fix merge conflict

This reverts commit 3aefe23184.

CHANGELOG

@@ -1,3 +1,9 @@
+Hubzilla 8.8.4 (2023-12-20)
+	- Fix regression introduced in version 8.8.3
+	- Add test for Lib/Config
+	- Add active addons and blocked sites to siteinfo
+
+
 Hubzilla 8.8.3 (2023-12-17)
 	- Check return from Config::Load() and retry on failure
 	- Libzot::import() do not prozess items where we could not fetch the author

Zotlabs/Lib/Config.php

@@ -36,7 +36,7 @@ class Config {
 
 		if (! array_key_exists('config_loaded', App::$config[$family])) {
 			$r = q("SELECT * FROM config WHERE cat = '%s'", dbesc($family));
-			if ($r === false) {
+			if ($r === false && !App::$install) {
 				sleep(3);
 				$recursionCounter ++;
 				if ($recursionCounter > 10) {
@@ -44,7 +44,7 @@ class Config {
 				}
 				self::Load($family, $recursionCounter);
 			}
-			else {
+			elseif (is_array($r)) {
 				foreach ($r as $rr) {
 					$k = $rr['k'];
 					App::$config[$family][$k] = $rr['v'];
@@ -72,7 +72,7 @@ class Config {
 	 */
 	public static function Set($family, $key, $value) {
 		// manage array value
-		$dbvalue = ((is_array($value))  ? serialise($value) : $value);
+		$dbvalue = ((is_array($value))  ? 'json:' . json_encode($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
 
 		if (self::Get($family, $key) === false || (! self::get_from_storage($family, $key))) {
@@ -121,6 +121,7 @@ class Config {
 	 * @return mixed Return value or false on error or if not set
 	 */
 	public static function Get($family, $key, $default = false) {
+
 		if ((! array_key_exists($family, App::$config)) || (! array_key_exists('config_loaded', App::$config[$family]))) {
 			self::Load($family);
 		}
@@ -130,11 +131,20 @@ class Config {
 				return $default;
 			}
 
-			return ((! is_array(App::$config[$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', App::$config[$family][$key]))
-				? unserialize(App::$config[$family][$key])
-				: App::$config[$family][$key]
-			);
+			$value = App::$config[$family][$key];
 
+			if (! is_array($value)) {
+				if (substr($value, 0, 5) == 'json:') {
+					return json_decode(substr($value, 5), true);
+				} else if (preg_match('|^a:[0-9]+:{.*}$|s', $value)) {
+					// Unserialize in inherently unsafe. Try to mitigate by not
+					// allowing unserializing objects. Only kept for backwards
+					// compatibility. JSON serialization should be prefered.
+					return unserialize($value, array('allowed_classes' => false));
+				} else {
+					return $value;
+				}
+			}
 		}
 
 		return $default;

Zotlabs/Module/Siteinfo.php

@@ -38,6 +38,8 @@ class Siteinfo extends \Zotlabs\Web\Controller {
 				'$prj_srctxt' => t('Developer homepage'),
 				'$prj_link' => \Zotlabs\Lib\System::get_project_link(),
 				'$prj_src' => \Zotlabs\Lib\System::get_project_srclink(),
+				'$addons' => array( t('Active addons'), \App::$plugins ),
+				'$blocked_sites' => array( t('Blocked sites'), \Zotlabs\Lib\Config::Get('system', 'blacklisted_sites') )
 			]
 		);
 

boot.php

@@ -62,7 +62,7 @@ require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 
 define('PLATFORM_NAME', 'hubzilla');
-define('STD_VERSION', '8.8.3');
+define('STD_VERSION', '8.8.4');
 define('ZOT_REVISION', '6.0');
 
 define('DB_UPDATE_VERSION', 1259);
@@ -1403,7 +1403,7 @@ function x($s, $k = null) {
  * @ref include/system_unavailable.php will handle everything further.
  */
 function system_unavailable() {
-	include('include/system_unavailable.php');
+	require_once('include/system_unavailable.php');
 	system_down();
 	killme();
 }

tests/unit/Lib/ConfigTest.php

@@ -0,0 +1,61 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * Tests for the Zotlabs\Lib\Config class.
+ *
+ * Until we have database testing in place, we can only test the Congig::Get
+ * method for now. This should be improved once the database test framework is
+ * merged.
+ */
+class ConfigTest extends Zotlabs\Tests\Unit\UnitTestCase {
+	/*
+	 * Hardcode a config that we can test against, and that we can
+	 * reuse in all the test cases.
+	 */
+	public function setUp(): void {
+		\App::$config = array(
+			'test' => array (
+				'plain' => 'plain value',
+				'php-array' => 'a:3:{i:0;s:3:"one";i:1;s:3:"two";i:2;s:5:"three";}',
+				'json-array' => 'json:["one","two","three"]',
+				'object-injection' => 'a:1:{i:0;O:18:"Zotlabs\Lib\Config":0:{}}',
+				'config_loaded' => true,
+			),
+		);
+	}
+
+	public function testGetPlainTextValue(): void {
+		$this->assertEquals(
+			Zotlabs\Lib\Config::Get('test', 'plain'),
+			'plain value'
+		);
+	}
+
+	public function testGetJSONSerializedArray(): void {
+		$this->assertEquals(
+			Zotlabs\Lib\Config::Get('test', 'json-array'),
+			array('one', 'two', 'three')
+		);
+	}
+
+	/*
+	 * Test that we can retreive old style serialized arrays that were
+	 * serialized with th PHP `serialize()` function.
+	 */
+	public function testGetPHPSerializedArray(): void {
+		$this->assertEquals(
+			Zotlabs\Lib\Config::Get('test', 'php-array'),
+			array('one', 'two', 'three')
+		);
+	}
+
+	/*
+	 * Make sure we're not vulnerable to PHP Object injection attacks when
+	 * using the PHP `unserialize()` function.
+	 */
+	public function testGetMaliciousPHPSerializedArray(): void {
+		$value = Zotlabs\Lib\Config::Get('test', 'object-injection');
+		$this->assertEquals($value[0]::class, '__PHP_Incomplete_Class');
+	}
+}

view/tpl/siteinfo.tpl

@@ -12,6 +12,26 @@
 
 <div>{{if $admin_about}}{{$admin_about}}{{else}}--{{/if}}</div>
 
+{{if $addons.1}}
+<br>
+<h3>{{$addons.0}}</h3>
+<ul>
+	{{foreach $addons.1 as $addon}}
+	<li>{{$addon}}</li>
+	{{/foreach}}
+</ul>
+{{/if}}
+
+{{if $blocked_sites.1}}
+<br>
+<h3>{{$blocked_sites.0}}</h3>
+<ul>
+	{{foreach $blocked_sites.1 as $site}}
+	<li>{{$site}}</li>
+	{{/foreach}}
+</ul>
+{{/if}}
+
 
 <br><br>
 <div><a href="help/TermsOfService">{{$terms}}</a></div>