diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index 6072b672f..b99d0b902 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -853,6 +853,8 @@ class Activity {
$entry['type'] = $att['mediaType'];
} elseif (array_key_exists('type', $att) && $att['type'] === 'Image') {
$entry['type'] = 'image/jpeg';
+ } elseif (array_key_exists('type', $att) && $att['type'] === 'Link') {
+ $entry['type'] = 'text/uri-list';
}
if (array_key_exists('name', $att) && $att['name']) {
$entry['name'] = html2plain(purify_html($att['name']), 256);
@@ -3833,7 +3835,6 @@ class Activity {
return $act->objprop('id', null)
?? (is_string($act->obj) ? $act->obj : null)
- // ?? $act->obj['data']['id'] // pleroma fetched like?
?? '';
}
diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php
index 0dc405ea9..337344645 100644
--- a/Zotlabs/Lib/Apps.php
+++ b/Zotlabs/Lib/Apps.php
@@ -341,7 +341,7 @@ class Apps {
'Suggest Channels' => t('Suggest Channels'),
'Login' => t('Login'),
'Channel Manager' => t('Channel Manager'),
- 'Network' => t('Stream'),
+ 'Network' => t('Network'),
'Settings' => t('Settings'),
'Files' => t('Files'),
'Webpages' => t('Webpages'),
diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php
index 57c110d8b..90a6dc442 100644
--- a/Zotlabs/Lib/Libzot.php
+++ b/Zotlabs/Lib/Libzot.php
@@ -1542,6 +1542,7 @@ class Libzot {
$local_public = $public;
$item_result = null;
+ $parent = null;
$DR = new DReport(z_root(), $sender, $d, $arr['mid'], $arr['uuid']);
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php
index d0fa1e587..9f5d3a350 100644
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -475,7 +475,7 @@ class ThreadItem {
'wait' => t('Please wait'),
'thread_level' => $thread_level,
'settings' => $settings,
- 'thr_parent_uuid' => (($item['parent_mid'] != $item['thr_parent']) ? $mid_uuid_map[$item['thr_parent']] : ''),
+ 'thr_parent_uuid' => (($item['parent_mid'] !== $item['thr_parent'] && isset($mid_uuid_map[$item['thr_parent']])) ? $mid_uuid_map[$item['thr_parent']] : ''),
'contact_id' => (($contact) ? $contact['abook_id'] : ''),
'moderate' => ($item['item_blocked'] == ITEM_MODERATED),
'moderate_approve' => t('Approve'),
diff --git a/Zotlabs/Module/Activity.php b/Zotlabs/Module/Activity.php
index 85b9f3e7c..64da2586b 100644
--- a/Zotlabs/Module/Activity.php
+++ b/Zotlabs/Module/Activity.php
@@ -23,7 +23,7 @@ class Activity extends Controller {
if (! $item_id)
http_status_exit(404, 'Not found');
- $portable_id = EMPTY_STR;
+ $portable_id = null;
$item_normal_extra = sprintf(" and not verb in ('Follow', 'Ignore', '%s', '%s') ",
dbesc(ACTIVITY_FOLLOW),
@@ -166,6 +166,7 @@ class Activity extends Controller {
return;
}
+ $portable_id = null;
$ob_authorize = false;
$item_uid = 0;
diff --git a/Zotlabs/Module/Attach_edit.php b/Zotlabs/Module/Attach_edit.php
index 5880d8f13..4cde1c168 100644
--- a/Zotlabs/Module/Attach_edit.php
+++ b/Zotlabs/Module/Attach_edit.php
@@ -133,6 +133,11 @@ class Attach_edit extends Controller {
}
$x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
+ if (!$x['success']) {
+ notice($x['message'] . EOL);
+ goaway($return_path);
+ }
+
$actions_done .= 'move,';
}
diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php
index 8956ce16f..8369987a4 100644
--- a/Zotlabs/Module/File_upload.php
+++ b/Zotlabs/Module/File_upload.php
@@ -11,39 +11,42 @@ require_once('include/photos.php');
class File_upload extends \Zotlabs\Web\Controller {
function post() {
- logger('file upload: ' . print_r($_REQUEST,true));
+ logger('file upload: ' . print_r($_POST,true));
logger('file upload: ' . print_r($_FILES,true));
- $channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null);
+ $channel = (($_POST['channick']) ? channelx_by_nick($_POST['channick']) : null);
- if(! $channel) {
+ if (!$channel) {
logger('channel not found');
- killme();
+ is_ajax() ? killme() : goaway(z_root() . '/' . $_POST['return_url']);
}
- $_REQUEST['source'] = 'file_upload';
+ $_POST['source'] = 'file_upload';
if($channel['channel_id'] != local_channel()) {
- $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
- $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
- $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
- $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
+ $_POST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
+ $_POST['group_allow'] = expand_acl($channel['channel_allow_gid']);
+ $_POST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
+ $_POST['group_deny'] = expand_acl($channel['channel_deny_gid']);
}
- $_REQUEST['allow_cid'] = ((isset($_REQUEST['contact_allow'])) ? perms2str($_REQUEST['contact_allow']) : '');
- $_REQUEST['allow_gid'] = ((isset($_REQUEST['group_allow'])) ? perms2str($_REQUEST['group_allow']) : '');
- $_REQUEST['deny_cid'] = ((isset($_REQUEST['contact_deny'])) ? perms2str($_REQUEST['contact_deny']) : '');
- $_REQUEST['deny_gid'] = ((isset($_REQUEST['group_deny'])) ? perms2str($_REQUEST['group_deny']) : '');
+ $_POST['allow_cid'] = ((isset($_POST['contact_allow'])) ? perms2str($_POST['contact_allow']) : '');
+ $_POST['allow_gid'] = ((isset($_POST['group_allow'])) ? perms2str($_POST['group_allow']) : '');
+ $_POST['deny_cid'] = ((isset($_POST['contact_deny'])) ? perms2str($_POST['contact_deny']) : '');
+ $_POST['deny_gid'] = ((isset($_POST['group_deny'])) ? perms2str($_POST['group_deny']) : '');
- if(isset($_REQUEST['filename']) && strlen($_REQUEST['filename'])) {
- $r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
- if($r['success']) {
- $hash = $r['data']['hash'];
- $sync = attach_export_data($channel,$hash);
- if($sync) {
- Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));
- }
- goaway(z_root() . '/' . $_REQUEST['return_url']);
+ if(isset($_POST['filename']) && strlen($_POST['filename'])) {
+ $r = attach_mkdir($channel, get_observer_hash(), $_POST);
+
+ if (!$r['success']) {
+ notice($r['message'] . EOL);
+ is_ajax() ? killme() : goaway(z_root() . '/' . $_POST['return_url']);
+ }
+
+ $hash = $r['data']['hash'];
+ $sync = attach_export_data($channel,$hash);
+ if ($sync) {
+ Libsync::build_sync_packet($channel['channel_id'], ['file' => [$sync]]);
}
}
else {
@@ -90,19 +93,21 @@ class File_upload extends \Zotlabs\Web\Controller {
}
}
- $r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
- if($r['success']) {
- $sync = attach_export_data($channel,$r['data']['hash']);
- if($sync)
- Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+
+ $r = attach_store($channel, get_observer_hash(), '', $_POST);
+ if (!$r['success']) {
+ notice($r['message'] . EOL);
+ is_ajax() ? killme() : goaway(z_root() . '/' . $_POST['return_url']);
+ }
+
+ $sync = attach_export_data($channel,$r['data']['hash']);
+ if ($sync) {
+ Libsync::build_sync_packet($channel['channel_id'], ['file' => [$sync]]);
}
}
- if(is_ajax())
- killme();
-
- goaway(z_root() . '/' . $_REQUEST['return_url']);
+ is_ajax() ? killme() : goaway(z_root() . '/' . $_POST['return_url']);
}
diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php
index 2103684ab..1d8f65348 100644
--- a/Zotlabs/Module/Moderate.php
+++ b/Zotlabs/Module/Moderate.php
@@ -67,7 +67,7 @@ class Moderate extends \Zotlabs\Web\Controller {
$item['item_blocked'] = 0;
item_update_parent_commented($item);
- notice( t('Item approved') . EOL);
+ info(t('Item approved') . EOL);
}
elseif($action === 'drop') {
// TODO: not implemented
@@ -75,7 +75,7 @@ class Moderate extends \Zotlabs\Web\Controller {
// Activity::send_rejection_activity(App::get_channel(), $item['author_xchan'], $item);
drop_item($post_id);
- notice( t('Item deleted') . EOL);
+ info(t('Item deleted') . EOL);
}
// refetch the item after changes have been made
diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php
index e31aa9dc1..862298e82 100644
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -557,7 +557,9 @@ class Photos extends \Zotlabs\Web\Controller {
$can_post = false;
$visitor = 0;
-
+ $link_item = null;
+ $like = null;
+ $dislike = null;
$owner_uid = \App::$data['channel']['channel_id'];
$owner_aid = \App::$data['channel']['channel_account_id'];
@@ -965,7 +967,6 @@ class Photos extends \Zotlabs\Web\Controller {
$map = null;
if($linked_items) {
-
xchan_query($linked_items);
$linked_items = fetch_post_tags($linked_items,true);
@@ -1103,9 +1104,6 @@ class Photos extends \Zotlabs\Web\Controller {
$alike = array();
$dlike = array();
- $like = '';
- $dislike = '';
-
$conv_responses = array(
'like' => array('title' => t('Likes','title')),'dislike' => array('title' => t('Dislikes','title')),
'attendyes' => array('title' => t('Attending','title')), 'attendno' => array('title' => t('Not attending','title')), 'attendmaybe' => array('title' => t('Might attend','title'))
@@ -1217,12 +1215,17 @@ class Photos extends \Zotlabs\Web\Controller {
$like_e = $like;
$dislike_e = $dislike;
$paginate = paginate();
+ $responses = [];
- $response_verbs = array('like');
- if(feature_enabled($owner_uid,'dislike'))
- $response_verbs[] = 'dislike';
+ if ($link_item) {
+ $response_verbs = ['like'];
- $responses = get_responses($conv_responses,$response_verbs,'',$link_item);
+ if(feature_enabled($owner_uid,'dislike')) {
+ $response_verbs[] = 'dislike';
+ }
+
+ $responses = get_responses($conv_responses,$response_verbs,'',$link_item);
+ }
$hookdata = [
'onclick' => '$.colorbox({href: \'' . $photo['href'] . '\'}); return false;',
diff --git a/Zotlabs/Module/Wall_attach.php b/Zotlabs/Module/Wall_attach.php
index e354f58f1..044dd11cf 100644
--- a/Zotlabs/Module/Wall_attach.php
+++ b/Zotlabs/Module/Wall_attach.php
@@ -10,7 +10,7 @@ class Wall_attach extends \Zotlabs\Web\Controller {
function init() {
logger('request_method: ' . $_SERVER['REQUEST_METHOD'],LOGGER_DATA,LOG_INFO);
- logger('wall_attach: ' . print_r($_REQUEST,true),LOGGER_DEBUG,LOG_INFO);
+ logger('wall_attach: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO);
logger('wall_attach files: ' . print_r($_FILES,true),LOGGER_DEBUG,LOG_INFO);
// for testing without actually storing anything
// http_status_exit(200,'OK');
@@ -23,7 +23,7 @@ class Wall_attach extends \Zotlabs\Web\Controller {
$result = [];
- if($_REQUEST['api_source'] && array_key_exists('media',$_FILES)) {
+ if($_POST['api_source'] && array_key_exists('media',$_FILES)) {
$using_api = true;
}
@@ -98,8 +98,8 @@ class Wall_attach extends \Zotlabs\Web\Controller {
$r = attach_store($channel, get_observer_hash(), '', $data);
- if(! $r['success']) {
- notice( $r['message'] . EOL);
+ if (!$r['success']) {
+ notice($r['message'] . EOL);
killme();
}
diff --git a/boot.php b/boot.php
index f85cd114d..657849da8 100644
--- a/boot.php
+++ b/boot.php
@@ -175,6 +175,13 @@ if (!defined('STORAGE_DEFAULT_PERMISSIONS')) {
*/
define('MAX_IMAGE_LENGTH', -1);
+/**
+ * Those are the current limits we can store in the DB
+ */
+
+define('MAX_FILENAME_LENGTH', 191);
+define('MAX_FOLDER_LENGTH', 64);
+
/**
* log levels
diff --git a/include/attach.php b/include/attach.php
index bda4905f1..c3896be29 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -796,6 +796,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
}
}
+ if (mb_strlen($filename, 'UTF-8') > MAX_FILENAME_LENGTH) {
+ logger('filename too long');
+ $ret['message'] = t('Filename too long');
+ return $ret;
+ }
+
if(! $hash)
$hash = new_uuid();
@@ -1180,11 +1186,17 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
return $ret;
}
- if(isset($arr['filename']) && !strlen($arr['filename'])) {
+ if(empty($arr['filename'])) {
$ret['message'] = t('Empty pathname');
return $ret;
}
+ if(mb_strlen($arr['filename'], 'UTF-8') > MAX_FOLDER_LENGTH) {
+ logger('pathname too long');
+ $ret['message'] = t('Pathname too long');
+ return $ret;
+ }
+
$arr['hash'] = $arr['hash'] ?? new_uuid();
// Check for duplicate name.
@@ -2589,6 +2601,11 @@ function attach_move($channel_id, $resource_id, $new_folder_hash, $newname = '',
}
}
+ if (mb_strlen($filename, 'UTF-8') > MAX_FILENAME_LENGTH) {
+ logger('filename too long');
+ $ret['message'] = t('Filename too long');
+ return $ret;
+ }
q("update attach set content = '%s', folder = '%s', filename = '%s', edited = '%s' where id = %d",
dbescbin($newstorepath),
diff --git a/include/bbcode.php b/include/bbcode.php
index 65bda1b7b..c152d45cb 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -1402,6 +1402,9 @@ function bbcode($text, $options = []) {
if (strpos($text,'[b]') !== false) {
$text = preg_replace("(\[b\](.*?)\[\/b\])ism", '$1', $text);
}
+ if (strpos($text,'[strong]') !== false) {
+ $text = preg_replace("(\[strong\](.*?)\[\/strong\])ism", '$1', $text);
+ }
// Check for Italics text
if (strpos($text,'[i]') !== false) {
$text = preg_replace("(\[i\](.*?)\[\/i\])ism", '$1', $text);
diff --git a/include/html2bbcode.php b/include/html2bbcode.php
index b799a0c28..ba298aa58 100644
--- a/include/html2bbcode.php
+++ b/include/html2bbcode.php
@@ -176,7 +176,7 @@ function html2bbcode($message)
//node2bbcode($doc, 'span', array('style'=>'/.*font-size:\s*(\d+)[,;].*/'), '[size=$1]', '[/size]');
//node2bbcode($doc, 'span', array('style'=>'/.*font-size:\s*(.+?)[,;].*/'), '[size=$1]', '[/size]');
- node2bbcode($doc, 'span', array('style'=>'/.*color:\s*(.+?)[,;].*/'), '[color="$1"]', '[/color]');
+ node2bbcode($doc, 'span', array('style'=>'/.*color:\s*(.+?)[,;].*/'), '[color=$1]', '[/color]');
//node2bbcode($doc, 'span', array('style'=>'/.*font-family:\s*(.+?)[,;].*/'), '[font=$1]', '[/font]');
//node2bbcode($doc, 'div', array('style'=>'/.*font-family:\s*(.+?)[,;].*font-size:\s*(\d+?)pt.*/'), '[font=$1][size=$2]', '[/size][/font]');
diff --git a/include/text.php b/include/text.php
index 52a6440cb..b4955a78d 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1611,7 +1611,7 @@ function theme_attachments(&$item) {
$url = z_root() . '/magic?owa=1&bdest=' . bin2hex($r['href']);
}
- if (isset($label) && isset($url) && isset($icon) && isset($title)) {
+ if (isset($label, $url, $icon, $title)) {
array_unshift($attaches, ['label' => $label, 'url' => $url, 'icon' => $icon, 'title' => $title]);
}
}
@@ -3232,6 +3232,7 @@ function getIconFromType($type) {
'text/markdown' => 'bi-filetype-md',
'text/bbcode' => 'bi-file-earmark-text',
'text/html' => 'bi-filetype-html',
+ 'text/uri-list' => 'bi-box-arrow-up-right',
'application/msword' => 'bi-file-earmark-word',
'application/pdf' => 'bi-file-earmark-pdf',
'application/vnd.oasis.opendocument.text' => 'bifile--earmark-text',
diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql
index e75224815..3cf8039e4 100644
--- a/install/schema_mysql.sql
+++ b/install/schema_mysql.sql
@@ -876,7 +876,7 @@ CREATE TABLE IF NOT EXISTS `photo` (
`title` char(191) NOT NULL DEFAULT '',
`description` text NOT NULL,
`album` char(191) NOT NULL DEFAULT '',
- `filename` char(191) NOT NULL DEFAULT '',
+ `filename` text NOT NULL,
`mimetype` char(128) NOT NULL DEFAULT 'image/jpeg',
`height` smallint(6) NOT NULL DEFAULT 0 ,
`width` smallint(6) NOT NULL DEFAULT 0 ,
diff --git a/vendor/stephenhill/base58/src/Base58.php b/vendor/stephenhill/base58/src/Base58.php
index 75a2e0de4..2b44b22b2 100644
--- a/vendor/stephenhill/base58/src/Base58.php
+++ b/vendor/stephenhill/base58/src/Base58.php
@@ -29,8 +29,8 @@ class Base58
* @since v1.1.0 Added the optional $service argument.
*/
public function __construct(
- $alphabet = null,
- ServiceInterface $service = null
+ string|null $alphabet = null,
+ ServiceInterface|null $service = null
) {
// Handle null alphabet
if (is_null($alphabet) === true) {