Merge branch '3.0RC'

3.0 rc fix homeinstall

.gitignore

@@ -14,19 +14,21 @@
 *.rej
 # OSX .DS_Store files
 .DS_Store
-# version scripts (repo master only) 
+# version scripts (repo master only)
 .version*
 Thumbs.db
 
 
-## Ignore RedMatrix site specific files and folders
+## Ignore site specific files and folders
 .htconfig.php
 favicon.*
 addon/
+widget/
 custom/
 /store/
 # site apps
 apps/
+!doc/context/*/apps
 # default startpage
 home.html
 # page header plugin

.homeinstall/README.md

@@ -2,10 +2,19 @@
 
 Run hubzilla-setup.sh for an unattended installation of hubzilla.
 
-The script is known to work with Debian 8.3 stable (Jessie)
+The script is known to work without adjustments with
 
-+ Home-PC (Debian-8.3.0-amd64)
-+ DigitalOcean droplet (Debian 8.3 x64 / 512 MB Memory / 20 GB Disk / NYC3)
++ Hardware
+  - Mini-PC with Debian-9.2-amd64, or
+  - Rapberry 3 with Raspbian, Debian-9.3
++ DynDNS
+  - selfHOST.de
+  - freedns.afraid.org
+
+## Disclaimers
+
+- This script does work with Debian 9 only.
+- This script has to be used on a fresh debian install only (it does not take account for a possibly already installed and configured webserver or sql implementation).
 
 # Step-by-Step Overwiew
 
@@ -14,13 +23,13 @@ The script is known to work with Debian 8.3 stable (Jessie)
 Hardware
 
 + Internet connection and router at home
-+ Mini-pc connected to your router
++ Mini-pc connected to your router (a Raspberry 3 will do for very small Hubs)
 + USB drive for backups
 
 Software
 
-+ Fresh installation of Debian on your mini-pc
-+ Router with open ports 80 and 443 for your Debian
++ Fresh installation of Debian 9 (Stretch)
++ Router with open ports 80 and 443 for your Hub
 
 ## The basic steps (quick overview)
 
@@ -30,9 +39,12 @@ Software
   - mkdir -p /var/www
   - cd /var/www
   - git clone https://github.com/redmatrix/hubzilla.git html
-  - cp .homeinstall/hubzilla-config.txt.template .homeinstall/hubzilla-config.txt
-  - nano .homeinstall/hubzilla-config.txt
-    - Enter your values there: db pass, domain, values for dyn DNS
+  - cd /html/.homeinstall
+  - cp hubzilla-config.txt.template hubzilla-config.txt
+  - nano hubzilla-config.txt
+    - Read the comments carefully
+    - Enter your values: db pass, domain, values for dyn DNS
+  - Make sure your your external drive (for backups) is mounted
   - hubzilla-setup.sh as root
     - ... wait, wait, wait until the script is finised
   - reboot
@@ -46,23 +58,44 @@ Software
 
 ### Recommended: USB Drive for Backups
 
-The installation will create a daily backup.
+The installation will create a daily backup written to an external drive.
 
-If the backup process does not find an external device than the backup goes to
-the internal disk.
+The USB drive must be compatible with the filesystems
 
-The USB drive must be compatible with an encrpyted filesystem LUKS + ext4.
+- ext4 (if you do not want to encrypt the USB) 
+- LUKS + ext4 (if you want to encrypt the USB) 
+
+The backup includes 
+
+- Hubzilla DB
+- Hubzilla installation /var/www/html
+- Certificates for letsencrypt
 
 ## Preparations Software
 
 ### Install Debian Linux on the Mini-PC
 
-Download the stable Debian at https://www.debian.org/
+Download the stable Debian at https://www.debian.org/  
+(Debian 8 is no longer supported.)
 
-Create bootable USB drive with Debian on it. You could use the programm
-unetbootin, https://en.wikipedia.org/wiki/UNetbootin
+Create bootable USB drive with Debian on it.You could use
 
-Switch of your mini pc, plug in your USB drive and start the mini pc from the
+- unetbootin, https://en.wikipedia.org/wiki/UNetbootin
+- or simply the linux command "dd"
+
+Example for command dd...
+
+    su -
+    dd if=2017-11-29-raspbian-stretch.img of=/dev/mmcblk0
+
+Do not forget to unmount the SD card before and check if unmounted like in this example...
+
+    su -
+    umount /dev/mmcblk0*
+    df -h
+
+
+Switch off your mini pc, plug in your USB drive and start the mini pc from the
 stick. Install Debian. Follow the instructions of the installation.
 
 ### Configure your Router
@@ -79,28 +112,20 @@ You can use subdomains as well
 
     my.cooldomain.org
 
-There are two way to get a domain
+There are two ways to get a domain...
 
-- buy a domain (recommended) or
-- register a free subdomain
+### Method 1: Buy a Domain 
 
-### Method 1: Get yourself an own Domain (recommended)
+...for example buy at selfHOST.de  
 
-...for example at selfHOST.de
+The cost are around 10,- € once and 1,50 € per month (2017).
 
-### Method 2 Register a (free) Subdomain
+The cost are around 10,- € once and 1,50 € per month (2017).
 
-Register a free subdomain for example at
+...for example register at freedns.afraid.org
 
-- freeDNS
-- selfHOST
+Follow the instructions in .homeinstall/hubzilla-config.txt.  
 
-WATCH THIS: A free subdomain is not the prefered way to get a domain name. Why?
-
-Let's encrpyt issues a limited number of certificates each
-day. Possibly other users of this domain will try to issue a certificate
-at the same day as you do. So make sure you choose a domain with as less subdomains as
-possible.
 
 ## Install Hubzilla on your Debian
 
@@ -135,10 +160,12 @@ Copy the template file
     
     cp hubzilla-config.txt.template hubzilla-config.txt
 
-Change the file "hubzilla-config.txt". Read the instructions there and enter your values.
+Modify the file "hubzilla-config.txt". Read the instructions there carefully and enter your values.
 
     nano hubzilla-config.txt
 
+Make sure your external drive (for backups) is plugged in and can be mounted as configured in "hubzilla-config.txt". Otherwise the daily backups will not work.
+
 Run the script
 
      ./hubzilla-setup.sh
@@ -146,7 +173,7 @@ Run the script
 Wait... The script should not finish with an error message.
 
 In a webbrowser open your domain.
-Expected: A test page of hubzilla is shown. All checks there shoulg be
+Expected: A test page of hubzilla is shown. All checks there should be
 successfull. Go on...
 Expected: A page for the Hubzilla server configuration shows up.
 
@@ -162,3 +189,28 @@ Leave db type "MySQL" untouched.
 
 Follow the instructions in the next pages.
 
+After the daily script was executed at 05:30 (am)
+
+- look at var/www/html/hubzilla-daily.log
+- check your backup on the external drive
+- optionally view the daily log under yourdomain.org/admin/logs/
+  - set the logfile to var/www/html/hubzilla-daily.log
+
+## Note for the Rasperry 
+
+The script was tested with an Raspberry 3 under Raspian (Debian 9.3, 2017-11-29-raspbian-stretch.img).
+
+It is recommended to deinstall these programms to avoid endless updates. Use...
+
+    sudo apt-get purge wolfram-engine sonic-pi
+    sudo apt-get autoremove
+
+It is recommended to run the Raspi without graphical frontend (X-Server). Use...
+
+    sudo raspi-config
+
+to boot the Rapsi to the client console.
+
+DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
+
+

.homeinstall/hubzilla-config.txt.template

@@ -70,15 +70,17 @@ selfhost_pass=
 #       freedns_key=U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5
 #
 #
-#freedns_key=
+freedns_key=
 
 
 ###############################################
 ### OPTIONAL - Backup to external device ######
 #
 # The script can use an external device for the daily backup.
-# The file system of the device (USB stick for example) must be compatible
-# with encrypted LUKS + ext4
+# The file system of the device (USB stick for example) must be compatible with
+#
+# - encrypted LUKS + ext4, or
+# - ext4
 #
 # You should test to mount the device befor you run the script
 # (hubzilla-setup.sh).
@@ -113,27 +115,21 @@ selfhost_pass=
 #     lsof /media/hubzilla_backup
 #
 # If you leave the following parameters
+#
 # - "backup_device_name" and
 # - "backup_device_pass"
+#
 # empty the script will create daily backups on the internal disk (which could
 # save you as well).
 #
 #   Example: backup_device_name=/dev/sdc1
 #
+# Leave "backup_device_pass=" empty if the external device is not encrypted.
+#
 backup_device_name=
 backup_device_pass=
 
 
-###############################################
-### OPTIONAL - Owncloud - deprecated ##########
-#
-# To install owncloud: owncloud=y
-# Leave empty if you don't want to install owncloud
-#
-#owncloud=
-
-
-
 ###############################################
 ### OPTIONAL - do not mess with things below ##
 #              (...if you are not certain)
@@ -160,18 +156,3 @@ mysqlpass=$db_pass
 #   Example: phpmyadminpass="aber hallo has blanks in it"
 phpmyadminpass=$db_pass
 
-# TODO Prepare hubzilla for programmers
-# - install eclipse and plugins
-# - install xdebug to debug the php with eclipse
-# - weaken permissions on /var/www/html
-# - manual steps after this script
-#   * in eclipse: install plugins for php git hub
-#   * in eclipse: configure firefox (chrome,...) as browser to run with the php debuger
-#   * in eclipse: switch php debugger from zend to xdebug
-#   * in eclipse: add local hubzilla github repository
-#
-# Which user will use eclipse?
-# Leave this empty if you do not want to prepare hubzilla for debugging
-#
-#developer_name=
-

.homeinstall/hubzilla-setup.sh

@@ -114,7 +114,11 @@ function check_sanity {
     fi
     if [ ! -f /etc/debian_version ]
     then
-        die "Ubuntu is not supported"
+        die "Debian is supported only"
+    fi
+    if ! grep -q 'Linux 9' /etc/issue
+    then
+        die "Linux 9 (stretch) is supported only"x
     fi
 }
 
@@ -253,11 +257,11 @@ function install_sendmail {
 }
 
 function install_php {
-    # openssl and mbstring are included in libapache2-mod-php5
-    # to_to:  php5-suhosin
+    # openssl and mbstring are included in libapache2-mod-php
     print_info "installing php..."
-    nocheck_install "libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd"
-    php5enmod mcrypt
+    nocheck_install "libapache2-mod-php php php-pear php-curl php-mcrypt php-gd"
+    sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.0/apache2/php.ini
+    sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.0/apache2/php.ini
 }
 
 function install_mysql {
@@ -277,18 +281,17 @@ function install_mysql {
     # want to be prompted for it then this can be arranged by preseeding the
     # DebConf database with the required information.
     #
-    #     echo mysql-server-5.5 mysql-server/root_password password xyzzy | debconf-set-selections
-    #     echo mysql-server-5.5 mysql-server/root_password_again password xyzzy | debconf-set-selections
+    #     echo mysql-server mysql-server/root_password password xyzzy | debconf-set-selections
+    #     echo mysql-server mysql-server/root_password_again password xyzzy | debconf-set-selections
     #
     print_info "installing mysql..."
     if [ -z "$mysqlpass" ]
     then
         die "mysqlpass not set in $configfile"
     fi
-    echo mysql-server-5.5 mysql-server/root_password password $mysqlpass | debconf-set-selections
-    echo mysql-server-5.5 mysql-server/root_password_again password $mysqlpass | debconf-set-selections
-    nocheck_install "php5-mysql mysql-server mysql-client"
-    php5enmod mcrypt
+    echo mysql-server mysql-server/root_password password $mysqlpass | debconf-set-selections
+    echo mysql-server mysql-server/root_password_again password $mysqlpass | debconf-set-selections
+    nocheck_install "php-mysql mysql-server mysql-client"
 }
 
 function install_phpmyadmin {
@@ -327,6 +330,7 @@ function install_phpmyadmin {
         echo "Include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf
     fi
     service apache2 restart
+    /etc/init.d/mysql start
 }
 
 function create_hubzilla_db {
@@ -455,11 +459,6 @@ function configure_cron_selfhost {
     fi
 }
 
-function install_git {
-    print_info "installing git..."
-    nocheck_install "git"
-}
-
 function install_letsencrypt {
     print_info "installing let's encrypt ..."
     # check if user gave domain
@@ -511,6 +510,8 @@ END
     then
         die "Failed to load $url_http"
     fi
+    # accept terms of service of letsencrypt
+    ./dehydrated --register --accept-terms
     # run script dehydrated
     # 
     ./dehydrated --cron --config $le_dir/config.sh
@@ -564,17 +565,13 @@ function check_https {
 }
 
 function install_hubzilla {
-    print_info "installing hubzilla..."
-    # rm -R /var/www/html/ # for "stand alone" usage
-    cd /var/www/
-    # git clone https://github.com/redmatrix/hubzilla html # for "stand alone" usage
-    cd html/
-    git clone https://github.com/redmatrix/hubzilla-addons addon
+    print_info "installing hubzilla addons..."
+    cd /var/www/html/
+    util/add_addon_repo https://github.com/redmatrix/hubzilla-addons.git hzaddons
     mkdir -p "store/[data]/smarty3"
     chmod -R 777 store
     touch .htconfig.php
     chmod ou+w .htconfig.php
-    install_hubzilla_plugins
     cd /var/www/
     chown -R www-data:www-data html
 	chown root:www-data /var/www/html/
@@ -589,73 +586,6 @@ function install_hubzilla {
     print_info "installed hubzilla"
 }
 
-function install_hubzilla_plugins {
-    print_info "installing hubzilla plugins..."
-    cd /var/www/html
-    plugin_install=.homeinstall/plugin_install.txt
-    theme_install=.homeinstall/theme_install.txt
-    # overwrite script to update the plugin and themes
-    rm -f $plugins_update
-    echo "cd /var/www/html" >> $plugins_update
-    ###################
-    # write plugin file
-    if [ ! -f "$plugin_install" ]
-    then
-        echo "# To install a plugin" >> $plugin_install
-        echo "# 1. add the plugin in a new line and run" >> $plugin_install
-        echo "# 2. run" >> $plugin_install
-        echo "#   cd /var/www/html/.homeinstall" >> $plugin_install
-        echo "#   ./hubzilla-setup.sh" >> $plugin_install
-        echo "https://gitlab.com/zot/ownmapp.git ownMapp" >> $plugin_install
-        echo "https://gitlab.com/zot/hubzilla-chess.git chess" >> $plugin_install
-    fi
-    # install plugins
-    while read -r line; do
-        [[ "$line" =~ ^#.*$ ]] && continue
-        p_url=$(echo $line | awk -F' ' '{print $1}')
-        p_name=$(echo $line | awk -F' ' '{print $2}')
-        # basic check of format
-	    if [ ${#p_url} -ge 1 ] && [ ${#p_name} -ge 1 ]
-	    then
-            # install addon
-            util/add_addon_repo $line
-            util/update_addon_repo $p_name # not sure if this line is neccessary
-            echo "util/update_addon_repo $p_name" >> $plugins_update
-        else
-            print_info "skipping installation of a plugin from file $plugin_install - something wrong with format in line: $line"
-	    fi
-    done < "$plugin_install"
-    ###################
-    # write theme file
-    if [ ! -f "$theme_install" ]
-    then
-        echo "# To install a theme" >> $theme_install
-        echo "# 1. add the theme in a new line and run" >> $theme_install
-        echo "# 2. run" >> $theme_install
-        echo "#   cd /var/www/html/.homeinstall" >> $theme_install
-        echo "#   ./hubzilla-setup.sh" >> $theme_install
-        echo "https://github.com/DeadSuperHero/hubzilla-themes.git DeadSuperHeroThemes" >> $theme_install
-
-    fi
-    # install plugins
-    while read -r line; do
-        [[ "$line" =~ ^#.*$ ]] && continue
-        p_url=$(echo $line | awk -F' ' '{print $1}')
-        p_name=$(echo $line | awk -F' ' '{print $2}')
-        # basic check of format
-	    if [ ${#p_url} -ge 1 ] && [ ${#p_name} -ge 1 ]
-	    then
-            # install addon
-            util/add_theme_repo $line
-            util/update_theme_repo $p_name # not sure if this line is neccessary
-            echo "util/update_theme_repo $p_name" >> $plugins_update
-        else
-            print_info "skipping installation of a theme from file $theme_install - something wrong with format in line: $line"
-	    fi
-    done < "$theme_install"
-    print_info "installed hubzilla plugins and themes"
-}
-
 function rewrite_to_https {
     print_info "configuring apache to redirect http to httpS ..."
     htaccessfile=/var/www/html/.htaccess
@@ -675,25 +605,19 @@ function rewrite_to_https {
 function install_rsnapshot {
     print_info "installing rsnapshot..."
     nocheck_install "rsnapshot"
-	# internal disk
-    cp -f /etc/rsnapshot.conf $snapshotconfig   
-    sed -i "/hourly/s/retain/#retain/" $snapshotconfig 
-    sed -i "/monthly/s/#retain/retain/" $snapshotconfig 
+    # internal disk
+    cp -f /etc/rsnapshot.conf $snapshotconfig
     sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig
     sed -i "s/^backup/#backup/" $snapshotconfig
-    if [ -z "`grep 'letsencrypt' $snapshotconfig`" ]
-    then
-		echo "backup	/var/lib/mysql/	localhost/" >> $snapshotconfig
-		echo "backup	/var/www/html/	localhost/" >> $snapshotconfig
-		echo "backup	/var/www/letsencrypt/	localhost/" >> $snapshotconfig
-    fi
+	echo "backup	/var/lib/mysql/	localhost/" >> $snapshotconfig
+	echo "backup	/var/www/html/	localhost/" >> $snapshotconfig
+	echo "backup	/var/www/letsencrypt/	localhost/" >> $snapshotconfig
 	# external disk
-	if [ -n "$backup_device_name" ] && [ -n "$backup_device_pass" ]
+	if [ -n "$backup_device_name" ]
 	then
 		cp -f /etc/rsnapshot.conf $snapshotconfig_external_device   
 		sed -i "s#snapshot_root.*#snapshot_root	$backup_mount_point#" $snapshotconfig_external_device
-		sed -i "/hourly/s/retain/#retain/" $snapshotconfig_external_device 
-		sed -i "/monthly/s/#retain/retain/" $snapshotconfig_external_device 
+		sed -i "/alpha/s/6/30/" $snapshotconfig_external_device 
 		sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig_external_device
 		sed -i "s/^backup/#backup/" $snapshotconfig_external_device
 		if [ -z "`grep 'letsencrypt' $snapshotconfig_external_device`" ]
@@ -767,9 +691,7 @@ echo "        if mount $backup_device_name $backup_mount_point" >> /var/www/$hub
 echo "        then" >> /var/www/$hubzilladaily
 echo "            device_mounted=1" >> /var/www/$hubzilladaily
 echo "            echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$hubzilladaily
-echo "			rsnapshot -c $snapshotconfig_external_device daily" >> /var/www/$hubzilladaily
-echo "			rsnapshot -c $snapshotconfig_external_device weekly" >> /var/www/$hubzilladaily
-echo "			rsnapshot -c $snapshotconfig_external_device monthly" >> /var/www/$hubzilladaily
+echo "			rsnapshot -c $snapshotconfig_external_device alpha" >> /var/www/$hubzilladaily
 echo "			echo \"\$(date) - disk sizes...\"" >> /var/www/$hubzilladaily
 echo "			df -h" >> /var/www/$hubzilladaily
 echo "			echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
@@ -788,28 +710,22 @@ echo "    fi" >> /var/www/$hubzilladaily
 echo "fi" >> /var/www/$hubzilladaily
 echo "if [ \$device_mounted == 0 ]" >> /var/www/$hubzilladaily
 echo "then" >> /var/www/$hubzilladaily
-echo "    echo \"device could not be mounted $backup_device_name. Using internal disk for backup...\"" >> /var/www/$hubzilladaily
-echo "	rsnapshot -c $snapshotconfig daily" >> /var/www/$hubzilladaily
-echo "	rsnapshot -c $snapshotconfig weekly" >> /var/www/$hubzilladaily
-echo "	rsnapshot -c $snapshotconfig monthly" >> /var/www/$hubzilladaily
+echo "    echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$hubzilladaily
 echo "fi" >> /var/www/$hubzilladaily
 echo "#" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
-echo "du -h /var/cache/rsnapshot/ | grep mysql/hubzilla" >> /var/www/$hubzilladaily
+echo "du -h /var/lib/mysql/ | grep mysql/hubzilla" >> /var/www/$hubzilladaily
 echo "#" >> /var/www/$hubzilladaily
 echo "# update" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - updating dehydrated...\"" >> /var/www/$hubzilladaily
 echo "git -C /var/www/letsencrypt/ pull" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - updating hubhilla core...\"" >> /var/www/$hubzilladaily
-echo "git -C /var/www/html/ pull" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating hubhilla addons...\"" >> /var/www/$hubzilladaily
-echo "git -C /var/www/html/addon/ pull" >> /var/www/$hubzilladaily
-echo "bash /var/www/html/$plugins_update" >> /var/www/$hubzilladaily
+echo "(cd /var/www/html/ ; util/udall)" >> /var/www/$hubzilladaily
 echo "chown -R www-data:www-data /var/www/html/ # make all accessable for the webserver" >> /var/www/$hubzilladaily
 echo "chown root:www-data /var/www/html/.htaccess" >> /var/www/$hubzilladaily
 echo "chmod 0644 /var/www/html/.htaccess # www-data can read but not write it" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - updating linux...\"" >> /var/www/$hubzilladaily
-echo "apt-get -q -y update && apt-get -q -y dist-upgrade # update linux and upgrade" >> /var/www/$hubzilladaily
+echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - Backup hubzilla and update linux finished. Rebooting...\"" >> /var/www/$hubzilladaily
 echo "#" >> /var/www/$hubzilladaily
 echo "reboot" >> /var/www/$hubzilladaily
@@ -894,7 +810,6 @@ install_run_selfhost
 ping_domain
 configure_cron_freedns
 configure_cron_selfhost
-install_git
 install_letsencrypt
 configure_apache_for_https
 check_https

.travis.yml

@@ -39,6 +39,7 @@ addons:
 php:
   - '7.0'
   - '7.1'
+  - '7.2'
   # HHVM does not fulfil PHPUnit platform requirements as being compatible with PHP7 yet
   #- 'hhvm'
 
@@ -69,7 +70,7 @@ matrix:
         mariadb: '10.1'
     # PHP7.1, PostgreSQL 9.6
     - php: '7.1'
-      env: DB=pgsql POSTGRESQL_VERSION=9.6
+      env: DB=pgsql POSTGRESQL_VERSION=9.6 PHPUNITFILE=phpunit-pgsql.xml
       # Use newer postgres than 9.2 default
       addons:
         postgresql: '9.6'
@@ -125,15 +126,19 @@ before_script:
   - if [[ "$DB" == "pgsql" ]]; then ./tests/travis/prepare_pgsql.sh; fi
 
 # omitting "script:" will default to phpunit
-script: ./vendor/bin/phpunit $PHPUCOV -c tests/phpunit-$DB.xml
+script:
+  - ./vendor/bin/phpunit $PHPUCOV -c tests/$PHPUNITFILE
 
 after_success:
-  # Generate API documentation and deploy it to gh-pages
+  - cat tests/results/testdox.txt
+  # Generate API documentation and prepare for deployment
   - ./tests/travis/gen_apidocs.sh
-#after_failure:
+after_failure:
+  - cat tests/results/testdox.txt
 
 # Deploying release and API documentation to GitHub
-#before_deploy:
+before_deploy:
+  - if [[ "$CODECOV" == "1" ]]; then zip -9 -r -q tests/hubzilla-testresults.zip tests/results; fi
 deploy:
   - provider: pages
     skip_cleanup: true
@@ -152,6 +157,15 @@ deploy:
       repo: redmatrix/hubzilla
       tags: true
       condition: '(-n "$GH_TOKEN") && ("$TRAVIS_JOB_NUMBER" == "${TRAVIS_BUILD_NUMBER}.1")'
+  # add code coverage and test results to release
+  - provider: releases
+    skip_cleanup: true
+    api_key: $GH_TOKEN
+    file: 'tests/hubzilla-testresults.zip'
+    on:
+      repo: redmatrix/hubzilla
+      tags: true
+      condition: '(-n "$GH_TOKEN") && ("$CODECOV" == "1")'
 #after_deploy:
 
 #after_script:

CHANGELOG

@@ -1,3 +1,299 @@
+Hubzilla 3.0 (2018-01-09)
+	- Updated homeinstall script
+	- Sort cloud directory by 1. is_dir and 2. name
+	- Document that imagick calls/execs ffmpeg for mp4 video thumbnails
+	- Use pipe_stream() instead of file_{get, put}_contents() in attach_store()
+	- Make homeinstall script ready for Debian 9
+	- Add url and headings to bbco_autocomplete()
+	- Remove additional linebreaks after headings
+	- html2bbcode: use headings bbcode for headings
+	- Don't zidify all permalinks, only zot permalinks
+	- Make remote homelink link to the home host and not to the home channel
+	- Auto promote beginner (techlevel 0) accounts to level 1 after they show signs of active participation.
+	- Go back to including the photo thumbnail data in the export file.
+	- Improvements to file import/export
+	- Default value for xlink_rating_text
+	- Implement IMoveTarget and recursive file/directory move/rename - github issue #680
+	- Synchronise an attach_move operation to clones
+	- Provide a themed page with an error notification on errors instead of an obtuse XML error structure in mod cloud
+	- Disallow backslashes in wiki and wiki-page names
+	- We only require one update module. The rest are superfluous.
+	- Render installable elements as buttons instead of links
+	- Implement chunked uploads for photos page
+	- Remove warning for large files on cloud upload
+	- Add a filter for notification to show new posts only
+	- Implement chunked uploads for cloud
+	- Use httpsig auth for getfile
+	- Load the profile images in the custom acl selector only if we actually need them
+	- Rework liveUpdate() and notificationsUpdate() (aka ping) to first do the liveUpdate and when this is done only do the ping once.
+	- Don't include invisible "update activities" in category widget
+	- Default profile assign
+	- Provide system config option for minimum registration age.
+	- Remove deprecated $a argument from advanced_profile()
+	- Change to bbcode calling parameters
+	- Extra checking of server headers in upload functions
+	- Provide a handler for chunked uploads in mod file_upload
+	- Optional divider between item header and body
+	- Allow toggle to SMBC scaling mode.
+	- Add thumbnail hook
+	- Implement SVG thumbnails and expose security setting
+	- Implement video thumbnail generator
+	- Implement pdf thumbnails
+	- Implement thumbnail generator for epubs
+	- Make browser history buttons work with ajax calls in mod display and hq
+	- Implement tile view for mod cloud (read only)
+	- Add mp3 audio thumbnail generator
+	- Set display_path for photo_upload from the DAV File interface
+	- Provide a generalised interface for thumbnail generators to support various content types
+	- Add ID3Parser library.
+	- Text thumbnails in cloud tile mode
+	- Revisit media breakpoints - do not switch to mobile view to early.
+	- Add French to help pages language dropdown selector
+	- Inroduce the HQ module - an alternative landing page for hubzilla
+	- Strip author name from notify messages in notifications - github issue #911
+	- Remove column item.diaspora_meta
+	- Provide ability to pin apps to navbar from mod apps
+	- Add private forums to forum widget
+	- Move notifications style to widgets.css
+	- Sort out a few more large image upload issues
+	- Move notifications full-screen handling to notifications widget
+	- Move mailhost settings from plugin to core
+	- Sort combined private mail conversations by latest updated conversation instead of created parent
+	- Filter atokens on acl search
+	- Allow a site to block (public) the directory separately from other resources.
+	- Improve removed_channel final cleanup - github issue #386
+	- Cleanup of upload_to_comments(
+	- Dedicate the first click to slideup the cover again but make sure the nav buttons remain functional
+	- Set os_syspath in DAV file put operation so that photos will scale correctly.
+	- Unit tests for Zotlabs\Access classes
+	- Bring back tabindex to submit comments
+	- attach.php minor cleanup and doc
+	- Allow cloud filenames to include ampersands without messing up auth tokens (zid, owt, and zat, and the constant placeholder 'f=')
+	- Provide short localised summary for likes that will end up in displayed notifications
+	- Improving Doxygen documentation.
+	- Update item_normal() to not include ACTIVITY_OBJ_FILE obj_type
+	- Sort out issues with pubstream item interactions
+	- Don't perform zot_refresh on dead sites unless $force is set
+	- Do not send message_list responses to dead sites (this delivery method bypassed the notifier)
+	- Support for netselect query
+	- Add another delivery control parameter (queue threshold)
+	- Add some documentation about shareable widgets
+	- Allow plugin class widgets
+	- Some more work on unit tests
+	- Encrypt the owa token
+	- Bring back the markdown post feature
+	- We call Theme:url() statically, make it also static.
+	- Table structure for pseudo or proxy channels (pchan)
+
+	Bugfixes
+	- Fix sync non-default profile photo changes to clones - github issue #113
+	- Fix prev/next buttons on connedit can show deleted connections - github issue #673
+	- Fix affinity widget settings
+	- Fix dupe bug in content hooks - github issue #943
+	- Fix directory keywords returned from dir_tagadelic() in standalone mode
+	- Fix argument warning when arguments are correct in util/dcp
+	- Fix issue with long filenames in mod cloud
+	- Fix misc. issues with new 'insert photo from photo album' github issue #475
+	- Fix regression in channel sources delivery
+	- Fix loading of theme-specific widgets
+	- Fix unable to add wiki pages with spaces
+	- Fix mod display and others that require a non-zero profile_uid for updates
+	- Fix various PHP 7.2 issues
+	- Fix typo in HTTPSig
+	- Fix pagetitle lost importing a pdl element from conversation
+	- Fix js warning - getelementbyid (id doesn't exist)
+	- Fix some pubstream on/off weirdness
+	- Fix default addressbook has no name - github issue #921
+	- Fix double html ids in caldav widget if more than one sharee
+	- Fix regression in cdav calendar widget
+	- Fix sync packet not generated when deleting a file using the web browser interface
+	- Fix album cover thumb generator
+	- Fix like-button for images - github issue #826
+	- Fix typo - github issue #910
+	- Fix issue with group_rmv()
+	- Fix php warnings on photo delete
+	- Fix some conflicts between private tags and forum tags
+	- Fix some schema issues
+	- Fix wiki pages not updating after creating new page
+	- Fix a PHP warning in Permissions::FilledPerms()
+	- Fix unicode characters in urls tripping up url regexes - github issue #901
+	- Fix second half of github issue #893
+	- Fix common connections on suggestion page showing wildly different results than remote profile, and is consistently off by one
+	- Fix cloud redirects with owt tokens
+	- Fix issues with diaspora xchans
+	- Fix memory overflow trying to delete a connection with a very high noise to signal ratio
+	- Fix sql error in page module
+	- Fix unstar
+
+	Plugins/Addon
+	Diaspora: fix 'view full size' photo link - core github issue #947
+	Diaspora: implement recent changes in diaspora account_migration spec
+	GNU-Social: fix uploading a photo to a post results in double post - github issue 75
+	GNU-Social: fix gnusoc plugin not respecting delayed delivery - github issue 74
+	Pubcrawl: fix PHP warning
+	Diaspora: remove garbage from magic envelope
+	Diaspora: fix permalinks for zot reshares
+	New addon: hzfiles - sync files across hubzilla servers
+	Fix various PHP 7.2 issues
+	Remove Firefox social plugin - it was deprecated and removed in firefox version 57
+	Diaspora: unset id and parent for local comments
+	Pubsubhubbub: set interactive flag to avoid delivery killing if block_public is enabled
+	Mailhost addon moved to core
+	Remove js_upload addon
+
+
+Hubzilla 2.8.1 (2017-11-11)
+	- Rename channel app events to calendar and add nav_set_selected() to /cal
+	- Load notifications links to /display via ajax if we are already in /display
+	- Add location info to the navbar for remote visitors
+	- Bring back tabindex to submit comments
+	- Add spanish translations for context help
+	- Added mode to portfolio widget
+
+	Bugfixes
+	- Fix os_syspath in DAV file put operation so that photos will scale correctly
+	- Fix unicode characters in urls tripping up url regexes - github issue #901
+	- Fix wiki pages not updating after creating new page
+	- Fix notifications covered by cover photo on medium size screens - github issue #906
+	- Fix unable to change permissions on wiki with space in name
+	- Fix only show nav app link if we have a selected app
+	- Fix unable to mark all messages read
+	- Fix imagedata not set correctly if large photo and imagick is not installed
+	- Fix issues with diaspora xchans
+	- Fix profile photo issue triggered by a previous bug
+
+	Plugins/Addon
+	N-S-F-W: improve the undocumented n-s-f-w author::word feature
+	Diaspora: update the import_diaspora tool for the version 2.0 account export files
+	Diaspora: fix comments are partly containing "diaspora_handle" instead of "author" - github issue #69
+	Pubcrawl: provide feature setting for downgrade_media option
+	Pubcrawl: fix issue where replies to replies did not find its parent
+	Diaspora: fix friendica likes on comments
+	Diaspora: fix private mail
+	Diaspora: fix third party deletes/retractions not propagating
+	Diaspora: likes not working - github issue #895 in core
+	Diaspora: fix comments from unknown persons not accepted if allow public comments is enabled - github issue #68
+	XMPP: fix php warning
+
+Hubzilla 2.8 (2017-10-25)
+	- Redirect to be moderated items to /moderate
+	- Update notifications if notifications area remains open
+	- Create an actual logout module instead of relying on internal variables
+	- Add local_channel as a comanche condition variable
+	- Implement possibility to pin app-tray apps in the navbar via app category navbar_default
+	- Introduce custom navbars
+	- Re-implement single delivery
+	- Pdledit usability improvements
+	- Implement next generation notifications in right aside
+	- Implement single post view for /pubstream
+	- Make anonymous comments work in mod display
+	- Introduce notifications for unseen public stream posts (off by default)
+	- Preperatory work on Zot VI
+	- Add app for site admin
+	- Introduce experimental alternate channel_menu navigation (off by default)
+	- Introduce notifications for shared files
+	- Bring back notifications for account approvals
+	- Urlencode hashes from mod_acl
+	- Don't use chanlink_url() for feed mentions
+	- Design common friends widget to fit better in the app and move it to left aside
+	- Allow navbar to be used when cover photo is displayed in mod channel
+	- Implement admin setting to use imagick converter for large photos
+	- Process activity deletes from OStatus which for whatever reason do not use the industry standard tombstone mechanism
+	- Implement new css based spinner
+	- Move the link header initialisation from Router to Webserver
+	⁻ Extend activity_match() to work with arrays
+	- Updated the trusted CA cert database
+	- Ostatus - support likes of comments
+	- Provide ability to mention a forum by using !forumname as well as the traditional red style (@forumname+)
+	- Encrypt delivery reports (not backward compatible)
+	- Provide a space between link header params (draft-cavage-http-signatures-08)
+	- Turn common_friends into a widget
+	- Update to jquery-3.2.1
+	- Wiki pages sorted by name
+	- Create new hooks for permissions_accept and permissions_reject
+	- Provide rel=alternate link if no reshare content in post
+	- Add remote login button to login page
+	- DB update to add index to item.resource_id
+	- Implement wiki editing (name and acl)
+	- Provide a hook for importing a channel photo at channel creation time
+	- Implement wiki mimetype lock
+	- Bring back wiki downloads
+	- Add text/plain mimetype to wiki
+	- Implement per page mimetype selection for wikis
+	- Added english context help for apps and appman
+	- Implement owa (open web auth)
+	- Ignore diaspora_meta column on item import
+	- Check code permissions on cloud files
+	- Remove period from characters allowed in username
+	- Make comment highlighting more reliable
+	- Sign zot-info packets with httpsignatures
+	- Implement server to server magic auth
+	- Provide support for json-ld signatures
+	- Rewrite comment form open/close handling to be more reliable
+	- Radically reduce code duplication in updateConvItems()
+	- Remove discover tab in favour of the public stream app
+	- Apply autotime to all autotime classed elements when static loading a page
+	- Implement cards feature
+	- Extended support for help page translations including table of contents files at the top level
+	- Introduce util/dmkdir - a mkdir tool for DAV
+	- Various doco improvements
+	- Introduce util/dcp (DAV-copy) - copy file or directory from local system to Hubzilla
+	- Provide support for HTTPsig
+	- Implement mechanism for selective network following in protocol connectors (diaspora, ostatus, activitypub, zot, rss)
+
+	Bugfixes
+	- Fix w2w posts not removed in contact_remove() - github issue #837
+	- Fix guests not having a unique (non-existent) url
+	- Fix mod register re-using the password
+	- Fix write_storage permission not checked in /display
+	- Fix discovery of moderated items in enotify
+	- Fix profile thing image not deleted when thing deleted - github issue #868
+	- Fix deletions to comments not synced on wall posts
+	- Fix community tags not preserved on post edit - github issue #865
+	- Fix profile photo propagation issue if the local xchan_photo_[l|m|s] fields were changed from the /photo/profile/l/n form to photo/[hash] form by a clone operation
+	- Fix lockstate and current permissions not handed over to editor in mod card_edit
+	- Fix profile edit dropdown for multiple profiles
+	- Fix affinity slider spinner
+	- Fix mod pubsites broken
+	- Fix directory server admin selection includes known dead sites
+	- Fix sticky-kit issue where the bottom of left aside was not visible when section content was short
+	- Fix possibility to set bogus my_address
+	- Fix deleting of wiki pages
+	- Fix selected theme not appearing selected after change - github issue #855
+	- Fix an issue where some encoded mids were not found in /display
+	- Fix issue with mentions and xchans with @ or /
+	- Fix webfinger returns invalid XML - github issue #851
+	- Fix last remaining task in tasklist was not removed from view when completed
+
+	Plugins/Addon
+	Hubwall: Remove errant $1 string in sender name
+	Map federation protocols for zotinfo
+	Gnusoc: force ostatus profile photos to get refreshed monthly
+	Gnusoc: fix ostatus mention notifications
+	Gnusoc: unsubscribe to gnusoc feeds if connector is disabled
+	Phpmailer: not using load/unload
+	Gnusoc: don't provide some information if gnusoc is disabled by the channel
+	Diaspora: add a predelivery interval
+	Diaspora: support for likes on comments
+	Introduce the pubcrawl plugin - an unapologetically non-compliant ActivityPub Protocol implemention
+	Introduce gravatar plugin
+	Pubsubhubbub: produce much more compact PuSH feeds
+	Diaspora: support text comments on reshare posts
+	Diaspora: changes to delivery scenarios for the special handling of profile messages
+	Diaspora: put diaspora seed_location in json webfinger
+	Gnusoc: fix mis-attributed comments from mastodon
+	Gnusoc: allow discovery by url (not just reddress) and permit upgrade from 'unknown' network to gnusoc
+	Implement mechanism for selective network following in protocol connectors
+
+
+Hubzilla 2.6.3 (2017-09-18)
+	- Fix anonymous comments/likes on photos - this is not yet implemented
+	- Fix favicon not displayed on certain pages
+	- Fix hubzilla logo icon for favicon and email notifications
+	- Fix an issue with displaying selected theme in settings/display
+	- [SECURITY] Restrict the input characters we accept in token verification strings to hex digits
+	- Remove hubzilla.nl from fallback directory servers
+
 Hubzilla 2.6.2 (2017-08-31)
 	- Fix webfinger returns invalid XML (github issue #851)
 

DEVELOPERS

@@ -0,0 +1,37 @@
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+1 Letterman Drive
+Suite D4700
+San Francisco, CA, 94129
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.

Zotlabs/Access/PermissionRoles.php

@@ -1,12 +1,21 @@
 <?php
 
-
 namespace Zotlabs\Access;
 
-use Zotlabs\Lib as Zlib;
-
+/**
+ * @brief PermissionRoles class.
+ *
+ * @see Permissions
+ */
 class PermissionRoles {
 
+	/**
+	 * @brief PermissionRoles version.
+	 *
+	 * This must match the version in Permissions.php before permission updates can run.
+	 *
+	 * @return number
+	 */
 	static public function version() {
 		return 2;
 	}
@@ -23,12 +32,13 @@ class PermissionRoles {
 				$ret['default_collection'] = false;
 				$ret['directory_publish'] = true;
 				$ret['online'] = true;
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
-					'post_mail', 'chat', 'post_like', 'republish' ];
-
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
+					'post_mail', 'chat', 'post_like', 'republish'
+				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
+
 				break;
 
 			case 'social_restricted':
@@ -36,11 +46,11 @@ class PermissionRoles {
 				$ret['default_collection'] = true;
 				$ret['directory_publish'] = true;
 				$ret['online'] = true;
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
-					'post_mail', 'chat', 'post_like' ];
-
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
+					'post_mail', 'chat', 'post_like'
+				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 
 				break;
@@ -50,10 +60,11 @@ class PermissionRoles {
 				$ret['default_collection'] = true;
 				$ret['directory_publish'] = false;
 				$ret['online'] = false;
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
-					'post_mail', 'post_like' ];
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
+					'post_mail', 'post_like'
+				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 				$ret['limits']['view_contacts'] = PERMS_SPECIFIC;
 				$ret['limits']['view_storage'] = PERMS_SPECIFIC;
@@ -65,12 +76,13 @@ class PermissionRoles {
 				$ret['default_collection'] = false;
 				$ret['directory_publish'] = true;
 				$ret['online'] = false;
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
 					'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver',
-					'post_mail', 'post_like' , 'republish', 'chat' ];
-
+					'post_mail', 'post_like' , 'republish', 'chat'
+				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
+
 				break;
 
 			case 'forum_restricted':
@@ -78,11 +90,10 @@ class PermissionRoles {
 				$ret['default_collection'] = true;
 				$ret['directory_publish'] = true;
 				$ret['online'] = false;
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
 					'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver',
 					'post_mail', 'post_like' , 'chat' ];
-
 				$ret['limits'] = PermissionLimits::Std_Limits();
 
 				break;
@@ -92,12 +103,11 @@ class PermissionRoles {
 				$ret['default_collection'] = true;
 				$ret['directory_publish'] = false;
 				$ret['online'] = false;
-
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
 					'view_pages', 'view_wiki', 'post_wall', 'post_comments',
-					'post_mail', 'post_like' , 'chat' ];
-
+					'post_mail', 'post_like' , 'chat'
+				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 				$ret['limits']['view_profile']  = PERMS_SPECIFIC;
 				$ret['limits']['view_contacts'] = PERMS_SPECIFIC;
@@ -112,12 +122,11 @@ class PermissionRoles {
 				$ret['default_collection'] = false;
 				$ret['directory_publish'] = true;
 				$ret['online'] = false;
-
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
-					'post_mail', 'post_like' , 'republish' ];
-	
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
+					'post_mail', 'post_like' , 'republish'
+				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 
 				break;
@@ -127,11 +136,11 @@ class PermissionRoles {
 				$ret['default_collection'] = true;
 				$ret['directory_publish'] = false;
 				$ret['online'] = false;
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
-					'post_mail', 'post_like' , 'republish' ];
-
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
+					'post_mail', 'post_like' , 'republish'
+				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 
 				break;
@@ -141,11 +150,10 @@ class PermissionRoles {
 				$ret['default_collection'] = false;
 				$ret['directory_publish'] = true;
 				$ret['online'] = false;
-
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'view_wiki', 'post_like' , 'republish' ];
-
+					'view_pages', 'view_wiki', 'post_like' , 'republish'
+				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 
 				break;
@@ -155,13 +163,13 @@ class PermissionRoles {
 				$ret['default_collection'] = false;
 				$ret['directory_publish'] = true;
 				$ret['online'] = false;
-
-				$ret['perms_connect'] = [ 
+				$ret['perms_connect'] = [
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
 					'view_pages', 'view_wiki', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
-					'post_mail', 'post_like' , 'republish', 'chat', 'write_wiki' ];
-
+					'post_mail', 'post_like' , 'republish', 'chat', 'write_wiki'
+				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
+
 				break;
 
 			case 'custom':
@@ -170,11 +178,15 @@ class PermissionRoles {
 		}
 
 		$x = get_config('system','role_perms');
-		// let system settings over-ride any or all 
+		// let system settings over-ride any or all
 		if($x && is_array($x) && array_key_exists($role,$x))
 			$ret = array_merge($ret,$x[$role]);
 
-		call_hooks('get_role_perms',$ret);
+		/**
+		 * @hooks get_role_perms
+		 *   * \e array
+		 */
+		call_hooks('get_role_perms', $ret);
 
 		return $ret;
 	}
@@ -187,10 +199,10 @@ class PermissionRoles {
 		//     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,1);
 
 		if($perm === 'view_wiki')
-		     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_PUBLIC);
+			\Zotlabs\Access\PermissionLimits::Set($uid, $perm, PERMS_PUBLIC);
 
 		if($perm === 'write_wiki')
-		     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_SPECIFIC);
+			\Zotlabs\Access\PermissionLimits::Set($uid, $perm, PERMS_SPECIFIC);
 
 
 		// set autoperms here if applicable
@@ -213,8 +225,6 @@ class PermissionRoles {
 			if($c) {
 				set_abconfig($uid,$c['channel_hash'],'autoperms',$perm,$value);
 			}
-
-
 		}
 
 		// now set something for all existing connections.
@@ -242,38 +252,44 @@ class PermissionRoles {
 		}
 	}
 
-
+	/**
+	 * @brief Array with translated role names and grouping.
+	 *
+	 * Return an associative array with grouped role names that can be used
+	 * to create select groups like in \e field_select_grouped.tpl.
+	 *
+	 * @return array
+	 */
 	static public function roles() {
-	    $roles = [
+		$roles = [
 			t('Social Networking') => [
-				'social' => t('Social - Mostly Public'), 
-				'social_restricted' => t('Social - Restricted'), 
+				'social' => t('Social - Mostly Public'),
+				'social_restricted' => t('Social - Restricted'),
 				'social_private' => t('Social - Private')
 			],
 
 			t('Community Forum') => [
-				'forum' => t('Forum - Mostly Public'), 
-				'forum_restricted' => t('Forum - Restricted'), 
+				'forum' => t('Forum - Mostly Public'),
+				'forum_restricted' => t('Forum - Restricted'),
 				'forum_private' => t('Forum - Private')
 			],
 
 			t('Feed Republish') => [
-				'feed' => t('Feed - Mostly Public'), 
+				'feed' => t('Feed - Mostly Public'),
 				'feed_restricted' => t('Feed - Restricted')
 			],
 
 			t('Special Purpose') => [
-				'soapbox' => t('Special - Celebrity/Soapbox'), 
+				'soapbox' => t('Special - Celebrity/Soapbox'),
 				'repository' => t('Special - Group Repository')
 			],
 
 			t('Other') => [
 				'custom' => t('Custom/Expert Mode')
 			]
-    
 		];
 
-    	return $roles;
+		return $roles;
 	}
 
 }

Zotlabs/Access/Permissions.php

@@ -33,19 +33,22 @@ use Zotlabs\Lib as Zlib;
  */
 class Permissions {
 
+	/**
+	 * @brief Permissions version.
+	 *
+	 * This must match the version in PermissionRoles.php before permission updates can run.
+	 *
+	 * @return number
+	 */
 	static public function version() {
-		// This must match the version in PermissionRoles.php before permission updates can run.
 		return 2;
 	}
 
 	/**
 	 * @brief Return an array with Permissions.
 	 *
-	 * @hooks permissions_list
-	 *   * \e array \b permissions
-	 *   * \e string \b filter
-	 * @param string $filter (optional) only passed to hook permission_list
-	 * @return Associative array with permissions and short description.
+	 * @param string $filter (optional) only passed to hook permissions_list
+	 * @return array Associative array with permissions and short description.
 	 */
 	static public function Perms($filter = '') {
 
@@ -74,6 +77,11 @@ class Permissions {
 			'permissions' => $perms,
 			'filter' => $filter
 		];
+		/**
+		 * @hooks permissions_list
+		 *   * \e array \b permissions
+		 *   * \e string \b filter
+		 */
 		call_hooks('permissions_list', $x);
 
 		return($x['permissions']);
@@ -84,9 +92,7 @@ class Permissions {
 	 *
 	 * e.g. you must be authenticated.
 	 *
-	 * @hooks write_perms
-	 *   * \e array \b permissions
-	 * @return Associative array with permissions and short description.
+	 * @return array Associative array with permissions and short description.
 	 */
 	static public function BlockedAnonPerms() {
 
@@ -99,6 +105,10 @@ class Permissions {
 		}
 
 		$x = ['permissions' => $res];
+		/**
+		 * @hooks write_perms
+		 *   * \e array \b permissions
+		 */
 		call_hooks('write_perms', $x);
 
 		return($x['permissions']);
@@ -117,6 +127,7 @@ class Permissions {
 	static public function FilledPerms($arr) {
 		if(is_null($arr)) {
 			btlogger('FilledPerms: null');
+			$arr = [];
 		}
 
 		$everything = self::Perms();
@@ -138,7 +149,7 @@ class Permissions {
 	 * to [ 0 => ['name' => 'view_stream', 'value' => 1], ... ]
 	 *
 	 * @param array $arr associative perms array 'view_stream' => 1
-	 * @return Indexed array with elements that look like
+	 * @return array Indexed array with elements that look like
 	 *   * \e string \b name the perm name (e.g. view_stream)
 	 *   * \e int \b value the value of the perm (e.g. 1)
 	 */
@@ -197,11 +208,10 @@ class Permissions {
 	 * @brief
 	 *
 	 * @param int $channel_id A channel id
-	 * @return associative array
+	 * @return array Associative array with
 	 *   * \e array \b perms Permission array
 	 *   * \e int \b automatic 0 or 1
 	 */
-
 	static public function connect_perms($channel_id) {
 
 		$my_perms = [];

Zotlabs/Daemon/Cron.php

@@ -78,7 +78,7 @@ class Cron {
 		// channels and sites that quietly vanished and prevent the directory from accumulating stale
 		// or dead entries.
 
-		$r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s",
+		$r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s and channel_removed = 0",
 			db_utcnow(), 
 			db_quoteinterval('30 DAY')
 		);

Zotlabs/Daemon/Cron_weekly.php

@@ -21,6 +21,21 @@ class Cron_weekly {
 	
 		mark_orphan_hubsxchans();
 
+		// Find channels that were removed in the last three weeks, but 
+		// haven't been finally cleaned up. These should be older than 10
+		// days to ensure that "purgeall" messages have gone out or bounced 
+		// or timed out. 
+
+		$r = q("select channel_id from channel where channel_removed = 1 and 
+			channel_deleted >  %s - INTERVAL %s and channel_deleted < %s - INTERVAL %s",
+			db_utcnow(), db_quoteinterval('21 DAY'),
+			db_utcnow(), db_quoteinterval('10 DAY')
+		);
+		if($r) {
+			foreach($r as $rv) {
+				channel_remove_final($rv['channel_id']);
+			}
+		}
 
 		// get rid of really old poco records
 

Zotlabs/Daemon/Deliver.php

@@ -53,6 +53,9 @@ class Deliver {
 						remove_queue_item($r[0]['outq_hash']);
 
 						if($dresult && is_array($dresult)) {
+
+							// delivery reports for local deliveries do not require encryption
+
 							foreach($dresult as $xx) {
 								if(is_array($xx) && array_key_exists('message_id',$xx)) {
 									if(delivery_report_is_storable($xx)) {

Zotlabs/Daemon/Gprobe.php

@@ -17,7 +17,7 @@ class Gprobe {
 		if(! strpos($url,'@'))
 			return;
 
-		$r = q("select * from xchan where xchan_addr = '%s' limit 1",
+		$r = q("select * from hubloc where hubloc_addr = '%s' limit 1",
 			dbesc($url)
 		);
 

Zotlabs/Daemon/Importfile.php

@@ -0,0 +1,47 @@
+<?php /** @file */
+
+namespace Zotlabs\Daemon;
+
+class Importfile {
+
+	static public function run($argc,$argv){
+
+		logger('Importfile: ' . print_r($argv,true));
+
+		if($argc < 3)
+			return;
+
+		$channel = channelx_by_n($argv[1]);
+		if(! $channel)
+			return;
+
+		$srcfile = $argv[2];
+		$folder  = (($argc > 3) ? $argv[3] : '');
+		$dstname = (($argc > 4) ? $argv[4] : '');
+
+		$hash = random_string();
+
+		$arr = [
+			'src'               => $srcfile,
+			'filename'          => (($dstname) ? $dstname : basename($srcfile)),
+			'hash'              => $hash,
+			'allow_cid'         => $channel['channel_allow_cid'],
+			'allow_gid'         => $channel['channel_allow_gid'],
+			'deny_cid'          => $channel['channel_deny_cid'],
+			'deny_gid'          => $channel['channel_deny_gid'],
+			'preserve_original' => true,
+			'replace'           => true
+		];
+
+		if($folder)
+			$arr['folder'] = $folder;
+
+		attach_store($channel,$channel['channel_hash'],'import',$arr);
+
+		$sync = attach_export_data($channel,$hash);
+		if($sync)
+			build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+	
+		return;
+	}
+}

Zotlabs/Daemon/Notifier.php

@@ -59,14 +59,19 @@ require_once('include/bbcode.php');
  *
  * ZOT 
  *       permission_create      abook_id
+ *       permission_accept      abook_id
+ *       permission_reject      abook_id
  *       permission_update      abook_id
  *       refresh_all            channel_id
  *       purge_all              channel_id
  *       expire                 channel_id
  *       relay					item_id (item was relayed to owner, we will deliver it as owner)
+ *       single_activity        item_id (deliver to a singleton network from the appropriate clone)
+ *       single_mail            mail_id (deliver to a singleton network from the appropriate clone)
  *       location               channel_id
  *       request                channel_id            xchan_hash             message_id
  *       rating                 xlink_id
+ *       keychange              channel_id
  *
  */
 
@@ -103,7 +108,7 @@ class Notifier {
 		$normal_mode = true;
 		$packet_type = 'undefined';
 
-		if($cmd === 'mail') {
+		if($cmd === 'mail' || $cmd === 'single_mail') {
 			$normal_mode = false;
 			$mail = true;
 			$private = true;
@@ -144,7 +149,21 @@ class Notifier {
 			$packet_type = 'request';
 			$normal_mode = false;
 		}
-		elseif($cmd == 'permission_update' || $cmd == 'permission_create') {
+		elseif($cmd === 'keychange') {
+			$channel = channelx_by_n($item_id);
+			$r = q("select abook_xchan from abook where abook_channel = %d",
+				intval($item_id)
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$recipients[] = $rr['abook_xchan'];
+				}
+			}
+			$private = false;
+			$packet_type = 'keychange';
+			$normal_mode = false;
+		}
+		elseif(in_array($cmd, [ 'permission_update', 'permission_reject', 'permission_accept', 'permission_create' ])) {
 			// Get the (single) recipient	
 			$r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_self = 0",
 				intval($item_id)
@@ -156,8 +175,12 @@ class Notifier {
 				if($channel) {
 					$perm_update = array('sender' => $channel, 'recipient' => $r[0], 'success' => false, 'deliveries' => '');	
 
-					if($cmd == 'permission_create')
+					if($cmd === 'permission_create')
 						call_hooks('permissions_create',$perm_update);
+					elseif($cmd === 'permission_accept')
+						call_hooks('permissions_accept',$perm_update);
+					elseif($cmd === 'permission_reject')
+						call_hooks('permissions_reject',$perm_update);
 					else
 						call_hooks('permissions_update',$perm_update);
 
@@ -261,7 +284,7 @@ class Notifier {
 				$deleted_item = true;
 			}
 
-			if(intval($target_item['item_type']) != ITEM_TYPE_POST) {
+			if(! in_array(intval($target_item['item_type']), [ ITEM_TYPE_POST ] )) {
 				logger('notifier: target item not forwardable: type ' . $target_item['item_type'], LOGGER_DEBUG);
 				return;
 			}
@@ -403,14 +426,16 @@ class Notifier {
 		logger('notifier: encoded item: ' . print_r($x,true), LOGGER_DATA, LOG_DEBUG);
 
 		stringify_array_elms($recipients);
-		if(! $recipients)
+		if(! $recipients) {
+			logger('no recipients');
 			return;
+		}
 
 		//	logger('notifier: recipients: ' . print_r($recipients,true), LOGGER_NORMAL, LOG_DEBUG);
 
 		$env_recips = (($private) ? array() : null);
 
-		$details = q("select xchan_hash, xchan_instance_url, xchan_network, xchan_addr, xchan_guid, xchan_guid_sig from xchan where xchan_hash in (" . implode(',',$recipients) . ")");
+		$details = q("select xchan_hash, xchan_instance_url, xchan_network, xchan_addr, xchan_guid, xchan_guid_sig from xchan where xchan_hash in (" . protect_sprintf(implode(',',$recipients)) . ")");
 
 
 		$recip_list = array();
@@ -445,7 +470,7 @@ class Notifier {
 			'uplink'         => $uplink,
 			'cmd'            => $cmd,
 			'mail'           => $mail,
-			'single'         => false,
+			'single'         => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
 			'location'       => $location,
 			'request'        => $request,
 			'normal_mode'    => $normal_mode,
@@ -477,7 +502,7 @@ class Notifier {
 		// Now we have collected recipients (except for external mentions, FIXME)
 		// Let's reduce this to a set of hubs; checking that the site is not dead.
 
-		$r = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash in (" . implode(',',$recipients) . ") 
+		$r = q("select hubloc.*, site.site_crypto, site.site_flags from hubloc left join site on site_url = hubloc_url where hubloc_hash in (" . protect_sprintf(implode(',',$recipients)) . ") 
 			and hubloc_error = 0 and hubloc_deleted = 0 and ( site_dead = 0 OR site_dead is null ) "
 		);		
  
@@ -518,14 +543,14 @@ class Notifier {
 
 			if($hub['hubloc_network'] == 'zot') {
 				if(! in_array($hub['hubloc_sitekey'],$keys)) {
-					$hublist[] = $hub['hubloc_host'];
+					$hublist[] = $hub['hubloc_host'] . ' ' . $hub['hubloc_network'];
 					$dhubs[]   = $hub;
 					$keys[]    = $hub['hubloc_sitekey'];
 				}
 			}
 			else {
 				if(! in_array($hub['hubloc_url'],$urls)) {
-					$hublist[] = $hub['hubloc_host'];
+					$hublist[] = $hub['hubloc_host'] . ' ' . $hub['hubloc_network'];
 					$dhubs[]   = $hub;
 					$urls[]    = $hub['hubloc_url'];
 				}
@@ -553,7 +578,7 @@ class Notifier {
 					'uplink'         => $uplink,
 					'cmd'            => $cmd,
 					'mail'           => $mail,
-					'single'         => false,
+					'single'         => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
 					'location'       => $location,
 					'request'        => $request,
 					'normal_mode'    => $normal_mode,
@@ -572,12 +597,32 @@ class Notifier {
 
 			}
 
-			$hash = random_string();
+			// singleton deliveries by definition 'not got zot'.
+            // Single deliveries are other federated networks (plugins) and we're essentially
+			// delivering only to those that have this site url in their abook_instance
+			// and only from within a sync operation. This means if you post from a clone,
+			// and a connection is connected to one of your other clones; assuming that hub
+			// is running it will receive a sync packet. On receipt of this sync packet it
+			// will invoke a delivery to those connections which are connected to just that
+			// hub instance.
+
+			if($cmd === 'single_mail' || $cmd === 'single_activity') {
+				continue;
+			}
+
+			// default: zot protocol
+
+			$hash   = random_string();
 			$packet = null;
+			$pmsg   = '';
 
 			if($packet_type === 'refresh' || $packet_type === 'purge') {
 				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
 			}
+			if($packet_type === 'keychange') {
+				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
+				$pmsg = get_pconfig($channel['channel_id'],'system','keychange');
+			}
 			elseif($packet_type === 'request') {
 				$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
 				$packet = zot_build_packet($channel,$packet_type,$env,$hub['hubloc_sitekey'],$hub['site_crypto'],
@@ -591,7 +636,8 @@ class Notifier {
 					'account_id' => $channel['channel_account_id'],
 					'channel_id' => $channel['channel_id'],
 					'posturl'    => $hub['hubloc_callback'],
-					'notify'     => $packet
+					'notify'     => $packet,
+					'msg'        => (($pmsg) ? json_encode($pmsg) : '')
 				));
 			}
 			else {

Zotlabs/Daemon/Queue.php

@@ -12,6 +12,7 @@ class Queue {
 		require_once('include/items.php');
 		require_once('include/bbcode.php');
 
+
 		if(argc() > 1)
 			$queue_id = argv(1);
 		else

Zotlabs/Daemon/Ratenotif.php

@@ -88,6 +88,14 @@ class Ratenotif {
 						'msg'        => json_encode($encoded_item)
 					));
 
+
+					$x = q("select count(outq_hash) as total from outq where outq_delivered = 0");
+					if(intval($x[0]['total']) > intval(get_config('system','force_queue_threshold',300))) {
+						logger('immediate delivery deferred.', LOGGER_DEBUG, LOG_INFO);
+						update_queue_item($hash);
+						continue;
+					}
+
 					$deliver[] = $hash;
 	
 					if(count($deliver) >= $deliveries_per_process) {

Zotlabs/Daemon/Thumbnail.php

@@ -0,0 +1,78 @@
+<?php /** @file */
+
+namespace Zotlabs\Daemon;
+
+
+class Thumbnail {
+
+	static public function run($argc,$argv) {
+
+		if(! $argc == 2)
+			return;
+
+		$c = q("select * from attach where hash = '%s' ",
+			dbesc($argv[1])
+		);
+
+		if(! $c)
+			return;
+
+		$attach = $c[0];
+
+		$preview_style   = intval(get_config('system','thumbnail_security',0));
+		$preview_width   = intval(get_config('system','thumbnail_width',300));
+		$preview_height  = intval(get_config('system','thumbnail_height',300));
+
+		$p = [
+			'attach'         => $attach,
+			'preview_style'  => $preview_style,
+			'preview_width'  => $preview_width,
+			'preview_height' => $preview_height,
+			'thumbnail' => null
+		];
+
+		/**
+		 * @hooks thumbnail
+		 *  * \e array \b attach
+		 *  * \e int \b preview_style
+		 *  * \e int \b preview_width
+		 *  * \e int \b preview_height
+		 *  * \e string \b thumbnail
+		 */
+
+		call_hooks('thumbnail',$p);
+		if($p['thumbnail']) {
+			return;
+		}
+
+
+		$default_controller = null;
+		
+		$files = glob('Zotlabs/Thumbs/*.php');
+		if($files) {
+			foreach($files as $f) {
+				$clsname = '\\Zotlabs\\Thumbs\\' . ucfirst(basename($f,'.php'));
+				if(class_exists($clsname)) {
+					$x = new $clsname();
+					if(method_exists($x,'Match')) {
+						$matched = $x->Match($attach['filetype']);
+						if($matched) {
+							$x->Thumb($attach,$preview_style,$preview_width,$preview_height);
+						}
+					}
+					if(method_exists($x,'MatchDefault')) {
+						$default_matched = $x->MatchDefault(substr($attach['filetype'],0,strpos($attach['filetype'],'/')));
+						if($default_matched) {
+							$default_controller = $x;
+						}
+					}
+				}
+			}
+		}
+		if(($default_controller) 
+			&& ((! file_exists(dbunescbin($attach['content']) . '.thumb')) 
+				|| (filectime(dbunescbin($attach['content']) . 'thumb') < (time() - 60)))) {
+			$default_controller->Thumb($attach,$preview_style,$preview_width,$preview_height);
+		}
+	}
+}

Zotlabs/Extend/Hook.php

@@ -2,7 +2,12 @@
 
 namespace Zotlabs\Extend;
 
+use App;
 
+/**
+ * @brief Hook class.
+ *
+ */
 class Hook {
 
 	static public function register($hook,$file,$function,$version = 1,$priority = 0) {
@@ -64,11 +69,14 @@ class Hook {
 		return $r;
 	}
 
-	// unregister all hooks with this file component. 
-	// Useful for addon upgrades where you want to clean out old interfaces.
-
+	/**
+	 * @brief Unregister all hooks with this file component.
+	 *
+	 * Useful for addon upgrades where you want to clean out old interfaces.
+	 *
+	 * @param string $file
+	 */
 	static public function unregister_by_file($file) {
-
 		$r = q("DELETE FROM hook WHERE file = '%s' ",
 			dbesc($file)
 		);
@@ -76,7 +84,6 @@ class Hook {
 		return $r;
 	}
 
-
 	/**
 	 * @brief Inserts a hook into a page request.
 	 *
@@ -98,7 +105,6 @@ class Hook {
 	 * @param int $priority
 	 *     currently not implemented in this function, would require the hook array to be resorted
 	 */
-
 	static public function insert($hook, $fn, $version = 0, $priority = 0) {
 		if(is_array($fn)) {
 			$fn = serialize($fn);

Zotlabs/Lib/ActivityStreams.php

@@ -0,0 +1,273 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+/**
+ * @brief ActivityStreams class.
+ *
+ * Parses an ActivityStream JSON string.
+ */
+class ActivityStreams {
+
+	public $data;
+	public $valid  = false;
+	public $id     = '';
+	public $type   = '';
+	public $actor  = null;
+	public $obj    = null;
+	public $tgt    = null;
+	public $origin = null;
+	public $owner  = null;
+	public $signer = null;
+	public $ldsig  = null;
+	public $sigok  = false;
+	public $recips = null;
+	public $raw_recips = null;
+
+	/**
+	 * @brief Constructor for ActivityStreams.
+	 *
+	 * Takes a JSON string as parameter, decodes it and sets up this object.
+	 *
+	 * @param string $string
+	 */
+	function __construct($string) {
+
+		$this->data = json_decode($string, true);
+		if($this->data) {
+			$this->valid = true;
+		}
+
+		if($this->is_valid()) {
+			$this->id     = $this->get_property_obj('id');
+			$this->type   = $this->get_primary_type();
+			$this->actor  = $this->get_compound_property('actor');
+			$this->obj    = $this->get_compound_property('object');
+			$this->tgt    = $this->get_compound_property('target');
+			$this->origin = $this->get_compound_property('origin');
+			$this->recips = $this->collect_recips();
+
+			$this->ldsig = $this->get_compound_property('signature');
+			if($this->ldsig) {
+				$this->signer = $this->get_compound_property('creator',$this->ldsig);
+				if($this->signer && $this->signer['publicKey'] && $this->signer['publicKey']['publicKeyPem']) {
+					$this->sigok = \Zotlabs\Lib\LDSignatures::verify($this->data,$this->signer['publicKey']['publicKeyPem']);
+				}
+			}
+
+			if(($this->type === 'Note') && (! $this->obj)) {
+				$this->obj = $this->data;
+				$this->type = 'Create';
+			}
+		}
+	}
+
+	/**
+	 * @brief Return if instantiated ActivityStream is valid.
+	 *
+	 * @return boolean Return true if the JSON string could be decoded.
+	 */
+	function is_valid() {
+		return $this->valid;
+	}
+
+	function set_recips($arr) {
+		$this->saved_recips = $arr;
+	}
+
+	/**
+	 * @brief Collects all recipients.
+	 *
+	 * @param string $base
+	 * @param string $namespace (optional) default empty
+	 * @return array
+	 */
+	function collect_recips($base = '', $namespace = '') {
+		$x = [];
+		$fields = [ 'to', 'cc', 'bto', 'bcc', 'audience'];
+		foreach($fields as $f) {
+			$y = $this->get_compound_property($f, $base, $namespace);
+			if($y) {
+				$x = array_merge($x, $y);
+				if(! is_array($this->raw_recips))
+					$this->raw_recips = [];
+
+				$this->raw_recips[$f] = $x;
+			}
+		}
+// not yet ready for prime time
+//		$x = $this->expand($x,$base,$namespace);
+		return $x;
+	}
+
+	function expand($arr,$base = '',$namespace = '') {
+		$ret = [];
+
+		// right now use a hardwired recursion depth of 5
+
+		for($z = 0; $z < 5; $z ++) {
+			if(is_array($arr) && $arr) {
+				foreach($arr as $a) {
+					if(is_array($a)) {
+						$ret[] = $a;
+					}
+					else {
+						$x = $this->get_compound_property($a,$base,$namespace);
+						if($x) {
+							$ret = array_merge($ret,$x);
+						}
+					}
+				}
+			}
+		}
+
+		/// @fixme de-duplicate
+
+		return $ret;
+	}
+
+	/**
+	 * @brief
+	 *
+	 * @param array $base
+	 * @param string $namespace if not set return empty string
+	 * @return string|NULL
+	 */
+	function get_namespace($base, $namespace) {
+
+		if(! $namespace)
+			return '';
+
+		$key = null;
+
+		foreach( [ $this->data, $base ] as $b ) {
+			if(! $b)
+				continue;
+
+			if(array_key_exists('@context', $b)) {
+				if(is_array($b['@context'])) {
+					foreach($b['@context'] as $ns) {
+						if(is_array($ns)) {
+							foreach($ns as $k => $v) {
+								if($namespace === $v)
+									$key = $k;
+							}
+						}
+						else {
+							if($namespace === $ns) {
+								$key = '';
+							}
+						}
+					}
+				}
+				else {
+					if($namespace === $b['@context']) {
+						$key = '';
+					}
+				}
+			}
+		}
+
+		return $key;
+	}
+
+	/**
+	 * @brief
+	 *
+	 * @param string $property
+	 * @param array $base (optional)
+	 * @param string $namespace (optional) default empty
+	 * @return NULL|mixed
+	 */
+	function get_property_obj($property, $base = '', $namespace = '') {
+		$prefix = $this->get_namespace($base, $namespace);
+		if($prefix === null)
+			return null;
+
+		$base = (($base) ? $base : $this->data);
+		$propname = (($prefix) ? $prefix . ':' : '') . $property;
+
+		return ((array_key_exists($propname, $base)) ? $base[$propname] : null);
+	}
+
+	/**
+	 * @brief Fetches a property from an URL.
+	 *
+	 * @param string $url
+	 * @return NULL|mixed
+	 */
+	function fetch_property($url) {
+		$redirects = 0;
+		if(! check_siteallowed($url)) {
+			logger('blacklisted: ' . $url);
+			return null;
+		}
+
+		$x = z_fetch_url($url, true, $redirects,
+			['headers' => [ 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json' ]]);
+		if($x['success'])
+			return json_decode($x['body'], true);
+
+		return null;
+	}
+
+	/**
+	 * @brief
+	 *
+	 * @param string $property
+	 * @param array $base
+	 * @param string $namespace (optional) default empty
+	 * @return NULL|mixed
+	 */
+	function get_compound_property($property, $base = '', $namespace = '') {
+		$x = $this->get_property_obj($property, $base, $namespace);
+		if($this->is_url($x)) {
+			$x = $this->fetch_property($x);
+		}
+
+		return $x;
+	}
+
+	/**
+	 * @brief Check if string starts with http.
+	 *
+	 * @param string $url
+	 * @return boolean
+	 */
+	function is_url($url) {
+		if(($url) && (! is_array($url)) && (strpos($url, 'http') === 0)) {
+			return true;
+		}
+
+		return false;
+	}
+
+	/**
+	 * @brief Gets the type property.
+	 *
+	 * @param array $base
+	 * @param string $namespace (optional) default empty
+	 * @return NULL|mixed
+	 */
+	function get_primary_type($base = '', $namespace = '') {
+		if(! $base)
+			$base = $this->data;
+
+		$x = $this->get_property_obj('type', $base, $namespace);
+		if(is_array($x)) {
+			foreach($x as $y) {
+				if(strpos($y, ':') === false) {
+					return $y;
+				}
+			}
+		}
+
+		return $x;
+	}
+
+	function debug() {
+		$x = var_export($this, true);
+		return $x;
+	}
+
+}

Zotlabs/Lib/ActivityStreams2.php

@@ -1,86 +0,0 @@
-<?php
-
-namespace Zotlabs\Lib;
-
-
-class ActivityStreams2 {
-
-	public $data;
-	public $valid = false;
-	public $id    = '';
-	public $type  = '';
-	public $actor = null;
-	public $obj   = null;
-	public $tgt   = null;
-
-	function __construct($string) {
-
-		$this->data = json_decode($string,true);
-		if($this->data) {
-			$this->valid = true;
-		}
-
-		if($this->is_valid()) {
-			$this->id    = $this->get_property_obj('id');
-			$this->type  = $this->get_primary_type();
-			$this->actor = $this->get_compound_property('actor');
-			$this->obj   = $this->get_compound_property('object');
-			$this->tgt   = $this->get_compound_property('target');
-		}
-	}
-
-	function is_valid() {
-		return $this->valid;
-	}
-
-	function get_property_obj($property,$base = '') {
-		if(! $base) {
-			$base = $this->data;
-		}
-		return $base[$property];
-	}
-
-	function fetch_property($url) {
-		$redirects = 0;
-		$x = z_fetch_url($url,true,$redirects,
-			['headers' => [ 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams"']]);
-		if($x['success'])
-			return json_decode($x['body'],true);
-		return null;
-	}
-
-	function get_compound_property($property,$base = '') {
-		$x = $this->get_property_obj($property,$base);
-		if($this->is_url($x)) {
-			$x = $this->fetch_property($x); 	
-		}
-		return $x;
-	}
-
-	function is_url($url) {
-		if(($url) && (! is_array($url)) && (strpos($url,'http') === 0)) {
-			return true;
-		}
-		return false;
-	}
-
-	function get_primary_type($base = '') {
-		if(! $base)
-			$base = $this->data;
-		$x = $this->get_property_obj('type',$base);
-		if(is_array($x)) {
-			foreach($x as $y) {
-				if(strpos($y,':') === false) {
-					return $y;
-				}
-			}
-		}
-		return $x;
-	}
-
-	function debug() {
-		$x = var_export($this,true);
-		return $x;
-	}
-
-}

Zotlabs/Lib/Apps.php

@@ -169,6 +169,14 @@ class Apps {
 			$requires = explode(',',$ret['requires']);
 			foreach($requires as $require) {
 				$require = trim(strtolower($require));
+				$config = false;
+
+				if(substr($require, 0, 7) == 'config:') {
+					$config = true;
+					$require = ltrim($require, 'config:');
+					$require = explode('=', $require);
+				}
+
 				switch($require) {
 					case 'nologin':
 						if(local_channel())
@@ -191,10 +199,13 @@ class Apps {
 							unset($ret);
 						break;
 					default:
-						if(! (local_channel() && feature_enabled(local_channel(),$require)))
+						if($config)
+							$unset = ((get_config('system', $require[0]) == $require[1]) ? false : true);
+						else
+							$unset = ((local_channel() && feature_enabled(local_channel(),$require)) ? false : true);
+						if($unset)
 							unset($ret);
 						break;
-
 				}
 			}
 		}
@@ -210,7 +221,8 @@ class Apps {
 	static public function translate_system_apps(&$arr) {
 		$apps = array(
 			'Apps' => t('Apps'),
-			'Site Admin' => t('Site Admin'),
+			'Cards' => t('Cards'),
+			'Admin' => t('Site Admin'),
 			'Report Bug' => t('Report Bug'),
 			'View Bookmarks' => t('View Bookmarks'),
 			'My Chatrooms' => t('My Chatrooms'),
@@ -305,8 +317,17 @@ class Apps {
 
 			if($k === 'requires') {
 				$requires = explode(',',$v);
+
 				foreach($requires as $require) {
 					$require = trim(strtolower($require));
+					$config = false;
+
+					if(substr($require, 0, 7) == 'config:') {
+						$config = true;
+						$require = ltrim($require, 'config:');
+						$require = explode('=', $require);
+					}
+
 					switch($require) {
 						case 'nologin':
 							if(local_channel())
@@ -330,10 +351,13 @@ class Apps {
 								return '';
 							break;
 						default:
-							if(! (local_channel() && feature_enabled(local_channel(),$require)))
+							if($config)
+								$unset = ((get_config('system', $require[0]) === $require[1]) ? false : true);
+							else
+								$unset = ((local_channel() && feature_enabled(local_channel(),$require)) ? false : true);
+							if($unset)
 								return '';
 							break;
-
 					}
 				}
 			}
@@ -359,6 +383,13 @@ class Apps {
 		$install_action = (($installed) ? t('Update') : t('Install'));
 		$icon = ((strpos($papp['photo'],'icon:') === 0) ? substr($papp['photo'],5) : '');
 
+		if($mode === 'navbar') {
+			return replace_macros(get_markup_template('app_nav.tpl'),array(
+				'$app' => $papp,
+				'$icon' => $icon,
+			));
+		}
+
 		return replace_macros(get_markup_template('app.tpl'),array(
 			'$app' => $papp,
 			'$icon' => $icon,
@@ -370,11 +401,15 @@ class Apps {
 			'$undelete' => ((local_channel() && $installed && $mode == 'edit') ? t('Undelete') : ''),
 			'$deleted' => $papp['deleted'],
 			'$feature' => (($papp['embed']) ? false : true),
+			'$pin' => (($papp['embed']) ? false : true),
 			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
+			'$pinned' => ((strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true),
 			'$navapps' => (($mode == 'nav') ? true : false),
 			'$order' => (($mode == 'nav-order') ? true : false),
 			'$add' => t('Add to app-tray'),
-			'$remove' => t('Remove from app-tray')
+			'$remove' => t('Remove from app-tray'),
+			'$add_nav' => t('Pin to navbar'),
+			'$remove_nav' => t('Unpin from navbar')
 		));
 	}
 
@@ -467,25 +502,27 @@ class Apps {
 		}
 	}
 
-	static public function app_feature($uid,$app) {
+	static public function app_feature($uid,$app,$term) {
 		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
 			dbesc($app['guid']),
 			intval($uid)
 		);
 
-		$x = q("select * from term where otype = %d and oid = %d and term = 'nav_featured_app' limit 1",
+		$x = q("select * from term where otype = %d and oid = %d and term = '%s' limit 1",
 			intval(TERM_OBJ_APP),
-			intval($r[0]['id'])
+			intval($r[0]['id']),
+			dbesc($term)
 		);
 
 		if($x) {
-			q("delete from term where otype = %d and oid = %d and term = 'nav_featured_app'",
+			q("delete from term where otype = %d and oid = %d and term = '%s'",
 				intval(TERM_OBJ_APP),
-				intval($x[0]['oid'])
+				intval($x[0]['oid']),
+				dbesc($term)
 			);
 		}
 		else {
-			store_item_tag($uid,$r[0]['id'],TERM_OBJ_APP,TERM_CATEGORY,'nav_featured_app',escape_tags(z_root() . '/apps/?f=&cat=nav_featured_app'));
+			store_item_tag($uid, $r[0]['id'], TERM_OBJ_APP, TERM_CATEGORY, $term, escape_tags(z_root() . '/apps/?f=&cat=' . $term));
 		}
 	}
 
@@ -500,16 +537,27 @@ class Apps {
 	}
 
 
-	static public function app_list($uid, $deleted = false, $cat = '') {
+	static public function app_list($uid, $deleted = false, $cats = []) {
 		if($deleted) 
 			$sql_extra = "";
 		else
 			$sql_extra = " and app_deleted = 0 ";
 
-		if($cat) {
-			$r = q("select oid from term where otype = %d and term = '%s'",
-				intval(TERM_OBJ_APP),
-				dbesc($cat)
+		if($cats) {
+
+			$cat_sql_extra = " and ( ";
+
+			foreach($cats as $cat) {
+				if(strpos($cat_sql_extra, 'term'))
+					$cat_sql_extra .= "or ";
+
+				$cat_sql_extra .= "term = '" . dbesc($cat) . "' ";
+			}
+
+			$cat_sql_extra .=  ") ";
+
+			$r = q("select oid from term where otype = %d $cat_sql_extra",
+				intval(TERM_OBJ_APP)
 			);
 			if(! $r)
 				return $r;
@@ -585,7 +633,7 @@ class Apps {
 
 	static function moveup($uid,$guid) {
 		$syslist = array();
-		$list = self::app_list($uid, false, 'nav_featured_app');
+		$list = self::app_list($uid, false, ['nav_featured_app', 'nav_pinned_app']);
 		if($list) {
 			foreach($list as $li) {
 				$syslist[] = self::app_encode($li);
@@ -626,7 +674,7 @@ class Apps {
 
 	static function movedown($uid,$guid) {
 		$syslist = array();
-		$list = self::app_list($uid, false, 'nav_featured_app');
+		$list = self::app_list($uid, false, ['nav_featured_app', 'nav_pinned_app']);
 		if($list) {
 			foreach($list as $li) {
 				$syslist[] = self::app_encode($li);

Zotlabs/Lib/Chatroom.php

@@ -2,22 +2,18 @@
 namespace Zotlabs\Lib;
 
 /**
- * @brief Chat related functions.
+ * @brief A class with chatroom related static methods.
  */
-
-
-
 class Chatroom {
 	/**
 	 * @brief Creates a chatroom.
 	 *
 	 * @param array $channel
 	 * @param array $arr
-	 * @return An associative array containing:
-	 *  - success: A boolean
-	 *  - message: (optional) A string
+	 * @return array An associative array containing:
+	 *   * \e boolean \b success - A boolean success status
+	 *   * \e string \b message - (optional) A string
 	 */
-
 	static public function create($channel, $arr) {
 
 		$ret = array('success' => false);
@@ -150,8 +146,8 @@ class Chatroom {
 		}
 
 		if(intval($x[0]['cr_expire'])) {
-			$r = q("delete from chat where created < %s - INTERVAL %s and chat_room = %d", 
-				db_utcnow(), 
+			$r = q("delete from chat where created < %s - INTERVAL %s and chat_room = %d",
+				db_utcnow(),
 				db_quoteinterval( intval($x[0]['cr_expire']) . ' MINUTE' ),
 				intval($x[0]['cr_id'])
 			);
@@ -225,10 +221,16 @@ class Chatroom {
 	}
 
 	/**
-	 * create a chat message via API.
+	 * @brief Create a chat message via API.
+	 *
 	 * It is the caller's responsibility to enter the room.
- 	*/
-
+	 *
+	 * @param int $uid
+	 * @param int $room_id
+	 * @param string $xchan
+	 * @param string $text
+	 * @return array
+	 */
 	static public function message($uid, $room_id, $xchan, $text) {
 
 		$ret = array('success' => false);
@@ -245,12 +247,18 @@ class Chatroom {
 		if(! $r)
 			return $ret;
 
-		$arr = array(
+		$arr = [
 			'chat_room' => $room_id,
 			'chat_xchan' => $xchan,
 			'chat_text' => $text
-		);
-
+		];
+		/**
+		 * @hooks chat_message
+		 *   Called to create a chat message.
+		 *   * \e int \b chat_room
+		 *   * \e string \b chat_xchan
+		 *   * \e string \b chat_text
+		 */
 		call_hooks('chat_message', $arr);
 
 		$x = q("insert into chat ( chat_room, chat_xchan, created, chat_text )

Zotlabs/Lib/Config.php

@@ -1,4 +1,4 @@
-<?php /** @file */
+<?php
 
 namespace Zotlabs\Lib;
 
@@ -14,7 +14,6 @@ class Config {
 	 * @param string $family
 	 *  The category of the configuration value
 	 */
-
 	static public function Load($family) {
 		if(! array_key_exists($family, \App::$config))
 			\App::$config[$family] = array();
@@ -30,7 +29,7 @@ class Config {
 				}
 				\App::$config[$family]['config_loaded'] = true;
 			}
-		} 
+		}
 	}
 
 	/**
@@ -47,8 +46,7 @@ class Config {
 	 * @return mixed
 	 *  Return the set value, or false if the database update failed
 	 */
-
-	static public function Set($family,$key,$value) {
+	static public function Set($family, $key, $value) {
 		// manage array value
 		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
@@ -76,8 +74,8 @@ class Config {
 			\App::$config[$family][$key] = $value;
 			$ret = $value;
 		}
-		return $ret;
 
+		return $ret;
 	}
 
 	/**
@@ -88,25 +86,25 @@ class Config {
 	 * $key from a cached storage in App::$config[$family]. If a key is found in the
 	 * DB but does not exist in local config cache, pull it into the cache so we
 	 * do not have to hit the DB again for this item.
-	 * 
+	 *
 	 * Returns false if not set.
 	 *
 	 * @param string $family
 	 *  The category of the configuration value
 	 * @param string $key
 	 *  The configuration key to query
+	 * @param string $default (optional) default false
 	 * @return mixed Return value or false on error or if not set
 	 */
-
-	static public function Get($family,$key,$default = false) {
+	static public function Get($family, $key, $default = false) {
 		if((! array_key_exists($family, \App::$config)) || (! array_key_exists('config_loaded', \App::$config[$family])))
 			self::Load($family);
 
 		if(array_key_exists('config_loaded', \App::$config[$family])) {
 			if(! array_key_exists($key, \App::$config[$family])) {
-				return $default;		
+				return $default;
 			}
-			return ((! is_array(\App::$config[$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$family][$key])) 
+			return ((! is_array(\App::$config[$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$family][$key]))
 				? unserialize(\App::$config[$family][$key])
 				: \App::$config[$family][$key]
 			);
@@ -127,17 +125,18 @@ class Config {
 	 *  The configuration key to delete
 	 * @return mixed
 	 */
-
-	static public function Delete($family,$key) {
+	static public function Delete($family, $key) {
 
 		$ret = false;
 
 		if(array_key_exists($family, \App::$config) && array_key_exists($key, \App::$config[$family]))
 			unset(\App::$config[$family][$key]);
-			$ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s'",
+
+		$ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s'",
 			dbesc($family),
 			dbesc($key)
 		);
+
 		return $ret;
 	}
 
@@ -154,12 +153,12 @@ class Config {
 	 *  The configuration key to query
 	 * @return mixed
 	 */
-
 	static private function get_from_storage($family,$key) {
 		$ret = q("SELECT * FROM config WHERE cat = '%s' AND k = '%s' LIMIT 1",
 			dbesc($family),
 			dbesc($key)
 		);
+
 		return $ret;
 	}
 

Zotlabs/Lib/Enotify.php

@@ -130,7 +130,9 @@ class Enotify {
 	if ($params['type'] == NOTIFY_COMMENT) {
 //		logger("notification: params = " . print_r($params, true), LOGGER_DEBUG);
 
-		$itemlink =  $params['link'];
+		$moderated = (($params['item']['item_blocked'] == ITEM_MODERATED) ? true : false);
+
+		$itemlink = $params['link'];
 
 		// ignore like/unlike activity on posts - they probably require a separate notification preference
 
@@ -170,8 +172,6 @@ class Enotify {
 
 		xchan_query($p);
 
-		$moderated = (($p[0]['item_blocked'] == ITEM_MODERATED) ? true : false);
-
 		$item_post_type = item_post_type($p[0]);
 //		$private = $p[0]['item_private'];
 		$parent_id = $p[0]['id'];
@@ -778,10 +778,14 @@ class Enotify {
 
 		// Call localize_item to get a one line status for activities. 
 		// This should set $item['localized'] to indicate we have a brief summary.
+		// and perhaps $item['shortlocalized'] for an even briefer summary
 
 		localize_item($item);
 
-		if($item['localize']) {
+		if($item['shortlocalize']) {
+			$itemem_text = $item['shortlocalize'];
+		}
+		elseif($item['localize']) {
 			$itemem_text = $item['localize'];
 		}
 		else {
@@ -798,7 +802,10 @@ class Enotify {
 			'url' => $item['author']['xchan_url'],
 			'photo' => $item['author']['xchan_photo_s'],
 			'when' => relative_date($item['created']), 
-			'class' => (intval($item['item_unseen']) ? 'notify-unseen' : 'notify-seen'), 
+			'class' => (intval($item['item_unseen']) ? 'notify-unseen' : 'notify-seen'),
+			'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])),
+			'notify_id' => 'undefined',
+			'thread_top' => (($item['item_thread_top']) ? true : false),
 			'message' => strip_tags(bbcode($itemem_text))
 		);
 

Zotlabs/Lib/JSalmon.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+
+class JSalmon {
+
+	static function sign($data,$key_id,$key) {
+
+		$arr       = $data;
+		$data      = json_encode($data,JSON_UNESCAPED_SLASHES);
+		$data      = base64url_encode($data, false); // do not strip padding
+		$data_type = 'application/x-zot+json';
+		$encoding  = 'base64url';
+		$algorithm = 'RSA-SHA256';
+
+		$data = preg_replace('/\s+/','',$data);
+
+		// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods
+
+		$precomputed = '.' . base64url_encode($data_type,false) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
+
+		$signature  = base64url_encode(rsa_sign($data . $precomputed, $key), false);
+
+		return ([
+			'signed'    => true,
+			'data'      => $data,
+			'data_type' => $data_type,
+			'encoding'  => $encoding,
+			'alg'       => $algorithm,
+			'sigs'      => [
+				'value'  => $signature,
+				'key_id' => base64url_encode($key_id)
+			]
+		]);
+
+	}
+}

Zotlabs/Lib/LDSignatures.php

@@ -0,0 +1,135 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+require_once('library/jsonld/jsonld.php');
+
+class LDSignatures {
+
+
+	static function verify($data,$pubkey) {
+
+		$ohash = self::hash(self::signable_options($data['signature']));
+		$dhash = self::hash(self::signable_data($data));
+
+		$x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey);
+		logger('LD-verify: ' . intval($x));
+
+		return $x;
+	}
+
+	static function dopplesign(&$data,$channel) {
+	// remove for the time being - performance issues
+	//	$data['magicEnv'] = self::salmon_sign($data,$channel);
+		return self::sign($data,$channel);
+	}
+
+	static function sign($data,$channel) {
+
+		$options = [
+			'type' => 'RsaSignature2017',
+			'nonce' => random_string(64),
+			'creator' => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem',
+			'created' => datetime_convert('UTC','UTC', 'now', 'Y-m-d\Th:i:s\Z')
+		];
+
+		$ohash = self::hash(self::signable_options($options));
+		$dhash = self::hash(self::signable_data($data));
+		$options['signatureValue'] = base64_encode(rsa_sign($ohash . $dhash,$channel['channel_prvkey']));
+
+		$signed = array_merge([
+			'@context' => [ 
+				ACTIVITYSTREAMS_JSONLD_REV, 
+				'https://w3id.org/security/v1' ],
+			],$options);
+
+		return $signed;
+	}
+
+
+	static function signable_data($data) {
+
+		$newdata = [];
+		if($data) {
+			foreach($data as $k => $v) {
+				if(! in_array($k,[ 'signature' ])) {
+					$newdata[$k] = $v;
+				}
+			}
+		}
+		return json_encode($newdata,JSON_UNESCAPED_SLASHES);
+	}
+
+
+	static function signable_options($options) {
+
+		$newopts = [ '@context' => 'https://w3id.org/identity/v1' ];
+		if($options) {
+			foreach($options as $k => $v) {
+				if(! in_array($k,[ 'type','id','signatureValue' ])) {
+					$newopts[$k] = $v;
+				}
+			}
+		}
+		return json_encode($newopts,JSON_UNESCAPED_SLASHES);
+	}
+
+	static function hash($obj) {
+
+		return hash('sha256',self::normalise($obj));
+	}
+
+	static function normalise($data) {
+		if(is_string($data)) {
+			$data = json_decode($data);
+		}
+
+		if(! is_object($data))
+			return '';
+
+		jsonld_set_document_loader('jsonld_document_loader');
+	
+		try {
+			$d = jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]);
+		}
+		catch (\Exception $e) {
+			logger('normalise error:' . print_r($e,true));
+			logger('normalise error: ' . print_r($data,true));
+		}
+
+		return $d;
+	}
+
+	static function salmon_sign($data,$channel) {
+
+		$arr       = $data;
+		$data      = json_encode($data,JSON_UNESCAPED_SLASHES);
+		$data      = base64url_encode($data, false); // do not strip padding
+		$data_type = 'application/activity+json';
+		$encoding  = 'base64url';
+		$algorithm = 'RSA-SHA256';
+		$keyhash   = base64url_encode(z_root() . '/channel/' . $channel['channel_address']);
+
+		$data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$data);
+
+		// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods
+
+		$precomputed = '.' . base64url_encode($data_type,false) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
+
+		$signature  = base64url_encode(rsa_sign($data . $precomputed,$channel['channel_prvkey']));
+
+		return ([
+			'id'          => $arr['id'],
+			'meData'      => $data,
+			'meDataType'  => $data_type,
+			'meEncoding'  => $encoding,
+			'meAlgorithm' => $algorithm,
+			'meCreator'   => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem',
+			'meSignatureValue' => $signature
+		]);
+
+	}
+
+
+
+}

Zotlabs/Lib/MarkdownSoap.php

@@ -94,7 +94,7 @@ class MarkdownSoap {
 	}
 
 	function escape($s) {
-		return htmlspecialchars($s,ENT_QUOTES);
+		return htmlspecialchars($s,ENT_QUOTES,'UTF-8',false);
 	}
 
 	static public function unescape($s) {

Zotlabs/Lib/NativeWiki.php

@@ -18,11 +18,18 @@ class NativeWiki {
 
 		if($wikis) {
 			foreach($wikis as &$w) {
+
+				$w['json_allow_cid']  = acl2json($w['allow_cid']);
+				$w['json_allow_gid']  = acl2json($w['allow_gid']);
+				$w['json_deny_cid']   = acl2json($w['deny_cid']);
+				$w['json_deny_gid']   = acl2json($w['deny_gid']);
+
 				$w['rawName']  = get_iconfig($w, 'wiki', 'rawName');
 				$w['htmlName'] = escape_tags($w['rawName']);
 				$w['urlName']  = urlencode(urlencode($w['rawName']));
 				$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
-				$w['lock']     = (($w['item_private'] || $w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? true : false);
+				$w['typelock'] = get_iconfig($w, 'wiki', 'typelock');
+				$w['lockstate']     = (($w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? 'lock' : 'unlock');
 			}
 		}
 		// TODO: query db for wikis the observer can access. Return with two lists, for read and write access
@@ -84,7 +91,9 @@ class NativeWiki {
 		if(! set_iconfig($arr, 'wiki', 'mimeType', $wiki['mimeType'], true)) {
 			return array('item' => null, 'success' => false);
 		}
-	
+
+		set_iconfig($arr,'wiki','typelock',$wiki['typelock'],true);
+
 		$post = item_store($arr);
 
 		$item_id = $post['item_id'];
@@ -98,6 +107,61 @@ class NativeWiki {
 		}
 	}
 
+	function update_wiki($channel_id, $observer_hash, $arr, $acl) {
+
+		$w = self::get_wiki($channel_id, $observer_hash, $arr['resource_id']);
+		$item = $w['wiki'];
+
+		if(! $item) {
+			return array('item' => null, 'success' => false);
+		}
+
+		$x = $acl->get();
+
+		$item['allow_cid']    = $x['allow_cid'];
+		$item['allow_gid']    = $x['allow_gid'];
+		$item['deny_cid']     = $x['deny_cid'];
+		$item['deny_gid']     = $x['deny_gid'];
+		$item['item_private'] = intval($acl->is_private());
+
+		$update_title = false;
+
+		if($item['title'] !== $arr['updateRawName']) {
+			$update_title = true;
+			$item['title'] = $arr['updateRawName'];
+		}
+
+		$update = item_store_update($item);
+
+		$item_id = $update['item_id'];
+
+		// update acl for any existing wiki pages
+
+		q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d where resource_type = 'nwikipage' and resource_id = '%s'",
+			dbesc($item['allow_cid']), 
+			dbesc($item['allow_gid']), 
+			dbesc($item['deny_cid']), 
+			dbesc($item['deny_gid']), 
+			dbesc($item['item_private']), 
+			dbesc($arr['resource_id'])
+		); 
+
+
+		if($update['item_id']) {
+			info( t('Wiki updated successfully'));
+			if($update_title) {
+				// Update the wiki name information using iconfig.
+				if(! set_iconfig($update['item_id'], 'wiki', 'rawName', $arr['updateRawName'], true)) {
+					return array('item' => null, 'success' => false);
+				}
+			}
+			return array('item' => $update['item'], 'item_id' => $update['item_id'], 'success' => $update['success']);
+		}
+		else {
+			return array('item' => null, 'success' => false);
+		}
+	}
+
 	static public function sync_a_wiki_item($uid,$id,$resource_id) {
 
 
@@ -108,6 +172,12 @@ class NativeWiki {
 			dbesc($resource_id)
 		);
 		if($r) {
+			$q = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s'",
+				dbesc($r[0]['resource_type'])
+			);
+			if($q) {
+				$r = array_merge($r,$q);
+			}
 			xchan_query($r);
 			$sync_item = fetch_post_tags($r);
 			build_sync_packet($uid,array('wiki' => array(encode_item($sync_item[0],true))));
@@ -150,13 +220,15 @@ class NativeWiki {
 			// Get wiki metadata
 			$rawName  = get_iconfig($w, 'wiki', 'rawName');
 			$mimeType = get_iconfig($w, 'wiki', 'mimeType');
+			$typelock = get_iconfig($w, 'wiki', 'typelock');
 
 			return array(
-				'wiki' => $w,
-				'rawName' => $rawName,
+				'wiki'     => $w,
+				'rawName'  => $rawName,
 				'htmlName' => escape_tags($rawName),
-				'urlName' => urlencode(urlencode($rawName)),
-				'mimeType' => $mimeType
+				'urlName'  => urlencode(urlencode($rawName)),
+				'mimeType' => $mimeType,
+				'typelock' => $typelock
 			);
 		}
 	}

Zotlabs/Lib/NativeWikiPage.php

@@ -21,7 +21,7 @@ class NativeWikiPage {
 		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
 
 		$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and item_deleted = 0 
-			$sql_extra order by created asc",
+			$sql_extra order by title asc",
 			dbesc($resource_id),
 			intval($channel_id)
 		);
@@ -55,7 +55,12 @@ class NativeWikiPage {
 	}
 
 
-	static public function create_page($channel_id, $observer_hash, $name, $resource_id) {
+	static public function create_page($channel_id, $observer_hash, $name, $resource_id, $mimetype = 'text/bbcode') {
+
+		logger('mimetype: ' . $mimetype);
+
+		if(! in_array($mimetype,[ 'text/markdown','text/bbcode','text/plain','text/html' ]))
+			$mimetype = 'text/markdown';
 
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 
@@ -63,11 +68,16 @@ class NativeWikiPage {
 			return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
 		}
 
+		// backslashes won't work well in the javascript functions
+		$name = str_replace('\\','',$name);
+
 		// create an empty activity
 
 		$arr = [];
 		$arr['uid']           = $channel_id;
 		$arr['author_xchan']  = $observer_hash;
+		$arr['mimetype']      = $mimetype;
+		$arr['title']         = $name;
 		$arr['resource_type'] = 'nwikipage';
 		$arr['resource_id']   = $resource_id;
 		$arr['allow_cid']     = $w['wiki']['allow_cid'];
@@ -133,8 +143,14 @@ class NativeWikiPage {
 		if($ic) {
 			foreach($ic as $c) {
 				set_iconfig($c['item_id'],'nwikipage','pagetitle',$pageNewName);
+				$ids[] = $c['item_id'];
 			}
 
+			$str_ids = implode(',', $ids);
+			q("update item set title = '%s' where id in ($str_ids)",
+				dbesc($pageNewName)
+			);
+
 			$page = [ 
 				'rawName'  => $pageNewName, 
 				'htmlName' => escape_tags($pageNewName), 
@@ -167,10 +183,11 @@ class NativeWikiPage {
 			$content = $item['body'];
 
 			return [ 
-				'content' => $content,
-				'mimeType' => $w['mimeType'], 
-				'message' => '', 
-				'success' => true
+				'content'      => $content,
+				'mimeType'     => $w['mimeType'],
+				'pageMimeType' => $item['mimetype'], 
+				'message'      => '', 
+				'success'      => true
 			];
 		}
 	
@@ -333,15 +350,17 @@ class NativeWikiPage {
 			return array('message' => t('Error reading wiki'), 'success' => false);
 		}
 
-		$mimetype = $w['mimeType'];
 	
 		// fetch the most recently saved revision. 
 
 		$item = self::load_page($arr);
+
 		if(! $item) {
 			return array('message' => t('Page not found'), 'success' => false);
 		}
 
+		$mimetype = $item['mimetype'];
+
 		// change just the fields we need to change to create a revision; 
 
 		unset($item['id']);
@@ -599,10 +618,13 @@ class NativeWikiPage {
 	}
 	
 	static public function get_file_ext($arr) {
-		if($arr['mimeType'] == 'text/bbcode')
+		if($arr['mimetype'] === 'text/bbcode')
 			return '.bb';
-		else
+		elseif($arr['mimetype'] === 'text/markdown')
 			return '.md';
+		elseif($arr['mimetype'] === 'text/plain')
+			return '.txt';
+
 	}
 	
 	// This function is derived from 

Zotlabs/Lib/PConfig.php

@@ -1,8 +1,21 @@
-<?php /** @file */
+<?php
 
 namespace Zotlabs\Lib;
 
-
+/**
+ * @brief Class for handling channel specific configurations.
+ *
+ * <b>PConfig</b> is used for channel specific configurations and takes a
+ * <i>channel_id</i> as identifier. It stores for example which features are
+ * enabled per channel. The storage is of size MEDIUMTEXT.
+ *
+ * @code{.php}$var = Zotlabs\Lib\PConfig::Get('uid', 'category', 'key');
+ * // with default value for non existent key
+ * $var = Zotlabs\Lib\PConfig::Get('uid', 'category', 'unsetkey', 'defaultvalue');@endcode
+ *
+ * The old (deprecated?) way to access a PConfig value is:
+ * @code{.php}$var = get_pconfig(local_channel(), 'category', 'key');@endcode
+ */
 class PConfig {
 
 	/**
@@ -13,18 +26,18 @@ class PConfig {
 	 *
 	 * @param string $uid
 	 *  The channel_id
-	 * @return void|false Nothing or false if $uid is false
+	 * @return void|false Nothing or false if $uid is null or false
 	 */
-
 	static public function Load($uid) {
 		if(is_null($uid) || $uid === false)
 			return false;
 
-		if(! array_key_exists($uid, \App::$config))
-			\App::$config[$uid] = array();
-
 		if(! is_array(\App::$config)) {
-			btlogger('App::$config not an array: ' . $uid);
+			btlogger('App::$config not an array');
+		}
+
+		if(! array_key_exists($uid, \App::$config)) {
+			\App::$config[$uid] = array();
 		}
 
 		if(! is_array(\App::$config[$uid])) {
@@ -63,11 +76,11 @@ class PConfig {
 	 *  The category of the configuration value
 	 * @param string $key
 	 *  The configuration key to query
-	 * @param boolean $instore (deprecated, without function)
+	 * @param mixed $default (optional, default false)
+	 *  Default value to return if key does not exist
 	 * @return mixed Stored value or false if it does not exist
 	 */
-
-	static public function Get($uid,$family,$key,$default = false) {
+	static public function Get($uid, $family, $key, $default = false) {
 
 		if(is_null($uid) || $uid === false)
 			return $default;
@@ -78,11 +91,10 @@ class PConfig {
 		if((! array_key_exists($family, \App::$config[$uid])) || (! array_key_exists($key, \App::$config[$uid][$family])))
 			return $default;
 
-		return ((! is_array(\App::$config[$uid][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$uid][$family][$key])) 
+		return ((! is_array(\App::$config[$uid][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$uid][$family][$key]))
 			? unserialize(\App::$config[$uid][$family][$key])
 			: \App::$config[$uid][$family][$key]
 		);
-
 	}
 
 	/**
@@ -101,12 +113,11 @@ class PConfig {
 	 *  The value to store
 	 * @return mixed Stored $value or false
 	 */
-
 	static public function Set($uid, $family, $key, $value) {
 
-		// this catches subtle errors where this function has been called 
+		// this catches subtle errors where this function has been called
 		// with local_channel() when not logged in (which returns false)
-		// and throws an error in array_key_exists below. 
+		// and throws an error in array_key_exists below.
 		// we provide a function backtrace in the logs so that we can find
 		// and fix the calling function.
 
@@ -131,7 +142,6 @@ class PConfig {
 				dbesc($key),
 				dbesc($dbvalue)
 			);
-
 		}
 		else {
 
@@ -141,7 +151,6 @@ class PConfig {
 				dbesc($family),
 				dbesc($key)
 			);
-
 		}
 
 		// keep a separate copy for all variables which were
@@ -177,7 +186,6 @@ class PConfig {
 	 *  The configuration key to delete
 	 * @return mixed
 	 */
- 
 	static public function Delete($uid, $family, $key) {
 
 		if(is_null($uid) || $uid === false)
@@ -185,12 +193,12 @@ class PConfig {
 
 		$ret = false;
 
-		if(array_key_exists($uid,\App::$config) 
-			&& is_array(\App::$config['uid']) 
-			&& array_key_exists($family,\App::$config['uid']) 
+		if(array_key_exists($uid,\App::$config)
+			&& is_array(\App::$config['uid'])
+			&& array_key_exists($family,\App::$config['uid'])
 			&& array_key_exists($key, \App::$config[$uid][$family]))
 			unset(\App::$config[$uid][$family][$key]);
-			
+
 		$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
 			intval($uid),
 			dbesc($family),
@@ -201,4 +209,3 @@ class PConfig {
 	}
 
 }
-		

Zotlabs/Lib/SConfig.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+/**
+ * @brief Account configuration storage is built on top of the under-utilised xconfig.
+ *
+ * @see XConfig
+ */
+class SConfig {
+
+	static public function Load($server_id) {
+		return XConfig::Load('s_' . $server_id);
+	}
+
+	static public function Get($server_id,$family,$key,$default = false) {
+		return XConfig::Get('s_' . $server_id,$family,$key, $default);
+	}
+
+	static public function Set($server_id,$family,$key,$value) {
+		return XConfig::Set('s_' . $server_id,$family,$key,$value);
+	}
+
+	static public function Delete($server_id,$family,$key) {
+		return XConfig::Delete('s_' . $server_id,$family,$key);
+	}
+
+}

Zotlabs/Lib/System.php

@@ -61,6 +61,13 @@ class System {
 		return 'pro';
 	}
 
+
+	static public function get_zot_revision() {
+		$x = [ 'revision' => ZOT_REVISION ]; 
+		call_hooks('zot_revision',$x);
+		return $x['revision'];
+	}
+
 	static public function get_std_version() {
 		if(defined('STD_VERSION'))
 			return STD_VERSION;

Zotlabs/Lib/ThreadItem.php

@@ -29,6 +29,7 @@ class ThreadItem {
 	private $visiting = false;
 	private $channel = null;
 	private $display_mode = 'normal';
+	private $reload = '';
 
 
 	public function __construct($data) {
@@ -37,7 +38,7 @@ class ThreadItem {
 		$this->toplevel = ($this->get_id() == $this->get_data_value('parent'));
 
 		// Prepare the children
-		if(count($data['children'])) {
+		if($data['children']) {
 			foreach($data['children'] as $item) {
 
 				/*
@@ -101,10 +102,23 @@ class ThreadItem {
 		if($item['author']['xchan_network'] === 'rss')
 			$shareable = true;
 
+
 		$mode = $conv->get_mode();
 
+		switch($item['item_type']) {
+			case ITEM_TYPE_CARD:
+				$edlink = 'card_edit';
+				break;
+			case ITEM_TYPE_ARTICLE:
+				$edlink = 'article_edit';
+				break;
+			default:
+				$edlink = 'editpost';
+				break;
+		}
+
 		if(local_channel() && $observer['xchan_hash'] === $item['author_xchan'])
-			$edpost = array(z_root()."/editpost/".$item['id'], t("Edit"));
+			$edpost = array(z_root() . '/' . $edlink . '/' . $item['id'], t('Edit'));
 		else
 			$edpost = false;
 
@@ -182,7 +196,7 @@ class ThreadItem {
 
 		$like_count = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid']] : '');
 		$like_list = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid'] . '-l'] : '');
-		if (count($like_list) > MAX_LIKERS) {
+		if (($like_list) && (count($like_list) > MAX_LIKERS)) {
 			$like_list_part = array_slice($like_list, 0, MAX_LIKERS);
 			array_push($like_list_part, '<a class="dropdown-item" href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 		} else {
@@ -194,7 +208,7 @@ class ThreadItem {
 			$dislike_count = ((x($conv_responses['dislike'],$item['mid'])) ? $conv_responses['dislike'][$item['mid']] : '');
 			$dislike_list = ((x($conv_responses['dislike'],$item['mid'])) ? $conv_responses['dislike'][$item['mid'] . '-l'] : '');
 			$dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun');
-			if (count($dislike_list) > MAX_LIKERS) {
+			if (($dislike_list) && (count($dislike_list) > MAX_LIKERS)) {
 				$dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS);
 				array_push($dislike_list_part, '<a class="dropdown-item" href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 			} else {
@@ -299,7 +313,7 @@ class ThreadItem {
 		$comment_count_txt = sprintf( tt('%d comment','%d comments',$total_children),$total_children );
 		$list_unseen_txt = (($unseen_comments) ? sprintf('%d unseen',$unseen_comments) : '');
 		
-
+		
 
 		
 
@@ -309,7 +323,8 @@ class ThreadItem {
 
 		$tmp_item = array(
 			'template' => $this->get_template(),
-			'mode' => $mode,			
+			'mode' => $mode,
+			'item_type' => intval($item['item_type']),			
 			'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
 			'body' => $body['html'],
 			'tags' => $body['tags'],
@@ -355,6 +370,7 @@ class ThreadItem {
 			'unverified' => $unverified,
 			'forged' => $forged,
 			'location' => $location,
+			'divider' => get_pconfig($conv->get_profile_owner(),'system','item_divider'),
 			'attend_label' => t('Attend'),
 			'attend_title' => t('Attendance Options'),
 			'vote_label' => t('Vote'),
@@ -407,8 +423,9 @@ class ThreadItem {
 			'showdislike' => $showdislike,
 			'comment' => $this->get_comment_box($indent),
 			'previewing' => ($conv->is_preview() ? true : false ),
+			'preview_lbl' => t('This is an unsaved preview'),
 			'wait' => t('Please wait'),
-			'submid' => str_replace(['+','='], ['',''], base64_encode(substr($item['mid'],0,32))),
+			'submid' => str_replace(['+','='], ['',''], base64_encode($item['mid'])),
 			'thread_level' => $thread_level
 		);
 
@@ -479,6 +496,14 @@ class ThreadItem {
 		return $this->threaded;
 	}
 
+	public function set_reload($val) {
+		$this->reload = $val;
+	}
+
+	public function get_reload() {
+		return $this->reload;
+	}
+
 	public function set_commentable($val) {
 		$this->commentable = $val;
 		foreach($this->get_children() as $child)
@@ -715,7 +740,7 @@ class ThreadItem {
 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
 			'$threaded' => $this->is_threaded(),
-			'$jsreload' => '', //(($conv->get_mode() === 'display') ? $_SESSION['return_url'] : ''),
+			'$jsreload' => $conv->reload,
 			'$type' => (($conv->get_mode() === 'channel') ? 'wall-comment' : 'net-comment'),
 			'$id' => $this->get_id(),
 			'$parent' => $this->get_id(),
@@ -733,19 +758,21 @@ class ThreadItem {
 			'$edquote' => t('Quote'),
 			'$edcode' => t('Code'),
 			'$edimg' => t('Image'),
+			'$edatt' => t('Attach File'),
 			'$edurl' => t('Insert Link'),
 			'$edvideo' => t('Video'),
 			'$preview' => t('Preview'), // ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''),
 			'$indent' => $indent,
+			'$can_upload' => (perm_is_allowed($conv->get_profile_owner(),get_observer_hash(),'write_storage') && $conv->is_uploadable()),
 			'$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false),
 			'$encrypt' => t('Encrypt text'),
 			'$cipher' => $conv->get_cipher(),
 			'$sourceapp' => \App::$sourcename,
 			'$observer' => get_observer_hash(),
-			'$anoncomments' => (($conv->get_mode() === 'channel' && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
-			'$anonname' => [ 'anonname', t('Your full name (required)'),'','','','onBlur="commentCloseUI(this,\'' . $this->get_id() . '\')"' ],
-			'$anonmail' => [ 'anonmail', t('Your email address (required)'),'','','','onBlur="commentCloseUI(this,\'' . $this->get_id() . '\')"' ],
-			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)'),'','','','onBlur="commentCloseUI(this,\'' . $this->get_id() . '\')"' ]
+			'$anoncomments' => ((($conv->get_mode() === 'channel' || $conv->get_mode() === 'display') && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
+			'$anonname' => [ 'anonname', t('Your full name (required)') ],
+			'$anonmail' => [ 'anonmail', t('Your email address (required)') ],
+			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ]
 		));
 
 		return $comment_box;

Zotlabs/Lib/ThreadStream.php

@@ -22,15 +22,17 @@ class ThreadStream {
 	private $profile_owner = 0;
 	private $preview = false;
 	private $prepared_item = '';
+	public $reload = '';
 	private $cipher = 'aes256';
 
 	// $prepared_item is for use by alternate conversation structures such as photos
 	// wherein we've already prepared a top level item which doesn't look anything like
 	// a normal "post" item
 
-	public function __construct($mode, $preview, $prepared_item = '') {
+	public function __construct($mode, $preview, $uploadable, $prepared_item = '') {
 		$this->set_mode($mode);
 		$this->preview = $preview;
+		$this->uploadable = $uploadable;
 		$this->prepared_item = $prepared_item;
 		$c = ((local_channel()) ? get_pconfig(local_channel(),'system','default_cipher') : '');
 		if($c)
@@ -52,15 +54,34 @@ class ThreadStream {
 				$this->profile_owner = local_channel();
 				$this->writable = true;
 				break;
+			case 'pubstream':
+				$this->profile_owner = local_channel();
+				$this->writable = ((local_channel()) ? true : false);
+				break;
+			case 'hq':
+				$this->profile_owner = local_channel();
+				$this->writable = true;
+				break;
 			case 'channel':
 				$this->profile_owner = \App::$profile['profile_uid'];
 				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
 				break;
+			case 'cards':
+				$this->profile_owner = \App::$profile['profile_uid'];
+				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
+				$this->reload = $_SESSION['return_url'];
+				break;
+			case 'articles':
+				$this->profile_owner = \App::$profile['profile_uid'];
+				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
+				$this->reload = $_SESSION['return_url'];
+				break;
 			case 'display':
 				// in this mode we set profile_owner after initialisation (from conversation()) and then 
 				// pull some trickery which allows us to re-invoke this function afterward
 				// it's an ugly hack so @FIXME
 				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
+				$this->uploadable = perm_is_allowed($this->profile_owner,$ob_hash,'write_storage');
 				break;
 			case 'page':
 				$this->profile_owner = \App::$profile['uid'];
@@ -92,6 +113,11 @@ class ThreadStream {
 		return $this->commentable;
 	}
 
+	public function is_uploadable() {
+		return $this->uploadable;
+	}
+
+
 	/**
 	 * Check if page is a preview
 	 */
@@ -166,6 +192,10 @@ class ThreadStream {
 					$item->set_commentable(can_comment_on_post($ob_hash,$item->data));
 			}
 		}
+		if($this->mode === 'pubstream' && (! local_channel())) {
+			$item->set_commentable(false);
+		} 
+
 		require_once('include/channel.php');
 
 		$item->set_conversation($this);

Zotlabs/Lib/XConfig.php

@@ -2,7 +2,26 @@
 
 namespace Zotlabs\Lib;
 
-
+/**
+ * @brief Class for handling observer's config.
+ *
+ * <b>XConfig</b> is comparable to <i>PConfig</i>, except that it uses <i>xchan</i>
+ * (an observer hash) as an identifier.
+ *
+ * <b>XConfig</b> is used for observer specific configurations and takes a
+ * <i>xchan</i> as identifier.
+ * The storage is of size MEDIUMTEXT.
+ *
+ * @code{.php}$var = Zotlabs\Lib\XConfig::Get('xchan', 'category', 'key');
+ * // with default value for non existent key
+ * $var = Zotlabs\Lib\XConfig::Get('xchan', 'category', 'unsetkey', 'defaultvalue');@endcode
+ *
+ * The old (deprecated?) way to access a XConfig value is:
+ * @code{.php}$observer = App::get_observer_hash();
+ * if ($observer) {
+ *     $var = get_xconfig($observer, 'category', 'key');
+ * }@endcode
+ */
 class XConfig {
 
 	/**
@@ -15,7 +34,6 @@ class XConfig {
 	 *  The observer's hash
 	 * @return void|false Returns false if xchan is not set
 	 */
-
 	static public function Load($xchan) {
 
 		if(! $xchan)
@@ -56,9 +74,9 @@ class XConfig {
 	 *  The category of the configuration value
 	 * @param string $key
 	 *  The configuration key to query
+	 * @param boolean $default (optional) default false
 	 * @return mixed Stored $value or false if it does not exist
 	 */
-
 	static public function Get($xchan, $family, $key, $default = false) {
 
 		if(! $xchan)
@@ -70,7 +88,7 @@ class XConfig {
 		if((! array_key_exists($family, \App::$config[$xchan])) || (! array_key_exists($key, \App::$config[$xchan][$family])))
 			return $default;
 
-		return ((! is_array(\App::$config[$xchan][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$xchan][$family][$key])) 
+		return ((! is_array(\App::$config[$xchan][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$xchan][$family][$key]))
 			? unserialize(\App::$config[$xchan][$family][$key])
 			: \App::$config[$xchan][$family][$key]
 		);
@@ -82,7 +100,6 @@ class XConfig {
 	 * Stores a config value ($value) in the category ($family) under the key ($key)
 	 * for the observer's $xchan hash.
 	 *
-	 *
 	 * @param string $xchan
 	 *  The observer's hash
 	 * @param string $family
@@ -93,7 +110,6 @@ class XConfig {
 	 *  The value to store
 	 * @return mixed Stored $value or false
 	 */
-
 	static public function Set($xchan, $family, $key, $value) {
 
 		// manage array value
@@ -106,7 +122,7 @@ class XConfig {
 			if(! array_key_exists($family, \App::$config[$xchan]))
 				\App::$config[$xchan][$family] = array();
 
-			$ret = q("INSERT INTO xconfig ( xchan, cat, k, v ) VALUES ( '%s', '%s', '%s', '%s' ) ",
+			$ret = q("INSERT INTO xconfig ( xchan, cat, k, v ) VALUES ( '%s', '%s', '%s', '%s' )",
 				dbesc($xchan),
 				dbesc($family),
 				dbesc($key),
@@ -126,6 +142,7 @@ class XConfig {
 
 		if($ret)
 			return $value;
+
 		return $ret;
 	}
 
@@ -143,11 +160,11 @@ class XConfig {
 	 *  The configuration key to delete
 	 * @return mixed
 	 */
-
 	static public function Delete($xchan, $family, $key) {
 
 		if(x(\App::$config[$xchan][$family], $key))
 			unset(\App::$config[$xchan][$family][$key]);
+
 		$ret = q("DELETE FROM xconfig WHERE xchan = '%s' AND cat = '%s' AND k = '%s'",
 			dbesc($xchan),
 			dbesc($family),

Zotlabs/Module/Acl.php

@@ -21,7 +21,7 @@ class Acl extends \Zotlabs\Web\Controller {
 
 	function init() {
 	
-		//	logger('mod_acl: ' . print_r($_REQUEST,true));
+		logger('mod_acl: ' . print_r($_REQUEST,true));
 	
 		$start    = (x($_REQUEST,'start')  ? $_REQUEST['start']  : 0);
 		$count    = (x($_REQUEST,'count')  ? $_REQUEST['count']  : 500);
@@ -33,6 +33,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		// $type = 
 		//  ''   =>  standard ACL request
 		//  'g'  =>  Groups only ACL request
+		//  'f'  =>  forums only ACL request
 		//  'c'  =>  Connections only ACL request or editor (textarea) mention request
 		// $_REQUEST['search'] contains ACL search text.
 
@@ -56,12 +57,12 @@ class Acl extends \Zotlabs\Web\Controller {
 			$search = $_REQUEST['query'];
 		}
 	
-		if( (! local_channel()) && (! ($type == 'x' || $type == 'c')))
+		if( (! local_channel()) && (! in_array($type, [ 'x', 'c', 'f' ])))
 			killme();
 
 		$permitted = [];
 
-		if(in_array($type, [ 'm', 'a', 'c' ])) {
+		if(in_array($type, [ 'm', 'a', 'c', 'f' ])) {
 
 			// These queries require permission checking. We'll create a simple array of xchan_hash for those with
 			// the requisite permissions which we can check against. 
@@ -154,7 +155,7 @@ class Acl extends \Zotlabs\Web\Controller {
 			}
 		}
 	
-		if($type == '' || $type == 'c') {
+		if($type == '' || $type == 'c' || $type === 'f') {
 
 			$extra_channels_sql  = ''; 
 
@@ -175,11 +176,18 @@ class Acl extends \Zotlabs\Web\Controller {
 					$extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 ";
 
 
-				// Add atokens belonging to the local channel @TODO restrict by search
+				// Add atokens belonging to the local channel
+
+				if($search) {
+					$sql_extra_atoken = "AND ( atoken_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . ") ";
+				}
+				else {
+					$sql_extra_atoken = '';
+				}
 
 				$r2 = null;
 
-				$r1 = q("select * from atoken where atoken_uid = %d",
+				$r1 = q("select * from atoken where atoken_uid = %d $sql_extra_atoken",
 					intval(local_channel())
 				);
 
@@ -307,7 +315,7 @@ class Acl extends \Zotlabs\Web\Controller {
 					$contacts[] = array(
 						"photo"    => $g['photo'],
 						"name"     => $g['name'],
-						"nick"     => $g['address'],
+						"nick"     => $g['address']
 					);
 				}
 			}
@@ -324,18 +332,24 @@ class Acl extends \Zotlabs\Web\Controller {
 			$r = array();
 	
 		if($r) {
-			foreach($r as $g){
+			foreach($r as $g) {
 	
-				// remove RSS feeds from ACLs - they are inaccessible
-				if(strpos($g['hash'],'/') && $type != 'a')
+				if(($g['network'] === 'rss') && ($type != 'a'))
 					continue;
-	
-				if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) {
+
+				$g['hash'] = urlencode($g['hash']);
+				
+				if(! $g['nick']) {
+					$t = explode(' ',strtolower($g['name']));
+					$g['nick'] = $t[0] . '@';
+				}
+
+				if(in_array($g['hash'],$permitted) && in_array($type, [ 'c', 'f' ]) && (! $noforums)) {
 					$contacts[] = array(
 						"type"     => "c",
 						"photo"    => "images/twopeople.png",
-						"name"     => $g['name'] . '+',
-						"id"	   => $g['id'] . '+',
+						"name"     => $g['name'] . (($type === 'f') ? '' : '+'),
+						"id"	   => urlencode($g['id']) . (($type === 'f') ? '' : '+'),
 						"xid"      => $g['hash'],
 						"link"     => $g['nick'],
 						"nick"     => substr($g['nick'],0,strpos($g['nick'],'@')),
@@ -344,18 +358,20 @@ class Acl extends \Zotlabs\Web\Controller {
 						"label"    => t('network')
 					);
 				}
-				$contacts[] = array(
-					"type"     => "c",
-					"photo"    => $g['micro'],
-					"name"     => $g['name'],
-					"id"	   => $g['id'],
-					"xid"      => $g['hash'],
-					"link"     => $g['nick'],
-					"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : t('RSS')),
-					"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
-					"taggable" => '',
-					"label"    => '',
-				);
+				if($type !== 'f') {
+					$contacts[] = array(
+						"type"     => "c",
+						"photo"    => $g['micro'],
+						"name"     => $g['name'],
+						"id"	   => urlencode($g['id']),
+						"xid"      => $g['hash'],
+						"link"     => $g['nick'],
+						"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
+						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
+						"taggable" => '',
+						"label"    => '',
+					);
+				}
 			}			
 		}
 			

Zotlabs/Module/Admin/Site.php

@@ -61,7 +61,10 @@ class Site {
 		$maxloadavg        = ((x($_POST,'maxloadavg'))       ? intval(trim($_POST['maxloadavg'])) : 50);
 		$feed_contacts     = ((x($_POST,'feed_contacts'))    ? intval($_POST['feed_contacts'])    : 0);
 		$verify_email      = ((x($_POST,'verify_email'))     ? 1 : 0);
-		$techlevel_lock    = ((x($_POST,'techlock'))   ? intval($_POST['techlock'])   : 0);
+		$techlevel_lock    = ((x($_POST,'techlock'))         ? intval($_POST['techlock'])   : 0);
+		$imagick_path      = ((x($_POST,'imagick_path'))     ? trim($_POST['imagick_path'])   : '');
+		$thumbnail_security  = ((x($_POST,'thumbnail_security'))     ? intval($_POST['thumbnail_security'])   : 0);
+		$force_queue       = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue'])   : 300);
 
 		$techlevel         = null;
 		if(array_key_exists('techlevel', $_POST))
@@ -82,7 +85,8 @@ class Site {
 		set_config('system', 'reply_address', $reply_address);
 		set_config('system', 'from_email', $from_email);
 		set_config('system', 'from_email_name' , $from_email_name);
-
+		set_config('system', 'imagick_convert_path' , $imagick_path);
+		set_config('system', 'thumbnail_security' , $thumbnail_security);
 
 		set_config('system', 'techlevel_lock', $techlevel_lock);
 
@@ -126,6 +130,7 @@ class Site {
 		set_config('system','allowed_sites', $allowed_sites);
 		set_config('system','publish_all', $force_publish);
 		set_config('system','disable_discover_tab', $disable_discover_tab);
+		set_config('system','force_queue_threshold', $force_queue);
 		if ($global_directory == '') {
 			del_config('system', 'directory_submit_url');
 		} else {
@@ -206,7 +211,7 @@ class Site {
 		// directory server should not be set or settable unless we are a directory client
 
 		if($dirmode == DIRECTORY_MODE_NORMAL) {
-			$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s'",
+			$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s' and site_dead = 0",
 				intval(DIRECTORY_MODE_SECONDARY),
 				intval(DIRECTORY_MODE_PRIMARY),
 				dbesc($realm)
@@ -246,6 +251,7 @@ class Site {
 		);
 
 		$discover_tab = get_config('system','disable_discover_tab');
+
 		// $disable public streams by default
 		if($discover_tab === false)
 			$discover_tab = 1;
@@ -316,7 +322,10 @@ class Site {
 			'$timeout'			=> array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
 			'$delivery_interval'			=> array('delivery_interval', t("Delivery interval"), (x(get_config('system','delivery_interval'))?get_config('system','delivery_interval'):2), t("Delay background delivery processes by this many seconds to reduce system load. Recommend: 4-5 for shared hosts, 2-3 for virtual private servers. 0-1 for large dedicated servers.")),
 			'$delivery_batch_count' => array('delivery_batch_count', t('Deliveries per process'),(x(get_config('system','delivery_batch_count'))?get_config('system','delivery_batch_count'):1), t("Number of deliveries to attempt in a single operating system process. Adjust if necessary to tune system performance. Recommend: 1-5.")),
+			'$force_queue'			=> array('force_queue', t("Queue Threshold"), get_config('system','force_queue_threshold',300), t("Always defer immediate delivery if queue contains more than this number of entries.")),
 			'$poll_interval'			=> array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")),
+			'$imagick_path'			=> array('imagick_path', t("Path to ImageMagick convert program"), get_config('system','imagick_convert_path'), t("If set, use this program to generate photo thumbnails for huge images ( > 4000 pixels in either dimension), otherwise memory exhaustion may occur. Example: /usr/bin/convert")),
+			'$thumbnail_security'			=> array('thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.")),
 			'$maxloadavg'			=> array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")),
 			'$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')),
 			'$form_security_token' => get_form_security_token("admin_site"),

Zotlabs/Module/Ap_probe.php

@@ -1,38 +0,0 @@
-<?php
-namespace Zotlabs\Module;
-
-require_once('include/zot.php');
-
-
-class Ap_probe extends \Zotlabs\Web\Controller {
-
-	function get() {
-	
-		$o .= '<h3>ActivityPub Probe Diagnostic</h3>';
-	
-		$o .= '<form action="ap_probe" method="get">';
-		$o .= 'Lookup URI: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" /><br>';
-		$o .= 'Request Signed version: <input type=checkbox name="magenv" value="1" ><br>';
-		$o .= '<input type="submit" name="submit" value="Submit" /></form>'; 
-	
-		$o .= '<br /><br />';
-	
-		if(x($_GET,'addr')) {
-			$addr = $_GET['addr'];
-
-			if($_GET['magenv']) {
-				$headers = 'Accept: application/magic-envelope+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"';
-			}
-			else {
-				$headers = 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams"';
-			}
-
-			$redirects = 0;
-		    $x = z_fetch_url($addr,true,$redirects, [ 'headers' => [ $headers ]]);
-	    	if($x['success'])
-				$o .= '<pre>' . str_replace(['\\n','\\'],["\n",''],jindent($x['body'])) . '</pre>';
-		}
-		return $o;
-	}
-	
-}

Zotlabs/Module/Appman.php

@@ -64,7 +64,11 @@ class Appman extends \Zotlabs\Web\Controller {
 		}
 
 		if($_POST['feature']) {
-			Zlib\Apps::app_feature(local_channel(),$papp);
+			Zlib\Apps::app_feature(local_channel(), $papp, $_POST['feature']);
+		}
+
+		if($_POST['pin']) {
+			Zlib\Apps::app_feature(local_channel(), $papp, $_POST['pin']);
 		}
 
 		if($_SESSION['return_url']) 

Zotlabs/Module/Apporder.php

@@ -11,30 +11,41 @@ class Apporder extends \Zotlabs\Web\Controller {
 	}
 
 	function get() {
-       $syslist = array();
-        $list = Zlib\Apps::app_list(local_channel(), false, 'nav_featured_app');
-        if($list) {
-            foreach($list as $li) {
-                $syslist[] = Zlib\Apps::app_encode($li);
-            }
-        }
-        Zlib\Apps::translate_system_apps($syslist);
 
-	    usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');
+		if(! local_channel())
+			return;
 
-    	$syslist = Zlib\Apps::app_order(local_channel(),$syslist);
+		nav_set_selected('Order Apps');
 
-	    foreach($syslist as $app) {
-    	    $nav_apps[] = Zlib\Apps::app_render($app,'nav-order');
+		$syslist = array();
+		$list = Zlib\Apps::app_list(local_channel(), false, ['nav_featured_app', 'nav_pinned_app']);
+		if($list) {
+			foreach($list as $li) {
+				$syslist[] = Zlib\Apps::app_encode($li);
+			}
+		}
+		Zlib\Apps::translate_system_apps($syslist);
 
+		usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');
+
+		$syslist = Zlib\Apps::app_order(local_channel(),$syslist);
+
+		foreach($syslist as $app) {
+			if(strpos($app['categories'],'nav_pinned_app') !== false) {
+				$navbar_apps[] = Zlib\Apps::app_render($app,'nav-order');
+			}
+			else {
+				$nav_apps[] = Zlib\Apps::app_render($app,'nav-order');
+			}
 		}
 
-	return replace_macros(get_markup_template('apporder.tpl'),
-		[
-			'$header' => t('Change Order of Navigation Apps'),
-			'$desc' => t('Use arrows to move the corresponding app up or down in the display list'),
-			'$nav_apps' => $nav_apps
-		]
-	);
+		return replace_macros(get_markup_template('apporder.tpl'),
+			[
+				'$header' => [t('Change Order of Pinned Navbar Apps'), t('Change Order of App Tray Apps')],
+				'$desc' => [t('Use arrows to move the corresponding app left (top) or right (bottom) in the navbar'), t('Use arrows to move the corresponding app up or down in the app tray')],
+				'$nav_apps' => $nav_apps,
+				'$navbar_apps' => $navbar_apps
+			]
+		);
 	}
 }

Zotlabs/Module/Apps.php

@@ -7,6 +7,8 @@ use \Zotlabs\Lib as Zlib;
 class Apps extends \Zotlabs\Web\Controller {
 
 	function get() {
+
+		nav_set_selected('Apps');
 	
 		if(argc() == 2 && argv(1) == 'edit')
 			$mode = 'edit';
@@ -20,7 +22,8 @@ class Apps extends \Zotlabs\Web\Controller {
 		if(local_channel()) {
 			Zlib\Apps::import_system_apps();
 			$syslist = array();
-			$list = Zlib\Apps::app_list(local_channel(), (($mode == 'edit') ? true : false), $_GET['cat']);
+			$cat = ((array_key_exists('cat',$_GET) && $_GET['cat']) ? [ escape_tags($_GET['cat']) ] : '');
+			$list = Zlib\Apps::app_list(local_channel(), (($mode == 'edit') ? true : false), $cat);
 			if($list) {
 				foreach($list as $x) {
 					$syslist[] = Zlib\Apps::app_encode($x);
@@ -41,7 +44,7 @@ class Apps extends \Zotlabs\Web\Controller {
 
 		return replace_macros(get_markup_template('myapps.tpl'), array(
 			'$sitename' => get_config('system','sitename'),
-			'$cat' => ((array_key_exists('cat',$_GET) && $_GET['cat']) ? escape_tags($_GET['cat']) : ''),
+			'$cat' => $cat,
 			'$title' => t('Apps'),
 			'$apps' => $apps,
 			'$authed' => ((local_channel()) ? true : false),

Zotlabs/Module/Article_edit.php

@@ -0,0 +1,138 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once('include/channel.php');
+require_once('include/acl_selectors.php');
+require_once('include/conversation.php');
+
+class Article_edit extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+
+		// Figure out which post we're editing
+		$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
+
+		if(! $post_id) {
+			notice( t('Item not found') . EOL);
+			return;
+		}
+
+		$itm = q("SELECT * FROM item WHERE id = %d and item_type = %d LIMIT 1",
+			intval($post_id),
+			intval(ITEM_TYPE_ARTICLE)
+		);
+		if($itm) {
+			$item_id = q("select * from iconfig where cat = 'system' and k = 'ARTICLE' and iid = %d limit 1",
+				intval($itm[0]['id'])
+			);
+			if($item_id)
+				$card_title = $item_id[0]['v'];
+		}
+		else {
+			notice( t('Item not found') . EOL);
+			return;
+		}
+
+		$owner = $itm[0]['uid'];
+		$uid = local_channel();
+
+		$observer = \App::get_observer();
+
+		$channel = channelx_by_n($owner);
+		if(! $channel) {
+			notice( t('Channel not found.') . EOL);
+			return;
+		}
+
+		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+
+		if(! perm_is_allowed($owner,$ob_hash,'write_pages')) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+		$is_owner = (($uid && $uid == $owner) ? true : false);
+
+		$o = '';
+
+
+
+		$category = '';
+		$catsenabled = ((feature_enabled($owner,'categories')) ? 'categories' : '');
+
+		if ($catsenabled){
+		        $itm = fetch_post_tags($itm);
+	
+	                $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY);
+	
+		        foreach ($cats as $cat) {
+		                if (strlen($category))
+		                        $category .= ', ';
+		                $category .= $cat['term'];
+		        }
+		}
+
+		if($itm[0]['attach']) {
+			$j = json_decode($itm[0]['attach'],true);
+			if($j) {
+				foreach($j as $jj) {
+					$itm[0]['body'] .= "\n" . '[attachment]' . basename($jj['href']) . ',' . $jj['revision'] . '[/attachment]' . "\n";
+				}
+			}
+		}
+
+
+		$mimetype = $itm[0]['mimetype'];
+
+		$content = $itm[0]['body'];
+
+
+
+		$rp = 'articles/' . $channel['channel_address'];
+
+		$x = array(
+			'nickname' => $channel['channel_address'],
+			'bbco_autocomplete'=> 'bbcode',
+			'return_path' => $rp,
+			'webpage' => ITEM_TYPE_ARTICLE,
+			'button' => t('Edit'),
+			'writefiles' => perm_is_allowed($owner, get_observer_hash(), 'write_pages'),
+			'weblink' => t('Insert web link'),
+			'hide_voting' => false,
+			'hide_future' => false,
+			'hide_location' => false,
+			'hide_expire' => false,
+			'showacl' => true,
+			'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')),
+			'permissions' => $itm[0],
+			'lockstate' => (($itm[0]['allow_cid'] || $itm[0]['allow_gid'] || $itm[0]['deny_cid'] || $itm[0]['deny_gid']) ? 'lock' : 'unlock'),
+			'ptyp' => $itm[0]['type'],
+			'mimeselect' => false,
+			'mimetype' => $itm[0]['mimetype'],
+			'body' => undo_post_tagging($content),
+			'post_id' => $post_id,
+			'visitor' => true,
+			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
+			'placeholdertitle' => t('Title (optional)'),
+			'pagetitle' => $card_title,
+			'profile_uid' => (intval($channel['channel_id'])),
+			'catsenabled' => $catsenabled,
+			'category' => $category,
+			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
+		);
+
+		$editor = status_editor($a, $x);
+
+		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
+			'$title' => t('Edit Article'),
+			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
+			'$id' => $itm[0]['id'],
+			'$editor' => $editor
+		));
+
+		return $o;
+
+	}
+
+}

Zotlabs/Module/Articles.php

@@ -0,0 +1,187 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once('include/channel.php');
+require_once('include/conversation.php');
+require_once('include/acl_selectors.php');
+
+
+class Articles extends \Zotlabs\Web\Controller {
+
+	function init() {
+	
+		if(argc() > 1)
+			$which = argv(1);
+		else
+			return;
+	
+		profile_load($which);
+	
+	}
+	
+	function get($update = 0, $load = false) {
+	
+		if(observer_prohibited(true)) {
+			return login();
+		}
+
+		if(! \App::$profile) {
+			notice( t('Requested profile is not available.') . EOL );
+			\App::$error = 404;
+			return;
+		}
+
+		if(! feature_enabled(\App::$profile_uid,'articles')) {
+			return;
+		}
+
+		nav_set_selected(t('Cards'));
+
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
+
+
+		$category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : '');
+					
+		if($category) {
+			$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
+		}
+
+
+		$which = argv(1);
+		
+		$selected_card = ((argc() > 2) ? argv(2) : '');
+
+		$_SESSION['return_url'] = \App::$query_string;
+	
+		$uid      = local_channel();
+		$owner    = \App::$profile_uid;
+		$observer = \App::get_observer();
+	
+		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+		
+		if(! perm_is_allowed($owner,$ob_hash,'view_pages')) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+		
+		$is_owner = ($uid && $uid == $owner);
+	
+		$channel = channelx_by_n($owner);
+
+		if($channel) {
+			$channel_acl = array(
+				'allow_cid' => $channel['channel_allow_cid'],
+				'allow_gid' => $channel['channel_allow_gid'],
+				'deny_cid'  => $channel['channel_deny_cid'],
+				'deny_gid'  => $channel['channel_deny_gid']
+			);
+		}
+		else {
+			$channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ];
+		}
+	
+
+
+		if(perm_is_allowed($owner,$ob_hash,'write_pages')) {
+
+			$x = [
+				'webpage'           => ITEM_TYPE_ARTICLE,
+				'is_owner'          => true,
+				'content_label'     => t('Add Article'),
+				'button'            => t('Create'),
+				'nickname'          => $channel['channel_address'],
+				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] 
+					|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
+				'acl'               => (($is_owner) ? populate_acl($channel_acl, false, 
+					\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''),
+				'permissions'       => $channel_acl,
+				'showacl'           => (($is_owner) ? true : false),
+				'visitor'           => true,
+				'hide_location'     => false,
+				'hide_voting'       => false,
+				'profile_uid'       => intval($owner),
+				'mimetype'          => 'text/bbcode',
+				'mimeselect'        => false,
+				'layoutselect'      => false,
+				'expanded'          => false,
+				'novoting'          => false,
+				'catsenabled'       => feature_enabled($owner,'categories'),
+				'bbco_autocomplete' => 'bbcode',
+				'bbcode'            => true
+			];
+
+			if($_REQUEST['title'])
+				$x['title'] = $_REQUEST['title'];
+			if($_REQUEST['body'])
+				$x['body'] = $_REQUEST['body'];
+			$editor = status_editor($a,$x);
+
+		}
+		else {
+			$editor = '';
+		}
+		
+		
+		$sql_extra = item_permissions_sql($owner);
+
+		if($selected_card) {
+			$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.v = '%s' limit 1",
+				dbesc($selected_card)
+			);
+			if($r) {
+				$sql_extra .= "and item.id = " . intval($r[0]['iid']) . " ";
+			}
+		}
+				
+		$r = q("select * from item 
+			where item.uid = %d and item_type = %d 
+			$sql_extra order by item.created desc",
+			intval($owner),
+			intval(ITEM_TYPE_ARTICLE)
+		);
+
+		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,7) and item.item_deleted = 0
+			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
+			and item.item_blocked = 0 ";
+
+		if($r) {
+
+			$parents_str = ids_to_querystr($r,'id');
+
+			$items = q("SELECT item.*, item.id AS item_id
+				FROM item
+				WHERE item.uid = %d $item_normal
+				AND item.parent IN ( %s )
+				$sql_extra $sql_extra2 ",
+				intval(\App::$profile['profile_uid']),
+				dbesc($parents_str)
+			);
+			if($items) {
+				xchan_query($items);
+				$items = fetch_post_tags($items, true);
+				$items = conv_sort($items,'updated');
+			}
+			else
+				$items = [];
+		}
+
+		$mode = 'articles';
+			
+     	$content = conversation($items,$mode,false,'traditional');
+
+		$o = replace_macros(get_markup_template('cards.tpl'), [
+			'$title' => t('Articles'),
+			'$editor' => $editor,
+			'$content' => $content,
+			'$pager' => alt_pager($a,count($items))
+		]);
+
+        return $o;
+    }
+
+}

Zotlabs/Module/Attach.php

@@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller {
 	
 		$unsafe_types = array('text/html','text/css','application/javascript');
 	
-		if(in_array($r['data']['filetype'],$unsafe_types)) {
+		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
 				header('Content-type: text/plain');
 		}
 		else {

Zotlabs/Module/Bookmarks.php

@@ -8,7 +8,7 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 		if(! local_channel())
 			return;
 
-		nav_set_selected(t('View Bookmarks'));
+		nav_set_selected('View Bookmarks');
 
 		$item_id = intval($_REQUEST['item']);
 		$burl = trim($_REQUEST['burl']);

Zotlabs/Module/Cal.php

@@ -69,6 +69,8 @@ class Cal extends \Zotlabs\Web\Controller {
 			notice( t('Permissions denied.') . EOL);
 			return;
 		}
+
+		nav_set_selected('Calendar');
 	
 		$sql_extra = permissions_sql($channel['channel_id'],get_observer_hash(),'event');
 	

Zotlabs/Module/Card_edit.php

@@ -0,0 +1,138 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once('include/channel.php');
+require_once('include/acl_selectors.php');
+require_once('include/conversation.php');
+
+class Card_edit extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+
+		// Figure out which post we're editing
+		$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
+
+		if(! $post_id) {
+			notice( t('Item not found') . EOL);
+			return;
+		}
+
+		$itm = q("SELECT * FROM item WHERE id = %d and item_type = %d LIMIT 1",
+			intval($post_id),
+			intval(ITEM_TYPE_CARD)
+		);
+		if($itm) {
+			$item_id = q("select * from iconfig where cat = 'system' and k = 'CARD' and iid = %d limit 1",
+				intval($itm[0]['id'])
+			);
+			if($item_id)
+				$card_title = $item_id[0]['v'];
+		}
+		else {
+			notice( t('Item not found') . EOL);
+			return;
+		}
+
+		$owner = $itm[0]['uid'];
+		$uid = local_channel();
+
+		$observer = \App::get_observer();
+
+		$channel = channelx_by_n($owner);
+		if(! $channel) {
+			notice( t('Channel not found.') . EOL);
+			return;
+		}
+
+		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+
+		if(! perm_is_allowed($owner,$ob_hash,'write_pages')) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+		$is_owner = (($uid && $uid == $owner) ? true : false);
+
+		$o = '';
+
+
+
+		$category = '';
+		$catsenabled = ((feature_enabled($owner,'categories')) ? 'categories' : '');
+
+		if ($catsenabled){
+		        $itm = fetch_post_tags($itm);
+	
+	                $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY);
+	
+		        foreach ($cats as $cat) {
+		                if (strlen($category))
+		                        $category .= ', ';
+		                $category .= $cat['term'];
+		        }
+		}
+
+		if($itm[0]['attach']) {
+			$j = json_decode($itm[0]['attach'],true);
+			if($j) {
+				foreach($j as $jj) {
+					$itm[0]['body'] .= "\n" . '[attachment]' . basename($jj['href']) . ',' . $jj['revision'] . '[/attachment]' . "\n";
+				}
+			}
+		}
+
+
+		$mimetype = $itm[0]['mimetype'];
+
+		$content = $itm[0]['body'];
+
+
+
+		$rp = 'cards/' . $channel['channel_address'];
+
+		$x = array(
+			'nickname' => $channel['channel_address'],
+			'bbco_autocomplete'=> 'bbcode',
+			'return_path' => $rp,
+			'webpage' => ITEM_TYPE_CARD,
+			'button' => t('Edit'),
+			'writefiles' => perm_is_allowed($owner, get_observer_hash(), 'write_pages'),
+			'weblink' => t('Insert web link'),
+			'hide_voting' => false,
+			'hide_future' => false,
+			'hide_location' => false,
+			'hide_expire' => false,
+			'showacl' => true,
+			'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')),
+			'permissions' => $itm[0],
+			'lockstate' => (($itm[0]['allow_cid'] || $itm[0]['allow_gid'] || $itm[0]['deny_cid'] || $itm[0]['deny_gid']) ? 'lock' : 'unlock'),
+			'ptyp' => $itm[0]['type'],
+			'mimeselect' => false,
+			'mimetype' => $itm[0]['mimetype'],
+			'body' => undo_post_tagging($content),
+			'post_id' => $post_id,
+			'visitor' => true,
+			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
+			'placeholdertitle' => t('Title (optional)'),
+			'pagetitle' => $card_title,
+			'profile_uid' => (intval($channel['channel_id'])),
+			'catsenabled' => $catsenabled,
+			'category' => $category,
+			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
+		);
+
+		$editor = status_editor($a, $x);
+
+		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
+			'$title' => t('Edit Card'),
+			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
+			'$id' => $itm[0]['id'],
+			'$editor' => $editor
+		));
+
+		return $o;
+
+	}
+
+}

Zotlabs/Module/Cards.php

@@ -0,0 +1,187 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once('include/channel.php');
+require_once('include/conversation.php');
+require_once('include/acl_selectors.php');
+
+
+class Cards extends \Zotlabs\Web\Controller {
+
+	function init() {
+	
+		if(argc() > 1)
+			$which = argv(1);
+		else
+			return;
+	
+		profile_load($which);
+	
+	}
+	
+	function get($update = 0, $load = false) {
+	
+		if(observer_prohibited(true)) {
+			return login();
+		}
+
+		if(! \App::$profile) {
+			notice( t('Requested profile is not available.') . EOL );
+			\App::$error = 404;
+			return;
+		}
+
+		if(! feature_enabled(\App::$profile_uid,'cards')) {
+			return;
+		}
+
+		nav_set_selected(t('Cards'));
+
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
+
+
+		$category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : '');
+					
+		if($category) {
+			$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
+		}
+
+
+		$which = argv(1);
+		
+		$selected_card = ((argc() > 2) ? argv(2) : '');
+
+		$_SESSION['return_url'] = \App::$query_string;
+	
+		$uid      = local_channel();
+		$owner    = \App::$profile_uid;
+		$observer = \App::get_observer();
+	
+		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+		
+		if(! perm_is_allowed($owner,$ob_hash,'view_pages')) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+		
+		$is_owner = ($uid && $uid == $owner);
+	
+		$channel = channelx_by_n($owner);
+
+		if($channel) {
+			$channel_acl = array(
+				'allow_cid' => $channel['channel_allow_cid'],
+				'allow_gid' => $channel['channel_allow_gid'],
+				'deny_cid'  => $channel['channel_deny_cid'],
+				'deny_gid'  => $channel['channel_deny_gid']
+			);
+		}
+		else {
+			$channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ];
+		}
+	
+
+
+		if(perm_is_allowed($owner,$ob_hash,'write_pages')) {
+
+			$x = [
+				'webpage'           => ITEM_TYPE_CARD,
+				'is_owner'          => true,
+				'content_label'     => t('Add Card'),
+				'button'            => t('Create'),
+				'nickname'          => $channel['channel_address'],
+				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] 
+					|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
+				'acl'               => (($is_owner) ? populate_acl($channel_acl, false, 
+					\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''),
+				'permissions'       => $channel_acl,
+				'showacl'           => (($is_owner) ? true : false),
+				'visitor'           => true,
+				'hide_location'     => false,
+				'hide_voting'       => false,
+				'profile_uid'       => intval($owner),
+				'mimetype'          => 'text/bbcode',
+				'mimeselect'        => false,
+				'layoutselect'      => false,
+				'expanded'          => false,
+				'novoting'          => false,
+				'catsenabled'       => feature_enabled($owner,'categories'),
+				'bbco_autocomplete' => 'bbcode',
+				'bbcode'            => true
+			];
+
+			if($_REQUEST['title'])
+				$x['title'] = $_REQUEST['title'];
+			if($_REQUEST['body'])
+				$x['body'] = $_REQUEST['body'];
+			$editor = status_editor($a,$x);
+
+		}
+		else {
+			$editor = '';
+		}
+		
+		
+		$sql_extra = item_permissions_sql($owner);
+
+		if($selected_card) {
+			$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
+				dbesc($selected_card)
+			);
+			if($r) {
+				$sql_extra .= "and item.id = " . intval($r[0]['iid']) . " ";
+			}
+		}
+				
+		$r = q("select * from item 
+			where item.uid = %d and item_type = %d 
+			$sql_extra order by item.created desc",
+			intval($owner),
+			intval(ITEM_TYPE_CARD)
+		);
+
+		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0
+			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
+			and item.item_blocked = 0 ";
+
+		if($r) {
+
+			$parents_str = ids_to_querystr($r,'id');
+
+			$items = q("SELECT item.*, item.id AS item_id
+				FROM item
+				WHERE item.uid = %d $item_normal
+				AND item.parent IN ( %s )
+				$sql_extra $sql_extra2 ",
+				intval(\App::$profile['profile_uid']),
+				dbesc($parents_str)
+			);
+			if($items) {
+				xchan_query($items);
+				$items = fetch_post_tags($items, true);
+				$items = conv_sort($items,'updated');
+			}
+			else
+				$items = [];
+		}
+
+		$mode = 'cards';
+			
+     	$content = conversation($items,$mode,false,'traditional');
+
+		$o = replace_macros(get_markup_template('cards.tpl'), [
+			'$title' => t('Cards'),
+			'$editor' => $editor,
+			'$content' => $content,
+			'$pager' => alt_pager($a,count($items))
+		]);
+
+        return $o;
+    }
+
+}

Zotlabs/Module/Cdav.php

@@ -3,30 +3,80 @@ namespace Zotlabs\Module;
 
 require_once('include/event.php');
 
+require_once('include/auth.php');
+require_once('include/security.php');
+
 class Cdav extends \Zotlabs\Web\Controller {
 
 	function init() {
 
+		$record = null;
+		$channel_login = false;
+
 		if((argv(1) !== 'calendar') && (argv(1) !== 'addressbook')) {
 
-			// workaround for HTTP-auth in CGI mode
-			if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
-				$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
-				if(strlen($userpass)) {
-					list($name, $password) = explode(':', $userpass);
-					$_SERVER['PHP_AUTH_USER'] = $name;
-					$_SERVER['PHP_AUTH_PW'] = $password;
+			foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
+
+				/* Basic authentication */
+
+				if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') {
+					$userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ;
+					if(strlen($userpass)) {
+						list($name, $password) = explode(':', $userpass);
+						$_SERVER['PHP_AUTH_USER'] = $name;
+						$_SERVER['PHP_AUTH_PW']   = $password;
+					}
+					break;
+				}
+
+				/* Signature authentication */
+
+				if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
+					if($head !== 'HTTP_AUTHORIZATION') {
+						$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
+						continue;
+					}
+
+					$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
+					if($sigblock) {
+						$keyId = str_replace('acct:','',$sigblock['keyId']);
+						if($keyId) {
+							$r = q("select * from hubloc where hubloc_addr = '%s' limit 1",
+								dbesc($keyId)
+							);
+							if($r) {
+								$c = channelx_by_hash($r[0]['hubloc_hash']);
+								if($c) {
+									$a = q("select * from account where account_id = %d limit 1",
+										intval($c['channel_account_id'])
+									);
+									if($a) {
+										$record = [ 'channel' => $c, 'account' => $a[0] ];
+										$channel_login = $c['channel_id'];
+									}
+								}
+							}
+							if(! $record)
+								continue;
+
+							if($record) {
+								$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
+								if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
+									$record = null;
+								}
+								if($record['account']) {
+							        authenticate_success($record['account']);
+							        if($channel_login) {
+							            change_channel($channel_login);
+									}
+								}
+								break;
+							}
+						}
+					}
 				}
 			}
 
-			if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
-				$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
-				if(strlen($userpass)) {
-					list($name, $password) = explode(':', $userpass);
-					$_SERVER['PHP_AUTH_USER'] = $name;
-					$_SERVER['PHP_AUTH_PW'] = $password;
-				}
-			}
 
 			/**
 			 * This server combines both CardDAV and CalDAV functionality into a single
@@ -774,7 +824,7 @@ class Cdav extends \Zotlabs\Web\Controller {
 		}
 
 		if(argv(1) === 'calendar') {
-			nav_set_selected(t('CalDAV'));
+			nav_set_selected('CalDAV');
 			$caldavBackend = new \Sabre\CalDAV\Backend\PDO($pdo);
 			$calendars = $caldavBackend->getCalendarsForUser($principalUri);
 		}
@@ -975,7 +1025,7 @@ class Cdav extends \Zotlabs\Web\Controller {
 
 
 		if(argv(1) === 'addressbook') {
-			nav_set_selected(t('CardDAV'));
+			nav_set_selected('CardDAV');
 			$carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo);
 			$addressbooks = $carddavBackend->getAddressBooksForUser($principalUri);
 		}
@@ -1200,7 +1250,7 @@ class Cdav extends \Zotlabs\Web\Controller {
 			//create default addressbook
 			$carddavBackend = new \Sabre\CardDAV\Backend\PDO($pdo);
 			$properties = ['{DAV:}displayname' => t('Default Addressbook')];
-			$carddavBackend->createAddressBook($uri, $default, $properties);
+			$carddavBackend->createAddressBook($uri, 'default', $properties);
 
 		}
 	}

Zotlabs/Module/Changeaddr.php

@@ -0,0 +1,88 @@
+<?php
+namespace Zotlabs\Module;
+
+
+class Changeaddr extends \Zotlabs\Web\Controller {
+
+	function post() {
+	
+		if(! local_channel())
+			return;
+	
+		if($_SESSION['delegate'])
+			return;
+	
+		if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password']))))
+			return;
+	
+		if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify']))))
+			return;
+	
+		if($_POST['verify'] !== $_SESSION['remove_account_verify'])
+			return;
+	
+	
+		$account = \App::get_account();
+		$channel = \App::get_channel();
+	
+		$x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+		if(! ($x && $x['account']))
+			return;
+	
+		if($account['account_password_changed'] > NULL_DATE) {
+			$d1 = datetime_convert('UTC','UTC','now - 48 hours');
+			if($account['account_password_changed'] > d1) {
+				notice( t('Channel name changes are not allowed within 48 hours of changing the account password.') . EOL);
+				return;
+			}
+		}
+	
+		$new_address = trim($_POST['newname']);
+
+		if($new_address === $channel['channel_address'])
+			return;
+
+		if($new_address === 'sys') {
+			notice( t('Reserved nickname. Please choose another.') . EOL);
+			return;
+		}
+
+		if(check_webbie(array($new_address)) !== $new_address) {
+			notice( t('Nickname has unsupported characters or is already being used on this site.') . EOL);
+			return $ret;
+		}
+
+		channel_change_address($channel,$new_address);
+
+		goaway(z_root() . '/changeaddr');
+	
+	}
+	
+	
+	function get() {
+	
+		if(! local_channel())
+			goaway(z_root());
+	
+		$channel = \App::get_channel();
+
+		$hash = random_string();
+	
+		$_SESSION['remove_account_verify'] = $hash;
+	
+		$tpl = get_markup_template('channel_rename.tpl');
+		$o .= replace_macros($tpl, array(
+			'$basedir' => z_root(),
+			'$hash' => $hash,
+			'$title' => t('Change channel nickname/address'),
+			'$desc' => array(t('WARNING: '), t('Any/all connections on other networks will be lost!')),
+			'$passwd' => t('Please enter your password for verification:'),
+			'$newname' => array('newname', t('New channel address'),$channel['channel_address'], ''),
+			'$submit' => t('Rename Channel')
+		));
+	
+		return $o;		
+	
+	}
+	
+}

Zotlabs/Module/Channel.php

@@ -92,11 +92,6 @@ class Channel extends \Zotlabs\Web\Controller {
 			// Ensure we've got a profile owner if updating.
 			\App::$profile['profile_uid'] = \App::$profile_uid = $update;
 		}
-		else {
-			if(\App::$profile['profile_uid'] == local_channel()) {
-				nav_set_selected(t('Channel Home'));
-			}
-		}
 
 		$is_owner = (((local_channel()) && (\App::$profile['profile_uid'] == local_channel())) ? true : false);
 
@@ -119,11 +114,13 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		if(! $update) {
 
+			nav_set_selected('Channel Home');
+
 			$static = channel_manual_conv_update(\App::$profile['profile_uid']);
 
 			//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
 
-			$o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
+			// $o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
 
 			if($channel && $is_owner) {
 				$channel_acl = array(
@@ -169,6 +166,7 @@ class Channel extends \Zotlabs\Web\Controller {
 		 */
 
 		$item_normal = item_normal();
+		$item_normal_update = item_normal_update();
 		$sql_extra = item_permissions_sql(\App::$profile['profile_uid']);
 
 		if(get_pconfig(\App::$profile['profile_uid'],'system','channel_list_mode') && (! $mid))
@@ -180,7 +178,12 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		$simple_update = (($update) ? " AND item_unseen = 1 " : '');
 
-		\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
 
 		if($update && $_SESSION['loadtime'])
 			$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' )  OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
@@ -188,12 +191,12 @@ class Channel extends \Zotlabs\Web\Controller {
 			$simple_update = '';
 
 		if($static && $simple_update)
-			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
+			$simple_update .= " and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
 
 		if(($update) && (! $load)) {
 
 			if($mid) {
-				$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
+				$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update $sql_extra limit 1",
 					dbesc($mid . '%'),
 					intval(\App::$profile['profile_uid'])
@@ -203,7 +206,7 @@ class Channel extends \Zotlabs\Web\Controller {
 			else {
 				$r = q("SELECT distinct parent AS item_id, created from item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
-					WHERE uid = %d $item_normal
+					WHERE uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update
 					AND (abook.abook_blocked = 0 or abook.abook_flags is null)
 					$sql_extra
@@ -236,7 +239,7 @@ class Channel extends \Zotlabs\Web\Controller {
 
 			if($load || ($checkjs->disabled())) {
 				if($mid) {
-					$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
+					$r = q("SELECT distinct parent AS item_id from item where mid like '%s' and uid = %d $item_normal
 						AND item_wall = 1 $sql_extra limit 1",
 						dbesc($mid . '%'),
 						intval(\App::$profile['profile_uid'])
@@ -329,6 +332,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$tags' => (($hashtags) ? urlencode($hashtags) : ''),
 				'$mid' => $mid,
 				'$verb' => '',
+				'$net' => '',
 				'$dend' => $datequery,
 				'$dbegin' => $datequery2
 			));
@@ -358,9 +362,13 @@ class Channel extends \Zotlabs\Web\Controller {
 		}
 
 		if($is_owner && $update_unseen) {
-			$r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d $update_unseen",
-				intval(local_channel())
-			);
+			$x = [ 'channel_id' => local_channel(), 'update' => 'unset' ];
+			call_hooks('update_unseen',$x);
+			if($x['update'] === 'unset' || intval($x['update'])) {
+				$r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d $update_unseen",
+					intval(local_channel())
+				);
+			}
 		}
 
 

Zotlabs/Module/Chat.php

@@ -91,7 +91,7 @@ class Chat extends \Zotlabs\Web\Controller {
 	
 		if(local_channel()) {
 			$channel = \App::get_channel();
-			nav_set_selected(t('My Chatrooms'));
+			nav_set_selected('My Chatrooms');
 		}
 
 		$ob = \App::get_observer();

Zotlabs/Module/Cloud.php

@@ -57,12 +57,12 @@ class Cloud extends \Zotlabs\Web\Controller {
 			$auth->observer = $ob_hash;
 		}
 
+		// if we arrived at this path with any query parameters in the url, build a clean url without
+		// them and redirect.
 
-		$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
-		$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
-
-		$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
-		$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
+		$x = clean_query_string();
+		if($x !== \App::$query_string)
+			goaway(z_root() . '/' . $x);
 
 		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
 
@@ -83,17 +83,42 @@ class Cloud extends \Zotlabs\Web\Controller {
 		$server->addPlugin($browser);
 
 		// Experimental QuotaPlugin
-	//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
-	//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
+		//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
+		//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
+
+
+		// over-ride the default XML output on thrown exceptions
+
+		$server->on('exception', [ $this, 'DAVException' ]);
 
-//		ob_start();
 		// All we need to do now, is to fire up the server
+
 		$server->exec();
 
-//		ob_end_flush();
 		if($browser->build_page)
 			construct_page();
+		
+		killme();
+	}
+
+
+	function DAVException($err) {
+			
+		if($err instanceof \Sabre\DAV\Exception\NotFound) {
+			notice( t('Not found') . EOL);
+		}
+		elseif($err instanceof \Sabre\DAV\Exception\Forbidden) {
+			notice( t('Permission denied') . EOL);
+		}
+		else {
+			notice( t('Unknown error') . EOL);
+		}
+
+		construct_page();
+			
 		killme();
 	}
 
 }
+
+

Zotlabs/Module/Cloud_tiles.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace Zotlabs\Module;
+
+class Cloud_tiles extends \Zotlabs\Web\Controller {
+
+	function init() {
+
+		if(intval($_SESSION['cloud_tiles']))
+			$_SESSION['cloud_tiles'] = 0;
+		else
+			$_SESSION['cloud_tiles'] = 1;
+
+		if(local_channel()) {
+			set_pconfig(local_channel(),'system','cloud_tiles',$_SESSION['cloud_tiles']);
+		}
+
+		goaway(z_root() . '/' . hex2bin(argv(1)));
+
+	}
+}

Zotlabs/Module/Common.php

@@ -25,7 +25,7 @@ class Common extends \Zotlabs\Web\Controller {
 	
 	}
 	
-		function get() {
+	function get() {
 	
 		$o = '';
 	
@@ -34,38 +34,37 @@ class Common extends \Zotlabs\Web\Controller {
 	
 		$observer_hash = get_observer_hash();
 	
-	
 		if(! perm_is_allowed(\App::$profile['profile_uid'],$observer_hash,'view_contacts')) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
 	
-		$o .= '<h2>' . t('Common connections') . '</h2>';
-	
 		$t = count_common_friends(\App::$profile['profile_uid'],$observer_hash);
 	
 		if(! $t) {
 			notice( t('No connections in common.') . EOL);
-			return $o;
+			return;
 		}
 	
 		$r = common_friends(\App::$profile['profile_uid'],$observer_hash);
 	
 		if($r) {
-	
-			$tpl = get_markup_template('common_friends.tpl');
-	
 			foreach($r as $rr) {
-				$o .= replace_macros($tpl,array(
-					'$url'   => $rr['xchan_url'],
-					'$name'  => $rr['xchan_name'],
-					'$photo' => $rr['xchan_photo_m'],
-					'$tags'  => ''
-				));
+				$items[] = [
+					'url'   => $rr['xchan_url'],
+					'name'  => $rr['xchan_name'],
+					'photo' => $rr['xchan_photo_m'],
+					'tags'  => ''
+				];
 			}
-	
-			$o .= cleardiv();
 		}
+
+		$tpl = get_markup_template('common_friends.tpl');
+
+		$o = replace_macros($tpl, [
+			'$title' => t('View Common Connections'),
+			'$items' => $items
+		]);
 	
 		return $o;
 	}

Zotlabs/Module/Connections.php

@@ -30,7 +30,7 @@ class Connections extends \Zotlabs\Web\Controller {
 			return login();
 		}
 
-		nav_set_selected(t('Connections'));
+		nav_set_selected('Connections');
 	
 		$blocked     = false;
 		$hidden      = false;

Zotlabs/Module/Connedit.php

@@ -248,6 +248,10 @@ class Connedit extends \Zotlabs\Web\Controller {
 			notice( t('Failed to update connection record.') . EOL);
 
 		if(! intval(\App::$poi['abook_self'])) {
+			if($new_friend) {
+				\Zotlabs\Daemon\Master::Summon( [ 'Notifier', 'permission_accept', $contact_id ] ); 
+			}
+
 			\Zotlabs\Daemon\Master::Summon( [ 
 				'Notifier', 
 				(($new_friend) ? 'permission_create' : 'permission_update'), 
@@ -563,7 +567,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 			$contact_id = \App::$poi['abook_id'];
 			$contact = \App::$poi;
 
-			$cn = q("SELECT abook_id, xchan_name from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 order by xchan_name",
+			$cn = q("SELECT abook_id, xchan_name from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 and xchan_deleted = 0 order by xchan_name",
 				intval(local_channel())
 			);
 
@@ -841,7 +845,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 				}
 			}
 			else
-				$locstr = t('none');
+				$locstr = $contact['xchan_url'];
 
 			$clone_warn = '';
 			$clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false);
@@ -866,6 +870,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 				'$permcat_new'    => t('Add permission role'),
 				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
 				'$addr'           => $contact['xchan_addr'],
+				'$primeurl'       => $contact['xchan_url'],
 				'$section'        => $section,
 				'$sections'       => $sections,
 				'$vcard'          => $vcard,

Zotlabs/Module/Dav.php

@@ -12,6 +12,9 @@ use \Sabre\DAV as SDAV;
 use \Zotlabs\Storage;
 
 require_once('include/attach.php');
+require_once('include/auth.php');
+require_once('include/security.php');
+
 
 class Dav extends \Zotlabs\Web\Controller {
 
@@ -21,22 +24,65 @@ class Dav extends \Zotlabs\Web\Controller {
 	 */
 	function init() {
 
-		// workaround for HTTP-auth in CGI mode
-		if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
- 			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
-			if(strlen($userpass)) {
-			 	list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
-		}
+		foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
 
-		if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
-			$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
-			if(strlen($userpass)) {
-				list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
+			/* Basic authentication */
+
+			if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') {
+				$userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW']   = $password;
+				}
+				break;
+			}
+
+			/* Signature authentication */
+
+			if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
+				if($head !== 'HTTP_AUTHORIZATION') {
+					$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
+					continue;
+				}
+
+				$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
+				if($sigblock) {
+					$keyId = str_replace('acct:','',$sigblock['keyId']);
+					if($keyId) {
+						$r = q("select * from hubloc where hubloc_addr = '%s' limit 1",
+							dbesc($keyId)
+						);
+						if($r) {
+							$c = channelx_by_hash($r[0]['hubloc_hash']);
+							if($c) {
+								$a = q("select * from account where account_id = %d limit 1",
+									intval($c['channel_account_id'])
+								);
+								if($a) {
+									$record = [ 'channel' => $c, 'account' => $a[0] ];
+									$channel_login = $c['channel_id'];
+								}
+							}
+						}
+						if(! $record)
+							continue;
+
+						if($record) {
+							$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
+							if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
+								$record = null;
+							}
+							if($record['account']) {
+						        authenticate_success($record['account']);
+						        if($channel_login) {
+						            change_channel($channel_login);
+								}
+							}
+							break;
+						}
+					}
+				}
 			}
 		}
 

Zotlabs/Module/Defperms.php

@@ -0,0 +1,267 @@
+<?php
+namespace Zotlabs\Module;
+
+
+require_once('include/socgraph.php');
+require_once('include/selectors.php');
+require_once('include/group.php');
+require_once('include/photos.php');
+
+
+class Defperms extends \Zotlabs\Web\Controller {
+
+	/* @brief Initialize the connection-editor
+	 *
+	 *
+	 */
+
+	function init() {
+	
+		if(! local_channel())
+			return;
+	
+		$r = q("SELECT abook.*, xchan.*
+			FROM abook left join xchan on abook_xchan = xchan_hash
+			WHERE abook_self = 1 and abook_id = %d LIMIT 1",
+			intval(local_channel())
+		);
+		if($r) {
+			\App::$poi = $r[0];
+		}
+
+		$channel = \App::get_channel();
+		if($channel)
+			head_set_icon($channel['xchan_photo_s']);	
+	}
+
+	
+	/* @brief Evaluate posted values and set changes
+	 *
+	 */
+	
+	function post() {
+	
+		if(! local_channel())
+			return;
+	
+		$contact_id = intval(argv(1));
+		if(! $contact_id)
+			return;
+	
+		$channel = \App::get_channel();
+	
+		$orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
+			intval($contact_id),
+			intval(local_channel())
+		);
+	
+		if(! $orig_record) {
+			notice( t('Could not access contact record.') . EOL);
+			goaway(z_root() . '/connections');
+			return; // NOTREACHED
+		}
+	
+
+		if(intval($orig_record[0]['abook_self'])) {
+			$autoperms = intval($_POST['autoperms']);
+			$is_self = true;
+		}
+		else {
+			$autoperms = null;
+			$is_self = false;
+		}
+	
+	
+		$all_perms = \Zotlabs\Access\Permissions::Perms();
+
+		if($all_perms) {
+			foreach($all_perms as $perm => $desc) {
+
+				$checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$perm);
+				$inherited = (($checkinherited & PERMS_SPECIFIC) ? false : true);
+
+				if(array_key_exists('perms_' . $perm, $_POST)) {
+					set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,
+						intval($_POST['perms_' . $perm]));
+					if($autoperms) {
+						set_pconfig($channel['channel_id'],'autoperms',$perm,intval($_POST['perms_' . $perm]));
+					}
+				}
+				else {
+					set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$perm,0);
+					if($autoperms) {
+						set_pconfig($channel['channel_id'],'autoperms',$perm,0);
+					}
+				}
+			}
+		}
+
+		if(! is_null($autoperms)) 
+			set_pconfig($channel['channel_id'],'system','autoperms',$autoperms);
+				
+	
+		notice( t('Settings updated.') . EOL);
+
+	
+		// Refresh the structure in memory with the new data
+	
+		$r = q("SELECT abook.*, xchan.*
+			FROM abook left join xchan on abook_xchan = xchan_hash
+			WHERE abook_channel = %d and abook_id = %d LIMIT 1",
+			intval(local_channel()),
+			intval($contact_id)
+		);
+		if($r) {
+			\App::$poi = $r[0];
+		}
+	
+	
+		$this->defperms_clone($a);
+	
+		goaway(z_root() . '/defperms');
+	
+		return;
+	
+	}
+	
+	/* @brief Clone connection
+	 *
+	 *
+	 */
+	
+	function defperms_clone(&$a) {
+	
+			if(! \App::$poi)
+				return;
+		
+			$channel = \App::get_channel();
+	
+			$r = q("SELECT abook.*, xchan.*
+				FROM abook left join xchan on abook_xchan = xchan_hash
+				WHERE abook_channel = %d and abook_id = %d LIMIT 1",
+				intval(local_channel()),
+				intval(\App::$poi['abook_id'])
+			);
+			if($r) {
+				\App::$poi = array_shift($r);
+			}
+	
+			$clone = \App::$poi;
+	
+			unset($clone['abook_id']);
+			unset($clone['abook_account']);
+			unset($clone['abook_channel']);
+	
+			$abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
+			if($abconfig)
+				$clone['abconfig'] = $abconfig;
+	
+			build_sync_packet(0 /* use the current local_channel */, array('abook' => array($clone)));
+	}
+	
+	/* @brief Generate content of connection default permissions page
+	 *
+	 *
+	 */
+	
+	function get() {
+	
+		$sort_type = 0;
+		$o = '';
+	
+		if(! local_channel()) {
+			notice( t('Permission denied.') . EOL);
+			return login();
+		}
+	
+		$section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : '');
+		$channel = \App::get_channel();
+	
+		$yes_no = array(t('No'),t('Yes'));
+	
+		$connect_perms = \Zotlabs\Access\Permissions::connect_perms(local_channel());
+
+		$o .= "<script>function connectDefaultShare() {
+		\$('.abook-edit-me').each(function() {
+			if(! $(this).is(':disabled'))
+				$(this).prop('checked', false);
+		});\n\n";
+		foreach($connect_perms['perms'] as $p => $v) {
+			if($v) {
+				$o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n";
+			}
+		}
+		$o .= " }\n</script>\n";
+	
+		if(\App::$poi) {
+	
+			$sections = [];
+
+			$self = false;
+	
+			$tpl = get_markup_template('defperms.tpl');
+	
+	
+			$perms = array();
+			$channel = \App::get_channel();
+
+			$contact = \App::$poi;
+	
+			$global_perms = \Zotlabs\Access\Permissions::Perms();
+
+			$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
+			$hidden_perms = [];
+	
+			foreach($global_perms as $k => $v) {
+				$thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k);
+				
+				$checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k);
+
+				$inherited = (($checkinherited & PERMS_SPECIFIC) ? false : true);
+
+				$perms[] = [ 'perms_' . $k, $v, intval($thisperm), '', $yes_no, (($inherited) ? ' disabled="disabled" ' : '') ];
+				if($inherited) {
+					$hidden_perms[] = [ 'perms_' . $k, intval($thisperm) ];
+				}
+			}
+	
+			$pcat = new \Zotlabs\Lib\Permcat(local_channel());
+			$pcatlist = $pcat->listing();
+			$permcats = [];
+			if($pcatlist) {
+				foreach($pcatlist as $pc) {
+					$permcats[$pc['name']] = $pc['localname'];
+				}
+			}
+
+			$o .= replace_macros($tpl, [
+				'$header'         => t('Connection Default Permissions'),
+				'$autoperms'      => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('If enabled, connection requests will be approved without your interaction'), $yes_no),
+				'$permcat'        => [ 'permcat', t('Permission role'), '', '',$permcats ],
+				'$permcat_new'    => t('Add permission role'),
+				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
+				'$section'        => $section,
+				'$sections'       => $sections,
+				'$autolbl'        => t('The permissions indicated on this page will be applied to all new connections.'),
+				'$autoapprove'    => t('Automatic approval settings'),
+				'$unapproved'     => $unapproved,
+				'$inherited'      => t('inherited'),
+				'$submit'         => t('Submit'),
+				'$me'             => t('My Settings'),
+				'$perms'          => $perms,
+				'$hidden_perms'   => $hidden_perms,
+				'$permlbl'        => t('Individual Permissions'),
+				'$permnote_self'  => t('Some individual permissions may have been preset or locked based on your channel type and privacy settings.'),
+				'$contact_id'     => $contact['abook_id'],
+				'$name'           => $contact['xchan_name'],
+			]);
+	
+			$arr = array('contact' => $contact,'output' => $o);
+	
+			call_hooks('contact_edit', $arr);
+	
+			return $arr['output'];
+	
+		}	
+	}
+}

Zotlabs/Module/Directory.php

@@ -64,6 +64,11 @@ class Directory extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
+		if(get_config('system','block_public_directory',false) && (! get_observer_hash())) {
+			notice( t('Public access denied.') . EOL);
+			return;
+		}
+			
 		$observer = get_observer_hash();
 	
 		$globaldir = get_directory_setting($observer, 'globaldir');
@@ -77,7 +82,7 @@ class Directory extends \Zotlabs\Web\Controller {
 		$pubforums = get_directory_setting($observer, 'pubforums');
 	
 		$o = '';
-		nav_set_selected(t('Directory'));
+		nav_set_selected('Directory');
 	
 		if(x($_POST,'search'))
 			$search = notags(trim($_POST['search']));
@@ -102,7 +107,7 @@ class Directory extends \Zotlabs\Web\Controller {
 			$common = array();
 			$index = 0;
 			foreach($r as $rr) {
-				$common[$rr['xchan_addr']] = $rr['total'];
+				$common[$rr['xchan_addr']] = ((intval($rr['total']) > 0) ? intval($rr['total']) - 1 : 0);
 				$addresses[$rr['xchan_addr']] = $index++;
 			}
 	
@@ -334,7 +339,7 @@ class Directory extends \Zotlabs\Web\Controller {
 								'ignlink' => $suggest ? z_root() . '/directory?ignore=' . $rr['hash'] : '',
 								'ignore_label' => t('Don\'t suggest'),
 								'common_friends' => (($common[$rr['address']]) ? intval($common[$rr['address']]) : ''),
-								'common_label' => t('Common connections:'),
+								'common_label' => t('Common connections (estimated):'),
 								'common_count' => intval($common[$rr['address']]),
 								'safe' => $safe_mode
 							);

Zotlabs/Module/Display.php

@@ -12,25 +12,36 @@ class Display extends \Zotlabs\Web\Controller {
 
 	function get($update = 0, $load = false) {
 
+		$module_format = 'html';
+
+
+		if(argc() > 1) {
+			$module_format = substr(argv(1),strrpos(argv(1),'.') + 1);
+			if(! in_array($module_format,['atom','zot','json']))
+				$module_format = 'html';			
+		}
+
 		$checkjs = new \Zotlabs\Web\CheckJS(1);
 	
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
 	
-	
 		if(observer_prohibited()) {
 			notice( t('Public access denied.') . EOL);
 			return;
 		}
 	
-			
-		if(argc() > 1 && argv(1) !== 'load')
+		if(argc() > 1) {
 			$item_hash = argv(1);
+			if($module_format !== 'html') {
+				$item_hash = substr($item_hash,0,strrpos($item_hash,'.'));
+			}
+		}
 	
 		if($_REQUEST['mid'])
 			$item_hash = $_REQUEST['mid'];
 
-			if(! $item_hash) {
+		if(! $item_hash) {
 			\App::$error = 404;
 			notice( t('Item not found.') . EOL);
 			return;
@@ -38,45 +49,41 @@ class Display extends \Zotlabs\Web\Controller {
 	
 		$observer_is_owner = false;
 		$updateable = false;
-	
-	
+
 		if(local_channel() && (! $update)) {
 	
 			$channel = \App::get_channel();
-	
-	
+
 			$channel_acl = array(
 				'allow_cid' => $channel['channel_allow_cid'], 
 				'allow_gid' => $channel['channel_allow_gid'], 
-				'deny_cid' => $channel['channel_deny_cid'], 
-				'deny_gid' => $channel['channel_deny_gid']
+				'deny_cid'  => $channel['channel_deny_cid'], 
+				'deny_gid'  => $channel['channel_deny_gid']
 			); 
-	
-	
+
 			$x = array(
-				'is_owner' => true,
-				'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
-				'default_location' => $channel['channel_location'],
-				'nickname' => $channel['channel_address'],
-				'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
+				'is_owner'            => true,
+				'allow_location'      => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
+				'default_location'    => $channel['channel_location'],
+				'nickname'            => $channel['channel_address'],
+				'lockstate'           => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
 	
-				'acl' => populate_acl($channel_acl),
-				'permissions' => $channel_acl,
-				'bang' => '',
-				'visitor' => true,
-				'profile_uid' => local_channel(),
-				'return_path' => 'channel/' . $channel['channel_address'],
-				'expanded' => true,
+				'acl'                 => populate_acl($channel_acl),
+				'permissions'         => $channel_acl,
+				'bang'                => '',
+				'visitor'             => true,
+				'profile_uid'         => local_channel(),
+				'return_path'         => 'channel/' . $channel['channel_address'],
+				'expanded'            => true,
 				'editor_autocomplete' => true,
-				'bbco_autocomplete' => 'bbcode',
-				'bbcode' => true,
-				'jotnets' => true
+				'bbco_autocomplete'   => 'bbcode',
+				'bbcode'              => true,
+				'jotnets'             => true
 			);
 	
 			$o = '<div id="jot-popup">';
 			$o .= status_editor($a,$x);
 			$o .= '</div>';
-	
 		}
 	
 		// This page can be viewed by anybody so the query could be complicated
@@ -95,14 +102,18 @@ class Display extends \Zotlabs\Web\Controller {
 		if($decoded)
 			$item_hash = $decoded;
 
-		$r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1",
-			dbesc($item_hash . '%'),
-			dbesc($decoded . '%')
+		$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid like '%s' limit 1",
+			dbesc($item_hash . '%')
 		);
 	
 		if($r) {
 			$target_item = $r[0];
 		}
+
+		//if the item is to be moderated redirect to /moderate
+		if($target_item['item_blocked'] == ITEM_MODERATED) {
+			goaway(z_root() . '/moderate/' . $target_item['id']);
+		}
 	
 		$r = null;
 	
@@ -138,60 +149,74 @@ class Display extends \Zotlabs\Web\Controller {
 			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
 	
 		if((! $update) && (! $load)) {
-	
 
-			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0);
-	
+			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1);
+
+			// if the target item is not a post (eg a like) we want to address its thread parent
+
+			$mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']);
+
+			// if we got a decoded hash we must encode it again before handing to javascript 
+			if($decoded)
+				$mid = 'b64.' . base64url_encode($mid);
+
 			$o .= '<div id="live-display"></div>' . "\r\n";
 			$o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1))
 				. "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n";
 	
 			\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
 				'$baseurl' => z_root(),
-				'$pgtype' => 'display',
-				'$uid' => '0',
-				'$gid' => '0',
-				'$cid' => '0',
-				'$cmin' => '0',
-				'$cmax' => '99',
-				'$star' => '0',
-				'$liked' => '0',
-				'$conv' => '0',
-				'$spam' => '0',
-				'$fh' => '0',
+				'$pgtype'  => 'display',
+				'$uid'     => '0',
+				'$gid'     => '0',
+				'$cid'     => '0',
+				'$cmin'    => '0',
+				'$cmax'    => '99',
+				'$star'    => '0',
+				'$liked'   => '0',
+				'$conv'    => '0',
+				'$spam'    => '0',
+				'$fh'      => '0',
 				'$nouveau' => '0',
-				'$wall' => '0',
-				'$static' => $static,
-				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
-				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
-				'$search' => '',
-				'$xchan' => '',
-				'$order' => '',
-				'$file' => '',
-				'$cats' => '',
-				'$tags' => '',
-				'$dend' => '',
-				'$dbegin' => '',
-				'$verb' => '',
-				'$mid' => $item_hash
+				'$wall'    => '0',
+				'$static'  => $static,
+				'$page'    => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
+				'$list'    => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
+				'$search'  => '',
+				'$xchan'   => '',
+				'$order'   => '',
+				'$file'    => '',
+				'$cats'    => '',
+				'$tags'    => '',
+				'$dend'    => '',
+				'$dbegin'  => '',
+				'$verb'    => '',
+				'$net'     => '',
+				'$mid'     => $mid
 			));
-	
-	
+
+			head_add_link([ 
+				'rel'   => 'alternate',
+				'type'  => 'application/json+oembed',
+				'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+				'title' => 'oembed'
+			]);
+
 		}
-	
+
 		$observer_hash = get_observer_hash();
 		$item_normal = item_normal();
-	
+		$item_normal_update = item_normal_update();
+
 		$sql_extra = public_permissions_sql($observer_hash);
 
-		if(($update && $load) || ($checkjs->disabled())) {
-	
-	
+		if(($update && $load) || ($checkjs->disabled()) || ($module_format !== 'html')) {
+
 			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start']));
-	
-			if($load || ($checkjs->disabled())) {
+
+			if($load || ($checkjs->disabled()) || ($module_format !== 'html')) {
 				$r = null;
-	
+
 				require_once('include/channel.php');
 				$sys = get_sys_channel();
 				$sysid = $sys['channel_id'];
@@ -207,25 +232,22 @@ class Display extends \Zotlabs\Web\Controller {
 					);
 					if($r) {
 						$updateable = true;
-	
 					}
-	
 				}
 
 				if($r === null) {
-	
+
 					// in case somebody turned off public access to sys channel content using permissions
-					// make that content unsearchable by ensuring the owner_xchan can't match
-	
+					// make that content unsearchable by ensuring the owner uid can't match
+
 					if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
 						$sysid = 0;
-	
-	
+
 					$r = q("SELECT item.id as item_id from item
 						WHERE mid = '%s'
 						AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
 						AND item.deny_gid  = '' AND item_private = 0 ) 
-						and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+						and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 						OR uid = %d )
 						$sql_extra )
 						$item_normal
@@ -233,14 +255,13 @@ class Display extends \Zotlabs\Web\Controller {
 						dbesc($target_item['parent_mid']),
 						intval($sysid)
 					);
-	
 				}
 			}
 		}
 	
 		elseif($update && !$load) {
 			$r = null;
-	
+
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
 			$sysid = $sys['channel_id'];
@@ -249,7 +270,7 @@ class Display extends \Zotlabs\Web\Controller {
 				$r = q("SELECT item.parent AS item_id from item
 					WHERE uid = %d
 					and parent_mid = '%s'
-					$item_normal
+					$item_normal_update
 					$simple_update
 					limit 1",
 					intval(local_channel()),
@@ -265,15 +286,14 @@ class Display extends \Zotlabs\Web\Controller {
 				// make that content unsearchable by ensuring the owner_xchan can't match
 				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
 					$sysid = 0;
-	
 				$r = q("SELECT item.parent AS item_id from item
 					WHERE parent_mid = '%s'
 					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
 					AND item.deny_gid  = '' AND item_private = 0 ) 
-					and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 					OR uid = %d )
 					$sql_extra )
-					$item_normal
+					$item_normal_update
 					$simple_update
 					limit 1",
 					dbesc($target_item['parent_mid']),
@@ -288,32 +308,77 @@ class Display extends \Zotlabs\Web\Controller {
 		}
 	
 		if($r) {
-	
 			$parents_str = ids_to_querystr($r,'item_id');
 			if($parents_str) {
-	
 				$items = q("SELECT item.*, item.id AS item_id 
 					FROM item
 					WHERE parent in ( %s ) $item_normal ",
 					dbesc($parents_str)
 				);
-	
 				xchan_query($items);
 				$items = fetch_post_tags($items,true);
 				$items = conv_sort($items,'created');
 			}
-		} else {
+		}
+		else {
 			$items = array();
 		}
 	
-	
-		if ($checkjs->disabled()) {
-			$o .= conversation($items, 'display', $update, 'traditional');
-			if ($items[0]['title'])
-				\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
-		} 
-		else {
-			$o .= conversation($items, 'display', $update, 'client');
+
+		switch($module_format) {
+			
+		case 'html':
+
+			if ($checkjs->disabled()) {
+				$o .= conversation($items, 'display', $update, 'traditional');
+				if ($items[0]['title'])
+					\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
+			} 
+			else {
+				$o .= conversation($items, 'display', $update, 'client');
+			}
+
+			break;
+
+		case 'atom':
+
+			$atom = replace_macros(get_markup_template('atom_feed.tpl'), array(
+				'$version'      => xmlify(\Zotlabs\Lib\System::get_project_version()),
+				'$red'          => xmlify(\Zotlabs\Lib\System::get_platform_name()),
+				'$feed_id'      => xmlify(\App::$cmd),
+				'$feed_title'   => xmlify(t('Article')),
+				'$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)),
+				'$author'       => '',
+				'$owner'        => '',
+				'$profile_page' => xmlify(z_root() . '/display/' . $target_item['mid']),
+			));
+				
+			$x = [ 'xml' => $atom, 'channel' => $channel, 'observer_hash' => $observer_hash, 'params' => $params ];
+			call_hooks('atom_feed_top',$x);
+
+			$atom = $x['xml'];
+
+			// a much simpler interface
+			call_hooks('atom_feed', $atom);
+
+
+			if($items) {
+				$type = 'html';
+				foreach($items as $item) {
+					if($item['item_private'])
+						continue;
+					$atom .= atom_entry($item, $type, null, '', true, '', false);
+				}
+			}
+
+			call_hooks('atom_feed_end', $atom);
+
+			$atom .= '</feed>' . "\r\n";
+
+			header('Content-type: application/atom+xml');
+			echo $atom;
+			killme();
+			
 		}
 	
 		if($updateable) {
@@ -324,17 +389,13 @@ class Display extends \Zotlabs\Web\Controller {
 		}
 
 		$o .= '<div id="content-complete"></div>';
-	
-		return $o;
-	
-	
-	/*
-		elseif((! $update) && (!  {
+
+		if((($update && $load) || $checkjs->disabled()) && (! $items))  {
 			
-			$r = q("SELECT id, item_flags FROM item WHERE id = '%s' OR mid = '%s' LIMIT 1",
-				dbesc($item_hash),
+			$r = q("SELECT id, item_deleted FROM item WHERE mid = '%s' LIMIT 1",
 				dbesc($item_hash)
 			);
+
 			if($r) {
 				if(intval($r[0]['item_deleted'])) {
 					notice( t('Item has been removed.') . EOL );
@@ -348,8 +409,9 @@ class Display extends \Zotlabs\Web\Controller {
 			}
 	
 		}
-	*/
+
+		return $o;
+
 	}
-	
-	
+
 }

Zotlabs/Module/Embedphotos.php

@@ -83,7 +83,7 @@ class Embedphotos extends \Zotlabs\Web\Controller {
 			return '';
 
 		if($args['album'])
-			$album = $args['album'];
+			$album = (($args['album'] === '/') ? '' : $args['album']);
 		if($args['title'])
 			$title = $args['title'];
 

Zotlabs/Module/Events.php

@@ -272,7 +272,7 @@ class Events extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		nav_set_selected(t('Events'));
+		nav_set_selected('Events');
 	
 		if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) {
 			$r = q("update event set dismissed = 1 where id = %d and uid = %d",

Zotlabs/Module/Feed.php

@@ -16,12 +16,15 @@ class Feed extends \Zotlabs\Web\Controller {
 		$params['type']      = ((stristr(argv(0),'json'))   ? 'json'                        : 'xml');
 		$params['pages']     = ((x($_REQUEST,'pages'))      ? intval($_REQUEST['pages'])    : 0);
 		$params['top']       = ((x($_REQUEST,'top'))        ? intval($_REQUEST['top'])      : 0);
-		$params['start']     = ((x($params,'start'))        ? intval($params['start'])      : 0);
-		$params['records']   = ((x($params,'records'))      ? intval($params['records'])    : 40);
-		$params['direction'] = ((x($params,'direction'))    ? dbesc($params['direction'])   : 'desc');
+		$params['start']     = ((x($_REQUEST,'start'))      ? intval($_REQUEST['start'])      : 0);
+		$params['records']   = ((x($_REQUEST,'records'))    ? intval($_REQUEST['records'])    : 40);
+		$params['direction'] = ((x($_REQUEST,'direction'))  ? dbesc($_REQUEST['direction'])   : 'desc');
 		$params['cat']       = ((x($_REQUEST,'cat'))        ? escape_tags($_REQUEST['cat']) : '');
 		$params['compat']    = ((x($_REQUEST,'compat'))     ? intval($_REQUEST['compat'])   : 0);	
 
+		if(! in_array($params['direction'],['asc','desc'])) {
+			$params['direction'] = 'desc';
+		}
 
 		if(argc() > 1) {
 

Zotlabs/Module/File_upload.php

@@ -10,7 +10,8 @@ class File_upload extends \Zotlabs\Web\Controller {
 
 	function post() {
 
-		// logger('file upload: ' . print_r($_REQUEST,true));
+		logger('file upload: ' . print_r($_REQUEST,true));
+		logger('file upload: ' . print_r($_FILES,true));
 	
 		$channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null);
 	
@@ -30,14 +31,75 @@ class File_upload extends \Zotlabs\Web\Controller {
 
 		$_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']);
 		$_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']);
-		$_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']);
-		$_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']);
+		$_REQUEST['deny_cid']  = perms2str($_REQUEST['contact_deny']);
+		$_REQUEST['deny_gid']  = perms2str($_REQUEST['group_deny']);
 
 		if($_REQUEST['filename']) {
-			$r = attach_mkdir($channel,get_observer_hash(),$_REQUEST);
+			$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
+			if($r['success']) {
+				$hash = $r['data']['hash'];
+
+				$sync = attach_export_data($channel,$hash);
+				if($sync) {
+					build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+				}
+				goaway(z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']);
+
+			}
 		}
 		else {
-			$r = attach_store($channel,get_observer_hash(), '', $_REQUEST);
+
+			$matches = [];
+			$partial = false;
+
+
+
+			if(array_key_exists('HTTP_CONTENT_RANGE',$_SERVER)) {
+				$pm = preg_match('/bytes (\d*)\-(\d*)\/(\d*)/',$_SERVER['HTTP_CONTENT_RANGE'],$matches);
+				if($pm) {
+					logger('Content-Range: ' . print_r($matches,true));
+					$partial = true;
+				}
+			}
+
+			if($partial) {
+				$x = save_chunk($channel,$matches[1],$matches[2],$matches[3]);
+
+				if($x['partial']) {
+					header('Range: bytes=0-' . (($x['length']) ? $x['length'] - 1 : 0));
+					json_return_and_die($result);
+				}
+				else {
+					header('Range: bytes=0-' . (($x['size']) ? $x['size'] - 1 : 0));
+
+					$_FILES['userfile'] = [
+						'name'     => $x['name'],
+						'type'     => $x['type'],
+						'tmp_name' => $x['tmp_name'],
+						'error'    => $x['error'],
+						'size'     => $x['size']
+					];
+				}
+			}
+			else {	
+				if(! array_key_exists('userfile',$_FILES)) {
+					$_FILES['userfile'] = [
+						'name'     => $_FILES['files']['name'],
+						'type'     => $_FILES['files']['type'],
+						'tmp_name' => $_FILES['files']['tmp_name'],
+						'error'    => $_FILES['files']['error'],
+						'size'     => $_FILES['files']['size']
+					];
+				}
+			}
+
+			$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
+			if($r['success']) {
+				$sync = attach_export_data($channel,$r['data']['hash']);
+				if($sync)
+					build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+
+			}
 		}
 		goaway(z_root() . '/' . $_REQUEST['return_url']);
 	

Zotlabs/Module/Filestorage.php

@@ -18,7 +18,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 
 		$recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
 		$resource = ((x($_POST, 'filehash')) ? notags($_POST['filehash']) : '');
-		$notify = ((x($_POST, 'notify')) ? intval($_POST['notify']) : 0);
+		$notify = ((x($_POST, 'notify_edit')) ? intval($_POST['notify_edit']) : 0);
 
 		if(! $resource) {
 			notice(t('Item not found.') . EOL);
@@ -31,16 +31,16 @@ class Filestorage extends \Zotlabs\Web\Controller {
 		$acl->set_from_array($_POST);
 		$x = $acl->get();
 
-		$cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
+		$url = get_cloud_url($channel_id, $channel['channel_address'], $resource);
 
 		//get the object before permissions change so we can catch eventual former allowed members
-		$object = get_file_activity_object($channel_id, $resource, $cloudPath);
+		$object = get_file_activity_object($channel_id, $resource, $url);
 
 		attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
 
 		file_activity($channel_id, $object, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], 'post', $notify);
 
-		goaway($cloudPath);
+		goaway(dirname($url));
 	}
 
 	function get() {
@@ -99,11 +99,16 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			$f = $r[0];
 			$channel = \App::get_channel();
 
-			$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
+			$url = get_cloud_url($channel['channel_id'], $channel['channel_address'], $f['hash']);
 
 			attach_delete($owner, $f['hash']);
 
-			goaway($parentpath);
+			$sync = attach_export_data($channel, $f['hash'], true);
+			if($sync) {
+				build_sync_packet($channel['channel_id'], array('file' => array($sync)));
+			}
+
+			goaway(dirname($url));
 		}
 
 		if(argc() > 3 && argv(3) === 'edit') {
@@ -123,7 +128,6 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			$channel = \App::get_channel();
 
 			$cloudpath = get_cloudpath($f);
-			$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
 
 			$aclselect_e = populate_acl($f, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage'));
 			$is_a_dir = (intval($f['is_dir']) ? true : false);
@@ -138,7 +142,6 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				'$header' => t('Edit file permissions'),
 				'$file' => $f,
 				'$cloudpath' => z_root() . '/' . $encoded_path,
-				'$parentpath' => $parentpath,
 				'$uid' => $channel['channel_id'],
 				'$channelnick' => $channel['channel_address'],
 				'$permissions' => t('Permissions'),
@@ -157,7 +160,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				'$submit' => t('Submit'),
 				'$attach_btn_title' => t('Share this file'),
 				'$link_btn_title' => t('Show URL to this file'),
-				'$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes'))),
+				'$notify' => array('notify_edit', t('Show in your contacts shared folder'), 0, '', array(t('No'), t('Yes'))),
 			));
 
 			echo $o;

Zotlabs/Module/Getfile.php

@@ -28,17 +28,51 @@ class Getfile extends \Zotlabs\Web\Controller {
 
 	function post() {
 
-		logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO);
-	
+		$header_verified = false;
+
 		$hash     = $_POST['hash'];
 		$time     = $_POST['time'];
 		$sig      = $_POST['signature'];
 		$resource = $_POST['resource'];
 		$revision = intval($_POST['revision']);
 		$resolution = (-1);
-	
+
 		if(! $hash)
 			killme();
+
+		foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
+			if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
+				if($head !== 'HTTP_AUTHORIZATION') {
+					$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
+					continue;
+				}
+
+				$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
+				if($sigblock) {
+					$keyId = $sigblock['keyId'];
+
+					if($keyId) {
+						$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash 
+							where hubloc_addr = '%s' limit 1",
+							dbesc(str_replace('acct:','',$keyId))
+						);
+						if($r) {
+							$hubloc = $r[0];
+							$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	
+							if($verified && $verified['header_signed'] && $verified['header_valid'] && $hash == $hubloc['hubloc_hash']) {
+								$header_verified = true;
+							}
+						}
+					}
+				}
+			}
+		}
+
+
+		logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO);
+		if($header_verified) {
+				logger('HTTPSig verified');
+		}	
 	
 		$channel = channelx_by_hash($hash);
 
@@ -59,16 +93,17 @@ class Getfile extends \Zotlabs\Web\Controller {
 		$d1 = datetime_convert('UTC','UTC',"now + $slop minutes");
 		$d2 = datetime_convert('UTC','UTC',"now - $slop minutes");	
 	
-		if(($time > $d1) || ($time < $d2)) {
-			logger('time outside allowable range');
-			killme();
-		}
+		if(! $header_verified) {
+			if(($time > $d1) || ($time < $d2)) {
+				logger('time outside allowable range');
+				killme();
+			}
 	
-		if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) {
-			logger('verify failed.');
-			killme();
+			if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) {
+				logger('verify failed.');
+				killme();
+			}
 		}
-		
 
 		if($resolution > 0) {
 			$r = q("select * from photo where resource_id = '%s' and uid = %d limit 1",
@@ -108,7 +143,7 @@ class Getfile extends \Zotlabs\Web\Controller {
 			
 		$unsafe_types = array('text/html','text/css','application/javascript');
 	
-		if(in_array($r['data']['filetype'],$unsafe_types)) {
+		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) {
 				header('Content-type: text/plain');
 		}
 		else {

Zotlabs/Module/Help.php

@@ -15,7 +15,7 @@ require_once('include/help.php');
 class Help extends \Zotlabs\Web\Controller {
 
 	function get() {
-		nav_set_selected(t('Help'));
+		nav_set_selected('Help');
 
 		if($_REQUEST['search']) {
 			$o .= '<div id="help-content" class="generic-content-wrapper">';
@@ -88,12 +88,15 @@ class Help extends \Zotlabs\Web\Controller {
 			$heading = $headings[argv(1)];
 
 		$content =  get_help_content();
+		
+		$language = determine_help_language()['language'];
 
 		return replace_macros(get_markup_template('help.tpl'), array(
 			'$title'      => t('$Projectname Documentation'),
 			'$tocHeading' => t('Contents'),
 			'$content'    => $content,
-			'$heading'    => $heading
+			'$heading'    => $heading,
+			'$language'   => $language
 		));
 	}
 

Zotlabs/Module/Hq.php

@@ -0,0 +1,301 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once("include/bbcode.php");
+require_once('include/security.php');
+require_once('include/conversation.php');
+require_once('include/acl_selectors.php');
+require_once('include/items.php');
+
+
+class Hq extends \Zotlabs\Web\Controller {
+
+	function init() {
+		if(! local_channel())
+			return;
+
+		\App::$profile_uid = local_channel();
+	}
+
+	function post() {
+
+		if(!local_channel())
+			return;
+
+		if($_REQUEST['notify_id']) {
+			q("update notify set seen = 1 where id = %d and uid = %d",
+				intval($_REQUEST['notify_id']),
+				intval(local_channel())
+			);
+		}
+
+	}
+
+	function get($update = 0, $load = false) {
+
+		if(!local_channel())
+			return;
+
+		if($load)
+			$_SESSION['loadtime'] = datetime_convert();
+	
+		if(argc() > 1 && argv(1) !== 'load') {
+			$item_hash = argv(1);
+		}
+	
+		if($_REQUEST['mid'])
+			$item_hash = $_REQUEST['mid'];
+
+		$item_normal = item_normal();
+		$item_normal_update = item_normal_update();
+
+		if(! $item_hash) {
+			$r = q("SELECT mid FROM item
+				WHERE uid = %d 
+				AND mid = parent_mid
+				ORDER BY created DESC LIMIT 1",
+				intval(local_channel())
+			);
+
+			if($r[0]['mid']) {
+				$item_hash = 'b64.' . base64url_encode($r[0]['mid']);
+			}
+		}
+
+		if($item_hash) {
+
+			if(strpos($item_hash,'b64.') === 0)
+				$decoded = @base64url_decode(substr($item_hash,4));
+
+			if($decoded)
+				$item_hash = $decoded;
+
+			$target_item = null;
+
+			$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid like '%s' limit 1",
+				dbesc($item_hash . '%')
+			);
+		
+			if($r) {
+				$target_item = $r[0];
+			}
+
+			//if the item is to be moderated redirect to /moderate
+			if($target_item['item_blocked'] == ITEM_MODERATED) {
+				goaway(z_root() . '/moderate/' . $target_item['id']);
+			}
+		
+			$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
+
+			$simple_update = (($update) ? " AND item_unseen = 1 " : '');
+				
+			if($update && $_SESSION['loadtime'])
+				$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' )  OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
+		
+			if($static && $simple_update)
+				$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
+
+			$sys = get_sys_channel();
+			$sql_extra = item_permissions_sql($sys['channel_id']);
+
+			$sys_item = false;
+
+		}
+	
+		if(! $update) {
+			$channel = \App::get_channel();
+
+			$channel_acl = [
+				'allow_cid' => $channel['channel_allow_cid'], 
+				'allow_gid' => $channel['channel_allow_gid'], 
+				'deny_cid'  => $channel['channel_deny_cid'], 
+				'deny_gid'  => $channel['channel_deny_gid']
+			]; 
+
+			$x = [
+				'is_owner'            => true,
+				'allow_location'      => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
+				'default_location'    => $channel['channel_location'],
+				'nickname'            => $channel['channel_address'],
+				'lockstate'           => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
+	
+				'acl'                 => populate_acl($channel_acl),
+				'permissions'         => $channel_acl,
+				'bang'                => '',
+				'visitor'             => true,
+				'profile_uid'         => local_channel(),
+				'return_path'         => 'hq',
+				'expanded'            => true,
+				'editor_autocomplete' => true,
+				'bbco_autocomplete'   => 'bbcode',
+				'bbcode'              => true,
+				'jotnets'             => true
+			];
+
+			$o = replace_macros(get_markup_template("hq.tpl"),
+				[
+					'$no_messages' => (($target_item) ? false : true),
+					'$no_messages_label' => t('Welcome to hubzilla!')
+				]
+			);
+	
+			$o = '<div id="jot-popup">';
+			$o .= status_editor($a,$x);
+			$o .= '</div>';
+		}
+
+		if(! $update && ! $load) {
+
+			nav_set_selected('HQ');
+
+			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1);
+
+			if($target_item) {
+				// if the target item is not a post (eg a like) we want to address its thread parent
+				$mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']);
+
+				// if we got a decoded hash we must encode it again before handing to javascript 
+				if($decoded)
+					$mid = 'b64.' . base64url_encode($mid);
+			}
+			else {
+				$mid = '';
+			}
+
+			$o .= '<div id="live-hq"></div>' . "\r\n";
+			$o .= "<script> var profile_uid = " . local_channel()
+				. "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . ";</script>\r\n";
+	
+			\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),[
+				'$baseurl' => z_root(),
+				'$pgtype'  => 'hq',
+				'$uid'     => local_channel(),
+				'$gid'     => '0',
+				'$cid'     => '0',
+				'$cmin'    => '0',
+				'$cmax'    => '99',
+				'$star'    => '0',
+				'$liked'   => '0',
+				'$conv'    => '0',
+				'$spam'    => '0',
+				'$fh'      => '0',
+				'$nouveau' => '0',
+				'$wall'    => '0',
+				'$static'  => $static,
+				'$page'    => 1,
+				'$list'    => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
+				'$search'  => '',
+				'$xchan'   => '',
+				'$order'   => '',
+				'$file'    => '',
+				'$cats'    => '',
+				'$tags'    => '',
+				'$dend'    => '',
+				'$dbegin'  => '',
+				'$verb'    => '',
+				'$net'     => '',
+				'$mid'     => $mid
+			]);
+		}
+
+		$updateable = false;
+
+		if($load && $target_item) {
+			$r = null;
+
+			$r = q("SELECT item.id AS item_id FROM item
+				WHERE uid = %d
+				AND mid = '%s'
+				$item_normal
+				LIMIT 1",
+				intval(local_channel()),
+				dbesc($target_item['parent_mid'])
+			);
+
+			if($r) {
+				$updateable = true;
+			}
+
+			if(!$r) {
+				$sys_item = true;
+
+				$r = q("SELECT item.id AS item_id FROM item
+					LEFT JOIN abook ON item.author_xchan = abook.abook_xchan
+					WHERE mid = '%s' AND item.uid = %d $item_normal
+					AND (abook.abook_blocked = 0 or abook.abook_flags is null)
+					$sql_extra LIMIT 1",
+					dbesc($target_item['parent_mid']),
+					intval($sys['channel_id'])
+				);
+			}
+		}
+		elseif($update && $target_item) {
+			$r = null;
+
+			$r = q("SELECT item.parent AS item_id FROM item
+				WHERE uid = %d
+				AND parent_mid = '%s'
+				$item_normal_update
+				$simple_update
+				LIMIT 1",
+				intval(local_channel()),
+				dbesc($target_item['parent_mid'])
+			);
+
+			if($r) {
+				$updateable = true;
+			}
+
+			if(!$r) {
+				$sys_item = true;
+
+				$r = q("SELECT item.parent AS item_id FROM item
+					LEFT JOIN abook ON item.author_xchan = abook.abook_xchan
+					WHERE mid = '%s' AND item.uid = %d $item_normal_update $simple_update
+					AND (abook.abook_blocked = 0 or abook.abook_flags is null)
+					$sql_extra LIMIT 1",
+					dbesc($target_item['parent_mid']),
+					intval($sys['channel_id'])
+				);
+			}
+
+			$_SESSION['loadtime'] = datetime_convert();
+		}
+		else {
+			$r = [];
+		}
+	
+		if($r) {
+			$parents_str = ids_to_querystr($r,'item_id');
+			if($parents_str) {
+				$items = q("SELECT item.*, item.id AS item_id 
+					FROM item
+					WHERE parent IN ( %s ) $item_normal ",
+					dbesc($parents_str)
+				);
+	
+				xchan_query($items,true,(($sys_item) ? local_channel() : 0));
+				$items = fetch_post_tags($items,true);
+				$items = conv_sort($items,'created');
+			}
+		}
+		else {
+			$items = [];
+		}
+	
+		$o .= conversation($items, 'hq', $update, 'client');
+
+		if($updateable) {
+			$x = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d AND parent = %d ",
+				intval(local_channel()),
+				intval($r[0]['item_id'])
+			);
+		}
+
+		$o .= '<div id="content-complete"></div>';
+
+		return $o;
+
+	}
+
+}

Zotlabs/Module/Impel.php

@@ -26,6 +26,8 @@ class Impel extends \Zotlabs\Web\Controller {
 		if(! $j)
 			json_return_and_die($ret);
 	
+		// logger('element: ' . print_r($j,true));
+
 		$channel = \App::get_channel();
 	
 		$arr = array();

Zotlabs/Module/Import.php

@@ -278,20 +278,31 @@ class Import extends \Zotlabs\Web\Controller {
 				create_table_from_array('xchan',$xchan);
 
 				require_once('include/photo/photo_driver.php');
-				$photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']);
-				if($photos[4])
-					$photodate = NULL_DATE;
-				else
-					$photodate = $xchan['xchan_photo_date'];
 
-				$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'",
-					dbesc($photos[0]),
-					dbesc($photos[1]),
-					dbesc($photos[2]),
-					dbesc($photos[3]),
-					dbesc($photodate),
-					dbesc($xchan['xchan_hash'])
-				);
+				if($xchan['xchan_hash'] === $channel['channel_hash']) {
+					$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s' where xchan_hash = '%s'",
+						dbesc(z_root() . '/photo/profile/l/' . $channel['channel_id']),
+						dbesc(z_root() . '/photo/profile/m/' . $channel['channel_id']),
+						dbesc(z_root() . '/photo/profile/s/' . $channel['channel_id']),
+						dbesc($xchan['xchan_hash'])
+					);
+				}
+				else {
+					$photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']);
+					if($photos[4])
+						$photodate = NULL_DATE;
+					else
+						$photodate = $xchan['xchan_photo_date'];
+
+					$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'",
+						dbesc($photos[0]),
+						dbesc($photos[1]),
+						dbesc($photos[2]),
+						dbesc($photos[3]),
+						dbesc($photodate),
+						dbesc($xchan['xchan_hash'])
+					);
+				}
 			}
 
 			logger('import step 7');

Zotlabs/Module/Invite.php

@@ -95,7 +95,7 @@ class Invite extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		nav_set_selected(t('Invite'));
+		nav_set_selected('Invite');
 	
 		$tpl = get_markup_template('invite.tpl');
 		$invonly = false;

Zotlabs/Module/Item.php

@@ -59,6 +59,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		$profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid'])    : 0);
 		require_once('include/channel.php');
+
 		$sys = get_sys_channel();
 		if($sys && $profile_uid && ($sys['channel_id'] == $profile_uid) && is_site_admin()) {
 			$uid = intval($sys['channel_id']);
@@ -155,7 +156,7 @@ class Item extends \Zotlabs\Web\Controller {
 			if(! x($_REQUEST,'type'))
 				$_REQUEST['type'] = 'net-comment';
 	
-			if($obj_type == ACTIVITY_OBJ_POST)
+			if($obj_type == ACTIVITY_OBJ_NOTE)
 				$obj_type = ACTIVITY_OBJ_COMMENT;
 	
 			if($parent) {
@@ -171,7 +172,7 @@ class Item extends \Zotlabs\Web\Controller {
 				);
 			}
 			// if this isn't the real parent of the conversation, find it
-			if($r !== false && count($r)) {
+			if($r) {
 				$parid = $r[0]['parent'];
 				$parent_mid = $r[0]['mid'];
 				if($r[0]['id'] != $r[0]['parent']) {
@@ -179,9 +180,16 @@ class Item extends \Zotlabs\Web\Controller {
 						intval($parid)
 					);
 				}
+
+				// if interacting with a pubstream item, 
+				// create a copy of the parent in your stream
+
+				if($r[0]['uid'] === $sys['channel_id'] && local_channel()) {
+					$r = [ copy_of_pubitem(\App::get_channel(), $r[0]['mid']) ];
+				}
 			}
-	
-			if(($r === false) || (! count($r))) {
+
+			if(! $r) {
 				notice( t('Unable to locate original post.') . EOL);
 				if($api_source)
 					return ( [ 'success' => false, 'message' => 'invalid post id' ] );	
@@ -189,15 +197,12 @@ class Item extends \Zotlabs\Web\Controller {
 					goaway(z_root() . "/" . $return_path );
 				killme();
 			}
-	
-			// can_comment_on_post() needs info from the following xchan_query 
-			// This may be from the discover tab which means we need to correct the effective uid
 
-			xchan_query($r,true,(($r[0]['uid'] == local_channel()) ? 0 : local_channel()));
-	
+			xchan_query($r,true);
+
 			$parent_item = $r[0];
 			$parent = $r[0]['id'];
-	
+
 			// multi-level threading - preserve the info but re-parent to our single level threading
 	
 			$thr_parent = $parent_mid;
@@ -511,48 +516,20 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			require_once('include/text.php');			
 	
-			// Markdown doesn't work correctly. Do not re-enable unless you're willing to fix it and support it.
-	
-			// Sample that will probably give you grief - you must preserve the linebreaks
-			// and provide the correct markdown interpretation and you cannot allow unfiltered HTML
-	
-			// Markdown
-			// ========
-			//
-			// **bold** abcde
-			// fghijkl
-			// *italic*
-			// <img src="javascript:alert('hacked');" />
-	
-	//		if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
-	//			require_once('include/markdown.php');
-	//			$body = escape_tags(trim($body));
-	//			$body = str_replace("\n",'<br />', $body);
-	//			$body = preg_replace_callback('/\[share(.*?)\]/ism','\share_shield',$body);			
-	//			$body = markdown_to_bb($body,true);
-	//			$body = preg_replace_callback('/\[share(.*?)\]/ism','\share_unshield',$body);
-	//		}
+			if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
+				require_once('include/markdown.php');
+				$body = preg_replace_callback('/\[share(.*?)\]/ism','\share_shield',$body);			
+				$body = markdown_to_bb($body,true,['preserve_lf' => true]);
+				$body = preg_replace_callback('/\[share(.*?)\]/ism','\share_unshield',$body);
+
+			}
 	
 			// BBCODE alert: the following functions assume bbcode input
 			// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)
 			// we may need virtual or template classes to implement the possible alternatives
-	
-			// Work around doubled linefeeds in Tinymce 3.5b2
-			// First figure out if it's a status post that would've been
-			// created using tinymce. Otherwise leave it alone. 
-	
-			$plaintext = true;
-	
-	//		$plaintext = ((feature_enabled($profile_uid,'richtext')) ? false : true);
-	//		if((! $parent) && (! $api_source) && (! $plaintext)) {
-	//			$body = fix_mce_lf($body);
-	//		}
-	
-	
-	
+			
 			// If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it, if our pconfig is set.
-	
-	
+		
 			if((! $parent) && (get_pconfig($profile_uid,'system','tagifonlyrecip')) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) {
 				$x = q("select abook_id, abconfig.v from abook left join abconfig on abook_xchan = abconfig.xchan and abook_channel = abconfig.chan and cat= 'their_perms' and abconfig.k = 'tag_deliver' and abconfig.v = 1 and abook_xchan = '%s' and abook_channel = %d limit 1",
 					dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)),
@@ -605,15 +582,6 @@ class Item extends \Zotlabs\Web\Controller {
 			 * so we'll set the permissions regardless and realise that the media may not be 
 			 * referenced in the post. 
 			 *
-			 * What is preventing us from being able to upload photos into comments is dealing with
-			 * the photo and attachment permissions, since we don't always know who was in the 
-			 * distribution for the top level post.
-			 * 
-			 * We might be able to provide this functionality with a lot of fiddling:
-			 * - if the top level post is public (make the photo public)
-			 * - if the top level post was written by us or a wall post that belongs to us (match the top level post)
-			 * - if the top level post has privacy mentions, add those to the permissions.
-			 * - otherwise disallow the photo *or* make the photo public. This is the part that gets messy. 
 			 */
 	
 			if(! $preview) {
@@ -659,14 +627,26 @@ class Item extends \Zotlabs\Web\Controller {
 	// BBCODE end alert
 	
 		if(strlen($categories)) {
+
 			$cats = explode(',',$categories);
 			foreach($cats as $cat) {
+
+				if($webpage == ITEM_TYPE_CARD) {
+					$catlink = z_root() . '/cards/' . $channel['channel_address'] . '?f=&cat=' . urlencode(trim($cat));
+				}
+				elseif($webpage == ITEM_TYPE_ARTICLE) {
+					$catlink = z_root() . '/articles/' . $channel['channel_address'] . '?f=&cat=' . urlencode(trim($cat));
+				}
+				else {
+					$catlink = $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat));
+				}
+
 				$post_tags[] = array(
 					'uid'   => $profile_uid, 
 					'ttype' => TERM_CATEGORY,
 					'otype' => TERM_OBJ_POST,
 					'term'  => trim($cat),
-					'url'   => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat))
+					'url'   => $catlink
 				); 				
 			}
 		}
@@ -685,7 +665,7 @@ class Item extends \Zotlabs\Web\Controller {
 				foreach($t as $t1) {
 					$post_tags[] = array(
 						'uid'   => $profile_uid, 
-						'ttype' => $t1['type'],
+						'ttype' => $t1['ttype'],
 						'otype' => TERM_OBJ_POST,
 						'term'  => $t1['term'],
 						'url'   => $t1['url'],
@@ -734,7 +714,9 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		if($parent_item)
 			$parent_mid = $parent_item['mid'];
-	
+
+
+
 		// Fallback so that we alway have a thr_parent
 	
 		if(!$thr_parent)
@@ -744,6 +726,33 @@ class Item extends \Zotlabs\Web\Controller {
 
 		$item_thread_top = ((! $parent) ? 1 : 0);
 	
+
+		// fix permalinks for cards
+	
+		if($webpage == ITEM_TYPE_CARD) {
+			$plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : substr($mid,0,16));
+		}
+		if(($parent_item) && ($parent_item['item_type'] == ITEM_TYPE_CARD)) {
+			$r = q("select v from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.iid = %d limit 1",
+				intval($parent_item['id'])
+			);
+			if($r) {
+				$plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . $r[0]['v'];
+			}
+		}
+
+		if($webpage == ITEM_TYPE_ARTICLE) {
+			$plink = z_root() . '/articles/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : substr($mid,0,16));
+		}
+		if(($parent_item) && ($parent_item['item_type'] == ITEM_TYPE_ARTICLE)) {
+			$r = q("select v from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.iid = %d limit 1",
+				intval($parent_item['id'])
+			);
+			if($r) {
+				$plink = z_root() . '/articles/' . $channel['channel_address'] . '/' . $r[0]['v'];
+			}
+		}
+
 		if ((! $plink) && ($item_thread_top)) {
 			$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
 		}
@@ -1079,21 +1088,28 @@ class Item extends \Zotlabs\Web\Controller {
 	
 				// if this is a different page type or it's just a local delete
 				// but not by the item author or owner, do a simple deletion
-	
+
+				$complex = false;	
+
 				if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) {
 					drop_item($i[0]['id']);
 				}
 				else {
 					// complex deletion that needs to propagate and be performed in phases
 					drop_item($i[0]['id'],true,DROPITEM_PHASE1);
-					$r = q("select * from item where id = %d",
-						intval($i[0]['id'])
-					);
-					if($r) {
-						xchan_query($r);
-						$sync_item = fetch_post_tags($r);
-						build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true))));
-					}
+					$complex = true;
+				}
+
+				$r = q("select * from item where id = %d",
+					intval($i[0]['id'])
+				);
+				if($r) {
+					xchan_query($r);
+					$sync_item = fetch_post_tags($r);
+					build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true))));
+				}
+
+				if($complex) {
 					tag_deliver($i[0]['uid'],$i[0]['id']);
 				}
 			}
@@ -1123,7 +1139,29 @@ class Item extends \Zotlabs\Web\Controller {
 			$ret['message'] = t('Unable to obtain post information from database.');
 			return $ret;
 		} 
-	
+
+		// auto-upgrade beginner (techlevel 0) accounts - if they have at least two friends and ten posts
+		// and have uploaded something (like a profile photo), promote them to level 1. 
+
+		$a = q("select account_id, account_level from account where account_id = (select channel_account_id from channel where channel_id = %d limit 1)",
+			intval($channel_id)
+		);
+		if((! intval($a[0]['account_level'])) && intval($r[0]['total']) > 10) {
+			$x = q("select count(abook_id) as total from abook where abook_channel = %d",
+				intval($channel_id)
+			);
+			if($x && intval($x[0]['total']) > 2) {
+				$y = q("select count(id) as total from attach where uid = %d",
+					intval($channel_id)
+				);
+				if($y && intval($y[0]['total']) > 1) {
+					q("update account set account_level = 1 where account_id = %d limit 1",
+						intval($a[0]['account_id'])
+					);
+				}
+			}
+		} 
+
 		if (!$iswebpage) {
 			$max = engr_units_to_bytes(service_class_fetch($channel_id,'total_items'));
 			if(! service_class_allows($channel_id,'total_items',$r[0]['total'])) {

Zotlabs/Module/Lang.php

@@ -5,7 +5,7 @@ namespace Zotlabs\Module;
 class Lang extends \Zotlabs\Web\Controller {
 
 	function get() {
-		nav_set_selected(t('Language'));
+		nav_set_selected('Language');
 		return lang_selector();
 	}
 	

Zotlabs/Module/Layouts.php

@@ -162,12 +162,12 @@ class Layouts extends \Zotlabs\Web\Controller {
 					'created'   => $rr['created'],
 					'edited'    => $rr['edited'],
 					'mimetype'  => $rr['mimetype'],
-					'pagetitle' => $rr['sid'],
+					'pagetitle' => urldecode($rr['v']),
 					'mid'       => $rr['mid']
 				);
 				$pages[$rr['iid']][] = array(
 					'url' => $rr['iid'],
-					'title' => $rr['v'],
+					'title' => urldecode($rr['v']),
 					'descr' => $rr['title'],
 					'mid' => $rr['mid'],
 					'created' => $rr['created'],

Zotlabs/Module/Like.php

@@ -12,7 +12,10 @@ class Like extends \Zotlabs\Web\Controller {
 	function get() {
 	
 		$o = '';
-	
+
+		$sys_channel = get_sys_channel();
+		$sys_channel_id = (($sys_channel) ? $sys_channel['channel_id'] : 0);
+
 		$observer = \App::get_observer();
 		$interactive = $_REQUEST['interactive'];
 		if($interactive) {
@@ -253,20 +256,29 @@ class Like extends \Zotlabs\Web\Controller {
 			logger('like: verb ' . $verb . ' item ' . $item_id, LOGGER_DEBUG);
 	
 			// get the item. Allow linked photos (which are normally hidden) to be liked
-	
+
 			$r = q("SELECT * FROM item WHERE id = %d 
-				and item_type = 0 and item_deleted = 0 and item_unpublished = 0 
+				and item_type in (0,6,7) and item_deleted = 0 and item_unpublished = 0 
 				and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1",
 				intval($item_id)
 			);
-	
+
+			// if interacting with a pubstream item,
+			// create a copy of the parent in your stream. If not the conversation
+			// parent, copy that as well.
+
+			if($r) {
+				if($r[0]['uid'] === $sys_channel['channel_id'] && local_channel()) {
+					$r = [ copy_of_pubitem(\App::get_channel(), $r[0]['mid']) ];
+				}
+			}
+
 			if(! $item_id || (! $r)) {
 				logger('like: no item ' . $item_id);
 				killme();
 			}
 
-
-			xchan_query($r,true,(($r[0]['uid'] == local_channel()) ? 0 : local_channel()));	
+			xchan_query($r,true);
 
 			$item = $r[0];
 
@@ -464,6 +476,8 @@ class Like extends \Zotlabs\Web\Controller {
 		$arr['mid']          = $mid;
 		$arr['aid']          = (($extended_like) ? $ch[0]['channel_account_id'] : $owner_aid);
 		$arr['uid']          = $owner_uid;
+
+
 		$arr['item_flags']   = $item_flags;
 		$arr['item_wall']    = $item_wall;
 		$arr['parent_mid']   = (($extended_like) ? $mid : $item['mid']);

Zotlabs/Module/Linkinfo.php

@@ -95,7 +95,7 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 			echo $arr['text'];
 			killme();
 		}
-	
+
 		if($process_oembed) {
 			$x = oembed_process($url);
 			if($x) {

Zotlabs/Module/Logout.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace Zotlabs\Module;
+
+class Logout extends \Zotlabs\Web\Controller {
+
+	function init() {
+		\App::$session->nuke();
+		goaway(z_root());
+
+	}
+}

Zotlabs/Module/Magic.php

@@ -17,6 +17,7 @@ class Magic extends \Zotlabs\Web\Controller {
 		$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
 		$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
 		$rev  = ((x($_REQUEST,'rev'))  ? intval($_REQUEST['rev'])  : 0);
+		$owa  = ((x($_REQUEST,'owa'))  ? intval($_REQUEST['owa'])  : 0);
 		$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate']  : '');
 	
 		$parsed = parse_url($dest);
@@ -132,12 +133,39 @@ class Magic extends \Zotlabs\Web\Controller {
 		if(local_channel()) {
 			$channel = \App::get_channel();
 	
+			// OpenWebAuth
+
+			if($owa) {
+
+				$headers = [];
+				$headers['Accept'] = 'application/x-zot+json' ;
+				$headers['X-Open-Web-Auth'] = random_string();
+				$headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
+					'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
+				$x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]);
+
+				if($x['success']) {
+					$j = json_decode($x['body'],true);
+					if($j['success']) {
+						$token = '';
+						if($j['encrypted_token']) {
+							openssl_private_decrypt(base64url_decode($j['encrypted_token']),$token,$channel['channel_prvkey']);
+						}
+						else {
+							$token = $j['token'];
+						}
+						
+						$x = strpbrk($dest,'?&');
+						$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
+						goaway($dest . $args);
+					}
+				}
+				goaway($dest);
+			}
+
+
 			$token = random_string();
-			$token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey']));
-	 
-			$channel['token'] = $token;
-			$channel['token_sig'] = $token_sig;
-	
+
 			\Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']);
 	
 			$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel))

Zotlabs/Module/Mail.php

@@ -19,7 +19,7 @@ class Mail extends \Zotlabs\Web\Controller {
 		$replyto   = ((x($_REQUEST,'replyto'))      ? notags(trim($_REQUEST['replyto']))      : '');
 		$subject   = ((x($_REQUEST,'subject'))      ? notags(trim($_REQUEST['subject']))      : '');
 		$body      = ((x($_REQUEST,'body'))         ? escape_tags(trim($_REQUEST['body']))    : '');
-		$recipient = ((x($_REQUEST,'messageto'))    ? notags(trim($_REQUEST['messageto']))    : '');
+		$recipient = ((x($_REQUEST,'messageto'))    ? notags(trim(urldecode($_REQUEST['messageto'])))    : '');
 		$rstr      = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : '');
 		$preview   = ((x($_REQUEST,'preview'))      ? intval($_REQUEST['preview'])            : 0);
 		$expires   = ((x($_REQUEST,'expires'))      ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE);
@@ -124,7 +124,7 @@ class Mail extends \Zotlabs\Web\Controller {
 		// We have a local_channel, let send_message use the session channel and save a lookup
 		
 		$ret = send_message(0, $recipient, $body, $subject, $replyto, $expires, $mimetype, $raw);
-	
+
 		if($ret['success']) {
 			xchan_mail_query($ret['mail']);
 			build_sync_packet(0,array('conv' => array($ret['conv']),'mail' => array(encode_mail($ret['mail'],true))));
@@ -140,7 +140,7 @@ class Mail extends \Zotlabs\Web\Controller {
 	function get() {
 	
 		$o = '';
-		nav_set_selected(t('Mail'));
+		nav_set_selected('Mail');
 	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);

Zotlabs/Module/Manage.php

@@ -11,7 +11,7 @@ class Manage extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		nav_set_selected('Manage');
+		nav_set_selected('Channel Manager');
 	
 		require_once('include/security.php');
 	

Zotlabs/Module/Moderate.php

@@ -14,6 +14,24 @@ class Moderate extends \Zotlabs\Web\Controller {
 			return;
 		}
 
+		//show all items
+		if(argc() == 1) {
+			$r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+				intval(local_channel()),
+				intval(ITEM_MODERATED)
+			);
+		}
+
+		//show a single item
+		if(argc() == 2) {
+			$post_id = intval(argv(1));
+
+			$r = q("select item.id as item_id, item.* from item where item.id = %d and item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+				intval($post_id),
+				intval(local_channel()),
+				intval(ITEM_MODERATED)
+			);
+		}
 
 		if(argc() > 2) {
 			$post_id = intval(argv(1));
@@ -55,10 +73,6 @@ class Moderate extends \Zotlabs\Web\Controller {
 				goaway(z_root() . '/moderate');
 			}
 		}
-		$r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
-			intval(local_channel()),
-			intval(ITEM_MODERATED)
-		);
 
 		if($r) {
 			xchan_query($r);
@@ -73,4 +87,4 @@ class Moderate extends \Zotlabs\Web\Controller {
 
 	}
 
-}
+}

Zotlabs/Module/Mood.php

@@ -117,7 +117,7 @@ class Mood extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		nav_set_selected(t('Mood'));
+		nav_set_selected('Mood');
 
 		$parent = ((x($_GET,'parent')) ? intval($_GET['parent']) : '0');
 	

Zotlabs/Module/Network.php

@@ -35,15 +35,19 @@ class Network extends \Zotlabs\Web\Controller {
 			return login(false);
 		}
 	
-		if($load)
+		$o = '';
+
+		if($load) {
 			$_SESSION['loadtime'] = datetime_convert();
-	
+		}
+
 		$arr = array('query' => \App::$query_string);
 	
 		call_hooks('network_content_init', $arr);
 	
 		$channel = \App::get_channel();
 		$item_normal = item_normal();
+		$item_normal_update = item_normal_update();
 	
 		$datequery = $datequery2 = '';
 	
@@ -103,7 +107,6 @@ class Network extends \Zotlabs\Web\Controller {
 			$def_acl    = array('allow_gid' => '<' . $r[0]['hash'] . '>');
 		}
 	
-		$o = '';
 	
 	
 		// if no tabs are selected, defaults to comments
@@ -116,9 +119,9 @@ class Network extends \Zotlabs\Web\Controller {
 		$spam     = ((x($_GET,'spam'))  ? intval($_GET['spam'])  : 0);
 		$cmin     = ((x($_GET,'cmin'))  ? intval($_GET['cmin'])  : 0);
 		$cmax     = ((x($_GET,'cmax'))  ? intval($_GET['cmax'])  : 99);
-		$firehose = ((x($_GET,'fh'))    ? intval($_GET['fh'])    : 0);
 		$file     = ((x($_GET,'file'))  ? $_GET['file']          : '');
 		$xchan    = ((x($_GET,'xchan')) ? $_GET['xchan']         : '');
+		$net      = ((x($_GET,'net'))   ? $_GET['net']           : '');
 		
 		$deftag = '';
 	
@@ -154,7 +157,7 @@ class Network extends \Zotlabs\Web\Controller {
 				));
 			}
 	
-			nav_set_selected(t('Activity'));
+			nav_set_selected('Grid');
 
 			$channel_acl = array(
 				'allow_cid' => $channel['channel_allow_cid'], 
@@ -290,9 +293,6 @@ class Network extends \Zotlabs\Web\Controller {
 			// We only launch liveUpdate if you aren't filtering in some incompatible
 			// way and also you aren't writing a comment (discovered in javascript).
 	
-			if($gid || $cid || $cmin || ($cmax != 99) || $star || $liked || $conv || $spam || $nouveau || $list)
-				$firehose = 0;
-	
 			$maxheight = get_pconfig(local_channel(),'system','network_divmore_height');
 			if(! $maxheight)
 				$maxheight = 400;
@@ -315,7 +315,7 @@ class Network extends \Zotlabs\Web\Controller {
 				'$liked'   => (($liked) ? $liked : '0'),
 				'$conv'    => (($conv) ? $conv : '0'),
 				'$spam'    => (($spam) ? $spam : '0'),
-				'$fh'      => (($firehose) ? $firehose : '0'),
+				'$fh'      => '0',
 				'$nouveau' => (($nouveau) ? $nouveau : '0'),
 				'$wall'    => '0',
 				'$static'  => $static, 
@@ -329,7 +329,8 @@ class Network extends \Zotlabs\Web\Controller {
 				'$tags'    => urlencode($hashtags),
 				'$dend'    => $datequery,
 				'$mid'     => '',
-				'$verb'     => $verb,
+				'$verb'    => $verb,
+				'$net'     => $net,
 				'$dbegin'  => $datequery2
 			));
 		}
@@ -407,19 +408,12 @@ class Network extends \Zotlabs\Web\Controller {
 	
 	
 		}
-	
-		$abook_uids = " and abook.abook_channel = " . local_channel() . " ";
 
-		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
-		if($firehose && (! $disable_discover_tab)) {
-			require_once('include/channel.php');
-			$sys = get_sys_channel();
-			$uids = " and item.uid  = " . intval($sys['channel_id']) . " ";
-			\App::$data['firehose'] = intval($sys['channel_id']);
-		}
-		else {
-			$uids = " and item.uid = " . local_channel() . " ";
-		}
+		$net_query = (($net) ? " left join xchan on xchan_hash = author_xchan " : ''); 
+		$net_query2 = (($net) ? " and xchan_network = '" . protect_sprintf(dbesc($net)) . "' " : '');
+
+		$abook_uids = " and abook.abook_channel = " . local_channel() . " ";
+		$uids = " and item.uid = " . local_channel() . " ";
 	
 		if(get_pconfig(local_channel(),'system','network_list_mode'))
 			$page_mode = 'list';
@@ -454,10 +448,12 @@ class Network extends \Zotlabs\Web\Controller {
 	
 			$items = q("SELECT item.*, item.id AS item_id, received FROM item
 				left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
+				$net_query
 				WHERE true $uids $item_normal
 				and (abook.abook_blocked = 0 or abook.abook_flags is null)
 				$simple_update
 				$sql_extra $sql_nets
+				$net_query2
 				ORDER BY item.received DESC $pager_sql "
 			);
 	
@@ -482,21 +478,25 @@ class Network extends \Zotlabs\Web\Controller {
 	
 				$r = q("SELECT distinct item.id AS item_id, $ordering FROM item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
+					$net_query
 					WHERE true $uids $item_normal
 					AND item.parent = item.id
 					and (abook.abook_blocked = 0 or abook.abook_flags is null)
 					$sql_extra3 $sql_extra $sql_nets
+					$net_query2
 					ORDER BY $ordering DESC $pager_sql "
 				);
 	
 			}
 			else {
+
 				// this is an update
 				$r = q("SELECT item.parent AS item_id FROM item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
-					WHERE true $uids $item_normal $simple_update
+					$net_query
+					WHERE true $uids $item_normal_update $simple_update
 					and (abook.abook_blocked = 0 or abook.abook_flags is null)
-					$sql_extra3 $sql_extra $sql_nets "
+					$sql_extra3 $sql_extra $sql_nets $net_query2"
 				);
 				$_SESSION['loadtime'] = datetime_convert();
 			}
@@ -516,14 +516,14 @@ class Network extends \Zotlabs\Web\Controller {
 					dbesc($parents_str)
 				);
 	
-				xchan_query($items,true,(($firehose) ? local_channel() : 0));
+				xchan_query($items,true);
 				$items = fetch_post_tags($items,true);
 				$items = conv_sort($items,$ordering);
 			}
 			else {
 				$items = array();
 			}
-	
+
 			if($page_mode === 'list') {
 	
 				/**
@@ -545,10 +545,15 @@ class Network extends \Zotlabs\Web\Controller {
 			}
 		}
 	
-		if(($update_unseen) && (! $firehose))
-			$r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d $update_unseen ",
-				intval(local_channel())
-			);
+		if($update_unseen) {
+			$x = [ 'channel_id' => local_channel(), 'update' => 'unset' ];
+			call_hooks('update_unseen',$x);
+			if($x['update'] === 'unset' || intval($x['update'])) {
+				$r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d $update_unseen ",
+					intval(local_channel())
+				);
+			}
+		}
 	
 		$mode = (($nouveau) ? 'network-new' : 'network');
 	

Zotlabs/Module/New_channel.php

@@ -9,7 +9,7 @@ require_once('include/permissions.php');
 class New_channel extends \Zotlabs\Web\Controller {
 
 	function init() {
-	
+
 		$cmd = ((argc() > 1) ? argv(1) : '');
 	
 		if($cmd === 'autofill.json') {

Zotlabs/Module/Notifications.php

@@ -12,25 +12,44 @@ class Notifications extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		nav_set_selected('notifications');		
+		nav_set_selected('Notifications');
 	
 		$o = '';
-		
-		$r = q("SELECT * from notify where uid = %d and seen = 0 order by created desc",
+
+		$r = q("select count(*) as total from notify where uid = %d and seen = 0",
 			intval(local_channel())
 		);
+		if($r && intval($t[0]['total']) > 49) {
+			$r = q("select * from notify where uid = %d
+				and seen = 0 order by created desc limit 50",
+				intval(local_channel())
+			);
+		} else {
+			$r1 = q("select * from notify where uid = %d
+				and seen = 0 order by created desc limit 50",
+				intval(local_channel())
+			);
+			$r2 = q("select * from notify where uid = %d
+				and seen = 1 order by created desc limit %d",
+				intval(local_channel()),
+				intval(50 - intval($t[0]['total']))
+			);
+			$r = array_merge($r1,$r2);
+		}
 			
 		if($r) {
 			$notifications_available = 1;
-			foreach ($r as $it) {
-				$x = strip_tags(bbcode($it['msg']));
+			foreach ($r as $rr) {
+				$x = strip_tags(bbcode($rr['msg']));
 				if(strpos($x,','))
 					$x = substr($x,strpos($x,',')+1);
 				$notif_content .= replace_macros(get_markup_template('notify.tpl'),array(
-					'$item_link' => z_root().'/notify/view/'. $it['id'],
-					'$item_image' => $it['photo'],
+					'$item_link' => z_root().'/notify/view/'. $rr['id'],
+					'$item_image' => $rr['photo'],
 					'$item_text' => $x,
-					'$item_when' => relative_date($it['created'])
+					'$item_when' => relative_date($rr['created']),
+					'$item_seen' => (($rr['seen']) ? true : false),
+					'$new' => t('New')
 				));
 			}
 		}

Zotlabs/Module/Notify.php

@@ -15,12 +15,16 @@ class Notify extends \Zotlabs\Web\Controller {
 				intval(local_channel())
 			);
 			if($r) {
-				q("update notify set seen = 1 where (( parent != '' and parent = '%s' and otype = '%s' ) or link = '%s' ) and uid = %d",
-					dbesc($r[0]['parent']),
-					dbesc($r[0]['otype']),
-					dbesc($r[0]['link']),
-					intval(local_channel())
-				);
+				$x = [ 'channel_id' => local_channel(), 'update' => 'unset' ];
+				call_hooks('update_unseen',$x);
+				if($x['update'] === 'unset' || intval($x['update'])) {
+					q("update notify set seen = 1 where (( parent != '' and parent = '%s' and otype = '%s' ) or link = '%s' ) and uid = %d",
+						dbesc($r[0]['parent']),
+						dbesc($r[0]['otype']),
+						dbesc($r[0]['link']),
+						intval(local_channel())
+					);
+				}
 				goaway($r[0]['link']);
 			}
 			goaway(z_root());
@@ -30,7 +34,7 @@ class Notify extends \Zotlabs\Web\Controller {
 	}
 	
 	
-		function get() {
+	function get() {
 		if(! local_channel())
 			return login();
 	

Zotlabs/Module/Oep.php

@@ -1,6 +1,8 @@
 <?php
 namespace Zotlabs\Module;
 
+require_once('include/security.php');
+
 // oembed provider
 
 
@@ -41,6 +43,10 @@ class Oep extends \Zotlabs\Web\Controller {
 			$arr = $this->oep_profile_reply($_REQUEST);
 		elseif(fnmatch('*/profile/*',$url))
 			$arr = $this->oep_profile_reply($_REQUEST);
+		elseif(fnmatch('*/cards/*',$url))
+			$arr = $this->oep_cards_reply($_REQUEST);
+		elseif(fnmatch('*/articles/*',$url))
+			$arr = $this->oep_articles_reply($_REQUEST);
 	
 		if($arr) {
 			if($html) {
@@ -66,45 +72,70 @@ class Oep extends \Zotlabs\Web\Controller {
 		$url = $args['url'];
 		$maxwidth  = intval($args['maxwidth']);
 		$maxheight = intval($args['maxheight']);
-	
-		if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) {
-			$chn = $matches[3];
-			$res = $matches[5];
+	logger('processing display');
+		if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) {
+			$res = $matches[2];
 		}
-	
-		if(! ($chn && $res))
-			return;
-		$c = q("select * from channel where channel_address = '%s' limit 1",
-			dbesc($chn)
+
+		if(strpos($res,'b64.') === 0) {
+			$res = base64url_decode(substr($res,4));
+		}
+
+		$item_normal = item_normal();
+
+		$p = q("select * from item where mid like '%s' limit 1",
+	  		dbesc($res . '%')
 		);
-	
-		if(! $c)
+
+		if(! $p)
 			return;
+
+		$c = channelx_by_n($p[0]['uid']);
+
 	
-		$sql_extra = item_permissions_sql($c[0]['channel_id']);
+		if(! ($c && $res))
+			return;
+
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
+			return;
+
+		$sql_extra = item_permissions_sql($c['channel_id']);
 	
-		$p = q("select * from item where mid = '%s' and uid = %d $sql_extra limit 1",
-	  		dbesc($res),
-			intval($c[0]['channel_id'])
+		$p = q("select * from item where mid like '%s' and uid = %d $sql_extra $item_normal limit 1",
+			dbesc($res . '%'),
+			intval($c['channel_id'])
 		);
+
 		if(! $p)
 			return;
 		
 		xchan_query($p,true);
 		$p = fetch_post_tags($p,true);
+
+		// This function can get tripped up if the item is already a reshare
+		// (the multiple share declarations do not parse cleanly if nested) 
+		// So build a template with a known nonsense string as the content, and then
+		// replace that known string with the actual rendered content, sending
+		// each content layer through bbcode() separately.
+
+		$x = '2eGriplW^*Jmf4';
+
 	        
 		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
-	            "' profile='".$p[0]['author']['xchan_url'] .
-	            "' avatar='".$p[0]['author']['xchan_photo_s'].
-	            "' link='".$p[0]['plink'].
-	            "' posted='".$p[0]['created'].
-	            "' message_id='".$p[0]['mid']."']";
+            "' profile='".$p[0]['author']['xchan_url'] .
+            "' avatar='".$p[0]['author']['xchan_photo_s'].
+            "' link='".$p[0]['plink'].
+            "' posted='".$p[0]['created'].
+            "' message_id='".$p[0]['mid']."']";
 	    if($p[0]['title'])
-	            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
-	        $o .= $p[0]['body'];
-	        $o .= "[/share]";
+            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
+
+		$o .= $x; 
+		$o .= "[/share]";
 		$o = bbcode($o);
 	
+		$o = str_replace($x,bbcode($p[0]['body']),$o);
+	
 		$ret['type'] = 'rich';
 	
 		$w = (($maxwidth) ? $maxwidth : 640);
@@ -118,6 +149,174 @@ class Oep extends \Zotlabs\Web\Controller {
 		return $ret;
 	
 	}
+
+
+	function oep_cards_reply($args) {
+	
+		$ret = [];
+		$url = $args['url'];
+		$maxwidth  = intval($args['maxwidth']);
+		$maxheight = intval($args['maxheight']);
+
+		if(preg_match('#//(.*?)/cards/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
+			$nick = $matches[2];
+			$res = $matches[3];
+		}
+		if(! ($nick && $res))
+			return $ret; 
+
+		$channel = channelx_by_nick($nick);
+
+		if(! $channel)
+			return $ret;
+
+
+		if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages'))
+			return $ret;
+
+		$sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash());
+
+		$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
+			dbesc($res)
+		);
+		if($r) {
+			$sql_extra = "and item.id = " . intval($r[0]['iid']) . " ";
+		}
+		else {
+			return $ret;
+		}
+
+		$r = q("select * from item 
+			where item.uid = %d and item_type = %d 
+			$sql_extra order by item.created desc",
+			intval($channel['channel_id']),
+			intval(ITEM_TYPE_CARD)
+		);
+
+		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0
+			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
+			and item.item_blocked = 0 ";
+
+		if($r) {
+			xchan_query($r);
+			$p = fetch_post_tags($r, true);
+		}
+
+		$x = '2eGriplW^*Jmf4';
+
+	        
+		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
+            "' profile='".$p[0]['author']['xchan_url'] .
+            "' avatar='".$p[0]['author']['xchan_photo_s'].
+            "' link='".$p[0]['plink'].
+            "' posted='".$p[0]['created'].
+            "' message_id='".$p[0]['mid']."']";
+	    if($p[0]['title'])
+            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
+
+		$o .= $x; 
+		$o .= "[/share]";
+		$o = bbcode($o);
+	
+		$o = str_replace($x,bbcode($p[0]['body']),$o);
+	
+		$ret['type'] = 'rich';
+	
+		$w = (($maxwidth) ? $maxwidth : 640);
+		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
+	
+		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
+		
+		$ret['width'] = $w;
+		$ret['height'] = $h;
+	
+		return $ret;
+	
+	}
+
+	function oep_articles_reply($args) {
+	
+		$ret = [];
+		$url = $args['url'];
+		$maxwidth  = intval($args['maxwidth']);
+		$maxheight = intval($args['maxheight']);
+
+		if(preg_match('#//(.*?)/articles/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
+			$nick = $matches[2];
+			$res = $matches[3];
+		}
+		if(! ($nick && $res))
+			return $ret; 
+
+		$channel = channelx_by_nick($nick);
+
+		if(! $channel)
+			return $ret;
+
+
+		if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages'))
+			return $ret;
+
+		$sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash());
+
+		$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.v = '%s' limit 1",
+			dbesc($res)
+		);
+		if($r) {
+			$sql_extra = "and item.id = " . intval($r[0]['iid']) . " ";
+		}
+		else {
+			return $ret;
+		}
+
+		$r = q("select * from item 
+			where item.uid = %d and item_type = %d 
+			$sql_extra order by item.created desc",
+			intval($channel['channel_id']),
+			intval(ITEM_TYPE_ARTICLE)
+		);
+
+		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,7) and item.item_deleted = 0
+			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
+			and item.item_blocked = 0 ";
+
+		if($r) {
+			xchan_query($r);
+			$p = fetch_post_tags($r, true);
+		}
+
+		$x = '2eGriplW^*Jmf4';
+
+	        
+		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
+            "' profile='".$p[0]['author']['xchan_url'] .
+            "' avatar='".$p[0]['author']['xchan_photo_s'].
+            "' link='".$p[0]['plink'].
+            "' posted='".$p[0]['created'].
+            "' message_id='".$p[0]['mid']."']";
+	    if($p[0]['title'])
+            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
+
+		$o .= $x; 
+		$o .= "[/share]";
+		$o = bbcode($o);
+	
+		$o = str_replace($x,bbcode($p[0]['body']),$o);
+	
+		$ret['type'] = 'rich';
+	
+		$w = (($maxwidth) ? $maxwidth : 640);
+		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
+	
+		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
+		
+		$ret['width'] = $w;
+		$ret['height'] = $h;
+	
+		return $ret;
+	
+	}
+
 	
 	function oep_mid_reply($args) {
 	
@@ -139,6 +338,9 @@ class Oep extends \Zotlabs\Web\Controller {
 	
 		if(! $c)
 			return;
+
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
+			return;
 	
 		$sql_extra = item_permissions_sql($c[0]['channel_id']);
 	
@@ -151,19 +353,29 @@ class Oep extends \Zotlabs\Web\Controller {
 		
 		xchan_query($p,true);
 		$p = fetch_post_tags($p,true);
-	        
+
+		// This function can get tripped up if the item is already a reshare
+		// (the multiple share declarations do not parse cleanly if nested) 
+		// So build a template with a known nonsense string as the content, and then
+		// replace that known string with the actual rendered content, sending
+		// each content layer through bbcode() separately.
+
+		$x = '2eGriplW^*Jmf4';
+			
 		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
-	            "' profile='".$p[0]['author']['xchan_url'] .
-	            "' avatar='".$p[0]['author']['xchan_photo_s'].
-	            "' link='".$p[0]['plink'].
-	            "' posted='".$p[0]['created'].
-	            "' message_id='".$p[0]['mid']."']";
-	    if($p[0]['title'])
-	            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
-	        $o .= $p[0]['body'];
-	        $o .= "[/share]";
+			"' profile='".$p[0]['author']['xchan_url'] .
+			"' avatar='".$p[0]['author']['xchan_photo_s'].
+			"' link='".$p[0]['plink'].
+			"' posted='".$p[0]['created'].
+			"' message_id='".$p[0]['mid']."']";
+		if($p[0]['title'])
+			$o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
+		$o .= $x; 
+		$o .= "[/share]";
 		$o = bbcode($o);
 	
+		$o = str_replace($x,bbcode($p[0]['body']),$o);
+
 		$ret['type'] = 'rich';
 	
 		$w = (($maxwidth) ? $maxwidth : 640);
@@ -247,6 +459,9 @@ class Oep extends \Zotlabs\Web\Controller {
 		if(! $c)
 			return;
 	
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
+			return;
+
 		$sql_extra = permissions_sql($c[0]['channel_id']);
 	
 		$p = q("select resource_id from photo where album = '%s' and uid = %d and imgscale = 0 $sql_extra order by created desc limit 1",
@@ -308,6 +523,9 @@ class Oep extends \Zotlabs\Web\Controller {
 		if(! $c)
 			return;
 	
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
+			return;
+
 		$sql_extra = permissions_sql($c[0]['channel_id']);
 	
 		$p = q("select resource_id from photo where uid = %d and imgscale = 0 $sql_extra order by created desc limit 1",
@@ -368,7 +586,10 @@ class Oep extends \Zotlabs\Web\Controller {
 	
 		if(! $c)
 			return;
-	
+
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
+			return;
+
 		$sql_extra = permissions_sql($c[0]['channel_id']);
 	
 	

Zotlabs/Module/Ofeed.php

@@ -17,12 +17,15 @@ class Ofeed extends \Zotlabs\Web\Controller {
 		$params['type']      = ((stristr(argv(0),'json'))   ? 'json'                        : 'xml');
 		$params['pages']     = ((x($_REQUEST,'pages'))      ? intval($_REQUEST['pages'])    : 0);
 		$params['top']       = ((x($_REQUEST,'top'))        ? intval($_REQUEST['top'])      : 0);
-		$params['start']     = ((x($params,'start'))        ? intval($params['start'])      : 0);
-		$params['records']   = ((x($params,'records'))      ? intval($params['records'])    : 40);
-		$params['direction'] = ((x($params,'direction'))    ? dbesc($params['direction'])   : 'desc');
+		$params['start']     = ((x($_REQUEST,'start'))      ? intval($_REQUEST['start'])      : 0);
+		$params['records']   = ((x($_REQUEST,'records'))    ? intval($_REQUEST['records'])    : 10);
+		$params['direction'] = ((x($_REQUEST,'direction'))  ? dbesc($_REQUEST['direction'])   : 'desc');
 		$params['cat']       = ((x($_REQUEST,'cat'))        ? escape_tags($_REQUEST['cat']) : '');
 		$params['compat']    = ((x($_REQUEST,'compat'))     ? intval($_REQUEST['compat'])   : 1);	
 
+		if(! in_array($params['direction'],['asc','desc'])) {
+			$params['direction'] = 'desc';
+		}
 
 		if(argc() > 1) {
 

Zotlabs/Module/Owa.php

@@ -0,0 +1,55 @@
+<?php
+
+namespace Zotlabs\Module;
+
+/**
+ * OpenWebAuth verifier and token generator
+ * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home
+ * Requests to this endpoint should be signed using HTTP Signatures
+ * using the 'Authorization: Signature' authentication method
+ * If the signature verifies a token is returned. 
+ *
+ * This token may be exchanged for an authenticated cookie. 
+ */
+
+class Owa extends \Zotlabs\Web\Controller {
+
+	function init() {
+
+		$ret = [ 'success' => false ];
+
+		foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
+			if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
+				if($head !== 'HTTP_AUTHORIZATION') {
+					$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
+					continue;
+				}
+
+				$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
+				if($sigblock) {
+					$keyId = $sigblock['keyId'];
+
+					if($keyId) {
+						$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash 
+							where hubloc_addr = '%s' limit 1",
+							dbesc(str_replace('acct:','',$keyId))
+						);
+						if($r) {
+							$hubloc = $r[0];
+							$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	
+							if($verified && $verified['header_signed'] && $verified['header_valid']) {
+								$ret['success'] = true;
+								$token = random_string(32);
+								\Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
+								$result = '';
+								openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
+								$ret['encrypted_token'] = base64url_encode($result);
+							}
+						}
+					}
+				}
+			}
+		}
+		json_return_and_die($ret,'application/x-zot+json');
+	}
+}

Zotlabs/Module/Page.php

@@ -89,22 +89,30 @@ class Page extends \Zotlabs\Web\Controller {
 		if(! $ignore_language) {
 			$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
 				where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 
-				and (( iconfig.k = 'WEBPAGE' and item_type = %d ) 
-				OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1",
+				and iconfig.k = 'WEBPAGE' and item_type = %d  
+				$sql_options $revision limit 1",
 				intval($u[0]['channel_id']),
 				dbesc($lang_page_id),
-				intval(ITEM_TYPE_WEBPAGE),
-				intval(ITEM_TYPE_PDL)
+				intval(ITEM_TYPE_WEBPAGE)
 			);
 		}
 		if(! $r) {
 			$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
 				where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 
-				and (( iconfig.k = 'WEBPAGE' and item_type = %d ) 
-				OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1",
+				and iconfig.k = 'WEBPAGE' and item_type = %d 
+				$sql_options $revision limit 1",
+				intval($u[0]['channel_id']),
+				dbesc($page_id),
+				intval(ITEM_TYPE_WEBPAGE)
+			);
+		}
+		if(! $r) {
+			// no webpage by that name, but we do allow you to load/preview a layout using this module. Try that.
+			$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 
+				and iconfig.k = 'PDL' AND item_type = %d $sql_options $revision limit 1",
 				intval($u[0]['channel_id']),
 				dbesc($page_id),
-				intval(ITEM_TYPE_WEBPAGE),
 				intval(ITEM_TYPE_PDL)
 			);
 		}
@@ -129,7 +137,7 @@ class Page extends \Zotlabs\Web\Controller {
 			}
 			return;
 		}
-	
+
 		if($r[0]['title'])
 			\App::$page['title'] = escape_tags($r[0]['title']);
 	

Zotlabs/Module/Pdledit.php

@@ -14,7 +14,7 @@ class Pdledit extends \Zotlabs\Web\Controller {
 
 		if(! trim($_REQUEST['content'])) {
 			del_pconfig(local_channel(),'system','mod_' . $_REQUEST['module'] . '.pdl');
-			goaway(z_root() . '/pdledit/' . $_REQUEST['module']);
+			goaway(z_root() . '/pdledit');
 		}
 		set_pconfig(local_channel(),'system','mod_' . $_REQUEST['module'] . '.pdl',escape_tags($_REQUEST['content']));
 		build_sync_packet();
@@ -34,19 +34,38 @@ class Pdledit extends \Zotlabs\Web\Controller {
 			notice( t('Feature disabled.') . EOL);
 			return;
 		}
-	
+
+		if(argc() > 2 && argv(2) === 'reset') {
+			del_pconfig(local_channel(),'system','mod_' . argv(1) . '.pdl');
+			goaway(z_root() . '/pdledit');
+ 		}
+
 		if(argc() > 1)
 			$module = 'mod_' . argv(1) . '.pdl';
 		else {
 			$o .= '<div class="generic-content-wrapper-styled">';
 			$o .= '<h1>' . t('Edit System Page Description') . '</h1>';
+
+			$edited = [];
+
+			$r = q("select k from pconfig where uid = %d and cat = 'system' and k like '%s' ",
+				intval(local_channel()),
+				dbesc('mod_%.pdl')
+			);
+
+			if($r) {
+				foreach($r as $rv) {
+					$edited[] = substr(str_replace('.pdl','',$rv['k']),4);
+				}
+			}
+			
 			$files = glob('Zotlabs/Module/*.php');
 			if($files) {
 				foreach($files as $f) {
 					$name = lcfirst(basename($f,'.php'));
 					$x = theme_include('mod_' . $name . '.pdl');
 					if($x) {
-						$o .= '<a href="pdledit/' . $name . '" >' . $name . '</a><br />';
+						$o .= '<a href="pdledit/' . $name . '" >' . $name . '</a>' . ((in_array($name,$edited)) ? ' ' . t('(modified)') . ' <a href="pdledit/' . $name . '/reset" >' . t('Reset') . '</a>': '' ) . '<br />';
 					}
 				}
 			}
@@ -58,8 +77,10 @@ class Pdledit extends \Zotlabs\Web\Controller {
 		}
 	
 		$t = get_pconfig(local_channel(),'system',$module);
-		if(! $t)
-			$t = file_get_contents(theme_include($module));
+		$s = file_get_contents(theme_include($module));
+		if(! $t) {
+			$t = $s;
+		}	
 		if(! $t) {
 			notice( t('Layout not found.') . EOL);
 			return '';
@@ -69,7 +90,10 @@ class Pdledit extends \Zotlabs\Web\Controller {
 			'$header' => t('Edit System Page Description'),
 			'$mname' => t('Module Name:'),
 			'$help' => t('Layout Help'),
+			'$another' => t('Edit another layout'),
+			'$original' => t('System layout'),
 			'$module' => argv(1),
+			'$src' => $s,
 			'$content' => htmlspecialchars($t,ENT_COMPAT,'UTF-8'),
 			'$submit' => t('Submit')
 		));

Zotlabs/Module/Photos.php

@@ -202,6 +202,11 @@ class Photos extends \Zotlabs\Web\Controller {
 			);
 			if(($m) && ($m[0]['folder'] != $_POST['move_to_album'])) {
 				attach_move($page_owner_uid,argv(2),$_POST['move_to_album']);			
+
+				$sync = attach_export_data(\App::$data['channel'],argv(2),true);
+				if($sync) 
+					build_sync_packet($page_owner_uid,array('file' => array($sync)));
+
 				if(! ($_POST['desc'] && $_POST['newtag']))
 					goaway(z_root() . '/' . $_SESSION['photo_return']);
 			}
@@ -465,6 +470,51 @@ class Photos extends \Zotlabs\Web\Controller {
 			$_REQUEST['group_deny']    = expand_acl($channel['channel_deny_gid']);
 		}
 	
+
+		$matches = [];
+		$partial = false;
+
+
+
+		if(array_key_exists('HTTP_CONTENT_RANGE',$_SERVER)) {
+			$pm = preg_match('/bytes (\d*)\-(\d*)\/(\d*)/',$_SERVER['HTTP_CONTENT_RANGE'],$matches);
+			if($pm) {
+				logger('Content-Range: ' . print_r($matches,true));
+				$partial = true;
+			}
+		}
+
+		if($partial) {
+			$x = save_chunk($channel,$matches[1],$matches[2],$matches[3]);
+
+			if($x['partial']) {
+				header('Range: bytes=0-' . (($x['length']) ? $x['length'] - 1 : 0));
+				json_return_and_die($result);
+			}
+			else {
+				header('Range: bytes=0-' . (($x['size']) ? $x['size'] - 1 : 0));
+
+				$_FILES['userfile'] = [
+					'name'     => $x['name'],
+					'type'     => $x['type'],
+					'tmp_name' => $x['tmp_name'],
+					'error'    => $x['error'],
+					'size'     => $x['size']
+				];
+			}
+		}
+		else {	
+			if(! array_key_exists('userfile',$_FILES)) {
+				$_FILES['userfile'] = [
+					'name'     => $_FILES['files']['name'],
+					'type'     => $_FILES['files']['type'],
+					'tmp_name' => $_FILES['files']['tmp_name'],
+					'error'    => $_FILES['files']['error'],
+					'size'     => $_FILES['files']['size']
+				];
+			}
+		}
+
 		$r = attach_store($channel,get_observer_hash(), '', $_REQUEST);
 	
 		if(! $r['success']) {
@@ -555,10 +605,13 @@ class Photos extends \Zotlabs\Web\Controller {
 		$sql_extra = permissions_sql($owner_uid,get_observer_hash(),'photo');
 		$sql_attach = permissions_sql($owner_uid,get_observer_hash(),'attach');
 
-		nav_set_selected(t('Photos'));
-	
-		$o = "";
+		nav_set_selected('Photos');
 	
+		$o = '<script src="library/blueimp_upload/js/vendor/jquery.ui.widget.js"></script>
+			<script src="library/blueimp_upload/js/jquery.iframe-transport.js"></script>
+			<script src="library/blueimp_upload/js/jquery.fileupload.js"></script>';
+
+
 		$o .= "<script> var profile_uid = " . \App::$profile['profile_uid'] 
 			. "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n";
 	
@@ -656,7 +709,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				'$uploader' => $ret['addon_text'],
 				'$default' => (($ret['default_upload']) ? true : false),
 				'$uploadurl' => $ret['post_url'],
-				'$submit' => t('Submit')
+				'$submit' => t('Upload')
 	
 			));
 	
@@ -671,8 +724,13 @@ class Photos extends \Zotlabs\Web\Controller {
 		 */
 	
 		if($datatype === 'album') {
-	
-			\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n";
+
+			head_add_link([ 
+				'rel'   => 'alternate',
+				'type'  => 'application/json+oembed',
+				'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+				'title' => 'oembed'
+			]);
 
 			if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) {
 				\App::set_pager_itemspage(60);
@@ -765,7 +823,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				if($photos) {
 					$o = replace_macros(get_markup_template('photosajax.tpl'),array(
 						'$photos' => $photos,
-						'$album_id' => bin2hex($album)
+						'$album_id' => $datum
 					));
 				}
 				else {
@@ -1036,7 +1094,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 				$likebuttons = '';
 	
-				if($can_post || $can_comment) {
+				if($observer && ($can_post || $can_comment)) {
 					$likebuttons = [
 						'id'       => $link_item['id'],
 						'likethis' => t("I like this \x28toggle\x29"),
@@ -1047,8 +1105,8 @@ class Photos extends \Zotlabs\Web\Controller {
 				}
 	
 				$comments = '';
-				if(! count($r)) {
-					if($can_post || $can_comment) {
+				if(! $r) {
+					if($observer && ($can_post || $can_comment)) {
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '', 
 							'$mode' => 'photos',
@@ -1167,7 +1225,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 					}
 				
-					if($can_post || $can_comment) {
+					if($observer && ($can_post || $can_comment)) {
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '',
 							'$jsreload' => $return_url,

Zotlabs/Module/Ping.php

@@ -19,6 +19,7 @@ class Ping extends \Zotlabs\Web\Controller {
 	 * @result JSON
 	 */
 	function init() {
+
 		$result = array();
 		$notifs = array();
 
@@ -36,6 +37,11 @@ class Ping extends \Zotlabs\Web\Controller {
 		$result['all_events_today'] = 0;
 		$result['notice'] = array();
 		$result['info'] = array();
+		$result['pubs'] = 0;
+		$result['files'] = 0;
+
+		if(! $_SESSION['static_loadtime'])
+			$_SESSION['static_loadtime'] = datetime_convert();
 
 		$t0 = dba_timer();
 
@@ -134,6 +140,59 @@ class Ping extends \Zotlabs\Web\Controller {
 			db_utcnow(), db_quoteinterval('3 MINUTE')
 		);
 
+		$discover_tab_on = ((get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false) ? false : true);
+		$notify_pubs = ((local_channel()) ? ($vnotify & VNOTIFY_PUBS) && $discover_tab_on : $discover_tab_on);
+
+		if($notify_pubs) {
+			$sys = get_sys_channel();
+
+			$pubs = q("SELECT count(id) as total from item
+				WHERE uid = %d
+				AND author_xchan != '%s'
+				AND obj_type != '%s'
+				AND item_unseen = 1
+				AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "'
+				$item_normal",
+				intval($sys['channel_id']),
+				dbesc(get_observer_hash()),
+				dbesc(ACTIVITY_OBJ_FILE)
+			);
+
+			if($pubs)
+				$result['pubs'] = intval($pubs[0]['total']);
+		}
+
+		if((argc() > 1) && (argv(1) === 'pubs') && ($notify_pubs)) {
+			$sys = get_sys_channel();
+			$result = array();
+
+			$r = q("SELECT * FROM item
+				WHERE uid = %d
+				AND author_xchan != '%s'
+				AND item_unseen = 1
+				AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "'
+				$item_normal
+				ORDER BY created DESC
+				LIMIT 300",
+				intval($sys['channel_id']),
+				dbesc(get_observer_hash())
+			);
+
+			if($r) {
+				xchan_query($r);
+				foreach($r as $rr) {
+					$rr['llink'] = str_replace('display/', 'pubstream/?f=&mid=', $rr['llink']);
+					$result[] = \Zotlabs\Lib\Enotify::format($rr);
+				}
+			}
+
+//			logger('ping (network||home): ' . print_r($result, true), LOGGER_DATA);
+			echo json_encode(array('notify' => $result));
+			killme();
+		}
+
+		$t1 = dba_timer();
+
 		if((! local_channel()) || ($result['invalid'])) {
 			echo json_encode($result);
 			killme();
@@ -160,7 +219,7 @@ class Ping extends \Zotlabs\Web\Controller {
 						intval(local_channel())
 					);
 					break;
-				case 'messages':
+				case 'mail':
 					$r = q("update mail set mail_seen = 1 where mail_seen = 0 and channel_id = %d ",
 						intval(local_channel())
 					);
@@ -177,6 +236,9 @@ class Ping extends \Zotlabs\Web\Controller {
 						intval(local_channel())
 					);
 					break;
+				case 'pubs':
+					unset($_SESSION['static_loadtime']);
+					break;
 				default:
 					break;
 			}
@@ -194,37 +256,32 @@ class Ping extends \Zotlabs\Web\Controller {
 		 * dropdown menu.
 		 */
 		if(argc() > 1 && argv(1) === 'notify') {
-			$t = q("select count(*) as total from notify where uid = %d and seen = 0",
+			$t = q("select * from notify where uid = %d and seen = 0 order by created desc",
 				intval(local_channel())
 			);
-			if($t && intval($t[0]['total']) > 49) {
-				$z = q("select * from notify where uid = %d
-					and seen = 0 order by created desc limit 50",
-					intval(local_channel())
-				);
-			} else {
-				$z1 = q("select * from notify where uid = %d
-					and seen = 0 order by created desc limit 50",
-					intval(local_channel())
-				);
-				$z2 = q("select * from notify where uid = %d
-					and seen = 1 order by created desc limit %d",
-					intval(local_channel()),
-					intval(50 - intval($t[0]['total']))
-				);
-				$z = array_merge($z1,$z2);
-			}
 
-			if(count($z)) {
-				foreach($z as $zz) {
+			if($t) {
+				foreach($t as $tt) {
+					$message = trim(strip_tags(bbcode($tt['msg'])));
+
+					if(strpos($message, $tt['xname']) === 0)
+						$message = substr($message, strlen($tt['xname']) + 1);
+
+
+					$mid = basename($tt['link']);
+
+					$b64mid = ((strpos($mid, 'b64.' === 0)) ? $mid : 'b64.' . base64url_encode($mid));
+
 					$notifs[] = array(
-						'notify_link' => z_root() . '/notify/view/' . $zz['id'],
-						'name' => $zz['xname'],
-						'url' => $zz['url'],
-						'photo' => $zz['photo'],
-						'when' => relative_date($zz['created']),
-						'hclass' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'),
-						'message' => strip_tags(bbcode($zz['msg']))
+						'notify_link' => z_root() . '/notify/view/' . $tt['id'],
+						'name' => $tt['xname'],
+						'url' => $tt['url'],
+						'photo' => $tt['photo'],
+						'when' => relative_date($tt['created']),
+						'hclass' => (($tt['seen']) ? 'notify-seen' : 'notify-unseen'),
+						'b64mid' => (($tt['otype'] == 'item') ? $b64mid : 'undefined'),
+						'notify_id' => (($tt['otype'] == 'item') ? $tt['id'] : 'undefined'),
+						'message' => $message
 					);
 				}
 			}
@@ -233,7 +290,7 @@ class Ping extends \Zotlabs\Web\Controller {
 			killme();
 		}
 
-		if(argc() > 1 && argv(1) === 'messages') {
+		if(argc() > 1 && argv(1) === 'mail') {
 			$channel = \App::get_channel();
 			$t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan
 				where channel_id = %d and mail_seen = 0 and mail_deleted = 0
@@ -265,7 +322,8 @@ class Ping extends \Zotlabs\Web\Controller {
 
 			$r = q("SELECT * FROM item
 				WHERE item_unseen = 1 and uid = %d $item_normal
-				and author_xchan != '%s' ORDER BY created DESC limit 300",
+				AND author_xchan != '%s'
+				ORDER BY created DESC limit 300",
 				intval(local_channel()),
 				dbesc($ob_hash)
 			);
@@ -308,6 +366,30 @@ class Ping extends \Zotlabs\Web\Controller {
 			killme();
 		}
 
+		if((argc() > 1 && (argv(1) === 'register')) && is_site_admin()) {
+			$result = array();
+
+			$r = q("SELECT account_email, account_created from account where (account_flags & %d) > 0",
+				intval(ACCOUNT_PENDING)
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$result[] = array(
+						'notify_link' => z_root() . '/admin/accounts',
+						'name' => $rr['account_email'],
+						'url' => '',
+						'photo' => get_default_profile_photo(48),
+						'when' => relative_date($rr['account_created']),
+						'hclass' => ('notify-unseen'),
+						'message' => t('requires approval')
+					);
+				}
+			}
+			logger('ping (register): ' . print_r($result, true), LOGGER_DATA);
+			echo json_encode(array('notify' => $result));
+			killme();
+		}
+
 		if(argc() > 1 && (argv(1) === 'all_events')) {
 			$bd_format = t('g A l F d') ; // 8 AM Friday January 18
 
@@ -345,6 +427,39 @@ class Ping extends \Zotlabs\Web\Controller {
 			killme();
 		}
 
+		if(argc() > 1 && (argv(1) === 'files')) {
+			$result = array();
+
+			$r = q("SELECT item.created, xchan.xchan_name, xchan.xchan_url, xchan.xchan_photo_s FROM item 
+				LEFT JOIN xchan on author_xchan = xchan_hash
+				WHERE item.verb = '%s'
+				AND item.obj_type = '%s'
+				AND item.uid = %d
+				AND item.owner_xchan != '%s'
+				AND item.item_unseen = 1",
+				dbesc(ACTIVITY_POST),
+				dbesc(ACTIVITY_OBJ_FILE),
+				intval(local_channel()),
+				dbesc($ob_hash)
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$result[] = array(
+						'notify_link' => z_root() . '/sharedwithme',
+						'name' => $rr['xchan_name'],
+						'url' => $rr['xchan_url'],
+						'photo' => $rr['xchan_photo_s'],
+						'when' => relative_date($rr['created']),
+						'hclass' => ('notify-unseen'),
+						'message' => t('shared a file with you')
+					);
+				}
+			}
+			logger('ping (files): ' . print_r($result, true), LOGGER_DATA);
+			echo json_encode(array('notify' => $result));
+			killme();
+		}
+
 		/**
 		 * Normal ping - just the counts, no detail
 		 */
@@ -356,13 +471,32 @@ class Ping extends \Zotlabs\Web\Controller {
 				$result['notify'] = intval($t[0]['total']);
 		}
 
-		$t1 = dba_timer();
+		$t2 = dba_timer();
+
+		if($vnotify & VNOTIFY_FILES) {
+			$files = q("SELECT count(id) as total FROM item
+				WHERE verb = '%s'
+				AND obj_type = '%s'
+				AND uid = %d
+				AND owner_xchan != '%s'
+				AND item_unseen = 1",
+				dbesc(ACTIVITY_POST),
+				dbesc(ACTIVITY_OBJ_FILE),
+				intval(local_channel()),
+				dbesc($ob_hash)
+			);
+			if($files)
+				$result['files'] = intval($files[0]['total']);
+		}
+
+		$t3 = dba_timer();
 
 		if($vnotify & (VNOTIFY_NETWORK|VNOTIFY_CHANNEL)) {
+			
 			$r = q("SELECT id, item_wall FROM item
 				WHERE item_unseen = 1 and uid = %d
 				$item_normal
-				and author_xchan != '%s'",
+				AND author_xchan != '%s'",
 				intval(local_channel()),
 				dbesc($ob_hash)
 			);
@@ -384,20 +518,20 @@ class Ping extends \Zotlabs\Web\Controller {
 		if(! ($vnotify & VNOTIFY_CHANNEL))
 			$result['home'] = 0;
 
-		$t2 = dba_timer();
+		$t4 = dba_timer();
 
 		if($vnotify & VNOTIFY_INTRO) {
 			$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ",
 				intval(local_channel())
 			);
 
-			$t3 = dba_timer();
+			$t5 = dba_timer();
 
 			if($intr)
 				$result['intros'] = intval($intr[0]['total']);
 		}
 
-		$t4 = dba_timer();
+		$t6 = dba_timer();
 		$channel = \App::get_channel();
 
 		if($vnotify & VNOTIFY_MAIL) {
@@ -420,7 +554,7 @@ class Ping extends \Zotlabs\Web\Controller {
 			}
 		}
 
-		$t5 = dba_timer();
+		$t7 = dba_timer();
 
 		if($vnotify & (VNOTIFY_EVENT|VNOTIFY_EVENTTODAY|VNOTIFY_BIRTHDAY)) {
 			$events = q("SELECT etype, dtstart, adjust FROM event
@@ -466,9 +600,9 @@ class Ping extends \Zotlabs\Web\Controller {
 
 		$x = json_encode($result);
 
-		$t6 = dba_timer();
+		$t8 = dba_timer();
 
-//		logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0));
+//		logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t8 - $t7, $t7 - $t6, $t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0));
 
 		echo $x;
 		killme();

Zotlabs/Module/Poke.php

@@ -150,7 +150,7 @@ class Poke extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		nav_set_selected(t('Poke'));
+		nav_set_selected('Poke');
 	
 		$name = '';
 		$id = '';

Zotlabs/Module/Post.php

@@ -19,16 +19,16 @@ class Post extends \Zotlabs\Web\Controller {
 	function init() {
 		if(array_key_exists('auth', $_REQUEST)) {
 			$x = new \Zotlabs\Zot\Auth($_REQUEST);
-
 			exit;
 		}
 	}
 
 	function post() {
-		$z = new \Zotlabs\Zot\Receiver($_REQUEST['data'], get_config('system', 'prvkey'), new \Zotlabs\Zot\ZotHandler());
+		if(array_key_exists('data',$_REQUEST)) {
+			$z = new \Zotlabs\Zot\Receiver($_REQUEST['data'], get_config('system', 'prvkey'), new \Zotlabs\Zot\ZotHandler());
+			exit;
+		}
 
-		// notreached;
-		exit;
 	}
 
 }

Zotlabs/Module/Probe.php

@@ -8,7 +8,7 @@ class Probe extends \Zotlabs\Web\Controller {
 
 	function get() {
 
-		nav_set_selected(t('Remote Diagnostics'));
+		nav_set_selected('Remote Diagnostics');
 
 		$o .= '<h3>Probe Diagnostic</h3>';
 	

Zotlabs/Module/Profile.php

@@ -94,7 +94,6 @@ class Profile extends \Zotlabs\Web\Controller {
 			echo \App::$profile['profile_vcard'];
 			killme();
 		}
-
 	
 		$is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false);
 	
@@ -102,12 +101,15 @@ class Profile extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
-		//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
-	
-		\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
-	
-		$o .= advanced_profile($a);
+		
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
+
+		$o .= advanced_profile();
 		call_hooks('profile_advanced',$o);
 		return $o;
 	

Zotlabs/Module/Profile_photo.php

@@ -150,6 +150,14 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 					// If setting for the default profile, unset the profile photo flag from any other photos I own
 	
 					if($is_default_profile) {
+
+						$r = q("update profile set photo = '%s', thumb = '%s' where is_default = 1 and uid = %d",
+							dbesc(z_root() . '/photo/profile/l/' . local_channel()),
+							dbesc(z_root() . '/photo/profile/m/' . local_channel()),
+							intval(local_channel())
+						);
+
+
 						$r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d
 							AND resource_id != '%s' AND uid = %d",
 							intval(PHOTO_NORMAL),
@@ -158,6 +166,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 							intval(local_channel())
 						);
 	
+
 						send_profile_photo_activity($channel,$base_image,$profile);
 	
 					}
@@ -170,16 +179,24 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 						);
 					}
 	
-					profiles_build_sync(local_channel());
+					// set $send to false in profiles_build_sync() to return the data
+					// so that we only send one sync packet. 
+
+					$sync_profiles = profiles_build_sync(local_channel(),false);
 	
 					// We'll set the updated profile-photo timestamp even if it isn't the default profile,
 					// so that browsers will do a cache update unconditionally
+					// Also set links back to site-specific profile photo url in case it was
+					// changed to a generic URL by a clone operation. Otherwise the new photo may 
+					// not get pushed to other sites correctly.
 	
-	
-					$r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s' 
+					$r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s'  
 						where xchan_hash = '%s'",
 						dbesc($im->getType()),
 						dbesc(datetime_convert()),
+						dbesc(z_root() . '/photo/profile/l/' . $channel['channel_id']),
+						dbesc(z_root() . '/photo/profile/m/' . $channel['channel_id']),
+						dbesc(z_root() . '/photo/profile/s/' . $channel['channel_id']),
 						dbesc($channel['xchan_hash'])
 					);
 
@@ -187,7 +204,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 
 					$sync = attach_export_data($channel,$base_image['resource_id']);
 					if($sync)
-						build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+						build_sync_packet($channel['channel_id'],array('file' => array($sync), 'profile' => $sync_profiles));
 
 
 					// Similarly, tell the nav bar to bypass the cache and update the avatar image.