Merge branch 'master' into tagging

2017-09-24 16:59:56 -07:00 · 2017-09-24 16:59:56 -07:00 · 8b7ab90836
commit 8b7ab90836
parent 4d3b0577c9 866dc9a9b3
39 changed files with 366 additions and 130 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+Hubzilla 2.6.3 (2017-09-18)
+	- Fix anonymous comments/likes on photos - this is not yet implemented
+	- Fix favicon not displayed on certain pages
+	- Fix hubzilla logo icon for favicon and email notifications
+	- Fix an issue with displaying selected theme in settings/display
+	- [SECURITY] Restrict the input characters we accept in token verification strings to hex digits
+	- Remove hubzilla.nl from fallback directory servers
+
 Hubzilla 2.6.2 (2017-08-31)
 	- Fix webfinger returns invalid XML (github issue #851)

--- a/Zotlabs/Daemon/Deliver.php
+++ b/Zotlabs/Daemon/Deliver.php
@ -53,29 +53,25 @@ class Deliver {
 						remove_queue_item($r[0]['outq_hash']);

 						if($dresult && is_array($dresult)) {
-							if(array_key_exists('iv',$dresult)) {
-								$dresult = json_decode(crypto_unencapsulate($dresult,get_config('system','prvkey')),true);
-							}
-							if(! $dresult) {
-								logger('dreport decryption failure');
-							}
-							else {
-								foreach($dresult as $xx) {
-									if(is_array($xx) && array_key_exists('message_id',$xx)) {
-										if(delivery_report_is_storable($xx)) {
-											q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ",
-												dbesc($xx['message_id']),
-												dbesc($xx['location']),
-												dbesc($xx['recipient']),
-												dbesc($xx['status']),
-												dbesc(datetime_convert($xx['date'])),
-												dbesc($xx['sender'])
-											);
-										}
+
+							// delivery reports for local deliveries do not require encryption
+
+							foreach($dresult as $xx) {
+								if(is_array($xx) && array_key_exists('message_id',$xx)) {
+									if(delivery_report_is_storable($xx)) {
+										q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ",
+											dbesc($xx['message_id']),
+											dbesc($xx['location']),
+											dbesc($xx['recipient']),
+											dbesc($xx['status']),
+											dbesc(datetime_convert($xx['date'])),
+											dbesc($xx['sender'])
+										);
 									}
 								}
 							}
 						}
+
 						q("delete from dreport where dreport_queue = '%s'",
 							dbesc($argv[$x])
 						);
--- a/Zotlabs/Daemon/Notifier.php
+++ b/Zotlabs/Daemon/Notifier.php
@ -59,6 +59,8 @@ require_once('include/bbcode.php');
 *
 * ZOT 
 *       permission_create      abook_id
+ *       permission_accept      abook_id
+ *       permission_reject      abook_id
 *       permission_update      abook_id
 *       refresh_all            channel_id
 *       purge_all              channel_id
@ -159,7 +161,7 @@ class Notifier {
 			$packet_type = 'keychange';
 			$normal_mode = false;
 		}
-		elseif($cmd == 'permission_update' || $cmd == 'permission_create') {
+		elseif(in_array($cmd, [ 'permission_update', 'permission_reject', 'permission_accept', 'permission_create' ])) {
 			// Get the (single) recipient	
 			$r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_self = 0",
 				intval($item_id)
@ -171,8 +173,12 @@ class Notifier {
 				if($channel) {
 					$perm_update = array('sender' => $channel, 'recipient' => $r[0], 'success' => false, 'deliveries' => '');	

-					if($cmd == 'permission_create')
+					if($cmd === 'permission_create')
 						call_hooks('permissions_create',$perm_update);
+					elseif($cmd === 'permission_accept')
+						call_hooks('permissions_accept',$perm_update);
+					elseif($cmd === 'permission_reject')
+						call_hooks('permissions_reject',$perm_update);
 					else
 						call_hooks('permissions_update',$perm_update);

--- a/Zotlabs/Lib/ActivityStreams.php
+++ b/Zotlabs/Lib/ActivityStreams.php
@ -58,7 +58,7 @@ class ActivityStreams {
 		$this->saved_recips = $arr;
 	}

-	function collect_recips($base = '',$namespace = 'https://www.w3.org/ns/activitystreams') {
+	function collect_recips($base = '',$namespace = '') {
 		$x = [];
 		$fields = [ 'to','cc','bto','bcc','audience'];
 		foreach($fields as $f) {
@ -75,7 +75,7 @@ class ActivityStreams {
 		return $x;
 	}

-	function expand($arr,$base = '',$namespace = 'https://www.w3.org/ns/activitystreams') {
+	function expand($arr,$base = '',$namespace = '') {
 		$ret = [];

 		// right now use a hardwired recursion depth of 5
@ -103,8 +103,12 @@ class ActivityStreams {

 	function get_namespace($base,$namespace) {

+		if(! $namespace)
+			return '';
+
 		$key = null;

+
 		foreach( [ $this->data, $base ] as $b ) {
 			if(! $b)
 				continue;
@ -135,7 +139,7 @@ class ActivityStreams {
 	}


-	function get_property_obj($property,$base = '',$namespace = 'https://www.w3.org/ns/activitystreams') {
+	function get_property_obj($property,$base = '',$namespace = '' ) {
 		$prefix = $this->get_namespace($base,$namespace);
 		if($prefix === null)
 			return null;	
@ -152,13 +156,13 @@ class ActivityStreams {
 		}

 		$x = z_fetch_url($url,true,$redirects,
-			['headers' => [ 'Accept: application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"']]);
+			['headers' => [ 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json' ]]);
 		if($x['success'])
 			return json_decode($x['body'],true);
 		return null;
 	}

-	function get_compound_property($property,$base = '',$namespace = 'https://www.w3.org/ns/activitystreams') {
+	function get_compound_property($property,$base = '',$namespace = '') {
 		$x = $this->get_property_obj($property,$base,$namespace);
 		if($this->is_url($x)) {
 			$x = $this->fetch_property($x); 	
@ -173,7 +177,7 @@ class ActivityStreams {
 		return false;
 	}

-	function get_primary_type($base = '',$namespace = 'https://www.w3.org/ns/activitystreams') {
+	function get_primary_type($base = '',$namespace = '') {
 		if(! $base)
 			$base = $this->data;
 		$x = $this->get_property_obj('type',$base,$namespace);
--- a/Zotlabs/Lib/LDSignatures.php
+++ b/Zotlabs/Lib/LDSignatures.php
@ -12,7 +12,10 @@ class LDSignatures {
 		$ohash = self::hash(self::signable_options($data['signature']));
 		$dhash = self::hash(self::signable_data($data));

-		return rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey);
+		$x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey);
+		logger('LD-verify: ' . intval($x));
+
+		return $x;
 	}

 	static function dopplesign(&$data,$channel) {
@ -35,7 +38,9 @@ class LDSignatures {
 		$options['signatureValue'] = base64_encode(rsa_sign($ohash . $dhash,$channel['channel_prvkey']));

 		$signed = array_merge([
-			'@context' => [ 'https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1' ],
+			'@context' => [ 
+				ACTIVITYSTREAMS_JSONLD_REV, 
+				'https://w3id.org/security/v1' ],
 			],$options);

 		return $signed;
@ -82,6 +87,8 @@ class LDSignatures {
 		if(! is_object($data))
 			return '';

+		jsonld_set_document_loader('jsonld_document_loader');
+
 		return jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]);
 	}

--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@ -21,7 +21,7 @@ class NativeWikiPage {
 		$sql_extra = item_permissions_sql($channel_id,$observer_hash);

 		$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and item_deleted = 0 
-			$sql_extra order by created asc",
+			$sql_extra order by title asc",
 			dbesc($resource_id),
 			intval($channel_id)
 		);
@ -74,6 +74,7 @@ class NativeWikiPage {
 		$arr['uid']           = $channel_id;
 		$arr['author_xchan']  = $observer_hash;
 		$arr['mimetype']      = $mimetype;
+		$arr['title']         = $name;
 		$arr['resource_type'] = 'nwikipage';
 		$arr['resource_id']   = $resource_id;
 		$arr['allow_cid']     = $w['wiki']['allow_cid'];
@ -139,8 +140,14 @@ class NativeWikiPage {
 		if($ic) {
 			foreach($ic as $c) {
 				set_iconfig($c['item_id'],'nwikipage','pagetitle',$pageNewName);
+				$ids[] = $c['item_id'];
 			}

+			$str_ids = implode(',', $ids);
+			q("update item set title = '%s' where id in ($str_ids)",
+				dbesc($pageNewName)
+			);
+
 			$page = [ 
 				'rawName'  => $pageNewName, 
 				'htmlName' => escape_tags($pageNewName), 
--- a/Zotlabs/Module/Admin/Site.php
+++ b/Zotlabs/Module/Admin/Site.php
@ -206,7 +206,7 @@ class Site {
 		// directory server should not be set or settable unless we are a directory client

 		if($dirmode == DIRECTORY_MODE_NORMAL) {
-			$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s'",
+			$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s' and site_dead = 0",
 				intval(DIRECTORY_MODE_SECONDARY),
 				intval(DIRECTORY_MODE_PRIMARY),
 				dbesc($realm)
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@ -123,7 +123,7 @@ class Channel extends \Zotlabs\Web\Controller {

 			//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);

-			$o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
+			// $o .= common_friends_visitor_widget(\App::$profile['profile_uid']);

 			if($channel && $is_owner) {
 				$channel_acl = array(
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@ -248,6 +248,10 @@ class Connedit extends \Zotlabs\Web\Controller {
 			notice( t('Failed to update connection record.') . EOL);

 		if(! intval(\App::$poi['abook_self'])) {
+			if($new_friend) {
+				\Zotlabs\Daemon\Master::Summon( [ 'Notifier', 'permission_accept', $contact_id ] ); 
+			}
+
 			\Zotlabs\Daemon\Master::Summon( [ 
 				'Notifier', 
 				(($new_friend) ? 'permission_create' : 'permission_update'), 
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@ -1041,7 +1041,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 				$likebuttons = '';
 	
-				if($can_post || $can_comment) {
+				if($observer && ($can_post || $can_comment)) {
 					$likebuttons = [
 						'id'       => $link_item['id'],
 						'likethis' => t("I like this \x28toggle\x29"),
@ -1053,7 +1053,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 				$comments = '';
 				if(! count($r)) {
-					if($can_post || $can_comment) {
+					if($observer && ($can_post || $can_comment)) {
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '', 
 							'$mode' => 'photos',
@ -1172,7 +1172,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 					}
 				
-					if($can_post || $can_comment) {
+					if($observer && ($can_post || $can_comment)) {
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '',
 							'$jsreload' => $return_url,
--- a/Zotlabs/Module/Pubsites.php
+++ b/Zotlabs/Module/Pubsites.php
@ -36,7 +36,8 @@ class Pubsites extends \Zotlabs\Web\Controller {
 				$o .= '</tr>';
 				if($j['sites']) {
 					foreach($j['sites'] as $jj) {
-						if(! \Zotlabs\Lib\System::compatible_project($jj['project']))
+						$projectname = explode(' ',$jj['project']);
+						if(! \Zotlabs\Lib\System::compatible_project($projectname[0]))
 							continue;
 						if(strpos($jj['version'],' ')) {
 							$x = explode(' ', $jj['version']);
--- a/Zotlabs/Module/Pubstream.php
+++ b/Zotlabs/Module/Pubstream.php
@ -28,6 +28,8 @@ class Pubstream extends \Zotlabs\Web\Controller {
 	
 		if(! $update) {

+			nav_set_selected(t('Public Stream'));
+
 			$_SESSION['static_loadtime'] = datetime_convert();

 			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1);
@ -108,7 +110,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 			$simple_update = '';

 		if($static && $simple_update)
-            $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
+			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";

 		//logger('update: ' . $update . ' load: ' . $load);
 	
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@ -216,7 +216,8 @@ class Wiki extends \Zotlabs\Web\Controller {
 						'$deny_cid' => $x['deny_cid'],
 						'$deny_gid' => $x['deny_gid'],
 						'$typelock' => array('typelock', t('Lock content type'), '', '', array(t('No'), t('Yes'))),
-						'$notify' => array('postVisible', t('Create a status post for this wiki'), '', '', array(t('No'), t('Yes')))
+						'$notify' => array('postVisible', t('Create a status post for this wiki'), '', '', array(t('No'), t('Yes'))),
+						'$edit_wiki_name' => t('Edit Wiki Name')
 					));

 					return $o;
--- a/Zotlabs/Module/Xrd.php
+++ b/Zotlabs/Module/Xrd.php
@ -50,6 +50,7 @@ class Xrd extends \Zotlabs\Web\Controller {
 			'$accturi'     => $resource,
 			'$subject'     => $subject,
 			'$aliases'     => $aliases,
+			'$channel_url' => z_root() . '/channel/'       . $r[0]['channel_address'],
 			'$profile_url' => z_root() . '/channel/'       . $r[0]['channel_address'],
 			'$hcard_url'   => z_root() . '/hcard/'         . $r[0]['channel_address'],
 			'$atom'        => z_root() . '/ofeed/'         . $r[0]['channel_address'],
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@ -20,7 +20,7 @@ class HTTPSig {
 		return $digest;
 	}

-	// See draft-cavage-http-signatures-07
+	// See draft-cavage-http-signatures-08

 	static function verify($data,$key = '') {

@ -48,7 +48,7 @@ class HTTPSig {
 		else {
 			$headers = [];
 			$headers['(request-target)'] = 
-				$_SERVER['REQUEST_METHOD'] . ' ' .
+				strtolower($_SERVER['REQUEST_METHOD']) . ' ' .
 				$_SERVER['REQUEST_URI'];
 			foreach($_SERVER as $k => $v) {
 				if(strpos($k,'HTTP_') === 0) {
@ -67,8 +67,12 @@ class HTTPSig {
 			$sig_block = self::parse_sigheader($headers['authorization']);
 		}

-		if(! $sig_block)
+		if(! $sig_block) {
+			logger('no signature provided.');
 			return $result;
+		}
+
+		logger('sig_block: ' . print_r($sig_block,true), LOGGER_DATA);

 		$result['header_signed'] = true;

@ -110,6 +114,8 @@ class HTTPSig {

 		$x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm);

+		logger('verified: ' . $x, LOGGER_DEBUG);
+
 		if($x === false)
 			return $result;

@ -130,6 +136,8 @@ class HTTPSig {
 			}
 		}

+		logger('Content_Valid: ' . $result['content_valid']);
+
 		return $result;

 	}
@ -167,7 +175,8 @@ class HTTPSig {



-	static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256') {
+	static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256', 
+		$crypt_key = null, $crypt_algo = 'aes256ctr') {

 		$return_headers = [];

@ -178,15 +187,21 @@ class HTTPSig {
 			$algorithm = 'rsa-sha512';
 		}

-		$x = self::sign($request,$head,$prvkey,$alg);			
+		$x = self::sign($request,$head,$prvkey,$alg);

-		if($auth) {
-			$sighead = 'Authorization: Signature keyId="' . $keyid . '",algorithm="' . $algorithm
+		$headerval = keyId="' . $keyid . '",algorithm="' . $algorithm
 			. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
+
+		if($crypt_key) {
+			$x = crypto_encapsulate($headerval,$crypt_key,$crypt_alg);
+			$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'];
+		}
+			
+		if($auth) {
+			$sighead = 'Authorization: Signature ' . $headerval;
 		}
 		else {
-			$sighead = 'Signature: keyId="' . $keyid . '",algorithm="' . $algorithm
-			. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
+			$sighead = 'Signature: ' . $headerval;
 		}

 		if($head) {
@ -241,8 +256,15 @@ class HTTPSig {
 	}

 	static function parse_sigheader($header) {
+
 		$ret = [];
 		$matches = [];
+
+		// if the header is encrypted, decrypt with (default) site private key and continue
+
+		if(preg_match('/iv="(.*?)"/ism',$header,$matches))
+			$header = self::decrypt_sigheader($header);
+
 		if(preg_match('/keyId="(.*?)"/ism',$header,$matches))
 			$ret['keyId'] = $matches[1];
 		if(preg_match('/algorithm="(.*?)"/ism',$header,$matches))
@ -259,6 +281,32 @@ class HTTPSig {
 	}


+	static function decrypt_sigheader($header,$prvkey = null) {
+
+		$iv = $key = $alg = $data = null;
+
+		if(! $prvkey) {
+			$prvkey = get_config('system','prvkey');
+		}
+
+		$matches = [];
+
+		if(preg_match('/iv="(.*?)"/ism',$header,$matches))
+			$iv = $matches[1];
+		if(preg_match('/key="(.*?)"/ism',$header,$matches))
+			$key = $matches[1];
+		if(preg_match('/alg="(.*?)"/ism',$header,$matches))
+			$alg = $matches[1];
+		if(preg_match('/data="(.*?)"/ism',$header,$matches))
+			$data = $matches[1];
+
+		if($iv && $key && $alg && $data) {
+			return crypto_unencapsulate([ 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
+		}
+ 		return '';
+
+	}
+
 }


--- a/Zotlabs/Web/Router.php
+++ b/Zotlabs/Web/Router.php
@ -178,6 +178,25 @@ class Router {
 		 */

 		if(\App::$module_loaded) {
+			if (( \App::$module === 'channel' ) && argc() > 1) {
+				\App::$channel_links = [
+					[
+						'rel' => 'lrdd',
+						'type' => 'application/xrd+xml',
+						'url' => z_root() . '/xrd?f=&uri=acct%3A' . argv(1) . '%40' . \App::get_hostname()
+					],
+					[
+						'rel' => 'jrd',
+						'type' => 'application/jrd+json',
+						'url' => z_root() . '/.well-known/webfinger?f=&resource=acct%3A' . argv(1) . '%40' . \App::get_hostname()
+					],
+				];
+				$x = [ 'channel_address' => argv(1), 'channel_links' => \App::$channel_links ]; 
+				call_hooks('channel_links', $x );
+				\App::$channel_links = $x['channel_links'];
+				header('Link: ' . \App::get_channel_links());
+			}
+
 			\App::$page['page_title'] = \App::$module;
 			$placeholder = '';

--- a/Zotlabs/Widget/Common_friends.php
+++ b/Zotlabs/Widget/Common_friends.php
@ -0,0 +1,19 @@
+<?php
+
+namespace Zotlabs\Widget;
+
+require_once('include/contact_widgets.php');
+
+class Common_friends {
+
+	function widget($arr) {
+
+		if((! \App::$profile['profile_uid']) 
+			|| (! perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'view_contacts'))) {
+			return '';
+		}
+
+		return common_friends_visitor_widget(\App::$profile['profile_uid']);
+
+	}
+}
--- a/Zotlabs/Widget/Wiki_pages.php
+++ b/Zotlabs/Widget/Wiki_pages.php
@ -53,9 +53,12 @@ class Wiki_pages {
 				'$addnew' => t('Add new page'),
 				'$typelock' => $typelock,
 				'$lockedtype' => $w['mimeType'],
-				'$mimetype' => mimetype_select(0,$w['mimeType'], [ 'text/markdown','text/bbcode', 'text/plain' ]),
+				'$mimetype' => mimetype_select(0,$w['mimeType'], 
+					[ 'text/markdown' => t('Markdown'), 'text/bbcode' => t('BBcode'), 'text/plain' => t('Text') ]),
 				'$pageName' => array('pageName', t('Page name')),
-				'$refresh' => $arr['refresh']
+				'$refresh' => $arr['refresh'],
+				'$options' => t('Options'),
+				'$submit' => t('Submit')
 		));
 	}
 }
--- a/boot.php
+++ b/boot.php
@ -49,7 +49,7 @@ require_once('include/hubloc.php');
 require_once('include/attach.php');

 define ( 'PLATFORM_NAME',           'hubzilla' );
-define ( 'STD_VERSION',             '2.7.3' );
+define ( 'STD_VERSION',             '2.7.4' );
 define ( 'ZOT_REVISION',            '1.3' );

 define ( 'DB_UPDATE_VERSION',       1196  );
@ -456,6 +456,17 @@ define ( 'NAMESPACE_STATUSNET',       'http://status.net/schema/api/1/' );
 define ( 'NAMESPACE_ATOM1',           'http://www.w3.org/2005/Atom' );
 define ( 'NAMESPACE_YMEDIA',          'http://search.yahoo.com/mrss/' );

+// We should be using versioned jsonld contexts so that signatures will be slightly more reliable. 
+// Why signatures are unreliable by design is a problem nobody seems to care about 
+// "because it's a proposed W3C standard". .
+
+// Anyway, if you use versioned contexts, communication with Mastodon fails. Have not yet investigated
+// the reason for the dependency but for the current time, use the standard non-versioned context.
+//define ( 'ACTIVITYSTREAMS_JSONLD_REV', 'https://www.w3.org/ns/activitystreams-history/v1.8.jsonld' );
+
+define ( 'ACTIVITYSTREAMS_JSONLD_REV', 'https://www.w3.org/ns/activitystreams' );
+
+define ( 'ZOT_APSCHEMA_REV', '/apschema/v1.2' );
 /**
 * activity stream defines
 */
@ -780,6 +791,10 @@ class App {
 	public static $is_tablet = false;
 	public static $comanche;

+
+	public static $channel_links;
+
+
 	public static  $category;

 	// Allow themes to control internal parameters
@ -927,6 +942,7 @@ class App {
 			self::$module = 'home';
 		}

+
 		/*
 		 * See if there is any page number information, and initialise
 		 * pagination
@ -1024,6 +1040,19 @@ class App {
 		return self::$path;
 	}

+	public static function get_channel_links() {
+		$s = '';
+		$x = self::$channel_links;
+		if($x && is_array($x) && count($x)) {
+			foreach($x as $y) {
+				if($s) {
+					$s .= ',';
+				}
+				$s .= '<' . $y['url'] . '>; rel="' . $y['rel'] . '"; type="' . $y['type'] . '"';
+			}
+		}
+		return $s;
+	}
 	public static function set_account($acct) {
 		self::$account = $acct;
 	}
--- a/doc/hooklist.bb
+++ b/doc/hooklist.bb
@ -91,6 +91,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/channel_remove]channel_remove[/zrl]
 	Called when removing a channel

+[zrl=[baseurl]/help/hook/channel_links]channel_links[/zrl]
+	Called when generating the Link: HTTP header for a channel
+
 [zrl=[baseurl]/help/hook/channel_settings]channel_settings[/zrl]
 	Called when displaying the channel settings page

--- a/include/channel.php
+++ b/include/channel.php
@ -278,11 +278,13 @@ function create_identity($arr) {
 		intval($arr['account_id'])
 	);

+	$photo_type = null;
+
 	$z = [ 'account' => $a[0], 'channel' => $r[0], 'photo_url' => '' ];
 	call_hooks('create_channel_photo',$z);
 
 	if($z['photo_url']) {
-		import_channel_photo_from_url($z['photo_url'],$arr['account_id'],$r[0]['channel_id']);
+		$photo_type = import_channel_photo_from_url($z['photo_url'],$arr['account_id'],$r[0]['channel_id']);
 	}

 	if($role_permissions && array_key_exists('limits',$role_permissions))
@ -330,6 +332,7 @@ function create_identity($arr) {
 			'xchan_guid'       => $guid,
 			'xchan_guid_sig'   => $sig,
 			'xchan_pubkey'     => $key['pubkey'],
+			'xchan_photo_mimetype' => (($photo_type) ? $photo_type : 'image/png'),
 			'xchan_photo_l'    => z_root() . "/photo/profile/l/{$newuid}",
 			'xchan_photo_m'    => z_root() . "/photo/profile/m/{$newuid}",
 			'xchan_photo_s'    => z_root() . "/photo/profile/s/{$newuid}",
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@ -143,7 +143,7 @@ function cardcategories_widget($baseurl,$selected = '') {



-function common_friends_visitor_widget($profile_uid) {
+function common_friends_visitor_widget($profile_uid,$cnt = 10) {

 	if(local_channel() == $profile_uid)
 		return;
@ -156,19 +156,20 @@ function common_friends_visitor_widget($profile_uid) {
 	require_once('include/socgraph.php');

 	$t = count_common_friends($profile_uid,$observer_hash);
+
 	if(! $t)
 		return;

-	$r = common_friends($profile_uid,$observer_hash,0,5,true);
+	$r = common_friends($profile_uid,$observer_hash,0,$cnt,true);

 	return replace_macros(get_markup_template('remote_friends_common.tpl'), array(
-		'$desc' =>  sprintf( tt("%d connection in common", "%d connections in common", $t), $t),
-		'$base' => z_root(),
-		'$uid' => $profile_uid,
-		'$cid' => $observer,
-		'$linkmore' => (($t > 5) ? 'true' : ''),
-		'$more' => t('show more'),
-		'$items' => $r
+		'$desc'     => sprintf( t('Common connections: %d'), $t),
+		'$base'     => z_root(),
+		'$uid'      => $profile_uid,
+		'$cid'      => $observer,
+		'$linkmore' => (($t > $cnt) ? 'true' : ''),
+		'$more'     => t('show more'),
+		'$items'    => $r
 	)); 

 };
--- a/include/feedutils.php
+++ b/include/feedutils.php
@ -811,6 +811,7 @@ function feed_get_reshare(&$res,$item) {
 		}
 	
 		$attach = $share['links'];
+
 		if($attach) {
 			foreach($attach as $att) {
 				if($att['rel'] === 'alternate') {
@ -845,6 +846,10 @@ function feed_get_reshare(&$res,$item) {
 			}
 		}
 	
+		if((! $body) && ($share['alternate'])) {
+			$body = $share['alternate'];
+		}			
+
 		$res['body'] = "[share author='" . urlencode($share['author']) . 
 			"' profile='"    . $share['profile'] .
 			"' avatar='"     . $share['avatar']  .
@ -1706,7 +1711,7 @@ function compat_photos_list($s) {
 	$found = preg_match_all('/\[[zi]mg(.*?)\](.*?)\[/ism',$s,$matches,PREG_SET_ORDER);

 	if($found) {
-		foreach($matches as $match) {
+		foreach($matches as $match) {			
 			$ret[] = [
 				'href' => $match[2],
 				'length' => 0,
--- a/include/network.php
+++ b/include/network.php
@ -1943,4 +1943,35 @@ function getBestSupportedMimeType($mimeTypes = null, $acceptedTypes = false) {
    }
    // no mime-type found
    return null;
+}
+
+
+function jsonld_document_loader($url) {
+
+	// perform caching for jsonld normaliser
+
+	require_once('library/jsonld/jsonld.php');
+
+	$cachepath = 'store/[data]/ldcache';
+	if(! is_dir($cachepath))
+		os_mkdir($cachepath,STORAGE_DEFAULT_PERMISSIONS,true);
+
+	$filename = $cachepath . '/' . urlencode($url);
+	if(file_exists($filename) && filemtime($filename) > time() - (12 * 60 * 60)) {
+		return json_decode(file_get_contents($filename));
+	}
+
+	$r = jsonld_default_document_loader($url);
+	if($r) {
+		file_put_contents($filename,json_encode($r));
+		return $r;
+	}
+
+	logger('not found');
+	if(file_exists($filename)) {
+		return json_decode(file_get_contents($filename));
+	}
+
+	return [];
+
 }
--- a/include/perm_upgrade.php
+++ b/include/perm_upgrade.php
@ -135,6 +135,9 @@ function translate_abook_perms_outbound(&$abook) {
 	$my_perms = 0;
 	$their_perms = 0;

+	if(! $abook)
+		return;
+
 	if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && $abook['abconfig']) {
 		foreach($abook['abconfig'] as $p) {
 			if($p['cat'] === 'their_perms') {
--- a/include/photo/photo_driver.php
+++ b/include/photo/photo_driver.php
@ -666,6 +666,7 @@ function import_channel_photo_from_url($photo,$aid,$uid) {

 	import_channel_photo($img_str,$type,$aid,$uid);

+	return $type;
 }


--- a/include/text.php
+++ b/include/text.php
@ -1789,21 +1789,21 @@ function layout_select($channel_id, $current = '') {
 function mimetype_select($channel_id, $current = 'text/bbcode', $choices = null, $element = 'mimetype') {

 	$x = (($choices) ? $choices : [
-		'text/bbcode',
-		'text/html',
-		'text/markdown',
-		'text/plain',
-		'application/x-pdl'
+		'text/bbcode'       => t('BBcode'),
+		'text/html'         => t('HTML'),
+		'text/markdown'     => t('Markdown'),
+		'text/plain'        => t('Text'),
+		'application/x-pdl' => t('Comanche Layout')
 	]);


 	if((App::$is_sys) || (channel_codeallowed($channel_id) && $channel_id == local_channel())){
-		$x[] = 'application/x-php';
+		$x['application/x-php'] = t('PHP');
 	}

-	foreach($x as $y) {
+	foreach($x as $y => $z) {
 		$selected = (($y == $current) ? ' selected="selected" ' : '');
-		$options .= '<option name="' . $y . '"' . $selected . '>' . $y . '</option>';
+		$options .= '<option value="' . $y . '"' . $selected . '>' . $z . '</option>';
 	}

 	$o = replace_macros(get_markup_template('field_select_raw.tpl'), array(
--- a/include/zot.php
+++ b/include/zot.php
@ -977,6 +977,18 @@ function zot_process_response($hub, $arr, $outq) {
 	}

 	if(is_array($x) && array_key_exists('delivery_report',$x) && is_array($x['delivery_report'])) {
+
+		if(array_key_exists('iv',$x['delivery_report'])) {
+			$j = crypto_unencapsulate($x['delivery_report'],get_config('system','prvkey'));
+			if($j) {
+				$x['delivery_report'] = json_decode($j,true); 
+			}
+			if(! (is_array($x['delivery_report']) && count($x['delivery_report']))) {
+				logger('encrypted delivery report could not be decrypted');
+				return;
+			}
+		}
+
 		foreach($x['delivery_report'] as $xx) {
 			if(is_array($xx) && array_key_exists('message_id',$xx) && delivery_report_is_storable($xx)) {
 				q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ",
@ -1048,13 +1060,15 @@ function zot_fetch($arr) {

 	foreach($ret_hubs as $ret_hub) {

+		$secret = substr(preg_replace('/[^0-9a-fA-F]/','',$arr['secret']),0,64);
+
 		$data = [
 			'type'         => 'pickup',
 			'url'          => z_root(),
 			'callback_sig' => base64url_encode(rsa_sign(z_root() . '/post', get_config('system','prvkey'))),
 			'callback'     => z_root() . '/post',
-			'secret'       => $arr['secret'],
-			'secret_sig'   => base64url_encode(rsa_sign($arr['secret'], get_config('system','prvkey')))
+			'secret'       => $secret,
+			'secret_sig'   => base64url_encode(rsa_sign($secret, get_config('system','prvkey')))
 		];

 		$algorithm = zot_best_algorithm($ret_hub['site_crypto']);
@ -1064,8 +1078,11 @@ function zot_fetch($arr) {

 		$result = zot_import($fetch, $arr['sender']['url']);

-		if($result)
+		if($result) {
+			$result = crypto_encapsulate(json_encode($result),$ret_hub['hubloc_sitekey'], $algorithm);
 			return $result;
+		}
+
 	}

 	return;
--- a/library/sticky-kit/sticky-kit.js
+++ b/library/sticky-kit/sticky-kit.js
@ -77,7 +77,7 @@
        padding_top = parseInt(parent.css("padding-top"), 10);
        padding_bottom = parseInt(parent.css("padding-bottom"), 10);
        parent_top = parent.offset().top + border_top + padding_top;
-        parent_height = parent.outerHeight(true);
+        parent_height = parent.height();
        if (fixed) {
          fixed = false;
          bottomed = false;
--- a/view/css/mod_wiki.css
+++ b/view/css/mod_wiki.css
@ -33,17 +33,18 @@
 	width: 100%;
 }

+td i {
+	padding: 7px 5px;
+	cursor: pointer;
+}
+
 #wikis-index th:nth-child(1),
 #wikis-index td:nth-child(1){
 	padding: 7px 3px 7px 10px;
 }

-#wikis-index th:nth-child(6),
-#wikis-index td:nth-child(6){
-	padding: 7px 10px 7px 7px;
-}
-
-.wikis-index-tool {
-	padding: 7px 10px;
+#wikis-index th:nth-last-child(1),
+#wikis-index td:nth-last-child(1){
+	padding-right: 10px;
 }

--- a/view/js/jquery.js
+++ b/view/js/jquery.js
--- a/view/pdl/mod_channel.pdl
+++ b/view/pdl/mod_channel.pdl
@ -7,4 +7,8 @@
 [widget=categories][/widget]
 [widget=tagcloud_wall][var=limit]24[/var][/widget]
 [/region]
+[region=content]
+[widget=common_friends][/widget]
+$content
+[/region]

--- a/view/php/theme_init.php
+++ b/view/php/theme_init.php
@ -23,7 +23,7 @@ head_add_js('/library/jquery-textcomplete/jquery.textcomplete.js');

 head_add_js('/library/jquery.timeago.js');
 head_add_js('/library/readmore.js/readmore.js');
-head_add_js('/library/sticky-kit/sticky-kit.js');
+head_add_js('/library/sticky-kit/sticky-kit.min.js');
 head_add_js('/library/jgrowl/jquery.jgrowl_minimized.js');
 head_add_js('/library/cryptojs/components/core-min.js');
 head_add_js('/library/cryptojs/rollups/aes.js');
--- a/view/theme/redbasic/js/redbasic.js
+++ b/view/theme/redbasic/js/redbasic.js
@ -16,12 +16,10 @@ $(document).ready(function() {
 	}
 	$('#css3-calc').remove(); // Remove the test element

-
-
 	if($(window).width() > 767) {
 		$('#left_aside_wrapper').stick_in_parent({
-			offset_top: $('nav').outerHeight(true) + 10,
-			parent: '#region_1',
+			offset_top: parseInt($('#region_1').css('padding-top')),
+			parent: 'main',
 			spacer: '#left_aside_spacer'
 		});
 	}
--- a/view/tpl/common_friends.tpl
+++ b/view/tpl/common_friends.tpl
@ -1,4 +1,4 @@
-<div class="profile-match-wrapper">
+<div class="generic-content-wrapper">
 	<div class="profile-match-photo">
 		<a href="{{$url}}">
 			<img src="{{$photo}}" alt="{{$name}}" width="80" height="80" title="{{$name}} [{{$url}}]" />
--- a/view/tpl/main_slider.tpl
+++ b/view/tpl/main_slider.tpl
@ -1,4 +1,5 @@
 <div id="main-slider" class="slider" ><input id="main-range" type="text" name="cminmax" value="{{$val}}" /></div>
+<div id="profile-jot-text-loading" style="display:none;"></div>
 <script>
 $(document).ready(function() {
 	var old_cmin = 0;
@ -19,6 +20,7 @@ $(document).ready(function() {

 	var slideTimer = null;
 	function networkRefresh() {
+
 		$("#profile-jot-text-loading").show();

 		if((document.readyState !== "complete") || (slideTimer !== null))
--- a/view/tpl/remote_friends_common.tpl
+++ b/view/tpl/remote_friends_common.tpl
@ -1,21 +1,28 @@
-<div id="remote-friends-in-common" class="bigwidget">
-	<div id="rfic-desc">{{$desc}} &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{{if $linkmore}}<a href="{{$base}}/common/{{$uid}}">{{$more}}</a>{{/if}}</div>
-	{{if $items}}
-	{{foreach $items as $item}}
-	<div class="profile-match-wrapper">
-		<div class="profile-match-photo">
-			<a href="{{$base}}/chanview?f=&url={{$item.xchan_url}}">
-				<img src="{{$item.xchan_photo_m}}" width="80" height="80" alt="{{$item.xchan_name}}" title="{{$item.xchan_name}}" />
-			</a>
+<div class="widget">
+	<div class="panel">
+		<div class="section-subtitle-wrapper" role="tab" id="common-friends-visitor">
+			<h3><a data-toggle="collapse" href="#common-friends-collapse">{{$desc}}</a></h3>
 		</div>
-		<div class="profile-match-break"></div>
-		<div class="profile-match-name">
-			<a href="{{$base}}/chanview?f=&url={{$item.xchan_url}}" title="{{$item.xchan_name}}">{{$item.xchan_name}}</a>
+		<div id="common-friends-collapse" class="collapse" role="tabpanel" aria-labelledby="common-friends-visitor">
+			{{if $items}}
+			{{foreach $items as $item}}
+			<div class="profile-match-wrapper">
+				<div class="profile-match-photo">
+					<a href="{{$base}}/chanview?f=&url={{$item.xchan_url}}">
+						<img src="{{$item.xchan_photo_m}}" width="80" height="80" alt="{{$item.xchan_name}}" title="{{$item.xchan_name}}" />
+					</a>
+				</div>
+				<div class="profile-match-break"></div>
+				<div class="profile-match-name">
+					<a href="{{$base}}/chanview?f=&url={{$item.xchan_url}}" title="{{$item.xchan_name}}">{{$item.xchan_name}}</a>
+				</div>
+				<div class="profile-match-end"></div>
+			</div>
+			{{/foreach}}
+			{{/if}}
+			<div id="rfic-end" class="clear"></div>
+			{{if $linkmore}}<button class="btn btn-default"><a href="{{$base}}/common/{{$uid}}">{{$more}}</a></button>{{/if}}
 		</div>
-		<div class="profile-match-end"></div>
 	</div>
-	{{/foreach}}
-	{{/if}}
-	<div id="rfic-end" class="clear"></div>
 </div>

--- a/view/tpl/wiki_page_list.tpl
+++ b/view/tpl/wiki_page_list.tpl
@ -3,23 +3,6 @@
 {{/if}}
 	<h3>{{$header}}</h3>
 	<ul class="nav nav-pills flex-column">
-		{{if $canadd}}
-			<li class="nav-item"><a class="nav-link" href="#" onclick="wiki_show_new_page_form(); return false;"><i class="fa fa-plus-circle"></i>&nbsp;{{$addnew}}</a></li>
-		{{/if}}
-		{{if $canadd}}
-		<div id="new-page-form-wrapper" class="sub-menu" style="display:none;">
-			<form id="new-page-form" action="wiki/{{$channel_address}}/create/page" method="post" >
-				<input type="hidden" name="resource_id" value="{{$resource_id}}">
-				{{if $typelock}}
-				<input type="hidden" name="mimetype" value="{{$lockedtype}}">
-				{{else}}
-				{{$mimetype}}
-				{{/if}}
-				{{include file="field_input.tpl" field=$pageName}}
-				<button id="new-page-submit" class="btn btn-primary" type="submit" name="submit" >Submit</button>
-			</form>
-		</div>
-		{{/if}}
 		{{if $pages}}
 		{{foreach $pages as $page}}
 		<li class="nav-item nav-item-hack" id="{{$page.link_id}}">
@ -30,6 +13,28 @@
 		</li>
 		{{/foreach}}
 		{{/if}}
+		{{if $canadd}}
+			<li class="nav-item"><a class="nav-link" href="#" onclick="wiki_show_new_page_form(); return false;"><i class="fa fa-plus-circle"></i>&nbsp;{{$addnew}}</a></li>
+		{{/if}}
+		{{if $canadd}}
+		<div id="new-page-form-wrapper" class="clearfix sub-menu" style="display:none;">
+			<form id="new-page-form" action="wiki/{{$channel_address}}/create/page" method="post" >
+				<input type="hidden" name="resource_id" value="{{$resource_id}}">
+				{{include file="field_input.tpl" field=$pageName}}
+				{{if $typelock}}
+				<input id="id_mimetype" type="hidden" name="mimetype" value="{{$lockedtype}}">
+				{{else}}
+				<div id="wiki_page_options" style="display: none">
+					{{$mimetype}}
+				</div>
+				<div class="float-right fakelink" onClick="openClose('wiki_page_options')">
+					{{$options}}
+				</div>
+				{{/if}}
+				<button id="new-page-submit" class="btn btn-primary" type="submit" name="submit" >{{$submit}}</button>
+			</form>
+		</div>
+		{{/if}}
 	</ul>
 {{if ! $refresh}}
 </div>
--- a/view/tpl/wikilist.tpl
+++ b/view/tpl/wikilist.tpl
@ -29,11 +29,11 @@
 			<tr>
 				<th width="96%">{{$name}}</th>
 				<th width="1%">{{$type}}</th>
-				<th width="1%" class="wikis-index-tool"></th>
+				<th width="1%"></th>
 				{{if $owner}}
-				<th width="1%" class="wikis-index-tool"></th>
+				<th width="1%"></th>
 				{{/if}}
-				<th width="1%" class="wikis-index-tool"></th>
+				<th width="1%"></th>
 				{{if $owner}}
 				<th width="1%"></th>
 				{{/if}}
@ -43,15 +43,15 @@
 				<td><a href="/wiki/{{$channel}}/{{$wiki.urlName}}/Home" title="{{$view}}"{{if $wiki.active}} class="active"{{/if}}>{{$wiki.title}}</a></td>
 				<td>{{if $wiki.typelock}}{{$wiki.mimeType}}{{else}}{{$unlocked}}{{/if}}</td>
 				{{if $owner}}
-				<td class="wikis-index-tool"><i class="fa fa-pencil" onclick="openCloseTR('wikis-index-edit-{{$wiki.id}}')"></i></td>
+				<td><i class="fa fa-pencil" onclick="openCloseTR('wikis-index-edit-{{$wiki.id}}')"></i></td>
 				{{/if}}
-				<td class="wikis-index-tool dropdown">
+				<td class="dropdown">
 					{{if $wiki.lockstate == 'lock'}}
 					<i class="fa fa-lock lockview" data-toggle="dropdown" onclick="lockview('item',{{$wiki.id}});"></i>
 					<ul id="panel-{{$wiki.id}}" class="lockview-panel dropdown-menu dropdown-menu-right"></ul>
 					{{/if}}
 				</td>
-				<td class="wikis-index-tool"><i class="fa fa-download" onclick="wiki_download_wiki('{{$wiki.resource_id}}'); return false;"></i></td>
+				<td><i class="fa fa-download" onclick="wiki_download_wiki('{{$wiki.resource_id}}'); return false;"></i></td>
 				{{if $owner}}
 				<td><i class="fa fa-trash-o drop-icons" onclick="wiki_delete_wiki('{{$wiki.title}}', '{{$wiki.resource_id}}'); return false;"></i></td>
 				{{/if}}
@ -61,7 +61,7 @@
 				<td colspan="6">
 					<form id="edit-wiki-form-{{$wiki.id}}" method="post" action="wiki/{{$channel}}/update/wiki" class="acl-form" data-form_id="edit-wiki-form-{{$wiki.id}}" data-allow_cid='{{$wiki.json_allow_cid}}' data-allow_gid='{{$wiki.json_allow_gid}}' data-deny_cid='{{$wiki.json_deny_cid}}' data-deny_gid='{{$wiki.json_deny_gid}}'>
 						<input type="hidden" name="origRawName" value="{{$wiki.title}}">
-						{{include file="field_input.tpl" field=['updateRawName', 'Edit Wiki Name', $wiki.title]}}
+						{{include file="field_input.tpl" field=['updateRawName', $edit_wiki_name, $wiki.title]}}
 						<div class="btn-group float-right">
 							<button class="btn btn-outline-secondary btn-sm" data-toggle="modal" data-target="#aclModal" type="button">
 								<i class="jot-perms-icon fa fa-{{$wiki.lockstate}}"></i>