Merge remote-tracking branch 'origin/develop' into feature/uninstall-…

…modules

.gitignore

@@ -9,6 +9,7 @@
 /vendor
 /core/assets/vendor
 /uploads/avatars/**
+/uploads/logos/**
 /node_modules/
 composer.lock
 checksums.json

core/classes/Core/Alert.php

@@ -12,13 +12,16 @@ class Alert
     /**
      * Creates an alert for the specified user.
      *
-     * @param int    $user_id    Contains the ID of the user who we are creating the alert for.
-     * @param string $type       Contains the alert type, eg 'tag' for user tagging.
-     * @param array  $text_short Contains the alert text in short form for the dropdown.
-     * @param array  $text       Contains full information about the alert.
-     * @param string $link       Contains link to view the alert, defaults to #.
+     * @deprecated Use Alert::send instead
+     *
+     * @param int     $user_id    Contains the ID of the user who we are creating the alert for.
+     * @param string  $type       Contains the alert type, eg 'tag' for user tagging.
+     * @param array   $text_short Contains the alert text in short form for the dropdown.
+     * @param array   $text       Contains full information about the alert.
+     * @param ?string $link       Contains link to view the alert, defaults to #.
+     * @param ?string $content    Optional alert content.
      */
-    public static function create(int $user_id, string $type, array $text_short, array $text, string $link = '#'): void
+    public static function create(int $user_id, string $type, array $text_short, array $text, ?string $link = '#', string $content = null): void
     {
         $db = DB::getInstance();
 
@@ -30,13 +33,41 @@ public static function create(int $user_id, string $type, array $text_short, arr
 
         $language = new Language($text_short['path'], $language->first()->short_code);
 
+        $text_short = $text_short['content'] ?? str_replace($text_short['replace'] ?? '', $text_short['replace_with'] ?? '', $language->get($text_short['file'], $text_short['term']));
+        $text = $text['content'] ?? str_replace($text['replace'] ?? '', $text['replace_with'] ?? '', $language->get($text['file'], $text['term']));
+
         $db->insert('alerts', [
             'user_id' => $user_id,
             'type' => $type,
             'url' => $link,
-            'content_short' => str_replace($text_short['replace'] ?? '', $text_short['replace_with'] ?? '', $language->get($text_short['file'], $text_short['term'])),
-            'content' => str_replace($text['replace'] ?? '', $text['replace_with'] ?? '', $language->get($text['file'], $text['term'])),
+            'content_short' => $text_short,
+            'content' => $text,
+            'content_rich' => $content,
+            'created' => date('U'),
+        ]);
+    }
+
+    /**
+     * Post a new alert to a user.
+     *
+     * @param  int         $userId
+     * @param  string      $title
+     * @param  string      $content
+     * @param  string|null $link       Optional link to redirect the user to on click
+     * @param  bool        $skipPurify If true the content will not be purified before displaying to user - use with care
+     * @return void
+     */
+    public static function send(int $userId, string $title, string $content, ?string $link = '', bool $skipPurify = false)
+    {
+        DB::getInstance()->insert('alerts', [
+            'user_id' => $userId,
+            'type' => 'alert',
+            'url' => $link ?? '',
+            'content_short' => $title, // Column maintained for legacy reasons
+            'content' => $title,
+            'content_rich' => $content,
             'created' => date('U'),
+            'bypass_purify' => $skipPurify,
         ]);
     }
 

core/classes/Core/User.php

@@ -6,7 +6,7 @@
  * @author Samerton
  * @author Partydragen
  * @author Aberdeener
- * @version 2.1.2
+ * @version 2.2.0
  * @license MIT
  */
 class User
@@ -1122,4 +1122,43 @@ public function savePlaceholders(int $server_id, array $placeholders): void
             ]);
         }
     }
+
+    /**
+     * Get user's notification preferences.
+     *
+     * TODO: return type (PHP 8)
+     *
+     * @param string $type Optional type of notification to filter by
+     *
+     * @return UserNotificationData|UserNotificationData[]|null
+     */
+    public function getNotificationPreferences(string $type = '')
+    {
+        if ($this->exists()) {
+            $where = 'user_id = ?';
+            $whereVars = [$this->data()->id];
+
+            if (!empty($type)) {
+                $where .= ' AND `type` = ?';
+                $whereVars[] = $type;
+            }
+
+            $this->_db->get(
+                <<<SQL
+                    SELECT `type`, `alert`, `email`
+                    FROM nl2_users_notification_preferences
+                    WHERE $where
+                SQL,
+                $whereVars
+            );
+
+            if (!empty($type)) {
+                return $this->_db->first();
+            }
+
+            return $this->_db->results();
+        }
+
+        return null;
+    }
 }

core/classes/Core/Validate.php

@@ -375,7 +375,7 @@ public static function check(array $source, array $items = []): Validate
                         }
 
                         foreach ($rule_value as $term) {
-                            if (strpos(strtolower($value), strtolower($term)) !== false) {
+                            if (strpos(strtolower($value), strtolower(trim($term))) !== false) {
                                 $validator->addError([
                                     'field' => $item,
                                     'rule' => self::NOT_CONTAIN,

core/classes/DTO/UserNotificationData.php

@@ -0,0 +1,22 @@
+<?php
+/**
+ * Represents notification data which belongs to a user.
+ *
+ * @package NamelessMC\DTO
+ * @author Samerton
+ * @version 2.2.0
+ * @license MIT
+ */
+class UserNotificationData
+{
+    public bool $alert;
+    public bool $email;
+    public string $type;
+
+    public function __construct(object $row)
+    {
+        $this->alert = $row->alert;
+        $this->email = $row->email;
+        $this->type = $row->type;
+    }
+}

core/classes/Minecraft/MCQuery.php

@@ -377,6 +377,10 @@ private static function getMotd(string $text, array $modern_format): string
 
         $motd = '';
         foreach ($modern_format as $word) {
+            if (!is_array($word)) {
+                continue;
+            }
+
             $motd .= self::COLOUR_CHAR . 'r';
             if (isset($word['color'])) {
                 $motd .= self::getColor($word['color']);

core/classes/Misc/NamelessOAuth.php

@@ -46,19 +46,18 @@ public function getProviders(): array
     }
 
     /**
-     * Determine if OAuth is available if at least one provider is setup.
+     * Get or create an instance of a specific provider.
      *
-     * @return bool If any provider is setup
+     * @param  string     $provider The provider name
+     * @return null|array An array of registered OAuth provider.
      */
-    public function isAvailable(): bool
+    public function getProvider(string $provider): ?array
     {
-        foreach (array_keys($this->_providers) as $provider) {
-            if ($this->isSetup($provider)) {
-                return true;
-            }
+        if (array_key_exists($provider, $this->_providers)) {
+            return $this->_providers[$provider];
         }
 
-        return false;
+        return null;
     }
 
     /**
@@ -177,10 +176,6 @@ public function setEnabled(string $provider, int $enabled): void
      */
     public function isSetup(string $provider): bool
     {
-        if (!$this->isEnabled($provider)) {
-            return false;
-        }
-
         [$client_id, $client_secret] = $this->getCredentials($provider);
 
         return $client_id !== '' && $client_secret !== '';
@@ -233,79 +228,6 @@ public function setCredentials(string $provider, string $client_id, string $clie
         );
     }
 
-    /**
-     * Check if a NamelessMC user has already connected their account to a specific provider.
-     *
-     * @param  string $provider    The provider name
-     * @param  string $provider_id The provider user ID
-     * @return bool   Whether the user is already linked to the provider
-     */
-    public function userExistsByProviderId(string $provider, string $provider_id): bool
-    {
-        return $this->_db->query(
-            'SELECT user_id FROM nl2_oauth_users WHERE provider = ? AND provider_id = ?',
-            [$provider, $provider_id]
-        )->count() > 0;
-    }
-
-    /**
-     * Get the NamelessMC user ID for a specific provider user ID.
-     *
-     * @param  string $provider    The provider name
-     * @param  string $provider_id The provider user ID for lookup
-     * @return int    The NamelessMC user ID of the user linked to the provider
-     */
-    public function getUserIdFromProviderId(string $provider, string $provider_id): int
-    {
-        return $this->_db->query(
-            'SELECT user_id FROM nl2_oauth_users WHERE provider = ? AND provider_id = ?',
-            [$provider, $provider_id]
-        )->first()->user_id;
-    }
-
-    /**
-     * Save a new user linked to a specific provider.
-     *
-     * @param string $user_id     The NamelessMC user ID
-     * @param string $provider    The provider name
-     * @param string $provider_id The provider user ID
-     */
-    public function saveUserProvider(string $user_id, string $provider, string $provider_id): void
-    {
-        $this->_db->query(
-            'INSERT INTO nl2_oauth_users (user_id, provider, provider_id) VALUES (?, ?, ?)',
-            [$user_id, $provider, $provider_id]
-        );
-    }
-
-    /**
-     * Get an array of provider names and provider user IDs for a specific user.
-     *
-     * @param  int   $user_id The NamelessMC user ID
-     * @return array The array
-     */
-    public function getAllProvidersForUser(int $user_id): array
-    {
-        return $this->_db->query(
-            'SELECT * FROM nl2_oauth_users WHERE user_id = ?',
-            [$user_id]
-        )->results();
-    }
-
-    /**
-     * Delete a user's provider data.
-     *
-     * @param int    $user_id  The provider name
-     * @param string $provider The provider user ID
-     */
-    public function unlinkProviderForUser(int $user_id, string $provider): void
-    {
-        $this->_db->query(
-            'DELETE FROM nl2_oauth_users WHERE user_id = ? AND provider = ?',
-            [$user_id, $provider]
-        );
-    }
-
     /**
      * Format an array of CSS rules into a string, appending `!important` to each rule.
      *

core/classes/Queue/Task.php

@@ -157,7 +157,7 @@ public function fromId(int $id): ?Task
             $this->_scheduledFor = $task->scheduled_for;
             $this->_status = $task->status;
             $this->_task = $task->task;
-            $this->_userId = $task->userId;
+            $this->_userId = $task->user_id;
 
             return $this;
         }

core/init.php

@@ -388,8 +388,8 @@
     $cc_nav->add('cc_alerts', $language->get('user', 'alerts'), URL::build('/user/alerts'));
     $cc_nav->add('cc_messaging', $language->get('user', 'messaging'), URL::build('/user/messaging'));
     $cc_nav->add('cc_connections', $language->get('user', 'connections'), URL::build('/user/connections'));
+    $cc_nav->add('cc_notification_settings', $language->get('user', 'notification_settings'), URL::build('/user/notification_settings'));
     $cc_nav->add('cc_settings', $language->get('user', 'profile_settings'), URL::build('/user/settings'));
-    $cc_nav->add('cc_oauth', $language->get('admin', 'oauth'), URL::build('/user/oauth'));
 
     // Placeholders enabled?
     if (Settings::get('placeholders') === '1') {

core/migrations/20230908180037_create_users_notification_preferences_table.php

@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+use Phinx\Migration\AbstractMigration;
+
+final class CreateUsersNotificationPreferencesTable extends AbstractMigration
+{
+    public function change(): void
+    {
+        $table = $this->table('nl2_users_notification_preferences');
+
+        $table
+            ->addColumn('user_id', 'integer', ['length' => 11])
+            ->addColumn('type', 'string', ['length' => 64])
+            ->addColumn('alert', 'boolean', ['default' => false])
+            ->addColumn('email', 'boolean', ['default' => false]);
+
+        $table->addForeignKey('user_id', 'nl2_users', 'id', ['delete' => 'CASCADE']);
+
+        $table->create();
+    }
+}

core/migrations/20231121184810_add_content_rich_to_alerts_table.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+use Phinx\Db\Adapter\MysqlAdapter;
+use Phinx\Migration\AbstractMigration;
+
+final class AddContentRichToAlertsTable extends AbstractMigration
+{
+    public function change(): void
+    {
+        $this->table('nl2_alerts')
+            ->addColumn('content_rich', 'text', ['default' => null, 'limit' => MysqlAdapter::TEXT_MEDIUM, 'null' => true])
+            ->update();
+    }
+}

core/migrations/20240309204948_add_purify_bypass_colum_to_alerts_table.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+use Phinx\Migration\AbstractMigration;
+
+final class AddPurifyBypassColumToAlertsTable extends AbstractMigration
+{
+    public function change(): void
+    {
+        $this->table('nl2_alerts')
+            ->addColumn('bypass_purify', 'boolean', ['default' => false])
+            ->update();
+    }
+}

core/templates/frontend_init.php

@@ -108,8 +108,8 @@
     if ($page_metadata->count()) {
         $page_metadata = $page_metadata->first();
         $smarty->assign([
-            'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), Output::getPurified($page_metadata->description)),
-            'PAGE_KEYWORDS' => Output::getPurified($page_metadata->tags),
+            'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), addslashes(strip_tags($page_metadata->description))),
+            'PAGE_KEYWORDS' => addslashes(strip_tags($page_metadata->tags)),
         ]);
 
         $og_image = $page_metadata->image;
@@ -118,14 +118,14 @@
         }
     } else {
         $smarty->assign([
-            'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), Output::getPurified(Settings::get('default_meta_description', ''))),
-            'PAGE_KEYWORDS' => Output::getPurified(Settings::get('default_meta_keywords', '')),
+            'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), addslashes(strip_tags(Settings::get('default_meta_description', '')))),
+            'PAGE_KEYWORDS' => addslashes(strip_tags(Settings::get('default_meta_keywords', ''))),
         ]);
     }
 } else {
     $smarty->assign([
-        'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), Output::getPurified(PAGE_DESCRIPTION)),
-        'PAGE_KEYWORDS' => (defined('PAGE_KEYWORDS') ? Output::getPurified(PAGE_KEYWORDS) : ''),
+        'PAGE_DESCRIPTION' => str_replace('{site}', Output::getClean(SITE_NAME), addslashes(strip_tags(PAGE_DESCRIPTION))),
+        'PAGE_KEYWORDS' => (defined('PAGE_KEYWORDS') ? addslashes(strip_tags(PAGE_KEYWORDS)) : ''),
     ]);
 }