version 7.8.7

(cherry picked from commit b4dffe5946)

CHANGELOG

@@ -1,3 +1,37 @@
+Hubzilla 7.8.7 (2022-12-03)
+	- Fix regression when adding feed contacts
+	- Fix regression new channel calendar event not created
+
+
+Hubzilla 7.8.6 (2022-11-14)
+	- Fix typo in boot.php
+
+
+Hubzilla 7.8.5 (2022-11-13)
+	- Fix outbound edit activity not of type update
+	- Fix mod display not falling through to fetch public item
+	- Fix more PHP warnings
+	- Fix regression in items_fetch() which resulted in empty atom feed
+	- Pubcrawl: cleanup and slightly restructre mod inbox
+
+
+Hubzilla 7.8.4 (2022-11-09)
+	- Fix new uuid created when editing a post
+
+
+Hubzilla 7.8.3 (2022-11-07)
+	- Fix regression where auto created directories were not created with public permissions
+	- Fix regression where pinned/featured state of apps was not displayed correctly
+
+
+Hubzilla 7.8.2 (2022-11-05)
+	- Pubcrawl: fix regression in inbox
+	- Fix display issue of shares coming from streams
+	- Throw a 404 if we could not determine which channel to load
+	- If we have a cached xchan/hubloc entry, make sure we fetch the latest
+	- Gallery: paint the background grid with css
+
+
 Hubzilla 7.8.1 (2022-10-26)
 	- Silence tons of PHP warnings in core
 	- Catch decryption failure edgecase in receiver

Zotlabs/Daemon/Notifier.php

@@ -657,7 +657,8 @@ class Notifier {
 
 			$hash = new_uuid();
 
-			$env = (($hub_env && $hub_env[$hub['hubloc_site_id']]) ? $hub_env[$hub['hubloc_site_id']] : '');
+			$env = $hub_env[$hub['hubloc_site_id']] ?? '';
+
 			if ((self::$private) && (!$env)) {
 				continue;
 			}

Zotlabs/Lib/Activity.php

@@ -545,6 +545,7 @@ class Activity {
 
 		call_hooks('encode_item', $hookinfo);
 
+
 		return $hookinfo['encoded'];
 
 	}
@@ -821,8 +822,12 @@ class Activity {
 		}
 
 		$ret['published'] = ((isset($i['created'])) ? datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME) : datetime_convert());
-		if (isset($i['created'], $i['edited']) && $i['created'] !== $i['edited'])
+		if (isset($i['created'], $i['edited']) && $i['created'] !== $i['edited']) {
 			$ret['updated'] = datetime_convert('UTC', 'UTC', $i['edited'], ATOM_TIME);
+			if ($ret['type'] === 'Create') {
+				$ret['type'] = 'Update';
+			}
+		}
 
 		if (isset($i['app']) && $i['app']) {
 			$ret['generator'] = ['type' => 'Application', 'name' => $i['app']];
@@ -1702,9 +1707,8 @@ class Activity {
 			);
 
 			// update existing xchan record
-			q("update xchan set xchan_name = '%s', xchan_guid = '%s', xchan_pubkey = '%s', xchan_addr = '%s', xchan_network = 'activitypub', xchan_name_date = '%s' where xchan_hash = '%s'",
+			q("update xchan set xchan_name = '%s', xchan_pubkey = '%s', xchan_addr = '%s', xchan_network = 'activitypub', xchan_name_date = '%s' where xchan_hash = '%s'",
 				dbesc(escape_tags($name)),
-				dbesc($url),
 				dbesc(escape_tags($pubkey)),
 				dbesc(escape_tags($webfinger_addr)),
 				dbescdate(datetime_convert()),
@@ -1712,8 +1716,7 @@ class Activity {
 			);
 
 			// update existing hubloc record
-			q("update hubloc set hubloc_guid = '%s', hubloc_addr = '%s', hubloc_network = 'activitypub', hubloc_url = '%s', hubloc_host = '%s', hubloc_callback = '%s', hubloc_updated = '%s', hubloc_id_url = '%s' where hubloc_hash = '%s'",
-				dbesc($url),
+			q("update hubloc set hubloc_addr = '%s', hubloc_network = 'activitypub', hubloc_url = '%s', hubloc_host = '%s', hubloc_callback = '%s', hubloc_updated = '%s', hubloc_id_url = '%s' where hubloc_hash = '%s'",
 				dbesc(escape_tags($webfinger_addr)),
 				dbesc($baseurl),
 				dbesc($hostname),
@@ -2208,6 +2211,8 @@ class Activity {
 		$s['owner_xchan']  = $act->actor['id'];
 		$s['author_xchan'] = $act->actor['id'];
 
+		$content = [];
+
 		if (is_array($act->obj)) {
 			$content = self::get_content($act->obj);
 		}
@@ -2280,10 +2285,10 @@ class Activity {
 			$mention = self::get_actor_bbmention($obj_actor['id']);
 
 			if ($act->type === 'Like') {
-				$content['content'] = sprintf(t('Likes %1$s\'s %2$s'), $mention, $act->obj['type']) . "\n\n" . $content['content'];
+				$content['content'] = sprintf(t('Likes %1$s\'s %2$s'), $mention, $act->obj['type']) . "\n\n" . $content['content'] ?? '';
 			}
 			if ($act->type === 'Dislike') {
-				$content['content'] = sprintf(t('Doesn\'t like %1$s\'s %2$s'), $mention, $act->obj['type']) . "\n\n" . $content['content'];
+				$content['content'] = sprintf(t('Doesn\'t like %1$s\'s %2$s'), $mention, $act->obj['type']) . "\n\n" . $content['content'] ?? '';
 			}
 
 			// handle event RSVPs
@@ -2791,11 +2796,7 @@ class Activity {
 
 		call_hooks('decode_note', $hookinfo);
 
-		$s = $hookinfo['s'];
-
-
-
-		return $s;
+		return $hookinfo['s'];
 
 	}
 
@@ -3823,7 +3824,7 @@ class Activity {
 		}
 
 		if (array_path_exists('source/mediaType', $act) && array_path_exists('source/content', $act)) {
-			if ($act['source']['mediaType'] === 'text/bbcode') {
+			if (in_array($act['source']['mediaType'], ['text/bbcode', 'text/x-multicode'])) {
 				$content['bbcode'] = purify_html($act['source']['content']);
 			}
 		}

Zotlabs/Lib/Apps.php

@@ -605,8 +605,8 @@ class Apps {
 			'$deleted' => $papp['deleted'] ?? false,
 			'$feature' => ((isset($papp['embed']) || $mode == 'edit') ? false : true),
 			'$pin' => ((isset($papp['embed']) || $mode == 'edit') ? false : true),
-			'$featured' => ((isset($papp['categories']) && strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
-			'$pinned' => ((isset($papp['categories']) && strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true),
+			'$featured' => ((isset($papp['categories']) && strpos($papp['categories'], 'nav_featured_app') !== false) ? true : false),
+			'$pinned' => ((isset($papp['categories']) && strpos($papp['categories'], 'nav_pinned_app') !== false) ? true : false),
 			'$mode' => $mode,
 			'$add' => t('Add to app-tray'),
 			'$remove' => t('Remove from app-tray'),

Zotlabs/Lib/Connect.php

@@ -69,7 +69,7 @@ class Connect {
 		$xchan_hash = '';
 		$sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : '');
 
-		$r = q("select * from xchan where ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s') $sql_options ",
+		$r = q("SELECT * FROM xchan LEFT JOIN hubloc ON xchan_hash = hubloc_hash WHERE ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s') $sql_options ORDER BY hubloc_id DESC",
 			dbesc($url),
 			dbesc($url),
 			dbesc($url)
@@ -80,7 +80,7 @@ class Connect {
 			// reset results to the best record or the first if we don't have the best
 			// note: this is a single record and not an array of results
 
-			$r = Libzot::zot_record_preferred($r,'xchan_network');
+			$r = Libzot::zot_record_preferred($r, 'xchan_network');
 
 		}
 
@@ -109,10 +109,12 @@ class Connect {
 
 		if ($wf || $d) {
 
+			$xchan_hash = (($wf) ? $wf : $url);
+
 			// something was discovered - find the record which was just created.
 
 			$r = q("select * from xchan where ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s' ) $sql_options",
-				dbesc($wf ?? $url),
+				dbesc($xchan_hash),
 				dbesc($url),
 				dbesc($url)
 			);
@@ -120,7 +122,7 @@ class Connect {
 			// convert to a single record (once again preferring a zot solution in the case of multiples)
 
 			if ($r) {
-				$r = Libzot::zot_record_preferred($r,'xchan_network');
+				$r = Libzot::zot_record_preferred($r, 'xchan_network');
 			}
 		}
 

Zotlabs/Lib/Enotify.php

@@ -869,7 +869,7 @@ class Enotify {
 		$x = array(
 			'notify_link' => $item['llink'],
 			'name' => $item[$who]['xchan_name'],
-			'addr' => (($item[$who]['xchan_addr']) ? $item[$who]['xchan_addr'] : $item[$who]['xchan_url']),
+			'addr' => $item[$who]['xchan_addr'] ?? $item[$who]['xchan_url'],
 			'url' => $item[$who]['xchan_url'],
 			'photo' => $item[$who]['xchan_photo_s'],
 			'when' => (($edit) ? datetime_convert('UTC', date_default_timezone_get(), $item['edited']) : datetime_convert('UTC', date_default_timezone_get(), $item['created'])),

Zotlabs/Lib/Libsync.php

@@ -184,6 +184,8 @@ class Libsync {
 
 		require_once('include/import.php');
 
+hz_syslog(print_r($arr, true));
+
 		$result = [];
 		$keychange = ((array_key_exists('keychange', $arr)) ? true : false);
 
@@ -192,7 +194,10 @@ class Libsync {
 				dbesc($sender)
 			);
 
-			$DR = new DReport(z_root(), $sender, $d, 'sync');
+			$mid = 'sync';
+
+
+			$DR = new DReport(z_root(), $sender, $d, $mid);
 
 			if (!$r) {
 				$DR->update('recipient not found');
@@ -202,6 +207,7 @@ class Libsync {
 
 			$channel = $r[0];
 
+
 			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
 
 			$max_friends = service_class_fetch($channel['channel_id'], 'total_channels');
@@ -293,8 +299,10 @@ class Libsync {
 			if (array_key_exists('event_item', $arr) && $arr['event_item'])
 				sync_items($channel, $arr['event_item'], ((array_key_exists('relocate', $arr)) ? $arr['relocate'] : null));
 
-			if (array_key_exists('item', $arr) && $arr['item'])
+			if (array_key_exists('item', $arr) && $arr['item']) {
 				sync_items($channel, $arr['item'], ((array_key_exists('relocate', $arr)) ? $arr['relocate'] : null));
+				$mid = $arr['item'][0]['message_id'] . '#sync';
+			}
 
 			// deprecated, maintaining for a few months for upward compatibility
 			// this should sync webpages, but the logic is a bit subtle
@@ -740,13 +748,12 @@ class Libsync {
 			 */
 			call_hooks('process_channel_sync_delivery', $addon);
 
-			$DR = new DReport(z_root(), $d, $d, 'sync', 'channel sync delivered');
+			$DR = new DReport(z_root(), $d, $d, $mid, 'channel sync processed');
 
 			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
 
 			$result[] = $DR->get();
 		}
-
 		return $result;
 	}
 

Zotlabs/Lib/Libzot.php

@@ -1172,10 +1172,14 @@ class Libzot {
 				return;
 			}
 			if (is_array($AS->obj)) {
-				$arr = Activity::decode_note($AS);
+				$item = Activity::decode_note($AS);
+				if (!$item) {
+					logger('Could not decode activity: ' . print_r($AS, true));
+					return;
+				}
 			}
 			else {
-				$arr = [];
+				$item = [];
 			}
 
 			logger($AS->debug(), LOGGER_DATA);
@@ -1260,15 +1264,15 @@ class Libzot {
 
 				if ($r) {
 					$r = self::zot_record_preferred($r);
-					$arr['author_xchan'] = $r['hubloc_hash'];
+					$item['author_xchan'] = $r['hubloc_hash'];
 				}
 
-				if (! $arr['author_xchan']) {
+				if (! $item['author_xchan']) {
 					logger('No author!');
 					return;
 				}
 
-				$arr['owner_xchan'] = $env['sender'];
+				$item['owner_xchan'] = $env['sender'];
 
 				if(filter_var($env['sender'], FILTER_VALIDATE_URL)) {
 					// in individual delivery, change owner if needed
@@ -1277,67 +1281,67 @@ class Libzot {
 					);
 
 					if ($s) {
-						$arr['owner_xchan'] = $s[0]['hubloc_hash'];
+						$item['owner_xchan'] = $s[0]['hubloc_hash'];
 					}
 				}
 
-				if (! $arr['owner_xchan']) {
+				if (! $item['owner_xchan']) {
 					logger('No owner!');
 					return;
 				}
 
-				if ($private && (!intval($arr['item_private']))) {
-					$arr['item_private'] = 1;
+				if ($private && (!intval($item['item_private']))) {
+					$item['item_private'] = 1;
 				}
 
-				if ($arr['mid'] === $arr['parent_mid']) {
+				if ($item['mid'] === $item['parent_mid']) {
 					if (is_array($AS->obj) && array_key_exists('commentPolicy', $AS->obj)) {
 						$p = strstr($AS->obj['commentPolicy'], 'until=');
 						if ($p !== false) {
 							$comments_closed_at = datetime_convert('UTC', 'UTC', substr($p, 6));
-							if ($comments_closed_at === $arr['created']) {
-								$arr['item_nocomment'] = 1;
+							if ($comments_closed_at === $item['created']) {
+								$item['item_nocomment'] = 1;
 							}
 							else {
-								$arr['comments_closed'] = $comments_closed_at;
-								$arr['comment_policy']  = trim(str_replace($p, '', $AS->obj['commentPolicy']));
+								$item['comments_closed'] = $comments_closed_at;
+								$aritemr['comment_policy']  = trim(str_replace($p, '', $AS->obj['commentPolicy']));
 							}
 						}
 						else {
-							$arr['comment_policy'] = $AS->obj['commentPolicy'];
+							$item['comment_policy'] = $AS->obj['commentPolicy'];
 						}
 					}
 				}
 
 				if (isset($AS->meta['hubloc']) && $AS->meta['hubloc']) {
-					$arr['item_verified'] = true;
+					$item['item_verified'] = true;
 				}
 
-				if (!array_key_exists('comment_policy', $arr)) {
-					$arr['comment_policy'] = 'authenticated';
+				if (!array_key_exists('comment_policy', $item)) {
+					$item['comment_policy'] = 'authenticated';
 				}
 
 				if (isset($AS->meta['signed_data']) && $AS->meta['signed_data']) {
-					IConfig::Set($arr, 'activitypub', 'signed_data', $AS->meta['signed_data'], false);
+					IConfig::Set($item, 'activitypub', 'signed_data', $AS->meta['signed_data'], false);
 				}
 
-				logger('Activity received: ' . print_r($arr, true), LOGGER_DATA, LOG_DEBUG);
+				logger('Activity received: ' . print_r($item, true), LOGGER_DATA, LOG_DEBUG);
 				logger('Activity recipients: ' . print_r($deliveries, true), LOGGER_DATA, LOG_DEBUG);
 
 				$relay = (($env['type'] === 'response') ? true : false);
 
-				$result = self::process_delivery($env['sender'], $AS, $arr, $deliveries, $relay, false, $message_request);
+				$result = self::process_delivery($env['sender'], $AS, $item, $deliveries, $relay, false, $message_request);
 			}
 			elseif ($env['type'] === 'sync') {
-				// $arr = get_channelsync_elements($data);
+				// $item = get_channelsync_elements($data);
 
-				$arr = json_decode($data, true);
+				$item = json_decode($data, true);
 
-				logger('Channel sync received: ' . print_r($arr, true), LOGGER_DATA, LOG_DEBUG);
+				logger('Channel sync received: ' . print_r($item, true), LOGGER_DATA, LOG_DEBUG);
 				logger('Channel sync recipients: ' . print_r($deliveries, true), LOGGER_DATA, LOG_DEBUG);
 
 				if ($env['encoding'] === 'hz') {
-					$result = Libsync::process_channel_sync_delivery($env['sender'], $arr, $deliveries);
+					$result = Libsync::process_channel_sync_delivery($env['sender'], $item, $deliveries);
 				}
 				else {
 					logger('sync packet type not supported.');
@@ -1920,7 +1924,7 @@ class Libzot {
 
 			// preserve conversations with which you are involved from expiration
 
-			$stored = (($item_result && $item_result['item']) ? $item_result['item'] : false);
+			$stored = ((isset($item_result['item'])) ? $item_result['item'] : false);
 			if ((is_array($stored)) && ($stored['id'] != $stored['parent'])
 				&& ($stored['author_xchan'] === $channel['channel_hash'])) {
 				retain_item($stored['item']['parent']);

Zotlabs/Lib/ThreadItem.php

@@ -84,10 +84,8 @@ class ThreadItem {
 
 	public function get_template_data($conv_responses, $thread_level=1, $conv_flags = []) {
 
-		$result = array();
-
-		$item     = $this->get_data();
-
+		$result = [];
+		$item = $this->get_data();
 		$commentww = '';
 		$sparkle = '';
 		$buttons = '';
@@ -360,8 +358,8 @@ class ThreadItem {
 		if($conv->get_mode() === 'channel')
 			$viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . urlencode(gen_link_id($item['mid']));
 
-		$comment_count_txt = sprintf( tt('%d comment','%d comments',$total_children),$total_children );
-		$list_unseen_txt = (($unseen_comments) ? sprintf( t('%d unseen'),$unseen_comments) : '');
+		$comment_count_txt = sprintf(tt('%d Comment', '%d Comments', $total_children), $total_children);
+		$list_unseen_txt = (($unseen_comments) ? sprintf(t('%d unseen'), $unseen_comments) : '');
 
 		$children = $this->get_children();
 

Zotlabs/Module/Acl.php

@@ -304,7 +304,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		}
 		elseif($type == 'a') {
 
-			$r = q("SELECT abook_id as id, xchan_name as name, xchan_network as net, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
+			$r = q("SELECT abook_id as id, xchan_name as name, xchan_network as net, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, xchan_addr as attag, abook_their_perms, abook_self FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d
 				and xchan_deleted = 0
 				$sql_extra3

Zotlabs/Module/Activity.php

@@ -182,7 +182,7 @@ class Activity extends Controller {
 				return;
 			}
 
-			$ob_authorise = false;
+			$ob_authorize = false;
 			$item_uid = 0;
 
 			$bear = ZlibActivity::token_from_request();

Zotlabs/Module/Cdav.php

@@ -332,9 +332,9 @@ class Cdav extends Controller {
 				} while ($duplicate == true);
 
 				$properties = [
-					'{DAV:}displayname' => $_REQUEST['{DAV:}displayname'],
-					'{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color'],
-					'{urn:ietf:params:xml:ns:caldav}calendar-description' => $channel['channel_name']
+					'{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname']),
+					'{http://apple.com/ns/ical/}calendar-color' => escape_tags($_REQUEST['color']),
+					'{urn:ietf:params:xml:ns:caldav}calendar-description' => escape_tags($channel['channel_name'])
 				];
 
 				$id = $caldavBackend->createCalendar($principalUri, $calendarUri, $properties);
@@ -366,7 +366,7 @@ class Cdav extends Controller {
 
 				$allday = $_REQUEST['allday'];
 
-				$title = $_REQUEST['title'];
+				$title = escape_tags($_REQUEST['title']);
 				$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
 				$dtstart = new \DateTime($start);
 
@@ -374,8 +374,8 @@ class Cdav extends Controller {
 					$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
 					$dtend = new \DateTime($end);
 				}
-				$description = $_REQUEST['description'];
-				$location = $_REQUEST['location'];
+				$description = escape_tags($_REQUEST['description']);
+				$location = escape_tags($_REQUEST['location']);
 
 				do {
 					$duplicate = false;
@@ -441,8 +441,8 @@ class Cdav extends Controller {
 				$cdavdata = $this->get_cdav_data($id[0], 'calendarinstances');
 
 				$mutations = [
-					'{DAV:}displayname' => $_REQUEST['{DAV:}displayname'],
-					'{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color']
+					'{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname']),
+					'{http://apple.com/ns/ical/}calendar-color' => escape_tags($_REQUEST['color'])
 				];
 
 				$patch = new \Sabre\DAV\PropPatch($mutations);
@@ -471,18 +471,18 @@ class Cdav extends Controller {
 				$timezone = ((x($_POST,'timezone_select')) ? escape_tags(trim($_POST['timezone_select'])) : '');
 				$tz = (($timezone) ? $timezone : date_default_timezone_get());
 
-				$allday = $_REQUEST['allday'];
+				$allday = intval($_REQUEST['allday']);
 
-				$uri = $_REQUEST['uri'];
-				$title = $_REQUEST['title'];
+				$uri = escape_tags($_REQUEST['uri']);
+				$title = escape_tags($_REQUEST['title']);
 				$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
 				$dtstart = new \DateTime($start);
 				if($_REQUEST['dtend']) {
 					$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
 					$dtend = new \DateTime($end);
 				}
-				$description = $_REQUEST['description'];
-				$location = $_REQUEST['location'];
+				$description = escape_tags($_REQUEST['description']);
+				$location = escape_tags($_REQUEST['location']);
 
 				$object = $caldavBackend->getCalendarObject($id, $uri);
 
@@ -654,7 +654,7 @@ class Cdav extends Controller {
 						$duplicate = true;
 				} while ($duplicate == true);
 
-				$properties = ['{DAV:}displayname' => $_REQUEST['{DAV:}displayname']];
+				$properties = ['{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname'])];
 
 				$carddavBackend->createAddressBook($principalUri, $addressbookUri, $properties);
 
@@ -668,9 +668,9 @@ class Cdav extends Controller {
 			}
 
 			//edit addressbook
-			if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && intval($_REQUEST['id'])) {
+			if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && $_REQUEST['id']) {
 
-				$id = $_REQUEST['id'];
+				$id = intval($_REQUEST['id']);
 
 				if(! cdav_perms($id,$addressbooks))
 					return;
@@ -678,7 +678,7 @@ class Cdav extends Controller {
 				$cdavdata = $this->get_cdav_data($id, 'addressbooks');
 
 				$mutations = [
-					'{DAV:}displayname' => $_REQUEST['{DAV:}displayname']
+					'{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname'])
 				];
 
 				$patch = new \Sabre\DAV\PropPatch($mutations);

Zotlabs/Module/Channel.php

@@ -31,8 +31,10 @@ class Channel extends Controller {
 			goaway(z_root() . '/search?f=&search=' . $_GET['search']);
 
 		$which = null;
-		if (argc() > 1)
+		if (argc() > 1) {
 			$which = argv(1);
+		}
+
 		if (!$which) {
 			if (local_channel()) {
 				$channel = App::get_channel();
@@ -40,9 +42,9 @@ class Channel extends Controller {
 					$which = $channel['channel_address'];
 			}
 		}
+
 		if (!$which) {
-			notice(t('You must be logged in to see this page.') . EOL);
-			return;
+			http_status_exit(404, 'Not found');
 		}
 
 		$profile = 0;

Zotlabs/Module/Connections.php

@@ -357,7 +357,7 @@ class Connections extends \Zotlabs\Web\Controller {
 						'oneway' => $oneway,
 						'perminfo' => $perminfo,
 						'connect' => (intval($rr['abook_not_here']) ? t('Connect') : ''),
-						'follow' => z_root() . '/follow/?f=&url=' . urlencode($rr['xchan_hash']) . '&interactive=0',
+						'follow' => z_root() . '/follow/?f=&url=' . urlencode($rr['xchan_hash']) . '&interactive=1',
 						'connect_hover' => t('Connect at this location'),
 						'role' => $roles_dict[$rr['abook_role']] ?? '',
 						'pending' => intval($rr['abook_pending'])

Zotlabs/Module/Display.php

@@ -90,6 +90,7 @@ class Display extends \Zotlabs\Web\Controller {
 			);
 
 			$o .= '<div id="jot-popup">';
+			$a = '';
 			$o .= status_editor($a,$x,false,'Display');
 			$o .= '</div>';
 		}
@@ -212,27 +213,27 @@ class Display extends \Zotlabs\Web\Controller {
 		$observer_hash = get_observer_hash();
 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
-
-		$sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
+		$sql_extra = '';
+		$r = [];
 
 		if($noscript_content || $load) {
-
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
 			// in case somebody turned off public access to sys channel content using permissions
 			// make that content unsearchable by ensuring the owner uid can't match
 			$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
 
-			$r = null;
-
 			if(local_channel()) {
 				$r = q("SELECT item.id AS item_id FROM item WHERE uid = %d AND mid = '%s' $item_normal LIMIT 1",
 					intval(local_channel()),
 					dbesc($target_item['parent_mid'])
 				);
+
 			}
 
-			if($r === null) {
+			if(!$r) {
+				$sql_extra = item_permissions_sql(0, $observer_hash);
+
 				$r = q("SELECT item.id AS item_id FROM item
 					WHERE ((mid = '%s'
 					AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid  = ''
@@ -256,7 +257,6 @@ class Display extends \Zotlabs\Web\Controller {
 			// make that content unsearchable by ensuring the owner uid can't match
 			$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
 
-			$r = null;
 			if(local_channel()) {
 				$r = q("SELECT item.parent AS item_id from item
 					WHERE uid = %d
@@ -269,7 +269,9 @@ class Display extends \Zotlabs\Web\Controller {
 				);
 			}
 
-			if($r === null) {
+			if(!$r) {
+				$sql_extra = item_permissions_sql(0, $observer_hash);
+
 				$r = q("SELECT item.id as item_id from item
 					WHERE ((parent_mid = '%s'
 					AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid  = ''
@@ -286,10 +288,6 @@ class Display extends \Zotlabs\Web\Controller {
 			}
 		}
 
-		else {
-			$r = [];
-		}
-
 		if($r) {
 			$parents_str = ids_to_querystr($r,'item_id');
 			if($parents_str) {
@@ -307,71 +305,71 @@ class Display extends \Zotlabs\Web\Controller {
 			$items = array();
 		}
 
-
 		switch($module_format) {
 
-		case 'html':
+			case 'html':
 
-			if ($update) {
-				$o .= conversation($items, 'display', $update, 'client');
-			}
-			else {
-				$o .= '<noscript>';
-				if($noscript_content) {
-					$o .= conversation($items, 'display', $update, 'traditional');
+				if ($update) {
+					$o .= conversation($items, 'display', $update, 'client');
 				}
 				else {
-					$o .= '<div class="section-content-warning-wrapper">' . t('You must enable javascript for your browser to be able to view this content.') . '</div>';
+					$o .= '<noscript>';
+					if($noscript_content) {
+						$o .= conversation($items, 'display', $update, 'traditional');
+					}
+					else {
+						$o .= '<div class="section-content-warning-wrapper">' . t('You must enable javascript for your browser to be able to view this content.') . '</div>';
+					}
+					$o .= '</noscript>';
+
+					if (isset($items[0]['title'])) {
+						App::$page['title'] = $items[0]['title'] . ' - ' . App::$page['title'];
+					}
+
+					$o .= conversation($items, 'display', $update, 'client');
 				}
-				$o .= '</noscript>';
 
-				App::$page['title'] = (($items[0]['title']) ? $items[0]['title'] . " - " . App::$page['title'] : App::$page['title']);
+				break;
 
-				$o .= conversation($items, 'display', $update, 'client');
-			}
+			case 'atom':
 
-			break;
+				$atom = replace_macros(get_markup_template('atom_feed.tpl'), array(
+					'$version'       => xmlify(\Zotlabs\Lib\System::get_project_version()),
+					'$generator'     => xmlify(\Zotlabs\Lib\System::get_platform_name()),
+					'$generator_uri' => 'https://hubzilla.org',
+					'$feed_id'       => xmlify(App::$cmd),
+					'$feed_title'    => xmlify(t('Article')),
+					'$feed_updated'  => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)),
+					'$author'        => '',
+					'$owner'         => '',
+					'$profile_page'  => xmlify(z_root() . '/display/' . gen_link_id($target_item['mid'])),
+				));
 
-		case 'atom':
+				$x = [ 'xml' => $atom, 'channel' => $channel, 'observer_hash' => $observer_hash, 'params' => $params ];
+				call_hooks('atom_feed_top',$x);
 
-			$atom = replace_macros(get_markup_template('atom_feed.tpl'), array(
-				'$version'       => xmlify(\Zotlabs\Lib\System::get_project_version()),
-				'$generator'     => xmlify(\Zotlabs\Lib\System::get_platform_name()),
-				'$generator_uri' => 'https://hubzilla.org',
-				'$feed_id'       => xmlify(App::$cmd),
-				'$feed_title'    => xmlify(t('Article')),
-				'$feed_updated'  => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)),
-				'$author'        => '',
-				'$owner'         => '',
-				'$profile_page'  => xmlify(z_root() . '/display/' . gen_link_id($target_item['mid'])),
-			));
+				$atom = $x['xml'];
 
-			$x = [ 'xml' => $atom, 'channel' => $channel, 'observer_hash' => $observer_hash, 'params' => $params ];
-			call_hooks('atom_feed_top',$x);
-
-			$atom = $x['xml'];
-
-			// a much simpler interface
-			call_hooks('atom_feed', $atom);
+				// a much simpler interface
+				call_hooks('atom_feed', $atom);
 
 
-			if($items) {
-				$type = 'html';
-				foreach($items as $item) {
-					if($item['item_private'])
-						continue;
-					$atom .= atom_entry($item, $type, null, '', true, '', false);
+				if($items) {
+					$type = 'html';
+					foreach($items as $item) {
+						if($item['item_private'])
+							continue;
+						$atom .= atom_entry($item, $type, null, '', true, '', false);
+					}
 				}
-			}
 
-			call_hooks('atom_feed_end', $atom);
+				call_hooks('atom_feed_end', $atom);
 
-			$atom .= '</feed>' . "\r\n";
-
-			header('Content-type: application/atom+xml');
-			echo $atom;
-			killme();
+				$atom .= '</feed>' . "\r\n";
 
+				header('Content-type: application/atom+xml');
+				echo $atom;
+				killme();
 		}
 
 		$o .= '<div id="content-complete"></div>';

Zotlabs/Module/Dreport.php

@@ -56,10 +56,12 @@ class Dreport extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		$r = q("select * from dreport where dreport_xchan = '%s' and (dreport_mid = '%s' or dreport_mid = '%s')",
+		$r = q("select * from dreport where dreport_xchan = '%s' and (dreport_mid = '%s' or dreport_mid = '%s' or dreport_mid = '%s' or dreport_mid = '%s')",
 			dbesc($channel['channel_hash']),
 			dbesc($mid),
-			dbesc(str_replace('/item/', '/activity/', $mid))
+			dbesc($mid . '#sync'),
+			dbesc(str_replace('/item/', '/activity/', $mid)),
+			dbesc(str_replace('/item/', '/activity/', $mid) . '#sync')
 		);
 
 		if(! $r) {

Zotlabs/Module/Fhublocs.php

@@ -60,20 +60,21 @@ class Fhublocs extends \Zotlabs\Web\Controller {
 
 				$h = hubloc_store_lowlevel(
 					[
-						'hubloc_guid'     => $rr['channel_guid'],
-						'hubloc_guid_sig' => $rr['channel_guid_sig'],
-						'hubloc_hash'     => $rr['channel_hash'],
-						'hubloc_id_url'   => channel_url($rr),
-						'hubloc_addr'     => channel_reddress($rr),
-						'hubloc_primary'  => intval($primary),
-						'hubloc_url'      => z_root(),
-						'hubloc_url_sig'  => Libzot::sign(z_root(), $rr['channel_prvkey']),
-						'hubloc_site_id'  => Libzot::make_xchan_hash(z_root(), $sitekey),
-						'hubloc_host'     => \App::get_hostname(),
-						'hubloc_callback' => z_root() . '/zot',
-						'hubloc_sitekey'  => $sitekey,
-						'hubloc_network'  => 'zot6',
-						'hubloc_updated'  => datetime_convert()
+						'hubloc_guid'      => $rr['channel_guid'],
+						'hubloc_guid_sig'  => $rr['channel_guid_sig'],
+						'hubloc_hash'      => $rr['channel_hash'],
+						'hubloc_id_url'    => channel_url($rr),
+						'hubloc_addr'      => channel_reddress($rr),
+						'hubloc_primary'   => intval($primary),
+						'hubloc_url'       => z_root(),
+						'hubloc_url_sig'   => Libzot::sign(z_root(), $rr['channel_prvkey']),
+						'hubloc_site_id'   => Libzot::make_xchan_hash(z_root(), $sitekey),
+						'hubloc_host'      => \App::get_hostname(),
+						'hubloc_callback'  => z_root() . '/zot',
+						'hubloc_sitekey'   => $sitekey,
+						'hubloc_network'   => 'zot6',
+						'hubloc_updated'   => datetime_convert(),
+						'hubloc_connected' => datetime_convert()
 					]
 				);
 

Zotlabs/Module/Item.php

@@ -393,7 +393,7 @@ class Item extends Controller {
 
 		$owner_hash = null;
 
-		$message_id    = ((x($_REQUEST, 'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
+		$message_id    = ((x($_REQUEST, 'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : null);
 		$created       = ((x($_REQUEST, 'created')) ? datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['created']) : datetime_convert());
 		$post_id       = ((x($_REQUEST, 'post_id')) ? intval($_REQUEST['post_id']) : 0);
 		$app           = ((x($_REQUEST, 'source')) ? strip_tags($_REQUEST['source']) : '');
@@ -710,6 +710,7 @@ class Item extends Controller {
 			$expires             = $orig_post['expires'];
 			$comments_closed     = $orig_post['comments_closed'];
 			$mid                 = $orig_post['mid'];
+			$uuid                = $orig_post['uuid'];
 			$thr_parent          = $orig_post['thr_parent'];
 			$parent_mid          = $orig_post['parent_mid'];
 			$plink               = $orig_post['plink'];
@@ -1000,10 +1001,8 @@ class Item extends Controller {
 
 		$notify_type = (($parent) ? 'comment-new' : 'wall-new');
 
-		$uuid = (($message_id) ? $message_id : item_message_id());
-
-		$mid  = $mid ?? z_root() . '/item/' . $uuid;
-
+		$uuid = $uuid ?? $message_id ?? item_message_id();
+		$mid = $mid ?? z_root() . '/item/' . $uuid;
 
 		if ($is_poll) {
 			$poll = [

Zotlabs/Module/Oep.php

@@ -15,7 +15,7 @@ class Oep extends \Zotlabs\Web\Controller {
 		logger('oep: ' . print_r($_REQUEST,true), LOGGER_DEBUG, LOG_INFO);
 
 		$html = ((argc() > 1 && argv(1) === 'html') ? true : false);
-		if($_REQUEST['url']) {
+		if(isset($_REQUEST['url'])) {
 			$_REQUEST['url'] = strip_zids($_REQUEST['url']);
 			$url = $_REQUEST['url'];
 		}
@@ -23,9 +23,9 @@ class Oep extends \Zotlabs\Web\Controller {
 		if(! $url)
 			http_status_exit(404, 'Not found');
 
-		$maxwidth  = $_REQUEST['maxwidth'];
-		$maxheight = $_REQUEST['maxheight'];
-		$format = $_REQUEST['format'];
+		$maxwidth  = $_REQUEST['maxwidth'] ?? 0;
+		$maxheight = $_REQUEST['maxheight'] ?? 0;
+		$format = $_REQUEST['format'] ?? '';
 		if($format && $format !== 'json')
 			http_status_exit(501, 'Not implemented');
 
@@ -70,8 +70,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) {
 			$res = $matches[2];
@@ -159,8 +159,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = [];
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('#//(.*?)/cards/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
 			$nick = $matches[2];
@@ -246,8 +246,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = [];
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('#//(.*?)/articles/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
 			$nick = $matches[2];
@@ -333,8 +333,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) {
 			$chn = $matches[3];
@@ -343,6 +343,7 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		if(! ($chn && $res))
 			return;
+
 		$c = q("select * from channel where channel_address = '%s' limit 1",
 			dbesc($chn)
 		);
@@ -454,8 +455,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('|//(.*?)/(.*?)/(.*?)/album/|',$url,$matches)) {
 			$chn = $matches[3];
@@ -519,8 +520,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('|//(.*?)/(.*?)/(.*?)$|',$url,$matches)) {
 			$chn = $matches[3];
@@ -582,8 +583,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('|//(.*?)/(.*?)/(.*?)/image/|',$url,$matches)) {
 			$chn = $matches[3];

Zotlabs/Module/Pconfig.php

@@ -13,8 +13,9 @@ class Pconfig extends \Zotlabs\Web\Controller {
 			return;
 
 
-		if($_SESSION['delegate'])
+		if(isset($_SESSION['delegate'])) {
 			return;
+		}
 
 		check_form_security_token_redirectOnErr('/pconfig', 'pconfig');
 

Zotlabs/Module/Register.php

@@ -26,7 +26,7 @@ class Register extends Controller {
 		// created a channel, we'll try to revive the connection request
 		// and process it.
 
-		if($_REQUEST['connect'])
+		if(isset($_REQUEST['connect']))
 			$_SESSION['connect'] = $_REQUEST['connect'];
 
 		switch($cmd) {

Zotlabs/Module/Update.php

@@ -5,8 +5,8 @@ namespace Zotlabs\Module;
 class Update extends \Zotlabs\Web\Controller {
 
 	function get() {
-	
-		$profile_uid = intval($_GET['p']);
+
+		$profile_uid = $_GET['p'] ?? 0;
 
 		// it's probably safe to do this for all modules and not just a limited subset,
 		// but it needs to be verified.
@@ -23,7 +23,7 @@ class Update extends \Zotlabs\Web\Controller {
 		if(in_array(strtolower(argv(1)),['articles','cards']))
 			killme();
 
-		$module = "\\Zotlabs\\Module\\" . ucfirst(argv(1));		
+		$module = "\\Zotlabs\\Module\\" . ucfirst(argv(1));
 		$load = (((argc() > 2) && (argv(2) == 'load')) ? 1 : 0);
 
 		$mod = new $module;
@@ -38,6 +38,6 @@ class Update extends \Zotlabs\Web\Controller {
 		echo "</section></body></html>\r\n";
 
 		killme();
-	
+
 	}
 }

Zotlabs/Module/Wall_upload.php

@@ -11,10 +11,10 @@ require_once('include/photos.php');
 class Wall_upload extends \Zotlabs\Web\Controller {
 
 	function post() {
-	
-	
-		$using_api = ((x($_FILES,'media')) ? true : false); 
-	
+
+
+		$using_api = ((x($_FILES,'media')) ? true : false);
+
 		if($using_api) {
 			require_once('include/api.php');
 			if(api_user())
@@ -24,32 +24,32 @@ class Wall_upload extends \Zotlabs\Web\Controller {
 			if(argc() > 1)
 				$channel = channelx_by_nick(argv(1));
 		}
-	
+
 		if(! $channel) {
 			if($using_api)
 				return;
 			notice( t('Channel not found.') . EOL);
 			killme();
 		}
-	
+
 		$observer = \App::get_observer();
-	
+
 		$args = array( 'source' => 'editor', 'visible' => 0, 'contact_allow' => array($channel['channel_hash']));
-	
+
 	 	$ret = photo_upload($channel,$observer,$args);
-	
+
 		if(! $ret['success']) {
 			if($using_api)
 				return;
 			notice($ret['message']);
 			killme();
 		}
-	
+
 		if($using_api)
 			return("\n\n" . $ret['body'] . "\n\n");
 		else
 			echo  "\n\n" . $ret['body'] . "\n\n";
 		killme();
 	}
-	
+
 }

Zotlabs/Web/WebServer.php

@@ -50,7 +50,8 @@ class WebServer {
 			else
 				unset($_SESSION['language']);
 		}
-		if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
+
+		if ((x($_SESSION, 'language')) && ($_SESSION['language'] !== \App::$language)) {
 			\App::$language = $_SESSION['language'];
 			load_translation_table(\App::$language);
 		}

Zotlabs/Widget/Messages.php

@@ -148,7 +148,7 @@ class Messages {
 			}
 
 			$entries[$i]['author_name'] = $item['author']['xchan_name'];
-			$entries[$i]['author_addr'] = (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']);
+			$entries[$i]['author_addr'] = $item['author']['xchan_addr'] ?? $item['author']['xchan_url'];
 			$entries[$i]['info'] = $info;
 			$entries[$i]['created'] = datetime_convert('UTC', date_default_timezone_get(), $item['created']);
 			$entries[$i]['summary'] = $summary;

Zotlabs/Zot6/Zot6Handler.php

@@ -71,7 +71,10 @@ class Zot6Handler implements IHandler {
 					where xchan_hash ='%s' limit 1",
 					dbesc($recip)
 				);
-				$x = Libzot::refresh([ 'hubloc_id_url' => $hub['hubloc_id_url']], $r[0], $force);
+
+				if ($r) {
+					$x = Libzot::refresh([ 'hubloc_id_url' => $hub['hubloc_id_url']], $r[0], $force);
+				}
 			}
 		}
 		else {

boot.php

@@ -60,7 +60,7 @@ require_once('include/bbcode.php');
 require_once('include/items.php');
 
 define('PLATFORM_NAME', 'hubzilla');
-define('STD_VERSION', '7.8.1');
+define('STD_VERSION', '7.8.7');
 define('ZOT_REVISION', '6.0');
 
 define('DB_UPDATE_VERSION', 1253);

include/attach.php

@@ -707,13 +707,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 
 	$darr = array('pathname' => $pathname);
 
-	// if we need to create a directory, use the channel default permissions.
-
-	$darr['allow_cid'] = $channel['channel_allow_cid'];
-	$darr['allow_gid'] = $channel['channel_allow_gid'];
-	$darr['deny_cid']  = $channel['channel_deny_cid'];
-	$darr['deny_gid']  = $channel['channel_deny_gid'];
+	// if we need to create a directory at this point, make it public
 
+	$darr['allow_cid'] = '';
+	$darr['allow_gid'] = '';
+	$darr['deny_cid']  = '';
+	$darr['deny_gid']  = '';
 
 	$direct = null;
 

include/connections.php

@@ -384,7 +384,7 @@ function contact_remove($channel_id, $abook_id) {
 		dbesc($abook['abook_xchan'])
 	);
 
-	if ($xchan && strpos($xchan['xchan_addr'],'guest:') === 0 && strpos($abook['abook_xchan'],'.')){
+	if ($xchan && strpos($xchan[0]['xchan_addr'],'guest:') === 0 && strpos($abook['abook_xchan'],'.')){
 		$atoken_guid = substr($abook['abook_xchan'],strrpos($abook['abook_xchan'],'.') + 1);
 		if ($atoken_guid) {
 			atoken_delete_and_sync($channel_id,$atoken_guid);

include/event.php

@@ -502,12 +502,22 @@ function ev_compare($a, $b) {
 
 
 function event_store_event($arr) {
-
-	$arr['created']        = (($arr['created'])        ? $arr['created']        : datetime_convert());
-	$arr['edited']         = (($arr['edited'])         ? $arr['edited']         : datetime_convert());
-	$arr['etype']          = (($arr['etype'])          ? $arr['etype']          : 'event' );
-	$arr['event_xchan']    = (($arr['event_xchan'])    ? $arr['event_xchan']    : '');
-	$arr['event_priority'] = (($arr['event_priority']) ? $arr['event_priority'] : 0);
+	$arr['created']        = $arr['created'] ?? datetime_convert();
+	$arr['edited']         = $arr['edited'] ?? datetime_convert();
+	$arr['etype']          = $arr['etype'] ?? 'event';
+	$arr['event_xchan']    = $arr['event_xchan'] ?? '';
+	$arr['event_priority'] = $arr['event_priority'] ?? 0;
+	$arr['location']       = $arr['location'] ?? '';
+	$arr['nofinish']       = $arr['nofinish'] ?? 0;
+	$arr['event_status']   = $arr['event_status'] ?? '';
+	$arr['event_percent']  = $arr['event_percent'] ?? 0;
+	$arr['event_repeat']   = $arr['event_repeat'] ?? '';
+	$arr['event_sequence'] = $arr['event_sequence'] ?? 0;
+	$arr['event_vdata']    = $arr['event_vdata'] ?? '';
+	$arr['allow_cid']      = $arr['allow_cid'] ?? '';
+	$arr['allow_gid']      = $arr['allow_gid'] ?? '';
+	$arr['deny_cid']       = $arr['deny_cid'] ?? '';
+	$arr['deny_gid']       = $arr['deny_gid'] ?? '';
 
 	if (! $arr['dtend']) {
 		$arr['dtend'] = NULL_DATE;
@@ -522,7 +532,7 @@ function event_store_event($arr) {
 
 	$existing_event = null;
 
-	if($arr['event_hash']) {
+	if(isset($arr['event_hash']) && $arr['event_hash']) {
 		$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
 			dbesc($arr['event_hash']),
 			intval($arr['uid'])
@@ -532,7 +542,7 @@ function event_store_event($arr) {
 		}
 	}
 
-	if($arr['id']) {
+	if(isset($arr['id']) && $arr['id']) {
 		$r = q("SELECT * FROM event WHERE id = %d AND uid = %d LIMIT 1",
 			intval($arr['id']),
 			intval($arr['uid'])
@@ -636,7 +646,6 @@ function event_store_event($arr) {
 				$hash = random_string(48);
 			}
 		}
-
 		$r = q("INSERT INTO event ( uid,aid,event_xchan,event_hash,created,edited,dtstart,dtend,summary,description,location,etype,
 			adjust,nofinish, event_status, event_status_date, event_percent, event_repeat, event_sequence, event_priority, event_vdata, allow_cid,allow_gid,deny_cid,deny_gid)
 			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, '%s', %d, %d, '%s', '%s', '%s', '%s', '%s' ) ",
@@ -1169,7 +1178,7 @@ function event_store_item($arr, $event) {
 
 	$item = null;
 
-	if($arr['mid'] && $arr['uid']) {
+	if(isset($arr['mid'], $arr['uid'])) {
 		$i = q("select * from item where mid = '%s' and uid = %d limit 1",
 			dbesc($arr['mid']),
 			intval($arr['uid'])

include/feedutils.php

@@ -1904,7 +1904,7 @@ function atom_entry($item, $type, $author, $owner, $comment = false, $cid = 0, $
 	if(! $item['parent'])
 		return;
 
-	if($item['deleted'])
+	if($item['item_deleted'])
 		return '<at:deleted-entry ref="' . xmlify($item['mid']) . '" when="' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '" />' . "\r\n";
 
 	create_export_photo_body($item);
@@ -2024,7 +2024,7 @@ function atom_entry($item, $type, $author, $owner, $comment = false, $cid = 0, $
 		}
 	}
 
-	if($item['term']) {
+	if (isset($item['term']) && $item['term']) {
 		foreach($item['term'] as $term) {
 			$scheme = '';
 			$label = '';

include/items.php

@@ -4336,7 +4336,6 @@ function zot_feed($uid, $observer_hash, $arr) {
 }
 
 function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = CLIENT_MODE_NORMAL,$module = 'network') {
-
 	$result      = ['success' => false];
 	$sql_extra   = '';
 	$sql_nets    = '';
@@ -4354,7 +4353,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 		);
 	}
 
-	if(isset($arr['uid'])) {
+	if(isset($arr['uid']) && $arr['uid']) {
 		$uid = $arr['uid'];
 	}
 
@@ -4364,30 +4363,30 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 		$item_uids = " item.uid = " . intval($uid) . " ";
 	}
 
-	if(isset($arr['top']))
+	if(isset($arr['top']) && $arr['top'])
 		$sql_options .= " and item_thread_top = 1 ";
 
-	if(isset($arr['star']))
+	if(isset($arr['star']) && $arr['star'])
 		$sql_options .= " and item_starred = 1 ";
 
-	if(isset($arr['wall']))
+	if(isset($arr['wall']) && $arr['wall'])
 		$sql_options .= " and item_wall = 1 ";
 
-	if(isset($arr['item_id']))
+	if(isset($arr['item_id']) && $arr['item_id'])
 		$sql_options .= " and parent = " . intval($arr['item_id']) . " ";
 
-	if(isset($arr['mid']))
+	if(isset($arr['mid']) && $arr['mid'])
 		$sql_options .= " and parent_mid = '" . dbesc($arr['mid']) . "' ";
 
 	$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE $item_uids and item_thread_top = 1 $sql_options $item_normal ) ";
 
-	if(isset($arr['since_id']))
+	if(isset($arr['since_id']) && $arr['since_id'])
 		$sql_extra .= " and item.id > " . intval($arr['since_id']) . " ";
 
-	if(isset($arr['cat']))
+	if(isset($arr['cat']) && $arr['cat'])
 		$sql_extra .= protect_sprintf(term_query('item', $arr['cat'], TERM_CATEGORY));
 
-	if(isset($arr['gid']) && $uid) {
+	if((isset($arr['gid']) && $arr['gid']) && $uid) {
 		$r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d LIMIT 1",
 			intval($arr['group']),
 			intval($uid)
@@ -4418,7 +4417,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 		$x = AccessList::by_hash($uid, $r[0]['hash']);
 		$result['headline'] = sprintf( t('Privacy group: %s'),$x['gname']);
 	}
-	elseif(isset($arr['cid']) && $uid) {
+	elseif((isset($arr['cid']) && $arr['cid']) && $uid) {
 
 		$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and abook_blocked = 0 limit 1",
 			intval($arr['cid']),
@@ -4437,14 +4436,14 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 		$sql_extra = " AND author_xchan = '" . $channel['channel_hash'] . "' and item_private = 0 $item_normal ";
 	}
 
-	if (isset($arr['datequery'])) {
+	if (isset($arr['datequery']) && $arr['datequery']) {
 		$sql_extra3 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert('UTC','UTC',$arr['datequery']))));
 	}
-	if (isset($arr['datequery2'])) {
+	if (isset($arr['datequery2']) && $arr['datequery2']) {
 		$sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert('UTC','UTC',$arr['datequery2']))));
 	}
 
-	if(isset($arr['search'])) {
+	if(isset($arr['search']) && $arr['search']) {
 		if(strpos($arr['search'],'#') === 0)
 			$sql_extra .= term_query('item',substr($arr['search'],1),TERM_HASHTAG,TERM_COMMUNITYTAG);
 		else
@@ -4453,11 +4452,11 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 			);
 	}
 
-	if(isset($arr['file'])) {
-		$sql_extra .= term_query('item',$arr['files'],TERM_FILE);
+	if(isset($arr['file']) && $arr['file']) {
+		$sql_extra .= term_query('item',$arr['file'],TERM_FILE);
 	}
 
-	if(isset($arr['conv']) && $channel) {
+	if((isset($arr['conv']) && $arr['conv']) && $channel) {
 		$sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or item_mentionsme = 1 )) ",
 			dbesc(protect_sprintf($uidhash))
 		);
@@ -4507,15 +4506,16 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 	require_once('include/security.php');
 	$sql_extra .= item_permissions_sql($channel['channel_id'],$observer_hash);
 
-	if(isset($arr['pages']))
+	if(isset($arr['pages']) && $arr['pages']) {
 		$item_restrict = " AND item_type = " . ITEM_TYPE_WEBPAGE . " ";
+	}
 	else
 		$item_restrict = " AND item_type = 0 ";
 
 	if(isset($arr['item_type']) && $arr['item_type'] === '*')
 		$item_restrict = '';
 
-	if (((isset($arr['compat'])) || (isset($arr['nouveau']) && ($client_mode & CLIENT_MODE_LOAD))) && $channel) {
+	if (((isset($arr['compat']) && $arr['compat']) || ((isset($arr['nouveau']) && $arr['nouveau']) && ($client_mode & CLIENT_MODE_LOAD))) && $channel) {
 
 		// "New Item View" - show all items unthreaded in reverse created date order
 
@@ -4552,9 +4552,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 			$ordering = "commented";
 
 		if(($client_mode & CLIENT_MODE_LOAD) || ($client_mode == CLIENT_MODE_NORMAL)) {
-
 			// Fetch a page full of parent items for this page
-
 			$r = dbq("SELECT distinct item.id AS item_id, item.$ordering FROM item
 				left join abook on item.author_xchan = abook.abook_xchan
 				WHERE $item_uids $item_restrict
@@ -4610,9 +4608,10 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 			$items = array();
 		}
 
-		if($parents_str && $arr['mark_seen'])
+		if ($parents_str && (isset($arr['mark_seen']) && $arr['mark_seen'])) {
 			$update_unseen = ' AND parent IN ( ' . dbesc($parents_str) . ' )';
 			/** @FIXME finish mark unseen sql */
+		}
 	}
 
 	return $items;

include/text.php

@@ -1892,8 +1892,8 @@ function format_poll($item,$s,$opts) {
 		return EMPTY_STR;
 	}
 
+	$closed = false;
 	$commentable = can_comment_on_post(((local_channel()) ? get_observer_hash() : EMPTY_STR), $item);
-
 	$activated = ((local_channel() && local_channel() == $item['uid'] && get_observer_hash() !== $item['owner_xchan']) ? true : false);
 	$output = $s;
 

view/de-de/hstrings.php

@@ -3432,11 +3432,11 @@ App::$strings["Reply on this comment"] = "Antworte auf diesen Kommentar";
 App::$strings["reply"] = "antworten";
 App::$strings["Reply to"] = "Antwort an";
 App::$strings["Delivery Report"] = "Zustellungsbericht";
-App::$strings["%d comment"] = array(
+App::$strings["%d Comment"] = array(
 	0 => "%d Kommentar",
 	1 => "%d Kommentare",
 );
-App::$strings["%d unseen"] = "1%d ungelesen";
+App::$strings["%d unseen"] = "%d ungelesen";
 App::$strings["Forum"] = "Forum";
 App::$strings["to"] = "an";
 App::$strings["Wall-to-Wall"] = "Wall-to-Wall";

view/theme/redbasic/css/style.css

@@ -12,6 +12,7 @@
 	--bs-border-radius: $radius;
 	--bs-link-color: $link_colour;
 	--bs-link-hover-color: $link_hover_colour;
+	--bs-body-bg: $bgcolour;
 }
 
 .nav-tabs {
@@ -39,7 +40,7 @@ html {
 
 body {
 	font-size: 0.9rem;
-	background-color: $bgcolour;
+	background-color: var(--bs-body-bg);
 	background-image: url('$background_image');
 	background-attachment: fixed;
 	background-size: cover;
@@ -1263,7 +1264,7 @@ img.mail-conv-sender-photo {
 }
 
 .generic-content-wrapper-styled {
-	background-color: $bgcolour;
+	background-color: var(--bs-body-bg);
 	padding: 10px;
 	border-radius: var(--bs-border-radius);
 }

view/theme/redbasic/schema/dark.css

@@ -2,6 +2,8 @@
 :root {
   color-scheme: dark;
   --bs-dark-rgb: #e1e1e1;
+  --bs-border-color: rgba(250, 250, 250, 0.125);
+  --bs-body-bg: #111;
 }
 
 .widget,
@@ -10,16 +12,16 @@
 }
 
 .comment-edit-text {
-	border: 1px solid rgba(250, 250, 250, 0.125);
+	border: 1px solid var(--bs-border-color);
 }
 
 .generic-content-wrapper {
-	border: 1px solid rgba(250, 250, 250, 0.125);
+	border: 1px solid var(--bs-border-color);
 }
 
 #profile-jot-wrapper {
 	background-color: unset;
-	border: 1px solid rgba(250, 250, 250, 0.125);
+	border: 1px solid var(--bs-border-color);
 }
 
 .bootstrap-tagsinput {
@@ -30,4 +32,3 @@ a,
 .fakelink {
 	color: var(--bs-link-color);
 }
-

view/tpl/channel_activities_photos.tpl

@@ -5,7 +5,7 @@
 	{{foreach $items as $i}}
 	<a href="{{$i.url}}" title="{{$i.alt}}">
 		<img src="{{$i.src}}" width="{{$i.width}}" height="{{$i.height}}" alt="{{$i.alt}}">
-		<div class='jg-caption autotime' title="{{$i.edited}}"></div>
+		<div class='jg-caption rounded text-truncate autotime' title="{{$i.edited}}"></div>
 	</a>
 	{{/foreach}}
 </div>

view/tpl/photo_top.tpl

@@ -1,4 +1,5 @@
 <a href="{{$photo.link}}" id="photo-top-photo-link-{{$photo.id}}" title="{{$photo.title}}">
 	<img src="{{$photo.src}}" alt="{{if $photo.album.name}}{{$photo.album.name}}{{elseif $photo.desc}}{{$photo.desc}}{{elseif $photo.alt}}{{$photo.alt}}{{else}}{{$photo.unknown}}{{/if}}" title="{{$photo.title}}" id="photo-top-photo-{{$photo.id}}" loading="lazy" />
+	<div class="jg-caption rounded text-truncate">{{if $photo.album.name}}{{$photo.album.name}}{{elseif $photo.desc}}{{$photo.desc}}{{elseif $photo.alt}}{{$photo.alt}}{{else}}{{$photo.unknown}}{{/if}}</div>
 </a>