channel was moved -
// in which case you will have read_only access
if($r[0]['channel_hash'] === $observer_xchan) {
@@ -366,7 +366,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock =
// If we're still here, we have an observer, check the network.
if($channel_perm & PERMS_NETWORK) {
- if ($x && in_array($x[0]['xchan_network'], ['zot','zot6']))
+ if ($x && in_array($x[0]['xchan_network'], ['zot','zot6']))
return true;
}
@@ -382,7 +382,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock =
return false;
}
- // From here on we require that the observer be a connection or pseudo connection
+ // From here on we require that the observer be a connection or pseudo connection
if(! $x) {
return false;
@@ -425,7 +425,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock =
return false;
}
-function get_all_api_perms($uid,$api) {
+function get_all_api_perms($uid,$api) {
$global_perms = \Zotlabs\Access\Permissions::Perms();
@@ -541,7 +541,8 @@ function site_default_perms() {
'write_pages' => PERMS_SPECIFIC,
'write_wiki' => PERMS_SPECIFIC,
'delegate' => PERMS_SPECIFIC,
- 'post_like' => PERMS_NETWORK
+ 'republish' => PERMS_SPECIFIC,
+ 'post_like' => PERMS_NETWORK,
);
$global_perms = \Zotlabs\Access\Permissions::Perms();