version 3.4.2

(cherry picked from commit eb322e8312)

.travis.yml

@@ -62,28 +62,34 @@ matrix:
   fast_finish: true
   # Additional check combinations
   include:
-    # PHP7.1, mariadb 10.1
-    - php: '7.1'
-      env: DB=mariadb MARIADB_VERSION=10.1 CODECOV=1
+    # PHP7.2, mariadb 10.2
+    - php: '7.2'
+      env: DB=mariadb MARIADB_VERSION=10.2 CODECOV=1
       # use mariadb instead of MySQL
       addons:
-        mariadb: '10.1'
-    # PHP7.1, PostgreSQL 9.6
-    - php: '7.1'
+        mariadb: '10.2'
+    # PHP7.2, PostgreSQL 9.6
+    - php: '7.2'
       env: DB=pgsql POSTGRESQL_VERSION=9.6 PHPUNITFILE=phpunit-pgsql.xml
       # Use newer postgres than 9.2 default
       addons:
         postgresql: '9.6'
       services:
         - postgresql
-    # PHP7.1, old precise distribution with MySQL 5.5
-    - php: '7.1'
+    # PostgreSQL 10 with Docker container
+    - php: '7.2'
+      env: DB=pgsql POSTGRESQL_VERSION=10 PHPUNITFILE=phpunit-pgsql.xml
+      sudo: required
+      services:
+        - docker
+    # PHP7.2, old precise distribution with MySQL 5.5
+    - php: '7.2'
       env: DB=mysql MYSQL_VERSION=5.5
       dist: precise
       services:
         - mysql
     # MySQL 5.7 with Docker container
-    - php: '7.1'
+    - php: '7.2'
       env: DB=mysql MYSQL_VERSION=5.7
       sudo: required
       services:
@@ -109,6 +115,8 @@ before_install:
   - travis_retry composer self-update
   # Start MySQL 5.7 Docker container, needs some time to come up
   - if [[ "$MYSQL_VERSION" == "5.7" ]]; then sudo service mysql stop; docker run -d -p 3306:3306 -e MYSQL_ALLOW_EMPTY_PASSWORD=yes mysql:5.7 && sleep 25 && docker ps; fi
+  # Start PostgreSQL 10 Docker container, needs some time to come up
+  - if [[ "$POSTGRESQL_VERSION" == "10" ]]; then sudo service postgresql stop; docker run -d -p 5432:5432 postgres:10-alpine && sleep 35 && docker ps; fi
 
 # Install composer dev libs
 install:

CHANGELOG

@@ -1,3 +1,103 @@
+Hubzilla 3.4.1 (2018-06-08)
+	- Say bye, bye to GitHub and move sourcecode repositories to #^https://framagit.org/hubzilla
+	- When removing a connection, don't remove items that are starred, filed or replied to
+	- Do not show archived forums in forum widget
+	- Fix potential XSS vulnerabilities
+	- Translation updates
+	- Fix postresql issue with oauth2
+	- Improve abconfig queries
+	- Fix postgresql issue if register mode was set to yes - with approval
+
+	Addons
+	- Diaspora: fix likes of non-contacts not allowed to like allthough diaspora_public_comments is set
+	- Pubcrawl: fix wrong hubloc url
+	- Pubcrawl: fix issues with attachments
+	- Pubcrawl: fetch required item metadata in asfetch_item()
+	- Cavatar: use cavatar for all default profile photos if enabled
+	- Pubcrawl: fix peertube video display
+	- Pubcrawl: fix incoming activitypub comments not getting propagated downstream
+	- Statistics: fix .well-known/nodeinfo
+	- Pubsubhubbub: fix postgresql related issues
+	- Pubcrawl: send the original LD-signature signed activity when distributing comments downstream if we have it
+	- Cavatar: improve the image creation process
+
+
+Hubzilla 3.4 (2018-05-04)
+	- Provide warnings about profile photo and cover photo permissions
+	- Don't duplicate addressbook entries on repeated channel imports
+	- Where possible strip zid parameter from links that get pasted into posts so that they will get a correct zid when rendered
+	- Rename boxy schema to Focus-Boxy
+	- Rename BS-Default schema to Focus-Light
+	- Mark simple_* schemas unmaintained and deprecated - they will be removed in next release if nobody steps up to maintain them.
+	- Implement trending tags for mod pubstream
+ 	- Relax restrictions to the design tools menu to allow those with write_pages permission
+	- Add alt pager to mod moderate
+	- Show existing cover photo when changing it
+	- Update to bootstrap lib to version 4.1
+	- Provide a higher accuracy method for active channels information
+	- Provide visible star status for starred posts
+	- Move the thread author menu to the wall item photo
+	- Accept system_language through either get or post
+	- Remove recipient name from stored notifications but keep them in emails
+	- Fix issue of being forced to log back in after leaving a delegated channel
+	- Implement last commented expiration setting in mod admin
+	- Create catcloud widget and provide a type option which can include 'cards' or 'articles'
+	- Modified notifications widget to add the public stream when the current user is allowed to see it only
+	- Don't provide a connect button for transient identities
+	- Merge techlevels and features
+	- Implement auto-save posts and comments in browser using localStorage
+	- Display directory server in siteinfo.json
+	- Bring back the dnt policy document
+	- Implement OAuth2/OpenIDConnect server
+	- Add basic structure for additional features documentation
+	- Community tag refactor
+	- Obscurify chats
+	- Provide a way to share wiki pages
+	- Update folder timestamp on uploaded files
+	- Code optimisations and de-duplication on updating parent commented timestamp
+	- Turn newmember widget into a feature
+	- Make list mode work in cards and articles
+	- Make alt pager work for articles and cards
+	- Initial support for alternative sort orders on the cloud pages
+	- Add Ochannel module for testing OStatus bad behaviour
+	- Add the social - federation permission role
+	- Update justified gallery lib from 3.6.3 to 3.6.5
+
+	Bugfixes
+	- Fix regression with forum widget unseen count
+	- Fix issue with imagemagick exif info
+	- Aonymous comments in StdLimits shouldn't be allowed
+	- Fix wiki pages not syncing
+	- Show "Unseen public activity" channel setting when site only public streams are activated
+	- Fix channel import failing to provide channel_password value
+	- Fix permalinks to children of articles and cards
+	- Fix missing year on profile birthday input
+	- Fix missing login/out buttons for medium screensize
+	- Preserve existing categories when updating an app from an embed source
+	- Fix app sellpage not being stored
+	- Fix tagadelic being overly protective of permissions
+	- Fix comments not displayed in single card/article view
+	- Fix anonymous comments bump thread
+	- Fix pending registrations visible in admin accounts
+
+	Addons
+	Pubcrawl: fix issues with "private" messages
+	Pubcrawl: fix issues with postgresql
+	Fuzzloc: new addon to blur your browser location
+	Pubcrawl: implement follow by webfinger
+	Cart: new addon which provides online shop functionalities (experimental)
+	Pubcrawl: implement two-way summary functionality
+	Wordpress: upgrade incutio xmlrpc library to use hubzilla curl wrapper
+	Hzfiles: various fixes
+	Diaspora: support full_name attribute in profile messages
+	Frphotos: deprecate plugin (keep it for reference)
+	Webmention: require html5 parser
+	GNU-Social: provide alternative xchan_url
+	Diaspora: fix wrong callback function
+	Diaspora: fix conversion of forum mentions to markdown by providing a !{forum@host} link syntax
+	Diaspora: fix item title not transferred
+
+
 Hubzilla 3.2 (2018-03-09)
 	- Improve rendering of Readme files in plugin settings
 	- Add pdl file for mod moderate

README.md

@@ -5,7 +5,7 @@ Hubzilla - Community Server
 
 
 <p align="center" markdown="1">
-<em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
+<em><a href="install/INSTALL.txt">Installing Hubzilla</a></em> 
 </p>
 
 **What is Hubzilla?**

Zotlabs/Access/PermissionLimits.php

@@ -41,10 +41,8 @@ class PermissionLimits {
 		$limits = [];
 		$perms = Permissions::Perms();
 
-		$anon_comments = get_config('system','anonymous_comments',true);
-
 		foreach($perms as $k => $v) {
-			if(strstr($k, 'view') || ($k === 'post_comments' && $anon_comments))
+			if(strstr($k, 'view'))
 				$limits[$k] = PERMS_PUBLIC;
 			else
 				$limits[$k] = PERMS_SPECIFIC;
@@ -74,13 +72,13 @@ class PermissionLimits {
 	 * @param int $channel_id
 	 * @param string $perm (optional)
 	 * @return
-	 *   * \b boolean false if no perm_limits set for this channel
-	 *   * \b int if $perm is set, return one of PERMS_* constants for this permission
+	 *   * \b false if no perm_limits set for this channel
+	 *   * \b int if $perm is set, return one of PERMS_* constants for this permission, default 0
 	 *   * \b array with all permission limits, if $perm is not set
 	 */
 	static public function Get($channel_id, $perm = '') {
 		if($perm) {
-			return PConfig::Get($channel_id, 'perm_limits', $perm);
+			return intval(PConfig::Get($channel_id, 'perm_limits', $perm));
 		}
 
 		PConfig::Load($channel_id);
@@ -90,4 +88,4 @@ class PermissionLimits {
 
 		return false;
 	}
-}
+}

Zotlabs/Access/PermissionRoles.php

@@ -41,6 +41,24 @@ class PermissionRoles {
 
 				break;
 
+			case 'social_federation':
+				$ret['perms_auto'] = false;
+				$ret['default_collection'] = false;
+				$ret['directory_publish'] = true;
+				$ret['online'] = true;
+				$ret['perms_connect'] = [
+					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
+					'post_mail', 'chat', 'post_like', 'republish'
+				];
+				$ret['limits'] = PermissionLimits::Std_Limits();
+				$ret['limits']['post_comments'] = PERMS_AUTHED;
+				$ret['limits']['post_mail'] = PERMS_AUTHED;
+				$ret['limits']['post_like'] = PERMS_AUTHED;
+				$ret['limits']['chat'] = PERMS_AUTHED;
+				break;
+
+
 			case 'social_restricted':
 				$ret['perms_auto'] = false;
 				$ret['default_collection'] = true;
@@ -263,6 +281,7 @@ class PermissionRoles {
 	static public function roles() {
 		$roles = [
 			t('Social Networking') => [
+				'social_federation' => t('Social - Federation'),
 				'social' => t('Social - Mostly Public'),
 				'social_restricted' => t('Social - Restricted'),
 				'social_private' => t('Social - Private')

Zotlabs/Daemon/Deliver.php

@@ -75,6 +75,8 @@ class Deliver {
 						q("delete from dreport where dreport_queue = '%s'",
 							dbesc($argv[$x])
 						);
+					
+						continue;
 					}
 				}
 

Zotlabs/Daemon/Expire.php

@@ -34,7 +34,8 @@ class Expire {
 
 		logger('expire: start', LOGGER_DEBUG);
 
-		$site_expire = get_config('system', 'default_expire_days');
+		$site_expire = intval(get_config('system', 'default_expire_days'));
+		$commented_days = intval(get_config('system','active_expire_days'));
 
 		logger('site_expire: ' . $site_expire);
 
@@ -64,7 +65,7 @@ class Expire {
 
 				// if the site or service class expiration is non-zero and less than person expiration, use that
 				logger('Expire: ' . $rr['channel_address'] . ' interval: ' . $expire_days, LOGGER_DEBUG);
-				item_expire($rr['channel_id'], $expire_days);
+				item_expire($rr['channel_id'], $expire_days, $commented_days);
 			}
 		}
 
@@ -85,7 +86,7 @@ class Expire {
 			logger('Expire: sys interval: ' . $expire_days, LOGGER_DEBUG);
 	
 			if ($expire_days)
-				item_expire($x['channel_id'], $expire_days);
+				item_expire($x['channel_id'], $expire_days, $commented_days);
 
 			logger('Expire: sys: done', LOGGER_DEBUG);
 		}

Zotlabs/Lib/Apps.php

@@ -785,6 +785,7 @@ class Apps {
 			dbesc($darray['app_plugin']),
 			intval($darray['app_deleted'])
 		);
+
 		if($r) {
 			$ret['success'] = true;
 			$ret['app_id'] = $darray['app_id'];
@@ -871,6 +872,12 @@ class Apps {
 			dbesc($darray['app_id']),
 			intval($darray['app_channel'])
 		);
+
+		// if updating an embed app, don't mess with any existing categories.
+
+		if(array_key_exists('embed',$arr) && intval($arr['embed']))
+			return $ret;
+
 		if($x) {
 			q("delete from term where otype = %d and oid = %d",
 				intval(TERM_OBJ_APP),

Zotlabs/Lib/Chatroom.php

@@ -266,7 +266,7 @@ class Chatroom {
 			intval($room_id),
 			dbesc($xchan),
 			dbesc(datetime_convert()),
-			dbesc($arr['chat_text'])
+			dbesc(str_rot47(base64url_encode($arr['chat_text'])))
 		);
 
 		$ret['success'] = true;

Zotlabs/Lib/Enotify.php

@@ -115,6 +115,9 @@ class Enotify {
 
 
 	$always_show_in_notices = get_pconfig($recip['channel_id'],'system','always_show_in_notices');
+	$vnotify = get_pconfig($recip['channel_id'],'system','vnotify');
+
+	$salutation = $recip['channel_name'];
 
 	// e.g. "your post", "David's photo", etc.
 	$possess_desc = t('%s <!item_type!>');
@@ -123,7 +126,7 @@ class Enotify {
 		logger('notification: mail');
 		$subject = 	sprintf( t('[$Projectname:Notify] New mail received at %s'),$sitename);
 
-		$preamble = sprintf( t('%1$s, %2$s sent you a new private message at %3$s.'),$recip['channel_name'], $sender['xchan_name'],$sitename);
+		$preamble = sprintf( t('%1$s sent you a new private message at %2$s.'), $sender['xchan_name'],$sitename);
 		$epreamble = sprintf( t('%1$s sent you %2$s.'),'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', '[zrl=$itemlink]' . t('a private message') . '[/zrl]');
 		$sitelink = t('Please visit %s to view and/or reply to your private messages.');
 		$tsitelink = sprintf( $sitelink, $siteurl . '/mail/' . $params['item']['id'] );
@@ -142,7 +145,7 @@ class Enotify {
 
 		if(array_key_exists('item',$params) && in_array($params['item']['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) {
 
-			if(! $always_show_in_notices) {
+			if(! $always_show_in_notices || !($vnotify & VNOTIFY_LIKE)) {
 				logger('notification: not a visible activity. Ignoring.');
 				pop_lang();
 				return;
@@ -195,8 +198,7 @@ class Enotify {
 		//$possess_desc = str_replace('<!item_type!>',$possess_desc);
 
 		// "a post"
-		$dest_str = sprintf(t('%1$s, %2$s %3$s [zrl=%4$s]a %5$s[/zrl]'),
-			$recip['channel_name'],
+		$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]a %4$s[/zrl]'),
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$action,
 			$itemlink,
@@ -204,8 +206,7 @@ class Enotify {
 
 		// "George Bull's post"
 		if($p)
-			$dest_str = sprintf(t('%1$s, %2$s %3$s [zrl=%4$s]%5$s\'s %6$s[/zrl]'),
-				$recip['channel_name'],
+			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]%4$s\'s %5$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$action,
 				$itemlink,
@@ -214,8 +215,7 @@ class Enotify {
 		
 		// "your post"
 		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
-			$dest_str = sprintf(t('%1$s, %2$s %3$s [zrl=%4$s]your %5$s[/zrl]'),
-				$recip['channel_name'],
+			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$action,
 				$itemlink,
@@ -230,7 +230,7 @@ class Enotify {
 			$subject = sprintf( t('[$Projectname:Notify] Moderated Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		else
 			$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); 
+		$preamble = sprintf( t('%1$s commented on an item/conversation you have been following.'), $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
@@ -249,7 +249,7 @@ class Enotify {
 		$itemlink =  $params['link'];
 
 		if (array_key_exists('item',$params) && (! activity_match($params['item']['verb'],ACTIVITY_LIKE))) {
-			if(! $always_show_in_notices) {
+			if(! $always_show_in_notices  || !($vnotify & VNOTIFY_LIKE)) {
 				logger('notification: not a visible activity. Ignoring.');
 				pop_lang();
 				return;
@@ -296,8 +296,7 @@ class Enotify {
 
 		// "your post"
 		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
-			$dest_str = sprintf(t('%1$s, %2$s liked [zrl=%3$s]your %4$s[/zrl]'),
-				$recip['channel_name'],
+			$dest_str = sprintf(t('%1$s liked [zrl=%2$s]your %3$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$itemlink,
 				$item_post_type);
@@ -312,7 +311,7 @@ class Enotify {
 		// differents subjects for messages on the same thread.
 
 		$subject = sprintf( t('[$Projectname:Notify] Like received to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s liked an item/conversation you created.'), $recip['channel_name'], $sender['xchan_name']); 
+		$preamble = sprintf( t('%1$s liked an item/conversation you created.'), $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
@@ -325,10 +324,9 @@ class Enotify {
 	if($params['type'] == NOTIFY_WALL) {
 		$subject = sprintf( t('[$Projectname:Notify] %s posted to your profile wall') , $sender['xchan_name']);
 
-		$preamble = sprintf( t('%1$s, %2$s posted to your profile wall at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
+		$preamble = sprintf( t('%1$s posted to your profile wall at %2$s') , $sender['xchan_name'], $sitename);
 
-		$epreamble = sprintf( t('%1$s, %2$s posted to [zrl=%3$s]your wall[/zrl]') ,
-			$recip['channel_name'], 
+		$epreamble = sprintf( t('%1$s posted to [zrl=%2$s]your wall[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$params['link']); 
 
@@ -352,9 +350,8 @@ class Enotify {
 		}
 	
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged you') , $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s tagged you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
-		$epreamble = sprintf( t('%1$s, %2$s [zrl=%3$s]tagged you[/zrl].') ,
-			$recip['channel_name'],
+		$preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename);
+		$epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$params['link']); 
 
@@ -366,9 +363,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_POKE) {
 		$subject =	sprintf( t('[$Projectname:Notify] %1$s poked you') , $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s poked you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
-		$epreamble = sprintf( t('%1$s, %2$s [zrl=%2$s]poked you[/zrl].') ,
-			$recip['channel_name'], 
+		$preamble = sprintf( t('%1$s poked you at %2$s') , $sender['xchan_name'], $sitename);
+		$epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$params['link']); 
 
@@ -384,9 +380,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_TAGSHARE) {
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged your post') , $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s tagged your post at %3$s') , $recip['channel_name'],$sender['xchan_name'], $sitename);
-		$epreamble = sprintf( t('%1$s, %2$s tagged [zrl=%3$s]your post[/zrl]') ,
-			$recip['channel_name'],
+		$preamble = sprintf( t('%1$s tagged your post at %2$s'),$sender['xchan_name'], $sitename);
+		$epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$itemlink); 
 
@@ -398,9 +393,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_INTRO) {
 		$subject = sprintf( t('[$Projectname:Notify] Introduction received'));
-		$preamble = sprintf( t('%1$s, you\'ve received an new connection request from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); 
-		$epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a new connection request[/zrl] from %3$s.'),
-			$recip['channel_name'],
+		$preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a new connection request[/zrl] from %2$s.'),
 			$siteurl . '/connections/ifpending',
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
 		$body = sprintf( t('You may visit their profile at %s'),$sender['xchan_url']);
@@ -413,9 +407,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_SUGGEST) {
 		$subject = sprintf( t('[$Projectname:Notify] Friend suggestion received'));
-		$preamble = sprintf( t('%1$s, you\'ve received a friend suggestion from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); 
-		$epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a friend suggestion[/zrl] for %3$s from %4$s.'),
-			$recip['channel_name'],
+		$preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'),
 			$itemlink,
 			'[zrl=' . $params['item']['url'] . ']' . $params['item']['name'] . '[/zrl]',
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
@@ -664,7 +657,7 @@ class Enotify {
 			'$banner'       => $datarray['banner'],
 			'$notify_icon'  => \Zotlabs\Lib\System::get_notify_icon(),
 			'$product'      => $datarray['product'],
-			'$preamble'     => $datarray['preamble'],
+			'$preamble'     => $salutation . '<br><br>' . $datarray['preamble'],
 			'$sitename'     => $datarray['sitename'],
 			'$siteurl'      => $datarray['siteurl'],
 			'$source_name'  => $datarray['source_name'],
@@ -686,7 +679,7 @@ class Enotify {
 		$email_text_body = replace_macros($tpl, array(
 			'$banner'       => $datarray['banner'],
 			'$product'      => $datarray['product'],
-			'$preamble'     => $datarray['preamble'],
+			'$preamble'     => $salutation . "\n\n" . $datarray['preamble'],
 			'$sitename'     => $datarray['sitename'],
 			'$siteurl'      => $datarray['siteurl'],
 			'$source_name'  => $datarray['source_name'],
@@ -754,8 +747,8 @@ class Enotify {
 
 		// generate a mime boundary
 		$mimeBoundary = rand(0, 9) . "-"
-				.rand(10000000000, 9999999999) . "-"
-				.rand(10000000000, 9999999999) . "=:"
+				.rand(100000000, 999999999) . "-"
+				.rand(100000000, 999999999) . "=:"
 				.rand(10000, 99999);
 
 		// generate a multipart/alternative message header

Zotlabs/Lib/NativeWiki.php

@@ -171,16 +171,23 @@ class NativeWiki {
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
 			dbesc($resource_id)
 		);
+
 		if($r) {
 			$q = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s'",
-				dbesc($r[0]['resource_type'])
+				dbesc($r[0]['resource_id'])
 			);
 			if($q) {
 				$r = array_merge($r,$q);
 			}
 			xchan_query($r);
 			$sync_item = fetch_post_tags($r);
-			build_sync_packet($uid,array('wiki' => array(encode_item($sync_item[0],true))));
+			if($sync_item) {
+				$pkt = [];
+				foreach($sync_item as $w) {
+					$pkt[] = encode_item($w,true);
+				}
+				build_sync_packet($uid,array('wiki' => $pkt));
+			}
 		}
 	}
 

Zotlabs/Lib/Share.php

@@ -107,7 +107,7 @@ class Share {
 	}
 
 	public function bbcode() {
-		$bb = NULL_STR;
+		$bb = EMPTY_STR;
 
 		if(! $this->item)
 			return $bb;
@@ -123,11 +123,13 @@ class Share {
 			$bb = substr($this->item['body'], $pos);
 		} else {
 			$bb = "[share author='".urlencode($this->item['author']['xchan_name']).
-				"' profile='".$this->item['author']['xchan_url'] .
-				"' avatar='".$this->item['author']['xchan_photo_s'].
-				"' link='".$this->item['plink'].
-				"' posted='".$this->item['created'].
-				"' message_id='".$this->item['mid']."']";
+				"' profile='"    . $this->item['author']['xchan_url'] .
+				"' avatar='"     . $this->item['author']['xchan_photo_s'] .
+				"' link='"       . $this->item['plink'] .
+				"' auth='"       . (($this->item['author']['network'] === 'zot') ? 'true' : 'false') .
+				"' posted='"     . $this->item['created'] .
+				"' message_id='" . $this->item['mid'] .
+			"']";
 			if($this->item['title'])
 				$bb .= '[b]'.$this->item['title'].'[/b]'."\r\n";
 			$bb .= (($is_photo) ? $photo_bb . "\r\n" . $this->item['body'] : $this->item['body']);
@@ -138,4 +140,4 @@ class Share {
 
 	}
 
-}
+}

Zotlabs/Lib/System.php

@@ -54,7 +54,7 @@ class System {
 	static public function get_project_srclink() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['project_srclink'])
 			return \App::$config['system']['project_srclink'];
-		return 'https://github.com/redmatrix/hubzilla';
+		return 'https://framagit.org/hubzilla/core.git';
 	}
 
 	static public function get_server_role() {

Zotlabs/Lib/ThreadItem.php

@@ -238,9 +238,9 @@ class ThreadItem {
 					'do' => t("Add Star"),
 					'undo' => t("Remove Star"),
 					'toggle' => t("Toggle Star Status"),
-					'classdo' => (intval($item['item_starred']) ? "hidden" : ""),
-					'classundo' => (intval($item['item_starred']) ? "" : "hidden"),
-					'isstarred' => (intval($item['item_starred']) ? "starred fa-star" : "unstarred fa-star-o"),
+					'classdo' => ((intval($item['item_starred'])) ? "hidden" : ""),
+					'classundo' => ((intval($item['item_starred'])) ? "" : "hidden"),
+					'isstarred' => ((intval($item['item_starred'])) ? true : false),
 					'starred' =>  t('starred'),
 				);
 
@@ -733,6 +733,8 @@ class ThreadItem {
 		$arr = array('comment_buttons' => '','id' => $this->get_id());
 		call_hooks('comment_buttons',$arr);
 		$comment_buttons = $arr['comment_buttons'];
+		
+		$feature_auto_save_draft = ((feature_enabled($conv->get_profile_owner(), 'auto_save_draft')) ? "true" : "false");
 
 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
@@ -768,7 +770,8 @@ class ThreadItem {
 			'$anoncomments' => ((($conv->get_mode() === 'channel' || $conv->get_mode() === 'display') && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
 			'$anonname' => [ 'anonname', t('Your full name (required)') ],
 			'$anonmail' => [ 'anonmail', t('Your email address (required)') ],
-			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ]
+			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ],
+			'$auto_save_draft' => $feature_auto_save_draft,
 		));
 
 		return $comment_box;

Zotlabs/Module/Acl.php

@@ -24,7 +24,7 @@ class Acl extends \Zotlabs\Web\Controller {
 
 	function init() {
 
-		logger('mod_acl: ' . print_r($_REQUEST,true));
+		logger('mod_acl: ' . print_r($_REQUEST,true),LOGGER_DATA);
 
 		$start    = (x($_REQUEST,'start')  ? $_REQUEST['start']  : 0);
 		$count    = (x($_REQUEST,'count')  ? $_REQUEST['count']  : 500);
@@ -82,7 +82,7 @@ class Acl extends \Zotlabs\Web\Controller {
 
 		if($search) {
 			$sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
-			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
+			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
 	
 			// This horrible mess is needed because position also returns 0 if nothing is found. 
 			// Would be MUCH easier if it instead returned a very large value
@@ -92,10 +92,10 @@ class Acl extends \Zotlabs\Web\Controller {
 			$order_extra2 = "CASE WHEN xchan_name LIKE " 
 					. protect_sprintf( "'%" . dbesc($search) . "%'" ) 
 					. " then POSITION('" . protect_sprintf(dbesc($search)) 
-					. "' IN xchan_name) else position('" . protect_sprintf(dbesc($search)) . "' IN xchan_addr) end, ";
+					. "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, ";
 
 			$col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' );
-			$sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
+			$sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc(($col === 'xchan_addr') ? punify($search) : $search) . "%'" ) . " ";
 	
 		}
 		else {
@@ -435,7 +435,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		$count = (x($_REQUEST,'count') ?  $_REQUEST['count'] : 100);
 		if($url) {
 			$query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : '');
-			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : '');
+			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : '');
 	
 			$x = z_fetch_url($query);
 			if($x['success']) {

Zotlabs/Module/Admin/Accounts.php

@@ -133,12 +133,13 @@ class Accounts {
 
 		$base = z_root() . '/admin/accounts?f=';
 		$odir = (($dir === 'asc') ? '0' : '1');
-	
+
 		$users = q("SELECT account_id , account_email, account_lastlog, account_created, account_expires, account_service_class, ( account_flags & %d ) > 0 as blocked, 
 			(SELECT %s FROM channel as ch WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as channels FROM account as ac 
-			where true $serviceclass order by $key $dir limit %d offset %d ",
+			where true $serviceclass and account_flags != %d order by $key $dir limit %d offset %d ",
 			intval(ACCOUNT_BLOCKED),
 			db_concat('ch.channel_address', ' '),
+			intval(ACCOUNT_BLOCKED | ACCOUNT_PENDING),
 			intval(\App::$pager['itemspage']),
 			intval(\App::$pager['start'])
 		);
@@ -203,4 +204,4 @@ class Accounts {
 	}
 	
 
-}
+}

Zotlabs/Module/Admin/Site.php

@@ -39,9 +39,10 @@ class Site {
 		$site_location		=	((x($_POST,'site_location'))	? notags(trim($_POST['site_location']))		: '');
 		$frontpage			=	((x($_POST,'frontpage'))	? notags(trim($_POST['frontpage']))		: '');
 		$firstpage		    =	((x($_POST,'firstpage'))	? notags(trim($_POST['firstpage']))		: 'profiles');
+		$first_page		    =	((x($_POST,'first_page'))	? notags(trim($_POST['first_page']))		: 'profiles');
 		// check value after trim
-		if(! $firstpage) {
-			$firstpage = 'profiles';
+		if(! $first_page) {
+			$first_page = 'profiles';
 		}
 		$mirror_frontpage	=	((x($_POST,'mirror_frontpage'))	? intval(trim($_POST['mirror_frontpage']))		: 0);
 		$directory_server	=	((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : '');
@@ -55,6 +56,7 @@ class Site {
 		$global_directory     = ((x($_POST,'directory_submit_url'))	? notags(trim($_POST['directory_submit_url']))	: '');
 		$no_community_page    = !((x($_POST,'no_community_page'))	? True	:	False);
 		$default_expire_days  = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0);
+		$active_expire_days  = ((array_key_exists('active_expire_days',$_POST)) ? intval($_POST['active_expire_days']) : 7);
 
 		$reply_address      = ((array_key_exists('reply_address',$_POST) && trim($_POST['reply_address'])) ? trim($_POST['reply_address']) : 'noreply@' . \App::get_hostname());
 		$from_email         = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname());
@@ -86,7 +88,7 @@ class Site {
 		set_config('system', 'maxloadavg', $maxloadavg);
 		set_config('system', 'frontpage', $frontpage);
 		set_config('system', 'sellpage', $site_sellpage);
-		set_config('system', 'workflow_channel_next', $firstpage);
+		set_config('system', 'workflow_channel_next', $first_page);
 		set_config('system', 'site_location', $site_location);
 		set_config('system', 'mirror_frontpage', $mirror_frontpage);
 		set_config('system', 'sitename', $sitename);
@@ -94,6 +96,7 @@ class Site {
 		set_config('system', 'enable_context_help', $enable_context_help);
 		set_config('system', 'verify_email', $verify_email);
 		set_config('system', 'default_expire_days', $default_expire_days);
+		set_config('system', 'active_expire_days', $active_expire_days);
 		set_config('system', 'reply_address', $reply_address);
 		set_config('system', 'from_email', $from_email);
 		set_config('system', 'from_email_name' , $from_email_name);
@@ -347,9 +350,10 @@ class Site {
 			'$thumbnail_security'			=> array('thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.")),
 			'$maxloadavg'			=> array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")),
 			'$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')),
+			'$active_expire_days' => array('active_expire_days', t('Do not expire any posts which have comments less than this many days ago'), intval(get_config('system','active_expire_days',7)), ''),
 
 			'$sellpage' => array('site_sellpage', t('Public servers: Optional landing (marketing) webpage for new registrants'), get_config('system','sellpage',''), sprintf( t('Create this page first. Default is %s/register'),z_root())),
-			'$firstpage' => array('firstpage', t('Page to display after creating a new channel'), get_config('system','workflow_channel_next','profiles'), t('Recommend: profiles, go, or settings')),
+			'$first_page' => array('first_page', t('Page to display after creating a new channel'), get_config('system','workflow_channel_next','profiles'), t('Recommend: profiles, go, or settings')),
 
 			'$location' => array('site_location', t('Optional: site location'), get_config('system','site_location',''), t('Region or country')),
 

Zotlabs/Module/Appman.php

@@ -25,6 +25,7 @@ class Appman extends \Zotlabs\Web\Controller {
 				'photo' => escape_tags($_REQUEST['photo']),
 				'version' => escape_tags($_REQUEST['version']),
 				'price' => escape_tags($_REQUEST['price']),
+				'page' => escape_tags($_REQUEST['page']),
 				'requires' => escape_tags($_REQUEST['requires']),
 				'system' => intval($_REQUEST['system']),
 				'plugin' => escape_tags($_REQUEST['plugin']),

Zotlabs/Module/Articles.php

@@ -127,21 +127,26 @@ class Articles extends \Zotlabs\Web\Controller {
 			$editor = '';
 		}
 		
+		$itemspage = get_pconfig(local_channel(),'system','itemspage');
+		\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
+
 		
 		$sql_extra = item_permissions_sql($owner);
+		$sql_item = '';
 
 		if($selected_card) {
 			$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.v = '%s' limit 1",
 				dbesc($selected_card)
 			);
 			if($r) {
-				$sql_extra .= "and item.id = " . intval($r[0]['iid']) . " ";
+				$sql_item = "and item.id = " . intval($r[0]['iid']) . " ";
 			}
 		}
 				
 		$r = q("select * from item 
 			where item.uid = %d and item_type = %d 
-			$sql_extra order by item.created desc",
+			$sql_extra $sql_item order by item.created desc $pager_sql",
 			intval($owner),
 			intval(ITEM_TYPE_ARTICLE)
 		);
@@ -152,6 +157,8 @@ class Articles extends \Zotlabs\Web\Controller {
 
 		if($r) {
 
+			$pager_total = count($r);
+
 			$parents_str = ids_to_querystr($r,'id');
 
 			$items = q("SELECT item.*, item.id AS item_id
@@ -173,13 +180,18 @@ class Articles extends \Zotlabs\Web\Controller {
 
 		$mode = 'articles';
 			
-     	$content = conversation($items,$mode,false,'traditional');
+		if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card))
+            $page_mode = 'pager_list';
+        else
+            $page_mode = 'traditional';
+
+     	$content = conversation($items,$mode,false,$page_mode);
 
 		$o = replace_macros(get_markup_template('cards.tpl'), [
 			'$title' => t('Articles'),
 			'$editor' => $editor,
 			'$content' => $content,
-			'$pager' => alt_pager($a,count($items))
+			'$pager' => alt_pager($pager_total)
 		]);
 
         return $o;

Zotlabs/Module/Authorize.php

@@ -4,60 +4,89 @@ namespace Zotlabs\Module;
 
 use Zotlabs\Identity\OAuth2Storage;
 
-
 class Authorize extends \Zotlabs\Web\Controller {
 
-	function init() {
+	function get() {
+		if (!local_channel()) {
+			return login();
+		} else {
+			// TODO: Fully implement the dynamic client registration protocol:
+			// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
+			// http://openid.net/specs/openid-connect-registration-1_0.html
+			$app = array(
+				'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
+				'icon' => (x($_REQUEST, 'logo_uri')    ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
+				'url'  => (x($_REQUEST, 'client_uri')  ? urldecode($_REQUEST['client_uri']) : ''),
+			);
+			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
+				'$title' => t('Authorize'),
+				'$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
+				'$app' => $app,
+				'$yes' => t('Allow'),
+				'$no' => t('Deny'),
+				'$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
+				'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
+				'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
+			));
+			return $o;
+		}
+	}
 
-		// workaround for HTTP-auth in CGI mode
-		if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
-			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
-			if(strlen($userpass)) {
-				list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
+	function post() {
+		if (! local_channel()) {
+			return;
 		}
 
-		if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
-			$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
-			if(strlen($userpass)) {
-				list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
-		}
+		$storage = new OAuth2Storage(\DBA::$dba->db);
+		$s = new \Zotlabs\Identity\OAuth2Server($storage);
 
-		$s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db));
+		// TODO: The automatic client registration protocol below should adhere more
+		// closely to "OAuth 2.0 Dynamic Client Registration Protocol" defined
+		// at https://tools.ietf.org/html/rfc7591
+		
+		// If no client_id was provided, generate a new one.
+		if (x($_POST, 'client_id')) {
+			$client_id = $_POST['client_id'];
+		} else {
+			$client_id = $_POST['client_id'] = random_string(16);
+		}
+		// If no redirect_uri was provided, generate a fake one.
+		if (x($_POST, 'redirect_uri')) {
+			$redirect_uri = $_POST['redirect_uri'];
+		} else {
+			$redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com/oauth';
+		}
 
 		$request = \OAuth2\Request::createFromGlobals();
 		$response = new \OAuth2\Response();
 
+		// If the client is not registered, add to the database
+		if (!$client = $storage->getClientDetails($client_id)) {
+			$client_secret = random_string(16);
+			// Client apps are registered per channel
+			$user_id = local_channel();
+			$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id);
+			
+		}
+		if (!$client = $storage->getClientDetails($client_id)) {
+			// There was an error registering the client.
+			$response->send();
+			killme();
+		}
+		$response->setParameter('client_secret', $client['client_secret']);
+
 		// validate the authorize request
-		if (! $s->validateAuthorizeRequest($request, $response)) {
+		if (!$s->validateAuthorizeRequest($request, $response)) {
 			$response->send();
 			killme();
 		}
 
-		// display an authorization form
-		if (empty($_POST)) {
-
-			return '
-<form method="post">
-  <label>Do You Authorize TestClient?</label><br />
-  <input type="submit" name="authorized" value="yes">
-  <input type="submit" name="authorized" value="no">
-</form>';
-		}
-
 		// print the authorization code if the user has authorized your client
-		$is_authorized = ($_POST['authorized'] === 'yes');
+		$is_authorized = ($_POST['authorize'] === 'allow');
 		$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
 		if ($is_authorized) {
-			// this is only here so that you get to see your code in the cURL request. Otherwise,
-			// we'd redirect back to the client
-			$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
-			echo("SUCCESS! Authorization Code: $code");
+			$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
+			logger('Authorization Code: ' .  $code);
 		}
 
 		$response->send();

Zotlabs/Module/Cards.php

@@ -131,20 +131,26 @@ class Cards extends \Zotlabs\Web\Controller {
 		}
 
 
+		$itemspage = get_pconfig(local_channel(),'system','itemspage');
+		\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
+
+
 		$sql_extra = item_permissions_sql($owner);
+		$sql_item = '';
 
 		if($selected_card) {
 			$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
 				dbesc($selected_card)
 			);
 			if($r) {
-				$sql_extra .= "and item.id = " . intval($r[0]['iid']) . " ";
+				$sql_item = "and item.id = " . intval($r[0]['iid']) . " ";
 			}
 		}
 
 		$r = q("select * from item
 			where uid = %d and item_type = %d
-			$sql_extra order by item.created desc",
+			$sql_extra $sql_item order by item.created desc $pager_sql",
 			intval($owner),
 			intval(ITEM_TYPE_CARD)
 		);
@@ -156,6 +162,8 @@ class Cards extends \Zotlabs\Web\Controller {
 		$items_result = [];
 		if($r) {
 
+			$pager_total = count($r);
+
 			$parents_str = ids_to_querystr($r, 'id');
 
 			$items = q("SELECT item.*, item.id AS item_id
@@ -175,13 +183,18 @@ class Cards extends \Zotlabs\Web\Controller {
 
 		$mode = 'cards';
 
-		$content = conversation($items_result, $mode, false, 'traditional');
+		if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card))
+			$page_mode = 'pager_list';
+		else
+			$page_mode = 'traditional';
+
+		$content = conversation($items_result, $mode, false, $page_mode);
 
 		$o = replace_macros(get_markup_template('cards.tpl'), [
 			'$title' => t('Cards'),
 			'$editor' => $editor,
 			'$content' => $content,
-			'$pager' => alt_pager($a, count($items_result))
+			'$pager' => alt_pager($pager_total)
 		]);
 
 		return $o;

Zotlabs/Module/Channel.php

@@ -204,7 +204,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				$_SESSION['loadtime'] = datetime_convert();
 			}
 			else {
-				$r = q("SELECT distinct parent AS item_id from item
+				$r = q("SELECT parent AS item_id from item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 					WHERE uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update
@@ -312,8 +312,8 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$uid' => ((\App::$profile['profile_uid']) ? \App::$profile['profile_uid'] : '0'),
 				'$gid' => '0',
 				'$cid' => '0',
-				'$cmin' => '0',
-				'$cmax' => '0',
+				'$cmin' => '(-1)',
+				'$cmax' => '(-1)',
 				'$star' => '0',
 				'$liked' => '0',
 				'$conv' => '0',
@@ -380,7 +380,7 @@ class Channel extends \Zotlabs\Web\Controller {
 		}
 
 		if((! $update) || ($checkjs->disabled())) {
-			$o .= alt_pager($a,count($items));
+			$o .= alt_pager(count($items));
 			if ($mid && $items[0]['title'])
 				\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
 		}

Zotlabs/Module/Chanview.php

@@ -19,7 +19,7 @@ class Chanview extends \Zotlabs\Web\Controller {
 		}
 		if($_REQUEST['address']) {
 			$r = q("select * from xchan where xchan_addr = '%s' limit 1",
-				dbesc($_REQUEST['address'])
+				dbesc(punify($_REQUEST['address']))
 			);
 		}
 		elseif(local_channel() && intval($_REQUEST['cid'])) {

Zotlabs/Module/Chatsvc.php

@@ -60,7 +60,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 			intval(\App::$data['chat']['room_id']),
 			dbesc(get_observer_hash()),
 			dbesc(datetime_convert()),
-			dbesc($arr['chat_text'])		
+			dbesc(str_rot47(base64url_encode($arr['chat_text'])))		
 		);
 	
 		$ret['success'] = true;
@@ -157,7 +157,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 						'name' => $rr['xchan_name'],
 						'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'),
 						'localtime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'r'),
-						'text' => zidify_links(smilies(bbcode($rr['chat_text']))),
+						'text' => zidify_links(smilies(bbcode(base64url_decode(str_rot47($rr['chat_text']))))),
 						'self' => ((get_observer_hash() == $rr['chat_xchan']) ? 'self' : '')
 					);
 				}

Zotlabs/Module/Cloud.php

@@ -60,6 +60,12 @@ class Cloud extends \Zotlabs\Web\Controller {
 		// if we arrived at this path with any query parameters in the url, build a clean url without
 		// them and redirect.
 
+		if(! array_key_exists('cloud_sort',$_SESSION)) {
+			$_SESSION['cloud_sort'] = 'name';
+		}
+
+		$_SESSION['cloud_sort'] = (($_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']);
+
 		$x = clean_query_string();
 		if($x !== \App::$query_string)
 			goaway(z_root() . '/' . $x);

Zotlabs/Module/Connections.php

@@ -32,6 +32,7 @@ class Connections extends \Zotlabs\Web\Controller {
 
 		nav_set_selected('Connections');
 	
+		$active      = false;
 		$blocked     = false;
 		$hidden      = false;
 		$ignored     = false;
@@ -44,11 +45,16 @@ class Connections extends \Zotlabs\Web\Controller {
 		if(! $_REQUEST['aj'])
 			$_SESSION['return_url'] = \App::$query_string;
 	
-		$search_flags = '';
+		$search_flags = "";
 		$head = '';
 	
 		if(argc() == 2) {
 			switch(argv(1)) {
+				case 'active':
+					$search_flags = " and abook_blocked = 0 and abook_ignored = 0 and abook_hidden = 0 and abook_archived = 0 AND abook_not_here = 0 ";
+					$head = t('Active');
+					$active = true;
+					break;
 				case 'blocked':
 					$search_flags = " and abook_blocked = 1 ";
 					$head = t('Blocked');
@@ -101,8 +107,9 @@ class Connections extends \Zotlabs\Web\Controller {
 				case 'all':
 					$head = t('All');
 				default:
-					$search_flags = '';
-					$all = true;
+					$search_flags = " and abook_blocked = 0 and abook_ignored = 0 and abook_hidden = 0 and abook_archived = 0 and abook_not_here = 0 ";
+					$active = true;
+					$head = t('Active');
 					break;
 	
 			}
@@ -129,6 +136,13 @@ class Connections extends \Zotlabs\Web\Controller {
 			),
 			*/
 	
+			'active' => array(
+				'label' => t('Active Connections'),
+				'url'   => z_root() . '/connections/active', 
+				'sel'   => ($active) ? 'active' : '',
+				'title' => t('Show active connections'),
+			),
+
 			'pending' => array(
 				'label' => t('New Connections'),
 				'url'   => z_root() . '/connections/pending', 
@@ -136,12 +150,6 @@ class Connections extends \Zotlabs\Web\Controller {
 				'title' => t('Show pending (new) connections'),
 			),
 	
-			'all' => array(
-				'label' => t('All Connections'),
-				'url'   => z_root() . '/connections/all', 
-				'sel'   => ($all) ? 'active' : '',
-				'title' => t('Show all connections'),
-			),
 	
 			/*
 			array(
@@ -187,6 +195,13 @@ class Connections extends \Zotlabs\Web\Controller {
 	//			'title' => t('Only show one-way connections'),
 	//		),
 	
+
+			'all' => array(
+				'label' => t('All Connections'),
+				'url'   => z_root() . '/connections', 
+				'sel'   => ($all) ? 'active' : '',
+				'title' => t('Show all connections'),
+			),
 	
 		);
 	
@@ -238,6 +253,7 @@ class Connections extends \Zotlabs\Web\Controller {
 	
 					$status_str = '';
 					$status = array(
+						((intval($rr['abook_active'])) ? t('Active') : ''),
 						((intval($rr['abook_pending'])) ? t('Pending approval') : ''),
 						((intval($rr['abook_archived'])) ? t('Archived') : ''),
 						((intval($rr['abook_hidden'])) ? t('Hidden') : ''),
@@ -310,7 +326,7 @@ class Connections extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 			$o .= replace_macros(get_markup_template('connections.tpl'),array(
 				'$header' => t('Connections') . (($head) ? ': ' . $head : ''),
 				'$tabs' => $tabs,

Zotlabs/Module/Connedit.php

@@ -828,7 +828,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 
 			$locstr = locations_by_netid($contact['xchan_hash']);
 			if(! $locstr)
-				$locstr = $contact['xchan_url'];
+				$locstr = unpunify($contact['xchan_url']);
 	
 			$clone_warn = '';
 			$clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false);
@@ -852,8 +852,8 @@ class Connedit extends \Zotlabs\Web\Controller {
 				'$permcat'        => [ 'permcat', t('Permission role'), '', '<span class="loading invisible">' . t('Loading') . '<span class="jumping-dots"><span class="dot-1">.</span><span class="dot-2">.</span><span class="dot-3">.</span></span></span>',$permcats ],
 				'$permcat_new'    => t('Add permission role'),
 				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
-				'$addr'           => $contact['xchan_addr'],
-				'$primeurl'       => $contact['xchan_url'],
+				'$addr'           => unpunify($contact['xchan_addr']),
+				'$primeurl'       => unpunify($contact['xchan_url']),
 				'$section'        => $section,
 				'$sections'       => $sections,
 				'$vcard'          => $vcard,

Zotlabs/Module/Cover_photo.php

@@ -355,6 +355,8 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 	
 			$o .= replace_macros($tpl,array(
 				'$user'                => \App::$channel['channel_address'],
+				'$info'                => t('Your cover photo may be visible to anybody on the internet'),
+				'$existing'            => get_cover_photo(local_channel(),'array',PHOTO_RES_COVER_850),
 				'$lbl_upfile'          => t('Upload File:'),
 				'$lbl_profiles'        => t('Select a profile:'),
 				'$title'               => t('Change Cover Photo'),

Zotlabs/Module/Directory.php

@@ -299,9 +299,9 @@ class Directory extends \Zotlabs\Web\Controller {
 										if(strlen($out))
 											$out .= ', ';
 										if($marr && in_arrayi($k,$marr))
-											$out .= '<strong>' . $k . '</strong>';
+											$out .= '<a href="' . z_root() . '/directory/f=&keywords=' . urlencode($k)  .'"><strong>' . $k . '</strong></a>';
 										else
-											$out .= $k;
+											$out .= '<a href="' . z_root() . '/directory/f=&keywords=' . urlencode($k)  .'">' . $k . '</a>';
 									}
 								}
 				
@@ -395,7 +395,7 @@ class Directory extends \Zotlabs\Web\Controller {
 	
 							$dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory'));
 	
-							$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . ";  </script>";
+							$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . ";  </script>";
 							$o .= replace_macros($tpl, array(
 								'$search' => $search,
 								'$desc' => t('Find'),
@@ -404,7 +404,7 @@ class Directory extends \Zotlabs\Web\Controller {
 								'$entries' => $entries,
 								'$dirlbl' => $suggest ? t('Channel Suggestions') : $dirtitle,
 								'$submit' => t('Find'),
-								'$next' => alt_pager($a,$j['records'], t('next page'), t('previous page')),
+								'$next' => alt_pager($j['records'], t('next page'), t('previous page')),
 								'$sort' => t('Sort options'),
 								'$normal' => t('Alphabetic'),
 								'$reverse' => t('Reverse Alphabetic'),

Zotlabs/Module/Display.php

@@ -102,7 +102,7 @@ class Display extends \Zotlabs\Web\Controller {
 		if($decoded)
 			$item_hash = $decoded;
 
-		$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid like '%s' limit 1",
+		$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, author_xchan, item_blocked from item where mid like '%s' limit 1",
 			dbesc($item_hash . '%')
 		);
 	
@@ -110,6 +110,14 @@ class Display extends \Zotlabs\Web\Controller {
 			$target_item = $r[0];
 		}
 
+		$x = q("select * from xchan where xchan_hash = '%s' limit 1",
+			dbesc($target_item['author_xchan'])
+		);
+		if($x) {
+// not yet ready for prime time
+//			\App::$poi = $x[0];
+		}
+
 		//if the item is to be moderated redirect to /moderate
 		if($target_item['item_blocked'] == ITEM_MODERATED) {
 			goaway(z_root() . '/moderate/' . $target_item['id']);
@@ -124,7 +132,7 @@ class Display extends \Zotlabs\Web\Controller {
 			$y = q("select * from iconfig left join item on iconfig.iid = item.id 
 				where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item.id = %d limit 1",
 				intval($target_item['uid']),
-				intval($target_item['id'])
+				intval($target_item['parent'])
 			);
 			if($x && $y) {
 				goaway(z_root() . '/page/' . $x[0]['channel_address'] . '/' . $y[0]['v']);
@@ -134,6 +142,41 @@ class Display extends \Zotlabs\Web\Controller {
 			 	return '';
 			}
 		}
+		if($target_item['item_type']  == ITEM_TYPE_ARTICLE) {
+			$x = q("select * from channel where channel_id = %d limit 1",
+				intval($target_item['uid'])
+			);
+			$y = q("select * from iconfig left join item on iconfig.iid = item.id 
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and item.id = %d limit 1",
+				intval($target_item['uid']),
+				intval($target_item['parent'])
+			);
+			if($x && $y) {
+				goaway(z_root() . '/articles/' . $x[0]['channel_address'] . '/' . $y[0]['v']);
+			}
+			else {
+				notice( t('Page not found.') . EOL);
+			 	return '';
+			}
+		}
+		if($target_item['item_type']  == ITEM_TYPE_CARD) {
+			$x = q("select * from channel where channel_id = %d limit 1",
+				intval($target_item['uid'])
+			);
+			$y = q("select * from iconfig left join item on iconfig.iid = item.id 
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'CARD' and item.id = %d limit 1",
+				intval($target_item['uid']),
+				intval($target_item['parent'])
+			);
+			if($x && $y) {
+				goaway(z_root() . '/cards/' . $x[0]['channel_address'] . '/' . $y[0]['v']);
+			}
+			else {
+				notice( t('Page not found.') . EOL);
+			 	return '';
+			}
+		}
+		
 		
 		$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
 	
@@ -170,8 +213,8 @@ class Display extends \Zotlabs\Web\Controller {
 				'$uid'     => '0',
 				'$gid'     => '0',
 				'$cid'     => '0',
-				'$cmin'    => '0',
-				'$cmax'    => '99',
+				'$cmin'    => '(-1)',
+				'$cmax'    => '(-1)',
 				'$star'    => '0',
 				'$liked'   => '0',
 				'$conv'    => '0',

Zotlabs/Module/Editpost.php

@@ -82,7 +82,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 			'editor_autocomplete'=> true,
 			'bbco_autocomplete'=> 'bbcode',
 			'return_path' => $_SESSION['return_url'],
-			'button' => t('Edit'),
+			'button' => t('Submit'),
 			'hide_voting' => true,
 			'hide_future' => true,
 			'hide_location' => true,

Zotlabs/Module/Follow.php

@@ -14,21 +14,26 @@ class Follow extends \Zotlabs\Web\Controller {
 		}
 	
 		$uid = local_channel();
-		$url = notags(trim($_REQUEST['url']));
+		$url = notags(trim(punify($_REQUEST['url'])));
 		$return_url = $_SESSION['return_url'];
 		$confirm = intval($_REQUEST['confirm']);
-	
+		$interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1);	
 		$channel = \App::get_channel();
 
-		$result = new_contact($uid,$url,$channel,true,$confirm);
+		$result = new_contact($uid,$url,$channel,$interactive,$confirm);
 		
 		if($result['success'] == false) {
 			if($result['message'])
 				notice($result['message']);
-			goaway($return_url);
+			if($interactive) {
+				goaway($return_url);
+			}
+			else {
+				json_return_and_die($result);
+			}
 		}
 	
-		info( t('Channel added.') . EOL);
+		info( t('Connection added.') . EOL);
 	
 		$clone = array();
 		foreach($result['abook'] as $k => $v) {
@@ -53,7 +58,12 @@ class Follow extends \Zotlabs\Web\Controller {
 		if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss'))
 			\Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id']));
 	
-		goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
+		if($interactive) {
+			goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
+		}
+		else {
+			json_return_and_die([ 'success' => true ]);
+		}
 	
 	}
 	

Zotlabs/Module/Hashtags.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Hashtags extends \Zotlabs\Web\Controller {
+
+	function init() {
+		$result = [];
+
+		$t = escape_tags($_REQUEST['t']);
+		if(! $t)
+			json_return_and_die($result);
+
+		$r = q("select distinct(term) from term where term like '%s' and ttype = %d order by term",
+			dbesc($t . '%'),
+			intval(TERM_HASHTAG)
+		);
+		if($r) {
+			foreach($r as $rv) {
+				$result[] = [ 'text' => $rv['term'] ];
+			}
+		}
+
+		json_return_and_die($result); 
+	}
+}

Zotlabs/Module/Import.php

@@ -114,15 +114,16 @@ class Import extends \Zotlabs\Web\Controller {
 				return;
 		}
 
-		if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) {
-			$v1 = substr($data['compatibility']['database'],-4);
-			$v2 = substr(DB_UPDATE_VERSION,-4);
-			if($v2 > $v1) {
-				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 );
-				notice($t);
-			}
-
-		}
+// This is only an info message but it is alarming to folks who then report failure with this as the cause, when in fact we ignore this completely.
+//		if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) {
+//			$v1 = substr($data['compatibility']['database'],-4);
+//			$v2 = substr(DB_UPDATE_VERSION,-4);
+//			if($v2 > $v1) {
+//				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 );
+//				notice($t);
+//			}
+//
+//		}
 
 		if($moving)
 			$seize = 1;
@@ -362,11 +363,27 @@ class Import extends \Zotlabs\Web\Controller {
 						continue;
 				}
 
-				abook_store_lowlevel($abook);
+				$r = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+					dbesc($abook['abook_xchan']),
+					intval($channel['channel_id'])
+				);
+				if($r) {
+					foreach($abook as $k => $v) {
+						$r = q("UPDATE abook SET " . TQUOT . "%s" . TQUOT . " = '%s' WHERE abook_xchan = '%s' AND abook_channel = %d",
+							dbesc($k),
+							dbesc($v),
+							dbesc($abook['abook_xchan']),
+							intval($channel['channel_id'])
+						);
+					}
+				}
+				else {
+					abook_store_lowlevel($abook);
 
-				$friends ++;
-				if(intval($abook['abook_feed']))
-					$feeds ++;
+					$friends ++;
+					if(intval($abook['abook_feed']))
+						$feeds ++;
+				}
 
 				translate_abook_perms_inbound($channel,$abook_copy);
 
@@ -515,16 +532,19 @@ class Import extends \Zotlabs\Web\Controller {
 			'$desc' => t('Use this form to import an existing channel from a different server/hub. You may retrieve the channel identity from the old server/hub via the network or provide an export file.'),
 			'$label_filename' => t('File to Upload'),
 			'$choice' => t('Or provide the old server/hub details'),
-			'$label_old_address' => t('Your old identity address (xyz@example.com)'),
-			'$label_old_email' => t('Your old login email address'),
-			'$label_old_pass' => t('Your old login password'),
+
+			'$old_address' => [ 'old_address', t('Your old identity address (xyz@example.com)'), '', ''],
+			'$email' => [ 'email', t('Your old login email address'), '', '' ],
+			'$password' => [ 'password', t('Your old login password'), '', '' ],
+			'$import_posts' => [ 'import_posts', t('Import a few months of posts if possible (limited by available memory'), false, '', [ t('No'), t('Yes') ]],
+
 			'$common' => t('For either option, please choose whether to make this hub your new primary address, or whether your old location should continue this role. You will be able to post from either location, but only one can be marked as the primary location for files, photos, and media.'),
-			'$label_import_primary' => t('Make this hub my primary location'),
-			'$label_import_moving' => t('Move this channel (disable all previous locations)'),
-			'$label_import_posts' => t('Import a few months of posts if possible (limited by available memory'),
+
+			'$make_primary' => [ 'make_primary', t('Make this hub my primary location'), false, '', [ t('No'), t('Yes') ] ],
+			'$moving' => [ 'moving', t('Move this channel (disable all previous locations)'), false, '', [ t('No'), t('Yes') ] ],
+
 			'$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'),
-			'$email' => '',
-			'$pass' => '',
+
 			'$form_security_token' => get_form_security_token('channel_import'),
 			'$submit' => t('Submit')
 		));

Zotlabs/Module/Item.php

@@ -468,6 +468,7 @@ class Item extends \Zotlabs\Web\Controller {
 				$private = intval($acl->is_private() || $parent_item['item_private']);
 				$public_policy     = $parent_item['public_policy'];
 				$owner_hash        = $parent_item['owner_xchan'];
+				$webpage           = $parent_item['item_type'];
 			}
 		
 			if((! $allow_empty) && (! strlen($body))) {
@@ -542,7 +543,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			// Look for tags and linkify them
 			$results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid);
-	
+
 			if($results) {
 	
 				// Set permissions based on tag replacements

Zotlabs/Module/Like.php

@@ -296,10 +296,11 @@ class Like extends \Zotlabs\Web\Controller {
 				notice( t('Permission denied') . EOL);
 				killme();
 			}
-	
+
 			$r = q("select * from xchan where xchan_hash = '%s' limit 1",
 				dbesc($item['owner_xchan'])
 			);
+
 			if($r)
 				$thread_owner = $r[0];
 			else
@@ -418,6 +419,7 @@ class Like extends \Zotlabs\Web\Controller {
 	
 			$arr['item_origin'] = 1;
 			$arr['item_notshown'] = 1;
+			$arr['item_type'] = $item['item_type'];
 	
 			if(intval($item['item_wall']))
 				$arr['item_wall'] = 1;

Zotlabs/Module/Logout.php

@@ -5,7 +5,12 @@ namespace Zotlabs\Module;
 class Logout extends \Zotlabs\Web\Controller {
 
 	function init() {
-		\App::$session->nuke();
+		if($_SESSION['delegate'] && $_SESSION['delegate_push']) {
+			$_SESSION = $_SESSION['delegate_push'];
+		}
+		else {	
+			\App::$session->nuke();
+		}
 		goaway(z_root());
 
 	}

Zotlabs/Module/Magic.php

@@ -14,12 +14,18 @@ class Magic extends \Zotlabs\Web\Controller {
 		logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA);
 	
 		$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
+		$bdest = ((x($_REQUEST,'bdest')) ? $_REQUEST['bdest'] : '');
 		$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
 		$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
 		$rev  = ((x($_REQUEST,'rev'))  ? intval($_REQUEST['rev'])  : 0);
 		$owa  = ((x($_REQUEST,'owa'))  ? intval($_REQUEST['owa'])  : 0);
 		$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate']  : '');
-	
+
+		if($bdest)
+			$dest = hex2bin($bdest);
+
+		$dest = html_entity_decode($dest);	
+
 		$parsed = parse_url($dest);
 		if(! $parsed) {
 			if($test) {
@@ -112,6 +118,8 @@ class Magic extends \Zotlabs\Web\Controller {
 				if($r && intval($r[0]['channel_id'])) {
 					$allowed = perm_is_allowed($r[0]['channel_id'],get_observer_hash(),'delegate');
 					if($allowed) {
+						$tmp = $_SESSION;
+						$_SESSION['delegate_push'] = $tmp;
 						$_SESSION['delegate_channel'] = $r[0]['channel_id'];
 						$_SESSION['delegate'] = get_observer_hash();
 						$_SESSION['account_id'] = intval($r[0]['channel_account_id']);

Zotlabs/Module/Mail.php

@@ -67,14 +67,14 @@ class Mail extends \Zotlabs\Web\Controller {
 		if(! $recipient) {
 			$channel = \App::get_channel();
 	
-			$j = \Zotlabs\Zot\Finger::run($rstr,$channel);
+			$j = \Zotlabs\Zot\Finger::run(punify($rstr),$channel);
 	
 			if(! $j['success']) {
 				notice( t('Unable to lookup recipient.') . EOL);
 				return;
 			} 
 	
-			logger('message_post: lookup: ' . $url . ' ' . print_r($j,true));
+			logger('message_post: lookup: ' . $rstr . ' ' . print_r($j,true));
 	
 			if(! $j['guid']) {
 				notice( t('Unable to communicate with requested channel.'));

Zotlabs/Module/Message.php

@@ -93,7 +93,7 @@ class Message extends \Zotlabs\Web\Controller {
 			));
 	
 	
-			$o .= alt_pager($a,count($r));	
+			$o .= alt_pager(count($r));	
 	
 			return $o;
 	

Zotlabs/Module/Moderate.php

@@ -14,9 +14,12 @@ class Moderate extends \Zotlabs\Web\Controller {
 			return;
 		}
 
+		\App::set_pager_itemspage(60);
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));               
+
 		//show all items
 		if(argc() == 1) {
-			$r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+			$r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc $pager_sql",
 				intval(local_channel()),
 				intval(ITEM_MODERATED)
 			);
@@ -26,7 +29,7 @@ class Moderate extends \Zotlabs\Web\Controller {
 		if(argc() == 2) {
 			$post_id = intval(argv(1));
 
-			$r = q("select item.id as item_id, item.* from item where item.id = %d and item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+			$r = q("select item.id as item_id, item.* from item where item.id = %d and item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc $pager_sql",
 				intval($post_id),
 				intval(local_channel()),
 				intval(ITEM_MODERATED)
@@ -47,17 +50,26 @@ class Moderate extends \Zotlabs\Web\Controller {
 			);
 
 			if($r) {
+				$item = $r[0];
+
 				if($action === 'approve') {
 					q("update item set item_blocked = 0 where uid = %d and id = %d",
 						intval(local_channel()),
 						intval($post_id)
 					);
+
+					$item['item_blocked'] = 0;
+
+					item_update_parent_commented($item);
+
 					notice( t('Comment approved') . EOL);
 				}
 				elseif($action === 'drop') {
 					drop_item($post_id,false);
 					notice( t('Comment deleted') . EOL);
 				} 
+
+				// refetch the item after changes have been made
 			
 				$r = q("select * from item where id = %d",
 					intval($post_id)
@@ -83,6 +95,7 @@ class Moderate extends \Zotlabs\Web\Controller {
 		}
 
 		$o = conversation($items,'moderate',false,'traditional');
+		$o .= alt_pager(count($items));
 		return $o;
 
 	}

Zotlabs/Module/Network.php

@@ -107,9 +107,8 @@ class Network extends \Zotlabs\Web\Controller {
 			$def_acl    = array('allow_gid' => '<' . $r[0]['hash'] . '>');
 		}
 	
-	
-		$default_cmin = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmin',0) : 0);
-		$default_cmax = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmax',99) : 99);
+		$default_cmin = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmin',0) : (-1));
+		$default_cmax = ((feature_enabled(local_channel(),'affinity')) ? get_pconfig(local_channel(),'affinity','cmax',99) : (-1));
 
 	
 		// if no tabs are selected, defaults to comments
@@ -130,6 +129,7 @@ class Network extends \Zotlabs\Web\Controller {
 	
 		if(x($_GET,'search') || x($_GET,'file'))
 			$nouveau = true;
+
 		if($cid) {
 			$r = q("SELECT abook_xchan FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
 				intval($cid),
@@ -210,10 +210,9 @@ class Network extends \Zotlabs\Web\Controller {
 	
 		$sql_nets = '';
 
-		$distinct = '';
 		$item_thread_top = ' AND item_thread_top = 1 ';
 	
-		$sql_extra = $sql_options;
+		$sql_extra = '';
 	
 		if($group) {
 			$contact_str = '';
@@ -229,7 +228,6 @@ class Network extends \Zotlabs\Web\Controller {
 				$contact_str = ' 0 ';
 				info( t('Privacy group is empty'));
 			}
-			$distinct = ' distinct ';
 			$item_thread_top = '';
 			$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent $item_normal ) ";
 	
@@ -254,7 +252,6 @@ class Network extends \Zotlabs\Web\Controller {
 				intval(local_channel())
 			);
 			if($r) {
-				$distinct = ' distinct ';
 				$item_thread_top = '';
 				$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) $item_normal ) ";
 				$title = replace_macros(get_markup_template("section_title.tpl"),array(
@@ -274,7 +271,6 @@ class Network extends \Zotlabs\Web\Controller {
 				dbesc($xchan)
 			);
 			if($r) {
-				$distinct = ' distinct ';
 				$item_thread_top = '';
 				$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($xchan) . "' or owner_xchan = '" . dbesc($xchan) . "' ) $item_normal ) ";
 				$title = replace_macros(get_markup_template("section_title.tpl"),array(
@@ -320,8 +316,8 @@ class Network extends \Zotlabs\Web\Controller {
 				'$uid'     => ((local_channel()) ? local_channel() : '0'),
 				'$gid'     => (($gid) ? $gid : '0'),
 				'$cid'     => (($cid) ? $cid : '0'),
-				'$cmin'    => (($cmin) ? $cmin : '0'),
-				'$cmax'    => (($cmax) ? $cmax : '0'),
+				'$cmin'    => (($cmin) ? $cmin : '(-1)'),
+				'$cmax'    => (($cmax) ? $cmax : '(-1)'),
 				'$star'    => (($star) ? $star : '0'),
 				'$liked'   => (($liked) ? $liked : '0'),
 				'$conv'    => (($conv) ? $conv : '0'),
@@ -381,7 +377,6 @@ class Network extends \Zotlabs\Web\Controller {
 		}
 	
 		if($conv) {
-			$distinct = ' distinct ';
 			$item_thread_top = '';
 			$sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or item_mentionsme = 1 )) ",
 				dbesc(protect_sprintf($channel['channel_hash']))
@@ -400,8 +395,9 @@ class Network extends \Zotlabs\Web\Controller {
 			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
 		}
 	
-	
-		if(($cmin != 0) || ($cmax != 99)) {
+		// cmin and cmax are both -1 when the affinity tool is disabled
+
+		if(($cmin != (-1)) || ($cmax != (-1))) {
 	
 			// Not everybody who shows up in the network stream will be in your address book.
 			// By default those that aren't are assumed to have closeness = 99; but this isn't
@@ -464,7 +460,7 @@ class Network extends \Zotlabs\Web\Controller {
 				WHERE true $uids $item_normal
 				and (abook.abook_blocked = 0 or abook.abook_flags is null)
 				$simple_update
-				$sql_extra $sql_nets
+				$sql_extra $sql_options $sql_nets
 				$net_query2
 				ORDER BY item.received DESC $pager_sql "
 			);
@@ -487,13 +483,13 @@ class Network extends \Zotlabs\Web\Controller {
 			if($load) {
 
 				// Fetch a page full of parent items for this page
-				$r = q("SELECT $distinct item.parent AS item_id FROM item 
+				$r = q("SELECT item.parent AS item_id FROM item 
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 					$net_query
 					WHERE true $uids $item_thread_top $item_normal
 					AND item.mid = item.parent_mid
 					and (abook.abook_blocked = 0 or abook.abook_flags is null)
-					$sql_extra3 $sql_extra $sql_nets
+					$sql_extra3 $sql_extra $sql_options $sql_nets
 					$net_query2
 					ORDER BY $ordering DESC $pager_sql "
 				);
@@ -506,7 +502,7 @@ class Network extends \Zotlabs\Web\Controller {
 					$net_query
 					WHERE true $uids $item_normal_update $simple_update
 					and (abook.abook_blocked = 0 or abook.abook_flags is null)
-					$sql_extra3 $sql_extra $sql_nets $net_query2"
+					$sql_extra3 $sql_extra $sql_options $sql_nets $net_query2"
 				);
 				$_SESSION['loadtime'] = datetime_convert();
 			}
@@ -570,7 +566,7 @@ class Network extends \Zotlabs\Web\Controller {
 		$o .= conversation($items,$mode,$update,$page_mode);
 	
 		if(($items) && (! $update))
-			$o .= alt_pager($a,count($items));
+			$o .= alt_pager(count($items));
 	
 		return $o;
 	}

Zotlabs/Module/New_channel.php

@@ -16,8 +16,15 @@ class New_channel extends \Zotlabs\Web\Controller {
 			require_once('library/urlify/URLify.php');
 			$result = array('error' => false, 'message' => '');
 			$n = trim($_REQUEST['name']);
-	
-			$x = strtolower(\URLify::transliterate($n));
+
+			$x = false;
+
+			if(get_config('system','unicode_usernames')) {
+				$x = punify(mb_strtolower($n)); 
+			}
+
+			if((! $x) || strlen($x) > 64)
+				$x = strtolower(\URLify::transliterate($n));
 	
 			$test = array();
 	
@@ -43,7 +50,14 @@ class New_channel extends \Zotlabs\Web\Controller {
 			$result = array('error' => false, 'message' => '');
 			$n = trim($_REQUEST['nick']);
 	
-			$x = strtolower(\URLify::transliterate($n));
+			$x = false;
+
+			if(get_config('system','unicode_usernames')) {
+				$x = punify(mb_strtolower($n)); 
+			}
+
+			if((! $x) || strlen($x) > 64)
+				$x = strtolower(\URLify::transliterate($n));
 	
 			$test = array();
 	
@@ -132,14 +146,14 @@ class New_channel extends \Zotlabs\Web\Controller {
 		$name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'), "*");
 		$nickhub = '@' . \App::get_hostname();
 		$nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub), "*");
-		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Account_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
+		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Channel_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
 	
 		$o = replace_macros(get_markup_template('new_channel.tpl'), array(
 			'$title'        => t('Create Channel'),
-			'$desc'         => t('A channel is your identity on this network. It can represent a person, a blog, or a forum to name a few. Channels can make connections with other channels to share information with highly detailed permissions.'),
+			'$desc'         => t('A channel is a unique network identity. It can represent a person (social network profile), a forum (group), a business or celebrity page, a newsfeed, and many other things. Channels can make connections with other channels to share information with each other.') . ' ' . t('The type of channel you create affects the basic privacy settings, the permissions that are granted to connections/friends, and also the channel\'s visibility across the network.'),
 			'$label_import' => t('or <a href="import">import an existing channel</a> from another location.'),
 			'$name'         => $name,
-			'$role'		=> $role,
+			'$role'		    => $role,
 			'$default_role' => $default_role,
 			'$nickname'     => $nickname,
 			'$validate'     => t('Validate'),

Zotlabs/Module/Oauth2testvehicle.php

@@ -0,0 +1,151 @@
+<?php
+
+namespace Zotlabs\Module;
+
+/**
+ * The OAuth2TestVehicle class is a way to test the registration of an OAuth2
+ * client app. It allows you to walk through the steps of registering a client,
+ * requesting an authorization code for that client, and then requesting an 
+ * access token for use in authentication against the Hubzilla API endpoints.
+ */
+class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
+
+	function init() {
+
+		killme();
+		
+		// If there is a 'code' and 'state' parameter then this is a client app 
+		// callback issued after the authorization code request
+		// TODO: Check state value and compare to original sent value
+			// "You should first compare this state value to ensure it matches the 
+			// one you started with. You can typically store the state value in a 
+			// cookie, and compare it when the user comes back. This ensures your 
+			// redirection endpoint isn't able to be tricked into attempting to 
+			// exchange arbitrary authorization codes."
+		$_SESSION['redirect_uri'] = z_root() . '/oauth2testvehicle';
+		$_SESSION['authorization_code'] = (x($_REQUEST, 'code') ? $_REQUEST['code'] : $_SESSION['authorization_code']);
+		$_SESSION['state'] = (x($_REQUEST, 'state') ? $_REQUEST['state'] : $_SESSION['state'] );
+		$_SESSION['client_id'] = (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : $_SESSION['client_id'] );
+		$_SESSION['client_secret'] = (x($_REQUEST, 'client_secret') ? $_REQUEST['client_secret'] : $_SESSION['client_secret']);
+		$_SESSION['access_token'] = (x($_REQUEST, 'access_token') ? $_REQUEST['access_token'] : $_SESSION['access_token'] );
+		$_SESSION['api_response'] = (x($_SESSION, 'api_response') ? $_SESSION['api_response'] : '');
+	}
+	function get() {
+		
+		$o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array(
+			'$baseurl' => z_root(),
+			'$api_response' => $_SESSION['api_response'],
+			/*
+			  endpoints => array(
+			  array(
+			  'path_to_endpoint',
+			  array(
+			  array('field_name_1', 'value'),
+			  array('field_name_2', 'value'),
+			  ...
+			  ),
+			  'submit_button_name',
+			  'Description of API action'
+			  )
+			  )
+			 */
+			'$endpoints' => array(
+				array(
+					'authorize',
+					array(
+						array('response_type', 'code'),
+						array('client_id', (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : 'oauth2_test_app')),
+						array('redirect_uri', $_SESSION['redirect_uri']),
+						array('state', 'xyz'),
+						// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
+						// http://openid.net/specs/openid-connect-registration-1_0.html
+						array('client_name', 'OAuth2 Test App'),
+						array('logo_uri', urlencode(z_root() . '/images/icons/plugin.png')),
+						array('client_uri', urlencode('https://client.example.com/website')),
+						array('application_type', 'web'), // would be 'native' for mobile app
+					),
+					'oauth_authorize',
+					'Authorize a test client app',
+					'GET',
+					(($_REQUEST['code'] && $_REQUEST['state']) ? true : false),
+				),
+				array(
+					'oauth2testvehicle',
+					array(
+						array('action', 'request_token'),
+						array('grant_type', 'authorization_code'),
+						array('code', $_SESSION['authorization_code']),
+						array('redirect_uri', $_SESSION['redirect_uri']),
+						array('client_id', ($_SESSION['client_id'] ? $_SESSION['client_id'] : 'oauth2_test_app')),
+						array('client_secret', $_SESSION['client_secret']),
+					),
+					'oauth_token_request',
+					'Request a token',
+					'POST',
+					($_SESSION['success'] === 'request_token'),
+				),
+				array(
+					'oauth2testvehicle',
+					array(
+						array('action', 'api_files'),
+						array('access_token', $_SESSION['access_token']),
+					),
+					'oauth_api_files',
+					'API: Get channel files',
+					'POST',
+					($_SESSION['success'] === 'api_files'),
+				)
+			)
+		));
+		$_SESSION['success'] = '';
+		return $o;
+	}
+
+	function post() {
+
+		switch ($_POST['action']) {
+			case 'api_files':
+				$access_token = $_SESSION['access_token'];
+				$url = z_root() . '/api/z/1.0/files/';				
+				$headers = [];
+				$headers[] = 'Authorization: Bearer ' . $access_token;
+				$post = z_fetch_url($url, false, 0, array(
+					'custom' => 'GET',
+					'headers' => $headers,
+				));
+				logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+				$response = json_decode($post['body'], true);
+				$_SESSION['api_response'] = json_encode($response, JSON_PRETTY_PRINT);
+				break;
+			case 'request_token':
+				$grant_type = (x($_POST, 'grant_type') ? $_POST['grant_type'] : '');
+				$redirect_uri = (x($_POST, 'redirect_uri') ? $_POST['redirect_uri'] : '');
+				$client_id = (x($_POST, 'client_id') ? $_POST['client_id'] : '');
+				$code = (x($_POST, 'code') ? $_POST['code'] : '');
+				$client_secret = (x($_POST, 'client_secret') ? $_POST['client_secret'] : '');
+				$url = z_root() . '/token/';
+				$params = http_build_query(array(
+					'grant_type' => $grant_type,
+					'redirect_uri' => urlencode($redirect_uri),
+					'client_id' => $client_id,
+					'code' => $code,
+				));
+				$post = z_post_url($url, $params, 0, array(
+					'http_auth' => $client_id . ':' . $client_secret,
+				));
+				logger(json_encode($post, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+				$response = json_decode($post['body'], true);
+				logger(json_encode($response, JSON_PRETTY_PRINT), LOGGER_DEBUG);
+				if($response['access_token']) {
+					info('Access token received: ' . $response['access_token'] . EOL);
+					$_SESSION['success'] = 'request_token';
+					$_SESSION['access_token'] = $response['access_token'];
+				}
+				break;
+
+			default:
+				break;
+		}
+	}
+
+}

Zotlabs/Module/Ochannel.php

@@ -0,0 +1,69 @@
+<?php
+
+namespace Zotlabs\Module;
+
+require_once('include/contact_widgets.php');
+require_once('include/items.php');
+require_once("include/bbcode.php");
+require_once('include/security.php');
+require_once('include/conversation.php');
+require_once('include/acl_selectors.php');
+require_once('include/permissions.php');
+
+/**
+ * @brief Channel Controller for broken OStatus implementations
+ *
+ */
+class Ochannel extends \Zotlabs\Web\Controller {
+
+	function init() {
+
+		$which = null;
+		if(argc() > 1)
+			$which = argv(1);
+		if(! $which) {
+			if(local_channel()) {
+				$channel = \App::get_channel();
+				if($channel && $channel['channel_address'])
+				$which = $channel['channel_address'];
+			}
+		}
+		if(! $which) {
+			notice( t('You must be logged in to see this page.') . EOL );
+			return;
+		}
+
+		$profile = 0;
+		$channel = \App::get_channel();
+
+		if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) {
+			$which = $channel['channel_address'];
+			$profile = argv(1);
+		}
+
+		head_add_link( [ 
+			'rel'   => 'alternate', 
+			'type'  => 'application/atom+xml',
+			'href'  => z_root() . '/ofeed/' . $which
+		]);
+
+
+		// Run profile_load() here to make sure the theme is set before
+		// we start loading content
+
+		profile_load($which,$profile);
+	}
+
+	function get($update = 0, $load = false) {
+
+		if(argc() < 2)
+			return;
+
+		if($load)
+			$_SESSION['loadtime'] = datetime_convert();
+
+		return '<script>window.location.href = "' . z_root() . '/' . str_replace('ochannel/','channel/',\App::$query_string) . '";</script>';
+
+	}
+
+}

Zotlabs/Module/Oep.php

@@ -72,7 +72,7 @@ class Oep extends \Zotlabs\Web\Controller {
 		$url = $args['url'];
 		$maxwidth  = intval($args['maxwidth']);
 		$maxheight = intval($args['maxheight']);
-	logger('processing display');
+
 		if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) {
 			$res = $matches[2];
 		}
@@ -125,6 +125,7 @@ class Oep extends \Zotlabs\Web\Controller {
             "' profile='".$p[0]['author']['xchan_url'] .
             "' avatar='".$p[0]['author']['xchan_photo_s'].
             "' link='".$p[0]['plink'].
+			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
             "' posted='".$p[0]['created'].
             "' message_id='".$p[0]['mid']."']";
 	    if($p[0]['title'])
@@ -209,6 +210,7 @@ class Oep extends \Zotlabs\Web\Controller {
             "' profile='".$p[0]['author']['xchan_url'] .
             "' avatar='".$p[0]['author']['xchan_photo_s'].
             "' link='".$p[0]['plink'].
+			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
             "' posted='".$p[0]['created'].
             "' message_id='".$p[0]['mid']."']";
 	    if($p[0]['title'])
@@ -292,6 +294,7 @@ class Oep extends \Zotlabs\Web\Controller {
             "' profile='".$p[0]['author']['xchan_url'] .
             "' avatar='".$p[0]['author']['xchan_photo_s'].
             "' link='".$p[0]['plink'].
+			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
             "' posted='".$p[0]['created'].
             "' message_id='".$p[0]['mid']."']";
 	    if($p[0]['title'])
@@ -366,6 +369,7 @@ class Oep extends \Zotlabs\Web\Controller {
 			"' profile='".$p[0]['author']['xchan_url'] .
 			"' avatar='".$p[0]['author']['xchan_photo_s'].
 			"' link='".$p[0]['plink'].
+			"' auth='".(($p[0]['author']['network'] === 'zot') ? 'true' : 'false') .
 			"' posted='".$p[0]['created'].
 			"' message_id='".$p[0]['mid']."']";
 		if($p[0]['title'])

Zotlabs/Module/Owa.php

@@ -34,6 +34,15 @@ class Owa extends \Zotlabs\Web\Controller {
 							where hubloc_addr = '%s' ",
 							dbesc(str_replace('acct:','',$keyId))
 						);
+						if(! $r) {
+							$found = discover_by_webbie(str_replace('acct:','',$keyId));
+							if($found) {
+								$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash 
+									where hubloc_addr = '%s' ",
+									dbesc(str_replace('acct:','',$keyId))
+								);
+							}
+						}
 						if($r) {
 							foreach($r as $hubloc) {
 								$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	

Zotlabs/Module/Photo.php

@@ -127,69 +127,45 @@ class Photo extends \Zotlabs\Web\Controller {
 				  }
 			}
 			
-			$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
+			$r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
 				dbesc($photo),
 				intval($resolution)
 			);
 			if($r) {
+
+				$allowed = (-1);
+
+				if(intval($r[0]['photo_usage'])) {
+					$allowed = 1;
+					if(intval($r[0]['photo_usage']) === PHOTO_COVER) 
+						if($resolution < PHOTO_RES_COVER_1200)
+							$allowed = (-1);
+					if(intval($r[0]['photo_usage']) === PHOTO_PROFILE)
+						if(! in_array($resolution,[4,5,6]))
+							$allowed = (-1);
+				}
+				if($allowed === (-1))
+					$allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo);
 				
-				$allowed = (($r[0]['uid']) ? perm_is_allowed($r[0]['uid'],$observer_xchan,'view_storage') : true);
-	
-				$sql_extra = permissions_sql($r[0]['uid']);
-
-				if(! $sql_extra)
-					$sql_extra = ' and true ';
-
-				// Only check permissions on normal photos. Those photos we don't check includes
-				// profile photos, xchan photos (which are also profile photos), 'thing' photos,
-				// and cover photos
-	
-				$sql_extra = " and (( photo_usage = 0 $sql_extra ) or photo_usage != 0 )";
-
 				$channel = channelx_by_n($r[0]['uid']);
 
 				// Now we'll see if we can access the photo
-				$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1",
+				$e = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1",
 					dbesc($photo),
 					intval($resolution)
 				);
 
-				// viewing cover photos is allowed unless a plugin chooses to block it. 
+				$exists = (($e) ? true : false);
 
-				if($r && intval($r[0]['photo_usage']) === PHOTO_COVER && $resolution >= PHOTO_RES_COVER_1200)
-					$allowed = 1;
- 
-				$d = [ 'imgscale' => $resolution, 'resource_id' => $photo, 'photo' => $r, 'allowed' => $allowed ];
-				call_hooks('get_photo',$d);
-
-				$resolution = $d['imgscale'];
-				$photo      = $d['resource_id'];
-				$r          = $d['photo'];
-				$allowed    = $d['allowed'];
-
-				if($r && $allowed) {
-					$data = dbunescbin($r[0]['content']);
-					$mimetype = $r[0]['mimetype'];
-					if(intval($r[0]['os_storage'])) {
+				if($exists && $allowed) {
+					$data = dbunescbin($e[0]['content']);
+					$mimetype = $e[0]['mimetype'];
+					if(intval($e[0]['os_storage'])) {
 						$streaming = $data;
 					}
 				}
 				else {
-	
-					// Does the picture exist? It may be a remote person with no credentials,
-					// but who should otherwise be able to view it. Show a default image to let 
-					// them know permissions was denied. It may be possible to view the image 
-					// through an authenticated profile visit.
-					// There won't be many completely unauthorised people seeing this because
-					// they won't have the photo link, so there's a reasonable chance that the person
-					// might be able to obtain permission to view it.
-	
-					$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
-						dbesc($photo),
-						intval($resolution)
-					);
-	 
-					if($r) {
+					if(! $allowed) {
 						logger('mod_photo: forbidden. ' . \App::$query_string);
 						$observer = \App::get_observer();
 						logger('mod_photo: observer = ' . (($observer) ? $observer['xchan_addr'] : '(not authenticated)'));
@@ -201,9 +177,6 @@ class Photo extends \Zotlabs\Web\Controller {
 			}
 		}
 	
-
-
-
 		if(! isset($data)) {
 			if(isset($resolution)) {
 				switch($resolution) {
@@ -295,7 +268,6 @@ class Photo extends \Zotlabs\Web\Controller {
 		}
 
 		killme();
-		// NOTREACHED
 	}
 	
 }

Zotlabs/Module/Photos.php

@@ -695,8 +695,8 @@ class Photos extends \Zotlabs\Web\Controller {
 				'$newalbum_label' => t('Enter an album name'),
 				'$newalbum_placeholder' => t('or select an existing album (doubleclick)'),
 				'$visible' => array('visible', t('Create a status post for this upload'), 0,'', array(t('No'), t('Yes')), 'onclick="showHideBodyTextarea();"'),
-				'$caption' => array('description', t('Caption (optional):')),
-				'$body' => array('body', t('Description (optional):'),'', 'Description will only appear in the status post'),
+				'$caption' => array('description', t('Title (optional)')),
+				'$body' => array('body', t('Description (optional)'),'', 'Description will only appear in the status post'),
 				'$albums' => $albums['albums'],
 				'$selname' => $selname,
 				'$permissions' => t('Permissions'),
@@ -833,7 +833,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				killme();
 			}
 			else {
-				$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+				$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 				$tpl = get_markup_template('photo_album.tpl');
 				$o .= replace_macros($tpl, array(
 					'$photos' => $photos,
@@ -841,7 +841,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					'$album_id' => $datum,
 					'$album_edit' => array(t('Edit Album'), $album_edit),
 					'$can_post' => $can_post,
-					'$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum),
+					'$upload' => array(t('Add Photos'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum),
 					'$order' => $order,
 					'$upload_form' => $upload_form,
 					'$usage' => $usage_message
@@ -1065,7 +1065,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					'newalbum_placeholder' => t('or select an existing one (doubleclick)'),
 					'nickname'             => \App::$data['channel']['channel_address'],
 					'resource_id'          => $ph[0]['resource_id'],
-					'capt_label'           => t('Caption'),
+					'capt_label'           => t('Title (optional)'),
 					'caption'              => $caption_e,
 					'tag_label'            => t('Add a Tag'),
 					'permissions'          => t('Permissions'),
@@ -1148,10 +1148,10 @@ class Photos extends \Zotlabs\Web\Controller {
 						builtin_activity_puller($item, $conv_responses);
 					}
 	
-	
 					$like_count = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid']] : '');
 					$like_list = ((x($alike,$link_item['mid'])) ? $alike[$link_item['mid'] . '-l'] : '');
-					if (count($like_list) > MAX_LIKERS) {
+
+					if(is_array($like_list) && (count($like_list) > MAX_LIKERS)) {
 						$like_list_part = array_slice($like_list, 0, MAX_LIKERS);
 						array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 					} else {
@@ -1163,7 +1163,7 @@ class Photos extends \Zotlabs\Web\Controller {
 						$dislike_count = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid']] : '');
 						$dislike_list = ((x($dlike,$link_item['mid'])) ? $dlike[$link_item['mid'] . '-l'] : '');
 						$dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun');
-						if (count($dislike_list) > MAX_LIKERS) {
+						if (is_array($dislike_list) && (count($dislike_list) > MAX_LIKERS)) {
 							$dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS);
 							array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 						} else {
@@ -1372,13 +1372,13 @@ class Photos extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 			$tpl = get_markup_template('photos_recent.tpl'); 
 			$o .= replace_macros($tpl, array(
 				'$title' => t('Recent Photos'),
 				'$album_id' => bin2hex(t('Recent Photos')),
 				'$can_post' => $can_post,
-				'$upload' => array(t('Upload'), z_root().'/photos/'.\App::$data['channel']['channel_address'].'/upload'),
+				'$upload' => array(t('Add Photos'), z_root().'/photos/'.\App::$data['channel']['channel_address'].'/upload'),
 				'$photos' => $photos,
 				'$upload_form' => $upload_form,
 				'$usage' => $usage_message

Zotlabs/Module/Ping.php

@@ -140,7 +140,13 @@ class Ping extends \Zotlabs\Web\Controller {
 			db_utcnow(), db_quoteinterval('3 MINUTE')
 		);
 
-		$discover_tab_on = ((get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false) ? false : true);
+
+		$sql_extra = '';
+		if(! ($vnotify & VNOTIFY_LIKE))
+			$sql_extra = " AND verb NOT IN ('" . dbesc(ACTIVITY_LIKE) . "', '" . dbesc(ACTIVITY_DISLIKE) . "') ";
+
+		$discover_tab_on = can_view_public_stream();
+
 		$notify_pubs = ((local_channel()) ? ($vnotify & VNOTIFY_PUBS) && $discover_tab_on : $discover_tab_on);
 
 		if($notify_pubs) {
@@ -151,7 +157,8 @@ class Ping extends \Zotlabs\Web\Controller {
 				AND item_unseen = 1
 				AND author_xchan != '%s'
 				AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "'
-				$item_normal",
+				$item_normal
+				$sql_extra",
 				intval($sys['channel_id']),
 				dbesc(get_observer_hash())
 			);
@@ -160,6 +167,8 @@ class Ping extends \Zotlabs\Web\Controller {
 				$result['pubs'] = intval($pubs[0]['total']);
 		}
 
+
+
 		if((argc() > 1) && (argv(1) === 'pubs') && ($notify_pubs)) {
 			$sys = get_sys_channel();
 			$result = array();
@@ -170,6 +179,7 @@ class Ping extends \Zotlabs\Web\Controller {
 				AND author_xchan != '%s'
 				AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "'
 				$item_normal
+				$sql_extra
 				ORDER BY created DESC
 				LIMIT 300",
 				intval($sys['channel_id']),
@@ -275,10 +285,10 @@ class Ping extends \Zotlabs\Web\Controller {
 							intval(local_channel())
 						);
 
-						$b64mid = ((strpos($r[0]['thr_parent'], 'b64.' === 0)) ? $r[0]['thr_parent'] : 'b64.' . base64url_encode($r[0]['thr_parent']));
+						$b64mid = ((strpos($r[0]['thr_parent'], 'b64.') === 0) ? $r[0]['thr_parent'] : 'b64.' . base64url_encode($r[0]['thr_parent']));
 					}
 					else {
-						$b64mid = ((strpos($mid, 'b64.' === 0)) ? $mid : 'b64.' . base64url_encode($mid));
+						$b64mid = ((strpos($mid, 'b64.') === 0) ? $mid : 'b64.' . base64url_encode($mid));
 					}
 
 					$notifs[] = array(
@@ -334,6 +344,7 @@ class Ping extends \Zotlabs\Web\Controller {
 				AND item_unseen = 1
 				AND author_xchan != '%s'
 				$item_normal
+				$sql_extra
 				ORDER BY created DESC
 				LIMIT 300",
 				intval(local_channel()),
@@ -508,6 +519,7 @@ class Ping extends \Zotlabs\Web\Controller {
 			$r = q("SELECT id, item_wall FROM item 
 				WHERE uid = %d and item_unseen = 1 
 				$item_normal
+				$sql_extra
 				AND author_xchan != '%s'",
 				intval(local_channel()),
 				dbesc($ob_hash)

Zotlabs/Module/Profile_photo.php

@@ -451,6 +451,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 	
 			$o .= replace_macros($tpl,array(
 				'$user' => \App::$channel['channel_address'],
+				'$info' => ((count($profiles) > 1) ? t('Your default profile photo is visible to anybody on the internet. Profile photos for alternate profiles will inherit the permissions of the profile') : t('Your profile photo is visible to anybody on the internet and may be distributed to other websites.')), 
 				'$importfile' => (($importing) ? \App::$data['importfile'] : ''),
 				'$lbl_upfile' => t('Upload File:'),
 				'$lbl_profiles' => t('Select a profile:'),

Zotlabs/Module/Profiles.php

@@ -655,7 +655,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 				intval($id),
 				intval(local_channel())
 			);
-			if(! count($r)) {
+			if(! $r) {
 				notice( t('Profile not found.') . EOL);
 				return;
 			}
@@ -712,13 +712,10 @@ class Profiles extends \Zotlabs\Web\Controller {
 	
 			$tpl = get_markup_template("profile_edit.tpl");
 			$o .= replace_macros($tpl,array(
-	
+				'$multi_profiles' => ((feature_enabled(local_channel(),'multi_profiles')) ? true : false),
 				'$form_security_token' => get_form_security_token("profile_edit"),
-				'$profile_clone_link'  => ((feature_enabled(local_channel(),'multi_profiles')) ? 'profiles/clone/' . $r[0]['id'] . '?t=' 
-					. get_form_security_token("profile_clone") : ''),
-				'$profile_drop_link'   => 'profiles/drop/' . $r[0]['id'] . '?t=' 
-					. get_form_security_token("profile_drop"),
-	
+				'$profile_clone_link'  => 'profiles/clone/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_clone"),
+				'$profile_drop_link'   => 'profiles/drop/' . $r[0]['id'] . '?t=' . get_form_security_token("profile_drop"),
 				'$fields'       => $fields,
 				'$vcard'        => $vcard,
 				'$guid'         => $r[0]['profile_guid'],
@@ -735,7 +732,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 				'$addthing'     => t('Add profile things'),
 				'$personal'     => t('Personal'),
 				'$location'     => t('Location'),
-				'$relation'     => t('Relation'),
+				'$relation'     => t('Relationship'),
 				'$miscellaneous'=> t('Miscellaneous'),
 				'$exportable'   => feature_enabled(local_channel(),'profile_export'),
 				'$lbl_import'   => t('Import profile from file'),
@@ -786,22 +783,22 @@ class Profiles extends \Zotlabs\Web\Controller {
 				'$channels'     => array('channels', t('My other channels'), $r[0]['channels']),
 				'$extra_fields' => $extra_fields,
 				'$comms'          => t('Communications'),
-                '$tel_label'      => t('Phone'),
-                '$email_label'    => t('Email'),
-                '$impp_label'     => t('Instant messenger'),
-                '$url_label'      => t('Website'),
-                '$adr_label'      => t('Address'),
-                '$note_label'     => t('Note'),
-                '$mobile'         => t('Mobile'),
-                '$home'           => t('Home'),
-                '$work'           => t('Work'),
-                '$other'          => t('Other'),
-                '$add_card'       => t('Add Contact'),
-                '$add_field'      => t('Add Field'),
-                '$create'         => t('Create'),
-                '$update'         => t('Update'),
-                '$delete'         => t('Delete'),
-                '$cancel'         => t('Cancel'),
+				'$tel_label'      => t('Phone'),
+				'$email_label'    => t('Email'),
+				'$impp_label'     => t('Instant messenger'),
+				'$url_label'      => t('Website'),
+				'$adr_label'      => t('Address'),
+				'$note_label'     => t('Note'),
+				'$mobile'         => t('Mobile'),
+				'$home'           => t('Home'),
+				'$work'           => t('Work'),
+				'$other'          => t('Other'),
+				'$add_card'       => t('Add Contact'),
+				'$add_field'      => t('Add Field'),
+				'$create'         => t('Create'),
+				'$update'         => t('Update'),
+				'$delete'         => t('Delete'),
+				'$cancel'         => t('Cancel'),
 			));
 	
 			$arr = array('profile' => $r[0], 'entry' => $o);

Zotlabs/Module/Pubstream.php

@@ -34,6 +34,8 @@ class Pubstream extends \Zotlabs\Web\Controller {
 		}
 
 		$mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : '');
+		$hashtags   = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
+
 
 		if(strpos($mid,'b64.') === 0)
 			$decoded = @base64url_decode(substr($mid,4));
@@ -116,8 +118,8 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				'$uid'     => ((local_channel()) ? local_channel() : '0'),
 				'$gid'     => '0',
 				'$cid'     => '0',
-				'$cmin'    => '0',
-				'$cmax'    => '99',
+				'$cmin'    => '(-1)',
+				'$cmax'    => '(-1)',
 				'$star'    => '0',
 				'$liked'   => '0',
 				'$conv'    => '0',
@@ -133,7 +135,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				'$order'   => 'comment',
 				'$file'    => '',
 				'$cats'    => '',
-				'$tags'    => '',
+				'$tags'    => $hashtags,
 				'$dend'    => '',
 				'$mid'     => $mid,
 				'$verb'    => '',
@@ -170,6 +172,10 @@ class Pubstream extends \Zotlabs\Web\Controller {
 			$page_mode = 'client';
 
 
+		if(x($hashtags)) {
+			$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
+		}
+
 		$net_query = (($net) ? " left join xchan on xchan_hash = author_xchan " : ''); 
 		$net_query2 = (($net) ? " and xchan_network = '" . protect_sprintf(dbesc($net)) . "' " : '');
 
@@ -224,7 +230,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 					);
 				}
 				else {
-					$r = q("SELECT distinct parent AS item_id, $ordering FROM item
+					$r = q("SELECT parent AS item_id FROM item
 						left join abook on item.author_xchan = abook.abook_xchan
 						$net_query
 						WHERE true $uids $item_normal_update
@@ -273,7 +279,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 			$o .= '<div id="content-complete"></div>';
 	
 		if(($items) && (! $update))
-			$o .= alt_pager($a,count($items));
+			$o .= alt_pager(count($items));
 
 		return $o;
 	

Zotlabs/Module/React.php

@@ -49,6 +49,7 @@ class React extends \Zotlabs\Web\Controller {
 			$n['aid'] = $channel['channel_account_id'];
 			$n['uid'] = $channel['channel_id'];
 			$n['item_origin'] = true;
+			$n['item_type'] = $i[0]['item_type'];
 			$n['parent'] = $postid;
 			$n['parent_mid'] = $i[0]['mid'];
 			$n['mid'] = item_message_id();

Zotlabs/Module/Regmod.php

@@ -35,6 +35,8 @@ class Regmod extends \Zotlabs\Web\Controller {
 		if($cmd === 'allow') {
 			if (! account_allow($hash)) killme();
 		}
+
+		goaway('/admin/accounts');
 	}
 	
 }

Zotlabs/Module/Rpost.php

@@ -45,7 +45,9 @@ class Rpost extends \Zotlabs\Web\Controller {
 				$url = get_rpost_path(\App::get_observer());
 				// make sure we're not looping to our own hub
 				if(($url) && (! stristr($url, \App::get_hostname()))) {
-					foreach($_REQUEST as $key => $arg) {
+					foreach($_GET as $key => $arg) {
+						if($key === 'q')
+							continue;
 						$url .= '&' . $key . '=' . $arg;
 					}
 					goaway($url);
@@ -111,43 +113,7 @@ class Rpost extends \Zotlabs\Web\Controller {
 		}
 
 		if($_REQUEST['post_id']) {
-			$r = q("SELECT * from item WHERE id = %d  LIMIT 1",
-				intval($_REQUEST['post_id'])
-			);
-			if(($r) && (! intval($r[0]['item_private']))) {
-				$sql_extra = item_permissions_sql($r[0]['uid']);
-	
-				$r = q("select * from item where id = %d $sql_extra",
-					intval($_REQUEST['post_id'])
-				);
-				if($r && $r[0]['mimetype'] === 'text/bbcode') {
-	
-					xchan_query($r);
-	
-					$is_photo = (($r[0]['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false);
-					if($is_photo) {
-						$object = json_decode($r[0]['obj'],true);
-						$photo_bb = $object['body'];
-					}
-	
-					if (strpos($r[0]['body'], "[/share]") !== false) {
-						$pos = strpos($r[0]['body'], "[share");
-						$i = substr($r[0]['body'], $pos);
-					} else {
-						$i = "[share author='".urlencode($r[0]['author']['xchan_name']).
-							"' profile='".$r[0]['author']['xchan_url'] .
-							"' avatar='".$r[0]['author']['xchan_photo_s'].
-							"' link='".$r[0]['plink'].
-							"' posted='".$r[0]['created'].
-							"' message_id='".$r[0]['mid']."']";
-						if($r[0]['title'])
-							$i .= '[b]'.$r[0]['title'].'[/b]'."\r\n";
-						$i .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']);
-						$i .= "[/share]";
-					}
-				}
-			}	
-			$_REQUEST['body'] = $_REQUEST['body'] . $i;
+			$_REQUEST['body'] .= '[share=' . intval($_REQUEST['post_id']) . '][/share]';
 		}
 	
 		$x = array(

Zotlabs/Module/Search.php

@@ -66,6 +66,10 @@ class Search extends \Zotlabs\Web\Controller {
 			$search = substr($search,1);
 			goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search);
 		}
+		if(strpos($search,'!') === 0) {
+			$search = substr($search,1);
+			goaway(z_root() . '/directory' . '?f=1&navsearch=1&search=' . $search);
+		}
 		if(strpos($search,'?') === 0) {
 			$search = substr($search,1);
 			goaway(z_root() . '/help' . '?f=1&navsearch=1&search=' . $search);
@@ -117,8 +121,8 @@ class Search extends \Zotlabs\Web\Controller {
 				'$uid' => ((\App::$profile['profile_uid']) ? \App::$profile['profile_uid'] : '0'),
 				'$gid' => '0',
 				'$cid' => '0',
-				'$cmin' => '0',
-				'$cmax' => '0',
+				'$cmin' => '(-1)',
+				'$cmax' => '(-1)',
 				'$star' => '0',
 				'$liked' => '0',
 				'$conv' => '0',
@@ -171,7 +175,7 @@ class Search extends \Zotlabs\Web\Controller {
 						OR ( item.uid = %d )) OR item.owner_xchan = '%s' )
 						$item_normal
 						$sql_extra
-						group by mid order by created desc $pager_sql ",
+						group by mid, created order by created desc $pager_sql ",
 						intval(local_channel()),
 						dbesc($sys['xchan_hash'])
 					);
@@ -184,7 +188,7 @@ class Search extends \Zotlabs\Web\Controller {
 							$pub_sql ) OR owner_xchan = '%s')
 						$item_normal
 						$sql_extra 
-						group by mid order by created desc $pager_sql",
+						group by mid, created order by created desc $pager_sql",
 						dbesc($sys['xchan_hash'])
 					);
 				}

Zotlabs/Module/Settings/Channel.php

@@ -202,12 +202,14 @@ class Channel {
 			$vnotify += intval($_POST['vnotify9']);
 		if(x($_POST,'vnotify10'))
 			$vnotify += intval($_POST['vnotify10']);
-		if(x($_POST,'vnotify11'))
+		if(x($_POST,'vnotify11') && is_site_admin())
 			$vnotify += intval($_POST['vnotify11']);
 		if(x($_POST,'vnotify12'))
 			$vnotify += intval($_POST['vnotify12']);
 		if(x($_POST,'vnotify13'))
 			$vnotify += intval($_POST['vnotify13']);
+		if(x($_POST,'vnotify14'))
+			$vnotify += intval($_POST['vnotify14']);
 	
 		$always_show_in_notices = x($_POST,'always_show_in_notices') ? 1 : 0;
 		
@@ -412,12 +414,16 @@ class Channel {
 		));
 	
 		$subdir = ((strlen(\App::get_path())) ? '<br />' . t('or') . ' ' . z_root() . '/channel/' . $nickname : '');
+
+		$webbie = $nickname . '@' . \App::get_hostname();
+		$intl_nickname = unpunify($nickname) . '@' . unpunify(\App::get_hostname());
 	
+
 		$tpl_addr = get_markup_template("settings_nick_set.tpl");
 	
 		$prof_addr = replace_macros($tpl_addr,array(
 			'$desc' => t('Your channel address is'),
-			'$nickname' => $nickname,
+			'$nickname' => (($intl_nickname === $webbie) ? $webbie : $intl_nickname . '&nbsp;(' . $webbie . ')'),
 			'$subdir' => $subdir,
 			'$davdesc' => t('Your files/photos are accessible via WebDAV at'),
 			'$davpath' => ((get_account_techlevel() > 3) ? z_root() . '/dav/' . $nickname : ''),
@@ -480,7 +486,8 @@ class Channel {
 		$plugin = [ 'basic' => '', 'security' => '', 'notify' => '', 'misc' => '' ];
 		call_hooks('channel_settings',$plugin);
 
-		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
+		$disable_discover_tab = intval(get_config('system','disable_discover_tab',1)) == 1;
+		$site_firehose = intval(get_config('system','site_firehose',0)) == 1;
 
 		$o .= replace_macros($stpl,array(
 			'$ptitle' 	=> t('Channel Settings'),
@@ -529,7 +536,7 @@ class Channel {
 			'$deny_gid' => acl2json($perm_defaults['deny_gid']),
 			'$suggestme' => $suggestme,
 			'$group_select' => $group_select,
-			'$role' => array('permissions_role' , t('Channel permissions category:'), $permissions_role, '', $perm_roles),
+			'$role' => array('permissions_role' , t('Channel role and privacy'), $permissions_role, '', $perm_roles),
 			'$defpermcat' => [ 'defpermcat', t('Default Permissions Group'), $default_permcat, '', $permcats ],	
 			'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
 			'$profile_in_dir' => $profile_in_dir,
@@ -569,11 +576,12 @@ class Channel {
 			'$vnotify8'  => array('vnotify8', t('System info messages'), ($vnotify & VNOTIFY_INFO), VNOTIFY_INFO, t('Recommended'), $yes_no),
 			'$vnotify9'  => array('vnotify9', t('System critical alerts'), ($vnotify & VNOTIFY_ALERT), VNOTIFY_ALERT, t('Recommended'), $yes_no),
 			'$vnotify10'  => array('vnotify10', t('New connections'), ($vnotify & VNOTIFY_INTRO), VNOTIFY_INTRO, t('Recommended'), $yes_no),
-			'$vnotify11'  => array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no),
+			'$vnotify11'  => ((is_site_admin()) ? array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no) : array()),
 			'$vnotify12'  => array('vnotify12', t('Unseen shared files'), ($vnotify & VNOTIFY_FILES), VNOTIFY_FILES, '', $yes_no),
-			'$vnotify13'  => (($disable_discover_tab) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)),
+			'$vnotify13'  => (($disable_discover_tab && !$site_firehose) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)),
+			'$vnotify14'	=> array('vnotify14', t('Unseen likes and dislikes'), ($vnotify & VNOTIFY_LIKE), VNOTIFY_LIKE, '', $yes_no),
 			'$mailhost' => [ 'mailhost', t('Email notification hub (hostname)'), get_pconfig(local_channel(),'system','email_notify_host',\App::get_hostname()), sprintf( t('If your channel is mirrored to multiple hubs, set this to your preferred location. This will prevent duplicate email notifications. Example: %s'),\App::get_hostname()) ],
-			'$always_show_in_notices'  => array('always_show_in_notices', t('Also show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no),
+			'$always_show_in_notices'  => array('always_show_in_notices', t('Show new wall posts, private messages and connections under Notices'), $always_show_in_notices, 1, '', $yes_no),
 	
 			'$evdays' => array('evdays', t('Notify me of events this many days in advance'), $evdays, t('Must be greater than 0')),			
 			'$basic_addon' => $plugin['basic'],

Zotlabs/Module/Settings/Featured.php

@@ -57,7 +57,10 @@ class Featured {
 		}
 
 		call_hooks('feature_settings', $settings_addons);
-					
+		
+		$this->sortpanels($settings_addons);
+
+			
 		$tpl = get_markup_template("settings_addons.tpl");
 		$o .= replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("settings_featured"),
@@ -67,5 +70,15 @@ class Featured {
 		));
 		return $o;
 	}
-	
-}
+
+	function sortpanels(&$s) {
+		$a = explode('<div class="panel">',$s);
+		if($a) {
+			usort($a,'featured_sort');
+			$s = implode('<div class="panel">',$a);
+		}
+	}
+
+}
+
+

Zotlabs/Module/Settings/Features.php

@@ -8,43 +8,75 @@ class Features {
 	function post() {
 		check_form_security_token_redirectOnErr('/settings/features', 'settings_features');
 	
-		// Build list of features and check which are set
-		// We will not create any settings for features that are above our techlevel
+		$features = get_features(false);
 
-		$features = get_features();
-		$all_features = array();
-		foreach($features as $k => $v) {
-			foreach($v as $f) 
-				$all_features[] = $f[0];
-		}
-		foreach($all_features as $k) {
-			if(x($_POST,"feature_$k"))
-				set_pconfig(local_channel(),'feature',$k, 1);
-			else
-				set_pconfig(local_channel(),'feature',$k, 0);
+		foreach($features as $fname => $fdata) {
+			foreach(array_slice($fdata,1) as $f) {
+				$k = $f[0];
+				if(array_key_exists("feature_$k",$_POST))
+					set_pconfig(local_channel(),'feature',$k, (string) $_POST["feature_$k"]);
+				else
+					set_pconfig(local_channel(),'feature', $k, '');
+			}
 		}
 		build_sync_packet();
 		return;
 	}
 
 	function get() {
-		$arr = array();
-		$features = get_features();
-	
+		
+		$arr = [];
+		$harr = [];
+
+		if(intval($_REQUEST['techlevel']))
+			$level = intval($_REQUEST['techlevel']);
+		else {
+ 			$level = get_account_techlevel();
+		}
+
+		if(! intval($level)) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+		$techlevels = \Zotlabs\Lib\Techlevels::levels();
+
+		// This page isn't accessible at techlevel 0
+
+		unset($techlevels[0]);
+
+		$def_techlevel = (($level > 0) ? $level : 1);
+		$techlock = get_config('system','techlevel_lock');
+
+		$all_features_raw = get_features(false);
+
+		foreach($all_features_raw as $fname => $fdata) {
+			foreach(array_slice($fdata,1) as $f) {
+				$harr[$f[0]] = ((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : '');
+			}
+		}
+
+		$features = get_features(true,$level);
+
 		foreach($features as $fname => $fdata) {
 			$arr[$fname] = array();
 			$arr[$fname][0] = $fdata[0];
 			foreach(array_slice($fdata,1) as $f) {
-				$arr[$fname][1][] = array('feature_' .$f[0],$f[1],((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On')));
+				$arr[$fname][1][] = array('feature_' . $f[0],$f[1],((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On')));
+				unset($harr[$f[0]]);
 			}
 		}
 			
 		$tpl = get_markup_template("settings_features.tpl");
 		$o .= replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("settings_features"),
-			'$title'	=> t('Additional Features'),
-			'$features' => $arr,
-			'$submit'   => t('Submit'),
+			'$title'	 => t('Additional Features'),
+			'$techlevel' => [ 'techlevel', t('Your technical skill level'), $def_techlevel, t('Used to provide a member experience and additional features consistent with your comfort level'), $techlevels ],
+			'$techlock'  => $techlock,
+			'$features'  => $arr,
+			'$hiddens'   => $harr,
+			'$baseurl'   => z_root(),
+			'$submit'    => t('Submit'),
 		));
 	
 		return $o;

Zotlabs/Module/Settings/Oauth.php

@@ -23,11 +23,12 @@ class Oauth {
 			
 			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
 			
-			$name   	= ((x($_POST,'name')) ? $_POST['name'] : '');
-			$key		= ((x($_POST,'key')) ? $_POST['key'] : '');
-			$secret		= ((x($_POST,'secret')) ? $_POST['secret'] : '');
-			$redirect	= ((x($_POST,'redirect')) ? $_POST['redirect'] : '');
-			$icon		= ((x($_POST,'icon')) ? $_POST['icon'] : '');
+			$name   	= ((x($_POST,'name')) ? escape_tags($_POST['name']) : '');
+			$key		= ((x($_POST,'key')) ? escape_tags($_POST['key']) : '');
+			$secret		= ((x($_POST,'secret')) ? escape_tags($_POST['secret']) : '');
+			$redirect	= ((x($_POST,'redirect')) ? escape_tags($_POST['redirect']) : '');
+			$icon		= ((x($_POST,'icon')) ? escape_tags($_POST['icon']) : '');
+			$oauth2		= ((x($_POST,'oauth2')) ? intval($_POST['oauth2']) : 0);
 			$ok = true;
 			if($name == '') {
 				$ok = false;

Zotlabs/Module/Settings/Oauth2.php

@@ -0,0 +1,161 @@
+<?php
+
+namespace Zotlabs\Module\Settings;
+
+
+class Oauth2 {
+
+
+	function post() {
+	
+		if(x($_POST,'remove')){
+			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
+			
+			$key = $_POST['remove'];
+			q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
+				dbesc($key),
+				intval(local_channel())
+			);
+			goaway(z_root()."/settings/oauth2/");
+			return;			
+		}
+	
+		if((argc() > 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) {
+			
+			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
+			
+			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
+			$secret		= ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : '');
+			$redirect	= ((x($_POST,'redirect')) ? escape_tags(trim($_POST['redirect'])) : '');
+			$grant		= ((x($_POST,'grant')) ? escape_tags(trim($_POST['grant'])) : '');
+			$scope		= ((x($_POST,'scope')) ? escape_tags(trim($_POST['scope'])) : '');
+
+			$ok = true;
+			if($name == '' || $secret == '') {
+				$ok = false;
+				notice( t('Name and Secret are required') . EOL);
+			}
+		
+			if($ok) {
+				if ($_POST['submit']==t("Update")){
+					$r = q("UPDATE oauth_clients SET
+								client_id = '%s',
+								client_secret = '%s',
+								redirect_uri = '%s',
+								grant_types = '%s',
+								scope = '%s', 
+								user_id = %d
+							WHERE client_id='%s'",
+							dbesc($name),
+							dbesc($secret),
+							dbesc($redirect),
+							dbesc($grant),
+							dbesc($scope),
+							intval(local_channel()),
+							dbesc($name));
+				} else {
+					$r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id)
+						VALUES ('%s','%s','%s','%s','%s',%d)",
+						dbesc($name),
+						dbesc($secret),
+						dbesc($redirect),
+						dbesc($grant),
+						dbesc($scope),
+						intval(local_channel())
+					);
+					$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ",
+						dbesc($name),
+						intval(local_channel()),
+						dbesc('all')
+					);
+				}
+			}
+			goaway(z_root()."/settings/oauth2/");
+			return;
+		}
+	}
+
+	function get() {
+			
+		if((argc() > 2) && (argv(2) === 'add')) {
+			$tpl = get_markup_template("settings_oauth2_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("settings_oauth2"),
+				'$title'	=> t('Add OAuth2 application'),
+				'$submit'	=> t('Submit'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), '', t('Name of application')),
+				'$secret'	=> array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')),
+				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
+				'$grant'     => array('grant', t('Grant Types'), '', t('leave blank unless your application sepcifically requires this')),
+				'$scope'     => array('scope', t('Authorization scope'), '', t('leave blank unless your application sepcifically requires this')),
+			));
+			return $o;
+		}
+			
+		if((argc() > 3) && (argv(2) === 'edit')) {
+			$r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= %d",
+					dbesc(argv(3)),
+					intval(local_channel())
+			);
+			
+			if (! $r){
+				notice(t('OAuth2 Application not found.'));
+				return;
+			}
+
+			$app = $r[0];
+				
+			$tpl = get_markup_template("settings_oauth2_edit.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("settings_oauth2"),
+				'$title'	=> t('Add application'),
+				'$submit'	=> t('Update'),
+				'$cancel'	=> t('Cancel'),
+				'$name'		=> array('name', t('Name'), $app['client_id'], t('Name of application')),
+				'$secret'	=> array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')),
+				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')),
+				'$grant'     => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application sepcifically requires this')),
+				'$scope'     => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application sepcifically requires this')),
+			));
+			return $o;
+		}
+			
+		if((argc() > 3) && (argv(2) === 'delete')) {
+			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2', 't');
+			
+			$r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(3)),
+					intval(local_channel())
+			);
+			goaway(z_root()."/settings/oauth2/");
+			return;			
+		}
+			
+
+		$r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my 
+				FROM oauth_clients
+				LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id
+				WHERE oauth_clients.user_id IN (%d,0)",
+				intval(local_channel()),
+				intval(local_channel())
+		);
+			
+		$tpl = get_markup_template("settings_oauth2.tpl");
+		$o .= replace_macros($tpl, array(
+			'$form_security_token' => get_form_security_token("settings_oauth2"),
+			'$baseurl'	=> z_root(),
+			'$title'	=> t('Connected OAuth2 Apps'),
+			'$add'		=> t('Add application'),
+			'$edit'		=> t('Edit'),
+			'$delete'		=> t('Delete'),
+			'$consumerkey' => t('Client key starts with'),
+			'$noname'	=> t('No name'),
+			'$remove'	=> t('Remove authorization'),
+			'$apps'		=> $r,
+		));
+		return $o;
+			
+	}
+
+}

Zotlabs/Module/Settings/Permcats.php

@@ -19,6 +19,11 @@ class Permcats {
 		$all_perms = \Zotlabs\Access\Permissions::Perms();
 
 		$name = escape_tags(trim($_POST['name']));
+		if(! $name) {
+			notice( t('Permission Name is required.') . EOL);
+			return;
+		}
+
 
 		$pcarr = [];
 

Zotlabs/Module/Setup.php

@@ -563,16 +563,20 @@ class Setup extends \Zotlabs\Web\Controller {
 		$status = true;
 		$help = '';
 
-		if( (file_exists('.htconfig.php') && !is_writable('.htconfig.php')) ||
-			(!file_exists('.htconfig.php') && !is_writable('.')) ) {
-				$status = false;
-				$help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL;
-				$help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL;
-				$help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Red top folder.').EOL;
-				$help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "install/INSTALL.txt" for instructions.').EOL;
+		$fname = '.htconfig.php';
+
+		if((file_exists($fname) && is_writable($fname)) || 
+			(! (file_exists($fname) && is_writable('.')))) {
+			$this->check_add($checks, t('.htconfig.php is writable'), $status, true, $help);
+			return;
 		}
 
-		$this->check_add($checks, t('.htconfig.php is writable'), $status, false, $help);
+		$status = false;
+		$help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL;
+		$help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL;
+		$help .= t('Please see install/INSTALL.txt for additional information.');
+
+		$this->check_add($checks, t('.htconfig.php is writable'), $status, true, $help);
 	}
 
 	/**

Zotlabs/Module/Share.php

@@ -14,10 +14,15 @@ class Share extends \Zotlabs\Web\Controller {
 		if(! $post_id)
 			killme();
 	
-
 		echo '[share=' . $post_id . '][/share]';
 		killme();
 
+
+	/**
+	 * The remaining code is deprecated and handled in Zotlabs/Lib/Share.php at post 
+	 * submission time.
+ 	 */
+
 		if(! (local_channel() || remote_channel()))
 			killme();
 	
@@ -60,12 +65,14 @@ class Share extends \Zotlabs\Web\Controller {
 			$pos = strpos($r[0]['body'], "[share");
 			$o = substr($r[0]['body'], $pos);
 		} else {
-			$o = "[share author='".urlencode($r[0]['author']['xchan_name']).
-				"' profile='".$r[0]['author']['xchan_url'] .
-				"' avatar='".$r[0]['author']['xchan_photo_s'].
-				"' link='".$r[0]['plink'].
-				"' posted='".$r[0]['created'].
-				"' message_id='".$r[0]['mid']."']";
+			$o = "[share author='" . urlencode($r[0]['author']['xchan_name']) .
+				"' profile='"    . $r[0]['author']['xchan_url'] .
+				"' avatar='"     . $r[0]['author']['xchan_photo_s'] .
+				"' link='"       . $r[0]['plink'] .
+				"' auth='"       . (($r[0]['author']['network'] === 'zot') ? 'true' : 'false') .
+				"' posted='"     . $r[0]['created'] .
+				"' message_id='" . $r[0]['mid'] . 
+			"']";
 			if($r[0]['title'])
 				$o .= '[b]'.$r[0]['title'].'[/b]'."\r\n";
 			$o .= (($is_photo) ? $photo_bb . "\r\n" . $r[0]['body'] : $r[0]['body']);

Zotlabs/Module/Tagger.php

@@ -80,6 +80,8 @@ class Tagger extends \Zotlabs\Web\Controller {
 				break;
 		}
 	
+
+		$clean_term = trim($term,'"\' ');
 	
 		$links = array(array('rel' => 'alternate','type' => 'text/html', 
 			'href' => z_root() . '/display/' . gen_link_id($item['mid'])));
@@ -103,15 +105,15 @@ class Tagger extends \Zotlabs\Web\Controller {
 				),
 		));
 	
-		$tagid = z_root() . '/search?tag=' . $term;
+		$tagid = z_root() . '/search?tag=' . $clean_term;
 		$objtype = ACTIVITY_OBJ_TAGTERM;
 	
 		$obj = json_encode(array(
 			'type'    => $objtype,
 			'id'      => $tagid,
 			'link'    => array(array('rel' => 'alternate','type' => 'text/html', 'href' => $tagid)),
-			'title'   => $term,
-			'content' => $term
+			'title'   => $clean_term,
+			'content' => $clean_term
 		));
 	
 		$bodyverb = t('%1$s tagged %2$s\'s %3$s with %4$s');
@@ -119,7 +121,7 @@ class Tagger extends \Zotlabs\Web\Controller {
 		// saving here for reference
 		// also check out x22d5 and x2317 and x0d6b and x0db8 and x24d0 and xff20 !!!
 	
-		$termlink = html_entity_decode('⋕') . '[zrl=' . z_root() . '/search?tag=' . urlencode($term) . ']'. $term . '[/zrl]';
+		$termlink = html_entity_decode('⋕') . '[zrl=' . z_root() . '/search?tag=' . urlencode($clean_term) . ']'. $clean_term . '[/zrl]';
 	
 		$channel = \App::get_channel();
 	
@@ -143,8 +145,7 @@ class Tagger extends \Zotlabs\Web\Controller {
 		$arr['obj_type'] = $objtype;
 		$arr['obj'] = $obj;
 		$arr['parent_mid'] = $item['mid'];
-		
-		store_item_tag($item['uid'],$item['id'],TERM_OBJ_POST,TERM_COMMUNITYTAG,$term,$tagid);
+		store_item_tag($item['uid'],$item['id'],TERM_OBJ_POST,TERM_COMMUNITYTAG,$clean_term,$tagid);
 		$ret = post_activity_item($arr);
 
 		if($ret['success']) {

Zotlabs/Module/Token.php

@@ -29,7 +29,8 @@ class Token extends \Zotlabs\Web\Controller {
 		}
 
 		$s = new \Zotlabs\Identity\OAuth2Server(new OAuth2Storage(\DBA::$dba->db));
-		$s->handleTokenRequest(\OAuth2\Request::createFromGlobals())->send();
+		$request = \OAuth2\Request::createFromGlobals();
+		$s->handleTokenRequest($request)->send();
 
 		killme();
 	}

Zotlabs/Module/Uexport.php

@@ -22,8 +22,8 @@ class Uexport extends \Zotlabs\Web\Controller {
 				$month = intval(argv(2));
 			}
 	
-			header('content-type: application/octet_stream');
-			header('content-disposition: attachment; filename="' . $channel['channel_address'] . (($year) ? '-' . $year : '') . (($month) ? '-' . $month : '') . '.json"' );
+			header('content-type: application/json');
+			header('content-disposition: attachment; filename="' . $channel['channel_address'] . (($year) ? '-' . $year : '') . (($month) ? '-' . $month : '') . (($_REQUEST['sections']) ? '-' . $_REQUEST['sections'] : '')  . '.json"' );
 	
 			if($year) {
 				echo json_encode(identity_export_year(local_channel(),$year,$month));

Zotlabs/Module/Viewconnections.php

@@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 			$tpl = get_markup_template("viewcontact_template.tpl");
 			$o .= replace_macros($tpl, array(
 				'$title' => t('View Connections'),

Zotlabs/Module/Webfinger.php

@@ -17,33 +17,15 @@ class Webfinger extends \Zotlabs\Web\Controller {
 	
 		$o .= '<br /><br />';
 		
-		$old = false;
 		if(x($_GET,'addr')) {
 			$addr = trim($_GET['addr']);
-	//		if(strpos($addr,'@') !== false) {
-				$res = webfinger_rfc7033($addr,true);
-				if(! $res) {
-					$res = old_webfinger($addr);
-					$old = true;
-				}
-	//		}
-	//		else {
-	//			if(function_exists('lrdd'))
-	//				$res = lrdd($addr);
-	//		}
-	
-			if($res && $old) {
-				foreach($res as $r) {
-					if($r['@attributes']['rel'] === 'http://microformats.org/profile/hcard') {
-						$hcard = unamp($r['@attributes']['href']);
-						require_once('library/HTML5/Parser.php');
-						$res['vcard'] = scrape_vcard($hcard);
-						break;
-					}
-				}
+
+			$res = webfinger_rfc7033($addr,true);
+			if(! $res) {
+				$res = old_webfinger($addr);
 			}
 	
-	
+		
 			$o .= '<pre>';
 			$o .= str_replace("\n",'<br />',print_r($res,true));
 			$o .= '</pre>';

Zotlabs/Module/Well_known.php

@@ -26,7 +26,6 @@ class Well_known extends \Zotlabs\Web\Controller {
 				killme();
 			}
 	
-	
 			switch(argv(1)) {
 				case 'zot-info':
 					\App::$argc -= 1;
@@ -52,6 +51,10 @@ class Well_known extends \Zotlabs\Web\Controller {
 					$module->init();
 					break;
 	
+				case 'dnt-policy.txt':
+					echo file_get_contents('doc/dnt-policy.txt');
+					killme();
+
 				default:
 					if(file_exists(\App::$cmd)) {
 						echo file_get_contents(\App::$cmd); 

Zotlabs/Module/Wiki.php

@@ -284,6 +284,8 @@ class Wiki extends \Zotlabs\Web\Controller {
 				$wikiheaderPage = urldecode($pageUrlName);
 
 				$renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page'));
+				$sharePage  = t('Share');
+
 				$p = [];
 
 				if(! $ignore_language) {
@@ -354,6 +356,8 @@ class Wiki extends \Zotlabs\Web\Controller {
 			'$wikiheaderName' => $wikiheaderName,
 			'$wikiheaderPage' => $wikiheaderPage,
 			'$renamePage' => $renamePage,
+			'$sharePage' => $sharePage,
+			'$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'),
 			'$showPageControls' => $showPageControls,
 			'$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')),
 			'$tools_label' => 'Page Tools',

Zotlabs/Storage/Browser.php

@@ -274,7 +274,7 @@ class Browser extends DAV\Browser\Plugin {
 				'$actionspanel' => $output,
 				'$shared' => t('Shared'),
 				'$create' => t('Create'),
-				'$upload' => t('Upload'),
+				'$upload' => t('Add Files'),
 				'$is_owner' => $is_owner,
 				'$parentpath' => $parentpath,
 				'$cpath' => bin2hex(\App::$query_string),

Zotlabs/Storage/Directory.php

@@ -169,7 +169,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo
 
 		$x = attach_syspaths($this->auth->owner_id,$this->folder_hash);
 
-		$y = q("update attach set display_path = '%s where hash = '%s' and uid = %d",
+		$y = q("update attach set display_path = '%s' where hash = '%s' and uid = %d",
 			dbesc($x['path']),
 			dbesc($this->folder_hash),
 			intval($this->auth->owner_id)
@@ -389,8 +389,12 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo
 		);
 
 		if ($r) {
+
+			// When initiated from DAV, set the 'force' flag on attach_mkdir(). This will cause the operation to report success even if the 
+			// folder already exists. 
+
 			require_once('include/attach.php');
-			$result = attach_mkdir($r[0], $this->auth->observer, array('filename' => $name, 'folder' => $this->folder_hash));
+			$result = attach_mkdir($r[0], $this->auth->observer, array('filename' => $name, 'folder' => $this->folder_hash, 'force' => true));
 
 			if($result['success']) {
 				$sync = attach_export_data($r[0],$result['data']['hash']);
@@ -680,7 +684,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo
 				throw new DAV\Exception\Forbidden('Permission denied.');
 			}
 			else {
-				throw new DAV\Exception\NotFound('A component of the request file path could not be found.');
+				throw new DAV\Exception\NotFound('A component of the requested file path could not be found.');
 			}
 		}
 
@@ -691,7 +695,23 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota, DAV\IMo
 		}
 
 		$prefix = '';
-		$suffix = ' order by is_dir desc, filename asc ';
+
+		if(! array_key_exists('cloud_sort',$_SESSION))
+			$_SESSION['cloud_sort'] = 'name';
+
+		switch($_SESSION['cloud_sort']) {
+			case 'size': 
+				$suffix = ' order by is_dir desc, filesize asc ';
+				break;
+			// The following provides inconsistent results for directories because we re-calculate the date for directories based on the most recent change
+			case 'date':
+				$suffix = ' order by is_dir desc, edited asc ';
+				break;
+			case 'name':
+			default:
+				$suffix = ' order by is_dir desc, filename asc ';
+				break;
+		}
 
 		$r = q("select $prefix id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, created, edited from attach where folder = '%s' and uid = %d $perms $suffix",
 			dbesc($folder),

Zotlabs/Storage/File.php

@@ -49,7 +49,7 @@ class File extends DAV\Node implements DAV\IFile {
 		$this->data = $data;
 		$this->auth = $auth;
 
-		logger(print_r($this->data, true), LOGGER_DATA);
+		// logger(print_r($this->data, true), LOGGER_DATA);
 	}
 
 	/**

Zotlabs/Storage/ZotOauth2Pdo.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace Zotlabs\Storage;
+
+class ZotOauth2Pdo extends \OAuth2\Storage\Pdo {
+	public function getConfig()
+    {
+		return $this->config;
+    }
+}

Zotlabs/Update/_1208.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1208 {
+
+	function run() {
+
+		if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
+			$r1 = q("ALTER TABLE poll ADD poll_author text NOT NULL");
+ 			$r2 = q("create index \"poll_author_idx\" on poll (\"poll_author\") ");
+
+			$r = ($r1 && $r2);
+		}
+		else {
+			$r = q("ALTER TABLE `poll` ADD `poll_author` VARCHAR(191) NOT NULL AFTER `poll_votes`, 
+				ADD INDEX `poll_author` (`poll_author`)");
+		}
+
+		if($r)
+			return UPDATE_SUCCESS;
+		return UPDATE_FAILED;
+
+	}
+
+}

Zotlabs/Update/_1209.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1209 {
+
+	function run() {
+
+		if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
+			$r1 = q("ALTER TABLE poll_elm ADD pelm_order numeric(6) NOT NULL DEFAULT '0' ");
+ 			$r2 = q("create index \"pelm_order_idx\" on poll_elm (\"pelm_order\")");
+
+			$r = ($r1 && $r2);
+		}
+		else {
+			$r = q("ALTER TABLE `poll_elm` ADD `pelm_order` int(11) NOT NULL DEFAULT 0, 
+				ADD INDEX `pelm_order` (`pelm_order`)");
+		}
+
+		if($r)
+			return UPDATE_SUCCESS;
+		return UPDATE_FAILED;
+
+	}
+
+}

Zotlabs/Update/_1210.php

@@ -0,0 +1,78 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1210 {
+
+	function run() {
+
+	$sql = "CREATE TABLE oauth_clients (
+  client_id             VARCHAR(80)   NOT NULL,
+  client_secret         VARCHAR(80),
+  redirect_uri          VARCHAR(2000),
+  grant_types           VARCHAR(80),
+  scope                 VARCHAR(4000),
+  user_id               VARCHAR(80),
+  PRIMARY KEY (client_id)
+);
+
+CREATE TABLE oauth_access_tokens (
+  access_token         VARCHAR(40)    NOT NULL,
+  client_id            VARCHAR(80)    NOT NULL,
+  user_id              VARCHAR(255),
+  expires              TIMESTAMP      NOT NULL,
+  scope                VARCHAR(4000),
+  PRIMARY KEY (access_token)
+);
+
+CREATE TABLE oauth_authorization_codes (
+  authorization_code  VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  redirect_uri        VARCHAR(2000),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  id_token            VARCHAR(1000),
+  PRIMARY KEY (authorization_code)
+);
+
+CREATE TABLE oauth_refresh_tokens (
+  refresh_token       VARCHAR(40)     NOT NULL,
+  client_id           VARCHAR(80)     NOT NULL,
+  user_id             VARCHAR(255),
+  expires             TIMESTAMP       NOT NULL,
+  scope               VARCHAR(4000),
+  PRIMARY KEY (refresh_token)
+);
+
+CREATE TABLE oauth_scopes (
+  scope               VARCHAR(191)    NOT NULL,
+  is_default          SMALLINT,
+  PRIMARY KEY (scope)
+);
+
+CREATE TABLE oauth_jwt (
+  client_id           VARCHAR(80)     NOT NULL,
+  subject             VARCHAR(80),
+  public_key          VARCHAR(2000)   NOT NULL
+);
+";
+
+		$arr = explode(';', $sql);
+		$errors = 0;
+		foreach($arr as $a) {
+			if(strlen(trim($a))) {
+				$r = dbq(trim($a));
+				if(! $r) {
+					$errors ++;
+				}
+			}
+		}
+
+		if(! $errors)
+			return UPDATE_SUCCESS;
+		return UPDATE_FAILED;
+
+	}
+
+}

Zotlabs/Update/_1211.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1211 {
+
+	function run() {
+
+		if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
+			$r1 = q("ALTER TABLE channel ADD channel_active timestamp NOT NULL DEFAULT '0001-01-01 00:00:00' ");
+ 			$r2 = q("create index \"channel_active_idx\" on channel (\"channel_active\")");
+
+			$r = ($r1 && $r2);
+		}
+		else {
+			$r = q("ALTER TABLE `channel` ADD `channel_active` datetime NOT NULL DEFAULT '0001-01-01 00:00:00' , 
+				ADD INDEX `channel_active` (`channel_active`)");
+		}
+
+		if($r)
+			return UPDATE_SUCCESS;
+		return UPDATE_FAILED;
+
+	}
+
+}

Zotlabs/Update/_1212.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1212 {
+
+	function run() {
+
+		$r = q("select channel_id from channel where true");
+		if($r) {
+			foreach($r as $rv) {
+				$role = get_pconfig($rv['channel_id'],'system','permissions_role');
+				if($role !== 'custom') {
+					$role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($role);
+					if(array_key_exists('limits',$role_permissions) && array_key_exists('post_comments',$role_permissions['limits'])) {
+						set_pconfig($rv['channel_id'],'perm_limits','post_comments',$role_permissions['limits']['post_comments']);
+					}
+				}
+			}
+		}
+
+		return UPDATE_SUCCESS;
+
+	}
+
+}

Zotlabs/Update/_1213.php

@@ -0,0 +1,28 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1213 {
+
+	function run() {
+		if(ACTIVE_DBTYPE == DBTYPE_MYSQL) {
+			q("START TRANSACTION");
+
+			$r = q("ALTER TABLE abconfig 
+				DROP INDEX chan,
+				DROP INDEX xchan,
+				ADD INDEX chan_xchan (chan, xchan)
+			");
+
+			if($r) {
+				q("COMMIT");
+				return UPDATE_SUCCESS;
+			}
+			else {        
+				q("ROLLBACK");
+				return UPDATE_FAILED;
+			}
+		}
+	}
+
+}

Zotlabs/Update/_1214.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1214 {
+
+	function run() {
+		if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
+			q("START TRANSACTION");
+
+			$r1 = q("ALTER TABLE oauth_clients ALTER COLUMN user_id TYPE bigint USING user_id::bigint");
+			$r2 = q("ALTER TABLE oauth_clients ALTER COLUMN user_id SET NOT NULL");
+			$r3 = q("ALTER TABLE oauth_clients ALTER COLUMN user_id SET DEFAULT 0");
+
+			$r4 = q("ALTER TABLE oauth_access_tokens ALTER COLUMN user_id TYPE bigint USING user_id::bigint");
+			$r5 = q("ALTER TABLE oauth_access_tokens ALTER COLUMN user_id SET NOT NULL");
+			$r6 = q("ALTER TABLE oauth_access_tokens ALTER COLUMN user_id SET DEFAULT 0");
+
+			$r7 = q("ALTER TABLE oauth_authorization_codes ALTER COLUMN user_id TYPE bigint USING user_id::bigint");
+			$r8 = q("ALTER TABLE oauth_authorization_codes ALTER COLUMN user_id SET NOT NULL");
+			$r9 = q("ALTER TABLE oauth_authorization_codes ALTER COLUMN user_id SET DEFAULT 0");
+
+			$r10 = q("ALTER TABLE oauth_refresh_tokens ALTER COLUMN user_id TYPE bigint USING user_id::bigint");
+			$r11 = q("ALTER TABLE oauth_refresh_tokens ALTER COLUMN user_id SET NOT NULL");
+			$r12 = q("ALTER TABLE oauth_refresh_tokens ALTER COLUMN user_id SET DEFAULT 0");
+
+
+			if($r1 && $r2 && $r3 && $r4 && $r5 && $r6 && $r7 && $r8 && $r9 && $r10 && $r11 && $r12) {
+				q("COMMIT");
+				return UPDATE_SUCCESS;
+			}
+			else {        
+				q("ROLLBACK");
+				return UPDATE_FAILED;
+			}
+		}
+		else {
+			q("START TRANSACTION");
+
+			$r1 = q("ALTER TABLE oauth_clients MODIFY COLUMN user_id int(10) unsigned NOT NULL DEFAULT 0");
+			$r2 = q("ALTER TABLE oauth_access_tokens MODIFY COLUMN user_id int(10) unsigned NOT NULL DEFAULT 0");
+			$r3 = q("ALTER TABLE oauth_authorization_codes MODIFY COLUMN user_id int(10) unsigned NOT NULL DEFAULT 0");
+			$r4 = q("ALTER TABLE oauth_refresh_tokens MODIFY COLUMN user_id int(10) unsigned NOT NULL DEFAULT 0");
+
+			if($r1 && $r2 && $r3 && $r4) {
+				q("COMMIT");
+				return UPDATE_SUCCESS;
+			}
+			else {        
+				q("ROLLBACK");
+				return UPDATE_FAILED;
+			}
+
+		}
+	}
+
+}

Zotlabs/Update/_1215.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1215 {
+
+	function run() {
+		q("START TRANSACTION");
+
+		// this will fix mastodon hubloc_url
+		$r1 = q("UPDATE hubloc SET hubloc_url = LEFT(hubloc_url, POSITION('/users' IN hubloc_url)-1) WHERE POSITION('/users' IN hubloc_url)>0");
+
+		// this will fix peertube hubloc_url
+		$r2 = q("UPDATE hubloc SET hubloc_url = LEFT(hubloc_url, POSITION('/account' IN hubloc_url)-1) WHERE POSITION('/account' IN hubloc_url)>0");
+
+		if($r1 && $r2) {
+			q("COMMIT");
+			return UPDATE_SUCCESS;
+		}
+		else {        
+			q("ROLLBACK");
+			return UPDATE_FAILED;
+		}
+	}
+
+}

Zotlabs/Web/HTTPSig.php

@@ -3,16 +3,24 @@
 namespace Zotlabs\Web;
 
 /**
- * Implements HTTP Signatures per draft-cavage-http-signatures-07
+ * @brief Implements HTTP Signatures per draft-cavage-http-signatures-07.
+ *
+ * @see https://tools.ietf.org/html/draft-cavage-http-signatures-07
  */
-
-
 class HTTPSig {
 
-	// See RFC5843
-
-	static function generate_digest($body,$set = true) {
-		$digest = base64_encode(hash('sha256',$body,true));
+	/**
+	 * @brief RFC5843
+	 *
+	 * @see https://tools.ietf.org/html/rfc5843
+	 *
+	 * @param string $body The value to create the digest for
+	 * @param boolean $set (optional, default true)
+	 *   If set send a Digest HTTP header
+	 * @return string The generated digest of $body
+	 */
+	static function generate_digest($body, $set = true) {
+		$digest = base64_encode(hash('sha256', $body, true));
 
 		if($set) {
 			header('Digest: SHA-256=' . $digest);
@@ -40,6 +48,7 @@ class HTTPSig {
 		if(is_array($data) && $data['header']) {
 			if(! $data['success'])
 				return $result;
+
 			$h = new \Zotlabs\Web\HTTPHeaders($data['header']);
 			$headers = $h->fetcharr();
 			$body = $data['body'];
@@ -47,9 +56,11 @@ class HTTPSig {
 
 		else {
 			$headers = [];
-			$headers['(request-target)'] = 
+			$headers['(request-target)'] =
 				strtolower($_SERVER['REQUEST_METHOD']) . ' ' .
 				$_SERVER['REQUEST_URI'];
+			$headers['content-type'] = $_SERVER['CONTENT_TYPE'];
+
 			foreach($_SERVER as $k => $v) {
 				if(strpos($k,'HTTP_') === 0) {
 					$field = str_replace('_','-',strtolower(substr($k,5)));
@@ -58,6 +69,10 @@ class HTTPSig {
 			}
 		}
 
+		// logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL);
+
+		// logger('headers: ' . print_r($headers,true), LOGGER_ALL);
+
 		$sig_block = null;
 
 		if(array_key_exists('signature',$headers)) {
@@ -78,7 +93,7 @@ class HTTPSig {
 		$result['header_signed'] = true;
 
 		$signed_headers = $sig_block['headers'];
-		if(! $signed_headers) 
+		if(! $signed_headers)
 			$signed_headers = [ 'date' ];
 
 		$signed_data = '';
@@ -131,7 +146,7 @@ class HTTPSig {
 			if($digest[0] === 'SHA-512')
 				$hashalg = 'sha512';
 
-			// The explode operation will have stripped the '=' padding, so compare against unpadded base64 
+			// The explode operation will have stripped the '=' padding, so compare against unpadded base64
 			if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) {
 				$result['content_valid'] = true;
 			}
@@ -146,7 +161,7 @@ class HTTPSig {
 			if($digest[0] === 'SHA-512')
 				$hashalg = 'sha512';
 
-			// The explode operation will have stripped the '=' padding, so compare against unpadded base64 
+			// The explode operation will have stripped the '=' padding, so compare against unpadded base64
 			if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) {
 				$result['content_valid'] = true;
 			}
@@ -155,9 +170,15 @@ class HTTPSig {
 		logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false'));
 
 		return $result;
-
 	}
 
+	/**
+	 * @brief
+	 *
+	 * @param string $id
+	 * @return boolean|string
+	 *   false if no pub key found, otherwise return the pub key
+	 */
 	function get_activitypub_key($id) {
 
 		if(strpos($id,'acct:') === 0) {
@@ -174,25 +195,41 @@ class HTTPSig {
 		if($x && $x[0]['xchan_pubkey']) {
 			return ($x[0]['xchan_pubkey']);
 		}
-		$r = as_fetch($id);
+
+		if(function_exists('as_fetch'))
+			$r = as_fetch($id);
 
 		if($r) {
 			$j = json_decode($r,true);
 
-			if($j['id'] !== $id)
-				return false; 
 			if(array_key_exists('publicKey',$j) && array_key_exists('publicKeyPem',$j['publicKey'])) {
+				if((array_key_exists('id',$j['publicKey']) && $j['publicKey']['id'] !== $id) && $j['id'] !== $id)
+					return false;
+
 				return($j['publicKey']['publicKeyPem']);
 			}
 		}
+
 		return false;
 	}
 
-
-
-
-	static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256', 
-		$crypt_key = null, $crypt_algo = 'aes256ctr') {
+	/**
+	 * @brief
+	 *
+	 * @param string $request
+	 * @param array $head
+	 * @param string $prvkey
+	 * @param string $keyid (optional, default 'Key')
+	 * @param boolean $send_headers (optional, default false)
+	 *   If set send a HTTP header
+	 * @param boolean $auth (optional, default false)
+	 * @param string $alg (optional, default 'sha256')
+	 * @param string $crypt_key (optional, default null)
+	 * @param string $crypt_algo (optional, default 'aes256ctr')
+	 * @return array
+	 */
+	static function create_sig($request, $head, $prvkey, $keyid = 'Key', $send_headers = false, $auth = false,
+			$alg = 'sha256', $crypt_key = null, $crypt_algo = 'aes256ctr') {
 
 		$return_headers = [];
 
@@ -212,7 +249,7 @@ class HTTPSig {
 			$x = crypto_encapsulate($headerval,$crypt_key,$crypt_algo);
 			$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
 		}
-			
+
 		if($auth) {
 			$sighead = 'Authorization: Signature ' . $headerval;
 		}
@@ -236,12 +273,20 @@ class HTTPSig {
 		else {
 			$return_headers[] = $sighead;
 		}
+
 		return $return_headers;
 	}
 
-
-
-	static function sign($request,$head,$prvkey,$alg = 'sha256') {
+	/**
+	 * @brief
+	 *
+	 * @param string $request
+	 * @param array  $head
+	 * @param string $prvkey
+	 * @param string $alg (optional) default 'sha256'
+	 * @return array
+	 */
+	static function sign($request, $head, $prvkey, $alg = 'sha256') {
 
 		$ret = [];
 
@@ -250,27 +295,38 @@ class HTTPSig {
 		if($request) {
 			$headers = '(request-target)' . ': ' . trim($request) . "\n";
 			$fields = '(request-target)';
-		}			
+		}
 
 		if($head) {
 			foreach($head as $k => $v) {
 				$headers .= strtolower($k) . ': ' . trim($v) . "\n";
 				if($fields)
 					$fields .= ' ';
+
 				$fields .= strtolower($k);
 			}
 			// strip the trailing linefeed
 			$headers = rtrim($headers,"\n");
 		}
 
-		$sig = base64_encode(rsa_sign($headers,$prvkey,$alg)); 		
+		$sig = base64_encode(rsa_sign($headers,$prvkey,$alg));
 
 		$ret['headers']   = $fields;
 		$ret['signature'] = $sig;
-	
+
 		return $ret;
 	}
 
+	/**
+	 * @brief
+	 *
+	 * @param string $header
+	 * @return array associate array with
+	 *   - \e string \b keyID
+	 *   - \e string \b algorithm
+	 *   - \e array  \b headers
+	 *   - \e string \b signature
+	 */
 	static function parse_sigheader($header) {
 
 		$ret = [];
@@ -297,12 +353,23 @@ class HTTPSig {
 	}
 
 
-	static function decrypt_sigheader($header,$prvkey = null) {
+	/**
+	 * @brief
+	 *
+	 * @param string $header
+	 * @param string $prvkey (optional), if not set use site private key
+	 * @return array|string associative array, empty string if failue
+	 *   - \e string \b iv
+	 *   - \e string \b key
+	 *   - \e string \b alg
+	 *   - \e string \b data
+	 */
+	static function decrypt_sigheader($header, $prvkey = null) {
 
 		$iv = $key = $alg = $data = null;
 
 		if(! $prvkey) {
-			$prvkey = get_config('system','prvkey');
+			$prvkey = get_config('system', 'prvkey');
 		}
 
 		$matches = [];
@@ -319,10 +386,8 @@ class HTTPSig {
 		if($iv && $key && $alg && $data) {
 			return crypto_unencapsulate([ 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
 		}
- 		return '';
 
+		return '';
 	}
 
 }
-
-

Zotlabs/Web/WebServer.php

@@ -44,9 +44,9 @@ class WebServer {
 		 * We have to do it here because the session was just now opened.
 		 */
 
-		if(array_key_exists('system_language',$_POST)) {
-			if(strlen($_POST['system_language']))
-				$_SESSION['language'] = $_POST['system_language'];
+		if(array_key_exists('system_language',$_REQUEST)) {
+			if(strlen($_REQUEST['system_language']))
+				$_SESSION['language'] = $_REQUEST['system_language'];
 			else
 				unset($_SESSION['language']);
 		}

Zotlabs/Widget/Catcloud.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace Zotlabs\Widget;
+
+class Catcloud {
+
+	function widget($arr) {
+
+		if((! \App::$profile['profile_uid']) || (! \App::$profile['channel_hash']))
+			return '';
+
+		$limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50);
+
+		if(array_key_exists('type',$arr)) {
+			switch($arr['type']) {
+
+				case 'cards':
+
+					if(! perm_is_allowed(\App::$profile['profile_uid'], get_observer_hash(), 'view_pages'))
+						return '';
+
+					return card_catblock(\App::$profile['profile_uid'], $limit, '', \App::$profile['channel_hash']);
+
+				case 'articles':
+			
+					if(! perm_is_allowed(\App::$profile['profile_uid'], get_observer_hash(), 'view_pages'))
+						return '';
+
+					return article_catblock(\App::$profile['profile_uid'], $limit, '', \App::$profile['channel_hash']);
+
+
+				default:
+					break;
+			}
+		}
+
+
+		if(! perm_is_allowed(\App::$profile['profile_uid'], get_observer_hash(), 'view_stream'))
+			return '';
+
+		return catblock(\App::$profile['profile_uid'], $limit, '', \App::$profile['channel_hash']);
+
+
+	}
+
+}

Zotlabs/Widget/Design_tools.php

@@ -6,16 +6,9 @@ class Design_tools {
 
 	function widget($arr) {
 
-		// mod menu doesn't load a profile. For any modules which load a profile, check it.
-		// otherwise local_channel() is sufficient for permissions.
+		if(perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'write_pages') || (\App::$is_sys && is_site_admin()))
+			return design_tools();
 
-		if(\App::$profile['profile_uid'])
-			if((\App::$profile['profile_uid'] != local_channel()) && (! \App::$is_sys))
-				return '';
-
-		if(! local_channel())
-			return '';
-
-		return design_tools();
+		return EMPTY_STR;
 	}
 }

Zotlabs/Widget/Forums.php

@@ -51,7 +51,7 @@ class Forums {
 
 
 
-		$r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_deleted = 0 and abook_channel = %d and abook_pending = 0 and abook_ignored = 0 and abook_blocked = 0 $sql_extra order by xchan_name $limit ",
+		$r1 = q("select abook_id, xchan_hash, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash where xchan_deleted = 0 and abook_channel = %d and abook_pending = 0 and abook_ignored = 0 and abook_blocked = 0 and abook_archived = 0 $sql_extra order by xchan_name $limit ",
 			intval(local_channel())
 		);
 
@@ -66,8 +66,8 @@ class Forums {
 		for($x = 0; $x < count($r1); $x ++) {
 			$r = q("select sum(item_unseen) as unseen from item 
 				where uid = %d and owner_xchan = '%s' and item_unseen = 1 $perms_sql ",
-				dbesc($r1[$x]['xchan_hash']),
-				intval(local_channel())
+				intval(local_channel()),
+				dbesc($r1[$x]['xchan_hash'])
 			);
 			if($r)
 				$r1[$x]['unseen'] = $r[0]['unseen'];

Zotlabs/Widget/Newmember.php

@@ -13,22 +13,13 @@ class Newmember {
 		if(! $c)
 			return EMPTY_STR;
 
-
 		$a = \App::get_account();
 		if(! $a)
 			return EMPTY_STR;
 
-
-		if(datetime_convert('UTC','UTC',$a['account_created']) < datetime_convert('UTC','UTC', 'now - 60 days'))
+		if(! feature_enabled(local_channel(),'start_menu'))
 			return EMPTY_STR;
 
-		// This could be a new account that was used to clone a very old channel
-
-		$ob = \App::get_observer();
-		if($ob && array_key_exists('xchan_name_date',$ob) && $ob['xchan_name_date'] < datetime_convert('UTC','UTC','now - 60 days'))
-			return EMPTY_STR;
-
-
 		$options = [
 			t('Profile Creation'),
 			[ 
@@ -46,7 +37,7 @@ class Newmember {
 
 			t('Communicate'),
 			[
-				'channel/' . $channel['channel_address']       => t('View your channel homepage'),
+				'channel/' . $c['channel_address']       => t('View your channel homepage'),
 				'network'       => t('View your network stream'),
 			],
 

Zotlabs/Widget/Notifications.php

@@ -123,7 +123,7 @@ class Notifications {
 			];
 		}
 
-		if(get_config('system', 'disable_discover_tab') != 1) {
+		if(can_view_public_stream()) {
 			$notifications[] = [
 				'type' => 'pubs',
 				'icon' => 'globe',

Zotlabs/Widget/Pubtagcloud.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace Zotlabs\Widget;
+
+class Pubtagcloud {
+
+	function widget($arr) {
+
+		$trending = ((array_key_exists('trending',$arr)) ? intval($arr['trending']) : 0);
+	    if((observer_prohibited(true))) {
+            return EMPTY_STR;
+        }
+
+        if(! intval(get_config('system','open_pubstream',1))) {
+            if(! get_observer_hash()) {
+                return EMPTY_STR;
+            }
+        }
+
+        $site_firehose = ((intval(get_config('system','site_firehose',0))) ? true : false);
+        $net_firehose  = ((get_config('system','disable_discover_tab',1)) ? false : true);
+
+        if(! ($site_firehose || $net_firehose)) {
+            return EMPTY_STR;
+        }
+
+        if($net_firehose) {
+            $site_firehose = false;
+        }
+
+		$safemode = get_xconfig(get_observer_hash(),'directory','safemode',1);
+
+
+
+		$limit = ((array_key_exists('limit', $arr)) ? intval($arr['limit']) : 75);
+
+		return pubtagblock($net_firehose,$site_firehose, $limit, $trending, $safemode);
+
+		return '';
+	}
+}

Zotlabs/Widget/Settings_menu.php

@@ -81,12 +81,20 @@ class Settings_menu {
 
 		if(feature_enabled(local_channel(),'oauth_clients')) {
 			$tabs[] =	array(
-				'label' => t('Connected apps'),
+				'label' => t('OAuth1 apps'),
 				'url' => z_root() . '/settings/oauth',
 				'selected' => ((argv(1) === 'oauth') ? 'active' : ''),
 			);
 		}
 
+		if(feature_enabled(local_channel(),'oauth2_clients')) {
+			$tabs[] =	array(
+				'label' => t('OAuth2 apps'),
+				'url' => z_root() . '/settings/oauth2',
+				'selected' => ((argv(1) === 'oauth2') ? 'active' : ''),
+			);
+		}
+
 		if(feature_enabled(local_channel(),'access_tokens')) {
 			$tabs[] =	array(
 				'label' => t('Guest Access Tokens'),

Zotlabs/Widget/Tagcloud.php

@@ -2,9 +2,6 @@
 
 namespace Zotlabs\Widget;
 
-// @FIXME The problem with this widget is that we don't have a search function for webpages 
-// that we can send the links to. Then we should also provide an option to search webpages
-// and conversations.
 
 class Tagcloud {
 
@@ -14,15 +11,15 @@ class Tagcloud {
 		$uid = \App::$profile_uid;
 		$count = ((x($args,'count')) ? intval($args['count']) : 24);
 		$flags = 0;
-		$type = TERM_CATEGORY;
+		$type = TERM_HASHTAG;
 
 		// @FIXME there exists no $authors variable
-		$r = tagadelic($uid, $count, $authors, $owner, $flags, ITEM_TYPE_WEBPAGE, $type);
+		$r = tagadelic($uid, $count, $authors, $owner, $flags, 0, $type);
 
 		// @FIXME this should use a template
 
 		if($r) {
-			$o = '<div class="tagblock widget"><h3>' . t('Categories') . '</h3><div class="tags" align="center">';
+			$o = '<div class="tagblock widget"><h3>' . t('Tags') . '</h3><div class="tags" align="center">';
 			foreach($r as $rv) {
 				$o .= '<span class="tag' . $rv[2] . '">' . $rv[0] .' </span> ' . "\r\n";
 			}

Zotlabs/Widget/Tasklist.php

@@ -21,7 +21,7 @@ class Tasklist {
 			</script>';
 
 		$o .= '<div class="widget">' . '<h3>' . t('Tasks') . '</h3><div class="tasklist-tasks">';
-		$o .= '</div><form id="tasklist-new-form" action="" ><input id="tasklist-new-summary" type="text" name="summary" value="" /></form>';
+		$o .= '</div><form id="tasklist-new-form" action="" ><input class="form-control" id="tasklist-new-summary" type="text" name="summary" value="" /></form>';
 		$o .= '</div>';
 		return $o;
 

app/bugreport.apd

@@ -1,5 +1,5 @@
-version: 1
-url: https://github.com/redmatrix/hubzilla/issues
+version: 2
+url: https://framagit.org/hubzilla/core/issues
 name: Report Bug
 photo: icon:bug
 categories: System

boot.php

@@ -50,9 +50,11 @@ require_once('include/attach.php');
 require_once('include/bbcode.php');
 
 define ( 'PLATFORM_NAME',           'hubzilla' );
-define ( 'STD_VERSION',             '3.2' );
-define ( 'ZOT_REVISION',            '1.3' );
-define ( 'DB_UPDATE_VERSION',       1207 );
+define ( 'STD_VERSION',             '3.4.2' );
+define ( 'ZOT_REVISION',            '6.0a' );
+
+
+define ( 'DB_UPDATE_VERSION',       1215 );
 
 define ( 'PROJECT_BASE',   __DIR__ );
 
@@ -79,11 +81,11 @@ define ( 'DIRECTORY_MODE_STANDALONE',  0x0100); // A detached (off the grid) hub
 // point to go out and find the rest of the world.
 
 define ( 'DIRECTORY_REALM',            'RED_GLOBAL');
-define ( 'DIRECTORY_FALLBACK_MASTER',  'https://gravizot.de');
+define ( 'DIRECTORY_FALLBACK_MASTER',  'https://zotadel.net');
 
 $DIRECTORY_FALLBACK_SERVERS = array(
 	'https://hubzilla.zottel.net',
-	'https://gravizot.de'
+	'https://zotadel.net'
 );
 
 
@@ -401,6 +403,7 @@ define ( 'VNOTIFY_INTRO',      0x0200 );
 define ( 'VNOTIFY_REGISTER',   0x0400 );
 define ( 'VNOTIFY_FILES',      0x0800 );
 define ( 'VNOTIFY_PUBS',       0x1000 );
+define ( 'VNOTIFY_LIKE',       0x2000 );
 
 
 
@@ -477,6 +480,7 @@ define ( 'ACTIVITY_ABSTAIN',     NAMESPACE_ZOT   . '/activity/abstain' );
 define ( 'ACTIVITY_ATTEND',      NAMESPACE_ZOT   . '/activity/attendyes' );
 define ( 'ACTIVITY_ATTENDNO',    NAMESPACE_ZOT   . '/activity/attendno' );
 define ( 'ACTIVITY_ATTENDMAYBE', NAMESPACE_ZOT   . '/activity/attendmaybe' );
+define ( 'ACTIVITY_POLLRESPONSE', NAMESPACE_ZOT  . '/activity/pollresponse' );
 
 define ( 'ACTIVITY_OBJ_HEART',   NAMESPACE_ZOT   . '/activity/heart' );
 
@@ -854,7 +858,7 @@ class App {
 			self::$scheme = 'https';
 
 		if(x($_SERVER,'SERVER_NAME')) {
-			self::$hostname = $_SERVER['SERVER_NAME'];
+			self::$hostname = punify($_SERVER['SERVER_NAME']);
 
 			if(x($_SERVER,'SERVER_PORT') && $_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443)
 				self::$hostname .= ':' . $_SERVER['SERVER_PORT'];
@@ -871,13 +875,13 @@ class App {
 		set_include_path("include/self::$hostname" . PATH_SEPARATOR . get_include_path());
 
 		if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'], 0, 2) === "q=") {
-			self::$query_string = substr($_SERVER['QUERY_STRING'], 2);
+			self::$query_string = escape_tags(substr($_SERVER['QUERY_STRING'], 2));
 			// removing trailing / - maybe a nginx problem
 			if (substr(self::$query_string, 0, 1) == "/")
 				self::$query_string = substr(self::$query_string, 1);
 		}
 		if(x($_GET,'q'))
-			self::$cmd = trim($_GET['q'],'/\\');
+			self::$cmd = escape_tags(trim($_GET['q'],'/\\'));
 
 		// unix style "homedir"
 
@@ -951,6 +955,9 @@ class App {
 			&& is_array(self::$config['system'])
 			&& array_key_exists('baseurl',self::$config['system'])
 			&& strlen(self::$config['system']['baseurl'])) {
+			// get_baseurl() is a heavily used function.
+			// Do not use punify() here until we find a library that performs better than what we have now.
+			//$url = punify(self::$config['system']['baseurl']);
 			$url = self::$config['system']['baseurl'];
 			$url = trim($url,'\\/');
 			return $url;
@@ -958,7 +965,7 @@ class App {
 
 		$scheme = self::$scheme;
 
-		self::$baseurl = $scheme . "://" . self::$hostname . ((isset(self::$path) && strlen(self::$path)) ? '/' . self::$path : '' );
+		self::$baseurl = $scheme . "://" . punify(self::$hostname) . ((isset(self::$path) && strlen(self::$path)) ? '/' . self::$path : '' );
 
 		return self::$baseurl;
 	}
@@ -969,7 +976,7 @@ class App {
 			&& is_array(self::$config['system'])
 			&& array_key_exists('baseurl',self::$config['system'])
 			&& strlen(self::$config['system']['baseurl'])) {
-			$url = self::$config['system']['baseurl'];
+			$url = punify(self::$config['system']['baseurl']);
 			$url = trim($url,'\\/');
 		}
 
@@ -980,7 +987,7 @@ class App {
 		if($parsed !== false) {
 			self::$scheme = $parsed['scheme'];
 
-			self::$hostname = $parsed['host'];
+			self::$hostname = punify($parsed['host']);
 			if(x($parsed,'port'))
 				self::$hostname .= ':' . $parsed['port'];
 			if(x($parsed,'path'))

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "73ca170baa6ded94a989b8a1066e6a98",
+    "content-hash": "516114a0fbd804e5234ebeacbac30376",
     "packages": [
         {
             "name": "bshaffer/oauth2-server-php",
@@ -66,16 +66,16 @@
         },
         {
             "name": "commerceguys/intl",
-            "version": "v0.7.4",
+            "version": "v0.7.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/commerceguys/intl.git",
-                "reference": "edfcfc26ed8505c4f6fcf862eb36dfda1af74b00"
+                "reference": "de1435502068393fae4061818e194e4ea61b98d6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/commerceguys/intl/zipball/edfcfc26ed8505c4f6fcf862eb36dfda1af74b00",
-                "reference": "edfcfc26ed8505c4f6fcf862eb36dfda1af74b00",
+                "url": "https://api.github.com/repos/commerceguys/intl/zipball/de1435502068393fae4061818e194e4ea61b98d6",
+                "reference": "de1435502068393fae4061818e194e4ea61b98d6",
                 "shasum": ""
             },
             "require": {
@@ -106,20 +106,20 @@
                 }
             ],
             "description": "Internationalization library powered by CLDR data.",
-            "time": "2016-12-13T12:33:19+00:00"
+            "time": "2017-12-29T00:13:05+00:00"
         },
         {
             "name": "ezyang/htmlpurifier",
-            "version": "v4.9.3",
+            "version": "v4.10.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/ezyang/htmlpurifier.git",
-                "reference": "95e1bae3182efc0f3422896a3236e991049dac69"
+                "reference": "d85d39da4576a6934b72480be6978fb10c860021"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/95e1bae3182efc0f3422896a3236e991049dac69",
-                "reference": "95e1bae3182efc0f3422896a3236e991049dac69",
+                "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/d85d39da4576a6934b72480be6978fb10c860021",
+                "reference": "d85d39da4576a6934b72480be6978fb10c860021",
                 "shasum": ""
             },
             "require": {
@@ -153,7 +153,7 @@
             "keywords": [
                 "html"
             ],
-            "time": "2017-06-03T02:28:16+00:00"
+            "time": "2018-02-23T01:58:20+00:00"
         },
         {
             "name": "league/html-to-markdown",
@@ -256,30 +256,25 @@
         },
         {
             "name": "michelf/php-markdown",
-            "version": "1.7.0",
+            "version": "1.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/michelf/php-markdown.git",
-                "reference": "1f51cc520948f66cd2af8cbc45a5ee175e774220"
+                "reference": "01ab082b355bf188d907b9929cd99b2923053495"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/1f51cc520948f66cd2af8cbc45a5ee175e774220",
-                "reference": "1f51cc520948f66cd2af8cbc45a5ee175e774220",
+                "url": "https://api.github.com/repos/michelf/php-markdown/zipball/01ab082b355bf188d907b9929cd99b2923053495",
+                "reference": "01ab082b355bf188d907b9929cd99b2923053495",
                 "shasum": ""
             },
             "require": {
                 "php": ">=5.3.0"
             },
             "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-lib": "1.4.x-dev"
-                }
-            },
             "autoload": {
-                "psr-0": {
-                    "Michelf": ""
+                "psr-4": {
+                    "Michelf\\": "Michelf/"
                 }
             },
             "notification-url": "https://packagist.org/downloads/",
@@ -303,7 +298,7 @@
             "keywords": [
                 "markdown"
             ],
-            "time": "2016-10-29T18:58:20+00:00"
+            "time": "2018-01-15T00:49:33+00:00"
         },
         {
             "name": "pear/text_languagedetect",
@@ -538,16 +533,16 @@
         },
         {
             "name": "sabre/http",
-            "version": "4.2.3",
+            "version": "v4.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sabre-io/http.git",
-                "reference": "0295f9a3ee39be97e0898592fc19e42421e0cd93"
+                "reference": "acccec4ba863959b2d10c1fa0fb902736c5c8956"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sabre-io/http/zipball/0295f9a3ee39be97e0898592fc19e42421e0cd93",
-                "reference": "0295f9a3ee39be97e0898592fc19e42421e0cd93",
+                "url": "https://api.github.com/repos/sabre-io/http/zipball/acccec4ba863959b2d10c1fa0fb902736c5c8956",
+                "reference": "acccec4ba863959b2d10c1fa0fb902736c5c8956",
                 "shasum": ""
             },
             "require": {
@@ -590,7 +585,7 @@
             "keywords": [
                 "http"
             ],
-            "time": "2017-06-12T07:53:04+00:00"
+            "time": "2018-02-23T11:10:29+00:00"
         },
         {
             "name": "sabre/uri",
@@ -645,16 +640,16 @@
         },
         {
             "name": "sabre/vobject",
-            "version": "4.1.3",
+            "version": "4.1.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sabre-io/vobject.git",
-                "reference": "df9916813d1d83e4f761c4cba13361ee74196fac"
+                "reference": "0928660e92d46d2d24336a6db320636aa3a75414"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sabre-io/vobject/zipball/df9916813d1d83e4f761c4cba13361ee74196fac",
-                "reference": "df9916813d1d83e4f761c4cba13361ee74196fac",
+                "url": "https://api.github.com/repos/sabre-io/vobject/zipball/0928660e92d46d2d24336a6db320636aa3a75414",
+                "reference": "0928660e92d46d2d24336a6db320636aa3a75414",
                 "shasum": ""
             },
             "require": {
@@ -663,7 +658,7 @@
                 "sabre/xml": ">=1.5 <3.0"
             },
             "require-dev": {
-                "phpunit/phpunit": "> 4.8, <6.0.0",
+                "phpunit/phpunit": "> 4.8.35, <6.0.0",
                 "sabre/cs": "^1.0.0"
             },
             "suggest": {
@@ -738,7 +733,7 @@
                 "xCal",
                 "xCard"
             ],
-            "time": "2017-10-18T08:29:40+00:00"
+            "time": "2018-03-08T21:06:39+00:00"
         },
         {
             "name": "sabre/xml",
@@ -1179,16 +1174,16 @@
         },
         {
             "name": "behat/mink-extension",
-            "version": "2.3.0",
+            "version": "2.3.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/Behat/MinkExtension.git",
-                "reference": "badc565b7a1d05c4a4bf49c789045bcf7af6c6de"
+                "reference": "80f7849ba53867181b7e412df9210e12fba50177"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Behat/MinkExtension/zipball/badc565b7a1d05c4a4bf49c789045bcf7af6c6de",
-                "reference": "badc565b7a1d05c4a4bf49c789045bcf7af6c6de",
+                "url": "https://api.github.com/repos/Behat/MinkExtension/zipball/80f7849ba53867181b7e412df9210e12fba50177",
+                "reference": "80f7849ba53867181b7e412df9210e12fba50177",
                 "shasum": ""
             },
             "require": {
@@ -1234,7 +1229,7 @@
                 "test",
                 "web"
             ],
-            "time": "2017-11-24T19:30:49+00:00"
+            "time": "2018-02-06T15:36:30+00:00"
         },
         {
             "name": "behat/mink-goutte-driver",
@@ -2024,35 +2019,29 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "4.2.0",
+            "version": "3.3.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "66465776cfc249844bde6d117abff1d22e06c2da"
+                "reference": "bf329f6c1aadea3299f08ee804682b7c45b326a2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/66465776cfc249844bde6d117abff1d22e06c2da",
-                "reference": "66465776cfc249844bde6d117abff1d22e06c2da",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/bf329f6c1aadea3299f08ee804682b7c45b326a2",
+                "reference": "bf329f6c1aadea3299f08ee804682b7c45b326a2",
                 "shasum": ""
             },
             "require": {
-                "php": "^7.0",
+                "php": "^5.6 || ^7.0",
                 "phpdocumentor/reflection-common": "^1.0.0",
                 "phpdocumentor/type-resolver": "^0.4.0",
                 "webmozart/assert": "^1.0"
             },
             "require-dev": {
-                "doctrine/instantiator": "~1.0.5",
-                "mockery/mockery": "^1.0",
-                "phpunit/phpunit": "^6.4"
+                "mockery/mockery": "^0.9.4",
+                "phpunit/phpunit": "^4.4"
             },
             "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "4.x-dev"
-                }
-            },
             "autoload": {
                 "psr-4": {
                     "phpDocumentor\\Reflection\\": [
@@ -2071,7 +2060,7 @@
                 }
             ],
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
-            "time": "2017-11-27T17:38:31+00:00"
+            "time": "2017-11-10T14:09:06+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
@@ -2122,16 +2111,16 @@
         },
         {
             "name": "phpspec/prophecy",
-            "version": "1.7.3",
+            "version": "1.7.5",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpspec/prophecy.git",
-                "reference": "e4ed002c67da8eceb0eb8ddb8b3847bb53c5c2bf"
+                "reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/e4ed002c67da8eceb0eb8ddb8b3847bb53c5c2bf",
-                "reference": "e4ed002c67da8eceb0eb8ddb8b3847bb53c5c2bf",
+                "url": "https://api.github.com/repos/phpspec/prophecy/zipball/dfd6be44111a7c41c2e884a336cc4f461b3b2401",
+                "reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401",
                 "shasum": ""
             },
             "require": {
@@ -2143,7 +2132,7 @@
             },
             "require-dev": {
                 "phpspec/phpspec": "^2.5|^3.2",
-                "phpunit/phpunit": "^4.8.35 || ^5.7"
+                "phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5"
             },
             "type": "library",
             "extra": {
@@ -2181,20 +2170,20 @@
                 "spy",
                 "stub"
             ],
-            "time": "2017-11-24T13:59:53+00:00"
+            "time": "2018-02-19T10:16:54+00:00"
         },
         {
             "name": "phpunit/dbunit",
-            "version": "3.0.2",
+            "version": "3.0.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/dbunit.git",
-                "reference": "403350339b6aca748ee0067d027d85621992e21f"
+                "reference": "0fa4329e490480ab957fe7b1185ea0996ca11f44"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/dbunit/zipball/403350339b6aca748ee0067d027d85621992e21f",
-                "reference": "403350339b6aca748ee0067d027d85621992e21f",
+                "url": "https://api.github.com/repos/sebastianbergmann/dbunit/zipball/0fa4329e490480ab957fe7b1185ea0996ca11f44",
+                "reference": "0fa4329e490480ab957fe7b1185ea0996ca11f44",
                 "shasum": ""
             },
             "require": {
@@ -2233,7 +2222,7 @@
                 "testing",
                 "xunit"
             ],
-            "time": "2017-11-18T17:40:34+00:00"
+            "time": "2018-01-23T13:32:26+00:00"
         },
         {
             "name": "phpunit/php-code-coverage",
@@ -2773,21 +2762,21 @@
         },
         {
             "name": "sebastian/comparator",
-            "version": "2.1.0",
+            "version": "2.1.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/comparator.git",
-                "reference": "1174d9018191e93cb9d719edec01257fc05f8158"
+                "reference": "34369daee48eafb2651bea869b4b15d75ccc35f9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/1174d9018191e93cb9d719edec01257fc05f8158",
-                "reference": "1174d9018191e93cb9d719edec01257fc05f8158",
+                "url": "https://api.github.com/repos/sebastianbergmann/comparator/zipball/34369daee48eafb2651bea869b4b15d75ccc35f9",
+                "reference": "34369daee48eafb2651bea869b4b15d75ccc35f9",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.0",
-                "sebastian/diff": "^2.0",
+                "sebastian/diff": "^2.0 || ^3.0",
                 "sebastian/exporter": "^3.1"
             },
             "require-dev": {
@@ -2833,7 +2822,7 @@
                 "compare",
                 "equality"
             ],
-            "time": "2017-11-03T07:16:52+00:00"
+            "time": "2018-02-01T13:46:46+00:00"
         },
         {
             "name": "sebastian/diff",
@@ -3287,16 +3276,16 @@
         },
         {
             "name": "symfony/browser-kit",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/browser-kit.git",
-                "reference": "f761b4ecdd23a451c2cae6fba704d8b207cbb045"
+                "reference": "490f27762705c8489bd042fe3e9377a191dba9b4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/browser-kit/zipball/f761b4ecdd23a451c2cae6fba704d8b207cbb045",
-                "reference": "f761b4ecdd23a451c2cae6fba704d8b207cbb045",
+                "url": "https://api.github.com/repos/symfony/browser-kit/zipball/490f27762705c8489bd042fe3e9377a191dba9b4",
+                "reference": "490f27762705c8489bd042fe3e9377a191dba9b4",
                 "shasum": ""
             },
             "require": {
@@ -3340,20 +3329,20 @@
             ],
             "description": "Symfony BrowserKit Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-11T22:06:16+00:00"
+            "time": "2018-01-03T07:37:34+00:00"
         },
         {
             "name": "symfony/class-loader",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/class-loader.git",
-                "reference": "e8d36a7b5568d232f5c3f8ef92665836b9f1e038"
+                "reference": "e63c12699822bb3b667e7216ba07fbcc3a3e203e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/class-loader/zipball/e8d36a7b5568d232f5c3f8ef92665836b9f1e038",
-                "reference": "e8d36a7b5568d232f5c3f8ef92665836b9f1e038",
+                "url": "https://api.github.com/repos/symfony/class-loader/zipball/e63c12699822bb3b667e7216ba07fbcc3a3e203e",
+                "reference": "e63c12699822bb3b667e7216ba07fbcc3a3e203e",
                 "shasum": ""
             },
             "require": {
@@ -3396,20 +3385,20 @@
             ],
             "description": "Symfony ClassLoader Component",
             "homepage": "https://symfony.com",
-            "time": "2017-11-05T16:10:10+00:00"
+            "time": "2018-01-03T07:37:34+00:00"
         },
         {
             "name": "symfony/config",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/config.git",
-                "reference": "e57211b88aa889fefac1cb36866db04100b0f21c"
+                "reference": "05e10567b529476a006b00746c5f538f1636810e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/config/zipball/e57211b88aa889fefac1cb36866db04100b0f21c",
-                "reference": "e57211b88aa889fefac1cb36866db04100b0f21c",
+                "url": "https://api.github.com/repos/symfony/config/zipball/05e10567b529476a006b00746c5f538f1636810e",
+                "reference": "05e10567b529476a006b00746c5f538f1636810e",
                 "shasum": ""
             },
             "require": {
@@ -3422,6 +3411,7 @@
             },
             "require-dev": {
                 "symfony/dependency-injection": "~3.3|~4.0",
+                "symfony/event-dispatcher": "~3.3|~4.0",
                 "symfony/finder": "~3.3|~4.0",
                 "symfony/yaml": "~3.0|~4.0"
             },
@@ -3458,20 +3448,20 @@
             ],
             "description": "Symfony Config Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-14T19:40:10+00:00"
+            "time": "2018-02-14T10:03:57+00:00"
         },
         {
             "name": "symfony/console",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "9f21adfb92a9315b73ae2ed43138988ee4913d4e"
+                "reference": "067339e9b8ec30d5f19f5950208893ff026b94f7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/9f21adfb92a9315b73ae2ed43138988ee4913d4e",
-                "reference": "9f21adfb92a9315b73ae2ed43138988ee4913d4e",
+                "url": "https://api.github.com/repos/symfony/console/zipball/067339e9b8ec30d5f19f5950208893ff026b94f7",
+                "reference": "067339e9b8ec30d5f19f5950208893ff026b94f7",
                 "shasum": ""
             },
             "require": {
@@ -3527,20 +3517,20 @@
             ],
             "description": "Symfony Console Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-14T19:40:10+00:00"
+            "time": "2018-02-26T15:46:28+00:00"
         },
         {
             "name": "symfony/css-selector",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/css-selector.git",
-                "reference": "eac760b414cf1f64362c3dd047b989e4db121332"
+                "reference": "544655f1fc078a9cd839fdda2b7b1e64627c826a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/css-selector/zipball/eac760b414cf1f64362c3dd047b989e4db121332",
-                "reference": "eac760b414cf1f64362c3dd047b989e4db121332",
+                "url": "https://api.github.com/repos/symfony/css-selector/zipball/544655f1fc078a9cd839fdda2b7b1e64627c826a",
+                "reference": "544655f1fc078a9cd839fdda2b7b1e64627c826a",
                 "shasum": ""
             },
             "require": {
@@ -3580,20 +3570,20 @@
             ],
             "description": "Symfony CssSelector Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-14T19:40:10+00:00"
+            "time": "2018-02-03T14:55:07+00:00"
         },
         {
             "name": "symfony/debug",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/debug.git",
-                "reference": "543deab3ffff94402440b326fc94153bae2dfa7a"
+                "reference": "9b1071f86e79e1999b3d3675d2e0e7684268b9bc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/debug/zipball/543deab3ffff94402440b326fc94153bae2dfa7a",
-                "reference": "543deab3ffff94402440b326fc94153bae2dfa7a",
+                "url": "https://api.github.com/repos/symfony/debug/zipball/9b1071f86e79e1999b3d3675d2e0e7684268b9bc",
+                "reference": "9b1071f86e79e1999b3d3675d2e0e7684268b9bc",
                 "shasum": ""
             },
             "require": {
@@ -3636,20 +3626,20 @@
             ],
             "description": "Symfony Debug Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-12T08:27:14+00:00"
+            "time": "2018-02-28T21:49:22+00:00"
         },
         {
             "name": "symfony/dependency-injection",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/dependency-injection.git",
-                "reference": "5f81907ea43bfa971ac2c7fbac593ebe7cd7d333"
+                "reference": "12e901abc1cb0d637a0e5abe9923471361d96b07"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/5f81907ea43bfa971ac2c7fbac593ebe7cd7d333",
-                "reference": "5f81907ea43bfa971ac2c7fbac593ebe7cd7d333",
+                "url": "https://api.github.com/repos/symfony/dependency-injection/zipball/12e901abc1cb0d637a0e5abe9923471361d96b07",
+                "reference": "12e901abc1cb0d637a0e5abe9923471361d96b07",
                 "shasum": ""
             },
             "require": {
@@ -3707,20 +3697,20 @@
             ],
             "description": "Symfony DependencyInjection Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-14T19:40:10+00:00"
+            "time": "2018-03-04T03:54:53+00:00"
         },
         {
             "name": "symfony/dom-crawler",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/dom-crawler.git",
-                "reference": "dc847845c66fa68ad4522ed27e62b9b9dd12ab3b"
+                "reference": "2bb5d3101cc01f4fe580e536daf4f1959bc2d24d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/dc847845c66fa68ad4522ed27e62b9b9dd12ab3b",
-                "reference": "dc847845c66fa68ad4522ed27e62b9b9dd12ab3b",
+                "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/2bb5d3101cc01f4fe580e536daf4f1959bc2d24d",
+                "reference": "2bb5d3101cc01f4fe580e536daf4f1959bc2d24d",
                 "shasum": ""
             },
             "require": {
@@ -3763,20 +3753,20 @@
             ],
             "description": "Symfony DomCrawler Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-14T19:40:10+00:00"
+            "time": "2018-02-22T10:48:49+00:00"
         },
         {
             "name": "symfony/event-dispatcher",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/event-dispatcher.git",
-                "reference": "b869cbf8a15ca6261689de2c28a7d7f2d0706835"
+                "reference": "58990682ac3fdc1f563b7e705452921372aad11d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/b869cbf8a15ca6261689de2c28a7d7f2d0706835",
-                "reference": "b869cbf8a15ca6261689de2c28a7d7f2d0706835",
+                "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/58990682ac3fdc1f563b7e705452921372aad11d",
+                "reference": "58990682ac3fdc1f563b7e705452921372aad11d",
                 "shasum": ""
             },
             "require": {
@@ -3826,20 +3816,20 @@
             ],
             "description": "Symfony EventDispatcher Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-14T19:40:10+00:00"
+            "time": "2018-02-14T10:03:57+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "25b135bea251829e3db6a77d773643408b575ed4"
+                "reference": "253a4490b528597aa14d2bf5aeded6f5e5e4a541"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/25b135bea251829e3db6a77d773643408b575ed4",
-                "reference": "25b135bea251829e3db6a77d773643408b575ed4",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/253a4490b528597aa14d2bf5aeded6f5e5e4a541",
+                "reference": "253a4490b528597aa14d2bf5aeded6f5e5e4a541",
                 "shasum": ""
             },
             "require": {
@@ -3875,20 +3865,20 @@
             ],
             "description": "Symfony Filesystem Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-14T19:40:10+00:00"
+            "time": "2018-02-22T10:48:49+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.6.0",
+            "version": "v1.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "2ec8b39c38cb16674bbf3fea2b6ce5bf117e1296"
+                "reference": "78be803ce01e55d3491c1397cf1c64beb9c1b63b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/2ec8b39c38cb16674bbf3fea2b6ce5bf117e1296",
-                "reference": "2ec8b39c38cb16674bbf3fea2b6ce5bf117e1296",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/78be803ce01e55d3491c1397cf1c64beb9c1b63b",
+                "reference": "78be803ce01e55d3491c1397cf1c64beb9c1b63b",
                 "shasum": ""
             },
             "require": {
@@ -3900,7 +3890,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.6-dev"
+                    "dev-master": "1.7-dev"
                 }
             },
             "autoload": {
@@ -3934,20 +3924,20 @@
                 "portable",
                 "shim"
             ],
-            "time": "2017-10-11T12:05:26+00:00"
+            "time": "2018-01-30T19:27:44+00:00"
         },
         {
             "name": "symfony/translation",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/translation.git",
-                "reference": "4c5d5582baf2829751a5207659329c1f52eedeb6"
+                "reference": "80e19eaf12cbb546ac40384e5c55c36306823e57"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/translation/zipball/4c5d5582baf2829751a5207659329c1f52eedeb6",
-                "reference": "4c5d5582baf2829751a5207659329c1f52eedeb6",
+                "url": "https://api.github.com/repos/symfony/translation/zipball/80e19eaf12cbb546ac40384e5c55c36306823e57",
+                "reference": "80e19eaf12cbb546ac40384e5c55c36306823e57",
                 "shasum": ""
             },
             "require": {
@@ -4002,20 +3992,20 @@
             ],
             "description": "Symfony Translation Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-12T08:27:14+00:00"
+            "time": "2018-02-22T06:28:18+00:00"
         },
         {
             "name": "symfony/yaml",
-            "version": "v3.4.2",
+            "version": "v3.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/yaml.git",
-                "reference": "afe0cd38486505c9703707707d91450cfc1bd536"
+                "reference": "6af42631dcf89e9c616242c900d6c52bd53bd1bb"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/yaml/zipball/afe0cd38486505c9703707707d91450cfc1bd536",
-                "reference": "afe0cd38486505c9703707707d91450cfc1bd536",
+                "url": "https://api.github.com/repos/symfony/yaml/zipball/6af42631dcf89e9c616242c900d6c52bd53bd1bb",
+                "reference": "6af42631dcf89e9c616242c900d6c52bd53bd1bb",
                 "shasum": ""
             },
             "require": {
@@ -4060,7 +4050,7 @@
             ],
             "description": "Symfony Yaml Component",
             "homepage": "https://symfony.com",
-            "time": "2017-12-11T20:38:23+00:00"
+            "time": "2018-02-16T09:50:28+00:00"
         },
         {
             "name": "theseer/tokenizer",
@@ -4171,6 +4161,6 @@
         "ext-openssl": "*"
     },
     "platform-dev": {
-        "php": ">=7.0"
+        "php": ">=5.6 || >=7.0"
     }
 }

doc/Developers.md

@@ -8,17 +8,17 @@ doing development.
 
 Create your own github account.
 
-You may fork/clone the Red repository from [https://github.com/redmatrix/hubzilla.git](https://github.com/redmatrix/hubzilla.git).
+You may fork/clone the $Projectname repository from [https://framagit.org/hubzilla/core.git](https://framagit.org/hubzilla/core.git).
 
 Follow the instructions provided here: [http://help.github.com/fork-a-repo/](http://help.github.com/fork-a-repo/)
-to create and use your own tracking fork on github
+to create and use your own tracking fork on framagit
 
-Then go to your github page and create a "Pull request" when you are ready
+Then go to your framagit page and create a "Pull request" when you are ready
 to notify us to merge your work.
 
 **Translations**
 
-Our translations are managed through Transifex. If you wish to help out translating $Projectname to another language, sign up on transifex.com, visit [https://www.transifex.com/projects/p/red-matrix/](https://www.transifex.com/projects/p/red-matrix/) and request to join one of the existing language teams or create a new one. Notify one of the core developers when you have a translation update which requires merging, or ask about merging it yourself if you're comfortable with git and PHP. We have a string file called 'messages.po' which is gettext compliant and a handful of email templates, and from there we automatically generate the application's language files.   
+Our translations are managed through Transifex. If you wish to help out translating $Projectname to another language, sign up on transifex.com, visit [https://www.transifex.com/projects/p/hubzilla/](https://www.transifex.com/projects/p/hubzilla/) and request to join one of the existing language teams or create a new one. Notify one of the core developers when you have a translation update which requires merging, or ask about merging it yourself if you're comfortable with git and PHP. We have a string file called 'messages.po' which is gettext compliant and a handful of email templates, and from there we automatically generate the application's language files.   
 
 [Translations - More Info](help/Translations)
 

doc/Translations.md

@@ -4,13 +4,13 @@ Translating $Projectname
 Translation Process
 -------------------
 
-The strings used in the UI of Hubzilla is translated at [Transifex][1] and then
+The strings used in the UI of $Projectname is translated at [Transifex][1] and then
 included in the git repository at github. If you want to help with translation
-for any language, be it correcting terms or translating Hubzilla to a
+for any language, be it correcting terms or translating $Projectname to a
 currently not supported language, please register an account at transifex.com
 and contact the Redmatrix translation team there.
 
-Translating Hubzilla is simple. Just use the online tool at transifex. If you
+Translating $Projectname is simple. Just use the online tool at transifex. If you
 don't want to deal with git & co. that is fine, we check the status of the
 translations regularly and import them into the source tree at github so that
 others can use them.
@@ -26,32 +26,32 @@ tree.
 
 If you want to get your work into the source tree yourself, feel free to do so
 and contact us with and question that arises. The process is simple and
-Hubzilla ships with all the tools necessary.
+$Projectname ships with all the tools necessary.
 
 The location of the translated files in the source tree is
     /view/LNG-CODE/
 where LNG-CODE is the language code used, e.g. de for German or fr for French.
 For the email templates (the *.tpl files) just place them into the directory
 and you are done. The translated strings come as a "hmessages.po" file from
-transifex which needs to be translated into the PHP file Hubzilla uses.  To do
+transifex which needs to be translated into the PHP file $Projectname uses.  To do
 so, place the file in the directory mentioned above and use the "po2php"
-utility from the util directory of your Hubzilla installation.
+utility from the util directory of your $Projectname installation.
 
 Assuming you want to convert the German localization which is placed in
 view/de/hmessages.po you would do the following.
 
 1. Navigate at the command prompt to the base directory of your
-   Hubzilla installation
+   $Projectname installation
 
 2. Execute the po2php script, which will place the translation
-   in the hstrings.php file that is used by Hubzilla.
+   in the hstrings.php file that is used by $Projectname.
 
        $> php util/po2php.php view/de/hmessages.po
 
    The output of the script will be placed at view/de/hstrings.php where
    froemdoca os expecting it, so you can test your translation mmediately.
                                   
-3. Visit your Hubzilla page to check if it still works in the language you
+3. Visit your $Projectname page to check if it still works in the language you
    just translated. If not try to find the error, most likely PHP will give
    you a hint in the log/warnings.about the error.
                                         
@@ -62,16 +62,16 @@ view/de/hmessages.po you would do the following.
        $> php view/de/hstrings.php
 
 4. commit the two files with a meaningful commit message to your git
-   repository, push it to your fork of the Hubzilla repository at github and
+   repository, push it to your fork of the $Projectname repository at github and
    issue a pull request for that commit.
 
 Utilities
 ---------
 
 Additional to the po2php script there are some more utilities for translation
-in the "util" directory of the Hubzilla source tree.  If you only want to
-translate Hubzilla into another language you wont need any of these tools most
-likely but it gives you an idea how the translation process of Hubzilla
+in the "util" directory of the $Projectname source tree.  If you only want to
+translate $Projectname into another language you wont need any of these tools most
+likely but it gives you an idea how the translation process of $Projectname
 works.
 
 For further information see the utils/README file.
@@ -79,7 +79,7 @@ For further information see the utils/README file.
 Known Problems
 --------------
 
-* Hubzilla uses the language setting of the visitors browser to determain the
+* $Projectname uses the language setting of the visitors browser to determain the
   language for the UI. Most of the time this works, but there are some known
   quirks.
 * the early translations are based on the friendica translations, if you 
@@ -87,7 +87,7 @@ Known Problems
 
 Links
 ------
-[1]:   http://www.transifex.com/projects/p/red-matrix/
+[1]:   http://www.transifex.com/projects/p/hubzilla/
 
 
 #include doc/macros/main_footer.bb;