From 55b4eb7b22fb699688e89a99b1370b8ee17af0d3 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 26 Feb 2021 10:15:56 +0000 Subject: version 5.4RC1 --- boot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot.php b/boot.php index 4c3e4c00b..b8e260341 100644 --- a/boot.php +++ b/boot.php @@ -52,7 +52,7 @@ require_once('include/attach.php'); require_once('include/bbcode.php'); define ( 'PLATFORM_NAME', 'hubzilla' ); -define ( 'STD_VERSION', '5.5.1' ); +define ( 'STD_VERSION', '5.4RC1' ); define ( 'ZOT_REVISION', '6.0' ); define ( 'DB_UPDATE_VERSION', 1243 ); -- cgit v1.2.3 From 48bae9d4219735bc44f4ee72228d19d3e6b9efc9 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 3 Mar 2021 13:39:41 +0100 Subject: php8: fix warnings during install procedure --- Zotlabs/Access/PermissionRoles.php | 2 +- Zotlabs/Lib/PConfig.php | 1 + Zotlabs/Module/Setup.php | 82 +++++++++++++++++++------------------- boot.php | 26 +++++++----- include/account.php | 12 +++--- include/channel.php | 10 ++--- include/environment.php | 9 +++-- include/language.php | 14 ++++--- include/permissions.php | 25 ++++++------ 9 files changed, 98 insertions(+), 83 deletions(-) diff --git a/Zotlabs/Access/PermissionRoles.php b/Zotlabs/Access/PermissionRoles.php index 2bcce4eb4..998b6d8d2 100644 --- a/Zotlabs/Access/PermissionRoles.php +++ b/Zotlabs/Access/PermissionRoles.php @@ -317,4 +317,4 @@ class PermissionRoles { return $roles; } -} \ No newline at end of file +} diff --git a/Zotlabs/Lib/PConfig.php b/Zotlabs/Lib/PConfig.php index c08c11e75..765131f0d 100644 --- a/Zotlabs/Lib/PConfig.php +++ b/Zotlabs/Lib/PConfig.php @@ -132,6 +132,7 @@ class PConfig { // manage array value $dbvalue = ((is_array($value)) ? serialize($value) : $value); $dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue) : $dbvalue); + $new = false; $now = datetime_convert(); if (! $updated) { diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index 541e4fa21..ca8c19600 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -63,15 +63,15 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 3: - $dbhost = trim($_POST['dbhost']); - $dbport = intval(trim($_POST['dbport'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : ''); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); // $siteurl should not have a trailing slash @@ -88,16 +88,16 @@ class Setup extends \Zotlabs\Web\Controller { return; // implied break; case 4: - $dbhost = trim($_POST['dbhost']); - $dbport = intval(trim($_POST['dbport'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $timezone = trim($_POST['timezone']); - $adminmail = trim($_POST['adminmail']); - $siteurl = trim($_POST['siteurl']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : ''); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); if($siteurl != z_root()) { $test = z_fetch_url($siteurl."/setup/testrewrite"); @@ -108,12 +108,14 @@ class Setup extends \Zotlabs\Web\Controller { } } - if(! \DBA::$dba->connected) { + $db = null; + + if(! isset(\DBA::$dba->connected)) { // connect to db $db = \DBA::dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true); } - if(! \DBA::$dba->connected) { + if(! isset(\DBA::$dba->connected)) { echo 'CRITICAL: DB not connected.'; killme(); } @@ -126,7 +128,7 @@ class Setup extends \Zotlabs\Web\Controller { '$dbpass' => $dbpass, '$dbdata' => $dbdata, '$dbtype' => $dbtype, - '$server_role' => 'pro', + '$server_role' => '', '$timezone' => $timezone, '$siteurl' => $siteurl, '$site_id' => random_string(), @@ -267,14 +269,14 @@ class Setup extends \Zotlabs\Web\Controller { case 2: { // Database config - $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1'); - $dbuser = trim($_POST['dbuser']); - $dbport = intval(trim($_POST['dbport'])); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - $adminmail = trim($_POST['adminmail']); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1'); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); $tpl = get_markup_template('install_db.tpl'); $o .= replace_macros($tpl, array( @@ -307,17 +309,17 @@ class Setup extends \Zotlabs\Web\Controller { }; break; case 3: { // Site settings require_once('include/datetime.php'); - $dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1'); - $dbport = intval(trim($_POST['dbuser'])); - $dbuser = trim($_POST['dbuser']); - $dbpass = trim($_POST['dbpass']); - $dbdata = trim($_POST['dbdata']); - $dbtype = intval(trim($_POST['dbtype'])); - $phpath = trim($_POST['phpath']); - - $adminmail = trim($_POST['adminmail']); - $timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles'); + $dbhost = ((isset($_POST['dbhost'])) ? trim($_POST['dbhost']) : '127.0.0.1'); + $dbuser = ((isset($_POST['dbuser'])) ? trim($_POST['dbuser']) : ''); + $dbport = ((isset($_POST['dbport'])) ? intval(trim($_POST['dbport'])) : 0); + $dbpass = ((isset($_POST['dbpass'])) ? trim($_POST['dbpass']) : ''); + $dbdata = ((isset($_POST['dbdata'])) ? trim($_POST['dbdata']) : ''); + $dbtype = ((isset($_POST['dbtype'])) ? intval(trim($_POST['dbtype'])) : 0); + $phpath = ((isset($_POST['phpath'])) ? trim($_POST['phpath']) : ''); + $timezone = ((isset($_POST['timezone'])) ? trim($_POST['timezone']) : 'America/Los_Angeles'); + $adminmail = ((isset($_POST['adminmail'])) ? trim($_POST['adminmail']) : ''); + $siteurl = ((isset($_POST['siteurl'])) ? trim($_POST['siteurl']) : ''); $tpl = get_markup_template('install_settings.tpl'); $o .= replace_macros($tpl, array( diff --git a/boot.php b/boot.php index b8e260341..28ca02f84 100644 --- a/boot.php +++ b/boot.php @@ -1183,14 +1183,18 @@ class App { if($interval < 10000) $interval = 80000; - if(! x(self::$page,'title')) + if(! isset(self::$page['title']) && isset(self::$config['system']['sitename'])) self::$page['title'] = self::$config['system']['sitename']; - $pagemeta = [ 'og:title' => self::$page['title'] ]; + if(isset(self::$page['title'])) + $pagemeta = [ 'og:title' => self::$page['title'] ]; call_hooks('page_meta',$pagemeta); - foreach ($pagemeta as $metaproperty => $metavalue) { - self::$meta->set($metaproperty,$metavalue); + + if($pagemeta) { + foreach ($pagemeta as $metaproperty => $metavalue) { + self::$meta->set($metaproperty,$metavalue); + } } self::$meta->set('generator', Zotlabs\Lib\System::get_platform_name()); @@ -1226,10 +1230,10 @@ class App { '$linkrel' => head_get_links(), '$js_strings' => js_strings(), '$zid' => get_my_address(), - '$channel_id' => self::$profile['uid'], - '$auto_save_draft' => ((feature_enabled(self::$profile['uid'], 'auto_save_draft')) ? "true" : "false") + '$channel_id' => self::$profile['uid'] ?? 0, + '$auto_save_draft' => ((isset(self::$profile['uid']) && feature_enabled(self::$profile['uid'], 'auto_save_draft')) ? "true" : "false") ] - ) . self::$page['htmlhead']; + ) . ((isset(self::$page['htmlhead'])) ? self::$page['htmlhead'] : ''); // always put main.js at the end self::$page['htmlhead'] .= head_get_main_js(); @@ -2351,7 +2355,7 @@ function construct_page() { App::build_pagehead(); - if(App::$page['pdl_content']) { + if(isset(App::$page['pdl_content'])) { App::$page['content'] = App::$comanche->region(App::$page['content']); } @@ -2418,7 +2422,7 @@ function construct_page() { if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) header("Strict-Transport-Security: max-age=31536000"); - if(App::$config['system']['content_security_policy']) { + if(isset(App::$config['system']['content_security_policy'])) { $cspsettings = Array ( 'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"), 'style-src' => Array ("'self'","'unsafe-inline'") @@ -2448,13 +2452,13 @@ function construct_page() { header($cspheader); } - if(App::$config['system']['x_security_headers']) { + if(isset(App::$config['system']['x_security_headers'])) { header("X-Frame-Options: SAMEORIGIN"); header("X-Xss-Protection: 1; mode=block;"); header("X-Content-Type-Options: nosniff"); } - if(App::$config['system']['public_key_pins']) { + if(isset(App::$config['system']['public_key_pins'])) { header("Public-Key-Pins: " . App::$config['system']['public_key_pins']); } diff --git a/include/account.php b/include/account.php index 34936c33f..fefe61d15 100644 --- a/include/account.php +++ b/include/account.php @@ -605,8 +605,8 @@ function account_approve($hash) { */ function downgrade_accounts() { - $r = q("select * from account where not ( account_flags & %d ) > 0 - and account_expires > '%s' + $r = q("select * from account where not ( account_flags & %d ) > 0 + and account_expires > '%s' and account_expires < %s ", intval(ACCOUNT_EXPIRED), dbesc(NULL_DATE), @@ -746,8 +746,8 @@ function service_class_fetch($uid, $property) { $service_class = App::$account['account_service_class']; } else { - $r = q("select account_service_class as service_class - from channel c, account a + $r = q("select account_service_class as service_class + from channel c, account a where c.channel_account_id=a.account_id and c.channel_id= %d limit 1", intval($uid) ); @@ -780,6 +780,8 @@ function service_class_fetch($uid, $property) { */ function account_service_class_fetch($aid, $property) { + $service_class = null; + $r = q("select account_service_class as service_class from account where account_id = %d limit 1", intval($aid) ); @@ -787,7 +789,7 @@ function account_service_class_fetch($aid, $property) { $service_class = $r[0]['service_class']; } - if(! x($service_class)) + if(! isset($service_class)) return false; // everything is allowed $arr = get_config('service_class', $service_class); diff --git a/include/channel.php b/include/channel.php index c6ca673eb..d1095115d 100644 --- a/include/channel.php +++ b/include/channel.php @@ -303,8 +303,8 @@ function create_identity($arr) { $photo_type = null; $z = [ - 'account' => $a[0], - 'channel' => $r[0], + 'account' => $a[0] ?? [], + 'channel' => $r[0] ?? [], 'photo_url' => '' ]; /** @@ -1098,11 +1098,11 @@ function identity_basic_export($channel_id, $sections = null, $zap_compat = fals // @fixme - Not totally certain how to handle $zot_compat for the event timezone which exists // in Hubzilla but is stored with the item and not the event. In Zap, stored information is - // always UTC and localised on access as per standard conventions for working with global time data. + // always UTC and localised on access as per standard conventions for working with global time data. // Older Zot (pre-Zot6) records aren't translated correctly w/r/t AS2 so only include events for the last year or so if - // migrating to Zap. - + // migrating to Zap. + $sqle = (($zap_compat) ? " and created > '2020-01-01 00:00:00' " : ''); $r = q("select * from event where uid = %d $sqle", diff --git a/include/environment.php b/include/environment.php index 96a614821..274eca214 100644 --- a/include/environment.php +++ b/include/environment.php @@ -52,17 +52,18 @@ function getPhpiniUploadLimits() { */ function phpiniSizeToBytes($val) { $val = trim($val); + $num = (double)$val; $unit = strtolower($val[strlen($val)-1]); switch($unit) { case 'g': - $val *= 1024; + $num *= 1024; case 'm': - $val *= 1024; + $num *= 1024; case 'k': - $val *= 1024; + $num *= 1024; default: break; } - return (int)$val; + return (int)$num; } diff --git a/include/language.php b/include/language.php index 622b9614d..d291deb63 100644 --- a/include/language.php +++ b/include/language.php @@ -77,7 +77,7 @@ function get_best_language() { if(! isset($preferred)) { /* - * We could find no perfect match for any of the preferred languages. + * We could find no perfect match for any of the preferred languages. * For cases where the preference is fr-fr and we have fr but *not* fr-fr * run the test again and only look for the language base * which should provide an interface they can sort of understand @@ -262,11 +262,15 @@ function tt($singular, $plural, $count, $ctx = ''){ * @return string */ function ta($k){ + $t = null; - $t = App::$strings[$k]; - if (is_array($t)) - $t = implode("/", $t); - return ($t == "" ? $k : $t); + if(isset(App::$strings[$k])) + $t = App::$strings[$k]; + + if (is_array($t)) + $t = implode("/", $t); + + return ($t == "" ? $k : $t); } /** diff --git a/include/permissions.php b/include/permissions.php index c7eee11f4..9dd503132 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -6,7 +6,7 @@ require_once('include/security.php'); * @file include/permissions.php * * This file conntains functions to check and work with permissions. - * + * */ @@ -27,7 +27,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ $api = App::get_oauth_key(); if($api) - return get_all_api_perms($uid,$api); + return get_all_api_perms($uid,$api); $global_perms = \Zotlabs\Access\Permissions::Perms(); @@ -210,7 +210,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ $ret[$perm_name] = false; continue; } - + $ret[$perm_name] = true; continue; } @@ -294,14 +294,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = if($channel_perm & PERMS_AUTHED) return true; - $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash + $x = q("select abook_my_perms, abook_blocked, abook_ignored, abook_pending, xchan_network from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_xchan = '%s' and abook_self = 0 limit 1", intval($uid), dbesc($observer_xchan) ); // If they're blocked - they can't read or write - + if(($x) && intval($x[0]['abook_blocked'])) return false; @@ -324,9 +324,9 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // This requires an explanation and the effects are subtle. // The following line creates a fake connection, and this allows - // access tokens to have specific permissions even though they are + // access tokens to have specific permissions even though they are // not actual connections. - // The existence of this fake entry must be checked when dealing + // The existence of this fake entry must be checked when dealing // with connection related permissions. $x = array(pseudo_abook($y[0])); @@ -343,7 +343,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; // Check if this $uid is actually the $observer_xchan - // you will have full access unless the channel was moved - + // you will have full access unless the channel was moved - // in which case you will have read_only access if($r[0]['channel_hash'] === $observer_xchan) { @@ -366,7 +366,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // If we're still here, we have an observer, check the network. if($channel_perm & PERMS_NETWORK) { - if ($x && in_array($x[0]['xchan_network'], ['zot','zot6'])) + if ($x && in_array($x[0]['xchan_network'], ['zot','zot6'])) return true; } @@ -382,7 +382,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } - // From here on we require that the observer be a connection or pseudo connection + // From here on we require that the observer be a connection or pseudo connection if(! $x) { return false; @@ -425,7 +425,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } -function get_all_api_perms($uid,$api) { +function get_all_api_perms($uid,$api) { $global_perms = \Zotlabs\Access\Permissions::Perms(); @@ -541,7 +541,8 @@ function site_default_perms() { 'write_pages' => PERMS_SPECIFIC, 'write_wiki' => PERMS_SPECIFIC, 'delegate' => PERMS_SPECIFIC, - 'post_like' => PERMS_NETWORK + 'republish' => PERMS_SPECIFIC, + 'post_like' => PERMS_NETWORK, ); $global_perms = \Zotlabs\Access\Permissions::Perms(); -- cgit v1.2.3 From f8f15f526f68073baa1e4e846ab87a66c2d5b291 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 3 Mar 2021 13:44:38 +0100 Subject: group_add(): return hash if success --- include/group.php | 52 +++++++++++++++++++++++++++++----------------------- 1 file changed, 29 insertions(+), 23 deletions(-) diff --git a/include/group.php b/include/group.php index efda389d6..bb1ed5ed8 100644 --- a/include/group.php +++ b/include/group.php @@ -4,23 +4,23 @@ use Zotlabs\Lib\Libsync; function group_add($uid,$name,$public = 0) { - $ret = false; + $success = false; if(x($uid) && x($name)) { $r = group_byname($uid,$name); // check for dups if($r !== false) { - // This could be a problem. + // This could be a problem. // Let's assume we've just created a group which we once deleted // all the old members are gone, but the group remains so we don't break any security // access lists. What we're doing here is reviving the dead group, but old content which - // was restricted to this group may now be seen by the new group members. + // was restricted to this group may now be seen by the new group members. $z = q("SELECT * FROM pgrp WHERE id = %d LIMIT 1", intval($r) ); if(($z) && $z[0]['deleted']) { q('UPDATE pgrp SET deleted = 0 WHERE id = %d', intval($z[0]['id'])); - notice( t('A deleted group with this name was revived. Existing item permissions may apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); + notice( t('A deleted group with this name was revived. Existing item permissions may apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); } return true; } @@ -42,12 +42,18 @@ function group_add($uid,$name,$public = 0) { intval($public), dbesc($name) ); - $ret = $r; - } - Libsync::build_sync_packet($uid,null,true); + if($r) + $success = true; + } - return $ret; + + if($success) { + Libsync::build_sync_packet($uid,null,true); + return $hash; + } + + return false; } @@ -88,7 +94,7 @@ function group_rmv($uid,$name) { } if($change) { - q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' + q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' WHERE channel_id = %d", intval($user_info['channel_default_group']), dbesc($user_info['channel_allow_gid']), @@ -159,7 +165,7 @@ function group_rmv_member($uid,$name,$member) { Libsync::build_sync_packet($uid,null,true); return $r; - + } @@ -170,13 +176,13 @@ function group_add_member($uid,$name,$member,$gid = 0) { if((! $gid) || (! $uid) || (! $member)) return false; - $r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1", + $r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1", intval($uid), intval($gid), dbesc($member) ); if($r) - return true; // You might question this, but + return true; // You might question this, but // we indicate success because the group member was in fact created // -- It was just created at another time if(! $r) @@ -195,7 +201,7 @@ function group_add_member($uid,$name,$member,$gid = 0) { function group_get_members($gid) { $ret = array(); if(intval($gid)) { - $r = q("SELECT * FROM pgrp_member + $r = q("SELECT * FROM pgrp_member LEFT JOIN abook ON abook_xchan = pgrp_member.xchan left join xchan on xchan_hash = abook_xchan WHERE gid = %d AND abook_channel = %d and pgrp_member.uid = %d and xchan_deleted = 0 and abook_self = 0 and abook_blocked = 0 and abook_pending = 0 ORDER BY xchan_name ASC ", intval($gid), @@ -245,7 +251,7 @@ function group_get_profile_members_xchan($uid,$gid) { function mini_group_select($uid,$group = '') { - + $grps = array(); $o = ''; @@ -263,7 +269,7 @@ function mini_group_select($uid,$group = '') { $o = replace_macros(get_markup_template('group_selection.tpl'), array( '$label' => t('Add new connections to this privacy group'), - '$groups' => $grps + '$groups' => $grps )); return $o; } @@ -287,12 +293,12 @@ function group_side($every="connections",$each="group",$edit = false, $group_id $member_of = array(); if($cid) { $member_of = groups_containing(local_channel(),$cid); - } + } if($r) { foreach($r as $rr) { $selected = (($group_id == $rr['id']) ? ' group-selected' : ''); - + if ($edit) { $groupedit = array( 'href' => "group/".$rr['id'], @@ -301,7 +307,7 @@ function group_side($every="connections",$each="group",$edit = false, $group_id } else { $groupedit = null; } - + $groups[] = array( 'id' => $rr['id'], 'enc_cid' => base64url_encode($cid), @@ -314,8 +320,8 @@ function group_side($every="connections",$each="group",$edit = false, $group_id ); } } - - + + $tpl = get_markup_template("group_side.tpl"); $o = replace_macros($tpl, array( '$title' => t('Privacy Groups'), @@ -325,8 +331,8 @@ function group_side($every="connections",$each="group",$edit = false, $group_id '$groups' => $groups, '$add' => t('add'), )); - - + + return $o; } @@ -356,7 +362,7 @@ function expand_groups($g) { else { $x[] = $gv; } - } + } if($x) { stringify_array_elms($x,true); -- cgit v1.2.3 From 9389abdb757d5cb5b4b4322260e86c47d11ff043 Mon Sep 17 00:00:00 2001 From: Mario Date: Wed, 3 Mar 2021 14:09:17 +0100 Subject: set the default collection acl if indicated so by the role permissions but always set the created friends group as channel_default_group when creating a new channel --- include/channel.php | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/include/channel.php b/include/channel.php index d1095115d..4f48402d2 100644 --- a/include/channel.php +++ b/include/channel.php @@ -503,23 +503,22 @@ function create_identity($arr) { // right away as a default group for new contacts. require_once('include/group.php'); - group_add($newuid, t('Friends')); - group_add_member($newuid,t('Friends'),$ret['channel']['channel_hash']); + $group_hash = group_add($newuid, t('Friends')); - // if our role_permissions indicate that we're using a default collection ACL, add it. + if($group_hash) { + group_add_member($newuid,t('Friends'),$ret['channel']['channel_hash']); - if(is_array($role_permissions) && $role_permissions['default_collection']) { - $r = q("select hash from pgrp where uid = %d and gname = '%s' limit 1", - intval($newuid), - dbesc( t('Friends') ) - ); - if($r) { - q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d", - dbesc($r[0]['hash']), - dbesc('<' . $r[0]['hash'] . '>'), - intval($newuid) - ); + $default_collection = ''; + // if our role_permissions indicate that we're using a default collection ACL, add it. + if(is_array($role_permissions) && $role_permissions['default_collection']) { + $default_collection_str = '<' . $group_hash . '>'; } + + q("update channel set channel_default_group = '%s', channel_allow_gid = '%s' where channel_id = %d", + dbesc($group_hash), + dbesc($default_collection_str), + intval($newuid) + ); } if(! $system) { -- cgit v1.2.3 From 9c110e7b9b77a082dc3326e4fc58d5308d03668e Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 4 Mar 2021 08:20:16 +0000 Subject: revert isset --- boot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot.php b/boot.php index 82ebea71a..f66a87242 100644 --- a/boot.php +++ b/boot.php @@ -2422,7 +2422,7 @@ function construct_page() { if(App::get_scheme() === 'https' && App::$config['system']['transport_security_header']) header("Strict-Transport-Security: max-age=31536000"); - if(isset(App::$config['system']['content_security_policy'])) { + if(App::$config['system']['content_security_policy']) { $cspsettings = [ 'script-src' => [ "'self'", "'unsafe-inline'", "'unsafe-eval'" ], 'style-src' => [ "'self'", "'unsafe-inline'" ], -- cgit v1.2.3 From 548936c6ca6e016e6fb8bbe649d8caf1e26bb731 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 4 Mar 2021 09:45:51 +0000 Subject: changelog --- CHANGELOG | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 66 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 1e4b28abf..ccb089b62 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,68 @@ +Hubzilla 5.4 (2021-03-xx) + - Add new connections to privacy group independend from the default privacy group settings + - group_add() return group hash to save a lookup + - Do not poll feeds if feed contacts setting is disabled + - Deprecate sticky_kit library in favour of CSS position sticky solution + - Implement experimental zap export compatibility + - Deprecate the [summary] tag in favor of a separate input field for the summary + - Adjust error reporting for PHP8 + - Rely on php.ini default value for pcre.backtrack_limit + - PHP8 compatibility (experimental) + - Introduce Lib/Crypto (ported from zap) + - Introduce Lib/Keyutils which now implements phpseclib v2 + - Improve profile photo fetching + - Introduce fetch_provider hook + - Implement ActivityStreams discovery in mod profile + - Implement ActivityStreams discovery in mod channel + - Update OS folder and file permissions + - Implement ThreadListener in mod activity_match + - Improve ThreadListener handling + - Use mail envelope instead of lock icon for direct messages + - Implement ASCollection in Libzot::fetch_conversation() + - Invoke channel discovery by hash instead of address in mod channel + - Implement manual public item import for zot6, activitypub and diaspora via search + - Default photo storage to filesystem instead of DB for new installations + - Support filesystem storage for xchan profile photos + - Deprecate Daemon/Externals + - Implement SQL query background caching + - Process channel categories list in background + - Port util/connect to Lib/Connect + + Bugfixes + - Fix issue where URL fragment was turned into hashtag if the hashtag existed elsewhere in the post (issue #1518) + - Fix audio and video embeds for media sources without media format extension + - Fix issue where zot package was saved in iconf instead of the decoded activity + - Fix duplicate id in post preview + - Fix display issue of restricted content in mod display + - Fix issue where comments were not delivered to the public stream + - Fix issue where profile photos were stored multiple times and remove duplicates + - Fix pinned items sync between clones + - Fix r_preview for list mode in mod channel and mod network + + Addons + - Diaspora: reduce xchan network confusion in several places + - Diaspora: fix mentions if multiple xchan networks exists + - Diaspora: fix comments on comments + - Pubcrawl: do not re-use broken signed messages + - Pubcrawl: fix parsing of images with description + - Pubcrawl: use the signed message from the attachment (iconfig) when relaying + - Diaspora: implement browser to browser encrypted messages as base64 encoded string + - Pubcrawl: implement browser to browser encrypted messages as base64 encoded string + - Diaspora: support post summary + - Pubcrawl: fix summary aka content warning + - PHP8 compatibility (experimental) + - Reflect core crypto changes + - Photocache: improve mimetype detection + - Diaspora: implement mnanual fetch provider + - Pubcrawl: deprecate pubcrawl_is_as_request() in favor of the core version in Lib/ActivityStreams + - Diaspora: prefer zot identity for inbound comments if available + - Pubcrawl: return zotfeed results in mod outbox + - Queueworker: improved deduplication by adding a uuid + - Superblock: fix syncing with clones regression + - Queueworker: improve SQL query in GetWorkerCount() + - Queueworker: fix issue in workersleep handling + + Hubzilla 5.2.2 (2021-02-13) - Fix issue with ping_site() @@ -5,7 +70,7 @@ Hubzilla 5.2.2 (2021-02-13) Hubzilla 5.2.1 (2021-01-16) - Fix attach_upgrade() to catch all broken entries in attach - Fix collect_recipients() public policy filter for zot6 - - Fix leaking of duplicate tasks in queueworker addon_common + - Fix leaking of duplicate tasks in queueworker Hubzilla 5.2 (2021-01-13) -- cgit v1.2.3 From 5b7a10401f063241b6f8939fb1378478af515a9d Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 4 Mar 2021 09:48:19 +0000 Subject: version 5.4RC2 --- boot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot.php b/boot.php index f66a87242..664e35732 100644 --- a/boot.php +++ b/boot.php @@ -52,7 +52,7 @@ require_once('include/attach.php'); require_once('include/bbcode.php'); define ( 'PLATFORM_NAME', 'hubzilla' ); -define ( 'STD_VERSION', '5.4RC1' ); +define ( 'STD_VERSION', '5.4RC2' ); define ( 'ZOT_REVISION', '6.0' ); define ( 'DB_UPDATE_VERSION', 1243 ); -- cgit v1.2.3