From 5440a65607f3c67cc6ecacbf2d54c5895e5bc212 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Thu, 25 Feb 2021 16:35:19 +0000 Subject: Do not overwrite HTTP schema for Youtube on embedding --- include/oembed.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/oembed.php b/include/oembed.php index 01cd8945f..9a25686fa 100644 --- a/include/oembed.php +++ b/include/oembed.php @@ -193,9 +193,9 @@ function oembed_fetch_url($embedurl){ // Youtube will happily hand us an http oembed URL even if we specify an https link; and the returned http link will fail with a 40x if you try and fetch it // This is not our bug, but good luck getting google to fix it. - if (strpos($href,'http:') === 0 && strpos($href,'youtu') !== false) { - $href = str_replace('http:','https:', $href); - } + //if (strpos($href,'http:') === 0 && strpos($href,'youtu') !== false) { + // $href = str_replace('http:','https:', $href); + //} $x = z_fetch_url($href . '&maxwidth=' . App::$videowidth); if($x['success']) -- cgit v1.2.3 From 3d264f5a55f340e3c20c1181c8b4578abecf3f1c Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 3 Mar 2021 12:39:41 +0000 Subject: php8: fix warnings during install procedure (cherry picked from commit 48bae9d4219735bc44f4ee72228d19d3e6b9efc9) --- Zotlabs/Access/PermissionRoles.php | 2 +- Zotlabs/Lib/PConfig.php | 1 + Zotlabs/Module/Setup.php | 82 +++++++++++++++++++------------------- boot.php | 26 +++++++----- include/account.php | 12 +++--- include/channel.php | 10 ++--- include/environment.php | 9 +++-- include/language.php | 14 ++++--- include/permissions.php | 25 ++++++------ 9 files changed, 98 insertions(+), 83 deletions(-) diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index 2bcce4eb4..998b6d8d2 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -317,4 +317,4 @@ class PermissionRoles { return $roles; } -} \ No newline at end of file +} diff --git a/Zotlabs/Lib/PConfig.php b/Zotlabs/Lib/PConfig.php index c08c11e75..765131f0d 100644 --- a/Zotlabs/Lib/PConfig.php +++ b/Zotlabs/Lib/PConfig.php @@ -132,6 +132,7 @@ class PConfig { // manage array value $dbvalue = ((is_array($value)) ? serialize($value) : $value); $dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue) : $dbvalue); + $new = false; $now = datetime_convert(); if (! $updated) { diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index 541e4fa21..ca8c19600 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -63,15 +63,15 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 3: - $dbhost = trim($_POST['dbhost']); - $dbport = intval(trim($_POST['dbport'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : ''); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); // $siteurl should not have a trailing slash @@ -88,16 +88,16 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 4: - $dbhost = trim($_POST['dbhost']); - $dbport = intval(trim($_POST['dbport'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $timezone = trim($_POST['timezone']); - $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : ''); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); if($siteurl != z_root()) { $test = z_fetch_url($siteurl."/setup/testrewrite"); @@ -108,12 +108,14 @@ class Setup extends \Zotlabs\Web\Controller { } } - if(! \DBA::$dba->connected) { + $db = null; + + if(! isset(\DBA::$dba->connected)) { // connect to db $db = \DBA::dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); } - if(! \DBA::$dba->connected) { + if(! isset(\DBA::$dba->connected)) { echo 'CRITICAL: DB not connected.'; killme(); } @@ -126,7 +128,7 @@ class Setup extends \Zotlabs\Web\Controller { '$dbpass' => $dbpass, '$dbdata' => $dbdata, '$dbtype' => $dbtype, - '$server_role' => 'pro', + '$server_role' => '', '$timezone' => $timezone, '$siteurl' => $siteurl, '$site_id' => random_string(), @@ -267,14 +269,14 @@ class Setup extends \Zotlabs\Web\Controller { case 2: { // Database config - $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1'); - $dbuser = trim($_POST['dbuser']); - $dbport = intval(trim($_POST['dbport'])); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $adminmail = trim($_POST['adminmail']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1'); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); $tpl = get_markup_template('install_db.tpl'); $o .= replace_macros($tpl, array( @@ -307,17 +309,17 @@ class Setup extends \Zotlabs\Web\Controller { }; break; case 3: { // Site settings require_once('include/datetime.php'); - $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1'); - $dbport = intval(trim($_POST['dbuser'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - - $adminmail = trim($_POST['adminmail']); - $timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles'); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1'); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : 'America/Los_Angeles'); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); $tpl = get_markup_template('install_settings.tpl'); $o .= replace_macros($tpl, array( diff --git a/boot.php b/boot.php index 4c3e4c00b..ccf1c9d72 100644 --- a/boot.php +++ b/boot.php @@ -1183,14 +1183,18 @@ class App { if($interval < 10000) $interval = 80000; - if(! x(self::$page,'title')) + if(! isset(self::$page['title']) && isset(self::$config['system']['sitename'])) self::$page['title'] = self::$config['system']['sitename']; - $pagemeta = [ 'og:title' => self::$page['title'] ]; + if(isset(self::$page['title'])) + $pagemeta = [ 'og:title' => self::$page['title'] ]; call_hooks('page_meta',$pagemeta); - foreach ($pagemeta as $metaproperty => $metavalue) { - self::$meta->set($metaproperty,$metavalue); + + if($pagemeta) { + foreach ($pagemeta as $metaproperty => $metavalue) { + self::$meta->set($metaproperty,$metavalue); + } } self::$meta->set('generator', Zotlabs\Lib\System::get_platform_name()); @@ -1226,10 +1230,10 @@ class App { '$linkrel' => head_get_links(), '$js_strings' => js_strings(), '$zid' => get_my_address(), - '$channel_id' => self::$profile['uid'], - '$auto_save_draft' => ((feature_enabled(self::$profile['uid'], 'auto_save_draft')) ? "true" : "false") + '$channel_id' => self::$profile['uid'] ?? 0, + '$auto_save_draft' => ((isset(self::$profile['uid']) && feature_enabled(self::$profile['uid'], 'auto_save_draft')) ? "true" : "false") ] - ) . self::$page['htmlhead']; + ) . ((isset(self::$page['htmlhead'])) ? self::$page['htmlhead'] : ''); // always put main.js at the end self::$page['htmlhead'] .= head_get_main_js(); @@ -2351,7 +2355,7 @@ function construct_page() { App::build_pagehead(); - if(App::$page['pdl_content']) { + if(isset(App::$page['pdl_content'])) { App::$page['content'] = App::$comanche->region(App::$page['content']); } @@ -2418,7 +2422,7 @@ function construct_page() { if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) header("Strict-Transport-Security: max-age=31536000"); - if(App::$config['system']['content_security_policy']) { + if(isset(App::$config['system']['content_security_policy'])) { $cspsettings = Array ( 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"), 'style-src' => Array ("'self'","'unsafe-inline'") @@ -2448,13 +2452,13 @@ function construct_page() { header($cspheader); } - if(App::$config['system']['x_security_headers']) { + if(isset(App::$config['system']['x_security_headers'])) { header("X-Frame-Options: SAMEORIGIN"); header("X-Xss-Protection: 1; mode=block;"); header("X-Content-Type-Options: nosniff"); } - if(App::$config['system']['public_key_pins']) { + if(isset(App::$config['system']['public_key_pins'])) { header("Public-Key-Pins: " . App::$config['system']['public_key_pins']); } diff --git a/include/account.php b/include/account.php index 34936c33f..fefe61d15 100644 --- a/include/account.php +++ b/include/account.php @@ -605,8 +605,8 @@ function account_approve($hash) { */ function downgrade_accounts() { - $r = q("select * from account where not ( account_flags & %d ) > 0 - and account_expires > '%s' + $r = q("select * from account where not ( account_flags & %d ) > 0 + and account_expires > '%s' and account_expires < %s ", intval(ACCOUNT_EXPIRED), dbesc(NULL_DATE), @@ -746,8 +746,8 @@ function service_class_fetch($uid, $property) { $service_class = App::$account['account_service_class']; } else { - $r = q("select account_service_class as service_class - from channel c, account a + $r = q("select account_service_class as service_class + from channel c, account a where c.channel_account_id=a.account_id and c.channel_id= %d limit 1", intval($uid) ); @@ -780,6 +780,8 @@ function service_class_fetch($uid, $property) { */ function account_service_class_fetch($aid, $property) { + $service_class = null; + $r = q("select account_service_class as service_class from account where account_id = %d limit 1", intval($aid) ); @@ -787,7 +789,7 @@ function account_service_class_fetch($aid, $property) { $service_class = $r[0]['service_class']; } - if(! x($service_class)) + if(! isset($service_class)) return false; // everything is allowed $arr = get_config('service_class', $service_class); diff --git a/include/channel.php b/include/channel.php index c6ca673eb..d1095115d 100644 --- a/include/channel.php +++ b/include/channel.php @@ -303,8 +303,8 @@ function create_identity($arr) { $photo_type = null; $z = [ - 'account' => $a[0], - 'channel' => $r[0], + 'account' => $a[0] ?? [], + 'channel' => $r[0] ?? [], 'photo_url' => '' ]; /** @@ -1098,11 +1098,11 @@ function identity_basic_export($channel_id, $sections = null, $zap_compat = fals // @fixme - Not totally certain how to handle $zot_compat for the event timezone which exists // in Hubzilla but is stored with the item and not the event. In Zap, stored information is - // always UTC and localised on access as per standard conventions for working with global time data. + // always UTC and localised on access as per standard conventions for working with global time data. // Older Zot (pre-Zot6) records aren't translated correctly w/r/t AS2 so only include events for the last year or so if - // migrating to Zap. - + // migrating to Zap. + $sqle = (($zap_compat) ? " and created > '2020-01-01 00:00:00' " : ''); $r = q("select * from event where uid = %d $sqle", diff --git a/include/environment.php b/include/environment.php index 96a614821..274eca214 100644 --- a/include/environment.php +++ b/include/environment.php @@ -52,17 +52,18 @@ function getPhpiniUploadLimits() { */ function phpiniSizeToBytes($val) { $val = trim($val); + $num = (double)$val; $unit = strtolower($val[strlen($val)-1]); switch($unit) { case 'g': - $val *= 1024; + $num *= 1024; case 'm': - $val *= 1024; + $num *= 1024; case 'k': - $val *= 1024; + $num *= 1024; default: break; } - return (int)$val; + return (int)$num; } diff --git a/include/language.php b/include/language.php index 622b9614d..d291deb63 100644 --- a/include/language.php +++ b/include/language.php @@ -77,7 +77,7 @@ function get_best_language() { if(! isset($preferred)) { /* - * We could find no perfect match for any of the preferred languages. + * We could find no perfect match for any of the preferred languages. * For cases where the preference is fr-fr and we have fr but *not* fr-fr * run the test again and only look for the language base * which should provide an interface they can sort of understand @@ -262,11 +262,15 @@ function tt($singular, $plural, $count, $ctx = ''){ * @return string */ function ta($k){ + $t = null; - $t = App::$strings[$k]; - if (is_array($t)) - $t = implode("/", $t); - return ($t == "" ? $k : $t); + if(isset(App::$strings[$k])) + $t = App::$strings[$k]; + + if (is_array($t)) + $t = implode("/", $t); + + return ($t == "" ? $k : $t); } /** diff --git a/include/permissions.php b/include/permissions.php index c7eee11f4..9dd503132 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -6,7 +6,7 @@ require_once('include/security.php'); * @file include/permissions.php * * This file conntains functions to check and work with permissions. - * + * */ @@ -27,7 +27,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ $api = App::get_oauth_key(); if($api) - return get_all_api_perms($uid,$api); + return get_all_api_perms($uid,$api); $global_perms = \Zotlabs\Access\Permissions::Perms(); @@ -210,7 +210,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ $ret[$perm_name] = false; continue; } - + $ret[$perm_name] = true; continue; } @@ -294,14 +294,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = if($channel_perm & PERMS_AUTHED) return true; - $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash + $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_xchan = '%s' and abook_self = 0 limit 1", intval($uid), dbesc($observer_xchan) ); // If they're blocked - they can't read or write - + if(($x) && intval($x[0]['abook_blocked'])) return false; @@ -324,9 +324,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // This requires an explanation and the effects are subtle. // The following line creates a fake connection, and this allows - // access tokens to have specific permissions even though they are + // access tokens to have specific permissions even though they are // not actual connections. - // The existence of this fake entry must be checked when dealing + // The existence of this fake entry must be checked when dealing // with connection related permissions. $x = array(pseudo_abook($y[0])); @@ -343,7 +343,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; // Check if this $uid is actually the $observer_xchan - // you will have full access unless the channel was moved - + // you will have full access unless the channel was moved - // in which case you will have read_only access if($r[0]['channel_hash'] === $observer_xchan) { @@ -366,7 +366,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // If we're still here, we have an observer, check the network. if($channel_perm & PERMS_NETWORK) { - if ($x && in_array($x[0]['xchan_network'], ['zot','zot6'])) + if ($x && in_array($x[0]['xchan_network'], ['zot','zot6'])) return true; } @@ -382,7 +382,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } - // From here on we require that the observer be a connection or pseudo connection + // From here on we require that the observer be a connection or pseudo connection if(! $x) { return false; @@ -425,7 +425,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } -function get_all_api_perms($uid,$api) { +function get_all_api_perms($uid,$api) { $global_perms = \Zotlabs\Access\Permissions::Perms(); @@ -541,7 +541,8 @@ function site_default_perms() { 'write_pages' => PERMS_SPECIFIC, 'write_wiki' => PERMS_SPECIFIC, 'delegate' => PERMS_SPECIFIC, - 'post_like' => PERMS_NETWORK + 'republish' => PERMS_SPECIFIC, + 'post_like' => PERMS_NETWORK, ); $global_perms = \Zotlabs\Access\Permissions::Perms(); -- cgit v1.2.3 From 7d1599f9b0bd8ead7a0652ceca494fc38a28fd82 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 3 Mar 2021 12:44:38 +0000 Subject: group_add(): return hash if success (cherry picked from commit f8f15f526f68073baa1e4e846ab87a66c2d5b291) --- include/group.php | 52 +++++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/include/group.php b/include/group.php index efda389d6..bb1ed5ed8 100644 --- a/include/group.php +++ b/include/group.php @@ -4,23 +4,23 @@ use Zotlabs\Lib\Libsync; function group_add($uid,$name,$public = 0) { - $ret = false; + $success = false; if(x($uid) && x($name)) { $r = group_byname($uid,$name); // check for dups if($r !== false) { - // This could be a problem. + // This could be a problem. // Let's assume we've just created a group which we once deleted // all the old members are gone, but the group remains so we don't break any security // access lists. What we're doing here is reviving the dead group, but old content which - // was restricted to this group may now be seen by the new group members. + // was restricted to this group may now be seen by the new group members. $z = q("SELECT * FROM pgrp WHERE id = %d LIMIT 1", intval($r) ); if(($z) && $z[0]['deleted']) { q('UPDATE pgrp SET deleted = 0 WHERE id = %d', intval($z[0]['id'])); - notice( t('A deleted group with this name was revived. Existing item permissions may apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); + notice( t('A deleted group with this name was revived. Existing item permissions may apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); } return true; } @@ -42,12 +42,18 @@ function group_add($uid,$name,$public = 0) { intval($public), dbesc($name) ); - $ret = $r; - } - Libsync::build_sync_packet($uid,null,true); + if($r) + $success = true; + } - return $ret; + + if($success) { + Libsync::build_sync_packet($uid,null,true); + return $hash; + } + + return false; } @@ -88,7 +94,7 @@ function group_rmv($uid,$name) { } if($change) { - q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' + q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' WHERE channel_id = %d", intval($user_info['channel_default_group']), dbesc($user_info['channel_allow_gid']), @@ -159,7 +165,7 @@ function group_rmv_member($uid,$name,$member) { Libsync::build_sync_packet($uid,null,true); return $r; - + } @@ -170,13 +176,13 @@ function group_add_member($uid,$name,$member,$gid = 0) { if((! $gid) || (! $uid) || (! $member)) return false; - $r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1", + $r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1", intval($uid), intval($gid), dbesc($member) ); if($r) - return true; // You might question this, but + return true; // You might question this, but // we indicate success because the group member was in fact created // -- It was just created at another time if(! $r) @@ -195,7 +201,7 @@ function group_add_member($uid,$name,$member,$gid = 0) { function group_get_members($gid) { $ret = array(); if(intval($gid)) { - $r = q("SELECT * FROM pgrp_member + $r = q("SELECT * FROM pgrp_member LEFT JOIN abook ON abook_xchan = pgrp_member.xchan left join xchan on xchan_hash = abook_xchan WHERE gid = %d AND abook_channel = %d and pgrp_member.uid = %d and xchan_deleted = 0 and abook_self = 0 and abook_blocked = 0 and abook_pending = 0 ORDER BY xchan_name ASC ", intval($gid), @@ -245,7 +251,7 @@ function group_get_profile_members_xchan($uid,$gid) { function mini_group_select($uid,$group = '') { - + $grps = array(); $o = ''; @@ -263,7 +269,7 @@ function mini_group_select($uid,$group = '') { $o = replace_macros(get_markup_template('group_selection.tpl'), array( '$label' => t('Add new connections to this privacy group'), - '$groups' => $grps + '$groups' => $grps )); return $o; } @@ -287,12 +293,12 @@ function group_side($every="connections",$each="group",$edit = false, $group_id $member_of = array(); if($cid) { $member_of = groups_containing(local_channel(),$cid); - } + } if($r) { foreach($r as $rr) { $selected = (($group_id == $rr['id']) ? ' group-selected' : ''); - + if ($edit) { $groupedit = array( 'href' => "group/".$rr['id'], @@ -301,7 +307,7 @@ function group_side($every="connections",$each="group",$edit = false, $group_id } else { $groupedit = null; } - + $groups[] = array( 'id' => $rr['id'], 'enc_cid' => base64url_encode($cid), @@ -314,8 +320,8 @@ function group_side($every="connections",$each="group",$edit = false, $group_id ); } } - - + + $tpl = get_markup_template("group_side.tpl"); $o = replace_macros($tpl, array( '$title' => t('Privacy Groups'), @@ -325,8 +331,8 @@ function group_side($every="connections",$each="group",$edit = false, $group_id '$groups' => $groups, '$add' => t('add'), )); - - + + return $o; } @@ -356,7 +362,7 @@ function expand_groups($g) { else { $x[] = $gv; } - } + } if($x) { stringify_array_elms($x,true); -- cgit v1.2.3 From c2dc3e8dec7acf1f1750f7379e641ae8c7a2ed81 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 3 Mar 2021 13:09:17 +0000 Subject: set the default collection acl if indicated so by the role permissions but always set the created friends group as channel_default_group when creating a new channel (cherry picked from commit 9389abdb757d5cb5b4b4322260e86c47d11ff043) --- include/channel.php | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/include/channel.php b/include/channel.php index d1095115d..4f48402d2 100644 --- a/include/channel.php +++ b/include/channel.php @@ -503,23 +503,22 @@ function create_identity($arr) { // right away as a default group for new contacts. require_once('include/group.php'); - group_add($newuid, t('Friends')); - group_add_member($newuid,t('Friends'),$ret['channel']['channel_hash']); + $group_hash = group_add($newuid, t('Friends')); - // if our role_permissions indicate that we're using a default collection ACL, add it. + if($group_hash) { + group_add_member($newuid,t('Friends'),$ret['channel']['channel_hash']); - if(is_array($role_permissions) && $role_permissions['default_collection']) { - $r = q("select hash from pgrp where uid = %d and gname = '%s' limit 1", - intval($newuid), - dbesc( t('Friends') ) - ); - if($r) { - q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d", - dbesc($r[0]['hash']), - dbesc('<' . $r[0]['hash'] . '>'), - intval($newuid) - ); + $default_collection = ''; + // if our role_permissions indicate that we're using a default collection ACL, add it. + if(is_array($role_permissions) && $role_permissions['default_collection']) { + $default_collection_str = '<' . $group_hash . '>'; } + + q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d", + dbesc($group_hash), + dbesc($default_collection_str), + intval($newuid) + ); } if(! $system) { -- cgit v1.2.3 From 33b738d00bf4f50cc7b4fd94ab102e721e60b0a8 Mon Sep 17 00:00:00 2001 From: Max Kostikov Date: Thu, 4 Mar 2021 08:05:26 +0000 Subject: Fix frame-src CSP error on video embedding --- boot.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/boot.php b/boot.php index ccf1c9d72..2df98a19d 100644 --- a/boot.php +++ b/boot.php @@ -2422,11 +2422,12 @@ function construct_page() { if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) header("Strict-Transport-Security: max-age=31536000"); - if(isset(App::$config['system']['content_security_policy'])) { - $cspsettings = Array ( - 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"), - 'style-src' => Array ("'self'","'unsafe-inline'") - ); + if(App::$config['system']['content_security_policy']) { + $cspsettings = [ + 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], + 'style-src' => [ "'self'", "'unsafe-inline'" ], + 'frame-src' => [ "'self'" ] + ]; call_hooks('content_security_policy',$cspsettings); // Legitimate CSP directives (cxref: https://content-security-policy.com/) -- cgit v1.2.3