From 2d79e75788aa71664a379c4cea0b6bfe3ab87ad0 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Thu, 12 May 2016 16:51:20 -0700
Subject: SECURITY: edited comment to private post loses privacy info. Not
 visible in stream but may be visible in feeds

---
 include/zot.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'include')

diff --git a/include/zot.php b/include/zot.php
index 157354afa..8adc74ffa 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -1953,6 +1953,16 @@ function remove_community_tag($sender, $arr, $uid) {
  */
 function update_imported_item($sender, $item, $orig, $uid) {
 
+	// If this is a comment being updated, remove any privacy information
+	// so that item_store_update will set it from the original.
+
+	if($item['mid'] !== $item['parent_mid']) {
+		unset($item['allow_cid']);
+		unset($item['allow_gid']);
+		unset($item['deny_cid']);
+		unset($item['deny_gid']);
+		unset($item['item_private']);
+	}
 
 	$x = item_store_update($item);
 
-- 
cgit v1.2.3


From b14dd0e066f7582bae6e558c40b5d25d83a33ae4 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Sat, 14 May 2016 21:05:24 -0700
Subject: issue #383

---
 include/import.php | 1 -
 1 file changed, 1 deletion(-)

(limited to 'include')

diff --git a/include/import.php b/include/import.php
index 98c70fa19..46c8057b6 100644
--- a/include/import.php
+++ b/include/import.php
@@ -90,7 +90,6 @@ function import_channel($channel, $account_id, $seize) {
 	set_default_login_identity($account_id,$channel['channel_id'],false);
 	logger('import step 1');
 	$_SESSION['import_step'] = 1;
-	ref_session_write(session_id(), serialize($_SESSION));
 	return $channel;	
 
 }
-- 
cgit v1.2.3


From 0d04a1221ab5f9f1486768798ce64e2c0405f135 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Mon, 16 May 2016 19:38:38 -0700
Subject: issue #386 (master)

---
 include/import.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/import.php b/include/import.php
index 46c8057b6..00058047e 100644
--- a/include/import.php
+++ b/include/import.php
@@ -21,7 +21,7 @@ function import_channel($channel, $account_id, $seize) {
 		dbesc($channel['channel_address'])
 	);
 
-	if(($r) || (check_webbie(array($channel['channel_hash'])) !== $channel['channel_hash'])) {
+	if(($r) || (check_webbie(array($channel['channel_address'])) !== $channel['channel_address'])) {
 		if($r[0]['channel_guid'] === $channel['channel_guid'] || $r[0]['channel_hash'] === $channel['channel_hash']) {
 			logger('mod_import: duplicate channel. ', print_r($channel,true));
 			notice( t('Cannot create a duplicate channel identifier on this system. Import failed.') . EOL);
-- 
cgit v1.2.3


From e109abbef7fed77898da7adb9d43e686dc96c29a Mon Sep 17 00:00:00 2001
From: Andrew Manning <tamanning@zoho.com>
Date: Sun, 12 Jun 2016 07:17:23 -0400
Subject: Apply purify_html to page content before preview and save to prevent
 JavaScript code injection.

---
 include/wiki.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/wiki.php b/include/wiki.php
index f0785d549..4aa3fc1b4 100644
--- a/include/wiki.php
+++ b/include/wiki.php
@@ -279,7 +279,7 @@ function wiki_page_history($arr) {
 
 function wiki_save_page($arr) {
 	$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
-	$content = ((array_key_exists('content',$arr)) ? $arr['content'] : '');
+	$content = ((array_key_exists('content',$arr)) ? purify_html($arr['content']) : '');
 	$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
 	$w = wiki_get_wiki($resource_id);
 	if (!$w['path']) {
-- 
cgit v1.2.3


From 7abfe716b47cd6f0171f0304ec07370c16dd595b Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Sun, 12 Jun 2016 16:34:27 -0700
Subject: DB schema issue with import

---
 include/import.php | 38 ++++++++++++++++++++++++++------------
 1 file changed, 26 insertions(+), 12 deletions(-)

(limited to 'include')

diff --git a/include/import.php b/include/import.php
index 6fcb08416..be456bfa9 100644
--- a/include/import.php
+++ b/include/import.php
@@ -122,6 +122,11 @@ function import_profiles($channel,$profiles) {
 			$profile['aid'] = get_account_id();
 			$profile['uid'] = $channel['channel_id'];
 
+			convert_oldfields($profile,'name','fullname');
+			convert_oldfields($profile,'with','partner');
+			convert_oldfields($profile,'work','employment');
+
+
 			// we are going to reset all profile photos to the original
 			// somebody will have to fix this later and put all the applicable photos into the export
 	
@@ -644,6 +649,10 @@ function import_events($channel,$events) {
 			unset($event['id']);
 			$event['aid'] = $channel['channel_account_id'];
 			$event['uid'] = $channel['channel_id'];
+			convert_oldfields($event,'start','dtstart');
+			convert_oldfields($event,'finish','dtend');
+			convert_oldfields($event,'type','etype');
+			convert_oldfields($event,'ignore','dismissed');
 
 			dbesc_array($event);
 			$r = dbq("INSERT INTO event (`" 
@@ -677,6 +686,12 @@ function sync_events($channel,$events) {
 			$event['aid'] = $channel['channel_account_id'];
 			$event['uid'] = $channel['channel_id'];
 
+			convert_oldfields($event,'start','dtstart');
+			convert_oldfields($event,'finish','dtend');
+			convert_oldfields($event,'type','etype');
+			convert_oldfields($event,'ignore','dismissed');
+
+
 			$exists = false;
 
 			$x = q("select * from event where event_hash = '%s' and uid = %d limit 1",
@@ -974,10 +989,7 @@ function sync_files($channel,$files) {
 				$attachment_stored = false;
 				foreach($f['attach'] as $att) {
 
-					if(array_key_exists('data',$att)) {
-						$att['content'] = $att['data'];
-						unset($att['data']);
-					}
+					convert_oldfields($att,'data','content');
 
 					if($att['deleted']) {
 						attach_delete($channel,$att['hash']);
@@ -1130,14 +1142,10 @@ function sync_files($channel,$files) {
 					$p['aid'] = $channel['channel_account_id'];
 					$p['uid'] = $channel['channel_id'];
 
-					if(array_key_exists('data',$p)) {
-						$p['content'] = $p['data'];
-						unset($p['data']);
-					}
-					if(array_key_exists('scale',$p)) {
-						$p['imgscale'] = $p['scale'];
-						unset($p['scale']);
-					}
+					convert_oldfields($p,'data','content');
+					convert_oldfields($p,'scale','imgscale');
+					convert_oldfields($p,'size','filesize');
+					convert_oldfields($p,'type','mimetype');
 
 					// if this is a profile photo, undo the profile photo bit
 					// for any other photo which previously held it.
@@ -1228,3 +1236,9 @@ function sync_files($channel,$files) {
 }
 
 
+function convert_oldfields(&$arr,$old,$new) {
+	if(array_key_exists($old,$arr)) {
+		$arr[$new] = $arr[$old];
+		unset($arr[$old]);
+	}
+}
-- 
cgit v1.2.3


From ef1c01d968edde6fc880fef6afbf1474bf44c068 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Wed, 15 Jun 2016 05:28:16 -0700
Subject: add new connection to default group when auto-accepted

---
 include/follow.php |  2 +-
 include/zot.php    | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/follow.php b/include/follow.php
index 0c3973175..e5a74f85e 100644
--- a/include/follow.php
+++ b/include/follow.php
@@ -275,7 +275,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 
 	call_hooks('follow', $arr);
 
-	/** If there is a default group for this channel, add this member to it */
+	/** If there is a default group for this channel, add this connection to it */
 
 	if($default_group) {
 		require_once('include/group.php');
diff --git a/include/zot.php b/include/zot.php
index af79b5723..043139e2f 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -538,6 +538,16 @@ function zot_refresh($them, $channel = null, $force = false) {
 								Zotlabs\Daemon\Master::Summon(array('Onepoll',$new_connection[0]['abook_id']));
 						}
 
+
+						/** If there is a default group for this channel, add this connection to it */
+						$default_group = $channel['channel_default_group'];
+						if($default_group) {
+							require_once('include/group.php');
+							$g = group_rec_byhash($channel['channel_id'],$default_group);
+							if($g)	
+								group_add_member($channel['channel_id'],'',$x['hash'],$g['id']);
+						}
+
 						unset($new_connection[0]['abook_id']);
 						unset($new_connection[0]['abook_account']);
 						unset($new_connection[0]['abook_channel']);
-- 
cgit v1.2.3


From 5b9292251640d85566f3084d0c7d71af0fdb913e Mon Sep 17 00:00:00 2001
From: Oda <oda@member.fsf.org>
Date: Sat, 18 Jun 2016 23:03:06 -0300
Subject: When picktime is false, close date selector on date select

---
 include/datetime.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/datetime.php b/include/datetime.php
index 83fb49d04..e756df6b4 100644
--- a/include/datetime.php
+++ b/include/datetime.php
@@ -225,7 +225,7 @@ function datetimesel($format, $min, $max, $default, $label, $id = 'datetimepicke
 
 	$pickers = '';
 	if(!$pickdate) $pickers .= ',datepicker: false';
-	if(!$picktime) $pickers .= ',timepicker: false';
+	if(!$picktime) $pickers .= ',timepicker: false, closeOnDateSelect:true';
 
 	$extra_js = '';
 	if($minfrom != '') 
-- 
cgit v1.2.3