From c693007fc40709337b59f3a46909a6e93a748b31 Mon Sep 17 00:00:00 2001
From: lesion <lesion@autistici.org>
Date: Wed, 18 Sep 2024 12:29:59 +0200
Subject: [PATCH 1/6] fix: validate tag, fix #464

---
 server/api/controller/event.js |  6 ++++++
 server/api/controller/tag.js   |  2 +-
 tests/app.test.js              | 12 +++++++++++-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/server/api/controller/event.js b/server/api/controller/event.js
index 63c77e83..46fbe2f4 100644
--- a/server/api/controller/event.js
+++ b/server/api/controller/event.js
@@ -545,6 +545,9 @@ const eventController = {
       // create/assign tags
       let tags = []
       if (body.tags) {
+        if (!Array.isArray(body.tags)) {
+          return res.status(400).send('tags field must be an array')
+        }
         tags = await tagController._findOrCreate(body.tags)
         await event.setTags(tags)
       }
@@ -691,6 +694,9 @@ const eventController = {
       // create/assign tags
       let tags = []
       if (body.tags) {
+        if (!Array.isArray(body.tags)) {
+          return res.status(400).send('tags field must be an array')
+        }
         tags = await tagController._findOrCreate(body.tags)
       }
       await event.setTags(tags)
diff --git a/server/api/controller/tag.js b/server/api/controller/tag.js
index 27735c1d..affbb19a 100644
--- a/server/api/controller/tag.js
+++ b/server/api/controller/tag.js
@@ -11,7 +11,7 @@ module.exports = {
 
   async _findOrCreate (tags) {
     // trim tags
-    const trimmedTags = tags.map(t => t.trim())
+    const trimmedTags = tags?.map(t => t.trim())
 
     // search for already existing tags (case insensitive, note that LOWER sql function is not the same as toLocaleLowerCase due to #329)
     const existingTags = await sequelize.query(`SELECT * FROM ${escapeCol('tags')} where LOWER(${escapeCol('tag')}) in (${tags.map(t => 'LOWER(?)').join(',')})`,
diff --git a/tests/app.test.js b/tests/app.test.js
index 536dad0a..03652f5b 100644
--- a/tests/app.test.js
+++ b/tests/app.test.js
@@ -401,6 +401,16 @@ describe('Tags', () => {
     expect(event.body.tags).toStrictEqual(['ciao'])
   })
 
+  test('should not allow non-array tags field', async () => {
+    const response = await request(app).post('/api/event')
+      .send({ title: 'test non-array tags', place_id: places[1], start_datetime: dayjs().unix() + 1000, tags: 'Tag1' })
+      .auth(token.access_token, { type: 'bearer' })
+      .expect(400)
+
+    expect(response.text).toBe('tags field must be an array')
+
+  })
+
   test('should create event trimming tags / ignore sensitiviness', async () => {
     const ret = await request(app).post('/api/event')
       .send({ title: 'test trimming tags', place_id: places[1], start_datetime: dayjs().unix() + 1000, tags: ['Tag1', 'taG2 '] })
@@ -477,7 +487,7 @@ describe('Place', () => {
       .expect(200)
 
     expect(response.body.place.name).toBe('place name 2')
-    expect(response.body.events.length).toBe(3)
+    expect(response.body.events.length).toBe(4)
     expect(response.body.events[0].place.name).toBe('place name 2')
   })
 

From ee12eaf410913e9c53b859dbf7c3fd83438ade15 Mon Sep 17 00:00:00 2001
From: lesion <lesion@autistici.org>
Date: Wed, 18 Sep 2024 15:04:18 +0200
Subject: [PATCH 2/6] minor on Announce response #461

---
 server/federation/ego.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/federation/ego.js b/server/federation/ego.js
index d26de82c..5b8a0a9a 100644
--- a/server/federation/ego.js
+++ b/server/federation/ego.js
@@ -5,8 +5,8 @@ const log = require('../log')
 module.exports = {
   async boost (req, res) {
     if (typeof req.body?.object !== 'string') {
-      log.debug('[FEDI] Igonre Boost for a whole object? %s', JSON.stringify(req.body?.object))
-      return res.status(404).send('?')
+      log.debug('[FEDI] Ignore Announce for a whole object (Announce are currently supported for internal events only): %s', JSON.stringify(req.body?.object))
+      return res.status(404).send('Announce is supported for internal events only')
     }
     const match = req.body?.object?.match(`${config.baseurl}/federation/m/(.*)`)
     if (!match || match.length < 2) {

From ad014db451bd09c62a5f7320681d9bd8f062f95d Mon Sep 17 00:00:00 2001
From: lesion <lesion@autistici.org>
Date: Wed, 18 Sep 2024 15:45:08 +0200
Subject: [PATCH 3/6] fix: show frequent tags by default when filling tags
 without typing, fix #452

---
 pages/add/_edit.vue          |  3 +++
 server/api/controller/tag.js | 10 ++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/pages/add/_edit.vue b/pages/add/_edit.vue
index d2294500..50481268 100644
--- a/pages/add/_edit.vue
+++ b/pages/add/_edit.vue
@@ -177,6 +177,9 @@ export default {
       disableAddress: false
     }
   },
+  mounted () {
+    this.$nextTick( async () => this.tags = await this.$axios.$get('/tag') )
+  },
   head() {
     return {
       title: `${this.settings.title} - ${this.$t('common.add_event')}`
diff --git a/server/api/controller/tag.js b/server/api/controller/tag.js
index affbb19a..122e4e6c 100644
--- a/server/api/controller/tag.js
+++ b/server/api/controller/tag.js
@@ -72,13 +72,15 @@ module.exports = {
    * sorted by usage
   */
   async search (req, res) {
-    const search = req.query.search
+    const search = req?.query?.search
+    let where = { }
+    if (search) {
+      where = { tag: { [Op.like]: `%${search}%` } }
+    }
     const tags = await Tag.findAll({
       order: [[fn('COUNT', col('tag.tag')), 'DESC']],
       attributes: ['tag'],
-      where: {
-        tag: { [Op.like]: `%${search}%` }
-      },
+      where,
       include: [{ model: Event, where: { is_visible: true }, attributes: [], through: { attributes: [] }, required: true }],
       group: ['tag.tag'],
       limit: 10,

From 0f2d51bec49226411139c2888483d11794b33c93 Mon Sep 17 00:00:00 2001
From: lesion <lesion@autistici.org>
Date: Wed, 18 Sep 2024 15:54:11 +0200
Subject: [PATCH 4/6] fix: add custom css documentation on fixed footer, fix
 #451

---
 docs/usage/custom_css.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/usage/custom_css.md b/docs/usage/custom_css.md
index a13222fc..cc37fc66 100644
--- a/docs/usage/custom_css.md
+++ b/docs/usage/custom_css.md
@@ -13,6 +13,7 @@ Is it possible to modify the style by integrating some custom css in `Admin > Th
 Don't imagine you can accomplish miracles because the templates are not designed to be easily modified,
 but don't be afraid to [open an issue](https://framagit.org/les/gancio/-/issues) or even better a PR to add some css selectors or some usage examples to this page.
 
+Also that for every element you want to change the style to, you need to overload the style already there: css has an order to choose which one to use, in case of conflict the more specific selector win (or you need to specify !important).
 
 ### Remove navbar
 ```css
@@ -21,5 +22,15 @@ but don't be afraid to [open an issue](https://framagit.org/les/gancio/-/issues)
 }
 ```
 
+### Fixed footer
+```css
+footer.v-footer {
+  position: fixed;
+  bottom: 0px;
+  width: 100%;
+}
+```
+
 > info "References"
 > [#413](https://framagit.org/les/gancio/-/issues/413)
+> [#451](https://framagit.org/les/gancio/-/issues/451)

From 1520d40e39bd4698507d5b72f65687471e7ad80f Mon Sep 17 00:00:00 2001
From: lesion <lesion@autistici.org>
Date: Wed, 18 Sep 2024 15:54:46 +0200
Subject: [PATCH 5/6] minor

---
 docs/usage/custom_css.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/usage/custom_css.md b/docs/usage/custom_css.md
index cc37fc66..bfd7425d 100644
--- a/docs/usage/custom_css.md
+++ b/docs/usage/custom_css.md
@@ -13,7 +13,7 @@ Is it possible to modify the style by integrating some custom css in `Admin > Th
 Don't imagine you can accomplish miracles because the templates are not designed to be easily modified,
 but don't be afraid to [open an issue](https://framagit.org/les/gancio/-/issues) or even better a PR to add some css selectors or some usage examples to this page.
 
-Also that for every element you want to change the style to, you need to overload the style already there: css has an order to choose which one to use, in case of conflict the more specific selector win (or you need to specify !important).
+Also note that for every element you want to change the style to, you need to overload the style already there: css has an order to choose which one to use, in case of conflict the more specific selector win (or you need to specify !important).
 
 ### Remove navbar
 ```css

From 1c8eb72ad171e8b627f4d9d3153ca3904312e6df Mon Sep 17 00:00:00 2001
From: lesion <lesion@autistici.org>
Date: Wed, 18 Sep 2024 17:25:04 +0200
Subject: [PATCH 6/6] fix: avoid collection in home usage on query, fix #458

---
 server/api/controller/event.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/api/controller/event.js b/server/api/controller/event.js
index 46fbe2f4..8e3c22dd 100644
--- a/server/api/controller/event.js
+++ b/server/api/controller/event.js
@@ -962,7 +962,7 @@ const eventController = {
     const show_recurrent = settings.allow_recurrent_event && helpers.queryParamToBool(req.query.show_recurrent, settings.recurrent_event_visible)
 
     let events = []
-    if (settings.collection_in_home && !(tags || places)) {
+    if (settings.collection_in_home && !(tags || places || query)) {
       events = await collectionController._getEvents({
         name: settings.collection_in_home,
         start,