diff options
| -rw-r--r-- | Zotlabs/Access/PermissionRoles.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Lib/PConfig.php | 1 | ||||
| -rw-r--r-- | Zotlabs/Module/Setup.php | 82 | ||||
| -rw-r--r-- | boot.php | 24 | ||||
| -rw-r--r-- | include/account.php | 12 | ||||
| -rw-r--r-- | include/channel.php | 37 | ||||
| -rw-r--r-- | include/environment.php | 9 | ||||
| -rw-r--r-- | include/group.php | 52 | ||||
| -rw-r--r-- | include/language.php | 14 | ||||
| -rw-r--r-- | include/permissions.php | 25 |
10 files changed, 139 insertions, 119 deletions
diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index 2bcce4eb4..998b6d8d2 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -317,4 +317,4 @@ class PermissionRoles { return $roles; } -}
\ No newline at end of file +} diff --git a/Zotlabs/Lib/PConfig.php b/Zotlabs/Lib/PConfig.php index c08c11e75..765131f0d 100644 --- a/Zotlabs/Lib/PConfig.php +++ b/Zotlabs/Lib/PConfig.php @@ -132,6 +132,7 @@ class PConfig { // manage array value $dbvalue = ((is_array($value)) ? serialize($value) : $value); $dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue) : $dbvalue); + $new = false; $now = datetime_convert(); if (! $updated) { diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index 541e4fa21..ca8c19600 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -63,15 +63,15 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 3: - $dbhost = trim($_POST['dbhost']); - $dbport = intval(trim($_POST['dbport'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : ''); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); // $siteurl should not have a trailing slash @@ -88,16 +88,16 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 4: - $dbhost = trim($_POST['dbhost']); - $dbport = intval(trim($_POST['dbport'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $timezone = trim($_POST['timezone']); - $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : ''); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); if($siteurl != z_root()) { $test = z_fetch_url($siteurl."/setup/testrewrite"); @@ -108,12 +108,14 @@ class Setup extends \Zotlabs\Web\Controller { } } - if(! \DBA::$dba->connected) { + $db = null; + + if(! isset(\DBA::$dba->connected)) { // connect to db $db = \DBA::dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); } - if(! \DBA::$dba->connected) { + if(! isset(\DBA::$dba->connected)) { echo 'CRITICAL: DB not connected.'; killme(); } @@ -126,7 +128,7 @@ class Setup extends \Zotlabs\Web\Controller { '$dbpass' => $dbpass, '$dbdata' => $dbdata, '$dbtype' => $dbtype, - '$server_role' => 'pro', + '$server_role' => '', '$timezone' => $timezone, '$siteurl' => $siteurl, '$site_id' => random_string(), @@ -267,14 +269,14 @@ class Setup extends \Zotlabs\Web\Controller { case 2: { // Database config - $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1'); - $dbuser = trim($_POST['dbuser']); - $dbport = intval(trim($_POST['dbport'])); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $adminmail = trim($_POST['adminmail']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1'); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); $tpl = get_markup_template('install_db.tpl'); $o .= replace_macros($tpl, array( @@ -307,17 +309,17 @@ class Setup extends \Zotlabs\Web\Controller { }; break; case 3: { // Site settings require_once('include/datetime.php'); - $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1'); - $dbport = intval(trim($_POST['dbuser'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - - $adminmail = trim($_POST['adminmail']); - $timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles'); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1'); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : 'America/Los_Angeles'); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); $tpl = get_markup_template('install_settings.tpl'); $o .= replace_macros($tpl, array( @@ -1183,14 +1183,18 @@ class App { if($interval < 10000) $interval = 80000; - if(! x(self::$page,'title')) + if(! isset(self::$page['title']) && isset(self::$config['system']['sitename'])) self::$page['title'] = self::$config['system']['sitename']; - $pagemeta = [ 'og:title' => self::$page['title'] ]; + if(isset(self::$page['title'])) + $pagemeta = [ 'og:title' => self::$page['title'] ]; call_hooks('page_meta',$pagemeta); - foreach ($pagemeta as $metaproperty => $metavalue) { - self::$meta->set($metaproperty,$metavalue); + + if($pagemeta) { + foreach ($pagemeta as $metaproperty => $metavalue) { + self::$meta->set($metaproperty,$metavalue); + } } self::$meta->set('generator', Zotlabs\Lib\System::get_platform_name()); @@ -1226,10 +1230,10 @@ class App { '$linkrel' => head_get_links(), '$js_strings' => js_strings(), '$zid' => get_my_address(), - '$channel_id' => self::$profile['uid'], - '$auto_save_draft' => ((feature_enabled(self::$profile['uid'], 'auto_save_draft')) ? "true" : "false") + '$channel_id' => self::$profile['uid'] ?? 0, + '$auto_save_draft' => ((isset(self::$profile['uid']) && feature_enabled(self::$profile['uid'], 'auto_save_draft')) ? "true" : "false") ] - ) . self::$page['htmlhead']; + ) . ((isset(self::$page['htmlhead'])) ? self::$page['htmlhead'] : ''); // always put main.js at the end self::$page['htmlhead'] .= head_get_main_js(); @@ -2351,7 +2355,7 @@ function construct_page() { App::build_pagehead(); - if(App::$page['pdl_content']) { + if(isset(App::$page['pdl_content'])) { App::$page['content'] = App::$comanche->region(App::$page['content']); } @@ -2449,13 +2453,13 @@ function construct_page() { header($cspheader); } - if(App::$config['system']['x_security_headers']) { + if(isset(App::$config['system']['x_security_headers'])) { header("X-Frame-Options: SAMEORIGIN"); header("X-Xss-Protection: 1; mode=block;"); header("X-Content-Type-Options: nosniff"); } - if(App::$config['system']['public_key_pins']) { + if(isset(App::$config['system']['public_key_pins'])) { header("Public-Key-Pins: " . App::$config['system']['public_key_pins']); } diff --git a/include/account.php b/include/account.php index 34936c33f..fefe61d15 100644 --- a/include/account.php +++ b/include/account.php @@ -605,8 +605,8 @@ function account_approve($hash) { */ function downgrade_accounts() { - $r = q("select * from account where not ( account_flags & %d ) > 0 - and account_expires > '%s' + $r = q("select * from account where not ( account_flags & %d ) > 0 + and account_expires > '%s' and account_expires < %s ", intval(ACCOUNT_EXPIRED), dbesc(NULL_DATE), @@ -746,8 +746,8 @@ function service_class_fetch($uid, $property) { $service_class = App::$account['account_service_class']; } else { - $r = q("select account_service_class as service_class - from channel c, account a + $r = q("select account_service_class as service_class + from channel c, account a where c.channel_account_id=a.account_id and c.channel_id= %d limit 1", intval($uid) ); @@ -780,6 +780,8 @@ function service_class_fetch($uid, $property) { */ function account_service_class_fetch($aid, $property) { + $service_class = null; + $r = q("select account_service_class as service_class from account where account_id = %d limit 1", intval($aid) ); @@ -787,7 +789,7 @@ function account_service_class_fetch($aid, $property) { $service_class = $r[0]['service_class']; } - if(! x($service_class)) + if(! isset($service_class)) return false; // everything is allowed $arr = get_config('service_class', $service_class); diff --git a/include/channel.php b/include/channel.php index c6ca673eb..4f48402d2 100644 --- a/include/channel.php +++ b/include/channel.php @@ -303,8 +303,8 @@ function create_identity($arr) { $photo_type = null; $z = [ - 'account' => $a[0], - 'channel' => $r[0], + 'account' => $a[0] ?? [], + 'channel' => $r[0] ?? [], 'photo_url' => '' ]; /** @@ -503,23 +503,22 @@ function create_identity($arr) { // right away as a default group for new contacts. require_once('include/group.php'); - group_add($newuid, t('Friends')); - group_add_member($newuid,t('Friends'),$ret['channel']['channel_hash']); + $group_hash = group_add($newuid, t('Friends')); - // if our role_permissions indicate that we're using a default collection ACL, add it. + if($group_hash) { + group_add_member($newuid,t('Friends'),$ret['channel']['channel_hash']); - if(is_array($role_permissions) && $role_permissions['default_collection']) { - $r = q("select hash from pgrp where uid = %d and gname = '%s' limit 1", - intval($newuid), - dbesc( t('Friends') ) - ); - if($r) { - q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d", - dbesc($r[0]['hash']), - dbesc('<' . $r[0]['hash'] . '>'), - intval($newuid) - ); + $default_collection = ''; + // if our role_permissions indicate that we're using a default collection ACL, add it. + if(is_array($role_permissions) && $role_permissions['default_collection']) { + $default_collection_str = '<' . $group_hash . '>'; } + + q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d", + dbesc($group_hash), + dbesc($default_collection_str), + intval($newuid) + ); } if(! $system) { @@ -1098,11 +1097,11 @@ function identity_basic_export($channel_id, $sections = null, $zap_compat = fals // @fixme - Not totally certain how to handle $zot_compat for the event timezone which exists // in Hubzilla but is stored with the item and not the event. In Zap, stored information is - // always UTC and localised on access as per standard conventions for working with global time data. + // always UTC and localised on access as per standard conventions for working with global time data. // Older Zot (pre-Zot6) records aren't translated correctly w/r/t AS2 so only include events for the last year or so if - // migrating to Zap. - + // migrating to Zap. + $sqle = (($zap_compat) ? " and created > '2020-01-01 00:00:00' " : ''); $r = q("select * from event where uid = %d $sqle", diff --git a/include/environment.php b/include/environment.php index 96a614821..274eca214 100644 --- a/include/environment.php +++ b/include/environment.php @@ -52,17 +52,18 @@ function getPhpiniUploadLimits() { */ function phpiniSizeToBytes($val) { $val = trim($val); + $num = (double)$val; $unit = strtolower($val[strlen($val)-1]); switch($unit) { case 'g': - $val *= 1024; + $num *= 1024; case 'm': - $val *= 1024; + $num *= 1024; case 'k': - $val *= 1024; + $num *= 1024; default: break; } - return (int)$val; + return (int)$num; } diff --git a/include/group.php b/include/group.php index efda389d6..bb1ed5ed8 100644 --- a/include/group.php +++ b/include/group.php @@ -4,23 +4,23 @@ use Zotlabs\Lib\Libsync; function group_add($uid,$name,$public = 0) { - $ret = false; + $success = false; if(x($uid) && x($name)) { $r = group_byname($uid,$name); // check for dups if($r !== false) { - // This could be a problem. + // This could be a problem. // Let's assume we've just created a group which we once deleted // all the old members are gone, but the group remains so we don't break any security // access lists. What we're doing here is reviving the dead group, but old content which - // was restricted to this group may now be seen by the new group members. + // was restricted to this group may now be seen by the new group members. $z = q("SELECT * FROM pgrp WHERE id = %d LIMIT 1", intval($r) ); if(($z) && $z[0]['deleted']) { q('UPDATE pgrp SET deleted = 0 WHERE id = %d', intval($z[0]['id'])); - notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); + notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); } return true; } @@ -42,12 +42,18 @@ function group_add($uid,$name,$public = 0) { intval($public), dbesc($name) ); - $ret = $r; - } - Libsync::build_sync_packet($uid,null,true); + if($r) + $success = true; + } - return $ret; + + if($success) { + Libsync::build_sync_packet($uid,null,true); + return $hash; + } + + return false; } @@ -88,7 +94,7 @@ function group_rmv($uid,$name) { } if($change) { - q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' + q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' WHERE channel_id = %d", intval($user_info['channel_default_group']), dbesc($user_info['channel_allow_gid']), @@ -159,7 +165,7 @@ function group_rmv_member($uid,$name,$member) { Libsync::build_sync_packet($uid,null,true); return $r; - + } @@ -170,13 +176,13 @@ function group_add_member($uid,$name,$member,$gid = 0) { if((! $gid) || (! $uid) || (! $member)) return false; - $r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1", + $r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1", intval($uid), intval($gid), dbesc($member) ); if($r) - return true; // You might question this, but + return true; // You might question this, but // we indicate success because the group member was in fact created // -- It was just created at another time if(! $r) @@ -195,7 +201,7 @@ function group_add_member($uid,$name,$member,$gid = 0) { function group_get_members($gid) { $ret = array(); if(intval($gid)) { - $r = q("SELECT * FROM pgrp_member + $r = q("SELECT * FROM pgrp_member LEFT JOIN abook ON abook_xchan = pgrp_member.xchan left join xchan on xchan_hash = abook_xchan WHERE gid = %d AND abook_channel = %d and pgrp_member.uid = %d and xchan_deleted = 0 and abook_self = 0 and abook_blocked = 0 and abook_pending = 0 ORDER BY xchan_name ASC ", intval($gid), @@ -245,7 +251,7 @@ function group_get_profile_members_xchan($uid,$gid) { function mini_group_select($uid,$group = '') { - + $grps = array(); $o = ''; @@ -263,7 +269,7 @@ function mini_group_select($uid,$group = '') { $o = replace_macros(get_markup_template('group_selection.tpl'), array( '$label' => t('Add new connections to this privacy group'), - '$groups' => $grps + '$groups' => $grps )); return $o; } @@ -287,12 +293,12 @@ function group_side($every="connections",$each="group",$edit = false, $group_id $member_of = array(); if($cid) { $member_of = groups_containing(local_channel(),$cid); - } + } if($r) { foreach($r as $rr) { $selected = (($group_id == $rr['id']) ? ' group-selected' : ''); - + if ($edit) { $groupedit = array( 'href' => "group/".$rr['id'], @@ -301,7 +307,7 @@ function group_side($every="connections",$each="group",$edit = false, $group_id } else { $groupedit = null; } - + $groups[] = array( 'id' => $rr['id'], 'enc_cid' => base64url_encode($cid), @@ -314,8 +320,8 @@ function group_side($every="connections",$each="group",$edit = false, $group_id ); } } - - + + $tpl = get_markup_template("group_side.tpl"); $o = replace_macros($tpl, array( '$title' => t('Privacy Groups'), @@ -325,8 +331,8 @@ function group_side($every="connections",$each="group",$edit = false, $group_id '$groups' => $groups, '$add' => t('add'), )); - - + + return $o; } @@ -356,7 +362,7 @@ function expand_groups($g) { else { $x[] = $gv; } - } + } if($x) { stringify_array_elms($x,true); diff --git a/include/language.php b/include/language.php index 622b9614d..d291deb63 100644 --- a/include/language.php +++ b/include/language.php @@ -77,7 +77,7 @@ function get_best_language() { if(! isset($preferred)) { /* - * We could find no perfect match for any of the preferred languages. + * We could find no perfect match for any of the preferred languages. * For cases where the preference is fr-fr and we have fr but *not* fr-fr * run the test again and only look for the language base * which should provide an interface they can sort of understand @@ -262,11 +262,15 @@ function tt($singular, $plural, $count, $ctx = ''){ * @return string */ function ta($k){ + $t = null; - $t = App::$strings[$k]; - if (is_array($t)) - $t = implode("/", $t); - return ($t == "" ? $k : $t); + if(isset(App::$strings[$k])) + $t = App::$strings[$k]; + + if (is_array($t)) + $t = implode("/", $t); + + return ($t == "" ? $k : $t); } /** diff --git a/include/permissions.php b/include/permissions.php index c7eee11f4..9dd503132 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -6,7 +6,7 @@ require_once('include/security.php'); * @file include/permissions.php * * This file conntains functions to check and work with permissions. - * + * */ @@ -27,7 +27,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ $api = App::get_oauth_key(); if($api) - return get_all_api_perms($uid,$api); + return get_all_api_perms($uid,$api); $global_perms = \Zotlabs\Access\Permissions::Perms(); @@ -210,7 +210,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ $ret[$perm_name] = false; continue; } - + $ret[$perm_name] = true; continue; } @@ -294,14 +294,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = if($channel_perm & PERMS_AUTHED) return true; - $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash + $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_xchan = '%s' and abook_self = 0 limit 1", intval($uid), dbesc($observer_xchan) ); // If they're blocked - they can't read or write - + if(($x) && intval($x[0]['abook_blocked'])) return false; @@ -324,9 +324,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // This requires an explanation and the effects are subtle. // The following line creates a fake connection, and this allows - // access tokens to have specific permissions even though they are + // access tokens to have specific permissions even though they are // not actual connections. - // The existence of this fake entry must be checked when dealing + // The existence of this fake entry must be checked when dealing // with connection related permissions. $x = array(pseudo_abook($y[0])); @@ -343,7 +343,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; // Check if this $uid is actually the $observer_xchan - // you will have full access unless the channel was moved - + // you will have full access unless the channel was moved - // in which case you will have read_only access if($r[0]['channel_hash'] === $observer_xchan) { @@ -366,7 +366,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // If we're still here, we have an observer, check the network. if($channel_perm & PERMS_NETWORK) { - if ($x && in_array($x[0]['xchan_network'], ['zot','zot6'])) + if ($x && in_array($x[0]['xchan_network'], ['zot','zot6'])) return true; } @@ -382,7 +382,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } - // From here on we require that the observer be a connection or pseudo connection + // From here on we require that the observer be a connection or pseudo connection if(! $x) { return false; @@ -425,7 +425,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } -function get_all_api_perms($uid,$api) { +function get_all_api_perms($uid,$api) { $global_perms = \Zotlabs\Access\Permissions::Perms(); @@ -541,7 +541,8 @@ function site_default_perms() { 'write_pages' => PERMS_SPECIFIC, 'write_wiki' => PERMS_SPECIFIC, 'delegate' => PERMS_SPECIFIC, - 'post_like' => PERMS_NETWORK + 'republish' => PERMS_SPECIFIC, + 'post_like' => PERMS_NETWORK, ); $global_perms = \Zotlabs\Access\Permissions::Perms(); |