Merge remote-tracking branch 'upstream/2020.09-rc' into api-count

.gitignore

@@ -71,8 +71,8 @@ venv/
 /addons
 /addon
 
-#ignore .htaccess
-.htaccess
+#ignore base .htaccess
+/.htaccess
 
 #ignore filesystem storage default path
 /storage

.htaccess-dist

@@ -1,3 +1,6 @@
+# This file is meant to be copied to ".htaccess" on Apache-powered web servers.
+# The created .htaccess file can be edited manually and will not be overwritten by Friendica updates.
+
 Options -Indexes
 AddType application/x-java-archive .jar
 AddType audio/ogg .oga

VERSION

@@ -1 +1 @@
-2020.09-dev
+2020.09-rc

bin/.htaccess

@@ -0,0 +1,10 @@
+# This file prevents browser access to Friendica command-line scripts on Apache-powered web servers.
+# It isn't meant to be edited manually, please check the base Friendica folder for the .htaccess-dist file instead.
+
+<IfModule authz_host_module>
+    Require all denied
+</IfModule>
+<IfModule !authz_host_module>
+    Order Allow,Deny
+    Deny from all
+</IfModule>

bin/auth_ejabberd.php

@@ -51,6 +51,11 @@
  *
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 use Dice\Dice;
 use Friendica\App\Mode;
 use Friendica\Util\ExAuth;

bin/console.php

@@ -20,6 +20,11 @@
  *
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 use Dice\Dice;
 use Psr\Log\LoggerInterface;
 

bin/daemon.php

@@ -23,6 +23,11 @@
  * This script was taken from http://php.net/manual/en/function.pcntl-fork.php
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 use Dice\Dice;
 use Friendica\Core\Logger;
 use Friendica\Core\Worker;

bin/testargs.php

@@ -26,6 +26,10 @@
  *
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
 
 if (($_SERVER["argc"] > 1) && isset($_SERVER["argv"][1])) {
 	echo $_SERVER["argv"][1];

bin/wait-for-connection

@@ -24,6 +24,11 @@
  * Usage: php bin/wait-for-connection {HOST} {PORT} [{TIMEOUT}]
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 $timeout = 60;
 switch ($argc) {
 	case 4:

bin/worker.php

@@ -21,6 +21,11 @@
  * Starts the background processing
  */
 
+if (php_sapi_name() !== 'cli') {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 Forbidden');
+	exit();
+}
+
 use Dice\Dice;
 use Friendica\App;
 use Friendica\Core\Update;

boot.php

@@ -38,7 +38,7 @@ use Friendica\Util\DateTimeFormat;
 
 define('FRIENDICA_PLATFORM',     'Friendica');
 define('FRIENDICA_CODENAME',     'Red Hot Poker');
-define('FRIENDICA_VERSION',      '2020.09-dev');
+define('FRIENDICA_VERSION',      '2020.09-rc');
 define('DFRN_PROTOCOL_VERSION',  '2.23');
 define('NEW_UPDATE_ROUTINE_VERSION', 1170);
 

include/enotify.php

@@ -509,7 +509,8 @@ function notification($params)
 		Logger::log('sending notification email');
 
 		if (isset($params['parent']) && (intval($params['parent']) != 0)) {
-			$id_for_parent = $params['parent'] . "@" . $hostname;
+			$parent = Item::selectFirst(['guid'], ['id' => $params['parent']]);
+			$message_id = "<" . $parent['guid'] . "@" . gethostname() . ">";
 
 			// Is this the first email notification for this parent item and user?
 			if (!DBA::exists('notify-threads', ['master-parent-item' => $params['parent'], 'receiver-uid' => $params['uid']])) {
@@ -520,13 +521,13 @@ function notification($params)
 					'receiver-uid' => $params['uid'], 'parent-item' => 0];
 				DBA::insert('notify-threads', $fields);
 
-				$additional_mail_header .= "Message-ID: <${id_for_parent}>\n";
+				$additional_mail_header .= "Message-ID: " . $message_id . "\n";
 				$log_msg                = "include/enotify: No previous notification found for this parent:\n" .
 				                          "  parent: ${params['parent']}\n" . "  uid   : ${params['uid']}\n";
 				Logger::log($log_msg, Logger::DEBUG);
 			} else {
 				// If not, just "follow" the thread.
-				$additional_mail_header .= "References: <${id_for_parent}>\nIn-Reply-To: <${id_for_parent}>\n";
+				$additional_mail_header .= "References: " . $message_id . "\nIn-Reply-To: " . $message_id . "\n";
 				Logger::log("There's already a notification for this parent.", Logger::DEBUG);
 			}
 		}

mods/sample-nginx.config

@@ -141,4 +141,9 @@ server {
   location ~ /\. {
     deny all;
   }
+
+  # deny access to the CLI scripts
+  location ^~ /bin {
+    deny all;
+  }
 }

src/Database/DBA.php

@@ -669,10 +669,18 @@ class DBA
 	 */
 	public static function mergeConditions(array ...$conditions)
 	{
+		if (count($conditions) == 1) {
+			return current($conditions);
+		}
+
 		$conditionStrings = [];
 		$result = [];
 
 		foreach ($conditions as $key => $condition) {
+			if (!$condition) {
+				continue;
+			}
+
 			$condition = self::collapseCondition($condition);
 
 			$conditionStrings[] = array_shift($condition);

src/Model/APContact.php

@@ -320,13 +320,18 @@ class APContact
 
 		$apcontact['updated'] = DateTimeFormat::utcNow();
 
-		DBA::update('apcontact', $apcontact, ['url' => $url], true);
-
 		// We delete the old entry when the URL is changed
-		if (($url != $apcontact['url']) && DBA::exists('apcontact', ['url' => $url]) && DBA::exists('apcontact', ['url' => $apcontact['url']])) {
+		if ($url != $apcontact['url']) {
+			Logger::info('Delete changed profile url', ['old' => $url, 'new' => $apcontact['url']]);
 			DBA::delete('apcontact', ['url' => $url]);
 		}
 
+		if (DBA::exists('apcontact', ['url' => $apcontact['url']])) {
+			DBA::update('apcontact', $apcontact, ['url' => $apcontact['url']]);
+		} else {
+			DBA::replace('apcontact', $apcontact);
+		}
+
 		Logger::info('Updated profile', ['url' => $url]);
 
 		return $apcontact;

src/Model/Item.php

@@ -201,19 +201,7 @@ class Item
 			return [];
 		}
 
-		if (empty($condition) || !is_array($condition)) {
-			$condition = ['iid' => $pinned];
-		} else {
-			reset($condition);
-			$first_key = key($condition);
-			if (!is_int($first_key)) {
-				$condition['iid'] = $pinned;
-			} else {
-				$values_string = substr(str_repeat("?, ", count($pinned)), 0, -2);
-				$condition[0] = '(' . $condition[0] . ") AND `iid` IN (" . $values_string . ")";
-				$condition = array_merge($condition, $pinned);
-			}
-		}
+		$condition = DBA::mergeConditions(['iid' => $pinned], $condition);
 
 		return self::selectThreadForUser($uid, $selected, $condition, $params);
 	}

src/Model/UserItem.php

@@ -51,8 +51,8 @@ class UserItem
 	 */
 	public static function setNotification(int $iid)
 	{
-		$fields = ['id', 'uri-id', 'uid', 'body', 'parent', 'gravity', 'tag',
-			'contact-id', 'thr-parent', 'parent-uri', 'author-id', 'verb'];
+		$fields = ['id', 'uri-id', 'parent-uri-id', 'uid', 'body', 'parent', 'gravity', 'tag',
+			'private', 'contact-id', 'thr-parent', 'parent-uri', 'author-id', 'verb'];
 		$item = Item::selectFirst($fields, ['id' => $iid, 'origin' => false]);
 		if (!DBA::isResult($item)) {
 			return;
@@ -63,14 +63,26 @@ class UserItem
 			return;
 		}
 
-		// fetch all users in the thread
+		if ($item['uid'] == 0) {
+			$uids = [];
+		} else {
+			// Always include the item user
+			$uids = [$item['uid']];
+		}
+
+		// Add every user who participated so far in this thread
+		// This can only happen with participations on global items. (means: uid = 0) 
 		$users = DBA::p("SELECT DISTINCT(`contact`.`uid`) FROM `item`
 			INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` != 0
 			WHERE `parent` IN (SELECT `parent` FROM `item` WHERE `id`=?)", $iid);
 		while ($user = DBA::fetch($users)) {
-			self::setNotificationForUser($item, $user['uid']);
+			$uids[] = $user['uid'];
 		}
 		DBA::close($users);
+
+		foreach (array_unique($uids) as $uid) {
+			self::setNotificationForUser($item, $uid);
+		}
 	}
 
 	/**

src/Module/Admin/Blocklist/Contact.php

@@ -44,7 +44,7 @@ class Contact extends BaseAdmin
 			$contact_id = Model\Contact::getIdForURL($contact_url);
 			if ($contact_id) {
 				Model\Contact::block($contact_id, $block_reason);
-				notice(DI::l10n()->t('The contact has been blocked from the node'));
+				info(DI::l10n()->t('The contact has been blocked from the node'));
 			} else {
 				notice(DI::l10n()->t('Could not find any contact entry for this URL (%s)', $contact_url));
 			}
@@ -54,7 +54,7 @@ class Contact extends BaseAdmin
 			foreach ($contacts as $uid) {
 				Model\Contact::unblock($uid);
 			}
-			notice(DI::l10n()->tt('%s contact unblocked', '%s contacts unblocked', count($contacts)));
+			info(DI::l10n()->tt('%s contact unblocked', '%s contacts unblocked', count($contacts)));
 		}
 
 		DI::baseUrl()->redirect('admin/blocklist/contact');

src/Module/Admin/Users.php

@@ -58,14 +58,14 @@ class Users extends BaseAdmin
 			foreach ($users as $uid) {
 				User::block($uid);
 			}
-			notice(DI::l10n()->tt('%s user blocked', '%s users blocked', count($users)));
+			info(DI::l10n()->tt('%s user blocked', '%s users blocked', count($users)));
 		}
 
 		if (!empty($_POST['page_users_unblock'])) {
 			foreach ($users as $uid) {
 				User::block($uid, false);
 			}
-			notice(DI::l10n()->tt('%s user unblocked', '%s users unblocked', count($users)));
+			info(DI::l10n()->tt('%s user unblocked', '%s users unblocked', count($users)));
 		}
 
 		if (!empty($_POST['page_users_delete'])) {
@@ -77,21 +77,21 @@ class Users extends BaseAdmin
 				}
 			}
 
-			notice(DI::l10n()->tt('%s user deleted', '%s users deleted', count($users)));
+			info(DI::l10n()->tt('%s user deleted', '%s users deleted', count($users)));
 		}
 
 		if (!empty($_POST['page_users_approve'])) {
 			foreach ($pending as $hash) {
 				User::allow($hash);
 			}
-			notice(DI::l10n()->tt('%s user approved', '%s users approved', count($pending)));
+			info(DI::l10n()->tt('%s user approved', '%s users approved', count($pending)));
 		}
 
 		if (!empty($_POST['page_users_deny'])) {
 			foreach ($pending as $hash) {
 				User::deny($hash);
 			}
-			notice(DI::l10n()->tt('%s registration revoked', '%s registrations revoked', count($pending)));
+			info(DI::l10n()->tt('%s registration revoked', '%s registrations revoked', count($pending)));
 		}
 
 		DI::baseUrl()->redirect('admin/users');

src/Module/Group.php

@@ -131,7 +131,7 @@ class Group extends BaseModule
 				throw new \Exception(DI::l10n()->t('Bad request.'), 400);
 			}
 
-			notice($message);
+			info($message);
 			System::jsonExit(['status' => 'OK', 'message' => $message]);
 		} catch (\Exception $e) {
 			notice($e->getMessage());

src/Module/Invite.php

@@ -119,7 +119,7 @@ class Invite extends BaseModule
 			}
 
 		}
-		notice(DI::l10n()->tt('%d message sent.', '%d messages sent.', $total));
+		info(DI::l10n()->tt('%d message sent.', '%d messages sent.', $total));
 	}
 
 	public static function content(array $parameters = [])

src/Module/Profile/Status.php

@@ -232,7 +232,18 @@ class Status extends BaseProfile
 		$items = DBA::toArray($items_stmt);
 
 		if ($pager->getStart() == 0 && !empty($a->profile['uid'])) {
-			$pinned_items = Item::selectPinned($a->profile['uid'], ['uri', 'pinned']);
+			$condition = ['private' => [Item::PUBLIC, Item::UNLISTED]];
+			if (remote_user()) {
+				$permissionSets = DI::permissionSet()->selectByContactId(remote_user(), $a->profile['uid']);
+				if (!empty($permissionSets)) {
+					$condition = ['psid' => array_merge($permissionSets->column('id'),
+							[DI::permissionSet()->getIdFromACL($a->profile['uid'], '', '', '', '')])];
+				}
+			} elseif ($a->profile['uid'] == local_user()) {
+				$condition = [];
+			}
+	
+			$pinned_items = Item::selectPinned($a->profile['uid'], ['uri', 'pinned'], $condition);
 			$pinned = Item::inArray($pinned_items);
 			$items = array_merge($items, $pinned);
 		}

src/Module/Security/TwoFactor/Recovery.php

@@ -57,7 +57,7 @@ class Recovery extends BaseModule
 			if (RecoveryCode::existsForUser(local_user(), $recovery_code)) {
 				RecoveryCode::markUsedForUser(local_user(), $recovery_code);
 				Session::set('2fa', true);
-				notice(DI::l10n()->t('Remaining recovery codes: %d', RecoveryCode::countValidForUser(local_user())));
+				info(DI::l10n()->t('Remaining recovery codes: %d', RecoveryCode::countValidForUser(local_user())));
 
 				DI::auth()->setForUser($a, $a->user, true, true);
 			} else {

src/Module/Settings/Profile/Photo/Crop.php

@@ -187,7 +187,7 @@ class Crop extends BaseSettings
 				Worker::add(PRIORITY_LOW, 'Directory', Session::get('my_url'));
 			}
 
-			notice(DI::l10n()->t('Profile picture successfully updated.'));
+			info(DI::l10n()->t('Profile picture successfully updated.'));
 
 			DI::baseUrl()->redirect('profile/' . DI::app()->user['nickname']);
 		}

src/Module/Settings/TwoFactor/AppSpecific.php

@@ -74,13 +74,13 @@ class AppSpecific extends BaseSettings
 						DI::baseUrl()->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
 					} else {
 						self::$appSpecificPassword = AppSpecificPassword::generateForUser(local_user(), $_POST['description'] ?? '');
-						notice(DI::l10n()->t('New app-specific password generated.'));
+						info(DI::l10n()->t('New app-specific password generated.'));
 					}
 
 					break;
 				case 'revoke_all' :
 					AppSpecificPassword::deleteAllForUser(local_user());
-					notice(DI::l10n()->t('App-specific passwords successfully revoked.'));
+					info(DI::l10n()->t('App-specific passwords successfully revoked.'));
 					DI::baseUrl()->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));
 					break;
 			}
@@ -90,7 +90,7 @@ class AppSpecific extends BaseSettings
 			self::checkFormSecurityTokenRedirectOnError('settings/2fa/app_specific', 'settings_2fa_app_specific');
 
 			if (AppSpecificPassword::deleteForUser(local_user(), $_POST['revoke_id'])) {
-				notice(DI::l10n()->t('App-specific password successfully revoked.'));
+				info(DI::l10n()->t('App-specific password successfully revoked.'));
 			}
 
 			DI::baseUrl()->redirect('settings/2fa/app_specific?t=' . self::getFormSecurityToken('settings_2fa_password'));

src/Module/Settings/TwoFactor/Index.php

@@ -64,7 +64,7 @@ class Index extends BaseSettings
 						DI::pConfig()->delete(local_user(), '2fa', 'verified');
 						Session::remove('2fa');
 
-						notice(DI::l10n()->t('Two-factor authentication successfully disabled.'));
+						info(DI::l10n()->t('Two-factor authentication successfully disabled.'));
 						DI::baseUrl()->redirect('settings/2fa');
 					}
 					break;

src/Module/Settings/TwoFactor/Recovery.php

@@ -63,7 +63,7 @@ class Recovery extends BaseSettings
 
 			if ($_POST['action'] == 'regenerate') {
 				RecoveryCode::regenerateForUser(local_user());
-				notice(DI::l10n()->t('New recovery codes successfully generated.'));
+				info(DI::l10n()->t('New recovery codes successfully generated.'));
 				DI::baseUrl()->redirect('settings/2fa/recovery?t=' . self::getFormSecurityToken('settings_2fa_password'));
 			}
 		}

src/Module/Settings/TwoFactor/Verify.php

@@ -75,7 +75,7 @@ class Verify extends BaseSettings
 				DI::pConfig()->set(local_user(), '2fa', 'verified', true);
 				Session::set('2fa', true);
 
-				notice(DI::l10n()->t('Two-factor authentication successfully activated.'));
+				info(DI::l10n()->t('Two-factor authentication successfully activated.'));
 
 				DI::baseUrl()->redirect('settings/2fa');
 			} else {
@@ -132,7 +132,7 @@ class Verify extends BaseSettings
 			'$help_label'         => DI::l10n()->t('Help'),
 			'$message'            => DI::l10n()->t('<p>Please scan this QR Code with your authenticator app and submit the provided code.</p>'),
 			'$qrcode_image'       => $qrcode_image,
-			'$qrcode_url_message' => DI::l10n()->t('<p>Or you can open the following URL in your mobile devicde:</p><p><a href="%s">%s</a></p>', $otpauthUrl, $shortOtpauthUrl),
+			'$qrcode_url_message' => DI::l10n()->t('<p>Or you can open the following URL in your mobile device:</p><p><a href="%s">%s</a></p>', $otpauthUrl, $shortOtpauthUrl),
 			'$manual_message'     => $manual_message,
 			'$company'            => $company,
 			'$holder'             => $holder,

src/Network/Probe.php

@@ -93,15 +93,17 @@ class Probe
 				"following", "followers", "inbox", "outbox", "sharedinbox",
 				"priority", "network", "pubkey", "manually-approve", "baseurl", "gsid"];
 
+		$numeric_fields = ["gsid", "hide", "account-type", "manually-approve"];
+
 		$newdata = [];
 		foreach ($fields as $field) {
 			if (isset($data[$field])) {
-				if (in_array($field, ["gsid", "hide", "account-type", "manually-approve"])) {
+				if (in_array($field, $numeric_fields)) {
 					$newdata[$field] = (int)$data[$field];
 				} else {	
 					$newdata[$field] = $data[$field];
 				}
-			} elseif ($field != "gsid") {
+			} elseif (!in_array($field, $numeric_fields)) {
 				$newdata[$field] = "";
 			} else {
 				$newdata[$field] = null;