version 8.8.8

(cherry picked from commit 9cc85adf47)

CHANGELOG

@@ -1,3 +1,29 @@
+Hubzilla 8.8.8 (2024-02-29)
+	- Streams compatibility fixes
+
+
+Hubzilla 8.8.7 (2024-01-19)
+	- Fix regression in Activity::actor_store()
+
+
+Hubzilla 8.8.6 (2024-01-11)
+	- Provide more builtin jsonld files
+	- Development branch compatibility in Libsync
+
+
+Hubzilla 8.8.5 (2024-01-01)
+	- Fix possible loop if DB is not reachable (introduced in 8.8.3)
+	- Fix some errors and deprecation warnings with PHP 8.2
+	- Deprecate simplepie idna_convert in favor of PHP native function
+	- Fix double processed quoted strings in get_tags()
+
+
+Hubzilla 8.8.4 (2023-12-20)
+	- Fix regression introduced in version 8.8.3
+	- Add test for Lib/Config
+	- Add active addons and blocked sites to siteinfo
+
+
 Hubzilla 8.8.3 (2023-12-17)
 	- Check return from Config::Load() and retry on failure
 	- Libzot::import() do not prozess items where we could not fetch the author

Zotlabs/Lib/Activity.php

@@ -1626,11 +1626,15 @@ class Activity {
 		}
 		*/
 
-		$url = null;
-		$ap_hubloc = null;
+		$url = $person_obj['id'] ?? '';
+
+		if (!$url) {
+			return;
+		}
 
 		$hublocs = self::get_actor_hublocs($url);
 		$has_zot_hubloc = false;
+		$ap_hubloc = null;
 
 		if ($hublocs) {
 			foreach ($hublocs as $hub) {
@@ -1654,14 +1658,6 @@ class Activity {
 			}
 		}
 
-		if (isset($person_obj['id'])) {
-			$url = $person_obj['id'];
-		}
-
-		if (!$url) {
-			return;
-		}
-
 		$inbox = $person_obj['inbox'] ?? null;
 
 		// invalid AP identity

Zotlabs/Lib/Config.php

@@ -36,7 +36,7 @@ class Config {
 
 		if (! array_key_exists('config_loaded', App::$config[$family])) {
 			$r = q("SELECT * FROM config WHERE cat = '%s'", dbesc($family));
-			if ($r === false) {
+			if ($r === false && !App::$install) {
 				sleep(3);
 				$recursionCounter ++;
 				if ($recursionCounter > 10) {
@@ -44,15 +44,13 @@ class Config {
 				}
 				self::Load($family, $recursionCounter);
 			}
-			else {
+			elseif (is_array($r)) {
 				foreach ($r as $rr) {
 					$k = $rr['k'];
 					App::$config[$family][$k] = $rr['v'];
 				}
 				App::$config[$family]['config_loaded'] = true;
 			}
-
-
 		}
 	}
 
@@ -72,7 +70,7 @@ class Config {
 	 */
 	public static function Set($family, $key, $value) {
 		// manage array value
-		$dbvalue = ((is_array($value))  ? serialise($value) : $value);
+		$dbvalue = ((is_array($value))  ? 'json:' . json_encode($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
 
 		if (self::Get($family, $key) === false || (! self::get_from_storage($family, $key))) {
@@ -121,6 +119,7 @@ class Config {
 	 * @return mixed Return value or false on error or if not set
 	 */
 	public static function Get($family, $key, $default = false) {
+
 		if ((! array_key_exists($family, App::$config)) || (! array_key_exists('config_loaded', App::$config[$family]))) {
 			self::Load($family);
 		}
@@ -130,11 +129,20 @@ class Config {
 				return $default;
 			}
 
-			return ((! is_array(App::$config[$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', App::$config[$family][$key]))
-				? unserialize(App::$config[$family][$key])
-				: App::$config[$family][$key]
-			);
+			$value = App::$config[$family][$key];
 
+			if (! is_array($value)) {
+				if (substr($value, 0, 5) == 'json:') {
+					return json_decode(substr($value, 5), true);
+				} else if (preg_match('|^a:[0-9]+:{.*}$|s', $value)) {
+					// Unserialize in inherently unsafe. Try to mitigate by not
+					// allowing unserializing objects. Only kept for backwards
+					// compatibility. JSON serialization should be prefered.
+					return unserialize($value, array('allowed_classes' => false));
+				} else {
+					return $value;
+				}
+			}
 		}
 
 		return $default;

Zotlabs/Lib/Libsync.php

@@ -339,6 +339,8 @@ class Libsync {
 
 				}
 
+				$columns = db_columns('channel');
+
 				$disallowed = [
 					'channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey',
 					'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted',
@@ -349,16 +351,16 @@ class Libsync {
 					'channel_a_delegate'
 				];
 
-				$clean = [];
 				foreach ($arr['channel'] as $k => $v) {
-					if (in_array($k, $disallowed))
+					if (in_array($k, $disallowed)) {
 						continue;
-					$clean[$k] = $v;
-				}
-				if (count($clean)) {
-					foreach ($clean as $k => $v) {
-						dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) . "' where channel_id = " . intval($channel['channel_id']));
 					}
+
+					if (!in_array($k, $columns)) {
+						continue;
+					}
+
+					dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) . "' where channel_id = " . intval($channel['channel_id']));
 				}
 			}
 

Zotlabs/Module/Siteinfo.php

@@ -38,6 +38,8 @@ class Siteinfo extends \Zotlabs\Web\Controller {
 				'$prj_srctxt' => t('Developer homepage'),
 				'$prj_link' => \Zotlabs\Lib\System::get_project_link(),
 				'$prj_src' => \Zotlabs\Lib\System::get_project_srclink(),
+				'$addons' => array( t('Active addons'), \App::$plugins ),
+				'$blocked_sites' => array( t('Blocked sites'), \Zotlabs\Lib\Config::Get('system', 'blacklisted_sites') )
 			]
 		);
 

Zotlabs/Module/Sse_bs.php

@@ -190,7 +190,7 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		// Filter FEP-5624 approvals for comments and internal follow activities
-		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
+		$item_normal .= " AND verb NOT IN ('Add', 'Remove', '" . dbesc(ACTIVITY_TAG) . "', '" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
 
 		if ($notifications) {
 			$items = q("SELECT * FROM item
@@ -273,7 +273,7 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		// Filter FEP-5624 approvals for comments and internal follow activities
-		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
+		$item_normal .= " AND verb NOT IN ('Add', 'Remove', '" . dbesc(ACTIVITY_TAG) . "', '" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
 
 		if ($notifications) {
 			$items = q("SELECT * FROM item
@@ -356,7 +356,7 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		// Filter FEP-5624 approvals for comments and internal follow activities
-		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
+		$item_normal .= " AND verb NOT IN ('Add', 'Remove', '" . dbesc(ACTIVITY_TAG) . "', '" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
 
 		if ($notifications) {
 			$items = q("SELECT * FROM item
@@ -464,7 +464,7 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		// Filter FEP-5624 approvals for comments and internal follow activities
-		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
+		$item_normal .= " AND verb NOT IN ('Add', 'Remove', '" . dbesc(ACTIVITY_TAG) . "', '" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
 
 		if ($notifications) {
 			$items = q("SELECT * FROM item
@@ -660,8 +660,7 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		// Filter FEP-5624 approvals for comments and internal follow activities
-		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
-
+		$item_normal .= " AND verb NOT IN ('Add', 'Remove', '" . dbesc(ACTIVITY_TAG) . "', '" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
 
 		$r = q("SELECT * FROM item
 			WHERE verb = '%s'

Zotlabs/Photo/PhotoGd.php

@@ -17,11 +17,11 @@ class PhotoGd extends PhotoDriver {
 		$t = [];
 
 		$t['image/jpeg'] = 'jpg';
-		if(imagetypes() & IMG_PNG)
+		if(\imagetypes() & IMG_PNG)
 			$t['image/png'] = 'png';
-		if(imagetypes() & IMG_GIF)
+		if(\imagetypes() & IMG_GIF)
 			$t['image/gif'] = 'gif';
-		if(imagetypes() & IMG_WEBP)
+		if(\imagetypes() & IMG_WEBP)
 			$t['image/webp'] = 'webp';
 
 		return $t;

Zotlabs/Text/Tagadelic.php

@@ -24,7 +24,7 @@ class Tagadelic {
 			$x ++;
 		}
 
-		usort($tags,'self::tags_sort');
+		usort($tags, [self::class, 'tags_sort']);
 
 		$range = max(.01, $max - $min) * 1.0001;
 
@@ -41,4 +41,4 @@ class Tagadelic {
 		return((strtolower($a[0]) < strtolower($b[0])) ? -1 : 1);
 	}
 
-}
+}

Zotlabs/Widget/Messages.php

@@ -61,7 +61,8 @@ class Messages {
 
 		$channel = App::get_channel();
 		$item_normal = item_normal();
-		$item_normal .= " and item.verb != '" . ACTIVITY_FOLLOW . "'";
+		$item_normal .= " and item.verb not in ('Add', 'Remove', '" . ACTIVITY_FOLLOW . "', '" . ACTIVITY_TAG . "') ";
+
 		$item_normal_i = str_replace('item.', 'i.', $item_normal);
 		$item_normal_c = str_replace('item.', 'c.', $item_normal);
 		$entries = [];

Zotlabs/Zot6/Receiver.php

@@ -22,6 +22,7 @@ class Receiver {
 	protected $prvkey;
 	protected $rawdata;
 	protected $sigdata;
+	protected $hub;
 
 	function __construct($handler, $localdata = null) {
 

boot.php

@@ -62,7 +62,7 @@ require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 
 define('PLATFORM_NAME', 'hubzilla');
-define('STD_VERSION', '8.8.3');
+define('STD_VERSION', '8.8.8');
 define('ZOT_REVISION', '6.0');
 
 define('DB_UPDATE_VERSION', 1259);
@@ -680,8 +680,8 @@ function sys_boot() {
 		 * Load configs from db. Overwrite configs from .htconfig.php
 		 */
 
-		load_config('system');
-		load_config('feature');
+		Config::Load('system');
+		Config::Load('feature');
 
 		App::$session = new Zotlabs\Web\Session();
 		App::$session->init();
@@ -1403,7 +1403,7 @@ function x($s, $k = null) {
  * @ref include/system_unavailable.php will handle everything further.
  */
 function system_unavailable() {
-	include('include/system_unavailable.php');
+	require_once('include/system_unavailable.php');
 	system_down();
 	killme();
 }

doc/admin/administrator_guide.md

@@ -85,16 +85,16 @@ There are several ways to deploy a new hub.
   Example config scripts are available for these platforms in doc/install.
   Apache and nginx have the most support.
 
-* PHP 7.1 or later.
- * Note that on some shared hosting environments, the _command line_
-   version of PHP might differ from the _webserver_ version
+* PHP 8.1 or later.
+  Note that on some shared hosting environments, the _command line_
+  version of PHP might differ from the _webserver_ version
 
 * PHP *command line* access with register_argc_argv set to true in the
-  php.ini file * and with no hosting provider restrictions on the use of
+  php.ini file, and with no hosting provider restrictions on the use of
   exec() and proc_open().
 
-* curl, gd (with at least jpeg and png support), mysqli, mbstring, zip,
-  and openssl extensions. The imagick extension is not required but desirable.
+* curl, gd (with at least jpeg and png support), pdo-mysql (or pdo-postgres), mbstring, zip,
+  and openssl extensions. The imagick extension is not required, but recommended.
 
 * xml extension is required if you want webdav to work.
 

include/conversation.php

@@ -450,6 +450,10 @@ function visible_activity($item) {
 		return false;
 	}
 
+	if (in_array($item['verb'], ['Add', 'Remove', ACTIVITY_TAG])) {
+		return false;
+	}
+
 	foreach($hidden_activities as $act) {
 		if((activity_match($item['verb'], $act)) && ($item['mid'] != $item['parent_mid'])) {
 			return false;

include/network.php

@@ -2061,6 +2061,10 @@ function jsonld_document_loader($url) {
 		'https://www.w3.org/ns/activitystreams' => 'library/w3org/activitystreams.jsonld',
 		'https://w3id.org/identity/v1' => 'library/w3org/identity-v1.jsonld',
 		'https://w3id.org/security/v1' => 'library/w3org/security-v1.jsonld',
+		'https://www.w3.org/ns/did/v1' => 'library/w3org/did-v1.jsonld',
+		'https://w3id.org/security/multikey/v1' => 'library/w3org/security-multikey-v1.jsonld',
+		'https://w3id.org/security/data-integrity/v1' => 'library/w3org/security-data-integrity-v1.jsonld',
+		'https://purl.archive.org/socialweb/webfinger' => 'library/w3org/socialweb-webfinger.jsonld'
 	];
 
 	$x = debug_backtrace();

include/plugin.php

@@ -190,7 +190,7 @@ function reload_plugins() {
 	$plugins = get_config('system', 'addon');
 	if(strlen($plugins)) {
 		$r = dbq("SELECT * FROM addon WHERE installed = 1");
-		if(count($r))
+		if($r)
 			$installed = $r;
 		else
 			$installed = array();

include/system_unavailable.php

@@ -3,7 +3,10 @@
 require_once("include/network.php");
 
 function system_down() {
-http_status(503, 'Service Unavailable');
+// Set $skiplog to true here. Otherwise we will run into a loop
+// when system_unavailable() -> system_down() is called from Zotlabs\Lib\Config::Load()
+// but the DB is not available.
+http_status(503, 'Service Unavailable', true);
 echo <<< EOT
 <html>
 <head><title>System Unavailable</title></head>
@@ -12,4 +15,4 @@ Apologies but this site is unavailable at the moment. Please try again later.
 </body>
 </html>
 EOT;
-}
+}

include/text.php

@@ -904,6 +904,8 @@ function get_tags($s) {
 			$ret[] = $mtch;
 		}
 	}
+
+
 	if(preg_match_all('/([@#\!]\".*?\")/',$s,$match)) {
 		foreach($match[1] as $mtch) {
 			$ret[] = $mtch;
@@ -936,6 +938,8 @@ function get_tags($s) {
 			// or quote remnants from the quoted strings we already picked out earlier
 			if(strpos($mtch,'&quot'))
 				continue;
+			if(strpos($mtch,'"'))
+				continue;
 
 			$ret[] = $mtch;
 		}
@@ -1639,6 +1643,7 @@ function format_hashtags(&$item) {
 
 	$s = '';
 	$terms = isset($item['term']) ? get_terms_oftype($item['term'], array(TERM_HASHTAG, TERM_COMMUNITYTAG)) : [];
+
 	if($terms) {
 		foreach($terms as $t) {
 			$term = htmlspecialchars($t['term'], ENT_COMPAT, 'UTF-8', false) ;
@@ -3834,30 +3839,21 @@ function featured_sort($a,$b) {
 }
 
 
-// Be aware that punify will convert domain names and pathnames
+function unpunify($s) {
+	if (function_exists('idn_to_utf8') && isset($s)) {
+		return idn_to_utf8($s);
+	}
+	return $s;
+}
 
 
 function punify($s) {
-	require_once('vendor/simplepie/simplepie/idn/idna_convert.class.php');
-	$x = new idna_convert(['encoding' => 'utf8']);
-	return $x->encode($s);
-
+	if (function_exists('idn_to_ascii') && isset($s)) {
+		return idn_to_ascii($s);
+	}
+	return $s;
 }
 
-/**
- * Be aware that unpunify() will only convert domain names and not pathnames.
- *
- * @param string $s
- * @return string
- */
-function unpunify($s) {
-	require_once('vendor/simplepie/simplepie/idn/idna_convert.class.php');
-	$x = new idna_convert(['encoding' => 'utf8']);
-
-	return $x->decode($s);
-}
-
-
 function unique_multidim_array($array, $key) {
     $temp_array = array();
     $i = 0;

library/w3org/did-v1.jsonld

@@ -0,0 +1,54 @@
+{
+  "@context": {
+    "alsoKnownAs": {
+      "@id": "https://www.w3.org/ns/activitystreams#alsoKnownAs",
+      "@type": "@id"
+    },
+    "assertionMethod": {
+      "@id": "https://w3id.org/security#assertionMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "authentication": {
+      "@id": "https://w3id.org/security#authenticationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityDelegation": {
+      "@id": "https://w3id.org/security#capabilityDelegationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityInvocation": {
+      "@id": "https://w3id.org/security#capabilityInvocationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "controller": {
+      "@id": "https://w3id.org/security#controller",
+      "@type": "@id"
+    },
+    "keyAgreement": {
+      "@id": "https://w3id.org/security#keyAgreementMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "service": {
+      "@id": "https://www.w3.org/ns/did#service",
+      "@type": "@id",
+      "@context": {
+        "@protected": true,
+        "id": "@id",
+        "type": "@type",
+        "serviceEndpoint": {
+          "@id": "https://www.w3.org/ns/did#serviceEndpoint",
+          "@type": "@id"
+        }
+      }
+    },
+    "verificationMethod": {
+      "@id": "https://w3id.org/security#verificationMethod",
+      "@type": "@id"
+    }
+  }
+}

library/w3org/security-data-integrity-v1.jsonld

@@ -0,0 +1,62 @@
+{
+  "@context": {
+    "id": "@id",
+    "type": "@type",
+    "proof": {
+      "@id": "https://w3id.org/security#proof",
+      "@type": "@id"
+    },
+    "DataIntegrityProof": {
+      "@id": "https://w3id.org/security#DataIntegrityProof"
+    },
+    "challenge": "https://w3id.org/security#challenge",
+    "created": {
+      "@id": "http://purl.org/dc/terms/created",
+      "@type": "http://www.w3.org/2001/XMLSchema#dateTime"
+    },
+    "domain": "https://w3id.org/security#domain",
+    "expires": {
+      "@id": "https://w3id.org/security#expiration",
+      "@type": "http://www.w3.org/2001/XMLSchema#dateTime"
+    },
+    "nonce": "https://w3id.org/security#nonce",
+    "cryptosuite": "https://w3id.org/security#cryptosuite",
+    "proofValue": {
+      "@id": "https://w3id.org/security#proofValue",
+      "@type": "https://w3id.org/security#multibase"
+    },
+    "verificationMethod": {
+      "@id": "https://w3id.org/security#verificationMethod",
+      "@type": "@id"
+    },
+    "proofPurpose": {
+      "@id": "https://w3id.org/security#proofPurpose",
+      "@type": "@vocab"
+    },
+    "assertionMethod": {
+      "@id": "https://w3id.org/security#assertionMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "authentication": {
+      "@id": "https://w3id.org/security#authenticationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityInvocation": {
+      "@id": "https://w3id.org/security#capabilityInvocationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "capabilityDelegation": {
+      "@id": "https://w3id.org/security#capabilityDelegationMethod",
+      "@type": "@id",
+      "@container": "@set"
+    },
+    "keyAgreement": {
+      "@id": "https://w3id.org/security#keyAgreementMethod",
+      "@type": "@id",
+      "@container": "@set"
+    }
+  }
+}

library/w3org/security-multikey-v1.jsonld

@@ -0,0 +1,25 @@
+{
+  "@context": {
+    "id": "@id",
+    "type": "@type",
+    "Multikey": {
+      "@id": "https://w3id.org/security#Multikey"
+    },
+    "controller": {
+      "@id": "https://w3id.org/security#controller",
+      "@type": "@id"
+    },
+    "revoked": {
+      "@id": "https://w3id.org/security#revoked",
+      "@type": "http://www.w3.org/2001/XMLSchema#dateTime"
+    },
+    "publicKeyMultibase": {
+      "@id": "https://w3id.org/security#publicKeyMultibase",
+      "@type": "https://w3id.org/security#multibase"
+    },
+    "secretKeyMultibase": {
+      "@id": "https://w3id.org/security#secretKeyMultibase",
+      "@type": "https://w3id.org/security#multibase"
+    }
+  }
+}

library/w3org/socialweb-webfinger.jsonld

@@ -0,0 +1,10 @@
+{
+  "@context": {
+    "wf": "https://purl.archive.org/socialweb/webfinger#",
+    "xsd": "http://www.w3.org/2001/XMLSchema#",
+    "webfinger": {
+      "@id": "wf:webfinger",
+      "@type": "xsd:string"
+    }
+  }
+}

tests/unit/Lib/ConfigTest.php

@@ -0,0 +1,61 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * Tests for the Zotlabs\Lib\Config class.
+ *
+ * Until we have database testing in place, we can only test the Congig::Get
+ * method for now. This should be improved once the database test framework is
+ * merged.
+ */
+class ConfigTest extends Zotlabs\Tests\Unit\UnitTestCase {
+	/*
+	 * Hardcode a config that we can test against, and that we can
+	 * reuse in all the test cases.
+	 */
+	public function setUp(): void {
+		\App::$config = array(
+			'test' => array (
+				'plain' => 'plain value',
+				'php-array' => 'a:3:{i:0;s:3:"one";i:1;s:3:"two";i:2;s:5:"three";}',
+				'json-array' => 'json:["one","two","three"]',
+				'object-injection' => 'a:1:{i:0;O:18:"Zotlabs\Lib\Config":0:{}}',
+				'config_loaded' => true,
+			),
+		);
+	}
+
+	public function testGetPlainTextValue(): void {
+		$this->assertEquals(
+			Zotlabs\Lib\Config::Get('test', 'plain'),
+			'plain value'
+		);
+	}
+
+	public function testGetJSONSerializedArray(): void {
+		$this->assertEquals(
+			Zotlabs\Lib\Config::Get('test', 'json-array'),
+			array('one', 'two', 'three')
+		);
+	}
+
+	/*
+	 * Test that we can retreive old style serialized arrays that were
+	 * serialized with th PHP `serialize()` function.
+	 */
+	public function testGetPHPSerializedArray(): void {
+		$this->assertEquals(
+			Zotlabs\Lib\Config::Get('test', 'php-array'),
+			array('one', 'two', 'three')
+		);
+	}
+
+	/*
+	 * Make sure we're not vulnerable to PHP Object injection attacks when
+	 * using the PHP `unserialize()` function.
+	 */
+	public function testGetMaliciousPHPSerializedArray(): void {
+		$value = Zotlabs\Lib\Config::Get('test', 'object-injection');
+		$this->assertEquals($value[0]::class, '__PHP_Incomplete_Class');
+	}
+}

view/tpl/siteinfo.tpl

@@ -12,6 +12,26 @@
 
 <div>{{if $admin_about}}{{$admin_about}}{{else}}--{{/if}}</div>
 
+{{if $addons.1}}
+<br>
+<h3>{{$addons.0}}</h3>
+<ul>
+	{{foreach $addons.1 as $addon}}
+	<li>{{$addon}}</li>
+	{{/foreach}}
+</ul>
+{{/if}}
+
+{{if $blocked_sites.1}}
+<br>
+<h3>{{$blocked_sites.0}}</h3>
+<ul>
+	{{foreach $blocked_sites.1 as $site}}
+	<li>{{$site}}</li>
+	{{/foreach}}
+</ul>
+{{/if}}
+
 
 <br><br>
 <div><a href="help/TermsOfService">{{$terms}}</a></div>