2 files changed, 111 insertions, 57 deletions

diff --git a/Zotlabs/Access/Permissions.php b/Zotlabs/Access/Permissions.php
index d51e4d0ea..74286934f 100644
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -1,45 +1,52 @@
 <?php
 
-
 namespace Zotlabs\Access;
 
 use Zotlabs\Lib as Zlib;
 
+/**
+ * @brief Extensible permissions.
+ *
+ * To add new permissions, add to the list of $perms below, with a simple description.
+ *
+ * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
+ * if this permission should be granted to new connections.
+ *
+ * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom
+ * permission roles. You will want to set a default PermissionLimit for each channel and also
+ * provide a sane default for any existing connections. You may or may not wish to provide a
+ * default auto permission. If in doubt, leave this alone as custom permissions by definition
+ * are the responsibility of the channel owner to manage. You just don't want to create any
+ * suprises or break things so you have an opportunity to provide sane settings.
+ *
+ * Update the version here and in PermissionRoles.
+ *
+ *
+ * Permissions with 'view' in the name are considered read permissions. Anything
+ * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
+ * is given PERMS_SPECIFIC.
+ *
+ * PermissionLimits::Std_limits() retrieves the standard limits. A permission role
+ * MAY alter an individual setting after retrieving the Std_limits if you require
+ * something different for a specific permission within the given role.
+ *
+ */
 class Permissions {
 
-	/**
-	 * Extensible permissions.
-	 * To add new permissions, add to the list of $perms below, with a simple description.
-	 *
-	 * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
-	 * if this permission should be granted to new connections.
-	 *
-	 * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom 
-	 * permission roles. You will want to set a default PermissionLimit for each channel and also
-	 * provide a sane default for any existing connections. You may or may not wish to provide a
-	 * default auto permission. If in doubt, leave this alone as custom permissions by definition
-	 * are the responsibility of the channel owner to manage. You just don't want to create any 
-	 * suprises or break things so you have an opportunity to provide sane settings. 
-	 *
-	 * Update the version here and in PermissionRoles
-	 *
-	 *
-	 * Permissions with 'view' in the name are considered read permissions. Anything
-	 * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
-	 * is given PERMS_SPECIFIC.
-	 *
-	 * PermissionLimits::Std_limits() retrieves the standard limits. A permission role
-	 * MAY alter an individual setting after retrieving the Std_limits if you require
-	 * something different for a specific permission within the given role.  
-	 *
-	 */
-
 	static public function version() {
 		// This must match the version in PermissionRoles.php before permission updates can run.
 		return 2;
 	}
 
-
+	/**
+	 * @brief Return an array with Permissions.
+	 *
+	 * @hooks permissions_list
+	 *   * \e array \b permissions
+	 *   * \e string \b filter
+	 * @param string $filter (optional) only passed to hook permission_list
+	 * @return Associative array with permissions and short description.
+	 */
 	static public function Perms($filter = '') {
 
 		$perms = [
@@ -63,18 +70,27 @@ class Permissions {
 			'delegate'      => t('Can administer my channel')
 		];
 
-		$x = array('permissions' => $perms, 'filter' => $filter);
-		call_hooks('permissions_list',$x);
-		return($x['permissions']);
+		$x = [
+			'permissions' => $perms,
+			'filter' => $filter
+		];
+		call_hooks('permissions_list', $x);
 
+		return($x['permissions']);
 	}
 
+	/**
+	 * @brief Perms from the above list that are blocked from anonymous observers.
+	 *
+	 * e.g. you must be authenticated.
+	 *
+	 * @hooks write_perms
+	 *   * \e array \b permissions
+	 * @return Associative array with permissions and short description.
+	 */
 	static public function BlockedAnonPerms() {
 
-		// Perms from the above list that are blocked from anonymous observers.
-		// e.g. you must be authenticated.
-
-		$res = array();
+		$res = [];
 		$perms = PermissionLimits::Std_limits();
 		foreach($perms as $perm => $limit) {
 			if($limit != PERMS_PUBLIC) {
@@ -82,17 +98,22 @@ class Permissions {
 			}
 		}
 
-		$x = array('permissions' => $res);
-		call_hooks('write_perms',$x);
-		return($x['permissions']);
+		$x = ['permissions' => $res];
+		call_hooks('write_perms', $x);
 
+		return($x['permissions']);
 	}
 
-	// converts [ 0 => 'view_stream', ... ]
-	// to [ 'view_stream' => 1 ]
-	// for any permissions in $arr;
-	// Undeclared permissions are set to 0
-
+	/**
+	 * @brief Converts indexed perms array to associative perms array.
+	 *
+	 * Converts [ 0 => 'view_stream', ... ]
+	 * to [ 'view_stream' => 1 ] for any permissions in $arr;
+	 * Undeclared permissions which exist in Perms() are added and set to 0.
+ 	 *
+	 * @param array $arr
+	 * @return array
+	 */
 	static public function FilledPerms($arr) {
 		if(is_null($arr)) {
 			btlogger('FilledPerms: null');
@@ -101,15 +122,26 @@ class Permissions {
 		$everything = self::Perms();
 		$ret = [];
 		foreach($everything as $k => $v) {
-			if(in_array($k,$arr))
+			if(in_array($k, $arr))
 				$ret[$k] = 1;
 			else
 				$ret[$k] = 0;
 		}
-		return $ret;
 
+		return $ret;
 	}
 
+	/**
+	 * @brief Convert perms array to indexed array.
+	 *
+	 * Converts [ 'view_stream' => 1 ] for any permissions in $arr
+	 * to [ 0 => ['name' => 'view_stream', 'value' => 1], ... ]
+	 *
+	 * @param array $arr associative perms array 'view_stream' => 1
+	 * @return Indexed array with elements that look like
+	 *   * \e string \b name the perm name (e.g. view_stream)
+	 *   * \e int \b value the value of the perm (e.g. 1)
+	 */
 	static public function OPerms($arr) {
 		$ret = [];
 		if($arr) {
@@ -120,7 +152,12 @@ class Permissions {
 		return $ret;
 	}
 
-
+	/**
+	 * @brief
+	 *
+	 * @param int $channel_id
+	 * @return boolean|array
+	 */
 	static public function FilledAutoperms($channel_id) {
 		if(! intval(get_pconfig($channel_id,'system','autoperms')))
 			return false;
@@ -137,16 +174,33 @@ class Permissions {
 		return $arr;
 	}
 
-	static public function PermsCompare($p1,$p2) {
+	/**
+	 * @brief Compares that all Permissions from $p1 exist also in $p2.
+	 *
+	 * @param array $p1 The perms that have to exist in $p2
+	 * @param array $p2 The perms to compare against
+	 * @return boolean true if all perms from $p1 exist also in $p2
+	 */
+	static public function PermsCompare($p1, $p2) {
 		foreach($p1 as $k => $v) {
-			if(! array_key_exists($k,$p2))
+			if(! array_key_exists($k, $p2))
 				return false;
+
 			if($p1[$k] != $p2[$k])
 				return false;
 		}
+
 		return true;
 	}
 
+	/**
+	 * @brief
+	 *
+	 * @param int $channel_id A channel id
+	 * @return associative array
+	 *   * \e array \b perms Permission array
+	 *   * \e int \b automatic 0 or 1
+	 */
 	static public function connect_perms($channel_id) {
 
 		$my_perms = [];
@@ -155,7 +209,7 @@ class Permissions {
 
 		// If a default permcat exists, use that
 
-		$pc = ((feature_enabled($channel_id,'permcats')) ? get_pconfig($channel_id,'system','default_permcat') : 'default');		
+		$pc = ((feature_enabled($channel_id,'permcats')) ? get_pconfig($channel_id,'system','default_permcat') : 'default');
 		if(! in_array($pc, [ '','default' ])) {
 			$pcp = new Zlib\Permcat($channel_id);
 			$permcat = $pcp->fetch($pc);
@@ -167,7 +221,7 @@ class Permissions {
 		}
 
 		// look up the permission role to see if it specified auto-connect
-		// and if there was no permcat or a default permcat, set the perms 
+		// and if there was no permcat or a default permcat, set the perms
 		// from the role
 
 		$role = get_pconfig($channel_id,'system','permissions_role');
@@ -195,7 +249,7 @@ class Permissions {
 		}
 
 		// If we reached this point with no permissions, the channel is using
-		// custom perms but they are not automatic. They will be stored in abconfig with 
+		// custom perms but they are not automatic. They will be stored in abconfig with
 		// the channel's channel_hash (the 'self' connection).
 
 		if(! $my_perms) {
diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php
index 26d4b88b3..102ed8bd1 100644
--- a/Zotlabs/Lib/Apps.php
+++ b/Zotlabs/Lib/Apps.php
@@ -34,7 +34,7 @@ class Apps {
 		if($files) {
 			foreach($files as $f) {
 				$path = explode('/',$f);
-				$plugin = $path[1];
+				$plugin = trim($path[1]);
 				if(plugin_is_installed($plugin)) {
 					$x = self::parse_app_description($f,$translate);
 					if($x) {
@@ -285,7 +285,7 @@ class Apps {
 
 		self::translate_system_apps($papp);
 
-		if(($papp['plugin']) && (! plugin_is_installed($papp['plugin'])))
+		if(trim($papp['plugin']) && (! plugin_is_installed(trim($papp['plugin']))))
 			return '';
 
 		$papp['papp'] = self::papp_encode($papp);
@@ -619,7 +619,7 @@ class Apps {
 		$darray['app_addr']     = ((x($arr,'addr'))     ? escape_tags($arr['addr']) : '');
 		$darray['app_price']    = ((x($arr,'price'))    ? escape_tags($arr['price']) : '');
 		$darray['app_page']     = ((x($arr,'page'))     ? escape_tags($arr['page']) : '');
-		$darray['app_plugin']   = ((x($arr,'plugin'))   ? escape_tags($arr['plugin']) : '');
+		$darray['app_plugin']   = ((x($arr,'plugin'))   ? escape_tags(trim($arr['plugin'])) : '');
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
@@ -697,7 +697,7 @@ class Apps {
 		$darray['app_addr']     = ((x($arr,'addr')) ? escape_tags($arr['addr']) : '');
 		$darray['app_price']    = ((x($arr,'price')) ? escape_tags($arr['price']) : '');
 		$darray['app_page']     = ((x($arr,'page')) ? escape_tags($arr['page']) : '');
-		$darray['app_plugin']   = ((x($arr,'plugin')) ? escape_tags($arr['plugin']) : '');
+		$darray['app_plugin']   = ((x($arr,'plugin')) ? escape_tags(trim($arr['plugin'])) : '');
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
@@ -807,7 +807,7 @@ class Apps {
 			$ret['system'] = $app['app_system'];
 
 		if($app['app_plugin'])
-			$ret['plugin'] = $app['app_plugin'];
+			$ret['plugin'] = trim($app['app_plugin']);
 
 		if($app['app_deleted'])
 			$ret['deleted'] = $app['app_deleted'];