From 58155864cb7318321e70025ce67ca4453efee489 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 3 Oct 2017 15:36:56 -0700
Subject: urlencode hashes from mod_acl

---
 Zotlabs/Module/Acl.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index 9c5f6653b..ce1064568 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -343,7 +343,7 @@ class Acl extends \Zotlabs\Web\Controller {
 						"photo"    => "images/twopeople.png",
 						"name"     => $g['name'] . (($type === 'f') ? '' : '+'),
 						"id"	   => $g['id'] . (($type === 'f') ? '' : '+'),
-						"xid"      => $g['hash'],
+						"xid"      => urlencode($g['hash']),
 						"link"     => $g['nick'],
 						"nick"     => substr($g['nick'],0,strpos($g['nick'],'@')),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
@@ -357,7 +357,7 @@ class Acl extends \Zotlabs\Web\Controller {
 						"photo"    => $g['micro'],
 						"name"     => $g['name'],
 						"id"	   => $g['id'],
-						"xid"      => $g['hash'],
+						"xid"      => urlencode($g['hash']),
 						"link"     => $g['nick'],
 						"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
-- 
cgit v1.2.3


From d88d4b3c3ac1cd741f03b667b3d35696ba77d2dd Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 3 Oct 2017 15:43:51 -0700
Subject: wrong param

---
 Zotlabs/Module/Acl.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index ce1064568..e164875e8 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -342,8 +342,8 @@ class Acl extends \Zotlabs\Web\Controller {
 						"type"     => "c",
 						"photo"    => "images/twopeople.png",
 						"name"     => $g['name'] . (($type === 'f') ? '' : '+'),
-						"id"	   => $g['id'] . (($type === 'f') ? '' : '+'),
-						"xid"      => urlencode($g['hash']),
+						"id"	   => urlencode($g['id']) . (($type === 'f') ? '' : '+'),
+						"xid"      => $g['hash'],
 						"link"     => $g['nick'],
 						"nick"     => substr($g['nick'],0,strpos($g['nick'],'@')),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
@@ -356,8 +356,8 @@ class Acl extends \Zotlabs\Web\Controller {
 						"type"     => "c",
 						"photo"    => $g['micro'],
 						"name"     => $g['name'],
-						"id"	   => $g['id'],
-						"xid"      => urlencode($g['hash']),
+						"id"	   => urlencode($g['id']),
+						"xid"      => $g['hash'],
 						"link"     => $g['nick'],
 						"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
-- 
cgit v1.2.3


From 7fb02752de4e3ee62d84eaf30bcb4c155ebabf30 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 3 Oct 2017 17:03:24 -0700
Subject: hubzilla issue #868

---
 Zotlabs/Module/Thing.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Thing.php b/Zotlabs/Module/Thing.php
index 95c6c5636..f816632ab 100644
--- a/Zotlabs/Module/Thing.php
+++ b/Zotlabs/Module/Thing.php
@@ -91,6 +91,7 @@ class Thing extends \Zotlabs\Web\Controller {
 			}
 			$orig_record = $t[0];
 			if($photo != $orig_record['obj_imgurl']) {
+				delete_thing_photo($orig_record['obj_imgurl'],get_observer_hash());
 				$arr = import_xchan_photo($photo,get_observer_hash(),true);
 				$local_photo = $arr[0];
 				$local_photo_type = $arr[3];
@@ -336,6 +337,9 @@ class Thing extends \Zotlabs\Web\Controller {
 				return '';
 			}
 
+
+			delete_thing_photo($r[0]['obj_imgurl'],get_observer_hash());
+
 			$x = q("delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d",
 				dbesc($thing_hash),
 				intval(TERM_OBJ_THING),
-- 
cgit v1.2.3


From 80ca99fe5b9f7bb10ffae5789527b7a5d3c4f65e Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 4 Oct 2017 16:37:14 -0700
Subject: wiki double encoding html entities

---
 Zotlabs/Lib/MarkdownSoap.php | 2 +-
 Zotlabs/Render/Comanche.php  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php
index 534ad819f..fa279b07c 100644
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -94,7 +94,7 @@ class MarkdownSoap {
 	}
 
 	function escape($s) {
-		return htmlspecialchars($s,ENT_QUOTES);
+		return htmlspecialchars($s,ENT_QUOTES,'UTF-8',false);
 	}
 
 	static public function unescape($s) {
diff --git a/Zotlabs/Render/Comanche.php b/Zotlabs/Render/Comanche.php
index beee9796e..d126cb3da 100644
--- a/Zotlabs/Render/Comanche.php
+++ b/Zotlabs/Render/Comanche.php
@@ -168,6 +168,8 @@ class Comanche {
 						return $y['xchan_addr'];
 					elseif($x[1] == 'name')
 						return $y['xchan_name'];
+					elseif($x[1] == 'webname')
+						return substr($y['xchan_addr'],0,strpos($y['xchan_addr'],'@'));
 					return false;
 				}
 				return get_observer_hash();
-- 
cgit v1.2.3


From 15b9a67c01964b83ac724945fe416dd35f66e914 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Wed, 4 Oct 2017 18:51:37 -0700
Subject: redirect loop with rmagic and owa

---
 Zotlabs/Module/Magic.php  | 1 +
 Zotlabs/Module/Rmagic.php | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'Zotlabs')

diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index d1550ec89..879085f96 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -149,6 +149,7 @@ class Magic extends \Zotlabs\Web\Controller {
 					if($j['success'] && $j['token']) {
 						$x = strpbrk($dest,'?&');
 						$args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : '');
+						
 						goaway($dest . $args);
 					}
 				}
diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php
index 0c4eb9ae4..bfc03f6ec 100644
--- a/Zotlabs/Module/Rmagic.php
+++ b/Zotlabs/Module/Rmagic.php
@@ -17,7 +17,7 @@ class Rmagic extends \Zotlabs\Web\Controller {
 			if($r) {	
 				if($r[0]['hubloc_url'] === z_root())
 					goaway(z_root() . '/login');
-				$dest = z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string);
+				$dest = z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string);
 				goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest);
 			}
 		}
@@ -61,7 +61,7 @@ class Rmagic extends \Zotlabs\Web\Controller {
 				if($_SESSION['return_url']) 
 					$dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url']));
 				else
-					$dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string));
+					$dest = urlencode(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string));
 	
 				goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest);
 			}
-- 
cgit v1.2.3