Bug fix in ACL\Login: mnake sure ['base'] acl is int

It has to be int or null but because the SQL result is undefined (string)
it needs to be converted on return if it is a numeric value, else
null will be returned (it is the edit access id PK so it has to be
numeric)

www/configs/config.master.php

@@ -222,7 +222,17 @@ if ($is_secure) {
 }
 // define the db config set name, the db config and the db schema
 define('DB_CONFIG_NAME', $SITE_CONFIG[HOST_NAME]['db_host'] ?? '');
-define('DB_CONFIG', $DB_CONFIG[DB_CONFIG_NAME] ?? []);
+define('DB_CONFIG', $DB_CONFIG[DB_CONFIG_NAME] ?? [
+	'db_name' => '',
+	'db_user' => '',
+	'db_pass' => '',
+	'db_host' => '',
+	'db_port' => 5432,
+	'db_schema' => '',
+	'db_encoding' => '',
+	'db_type' => '',
+	'db_ssl' => ''
+]);
 // because we can't change constant, but we want to for db debug flag
 $GLOBALS['DB_CONFIG_SET'] = DB_CONFIG;
 // define('DB_CONFIG_TARGET', SITE_CONFIG[$HOST_NAME]['db_host_target']);

www/includes/admin_header.php

@@ -87,7 +87,7 @@ $l10n = new \CoreLibs\Language\L10n(
 	$locale['locale'],
 	$locale['domain'],
 	$locale['path'],
-	$locale['encoding']
+	$locale['encoding'],
 );
 
 // create smarty object

www/layout/admin/javascript/edit.jq.js

@@ -85,6 +85,21 @@ function getScrollOffset()
 	};
 }
 
+/**
+ * wrapper to get the correct scroll offset for opener page (from popup)
+ * @return {Object} object with x/y px
+ */
+function getScrollOffsetOpener() // eslint-disable-line no-unused-vars
+{
+	var left, top;
+	left = opener.window.pageXOffset || (opener.document.documentElement.scrollLeft || opener.document.body.scrollLeft);
+	top = opener.window.pageYOffset || (opener.document.documentElement.scrollTop || opener.document.body.scrollTop);
+	return {
+		left: left,
+		top: top
+	};
+}
+
 /**
  * centers div to current window size middle
  * @param {String}  id   element to center

www/lib/CoreLibs/ACL/Login.php

@@ -231,8 +231,6 @@ class Login
 	) {
 		// attach db class
 		$this->db = $db;
-		// log login data for this class only
-		$log->setLogFlag(\CoreLibs\Logging\Logger\Flag::per_class);
 		// attach logger
 		$this->log = $log;
 		// attach session class
@@ -1060,9 +1058,9 @@ class Login
 					];
 					// set the default unit
 					if ($res['edit_default']) {
-						$_SESSION['UNIT_DEFAULT'] = $res['edit_access_id'];
+						$_SESSION['UNIT_DEFAULT'] = (int)$res['edit_access_id'];
 					}
-					$_SESSION['UNIT_UID'][$res['uid']] = $res['edit_access_id'];
+					$_SESSION['UNIT_UID'][$res['uid']] = (int)$res['edit_access_id'];
 					// sub arrays for simple access
 					array_push($eauid, $res['edit_access_id']);
 					$unit_acl[$res['edit_access_id']] = $res['level'];
@@ -1148,18 +1146,18 @@ class Login
 			// user > page > group
 			// group ACL 0
 			if ($_SESSION['GROUP_ACL_LEVEL'] != -1) {
-				$this->acl['base'] = $_SESSION['GROUP_ACL_LEVEL'];
+				$this->acl['base'] = (int)$_SESSION['GROUP_ACL_LEVEL'];
 			}
 			// page ACL 1
 			if (
 				isset($_SESSION['PAGES_ACL_LEVEL'][$this->page_name]) &&
 				$_SESSION['PAGES_ACL_LEVEL'][$this->page_name] != -1
 			) {
-				$this->acl['base'] = $_SESSION['PAGES_ACL_LEVEL'][$this->page_name];
+				$this->acl['base'] = (int)$_SESSION['PAGES_ACL_LEVEL'][$this->page_name];
 			}
 			// user ACL 2
 			if ($_SESSION['USER_ACL_LEVEL'] != -1) {
-				$this->acl['base'] = $_SESSION['USER_ACL_LEVEL'];
+				$this->acl['base'] = (int)$_SESSION['USER_ACL_LEVEL'];
 			}
 		}
 		$_SESSION['BASE_ACL_LEVEL'] = $this->acl['base'];
@@ -2347,7 +2345,10 @@ HTML;
 			is_array($_SESSION['UNIT']) &&
 			!array_key_exists($edit_access_id, $_SESSION['UNIT'])
 		) {
-			return $_SESSION['UNIT_DEFAULT'] ?? null;
+			$edit_access_id = null;
+			if (is_numeric($_SESSION['UNIT_DEFAULT'])) {
+				$edit_access_id = (int)$_SESSION['UNIT_DEFAULT'];
+			}
 		}
 		return $edit_access_id;
 	}

www/lib/CoreLibs/Admin/Backend.php

@@ -164,6 +164,10 @@ class Backend
 			);
 		}
 		$this->default_acl = $set_default_acl_level ?? DEFAULT_ACL_LEVEL;
+		// if negative or larger than 100, reset to 0
+		if ($this->default_acl < 0 || $this->default_acl > 100) {
+			$this->default_acl = 0;
+		}
 
 		// queue key
 		if (preg_match("/^(add|save|delete|remove|move|up|down|push_live)$/", $this->action)) {

www/lib/CoreLibs/DB/IO.php

@@ -309,7 +309,7 @@ class IO
 	// basic vars
 	// the dbh handler, if disconnected by command is null, bool:false on error,
 	/** @var \PgSql\Connection|false|null */
-	private \PgSql\Connection|false|null $dbh;
+	private \PgSql\Connection|false|null $dbh = null;
 	/** @var bool DB_DEBUG ... (if set prints out debug msgs) */
 	private bool $db_debug = false;
 	/** @var string the DB connected to */
@@ -814,13 +814,13 @@ class IO
 		switch ($id) {
 			case 'DB_ERROR':
 				$this->log->error(
-					$debug_id . ' :' . $prefix . $error_string,
+					$prefix . $error_string,
 					$context
 				);
 				break;
 			case 'DB_WARNING':
 				$this->log->warning(
-					$debug_id . ' :' . $prefix . $error_string,
+					$prefix . $error_string,
 					$context
 				);
 				break;
@@ -2057,10 +2057,11 @@ class IO
 	/**
 	 * this is only needed for Postgresql. Converts postgresql arrays to PHP
 	 * Recommended to rather user 'array_to_json' instead and convet JSON in PHP
+	 * or if ARRAY_AGG -> JSONB_AGG
 	 *
 	 * @param  string $text input text to parse to an array
 	 * @return array<mixed> PHP array of the parsed data
-	 * @deprecated Recommended to use 'array_to_json' in PostgreSQL instead
+	 * @deprecated Recommended to use 'array_to_json/jsonb_agg' in PostgreSQL instead
 	 */
 	public function dbArrayParse(string $text): array
 	{