fix sql empty query error in db update 1216

(cherry picked from commit e4a1286aae)

.homeinstall/README.md

@@ -39,7 +39,7 @@ Software
   - mkdir -p /var/www
   - cd /var/www
   - git clone https://github.com/redmatrix/hubzilla.git html
-  - cd /html/.homeinstall
+  - cd html/.homeinstall
   - cp hubzilla-config.txt.template hubzilla-config.txt
   - nano hubzilla-config.txt
     - Read the comments carefully
@@ -50,6 +50,20 @@ Software
   - reboot
 + Open your domain with a browser and step throught the initial configuration of hubzilla.
 
+## Troubleshooting
+
+If the check of the mail address fails when you try to register the very first user in the browser. Do...
+
+    cd /var/www/html
+    util/config system.do_not_check_dns 1
+
+## Optional - Set path to imagemagick
+
+In Admin settings of hubzilla or via terminal
+
+    cd /var/www/html
+    util/config system.imagick_convert_path /usr/bin/convert
+
 # Step-by-Step in Detail
 
 ## Preparations Hardware
@@ -120,7 +134,7 @@ There are two ways to get a domain...
 
 The cost are around 10,- € once and 1,50 € per month (2017).
 
-The cost are around 10,- € once and 1,50 € per month (2017).
+### Method 2: Register a free subdomain
 
 ...for example register at freedns.afraid.org
 
@@ -150,7 +164,7 @@ Make the directory for apache and change diretory to it
 
 Clone hubzilla from git ("git pull" will update it later)
 
-    git clone https://github.com/redmatrix/hubzilla html
+    git clone https://framagit.org/hubzilla/core html
 
 Change to the install script
 
@@ -189,9 +203,16 @@ Leave db type "MySQL" untouched.
 
 Follow the instructions in the next pages.
 
+Recommended: Set path to imagemagick
+
+- in admin settings of hubzilla or 
+- via terminal
+
+    util/config system.imagick_convert_path /usr/bin/convert
+
 After the daily script was executed at 05:30 (am)
 
-- look at var/www/html/hubzilla-daily.log
+- look at /var/www/html/hubzilla-daily.log
 - check your backup on the external drive
 - optionally view the daily log under yourdomain.org/admin/logs/
   - set the logfile to var/www/html/hubzilla-daily.log
@@ -213,4 +234,12 @@ to boot the Rapsi to the client console.
 
 DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
 
+On a Raspian Stretch (Debian 9) the validation of the mail address fails for the very first user.
+This used to happen on some *bsd distros but there was some work to fix that a year ago (2017).
+
+So if your system isn't registered in DNS or DNS isn't active do
+
+    cd /var/www/html
+    util/config system.do_not_check_dns 1
+
 

.homeinstall/hubzilla-setup.sh

@@ -136,17 +136,17 @@ function check_config {
     # backup is important and should be checked
 	if [ -n "$backup_device_name" ]
 	then
-        device_mounted=0
+            if [ ! -d "$backup_mount_point" ]
+            then
+                mkdir "$backup_mount_point"
+	    fi
+            device_mounted=0
 		if fdisk -l | grep -i "$backup_device_name.*linux"
 		then
 		    print_info "ok - filesystem of external device is linux"
 	        if [ -n "$backup_device_pass" ]
 	        then
 	            echo "$backup_device_pass" | cryptsetup luksOpen $backup_device_name cryptobackup
-	            if [ ! -d /media/hubzilla_backup ]
-	            then
-	                mkdir /media/hubzilla_backup
-	            fi
 	            if mount /dev/mapper/cryptobackup /media/hubzilla_backup
 	            then
                     device_mounted=1
@@ -246,6 +246,11 @@ function install_apache {
     nocheck_install "apache2 apache2-utils"
 }
 
+function install_imagemagick {
+    print_info "installing imagemagick..."
+    nocheck_install "imagemagick"
+}
+
 function install_curl {
     print_info "installing curl..."
     nocheck_install "curl"
@@ -567,7 +572,7 @@ function check_https {
 function install_hubzilla {
     print_info "installing hubzilla addons..."
     cd /var/www/html/
-    util/add_addon_repo https://github.com/redmatrix/hubzilla-addons.git hzaddons
+    util/add_addon_repo https://framagit.org/hubzilla/addons.git hzaddons
     mkdir -p "store/[data]/smarty3"
     chmod -R 777 store
     touch .htconfig.php
@@ -801,6 +806,7 @@ update_upgrade
 install_curl
 install_sendmail
 install_apache
+install_imagemagick
 install_php
 install_mysql
 install_phpmyadmin

.travis.yml

@@ -62,28 +62,34 @@ matrix:
   fast_finish: true
   # Additional check combinations
   include:
-    # PHP7.1, mariadb 10.1
-    - php: '7.1'
-      env: DB=mariadb MARIADB_VERSION=10.1 CODECOV=1
+    # PHP7.2, mariadb 10.2
+    - php: '7.2'
+      env: DB=mariadb MARIADB_VERSION=10.2 CODECOV=1
       # use mariadb instead of MySQL
       addons:
-        mariadb: '10.1'
-    # PHP7.1, PostgreSQL 9.6
-    - php: '7.1'
+        mariadb: '10.2'
+    # PHP7.2, PostgreSQL 9.6
+    - php: '7.2'
       env: DB=pgsql POSTGRESQL_VERSION=9.6 PHPUNITFILE=phpunit-pgsql.xml
       # Use newer postgres than 9.2 default
       addons:
         postgresql: '9.6'
       services:
         - postgresql
-    # PHP7.1, old precise distribution with MySQL 5.5
-    - php: '7.1'
+    # PostgreSQL 10 with Docker container
+    - php: '7.2'
+      env: DB=pgsql POSTGRESQL_VERSION=10 PHPUNITFILE=phpunit-pgsql.xml
+      sudo: required
+      services:
+        - docker
+    # PHP7.2, old precise distribution with MySQL 5.5
+    - php: '7.2'
       env: DB=mysql MYSQL_VERSION=5.5
       dist: precise
       services:
         - mysql
     # MySQL 5.7 with Docker container
-    - php: '7.1'
+    - php: '7.2'
       env: DB=mysql MYSQL_VERSION=5.7
       sudo: required
       services:
@@ -109,6 +115,8 @@ before_install:
   - travis_retry composer self-update
   # Start MySQL 5.7 Docker container, needs some time to come up
   - if [[ "$MYSQL_VERSION" == "5.7" ]]; then sudo service mysql stop; docker run -d -p 3306:3306 -e MYSQL_ALLOW_EMPTY_PASSWORD=yes mysql:5.7 && sleep 25 && docker ps; fi
+  # Start PostgreSQL 10 Docker container, needs some time to come up
+  - if [[ "$POSTGRESQL_VERSION" == "10" ]]; then sudo service postgresql stop; docker run -d -p 5432:5432 postgres:10-alpine && sleep 35 && docker ps; fi
 
 # Install composer dev libs
 install:

CHANGELOG

@@ -1,3 +1,197 @@
+Hubzilla 3.6 (????-??-??)
+	- Update jquery.timeago library
+	- Implement Hookable CSP
+	- ActivityStreams: accept header changes to support plume 
+	- Streamline inconsistencies in addon naming
+	- SECURITY: hash the session_id in logs
+	- Update justified gallery library
+	- Hide channel in /cloud root if channel is hidden in directory
+	- Add resend option to channel sources tp discard original author.
+	- Provide flag to exclude privacy groups for federation plugin use in collect_recipients()
+	- Upgrading from redmatrix is no longer supported
+	- Deal with htmlentity encoding during authentication workflow
+	- Rework mod group
+	- Make droping posts of removed connections more memory efficient
+	- Refactor getOutainfo() for DAV storage
+	- Optionally report total available space when uploading
+	- SECURITY: provide option to disable the cloud 'root' directory and make the cloud module require a target channel nickname 
+	- Add plink and llink to viewsource
+	- Add new 'filter by name' feature 
+	- Remove network tabs
+	- New activity filter widget
+	- New activity order widget
+	- Make menus editable by visitors with webpage write permissions
+	- Move forum notifications to notifications
+	- Move manage privacy groups to the panel channel menu
+	- Don't remove items that are starred, filed, or that you replied to when removing a connection
+	- Don't deliver local items more than once
+	- Make navbar search use the module search function in /network and /channel
+	- Paint the locks on private activitypub items red. Their privacy model is "slightly" different from hubzillas
+	- Improve new channel creation workflow
+	- Add hook 'get_system_apps'
+	- Implement reset button for jot
+	- Adjust accept header to make pleroma happy
+	- Provide a general purpose GDPR document
+	- Provide function to fetch photo contents from url
+	- Make get_default_profile_photo() pluggable
+	- Refactor tags/mentions
+	- Refactor autocomplete mechanism
+	- Display pubsites link in info area if invite only
+	- Add cancel button to editor
+	- Implement MessageFilter for pubstream and sourced messages
+	- Add supported protocols to siteinfo
+	- Allow pdf embeds
+	- Allow uninstall of plugins which no longer exists via cmdline tool
+	- Improve the homeinstall script
+	- Provide easy access to the autoperms setting for forum and repository channels
+	- Implement admin delete of files, photos and posts
+	- Allow a different username to be used when importing a channel
+	- Provide warnings about profile photo and cover photo permissions
+	- Set the 'force' flag on attach_mkdir when initiated from a DAV operation
+
+	Bugfixes
+	- Fix double file uploads when dropping files into jot
+	- Fix jot collapsing when drag and drop to open jot
+	- Fix wrong album name when moving photos
+	- Fix wrong timestamp localization before first update in mod mail
+	- Fix post exiration not propagated to other networks (which support it)
+	- Fix sys channels visible in dirsearch
+	- Fix remote_self not working correctly
+	- Fix photos not syncing properly if destination is a postgres site
+	- Fix wrong hubloc_url for activitypub hublocs 
+	- Fix z_check_dns() for BSD 
+	- Fix not null violation in oauth1
+	- Fix DB issues with oauth2 on postgresql
+	- Fix 'anybody authenticated' not correctly handled in can_comment_on_post()
+	- Fix postgres issue if register mode is set to yes - with approval
+	- Fix tag search not finding articles
+	- Fix issue with mentions when markdown post addon is enabled
+	- Fix duplicate addressbook entries on repeated channel imports
+
+	Addons
+	- Cart: various display improvements
+	- Cart: make cart work with postgresql DB backend
+	- Cart: add new hzservice for service_classes
+	- Cart: add storewide currency settings
+	- Cart: provide channel app 'Shop' for cart addon
+	- Cart: implement order updating
+	- Cart: use CSP hook for paypals checkout.js
+	- Cart: provide a cancel mechanism for orders
+	- Cart: add paypal button
+	- Gallery: new addon to display photo albums with the photoswipe library
+	- Ldapauth: optionally auto create channel
+	- Pubcrawl: new setting to ignore ActivityPub recipients in privacy groups
+	- Diaspora: fix issue with displaying multiple photos
+	- Pubcrawl: provide plink
+	- Pubcrawl: hubloc_url should be baseurl, not actor url
+	- Pubcrawl: deliver restricted posts from hubzilla as direct messages (there is no other way to address only a subset of followers in mastodon)
+	- Pubcrawl: address comments to a restricted mastodon post to /followers
+
+
+Hubzilla 3.4.2 (2018-07-19)
+	- Compatibility fix for future versions
+
+
+Hubzilla 3.4.1 (2018-06-08)
+	- Say bye, bye to GitHub and move sourcecode repositories to #^https://framagit.org/hubzilla
+	- When removing a connection, don't remove items that are starred, filed or replied to
+	- Do not show archived forums in forum widget
+	- Fix potential XSS vulnerabilities
+	- Translation updates
+	- Fix postresql issue with oauth2
+	- Improve abconfig queries
+	- Fix postgresql issue if register mode was set to yes - with approval
+
+	Addons
+	- Diaspora: fix likes of non-contacts not allowed to like allthough diaspora_public_comments is set
+	- Pubcrawl: fix wrong hubloc url
+	- Pubcrawl: fix issues with attachments
+	- Pubcrawl: fetch required item metadata in asfetch_item()
+	- Cavatar: use cavatar for all default profile photos if enabled
+	- Pubcrawl: fix peertube video display
+	- Pubcrawl: fix incoming activitypub comments not getting propagated downstream
+	- Statistics: fix .well-known/nodeinfo
+	- Pubsubhubbub: fix postgresql related issues
+	- Pubcrawl: send the original LD-signature signed activity when distributing comments downstream if we have it
+	- Cavatar: improve the image creation process
+
+
+Hubzilla 3.4 (2018-05-04)
+	- Provide warnings about profile photo and cover photo permissions
+	- Don't duplicate addressbook entries on repeated channel imports
+	- Where possible strip zid parameter from links that get pasted into posts so that they will get a correct zid when rendered
+	- Rename boxy schema to Focus-Boxy
+	- Rename BS-Default schema to Focus-Light
+	- Mark simple_* schemas unmaintained and deprecated - they will be removed in next release if nobody steps up to maintain them.
+	- Implement trending tags for mod pubstream
+ 	- Relax restrictions to the design tools menu to allow those with write_pages permission
+	- Add alt pager to mod moderate
+	- Show existing cover photo when changing it
+	- Update to bootstrap lib to version 4.1
+	- Provide a higher accuracy method for active channels information
+	- Provide visible star status for starred posts
+	- Move the thread author menu to the wall item photo
+	- Accept system_language through either get or post
+	- Remove recipient name from stored notifications but keep them in emails
+	- Fix issue of being forced to log back in after leaving a delegated channel
+	- Implement last commented expiration setting in mod admin
+	- Create catcloud widget and provide a type option which can include 'cards' or 'articles'
+	- Modified notifications widget to add the public stream when the current user is allowed to see it only
+	- Don't provide a connect button for transient identities
+	- Merge techlevels and features
+	- Implement auto-save posts and comments in browser using localStorage
+	- Display directory server in siteinfo.json
+	- Bring back the dnt policy document
+	- Implement OAuth2/OpenIDConnect server
+	- Add basic structure for additional features documentation
+	- Community tag refactor
+	- Obscurify chats
+	- Provide a way to share wiki pages
+	- Update folder timestamp on uploaded files
+	- Code optimisations and de-duplication on updating parent commented timestamp
+	- Turn newmember widget into a feature
+	- Make list mode work in cards and articles
+	- Make alt pager work for articles and cards
+	- Initial support for alternative sort orders on the cloud pages
+	- Add Ochannel module for testing OStatus bad behaviour
+	- Add the social - federation permission role
+	- Update justified gallery lib from 3.6.3 to 3.6.5
+
+	Bugfixes
+	- Fix regression with forum widget unseen count
+	- Fix issue with imagemagick exif info
+	- Aonymous comments in StdLimits shouldn't be allowed
+	- Fix wiki pages not syncing
+	- Show "Unseen public activity" channel setting when site only public streams are activated
+	- Fix channel import failing to provide channel_password value
+	- Fix permalinks to children of articles and cards
+	- Fix missing year on profile birthday input
+	- Fix missing login/out buttons for medium screensize
+	- Preserve existing categories when updating an app from an embed source
+	- Fix app sellpage not being stored
+	- Fix tagadelic being overly protective of permissions
+	- Fix comments not displayed in single card/article view
+	- Fix anonymous comments bump thread
+	- Fix pending registrations visible in admin accounts
+
+	Addons
+	Pubcrawl: fix issues with "private" messages
+	Pubcrawl: fix issues with postgresql
+	Fuzzloc: new addon to blur your browser location
+	Pubcrawl: implement follow by webfinger
+	Cart: new addon which provides online shop functionalities (experimental)
+	Pubcrawl: implement two-way summary functionality
+	Wordpress: upgrade incutio xmlrpc library to use hubzilla curl wrapper
+	Hzfiles: various fixes
+	Diaspora: support full_name attribute in profile messages
+	Frphotos: deprecate plugin (keep it for reference)
+	Webmention: require html5 parser
+	GNU-Social: provide alternative xchan_url
+	Diaspora: fix wrong callback function
+	Diaspora: fix conversion of forum mentions to markdown by providing a !{forum@host} link syntax
+	Diaspora: fix item title not transferred
+
+
 Hubzilla 3.2 (2018-03-09)
 	- Improve rendering of Readme files in plugin settings
 	- Add pdl file for mod moderate

README.md

@@ -5,7 +5,7 @@ Hubzilla - Community Server
 
 
 <p align="center" markdown="1">
-<em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
+<em><a href="https://framagit.org/hubzilla/core/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
 </p>
 
 **What is Hubzilla?**

Zotlabs/Access/PermissionLimits.php

@@ -41,10 +41,8 @@ class PermissionLimits {
 		$limits = [];
 		$perms = Permissions::Perms();
 
-		$anon_comments = get_config('system','anonymous_comments',true);
-
 		foreach($perms as $k => $v) {
-			if(strstr($k, 'view') || ($k === 'post_comments' && $anon_comments))
+			if(strstr($k, 'view'))
 				$limits[$k] = PERMS_PUBLIC;
 			else
 				$limits[$k] = PERMS_SPECIFIC;
@@ -74,13 +72,13 @@ class PermissionLimits {
 	 * @param int $channel_id
 	 * @param string $perm (optional)
 	 * @return
-	 *   * \b boolean false if no perm_limits set for this channel
-	 *   * \b int if $perm is set, return one of PERMS_* constants for this permission
+	 *   * \b false if no perm_limits set for this channel
+	 *   * \b int if $perm is set, return one of PERMS_* constants for this permission, default 0
 	 *   * \b array with all permission limits, if $perm is not set
 	 */
 	static public function Get($channel_id, $perm = '') {
 		if($perm) {
-			return PConfig::Get($channel_id, 'perm_limits', $perm);
+			return intval(PConfig::Get($channel_id, 'perm_limits', $perm));
 		}
 
 		PConfig::Load($channel_id);
@@ -90,4 +88,4 @@ class PermissionLimits {
 
 		return false;
 	}
-}
+}

Zotlabs/Access/PermissionRoles.php

@@ -41,6 +41,24 @@ class PermissionRoles {
 
 				break;
 
+			case 'social_federation':
+				$ret['perms_auto'] = false;
+				$ret['default_collection'] = false;
+				$ret['directory_publish'] = true;
+				$ret['online'] = true;
+				$ret['perms_connect'] = [
+					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
+					'post_mail', 'chat', 'post_like', 'republish'
+				];
+				$ret['limits'] = PermissionLimits::Std_Limits();
+				$ret['limits']['post_comments'] = PERMS_AUTHED;
+				$ret['limits']['post_mail'] = PERMS_AUTHED;
+				$ret['limits']['post_like'] = PERMS_AUTHED;
+				$ret['limits']['chat'] = PERMS_AUTHED;
+				break;
+
+
 			case 'social_restricted':
 				$ret['perms_auto'] = false;
 				$ret['default_collection'] = true;
@@ -263,6 +281,7 @@ class PermissionRoles {
 	static public function roles() {
 		$roles = [
 			t('Social Networking') => [
+				'social_federation' => t('Social - Federation'),
 				'social' => t('Social - Mostly Public'),
 				'social_restricted' => t('Social - Restricted'),
 				'social_private' => t('Social - Private')
@@ -289,6 +308,8 @@ class PermissionRoles {
 			]
 		];
 
+		call_hooks('list_permission_roles',$roles);
+
 		return $roles;
 	}
 

Zotlabs/Access/Permissions.php

@@ -67,7 +67,7 @@ class Permissions {
 			'post_comments' => t('Can comment on or like my posts'),
 			'post_mail'     => t('Can send me private mail messages'),
 			'post_like'     => t('Can like/dislike profiles and profile things'),
-			'tag_deliver'   => t('Can forward to all my channel connections via @+ mentions in posts'),
+			'tag_deliver'   => t('Can forward to all my channel connections via ! mentions in posts'),
 			'chat'          => t('Can chat with me'),
 			'republish'     => t('Can source my public posts in derived channels'),
 			'delegate'      => t('Can administer my channel')

Zotlabs/Daemon/Cron.php

@@ -50,14 +50,19 @@ class Cron {
 
 		// expire any expired items
 
-		$r = q("select id from item where expires > '2001-01-01 00:00:00' and expires < %s 
+		$r = q("select id,item_wall from item where expires > '2001-01-01 00:00:00' and expires < %s 
 			and item_deleted = 0 ",
 			db_utcnow()
 		);
 		if($r) {
 			require_once('include/items.php');
-			foreach($r as $rr)
-				drop_item($rr['id'],false);
+			foreach($r as $rr) {
+				drop_item($rr['id'],false,(($rr['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
+				if($rr['item_wall']) {
+					// The notifier isn't normally invoked unless item_drop is interactive.
+					Zotlabs\Daemon\Master::Summon( [ 'Notifier', 'drop', $rr['id'] ] );
+				}
+			}
 		}
 
 

Zotlabs/Daemon/Deliver.php

@@ -75,6 +75,8 @@ class Deliver {
 						q("delete from dreport where dreport_queue = '%s'",
 							dbesc($argv[$x])
 						);
+					
+						continue;
 					}
 				}
 

Zotlabs/Daemon/Expire.php

@@ -34,7 +34,8 @@ class Expire {
 
 		logger('expire: start', LOGGER_DEBUG);
 
-		$site_expire = get_config('system', 'default_expire_days');
+		$site_expire = intval(get_config('system', 'default_expire_days'));
+		$commented_days = intval(get_config('system','active_expire_days'));
 
 		logger('site_expire: ' . $site_expire);
 
@@ -64,7 +65,7 @@ class Expire {
 
 				// if the site or service class expiration is non-zero and less than person expiration, use that
 				logger('Expire: ' . $rr['channel_address'] . ' interval: ' . $expire_days, LOGGER_DEBUG);
-				item_expire($rr['channel_id'], $expire_days);
+				item_expire($rr['channel_id'], $expire_days, $commented_days);
 			}
 		}
 
@@ -85,7 +86,7 @@ class Expire {
 			logger('Expire: sys interval: ' . $expire_days, LOGGER_DEBUG);
 	
 			if ($expire_days)
-				item_expire($x['channel_id'], $expire_days);
+				item_expire($x['channel_id'], $expire_days, $commented_days);
 
 			logger('Expire: sys: done', LOGGER_DEBUG);
 		}

Zotlabs/Daemon/Poller.php

@@ -71,14 +71,18 @@ class Poller {
 
 		$randfunc = db_getfunc('RAND');
 	
-		$contacts = q("SELECT * FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash 
+		$contacts = q("SELECT abook.abook_updated, abook.abook_connected, abook.abook_feed,
+			abook.abook_channel, abook.abook_id, abook.abook_archived, abook.abook_pending,
+			abook.abook_ignored, abook.abook_blocked,
+			xchan.xchan_network,
+			account.account_lastlog, account.account_flags 
+			FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash 
 			LEFT JOIN account on abook_account = account_id
 			where abook_self = 0
 			$sql_extra 
 			AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY $randfunc",
 			intval(ACCOUNT_OK),
 			intval(ACCOUNT_UNVERIFIED)     // FIXME
-
 		);
 
 		if($contacts) {

Zotlabs/Lib/ActivityStreams.php

@@ -9,6 +9,7 @@ namespace Zotlabs\Lib;
  */
 class ActivityStreams {
 
+	public $raw    = null;
 	public $data;
 	public $valid  = false;
 	public $id     = '';
@@ -33,7 +34,9 @@ class ActivityStreams {
 	 */
 	function __construct($string) {
 
+		$this->raw  = $string;
 		$this->data = json_decode($string, true);
+
 		if($this->data) {
 			$this->valid = true;
 		}
@@ -204,7 +207,7 @@ class ActivityStreams {
 		}
 
 		$x = z_fetch_url($url, true, $redirects,
-			['headers' => [ 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json' ]]);
+			['headers' => [ 'Accept: application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"' ]]);
 		if($x['success'])
 			return json_decode($x['body'], true);
 

Zotlabs/Lib/Apps.php

@@ -13,7 +13,12 @@ require_once('include/channel.php');
 
 class Apps {
 
-	static public $installed_system_apps = null;
+	static public $available_apps = null;
+	static public $installed_apps = null;
+
+	static public $base_apps = null;
+
+
 
 	static public function get_system_apps($translate = true) {
 
@@ -45,6 +50,8 @@ class Apps {
 			}
 		}
 
+		call_hooks('get_system_apps',$ret);
+
 		return $ret;
 
 	}
@@ -53,22 +60,52 @@ class Apps {
 	static public function import_system_apps() {
 		if(! local_channel())
 			return;
+
+		self::$base_apps = get_config('system','base_apps',[ 
+			'Connections',
+			'Suggest Channels',
+			'Grid',
+			'Settings',
+			'Files',
+			'Channel Home',
+			'View Profile',
+			'Photos',
+			'Events',
+			'Directory',
+			'Search',
+			'Help',
+			'Mail',
+			'Profile Photo'
+		]);
+
 		$apps = self::get_system_apps(false);
 
-		self::$installed_system_apps = q("select * from app where app_system = 1 and app_channel = %d",
+		self::$available_apps = q("select * from app where app_channel = 0");
+
+		self::$installed_apps = q("select * from app where app_channel = %d",
 			intval(local_channel())
 		);
 
 		if($apps) {
 			foreach($apps as $app) {
 				$id = self::check_install_system_app($app);
+
+				// $id will be boolean true or false to install an app, or an integer id to update an existing app
+				if($id !== false) {
+					$app['uid'] = 0;
+					$app['guid'] = hash('whirlpool',$app['name']);
+					$app['system'] = 1;
+					self::app_install(0,$app);
+				}
+
+				$id = self::check_install_personal_app($app);
 				// $id will be boolean true or false to install an app, or an integer id to update an existing app
 				if($id === false)
 					continue;
 				if($id !== true) {
 					// if we already installed this app, but it changed, preserve any categories we created
-					$s = '';
-					$r = q("select * from term where otype = %d and oid = %d",
+					$s = EMPTY_STR;
+					$r = q("select term from term where otype = %d and oid = %d",
 						intval(TERM_OBJ_APP),
 						intval($id)
 					);
@@ -85,6 +122,7 @@ class Apps {
 				$app['guid'] = hash('whirlpool',$app['name']);
 				$app['system'] = 1;
 				self::app_install(local_channel(),$app);
+
 			}
 		}					
 	}
@@ -95,17 +133,22 @@ class Apps {
 	 */
 
 	static public function check_install_system_app($app) {
-		if((! is_array(self::$installed_system_apps)) || (! count(self::$installed_system_apps))) {
+		if((! is_array(self::$available_apps)) || (! count(self::$available_apps))) {
 			return true;
 		}
 		$notfound = true;
-		foreach(self::$installed_system_apps as $iapp) {
+		foreach(self::$available_apps as $iapp) {
 			if($iapp['app_id'] == hash('whirlpool',$app['name'])) {
 				$notfound = false;
-				if(($iapp['app_version'] != $app['version'])
+				if(($iapp['app_version'] !== $app['version'])
 					|| ($app['plugin'] && (! $iapp['app_plugin']))) {
 					return intval($iapp['app_id']);
 				}
+
+				if(($iapp['app_url'] !== $app['url'])
+					|| ($iapp['app_photo'] !== $app['photo'])) {
+					return intval($iapp['app_id']);
+				}
 			}
 		}
 
@@ -113,6 +156,31 @@ class Apps {
 	}
 
 
+	/**
+	 * Install the system app if no system apps have been installed, or if a new system app 
+	 * is discovered, or if the version of a system app changes.
+	 */
+
+
+
+	static public function check_install_personal_app($app) {
+		$installed = false;
+		foreach(self::$installed_apps as $iapp) {			
+			if($iapp['app_id'] == hash('whirlpool',$app['name'])) {
+				$installed = true;
+				if(($iapp['app_version'] != $app['version'])
+					|| ($app['plugin'] && (! $iapp['app_plugin']))) {
+					return intval($iapp['app_id']);
+				}
+			}
+		}
+		if(! $installed && in_array($app['name'],self::$base_apps)) {
+			return true;
+		}
+		return false;
+	}
+
+
 	static public function app_name_compare($a,$b) {
 		return strcasecmp($a['name'],$b['name']);
 	}
@@ -135,12 +203,11 @@ class Apps {
 		if($lines) {
 			foreach($lines as $x) {
 				if(preg_match('/^([a-zA-Z].*?):(.*?)$/ism',$x,$matches)) {
-					$ret[$matches[1]] = trim(str_replace(array('$baseurl','$nick'),array($baseurl,$address),$matches[2]));
+					$ret[$matches[1]] = trim($matches[2]);
 				}
 			}
 		}	
 
-
 		if(! $ret['photo'])
 			$ret['photo'] = $baseurl . '/' . get_default_profile_photo(80);
 
@@ -233,7 +300,6 @@ class Apps {
 			'View Bookmarks' => t('View Bookmarks'),
 			'My Chatrooms' => t('My Chatrooms'),
 			'Connections' => t('Connections'),
-			'Firefox Share' => t('Firefox Share'),
 			'Remote Diagnostics' => t('Remote Diagnostics'),
 			'Suggest Channels' => t('Suggest Channels'),
 			'Login' => t('Login'),
@@ -288,6 +354,7 @@ class Apps {
 		 * modes:
 		 *    view: normal mode for viewing an app via bbcode from a conversation or page
 		 *       provides install/update button if you're logged in locally
+		 *    install: like view but does not display app-bin options if they are present
 		 *    list: normal mode for viewing an app on the app page
 		 *       no buttons are shown
 		 *    edit: viewing the app page in editing mode provides a delete button
@@ -300,7 +367,7 @@ class Apps {
 			return;
 
 		if(! $papp['photo'])
-			$papp['photo'] = z_root() . '/' . get_default_profile_photo(80);
+			$papp['photo'] = 'icon:gear';
 
 		self::translate_system_apps($papp);
 
@@ -309,9 +376,24 @@ class Apps {
 
 		$papp['papp'] = self::papp_encode($papp);
 
+		// This will catch somebody clicking on a system "available" app that hasn't had the path macros replaced
+		// and they are allowed to see the app
+
+
+		if(strstr($papp['url'],'$baseurl') || strstr($papp['url'],'$nick') || strstr($papp['photo'],'$baseurl') || strstr($pap['photo'],'$nick')) {
+			$view_channel = local_channel();
+			if(! $view_channel) {
+				$sys = get_sys_channel();
+				$view_channel = $sys['channel_id'];
+			}
+			self::app_macros($view_channel,$papp); 
+		}
+
 		if(! strstr($papp['url'],'://'))
 			$papp['url'] = z_root() . ((strpos($papp['url'],'/') === 0) ? '' : '/') . $papp['url'];
 
+
+
 		foreach($papp as $k => $v) {
 			if(strpos($v,'http') === 0 && $k != 'papp') {
 				if(! (local_channel() && strpos($v,z_root()) === 0)) {
@@ -400,12 +482,15 @@ class Apps {
 			));
 		}
 
+		if($mode === 'install') {
+			$papp['embed'] = true;
+		}
 		return replace_macros(get_markup_template('app.tpl'),array(
 			'$app' => $papp,
 			'$icon' => $icon,
 			'$hosturl' => $hosturl,
 			'$purchase' => (($papp['page'] && (! $installed)) ? t('Purchase') : ''),
-			'$install' => (($hosturl && $mode == 'view') ? $install_action : ''),
+			'$install' => (($hosturl && in_array($mode, ['view','install'])) ? $install_action : ''),
 			'$edit' => ((local_channel() && $installed && $mode == 'edit') ? t('Edit') : ''),
 			'$delete' => ((local_channel() && $installed && $mode == 'edit') ? t('Delete') : ''),
 			'$undelete' => ((local_channel() && $installed && $mode == 'edit') ? t('Undelete') : ''),
@@ -468,21 +553,13 @@ class Apps {
 						intval(TERM_OBJ_APP),
 						intval($x[0]['id'])
 					);
-					if($x[0]['app_system']) {
-						$r = q("update app set app_deleted = 1 where app_id = '%s' and app_channel = %d",
-							dbesc($app['guid']),
-							intval($uid)
-						);
-					}
-					else {
-						$r = q("delete from app where app_id = '%s' and app_channel = %d",
-							dbesc($app['guid']),
-							intval($uid)
-						);
+					$r = q("delete from app where app_id = '%s' and app_channel = %d",
+						dbesc($app['guid']),
+						intval($uid)
+					);
 
-						// we don't sync system apps - they may be completely different on the other system
-						build_sync_packet($uid,array('app' => $x));
-					}
+					// we don't sync system apps - they may be completely different on the other system
+					build_sync_packet($uid,array('app' => $x));
 				}
 				else {
 					self::app_undestroy($uid,$app);
@@ -729,6 +806,29 @@ class Apps {
 	}
 
 
+	static public function app_macros($uid,&$arr) {
+
+		if(! intval($uid))
+			return;
+
+		$baseurl = z_root();
+		$channel = channelx_by_n($uid);
+		$address = (($channel) ? $channel['channel_address'] : '');
+		
+		//future expansion
+
+		$observer = \App::get_observer();
+	
+		$arr['url'] = str_replace(array('$baseurl','$nick'),array($baseurl,$address),$arr['url']);
+		$arr['photo'] = str_replace(array('$baseurl','$nick'),array($baseurl,$address),$arr['photo']);
+
+	}
+
+
+
+
+
+
 	static public function app_store($arr) {
 
 		//logger('app_store: ' . print_r($arr,true));
@@ -736,12 +836,20 @@ class Apps {
 		$darray = array();
 		$ret = array('success' => false);
 
+		$sys = get_sys_channel();
+
+		self::app_macros($arr['uid'],$arr);
+
 		$darray['app_url']     = ((x($arr,'url')) ? $arr['url'] : '');
 		$darray['app_channel'] = ((x($arr,'uid')) ? $arr['uid'] : 0);
 
-		if((! $darray['app_url']) || (! $darray['app_channel']))
+		if(! $darray['app_url'])
 			return $ret;
 
+		if((! $arr['uid']) && (! $arr['author'])) {
+			$arr['author'] = $sys['channel_hash'];
+		}
+
 		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
 			$x = import_xchan_photo($arr['photo'],get_observer_hash(),true);
 			$arr['photo'] = $x[1];
@@ -785,6 +893,7 @@ class Apps {
 			dbesc($darray['app_plugin']),
 			intval($darray['app_deleted'])
 		);
+
 		if($r) {
 			$ret['success'] = true;
 			$ret['app_id'] = $darray['app_id'];
@@ -815,11 +924,14 @@ class Apps {
 		$darray = array();
 		$ret = array('success' => false);
 
+		self::app_macros($arr['uid'],$arr);
+
+
 		$darray['app_url']     = ((x($arr,'url')) ? $arr['url'] : '');
 		$darray['app_channel'] = ((x($arr,'uid')) ? $arr['uid'] : 0);
 		$darray['app_id']      = ((x($arr,'guid')) ? $arr['guid'] : 0);
 
-		if((! $darray['app_url']) || (! $darray['app_channel']) || (! $darray['app_id']))
+		if((! $darray['app_url']) || (! $darray['app_id']))
 			return $ret;
 
 		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
@@ -871,6 +983,12 @@ class Apps {
 			dbesc($darray['app_id']),
 			intval($darray['app_channel'])
 		);
+
+		// if updating an embed app, don't mess with any existing categories.
+
+		if(array_key_exists('embed',$arr) && intval($arr['embed']) && (intval($darray['app_channel'])))
+			return $ret;
+
 		if($x) {
 			q("delete from term where otype = %d and oid = %d",
 				intval(TERM_OBJ_APP),
@@ -900,9 +1018,6 @@ class Apps {
 
 		$ret['type'] = 'personal';
 	
-		if($app['app_id'])
-			$ret['guid'] = $app['app_id'];
-
 		if($app['app_id'])
 			$ret['guid'] = $app['app_id'];
 

Zotlabs/Lib/Chatroom.php

@@ -266,7 +266,7 @@ class Chatroom {
 			intval($room_id),
 			dbesc($xchan),
 			dbesc(datetime_convert()),
-			dbesc($arr['chat_text'])
+			dbesc(str_rot47(base64url_encode($arr['chat_text'])))
 		);
 
 		$ret['success'] = true;

Zotlabs/Lib/Enotify.php

@@ -115,6 +115,9 @@ class Enotify {
 
 
 	$always_show_in_notices = get_pconfig($recip['channel_id'],'system','always_show_in_notices');
+	$vnotify = get_pconfig($recip['channel_id'],'system','vnotify');
+
+	$salutation = $recip['channel_name'];
 
 	// e.g. "your post", "David's photo", etc.
 	$possess_desc = t('%s <!item_type!>');
@@ -123,7 +126,7 @@ class Enotify {
 		logger('notification: mail');
 		$subject = 	sprintf( t('[$Projectname:Notify] New mail received at %s'),$sitename);
 
-		$preamble = sprintf( t('%1$s, %2$s sent you a new private message at %3$s.'),$recip['channel_name'], $sender['xchan_name'],$sitename);
+		$preamble = sprintf( t('%1$s sent you a new private message at %2$s.'), $sender['xchan_name'],$sitename);
 		$epreamble = sprintf( t('%1$s sent you %2$s.'),'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', '[zrl=$itemlink]' . t('a private message') . '[/zrl]');
 		$sitelink = t('Please visit %s to view and/or reply to your private messages.');
 		$tsitelink = sprintf( $sitelink, $siteurl . '/mail/' . $params['item']['id'] );
@@ -142,7 +145,7 @@ class Enotify {
 
 		if(array_key_exists('item',$params) && in_array($params['item']['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) {
 
-			if(! $always_show_in_notices) {
+			if(! $always_show_in_notices || !($vnotify & VNOTIFY_LIKE)) {
 				logger('notification: not a visible activity. Ignoring.');
 				pop_lang();
 				return;
@@ -195,8 +198,7 @@ class Enotify {
 		//$possess_desc = str_replace('<!item_type!>',$possess_desc);
 
 		// "a post"
-		$dest_str = sprintf(t('%1$s, %2$s %3$s [zrl=%4$s]a %5$s[/zrl]'),
-			$recip['channel_name'],
+		$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]a %4$s[/zrl]'),
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$action,
 			$itemlink,
@@ -204,8 +206,7 @@ class Enotify {
 
 		// "George Bull's post"
 		if($p)
-			$dest_str = sprintf(t('%1$s, %2$s %3$s [zrl=%4$s]%5$s\'s %6$s[/zrl]'),
-				$recip['channel_name'],
+			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]%4$s\'s %5$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$action,
 				$itemlink,
@@ -214,8 +215,7 @@ class Enotify {
 		
 		// "your post"
 		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
-			$dest_str = sprintf(t('%1$s, %2$s %3$s [zrl=%4$s]your %5$s[/zrl]'),
-				$recip['channel_name'],
+			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$action,
 				$itemlink,
@@ -230,7 +230,7 @@ class Enotify {
 			$subject = sprintf( t('[$Projectname:Notify] Moderated Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		else
 			$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); 
+		$preamble = sprintf( t('%1$s commented on an item/conversation you have been following.'), $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
@@ -249,7 +249,7 @@ class Enotify {
 		$itemlink =  $params['link'];
 
 		if (array_key_exists('item',$params) && (! activity_match($params['item']['verb'],ACTIVITY_LIKE))) {
-			if(! $always_show_in_notices) {
+			if(! $always_show_in_notices  || !($vnotify & VNOTIFY_LIKE)) {
 				logger('notification: not a visible activity. Ignoring.');
 				pop_lang();
 				return;
@@ -296,8 +296,7 @@ class Enotify {
 
 		// "your post"
 		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
-			$dest_str = sprintf(t('%1$s, %2$s liked [zrl=%3$s]your %4$s[/zrl]'),
-				$recip['channel_name'],
+			$dest_str = sprintf(t('%1$s liked [zrl=%2$s]your %3$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$itemlink,
 				$item_post_type);
@@ -312,7 +311,7 @@ class Enotify {
 		// differents subjects for messages on the same thread.
 
 		$subject = sprintf( t('[$Projectname:Notify] Like received to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s liked an item/conversation you created.'), $recip['channel_name'], $sender['xchan_name']); 
+		$preamble = sprintf( t('%1$s liked an item/conversation you created.'), $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
@@ -325,10 +324,9 @@ class Enotify {
 	if($params['type'] == NOTIFY_WALL) {
 		$subject = sprintf( t('[$Projectname:Notify] %s posted to your profile wall') , $sender['xchan_name']);
 
-		$preamble = sprintf( t('%1$s, %2$s posted to your profile wall at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
+		$preamble = sprintf( t('%1$s posted to your profile wall at %2$s') , $sender['xchan_name'], $sitename);
 
-		$epreamble = sprintf( t('%1$s, %2$s posted to [zrl=%3$s]your wall[/zrl]') ,
-			$recip['channel_name'], 
+		$epreamble = sprintf( t('%1$s posted to [zrl=%2$s]your wall[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$params['link']); 
 
@@ -352,9 +350,8 @@ class Enotify {
 		}
 	
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged you') , $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s tagged you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
-		$epreamble = sprintf( t('%1$s, %2$s [zrl=%3$s]tagged you[/zrl].') ,
-			$recip['channel_name'],
+		$preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename);
+		$epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$params['link']); 
 
@@ -366,9 +363,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_POKE) {
 		$subject =	sprintf( t('[$Projectname:Notify] %1$s poked you') , $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s poked you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
-		$epreamble = sprintf( t('%1$s, %2$s [zrl=%2$s]poked you[/zrl].') ,
-			$recip['channel_name'], 
+		$preamble = sprintf( t('%1$s poked you at %2$s') , $sender['xchan_name'], $sitename);
+		$epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$params['link']); 
 
@@ -384,9 +380,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_TAGSHARE) {
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged your post') , $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s tagged your post at %3$s') , $recip['channel_name'],$sender['xchan_name'], $sitename);
-		$epreamble = sprintf( t('%1$s, %2$s tagged [zrl=%3$s]your post[/zrl]') ,
-			$recip['channel_name'],
+		$preamble = sprintf( t('%1$s tagged your post at %2$s'),$sender['xchan_name'], $sitename);
+		$epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$itemlink); 
 
@@ -398,9 +393,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_INTRO) {
 		$subject = sprintf( t('[$Projectname:Notify] Introduction received'));
-		$preamble = sprintf( t('%1$s, you\'ve received an new connection request from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); 
-		$epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a new connection request[/zrl] from %3$s.'),
-			$recip['channel_name'],
+		$preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a new connection request[/zrl] from %2$s.'),
 			$siteurl . '/connections/ifpending',
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
 		$body = sprintf( t('You may visit their profile at %s'),$sender['xchan_url']);
@@ -413,9 +407,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_SUGGEST) {
 		$subject = sprintf( t('[$Projectname:Notify] Friend suggestion received'));
-		$preamble = sprintf( t('%1$s, you\'ve received a friend suggestion from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); 
-		$epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a friend suggestion[/zrl] for %3$s from %4$s.'),
-			$recip['channel_name'],
+		$preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'),
 			$itemlink,
 			'[zrl=' . $params['item']['url'] . ']' . $params['item']['name'] . '[/zrl]',
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
@@ -664,7 +657,7 @@ class Enotify {
 			'$banner'       => $datarray['banner'],
 			'$notify_icon'  => \Zotlabs\Lib\System::get_notify_icon(),
 			'$product'      => $datarray['product'],
-			'$preamble'     => $datarray['preamble'],
+			'$preamble'     => $salutation . '<br><br>' . $datarray['preamble'],
 			'$sitename'     => $datarray['sitename'],
 			'$siteurl'      => $datarray['siteurl'],
 			'$source_name'  => $datarray['source_name'],
@@ -686,7 +679,7 @@ class Enotify {
 		$email_text_body = replace_macros($tpl, array(
 			'$banner'       => $datarray['banner'],
 			'$product'      => $datarray['product'],
-			'$preamble'     => $datarray['preamble'],
+			'$preamble'     => $salutation . "\n\n" . $datarray['preamble'],
 			'$sitename'     => $datarray['sitename'],
 			'$siteurl'      => $datarray['siteurl'],
 			'$source_name'  => $datarray['source_name'],
@@ -754,8 +747,8 @@ class Enotify {
 
 		// generate a mime boundary
 		$mimeBoundary = rand(0, 9) . "-"
-				.rand(10000000000, 9999999999) . "-"
-				.rand(10000000000, 9999999999) . "=:"
+				.rand(100000000, 999999999) . "-"
+				.rand(100000000, 999999999) . "=:"
 				.rand(10000, 99999);
 
 		// generate a multipart/alternative message header

Zotlabs/Lib/MessageFilter.php

@@ -0,0 +1,79 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+
+
+class MessageFilter {
+
+
+	static public function evaluate($item,$incl,$excl) {
+
+		require_once('include/html2plain.php');
+
+		unobscure($item);
+
+		$text = prepare_text($item['body'],$item['mimetype']);
+		$text = html2plain(($item['title']) ? $item['title'] . ' ' . $text : $text);
+
+
+		$lang = null;
+
+		if((strpos($incl,'lang=') !== false) || (strpos($excl,'lang=') !== false)) {
+			$lang = detect_language($text);
+		}
+
+		$tags = ((is_array($item['term']) && count($item['term'])) ? $item['term'] : false);
+
+		// exclude always has priority
+
+		$exclude = (($excl) ? explode("\n",$excl) : null);
+
+		if($exclude) {
+			foreach($exclude as $word) {
+				$word = trim($word);
+				if(! $word)
+					continue;
+				if(substr($word,0,1) === '#' && $tags) {
+					foreach($tags as $t)
+						if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*')))
+							return false;
+				}
+				elseif((strpos($word,'/') === 0) && preg_match($word,$text))
+					return false;
+				elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0))
+					return false;
+				elseif(stristr($text,$word) !== false)
+					return false;
+			}
+		}
+
+		$include = (($incl) ? explode("\n",$incl) : null);
+
+		if($include) {
+			foreach($include as $word) {
+				$word = trim($word);
+				if(! $word)
+					continue;
+				if(substr($word,0,1) === '#' && $tags) {
+					foreach($tags as $t)
+						if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*')))
+							return true;
+				}
+				elseif((strpos($word,'/') === 0) && preg_match($word,$text))
+					return true;
+				elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0))
+					return true;
+				elseif(stristr($text,$word) !== false)
+					return true;
+			}
+		}
+		else {
+			return true;
+		}
+
+		return false;
+	}
+
+
+}

Zotlabs/Lib/NativeWiki.php

@@ -171,16 +171,23 @@ class NativeWiki {
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
 			dbesc($resource_id)
 		);
+
 		if($r) {
 			$q = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s'",
-				dbesc($r[0]['resource_type'])
+				dbesc($r[0]['resource_id'])
 			);
 			if($q) {
 				$r = array_merge($r,$q);
 			}
 			xchan_query($r);
 			$sync_item = fetch_post_tags($r);
-			build_sync_packet($uid,array('wiki' => array(encode_item($sync_item[0],true))));
+			if($sync_item) {
+				$pkt = [];
+				foreach($sync_item as $w) {
+					$pkt[] = encode_item($w,true);
+				}
+				build_sync_packet($uid,array('wiki' => $pkt));
+			}
 		}
 	}
 

Zotlabs/Lib/Share.php

@@ -107,7 +107,7 @@ class Share {
 	}
 
 	public function bbcode() {
-		$bb = NULL_STR;
+		$bb = EMPTY_STR;
 
 		if(! $this->item)
 			return $bb;
@@ -123,11 +123,13 @@ class Share {
 			$bb = substr($this->item['body'], $pos);
 		} else {
 			$bb = "[share author='".urlencode($this->item['author']['xchan_name']).
-				"' profile='".$this->item['author']['xchan_url'] .
-				"' avatar='".$this->item['author']['xchan_photo_s'].
-				"' link='".$this->item['plink'].
-				"' posted='".$this->item['created'].
-				"' message_id='".$this->item['mid']."']";
+				"' profile='"    . $this->item['author']['xchan_url'] .
+				"' avatar='"     . $this->item['author']['xchan_photo_s'] .
+				"' link='"       . $this->item['plink'] .
+				"' auth='"       . (($this->item['author']['network'] === 'zot') ? 'true' : 'false') .
+				"' posted='"     . $this->item['created'] .
+				"' message_id='" . $this->item['mid'] .
+			"']";
 			if($this->item['title'])
 				$bb .= '[b]'.$this->item['title'].'[/b]'."\r\n";
 			$bb .= (($is_photo) ? $photo_bb . "\r\n" . $this->item['body'] : $this->item['body']);
@@ -138,4 +140,4 @@ class Share {
 
 	}
 
-}
+}

Zotlabs/Lib/System.php

@@ -54,7 +54,7 @@ class System {
 	static public function get_project_srclink() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['project_srclink'])
 			return \App::$config['system']['project_srclink'];
-		return 'https://github.com/redmatrix/hubzilla';
+		return 'https://framagit.org/hubzilla/core.git';
 	}
 
 	static public function get_server_role() {

Zotlabs/Lib/ThreadItem.php

@@ -102,6 +102,13 @@ class ThreadItem {
 		if($item['author']['xchan_network'] === 'rss')
 			$shareable = true;
 
+		$privacy_warning = false;
+		if(($item['item_private'] == 1) && ($item['owner']['xchan_network'] === 'activitypub')) {
+			$recips = get_iconfig($item['parent'], 'activitypub', 'recips');
+
+			if(! in_array($observer['xchan_url'], $recips['to']))
+				$privacy_warning = true;
+		}
 
 		$mode = $conv->get_mode();
 
@@ -141,6 +148,10 @@ class ThreadItem {
 				'delete' => t('Delete'),
 			);
 		}		
+		elseif(is_site_admin()) {
+			$drop = [ 'dropping' => true, 'delete' => t('Admin Delete') ];
+		}
+
 // FIXME
 		if($observer_is_pageowner) {		
 			$multidrop = array(
@@ -232,16 +243,9 @@ class ThreadItem {
 			// FIXME check this permission
 			if(($conv->get_profile_owner() == local_channel()) && (! array_key_exists('real_uid',$item))) {
 
-// FIXME we don't need all this stuff, some can be done in the template
-
 				$star = array(
-					'do' => t("Add Star"),
-					'undo' => t("Remove Star"),
 					'toggle' => t("Toggle Star Status"),
-					'classdo' => (intval($item['item_starred']) ? "hidden" : ""),
-					'classundo' => (intval($item['item_starred']) ? "" : "hidden"),
-					'isstarred' => (intval($item['item_starred']) ? "starred fa-star" : "unstarred fa-star-o"),
-					'starred' =>  t('starred'),
+					'isstarred' => ((intval($item['item_starred'])) ? true : false),
 				);
 
 			}
@@ -366,6 +370,7 @@ class ThreadItem {
 			'editedtime' => (($item['edited'] != $item['created']) ? sprintf( t('last edited: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['edited'], 'r')) : ''),
 			'expiretime' => (($item['expires'] > NULL_DATE) ? sprintf( t('Expires: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['expires'], 'r')):''),
 			'lock' => $lock,
+			'privacy_warning' => $privacy_warning,
 			'verified' => $verified,
 			'unverified' => $unverified,
 			'forged' => $forged,
@@ -733,6 +738,8 @@ class ThreadItem {
 		$arr = array('comment_buttons' => '','id' => $this->get_id());
 		call_hooks('comment_buttons',$arr);
 		$comment_buttons = $arr['comment_buttons'];
+		
+		$feature_auto_save_draft = ((feature_enabled($conv->get_profile_owner(), 'auto_save_draft')) ? "true" : "false");
 
 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
@@ -754,7 +761,7 @@ class ThreadItem {
 			'$edquote' => t('Quote'),
 			'$edcode' => t('Code'),
 			'$edimg' => t('Image'),
-			'$edatt' => t('Attach File'),
+			'$edatt' => t('Attach/Upload file'),
 			'$edurl' => t('Insert Link'),
 			'$edvideo' => t('Video'),
 			'$preview' => t('Preview'), // ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''),
@@ -768,7 +775,8 @@ class ThreadItem {
 			'$anoncomments' => ((($conv->get_mode() === 'channel' || $conv->get_mode() === 'display') && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
 			'$anonname' => [ 'anonname', t('Your full name (required)') ],
 			'$anonmail' => [ 'anonmail', t('Your email address (required)') ],
-			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ]
+			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ],
+			'$auto_save_draft' => $feature_auto_save_draft,
 		));
 
 		return $comment_box;

Zotlabs/Module/Acl.php

@@ -24,7 +24,7 @@ class Acl extends \Zotlabs\Web\Controller {
 
 	function init() {
 
-		logger('mod_acl: ' . print_r($_REQUEST,true));
+		// logger('mod_acl: ' . print_r($_GET,true),LOGGER_DATA);
 
 		$start    = (x($_REQUEST,'start')  ? $_REQUEST['start']  : 0);
 		$count    = (x($_REQUEST,'count')  ? $_REQUEST['count']  : 500);
@@ -82,7 +82,7 @@ class Acl extends \Zotlabs\Web\Controller {
 
 		if($search) {
 			$sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
-			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
+			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
 	
 			// This horrible mess is needed because position also returns 0 if nothing is found. 
 			// Would be MUCH easier if it instead returned a very large value
@@ -92,10 +92,9 @@ class Acl extends \Zotlabs\Web\Controller {
 			$order_extra2 = "CASE WHEN xchan_name LIKE " 
 					. protect_sprintf( "'%" . dbesc($search) . "%'" ) 
 					. " then POSITION('" . protect_sprintf(dbesc($search)) 
-					. "' IN xchan_name) else position('" . protect_sprintf(dbesc($search)) . "' IN xchan_addr) end, ";
+					. "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, ";
 
-			$col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' );
-			$sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
+			$sql_extra3 = "AND ( xchan_addr like " . protect_sprintf( "'%" . dbesc(punify($search)) . "%'" ) . " OR xchan_name like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ) ";
 	
 		}
 		else {
@@ -268,15 +267,15 @@ class Acl extends \Zotlabs\Web\Controller {
 					});
 				}
 			}
-			if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_channel(),'system','taganyone'))) {
-				if((count($r) < 100) && $type == 'c') {
-					$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self 
-						FROM xchan 
-						WHERE xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" 
-					);
-					if($r2)
-						$r = array_merge($r,$r2);
-				}
+			if((count($r) < 100) && $type == 'c') {
+				$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self 
+					FROM xchan 
+					WHERE xchan_deleted = 0 and not xchan_network  in ('rss','anon','unknown') $sql_extra2 order by $order_extra2 xchan_name asc" 
+				);
+				if($r2) {
+					$r = array_merge($r,$r2);
+					$r = unique_multidim_array($r,'hash');
+				}		
 			}
 		}
 		elseif($type == 'm') {
@@ -337,24 +336,23 @@ class Acl extends \Zotlabs\Web\Controller {
 		if($r) {
 			foreach($r as $g) {
 	
-				if(($g['network'] === 'rss') && ($type != 'a'))
+				if(in_array($g['network'],['rss','anon','unknown']) && ($type != 'a'))
 					continue;
 
 				$g['hash'] = urlencode($g['hash']);
 				
 				if(! $g['nick']) {
-					$t = explode(' ',strtolower($g['name']));
-					$g['nick'] = $t[0] . '@';
+					$g['nick'] = $g['url'];
 				}
 
-				if(in_array($g['hash'],$permitted) && in_array($type, [ 'c', 'f' ]) && (! $noforums)) {
+				if(in_array($g['hash'],$permitted) && $type === 'f' && (! $noforums)) {
 					$contacts[] = array(
 						"type"     => "c",
 						"photo"    => "images/twopeople.png",
-						"name"     => $g['name'] . (($type === 'f') ? '' : '+'),
-						"id"	   => urlencode($g['id']) . (($type === 'f') ? '' : '+'),
+						"name"     => $g['name'],
+						"id"	   => urlencode($g['id']),
 						"xid"      => $g['hash'],
-						"link"     => $g['nick'],
+						"link"     => (($g['nick']) ? $g['nick'] : $g['url']),
 						"nick"     => substr($g['nick'],0,strpos($g['nick'],'@')),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
 						"taggable" => 'taggable',
@@ -368,8 +366,8 @@ class Acl extends \Zotlabs\Web\Controller {
 						"name"     => $g['name'],
 						"id"	   => urlencode($g['id']),
 						"xid"      => $g['hash'],
-						"link"     => $g['nick'],
-						"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
+						"link"     => (($g['nick']) ? $g['nick'] : $g['url']),
+						"nick"     => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
 						"taggable" => '',
 						"label"    => '',
@@ -435,7 +433,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		$count = (x($_REQUEST,'count') ?  $_REQUEST['count'] : 100);
 		if($url) {
 			$query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : '');
-			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : '');
+			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : '');
 	
 			$x = z_fetch_url($query);
 			if($x['success']) {

Zotlabs/Module/Admin.php

@@ -100,8 +100,12 @@ class Admin extends \Zotlabs\Web\Controller {
 		}
 
 		// pending registrations
-		$r = q("SELECT COUNT(id) AS rtotal FROM register WHERE uid != '0'");
-		$pending = $r[0]['rtotal'];
+
+		$pdg = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d ) > 0 ",
+			intval(ACCOUNT_PENDING)
+		);
+
+		$pending = (($pdg) ? count($pdg) : 0);
 
 		// available channels, primary and clones
 		$channels = array();
@@ -140,7 +144,7 @@ class Admin extends \Zotlabs\Web\Controller {
 			'$accounts' => array( t('Registered accounts'), $accounts),
 			'$pending'  => array( t('Pending registrations'), $pending),
 			'$channels' => array( t('Registered channels'), $channels),
-			'$plugins'  => array( t('Active plugins'), $plugins ),
+			'$plugins'  => array( t('Active addons'), $plugins ),
 			'$version'  => array( t('Version'), STD_VERSION),
 			'$vmaster'  => array( t('Repository version (master)'), $vmaster),
 			'$vdev'     => array( t('Repository version (dev)'), $vdev),

Zotlabs/Module/Admin/Accounts.php

@@ -133,12 +133,13 @@ class Accounts {
 
 		$base = z_root() . '/admin/accounts?f=';
 		$odir = (($dir === 'asc') ? '0' : '1');
-	
+
 		$users = q("SELECT account_id , account_email, account_lastlog, account_created, account_expires, account_service_class, ( account_flags & %d ) > 0 as blocked, 
 			(SELECT %s FROM channel as ch WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as channels FROM account as ac 
-			where true $serviceclass order by $key $dir limit %d offset %d ",
+			where true $serviceclass and account_flags != %d order by $key $dir limit %d offset %d ",
 			intval(ACCOUNT_BLOCKED),
 			db_concat('ch.channel_address', ' '),
+			intval(ACCOUNT_BLOCKED | ACCOUNT_PENDING),
 			intval(\App::$pager['itemspage']),
 			intval(\App::$pager['start'])
 		);
@@ -203,4 +204,4 @@ class Accounts {
 	}
 	
 
-}
+}

Zotlabs/Module/Admin/Addons.php

@@ -2,10 +2,10 @@
 
 namespace Zotlabs\Module\Admin;
 
-use \Zotlabs\Storage\GitRepo as GitRepo;
+use \Zotlabs\Storage\GitRepo;
 use \Michelf\MarkdownExtra;
 
-class Plugins {
+class Addons {
 
 	/**
 	 * @brief
@@ -20,7 +20,7 @@ class Plugins {
 				$func($a);
 			}
 
-			goaway(z_root() . '/admin/plugins/' . argv(2) );
+			goaway(z_root() . '/admin/addons/' . argv(2) );
 		}
 		elseif(argc() > 2) {
 			switch(argv(2)) {
@@ -243,7 +243,7 @@ class Plugins {
 	}
 
 	/**
-	 * @brief Plugins admin page.
+	 * @brief Addons admin page.
 	 *
 	 * @return string with parsed HTML
 	 */
@@ -278,7 +278,7 @@ class Plugins {
 			$info['disabled'] = 1-intval($x);
 
 			if (x($_GET,"a") && $_GET['a']=="t"){
-				check_form_security_token_redirectOnErr('/admin/plugins', 'admin_plugins', 't');
+				check_form_security_token_redirectOnErr('/admin/addons', 'admin_addons', 't');
 				$pinstalled = false;
 				// Toggle plugin status
 				$idx = array_search($plugin, \App::$plugins);
@@ -298,9 +298,9 @@ class Plugins {
 				if($pinstalled) {
 					@require_once("addon/$plugin/$plugin.php");
 					if(function_exists($plugin.'_plugin_admin'))
-						goaway(z_root() . '/admin/plugins/' . $plugin);
+						goaway(z_root() . '/admin/addons/' . $plugin);
 				}
-				goaway(z_root() . '/admin/plugins' );
+				goaway(z_root() . '/admin/addons' );
 			}
 
 			// display plugin details
@@ -339,7 +339,7 @@ class Plugins {
 			$t = get_markup_template('admin_plugins_details.tpl');
 			return replace_macros($t, array(
 				'$title' => t('Administration'),
-				'$page' => t('Plugins'),
+				'$page' => t('Addons'),
 				'$toggle' => t('Toggle'),
 				'$settings' => t('Settings'),
 				'$baseurl' => z_root(),
@@ -358,11 +358,11 @@ class Plugins {
 				'$disabled' => t('Disabled - version incompatibility'),
 
 				'$admin_form' => $admin_form,
-				'$function' => 'plugins',
+				'$function' => 'addons',
 				'$screenshot' => '',
 				'$readme' => $readme,
 
-				'$form_security_token' => get_form_security_token('admin_plugins'),
+				'$form_security_token' => get_form_security_token('admin_addons'),
 			));
 		}
 
@@ -407,11 +407,11 @@ class Plugins {
 
 		$admin_plugins_add_repo_form= replace_macros(
 			get_markup_template('admin_plugins_addrepo.tpl'), array(
-				'$post' => 'admin/plugins/addrepo',
-				'$desc' => t('Enter the public git repository URL of the plugin repo.'),
-				'$repoURL' => array('repoURL', t('Plugin repo git URL'), '', ''),
+				'$post' => 'admin/addons/addrepo',
+				'$desc' => t('Enter the public git repository URL of the addon repo.'),
+				'$repoURL' => array('repoURL', t('Addon repo git URL'), '', ''),
 				'$repoName' => array('repoName', t('Custom repo name'), '', '', t('(optional)')),
-				'$submit' => t('Download Plugin Repo')
+				'$submit' => t('Download Addon Repo')
 			)
 		);
 		$newRepoModalID = random_string(3);
@@ -434,17 +434,17 @@ class Plugins {
 		$t = get_markup_template('admin_plugins.tpl');
 		return replace_macros($t, array(
 			'$title' => t('Administration'),
-			'$page' => t('Plugins'),
+			'$page' => t('Addons'),
 			'$submit' => t('Submit'),
 			'$baseurl' => z_root(),
-			'$function' => 'plugins',
+			'$function' => 'addons',
 			'$plugins' => $plugins,
 			'$disabled' => t('Disabled - version incompatibility'),
-			'$form_security_token' => get_form_security_token('admin_plugins'),
+			'$form_security_token' => get_form_security_token('admin_addons'),
 			'$allowManageRepos' => $allowManageRepos,
 			'$managerepos' => t('Manage Repos'),
-			'$installedtitle' => t('Installed Plugin Repositories'),
-			'$addnewrepotitle' =>	t('Install a New Plugin Repository'),
+			'$installedtitle' => t('Installed Addon Repositories'),
+			'$addnewrepotitle' =>	t('Install a New Addon Repository'),
 			'$expandform' => false,
 			'$form' => $admin_plugins_add_repo_form,
 			'$newRepoModal' => $newRepoModal,

Zotlabs/Module/Admin/Security.php

@@ -16,7 +16,13 @@ class Security {
 
 		$block_public         = ((x($_POST,'block_public'))		? True	: False);
 		set_config('system','block_public',$block_public);
-	
+
+		$cloud_noroot         = ((x($_POST,'cloud_noroot'))		? 1	: 0);
+		set_config('system','cloud_disable_siteroot',1 - $cloud_noroot);
+
+		$cloud_disksize       = ((x($_POST,'cloud_disksize'))	? 1	: 0);
+		set_config('system','cloud_report_disksize',$cloud_disksize);
+
 		$ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
 		set_config('system','whitelisted_sites',$ws);
 	
@@ -87,6 +93,8 @@ class Security {
 			'$page' => t('Security'),
 			'$form_security_token' => get_form_security_token('admin_security'),
 	        '$block_public'     => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
+			'$cloud_noroot'     => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ], 
+			'$cloud_disksize'     => [ 'cloud_disksize', t('Show total disk space available to cloud uploads'), intval(get_config('system','cloud_report_disksize')), '' ],
 			'$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(get_config('system','transport_security_header')),''),
 			'$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(get_config('system','content_security_policy')),''),
 			'$allowed_email'	=> array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")),

Zotlabs/Module/Admin/Site.php

@@ -38,7 +38,12 @@ class Site {
 		$site_sellpage		=	((x($_POST,'site_sellpage'))	? notags(trim($_POST['site_sellpage']))		: '');
 		$site_location		=	((x($_POST,'site_location'))	? notags(trim($_POST['site_location']))		: '');
 		$frontpage			=	((x($_POST,'frontpage'))	? notags(trim($_POST['frontpage']))		: '');
-		$firstpage		    =	((x(trim($_POST,'firstpage')))	? notags(trim($_POST['firstpage']))		: 'profiles');
+		$firstpage		    =	((x($_POST,'firstpage'))	? notags(trim($_POST['firstpage']))		: 'profiles');
+		$first_page		    =	((x($_POST,'first_page'))	? notags(trim($_POST['first_page']))		: 'profiles');
+		// check value after trim
+		if(! $first_page) {
+			$first_page = 'profiles';
+		}
 		$mirror_frontpage	=	((x($_POST,'mirror_frontpage'))	? intval(trim($_POST['mirror_frontpage']))		: 0);
 		$directory_server	=	((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : '');
 		$allowed_sites		=	((x($_POST,'allowed_sites'))	? notags(trim($_POST['allowed_sites']))		: '');
@@ -51,6 +56,7 @@ class Site {
 		$global_directory     = ((x($_POST,'directory_submit_url'))	? notags(trim($_POST['directory_submit_url']))	: '');
 		$no_community_page    = !((x($_POST,'no_community_page'))	? True	:	False);
 		$default_expire_days  = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0);
+		$active_expire_days  = ((array_key_exists('active_expire_days',$_POST)) ? intval($_POST['active_expire_days']) : 7);
 
 		$reply_address      = ((array_key_exists('reply_address',$_POST) && trim($_POST['reply_address'])) ? trim($_POST['reply_address']) : 'noreply@' . \App::get_hostname());
 		$from_email         = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname());
@@ -70,6 +76,10 @@ class Site {
 		$imagick_path      = ((x($_POST,'imagick_path'))     ? trim($_POST['imagick_path'])   : '');
 		$thumbnail_security  = ((x($_POST,'thumbnail_security'))     ? intval($_POST['thumbnail_security'])   : 0);
 		$force_queue       = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue'])   : 3000);
+		$pub_incl = escape_tags(trim($_POST['pub_incl']));
+		$pub_excl = escape_tags(trim($_POST['pub_excl']));
+
+		$permissions_role = escape_tags(trim($_POST['permissions_role']));
 
 		$techlevel         = null;
 		if(array_key_exists('techlevel', $_POST))
@@ -82,7 +92,7 @@ class Site {
 		set_config('system', 'maxloadavg', $maxloadavg);
 		set_config('system', 'frontpage', $frontpage);
 		set_config('system', 'sellpage', $site_sellpage);
-		set_config('system', 'workflow_channel_next', $firstpage);
+		set_config('system', 'workflow_channel_next', $first_page);
 		set_config('system', 'site_location', $site_location);
 		set_config('system', 'mirror_frontpage', $mirror_frontpage);
 		set_config('system', 'sitename', $sitename);
@@ -90,11 +100,15 @@ class Site {
 		set_config('system', 'enable_context_help', $enable_context_help);
 		set_config('system', 'verify_email', $verify_email);
 		set_config('system', 'default_expire_days', $default_expire_days);
+		set_config('system', 'active_expire_days', $active_expire_days);
 		set_config('system', 'reply_address', $reply_address);
 		set_config('system', 'from_email', $from_email);
 		set_config('system', 'from_email_name' , $from_email_name);
 		set_config('system', 'imagick_convert_path' , $imagick_path);
 		set_config('system', 'thumbnail_security' , $thumbnail_security);
+		set_config('system', 'default_permissions_role', $permissions_role);
+		set_config('system', 'pubstream_incl',$pub_incl);
+		set_config('system', 'pubstream_excl',$pub_excl);
 
 		set_config('system', 'techlevel_lock', $techlevel_lock);
 
@@ -279,6 +293,12 @@ class Site {
 			'5' => t('Wizard - I probably know more than you do')
 		];
 
+		$perm_roles = \Zotlabs\Access\PermissionRoles::roles();
+		$default_role = get_config('system','default_permissions_role','social');
+
+		$role = array('permissions_role' , t('Default permission role for new accounts'), $default_role, t('This role will be used for the first channel created after registration.'),$perm_roles);
+
+
 		$homelogin = get_config('system','login_on_homepage');
 		$enable_context_help = get_config('system','enable_context_help');
 
@@ -314,6 +334,7 @@ class Site {
 			'$minimum_age'		=> array('minimum_age', t("Minimum age"), (x(get_config('system','minimum_age'))?get_config('system','minimum_age'):13), t("Minimum age (in years) for who may register on this site.")),
 			'$access_policy'	=> array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), "This is displayed on the public server site list.", $access_choices),
 			'$register_text'	=> array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")),
+			'$role'         => $role,
 			'$frontpage'	=> array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'public' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")),
 			'$mirror_frontpage'	=> array('mirror_frontpage', t("Preserve site homepage URL"), get_config('system','mirror_frontpage'), t('Present the site homepage in a frame at the original location instead of redirecting')),
 			'$abandon_days'     => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')),
@@ -323,6 +344,10 @@ class Site {
 			'$disable_discover_tab'	=> array('disable_discover_tab', t('Import Public Streams'), $discover_tab, t('Import and allow access to public content pulled from other sites. Warning: this content is unmoderated.')),
 			'$site_firehose'	=> array('site_firehose', t('Site only Public Streams'), get_config('system','site_firehose'), t('Allow access to public content originating only from this site if Imported Public Streams are disabled.')),
 			'$open_pubstream'	=> array('open_pubstream', t('Allow anybody on the internet to access the Public streams'), get_config('system','open_pubstream',1), t('Disable to require authentication before viewing. Warning: this content is unmoderated.')),
+			'$incl'           => array('pub_incl',t('Only import Public stream posts with this text'), get_config('system','pubstream_incl'),t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')),
+			'$excl'           => array('pub_excl',t('Do not import Public stream posts with this text'), get_config('system','pubstream_excl'),t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')),
+
+
 			'$login_on_homepage'	=> array('login_on_homepage', t("Login on Homepage"),((intval($homelogin) || $homelogin === false) ? 1 : '') , t("Present a login box to visitors on the home page if no other content has been configured.")),
 			'$enable_context_help'	=> array('enable_context_help', t("Enable context help"),((intval($enable_context_help) === 1 || $enable_context_help === false) ? 1 : 0) , t("Display contextual help for the current page when the help button is pressed.")),
 
@@ -343,9 +368,10 @@ class Site {
 			'$thumbnail_security'			=> array('thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.")),
 			'$maxloadavg'			=> array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")),
 			'$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')),
+			'$active_expire_days' => array('active_expire_days', t('Do not expire any posts which have comments less than this many days ago'), intval(get_config('system','active_expire_days',7)), ''),
 
 			'$sellpage' => array('site_sellpage', t('Public servers: Optional landing (marketing) webpage for new registrants'), get_config('system','sellpage',''), sprintf( t('Create this page first. Default is %s/register'),z_root())),
-			'$firstpage' => array('firstpage', t('Page to display after creating a new channel'), get_config('system','workflow_channel_next','profiles'), t('Recommend: profiles, go, or settings')),
+			'$first_page' => array('first_page', t('Page to display after creating a new channel'), get_config('system','workflow_channel_next','profiles'), t('Default: profiles')),
 
 			'$location' => array('site_location', t('Optional: site location'), get_config('system','site_location',''), t('Region or country')),
 

Zotlabs/Module/Appman.php

@@ -25,6 +25,7 @@ class Appman extends \Zotlabs\Web\Controller {
 				'photo' => escape_tags($_REQUEST['photo']),
 				'version' => escape_tags($_REQUEST['version']),
 				'price' => escape_tags($_REQUEST['price']),
+				'page' => escape_tags($_REQUEST['page']),
 				'requires' => escape_tags($_REQUEST['requires']),
 				'system' => intval($_REQUEST['system']),
 				'plugin' => escape_tags($_REQUEST['plugin']),

Zotlabs/Module/Apps.php

@@ -15,6 +15,8 @@ class Apps extends \Zotlabs\Web\Controller {
 		else
 			$mode = 'list';
 
+		$available = ((argc() == 2 && argv(1) === 'available') ? true : false);
+
 		$_SESSION['return_url'] = \App::$query_string;
 	
 		$apps = array();
@@ -23,7 +25,7 @@ class Apps extends \Zotlabs\Web\Controller {
 			Zlib\Apps::import_system_apps();
 			$syslist = array();
 			$cat = ((array_key_exists('cat',$_GET) && $_GET['cat']) ? [ escape_tags($_GET['cat']) ] : '');
-			$list = Zlib\Apps::app_list(local_channel(), (($mode == 'edit') ? true : false), $cat);
+			$list = Zlib\Apps::app_list((($available) ? 0 : local_channel()), (($mode == 'edit') ? true : false), $cat);
 			if($list) {
 				foreach($list as $x) {
 					$syslist[] = Zlib\Apps::app_encode($x);
@@ -39,7 +41,7 @@ class Apps extends \Zotlabs\Web\Controller {
 	//	logger('apps: ' . print_r($syslist,true));
 	
 		foreach($syslist as $app) {
-			$apps[] = Zlib\Apps::app_render($app,$mode);
+			$apps[] = Zlib\Apps::app_render($app,(($available) ? 'install' : $mode));
 		}
 
 		return replace_macros(get_markup_template('myapps.tpl'), array(
@@ -48,7 +50,7 @@ class Apps extends \Zotlabs\Web\Controller {
 			'$title' => t('Apps'),
 			'$apps' => $apps,
 			'$authed' => ((local_channel()) ? true : false),
-			'$manage' => t('Manage apps'),
+			'$manage' => (($available) ? '' : t('Manage apps')),
 			'$create' => (($mode == 'edit') ? t('Create new app') : '')
 		));
 	

Zotlabs/Module/Article_edit.php

@@ -128,6 +128,7 @@ class Article_edit extends \Zotlabs\Web\Controller {
 			'$title' => t('Edit Article'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$id' => $itm[0]['id'],
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Articles.php

@@ -127,21 +127,26 @@ class Articles extends \Zotlabs\Web\Controller {
 			$editor = '';
 		}
 		
+		$itemspage = get_pconfig(local_channel(),'system','itemspage');
+		\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
+
 		
 		$sql_extra = item_permissions_sql($owner);
+		$sql_item = '';
 
 		if($selected_card) {
 			$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.v = '%s' limit 1",
 				dbesc($selected_card)
 			);
 			if($r) {
-				$sql_extra .= "and item.id = " . intval($r[0]['iid']) . " ";
+				$sql_item = "and item.id = " . intval($r[0]['iid']) . " ";
 			}
 		}
 				
 		$r = q("select * from item 
 			where item.uid = %d and item_type = %d 
-			$sql_extra order by item.created desc",
+			$sql_extra $sql_item order by item.created desc $pager_sql",
 			intval($owner),
 			intval(ITEM_TYPE_ARTICLE)
 		);
@@ -152,6 +157,8 @@ class Articles extends \Zotlabs\Web\Controller {
 
 		if($r) {
 
+			$pager_total = count($r);
+
 			$parents_str = ids_to_querystr($r,'id');
 
 			$items = q("SELECT item.*, item.id AS item_id
@@ -173,13 +180,18 @@ class Articles extends \Zotlabs\Web\Controller {
 
 		$mode = 'articles';
 			
-     	$content = conversation($items,$mode,false,'traditional');
+		if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card))
+            $page_mode = 'pager_list';
+        else
+            $page_mode = 'traditional';
+
+     	$content = conversation($items,$mode,false,$page_mode);
 
 		$o = replace_macros(get_markup_template('cards.tpl'), [
 			'$title' => t('Articles'),
 			'$editor' => $editor,
 			'$content' => $content,
-			'$pager' => alt_pager($a,count($items))
+			'$pager' => alt_pager($pager_total)
 		]);
 
         return $o;

Zotlabs/Module/Authorize.php

@@ -4,60 +4,89 @@ namespace Zotlabs\Module;
 
 use Zotlabs\Identity\OAuth2Storage;
 
-
 class Authorize extends \Zotlabs\Web\Controller {
 
-	function init() {
+	function get() {
+		if (!local_channel()) {
+			return login();
+		} else {
+			// TODO: Fully implement the dynamic client registration protocol:
+			// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
+			// http://openid.net/specs/openid-connect-registration-1_0.html
+			$app = array(
+				'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
+				'icon' => (x($_REQUEST, 'logo_uri')    ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
+				'url'  => (x($_REQUEST, 'client_uri')  ? urldecode($_REQUEST['client_uri']) : ''),
+			);
+			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
+				'$title' => t('Authorize'),
+				'$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
+				'$app' => $app,
+				'$yes' => t('Allow'),
+				'$no' => t('Deny'),
+				'$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
+				'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
+				'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
+			));
+			return $o;
+		}
+	}
 
-		// workaround for HTTP-auth in CGI mode
-		if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
-			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
-			if(strlen($userpass)) {
-				list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
+	function post() {
+		if (! local_channel()) {
+			return;
 		}
 
-		if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
-			$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
-			if(strlen($userpass)) {
-				list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
-		}
+		$storage = new OAuth2Storage(\DBA::$dba->db);
+		$s = new \Zotlabs\Identity\OAuth2Server($storage);
 
-		$s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db));
+		// TODO: The automatic client registration protocol below should adhere more
+		// closely to "OAuth 2.0 Dynamic Client Registration Protocol" defined
+		// at https://tools.ietf.org/html/rfc7591
+		
+		// If no client_id was provided, generate a new one.
+		if (x($_POST, 'client_id')) {
+			$client_id = $_POST['client_id'];
+		} else {
+			$client_id = $_POST['client_id'] = random_string(16);
+		}
+		// If no redirect_uri was provided, generate a fake one.
+		if (x($_POST, 'redirect_uri')) {
+			$redirect_uri = $_POST['redirect_uri'];
+		} else {
+			$redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com/oauth';
+		}
 
 		$request = \OAuth2\Request::createFromGlobals();
 		$response = new \OAuth2\Response();
 
+		// If the client is not registered, add to the database
+		if (!$client = $storage->getClientDetails($client_id)) {
+			$client_secret = random_string(16);
+			// Client apps are registered per channel
+			$user_id = local_channel();
+			$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id);
+			
+		}
+		if (!$client = $storage->getClientDetails($client_id)) {
+			// There was an error registering the client.
+			$response->send();
+			killme();
+		}
+		$response->setParameter('client_secret', $client['client_secret']);
+
 		// validate the authorize request
-		if (! $s->validateAuthorizeRequest($request, $response)) {
+		if (!$s->validateAuthorizeRequest($request, $response)) {
 			$response->send();
 			killme();
 		}
 
-		// display an authorization form
-		if (empty($_POST)) {
-
-			return '
-<form method="post">
-  <label>Do You Authorize TestClient?</label><br />
-  <input type="submit" name="authorized" value="yes">
-  <input type="submit" name="authorized" value="no">
-</form>';
-		}
-
 		// print the authorization code if the user has authorized your client
-		$is_authorized = ($_POST['authorized'] === 'yes');
+		$is_authorized = ($_POST['authorize'] === 'allow');
 		$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
 		if ($is_authorized) {
-			// this is only here so that you get to see your code in the cURL request. Otherwise,
-			// we'd redirect back to the client
-			$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
-			echo("SUCCESS! Authorization Code: $code");
+			$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
+			logger('Authorization Code: ' .  $code);
 		}
 
 		$response->send();

Zotlabs/Module/Card_edit.php

@@ -128,6 +128,7 @@ class Card_edit extends \Zotlabs\Web\Controller {
 			'$title' => t('Edit Card'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$id' => $itm[0]['id'],
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Cards.php

@@ -131,20 +131,26 @@ class Cards extends \Zotlabs\Web\Controller {
 		}
 
 
+		$itemspage = get_pconfig(local_channel(),'system','itemspage');
+		\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
+
+
 		$sql_extra = item_permissions_sql($owner);
+		$sql_item = '';
 
 		if($selected_card) {
 			$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
 				dbesc($selected_card)
 			);
 			if($r) {
-				$sql_extra .= "and item.id = " . intval($r[0]['iid']) . " ";
+				$sql_item = "and item.id = " . intval($r[0]['iid']) . " ";
 			}
 		}
 
 		$r = q("select * from item
 			where uid = %d and item_type = %d
-			$sql_extra order by item.created desc",
+			$sql_extra $sql_item order by item.created desc $pager_sql",
 			intval($owner),
 			intval(ITEM_TYPE_CARD)
 		);
@@ -156,6 +162,8 @@ class Cards extends \Zotlabs\Web\Controller {
 		$items_result = [];
 		if($r) {
 
+			$pager_total = count($r);
+
 			$parents_str = ids_to_querystr($r, 'id');
 
 			$items = q("SELECT item.*, item.id AS item_id
@@ -175,13 +183,18 @@ class Cards extends \Zotlabs\Web\Controller {
 
 		$mode = 'cards';
 
-		$content = conversation($items_result, $mode, false, 'traditional');
+		if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card))
+			$page_mode = 'pager_list';
+		else
+			$page_mode = 'traditional';
+
+		$content = conversation($items_result, $mode, false, $page_mode);
 
 		$o = replace_macros(get_markup_template('cards.tpl'), [
 			'$title' => t('Cards'),
 			'$editor' => $editor,
 			'$content' => $content,
-			'$pager' => alt_pager($a, count($items_result))
+			'$pager' => alt_pager($pager_total)
 		]);
 
 		return $o;

Zotlabs/Module/Channel.php

@@ -18,6 +18,9 @@ class Channel extends \Zotlabs\Web\Controller {
 
 	function init() {
 
+		if(in_array(substr($_GET['search'],0,1),[ '@', '!', '?']))	
+			goaway('search' . '?f=&search=' . $_GET['search']);
+
 		$which = null;
 		if(argc() > 1)
 			$which = argv(1);
@@ -82,7 +85,9 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		$category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : '');
 		$hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
+		$order    = ((x($_GET,'order')) ? notags($_GET['order']) : 'post');
 		$static   = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
+		$search   = ((x($_GET,'search')) ? $_GET['search'] : EMPTY_STR);
 
 		$groups = array();
 
@@ -118,9 +123,12 @@ class Channel extends \Zotlabs\Web\Controller {
 
 			$static = channel_manual_conv_update(\App::$profile['profile_uid']);
 
-			//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
-
-			// $o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
+			// search terms header
+			if($search) {
+				$o .= replace_macros(get_markup_template("section_title.tpl"),array(
+					'$title' => t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8')
+				));
+			}
 
 			if($channel && $is_owner) {
 				$channel_acl = array(
@@ -152,7 +160,8 @@ class Channel extends \Zotlabs\Web\Controller {
 					'editor_autocomplete' => true,
 					'bbco_autocomplete' => 'bbcode',
 					'bbcode' => true,
-					'jotnets' => true
+					'jotnets' => true,
+					'reset' => t('Reset form')
 				);
 
 				$o .= status_editor($a,$x);
@@ -178,6 +187,19 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		$simple_update = (($update) ? " AND item_unseen = 1 " : '');
 
+		if($search) {
+			$search = escape_tags($search);
+			if(strpos($search,'#') === 0) {
+				$sql_extra .= term_query('item',substr($search,1),TERM_HASHTAG,TERM_COMMUNITYTAG);
+			}
+			else {
+				$sql_extra .= sprintf(" AND item.body like '%s' ",
+					dbesc(protect_sprintf('%' . $search . '%'))
+				);
+			}
+		}
+
+
 		head_add_link([ 
 			'rel'   => 'alternate',
 			'type'  => 'application/json+oembed',
@@ -204,7 +226,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				$_SESSION['loadtime'] = datetime_convert();
 			}
 			else {
-				$r = q("SELECT distinct parent AS item_id from item
+				$r = q("SELECT parent AS item_id from item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 					WHERE uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update
@@ -228,11 +250,22 @@ class Channel extends \Zotlabs\Web\Controller {
 
 			if($datequery) {
 				$sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery))));
+				$order = 'post';
 			}
 			if($datequery2) {
 				$sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2))));
 			}
 
+			if($datequery || $datequery2) {
+				$sql_extra2 .= " and item.item_thread_top != 0 ";
+			}
+
+			if($order === 'post')
+				$ordering = "created";
+			else
+				$ordering = "commented";
+
+
 			$itemspage = get_pconfig(local_channel(),'system','itemspage');
 			\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
 			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
@@ -249,13 +282,13 @@ class Channel extends \Zotlabs\Web\Controller {
 					}
 				}
 				else {
-					$r = q("SELECT item.parent AS item_id FROM item 
+					$r = q("SELECT DISTINCT item.parent AS item_id, $ordering FROM item 
 						left join abook on ( item.author_xchan = abook.abook_xchan $abook_uids )
-						WHERE true and item.uid = %d AND item.item_thread_top = 1 $item_normal
+						WHERE true and item.uid = %d $item_normal
 						AND (abook.abook_blocked = 0 or abook.abook_flags is null)
-						AND item.item_wall = 1 
-						$sql_extra $sql_extra2
-						ORDER BY created DESC, id $pager_sql ",
+						AND item.item_wall = 1 AND item.item_thread_top = 1
+						$sql_extra $sql_extra2 
+						ORDER BY $ordering DESC $pager_sql ",
 						intval(\App::$profile['profile_uid'])
 					);
 				}
@@ -264,7 +297,6 @@ class Channel extends \Zotlabs\Web\Controller {
 				$r = array();
 			}
 		}
-
 		if($r) {
 
 			$parents_str = ids_to_querystr($r,'item_id');
@@ -280,7 +312,7 @@ class Channel extends \Zotlabs\Web\Controller {
 
 			xchan_query($items);
 			$items = fetch_post_tags($items, true);
-			$items = conv_sort($items,'created');
+			$items = conv_sort($items,$ordering);
 
 			if($load && $mid && (! count($items))) {
 				// This will happen if we don't have sufficient permissions
@@ -312,8 +344,8 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$uid' => ((\App::$profile['profile_uid']) ? \App::$profile['profile_uid'] : '0'),
 				'$gid' => '0',
 				'$cid' => '0',
-				'$cmin' => '0',
-				'$cmax' => '0',
+				'$cmin' => '(-1)',
+				'$cmax' => '(-1)',
 				'$star' => '0',
 				'$liked' => '0',
 				'$conv' => '0',
@@ -323,9 +355,9 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$fh' => '0',
 				'$static'  => $static,
 				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
-				'$search' => '',
+				'$search' => $search,
 				'$xchan' => '',
-				'$order' => '',
+				'$order' => $order,
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$file' => '',
 				'$cats' => (($category) ? urlencode($category) : ''),
@@ -371,16 +403,17 @@ class Channel extends \Zotlabs\Web\Controller {
 			}
 		}
 
+		$mode = (($search) ? 'search' : 'channel');
 
 		if($checkjs->disabled()) {
-			$o .= conversation($items,'channel',$update,'traditional');
+			$o .= conversation($items,$mode,$update,'traditional');
 		}
 		else {
-			$o .= conversation($items,'channel',$update,$page_mode);
+			$o .= conversation($items,$mode,$update,$page_mode);
 		}
 
 		if((! $update) || ($checkjs->disabled())) {
-			$o .= alt_pager($a,count($items));
+			$o .= alt_pager(count($items));
 			if ($mid && $items[0]['title'])
 				\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
 		}

Zotlabs/Module/Chanview.php

@@ -19,7 +19,7 @@ class Chanview extends \Zotlabs\Web\Controller {
 		}
 		if($_REQUEST['address']) {
 			$r = q("select * from xchan where xchan_addr = '%s' limit 1",
-				dbesc($_REQUEST['address'])
+				dbesc(punify($_REQUEST['address']))
 			);
 		}
 		elseif(local_channel() && intval($_REQUEST['cid'])) {

Zotlabs/Module/Chatsvc.php

@@ -60,7 +60,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 			intval(\App::$data['chat']['room_id']),
 			dbesc(get_observer_hash()),
 			dbesc(datetime_convert()),
-			dbesc($arr['chat_text'])		
+			dbesc(str_rot47(base64url_encode($arr['chat_text'])))		
 		);
 	
 		$ret['success'] = true;
@@ -119,10 +119,10 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 						$rv['xchan_network'] = 'unknown';
 						$rv['xchan_url'] = z_root();
 						$rv['xchan_hidden'] = 1;
-						$rv['xchan_photo_mimetype'] = 'image/jpeg';
-						$rv['xchan_photo_l'] = get_default_profile_photo(300); 
-						$rv['xchan_photo_m'] = get_default_profile_photo(80); 
-						$rv['xchan_photo_s'] = get_default_profile_photo(48); 
+						$rv['xchan_photo_mimetype'] = 'image/png';
+						$rv['xchan_photo_l'] = z_root() . '/' . get_default_profile_photo(300); 
+						$rv['xchan_photo_m'] = z_root() . '/' . get_default_profile_photo(80); 
+						$rv['xchan_photo_s'] = z_root() . '/' . get_default_profile_photo(48); 
 
 					}
 
@@ -157,7 +157,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 						'name' => $rr['xchan_name'],
 						'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'),
 						'localtime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'r'),
-						'text' => zidify_links(smilies(bbcode($rr['chat_text']))),
+						'text' => zidify_links(smilies(bbcode(base64url_decode(str_rot47($rr['chat_text']))))),
 						'self' => ((get_observer_hash() == $rr['chat_xchan']) ? 'self' : '')
 					);
 				}

Zotlabs/Module/Cloud.php

@@ -35,11 +35,20 @@ class Cloud extends \Zotlabs\Web\Controller {
 		if (argc() > 1)
 			$which = argv(1);
 
+
+		if (argc() < 2 && intval(get_config('system','cloud_disable_siteroot'))) {
+			notice( t('Permission denied.') . EOL);
+			construct_page();
+			killme();
+		}
+
 		$profile = 0;
 
 		if ($which)
 			profile_load( $which, $profile);
 
+
+
 		$auth = new \Zotlabs\Storage\BasicAuth();
 
 		$ob_hash = get_observer_hash();
@@ -60,6 +69,12 @@ class Cloud extends \Zotlabs\Web\Controller {
 		// if we arrived at this path with any query parameters in the url, build a clean url without
 		// them and redirect.
 
+		if(! array_key_exists('cloud_sort',$_SESSION)) {
+			$_SESSION['cloud_sort'] = 'name';
+		}
+
+		$_SESSION['cloud_sort'] = (($_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']);
+
 		$x = clean_query_string();
 		if($x !== \App::$query_string)
 			goaway(z_root() . '/' . $x);

Zotlabs/Module/Connections.php

@@ -32,6 +32,7 @@ class Connections extends \Zotlabs\Web\Controller {
 
 		nav_set_selected('Connections');
 	
+		$active      = false;
 		$blocked     = false;
 		$hidden      = false;
 		$ignored     = false;
@@ -44,11 +45,16 @@ class Connections extends \Zotlabs\Web\Controller {
 		if(! $_REQUEST['aj'])
 			$_SESSION['return_url'] = \App::$query_string;
 	
-		$search_flags = '';
+		$search_flags = "";
 		$head = '';
 	
 		if(argc() == 2) {
 			switch(argv(1)) {
+				case 'active':
+					$search_flags = " and abook_blocked = 0 and abook_ignored = 0 and abook_hidden = 0 and abook_archived = 0 AND abook_not_here = 0 ";
+					$head = t('Active');
+					$active = true;
+					break;
 				case 'blocked':
 					$search_flags = " and abook_blocked = 1 ";
 					$head = t('Blocked');
@@ -101,8 +107,9 @@ class Connections extends \Zotlabs\Web\Controller {
 				case 'all':
 					$head = t('All');
 				default:
-					$search_flags = '';
-					$all = true;
+					$search_flags = " and abook_blocked = 0 and abook_ignored = 0 and abook_hidden = 0 and abook_archived = 0 and abook_not_here = 0 ";
+					$active = true;
+					$head = t('Active');
 					break;
 	
 			}
@@ -129,6 +136,13 @@ class Connections extends \Zotlabs\Web\Controller {
 			),
 			*/
 	
+			'active' => array(
+				'label' => t('Active Connections'),
+				'url'   => z_root() . '/connections/active', 
+				'sel'   => ($active) ? 'active' : '',
+				'title' => t('Show active connections'),
+			),
+
 			'pending' => array(
 				'label' => t('New Connections'),
 				'url'   => z_root() . '/connections/pending', 
@@ -136,12 +150,6 @@ class Connections extends \Zotlabs\Web\Controller {
 				'title' => t('Show pending (new) connections'),
 			),
 	
-			'all' => array(
-				'label' => t('All Connections'),
-				'url'   => z_root() . '/connections/all', 
-				'sel'   => ($all) ? 'active' : '',
-				'title' => t('Show all connections'),
-			),
 	
 			/*
 			array(
@@ -187,6 +195,13 @@ class Connections extends \Zotlabs\Web\Controller {
 	//			'title' => t('Only show one-way connections'),
 	//		),
 	
+
+			'all' => array(
+				'label' => t('All Connections'),
+				'url'   => z_root() . '/connections', 
+				'sel'   => ($all) ? 'active' : '',
+				'title' => t('Show all connections'),
+			),
 	
 		);
 	
@@ -238,6 +253,7 @@ class Connections extends \Zotlabs\Web\Controller {
 	
 					$status_str = '';
 					$status = array(
+						((intval($rr['abook_active'])) ? t('Active') : ''),
 						((intval($rr['abook_pending'])) ? t('Pending approval') : ''),
 						((intval($rr['abook_archived'])) ? t('Archived') : ''),
 						((intval($rr['abook_hidden'])) ? t('Hidden') : ''),
@@ -310,7 +326,7 @@ class Connections extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 			$o .= replace_macros(get_markup_template('connections.tpl'),array(
 				'$header' => t('Connections') . (($head) ? ': ' . $head : ''),
 				'$tabs' => $tabs,

Zotlabs/Module/Connedit.php

@@ -828,7 +828,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 
 			$locstr = locations_by_netid($contact['xchan_hash']);
 			if(! $locstr)
-				$locstr = $contact['xchan_url'];
+				$locstr = unpunify($contact['xchan_url']);
 	
 			$clone_warn = '';
 			$clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false);
@@ -852,8 +852,8 @@ class Connedit extends \Zotlabs\Web\Controller {
 				'$permcat'        => [ 'permcat', t('Permission role'), '', '<span class="loading invisible">' . t('Loading') . '<span class="jumping-dots"><span class="dot-1">.</span><span class="dot-2">.</span><span class="dot-3">.</span></span></span>',$permcats ],
 				'$permcat_new'    => t('Add permission role'),
 				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
-				'$addr'           => $contact['xchan_addr'],
-				'$primeurl'       => $contact['xchan_url'],
+				'$addr'           => unpunify($contact['xchan_addr']),
+				'$primeurl'       => unpunify($contact['xchan_url']),
 				'$section'        => $section,
 				'$sections'       => $sections,
 				'$vcard'          => $vcard,

Zotlabs/Module/Cover_photo.php

@@ -9,6 +9,7 @@ namespace Zotlabs\Module;
 
 require_once('include/photo/photo_driver.php');
 require_once('include/channel.php');
+require_once('include/photos.php');
 
 
 
@@ -84,10 +85,41 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			);
 	
 			if($r) {
-	
-				$base_image = $r[0];
-				$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($base_image['content'])) : dbunescbin($base_image['content']));
-			
+
+				$max_thumb = intval(get_config('system','max_thumbnail',1600));
+				$iscaled = false;
+				if(intval($r[0]['height']) > $max_thumb || intval($r[0]['width']) > $max_thumb) { 
+					$imagick_path = get_config('system','imagick_convert_path');
+					if($imagick_path && @file_exists($imagick_path) && intval($r[0]['os_storage'])) {
+
+						$fname = dbunescbin($r[0]['content']);
+						$tmp_name = $fname . '-001';
+						$newsize = photo_calculate_scale(array_merge(getimagesize($fname),['max' => $max_thumb]));
+						$cmd = $imagick_path . ' ' . escapeshellarg(PROJECT_BASE . '/' . $fname) . ' -resize ' . $newsize . ' ' . escapeshellarg(PROJECT_BASE . '/' . $tmp_name);
+						//	logger('imagick thumbnail command: ' . $cmd);
+						for($x = 0; $x < 4; $x ++) {
+							exec($cmd);
+							if(file_exists($tmp_name)) {
+								break;
+							}
+						}
+						if(file_exists($tmp_name)) {
+							$base_image = $r[0];
+							$gis = getimagesize($tmp_name);
+logger('gis: ' . print_r($gis,true));
+							$base_image['width'] = $gis[0];
+							$base_image['height'] = $gis[1];
+							$base_image['content'] = @file_get_contents($tmp_name);
+							$iscaled = true;
+							@unlink($tmp_name);
+						}
+					}
+				}
+				if(! $iscaled) {
+					$base_image = $r[0];
+					$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($base_image['content'])) : dbunescbin($base_image['content']));
+				}
+
 				$im = photo_factory($base_image['content'], $base_image['mimetype']);
 				if($im->is_valid()) {
 	
@@ -119,10 +151,10 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 						intval(local_channel())
 					);
 	
-					$orig_srcx = ( $r[0]['width'] / $scaled_width ) * $srcX;
-					$orig_srcy = ( $r[0]['height'] / $scaled_height ) * $srcY;
-	 				$orig_srcw = ( $srcW / $scaled_width ) * $r[0]['width'];
-	 				$orig_srch = ( $srcH / $scaled_height ) * $r[0]['height'];
+					$orig_srcx = ( $base_image['width'] / $scaled_width ) * $srcX;
+					$orig_srcy = ( $base_image['height'] / $scaled_height ) * $srcY;
+	 				$orig_srcw = ( $srcW / $scaled_width ) * $base_image['width'];
+	 				$orig_srch = ( $srcH / $scaled_height ) * $base_image['height'];
 	
 					$im->cropImageRect(1200,435,$orig_srcx, $orig_srcy, $orig_srcw, $orig_srch);
 	
@@ -355,6 +387,8 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 	
 			$o .= replace_macros($tpl,array(
 				'$user'                => \App::$channel['channel_address'],
+				'$info'                => t('Your cover photo may be visible to anybody on the internet'),
+				'$existing'            => get_cover_photo(local_channel(),'array',PHOTO_RES_COVER_850),
 				'$lbl_upfile'          => t('Upload File:'),
 				'$lbl_profiles'        => t('Select a profile:'),
 				'$title'               => t('Change Cover Photo'),

Zotlabs/Module/Directory.php

@@ -299,9 +299,9 @@ class Directory extends \Zotlabs\Web\Controller {
 										if(strlen($out))
 											$out .= ', ';
 										if($marr && in_arrayi($k,$marr))
-											$out .= '<strong>' . $k . '</strong>';
+											$out .= '<a href="' . z_root() . '/directory/f=&keywords=' . urlencode($k)  .'"><strong>' . $k . '</strong></a>';
 										else
-											$out .= $k;
+											$out .= '<a href="' . z_root() . '/directory/f=&keywords=' . urlencode($k)  .'">' . $k . '</a>';
 									}
 								}
 				
@@ -395,7 +395,7 @@ class Directory extends \Zotlabs\Web\Controller {
 	
 							$dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory'));
 	
-							$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . ";  </script>";
+							$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . ";  </script>";
 							$o .= replace_macros($tpl, array(
 								'$search' => $search,
 								'$desc' => t('Find'),
@@ -404,7 +404,7 @@ class Directory extends \Zotlabs\Web\Controller {
 								'$entries' => $entries,
 								'$dirlbl' => $suggest ? t('Channel Suggestions') : $dirtitle,
 								'$submit' => t('Find'),
-								'$next' => alt_pager($a,$j['records'], t('next page'), t('previous page')),
+								'$next' => alt_pager($j['records'], t('next page'), t('previous page')),
 								'$sort' => t('Sort options'),
 								'$normal' => t('Alphabetic'),
 								'$reverse' => t('Reverse Alphabetic'),

Zotlabs/Module/Dirsearch.php

@@ -257,7 +257,7 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 		else {
 	
 			$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash 
-				where ( $logic $sql_extra ) $hub_query and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 
+				where ( $logic $sql_extra ) $hub_query and xchan_network = 'zot' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 
 				$safesql $order $qlimit "
 			);
 	

Zotlabs/Module/Display.php

@@ -67,8 +67,7 @@ class Display extends \Zotlabs\Web\Controller {
 				'default_location'    => $channel['channel_location'],
 				'nickname'            => $channel['channel_address'],
 				'lockstate'           => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-	
-				'acl'                 => populate_acl($channel_acl),
+				'acl'                 => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'),	
 				'permissions'         => $channel_acl,
 				'bang'                => '',
 				'visitor'             => true,
@@ -78,7 +77,8 @@ class Display extends \Zotlabs\Web\Controller {
 				'editor_autocomplete' => true,
 				'bbco_autocomplete'   => 'bbcode',
 				'bbcode'              => true,
-				'jotnets'             => true
+				'jotnets'             => true,
+				'reset'               => t('Reset form')
 			);
 	
 			$o = '<div id="jot-popup">';
@@ -102,7 +102,7 @@ class Display extends \Zotlabs\Web\Controller {
 		if($decoded)
 			$item_hash = $decoded;
 
-		$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid like '%s' limit 1",
+		$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, author_xchan, item_blocked from item where mid like '%s' limit 1",
 			dbesc($item_hash . '%')
 		);
 	
@@ -110,6 +110,14 @@ class Display extends \Zotlabs\Web\Controller {
 			$target_item = $r[0];
 		}
 
+		$x = q("select * from xchan where xchan_hash = '%s' limit 1",
+			dbesc($target_item['author_xchan'])
+		);
+		if($x) {
+// not yet ready for prime time
+//			\App::$poi = $x[0];
+		}
+
 		//if the item is to be moderated redirect to /moderate
 		if($target_item['item_blocked'] == ITEM_MODERATED) {
 			goaway(z_root() . '/moderate/' . $target_item['id']);
@@ -124,7 +132,7 @@ class Display extends \Zotlabs\Web\Controller {
 			$y = q("select * from iconfig left join item on iconfig.iid = item.id 
 				where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item.id = %d limit 1",
 				intval($target_item['uid']),
-				intval($target_item['id'])
+				intval($target_item['parent'])
 			);
 			if($x && $y) {
 				goaway(z_root() . '/page/' . $x[0]['channel_address'] . '/' . $y[0]['v']);
@@ -134,6 +142,41 @@ class Display extends \Zotlabs\Web\Controller {
 			 	return '';
 			}
 		}
+		if($target_item['item_type']  == ITEM_TYPE_ARTICLE) {
+			$x = q("select * from channel where channel_id = %d limit 1",
+				intval($target_item['uid'])
+			);
+			$y = q("select * from iconfig left join item on iconfig.iid = item.id 
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and item.id = %d limit 1",
+				intval($target_item['uid']),
+				intval($target_item['parent'])
+			);
+			if($x && $y) {
+				goaway(z_root() . '/articles/' . $x[0]['channel_address'] . '/' . $y[0]['v']);
+			}
+			else {
+				notice( t('Page not found.') . EOL);
+			 	return '';
+			}
+		}
+		if($target_item['item_type']  == ITEM_TYPE_CARD) {
+			$x = q("select * from channel where channel_id = %d limit 1",
+				intval($target_item['uid'])
+			);
+			$y = q("select * from iconfig left join item on iconfig.iid = item.id 
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'CARD' and item.id = %d limit 1",
+				intval($target_item['uid']),
+				intval($target_item['parent'])
+			);
+			if($x && $y) {
+				goaway(z_root() . '/cards/' . $x[0]['channel_address'] . '/' . $y[0]['v']);
+			}
+			else {
+				notice( t('Page not found.') . EOL);
+			 	return '';
+			}
+		}
+		
 		
 		$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
 	
@@ -170,8 +213,8 @@ class Display extends \Zotlabs\Web\Controller {
 				'$uid'     => '0',
 				'$gid'     => '0',
 				'$cid'     => '0',
-				'$cmin'    => '0',
-				'$cmax'    => '99',
+				'$cmin'    => '(-1)',
+				'$cmax'    => '(-1)',
 				'$star'    => '0',
 				'$liked'   => '0',
 				'$conv'    => '0',

Zotlabs/Module/Editblock.php

@@ -138,6 +138,7 @@ class Editblock extends \Zotlabs\Web\Controller {
 			'$title' => t('Edit Block'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$id' => $itm[0]['id'],
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Editlayout.php

@@ -137,6 +137,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
 			'$title' => t('Edit Layout'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$id' => $itm[0]['id'],
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Editpost.php

@@ -82,7 +82,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 			'editor_autocomplete'=> true,
 			'bbco_autocomplete'=> 'bbcode',
 			'return_path' => $_SESSION['return_url'],
-			'button' => t('Edit'),
+			'button' => t('Submit'),
 			'hide_voting' => true,
 			'hide_future' => true,
 			'hide_location' => true,
@@ -106,6 +106,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit post'),
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Editwebpage.php

@@ -166,6 +166,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			'$title' => t('Edit Webpage'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$editor' => $editor,
+			'$cancel' => t('Cancel'),
 			'$id' => $itm[0]['id']
 		));
 

Zotlabs/Module/Filestorage.php

@@ -66,7 +66,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 
 		$perms = get_all_perms($owner, $ob_hash);
 
-		if(! $perms['view_storage']) {
+		if(! ($perms['view_storage'] || is_site_admin())){
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
@@ -75,15 +75,29 @@ class Filestorage extends \Zotlabs\Web\Controller {
 		// need to return for anyone other than the owner, despite the perms check for now.
 
 		$is_owner = (((local_channel()) && ($owner  == local_channel())) ? true : false);
-		if(! $is_owner) {
+		if(! ($is_owner || is_site_admin())){
 			info( t('Permission Denied.') . EOL );
 			return;
 		}
 
 		if(argc() > 3 && argv(3) === 'delete') {
+
+			if(argc() > 4 && argv(4) === 'json')
+				$json_return = true;
+
+
+			$admin_delete = false;
+
 			if(! $perms['write_storage']) {
-				notice( t('Permission denied.') . EOL);
-				return;
+				if(is_site_admin()) {
+					$admin_delete = true;
+				}
+				else {
+					notice( t('Permission denied.') . EOL);
+					if($json_return) 
+						json_return_and_die([ 'success' => false ]);
+					return;
+				}
 			}
 
 			$file = intval(argv(2));
@@ -92,22 +106,31 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				intval($owner)
 			);
 			if(! $r) {
+				if($json_return) 
+					json_return_and_die([ 'success' => false ]);
+
 				notice( t('File not found.') . EOL);
 				goaway(z_root() . '/cloud/' . $which);
 			}
 
 			$f = $r[0];
-			$channel = \App::get_channel();
+
+			$channel = channelx_by_n($owner);
 
 			$url = get_cloud_url($channel['channel_id'], $channel['channel_address'], $f['hash']);
 
 			attach_delete($owner, $f['hash']);
 
-			$sync = attach_export_data($channel, $f['hash'], true);
-			if($sync) {
-				build_sync_packet($channel['channel_id'], array('file' => array($sync)));
+			if(! $admin_delete) {
+				$sync = attach_export_data($channel, $f['hash'], true);
+				if($sync) {
+					build_sync_packet($channel['channel_id'], array('file' => array($sync)));
+				}
 			}
 
+			if(json_return)
+				json_return_and_die([ 'success' => true ]);
+
 			goaway(dirname($url));
 		}
 

Zotlabs/Module/Follow.php

@@ -14,21 +14,26 @@ class Follow extends \Zotlabs\Web\Controller {
 		}
 	
 		$uid = local_channel();
-		$url = notags(trim($_REQUEST['url']));
+		$url = notags(trim(punify($_REQUEST['url'])));
 		$return_url = $_SESSION['return_url'];
 		$confirm = intval($_REQUEST['confirm']);
-	
+		$interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1);	
 		$channel = \App::get_channel();
 
-		$result = new_contact($uid,$url,$channel,true,$confirm);
+		$result = new_contact($uid,$url,$channel,$interactive,$confirm);
 		
 		if($result['success'] == false) {
 			if($result['message'])
 				notice($result['message']);
-			goaway($return_url);
+			if($interactive) {
+				goaway($return_url);
+			}
+			else {
+				json_return_and_die($result);
+			}
 		}
 	
-		info( t('Channel added.') . EOL);
+		info( t('Connection added.') . EOL);
 	
 		$clone = array();
 		foreach($result['abook'] as $k => $v) {
@@ -53,7 +58,12 @@ class Follow extends \Zotlabs\Web\Controller {
 		if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss'))
 			\Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id']));
 	
-		goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
+		if($interactive) {
+			goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
+		}
+		else {
+			json_return_and_die([ 'success' => true ]);
+		}
 	
 	}
 	

Zotlabs/Module/Group.php

@@ -7,6 +7,17 @@ require_once('include/group.php');
 
 class Group extends \Zotlabs\Web\Controller {
 
+	function init() {
+		if(! local_channel()) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+		\App::$profile_uid = local_channel();
+
+		nav_set_selected('Privacy Groups');
+	}
+
 	function post() {
 	
 		if(! local_channel()) {
@@ -22,12 +33,10 @@ class Group extends \Zotlabs\Web\Controller {
 			$r = group_add(local_channel(),$name,$public);
 			if($r) {
 				info( t('Privacy group created.') . EOL );
-				$r = group_byname(local_channel(),$name);
-				if($r)
-					goaway(z_root() . '/group/' . $r);
 			}
-			else
-				notice( t('Could not create privacy group.') . EOL );	
+			else {
+				notice( t('Could not create privacy group.') . EOL );
+			}
 			goaway(z_root() . '/group');
 	
 		}
@@ -74,30 +83,59 @@ class Group extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied') . EOL);
 			return;
 		}
-	
+
 		// Switch to text mode interface if we have more than 'n' contacts or group members
-	
 		$switchtotext = get_pconfig(local_channel(),'system','groupedit_image_limit');
 		if($switchtotext === false)
 			$switchtotext = get_config('system','groupedit_image_limit');
 		if($switchtotext === false)
 			$switchtotext = 400;
-	
-		$tpl = get_markup_template('group_edit.tpl');
-		$context = array('$submit' => t('Submit'));
-	
-		if((argc() == 2) && (argv(1) === 'new')) {
-			
-			return replace_macros($tpl, $context + array(
-				'$title' => t('Create a group of channels.'),
-				'$gname' => array('groupname',t('Privacy group name: '), '', ''),
-				'$gid' => 'new',
-				'$public' => array('public',t('Members are visible to other channels'), false, ''),
+
+
+		if((argc() == 1) || ((argc() == 2) && (argv(1) === 'new'))) {
+
+			$new = (((argc() == 2) && (argv(1) === 'new')) ? true : false);
+
+			$groups = q("SELECT id, gname FROM groups WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+				intval(local_channel())
+			);
+
+			$i = 0;
+			foreach($groups as $group) {
+				$entries[$i]['name'] = $group['gname'];
+				$entries[$i]['id'] = $group['id'];
+				$entries[$i]['count'] = count(group_get_members($group['id']));
+				$i++;
+			}
+
+			$tpl = get_markup_template('privacy_groups.tpl');
+			$o = replace_macros($tpl, [
+				'$title' => t('Privacy Groups'),
+				'$add_new_label' => t('Add Group'),
+				'$new' => $new,
+
+				// new group form
+				'$gname' => array('groupname',t('Privacy group name')),
+				'$public' => array('public',t('Members are visible to other channels'), false),
 				'$form_security_token' => get_form_security_token("group_edit"),
-			));
-	
-	
+				'$submit' => t('Submit'),
+
+				// groups list
+				'$title' => t('Privacy Groups'),
+				'$name_label' => t('Name'),
+				'$count_label' => t('Members'),
+				'$entries' => $entries
+			]);
+
+			return $o;
+
 		}
+
+
+
+
+		$context = array('$submit' => t('Submit'));
+		$tpl = get_markup_template('group_edit.tpl');
 	
 		if((argc() == 3) && (argv(1) === 'drop')) {
 			check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
@@ -172,22 +210,17 @@ class Group extends \Zotlabs\Web\Controller {
 						$preselected[] = $member['xchan_hash'];
 				}
 			}
-	
-			$drop_tpl = get_markup_template('group_drop.tpl');
-			$drop_txt = replace_macros($drop_tpl, array(
-				'$id' => $group['id'],
-				'$delete' => t('Delete'),
-				'$form_security_token' => get_form_security_token("group_drop"),
-			));
-	
-			
+
 			$context = $context + array(
-				'$title' => t('Privacy group editor'),
+				'$title' => sprintf(t('Privacy Group: %s'), $group['gname']),
+				'$details_label' => t('Edit'),
 				'$gname' => array('groupname',t('Privacy group name: '),$group['gname'], ''),
 				'$gid' => $group['id'],
 				'$drop' => $drop_txt,
 				'$public' => array('public',t('Members are visible to other channels'), $group['visible'], ''),
-				'$form_security_token' => get_form_security_token('group_edit'),
+				'$form_security_token_edit' => get_form_security_token('group_edit'),
+				'$delete' => t('Delete Group'),
+				'$form_security_token_drop' => get_form_security_token("group_drop"),
 			);
 	
 		}
@@ -196,14 +229,14 @@ class Group extends \Zotlabs\Web\Controller {
 			return;
 	
 		$groupeditor = array(
-			'label_members' => t('Members'),
+			'label_members' => t('Group members'),
 			'members' => array(),
-			'label_contacts' => t('All Connected Channels'),
+			'label_contacts' => t('Not in this group'),
 			'contacts' => array(),
 		);
 			
 		$sec_token = addslashes(get_form_security_token('group_member_change'));
-		$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
+		$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : 'card');
 		foreach($members as $member) {
 			if($member['xchan_url']) {
 				$member['archived'] = (intval($member['abook_archived']) ? true : false);
@@ -219,7 +252,7 @@ class Group extends \Zotlabs\Web\Controller {
 		);
 	
 		if(count($r)) {
-			$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
+			$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : 'card');
 			foreach($r as $member) {
 				if(! in_array($member['xchan_hash'],$preselected)) {
 					$member['archived'] = (intval($member['abook_archived']) ? true : false);
@@ -230,7 +263,7 @@ class Group extends \Zotlabs\Web\Controller {
 		}
 	
 		$context['$groupeditor'] = $groupeditor;
-		$context['$desc'] = t('Click on a channel to add or remove.');
+		$context['$desc'] = t('Click a channel to toggle membership');
 	
 		if($change) {
 			$tpl = get_markup_template('groupeditor.tpl');

Zotlabs/Module/Hashtags.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Hashtags extends \Zotlabs\Web\Controller {
+
+	function init() {
+		$result = [];
+
+		$t = escape_tags($_REQUEST['t']);
+		if(! $t)
+			json_return_and_die($result);
+
+		$r = q("select distinct(term) from term where term like '%s' and ttype = %d order by term",
+			dbesc($t . '%'),
+			intval(TERM_HASHTAG)
+		);
+		if($r) {
+			foreach($r as $rv) {
+				$result[] = [ 'text' => $rv['term'] ];
+			}
+		}
+
+		json_return_and_die($result); 
+	}
+}

Zotlabs/Module/Home.php

@@ -9,7 +9,7 @@ require_once('include/conversation.php');
 class Home extends \Zotlabs\Web\Controller {
 
 	function init() {
-	
+
 		$ret = array();
 	
 		call_hooks('home_init',$ret);
@@ -89,11 +89,11 @@ class Home extends \Zotlabs\Web\Controller {
 	
 		$sitename = get_config('system','sitename');
 		if($sitename) 
-			$o .= '<h1 class="home-welcome">' . sprintf( t("Welcome to %s") ,$sitename) . '</h1>';
+			$o .= '<h1 class="home-welcome">' . sprintf( t('Welcome to %s') ,$sitename) . '</h1>';
 	
 		$loginbox = get_config('system','login_on_homepage');
 		if(intval($loginbox) || $loginbox === false)
-			$o .= login((\App::$config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1);
+			$o .= login(true);
 	
 		return $o;
 	

Zotlabs/Module/Hq.php

@@ -120,8 +120,7 @@ class Hq extends \Zotlabs\Web\Controller {
 				'default_location'    => $channel['channel_location'],
 				'nickname'            => $channel['channel_address'],
 				'lockstate'           => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-	
-				'acl'                 => populate_acl($channel_acl),
+				'acl'                 => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'),
 				'permissions'         => $channel_acl,
 				'bang'                => '',
 				'visitor'             => true,
@@ -131,7 +130,8 @@ class Hq extends \Zotlabs\Web\Controller {
 				'editor_autocomplete' => true,
 				'bbco_autocomplete'   => 'bbcode',
 				'bbcode'              => true,
-				'jotnets'             => true
+				'jotnets'             => true,
+				'reset'               => t('Reset form')
 			];
 
 			$o = replace_macros(get_markup_template("hq.tpl"),

Zotlabs/Module/Import.php

@@ -6,6 +6,7 @@ require_once('include/zot.php');
 require_once('include/channel.php');
 require_once('include/import.php');
 require_once('include/perm_upgrade.php');
+require_once('library/urlify/URLify.php');
 
 
 /**
@@ -38,6 +39,7 @@ class Import extends \Zotlabs\Web\Controller {
 		$filename       = basename($_FILES['filename']['name']);
 		$filesize       = intval($_FILES['filename']['size']);
 		$filetype       = $_FILES['filename']['type'];
+		$newname        = trim(strtolower($_REQUEST['newname']));
 
 		// import channel from file
 		if($src) {
@@ -114,15 +116,16 @@ class Import extends \Zotlabs\Web\Controller {
 				return;
 		}
 
-		if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) {
-			$v1 = substr($data['compatibility']['database'],-4);
-			$v2 = substr(DB_UPDATE_VERSION,-4);
-			if($v2 > $v1) {
-				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 );
-				notice($t);
-			}
-
-		}
+// This is only an info message but it is alarming to folks who then report failure with this as the cause, when in fact we ignore this completely.
+//		if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) {
+//			$v1 = substr($data['compatibility']['database'],-4);
+//			$v2 = substr(DB_UPDATE_VERSION,-4);
+//			if($v2 > $v1) {
+//				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 );
+//				notice($t);
+//			}
+//
+//		}
 
 		if($moving)
 			$seize = 1;
@@ -145,7 +148,20 @@ class Import extends \Zotlabs\Web\Controller {
 				}
 			}
 
-			$channel = import_channel($data['channel'], $account_id, $seize);
+            if($newname) {
+	            $x = false;
+
+    	        if(get_config('system','unicode_usernames')) {
+        	        $x = punify(mb_strtolower($newname));
+            	}
+
+	            if((! $x) || strlen($x) > 64) {
+    	            $x = strtolower(\URLify::transliterate($newname));
+				}
+				$newname = $x;
+			}
+
+			$channel = import_channel($data['channel'], $account_id, $seize, $newname);
 		}
 		else {
 			$moving  = false;
@@ -362,11 +378,27 @@ class Import extends \Zotlabs\Web\Controller {
 						continue;
 				}
 
-				abook_store_lowlevel($abook);
+				$r = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+					dbesc($abook['abook_xchan']),
+					intval($channel['channel_id'])
+				);
+				if($r) {
+					foreach($abook as $k => $v) {
+						$r = q("UPDATE abook SET " . TQUOT . "%s" . TQUOT . " = '%s' WHERE abook_xchan = '%s' AND abook_channel = %d",
+							dbesc($k),
+							dbesc($v),
+							dbesc($abook['abook_xchan']),
+							intval($channel['channel_id'])
+						);
+					}
+				}
+				else {
+					abook_store_lowlevel($abook);
 
-				$friends ++;
-				if(intval($abook['abook_feed']))
-					$feeds ++;
+					$friends ++;
+					if(intval($abook['abook_feed']))
+						$feeds ++;
+				}
 
 				translate_abook_perms_inbound($channel,$abook_copy);
 
@@ -515,16 +547,20 @@ class Import extends \Zotlabs\Web\Controller {
 			'$desc' => t('Use this form to import an existing channel from a different server/hub. You may retrieve the channel identity from the old server/hub via the network or provide an export file.'),
 			'$label_filename' => t('File to Upload'),
 			'$choice' => t('Or provide the old server/hub details'),
-			'$label_old_address' => t('Your old identity address (xyz@example.com)'),
-			'$label_old_email' => t('Your old login email address'),
-			'$label_old_pass' => t('Your old login password'),
+
+			'$old_address' => [ 'old_address', t('Your old identity address (xyz@example.com)'), '', ''],
+			'$email' => [ 'email', t('Your old login email address'), '', '' ],
+			'$password' => [ 'password', t('Your old login password'), '', '' ],
+			'$import_posts' => [ 'import_posts', t('Import a few months of posts if possible (limited by available memory'), false, '', [ t('No'), t('Yes') ]],
+
 			'$common' => t('For either option, please choose whether to make this hub your new primary address, or whether your old location should continue this role. You will be able to post from either location, but only one can be marked as the primary location for files, photos, and media.'),
-			'$label_import_primary' => t('Make this hub my primary location'),
-			'$label_import_moving' => t('Move this channel (disable all previous locations)'),
-			'$label_import_posts' => t('Import a few months of posts if possible (limited by available memory'),
+
+			'$make_primary' => [ 'make_primary', t('Make this hub my primary location'), false, '', [ t('No'), t('Yes') ] ],
+			'$moving' => [ 'moving', t('Move this channel (disable all previous locations)'), false, '', [ t('No'), t('Yes') ] ],
+			'$newname' => [ 'newname', t('Use this channel nickname instead of the one provided'), '', t('Leave blank to keep your existing channel nickname. You will be randomly assigned a similar nickname if either name is already allocated on this site.')],
+
 			'$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'),
-			'$email' => '',
-			'$pass' => '',
+
 			'$form_security_token' => get_form_security_token('channel_import'),
 			'$submit' => t('Submit')
 		));

Zotlabs/Module/Invite.php

@@ -113,7 +113,7 @@ class Invite extends \Zotlabs\Web\Controller {
 				$invite_code = autoname(8) . rand(1000,9999);
 				$nmessage = str_replace('$invite_code',$invite_code,$message);
 	
-				$r = q("INSERT INTO register (hash,created) VALUES ('%s', '%s') ",
+				$r = q("INSERT INTO register (hash,created,uid,password,lang) VALUES ('%s', '%s',0,'','') ",
 					dbesc($invite_code),
 					dbesc(datetime_convert())
 				);

Zotlabs/Module/Item.php

@@ -468,6 +468,7 @@ class Item extends \Zotlabs\Web\Controller {
 				$private = intval($acl->is_private() || $parent_item['item_private']);
 				$public_policy     = $parent_item['public_policy'];
 				$owner_hash        = $parent_item['owner_xchan'];
+				$webpage           = $parent_item['item_type'];
 			}
 		
 			if((! $allow_empty) && (! strlen($body))) {
@@ -527,22 +528,12 @@ class Item extends \Zotlabs\Web\Controller {
 			// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)
 			// we may need virtual or template classes to implement the possible alternatives
 			
-			// If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it, if our pconfig is set.
-		
-			if((! $parent) && (get_pconfig($profile_uid,'system','tagifonlyrecip')) && (substr_count($str_contact_allow,'<') == 1) && ($str_group_allow == '') && ($str_contact_deny == '') && ($str_group_deny == '')) {
-				$x = q("select abook_id, abconfig.v from abook left join abconfig on abook_xchan = abconfig.xchan and abook_channel = abconfig.chan and cat= 'their_perms' and abconfig.k = 'tag_deliver' and abconfig.v = 1 and abook_xchan = '%s' and abook_channel = %d limit 1",
-					dbesc(str_replace(array('<','>'),array('',''),$str_contact_allow)),
-					intval($profile_uid)
-				);
-				if($x)
-					$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
-			}
 
 			$body = cleanup_bbcode($body);
 	
 			// Look for tags and linkify them
 			$results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid);
-	
+logger('linkify: ' . print_r($results,true));
 			if($results) {
 	
 				// Set permissions based on tag replacements
@@ -830,6 +821,12 @@ class Item extends \Zotlabs\Web\Controller {
 		$datarray['plink']               = $plink;
 		$datarray['route']               = $route;
 	
+
+		// A specific ACL over-rides public_policy completely
+ 
+		if(! empty_acl($datarray))
+			$datarray['public_policy'] = '';
+
 		if($iconfig)
 			$datarray['iconfig'] = $iconfig;
 	
@@ -1077,24 +1074,36 @@ class Item extends \Zotlabs\Web\Controller {
 		if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
 	
 			require_once('include/items.php');
-			$i = q("select id, uid, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1",
+
+
+			$i = q("select id, uid, item_origin, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1",
 				intval(argv(2))
 			);
 	
 			if($i) {
 				$can_delete = false;
 				$local_delete = false;
-				if(local_channel() && local_channel() == $i[0]['uid'])
+
+				if(local_channel() && local_channel() == $i[0]['uid']) {
 					$local_delete = true;
-	
-				$sys = get_sys_channel();
-				if(is_site_admin() && $sys['channel_id'] == $i[0]['uid'])
-					$can_delete = true;
+				}
 	
 				$ob_hash = get_observer_hash();
-				if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan']))
+				if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) {
 					$can_delete = true;
-	
+				}
+
+				// The site admin can delete any post/item on the site.
+				// If the item originated on this site+channel the deletion will propagate downstream. 
+				// Otherwise just the local copy is removed.
+
+				if(is_site_admin()) {
+					$local_delete = true;
+					if(intval($i[0]['item_origin']))
+						$can_delete = true;
+				}
+
+
 				if(! ($can_delete || $local_delete)) {
 					notice( t('Permission denied.') . EOL);
 					return;

Zotlabs/Module/Like.php

@@ -296,10 +296,11 @@ class Like extends \Zotlabs\Web\Controller {
 				notice( t('Permission denied') . EOL);
 				killme();
 			}
-	
+
 			$r = q("select * from xchan where xchan_hash = '%s' limit 1",
 				dbesc($item['owner_xchan'])
 			);
+
 			if($r)
 				$thread_owner = $r[0];
 			else
@@ -418,6 +419,7 @@ class Like extends \Zotlabs\Web\Controller {
 	
 			$arr['item_origin'] = 1;
 			$arr['item_notshown'] = 1;
+			$arr['item_type'] = $item['item_type'];
 	
 			if(intval($item['item_wall']))
 				$arr['item_wall'] = 1;

Zotlabs/Module/Linkinfo.php

@@ -55,10 +55,10 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 			$h = explode("\n",$result['header']);
 			foreach ($h as $l) {
 				list($k,$v) = array_map("trim", explode(":", trim($l), 2));
-				$hdrs[$k] = $v;
+				$hdrs[strtolower($k)] = $v;
 			}
-			if (array_key_exists('Content-Type', $hdrs))
-				$type = $hdrs['Content-Type'];
+			if (array_key_exists('content-type', $hdrs))
+				$type = $hdrs['content-type'];
 			if($type) {
 				$zrl = is_matrix_url($url);
 				if(stripos($type,'image/') !== false) {
@@ -82,6 +82,10 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 						echo $br . '[audio]' . $url . '[/audio]' . $br;
 					killme();
 				}
+				if(strtolower($type) === 'application/pdf' || strtolower($type) === 'application/x-pdf') {
+					echo $br . '[embed]' . $url . '[/embed]' . $br;
+					killme();
+				}
 			}
 		}
 	

Zotlabs/Module/Login.php

@@ -10,7 +10,7 @@ class Login extends \Zotlabs\Web\Controller {
 		if(remote_channel() && $_SESSION['atoken'])
 			goaway(z_root());
 
-		return login((\App::$config['system']['register_policy'] == REGISTER_CLOSED) ? false : true);
+		return login(true);
 	}
 	
 }

Zotlabs/Module/Logout.php

@@ -5,7 +5,12 @@ namespace Zotlabs\Module;
 class Logout extends \Zotlabs\Web\Controller {
 
 	function init() {
-		\App::$session->nuke();
+		if($_SESSION['delegate'] && $_SESSION['delegate_push']) {
+			$_SESSION = $_SESSION['delegate_push'];
+		}
+		else {	
+			\App::$session->nuke();
+		}
 		goaway(z_root());
 
 	}

Zotlabs/Module/Magic.php

@@ -14,12 +14,16 @@ class Magic extends \Zotlabs\Web\Controller {
 		logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA);
 	
 		$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
+		$bdest = ((x($_REQUEST,'bdest')) ? $_REQUEST['bdest'] : '');
 		$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
 		$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
 		$rev  = ((x($_REQUEST,'rev'))  ? intval($_REQUEST['rev'])  : 0);
 		$owa  = ((x($_REQUEST,'owa'))  ? intval($_REQUEST['owa'])  : 0);
 		$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate']  : '');
-	
+
+		if($bdest)
+			$dest = hex2bin($bdest);
+
 		$parsed = parse_url($dest);
 		if(! $parsed) {
 			if($test) {
@@ -112,6 +116,8 @@ class Magic extends \Zotlabs\Web\Controller {
 				if($r && intval($r[0]['channel_id'])) {
 					$allowed = perm_is_allowed($r[0]['channel_id'],get_observer_hash(),'delegate');
 					if($allowed) {
+						$tmp = $_SESSION;
+						$_SESSION['delegate_push'] = $tmp;
 						$_SESSION['delegate_channel'] = $r[0]['channel_id'];
 						$_SESSION['delegate'] = get_observer_hash();
 						$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
@@ -137,6 +143,9 @@ class Magic extends \Zotlabs\Web\Controller {
 
 			if($owa) {
 
+				$dest = strip_zids($dest);
+				$dest = strip_query_param($dest,'f');
+
 				$headers = [];
 				$headers['Accept'] = 'application/x-zot+json' ;
 				$headers['X-Open-Web-Auth'] = random_string();

Zotlabs/Module/Mail.php

@@ -67,14 +67,14 @@ class Mail extends \Zotlabs\Web\Controller {
 		if(! $recipient) {
 			$channel = \App::get_channel();
 	
-			$j = \Zotlabs\Zot\Finger::run($rstr,$channel);
+			$j = \Zotlabs\Zot\Finger::run(punify($rstr),$channel);
 	
 			if(! $j['success']) {
 				notice( t('Unable to lookup recipient.') . EOL);
 				return;
 			} 
 	
-			logger('message_post: lookup: ' . $url . ' ' . print_r($j,true));
+			logger('message_post: lookup: ' . $rstr . ' ' . print_r($j,true));
 	
 			if(! $j['guid']) {
 				notice( t('Unable to communicate with requested channel.'));

Zotlabs/Module/Manage.php

@@ -156,7 +156,7 @@ class Manage extends \Zotlabs\Web\Controller {
 	
 		if($delegates) {
 			for($x = 0; $x < count($delegates); $x ++) {
-				$delegates[$x]['link'] = 'magic?f=&dest=' . urlencode($delegates[$x]['xchan_url']) 
+				$delegates[$x]['link'] = 'magic?f=&bdest=' . bin2hex($delegates[$x]['xchan_url']) 
 				. '&delegate=' . urlencode($delegates[$x]['xchan_addr']);
 				$delegates[$x]['channel_name'] = $delegates[$x]['xchan_name'];
 				$delegates[$x]['delegate'] = 1;

Zotlabs/Module/Menu.php

@@ -7,18 +7,36 @@ require_once('include/channel.php');
 
 class Menu extends \Zotlabs\Web\Controller {
 
+
 	function init() {
-		if (array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) {
+
+		if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) {
 			$sys = get_sys_channel();
-			if ($sys && intval($sys['channel_id'])) {
+			if($sys && intval($sys['channel_id'])) {
 				\App::$is_sys = true;
 			}
 		}
+
+		if(argc() > 1)
+			$which = argv(1);
+		else
+			return;
+
+		profile_load($which);
+
 	}
+
 	
-		function post() {
+	function post() {
 	
-		$uid = local_channel();
+		if(! \App::$profile) {
+			return;
+		}
+
+		$which = argv(1);
+
+
+		$uid = \App::$profile['channel_id'];
 	
 		if(array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) {
 			$sys = get_sys_channel();
@@ -43,7 +61,7 @@ class Menu extends \Zotlabs\Web\Controller {
 			if($r) {
 				menu_sync_packet($uid,get_observer_hash(),$menu_id);
 				//info( t('Menu updated.') . EOL);
-				goaway(z_root() . '/mitem/' . $menu_id . ((\App::$is_sys) ? '?f=&sys=1' : '')); 
+				goaway(z_root() . '/mitem/' . $which . '/' . $menu_id . ((\App::$is_sys) ? '?f=&sys=1' : '')); 
 			}
 			else
 				notice( t('Unable to update menu.'). EOL);
@@ -54,7 +72,7 @@ class Menu extends \Zotlabs\Web\Controller {
 				menu_sync_packet($uid,get_observer_hash(),$r);
 	
 				//info( t('Menu created.') . EOL);
-				goaway(z_root() . '/mitem/' . $r . ((\App::$is_sys) ? '?f=&sys=1' : '')); 
+				goaway(z_root() . '/mitem/' . $which . '/' . $r . ((\App::$is_sys) ? '?f=&sys=1' : '')); 
 			}
 			else
 				notice( t('Unable to create menu.'). EOL);
@@ -67,27 +85,71 @@ class Menu extends \Zotlabs\Web\Controller {
 	
 	function get() {
 	
+
+
+		if(! \App::$profile) {
+			notice( t('Requested profile is not available.') . EOL );
+			\App::$error = 404;
+			return;
+		}
+
+		$which = argv(1);
+
+		$_SESSION['return_url'] = \App::$query_string;
+
 		$uid = local_channel();
-	
-		if (\App::$is_sys && is_site_admin()) {
+		$owner = 0;
+		$channel = null;
+		$observer = \App::get_observer();
+
+		$channel = \App::get_channel();
+
+		if(\App::$is_sys && is_site_admin()) {
 			$sys = get_sys_channel();
-			$uid = intval($sys['channel_id']);
+			if($sys && intval($sys['channel_id'])) {
+				$uid = $owner = intval($sys['channel_id']);
+				$channel = $sys;
+				$observer = $sys;
+			}
 		}
-	
-		if(! $uid) {
+
+		if(! $owner) {
+			// Figure out who the page owner is.
+			$r = channelx_by_nick($which);
+			if($r) {
+				$owner = intval($r['channel_id']);
+			}
+		}
+
+		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+
+		$perms = get_all_perms($owner,$ob_hash);
+
+		if(! $perms['write_pages']) {
 			notice( t('Permission denied.') . EOL);
-			return '';
+			return;
 		}
+
+		// Get the observer, check their permissions
+
+		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+
+		$perms = get_all_perms($owner,$ob_hash);
+
+		if(! $perms['write_pages']) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+		if(argc() == 2) {
 	
-		if(argc() == 1) {
-	
-			$channel = (($sys) ? $sys : \App::get_channel());
+			$channel = (($sys) ? $sys : channelx_by_n($owner));
 	
 			// list menus
-			$x = menu_list($uid);
+			$x = menu_list($owner);
 			if($x) {
 				for($y = 0; $y < count($x); $y ++) {
-					$m = menu_fetch($x[$y]['menu_name'],$uid,get_observer_hash());
+					$m = menu_fetch($x[$y]['menu_name'],$owner,get_observer_hash());
 					if($m)
 						$x[$y]['element'] = '[element]' . base64url_encode(json_encode(menu_element($channel,$m))) . '[/element]';
 					$x[$y]['bookmark'] = (($x[$y]['menu_flags'] & MENU_BOOKMARK) ? true : false);
@@ -100,6 +162,7 @@ class Menu extends \Zotlabs\Web\Controller {
 				'$menu_bookmark' => array('menu_bookmark', t('Allow Bookmarks'), 0 , t('Menu may be used to store saved bookmarks'), array(t('No'), t('Yes'))),
 				'$submit' => t('Submit and proceed'),
 				'$sys' => \App::$is_sys,
+				'$nick' => $which,
 				'$display' => 'none'
 			));
 	
@@ -119,6 +182,7 @@ class Menu extends \Zotlabs\Web\Controller {
 				'$hintdrop' => t('Delete this menu'),
 				'$hintcontent' => t('Edit menu contents'),
 				'$hintedit' => t('Edit this menu'),
+				'$nick' => $which,
 				'$sys' => \App::$is_sys
 			));
 	
@@ -126,19 +190,19 @@ class Menu extends \Zotlabs\Web\Controller {
 	
 		}
 	
-		if(argc() > 1) {
-			if(intval(argv(1))) {
+		if(argc() > 2) {
+			if(intval(argv(2))) {
 	
-				if(argc() == 3 && argv(2) == 'drop') {
-					menu_sync_packet($uid,get_observer_hash(),intval(argv(1)),true);
-					$r = menu_delete_id(intval(argv(1)),$uid);
+				if(argc() == 4 && argv(3) == 'drop') {
+					menu_sync_packet($owner,get_observer_hash(),intval(argv(1)),true);
+					$r = menu_delete_id(intval(argv(2)),$owner);
 					if(!$r)
 						notice( t('Menu could not be deleted.'). EOL);
 	
-					goaway(z_root() . '/menu' . ((\App::$is_sys) ? '?f=&sys=1' : ''));
+					goaway(z_root() . '/menu/' . $which . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 				}
 	
-				$m = menu_fetch_id(intval(argv(1)),$uid);
+				$m = menu_fetch_id(intval(argv(2)),$owner);
 	
 				if(! $m) {
 					notice( t('Menu not found.') . EOL);
@@ -148,14 +212,15 @@ class Menu extends \Zotlabs\Web\Controller {
 				$o = replace_macros(get_markup_template('menuedit.tpl'), array(
 					'$header' => t('Edit Menu'),
 					'$sys' => \App::$is_sys,
-					'$menu_id' => intval(argv(1)),
-					'$menu_edit_link' => 'mitem/' . intval(argv(1)) . ((\App::$is_sys) ? '?f=&sys=1' : ''),
+					'$menu_id' => intval(argv(2)),
+					'$menu_edit_link' => 'mitem/' . $which . '/' . intval(argv(1)) . ((\App::$is_sys) ? '?f=&sys=1' : ''),
 					'$hintedit' => t('Add or remove entries to this menu'),
 					'$editcontents' => t('Edit menu contents'),
 					'$menu_name' => array('menu_name', t('Menu name'), $m['menu_name'], t('Must be unique, only seen by you'), '*'),
 					'$menu_desc' => array('menu_desc', t('Menu title'), $m['menu_desc'], t('Menu title as seen by others'), ''),
 					'$menu_bookmark' => array('menu_bookmark', t('Allow bookmarks'), (($m['menu_flags'] & MENU_BOOKMARK) ? 1 : 0), t('Menu may be used to store saved bookmarks'), array(t('No'), t('Yes'))),
 					'$menu_system' => (($m['menu_flags'] & MENU_SYSTEM) ? 1 : 0),
+					'$nick' => $which,
 					'$submit' => t('Submit and proceed')
 				));
 	

Zotlabs/Module/Message.php

@@ -93,7 +93,7 @@ class Message extends \Zotlabs\Web\Controller {
 			));
 	
 	
-			$o .= alt_pager($a,count($r));	
+			$o .= alt_pager(count($r));	
 	
 			return $o;
 	

Zotlabs/Module/Mitem.php

@@ -8,22 +8,25 @@ require_once('include/acl_selectors.php');
 class Mitem extends \Zotlabs\Web\Controller {
 
 	function init() {
-	
-		$uid = local_channel();
-	
-		if(array_key_exists('sys',$_REQUEST) && $_REQUEST['sys'] && is_site_admin()) {
+
+		if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) {
 			$sys = get_sys_channel();
-			$uid = intval($sys['channel_id']);
-			\App::$is_sys = true;
+			if($sys && intval($sys['channel_id'])) {
+				\App::$is_sys = true;
+			}
 		}
+
+		if(argc() > 1)
+			$which = argv(1);
+		else
+			return;
+
+		profile_load($which);
 	
-		if(! $uid)
+		if(argc() < 3)
 			return;
 	
-		if(argc() < 2)
-			return;
-	
-		$m = menu_fetch_id(intval(argv(1)),$uid);
+		$m = menu_fetch_id(intval(argv(2)),\App::$profile['channel_id']);
 		if(! $m) {
 			notice( t('Menu not found.') . EOL);
 			return '';
@@ -32,19 +35,27 @@ class Mitem extends \Zotlabs\Web\Controller {
 	
 	}
 	
-		function post() {
+	function post() {
 	
-		$uid = local_channel();
-	
-		if(\App::$is_sys && is_site_admin()) {
-			$sys = get_sys_channel();
-			$uid = intval($sys['channel_id']);
-		}
-	
-		if(! $uid) {
+		if(! \App::$profile) {
 			return;
 		}
+
+		$which = argv(1);
+
+
+		$uid = \App::$profile['channel_id'];
 	
+		if(array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) {
+			$sys = get_sys_channel();
+			$uid = intval($sys['channel_id']);
+			\App::$is_sys = true;
+		}
+	
+		if(! $uid)
+			return;
+
+
 		if(! \App::$data['menu'])
 			return;
 	
@@ -63,14 +74,14 @@ class Mitem extends \Zotlabs\Web\Controller {
 			$_REQUEST['mitem_flags'] |= MENU_ITEM_NEWWIN;
 	
 		
-		$mitem_id = ((argc() > 2) ? intval(argv(2)) : 0);
+		$mitem_id = ((argc() > 3) ? intval(argv(3)) : 0);
 		if($mitem_id) {
 			$_REQUEST['mitem_id'] = $mitem_id;
 			$r = menu_edit_item($_REQUEST['menu_id'],$uid,$_REQUEST);	
 			if($r) {
 				menu_sync_packet($uid,get_observer_hash(),$_REQUEST['menu_id']);
 				//info( t('Menu element updated.') . EOL);
-				goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : ''));
+				goaway(z_root() . '/mitem/' . $which . '/' . $_REQUEST['menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 			}
 			else
 				notice( t('Unable to update menu element.') . EOL);
@@ -82,10 +93,10 @@ class Mitem extends \Zotlabs\Web\Controller {
 				menu_sync_packet($uid,get_observer_hash(),$_REQUEST['menu_id']);
 				//info( t('Menu element added.') . EOL);
 				if($_REQUEST['submit']) {
-					goaway(z_root() . '/menu' . ((\App::$is_sys) ? '?f=&sys=1' : ''));
+					goaway(z_root() . '/menu/' . $which . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 				}
 				if($_REQUEST['submit-more']) {
-					goaway(z_root() . '/mitem/' . $_REQUEST['menu_id'] . '?f=&display=block' . ((\App::$is_sys) ? '&sys=1' : '') );
+					goaway(z_root() . '/mitem/' . $which . '/' . $_REQUEST['menu_id'] . '?f=&display=block' . ((\App::$is_sys) ? '&sys=1' : '') );
 				}
 			}
 			else
@@ -96,12 +107,15 @@ class Mitem extends \Zotlabs\Web\Controller {
 	}
 	
 	
-		function get() {
+	function get() {
 	
 		$uid = local_channel();
-		$channel = \App::get_channel();
+		$owner = \App::$profile['channel_id'];
+		$channel = channelx_by_n($owner);
 		$observer = \App::get_observer();
-	
+
+		$which = argv(1);
+
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
 	
 		if(\App::$is_sys && is_site_admin()) {
@@ -116,15 +130,15 @@ class Mitem extends \Zotlabs\Web\Controller {
 			return '';
 		}
 	
-		if(argc() < 2 || (! \App::$data['menu'])) {
+		if(argc() < 3 || (! \App::$data['menu'])) {
 			notice( t('Not found.') . EOL);
 			return '';
 		}
 	
-		$m = menu_fetch(\App::$data['menu']['menu_name'],$uid,$ob_hash);
+		$m = menu_fetch(\App::$data['menu']['menu_name'],$owner,$ob_hash);
 		\App::$data['menu_item'] = $m;
 	
-		$menu_list = menu_list($uid);
+		$menu_list = menu_list($owner);
 	
 		foreach($menu_list as $menus) {
 			if($menus['menu_name'] != $m['menu']['menu_name'])
@@ -135,10 +149,10 @@ class Mitem extends \Zotlabs\Web\Controller {
 	
 		$lockstate = (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock');
 	
-		if(argc() == 2) {
+		if(argc() == 3) {
 			$r = q("select * from menu_item where mitem_menu_id = %d and mitem_channel_id = %d order by mitem_order asc, mitem_desc asc",
 				intval(\App::$data['menu']['menu_id']),
-				intval($uid)
+				intval($owner)
 			);
 	
 			if($_GET['display']) {
@@ -167,6 +181,7 @@ class Mitem extends \Zotlabs\Web\Controller {
 				'$display'     => $display,
 				'$lockstate'   => $lockstate,
 				'$menu_names'  => $menu_names,
+				'$nick'        => $which,
 				'$sys'         => \App::$is_sys
 			));
 	
@@ -187,40 +202,41 @@ class Mitem extends \Zotlabs\Web\Controller {
 				'$hintnew'     => t('Add menu element'),
 				'$hintdrop'    => t('Delete this menu item'),
 				'$hintedit'    => t('Edit this menu item'),
+				'$nick'        => $which,
 			));
 	
 			return $o;
 		}
 	
 	
-		if(argc() > 2) {
-	
-			if(intval(argv(2))) {
+		if(argc() > 3) {
+
+			if(intval(argv(3))) {
 	
 				$m = q("select * from menu_item where mitem_id = %d and mitem_channel_id = %d limit 1",
-					intval(argv(2)),
-					intval($uid)
+					intval(argv(3)),
+					intval($owner)
 				);
 	
 				if(! $m) {
 					notice( t('Menu item not found.') . EOL);
-					goaway(z_root() . '/menu'. ((\App::$is_sys) ? '?f=&sys=1' : ''));
+					goaway(z_root() . '/menu/'. $which . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 				}
 	
 				$mitem = $m[0];
 	
 				$lockstate = (($mitem['allow_cid'] || $mitem['allow_gid'] || $mitem['deny_cid'] || $mitem['deny_gid']) ? 'lock' : 'unlock');
 	
-				if(argc() == 4 && argv(3) == 'drop') {
-					menu_sync_packet($uid,get_observer_hash(),$mitem['mitem_menu_id']);
-					$r = menu_del_item($mitem['mitem_menu_id'], $uid, intval(argv(2)));
-					menu_sync_packet($uid,get_observer_hash(),$mitem['mitem_menu_id']);
+				if(argc() == 5 && argv(4) == 'drop') {
+					menu_sync_packet($owner,get_observer_hash(),$mitem['mitem_menu_id']);
+					$r = menu_del_item($mitem['mitem_menu_id'], $owner, intval(argv(3)));
+					menu_sync_packet($owner,get_observer_hash(),$mitem['mitem_menu_id']);
 					if($r)
 						info( t('Menu item deleted.') . EOL);
 					else
 						notice( t('Menu item could not be deleted.'). EOL);
 	
-					goaway(z_root() . '/mitem/' . $mitem['mitem_menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : ''));
+					goaway(z_root() . '/mitem/' . $which . '/' . $mitem['mitem_menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 				}
 	
 				// edit menu item
@@ -234,7 +250,7 @@ class Mitem extends \Zotlabs\Web\Controller {
 					'$allow_gid' => acl2json($mitem['allow_gid']),
 					'$deny_cid' => acl2json($mitem['deny_cid']),
 					'$deny_gid' => acl2json($mitem['deny_gid']),
-					'$mitem_id' => intval(argv(2)),
+					'$mitem_id' => intval(argv(3)),
 					'$mitem_desc' => array('mitem_desc', t('Link text'), $mitem['mitem_desc'], '','*'),
 					'$mitem_link'  => array('mitem_link', t('Link or Submenu Target'), $mitem['mitem_link'], 'Enter URL of the link or select a menu name to create a submenu', '*', 'list="menu-names"'),
 					'$usezid' => array('usezid', t('Use magic-auth if available'), (($mitem['mitem_flags'] & MENU_ITEM_ZID) ? 1 : 0), '', array(t('No'), t('Yes'))),
@@ -242,7 +258,8 @@ class Mitem extends \Zotlabs\Web\Controller {
 					'$mitem_order' => array('mitem_order', t('Order in list'),$mitem['mitem_order'],t('Higher numbers will sink to bottom of listing')),
 					'$submit' => t('Submit'),
 					'$lockstate'     => $lockstate,
-					'$menu_names'  => $menu_names
+					'$menu_names'  => $menu_names,
+					'$nick'  => $which
 				));
 	
 				return $o;

Zotlabs/Module/Moderate.php

@@ -14,9 +14,12 @@ class Moderate extends \Zotlabs\Web\Controller {
 			return;
 		}
 
+		\App::set_pager_itemspage(60);
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));               
+
 		//show all items
 		if(argc() == 1) {
-			$r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+			$r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc $pager_sql",
 				intval(local_channel()),
 				intval(ITEM_MODERATED)
 			);
@@ -26,7 +29,7 @@ class Moderate extends \Zotlabs\Web\Controller {
 		if(argc() == 2) {
 			$post_id = intval(argv(1));
 
-			$r = q("select item.id as item_id, item.* from item where item.id = %d and item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+			$r = q("select item.id as item_id, item.* from item where item.id = %d and item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc $pager_sql",
 				intval($post_id),
 				intval(local_channel()),
 				intval(ITEM_MODERATED)
@@ -47,17 +50,26 @@ class Moderate extends \Zotlabs\Web\Controller {
 			);
 
 			if($r) {
+				$item = $r[0];
+
 				if($action === 'approve') {
 					q("update item set item_blocked = 0 where uid = %d and id = %d",
 						intval(local_channel()),
 						intval($post_id)
 					);
+
+					$item['item_blocked'] = 0;
+
+					item_update_parent_commented($item);
+
 					notice( t('Comment approved') . EOL);
 				}
 				elseif($action === 'drop') {
 					drop_item($post_id,false);
 					notice( t('Comment deleted') . EOL);
 				} 
+
+				// refetch the item after changes have been made
 			
 				$r = q("select * from item where id = %d",
 					intval($post_id)
@@ -83,6 +95,7 @@ class Moderate extends \Zotlabs\Web\Controller {
 		}
 
 		$o = conversation($items,'moderate',false,'traditional');
+		$o .= alt_pager(count($items));
 		return $o;
 
 	}

Zotlabs/Module/Network.php

@@ -15,6 +15,9 @@ class Network extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		if(in_array(substr($_GET['search'],0,1),[ '@', '!', '?']))
+			goaway('search' . '?f=&search=' . $_GET['search']);
 	
 		if(count($_GET) < 2) {
 			$network_options = get_pconfig(local_channel(),'system','network_page_default');
@@ -57,13 +60,26 @@ class Network extends \Zotlabs\Web\Controller {
 	
 		$datequery  = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : '');
 		$datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : '');
-		$nouveau    = ((x($_GET,'new')) ? intval($_GET['new']) : 0);
 		$static     = ((x($_GET,'static')) ? intval($_GET['static']) : 0); 
 		$gid        = ((x($_GET,'gid')) ? intval($_GET['gid']) : 0);
 		$category   = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : '');
 		$hashtags   = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
 		$verb       = ((x($_REQUEST,'verb')) ? $_REQUEST['verb'] : '');
-	
+
+
+		$order = get_pconfig(local_channel(), 'mod_network', 'order', 0);
+		switch($order) {
+			case 0:
+				$order = 'comment';
+				break;
+			case 1:
+				$order = 'post';
+				break;
+			case 2:
+				$nouveau = true;
+				break;
+		}
+
 		$search = (($_GET['search']) ? $_GET['search'] : '');
 		if($search) {
 			$_GET['netsearch'] = escape_tags($search);
@@ -84,7 +100,7 @@ class Network extends \Zotlabs\Web\Controller {
 		}
 	
 		if($datequery)
-			$_GET['order'] = 'post';
+			$order = 'post';
 	
 	
 		// filter by collection (e.g. group)
@@ -107,16 +123,11 @@ class Network extends \Zotlabs\Web\Controller {
 			$def_acl    = array('allow_gid' => '<' . $r[0]['hash'] . '>');
 		}
 	
-	
-		$default_cmin = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmin',0) : 0);
-		$default_cmax = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmax',99) : 99);
+		$default_cmin = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmin',0) : (-1));
+		$default_cmax = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmax',99) : (-1));
 
-	
-		// if no tabs are selected, defaults to comments
-	
 		$cid      = ((x($_GET,'cid'))   ? intval($_GET['cid'])   : 0);
 		$star     = ((x($_GET,'star'))  ? intval($_GET['star'])  : 0);
-		$order    = ((x($_GET,'order')) ? notags($_GET['order']) : 'comment');
 		$liked    = ((x($_GET,'liked')) ? intval($_GET['liked']) : 0);
 		$conv     = ((x($_GET,'conv'))  ? intval($_GET['conv'])  : 0);
 		$spam     = ((x($_GET,'spam'))  ? intval($_GET['spam'])  : 0);
@@ -125,17 +136,21 @@ class Network extends \Zotlabs\Web\Controller {
 		$file     = ((x($_GET,'file'))  ? $_GET['file']          : '');
 		$xchan    = ((x($_GET,'xchan')) ? $_GET['xchan']         : '');
 		$net      = ((x($_GET,'net'))   ? $_GET['net']           : '');
+		$pf       = ((x($_GET,'pf'))    ? $_GET['pf']            : '');
 		
 		$deftag = '';
 	
-		if(x($_GET,'search') || x($_GET,'file'))
+
+		if(x($_GET,'search') || $file || (!$pf && $cid))
 			$nouveau = true;
+
 		if($cid) {
-			$r = q("SELECT abook_xchan FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
+			$cid_r = q("SELECT abook.abook_xchan, xchan.xchan_addr, xchan.xchan_name, xchan.xchan_url, xchan.xchan_photo_s, xchan.xchan_pubforum from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and abook_blocked = 0 limit 1",
 				intval($cid),
 				intval(local_channel())
 			);
-			if(! $r) {
+
+			if(! $cid_r) {
 				if($update) {
 					killme();
 				}
@@ -143,14 +158,14 @@ class Network extends \Zotlabs\Web\Controller {
 				goaway(z_root() . '/network');
 				// NOTREACHED
 			}
-			if($_GET['pf'] === '1')
-				$deftag = '!' . t('forum') . '+' . intval($cid);
+			if($pf)
+				$deftag = '!{' . (($cid_r[0]['xchan_addr']) ? $cid_r[0]['xchan_addr'] : $cid_r[0]['xchan_url']) . '}';
 			else
-				$def_acl = [ 'allow_cid' => '<' . $r[0]['abook_xchan'] . '>', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ];
+				$def_acl = [ 'allow_cid' => '<' . $cid_r[0]['abook_xchan'] . '>', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ];
 		}
 	
 		if(! $update) {
-			$tabs = network_tabs();
+			$tabs = ''; //network_tabs();
 			$o .= $tabs;
 	
 			// search terms header
@@ -185,7 +200,8 @@ class Network extends \Zotlabs\Web\Controller {
 				'editor_autocomplete' => true,
 				'bbco_autocomplete' => 'bbcode',
 				'bbcode' => true,
-				'jotnets' => true
+				'jotnets' => true,
+				'reset' => t('Reset form')
 			);
 			if($deftag)
 				$x['pretext'] = $deftag;
@@ -210,27 +226,24 @@ class Network extends \Zotlabs\Web\Controller {
 	
 		$sql_nets = '';
 
-		$distinct = '';
 		$item_thread_top = ' AND item_thread_top = 1 ';
 	
-		$sql_extra = $sql_options;
+		$sql_extra = '';
 	
 		if($group) {
 			$contact_str = '';
 			$contacts = group_get_members($group);
 			if($contacts) {
-				foreach($contacts as $c) {
-					if($contact_str)
-						$contact_str .= ',';
-					$contact_str .= "'" . $c['xchan'] . "'";
-				}
+				$contact_str = ids_to_querystr($contacts,'xchan',true);
 			}
 			else {
-				$contact_str = ' 0 ';
-				info( t('Privacy group is empty'));
+				$contact_str = " '0' ";
+				if(! $update) {
+					info( t('Privacy group is empty'));
+				}
 			}
-			$distinct = ' distinct ';
 			$item_thread_top = '';
+
 			$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent $item_normal ) ";
 	
 			$x = group_rec_byhash(local_channel(), $group_hash);
@@ -246,35 +259,37 @@ class Network extends \Zotlabs\Web\Controller {
 			$o .= $status_editor;
 	
 		}
-	
-		elseif($cid) {
-	
-			$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and abook_blocked = 0 limit 1",
-				intval($cid),
-				intval(local_channel())
-			);
-			if($r) {
-				$distinct = ' distinct ';
-				$item_thread_top = '';
-				$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) $item_normal ) ";
-				$title = replace_macros(get_markup_template("section_title.tpl"),array(
-					'$title' => '<a href="' . zid($r[0]['xchan_url']) . '" ><img src="' . zid($r[0]['xchan_photo_s'])  . '" alt="' . urlencode($r[0]['xchan_name']) . '" /></a> <a href="' . zid($r[0]['xchan_url']) . '" >' . $r[0]['xchan_name'] . '</a>'
-				));
-				$o = $tabs;
-				$o .= $title;
-				$o .= $status_editor;
-			}
-			else {
-				notice( t('Invalid connection.') . EOL);
-				goaway(z_root() . '/network');
+		elseif($cid_r) {
+			$item_thread_top = '';
+
+			if($load || $update) {
+				if(!$pf && $nouveau) {
+					$sql_extra = " AND author_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' ";
+				}
+				else {
+					$ttype = (($pf) ? TERM_FORUM : TERM_MENTION);
+
+					$p1 = q("SELECT DISTINCT parent FROM item WHERE uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' OR owner_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' ) $item_normal ");
+					$p2 = q("SELECT oid AS parent FROM term WHERE uid = " . intval(local_channel()) . " AND ttype = $ttype AND term = '" . dbesc($cid_r[0]['xchan_name']) . "'");
+
+					$p_str = ids_to_querystr(array_merge($p1,$p2),'parent');
+					$sql_extra = " AND item.parent IN ( $p_str ) ";
+				}
 			}
+
+			$title = replace_macros(get_markup_template("section_title.tpl"),array(
+				'$title' => '<a href="' . zid($cid_r[0]['xchan_url']) . '" ><img src="' . zid($cid_r[0]['xchan_photo_s'])  . '" alt="' . urlencode($cid_r[0]['xchan_name']) . '" /></a> <a href="' . zid($cid_r[0]['xchan_url']) . '" >' . $cid_r[0]['xchan_name'] . '</a>'
+			));
+
+			$o = $tabs;
+			$o .= $title;
+			$o .= $status_editor;
 		}
 		elseif($xchan) {
 			$r = q("select * from xchan where xchan_hash = '%s'",
 				dbesc($xchan)
 			);
 			if($r) {
-				$distinct = ' distinct ';
 				$item_thread_top = '';
 				$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($xchan) . "' or owner_xchan = '" . dbesc($xchan) . "' ) $item_normal ) ";
 				$title = replace_macros(get_markup_template("section_title.tpl"),array(
@@ -320,8 +335,8 @@ class Network extends \Zotlabs\Web\Controller {
 				'$uid'     => ((local_channel()) ? local_channel() : '0'),
 				'$gid'     => (($gid) ? $gid : '0'),
 				'$cid'     => (($cid) ? $cid : '0'),
-				'$cmin'    => (($cmin) ? $cmin : '0'),
-				'$cmax'    => (($cmax) ? $cmax : '0'),
+				'$cmin'    => (($cmin) ? $cmin : '(-1)'),
+				'$cmax'    => (($cmax) ? $cmax : '(-1)'),
 				'$star'    => (($star) ? $star : '0'),
 				'$liked'   => (($liked) ? $liked : '0'),
 				'$conv'    => (($conv) ? $conv : '0'),
@@ -342,7 +357,8 @@ class Network extends \Zotlabs\Web\Controller {
 				'$mid'     => '',
 				'$verb'    => $verb,
 				'$net'     => $net,
-				'$dbegin'  => $datequery2
+				'$dbegin'  => $datequery2,
+				'$pf'     => (($pf) ? $pf : '0'),
 			));
 		}
 	
@@ -381,11 +397,16 @@ class Network extends \Zotlabs\Web\Controller {
 		}
 	
 		if($conv) {
-			$distinct = ' distinct ';
 			$item_thread_top = '';
-			$sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or item_mentionsme = 1 )) ",
-				dbesc(protect_sprintf($channel['channel_hash']))
-			);
+
+			if($nouveau) {
+				$sql_extra .= " AND author_xchan = '" . dbesc($channel['channel_hash']) . "' ";
+			}
+			else {
+				$sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan = '%s' or item_mentionsme = 1 )) ",
+					dbesc(protect_sprintf($channel['channel_hash']))
+				);
+			}
 		}
 	
 		if($update && ! $load) {
@@ -400,8 +421,9 @@ class Network extends \Zotlabs\Web\Controller {
 			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
 		}
 	
-	
-		if(($cmin != 0) || ($cmax != 99)) {
+		// cmin and cmax are both -1 when the affinity tool is disabled
+
+		if(($cmin != (-1)) || ($cmax != (-1))) {
 	
 			// Not everybody who shows up in the network stream will be in your address book.
 			// By default those that aren't are assumed to have closeness = 99; but this isn't
@@ -458,15 +480,15 @@ class Network extends \Zotlabs\Web\Controller {
 		if($nouveau && $load) {
 			// "New Item View" - show all items unthreaded in reverse created date order
 	
-			$items = q("SELECT item.*, item.id AS item_id, received FROM item 
+			$items = q("SELECT item.*, item.id AS item_id, created FROM item 
 				left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 				$net_query
 				WHERE true $uids $item_normal
 				and (abook.abook_blocked = 0 or abook.abook_flags is null)
 				$simple_update
-				$sql_extra $sql_nets
+				$sql_extra $sql_options $sql_nets
 				$net_query2
-				ORDER BY item.received DESC $pager_sql "
+				ORDER BY item.created DESC $pager_sql "
 			);
 	
 			require_once('include/items.php');
@@ -480,20 +502,19 @@ class Network extends \Zotlabs\Web\Controller {
 			// Normal conversation view
 	
 			if($order === 'post')
-					$ordering = "created";
+				$ordering = "created";
 			else
-					$ordering = "commented";
+				$ordering = "commented";
 	
 			if($load) {
-
 				// Fetch a page full of parent items for this page
-				$r = q("SELECT $distinct item.parent AS item_id FROM item 
+				$r = q("SELECT item.parent AS item_id FROM item 
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 					$net_query
 					WHERE true $uids $item_thread_top $item_normal
 					AND item.mid = item.parent_mid
 					and (abook.abook_blocked = 0 or abook.abook_flags is null)
-					$sql_extra3 $sql_extra $sql_nets
+					$sql_extra3 $sql_extra $sql_options $sql_nets
 					$net_query2
 					ORDER BY $ordering DESC $pager_sql "
 				);
@@ -506,7 +527,7 @@ class Network extends \Zotlabs\Web\Controller {
 					$net_query
 					WHERE true $uids $item_normal_update $simple_update
 					and (abook.abook_blocked = 0 or abook.abook_flags is null)
-					$sql_extra3 $sql_extra $sql_nets $net_query2"
+					$sql_extra3 $sql_extra $sql_options $sql_nets $net_query2"
 				);
 				$_SESSION['loadtime'] = datetime_convert();
 			}
@@ -566,11 +587,14 @@ class Network extends \Zotlabs\Web\Controller {
 		}
 	
 		$mode = (($nouveau) ? 'network-new' : 'network');
+
+		if($search)
+			$mode = 'search';
 	
 		$o .= conversation($items,$mode,$update,$page_mode);
 	
 		if(($items) && (! $update))
-			$o .= alt_pager($a,count($items));
+			$o .= alt_pager(count($items));
 	
 		return $o;
 	}

Zotlabs/Module/New_channel.php

@@ -16,8 +16,15 @@ class New_channel extends \Zotlabs\Web\Controller {
 			require_once('library/urlify/URLify.php');
 			$result = array('error' => false, 'message' => '');
 			$n = trim($_REQUEST['name']);
-	
-			$x = strtolower(\URLify::transliterate($n));
+
+			$x = false;
+
+			if(get_config('system','unicode_usernames')) {
+				$x = punify(mb_strtolower($n)); 
+			}
+
+			if((! $x) || strlen($x) > 64)
+				$x = strtolower(\URLify::transliterate($n));
 	
 			$test = array();
 	
@@ -34,7 +41,7 @@ class New_channel extends \Zotlabs\Web\Controller {
 			$test[] = legal_webbie($x);
 			// fullname plus random number
 			$test[] = legal_webbie($x) . mt_rand(1000,9999);
-	
+
 			json_return_and_die(check_webbie($test));
 		}
 	
@@ -42,11 +49,32 @@ class New_channel extends \Zotlabs\Web\Controller {
 			require_once('library/urlify/URLify.php');
 			$result = array('error' => false, 'message' => '');
 			$n = trim($_REQUEST['nick']);
-	
-			$x = strtolower(\URLify::transliterate($n));
-	
+			if(! $n) {
+				$n = trim($_REQUEST['name']);	
+			}
+
+			$x = false;
+
+			if(get_config('system','unicode_usernames')) {
+				$x = punify(mb_strtolower($n)); 
+			}
+
+			if((! $x) || strlen($x) > 64)
+				$x = strtolower(\URLify::transliterate($n));
+
+
 			$test = array();
 	
+			// first name
+			if(strpos($x,' '))
+				$test[] = legal_webbie(substr($x,0,strpos($x,' ')));
+			if($test[0]) {
+				// first name plus first initial of last
+				$test[] = ((strpos($x,' ')) ? $test[0] . legal_webbie(trim(substr($x,strpos($x,' '),2))) : '');
+				// first name plus random number
+				$test[] = $test[0] . mt_rand(1000,9999);
+			}
+
 			$n = legal_webbie($x);
 			if(strlen($n)) {
 				$test[] = $n;
@@ -110,7 +138,7 @@ class New_channel extends \Zotlabs\Web\Controller {
 				intval($aid)
 			);
 			if($r && (! intval($r[0]['total']))) {
-				$default_role = get_config('system','default_permissions_role');
+				$default_role = get_config('system','default_permissions_role','social');
 			}
 	
 			$limit = account_service_class_fetch(get_account_id(),'total_identities');
@@ -122,24 +150,38 @@ class New_channel extends \Zotlabs\Web\Controller {
 				$channel_usage_message = '';
 			}
 		}
-	
+
+		$name_help = '<span id="name_help_loading" style="display:none">' . t('Loading') . '</span><span id="name_help_text">';
+		$name_help .= (($default_role) 
+			? t('Your real name is recommended.')
+			: t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"')
+		);
+		$name_help .= '</span>';
+
+		$nick_help = '<span id="nick_help_loading" style="display:none">' . t('Loading') . '</span><span id="nick_help_text">';
+		$nick_help .= t('This will be used to create a unique network address (like an email address).');
+		if(! get_config('system','unicode_usernames')) {
+			$nick_help .= ' ' . t('Allowed characters are a-z 0-9, - and _');
+		}
+		$nick_help .= '<span>';
+
 		$privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] :  "" );
 
 		$perm_roles = \Zotlabs\Access\PermissionRoles::roles();
 		if((get_account_techlevel() < 4) && $privacy_role !== 'custom')
 			unset($perm_roles[t('Other')]);
 
-		$name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'), "*");
+		$name = array('name', t('Channel name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), $name_help, "*");
 		$nickhub = '@' . \App::get_hostname();
-		$nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub), "*");
-		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Account_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
+		$nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), $nick_help, "*");
+		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel permission role compatible with your usage needs and privacy requirements.') . '<br>' . '<a href="help/member/member_guide#Channel_Permission_Roles" target="_blank">' . t('Read more about channel permission roles') . '</a>',$perm_roles);
 	
 		$o = replace_macros(get_markup_template('new_channel.tpl'), array(
-			'$title'        => t('Create Channel'),
-			'$desc'         => t('A channel is your identity on this network. It can represent a person, a blog, or a forum to name a few. Channels can make connections with other channels to share information with highly detailed permissions.'),
+			'$title'        => t('Create a Channel'),
+			'$desc'         => t('A channel is a unique network identity. It can represent a person (social network profile), a forum (group), a business or celebrity page, a newsfeed, and many other things.') , 
 			'$label_import' => t('or <a href="import">import an existing channel</a> from another location.'),
 			'$name'         => $name,
-			'$role'		=> $role,
+			'$role'		    => $role,
 			'$default_role' => $default_role,
 			'$nickname'     => $nickname,
 			'$validate'     => t('Validate'),

Zotlabs/Module/Nojs.php

@@ -7,8 +7,8 @@ class Nojs extends \Zotlabs\Web\Controller {
 	function init() {
 		$n = ((argc() > 1) ? intval(argv(1)) : 1);
 		setcookie('jsdisabled', $n, 0, '/');
-		$p = $_GET['redir'];
-		$hasq = strpos($p,'?');
+		$p = hex2bin($_GET['redir']);
+		$hasq = strpbrk($p,'?&');
 		goaway(z_root() . (($p) ? '/' . $p : '') . (($hasq) ? '' : '?f=' ) . '&jsdisabled=' . $n);
 	
 	}

Zotlabs/Module/Notifications.php

@@ -41,8 +41,6 @@ class Notifications extends \Zotlabs\Web\Controller {
 			$notifications_available = 1;
 			foreach ($r as $rr) {
 				$x = strip_tags(bbcode($rr['msg']));
-				if(strpos($x,','))
-					$x = substr($x,strpos($x,',')+1);
 				$notif_content .= replace_macros(get_markup_template('notify.tpl'),array(
 					'$item_link' => z_root().'/notify/view/'. $rr['id'],
 					'$item_image' => $rr['photo'],

Zotlabs/Module/Oauth2testvehicle.php

@@ -0,0 +1,151 @@
+<?php
+
+namespace Zotlabs\Module;
+
+/**
+ * The OAuth2TestVehicle class is a way to test the registration of an OAuth2
+ * client app. It allows you to walk through the steps of registering a client,
+ * requesting an authorization code for that client, and then requesting an 
+ * access token for use in authentication against the Hubzilla API endpoints.
+ */
+class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
+
+	function init() {
+
+		killme();
+		
+		// If there is a 'code' and 'state' parameter then this is a client app 
+		// callback issued after the authorization code request
+		// TODO: Check state value and compare to original sent value
+			// "You should first compare this state value to ensure it matches the 
+			// one you started with. You can typically store the state value in a 
+			// cookie, and compare it when the user comes back. This ensures your 
+			// redirection endpoint isn't able to be tricked into attempting to 
+			// exchange arbitrary authorization codes."
+		$_SESSION['redirect_uri'] = z_root() . '/oauth2testvehicle';
+		$_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']);
+		$_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] );
+		$_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] );
+		$_SESSION['client_secret'] = (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : $_SESSION['client_secret']);
+		$_SESSION['access_token'] = (x($_REQUEST, 'access_token') ? $_REQUEST['access_token'] : $_SESSION['access_token'] );
+		$_SESSION['api_response'] = (x($_SESSION, 'api_response') ? $_SESSION['api_response'] : '');
+	}
+	function get() {
+		
+		$o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array(
+			'$baseurl' => z_root(),
+			'$api_response' => $_SESSION['api_response'],
+			/*
+			  endpoints => array(
+			  array(
+			  'path_to_endpoint',
+			  array(
+			  array('field_name_1', 'value'),
+			  array('field_name_2', 'value'),
+			  ...
+			  ),
+			  'submit_button_name',
+			  'Description of API action'
+			  )
+			  )
+			 */
+			'$endpoints' => array(
+				array(
+					'authorize',
+					array(
+						array('response_type', 'code'),
+						array('client_id', (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : 'oauth2_test_app')),
+						array('redirect_uri', $_SESSION['redirect_uri']),
+						array('state', 'xyz'),
+						// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
+						// http://openid.net/specs/openid-connect-registration-1_0.html
+						array('client_name', 'OAuth2 Test App'),
+						array('logo_uri', urlencode(z_root() . '/images/icons/plugin.png')),
+						array('client_uri', urlencode('https://client.example.com/website')),
+						array('application_type', 'web'), // would be 'native' for mobile app
+					),
+					'oauth_authorize',
+					'Authorize a test client app',
+					'GET',
+					(($_REQUEST['code'] && $_REQUEST['state']) ? true : false),
+				),
+				array(
+					'oauth2testvehicle',
+					array(
+						array('action', 'request_token'),
+						array('grant_type', 'authorization_code'),
+						array('code', $_SESSION['authorization_code']),
+						array('redirect_uri', $_SESSION['redirect_uri']),
+						array('client_id', ($_SESSION['client_id'] ? $_SESSION['client_id'] : 'oauth2_test_app')),
+						array('client_secret', $_SESSION['client_secret']),
+					),
+					'oauth_token_request',
+					'Request a token',
+					'POST',
+					($_SESSION['success'] === 'request_token'),
+				),
+				array(
+					'oauth2testvehicle',
+					array(
+						array('action', 'api_files'),
+						array('access_token', $_SESSION['access_token']),
+					),
+					'oauth_api_files',
+					'API: Get channel files',
+					'POST',
+					($_SESSION['success'] === 'api_files'),
+				)
+			)
+		));
+		$_SESSION['success'] = '';
+		return $o;
+	}
+
+	function post() {
+
+		switch ($_POST['action']) {
+			case 'api_files':
+				$access_token = $_SESSION['access_token'];
+				$url = z_root() . '/api/z/1.0/files/';				
+				$headers = [];
+				$headers[] = 'Authorization: Bearer ' . $access_token;
+				$post = z_fetch_url($url, false, 0, array(
+					'custom' => 'GET',
+					'headers' => $headers,
+				));
+				logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+				$response = json_decode($post['body'], true);
+				$_SESSION['api_response'] = json_encode($response, JSON_PRETTY_PRINT);
+				break;
+			case 'request_token':
+				$grant_type = (x($_POST, 'grant_type') ? $_POST['grant_type'] : '');
+				$redirect_uri = (x($_POST, 'redirect_uri') ? $_POST['redirect_uri'] : '');
+				$client_id = (x($_POST, 'client_id') ? $_POST['client_id'] : '');
+				$code = (x($_POST, 'code') ? $_POST['code'] : '');
+				$client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : '');
+				$url = z_root() . '/token/';
+				$params = http_build_query(array(
+					'grant_type' => $grant_type,
+					'redirect_uri' => urlencode($redirect_uri),
+					'client_id' => $client_id,
+					'code' => $code,
+				));
+				$post = z_post_url($url, $params, 0, array(
+					'http_auth' => $client_id . ':' . $client_secret,
+				));
+				logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+				$response = json_decode($post['body'], true);
+				logger(json_encode($response, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+				if($response['access_token']) {
+					info('Access token received: ' . $response['access_token'] . EOL);
+					$_SESSION['success'] = 'request_token';
+					$_SESSION['access_token'] = $response['access_token'];
+				}
+				break;
+
+			default:
+				break;
+		}
+	}
+
+}

Zotlabs/Module/Oauthinfo.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Oauthinfo extends \Zotlabs\Web\Controller {
+
+
+	function init() {
+
+		$ret = [
+			'issuer'                   => z_root(),
+			'authorization_endpoint'   => z_root() . '/authorize',
+			'token_endpoint'           => z_root() . '/token',
+			'response_types_supported' => [ 'code', 'token', 'id_token', 'code id_token', 'token id_token' ] 
+		];
+
+
+		json_return_and_die($ret);
+	}
+
+
+}

Zotlabs/Module/Ochannel.php

@@ -0,0 +1,69 @@
+<?php
+
+namespace Zotlabs\Module;
+
+require_once('include/contact_widgets.php');
+require_once('include/items.php');
+require_once("include/bbcode.php");
+require_once('include/security.php');
+require_once('include/conversation.php');
+require_once('include/acl_selectors.php');
+require_once('include/permissions.php');
+
+/**
+ * @brief Channel Controller for broken OStatus implementations
+ *
+ */
+class Ochannel extends \Zotlabs\Web\Controller {
+
+	function init() {
+
+		$which = null;
+		if(argc() > 1)
+			$which = argv(1);
+		if(! $which) {
+			if(local_channel()) {
+				$channel = \App::get_channel();
+				if($channel && $channel['channel_address'])
+				$which = $channel['channel_address'];
+			}
+		}
+		if(! $which) {
+			notice( t('You must be logged in to see this page.') . EOL );
+			return;
+		}
+
+		$profile = 0;
+		$channel = \App::get_channel();
+
+		if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) {
+			$which = $channel['channel_address'];
+			$profile = argv(1);
+		}
+
+		head_add_link( [ 
+			'rel'   => 'alternate', 
+			'type'  => 'application/atom+xml',
+			'href'  => z_root() . '/ofeed/' . $which
+		]);
+
+
+		// Run profile_load() here to make sure the theme is set before
+		// we start loading content
+
+		profile_load($which,$profile);
+	}
+
+	function get($update = 0, $load = false) {
+
+		if(argc() < 2)
+			return;
+
+		if($load)
+			$_SESSION['loadtime'] = datetime_convert();
+
+		return '<script>window.location.href = "' . z_root() . '/' . str_replace('ochannel/','channel/',\App::$query_string) . '";</script>';
+
+	}
+
+}

Zotlabs/Module/Oep.php

@@ -72,7 +72,7 @@ class Oep extends \Zotlabs\Web\Controller {
 		$url = $args['url'];
 		$maxwidth  = intval($args['maxwidth']);
 		$maxheight = intval($args['maxheight']);
-	logger('processing display');
+
 		if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) {
 			$res = $matches[2];
 		}
@@ -125,6 +125,7 @@ class Oep extends \Zotlabs\Web\Controller {
             "' profile='".$p[0]['author']['xchan_url'] .
             "' avatar='".$p[0]['author']['xchan_photo_s'].
             "' link='".$p[0]['plink'].
+			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
             "' posted='".$p[0]['created'].
             "' message_id='".$p[0]['mid']."']";
 	    if($p[0]['title'])
@@ -209,6 +210,7 @@ class Oep extends \Zotlabs\Web\Controller {
             "' profile='".$p[0]['author']['xchan_url'] .
             "' avatar='".$p[0]['author']['xchan_photo_s'].
             "' link='".$p[0]['plink'].
+			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
             "' posted='".$p[0]['created'].
             "' message_id='".$p[0]['mid']."']";
 	    if($p[0]['title'])
@@ -292,6 +294,7 @@ class Oep extends \Zotlabs\Web\Controller {
             "' profile='".$p[0]['author']['xchan_url'] .
             "' avatar='".$p[0]['author']['xchan_photo_s'].
             "' link='".$p[0]['plink'].
+			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
             "' posted='".$p[0]['created'].
             "' message_id='".$p[0]['mid']."']";
 	    if($p[0]['title'])
@@ -366,6 +369,7 @@ class Oep extends \Zotlabs\Web\Controller {
 			"' profile='".$p[0]['author']['xchan_url'] .
 			"' avatar='".$p[0]['author']['xchan_photo_s'].
 			"' link='".$p[0]['plink'].
+			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
 			"' posted='".$p[0]['created'].
 			"' message_id='".$p[0]['mid']."']";
 		if($p[0]['title'])

Zotlabs/Module/Owa.php

@@ -34,6 +34,15 @@ class Owa extends \Zotlabs\Web\Controller {
 							where hubloc_addr = '%s' ",
 							dbesc(str_replace('acct:','',$keyId))
 						);
+						if(! $r) {
+							$found = discover_by_webbie(str_replace('acct:','',$keyId));
+							if($found) {
+								$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash 
+									where hubloc_addr = '%s' ",
+									dbesc(str_replace('acct:','',$keyId))
+								);
+							}
+						}
 						if($r) {
 							foreach($r as $hubloc) {
 								$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	

Zotlabs/Module/Photo.php

@@ -4,6 +4,7 @@ namespace Zotlabs\Module;
 require_once('include/security.php');
 require_once('include/attach.php');
 require_once('include/photo/photo_driver.php');
+require_once('include/photos.php');
 
 
 class Photo extends \Zotlabs\Web\Controller {
@@ -13,7 +14,8 @@ class Photo extends \Zotlabs\Web\Controller {
 		$prvcachecontrol = false;
 		$streaming = null;
 		$channel = null;
-	
+		$person = 0;
+
 		switch(argc()) {
 			case 4:
 				$person = argv(3);
@@ -30,8 +32,8 @@ class Photo extends \Zotlabs\Web\Controller {
 		}
 	
 		$observer_xchan = get_observer_hash();
-	
-		$default = get_default_profile_photo();
+
+		$default = z_root() . '/' . get_default_profile_photo();
 	
 		if(isset($type)) {
 	
@@ -45,11 +47,11 @@ class Photo extends \Zotlabs\Web\Controller {
 	
 					case 'm':
 						$resolution = 5;
-						$default = get_default_profile_photo(80);
+						$default = z_root() . '/' . get_default_profile_photo(80);
 						break;
 					case 's':
 						$resolution = 6;
-						$default = get_default_profile_photo(48);
+						$default = z_root() . '/' . get_default_profile_photo(48);
 						break;
 					case 'l':
 					default:
@@ -83,7 +85,7 @@ class Photo extends \Zotlabs\Web\Controller {
 					$data = file_get_contents($data);
 			}
 			if(! $data) {
-				$data = file_get_contents($default);
+				$data = fetch_image_from_url($default,$mimetype);
 			}
 			if(! $mimetype) {
 				$mimetype = 'image/png';
@@ -127,98 +129,81 @@ class Photo extends \Zotlabs\Web\Controller {
 				  }
 			}
 			
-			$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
+			$r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
 				dbesc($photo),
 				intval($resolution)
 			);
 			if($r) {
+
+				$allowed = (-1);
+
+				if(intval($r[0]['photo_usage'])) {
+					$allowed = 1;
+					if(intval($r[0]['photo_usage']) === PHOTO_COVER) 
+						if($resolution < PHOTO_RES_COVER_1200)
+							$allowed = (-1);
+					if(intval($r[0]['photo_usage']) === PHOTO_PROFILE)
+						if(! in_array($resolution,[4,5,6]))
+							$allowed = (-1);
+				}
+
+				if($allowed === (-1)) {
+					$allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo);
+				}
+
+				if(intval($r[0]['photo_usage'])) {
+					$allowed = 1;
+					if(intval($r[0]['photo_usage']) === PHOTO_COVER) 
+						if($resolution < PHOTO_RES_COVER_1200)
+							$allowed = (-1);
+					if(intval($r[0]['photo_usage']) === PHOTO_PROFILE)
+						if(! in_array($resolution,[4,5,6]))
+							$allowed = (-1);
+				}
+				if($allowed === (-1))
+					$allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo);
 				
-				$allowed = (($r[0]['uid']) ? perm_is_allowed($r[0]['uid'],$observer_xchan,'view_storage') : true);
-	
-				$sql_extra = permissions_sql($r[0]['uid']);
-
-				if(! $sql_extra)
-					$sql_extra = ' and true ';
-
-				// Only check permissions on normal photos. Those photos we don't check includes
-				// profile photos, xchan photos (which are also profile photos), 'thing' photos,
-				// and cover photos
-	
-				$sql_extra = " and (( photo_usage = 0 $sql_extra ) or photo_usage != 0 )";
-
 				$channel = channelx_by_n($r[0]['uid']);
 
 				// Now we'll see if we can access the photo
-				$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1",
+				$e = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1",
 					dbesc($photo),
 					intval($resolution)
 				);
 
-				// viewing cover photos is allowed unless a plugin chooses to block it. 
+				$exists = (($e) ? true : false);
 
-				if($r && intval($r[0]['photo_usage']) === PHOTO_COVER && $resolution >= PHOTO_RES_COVER_1200)
-					$allowed = 1;
- 
-				$d = [ 'imgscale' => $resolution, 'resource_id' => $photo, 'photo' => $r, 'allowed' => $allowed ];
-				call_hooks('get_photo',$d);
-
-				$resolution = $d['imgscale'];
-				$photo      = $d['resource_id'];
-				$r          = $d['photo'];
-				$allowed    = $d['allowed'];
-
-				if($r && $allowed) {
-					$data = dbunescbin($r[0]['content']);
-					$mimetype = $r[0]['mimetype'];
-					if(intval($r[0]['os_storage'])) {
+				if($exists && $allowed) {
+					$data = dbunescbin($e[0]['content']);
+					$mimetype = $e[0]['mimetype'];
+					if(intval($e[0]['os_storage'])) {
 						$streaming = $data;
 					}
 				}
 				else {
-	
-					// Does the picture exist? It may be a remote person with no credentials,
-					// but who should otherwise be able to view it. Show a default image to let 
-					// them know permissions was denied. It may be possible to view the image 
-					// through an authenticated profile visit.
-					// There won't be many completely unauthorised people seeing this because
-					// they won't have the photo link, so there's a reasonable chance that the person
-					// might be able to obtain permission to view it.
-	
-					$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
-						dbesc($photo),
-						intval($resolution)
-					);
-	 
-					if($r) {
-						logger('mod_photo: forbidden. ' . \App::$query_string);
-						$observer = \App::get_observer();
-						logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)'));
-						$data = file_get_contents('images/nosign.png');
-						$mimetype = 'image/png';
-						$prvcachecontrol = true;
+					if(! $allowed) {
+						http_status_exit(403,'forbidden');
 					}
+					if(! $exists) {
+						http_status_exit(404,'not found');
+					}
+
 				}
 			}
 		}
 	
-
-
-
 		if(! isset($data)) {
 			if(isset($resolution)) {
 				switch($resolution) {
 	
 					case 4:
-						$data = file_get_contents(get_default_profile_photo());
-						$mimetype = 'image/png';
+						$data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(),$mimetype);
 						break;
 					case 5:
-						$data = file_get_contents(get_default_profile_photo(80));
-						$mimetype = 'image/png';
+						$data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(80),$mimetype);
 						break;
 					case 6:
-						$data = file_get_contents(get_default_profile_photo(48));
-						$mimetype = 'image/png';
+						$data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(48),$mimetype);
 						break;
 					default:
 						killme();
@@ -295,7 +280,6 @@ class Photo extends \Zotlabs\Web\Controller {
 		}
 
 		killme();
-		// NOTREACHED
 	}
 	
 }

Zotlabs/Module/Photos.php

@@ -102,14 +102,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 			if($_REQUEST['dropalbum'] == t('Delete Album')) {
 	
-	
-				// This is dangerous because we combined file storage and photos into one interface
-				// This function will remove all photos from any directory with the same name since
-				// we have not passed the path value.
-	
-				// The correct solution would be to use a full pathname from your storage root for 'album'
-				// We also need to prevent/block removing the storage root folder.
-	
+		
 				$folder_hash = '';
 	 
 				$r = q("select * from attach where is_dir = 1 and uid = %d and hash = '%s'",
@@ -124,7 +117,8 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 	
 				$res = array();
-	
+				$admin_delete = false;
+
 				// get the list of photos we are about to delete
 	
 				if(remote_channel() && (! local_channel())) {
@@ -133,6 +127,10 @@ class Photos extends \Zotlabs\Web\Controller {
 				elseif(local_channel()) {
 					$str = photos_album_get_db_idstr(local_channel(),$album);
 				}
+				elseif(is_site_admin()) {
+					$str = photos_album_get_db_idstr_admin($page_owner_uid,$album);
+					$admin_delete = true;
+				}
 				else {
 					$str = null;
 				}
@@ -145,7 +143,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				);
 				if($r) {
 					foreach($r as $i) {
-						attach_delete($page_owner_uid, $i['resource_id'], 1 );
+						attach_delete($page_owner_uid, $i['resource_id'], true );
 					}
 				}
 	
@@ -158,12 +156,14 @@ class Photos extends \Zotlabs\Web\Controller {
 				// @FIXME do the same for the linked attach
 	
 				if($folder_hash) {
-					attach_delete($page_owner_uid,$folder_hash, 1);
+					attach_delete($page_owner_uid, $folder_hash, true );
+
+					if(! $admin_delete) {	
+						$sync = attach_export_data(\App::$data['channel'],$folder_hash, true);
 	
-					$sync = attach_export_data(\App::$data['channel'],$folder_hash, true);
-	
-					if($sync) 
-						build_sync_packet($page_owner_uid,array('file' => array($sync)));
+						if($sync) 
+							build_sync_packet($page_owner_uid,array('file' => array($sync)));
+					}
 				}
 	
 			}
@@ -181,17 +181,22 @@ class Photos extends \Zotlabs\Web\Controller {
 			$r = q("SELECT id, resource_id FROM photo WHERE ( xchan = '%s' or uid = %d ) AND resource_id = '%s' LIMIT 1",
 				dbesc($ob_hash),
 				intval(local_channel()),
-				dbesc(\App::$argv[2])
+				dbesc(argv(2))
 			);
 	
 			if($r) {
-				attach_delete($page_owner_uid, $r[0]['resource_id'], 1 );
+				attach_delete($page_owner_uid, $r[0]['resource_id'], true );
 				$sync = attach_export_data(\App::$data['channel'],$r[0]['resource_id'], true);
 	
 				if($sync) 
 					build_sync_packet($page_owner_uid,array('file' => array($sync)));
 			}
-	
+			elseif(is_site_admin()) {
+				// If the admin deletes a photo, don't sync
+				attach_delete($page_owner_uid, argv(2), true);
+			}	
+
+
 			goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
 		}
 
@@ -695,8 +700,8 @@ class Photos extends \Zotlabs\Web\Controller {
 				'$newalbum_label' => t('Enter an album name'),
 				'$newalbum_placeholder' => t('or select an existing album (doubleclick)'),
 				'$visible' => array('visible', t('Create a status post for this upload'), 0,'', array(t('No'), t('Yes')), 'onclick="showHideBodyTextarea();"'),
-				'$caption' => array('description', t('Caption (optional):')),
-				'$body' => array('body', t('Description (optional):'),'', 'Description will only appear in the status post'),
+				'$caption' => array('description', t('Title (optional)')),
+				'$body' => array('body', t('Description (optional)'),'', 'Description will only appear in the status post'),
 				'$albums' => $albums['albums'],
 				'$selname' => $selname,
 				'$permissions' => t('Permissions'),
@@ -833,7 +838,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				killme();
 			}
 			else {
-				$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+				$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 				$tpl = get_markup_template('photo_album.tpl');
 				$o .= replace_macros($tpl, array(
 					'$photos' => $photos,
@@ -841,7 +846,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					'$album_id' => $datum,
 					'$album_edit' => array(t('Edit Album'), $album_edit),
 					'$can_post' => $can_post,
-					'$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum),
+					'$upload' => array(t('Add Photos'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum),
 					'$order' => $order,
 					'$upload_form' => $upload_form,
 					'$usage' => $usage_message
@@ -1065,7 +1070,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					'newalbum_placeholder' => t('or select an existing one (doubleclick)'),
 					'nickname'             => \App::$data['channel']['channel_address'],
 					'resource_id'          => $ph[0]['resource_id'],
-					'capt_label'           => t('Caption'),
+					'capt_label'           => t('Title (optional)'),
 					'caption'              => $caption_e,
 					'tag_label'            => t('Add a Tag'),
 					'permissions'          => t('Permissions'),
@@ -1148,10 +1153,10 @@ class Photos extends \Zotlabs\Web\Controller {
 						builtin_activity_puller($item, $conv_responses);
 					}
 	
-	
 					$like_count = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid']] : '');
 					$like_list = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid'] . '-l'] : '');
-					if (count($like_list) > MAX_LIKERS) {
+
+					if(is_array($like_list) && (count($like_list) > MAX_LIKERS)) {
 						$like_list_part = array_slice($like_list, 0, MAX_LIKERS);
 						array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 					} else {
@@ -1163,7 +1168,7 @@ class Photos extends \Zotlabs\Web\Controller {
 						$dislike_count = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid']] : '');
 						$dislike_list = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid'] . '-l'] : '');
 						$dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun');
-						if (count($dislike_list) > MAX_LIKERS) {
+						if (is_array($dislike_list) && (count($dislike_list) > MAX_LIKERS)) {
 							$dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS);
 							array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 						} else {
@@ -1372,13 +1377,13 @@ class Photos extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 			$tpl = get_markup_template('photos_recent.tpl'); 
 			$o .= replace_macros($tpl, array(
 				'$title' => t('Recent Photos'),
 				'$album_id' => bin2hex(t('Recent Photos')),
 				'$can_post' => $can_post,
-				'$upload' => array(t('Upload'), z_root().'/photos/'.\App::$data['channel']['channel_address'].'/upload'),
+				'$upload' => array(t('Add Photos'), z_root().'/photos/'.\App::$data['channel']['channel_address'].'/upload'),
 				'$photos' => $photos,
 				'$upload_form' => $upload_form,
 				'$usage' => $usage_message

Zotlabs/Module/Ping.php

@@ -35,10 +35,12 @@ class Ping extends \Zotlabs\Web\Controller {
 		$result['birthdays_today'] = 0;
 		$result['all_events'] = 0;
 		$result['all_events_today'] = 0;
-		$result['notice'] = array();
-		$result['info'] = array();
+		$result['notice'] = [];
+		$result['info'] = [];
 		$result['pubs'] = 0;
 		$result['files'] = 0;
+		$result['forums'] = 0;
+		$result['forums_sub'] = [];
 
 		if(! $_SESSION['static_loadtime'])
 			$_SESSION['static_loadtime'] = datetime_convert();
@@ -140,7 +142,13 @@ class Ping extends \Zotlabs\Web\Controller {
 			db_utcnow(), db_quoteinterval('3 MINUTE')
 		);
 
-		$discover_tab_on = ((get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false) ? false : true);
+
+		$sql_extra = '';
+		if(! ($vnotify & VNOTIFY_LIKE))
+			$sql_extra = " AND verb NOT IN ('" . dbesc(ACTIVITY_LIKE) . "', '" . dbesc(ACTIVITY_DISLIKE) . "') ";
+
+		$discover_tab_on = can_view_public_stream();
+
 		$notify_pubs = ((local_channel()) ? ($vnotify & VNOTIFY_PUBS) && $discover_tab_on : $discover_tab_on);
 
 		if($notify_pubs) {
@@ -151,7 +159,8 @@ class Ping extends \Zotlabs\Web\Controller {
 				AND item_unseen = 1
 				AND author_xchan != '%s'
 				AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "'
-				$item_normal",
+				$item_normal
+				$sql_extra",
 				intval($sys['channel_id']),
 				dbesc(get_observer_hash())
 			);
@@ -160,6 +169,8 @@ class Ping extends \Zotlabs\Web\Controller {
 				$result['pubs'] = intval($pubs[0]['total']);
 		}
 
+
+
 		if((argc() > 1) && (argv(1) === 'pubs') && ($notify_pubs)) {
 			$sys = get_sys_channel();
 			$result = array();
@@ -170,6 +181,7 @@ class Ping extends \Zotlabs\Web\Controller {
 				AND author_xchan != '%s'
 				AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "'
 				$item_normal
+				$sql_extra
 				ORDER BY created DESC
 				LIMIT 300",
 				intval($sys['channel_id']),
@@ -275,10 +287,10 @@ class Ping extends \Zotlabs\Web\Controller {
 							intval(local_channel())
 						);
 
-						$b64mid = ((strpos($r[0]['thr_parent'], 'b64.' === 0)) ? $r[0]['thr_parent'] : 'b64.' . base64url_encode($r[0]['thr_parent']));
+						$b64mid = ((strpos($r[0]['thr_parent'], 'b64.') === 0) ? $r[0]['thr_parent'] : 'b64.' . base64url_encode($r[0]['thr_parent']));
 					}
 					else {
-						$b64mid = ((strpos($mid, 'b64.' === 0)) ? $mid : 'b64.' . base64url_encode($mid));
+						$b64mid = ((strpos($mid, 'b64.') === 0) ? $mid : 'b64.' . base64url_encode($mid));
 					}
 
 					$notifs[] = array(
@@ -334,6 +346,7 @@ class Ping extends \Zotlabs\Web\Controller {
 				AND item_unseen = 1
 				AND author_xchan != '%s'
 				$item_normal
+				$sql_extra
 				ORDER BY created DESC
 				LIMIT 300",
 				intval(local_channel()),
@@ -390,7 +403,7 @@ class Ping extends \Zotlabs\Web\Controller {
 						'notify_link' => z_root() . '/admin/accounts',
 						'name' => $rr['account_email'],
 						'url' => '',
-						'photo' => get_default_profile_photo(48),
+						'photo' => z_root() . '/' . get_default_profile_photo(48),
 						'when' => relative_date($rr['account_created']),
 						'hclass' => ('notify-unseen'),
 						'message' => t('requires approval')
@@ -508,6 +521,7 @@ class Ping extends \Zotlabs\Web\Controller {
 			$r = q("SELECT id, item_wall FROM item 
 				WHERE uid = %d and item_unseen = 1 
 				$item_normal
+				$sql_extra
 				AND author_xchan != '%s'",
 				intval(local_channel()),
 				dbesc($ob_hash)
@@ -610,6 +624,58 @@ class Ping extends \Zotlabs\Web\Controller {
 		if(! ($vnotify & VNOTIFY_BIRTHDAY))
 			$result['birthdays'] = 0;
 
+
+
+		if($vnotify & VNOTIFY_FORUMS) {
+			$forums = get_forum_channels(local_channel());
+
+			if(! $forums) {
+				$result['forums'] = 0;
+			}
+			else {
+
+				$perms_sql = item_permissions_sql(local_channel()) . item_normal();
+				$fcount = count($forums);
+				$forums['total'] = 0;
+
+				for($x = 0; $x < $fcount; $x ++) {
+					$r = q("select sum(item_unseen) as unseen from item 
+						where uid = %d and owner_xchan = '%s' and item_unseen = 1 $perms_sql ",
+						intval(local_channel()),
+						dbesc($forums[$x]['xchan_hash'])
+					);
+					if($r[0]['unseen']) {
+						$forums[$x]['notify_link'] = (($forums[$x]['private_forum']) ? $forums[$x]['xchan_url'] : z_root() . '/network/?f=&pf=1&cid=' . $forums[$x]['abook_id']);
+						$forums[$x]['name'] = $forums[$x]['xchan_name'];
+						$forums[$x]['url'] = $forums[$x]['xchan_url'];
+						$forums[$x]['photo'] = $forums[$x]['xchan_photo_s'];
+						$forums[$x]['unseen'] = $r[0]['unseen'];
+						$forums[$x]['private_forum'] = (($forums[$x]['private_forum']) ? 'lock' : '');
+						$forums[$x]['message'] = (($forums[$x]['private_forum']) ? t('Private forum') : t('Public forum'));
+
+						$forums['total'] = $forums['total'] + $r[0]['unseen'];
+
+						unset($forums[$x]['abook_id']);
+						unset($forums[$x]['xchan_hash']);
+						unset($forums[$x]['xchan_name']);
+						unset($forums[$x]['xchan_url']);
+						unset($forums[$x]['xchan_photo_s']);
+
+						//if($forums[$x]['private_forum'])
+						//	unset($forums[$x]['private_forum']);
+
+					}
+					else {
+						unset($forums[$x]);
+					}
+				}
+				$result['forums'] = $forums['total'];
+				unset($forums['total']);
+
+				$result['forums_sub'] = $forums;
+			}
+		}
+
 		$x = json_encode($result);
 
 		$t8 = dba_timer();

Zotlabs/Module/Profile_photo.php

@@ -451,6 +451,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 	
 			$o .= replace_macros($tpl,array(
 				'$user' => \App::$channel['channel_address'],
+				'$info' => ((count($profiles) > 1) ? t('Your default profile photo is visible to anybody on the internet. Profile photos for alternate profiles will inherit the permissions of the profile') : t('Your profile photo is visible to anybody on the internet and may be distributed to other websites.')), 
 				'$importfile' => (($importing) ? \App::$data['importfile'] : ''),
 				'$lbl_upfile' => t('Upload File:'),
 				'$lbl_profiles' => t('Select a profile:'),

Zotlabs/Module/Profiles.php

@@ -655,7 +655,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 				intval($id),
 				intval(local_channel())
 			);
-			if(! count($r)) {
+			if(! $r) {
 				notice( t('Profile not found.') . EOL);
 				return;
 			}
@@ -712,13 +712,10 @@ class Profiles extends \Zotlabs\Web\Controller {
 	
 			$tpl = get_markup_template("profile_edit.tpl");
 			$o .= replace_macros($tpl,array(
-	
+				'$multi_profiles' => ((feature_enabled(local_channel(),'multi_profiles')) ? true : false),
 				'$form_security_token' => get_form_security_token("profile_edit"),
-				'$profile_clone_link'  => ((feature_enabled(local_channel(),'multi_profiles')) ? 'profiles/clone/' . $r[0]['id'] . '?t=' 
-					. get_form_security_token("profile_clone") : ''),
-				'$profile_drop_link'   => 'profiles/drop/' . $r[0]['id'] . '?t=' 
-					. get_form_security_token("profile_drop"),
-	
+				'$profile_clone_link'  => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"),
+				'$profile_drop_link'   => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"),
 				'$fields'       => $fields,
 				'$vcard'        => $vcard,
 				'$guid'         => $r[0]['profile_guid'],
@@ -735,7 +732,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 				'$addthing'     => t('Add profile things'),
 				'$personal'     => t('Personal'),
 				'$location'     => t('Location'),
-				'$relation'     => t('Relation'),
+				'$relation'     => t('Relationship'),
 				'$miscellaneous'=> t('Miscellaneous'),
 				'$exportable'   => feature_enabled(local_channel(),'profile_export'),
 				'$lbl_import'   => t('Import profile from file'),
@@ -786,22 +783,22 @@ class Profiles extends \Zotlabs\Web\Controller {
 				'$channels'     => array('channels', t('My other channels'), $r[0]['channels']),
 				'$extra_fields' => $extra_fields,
 				'$comms'          => t('Communications'),
-                '$tel_label'      => t('Phone'),
-                '$email_label'    => t('Email'),
-                '$impp_label'     => t('Instant messenger'),
-                '$url_label'      => t('Website'),
-                '$adr_label'      => t('Address'),
-                '$note_label'     => t('Note'),
-                '$mobile'         => t('Mobile'),
-                '$home'           => t('Home'),
-                '$work'           => t('Work'),
-                '$other'          => t('Other'),
-                '$add_card'       => t('Add Contact'),
-                '$add_field'      => t('Add Field'),
-                '$create'         => t('Create'),
-                '$update'         => t('Update'),
-                '$delete'         => t('Delete'),
-                '$cancel'         => t('Cancel'),
+				'$tel_label'      => t('Phone'),
+				'$email_label'    => t('Email'),
+				'$impp_label'     => t('Instant messenger'),
+				'$url_label'      => t('Website'),
+				'$adr_label'      => t('Address'),
+				'$note_label'     => t('Note'),
+				'$mobile'         => t('Mobile'),
+				'$home'           => t('Home'),
+				'$work'           => t('Work'),
+				'$other'          => t('Other'),
+				'$add_card'       => t('Add Contact'),
+				'$add_field'      => t('Add Field'),
+				'$create'         => t('Create'),
+				'$update'         => t('Update'),
+				'$delete'         => t('Delete'),
+				'$cancel'         => t('Cancel'),
 			));
 	
 			$arr = array('profile' => $r[0], 'entry' => $o);

Zotlabs/Module/Pubstream.php

@@ -34,6 +34,8 @@ class Pubstream extends \Zotlabs\Web\Controller {
 		}
 
 		$mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : '');
+		$hashtags   = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
+
 
 		if(strpos($mid,'b64.') === 0)
 			$decoded = @base64url_decode(substr($mid,4));
@@ -64,8 +66,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				'default_location'    => $channel['channel_location'],
 				'nickname'            => $channel['channel_address'],
 				'lockstate'           => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-	
-				'acl'                 => populate_acl($channel_acl),
+				'acl'                 => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'),
 				'permissions'         => $channel_acl,
 				'bang'                => '',
 				'visitor'             => true,
@@ -75,7 +76,8 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				'editor_autocomplete' => true,
 				'bbco_autocomplete'   => 'bbcode',
 				'bbcode'              => true,
-				'jotnets'             => true
+				'jotnets'             => true,
+				'reset'               => t('Reset form')
 			);
 	
 			$o = '<div id="jot-popup">';
@@ -116,8 +118,8 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				'$uid'     => ((local_channel()) ? local_channel() : '0'),
 				'$gid'     => '0',
 				'$cid'     => '0',
-				'$cmin'    => '0',
-				'$cmax'    => '99',
+				'$cmin'    => '(-1)',
+				'$cmax'    => '(-1)',
 				'$star'    => '0',
 				'$liked'   => '0',
 				'$conv'    => '0',
@@ -133,7 +135,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				'$order'   => 'comment',
 				'$file'    => '',
 				'$cats'    => '',
-				'$tags'    => '',
+				'$tags'    => $hashtags,
 				'$dend'    => '',
 				'$mid'     => $mid,
 				'$verb'    => '',
@@ -170,6 +172,10 @@ class Pubstream extends \Zotlabs\Web\Controller {
 			$page_mode = 'client';
 
 
+		if(x($hashtags)) {
+			$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
+		}
+
 		$net_query = (($net) ? " left join xchan on xchan_hash = author_xchan " : ''); 
 		$net_query2 = (($net) ? " and xchan_network = '" . protect_sprintf(dbesc($net)) . "' " : '');
 
@@ -224,7 +230,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 					);
 				}
 				else {
-					$r = q("SELECT distinct parent AS item_id, $ordering FROM item
+					$r = q("SELECT parent AS item_id FROM item
 						left join abook on item.author_xchan = abook.abook_xchan
 						$net_query
 						WHERE true $uids $item_normal_update
@@ -273,7 +279,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 			$o .= '<div id="content-complete"></div>';
 	
 		if(($items) && (! $update))
-			$o .= alt_pager($a,count($items));
+			$o .= alt_pager(count($items));
 
 		return $o;
 	

Zotlabs/Module/React.php

@@ -49,6 +49,7 @@ class React extends \Zotlabs\Web\Controller {
 			$n['aid'] = $channel['channel_account_id'];
 			$n['uid'] = $channel['channel_id'];
 			$n['item_origin'] = true;
+			$n['item_type'] = $i[0]['item_type'];
 			$n['parent'] = $postid;
 			$n['parent_mid'] = $i[0]['mid'];
 			$n['mid'] = item_message_id();

Zotlabs/Module/Register.php

@@ -187,8 +187,8 @@ class Register extends \Zotlabs\Web\Controller {
 		$registration_is = '';
 		$other_sites = '';
 	
-		if(get_config('system','register_policy') == REGISTER_CLOSED) {
-			if(get_config('system','directory_mode') == DIRECTORY_MODE_STANDALONE) {
+		if(intval(get_config('system','register_policy')) === REGISTER_CLOSED) {
+			if(intval(get_config('system','directory_mode')) === DIRECTORY_MODE_STANDALONE) {
 				notice( t('Registration on this hub is disabled.')  . EOL);
 				return;
 			}
@@ -197,10 +197,19 @@ class Register extends \Zotlabs\Web\Controller {
 			return $mod->get();
 		}
 	
-		if(get_config('system','register_policy') == REGISTER_APPROVE) {
+		if(intval(get_config('system','register_policy')) == REGISTER_APPROVE) {
 			$registration_is = t('Registration on this hub is by approval only.');
 			$other_sites = t('<a href="pubsites">Register at another affiliated hub.</a>');
 		}
+
+
+		$invitations = false;
+
+		if(intval(get_config('system','invitation_only'))) {
+			$invitations = true;
+			$registration_is = t('Registration on this hub is by invitation only.');
+			$other_sites = t('<a href="pubsites">Register at another affiliated hub.</a>');
+		}
 	
 		$max_dailies = intval(get_config('system','max_daily_registrations'));
 		if($max_dailies) {
@@ -251,10 +260,10 @@ class Register extends \Zotlabs\Web\Controller {
 		$password     = array('password', t('Choose a password'), ''); 
 		$password2    = array('password2', t('Please re-enter your password'), ''); 
 		$invite_code  = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : ""));
-		$name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'));
+		$name = array('name', t('Your Name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Real names are preferred.'));
 		$nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl'));
 		$nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub));
-		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Account_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
+		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel permission role for your usage needs and privacy requirements.') . ' <a href="help/member/member_guide#Channel_Permission_Roles" target="_blank">' . t('Read more about channel permission roles') . '</a>',$perm_roles);
 		$tos = array('tos', $label_tos, '', '', array(t('no'),t('yes')));
 
 
@@ -270,8 +279,7 @@ class Register extends \Zotlabs\Web\Controller {
 			'$reg_is'       => $registration_is,
 			'$registertext' => bbcode(get_config('system','register_text')),
 			'$other_sites'  => $other_sites,
-			'$invitations'  => get_config('system','invitation_only'),
-			'$invite_desc'  => t('Membership on this site is by invitation only.'),
+			'$invitations'  => $invitations,
 			'$invite_code'  => $invite_code,
 			'$auto_create'  => $auto_create,
 			'$name'         => $name,

Zotlabs/Module/Regmod.php

@@ -13,8 +13,7 @@ class Regmod extends \Zotlabs\Web\Controller {
 	
 		if(! local_channel()) {
 			info( t('Please login.') . EOL);
-			$o .= '<br /><br />' . login((\App::$config['system']['register_policy'] == REGISTER_CLOSED) ? 0 : 1);
-			return $o;
+			return login();
 		}
 	
 		if(! is_site_admin()) {
@@ -35,6 +34,8 @@ class Regmod extends \Zotlabs\Web\Controller {
 		if($cmd === 'allow') {
 			if (! account_allow($hash)) killme();
 		}
+
+		goaway('/admin/accounts');
 	}
 	
 }

Zotlabs/Module/Removeme.php

@@ -38,7 +38,7 @@ class Removeme extends \Zotlabs\Web\Controller {
 		}
 	
 		$global_remove = intval($_POST['global']);
-	
+
 		channel_remove(local_channel(),1 - $global_remove,true);
 	
 	}
@@ -56,12 +56,12 @@ class Removeme extends \Zotlabs\Web\Controller {
 		$tpl = get_markup_template('removeme.tpl');
 		$o .= replace_macros($tpl, array(
 			'$basedir' => z_root(),
-			'$hash' => $hash,
-			'$title' => t('Remove This Channel'),
-			'$desc' => array(t('WARNING: '), t('This channel will be completely removed from the network. '), t('This action is permanent and can not be undone!')),
-			'$passwd' => t('Please enter your password for verification:'),
-			'$global' => array('global', t('Remove this channel and all its clones from the network'), false, t('By default only the instance of the channel located on this hub will be removed from the network'), array(t('No'),t('Yes'))),
-			'$submit' => t('Remove Channel')
+			'$hash'    => $hash,
+			'$title'   => t('Remove This Channel'),
+			'$desc'    => [ t('WARNING: '), t('This channel will be completely removed from the network. '), t('This action is permanent and can not be undone!') ],
+			'$passwd'  => t('Please enter your password for verification:'),
+			'$global'  => [ 'global', t('Remove this channel and all its clones from the network'), false, t('By default only the instance of the channel located on this hub will be removed from the network'),  [ t('No'),t('Yes') ] ],
+			'$submit'  => t('Remove Channel')
 		));
 	
 		return $o;		

Zotlabs/Module/Rmagic.php

@@ -17,8 +17,8 @@ class Rmagic extends \Zotlabs\Web\Controller {
 			if($r) {	
 				if($r[0]['hubloc_url'] === z_root())
 					goaway(z_root() . '/login');
-				$dest = z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string);
-				goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest);
+				$dest = bin2hex(z_root() . '/' . str_replace(['rmagic','zid='],['','zid_='],\App::$query_string));
+				goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&bdest=' . $dest);
 			}
 		}
 	}
@@ -59,11 +59,11 @@ class Rmagic extends \Zotlabs\Web\Controller {
 	
 			if($url) {	
 				if($_SESSION['return_url']) 
-					$dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url']));
+					$dest = bin2hex(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url']));
 				else
-					$dest = urlencode(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string));
+					$dest = bin2hex(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string));
 	
-				goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest);
+				goaway($url . '/magic' . '?f=&owa=1&bdest=' . $dest);
 			}
 		}
 	}

Zotlabs/Module/Rpost.php

@@ -45,7 +45,9 @@ class Rpost extends \Zotlabs\Web\Controller {
 				$url = get_rpost_path(\App::get_observer());
 				// make sure we're not looping to our own hub
 				if(($url) && (! stristr($url, \App::get_hostname()))) {
-					foreach($_REQUEST as $key => $arg) {
+					foreach($_GET as $key => $arg) {
+						if($key === 'q')
+							continue;
 						$url .= '&' . $key . '=' . $arg;
 					}
 					goaway($url);
@@ -111,43 +113,7 @@ class Rpost extends \Zotlabs\Web\Controller {
 		}
 
 		if($_REQUEST['post_id']) {
-			$r = q("SELECT * from item WHERE id = %d  LIMIT 1",
-				intval($_REQUEST['post_id'])
-			);
-			if(($r) && (! intval($r[0]['item_private']))) {
-				$sql_extra = item_permissions_sql($r[0]['uid']);
-	
-				$r = q("select * from item where id = %d $sql_extra",
-					intval($_REQUEST['post_id'])
-				);
-				if($r && $r[0]['mimetype'] === 'text/bbcode') {
-	
-					xchan_query($r);
-	
-					$is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false);
-					if($is_photo) {
-						$object = json_decode($r[0]['obj'],true);
-						$photo_bb = $object['body'];
-					}
-	
-					if (strpos($r[0]['body'], "[/share]") !== false) {
-						$pos = strpos($r[0]['body'], "[share");
-						$i = substr($r[0]['body'], $pos);
-					} else {
-						$i = "[share author='".urlencode($r[0]['author']['xchan_name']).
-							"' profile='".$r[0]['author']['xchan_url'] .
-							"' avatar='".$r[0]['author']['xchan_photo_s'].
-							"' link='".$r[0]['plink'].
-							"' posted='".$r[0]['created'].
-							"' message_id='".$r[0]['mid']."']";
-						if($r[0]['title'])
-							$i .= '[b]'.$r[0]['title'].'[/b]'."\r\n";
-						$i .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']);
-						$i .= "[/share]";
-					}
-				}
-			}	
-			$_REQUEST['body'] = $_REQUEST['body'] . $i;
+			$_REQUEST['body'] .= '[share=' . intval($_REQUEST['post_id']) . '][/share]';
 		}
 	
 		$x = array(
@@ -176,6 +142,7 @@ class Rpost extends \Zotlabs\Web\Controller {
 	
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit post'),
+			'$cancel' => '',
 			'$editor' => $editor
 		));
 	

Zotlabs/Module/Search.php

@@ -66,6 +66,10 @@ class Search extends \Zotlabs\Web\Controller {
 			$search = substr($search,1);
 			goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search);
 		}
+		if(strpos($search,'!') === 0) {
+			$search = substr($search,1);
+			goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search);
+		}
 		if(strpos($search,'?') === 0) {
 			$search = substr($search,1);
 			goaway(z_root() . '/help' . '?f=1&navsearch=1&search=' . $search);
@@ -117,8 +121,8 @@ class Search extends \Zotlabs\Web\Controller {
 				'$uid' => ((\App::$profile['profile_uid']) ? \App::$profile['profile_uid'] : '0'),
 				'$gid' => '0',
 				'$cid' => '0',
-				'$cmin' => '0',
-				'$cmax' => '0',
+				'$cmin' => '(-1)',
+				'$cmax' => '(-1)',
 				'$star' => '0',
 				'$liked' => '0',
 				'$conv' => '0',
@@ -171,7 +175,7 @@ class Search extends \Zotlabs\Web\Controller {
 						OR ( item.uid = %d )) OR item.owner_xchan = '%s' )
 						$item_normal
 						$sql_extra
-						group by mid order by created desc $pager_sql ",
+						group by mid, created order by created desc $pager_sql ",
 						intval(local_channel()),
 						dbesc($sys['xchan_hash'])
 					);
@@ -184,7 +188,7 @@ class Search extends \Zotlabs\Web\Controller {
 							$pub_sql ) OR owner_xchan = '%s')
 						$item_normal
 						$sql_extra 
-						group by mid order by created desc $pager_sql",
+						group by mid, created order by created desc $pager_sql",
 						dbesc($sys['xchan_hash'])
 					);
 				}

Zotlabs/Module/Settings/Channel.php

@@ -21,6 +21,10 @@ class Channel {
 		$role = ((x($_POST,'permissions_role')) ? notags(trim($_POST['permissions_role'])) : '');
 		$oldrole = get_pconfig(local_channel(),'system','permissions_role');
 
+		// This mapping can be removed after 3.4 release
+		if($oldrole === 'social_party') {
+			$oldrole = 'social_federation';
+		}
 	
 		if(($role != $oldrole) || ($role === 'custom')) {
 	
@@ -142,6 +146,7 @@ class Channel {
 		$unkmail          = (((x($_POST,'unkmail')) && (intval($_POST['unkmail']) == 1)) ? 1: 0);
 		$cntunkmail       = ((x($_POST,'cntunkmail')) ? intval($_POST['cntunkmail']) : 0);
 		$suggestme        = ((x($_POST,'suggestme')) ? intval($_POST['suggestme'])  : 0);  
+		$autoperms        = ((x($_POST,'autoperms')) ? intval($_POST['autoperms'])  : 0);  
 	
 		$post_newfriend   = (($_POST['post_newfriend'] == 1) ? 1: 0);
 		$post_joingroup   = (($_POST['post_joingroup'] == 1) ? 1: 0);
@@ -202,12 +207,16 @@ class Channel {
 			$vnotify += intval($_POST['vnotify9']);
 		if(x($_POST,'vnotify10'))
 			$vnotify += intval($_POST['vnotify10']);
-		if(x($_POST,'vnotify11'))
+		if(x($_POST,'vnotify11') && is_site_admin())
 			$vnotify += intval($_POST['vnotify11']);
 		if(x($_POST,'vnotify12'))
 			$vnotify += intval($_POST['vnotify12']);
 		if(x($_POST,'vnotify13'))
 			$vnotify += intval($_POST['vnotify13']);
+		if(x($_POST,'vnotify14'))
+			$vnotify += intval($_POST['vnotify14']);
+		if(x($_POST,'vnotify15'))
+			$vnotify += intval($_POST['vnotify15']);
 	
 		$always_show_in_notices = x($_POST,'always_show_in_notices') ? 1 : 0;
 		
@@ -246,6 +255,7 @@ class Channel {
 		set_pconfig(local_channel(),'system','default_permcat',$defpermcat);
 		set_pconfig(local_channel(),'system','email_notify_host',$mailhost);
 		set_pconfig(local_channel(),'system','profile_assign',$profile_assign);
+		set_pconfig(local_channel(),'system','autoperms',$autoperms);
 	
 		$r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d",
 			dbesc($username),
@@ -412,12 +422,16 @@ class Channel {
 		));
 	
 		$subdir = ((strlen(\App::get_path())) ? '<br />' . t('or') . ' ' . z_root() . '/channel/' . $nickname : '');
+
+		$webbie = $nickname . '@' . \App::get_hostname();
+		$intl_nickname = unpunify($nickname) . '@' . unpunify(\App::get_hostname());
 	
+
 		$tpl_addr = get_markup_template("settings_nick_set.tpl");
 	
 		$prof_addr = replace_macros($tpl_addr,array(
 			'$desc' => t('Your channel address is'),
-			'$nickname' => $nickname,
+			'$nickname' => (($intl_nickname === $webbie) ? $webbie : $intl_nickname . '&nbsp;(' . $webbie . ')'),
 			'$subdir' => $subdir,
 			'$davdesc' => t('Your files/photos are accessible via WebDAV at'),
 			'$davpath' => ((get_account_techlevel() > 3) ? z_root() . '/dav/' . $nickname : ''),
@@ -465,13 +479,25 @@ class Channel {
 		$permissions_role = get_pconfig(local_channel(),'system','permissions_role');
 		if(! $permissions_role)
 			$permissions_role = 'custom';
-	
+		// compatibility mapping - can be removed after 3.4 release
+		if($permissions_role === 'social_party') 
+			$permissions_role = 'social_federation';
+
+		if(in_array($permissions_role,['forum','repository'])) 	
+			$autoperms = replace_macros(get_markup_template('field_checkbox.tpl'), [
+				'$field' =>  [ 'autoperms',t('Automatic membership approval'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('If enabled, connection requests will be approved without your interaction'), $yes_no ]]);
+		else
+			$autoperms = '<input type="hidden" name="autoperms" value="' . intval(get_pconfig(local_channel(),'system','autoperms')) . '" />';
+
 		$permissions_set = (($permissions_role != 'custom') ? true : false);
 
 		$perm_roles = \Zotlabs\Access\PermissionRoles::roles();
 		if((get_account_techlevel() < 4) && $permissions_role !== 'custom')
 			unset($perm_roles[t('Other')]);
 
+
+		
+
 		$vnotify = get_pconfig(local_channel(),'system','vnotify');
 		$always_show_in_notices = get_pconfig(local_channel(),'system','always_show_in_notices');
 		if($vnotify === false)
@@ -480,7 +506,9 @@ class Channel {
 		$plugin = [ 'basic' => '', 'security' => '', 'notify' => '', 'misc' => '' ];
 		call_hooks('channel_settings',$plugin);
 
-		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
+		$disable_discover_tab = intval(get_config('system','disable_discover_tab',1)) == 1;
+		$site_firehose = intval(get_config('system','site_firehose',0)) == 1;
+
 
 		$o .= replace_macros($stpl,array(
 			'$ptitle' 	=> t('Channel Settings'),
@@ -529,7 +557,7 @@ class Channel {
 			'$deny_gid' => acl2json($perm_defaults['deny_gid']),
 			'$suggestme' => $suggestme,
 			'$group_select' => $group_select,
-			'$role' => array('permissions_role' , t('Channel permissions category:'), $permissions_role, '', $perm_roles),
+			'$role' => array('permissions_role' , t('Channel role and privacy'), $permissions_role, '', $perm_roles),
 			'$defpermcat' => [ 'defpermcat', t('Default Permissions Group'), $default_permcat, '', $permcats ],	
 			'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
 			'$profile_in_dir' => $profile_in_dir,
@@ -538,7 +566,7 @@ class Channel {
 			'$unkmail' => $unkmail,		
 			'$cntunkmail' 	=> array('cntunkmail', t('Maximum private messages per day from unknown people:'), intval($channel['channel_max_anon_mail']) ,t("Useful to reduce spamming")),
 			
-			
+			'$autoperms' => $autoperms,			
 			'$h_not' 	=> t('Notification Settings'),
 			'$activity_options' => t('By default post a status message when:'),
 			'$post_newfriend' => array('post_newfriend',  t('accepting a friend request'), $post_newfriend, '', $yes_no),
@@ -569,11 +597,13 @@ class Channel {
 			'$vnotify8'  => array('vnotify8', t('System info messages'), ($vnotify & VNOTIFY_INFO), VNOTIFY_INFO, t('Recommended'), $yes_no),
 			'$vnotify9'  => array('vnotify9', t('System critical alerts'), ($vnotify & VNOTIFY_ALERT), VNOTIFY_ALERT, t('Recommended'), $yes_no),
 			'$vnotify10'  => array('vnotify10', t('New connections'), ($vnotify & VNOTIFY_INTRO), VNOTIFY_INTRO, t('Recommended'), $yes_no),
-			'$vnotify11'  => array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no),
+			'$vnotify11'  => ((is_site_admin()) ? array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no) : array()),
 			'$vnotify12'  => array('vnotify12', t('Unseen shared files'), ($vnotify & VNOTIFY_FILES), VNOTIFY_FILES, '', $yes_no),
-			'$vnotify13'  => (($disable_discover_tab) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)),
+			'$vnotify13'  => (($disable_discover_tab && !$site_firehose) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)),
+			'$vnotify14'	=> array('vnotify14', t('Unseen likes and dislikes'), ($vnotify & VNOTIFY_LIKE), VNOTIFY_LIKE, '', $yes_no),
+			'$vnotify15'	=> array('vnotify15', t('Unseen forum posts'), ($vnotify & VNOTIFY_FORUMS), VNOTIFY_FORUMS, '', $yes_no),
 			'$mailhost' => [ 'mailhost', t('Email notification hub (hostname)'), get_pconfig(local_channel(),'system','email_notify_host',\App::get_hostname()), sprintf( t('If your channel is mirrored to multiple hubs, set this to your preferred location. This will prevent duplicate email notifications. Example: %s'),\App::get_hostname()) ],
-			'$always_show_in_notices'  => array('always_show_in_notices', t('Also show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no),
+			'$always_show_in_notices'  => array('always_show_in_notices', t('Show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no),
 	
 			'$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')),			
 			'$basic_addon' => $plugin['basic'],

Zotlabs/Module/Settings/Featured.php

@@ -57,7 +57,10 @@ class Featured {
 		}
 
 		call_hooks('feature_settings', $settings_addons);
-					
+		
+		$this->sortpanels($settings_addons);
+
+			
 		$tpl = get_markup_template("settings_addons.tpl");
 		$o .= replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("settings_featured"),
@@ -67,5 +70,15 @@ class Featured {
 		));
 		return $o;
 	}
-	
-}
+
+	function sortpanels(&$s) {
+		$a = explode('<div class="panel">',$s);
+		if($a) {
+			usort($a,'featured_sort');
+			$s = implode('<div class="panel">',$a);
+		}
+	}
+
+}
+
+

Zotlabs/Module/Settings/Features.php

@@ -8,43 +8,75 @@ class Features {
 	function post() {
 		check_form_security_token_redirectOnErr('/settings/features', 'settings_features');
 	
-		// Build list of features and check which are set
-		// We will not create any settings for features that are above our techlevel
+		$features = get_features(false);
 
-		$features = get_features();
-		$all_features = array();
-		foreach($features as $k => $v) {
-			foreach($v as $f) 
-				$all_features[] = $f[0];
-		}
-		foreach($all_features as $k) {
-			if(x($_POST,"feature_$k"))
-				set_pconfig(local_channel(),'feature',$k, 1);
-			else
-				set_pconfig(local_channel(),'feature',$k, 0);
+		foreach($features as $fname => $fdata) {
+			foreach(array_slice($fdata,1) as $f) {
+				$k = $f[0];
+				if(array_key_exists("feature_$k",$_POST))
+					set_pconfig(local_channel(),'feature',$k, (string) $_POST["feature_$k"]);
+				else
+					set_pconfig(local_channel(),'feature', $k, '');
+			}
 		}
 		build_sync_packet();
 		return;
 	}
 
 	function get() {
-		$arr = array();
-		$features = get_features();
-	
+		
+		$arr = [];
+		$harr = [];
+
+		if(intval($_REQUEST['techlevel']))
+			$level = intval($_REQUEST['techlevel']);
+		else {
+ 			$level = get_account_techlevel();
+		}
+
+		if(! intval($level)) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+		$techlevels = \Zotlabs\Lib\Techlevels::levels();
+
+		// This page isn't accessible at techlevel 0
+
+		unset($techlevels[0]);
+
+		$def_techlevel = (($level > 0) ? $level : 1);
+		$techlock = get_config('system','techlevel_lock');
+
+		$all_features_raw = get_features(false);
+
+		foreach($all_features_raw as $fname => $fdata) {
+			foreach(array_slice($fdata,1) as $f) {
+				$harr[$f[0]] = ((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : '');
+			}
+		}
+
+		$features = get_features(true,$level);
+
 		foreach($features as $fname => $fdata) {
 			$arr[$fname] = array();
 			$arr[$fname][0] = $fdata[0];
 			foreach(array_slice($fdata,1) as $f) {
-				$arr[$fname][1][] = array('feature_' .$f[0],$f[1],((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On')));
+				$arr[$fname][1][] = array('feature_' . $f[0],$f[1],((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On')));
+				unset($harr[$f[0]]);
 			}
 		}
 			
 		$tpl = get_markup_template("settings_features.tpl");
 		$o .= replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("settings_features"),
-			'$title'	=> t('Additional Features'),
-			'$features' => $arr,
-			'$submit'   => t('Submit'),
+			'$title'	 => t('Additional Features'),
+			'$techlevel' => [ 'techlevel', t('Your technical skill level'), $def_techlevel, t('Used to provide a member experience and additional features consistent with your comfort level'), $techlevels ],
+			'$techlock'  => $techlock,
+			'$features'  => $arr,
+			'$hiddens'   => $harr,
+			'$baseurl'   => z_root(),
+			'$submit'    => t('Submit'),
 		));
 	
 		return $o;

Zotlabs/Module/Settings/Oauth.php

@@ -23,11 +23,12 @@ class Oauth {
 			
 			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
 			
-			$name   	= ((x($_POST,'name')) ? $_POST['name'] : '');
-			$key		= ((x($_POST,'key')) ? $_POST['key'] : '');
-			$secret		= ((x($_POST,'secret')) ? $_POST['secret'] : '');
-			$redirect	= ((x($_POST,'redirect')) ? $_POST['redirect'] : '');
-			$icon		= ((x($_POST,'icon')) ? $_POST['icon'] : '');
+			$name   	= ((x($_POST,'name')) ? escape_tags($_POST['name']) : '');
+			$key		= ((x($_POST,'key')) ? escape_tags($_POST['key']) : '');
+			$secret		= ((x($_POST,'secret')) ? escape_tags($_POST['secret']) : '');
+			$redirect	= ((x($_POST,'redirect')) ? escape_tags($_POST['redirect']) : '');
+			$icon		= ((x($_POST,'icon')) ? escape_tags($_POST['icon']) : '');
+			$oauth2		= ((x($_POST,'oauth2')) ? intval($_POST['oauth2']) : 0);
 			$ok = true;
 			if($name == '') {
 				$ok = false;

Zotlabs/Module/Settings/Oauth2.php

@@ -0,0 +1,161 @@
+<?php
+
+namespace Zotlabs\Module\Settings;
+
+
+class Oauth2 {
+
+
+	function post() {
+	
+		if(x($_POST,'remove')){
+			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
+			
+			$key = $_POST['remove'];
+			q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
+				dbesc($key),
+				intval(local_channel())
+			);
+			goaway(z_root()."/settings/oauth2/");
+			return;			
+		}
+	
+		if((argc() > 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) {
+			
+			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
+			
+			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
+			$secret		= ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : '');
+			$redirect	= ((x($_POST,'redirect')) ? escape_tags(trim($_POST['redirect'])) : '');
+			$grant		= ((x($_POST,'grant')) ? escape_tags(trim($_POST['grant'])) : '');
+			$scope		= ((x($_POST,'scope')) ? escape_tags(trim($_POST['scope'])) : '');
+
+			$ok = true;
+			if($name == '' || $secret == '') {
+				$ok = false;
+				notice( t('Name and Secret are required') . EOL);
+			}
+		
+			if($ok) {
+				if ($_POST['submit']==t("Update")){
+					$r = q("UPDATE oauth_clients SET
+								client_id = '%s',
+								client_secret = '%s',
+								redirect_uri = '%s',
+								grant_types = '%s',
+								scope = '%s', 
+								user_id = %d
+							WHERE client_id='%s'",
+							dbesc($name),
+							dbesc($secret),
+							dbesc($redirect),
+							dbesc($grant),
+							dbesc($scope),
+							intval(local_channel()),
+							dbesc($name));
+				} else {
+					$r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id)
+						VALUES ('%s','%s','%s','%s','%s',%d)",
+						dbesc($name),
+						dbesc($secret),
+						dbesc($redirect),
+						dbesc($grant),
+						dbesc($scope),
+						intval(local_channel())
+					);
+					$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",
+						dbesc($name),
+						intval(local_channel()),
+						dbesc('all')
+					);
+				}
+			}
+			goaway(z_root()."/settings/oauth2/");
+			return;
+		}
+	}
+
+	function get() {
+			
+		if((argc() > 2) && (argv(2) === 'add')) {
+			$tpl = get_markup_template("settings_oauth2_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("settings_oauth2"),
+				'$title'	=> t('Add OAuth2 application'),
+				'$submit'	=> t('Submit'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), '', t('Name of application')),
+				'$secret'	=> array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
+				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
+				'$grant'     => array('grant', t('Grant Types'), '', t('leave blank unless your application sepcifically requires this')),
+				'$scope'     => array('scope', t('Authorization scope'), '', t('leave blank unless your application sepcifically requires this')),
+			));
+			return $o;
+		}
+			
+		if((argc() > 3) && (argv(2) === 'edit')) {
+			$r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= %d",
+					dbesc(argv(3)),
+					intval(local_channel())
+			);
+			
+			if (! $r){
+				notice(t('OAuth2 Application not found.'));
+				return;
+			}
+
+			$app = $r[0];
+				
+			$tpl = get_markup_template("settings_oauth2_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("settings_oauth2"),
+				'$title'	=> t('Add application'),
+				'$submit'	=> t('Update'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), $app['client_id'], t('Name of application')),
+				'$secret'	=> array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')),
+				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')),
+				'$grant'     => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application sepcifically requires this')),
+				'$scope'     => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application sepcifically requires this')),
+			));
+			return $o;
+		}
+			
+		if((argc() > 3) && (argv(2) === 'delete')) {
+			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2', 't');
+			
+			$r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(3)),
+					intval(local_channel())
+			);
+			goaway(z_root()."/settings/oauth2/");
+			return;			
+		}
+			
+
+		$r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my 
+				FROM oauth_clients
+				LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id
+				WHERE oauth_clients.user_id IN (%d,0)",
+				intval(local_channel()),
+				intval(local_channel())
+		);
+			
+		$tpl = get_markup_template("settings_oauth2.tpl");
+		$o .= replace_macros($tpl, array(
+			'$form_security_token' => get_form_security_token("settings_oauth2"),
+			'$baseurl'	=> z_root(),
+			'$title'	=> t('Connected OAuth2 Apps'),
+			'$add'		=> t('Add application'),
+			'$edit'		=> t('Edit'),
+			'$delete'		=> t('Delete'),
+			'$consumerkey' => t('Client key starts with'),
+			'$noname'	=> t('No name'),
+			'$remove'	=> t('Remove authorization'),
+			'$apps'		=> $r,
+		));
+		return $o;
+			
+	}
+
+}

Zotlabs/Module/Settings/Permcats.php

@@ -19,6 +19,11 @@ class Permcats {
 		$all_perms = \Zotlabs\Access\Permissions::Perms();
 
 		$name = escape_tags(trim($_POST['name']));
+		if(! $name) {
+			notice( t('Permission Name is required.') . EOL);
+			return;
+		}
+
 
 		$pcarr = [];
 

Zotlabs/Module/Settings/Tokens.php

@@ -161,8 +161,8 @@ class Tokens {
 			'$me' => t('My Settings'),
 			'$perms' => $perms,
 			'$inherited' => t('inherited'),
-			'$notself' => 0,
-			'$self' => 1,
+			'$notself' => 1,
+			'$self' => 0,
 			'$permlbl' => t('Individual Permissions'),
 			'$permnote'       => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can <strong>not</strong> change those settings here.'),
 			'$submit' 	=> t('Submit')
@@ -170,4 +170,4 @@ class Tokens {
 		return $o;
 	}
 	
-}
+}

Zotlabs/Module/Setup.php

@@ -563,16 +563,20 @@ class Setup extends \Zotlabs\Web\Controller {
 		$status = true;
 		$help = '';
 
-		if( (file_exists('.htconfig.php') && !is_writable('.htconfig.php')) ||
-			(!file_exists('.htconfig.php') && !is_writable('.')) ) {
-				$status = false;
-				$help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL;
-				$help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL;
-				$help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Red top folder.').EOL;
-				$help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "install/INSTALL.txt" for instructions.').EOL;
+		$fname = '.htconfig.php';
+
+		if((file_exists($fname) && is_writable($fname)) || 
+			(! (file_exists($fname) && is_writable('.')))) {
+			$this->check_add($checks, t('.htconfig.php is writable'), $status, true, $help);
+			return;
 		}
 
-		$this->check_add($checks, t('.htconfig.php is writable'), $status, false, $help);
+		$status = false;
+		$help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL;
+		$help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL;
+		$help .= t('Please see install/INSTALL.txt for additional information.');
+
+		$this->check_add($checks, t('.htconfig.php is writable'), $status, true, $help);
 	}
 
 	/**

Zotlabs/Module/Share.php

@@ -14,10 +14,15 @@ class Share extends \Zotlabs\Web\Controller {
 		if(! $post_id)
 			killme();
 	
-
 		echo '[share=' . $post_id . '][/share]';
 		killme();
 
+
+	/**
+	 * The remaining code is deprecated and handled in Zotlabs/Lib/Share.php at post 
+	 * submission time.
+ 	 */
+
 		if(! (local_channel() || remote_channel()))
 			killme();
 	
@@ -60,12 +65,14 @@ class Share extends \Zotlabs\Web\Controller {
 			$pos = strpos($r[0]['body'], "[share");
 			$o = substr($r[0]['body'], $pos);
 		} else {
-			$o = "[share author='".urlencode($r[0]['author']['xchan_name']).
-				"' profile='".$r[0]['author']['xchan_url'] .
-				"' avatar='".$r[0]['author']['xchan_photo_s'].
-				"' link='".$r[0]['plink'].
-				"' posted='".$r[0]['created'].
-				"' message_id='".$r[0]['mid']."']";
+			$o = "[share author='" . urlencode($r[0]['author']['xchan_name']) .
+				"' profile='"    . $r[0]['author']['xchan_url'] .
+				"' avatar='"     . $r[0]['author']['xchan_photo_s'] .
+				"' link='"       . $r[0]['plink'] .
+				"' auth='"       . (($r[0]['author']['network'] === 'zot') ? 'true' : 'false') .
+				"' posted='"     . $r[0]['created'] .
+				"' message_id='" . $r[0]['mid'] . 
+			"']";
 			if($r[0]['title'])
 				$o .= '[b]'.$r[0]['title'].'[/b]'."\r\n";
 			$o .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']);

Zotlabs/Module/Siteinfo.php

@@ -12,6 +12,9 @@ class Siteinfo extends \Zotlabs\Web\Controller {
 	}
 		
 	function get() {
+
+		$federated = [];
+		call_hooks('federated_transports',$federated);
 	
 		$siteinfo = replace_macros(get_markup_template('siteinfo.tpl'),
 			[ 
@@ -27,6 +30,9 @@ class Siteinfo extends \Zotlabs\Web\Controller {
 				'$prj_name' => t('This site is powered by $Projectname'),
 				'$prj_transport' => t('Federated and decentralised networking and identity services provided by Zot'),
 				'$transport_link' => '<a href="https://zotlabs.com">https://zotlabs.com</a>',
+
+				'$additional_text' => t('Additional federated transport protocols:'),
+				'$additional_fed' => implode(',',$federated),
 				'$prj_version' => ((get_config('system','hidden_version_siteinfo')) ? '' : sprintf( t('Version %s'), \Zotlabs\Lib\System::get_project_version())),
 				'$prj_linktxt' => t('Project homepage'),
 				'$prj_srctxt' => t('Developer homepage'),