Merge branch '2.6RC'

Release Hubzilla 2.6
update changelog
2017-08-16 10:32:35 +02:00 · 2017-08-16 10:21:49 +02:00 · 2017-08-16 10:06:49 +02:00 · 2017-08-14 22:06:04 +02:00 · 2017-08-14 21:59:06 +02:00 · 2017-08-14 21:34:20 +02:00
4308 changed files with 295761 additions and 137654 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -44,7 +44,8 @@ doc/html/
 .zotshrc
 # external repositories for themes/addons
 extend/
-
+# files generated by phpunit
 tests/results/
 ## exclude IDE files
 # config files and folders from Eclipse
@@ -60,11 +61,15 @@ nbproject/
 .idea/
-# composer files (at the moment composer is not officially supported and only used to add SabreDAV, we should add these)
+## composer
-composer.* 
+# locally installed composer binary
-
+composer.phar
-# When we include composer we should exclude vendor/
+# allow composer.lock, as it is required to have a common state
 !composer.lock
 # vendor/ is managed by composer, no need to include in our repository
 # requires new deployment and needs discussion first
 #vendor/
-# Exclude at least some vendor test files, examples, etc.
+# Exclude at least some vendor test files, examples, etc. so far
-vendor/sabre/*/tests/
+vendor/**/tests/
 vendor/**/Test/
 vendor/sabre/*/examples/
--- a/.homeinstall/hubzilla-setup.sh
+++ b/.homeinstall/hubzilla-setup.sh
@@ -491,7 +491,7 @@ END
        print_info "letsenrypt exists already (nothing downloaded > no certificate created and registered)"
        return 0
    fi
-    git clone https://github.com/lukas2511/letsencrypt.sh $le_dir
+    git clone https://github.com/lukas2511/dehydrated $le_dir
    cd $le_dir
    # create config file for letsencrypt.sh
    echo "WELLKNOWN=$le_dir" > $le_dir/config.sh
@@ -511,9 +511,9 @@ END
    then
        die "Failed to load $url_http"
    fi
-    # run letsencrypt.sh
+    # run script dehydrated
    # 
-    ./letsencrypt.sh --cron --config $le_dir/config.sh
+    ./dehydrated --cron --config $le_dir/config.sh
 }
 function configure_apache_for_https {
@@ -730,8 +730,8 @@ echo "#" >> /var/www/$hubzilladaily
 echo "echo \" \"" >> /var/www/$hubzilladaily
 echo "echo \"+++ \$(date) +++\"" >> /var/www/$hubzilladaily
 echo "echo \" \"" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - renew certificat...\"" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$hubzilladaily
-echo "bash $le_dir/letsencrypt.sh --cron --config $le_dir/config.sh" >> /var/www/$hubzilladaily
+echo "bash $le_dir/dehydrated --cron --config $le_dir/config.sh" >> /var/www/$hubzilladaily
 echo "#" >> /var/www/$hubzilladaily
 echo "# stop hubzilla" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - stoping apache and mysql...\"" >> /var/www/$hubzilladaily
@@ -798,7 +798,7 @@ echo "echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
 echo "du -h /var/cache/rsnapshot/ | grep mysql/hubzilla" >> /var/www/$hubzilladaily
 echo "#" >> /var/www/$hubzilladaily
 echo "# update" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating letsencrypt.sh...\"" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - updating dehydrated...\"" >> /var/www/$hubzilladaily
 echo "git -C /var/www/letsencrypt/ pull" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - updating hubhilla core...\"" >> /var/www/$hubzilladaily
 echo "git -C /var/www/html/ pull" >> /var/www/$hubzilladaily
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,46 +1,164 @@
 #
 # Travis-CI configuration file for Hubzilla
 #
 ## configure things
 #
 # see http://about.travis-ci.org/docs/user/languages/php/ for more hints
 language: php
-# list any PHP version you want to test against
+# use newer 'trusty' based distro, old one is 'precise'
 dist: trusty
 # use docker based containers
 sudo: false
 # Git branches whitelist to build on Travis CI
 branches:
  only:
  - master
  - dev
  # whitelist our tags for release deployments e.g. 2.2
  - /^\d+\.\d+(\.\d+)?(-\S*)?$/
 # Install additional software
 addons:
  # Install dependencies for generating API documentation with doxygen
  apt:
    packages:
      - doxygen
      - doxygen-latex
      - graphviz
      - ttf-liberation
 # enable and start databases on a per job basis
 #services:
 #  - mariadb
 #  - postgresql
 # any PHP version we want to test against, current stable phpunit requires PHP >= 7.0
 php:
-  # using major version aliases
+  - '7.0'
  - '7.1'
  # HHVM does not fulfil PHPUnit platform requirements as being compatible with PHP7 yet
  #- 'hhvm'
-  # aliased to a recent 5.4.x version
+# list of environments to test
-  - 5.4
+env:
-  # aliased to a recent 5.5.x version
+  global:
-  - 5.5
+    # used for doxygen deployment script
-  # aliased to a recent 5.6.x version
+    - DOXYFILE: $TRAVIS_BUILD_DIR/util/Doxyfile
-  - 5.6
+    # Uncomment if a newer/specific version of Doxygen should be used
-  # aliased to a recent 7.x version
+    #- DOXY_VER: 1.8.12
-  - 7.0
+    # Code Coverage is slow, no need to have it in every build
-  # aliased to a recent hhvm version
+    - PHPUCOV: "--no-coverage"
-  - hhvm
+  # use matrix only for PHP and MySQL, all other combinations added through includes
  matrix:
    # trusty default MySQL 5.6
    - DB=mysql MYSQL_VERSION=5.6
-# optionally specify a list of environments, for example to test different RDBMS
+# Matrix configuration details
 #env:
 #  - DB=mysql
 #  - DB=pgsql
 # optionally set up exclutions and allowed failures in the matrix
 matrix:
  fast_finish: true
  # Additional check combinations
  include:
    # PHP7.1, mariadb 10.1
    - php: '7.1'
      env: DB=mariadb MARIADB_VERSION=10.1 CODECOV=1
      # use mariadb instead of MySQL
      addons:
        mariadb: '10.1'
    # PHP7.1, PostgreSQL 9.6
    - php: '7.1'
      env: DB=pgsql POSTGRESQL_VERSION=9.6
      # Use newer postgres than 9.2 default
      addons:
        postgresql: '9.6'
      services:
        - postgresql
    # PHP7.1, old precise distribution with MySQL 5.5
    - php: '7.1'
      env: DB=mysql MYSQL_VERSION=5.5
      dist: precise
      services:
        - mysql
    # MySQL 5.7 with Docker container
    - php: '7.1'
      env: DB=mysql MYSQL_VERSION=5.7
      sudo: required
      services:
        - docker
   # Excludes from default matrix combinations
 #  exclude:
 #    - php: hhvm
 #      env: DB=pgsql  # PDO driver for pgsql is unsupported by HHVM (3rd party install for support)
-  allow_failures:
+
-    - php: 7.0
+# cache composer downloads between runs
-    - php: hhvm
+cache:
  directories:
    - $HOME/.composer/cache
    #- $HOME/doxygen/doxygen-$DOXY_VER/bin
 #
 ## execute things
 #
 before_install:
  - travis_retry composer self-update
  # Start MySQL 5.7 Docker container, needs some time to come up
  - if [[ "$MYSQL_VERSION" == "5.7" ]]; then sudo service mysql stop; docker run -d -p 3306:3306 -e MYSQL_ALLOW_EMPTY_PASSWORD=yes mysql:5.7 && sleep 25 && docker ps; fi
 # Install composer dev libs
 install:
  - travis_retry composer install --optimize-autoloader --no-progress
 # execute any number of scripts before the test run, custom env's are available as variables
-#before_script:
+before_script:
-#  - if [[ "$DB" == "pgsql" ]]; then psql -c "DROP DATABASE IF EXISTS hello_world_test;" -U postgres; fi
+  # Use code coverage config for phpunit
-#  - if [[ "$DB" == "pgsql" ]]; then psql -c "create database hello_world_test;" -U postgres; fi
+  - if [[ ! -z $CODECOV ]]; then export PHPUCOV=""; fi
-#  - if [[ "$DB" == "mysql" ]]; then mysql -e "create database IF NOT EXISTS hello_world_test;" -uroot; fi
+  # Some preparation tasks of environment
  - ./tests/travis/prepare.sh
  # DB specific prepare scripts
  - if [[ "$DB" == "mysql" ]]; then ./tests/travis/prepare_mysql.sh; fi
  - if [[ "$DB" == "mariadb" ]]; then ./tests/travis/prepare_mysql.sh; fi
  - if [[ "$DB" == "pgsql" ]]; then ./tests/travis/prepare_pgsql.sh; fi
 # omitting "script:" will default to phpunit
-# use the $DB env variable to determine the phpunit.xml to use
+script: ./vendor/bin/phpunit $PHPUCOV -c tests/phpunit-$DB.xml
-script: phpunit  tests/*php
+
 after_success:
  # Generate API documentation and deploy it to gh-pages
  - ./tests/travis/gen_apidocs.sh
 #after_failure:
 # Deploying release and API documentation to GitHub
 #before_deploy:
 deploy:
  - provider: pages
    skip_cleanup: true
    local_dir: $TRAVIS_BUILD_DIR/doc/html
    github_token: $GH_TOKEN
    on:
      repo: redmatrix/hubzilla
      branch: master
      condition: '(-n "$GH_TOKEN") && ("$TRAVIS_JOB_NUMBER" == "${TRAVIS_BUILD_NUMBER}.1")'
  # add API documentation to release, could also be used to provide full packages if we want to drop vendor from our repo
  - provider: releases
    skip_cleanup: true
    api_key: $GH_TOKEN
    file: 'doc/hubzilla-api-documentation.zip'
    on:
      repo: redmatrix/hubzilla
      tags: true
      condition: '(-n "$GH_TOKEN") && ("$TRAVIS_JOB_NUMBER" == "${TRAVIS_BUILD_NUMBER}.1")'
 #after_deploy:
 #after_script:
 # configure notifications (email, IRC, campfire etc)
-notifications:
+#notifications:
 #  irc: "irc.freenode.org#yourfavouriteroomfortravis"
 # a plugin/script to post to a hubzilla channel would be neat here
--- a/361
+++ b/361
@@ -1,3 +1,364 @@
 Hubzilla 2.6 (2017-08-16)
 	- Upgrade to bootstrap-4 beta
 	- Consolidate disable_discover_tab config
 	- Fix some bbcode to markdown conversion issues
 	- Improved finding of recursive attachment permissions
 	- Smaller line-height for notification badges 
 	- Bluegrid schema removed - will be added again if someone is willing to maintain it
 	- Improved file_activity()
 	- DB - add index for item.obj_type
 	- Add options flag to bb_to_markdown() so we can distinguish between diaspora use and other use and therefore filter and adjust content selectively
 	- Close the apps-menu if the notifications-menu is open and vice versa 
 	- Remove redundant call to jquery ready function in photo albums view
 	- Remove borders from navbar toggler in mobile view
 	- Improve the formatting of shares when converting from bbcode to markdown
 	- Suppress fopen errors from dav
 	- Make local channel (not our own) nav menus appear similar to what we are used from remote channels
 	- Indicate the selected channel in the dropdown menu if the feature is enabled	
 	- Provide a mechanism to mark apps active in the app tray
 	- Allow wildcard tag and category searches
 	- Improved installer
 	- Update some addon docs and ensure we only generate statistics once a day
 	- Turn url requests where argv[0] is something.xyz into module='something' and $_REQUEST['module_format'] = 'xyz'; But leave modules beginning with . (like .well_known) alone (convert the initial . to _ and then strip it)
 	- Turn platform name and std_version into config variables
 	- Implement chunked uploads on the wall
 	- Prevent expiration of conversations you are involved with
 	- Update htmlpurifier to version 4.9.3
 	- Update sabre/http to version 4.2.3
 	- Add optimize-autoloader to composer config
 	- Missing abook_{my,their}_perms in pg schema and missing keys in mysql schema 
 	- Provide a gender icon on the profile sidebar within reason
 	- Provide more comprehensible information on the admin summary page
 	- Upgrade blueimp from 9.8 to 9.18
 	- Chanview - if already connected, bypass the chanview intermediary page and go straight to the remote profile.
 	- Allow poke by xchan_hash
 	- guess_image_type() - ignore scheme when checking for urls
 	- Remove unused page_widgets.php include and provide a general function for loading sql from file
 	- Migrate cdav from addons to core
 	- Address several mail issues
 	- Add files and photos to featured apps by default
 	- import_author_zot() fixes
 	- Remove deprecated app parameter from conversation()
 	- Implement anonymous comments (like wordpress)
 	- Add rel=noopener to all external target _blank links
 	- Add 'can_comment_on_post' hook so we can better deal with the complications of Diaspora policy
 	- Added Portfolio widget (requires foundation)
 	- Convert schema_mysql engine to InnoDB and charset utf8mb4
 	- Put unreachable federated connections in the archived tab of the connections list page
 	- Indicate on connections page if a federated connection from another network is unavailable from the current location
 	- Make authenticated oembeds optional, default to false.
 	- Remove text_highlight css load from core
 	- Numerous ostatus feed improvements (mastodon, gnu-social)
 	- Provide hook when deleting a connection - we need this to clean up dangling PuSH subscriptions
 	- Move code syntax highlighting to plugin
 	- Oembed: ensure that width and height are returned as type int and not float
 	- Rewrite wiki pages widget - no need for ajax on pageload, show the pages to not authenticated people.
 	- Convert randprof to use chanlink_hash() instead of chanlink_url() and filter sys channels by xchan.xchan_system instead of xchan_addr != sys@%
 	- Update Sabre libraries
 	- Only provide "connected apps" on the settings menu if techlevel > 0.
 	- Provide ability to search webpage
 	- Move disapora xrd stuff to plugin
 	- Deprecate server_role
 	- Introduce automatic language selection for help, webpages, and wiki content
 	- Provide ability to order apps in app-tray
 	- Replace Markdownify library with html-to-markdown library
 	Bugfixes
 	- Fix channel manager and nav channel select visible if in a delegate session
 	- Fix wrong wiki pages in the sidebar github issue #841
 	- Fix a bug where if multiple channels uploaded the same file to the same folder, the uploaded file would end up with an incremental number added to the filename for each upload even if the file did not exist yet in the channels folder
 	- Fix privacy groups not syncing across clones properly (github issue #832)
 	- Fix an issue where the ability to use a portion of the message-id to display a message wasn't honoured in all cases
 	- Fix minor issues in the bs-default schema
 	- Fix backward compatibility for album links generated in earlier times before the ambiguity of photo album names was solved (github issue #827)
 	- Fix photo item comments not ported to bs4
 	- Fix incorrect album link
 	- Fix incorrect follow url in webfinger
 	- Fix regression - allow position attributes in oembedable zcards
 	- Fix affinitiy slider settings were being updated on any submit of of settings/featured
 	- Fix minor weirdness in zot finger results after deleting a clone from a channel that was on a site which was previously migrated from http to https and still had the old hubloc
 	- Fix cloud headers already sent issue
 	- Partial fix for failure to sync photos - appears to be memory exhaustion and dependent on filesize although an unrelated issue was found with directory creation during file sync (we didn't check ownership when looking for duplicates)
 	- Fix github issue #810
 	- Don't allow negative age in directory listings
 	- Fix allow setting a default schema for the hub (github issue #797) and allow selecting of focus (hubzilla default) schema if a default is set
 	- Fix update_r1189() for mysql and postgres
 	Plugins/Addon
 	Diaspora: Rewrite the addon to implemented Diaspora Version 2 federation protocol
 	GNU-Social: GNU-Social and Mastodon compatibility was greatly increased and a "fetch conversations" feature added to try and locate missing contextual references and maintain conversations in posts from those networks
 	Rename statistics_json to statistics and implement nodeinfo v2
 	New authchoose addon to restrict what sites you authenticate to by default
 	Cdav addon moved to core
 	head_add_css() needs a preceding '/' to find files in the addons dir
 	New addon code syntax highlighting (moved from core to addon)
 	Pubsubhubbub: specify a minimum number of records - otherwise it defaults to zero	
 Hubzilla 2.4 (2017-05-31)
 	- Silence php warning during install
 	- Implemented switch statement logic in Comanche layout parser
 	- Don't allow html in plugin comment blocks
 	- Handle Mastodon urls in markdown/bbcode conversion
 	- Get rid of edit activities
 	- Collapse sysapps if viewing a remote channel
 	- Various Doxygen fixes
 	- Update SimplePie library to version 1.5
 	- Add check for PHP zip extension during install
 	- Add unit tests for AccessList class
 	- Authenticate onepoll so we can receive private posts/comments in zotfeed
 	- Various postgres fixes
 	- Some work on preparing clientside e2ee
 	- Allow to set a default channel for the rare case where a default channel is not selected but channels actually exist
 	- Support reverse magic-auth in oembed requests
 	- Improved handling of Mastodon feeds
 	- When template "none" is used in a webpage layout, then the contents of the page should be the sole output, with no other code before or after the page element content
 	- If there is no site record, site_dead won't be 0, in a left join it will in fact be null. As long as it isn't 1, we should attempt delivery
 	- Order wiki pages by creation date
 	- Backend infrastructure for channel protection password; which will be used to optionally encrypt export files and resolve channel/identity ownership/hijacking disputes
 	- Don't allow any null fields in notify creation
 	- Webfinger cleanup
 	- Envelope privacy
 	- We do not parse the body in discover_by_url(), so no need to preserve iframes in SimplePie
 	- Correct the mastodon "boost" (aka 'share') author attribution by checking for share activities and pulling the original author info from the activity:object
 	- Only log zot_refresh content if json decode was successful
 	- Revisit the import_author_zot algorithm yet again. There was one bug that we weren't returning necessary information in the first SQL query - and performance/loading problem if one tries to refresh a dead site
 	- Import_author_xchan - since we rarely refresh zot-info for non-connections, force a cache reload once a week to catch things like profile photo updates and location changes
 	- Create site_store_lowlevel() to initialise data structures for the site table
 	- Change hook for perm_is_allowed while retaining backwards compatibility
 	- import_author_zot() - check for both hubloc and xchan entries. This should catch and repair entries which were subject to transient storage failures
 	- Import authors from any unrecognised network as network 'unknown'
 	- Crypto update - default is now aes-256-ctr
 	- Get rid of get_app()
 	- Add 'author_is_pmable()' function with plugin hooks to control whether or not to display a 'send mail' link in the thread author menu
 	- Provide platform specific install script
 	- Allow for project specific DB updates
 	- Get rid of davguest
 	- Move db_upgrade to zlib
 	- Add CSRF protection for import and import_items
 	- Add some documentation for import functions
 	- Do not allow creating two wikis with the same name
 	- Update textcomplete library to version 1.8.0
 	- Create channel_store_lowlevel()
 	- Allow setting the system email name/address/reply
 	- Use the same host macro for sender address as for reply_to address
 	- Use the relevant attach directory/path for photo albums instead of an album basename which may not be unique. Created an 'ellipsify()' function to shorten long names and keep the beginning and end intact
 	- Simplify the message signing spaghetti
 	- Class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor
 	- Remove the unimplemented upload limit site settings from UI
 	- Cleanup code_allowed
 	- Move widgets to standalone classes
 	- Upgrade redbasic to bootstrap 4
 	- Updated HTML Purifier from 4.6.0 to 4.9.2 with better PHP7 compatibility
 	- Remove redundant and non-functional/broken check for successfully cloned channel record which was left over from an earlier method of creating the table; which was deprecated a few months back
 	- Update bshaffer/oauth2-server-php library
 	- Add unit test for purify_html()
 	Bugfixes
 	- Fix website export tool creating invalid zip file - issue #790
 	- Fix files not synced correctly - issue #769
 	- Fix empty ACL should not result in no ACL when uploading a file
 	- Fix cover photo was unintentionally disabled when block_public in effect
 	- Fix markdown autolinks - issue 752
 	- Fix connectDefaultShare generated js function, though it isn't obvious if we still use it
 	- Fix a couple more instances where we were still calling mail() directly for site critical messages
 	- Fix when clicking a notification to view a private mail message, actually view that message instead of the most recent
 	- Fix group by item query
 	Plugins/Addon
 	- smileybutton: do not load emojis
 	- pubsubhubbub: fixes associated with recent compatibility feed mods
 	- gnusoc: mastodon follow_activity compatibility issues
 	- gnusoc: add profile photo to feed meta
 	- gnusoc: add salmon link information to the public feed when GNU-Social is enabled
 	- chess: fix bugs when deleting games
 Hubzilla 2.2 (2017-03-08)
 	- Provide version compatibility check for themes (minversion, maxversion)
 	- Use chanlink_hash() instead of chanlink_url() where appropriate
 	- Use head_add_link() for feed discovery
 	- Provide HTTP header parser which honours continuation lines
 	- Numerous doco improvements
 	- Implement virtual privacy groups from restricted profile access list
 	- Implement permission roles
 	- Implement app-tray
 	- Default to manual conversation updates
 	- Implement channel move for all server roles
 	- Implement nav login modal
 	- Rename bb2diaspora.php to markdown.php
 	- Remove obsolete module 'match'
 	- Move firefox social api configuration to plugin
 	- Move rsd service to twitter_api plugin
 	- Add build_pagehead hook
 	- Move opensearch to plugins
 	- Move dreamhost hack to plugin
 	- Add wiki permissions
 	- Introduce hubloc_store_lowlevel() and xchan_store_lowlevel()
 	- Move diaspora account import to the diaspora plugin
 	- Allow export of single data sets instead of always exporting everything we know about in channel export
 	- Queue optimisations for sites that have lingered in the queue for more than a couple of days
 	- Add affinity slider tool settings for min and max defaults in settings/featured
 	- Provide lowlevel xchan storage function to ensure that all non-null rows are initialised
 	- Implement native wiki
 	- Block well-known from oembed
 	- Implement observer.language bbcode and observer.language comanche conditional
 	- Implement daemon_addon hook to let plugins create custom background processes
 	- Implement profile vcards
 	- Implement connection vcards
 	- Implement 'click to call' in address book
 	- Default cover photo
 	- Remove fullscreen functionality in photo album view
 	- Update fontawesome lib to version 4.7.0
 	- Implement a menu to select a section to be open by default in connedit
 	- Improve comanche conditionals
 	- Add enclosures and categories to atom feed parsing
 	- Allow the atom_entry hook to change the results
 	- Set 'adjust for viewer timezone' as the default for new events
 	- Allow event creation in other timezones than your own
 	- Update fullcalendar lib to version 3.1
 	- Move api version call back to core
 	- Create first webpage as 'home' if none exist
 	- Show webpages link to visitors if a 'home' page exists
 	Bugfixes
 	- Fix schema not saved if session theme != selected theme and schema select display issue
 	- Fix no acl not detected in post_activity_item()
 	- Fix find_folder_hash_by_path() was not safe against multiple attach structures with the same filename but in different directories
 	- Fix don't search on empty filename - we shouldn't find it. The reason why this change is being made is because we actually did find it due to a development glitch
 	- Fix several places where head_add_(css|js) functions have been used incorrectly.
 	- Fix webpage import tool
 	- Fix numerous bugs with the addon repo management GUI
 	- Fix attach_delete() to remove photo resources even if the attach table row wasn't found
 	- Fix choking if photo_factory() returns null
 	- Fix embedimage if an albumname contains quotes
 	- Fix chat member list when one or more members are connected via access tokens
 	- Fix issue #636 - some localised (e.g. Italian) strings have single quotes which throw JS errors when used in single quoted template constructs
 	- Fix issues #629 and #635 - edited post arriving from downstream source was not being rejected
 	- Fix peoplefind widget not honouring directory option settings
 	- Fix issue with HTML in code blocks in markdown in wiki
 	- Fix issue with post signatures if posted from api and logged in locally with a different identity
 	Plugins/Addon
 	- Add experimental webmention plugin
 	- NSFW: Use button instead of text link
 	- Diaspora: gracefully handle multiple photos per post
 	- Diaspora: change profile photo permission call
 	- Logrotate: don't throw an error if another server process renamed the logfile before we got to it
 	- Chess: the channel owner must be one of the players, so only require selecting one connection for an opponent
 	- Move firefox social api configuration to plugin from core
 	- Move rsd service to twitter_api plugin from core
 	- Move opensearch to plugins from core
 	- Move dreamhost hack to plugin from
 	- Move diaspora account import to addon from core
 	- Reflect hubloc store changes in plugins
 	- Reflect xchan store changes in plugins
 	- Rendezvous: Fixed marker creation bug
 	- Rendezvous: Center on marker if specified in URL, and update browser address bar with shareable link when selecting markers on the map
 	- Rendezvous: Set default value of 0 for priximity alert when making new markers
 	- Move gitwiki to plugins from core which has been replaced by native wiki
 	- Openclipatar: reflect changes to files and photos which were unified in core some time ago
 	- Reintroduce gnusocial plugin after security/functionality review
 	- Twitter_api: hubzilla core issue 638 - unsupported message-id field not available in all twitter api functions
 	- Superblock: update to reflect core changes
 	- Rendezvous: implement static marker proximity alert
 	- Phpmailer: security update
 Hubzilla 2.0 (2016-12-23)
 	- Deprecate bb_iframe
 	- Note widget: resize the textarea to reveal full content
 	- Implement fixed left aside
 	- Implement lockview for wikilist
 	- Simplify wikilist widget
 	- Router error reporting
 	- Setup changes to check for shell_exec and exec functions
 	- Extensible permissions upgrade handling for channels with custom permission roles
 	- Allow plugins to cancel item_store() and item_store_update()
 	- ZOT version 1.2 provides negotiation of cryptographic algorithms
 	- Provide a fresh new look and cleaner layout and more relevant information to siteinfo
 	- Introduce highlight bbcode [hl]
 	- Implement wiki mimetypes markdown or bbcode
 	- Doc pages refactoring
 	- Update webpages and wiki context help
 	- Make a git commit when a new wiki page is created
 	- Prev-next navigation for mod_connedit to ease bulk connection edits
 	- Move the remote user homebutton to the user menu
 	- Do not render maps/locations for Diaspora destinations
 	- Provide 'per-page' caching for is_matrix_url() results to reduce duplicate queries
 	- Don't send notification for posts/comments on old conversations that were refetched after having expired
 	- Numerous wiki UI improvements
 	- Move twitter api to addon
 	- Cleanup and re-organise the voting and attendance buttons
 	- Reorganise emoticons
 	- Collapse navbar-collapse-1 if avatar menu is clicked.
 	- New display setting: static page update as opposed to live update
 	- Command line administrative channel connect utility
 	- Modernise chanview
 	- Implement edit activities to share post/comment edits with protocols which do not support them (e.g. Diaspora)
 	- Wiki export
 	- Numerous postgres compatibility fixes
 	- Remove requirement that imported profile photos be in the profile photos album
 	- Change event behaviour - share by default.
 	- Use PDO database driver exclusively (deprecate drivers that are separately maintained)
 	- Zot API re-write and extended
 	Bugfixes
 	- Fix z_fetch_url() incorrect variable
 	- Fix SQL error with app categories
 	- Fix do not show revert buttons if we do not have write perms
 	- Fix dropdown positions
 	- Fix do not increase opacity to more than 1
 	- Fix clone sync missing for some item delete operations
 	- Fix embed-image for fullscreen mode
 	- Fix attach_list_files()
 	- Fix full screen for embedded videos
 	- Fix the forum widget for forums with custom perms
 	- Fix issue #607 parens not recognised inside urls
 	- Fix pubsites: don't list dead sites
 	- Fix issue #596 silence headers already sent warning
 	- Fix missing plugins in zot-info
 	- Fix notification issue
 	- Fix issue #594 like of thing appears as profile owner like
 	- Fix export issue
 	- Fix checklist bbcode - only turn [] and [x] into checkboxes if it is found inside a checklist
 	- Fix wiki permissions issues
 	- Fix public calendar leaks connection information (birthdays) when view_contacts is not allowed
 	- Fix attach_rename: flaw in duplicate filename detection resulted in filename(1)(1)(1).ext
 	- Fix a fatal error with incorrect DB object access
 	- Provide /locs link on settings page if there is more than one hubloc for this channnel *that isn't deleted*.
 	- Fix issue #577 if connecting to a channel that is already pending, undo the pending and set connect permissions accordingly
 	- Fix issue #575, when 'nofinish' is set on an event, invalid date was generated/stored
 	- Fix bbcode event formatting issue
 	- Fix zot_finger from navbar people search looping
 	- Fix fromStandalonePermission()
 	Plugins
 	- GNU Social: removed from addons for security reasons - it might be re-implemented once it is properly reviewed
 	- Diaspora: missing item author when diaspora public comment received from relay
 	- Superblock: refactoring
 	- New addon: tripleaes for pro
 	- Cdav:  "if not exists" only supported starting with postgresql v. 9.5 debian stable has 9.4
 	- Rendezvous: added markers and members export tool at /rendezvous/[group_id]/export/{markers,members}
 	- Twitter: move twitter api to addon
 	- New addon: b2tbtn (back to top button)
 	- Diaspora: import public diaspora messages to sys if applicable
 	- Diaspora: try and handle singletons better and simplify the associated notifier decisions
 	- Rendezvous: add proximity alert feature to members to issue notification when member is within a specified distance.
 	- New addon: diaspora_reconnect to refriend diaspora/friendica connections from a clone or channel move
 	- Diaspora: change the logic for deciding between upstream and downstream message flow for notifier plugins
 	- Rendezvous: prompt member to share their location by activating the GPS control using a tooltip and pulsing visibility
 	- statistics_json: fix nodeinfo
 	- Rendezvous: restored the lost gps-icon.png and corrected the OpenStreetMap tile server URL to avoid insecure content warnings
 	- Rendezvous: use observer name if available
 	- std_embeds: missing backslash
 	- Diaspora: postgres fixes issue #31
 	- Rendezvous: added marker list with centering buttons and popup open.
 	- Rendezvous: added control to see list of members sharing their location, with buttons to pan the map to center them
 	- Diaspora: system level diaspora toggle
 	- Rendezvous: added control that displays members.
 	- Diaspora: rename diaspora2bb() to markdown_to_bb() in core
 	- Hubwall: remove illegal unescaped angle chars
 	- Rendezvous: Add control to delete member if not updated in over 14 minutes
 Hubzilla 1.14 (2016-10-13)
 	- New hook bbcode_filter
 	- Unify the various mail sending instance to enotify::send() and z_mail()
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-Copyright (c) 2010-2016 the Hubzilla Community
+Copyright (c) 2010-2017 the Hubzilla Community
 All rights reserved.
 Permission is hereby granted, free of charge, to any person obtaining a copy
--- a/README.md
+++ b/README.md
@@ -3,60 +3,27 @@
 Hubzilla - Community Server
 ===========================
 Groupware re-imagined and re-invented. 
 --------------------------------------
 Connect and link decentralised web communities. 
 -----------------------------------------------
 <p align="center" markdown="1">
 <em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
 </p>
 **What are Hubz?**
-Hubz are independent general-purpose websites that not only connect with their associated members and viewers, but also connect together to exchange personal communications and other information with each other.  
+**What is Hubzilla?**
 This allows hub members on any hub to securely and privately share anything; with anybody, on any hub - anywhere; or share stuff publicly with anybody on the internet if desired. 
-**Hubzilla** is the server software which makes this possible. It is a sophisticated and unique combination of an open source content management system and a decentralised identity, communications, and permissions framework and protocol suite, built using common webserver technology (PHP/MySQL/Apache and popular variants). The end result is a level of systems integration, privacy control, and communications features that you wouldn't think are possible in either a content management system or a decentralised communications network. It also brings a new level of cooperation and privacy to the web and introduces the concept of personally owned "single sign-on" to web services across the entire internet. 
+Hubzilla is a general purpose communication server integrated with a web publishing system and a decentralised permission system. If this sounds like a bunch of technical mumbo-jumbo to you, just think of it as an independent platform for sharing stuff online. 
-Hubzilla hubz are
+Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework - and it is all decentralised. 
-* decentralised
+Everything you publish or share can be restricted to those channels and people you wish to share them with; and these permissions work completely invisibly - even with channels on different servers or other communications services.
 * inherently social
 * optionally inter-networked with other hubz
 * privacy-enabled (privacy exclusions work across the entire internet to any registered identity on any compatible hubz)
-Possible website applications include
+Migration and live backups of your connections, settings, and everything you publish are built-in, so you never need worry about server failure. 
-* decentralised social networking nodes
+Hubzilla is completely decentralised and open source, for you modify or adapt to your needs and desires. Plugins, themes, and numerous configuration options extend the overall capabilities to do anything you can imagine. 
 * personal cloud storage
 * file dropboxes
 * managing organisational communications and activities
 * collaboration and community decision-making
 * small business websites
 * public and private media/file libraries
 * blogs
 * event promotion
 * feed aggregation and republishing
 * forums
 * dating websites
 * pretty much anything you can do on a traditional blog or community website, but that you could do better if you could easily connect it with other websites or privately share things across website boundaries. 
 <p align="center" markdown="1">
 <em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
 </p>
-**Who Are We and What Are Our Principles?**
+**Who Are We?**
 The Hubzilla community is powered by passionate volunteers creating an open source **commons** of decentralised services which are highly integrated and can rival the feature set of centralised providers. We are open to sponsorship and donations to cover expenses and compensate for our time and energy, however the project core is basically non-profit and is not designed for the purpose of commercial gain or exploitation. 
 Some sites may include monetisation strategies such as subscriptions and *freemium* models where members pay for resources they consume beyond a basic level. The project community supports such monetisation initiatives (nobody should be forced to pay "out of pocket" to provide a service to others), but we maintain the **commons** to provide open and free access of the software to all. 
 The software is not designed for data collection of its members or providing advertising. We don't have a need or desire for these things and feel that software built around these goals is poorly designed and represents compromised principles and ethics. 
 As a project, we are inclusive of all beliefs and cultures and do what we are able to provide an environment that is free from hostility and harrassment. Whether or not we succeed in this endaevour requires constant vigilance and help from all members of the community, working together to build an inter-networking tool with amazing potential. 
 The Hubzilla community consists of passionate volunteers creating an open source commons of decentralised services which are highly integrated and can rival the feature set of large centralised providers. We do our best to provide ethical software which places you in control of your online communications and privacy expectations.
 [![Build Status](https://travis-ci.org/redmatrix/hubzilla.svg)](https://travis-ci.org/redmatrix/hubzilla)
--- a/Zotlabs/Access/AccessList.php
+++ b/Zotlabs/Access/AccessList.php
@@ -2,20 +2,54 @@
 namespace Zotlabs\Access;
-
+/**
 * @brief AccessList class.
 *
 * A class to hold an AccessList object with allowed and denied contacts and
 * groups.
 */
 class AccessList {
-
+	/**
 	 * @brief Allow contacts
 	 * @var string
 	 */
 	private $allow_cid;
 	/**
 	 * @brief Allow groups
 	 * @var string
 	 */
 	private $allow_gid;
 	/**
 	 * @brief Deny contacts
 	 * @var string
 	 */
 	private $deny_cid;
 	/**
 	 * @brief Deny groups
 	 * @var string
 	 */
 	private $deny_gid;
-
+	/**
-	/* indicates if we are using the default constructor values or values that have been set explicitly. */
+	 * @brief Indicates if we are using the default constructor values or
-
+	 * values that have been set explicitly.
 	 * @var boolean
 	 */
 	private $explicit;
 	function __construct($channel) {
 	/**
 	 * @brief Constructor for AccessList class.
 	 *
 	 * @note The array to pass to the constructor is different from the array
 	 * that you provide to the set() or set_from_array() functions.
 	 *
 	 * @param array $channel A channel array, where these entries are evaluated:
 	 *   * \e string \b channel_allow_cid => string of allowed cids
 	 *   * \e string \b channel_allow_gid => string of allowed gids
 	 *   * \e string \b channel_deny_cid => string of denied cids
 	 *   * \e string \b channel_deny_gid => string of denied gids
 	 */
 	function __construct($channel) {
 		if($channel) {
 			$this->allow_cid = $channel['channel_allow_cid'];
 			$this->allow_gid = $channel['channel_allow_gid'];
@@ -32,16 +66,31 @@ class AccessList {
 		$this->explicit = false;
 	}
 	/**
 	 * @brief Get if we are using the default constructor values
 	 * or values that have been set explicitly.
 	 *
 	 * @return boolean
 	 */
 	function get_explicit() {
 		return $this->explicit;
 	}
 	/**
-	 * Set AccessList from strings such as those in already
+	 * @brief Set access list from strings such as those in already
-	 * existing stored data items
+	 * existing stored data items.
 	 *
 	 * @note The array to pass to this set function is different from the array
 	 * that you provide to the constructor or set_from_array().
 	 *
 	 * @param array $arr
 	 *   * \e string \b allow_cid => string of allowed cids
 	 *   * \e string \b allow_gid => string of allowed gids
 	 *   * \e string \b deny_cid  => string of denied cids
 	 *   * \e string \b deny_gid  => string of denied gids
 	 * @param boolean $explicit (optional) default true
 	 */
-
+	function set($arr, $explicit = true) {
 	function set($arr,$explicit = true) {
 		$this->allow_cid = $arr['allow_cid'];
 		$this->allow_gid = $arr['allow_gid'];
 		$this->deny_cid  = $arr['deny_cid'];
@@ -51,42 +100,61 @@ class AccessList {
 	}
 	/**
-	 * return an array consisting of the current
+	 * @brief Return an array consisting of the current access list components
-	 * access list components where the elements
+	 * where the elements are directly storable.
-	 * are directly storable. 
+	 *
 	 * @return Associative array with:
 	 *   * \e string \b allow_cid => string of allowed cids
 	 *   * \e string \b allow_gid => string of allowed gids
 	 *   * \e string \b deny_cid  => string of denied cids
 	 *   * \e string \b deny_gid  => string of denied gids
 	 */
 	function get() {
-		return array(
+		return [
 			'allow_cid' => $this->allow_cid,
 			'allow_gid' => $this->allow_gid,
 			'deny_cid'  => $this->deny_cid,
 			'deny_gid'  => $this->deny_gid,
-		);
+		];
 	}
 	/**
-	 * Set AccessList from arrays, such as those provided by
+	 * @brief Set access list components from arrays, such as those provided by
-	 * acl_selector(). For convenience, a string (or non-array) input is 
+	 * acl_selector().
-	 * assumed to be a comma-separated list and auto-converted into an array. 
+	 *
 	 * For convenience, a string (or non-array) input is assumed to be a
 	 * comma-separated list and auto-converted into an array.
 	 *
 	 * @note The array to pass to this set function is different from the array
 	 * that you provide to the constructor or set().
 	 *
 	 * @param array $arr An associative array with:
 	 *   * \e array|string \b contact_allow => array with cids or comma-seperated string
 	 *   * \e array|string \b group_allow   => array with gids or comma-seperated string
 	 *   * \e array|string \b contact_deny  => array with cids or comma-seperated string
 	 *   * \e array|string \b group_deny    => array with gids or comma-seperated string
 	 * @param boolean $explicit (optional) default true
 	 */
-
+	function set_from_array($arr, $explicit = true) {
 	function set_from_array($arr,$explicit = true) {
 		$this->allow_cid = perms2str((is_array($arr['contact_allow']))
-			? $arr['contact_allow'] : explode(',',$arr['contact_allow']));
+			? $arr['contact_allow'] : explode(',', $arr['contact_allow']));
 		$this->allow_gid = perms2str((is_array($arr['group_allow']))
-			? $arr['group_allow'] : explode(',',$arr['group_allow']));
+			? $arr['group_allow'] : explode(',', $arr['group_allow']));
 		$this->deny_cid  = perms2str((is_array($arr['contact_deny']))
-			? $arr['contact_deny'] : explode(',',$arr['contact_deny']));
+			? $arr['contact_deny'] : explode(',', $arr['contact_deny']));
 		$this->deny_gid  = perms2str((is_array($arr['group_deny']))
-			? $arr['group_deny'] : explode(',',$arr['group_deny']));
+			? $arr['group_deny'] : explode(',', $arr['group_deny']));
 		$this->explicit = $explicit;
 	}
 	/**
 	 * @brief Returns true if any access lists component is set.
 	 *
 	 * @return boolean Return true if any of allow_* deny_* values is set.
 	 */
 	function is_private() {
 		return (($this->allow_cid || $this->allow_gid || $this->deny_cid || $this->deny_gid) ? true : false);
 	}
 }
--- a/Zotlabs/Access/PermissionLimits.php
+++ b/Zotlabs/Access/PermissionLimits.php
@@ -10,7 +10,7 @@ class PermissionLimits {
 		$perms = Permissions::Perms();
 		$limits = array();
 		foreach($perms as $k => $v) {
-			if(strstr($k,'view'))
+			if(strstr($k,'view') || $k === 'post_comments')
 				$limits[$k] = PERMS_PUBLIC;
 			else
 				$limits[$k] = PERMS_SPECIFIC;
--- a/Zotlabs/Access/PermissionRoles.php
+++ b/Zotlabs/Access/PermissionRoles.php
@@ -7,6 +7,9 @@ use Zotlabs\Lib as Zlib;
 class PermissionRoles {
 	static public function version() {
 		return 2;
 	}
 	static function role_perms($role) {
@@ -22,7 +25,7 @@ class PermissionRoles {
 				$ret['online'] = true;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'chat', 'post_like', 'republish' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -35,7 +38,7 @@ class PermissionRoles {
 				$ret['online'] = true;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'chat', 'post_like' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -49,7 +52,7 @@ class PermissionRoles {
 				$ret['online'] = false;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'post_like' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 				$ret['limits']['view_contacts'] = PERMS_SPECIFIC;
@@ -64,7 +67,7 @@ class PermissionRoles {
 				$ret['online'] = false;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+					'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver',
 					'post_mail', 'post_like' , 'republish', 'chat' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -77,7 +80,7 @@ class PermissionRoles {
 				$ret['online'] = false;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+					'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver',
 					'post_mail', 'post_like' , 'chat' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -92,7 +95,7 @@ class PermissionRoles {
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'post_wall', 'post_comments',
+					'view_pages', 'view_wiki', 'post_wall', 'post_comments',
 					'post_mail', 'post_like' , 'chat' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -100,6 +103,7 @@ class PermissionRoles {
 				$ret['limits']['view_contacts'] = PERMS_SPECIFIC;
 				$ret['limits']['view_storage']  = PERMS_SPECIFIC;
 				$ret['limits']['view_pages']    = PERMS_SPECIFIC;
 				$ret['limits']['view_wiki']     = PERMS_SPECIFIC;
 				break;
@@ -111,7 +115,7 @@ class PermissionRoles {
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'post_like' , 'republish' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -125,7 +129,7 @@ class PermissionRoles {
 				$ret['online'] = false;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'post_like' , 'republish' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -140,7 +144,7 @@ class PermissionRoles {
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'post_like' , 'republish' ];
+					'view_pages', 'view_wiki', 'post_like' , 'republish' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -154,12 +158,13 @@ class PermissionRoles {
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
+					'view_pages', 'view_wiki', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
-					'post_mail', 'post_like' , 'republish', 'chat' ];
+					'post_mail', 'post_like' , 'republish', 'chat', 'write_wiki' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 				break;
 			case 'custom':
 			default:
 				break;
 		}
@@ -174,7 +179,68 @@ class PermissionRoles {
 		return $ret;
 	}
 	static public function new_custom_perms($uid,$perm,$abooks) {
 		// set permissionlimits for this permission here, for example:
 		// if($perm === 'mynewperm')
 		//     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,1);
 		if($perm === 'view_wiki')
 		     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_PUBLIC);
 		if($perm === 'write_wiki')
 		     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_SPECIFIC);
 		// set autoperms here if applicable
 		// choices are to set to 0, 1, or the value of an existing perm
 		if(get_pconfig($uid,'system','autoperms')) {
 			$c = channelx_by_n($uid);
 			$value = 0;
 			// if($perm === 'mynewperm')
 			//	 $value = get_abconfig($uid,$c['channel_hash'],'autoperms','someexistingperm');
 			if($perm === 'view_wiki')
 				$value = get_abconfig($uid,$c['channel_hash'],'autoperms','view_pages');
 			if($perm === 'write_wiki')
 				$value = get_abconfig($uid,$c['channel_hash'],'autoperms','write_pages');
 			if($c) {
 				set_abconfig($uid,$c['channel_hash'],'autoperms',$perm,$value);
 			}
 		}
 		// now set something for all existing connections.
 		if($abooks) {
 			foreach($abooks as $ab) {
 				switch($perm) {
 					// case 'mynewperm':
 					// choices are to set to 1, set to 0, or clone an existing perm
 					// set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
 					//		intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','someexistingperm')));
 					case 'view_wiki':
 						set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
 							intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','view_pages')));
 					case 'write_wiki':
 						set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
 							intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','write_pages')));
 					default:
 						break;
 				}
 			}
 		}
 	}
 	static public function roles() {
@@ -210,6 +276,4 @@ class PermissionRoles {
    	return $roles;
 	}
 }
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -1,18 +1,27 @@
 <?php
 namespace Zotlabs\Access;
 use Zotlabs\Lib as Zlib;
-class Permissions {
+/**
-
+ * @brief Extensible permissions.
-	/**
+ *
 	 * Extensible permissions.
 * To add new permissions, add to the list of $perms below, with a simple description.
 *
 * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
 * if this permission should be granted to new connections.
 *
 * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom
 * permission roles. You will want to set a default PermissionLimit for each channel and also
 * provide a sane default for any existing connections. You may or may not wish to provide a
 * default auto permission. If in doubt, leave this alone as custom permissions by definition
 * are the responsibility of the channel owner to manage. You just don't want to create any
 * suprises or break things so you have an opportunity to provide sane settings.
 *
 * Update the version here and in PermissionRoles.
 *
 *
 * Permissions with 'view' in the name are considered read permissions. Anything
 * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
 * is given PERMS_SPECIFIC.
@@ -22,8 +31,22 @@ class Permissions {
 * something different for a specific permission within the given role.
 *
 */
 class Permissions {
 	static public function version() {
 		// This must match the version in PermissionRoles.php before permission updates can run.
 		return 2;
 	}
 	/**
 	 * @brief Return an array with Permissions.
 	 *
 	 * @hooks permissions_list
 	 *   * \e array \b permissions
 	 *   * \e string \b filter
 	 * @param string $filter (optional) only passed to hook permission_list
 	 * @return Associative array with permissions and short description.
 	 */
 	static public function Perms($filter = '') {
 		$perms = [
@@ -34,7 +57,9 @@ class Permissions {
 			'view_storage'  => t('Can view my file storage and photos'),
 			'write_storage' => t('Can upload/modify my file storage and photos'),
 			'view_pages'    => t('Can view my channel webpages'),
 			'view_wiki'     => t('Can view my wiki pages'),
 			'write_pages'   => t('Can create/edit my channel webpages'),
 			'write_wiki'    => t('Can write to my wiki pages'),
 			'post_wall'     => t('Can post on my channel (wall) page'),
 			'post_comments' => t('Can comment on or like my posts'),
 			'post_mail'     => t('Can send me private mail messages'),
@@ -45,18 +70,27 @@ class Permissions {
 			'delegate'      => t('Can administer my channel')
 		];
-		$x = array('permissions' => $perms, 'filter' => $filter);
+		$x = [
-		call_hooks('permissions_list',$x);
+			'permissions' => $perms,
-		return($x['permissions']);
+			'filter' => $filter
 		];
 		call_hooks('permissions_list', $x);
 		return($x['permissions']);
 	}
 	/**
 	 * @brief Perms from the above list that are blocked from anonymous observers.
 	 *
 	 * e.g. you must be authenticated.
 	 *
 	 * @hooks write_perms
 	 *   * \e array \b permissions
 	 * @return Associative array with permissions and short description.
 	 */
 	static public function BlockedAnonPerms() {
-		// Perms from the above list that are blocked from anonymous observers.
+		$res = [];
 		// e.g. you must be authenticated.
 		$res = array();
 		$perms = PermissionLimits::Std_limits();
 		foreach($perms as $perm => $limit) {
 			if($limit != PERMS_PUBLIC) {
@@ -64,30 +98,66 @@ class Permissions {
 			}
 		}
-		$x = array('permissions' => $res);
+		$x = ['permissions' => $res];
-		call_hooks('write_perms',$x);
+		call_hooks('write_perms', $x);
 		return($x['permissions']);
 		return($x['permissions']);
 	}
-	// converts [ 0 => 'view_stream', ... ]
+	/**
-	// to [ 'view_stream' => 1 ]
+	 * @brief Converts indexed perms array to associative perms array.
-	// for any permissions in $arr;
+	 *
-	// Undeclared permissions are set to 0
+	 * Converts [ 0 => 'view_stream', ... ]
-
+	 * to [ 'view_stream' => 1 ] for any permissions in $arr;
 	 * Undeclared permissions which exist in Perms() are added and set to 0.
 	 *
 	 * @param array $arr
 	 * @return array
 	 */
 	static public function FilledPerms($arr) {
 		if(is_null($arr)) {
 			btlogger('FilledPerms: null');
 		}
 		$everything = self::Perms();
 		$ret = [];
 		foreach($everything as $k => $v) {
-			if(in_array($k,$arr))
+			if(in_array($k, $arr))
 				$ret[$k] = 1;
 			else
 				$ret[$k] = 0;
 		}
 		return $ret;
 		return $ret;
 	}
 	/**
 	 * @brief Convert perms array to indexed array.
 	 *
 	 * Converts [ 'view_stream' => 1 ] for any permissions in $arr
 	 * to [ 0 => ['name' => 'view_stream', 'value' => 1], ... ]
 	 *
 	 * @param array $arr associative perms array 'view_stream' => 1
 	 * @return Indexed array with elements that look like
 	 *   * \e string \b name the perm name (e.g. view_stream)
 	 *   * \e int \b value the value of the perm (e.g. 1)
 	 */
 	static public function OPerms($arr) {
 		$ret = [];
 		if($arr) {
 			foreach($arr as $k => $v) {
 				$ret[] = [ 'name' => $k, 'value' => $v ];
 			}
 		}
 		return $ret;
 	}
 	/**
 	 * @brief
 	 *
 	 * @param int $channel_id
 	 * @return boolean|array
 	 */
 	static public function FilledAutoperms($channel_id) {
 		if(! intval(get_pconfig($channel_id,'system','autoperms')))
 			return false;
@@ -98,19 +168,109 @@ class Permissions {
 		);
 		if($r) {
 			foreach($r as $rr) {
-				$arr[$rr['k']] = $arr[$rr['v']];
+				$arr[$rr['k']] = intval($rr['v']);
 			}
 		}
 		return $arr;
 	}
-	static public function PermsCompare($p1,$p2) {
+	/**
 	 * @brief Compares that all Permissions from $p1 exist also in $p2.
 	 *
 	 * @param array $p1 The perms that have to exist in $p2
 	 * @param array $p2 The perms to compare against
 	 * @return boolean true if all perms from $p1 exist also in $p2
 	 */
 	static public function PermsCompare($p1, $p2) {
 		foreach($p1 as $k => $v) {
-			if(! array_key_exists($k,$p2))
+			if(! array_key_exists($k, $p2))
 				return false;
 			if($p1[$k] != $p2[$k])
 				return false;
 		}
 		return true;
 	}
 	/**
 	 * @brief
 	 *
 	 * @param int $channel_id A channel id
 	 * @return associative array
 	 *   * \e array \b perms Permission array
 	 *   * \e int \b automatic 0 or 1
 	 */
 	static public function connect_perms($channel_id) {
 		$my_perms = [];
 		$permcat = null;
 		$automatic = 0;
 		// If a default permcat exists, use that
 		$pc = ((feature_enabled($channel_id,'permcats')) ? get_pconfig($channel_id,'system','default_permcat') : 'default');
 		if(! in_array($pc, [ '','default' ])) {
 			$pcp = new Zlib\Permcat($channel_id);
 			$permcat = $pcp->fetch($pc);
 			if($permcat && $permcat['perms']) {
 				foreach($permcat['perms'] as $p) {
 					$my_perms[$p['name']] = $p['value'];
 				}
 			}
 		}
 		// look up the permission role to see if it specified auto-connect
 		// and if there was no permcat or a default permcat, set the perms
 		// from the role
 		$role = get_pconfig($channel_id,'system','permissions_role');
 		if($role) {
 			$xx = PermissionRoles::role_perms($role);
 			if($xx['perms_auto'])
 				$automatic = 1;
 			if((! $my_perms) && ($xx['perms_connect'])) {
 				$default_perms = $xx['perms_connect'];
 				$my_perms = Permissions::FilledPerms($default_perms);
 			}
 		}
 		// If we reached this point without having any permission information,
 		// it is likely a custom permissions role. First see if there are any
 		// automatic permissions.
 		if(! $my_perms) {
 			$m = Permissions::FilledAutoperms($channel_id);
 			if($m) {
 				$automatic = 1;
 				$my_perms = $m;
 			}
 		}
 		// If we reached this point with no permissions, the channel is using
 		// custom perms but they are not automatic. They will be stored in abconfig with
 		// the channel's channel_hash (the 'self' connection).
 		if(! $my_perms) {
 			$r = q("select channel_hash from channel where channel_id = %d",
 				intval($channel_id)
 			);
 			if($r) {
 				$x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'",
 					intval($channel_id),
 					dbesc($r[0]['channel_hash'])
 				);
 				if($x) {
 					foreach($x as $xv) {
 						$my_perms[$xv['k']] = intval($xv['v']);
 					}
 				}
 			}
 		}
 		return ( [ 'perms' => $my_perms, 'automatic' => $automatic ] );
 	}
 }
--- a/Zotlabs/Daemon/Addon.php
+++ b/Zotlabs/Daemon/Addon.php
@@ -0,0 +1,14 @@
 <?php
 namespace Zotlabs\Daemon;
 require_once('include/zot.php');
 class Addon {
 	static public function run($argc,$argv) {
 		call_hooks('daemon_addon',$argv);
 	}
 }
--- a/Zotlabs/Daemon/Checksites.php
+++ b/Zotlabs/Daemon/Checksites.php
@@ -3,7 +3,6 @@
 namespace Zotlabs\Daemon;
 require_once('include/zot.php');
 require_once('include/hubloc.php');
 class Checksites {
--- a/Zotlabs/Daemon/Cron.php
+++ b/Zotlabs/Daemon/Cron.php
@@ -121,6 +121,9 @@ class Cron {
 			}
 		}
 		require_once('include/attach.php');
 		attach_upgrade();
 		$abandon_days = intval(get_config('system','account_abandon_days'));
 		if($abandon_days < 1)
 			$abandon_days = 0;
@@ -171,7 +174,8 @@ class Cron {
 		// pull in some public posts
-		if(! get_config('system','disable_discover_tab'))
+		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
 		if(! $disable_discover_tab)
 			Master::Summon(array('Externals'));
 		$generation = 0;
--- a/Zotlabs/Daemon/Cron_daily.php
+++ b/Zotlabs/Daemon/Cron_daily.php
@@ -38,12 +38,20 @@ class Cron_daily {
 			db_utcnow(), db_quoteinterval('30 DAY')
 		);
 		// expire any unread notifications over a year old
 		q("delete from notify where seen = 0 and created < %s - INTERVAL %s",
 			db_utcnow(), db_quoteinterval('1 YEAR')
 		);
 		//update statistics in config
 		require_once('include/statistics_fns.php');
 		update_channels_total_stat();
 		update_channels_active_halfyear_stat();
 		update_channels_active_monthly_stat();
 		update_local_posts_stat();
 		update_local_comments_stat();
 		// expire old delivery reports
@@ -76,12 +84,11 @@ class Cron_daily {
 		Master::Summon(array('Expire'));
 		Master::Summon(array('Cli_suggest'));
 		require_once('include/hubloc.php');
 		remove_obsolete_hublocs();
 		call_hooks('cron_daily',datetime_convert());
-		set_config('system','last_expire_day',$d2);
+		set_config('system','last_expire_day',intval(datetime_convert('UTC','UTC','now','d')));
 		/**
 		 * End Cron Daily
--- a/Zotlabs/Daemon/Cron_weekly.php
+++ b/Zotlabs/Daemon/Cron_weekly.php
@@ -17,7 +17,6 @@ class Cron_weekly {
 		z_check_cert();
 		require_once('include/hubloc.php');
 		prune_hub_reinstalls();
 		mark_orphan_hubsxchans();
--- a/Zotlabs/Daemon/Importdoc.php
+++ b/Zotlabs/Daemon/Importdoc.php
@@ -21,15 +21,21 @@ class Importdoc {
 		$files = glob("$d/$f");
 		if($files) {
 			foreach($files as $fi) {
-				if($fi === 'doc/html')
+				if($fi === 'doc/html') {
 					continue;
-				if(is_dir($fi))
+				}
 				if(is_dir($fi)) {
 					self::update_docs_dir("$fi/*");
-				else
+				}
 				else {
 					// don't update media content
 					if(strpos(z_mime_content_type($fi),'text') === 0) {
 						store_doc_file($fi);
 					}
 				}
 			}
 		}
 	}
 }
--- a/Zotlabs/Daemon/Master.php
+++ b/Zotlabs/Daemon/Master.php
@@ -24,7 +24,6 @@ class Master {
 	static public function Release($argc,$argv) {
 		cli_startup();
 		logger('Master: release: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
 		require_once('Zotlabs/Daemon/' . $argv[0] . '.php');
 		$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
 		$cls::run($argc,$argv);
 	}	
--- a/Zotlabs/Daemon/Notifier.php
+++ b/Zotlabs/Daemon/Notifier.php
@@ -4,6 +4,12 @@ namespace Zotlabs\Daemon;
 require_once('include/queue_fn.php');
 require_once('include/html2plain.php');
 require_once('include/conversation.php');
 require_once('include/zot.php');
 require_once('include/items.php');
 require_once('include/bbcode.php');
 /*
 * This file was at one time responsible for doing all deliveries, but this caused
@@ -58,8 +64,6 @@ require_once('include/html2plain.php');
 *       purge_all              channel_id
 *       expire                 channel_id
 *       relay					item_id (item was relayed to owner, we will deliver it as owner)
 *       single_activity        item_id (deliver to a singleton network from the appropriate clone)
 *       single_mail            mail_id (deliver to a singleton network from the appropriate clone)
 *       location               channel_id
 *       request                channel_id            xchan_hash             message_id
 *       rating                 xlink_id
@@ -67,13 +71,6 @@ require_once('include/html2plain.php');
 */
 require_once('include/zot.php');
 require_once('include/queue_fn.php');
 require_once('include/datetime.php');
 require_once('include/items.php');
 require_once('include/bbcode.php');
 require_once('include/channel.php');
 class Notifier {
@@ -97,16 +94,6 @@ class Notifier {
 		$deliveries = array();
 		$dead_hubs = array();
 		$dh = q("select site_url from site where site_dead = 1");
 		if($dh) {
 			foreach($dh as $dead) {
 				$dead_hubs[] = $dead['site_url'];
 			}
 		}
 		$request = false;
 		$mail = false;
 		$top_level = false;
@@ -116,11 +103,11 @@ class Notifier {
 		$normal_mode = true;
 		$packet_type = 'undefined';
-		if($cmd === 'mail' || $cmd === 'single_mail') {
+		if($cmd === 'mail') {
 			$normal_mode = false;
 			$mail = true;
 			$private = true;
-			$message = q("SELECT * FROM `mail` WHERE `id` = %d LIMIT 1",
+			$message = q("SELECT * FROM mail WHERE id = %d LIMIT 1",
 					intval($item_id)
 			);
 			if(! $message) {
@@ -282,6 +269,7 @@ class Notifier {
 			// Check for non published items, but allow an exclusion for transmitting hidden file activities
 			if(intval($target_item['item_unpublished']) || intval($target_item['item_delayed']) ||
 				intval($target_item['item_blocked']) || 
 				( intval($target_item['item_hidden']) && ($target_item['obj_type'] !== ACTIVITY_OBJ_FILE))) {
 				logger('notifier: target item not published, so not forwardable', LOGGER_DEBUG);
 				return;
@@ -371,12 +359,13 @@ class Notifier {
 				if(! $encoded_item['flags'])
 					$encoded_item['flags'] = array();
 				$encoded_item['flags'][] = 'relay';
 				$upstream = true;
 			}
 			else {
 				logger('notifier: normal distribution', LOGGER_DEBUG);
 				if($cmd === 'relay')
 					logger('notifier: owner relay');
-
+				$upstream = false;
 				// if our parent is a tag_delivery recipient, uplink to the original author causing
 				// a delivery fork. 
@@ -401,7 +390,6 @@ class Notifier {
 					return;
 				}
 			}
 		}
 		$walltowall = (($top_level_post && $channel['xchan_hash'] === $target_item['author_xchan']) ? true : false); 
@@ -418,7 +406,7 @@ class Notifier {
 		if(! $recipients)
 			return;
-//	logger('notifier: recipients: ' . print_r($recipients,true), LOGGER_NORMAL, LOG_DEBUG);
+		//	logger('notifier: recipients: ' . print_r($recipients,true), LOGGER_NORMAL, LOG_DEBUG);
 		$env_recips = (($private) ? array() : null);
@@ -431,39 +419,40 @@ class Notifier {
 			foreach($details as $d) {
 				$recip_list[] = $d['xchan_addr'] . ' (' . $d['xchan_hash'] . ')'; 
-				if($private)
+				if($private) {
-					$env_recips[] = array('guid' => $d['xchan_guid'],'guid_sig' => $d['xchan_guid_sig'],'hash' => $d['xchan_hash']);
+					$env_recips[] = [
-
+						'guid'     => $d['xchan_guid'],
-				if($d['xchan_network'] === 'mail' && $normal_mode) {
+						'guid_sig' => $d['xchan_guid_sig'],
-					$delivery_options = get_xconfig($d['xchan_hash'],'system','delivery_mode');
+						'hash'     => $d['xchan_hash']
-					if(! $delivery_options)
+					];
 						format_and_send_email($channel,$d,$target_item);
 				}
 			}
 		}
-		$narr = array(
+		$narr = [
 			'channel'        => $channel,
 			'upstream'       => $upstream,
 			'env_recips'     => $env_recips,
 			'packet_recips'  => $packet_recips,
 			'recipients'     => $recipients,
 			'item'           => $item,
 			'target_item'    => $target_item,
 			'parent_item'    => $parent_item,
 			'top_level_post' => $top_level_post,
 			'private'        => $private,
 			'relay_to_owner' => $relay_to_owner,
 			'uplink'         => $uplink,
 			'cmd'            => $cmd,
 			'mail'           => $mail,
-			'single' => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
+			'single'         => false,
 			'location'       => $location,
 			'request'        => $request,
 			'normal_mode'    => $normal_mode,
 			'packet_type'    => $packet_type,
 			'walltowall'     => $walltowall,
-			'queued' => array()
+			'queued'         => []
-		);
+		];
 		call_hooks('notifier_process', $narr);
 		if($narr['queued']) {
@@ -486,10 +475,10 @@ class Notifier {
 		// Now we have collected recipients (except for external mentions, FIXME)
-		// Let's reduce this to a set of hubs.
+		// Let's reduce this to a set of hubs; checking that the site is not dead.
-		$r = q("select * from hubloc where hubloc_hash in (" . implode(',',$recipients) . ") 
+		$r = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash in (" . implode(',',$recipients) . ") 
-			and hubloc_error = 0 and hubloc_deleted = 0"
+			and hubloc_error = 0 and hubloc_deleted = 0 and ( site_dead = 0 OR site_dead is null ) "
 		);		
@@ -500,26 +489,32 @@ class Notifier {
 		$hubs = $r;
 		/**
-		 * Reduce the hubs to those that are unique. For zot hubs, we need to verify uniqueness by the sitekey, since it may have been 
+		 * Reduce the hubs to those that are unique. For zot hubs, we need to verify uniqueness by the sitekey, 
-		 * a re-install which has not yet been detected and pruned.
+		 * since it may have been a re-install which has not yet been detected and pruned.
 		 * For other networks which don't have or require sitekeys, we'll have to use the URL
 		 */
-		$hublist = array(); // this provides an easily printable list for the logs
+		$hublist = []; // this provides an easily printable list for the logs
-		$dhubs   = array(); // delivery hubs where we store our resulting unique array
+		$dhubs   = []; // delivery hubs where we store our resulting unique array
-		$keys    = array(); // array of keys to check uniquness for zot hubs
+		$keys    = []; // array of keys to check uniquness for zot hubs
-		$urls    = array(); // array of urls to check uniqueness of hubs from other networks
+		$urls    = []; // array of urls to check uniqueness of hubs from other networks
-
+		$hub_env = []; // per-hub envelope so we don't broadcast the entire envelope to all
 		foreach($hubs as $hub) {
-			if(in_array($hub['hubloc_url'],$dead_hubs)) {
+
-				logger('skipping dead hub: ' . $hub['hubloc_url'], LOGGER_DEBUG, LOG_INFO);
+			if($env_recips) {
-				continue;
+				foreach($env_recips as $er) {
 					if($hub['hubloc_hash'] === $er['hash']) {
 						if(! array_key_exists($hub['hubloc_host'] . $hub['hubloc_sitekey'], $hub_env)) {
 							$hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] = [];
 						}
 						$hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']][] = $er;
 					}
 				}
 			}
 			if($hub['hubloc_network'] == 'zot') {
 				if(! in_array($hub['hubloc_sitekey'],$keys)) {
@@ -539,18 +534,18 @@ class Notifier {
 		logger('notifier: will notify/deliver to these hubs: ' . print_r($hublist,true), LOGGER_DEBUG, LOG_DEBUG);
 		foreach($dhubs as $hub) {
 			if($hub['hubloc_network'] !== 'zot') {
-
+				$narr = [
 				$narr = array(
 					'channel'        => $channel,
 					'upstream'       => $upstream,
 					'env_recips'     => $env_recips,
 					'packet_recips'  => $packet_recips,
 					'recipients'     => $recipients,
 					'item'           => $item,
 					'target_item'    => $target_item,
 					'parent_item'    => $parent_item,
 					'hub'            => $hub,
 					'top_level_post' => $top_level_post,
 					'private'        => $private,
@@ -558,14 +553,14 @@ class Notifier {
 					'uplink'         => $uplink,
 					'cmd'            => $cmd,
 					'mail'           => $mail,
-					'single' => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
+					'single'         => false,
 					'location'       => $location,
 					'request'        => $request,
 					'normal_mode'    => $normal_mode,
 					'packet_type'    => $packet_type,
 					'walltowall'     => $walltowall,
-					'queued' => array()
+					'queued'         => []
-				);
+				];
 				call_hooks('notifier_hub',$narr);
@@ -577,21 +572,6 @@ class Notifier {
 			}
 			// singleton deliveries by definition 'not got zot'.
 			// Single deliveries are other federated networks (plugins) and we're essentially 
 			// delivering only to those that have this site url in their abook_instance
 			// and only from within a sync operation. This means if you post from a clone,
 			// and a connection is connected to one of your other clones; assuming that hub
 			// is running it will receive a sync packet. On receipt of this sync packet it
 			// will invoke a delivery to those connections which are connected to just that
 			// hub instance. 
 			if($cmd === 'single_mail' || $cmd === 'single_activity') {
 				continue;
 			}
 			// default: zot protocol
 			$hash = random_string();
 			$packet = null;
@@ -599,8 +579,9 @@ class Notifier {
 				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
 			}
 			elseif($packet_type === 'request') {
-				$packet = zot_build_packet($channel,$packet_type,$env_recips,$hub['hubloc_sitekey'],$hash,
+				$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
-					array('message_id' => $request_message_id)
+				$packet = zot_build_packet($channel,$packet_type,$env,$hub['hubloc_sitekey'],$hub['site_crypto'],
 					$hash, array('message_id' => $request_message_id)
 				);
 			}
@@ -614,15 +595,18 @@ class Notifier {
 				));
 			}
 			else {
-				$packet = zot_build_packet($channel,'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null),$hash);	
+				$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
-				queue_insert(array(
+				$packet = zot_build_packet($channel,'notify',$env,(($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);	
 				queue_insert(
 					[
 						'hash'       => $hash,
 						'account_id' => $target_item['aid'],
 						'channel_id' => $target_item['uid'],
 						'posturl'    => $hub['hubloc_callback'],
 						'notify'     => $packet,
 						'msg'        => json_encode($encoded_item)
-				));
+					]
 				);
 				// only create delivery reports for normal undeleted items
 				if(is_array($target_item) && array_key_exists('postopts',$target_item) && (! $target_item['item_deleted']) && (! get_config('system','disable_dreport'))) {
@@ -643,9 +627,9 @@ class Notifier {
 		if($normal_mode) {
 			$x = q("select * from hook where hook = 'notifier_normal'");
-			if($x)
+			if($x) {
-				Master::Summon(array('Deliver_hooks',$target_item['id']));
+				Master::Summon( [ 'Deliver_hooks', $target_item['id'] ] );
-
+			}
 		}
 		if($deliveries)
--- a/Zotlabs/Daemon/Onepoll.php
+++ b/Zotlabs/Daemon/Onepoll.php
@@ -118,13 +118,29 @@ class Onepoll {
 			if($fetch_feed) {
-				$feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']);		
+				if(strpos($contact['xchan_connurl'],z_root()) === 0) {
-				$feedurl .= '?f=&mindate=' . urlencode($last_update);
+					// local channel - save a network fetch
 					$c = channelx_by_hash($contact['xchan_hash']);
 					if($c) {
 						$x = [ 
 							'success' => true, 
 							'body' => json_encode( [ 
 								'success' => true,
 								'messages' => zot_feed($c['channel_id'], $importer['xchan_hash'], [ 'mindate' => $last_update ])
 							])
 						];
 					}
 				}
 				else {
 					// remote fetch	
-				$x = z_fetch_url($feedurl);
+					$feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']);		
 					$feedurl .= '?f=&mindate=' . urlencode($last_update) . '&zid=' . $importer['channel_address'] . '@' . \App::get_hostname();
 					$recurse = 0;
 					$x = z_fetch_url($feedurl, false, $recurse, [ 'session' => true ]);
 				}
 				logger('feed_update: ' . print_r($x,true), LOGGER_DATA);
 			}
 			if(($x) && ($x['success'])) {
--- a/Zotlabs/Daemon/Queue.php
+++ b/Zotlabs/Daemon/Queue.php
@@ -61,30 +61,15 @@ class Queue {
 			// the site is permanently down, there's no reason to attempt delivery at all, or at most not more than once 
 			// or twice a day. 
-			// FIXME: can we sort postgres on outq_priority and maintain the 'distinct' ?
+			$r = q("SELECT * FROM outq WHERE outq_delivered = 0 and outq_scheduled < %s ",
-			// The order by max(outq_priority) might be a dodgy query because of the group by.
+				db_utcnow()
 			// The desired result is to return a sequence in the order most likely to be delivered in this run.
 			// If a hub has already been sitting in the queue for a few days, they should be delivered last;
 			// hence every failure should drop them further down the priority list.
 			if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
 				$prefix = 'DISTINCT ON (outq_posturl)';
 				$suffix = 'ORDER BY outq_posturl';
 			} else {
 				$prefix = '';
 				$suffix = 'GROUP BY outq_posturl ORDER BY max(outq_priority)';
 			}
 			$r = q("SELECT $prefix * FROM outq WHERE outq_delivered = 0 and (( outq_created > %s - INTERVAL %s and outq_updated < %s - INTERVAL %s ) OR ( outq_updated < %s - INTERVAL %s )) $suffix",
 				db_utcnow(), db_quoteinterval('12 HOUR'),
 				db_utcnow(), db_quoteinterval('15 MINUTE'),
 				db_utcnow(), db_quoteinterval('1 HOUR')
 			);
 		}
 		if(! $r)
 			return;
-		foreach($r as $rr) {
+		foreach($r as $rv) {
-			queue_deliver($rr);
+			queue_deliver($rv);
 		}
 	}
 }
--- a/Zotlabs/Daemon/Ratenotif.php
+++ b/Zotlabs/Daemon/Ratenotif.php
@@ -77,7 +77,7 @@ class Ratenotif {
 						continue;
 					$hash = random_string();
-					$n = zot_build_packet($channel,'notify',null,null,$hash);
+					$n = zot_build_packet($channel,'notify',null,null,'',$hash);
 					queue_insert(array(
 						'hash'       => $hash,
--- a/Zotlabs/Extend/Hook.php
+++ b/Zotlabs/Extend/Hook.php
@@ -10,7 +10,7 @@ class Hook {
 			$function = serialize($function);
 		}
-		$r = q("SELECT * FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `fn` = '%s' and priority = %d and hook_version = %d LIMIT 1",
+		$r = q("SELECT * FROM hook WHERE hook = '%s' AND file = '%s' AND fn = '%s' and priority = %d and hook_version = %d LIMIT 1",
 			dbesc($hook),
 			dbesc($file),
 			dbesc($function),
@@ -23,13 +23,13 @@ class Hook {
 		// To aid in upgrade and transition, remove old settings for any registered hooks that match in all respects except
 		// for priority or hook_version
-		$r = q("DELETE FROM `hook` where `hook` = '%s' and `file` = '%s' and `fn` = '%s'",
+		$r = q("DELETE FROM hook where hook = '%s' and file = '%s' and fn = '%s'",
 			dbesc($hook),
 			dbesc($file),
 			dbesc($function)
 		);
-		$r = q("INSERT INTO `hook` (`hook`, `file`, `fn`, `priority`, `hook_version`) VALUES ( '%s', '%s', '%s', %d, %d )",
+		$r = q("INSERT INTO hook (hook, file, fn, priority, hook_version) VALUES ( '%s', '%s', '%s', %d, %d )",
 			dbesc($hook),
 			dbesc($file),
 			dbesc($function),
@@ -40,11 +40,20 @@ class Hook {
 		return $r;
 	}
 	static public function register_array($file,$arr) {
 		if($arr) {
 			foreach($arr as $k => $v) {
 				self::register($k,$file,$v);
 			}
 		}
 	}
 	static public function unregister($hook,$file,$function,$version = 1,$priority = 0) {
 		if(is_array($function)) {
 			$function = serialize($function);
 		}
-		$r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `fn` = '%s' and priority = %d and hook_version = %d",
+		$r = q("DELETE FROM hook WHERE hook = '%s' AND file = '%s' AND fn = '%s' and priority = %d and hook_version = %d",
 			dbesc($hook),
 			dbesc($file),
 			dbesc($function),
@@ -60,7 +69,7 @@ class Hook {
 	static public function unregister_by_file($file) {
-		$r = q("DELETE FROM hook WHERE `file` = '%s' ",
+		$r = q("DELETE FROM hook WHERE file = '%s' ",
 			dbesc($file)
 		);
--- a/Zotlabs/Lib/AConfig.php
+++ b/Zotlabs/Lib/AConfig.php
@@ -10,8 +10,8 @@ class AConfig {
 		return XConfig::Load('a_' . $account_id);
 	}
-	static public function Get($account_id,$family,$key) {
+	static public function Get($account_id,$family,$key,$default = false) {
-		return XConfig::Get('a_' . $account_id,$family,$key);
+		return XConfig::Get('a_' . $account_id,$family,$key, $default);
 	}
 	static public function Set($account_id,$family,$key,$value) {
--- a/Zotlabs/Lib/AbConfig.php
+++ b/Zotlabs/Lib/AbConfig.php
@@ -16,7 +16,7 @@ class AbConfig {
 	}
-	static public function Get($chan,$xhash,$family,$key) {
+	static public function Get($chan,$xhash,$family,$key, $default = false) {
 		$r = q("select * from abconfig where chan = %d and xchan = '%s' and cat = '%s' and k = '%s' limit 1",
 			intval($chan),
 			dbesc($xhash),
@@ -26,7 +26,7 @@ class AbConfig {
 		if($r) {
 			return ((preg_match('|^a:[0-9]+:{.*}$|s', $r[0]['v'])) ? unserialize($r[0]['v']) : $r[0]['v']);
 		}
-		return false;
+		return $default;
 	}
--- a/Zotlabs/Lib/ActivityStreams2.php
+++ b/Zotlabs/Lib/ActivityStreams2.php
@@ -0,0 +1,86 @@
 <?php
 namespace Zotlabs\Lib;
 class ActivityStreams2 {
 	public $data;
 	public $valid = false;
 	public $id    = '';
 	public $type  = '';
 	public $actor = null;
 	public $obj   = null;
 	public $tgt   = null;
 	function __construct($string) {
 		$this->data = json_decode($string,true);
 		if($this->data) {
 			$this->valid = true;
 		}
 		if($this->is_valid()) {
 			$this->id    = $this->get_property_obj('id');
 			$this->type  = $this->get_primary_type();
 			$this->actor = $this->get_compound_property('actor');
 			$this->obj   = $this->get_compound_property('object');
 			$this->tgt   = $this->get_compound_property('target');
 		}
 	}
 	function is_valid() {
 		return $this->valid;
 	}
 	function get_property_obj($property,$base = '') {
 		if(! $base) {
 			$base = $this->data;
 		}
 		return $base[$property];
 	}
 	function fetch_property($url) {
 		$redirects = 0;
 		$x = z_fetch_url($url,true,$redirects,
 			['headers' => [ 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams"']]);
 		if($x['success'])
 			return json_decode($x['body'],true);
 		return null;
 	}
 	function get_compound_property($property,$base = '') {
 		$x = $this->get_property_obj($property,$base);
 		if($this->is_url($x)) {
 			$x = $this->fetch_property($x); 	
 		}
 		return $x;
 	}
 	function is_url($url) {
 		if(($url) && (! is_array($url)) && (strpos($url,'http') === 0)) {
 			return true;
 		}
 		return false;
 	}
 	function get_primary_type($base = '') {
 		if(! $base)
 			$base = $this->data;
 		$x = $this->get_property_obj('type',$base);
 		if(is_array($x)) {
 			foreach($x as $y) {
 				if(strpos($y,':') === false) {
 					return $y;
 				}
 			}
 		}
 		return $x;
 	}
 	function debug() {
 		$x = var_export($this,true);
 		return $x;
 	}
 }
--- a/Zotlabs/Lib/Apps.php
+++ b/Zotlabs/Lib/Apps.php
@@ -34,10 +34,11 @@ class Apps {
 		if($files) {
 			foreach($files as $f) {
 				$path = explode('/',$f);
-				$plugin = $path[1];
+				$plugin = trim($path[1]);
 				if(plugin_is_installed($plugin)) {
 					$x = self::parse_app_description($f,$translate);
 					if($x) {
 						$x['plugin'] = $plugin;
 						$ret[] = $x;
 					}
 				}
@@ -54,7 +55,6 @@ class Apps {
 			return;
 		$apps = self::get_system_apps(false);
 		self::$installed_system_apps = q("select * from app where app_system = 1 and app_channel = %d",
 			intval(local_channel())
 		);
@@ -68,7 +68,7 @@ class Apps {
 				if($id !== true) {
 					// if we already installed this app, but it changed, preserve any categories we created
 					$s = '';
-					$r = q("select * from term where otype = %d and oid = d",
+					$r = q("select * from term where otype = %d and oid = %d",
 						intval(TERM_OBJ_APP),
 						intval($id)
 					);
@@ -102,11 +102,13 @@ class Apps {
 		foreach(self::$installed_system_apps as $iapp) {
 			if($iapp['app_id'] == hash('whirlpool',$app['name'])) {
 				$notfound = false;
-				if($iapp['app_version'] != $app['version']) {
+				if(($iapp['app_version'] != $app['version'])
 					|| ($app['plugin'] && (! $iapp['app_plugin']))) {
 					return intval($iapp['app_id']);
 				}
 			}
 		}
 		return $notfound;
 	}
@@ -144,9 +146,12 @@ class Apps {
 		$ret['type'] = 'system';
 		foreach($ret as $k => $v) {
-			if(strpos($v,'http') === 0)
+			if(strpos($v,'http') === 0) {
 				if(! (local_channel() && strpos($v,z_root()) === 0)) {
 					$ret[$k] = zid($v);
 				}
 			}
 		}
 		if(array_key_exists('desc',$ret))
 			$ret['desc'] = str_replace(array('\'','"'),array('&#39;','&dquot;'),$ret['desc']);
@@ -157,6 +162,8 @@ class Apps {
 		if(array_key_exists('version',$ret))
 			$ret['version'] = str_replace(array('\'','"'),array('&#39;','&dquot;'),$ret['version']);
 		if(array_key_exists('categories',$ret))
 			$ret['categories'] = str_replace(array('\'','"'),array('&#39;','&dquot;'),$ret['categories']);
 		if(array_key_exists('requires',$ret)) {
 			$requires = explode(',',$ret['requires']);
@@ -202,8 +209,9 @@ class Apps {
 	static public function translate_system_apps(&$arr) {
 		$apps = array(
 			'Apps' => t('Apps'),
 			'Site Admin' => t('Site Admin'),
-			'Bug Report' => t('Bug Report'),
+			'Report Bug' => t('Report Bug'),
 			'View Bookmarks' => t('View Bookmarks'),
 			'My Chatrooms' => t('My Chatrooms'),
 			'Connections' => t('Connections'),
@@ -212,7 +220,7 @@ class Apps {
 			'Suggest Channels' => t('Suggest Channels'),
 			'Login' => t('Login'),
 			'Channel Manager' => t('Channel Manager'), 
-			'Grid' => t('Grid'), 
+			'Grid' => t('Activity'), 
 			'Settings' => t('Settings'),
 			'Files' => t('Files'),
 			'Webpages' => t('Webpages'),
@@ -238,8 +246,18 @@ class Apps {
 			'Profile Photo' => t('Profile Photo')
 		);
-		if(array_key_exists($arr['name'],$apps))
+		if(array_key_exists('name',$arr)) {
 			if(array_key_exists($arr['name'],$apps)) {
 				$arr['name'] = $apps[$arr['name']];
 			}
 		}
 		else {
 			for($x = 0; $x < count($arr); $x++) {
 				if(array_key_exists($arr[$x]['name'],$apps)) {
 					$arr[$x]['name'] = $apps[$arr[$x]['name']];
 				}
 			}
 		}
 	}
@@ -255,6 +273,7 @@ class Apps {
 		 *    list: normal mode for viewing an app on the app page
 		 *       no buttons are shown
 		 *    edit: viewing the app page in editing mode provides a delete button
 		 *    nav: render apps for app-bin
 		 */
 		$installed = false;
@@ -267,14 +286,20 @@ class Apps {
 		self::translate_system_apps($papp);
 		if(trim($papp['plugin']) && (! plugin_is_installed(trim($papp['plugin']))))
 			return '';
 		$papp['papp'] = self::papp_encode($papp);
 		if(! strstr($papp['url'],'://'))
 			$papp['url'] = z_root() . ((strpos($papp['url'],'/') === 0) ? '' : '/') . $papp['url'];
 		foreach($papp as $k => $v) {
-			if(strpos($v,'http') === 0 && $k != 'papp')
+			if(strpos($v,'http') === 0 && $k != 'papp') {
 				if(! (local_channel() && strpos($v,z_root()) === 0)) {
 					$papp[$k] = zid($v);
 				}
 			}
 			if($k === 'desc')
 				$papp['desc'] = str_replace(array('\'','"'),array('&#39;','&dquot;'),$papp['desc']);
@@ -332,14 +357,24 @@ class Apps {
 		}
 		$install_action = (($installed) ? t('Update') : t('Install'));
 		$icon = ((strpos($papp['photo'],'icon:') === 0) ? substr($papp['photo'],5) : '');
 		return replace_macros(get_markup_template('app.tpl'),array(
 			'$app' => $papp,
 			'$icon' => $icon,
 			'$hosturl' => $hosturl,
 			'$purchase' => (($papp['page'] && (! $installed)) ? t('Purchase') : ''),
 			'$install' => (($hosturl && $mode == 'view') ? $install_action : ''),
 			'$edit' => ((local_channel() && $installed && $mode == 'edit') ? t('Edit') : ''),
-			'$delete' => ((local_channel() && $installed && $mode == 'edit') ? t('Delete') : '')
+			'$delete' => ((local_channel() && $installed && $mode == 'edit') ? t('Delete') : ''),
 			'$undelete' => ((local_channel() && $installed && $mode == 'edit') ? t('Undelete') : ''),
 			'$deleted' => $papp['deleted'],
 			'$feature' => (($papp['embed']) ? false : true),
 			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
 			'$navapps' => (($mode == 'nav') ? true : false),
 			'$order' => (($mode == 'nav-order') ? true : false),
 			'$add' => t('Add to app-tray'),
 			'$remove' => t('Remove from app-tray')
 		));
 	}
@@ -359,7 +394,7 @@ class Apps {
 			if($r) {
 				if(! $r[0]['app_system']) {
 					if($app['categories'] && (! $app['term'])) {
-						$r[0]['term'] = q("select * from term where otype = %d and oid = d",
+						$r[0]['term'] = q("select * from term where otype = %d and oid = %d",
 							intval(TERM_OBJ_APP),
 							intval($r[0]['id'])
 						);
@@ -382,6 +417,7 @@ class Apps {
 				intval($uid)
 			);
 			if($x) {
 				if(! intval($x[0]['app_deleted'])) {
 					$x[0]['app_deleted'] = 1;
 					q("delete from term where otype = %d and oid = %d",
 						intval(TERM_OBJ_APP),
@@ -403,15 +439,60 @@ class Apps {
 						build_sync_packet($uid,array('app' => $x));
 					}
 				}
 				else {
 					self::app_undestroy($uid,$app);
 				}
 			}
 		}
 	}
 	static public function app_undestroy($uid,$app) {
 		// undelete a system app
 		if($uid && $app['guid']) {
 			$x = q("select * from app where app_id = '%s' and app_channel = %d limit 1",
 				dbesc($app['guid']),
 				intval($uid)
 			);
 			if($x) {
 				if($x[0]['app_system']) {
 					$r = q("update app set app_deleted = 0 where app_id = '%s' and app_channel = %d",
 						dbesc($app['guid']),
 						intval($uid)
 					);
 				}
 			}
 		}
 	}
 	static public function app_feature($uid,$app) {
 		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
 			dbesc($app['guid']),
 			intval($uid)
 		);
 		$x = q("select * from term where otype = %d and oid = %d and term = 'nav_featured_app' limit 1",
 			intval(TERM_OBJ_APP),
 			intval($r[0]['id'])
 		);
 		if($x) {
 			q("delete from term where otype = %d and oid = %d and term = 'nav_featured_app'",
 				intval(TERM_OBJ_APP),
 				intval($x[0]['oid'])
 			);
 		}
 		else {
 			store_item_tag($uid,$r[0]['id'],TERM_OBJ_APP,TERM_CATEGORY,'nav_featured_app',escape_tags(z_root() . '/apps/?f=&cat=nav_featured_app'));
 		}
 	}
 	static public function app_installed($uid,$app) {
-		$r = q("select id from app where app_id = '%s' and app_version = '%s' and app_channel = %d limit 1",
+		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
 			dbesc((array_key_exists('guid',$app)) ? $app['guid'] : ''), 
 			dbesc((array_key_exists('version',$app)) ? $app['version'] : ''), 
 			intval($uid)
 		);
 		return(($r) ? true : false);
@@ -421,7 +502,7 @@ class Apps {
 	static public function app_list($uid, $deleted = false, $cat = '') {
 		if($deleted) 
-			$sql_extra = " and app_deleted = 1 ";
+			$sql_extra = "";
 		else
 			$sql_extra = " and app_deleted = 0 ";
@@ -445,6 +526,7 @@ class Apps {
 		$r = q("select * from app where app_channel = %d $sql_extra order by app_name asc",
 			intval($uid)
 		);
 		if($r) {
 			for($x = 0; $x < count($r); $x ++) {
 				if(! $r[$x]['app_system'])
@@ -455,9 +537,133 @@ class Apps {
 				);
 			}
 		}
 		return($r);
 	}
 	static public function app_order($uid,$apps) {
 		if(! $apps)
 			return $apps;
 		$x = (($uid) ? get_pconfig($uid,'system','app_order') : get_config('system','app_order'));
 		if(($x) && (! is_array($x))) {
 			$y = explode(',',$x);
 			$y = array_map('trim',$y);
 			$x = $y;
 		}
 		if(! (is_array($x) && ($x)))
 			return $apps;
 		$ret = [];
 		foreach($x as $xx) {
 			$y = self::find_app_in_array($xx,$apps);
 			if($y) {
 				$ret[] = $y;
 			}
 		}
 		foreach($apps as $ap) {
 			if(! self::find_app_in_array($ap['name'],$ret)) {
 				$ret[] = $ap;
 			}
 		}
 		return $ret;
 	}
 	static function find_app_in_array($name,$arr) {
 		if(! $arr)
 			return false;
 		foreach($arr as $x) {
 			if($x['name'] === $name) {
 					return $x;
 			}
 		}
 		return false;
 	}
 	static function moveup($uid,$guid) {
 		$syslist = array();
 		$list = self::app_list($uid, false, 'nav_featured_app');
 		if($list) {
 			foreach($list as $li) {
 				$syslist[] = self::app_encode($li);
 			}
 		}
 		self::translate_system_apps($syslist);
 		usort($syslist,'self::app_name_compare');
 		$syslist = self::app_order($uid,$syslist);
 		if(! $syslist)
 			return;
 		$newlist = [];
 		foreach($syslist as $k => $li) {
 			if($li['guid'] === $guid) {
 				$position = $k;
 				break;
 			}
 		}
 		if(! $position)
 			return;
 		$dest_position = $position - 1;
 		$saved = $syslist[$dest_position];
 		$syslist[$dest_position] = $syslist[$position];
 		$syslist[$position] = $saved;
 		$narr = [];
 		foreach($syslist as $x) {
 			$narr[] = $x['name'];
 		}
 		set_pconfig($uid,'system','app_order',implode(',',$narr));
 	}
 	static function movedown($uid,$guid) {
 		$syslist = array();
 		$list = self::app_list($uid, false, 'nav_featured_app');
 		if($list) {
 			foreach($list as $li) {
 				$syslist[] = self::app_encode($li);
 			}
 		}
 		self::translate_system_apps($syslist);
 		usort($syslist,'self::app_name_compare');
 		$syslist = self::app_order($uid,$syslist);
 		if(! $syslist)
 			return;
 		$newlist = [];
 		foreach($syslist as $k => $li) {
 			if($li['guid'] === $guid) {
 				$position = $k;
 				break;
 			}
 		}
 		if($position >= count($syslist) - 1)
 			return;
 		$dest_position = $position + 1;
 		$saved = $syslist[$dest_position];
 		$syslist[$dest_position] = $syslist[$position];
 		$syslist[$position] = $saved;
 		$narr = [];
 		foreach($syslist as $x) {
 			$narr[] = $x['name'];
 		}
 		set_pconfig($uid,'system','app_order',implode(',',$narr));
 	}
 	static public function app_decode($s) {
 		$x = base64_decode(str_replace(array('<br />',"\r","\n",' '),array('','','',''),$s));
@@ -467,7 +673,7 @@ class Apps {
 	static public function app_store($arr) {
-		// logger('app_store: ' . print_r($arr,true));
+		//logger('app_store: ' . print_r($arr,true));
 		$darray = array();
 		$ret = array('success' => false);
@@ -478,7 +684,7 @@ class Apps {
 		if((! $darray['app_url']) || (! $darray['app_channel']))
 			return $ret;
-		if($arr['photo'] && ! strstr($arr['photo'],z_root())) {
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
 			$x = import_xchan_photo($arr['photo'],get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
@@ -494,13 +700,14 @@ class Apps {
 		$darray['app_addr']     = ((x($arr,'addr'))     ? escape_tags($arr['addr']) : '');
 		$darray['app_price']    = ((x($arr,'price'))    ? escape_tags($arr['price']) : '');
 		$darray['app_page']     = ((x($arr,'page'))     ? escape_tags($arr['page']) : '');
 		$darray['app_plugin']   = ((x($arr,'plugin'))   ? escape_tags(trim($arr['plugin'])) : '');
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
 		$created = datetime_convert();
-		$r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_deleted ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
+		$r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_plugin, app_deleted ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', %d )",
 			dbesc($darray['app_id']),
 			dbesc($darray['app_sig']),
 			dbesc($darray['app_author']),
@@ -517,6 +724,7 @@ class Apps {
 			dbesc($created),
 			dbesc($created),
 			intval($darray['app_system']),
 			dbesc($darray['app_plugin']),
 			intval($darray['app_deleted'])
 		);
 		if($r) {
@@ -545,6 +753,7 @@ class Apps {
 	static public function app_update($arr) {
 		//logger('app_update: ' . print_r($arr,true));
 		$darray = array();
 		$ret = array('success' => false);
@@ -555,7 +764,7 @@ class Apps {
 		if((! $darray['app_url']) || (! $darray['app_channel']) || (! $darray['app_id']))
 			return $ret;
-		if($arr['photo'] && ! strstr($arr['photo'],z_root())) {
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
 			$x = import_xchan_photo($arr['photo'],get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
@@ -569,13 +778,14 @@ class Apps {
 		$darray['app_addr']     = ((x($arr,'addr')) ? escape_tags($arr['addr']) : '');
 		$darray['app_price']    = ((x($arr,'price')) ? escape_tags($arr['price']) : '');
 		$darray['app_page']     = ((x($arr,'page')) ? escape_tags($arr['page']) : '');
 		$darray['app_plugin']   = ((x($arr,'plugin')) ? escape_tags(trim($arr['plugin'])) : '');
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
 		$edited = datetime_convert();
-		$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_deleted = %d where app_id = '%s' and app_channel = %d",
+		$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_plugin = '%s', app_deleted = %d where app_id = '%s' and app_channel = %d",
 			dbesc($darray['app_sig']),
 			dbesc($darray['app_author']),
 			dbesc($darray['app_name']),
@@ -589,6 +799,7 @@ class Apps {
 			dbesc($darray['app_requires']),
 			dbesc($edited),
 			intval($darray['app_system']),
 			dbesc($darray['app_plugin']),
 			intval($darray['app_deleted']),
 			dbesc($darray['app_id']),
 			intval($darray['app_channel'])
@@ -655,6 +866,9 @@ class Apps {
 		if($app['app_photo'])
 			$ret['photo'] = $app['app_photo'];
 		if($app['app_icon'])
 			$ret['icon'] = $app['app_icon'];
 		if($app['app_version'])
 			$ret['version'] = $app['app_version'];
@@ -673,6 +887,9 @@ class Apps {
 		if($app['app_system'])
 			$ret['system'] = $app['app_system'];
 		if($app['app_plugin'])
 			$ret['plugin'] = trim($app['app_plugin']);
 		if($app['app_deleted'])
 			$ret['deleted'] = $app['app_deleted'];
@@ -690,6 +907,8 @@ class Apps {
 		if(! $embed)
 			return $ret;
 		$ret['embed'] = true;
 		if(array_key_exists('categories',$ret))
 			unset($ret['categories']);
--- a/Zotlabs/Lib/Cache.php
+++ b/Zotlabs/Lib/Cache.php
@@ -9,10 +9,10 @@ namespace Zotlabs\Lib;
 class Cache {
 	public static function get($key) {
-		$key = substr($key,0,254);
+		$hash = hash('whirlpool',$key);
 		$r = q("SELECT v FROM cache WHERE k = '%s' limit 1",
-			dbesc($key)
+			dbesc($hash)
 		);
 		if ($r)
@@ -22,20 +22,20 @@ class Cache {
 	public static function set($key,$value) {
-		$key = substr($key,0,254);
+		$hash = hash('whirlpool',$key);
 		$r = q("SELECT * FROM cache WHERE k = '%s' limit 1",
-			dbesc($key)
+			dbesc($hash)
 		);
 		if($r) {
 			q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s'",
 				dbesc($value),
 				dbesc(datetime_convert()),
-				dbesc($key));
+				dbesc($hash));
 		}
 		else {
 			q("INSERT INTO cache ( k, v, updated) VALUES ('%s','%s','%s')",
-				dbesc($key),
+				dbesc($hash),
 				dbesc($value),
 				dbesc(datetime_convert()));
 		}
--- a/Zotlabs/Lib/Config.php
+++ b/Zotlabs/Lib/Config.php
@@ -53,7 +53,7 @@ class Config {
 		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
-		if(get_config($family, $key) === false || (! self::get_from_storage($family, $key))) {
+		if(self::Get($family, $key) === false || (! self::get_from_storage($family, $key))) {
 			$ret = q("INSERT INTO config ( cat, k, v ) VALUES ( '%s', '%s', '%s' ) ",
 				dbesc($family),
 				dbesc($key),
@@ -98,13 +98,13 @@ class Config {
 	 * @return mixed Return value or false on error or if not set
 	 */
-	static public function Get($family,$key) {
+	static public function Get($family,$key,$default = false) {
 		if((! array_key_exists($family, \App::$config)) || (! array_key_exists('config_loaded', \App::$config[$family])))
 			self::Load($family);
 		if(array_key_exists('config_loaded', \App::$config[$family])) {
 			if(! array_key_exists($key, \App::$config[$family])) {
-				return false;		
+				return $default;		
 			}
 			return ((! is_array(\App::$config[$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$family][$key])) 
 				? unserialize(\App::$config[$family][$key])
@@ -112,7 +112,7 @@ class Config {
 			);
 		}
-		return false;
+		return $default;
 	}
 	/**
--- a/Zotlabs/Lib/DB_Upgrade.php
+++ b/Zotlabs/Lib/DB_Upgrade.php
@@ -0,0 +1,121 @@
 <?php
 namespace Zotlabs\Lib;
 class DB_Upgrade {
 	public $config_name = '';
 	public $func_prefix = '';
 	function __construct($db_revision) {
 		$platform_name = System::get_platform_name();
 		$update_file = 'install/' . $platform_name . '/update.php';
 		if(! file_exists($update_file)) {
 			$update_file = 'install/update.php';
 			$this->config_name = 'db_version';
 			$this->func_prefix = 'update_r';
 		}
 		else {
 			$this->config_name = $platform_name . '_db_version';
 			$this->func_prefix = $platform_name . '_update_';
 		}
 		$build = get_config('system', $this->config_name, 0);
 		if(! intval($build))
 			$build = set_config('system', $this->config_name, $db_revision);
 		if($build == $db_revision) {
 			// Nothing to be done.
 			return;
 		}
 		else {
 			$stored = intval($build);
 			if(! $stored) {
 				logger('Critical: check_config unable to determine database schema version');
 				return;
 			}
 			$current = intval($db_revision);
 			if(($stored < $current) && file_exists($update_file)) {
 				Config::Load('database');
 				// We're reporting a different version than what is currently installed.
 				// Run any existing update scripts to bring the database up to current.
 				require_once($update_file);
 				// make sure that boot.php and update.php are the same release, we might be
 				// updating from git right this very second and the correct version of the update.php
 				// file may not be here yet. This can happen on a very busy site.
 				if($db_revision == UPDATE_VERSION) {
 					for($x = $stored; $x < $current; $x ++) {
 						$func = $this->func_prefix . $x;
 						if(function_exists($func)) {
 							// There could be a lot of processes running or about to run.
 							// We want exactly one process to run the update command.
 							// So store the fact that we're taking responsibility
 							// after first checking to see if somebody else already has.
 							// If the update fails or times-out completely you may need to
 							// delete the config entry to try again.
 							if(get_config('database', $func))
 								break;
 							set_config('database',$func, '1');
 							// call the specific update
 							$retval = $func();
 							if($retval) {
 								// Prevent sending hundreds of thousands of emails by creating
 								// a lockfile.  
 								$lockfile = 'store/[data]/mailsent';
 								if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 86400)))
 									return;
 								@unlink($lockfile);
 								//send the administrator an e-mail
 								file_put_contents($lockfile, $x);
 								$r = q("select account_language from account where account_email = '%s' limit 1",
 									dbesc(\App::$config['system']['admin_email'])
 								);
 								push_lang(($r) ? $r[0]['account_language'] : 'en');
 								z_mail(
 									[
 										'toEmail'        => \App::$config['system']['admin_email'],
 										'messageSubject' => sprintf( t('Update Error at %s'), z_root()),
 										'textVersion'    => replace_macros(get_intltext_template('update_fail_eml.tpl'), 
 											[
 												'$sitename' => \App::$config['system']['sitename'],
 												'$siteurl' =>  z_root(),
 												'$update' => $x,
 												'$error' => sprintf( t('Update %s failed. See error logs.'), $x)
 											]
 										)
 									]
 								);
 								//try the logger
 								logger('CRITICAL: Update Failed: ' . $x);
 								pop_lang();
 							}
 							else {
 								set_config('database',$func, 'success');
 							}
 						}
 					}
 					set_config('system', $this->config_name, $db_revision);
 				}
 			}
 		}
 	}
 }
--- a/Zotlabs/Lib/Enotify.php
+++ b/Zotlabs/Lib/Enotify.php
@@ -77,16 +77,13 @@ class Enotify {
 		$sender_email = get_config('system','from_email');
 		if(! $sender_email)
-			$sender_email = 'Administrator' . '@' . \App::get_hostname();
+			$sender_email = 'Administrator' . '@' . $hostname;
 		$sender_name = get_config('system','from_email_name');
 		if(! $sender_name)
 			$sender_name = \Zotlabs\Lib\System::get_site_name();
 		$additional_mail_header = "";
 		if(array_key_exists('item', $params)) {
@@ -105,6 +102,10 @@ class Enotify {
 				$title = $params['item']['title'];
 				$body = $params['item']['body'];
 			}
 			if($params['item']['created'] < datetime_convert('UTC','UTC','now - 1 month')) {
 				logger('notification invoked for an old item which may have been refetched.',LOGGER_DEBUG,LOG_INFO);
 				return;
 			}
 		} 
 		else {
 			$title = $body = '';
@@ -169,6 +170,7 @@ class Enotify {
 		xchan_query($p);
 		$moderated = (($p[0]['item_blocked'] == ITEM_MODERATED) ? true : false);
 		$item_post_type = item_post_type($p[0]);
 //		$private = $p[0]['item_private'];
@@ -207,6 +209,9 @@ class Enotify {
 		// Before this we have the name of the replier on the subject rendering 
 		// differents subjects for messages on the same thread.
 		if($moderated)
 			$subject = sprintf( t('[$Projectname:Notify] Moderated Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		else
 			$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); 
 		$epreamble = $dest_str; 
@@ -214,8 +219,92 @@ class Enotify {
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
 		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
 		if($moderated) {
 			$tsitelink .= "\n\n" . sprintf( t('Please visit %s to approve or reject this comment.'), z_root() . '/moderate' );
 			$hsitelink .= "<br><br>" . sprintf( t('Please visit %s to approve or reject this comment.'), '<a href="' . z_root() . '/moderate">' . z_root() . '/moderate</a>' );
 		}
 	}
 	if ($params['type'] == NOTIFY_LIKE) {
 //		logger("notification: params = " . print_r($params, true), LOGGER_DEBUG);
 		$itemlink =  $params['link'];
 		// ignore like/unlike activity on posts - they probably require a separate notification preference
 		if (array_key_exists('item',$params) && (! activity_match($params['item']['verb'],ACTIVITY_LIKE))) {
 			logger('notification: not a like activity. Ignoring.');
 			pop_lang();
 			return;
 		}
 		$parent_mid = $params['parent_mid'];
 		// Check to see if there was already a notify for this post.
 		// If so don't create a second notification
 		$p = null;
 		$p = q("select id from notify where link = '%s' and uid = %d limit 1",
 			dbesc($params['link']),
 			intval($recip['channel_id'])
 		);
 		if ($p) {
 			logger('notification: like already notified');
 			pop_lang();
 			return;
 		}
 		// if it's a post figure out who's post it is.
 		$p = null;
 		if($params['otype'] === 'item' && $parent_mid) {
 			$p = q("select * from item where mid = '%s' and uid = %d limit 1",
 				dbesc($parent_mid),
 				intval($recip['channel_id'])
 			);
 		}
 		xchan_query($p);
 		$item_post_type = item_post_type($p[0]);
 //		$private = $p[0]['item_private'];
 		$parent_id = $p[0]['id'];
 		$parent_item = $p[0];
 		// "your post"
 		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
 			$dest_str = sprintf(t('%1$s, %2$s liked [zrl=%3$s]your %4$s[/zrl]'),
 				$recip['channel_name'],
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$itemlink,
 				$item_post_type);
 		else {
 			pop_lang();
 			return;
 		}
 		// Some mail softwares relies on subject field for threading.
 		// So, we cannot have different subjects for notifications of the same thread.
 		// Before this we have the name of the replier on the subject rendering 
 		// differents subjects for messages on the same thread.
 		$subject = sprintf( t('[$Projectname:Notify] Like received to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s, %2$s liked an item/conversation you created.'), $recip['channel_name'], $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
 		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
 	}
 	if($params['type'] == NOTIFY_WALL) {
 		$subject = sprintf( t('[$Projectname:Notify] %s posted to your profile wall') , $sender['xchan_name']);
@@ -364,7 +453,7 @@ class Enotify {
 	do {
 		$dups = false;
 		$hash = random_string();
-		$r = q("SELECT `id` FROM `notify` WHERE `hash` = '%s' LIMIT 1",
+		$r = q("SELECT id FROM notify WHERE hash = '%s' LIMIT 1",
 			dbesc($hash));
 		if ($r)
 			$dups = true;
@@ -415,13 +504,14 @@ class Enotify {
 		}
 	}
-	$r = q("insert into notify (hash,xname,url,photo,created,aid,uid,link,parent,seen,ntype,verb,otype)
+	$r = q("insert into notify (hash,xname,url,photo,created,msg,aid,uid,link,parent,seen,ntype,verb,otype)
-		values('%s','%s','%s','%s','%s',%d,%d,'%s','%s',%d,%d,'%s','%s')",
+		values('%s','%s','%s','%s','%s','%s',%d,%d,'%s','%s',%d,%d,'%s','%s')",
 		dbesc($datarray['hash']),
 		dbesc($datarray['xname']),
 		dbesc($datarray['url']),
 		dbesc($datarray['photo']),
 		dbesc($datarray['created']),
 		dbesc(''),      // will fill this in below after the record is created
 		intval($datarray['aid']),
 		intval($datarray['uid']),
 		dbesc($datarray['link']),
@@ -633,7 +723,7 @@ class Enotify {
 		call_hooks('email_send', $params);
 		if($params['sent']) {
-			logger("notification: enotify::send (addon) returns " . $params['result'], LOGGER_DEBUG);
+			logger("notification: enotify::send (addon) returns " . (($params['result']) ? 'success' : 'failure'), LOGGER_DEBUG);
 			return $params['result'];
 		}
@@ -676,7 +766,7 @@ class Enotify {
 			$multipartMessageBody,							// message body
 			$messageHeader									// message headers
 		);
-		logger("notification: enotify::send returns " . $res, LOGGER_DEBUG);
+		logger("notification: enotify::send returns " . (($res) ? 'success' : 'failure'), LOGGER_DEBUG);
 		return $res;
 	}
--- a/Zotlabs/Lib/IConfig.php
+++ b/Zotlabs/Lib/IConfig.php
@@ -10,7 +10,7 @@ class IConfig {
 		return;
 	}
-	static public function Get(&$item, $family, $key) {
+	static public function Get(&$item, $family, $key, $default = false) {
 		$is_item = false;
@@ -28,7 +28,7 @@ class IConfig {
 			$iid = $item;
 		if(! $iid)
-			return false;
+			return $default;
 		if(is_array($item) && array_key_exists('iconfig',$item) && is_array($item['iconfig'])) {
 			foreach($item['iconfig'] as $c) {
@@ -48,7 +48,7 @@ class IConfig {
 				$item['iconfig'][] = $r[0];
 			return $r[0]['v'];
 		}
-		return false;
+		return $default;
 	}
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -0,0 +1,103 @@
 <?php
 namespace Zotlabs\Lib;
 /**
 * MarkdownSoap
 * Purify Markdown for storage
 *   $x = new MarkdownSoap($string_to_be_cleansed);
 *   $text = $x->clean();
 *
 * What this does:
 * 1. extracts code blocks and privately escapes them from processing
 * 2. Run html purifier on the content
 * 3. put back the code blocks
 * 4. run htmlspecialchars on the entire content for safe storage
 *
 * At render time: 
 *    $markdown = \Zotlabs\Lib\MarkdownSoap::unescape($text);
 *    $html = \Michelf\MarkdownExtra::DefaultTransform($markdown);
 */
 class MarkdownSoap {
 	private $token;
 	private $str;
 	function __construct($s) {
 		$this->str  = $s;
 		$this->token = random_string(20);
 	}
 	function clean() {
 		$x = $this->extract_code($this->str);
 		$x = $this->purify($x);
 		$x = $this->putback_code($x);		
 		$x = $this->escape($x);
 		return $x;
 	}
 	function extract_code($s) {
 		$text = preg_replace_callback('{
 					(?:\n\n|\A\n?)
 					(	            # $1 = the code block -- one or more lines, starting with a space/tab
 					  (?>
 						[ ]{'.'4'.'}  # Lines must start with a tab or a tab-width of spaces
 						.*\n+
 					  )+
 					)
 					((?=^[ ]{0,'.'4'.'}\S)|\Z)	# Lookahead for non-space at line-start, or end of doc
 				}xm',
 				[ $this , 'encode_code' ], $s);
 		return $text;
 	}
 	function encode_code($matches) {
 		return $this->token . ';' . base64_encode($matches[0]) . ';' ;
 	}
 	function decode_code($matches) {
 		return base64_decode($matches[1]);
 	}
 	function putback_code($s) {
 		$text = preg_replace_callback('{' . $this->token . '\;(.*?)\;}xm',[ $this, 'decode_code' ], $s);
 		return $text;
 	}
 	function purify($s) {
 		$s = $this->protect_autolinks($s);
 		$s = purify_html($s);
 		$s = $this->unprotect_autolinks($s);
 		return $s;
 	}
 	function protect_autolinks($s) {
 		$s = preg_replace('/\<(https?\:\/\/)(.*?)\>/','[$1$2]($1$2)',$s);
 		return $s;
 	}
 	function unprotect_autolinks($s) {
 		return $s;
 	}
 	function escape($s) {
 		return htmlspecialchars($s,ENT_QUOTES);
 	}
 	static public function unescape($s) {
 		return htmlspecialchars_decode($s,ENT_QUOTES);
 	}
 }
--- a/Zotlabs/Lib/NativeWiki.php
+++ b/Zotlabs/Lib/NativeWiki.php
@@ -0,0 +1,210 @@
 <?php
 namespace Zotlabs\Lib;
 define ( 'NWIKI_ITEM_RESOURCE_TYPE', 'nwiki' );
 class NativeWiki {
 	static public function listwikis($channel, $observer_hash) {
 		$sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash);
 		$wikis = q("SELECT * FROM item 
 			WHERE resource_type = '%s' AND mid = parent_mid AND uid = %d AND item_deleted = 0 $sql_extra", 
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
 			intval($channel['channel_id'])
 		);
 		if($wikis) {
 			foreach($wikis as &$w) {
 				$w['rawName']  = get_iconfig($w, 'wiki', 'rawName');
 				$w['htmlName'] = escape_tags($w['rawName']);
 				$w['urlName']  = urlencode(urlencode($w['rawName']));
 				$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
 				$w['lock']     = (($w['item_private'] || $w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? true : false);
 			}
 		}
 		// TODO: query db for wikis the observer can access. Return with two lists, for read and write access
 		return array('wikis' => $wikis);
 	}
 	function create_wiki($channel, $observer_hash, $wiki, $acl) {
 		// Generate unique resource_id using the same method as item_message_id()
 		do {
 			$dups = false;
 			$resource_id = random_string();
 			$r = q("SELECT mid FROM item WHERE resource_id = '%s' AND resource_type = '%s' AND uid = %d LIMIT 1", 
 				dbesc($resource_id), 
 				dbesc(NWIKI_ITEM_RESOURCE_TYPE),
 				intval($channel['channel_id'])
 			);
 			if($r)
 				$dups = true;
 		} while($dups == true);
 		$ac = $acl->get();
 		$mid = item_message_id();
 		$arr = array();	// Initialize the array of parameters for the post
 		$item_hidden = ((intval($wiki['postVisible']) === 0) ? 1 : 0); 
 		$wiki_url = z_root() . '/wiki/' . $channel['channel_address'] . '/' . $wiki['urlName'];
 		$arr['aid'] = $channel['channel_account_id'];
 		$arr['uid'] = $channel['channel_id'];
 		$arr['mid'] = $mid;
 		$arr['parent_mid'] = $mid;
 		$arr['item_hidden'] = $item_hidden;
 		$arr['resource_type'] = NWIKI_ITEM_RESOURCE_TYPE;
 		$arr['resource_id'] = $resource_id;
 		$arr['owner_xchan'] = $channel['channel_hash'];
 		$arr['author_xchan'] = $observer_hash;
 		$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']);
 		$arr['llink'] = $arr['plink'];
 		$arr['title'] = $wiki['htmlName'];  // name of new wiki;
 		$arr['allow_cid'] = $ac['allow_cid'];
 		$arr['allow_gid'] = $ac['allow_gid'];
 		$arr['deny_cid'] = $ac['deny_cid'];
 		$arr['deny_gid'] = $ac['deny_gid'];
 		$arr['item_wall'] = 1;
 		$arr['item_origin'] = 1;
 		$arr['item_thread_top'] = 1;
 		$arr['item_private'] = intval($acl->is_private());
 		$arr['verb'] = ACTIVITY_CREATE;
 		$arr['obj_type'] = ACTIVITY_OBJ_WIKI;
 		$arr['body'] = '[table][tr][td][h1]New Wiki[/h1][/td][/tr][tr][td][zrl=' . $wiki_url . ']' . $wiki['htmlName'] . '[/zrl][/td][/tr][/table]';
 		$arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_wiki'),true);
 		// Save the wiki name information using iconfig. This is shareable.
 		if(! set_iconfig($arr, 'wiki', 'rawName', $wiki['rawName'], true)) {
 			return array('item' => null, 'success' => false);
 		}
 		if(! set_iconfig($arr, 'wiki', 'mimeType', $wiki['mimeType'], true)) {
 			return array('item' => null, 'success' => false);
 		}
 		$post = item_store($arr);
 		$item_id = $post['item_id'];
 		if($item_id) {
 			\Zotlabs\Daemon\Master::Summon(array('Notifier', 'activity', $item_id));
 			return array('item' => $post['item'], 'item_id' => $item_id, 'success' => true);
 		}
 		else {
 			return array('item' => null, 'success' => false);
 		}
 	}
 	static public function sync_a_wiki_item($uid,$id,$resource_id) {
 		$r = q("SELECT * from item WHERE uid = %d AND ( id = %d OR ( resource_type = '%s' and resource_id = '%s' )) ",
 			intval($uid),
 			intval($id),
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
 			dbesc($resource_id)
 		);
 		if($r) {
 			xchan_query($r);
 			$sync_item = fetch_post_tags($r);
 			build_sync_packet($uid,array('wiki' => array(encode_item($sync_item[0],true))));
 		}
 	}
 	function delete_wiki($channel_id,$observer_hash,$resource_id) {
 		$w = self::get_wiki($channel_id,$observer_hash,$resource_id);
 		$item = $w['wiki'];
 		if(! $item) {
 			return array('item' => null, 'success' => false);
 		} 
 		else {
 			$drop = drop_item($item['id'], false, DROPITEM_NORMAL, true);
 		}
 		info( t('Wiki files deleted successfully'));
 		return array('item' => $item, 'item_id' => $item['id'], 'success' => (($drop === 1) ? true : false));
 	}
 	static public function get_wiki($channel_id, $observer_hash, $resource_id) {
 		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
 		$item = q("SELECT * FROM item WHERE uid = %d AND resource_type = '%s' AND resource_id = '%s' AND item_deleted = 0 
 			$sql_extra limit 1",
 			intval($channel_id), 
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
 			dbesc($resource_id)
 		);
 		if(! $item) {
 			return array('wiki' => null);
 		}
 		else {
 			$w = $item[0];	// wiki item table record
 			// Get wiki metadata
 			$rawName  = get_iconfig($w, 'wiki', 'rawName');
 			$mimeType = get_iconfig($w, 'wiki', 'mimeType');
 			return array(
 				'wiki' => $w,
 				'rawName' => $rawName,
 				'htmlName' => escape_tags($rawName),
 				'urlName' => urlencode(urlencode($rawName)),
 				'mimeType' => $mimeType
 			);
 		}
 	}
 	static public function exists_by_name($uid, $urlName) {
 		$sql_extra = item_permissions_sql($uid);		
 		$item = q("SELECT item.id, resource_id FROM item left join iconfig on iconfig.iid = item.id 
 			WHERE resource_type = '%s' AND iconfig.v = '%s' AND uid = %d 
 			AND item_deleted = 0 $sql_extra limit 1", 
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE), 
 			dbesc(urldecode($urlName)), 
 			intval($uid)
 		);
 		if($item) {
 			return array('id' => $item[0]['id'], 'resource_id' => $item[0]['resource_id']);
 		} 
 		else {
 			return array('id' => null, 'resource_id' => null);
 		}
 	}
 	static public function get_permissions($resource_id, $owner_id, $observer_hash) {
 		// TODO: For now, only the owner can edit
 		$sql_extra = item_permissions_sql($owner_id, $observer_hash);
 		if(local_channel() && local_channel() == $owner_id) {
 			return [ 'read' => true, 'write' => true, 'success' => true ];
 		}
 		$r = q("SELECT * FROM item WHERE uid = %d and resource_type = '%s' AND resource_id = '%s' $sql_extra LIMIT 1",
 			intval($owner_id),
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE), 
 			dbesc($resource_id)
 		);
 		if(! $r) {
 			return array('read' => false, 'write' => false, 'success' => true);
 		}
 		else {
 			// TODO: Create a new permission setting for wiki analogous to webpages. Until
 			// then, use webpage permissions
 			$write = perm_is_allowed($owner_id, $observer_hash,'write_wiki');
 			return array('read' => true, 'write' => $write, 'success' => true);
 		}
 	}
 }
--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -0,0 +1,673 @@
 <?php
 namespace Zotlabs\Lib;
 use \Zotlabs\Lib as Zlib;
 class NativeWikiPage {
 	static public function page_list($channel_id,$observer_hash, $resource_id) {
 		// TODO: Create item table records for pages so that metadata like title can be applied
 		$w = Zlib\NativeWiki::get_wiki($channel_id,$observer_hash,$resource_id);
 		$pages[] = [
 			'resource_id' => '',
 			'title'       => 'Home',
 			'url'         => 'Home',
 			'link_id'     => 'id_wiki_home_0'
 		];
 		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
 		$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and item_deleted = 0 
 			$sql_extra order by created asc",
 			dbesc($resource_id),
 			intval($channel_id)
 		);
 		if($r) {
 			$x = [];
 			$y = [];
 			foreach($r as $rv) {
 				if(! in_array($rv['mid'],$x)) {
 					$y[] = $rv;
 					$x[] = $rv['mid'];
 				}
 			}
 			$items = fetch_post_tags($y,true);
 			foreach($items as $page_item) {
 				$title = get_iconfig($page_item['id'],'nwikipage','pagetitle',t('(No Title)'));
 				if(urldecode($title) !== 'Home') {
 					$pages[] = [
 						'resource_id' => $resource_id,
 						'title'       => escape_tags($title),
 						'url'         => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
 						'link_id'     => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
 					];
 				}
 			}
 		}
 		return array('pages' => $pages, 'wiki' => $w);
 	}
 	static public function create_page($channel_id, $observer_hash, $name, $resource_id) {
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (! $w['wiki']) {
 			return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
 		}
 		// create an empty activity
 		$arr = [];
 		$arr['uid']           = $channel_id;
 		$arr['author_xchan']  = $observer_hash;
 		$arr['resource_type'] = 'nwikipage';
 		$arr['resource_id']   = $resource_id;
 		$arr['allow_cid']     = $w['wiki']['allow_cid'];
 		$arr['allow_gid']     = $w['wiki']['allow_gid'];
 		$arr['deny_cid']      = $w['wiki']['deny_cid'];
 		$arr['deny_gid']      = $w['wiki']['deny_gid'];
 		$arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel_id,'view_wiki'),true);
 		// We may wish to change this some day.
 		$arr['item_unpublished'] = 1;
 		set_iconfig($arr,'nwikipage','pagetitle',(($name) ? $name : t('(No Title)')),true);
 		$p = post_activity_item($arr, false, false);
 		if($p['item_id']) {
 			$page = [ 
 				'rawName'  => $name,
 				'htmlName' => escape_tags($name),
 				'urlName'  => urlencode($name), 
 			];
 			return array('page' => $page, 'item_id' => $p['item_id'], 'item' => $p['activity'], 'wiki' => $w, 'message' => '', 'success' => true);
 		}
 		return [ 'success' => false, 'message' => t('Wiki page create failed.') ];
 	}
 	static public function rename_page($arr) {
 		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : '');
 		$pageNewName   = ((array_key_exists('pageNewName',$arr))   ? $arr['pageNewName']   : '');
 		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']   : '');
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if(! $w['wiki']) {
 			return array('message' => t('Wiki not found.'), 'success' => false);
 		}
 		$ic = q("select * from iconfig left join item on iconfig.iid = item.id 
 			where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
 			intval($channel_id),
 			dbesc($pageNewName)
 		);
 		if($ic) {
 			return [ 'success' => false, 'message' => t('Destination name already exists') ];
 		}
 		$ids = [];
 		$ic = q("select *, item.id as item_id from iconfig left join item on iconfig.iid = item.id 
 			where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
 			intval($channel_id),
 			dbesc($pageUrlName)
 		);
 		if($ic) {
 			foreach($ic as $c) {
 				set_iconfig($c['item_id'],'nwikipage','pagetitle',$pageNewName);
 			}
 			$page = [ 
 				'rawName'  => $pageNewName, 
 				'htmlName' => escape_tags($pageNewName), 
 				'urlName'  => urlencode(escape_tags($pageNewName))
 			];
 			return [ 'success' => true, 'page' => $page ];
 		}
 		return [ 'success' => false, 'item_id' => $c['item_id'], 'message' => t('Page not found') ];
 	}
 	static public function get_page_content($arr) {
 		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']        : '');
 		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']        : '');
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash']      : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? intval($arr['channel_id']) : 0);
 		$revision      = ((array_key_exists('revision',$arr))      ? intval($arr['revision'])   : (-1));
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (! $w['wiki']) {
 			return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
 		}
 		$item = self::load_page($arr);
 		if($item) {
 			$content = $item['body'];
 			return [ 
 				'content' => $content,
 				'mimeType' => $w['mimeType'], 
 				'message' => '', 
 				'success' => true
 			];
 		}
 		return array('content' => null, 'message' => t('Error reading page content'), 'success' => false);
 	}
 	static public function page_history($arr) {
 		$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
 		$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (!$w['wiki']) {
 			return array('history' => null, 'message' => 'Error reading wiki', 'success' => false);
 		}
 		$items = self::load_page_history($arr);
 		$history = [];
 		if($items) {
 			$processed = 0;
 			foreach($items as $item) {
 				if($processed > 1000)
 					break;
 				$processed ++;
 				$history[] = [ 
 					'revision' => $item['revision'],
 					'date' => datetime_convert('UTC',date_default_timezone_get(),$item['edited']),
 					'name' => $item['author']['xchan_name'],
 					'title' => get_iconfig($item,'nwikipage','commit_msg') 
 				];
 			}
 			return [ 'success' => true, 'history' => $history ];
 		}
 		return [ 'success' => false ];
 	}
 	static public function load_page($arr) {
 		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']     : '');
 		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']     : '');
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash']   : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']      : 0);
 		$revision      = ((array_key_exists('revision',$arr))      ? $arr['revision']        : (-1));
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (! $w['wiki']) {
 			return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
 		}
 		$ids = '';
 		$ic = q("select * from iconfig left join item on iconfig.iid = item.id where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
 			intval($channel_id),
 			dbesc($pageUrlName)
 		);
 		if($ic) {
 			foreach($ic as $c) {
 				if($ids)
 					$ids .= ',';
 				$ids .= intval($c['iid']);
 			}
 		}
 		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
 		if($revision == (-1))
 			$sql_extra .= " order by revision desc ";
 		elseif($revision)
 			$sql_extra .= " and revision = " . intval($revision) . " ";
 		$r = null;
 		if($ids) {
 			$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and id in ( $ids ) $sql_extra limit 1",
 				dbesc($resource_id),
 				intval($channel_id)
 			);
 			if($r) {
 				$items = fetch_post_tags($r,true);
 				return $items[0];
 			}
 		}
 		return null;
 	}
 	static public function load_page_history($arr) {
 		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']     : '');
 		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']     : '');
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash']   : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']      : 0);
 		$revision      = ((array_key_exists('revision',$arr))      ? $arr['revision']        : (-1));
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (! $w['wiki']) {
 			return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
 		}
 		$ids = '';
 		$ic = q("select * from iconfig left join item on iconfig.iid = item.id where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
 			intval($channel_id),
 			dbesc($pageUrlName)
 		);
 		if($ic) {
 			foreach($ic as $c) {
 				if($ids)
 					$ids .= ',';
 				$ids .= intval($c['iid']);
 			}
 		}
 		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
 		$sql_extra .= " order by revision desc ";
 		$r = null;
 		if($ids) {
 			$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and id in ( $ids ) and item_deleted = 0 $sql_extra",
 				dbesc($resource_id),
 				intval($channel_id)
 			);
 			if($r) {
 				xchan_query($r);
 				$items = fetch_post_tags($r,true);
 				return $items;
 			}
 		}
 		return null;
 	}
 	static public function save_page($arr) {
 		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : '');
 		$content       = ((array_key_exists('content',$arr))       ? $arr['content']       : '');
 		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']   : '');
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
 		$revision      = ((array_key_exists('revision',$arr))      ? $arr['revision']      : 0);
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (!$w['wiki']) {
 			return array('message' => t('Error reading wiki'), 'success' => false);
 		}
 		$mimetype = $w['mimeType'];
 		// fetch the most recently saved revision. 
 		$item = self::load_page($arr);
 		if(! $item) {
 			return array('message' => t('Page not found'), 'success' => false);
 		}
 		// change just the fields we need to change to create a revision; 
 		unset($item['id']);
 		unset($item['author']);
 		$item['parent']       = 0;
 		$item['body']         = $content;
 		$item['author_xchan'] = $observer_hash;
 		$item['revision']     = (($arr['revision']) ? intval($arr['revision']) + 1 : intval($item['revision']) + 1);
 		$item['edited']       = datetime_convert();
 		$item['mimetype']     = $mimetype;
 		if($item['iconfig'] && is_array($item['iconfig']) && count($item['iconfig'])) {
 			for($x = 0; $x < count($item['iconfig']); $x ++) {
 				unset($item['iconfig'][$x]['id']);
 				unset($item['iconfig'][$x]['iid']);
 			}
 		}
 		$ret = item_store($item, false, false);
 		if($ret['item_id'])
 			return array('message' => '', 'item_id' => $ret['item_id'], 'filename' => $filename, 'success' => true);
 		else
 			return array('message' => t('Page update failed.'), 'success' => false);
 	}	
 	static public function delete_page($arr) {
 		$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
 		$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if(! $w['wiki']) {
 			return [ 'success' => false, 'message' => t('Error reading wiki') ];
 		}
 		$ids = [];
 		$ic = q("select * from iconfig left join item on iconfig.iid = item.id 
 			where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
 			intval($channel_id),
 			dbesc($pageUrlName)
 		);
 		if($ic) {
 			foreach($ic as $c) {
 				$ids[] = intval($c['iid']);
 			}
 		}
 		if($ids) {
 			drop_items($ids);
 			return [ 'success' => true ];
 		}
 		return [ 'success' => false, 'message' => t('Nothing deleted') ];	
 	}
 	static public function revert_page($arr) {
 		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : '');
 		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']   : '');
 		$commitHash    = ((array_key_exists('commitHash',$arr))    ? $arr['commitHash']    : null);
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
 		if (! $commitHash) {
 			return array('content' => $content, 'message' => 'No commit was provided', 'success' => false);
 		}
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (!$w['wiki']) {
 			return array('content' => $content, 'message' => 'Error reading wiki', 'success' => false);
 		}
 		$x = $arr;
 		if(intval($commitHash) > 0) {
 			unset($x['commitHash']);
 			$x['revision'] = intval($commitHash) - 1;
 			$loaded = self::load_page($x);
 			if($loaded) {
 				$content = $loaded['body'];
 				return [ 'content' => $content, 'success' => true ];
 			}
 			return [ 'content' => $content, 'success' => false ]; 
 		}
 	}
 	static public function compare_page($arr) {
 		$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
 		$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
 		$currentCommit = ((array_key_exists('currentCommit',$arr)) ? $arr['currentCommit'] : (-1));
 		$compareCommit = ((array_key_exists('compareCommit',$arr)) ? $arr['compareCommit'] : 0);
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (!$w['wiki']) {
 			return array('message' => t('Error reading wiki'), 'success' => false);
 		}
 		$x = $arr;
 		$x['revision'] = (-1);
 		$currpage = self::load_page($x);
 		if($currpage)
 			$currentContent = $currpage['body'];
 		$x['revision'] = $compareCommit;
 		$comppage = self::load_page($x);
 		if($comppage)
 			$compareContent = $comppage['body'];
 		if($currpage && $comppage) {
 			require_once('library/class.Diff.php');
 			$diff = \Diff::toTable(\Diff::compare($currentContent, $compareContent));
 			return [ 'success' => true, 'diff' => $diff ];
 		}
 		return [ 'success' => false, 'message' =>  t('Compare: object not found.') ];
 	}
 	static public function commit($arr) {
 		$commit_msg    = ((array_key_exists('commit_msg', $arr))   ? $arr['commit_msg']    : t('Page updated'));
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
 		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : t('Untitled'));
 		if(array_key_exists('resource_id', $arr)) {
 			$resource_id = $arr['resource_id'];
 		}
 		else {
 			return array('message' => t('Wiki resource_id required for git commit'), 'success' => false);
 		}
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (! $w['wiki']) {
 			return array('message' => t('Error reading wiki'), 'success' => false);
 		}
 		$page = self::load_page($arr);
 		if($page) {
 			set_iconfig($page['id'],'nwikipage','commit_msg',escape_tags($commit_msg),true);
 			return [ 'success' => true, 'item_id' => $page['id'], 'page' => $page ];
 		}
 		return [ 'success' => false, 'message' => t('Page not found.') ];
 	}
 	static public function convert_links($s, $wikiURL) {
 		if (strpos($s,'[[') !== false) {
 			preg_match_all("/\[\[(.*?)\]\]/", $s, $match);
 			$pages = $pageURLs = array();
 			foreach ($match[1] as $m) {
 				// TODO: Why do we need to double urlencode for this to work?
 				$pageURLs[] = urlencode(urlencode(escape_tags($m)));
 				$pages[] = $m;
 			}
 			$idx = 0;
 			while(strpos($s,'[[') !== false) {
 			$replace = '<a href="'.$wikiURL.'/'.$pageURLs[$idx].'">'.$pages[$idx].'</a>';
 				$s = preg_replace("/\[\[(.*?)\]\]/", $replace, $s, 1);
 				$idx++;
 			}
 		}
 		return $s;
 	}
 	static public function render_page_history($arr) {
 		$pageUrlName = ((array_key_exists('pageUrlName', $arr)) ? $arr['pageUrlName'] : '');
 		$resource_id = ((array_key_exists('resource_id', $arr)) ? $arr['resource_id'] : '');
 		$pageHistory = self::page_history([
 			'channel_id'    => \App::$profile_uid, 
 			'observer_hash' => get_observer_hash(),
 			'resource_id'   => $resource_id,
 			'pageUrlName'   => $pageUrlName
 		]);
 		return replace_macros(get_markup_template('nwiki_page_history.tpl'), array(
 			'$pageHistory' => $pageHistory['history'],
 			'$permsWrite'  => $arr['permsWrite'],
 			'$name_lbl'    => t('Name'),
 			'$msg_label'   => t('Message','wiki_history')
 		));
 	}
 	/**
 	 * Replace the instances of the string [toc] with a list element that will be populated by
 	 * a table of contents by the JavaScript library
 	 * @param string $s
 	 * @return string
 	 */
 	static public function generate_toc($s) {
 		if (strpos($s,'[toc]') !== false) {
 			//$toc_md = wiki_toc($s);	// Generate Markdown-formatted list prior to HTML render
 			$toc_md = '<ul id="wiki-toc"></ul>'; // use the available jQuery plugin http://ndabas.github.io/toc/
 			$s = preg_replace("/\[toc\]/", $toc_md, $s, -1);
 		}
 		return $s;
 	}
 	/**
 	 *  Converts a select set of bbcode tags. Much of the code is copied from include/bbcode.php
 	 * @param string $s
 	 * @return string
 	 */
 	static public function bbcode($s) {
 		$s = str_replace(array('[baseurl]', '[sitename]'), array(z_root(), get_config('system', 'sitename')), $s);
 		$s = preg_replace_callback("/\[observer\.language\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_callback', $s);
 		$s = preg_replace_callback("/\[observer\.language\!\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_necallback', $s);
 		$observer = \App::get_observer();
 		if ($observer) {
 			$s1 = '<span class="bb_observer" title="' . t('Different viewers will see this text differently') . '">';
 			$s2 = '</span>';
 			$obsBaseURL = $observer['xchan_connurl'];
 			$obsBaseURL = preg_replace("/\/poco\/.*$/", '', $obsBaseURL);
 			$s = str_replace('[observer.baseurl]', $obsBaseURL, $s);
 			$s = str_replace('[observer.url]', $observer['xchan_url'], $s);
 			$s = str_replace('[observer.name]', $s1 . $observer['xchan_name'] . $s2, $s);
 			$s = str_replace('[observer.address]', $s1 . $observer['xchan_addr'] . $s2, $s);
 			$s = str_replace('[observer.webname]', substr($observer['xchan_addr'], 0, strpos($observer['xchan_addr'], '@')), $s);
 			$s = str_replace('[observer.photo]', '', $s);
 		} 
 		else {
 			$s = str_replace('[observer.baseurl]', '', $s);
 			$s = str_replace('[observer.url]', '', $s);
 			$s = str_replace('[observer.name]', '', $s);
 			$s = str_replace('[observer.address]', '', $s);
 			$s = str_replace('[observer.webname]', '', $s);
 			$s = str_replace('[observer.photo]', '', $s);
 		}
 		return $s;
 	}
 	static public function get_file_ext($arr) {
 		if($arr['mimeType'] == 'text/bbcode')
 			return '.bb';
 		else
 			return '.md';
 	}
 	// This function is derived from 
 	// http://stackoverflow.com/questions/32068537/generate-table-of-contents-from-markdown-in-php
 	static public function toc($content) {
 	  // ensure using only "\n" as line-break
 	  $source = str_replace(["\r\n", "\r"], "\n", $content);
 	  // look for markdown TOC items
 	  preg_match_all(
 		'/^(?:=|-|#).*$/m',
 		$source,
 		$matches,
 		PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE
 	  );
 	  // preprocess: iterate matched lines to create an array of items
 	  // where each item is an array(level, text)
 	  $file_size = strlen($source);
 	  foreach ($matches[0] as $item) {
 		$found_mark = substr($item[0], 0, 1);
 		if ($found_mark == '#') {
 		  // text is the found item
 		  $item_text = $item[0];
 		  $item_level = strrpos($item_text, '#') + 1;
 		  $item_text = substr($item_text, $item_level);
 		} else {
 		  // text is the previous line (empty if <hr>)
 		  $item_offset = $item[1];
 		  $prev_line_offset = strrpos($source, "\n", -($file_size - $item_offset + 2));
 		  $item_text =
 			substr($source, $prev_line_offset, $item_offset - $prev_line_offset - 1);
 		  $item_text = trim($item_text);
 		  $item_level = $found_mark == '=' ? 1 : 2;
 		}
 		if (!trim($item_text) OR strpos($item_text, '|') !== FALSE) {
 		  // item is an horizontal separator or a table header, don't mind
 		  continue;
 		}
 		$raw_toc[] = ['level' => $item_level, 'text' => trim($item_text)];
 	  }
 		$o = '';
 		foreach($raw_toc as $t) {
 			$level = intval($t['level']);
 			$text = $t['text'];
 			switch ($level) {
 				case 1:
 					$li = '* ';
 					break;
 				case 2:
 					$li = '  * ';
 					break;
 				case 3:
 					$li = '    * ';
 					break;
 				case 4:
 					$li = '      * ';
 					break;
 				default:
 					$li = '* ';
 					break;
 			}
 			$o .= $li . $text . "\n";
 		}
 	  return $o;
 	}
 }
--- a/Zotlabs/Lib/PConfig.php
+++ b/Zotlabs/Lib/PConfig.php
@@ -67,16 +67,16 @@ class PConfig {
 	 * @return mixed Stored value or false if it does not exist
 	 */
-	static public function Get($uid,$family,$key,$instore = false) {
+	static public function Get($uid,$family,$key,$default = false) {
 		if(is_null($uid) || $uid === false)
-			return false;
+			return $default;
 		if(! array_key_exists($uid, \App::$config))
 			self::Load($uid);
 		if((! array_key_exists($family, \App::$config[$uid])) || (! array_key_exists($key, \App::$config[$uid][$family])))
-			return false;
+			return $default;
 		return ((! is_array(\App::$config[$uid][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$uid][$family][$key])) 
 			? unserialize(\App::$config[$uid][$family][$key])
@@ -119,7 +119,7 @@ class PConfig {
 		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
-		if(get_pconfig($uid, $family, $key) === false) {
+		if(self::Get($uid, $family, $key) === false) {
 			if(! array_key_exists($uid, \App::$config))
 				\App::$config[$uid] = array();
 			if(! array_key_exists($family, \App::$config[$uid]))
@@ -185,8 +185,12 @@ class PConfig {
 		$ret = false;
-		if(array_key_exists($key, \App::$config[$uid][$family]))
+		if(array_key_exists($uid,\App::$config) 
 			&& is_array(\App::$config['uid']) 
 			&& array_key_exists($family,\App::$config['uid']) 
 			&& array_key_exists($key, \App::$config[$uid][$family]))
 			unset(\App::$config[$uid][$family][$key]);
 		$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
 			intval($uid),
 			dbesc($family),
--- a/Zotlabs/Lib/Permcat.php
+++ b/Zotlabs/Lib/Permcat.php
@@ -0,0 +1,146 @@
 <?php
 namespace Zotlabs\Lib;
 use \Zotlabs\Access as Zaccess;
 class Permcat {
 	private $permcats = [];
 	public function __construct($channel_id) {
 		$perms = [];
 		// first check role perms for a perms_connect setting
 		$role = get_pconfig($channel_id,'system','permissions_role');
 		if($role) {
 			$x = Zaccess\PermissionRoles::role_perms($role);
 			if($x['perms_connect']) {
 				$perms = Zaccess\Permissions::FilledPerms($x['perms_connect']);
 			}
 		}
 		// if no role perms it may be a custom role, see if there any autoperms
 		if(! $perms) {
 			$perms = Zaccess\Permissions::FilledAutoPerms($channel_id);
 		}
 		// if no autoperms it may be a custom role with manual perms
 		if(! $perms) {
 			$r = q("select channel_hash from channel where channel_id = %d",
 				intval($channel_id)
 			);
 			if($r) {
 				$x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'",
 					intval($channel_id),
 					dbesc($r[0]['channel_hash'])
 				);
 				if($x) {
 					foreach($x as $xv) {
 						$perms[$xv['k']] = intval($xv['v']);
 					}
 				}
 			}
 		}
 		// nothing was found - create a filled permission array where all permissions are 0
 		if(! $perms) {
 			$perms = Zaccess\Permissions::FilledPerms([]);
 		}
 		$this->permcats[] = [
 			'name'      => 'default',
 			'localname' => t('default','permcat'),
 			'perms'     => Zaccess\Permissions::Operms($perms),
 			'system'    => 1
 		];
 		$p = $this->load_permcats($channel_id);
 		if($p) {
 			for($x = 0; $x < count($p); $x++) {
 				$this->permcats[] = [
 					'name'      => $p[$x][0],
 					'localname' => $p[$x][1],
 					'perms'     => Zaccess\Permissions::Operms(Zaccess\Permissions::FilledPerms($p[$x][2])),
 					'system'    => intval($p[$x][3])
 				];
 			}
 		}
 	}
 	public function listing() {
 		return $this->permcats;
 	}
 	public function fetch($name) {
 		if($name && $this->permcats) {
 			foreach($this->permcats as $permcat) {
 				if(strcasecmp($permcat['name'],$name) === 0) {
 					return $permcat;
 				}
 			}
 		}
 		return ['error' => true];
 	}
 	public function load_permcats($uid) {
 		$permcats = [
 			[ 'follower', t('follower','permcat'),
 				[ 'view_stream','view_profile','view_contacts','view_storage','view_pages','view_wiki',
 				  'post_like' ], 1
 			],
 			[ 'contributor', t('contributor','permcat'),
 				[ 'view_stream','view_profile','view_contacts','view_storage','view_pages','view_wiki',
 				  'post_wall','post_comments','write_wiki','post_like','tag_deliver','chat' ], 1
 			],
 			[ 'publisher', t('publisher','permcat'),
 				[ 'view_stream','view_profile','view_contacts','view_storage','view_pages',
 				  'write_storage','post_wall','write_pages','write_wiki','post_comments','post_like','tag_deliver',
 				  'chat', 'republish' ], 1
 			]
 		];
 		if($uid) {
 			$x = q("select * from pconfig where uid = %d and cat = 'permcat'",
 				intval($uid)
 			);
 			if($x) {
 				foreach($x as $xv) {
 					$value = ((preg_match('|^a:[0-9]+:{.*}$|s', $xv['v'])) ? unserialize($xv['v']) : $xv['v']);
 					$permcats[] = [ $xv['k'], $xv['k'], $value, 0 ];
 				}
 			}
 		}					
 		call_hooks('permcats',$permcats);
 		return $permcats;
 	}
 	static public function find_permcat($arr,$name) {
 		if((! $arr) || (! $name))
 			return false;
 		foreach($arr as $p)
 			if($p['name'] == $name)
 				return $p['value'];
 	}
 	static public function update($channel_id, $name,$permarr) {
 		PConfig::Set($channel_id,'permcat',$name,$permarr);
 	}
 	static public function delete($channel_id,$name) {
 		PConfig::Delete($channel_id,'permcat',$name);
 	}
 }
--- a/Zotlabs/Lib/PermissionDescription.php
+++ b/Zotlabs/Lib/PermissionDescription.php
@@ -20,14 +20,17 @@ class PermissionDescription  {
 	/**
 	 * Constructor is private.
-	 * Use static methods fromGlobalPermission(), fromStandalonePermission(), or fromDescription()
+	 * Use static methods fromGlobalPermission(), fromStandalonePermission(),
-	 * to create instances.
+	 * or fromDescription() to create instances.
 	 *
 	 * @internal
 	 * @param int $global_perm
 	 * @param int $channel_perm
 	 * @param string $description (optional) default empty
 	 */
 	private function __construct($global_perm, $channel_perm, $description = '') {
 		$this->global_perm  = $global_perm;
 		$this->channel_perm = $channel_perm;
 		$this->fallback_description = ($description  == '') ? t('Visible to your default audience') : $description;
 	}
@@ -43,7 +46,6 @@ class PermissionDescription  {
 		return new PermissionDescription('', 0x80000, $description);
 	}
 	/**
 	 * Use this method only if the interpretation of an empty ACL doesn't fall back to a global
 	 * default permission. You should pass one of the constants from boot.php - PERMS_PUBLIC,
@@ -56,10 +58,10 @@ class PermissionDescription  {
 		$result = new PermissionDescription('', $perm);
-		$checkPerm = $this->get_permission_description();
+		$checkPerm = $result->get_permission_description();
-		if ($checkPerm == $this->fallback_description) {
+		if($checkPerm == $result->fallback_description) {
 			$result = null;
-			logger('null PermissionDescription from unknown standalone permission: ' . $perm ,LOGGER_DEBUG, LOG_ERROR);
+			logger('null PermissionDescription from unknown standalone permission: ' . $perm, LOGGER_DEBUG, LOG_ERR);
 		}
 		return $result;
@@ -80,18 +82,18 @@ class PermissionDescription  {
 		$global_perms = \Zotlabs\Access\Permissions::Perms();
-		if (array_key_exists($permname, $global_perms)) {
+		if(array_key_exists($permname, $global_perms)) {
-			$channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'],$permname);
+			$channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'], $permname);
 			$result = new PermissionDescription('', $channelPerm);
 		} else {
 			// The acl dialog can handle null arguments, but it shouldn't happen
-			logger('null PermissionDescription from unknown global permission: ' . $permname ,LOGGER_DEBUG, LOG_ERROR);
+			logger('null PermissionDescription from unknown global permission: ' . $permname, LOGGER_DEBUG, LOG_ERR);
 		}
 		return $result;
 		}
 		return $result;
 	}
 	/**
 	 * Gets a localized description of the permission, or a generic message if the permission
@@ -102,7 +104,6 @@ class PermissionDescription  {
 	public function get_permission_description() {
 		switch($this->channel_perm) {
 			case 0:              return t('Only me');
 			case PERMS_PUBLIC:   return t('Public');
 			case PERMS_NETWORK:  return t('Anybody in the $Projectname network');
@@ -124,7 +125,6 @@ class PermissionDescription  {
 	public function get_permission_icon() {
 		switch($this->channel_perm) {
 			case 0:/* only me */ return 'fa-eye-slash';
 			case PERMS_PUBLIC:   return 'fa-globe';
 			case PERMS_NETWORK:  return 'fa-share-alt-square'; // fa-share-alt-square is very similiar to the hubzilla logo, but we should create our own logo class to use
@@ -137,7 +137,6 @@ class PermissionDescription  {
 		}
 	}
 	/**
 	 * Returns a localized description of where the permission came from, if this is known.
 	 * If it's not know, or if the permission is standalone and didn't come from a default
@@ -148,7 +147,6 @@ class PermissionDescription  {
 	public function get_permission_origin_description() {
 		switch($this->global_perm) {
 			case PERMS_R_STREAM:  return t('This is your default setting for the audience of your normal stream, and posts.');
 			case PERMS_R_PROFILE: return t('This is your default setting for who can view your default channel profile');
 			case PERMS_R_ABOOK:   return t('This is your default setting for who can view your connections');
--- a/Zotlabs/Lib/System.php
+++ b/Zotlabs/Lib/System.php
@@ -19,6 +19,9 @@ class System {
 	static public function get_project_version() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
 			return '';
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && array_key_exists('std_version',\App::$config['system']))
 			return \App::$config['system']['std_version'];
 		return self::get_std_version();
 	}
@@ -32,20 +35,30 @@ class System {
 	static public function get_notify_icon() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['email_notify_icon_url'])
 			return \App::$config['system']['email_notify_icon_url'];
-		return z_root() . '/images/hz-white-32.png';
+		return z_root() . DEFAULT_NOTIFY_ICON;
 	}
 	static public function get_site_icon() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['site_icon_url'])
 			return \App::$config['system']['site_icon_url'];
-		return z_root() . '/images/hz-32.png';
+		return z_root() . DEFAULT_PLATFORM_ICON ;
 	}
 	static public function get_project_link() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['project_link'])
 			return \App::$config['system']['project_link'];
 		return 'https://hubzilla.org';
 	}
 	static public function get_project_srclink() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['project_srclink'])
 			return \App::$config['system']['project_srclink'];
 		return 'https://github.com/redmatrix/hubzilla';
 	}
 	static public function get_server_role() {
-		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['server_role'])
+		return 'pro';
 			return \App::$config['system']['server_role'];
 		return 'standard';
 	}
 	static public function get_std_version() {
@@ -54,5 +67,12 @@ class System {
 		return '0.0.0';
 	}
 	static public function compatible_project($p) {
 		if(get_directory_realm() != DIRECTORY_REALM)
 			return true;
 		if(in_array(strtolower($p),['hubzilla','zap','red']))
 			return true;
 		return false;
 	}
 }
--- a/Zotlabs/Lib/Techlevels.php
+++ b/Zotlabs/Lib/Techlevels.php
@@ -0,0 +1,21 @@
 <?php
 namespace Zotlabs\Lib;
 class Techlevels {
 	static public function levels() {
 		$techlevels = [
 			'0' => t('0. Beginner/Basic'),
 			'1' => t('1. Novice - not skilled but willing to learn'),
 			'2' => t('2. Intermediate - somewhat comfortable'),
 			'3' => t('3. Advanced - very comfortable'),
 			'4' => t('4. Expert - I can write computer code'),			
 			'5' => t('5. Wizard - I probably know more than you do')
 		];
 		return $techlevels;
 	}
 }
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -44,7 +44,7 @@ class ThreadItem {
 				 * Only add those that will be displayed
 				 */
-				if((! visible_activity($item)) || array_key_exists('author_blocked',$item)) {
+				if((! visible_activity($item)) || array_key_exists('blocked',$item)) {
 					continue;
 				}
@@ -82,7 +82,8 @@ class ThreadItem {
 		$dropping = false;
 		$star = false;
 		$isstarred = "unstarred fa-star-o";
-		$indent = '';
+		$is_comment = false;
 		$is_item = false;
 		$osparkle = '';
 		$total_children = $this->count_descendants();
 		$unseen_comments = (($item['real_uid']) ? 0 : $this->count_unseen_descendants());
@@ -136,7 +137,7 @@ class ThreadItem {
 		$filer = ((($conv->get_profile_owner() == local_channel()) && (! array_key_exists('real_uid',$item))) ? t("Save to Folder") : false);
 		$profile_avatar = $item['author']['xchan_photo_m'];
-		$profile_link   = chanlink_url($item['author']['xchan_url']);
+		$profile_link   = chanlink_hash($item['author_xchan']);
 		$profile_name   = $item['author']['xchan_name'];
 		$location = format_location($item);
@@ -152,7 +153,7 @@ class ThreadItem {
 			$response_verbs[] = 'attendyes';
 			$response_verbs[] = 'attendno';
 			$response_verbs[] = 'attendmaybe';
-			if($this->is_commentable()) {
+			if($this->is_commentable() && $observer) {
 				$isevent = true;
 				$attend = array( t('I will attend'), t('I will not attend'), t('I might attend'));
 			}
@@ -163,7 +164,7 @@ class ThreadItem {
 			$response_verbs[] = 'agree';
 			$response_verbs[] = 'disagree';
 			$response_verbs[] = 'abstain';
-			if($this->is_commentable()) {
+			if($this->is_commentable() && $observer) {
 				$conlabels = array( t('I agree'), t('I disagree'), t('I abstain'));
 				$canvote = true;
 			}
@@ -183,7 +184,7 @@ class ThreadItem {
 		$like_list = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid'] . '-l'] : '');
 		if (count($like_list) > MAX_LIKERS) {
 			$like_list_part = array_slice($like_list, 0, MAX_LIKERS);
-			array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
+			array_push($like_list_part, '<a class="dropdown-item" href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 		} else {
 			$like_list_part = '';
 		}
@@ -195,7 +196,7 @@ class ThreadItem {
 			$dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun');
 			if (count($dislike_list) > MAX_LIKERS) {
 				$dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS);
-				array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
+				array_push($dislike_list_part, '<a class="dropdown-item" href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 			} else {
 				$dislike_list_part = '';
 			}
@@ -232,7 +233,7 @@ class ThreadItem {
 			}
 		} 
 		else {
-			$indent = 'comment';
+			$is_comment = true;
 		}
@@ -250,8 +251,6 @@ class ThreadItem {
 			);
 		}
 		$server_role = get_config('system','server_role');
 		$has_bookmarks = false;
 		if(is_array($item['term'])) {
 			foreach($item['term'] as $t) {
@@ -264,7 +263,7 @@ class ThreadItem {
 		if(($item['obj_type'] === ACTIVITY_OBJ_EVENT) && $conv->get_profile_owner() == local_channel())
 			$has_event = true;
-		if($this->is_commentable()) {
+		if($this->is_commentable() && $observer) {
 			$like = array( t("I like this \x28toggle\x29"), t("like"));
 			$dislike = array( t("I don't like this \x28toggle\x29"), t("dislike"));
 		}
@@ -276,13 +275,13 @@ class ThreadItem {
 		$keep_reports = intval(get_config('system','expire_delivery_reports'));
 		if($keep_reports === 0)
-			$keep_reports = 30;
+			$keep_reports = 10;
 		if((! get_config('system','disable_dreport')) && strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC',"now - $keep_reports days")) > 0)
 			$dreport = t('Delivery Report');
 		if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0)
-			$indent .= ' shiny';
+			$is_new = true;
 		localize_item($item);
@@ -295,7 +294,7 @@ class ThreadItem {
 		$owner_address = substr($item['owner']['xchan_addr'],0,strpos($item['owner']['xchan_addr'],'@'));
 		$viewthread = $item['llink'];
 		if($conv->get_mode() === 'channel')
-			$viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . $item['mid'];
+			$viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . urlencode($item['mid']);
 		$comment_count_txt = sprintf( tt('%d comment','%d comments',$total_children),$total_children );
 		$list_unseen_txt = (($unseen_comments) ? sprintf('%d unseen',$unseen_comments) : '');
@@ -335,7 +334,8 @@ class ThreadItem {
 			'wall' => t('Wall-to-Wall'),
 			'vwall' => t('via Wall-To-Wall:'),
 			'profile_url' => $profile_link,
-			'item_photo_menu' => item_photo_menu($item),
+			'thread_action_menu' => thread_action_menu($item,$conv->get_mode()),
 			'thread_author_menu' => thread_author_menu($item,$conv->get_mode()),
 			'dreport' => $dreport,
 			'name' => $profile_name,
 			'thumb' => $profile_avatar,
@@ -355,7 +355,12 @@ class ThreadItem {
 			'unverified' => $unverified,
 			'forged' => $forged,
 			'location' => $location,
-			'indent' => $indent,
+			'attend_label' => t('Attend'),
 			'attend_title' => t('Attendance Options'),
 			'vote_label' => t('Vote'),
 			'vote_title' => t('Voting Options'),
 			'is_comment' => $is_comment,
 			'is_new' => $is_new,
 			'owner_url' => $this->get_owner_url(),
 			'owner_photo' => $this->get_owner_photo(),
 			'owner_name' => $this->get_owner_name(),
@@ -364,7 +369,7 @@ class ThreadItem {
 			'has_tags' => $has_tags,
 			'reactions' => $this->reactions,
 // Item toolbar buttons
-			'emojis'   => (($this->is_toplevel() && $this->is_commentable() && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
+			'emojis'   => (($this->is_toplevel() && $this->is_commentable() && $observer && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
 			'like'      => $like,
 			'dislike'   => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike : ''),
 			'share'     => $share,
@@ -401,9 +406,9 @@ class ThreadItem {
 			'showlike' => $showlike,
 			'showdislike' => $showdislike,
 			'comment' => $this->get_comment_box($indent),
-			'previewing' => ($conv->is_preview() ? ' preview ' : ''),
+			'previewing' => ($conv->is_preview() ? true : false ),
 			'wait' => t('Please wait'),
-			'submid' => substr($item['mid'],0,32),
+			'submid' => str_replace(['+','='], ['',''], base64_encode(substr($item['mid'],0,32))),
 			'thread_level' => $thread_level
 		);
@@ -707,7 +712,6 @@ class ThreadItem {
 		call_hooks('comment_buttons',$arr);
 		$comment_buttons = $arr['comment_buttons'];
 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
 			'$threaded' => $this->is_threaded(),
@@ -736,8 +740,12 @@ class ThreadItem {
 			'$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false),
 			'$encrypt' => t('Encrypt text'),
 			'$cipher' => $conv->get_cipher(),
-			'$sourceapp' => \App::$sourcename
+			'$sourceapp' => \App::$sourcename,
-
+			'$observer' => get_observer_hash(),
 			'$anoncomments' => (($conv->get_mode() === 'channel' && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
 			'$anonname' => [ 'anonname', t('Your full name (required)'),'','','','onBlur="commentCloseUI(this,\'' . $this->get_id() . '\')"' ],
 			'$anonmail' => [ 'anonmail', t('Your email address (required)'),'','','','onBlur="commentCloseUI(this,\'' . $this->get_id() . '\')"' ],
 			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)'),'','','','onBlur="commentCloseUI(this,\'' . $this->get_id() . '\')"' ]
 		));
 		return $comment_box;
@@ -761,7 +769,7 @@ class ThreadItem {
 			return;
 		if($this->is_toplevel() && ($this->get_data_value('author_xchan') != $this->get_data_value('owner_xchan'))) {
-			$this->owner_url = chanlink_url($this->data['owner']['xchan_url']);
+			$this->owner_url = chanlink_hash($this->data['owner']['xchan_hash']);
 			$this->owner_photo = $this->data['owner']['xchan_photo_m'];
 			$this->owner_name = $this->data['owner']['xchan_name'];
 			$this->wall_to_wall = true;
--- a/Zotlabs/Lib/ThreadStream.php
+++ b/Zotlabs/Lib/ThreadStream.php
@@ -18,6 +18,7 @@ class ThreadStream {
 	private $observer = null;
 	private $writable = false;
 	private $commentable = false;
 	private $uploadable = false;
 	private $profile_owner = 0;
 	private $preview = false;
 	private $prepared_item = '';
@@ -58,7 +59,7 @@ class ThreadStream {
 			case 'display':
 				// in this mode we set profile_owner after initialisation (from conversation()) and then 
 				// pull some trickery which allows us to re-invoke this function afterward
-				// it's an ugly hack so FIXME
+				// it's an ugly hack so @FIXME
 				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
 				break;
 			case 'page':
@@ -158,11 +159,11 @@ class ThreadStream {
 			if(intval($item->get_data_value('item_nocomment'))) {
 				$item->set_commentable(false);
 			}
-			elseif(($this->observer) && (! $item->is_commentable())) {
+			elseif(! $item->is_commentable()) {
 				if((array_key_exists('owner',$item->data)) && intval($item->data['owner']['abook_self']))
-					$item->set_commentable(perm_is_allowed($this->profile_owner,$this->observer['xchan_hash'],'post_comments'));
+					$item->set_commentable(perm_is_allowed($this->profile_owner,$ob_hash,'post_comments'));
 				else
-					$item->set_commentable(can_comment_on_post($this->observer['xchan_hash'],$item->data));
+					$item->set_commentable(can_comment_on_post($ob_hash,$item->data));
 			}
 		}
 		require_once('include/channel.php');
--- a/Zotlabs/Lib/XConfig.php
+++ b/Zotlabs/Lib/XConfig.php
@@ -59,16 +59,16 @@ class XConfig {
 	 * @return mixed Stored $value or false if it does not exist
 	 */
-	static public function Get($xchan, $family, $key) {
+	static public function Get($xchan, $family, $key, $default = false) {
 		if(! $xchan)
-			return false;
+			return $default;
 		if(! array_key_exists($xchan, \App::$config))
 			load_xconfig($xchan);
 		if((! array_key_exists($family, \App::$config[$xchan])) || (! array_key_exists($key, \App::$config[$xchan][$family])))
-			return false;
+			return $default;
 		return ((! is_array(\App::$config[$xchan][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$xchan][$family][$key])) 
 			? unserialize(\App::$config[$xchan][$family][$key])
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -19,7 +19,7 @@ require_once("include/group.php");
 class Acl extends \Zotlabs\Web\Controller {
-	function init(){
+	function init() {
 		//	logger('mod_acl: ' . print_r($_REQUEST,true));
@@ -49,7 +49,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		$extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array());
 		// The different autocomplete libraries use different names for the search text
-		// parameter. Internaly we'll use $search to represent the search text no matter
+		// parameter. Internally we'll use $search to represent the search text no matter
 		// what request variable it was attached to. 
 		if(array_key_exists('query',$_REQUEST)) {
@@ -77,7 +77,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		if($search) {
-			$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
+			$sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
 			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
 			// This horrible mess is needed because position also returns 0 if nothing is found. 
@@ -87,8 +87,8 @@ class Acl extends \Zotlabs\Web\Controller {
 			$order_extra2 = "CASE WHEN xchan_name LIKE " 
 					. protect_sprintf( "'%" . dbesc($search) . "%'" ) 
-					. " then POSITION('" . dbesc($search) 
+					. " then POSITION('" . protect_sprintf(dbesc($search)) 
-					. "' IN xchan_name) else position('" . dbesc($search) . "' IN xchan_addr) end, ";
+					. "' IN xchan_name) else position('" . protect_sprintf(dbesc($search)) . "' IN xchan_addr) end, ";
 			$col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' );
 			$sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
@@ -104,10 +104,31 @@ class Acl extends \Zotlabs\Web\Controller {
 		if($type == '' || $type == 'g') {
 			// virtual groups based on private profile viewing ability
 			$r = q("select id, profile_guid, profile_name from profile where is_default = 0 and uid = %d",
 				intval(local_channel())
 			);	
 			if($r) {
 				foreach($r as $rv) {
 					$groups[] = array(
 						"type"  => "g",
 						"photo" => "images/twopeople.png",
 						"name"  => t('Profile','acl') . ' ' . $rv['profile_name'],
 						"id"	=> 'vp' . $rv['id'],
 						"xid"   => 'vp.' . $rv['profile_guid'],
 						"uids"  => group_get_profile_members_xchan(local_channel(), $rv['id']),
 						"link"  => ''
 					);
 				}
 			}
 			// Normal privacy groups
 			$r = q("SELECT groups.id, groups.hash, groups.gname
-					FROM groups,group_member 
+					FROM groups, group_member 
 					WHERE groups.deleted = 0 AND groups.uid = %d 
-					AND group_member.gid=groups.id
+					AND group_member.gid = groups.id
 					$sql_extra
 					GROUP BY groups.id
 					ORDER BY groups.gname 
@@ -134,25 +155,34 @@ class Acl extends \Zotlabs\Web\Controller {
 		}
 		if($type == '' || $type == 'c') {
 			$extra_channels_sql  = ''; 
 			// Only include channels who allow the observer to view their permissions
 			foreach($extra_channels as $channel) {
 				if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts'))
 					$extra_channels_sql .= "," . intval($channel);
 			}
-			$extra_channels_sql = substr($extra_channels_sql,1); // Remove initial comma
+			$extra_channels_sql  = ''; 
 			// Only include channels who allow the observer to view their connections
 			if($extra_channels) {
 				foreach($extra_channels as $channel) {
 					if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts')) {
 						if($extra_channel_sql)
 							$extra_channels_sql .= ',';
 						$extra_channels_sql .= intval($channel);
 					}
 				}
 			}
 			// Getting info from the abook is better for local users because it contains info about permissions
 			if(local_channel()) {
 				if($extra_channels_sql != '')
 					$extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 ";
 				// Add atokens belonging to the local channel @TODO restrict by search
 				$r2 = null;
 				$r1 = q("select * from atoken where atoken_uid = %d",
 					intval(local_channel())
 				);
 				if($r1) {
 					require_once('include/security.php');
 					$r2 = array();
@@ -172,6 +202,7 @@ class Acl extends \Zotlabs\Web\Controller {
 					}
 				} 
 				// add connections
 				$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self 
 					FROM abook left join xchan on abook_xchan = xchan_hash 
@@ -382,9 +413,11 @@ class Acl extends \Zotlabs\Web\Controller {
 			$url = $directory['url'] . '/dirsearch';
 		}
 		$token = get_config('system','realm_token');
 		$count = (x($_REQUEST,'count') ?  $_REQUEST['count'] : 100);
 		if($url) {
-			$query = $url . '?f=' ;
+			$query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : '');
 			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : '');
 			$x = z_fetch_url($query);
--- a/Zotlabs/Module/Admin.php
+++ b/Zotlabs/Module/Admin.php
@@ -1,21 +1,20 @@
 <?php
 namespace Zotlabs\Module;
 /**
- * @file mod/admin.php
+ * @file Zotlabs/Module/Admin.php
 * @brief Hubzilla's admin controller.
 *
 * Controller for the /admin/ area.
 */
 namespace Zotlabs\Module;
 require_once('include/queue_fn.php');
 require_once('include/account.php');
 /**
- * @param App &$a
+ * @brief Admin area.
 *
 */
 class Admin extends \Zotlabs\Web\Controller {
 	private $sm = null;
@@ -49,11 +48,12 @@ class Admin extends \Zotlabs\Web\Controller {
 			return login(false);
 		}
 		/*
 		 * Page content
 		 */
 		nav_set_selected('Admin');
 		$o = '';
 		if(argc() > 1) {
@@ -80,7 +80,6 @@ class Admin extends \Zotlabs\Web\Controller {
 	/**
 	 * @brief Returns content for Admin Summary Page.
 	 *
 	 * @param App &$a
 	 * @return string HTML from parsed admin_summary.tpl
 	 */
 	function admin_page_summary() {
@@ -94,23 +93,23 @@ class Admin extends \Zotlabs\Web\Controller {
 			intval(ACCOUNT_BLOCKED)
 		);
 		if ($r) {
-			$accounts['total']    = array('label' => t('# Accounts'), 'val' => $r[0]['total']);
+			$accounts['total']    = array('label' => t('Accounts'), 'val' => $r[0]['total']);
-			$accounts['blocked']  = array('label' => t('# blocked accounts'), 'val' => $r[0]['blocked']);
+			$accounts['blocked']  = array('label' => t('Blocked accounts'), 'val' => $r[0]['blocked']);
-			$accounts['expired']  = array('label' => t('# expired accounts'), 'val' => $r[0]['expired']);
+			$accounts['expired']  = array('label' => t('Expired accounts'), 'val' => $r[0]['expired']);
-			$accounts['expiring'] = array('label' => t('# expiring accounts'), 'val' => $r[0]['expiring']);
+			$accounts['expiring'] = array('label' => t('Expiring accounts'), 'val' => $r[0]['expiring']);
 		}
 		// pending registrations
-		$r = q("SELECT COUNT(id) AS `count` FROM `register` WHERE `uid` != '0'");
+		$r = q("SELECT COUNT(id) AS rtotal FROM register WHERE uid != '0'");
-		$pending = $r[0]['count'];
+		$pending = $r[0]['rtotal'];
 		// available channels, primary and clones
 		$channels = array();
 		$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0");
 		if ($r) {
-			$channels['total']  = array('label' => t('# Channels'), 'val' => $r[0]['total']);
+			$channels['total']  = array('label' => t('Channels'), 'val' => $r[0]['total']);
-			$channels['main']   = array('label' => t('# primary'), 'val' => $r[0]['main']);
+			$channels['main']   = array('label' => t('Primary'), 'val' => $r[0]['main']);
-			$channels['clones'] = array('label' => t('# clones'), 'val' => $r[0]['clones']);
+			$channels['clones'] = array('label' => t('Clones'), 'val' => $r[0]['clones']);
 		}
 		// We can do better, but this is a quick queue status
@@ -121,21 +120,17 @@ class Admin extends \Zotlabs\Web\Controller {
 		// If no plugins active return 0, otherwise list of plugin names
 		$plugins = (count(\App::$plugins) == 0) ? count(\App::$plugins) : \App::$plugins;
 		if(is_array($plugins))
 			sort($plugins);
 		// Could be extended to provide also other alerts to the admin
 		$alertmsg = '';
 		// annoy admin about upcoming unsupported PHP version
 		if (version_compare(PHP_VERSION, '5.4', '<')) {
 			$alertmsg = 'Your PHP version ' . PHP_VERSION . ' will not be supported with the next major release of $Projectname. You are strongly urged to upgrade to a current version.'
 				. '<br>PHP 5.3 has reached its <a href="http://php.net/eol.php" class="alert-link">End of Life (EOL)</a> in August 2014.'
 				. ' A list about current PHP versions can be found <a href="http://php.net/supported-versions.php" class="alert-link">here</a>.';
 		}
 		$vmaster = get_repository_version('master');
 		$vdev = get_repository_version('dev');
 		$upgrade = ((version_compare(STD_VERSION,$vmaster) < 0) ? t('Your software should be updated') : '');
 		$t = get_markup_template('admin_summary.tpl');
 		return replace_macros($t, array(
 			'$title' => t('Administration'),
@@ -154,6 +149,4 @@ class Admin extends \Zotlabs\Web\Controller {
 		));
 	}
 }
--- a/Zotlabs/Module/Admin/Account_edit.php
+++ b/Zotlabs/Module/Admin/Account_edit.php
@@ -29,6 +29,22 @@ class Account_edit {
 				info( sprintf( t('Password changed for account %d.'), $account_id). EOL);
 		}
 		$service_class = trim($_REQUEST['service_class']);
 		$account_level = intval(trim($_REQUEST['account_level']));
 		$account_language = trim($_REQUEST['account_language']);
 		$r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s' 
 			where account_id = %d",
 			dbesc($service_class),
 			intval($account_level),
 			dbesc($account_language),
 			intval($account_id)
 		);
 		if($r)
 			info( t('Account settings updated.') . EOL);
 		goaway(z_root() . '/admin/accounts');
 	}
@@ -46,11 +62,15 @@ class Account_edit {
 			return '';
 		}
 		$a = replace_macros(get_markup_template('admin_account_edit.tpl'), [
 			'$account' => $x[0],
 			'$title' => t('Account Edit'),
 			'$pass1' => [ 'pass1', t('New Password'), ' ','' ],
 			'$pass2' => [ 'pass2', t('New Password again'), ' ','' ],
 			'$account_level' => [ 'account_level', t('Technical skill level'), $x[0]['account_level'], '', \Zotlabs\Lib\Techlevels::levels() ],
 			'$account_language' => [ 'account_language' , t('Account language (for emails)'), $x[0]['account_language'], '', language_list() ],
 			'$service_class' => [ 'service_class', t('Service class'), $x[0]['account_service_class'], '' ],
 			'$submit' => t('Submit'),
 			]
 		);
--- a/Zotlabs/Module/Admin/Accounts.php
+++ b/Zotlabs/Module/Admin/Accounts.php
@@ -133,10 +133,9 @@ class Accounts {
 		$base = z_root() . '/admin/accounts?f=';
 		$odir = (($dir === 'asc') ? '0' : '1');
-		$users = q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . 			"`account_service_class`, ( account_flags & %d ) > 0 as `blocked`, " .
+		$users = q("SELECT account_id , account_email, account_lastlog, account_created, account_expires, account_service_class, ( account_flags & %d ) > 0 as blocked, 
-				"(SELECT %s FROM channel as ch " .
+			(SELECT %s FROM channel as ch WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as channels FROM account as ac 
-				"WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as `channels` " .
+			where true $serviceclass order by $key $dir limit %d offset %d ",
 			"FROM account as ac where true $serviceclass order by $key $dir limit %d offset %d ",
 			intval(ACCOUNT_BLOCKED),
 			db_concat('ch.channel_address', ' '),
 			intval(\App::$pager['itemspage']),
--- a/Zotlabs/Module/Admin/Channels.php
+++ b/Zotlabs/Module/Admin/Channels.php
@@ -2,14 +2,15 @@
 namespace Zotlabs\Module\Admin;
-
+/**
 * @brief Admin Module for Channels.
 *
 */
 class Channels {
 	/**
-	 * @brief Channels admin page.
+	 * @brief Handle POST actions on channels admin page.
 	 *
 	 * @param App &$a
 	 */
 	function post() {
@@ -19,18 +20,18 @@ class Channels {
 		$xor = db_getfunc('^');
-		if (x($_POST,'page_channels_block')){
+		if(x($_POST, 'page_channels_block')) {
-			foreach($channels as $uid){
+			foreach($channels as $uid) {
 				q("UPDATE channel SET channel_pageflags = ( channel_pageflags $xor %d ) where channel_id = %d",
 					intval(PAGE_CENSORED),
 					intval( $uid )
 				);
-				\Zotlabs\Daemon\Master::Summon(array('Directory',$uid,'nopush'));
+				\Zotlabs\Daemon\Master::Summon(array('Directory', $uid, 'nopush'));
 			}
 			notice( sprintf( tt("%s channel censored/uncensored", "%s channels censored/uncensored", count($channels)), count($channels)) );
 		}
-		if (x($_POST,'page_channels_code')){
+		if(x($_POST, 'page_channels_code')) {
-			foreach($channels as $uid){
+			foreach($channels as $uid) {
 				q("UPDATE channel SET channel_pageflags = ( channel_pageflags $xor %d ) where channel_id = %d",
 					intval(PAGE_ALLOWCODE),
 					intval( $uid )
@@ -38,9 +39,9 @@ class Channels {
 			}
 			notice( sprintf( tt("%s channel code allowed/disallowed", "%s channels code allowed/disallowed", count($channels)), count($channels)) );
 		}
-		if (x($_POST,'page_channels_delete')){
+		if(x($_POST, 'page_channels_delete')) {
-			foreach($channels as $uid){
+			foreach($channels as $uid) {
-				channel_remove($uid,true);
+				channel_remove($uid, true);
 			}
 			notice( sprintf( tt("%s channel deleted", "%s channels deleted", count($channels)), count($channels)) );
 		}
@@ -48,13 +49,11 @@ class Channels {
 		goaway(z_root() . '/admin/channels' );
 	}
 	/**
-	 * @brief
+	 * @brief Generate channels admin page and handle single item operations.
 	 *
-	 * @return string
+	 * @return string with parsed HTML
 	 */
 	function get() {
 		if(argc() > 2) {
 			$uid = argv(3);
@@ -105,7 +104,6 @@ class Channels {
 			goaway(z_root() . '/admin/channels' );
 		}
 		$key = (($_REQUEST['key']) ? dbesc($_REQUEST['key']) : 'channel_id');
 		$dir = 'asc';
 		if(array_key_exists('dir',$_REQUEST))
@@ -114,8 +112,6 @@ class Channels {
 		$base = z_root() . '/admin/channels?f=';
 		$odir = (($dir === 'asc') ? '0' : '1');
 		/* get channels */
 		$total = q("SELECT count(*) as total FROM channel where channel_removed = 0 and channel_system = 0");
@@ -143,7 +139,7 @@ class Channels {
 			}
 		}
-		$t = get_markup_template("admin_channels.tpl");
+		$t = get_markup_template('admin_channels.tpl');
 		$o = replace_macros($t, array(
 			// strings //
 			'$title' => t('Administration'),
@@ -166,7 +162,7 @@ class Channels {
 			'$confirm_delete_multi' => t('Selected channels will be deleted!\n\nEverything that was posted in these channels on this site will be permanently deleted!\n\nAre you sure?'),
 			'$confirm_delete' => t('The channel {0} will be deleted!\n\nEverything that was posted in this channel on this site will be permanently deleted!\n\nAre you sure?'),
-			'$form_security_token' => get_form_security_token("admin_channels"),
+			'$form_security_token' => get_form_security_token('admin_channels'),
 			// values //
 			'$baseurl' => z_root(),
@@ -177,10 +173,4 @@ class Channels {
 		return $o;
 	}
 }
--- a/Zotlabs/Module/Admin/Dbsync.php
+++ b/Zotlabs/Module/Admin/Dbsync.php
@@ -42,7 +42,7 @@ class Dbsync {
 		}
 		$failed = array();
-		$r = q("select * from config where `cat` = 'database' ");
+		$r = q("select * from config where cat = 'database' ");
 		if(count($r)) {
 			foreach($r as $rr) {
 				$upd = intval(substr($rr['k'],8));
--- a/Zotlabs/Module/Admin/Plugins.php
+++ b/Zotlabs/Module/Admin/Plugins.php
@@ -3,10 +3,14 @@
 namespace Zotlabs\Module\Admin;
 use \Zotlabs\Storage\GitRepo as GitRepo;
 use \Michelf\MarkdownExtra;
 class Plugins {
-
+	/**
 	 * @brief
 	 *
 	 */
 	function post() {
 		if(argc() > 2 && is_file("addon/" . argv(2) . "/" . argv(2) . ".php")) {
@@ -17,7 +21,6 @@ class Plugins {
 			}
 			goaway(z_root() . '/admin/plugins/' . argv(2) );
 		}
 		elseif(argc() > 2) {
 			switch(argv(2)) {
@@ -36,7 +39,7 @@ class Plugins {
 							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
 						}
 						else {
-							if (!symlink('extend/addon', $addonDir)) {
+							if (!symlink(realpath('extend/addon'), $addonDir)) {
 								logger('Error creating symlink to addon folder: ' . $addonDir);
 								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
 							}
@@ -57,7 +60,7 @@ class Plugins {
 							$files = array_diff(scandir($repoDir), array('.', '..'));
 							foreach ($files as $file) {
 								if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
-									$source = 'extend/addon/' . $repoName . '/' . $file;
+									$source = '../extend/addon/' . $repoName . '/' . $file;
 									$target = realpath('addon/') . '/' . $file;
 									unlink($target);
 									if (!symlink($source, $target)) {
@@ -86,7 +89,7 @@ class Plugins {
 							logger('Error creating extend folder: ' . $extendDir);
 							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
 						} else {
-							if (!symlink('extend/addon', $addonDir)) {
+							if (!symlink(realpath('extend/addon'), $addonDir)) {
 								logger('Error creating symlink to addon folder: ' . $addonDir);
 								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
 							}
@@ -101,14 +104,13 @@ class Plugins {
 						logger('Repo directory not writable to web server: ' . $repoDir);
 						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
 					}
-					// TODO: remove directory and unlink /addon/files
+					/// @TODO remove directory and unlink /addon/files
 					if (rrmdir($repoDir)) {
 						json_return_and_die(array('message' => 'Repo deleted.', 'success' => true));
 					} else {
 						json_return_and_die(array('message' => 'Error deleting addon repo.', 'success' => false));
 					}
 				case 'installrepo':
 					require_once('library/markdown.php');
 					if (array_key_exists('repoURL', $_REQUEST)) {
 						require_once('library/PHPGit.autoload.php');			// Load PHPGit dependencies
 						$repoURL = $_REQUEST['repoURL'];
@@ -119,7 +121,7 @@ class Plugins {
 								logger('Error creating extend folder: ' . $extendDir);
 								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
 							} else {
-								if (!symlink('extend/addon', $addonDir)) {
+								if (!symlink(realpath('extend/addon'), $addonDir)) {
 									logger('Error creating symlink to addon folder: ' . $addonDir);
 									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
 								}
@@ -156,7 +158,7 @@ class Plugins {
 						$files = array_diff(scandir($repoDir), array('.', '..'));
 						foreach ($files as $file) {
 							if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
-								$source = 'extend/addon/' . $repoName . '/' . $file;
+								$source = '../extend/addon/' . $repoName . '/' . $file;
 								$target = realpath('addon/') . '/' . $file;
 								unlink($target);
 								if (!symlink($source, $target)) {
@@ -170,19 +172,18 @@ class Plugins {
 						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
 					}
 				case 'addrepo':
 					require_once('library/markdown.php');
 					if (array_key_exists('repoURL', $_REQUEST)) {
 						require_once('library/PHPGit.autoload.php');	 // Load PHPGit dependencies
 						$repoURL = $_REQUEST['repoURL'];
 						$extendDir = 'store/[data]/git/sys/extend';
 						$addonDir = $extendDir . '/addon';
-						$tempAddonDir = 'store/[data]/git/sys/temp';
+						$tempAddonDir = realpath('store/[data]') . '/git/sys/temp';
 						if (!file_exists($extendDir)) {
 							if (!mkdir($extendDir, 0770, true)) {
 								logger('Error creating extend folder: ' . $extendDir);
 								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
 							} else {
-								if (!symlink('extend/addon', $addonDir)) {
+								if (!symlink(realpath('extend/addon'), $addonDir)) {
 									logger('Error creating symlink to addon folder: ' . $addonDir);
 									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
 								}
@@ -225,7 +226,7 @@ class Plugins {
 						$repo['readme'] = $repo['manifest'] = null;
 						foreach ($git->git->tree('master') as $object) {
 							if ($object['type'] == 'blob' && (strtolower($object['file']) === 'readme.md' || strtolower($object['file']) === 'readme')) {
-								$repo['readme'] = Markdown($git->git->cat->blob($object['hash']));
+								$repo['readme'] = MarkdownExtra::defaultTransform($git->git->cat->blob($object['hash']));
 							} else if ($object['type'] == 'blob' && strtolower($object['file']) === 'manifest.json') {
 								$repo['manifest'] = $git->git->cat->blob($object['hash']);
 							}
@@ -241,7 +242,11 @@ class Plugins {
 		}
 	}
-
+	/**
 	 * @brief Plugins admin page.
 	 *
 	 * @return string with parsed HTML
 	 */
 	function get() {
 		/*
@@ -297,8 +302,8 @@ class Plugins {
 				}
 				goaway(z_root() . '/admin/plugins' );
 			}
 			// display plugin details
 			require_once('library/markdown.php');
 			if (in_array($plugin, \App::$plugins)){
 				$status = 'on';
@@ -311,7 +316,7 @@ class Plugins {
 			$readme = null;
 			if (is_file("addon/$plugin/README.md")){
 				$readme = file_get_contents("addon/$plugin/README.md");
-				$readme = Markdown($readme);
+				$readme = MarkdownExtra::defaultTransform($readme);
 			} else if (is_file("addon/$plugin/README")){
 				$readme = "<pre>". file_get_contents("addon/$plugin/README") ."</pre>";
 			}
@@ -395,6 +400,10 @@ class Plugins {
 		usort($plugins,'self::plugin_sort');
 		$allowManageRepos = false;
 		if(is_writable('extend/addon') && is_writable('store/[data]')) {
 			$allowManageRepos = true;
 		}
 		$admin_plugins_add_repo_form= replace_macros(
 			get_markup_template('admin_plugins_addrepo.tpl'), array(
@@ -419,7 +428,7 @@ class Plugins {
 		$addonrepos = [];
 		foreach($reponames as $repo) {
 			$addonrepos[] = array('name' => $repo, 'description' => '');
-			// TODO: Parse repo info to provide more information about repos
+			/// @TODO Parse repo info to provide more information about repos
 		}
 		$t = get_markup_template('admin_plugins.tpl');
@@ -432,6 +441,7 @@ class Plugins {
 			'$plugins' => $plugins,
 			'$disabled' => t('Disabled - version incompatibility'),
 			'$form_security_token' => get_form_security_token('admin_plugins'),
 			'$allowManageRepos' => $allowManageRepos,
 			'$managerepos' => t('Manage Repos'),
 			'$installedtitle' => t('Installed Plugin Repositories'),
 			'$addnewrepotitle' =>	t('Install a New Plugin Repository'),
@@ -466,5 +476,4 @@ class Plugins {
 		return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name'])));
 	}
 }
--- a/Zotlabs/Module/Admin/Queue.php
+++ b/Zotlabs/Module/Admin/Queue.php
@@ -15,7 +15,6 @@ class Queue {
 		$expert = ((array_key_exists('expert',$_REQUEST)) ? intval($_REQUEST['expert']) : 0);
 		if($_REQUEST['drophub']) {
 			require_once('hubloc.php');
 			hubloc_mark_as_down($_REQUEST['drophub']);
 			remove_queue_by_posturl($_REQUEST['drophub']);
 		}
--- a/Zotlabs/Module/Admin/Site.php
+++ b/Zotlabs/Module/Admin/Site.php
@@ -5,11 +5,9 @@ namespace Zotlabs\Module\Admin;
 class Site {
 	/**
 	 * @brief POST handler for Admin Site Page.
 	 *
 	 * @param App &$a
 	 */
 	function post(){
 		if (!x($_POST, 'page_site')) {
@@ -19,15 +17,15 @@ class Site {
 		check_form_security_token_redirectOnErr('/admin/site', 'admin_site');
 		$sitename 			=	((x($_POST,'sitename'))			? notags(trim($_POST['sitename']))			: '');
 		$server_role 		=	((x($_POST,'server_role'))		? notags(trim($_POST['server_role']))		: 'standard');
 		$banner				=	((x($_POST,'banner'))			? trim($_POST['banner'])				: false);
 		$admininfo			=	((x($_POST,'admininfo'))		? trim($_POST['admininfo'])				: false);
 		$siteinfo			=	((x($_POST,'siteinfo'))		    ? trim($_POST['siteinfo'])				: '');
 		$language			=	((x($_POST,'language'))			? notags(trim($_POST['language']))			: '');
 		$theme				=	((x($_POST,'theme'))			? notags(trim($_POST['theme']))				: '');
 		$theme_mobile			=	((x($_POST,'theme_mobile'))		? notags(trim($_POST['theme_mobile']))			: '');
-	//	$site_channel			=	((x($_POST,'site_channel'))	? notags(trim($_POST['site_channel']))				: '');
+//		$site_channel			=	((x($_POST,'site_channel'))	? notags(trim($_POST['site_channel']))				: '');
 		$maximagesize		=	((x($_POST,'maximagesize'))		? intval(trim($_POST['maximagesize']))				:  0);
 		$register_policy	=	((x($_POST,'register_policy'))	? intval(trim($_POST['register_policy']))	:  0);
@@ -49,6 +47,10 @@ class Site {
 		$no_community_page    = !((x($_POST,'no_community_page'))	? True	:	False);
 		$default_expire_days  = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0);
 		$reply_address      = ((array_key_exists('reply_address',$_POST) && trim($_POST['reply_address'])) ? trim($_POST['reply_address']) : 'noreply@' . \App::get_hostname());
 		$from_email         = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname());
 		$from_email_name    = ((array_key_exists('from_email_name',$_POST) && trim($_POST['from_email_name'])) ? trim($_POST['from_email_name']) : \Zotlabs\Lib\System::get_site_name());
 		$verifyssl         = ((x($_POST,'verifyssl'))        ? True : False);
 		$proxyuser         = ((x($_POST,'proxyuser'))        ? notags(trim($_POST['proxyuser']))  : '');
 		$proxy             = ((x($_POST,'proxy'))            ? notags(trim($_POST['proxy']))      : '');
@@ -62,12 +64,9 @@ class Site {
 		$techlevel_lock    = ((x($_POST,'techlock'))   ? intval($_POST['techlock'])   : 0);
 		$techlevel         = null;
-		if(array_key_exists('techlevel',$_POST))
+		if(array_key_exists('techlevel', $_POST))
 			$techlevel = intval($_POST['techlevel']);
 		set_config('system', 'server_role', $server_role);
 		set_config('system', 'feed_contacts', $feed_contacts);
 		set_config('system', 'delivery_interval', $delivery_interval);
 		set_config('system', 'delivery_batch_count', $delivery_batch_count);
@@ -80,8 +79,15 @@ class Site {
 		set_config('system', 'enable_context_help', $enable_context_help);
 		set_config('system', 'verify_email', $verify_email);
 		set_config('system', 'default_expire_days', $default_expire_days);
 		set_config('system', 'reply_address', $reply_address);
 		set_config('system', 'from_email', $from_email);
 		set_config('system', 'from_email_name' , $from_email_name);
 		set_config('system', 'techlevel_lock', $techlevel_lock);
 		if(! is_null($techlevel))
 			set_config('system', 'techlevel', $techlevel);
@@ -101,6 +107,7 @@ class Site {
 			linkify_tags($a, $admininfo, local_channel());
 			set_config('system', 'admininfo', $admininfo);
 		}
 		set_config('system','siteinfo',$siteinfo);
 		set_config('system', 'language', $language);
 		set_config('system', 'theme', $theme);
 		if ( $theme_mobile === '---' ) {
@@ -139,9 +146,8 @@ class Site {
 	/**
 	 * @brief Admin page site.
 	 *
-	 * @return string
+	 * @return string with HTML
 	 */
 	function get() {
 		/* Installed langs */
@@ -166,6 +172,14 @@ class Site {
 			foreach($files as $file) {
 				$vars = '';
 				$f = basename($file);
 				$info = get_theme_info($f);
 				$compatible = check_plugin_versions($info);
 				if(!$compatible) {
 					$theme_choices[$f] = $theme_choices_mobile[$f] = sprintf(t('%s - (Incompatible)'), $f);
 					continue;
 				}
 				if (file_exists($file . '/library'))
 					continue;
 				if (file_exists($file . '/mobile'))
@@ -238,13 +252,6 @@ class Site {
 		// now invert the logic for the setting.
 		$discover_tab = (1 - $discover_tab);
 		$server_roles = [
 			'basic'    => t('Basic/Minimal Social Networking'),
 			'standard' => t('Standard Configuration (default)'),
 			'pro'      => t('Professional')
 		];
 		$techlevels = [
 			'0' => t('Beginner/Basic'),
 			'1' => t('Novice - not skilled but willing to learn'),
@@ -254,9 +261,6 @@ class Site {
 			'5' => t('Wizard - I probably know more than you do')
 		];
 		$homelogin = get_config('system','login_on_homepage');
 		$enable_context_help = get_config('system','enable_context_help');
@@ -274,19 +278,17 @@ class Site {
 			// name, label, value, help string, extra data...
 			'$sitename' 		=> array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''),
 			'$server_role' 		=> array('server_role', t("Server Configuration/Role"), get_config('system','server_role'),'',$server_roles),
 			'$techlevel' => [ 'techlevel', t('Site default technical skill level'), get_config('system','techlevel'), t('Used to provide a member experience matched to technical comfort level'), $techlevels ],
 			'$techlock' => [ 'techlock', t('Lock the technical skill level setting'), get_config('system','techlevel_lock'), t('Members can set their own technical comfort level by default') ],
 			'$banner'			=> array('banner', t("Banner/Logo"), $banner, ""),
 			'$admininfo'		=> array('admininfo', t("Administrator Information"), $admininfo, t("Contact information for site administrators.  Displayed on siteinfo page.  BBCode can be used here")),
 			'$siteinfo'		=> array('siteinfo', t('Site Information'), get_config('system','siteinfo'), t("Publicly visible description of this site.  Displayed on siteinfo page.  BBCode can be used here")),
 			'$language' 		=> array('language', t("System language"), get_config('system','language'), "", $lang_choices),
 			'$theme' 			=> array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices),
 			'$theme_mobile' 	=> array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile),
-	//		'$site_channel' 	=> array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")),
+//			'$site_channel' 	=> array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")),
 			'$feed_contacts'    => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')),
 			'$maximagesize'		=> array('maximagesize', t("Maximum image size"), intval(get_config('system','maximagesize')), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
 			'$register_policy'	=> array('register_policy', t("Does this site allow new member registration?"), get_config('system','register_policy'), "", $register_choices),
@@ -303,6 +305,10 @@ class Site {
 			'$login_on_homepage'	=> array('login_on_homepage', t("Login on Homepage"),((intval($homelogin) || $homelogin === false) ? 1 : '') , t("Present a login box to visitors on the home page if no other content has been configured.")),
 			'$enable_context_help'	=> array('enable_context_help', t("Enable context help"),((intval($enable_context_help) === 1 || $enable_context_help === false) ? 1 : 0) , t("Display contextual help for the current page when the help button is pressed.")),
 			'$reply_address' => [ 'reply_address', t('Reply-to email address for system generated email.'), get_config('system','reply_address','noreply@' . \App::get_hostname()),'' ],
 			'$from_email' => [ 'from_email', t('Sender (From) email address for system generated email.'), get_config('system','from_email','Administrator@' . \App::get_hostname()),'' ],
 			'$from_email_name' => [ 'from_email_name', t('Name of email sender for system generated email.'), get_config('system','from_email_name',\Zotlabs\Lib\System::get_site_name()),'' ],
 			'$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null),
 			'$proxyuser'		=> array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""),
@@ -317,7 +323,4 @@ class Site {
 		));
 	}
 }
--- a/Zotlabs/Module/Admin/Themes.php
+++ b/Zotlabs/Module/Admin/Themes.php
@@ -2,16 +2,24 @@
 namespace Zotlabs\Module\Admin;
 use \Michelf\MarkdownExtra;
 /**
 * @brief Admin area theme settings.
 */
 class Themes {
 	/**
 	 * @brief
 	 *
 	 */
 	function post() {
 		$theme = argv(2);
 		if (is_file("view/theme/$theme/php/config.php")){
 			require_once("view/theme/$theme/php/config.php");
-			// fixme add parent theme if derived
+			/// @FIXME add parent theme if derived
-			if (function_exists("theme_admin_post")){
+			if (function_exists('theme_admin_post')){
 				theme_admin_post($a);
 			}
 		}
@@ -23,17 +31,12 @@ class Themes {
 	}
 	/**
 	 * @brief Themes admin page.
 	 *
-	 * @return string
+	 * @return string with parsed HTML
 	 */
 	function get(){
 		$allowed_themes_str = get_config('system', 'allowed_themes');
 		$allowed_themes_raw = explode(',', $allowed_themes_str);
 		$allowed_themes = array();
@@ -87,7 +90,6 @@ class Themes {
 			}
 			// display theme details
 			require_once('library/markdown.php');
 			if ($this->theme_status($themes,$theme)) {
 				$status="on"; $action= t("Disable");
@@ -98,9 +100,9 @@ class Themes {
 			$readme=Null;
 			if (is_file("view/theme/$theme/README.md")){
 				$readme = file_get_contents("view/theme/$theme/README.md");
-				$readme = Markdown($readme);
+				$readme = MarkdownExtra::defaultTransform($readme);
 			} else if (is_file("view/theme/$theme/README")){
-				$readme = "<pre>". file_get_contents("view/theme/$theme/README") ."</pre>";
+				$readme = '<pre>'. file_get_contents("view/theme/$theme/README") .'</pre>';
 			}
 			$admin_form = '';
@@ -164,11 +166,12 @@ class Themes {
 	}
 	/**
-	 * @param array $themes
+	 * @brief Toggle a theme.
-	 * @param string $th
+	 *
-	 * @param int $result
+	 * @param array &$themes
 	 * @param[in] string $th
 	 * @param[out] int &$result
 	 */
 	function toggle_theme(&$themes, $th, &$result) {
 		for($x = 0; $x < count($themes); $x ++) {
@@ -204,7 +207,6 @@ class Themes {
 		return 0;
 	}
 	/**
 	 * @param array $themes
 	 * @return string
@@ -223,11 +225,4 @@ class Themes {
 		return $o;
 	}
 }
--- a/Zotlabs/Module/Ap_probe.php
+++ b/Zotlabs/Module/Ap_probe.php
@@ -0,0 +1,38 @@
 <?php
 namespace Zotlabs\Module;
 require_once('include/zot.php');
 class Ap_probe extends \Zotlabs\Web\Controller {
 	function get() {
 		$o .= '<h3>ActivityPub Probe Diagnostic</h3>';
 		$o .= '<form action="ap_probe" method="get">';
 		$o .= 'Lookup URI: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" /><br>';
 		$o .= 'Request Signed version: <input type=checkbox name="magenv" value="1" ><br>';
 		$o .= '<input type="submit" name="submit" value="Submit" /></form>'; 
 		$o .= '<br /><br />';
 		if(x($_GET,'addr')) {
 			$addr = $_GET['addr'];
 			if($_GET['magenv']) {
 				$headers = 'Accept: application/magic-envelope+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"';
 			}
 			else {
 				$headers = 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams"';
 			}
 			$redirects = 0;
 		    $x = z_fetch_url($addr,true,$redirects, [ 'headers' => [ $headers ]]);
 	    	if($x['success'])
 				$o .= '<pre>' . str_replace(['\\n','\\'],["\n",''],jindent($x['body'])) . '</pre>';
 		}
 		return $o;
 	}
 }
--- a/Zotlabs/Module/Api.php
+++ b/Zotlabs/Module/Api.php
@@ -3,10 +3,22 @@ namespace Zotlabs\Module;
 require_once('include/api.php');
 class Api extends \Zotlabs\Web\Controller {
 	function init() {
 		zot_api_init();
 		api_register_func('api/client/register', 'api_client_register', false);
 		api_register_func('api/oauth/request_token', 'api_oauth_request_token', false);
 		api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);
 		$args = [];
 		call_hooks('api_register',$args);
 		return;
 	}
 	function post() {
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
@@ -17,13 +29,13 @@ class Api extends \Zotlabs\Web\Controller {
 	function get() {
-		if(\App::$cmd=='api/oauth/authorize'){
+		if(\App::$cmd === 'api/oauth/authorize'){
 			/* 
 			 * api/oauth/authorize interact with the user. return a standard page
 			 */
-			\App::$page['template'] = "minimal";
+			\App::$page['template'] = 'minimal';
 			// get consumer/client from request token
 			try {
@@ -42,8 +54,8 @@ class Api extends \Zotlabs\Web\Controller {
 				$consumer = new OAuth1Consumer($app['client_id'], $app['pw'], $app['redirect_uri']);
-				$verifier = md5($app['secret'].local_channel());
+				$verifier = md5($app['secret'] . local_channel());
-				set_config("oauth", $verifier, local_channel());
+				set_config('oauth', $verifier, local_channel());
 				if($consumer->callback_url != null) {
--- a/Zotlabs/Module/Appman.php
+++ b/Zotlabs/Module/Appman.php
@@ -27,6 +27,7 @@ class Appman extends \Zotlabs\Web\Controller {
 				'price' => escape_tags($_REQUEST['price']),
 				'requires' => escape_tags($_REQUEST['requires']),
 				'system' => intval($_REQUEST['system']),
 				'plugin' => escape_tags($_REQUEST['plugin']),
 				'sig' => escape_tags($_REQUEST['sig']),
 				'categories' => escape_tags($_REQUEST['categories'])
 			);
@@ -36,7 +37,8 @@ class Appman extends \Zotlabs\Web\Controller {
 			if(Zlib\Apps::app_installed(local_channel(),$arr))
 				info( t('App installed.') . EOL);
-			return;
+			goaway(z_root() . '/apps');
 			return; //not reached
 		}
@@ -61,8 +63,13 @@ class Appman extends \Zotlabs\Web\Controller {
 			return;
 		}
 		if($_POST['feature']) {
 			Zlib\Apps::app_feature(local_channel(),$papp);
 		}
 		if($_SESSION['return_url']) 
 			goaway(z_root() . '/' . $_SESSION['return_url']);
 		goaway(z_root() . '/apps');
@@ -77,6 +84,20 @@ class Appman extends \Zotlabs\Web\Controller {
 		}
 		$channel = \App::get_channel();
 		if(argc() > 2) {
 			if(argv(2) === 'moveup') {
 				Zlib\Apps::moveup(local_channel(),argv(1));
 			}
 			if(argv(2) === 'movedown') {
 				Zlib\Apps::movedown(local_channel(),argv(1));
 			}
 			goaway(z_root() . '/apporder');
 		}
 		$app = null;
 		$embed = null;
 		if($_REQUEST['appid']) {
@@ -121,6 +142,7 @@ class Appman extends \Zotlabs\Web\Controller {
 			'$price' => array('price', t('Price of app'),(($app) ? $app['app_price'] : ''), ''),
 			'$page' => array('page', t('Location (URL) to purchase app'),(($app) ? $app['app_page'] : ''), ''),
 			'$system' => (($app) ? intval($app['app_system']) : 0),
 			'$plugin' => (($app) ? $app['app_plugin'] : ''),
 			'$requires' => (($app) ? $app['app_requires'] : ''),
 			'$embed' => $embed,
 			'$submit' => t('Submit')
--- a/Zotlabs/Module/Apporder.php
+++ b/Zotlabs/Module/Apporder.php
@@ -0,0 +1,40 @@
 <?php
 namespace Zotlabs\Module;
 use \Zotlabs\Lib as Zlib;
 class Apporder extends \Zotlabs\Web\Controller {
 	function post() {
 	}
 	function get() {
       $syslist = array();
        $list = Zlib\Apps::app_list(local_channel(), false, 'nav_featured_app');
        if($list) {
            foreach($list as $li) {
                $syslist[] = Zlib\Apps::app_encode($li);
            }
        }
        Zlib\Apps::translate_system_apps($syslist);
 	    usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');
    	$syslist = Zlib\Apps::app_order(local_channel(),$syslist);
 	    foreach($syslist as $app) {
    	    $nav_apps[] = Zlib\Apps::app_render($app,'nav-order');
 		}
 	return replace_macros(get_markup_template('apporder.tpl'),
 		[
 			'$header' => t('Change Order of Navigation Apps'),
 			'$desc' => t('Use arrows to move the corresponding app up or down in the display list'),
 			'$nav_apps' => $nav_apps
 		]
 	);
 	}
 }
--- a/Zotlabs/Module/Apps.php
+++ b/Zotlabs/Module/Apps.php
@@ -13,15 +13,14 @@ class Apps extends \Zotlabs\Web\Controller {
 		else
 			$mode = 'list';
-		$_SESSION['return_url'] = \App::$cmd;
+		$_SESSION['return_url'] = \App::$query_string;
 		$apps = array();
 		if(local_channel()) {
 			Zlib\Apps::import_system_apps();
 			$syslist = array();
-			$list = Zlib\Apps::app_list(local_channel(), false, $_GET['cat']);
+			$list = Zlib\Apps::app_list(local_channel(), (($mode == 'edit') ? true : false), $_GET['cat']);
 			if($list) {
 				foreach($list as $x) {
 					$syslist[] = Zlib\Apps::app_encode($x);
@@ -42,9 +41,12 @@ class Apps extends \Zotlabs\Web\Controller {
 		return replace_macros(get_markup_template('myapps.tpl'), array(
 			'$sitename' => get_config('system','sitename'),
-			'$cat' => ((array_key_exists('cat',$_GET) && $_GET['cat']) ? ' - ' . escape_tags($_GET['cat']) : ''),
+			'$cat' => ((array_key_exists('cat',$_GET) && $_GET['cat']) ? escape_tags($_GET['cat']) : ''),
 			'$title' => t('Apps'),
 			'$apps' => $apps,
 			'$authed' => ((local_channel()) ? true : false),
 			'$manage' => t('Manage apps'),
 			'$create' => (($mode == 'edit') ? t('Create new app') : '')
 		));
 	}
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -0,0 +1,71 @@
 <?php
 namespace Zotlabs\Module;
 class Authorize extends \Zotlabs\Web\Controller {
 	function get() {
 			// workaround for HTTP-auth in CGI mode
 			if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
 				$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
 				if(strlen($userpass)) {
 					list($name, $password) = explode(':', $userpass);
 					$_SERVER['PHP_AUTH_USER'] = $name;
 					$_SERVER['PHP_AUTH_PW'] = $password;
 				}
 			}
 			if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
 				$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
 				if(strlen($userpass)) {
 					list($name, $password) = explode(':', $userpass);
 					$_SERVER['PHP_AUTH_USER'] = $name;
 					$_SERVER['PHP_AUTH_PW'] = $password;
 				}
 			}
 	require_once('include/oauth2.php');
 	$request = \OAuth2\Request::createFromGlobals();
 	$response = new \OAuth2\Response();
 	// validate the authorize request
 	if (! $oauth2_server->validateAuthorizeRequest($request, $response)) {
 	    $response->send();
    	killme();
 	}
 	// display an authorization form
 	if (empty($_POST)) {
 	  return '
 <form method="post">
  <label>Do You Authorize TestClient?</label><br />
  <input type="submit" name="authorized" value="yes">
  <input type="submit" name="authorized" value="no">
 </form>';
 	}
 	// print the authorization code if the user has authorized your client
 	$is_authorized = ($_POST['authorized'] === 'yes');
 	$oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized);
 	if ($is_authorized) {
 		// this is only here so that you get to see your code in the cURL request. Otherwise, 
 		// we'd redirect back to the client
 		$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
 		echo("SUCCESS! Authorization Code: $code");
 	}
 	$response->send();
 	killme();
 	}
 }
--- a/Zotlabs/Module/Block.php
+++ b/Zotlabs/Module/Block.php
@@ -3,8 +3,6 @@ namespace Zotlabs\Module;
 require_once('include/items.php');
 require_once('include/conversation.php');
 require_once('include/page_widgets.php');
 class Block extends \Zotlabs\Web\Controller {
--- a/Zotlabs/Module/Bookmarks.php
+++ b/Zotlabs/Module/Bookmarks.php
@@ -7,6 +7,9 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 	function init() {
 		if(! local_channel())
 			return;
 		nav_set_selected(t('View Bookmarks'));
 		$item_id = intval($_REQUEST['item']);
 		$burl = trim($_REQUEST['burl']);
@@ -68,7 +71,8 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 		$channel = \App::get_channel();
-		$o = profile_tabs($a,true,$channel['channel_address']);
+		//$o = profile_tabs($a,true,$channel['channel_address']);
 		$o = '';
 		$o .= '<div class="generic-content-wrapper-styled">';
--- a/Zotlabs/Module/Cal.php
+++ b/Zotlabs/Module/Cal.php
@@ -86,7 +86,8 @@ class Cal extends \Zotlabs\Web\Controller {
 		$o = '';
-		$tabs = profile_tabs($a, True, $channel['channel_address']);
+		//$tabs = profile_tabs($a, True, $channel['channel_address']);
 		$tabs = '';
 		$mode = 'view';
 		$y = 0;
@@ -109,7 +110,7 @@ class Cal extends \Zotlabs\Web\Controller {
 			/* edit/create form */
 			if($event_id) {
-				$r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1",
+				$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
 					dbesc($event_id),
 					intval($channel['channel_id'])
 				);
@@ -209,6 +210,10 @@ class Cal extends \Zotlabs\Web\Controller {
 			$adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start);
 			$adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish);
 			if(! perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'view_contacts'))
 				$sql_extra .= " and etype != 'birthday' ";
 			if (x($_GET,'id')){
 			  	$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
 	                                from event left join item on resource_id = event_hash where resource_type = 'event' and event.uid = %d and event.id = %d $sql_extra limit 1",
@@ -224,7 +229,7 @@ class Cal extends \Zotlabs\Web\Controller {
 				$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
 	                              from event left join item on event_hash = resource_id 
-					where resource_type = 'event' and event.uid = %d $ignored 
+					where resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored 
 					AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' ) 
 					OR  (  adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) $sql_extra ",
 					intval($channel['channel_id']),
@@ -288,8 +293,8 @@ class Cal extends \Zotlabs\Web\Controller {
 						$title = strip_tags(html_entity_decode($title,ENT_QUOTES,'UTF-8'));
 					}
 					$html = format_event_html($rr);
-					$rr['desc'] = bbcode($rr['desc']);
+					$rr['desc'] = zidify_links(smilies(bbcode($rr['desc'])));
-					$rr['location'] = bbcode($rr['location']);
+					$rr['location'] = zidify_links(smilies(bbcode($rr['location'])));
 					$events[] = array(
 						'id'=>$rr['id'],
 						'hash' => $rr['event_hash'],
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -1,6 +1,6 @@
 <?php
 namespace Zotlabs\Module;
 namespace Zotlabs\Module;
 require_once('include/contact_widgets.php');
 require_once('include/items.php');
@@ -10,6 +10,10 @@ require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 require_once('include/permissions.php');
 /**
 * @brief Channel Controller
 *
 */
 class Channel extends \Zotlabs\Web\Controller {
 	function init() {
@@ -37,23 +41,29 @@ class Channel extends \Zotlabs\Web\Controller {
 			$profile = argv(1);
 		}
-		\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" title="' . t('Posts and comments') . '" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n" ;
+		head_add_link( [ 
-		\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" title="' . t('Only posts') . '" href="' . z_root() . '/feed/' . $which . '?top=1" />' . "\r\n" ;
+			'rel'   => 'alternate', 
 			'type'  => 'application/atom+xml',
 			'title' => t('Posts and comments'),
 			'href'  => z_root() . '/feed/' . $which
 		]);
 		head_add_link( [ 
 			'rel'   => 'alternate', 
 			'type'  => 'application/atom+xml',
 			'title' => t('Only posts'),
 			'href'  => z_root() . '/feed/' . $which . '?f=&top=1'
 		]);
 		// Not yet ready for prime time
 		//	\App::$page['htmlhead'] .= '<link rel="openid.server" href="' . z_root() . '/id/' . $which .'?f=" />' . "\r\n" ;
 		//	\App::$page['htmlhead'] .= '<link rel="openid.delegate" href="' . z_root() . '/channel/' . $which .'" />' . "\r\n" ;
 		// Run profile_load() here to make sure the theme is set before
 		// we start loading content
 		profile_load($which,$profile);
 	}
 	function get($update = 0, $load = false) {
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
@@ -72,6 +82,7 @@ class Channel extends \Zotlabs\Web\Controller {
 		$category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : '');
 		$hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
 		$static   = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
 		$groups = array();
@@ -83,7 +94,7 @@ class Channel extends \Zotlabs\Web\Controller {
 		}
 		else {
 			if(\App::$profile['profile_uid'] == local_channel()) {
-				nav_set_selected('home');
+				nav_set_selected(t('Channel Home'));
 			}
 		}
@@ -108,7 +119,9 @@ class Channel extends \Zotlabs\Web\Controller {
 		if(! $update) {
-			$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
+			$static = channel_manual_conv_update(\App::$profile['profile_uid']);
 			//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
 			$o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
@@ -174,6 +187,9 @@ class Channel extends \Zotlabs\Web\Controller {
 		if($load)
 			$simple_update = '';
 		if($static && $simple_update)
 			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
 		if(($update) && (! $load)) {
 			if($mid) {
@@ -185,7 +201,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				$_SESSION['loadtime'] = datetime_convert();
 			}
 			else {
-				$r = q("SELECT distinct parent AS `item_id`, created from item
+				$r = q("SELECT distinct parent AS item_id, created from item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 					WHERE uid = %d $item_normal
 					AND item_wall = 1 $simple_update
@@ -201,10 +217,10 @@ class Channel extends \Zotlabs\Web\Controller {
 		else {
 			if(x($category)) {
-			        $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
 			}
 			if(x($hashtags)) {
-			        $sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
 			}
 			if($datequery) {
@@ -220,15 +236,14 @@ class Channel extends \Zotlabs\Web\Controller {
 			if($load || ($checkjs->disabled())) {
 				if($mid) {
-					$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $item_normal
+					$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
 						AND item_wall = 1 $sql_extra limit 1",
-						dbesc($mid),
+						dbesc($mid . '%'),
 						intval(\App::$profile['profile_uid'])
 					);
 					if (! $r) {
 						notice( t('Permission denied.') . EOL);
 					}
 				}
 				else {
 					$r = q("SELECT distinct id AS item_id, created FROM item
@@ -251,10 +266,10 @@ class Channel extends \Zotlabs\Web\Controller {
 			$parents_str = ids_to_querystr($r,'item_id');
-			$items = q("SELECT `item`.*, `item`.`id` AS `item_id` 
+			$items = q("SELECT item.*, item.id AS item_id
-				FROM `item`
+				FROM item
-				WHERE `item`.`uid` = %d $item_normal
+				WHERE item.uid = %d $item_normal
-				AND `item`.`parent` IN ( %s )
+				AND item.parent IN ( %s )
 				$sql_extra ",
 				intval(\App::$profile['profile_uid']),
 				dbesc($parents_str)
@@ -270,8 +285,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				notice( t('Permission denied.') . EOL);
 			}
-		} 
+		} else {
 		else {
 			$items = array();
 		}
@@ -304,20 +318,21 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$nouveau' => '0',
 				'$wall' => '1',
 				'$fh' => '0',
 				'$static'  => $static,
 				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
 				'$search' => '',
 				'$xchan' => '',
 				'$order' => '',
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$file' => '',
-				'$cats' => (($category) ? $category : ''),
+				'$cats' => (($category) ? urlencode($category) : ''),
-				'$tags' => (($hashtags) ? $hashtags : ''),
+				'$tags' => (($hashtags) ? urlencode($hashtags) : ''),
 				'$mid' => $mid,
 				'$verb' => '',
 				'$dend' => $datequery,
 				'$dbegin' => $datequery2
 			));
 		}
 		$update_unseen = '';
@@ -350,10 +365,10 @@ class Channel extends \Zotlabs\Web\Controller {
 		if($checkjs->disabled()) {
-			$o .= conversation($a,$items,'channel',$update,'traditional');
+			$o .= conversation($items,'channel',$update,'traditional');
 		}
 		else {
-			$o .= conversation($a,$items,'channel',$update,$page_mode);
+			$o .= conversation($items,'channel',$update,$page_mode);
 		}
 		if((! $update) || ($checkjs->disabled())) {
--- a/Zotlabs/Module/Chanview.php
+++ b/Zotlabs/Module/Chanview.php
@@ -59,6 +59,8 @@ class Chanview extends \Zotlabs\Web\Controller {
 				logger('mod_chanview: constructed address ' . print_r($matches,true)); 
 			}
 			$r = null;
 			if($_REQUEST['address']) {
 				$j = \Zotlabs\Zot\Finger::run($_REQUEST['address'],null);
 				if($j['success']) {
@@ -66,40 +68,79 @@ class Chanview extends \Zotlabs\Web\Controller {
 					$r = q("select * from xchan where xchan_addr = '%s' limit 1",
 						dbesc($_REQUEST['address'])
 					);
-					if($r)
+					if($r) {
 						\App::$poi = $r[0];
 					}
 				}
 				if(! $r) {
 					if(discover_by_webbie($_REQUEST['address'])) {
 						$r = q("select * from xchan where xchan_addr = '%s' limit 1",
 							dbesc($_REQUEST['address'])
 						);
 						if($r) {
 							\App::$poi = $r[0];
 						}
 					}
 				}
 			}
 		}
 		if(! \App::$poi) {
 			//		We don't know who this is, and we can't figure it out from the URL
 			//		On the plus side, there's a good chance we know somebody else at that 
 			//		hub so sending them there with a Zid will probably work anyway.
 			$url = ($_REQUEST['url']);
 			if(! $url) {
 				notice( t('Channel not found.') . EOL);
 				return;
 			}
 			if($observer)
 				$url = zid($url);
 		}
 		$is_zot = false;
 		$connected = false;
 		if (\App::$poi) {
 			$url = \App::$poi['xchan_url'];
-		if($observer)
+			if(\App::$poi['xchan_network'] === 'zot') {
 				$is_zot = true;
 			}			
 			if(local_channel()) {
 				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s' limit 1",
 					intval(local_channel()),
 					dbesc(\App::$poi['xchan_hash'])
 				);
 				if($c)
 					$connected = true;
 			}
 		}
 		// We will load the chanview template if it's a foreign network, 
 		// just so that we can provide a connect button along with a profile
 		// photo. Chances are we can't load the remote profile into an iframe
 		// because of cross-domain security headers. So provide a link to
 		// the remote profile. 
 		// If we are already connected, just go to the profile.
 		// Zot channels will usually have a connect link.
 		if($is_zot || $connected) {
 			if($is_zot && $observer) {
 				$url = zid($url);
 			}
 		// let somebody over-ride the iframed viewport presentation
 		// or let's just declare this a failed experiment.
 	//	if((! local_channel()) || (get_pconfig(local_channel(),'system','chanview_full')))
 			goaway($url);
 		}
 		else {	
 			$o = replace_macros(get_markup_template('chanview.tpl'),array(
 				'$url' => $url,
 				'$full' => t('toggle full screen mode')
 			));
-	//	$o = replace_macros(get_markup_template('chanview.tpl'),array(
+			return $o;
-	//		'$url' => $url,
+		}
 	//		'$full' => t('toggle full screen mode')
 	//	));
 	//	return $o;
 	}
 }
--- a/Zotlabs/Module/Chat.php
+++ b/Zotlabs/Module/Chat.php
@@ -34,8 +34,6 @@ class Chat extends \Zotlabs\Web\Controller {
 			$profile = argv(1);		
 		}
 		\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which .'" />' . "\r\n" ;
 		// Run profile_load() here to make sure the theme is set before
 		// we start loading content
@@ -91,8 +89,10 @@ class Chat extends \Zotlabs\Web\Controller {
 	function get() {
-		if(local_channel())
+		if(local_channel()) {
 			$channel = \App::get_channel();
 			nav_set_selected(t('My Chatrooms'));
 		}
 		$ob = \App::get_observer();
 		$observer = get_observer_hash();
@@ -212,7 +212,8 @@ class Chat extends \Zotlabs\Web\Controller {
 		require_once('include/conversation.php');
-		$o = profile_tabs($a,((local_channel() && local_channel() == \App::$profile['profile_uid']) ? true : false),\App::$profile['channel_address']);
+		//$o = profile_tabs($a,((local_channel() && local_channel() == \App::$profile['profile_uid']) ? true : false),\App::$profile['channel_address']);
 		$o = '';
 		if(! feature_enabled(\App::$profile['profile_uid'],'ajaxchat')) {
 			notice( t('Feature disabled.') . EOL);
--- a/Zotlabs/Module/Chatsvc.php
+++ b/Zotlabs/Module/Chatsvc.php
@@ -111,8 +111,22 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 				intval(\App::$data['chat']['room_id'])
 			);
 			if($r) {
-				foreach($r as $rr) {
+				foreach($r as $rv) {
-					switch($rr['cp_status']) {
+					if(! $rv['xchan_name']) {
 						$rv['xchan_hash'] =  $rv['cp_xchan'];
 						$rv['xchan_name'] = substr($rv['cp_xchan'],strrpos($rv['cp_xchan'],'.')+1);
 						$rv['xchan_addr'] = '';
 						$rv['xchan_network'] = 'unknown';
 						$rv['xchan_url'] = z_root();
 						$rv['xchan_hidden'] = 1;
 						$rv['xchan_photo_mimetype'] = 'image/jpeg';
 						$rv['xchan_photo_l'] = get_default_profile_photo(300); 
 						$rv['xchan_photo_m'] = get_default_profile_photo(80); 
 						$rv['xchan_photo_s'] = get_default_profile_photo(48); 
 					}
 					switch($rv['cp_status']) {
 						case 'away':
 							$status = t('Away');
 							$status_class = 'away';
@@ -124,7 +138,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 							break;
 					}
-					$inroom[] = array('img' => zid($rr['xchan_photo_m']), 'img_type' => $rr['xchan_photo_mimetype'],'name' => $rr['xchan_name'], 'status' => $status, 'status_class' => $status_class);
+					$inroom[] = array('img' => zid($rv['xchan_photo_m']), 'img_type' => $rv['xchan_photo_mimetype'],'name' => $rv['xchan_name'], 'status' => $status, 'status_class' => $status_class);
 				}
 			}
@@ -143,7 +157,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 						'name' => $rr['xchan_name'],
 						'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'),
 						'localtime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'r'),
-						'text' => smilies(bbcode($rr['chat_text'])),
+						'text' => zidify_links(smilies(bbcode($rr['chat_text']))),
 						'self' => ((get_observer_hash() == $rr['chat_xchan']) ? 'self' : '')
 					);
 				}
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -1,7 +1,7 @@
 <?php
 namespace Zotlabs\Module;
 /**
- * @file mod/cloud.php
+ * @file Zotlabs/Module/Cloud.php
 * @brief Initialize Hubzilla's cloud (SabreDAV).
 *
 * Module for accessing the DAV storage area.
@@ -17,14 +17,15 @@ require_once('include/attach.php');
 /**
- * @brief Fires up the SabreDAV server.
+ * @brief Cloud Module.
 *
 * @param App &$a
 */
 class Cloud extends \Zotlabs\Web\Controller {
 	/**
 	 * @brief Fires up the SabreDAV server.
 	 *
 	 */
 	function init() {
 		if (! is_dir('store'))
@@ -36,8 +37,6 @@ class Cloud extends \Zotlabs\Web\Controller {
 		$profile = 0;
 		\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
 		if ($which)
 			profile_load( $which, $profile);
@@ -58,16 +57,12 @@ class Cloud extends \Zotlabs\Web\Controller {
 			$auth->observer = $ob_hash;
 		}
 		if ($_GET['davguest'])
 			$_SESSION['davguest'] = true;
 		$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
 		$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
 		$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
 		$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
 		$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
 		$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
 		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
@@ -91,12 +86,13 @@ class Cloud extends \Zotlabs\Web\Controller {
 	//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
 	//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
-		ob_start();
+//		ob_start();
 		// All we need to do now, is to fire up the server
 		$server->exec();
-		ob_end_flush();
+//		ob_end_flush();
-
+		if($browser->build_page)
 			construct_page();
 		killme();
 	}
--- a/Zotlabs/Module/Connections.php
+++ b/Zotlabs/Module/Connections.php
@@ -5,10 +5,6 @@ namespace Zotlabs\Module;
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
 require_once('include/group.php');
 require_once('include/contact_widgets.php');
 require_once('include/zot.php');
 require_once('include/widgets.php');
 class Connections extends \Zotlabs\Web\Controller {
@@ -34,6 +30,8 @@ class Connections extends \Zotlabs\Web\Controller {
 			return login();
 		}
 		nav_set_selected(t('Connections'));
 		$blocked     = false;
 		$hidden      = false;
 		$ignored     = false;
@@ -67,15 +65,14 @@ class Connections extends \Zotlabs\Web\Controller {
 					$hidden = true;
 					break;
 				case 'archived':
-					$search_flags = " and abook_archived = 1 ";
+					$search_flags = " and ( abook_archived = 1 OR abook_not_here = 1) ";
-					$head = t('Archived');
+					$head = t('Archived/Unreachable');
 					$archived = true;
 					break;
 				case 'pending':
 					$search_flags = " and abook_pending = 1 ";
 					$head = t('New');
 					$pending = true;
 					nav_set_selected('intros');
 					break;
 				case 'ifpending':
 					$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ",
@@ -85,7 +82,6 @@ class Connections extends \Zotlabs\Web\Controller {
 						$search_flags = " and abook_pending = 1 ";
 						$head = t('New');
 						$pending = true;
 						nav_set_selected('intros');
 						\App::$argv[1] = 'pending';
 					}
 					else {
@@ -95,7 +91,6 @@ class Connections extends \Zotlabs\Web\Controller {
 						\App::$argc = 1;
 						unset(\App::$argv[1]);
 					}
 					nav_set_selected('intros');
 					break;
 	//			case 'unconnected':
 	//				$search_flags = " and abook_unconnected = 1 ";
@@ -172,10 +167,10 @@ class Connections extends \Zotlabs\Web\Controller {
 			),
 			'archived' => array(
-				'label' => t('Archived'),
+				'label' => t('Archived/Unreachable'),
 				'url'   => z_root() . '/connections/archived',
 				'sel'   => ($archived) ? 'active' : '',
-				'title' => t('Only show archived connections'),
+				'title' => t('Only show archived/unreachable connections'),
 			),
 			'hidden' => array(
@@ -228,18 +223,27 @@ class Connections extends \Zotlabs\Web\Controller {
 		$contacts = array();
-		if(count($r)) {
+		if($r) {
 			vcard_query($r);
 			foreach($r as $rr) {
 				if($rr['xchan_url']) {
 					if(($rr['vcard']) && is_array($rr['vcard']['tels']) && $rr['vcard']['tels'][0]['nr'])
 						$phone = ((\App::$is_mobile || \App::$is_tablet) ? $rr['vcard']['tels'][0]['nr'] : '');
 					else
 						$phone = '';
 					$status_str = '';
 					$status = array(
 						((intval($rr['abook_pending'])) ? t('Pending approval') : ''),
 						((intval($rr['abook_archived'])) ? t('Archived') : ''),
 						((intval($rr['abook_hidden'])) ? t('Hidden') : ''),
 						((intval($rr['abook_ignored'])) ? t('Ignored') : ''),
-						((intval($rr['abook_blocked'])) ? t('Blocked') : '')
+						((intval($rr['abook_blocked'])) ? t('Blocked') : ''),
 						((intval($rr['abook_not_here'])) ? t('Not connected at this location') : '')
 					);
 					foreach($status as $str) {
@@ -253,20 +257,23 @@ class Connections extends \Zotlabs\Web\Controller {
 					$contacts[] = array(
 						'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']),
 						'edit_hover' => t('Edit connection'),
 						'edit' => t('Edit'),
 						'delete_hover' => t('Delete connection'),
 						'id' => $rr['abook_id'],
 						'thumb' => $rr['xchan_photo_m'], 
 						'name' => $rr['xchan_name'],
-						'classes' => (intval($rr['abook_archived']) ? 'archived' : ''),
+						'classes' => ((intval($rr['abook_archived']) || intval($rr['abook_not_here'])) ? 'archived' : ''),
 						'link' => z_root() . '/connedit/' . $rr['abook_id'],
 						'deletelink' => z_root() . '/connedit/' . intval($rr['abook_id']) . '/drop',
 						'delete' => t('Delete'),
-						'url' => chanlink_url($rr['xchan_url']),
+						'url' => chanlink_hash($rr['xchan_hash']),
 						'webbie_label' => t('Channel address'),
 						'webbie' => $rr['xchan_addr'],
 						'network_label' => t('Network'),
 						'network' => network_to_name($rr['xchan_network']),
 						'public_forum' => ((intval($rr['xchan_pubforum'])) ? true : false),
 						'call' => t('Call'),
 						'phone' => $phone,
 						'status_label' => t('Status'),
 						'status' => $status_str,
 						'connected_label' => t('Connected'),
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -11,9 +11,6 @@ namespace Zotlabs\Module;
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
 require_once('include/group.php');
 require_once('include/contact_widgets.php');
 require_once('include/zot.php');
 require_once('include/widgets.php');
 require_once('include/photos.php');
@@ -37,16 +34,18 @@ class Connedit extends \Zotlabs\Web\Controller {
 				intval(argv(1))
 			);
 			if($r) {
-				\App::$poi = $r[0];
+				\App::$poi = array_shift($r);
 			}
 		}
 		$channel = \App::get_channel();
 		if($channel)
 			head_set_icon($channel['xchan_photo_s']);
 	}
 	/* @brief Evaluate posted values and set changes
 	 *
 	 */
@@ -84,6 +83,12 @@ class Connedit extends \Zotlabs\Web\Controller {
 		call_hooks('contact_edit_post', $_POST);
 		$vc = get_abconfig(local_channel(),$orig_record['abook_xchan'],'system','vcard');
 		$vcard = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); 
 		$serialised_vcard = update_vcard($_REQUEST,$vcard);
 		if($serialised_vcard)
 			set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'system','vcard',$serialised_vcard);
 		if(intval($orig_record[0]['abook_self'])) {
 			$autoperms = intval($_POST['autoperms']);
 			$is_self = true;
@@ -96,7 +101,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 		$profile_id = $_POST['profile_assign'];
 		if($profile_id) {
-			$r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1",
+			$r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND uid = %d LIMIT 1",
 				dbesc($profile_id),
 				intval(local_channel())
 			);
@@ -204,6 +209,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 		}
 		if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) {
 			$new_friend = true;
 			// @fixme it won't be common, but when you accept a new connection request
@@ -213,21 +219,13 @@ class Connedit extends \Zotlabs\Web\Controller {
 			// request. The workaround is to approve the connection, then go back and
 			// adjust permissions as desired.
-			$abook_my_perms = get_channel_default_perms(local_channel());
+			$p = \Zotlabs\Access\Permissions::connect_perms(local_channel());
-	
+			$my_perms = $p['perms'];
-			$role = get_pconfig(local_channel(),'system','permissions_role');
+			if($my_perms) {
-			if($role) {
+				foreach($my_perms as $k => $v) {
 				$x = \Zotlabs\Access\PermissionRoles::role_perms($role);
 				if($x['perms_connect']) {
 					$abook_my_perms = $x['perms_connect'];
 				}
 			}
 			$filled_perms = \Zotlabs\Access\Permissions::FilledPerms($abook_my_perms);
 			foreach($filled_perms as $k => $v) {
 					set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v);
 				}
-
+			}
 		}
 		$abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']);
@@ -244,14 +242,6 @@ class Connedit extends \Zotlabs\Web\Controller {
 			intval(local_channel())
 		);
 		if($orig_record[0]['abook_profile'] != $profile_id) {
 			//Update profile photo permissions
 			logger('A new profile was assigned - updating profile photos');
 			profile_photo_set_profile_perms(local_channel(),$profile_id);
 		}
 		if($r)
 			info( t('Connection updated.') . EOL);
 		else
@@ -365,7 +355,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 				intval(\App::$poi['abook_id'])
 			);
 			if($r) {
-				\App::$poi = $r[0];
+				\App::$poi = array_shift($r);
 			}
 			$clone = \App::$poi;
@@ -396,31 +386,24 @@ class Connedit extends \Zotlabs\Web\Controller {
 			return login();
 		}
 		$section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : '');
 		$channel = \App::get_channel();
 		$my_perms = get_channel_default_perms(local_channel());
 		$role = get_pconfig(local_channel(),'system','permissions_role');
 		if($role) {
 			$x = \Zotlabs\Access\PermissionRoles::role_perms($role);
 			if($x['perms_connect'])
 				$my_perms = $x['perms_connect'];
 		}
 		$yes_no = array(t('No'),t('Yes'));
-		if($my_perms) {
+		$connect_perms = \Zotlabs\Access\Permissions::connect_perms(local_channel());
 		$o .= "<script>function connectDefaultShare() {
 		\$('.abook-edit-me').each(function() {
 			if(! $(this).is(':disabled'))
 				$(this).prop('checked', false);
 		});\n\n";
-			$perms = get_perms();
+		foreach($connect_perms['perms'] as $p => $v) {
-			foreach($perms as $p => $v) {
+			if($v) {
 				if($my_perms & $v[1]) {
 				$o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n";
 			}
 		}
 		$o .= " }\n</script>\n";
 		}
 		if(argc() == 3) {
@@ -447,8 +430,36 @@ class Connedit extends \Zotlabs\Web\Controller {
 				goaway(z_root() . '/connedit/' . $contact_id);
 			}
 			if($cmd === 'fetchvc') {
 				$url = str_replace('/channel/','/profile/',$orig_record[0]['xchan_url']) . '/vcard';
 				$recurse = 0;
 				$x = z_fetch_url(zid($url),false,$recurse,['session' => true]);
 				if($x['success']) {
 					$h = new \Zotlabs\Web\HTTPHeaders($x['header']);
 					$fields = $h->fetch();
 					if($fields) {
 						foreach($fields as $y) {
 							 if(array_key_exists('content-type',$y)) {
 								$type = explode(';',trim($y['content-type']));
 								if($type && $type[0] === 'text/vcard' && $x['body']) {
 									$vc = \Sabre\VObject\Reader::read($x['body']);
 									$vcard = $vc->serialize();
 									if($vcard) {
 										set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'system','vcard',$vcard);
 										$this->connedit_clone($a);
 									}
 								}
 							}
 						}
 					}
 				}
 				goaway(z_root() . '/connedit/' . $contact_id);
 			}
 			if($cmd === 'resetphoto') {
-				q("update xchan set xchan_photo_date = '2001-01-01 00:00:00' where xchan_hash = '%s' limit 1",
+				q("update xchan set xchan_photo_date = '2001-01-01 00:00:00' where xchan_hash = '%s'",
 					dbesc($orig_record[0]['xchan_hash'])
 				);
 				$cmd = 'refresh';
@@ -521,10 +532,11 @@ class Connedit extends \Zotlabs\Web\Controller {
 			if($cmd === 'drop') {
-	// FIXME
+				// @FIXME
 				// We need to send either a purge or a refresh packet to the other side (the channel being unfriended).
-	// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier runs
+				// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier
-	// in the background there could be a race condition preventing this packet from being sent in all cases.
+				// runs in the background there could be a race condition preventing this packet from being sent in all
 				// cases.
 				// PLACEHOLDER
 				contact_remove(local_channel(), $orig_record[0]['abook_id']);
@@ -545,9 +557,33 @@ class Connedit extends \Zotlabs\Web\Controller {
 		if(\App::$poi) {
 			$abook_prev = 0;
 			$abook_next = 0;
 			$contact_id = \App::$poi['abook_id'];
 			$contact = \App::$poi;
 			$cn = q("SELECT abook_id, xchan_name from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 order by xchan_name",
 				intval(local_channel())
 			);
 			if($cn) {
 				$pntotal = count($cn);
 				for($x = 0; $x < $pntotal; $x ++) {
 					if($cn[$x]['abook_id'] == $contact_id) {
 						if($x === 0)
 							$abook_prev = 0;
 						else
 							$abook_prev = $cn[$x - 1]['abook_id'];
 						if($x === $pntotal)
 							$abook_next = 0;
 						else
 							$abook_next = $cn[$x +1]['abook_id'];
 					}
 				}
 			}
 			$tools = array(
 				'view' => array(
@@ -564,6 +600,13 @@ class Connedit extends \Zotlabs\Web\Controller {
 					'title' => t('Fetch updated permissions'),
 				),
 				'rephoto' => array(
 					'label' => t('Refresh Photo'),
 					'url'   => z_root() . '/connedit/' . $contact['abook_id'] . '/resetphoto',
 					'sel'   => '',
 					'title' => t('Fetch updated photo'),
 				),
 				'recent' => array(
 					'label' => t('Recent Activity'),
 					'url'   => z_root() . '/network/?f=&cid=' . $contact['abook_id'],
@@ -612,22 +655,59 @@ class Connedit extends \Zotlabs\Web\Controller {
 			);
 			if($contact['xchan_network'] === 'zot') {
 				$tools['fetchvc'] = [
 					'label' => t('Fetch Vcard'),
 					'url'    => z_root() . '/connedit/' . $contact['abook_id'] . '/fetchvc',
 					'sel'   => '',
 					'title' => t('Fetch electronic calling card for this connection')
 				];
 			}
 			$sections = [];
 			$sections['perms'] = [
 					'label' => t('Permissions'),
 					'url'   => z_root() . '/connedit/' . $contact['abook_id'] . '/?f=&section=perms',
 					'sel'   => '',
 					'title' => t('Open Individual Permissions section by default'),
 			];
 			$self = false;
-			if(intval($contact['abook_self']))
+			if(intval($contact['abook_self'])) {
 				$self = true;
 				$abook_prev = $abook_next = 0;
 			}
 			$vc = get_abconfig(local_channel(),$contact['abook_xchan'],'system','vcard');
 			$vctmp = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); 
 			$vcard = (($vctmp) ? get_vcard_array($vctmp,$contact['abook_id']) : [] );
 			if(! $vcard)
 				$vcard['fn'] = $contact['xchan_name'];
 			$tpl = get_markup_template("abook_edit.tpl");
 			if(feature_enabled(local_channel(),'affinity')) {
-				$labels = array(
+				$sections['affinity'] = [
 					'label' => t('Affinity'),
 					'url'   => z_root() . '/connedit/' . $contact['abook_id'] . '/?f=&section=affinity',
 					'sel'   => '',
 					'title' => t('Open Set Affinity section by default'),
 				];
 				$labels = [
 					t('Me'),
 					t('Family'),
 					t('Friends'),
 					t('Acquaintances'),
 					t('All')
-				);
+				];
 				call_hooks('affinity_labels',$labels);
 				$label_str = '';
@@ -650,6 +730,15 @@ class Connedit extends \Zotlabs\Web\Controller {
 				));
 			}
 			if(feature_enabled(local_channel(),'connfilter')) {
 				$sections['filter'] = [
 					'label' => t('Filter'),
 					'url'   => z_root() . '/connedit/' . $contact['abook_id'] . '/?f=&section=filter',
 					'sel'   => '',
 					'title' => t('Open Custom Filter section by default'),
 				];
 			}
 			$rating_val = 0;
 			$rating_text = '';
@@ -724,6 +813,15 @@ class Connedit extends \Zotlabs\Web\Controller {
 				$perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
 			}
 			$pcat = new \Zotlabs\Lib\Permcat(local_channel());
 			$pcatlist = $pcat->listing();
 			$permcats = [];
 			if($pcatlist) {
 				foreach($pcatlist as $pc) {
 					$permcats[$pc['name']] = $pc['localname'];
 				}
 			}
 			$locstr = '';
 			$locs = q("select hubloc_addr as location from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s'
@@ -745,14 +843,36 @@ class Connedit extends \Zotlabs\Web\Controller {
 			else
 				$locstr = t('none');
-			$o .= replace_macros($tpl,array(
+			$clone_warn = '';
 			$clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false);
 			if(! $clonable) {
 				$clone_warn = '<strong>';
 				$clone_warn .= ((intval($contact['abook_not_here'])) 
 					? t('This connection is unreachable from this location.')
 					: t('This connection may be unreachable from other channel locations.')
 				);
 				$clone_warn .= '</strong><br>' . t('Location independence is not supported by their network.');
 			}
 			if(intval($contact['abook_not_here']) && $unclonable)
 				$not_here = t('This connection is unreachable from this location. Location independence is not supported by their network.');
 			$o .= replace_macros($tpl, [
 				'$header'         => (($self) ? t('Connection Default Permissions') : sprintf( t('Connection: %s'),$contact['xchan_name'])),
 				'$autoperms'      => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('Connection requests will be approved without your interaction'), $yes_no),
 				'$permcat'        => [ 'permcat', t('Permission role'), '', '',$permcats ],
 				'$permcat_new'    => t('Add permission role'),
 				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
 				'$addr'           => $contact['xchan_addr'],
 				'$section'        => $section,
 				'$sections'       => $sections,
 				'$vcard'          => $vcard,
 				'$addr_text'      => t('This connection\'s primary address is'),
 				'$loc_text'       => t('Available locations:'),
 				'$locstr'         => $locstr,
 				'$unclonable'     => $clone_warn,
 				'$notself'        => (($self) ? '' : '1'),
 				'$self'           => (($self) ? '1' : ''),
 				'$autolbl'        => t('The permissions indicated on this page will be applied to all new connections.'),
@@ -787,12 +907,42 @@ class Connedit extends \Zotlabs\Web\Controller {
 				'$permnote_self'  => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can change those settings here but they wont have any impact unless the inherited setting changes.'),
 				'$lastupdtext'    => t('Last update:'),
 				'$last_update'    => relative_date($contact['abook_connected']),
 				'$is_mobile'      => ((\App::$is_mobile || \App::$is_tablet) ? true : false),
 				'$profile_select' => contact_profile_assign($contact['abook_profile']),
 				'$multiprofs'     => $multiprofs,
 				'$contact_id'     => $contact['abook_id'],
 				'$name'           => $contact['xchan_name'],
-	
+				'$abook_prev'     => $abook_prev,
-			));
+				'$abook_next'     => $abook_next,
 				'$vcard_label'    => t('Details'),	
 				'$displayname'    => $displayname,
 				'$name_label'     => t('Name'),
 				'$org_label'      => t('Organisation'),
 				'$title_label'    => t('Title'),
 				'$tel_label'      => t('Phone'),
 				'$email_label'    => t('Email'),
 				'$impp_label'     => t('Instant messenger'),
 				'$url_label'      => t('Website'),
 				'$adr_label'      => t('Address'),
 				'$note_label'     => t('Note'),
 				'$mobile'         => t('Mobile'),
 				'$home'           => t('Home'),
 				'$work'           => t('Work'),
 				'$other'          => t('Other'),
 				'$add_card'       => t('Add Contact'),
 				'$add_field'      => t('Add Field'),
 				'$create'         => t('Create'),
 				'$update'         => t('Update'),
 				'$delete'         => t('Delete'),
 				'$cancel'         => t('Cancel'),
 				'$po_box'         => t('P.O. Box'),
 				'$extra'          => t('Additional'),
 				'$street'         => t('Street'),
 				'$locality'       => t('Locality'),
 				'$region'         => t('Region'),
 				'$zip_code'       => t('ZIP Code'),
 				'$country'        => t('Country')
 			]);
 			$arr = array('contact' => $contact,'output' => $o);
@@ -801,8 +951,5 @@ class Connedit extends \Zotlabs\Web\Controller {
 			return $arr['output'];
 		}	
 	}
 }
--- a/Zotlabs/Module/Contactgroup.php
+++ b/Zotlabs/Module/Contactgroup.php
@@ -23,7 +23,7 @@ class Contactgroup extends \Zotlabs\Web\Controller {
 		if((argc() > 1) && (intval(argv(1)))) {
-			$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1",
+			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);
--- a/Zotlabs/Module/Cover_photo.php
+++ b/Zotlabs/Module/Cover_photo.php
@@ -23,19 +23,17 @@ require_once('include/channel.php');
 class Cover_photo extends \Zotlabs\Web\Controller {
 	function init() {
 		if(! local_channel()) {
 			return;
 		}
 		$channel = \App::get_channel();
 		profile_load($channel['channel_address']);	
 	}
-	/* @brief Evaluate posted values
+	/**
 	 * @brief Evaluate posted values
 	 *
 	 * @param $a Current application
 	 * @return void
 	 *
 	 */
@@ -88,7 +86,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			if($r) {
 				$base_image = $r[0];
-				$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents($base_image['content']) : dbunescbin($base_image['content']));
+				$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($base_image['content'])) : dbunescbin($base_image['content']));
 				$im = photo_factory($base_image['content'], $base_image['mimetype']);
 				if($im->is_valid()) {
@@ -130,8 +128,15 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 					$aid = get_account_id();
-					$p = array('aid' => $aid, 'uid' => local_channel(), 'resource_id' => $base_image['resource_id'],
+					$p = [ 
-						'filename' => $base_image['filename'], 'album' => t('Cover Photos'));
+						'aid'          => $aid, 
 						'uid'          => local_channel(), 
 						'resource_id'  => $base_image['resource_id'],
 						'filename'     => $base_image['filename'], 
 						'album'        => t('Cover Photos'),
 						'os_path'      => $base_image['os_path'],
 						'display_path' => $base_image['display_path']
 					];
 					$p['imgscale'] = 7;
 					$p['photo_usage'] = PHOTO_COVER;
@@ -199,7 +204,6 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 				$os_storage = intval($ii['os_storage']);
 				$imagedata  = $ii['content'];
 				$filetype   = $ii['mimetype'];
 			}
 		}
@@ -263,10 +267,10 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 	}
-	/* @brief Generate content of profile-photo view
+	/**
 	 * @brief Generate content of profile-photo view
 	 *
-	 * @param $a Current application
+	 * @return string
 	 * @return void
 	 *
 	 */
@@ -309,7 +313,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 					$havescale = true;
 			}
-			$r = q("SELECT `content`, `mimetype`, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1",
+			$r = q("SELECT content, mimetype, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1",
 				intval($r[0]['id']),
 				intval(local_channel())
@@ -320,7 +324,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			}
 			if(intval($r[0]['os_storage']))
-				$data = @file_get_contents($r[0]['content']);
+				$data = @file_get_contents(dbunescbin($r[0]['content']));
 			else
 				$data = dbunescbin($r[0]['content']); 
@@ -357,7 +361,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 				'$submit'              => t('Upload'),
 				'$profiles'            => $profiles,
 				'$form_security_token' => get_form_security_token("cover_photo"),
-	// FIXME - yuk  
+					/// @FIXME - yuk  
 				'$select'              => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="'. z_root() . '/photos/' . \App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>')
 			));
@@ -393,8 +397,6 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 	 *
 	 */
 	function cover_photo_crop_ui_head(&$a, $ph, $hash, $smallest){
 		$max_length = get_config('system','max_image_length');
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -1,29 +1,24 @@
 <?php
 namespace Zotlabs\Module;
 /**
- * @file mod/dav.php
+ * @file Zotlabs/Module/Dav.php
 * @brief Initialize Hubzilla's cloud (SabreDAV).
 *
 * Module for accessing the DAV storage area from a DAV client.
 */
 namespace Zotlabs\Module;
 use \Sabre\DAV as SDAV;
 use \Zotlabs\Storage;
 // composer autoloader for SabreDAV
 require_once('vendor/autoload.php');
 require_once('include/attach.php');
 /**
 * @brief Fires up the SabreDAV server.
 *
 * @param App &$a
 */
 class Dav extends \Zotlabs\Web\Controller {
 	/**
 	 * @brief Fires up the SabreDAV server.
 	 *
 	 */
 	function init() {
 		// workaround for HTTP-auth in CGI mode
@@ -76,7 +71,6 @@ class Dav extends \Zotlabs\Web\Controller {
 		$auth->setBrowserPlugin($browser);
 		// Experimental QuotaPlugin
 		// require_once('Zotlabs/Storage/QuotaPlugin.php');
 		// $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
 		// All we need to do now, is to fire up the server
--- a/Zotlabs/Module/Directory.php
+++ b/Zotlabs/Module/Directory.php
@@ -1,9 +1,9 @@
 <?php
 namespace Zotlabs\Module;
 require_once('include/socgraph.php');
 require_once('include/dir_fns.php');
 require_once('include/widgets.php');
 require_once('include/bbcode.php');
@@ -67,6 +67,7 @@ class Directory extends \Zotlabs\Web\Controller {
 		$observer = get_observer_hash();
 		$globaldir = get_directory_setting($observer, 'globaldir');
 		// override your personal global search pref if we're doing a navbar search of the directory
 		if(intval($_REQUEST['navsearch']))
 			$globaldir = 1;
@@ -76,7 +77,7 @@ class Directory extends \Zotlabs\Web\Controller {
 		$pubforums = get_directory_setting($observer, 'pubforums');
 		$o = '';
-		nav_set_selected('directory');
+		nav_set_selected(t('Directory'));
 		if(x($_POST,'search'))
 			$search = notags(trim($_POST['search']));
@@ -232,7 +233,7 @@ class Directory extends \Zotlabs\Web\Controller {
 							$age = '';
 							if(strlen($rr['birthday'])) {
-								if(($years = age($rr['birthday'],'UTC','')) != 0)
+								if(($years = age($rr['birthday'],'UTC','')) > 0)
 									$age = $years;
 							}
@@ -261,7 +262,7 @@ class Directory extends \Zotlabs\Web\Controller {
 							$hometown = ((x($profile,'hometown') == 1) ? $profile['hometown']  : False);
-							$about = ((x($profile,'about') == 1) ? bbcode($profile['about']) : False);
+							$about = ((x($profile,'about') == 1) ? zidify_links(bbcode($profile['about'])) : False);
 							$keywords = ((x($profile,'keywords')) ? $profile['keywords'] : '');
--- a/Zotlabs/Module/Dirsearch.php
+++ b/Zotlabs/Module/Dirsearch.php
@@ -185,7 +185,7 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 		else {
 			$qlimit = " LIMIT " . intval($perpage) . " OFFSET " . intval($startrec);
 			if($return_total) {
-				$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql ");
+				$r = q("SELECT COUNT(xchan_hash) AS total FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql ");
 				if($r) {
 					$ret['total_items'] = $r[0]['total'];
 				}
@@ -410,13 +410,13 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 		$rand = db_getfunc('rand');
 		$realm = get_directory_realm();
 		if($realm == DIRECTORY_REALM) {
-			$r = q("select * from site where site_access != 0 and site_register !=0 and ( site_realm = '%s' or site_realm = '') and site_type = %d order by $rand",
+			$r = q("select * from site where site_access != 0 and site_register !=0 and ( site_realm = '%s' or site_realm = '') and site_type = %d and site_dead = 0 order by $rand",
 				dbesc($realm),
 				intval(SITE_TYPE_ZOT)
 			);
 		}
 		else {
-			$r = q("select * from site where site_access != 0 and site_register !=0 and site_realm = '%s' and site_type = %d order by $rand",
+			$r = q("select * from site where site_access != 0 and site_register !=0 and site_realm = '%s' and site_type = %d and site_dead = 0 order by $rand",
 				dbesc($realm),
 				intval(SITE_TYPE_ZOT)
 			);
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -1,6 +1,11 @@
 <?php
 namespace Zotlabs\Module;
 require_once("include/bbcode.php");
 require_once('include/security.php');
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 require_once('include/items.php');
 class Display extends \Zotlabs\Web\Controller {
@@ -18,23 +23,13 @@ class Display extends \Zotlabs\Web\Controller {
 			return;
 		}
 		require_once("include/bbcode.php");
 		require_once('include/security.php');
 		require_once('include/conversation.php');
 		require_once('include/acl_selectors.php');
 		require_once('include/items.php');
 		\App::$page['htmlhead'] .= replace_macros(get_markup_template('display-head.tpl'), array());
 		if(argc() > 1 && argv(1) !== 'load')
 			$item_hash = argv(1);
 		if($_REQUEST['mid'])
 			$item_hash = $_REQUEST['mid'];
 			if(! $item_hash) {
 			\App::$error = 404;
 			notice( t('Item not found.') . EOL);
@@ -42,6 +37,7 @@ class Display extends \Zotlabs\Web\Controller {
 		}
 		$observer_is_owner = false;
 		$updateable = false;
 		if(local_channel() && (! $update)) {
@@ -94,8 +90,14 @@ class Display extends \Zotlabs\Web\Controller {
 		$target_item = null;
 		if(strpos($item_hash,'b64.') === 0)
 			$decoded = @base64url_decode(substr($item_hash,4));
 		if($decoded)
 			$item_hash = $decoded;
 		$r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1",
-			dbesc($item_hash . '%')
+			dbesc($item_hash . '%'),
 			dbesc($decoded . '%')
 		);
 		if($r) {
@@ -122,6 +124,8 @@ class Display extends \Zotlabs\Web\Controller {
 			}
 		}
 		$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
 		$simple_update = (($update) ? " AND item_unseen = 1 " : '');
@@ -130,11 +134,14 @@ class Display extends \Zotlabs\Web\Controller {
 		if($load)
 			$simple_update = '';
-	
+		if($static && $simple_update)
 			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
 		if((! $update) && (! $load)) {
 			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0);
 			$o .= '<div id="live-display"></div>' . "\r\n";
 			$o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1))
 				. "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n";
@@ -154,9 +161,11 @@ class Display extends \Zotlabs\Web\Controller {
 				'$fh' => '0',
 				'$nouveau' => '0',
 				'$wall' => '0',
 				'$static' => $static,
 				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$search' => '',
 				'$xchan' => '',
 				'$order' => '',
 				'$file' => '',
 				'$cats' => '',
@@ -177,7 +186,6 @@ class Display extends \Zotlabs\Web\Controller {
 		if(($update && $load) || ($checkjs->disabled())) {
 			$updateable = false;
 			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start']));
@@ -189,7 +197,7 @@ class Display extends \Zotlabs\Web\Controller {
 				$sysid = $sys['channel_id'];
 				if(local_channel()) {
-					$r = q("SELECT * from item
+					$r = q("SELECT item.id as item_id from item
 						WHERE uid = %d
 						and mid = '%s'
 						$item_normal
@@ -203,6 +211,7 @@ class Display extends \Zotlabs\Web\Controller {
 					}
 				}
 				if($r === null) {
 					// in case somebody turned off public access to sys channel content using permissions
@@ -212,10 +221,10 @@ class Display extends \Zotlabs\Web\Controller {
 						$sysid = 0;
-					$r = q("SELECT * from item
+					$r = q("SELECT item.id as item_id from item
 						WHERE mid = '%s'
-						AND (((( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' 
+						AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
-						AND `item`.`deny_gid`  = '' AND item_private = 0 ) 
+						AND item.deny_gid  = '' AND item_private = 0 ) 
 						and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 						OR uid = %d )
 						$sql_extra )
@@ -237,9 +246,9 @@ class Display extends \Zotlabs\Web\Controller {
 			$sysid = $sys['channel_id'];
 			if(local_channel()) {
-				$r = q("SELECT * from item
+				$r = q("SELECT item.parent AS item_id from item
 					WHERE uid = %d
-					and mid = '%s'
+					and parent_mid = '%s'
 					$item_normal
 					$simple_update
 					limit 1",
@@ -250,16 +259,17 @@ class Display extends \Zotlabs\Web\Controller {
 					$updateable = true;
 				}
 			}
 			if($r === null) {
 				// in case somebody turned off public access to sys channel content using permissions
 				// make that content unsearchable by ensuring the owner_xchan can't match
 				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
 					$sysid = 0;
-				$r = q("SELECT * from item
+				$r = q("SELECT item.parent AS item_id from item
-					WHERE mid = '%s'
+					WHERE parent_mid = '%s'
-					AND (((( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' 
+					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
-					AND `item`.`deny_gid`  = '' AND item_private = 0 ) 
+					AND item.deny_gid  = '' AND item_private = 0 ) 
 					and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 					OR uid = %d )
 					$sql_extra )
@@ -279,11 +289,11 @@ class Display extends \Zotlabs\Web\Controller {
 		if($r) {
-			$parents_str = ids_to_querystr($r,'id');
+			$parents_str = ids_to_querystr($r,'item_id');
 			if($parents_str) {
-				$items = q("SELECT `item`.*, `item`.`id` AS `item_id` 
+				$items = q("SELECT item.*, item.id AS item_id 
-					FROM `item`
+					FROM item
 					WHERE parent in ( %s ) $item_normal ",
 					dbesc($parents_str)
 				);
@@ -298,18 +308,18 @@ class Display extends \Zotlabs\Web\Controller {
 		if ($checkjs->disabled()) {
-			$o .= conversation($a, $items, 'display', $update, 'traditional');
+			$o .= conversation($items, 'display', $update, 'traditional');
 			if ($items[0]['title'])
 				\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
 		} 
 		else {
-			$o .= conversation($a, $items, 'display', $update, 'client');
+			$o .= conversation($items, 'display', $update, 'client');
 		}
 		if($updateable) {
 			$x = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 AND uid = %d and parent = %d ",
 				intval(local_channel()),
-				intval($r[0]['parent'])
+				intval($r[0]['item_id'])
 			);
 		}
@@ -321,7 +331,7 @@ class Display extends \Zotlabs\Web\Controller {
 	/*
 		elseif((! $update) && (!  {
-			$r = q("SELECT `id`, item_flags FROM `item` WHERE `id` = '%s' OR `mid` = '%s' LIMIT 1",
+			$r = q("SELECT id, item_flags FROM item WHERE id = '%s' OR mid = '%s' LIMIT 1",
 				dbesc($item_hash),
 				dbesc($item_hash)
 			);
--- a/Zotlabs/Module/Dreport.php
+++ b/Zotlabs/Module/Dreport.php
@@ -21,10 +21,11 @@ class Dreport extends \Zotlabs\Web\Controller {
 			$table = 'push';
 			$mid = ((argc() > 2) ? argv(2) : '');
 			if($mid) {	
-				$i = q("select id from item where mid = '%s' and author_xchan = '%s' and uid = %d",
+				$i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
 					dbesc($mid),
 					intval($channel['channel_id']),
 					dbesc($channel['channel_hash']),
-					intval($channel['channel_id'])
+					dbesc($channel['channel_hash'])
 				);
 				if($i) {
 					\Zotlabs\Daemon\Master::Summon([ 'Notifier', 'edit_post', $i[0]['id'] ]);
@@ -47,8 +48,9 @@ class Dreport extends \Zotlabs\Web\Controller {
 		switch($table) {
 			case 'item':
-				$i = q("select id from item where mid = '%s' and author_xchan = '%s' ",
+				$i = q("select id from item where mid = '%s' and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
 					dbesc($mid),
 					dbesc($channel['channel_hash']),
 					dbesc($channel['channel_hash'])
 				);
 				break;
--- a/Zotlabs/Module/Editblock.php
+++ b/Zotlabs/Module/Editblock.php
@@ -80,7 +80,7 @@ class Editblock extends \Zotlabs\Web\Controller {
 			return;
 		}
-		$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
+		$itm = q("SELECT * FROM item WHERE id = %d and uid = %s LIMIT 1",
 			intval($post_id),
 			intval($owner)
 		);
@@ -98,6 +98,11 @@ class Editblock extends \Zotlabs\Web\Controller {
 		$mimetype = $itm[0]['mimetype'];
 		$content = $itm[0]['body'];
 		if($itm[0]['mimetype'] === 'text/markdown')
 			$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
 		$rp = 'blocks/' . $channel['channel_address'];
 		$x = array(
@@ -117,7 +122,7 @@ class Editblock extends \Zotlabs\Web\Controller {
 			'ptyp' => $itm[0]['type'],
 			'mimeselect' => true,
 			'mimetype' => $itm[0]['mimetype'],
-			'body' => undo_post_tagging($itm[0]['body']),
+			'body' => undo_post_tagging($content),
 			'post_id' => $post_id,
 			'visitor' => true,
 			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
--- a/Zotlabs/Module/Editlayout.php
+++ b/Zotlabs/Module/Editlayout.php
@@ -91,7 +91,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
 			return;
 		}
-		$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
+		$itm = q("SELECT * FROM item WHERE id = %d and uid = %s LIMIT 1",
 			intval($post_id),
 			intval($owner)
 		);
@@ -119,6 +119,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
 			'hide_weblink' => true,
 			'hide_attach' => true,
 			'hide_preview' => true,
 			'disable_comments' => true,
 			'ptyp' => $itm[0]['obj_type'],
 			'body' => undo_post_tagging($itm[0]['body']),
 			'post_id' => $post_id,
--- a/Zotlabs/Module/Editpost.php
+++ b/Zotlabs/Module/Editpost.php
@@ -25,13 +25,21 @@ class Editpost extends \Zotlabs\Web\Controller {
 			return;
 		}
-		$itm = q("SELECT * FROM `item` WHERE `id` = %d AND ( owner_xchan = '%s' OR author_xchan = '%s' ) LIMIT 1",
+		$itm = q("SELECT * FROM item WHERE id = %d AND ( owner_xchan = '%s' OR author_xchan = '%s' ) LIMIT 1",
 			intval($post_id),
 			dbesc(get_observer_hash()),
 			dbesc(get_observer_hash())
 		);
-		if(! count($itm)) {
+		// don't allow web editing of potentially binary content (item_obscured = 1)
 		// @FIXME how do we do it instead?
 		if((! $itm) || intval($itm[0]['item_obscured'])) {
 			notice( t('Item is not editable') . EOL);
 			return;
 		}
 		if($itm[0]['resource_type'] === 'photo' && $itm[0]['resource_id']) {
 			notice( t('Item is not editable') . EOL);
 			return;
 		}
@@ -44,14 +52,6 @@ class Editpost extends \Zotlabs\Web\Controller {
 		$channel = \App::get_channel();
 		if(intval($itm[0]['item_obscured'])) {
 			$key = get_config('system','prvkey');
 			if($itm[0]['title'])
 				$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
 			if($itm[0]['body'])
 				$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
 		}
 		$category = '';
 		$catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : '');
@@ -78,6 +78,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 		$x = array(
 			'nickname' => $channel['channel_address'],
 			'item' => $itm[0],
 			'editor_autocomplete'=> true,
 			'bbco_autocomplete'=> 'bbcode',
 			'return_path' => $_SESSION['return_url'],
@@ -85,6 +86,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 			'hide_voting' => true,
 			'hide_future' => true,
 			'hide_location' => true,
 			'parent' => (($itm[0]['mid'] === $itm[0]['parent_mid']) ? 0 : $itm[0]['parent']),
 			'mimetype' => $itm[0]['mimetype'],
 			'ptyp' => $itm[0]['obj_type'],
 			'body' => htmlspecialchars_decode(undo_post_tagging($itm[0]['body']),ENT_COMPAT),
--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -95,29 +95,24 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 		$sql_extra = item_permissions_sql($owner);
-		$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1",
+		$itm = q("SELECT * FROM item WHERE id = %d and uid = %s $sql_extra LIMIT 1",
 			intval($post_id),
 			intval($owner)
 		);
-		if(! $itm) {
+		// don't allow web editing of potentially binary content (item_obscured = 1)
 		// @FIXME how do we do it instead?
 		if((! $itm) || intval($itm[0]['item_obscured'])) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
 		if(intval($itm[0]['item_obscured'])) {
 			$key = get_config('system','prvkey');
 			if($itm[0]['title'])
 				$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
 			if($itm[0]['body'])
 				$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
 		}
 		$item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1",
 			intval($itm[0]['id'])
 		);
 		if($item_id)
-			$page_title = $item_id[0]['v'];
+			$page_title = urldecode($item_id[0]['v']);
 		$mimetype = $itm[0]['mimetype'];
@@ -130,7 +125,9 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 		$layout = $itm[0]['layout_mid'];
-		$tpl = get_markup_template("jot.tpl");
+		$content = $itm[0]['body'];
 		if($itm[0]['mimetype'] === 'text/markdown')
 			$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
 		$rp = 'webpages/' . $which;
@@ -147,7 +144,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			'hide_location' => true,
 			'hide_voting' => true,
 			'ptyp' => $itm[0]['type'],
-			'body' => undo_post_tagging($itm[0]['body']),
+			'body' => undo_post_tagging($content),
 			'post_id' => $post_id,
 			'visitor' => ($is_owner) ? true : false,
 			'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')),
--- a/Zotlabs/Module/Embedphotos.php
+++ b/Zotlabs/Module/Embedphotos.php
@@ -1,45 +1,45 @@
 <?php
 namespace Zotlabs\Module;
 /**
- *
+ * @brief
 * This is the POST destination for the embedphotos button
 *
 */
 class Embedphotos extends \Zotlabs\Web\Controller {
 	function get() {
 	}
 	/**
 	 *
 	 * This is the POST destination for the embedphotos button
 	 *
 	 */
 	function post() {
 		if (argc() > 1 && argv(1) === 'album') {
 			// API: /embedphotos/album
 			$name = (x($_POST,'name') ? $_POST['name'] : null );
-        if (!$name) {
+			if(!$name) {
 				json_return_and_die(array('errormsg' => 'Error retrieving album', 'status' => false));
 			}
 			$album = $this->embedphotos_widget_album(array('channel' => \App::get_channel(), 'album' => $name));
 			json_return_and_die(array('status' => true, 'content' => $album));
 		}
-    if (argc() > 1 && argv(1) === 'albumlist') {
+		if(argc() > 1 && argv(1) === 'albumlist') {
 			// API: /embedphotos/albumlist
 			$album_list = $this->embedphotos_album_list($a);
 			json_return_and_die(array('status' => true, 'albumlist' => $album_list));
 		}
-    if (argc() > 1 && argv(1) === 'photolink') {
+		if(argc() > 1 && argv(1) === 'photolink') {
 			// API: /embedphotos/photolink
 			$href = (x($_POST,'href') ? $_POST['href'] : null );
-        if (!$href) {
+			if(!$href) {
 				json_return_and_die(array('errormsg' => 'Error retrieving link ' . $href, 'status' => false));
 			}
 			$resource_id = array_pop(explode("/", $href));
-        $r = q("SELECT obj,body from item where resource_type = 'photo' and resource_id = '%s' limit 1",
+			$r = q("SELECT obj from item where resource_type = 'photo' and resource_id = '%s' limit 1",
 				dbesc($resource_id)
 			);
 			if(!$r) {
@@ -50,33 +50,31 @@ class Embedphotos extends \Zotlabs\Web\Controller {
 				$photolink = $obj['body'];
 			} elseif (x($obj,'bbcode')) {
 				$photolink = $obj['bbcode'];
        } elseif ($r[0]['body'] !== '') {
 						$photolink = $r[0]['body'];
 			} else {
 				json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
 			}
 			json_return_and_die(array('status' => true, 'photolink' => $photolink));
 		}
 	}
-	
+	/**
 /**
 	 * Copied from include/widgets.php::widget_album() with a modification to get the profile_uid from
 	 * the input array as in widget_item()
- * @param type $name
+	 *
- * @return string
+	 * @param array $args
 	 * @return string with HTML
 	 */
-function embedphotos_widget_album($args) {
+	function embedphotos_widget_album($args) {
 		$channel_id = 0;
-    if(array_key_exists('channel',$args))
+		if(array_key_exists('channel', $args))
 			$channel = $args['channel'];
 		$channel_id = intval($channel['channel_id']);
 		if(! $channel_id)
 			$channel_id = \App::$profile_uid;
 		if(! $channel_id)
 			return '';
 		$owner_uid = $channel_id;
 		require_once('include/security.php');
 		$sql_extra = permissions_sql($channel_id);
@@ -85,7 +83,7 @@ function embedphotos_widget_album($args) {
 			return '';
 		if($args['album'])
-            $album = (($args['album'] === '/') ? '' : $args['album'] );
+			$album = $args['album'];
 		if($args['title'])
 			$title = $args['title'];
@@ -93,8 +91,8 @@ function embedphotos_widget_album($args) {
 		 * This may return incorrect permissions if you have multiple directories of the same name.
 		 * It is a limitation of the photo table using a name for a photo album instead of a folder hash
 		 */
 		if($album) {
 			require_once('include/attach.php');
 			$x = q("select hash from attach where filename = '%s' and uid = %d limit 1",
 				dbesc($album),
 				intval($owner_uid)
@@ -122,7 +120,6 @@ function embedphotos_widget_album($args) {
 		if(count($r)) {
 			$twist = 'rotright';
 			foreach($r as $rr) {
 				if($twist == 'rotright')
 					$twist = 'rotleft';
 				else
@@ -165,18 +162,16 @@ function embedphotos_widget_album($args) {
 		));
 		return $o;
-}
+	}
-
+	function embedphotos_album_list($a) {
 function embedphotos_album_list($a) {
    $o = '';
 		require_once('include/photos.php');
 		$p = photos_albums_list(\App::get_channel(), \App::get_observer());
-    if ($p['success']) {
+		if($p['success']) {
 			return $p['albums'];
 		} else {
 			return null;
 		}
-}
+	}
 }
--- a/Zotlabs/Module/Events.php
+++ b/Zotlabs/Module/Events.php
@@ -43,6 +43,10 @@ class Events extends \Zotlabs\Web\Controller {
 		$adjust   = intval($_POST['adjust']);
 		$nofinish = intval($_POST['nofinish']);
 		$timezone = ((x($_POST,'timezone_select')) ? notags(trim($_POST['timezone_select']))     : '');
 		$tz = (($timezone) ? $timezone : date_default_timezone_get());
 		$categories = escape_tags(trim($_POST['category']));
 		// only allow editing your own events. 
@@ -57,9 +61,6 @@ class Events extends \Zotlabs\Web\Controller {
 			$start = sprintf('%d-%d-%d %d:%d:0',$startyear,$startmonth,$startday,$starthour,$startminute);
 		}
 		if($nofinish) {
 			$finish = NULL_DATE;
 		}
 		if($finish_text) {
 			$finish = $finish_text;
@@ -68,10 +69,15 @@ class Events extends \Zotlabs\Web\Controller {
 			$finish = sprintf('%d-%d-%d %d:%d:0',$finishyear,$finishmonth,$finishday,$finishhour,$finishminute);
 		}
 		if($nofinish) {
 			$finish = NULL_DATE;
 		}
 		if($adjust) {
-			$start = datetime_convert(date_default_timezone_get(),'UTC',$start);
+			$start = datetime_convert($tz,'UTC',$start);
 			if(! $nofinish)
-				$finish = datetime_convert(date_default_timezone_get(),'UTC',$finish);
+				$finish = datetime_convert($tz,'UTC',$finish);
 		}
 		else {
 			$start = datetime_convert('UTC','UTC',$start);
@@ -118,7 +124,9 @@ class Events extends \Zotlabs\Web\Controller {
 			goaway($onerror_url);
 		}
-		$share = ((intval($_POST['distr'])) ? intval($_POST['distr']) : 0);
+		//		$share = ((intval($_POST['distr'])) ? intval($_POST['distr']) : 0);
 		$share = 1;	
 		$channel = \App::get_channel();
@@ -207,7 +215,6 @@ class Events extends \Zotlabs\Web\Controller {
 		$event = event_store_event($datarray);
 		if($post_tags)	
 			$datarray['term'] = $post_tags;
@@ -265,7 +272,7 @@ class Events extends \Zotlabs\Web\Controller {
 			return;
 		}
-		nav_set_selected('all_events');
+		nav_set_selected(t('Events'));
 		if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) {
 			$r = q("update event set dismissed = 1 where id = %d and uid = %d",
@@ -336,7 +343,7 @@ class Events extends \Zotlabs\Web\Controller {
 			/* edit/create form */
 			if($event_id) {
-				$r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1",
+				$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
 					dbesc($event_id),
 					intval(local_channel())
 				);
@@ -371,10 +378,13 @@ class Events extends \Zotlabs\Web\Controller {
 			$event_xchan = ((x($orig_event)) ? $orig_event['event_xchan'] : $channel['channel_hash']);
 			$mid = ((x($orig_event)) ? $orig_event['mid'] : '');
-			if(! x($orig_event))
+			if(! x($orig_event)) {
 				$sh_checked = '';
-			else
+				$a_checked = ' checked="checked" ';
 			}
 			else {
 				$sh_checked = ((($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' || (! $orig_event['allow_cid'])) && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' );
 			}
 			if($orig_event['event_xchan'])
 				$sh_checked .= ' disabled="disabled" ';
@@ -438,8 +448,6 @@ class Events extends \Zotlabs\Web\Controller {
 			$permissions = ((x($orig_event)) ? $orig_event : $perm_defaults);
 			//print_r(acl2json($permissions['allow_gid'])); killme();
 			$tpl = get_markup_template('event_form.tpl');
 			$form = replace_macros($tpl,array(
@@ -467,9 +475,6 @@ class Events extends \Zotlabs\Web\Controller {
 				'$l_text' => (($event_id) ? t('Edit Location') : t('Location')),
 				'$l_orig' => $l_orig,
 				'$t_orig' => $t_orig,
 				'$sh_text' => t('Share this event'),
 				'$sh_checked' => $sh_checked,
 				'$share' => array('distr', t('Share this event'), $sh_checked, '', array(t('No'),t('Yes'))),
 				'$preview' => t('Preview'),
 				'$perms_label' => t('Permission settings'),
 				// populating the acl dialog was a permission description from view_stream because Cal.php, which
@@ -480,6 +485,10 @@ class Events extends \Zotlabs\Web\Controller {
 				'$allow_gid' => acl2json($permissions['allow_gid']),
 				'$deny_cid' => acl2json($permissions['deny_cid']),
 				'$deny_gid' => acl2json($permissions['deny_gid']),
 				'$tz_choose' => feature_enabled(local_channel(),'event_tz_select'),
 				'$timezone' => array('timezone_select' , t('Timezone:'), date_default_timezone_get(), '', get_timezones()),
 				'$lockstate' => (($acl->is_private()) ? 'lock' : 'unlock'),
 				'$submit' => t('Submit'),
 				'$advanced' => t('Advanced Options')
@@ -545,8 +554,8 @@ class Events extends \Zotlabs\Web\Controller {
 				);
 			} elseif($export) {
 				$r = q("SELECT * from event where uid = %d
-					AND (( `adjust` = 0 AND ( `dtend` >= '%s' or nofinish = 1 ) AND `dtstart` <= '%s' ) 
+					AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' ) 
-					OR  (  `adjust` = 1 AND ( `dtend` >= '%s' or nofinish = 1 ) AND `dtstart` <= '%s' )) ",
+					OR  (  adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) ",
 					intval(local_channel()),
 					dbesc($start),
 					dbesc($finish),
@@ -562,7 +571,7 @@ class Events extends \Zotlabs\Web\Controller {
 				$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
 	                              from event left join item on event_hash = resource_id 
-					where resource_type = 'event' and event.uid = %d $ignored 
+					where resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored 
 					AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' ) 
 					OR  (  adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) ",
 					intval(local_channel()),
@@ -571,7 +580,6 @@ class Events extends \Zotlabs\Web\Controller {
 					dbesc($adjust_start),
 					dbesc($adjust_finish)
 				);
 			}
 			$links = array();
@@ -609,6 +617,12 @@ class Events extends \Zotlabs\Web\Controller {
 						$end = null;
 					} else {
 						$end = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtend'], 'c') : datetime_convert('UTC','UTC',$rr['dtend'],'c'));
 						// give a fake end to birthdays so they get crammed into a 
 						// single day on the calendar
 						if($rr['etype'] === 'birthday')
 							$end = null;
 					}
@@ -620,14 +634,14 @@ class Events extends \Zotlabs\Web\Controller {
 					$drop = array(z_root().'/events/drop/'.$rr['event_hash'],t('Delete event'),'','');
-					$title = strip_tags(html_entity_decode(bbcode($rr['summary']),ENT_QUOTES,'UTF-8'));
+					$title = strip_tags(html_entity_decode(zidify_links(bbcode($rr['summary'])),ENT_QUOTES,'UTF-8'));
 					if(! $title) {
 						list($title, $_trash) = explode("<br",bbcode($rr['desc']),2);
 						$title = strip_tags(html_entity_decode($title,ENT_QUOTES,'UTF-8'));
 					}
 					$html = format_event_html($rr);
-					$rr['desc'] = bbcode($rr['desc']);
+					$rr['desc'] = zidify_links(smilies(bbcode($rr['desc'])));
-					$rr['location'] = bbcode($rr['location']);
+					$rr['location'] = zidify_links(smilies(bbcode($rr['location'])));
 					$events[] = array(
 						'id'=>$rr['id'],
 						'hash' => $rr['event_hash'],
@@ -694,7 +708,7 @@ class Events extends \Zotlabs\Web\Controller {
 		}
 		if($mode === 'drop' && $event_id) {
-			$r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1",
+			$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
 				dbesc($event_id),
 				intval(local_channel())
 			);
@@ -702,7 +716,7 @@ class Events extends \Zotlabs\Web\Controller {
 			$sync_event = $r[0];
 			if($r) {
-				$r = q("delete from event where event_hash = '%s' and uid = %d limit 1",
+				$r = q("delete from event where event_hash = '%s' and uid = %d",
 					dbesc($event_id),
 					intval(local_channel())
 				);
--- a/Zotlabs/Module/Fbrowser.php
+++ b/Zotlabs/Module/Fbrowser.php
@@ -32,7 +32,7 @@ class Fbrowser extends \Zotlabs\Web\Controller {
 				$sql_extra2 = " ORDER BY created DESC LIMIT 0, 10";
 				if (\App::$argc==2){
-					$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d ",
+					$albums = q("SELECT distinct(album) AS album FROM photo WHERE uid = %d ",
 						intval(local_channel())
 					);
 					// anon functions only from 5.3.0... meglio tardi che mai..
@@ -43,14 +43,14 @@ class Fbrowser extends \Zotlabs\Web\Controller {
 				$album = "";
 				if (\App::$argc==3){
 					$album = hex2bin(\App::$argv[2]);
-					$sql_extra = sprintf("AND `album` = '%s' ",dbesc($album));
+					$sql_extra = sprintf("AND album = '%s' ",dbesc($album));
 					$sql_extra2 = "";
 					$path[]=array(z_root() . "/fbrowser/image/" . \App::$argv[2] . "/", $album);
 				}
-				$r = q("SELECT `resource_id`, `id`, `filename`, type, min(`imgscale`) AS `hiq`,max(`imgscale`) AS `loq`, `description`  
+				$r = q("SELECT resource_id, id, filename, type, min(imgscale) AS hiq,max(imgscale) AS loq, description  
-						FROM `photo` WHERE `uid` = %d $sql_extra
+						FROM photo WHERE uid = %d $sql_extra
-						GROUP BY `resource_id` $sql_extra2",
+						GROUP BY resource_id $sql_extra2",
 					intval(local_channel())					
 				);
@@ -70,7 +70,7 @@ class Fbrowser extends \Zotlabs\Web\Controller {
 				break;
 			case "file":
 				if (\App::$argc==2){
-					$files = q("SELECT id, filename, filetype FROM `attach` WHERE `uid` = %d ",
+					$files = q("SELECT id, filename, filetype FROM attach WHERE uid = %d ",
 						intval(local_channel())
 					);
--- a/Zotlabs/Module/Feed.php
+++ b/Zotlabs/Module/Feed.php
@@ -1,15 +1,15 @@
 <?php
 namespace Zotlabs\Module;
 require_once('include/items.php');
 class Feed extends \Zotlabs\Web\Controller {
 	function init() {
-		$params = array();
+		$params = [];
 		$params['begin']     = ((x($_REQUEST,'date_begin')) ? $_REQUEST['date_begin']       : NULL_DATE);
 		$params['end']       = ((x($_REQUEST,'date_end'))   ? $_REQUEST['date_end']         : '');
@@ -20,21 +20,22 @@ class Feed extends \Zotlabs\Web\Controller {
 		$params['records']   = ((x($params,'records'))      ? intval($params['records'])    : 40);
 		$params['direction'] = ((x($params,'direction'))    ? dbesc($params['direction'])   : 'desc');
 		$params['cat']       = ((x($_REQUEST,'cat'))        ? escape_tags($_REQUEST['cat']) : '');
 		$params['compat']    = ((x($_REQUEST,'compat'))     ? intval($_REQUEST['compat'])   : 0);	
 		$channel = '';
 		if(argc() > 1) {
-			$r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1",
+
-				dbesc(argv(1))
+			if(observer_prohibited(true)) {
 			);
 			if(!($r && count($r)))
 				killme();
 			}
-			$channel = $r[0];
+			$channel = channelx_by_nick(argv(1));
-	
+			if(! $channel) {
 			if(observer_prohibited(true))
 				killme();
 			}
-			logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
+	 
 			logger('public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
 			echo get_public_feed($channel,$params);
@@ -43,6 +44,4 @@ class Feed extends \Zotlabs\Web\Controller {
 	}
 }
--- a/Zotlabs/Module/Ffsapi.php
+++ b/Zotlabs/Module/Ffsapi.php
@@ -1,71 +0,0 @@
 <?php
 namespace Zotlabs\Module;
 class Ffsapi extends \Zotlabs\Web\Controller {
 	function get() {
 		$baseurl = z_root();
 		$name = get_config('system','sitename');
 		$description = t('Share content from Firefox to $Projectname');
 		$author = 'Mike Macgirvin';
 		$homepage = 'http://hubzilla.org';
 		$activate = t('Activate the Firefox $Projectname provider');
 	$s = <<< EOT
 	<script>
 	var baseurl = '$baseurl';
 	var data = {
 	  "origin": baseurl,
 	  // currently required
 	  "name": '$name',
 	  "iconURL": baseurl+"/images/hz-16.png",
 	  "icon32URL": baseurl+"/images/hz-32.png",
 	  "icon64URL": baseurl+"/images/hz-64.png",
 	  // at least one of these must be defined
 	  // "workerURL": baseurl+"/worker.js",
 	  // "sidebarURL": baseurl+"/sidebar.htm",
 	  "shareURL": baseurl+"/rpost?f=&url=%{url}",
 	  // status buttons are scheduled for Firefox 26 or 27
 	  //"statusURL": baseurl+"/statusPanel.html",
 	  // social bookmarks are available in Firefox 26
 	  "markURL": baseurl+"/rbmark?f=&url=%{url}&title=%{title}",
 	  // icons should be 32x32 pixels
 	  // "markedIcon": baseurl+"/images/checkbox-checked-32.png",
 	  // "unmarkedIcon": baseurl+"/images/checkbox-unchecked-32.png",
 	  "unmarkedIcon": baseurl+"/images/hz-bookmark-32.png",
 	  // should be available for display purposes
 	  "description": "$description",
 	  "author": "$author",
 	  "homepageURL": "$homepage",
 	  // optional
 	  "version": "1.0"
 	}
 	function activate(node) {
 	  var event = new CustomEvent("ActivateSocialFeature");
 	  var jdata = JSON.stringify(data);
 	  node.setAttribute("data-service", JSON.stringify(data));
 	  node.dispatchEvent(event);
 	}
 	</script>
 	<button onclick="activate(this)" title="$activate" class="btn btn-primary">$activate</button>
 EOT;
 	return $s;
 	}
 }
--- a/Zotlabs/Module/Fhublocs.php
+++ b/Zotlabs/Module/Fhublocs.php
@@ -56,19 +56,21 @@ class Fhublocs extends \Zotlabs\Web\Controller {
 				// Create a verified hub location pointing to this site.
-				$h = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_addr, hubloc_primary, hubloc_url, hubloc_url_sig, hubloc_host, hubloc_callback, hubloc_sitekey, hubloc_network )
+
-					values ( '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s' )",
+				$h = hubloc_store_lowlevel(
-					dbesc($rr['channel_guid']),
+					[
-					dbesc($rr['channel_guid_sig']),
+						'hubloc_guid'     => $rr['channel_guid'],
-					dbesc($rr['channel_hash']),
+						'hubloc_guid_sig' => $rr['channel_guid_sig'],
-					dbesc(channel_reddress($rr)),
+						'hubloc_hash'     => $rr['channel_hash'],
-					intval($primary),
+						'hubloc_addr'     => channel_reddress($rr),
-					dbesc(z_root()),
+						'hubloc_network'  => 'zot',
-					dbesc(base64url_encode(rsa_sign(z_root(),$rr['channel_prvkey']))),
+						'hubloc_primary'  => $primary,
-					dbesc(\App::get_hostname()),
+						'hubloc_url'      => z_root(),
-					dbesc(z_root() . '/post'),
+						'hubloc_url_sig'  => base64url_encode(rsa_sign(z_root(),$rr['channel_prvkey'])),
-					dbesc($sitekey),
+						'hubloc_host'     => \App::get_hostname(),
-					dbesc('zot')
+						'hubloc_callback' => z_root() . '/post',
 						'hubloc_sitekey'  => $sitekey
 					]
 				);
 				if($h)
--- a/Zotlabs/Module/File_upload.php
+++ b/Zotlabs/Module/File_upload.php
@@ -12,7 +12,7 @@ class File_upload extends \Zotlabs\Web\Controller {
 		// logger('file upload: ' . print_r($_REQUEST,true));
-		$channel = (($_REQUEST['channick']) ? get_channel_by_nick($_REQUEST['channick']) : null);
+		$channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null);
 		if(! $channel) {
 			logger('channel not found');
@@ -28,11 +28,12 @@ class File_upload extends \Zotlabs\Web\Controller {
 			$_REQUEST['group_deny']    = expand_acl($channel['channel_deny_gid']);
 		}
 		if($_REQUEST['filename']) {
 		$_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']);
 		$_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']);
 		$_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']);
 		$_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']);
 		if($_REQUEST['filename']) {
 			$r = attach_mkdir($channel,get_observer_hash(),$_REQUEST);
 		}
 		else {
--- a/Zotlabs/Module/Filer.php
+++ b/Zotlabs/Module/Filer.php
@@ -49,8 +49,10 @@ class Filer extends \Zotlabs\Web\Controller {
 			}
 			$tpl = get_markup_template("filer_dialog.tpl");
 			$o = replace_macros($tpl, array(
-				'$field' => array('term', t("Save to Folder:"), '', '', $filetags, t('- select -')),
+				'$field' => array('term', t('Enter a folder name'), '', '', $filetags, 'placeholder="' . t('or select an existing folder (doubleclick)') . '"'),
 				'$submit' => t('Save'),
 				'$title' => t('Save to Folder'),
 				'$cancel' => t('Cancel')
 			));
 			echo $o;
--- a/Zotlabs/Module/Filestorage.php
+++ b/Zotlabs/Module/Filestorage.php
@@ -1,18 +1,10 @@
 <?php
 namespace Zotlabs\Module;
 /**
- * @file mod/filestorage.php
+ * @file Zotlabs/Module/Filestorage.php
 *
 */
 require_once('include/attach.php');
 /**
 *
 * @param object &$a
 */
 class Filestorage extends \Zotlabs\Web\Controller {
 	function post() {
@@ -36,7 +28,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 		$channel = \App::get_channel();
 		$acl = new \Zotlabs\Access\AccessList($channel);
-		$acl->set_from_array($_REQUEST);
+		$acl->set_from_array($_POST);
 		$x = $acl->get();
 		$cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
@@ -130,7 +122,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			$f = $r[0];
 			$channel = \App::get_channel();
-			$cloudpath = get_cloudpath($f) . (intval($f['is_dir']) ? '?f=&davguest=1' : '');
+			$cloudpath = get_cloudpath($f);
 			$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
 			$aclselect_e = populate_acl($f, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage'));
--- a/Zotlabs/Module/Follow.php
+++ b/Zotlabs/Module/Follow.php
@@ -20,9 +20,6 @@ class Follow extends \Zotlabs\Web\Controller {
 		$channel = \App::get_channel();
 		// Warning: Do not edit the following line. The first symbol is UTF-8 &#65312; 
 		$url = str_replace('@','@',$url);	
 		$result = new_contact($uid,$url,$channel,true,$confirm);
 		if($result['success'] == false) {
--- a/Zotlabs/Module/Getfile.php
+++ b/Zotlabs/Module/Getfile.php
@@ -35,6 +35,7 @@ class Getfile extends \Zotlabs\Web\Controller {
 		$sig      = $_POST['signature'];
 		$resource = $_POST['resource'];
 		$revision = intval($_POST['revision']);
 		$resolution = (-1);
 		if(! $hash)
 			killme();
@@ -46,6 +47,11 @@ class Getfile extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		if(substr($resource,-2,1) == '-') {
 			$resolution = intval(substr($resource,-1,1));
 			$resource = substr($resource,0,-2);
 		}			
 		$slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop'));
 		if($slop < 1)
 			$slop = 3;
@@ -63,6 +69,35 @@ class Getfile extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		if($resolution > 0) {
 			$r = q("select * from photo where resource_id = '%s' and uid = %d limit 1",
 				dbesc($resource),
 				intval($channel['channel_id'])
 			);
 			if($r) {
 				header('Content-type: ' . $r[0]['mimetype']);
 				if(intval($r[0]['os_storage'])) {
 					$fname = dbunescbin($r[0]['content']);
 					if(strpos($fname,'store') !== false)
 						$istream = fopen($fname,'rb');
 					else
 						$istream = fopen('store/' . $channel['channel_address'] . '/' . $fname,'rb');
 					$ostream = fopen('php://output','wb');
 					if($istream && $ostream) {
 						pipe_streams($istream,$ostream);
 						fclose($istream);
 						fclose($ostream);
 					}
 				}
 				else {
 					echo dbunescbin($r[0]['content']);
 				}
 			}			
 			killme();
 		}
 		$r = attach_by_hash($resource,$channel['channel_hash'],$revision);
 		if(! $r['success']) {
--- a/Zotlabs/Module/Group.php
+++ b/Zotlabs/Module/Group.php
@@ -34,7 +34,7 @@ class Group extends \Zotlabs\Web\Controller {
 		if((argc() == 2) && (intval(argv(1)))) {
 			check_form_security_token_redirectOnErr('/group', 'group_edit');
-			$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);
@@ -48,7 +48,7 @@ class Group extends \Zotlabs\Web\Controller {
 			$public = intval($_POST['public']);
 			if((strlen($groupname))  && (($groupname != $group['gname']) || ($public != $group['visible']))) {
-				$r = q("UPDATE `groups` SET `gname` = '%s', visible = %d  WHERE `uid` = %d AND `id` = %d",
+				$r = q("UPDATE groups SET gname = '%s', visible = %d  WHERE uid = %d AND id = %d",
 					dbesc($groupname),
 					intval($public),
 					intval(local_channel()),
@@ -56,6 +56,7 @@ class Group extends \Zotlabs\Web\Controller {
 				);
 				if($r)
 					info( t('Privacy group updated.') . EOL );
 				build_sync_packet(local_channel(),null,true);
 			}
 			goaway(z_root() . '/group/' . argv(1) . '/' . argv(2));
@@ -64,6 +65,7 @@ class Group extends \Zotlabs\Web\Controller {
 	}
 	function get() {
 		$change = false;
 		logger('mod_group: ' . \App::$cmd,LOGGER_DEBUG);
@@ -101,7 +103,7 @@ class Group extends \Zotlabs\Web\Controller {
 			check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
 			if(intval(argv(2))) {
-				$r = q("SELECT `gname` FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+				$r = q("SELECT gname FROM groups WHERE id = %d AND uid = %d LIMIT 1",
 					intval(argv(2)),
 					intval(local_channel())
 				);
@@ -133,7 +135,7 @@ class Group extends \Zotlabs\Web\Controller {
 		if((argc() > 1) && (intval(argv(1)))) {
 			require_once('include/acl_selectors.php');
-			$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1",
+			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);
@@ -212,7 +214,7 @@ class Group extends \Zotlabs\Web\Controller {
 				group_rmv_member(local_channel(),$group['gname'],$member['xchan_hash']);
 		}
-		$r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND abook_self = 0 and abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 order by xchan_name asc",
+		$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_self = 0 and abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 order by xchan_name asc",
 			intval(local_channel())
 		);
--- a/Zotlabs/Module/Hcard.php
+++ b/Zotlabs/Module/Hcard.php
@@ -14,6 +14,8 @@ class Hcard extends \Zotlabs\Web\Controller {
 	        return;
 	    }
 		logger('hcard_request: ' . $which, LOGGER_DEBUG);
 	    $profile = '';
 	    $channel = \App::get_channel();
@@ -29,7 +31,20 @@ class Hcard extends \Zotlabs\Web\Controller {
 	        $profile = $r[0]['profile_guid'];
 	    }
-	    \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which .'" />' . "\r\n" ;
+		head_add_link( [ 
 			'rel'   => 'alternate', 
 			'type'  => 'application/atom+xml',
 			'title' => t('Posts and comments'),
 			'href'  => z_root() . '/feed/' . $which
 		]);
 		head_add_link( [ 
 			'rel'   => 'alternate', 
 			'type'  => 'application/atom+xml',
 			'title' => t('Only posts'),
 			'href'  => z_root() . '/feed/' . $which . '?f=&top=1'
 		]);
 	    if(! $profile) {
 	        $x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1",
@@ -48,10 +63,8 @@ class Hcard extends \Zotlabs\Web\Controller {
 	function get() {
-		require_once('include/widgets.php');
+		$x = new \Zotlabs\Widget\Profile();	
-		return widget_profile(array());
+		return $x->widget(array());
 	}
--- a/Zotlabs/Module/Help.php
+++ b/Zotlabs/Module/Help.php
@@ -1,27 +1,23 @@
 <?php
 namespace Zotlabs\Module;
 require_once('include/help.php');
 /**
 * You can create local site resources in doc/Site.md and either link to doc/Home.md for the standard resources
 * or use our include mechanism to include it on your local page.
- *
+ *@code
 * #include doc/Home.md;
 *@endcode
 *
 * The syntax is somewhat strict.
 *
 */
 class Help extends \Zotlabs\Web\Controller {
 	function get() {
-
+		nav_set_selected(t('Help'));
 		nav_set_selected('help');
 		if($_REQUEST['search']) {
 			$o .= '<div id="help-content" class="generic-content-wrapper">';
 			$o .= '<div class="section-title-wrapper">';
 			$o .= '<h2>' . t('Documentation Search') . ' - ' . htmlspecialchars($_REQUEST['search']) . '</h2>';
@@ -34,33 +30,71 @@ class Help extends \Zotlabs\Web\Controller {
 				foreach($r as $rr) {
 					$dirname = dirname($rr['v']);
 					$fname = basename($rr['v']);
-					$fname = substr($fname,0,strrpos($fname,'.'));
+					$fname = substr($fname, 0, strrpos($fname, '.'));
-					$path = trim(substr($dirname,4),'/');
+					$path = trim(substr($dirname, 4), '/');
 					$o .= '<li><a href="help/' . (($path) ? $path . '/' : '') . $fname . '" >' . ucwords(str_replace('_',' ',notags($fname))) . '</a><br />'
 						. '<b><i>' . 'help/' . (($path) ? $path . '/' : '') . $fname . '</i></b><br />' .
 					'...' . str_replace('$Projectname',\Zotlabs\Lib\System::get_platform_name(),$rr['text']) . '...<br /><br /></li>';
 					$o .= '<li><a href="help/' . (($path) ? $path . '/' : '') . $fname . '" >' . ucwords(str_replace('_',' ',notags($fname))) . '</a><br>'
 						. '<b><i>' . 'help/' . (($path) ? $path . '/' : '') . $fname . '</i></b><br>'
 						. '...' . str_replace('$Projectname', \Zotlabs\Lib\System::get_platform_name(), $rr['text']) . '...<br><br></li>';
 				}
 				$o .= '</ul>';
 				$o .= '</div>';
 				$o .= '</div>';
 			}
 			return $o;
 		}
-		$content =  get_help_content();
+		if(argc() > 2 && argv(argc()-2) === 'assets') {
-
+			$path = '';
-
+			for($x = 1; $x < argc(); $x ++) {
-		return replace_macros(get_markup_template("help.tpl"), array(
+				if(strlen($path))
-			'$title' => t('$Projectname Documentation'),
+					$path .= '/';
-			'$content' => $content
+				$path .= argv($x);
-		));
+			}
 			$realpath = 'doc/' . $path;
 			 //Set the content-type header as appropriate
 			$imageInfo = getimagesize($realpath);
 			switch ($imageInfo[2]) {
 				case IMAGETYPE_JPEG:
 					header("Content-Type: image/jpeg");
 					break;
 				case IMAGETYPE_GIF:
 					header("Content-Type: image/gif");
 					break;
 				case IMAGETYPE_PNG:
 					header("Content-Type: image/png");
 					break;
 			   default:
 					break;
 			}
 			header("Content-Length: " . filesize($realpath));
 			// dump the picture and stop the script
 			readfile($realpath);
 			killme();
 		}
 		$headings = [
 			'about'     => t('About'),
 			'member'    => t('Members'),
 			'admin'     => t('Administrators'),
 			'developer' => t('Developers'),
 			'tutorials' => t('Tutorials')
 		];
 		if(array_key_exists(argv(1), $headings))
 			$heading = $headings[argv(1)];
 		$content =  get_help_content();
 		return replace_macros(get_markup_template('help.tpl'), array(
 			'$title'      => t('$Projectname Documentation'),
 			'$tocHeading' => t('Contents'),
 			'$content'    => $content,
 			'$heading'    => $heading
 		));
 	}
 }
--- a/Zotlabs/Module/Hostxrd.php
+++ b/Zotlabs/Module/Hostxrd.php
@@ -5,6 +5,7 @@ namespace Zotlabs\Module;
 class Hostxrd extends \Zotlabs\Web\Controller {
 	function init() {
 		session_write_close();
 		header('Access-Control-Allow-Origin: *');
 		header("Content-type: application/xrd+xml");
 		logger('hostxrd',LOGGER_DEBUG);
--- a/Zotlabs/Module/Impel.php
+++ b/Zotlabs/Module/Impel.php
@@ -144,17 +144,7 @@ class Impel extends \Zotlabs\Web\Controller {
 			// Verify ability to use html or php!!!
-		    $execflag = false;
+			$execflag = ((intval($channel['channel_id']) == intval(local_channel()) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
 			if($arr['mimetype'] === 'application/x-php') {
 				$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
 					intval(local_channel())
 				);
 				if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
 					$execflag = true;
 				}
 			}
 			$i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1",
 				dbesc($arr['mid']),
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -1,57 +1,49 @@
 <?php
 namespace Zotlabs\Module;
 // Import a channel, either by direct file upload or via
 // connection to original server. 
 require_once('include/zot.php');
 require_once('include/channel.php');
 require_once('include/import.php');
 require_once('include/perm_upgrade.php');
-
+/**
 * @brief Module for channel import.
 *
 * Import a channel, either by direct file upload or via
 * connection to another server.
 */
 class Import extends \Zotlabs\Web\Controller {
 	/**
 	 * @brief Import channel into account.
 	 *
 	 * @param int $account_id
 	 */
 	function import_account($account_id) {
 		if(! $account_id){
-			logger("import_account: No account ID supplied");
+			logger('No account ID supplied');
 			return;
 		}
 		$max_identities = account_service_class_fetch($account_id,'total_identities');
 		$max_friends    = account_service_class_fetch($account_id,'total_channels');
 		$max_feeds      = account_service_class_fetch($account_id,'total_feeds');
 		if($max_identities !== false) {
 			$r = q("select channel_id from channel where channel_account_id = %d",
 				intval($account_id)
 			);
 			if($r && count($r) > $max_identities) {
 				notice( sprintf( t('Your service plan only allows %d channels.'), $max_identities) . EOL);
 				return;
 			}
 		}
 		$data           = null;
 		$seize          = ((x($_REQUEST,'make_primary')) ? intval($_REQUEST['make_primary']) : 0);
 		$import_posts   = ((x($_REQUEST,'import_posts')) ? intval($_REQUEST['import_posts']) : 0);
 		$moving         = intval($_REQUEST['moving']);
 		$src            = $_FILES['filename']['tmp_name'];
 		$filename       = basename($_FILES['filename']['name']);
 		$filesize       = intval($_FILES['filename']['size']);
 		$filetype       = $_FILES['filename']['type'];
-		$completed = ((array_key_exists('import_step',$_SESSION)) ? intval($_SESSION['import_step']) : 0);
+		// import channel from file
 		if($completed)
 			logger('saved import step: ' . $_SESSION['import_step']);
 		if($src) {
-			// This is OS specific and could also fail if your tmpdir isn't very large
+			// This is OS specific and could also fail if your tmpdir isn't very
-			// mostly used for Diaspora which exports gzipped files.
+			// large mostly used for Diaspora which exports gzipped files.
 			if(strpos($filename,'.gz')){
 				@rename($src,$src . '.gz');
@@ -64,12 +56,16 @@ class Import extends \Zotlabs\Web\Controller {
 			unlink($src);
 		}
 		// import channel from another server
 		if(! $src) {
 			$old_address = ((x($_REQUEST,'old_address')) ? $_REQUEST['old_address'] : '');
 			if(! $old_address) {
-				logger('mod_import: nothing to import.');
+				logger('Nothing to import.');
 				notice( t('Nothing to import.') . EOL);
 				return;
 			} else if(strpos($old_address, '＠')) {
 				// if you copy the identity address from your profile page, make it work for convenience
 				$old_address = str_replace('＠', '@', $old_address);
 			}
 			$email    = ((x($_REQUEST,'email'))    ? $_REQUEST['email']    : '');
@@ -78,44 +74,46 @@ class Import extends \Zotlabs\Web\Controller {
 			$channelname = substr($old_address,0,strpos($old_address,'@'));
 			$servername  = substr($old_address,strpos($old_address,'@')+1);
-			$scheme = 'https://';
+			$api_path = probe_api_path($servername);
-			$api_path = '/api/red/channel/export/basic?f=&channel=' . $channelname;
+			if(! $api_path) {
 				notice( t('Unable to download data from old server') . EOL);
 				return;
 			}
 			$api_path .= 'channel/export/basic?f=&channel=' . $channelname;
 			if($import_posts)
 				$api_path .= '&posts=1';
 			$binary = false;
 			$redirects = 0;
 			$opts = array('http_auth' => $email . ':' . $password);
-			$url = $scheme . $servername . $api_path;
+			$ret = z_fetch_url($api_path, $binary, $redirects, $opts);
-			$ret = z_fetch_url($url, $binary, $redirects, $opts);
+			if($ret['success']) {
 			if(! $ret['success'])
 				$ret = z_fetch_url('http://' . $servername . $api_path, $binary, $redirects, $opts);
 			if($ret['success'])
 				$data = $ret['body'];
-			else
+			}
 			else {
 				notice( t('Unable to download data from old server') . EOL);
-	
+				return;
 			}
 		}
 		if(! $data) {
-			logger('mod_import: empty file.');
+			logger('Empty import file.');
 			notice( t('Imported file is empty.') . EOL);
 			return;
 		}
 		$data = json_decode($data,true);
-	//	logger('import: data: ' . print_r($data,true));
+		//logger('import: data: ' . print_r($data,true));
-	//	print_r($data);
+		//print_r($data);
-	
+		if(! array_key_exists('compatibility',$data)) {
-		if(array_key_exists('user',$data) && array_key_exists('version',$data)) {
+			call_hooks('import_foreign_channel_data',$data);
-			require_once('include/Import/import_diaspora.php');
+			if($data['handled'])
 			import_diaspora($data);
 				return;
 		}
 		$moving = false;
 		if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) {
 			$v1 = substr($data['compatibility']['database'],-4);
 			$v2 = substr(DB_UPDATE_VERSION,-4);
@@ -123,8 +121,7 @@ class Import extends \Zotlabs\Web\Controller {
 				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 );
 				notice($t);
 			}
-			if(array_key_exists('server_role',$data['compatibility']) && $data['compatibility']['server_role'] == 'basic')
+
 				$moving = true;
 		}
 		if($moving)
@@ -136,47 +133,38 @@ class Import extends \Zotlabs\Web\Controller {
 		if(array_key_exists('channel',$data)) {
-			if($completed < 1) {
+			$max_identities = account_service_class_fetch($account_id,'total_identities');
 				$channel = import_channel($data['channel'], $account_id, $seize);
-			}
+			if($max_identities !== false) {
-			else {
+				$r = q("select channel_id from channel where channel_account_id = %d",
-				$r = q("select * from channel where channel_account_id = %d and channel_guid = '%s' limit 1",
+					intval($account_id)
 					intval($account_id),
 					dbesc($channel['channel_guid'])
 				);
-				if($r)
+				if($r && count($r) > $max_identities) {
-					$channel = $r[0];
+					notice( sprintf( t('Your service plan only allows %d channels.'), $max_identities) . EOL);
 			}
 			if(! $channel) {
 				logger('mod_import: channel not found. ', print_r($channel,true));
 				notice( t('Cloned channel not found. Import failed.') . EOL);
 					return;
 				}
 			}
-		if(! $channel)
+			$channel = import_channel($data['channel'], $account_id, $seize);
 		}
 		else {
 			$moving  = false;
 			$channel = \App::get_channel();
 		}
 		if(! $channel) {
-			logger('mod_import: channel not found. ', print_r($channel,true));
+			logger('Channel not found. ', print_r($channel,true));
 			notice( t('No channel. Import failed.') . EOL);
 			return;
 		}
 		if($completed < 2) {
 		if(is_array($data['config'])) {
 			import_config($channel,$data['config']);
 		}
 		logger('import step 2');
 			$_SESSION['import_step'] = 2;
 		}
 		if($completed < 3) {
 		if(array_key_exists('channel',$data)) {
 			if($data['photo']) {
 				require_once('include/photo/photo_driver.php');
 				import_channel_photo(base64url_decode($data['photo']['data']),$data['photo']['type'],$account_id,$channel['channel_id']);
@@ -184,39 +172,34 @@ class Import extends \Zotlabs\Web\Controller {
 			if(is_array($data['profile']))
 				import_profiles($channel,$data['profile']);
 		}
 		logger('import step 3');
-			$_SESSION['import_step'] = 3;
+
 		if(is_array($data['hubloc'])) {
 			import_hublocs($channel,$data['hubloc'],$seize,$moving);
 		}
 		if($completed < 4) {
 			if(is_array($data['hubloc']) && (! $moving)) {
 				import_hublocs($channel,$data['hubloc'],$seize);
 			}
 		logger('import step 4');
 			$_SESSION['import_step'] = 4;
 		}
 		if($completed < 5) {
 		// create new hubloc for the new channel at this site
-			$r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_addr, hubloc_network, hubloc_primary, 
+		if(array_key_exists('channel',$data)) {
-				hubloc_url, hubloc_url_sig, hubloc_host, hubloc_callback, hubloc_sitekey )
+			$r = hubloc_store_lowlevel(
-				values ( '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s' )",
+				[
-				dbesc($channel['channel_guid']),
+					'hubloc_guid'     => $channel['channel_guid'],
-				dbesc($channel['channel_guid_sig']),
+					'hubloc_guid_sig' => $channel['channel_guid_sig'],
-				dbesc($channel['channel_hash']),
+					'hubloc_hash'     => $channel['channel_hash'],
-				dbesc(channel_reddress($channel)),
+					'hubloc_addr'     => channel_reddress($channel),
-				dbesc('zot'),
+					'hubloc_network'  => 'zot',
-				intval(($seize) ? 1 : 0),
+					'hubloc_primary'  => (($seize) ? 1 : 0),
-				dbesc(z_root()),
+					'hubloc_url'      => z_root(),
-				dbesc(base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey']))),
+					'hubloc_url_sig'  => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])),
-				dbesc(\App::get_hostname()),
+					'hubloc_host'     => \App::get_hostname(),
-				dbesc(z_root() . '/post'),
+					'hubloc_callback' => z_root() . '/post',
-				dbesc(get_config('system','pubkey'))
+					'hubloc_sitekey'  => get_config('system','pubkey'),
 					'hubloc_updated'  => datetime_convert()
 				]
 			);
 			// reset the original primary hubloc if it is being seized
@@ -227,16 +210,14 @@ class Import extends \Zotlabs\Web\Controller {
 					dbesc(z_root())
 				);
 			}
 			logger('import step 5');
 			$_SESSION['import_step'] = 5;
 		}
 		logger('import step 5');
 		if($completed < 6) {
 		// import xchans and contact photos
-			if($seize) {
+		if(array_key_exists('channel',$data) && $seize) {
 			// replace any existing xchan we may have on this site if we're seizing control
@@ -244,31 +225,30 @@ class Import extends \Zotlabs\Web\Controller {
 				dbesc($channel['channel_hash'])
 			);
-				$r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_connurl, xchan_name, xchan_network, xchan_photo_date, xchan_name_date, xchan_hidden, xchan_orphan, xchan_censored, xchan_selfcensored, xchan_system, xchan_pubforum, xchan_deleted ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, %d, %d )",
+			$r = xchan_store_lowlevel(
-					dbesc($channel['channel_hash']),
+				[
-					dbesc($channel['channel_guid']),
+					'xchan_hash'           => $channel['channel_hash'],
-					dbesc($channel['channel_guid_sig']),
+					'xchan_guid'           => $channel['channel_guid'],
-					dbesc($channel['channel_pubkey']),
+					'xchan_guid_sig'       => $channel['channel_guid_sig'],
-					dbesc(z_root() . "/photo/profile/l/" . $channel['channel_id']),
+					'xchan_pubkey'         => $channel['channel_pubkey'],
-					dbesc(z_root() . "/photo/profile/m/" . $channel['channel_id']),
+					'xchan_photo_l'        => z_root() . "/photo/profile/l/" . $channel['channel_id'],
-					dbesc(z_root() . "/photo/profile/s/" . $channel['channel_id']),
+					'xchan_photo_m'        => z_root() . "/photo/profile/m/" . $channel['channel_id'],
-					dbesc(channel_reddress($channel)),
+					'xchan_photo_s'        => z_root() . "/photo/profile/s/" . $channel['channel_id'],
-					dbesc(z_root() . '/channel/' . $channel['channel_address']),
+					'xchan_addr'           => channel_reddress($channel),
-					dbesc(z_root() . '/follow?f=&url=%s'),
+					'xchan_url'            => z_root() . '/channel/' . $channel['channel_address'],
-					dbesc(z_root() . '/poco/' . $channel['channel_address']),
+					'xchan_connurl'        => z_root() . '/poco/' . $channel['channel_address'],
-					dbesc($channel['channel_name']),
+					'xchan_follow'         => z_root() . '/follow?f=&url=%s',
-					dbesc('zot'),
+					'xchan_name'           => $channel['channel_name'],
-					dbesc(datetime_convert()),
+					'xchan_network'        => 'zot',
-					dbesc(datetime_convert()),
+					'xchan_photo_date'     => datetime_convert(),
-					0,0,0,0,0,0,0
+					'xchan_name_date'      => datetime_convert()
 				]
 			);
 		}
 		logger('import step 6');
 			$_SESSION['import_step'] = 6;
 		}
 		if($completed < 7) {
 		// import xchans
 		$xchans = $data['xchan'];
 		if($xchans) {
 			foreach($xchans as $xchan) {
@@ -295,14 +275,7 @@ class Import extends \Zotlabs\Web\Controller {
 				if($r)
 					continue;
-					dbesc_array($xchan);
+				create_table_from_array('xchan',$xchan);
 					$r = dbq("INSERT INTO xchan (`" 
 						. implode("`, `", array_keys($xchan)) 
 						. "`) VALUES ('" 
 						. implode("', '", array_values($xchan)) 
 						. "')" );
 				require_once('include/photo/photo_driver.php');
 				$photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']);
@@ -311,8 +284,7 @@ class Import extends \Zotlabs\Web\Controller {
 				else
 					$photodate = $xchan['xchan_photo_date'];
-					$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s'
+				$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'",
 						where xchan_hash = '%s'",
 					dbesc($photos[0]),
 					dbesc($photos[1]),
 					dbesc($photos[2]),
@@ -320,19 +292,11 @@ class Import extends \Zotlabs\Web\Controller {
 					dbesc($photodate),
 					dbesc($xchan['xchan_hash'])
 				);
 			}
 				}
 			}
 			logger('import step 7');
 			$_SESSION['import_step'] = 7;
 		}
 		// FIXME - ensure we have an xchan if somebody is trying to pull a fast one
 		if($completed < 8) {	
 		$friends = 0;
 		$feeds = 0;
@@ -353,6 +317,7 @@ class Import extends \Zotlabs\Web\Controller {
 				unset($abook['abconfig']);
 				unset($abook['abook_their_perms']);
 				unset($abook['abook_my_perms']);
 				unset($abook['abook_not_here']);
 				$abook['abook_account'] = $account_id;
 				$abook['abook_channel'] = $channel['channel_id'];
@@ -367,6 +332,10 @@ class Import extends \Zotlabs\Web\Controller {
 					$abook['abook_feed']        = (($abook['abook_flags'] & 0x0100 ) ? 1 : 0);
 				}
 				if(array_key_exists('abook_instance',$abook) && $abook['abook_instance'] && strpos($abook['abook_instance'],z_root()) === false) {
 					$abook['abook_not_here'] = 1;
 				} 
 				if($abook['abook_self']) {
 					$role = get_pconfig($channel['channel_id'],'system','permissions_role');
 					if(($role === 'forum') || ($abook['abook_my_perms'] & PERMS_W_TAGWALL)) {
@@ -382,12 +351,7 @@ class Import extends \Zotlabs\Web\Controller {
 						continue;
 				}
-					dbesc_array($abook);
+				abook_store_lowlevel($abook);
 					$r = dbq("INSERT INTO abook (`" 
 						. implode("`, `", array_keys($abook)) 
 						. "`) VALUES ('" 
 						. implode("', '", array_values($abook)) 
 						. "')" );
 				$friends ++;
 				if(intval($abook['abook_feed']))
@@ -396,42 +360,32 @@ class Import extends \Zotlabs\Web\Controller {
 				translate_abook_perms_inbound($channel,$abook_copy);
 				if($abconfig) {
-						// @fixme does not handle sync of del_abconfig
+					/// @FIXME does not handle sync of del_abconfig
 					foreach($abconfig as $abc) {
 						set_abconfig($channel['channel_id'],$abc['xchan'],$abc['cat'],$abc['k'],$abc['v']);
 					}
 				}
 				}
 			}
 			logger('import step 8');
 			$_SESSION['import_step'] = 8;
 		}
-	
+		// import groups
 		if($completed < 9) {
 		$groups = $data['group'];
 		if($groups) {
 			$saved = array();
 			foreach($groups as $group) {
 				$saved[$group['hash']] = array('old' => $group['id']);
-					if(array_key_exists('name',$group)) {
+				if(array_key_exists('name', $group)) {
 					$group['gname'] = $group['name'];
 					unset($group['name']);
 				}
 				unset($group['id']);
 				$group['uid'] = $channel['channel_id'];
-					dbesc_array($group);
+
-					$r = dbq("INSERT INTO groups (`" 
+				create_table_from_array('groups', $group);
 						. implode("`, `", array_keys($group)) 
 						. "`) VALUES ('" 
 						. implode("', '", array_values($group)) 
 						. "')" );
 			}
-				$r = q("select * from `groups` where uid = %d",
+			$r = q("select * from groups where uid = %d",
 				intval($channel['channel_id'])
 			);
 			if($r) {
@@ -441,7 +395,7 @@ class Import extends \Zotlabs\Web\Controller {
 			}
 		}
-	
+		// import group members
 		$group_members = $data['group_member'];
 		if($group_members) {
 			foreach($group_members as $group_member) {
@@ -451,17 +405,11 @@ class Import extends \Zotlabs\Web\Controller {
 					if($x['old'] == $group_member['gid'])
 						$group_member['gid'] = $x['new'];
 				}
-					dbesc_array($group_member);
+				create_table_from_array('group_member', $group_member);
 					$r = dbq("INSERT INTO group_member (`" 
 						. implode("`, `", array_keys($group_member)) 
 						. "`) VALUES ('" 
 						. implode("', '", array_values($group_member)) 
 						. "')" );
 			}
 		}
 		logger('import step 9');
 			$_SESSION['import_step'] = 9;
 		}
 		if(is_array($data['obj']))
 			import_objs($channel,$data['obj']);
@@ -490,6 +438,12 @@ class Import extends \Zotlabs\Web\Controller {
 		if(is_array($data['menu']))
 			import_menus($channel,$data['menu']);
 		if(is_array($data['wiki']))
 			import_items($channel,$data['wiki'],false,$relocate);
 		if(is_array($data['webpages']))
 			import_items($channel,$data['webpages'],false,$relocate);
 		$addon = array('channel' => $channel,'data' => $data);
 		call_hooks('import_channel',$addon);
@@ -500,13 +454,9 @@ class Import extends \Zotlabs\Web\Controller {
 		notifications_on($channel['channel_id'],$saved_notification_flags);
 		if(array_key_exists('item_id',$data) && $data['item_id'])
 			import_item_ids($channel,$data['item_id']);
 		// FIXME - ensure we have a self entry if somebody is trying to pull a fast one
 		// send out refresh requests
 		// notify old server that it may no longer be primary.
@@ -521,25 +471,31 @@ class Import extends \Zotlabs\Web\Controller {
 		change_channel($channel['channel_id']);
 		unset($_SESSION['import_step']);
 		goaway(z_root() . '/network' );
 	}
-	
+	/**
 	 * @brief Handle POST action on channel import page.
 	 */
 	function post() {
 		$account_id = get_account_id();
 		if(! $account_id)
 			return;
 		check_form_security_token_redirectOnErr('/import', 'channel_import');
 		$this->import_account($account_id);
 	}
 	/**
 	 * @brief Generate channel import page.
 	 *
 	 * @return string with parsed HTML.
 	 */
 	function get() {
 		if(! get_account_id()) {
-			notice( t('You must be logged in to use this feature.'));
+			notice( t('You must be logged in to use this feature.') . EOL);
 			return '';
 		}
@@ -553,15 +509,16 @@ class Import extends \Zotlabs\Web\Controller {
 			'$label_old_pass' => t('Your old login password'),
 			'$common' => t('For either option, please choose whether to make this hub your new primary address, or whether your old location should continue this role. You will be able to post from either location, but only one can be marked as the primary location for files, photos, and media.'),
 			'$label_import_primary' => t('Make this hub my primary location'),
-			'$label_import_posts' => t('Import existing posts if possible (experimental - limited by available memory'),
+			'$label_import_moving' => t('Move this channel (disable all previous locations)'),
 			'$label_import_posts' => t('Import a few months of posts if possible (limited by available memory'),
 			'$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'),
 			'$email' => '',
 			'$pass' => '',
 			'$form_security_token' => get_form_security_token('channel_import'),
 			'$submit' => t('Submit')
 		));
 		return $o;
 	}
 }
--- a/Zotlabs/Module/Import_items.php
+++ b/Zotlabs/Module/Import_items.php
@@ -3,7 +3,11 @@ namespace Zotlabs\Module;
 require_once('include/import.php');
-
+/**
 * @brief Module for importing items.
 *
 * Import existing posts and content from an export file.
 */
 class Import_items extends \Zotlabs\Web\Controller {
 	function post() {
@@ -11,6 +15,8 @@ class Import_items extends \Zotlabs\Web\Controller {
 		if(! local_channel())
 			return;
 		check_form_security_token_redirectOnErr('/import_items', 'import_items');
 		$data     = null;
 		$src      = $_FILES['filename']['tmp_name'];
@@ -38,7 +44,7 @@ class Import_items extends \Zotlabs\Web\Controller {
 			$old_address = ((x($_REQUEST,'old_address')) ? $_REQUEST['old_address'] : '');
 			if(! $old_address) {
-				logger('mod_import: nothing to import.');
+				logger('Nothing to import.');
 				notice( t('Nothing to import.') . EOL);
 				return;
 			}
@@ -64,19 +70,18 @@ class Import_items extends \Zotlabs\Web\Controller {
 				$data = $ret['body'];
 			else
 				notice( t('Unable to download data from old server') . EOL);
 		}
 		if(! $data) {
-			logger('mod_import: empty file.');
+			logger('Empty file.');
 			notice( t('Imported file is empty.') . EOL);
 			return;
 		}
-		$data = json_decode($data,true);
+		$data = json_decode($data, true);
-	//	logger('import: data: ' . print_r($data,true));
+		//logger('import: data: ' . print_r($data,true));
-	//	print_r($data);
+		//print_r($data);
 		if(! is_array($data))
 			return;
@@ -86,13 +91,12 @@ class Import_items extends \Zotlabs\Web\Controller {
 			$v2 = substr(DB_UPDATE_VERSION,-4);
 			if($v2 > $v1) {
 				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 );
-				notice($t);
+				notice($t . EOL);
 			}
 		}
 		$channel = \App::get_channel();
 		if(array_key_exists('item',$data) && $data['item']) {
 			import_items($channel,$data['item'],false,((array_key_exists('relocate',$data)) ? $data['relocate'] : null));
 		}
@@ -102,12 +106,14 @@ class Import_items extends \Zotlabs\Web\Controller {
 		}
 		info( t('Import completed') . EOL);
 		return;
 	}
-	
+	/**
-	
+	 * @brief Generate item import page.
 	 *
 	 * @return string with parsed HTML.
 	 */
 	function get() {
 		if(! local_channel()) {
@@ -115,17 +121,15 @@ class Import_items extends \Zotlabs\Web\Controller {
 			return login();
 		}
-		$o = replace_macros(get_markup_template('item_import.tpl'),array(
+		$o = replace_macros(get_markup_template('item_import.tpl'), array(
 			'$title' => t('Import Items'),
 			'$desc' => t('Use this form to import existing posts and content from an export file.'),
 			'$label_filename' => t('File to Upload'),
 			'$form_security_token' => get_form_security_token('import_items'),
 			'$submit' => t('Submit')
 		));
 		return $o;
 	}
 }
--- a/Zotlabs/Module/Invite.php
+++ b/Zotlabs/Module/Invite.php
@@ -49,7 +49,7 @@ class Invite extends \Zotlabs\Web\Controller {
 			if(! $recip)
 				continue;
-			if(! valid_email($recip)) {
+			if(! validate_email($recip)) {
 				notice(  sprintf( t('%s : Not a valid email address.'), $recip) . EOL);
 				continue;
 			}
@@ -95,6 +95,8 @@ class Invite extends \Zotlabs\Web\Controller {
 			return;
 		}
 		nav_set_selected(t('Invite'));
 		$tpl = get_markup_template('invite.tpl');
 		$invonly = false;
@@ -111,7 +113,7 @@ class Invite extends \Zotlabs\Web\Controller {
 				$invite_code = autoname(8) . rand(1000,9999);
 				$nmessage = str_replace('$invite_code',$invite_code,$message);
-				$r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ",
+				$r = q("INSERT INTO register (hash,created) VALUES ('%s', '%s') ",
 					dbesc($invite_code),
 					dbesc(datetime_convert())
 				);
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -21,6 +21,7 @@ require_once('include/crypto.php');
 require_once('include/items.php');
 require_once('include/attach.php');
 require_once('include/bbcode.php');
 require_once('include/security.php');
 use \Zotlabs\Lib as Zlib;
@@ -32,11 +33,9 @@ class Item extends \Zotlabs\Web\Controller {
 		// This will change. Figure out who the observer is and whether or not
 		// they have permission to post here. Else ignore the post.
-		if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'commenter')))
+		if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'anonname')))
 			return;
 		require_once('include/security.php');
 		$uid = local_channel();
 		$channel = null;
 		$observer = null;
@@ -111,6 +110,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$preview     = ((x($_REQUEST,'preview'))     ? intval($_REQUEST['preview'])        : 0);
 		$categories  = ((x($_REQUEST,'category'))    ? escape_tags($_REQUEST['category'])  : '');
 		$webpage     = ((x($_REQUEST,'webpage'))     ? intval($_REQUEST['webpage'])        : 0);
 		$item_obscured = ((x($_REQUEST,'obscured'))  ? intval($_REQUEST['obscured'])        : 0);
 		$pagetitle   = ((x($_REQUEST,'pagetitle'))   ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '');
 		$layout_mid  = ((x($_REQUEST,'layout_mid'))  ? escape_tags($_REQUEST['layout_mid']): '');
 		$plink       = ((x($_REQUEST,'permalink'))   ? escape_tags($_REQUEST['permalink']) : '');
@@ -126,6 +126,8 @@ class Item extends \Zotlabs\Web\Controller {
 			$ret = $this->item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false));
 			if (!$ret['success']) { 
 				notice( t($ret['message']) . EOL) ;
 				if($api_source)
 					return ( [ 'success' => false, 'message' => 'service class exception' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -139,6 +141,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$item_flags = $item_restrict = 0;
 		$expires = NULL_DATE;
 		$route = '';
 		$parent_item = null;
@@ -156,13 +159,13 @@ class Item extends \Zotlabs\Web\Controller {
 				$obj_type = ACTIVITY_OBJ_COMMENT;
 			if($parent) {
-				$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
+				$r = q("SELECT * FROM item WHERE id = %d LIMIT 1",
 					intval($parent)
 				);
 			}
 			elseif($parent_mid && $uid) {
 				// This is coming from an API source, and we are logged in
-				$r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1",
+				$r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d LIMIT 1",
 					dbesc($parent_mid),
 					intval($uid)
 				);
@@ -172,7 +175,7 @@ class Item extends \Zotlabs\Web\Controller {
 				$parid = $r[0]['parent'];
 				$parent_mid = $r[0]['mid'];
 				if($r[0]['id'] != $r[0]['parent']) {
-					$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1",
+					$r = q("SELECT * FROM item WHERE id = parent AND parent = %d LIMIT 1",
 						intval($parid)
 					);
 				}
@@ -180,6 +183,8 @@ class Item extends \Zotlabs\Web\Controller {
 			if(($r === false) || (! count($r))) {
 				notice( t('Unable to locate original post.') . EOL);
 				if($api_source)
 					return ( [ 'success' => false, 'message' => 'invalid post id' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -201,8 +206,27 @@ class Item extends \Zotlabs\Web\Controller {
 		}
-		if(! $observer)
+		$moderated = false;
 		if(! $observer) {
 			$observer = \App::get_observer();
 			if(! $observer) {
 				$observer = anon_identity_init($_REQUEST);
 				if($observer) {
 					$moderated = true;
 					$remote_xchan = $remote_observer = $observer;
 				}
 			}
 		} 			
 		if(! $observer) {
 			notice( t('Permission denied.') . EOL) ;
 			if($api_source)
 				return ( [ 'success' => false, 'message' => 'permission denied' ] );	
 			if(x($_REQUEST,'return')) 
 				goaway(z_root() . "/" . $return_path );
 			killme();
 		}
 		if($parent) {
 			logger('mod_item: item_post parent=' . $parent);
@@ -214,6 +238,8 @@ class Item extends \Zotlabs\Web\Controller {
 			if(! $can_comment) {
 				notice( t('Permission denied.') . EOL) ;
 				if($api_source)
 					return ( [ 'success' => false, 'message' => 'permission denied' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -222,6 +248,8 @@ class Item extends \Zotlabs\Web\Controller {
 		else {
 			if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],($webpage) ? 'write_pages' : 'post_wall')) {
 				notice( t('Permission denied.') . EOL) ;
 				if($api_source)
 					return ( [ 'success' => false, 'message' => 'permission denied' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -246,7 +274,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$iconfig = null;
 		if($post_id) {
-			$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1",
+			$i = q("SELECT * FROM item WHERE uid = %d AND id = %d LIMIT 1",
 				intval($profile_uid),
 				intval($post_id)
 			);
@@ -276,6 +304,8 @@ class Item extends \Zotlabs\Web\Controller {
 		if(! $channel) {
 			logger("mod_item: no channel.");
 			if($api_source)
 				return ( [ 'success' => false, 'message' => 'no channel' ] );	
 			if(x($_REQUEST,'return')) 
 				goaway(z_root() . "/" . $return_path );
 			killme();
@@ -291,6 +321,8 @@ class Item extends \Zotlabs\Web\Controller {
 		}
 		else {
 			logger("mod_item: no owner.");
 			if($api_source)
 				return ( [ 'success' => false, 'message' => 'no owner' ] );	
 			if(x($_REQUEST,'return')) 
 				goaway(z_root() . "/" . $return_path );
 			killme();
@@ -299,7 +331,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$walltowall = false;
 		$walltowall_comment = false;
-		if($remote_xchan)
+		if($remote_xchan && ! $moderated)
 			$observer = $remote_observer;
 		if($observer) {
@@ -383,6 +415,7 @@ class Item extends \Zotlabs\Web\Controller {
 			$postopts          = $orig_post['postopts'];
 			$created           = $orig_post['created'];
 			$expires           = $orig_post['expires'];
 			$mid               = $orig_post['mid'];
 			$parent_mid        = $orig_post['parent_mid'];
 			$plink             = $orig_post['plink'];
@@ -417,6 +450,8 @@ class Item extends \Zotlabs\Web\Controller {
 			$body              .= trim($_REQUEST['attachment']);
 			$postopts          = '';
 			$allow_empty       = ((array_key_exists('allow_empty',$_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0);	
 			$private = intval($acl->is_private() || ($public_policy));
 			// If this is a comment, set the permissions from the parent.
@@ -429,10 +464,12 @@ class Item extends \Zotlabs\Web\Controller {
 				$owner_hash        = $parent_item['owner_xchan'];
 			}
-			if(! strlen($body)) {
+			if((! $allow_empty) && (! strlen($body))) {
 				if($preview)
 					killme();
 				info( t('Empty post discarded.') . EOL );
 				if($api_source)
 					return ( [ 'success' => false, 'message' => 'no content' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -440,7 +477,6 @@ class Item extends \Zotlabs\Web\Controller {
 		}
 		$expires = NULL_DATE;
 		if(feature_enabled($profile_uid,'content_expire')) {
 			if(x($_REQUEST,'expire')) {
@@ -450,36 +486,21 @@ class Item extends \Zotlabs\Web\Controller {
 			}
 		}
 		$mimetype = notags(trim($_REQUEST['mimetype']));
 		if(! $mimetype)
 			$mimetype = 'text/bbcode';
 		if($preview) {
 			$body = z_input_filter($profile_uid,$body,$mimetype);
 		}
 		$execflag = ((intval($uid) == intval($profile_uid) 
 			&& ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
 		if($preview) {
 			$body = z_input_filter($body,$mimetype,$execflag);
 		}
 		// Verify ability to use html or php!!!
 		$execflag = false;
 		if($mimetype !== 'text/bbcode') {
 			$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
 				intval($profile_uid)
 			);
 			if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
 				if($uid && (get_account_id() == $z[0]['account_id'])) {
 					$execflag = true;
 				}
 				else {
 					notice( t('Executable content type not permitted to this channel.') . EOL);
 					if(x($_REQUEST,'return')) 
 						goaway(z_root() . "/" . $return_path );
 					killme();
 				}
 			}
 		}
 		$gacl = $acl->get();
 		$str_contact_allow = $gacl['allow_cid'];
 		$str_group_allow   = $gacl['allow_gid'];
@@ -504,11 +525,11 @@ class Item extends \Zotlabs\Web\Controller {
 			// <img src="javascript:alert('hacked');" />
 	//		if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
-	//			require_once('include/bb2diaspora.php');
+	//			require_once('include/markdown.php');
 	//			$body = escape_tags(trim($body));
 	//			$body = str_replace("\n",'<br />', $body);
 	//			$body = preg_replace_callback('/\[share(.*?)\]/ism','\share_shield',$body);			
-	//			$body = diaspora2bb($body,true);
+	//			$body = markdown_to_bb($body,true);
 	//			$body = preg_replace_callback('/\[share(.*?)\]/ism','\share_unshield',$body);
 	//		}
@@ -541,41 +562,7 @@ class Item extends \Zotlabs\Web\Controller {
 					$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
 			}
-			/**
+			$body = cleanup_bbcode($body);
 			 * fix naked links by passing through a callback to see if this is a hubzilla site
 			 * (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both.
 			 * First protect any url inside certain bbcode tags so we don't double link it.
 			 */
 			$body = preg_replace_callback('/\[code(.*?)\[\/(code)\]/ism','\red_escape_codeblock',$body);
 			$body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','\red_escape_codeblock',$body);
 			$body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body);
 			$body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", 'nakedoembed', $body);
 			$body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", '\red_zrl_callback', $body);
 			$body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body);
 			$body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body);
 			$body = preg_replace_callback('/\[\$b64code(.*?)\[\/(code)\]/ism','\red_unescape_codeblock',$body);
 			// fix any img tags that should be zmg
 			$body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','\red_zrlify_img_callback',$body);
 			$body = bb_translate_video($body);
 			/**
 			 * Fold multi-line [code] sequences
 			 */
 			$body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body); 
 			$body = scale_external_images($body,false);
 			// Look for tags and linkify them
 			$results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid);
@@ -647,7 +634,7 @@ class Item extends \Zotlabs\Web\Controller {
 					$attach_link = '';
 					$hash = substr($mtch,0,strpos($mtch,','));
 					$rev = intval(substr($mtch,strpos($mtch,',')));
-					$r = attach_by_hash_nodata($hash,$rev);
+					$r = attach_by_hash_nodata($hash, $observer['xchan_hash'], $rev);
 					if($r['success']) {
 						$attachments[] = array(
 							'href'     => z_root() . '/attach/' . $r['data']['hash'],
@@ -739,6 +726,8 @@ class Item extends \Zotlabs\Web\Controller {
 		if(! $mid) {
 			$mid = (($message_id) ? $message_id : item_message_id());
 		}
 		if(! $parent_mid) {
 			$parent_mid = $mid;
 		}
@@ -829,7 +818,7 @@ class Item extends \Zotlabs\Web\Controller {
 			$datarray['owner'] = $owner_xchan;
 			$datarray['author'] = $observer;
 			$datarray['attach'] = json_encode($datarray['attach']);
-			$o = conversation($a,array($datarray),'search',false,'preview');
+			$o = conversation(array($datarray),'search',false,'preview');
 	//		logger('preview: ' . $o, LOGGER_DEBUG);
 			echo json_encode(array('preview' => $o));
 			killme();
@@ -863,7 +852,8 @@ class Item extends \Zotlabs\Web\Controller {
 			logger('mod_item: post cancelled by plugin or duplicate suppressed.');
 			if($return_path)
 				goaway(z_root() . "/" . $return_path);
-	
+			if($api_source)
 				return ( [ 'success' => false, 'message' => 'operation cancelled' ] );	
 			$json = array('cancel' => 1);
 			$json['reload'] = z_root() . '/' . $_REQUEST['jsreload'];
 			echo json_encode($json);
@@ -871,20 +861,8 @@ class Item extends \Zotlabs\Web\Controller {
 		}
-		if(mb_strlen($datarray['title']) > 255)
+		if(mb_strlen($datarray['title']) > 191)
-			$datarray['title'] = mb_substr($datarray['title'],0,255);
+			$datarray['title'] = mb_substr($datarray['title'],0,191);
 		if(array_key_exists('item_private',$datarray) && $datarray['item_private']) {
 			$datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']));
 			if($uid) {
 				if($channel['channel_hash'] === $datarray['author_xchan']) {
 					$datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey']));
 					$datarray['item_verified'] = 1;
 				}
 			}
 		}
 		if($webpage) {
 			Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
@@ -901,6 +879,18 @@ class Item extends \Zotlabs\Web\Controller {
 			$x = item_store_update($datarray,$execflag);
 			// We only need edit activities for other federated protocols
 			// which do not support edits natively. While this does federate 
 			// edits, it presents a number of issues locally - such as #757 and #758.
 			// The SQL check for an edit activity would not perform that well so to fix these issues
 			// requires an additional item flag (perhaps 'item_edit_activity') that we can add to the 
 			// query for searches and notifications.
 			// For now we'll just forget about trying to make edits work on network protocols that 
 			// don't support them.   
 			// item_create_edit_activity($x);			
 			if(! $parent) {
 				$r = q("select * from item where id = %d",
 					intval($post_id)
@@ -914,6 +904,10 @@ class Item extends \Zotlabs\Web\Controller {
 			if(! $nopush)
 				\Zotlabs\Daemon\Master::Summon(array('Notifier', 'edit_post', $post_id));
 			if($api_source)
 				return($x);
 			if((x($_REQUEST,'return')) && strlen($return_path)) {
 				logger('return: ' . $return_path);
 				goaway(z_root() . "/" . $return_path );
@@ -934,6 +928,11 @@ class Item extends \Zotlabs\Web\Controller {
 			if($parent) {
 				// prevent conversations which you are involved from being expired
 				if(local_channel())
 					retain_item($parent);
 				// only send comment notification if this is a wall-to-wall comment,
 				// otherwise it will happen during delivery
@@ -943,7 +942,7 @@ class Item extends \Zotlabs\Web\Controller {
 						'from_xchan'   => $datarray['author_xchan'],
 						'to_xchan'     => $datarray['owner_xchan'],
 						'item'         => $datarray,
-						'link'		   => z_root() . '/display/' . $datarray['mid'],
+						'link'		   => z_root() . '/display/' . gen_link_id($datarray['mid']),
 						'verb'         => ACTIVITY_POST,
 						'otype'        => 'item',
 						'parent'       => $parent,
@@ -961,7 +960,7 @@ class Item extends \Zotlabs\Web\Controller {
 						'from_xchan'   => $datarray['author_xchan'],
 						'to_xchan'     => $datarray['owner_xchan'],
 						'item'         => $datarray,
-						'link'		   => z_root() . '/display/' . $datarray['mid'],
+						'link'		   => z_root() . '/display/' . gen_link_id($datarray['mid']),
 						'verb'         => ACTIVITY_POST,
 						'otype'        => 'item'
 					));
@@ -988,8 +987,11 @@ class Item extends \Zotlabs\Web\Controller {
 		else {
 			logger('mod_item: unable to retrieve post that was just stored.');
 			notice( t('System error. Post not saved.') . EOL);
 			if($return_path)
 				goaway(z_root() . "/" . $return_path );
-			// NOTREACHED
+			if($api_source)
 				return ( [ 'success' => false, 'message' => 'system error' ] );
 			killme();
 		}
 		if(($parent) && ($parent != $post_id)) {
@@ -1010,7 +1012,7 @@ class Item extends \Zotlabs\Web\Controller {
 		}
 		$datarray['id']    = $post_id;
-		$datarray['llink'] = z_root() . '/display/' . $channel['channel_address'] . '/' . $post_id;
+		$datarray['llink'] = z_root() . '/display/' . gen_link_id($datarray['mid']);
 		call_hooks('post_local_end', $datarray);
@@ -1019,6 +1021,10 @@ class Item extends \Zotlabs\Web\Controller {
 		logger('post_complete');
 		if($moderated) {
 			info(t('Your comment is awaiting approval.') . EOL);
 		}
 		// figure out how to return, depending on from whence we came
 		if($api_source)
@@ -1045,8 +1051,6 @@ class Item extends \Zotlabs\Web\Controller {
 		if((! local_channel()) && (! remote_channel()))
 			return;
 		require_once('include/security.php');
 		if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
 			require_once('include/items.php');
@@ -1082,6 +1086,14 @@ class Item extends \Zotlabs\Web\Controller {
 				else {
 					// complex deletion that needs to propagate and be performed in phases
 					drop_item($i[0]['id'],true,DROPITEM_PHASE1);
 					$r = q("select * from item where id = %d",
 						intval($i[0]['id'])
 					);
 					if($r) {
 						xchan_query($r);
 						$sync_item = fetch_post_tags($r);
 						build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true))));
 					}
 					tag_deliver($i[0]['uid'],$i[0]['id']);
 				}
 			}
--- a/Show More
+++ b/Show More