Merge branch 'dev' into nomadic

2024-09-19 15:55:13 +00:00 · 2024-06-17 05:41:04 +10:00 · 2024-06-17 05:41:04 +10:00 · 253ee62d2c
commit 253ee62d2c
parent dae31497ef effcc661b0
22 changed files with 1475 additions and 1373 deletions
--- a/include/items.php
+++ b/include/items.php
@ -125,7 +125,7 @@ function collect_recipients($item, &$private_envelope) {
    // This is a somewhat expensive operation but important.
    // Don't send this item to anybody who doesn't have the deliver_stream permission
-    $recipients = check_deliver_permissions($item['uid'],$recipients);
+    $recipients = check_deliver_permissions($item,$recipients);
    // Add both the author and owner (if different).
--- a/include/permissions.php
+++ b/include/permissions.php
@ -3,6 +3,7 @@
 use Code\Access\Permissions;
 use Code\Access\PermissionLimits;
 use Code\Extend\Hook;
 use Code\Lib\Libzot;
 require_once('include/security.php');
@ -515,9 +516,11 @@ function check_list_permissions($uid, $arr, $perm)
    return($result);
 }
-function check_deliver_permissions($uid, $arr)
+function check_deliver_permissions($item, $arr, $includeMentions = false)
 {
    $result = [];
    $uid = $item['uid'] ?? 0;
    $terms = ((isset($item['term'])) ? get_terms_oftype($item['term'], [TERM_MENTION, TERM_GROUP]) : false);
    // Find actors we are not delivering to.
    $r = q("select * from abconfig where chan = %d and cat = 'system' and k = 'my_perms' and v not like '%%deliver_stream%%'",
        intval($uid)
@ -533,27 +536,47 @@ function check_deliver_permissions($uid, $arr)
    // Filter the recipient list accordingly.
    if ($arr) {
-        foreach ($arr as $x) {
+        foreach ($arr as $recipient) {
            $accepting = $deliverable = false;
-            if (in_array($x, $theyAccept)) {
+            if (in_array($recipient, $theyAccept)) {
                $accepting = true;
            }
-            if (!in_array($x, $willNotSend)) {
+
            if (!in_array($recipient,$willNotSend)) {
                $deliverable = true;
            }
-            if ($deliverable && !$accepting) {
+            if ($deliverable || !$accepting) {
                // Groups don't generally provide send_stream permission as they aren't really following you,
                // but they do allow you to send them group targeted posts.
-                $r = q("select xchan_hash from xchan where xchan_hash = '%s' and xchan_type = %d ",
+
-                    dbesc($x),
+                $r = q("select xchan_hash from xchan where xchan_hash = '%s' and xchan_type = %d",
                    dbesc($recipient),
                    intval(XCHAN_TYPE_GROUP)
                );
                if ($r) {
-                    $result[] = $x;
+                    if ($r && !in_array($recipient, $result)) {
                        $result[] = $recipient;
                        continue;
                    }
                }
            }
-            if ($deliverable && $accepting) {
+
-                $result[] = $x;
+            if ($deliverable && $accepting && !in_array($recipient, $result)) {
                $result[] = $recipient;
            }
        }
        // Send mentions even if you have no permission to do so. They might allow it.
        if ($terms && $includeMentions) {
            foreach ($terms as $term) {
                $r = q("select * from hubloc where (hubloc_hash = '%s' or hubloc_id_url = '%s') and hubloc_deleted = 0",
                    dbesc($term['url']),
                    dbesc($term['url'])
                );
                $r = Libzot::zot_record_preferred($r);
                if ($r && !in_array($r['hubloc_hash'], $result)) {
                    $result[] = $r['hubloc_hash'];
                    break;
                }
            }
        }
    }
--- a/install/htconfig.sample.php
+++ b/install/htconfig.sample.php
@ -65,7 +65,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // In order to perform system administration via the admin panel, admin_email
 // must precisely match the email address of the person logged in.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '';
--- a/src/Daemon/Notifier.php
+++ b/src/Daemon/Notifier.php
@ -444,7 +444,7 @@ class Notifier implements DaemonInterface
                else {
                    $sendto = array_merge($sendto, self::getConversationAudience($parent_item));
                }
-                self::$recipients = check_deliver_permissions($target_item['uid'], $sendto);
+                self::$recipients = check_deliver_permissions($target_item, $sendto);
                logger('followup relay (upstream delivery)', LOGGER_DEBUG);
                logger('replyto: upstream recipients ' . print_r(self::$recipients, true), LOGGER_DEBUG);
@ -497,7 +497,7 @@ class Notifier implements DaemonInterface
                        foreach ($r as $rv) {
                            self::$recipients[] = $rv['abook_xchan'];
                        }
-                        self::$recipients = check_deliver_permissions($target_item['uid'], self::$recipients);
+                        self::$recipients = check_deliver_permissions($target_item, self::$recipients, true);
                    }
                }
                elseif (($audience & AUDIENCE_SENDER) || ($audience & AUDIENCE_FOLLOWERS)
@ -524,7 +524,7 @@ class Notifier implements DaemonInterface
                            }
                        }
                    }
-                    self::$recipients = check_deliver_permissions($target_item['uid'], $sendto);
+                    self::$recipients = check_deliver_permissions($target_item, $sendto, ($audience & AUDIENCE_FOLLOWERS));
                }
                else {
                    self::$private = false;
--- a/src/Lib/DataUrl.php
+++ b/src/Lib/DataUrl.php
@ -0,0 +1,48 @@
 <?php
 namespace Code\Lib;
 class DataUrl
 {
    protected $data = null;
    protected $mediaType = null;
    protected $encoding = null;
    public function __construct($data, $mediaType = '', $encoding = '')
    {
        $this->data = $data;
        $this->mediaType = $mediaType;
        $this->encoding = $encoding;
        return $this;
    }
    public function encode()
    {
        return 'data:' . $this->mediaType . (($this->encoding) ? ';' . $this->encoding : '') . ','
            . (($this->encoding) ? base64_encode($this->data) : urlencode($this->data));
    }
    public function decode()
    {
        if (str_starts_with($this->data, 'data:')) {
            $explode = explode(',', $this->data);
            if (count($explode) === 2) {
                $this->mediaType = substr($explode[0], strlen('data:'));
                if (str_ends_with($this->mediaType, ';base64')) {
                    $this->encoding = 'base64';
                    $this->mediaType = substr($this->mediaType, 0, strlen($this->mediaType) - strlen(';base64'));
                } else {
                    $this->encoding = '';
                }
                return [
                    'data' => $this->encoding ? base64_decode($this->data) : urldecode($this->data),
                    'encoding' => $this->encoding,
                    'mediaType' => $this->mediaType ?: 'text/plain;charset=US-ASCII',
                ];
            }
        }
        return null;
    }
 }
--- a/src/Module/Embedphotos.php
+++ b/src/Module/Embedphotos.php
@ -124,7 +124,7 @@ class Embedphotos extends Controller
            $alt = ' alt="' . $alt . '"';
            $output = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $resource . ']'
-                . '[zmg width="' . $r[0]['width'] . '" height="' . $r[0]['height'] . '"' . $alt . ']'
+                . '[zmg width="' . $r[0]['width'] . '" height="' . $r[0]['height'] . '"' . "\n\n" . $alt . "\n\n" . ']'
                . z_root() . '/photo/' . $resource . '-' . $resolution . $ext . '[/zmg][/zrl]';
            return $output;
@ -158,8 +158,9 @@ class Embedphotos extends Controller
                        $url = $url . '?token=' . $token;
                    }
-                    $output .= '[zmg width="' . $image['width'] . '" height="' . $image['height'] . '" ' . "\n\n" . $alt . "\n\n" . ']'
+                    $output .= '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $image['resource_id'] . ']'
-                        . $url . '[/zmg]' . "\n\n";
+                        . '[zmg width="' . $image['width'] . '" height="' . $image['height'] . '" ' . "\n\n" . $alt . "\n\n" . ']'
                        . $url . '[/zmg][/zrl]' . "\n\n";
                }
            }
        }
--- a/src/Module/Register.php
+++ b/src/Module/Register.php
@ -85,6 +85,20 @@ class Register extends Controller
        $email_verify = get_config('system', 'verify_email');
        // If this is the first account to be created, the login email must match the
        // admin email. Other attempts will be rejected. If it is the admin email, bypass
        // some restrictive policies.
        $totalAccounts = Account::account_total();
        if ($totalAccounts === 0) {
            if (Account::check_admin($_POST)) {
                $policy = REGISTER_OPEN;
                $email_verify = false;
            } else {
                notice(t('The first account <strong>must</strong> be registered using the admin email which was supplied during setup.') . EOL);
                return;
            }
        }
        switch ($policy) {
            case REGISTER_OPEN:
@ -125,8 +139,10 @@ class Register extends Controller
            return;
        }
-        require_once('include/security.php');
+        // At this point the account has been created without error. Purge any error messages from prior failed
        // registration attempts which haven't yet been delivered to the browser and start fresh.
        $_SESSION['sysmsg'] = [];
        if ($_REQUEST['name']) {
            set_aconfig($result['account']['account_id'], 'register', 'channel_name', $_REQUEST['name']);
@ -141,12 +157,6 @@ class Register extends Controller
            set_aconfig($result['account']['account_id'], 'register', 'reason', substr(trim(escape_tags($_REQUEST['reason'])),0, 500));
        }
        // At this point the account has been created without error. Purge any error messages from prior failed registration
        // attempts which haven't yet been delivered to the browser and start fresh. If you're willing to figure out why they
        // weren't delivered to the browser please adopt zap issue 34.
        $_SESSION['sysmsg'] = [];
        $using_invites = intval(get_config('system', 'invitation_only'));
        $num_invites = intval(get_config('system', 'number_invites'));
        $invite_code = ((x($_POST, 'invite_code')) ? notags(trim($_POST['invite_code'])) : '');
@ -164,7 +174,7 @@ class Register extends Controller
                $res = Account::send_register_success_email($result['email'], $result['password']);
            }
            if ($res) {
-                if ($invite_code) {
+                if ($invite_code || !$email_verify) {
                    info(t('Registration successful. Continue to create your first channel...') . EOL);
                } else {
                    info(t('Registration successful. Please check your email for validation instructions.') . EOL);
@ -215,13 +225,21 @@ class Register extends Controller
    public function get()
    {
        $registration_is = EMPTY_STR;
        $other_sites = false;
        $policy = (int)Config::Get('system','register_policy');
        $email_verify = get_config('system', 'verify_email');
-        if ($policy === REGISTER_CLOSED) {
+        $totalAccounts = Account::account_total();
        if($totalAccounts === 0) {
            $policy = REGISTER_OPEN;
            $email_verify = false;
            info( t('Please use the admin email address supplied during setup.') . EOL);
        }
        if ($policy === REGISTER_CLOSED && !is_site_admin()) {
            notice(t('Registration on this website is disabled.') . EOL);
            $registration_is = t('Registration on this website is disabled.');
            $other_sites = true;
        }
@ -298,8 +316,6 @@ class Register extends Controller
        $auto_create = (bool)get_config('system', 'auto_channel_create');
        $default_role = get_config('system', 'default_permissions_role', 'social_restricted');
        $email_verify = get_config('system', 'verify_email');
        $o = replace_macros(Theme::get_template('register.tpl'), [
            '$form_security_token' => get_form_security_token("register"),
@ -321,6 +337,7 @@ class Register extends Controller
            '$pass1' => $password,
            '$pass2' => $password2,
            '$reason' => $reason,
            '$disabled' => $policy === REGISTER_CLOSED && !is_site_admin(),
            '$submit' => t('Register'),
            '$verify_note' => (($email_verify) ? t('This site requires email verification. After completing this form, please check your email for further instructions.') : ''),
        ]);
--- a/util/admins
+++ b/util/admins
@ -47,7 +47,7 @@ if($argc > 1 && $argv[1] === 'list') {
 if($argc > 2 && $argv[1] === 'add' && intval($argv[2])) {
-	$r = q('update account set account_roles = (account_roles | 4096) where account_id = %d',
+	$r = q('update account set account_roles = 4096, account_flags = 0 where account_id = %d',
 		intval($argv[2])
 	);
 }
--- a/util/messages.po
+++ b/util/messages.po
--- a/version.php
+++ b/version.php
@ -1,2 +1,2 @@
 <?php
-define ('STD_VERSION', '24.06.10');
+define ('STD_VERSION', '24.06.14');
--- a/view/de-de/htconfig.tpl
+++ b/view/de-de/htconfig.tpl
@ -50,7 +50,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/en-au/htconfig.tpl
+++ b/view/en-au/htconfig.tpl
@ -51,7 +51,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/en-gb/htconfig.tpl
+++ b/view/en-gb/htconfig.tpl
@ -51,7 +51,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/en/htconfig.tpl
+++ b/view/en/htconfig.tpl
@ -51,7 +51,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/fr/htconfig.tpl
+++ b/view/fr/htconfig.tpl
@ -50,7 +50,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/it/htconfig.tpl
+++ b/view/it/htconfig.tpl
@ -51,7 +51,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/nb-no/htconfig.tpl
+++ b/view/nb-no/htconfig.tpl
@ -51,7 +51,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/pl/htconfig.tpl
+++ b/view/pl/htconfig.tpl
@ -52,7 +52,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // REGISTER_APPROVE wymaga ustawienia 'admin_email' na adres e-mail już
 // zarejestrowanej osoby, która może autoryzować i/lub zatwierdź/odrzuć wniosek.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/pt-br/htconfig.tpl
+++ b/view/pt-br/htconfig.tpl
@ -51,7 +51,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/ru/htconfig.tpl
+++ b/view/ru/htconfig.tpl
@ -51,7 +51,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/sv/htconfig.tpl
+++ b/view/sv/htconfig.tpl
@ -51,7 +51,7 @@ App::$config['system']['ssl_cookie_protection'] = 1;
 // to the email address of an already registered person who can authorise
 // and/or approve/deny the request.
-App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_policy'] = REGISTER_APPROVE;
 App::$config['system']['register_text'] = '';
 App::$config['system']['admin_email'] = '{{$adminmail}}';
--- a/view/tpl/register.tpl
+++ b/view/tpl/register.tpl
@ -60,7 +60,7 @@
 				{{include file="field_input.tpl" field=$phrase}}
 			{{/if}}
-			<button class="btn btn-primary" type="submit" name="submit" id="newchannel-submit-button" value="{{$submit}}">{{$submit}}</button>
+			<button class="btn btn-primary" type="submit" name="submit" id="newchannel-submit-button" {{if $disabled}}disabled="disabled" {{/if}}value="{{$submit}}">{{$submit}}</button>
 			<div id="register-submit-end" class="register-field-end"></div>
 		</form>
 			<br>
`@ -1,2 +1,2 @@`
	`<?php`	`<?php`
	`define ('STD_VERSION', '24.06.10');`	`define ('STD_VERSION', '24.06.14');`