changelog 7.8.6

CHANGELOG

@@ -1,3 +1,19 @@
+Hubzilla 7.8.6 (2022-11-14)
+	- Fix typo in boot.php
+
+
+Hubzilla 7.8.5 (2022-11-13)
+	- Fix outbound edit activity not of type update
+	- Fix mod display not falling through to fetch public item
+	- Fix more PHP warnings
+	- Fix regression in items_fetch() which resulted in empty atom feed
+	- Pubcrawl: cleanup and slightly restructre mod inbox
+
+
+Hubzilla 7.8.4 (2022-11-09)
+	- Fix new uuid created when editing a post
+
+
 Hubzilla 7.8.3 (2022-11-07)
 	- Fix regression where auto created directories were not created with public permissions
 	- Fix regression where pinned/featured state of apps was not displayed correctly

Zotlabs/Lib/Activity.php

@@ -545,6 +545,7 @@ class Activity {
 
 		call_hooks('encode_item', $hookinfo);
 
+
 		return $hookinfo['encoded'];
 
 	}
@@ -821,8 +822,12 @@ class Activity {
 		}
 
 		$ret['published'] = ((isset($i['created'])) ? datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME) : datetime_convert());
-		if (isset($i['created'], $i['edited']) && $i['created'] !== $i['edited'])
+		if (isset($i['created'], $i['edited']) && $i['created'] !== $i['edited']) {
 			$ret['updated'] = datetime_convert('UTC', 'UTC', $i['edited'], ATOM_TIME);
+			if ($ret['type'] === 'Create') {
+				$ret['type'] = 'Update';
+			}
+		}
 
 		if (isset($i['app']) && $i['app']) {
 			$ret['generator'] = ['type' => 'Application', 'name' => $i['app']];

Zotlabs/Lib/Libsync.php

@@ -184,6 +184,8 @@ class Libsync {
 
 		require_once('include/import.php');
 
+hz_syslog(print_r($arr, true));
+
 		$result = [];
 		$keychange = ((array_key_exists('keychange', $arr)) ? true : false);
 
@@ -192,7 +194,10 @@ class Libsync {
 				dbesc($sender)
 			);
 
-			$DR = new DReport(z_root(), $sender, $d, 'sync');
+			$mid = 'sync';
+
+
+			$DR = new DReport(z_root(), $sender, $d, $mid);
 
 			if (!$r) {
 				$DR->update('recipient not found');
@@ -202,7 +207,6 @@ class Libsync {
 
 			$channel = $r[0];
 
-			$mid = 'sync';
 
 			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
 
@@ -297,7 +301,7 @@ class Libsync {
 
 			if (array_key_exists('item', $arr) && $arr['item']) {
 				sync_items($channel, $arr['item'], ((array_key_exists('relocate', $arr)) ? $arr['relocate'] : null));
-				$mid = $arr['item']['mid'] . '#sync';
+				$mid = $arr['item'][0]['message_id'] . '#sync';
 			}
 
 			// deprecated, maintaining for a few months for upward compatibility
@@ -750,7 +754,6 @@ class Libsync {
 
 			$result[] = $DR->get();
 		}
-
 		return $result;
 	}
 

Zotlabs/Module/Activity.php

@@ -182,7 +182,7 @@ class Activity extends Controller {
 				return;
 			}
 
-			$ob_authorise = false;
+			$ob_authorize = false;
 			$item_uid = 0;
 
 			$bear = ZlibActivity::token_from_request();

Zotlabs/Module/Cdav.php

@@ -332,9 +332,9 @@ class Cdav extends Controller {
 				} while ($duplicate == true);
 
 				$properties = [
-					'{DAV:}displayname' => $_REQUEST['{DAV:}displayname'],
-					'{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color'],
-					'{urn:ietf:params:xml:ns:caldav}calendar-description' => $channel['channel_name']
+					'{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname']),
+					'{http://apple.com/ns/ical/}calendar-color' => escape_tags($_REQUEST['color']),
+					'{urn:ietf:params:xml:ns:caldav}calendar-description' => escape_tags($channel['channel_name'])
 				];
 
 				$id = $caldavBackend->createCalendar($principalUri, $calendarUri, $properties);
@@ -366,7 +366,7 @@ class Cdav extends Controller {
 
 				$allday = $_REQUEST['allday'];
 
-				$title = $_REQUEST['title'];
+				$title = escape_tags($_REQUEST['title']);
 				$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
 				$dtstart = new \DateTime($start);
 
@@ -374,8 +374,8 @@ class Cdav extends Controller {
 					$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
 					$dtend = new \DateTime($end);
 				}
-				$description = $_REQUEST['description'];
-				$location = $_REQUEST['location'];
+				$description = escape_tags($_REQUEST['description']);
+				$location = escape_tags($_REQUEST['location']);
 
 				do {
 					$duplicate = false;
@@ -441,8 +441,8 @@ class Cdav extends Controller {
 				$cdavdata = $this->get_cdav_data($id[0], 'calendarinstances');
 
 				$mutations = [
-					'{DAV:}displayname' => $_REQUEST['{DAV:}displayname'],
-					'{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color']
+					'{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname']),
+					'{http://apple.com/ns/ical/}calendar-color' => escape_tags($_REQUEST['color'])
 				];
 
 				$patch = new \Sabre\DAV\PropPatch($mutations);
@@ -471,18 +471,18 @@ class Cdav extends Controller {
 				$timezone = ((x($_POST,'timezone_select')) ? escape_tags(trim($_POST['timezone_select'])) : '');
 				$tz = (($timezone) ? $timezone : date_default_timezone_get());
 
-				$allday = $_REQUEST['allday'];
+				$allday = intval($_REQUEST['allday']);
 
-				$uri = $_REQUEST['uri'];
-				$title = $_REQUEST['title'];
+				$uri = escape_tags($_REQUEST['uri']);
+				$title = escape_tags($_REQUEST['title']);
 				$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
 				$dtstart = new \DateTime($start);
 				if($_REQUEST['dtend']) {
 					$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
 					$dtend = new \DateTime($end);
 				}
-				$description = $_REQUEST['description'];
-				$location = $_REQUEST['location'];
+				$description = escape_tags($_REQUEST['description']);
+				$location = escape_tags($_REQUEST['location']);
 
 				$object = $caldavBackend->getCalendarObject($id, $uri);
 
@@ -654,7 +654,7 @@ class Cdav extends Controller {
 						$duplicate = true;
 				} while ($duplicate == true);
 
-				$properties = ['{DAV:}displayname' => $_REQUEST['{DAV:}displayname']];
+				$properties = ['{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname'])];
 
 				$carddavBackend->createAddressBook($principalUri, $addressbookUri, $properties);
 
@@ -668,9 +668,9 @@ class Cdav extends Controller {
 			}
 
 			//edit addressbook
-			if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && intval($_REQUEST['id'])) {
+			if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && $_REQUEST['id']) {
 
-				$id = $_REQUEST['id'];
+				$id = intval($_REQUEST['id']);
 
 				if(! cdav_perms($id,$addressbooks))
 					return;
@@ -678,7 +678,7 @@ class Cdav extends Controller {
 				$cdavdata = $this->get_cdav_data($id, 'addressbooks');
 
 				$mutations = [
-					'{DAV:}displayname' => $_REQUEST['{DAV:}displayname']
+					'{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname'])
 				];
 
 				$patch = new \Sabre\DAV\PropPatch($mutations);

Zotlabs/Module/Display.php

@@ -213,27 +213,27 @@ class Display extends \Zotlabs\Web\Controller {
 		$observer_hash = get_observer_hash();
 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
-
-		$sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
+		$sql_extra = '';
+		$r = [];
 
 		if($noscript_content || $load) {
-
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
 			// in case somebody turned off public access to sys channel content using permissions
 			// make that content unsearchable by ensuring the owner uid can't match
 			$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
 
-			$r = null;
-
 			if(local_channel()) {
 				$r = q("SELECT item.id AS item_id FROM item WHERE uid = %d AND mid = '%s' $item_normal LIMIT 1",
 					intval(local_channel()),
 					dbesc($target_item['parent_mid'])
 				);
+
 			}
 
-			if($r === null) {
+			if(!$r) {
+				$sql_extra = item_permissions_sql(0, $observer_hash);
+
 				$r = q("SELECT item.id AS item_id FROM item
 					WHERE ((mid = '%s'
 					AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid  = ''
@@ -257,7 +257,6 @@ class Display extends \Zotlabs\Web\Controller {
 			// make that content unsearchable by ensuring the owner uid can't match
 			$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
 
-			$r = null;
 			if(local_channel()) {
 				$r = q("SELECT item.parent AS item_id from item
 					WHERE uid = %d
@@ -270,7 +269,9 @@ class Display extends \Zotlabs\Web\Controller {
 				);
 			}
 
-			if($r === null) {
+			if(!$r) {
+				$sql_extra = item_permissions_sql(0, $observer_hash);
+
 				$r = q("SELECT item.id as item_id from item
 					WHERE ((parent_mid = '%s'
 					AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid  = ''
@@ -287,10 +288,6 @@ class Display extends \Zotlabs\Web\Controller {
 			}
 		}
 
-		else {
-			$r = [];
-		}
-
 		if($r) {
 			$parents_str = ids_to_querystr($r,'item_id');
 			if($parents_str) {

Zotlabs/Module/Item.php

@@ -393,7 +393,7 @@ class Item extends Controller {
 
 		$owner_hash = null;
 
-		$message_id    = ((x($_REQUEST, 'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
+		$message_id    = ((x($_REQUEST, 'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : null);
 		$created       = ((x($_REQUEST, 'created')) ? datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['created']) : datetime_convert());
 		$post_id       = ((x($_REQUEST, 'post_id')) ? intval($_REQUEST['post_id']) : 0);
 		$app           = ((x($_REQUEST, 'source')) ? strip_tags($_REQUEST['source']) : '');
@@ -710,6 +710,7 @@ class Item extends Controller {
 			$expires             = $orig_post['expires'];
 			$comments_closed     = $orig_post['comments_closed'];
 			$mid                 = $orig_post['mid'];
+			$uuid                = $orig_post['uuid'];
 			$thr_parent          = $orig_post['thr_parent'];
 			$parent_mid          = $orig_post['parent_mid'];
 			$plink               = $orig_post['plink'];
@@ -1000,10 +1001,8 @@ class Item extends Controller {
 
 		$notify_type = (($parent) ? 'comment-new' : 'wall-new');
 
-		$uuid = (($message_id) ? $message_id : item_message_id());
-
-		$mid  = $mid ?? z_root() . '/item/' . $uuid;
-
+		$uuid = $uuid ?? $message_id ?? item_message_id();
+		$mid = $mid ?? z_root() . '/item/' . $uuid;
 
 		if ($is_poll) {
 			$poll = [

Zotlabs/Module/Oep.php

@@ -343,6 +343,7 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		if(! ($chn && $res))
 			return;
+
 		$c = q("select * from channel where channel_address = '%s' limit 1",
 			dbesc($chn)
 		);

Zotlabs/Web/WebServer.php

@@ -50,7 +50,8 @@ class WebServer {
 			else
 				unset($_SESSION['language']);
 		}
-		if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
+
+		if ((x($_SESSION, 'language')) && ($_SESSION['language'] !== \App::$language)) {
 			\App::$language = $_SESSION['language'];
 			load_translation_table(\App::$language);
 		}

boot.php

@@ -60,7 +60,7 @@ require_once('include/bbcode.php');
 require_once('include/items.php');
 
 define('PLATFORM_NAME', 'hubzilla');
-define('STD_VERSION', '7.8.3');
+define('STD_VERSION', '7.8.6');
 define('ZOT_REVISION', '6.0');
 
 define('DB_UPDATE_VERSION', 1253);

include/feedutils.php

@@ -1904,7 +1904,7 @@ function atom_entry($item, $type, $author, $owner, $comment = false, $cid = 0, $
 	if(! $item['parent'])
 		return;
 
-	if($item['deleted'])
+	if($item['item_deleted'])
 		return '<at:deleted-entry ref="' . xmlify($item['mid']) . '" when="' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '" />' . "\r\n";
 
 	create_export_photo_body($item);
@@ -2024,7 +2024,7 @@ function atom_entry($item, $type, $author, $owner, $comment = false, $cid = 0, $
 		}
 	}
 
-	if($item['term']) {
+	if (isset($item['term']) && $item['term']) {
 		foreach($item['term'] as $term) {
 			$scheme = '';
 			$label = '';

include/items.php

@@ -4336,7 +4336,6 @@ function zot_feed($uid, $observer_hash, $arr) {
 }
 
 function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = CLIENT_MODE_NORMAL,$module = 'network') {
-
 	$result      = ['success' => false];
 	$sql_extra   = '';
 	$sql_nets    = '';
@@ -4354,7 +4353,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 		);
 	}
 
-	if(isset($arr['uid'])) {
+	if(isset($arr['uid']) && $arr['uid']) {
 		$uid = $arr['uid'];
 	}
 
@@ -4364,30 +4363,30 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 		$item_uids = " item.uid = " . intval($uid) . " ";
 	}
 
-	if(isset($arr['top']))
+	if(isset($arr['top']) && $arr['top'])
 		$sql_options .= " and item_thread_top = 1 ";
 
-	if(isset($arr['star']))
+	if(isset($arr['star']) && $arr['star'])
 		$sql_options .= " and item_starred = 1 ";
 
-	if(isset($arr['wall']))
+	if(isset($arr['wall']) && $arr['wall'])
 		$sql_options .= " and item_wall = 1 ";
 
-	if(isset($arr['item_id']))
+	if(isset($arr['item_id']) && $arr['item_id'])
 		$sql_options .= " and parent = " . intval($arr['item_id']) . " ";
 
-	if(isset($arr['mid']))
+	if(isset($arr['mid']) && $arr['mid'])
 		$sql_options .= " and parent_mid = '" . dbesc($arr['mid']) . "' ";
 
 	$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE $item_uids and item_thread_top = 1 $sql_options $item_normal ) ";
 
-	if(isset($arr['since_id']))
+	if(isset($arr['since_id']) && $arr['since_id'])
 		$sql_extra .= " and item.id > " . intval($arr['since_id']) . " ";
 
-	if(isset($arr['cat']))
+	if(isset($arr['cat']) && $arr['cat'])
 		$sql_extra .= protect_sprintf(term_query('item', $arr['cat'], TERM_CATEGORY));
 
-	if(isset($arr['gid']) && $uid) {
+	if((isset($arr['gid']) && $arr['gid']) && $uid) {
 		$r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d LIMIT 1",
 			intval($arr['group']),
 			intval($uid)
@@ -4418,7 +4417,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 		$x = AccessList::by_hash($uid, $r[0]['hash']);
 		$result['headline'] = sprintf( t('Privacy group: %s'),$x['gname']);
 	}
-	elseif(isset($arr['cid']) && $uid) {
+	elseif((isset($arr['cid']) && $arr['cid']) && $uid) {
 
 		$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and abook_blocked = 0 limit 1",
 			intval($arr['cid']),
@@ -4437,14 +4436,14 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 		$sql_extra = " AND author_xchan = '" . $channel['channel_hash'] . "' and item_private = 0 $item_normal ";
 	}
 
-	if (isset($arr['datequery'])) {
+	if (isset($arr['datequery']) && $arr['datequery']) {
 		$sql_extra3 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert('UTC','UTC',$arr['datequery']))));
 	}
-	if (isset($arr['datequery2'])) {
+	if (isset($arr['datequery2']) && $arr['datequery2']) {
 		$sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert('UTC','UTC',$arr['datequery2']))));
 	}
 
-	if(isset($arr['search'])) {
+	if(isset($arr['search']) && $arr['search']) {
 		if(strpos($arr['search'],'#') === 0)
 			$sql_extra .= term_query('item',substr($arr['search'],1),TERM_HASHTAG,TERM_COMMUNITYTAG);
 		else
@@ -4453,11 +4452,11 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 			);
 	}
 
-	if(isset($arr['file'])) {
-		$sql_extra .= term_query('item',$arr['files'],TERM_FILE);
+	if(isset($arr['file']) && $arr['file']) {
+		$sql_extra .= term_query('item',$arr['file'],TERM_FILE);
 	}
 
-	if(isset($arr['conv']) && $channel) {
+	if((isset($arr['conv']) && $arr['conv']) && $channel) {
 		$sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or item_mentionsme = 1 )) ",
 			dbesc(protect_sprintf($uidhash))
 		);
@@ -4507,15 +4506,16 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 	require_once('include/security.php');
 	$sql_extra .= item_permissions_sql($channel['channel_id'],$observer_hash);
 
-	if(isset($arr['pages']))
+	if(isset($arr['pages']) && $arr['pages']) {
 		$item_restrict = " AND item_type = " . ITEM_TYPE_WEBPAGE . " ";
+	}
 	else
 		$item_restrict = " AND item_type = 0 ";
 
 	if(isset($arr['item_type']) && $arr['item_type'] === '*')
 		$item_restrict = '';
 
-	if (((isset($arr['compat'])) || (isset($arr['nouveau']) && ($client_mode & CLIENT_MODE_LOAD))) && $channel) {
+	if (((isset($arr['compat']) && $arr['compat']) || ((isset($arr['nouveau']) && $arr['nouveau']) && ($client_mode & CLIENT_MODE_LOAD))) && $channel) {
 
 		// "New Item View" - show all items unthreaded in reverse created date order
 
@@ -4552,9 +4552,7 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 			$ordering = "commented";
 
 		if(($client_mode & CLIENT_MODE_LOAD) || ($client_mode == CLIENT_MODE_NORMAL)) {
-
 			// Fetch a page full of parent items for this page
-
 			$r = dbq("SELECT distinct item.id AS item_id, item.$ordering FROM item
 				left join abook on item.author_xchan = abook.abook_xchan
 				WHERE $item_uids $item_restrict
@@ -4610,9 +4608,10 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 			$items = array();
 		}
 
-		if($parents_str && $arr['mark_seen'])
+		if ($parents_str && (isset($arr['mark_seen']) && $arr['mark_seen'])) {
 			$update_unseen = ' AND parent IN ( ' . dbesc($parents_str) . ' )';
 			/** @FIXME finish mark unseen sql */
+		}
 	}
 
 	return $items;