From 7b34abe3a34bc00ed597862654050599f9949829 Mon Sep 17 00:00:00 2001
From: Craig Knudsen <craig@k5n.us>
Date: Mon, 2 Oct 2023 08:49:42 -0400
Subject: [PATCH 1/4] Removed delete image since it does not seem to be
 supported by dockerhub

---
 .github/workflows/docker-dev.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/docker-dev.yml b/.github/workflows/docker-dev.yml
index bbd9dd150..b7b5956bf 100644
--- a/.github/workflows/docker-dev.yml
+++ b/.github/workflows/docker-dev.yml
@@ -67,8 +67,10 @@ jobs:
           do
               if [ $COUNTER -ge $KEEP_LAST_N_IMAGES ]
               then
-                  echo "Deleting tag $TAG"
-                  curl -i -X DELETE -u $DOCKER_HUB_USERNAME:$DOCKER_HUB_PASSWORD https://hub.docker.com/v2/repositories/$DOCKER_HUB_REPO/tags/$TAG/
+                  echo "The following tag should be deleted: $TAG"
+                  # Commenting out the actual delete since dockerhub does not seem to support delete via curl :-(
+                  # echo "Deleting tag $TAG"
+                  # curl -i -X DELETE -u $DOCKER_HUB_USERNAME:$DOCKER_HUB_PASSWORD https://hub.docker.com/v2/repositories/$DOCKER_HUB_REPO/tags/$TAG/
               else
                   echo "Keeping tag $TAG"
               fi

From ad4484174ef9d3253d2bf6b02af2f03b8e05c732 Mon Sep 17 00:00:00 2001
From: Craig Knudsen <craig@k5n.us>
Date: Mon, 2 Oct 2023 11:35:34 -0400
Subject: [PATCH 2/4] Fixed CSRF issue with logout link - Logout link now
 includes CSRF token.

---
 includes/menu.php    |  3 +++
 includes/trailer.php |  3 +++
 login.php            | 13 +++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/includes/menu.php b/includes/menu.php
index 6bf0363c5..c0573194b 100644
--- a/includes/menu.php
+++ b/includes/menu.php
@@ -181,6 +181,9 @@
     $logout_url = $login_url . '&';
   }
   $logout_url .= 'action=logout';
+  if (empty($CSRF_PROTECTION) || $CSRF_PROTECTION != 'N') {
+    $logout_url .= '&amp;csrf_form_key=' . getFormKey();
+  }
   // Should we use another application's login/logout pages?
   if (substr($GLOBALS['user_inc'], 0, 9) == 'user-app-') {
     global $app_login_page, $app_logout_page;
diff --git a/includes/trailer.php b/includes/trailer.php
index ac46b9693..cba9a553b 100644
--- a/includes/trailer.php
+++ b/includes/trailer.php
@@ -230,6 +230,9 @@
       $login_url .= '?return_path=' . $login_return_path;
       $logout_url .= $login_url . '&action=logout';
     }
+    if (empty($CSRF_PROTECTION) || $CSRF_PROTECTION != 'N') {
+      $logout_url .= '&amp;csrf_form_key=' . getFormKey();
+    }
 
     // Should we use another application's login/logout pages?
     if ( substr ( $GLOBALS['user_inc'], 0, 9 ) == 'user-app-' ) {
diff --git a/login.php b/login.php
index 4ac0e9063..0b4181b14 100644
--- a/login.php
+++ b/login.php
@@ -54,6 +54,19 @@
 $logout = false;
 $action = getGetValue('action');
 if (!empty($action) && $action == 'logout') {
+  if (empty($CSRF_PROTECTION) || $CSRF_PROTECTION != 'N') {
+    if (empty($_REQUEST['csrf_form_key']) || empty($_SESSION['csrf_form_key'])) {
+      die_miserable_death (translate('Fatal Error') . ': '
+         . translate('Invalid form request'));
+    }
+    $formKey = $_REQUEST['csrf_form_key'];
+    if ($formKey == $_SESSION['csrf_form_key'] && !empty($_SESSION['csrf_form_key'])) {
+      // Okay to proceed
+    } else {
+      die_miserable_death ( translate ( 'Fatal Error' ) . ': '
+         . translate ( 'Invalid form request' ) );
+    }
+  }
   $logout = true;
   $return_path = '';
   sendCookie('webcalendar_login', '', 0);

From 57db221c1212b6c48821164752b7ab737c7c1b78 Mon Sep 17 00:00:00 2001
From: Craig Knudsen <craig@k5n.us>
Date: Mon, 2 Oct 2023 11:41:06 -0400
Subject: [PATCH 3/4] Update version to v1.9.10

---
 UPGRADING.html                   | 2 +-
 composer.json                    | 2 +-
 includes/config.php              | 4 ++--
 install/default_config.php       | 2 +-
 install/sql/upgrade-db2.sql      | 2 +-
 install/sql/upgrade-ibase.sql    | 2 +-
 install/sql/upgrade-mssql.sql    | 2 +-
 install/sql/upgrade-mysql.sql    | 2 +-
 install/sql/upgrade-oracle.sql   | 2 +-
 install/sql/upgrade-postgres.sql | 2 +-
 install/sql/upgrade.sql          | 2 +-
 install/sql/upgrade_matrix.php   | 2 +-
 12 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/UPGRADING.html b/UPGRADING.html
index d63d51e88..b928d5f29 100644
--- a/UPGRADING.html
+++ b/UPGRADING.html
@@ -15,7 +15,7 @@ <h1>WebCalendar Upgrading Notes</h1>
     <table>
       <tr>
         <th>WebCalendar Version:</th>
-        <td>1.9.9</td>
+        <td>1.9.10</td>
       </tr>
     </table>
     <p><span class="note">Important News:</span> A major improvement beginning with Version 1.1 is the addition of an automated installation script. This script will guide you through the installation process and help identify any problem areas that might prevent successful installation or operation of WebCalendar.
diff --git a/composer.json b/composer.json
index 0c93c38af..bd0811f59 100644
--- a/composer.json
+++ b/composer.json
@@ -2,7 +2,7 @@
   "name": "k5n/webcalendar",
   "type": "project",
   "description": "Multi-user web-based calendar app",
-  "version": "1.9.9",
+  "version": "1.9.10",
   "homepage": "https://www.k5n.us/webcalendar/",
   "authors": [
     {
diff --git a/includes/config.php b/includes/config.php
index a50c54d99..b6b3600de 100644
--- a/includes/config.php
+++ b/includes/config.php
@@ -161,9 +161,9 @@ function do_config()
   ];
 
   // When changing PROGRAM VERSION, also change it in install/default_config.php
-  $PROGRAM_VERSION = 'v1.9.9';
+  $PROGRAM_VERSION = 'v1.9.10';
   // Update PROGRAM_DATE with official release data
-  $PROGRAM_DATE = '12 Sep 2023';
+  $PROGRAM_DATE = '02 Oct 2023';
 
   $PROGRAM_NAME = 'WebCalendar ' . "$PROGRAM_VERSION ($PROGRAM_DATE)";
   $PROGRAM_URL = 'http://k5n.us/wp/webcalendar/';
diff --git a/install/default_config.php b/install/default_config.php
index 071b72591..150ba58bc 100644
--- a/install/default_config.php
+++ b/install/default_config.php
@@ -153,7 +153,7 @@
   'USER_RSS_ENABLED' => 'N',
   'USER_SEES_ONLY_HIS_GROUPS' => 'Y',
   'USER_SORT_ORDER' => 'cal_lastname, cal_firstname',
-  'WEBCAL_PROGRAM_VERSION' => 'v1.9.9',
+  'WEBCAL_PROGRAM_VERSION' => 'v1.9.10',
   'WEEK_START' => '0',
   'WEEKEND_START' => '6',
   'WEEKENDBG' => '#d0d0d0',
diff --git a/install/sql/upgrade-db2.sql b/install/sql/upgrade-db2.sql
index 5b3aadb9f..da42dbfd8 100644
--- a/install/sql/upgrade-db2.sql
+++ b/install/sql/upgrade-db2.sql
@@ -301,4 +301,4 @@ ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(255);
 update webcal_entry_categories SET cat_owner = '' WHERE cat_owner IS NULL;
 ALTER TABLE webcal_entry_categories ADD PRIMARY KEY (cal_id, cat_id, cat_order, cat_owner);
 /*upgrade_v1.9.7*/
-/*upgrade_v1.9.9*/
+/*upgrade_v1.9.10*/
diff --git a/install/sql/upgrade-ibase.sql b/install/sql/upgrade-ibase.sql
index 2e76d967a..69798dd5e 100644
--- a/install/sql/upgrade-ibase.sql
+++ b/install/sql/upgrade-ibase.sql
@@ -316,4 +316,4 @@ ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(255);
 update webcal_entry_categories SET cat_owner = '' WHERE cat_owner IS NULL;
 ALTER TABLE webcal_entry_categories ADD PRIMARY KEY (cal_id, cat_id, cat_order, cat_owner);
 /*upgrade_v1.9.7*/
-/*upgrade_v1.9.9*/
+/*upgrade_v1.9.10*/
diff --git a/install/sql/upgrade-mssql.sql b/install/sql/upgrade-mssql.sql
index 3fd564890..c5a0d5e12 100644
--- a/install/sql/upgrade-mssql.sql
+++ b/install/sql/upgrade-mssql.sql
@@ -302,4 +302,4 @@ ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(255);
 update webcal_entry_categories SET cat_owner = '' WHERE cat_owner IS NULL;
 ALTER TABLE webcal_entry_categories ADD PRIMARY KEY (cal_id, cat_id, cat_order, cat_owner);
 /*upgrade_v1.9.7*/
-/*upgrade_v1.9.9*/
+/*upgrade_v1.9.10*/
diff --git a/install/sql/upgrade-mysql.sql b/install/sql/upgrade-mysql.sql
index 2950dcdbb..c55bb10a0 100644
--- a/install/sql/upgrade-mysql.sql
+++ b/install/sql/upgrade-mysql.sql
@@ -271,4 +271,4 @@ ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(255);
 update webcal_entry_categories SET cat_owner = '' WHERE cat_owner IS NULL;
 ALTER TABLE webcal_entry_categories ADD PRIMARY KEY (cal_id, cat_id, cat_order, cat_owner);
 /*upgrade_v1.9.6*/
-/*upgrade_v1.9.9*/
+/*upgrade_v1.9.10*/
diff --git a/install/sql/upgrade-oracle.sql b/install/sql/upgrade-oracle.sql
index 78dd90e66..f4128669e 100644
--- a/install/sql/upgrade-oracle.sql
+++ b/install/sql/upgrade-oracle.sql
@@ -299,4 +299,4 @@ ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(255);
 update webcal_entry_categories SET cat_owner = '' WHERE cat_owner IS NULL;
 ALTER TABLE webcal_entry_categories ADD PRIMARY KEY (cal_id, cat_id, cat_order, cat_owner);
 /*upgrade_v1.9.7*/
-/*upgrade_v1.9.9*/
+/*upgrade_v1.9.10*/
diff --git a/install/sql/upgrade-postgres.sql b/install/sql/upgrade-postgres.sql
index 984db394a..4b8a5f5bb 100644
--- a/install/sql/upgrade-postgres.sql
+++ b/install/sql/upgrade-postgres.sql
@@ -317,4 +317,4 @@ ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(255);
 update webcal_entry_categories SET cat_owner = '' WHERE cat_owner IS NULL;
 ALTER TABLE webcal_entry_categories ADD PRIMARY KEY (cal_id, cat_id, cat_order, cat_owner);
 /*upgrade_v1.9.7*/
-/*upgrade_v1.9.9*/
+/*upgrade_v1.9.10*/
diff --git a/install/sql/upgrade.sql b/install/sql/upgrade.sql
index 47a8f7ff2..9e620564d 100644
--- a/install/sql/upgrade.sql
+++ b/install/sql/upgrade.sql
@@ -617,4 +617,4 @@ ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(255);
 update webcal_entry_categories SET cat_owner = '' WHERE cat_owner IS NULL;
 ALTER TABLE webcal_entry_categories ADD PRIMARY KEY (cal_id, cat_id, cat_order, cat_owner);
 /*upgrade_v1.9.7*/
-/*upgrade_v1.9.9*/
+/*upgrade_v1.9.10*/
diff --git a/install/sql/upgrade_matrix.php b/install/sql/upgrade_matrix.php
index de110feff..46fe8a509 100644
--- a/install/sql/upgrade_matrix.php
+++ b/install/sql/upgrade_matrix.php
@@ -1,6 +1,6 @@
 <?php
 //Program Version for this release
-$PROGRAM_VERSION = 'v1.9.9';
+$PROGRAM_VERSION = 'v1.9.10';
 
 //array element[0] = sql insertion testy
 //array element[1] = sql delete to clean up

From f6326718a56b1e34925d7934eaa06ff5eb5a948a Mon Sep 17 00:00:00 2001
From: Craig Knudsen <craig@k5n.us>
Date: Mon, 2 Oct 2023 11:50:46 -0400
Subject: [PATCH 4/4] Added missing file

---
 composer.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.lock b/composer.lock
index ef9dea9ff..d7adbc7a6 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "c4501e167a7d34885c54756f3591dbc6",
+    "content-hash": "c1feaefa310526e57a89a1f696f398e3",
     "packages": [
         {
             "name": "ckeditor/ckeditor",