From cc9fd4f4a47cdcfec022690fa657813a282ff7d5 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Tue, 23 Mar 2021 10:54:27 +0000
Subject: fix regression in mod display

(cherry picked from commit 43c5b723175fded3996d5bca02902a3da7eb40e8)
---
 Zotlabs/Module/Display.php | 55 ++++++++++++++++++++++------------------------
 1 file changed, 26 insertions(+), 29 deletions(-)

diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 15dfb0dc9..1aac7e328 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -245,71 +245,68 @@ class Display extends \Zotlabs\Web\Controller {
 
 		$sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
 
-		if($noscript_content || $load) {
 
-			$r = null;
+
+		if($noscript_content || $load) {
 
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
-			$sysid = $sys['channel_id'];
+			// in case somebody turned off public access to sys channel content using permissions
+			// make that content unsearchable by ensuring the owner uid can't match
+			$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
+
+			$r = null;
 
 			if(local_channel()) {
-				$r = q("SELECT item.id as item_id from item WHERE uid = %d and mid = '%s' $item_normal limit 1",
+				$r = q("SELECT item.id AS item_id FROM item WHERE uid IN (%d, %d) AND mid = '%s' $item_normal LIMIT 1",
 					intval(local_channel()),
+					intval($sys_id),
 					dbesc($target_item['parent_mid'])
 				);
 			}
 
 			if($r === null) {
-				// in case somebody turned off public access to sys channel content using permissions
-				// make that content unsearchable by ensuring the owner uid can't match
-
-				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
-					$sysid = 0;
-
-				$r = q("SELECT item.id as item_id from item
+				$r = q("SELECT item.id AS item_id FROM item
 					WHERE ((mid = '%s'
-					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = ''
+					AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid  = ''
 					AND item.deny_gid  = '' AND item_private = 0 )
-					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+					AND uid IN ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 					OR uid = %d ))) OR
 					(mid = '%s' $sql_extra ))
 					$item_normal
 					limit 1",
 					dbesc($target_item['parent_mid']),
-					intval($sysid),
+					intval($sys_id),
 					dbesc($target_item['parent_mid'])
 				);
 			}
 		}
 
 		elseif($update && !$load) {
-			$r = null;
-
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
-			$sysid = $sys['channel_id'];
+			// in case somebody turned off public access to sys channel content using permissions
+			// make that content unsearchable by ensuring the owner uid can't match
+			$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
+
+			$r = null;
 			if(local_channel()) {
 				$r = q("SELECT item.parent AS item_id from item
-					WHERE uid = %d
-					and parent_mid = '%s'
+					WHERE uid IN (%d, %d)
+					AND parent_mid = '%s'
 					$item_normal_update
 					$simple_update
-					limit 1",
+					LIMIT 1",
 					intval(local_channel()),
+					intval($sys_id),
 					dbesc($target_item['parent_mid'])
 				);
 			}
-			if($r === null) {
-				// in case somebody turned off public access to sys channel content using permissions
-				// make that content unsearchable by ensuring the owner_xchan can't match
-
-				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
-					$sysid = 0;
 
+			if($r === null) {
 				$r = q("SELECT item.id as item_id from item
 					WHERE ((parent_mid = '%s'
-					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = ''
+					AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid  = ''
 					AND item.deny_gid  = '' AND item_private = 0 )
 					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 					OR uid = %d ))) OR
@@ -317,14 +314,14 @@ class Display extends \Zotlabs\Web\Controller {
 					$item_normal
 					limit 1",
 					dbesc($target_item['parent_mid']),
-					intval($sysid),
+					intval($sys_id),
 					dbesc($target_item['parent_mid'])
 				);
 			}
 		}
 
 		else {
-			$r = array();
+			$r = [];
 		}
 
 		if($r) {
-- 
cgit v1.2.3


From 6d5f98072df1c2937723d2accd099f95a9d773a4 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Wed, 24 Mar 2021 09:21:58 +0000
Subject: php8: fix fatal errors

(cherry picked from commit 1a15c775f8b7b5f19ba7ba68730f31a20da402b5)
---
 Zotlabs/Lib/Libsync.php | 3 +++
 include/text.php        | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php
index 7e97e4c70..5455aa2ea 100644
--- a/Zotlabs/Lib/Libsync.php
+++ b/Zotlabs/Lib/Libsync.php
@@ -716,6 +716,9 @@ class Libsync {
 				dbesc($sender['hash'])
 			);
 
+			if(!$xisting)
+				$xisting = [];
+
 			// See if a primary is specified
 
 			$has_primary = false;
diff --git a/include/text.php b/include/text.php
index 85950c58b..b24b40d45 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3739,6 +3739,9 @@ function get_forum_channels($uid) {
 		intval($uid)
 	);
 
+	if(!$r)
+		$r = [];
+
 	for($x = 0; $x < count($r); $x ++) {
 		if($x3) {
 			foreach($x3 as $xx) {
-- 
cgit v1.2.3


From 4964a32c55e05e86242ec430eb89d018f2b9639f Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Wed, 24 Mar 2021 11:16:03 +0000
Subject: Revalidate imported profile photo on each request (patch provided by
 Max)

(cherry picked from commit 3d4ad94dccd3f3b0ee7b77408ca1c293b30fd922)
---
 include/photo/photo_driver.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php
index 8de5185af..256369c69 100644
--- a/include/photo/photo_driver.php
+++ b/include/photo/photo_driver.php
@@ -239,7 +239,7 @@ function import_xchan_photo($photo, $xchan, $thing = false, $force = false) {
 
 		if($force || empty($modified))
 			$result = z_fetch_url($photo, true);
-		elseif($exp - 60 < time()) {
+		else {
 			$h = [];
 			$h[] = "If-Modified-Since: " . gmdate("D, d M Y H:i:s", $exp) . " GMT";
 			if(! empty($etag))
@@ -247,6 +247,7 @@ function import_xchan_photo($photo, $xchan, $thing = false, $force = false) {
 			$result = z_fetch_url($photo, true, 0, [ 'headers' => $h ]);
 		}
 
+
 		if(isset($result)) {
 			$hdrs = [];
 			$h = explode("\n", $result['header']);
-- 
cgit v1.2.3


From 14186f5c1811765133f0d1c04568f87e56aab9c4 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Wed, 24 Mar 2021 19:27:44 +0000
Subject: cdav: fix regression - sync code was messing with caldav/carddav
 discovery

---
 Zotlabs/Module/Cdav.php | 45 +++++++++++++++++++++++----------------------
 1 file changed, 23 insertions(+), 22 deletions(-)

diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php
index a6cab8639..a7d2b1169 100644
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
@@ -151,15 +151,15 @@ class Cdav extends Controller {
 				if($channel['channel_timezone'])
 					$auth->setTimezone($channel['channel_timezone']);
 				$auth->observer = $channel['channel_hash'];
-			}
-			else
-				$channel = channelx_by_nick(argv(2));
 
-			$principalUri = 'principals/' . $channel['channel_address'];
-			if(! cdav_principal($principalUri)) {
-				$this->activate($pdo, $channel);
-				if(! cdav_principal($principalUri))
-					return;
+				$principalUri = 'principals/' . $channel['channel_address'];
+				if(! cdav_principal($principalUri)) {
+					$this->activate($pdo, $channel);
+					if(! cdav_principal($principalUri)) {
+						return;
+					}
+				}
+
 			}
 
 			// Track CDAV updates from remote clients
@@ -168,6 +168,8 @@ class Cdav extends Controller {
 
 			if($httpmethod === 'PUT' || $httpmethod === 'DELETE') {
 
+				$channel = channelx_by_nick(argv(2));
+				$principalUri = 'principals/' . $channel['channel_address'];
 				$httpuri = $_SERVER['REQUEST_URI'];
 
 				logger("debug: method: " . $httpmethod, LOGGER_DEBUG);
@@ -181,8 +183,9 @@ class Cdav extends Controller {
 					$sync = 'calendar';
 					$cdavtable = 'calendarinstances';
 				}
-				else
+				else {
 					$sync = false;
+				}
 
 				if($sync) {
 
@@ -194,11 +197,10 @@ class Cdav extends Controller {
 					if($x = get_cdav_id($principalUri, argv(3), $cdavtable)) {
 
 						$cdavdata = $this->get_cdav_data($x['id'], $cdavtable);
-
 						$etag = (isset($_SERVER['HTTP_IF_MATCH']) ? $_SERVER['HTTP_IF_MATCH'] : false);
 
 						// delete
-						if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag)
+						if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag) {
 							Libsync::build_sync_packet($channel['channel_id'], [
 								$sync => [
 									'action' => 'delete_card',
@@ -206,18 +208,18 @@ class Cdav extends Controller {
 									'carduri' => $uri
 								]
 							]);
+						}
 						else {
-							if($etag) {
+							if($etag && $cdavdata['etag'] !== $etag) {
 								// update
-								if($cdavdata['etag'] !== $etag)
-								    Libsync::build_sync_packet($channel['channel_id'], [
-									    $sync => [
-										    'action' => 'update_card',
-										    'uri' => $cdavdata['uri'],
-										    'carduri' => $uri,
-										    'card' => $httpbody
-									    ]
-								    ]);
+								Libsync::build_sync_packet($channel['channel_id'], [
+									$sync => [
+										'action' => 'update_card',
+										'uri' => $cdavdata['uri'],
+										'carduri' => $uri,
+										'card' => $httpbody
+									]
+								]);
 							}
 							else {
 								// new
@@ -235,7 +237,6 @@ class Cdav extends Controller {
 				}
 			}
 
-
 			$principalBackend = new \Sabre\DAVACL\PrincipalBackend\PDO($pdo);
 			$carddavBackend   = new \Sabre\CardDAV\Backend\PDO($pdo);
 			$caldavBackend    = new \Sabre\CalDAV\Backend\PDO($pdo);
-- 
cgit v1.2.3