diff options
Diffstat (limited to 'Zotlabs')
95 files changed, 958 insertions, 883 deletions
diff --git a/Zotlabs/Access/AccessList.php b/Zotlabs/Access/AccessList.php index af6c4b7a6..790ef4745 100644 --- a/Zotlabs/Access/AccessList.php +++ b/Zotlabs/Access/AccessList.php @@ -139,6 +139,11 @@ class AccessList { * @param boolean $explicit (optional) default true */ function set_from_array($arr, $explicit = true) { + $arr['contact_allow'] = $arr['contact_allow'] ?? []; + $arr['group_allow'] = $arr['group_allow'] ?? []; + $arr['contact_deny'] = $arr['contact_deny'] ?? []; + $arr['group_deny'] = $arr['group_deny'] ?? []; + $this->allow_cid = perms2str((is_array($arr['contact_allow'])) ? $arr['contact_allow'] : explode(',', $arr['contact_allow'])); $this->allow_gid = perms2str((is_array($arr['group_allow'])) diff --git a/Zotlabs/Daemon/Checksites.php b/Zotlabs/Daemon/Checksites.php index 7227e96e4..eacf8c6bc 100644 --- a/Zotlabs/Daemon/Checksites.php +++ b/Zotlabs/Daemon/Checksites.php @@ -10,6 +10,9 @@ class Checksites { logger('checksites: start'); + $site_id = ''; + $sql_options = ''; + if (($argc > 1) && ($argv[1])) $site_id = $argv[1]; diff --git a/Zotlabs/Daemon/Gprobe.php b/Zotlabs/Daemon/Gprobe.php index 1124ead54..9483cb5f1 100644 --- a/Zotlabs/Daemon/Gprobe.php +++ b/Zotlabs/Daemon/Gprobe.php @@ -38,10 +38,9 @@ class Gprobe { if ($url) { $zf = Zotfinger::exec($url, null); - } - - if (is_array($zf) && array_path_exists('signature/signer', $zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) { - Libzot::import_xchan($zf['data']); + if (is_array($zf) && array_path_exists('signature/signer', $zf) && $zf['signature']['signer'] === $url && intval($zf['signature']['header_valid'])) { + Libzot::import_xchan($zf['data']); + } } } diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php index 776cf4f63..f9e1d13d5 100644 --- a/Zotlabs/Daemon/Notifier.php +++ b/Zotlabs/Daemon/Notifier.php @@ -113,8 +113,8 @@ class Notifier { $normal_mode = true; $upstream = false; $uplink = false; - $target_item = []; - $parent_item = []; + $target_item = null; + $parent_item = null; $top_level_post = false; $relay_to_owner = false; @@ -651,7 +651,7 @@ class Notifier { // This shouldn't produce false positives on comment boosts that were generated on other platforms // because we won't be delivering them. - if (isset($target_item) && isset($target_item['verb']) && $target_item['verb'] === 'Announce' && $target_item['author_xchan'] === $target_item['owner_xchan'] && ! intval($target_item['item_thread_top'])) { + if (isset($target_item['verb']) && $target_item['verb'] === 'Announce' && $target_item['author_xchan'] === $target_item['owner_xchan'] && ! intval($target_item['item_thread_top'])) { continue; } @@ -694,7 +694,7 @@ class Notifier { } - if ($normal_mode) { + if ($normal_mode && is_array($target_item)) { // This wastes a process if there are no delivery hooks configured, so check this before launching the new process $x = q("select * from hook where hook = 'notifier_normal'"); if ($x) { diff --git a/Zotlabs/Lib/ASCollection.php b/Zotlabs/Lib/ASCollection.php index 392dd5d4e..c72b2fd04 100644 --- a/Zotlabs/Lib/ASCollection.php +++ b/Zotlabs/Lib/ASCollection.php @@ -24,6 +24,8 @@ class ASCollection { $this->direction = $direction; $this->limit = $limit; + $data = null; + if (is_array($obj)) { $data = $obj; } @@ -147,4 +149,4 @@ class ASCollection { } logger('nextpage: ' . $this->nextpage, LOGGER_DEBUG); } -}
\ No newline at end of file +} diff --git a/Zotlabs/Lib/AbConfig.php b/Zotlabs/Lib/AbConfig.php index dfc9efc6c..af1786966 100644 --- a/Zotlabs/Lib/AbConfig.php +++ b/Zotlabs/Lib/AbConfig.php @@ -6,12 +6,17 @@ namespace Zotlabs\Lib; class AbConfig { static public function Load($chan,$xhash,$family = '') { - if($family) + $where = ''; + + if($family) { $where = sprintf(" and cat = '%s' ",dbesc($family)); + } + $r = q("select * from abconfig where chan = %d and xchan = '%s' $where", intval($chan), dbesc($xhash) ); + return $r; } @@ -21,7 +26,7 @@ class AbConfig { intval($chan), dbesc($xhash), dbesc($family), - dbesc($key) + dbesc($key) ); if($r) { return ((preg_match('|^a:[0-9]+:{.*}$|s', $r[0]['v'])) ? unserialize($r[0]['v']) : $r[0]['v']); @@ -41,19 +46,19 @@ class AbConfig { dbesc($xhash), dbesc($family), dbesc($key), - dbesc($dbvalue) + dbesc($dbvalue) ); } else { $r = q("update abconfig set v = '%s' where chan = %d and xchan = '%s' and cat = '%s' and k = '%s' ", - dbesc($dbvalue), + dbesc($dbvalue), dbesc($chan), dbesc($xhash), dbesc($family), dbesc($key) ); } - + if($r) return $value; return false; diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 4ff13bc04..1a34fdae6 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -68,6 +68,10 @@ class Activity { else { $m = parse_url($url); + if (!$m) { + return null; + } + // handle bearcaps if ($m['scheme'] === 'bear') { $params = explode('&', $m['query']); @@ -117,7 +121,7 @@ class Activity { $y = json_decode($x['body'], true); logger('returned: ' . json_encode($y, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES), LOGGER_DEBUG); - if (ActivityStreams::is_an_actor($y['type'])) { + if (isset($y['type']) && ActivityStreams::is_an_actor($y['type'])) { XConfig::Set($y['id'], 'system', 'actor_record', $y); } @@ -415,7 +419,7 @@ class Activity { $objtype = self::activity_obj_mapper($i['obj_type']); } - if ($i['obj']) { + if (isset($i['obj']) && $i['obj']) { $ret = Activity::encode_object($i['obj']); } @@ -430,7 +434,7 @@ class Activity { return $ret; } - if ($i['obj']) { + if (isset($i['obj']) && $i['obj']) { if (is_array($i['obj'])) { $ret = $i['obj']; } @@ -717,7 +721,7 @@ class Activity { $ret['type'] = self::activity_mapper($i['verb']); - if (intval($i['item_deleted']) && !$recurse) { + if ((isset($i['item_deleted']) && intval($i['item_deleted'])) && !$recurse) { $is_response = false; if (ActivityStreams::is_response_activity($ret['type'])) { @@ -801,10 +805,10 @@ class Activity { $ret['diaspora:guid'] = $i['uuid']; - if ($i['title']) + if (isset($i['title']) && $i['title']) $ret['name'] = html2plain(bbcode($i['title'], ['cache' => true])); - if ($i['summary']) + if (isset($i['summary']) && $i['summary']) $ret['summary'] = bbcode($i['summary'], ['cache' => true]); if ($ret['type'] === 'Announce') { @@ -816,13 +820,14 @@ class Activity { ]; } - $ret['published'] = datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME); - if ($i['created'] !== $i['edited']) + $ret['published'] = ((isset($i['created'])) ? datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME) : datetime_convert()); + if (isset($i['created'], $i['edited']) && $i['created'] !== $i['edited']) $ret['updated'] = datetime_convert('UTC', 'UTC', $i['edited'], ATOM_TIME); - if ($i['app']) { + + if (isset($i['app']) && $i['app']) { $ret['generator'] = ['type' => 'Application', 'name' => $i['app']]; } - if ($i['location'] || $i['coord']) { + if (isset($i['location']) || isset($i['coord'])) { $ret['location'] = ['type' => 'Place']; if ($i['location']) { $ret['location']['name'] = $i['location']; @@ -851,7 +856,7 @@ class Activity { else return []; - if ($i['obj']) { + if (isset($i['obj']) && $i['obj']) { if (!is_array($i['obj'])) { $i['obj'] = json_decode($i['obj'], true); } @@ -879,7 +884,7 @@ class Activity { $ret['type'] = 'Invite'; } - if ($i['target']) { + if (isset($i['target']) && $i['target']) { if (!is_array($i['target'])) { $i['target'] = json_decode($i['target'], true); } @@ -1596,15 +1601,18 @@ class Activity { // we already store this in Activity::fetch() // XConfig::Set($url, 'system', 'actor_record', $person_obj); - $name = $person_obj['name']; + $name = $person_obj['name'] ?? ''; if (!$name) { - $name = $person_obj['preferredUsername']; + $name = $person_obj['preferredUsername'] ?? ''; } if (!$name) { $name = t('Unknown'); } $webfinger_addr = ''; + $hostname = ''; + $baseurl = ''; + $site_url = ''; $m = parse_url($url); if ($m) { @@ -1613,7 +1621,7 @@ class Activity { $site_url = $m['scheme'] . '://' . $m['host']; } - if (!empty($person_obj['preferredUsername']) && isset($parsed_url['host'])) { + if (!empty($person_obj['preferredUsername']) && $hostname) { $webfinger_addr = escape_tags($person_obj['preferredUsername']) . '@' . $hostname; } @@ -1640,7 +1648,7 @@ class Activity { $links = false; $profile = false; - if (is_array($person_obj['url'])) { + if (isset($person_obj['url']) && is_array($person_obj['url'])) { if (!array_key_exists(0, $person_obj['url'])) { $links = [$person_obj['url']]; } @@ -1649,7 +1657,7 @@ class Activity { } } - if ($links) { + if (is_array($links) && $links) { foreach ($links as $link) { if (is_array($link) && array_key_exists('mediaType', $link) && $link['mediaType'] === 'text/html') { $profile = $link['href']; @@ -2262,6 +2270,10 @@ class Activity { $obj_actor = ((isset($act->obj['actor'])) ? $act->obj['actor'] : $act->get_actor('attributedTo', $act->obj)); + if (!isset($obj_actor['id'])) { + return false; + } + // ensure we store the original actor self::actor_store($obj_actor['id'], $obj_actor); @@ -2323,9 +2335,6 @@ class Activity { if ($remainder) { $s['comment_policy'] = $remainder; } - if (!(isset($item['comment_policy']) && strlen($item['comment_policy']))) { - $s['comment_policy'] = 'contacts'; - } } } @@ -2995,18 +3004,6 @@ class Activity { set_iconfig($item, 'activitypub', 'recips', $act->raw_recips); - // TODO: inheritPrivacy should probably be set in encode activity. Zap does not do so yet - check what this is about - if (!(isset($act->data['inheritPrivacy']) && $act->data['inheritPrivacy'])) { - if ($item['item_private']) { - $item['item_restrict'] = $item['item_restrict'] & 1; - if ($is_child_node) { - $item['allow_cid'] = '<' . $channel['channel_hash'] . '>'; - $item['allow_gid'] = $item['deny_cid'] = $item['deny_gid'] = ''; - } - logger('restricted'); - } - } - if (intval($act->sigok)) { $item['item_verified'] = 1; } @@ -3054,7 +3051,24 @@ class Activity { $item['thr_parent'] = $parent[0]['parent_mid']; } $item['parent_mid'] = $parent[0]['parent_mid']; - //$item['item_private'] = $parent[0]['item_private']; + + /* + * + * Check for conversation privacy mismatches + * We can only do this if we have a channel and we have fetched the parent + * + */ + + // public conversation, but this comment went rogue and was published privately + // hide it from everybody except the channel owner + + if (intval($parent[0]['item_private']) === 0) { + if (intval($item['item_private'])) { + $item['item_restrict'] = $item['item_restrict'] | 1; + $item['allow_cid'] = '<' . $channel['channel_hash'] . '>'; + $item['allow_gid'] = $item['deny_cid'] = $item['deny_gid'] = ''; + } + } } diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php index a29992bbc..a9c7d0a2a 100644 --- a/Zotlabs/Lib/Apps.php +++ b/Zotlabs/Lib/Apps.php @@ -159,7 +159,7 @@ class Apps { foreach(self::$available_apps as $iapp) { if($iapp['app_id'] == hash('whirlpool',$app['name'])) { $notfound = false; - if(($iapp['app_version'] !== $app['version']) + if((isset($app['version']) && $iapp['app_version'] !== $app['version']) || ($app['plugin'] && (! $iapp['app_plugin']))) { return intval($iapp['app_id']); } @@ -236,6 +236,7 @@ class Apps { $ret['photo'] = $baseurl . '/' . get_default_profile_photo(80); $ret['type'] = 'system'; + $ret['plugin'] = ''; foreach($ret as $k => $v) { if(strpos($v,'http') === 0) { @@ -600,12 +601,12 @@ class Apps { '$edit' => ((local_channel() && $installed && $mode == 'edit') ? t('Edit') : ''), '$delete' => ((local_channel() && $mode == 'edit') ? t('Delete') : ''), '$undelete' => ((local_channel() && $mode == 'edit') ? t('Undelete') : ''), - '$settings_url' => ((local_channel() && $installed && $mode == 'list') ? $papp['settings_url'] : ''), - '$deleted' => $papp['deleted'], + '$settings_url' => ((local_channel() && $installed && $mode == 'list' && isset($papp['settings_url'])) ? $papp['settings_url'] : ''), + '$deleted' => $papp['deleted'] ?? false, '$feature' => ((isset($papp['embed']) || $mode == 'edit') ? false : true), '$pin' => ((isset($papp['embed']) || $mode == 'edit') ? false : true), - '$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true), - '$pinned' => ((strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true), + '$featured' => ((isset($papp['categories']) && strpos($papp['categories'], 'nav_featured_app') === false) ? false : true), + '$pinned' => ((isset($papp['categories']) && strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true), '$mode' => $mode, '$add' => t('Add to app-tray'), '$remove' => t('Remove from app-tray'), @@ -644,7 +645,7 @@ class Apps { ); if($r) { if($app['uid']) { - if($app['categories'] && (! $app['term'])) { + if((isset($app['categories']) && $app['categories']) && !(isset($app['term']) && $app['term'])) { $r[0]['term'] = q("select * from term where otype = %d and oid = %d", intval(TERM_OBJ_APP), intval($r[0]['id']) @@ -1189,7 +1190,7 @@ class Apps { $ret['success'] = true; $ret['app_id'] = $darray['app_id']; } - if($arr['categories']) { + if(isset($arr['categories']) && $arr['categories']) { $x = q("select id from app where app_id = '%s' and app_channel = %d limit 1", dbesc($darray['app_id']), intval($darray['app_channel']) @@ -1287,7 +1288,7 @@ class Apps { intval(TERM_OBJ_APP), intval($x[0]['id']) ); - if($arr['categories']) { + if(isset($arr['categories']) && $arr['categories']) { $y = explode(',',$arr['categories']); if($y) { foreach($y as $t) { diff --git a/Zotlabs/Lib/Connect.php b/Zotlabs/Lib/Connect.php index 0b9ff7089..6f10bbbae 100644 --- a/Zotlabs/Lib/Connect.php +++ b/Zotlabs/Lib/Connect.php @@ -86,6 +86,7 @@ class Connect { $singleton = false; $d = false; + $wf = false; if (! $r) { @@ -111,7 +112,7 @@ class Connect { // something was discovered - find the record which was just created. $r = q("select * from xchan where ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s' ) $sql_options", - dbesc(($wf) ? $wf : $url), + dbesc($wf ?? $url), dbesc($url), dbesc($url) ); diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php index 5a09ade90..67efe5e9d 100644 --- a/Zotlabs/Lib/Enotify.php +++ b/Zotlabs/Lib/Enotify.php @@ -122,8 +122,11 @@ class Enotify { // e.g. "your post", "David's photo", etc. $possess_desc = t('%s <!item_type!>'); + $parent_mid = ''; + $parent_item = []; + // @@TODO: consider using switch instead of those elseif - if ($params['type'] == NOTIFY_MAIL) { + if (isset($params['type']) && $params['type'] == NOTIFY_MAIL) { logger('notification: mail'); $subject = sprintf( t('[$Projectname:Notify] New direct message received at %s'), $sitename); @@ -135,7 +138,7 @@ class Enotify { $itemlink = $siteurl . '/hq/' . gen_link_id($params['item']['mid']); } - elseif ($params['type'] === NOTIFY_COMMENT) { + elseif (isset($params['type']) && $params['type'] === NOTIFY_COMMENT) { //logger("notification: params = " . print_r($params, true), LOGGER_DEBUG); $moderated = (($params['item']['item_blocked'] == ITEM_MODERATED) ? true : false); @@ -167,7 +170,7 @@ class Enotify { } - $parent_mid = $params['parent_mid']; + $parent_mid = $params['parent_mid'] ?? ''; // Check to see if there was already a notify for this post. // If so don't create a second notification @@ -251,7 +254,7 @@ class Enotify { } - elseif ($params['type'] === NOTIFY_LIKE) { + elseif (isset($params['type']) && $params['type'] === NOTIFY_LIKE) { // logger("notification: params = " . print_r($params, true), LOGGER_DEBUG); $itemlink = $params['link']; @@ -264,7 +267,7 @@ class Enotify { } } - $parent_mid = $params['parent_mid']; + $parent_mid = $params['parent_mid'] ?? ''; // Check to see if there was already a notify for this post. // If so don't create a second notification @@ -335,7 +338,7 @@ class Enotify { - elseif($params['type'] === NOTIFY_WALL) { + elseif(isset($params['type']) && $params['type'] === NOTIFY_WALL) { $subject = sprintf( t('[$Projectname:Notify] %s posted to your profile wall') , $sender['xchan_name']); $preamble = sprintf( t('%1$s posted to your profile wall at %2$s') , $sender['xchan_name'], $sitename); @@ -350,7 +353,7 @@ class Enotify { $itemlink = $params['link']; } - elseif ($params['type'] === NOTIFY_TAGSELF) { + elseif (isset($params['type']) && $params['type'] === NOTIFY_TAGSELF) { $p = q("select id from notify where link = '%s' and uid = %d limit 1", dbesc($params['link']), @@ -374,7 +377,7 @@ class Enotify { $itemlink = $params['link']; } - elseif ($params['type'] === NOTIFY_POKE) { + elseif (isset($params['type']) && $params['type'] === NOTIFY_POKE) { $subject = sprintf( t('[$Projectname:Notify] %1$s poked you') , $sender['xchan_name']); $preamble = sprintf( t('%1$s poked you at %2$s') , $sender['xchan_name'], $sitename); $epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') , @@ -391,7 +394,7 @@ class Enotify { $itemlink = $params['link']; } - elseif ($params['type'] === NOTIFY_TAGSHARE) { + elseif (isset($params['type']) && $params['type'] === NOTIFY_TAGSHARE) { $subject = sprintf( t('[$Projectname:Notify] %s tagged your post') , $sender['xchan_name']); $preamble = sprintf( t('%1$s tagged your post at %2$s'),$sender['xchan_name'], $sitename); $epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') , @@ -404,7 +407,7 @@ class Enotify { $itemlink = $params['link']; } - elseif ($params['type'] === NOTIFY_INTRO) { + elseif (isset($params['type']) && $params['type'] === NOTIFY_INTRO) { $subject = sprintf( t('[$Projectname:Notify] Introduction received')); $preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); $epreamble = sprintf( t('You\'ve received [zrl=%1$s]a new connection request[/zrl] from %2$s.'), @@ -418,7 +421,7 @@ class Enotify { $itemlink = $params['link']; } - elseif ($params['type'] === NOTIFY_SUGGEST) { + elseif (isset($params['type']) && $params['type'] === NOTIFY_SUGGEST) { $subject = sprintf( t('[$Projectname:Notify] Friend suggestion received')); $preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); $epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'), @@ -436,11 +439,11 @@ class Enotify { $itemlink = $params['link']; } - elseif ($params['type'] === NOTIFY_CONFIRM) { + elseif (isset($params['type']) && $params['type'] === NOTIFY_CONFIRM) { // ? } - elseif ($params['type'] === NOTIFY_SYSTEM) { + elseif (isset($params['type']) && $params['type'] === NOTIFY_SYSTEM) { // ? } @@ -495,12 +498,13 @@ class Enotify { $datarray['link'] = $itemlink; $datarray['parent'] = $parent_mid; $datarray['parent_item'] = $parent_item; - $datarray['ntype'] = $params['type']; - $datarray['verb'] = $params['verb']; - $datarray['otype'] = $params['otype']; + $datarray['ntype'] = $params['type'] ?? ''; + $datarray['verb'] = $params['verb'] ?? ''; + $datarray['otype'] = $params['otype'] ?? ''; $datarray['abort'] = false; + $datarray['seen'] = 0; - $datarray['item'] = $params['item']; + $datarray['item'] = $params['item'] ?? []; call_hooks('enotify_store', $datarray); @@ -511,7 +515,6 @@ class Enotify { // create notification entry in DB - $seen = 0; // Mark some notifications as seen right away // Note! The notification have to be created, because they are used to send emails @@ -521,7 +524,7 @@ class Enotify { if (!$always_show_in_notices) { if (($params['type'] === NOTIFY_WALL) || ($params['type'] === NOTIFY_MAIL) || ($params['type'] === NOTIFY_INTRO)) { - $seen = 1; + $datarray['seen'] = 1; } } @@ -537,7 +540,7 @@ class Enotify { intval($datarray['uid']), dbesc($datarray['link']), dbesc($datarray['parent']), - intval($seen), + intval($datarray['seen']), intval($datarray['ntype']), dbesc($datarray['verb']), dbesc($datarray['otype']) @@ -613,8 +616,8 @@ class Enotify { $datarray['preamble'] = $preamble; $datarray['sitename'] = $sitename; $datarray['siteurl'] = $siteurl; - $datarray['type'] = $params['type']; - $datarray['parent'] = $params['parent_mid']; + $datarray['type'] = $params['type'] ?? ''; + $datarray['parent'] = $params['parent_mid'] ?? ''; $datarray['source_name'] = $sender['xchan_name']; $datarray['source_link'] = $sender['xchan_url']; $datarray['source_photo'] = $sender['xchan_photo_s']; @@ -681,7 +684,6 @@ class Enotify { '$source_name' => $datarray['source_name'], '$source_link' => $datarray['source_link'], '$source_photo' => $datarray['source_photo'], - '$username' => $datarray['to_name'], '$hsitelink' => $datarray['hsitelink'], '$hitemlink' => $datarray['hitemlink'], '$thanks' => $datarray['thanks'], @@ -703,7 +705,6 @@ class Enotify { '$source_name' => $datarray['source_name'], '$source_link' => $datarray['source_link'], '$source_photo' => $datarray['source_photo'], - '$username' => $datarray['to_name'], '$tsitelink' => $datarray['tsitelink'], '$titemlink' => $datarray['titemlink'], '$thanks' => $datarray['thanks'], diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php index 36a0a044c..914969d97 100644 --- a/Zotlabs/Lib/Libsync.php +++ b/Zotlabs/Lib/Libsync.php @@ -762,6 +762,8 @@ class Libsync { static function sync_locations($sender, $arr, $absolute = false) { $ret = []; + $what = ''; + $changed = false; // If a sender reports that the channel has been deleted, delete its hubloc if (isset($arr['deleted_locally']) && intval($arr['deleted_locally'])) { @@ -772,7 +774,7 @@ class Libsync { ); } - if ($arr['locations']) { + if (isset($arr['locations']) && $arr['locations']) { if ($absolute) Libzot::check_location_move($sender['hash'], $arr['locations']); diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 6f7d74606..cbb614429 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -473,7 +473,7 @@ class Libzot { unset($new_connection[0]['abook_account']); unset($new_connection[0]['abook_channel']); - $abconfig = load_abconfig($channel['channel_id'], $new_connection['abook_xchan']); + $abconfig = load_abconfig($channel['channel_id'], $new_connection[0]['abook_xchan']); if ($abconfig) { $new_connection['abconfig'] = $abconfig; @@ -589,8 +589,6 @@ class Libzot { */ static function register_hub($id) { - $hsig_valid = false; - $result = ['success' => false]; if (!$id) { @@ -599,8 +597,14 @@ class Libzot { $record = Zotfinger::exec($id); + if (!$record) { + return $result; + } + // Check the HTTP signature + $hsig_valid = false; + $hsig = $record['signature']; if ($hsig['signer'] === $id && $hsig['header_valid'] === true && $hsig['content_valid'] === true) { $hsig_valid = true; @@ -641,6 +645,14 @@ class Libzot { */ static function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) { + + $ret = ['success' => false]; + + if (!is_array($arr)) { + logger('Not an array: ' . print_r($arr, true), LOGGER_DEBUG); + return $ret; + } + /** * @hooks import_xchan * Called when processing the result of zot_finger() to store the result @@ -648,7 +660,6 @@ class Libzot { */ call_hooks('import_xchan', $arr); - $ret = ['success' => false]; $dirmode = intval(get_config('system', 'directory_mode')); $changed = false; @@ -668,7 +679,7 @@ class Libzot { $verified = false; if (!self::verify($arr['id'], $arr['id_sig'], $arr['public_key'])) { - logger('Unable to verify channel signature for ' . $arr['address']); + logger('Unable to verify channel signature for ' . $arr['primary_location']['address']); return $ret; } else { @@ -703,18 +714,18 @@ class Libzot { $dirmode = get_config('system', 'directory_mode'); - if ((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) && ($arr['site']['url'] != z_root())) + if (((isset($arr['site']['directory_mode']) && $arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) && ($arr['site']['url'] != z_root())) $arr['searchable'] = false; $hidden = (1 - intval($arr['searchable'])); $hidden_changed = $adult_changed = $deleted_changed = $pubforum_changed = 0; - if (intval($r[0]['xchan_hidden']) != (1 - intval($arr['searchable']))) + if (isset($arr['searchable']) && intval($r[0]['xchan_hidden']) != (1 - intval($arr['searchable']))) $hidden_changed = 1; - if (intval($r[0]['xchan_selfcensored']) != intval($arr['adult_content'])) + if (isset($arr['adult_content']) && intval($r[0]['xchan_selfcensored']) != intval($arr['adult_content'])) $adult_changed = 1; - if (intval($r[0]['xchan_deleted']) != intval($arr['deleted'])) + if (isset($arr['xchan_deleted']) && intval($r[0]['xchan_deleted']) != intval($arr['deleted'])) $deleted_changed = 1; // new style 6-MAR-2019 @@ -733,7 +744,7 @@ class Libzot { // old style - if (intval($r[0]['xchan_pubforum']) != intval($arr['public_forum'])) + if (isset($arr['public_forum']) && intval($r[0]['xchan_pubforum']) != intval($arr['public_forum'])) $pubforum_changed = 1; @@ -761,10 +772,10 @@ class Libzot { dbesc($arr['name_updated']), dbesc($arr['primary_location']['connections_url']), dbesc($arr['primary_location']['follow_url']), - dbesc($arr['primary_location']['connect_url']), + dbesc($arr['connect_url']), intval(1 - intval($arr['searchable'])), intval($arr['adult_content']), - intval($arr['deleted']), + intval($arr['deleted'] ?? 0), intval($arr['public_forum']), dbesc(escape_tags($arr['primary_location']['address'])), dbesc(escape_tags($arr['primary_location']['url'])), @@ -804,7 +815,7 @@ class Libzot { 'xchan_name_date' => $arr['name_updated'], 'xchan_hidden' => intval(1 - intval($arr['searchable'])), 'xchan_selfcensored' => $arr['adult_content'], - 'xchan_deleted' => $arr['deleted'], + 'xchan_deleted' => $arr['deleted'] ?? 0, 'xchan_pubforum' => $arr['public_forum'] ] ); @@ -885,7 +896,7 @@ class Libzot { else { $r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", - dbescdate(datetime_convert('UTC', 'UTC', $arr['photo_updated'])), + dbescdate(datetime_convert('UTC', 'UTC', $arr['photo']['updated'])), dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), @@ -914,7 +925,7 @@ class Libzot { // Which entries in the update table are we interested in updating? - $address = (($ud_arr && $ud_arr['ud_addr']) ? $ud_arr['ud_addr'] : $arr['address']); + $address = (($ud_arr && $ud_arr['ud_addr']) ? $ud_arr['ud_addr'] : $arr['primary_location']['address']); // Are we a directory server of some kind? @@ -1027,7 +1038,7 @@ class Libzot { // handle remote validation issues $b = q("update dreport set dreport_result = '%s', dreport_time = '%s' where dreport_queue = '%s'", - dbesc(($x['message']) ? $x['message'] : 'unknown delivery error'), + dbesc($x['message'] ?? 'unknown delivery error'), dbesc(datetime_convert()), dbesc($outq['outq_hash']) ); @@ -1298,7 +1309,7 @@ class Libzot { } } - if ($AS->meta['hubloc']) { + if (isset($AS->meta['hubloc']) && $AS->meta['hubloc']) { $arr['item_verified'] = true; } @@ -1306,7 +1317,7 @@ class Libzot { $arr['comment_policy'] = 'authenticated'; } - if ($AS->meta['signed_data']) { + if (isset($AS->meta['signed_data']) && $AS->meta['signed_data']) { IConfig::Set($arr, 'activitypub', 'signed_data', $AS->meta['signed_data'], false); } @@ -1437,7 +1448,7 @@ class Libzot { if ($check_mentions) { // It's a top level post. Look at the tags. See if any of them are mentions and are on this hub. if ($act && $act->obj) { - if (is_array($act->obj['tag']) && $act->obj['tag']) { + if (isset($act->obj['tag']) && is_array($act->obj['tag']) && $act->obj['tag']) { foreach ($act->obj['tag'] as $tag) { if ($tag['type'] === 'Mention' && (strpos($tag['href'], z_root()) !== false)) { $address = basename($tag['href']); @@ -1516,6 +1527,7 @@ class Libzot { foreach ($deliveries as $d) { $local_public = $public; + $item_result = null; $DR = new DReport(z_root(), $sender, $d, $arr['mid']); @@ -1910,7 +1922,7 @@ class Libzot { $stored = (($item_result && $item_result['item']) ? $item_result['item'] : false); if ((is_array($stored)) && ($stored['id'] != $stored['parent']) - && ($stored['author_xchan'] === $channel['channel_hash'] || $stored['author_xchan'] === $channel['channel_hash'])) { + && ($stored['author_xchan'] === $channel['channel_hash'])) { retain_item($stored['item']['parent']); } @@ -1944,7 +1956,7 @@ class Libzot { return false; } - if ($a['data']['type'] !== 'OrderedCollection') { + if (isset($a['data']['type']) && $a['data']['type'] !== 'OrderedCollection') { return false; } @@ -1978,13 +1990,18 @@ class Libzot { logger('FOF Activity rejected: ' . print_r($activity, true)); continue; } - $arr = Activity::decode_note($AS); // logger($AS->debug()); + if(empty($AS->actor['id'])) { + logger('No actor id!'); + continue; + } + $r = q("select hubloc_hash, hubloc_network from hubloc where hubloc_id_url = '%s'", dbesc($AS->actor['id']) ); + $r = self::zot_record_preferred($r); if (!$r) { @@ -2001,7 +2018,7 @@ class Libzot { } } - if ($AS->obj['actor'] && $AS->obj['actor']['id'] && $AS->obj['actor']['id'] !== $AS->actor['id']) { + if (isset($AS->obj['actor']['id']) && $AS->obj['actor']['id'] !== $AS->actor['id']) { $y = import_author_xchan(['url' => $AS->obj['actor']['id']]); if (!$y) { logger('FOF Activity: no object actor'); @@ -2009,6 +2026,12 @@ class Libzot { } } + $arr = Activity::decode_note($AS); + + if (!$arr) { + continue; + } + if ($r) { $arr['author_xchan'] = $r['hubloc_hash']; } @@ -2478,32 +2501,32 @@ class Libzot { } $site_directory = 0; - if ($arr['directory_mode'] == 'normal') + if (isset($arr['directory_mode']) && $arr['directory_mode'] == 'normal') $site_directory = DIRECTORY_MODE_NORMAL; - if ($arr['directory_mode'] == 'primary') + if (isset($arr['directory_mode']) && $arr['directory_mode'] == 'primary') $site_directory = DIRECTORY_MODE_PRIMARY; - if ($arr['directory_mode'] == 'secondary') + if (isset($arr['directory_mode']) && $arr['directory_mode'] == 'secondary') $site_directory = DIRECTORY_MODE_SECONDARY; - if ($arr['directory_mode'] == 'standalone') + if (isset($arr['directory_mode']) && $arr['directory_mode'] == 'standalone') $site_directory = DIRECTORY_MODE_STANDALONE; $register_policy = 0; - if ($arr['register_policy'] == 'closed') + if (isset($arr['register_policy']) && $arr['register_policy'] == 'closed') $register_policy = REGISTER_CLOSED; - if ($arr['register_policy'] == 'open') + if (isset($arr['register_policy']) && $arr['register_policy'] == 'open') $register_policy = REGISTER_OPEN; - if ($arr['register_policy'] == 'approve') + if (isset($arr['register_policy']) && $arr['register_policy'] == 'approve') $register_policy = REGISTER_APPROVE; $access_policy = 0; if (array_key_exists('access_policy', $arr)) { - if ($arr['access_policy'] === 'private') + if (isset($arr['access_policy']) && $arr['access_policy'] === 'private') $access_policy = ACCESS_PRIVATE; - if ($arr['access_policy'] === 'paid') + if (isset($arr['access_policy']) && $arr['access_policy'] === 'paid') $access_policy = ACCESS_PAID; - if ($arr['access_policy'] === 'free') + if (isset($arr['access_policy']) && $arr['access_policy'] === 'free') $access_policy = ACCESS_FREE; - if ($arr['access_policy'] === 'tiered') + if (isset($arr['access_policy']) && $arr['access_policy'] === 'tiered') $access_policy = ACCESS_TIERED; } @@ -2916,7 +2939,7 @@ class Libzot { $ret['mail'] = map_scope(PermissionLimits::Get($e['channel_id'], 'post_mail')); if ($deleted) - $ret['deleted'] = $deleted; + $ret['deleted'] = true; if (intval($e['channel_removed'])) { $ret['deleted_locally'] = true; @@ -2988,18 +3011,17 @@ class Libzot { $signing_key = get_config('system', 'prvkey'); $sig_method = get_config('system', 'signature_algorithm', 'sha256'); - $ret = []; - $ret['site'] = []; - $ret['site']['url'] = z_root(); - $ret['site']['site_sig'] = self::sign(z_root(), $signing_key); - $ret['site']['post'] = z_root() . '/zot'; - $ret['site']['openWebAuth'] = z_root() . '/owa'; - $ret['site']['authRedirect'] = z_root() . '/magic'; - $ret['site']['sitekey'] = get_config('system', 'pubkey'); + $ret = []; + $ret['site'] = []; + $ret['site']['url'] = z_root(); + $ret['site']['site_sig'] = self::sign(z_root(), $signing_key); + $ret['site']['post'] = z_root() . '/zot'; + $ret['site']['openWebAuth'] = z_root() . '/owa'; + $ret['site']['authRedirect'] = z_root() . '/magic'; + $ret['site']['sitekey'] = get_config('system', 'pubkey'); + $ret['site']['directory_mode'] = 'normal'; $dirmode = get_config('system', 'directory_mode'); - if (($dirmode === false) || ($dirmode == DIRECTORY_MODE_NORMAL)) - $ret['site']['directory_mode'] = 'normal'; if ($dirmode == DIRECTORY_MODE_PRIMARY) $ret['site']['directory_mode'] = 'primary'; diff --git a/Zotlabs/Lib/Libzotdir.php b/Zotlabs/Lib/Libzotdir.php index 4f35a1b80..fa691080f 100644 --- a/Zotlabs/Lib/Libzotdir.php +++ b/Zotlabs/Lib/Libzotdir.php @@ -145,8 +145,8 @@ class Libzotdir { if(! $directory_sort_order) $directory_sort_order = 'date'; - $current_order = (($_REQUEST['order']) ? $_REQUEST['order'] : $directory_sort_order); - $suggest = (($_REQUEST['suggest']) ? '&suggest=' . $_REQUEST['suggest'] : ''); + $current_order = $_REQUEST['order'] ?? $directory_sort_order; + $suggest = ((isset($_REQUEST['suggest'])) ? '&suggest=' . $_REQUEST['suggest'] : ''); $url = 'directory?f='; @@ -453,22 +453,29 @@ class Libzotdir { if (! $hash) return false; - $arr = array(); - - $arr['xprof_hash'] = $hash; - $arr['xprof_dob'] = (($profile['birthday'] === '0000-00-00') ? $profile['birthday'] : datetime_convert('','',$profile['birthday'],'Y-m-d')); // !!!! check this for 0000 year - $arr['xprof_age'] = (($profile['age']) ? intval($profile['age']) : 0); - $arr['xprof_desc'] = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_gender'] = (($profile['gender']) ? htmlspecialchars($profile['gender'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_marital'] = (($profile['marital']) ? htmlspecialchars($profile['marital'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_sexual'] = (($profile['sexual']) ? htmlspecialchars($profile['sexual'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_locale'] = (($profile['locale']) ? htmlspecialchars($profile['locale'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_region'] = (($profile['region']) ? htmlspecialchars($profile['region'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_postcode'] = (($profile['postcode']) ? htmlspecialchars($profile['postcode'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_country'] = (($profile['country']) ? htmlspecialchars($profile['country'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_about'] = (($profile['about']) ? htmlspecialchars($profile['about'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_homepage'] = (($profile['homepage']) ? htmlspecialchars($profile['homepage'], ENT_COMPAT,'UTF-8',false) : ''); - $arr['xprof_hometown'] = (($profile['hometown']) ? htmlspecialchars($profile['hometown'], ENT_COMPAT,'UTF-8',false) : ''); + $arr = []; + + $arr['xprof_hash'] = $hash; + $arr['xprof_dob'] = '0000-00-00'; + + if (isset($profile['birthday'])) { + $arr['xprof_dob'] = (($profile['birthday'] === '0000-00-00') + ? $profile['birthday'] + : datetime_convert('', '', $profile['birthday'], 'Y-m-d')); // !!!! check this for 0000 year + } + + $arr['xprof_age'] = ((isset($profile['age']) && $profile['age']) ? intval($profile['age']) : 0); + $arr['xprof_desc'] = ((isset($profile['description']) && $profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_gender'] = ((isset($profile['gender']) && $profile['gender']) ? htmlspecialchars($profile['gender'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_marital'] = ((isset($profile['marital']) && $profile['marital']) ? htmlspecialchars($profile['marital'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_sexual'] = ((isset($profile['sexual']) && $profile['sexual']) ? htmlspecialchars($profile['sexual'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_locale'] = ((isset($profile['locale']) && $profile['locale']) ? htmlspecialchars($profile['locale'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_region'] = ((isset($profile['region']) && $profile['region']) ? htmlspecialchars($profile['region'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_postcode'] = ((isset($profile['postcode']) && $profile['postcode']) ? htmlspecialchars($profile['postcode'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_country'] = ((isset($profile['country']) && $profile['country']) ? htmlspecialchars($profile['country'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_about'] = ((isset($profile['about']) && $profile['about']) ? htmlspecialchars($profile['about'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_homepage'] = ((isset($profile['homepage']) && $profile['homepage']) ? htmlspecialchars($profile['homepage'], ENT_COMPAT,'UTF-8',false) : ''); + $arr['xprof_hometown'] = ((isset($profile['hometown']) && $profile['hometown']) ? htmlspecialchars($profile['hometown'], ENT_COMPAT,'UTF-8',false) : ''); $clean = array(); if (array_key_exists('keywords', $profile) and is_array($profile['keywords'])) { diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index 8cc0f6aa5..472e2c6db 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -240,6 +240,7 @@ class ThreadItem { } $like_button_label = tt('Like','Likes',$like_count,'noun'); + $showdislike = ''; if (feature_enabled($conv->get_profile_owner(),'dislike')) { $dislike_count = ((x($conv_responses['dislike'],$item['mid'])) ? $conv_responses['dislike'][$item['mid']] : ''); $dislike_list = ((x($conv_responses['dislike'],$item['mid'])) ? $conv_responses['dislike'][$item['mid'] . '-l'] : ''); @@ -250,11 +251,11 @@ class ThreadItem { } else { $dislike_list_part = ''; } + + $showdislike = ((x($conv_responses['dislike'],$item['mid'])) ? format_like($conv_responses['dislike'][$item['mid']],$conv_responses['dislike'][$item['mid'] . '-l'],'dislike',$item['mid']) : ''); } $showlike = ((x($conv_responses['like'],$item['mid'])) ? format_like($conv_responses['like'][$item['mid']],$conv_responses['like'][$item['mid'] . '-l'],'like',$item['mid']) : ''); - $showdislike = ((x($conv_responses['dislike'],$item['mid']) && feature_enabled($conv->get_profile_owner(),'dislike')) - ? format_like($conv_responses['dislike'][$item['mid']],$conv_responses['dislike'][$item['mid'] . '-l'],'dislike',$item['mid']) : ''); /* * We should avoid doing this all the time, but it depends on the conversation mode @@ -298,7 +299,7 @@ class ThreadItem { } $has_bookmarks = false; - if(Apps::system_app_installed(local_channel(), 'Bookmarks') && is_array($item['term'])) { + if(Apps::system_app_installed(local_channel(), 'Bookmarks') && isset($item['term']) && is_array($item['term'])) { foreach($item['term'] as $t) { if(($t['ttype'] == TERM_BOOKMARK)) $has_bookmarks = true; diff --git a/Zotlabs/Lib/Webfinger.php b/Zotlabs/Lib/Webfinger.php index 8484fb797..16d54010c 100644 --- a/Zotlabs/Lib/Webfinger.php +++ b/Zotlabs/Lib/Webfinger.php @@ -53,7 +53,7 @@ class Webfinger { if(strpos($resource,'http') === 0) { $m = parse_url($resource); if($m) { - if($m['scheme'] !== 'https') { + if(isset($m['scheme']) && $m['scheme'] !== 'https') { return false; } self::$server = $m['host'] . ((isset($m['port'])) ? ':' . $m['port'] : ''); diff --git a/Zotlabs/Lib/XConfig.php b/Zotlabs/Lib/XConfig.php index c5a108ac9..76ac8dc7a 100644 --- a/Zotlabs/Lib/XConfig.php +++ b/Zotlabs/Lib/XConfig.php @@ -162,7 +162,7 @@ class XConfig { */ static public function Delete($xchan, $family, $key) { - if(x(\App::$config[$xchan][$family], $key)) + if(isset(\App::$config[$xchan][$family][$key])) unset(\App::$config[$xchan][$family][$key]); $ret = q("DELETE FROM xconfig WHERE xchan = '%s' AND cat = '%s' AND k = '%s'", diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index 9dc422e6b..f8c6232c5 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -284,7 +284,7 @@ class Acl extends \Zotlabs\Web\Controller { } elseif($type == 'm') { $r = array(); - $z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url + $z = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and xchan_deleted = 0 diff --git a/Zotlabs/Module/Admin/Addons.php b/Zotlabs/Module/Admin/Addons.php index b67ab7b3a..e088353e3 100644 --- a/Zotlabs/Module/Admin/Addons.php +++ b/Zotlabs/Module/Admin/Addons.php @@ -77,6 +77,7 @@ class Addons { } catch (\PHPGit\Exception\GitException $e) { json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false)); } + break; case 'removerepo': if (array_key_exists('repoName', $_REQUEST)) { $repoName = $_REQUEST['repoName']; @@ -111,6 +112,7 @@ class Addons { } else { json_return_and_die(array('message' => 'Error deleting addon repo.', 'success' => false)); } + break; case 'installrepo': if (array_key_exists('repoURL', $_REQUEST)) { require_once('library/PHPGit.autoload.php'); // Load PHPGit dependencies @@ -172,6 +174,7 @@ class Addons { $repo = $git->probeRepo(); json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true)); } + break; case 'addrepo': if (array_key_exists('repoURL', $_REQUEST)) { require_once('library/PHPGit.autoload.php'); // Load PHPGit dependencies diff --git a/Zotlabs/Module/Admin/Dbsync.php b/Zotlabs/Module/Admin/Dbsync.php index 183834301..b68e7bbc2 100644 --- a/Zotlabs/Module/Admin/Dbsync.php +++ b/Zotlabs/Module/Admin/Dbsync.php @@ -5,11 +5,11 @@ namespace Zotlabs\Module\Admin; class Dbsync { - + function get() { $o = ''; - + if(argc() > 3 && intval(argv(3)) && argv(2) === 'mark') { // remove the old style config if it exists del_config('database', 'update_r' . intval(argv(3))); @@ -29,7 +29,7 @@ class Dbsync { if(method_exists($c,'verify')) { $retval = $c->verify(); if($retval === UPDATE_FAILED) { - $o .= sprintf( t('Verification of update %s failed. Check system logs.'), $s); + $o .= sprintf( t('Verification of update %s failed. Check system logs.'), $s); } elseif($retval === UPDATE_SUCCESS) { $o .= sprintf( t('Update %s was successfully applied.'), $s); @@ -44,20 +44,8 @@ class Dbsync { } else $o .= sprintf( t('Update function %s could not be found.'), $s); - - return $o; - - - - - // remove the old style config if it exists - del_config('database', 'update_r' . intval(argv(3))); - set_config('database', '_' . intval(argv(3)), 'success'); - if(intval(get_config('system','db_version')) < intval(argv(3))) - set_config('system','db_version',intval(argv(3))); - info( t('Update has been marked successful') . EOL); - goaway(z_root() . '/admin/dbsync'); + return $o; } if(argc() > 2 && intval(argv(2))) { @@ -68,7 +56,7 @@ class Dbsync { $c = new $cls(); $retval = $c->run(); if($retval === UPDATE_FAILED) { - $o .= sprintf( t('Executing update procedure %s failed. Check system logs.'), $s); + $o .= sprintf( t('Executing update procedure %s failed. Check system logs.'), $s); } elseif($retval === UPDATE_SUCCESS) { $o .= sprintf( t('Update %s was successfully applied.'), $s); @@ -79,10 +67,10 @@ class Dbsync { } else $o .= sprintf( t('Update function %s could not be found.'), $s); - + return $o; } - + $failed = array(); $r = q("select * from config where cat = 'database' "); if(count($r)) { @@ -107,7 +95,7 @@ class Dbsync { else { return '<div class="generic-content-wrapper-styled"><h3>' . t('No failed updates.') . '</h3></div>'; } - + return $o; } -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index f6e3ab12b..85f81e344 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -129,7 +129,7 @@ class Site { set_config('system', 'register_duty', $this->register_duty); set_config('system', 'register_duty_jso', $this->joo); } else { - notice('ZAR0130E,'.t('Errors') . ': ' . $this->error) . EOL . $this->msgfg; + notice('ZAR0130E,' . t('Errors') . ': ' . $this->error . EOL . $this->msgfg . EOL); } } } diff --git a/Zotlabs/Module/Appman.php b/Zotlabs/Module/Appman.php index d287115d4..34f5f453d 100644 --- a/Zotlabs/Module/Appman.php +++ b/Zotlabs/Module/Appman.php @@ -13,7 +13,7 @@ class Appman extends \Zotlabs\Web\Controller { if(! local_channel()) return; - if($_POST['url']) { + if(isset($_POST['url']) && $_POST['url']) { $arr = array( 'uid' => intval($_REQUEST['uid']), 'url' => escape_tags($_REQUEST['url']), @@ -50,7 +50,7 @@ class Appman extends \Zotlabs\Web\Controller { return; } - if($_POST['install']) { + if(isset($_POST['install']) && $_POST['install']) { Apps::app_install(local_channel(),$papp); if(Apps::app_installed(local_channel(),$papp)) info( t('App installed.') . EOL); @@ -65,15 +65,15 @@ class Appman extends \Zotlabs\Web\Controller { } if (intval($sync[0]['app_system'])) { - Libsync::build_sync_packet($uid, ['sysapp' => $sync]); + Libsync::build_sync_packet(local_channel(), ['sysapp' => $sync]); } else { - Libsync::build_sync_packet($uid, ['app' => $sync]); + Libsync::build_sync_packet(local_channel(), ['app' => $sync]); } } - if($_POST['delete']) { + if(isset($_POST['delete']) && $_POST['delete']) { // Fetch the app for sync before it is deleted (if it is deletable)) $sync = q("SELECT * FROM app WHERE app_channel = %d AND app_id = '%s' LIMIT 1", @@ -91,18 +91,18 @@ class Appman extends \Zotlabs\Web\Controller { $sync[0]['app_deleted'] = 1; if (intval($sync[0]['app_system'])) { - Libsync::build_sync_packet($uid, ['sysapp' => $sync]); + Libsync::build_sync_packet(local_channel(), ['sysapp' => $sync]); } else { - Libsync::build_sync_packet($uid, ['app' => $sync]); + Libsync::build_sync_packet(local_channel(), ['app' => $sync]); } } - if($_POST['edit']) { + if(isset($_POST['edit']) && $_POST['edit']) { return; } - if($_POST['feature']) { + if(isset($_POST['feature']) && $_POST['feature']) { Apps::app_feature(local_channel(), $papp, $_POST['feature']); $sync = q("SELECT * FROM app WHERE app_channel = %d AND app_id = '%s' LIMIT 1", @@ -111,14 +111,14 @@ class Appman extends \Zotlabs\Web\Controller { ); if (intval($sync[0]['app_system'])) { - Libsync::build_sync_packet($uid, ['sysapp' => $sync]); + Libsync::build_sync_packet(local_channel(), ['sysapp' => $sync]); } else { - Libsync::build_sync_packet($uid, ['app' => $sync]); + Libsync::build_sync_packet(local_channel(), ['app' => $sync]); } } - if($_POST['pin']) { + if(isset($_POST['pin']) && $_POST['pin']) { Apps::app_feature(local_channel(), $papp, $_POST['pin']); $sync = q("SELECT * FROM app WHERE app_channel = %d AND app_id = '%s' LIMIT 1", @@ -127,14 +127,14 @@ class Appman extends \Zotlabs\Web\Controller { ); if (intval($sync[0]['app_system'])) { - Libsync::build_sync_packet($uid, ['sysapp' => $sync]); + Libsync::build_sync_packet(local_channel(), ['sysapp' => $sync]); } else { - Libsync::build_sync_packet($uid, ['app' => $sync]); + Libsync::build_sync_packet(local_channel(), ['app' => $sync]); } } - if($_POST['aj']) { + if(isset($_POST['aj']) && $_POST['aj']) { killme(); } @@ -171,7 +171,7 @@ class Appman extends \Zotlabs\Web\Controller { $app = null; $embed = null; - if($_REQUEST['appid']) { + if(isset($_REQUEST['appid']) && $_REQUEST['appid']) { $r = q("select * from app where app_id = '%s' and app_channel = %d limit 1", dbesc($_REQUEST['appid']), dbesc(local_channel()) @@ -200,27 +200,25 @@ class Appman extends \Zotlabs\Web\Controller { } return replace_macros(get_markup_template('app_create.tpl'), array( - '$banner' => (($app) ? t('Edit App') : t('Create App')), '$app' => $app, - '$guid' => (($app) ? $app['app_id'] : ''), - '$author' => (($app) ? $app['app_author'] : $channel['channel_hash']), - '$addr' => (($app) ? $app['app_addr'] : $channel['xchan_addr']), - '$name' => array('name', t('Name of app'),(($app) ? $app['app_name'] : ''), t('Required')), - '$url' => array('url', t('Location (URL) of app'),(($app) ? $app['app_url'] : ''), t('Required')), - '$desc' => array('desc', t('Description'),(($app) ? $app['app_desc'] : ''), ''), - '$photo' => array('photo', t('Photo icon URL'),(($app) ? $app['app_photo'] : ''), t('80 x 80 pixels - optional')), - '$categories' => array('categories',t('Categories (optional, comma separated list)'),(($app) ? $app['categories'] : ''),''), - '$version' => array('version', t('Version ID'),(($app) ? $app['app_version'] : ''), ''), - '$price' => array('price', t('Price of app'),(($app) ? $app['app_price'] : ''), ''), - '$page' => array('page', t('Location (URL) to purchase app'),(($app) ? $app['app_page'] : ''), ''), - '$system' => (($app) ? intval($app['app_system']) : 0), - '$plugin' => (($app) ? $app['app_plugin'] : ''), - '$requires' => (($app) ? $app['app_requires'] : ''), + '$guid' => $app['app_id'] ?? '', + '$author' => $app['app_author'] ?? $channel['channel_hash'], + '$addr' => $app['app_addr'] ?? $channel['xchan_addr'], + '$name' => array('name', t('Name of app'), $app['app_name'] ?? '', t('Required')), + '$url' => array('url', t('Location (URL) of app'), $app['app_url'] ?? '', t('Required')), + '$desc' => array('desc', t('Description'), $app['app_desc'] ?? '', ''), + '$photo' => array('photo', t('Photo icon URL'),$app['app_photo'] ?? '', t('80 x 80 pixels - optional')), + '$categories' => array('categories',t('Categories (optional, comma separated list)'), $app['categories'] ?? '',''), + '$version' => array('version', t('Version ID'), $app['app_version'] ?? '', ''), + '$price' => array('price', t('Price of app'), $app['app_price'] ?? '', ''), + '$page' => array('page', t('Location (URL) to purchase app'), $app['app_page'] ?? '', ''), + '$system' => $app['app_system'] ?? 0, + '$plugin' => $app['app_plugin'] ?? '', + '$requires' => $app['app_requires'] ?? '', '$embed' => $embed, '$submit' => t('Submit') )); - } } diff --git a/Zotlabs/Module/Apps.php b/Zotlabs/Module/Apps.php index 77d1f2aec..a955d572a 100644 --- a/Zotlabs/Module/Apps.php +++ b/Zotlabs/Module/Apps.php @@ -19,7 +19,8 @@ class Apps extends \Zotlabs\Web\Controller { $_SESSION['return_url'] = \App::$query_string; - $apps = array(); + $apps = []; + $cat = []; if(local_channel()) { Zlib\Apps::import_system_apps(); diff --git a/Zotlabs/Module/Blocks.php b/Zotlabs/Module/Blocks.php index fde30a6dd..e0de23fdb 100644 --- a/Zotlabs/Module/Blocks.php +++ b/Zotlabs/Module/Blocks.php @@ -9,43 +9,43 @@ require_once('include/acl_selectors.php'); class Blocks extends \Zotlabs\Web\Controller { function init() { - + if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) { $sys = get_sys_channel(); if($sys && intval($sys['channel_id'])) { \App::$is_sys = true; } } - + if(argc() > 1) $which = argv(1); else return; - + profile_load($which); - + } - - + + function get() { - + if(! \App::$profile) { notice( t('Requested profile is not available.') . EOL ); \App::$error = 404; return; } - + $which = argv(1); - + $_SESSION['return_url'] = \App::$query_string; - + $uid = local_channel(); $owner = 0; $channel = null; $observer = \App::get_observer(); - + $channel = \App::get_channel(); - + if(\App::$is_sys && is_site_admin()) { $sys = get_sys_channel(); if($sys && intval($sys['channel_id'])) { @@ -54,7 +54,7 @@ class Blocks extends \Zotlabs\Web\Controller { $observer = $sys; } } - + if(! $owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", @@ -64,24 +64,24 @@ class Blocks extends \Zotlabs\Web\Controller { $owner = intval($r[0]['channel_id']); } } - + $ob_hash = (($observer) ? $observer['xchan_hash'] : ''); - + $perms = get_all_perms($owner,$ob_hash); - + if(! $perms['write_pages']) { notice( t('Permission denied.') . EOL); return; } - - // Block design features from visitors - + + // Block design features from visitors + if((! $uid) || ($uid != $owner)) { notice( t('Permission denied.') . EOL); return; } - - $mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); + + $mimetype = ((isset($_REQUEST['mimetype']) && $_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); $x = array( 'webpage' => ITEM_TYPE_BLOCK, @@ -101,27 +101,25 @@ class Blocks extends \Zotlabs\Web\Controller { 'bbco_autocomplete' => 'bbcode', 'bbcode' => true ); - - if($_REQUEST['title']) - $x['title'] = $_REQUEST['title']; - if($_REQUEST['body']) - $x['body'] = $_REQUEST['body']; - if($_REQUEST['pagetitle']) - $x['pagetitle'] = $_REQUEST['pagetitle']; - + + $x['title'] = $_REQUEST['title'] ?? ''; + $x['body'] = $_REQUEST['body'] ?? ''; + $x['pagetitle'] = $_REQUEST['pagetitle'] ?? ''; + + $a = ''; $editor = status_editor($a,$x,false,'Blocks'); - - $r = q("select iconfig.iid, iconfig.k, iconfig.v, mid, title, body, mimetype, created, edited from iconfig + + $r = q("select iconfig.iid, iconfig.k, iconfig.v, mid, title, body, mimetype, created, edited from iconfig left join item on iconfig.iid = item.id - where uid = %d and iconfig.cat = 'system' and iconfig.k = 'BUILDBLOCK' + where uid = %d and iconfig.cat = 'system' and iconfig.k = 'BUILDBLOCK' and item_type = %d order by item.created desc", intval($owner), intval(ITEM_TYPE_BLOCK) ); - + $pages = null; - + if($r) { $pages = array(); foreach($r as $rr) { @@ -143,13 +141,13 @@ class Blocks extends \Zotlabs\Web\Controller { 'edited' => $rr['edited'], 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]' ); - } + } } - + //Build the base URL for edit links - $url = z_root() . '/editblock/' . $which; - - $o .= replace_macros(get_markup_template('blocklist.tpl'), array( + $url = z_root() . '/editblock/' . $which; + + $o = replace_macros(get_markup_template('blocklist.tpl'), array( '$baseurl' => $url, '$title' => t('Blocks'), '$name' => t('Block Name'), @@ -166,8 +164,8 @@ class Blocks extends \Zotlabs\Web\Controller { '$view' => t('View'), '$preview' => '1', )); - + return $o; } - + } diff --git a/Zotlabs/Module/Cal.php b/Zotlabs/Module/Cal.php index 329150424..9049fe7d0 100644 --- a/Zotlabs/Module/Cal.php +++ b/Zotlabs/Module/Cal.php @@ -39,7 +39,7 @@ class Cal extends Controller { head_set_icon(App::$data['channel']['xchan_photo_s']); - App::$page['htmlhead'] .= "<script> var profile_uid = " . ((App::$data['channel']) ? App::$data['channel']['channel_id'] : 0) . "; </script>" ; + App::$page['htmlhead'] = "<script> var profile_uid = " . ((App::$data['channel']) ? App::$data['channel']['channel_id'] : 0) . "; </script>" ; } diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index 599552545..e68b2e5b4 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -200,7 +200,7 @@ class Cdav extends Controller { $etag = (isset($_SERVER['HTTP_IF_MATCH']) ? $_SERVER['HTTP_IF_MATCH'] : false); // delete - if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag) { + if($httpmethod === 'DELETE' && $etag && isset($cdavdata['etag']) && $cdavdata['etag'] == $etag) { Libsync::build_sync_packet($channel['channel_id'], [ $sync => [ 'action' => 'delete_card', @@ -210,7 +210,7 @@ class Cdav extends Controller { ]); } else { - if($etag && $cdavdata['etag'] !== $etag) { + if($etag && isset($cdavdata['etag']) && $cdavdata['etag'] !== $etag) { // update Libsync::build_sync_packet($channel['channel_id'], [ $sync => [ @@ -317,7 +317,7 @@ class Cdav extends Controller { $calendars = $caldavBackend->getCalendarsForUser($principalUri); //create new calendar - if($_REQUEST['{DAV:}displayname'] && $_REQUEST['create']) { + if((isset($_REQUEST['{DAV:}displayname']) && $_REQUEST['{DAV:}displayname']) && (isset($_REQUEST['create']) && $_REQUEST['create'])) { do { $duplicate = false; $calendarUri = random_string(40); @@ -352,7 +352,7 @@ class Cdav extends Controller { } //create new calendar object via ajax request - if($_REQUEST['submit'] === 'create_event' && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) { + if((isset($_REQUEST['submit']) && $_REQUEST['submit'] === 'create_event') && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) { $id = explode(':', $_REQUEST['target']); @@ -431,7 +431,7 @@ class Cdav extends Controller { } //edit calendar name and color - if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && $_REQUEST['id']) { + if((isset($_REQUEST['{DAV:}displayname']) && $_REQUEST['{DAV:}displayname']) && $_REQUEST['edit'] && $_REQUEST['id']) { $id = explode(':', $_REQUEST['id']); @@ -459,7 +459,7 @@ class Cdav extends Controller { } //edit calendar object via ajax request - if($_REQUEST['submit'] === 'update_event' && $_REQUEST['uri'] && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) { + if((isset($_REQUEST['submit']) && $_REQUEST['submit'] === 'update_event') && $_REQUEST['uri'] && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) { $id = explode(':', $_REQUEST['target']); @@ -914,6 +914,7 @@ class Cdav extends Controller { head_add_js('/library/fullcalendar/packages/timegrid/main.min.js'); head_add_js('/library/fullcalendar/packages/list/main.min.js'); + $o = ''; $sources = ''; $resource_id = ''; $resource = null; @@ -921,6 +922,8 @@ class Cdav extends Controller { if(argc() == 3) $resource_id = argv(2); + $categories = ''; + if($resource_id) { $r = q("SELECT event.*, item.author_xchan, item.owner_xchan, item.plink, item.id as item_id FROM event LEFT JOIN item ON event.event_hash = item.resource_id WHERE event.uid = %d AND event.event_hash = '%s' LIMIT 1", @@ -944,7 +947,6 @@ class Cdav extends Controller { $resource = $r[0]; $catsenabled = feature_enabled(local_channel(),'categories'); - $categories = ''; if($catsenabled){ if($r[0]['term']) { $cats = get_terms_oftype($r[0]['term'], TERM_CATEGORY); diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 24a3fd44f..0874551d6 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -294,7 +294,7 @@ class Channel extends Controller { $abook_uids = " and abook.abook_channel = " . intval(App::$profile['profile_uid']) . " "; $simple_update = ''; - if ($update && $_SESSION['loadtime']) + if ($update && isset($_SESSION['loadtime'])) $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) "; if ($search) { diff --git a/Zotlabs/Module/Channel_calendar.php b/Zotlabs/Module/Channel_calendar.php index 26c6aaf40..289e3a734 100644 --- a/Zotlabs/Module/Channel_calendar.php +++ b/Zotlabs/Module/Channel_calendar.php @@ -30,7 +30,7 @@ class Channel_calendar extends Controller { $xchan = ((x($_POST, 'xchan')) ? dbesc($_POST['xchan']) : ''); - // only allow editing your own events. + // only allow editing your own events. if (($xchan) && ($xchan !== get_observer_hash())) return; @@ -55,8 +55,8 @@ class Channel_calendar extends Controller { // Don't allow the event to finish before it begins. // It won't hurt anything, but somebody will file a bug report - // and we'll waste a bunch of time responding to it. Time that - // could've been spent doing something else. + // and we'll waste a bunch of time responding to it. Time that + // could've been spent doing something else. if (strcmp($finish, $start) < 0) { notice(t('Event can not end before it has started.') . EOL); @@ -319,12 +319,12 @@ class Channel_calendar extends Controller { // fixed an issue with "nofinish" events not showing up in the calendar. // There's still an issue if the finish date crosses the end of month. // Noting this for now - it will need to be fixed here and in Friendica. - // Ultimately the finish date shouldn't be involved in the query. + // Ultimately the finish date shouldn't be involved in the query. $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id - from event left join item on event.event_hash = item.resource_id - where item.resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored - AND (( event.adjust = 0 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' ) + from event left join item on event.event_hash = item.resource_id + where item.resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored + AND (( event.adjust = 0 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' ) OR ( event.adjust = 1 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' )) ", intval(local_channel()), dbesc($start), @@ -357,7 +357,7 @@ class Channel_calendar extends Controller { $catsenabled = feature_enabled(local_channel(), 'categories'); $categories = ''; if ($catsenabled) { - if ($rr['term']) { + if (isset($rr['term']) && $rr['term']) { $cats = get_terms_oftype($rr['term'], TERM_CATEGORY); foreach ($cats as $cat) { if (strlen($categories)) @@ -449,7 +449,7 @@ class Channel_calendar extends Controller { } // The site admin can delete any post/item on the site. - // If the item originated on this site+channel the deletion will propagate downstream. + // If the item originated on this site+channel the deletion will propagate downstream. // Otherwise just the local copy is removed. if (is_site_admin()) { diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index fc1146023..f43432376 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -16,17 +16,17 @@ class Chanview extends \Zotlabs\Web\Controller { $r = null; - if($_REQUEST['hash']) { + if(isset($_REQUEST['hash']) && $_REQUEST['hash']) { $r = q("select * from xchan where xchan_hash = '%s' and xchan_deleted = 0", dbesc($_REQUEST['hash']) ); } - if($_REQUEST['address']) { + if(isset($_REQUEST['address']) && $_REQUEST['address']) { $r = q("select * from xchan where xchan_addr = '%s' and xchan_deleted = 0", dbesc(punify($_REQUEST['address'])) ); } - elseif(local_channel() && intval($_REQUEST['cid'])) { + elseif(local_channel() && isset($_REQUEST['cid']) && $_REQUEST['cid']) { $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and abook_id = %d and xchan_deleted = 0", @@ -34,7 +34,7 @@ class Chanview extends \Zotlabs\Web\Controller { intval($_REQUEST['cid']) ); } - elseif($_REQUEST['url']) { + elseif(isset($_REQUEST['url']) && $_REQUEST['url']) { // if somebody re-installed they will have more than one xchan, use the most recent name date as this is // the most useful consistently ascending table item we have. @@ -56,7 +56,7 @@ class Chanview extends \Zotlabs\Web\Controller { if(! App::$poi) { logger('mod_chanview: fallback'); - if($_REQUEST['address']) { + if(isset($_REQUEST['address']) && $_REQUEST['address']) { $href = Webfinger::zot_url(punify($_REQUEST['address'])); if($href) { $_REQUEST['url'] = $href; @@ -65,7 +65,7 @@ class Chanview extends \Zotlabs\Web\Controller { $r = null; - if($_REQUEST['url']) { + if(isset($_REQUEST['url']) && $_REQUEST['url']) { $zf = Zotfinger::exec($_REQUEST['url'], null); diff --git a/Zotlabs/Module/Chat.php b/Zotlabs/Module/Chat.php index 323471161..efe098739 100644 --- a/Zotlabs/Module/Chat.php +++ b/Zotlabs/Module/Chat.php @@ -174,7 +174,8 @@ class Chat extends Controller { $x = Chatroom::enter($observer,$room_id,'online',$_SERVER['REMOTE_ADDR']); if(! $x) return; - $x = q("select * from chatroom where cr_id = %d and cr_uid = %d $sql_extra limit 1", + + $x = q("select * from chatroom where cr_id = %d and cr_uid = %d limit 1", intval($room_id), intval(App::$profile['profile_uid']) ); diff --git a/Zotlabs/Module/Chatsvc.php b/Zotlabs/Module/Chatsvc.php index d6708d95c..2f2784fc4 100644 --- a/Zotlabs/Module/Chatsvc.php +++ b/Zotlabs/Module/Chatsvc.php @@ -1,6 +1,6 @@ <?php /** @file */ -namespace Zotlabs\Module; +namespace Zotlabs\Module; require_once('include/security.php'); @@ -9,76 +9,76 @@ use \Zotlabs\Lib as Zlib; class Chatsvc extends \Zotlabs\Web\Controller { function init() { - + //logger('chatsvc'); - + $ret = array('success' => false); - + \App::$data['chat']['room_id'] = intval($_REQUEST['room_id']); $x = q("select cr_uid from chatroom where cr_id = %d and cr_id != 0 limit 1", intval(\App::$data['chat']['room_id']) ); if(! $x) json_return_and_die($ret); - + \App::$data['chat']['uid'] = $x[0]['cr_uid']; - + if(! perm_is_allowed(\App::$data['chat']['uid'],get_observer_hash(),'chat')) { json_return_and_die($ret); } - + } - + function post() { - + $ret = array('success' => false); - + $room_id = \App::$data['chat']['room_id']; $text = escape_tags($_REQUEST['chat_text']); if(! $text) return; - + $sql_extra = permissions_sql(\App::$data['chat']['uid']); - + $r = q("select * from chatroom where cr_uid = %d and cr_id = %d $sql_extra", intval(\App::$data['chat']['uid']), intval(\App::$data['chat']['room_id']) ); if(! $r) json_return_and_die($ret); - + $arr = array( 'chat_room' => \App::$data['chat']['room_id'], 'chat_xchan' => get_observer_hash(), 'chat_text' => $text ); - + call_hooks('chat_post',$arr); - + $x = q("insert into chat ( chat_room, chat_xchan, created, chat_text ) values( %d, '%s', '%s', '%s' )", intval(\App::$data['chat']['room_id']), dbesc(get_observer_hash()), dbesc(datetime_convert()), - dbesc(str_rot47(base64url_encode($arr['chat_text']))) + dbesc(str_rot47(base64url_encode($arr['chat_text']))) ); - + $ret['success'] = true; json_return_and_die($ret); } - + function get() { - - $status = strip_tags($_REQUEST['status']); + + $status = ((isset($_REQUEST['status'])) ? strip_tags($_REQUEST['status']) : ''); $room_id = intval(\App::$data['chat']['room_id']); $stopped = ((x($_REQUEST,'stopped') && intval($_REQUEST['stopped'])) ? true : false); - + if($status && $room_id) { - + $x = q("select channel_address from channel where channel_id = %d limit 1", intval(\App::$data['chat']['uid']) - ); - + ); + $r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", dbesc($status), dbesc(datetime_convert()), @@ -86,27 +86,27 @@ class Chatsvc extends \Zotlabs\Web\Controller { dbesc(get_observer_hash()), dbesc($_SERVER['REMOTE_ADDR']) ); - - goaway(z_root() . '/chat/' . $x[0]['channel_address'] . '/' . $room_id); + + goaway(z_root() . '/chat/' . $x[0]['channel_address'] . '/' . $room_id); } - + if(! $stopped) { - + $lastseen = intval($_REQUEST['last']); - + $ret = array('success' => false); - + $sql_extra = permissions_sql(\App::$data['chat']['uid']); - + $r = q("select * from chatroom where cr_uid = %d and cr_id = %d $sql_extra", intval(\App::$data['chat']['uid']), intval(\App::$data['chat']['room_id']) ); if(! $r) json_return_and_die($ret); - + $inroom = array(); - + $r = q("select * from chatpresence left join xchan on xchan_hash = cp_xchan where cp_room = %d order by xchan_name", intval(\App::$data['chat']['room_id']) ); @@ -120,9 +120,9 @@ class Chatsvc extends \Zotlabs\Web\Controller { $rv['xchan_url'] = z_root(); $rv['xchan_hidden'] = 1; $rv['xchan_photo_mimetype'] = 'image/png'; - $rv['xchan_photo_l'] = z_root() . '/' . get_default_profile_photo(300); - $rv['xchan_photo_m'] = z_root() . '/' . get_default_profile_photo(80); - $rv['xchan_photo_s'] = z_root() . '/' . get_default_profile_photo(48); + $rv['xchan_photo_l'] = z_root() . '/' . get_default_profile_photo(300); + $rv['xchan_photo_m'] = z_root() . '/' . get_default_profile_photo(80); + $rv['xchan_photo_s'] = z_root() . '/' . get_default_profile_photo(48); } @@ -137,13 +137,13 @@ class Chatsvc extends \Zotlabs\Web\Controller { $status_class = 'online'; break; } - + $inroom[] = array('img' => zid($rv['xchan_photo_m']), 'img_type' => $rv['xchan_photo_mimetype'],'name' => $rv['xchan_name'], 'status' => $status, 'status_class' => $status_class); } } - + $chats = array(); - + $r = q("select * from chat left join xchan on chat_xchan = xchan_hash where chat_room = %d and chat_id > %d order by created", intval(\App::$data['chat']['room_id']), intval($lastseen) @@ -152,7 +152,7 @@ class Chatsvc extends \Zotlabs\Web\Controller { foreach($r as $rr) { $chats[] = array( 'id' => $rr['chat_id'], - 'img' => zid($rr['xchan_photo_m']), + 'img' => zid($rr['xchan_photo_m']), 'img_type' => $rr['xchan_photo_mimetype'], 'name' => $rr['xchan_name'], 'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'), @@ -163,22 +163,22 @@ class Chatsvc extends \Zotlabs\Web\Controller { } } } - + $r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'", dbesc(datetime_convert()), intval(\App::$data['chat']['room_id']), dbesc(get_observer_hash()), dbesc($_SERVER['REMOTE_ADDR']) ); - + $ret['success'] = true; if(! $stopped) { $ret['inroom'] = $inroom; $ret['chats'] = $chats; } json_return_and_die($ret); - + } - - + + } diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php index 6ff95b5cf..4cc7595a1 100644 --- a/Zotlabs/Module/Cloud.php +++ b/Zotlabs/Module/Cloud.php @@ -70,7 +70,7 @@ class Cloud extends Controller { $_SESSION['cloud_sort'] = 'name'; } - $_SESSION['cloud_sort'] = (($_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']); + $_SESSION['cloud_sort'] = ((isset($_REQUEST['sort']) && $_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']); $x = clean_query_string(); if($x !== \App::$query_string) diff --git a/Zotlabs/Module/Cloud_tiles.php b/Zotlabs/Module/Cloud_tiles.php index da551904f..9ec050c20 100644 --- a/Zotlabs/Module/Cloud_tiles.php +++ b/Zotlabs/Module/Cloud_tiles.php @@ -6,7 +6,7 @@ class Cloud_tiles extends \Zotlabs\Web\Controller { function init() { - if(intval($_SESSION['cloud_tiles'])) + if(isset($_SESSION['cloud_tiles']) && intval($_SESSION['cloud_tiles'])) $_SESSION['cloud_tiles'] = 0; else $_SESSION['cloud_tiles'] = 1; @@ -18,4 +18,4 @@ class Cloud_tiles extends \Zotlabs\Web\Controller { goaway(z_root() . '/' . hex2bin(argv(1))); } -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php index 0f674965d..0101bf8a8 100644 --- a/Zotlabs/Module/Connections.php +++ b/Zotlabs/Module/Connections.php @@ -45,7 +45,7 @@ class Connections extends \Zotlabs\Web\Controller { $unconnected = false; $all = false; - if(! $_REQUEST['aj']) + if(!(isset($_REQUEST['aj']) && $_REQUEST['aj'])) $_SESSION['return_url'] = App::$query_string; $search_flags = ""; @@ -128,7 +128,9 @@ class Connections extends \Zotlabs\Web\Controller { $unblocked = true; } - switch($_REQUEST['order']) { + $order = $_REQUEST['order'] ?? ''; + + switch($order) { case 'name_desc': $sql_order = 'xchan_name DESC'; break; @@ -227,6 +229,8 @@ class Connections extends \Zotlabs\Web\Controller { //$t = replace_macros($tab_tpl, array('$tabs'=>$tabs)); $searching = false; + $search_hdr = ''; + if($search) { $search_hdr = $search; $search_txt = dbesc(protect_sprintf(preg_quote($search))); @@ -234,7 +238,7 @@ class Connections extends \Zotlabs\Web\Controller { } $sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : ""); - if($_REQUEST['gid']) { + if(isset($_REQUEST['gid']) && $_REQUEST['gid']) { $sql_extra .= " and xchan_hash in ( select xchan from pgrp_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) "; } @@ -272,14 +276,13 @@ class Connections extends \Zotlabs\Web\Controller { foreach($r as $rr) { if($rr['xchan_url']) { - if(($rr['vcard']) && is_array($rr['vcard']['tels']) && $rr['vcard']['tels'][0]['nr']) + if((isset($rr['vcard'])) && is_array($rr['vcard']['tels']) && $rr['vcard']['tels'][0]['nr']) $phone = $rr['vcard']['tels'][0]['nr']; else $phone = ''; $status_str = ''; $status = array( - ((intval($rr['abook_active'])) ? t('Active') : ''), ((intval($rr['abook_pending'])) ? t('Pending approval') : ''), ((intval($rr['abook_archived'])) ? t('Archived') : ''), ((intval($rr['abook_hidden'])) ? t('Hidden') : ''), @@ -356,7 +359,7 @@ class Connections extends \Zotlabs\Web\Controller { 'connect' => (intval($rr['abook_not_here']) ? t('Connect') : ''), 'follow' => z_root() . '/follow/?f=&url=' . urlencode($rr['xchan_hash']) . '&interactive=0', 'connect_hover' => t('Connect at this location'), - 'role' => $roles_dict[$rr['abook_role']], + 'role' => $roles_dict[$rr['abook_role']] ?? '', 'pending' => intval($rr['abook_pending']) ); } @@ -365,13 +368,13 @@ class Connections extends \Zotlabs\Web\Controller { $limit = service_class_fetch(local_channel(),'total_channels'); if($limit !== false) { - $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $$total, $limit); + $abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total, $limit); } else { $abook_usage_message = ''; } - if($_REQUEST['aj']) { + if(isset($_REQUEST['aj']) && $_REQUEST['aj']) { if($contacts) { $o = replace_macros(get_markup_template('contactsajax.tpl'),array( '$contacts' => $contacts, diff --git a/Zotlabs/Module/Cover_photo.php b/Zotlabs/Module/Cover_photo.php index dff645f2b..1ecbfce3e 100644 --- a/Zotlabs/Module/Cover_photo.php +++ b/Zotlabs/Module/Cover_photo.php @@ -3,7 +3,7 @@ namespace Zotlabs\Module; use Zotlabs\Lib\Libsync; -/* +/* @file cover_photo.php @brief Module-file with functions for handling of cover-photos @@ -29,43 +29,43 @@ class Cover_photo extends \Zotlabs\Web\Controller { if(! local_channel()) { return; } - + $channel = \App::get_channel(); - profile_load($channel['channel_address']); + profile_load($channel['channel_address']); } - + /** * @brief Evaluate posted values * * @return void * */ - + function post() { - + if(! local_channel()) { return; } - + $channel = \App::get_channel(); - + check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo'); // Remove cover photo if(isset($_POST['remove'])) { - + $r = q("SELECT resource_id FROM photo WHERE photo_usage = %d AND uid = %d LIMIT 1", intval(PHOTO_COVER), intval(local_channel()) ); - + if($r) { q("update photo set photo_usage = %d where photo_usage = %d and uid = %d", intval(PHOTO_NORMAL), intval(PHOTO_COVER), intval(local_channel()) ); - + $sync = attach_export_data($channel,$r[0]['resource_id']); if($sync) Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync))); @@ -76,47 +76,47 @@ class Cover_photo extends \Zotlabs\Web\Controller { goaway(z_root() . '/cover_photo'); } - + if((array_key_exists('cropfinal',$_POST)) && ($_POST['cropfinal'] == 1)) { - + // phase 2 - we have finished cropping - + if(argc() != 2) { notice( t('Image uploaded but image cropping failed.') . EOL ); return; } - + $image_id = argv(1); - + if(substr($image_id,-2,1) == '-') { $scale = substr($image_id,-1,1); $image_id = substr($image_id,0,-2); } - + $srcX = intval($_POST['xstart']); $srcY = intval($_POST['ystart']); $srcW = intval($_POST['xfinal']) - $srcX; $srcH = intval($_POST['yfinal']) - $srcY; - + $r = q("select gender from profile where uid = %d and is_default = 1 limit 1", intval(local_channel()) ); if($r) { $profile = $r[0]; } - + $r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND imgscale = 0 LIMIT 1", dbesc($image_id), intval(local_channel()) ); - + if($r) { $max_thumb = intval(get_config('system','max_thumbnail',1600)); $iscaled = false; - if(intval($r[0]['height']) > $max_thumb || intval($r[0]['width']) > $max_thumb) { + if(intval($r[0]['height']) > $max_thumb || intval($r[0]['width']) > $max_thumb) { $imagick_path = get_config('system','imagick_convert_path'); if($imagick_path && @file_exists($imagick_path) && intval($r[0]['os_storage'])) { @@ -150,63 +150,63 @@ class Cover_photo extends \Zotlabs\Web\Controller { $im = photo_factory($base_image['content'], $base_image['mimetype']); if($im->is_valid()) { - - // We are scaling and cropping the relative pixel locations to the original photo instead of the + + // We are scaling and cropping the relative pixel locations to the original photo instead of the // scaled photo we operated on. - + // First load the scaled photo to check its size. (Should probably pass this in the post form and save // a query.) - + $g = q("select width, height from photo where resource_id = '%s' and uid = %d and imgscale = 3", dbesc($image_id), intval(local_channel()) ); - - + + $scaled_width = $g[0]['width']; $scaled_height = $g[0]['height']; - + if((! $scaled_width) || (! $scaled_height)) { logger('potential divide by zero scaling cover photo'); return; } - + // unset all other cover photos - + q("update photo set photo_usage = %d where photo_usage = %d and uid = %d", intval(PHOTO_NORMAL), intval(PHOTO_COVER), intval(local_channel()) ); - + $orig_srcx = ( $base_image['width'] / $scaled_width ) * $srcX; $orig_srcy = ( $base_image['height'] / $scaled_height ) * $srcY; $orig_srcw = ( $srcW / $scaled_width ) * $base_image['width']; $orig_srch = ( $srcH / $scaled_height ) * $base_image['height']; - + $im->cropImageRect(1200,435,$orig_srcx, $orig_srcy, $orig_srcw, $orig_srch); - + $aid = get_account_id(); - - $p = [ - 'aid' => $aid, - 'uid' => local_channel(), + + $p = [ + 'aid' => $aid, + 'uid' => local_channel(), 'resource_id' => $base_image['resource_id'], - 'filename' => $base_image['filename'], + 'filename' => $base_image['filename'], 'album' => t('Cover Photos'), 'os_path' => $base_image['os_path'], 'display_path' => $base_image['display_path'], 'photo_usage' => PHOTO_COVER ]; - + $r1 = $im->storeThumbnail($p, PHOTO_RES_COVER_1200); - + $im->doScaleImage(850,310); $r2 = $im->storeThumbnail($p, PHOTO_RES_COVER_850); - + $im->doScaleImage(425,160); $r3 = $im->storeThumbnail($p, PHOTO_RES_COVER_425); - + if($r1 === false || $r2 === false || $r3 === false) { // if one failed, delete them all so we can start over. notice( t('Image resize failed.') . EOL ); @@ -214,7 +214,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { dbesc($base_image['resource_id']), local_channel() ); - + $x = q("SELECT content FROM photo WHERE resource_id = '%s' AND uid = %d AND os_storage = 1 AND imgscale >= 7", dbesc($base_image['resource_id']), local_channel() @@ -229,7 +229,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { } $this->send_cover_photo_activity($channel,$base_image,$profile); - + $sync = attach_export_data($channel,$base_image['resource_id']); if($sync) Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync))); @@ -240,33 +240,33 @@ class Cover_photo extends \Zotlabs\Web\Controller { else notice( t('Unable to process image') . EOL); } - + goaway(z_root() . '/channel/' . $channel['channel_address']); - + } - - + + $hash = photo_new_resource(); $smallest = 0; - + require_once('include/attach.php'); - + $res = attach_store(\App::get_channel(), get_observer_hash(), '', array('album' => t('Cover Photos'), 'hash' => $hash, 'nosync' => true)); - + logger('attach_store: ' . print_r($res,true)); - + if($res && intval($res['data']['is_photo'])) { $i = q("select * from photo where resource_id = '%s' and uid = %d and imgscale = 0", dbesc($hash), intval(local_channel()) ); - + if(! $i) { notice( t('Image upload failed.') . EOL ); return; } $os_storage = false; - + foreach($i as $ii) { $smallest = intval($ii['imgscale']); $os_storage = intval($ii['os_storage']); @@ -274,91 +274,91 @@ class Cover_photo extends \Zotlabs\Web\Controller { $filetype = $ii['mimetype']; } } - + $imagedata = (($os_storage) ? @file_get_contents(dbunescbin($imagedata)) : dbunescbin($imagedata)); $ph = photo_factory($imagedata, $filetype); - + if(! $ph->is_valid()) { notice( t('Unable to process image.') . EOL ); return; } - + return $this->cover_photo_crop_ui_head($a, $ph, $hash, $smallest); - + } - + function send_cover_photo_activity($channel,$photo,$profile) { - + $arr = array(); $arr['item_thread_top'] = 1; $arr['item_origin'] = 1; $arr['item_wall'] = 1; - + if($profile && stripos($profile['gender'],t('female')) !== false) $t = t('%1$s updated her %2$s'); elseif($profile && stripos($profile['gender'],t('male')) !== false) $t = t('%1$s updated his %2$s'); else $t = t('%1$s updated their %2$s'); - + $ptext = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo['resource_id'] . ']' . t('cover photo') . '[/zrl]'; - - $ltext = '[zrl=' . z_root() . '/profile/' . $channel['channel_address'] . ']' . '[zmg]' . z_root() . '/photo/' . $photo['resource_id'] . '-8[/zmg][/zrl]'; - + + $ltext = '[zrl=' . z_root() . '/profile/' . $channel['channel_address'] . ']' . '[zmg]' . z_root() . '/photo/' . $photo['resource_id'] . '-8[/zmg][/zrl]'; + $arr['body'] = sprintf($t,$channel['channel_name'],$ptext) . "\n\n" . $ltext; - + $acl = new \Zotlabs\Access\AccessList($channel); $x = $acl->get(); $arr['allow_cid'] = $x['allow_cid']; - + $arr['allow_gid'] = $x['allow_gid']; $arr['deny_cid'] = $x['deny_cid']; $arr['deny_gid'] = $x['deny_gid']; - + $arr['uid'] = $channel['channel_id']; $arr['aid'] = $channel['channel_account_id']; - + $arr['owner_xchan'] = $channel['channel_hash']; $arr['author_xchan'] = $channel['channel_hash']; - + post_activity_item($arr); - - + + } - - + + /** * @brief Generate content of profile-photo view * * @return string * */ - - + + function get() { - + if(! local_channel()) { notice( t('Permission denied.') . EOL ); return; } - + $channel = \App::get_channel(); - + $newuser = false; - + if(argc() == 2 && argv(1) === 'new') $newuser = true; - + if(argv(1) === 'use') { if (argc() < 3) { notice( t('Permission denied.') . EOL ); return; }; - + // check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo'); - + $resource_id = argv(2); - + $r = q("SELECT id, album, imgscale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY imgscale ASC", intval(local_channel()), dbesc($resource_id) @@ -372,22 +372,22 @@ class Cover_photo extends \Zotlabs\Web\Controller { if($rr['imgscale'] == 7) $havescale = true; } - + $r = q("SELECT content, mimetype, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1", intval($r[0]['id']), intval(local_channel()) - + ); if(! $r) { notice( t('Photo not available.') . EOL ); return; } - + if(intval($r[0]['os_storage'])) $data = @file_get_contents(dbunescbin($r[0]['content'])); else - $data = dbunescbin($r[0]['content']); - + $data = dbunescbin($r[0]['content']); + $ph = photo_factory($data, $r[0]['mimetype']); $smallest = 0; if($ph->is_valid()) { @@ -396,7 +396,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { dbesc($r[0]['resource_id']), intval(local_channel()) ); - + if($i) { $hash = $i[0]['resource_id']; foreach($i as $ii) { @@ -404,15 +404,15 @@ class Cover_photo extends \Zotlabs\Web\Controller { } } } - + $this->cover_photo_crop_ui_head($a, $ph, $hash, $smallest); } - - + + if(! x(\App::$data,'imagecrop')) { - + $tpl = get_markup_template('cover_photo.tpl'); - + $o .= replace_macros($tpl,array( '$user' => \App::$channel['channel_address'], '$info' => t('Your cover photo may be visible to anybody on the internet'), @@ -422,7 +422,7 @@ class Cover_photo extends \Zotlabs\Web\Controller { '$title' => t('Change Cover Photo'), '$submit' => t('Upload'), '$remove' => t('Remove'), - '$profiles' => $profiles, + '$profiles' => false, '$embedPhotos' => t('Use a photo from your albums'), '$embedPhotosModalTitle' => t('Use a photo from your albums'), '$embedPhotosModalCancel' => t('Cancel'), @@ -434,13 +434,13 @@ class Cover_photo extends \Zotlabs\Web\Controller { '$modalerrorlink' => t('Error getting photo link'), '$modalerroralbum' => t('Error getting album'), '$form_security_token' => get_form_security_token("cover_photo"), - /// @FIXME - yuk + /// @FIXME - yuk '$select' => t('Select existing photo'), )); - + call_hooks('cover_photo_content_end', $o); - + return $o; } else { @@ -459,10 +459,8 @@ class Cover_photo extends \Zotlabs\Web\Controller { )); return $o; } - - return; // NOTREACHED } - + /* @brief Generate the UI for photo-cropping * * @param $a Current application @@ -470,30 +468,30 @@ class Cover_photo extends \Zotlabs\Web\Controller { * @return void * */ - + function cover_photo_crop_ui_head(&$a, $ph, $hash, $smallest){ - + $max_length = get_config('system','max_image_length'); if(! $max_length) $max_length = MAX_IMAGE_LENGTH; if($max_length > 0) $ph->scaleImage($max_length); - + $width = $ph->getWidth(); $height = $ph->getHeight(); - + if($width < 300 || $height < 300) { $ph->scaleImageUp(240); $width = $ph->getWidth(); $height = $ph->getHeight(); } - - + + \App::$data['imagecrop'] = $hash; \App::$data['imagecrop_resolution'] = $smallest; \App::$page['htmlhead'] .= replace_macros(get_markup_template("crophead.tpl"), array()); return; } - - + + } diff --git a/Zotlabs/Module/Defperms.php b/Zotlabs/Module/Defperms.php index 70270d36b..3ca5c6252 100644 --- a/Zotlabs/Module/Defperms.php +++ b/Zotlabs/Module/Defperms.php @@ -258,7 +258,6 @@ class Defperms extends Controller { '$sections' => $sections, '$autolbl' => t('The permissions indicated on this page will be applied to all new connections.'), '$autoapprove' => t('Automatic approval settings'), - '$unapproved' => $unapproved, '$inherited' => t('inherited'), '$submit' => t('Submit'), '$me' => t('My Settings'), diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index da37c582f..2958e80dc 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -83,7 +83,7 @@ class Directory extends Controller { $globaldir = Libzotdir::get_directory_setting($observer, 'globaldir'); // override your personal global search pref if we're doing a navbar search of the directory - if(intval($_REQUEST['navsearch'])) + if(isset($_REQUEST['navsearch']) && intval($_REQUEST['navsearch'])) $globaldir = 1; $safe_mode = Libzotdir::get_directory_setting($observer, 'safemode'); @@ -98,15 +98,18 @@ class Directory extends Controller { else $search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : ''); - + $advanced = ''; if(strpos($search,'=') && local_channel() && feature_enabled(local_channel(), 'advanced_dirsearch')) $advanced = $search; - $keywords = (($_GET['keywords']) ? $_GET['keywords'] : ''); + $keywords = $_GET['keywords'] ?? ''; // Suggest channels if no search terms or keywords are given $suggest = (local_channel() && x($_REQUEST,'suggest')) ? $_REQUEST['suggest'] : ''; + $addresses = []; + $common = []; + if($suggest) { // the directory options have no effect in suggestion mode @@ -123,8 +126,7 @@ class Directory extends Controller { } // Remember in which order the suggestions were - $addresses = array(); - $common = array(); + $index = 0; foreach($r as $rr) { $common[$rr['xchan_addr']] = ((intval($rr['total']) > 0) ? intval($rr['total']) - 1 : 0); @@ -132,7 +134,7 @@ class Directory extends Controller { } // Build query to get info about suggested people - $advanced = ''; + foreach(array_keys($addresses) as $address) { $advanced .= "address=\"$address\" "; } @@ -147,6 +149,8 @@ class Directory extends Controller { $directory_admin = false; + $url = ''; + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { $url = z_root() . '/dirsearch'; if (is_site_admin()) { @@ -228,7 +232,7 @@ class Directory extends Controller { $j = json_decode($x['body'],true); if($j) { - if($j['results']) { + if(isset($j['results']) && $j['results']) { $results = $j['results']; if($suggest) { @@ -275,19 +279,12 @@ class Directory extends Controller { $page_type = ''; - $rating_enabled = get_config('system','rating_enabled'); - - if($rr['total_ratings'] && $rating_enabled) - $total_ratings = sprintf( tt("%d rating", "%d ratings", $rr['total_ratings']), $rr['total_ratings']); - else - $total_ratings = ''; - $profile = $rr; - if ((x($profile,'locale') == 1) - || (x($profile,'region') == 1) - || (x($profile,'postcode') == 1) - || (x($profile,'country') == 1)) + // if ((x($profile,'locale') == 1) + // || (x($profile,'region') == 1) + // || (x($profile,'postcode') == 1) + // || (x($profile,'country') == 1)) $gender = ((x($profile,'gender') == 1) ? t('Gender: ') . $profile['gender']: False); @@ -312,7 +309,7 @@ class Directory extends Controller { $keywords = str_replace(',',' ', $keywords); $keywords = str_replace(' ',' ', $keywords); $karr = explode(' ', $keywords); - + $marr = []; if($karr) { if(local_channel()) { $r = q("select keywords from profile where uid = %d and is_default = 1 limit 1", @@ -352,9 +349,6 @@ class Directory extends Controller { 'location' => $location, 'location_label' => t('Location:'), 'gender' => $gender, - 'total_ratings' => $total_ratings, - 'viewrate' => true, - 'canrate' => (($rating_enabled && local_channel()) ? true : false), 'pdesc' => $pdesc, 'pdesc_label' => t('Description:'), 'censor' => (($directory_admin) ? 'dircensor/' . $rr['hash'] : ''), @@ -374,9 +368,9 @@ class Directory extends Controller { 'keywords' => $out, 'ignlink' => $suggest ? z_root() . '/directory?ignore=' . $rr['hash'] : '', 'ignore_label' => t('Don\'t suggest'), - 'common_friends' => (($common[$rr['address']]) ? intval($common[$rr['address']]) : ''), + 'common_friends' => $common[$rr['address']] ?? '', 'common_label' => t('Common connections (estimated):'), - 'common_count' => intval($common[$rr['address']]), + 'common_count' => $common[$rr['address']] ?? '', 'safe' => $safe_mode ); @@ -402,14 +396,15 @@ class Directory extends Controller { ksort($entries); // Sort array by key so that foreach-constructs work as expected - if($j['keywords']) { + if(isset($j['keywords']) && $j['keywords']) { App::$data['directory_keywords'] = $j['keywords']; } logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA); + $aj = $_REQUEST['aj'] ?? ''; - if($_REQUEST['aj']) { + if($aj) { if($entries) { $o = replace_macros(get_markup_template('directajax.tpl'),array( '$entries' => $entries @@ -449,12 +444,12 @@ class Directory extends Controller { } else { - if($_REQUEST['aj']) { + if(isset($_REQUEST['aj']) && $_REQUEST['aj']) { $o = '<div id="content-complete"></div>'; echo $o; killme(); } - if(App::$pager['page'] == 1 && $j['records'] == 0 && strpos($search,'@')) { + if(App::$pager['page'] == 1 && (isset($j['records']) && $j['records'] == 0) && strpos($search,'@')) { goaway(z_root() . '/chanview/?f=&address=' . $search); } info( t("No entries (some entries may be hidden).") . EOL); diff --git a/Zotlabs/Module/Dirsearch.php b/Zotlabs/Module/Dirsearch.php index 78205a9fc..34678af57 100644 --- a/Zotlabs/Module/Dirsearch.php +++ b/Zotlabs/Module/Dirsearch.php @@ -26,7 +26,7 @@ class Dirsearch extends Controller { } - $access_token = $_REQUEST['t']; + $access_token = $_REQUEST['t'] ?? ''; $token = get_config('system','realm_token'); if($token && $access_token != $token) { @@ -45,7 +45,7 @@ class Dirsearch extends Controller { $tables = array('name','address','locale','region','postcode','country','gender','marital','sexual','keywords'); - if($_REQUEST['query']) { + if(isset($_REQUEST['query']) && $_REQUEST['query']) { $advanced = $this->dir_parse_query($_REQUEST['query']); if($advanced) { foreach($advanced as $adv) { @@ -61,22 +61,23 @@ class Dirsearch extends Controller { } } - $hash = ((x($_REQUEST['hash'])) ? $_REQUEST['hash'] : ''); - - $name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''); - $hub = ((x($_REQUEST,'hub')) ? $_REQUEST['hub'] : ''); - $address = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : ''); - $locale = ((x($_REQUEST,'locale')) ? $_REQUEST['locale'] : ''); - $region = ((x($_REQUEST,'region')) ? $_REQUEST['region'] : ''); - $postcode = ((x($_REQUEST,'postcode')) ? $_REQUEST['postcode'] : ''); - $country = ((x($_REQUEST,'country')) ? $_REQUEST['country'] : ''); - $gender = ((x($_REQUEST,'gender')) ? $_REQUEST['gender'] : ''); - $marital = ((x($_REQUEST,'marital')) ? $_REQUEST['marital'] : ''); - $sexual = ((x($_REQUEST,'sexual')) ? $_REQUEST['sexual'] : ''); - $keywords = ((x($_REQUEST,'keywords')) ? $_REQUEST['keywords'] : ''); - $agege = ((x($_REQUEST,'agege')) ? intval($_REQUEST['agege']) : 0 ); - $agele = ((x($_REQUEST,'agele')) ? intval($_REQUEST['agele']) : 0 ); - $kw = ((x($_REQUEST,'kw')) ? intval($_REQUEST['kw']) : 0 ); + $hash = $_REQUEST['hash'] ?? ''; + + $name = $_REQUEST['name'] ?? ''; + $hub = $_REQUEST['hub'] ?? ''; + $address = $_REQUEST['address'] ?? ''; + $locale = $_REQUEST['locale'] ?? ''; + $region = $_REQUEST['region'] ?? ''; + $postcode = $_REQUEST['postcode'] ?? ''; + $country = $_REQUEST['country'] ?? ''; + $gender = $_REQUEST['gender'] ?? ''; + $marital = $_REQUEST['marital'] ?? ''; + $sexual = $_REQUEST['sexual'] ?? ''; + $keywords = $_REQUEST['keywords'] ?? ''; + $agege = $_REQUEST['agege'] ?? 0; + $agele = $_REQUEST['agele'] ?? 0; + $kw = $_REQUEST['kw'] ?? 0; + $forums = ((array_key_exists('pubforums',$_REQUEST)) ? intval($_REQUEST['pubforums']) : 0); if(get_config('system','disable_directory_keywords')) @@ -109,7 +110,7 @@ class Dirsearch extends Controller { $sort_order = ((x($_REQUEST,'order')) ? $_REQUEST['order'] : ''); $joiner = ' OR '; - if($_REQUEST['and']) + if(isset($_REQUEST['and']) && $_REQUEST['and']) $joiner = ' AND '; if($name) @@ -148,11 +149,11 @@ class Dirsearch extends Controller { } - $perpage = (($_REQUEST['n']) ? $_REQUEST['n'] : 60); - $page = (($_REQUEST['p']) ? intval($_REQUEST['p'] - 1) : 0); + $perpage = $_REQUEST['n'] ?? 60; + $page = ((isset($_REQUEST['p']) && $_REQUEST['p']) ? intval($_REQUEST['p'] - 1) : 0); $startrec = (($page+1) * $perpage) - $perpage; - $limit = (($_REQUEST['limit']) ? intval($_REQUEST['limit']) : 0); - $return_total = ((x($_REQUEST,'return_total')) ? intval($_REQUEST['return_total']) : 0); + $limit = $_REQUEST['limit'] ?? 0; + $return_total = $_REQUEST['return_total'] ?? 0; // mtime is not currently working diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 26d3b9fc2..4e7c1587c 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -36,7 +36,7 @@ class Display extends \Zotlabs\Web\Controller { } } - if($_REQUEST['mid']) { + if(isset($_REQUEST['mid']) && $_REQUEST['mid']) { $item_hash = $_REQUEST['mid']; } @@ -56,6 +56,8 @@ class Display extends \Zotlabs\Web\Controller { $observer_is_owner = false; + $o = ''; + if(local_channel() && (! $update)) { $channel = App::get_channel(); @@ -72,7 +74,7 @@ class Display extends \Zotlabs\Web\Controller { 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), 'acl' => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), 'permissions' => $channel_acl, 'bang' => '', @@ -87,7 +89,7 @@ class Display extends \Zotlabs\Web\Controller { 'reset' => t('Reset form') ); - $o = '<div id="jot-popup">'; + $o .= '<div id="jot-popup">'; $o .= status_editor($a,$x,false,'Display'); $o .= '</div>'; } @@ -107,17 +109,21 @@ class Display extends \Zotlabs\Web\Controller { dbesc($item_hash) ); - if($r) { - $target_item = $r[0]; + if (!$r) { + notice( t('Item not found.') . EOL); + return ''; } + $target_item = $r[0]; + + /* not yet ready for prime time $x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($target_item['author_xchan']) ); if($x) { -// not yet ready for prime time -// App::$poi = $x[0]; + App::$poi = $x[0]; } + */ //if the item is to be moderated redirect to /moderate if($target_item['item_blocked'] == ITEM_MODERATED) { diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php index d6f4e5979..759e1acb4 100644 --- a/Zotlabs/Module/Dreport.php +++ b/Zotlabs/Module/Dreport.php @@ -94,6 +94,7 @@ class Dreport extends \Zotlabs\Web\Controller { case 'updated': $r[$x]['gravity'] = 5; $r[$x]['dreport_result'] = t('updated'); + break; case 'update ignored': $r[$x]['gravity'] = 6; $r[$x]['dreport_result'] = t('update ignored'); diff --git a/Zotlabs/Module/Editpost.php b/Zotlabs/Module/Editpost.php index c6cfc6dc4..b21c58af2 100644 --- a/Zotlabs/Module/Editpost.php +++ b/Zotlabs/Module/Editpost.php @@ -57,15 +57,17 @@ class Editpost extends \Zotlabs\Web\Controller { $catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : ''); if ($catsenabled){ - $itm = fetch_post_tags($itm); - - $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); - - foreach ($cats as $cat) { - if (strlen($category)) - $category .= ', '; - $category .= $cat['term']; - } + $itm = fetch_post_tags($itm); + if (isset($itm[0]['term'])) { + $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY); + if ($cats) { + foreach ($cats as $cat) { + if (strlen($category)) + $category .= ', '; + $category .= $cat['term']; + } + } + } } if($itm[0]['attach']) { @@ -104,6 +106,7 @@ class Editpost extends \Zotlabs\Web\Controller { 'bbcode' => true ); + $a = ''; $editor = status_editor($a, $x, false, 'Editpost'); $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( diff --git a/Zotlabs/Module/Fhublocs.php b/Zotlabs/Module/Fhublocs.php index 9dcece715..df847c835 100644 --- a/Zotlabs/Module/Fhublocs.php +++ b/Zotlabs/Module/Fhublocs.php @@ -78,7 +78,7 @@ class Fhublocs extends \Zotlabs\Web\Controller { ); if($h) - $o . 'local hubloc created for ' . $rr['channel_name'] . EOL; + $o .= 'local hubloc created for ' . $rr['channel_name'] . EOL; else $o .= 'DB update failed for ' . $rr['channel_name'] . EOL; diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php index d4c9ad59a..39a30cb1a 100644 --- a/Zotlabs/Module/File_upload.php +++ b/Zotlabs/Module/File_upload.php @@ -30,12 +30,12 @@ class File_upload extends \Zotlabs\Web\Controller { $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } - $_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']); - $_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']); - $_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']); - $_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']); + $_REQUEST['allow_cid'] = ((isset($_REQUEST['contact_allow'])) ? perms2str($_REQUEST['contact_allow']) : ''); + $_REQUEST['allow_gid'] = ((isset($_REQUEST['group_allow'])) ? perms2str($_REQUEST['group_allow']) : ''); + $_REQUEST['deny_cid'] = ((isset($_REQUEST['contact_deny'])) ? perms2str($_REQUEST['contact_deny']) : ''); + $_REQUEST['deny_gid'] = ((isset($_REQUEST['group_deny'])) ? perms2str($_REQUEST['group_deny']) : ''); - if($_REQUEST['filename']) { + if(isset($_REQUEST['filename']) && $_REQUEST['filename']) { $r = attach_mkdir($channel, get_observer_hash(), $_REQUEST); if($r['success']) { $hash = $r['data']['hash']; diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index 94daa4c70..54e29c492 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -72,8 +72,7 @@ class Follow extends Controller { $uid = local_channel(); $url = notags(trim(punify($_REQUEST['url']))); $return_url = $_SESSION['return_url']; - $confirm = intval($_REQUEST['confirm']); - $interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1); + $interactive = $_REQUEST['interactive'] ?? 1; $channel = App::get_channel(); $result = Connect::connect($channel,$url); diff --git a/Zotlabs/Module/Help.php b/Zotlabs/Module/Help.php index ce05035b3..55ac80842 100644 --- a/Zotlabs/Module/Help.php +++ b/Zotlabs/Module/Help.php @@ -17,7 +17,9 @@ class Help extends \Zotlabs\Web\Controller { function get() { nav_set_selected('Help'); - if($_REQUEST['search']) { + $o = ''; + + if(isset($_REQUEST['search']) && $_REQUEST['search']) { $o .= '<div id="help-content" class="generic-content-wrapper">'; $o .= '<div class="section-title-wrapper">'; $o .= '<h2>' . t('Documentation Search') . ' - ' . htmlspecialchars($_REQUEST['search']) . '</h2>'; @@ -44,8 +46,8 @@ class Help extends \Zotlabs\Web\Controller { return $o; } - - + + if(argc() > 2 && argv(argc()-2) === 'assets') { $path = ''; for($x = 1; $x < argc(); $x ++) { @@ -87,11 +89,12 @@ class Help extends \Zotlabs\Web\Controller { 'tutorials' => t('Tutorials') ]; + $heading = ''; if(array_key_exists(argv(1), $headings)) $heading = $headings[argv(1)]; $content = get_help_content(); - + $language = determine_help_language()['language']; return replace_macros(get_markup_template('help.tpl'), array( diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php index cd95ac4b0..0b2d0ea7d 100644 --- a/Zotlabs/Module/Hq.php +++ b/Zotlabs/Module/Hq.php @@ -243,8 +243,8 @@ class Hq extends \Zotlabs\Web\Controller { if (!local_channel()) return; - $options['offset'] = $_REQUEST['offset']; - $options['type'] = $_REQUEST['type']; + $options['offset'] = $_REQUEST['offset'] ?? 0; + $options['type'] = $_REQUEST['type'] ?? ''; $ret = Messages::get_messages_page($options); diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 588391843..a5e7b31ea 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -312,6 +312,21 @@ class Item extends Controller { $observer = null; $datarray = []; + $item_starred = false; + $item_uplink = false; + $item_notshown = false; + $item_nsfw = false; + $item_relay = false; + $item_mentionsme = false; + $item_verified = false; + $item_retained = false; + $item_rss = false; + $item_deleted = false; + $item_hidden = false; + $item_unpublished = false; + $item_delayed = false; + $item_pending_remove = false; + $item_blocked = false; /** * Is this a reply to something? @@ -319,7 +334,7 @@ class Item extends Controller { $parent = ((x($_REQUEST, 'parent')) ? intval($_REQUEST['parent']) : 0); $parent_mid = ((x($_REQUEST, 'parent_mid')) ? trim($_REQUEST['parent_mid']) : ''); - $mode = (($_REQUEST['conv_mode'] === 'channel') ? 'channel' : 'network'); + $mode = ((isset($_REQUEST['conv_mode']) && $_REQUEST['conv_mode'] === 'channel') ? 'channel' : 'network'); $remote_xchan = ((x($_REQUEST, 'remote_xchan')) ? trim($_REQUEST['remote_xchan']) : false); $r = q("select * from xchan where xchan_hash = '%s' limit 1", @@ -355,10 +370,10 @@ class Item extends Controller { $api_source = ((x($_REQUEST, 'api_source') && $_REQUEST['api_source']) ? true : false); - $consensus = intval($_REQUEST['consensus']); - $nocomment = intval($_REQUEST['nocomment']); + $consensus = $_REQUEST['consensus'] ?? 0; + $nocomment = $_REQUEST['nocomment'] ?? 0; - $is_poll = ((trim((string)$_REQUEST['poll_answers'][0]) != '' && trim((string)$_REQUEST['poll_answers'][1]) != '') ? true : false); + $is_poll = ((isset($_REQUEST['poll_answers'][0]) && $_REQUEST['poll_answers'][0]) && (isset($_REQUEST['poll_answers'][1]) && $_REQUEST['poll_answers'][1])); // 'origin' (if non-zero) indicates that this network is where the message originated, // for the purpose of relaying comments to other conversation members. @@ -720,18 +735,18 @@ class Item extends Controller { } - $location = notags(trim((string)$_REQUEST['location'])); - $coord = notags(trim((string)$_REQUEST['coord'])); - $verb = notags(trim((string)$_REQUEST['verb'])); - $title = escape_tags(trim((string)$_REQUEST['title'])); - $summary = trim((string)$_REQUEST['summary']); - $body = trim((string)$_REQUEST['body']); - $body .= trim((string)$_REQUEST['attachment']); + $location = ((isset($_REQUEST['location'])) ? notags(trim($_REQUEST['location'])) : ''); + $coord = ((isset($_REQUEST['coord'])) ? notags(trim($_REQUEST['coord'])) : ''); + $verb = ((isset($_REQUEST['verb'])) ? notags(trim($_REQUEST['verb'])) : ''); + $title = ((isset($_REQUEST['title'])) ? escape_tags(trim($_REQUEST['title'])) : ''); + $summary = ((isset($_REQUEST['summary'])) ? trim($_REQUEST['summary']) : ''); + $body = ((isset($_REQUEST['body'])) ? trim($_REQUEST['body']) : ''); + $body .= ((isset($_REQUEST['attachment'])) ? trim($_REQUEST['attachment']) : ''); $postopts = ''; $allow_empty = ((array_key_exists('allow_empty', $_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0); - $private = (($private) ? $private : intval($acl->is_private() || ($public_policy))); + $private = ((isset($private) && $private) ? $private : intval($acl->is_private() || ($public_policy))); // If this is a comment, set the permissions from the parent. @@ -767,7 +782,8 @@ class Item extends Controller { } - $mimetype = notags(trim((string)$_REQUEST['mimetype'])); + $mimetype = ((isset($_REQUEST['mimetype'])) ? notags(trim($_REQUEST['mimetype'])) : ''); + if (!$mimetype) $mimetype = 'text/bbcode'; @@ -957,7 +973,7 @@ class Item extends Controller { $item_unseen = ((local_channel() != $profile_uid) ? 1 : 0); - $item_wall = (($_REQUEST['type'] === 'wall' || $_REQUEST['type'] === 'wall-comment') ? 1 : 0); + $item_wall = ((isset($_REQUEST['type']) && ($_REQUEST['type'] === 'wall' || $_REQUEST['type'] === 'wall-comment')) ? 1 : 0); $item_origin = (($origin) ? 1 : 0); $item_consensus = (($consensus) ? 1 : 0); $item_nocomment = (($nocomment) ? 1 : 0); @@ -986,9 +1002,7 @@ class Item extends Controller { $uuid = (($message_id) ? $message_id : item_message_id()); - if (!$mid) { - $mid = z_root() . '/item/' . $uuid; - } + $mid = $mid ?? z_root() . '/item/' . $uuid; if ($is_poll) { @@ -1045,7 +1059,7 @@ class Item extends Controller { $plink = $mid; } - if ($datarray['obj']) { + if (isset($datarray['obj']) && $datarray['obj']) { $datarray['obj']['id'] = $mid; } @@ -1085,7 +1099,6 @@ class Item extends Controller { $datarray['item_type'] = $webpage; $datarray['item_private'] = intval($private); $datarray['item_thread_top'] = intval($item_thread_top); - $datarray['item_unseen'] = intval($item_unseen); $datarray['item_starred'] = intval($item_starred); $datarray['item_uplink'] = intval($item_uplink); $datarray['item_consensus'] = intval($item_consensus); @@ -1285,7 +1298,7 @@ class Item extends Controller { // This way we don't see every picture in your new photo album posted to your wall at once. // They will show up as people comment on them. - if (intval($parent_item['item_hidden'])) { + if ($parent_item && intval($parent_item['item_hidden'])) { $r = q("UPDATE item SET item_hidden = 0 WHERE id = %d", intval($parent_item['id']) ); @@ -1437,7 +1450,11 @@ class Item extends Controller { if ($complex) { tag_deliver($i[0]['uid'], $i[0]['id']); } + } + + killme(); + } } diff --git a/Zotlabs/Module/Layouts.php b/Zotlabs/Module/Layouts.php index 25e27d226..949f8e8ec 100644 --- a/Zotlabs/Module/Layouts.php +++ b/Zotlabs/Module/Layouts.php @@ -72,7 +72,7 @@ class Layouts extends \Zotlabs\Web\Controller { return; } - // Block design features from visitors + // Block design features from visitors if((! $uid) || ($uid != $owner)) { notice( t('Permission denied.') . EOL); @@ -95,8 +95,8 @@ class Layouts extends \Zotlabs\Web\Controller { // Use the buildin share/install feature instead. if((argc() > 3) && (argv(2) === 'share') && (argv(3))) { - $r = q("select iconfig.v, iconfig.k, mimetype, title, body from iconfig - left join item on item.id = iconfig.iid + $r = q("select iconfig.v, iconfig.k, mimetype, title, body from iconfig + left join item on item.id = iconfig.iid where uid = %d and mid = '%s' and iconfig.cat = 'system' and iconfig.k = 'PDL' order by iconfig.v asc", intval($owner), dbesc(argv(3)) @@ -110,7 +110,7 @@ class Layouts extends \Zotlabs\Web\Controller { } // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages - // Nickname is set to the observers xchan, and profile_uid to the owners. + // Nickname is set to the observers xchan, and profile_uid to the owners. // This lets you post pages at other people's channels. $x = array( @@ -134,16 +134,14 @@ class Layouts extends \Zotlabs\Web\Controller { 'bbco_autocomplete' => 'comanche' ); - if($_REQUEST['title']) - $x['title'] = $_REQUEST['title']; - if($_REQUEST['body']) - $x['body'] = $_REQUEST['body']; - if($_REQUEST['pagetitle']) - $x['pagetitle'] = $_REQUEST['pagetitle']; + $x['title'] = $_REQUEST['title'] ?? ''; + $x['body'] = $_REQUEST['body'] ?? ''; + $x['pagetitle'] = $_REQUEST['pagetitle'] ?? ''; + $a = ''; $editor = status_editor($a,$x,false,'Layouts'); - $r = q("select iconfig.iid, iconfig.v, mid, title, body, mimetype, created, edited, item_type from iconfig + $r = q("select iconfig.iid, iconfig.v, mid, title, body, mimetype, created, edited, item_type from iconfig left join item on iconfig.iid = item.id where uid = %d and iconfig.cat = 'system' and iconfig.k = 'PDL' and item_type = %d order by item.created desc", intval($owner), @@ -178,9 +176,9 @@ class Layouts extends \Zotlabs\Web\Controller { } //Build the base URL for edit links - $url = z_root() . '/editlayout/' . $which; + $url = z_root() . '/editlayout/' . $which; - $o .= replace_macros(get_markup_template('layoutlist.tpl'), array( + $o = replace_macros(get_markup_template('layoutlist.tpl'), array( '$title' => t('Layouts'), '$create' => t('Create'), '$help' => array('text' => t('Help'), 'url' => 'help/comanche', 'title' => t('Comanche page description language help')), diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index 8b36e8396..98fa7db5a 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -106,7 +106,7 @@ class Like extends Controller { $o = EMPTY_STR; $sys_channel = get_sys_channel(); $observer = App::get_observer(); - $interactive = $_REQUEST['interactive']; + $interactive = $_REQUEST['interactive'] ?? false; if ((!$observer) || ($interactive)) { $o .= '<h1>' . t('Like/Dislike') . '</h1>'; @@ -140,7 +140,7 @@ class Like extends Controller { $extended_like = false; $object = $target = null; $post_type = EMPTY_STR; - $objtype = EMPTY_STR; + $obj_type = EMPTY_STR; if (argc() == 3) { @@ -182,7 +182,7 @@ class Like extends Controller { } } $post_type = t('channel'); - $objtype = ACTIVITY_OBJ_PROFILE; + $obj_type = ACTIVITY_OBJ_PROFILE; $profile = $r[0]; } @@ -211,7 +211,7 @@ class Like extends Controller { $public = false; $post_type = t('thing'); - $objtype = ACTIVITY_OBJ_PROFILE; + $obj_type = ACTIVITY_OBJ_PROFILE; $tgttype = ACTIVITY_OBJ_THING; $links = array(); @@ -273,7 +273,7 @@ class Like extends Controller { intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), dbesc($activity), - dbesc(($tgttype) ? $tgttype : $objtype), + dbesc(($tgttype) ? $tgttype : $obj_type), dbesc($obj_id) ); @@ -446,10 +446,10 @@ class Like extends Controller { if ($item['obj_type'] === ACTIVITY_OBJ_EVENT) $post_type = t('event'); - $objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE); + $obj_type = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE); - if ($objtype === ACTIVITY_OBJ_NOTE && (!intval($item['item_thread_top']))) - $objtype = ACTIVITY_OBJ_COMMENT; + if ($obj_type === ACTIVITY_OBJ_NOTE && (!intval($item['item_thread_top']))) + $obj_type = ACTIVITY_OBJ_COMMENT; $object = json_encode(Activity::fetch_item(['id' => $item['mid']])); @@ -508,7 +508,7 @@ class Like extends Controller { $allow_gid = $item['allow_gid']; $deny_cid = $item['deny_cid']; $deny_gid = $item['deny_gid']; - $private = $item['private']; + $private = $item['item_private']; } @@ -533,7 +533,7 @@ class Like extends Controller { } $arr['verb'] = $activity; - $arr['obj_type'] = $objtype; + $arr['obj_type'] = $obj_type; $arr['obj'] = $object; if ($target) { @@ -569,7 +569,7 @@ class Like extends Controller { intval($post_id), dbesc($arr['mid']), dbesc($activity), - dbesc(($tgttype) ? $tgttype : $objtype), + dbesc(($tgttype) ? $tgttype : $obj_type), dbesc($obj_id), dbesc(($target) ? $target : $object) ); @@ -578,7 +578,7 @@ class Like extends Controller { dbesc($ch[0]['channel_hash']), dbesc($arr['mid']), dbesc($activity), - dbesc(($tgttype) ? $tgttype : $objtype), + dbesc(($tgttype) ? $tgttype : $obj_type), dbesc($obj_id) ); if ($r) diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php index 3637482c7..bac3a7eb9 100644 --- a/Zotlabs/Module/Lockview.php +++ b/Zotlabs/Module/Lockview.php @@ -101,7 +101,7 @@ class Lockview extends Controller { killme(); } - if (intval($item['item_private']) && (!strlen($item['allow_cid'])) && (!strlen($item['allow_gid'])) + if ((isset($item['item_private']) && intval($item['item_private'])) && (!strlen($item['allow_cid'])) && (!strlen($item['allow_gid'])) && (!strlen($item['deny_cid'])) && (!strlen($item['deny_gid']))) { // if the post is private, but public_policy is blank ("visible to the internet"), and there aren't any diff --git a/Zotlabs/Module/Lostpass.php b/Zotlabs/Module/Lostpass.php index 072657d7b..a0f9018b2 100644 --- a/Zotlabs/Module/Lostpass.php +++ b/Zotlabs/Module/Lostpass.php @@ -6,32 +6,32 @@ namespace Zotlabs\Module; class Lostpass extends \Zotlabs\Web\Controller { function post() { - + $loginame = notags(trim($_POST['login-name'])); if(! $loginame) goaway(z_root()); - + $r = q("SELECT * FROM account WHERE account_email = '%s' LIMIT 1", dbesc($loginame) ); - + if(! $r) { notice( t('No valid account found.') . EOL); goaway(z_root()); } - + $aid = $r[0]['account_id']; $email = $r[0]['account_email']; - + $hash = random_string(); - + $r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d", dbesc($hash), intval($aid) ); if($r) info( t('Password reset request issued. Check your email.') . EOL); - + $email_tpl = get_intltext_template("lostpass_eml.tpl"); $message = replace_macros($email_tpl, array( '$sitename' => get_config('system','sitename'), @@ -40,11 +40,11 @@ class Lostpass extends \Zotlabs\Web\Controller { '$email' => $email, '$reset_link' => z_root() . '/lostpass?verify=' . $hash )); - + $subject = email_header_encode(sprintf( t('Password reset requested at %s'),get_config('system','sitename')), 'UTF-8'); - + $res = z_mail( - [ + [ 'toEmail' => $email, 'messageSubject' => sprintf( t('Password reset requested at %s'), get_config('system','sitename')), 'textVersion' => $message, @@ -53,14 +53,14 @@ class Lostpass extends \Zotlabs\Web\Controller { goaway(z_root()); } - - + + function get() { - - + + if(x($_GET,'verify')) { $verify = $_GET['verify']; - + $r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify) ); @@ -69,25 +69,25 @@ class Lostpass extends \Zotlabs\Web\Controller { goaway(z_root()); return; } - + $aid = $r[0]['account_id']; $email = $r[0]['account_email']; - + $new_password = autoname(6) . mt_rand(100,9999); - + $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $new_password); - + $r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid) ); - + if($r) { $tpl = get_markup_template('pwdreset.tpl'); - $o .= replace_macros($tpl,array( + $o = replace_macros($tpl,array( '$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), @@ -96,23 +96,23 @@ class Lostpass extends \Zotlabs\Web\Controller { '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => z_root() - + )); - + info("Your password has been reset." . EOL); - + $email_tpl = get_intltext_template("passchanged_eml.tpl"); $message = replace_macros($email_tpl, array( '$sitename' => \App::$config['sitename'], '$siteurl' => z_root(), '$username' => sprintf( t('Site Member (%s)'), $email), '$email' => $email, - '$new_password' => $new_password, - '$uid' => $newuid ) + '$new_password' => $new_password + ) ); - + $res = z_mail( - [ + [ 'toEmail' => $email, 'messageSubject' => sprintf( t('Your password has changed at %s'), get_config('system','sitename')), 'textVersion' => $message, @@ -121,21 +121,21 @@ class Lostpass extends \Zotlabs\Web\Controller { return $o; } - + } else { $tpl = get_markup_template('lostpass.tpl'); - - $o .= replace_macros($tpl,array( + + $o = replace_macros($tpl,array( '$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), - '$submit' => t('Reset') + '$submit' => t('Reset') )); - + return $o; } - + } - + } diff --git a/Zotlabs/Module/Manage.php b/Zotlabs/Module/Manage.php index 3f168c15d..2cc05e09c 100644 --- a/Zotlabs/Module/Manage.php +++ b/Zotlabs/Module/Manage.php @@ -6,7 +6,7 @@ class Manage extends \Zotlabs\Web\Controller { function get() { - if((! get_account_id()) || ($_SESSION['delegate'])) { + if((! get_account_id()) || (isset($_SESSION['delegate']) && $_SESSION['delegate'])) { notice( t('Permission denied.') . EOL); return; } diff --git a/Zotlabs/Module/Menu.php b/Zotlabs/Module/Menu.php index 836f6a1d5..4f79b66d1 100644 --- a/Zotlabs/Module/Menu.php +++ b/Zotlabs/Module/Menu.php @@ -26,9 +26,9 @@ class Menu extends \Zotlabs\Web\Controller { } - + function post() { - + if(! \App::$profile) { return; } @@ -37,23 +37,23 @@ class Menu extends \Zotlabs\Web\Controller { $uid = \App::$profile['channel_id']; - + if(array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) { $sys = get_sys_channel(); $uid = intval($sys['channel_id']); \App::$is_sys = true; } - + if(! $uid) return; - + $_REQUEST['menu_channel_id'] = $uid; - + if($_REQUEST['menu_bookmark']) $_REQUEST['menu_flags'] |= MENU_BOOKMARK; if($_REQUEST['menu_system']) $_REQUEST['menu_flags'] |= MENU_SYSTEM; - + $menu_id = ((argc() > 2) ? intval(argv(2)) : 0); if($menu_id) { @@ -62,7 +62,7 @@ class Menu extends \Zotlabs\Web\Controller { if($r) { menu_sync_packet($uid,get_observer_hash(),$menu_id); //info( t('Menu updated.') . EOL); - goaway(z_root() . '/mitem/' . $which . '/' . $menu_id . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/mitem/' . $which . '/' . $menu_id . ((\App::$is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to update menu.'). EOL); @@ -71,21 +71,21 @@ class Menu extends \Zotlabs\Web\Controller { $r = menu_create($_REQUEST); if($r) { menu_sync_packet($uid,get_observer_hash(),$r); - + //info( t('Menu created.') . EOL); - goaway(z_root() . '/mitem/' . $which . '/' . $r . ((\App::$is_sys) ? '?f=&sys=1' : '')); + goaway(z_root() . '/mitem/' . $which . '/' . $r . ((\App::$is_sys) ? '?f=&sys=1' : '')); } else notice( t('Unable to create menu.'). EOL); - + } } - - - - + + + + function get() { - + if(! \App::$profile) { @@ -101,8 +101,8 @@ class Menu extends \Zotlabs\Web\Controller { $uid = local_channel(); $owner = 0; $channel = null; + $sys = []; $observer = \App::get_observer(); - $channel = \App::get_channel(); if(\App::$is_sys && is_site_admin()) { @@ -143,9 +143,9 @@ class Menu extends \Zotlabs\Web\Controller { } if(argc() == 2) { - + $channel = (($sys) ? $sys : channelx_by_n($owner)); - + // list menus $x = menu_list($owner); if($x) { @@ -156,7 +156,7 @@ class Menu extends \Zotlabs\Web\Controller { $x[$y]['bookmark'] = (($x[$y]['menu_flags'] & MENU_BOOKMARK) ? true : false); } } - + $create = replace_macros(get_markup_template('menuedit.tpl'), array( '$menu_name' => array('menu_name', t('Menu Name'), '', t('Unique name (not visible on webpage) - required'), '*'), '$menu_desc' => array('menu_desc', t('Menu Title'), '', t('Visible on webpage - leave empty for no title'), ''), @@ -166,7 +166,7 @@ class Menu extends \Zotlabs\Web\Controller { '$nick' => $which, '$display' => 'none' )); - + $o = replace_macros(get_markup_template('menulist.tpl'),array( '$title' => t('Menus'), '$create' => $create, @@ -186,30 +186,30 @@ class Menu extends \Zotlabs\Web\Controller { '$nick' => $which, '$sys' => \App::$is_sys )); - + return $o; - + } - + if(argc() > 2) { if(intval(argv(2))) { - + if(argc() == 4 && argv(3) == 'drop') { menu_sync_packet($owner,get_observer_hash(),intval(argv(1)),true); $r = menu_delete_id(intval(argv(2)),$owner); if(!$r) notice( t('Menu could not be deleted.'). EOL); - + goaway(z_root() . '/menu/' . $which . ((\App::$is_sys) ? '?f=&sys=1' : '')); } - + $m = menu_fetch_id(intval(argv(2)),$owner); - + if(! $m) { notice( t('Menu not found.') . EOL); return ''; } - + $o = replace_macros(get_markup_template('menuedit.tpl'), array( '$header' => t('Edit Menu'), '$sys' => \App::$is_sys, @@ -224,16 +224,16 @@ class Menu extends \Zotlabs\Web\Controller { '$nick' => $which, '$submit' => t('Submit and proceed') )); - + return $o; - + } else { notice( t('Not found.') . EOL); return; } } - + } - + } diff --git a/Zotlabs/Module/Mood.php b/Zotlabs/Module/Mood.php index cb2ca566b..edd3f0e1a 100644 --- a/Zotlabs/Module/Mood.php +++ b/Zotlabs/Module/Mood.php @@ -24,7 +24,7 @@ class Mood extends Controller { $uid = local_channel(); $channel = App::get_channel(); - $verb = notags(trim($_GET['verb'])); + $verb = ((isset($_GET['verb'])) ? notags(trim($_GET['verb'])) : ''); if(! $verb) return; diff --git a/Zotlabs/Module/Notify.php b/Zotlabs/Module/Notify.php index 4cbcfee05..0af2ec93a 100644 --- a/Zotlabs/Module/Notify.php +++ b/Zotlabs/Module/Notify.php @@ -10,7 +10,7 @@ class Notify extends Controller { if(! local_channel()) return; - if($_REQUEST['notify_id']) { + if(isset($_REQUEST['notify_id']) && $_REQUEST['notify_id']) { $update_notices_per_parent = PConfig::Get(local_channel(), 'system', 'update_notices_per_parent', 1); if($update_notices_per_parent) { diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 0922eb5d4..3400defd7 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -32,14 +32,14 @@ class Owa extends Controller { $keyId = $sigblock['keyId']; if ($keyId) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 ORDER BY hubloc_id DESC", + WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC", dbesc($keyId) ); if (! $r) { $found = discover_by_webbie($keyId); if ($found) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 ORDER BY hubloc_id DESC ", + WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC ", dbesc($keyId) ); } diff --git a/Zotlabs/Module/Permcats.php b/Zotlabs/Module/Permcats.php index d42e45beb..a9ba6dc18 100644 --- a/Zotlabs/Module/Permcats.php +++ b/Zotlabs/Module/Permcats.php @@ -213,7 +213,7 @@ class Permcats extends Controller { $thisperm = Permcat::find_permcat($existing, $k); $checkinherited = PermissionLimits::Get(local_channel(), $k); - if ($existing[$k]) + if (isset($existing[$k]) && $existing[$k]) $thisperm = 1; $perms[] = [ diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 45fe3d9e0..68f7c55e7 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -40,7 +40,7 @@ class Photos extends \Zotlabs\Web\Controller { head_set_icon(\App::$data['channel']['xchan_photo_s']); - \App::$page['htmlhead'] .= "<script> var profile_uid = " . ((\App::$data['channel']) ? \App::$data['channel']['channel_id'] : 0) . "; </script>" ; + \App::$page['htmlhead'] = "<script> var profile_uid = " . ((\App::$data['channel']) ? \App::$data['channel']['channel_id'] : 0) . "; </script>" ; } @@ -74,18 +74,6 @@ class Photos extends \Zotlabs\Web\Controller { return; } - $s = abook_self($page_owner_uid); - - if(! $s) { - notice( t('Page owner information could not be retrieved.') . EOL); - logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid); - if(is_ajax()) - killme(); - return; - } - - $owner_record = $s[0]; - $acl = new \Zotlabs\Access\AccessList(\App::$data['channel']); if((argc() > 3) && (argv(2) === 'album')) { @@ -467,7 +455,7 @@ class Photos extends \Zotlabs\Web\Controller { if($partial) { $x = save_chunk($channel,$matches[1],$matches[2],$matches[3]); - if($x['partial']) { + if(isset($x['partial']) && $x['partial']) { header('Range: bytes=0-' . (($x['length']) ? $x['length'] - 1 : 0)); json_return_and_die($x); } @@ -545,6 +533,7 @@ class Photos extends \Zotlabs\Web\Controller { // $can_comment = perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'post_comments'); + $datum = ''; if(argc() > 3) { $datatype = argv(2); @@ -552,7 +541,6 @@ class Photos extends \Zotlabs\Web\Controller { } else { if(argc() > 2) { $datatype = argv(2); - $datum = ''; } else $datatype = 'summary'; @@ -576,8 +564,8 @@ class Photos extends \Zotlabs\Web\Controller { $observer = \App::get_observer(); - $can_post = perm_is_allowed($owner_uid,$observer['xchan_hash'],'write_storage'); - $can_view = perm_is_allowed($owner_uid,$observer['xchan_hash'],'view_storage'); + $can_post = perm_is_allowed($owner_uid,get_observer_hash(),'write_storage'); + $can_view = perm_is_allowed($owner_uid,get_observer_hash(),'view_storage'); if(! $can_view) { notice( t('Access to this item is restricted.') . EOL); @@ -604,7 +592,10 @@ class Photos extends \Zotlabs\Web\Controller { * Display upload form */ - if( $can_post) { + $upload_form = ''; + $usage_message = ''; + + if($can_post) { $uploader = ''; @@ -620,14 +611,12 @@ class Photos extends \Zotlabs\Web\Controller { intval(\App::$data['channel']['channel_account_id']) ); - + $usage_message = sprintf( t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000 ); $limit = engr_units_to_bytes(service_class_fetch(\App::$data['channel']['channel_id'],'photo_upload_limit')); + if($limit !== false) { $usage_message = sprintf( t("%1$.2f MB of %2$.2f MB photo storage used."), $r[0]['total'] / 1024000, $limit / 1024000 ); } - else { - $usage_message = sprintf( t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000 ); - } if($_is_owner) { $channel = \App::get_channel(); @@ -712,17 +701,17 @@ class Photos extends \Zotlabs\Web\Controller { 'title' => 'oembed' ]); + $folder_hash = ''; + $album = '/'; + if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) { $album = $x['display_path']; - } - else { - $album = '/'; - //goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']); + $folder_hash = $x['hash']; } \App::set_pager_itemspage(30); - if($_GET['order'] === 'posted') + if(isset($_GET['order']) && $_GET['order'] === 'posted') $order = 'ASC'; else $order = 'DESC'; @@ -731,7 +720,7 @@ class Photos extends \Zotlabs\Web\Controller { (SELECT resource_id, max(imgscale) imgscale FROM photo left join attach on folder = '%s' and photo.resource_id = attach.hash WHERE attach.uid = %d AND imgscale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale) ORDER BY created $order LIMIT %d OFFSET %d", - dbesc($x['hash']), + dbesc($folder_hash), intval($owner_uid), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), @@ -763,7 +752,7 @@ class Photos extends \Zotlabs\Web\Controller { } - if($_GET['order'] === 'posted') + if(isset($_GET['order']) && $_GET['order'] === 'posted') $order = array(t('Show Newest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum); else $order = array(t('Show Oldest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum . '?f=&order=posted'); @@ -784,7 +773,7 @@ class Photos extends \Zotlabs\Web\Controller { $desc_e = $rr['description']; $imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id'] - . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '')); + . ((isset($_GET['order']) && $_GET['order'] === 'posted') ? '?f=&order=posted' : '')); $photos[] = array( 'id' => $rr['id'], @@ -801,7 +790,7 @@ class Photos extends \Zotlabs\Web\Controller { } } - if($_REQUEST['aj']) { + if(isset($_REQUEST['aj']) && $_REQUEST['aj']) { if($photos) { $o = replace_macros(get_markup_template('photosajax.tpl'),array( '$photos' => $photos, @@ -831,7 +820,7 @@ class Photos extends \Zotlabs\Web\Controller { } - if((! $photos) && ($_REQUEST['aj'])) { + if((! $photos) && (isset($_REQUEST['aj']) && $_REQUEST['aj'])) { $o .= '<div id="content-complete"></div>'; echo $o; killme(); @@ -1021,7 +1010,7 @@ class Photos extends \Zotlabs\Web\Controller { // FIXME - remove this when we move to conversation module - $r = $r[0]['children']; + $r = $r[0]['children'] ?? []; $edit = null; if($can_post) { @@ -1121,9 +1110,6 @@ class Photos extends \Zotlabs\Web\Controller { 'attendyes' => array('title' => t('Attending','title')), 'attendno' => array('title' => t('Not attending','title')), 'attendmaybe' => array('title' => t('Might attend','title')) ); - - - if($r) { foreach($r as $item) { @@ -1266,19 +1252,19 @@ class Photos extends \Zotlabs\Web\Controller { '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dislike_e, - '$like_count' => $like_count, - '$like_list' => $like_list, - '$like_list_part' => $like_list_part, - '$like_button_label' => $like_button_label, + '$like_count' => $like_count ?? '', + '$like_list' => $like_list ?? '', + '$like_list_part' => $like_list_part ?? '', + '$like_button_label' => $like_button_label ?? '', '$like_modal_title' => t('Likes','noun'), '$dislike_modal_title' => t('Dislikes','noun'), - '$dislike_count' => $dislike_count, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_count : ''), - '$dislike_list' => $dislike_list, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list : ''), - '$dislike_list_part' => $dislike_list_part, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list_part : ''), - '$dislike_button_label' => $dislike_button_label, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_button_label : ''), + '$dislike_count' => $dislike_count ?? '', //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_count : ''), + '$dislike_list' => $dislike_list ?? '', //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list : ''), + '$dislike_list_part' => $dislike_list_part ?? '', //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list_part : ''), + '$dislike_button_label' => $dislike_button_label ?? '', //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_button_label : ''), '$modal_dismiss' => t('Close'), '$comments' => $comments, - '$commentbox' => $commentbox, + '$commentbox' => $commentbox ?? '', '$paginate' => $paginate, '$onclick' => $hookdata['onclick'] )); @@ -1345,7 +1331,7 @@ class Photos extends \Zotlabs\Web\Controller { } } - if($_REQUEST['aj']) { + if(isset($_REQUEST['aj']) && $_REQUEST['aj']) { if($photos) { $o = replace_macros(get_markup_template('photosajax.tpl'),array( '$photos' => $photos, @@ -1373,7 +1359,7 @@ class Photos extends \Zotlabs\Web\Controller { } - if((! $photos) && ($_REQUEST['aj'])) { + if((! $photos) && (isset($_REQUEST['aj']) && $_REQUEST['aj'])) { $o .= '<div id="content-complete"></div>'; echo $o; killme(); diff --git a/Zotlabs/Module/Poco.php b/Zotlabs/Module/Poco.php index 85c9348c0..f0355bb61 100644 --- a/Zotlabs/Module/Poco.php +++ b/Zotlabs/Module/Poco.php @@ -7,7 +7,7 @@ require_once('include/socgraph.php'); class Poco extends \Zotlabs\Web\Controller { function init() { - poco($a,false); + poco(); } - + } diff --git a/Zotlabs/Module/Poke.php b/Zotlabs/Module/Poke.php index 596de58a3..30585bf3d 100644 --- a/Zotlabs/Module/Poke.php +++ b/Zotlabs/Module/Poke.php @@ -37,7 +37,7 @@ class Poke extends Controller { $uid = local_channel(); $channel = App::get_channel(); - $verb = notags(trim($_REQUEST['verb'])); + $verb = ((isset($_GET['verb'])) ? notags(trim($_GET['verb'])) : ''); if(! $verb) return; @@ -121,7 +121,6 @@ class Poke extends Controller { $arr['obj_type'] = ACTIVITY_OBJ_NOTE; $arr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t($verbs[$verb][0]) . ' ' . '[zrl=' . $target['xchan_url'] . ']' . $target['xchan_name'] . '[/zrl]'; $arr['item_origin'] = 1; - $arr['item_wall'] = 1; $arr['item_unseen'] = 1; if(! $parent_item) $arr['item_thread_top'] = 1; @@ -155,7 +154,7 @@ class Poke extends Controller { $name = ''; $id = ''; - if(intval($_REQUEST['c'])) { + if(isset($_REQUEST['c']) && intval($_REQUEST['c'])) { $r = q("select abook_id, xchan_name from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d limit 1", intval($_REQUEST['c']), diff --git a/Zotlabs/Module/Profile.php b/Zotlabs/Module/Profile.php index bcc7ad930..732beaa6a 100644 --- a/Zotlabs/Module/Profile.php +++ b/Zotlabs/Module/Profile.php @@ -110,7 +110,7 @@ class Profile extends Controller { $is_owner = ((local_channel()) && (local_channel() == App::$profile['profile_uid']) ? true : false); - if (App::$profile['hidewall'] && (!$is_owner) && (!remote_channel())) { + if ((isset(App::$profile['hidewall']) && App::$profile['hidewall']) && (!$is_owner) && (!remote_channel())) { notice(t('Permission denied.') . EOL); return; } diff --git a/Zotlabs/Module/Profile_photo.php b/Zotlabs/Module/Profile_photo.php index a5e87bbe2..d7e2bbce1 100644 --- a/Zotlabs/Module/Profile_photo.php +++ b/Zotlabs/Module/Profile_photo.php @@ -587,7 +587,6 @@ class Profile_photo extends Controller { return $o; } - return; // NOTREACHED } /* @brief Generate the UI for photo-cropping diff --git a/Zotlabs/Module/Pubsites.php b/Zotlabs/Module/Pubsites.php index fd5aeaa72..032406be4 100644 --- a/Zotlabs/Module/Pubsites.php +++ b/Zotlabs/Module/Pubsites.php @@ -8,6 +8,8 @@ class Pubsites extends \Zotlabs\Web\Controller { function get() { $dirmode = intval(get_config('system','directory_mode')); + $url = ''; + if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { $url = z_root() . '/dirsearch'; } @@ -19,7 +21,7 @@ class Pubsites extends \Zotlabs\Web\Controller { $rating_enabled = get_config('system','rating_enabled'); - $o .= '<div class="generic-content-wrapper">'; + $o = '<div class="generic-content-wrapper">'; $o .= '<div class="section-title-wrapper"><h2>' . t('Public Hubs') . '</h2></div>'; diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index 583974e22..3c8dfa0a5 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -75,7 +75,7 @@ class Pubstream extends \Zotlabs\Web\Controller { 'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''), 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], - 'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), + 'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'), 'acl' => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), 'permissions' => $channel_acl, 'bang' => '', @@ -91,6 +91,7 @@ class Pubstream extends \Zotlabs\Web\Controller { ); $o .= '<div id="jot-popup">'; + $a = ''; $o .= status_editor($a,$x,false,'Pubstream'); $o .= '</div>'; } @@ -158,11 +159,13 @@ class Pubstream extends \Zotlabs\Web\Controller { require_once('include/channel.php'); require_once('include/security.php'); + $sys = get_sys_channel(); + $abook_uids = " and abook.abook_channel = " . intval($sys['channel_id']) . " "; + if($site_firehose) { $uids = " and item.uid in ( " . stream_perms_api_uids(PERMS_PUBLIC) . " ) and item_private = 0 and item_wall = 1 "; } else { - $sys = get_sys_channel(); $uids = " and item.uid = " . intval($sys['channel_id']) . " "; $sql_extra = item_permissions_sql($sys['channel_id']); \App::$data['firehose'] = intval($sys['channel_id']); @@ -181,14 +184,13 @@ class Pubstream extends \Zotlabs\Web\Controller { $net_query = (($net) ? " left join xchan on xchan_hash = author_xchan " : ''); $net_query2 = (($net) ? " and xchan_network = '" . protect_sprintf(dbesc($net)) . "' " : ''); - $abook_uids = " and abook.abook_channel = " . intval(\App::$profile['profile_uid']) . " "; - - $simple_update = ''; if($update && $_SESSION['loadtime']) $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) "; //logger('update: ' . $update . ' load: ' . $load); + $items = []; + if($update) { $ordering = get_config('system', 'pubstream_ordering', 'commented'); @@ -200,7 +202,7 @@ class Pubstream extends \Zotlabs\Web\Controller { $net_query WHERE mid = '%s' $uids $item_normal and (abook.abook_blocked = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets $net_query2", + $sql_extra $net_query2", dbesc($mid) ); } @@ -211,7 +213,7 @@ class Pubstream extends \Zotlabs\Web\Controller { $net_query WHERE true $uids and item.item_thread_top = 1 $item_normal and (abook.abook_blocked = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets $net_query2 + $sql_extra $net_query2 ORDER BY $ordering DESC $pager_sql " ); } @@ -223,7 +225,7 @@ class Pubstream extends \Zotlabs\Web\Controller { $net_query WHERE mid = '%s' $uids $item_normal_update $simple_update and (abook.abook_blocked = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets $net_query2", + $sql_extra $net_query2", dbesc($mid) ); } @@ -234,7 +236,7 @@ class Pubstream extends \Zotlabs\Web\Controller { WHERE true $uids $item_normal_update $simple_update and (abook.abook_blocked = 0 or abook.abook_flags is null) - $sql_extra3 $sql_extra $sql_nets $net_query2" + $sql_extra $net_query2" ); } } @@ -259,9 +261,6 @@ class Pubstream extends \Zotlabs\Web\Controller { $items = fetch_post_tags($items,true); $items = conv_sort($items,$ordering); } - else { - $items = array(); - } } diff --git a/Zotlabs/Module/Regate.php b/Zotlabs/Module/Regate.php index 33bb8d957..ac6273951 100644 --- a/Zotlabs/Module/Regate.php +++ b/Zotlabs/Module/Regate.php @@ -443,7 +443,7 @@ class Regate extends \Zotlabs\Web\Controller { $msg = t('Unknown or expired ID'); zar_log('ZAR1132E ' . $msg . ':' . $did2 . ',' . $didx); $o = replace_macros(get_markup_template('plain.tpl'), [ - '$title' => $title, + '$title' => $msg, '$now' => $nowfmt, '$infos' => $msg ]); diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index 683fcdc36..0d423e0cd 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -87,7 +87,7 @@ class Register extends Controller { $name_error = validate_channelname($name); if($name_error) { notice($name_error . EOL); - return $ret; + return; } $nick = mb_strtolower(escape_tags(trim($arr['nickname']))); @@ -166,7 +166,7 @@ class Register extends Controller { if(!empty($password_result['error'])) { $msg = $password_result['message']; notice($msg); - zar_log($msg . ' ' . $did2); + zar_log($msg); return; } @@ -239,7 +239,7 @@ class Register extends Controller { ); $msg = t('Invitation code succesfully applied'); - zar_log('ZAR0237I ' . $msg) . ', ' . $email; + zar_log('ZAR0237I ' . $msg . ', ' . $email); // msg! info($msg . EOL); diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php index 013817597..7b84339b1 100644 --- a/Zotlabs/Module/Rpost.php +++ b/Zotlabs/Module/Rpost.php @@ -151,7 +151,7 @@ class Rpost extends \Zotlabs\Web\Controller { } } - if($_REQUEST['remote_return']) { + if(isset($_REQUEST['remote_return']) && $_REQUEST['remote_return']) { $_SESSION['remote_return'] = $_REQUEST['remote_return']; } if(argc() > 1 && argv(1) === 'return') { @@ -162,14 +162,14 @@ class Rpost extends \Zotlabs\Web\Controller { $plaintext = true; - if(array_key_exists('type', $_REQUEST) && $_REQUEST['type'] === 'html') { + if(isset($_REQUEST['type']) && $_REQUEST['type'] === 'html') { require_once('include/html2bbcode.php'); $_REQUEST['body'] = html2bbcode($_REQUEST['body']); } $channel = \App::get_channel(); - if($_REQUEST['acl']) { + if(isset($_REQUEST['acl']) && $_REQUEST['acl']) { $acl = new \Zotlabs\Access\AccessList([]); $acl->set($_REQUEST['acl']); $channel_acl = $acl->get(); @@ -180,13 +180,13 @@ class Rpost extends \Zotlabs\Web\Controller { } - if($_REQUEST['url']) { + if(isset($_REQUEST['url']) && $_REQUEST['url']) { $x = z_fetch_url(z_root() . '/linkinfo?f=&url=' . urlencode($_REQUEST['url'])); if($x['success']) $_REQUEST['body'] = $_REQUEST['body'] . $x['body']; } - if($_REQUEST['post_id']) { + if(isset($_REQUEST['post_id']) && $_REQUEST['post_id']) { $_REQUEST['body'] .= '[share=' . intval($_REQUEST['post_id']) . '][/share]'; } @@ -201,9 +201,9 @@ class Rpost extends \Zotlabs\Web\Controller { 'bang' => '', 'visitor' => true, 'profile_uid' => local_channel(), - 'title' => $_REQUEST['title'], - 'body' => $_REQUEST['body'], - 'attachment' => $_REQUEST['attachment'], + 'title' => $_REQUEST['title'] ?? '', + 'body' => $_REQUEST['body'] ?? '', + 'attachment' => $_REQUEST['attachment'] ?? '', 'source' => ((x($_REQUEST,'source')) ? strip_tags($_REQUEST['source']) : ''), 'return_path' => 'rpost/return', 'bbco_autocomplete' => 'bbcode', @@ -212,6 +212,7 @@ class Rpost extends \Zotlabs\Web\Controller { 'jotnets' => true ); + $a = ''; $editor = status_editor($a,$x,false,'Rpost'); $o .= replace_macros(get_markup_template('edpost_head.tpl'), array( diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index da4752186..6601da29d 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -33,7 +33,7 @@ class Search extends Controller { require_once('include/security.php'); - $format = (($_REQUEST['format']) ? $_REQUEST['format'] : ''); + $format = $_REQUEST['format'] ?? ''; if ($format !== '') { $update = $load = 1; } @@ -146,10 +146,10 @@ class Search extends Controller { $o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1)) . "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; </script>\r\n"; - App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), [ + App::$page['htmlhead'] = replace_macros(get_markup_template("build_query.tpl"), [ '$baseurl' => z_root(), '$pgtype' => 'search', - '$uid' => ((App::$profile['profile_uid']) ? App::$profile['profile_uid'] : '0'), + '$uid' => App::$profile['profile_uid'] ?? '0', '$gid' => '0', '$cid' => '0', '$cmin' => '(-1)', @@ -180,6 +180,8 @@ class Search extends Controller { } + $r = null; + if (($update) && ($load)) { $itemspage = get_pconfig(local_channel(), 'system', 'itemspage'); App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10)); @@ -195,8 +197,6 @@ class Search extends Controller { $sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0; if ($load) { - $r = null; - if (local_channel()) { $r = q("SELECT mid, MAX(id) AS item_id FROM item WHERE (( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item.item_private = 0 ) @@ -208,7 +208,7 @@ class Search extends Controller { ); } - if (!$r) { + if ($r === null) { $r = q("SELECT mid, MAX(id) AS item_id FROM item WHERE (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item.item_private = 0 ) AND item.uid IN ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK | PERMS_PUBLIC) : PERMS_PUBLIC) . " )) @@ -225,11 +225,6 @@ class Search extends Controller { $r = dbq("select *, id as item_id from item where id in ( " . $str . ") order by created desc"); } } - else { - $r = []; - } - - } $items = []; diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 624cbb0c1..94f67a349 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -11,8 +11,9 @@ class Settings extends \Zotlabs\Web\Controller { if(! local_channel()) return; - if($_SESSION['delegate']) + if (isset($_SESSION['delegate']) && $_SESSION['delegate']) { return; + } \App::$profile_uid = local_channel(); @@ -33,7 +34,7 @@ class Settings extends \Zotlabs\Web\Controller { if(! local_channel()) return; - if($_SESSION['delegate']) + if(isset($_SESSION['delegate']) && $_SESSION['delegate']) return; // logger('mod_settings: ' . print_r($_REQUEST,true)); @@ -54,7 +55,7 @@ class Settings extends \Zotlabs\Web\Controller { nav_set_selected('Settings'); - if((! local_channel()) || ($_SESSION['delegate'])) { + if((! local_channel()) || (isset($_SESSION['delegate']) && $_SESSION['delegate'])) { notice( t('Permission denied.') . EOL ); return login(); } diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php index 840efc162..1e0c2a2db 100644 --- a/Zotlabs/Module/Settings/Channel.php +++ b/Zotlabs/Module/Settings/Channel.php @@ -27,10 +27,10 @@ class Channel { $photo_path = ((x($_POST, 'photo_path')) ? escape_tags(trim($_POST['photo_path'])) : ''); $attach_path = ((x($_POST, 'attach_path')) ? escape_tags(trim($_POST['attach_path'])) : ''); $allow_location = (((x($_POST, 'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1 : 0); - $post_newfriend = (($_POST['post_newfriend'] == 1) ? 1 : 0); - $post_joingroup = (($_POST['post_joingroup'] == 1) ? 1 : 0); - $post_profilechange = (($_POST['post_profilechange'] == 1) ? 1 : 0); - $adult = (($_POST['adult'] == 1) ? 1 : 0); + $post_newfriend = ((isset($_POST['post_newfriend']) && $_POST['post_newfriend'] == 1) ? 1 : 0); + $post_joingroup = ((isset($_POST['post_joingroup']) && $_POST['post_joingroup'] == 1) ? 1 : 0); + $post_profilechange = ((isset($_POST['post_profilechange']) && $_POST['post_profilechange'] == 1) ? 1 : 0); + $adult = ((isset($_POST['adult']) && $_POST['adult'] == 1) ? 1 : 0); $mailhost = ((array_key_exists('mailhost', $_POST)) ? notags(trim($_POST['mailhost'])) : ''); $pageflags = $channel['channel_pageflags']; $existing_adult = (($pageflags & PAGE_ADULT) ? 1 : 0); @@ -152,6 +152,7 @@ class Channel { Master::Summon(['Directory', local_channel()]); Libsync::build_sync_packet(); + $email_changed = false; if ($email_changed && App::$config['system']['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout diff --git a/Zotlabs/Module/Settings/Display.php b/Zotlabs/Module/Settings/Display.php index 11181907b..ea9ae2da1 100644 --- a/Zotlabs/Module/Settings/Display.php +++ b/Zotlabs/Module/Settings/Display.php @@ -90,8 +90,8 @@ class Display { $default_theme = 'redbasic'; $themespec = explode(':', \App::$channel['channel_theme']); - $existing_theme = $themespec[0]; - $existing_schema = $themespec[1]; + $existing_theme = $themespec[0] ?? ''; + $existing_schema = $themespec[1] ?? ''; $theme = (($existing_theme) ? $existing_theme : $default_theme); @@ -207,12 +207,12 @@ class Display { function get_theme_config_file($theme){ - $base_theme = \App::$theme_info['extends']; + $base_theme = \App::$theme_info['extends'] ?? ''; - if (file_exists("view/theme/$theme/php/config.php")){ + if ($theme && file_exists("view/theme/$theme/php/config.php")){ return "view/theme/$theme/php/config.php"; } - if (file_exists("view/theme/$base_theme/php/config.php")){ + if ($base_theme && file_exists("view/theme/$base_theme/php/config.php")){ return "view/theme/$base_theme/php/config.php"; } return null; diff --git a/Zotlabs/Module/Siteinfo.php b/Zotlabs/Module/Siteinfo.php index be6862c6b..ac33747f8 100644 --- a/Zotlabs/Module/Siteinfo.php +++ b/Zotlabs/Module/Siteinfo.php @@ -5,7 +5,7 @@ namespace Zotlabs\Module; class Siteinfo extends \Zotlabs\Web\Controller { function init() { - if (argv(1) === 'json' || $_REQUEST['module_format'] === 'json') { + if (argv(1) === 'json' || (isset($_REQUEST['module_format']) && $_REQUEST['module_format'] === 'json')) { $data = get_site_info(); json_return_and_die($data); } diff --git a/Zotlabs/Module/Sitelist.php b/Zotlabs/Module/Sitelist.php index 2ac5ed1b8..9908aa651 100644 --- a/Zotlabs/Module/Sitelist.php +++ b/Zotlabs/Module/Sitelist.php @@ -5,63 +5,63 @@ namespace Zotlabs\Module; /** @file */ class Sitelist extends \Zotlabs\Web\Controller { function init() { - - $start = (($_REQUEST['start']) ? intval($_REQUEST['start']) : 0); - $limit = ((intval($_REQUEST['limit'])) ? intval($_REQUEST['limit']) : 30); - $order = (($_REQUEST['order']) ? $_REQUEST['order'] : 'random'); - $open = (($_REQUEST['open']) ? intval($_REQUEST['open']) : false); - - + + $start = ((isset($_REQUEST['start'])) ? intval($_REQUEST['start']) : 0); + $limit = ((isset($_REQUEST['limit'])) ? intval($_REQUEST['limit']) : 30); + $order = ((isset($_REQUEST['order'])) ? $_REQUEST['order'] : 'random'); + $open = ((isset($_REQUEST['open'])) ? intval($_REQUEST['open']) : false); + + $sql_order = " order by site_url "; $rand = db_getfunc('rand'); if($order == 'random') $sql_order = " order by $rand "; - + $sql_limit = " LIMIT $limit OFFSET $start "; - + $sql_extra = ""; if($open) $sql_extra = " and site_register = " . intval(REGISTER_OPEN) . " "; - + $realm = get_directory_realm(); if($realm == DIRECTORY_REALM) { $sql_extra .= " and ( site_realm = '" . dbesc($realm) . "' or site_realm = '') "; } else $sql_extra .= " and site_realm = '" . dbesc($realm) . "' "; - + $result = array('success' => false); - + $r = q("select count(site_url) as total from site where site_type = %d and site_dead = 0 $sql_extra ", intval(SITE_TYPE_ZOT) ); - + if($r) $result['total'] = intval($r[0]['total']); - + $result['start'] = $start; - $result['limit'] = $limit; - + $result['limit'] = $limit; + $r = q("select * from site where site_type = %d and site_dead = 0 $sql_extra $sql_order $sql_limit", intval(SITE_TYPE_ZOT) ); - + $result['results'] = 0; $result['entries'] = array(); - + if($r) { - $result['success'] = true; + $result['success'] = true; $result['results'] = count($r); - + foreach($r as $rr) { $result['entries'][] = array('url' => $rr['site_url']); } - + } - + echo json_encode($result); killme(); - - + + } } diff --git a/Zotlabs/Module/Sslify.php b/Zotlabs/Module/Sslify.php index 37be4423b..9dd5c4a0b 100644 --- a/Zotlabs/Module/Sslify.php +++ b/Zotlabs/Module/Sslify.php @@ -9,23 +9,27 @@ class Sslify extends \Zotlabs\Web\Controller { if($x['success']) { $h = explode("\n",$x['header']); foreach ($h as $l) { + if (strpos($l, ':') === false) { + continue; + } + list($k,$v) = array_map("trim", explode(":", trim($l), 2)); $hdrs[strtolower($k)] = $v; } - - if (array_key_exists('content-type', $hdrs)) + + if (array_key_exists('content-type', $hdrs)) header('Content-Type: ' . $hdrs['content-type']); - if (array_key_exists('last-modified', $hdrs)) + if (array_key_exists('last-modified', $hdrs)) header('Last-Modified: ' . $hdrs['last-modified']); - if (array_key_exists('cache-control', $hdrs)) + if (array_key_exists('cache-control', $hdrs)) header('Cache-Control: ' . $hdrs['cache-control']); - if (array_key_exists('expires', $hdrs)) + if (array_key_exists('expires', $hdrs)) header('Expires: ' . $hdrs['expires']); - + echo $x['body']; killme(); } killme(); - } + } } diff --git a/Zotlabs/Module/Tagger.php b/Zotlabs/Module/Tagger.php index 4fbfb7070..4aaae5885 100644 --- a/Zotlabs/Module/Tagger.php +++ b/Zotlabs/Module/Tagger.php @@ -12,11 +12,11 @@ require_once('include/items.php'); class Tagger extends \Zotlabs\Web\Controller { function get() { - + if(! local_channel()) { return; } - + $sys = get_sys_channel(); $observer_hash = get_observer_hash(); @@ -25,23 +25,23 @@ class Tagger extends \Zotlabs\Web\Controller { //check if empty if(! $term) return; - + $item_id = ((argc() > 1) ? notags(trim(argv(1))) : 0); - + logger('tagger: tag ' . $term . ' item ' . $item_id); - + $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval(local_channel()) - ); + ); if(! $r) { $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($sys['channel_id']) - ); + ); if($r) { - $r = [ copy_of_pubitem($channel, $i[0]['mid']) ]; + $r = [ copy_of_pubitem($channel, $r[0]['mid']) ]; $item_id = (($r) ? $r[0]['id'] : 0); } } @@ -55,16 +55,16 @@ class Tagger extends \Zotlabs\Web\Controller { intval($item_id), intval(local_channel()) ); - + if((! $item_id) || (! $r)) { logger('tagger: no item ' . $item_id); return; } - + $item = $r[0]; - + $owner_uid = $item['uid']; - + switch($item['resource_type']) { case 'photo': $targettype = ACTIVITY_OBJ_PHOTO; @@ -81,13 +81,13 @@ class Tagger extends \Zotlabs\Web\Controller { $post_type = t('comment'); break; } - + $clean_term = trim($term,'"\' '); - - $links = array(array('rel' => 'alternate','type' => 'text/html', + + $links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => z_root() . '/display/' . gen_link_id($item['mid']))); - + $target = json_encode(array( 'type' => $targettype, 'id' => $item['mid'], @@ -106,10 +106,10 @@ class Tagger extends \Zotlabs\Web\Controller { array('rel' => 'photo', 'type' => $item['xchan_photo_mimetype'], 'href' => $item['xchan_photo_m'])), ), )); - + $tagid = z_root() . '/search?tag=' . $clean_term; $objtype = ACTIVITY_OBJ_TAGTERM; - + $obj = json_encode(array( 'type' => $objtype, 'id' => $tagid, @@ -117,30 +117,30 @@ class Tagger extends \Zotlabs\Web\Controller { 'title' => $clean_term, 'content' => $clean_term )); - + $bodyverb = t('%1$s tagged %2$s\'s %3$s with %4$s'); - + // saving here for reference // also check out x22d5 and x2317 and x0d6b and x0db8 and x24d0 and xff20 !!! - + $termlink = html_entity_decode('⋕') . '[zrl=' . z_root() . '/search?tag=' . urlencode($clean_term) . ']'. $clean_term . '[/zrl]'; - + $channel = \App::get_channel(); - + $arr = array(); - + $arr['owner_xchan'] = $item['owner_xchan']; $arr['author_xchan'] = $channel['channel_hash']; - + $arr['item_origin'] = 1; $arr['item_wall'] = ((intval($item['item_wall'])) ? 1 : 0); - + $ulink = '[zrl=' . $channel['xchan_url'] . ']' . $channel['channel_name'] . '[/zrl]'; $alink = '[zrl=' . $item['xchan_url'] . ']' . $item['xchan_name'] . '[/zrl]'; $plink = '[zrl=' . $item['plink'] . ']' . $post_type . '[/zrl]'; - + $arr['body'] = sprintf( $bodyverb, $ulink, $alink, $plink, $termlink ); - + $arr['verb'] = ACTIVITY_TAG; $arr['tgt_type'] = $targettype; $arr['target'] = $target; @@ -152,14 +152,14 @@ class Tagger extends \Zotlabs\Web\Controller { if($ret['success']) { Libsync::build_sync_packet(local_channel(), - [ + [ 'item' => [ encode_item($ret['activity'],true) ] ] ); } - + killme(); - + } - + } diff --git a/Zotlabs/Module/Theme_info.php b/Zotlabs/Module/Theme_info.php index e27ec9444..bf1e5cb9b 100644 --- a/Zotlabs/Module/Theme_info.php +++ b/Zotlabs/Module/Theme_info.php @@ -9,7 +9,7 @@ class Theme_info extends \Zotlabs\Web\Controller { $theme = argv(1); if(! $theme) killme(); - + $schemalist = array(); $theme_config = ""; @@ -40,32 +40,32 @@ class Theme_info extends \Zotlabs\Web\Controller { $credits = ''; } - $ret = [ - 'theme' => $theme, - 'img' => get_theme_screenshot($theme), - 'desc' => $desc, - 'version' => $version, - 'credits' => $credits, + $ret = [ + 'theme' => $theme, + 'img' => get_theme_screenshot($theme), + 'desc' => $desc, + 'version' => $version, + 'credits' => $credits, 'schemas' => $schemalist, 'config' => $theme_config ]; json_return_and_die($ret); - + } function get_theme_config_file($theme){ - $base_theme = \App::$theme_info['extends']; - - if (file_exists("view/theme/$theme/php/config.php")){ + $base_theme = \App::$theme_info['extends'] ?? ''; + + if ($theme && file_exists("view/theme/$theme/php/config.php")){ return "view/theme/$theme/php/config.php"; - } - if (file_exists("view/theme/$base_theme/php/config.php")){ + } + if ($base_theme && file_exists("view/theme/$base_theme/php/config.php")){ return "view/theme/$base_theme/php/config.php"; } return null; } -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Tokens.php b/Zotlabs/Module/Tokens.php index a41003f6b..90681180e 100644 --- a/Zotlabs/Module/Tokens.php +++ b/Zotlabs/Module/Tokens.php @@ -90,8 +90,8 @@ class Tokens extends Controller { $r = q("select count(atoken_id) as total where atoken_uid = %d", intval($channel['channel_id']) ); - if($r && intval($r[0]['total']) >= $max_tokens) { - notice( sprintf( t('This channel is limited to %d tokens'), $max_tokens) . EOL); + if($r && intval($r[0]['total']) >= $max_atokens) { + notice( sprintf( t('This channel is limited to %d tokens'), $max_atokens) . EOL); return; } } @@ -282,15 +282,15 @@ class Tokens extends Controller { } $tpl = get_markup_template("tokens.tpl"); - $o .= replace_macros($tpl, array( + $o = replace_macros($tpl, array( '$form_security_token' => get_form_security_token('tokens'), '$permcat' => ['permcat', t('Select a role for this guest'), $current_permcat, '', $permcats], '$title' => t('Guest Access'), '$desc' => $desc, '$atoken' => $atoken, - '$name' => array('name', t('Login Name') . ' <span class="required">*</span>', (($atoken) ? $atoken['atoken_name'] : ''),''), - '$token'=> array('token', t('Login Password') . ' <span class="required">*</span>',(($atoken) ? $atoken['atoken_token'] : new_token()), ''), - '$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] > NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''), + '$name' => array('name', t('Login Name') . ' <span class="required">*</span>', $atoken['atoken_name'] ?? '',''), + '$token'=> array('token', t('Login Password') . ' <span class="required">*</span>', $atoken['atoken_token'] ?? new_token(), ''), + '$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), ((isset($atoken['atoken_expires']) && $atoken['atoken_expires'] > NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''), '$submit' => t('Submit'), '$delete' => t('Delete') )); diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php index d54f61c36..d321ca8fe 100644 --- a/Zotlabs/Module/Viewconnections.php +++ b/Zotlabs/Module/Viewconnections.php @@ -37,7 +37,7 @@ class Viewconnections extends \Zotlabs\Web\Controller { if(! $_REQUEST['aj']) $_SESSION['return_url'] = \App::$query_string; - + $o = ''; $is_owner = ((local_channel() && local_channel() == \App::$profile['uid']) ? true : false); $abook_flags = " and abook_pending = 0 and abook_self = 0 and abook_blocked = 0 and abook_ignored = 0 "; @@ -118,12 +118,12 @@ class Viewconnections extends \Zotlabs\Web\Controller { if($_REQUEST['aj']) { if($contacts) { - $o = replace_macros(get_markup_template('viewcontactsajax.tpl'),array( + $o .= replace_macros(get_markup_template('viewcontactsajax.tpl'),array( '$contacts' => $contacts )); } else { - $o = '<div id="content-complete"></div>'; + $o .= '<div id="content-complete"></div>'; } echo $o; killme(); diff --git a/Zotlabs/Module/Webpages.php b/Zotlabs/Module/Webpages.php index bc47484be..b58c23b34 100644 --- a/Zotlabs/Module/Webpages.php +++ b/Zotlabs/Module/Webpages.php @@ -132,9 +132,9 @@ class Webpages extends Controller { return; } - $mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); + $mimetype = ((isset($_REQUEST['mimetype']) && $_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype')); - $layout = (($_REQUEST['layout']) ? $_REQUEST['layout'] : get_pconfig($owner,'system','page_layout')); + $layout = ((isset($_REQUEST['layout']) && $_REQUEST['layout']) ? $_REQUEST['layout'] : get_pconfig($owner,'system','page_layout')); // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages // Nickname is set to the observers xchan, and profile_uid to the owner's. @@ -182,12 +182,9 @@ class Webpages extends Controller { 'bbcode' => true ); - if($_REQUEST['title']) - $x['title'] = $_REQUEST['title']; - if($_REQUEST['body']) - $x['body'] = $_REQUEST['body']; - if($_REQUEST['pagetitle']) - $x['pagetitle'] = $_REQUEST['pagetitle']; + $x['title'] = $_REQUEST['title'] ?? ''; + $x['body'] = $_REQUEST['body'] ?? ''; + $x['pagetitle'] = $_REQUEST['pagetitle'] ?? ''; // Get a list of webpages. We can't display all them because endless scroll makes that unusable, @@ -206,6 +203,7 @@ class Webpages extends Controller { if(! $r) $x['pagetitle'] = 'home'; + $a = ''; $editor = status_editor($a,$x,false,'Webpages'); $pages = null; diff --git a/Zotlabs/Module/Well_known.php b/Zotlabs/Module/Well_known.php index af59b76e0..9cc31a7d3 100644 --- a/Zotlabs/Module/Well_known.php +++ b/Zotlabs/Module/Well_known.php @@ -34,7 +34,6 @@ class Well_known extends \Zotlabs\Web\Controller { $module = new \Zotlabs\Module\Wfinger(); $module->init(); break; - case 'host-meta': \App::$argc -= 1; array_shift(\App::$argv); @@ -42,7 +41,6 @@ class Well_known extends \Zotlabs\Web\Controller { $module = new \Zotlabs\Module\Hostxrd(); $module->init(); break; - case 'oauth-authorization-server': case 'openid-configuration': \App::$argc -= 1; @@ -51,18 +49,17 @@ class Well_known extends \Zotlabs\Web\Controller { $module = new \Zotlabs\Module\Oauthinfo(); $module->init(); break; - case 'dnt-policy.txt': echo file_get_contents('doc/dnt-policy.txt'); killme(); - + break; case 'caldav': case 'carddav': - if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { - http_status('301', 'moved permanently'); - goaway(z_root() . '/cdav'); - }; - + if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { + http_status('301', 'moved permanently'); + goaway(z_root() . '/cdav'); + }; + break; default: if(file_exists(\App::$cmd)) { echo file_get_contents(\App::$cmd); @@ -71,10 +68,8 @@ class Well_known extends \Zotlabs\Web\Controller { elseif(file_exists(\App::$cmd . '.php')) require_once(\App::$cmd . '.php'); break; - } } - http_status_exit(404); } } diff --git a/Zotlabs/Module/Xpoco.php b/Zotlabs/Module/Xpoco.php index 3ff05c4e1..6d5178336 100644 --- a/Zotlabs/Module/Xpoco.php +++ b/Zotlabs/Module/Xpoco.php @@ -7,7 +7,7 @@ require_once('include/socgraph.php'); class Xpoco extends \Zotlabs\Web\Controller { function init() { - poco($a,true); + poco(); } - + } diff --git a/Zotlabs/Module/Zot_probe.php b/Zotlabs/Module/Zot_probe.php index bdd9506eb..3eaabdd92 100644 --- a/Zotlabs/Module/Zot_probe.php +++ b/Zotlabs/Module/Zot_probe.php @@ -9,17 +9,17 @@ class Zot_probe extends \Zotlabs\Web\Controller { function get() { - $o .= '<h3>Zot6 Probe Diagnostic</h3>'; + $addr = $_GET['addr'] ?? ''; + + $o = '<h3>Zot6 Probe Diagnostic</h3>'; $o .= '<form action="zot_probe" method="get">'; - $o .= 'Lookup URI: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" /><br>'; + $o .= 'Lookup URI: <input type="text" style="width: 250px;" name="addr" value="' . $addr .'" /><br>'; $o .= '<input type="submit" name="submit" value="Submit" /></form>'; $o .= '<br /><br />'; - if(x($_GET,'addr')) { - $addr = $_GET['addr']; - + if($addr) { $x = Zotfinger::exec($addr); diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php index fdef35210..590c1cd9c 100644 --- a/Zotlabs/Storage/Browser.php +++ b/Zotlabs/Storage/Browser.php @@ -262,7 +262,7 @@ class Browser extends DAV\Browser\Plugin { // put the array for this file together $ft['attach_id'] = $id; - $ft['icon'] = $icon; + // $ft['icon'] = $icon; $ft['photo_icon'] = $photo_icon; $ft['is_creator'] = $is_creator; $ft['rel_path'] = (($data) ? '/cloud/' . $nick .'/' . $data['display_path'] : $href); @@ -351,6 +351,9 @@ class Browser extends DAV\Browser\Plugin { $header = (($cat) ? t('File category') . ": " . $this->escapeHTML($cat) : t('Files')); $channel = channelx_by_n($channel_id); + $lockstate = null; + $channel_acl = null; + if($channel) { $acl = new \Zotlabs\Access\AccessList($channel); $channel_acl = $acl->get(); @@ -391,10 +394,10 @@ class Browser extends DAV\Browser\Plugin { '$copy' => ['copy', t('Copy to target location'), 0, '', [t('No'), t('Yes')]], '$return_path' => $path, '$lockstate' => $lockstate, - '$allow_cid' => acl2json($channel_acl['allow_cid']), - '$allow_gid' => acl2json($channel_acl['allow_gid']), - '$deny_cid' => acl2json($channel_acl['deny_cid']), - '$deny_gid' => acl2json($channel_acl['deny_gid']), + '$allow_cid' => ((isset($channel_acl['allow_cid'])) ? acl2json($channel_acl['allow_cid']) : ''), + '$allow_gid' => ((isset($channel_acl['allow_gid'])) ? acl2json($channel_acl['allow_gid']) : ''), + '$deny_cid' => ((isset($channel_acl['deny_cid'])) ? acl2json($channel_acl['deny_cid']) : ''), + '$deny_gid' => ((isset($channel_acl['deny_gid'])) ? acl2json($channel_acl['deny_gid']) : ''), '$is_owner' => $is_owner, '$select_all_label' => t('Select All'), '$bulk_actions_label' => t('Bulk Actions'), @@ -454,6 +457,9 @@ class Browser extends DAV\Browser\Plugin { $lockstate = ''; $limit = 0; + $cat = $_REQUEST['cat'] ?? ''; + $cloud_tiles = $_SESSION['cloud_tiles'] ?? 0; + if($this->auth->owner_id) { $channel = channelx_by_n($this->auth->owner_id); if($channel) { @@ -507,7 +513,7 @@ class Browser extends DAV\Browser\Plugin { $breadcrumbs_html = ''; - if($display_path && ! $_REQUEST['cat'] && ! $_SESSION['cloud_tiles']){ + if ($display_path && !$cat && !$cloud_tiles) { $breadcrumbs = []; $folders = explode('/', $display_path); $folder_hashes = explode('/', $node->os_path); diff --git a/Zotlabs/Storage/Directory.php b/Zotlabs/Storage/Directory.php index c56ffcbbb..683887b31 100644 --- a/Zotlabs/Storage/Directory.php +++ b/Zotlabs/Storage/Directory.php @@ -270,7 +270,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo dbesc($mimetype), intval($filesize), intval(0), - intval($is_photo), + intval(0), dbesc($f), dbesc(datetime_convert()), dbesc(datetime_convert()), @@ -319,8 +319,9 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo // If we know it's a photo, over-ride the type in case the source system could not determine what it was if($is_photo) { - q("update attach set filetype = '%s' where hash = '%s' and uid = %d", + q("update attach set filetype = '%s', is_photo = %d where hash = '%s' and uid = %d", dbesc($gis['mime']), + intval($is_photo), dbesc($hash), intval($c[0]['channel_id']) ); @@ -617,7 +618,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo $file = trim($file, '/'); $path_arr = explode('/', $file); - $cat = $_REQUEST['cat']; + $cat = $_REQUEST['cat'] ?? ''; if (! $path_arr) diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php index 76295d922..dc60a72ae 100644 --- a/Zotlabs/Storage/File.php +++ b/Zotlabs/Storage/File.php @@ -38,6 +38,7 @@ class File extends DAV\Node implements DAV\IFile { */ private $name; + /** * Sets up the node, expects a full path name. * @@ -49,7 +50,8 @@ class File extends DAV\Node implements DAV\IFile { $this->name = $name; $this->data = $data; $this->auth = $auth; - + $this->os_path = null; + $this->folder_hash = null; // logger(print_r($this->data, true), LOGGER_DATA); } diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 35b8054e6..0ab315eee 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -207,7 +207,7 @@ class HTTPSig { $key = (($fetched_key) ? $fetched_key : $cached_key); - $result['portable_id'] = $key['portable_id']; + $result['portable_id'] = $key['portable_id'] ?? ''; $result['header_valid'] = true; if (in_array('digest', $signed_headers)) { @@ -303,7 +303,7 @@ class HTTPSig { // $force is used to ignore the local cache and only use the remote data; for instance the cached key might be stale if (!$force) { - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where (hubloc_id_url = '%s' or hubloc_hash = '%s') and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", + $x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where (hubloc_id_url = '%s' or hubloc_hash = '%s') and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", dbesc($url), dbesc($url) ); @@ -378,7 +378,7 @@ class HTTPSig { $best = []; if (!$force) { - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", + $x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc", dbesc($id) ); @@ -427,7 +427,7 @@ class HTTPSig { $best = []; if (!$force) { - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network = 'zot6' order by hubloc_id desc", + $x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network = 'zot6' order by hubloc_id desc", dbesc($id) ); @@ -631,7 +631,7 @@ class HTTPSig { if (preg_match('/signature="(.*?)"/ism', $header, $matches)) $ret['signature'] = base64_decode(preg_replace('/\s+/', '', $matches[1])); - if (($ret['signature']) && ($ret['algorithm']) && (!$ret['headers'])) + if (isset($ret['signature']) && isset($ret['algorithm']) && !isset($ret['headers'])) $ret['headers'] = ['date']; return $ret; diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index 443a02d20..14c054d20 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -203,7 +203,7 @@ class Session { // first check if we're enforcing that sessions can't change IP address // @todo what to do with IPv6 addresses - if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { + if(isset($_SESSION['addr']) && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) { logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); $partial1 = substr($_SESSION['addr'], 0, strrpos($_SESSION['addr'], '.')); diff --git a/Zotlabs/Widget/Categories.php b/Zotlabs/Widget/Categories.php index 0a1c80061..b31856e48 100644 --- a/Zotlabs/Widget/Categories.php +++ b/Zotlabs/Widget/Categories.php @@ -19,7 +19,7 @@ class Categories { $files = ((array_key_exists('files',$arr) && $arr['files']) ? true : false); - if(!App::$profile['profile_uid'] || !perm_is_allowed(App::$profile['profile_uid'], get_observer_hash(), 'view_stream')) { + if(!isset(App::$profile['profile_uid']) || !perm_is_allowed(App::$profile['profile_uid'], get_observer_hash(), 'view_stream')) { return ''; } diff --git a/Zotlabs/Widget/Cdav.php b/Zotlabs/Widget/Cdav.php index f84f5cb04..f5c3c3799 100644 --- a/Zotlabs/Widget/Cdav.php +++ b/Zotlabs/Widget/Cdav.php @@ -38,7 +38,7 @@ class Cdav { intval($channel['channel_id']) ); - $sharee_options .= '<option value="">' . t('Select Channel') . '</option>' . "\r\n"; + $sharee_options = '<option value="">' . t('Select Channel') . '</option>' . "\r\n"; foreach($local_channels as $local_channel) { $sharee_options .= '<option value="' . $local_channel['channel_hash'] . '">' . $local_channel['channel_name'] . '</option>' . "\r\n"; } @@ -46,6 +46,9 @@ class Cdav { $access_options = '<option value="3">' . t('Read-write') . '</option>' . "\r\n"; $access_options .= '<option value="2">' . t('Read-only') . '</option>' . "\r\n"; + $shared_calendars = []; + $my_calendars = []; + //list calendars foreach($sabrecals as $sabrecal) { if($sabrecal['share-access'] == 1) @@ -66,7 +69,6 @@ class Cdav { $editable = (($sabrecal['share-access'] == 2) ? 'false' : 'true'); // false/true must be string since we're passing it to javascript $sharees = []; - $share_displayname = []; foreach($invites as $invite) { if(strpos($invite->href, 'mailto:') !== false) { @@ -111,7 +113,7 @@ class Cdav { if(!$access || $access === 'read-write') { $writable_calendars[] = [ - 'displayname' => ((!$access) ? $sabrecal['{DAV:}displayname'] : $share_displayname[0]), + 'displayname' => $sabrecal['{DAV:}displayname'], 'id' => $sabrecal['id'] ]; } diff --git a/Zotlabs/Widget/Fullprofile.php b/Zotlabs/Widget/Fullprofile.php index edff88e31..e40188c9e 100644 --- a/Zotlabs/Widget/Fullprofile.php +++ b/Zotlabs/Widget/Fullprofile.php @@ -12,7 +12,7 @@ class Fullprofile { function widget($arr) { - if(! \App::$profile['profile_uid']) + if(!(isset(\App::$profile['profile_uid']) && \App::$profile['profile_uid'])) return; $block = observer_prohibited(); diff --git a/Zotlabs/Widget/Helpindex.php b/Zotlabs/Widget/Helpindex.php index fbcd8c8b2..63e686d3a 100644 --- a/Zotlabs/Widget/Helpindex.php +++ b/Zotlabs/Widget/Helpindex.php @@ -13,7 +13,7 @@ class Helpindex { require_once('include/help.php'); - $o .= '<div class="widget">'; + $o = '<div class="widget">'; $level_0 = get_help_content('sitetoc'); if(! $level_0) { diff --git a/Zotlabs/Widget/Messages.php b/Zotlabs/Widget/Messages.php index c92b9e311..267467bb0 100644 --- a/Zotlabs/Widget/Messages.php +++ b/Zotlabs/Widget/Messages.php @@ -198,6 +198,8 @@ class Messages { } } + $recipients = ''; + if(is_array($recips)) { stringify_array_elms($recips, true); diff --git a/Zotlabs/Widget/Permcats.php b/Zotlabs/Widget/Permcats.php index 9226b3c71..9bda5b8f1 100644 --- a/Zotlabs/Widget/Permcats.php +++ b/Zotlabs/Widget/Permcats.php @@ -24,6 +24,7 @@ class Permcats { $roles = []; $active_role = ''; + $members = []; foreach($pcatlist as $pc) { if (!$active_role) { @@ -76,8 +77,6 @@ class Permcats { dbesc($active_role) ); - $members = []; - foreach ($r as $rr) { $members[] = [ 'name' => $rr['xchan_name'], @@ -89,7 +88,7 @@ class Permcats { } $tpl = get_markup_template("permcats_widget.tpl"); - $o .= replace_macros($tpl, [ + $o = replace_macros($tpl, [ '$roles_label' => t('Contact roles'), '$members_label' => t('Role members'), '$roles' => $roles, diff --git a/Zotlabs/Widget/Photo_albums.php b/Zotlabs/Widget/Photo_albums.php index 2ce916048..d0004e68d 100644 --- a/Zotlabs/Widget/Photo_albums.php +++ b/Zotlabs/Widget/Photo_albums.php @@ -14,8 +14,9 @@ class Photo_albums { function widget($arr) { - if(! \App::$profile['profile_uid']) + if (!(isset(\App::$profile['profile_uid']) && \App::$profile['profile_uid'])) { return ''; + } $channelx = channelx_by_n(\App::$profile['profile_uid']); diff --git a/Zotlabs/Widget/Profile.php b/Zotlabs/Widget/Profile.php index a0bb1a66a..9e04524c1 100644 --- a/Zotlabs/Widget/Profile.php +++ b/Zotlabs/Widget/Profile.php @@ -13,7 +13,7 @@ use App; class Profile { function widget($args) { - if(!App::$profile['profile_uid']) { + if(!isset(App::$profile['profile_uid'])) { return; } diff --git a/Zotlabs/Zot6/Receiver.php b/Zotlabs/Zot6/Receiver.php index 964c61651..b276cbe31 100644 --- a/Zotlabs/Zot6/Receiver.php +++ b/Zotlabs/Zot6/Receiver.php @@ -34,6 +34,7 @@ class Receiver { $this->rawdata = null; $this->site_id = null; $this->prvkey = Config::get('system','prvkey'); + $this->hub = null; if($localdata) { $this->rawdata = $localdata; @@ -71,12 +72,16 @@ class Receiver { if ($this->encrypted && $this->prvkey) { $uncrypted = Crypto::unencapsulate($this->data,$this->prvkey); - if ($uncrypted) { + + // openssl_decrypt() will sometimes return garbage instead of false when + // a wrong key is used. This can happen in case of hub re-installs. + // Hence also check with str_starts_with(). + if ($uncrypted && str_starts_with($uncrypted, '{')) { $this->data = json_decode($uncrypted,true); } else { $this->error = true; - $this->response['message'] = 'no data'; + $this->response['message'] = 'no data (decryption failed)'; } } } |