diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/account.php | 94 | ||||
| -rw-r--r-- | include/attach.php | 2 | ||||
| -rw-r--r-- | include/connections.php | 2 | ||||
| -rw-r--r-- | include/datetime.php | 37 | ||||
| -rw-r--r-- | include/dba/dba_pdo.php | 112 | ||||
| -rw-r--r-- | include/event.php | 2 | ||||
| -rw-r--r-- | include/feedutils.php | 29 | ||||
| -rw-r--r-- | include/items.php | 60 | ||||
| -rw-r--r-- | include/js_strings.php | 23 | ||||
| -rw-r--r-- | include/network.php | 6 | ||||
| -rw-r--r-- | include/oembed.php | 4 | ||||
| -rw-r--r-- | include/photos.php | 2 | ||||
| -rw-r--r-- | include/plugin.php | 10 | ||||
| -rw-r--r-- | include/text.php | 2 | ||||
| -rw-r--r-- | include/zid.php | 5 |
15 files changed, 261 insertions, 129 deletions
diff --git a/include/account.php b/include/account.php index 884c07389..615c802f4 100644 --- a/include/account.php +++ b/include/account.php @@ -613,59 +613,45 @@ function send_register_success_email($email,$password) { } /** - * @brief Allows a user registration. + * Mark a pending registration as approved, and notify the account + * holder by email. * - * @param string $hash - * @return array|boolean + * @param string $hash The registration hash of the entry to approve + * + * @return bool */ -function account_allow($hash) { - - $ret = array('success' => false); +function account_allow(string $hash): bool { $register = q("SELECT * FROM register WHERE reg_hash = '%s' LIMIT 1", dbesc($hash) ); - if(! $register) - return $ret; + if (! $register) { + logger( + "Entry with hash '{$hash}' was not found in the register table.", + LOGGER_NORMAL, + LOG_ERR + ); + return false; + } - $account = q("SELECT * FROM account WHERE account_id = %d LIMIT 1", - intval($register[0]['reg_uid']) - ); + $account = get_account_by_id($register[0]['reg_uid']); - // a register entry without account assigned to - if(! $account) - return $ret; + if (! $account) { + logger( + "Account '{$register[0]['reg_uid']}' mentioned by registration hash '{$hash}' was not found.", + LOGGER_NORMAL, + LOG_ERR + ); + return false; + } - // [hilmar -> + $transaction = new DbaTransaction(DBA::$dba); - q("START TRANSACTION"); - //q("DELETE FROM register WHERE reg_hash = '%s'", - // dbesc($register[0]['reg_hash']) - //); $r1 = q("UPDATE register SET reg_vital = 0 WHERE reg_hash = '%s'", dbesc($register[0]['reg_hash']) ); - /* instead of ... - - // unblock - q("UPDATE account SET account_flags = (account_flags & ~%d) " - . " WHERE (account_flags & %d)>0 AND account_id = %d", - intval(ACCOUNT_BLOCKED), - intval(ACCOUNT_BLOCKED), - intval($register[0]['reg_uid']) - ); - - // unpend - q("UPDATE account SET account_flags = (account_flags & ~%d) " - . " WHERE (account_flags & %d)>0 AND account_id = %d", - intval(ACCOUNT_PENDING), - intval(ACCOUNT_PENDING), - intval($register[0]['reg_uid']) - ); - - */ // together unblock and unpend $r2 = q("UPDATE account SET account_flags = %d WHERE account_id = %d", intval($account['account_flags'] @@ -674,9 +660,7 @@ function account_allow($hash) { ); if($r1 && $r2) { - q("COMMIT"); - - // <- hilmar] + $transaction->commit(); push_lang($register[0]['reg_lang']); @@ -684,35 +668,35 @@ function account_allow($hash) { $email_msg = replace_macros($email_tpl, array( '$sitename' => Config::Get('system','sitename'), '$siteurl' => z_root(), - '$username' => $account[0]['account_email'], - '$email' => $account[0]['account_email'], + '$username' => $account['account_email'], + '$email' => $account['account_email'], '$password' => '', - '$uid' => $account[0]['account_id'] + '$uid' => $account['account_id'] )); $res = z_mail( [ - 'toEmail' => $account[0]['account_email'], + 'toEmail' => $account['account_email'], 'messageSubject' => sprintf( t('Registration details for %s'), Config::Get('system','sitename')), 'textVersion' => $email_msg, ] ); - pop_lang(); + if (! $res) { + info(t("Sending account approval email to {$account['email']} failed...")); + } - if(Config::Get('system', 'auto_channel_create', 1)) - auto_channel_create($register[0]['uid']); + pop_lang(); - if ($res) { - info( t('Account approved.') . EOL ); - return true; + if(Config::Get('system', 'auto_channel_create', 1)) { + auto_channel_create($register[0]['reg_uid']); } - // [hilmar -> - } else { - q("ROLLBACK"); + info( t('Account approved.') . EOL ); + return true; } - // <- hilmar] + + return false; } diff --git a/include/attach.php b/include/attach.php index 02b94ddb6..bda4905f1 100644 --- a/include/attach.php +++ b/include/attach.php @@ -1919,7 +1919,7 @@ function attach_store_item($channel, $observer, $file) { drop_item($r[0]['id'], $stage); if (empty($r[0]['item_hidden'])) { - Master::Summon(['Notifier', 'drop', $i[0]['id']]); + Master::Summon(['Notifier', 'drop', $r[0]['id']]); } } diff --git a/include/connections.php b/include/connections.php index 7500647b4..b3e9ba89d 100644 --- a/include/connections.php +++ b/include/connections.php @@ -513,7 +513,7 @@ function remove_abook_items($channel_id, $xchan_hash) { continue; } - drop_item($rr['id']); + drop_item($rr['id'], uid: $channel_id); } } diff --git a/include/datetime.php b/include/datetime.php index 2182d7c43..89e2876d0 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -268,6 +268,43 @@ function relative_date($posted_date, $format = null) { return $abs; } +/** + * @brief Returns a relative time string like 3 seconds ago. + * @param string $posted_date (UTC) + * @param DateTime $now (optional) + * @return string with relative time + */ +function relative_time($timestamp, $now = new DateTime()) { + $localtime = datetime_convert('UTC', date_default_timezone_get(), $timestamp); + $time = new DateTime($localtime); + + $interval = $now->diff($time); + + $prefix = ''; + $appendix = ' ' . t('ago'); + + if ($time > $now) { + $prefix = t('in') . ' '; + $appendix = ''; + } + + if ($interval->y > 0) { + return $prefix . $interval->y . ' ' . plural_dates('y', $interval->y) . $appendix; + } elseif ($interval->m > 0) { + return $prefix . $interval->m . ' ' . plural_dates('m', $interval->m) . $appendix; + } elseif ($interval->d > 0) { + return $prefix . $interval->d . ' ' . plural_dates('d', $interval->d) . $appendix; + } elseif ($interval->h > 0) { + return $prefix . $interval->h . ' ' . plural_dates('h', $interval->h) . $appendix; + } elseif ($interval->i > 0) { + return $prefix . $interval->i . ' ' . plural_dates('i', $interval->i) . $appendix; + } elseif ($interval->s > 0) { + return $prefix . $interval->s . ' ' . plural_dates('s', $interval->s) . $appendix; + } else { + return t('now'); + } +} + function plural_dates($k,$n) { switch($k) { diff --git a/include/dba/dba_pdo.php b/include/dba/dba_pdo.php index c8a1b6c85..a12629e19 100644 --- a/include/dba/dba_pdo.php +++ b/include/dba/dba_pdo.php @@ -10,6 +10,8 @@ class dba_pdo extends dba_driver { public $driver_dbtype = null; + private string $server_version = ''; + /** * {@inheritDoc} * @see dba_driver::connect() @@ -37,6 +39,7 @@ class dba_pdo extends dba_driver { try { $this->db = new PDO($dsn,$user,$pass); $this->db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION); + $this->server_version = $this->db->getAttribute(PDO::ATTR_SERVER_VERSION); } catch(PDOException $e) { if(file_exists('dbfail.out')) { @@ -73,9 +76,9 @@ class dba_pdo extends dba_driver { } } - $result = null; + $result = false; $this->error = ''; - $select = ((stripos($sql, 'select') === 0) ? true : false); + $select = stripos($sql, 'select') === 0 || stripos($sql, 'returning ') > 0; try { $result = $this->db->query($sql, PDO::FETCH_ASSOC); @@ -115,6 +118,111 @@ class dba_pdo extends dba_driver { return (($this->error) ? false : $r); } + /** + * Insert a row into a table. + * + * The `$data` argument is an array of key/value pairs of the columns to + * insert, where the key is the column name. Values are automatically + * escaped if needed, and should be provided unescaped to this function. + * + * @note it is the callers responsibility to ensure that only valid + * column names are passed as keys in the array. + * + * The inserted row will be returned. + * + * @param string $table The table to insert the row into. + * @param array $data The data to insert as an array of column name => value pairs. + * @param string $idcol The column name for the primary key of the table. We need to + * specify this since we don't have a consistent naming of primary + * id for tables. + * + * @return array|bool The complete record as read back from the database, or false if we + * could not fetch it. + */ + public function insert(string $table, array $data, string $idcol): array|bool { + $keys = array_keys($data); + $values = array_map( + fn ($v) => is_numeric($v) ? $v : "'" . dbesc($v) . "'", + array_values($data) + ); + + $query = "INSERT INTO {$table} (" + . implode(', ', $keys) . ') VALUES (' + . implode(', ', $values) . ')'; + + // MySQL is the only supported DB that don't support the returning + // clause. Since the driver type is 'mysql' also for MariaDB, we need + // to check the actual server version to be sure we only exclude actual + // MySQL systems. + if ($this->driver_dbtype !== 'mysql' || stripos($this->server_version, 'mariadb') !== false) { + $query .= ' RETURNING *'; + } + + $res = $this->q($query); + + if (is_a($res, PDOStatement::class)) { + // + // Calling PDO::lastInsertId should be safe here. + // The last inserted id is kept for each connection, so we're not risking + // a race condition wrt inserts by other requests that happen simultaneously. + // + $id = $this->db->lastInsertId($table); + + $res = $this->q("SELECT * FROM {$table} WHERE {$idcol} = {$id}"); + + if (is_a($res, PDOStatement::class)) { + db_logger('dba_pdo: PDOStatement returned, did not expect that.'); + return false; + } + } + + if (is_array($res)) { + // Since we should never have more than one result, unwrap the array + // so we only have the resulting row. + $res = $res[0]; + } + + return $res; + } + + /** + * Update an existing row in a table. + * + * The `$data` argument is an array of key/value pairs of the columns to + * update, where the key is the column name. Values are automatically + * escaped if needed, and should be provided unescaped to this function. + * + * @note it is the callers responsibility to ensure that only valid + * column names are passed as keys in the array. + * + * The row to be updated is identified by `$idcol` and `$idval` as the + * column name and value respectively. This should normally be the unique + * id column of the table, but can in theory be any column with a unique + * value that identifies a specific row. + * + * @param string $table The table to update. + * @param array $data The columns to update as key => value pairs. + * @param string $idcol The name of the id column to check $idval against. + * @param mixed $idval The id of the row to update. + * + * @return bool True if the update succeeded, false otherwise. + */ + public function update(string $table, array $data, string $idcol, mixed $idval): bool { + $set_statements = []; + + foreach ($data as $k => $v) { + $set_statements[] = "set {$k}=" . (is_numeric($v) ? $v : "'" . dbesc($v) . "'"); + } + + $query = "UPDATE {$table} " + . implode(', ', $set_statements) + . " WHERE {$idcol} = {$idval}"; + + $res = $this->q($query); + + return is_a($res, PDOStatement::class); + } + function escape($str) { if($this->db && $this->connected) { return substr(substr(@$this->db->quote($str),1),0,-1); diff --git a/include/event.php b/include/event.php index 3509c1556..3cad0a355 100644 --- a/include/event.php +++ b/include/event.php @@ -13,7 +13,7 @@ use Zotlabs\Lib\Libsync; use Zotlabs\Access\AccessList; use Ramsey\Uuid\Uuid; -use Ramsey\Uuid\Exception\UnsatisfiedDependencyException; +use Ramsey\Uuid\Exception\UnableToBuildUuidException; require_once('include/bbcode.php'); diff --git a/include/feedutils.php b/include/feedutils.php index cc57d106c..73a8999ae 100644 --- a/include/feedutils.php +++ b/include/feedutils.php @@ -311,7 +311,7 @@ function get_atom_author($feed, $item) { $base = $rawactor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']; if($base && count($base)) { foreach($base as $link) { - if($link['attribs']['']['rel'] === 'alternate' && (! $res['author_link'])) + if($link['attribs']['']['rel'] === 'alternate' && (!$author['author_link'])) $author['author_link'] = unxmlify($link['attribs']['']['href']); if(!x($author, 'author_photo') || ! $author['author_photo']) { if($link['attribs']['']['rel'] === 'avatar' || $link['attribs']['']['rel'] === 'photo') @@ -357,7 +357,7 @@ function get_atom_author($feed, $item) { if($base && count($base)) { foreach($base as $link) { - if($link['attribs']['']['rel'] === 'alternate' && (! $res['author_link'])) + if($link['attribs']['']['rel'] === 'alternate' && (!$author['author_link'])) $author['author_link'] = unxmlify($link['attribs']['']['href']); if(! (x($author,'author_photo'))) { if($link['attribs']['']['rel'] === 'avatar' || $link['attribs']['']['rel'] === 'photo') @@ -1173,12 +1173,16 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { intval($importer['channel_id']) ); - // Update content if 'updated' changes - if($r) { - if(activity_match($datarray['verb'], ['Delete', ACTIVITY_DELETE]) - && $datarray['author_xchan'] === $r[0]['author_xchan']) { + if ($r) { + // Check ownership + if ($datarray['author_xchan'] !== $r[0]['author_xchan']) { + logger('stored item author is not imported item author', LOGGER_DEBUG); + continue; + } + + if (activity_match($datarray['verb'], ['Delete', ACTIVITY_DELETE])) { if(! intval($r[0]['item_deleted'])) { logger('deleting item ' . $r[0]['id'] . ' mid=' . $datarray['mid'], LOGGER_DEBUG); drop_item($r[0]['id']); @@ -1444,12 +1448,17 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) { // Update content if 'updated' changes - if($r) { - if(isset($datarray['verb']) && activity_match($datarray['verb'], ['Delete', ACTIVITY_DELETE]) - && isset($datarray['author_xchan']) && $datarray['author_xchan'] === $r[0]['author_xchan']) { + if ($r) { + // Check ownership + if ($datarray['author_xchan'] !== $r[0]['author_xchan']) { + logger('stored item author is not imported item author', LOGGER_DEBUG); + continue; + } + + if (isset($datarray['verb']) && activity_match($datarray['verb'], ['Delete', ACTIVITY_DELETE])) { if(! intval($r[0]['item_deleted'])) { logger('deleting item ' . $r[0]['id'] . ' mid=' . $datarray['mid'], LOGGER_DEBUG); - drop_item($r[0]['id']); + drop_item($r[0]['id'], uid: $importer['channel_id']); } continue; } diff --git a/include/items.php b/include/items.php index 296a7f5c6..ff683260d 100644 --- a/include/items.php +++ b/include/items.php @@ -258,6 +258,25 @@ function item_normal() { return $sql; } +function item_forwardable($item) { + if (intval($item['item_unpublished']) || + intval($item['item_delayed']) || + intval($item['item_blocked']) || + intval($item['item_hidden']) || + intval($item['item_restrict']) || // this might change in the future + // internal follow/unfollow thread + in_array($item['verb'], ['Follow', 'Ignore', ACTIVITY_FOLLOW, ACTIVITY_UNFOLLOW]) || + str_contains($item['postopts'], 'nodeliver') || + // actor not fetchable + (isset($item['author']['xchan_network']) && in_array($item['author']['xchan_network'], ['rss', 'anon', 'token'])) + + ) { + return false; + } + + return true; +} + function item_normal_search() { return " and item.item_hidden = 0 and item.item_type in (0,3,6,7) and item.item_deleted = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0 @@ -1791,16 +1810,6 @@ function item_store($arr, $allow_exec = false, $deliver = true, $addAndSync = tr if((! array_key_exists('item_nocomment',$arr)) && ($arr['comment_policy'] == 'none')) $arr['item_nocomment'] = 1; - // handle time travelers - // Allow a bit of fudge in case somebody just has a slightly slow/fast clock - - $d1 = new DateTime('now +10 minutes', new DateTimeZone('UTC')); - $d2 = new DateTime($arr['created'] . '+00:00'); - - if($d2 > $d1) { - $arr['item_delayed'] = 1; - } - if(empty($arr['llink'])) { $arr['llink'] = z_root() . '/display/' . $arr['uuid']; } @@ -1842,7 +1851,7 @@ function item_store($arr, $allow_exec = false, $deliver = true, $addAndSync = tr ); } - if(comments_are_now_closed($r[0])) { + if(comments_are_now_closed($r[0]) && !in_array($arr['verb'], ['Add', 'Remove'])) { logger('item_store: comments closed'); $ret['message'] = 'Comments closed.'; return $ret; @@ -2230,7 +2239,7 @@ function item_store_update($arr, $allow_exec = false, $deliver = true, $addAndSy $arr['revision'] = ((x($arr,'revision') && $arr['revision'] > 0) ? intval($arr['revision']) : 0); - if(array_key_exists('comments_closed',$arr) && $arr['comments_closed'] > NULL_DATE) + if(array_key_exists('comments_closed',$arr)) $arr['comments_closed'] = datetime_convert('UTC','UTC',$arr['comments_closed']); else $arr['comments_closed'] = $orig[0]['comments_closed']; @@ -3172,17 +3181,13 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false $item['parent_mid'] = $item['mid']; $item['thr_parent'] = $item['mid']; $item['llink'] = z_root() . '/display/' . $item['uuid']; + $item['target'] = [ + 'id' => str_replace('/item/', '/conversation/', $item['mid']), + 'type' => 'Collection', + 'attributedTo' => z_root() . '/channel/' . $channel['channel_address'] + ]; + $item['tgt_type'] = 'Collection'; } -/* - $r = q("UPDATE item SET author_xchan = '%s', mid = '%s', parent_mid = '%s', thr_parent = '%s', llink = '%s' WHERE id = %d", - dbesc($item['author_xchan']), - dbesc($item['mid']), - dbesc($item['parent_mid']), - dbesc($item['thr_parent']), - dbesc($item['llink']), - intval($item_id) - ); -*/ } $private = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] @@ -3228,7 +3233,7 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false $r = q("update item set item_uplink = %d, item_nocomment = %d, item_flags = %d, owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d, public_policy = '%s', comment_policy = '%s', title = '%s', body = '%s', item_wall = %d, item_origin = %d, - author_xchan = '%s', mid = '%s', parent_mid = '%s', thr_parent = '%s', llink = '%s' where id = %d", + author_xchan = '%s', mid = '%s', parent_mid = '%s', thr_parent = '%s', llink = '%s', target = '%s', tgt_type = '%s' where id = %d", intval($item_uplink), intval($item_nocomment), intval($flag_bits), @@ -3249,6 +3254,8 @@ function start_delivery_chain($channel, $item, $item_id, $parent, $group = false dbesc($item['parent_mid']), dbesc($item['thr_parent']), dbesc($item['llink']), + dbesc(json_encode($item['target'])), + dbesc($item['tgt_type']), intval($item_id) ); @@ -3852,7 +3859,7 @@ function item_expire($uid,$days,$comment_days = 7) { if ($r) { foreach ($r as $item) { - drop_item($item['id'], expire: true); + drop_item($item['id'], uid: $uid); } } @@ -3913,7 +3920,7 @@ function drop_item($id, $stage = DROPITEM_NORMAL, $force = false, $uid = 0, $obs $ok_to_delete = true; } - // remote delete when nobody is authenticated (called from Libzot) + // remote delete when nobody is authenticated (called from Libzot and Daemons) if ($uid && intval($uid) === intval($item['uid'])) { $ok_to_delete = true; } @@ -5284,7 +5291,8 @@ function addToCollectionAndSync($ret) { } xchan_query($items); - $items = fetch_post_tags($items); + // TODO: fetch_post_tags() will add term and iconfig twice if called twice and it looks like they are already added here + // $items = fetch_post_tags($items); $sync_items = []; $sync_items[] = encode_item($items[0], true); diff --git a/include/js_strings.php b/include/js_strings.php index 0142bad28..b41c34508 100644 --- a/include/js_strings.php +++ b/include/js_strings.php @@ -49,29 +49,6 @@ function js_strings() { 'months' => tt('%d months', '%d months', '%d'), 'years' => tt('%d years', '%d years', '%d'), - // get plural function code - 'plural_func' => tf(), - - '$t01' => ((t('timeago.prefixAgo') == 'timeago.prefixAgo') ? '' : ((t('timeago.prefixAgo') == 'NONE') ? '' : t('timeago.prefixAgo'))), - '$t02' => ((t('timeago.prefixFromNow') == 'timeago.prefixFromNow') ? '' : ((t('timeago.prefixFromNow') == 'NONE') ? '' : t('timeago.prefixFromNow'))), - '$t03' => ((t('timeago.suffixAgo') == 'timeago.suffixAgo') ? 'ago' : ((t('timeago.suffixAgo') == 'NONE') ? '' : t('timeago.suffixAgo'))), - '$t04' => ((t('timeago.suffixFromNow') == 'timeago.suffixFromNow') ? 'from now' : ((t('timeago.suffixFromNow') == 'NONE') ? '' : t('timeago.suffixFromNow'))), - - // translatable main strings for jquery.timeago - '$t05' => t('less than a minute'), - '$t06' => t('about a minute'), - '$t07' => ta('%d minutes'), - '$t08' => t('about an hour'), - '$t09' => ta('about %d hours'), - '$t10' => t('a day'), - '$t11' => ta('%d days'), - '$t12' => t('about a month'), - '$t13' => ta('%d months'), - '$t14' => t('about a year'), - '$t15' => ta('%d years'), - '$t16' => t(' '), // wordSeparator - '$t17' => ((t('timeago.numbers') != 'timeago.numbers') ? t('timeago.numbers') : '[]'), - '$January' => t('January'), '$February' => t('February'), '$March' => t('March'), diff --git a/include/network.php b/include/network.php index a8ccee15c..d87482d9d 100644 --- a/include/network.php +++ b/include/network.php @@ -1489,11 +1489,11 @@ function do_delivery($deliveries, $force = false) { $interval = Config::Get('queueworker', 'queue_interval', 500000); -// $deliveries_per_process = intval(Config::Get('system','delivery_batch_count')); + $deliveries_per_process = intval(Config::Get('system', 'delivery_batch_count')); - if($deliveries_per_process <= 0) + if($deliveries_per_process <= 0) { $deliveries_per_process = 1; - + } $deliver = []; foreach($deliveries as $d) { diff --git a/include/oembed.php b/include/oembed.php index f52f73225..840164663 100644 --- a/include/oembed.php +++ b/include/oembed.php @@ -143,6 +143,10 @@ function oembed_fetch_url($embedurl){ $furl = ((local_channel() && $zrl) ? zid($embedurl) : $embedurl); + if (empty($furl)) { + return; + } + if($action !== 'block' && (! Config::Get('system','oembed_cache_disable'))) { $txt = Cache::get('[' . App::$videowidth . '] ' . $furl); } diff --git a/include/photos.php b/include/photos.php index 390754f39..a9f92e103 100644 --- a/include/photos.php +++ b/include/photos.php @@ -580,7 +580,7 @@ function photo_upload($channel, $observer, $args) { $ret['item'] = $arr; $ret['body'] = $obj_body; $ret['resource_id'] = $photo_hash; - $ret['photoitem_id'] = $item_id; + $ret['photoitem_id'] = $result['item_id']; /** * @hooks photo_upload_end diff --git a/include/plugin.php b/include/plugin.php index 62b643c3e..b5f9959b9 100644 --- a/include/plugin.php +++ b/include/plugin.php @@ -987,12 +987,13 @@ function format_css_if_exists($source) { } } else { // It's a file from the theme - $path = theme_include($script); + $theme_include = theme_include($script); + $path = (($theme_include) ? '/' . $theme_include : ''); } if($path) { $qstring = ((parse_url($path, PHP_URL_QUERY)) ? '&' : '?') . 'v=' . STD_VERSION; - return '<link rel="stylesheet" href="' . $path_prefix . '/' . $path . $qstring . '" type="text/css" media="' . $source[1] . '">' . "\r\n"; + return '<link rel="stylesheet" href="' . $path_prefix . $path . $qstring . '" type="text/css" media="' . $source[1] . '">' . "\r\n"; } } @@ -1059,11 +1060,12 @@ function format_js_if_exists($source) { } else { // It's a file from the theme - $path = theme_include($source); + $theme_include = theme_include($source); + $path = (($theme_include) ? '/' . $theme_include : ''); } if($path) { $qstring = ((parse_url($path, PHP_URL_QUERY)) ? '&' : '?') . 'v=' . STD_VERSION; - return '<script src="' . $path_prefix . '/' . $path . $qstring . '" ></script>' . "\r\n" ; + return '<script src="' . $path_prefix . $path . $qstring . '"></script>' . "\r\n" ; } } diff --git a/include/text.php b/include/text.php index 98093ca53..dda3e4934 100644 --- a/include/text.php +++ b/include/text.php @@ -3206,7 +3206,7 @@ function getIconFromType($type) { //Common file 'application/octet-stream' => 'bi-file-earmark', //Text - 'text/plain' => 'bi-earmark-text', + 'text/plain' => 'bi-file-earmark-text', 'text/markdown' => 'bi-filetype-md', 'text/bbcode' => 'bi-file-earmark-text', 'text/html' => 'bi-filetype-html', diff --git a/include/zid.php b/include/zid.php index 2b5d53916..b74e82930 100644 --- a/include/zid.php +++ b/include/zid.php @@ -150,6 +150,9 @@ function clean_query_string($s = '') { */ function drop_query_params($s, $p) { + + $s = unescape_tags($s); + $parsed = parse_url($s); $query = ''; $query_args = null; @@ -172,7 +175,7 @@ function drop_query_params($s, $p) { $parsed['query'] = $query; } - return unparse_url($parsed); + return escape_tags(unparse_url($parsed)); } |