Merge pull request #12662 from MrPetovan/stable

Security Hotfix Release

images/friendica-maskable.svg

@@ -1,4 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="192" height="192" viewBox="0 0 1920 1920">
-	<rect fill="#1872a2" width="1920" height="1920"/>
-	<path fill="#febf19" d="M390 595q0-84 61-145 60-60 144-60h730q85 0 145 60 60 61 60 145v730q0 84-60 145-60 60-145 60H595q-84 0-144-60-60-61-61-145zm935-160h-183v274H778v231l363-2 1 273H778v274h547q67 0 114-47 46-46 45-113V595q0-67-45-113-46-46-114-47z"/>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="192" height="192" viewBox="0 0 1920 1920"><rect width="1920" height="1920" fill="#1872a2"/><path fill="#febf19" d="M390 595q0-84 61-145 60-60 144-60h730q85 0 145 60 60 61 60 145v730q0 84-60 145-60 60-145 60H595q-84 0-144-60-60-61-61-145zm935-160h-183v274H778v231l363-2 1 273H778v274h547q67 0 114-47 46-46 45-113V595q0-67-45-113-46-46-114-47z"/></svg>

images/friendica.svg

@@ -1,4 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="192" height="192" viewBox="0 0 1920 1920">
-	<rect fill="#1872a2" x="60" y="60" width="1800" height="1800" rx="333"/>
-	<path fill="#febf19" d="M40 371q0-136 98-234 98-97 234-97h1178q136 0 233 97 97 98 97 234v1178q0 136-97 234-97 97-233 97H372q-137 0-234-97-97-98-98-234Zm1510-258h-296v442H666v373l587-4 1 441H666v442h884q107 0 182-75 75-74 74-183V371q0-108-74-182-74-75-182-76z"/>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="192" height="192" viewBox="0 0 1920 1920"><rect width="1800" height="1800" x="60" y="60" fill="#1872a2" rx="333"/><path fill="#febf19" d="M40 371q0-136 98-234 98-97 234-97h1178q136 0 233 97 97 98 97 234v1178q0 136-97 234-97 97-233 97H372q-137 0-234-97-97-98-98-234Zm1510-258h-296v442H666v373l587-4 1 441H666v442h884q107 0 182-75 75-74 74-183V371q0-108-74-182-74-75-182-76z"/></svg>

mods/fpostit/friendica.svg

@@ -1,4 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="192" height="192" viewBox="0 0 1920 1920">
-	<rect fill="#1872a2" x="60" y="60" width="1800" height="1800" rx="333"/>
-	<path fill="#febf19" d="M40 371q0-136 98-234 98-97 234-97h1178q136 0 233 97 97 98 97 234v1178q0 136-97 234-97 97-233 97H372q-137 0-234-97-97-98-98-234Zm1510-258h-296v442H666v373l587-4 1 441H666v442h884q107 0 182-75 75-74 74-183V371q0-108-74-182-74-75-182-76z"/>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="192" height="192" viewBox="0 0 1920 1920"><rect width="1800" height="1800" x="60" y="60" fill="#1872a2" rx="333"/><path fill="#febf19" d="M40 371q0-136 98-234 98-97 234-97h1178q136 0 233 97 97 98 97 234v1178q0 136-97 234-97 97-233 97H372q-137 0-234-97-97-98-98-234Zm1510-258h-296v442H666v373l587-4 1 441H666v442h884q107 0 182-75 75-74 74-183V371q0-108-74-182-74-75-182-76z"/></svg>

src/App/Page.php

@@ -73,6 +73,8 @@ class Page implements ArrayAccess
 		'right_aside' => '',
 		'template'    => '',
 		'title'       => '',
+		'section'     => '',
+		'module'      => '',
 	];
 	/**
 	 * @var string The basepath of the page
@@ -509,6 +511,11 @@ class Page implements ArrayAccess
 
 		$page    = $this->page;
 
+		// add and escape some common but crucial content for direct "echo" in HTML (security)
+		$page['title']   = htmlspecialchars($page['title'] ?? '');
+		$page['section'] = htmlspecialchars($args->get(0) ?? 'generic');
+		$page['module']  = htmlspecialchars($args->getModuleName() ?? '');
+
 		header("X-Friendica-Version: " . App::VERSION);
 		header("Content-type: text/html; charset=utf-8");
 

src/Core/Protocol.php

@@ -52,7 +52,6 @@ class Protocol
 
 	// Supported through a connector
 	const DIASPORA2 = 'dspc';    // Diaspora connector
-	const LINKEDIN  = 'lnkd';    // LinkedIn
 	const PUMPIO    = 'pump';    // pump.io
 	const STATUSNET = 'stac';    // Statusnet connector
 	const TWITTER   = 'twit';    // Twitter
@@ -66,6 +65,7 @@ class Protocol
 	// Currently unsupported
 	const ICALENDAR = 'ical';    // iCalendar
 	const MYSPACE   = 'mysp';    // MySpace
+	const LINKEDIN  = 'lnkd';    // LinkedIn
 	const NEWS      = 'nntp';    // Network News Transfer Protocol
 	const PNUT      = 'pnut';    // pnut.io
 	const XMPP      = 'xmpp';    // XMPP

src/Model/GServer.php

@@ -44,7 +44,9 @@ use Friendica\Util\Network;
 use Friendica\Util\Strings;
 use Friendica\Util\XML;
 use Friendica\Network\HTTPException;
+use Friendica\Worker\UpdateGServer;
 use GuzzleHttp\Psr7\Uri;
+use Psr\Http\Message\UriInterface;
 
 /**
  * This class handles GServer related functions
@@ -99,11 +101,11 @@ class GServer
 	 */
 	public static function add(string $url, bool $only_nodeinfo = false)
 	{
-		if (self::getID($url, false)) {
+		if (self::getID($url)) {
 			return;
 		}
 
-		Worker::add(Worker::PRIORITY_LOW, 'UpdateGServer', $url, $only_nodeinfo);
+		UpdateGServer::add(Worker::PRIORITY_LOW, $url, $only_nodeinfo);
 	}
 
 	/**
@@ -164,6 +166,60 @@ class GServer
 		return DI::dba()->toArray($stmt);
 	}
 
+	/**
+	 * Checks if the given server array is unreachable for a long time now
+	 *
+	 * @param integer $gsid
+	 * @return boolean
+	 */
+	private static function isDefunct(array $gserver): bool
+	{
+		return ($gserver['failed'] || in_array($gserver['network'], Protocol::FEDERATED)) &&
+			($gserver['last_contact'] >= $gserver['created']) &&
+			($gserver['last_contact'] < $gserver['last_failure']) &&
+			($gserver['last_contact'] < DateTimeFormat::utc('now - 90 days'));
+	}
+
+	/**
+	 * Checks if the given server id is unreachable for a long time now
+	 *
+	 * @param integer $gsid
+	 * @return boolean
+	 */
+	public static function isDefunctById(int $gsid): bool
+	{
+		$gserver = DBA::selectFirst('gserver', ['url', 'next_contact', 'last_contact', 'last_failure', 'created', 'failed', 'network'], ['id' => $gsid]);
+		if (empty($gserver)) {
+			return false;
+		} else {
+			if (strtotime($gserver['next_contact']) < time()) {
+				UpdateGServer::add(Worker::PRIORITY_LOW, $gserver['url']);
+			}
+
+			return self::isDefunct($gserver);
+		}
+	}
+
+	/**
+	 * Checks if the given server id is reachable
+	 *
+	 * @param integer $gsid
+	 * @return boolean
+	 */
+	public static function isReachableById(int $gsid): bool
+	{
+		$gserver = DBA::selectFirst('gserver', ['url', 'next_contact', 'failed', 'network'], ['id' => $gsid]);
+		if (empty($gserver)) {
+			return true;
+		} else {
+			if (strtotime($gserver['next_contact']) < time()) {
+				UpdateGServer::add(Worker::PRIORITY_LOW, $gserver['url']);
+			}
+
+			return !$gserver['failed'] && in_array($gserver['network'], Protocol::FEDERATED);
+		}
+	}
+
 	/**
 	 * Checks if the given server is reachable
 	 *
@@ -200,7 +256,7 @@ class GServer
 		}
 
 		if (!empty($server) && (empty($gserver) || strtotime($gserver['next_contact']) < time())) {
-			Worker::add(Worker::PRIORITY_LOW, 'UpdateGServer', $server, false);
+			UpdateGServer::add(Worker::PRIORITY_LOW, $server);
 		}
 
 		return $reachable;
@@ -305,6 +361,47 @@ class GServer
 		return self::detect($server_url, $network, $only_nodeinfo);
 	}
 
+	/**
+	 * Reset failed server status by gserver id
+	 *
+	 * @param int    $gsid
+	 * @param string $network
+	 */
+	public static function setReachableById(int $gsid, string $network)
+	{
+		$gserver = DBA::selectFirst('gserver', ['url', 'failed', 'next_contact', 'network'], ['id' => $gsid]);
+		if (DBA::isResult($gserver) && $gserver['failed']) {
+			$fields = ['failed' => false, 'last_contact' => DateTimeFormat::utcNow()];
+			if (!empty($network) && !in_array($gserver['network'], Protocol::FEDERATED)) {
+				$fields['network'] = $network;
+			}
+			self::update($fields, ['id' => $gsid]);
+			Logger::info('Reset failed status for server', ['url' => $gserver['url']]);
+
+			if (strtotime($gserver['next_contact']) < time()) {
+				UpdateGServer::add(Worker::PRIORITY_LOW, $gserver['url']);
+			}
+		}
+	}
+
+	/**
+	 * Set failed server status by gserver id
+	 *
+	 * @param int $gsid
+	 */
+	public static function setFailureById(int $gsid)
+	{
+		$gserver = DBA::selectFirst('gserver', ['url', 'failed', 'next_contact'], ['id' => $gsid]);
+		if (DBA::isResult($gserver) && !$gserver['failed']) {
+			self::update(['failed' => true, 'last_failure' => DateTimeFormat::utcNow()], ['id' => $gsid]);
+			Logger::info('Set failed status for server', ['url' => $gserver['url']]);
+
+			if (strtotime($gserver['next_contact']) < time()) {
+				UpdateGServer::add(Worker::PRIORITY_LOW, $gserver['url']);
+			}
+		}
+	}
+
 	/**
 	 * Set failed server status
 	 *
@@ -334,18 +431,41 @@ class GServer
 	 *
 	 * @return string cleaned URL
 	 * @throws Exception
+	 * @deprecated since 2023.03 Use cleanUri instead
 	 */
 	public static function cleanURL(string $dirtyUrl): string
 	{
 		try {
-			$url = str_replace('/index.php', '', trim($dirtyUrl, '/'));
-			return (string)(new Uri($url))->withUserInfo('')->withQuery('')->withFragment('');
+			return (string)self::cleanUri(new Uri($dirtyUrl));
 		} catch (\Throwable $e) {
-			Logger::warning('Invalid URL', ['dirtyUrl' => $dirtyUrl, 'url' => $url]);
+			Logger::warning('Invalid URL', ['dirtyUrl' => $dirtyUrl]);
 			return '';
 		}
 	}
 
+	/**
+	 * Remove unwanted content from the given URI
+	 *
+	 * @param UriInterface $dirtyUri
+	 *
+	 * @return UriInterface cleaned URI
+	 * @throws Exception
+	 */
+	public static function cleanUri(UriInterface $dirtyUri): string
+	{
+		return $dirtyUri
+			->withUserInfo('')
+			->withQuery('')
+			->withFragment('')
+			->withPath(
+				preg_replace(
+					'#(?:^|/)index\.php#',
+					'',
+					rtrim($dirtyUri->getPath(), '/')
+				)
+			);
+	}
+
 	/**
 	 * Detect server data (type, protocol, version number, ...)
 	 * The detected data is then updated or inserted in the gserver table.

src/Module/ActivityPub/Objects.php

@@ -75,9 +75,7 @@ class Objects extends BaseModule
 			throw new HTTPException\NotFoundException();
 		}
 
-		$owner = User::getById($item['uid'], ['hidewall']);
-
-		$validated = empty($owner['hidewall']) && in_array($item['private'], [Item::PUBLIC, Item::UNLISTED]);
+		$validated = in_array($item['private'], [Item::PUBLIC, Item::UNLISTED]);
 
 		if (!$validated) {
 			$requester = HTTPSignature::getSigner('', $_SERVER);

src/Module/DFRN/Poll.php

@@ -37,13 +37,13 @@ class Poll extends BaseModule
 	{
 		$owner = User::getByNickname(
 			$this->parameters['nickname'] ?? '',
-			['nickname', 'blocked', 'account_expired', 'account_removed', 'hidewall']
+			['nickname', 'blocked', 'account_expired', 'account_removed']
 		);
 		if (!$owner || $owner['account_expired'] || $owner['account_removed']) {
 			throw new HTTPException\NotFoundException($this->t('User not found.'));
 		}
 
-		if ($owner['blocked'] || $owner['hidewall']) {
+		if ($owner['blocked']) {
 			throw new HTTPException\UnauthorizedException($this->t('Access to this profile has been restricted.'));
 		}
 

src/Module/Feed.php

@@ -65,7 +65,7 @@ class Feed extends BaseModule
 			throw new HTTPException\NotFoundException($this->t('User not found.'));
 		}
 
-		if ($owner['blocked'] || $owner['hidewall']) {
+		if ($owner['blocked']) {
 			throw new HTTPException\UnauthorizedException($this->t('Access to this profile has been restricted.'));
 		}
 

src/Protocol/ActivityPub/Transmitter.php

@@ -674,6 +674,20 @@ class Transmitter
 		}
 
 		$exclusive = false;
+		$mention   = false;
+
+		if ($is_forum_thread) {
+			foreach (Tag::getByURIId($item['parent-uri-id'], [Tag::MENTION, Tag::EXCLUSIVE_MENTION]) as $term) {
+				$profile = APContact::getByURL($term['url'], false);
+				if (!empty($profile) && ($profile['type'] == 'Group')) {
+					if ($term['type'] == Tag::EXCLUSIVE_MENTION) {
+						$exclusive = true;
+					} elseif ($term['type'] == Tag::MENTION) {
+						$mention = true;
+					}
+				}
+			}
+		}
 
 		$terms = Tag::getByURIId($item['uri-id'], [Tag::MENTION, Tag::IMPLICIT_MENTION, Tag::EXCLUSIVE_MENTION]);
 
@@ -704,6 +718,8 @@ class Transmitter
 						if (!empty($profile['followers']) && ($profile['type'] == 'Group')) {
 							$data['cc'][] = $profile['followers'];
 						}
+					} elseif (($term['type'] == Tag::MENTION) && ($profile['type'] == 'Group')) {
+						$mention = true;
 					}
 					$data['to'][] = $profile['url'];
 				}
@@ -726,12 +742,18 @@ class Transmitter
 							if (!empty($profile['followers']) && ($profile['type'] == 'Group')) {
 								$data['cc'][] = $profile['followers'];
 							}
+						} elseif (($term['type'] == Tag::MENTION) && ($profile['type'] == 'Group')) {
+							$mention = true;
 						}
 						$data['to'][] = $profile['url'];
 					}
 				}
 			}
 
+			if ($mention) {
+				$exclusive = false;
+			}
+
 			if ($is_forum && !$exclusive && !empty($follower)) {
 				$data['cc'][] = $follower;
 			} elseif (!$exclusive) {

src/Util/Network.php

@@ -29,6 +29,7 @@ use Friendica\Network\HTTPClient\Client\HttpClientAccept;
 use Friendica\Network\HTTPClient\Client\HttpClientOptions;
 use Friendica\Network\HTTPException\NotModifiedException;
 use GuzzleHttp\Psr7\Uri;
+use Psr\Http\Message\UriInterface;
 
 class Network
 {
@@ -177,11 +178,28 @@ class Network
 	 * @param string $url The url to check the domain from
 	 *
 	 * @return boolean
+	 *
+	 * @deprecated since 2023.03 Use isUriBlocked instead
 	 */
 	public static function isUrlBlocked(string $url): bool
 	{
-		$host = @parse_url($url, PHP_URL_HOST);
-		if (!$host) {
+		try {
+			return self::isUriBlocked(new Uri($url));
+		} catch (\Throwable $e) {
+			Logger::warning('Invalid URL', ['url' => $url]);
+			return false;
+		}
+	}
+
+	/**
+	 * Checks if the provided URI domain is on the domain blocklist.
+	 *
+	 * @param UriInterface $uri
+	 * @return boolean
+	 */
+	public static function isUriBlocked(UriInterface $uri): bool
+	{
+		if (!$uri->getHost()) {
 			return false;
 		}
 
@@ -191,7 +209,7 @@ class Network
 		}
 
 		foreach ($domain_blocklist as $domain_block) {
-			if (fnmatch(strtolower($domain_block['domain']), strtolower($host))) {
+			if (fnmatch(strtolower($domain_block['domain']), strtolower($uri->getHost()))) {
 				return true;
 			}
 		}

src/Worker/UpdateContact.php

@@ -23,6 +23,7 @@ namespace Friendica\Worker;
 
 use Friendica\Core\Logger;
 use Friendica\Model\Contact;
+use Friendica\Network\HTTPException\InternalServerErrorException;
 
 class UpdateContact
 {
@@ -34,8 +35,33 @@ class UpdateContact
 	 */
 	public static function execute(int $contact_id)
 	{
+		// Silently dropping the task if the contact is blocked
+		if (Contact::isBlocked($contact_id)) {
+			return;
+		}
+
 		$success = Contact::updateFromProbe($contact_id);
 
 		Logger::info('Updated from probe', ['id' => $contact_id, 'success' => $success]);
 	}
+
+	/**
+	 * @param array|int $run_parameters Priority constant or array of options described in Worker::add
+	 * @param int       $contact_id
+	 * @return int
+	 * @throws InternalServerErrorException
+	 */
+	public static function add($run_parameters, int $contact_id): int
+	{
+		if (!$contact_id) {
+			throw new \InvalidArgumentException('Invalid value provided for contact_id');
+		}
+
+		// Dropping the task if the contact is blocked
+		if (Contact::isBlocked($contact_id)) {
+			return 0;
+		}
+
+		return Worker::add($run_parameters, 'UpdateContact', $contact_id);
+	}
 }

src/Worker/UpdateGServer.php

@@ -22,9 +22,14 @@
 namespace Friendica\Worker;
 
 use Friendica\Core\Logger;
+use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\Model\GServer;
+use Friendica\Network\HTTPException\InternalServerErrorException;
+use Friendica\Util\Network;
 use Friendica\Util\Strings;
+use GuzzleHttp\Psr7\Uri;
+use Psr\Http\Message\UriInterface;
 
 class UpdateGServer
 {
@@ -34,8 +39,9 @@ class UpdateGServer
 	 * @param string  $server_url    Server URL
 	 * @param boolean $only_nodeinfo Only use nodeinfo for server detection
 	 * @return void
+	 * @throws \Exception
 	 */
-	public static function execute(string $server_url, bool $only_nodeinfo = false)
+	public static function execute(string $server_url, bool $only_nodeinfo)
 	{
 		if (empty($server_url)) {
 			return;
@@ -47,6 +53,11 @@ class UpdateGServer
 			return;
 		}
 
+		// Silently dropping the worker task if the server domain is blocked
+		if (Network::isUrlBlocked($filtered)) {
+			return;
+		}
+
 		if (($filtered != $server_url) && DBA::exists('gserver', ['nurl' => Strings::normaliseLink($server_url)])) {
 			GServer::setFailure($server_url);
 			return;
@@ -61,4 +72,23 @@ class UpdateGServer
 		$ret = GServer::check($filtered, '', true, $only_nodeinfo);
 		Logger::info('Updated gserver', ['url' => $filtered, 'result' => $ret]);
 	}
+
+	/**
+	 * @param array|int $run_parameters Priority constant or array of options described in Worker::add
+	 * @param string    $serverUrl
+	 * @param bool      $onlyNodeInfo   Only use NodeInfo for server detection
+	 * @return int
+	 * @throws InternalServerErrorException
+	 */
+	public static function add($run_parameters, string $serverUrl, bool $onlyNodeInfo = false): int
+	{
+		// Dropping the worker task if the server domain is blocked
+		if (Network::isUrlBlocked($serverUrl)) {
+			return 0;
+		}
+
+		// We have to convert the Uri back to string because worker parameters are saved in JSON format which
+		// doesn't allow for structured objects.
+		return Worker::add($run_parameters, 'UpdateGServer', $serverUrl, $onlyNodeInfo);
+	}
 }

src/Worker/UpdateGServers.php

@@ -27,6 +27,7 @@ use Friendica\Database\DBA;
 use Friendica\DI;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Strings;
+use GuzzleHttp\Psr7\Uri;
 
 class UpdateGServers
 {
@@ -63,12 +64,12 @@ class UpdateGServers
 			// There are duplicated "url" but not "nurl". So we check both addresses instead of just overwriting them,
 			// since that would mean loosing data.
 			if (!empty($gserver['url'])) {
-				if (Worker::add(Worker::PRIORITY_LOW, 'UpdateGServer', $gserver['url'])) {
+				if (UpdateGServer::add(Worker::PRIORITY_LOW, $gserver['url'])) {
 					$count++;
 				}
 			}
 			if (!empty($gserver['nurl']) && ($gserver['nurl'] != Strings::normaliseLink($gserver['url']))) {
-				if (Worker::add(Worker::PRIORITY_LOW, 'UpdateGServer', $gserver['nurl'])) {
+				if (UpdateGServer::add(Worker::PRIORITY_LOW, $gserver['nurl'])) {
 					$count++;
 				}
 			}

tests/src/Model/GServerTest.php

@@ -0,0 +1,76 @@
+<?php
+/**
+ * @copyright Copyright (C) 2010-2023, the Friendica project
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace Friendica\Test\src\Model;
+
+use Friendica\Model\GServer;
+use GuzzleHttp\Psr7\Uri;
+use Psr\Http\Message\UriInterface;
+
+class GServerTest extends \PHPUnit\Framework\TestCase
+{
+	public function dataCleanUri(): array
+	{
+		return [
+			'full-monty' => [
+				'expected' => new Uri('https://example.com/path'),
+				'dirtyUri' => new Uri('https://user:password@example.com/path?query=string#fragment'),
+			],
+			'index.php' => [
+				'expected' => new Uri('https://example.com'),
+				'dirtyUri' => new Uri('https://example.com/index.php'),
+			],
+			'index.php-2' => [
+				'expected' => new Uri('https://example.com/path/to/resource'),
+				'dirtyUri' => new Uri('https://example.com/index.php/path/to/resource'),
+			],
+			'index.php-path' => [
+				'expected' => new Uri('https://example.com/path/to'),
+				'dirtyUri' => new Uri('https://example.com/path/to/index.php'),
+			],
+			'index.php-path-2' => [
+				'expected' => new Uri('https://example.com/path/to/path/to/resource'),
+				'dirtyUri' => new Uri('https://example.com/path/to/index.php/path/to/resource'),
+			],
+			'index.php-slash' => [
+				'expected' => new Uri('https://example.com'),
+				'dirtyUri' => new Uri('https://example.com/index.php/'),
+			],
+			'index.php-slash-2' => [
+				'expected' => new Uri('https://example.com/path/to/resource'),
+				'dirtyUri' => new Uri('https://example.com/index.php/path/to/resource/'),
+			],
+		];
+	}
+
+	/**
+	 * @dataProvider dataCleanUri
+	 *
+	 * @param UriInterface $expected
+	 * @param UriInterface $dirtyUri
+	 * @return void
+	 * @throws \Exception
+	 */
+	public function testCleanUri(UriInterface $expected, UriInterface $dirtyUri)
+	{
+		$this->assertEquals($expected, GServer::cleanUri($dirtyUri));
+	}
+}

view/theme/frio/php/default.php

@@ -77,7 +77,7 @@ $is_singleuser_class = $is_singleuser ? "is-singleuser" : "is-not-singleuser";
 ?>
 	</head>
 
-	<body id="top" class="mod-<?php echo DI::args()->getModuleName() . " " . $is_singleuser_class . " " . $view_mode_class;?>">
+	<body id="top" class="mod-<?php echo $page['module'] . " " . $is_singleuser_class . " " . $view_mode_class;?>">
 		<a href="#content" class="sr-only sr-only-focusable"><?php echo DI::l10n()->t('Skip to main content'); ?></a>
 <?php
 	if (!empty($page['nav']) && !$minimal) {
@@ -125,7 +125,7 @@ $is_singleuser_class = $is_singleuser ? "is-singleuser" : "is-not-singleuser";
 
 					<div class="col-lg-7 col-md-7 col-sm-12 col-xs-12" id="content">
 						<section class="sectiontop ';
-							echo DI::args()->get(0, 'generic');
+							echo $page['section'] ?? '';
 							echo '-content-wrapper">';
 							if (!empty($page['content'])) {
 								echo $page['content'];