Merge remote-tracking branch 'upstream/develop' into issue-3229

src/Module/Admin/Summary.php

@@ -14,6 +14,7 @@ use Friendica\Model\Register;
 use Friendica\Module\BaseAdminModule;
 use Friendica\Util\ConfigFileLoader;
 use Friendica\Util\DateTimeFormat;
+use Friendica\Util\FileSystem;
 use Friendica\Util\Network;
 
 class Summary extends BaseAdminModule
@@ -76,11 +77,21 @@ class Summary extends BaseAdminModule
 
 		// Check logfile permission
 		if (Config::get('system', 'debugging')) {
-			$stream = Config::get('system', 'logfile');
+			$file = Config::get('system', 'logfile');
 
-			if (is_file($stream) &&
-			    !is_writeable($stream)) {
-				$warningtext[] = L10n::t('The logfile \'%s\' is not writable. No logging possible', $stream);
+			/** @var FileSystem $fileSystem */
+			$fileSystem = self::getClass(FileSystem::class);
+
+			try {
+				$stream = $fileSystem->createStream($file);
+
+				if (is_file($stream) &&
+				    !is_writeable($stream)) {
+					$warningtext[] = L10n::t('The logfile \'%s\' is not writable. No logging possible', $stream);
+				}
+
+			} catch (\Throwable $exception) {
+				$warningtext[] = L10n::t('The logfile \'%s\' is not usable. No logging possible (error: \'%s\')', $file, $exception->getMessage());
 			}
 
 			$stream = Config::get('system', 'dlogfile');

src/Module/Diaspora/Receive.php

@@ -5,6 +5,7 @@ namespace Friendica\Module\Diaspora;
 use Friendica\App;
 use Friendica\BaseModule;
 use Friendica\Core\Config\Configuration;
+use Friendica\Core\L10n\L10n;
 use Friendica\Model\User;
 use Friendica\Network\HTTPException;
 use Friendica\Protocol\Diaspora;
@@ -34,7 +35,8 @@ class Receive extends BaseModule
 		$enabled = $config->get('system', 'diaspora_enabled', false);
 		if (!$enabled) {
 			self::$logger->info('Diaspora disabled.');
-			throw new HTTPException\InternalServerErrorException('Diaspora disabled.');
+			$l10n = self::getClass(L10n::class);
+			throw new HTTPException\ForbiddenException($l10n->t('Access denied.'));
 		}
 
 		/** @var App\Arguments $args */

src/Module/Item/Compose.php

@@ -16,6 +16,7 @@ use Friendica\Model\Item;
 use Friendica\Model\User;
 use Friendica\Module\Login;
 use Friendica\Network\HTTPException\NotImplementedException;
+use Friendica\Util\ACLFormatter;
 use Friendica\Util\Crypto;
 
 class Compose extends BaseModule
@@ -58,6 +59,9 @@ class Compose extends BaseModule
 
 		$user = User::getById(local_user(), ['allow_cid', 'allow_gid', 'deny_cid', 'deny_gid', 'hidewall', 'default-location']);
 
+		/** @var ACLFormatter $aclFormatter */
+		$aclFormatter = self::getClass(ACLFormatter::class);
+
 		switch ($posttype) {
 			case Item::PT_PERSONAL_NOTE:
 				$compose_title = L10n::t('Compose new personal note');
@@ -70,8 +74,8 @@ class Compose extends BaseModule
 				$compose_title = L10n::t('Compose new post');
 				$type = 'post';
 				$doesFederate = true;
-				$contact_allow = implode(',', expand_acl($user['allow_cid']));
-				$group_allow = implode(',', expand_acl($user['allow_gid'])) ?: Group::FOLLOWERS;
+				$contact_allow = implode(',', $aclFormatter->expand($user['allow_cid']));
+				$group_allow = implode(',', $aclFormatter->expand($user['allow_gid'])) ?: Group::FOLLOWERS;
 				break;
 		}
 
@@ -82,8 +86,8 @@ class Compose extends BaseModule
 		$wall          = $_REQUEST['wall']          ?? $type == 'post';
 		$contact_allow = $_REQUEST['contact_allow'] ?? $contact_allow;
 		$group_allow   = $_REQUEST['group_allow']   ?? $group_allow;
-		$contact_deny  = $_REQUEST['contact_deny']  ?? implode(',', expand_acl($user['deny_cid']));
-		$group_deny    = $_REQUEST['group_deny']    ?? implode(',', expand_acl($user['deny_gid']));
+		$contact_deny  = $_REQUEST['contact_deny']  ?? implode(',', $aclFormatter->expand($user['deny_cid']));
+		$group_deny    = $_REQUEST['group_deny']    ?? implode(',', $aclFormatter->expand($user['deny_gid']));
 		$visibility    = ($contact_allow . $user['allow_gid'] . $user['deny_cid'] . $user['deny_gid']) ? 'custom' : 'public';
 
 		$acl_contacts = Contact::selectToArray(['id', 'name', 'addr', 'micro'], ['uid' => local_user(), 'pending' => false, 'rel' => [Contact::FOLLOWER, Contact::FRIEND]]);

src/Module/Item/Ignore.php

@@ -0,0 +1,78 @@
+<?php
+
+namespace Friendica\Module\Item;
+
+use Friendica\App;
+use Friendica\BaseModule;
+use Friendica\Core\L10n\L10n;
+use Friendica\Core\Session;
+use Friendica\Core\System;
+use Friendica\Database\Database;
+use Friendica\Model\Item;
+use Friendica\Network\HTTPException;
+
+/**
+ * Module for ignoring threads or user items
+ */
+class Ignore extends BaseModule
+{
+	public static function rawContent()
+	{
+		/** @var L10n $l10n */
+		$l10n = self::getClass(L10n::class);
+
+		if (!Session::isAuthenticated()) {
+			throw new HttpException\ForbiddenException($l10n->t('Access denied.'));
+		}
+
+		/** @var App\Arguments $args */
+		$args = self::getClass(App\Arguments::class);
+		/** @var Database $dba */
+		$dba = self::getClass(Database::class);
+
+		$message_id = intval($args->get(2));
+
+		if (empty($message_id) || !is_int($message_id)) {
+			throw new HTTPException\BadRequestException();
+		}
+
+		$thread = Item::selectFirstThreadForUser(local_user(), ['uid', 'ignored'], ['iid' => $message_id]);
+		if (!$dba->isResult($thread)) {
+			throw new HTTPException\BadRequestException();
+		}
+
+		// Numeric values are needed for the json output further below
+		$ignored = !empty($thread['ignored']) ? 0 : 1;
+
+		switch ($thread['uid'] ?? 0) {
+			// if the thread is from the current user
+			case local_user():
+				$dba->update('thread', ['ignored' => $ignored], ['iid' => $message_id]);
+				break;
+			// 0 (null will get transformed to 0) => it's a public post
+			case 0:
+				$dba->update('user-item', ['ignored' => $ignored], ['iid' => $message_id, 'uid' => local_user()], true);
+				break;
+			// Throws a BadRequestException and not a ForbiddenException on purpose
+			// Avoids harvesting existing, but forbidden IIDs (security issue)
+			default:
+				throw new HTTPException\BadRequestException();
+		}
+
+		// See if we've been passed a return path to redirect to
+		$return_path = $_REQUEST['return'] ?? '';
+		if (!empty($return_path)) {
+			$rand = '_=' . time();
+			if (strpos($return_path, '?')) {
+				$rand = "&$rand";
+			} else {
+				$rand = "?$rand";
+			}
+
+			self::getApp()->internalRedirect($return_path . $rand);
+		}
+
+		// the json doesn't really matter, it will either be 0 or 1
+		System::jsonExit([$ignored]);
+	}
+}

src/Module/Notifications/Notify.php

@@ -3,9 +3,10 @@
 namespace Friendica\Module\Notifications;
 
 use Friendica\BaseModule;
+use Friendica\BaseObject;
 use Friendica\Core\L10n;
-use Friendica\Core\NotificationsManager;
 use Friendica\Core\System;
+use Friendica\Model\Notify as ModelNotify;
 use Friendica\Network\HTTPException;
 
 /**
@@ -26,7 +27,8 @@ class Notify extends BaseModule
 
 		// @TODO: Replace with parameter from router
 		if ($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all') {
-			$notificationsManager = new NotificationsManager();
+			/** @var ModelNotify $notificationsManager */
+			$notificationsManager = self::getClass(ModelNotify::class);
 			$success              = $notificationsManager->setAllSeen();
 
 			header('Content-type: application/json; charset=utf-8');
@@ -49,7 +51,8 @@ class Notify extends BaseModule
 
 		// @TODO: Replace with parameter from router
 		if ($a->argc > 2 && $a->argv[1] === 'view' && intval($a->argv[2])) {
-			$notificationsManager = new NotificationsManager();
+			/** @var ModelNotify $notificationsManager */
+			$notificationsManager = BaseObject::getClass(ModelNotify::class);
 			// @TODO: Replace with parameter from router
 			$note = $notificationsManager->getByID($a->argv[2]);
 			if (!empty($note)) {

src/Module/Profile.php

@@ -131,9 +131,12 @@ class Profile extends BaseModule
 
 		$category = $datequery = $datequery2 = '';
 
+		/** @var DateTimeFormat $dtFormat */
+		$dtFormat = self::getClass(DateTimeFormat::class);
+
 		if ($a->argc > 2) {
 			for ($x = 2; $x < $a->argc; $x ++) {
-				if (is_a_date_arg($a->argv[$x])) {
+				if ($dtFormat->isYearMonth($a->argv[$x])) {
 					if ($datequery) {
 						$datequery2 = Strings::escapeHtml($a->argv[$x]);
 					} else {

src/Module/Xrd.php

@@ -4,11 +4,11 @@ namespace Friendica\Module;
 
 use Friendica\BaseModule;
 use Friendica\Core\Hook;
-use Friendica\Database\DBA;
 use Friendica\Core\Renderer;
-use Friendica\Core\System;
-use Friendica\Model\User;
+use Friendica\Database\DBA;
 use Friendica\Model\Photo;
+use Friendica\Model\User;
+use Friendica\Protocol\ActivityNamespace;
 use Friendica\Protocol\Salmon;
 use Friendica\Util\Strings;
 
@@ -95,11 +95,11 @@ class Xrd extends BaseModule
 			],
 			'links'   => [
 				[
-					'rel'  => NAMESPACE_DFRN,
+					'rel'  => ActivityNamespace::DFRN ,
 					'href' => $owner['url'],
 				],
 				[
-					'rel'  => NAMESPACE_FEED,
+					'rel'  => ActivityNamespace::FEED,
 					'type' => 'application/atom+xml',
 					'href' => $owner['poll'],
 				],
@@ -119,7 +119,7 @@ class Xrd extends BaseModule
 					'href' => $baseURL . '/hcard/' . $owner['nickname'],
 				],
 				[
-					'rel'  => NAMESPACE_POCO,
+					'rel'  => ActivityNamespace::POCO,
 					'href' => $owner['poco'],
 				],
 				[