bump version

changelog
hubzilla issue #851
2026-06-21 09:01:15 -04:00 · 2017-08-31 10:23:09 +02:00 · 2017-08-31 10:22:05 +02:00 · 2017-08-31 10:15:23 +02:00 · 2017-08-18 13:04:30 +02:00 · 2017-08-18 13:04:20 +02:00
3399 changed files with 123352 additions and 121150 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -44,7 +44,8 @@ doc/html/
 .zotshrc
 # external repositories for themes/addons
 extend/
-
+# files generated by phpunit
+tests/results/

 ## exclude IDE files
 # config files and folders from Eclipse
@@ -63,6 +64,8 @@ nbproject/
 ## composer
 # locally installed composer binary
 composer.phar
+# allow composer.lock, as it is required to have a common state
+!composer.lock
 # vendor/ is managed by composer, no need to include in our repository
 # requires new deployment and needs discussion first
 #vendor/
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,44 +1,164 @@
+#
+# Travis-CI configuration file for Hubzilla
+#
+## configure things
+#
+
 # see http://about.travis-ci.org/docs/user/languages/php/ for more hints
 language: php

-# list any PHP version you want to test against
+# use newer 'trusty' based distro, old one is 'precise'
+dist: trusty
+# use docker based containers
+sudo: false
+
+# Git branches whitelist to build on Travis CI
+branches:
+  only:
+  - master
+  - dev
+  # whitelist our tags for release deployments e.g. 2.2
+  - /^\d+\.\d+(\.\d+)?(-\S*)?$/
+
+# Install additional software
+addons:
+  # Install dependencies for generating API documentation with doxygen
+  apt:
+    packages:
+      - doxygen
+      - doxygen-latex
+      - graphviz
+      - ttf-liberation
+
+# enable and start databases on a per job basis
+#services:
+#  - mariadb
+#  - postgresql
+
+# any PHP version we want to test against, current stable phpunit requires PHP >= 7.0
 php:
-  # using major version aliases
+  - '7.0'
+  - '7.1'
+  # HHVM does not fulfil PHPUnit platform requirements as being compatible with PHP7 yet
+  #- 'hhvm'

-  # aliased to a recent 5.6.x version
-  - 5.6
-  # aliased to a recent 7.x version
-  - 7.0
-  # aliased to a recent hhvm version
-  - hhvm
+# list of environments to test
+env:
+  global:
+    # used for doxygen deployment script
+    - DOXYFILE: $TRAVIS_BUILD_DIR/util/Doxyfile
+    # Uncomment if a newer/specific version of Doxygen should be used
+    #- DOXY_VER: 1.8.12
+    # Code Coverage is slow, no need to have it in every build
+    - PHPUCOV: "--no-coverage"
+  # use matrix only for PHP and MySQL, all other combinations added through includes
+  matrix:
+    # trusty default MySQL 5.6
+    - DB=mysql MYSQL_VERSION=5.6

-# optionally specify a list of environments, for example to test different RDBMS
-#env:
-#  - DB=mysql
-#  - DB=pgsql
-
-# optionally set up exclutions and allowed failures in the matrix
+# Matrix configuration details
 matrix:
+  fast_finish: true
+  # Additional check combinations
+  include:
+    # PHP7.1, mariadb 10.1
+    - php: '7.1'
+      env: DB=mariadb MARIADB_VERSION=10.1 CODECOV=1
+      # use mariadb instead of MySQL
+      addons:
+        mariadb: '10.1'
+    # PHP7.1, PostgreSQL 9.6
+    - php: '7.1'
+      env: DB=pgsql POSTGRESQL_VERSION=9.6
+      # Use newer postgres than 9.2 default
+      addons:
+        postgresql: '9.6'
+      services:
+        - postgresql
+    # PHP7.1, old precise distribution with MySQL 5.5
+    - php: '7.1'
+      env: DB=mysql MYSQL_VERSION=5.5
+      dist: precise
+      services:
+        - mysql
+    # MySQL 5.7 with Docker container
+    - php: '7.1'
+      env: DB=mysql MYSQL_VERSION=5.7
+      sudo: required
+      services:
+        - docker
+   # Excludes from default matrix combinations
 #  exclude:
 #    - php: hhvm
 #      env: DB=pgsql  # PDO driver for pgsql is unsupported by HHVM (3rd party install for support)
-  allow_failures:
-    - php: hhvm
+
+# cache composer downloads between runs
+cache:
+  directories:
+    - $HOME/.composer/cache
+    #- $HOME/doxygen/doxygen-$DOXY_VER/bin
+
+
+
+#
+## execute things
+#
+
+before_install:
+  - travis_retry composer self-update
+  # Start MySQL 5.7 Docker container, needs some time to come up
+  - if [[ "$MYSQL_VERSION" == "5.7" ]]; then sudo service mysql stop; docker run -d -p 3306:3306 -e MYSQL_ALLOW_EMPTY_PASSWORD=yes mysql:5.7 && sleep 25 && docker ps; fi
+
+# Install composer dev libs
+install:
+  - travis_retry composer install --optimize-autoloader --no-progress

 # execute any number of scripts before the test run, custom env's are available as variables
-#before_script:
-#  - if [[ "$DB" == "pgsql" ]]; then psql -c "DROP DATABASE IF EXISTS hello_world_test;" -U postgres; fi
-#  - if [[ "$DB" == "pgsql" ]]; then psql -c "create database hello_world_test;" -U postgres; fi
-#  - if [[ "$DB" == "mysql" ]]; then mysql -e "create database IF NOT EXISTS hello_world_test;" -uroot; fi
-
-install:
-  - composer require phpunit/phpunit
+before_script:
+  # Use code coverage config for phpunit
+  - if [[ ! -z $CODECOV ]]; then export PHPUCOV=""; fi
+  # Some preparation tasks of environment
+  - ./tests/travis/prepare.sh
+  # DB specific prepare scripts
+  - if [[ "$DB" == "mysql" ]]; then ./tests/travis/prepare_mysql.sh; fi
+  - if [[ "$DB" == "mariadb" ]]; then ./tests/travis/prepare_mysql.sh; fi
+  - if [[ "$DB" == "pgsql" ]]; then ./tests/travis/prepare_pgsql.sh; fi

 # omitting "script:" will default to phpunit
-# use the $DB env variable to determine the phpunit.xml to use
-script: vendor/bin/phpunit  tests/unit/
+script: ./vendor/bin/phpunit $PHPUCOV -c tests/phpunit-$DB.xml
+
+after_success:
+  # Generate API documentation and deploy it to gh-pages
+  - ./tests/travis/gen_apidocs.sh
+#after_failure:
+
+# Deploying release and API documentation to GitHub
+#before_deploy:
+deploy:
+  - provider: pages
+    skip_cleanup: true
+    local_dir: $TRAVIS_BUILD_DIR/doc/html
+    github_token: $GH_TOKEN
+    on:
+      repo: redmatrix/hubzilla
+      branch: master
+      condition: '(-n "$GH_TOKEN") && ("$TRAVIS_JOB_NUMBER" == "${TRAVIS_BUILD_NUMBER}.1")'
+  # add API documentation to release, could also be used to provide full packages if we want to drop vendor from our repo
+  - provider: releases
+    skip_cleanup: true
+    api_key: $GH_TOKEN
+    file: 'doc/hubzilla-api-documentation.zip'
+    on:
+      repo: redmatrix/hubzilla
+      tags: true
+      condition: '(-n "$GH_TOKEN") && ("$TRAVIS_JOB_NUMBER" == "${TRAVIS_BUILD_NUMBER}.1")'
+#after_deploy:
+
+#after_script:
+
+

 # configure notifications (email, IRC, campfire etc)
-notifications:
+#notifications:
 #  irc: "irc.freenode.org#yourfavouriteroomfortravis"
 # a plugin/script to post to a hubzilla channel would be neat here
--- a/189
+++ b/189
@@ -1,5 +1,192 @@
+Hubzilla 2.6.2 (2017-08-31)
+	- Fix webfinger returns invalid XML (github issue #851)
+
+
+Hubzilla 2.6.1 (2017-08-18)
+	- Fix a regression with dav clients
+	- Raise install requirements
+	
+	Plugins/Addon
+	- Diaspora: fix PHP warning
+	- GNU-Social: fix PHP warning 
+
+
+Hubzilla 2.6 (2017-08-16)
+	- Upgrade to bootstrap-4 beta
+	- Consolidate disable_discover_tab config
+	- Fix some bbcode to markdown conversion issues
+	- Improved finding of recursive attachment permissions
+	- Smaller line-height for notification badges 
+	- Bluegrid schema removed - will be added again if someone is willing to maintain it
+	- Improved file_activity()
+	- DB - add index for item.obj_type
+	- Add options flag to bb_to_markdown() so we can distinguish between diaspora use and other use and therefore filter and adjust content selectively
+	- Close the apps-menu if the notifications-menu is open and vice versa 
+	- Remove redundant call to jquery ready function in photo albums view
+	- Remove borders from navbar toggler in mobile view
+	- Improve the formatting of shares when converting from bbcode to markdown
+	- Suppress fopen errors from dav
+	- Make local channel (not our own) nav menus appear similar to what we are used from remote channels
+	- Indicate the selected channel in the dropdown menu if the feature is enabled	
+	- Provide a mechanism to mark apps active in the app tray
+	- Allow wildcard tag and category searches
+	- Improved installer
+	- Update some addon docs and ensure we only generate statistics once a day
+	- Turn url requests where argv[0] is something.xyz into module='something' and $_REQUEST['module_format'] = 'xyz'; But leave modules beginning with . (like .well_known) alone (convert the initial . to _ and then strip it)
+	- Turn platform name and std_version into config variables
+	- Implement chunked uploads on the wall
+	- Prevent expiration of conversations you are involved with
+	- Update htmlpurifier to version 4.9.3
+	- Update sabre/http to version 4.2.3
+	- Add optimize-autoloader to composer config
+	- Missing abook_{my,their}_perms in pg schema and missing keys in mysql schema 
+	- Provide a gender icon on the profile sidebar within reason
+	- Provide more comprehensible information on the admin summary page
+	- Upgrade blueimp from 9.8 to 9.18
+	- Chanview - if already connected, bypass the chanview intermediary page and go straight to the remote profile.
+	- Allow poke by xchan_hash
+	- guess_image_type() - ignore scheme when checking for urls
+	- Remove unused page_widgets.php include and provide a general function for loading sql from file
+	- Migrate cdav from addons to core
+	- Address several mail issues
+	- Add files and photos to featured apps by default
+	- import_author_zot() fixes
+	- Remove deprecated app parameter from conversation()
+	- Implement anonymous comments (like wordpress)
+	- Add rel=noopener to all external target _blank links
+	- Add 'can_comment_on_post' hook so we can better deal with the complications of Diaspora policy
+	- Added Portfolio widget (requires foundation)
+	- Convert schema_mysql engine to InnoDB and charset utf8mb4
+	- Put unreachable federated connections in the archived tab of the connections list page
+	- Indicate on connections page if a federated connection from another network is unavailable from the current location
+	- Make authenticated oembeds optional, default to false.
+	- Remove text_highlight css load from core
+	- Numerous ostatus feed improvements (mastodon, gnu-social)
+	- Provide hook when deleting a connection - we need this to clean up dangling PuSH subscriptions
+	- Move code syntax highlighting to plugin
+	- Oembed: ensure that width and height are returned as type int and not float
+	- Rewrite wiki pages widget - no need for ajax on pageload, show the pages to not authenticated people.
+	- Convert randprof to use chanlink_hash() instead of chanlink_url() and filter sys channels by xchan.xchan_system instead of xchan_addr != sys@%
+	- Update Sabre libraries
+	- Only provide "connected apps" on the settings menu if techlevel > 0.
+	- Provide ability to search webpage
+	- Move disapora xrd stuff to plugin
+	- Deprecate server_role
+	- Introduce automatic language selection for help, webpages, and wiki content
+	- Provide ability to order apps in app-tray
+	- Replace Markdownify library with html-to-markdown library
+
+	Bugfixes
+	- Fix channel manager and nav channel select visible if in a delegate session
+	- Fix wrong wiki pages in the sidebar github issue #841
+	- Fix a bug where if multiple channels uploaded the same file to the same folder, the uploaded file would end up with an incremental number added to the filename for each upload even if the file did not exist yet in the channels folder
+	- Fix privacy groups not syncing across clones properly (github issue #832)
+	- Fix an issue where the ability to use a portion of the message-id to display a message wasn't honoured in all cases
+	- Fix minor issues in the bs-default schema
+	- Fix backward compatibility for album links generated in earlier times before the ambiguity of photo album names was solved (github issue #827)
+	- Fix photo item comments not ported to bs4
+	- Fix incorrect album link
+	- Fix incorrect follow url in webfinger
+	- Fix regression - allow position attributes in oembedable zcards
+	- Fix affinitiy slider settings were being updated on any submit of of settings/featured
+	- Fix minor weirdness in zot finger results after deleting a clone from a channel that was on a site which was previously migrated from http to https and still had the old hubloc
+	- Fix cloud headers already sent issue
+	- Partial fix for failure to sync photos - appears to be memory exhaustion and dependent on filesize although an unrelated issue was found with directory creation during file sync (we didn't check ownership when looking for duplicates)
+	- Fix github issue #810
+	- Don't allow negative age in directory listings
+	- Fix allow setting a default schema for the hub (github issue #797) and allow selecting of focus (hubzilla default) schema if a default is set
+	- Fix update_r1189() for mysql and postgres
+
+	Plugins/Addon
+	Diaspora: Rewrite the addon to implemented Diaspora Version 2 federation protocol
+	GNU-Social: GNU-Social and Mastodon compatibility was greatly increased and a "fetch conversations" feature added to try and locate missing contextual references and maintain conversations in posts from those networks
+	Rename statistics_json to statistics and implement nodeinfo v2
+	New authchoose addon to restrict what sites you authenticate to by default
+	Cdav addon moved to core
+	head_add_css() needs a preceding '/' to find files in the addons dir
+	New addon code syntax highlighting (moved from core to addon)
+	Pubsubhubbub: specify a minimum number of records - otherwise it defaults to zero	
+
+
+Hubzilla 2.4 (2017-05-31)
+	- Silence php warning during install
+	- Implemented switch statement logic in Comanche layout parser
+	- Don't allow html in plugin comment blocks
+	- Handle Mastodon urls in markdown/bbcode conversion
+	- Get rid of edit activities
+	- Collapse sysapps if viewing a remote channel
+	- Various Doxygen fixes
+	- Update SimplePie library to version 1.5
+	- Add check for PHP zip extension during install
+	- Add unit tests for AccessList class
+	- Authenticate onepoll so we can receive private posts/comments in zotfeed
+	- Various postgres fixes
+	- Some work on preparing clientside e2ee
+	- Allow to set a default channel for the rare case where a default channel is not selected but channels actually exist
+	- Support reverse magic-auth in oembed requests
+	- Improved handling of Mastodon feeds
+	- When template "none" is used in a webpage layout, then the contents of the page should be the sole output, with no other code before or after the page element content
+	- If there is no site record, site_dead won't be 0, in a left join it will in fact be null. As long as it isn't 1, we should attempt delivery
+	- Order wiki pages by creation date
+	- Backend infrastructure for channel protection password; which will be used to optionally encrypt export files and resolve channel/identity ownership/hijacking disputes
+	- Don't allow any null fields in notify creation
+	- Webfinger cleanup
+	- Envelope privacy
+	- We do not parse the body in discover_by_url(), so no need to preserve iframes in SimplePie
+	- Correct the mastodon "boost" (aka 'share') author attribution by checking for share activities and pulling the original author info from the activity:object
+	- Only log zot_refresh content if json decode was successful
+	- Revisit the import_author_zot algorithm yet again. There was one bug that we weren't returning necessary information in the first SQL query - and performance/loading problem if one tries to refresh a dead site
+	- Import_author_xchan - since we rarely refresh zot-info for non-connections, force a cache reload once a week to catch things like profile photo updates and location changes
+	- Create site_store_lowlevel() to initialise data structures for the site table
+	- Change hook for perm_is_allowed while retaining backwards compatibility
+	- import_author_zot() - check for both hubloc and xchan entries. This should catch and repair entries which were subject to transient storage failures
+	- Import authors from any unrecognised network as network 'unknown'
+	- Crypto update - default is now aes-256-ctr
+	- Get rid of get_app()
+	- Add 'author_is_pmable()' function with plugin hooks to control whether or not to display a 'send mail' link in the thread author menu
+	- Provide platform specific install script
+	- Allow for project specific DB updates
+	- Get rid of davguest
+	- Move db_upgrade to zlib
+	- Add CSRF protection for import and import_items
+	- Add some documentation for import functions
+	- Do not allow creating two wikis with the same name
+	- Update textcomplete library to version 1.8.0
+	- Create channel_store_lowlevel()
+	- Allow setting the system email name/address/reply
+	- Use the same host macro for sender address as for reply_to address
+	- Use the relevant attach directory/path for photo albums instead of an album basename which may not be unique. Created an 'ellipsify()' function to shorten long names and keep the beginning and end intact
+	- Simplify the message signing spaghetti
+	- Class MarkdownSoap to safely store markdown by purifying and preserving (escaped) what may be unsafe code in codeblocks. The stored item needs to be unescaped just prior to calling the markdown-to-html processor
+	- Remove the unimplemented upload limit site settings from UI
+	- Cleanup code_allowed
+	- Move widgets to standalone classes
+	- Upgrade redbasic to bootstrap 4
+	- Updated HTML Purifier from 4.6.0 to 4.9.2 with better PHP7 compatibility
+	- Remove redundant and non-functional/broken check for successfully cloned channel record which was left over from an earlier method of creating the table; which was deprecated a few months back
+	- Update bshaffer/oauth2-server-php library
+	- Add unit test for purify_html()
+
+	Bugfixes
+	- Fix website export tool creating invalid zip file - issue #790
+	- Fix files not synced correctly - issue #769
+	- Fix empty ACL should not result in no ACL when uploading a file
+	- Fix cover photo was unintentionally disabled when block_public in effect
+	- Fix markdown autolinks - issue 752
+	- Fix connectDefaultShare generated js function, though it isn't obvious if we still use it
+	- Fix a couple more instances where we were still calling mail() directly for site critical messages
+	- Fix when clicking a notification to view a private mail message, actually view that message instead of the most recent
+	- Fix group by item query
+
+	Plugins/Addon
+	- smileybutton: do not load emojis
+	- pubsubhubbub: fixes associated with recent compatibility feed mods
+	- gnusoc: mastodon follow_activity compatibility issues
+	- gnusoc: add profile photo to feed meta
+	- gnusoc: add salmon link information to the public feed when GNU-Social is enabled
+	- chess: fix bugs when deleting games
+
 Hubzilla 2.2 (2017-03-08)
-	- Don't collapse long nsfw content if nsfw plugin is already collapsing it
 	- Provide version compatibility check for themes (minversion, maxversion)
 	- Use chanlink_hash() instead of chanlink_url() where appropriate
 	- Use head_add_link() for feed discovery
--- a/Zotlabs/Access/AccessList.php
+++ b/Zotlabs/Access/AccessList.php
@@ -2,21 +2,55 @@

 namespace Zotlabs\Access;

-
+/**
+ * @brief AccessList class.
+ *
+ * A class to hold an AccessList object with allowed and denied contacts and
+ * groups.
+ */
 class AccessList {
-
+	/**
+	 * @brief Allow contacts
+	 * @var string
+	 */
 	private $allow_cid;
+	/**
+	 * @brief Allow groups
+	 * @var string
+	 */
 	private $allow_gid;
+	/**
+	 * @brief Deny contacts
+	 * @var string
+	 */
 	private $deny_cid;
+	/**
+	 * @brief Deny groups
+	 * @var string
+	 */
 	private $deny_gid;
+	/**
+	 * @brief Indicates if we are using the default constructor values or
+	 * values that have been set explicitly.
+	 * @var boolean
+	 */
+	private $explicit;

-	/* indicates if we are using the default constructor values or values that have been set explicitly. */
-
-	private $explicit; 

+	/**
+	 * @brief Constructor for AccessList class.
+	 *
+	 * @note The array to pass to the constructor is different from the array
+	 * that you provide to the set() or set_from_array() functions.
+	 *
+	 * @param array $channel A channel array, where these entries are evaluated:
+	 *   * \e string \b channel_allow_cid => string of allowed cids
+	 *   * \e string \b channel_allow_gid => string of allowed gids
+	 *   * \e string \b channel_deny_cid => string of denied cids
+	 *   * \e string \b channel_deny_gid => string of denied gids
+	 */
 	function __construct($channel) {
-
-		if($channel) {		
+		if($channel) {
 			$this->allow_cid = $channel['channel_allow_cid'];
 			$this->allow_gid = $channel['channel_allow_gid'];
 			$this->deny_cid  = $channel['channel_deny_cid'];
@@ -32,61 +66,95 @@ class AccessList {
 		$this->explicit = false;
 	}

+	/**
+	 * @brief Get if we are using the default constructor values
+	 * or values that have been set explicitly.
+	 *
+	 * @return boolean
+	 */
 	function get_explicit() {
 		return $this->explicit;
 	}

 	/**
-	 * Set AccessList from strings such as those in already
-	 * existing stored data items
+	 * @brief Set access list from strings such as those in already
+	 * existing stored data items.
+	 *
+	 * @note The array to pass to this set function is different from the array
+	 * that you provide to the constructor or set_from_array().
+	 *
+	 * @param array $arr
+	 *   * \e string \b allow_cid => string of allowed cids
+	 *   * \e string \b allow_gid => string of allowed gids
+	 *   * \e string \b deny_cid  => string of denied cids
+	 *   * \e string \b deny_gid  => string of denied gids
+	 * @param boolean $explicit (optional) default true
 	 */
-
-	function set($arr,$explicit = true) {
+	function set($arr, $explicit = true) {
 		$this->allow_cid = $arr['allow_cid'];
 		$this->allow_gid = $arr['allow_gid'];
 		$this->deny_cid  = $arr['deny_cid'];
 		$this->deny_gid  = $arr['deny_gid'];

-		$this->explicit = $explicit;
+		$this->explicit  = $explicit;
 	}

 	/**
-	 * return an array consisting of the current
-	 * access list components where the elements
-	 * are directly storable. 
+	 * @brief Return an array consisting of the current access list components
+	 * where the elements are directly storable.
+	 *
+	 * @return Associative array with:
+	 *   * \e string \b allow_cid => string of allowed cids
+	 *   * \e string \b allow_gid => string of allowed gids
+	 *   * \e string \b deny_cid  => string of denied cids
+	 *   * \e string \b deny_gid  => string of denied gids
 	 */
-
 	function get() {
-		return array(
+		return [
 			'allow_cid' => $this->allow_cid,
 			'allow_gid' => $this->allow_gid,
 			'deny_cid'  => $this->deny_cid,
 			'deny_gid'  => $this->deny_gid,
-		);
+		];
 	}

 	/**
-	 * Set AccessList from arrays, such as those provided by
-	 * acl_selector(). For convenience, a string (or non-array) input is 
-	 * assumed to be a comma-separated list and auto-converted into an array. 
-	 */ 
-
-	function set_from_array($arr,$explicit = true) {
-		$this->allow_cid = perms2str((is_array($arr['contact_allow'])) 
-			? $arr['contact_allow'] : explode(',',$arr['contact_allow']));
+	 * @brief Set access list components from arrays, such as those provided by
+	 * acl_selector().
+	 *
+	 * For convenience, a string (or non-array) input is assumed to be a
+	 * comma-separated list and auto-converted into an array.
+	 *
+	 * @note The array to pass to this set function is different from the array
+	 * that you provide to the constructor or set().
+	 *
+	 * @param array $arr An associative array with:
+	 *   * \e array|string \b contact_allow => array with cids or comma-seperated string
+	 *   * \e array|string \b group_allow   => array with gids or comma-seperated string
+	 *   * \e array|string \b contact_deny  => array with cids or comma-seperated string
+	 *   * \e array|string \b group_deny    => array with gids or comma-seperated string
+	 * @param boolean $explicit (optional) default true
+	 */
+	function set_from_array($arr, $explicit = true) {
+		$this->allow_cid = perms2str((is_array($arr['contact_allow']))
+			? $arr['contact_allow'] : explode(',', $arr['contact_allow']));
 		$this->allow_gid = perms2str((is_array($arr['group_allow']))
-			? $arr['group_allow'] : explode(',',$arr['group_allow']));
+			? $arr['group_allow'] : explode(',', $arr['group_allow']));
 		$this->deny_cid  = perms2str((is_array($arr['contact_deny']))
-			? $arr['contact_deny'] : explode(',',$arr['contact_deny']));
+			? $arr['contact_deny'] : explode(',', $arr['contact_deny']));
 		$this->deny_gid  = perms2str((is_array($arr['group_deny']))
-			? $arr['group_deny'] : explode(',',$arr['group_deny']));
+			? $arr['group_deny'] : explode(',', $arr['group_deny']));

 		$this->explicit = $explicit;
 	}

+	/**
+	 * @brief Returns true if any access lists component is set.
+	 *
+	 * @return boolean Return true if any of allow_* deny_* values is set.
+	 */
 	function is_private() {
 		return (($this->allow_cid || $this->allow_gid || $this->deny_cid || $this->deny_gid) ? true : false);
 	}

 }
-
--- a/Zotlabs/Access/PermissionLimits.php
+++ b/Zotlabs/Access/PermissionLimits.php
@@ -10,7 +10,7 @@ class PermissionLimits {
 		$perms = Permissions::Perms();
 		$limits = array();
 		foreach($perms as $k => $v) {
-			if(strstr($k,'view'))
+			if(strstr($k,'view') || $k === 'post_comments')
 				$limits[$k] = PERMS_PUBLIC;
 			else
 				$limits[$k] = PERMS_SPECIFIC;
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -1,45 +1,52 @@
 <?php

-
 namespace Zotlabs\Access;

 use Zotlabs\Lib as Zlib;

+/**
+ * @brief Extensible permissions.
+ *
+ * To add new permissions, add to the list of $perms below, with a simple description.
+ *
+ * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
+ * if this permission should be granted to new connections.
+ *
+ * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom
+ * permission roles. You will want to set a default PermissionLimit for each channel and also
+ * provide a sane default for any existing connections. You may or may not wish to provide a
+ * default auto permission. If in doubt, leave this alone as custom permissions by definition
+ * are the responsibility of the channel owner to manage. You just don't want to create any
+ * suprises or break things so you have an opportunity to provide sane settings.
+ *
+ * Update the version here and in PermissionRoles.
+ *
+ *
+ * Permissions with 'view' in the name are considered read permissions. Anything
+ * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
+ * is given PERMS_SPECIFIC.
+ *
+ * PermissionLimits::Std_limits() retrieves the standard limits. A permission role
+ * MAY alter an individual setting after retrieving the Std_limits if you require
+ * something different for a specific permission within the given role.
+ *
+ */
 class Permissions {

-	/**
-	 * Extensible permissions.
-	 * To add new permissions, add to the list of $perms below, with a simple description.
-	 *
-	 * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
-	 * if this permission should be granted to new connections.
-	 *
-	 * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom 
-	 * permission roles. You will want to set a default PermissionLimit for each channel and also
-	 * provide a sane default for any existing connections. You may or may not wish to provide a
-	 * default auto permission. If in doubt, leave this alone as custom permissions by definition
-	 * are the responsibility of the channel owner to manage. You just don't want to create any 
-	 * suprises or break things so you have an opportunity to provide sane settings. 
-	 *
-	 * Update the version here and in PermissionRoles
-	 *
-	 *
-	 * Permissions with 'view' in the name are considered read permissions. Anything
-	 * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
-	 * is given PERMS_SPECIFIC.
-	 *
-	 * PermissionLimits::Std_limits() retrieves the standard limits. A permission role
-	 * MAY alter an individual setting after retrieving the Std_limits if you require
-	 * something different for a specific permission within the given role.  
-	 *
-	 */
-
 	static public function version() {
 		// This must match the version in PermissionRoles.php before permission updates can run.
 		return 2;
 	}

-
+	/**
+	 * @brief Return an array with Permissions.
+	 *
+	 * @hooks permissions_list
+	 *   * \e array \b permissions
+	 *   * \e string \b filter
+	 * @param string $filter (optional) only passed to hook permission_list
+	 * @return Associative array with permissions and short description.
+	 */
 	static public function Perms($filter = '') {

 		$perms = [
@@ -63,18 +70,27 @@ class Permissions {
 			'delegate'      => t('Can administer my channel')
 		];

-		$x = array('permissions' => $perms, 'filter' => $filter);
-		call_hooks('permissions_list',$x);
-		return($x['permissions']);
+		$x = [
+			'permissions' => $perms,
+			'filter' => $filter
+		];
+		call_hooks('permissions_list', $x);

+		return($x['permissions']);
 	}

+	/**
+	 * @brief Perms from the above list that are blocked from anonymous observers.
+	 *
+	 * e.g. you must be authenticated.
+	 *
+	 * @hooks write_perms
+	 *   * \e array \b permissions
+	 * @return Associative array with permissions and short description.
+	 */
 	static public function BlockedAnonPerms() {

-		// Perms from the above list that are blocked from anonymous observers.
-		// e.g. you must be authenticated.
-
-		$res = array();
+		$res = [];
 		$perms = PermissionLimits::Std_limits();
 		foreach($perms as $perm => $limit) {
 			if($limit != PERMS_PUBLIC) {
@@ -82,17 +98,22 @@ class Permissions {
 			}
 		}

-		$x = array('permissions' => $res);
-		call_hooks('write_perms',$x);
-		return($x['permissions']);
+		$x = ['permissions' => $res];
+		call_hooks('write_perms', $x);

+		return($x['permissions']);
 	}

-	// converts [ 0 => 'view_stream', ... ]
-	// to [ 'view_stream' => 1 ]
-	// for any permissions in $arr;
-	// Undeclared permissions are set to 0
-
+	/**
+	 * @brief Converts indexed perms array to associative perms array.
+	 *
+	 * Converts [ 0 => 'view_stream', ... ]
+	 * to [ 'view_stream' => 1 ] for any permissions in $arr;
+	 * Undeclared permissions which exist in Perms() are added and set to 0.
+ 	 *
+	 * @param array $arr
+	 * @return array
+	 */
 	static public function FilledPerms($arr) {
 		if(is_null($arr)) {
 			btlogger('FilledPerms: null');
@@ -101,15 +122,26 @@ class Permissions {
 		$everything = self::Perms();
 		$ret = [];
 		foreach($everything as $k => $v) {
-			if(in_array($k,$arr))
+			if(in_array($k, $arr))
 				$ret[$k] = 1;
 			else
 				$ret[$k] = 0;
 		}
-		return $ret;

+		return $ret;
 	}

+	/**
+	 * @brief Convert perms array to indexed array.
+	 *
+	 * Converts [ 'view_stream' => 1 ] for any permissions in $arr
+	 * to [ 0 => ['name' => 'view_stream', 'value' => 1], ... ]
+	 *
+	 * @param array $arr associative perms array 'view_stream' => 1
+	 * @return Indexed array with elements that look like
+	 *   * \e string \b name the perm name (e.g. view_stream)
+	 *   * \e int \b value the value of the perm (e.g. 1)
+	 */
 	static public function OPerms($arr) {
 		$ret = [];
 		if($arr) {
@@ -120,7 +152,12 @@ class Permissions {
 		return $ret;
 	}

-
+	/**
+	 * @brief
+	 *
+	 * @param int $channel_id
+	 * @return boolean|array
+	 */
 	static public function FilledAutoperms($channel_id) {
 		if(! intval(get_pconfig($channel_id,'system','autoperms')))
 			return false;
@@ -137,16 +174,34 @@ class Permissions {
 		return $arr;
 	}

-	static public function PermsCompare($p1,$p2) {
+	/**
+	 * @brief Compares that all Permissions from $p1 exist also in $p2.
+	 *
+	 * @param array $p1 The perms that have to exist in $p2
+	 * @param array $p2 The perms to compare against
+	 * @return boolean true if all perms from $p1 exist also in $p2
+	 */
+	static public function PermsCompare($p1, $p2) {
 		foreach($p1 as $k => $v) {
-			if(! array_key_exists($k,$p2))
+			if(! array_key_exists($k, $p2))
 				return false;
+
 			if($p1[$k] != $p2[$k])
 				return false;
 		}
+
 		return true;
 	}

+	/**
+	 * @brief
+	 *
+	 * @param int $channel_id A channel id
+	 * @return associative array
+	 *   * \e array \b perms Permission array
+	 *   * \e int \b automatic 0 or 1
+	 */
+
 	static public function connect_perms($channel_id) {

 		$my_perms = [];
@@ -155,7 +210,7 @@ class Permissions {

 		// If a default permcat exists, use that

-		$pc = ((feature_enabled($channel_id,'permcats')) ? get_pconfig($channel_id,'system','default_permcat') : 'default');		
+		$pc = ((feature_enabled($channel_id,'permcats')) ? get_pconfig($channel_id,'system','default_permcat') : 'default');
 		if(! in_array($pc, [ '','default' ])) {
 			$pcp = new Zlib\Permcat($channel_id);
 			$permcat = $pcp->fetch($pc);
@@ -167,7 +222,7 @@ class Permissions {
 		}

 		// look up the permission role to see if it specified auto-connect
-		// and if there was no permcat or a default permcat, set the perms 
+		// and if there was no permcat or a default permcat, set the perms
 		// from the role

 		$role = get_pconfig($channel_id,'system','permissions_role');
@@ -195,7 +250,7 @@ class Permissions {
 		}

 		// If we reached this point with no permissions, the channel is using
-		// custom perms but they are not automatic. They will be stored in abconfig with 
+		// custom perms but they are not automatic. They will be stored in abconfig with
 		// the channel's channel_hash (the 'self' connection).

 		if(! $my_perms) {
--- a/Zotlabs/Daemon/Cron.php
+++ b/Zotlabs/Daemon/Cron.php
@@ -121,6 +121,9 @@ class Cron {
 			}
 		}

+		require_once('include/attach.php');
+		attach_upgrade();
+
 		$abandon_days = intval(get_config('system','account_abandon_days'));
 		if($abandon_days < 1)
 			$abandon_days = 0;
@@ -171,7 +174,8 @@ class Cron {

 		// pull in some public posts

-		if(! get_config('system','disable_discover_tab'))
+		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
+		if(! $disable_discover_tab)
 			Master::Summon(array('Externals'));

 		$generation = 0;
--- a/Zotlabs/Daemon/Cron_daily.php
+++ b/Zotlabs/Daemon/Cron_daily.php
@@ -38,12 +38,20 @@ class Cron_daily {
 			db_utcnow(), db_quoteinterval('30 DAY')
 		);

+		// expire any unread notifications over a year old
+
+		q("delete from notify where seen = 0 and created < %s - INTERVAL %s",
+			db_utcnow(), db_quoteinterval('1 YEAR')
+		);
+
+
 		//update statistics in config
 		require_once('include/statistics_fns.php');
 		update_channels_total_stat();
 		update_channels_active_halfyear_stat();
 		update_channels_active_monthly_stat();
 		update_local_posts_stat();
+		update_local_comments_stat();


 		// expire old delivery reports
@@ -80,7 +88,7 @@ class Cron_daily {

 		call_hooks('cron_daily',datetime_convert());

-		set_config('system','last_expire_day',$d2);
+		set_config('system','last_expire_day',intval(datetime_convert('UTC','UTC','now','d')));

 		/**
 		 * End Cron Daily
--- a/Zotlabs/Daemon/Importdoc.php
+++ b/Zotlabs/Daemon/Importdoc.php
@@ -21,12 +21,18 @@ class Importdoc {
 		$files = glob("$d/$f");
 		if($files) {
 			foreach($files as $fi) {
-				if($fi === 'doc/html')
+				if($fi === 'doc/html') {
 					continue;
-				if(is_dir($fi))
+				}
+				if(is_dir($fi)) {
 					self::update_docs_dir("$fi/*");
-				else
-					store_doc_file($fi);
+				}
+				else {
+					// don't update media content
+					if(strpos(z_mime_content_type($fi),'text') === 0) {
+						store_doc_file($fi);
+					}
+				}
 			}
 		}
 	}
--- a/Zotlabs/Daemon/Notifier.php
+++ b/Zotlabs/Daemon/Notifier.php
@@ -5,6 +5,11 @@ namespace Zotlabs\Daemon;
 require_once('include/queue_fn.php');
 require_once('include/html2plain.php');
 require_once('include/conversation.php');
+require_once('include/zot.php');
+require_once('include/items.php');
+require_once('include/bbcode.php');
+
+

 /*
 * This file was at one time responsible for doing all deliveries, but this caused
@@ -59,8 +64,6 @@ require_once('include/conversation.php');
 *       purge_all              channel_id
 *       expire                 channel_id
 *       relay					item_id (item was relayed to owner, we will deliver it as owner)
- *       single_activity        item_id (deliver to a singleton network from the appropriate clone)
- *       single_mail            mail_id (deliver to a singleton network from the appropriate clone)
 *       location               channel_id
 *       request                channel_id            xchan_hash             message_id
 *       rating                 xlink_id
@@ -68,13 +71,6 @@ require_once('include/conversation.php');
 */


-require_once('include/zot.php');
-require_once('include/queue_fn.php');
-require_once('include/datetime.php');
-require_once('include/items.php');
-require_once('include/bbcode.php');
-require_once('include/channel.php');
-

 class Notifier {

@@ -98,16 +94,6 @@ class Notifier {

 		$deliveries = array();

-		$dead_hubs = array();
-
-		$dh = q("select site_url from site where site_dead = 1");
-		if($dh) {
-			foreach($dh as $dead) {
-				$dead_hubs[] = $dead['site_url'];
-			}
-		}
-
-
 		$request = false;
 		$mail = false;
 		$top_level = false;
@@ -117,7 +103,7 @@ class Notifier {
 		$normal_mode = true;
 		$packet_type = 'undefined';

-		if($cmd === 'mail' || $cmd === 'single_mail') {
+		if($cmd === 'mail') {
 			$normal_mode = false;
 			$mail = true;
 			$private = true;
@@ -282,7 +268,8 @@ class Notifier {

 			// Check for non published items, but allow an exclusion for transmitting hidden file activities

-			if(intval($target_item['item_unpublished']) || intval($target_item['item_delayed']) || 
+			if(intval($target_item['item_unpublished']) || intval($target_item['item_delayed']) ||
+				intval($target_item['item_blocked']) || 
 				( intval($target_item['item_hidden']) && ($target_item['obj_type'] !== ACTIVITY_OBJ_FILE))) {
 				logger('notifier: target item not published, so not forwardable', LOGGER_DEBUG);
 				return;
@@ -403,7 +390,6 @@ class Notifier {
 					return;
 				}
 			}
-
 		}

 		$walltowall = (($top_level_post && $channel['xchan_hash'] === $target_item['author_xchan']) ? true : false); 
@@ -420,7 +406,7 @@ class Notifier {
 		if(! $recipients)
 			return;

-//	logger('notifier: recipients: ' . print_r($recipients,true), LOGGER_NORMAL, LOG_DEBUG);
+		//	logger('notifier: recipients: ' . print_r($recipients,true), LOGGER_NORMAL, LOG_DEBUG);

 		$env_recips = (($private) ? array() : null);

@@ -433,40 +419,40 @@ class Notifier {
 			foreach($details as $d) {

 				$recip_list[] = $d['xchan_addr'] . ' (' . $d['xchan_hash'] . ')'; 
-				if($private)
-					$env_recips[] = array('guid' => $d['xchan_guid'],'guid_sig' => $d['xchan_guid_sig'],'hash' => $d['xchan_hash']);
-
-				if($d['xchan_network'] === 'mail' && $normal_mode) {
-					$delivery_options = get_xconfig($d['xchan_hash'],'system','delivery_mode');
-					if(! $delivery_options)
-						format_and_send_email($channel,$d,$target_item);
+				if($private) {
+					$env_recips[] = [
+						'guid'     => $d['xchan_guid'],
+						'guid_sig' => $d['xchan_guid_sig'],
+						'hash'     => $d['xchan_hash']
+					];
 				}
 			}
 		}


-		$narr = array(
-			'channel' => $channel,
-			'upstream' => $upstream,
-			'env_recips' => $env_recips,
-			'packet_recips' => $packet_recips,
-			'recipients' => $recipients,
-			'item' => $item,
-			'target_item' => $target_item,
+		$narr = [
+			'channel'        => $channel,
+			'upstream'       => $upstream,
+			'env_recips'     => $env_recips,
+			'packet_recips'  => $packet_recips,
+			'recipients'     => $recipients,
+			'item'           => $item,
+			'target_item'    => $target_item,
+			'parent_item'    => $parent_item,
 			'top_level_post' => $top_level_post,
-			'private' => $private,
+			'private'        => $private,
 			'relay_to_owner' => $relay_to_owner,
-			'uplink' => $uplink,
-			'cmd' => $cmd,
-			'mail' => $mail,
-			'single' => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
-			'location' => $location,
-			'request' => $request,
-			'normal_mode' => $normal_mode,
-			'packet_type' => $packet_type,
-			'walltowall' => $walltowall,
-			'queued' => array()
-		);
+			'uplink'         => $uplink,
+			'cmd'            => $cmd,
+			'mail'           => $mail,
+			'single'         => false,
+			'location'       => $location,
+			'request'        => $request,
+			'normal_mode'    => $normal_mode,
+			'packet_type'    => $packet_type,
+			'walltowall'     => $walltowall,
+			'queued'         => []
+		];

 		call_hooks('notifier_process', $narr);
 		if($narr['queued']) {
@@ -489,10 +475,10 @@ class Notifier {
 	

 		// Now we have collected recipients (except for external mentions, FIXME)
-		// Let's reduce this to a set of hubs.
+		// Let's reduce this to a set of hubs; checking that the site is not dead.

 		$r = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash in (" . implode(',',$recipients) . ") 
-			and hubloc_error = 0 and hubloc_deleted = 0"
+			and hubloc_error = 0 and hubloc_deleted = 0 and ( site_dead = 0 OR site_dead is null ) "
 		);		
 

@@ -503,73 +489,78 @@ class Notifier {

 		$hubs = $r;

-
-
 		/**
-		 * Reduce the hubs to those that are unique. For zot hubs, we need to verify uniqueness by the sitekey, since it may have been 
-		 * a re-install which has not yet been detected and pruned.
+		 * Reduce the hubs to those that are unique. For zot hubs, we need to verify uniqueness by the sitekey, 
+		 * since it may have been a re-install which has not yet been detected and pruned.
 		 * For other networks which don't have or require sitekeys, we'll have to use the URL
 		 */


-		$hublist = array(); // this provides an easily printable list for the logs
-		$dhubs   = array(); // delivery hubs where we store our resulting unique array
-		$keys    = array(); // array of keys to check uniquness for zot hubs
-		$urls    = array(); // array of urls to check uniqueness of hubs from other networks
-
+		$hublist = []; // this provides an easily printable list for the logs
+		$dhubs   = []; // delivery hubs where we store our resulting unique array
+		$keys    = []; // array of keys to check uniquness for zot hubs
+		$urls    = []; // array of urls to check uniqueness of hubs from other networks
+		$hub_env = []; // per-hub envelope so we don't broadcast the entire envelope to all

 		foreach($hubs as $hub) {
-			if(in_array($hub['hubloc_url'],$dead_hubs)) {
-				logger('skipping dead hub: ' . $hub['hubloc_url'], LOGGER_DEBUG, LOG_INFO);
-				continue;
+
+			if($env_recips) {
+				foreach($env_recips as $er) {
+					if($hub['hubloc_hash'] === $er['hash']) {
+						if(! array_key_exists($hub['hubloc_host'] . $hub['hubloc_sitekey'], $hub_env)) {
+							$hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] = [];
+						}
+						$hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']][] = $er;
+					}
+				}
 			}
+			

 			if($hub['hubloc_network'] == 'zot') {
 				if(! in_array($hub['hubloc_sitekey'],$keys)) {
 					$hublist[] = $hub['hubloc_host'];
-					$dhubs[] = $hub;
-					$keys[] = $hub['hubloc_sitekey'];
+					$dhubs[]   = $hub;
+					$keys[]    = $hub['hubloc_sitekey'];
 				}
 			}
 			else {
 				if(! in_array($hub['hubloc_url'],$urls)) {
 					$hublist[] = $hub['hubloc_host'];
-					$dhubs[] = $hub;
-					$urls[] = $hub['hubloc_url'];
+					$dhubs[]   = $hub;
+					$urls[]    = $hub['hubloc_url'];
 				}
 			}
 		}

 		logger('notifier: will notify/deliver to these hubs: ' . print_r($hublist,true), LOGGER_DEBUG, LOG_DEBUG);

-
 		foreach($dhubs as $hub) {

 			if($hub['hubloc_network'] !== 'zot') {
-
-				$narr = array(
-					'channel' => $channel,
-					'upstream' => $upstream,
-					'env_recips' => $env_recips,
-					'packet_recips' => $packet_recips,
-					'recipients' => $recipients,
-					'item' => $item,
-					'target_item' => $target_item,
-					'hub' => $hub,
+				$narr = [
+					'channel'        => $channel,
+					'upstream'       => $upstream,
+					'env_recips'     => $env_recips,
+					'packet_recips'  => $packet_recips,
+					'recipients'     => $recipients,
+					'item'           => $item,
+					'target_item'    => $target_item,
+					'parent_item'    => $parent_item,
+					'hub'            => $hub,
 					'top_level_post' => $top_level_post,
-					'private' => $private,
+					'private'        => $private,
 					'relay_to_owner' => $relay_to_owner,
-					'uplink' => $uplink,
-					'cmd' => $cmd,
-					'mail' => $mail,
-					'single' => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
-					'location' => $location,
-					'request' => $request,
-					'normal_mode' => $normal_mode,
-					'packet_type' => $packet_type,
-					'walltowall' => $walltowall,
-					'queued' => array()
-				);
+					'uplink'         => $uplink,
+					'cmd'            => $cmd,
+					'mail'           => $mail,
+					'single'         => false,
+					'location'       => $location,
+					'request'        => $request,
+					'normal_mode'    => $normal_mode,
+					'packet_type'    => $packet_type,
+					'walltowall'     => $walltowall,
+					'queued'         => []
+				];


 				call_hooks('notifier_hub',$narr);
@@ -581,21 +572,6 @@ class Notifier {

 			}

-			// singleton deliveries by definition 'not got zot'.
-			// Single deliveries are other federated networks (plugins) and we're essentially 
-			// delivering only to those that have this site url in their abook_instance
-			// and only from within a sync operation. This means if you post from a clone,
-			// and a connection is connected to one of your other clones; assuming that hub
-			// is running it will receive a sync packet. On receipt of this sync packet it
-			// will invoke a delivery to those connections which are connected to just that
-			// hub instance. 
-
-			if($cmd === 'single_mail' || $cmd === 'single_activity') {
-				continue;
-			}
-
-			// default: zot protocol
-
 			$hash = random_string();
 			$packet = null;

@@ -603,7 +579,8 @@ class Notifier {
 				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
 			}
 			elseif($packet_type === 'request') {
-				$packet = zot_build_packet($channel,$packet_type,$env_recips,$hub['hubloc_sitekey'],$hub['site_crypto'],
+				$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
+				$packet = zot_build_packet($channel,$packet_type,$env,$hub['hubloc_sitekey'],$hub['site_crypto'],
 					$hash, array('message_id' => $request_message_id)
 				);
 			}
@@ -618,15 +595,18 @@ class Notifier {
 				));
 			}
 			else {
-				$packet = zot_build_packet($channel,'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);	
-				queue_insert(array(
-					'hash'       => $hash,
-					'account_id' => $target_item['aid'],
-					'channel_id' => $target_item['uid'],
-					'posturl'    => $hub['hubloc_callback'],
-					'notify'     => $packet,
-					'msg'        => json_encode($encoded_item)
-				));
+				$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
+				$packet = zot_build_packet($channel,'notify',$env,(($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);	
+				queue_insert(
+					[
+						'hash'       => $hash,
+						'account_id' => $target_item['aid'],
+						'channel_id' => $target_item['uid'],
+						'posturl'    => $hub['hubloc_callback'],
+						'notify'     => $packet,
+						'msg'        => json_encode($encoded_item)
+					]
+				);

 				// only create delivery reports for normal undeleted items
 				if(is_array($target_item) && array_key_exists('postopts',$target_item) && (! $target_item['item_deleted']) && (! get_config('system','disable_dreport'))) {
@@ -647,9 +627,9 @@ class Notifier {
 	
 		if($normal_mode) {
 			$x = q("select * from hook where hook = 'notifier_normal'");
-			if($x)
-				Master::Summon(array('Deliver_hooks',$target_item['id']));
-
+			if($x) {
+				Master::Summon( [ 'Deliver_hooks', $target_item['id'] ] );
+			}
 		}

 		if($deliveries)
--- a/Zotlabs/Daemon/Onepoll.php
+++ b/Zotlabs/Daemon/Onepoll.php
@@ -118,13 +118,29 @@ class Onepoll {

 			if($fetch_feed) {

-				$feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']);		
-				$feedurl .= '?f=&mindate=' . urlencode($last_update);
+				if(strpos($contact['xchan_connurl'],z_root()) === 0) {
+					// local channel - save a network fetch
+					$c = channelx_by_hash($contact['xchan_hash']);
+					if($c) {
+						$x = [ 
+							'success' => true, 
+							'body' => json_encode( [ 
+								'success' => true,
+								'messages' => zot_feed($c['channel_id'], $importer['xchan_hash'], [ 'mindate' => $last_update ])
+							])
+						];
+					}
+				}
+				else {
+					// remote fetch	

-				$x = z_fetch_url($feedurl);
+					$feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']);		
+					$feedurl .= '?f=&mindate=' . urlencode($last_update) . '&zid=' . $importer['channel_address'] . '@' . \App::get_hostname();
+					$recurse = 0;
+					$x = z_fetch_url($feedurl, false, $recurse, [ 'session' => true ]);
+				}

 				logger('feed_update: ' . print_r($x,true), LOGGER_DATA);
-
 			}

 			if(($x) && ($x['success'])) {
--- a/Zotlabs/Extend/Hook.php
+++ b/Zotlabs/Extend/Hook.php
@@ -40,6 +40,15 @@ class Hook {
 		return $r;
 	}

+	static public function register_array($file,$arr) {
+		if($arr) {
+			foreach($arr as $k => $v) {
+				self::register($k,$file,$v);
+			}
+		}
+	}
+
+
 	static public function unregister($hook,$file,$function,$version = 1,$priority = 0) {
 		if(is_array($function)) {
 			$function = serialize($function);
--- a/Zotlabs/Lib/ActivityStreams2.php
+++ b/Zotlabs/Lib/ActivityStreams2.php
@@ -0,0 +1,86 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+
+class ActivityStreams2 {
+
+	public $data;
+	public $valid = false;
+	public $id    = '';
+	public $type  = '';
+	public $actor = null;
+	public $obj   = null;
+	public $tgt   = null;
+
+	function __construct($string) {
+
+		$this->data = json_decode($string,true);
+		if($this->data) {
+			$this->valid = true;
+		}
+
+		if($this->is_valid()) {
+			$this->id    = $this->get_property_obj('id');
+			$this->type  = $this->get_primary_type();
+			$this->actor = $this->get_compound_property('actor');
+			$this->obj   = $this->get_compound_property('object');
+			$this->tgt   = $this->get_compound_property('target');
+		}
+	}
+
+	function is_valid() {
+		return $this->valid;
+	}
+
+	function get_property_obj($property,$base = '') {
+		if(! $base) {
+			$base = $this->data;
+		}
+		return $base[$property];
+	}
+
+	function fetch_property($url) {
+		$redirects = 0;
+		$x = z_fetch_url($url,true,$redirects,
+			['headers' => [ 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams"']]);
+		if($x['success'])
+			return json_decode($x['body'],true);
+		return null;
+	}
+
+	function get_compound_property($property,$base = '') {
+		$x = $this->get_property_obj($property,$base);
+		if($this->is_url($x)) {
+			$x = $this->fetch_property($x); 	
+		}
+		return $x;
+	}
+
+	function is_url($url) {
+		if(($url) && (! is_array($url)) && (strpos($url,'http') === 0)) {
+			return true;
+		}
+		return false;
+	}
+
+	function get_primary_type($base = '') {
+		if(! $base)
+			$base = $this->data;
+		$x = $this->get_property_obj('type',$base);
+		if(is_array($x)) {
+			foreach($x as $y) {
+				if(strpos($y,':') === false) {
+					return $y;
+				}
+			}
+		}
+		return $x;
+	}
+
+	function debug() {
+		$x = var_export($this,true);
+		return $x;
+	}
+
+}
--- a/Zotlabs/Lib/Apps.php
+++ b/Zotlabs/Lib/Apps.php
@@ -34,7 +34,7 @@ class Apps {
 		if($files) {
 			foreach($files as $f) {
 				$path = explode('/',$f);
-				$plugin = $path[1];
+				$plugin = trim($path[1]);
 				if(plugin_is_installed($plugin)) {
 					$x = self::parse_app_description($f,$translate);
 					if($x) {
@@ -209,6 +209,7 @@ class Apps {

 	static public function translate_system_apps(&$arr) {
 		$apps = array(
+			'Apps' => t('Apps'),
 			'Site Admin' => t('Site Admin'),
 			'Report Bug' => t('Report Bug'),
 			'View Bookmarks' => t('View Bookmarks'),
@@ -219,7 +220,7 @@ class Apps {
 			'Suggest Channels' => t('Suggest Channels'),
 			'Login' => t('Login'),
 			'Channel Manager' => t('Channel Manager'), 
-			'Grid' => t('Grid'), 
+			'Grid' => t('Activity'), 
 			'Settings' => t('Settings'),
 			'Files' => t('Files'),
 			'Webpages' => t('Webpages'),
@@ -245,9 +246,19 @@ class Apps {
 			'Profile Photo' => t('Profile Photo')
 		);

-		if(array_key_exists($arr['name'],$apps)) {
-			$arr['name'] = $apps[$arr['name']];
+		if(array_key_exists('name',$arr)) {
+			if(array_key_exists($arr['name'],$apps)) {
+				$arr['name'] = $apps[$arr['name']];
+			}
 		}
+		else {
+			for($x = 0; $x < count($arr); $x++) {
+				if(array_key_exists($arr[$x]['name'],$apps)) {
+					$arr[$x]['name'] = $apps[$arr[$x]['name']];
+				}
+			}
+		}
+				
 	}


@@ -275,7 +286,7 @@ class Apps {

 		self::translate_system_apps($papp);

-		if(($papp['plugin']) && (! plugin_is_installed($papp['plugin'])))
+		if(trim($papp['plugin']) && (! plugin_is_installed(trim($papp['plugin']))))
 			return '';

 		$papp['papp'] = self::papp_encode($papp);
@@ -361,6 +372,7 @@ class Apps {
 			'$feature' => (($papp['embed']) ? false : true),
 			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
 			'$navapps' => (($mode == 'nav') ? true : false),
+			'$order' => (($mode == 'nav-order') ? true : false),
 			'$add' => t('Add to app-tray'),
 			'$remove' => t('Remove from app-tray')
 		));
@@ -529,6 +541,129 @@ class Apps {
 		return($r);
 	}

+	static public function app_order($uid,$apps) {
+
+		if(! $apps)
+			return $apps;
+
+		$x = (($uid) ? get_pconfig($uid,'system','app_order') : get_config('system','app_order'));
+		if(($x) && (! is_array($x))) {
+			$y = explode(',',$x);
+			$y = array_map('trim',$y);
+			$x = $y;
+		}
+
+		if(! (is_array($x) && ($x)))
+			return $apps;
+
+		$ret = [];
+		foreach($x as $xx) {
+			$y = self::find_app_in_array($xx,$apps);
+			if($y) {
+				$ret[] = $y;
+			}
+		}
+		foreach($apps as $ap) {
+			if(! self::find_app_in_array($ap['name'],$ret)) {
+				$ret[] = $ap;
+			}
+		}
+		return $ret;
+
+	}
+
+	static function find_app_in_array($name,$arr) {
+		if(! $arr)
+			return false;
+		foreach($arr as $x) {
+			if($x['name'] === $name) {
+					return $x;
+			}
+		}
+		return false;
+	}
+
+	static function moveup($uid,$guid) {
+		$syslist = array();
+		$list = self::app_list($uid, false, 'nav_featured_app');
+		if($list) {
+			foreach($list as $li) {
+				$syslist[] = self::app_encode($li);
+			}
+		}
+		self::translate_system_apps($syslist);
+
+		usort($syslist,'self::app_name_compare');
+
+		$syslist = self::app_order($uid,$syslist);
+
+		if(! $syslist)
+			return;
+
+		$newlist = [];
+
+		foreach($syslist as $k => $li) {
+			if($li['guid'] === $guid) {
+				$position = $k;
+				break;
+			}
+		}
+		if(! $position)
+			return;
+		$dest_position = $position - 1;
+		$saved = $syslist[$dest_position];
+		$syslist[$dest_position] = $syslist[$position];
+		$syslist[$position] = $saved;
+
+		$narr = [];
+		foreach($syslist as $x) {
+			$narr[] = $x['name'];
+		}
+
+		set_pconfig($uid,'system','app_order',implode(',',$narr));
+
+	}
+
+	static function movedown($uid,$guid) {
+		$syslist = array();
+		$list = self::app_list($uid, false, 'nav_featured_app');
+		if($list) {
+			foreach($list as $li) {
+				$syslist[] = self::app_encode($li);
+			}
+		}
+		self::translate_system_apps($syslist);
+
+		usort($syslist,'self::app_name_compare');
+
+		$syslist = self::app_order($uid,$syslist);
+
+		if(! $syslist)
+			return;
+
+		$newlist = [];
+
+		foreach($syslist as $k => $li) {
+			if($li['guid'] === $guid) {
+				$position = $k;
+				break;
+			}
+		}
+		if($position >= count($syslist) - 1)
+			return;
+		$dest_position = $position + 1;
+		$saved = $syslist[$dest_position];
+		$syslist[$dest_position] = $syslist[$position];
+		$syslist[$position] = $saved;
+
+		$narr = [];
+		foreach($syslist as $x) {
+			$narr[] = $x['name'];
+		}
+
+		set_pconfig($uid,'system','app_order',implode(',',$narr));
+
+	}

 	static public function app_decode($s) {
 		$x = base64_decode(str_replace(array('<br />',"\r","\n",' '),array('','','',''),$s));
@@ -565,7 +700,7 @@ class Apps {
 		$darray['app_addr']     = ((x($arr,'addr'))     ? escape_tags($arr['addr']) : '');
 		$darray['app_price']    = ((x($arr,'price'))    ? escape_tags($arr['price']) : '');
 		$darray['app_page']     = ((x($arr,'page'))     ? escape_tags($arr['page']) : '');
-		$darray['app_plugin']   = ((x($arr,'plugin'))   ? escape_tags($arr['plugin']) : '');
+		$darray['app_plugin']   = ((x($arr,'plugin'))   ? escape_tags(trim($arr['plugin'])) : '');
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
@@ -643,7 +778,7 @@ class Apps {
 		$darray['app_addr']     = ((x($arr,'addr')) ? escape_tags($arr['addr']) : '');
 		$darray['app_price']    = ((x($arr,'price')) ? escape_tags($arr['price']) : '');
 		$darray['app_page']     = ((x($arr,'page')) ? escape_tags($arr['page']) : '');
-		$darray['app_plugin']   = ((x($arr,'plugin')) ? escape_tags($arr['plugin']) : '');
+		$darray['app_plugin']   = ((x($arr,'plugin')) ? escape_tags(trim($arr['plugin'])) : '');
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
@@ -753,7 +888,7 @@ class Apps {
 			$ret['system'] = $app['app_system'];

 		if($app['app_plugin'])
-			$ret['plugin'] = $app['app_plugin'];
+			$ret['plugin'] = trim($app['app_plugin']);

 		if($app['app_deleted'])
 			$ret['deleted'] = $app['app_deleted'];
--- a/Zotlabs/Lib/Cache.php
+++ b/Zotlabs/Lib/Cache.php
@@ -9,10 +9,10 @@ namespace Zotlabs\Lib;
 class Cache {
 	public static function get($key) {

-		$key = substr($key,0,254);
+		$hash = hash('whirlpool',$key);

 		$r = q("SELECT v FROM cache WHERE k = '%s' limit 1",
-			dbesc($key)
+			dbesc($hash)
 		);
 			
 		if ($r)
@@ -22,20 +22,20 @@ class Cache {
 		
 	public static function set($key,$value) {

-		$key = substr($key,0,254);
+		$hash = hash('whirlpool',$key);

 		$r = q("SELECT * FROM cache WHERE k = '%s' limit 1",
-			dbesc($key)
+			dbesc($hash)
 		);
 		if($r) {
 			q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s'",
 				dbesc($value),
 				dbesc(datetime_convert()),
-				dbesc($key));
+				dbesc($hash));
 		}
 		else {
 			q("INSERT INTO cache ( k, v, updated) VALUES ('%s','%s','%s')",
-				dbesc($key),
+				dbesc($hash),
 				dbesc($value),
 				dbesc(datetime_convert()));
 		}
--- a/Zotlabs/Lib/Config.php
+++ b/Zotlabs/Lib/Config.php
@@ -53,7 +53,7 @@ class Config {
 		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);

-		if(get_config($family, $key) === false || (! self::get_from_storage($family, $key))) {
+		if(self::Get($family, $key) === false || (! self::get_from_storage($family, $key))) {
 			$ret = q("INSERT INTO config ( cat, k, v ) VALUES ( '%s', '%s', '%s' ) ",
 				dbesc($family),
 				dbesc($key),
--- a/Zotlabs/Lib/DB_Upgrade.php
+++ b/Zotlabs/Lib/DB_Upgrade.php
@@ -0,0 +1,121 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+
+class DB_Upgrade {
+
+	public $config_name = '';
+	public $func_prefix = '';
+
+	function __construct($db_revision) {
+
+		$platform_name = System::get_platform_name();
+
+		$update_file = 'install/' . $platform_name . '/update.php';
+		if(! file_exists($update_file)) {
+			$update_file = 'install/update.php';
+			$this->config_name = 'db_version';
+			$this->func_prefix = 'update_r';
+		}
+		else {
+			$this->config_name = $platform_name . '_db_version';
+			$this->func_prefix = $platform_name . '_update_';
+		}
+
+		$build = get_config('system', $this->config_name, 0);
+		if(! intval($build))
+			$build = set_config('system', $this->config_name, $db_revision);
+
+		if($build == $db_revision) {
+			// Nothing to be done.
+			return;
+		}
+		else {
+			$stored = intval($build);
+			if(! $stored) {
+				logger('Critical: check_config unable to determine database schema version');
+				return;
+			}
+		
+			$current = intval($db_revision);
+
+			if(($stored < $current) && file_exists($update_file)) {
+
+				Config::Load('database');
+
+				// We're reporting a different version than what is currently installed.
+				// Run any existing update scripts to bring the database up to current.
+				
+				require_once($update_file);
+
+				// make sure that boot.php and update.php are the same release, we might be
+				// updating from git right this very second and the correct version of the update.php
+				// file may not be here yet. This can happen on a very busy site.
+
+				if($db_revision == UPDATE_VERSION) {
+					for($x = $stored; $x < $current; $x ++) {
+						$func = $this->func_prefix . $x;
+						if(function_exists($func)) {
+							// There could be a lot of processes running or about to run.
+							// We want exactly one process to run the update command.
+							// So store the fact that we're taking responsibility
+							// after first checking to see if somebody else already has.
+
+							// If the update fails or times-out completely you may need to
+							// delete the config entry to try again.
+
+							if(get_config('database', $func))
+								break;
+							set_config('database',$func, '1');
+							// call the specific update
+
+							$retval = $func();
+							if($retval) {
+
+								// Prevent sending hundreds of thousands of emails by creating
+								// a lockfile.  
+
+								$lockfile = 'store/[data]/mailsent';
+
+								if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 86400)))
+									return;
+								@unlink($lockfile);
+								//send the administrator an e-mail
+								file_put_contents($lockfile, $x);
+							
+								$r = q("select account_language from account where account_email = '%s' limit 1",
+									dbesc(\App::$config['system']['admin_email'])
+								);
+								push_lang(($r) ? $r[0]['account_language'] : 'en');
+
+								z_mail(
+									[
+										'toEmail'        => \App::$config['system']['admin_email'],
+										'messageSubject' => sprintf( t('Update Error at %s'), z_root()),
+										'textVersion'    => replace_macros(get_intltext_template('update_fail_eml.tpl'), 
+											[
+												'$sitename' => \App::$config['system']['sitename'],
+												'$siteurl' =>  z_root(),
+												'$update' => $x,
+												'$error' => sprintf( t('Update %s failed. See error logs.'), $x)
+											]
+										)
+									]
+								);
+
+								//try the logger
+								logger('CRITICAL: Update Failed: ' . $x);
+								pop_lang();
+							}
+							else {
+								set_config('database',$func, 'success');
+							}
+						}
+					}
+					set_config('system', $this->config_name, $db_revision);
+				}
+			}
+		}
+	}
+}
--- a/Zotlabs/Lib/Enotify.php
+++ b/Zotlabs/Lib/Enotify.php
@@ -67,7 +67,7 @@ class Enotify {
 		$sender_name = $product;
 		$hostname = \App::get_hostname();
 		if(strpos($hostname,':'))
-		$hostname = substr($hostname,0,strpos($hostname,':'));
+			$hostname = substr($hostname,0,strpos($hostname,':'));

 		// Do not translate 'noreply' as it must be a legal 7-bit email address

@@ -77,7 +77,7 @@ class Enotify {

 		$sender_email = get_config('system','from_email');
 		if(! $sender_email)
-			$sender_email = 'Administrator' . '@' . \App::get_hostname();
+			$sender_email = 'Administrator' . '@' . $hostname;
 	
 		$sender_name = get_config('system','from_email_name');
 		if(! $sender_name)
@@ -170,6 +170,7 @@ class Enotify {

 		xchan_query($p);

+		$moderated = (($p[0]['item_blocked'] == ITEM_MODERATED) ? true : false);

 		$item_post_type = item_post_type($p[0]);
 //		$private = $p[0]['item_private'];
@@ -208,13 +209,21 @@ class Enotify {
 		// Before this we have the name of the replier on the subject rendering 
 		// differents subjects for messages on the same thread.

-		$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
+		if($moderated)
+			$subject = sprintf( t('[$Projectname:Notify] Moderated Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
+		else
+			$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); 
 		$epreamble = $dest_str; 

 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
 		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
+		if($moderated) {
+			$tsitelink .= "\n\n" . sprintf( t('Please visit %s to approve or reject this comment.'), z_root() . '/moderate' );
+			$hsitelink .= "<br><br>" . sprintf( t('Please visit %s to approve or reject this comment.'), '<a href="' . z_root() . '/moderate">' . z_root() . '/moderate</a>' );
+		}
+		
 	}

 	if ($params['type'] == NOTIFY_LIKE) {
@@ -495,13 +504,14 @@ class Enotify {
 		}
 	}

-	$r = q("insert into notify (hash,xname,url,photo,created,aid,uid,link,parent,seen,ntype,verb,otype)
-		values('%s','%s','%s','%s','%s',%d,%d,'%s','%s',%d,%d,'%s','%s')",
+	$r = q("insert into notify (hash,xname,url,photo,created,msg,aid,uid,link,parent,seen,ntype,verb,otype)
+		values('%s','%s','%s','%s','%s','%s',%d,%d,'%s','%s',%d,%d,'%s','%s')",
 		dbesc($datarray['hash']),
 		dbesc($datarray['xname']),
 		dbesc($datarray['url']),
 		dbesc($datarray['photo']),
 		dbesc($datarray['created']),
+		dbesc(''),      // will fill this in below after the record is created
 		intval($datarray['aid']),
 		intval($datarray['uid']),
 		dbesc($datarray['link']),
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -0,0 +1,103 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+/**
+ * MarkdownSoap
+ * Purify Markdown for storage
+ *   $x = new MarkdownSoap($string_to_be_cleansed);
+ *   $text = $x->clean();
+ *
+ * What this does:
+ * 1. extracts code blocks and privately escapes them from processing
+ * 2. Run html purifier on the content
+ * 3. put back the code blocks
+ * 4. run htmlspecialchars on the entire content for safe storage
+ *
+ * At render time: 
+ *    $markdown = \Zotlabs\Lib\MarkdownSoap::unescape($text);
+ *    $html = \Michelf\MarkdownExtra::DefaultTransform($markdown);
+ */
+
+
+
+class MarkdownSoap {
+
+	private $token;
+
+	private $str;
+
+	function __construct($s) {
+		$this->str  = $s;
+		$this->token = random_string(20);
+	}
+
+
+	function clean() {
+
+		$x = $this->extract_code($this->str);
+
+		$x = $this->purify($x);
+
+		$x = $this->putback_code($x);		
+
+		$x = $this->escape($x);
+		
+		return $x;
+	}
+
+	function extract_code($s) {
+			
+		$text = preg_replace_callback('{
+					(?:\n\n|\A\n?)
+					(	            # $1 = the code block -- one or more lines, starting with a space/tab
+					  (?>
+						[ ]{'.'4'.'}  # Lines must start with a tab or a tab-width of spaces
+						.*\n+
+					  )+
+					)
+					((?=^[ ]{0,'.'4'.'}\S)|\Z)	# Lookahead for non-space at line-start, or end of doc
+				}xm',
+				[ $this , 'encode_code' ], $s);
+
+		return $text;
+	}
+	
+	function encode_code($matches) {
+		return $this->token . ';' . base64_encode($matches[0]) . ';' ;
+	}
+
+	function decode_code($matches) {
+		return base64_decode($matches[1]);
+	}
+
+	function putback_code($s) {
+		$text = preg_replace_callback('{' . $this->token . '\;(.*?)\;}xm',[ $this, 'decode_code' ], $s);
+		return $text;
+	}
+
+	function purify($s) {
+		$s = $this->protect_autolinks($s);
+		$s = purify_html($s);
+		$s = $this->unprotect_autolinks($s);
+		return $s;
+	}
+
+	function protect_autolinks($s) {
+		$s = preg_replace('/\<(https?\:\/\/)(.*?)\>/','[$1$2]($1$2)',$s);
+		return $s;
+	}
+
+	function unprotect_autolinks($s) {
+		return $s;
+
+	}
+
+	function escape($s) {
+		return htmlspecialchars($s,ENT_QUOTES);
+	}
+
+	static public function unescape($s) {
+		return htmlspecialchars_decode($s,ENT_QUOTES);
+	}
+}
--- a/Zotlabs/Lib/NativeWiki.php
+++ b/Zotlabs/Lib/NativeWiki.php
@@ -101,11 +101,11 @@ class NativeWiki {
 	static public function sync_a_wiki_item($uid,$id,$resource_id) {


-		$r = q("SELECT * from item WHERE uid = %d AND ( id = %d OR ( resource_type = '%s' and resource_id = %d )) ",
+		$r = q("SELECT * from item WHERE uid = %d AND ( id = %d OR ( resource_type = '%s' and resource_id = '%s' )) ",
 			intval($uid),
 			intval($id),
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
-			intval($resource_id)
+			dbesc($resource_id)
 		);
 		if($r) {
 			xchan_query($r);
--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -21,19 +21,30 @@ class NativeWikiPage {
 		$sql_extra = item_permissions_sql($channel_id,$observer_hash);

 		$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and item_deleted = 0 
-			$sql_extra group by mid",
+			$sql_extra order by created asc",
 			dbesc($resource_id),
 			intval($channel_id)
 		);
 		if($r) {
-			$items = fetch_post_tags($r,true);
+			$x = [];
+			$y = [];
+
+			foreach($r as $rv) {
+				if(! in_array($rv['mid'],$x)) {
+					$y[] = $rv;
+					$x[] = $rv['mid'];
+				}
+			}
+
+			$items = fetch_post_tags($y,true);
+
 			foreach($items as $page_item) {
 				$title = get_iconfig($page_item['id'],'nwikipage','pagetitle',t('(No Title)'));
 				if(urldecode($title) !== 'Home') {
 					$pages[] = [
 						'resource_id' => $resource_id,
 						'title'       => escape_tags($title),
-						'url'         => urlencode(urlencode($title)),
+						'url'         => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
 						'link_id'     => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
 					];
 				}
@@ -156,7 +167,7 @@ class NativeWikiPage {
 			$content = $item['body'];

 			return [ 
-				'content' => json_encode($content), 
+				'content' => $content,
 				'mimeType' => $w['mimeType'], 
 				'message' => '', 
 				'success' => true
@@ -307,48 +318,22 @@ class NativeWikiPage {
 		return null;
 	}

-
-
-	static public function prepare_content($s) {
-			
-		$text = preg_replace_callback('{
-					(?:\n\n|\A\n?)
-					(	            # $1 = the code block -- one or more lines, starting with a space/tab
-					  (?>
-						[ ]{'.'4'.'}  # Lines must start with a tab or a tab-width of spaces
-						.*\n+
-					  )+
-					)
-					((?=^[ ]{0,'.'4'.'}\S)|\Z)	# Lookahead for non-space at line-start, or end of doc
-				}xm',
-				'self::nwiki_prepare_content_callback', $s);
-	
-		return $text;
-	}
-	
-	static public function nwiki_prepare_content_callback($matches) {
-		$codeblock = $matches[1];
-	
-		$codeblock = htmlspecialchars($codeblock, ENT_NOQUOTES, UTF8, false);
-		return "\n\n" . $codeblock ;
-	}
-	
-	
-	
 	static public function save_page($arr) {

-		$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
-		$content = ((array_key_exists('content',$arr)) ? purify_html(Zlib\NativeWikiPage::prepare_content($arr['content'])) : '');
-		$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
+		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : '');
+		$content       = ((array_key_exists('content',$arr))       ? $arr['content']       : '');
+		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']   : '');
 		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
-		$revision = ((array_key_exists('revision',$arr))    ? $arr['revision']    : 0);
+		$revision      = ((array_key_exists('revision',$arr))      ? $arr['revision']      : 0);

 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);

 		if (!$w['wiki']) {
 			return array('message' => t('Error reading wiki'), 'success' => false);
 		}
+
+		$mimetype = $w['mimeType'];
 	
 		// fetch the most recently saved revision. 

@@ -367,6 +352,7 @@ class NativeWikiPage {
 		$item['author_xchan'] = $observer_hash;
 		$item['revision']     = (($arr['revision']) ? intval($arr['revision']) + 1 : intval($item['revision']) + 1);
 		$item['edited']       = datetime_convert();
+		$item['mimetype']     = $mimetype;

 		if($item['iconfig'] && is_array($item['iconfig']) && count($item['iconfig'])) {
 			for($x = 0; $x < count($item['iconfig']); $x ++) {
@@ -534,6 +520,29 @@ class NativeWikiPage {
 		}
 		return $s;
 	}
+
+	static public function render_page_history($arr) {
+
+		$pageUrlName = ((array_key_exists('pageUrlName', $arr)) ? $arr['pageUrlName'] : '');
+		$resource_id = ((array_key_exists('resource_id', $arr)) ? $arr['resource_id'] : '');
+
+		$pageHistory = self::page_history([
+			'channel_id'    => \App::$profile_uid, 
+			'observer_hash' => get_observer_hash(),
+			'resource_id'   => $resource_id,
+			'pageUrlName'   => $pageUrlName
+		]);
+
+		return replace_macros(get_markup_template('nwiki_page_history.tpl'), array(
+			'$pageHistory' => $pageHistory['history'],
+			'$permsWrite'  => $arr['permsWrite'],
+			'$name_lbl'    => t('Name'),
+			'$msg_label'   => t('Message','wiki_history')
+		));
+
+	}
+
+
 	
 	/**
 	 * Replace the instances of the string [toc] with a list element that will be populated by
--- a/Zotlabs/Lib/PConfig.php
+++ b/Zotlabs/Lib/PConfig.php
@@ -119,7 +119,7 @@ class PConfig {
 		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);

-		if(get_pconfig($uid, $family, $key) === false) {
+		if(self::Get($uid, $family, $key) === false) {
 			if(! array_key_exists($uid, \App::$config))
 				\App::$config[$uid] = array();
 			if(! array_key_exists($family, \App::$config[$uid]))
--- a/Zotlabs/Lib/System.php
+++ b/Zotlabs/Lib/System.php
@@ -19,6 +19,9 @@ class System {
 	static public function get_project_version() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
 			return '';
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && array_key_exists('std_version',\App::$config['system']))
+			return \App::$config['system']['std_version'];
+
 		return self::get_std_version();
 	}

@@ -54,12 +57,8 @@ class System {
 		return 'https://github.com/redmatrix/hubzilla';
 	}

-
-
 	static public function get_server_role() {
-		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['server_role'])
-			return \App::$config['system']['server_role'];
-		return 'standard';
+		return 'pro';
 	}

 	static public function get_std_version() {
@@ -72,11 +71,8 @@ class System {

 		if(get_directory_realm() != DIRECTORY_REALM)
 			return true;
-
-		foreach(['hubzilla','zap'] as $t) {
-			if(stristr($p,$t))
-				return true;
-		}
+		if(in_array(strtolower($p),['hubzilla','zap','red']))
+			return true;
 		return false;
 	}
 }
--- a/Zotlabs/Lib/Techlevels.php
+++ b/Zotlabs/Lib/Techlevels.php
@@ -7,12 +7,12 @@ class Techlevels {

 	static public function levels() {
 		$techlevels = [
-			'0' => t('Beginner/Basic'),
-			'1' => t('Novice - not skilled but willing to learn'),
-			'2' => t('Intermediate - somewhat comfortable'),
-			'3' => t('Advanced - very comfortable'),
-			'4' => t('Expert - I can write computer code'),			
-			'5' => t('Wizard - I probably know more than you do')
+			'0' => t('0. Beginner/Basic'),
+			'1' => t('1. Novice - not skilled but willing to learn'),
+			'2' => t('2. Intermediate - somewhat comfortable'),
+			'3' => t('3. Advanced - very comfortable'),
+			'4' => t('4. Expert - I can write computer code'),			
+			'5' => t('5. Wizard - I probably know more than you do')
 		];
 		return $techlevels;
 	}
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -82,7 +82,8 @@ class ThreadItem {
 		$dropping = false;
 		$star = false;
 		$isstarred = "unstarred fa-star-o";
-		$indent = '';
+		$is_comment = false;
+		$is_item = false;
 		$osparkle = '';
 		$total_children = $this->count_descendants();
 		$unseen_comments = (($item['real_uid']) ? 0 : $this->count_unseen_descendants());
@@ -152,7 +153,7 @@ class ThreadItem {
 			$response_verbs[] = 'attendyes';
 			$response_verbs[] = 'attendno';
 			$response_verbs[] = 'attendmaybe';
-			if($this->is_commentable()) {
+			if($this->is_commentable() && $observer) {
 				$isevent = true;
 				$attend = array( t('I will attend'), t('I will not attend'), t('I might attend'));
 			}
@@ -163,7 +164,7 @@ class ThreadItem {
 			$response_verbs[] = 'agree';
 			$response_verbs[] = 'disagree';
 			$response_verbs[] = 'abstain';
-			if($this->is_commentable()) {
+			if($this->is_commentable() && $observer) {
 				$conlabels = array( t('I agree'), t('I disagree'), t('I abstain'));
 				$canvote = true;
 			}
@@ -183,7 +184,7 @@ class ThreadItem {
 		$like_list = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid'] . '-l'] : '');
 		if (count($like_list) > MAX_LIKERS) {
 			$like_list_part = array_slice($like_list, 0, MAX_LIKERS);
-			array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
+			array_push($like_list_part, '<a class="dropdown-item" href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 		} else {
 			$like_list_part = '';
 		}
@@ -195,7 +196,7 @@ class ThreadItem {
 			$dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun');
 			if (count($dislike_list) > MAX_LIKERS) {
 				$dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS);
-				array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
+				array_push($dislike_list_part, '<a class="dropdown-item" href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
 			} else {
 				$dislike_list_part = '';
 			}
@@ -232,7 +233,7 @@ class ThreadItem {
 			}
 		} 
 		else {
-			$indent = 'comment';
+			$is_comment = true;
 		}


@@ -250,8 +251,6 @@ class ThreadItem {
 			);
 		}

-		$server_role = get_config('system','server_role');
-
 		$has_bookmarks = false;
 		if(is_array($item['term'])) {
 			foreach($item['term'] as $t) {
@@ -264,7 +263,7 @@ class ThreadItem {
 		if(($item['obj_type'] === ACTIVITY_OBJ_EVENT) && $conv->get_profile_owner() == local_channel())
 			$has_event = true;

-		if($this->is_commentable()) {
+		if($this->is_commentable() && $observer) {
 			$like = array( t("I like this \x28toggle\x29"), t("like"));
 			$dislike = array( t("I don't like this \x28toggle\x29"), t("dislike"));
 		}
@@ -276,13 +275,13 @@ class ThreadItem {

 		$keep_reports = intval(get_config('system','expire_delivery_reports'));
 		if($keep_reports === 0)
-			$keep_reports = 30;
+			$keep_reports = 10;

 		if((! get_config('system','disable_dreport')) && strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC',"now - $keep_reports days")) > 0)
 			$dreport = t('Delivery Report');

 		if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0)
-			$indent .= ' shiny';
+			$is_new = true;


 		localize_item($item);
@@ -337,7 +336,6 @@ class ThreadItem {
 			'profile_url' => $profile_link,
 			'thread_action_menu' => thread_action_menu($item,$conv->get_mode()),
 			'thread_author_menu' => thread_author_menu($item,$conv->get_mode()),
-			'item_photo_menu' => item_photo_menu($item),
 			'dreport' => $dreport,
 			'name' => $profile_name,
 			'thumb' => $profile_avatar,
@@ -361,7 +359,8 @@ class ThreadItem {
 			'attend_title' => t('Attendance Options'),
 			'vote_label' => t('Vote'),
 			'vote_title' => t('Voting Options'),
-			'indent' => $indent,
+			'is_comment' => $is_comment,
+			'is_new' => $is_new,
 			'owner_url' => $this->get_owner_url(),
 			'owner_photo' => $this->get_owner_photo(),
 			'owner_name' => $this->get_owner_name(),
@@ -370,7 +369,7 @@ class ThreadItem {
 			'has_tags' => $has_tags,
 			'reactions' => $this->reactions,
 // Item toolbar buttons
-			'emojis'   => (($this->is_toplevel() && $this->is_commentable() && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
+			'emojis'   => (($this->is_toplevel() && $this->is_commentable() && $observer && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
 			'like'      => $like,
 			'dislike'   => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike : ''),
 			'share'     => $share,
@@ -407,7 +406,7 @@ class ThreadItem {
 			'showlike' => $showlike,
 			'showdislike' => $showdislike,
 			'comment' => $this->get_comment_box($indent),
-			'previewing' => ($conv->is_preview() ? ' preview ' : ''),
+			'previewing' => ($conv->is_preview() ? true : false ),
 			'wait' => t('Please wait'),
 			'submid' => str_replace(['+','='], ['',''], base64_encode(substr($item['mid'],0,32))),
 			'thread_level' => $thread_level
@@ -713,7 +712,6 @@ class ThreadItem {
 		call_hooks('comment_buttons',$arr);
 		$comment_buttons = $arr['comment_buttons'];

-
 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
 			'$threaded' => $this->is_threaded(),
@@ -742,8 +740,12 @@ class ThreadItem {
 			'$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false),
 			'$encrypt' => t('Encrypt text'),
 			'$cipher' => $conv->get_cipher(),
-			'$sourceapp' => \App::$sourcename
-
+			'$sourceapp' => \App::$sourcename,
+			'$observer' => get_observer_hash(),
+			'$anoncomments' => (($conv->get_mode() === 'channel' && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
+			'$anonname' => [ 'anonname', t('Your full name (required)'),'','','','onBlur="commentCloseUI(this,\'' . $this->get_id() . '\')"' ],
+			'$anonmail' => [ 'anonmail', t('Your email address (required)'),'','','','onBlur="commentCloseUI(this,\'' . $this->get_id() . '\')"' ],
+			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)'),'','','','onBlur="commentCloseUI(this,\'' . $this->get_id() . '\')"' ]
 		));

 		return $comment_box;
--- a/Zotlabs/Lib/ThreadStream.php
+++ b/Zotlabs/Lib/ThreadStream.php
@@ -18,6 +18,7 @@ class ThreadStream {
 	private $observer = null;
 	private $writable = false;
 	private $commentable = false;
+	private $uploadable = false;
 	private $profile_owner = 0;
 	private $preview = false;
 	private $prepared_item = '';
@@ -158,7 +159,7 @@ class ThreadStream {
 			if(intval($item->get_data_value('item_nocomment'))) {
 				$item->set_commentable(false);
 			}
-			elseif(($this->observer) && (! $item->is_commentable())) {
+			elseif(! $item->is_commentable()) {
 				if((array_key_exists('owner',$item->data)) && intval($item->data['owner']['abook_self']))
 					$item->set_commentable(perm_is_allowed($this->profile_owner,$ob_hash,'post_comments'));
 				else
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -412,10 +412,12 @@ class Acl extends \Zotlabs\Web\Controller {
 			$directory = find_upstream_directory($dirmode);
 			$url = $directory['url'] . '/dirsearch';
 		}
+
+		$token = get_config('system','realm_token');
 	
 		$count = (x($_REQUEST,'count') ?  $_REQUEST['count'] : 100);
 		if($url) {
-			$query = $url . '?f=' ;
+			$query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : '');
 			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : '');
 	
 			$x = z_fetch_url($query);
--- a/Zotlabs/Module/Admin.php
+++ b/Zotlabs/Module/Admin.php
@@ -52,6 +52,8 @@ class Admin extends \Zotlabs\Web\Controller {
 		 * Page content
 		 */

+		nav_set_selected('Admin');
+
 		$o = '';

 		if(argc() > 1) {
@@ -91,10 +93,10 @@ class Admin extends \Zotlabs\Web\Controller {
 			intval(ACCOUNT_BLOCKED)
 		);
 		if ($r) {
-			$accounts['total']    = array('label' => t('# Accounts'), 'val' => $r[0]['total']);
-			$accounts['blocked']  = array('label' => t('# blocked accounts'), 'val' => $r[0]['blocked']);
-			$accounts['expired']  = array('label' => t('# expired accounts'), 'val' => $r[0]['expired']);
-			$accounts['expiring'] = array('label' => t('# expiring accounts'), 'val' => $r[0]['expiring']);
+			$accounts['total']    = array('label' => t('Accounts'), 'val' => $r[0]['total']);
+			$accounts['blocked']  = array('label' => t('Blocked accounts'), 'val' => $r[0]['blocked']);
+			$accounts['expired']  = array('label' => t('Expired accounts'), 'val' => $r[0]['expired']);
+			$accounts['expiring'] = array('label' => t('Expiring accounts'), 'val' => $r[0]['expiring']);
 		}

 		// pending registrations
@@ -105,9 +107,9 @@ class Admin extends \Zotlabs\Web\Controller {
 		$channels = array();
 		$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0");
 		if ($r) {
-			$channels['total']  = array('label' => t('# Channels'), 'val' => $r[0]['total']);
-			$channels['main']   = array('label' => t('# primary'), 'val' => $r[0]['main']);
-			$channels['clones'] = array('label' => t('# clones'), 'val' => $r[0]['clones']);
+			$channels['total']  = array('label' => t('Channels'), 'val' => $r[0]['total']);
+			$channels['main']   = array('label' => t('Primary'), 'val' => $r[0]['main']);
+			$channels['clones'] = array('label' => t('Clones'), 'val' => $r[0]['clones']);
 		}

 		// We can do better, but this is a quick queue status
@@ -118,14 +120,11 @@ class Admin extends \Zotlabs\Web\Controller {
 		// If no plugins active return 0, otherwise list of plugin names
 		$plugins = (count(\App::$plugins) == 0) ? count(\App::$plugins) : \App::$plugins;

+		if(is_array($plugins))
+			sort($plugins);
+
 		// Could be extended to provide also other alerts to the admin
 		$alertmsg = '';
-		// annoy admin about upcoming unsupported PHP version
-		if (version_compare(PHP_VERSION, '5.4', '<')) {
-			$alertmsg = 'Your PHP version ' . PHP_VERSION . ' will not be supported with the next major release of $Projectname. You are strongly urged to upgrade to a current version.'
-				. '<br>PHP 5.3 has reached its <a href="http://php.net/eol.php" class="alert-link">End of Life (EOL)</a> in August 2014.'
-				. ' A list about current PHP versions can be found <a href="http://php.net/supported-versions.php" class="alert-link">here</a>.';
-		}

 		$vmaster = get_repository_version('master');
 		$vdev = get_repository_version('dev');
--- a/Zotlabs/Module/Admin/Plugins.php
+++ b/Zotlabs/Module/Admin/Plugins.php
@@ -3,10 +3,14 @@
 namespace Zotlabs\Module\Admin;

 use \Zotlabs\Storage\GitRepo as GitRepo;
+use \Michelf\MarkdownExtra;

 class Plugins {

-
+	/**
+	 * @brief
+	 *
+	 */
 	function post() {

 		if(argc() > 2 && is_file("addon/" . argv(2) . "/" . argv(2) . ".php")) {
@@ -15,16 +19,15 @@ class Plugins {
 				$func = argv(2) . '_plugin_admin_post';
 				$func($a);
 			}
-				
-			goaway(z_root() . '/admin/plugins/' . argv(2) );

+			goaway(z_root() . '/admin/plugins/' . argv(2) );
 		}
 		elseif(argc() > 2) {
 			switch(argv(2)) {
 				case 'updaterepo':
 					if (array_key_exists('repoName', $_REQUEST)) {
 						$repoName = $_REQUEST['repoName'];
-					} 
+					}
 					else {
 						json_return_and_die(array('message' => 'No repo name provided.', 'success' => false));
 					}
@@ -101,16 +104,15 @@ class Plugins {
 						logger('Repo directory not writable to web server: ' . $repoDir);
 						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
 					}
-					// TODO: remove directory and unlink /addon/files
+					/// @TODO remove directory and unlink /addon/files
 					if (rrmdir($repoDir)) {
 						json_return_and_die(array('message' => 'Repo deleted.', 'success' => true));
 					} else {
 						json_return_and_die(array('message' => 'Error deleting addon repo.', 'success' => false));
 					}
 				case 'installrepo':
-					require_once('library/markdown.php');
 					if (array_key_exists('repoURL', $_REQUEST)) {
-						require_once('library/PHPGit.autoload.php');			// Load PHPGit dependencies					
+						require_once('library/PHPGit.autoload.php');			// Load PHPGit dependencies
 						$repoURL = $_REQUEST['repoURL'];
 						$extendDir = 'store/[data]/git/sys/extend';
 						$addonDir = $extendDir . '/addon';
@@ -170,9 +172,8 @@ class Plugins {
 						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
 					}
 				case 'addrepo':
-					require_once('library/markdown.php');
 					if (array_key_exists('repoURL', $_REQUEST)) {
-						require_once('library/PHPGit.autoload.php');	 // Load PHPGit dependencies					
+						require_once('library/PHPGit.autoload.php');	 // Load PHPGit dependencies
 						$repoURL = $_REQUEST['repoURL'];
 						$extendDir = 'store/[data]/git/sys/extend';
 						$addonDir = $extendDir . '/addon';
@@ -225,7 +226,7 @@ class Plugins {
 						$repo['readme'] = $repo['manifest'] = null;
 						foreach ($git->git->tree('master') as $object) {
 							if ($object['type'] == 'blob' && (strtolower($object['file']) === 'readme.md' || strtolower($object['file']) === 'readme')) {
-								$repo['readme'] = Markdown($git->git->cat->blob($object['hash']));
+								$repo['readme'] = MarkdownExtra::defaultTransform($git->git->cat->blob($object['hash']));
 							} else if ($object['type'] == 'blob' && strtolower($object['file']) === 'manifest.json') {
 								$repo['manifest'] = $git->git->cat->blob($object['hash']);
 							}
@@ -241,7 +242,11 @@ class Plugins {
 		}
 	}

-
+	/**
+	 * @brief Plugins admin page.
+	 *
+	 * @return string with parsed HTML
+	 */
 	function get() {

 		/*
@@ -254,13 +259,13 @@ class Plugins {
 				notice( t("Item not found.") );
 				return '';
 			}
-	
+
 			$enabled = in_array($plugin,\App::$plugins);
 			$info = get_plugin_info($plugin);
 			$x = check_plugin_versions($info);
-	
+
 			// disable plugins which are installed but incompatible versions
-	
+
 			if($enabled && ! $x) {
 				$enabled = false;
 				$idz = array_search($plugin, \App::$plugins);
@@ -271,7 +276,7 @@ class Plugins {
 				}
 			}
 			$info['disabled'] = 1-intval($x);
-	
+
 			if (x($_GET,"a") && $_GET['a']=="t"){
 				check_form_security_token_redirectOnErr('/admin/plugins', 'admin_plugins', 't');
 				$pinstalled = false;
@@ -297,9 +302,9 @@ class Plugins {
 				}
 				goaway(z_root() . '/admin/plugins' );
 			}
+
 			// display plugin details
-			require_once('library/markdown.php');
-	
+
 			if (in_array($plugin, \App::$plugins)){
 				$status = 'on';
 				$action = t('Disable');
@@ -307,21 +312,21 @@ class Plugins {
 				$status = 'off';
 				$action =  t('Enable');
 			}
-	
+
 			$readme = null;
 			if (is_file("addon/$plugin/README.md")){
 				$readme = file_get_contents("addon/$plugin/README.md");
-				$readme = Markdown($readme);
+				$readme = MarkdownExtra::defaultTransform($readme);
 			} else if (is_file("addon/$plugin/README")){
 				$readme = "<pre>". file_get_contents("addon/$plugin/README") ."</pre>";
 			}
-	
+
 			$admin_form = '';
-	
+
 			$r = q("select * from addon where plugin_admin = 1 and aname = '%s' limit 1",
 				dbesc($plugin)
 			);
-	
+
 			if($r) {
 				@require_once("addon/$plugin/$plugin.php");
 				if(function_exists($plugin.'_plugin_admin')) {
@@ -329,8 +334,8 @@ class Plugins {
 					$func($a, $admin_form);
 				}
 			}
-	
-	
+
+
 			$t = get_markup_template('admin_plugins_details.tpl');
 			return replace_macros($t, array(
 				'$title' => t('Administration'),
@@ -338,7 +343,7 @@ class Plugins {
 				'$toggle' => t('Toggle'),
 				'$settings' => t('Settings'),
 				'$baseurl' => z_root(),
-	
+
 				'$plugin' => $plugin,
 				'$status' => $status,
 				'$action' => $action,
@@ -351,17 +356,17 @@ class Plugins {
 				'$str_serverroles' => t('Compatible Server Roles: '),
 				'$str_requires' => t('Requires: '),
 				'$disabled' => t('Disabled - version incompatibility'),
-	
+
 				'$admin_form' => $admin_form,
 				'$function' => 'plugins',
 				'$screenshot' => '',
 				'$readme' => $readme,
-	
+
 				'$form_security_token' => get_form_security_token('admin_plugins'),
 			));
 		}
-	
-	
+
+
 		/*
 		 * List plugins
 		 */
@@ -374,9 +379,9 @@ class Plugins {
 					$info = get_plugin_info($id);
 					$enabled = in_array($id,\App::$plugins);
 					$x = check_plugin_versions($info);
-	
+
 					// disable plugins which are installed but incompatible versions
-	
+
 					if($enabled && ! $x) {
 						$enabled = false;
 						$idz = array_search($id, \App::$plugins);
@@ -387,19 +392,19 @@ class Plugins {
 						}
 					}
 					$info['disabled'] = 1-intval($x);
-	
+
 					$plugins[] = array( $id, (($enabled)?"on":"off") , $info);
 				}
 			}
 		}
-	
+
 		usort($plugins,'self::plugin_sort');

 		$allowManageRepos = false;
 		if(is_writable('extend/addon') && is_writable('store/[data]')) {
 			$allowManageRepos = true;
-		} 
-		
+		}
+
 		$admin_plugins_add_repo_form= replace_macros(
 			get_markup_template('admin_plugins_addrepo.tpl'), array(
 				'$post' => 'admin/plugins/addrepo',
@@ -418,14 +423,14 @@ class Plugins {
 				'$cancel' => t('Cancel')
 			)
 		);
-			
+
 		$reponames = $this->listAddonRepos();
 		$addonrepos = [];
 		foreach($reponames as $repo) {
 			$addonrepos[] = array('name' => $repo, 'description' => '');
-			// TODO: Parse repo info to provide more information about repos
+			/// @TODO Parse repo info to provide more information about repos
 		}
-		
+
 		$t = get_markup_template('admin_plugins.tpl');
 		return replace_macros($t, array(
 			'$title' => t('Administration'),
@@ -471,5 +476,4 @@ class Plugins {
 		return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name'])));
 	}

-
 }
--- a/Zotlabs/Module/Admin/Site.php
+++ b/Zotlabs/Module/Admin/Site.php
@@ -17,7 +17,6 @@ class Site {
 		check_form_security_token_redirectOnErr('/admin/site', 'admin_site');

 		$sitename 			=	((x($_POST,'sitename'))			? notags(trim($_POST['sitename']))			: '');
-		$server_role 		=	((x($_POST,'server_role'))		? notags(trim($_POST['server_role']))		: 'standard');

 		$banner				=	((x($_POST,'banner'))			? trim($_POST['banner'])				: false);

@@ -48,6 +47,10 @@ class Site {
 		$no_community_page    = !((x($_POST,'no_community_page'))	? True	:	False);
 		$default_expire_days  = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0);

+		$reply_address      = ((array_key_exists('reply_address',$_POST) && trim($_POST['reply_address'])) ? trim($_POST['reply_address']) : 'noreply@' . \App::get_hostname());
+		$from_email         = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname());
+		$from_email_name    = ((array_key_exists('from_email_name',$_POST) && trim($_POST['from_email_name'])) ? trim($_POST['from_email_name']) : \Zotlabs\Lib\System::get_site_name());
+
 		$verifyssl         = ((x($_POST,'verifyssl'))        ? True : False);
 		$proxyuser         = ((x($_POST,'proxyuser'))        ? notags(trim($_POST['proxyuser']))  : '');
 		$proxy             = ((x($_POST,'proxy'))            ? notags(trim($_POST['proxy']))      : '');
@@ -64,7 +67,6 @@ class Site {
 		if(array_key_exists('techlevel', $_POST))
 			$techlevel = intval($_POST['techlevel']);

-		set_config('system', 'server_role', $server_role);
 		set_config('system', 'feed_contacts', $feed_contacts);
 		set_config('system', 'delivery_interval', $delivery_interval);
 		set_config('system', 'delivery_batch_count', $delivery_batch_count);
@@ -77,8 +79,15 @@ class Site {
 		set_config('system', 'enable_context_help', $enable_context_help);
 		set_config('system', 'verify_email', $verify_email);
 		set_config('system', 'default_expire_days', $default_expire_days);
+		set_config('system', 'reply_address', $reply_address);
+		set_config('system', 'from_email', $from_email);
+		set_config('system', 'from_email_name' , $from_email_name);
+
+
 		set_config('system', 'techlevel_lock', $techlevel_lock);

+
+
 		if(! is_null($techlevel))
 			set_config('system', 'techlevel', $techlevel);

@@ -243,12 +252,6 @@ class Site {
 		// now invert the logic for the setting.
 		$discover_tab = (1 - $discover_tab);

-		$server_roles = [
-			'basic'    => t('Basic/Minimal Social Networking'),
-			'standard' => t('Standard Configuration (default)'),
-			'pro'      => t('Professional')
-		];
-
 		$techlevels = [
 			'0' => t('Beginner/Basic'),
 			'1' => t('Novice - not skilled but willing to learn'),
@@ -275,8 +278,6 @@ class Site {
 			// name, label, value, help string, extra data...
 			'$sitename' 		=> array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''),

-			'$server_role' 		=> array('server_role', t("Server Configuration/Role"), get_config('system','server_role'),'',$server_roles),
-
 			'$techlevel' => [ 'techlevel', t('Site default technical skill level'), get_config('system','techlevel'), t('Used to provide a member experience matched to technical comfort level'), $techlevels ],

 			'$techlock' => [ 'techlock', t('Lock the technical skill level setting'), get_config('system','techlevel_lock'), t('Members can set their own technical comfort level by default') ],
@@ -304,6 +305,10 @@ class Site {
 			'$login_on_homepage'	=> array('login_on_homepage', t("Login on Homepage"),((intval($homelogin) || $homelogin === false) ? 1 : '') , t("Present a login box to visitors on the home page if no other content has been configured.")),
 			'$enable_context_help'	=> array('enable_context_help', t("Enable context help"),((intval($enable_context_help) === 1 || $enable_context_help === false) ? 1 : 0) , t("Display contextual help for the current page when the help button is pressed.")),

+			'$reply_address' => [ 'reply_address', t('Reply-to email address for system generated email.'), get_config('system','reply_address','noreply@' . \App::get_hostname()),'' ],
+			'$from_email' => [ 'from_email', t('Sender (From) email address for system generated email.'), get_config('system','from_email','Administrator@' . \App::get_hostname()),'' ],
+			'$from_email_name' => [ 'from_email_name', t('Name of email sender for system generated email.'), get_config('system','from_email_name',\Zotlabs\Lib\System::get_site_name()),'' ],
+
 			'$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null),

 			'$proxyuser'		=> array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""),
--- a/Zotlabs/Module/Admin/Themes.php
+++ b/Zotlabs/Module/Admin/Themes.php
@@ -2,38 +2,41 @@

 namespace Zotlabs\Module\Admin;

+use \Michelf\MarkdownExtra;

+/**
+ * @brief Admin area theme settings.
+ */
 class Themes {

+	/**
+	 * @brief
+	 *
+	 */
 	function post() {

 		$theme = argv(2);
 		if (is_file("view/theme/$theme/php/config.php")){
 			require_once("view/theme/$theme/php/config.php");
-			// fixme add parent theme if derived
-			if (function_exists("theme_admin_post")){
+			/// @FIXME add parent theme if derived
+			if (function_exists('theme_admin_post')){
 				theme_admin_post($a);
 			}
 		}
 		info(t('Theme settings updated.'));
-		if(is_ajax()) 
+		if(is_ajax())
 			return;
-	
+
 		goaway(z_root() . '/admin/themes/' . $theme );
 	}


-	
-
-	
 	/**
 	 * @brief Themes admin page.
 	 *
-	 * @return string
+	 * @return string with parsed HTML
 	 */
-
 	function get(){
-	
 		$allowed_themes_str = get_config('system', 'allowed_themes');
 		$allowed_themes_raw = explode(',', $allowed_themes_str);
 		$allowed_themes = array();
@@ -41,7 +44,7 @@ class Themes {
 			foreach($allowed_themes_raw as $x)
 				if(strlen(trim($x)))
 					$allowed_themes[] = trim($x);
-	
+
 		$themes = array();
 		$files = glob('view/theme/*');
 		if($files) {
@@ -53,56 +56,55 @@ class Themes {
 				$themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed);
 			}
 		}
-	
+
 		if(! count($themes)) {
 			notice( t('No themes found.'));
 			return '';
 		}
-	
+
 		/*
 		 * Single theme
 		 */
-	
+
 		if (\App::$argc == 3){
 			$theme = \App::$argv[2];
 			if(! is_dir("view/theme/$theme")){
 				notice( t("Item not found.") );
 				return '';
 			}
-	
+
 			if (x($_GET,"a") && $_GET['a']=="t"){
 				check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't');
-	
+
 				// Toggle theme status
-	
+
 				$this->toggle_theme($themes, $theme, $result);
 				$s = $this->rebuild_theme_table($themes);
 				if($result)
 					info( sprintf('Theme %s enabled.', $theme));
 				else
 					info( sprintf('Theme %s disabled.', $theme));
-	
+
 				set_config('system', 'allowed_themes', $s);
 				goaway(z_root() . '/admin/themes' );
 			}
-	
+
 			// display theme details
-			require_once('library/markdown.php');
-	
+
 			if ($this->theme_status($themes,$theme)) {
 				$status="on"; $action= t("Disable");
 			} else {
 				$status="off"; $action= t("Enable");
 			}
-	
+
 			$readme=Null;
 			if (is_file("view/theme/$theme/README.md")){
 				$readme = file_get_contents("view/theme/$theme/README.md");
-				$readme = Markdown($readme);
+				$readme = MarkdownExtra::defaultTransform($readme);
 			} else if (is_file("view/theme/$theme/README")){
-				$readme = "<pre>". file_get_contents("view/theme/$theme/README") ."</pre>";
+				$readme = '<pre>'. file_get_contents("view/theme/$theme/README") .'</pre>';
 			}
-	
+
 			$admin_form = '';
 			if (is_file("view/theme/$theme/php/config.php")){
 				require_once("view/theme/$theme/php/config.php");
@@ -110,11 +112,11 @@ class Themes {
 					$admin_form = theme_admin($a);
 				}
 			}
-	
+
 			$screenshot = array( get_theme_screenshot($theme), t('Screenshot'));
 			if(! stristr($screenshot[0],$theme))
 				$screenshot = null;
-	
+
 			$t = get_markup_template('admin_plugins_details.tpl');
 			return replace_macros($t, array(
 				'$title' => t('Administration'),
@@ -122,7 +124,7 @@ class Themes {
 				'$toggle' => t('Toggle'),
 				'$settings' => t('Settings'),
 				'$baseurl' => z_root(),
-			
+
 				'$plugin' => $theme,
 				'$status' => $status,
 				'$action' => $action,
@@ -133,22 +135,22 @@ class Themes {
 				'$str_maintainer' => t('Maintainer: '),
 				'$screenshot' => $screenshot,
 				'$readme' => $readme,
-	
+
 				'$form_security_token' => get_form_security_token('admin_themes'),
 			));
 		}
-	
+
 		/*
 		 * List themes
 		 */
-	
+
 		$xthemes = array();
 		if($themes) {
 			foreach($themes as $th) {
 				$xthemes[] = array($th['name'],(($th['allowed']) ? "on" : "off"), get_theme_info($th['name']));
 			}
 		}
-	
+
 		$t = get_markup_template('admin_plugins.tpl');
 		return replace_macros($t, array(
 			'$title' => t('Administration'),
@@ -162,13 +164,14 @@ class Themes {
 			'$form_security_token' => get_form_security_token('admin_themes'),
 		));
 	}
-	


 	/**
-	 * @param array $themes
-	 * @param string $th
-	 * @param int $result
+	 * @brief Toggle a theme.
+	 *
+	 * @param array &$themes
+	 * @param[in] string $th
+	 * @param[out] int &$result
 	 */
 	function toggle_theme(&$themes, $th, &$result) {
 		for($x = 0; $x < count($themes); $x ++) {
@@ -184,7 +187,7 @@ class Themes {
 			}
 		}
 	}
-	
+
 	/**
 	 * @param array $themes
 	 * @param string $th
@@ -203,8 +206,7 @@ class Themes {
 		}
 		return 0;
 	}
-	
-	
+
 	/**
 	 * @param array $themes
 	 * @return string
@@ -222,12 +224,5 @@ class Themes {
 		}
 		return $o;
 	}
-	
-
-
-
-
-
-

 }
--- a/Zotlabs/Module/Ap_probe.php
+++ b/Zotlabs/Module/Ap_probe.php
@@ -0,0 +1,38 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once('include/zot.php');
+
+
+class Ap_probe extends \Zotlabs\Web\Controller {
+
+	function get() {
+	
+		$o .= '<h3>ActivityPub Probe Diagnostic</h3>';
+	
+		$o .= '<form action="ap_probe" method="get">';
+		$o .= 'Lookup URI: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" /><br>';
+		$o .= 'Request Signed version: <input type=checkbox name="magenv" value="1" ><br>';
+		$o .= '<input type="submit" name="submit" value="Submit" /></form>'; 
+	
+		$o .= '<br /><br />';
+	
+		if(x($_GET,'addr')) {
+			$addr = $_GET['addr'];
+
+			if($_GET['magenv']) {
+				$headers = 'Accept: application/magic-envelope+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"';
+			}
+			else {
+				$headers = 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams"';
+			}
+
+			$redirects = 0;
+		    $x = z_fetch_url($addr,true,$redirects, [ 'headers' => [ $headers ]]);
+	    	if($x['success'])
+				$o .= '<pre>' . str_replace(['\\n','\\'],["\n",''],jindent($x['body'])) . '</pre>';
+		}
+		return $o;
+	}
+	
+}
--- a/Zotlabs/Module/Appman.php
+++ b/Zotlabs/Module/Appman.php
@@ -84,6 +84,20 @@ class Appman extends \Zotlabs\Web\Controller {
 		}

 		$channel = \App::get_channel();
+
+		if(argc() > 2) {
+			if(argv(2) === 'moveup') {
+				Zlib\Apps::moveup(local_channel(),argv(1));
+			}
+			if(argv(2) === 'movedown') {
+				Zlib\Apps::movedown(local_channel(),argv(1));
+			}
+			goaway(z_root() . '/apporder');
+		}
+
+
+
+
 		$app = null;
 		$embed = null;
 		if($_REQUEST['appid']) {
--- a/Zotlabs/Module/Apporder.php
+++ b/Zotlabs/Module/Apporder.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use \Zotlabs\Lib as Zlib;
+
+class Apporder extends \Zotlabs\Web\Controller {
+
+	function post() {
+
+	}
+
+	function get() {
+       $syslist = array();
+        $list = Zlib\Apps::app_list(local_channel(), false, 'nav_featured_app');
+        if($list) {
+            foreach($list as $li) {
+                $syslist[] = Zlib\Apps::app_encode($li);
+            }
+        }
+        Zlib\Apps::translate_system_apps($syslist);
+
+	    usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');
+
+    	$syslist = Zlib\Apps::app_order(local_channel(),$syslist);
+
+	    foreach($syslist as $app) {
+    	    $nav_apps[] = Zlib\Apps::app_render($app,'nav-order');
+
+		}
+
+	return replace_macros(get_markup_template('apporder.tpl'),
+		[
+			'$header' => t('Change Order of Navigation Apps'),
+			'$desc' => t('Use arrows to move the corresponding app up or down in the display list'),
+			'$nav_apps' => $nav_apps
+		]
+	);
+	}
+}
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -0,0 +1,71 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Authorize extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+
+
+			// workaround for HTTP-auth in CGI mode
+			if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+				$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW'] = $password;
+				}
+			}
+
+			if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
+				$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW'] = $password;
+				}
+			}
+
+
+
+
+	require_once('include/oauth2.php');
+
+	$request = \OAuth2\Request::createFromGlobals();
+	$response = new \OAuth2\Response();
+
+	// validate the authorize request
+	if (! $oauth2_server->validateAuthorizeRequest($request, $response)) {
+	    $response->send();
+    	killme();
+	}
+
+	// display an authorization form
+	if (empty($_POST)) {
+
+	  return '
+<form method="post">
+  <label>Do You Authorize TestClient?</label><br />
+  <input type="submit" name="authorized" value="yes">
+  <input type="submit" name="authorized" value="no">
+</form>';
+	}
+
+	// print the authorization code if the user has authorized your client
+	$is_authorized = ($_POST['authorized'] === 'yes');
+	$oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized);
+	if ($is_authorized) {
+		// this is only here so that you get to see your code in the cURL request. Otherwise, 
+		// we'd redirect back to the client
+		$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
+		echo("SUCCESS! Authorization Code: $code");
+		
+	}
+
+	$response->send();
+	killme();
+	}
+
+}
--- a/Zotlabs/Module/Block.php
+++ b/Zotlabs/Module/Block.php
@@ -3,8 +3,6 @@ namespace Zotlabs\Module;

 require_once('include/items.php');
 require_once('include/conversation.php');
-require_once('include/page_widgets.php');
-

 class Block extends \Zotlabs\Web\Controller {

--- a/Zotlabs/Module/Bookmarks.php
+++ b/Zotlabs/Module/Bookmarks.php
@@ -7,6 +7,9 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 	function init() {
 		if(! local_channel())
 			return;
+
+		nav_set_selected(t('View Bookmarks'));
+
 		$item_id = intval($_REQUEST['item']);
 		$burl = trim($_REQUEST['burl']);
 	
@@ -68,7 +71,8 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 	
 		$channel = \App::get_channel();
 	
-		$o = profile_tabs($a,true,$channel['channel_address']);
+		//$o = profile_tabs($a,true,$channel['channel_address']);
+		$o = '';
 	
 		$o .= '<div class="generic-content-wrapper-styled">';
 	
--- a/Zotlabs/Module/Cal.php
+++ b/Zotlabs/Module/Cal.php
@@ -86,7 +86,8 @@ class Cal extends \Zotlabs\Web\Controller {
 	
 		$o = '';
 	
-		$tabs = profile_tabs($a, True, $channel['channel_address']);
+		//$tabs = profile_tabs($a, True, $channel['channel_address']);
+		$tabs = '';
 	
 		$mode = 'view';
 		$y = 0;
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -94,7 +94,7 @@ class Channel extends \Zotlabs\Web\Controller {
 		}
 		else {
 			if(\App::$profile['profile_uid'] == local_channel()) {
-				nav_set_selected('home');
+				nav_set_selected(t('Channel Home'));
 			}
 		}

@@ -121,7 +121,7 @@ class Channel extends \Zotlabs\Web\Controller {

 			$static = channel_manual_conv_update(\App::$profile['profile_uid']);

-			$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
+			//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);

 			$o .= common_friends_visitor_widget(\App::$profile['profile_uid']);

@@ -217,10 +217,10 @@ class Channel extends \Zotlabs\Web\Controller {
 		else {

 			if(x($category)) {
-				$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
 			}
 			if(x($hashtags)) {
-				$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
 			}

 			if($datequery) {
@@ -236,9 +236,9 @@ class Channel extends \Zotlabs\Web\Controller {

 			if($load || ($checkjs->disabled())) {
 				if($mid) {
-					$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $item_normal
+					$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
 						AND item_wall = 1 $sql_extra limit 1",
-						dbesc($mid),
+						dbesc($mid . '%'),
 						intval(\App::$profile['profile_uid'])
 					);
 					if (! $r) {
@@ -321,11 +321,12 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$static'  => $static,
 				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
 				'$search' => '',
+				'$xchan' => '',
 				'$order' => '',
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$file' => '',
-				'$cats' => (($category) ? $category : ''),
-				'$tags' => (($hashtags) ? $hashtags : ''),
+				'$cats' => (($category) ? urlencode($category) : ''),
+				'$tags' => (($hashtags) ? urlencode($hashtags) : ''),
 				'$mid' => $mid,
 				'$verb' => '',
 				'$dend' => $datequery,
@@ -364,10 +365,10 @@ class Channel extends \Zotlabs\Web\Controller {


 		if($checkjs->disabled()) {
-			$o .= conversation($a,$items,'channel',$update,'traditional');
+			$o .= conversation($items,'channel',$update,'traditional');
 		}
 		else {
-			$o .= conversation($a,$items,'channel',$update,$page_mode);
+			$o .= conversation($items,'channel',$update,$page_mode);
 		}

 		if((! $update) || ($checkjs->disabled())) {
--- a/Zotlabs/Module/Chanview.php
+++ b/Zotlabs/Module/Chanview.php
@@ -102,27 +102,32 @@ class Chanview extends \Zotlabs\Web\Controller {
 		}

 		$is_zot = false;
+		$connected = false;
 	
 		if (\App::$poi) {
 			$url = \App::$poi['xchan_url'];
 			if(\App::$poi['xchan_network'] === 'zot') {
 				$is_zot = true;
 			}			
+			if(local_channel()) {
+				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s' limit 1",
+					intval(local_channel()),
+					dbesc(\App::$poi['xchan_hash'])
+				);
+				if($c)
+					$connected = true;
+			}
 		}
-
+		
 		// We will load the chanview template if it's a foreign network, 
 		// just so that we can provide a connect button along with a profile
 		// photo. Chances are we can't load the remote profile into an iframe
 		// because of cross-domain security headers. So provide a link to
 		// the remote profile. 
-
+		// If we are already connected, just go to the profile.
 		// Zot channels will usually have a connect link.
-		// If it isn't zot, 'pro' members won't be able to use the connect
-		// button as it is a foreign network so just send them to the remote
-		// profile.  
-
 	
-		if($is_zot || \Zotlabs\Lib\System::get_server_role() === 'pro') {
+		if($is_zot || $connected) {
 			if($is_zot && $observer) {
 				$url = zid($url);
 			}
--- a/Zotlabs/Module/Chat.php
+++ b/Zotlabs/Module/Chat.php
@@ -89,9 +89,11 @@ class Chat extends \Zotlabs\Web\Controller {
 	
 	function get() {
 	
-		if(local_channel())
+		if(local_channel()) {
 			$channel = \App::get_channel();
-	
+			nav_set_selected(t('My Chatrooms'));
+		}
+
 		$ob = \App::get_observer();
 		$observer = get_observer_hash();
 		if(! $observer) {
@@ -210,7 +212,8 @@ class Chat extends \Zotlabs\Web\Controller {
 	
 		require_once('include/conversation.php');
 	
-		$o = profile_tabs($a,((local_channel() && local_channel() == \App::$profile['profile_uid']) ? true : false),\App::$profile['channel_address']);
+		//$o = profile_tabs($a,((local_channel() && local_channel() == \App::$profile['profile_uid']) ? true : false),\App::$profile['channel_address']);
+		$o = '';
 	
 		if(! feature_enabled(\App::$profile['profile_uid'],'ajaxchat')) {
 			notice( t('Feature disabled.') . EOL);
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -60,11 +60,9 @@ class Cloud extends \Zotlabs\Web\Controller {

 		$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
 		$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
-		$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);

 		$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
 		$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
-		$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);

 		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);

@@ -88,12 +86,13 @@ class Cloud extends \Zotlabs\Web\Controller {
 	//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
 	//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));

-		ob_start();
+//		ob_start();
 		// All we need to do now, is to fire up the server
 		$server->exec();

-		ob_end_flush();
-
+//		ob_end_flush();
+		if($browser->build_page)
+			construct_page();
 		killme();
 	}

--- a/Zotlabs/Module/Connections.php
+++ b/Zotlabs/Module/Connections.php
@@ -5,10 +5,6 @@ namespace Zotlabs\Module;
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
 require_once('include/group.php');
-require_once('include/contact_widgets.php');
-require_once('include/zot.php');
-require_once('include/widgets.php');
-

 class Connections extends \Zotlabs\Web\Controller {

@@ -23,7 +19,7 @@ class Connections extends \Zotlabs\Web\Controller {
 	
 	}
 	
-		function get() {
+	function get() {
 	
 		$sort_type = 0;
 		$o = '';
@@ -33,6 +29,8 @@ class Connections extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return login();
 		}
+
+		nav_set_selected(t('Connections'));
 	
 		$blocked     = false;
 		$hidden      = false;
@@ -67,15 +65,14 @@ class Connections extends \Zotlabs\Web\Controller {
 					$hidden = true;
 					break;
 				case 'archived':
-					$search_flags = " and abook_archived = 1 ";
-					$head = t('Archived');
+					$search_flags = " and ( abook_archived = 1 OR abook_not_here = 1) ";
+					$head = t('Archived/Unreachable');
 					$archived = true;
 					break;
 				case 'pending':
 					$search_flags = " and abook_pending = 1 ";
 					$head = t('New');
 					$pending = true;
-					nav_set_selected('intros');
 					break;
 				case 'ifpending':
 					$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ",
@@ -85,7 +82,6 @@ class Connections extends \Zotlabs\Web\Controller {
 						$search_flags = " and abook_pending = 1 ";
 						$head = t('New');
 						$pending = true;
-						nav_set_selected('intros');
 						\App::$argv[1] = 'pending';
 					}
 					else {
@@ -95,7 +91,6 @@ class Connections extends \Zotlabs\Web\Controller {
 						\App::$argc = 1;
 						unset(\App::$argv[1]);
 					}
-					nav_set_selected('intros');
 					break;
 	//			case 'unconnected':
 	//				$search_flags = " and abook_unconnected = 1 ";
@@ -172,10 +167,10 @@ class Connections extends \Zotlabs\Web\Controller {
 			),
 	
 			'archived' => array(
-				'label' => t('Archived'),
+				'label' => t('Archived/Unreachable'),
 				'url'   => z_root() . '/connections/archived',
 				'sel'   => ($archived) ? 'active' : '',
-				'title' => t('Only show archived connections'),
+				'title' => t('Only show archived/unreachable connections'),
 			),
 	
 			'hidden' => array(
@@ -247,7 +242,8 @@ class Connections extends \Zotlabs\Web\Controller {
 						((intval($rr['abook_archived'])) ? t('Archived') : ''),
 						((intval($rr['abook_hidden'])) ? t('Hidden') : ''),
 						((intval($rr['abook_ignored'])) ? t('Ignored') : ''),
-						((intval($rr['abook_blocked'])) ? t('Blocked') : '')
+						((intval($rr['abook_blocked'])) ? t('Blocked') : ''),
+						((intval($rr['abook_not_here'])) ? t('Not connected at this location') : '')
 					);
 	
 					foreach($status as $str) {
@@ -261,11 +257,12 @@ class Connections extends \Zotlabs\Web\Controller {
 					$contacts[] = array(
 						'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']),
 						'edit_hover' => t('Edit connection'),
+						'edit' => t('Edit'),
 						'delete_hover' => t('Delete connection'),
 						'id' => $rr['abook_id'],
 						'thumb' => $rr['xchan_photo_m'], 
 						'name' => $rr['xchan_name'],
-						'classes' => (intval($rr['abook_archived']) ? 'archived' : ''),
+						'classes' => ((intval($rr['abook_archived']) || intval($rr['abook_not_here'])) ? 'archived' : ''),
 						'link' => z_root() . '/connedit/' . $rr['abook_id'],
 						'deletelink' => z_root() . '/connedit/' . intval($rr['abook_id']) . '/drop',
 						'delete' => t('Delete'),
--- a/Zotlabs/Module/Connedit.php
+++ b/Zotlabs/Module/Connedit.php
@@ -11,9 +11,6 @@ namespace Zotlabs\Module;
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
 require_once('include/group.php');
-require_once('include/contact_widgets.php');
-require_once('include/zot.php');
-require_once('include/widgets.php');
 require_once('include/photos.php');


@@ -391,30 +388,22 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 		$section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : '');
 		$channel = \App::get_channel();
-		$my_perms = get_channel_default_perms(local_channel());
-		$role = get_pconfig(local_channel(),'system','permissions_role');
-		if($role) {
-			$x = \Zotlabs\Access\PermissionRoles::role_perms($role);
-			if($x['perms_connect'])
-				$my_perms = $x['perms_connect'];
-		}
 	
 		$yes_no = array(t('No'),t('Yes'));
 	
-		if($my_perms) {
-			$o .= "<script>function connectDefaultShare() {
-			\$('.abook-edit-me').each(function() {
-				if(! $(this).is(':disabled'))
-					$(this).prop('checked', false);
-			});\n\n";
-			$perms = get_perms();
-			foreach($perms as $p => $v) {
-				if($my_perms & $v[1]) {
-					$o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n";
-				}
+		$connect_perms = \Zotlabs\Access\Permissions::connect_perms(local_channel());
+
+		$o .= "<script>function connectDefaultShare() {
+		\$('.abook-edit-me').each(function() {
+			if(! $(this).is(':disabled'))
+				$(this).prop('checked', false);
+		});\n\n";
+		foreach($connect_perms['perms'] as $p => $v) {
+			if($v) {
+				$o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n";
 			}
-			$o .= " }\n</script>\n";
 		}
+		$o .= " }\n</script>\n";
 	
 		if(argc() == 3) {
 	
@@ -441,6 +430,34 @@ class Connedit extends \Zotlabs\Web\Controller {
 				goaway(z_root() . '/connedit/' . $contact_id);
 	
 			}
+
+			if($cmd === 'fetchvc') {
+				$url = str_replace('/channel/','/profile/',$orig_record[0]['xchan_url']) . '/vcard';
+				$recurse = 0;
+				$x = z_fetch_url(zid($url),false,$recurse,['session' => true]);
+				if($x['success']) {
+					$h = new \Zotlabs\Web\HTTPHeaders($x['header']);
+					$fields = $h->fetch();
+					if($fields) {
+						foreach($fields as $y) {
+							 if(array_key_exists('content-type',$y)) {
+								$type = explode(';',trim($y['content-type']));
+								if($type && $type[0] === 'text/vcard' && $x['body']) {
+									$vc = \Sabre\VObject\Reader::read($x['body']);
+									$vcard = $vc->serialize();
+									if($vcard) {
+										set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'system','vcard',$vcard);
+										$this->connedit_clone($a);
+									}
+								}
+							}
+						}
+					}
+				}
+				goaway(z_root() . '/connedit/' . $contact_id);
+			}
+
+
 			if($cmd === 'resetphoto') {
 				q("update xchan set xchan_photo_date = '2001-01-01 00:00:00' where xchan_hash = '%s'",
 					dbesc($orig_record[0]['xchan_hash'])
@@ -582,6 +599,13 @@ class Connedit extends \Zotlabs\Web\Controller {
 					'sel'   => '',
 					'title' => t('Fetch updated permissions'),
 				),
+
+				'rephoto' => array(
+					'label' => t('Refresh Photo'),
+					'url'   => z_root() . '/connedit/' . $contact['abook_id'] . '/resetphoto',
+					'sel'   => '',
+					'title' => t('Fetch updated photo'),
+				),
 	
 				'recent' => array(
 					'label' => t('Recent Activity'),
@@ -631,6 +655,17 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 			);

+
+			if($contact['xchan_network'] === 'zot') {
+				$tools['fetchvc'] = [
+					'label' => t('Fetch Vcard'),
+					'url'    => z_root() . '/connedit/' . $contact['abook_id'] . '/fetchvc',
+					'sel'   => '',
+					'title' => t('Fetch electronic calling card for this connection')
+				];
+			}
+
+
 			$sections = [];

 			$sections['perms'] = [
@@ -807,6 +842,22 @@ class Connedit extends \Zotlabs\Web\Controller {
 			}
 			else
 				$locstr = t('none');
+
+			$clone_warn = '';
+			$clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false);
+			if(! $clonable) {
+				$clone_warn = '<strong>';
+				$clone_warn .= ((intval($contact['abook_not_here'])) 
+					? t('This connection is unreachable from this location.')
+					: t('This connection may be unreachable from other channel locations.')
+				);
+				$clone_warn .= '</strong><br>' . t('Location independence is not supported by their network.');
+			}
+					
+
+
+			if(intval($contact['abook_not_here']) && $unclonable)
+				$not_here = t('This connection is unreachable from this location. Location independence is not supported by their network.');
 	
 			$o .= replace_macros($tpl, [
 				'$header'         => (($self) ? t('Connection Default Permissions') : sprintf( t('Connection: %s'),$contact['xchan_name'])),
@@ -821,6 +872,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 				'$addr_text'      => t('This connection\'s primary address is'),
 				'$loc_text'       => t('Available locations:'),
 				'$locstr'         => $locstr,
+				'$unclonable'     => $clone_warn,
 				'$notself'        => (($self) ? '' : '1'),
 				'$self'           => (($self) ? '1' : ''),
 				'$autolbl'        => t('The permissions indicated on this page will be applied to all new connections.'),
--- a/Zotlabs/Module/Cover_photo.php
+++ b/Zotlabs/Module/Cover_photo.php
@@ -23,19 +23,17 @@ require_once('include/channel.php');
 class Cover_photo extends \Zotlabs\Web\Controller {

 	function init() {
-	
 		if(! local_channel()) {
 			return;
 		}
 	
 		$channel = \App::get_channel();
-		profile_load($channel['channel_address']);
-	
+		profile_load($channel['channel_address']);	
 	}
 	
-	/* @brief Evaluate posted values
+	/**
+	 * @brief Evaluate posted values
 	 *
-	 * @param $a Current application
 	 * @return void
 	 *
 	 */
@@ -130,8 +128,15 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 	
 					$aid = get_account_id();
 	
-					$p = array('aid' => $aid, 'uid' => local_channel(), 'resource_id' => $base_image['resource_id'],
-						'filename' => $base_image['filename'], 'album' => t('Cover Photos'));
+					$p = [ 
+						'aid'          => $aid, 
+						'uid'          => local_channel(), 
+						'resource_id'  => $base_image['resource_id'],
+						'filename'     => $base_image['filename'], 
+						'album'        => t('Cover Photos'),
+						'os_path'      => $base_image['os_path'],
+						'display_path' => $base_image['display_path']
+					];
 	
 					$p['imgscale'] = 7;
 					$p['photo_usage'] = PHOTO_COVER;
@@ -195,11 +200,10 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			$os_storage = false;
 	
 			foreach($i as $ii) {
-				$smallest = intval($ii['imgscale']);
+				$smallest   = intval($ii['imgscale']);
 				$os_storage = intval($ii['os_storage']);
-				$imagedata = $ii['content'];
-				$filetype = $ii['mimetype'];
-	
+				$imagedata  = $ii['content'];
+				$filetype   = $ii['mimetype'];
 			}
 		}
 	
@@ -263,10 +267,10 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 	}
 	
 	
-	/* @brief Generate content of profile-photo view
+	/**
+	 * @brief Generate content of profile-photo view
 	 *
-	 * @param $a Current application
-	 * @return void
+	 * @return string
 	 *
 	 */
 	
@@ -350,15 +354,15 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			$tpl = get_markup_template('cover_photo.tpl');
 	
 			$o .= replace_macros($tpl,array(
-				'$user' => \App::$channel['channel_address'],
-				'$lbl_upfile' => t('Upload File:'),
-				'$lbl_profiles' => t('Select a profile:'),
-				'$title' => t('Upload Cover Photo'),
-				'$submit' => t('Upload'),
-				'$profiles' => $profiles,
+				'$user'                => \App::$channel['channel_address'],
+				'$lbl_upfile'          => t('Upload File:'),
+				'$lbl_profiles'        => t('Select a profile:'),
+				'$title'               => t('Upload Cover Photo'),
+				'$submit'              => t('Upload'),
+				'$profiles'            => $profiles,
 				'$form_security_token' => get_form_security_token("cover_photo"),
-	// FIXME - yuk  
-				'$select' => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="'. z_root() . '/photos/' . \App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>')
+					/// @FIXME - yuk  
+				'$select'              => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="'. z_root() . '/photos/' . \App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>')
 			));
 			
 			call_hooks('cover_photo_content_end', $o);
@@ -370,14 +374,14 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			$resolution = 3;
 			$tpl = get_markup_template("cropcover.tpl");
 			$o .= replace_macros($tpl,array(
-				'$filename' => $filename,
-				'$profile' => intval($_REQUEST['profile']),
-				'$resource' => \App::$data['imagecrop'] . '-3',
-				'$image_url' => z_root() . '/photo/' . $filename,
-				'$title' => t('Crop Image'),
-				'$desc' => t('Please adjust the image cropping for optimum viewing.'),
+				'$filename'            => $filename,
+				'$profile'             => intval($_REQUEST['profile']),
+				'$resource'            => \App::$data['imagecrop'] . '-3',
+				'$image_url'           => z_root() . '/photo/' . $filename,
+				'$title'               => t('Crop Image'),
+				'$desc'                => t('Please adjust the image cropping for optimum viewing.'),
 				'$form_security_token' => get_form_security_token("cover_photo"),
-				'$done' => t('Done Editing')
+				'$done'                => t('Done Editing')
 			));
 			return $o;
 		}
@@ -393,8 +397,6 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 	 *
 	 */
 	
-	
-	
 	function cover_photo_crop_ui_head(&$a, $ph, $hash, $smallest){
 	
 		$max_length = get_config('system','max_image_length');
--- a/Zotlabs/Module/Directory.php
+++ b/Zotlabs/Module/Directory.php
@@ -4,7 +4,6 @@ namespace Zotlabs\Module;

 require_once('include/socgraph.php');
 require_once('include/dir_fns.php');
-require_once('include/widgets.php');
 require_once('include/bbcode.php');


@@ -78,7 +77,7 @@ class Directory extends \Zotlabs\Web\Controller {
 		$pubforums = get_directory_setting($observer, 'pubforums');
 	
 		$o = '';
-		nav_set_selected('directory');
+		nav_set_selected(t('Directory'));
 	
 		if(x($_POST,'search'))
 			$search = notags(trim($_POST['search']));
@@ -234,7 +233,7 @@ class Directory extends \Zotlabs\Web\Controller {
 	
 							$age = '';
 							if(strlen($rr['birthday'])) {
-								if(($years = age($rr['birthday'],'UTC','')) != 0)
+								if(($years = age($rr['birthday'],'UTC','')) > 0)
 									$age = $years;
 							}
 	
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -165,6 +165,7 @@ class Display extends \Zotlabs\Web\Controller {
 				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$search' => '',
+				'$xchan' => '',
 				'$order' => '',
 				'$file' => '',
 				'$cats' => '',
@@ -307,12 +308,12 @@ class Display extends \Zotlabs\Web\Controller {
 	
 	
 		if ($checkjs->disabled()) {
-			$o .= conversation($a, $items, 'display', $update, 'traditional');
+			$o .= conversation($items, 'display', $update, 'traditional');
 			if ($items[0]['title'])
 				\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
 		} 
 		else {
-			$o .= conversation($a, $items, 'display', $update, 'client');
+			$o .= conversation($items, 'display', $update, 'client');
 		}
 	
 		if($updateable) {
--- a/Zotlabs/Module/Editblock.php
+++ b/Zotlabs/Module/Editblock.php
@@ -98,6 +98,11 @@ class Editblock extends \Zotlabs\Web\Controller {

 		$mimetype = $itm[0]['mimetype'];

+		$content = $itm[0]['body'];
+		if($itm[0]['mimetype'] === 'text/markdown')
+			$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
+
+
 		$rp = 'blocks/' . $channel['channel_address'];

 		$x = array(
@@ -117,7 +122,7 @@ class Editblock extends \Zotlabs\Web\Controller {
 			'ptyp' => $itm[0]['type'],
 			'mimeselect' => true,
 			'mimetype' => $itm[0]['mimetype'],
-			'body' => undo_post_tagging($itm[0]['body']),
+			'body' => undo_post_tagging($content),
 			'post_id' => $post_id,
 			'visitor' => true,
 			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
--- a/Zotlabs/Module/Editlayout.php
+++ b/Zotlabs/Module/Editlayout.php
@@ -119,6 +119,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
 			'hide_weblink' => true,
 			'hide_attach' => true,
 			'hide_preview' => true,
+			'disable_comments' => true,
 			'ptyp' => $itm[0]['obj_type'],
 			'body' => undo_post_tagging($itm[0]['body']),
 			'post_id' => $post_id,
--- a/Zotlabs/Module/Editpost.php
+++ b/Zotlabs/Module/Editpost.php
@@ -31,7 +31,15 @@ class Editpost extends \Zotlabs\Web\Controller {
 			dbesc(get_observer_hash())
 		);

-		if(! count($itm)) {
+		// don't allow web editing of potentially binary content (item_obscured = 1)
+		// @FIXME how do we do it instead?
+
+		if((! $itm) || intval($itm[0]['item_obscured'])) {
+			notice( t('Item is not editable') . EOL);
+			return;
+		}
+
+		if($itm[0]['resource_type'] === 'photo' && $itm[0]['resource_id']) {
 			notice( t('Item is not editable') . EOL);
 			return;
 		}
@@ -44,14 +52,6 @@ class Editpost extends \Zotlabs\Web\Controller {

 		$channel = \App::get_channel();

-		if(intval($itm[0]['item_obscured'])) {
-			$key = get_config('system','prvkey');
-			if($itm[0]['title'])
-				$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
-			if($itm[0]['body'])
-				$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
-		}
-
 		$category = '';
 		$catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : '');

--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -100,24 +100,19 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			intval($owner)
 		);

-		if(! $itm) {
+		// don't allow web editing of potentially binary content (item_obscured = 1)
+		// @FIXME how do we do it instead?
+
+		if((! $itm) || intval($itm[0]['item_obscured'])) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}

-		if(intval($itm[0]['item_obscured'])) {
-			$key = get_config('system','prvkey');
-			if($itm[0]['title'])
-				$itm[0]['title'] = crypto_unencapsulate(json_decode($itm[0]['title'],true),$key);
-			if($itm[0]['body'])
-				$itm[0]['body'] = crypto_unencapsulate(json_decode($itm[0]['body'],true),$key);
-		}
-
 		$item_id = q("select * from iconfig where cat = 'system' and k = 'WEBPAGE' and iid = %d limit 1",
 			intval($itm[0]['id'])
 		);
 		if($item_id)
-			$page_title = $item_id[0]['v'];
+			$page_title = urldecode($item_id[0]['v']);

 		$mimetype = $itm[0]['mimetype'];

@@ -129,9 +124,11 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 		}
 	
 		$layout = $itm[0]['layout_mid'];
-	
-		$tpl = get_markup_template("jot.tpl");

+		$content = $itm[0]['body'];
+		if($itm[0]['mimetype'] === 'text/markdown')
+			$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
+	
 		$rp = 'webpages/' . $which;

 		$x = array(
@@ -147,7 +144,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			'hide_location' => true,
 			'hide_voting' => true,
 			'ptyp' => $itm[0]['type'],
-			'body' => undo_post_tagging($itm[0]['body']),
+			'body' => undo_post_tagging($content),
 			'post_id' => $post_id,
 			'visitor' => ($is_owner) ? true : false,
 			'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')),
--- a/Zotlabs/Module/Embedphotos.php
+++ b/Zotlabs/Module/Embedphotos.php
@@ -92,6 +92,7 @@ class Embedphotos extends \Zotlabs\Web\Controller {
 		 * It is a limitation of the photo table using a name for a photo album instead of a folder hash
 		 */
 		if($album) {
+			require_once('include/attach.php');
 			$x = q("select hash from attach where filename = '%s' and uid = %d limit 1",
 				dbesc($album),
 				intval($owner_uid)
--- a/Zotlabs/Module/Events.php
+++ b/Zotlabs/Module/Events.php
@@ -272,7 +272,7 @@ class Events extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		nav_set_selected('all_events');
+		nav_set_selected(t('Events'));
 	
 		if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) {
 			$r = q("update event set dismissed = 1 where id = %d and uid = %d",
--- a/Zotlabs/Module/Feed.php
+++ b/Zotlabs/Module/Feed.php
@@ -1,40 +1,41 @@
 <?php
+
 namespace Zotlabs\Module;


 require_once('include/items.php');

-
 class Feed extends \Zotlabs\Web\Controller {

 	function init() {
 	
-		$params = array();
+		$params = [];
 	
-		$params['begin']     = ((x($_REQUEST,'date_begin')) ? $_REQUEST['date_begin']      : NULL_DATE);
-		$params['end']       = ((x($_REQUEST,'date_end'))   ? $_REQUEST['date_end']        : '');
-		$params['type']      = ((stristr(argv(0),'json'))   ? 'json'                       : 'xml');
-		$params['pages']     = ((x($_REQUEST,'pages'))      ? intval($_REQUEST['pages'])   : 0);
-		$params['top']       = ((x($_REQUEST,'top'))        ? intval($_REQUEST['top'])     : 0);
-		$params['start']     = ((x($params,'start'))        ? intval($params['start'])     : 0);
-		$params['records']   = ((x($params,'records'))      ? intval($params['records'])   : 40);
-		$params['direction'] = ((x($params,'direction'))    ? dbesc($params['direction'])  : 'desc');
-		$params['cat']       = ((x($_REQUEST,'cat'))        ? escape_tags($_REQUEST['cat'])  : '');
-	
-		$channel = '';
+		$params['begin']     = ((x($_REQUEST,'date_begin')) ? $_REQUEST['date_begin']       : NULL_DATE);
+		$params['end']       = ((x($_REQUEST,'date_end'))   ? $_REQUEST['date_end']         : '');
+		$params['type']      = ((stristr(argv(0),'json'))   ? 'json'                        : 'xml');
+		$params['pages']     = ((x($_REQUEST,'pages'))      ? intval($_REQUEST['pages'])    : 0);
+		$params['top']       = ((x($_REQUEST,'top'))        ? intval($_REQUEST['top'])      : 0);
+		$params['start']     = ((x($params,'start'))        ? intval($params['start'])      : 0);
+		$params['records']   = ((x($params,'records'))      ? intval($params['records'])    : 40);
+		$params['direction'] = ((x($params,'direction'))    ? dbesc($params['direction'])   : 'desc');
+		$params['cat']       = ((x($_REQUEST,'cat'))        ? escape_tags($_REQUEST['cat']) : '');
+		$params['compat']    = ((x($_REQUEST,'compat'))     ? intval($_REQUEST['compat'])   : 0);	
+
+
 		if(argc() > 1) {
-			$r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1",
-				dbesc(argv(1))
-			);
-			if(!($r && count($r)))
+
+			if(observer_prohibited(true)) {
 				killme();
-	
-			$channel = $r[0];
-	
-			if(observer_prohibited(true))
+			}
+
+			$channel = channelx_by_nick(argv(1));
+			if(! $channel) {
 				killme();
+			}
+	
 	 
-			logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
+			logger('public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
 	
 			echo get_public_feed($channel,$params);
 	
@@ -43,6 +44,4 @@ class Feed extends \Zotlabs\Web\Controller {
 	
 	}
 	
-	
-	
 }
--- a/Zotlabs/Module/File_upload.php
+++ b/Zotlabs/Module/File_upload.php
@@ -28,11 +28,12 @@ class File_upload extends \Zotlabs\Web\Controller {
 			$_REQUEST['group_deny']    = expand_acl($channel['channel_deny_gid']);
 		}

+		$_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']);
+		$_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']);
+		$_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']);
+		$_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']);
+
 		if($_REQUEST['filename']) {
-			$_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']);
-			$_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']);
-			$_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']);
-			$_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']);
 			$r = attach_mkdir($channel,get_observer_hash(),$_REQUEST);
 		}
 		else {
--- a/Zotlabs/Module/Filer.php
+++ b/Zotlabs/Module/Filer.php
@@ -49,8 +49,10 @@ class Filer extends \Zotlabs\Web\Controller {
 			}
 			$tpl = get_markup_template("filer_dialog.tpl");
 			$o = replace_macros($tpl, array(
-				'$field' => array('term', t("Save to Folder:"), '', '', $filetags, t('- select -')),
+				'$field' => array('term', t('Enter a folder name'), '', '', $filetags, 'placeholder="' . t('or select an existing folder (doubleclick)') . '"'),
 				'$submit' => t('Save'),
+				'$title' => t('Save to Folder'),
+				'$cancel' => t('Cancel')
 			));
 			
 			echo $o;
--- a/Zotlabs/Module/Filestorage.php
+++ b/Zotlabs/Module/Filestorage.php
@@ -5,14 +5,6 @@ namespace Zotlabs\Module;
 *
 */

-require_once('include/attach.php');
-
-
-/**
- *
- * @param object &$a
- */
-
 class Filestorage extends \Zotlabs\Web\Controller {

 	function post() {
@@ -36,7 +28,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 		$channel = \App::get_channel();

 		$acl = new \Zotlabs\Access\AccessList($channel);
-		$acl->set_from_array($_REQUEST);
+		$acl->set_from_array($_POST);
 		$x = $acl->get();

 		$cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
@@ -130,7 +122,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			$f = $r[0];
 			$channel = \App::get_channel();

-			$cloudpath = get_cloudpath($f) . (intval($f['is_dir']) ? '?f=&davguest=1' : '');
+			$cloudpath = get_cloudpath($f);
 			$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);

 			$aclselect_e = populate_acl($f, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage'));
--- a/Zotlabs/Module/Getfile.php
+++ b/Zotlabs/Module/Getfile.php
@@ -35,6 +35,7 @@ class Getfile extends \Zotlabs\Web\Controller {
 		$sig      = $_POST['signature'];
 		$resource = $_POST['resource'];
 		$revision = intval($_POST['revision']);
+		$resolution = (-1);
 	
 		if(! $hash)
 			killme();
@@ -46,6 +47,11 @@ class Getfile extends \Zotlabs\Web\Controller {
 			killme();
 		}
 	
+		if(substr($resource,-2,1) == '-') {
+			$resolution = intval(substr($resource,-1,1));
+			$resource = substr($resource,0,-2);
+		}			
+
 		$slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop'));
 		if($slop < 1)
 			$slop = 3;
@@ -63,6 +69,35 @@ class Getfile extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		
+
+		if($resolution > 0) {
+			$r = q("select * from photo where resource_id = '%s' and uid = %d limit 1",
+				dbesc($resource),
+				intval($channel['channel_id'])
+			);
+			if($r) {
+				header('Content-type: ' . $r[0]['mimetype']);
+
+				if(intval($r[0]['os_storage'])) {
+					$fname = dbunescbin($r[0]['content']);
+					if(strpos($fname,'store') !== false)
+						$istream = fopen($fname,'rb');
+					else
+						$istream = fopen('store/' . $channel['channel_address'] . '/' . $fname,'rb');
+					$ostream = fopen('php://output','wb');
+					if($istream && $ostream) {
+						pipe_streams($istream,$ostream);
+						fclose($istream);
+						fclose($ostream);
+					}
+				}
+				else {
+					echo dbunescbin($r[0]['content']);
+				}
+			}			
+			killme();
+		}
+
 		$r = attach_by_hash($resource,$channel['channel_hash'],$revision);
 	
 		if(! $r['success']) {
--- a/Zotlabs/Module/Group.php
+++ b/Zotlabs/Module/Group.php
@@ -56,6 +56,7 @@ class Group extends \Zotlabs\Web\Controller {
 				);
 				if($r)
 					info( t('Privacy group updated.') . EOL );
+				build_sync_packet(local_channel(),null,true);
 			}
 	
 			goaway(z_root() . '/group/' . argv(1) . '/' . argv(2));
@@ -63,7 +64,8 @@ class Group extends \Zotlabs\Web\Controller {
 		return;	
 	}
 	
-		function get() {
+	function get() {
+
 		$change = false;
 	
 		logger('mod_group: ' . \App::$cmd,LOGGER_DEBUG);
--- a/Zotlabs/Module/Hcard.php
+++ b/Zotlabs/Module/Hcard.php
@@ -14,6 +14,8 @@ class Hcard extends \Zotlabs\Web\Controller {
 	        return;
 	    }
 	
+		logger('hcard_request: ' . $which, LOGGER_DEBUG);
+
 	    $profile = '';
 	    $channel = \App::get_channel();
 	
@@ -59,12 +61,10 @@ class Hcard extends \Zotlabs\Web\Controller {
 	}
 	
 	
-		function get() {
-	
-		require_once('include/widgets.php');
-		return widget_profile(array());
-	
-	
+	function get() {
+
+		$x = new \Zotlabs\Widget\Profile();	
+		return $x->widget(array());
 	
 	}
 	
--- a/Zotlabs/Module/Help.php
+++ b/Zotlabs/Module/Help.php
@@ -15,7 +15,7 @@ require_once('include/help.php');
 class Help extends \Zotlabs\Web\Controller {

 	function get() {
-		nav_set_selected('help');
+		nav_set_selected(t('Help'));

 		if($_REQUEST['search']) {
 			$o .= '<div id="help-content" class="generic-content-wrapper">';
@@ -44,42 +44,42 @@ class Help extends \Zotlabs\Web\Controller {

 			return $o;
 		}
-                
-                
-                if(argc() > 2 && argv(argc()-2) === 'assets') {
-                        $path = '';
-                        for($x = 1; $x < argc(); $x ++) {
-                                if(strlen($path))
-                                        $path .= '/';
-                                $path .= argv($x);
-                        }
-                        $realpath = 'doc/' . $path;
-                         //Set the content-type header as appropriate
-                        $imageInfo = getimagesize($realpath);
-                        switch ($imageInfo[2]) {
-                            case IMAGETYPE_JPEG:
-                                header("Content-Type: image/jpeg");
-                                break;
-                            case IMAGETYPE_GIF:
-                                header("Content-Type: image/gif");
-                                break;
-                            case IMAGETYPE_PNG:
-                                header("Content-Type: image/png");
-                                break;
-                           default:
-                                break;
-                        }
-                        header("Content-Length: " . filesize($realpath));
+				
+				
+		if(argc() > 2 && argv(argc()-2) === 'assets') {
+			$path = '';
+			for($x = 1; $x < argc(); $x ++) {
+				if(strlen($path))
+					$path .= '/';
+				$path .= argv($x);
+			}
+			$realpath = 'doc/' . $path;
+			 //Set the content-type header as appropriate
+			$imageInfo = getimagesize($realpath);
+			switch ($imageInfo[2]) {
+				case IMAGETYPE_JPEG:
+					header("Content-Type: image/jpeg");
+					break;
+				case IMAGETYPE_GIF:
+					header("Content-Type: image/gif");
+					break;
+				case IMAGETYPE_PNG:
+					header("Content-Type: image/png");
+					break;
+			   default:
+					break;
+			}
+			header("Content-Length: " . filesize($realpath));

-                        // dump the picture and stop the script
-                        readfile($realpath);
-                        killme();
-                }
+			// dump the picture and stop the script
+			readfile($realpath);
+			killme();
+		}

 		$headings = [
-			'about' => t('About'),
-			'member' => t('Members'),
-			'admin' => t('Administrators'),
+			'about'     => t('About'),
+			'member'    => t('Members'),
+			'admin'     => t('Administrators'),
 			'developer' => t('Developers'),
 			'tutorials' => t('Tutorials')
 		];
@@ -87,13 +87,13 @@ class Help extends \Zotlabs\Web\Controller {
 		if(array_key_exists(argv(1), $headings))
 			$heading = $headings[argv(1)];

-                $content =  get_help_content();
+		$content =  get_help_content();

 		return replace_macros(get_markup_template('help.tpl'), array(
-			'$title' => t('$Projectname Documentation'),
+			'$title'      => t('$Projectname Documentation'),
 			'$tocHeading' => t('Contents'),
-			'$content' => $content,
-			'$heading' => $heading
+			'$content'    => $content,
+			'$heading'    => $heading
 		));
 	}

--- a/Zotlabs/Module/Impel.php
+++ b/Zotlabs/Module/Impel.php
@@ -144,18 +144,8 @@ class Impel extends \Zotlabs\Web\Controller {
 		
 			// Verify ability to use html or php!!!
 	
-		    $execflag = false;
-	
-			if($arr['mimetype'] === 'application/x-php') {
-				$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
-					intval(local_channel())
-				);
-	
-				if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
-					$execflag = true;
-				}
-			}
-	
+			$execflag = ((intval($channel['channel_id']) == intval(local_channel()) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
+
 			$i = q("select id, edited, item_deleted from item where mid = '%s' and uid = %d limit 1",
 				dbesc($arr['mid']),
 				intval(local_channel())
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -2,26 +2,32 @@

 namespace Zotlabs\Module;

-// Import a channel, either by direct file upload or via
-// connection to original server. 
-
-
 require_once('include/zot.php');
 require_once('include/channel.php');
 require_once('include/import.php');
 require_once('include/perm_upgrade.php');


-
+/**
+ * @brief Module for channel import.
+ *
+ * Import a channel, either by direct file upload or via
+ * connection to another server.
+ */
 class Import extends \Zotlabs\Web\Controller {

+	/**
+	 * @brief Import channel into account.
+	 *
+	 * @param int $account_id
+	 */
 	function import_account($account_id) {
-	
+
 		if(! $account_id){
-			logger("import_account: No account ID supplied");
+			logger('No account ID supplied');
 			return;
 		}
-	
+
 		$max_friends    = account_service_class_fetch($account_id,'total_channels');
 		$max_feeds      = account_service_class_fetch($account_id,'total_feeds');
 		$data           = null;
@@ -32,35 +38,39 @@ class Import extends \Zotlabs\Web\Controller {
 		$filename       = basename($_FILES['filename']['name']);
 		$filesize       = intval($_FILES['filename']['size']);
 		$filetype       = $_FILES['filename']['type'];
-	

+		// import channel from file
 		if($src) {
-	
-			// This is OS specific and could also fail if your tmpdir isn't very large
-			// mostly used for Diaspora which exports gzipped files.
-	
+
+			// This is OS specific and could also fail if your tmpdir isn't very
+			// large mostly used for Diaspora which exports gzipped files.
+
 			if(strpos($filename,'.gz')){
 				@rename($src,$src . '.gz');
 				@system('gunzip ' . escapeshellarg($src . '.gz'));
 			}
-	
+
 			if($filesize) {
 				$data = @file_get_contents($src);
 			}
 			unlink($src);
 		}
-	
+
+		// import channel from another server
 		if(! $src) {
 			$old_address = ((x($_REQUEST,'old_address')) ? $_REQUEST['old_address'] : '');
 			if(! $old_address) {
-				logger('mod_import: nothing to import.');
+				logger('Nothing to import.');
 				notice( t('Nothing to import.') . EOL);
 				return;
+			} else if(strpos($old_address, '＠')) {
+				// if you copy the identity address from your profile page, make it work for convenience
+				$old_address = str_replace('＠', '@', $old_address);
 			}
-	
+
 			$email    = ((x($_REQUEST,'email'))    ? $_REQUEST['email']    : '');
 			$password = ((x($_REQUEST,'password')) ? $_REQUEST['password'] : '');
-	
+
 			$channelname = substr($old_address,0,strpos($old_address,'@'));
 			$servername  = substr($old_address,strpos($old_address,'@')+1);

@@ -73,6 +83,7 @@ class Import extends \Zotlabs\Web\Controller {
 			$api_path .= 'channel/export/basic?f=&channel=' . $channelname;
 			if($import_posts)
 				$api_path .= '&posts=1';
+
 			$binary = false;
 			$redirects = 0;
 			$opts = array('http_auth' => $email . ':' . $password);
@@ -85,19 +96,18 @@ class Import extends \Zotlabs\Web\Controller {
 				return;
 			}
 		}
-	
+
 		if(! $data) {
-			logger('mod_import: empty file.');
+			logger('Empty import file.');
 			notice( t('Imported file is empty.') . EOL);
 			return;
 		}
-	
+
 		$data = json_decode($data,true);
-	
-	//	logger('import: data: ' . print_r($data,true));
-	//	print_r($data);
-	
-	
+
+		//logger('import: data: ' . print_r($data,true));
+		//print_r($data);
+
 		if(! array_key_exists('compatibility',$data)) {
 			call_hooks('import_foreign_channel_data',$data);
 			if($data['handled'])
@@ -108,24 +118,23 @@ class Import extends \Zotlabs\Web\Controller {
 			$v1 = substr($data['compatibility']['database'],-4);
 			$v2 = substr(DB_UPDATE_VERSION,-4);
 			if($v2 > $v1) {
-				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 ); 
+				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 );
 				notice($t);
 			}
-			if(array_key_exists('server_role',$data['compatibility']) && $data['compatibility']['server_role'] == 'basic')
-				$moving = true;
+
 		}
-	
+
 		if($moving)
 			$seize = 1;
-	
+
 		// import channel
-	
+
 		$relocate = ((array_key_exists('relocate',$data)) ? $data['relocate'] : null);

 		if(array_key_exists('channel',$data)) {
-	
+
 			$max_identities = account_service_class_fetch($account_id,'total_identities');
-	
+
 			if($max_identities !== false) {
 				$r = q("select channel_id from channel where channel_account_id = %d",
 					intval($account_id)
@@ -137,46 +146,40 @@ class Import extends \Zotlabs\Web\Controller {
 			}

 			$channel = import_channel($data['channel'], $account_id, $seize);
-	
 		}
 		else {
 			$moving  = false;
 			$channel = \App::get_channel();
 		}
-	
+
 		if(! $channel) {
-			logger('mod_import: channel not found. ', print_r($channel,true));
+			logger('Channel not found. ', print_r($channel,true));
 			notice( t('No channel. Import failed.') . EOL);
 			return;
 		}
-	
-	

 		if(is_array($data['config'])) {
 			import_config($channel,$data['config']);
 		}
-	
-		logger('import step 2');
-	
-	

-	
+		logger('import step 2');
+
 		if(array_key_exists('channel',$data)) {
 			if($data['photo']) {
 				require_once('include/photo/photo_driver.php');
 				import_channel_photo(base64url_decode($data['photo']['data']),$data['photo']['type'],$account_id,$channel['channel_id']);
 			}
-	
+
 			if(is_array($data['profile']))
 				import_profiles($channel,$data['profile']);
 		}
-			
+
 		logger('import step 3');
-	
+
 		if(is_array($data['hubloc'])) {
 			import_hublocs($channel,$data['hubloc'],$seize,$moving);
 		}
-			
+
 		logger('import step 4');

 		// create new hubloc for the new channel at this site
@@ -200,7 +203,7 @@ class Import extends \Zotlabs\Web\Controller {
 			);

 			// reset the original primary hubloc if it is being seized
-	
+
 			if($seize) {
 				$r = q("update hubloc set hubloc_primary = 0 where hubloc_primary = 1 and hubloc_hash = '%s' and hubloc_url != '%s' ",
 					dbesc($channel['channel_hash']),
@@ -210,20 +213,18 @@ class Import extends \Zotlabs\Web\Controller {
 		}

 		logger('import step 5');
-	 
-	
-	
+
+
 		// import xchans and contact photos
-	
+
 		if(array_key_exists('channel',$data) && $seize) {
-	
+
 			// replace any existing xchan we may have on this site if we're seizing control
-	
+
 			$r = q("delete from xchan where xchan_hash = '%s'",
 				dbesc($channel['channel_hash'])
 			);

-
 			$r = xchan_store_lowlevel(
 				[
 					'xchan_hash'           => $channel['channel_hash'],
@@ -242,23 +243,22 @@ class Import extends \Zotlabs\Web\Controller {
 					'xchan_photo_date'     => datetime_convert(),
 					'xchan_name_date'      => datetime_convert()
 				]
-			);	
+			);
 		}
-	
+
 		logger('import step 6');

-	
-	
+		// import xchans
 		$xchans = $data['xchan'];
 		if($xchans) {
 			foreach($xchans as $xchan) {
-	
+
 				$hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']);
 				if($xchan['xchan_network'] === 'zot' && $hash !== $xchan['xchan_hash']) {
 					logger('forged xchan: ' . print_r($xchan,true));
 					continue;
 				}
-	
+
 				if(! array_key_exists('xchan_hidden',$xchan)) {
 					$xchan['xchan_hidden']       = (($xchan['xchan_flags'] & 0x0001) ? 1 : 0);
 					$xchan['xchan_orphan']       = (($xchan['xchan_flags'] & 0x0002) ? 1 : 0);
@@ -268,22 +268,22 @@ class Import extends \Zotlabs\Web\Controller {
 					$xchan['xchan_pubforum']     = (($xchan['xchan_flags'] & 0x0020) ? 1 : 0);
 					$xchan['xchan_deleted']      = (($xchan['xchan_flags'] & 0x1000) ? 1 : 0);
 				}
-	
+
 				$r = q("select xchan_hash from xchan where xchan_hash = '%s' limit 1",
 					dbesc($xchan['xchan_hash'])
 				);
 				if($r)
 					continue;

-				create_table_from_array('xchan',$xchan);	
-		
+				create_table_from_array('xchan',$xchan);
+
 				require_once('include/photo/photo_driver.php');
 				$photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']);
 				if($photos[4])
 					$photodate = NULL_DATE;
 				else
 					$photodate = $xchan['xchan_photo_date'];
-	
+
 				$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'",
 					dbesc($photos[0]),
 					dbesc($photos[1]),
@@ -292,33 +292,32 @@ class Import extends \Zotlabs\Web\Controller {
 					dbesc($photodate),
 					dbesc($xchan['xchan_hash'])
 				);
-				
 			}

-			logger('import step 7');	
+			logger('import step 7');
 		}
-		

 		$friends = 0;
 		$feeds = 0;
-	
+
 		// import contacts
 		$abooks = $data['abook'];
 		if($abooks) {
 			foreach($abooks as $abook) {

 				$abook_copy = $abook;
-	
+
 				$abconfig = null;
 				if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig']))
 					$abconfig = $abook['abconfig'];
-	
+
 				unset($abook['abook_id']);
 				unset($abook['abook_rating']);
 				unset($abook['abook_rating_text']);
 				unset($abook['abconfig']);
 				unset($abook['abook_their_perms']);
 				unset($abook['abook_my_perms']);
+				unset($abook['abook_not_here']);

 				$abook['abook_account'] = $account_id;
 				$abook['abook_channel'] = $channel['channel_id'];
@@ -332,7 +331,11 @@ class Import extends \Zotlabs\Web\Controller {
 					$abook['abook_self']        = (($abook['abook_flags'] & 0x0080 ) ? 1 : 0);
 					$abook['abook_feed']        = (($abook['abook_flags'] & 0x0100 ) ? 1 : 0);
 				}
-	
+
+				if(array_key_exists('abook_instance',$abook) && $abook['abook_instance'] && strpos($abook['abook_instance'],z_root()) === false) {
+					$abook['abook_not_here'] = 1;
+				} 
+
 				if($abook['abook_self']) {
 					$role = get_pconfig($channel['channel_id'],'system','permissions_role');
 					if(($role === 'forum') || ($abook['abook_my_perms'] & PERMS_W_TAGWALL)) {
@@ -340,24 +343,24 @@ class Import extends \Zotlabs\Web\Controller {
 							dbesc($abook['abook_xchan'])
 						);
 					}
-				} 
+				}
 				else {
 					if($max_friends !== false && $friends > $max_friends)
 						continue;
 					if($max_feeds !== false && intval($abook['abook_feed']) && ($feeds > $max_feeds))
 						continue;
 				}
-	
-				create_table_from_array('abook',$abook);
+
+				abook_store_lowlevel($abook);

 				$friends ++;
 				if(intval($abook['abook_feed']))
 					$feeds ++;

 				translate_abook_perms_inbound($channel,$abook_copy);
-	
+
 				if($abconfig) {
-					// @fixme does not handle sync of del_abconfig
+					/// @FIXME does not handle sync of del_abconfig
 					foreach($abconfig as $abc) {
 						set_abconfig($channel['channel_id'],$abc['xchan'],$abc['cat'],$abc['k'],$abc['v']);
 					}
@@ -366,20 +369,21 @@ class Import extends \Zotlabs\Web\Controller {

 			logger('import step 8');
 		}
-	
+
+		// import groups
 		$groups = $data['group'];
 		if($groups) {
 			$saved = array();
 			foreach($groups as $group) {
 				$saved[$group['hash']] = array('old' => $group['id']);
-				if(array_key_exists('name',$group)) {
+				if(array_key_exists('name', $group)) {
 					$group['gname'] = $group['name'];
 					unset($group['name']);
 				}
 				unset($group['id']);
 				$group['uid'] = $channel['channel_id'];

-				create_table_from_array('groups',$group);
+				create_table_from_array('groups', $group);
 			}
 			$r = q("select * from groups where uid = %d",
 				intval($channel['channel_id'])
@@ -388,10 +392,10 @@ class Import extends \Zotlabs\Web\Controller {
 				foreach($r as $rr) {
 					$saved[$rr['hash']]['new'] = $rr['id'];
 				}
-			} 
+			}
 		}
-	
-	
+
+		// import group members
 		$group_members = $data['group_member'];
 		if($group_members) {
 			foreach($group_members as $group_member) {
@@ -401,36 +405,36 @@ class Import extends \Zotlabs\Web\Controller {
 					if($x['old'] == $group_member['gid'])
 						$group_member['gid'] = $x['new'];
 				}
-				create_table_from_array('group_member',$group_member);
+				create_table_from_array('group_member', $group_member);
 			}
 		}

 		logger('import step 9');
-	
+
 		if(is_array($data['obj']))
 			import_objs($channel,$data['obj']);
-	
+
 		if(is_array($data['likes']))
 			import_likes($channel,$data['likes']);
-	
+
 		if(is_array($data['app']))
 			import_apps($channel,$data['app']);
-	
+
 		if(is_array($data['chatroom']))
 			import_chatrooms($channel,$data['chatroom']);
-	
+
 		if(is_array($data['conv']))
 			import_conv($channel,$data['conv']);
-	
+
 		if(is_array($data['mail']))
 			import_mail($channel,$data['mail']);
-	
+
 		if(is_array($data['event']))
 			import_events($channel,$data['event']);
-	
+
 		if(is_array($data['event_item']))
 			import_items($channel,$data['event_item'],false,$relocate);
-	
+
 		if(is_array($data['menu']))
 			import_menus($channel,$data['menu']);

@@ -439,56 +443,62 @@ class Import extends \Zotlabs\Web\Controller {

 		if(is_array($data['webpages']))
 			import_items($channel,$data['webpages'],false,$relocate);
-		
+
 		$addon = array('channel' => $channel,'data' => $data);
 		call_hooks('import_channel',$addon);
-	
+
 		$saved_notification_flags = notifications_off($channel['channel_id']);
-	
+
 		if($import_posts && array_key_exists('item',$data) && $data['item'])
 			import_items($channel,$data['item'],false,$relocate);
-	
+
 		notifications_on($channel['channel_id'],$saved_notification_flags);
-	
-	
+
 		if(array_key_exists('item_id',$data) && $data['item_id'])
 			import_item_ids($channel,$data['item_id']);
-	
+
 		// send out refresh requests
 		// notify old server that it may no longer be primary.
-	
+
 		\Zotlabs\Daemon\Master::Summon(array('Notifier','location',$channel['channel_id']));
-	
+
 		// This will indirectly perform a refresh_all *and* update the directory
-	
+
 		\Zotlabs\Daemon\Master::Summon(array('Directory', $channel['channel_id']));
-	
-	
+
+
 		notice( t('Import completed.') . EOL);
-	
+
 		change_channel($channel['channel_id']);
-	
+
 		goaway(z_root() . '/network' );
-	
 	}
-	
-	
+
+	/**
+	 * @brief Handle POST action on channel import page.
+	 */
 	function post() {
-	
 		$account_id = get_account_id();
 		if(! $account_id)
 			return;
-	
+
+		check_form_security_token_redirectOnErr('/import', 'channel_import');
+
 		$this->import_account($account_id);
 	}
-	
+
+	/**
+	 * @brief Generate channel import page.
+	 *
+	 * @return string with parsed HTML.
+	 */
 	function get() {
-	
+
 		if(! get_account_id()) {
-			notice( t('You must be logged in to use this feature.'));
+			notice( t('You must be logged in to use this feature.') . EOL);
 			return '';
 		}
-	
+
 		$o = replace_macros(get_markup_template('channel_import.tpl'),array(
 			'$title' => t('Import Channel'),
 			'$desc' => t('Use this form to import an existing channel from a different server/hub. You may retrieve the channel identity from the old server/hub via the network or provide an export file.'),
@@ -501,14 +511,14 @@ class Import extends \Zotlabs\Web\Controller {
 			'$label_import_primary' => t('Make this hub my primary location'),
 			'$label_import_moving' => t('Move this channel (disable all previous locations)'),
 			'$label_import_posts' => t('Import a few months of posts if possible (limited by available memory'),
-			'$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'), 
+			'$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'),
 			'$email' => '',
 			'$pass' => '',
+			'$form_security_token' => get_form_security_token('channel_import'),
 			'$submit' => t('Submit')
 		));
-	
+
 		return $o;
-	
 	}
-	
+
 }
--- a/Zotlabs/Module/Import_items.php
+++ b/Zotlabs/Module/Import_items.php
@@ -3,54 +3,60 @@ namespace Zotlabs\Module;

 require_once('include/import.php');

-
+/**
+ * @brief Module for importing items.
+ *
+ * Import existing posts and content from an export file.
+ */
 class Import_items extends \Zotlabs\Web\Controller {

 	function post() {
-	
+
 		if(! local_channel())
 			return;
-	
+
+		check_form_security_token_redirectOnErr('/import_items', 'import_items');
+
 		$data     = null;
-	
+
 		$src      = $_FILES['filename']['tmp_name'];
 		$filename = basename($_FILES['filename']['name']);
 		$filesize = intval($_FILES['filename']['size']);
 		$filetype = $_FILES['filename']['type'];
-	
+
 		if($src) {
 			// This is OS specific and could also fail if your tmpdir isn't very large
 			// mostly used for Diaspora which exports gzipped files.
-	
+
 			if(strpos($filename,'.gz')){
 				@rename($src,$src . '.gz');
 				@system('gunzip ' . escapeshellarg($src . '.gz'));
 			}
-	
+
 			if($filesize) {
 				$data = @file_get_contents($src);
 			}
 			unlink($src);
 		}
-	
+
 		if(! $src) {
-	
+
 			$old_address = ((x($_REQUEST,'old_address')) ? $_REQUEST['old_address'] : '');
-	
+
 			if(! $old_address) {
-				logger('mod_import: nothing to import.');
+				logger('Nothing to import.');
 				notice( t('Nothing to import.') . EOL);
 				return;
 			}
-	
+
 			$email    = ((x($_REQUEST,'email'))    ? $_REQUEST['email']    : '');
 			$password = ((x($_REQUEST,'password')) ? $_REQUEST['password'] : '');
-	
+
 			$year = ((x($_REQUEST,'year'))    ? $_REQUEST['year']    : '');
-	
+
 			$channelname = substr($old_address,0,strpos($old_address,'@'));
 			$servername  = substr($old_address,strpos($old_address,'@')+1);
-	
+
 			$scheme = 'https://';
 			$api_path = '/api/red/channel/export/items?f=&channel=' . $channelname . '&year=' . intval($year);
 			$binary = false;
@@ -64,68 +70,66 @@ class Import_items extends \Zotlabs\Web\Controller {
 				$data = $ret['body'];
 			else
 				notice( t('Unable to download data from old server') . EOL);
-	
 		}
-	
+
 		if(! $data) {
-			logger('mod_import: empty file.');
+			logger('Empty file.');
 			notice( t('Imported file is empty.') . EOL);
 			return;
 		}
-	
-		$data = json_decode($data,true);
-	
-	//	logger('import: data: ' . print_r($data,true));
-	//	print_r($data);
-	
+
+		$data = json_decode($data, true);
+
+		//logger('import: data: ' . print_r($data,true));
+		//print_r($data);
+
 		if(! is_array($data))
 			return;
-	
+
 		if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) {
 			$v1 = substr($data['compatibility']['database'],-4);
 			$v2 = substr(DB_UPDATE_VERSION,-4);
 			if($v2 > $v1) {
-				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 ); 
-				notice($t);
+				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 );
+				notice($t . EOL);
 			}
 		}
-	
+
 		$channel = \App::get_channel();
-	
-	
+
 		if(array_key_exists('item',$data) && $data['item']) {
 			import_items($channel,$data['item'],false,((array_key_exists('relocate',$data)) ? $data['relocate'] : null));
 		}
-	
+
 		if(array_key_exists('item_id',$data) && $data['item_id']) {
 			import_item_ids($channel,$data['item_id']);
 		}
-	
+
 		info( t('Import completed') . EOL);
-		return;
 	}
-	
-	
-	
-	
+
+
+	/**
+	 * @brief Generate item import page.
+	 *
+	 * @return string with parsed HTML.
+	 */
 	function get() {
-	
+
 		if(! local_channel()) {
 			notice( t('Permission denied') . EOL);
 			return login();
 		}
-	
-		$o = replace_macros(get_markup_template('item_import.tpl'),array(
+
+		$o = replace_macros(get_markup_template('item_import.tpl'), array(
 			'$title' => t('Import Items'),
 			'$desc' => t('Use this form to import existing posts and content from an export file.'),
 			'$label_filename' => t('File to Upload'),
+			'$form_security_token' => get_form_security_token('import_items'),
 			'$submit' => t('Submit')
 		));
-	
+
 		return $o;
-	
 	}
-	
-	
-	
+
 }
--- a/Zotlabs/Module/Invite.php
+++ b/Zotlabs/Module/Invite.php
@@ -49,7 +49,7 @@ class Invite extends \Zotlabs\Web\Controller {
 			if(! $recip)
 				continue;
 	
-			if(! valid_email($recip)) {
+			if(! validate_email($recip)) {
 				notice(  sprintf( t('%s : Not a valid email address.'), $recip) . EOL);
 				continue;
 			}
@@ -88,12 +88,14 @@ class Invite extends \Zotlabs\Web\Controller {
 	}
 	
 	
-		function get() {
+	function get() {
 	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		nav_set_selected(t('Invite'));
 	
 		$tpl = get_markup_template('invite.tpl');
 		$invonly = false;
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -33,7 +33,7 @@ class Item extends \Zotlabs\Web\Controller {
 		// This will change. Figure out who the observer is and whether or not
 		// they have permission to post here. Else ignore the post.
 	
-		if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'commenter')))
+		if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'anonname')))
 			return;

 		$uid = local_channel();
@@ -77,7 +77,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		call_hooks('post_local_start', $_REQUEST);
 	
-	//	 logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
+		// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
 	
 		$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
 	
@@ -110,6 +110,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$preview     = ((x($_REQUEST,'preview'))     ? intval($_REQUEST['preview'])        : 0);
 		$categories  = ((x($_REQUEST,'category'))    ? escape_tags($_REQUEST['category'])  : '');
 		$webpage     = ((x($_REQUEST,'webpage'))     ? intval($_REQUEST['webpage'])        : 0);
+		$item_obscured = ((x($_REQUEST,'obscured'))  ? intval($_REQUEST['obscured'])        : 0);
 		$pagetitle   = ((x($_REQUEST,'pagetitle'))   ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '');
 		$layout_mid  = ((x($_REQUEST,'layout_mid'))  ? escape_tags($_REQUEST['layout_mid']): '');
 		$plink       = ((x($_REQUEST,'permalink'))   ? escape_tags($_REQUEST['permalink']) : '');
@@ -204,10 +205,29 @@ class Item extends \Zotlabs\Web\Controller {
 			$route = $parent_item['route'];
 	
 		}
+
+		$moderated = false;
 	
-		if(! $observer)
+		if(! $observer) {
 			$observer = \App::get_observer();
+			if(! $observer) {
+				$observer = anon_identity_init($_REQUEST);
+				if($observer) {
+					$moderated = true;
+					$remote_xchan = $remote_observer = $observer;
+				}
+			}
+		} 			
 	
+		if(! $observer) {
+			notice( t('Permission denied.') . EOL) ;
+			if($api_source)
+				return ( [ 'success' => false, 'message' => 'permission denied' ] );	
+			if(x($_REQUEST,'return')) 
+				goaway(z_root() . "/" . $return_path );
+			killme();
+		}
+
 		if($parent) {
 			logger('mod_item: item_post parent=' . $parent);
 			$can_comment = false;
@@ -311,7 +331,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$walltowall = false;
 		$walltowall_comment = false;
 	
-		if($remote_xchan)
+		if($remote_xchan && ! $moderated)
 			$observer = $remote_observer;
 	
 		if($observer) {
@@ -471,34 +491,16 @@ class Item extends \Zotlabs\Web\Controller {
 		if(! $mimetype)
 			$mimetype = 'text/bbcode';
 	
+
+		$execflag = ((intval($uid) == intval($profile_uid) 
+			&& ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
+
 		if($preview) {
-			$body = z_input_filter($profile_uid,$body,$mimetype);
+			$body = z_input_filter($body,$mimetype,$execflag);
 		}
 	
-	
 		// Verify ability to use html or php!!!
 	
-		$execflag = false;
-	
-		if($mimetype !== 'text/bbcode') {
-			$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1",
-				intval($profile_uid)
-			);
-			if($z && (($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE) || ($z[0]['channel_pageflags'] & PAGE_ALLOWCODE))) {
-				if($uid && (get_account_id() == $z[0]['account_id'])) {
-					$execflag = true;
-				}
-				else {
-					notice( t('Executable content type not permitted to this channel.') . EOL);
-					if($api_source)
-						return ( [ 'success' => false, 'message' => 'forbidden content type' ] );	
-					if(x($_REQUEST,'return')) 
-						goaway(z_root() . "/" . $return_path );
-					killme();
-				}
-			}
-		}
-	
 		$gacl = $acl->get();
 		$str_contact_allow = $gacl['allow_cid'];
 		$str_group_allow   = $gacl['allow_gid'];
@@ -632,7 +634,7 @@ class Item extends \Zotlabs\Web\Controller {
 					$attach_link = '';
 					$hash = substr($mtch,0,strpos($mtch,','));
 					$rev = intval(substr($mtch,strpos($mtch,',')));
-					$r = attach_by_hash_nodata($hash,$rev);
+					$r = attach_by_hash_nodata($hash, $observer['xchan_hash'], $rev);
 					if($r['success']) {
 						$attachments[] = array(
 							'href'     => z_root() . '/attach/' . $r['data']['hash'],
@@ -816,7 +818,7 @@ class Item extends \Zotlabs\Web\Controller {
 			$datarray['owner'] = $owner_xchan;
 			$datarray['author'] = $observer;
 			$datarray['attach'] = json_encode($datarray['attach']);
-			$o = conversation($a,array($datarray),'search',false,'preview');
+			$o = conversation(array($datarray),'search',false,'preview');
 	//		logger('preview: ' . $o, LOGGER_DEBUG);
 			echo json_encode(array('preview' => $o));
 			killme();
@@ -859,20 +861,8 @@ class Item extends \Zotlabs\Web\Controller {
 		}
 	
 	
-		if(mb_strlen($datarray['title']) > 255)
-			$datarray['title'] = mb_substr($datarray['title'],0,255);
-	
-		if(array_key_exists('item_private',$datarray) && $datarray['item_private']) {
-	
-			$datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']));
-	
-			if($uid) {
-				if($channel['channel_hash'] === $datarray['author_xchan']) {
-					$datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey']));
-					$datarray['item_verified'] = 1;
-				}
-			}
-		}
+		if(mb_strlen($datarray['title']) > 191)
+			$datarray['title'] = mb_substr($datarray['title'],0,191);
 	
 		if($webpage) {
 			Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
@@ -889,7 +879,17 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			$x = item_store_update($datarray,$execflag);
 			
-			item_create_edit_activity($x);			
+			// We only need edit activities for other federated protocols
+			// which do not support edits natively. While this does federate 
+			// edits, it presents a number of issues locally - such as #757 and #758.
+			// The SQL check for an edit activity would not perform that well so to fix these issues
+			// requires an additional item flag (perhaps 'item_edit_activity') that we can add to the 
+			// query for searches and notifications.
+
+			// For now we'll just forget about trying to make edits work on network protocols that 
+			// don't support them.   
+
+			// item_create_edit_activity($x);			

 			if(! $parent) {
 				$r = q("select * from item where id = %d",
@@ -928,6 +928,11 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			if($parent) {
 	
+				// prevent conversations which you are involved from being expired
+
+				if(local_channel())
+					retain_item($parent);
+
 				// only send comment notification if this is a wall-to-wall comment,
 				// otherwise it will happen during delivery
 	
@@ -1015,6 +1020,10 @@ class Item extends \Zotlabs\Web\Controller {
 			\Zotlabs\Daemon\Master::Summon(array('Notifier', $notify_type, $post_id));
 	
 		logger('post_complete');
+
+		if($moderated) {
+			info(t('Your comment is awaiting approval.') . EOL);
+		}
 	
 		// figure out how to return, depending on from whence we came
 	
--- a/Zotlabs/Module/Lang.php
+++ b/Zotlabs/Module/Lang.php
@@ -5,6 +5,7 @@ namespace Zotlabs\Module;
 class Lang extends \Zotlabs\Web\Controller {

 	function get() {
+		nav_set_selected(t('Language'));
 		return lang_selector();
 	}
 	
--- a/Zotlabs/Module/Layouts.php
+++ b/Zotlabs/Module/Layouts.php
@@ -125,6 +125,7 @@ class Layouts extends \Zotlabs\Web\Controller {
 			'hide_weblink' => true,
 			'hide_attach' => true,
 			'hide_preview' => true,
+			'disable_comments' => true,
 			'ptlabel'     => t('Layout Name'),
 			'profile_uid' => intval($owner),
 			'expanded'    => true,
--- a/Zotlabs/Module/Like.php
+++ b/Zotlabs/Module/Like.php
@@ -373,6 +373,10 @@ class Like extends \Zotlabs\Web\Controller {
 	
 			$links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink']));
 			$objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); 
+
+			if($objtype === ACTIVITY_OBJ_NOTE && (! intval($item['item_thread_top'])))
+				$objtype = ACTIVITY_OBJ_COMMENT;
+
 	
 			$body = $item['body'];
 	
@@ -500,6 +504,11 @@ class Like extends \Zotlabs\Web\Controller {
 	
 		$post = item_store($arr);	
 		$post_id = $post['item_id'];
+
+		// save the conversation from expiration
+
+		if(local_channel() && array_key_exists('item',$post) && (intval($post['item']['id']) != intval($post['item']['parent'])))
+			retain_item($post['item']['parent']); 
 	
 		$arr['id'] = $post_id;
 	
--- a/Zotlabs/Module/Lockview.php
+++ b/Zotlabs/Module/Lockview.php
@@ -72,7 +72,7 @@ class Lockview extends \Zotlabs\Web\Controller {
 		}
 	
 		if($uid != local_channel()) {
-			echo '<li>' . t('Remote privacy information not available.') . '</li>';
+			echo '<div class="dropdown-item">' . t('Remote privacy information not available.') . '</div>';
 			killme();
 		}
 	
@@ -84,7 +84,7 @@ class Lockview extends \Zotlabs\Web\Controller {
 			// as unknown specific recipients. The sender will have the visibility list and will fall through to the
 			// next section.
 	 
-			echo '<li>' . translate_scope((! $item['public_policy']) ? 'specific' : $item['public_policy']) . '</li>';
+			echo '<div class="dropdown-item">' . translate_scope((! $item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>';
 			killme();
 		}
 	
@@ -93,7 +93,7 @@ class Lockview extends \Zotlabs\Web\Controller {
 		$deny_users = expand_acl($item['deny_cid']);
 		$deny_groups = expand_acl($item['deny_gid']);
 	
-		$o = '<li>' . t('Visible to:') . '</li>';
+		$o = '<div class="dropdown-item">' . t('Visible to:') . '</div>';
 		$l = array();
 	
 		stringify_array_elms($allowed_groups,true);
@@ -114,24 +114,24 @@ class Lockview extends \Zotlabs\Web\Controller {
 			$r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )");
 			if($r)
 				foreach($r as $rr) 
-					$l[] = '<li><b>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</b></li>';
+					$l[] = '<div class="dropdown-item"><b>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</b></div>';
 		}

 		if(count($allowed_groups)) {
 			$r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
 			if($r)
 				foreach($r as $rr) 
-					$l[] = '<li><b>' . $rr['gname'] . '</b></li>';
+					$l[] = '<div class="dropdown-item"><b>' . $rr['gname'] . '</b></div>';
 		}
 		if(count($allowed_users)) {
 			$r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )");
 			if($r)
 				foreach($r as $rr) 
-					$l[] = '<li>' . $rr['xchan_name'] . '</li>';
+					$l[] = '<div class="dropdown-item">' . $rr['xchan_name'] . '</div>';
 			if($atokens) {
 				foreach($atokens as $at) {
 					if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) {	
-						$l[] = '<li>' . $at['xchan_name'] . '</li>';
+						$l[] = '<div class="dropdown-item">' . $at['xchan_name'] . '</div>';
 					}
 				}
 			}
@@ -150,7 +150,7 @@ class Lockview extends \Zotlabs\Web\Controller {
 			$r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )");
 			if($r)
 				foreach($r as $rr) 
-					$l[] = '<li><b><strike>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</strike></b></li>';
+					$l[] = '<div class="dropdown-item"><b><strike>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</strike></b></div>';
 		}


@@ -159,18 +159,18 @@ class Lockview extends \Zotlabs\Web\Controller {
 			$r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
 			if($r)
 				foreach($r as $rr) 
-					$l[] = '<li><b><strike>' . $rr['gname'] . '</strike></b></li>';
+					$l[] = '<div class="dropdown-item"><b><strike>' . $rr['gname'] . '</strike></b></div>';
 		}
 		if(count($deny_users)) {
 			$r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )");
 			if($r)
 				foreach($r as $rr) 
-					$l[] = '<li><strike>' . $rr['xchan_name'] . '</strike></li>';
+					$l[] = '<div class="dropdown-item"><strike>' . $rr['xchan_name'] . '</strike></div>';

 			if($atokens) {
 				foreach($atokens as $at) {
 					if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) {	
-						$l[] = '<li><strike>' . $at['xchan_name'] . '</strike></li>';
+						$l[] = '<div class="dropdown-item"><strike>' . $at['xchan_name'] . '</strike></div>';
 					}
 				}
 			}
--- a/Zotlabs/Module/Mail.php
+++ b/Zotlabs/Module/Mail.php
@@ -22,32 +22,40 @@ class Mail extends \Zotlabs\Web\Controller {
 		$recipient = ((x($_REQUEST,'messageto'))    ? notags(trim($_REQUEST['messageto']))    : '');
 		$rstr      = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : '');
 		$preview   = ((x($_REQUEST,'preview'))      ? intval($_REQUEST['preview'])            : 0);
-		$expires   = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE);
+		$expires   = ((x($_REQUEST,'expires'))      ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE);
+		$raw       = ((x($_REQUEST,'raw'))          ? intval($_REQUEST['raw'])                : 0);
+		$mimetype  = ((x($_REQUEST,'mimetype'))     ? notags(trim($_REQUEST['mimetype']))     : 'text/bbcode');

 		if($preview) {

-			$body = cleanup_bbcode($body);
-			$results = linkify_tags($a, $body, local_channel());
-
-			if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) {
-				$attachments = array();
-				foreach($match[2] as $mtch) {
-					$hash = substr($mtch,0,strpos($mtch,','));
-					$rev = intval(substr($mtch,strpos($mtch,',')));
-					$r = attach_by_hash_nodata($hash,get_observer_hash(),$rev);
-					if($r['success']) {
-						$attachments[] = array(
-							'href'     => z_root() . '/attach/' . $r['data']['hash'],
-							'length'   =>  $r['data']['filesize'],
-							'type'     => $r['data']['filetype'],
-							'title'    => urlencode($r['data']['filename']),
-							'revision' => $r['data']['revision']
-						);
-					}
-					$body = trim(str_replace($match[1],'',$body));
-				}
+			if($raw) {
+				$body = mail_prepare_binary(['id' => 'M0']);
+				echo json_encode(['preview' => $body]);
+			}
+			else {
+				$body = cleanup_bbcode($body);
+				$results = linkify_tags($a, $body, local_channel());
+
+				if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) {
+					$attachments = array();
+					foreach($match[2] as $mtch) {
+						$hash = substr($mtch,0,strpos($mtch,','));
+						$rev = intval(substr($mtch,strpos($mtch,',')));
+						$r = attach_by_hash_nodata($hash,get_observer_hash(),$rev);
+						if($r['success']) {
+							$attachments[] = array(
+								'href'     => z_root() . '/attach/' . $r['data']['hash'],
+								'length'   =>  $r['data']['filesize'],
+								'type'     => $r['data']['filetype'],
+								'title'    => urlencode($r['data']['filename']),
+								'revision' => $r['data']['revision']
+							);
+						}
+						$body = trim(str_replace($match[1],'',$body));
+					}
+				}
+				echo json_encode(['preview' => zidify_links(smilies(bbcode($body)))]);
 			}
-			echo json_encode(['preview' => zidify_links(smilies(bbcode($body)))]);
 			killme();
 		} 

@@ -102,36 +110,10 @@ class Mail extends \Zotlabs\Web\Controller {
 			}
 		}
 	
-	//	if(feature_enabled(local_channel(),'richtext')) {
-	//		$body = fix_mce_lf($body);
-	//	}
-	
 		require_once('include/text.php');
 		linkify_tags($a, $body, local_channel());
 	
-		// I don't think this is used any more.

-		if($preview) {
-			$mail = [
-				'mailbox' => 'outbox',
-				'id' => 0,
-				'mid' => 'M0',
-				'from_name' => $channel['xchan_name'],
-				'from_url' =>  $channel['xchan_url'],
-				'from_photo' => $channel['xchan_photo_s'],
-				'subject' => zidify_links(smilies(bbcode($subject))),
-				'body' => zidify_links(smilies(bbcode($body))),
-				'attachments' => '',
-				'can_recall' => false,
-				'is_recalled' => '',
-				'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'], 'c')
-			];
-			
-			echo replace_macros(get_markup_template('mail_conv.tpl'), [ '$mail' => $mail ] );
-			killme();
-
-		}
-	
 		if(! $recipient) {
 			notice('No recipient found.');
 			\App::$argc = 2;
@@ -141,7 +123,7 @@ class Mail extends \Zotlabs\Web\Controller {
 	
 		// We have a local_channel, let send_message use the session channel and save a lookup
 		
-		$ret = send_message(0, $recipient, $body, $subject, $replyto, $expires);
+		$ret = send_message(0, $recipient, $body, $subject, $replyto, $expires, $mimetype, $raw);
 	
 		if($ret['success']) {
 			xchan_mail_query($ret['mail']);
@@ -158,7 +140,7 @@ class Mail extends \Zotlabs\Web\Controller {
 	function get() {
 	
 		$o = '';
-		nav_set_selected('messages');
+		nav_set_selected(t('Mail'));
 	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
@@ -178,6 +160,25 @@ class Mail extends \Zotlabs\Web\Controller {
 			'$header' => t('Messages'),
 		));
 	
+		if(argc() == 3 && intval(argv(1)) && argv(2) === 'download') {
+
+			$r = q("select * from mail where id = %d and channel_id = %d",
+				intval(argv(1)),
+				intval(local_channel())
+			);
+
+			if($r) {
+
+				header('Content-type: ' . $r[0]['mail_mimetype']);
+				header('Content-disposition: attachment; filename="' . t('message') . '-' . $r[0]['id'] . '"' );
+				$body = (($r[0]['mail_obscured']) ? base64url_decode(str_rot47($r[0]['body'])) : $r[0]['body']);				
+				echo $body;
+				killme();
+			}
+
+		}
+
+
 		if((argc() == 4) && (argv(2) === 'drop')) {
 			if(! intval(argv(3)))
 				return;
@@ -296,7 +297,9 @@ class Mail extends \Zotlabs\Web\Controller {
 	
 			return $o;
 		}
-	
+
+		$direct_mid = 0;
+
 		switch(argv(1)) {
 			case 'combined':
 				$mailbox = 'combined';
@@ -309,12 +312,22 @@ class Mail extends \Zotlabs\Web\Controller {
 				break;
 			default:
 				$mailbox = 'combined';
+
+				// notifications direct to mail/nn
+
+				if(intval(argv(1)))
+					$direct_mid = intval(argv(1));
 				break;
 		}
 	
+
 		$last_message = private_messages_list(local_channel(), $mailbox, 0, 1);
-	
+
 		$mid = ((argc() > 2) && (intval(argv(2)))) ? argv(2) : $last_message[0]['id'];
+
+		if($direct_mid)
+			$mid = $direct_mid;
+	
 	
 		$plaintext = true;
 	
@@ -358,6 +371,11 @@ class Mail extends \Zotlabs\Web\Controller {
 		foreach($messages as $message) {
 	
 			$s = theme_attachments($message);
+
+			if($message['mail_raw'])
+				$message['body'] = mail_prepare_binary([ 'id' => $message['id'] ]);
+			else
+				$message['body'] = zidify_links(smilies(bbcode($message['body'])));
 	
 			$mails[] = array(
 				'mailbox' => $mailbox,
@@ -370,7 +388,7 @@ class Mail extends \Zotlabs\Web\Controller {
 				'to_url' =>  chanlink_hash($message['to_xchan']),
 				'to_photo' => $message['to']['xchan_photo_s'],
 				'subject' => $message['title'],
-				'body' => zidify_links(smilies(bbcode($message['body']))),
+				'body' => $message['body'],
 				'attachments' => $s,
 				'delete' => t('Delete message'),
 				'dreport' => t('Delivery report'),
--- a/Zotlabs/Module/Manage.php
+++ b/Zotlabs/Module/Manage.php
@@ -10,6 +10,8 @@ class Manage extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		nav_set_selected('Manage');
 	
 		require_once('include/security.php');
 	
@@ -46,107 +48,111 @@ class Manage extends \Zotlabs\Web\Controller {
 	
 		$channels = null;
 	
-		if(local_channel()) {
-			$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and channel_removed = 0 order by channel_name ",
-				intval(get_account_id())
-			);
+		$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and channel_removed = 0 order by channel_name ",
+			intval(get_account_id())
+		);
 	
-			$account = \App::get_account();
+		$account = \App::get_account();
 	
-			if($r && count($r)) {
-				$channels = $r;
-				for($x = 0; $x < count($channels); $x ++) {
-					$channels[$x]['link'] = 'manage/' . intval($channels[$x]['channel_id']);
-					$channels[$x]['default'] = (($channels[$x]['channel_id'] == $account['account_default_channel']) ? "1" : ''); 
-					$channels[$x]['default_links'] = '1';
+		if($r && count($r)) {
+			$channels = $r;
+			for($x = 0; $x < count($channels); $x ++) {
+				$channels[$x]['link'] = 'manage/' . intval($channels[$x]['channel_id']);
+				$channels[$x]['default'] = (($channels[$x]['channel_id'] == $account['account_default_channel']) ? "1" : ''); 
+				$channels[$x]['default_links'] = '1';
 	
 	
-					$c = q("SELECT id, item_wall FROM item
-						WHERE item_unseen = 1 and uid = %d " . item_normal(),
-						intval($channels[$x]['channel_id'])
-					);
+				$c = q("SELECT id, item_wall FROM item
+					WHERE item_unseen = 1 and uid = %d " . item_normal(),
+					intval($channels[$x]['channel_id'])
+				);
 	
-					if($c) {	
-						foreach ($c as $it) {
-							if(intval($it['item_wall']))
-								$channels[$x]['home'] ++;
-							else
-								$channels[$x]['network'] ++;
-						}
+				if($c) {	
+					foreach ($c as $it) {
+						if(intval($it['item_wall']))
+							$channels[$x]['home'] ++;
+						else
+							$channels[$x]['network'] ++;
 					}
+				}
 	
 	
-					$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ",
-						intval($channels[$x]['channel_id'])
-					);
+				$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ",
+					intval($channels[$x]['channel_id'])
+				);
 	
-					if($intr)
-						$channels[$x]['intros'] = intval($intr[0]['total']);
+				if($intr)
+					$channels[$x]['intros'] = intval($intr[0]['total']);
 	
 	
-					$mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND mail_seen = 0 and from_xchan != '%s' ",
-						intval($channels[$x]['channel_id']),
-						dbesc($channels[$x]['channel_hash'])
-					);
+				$mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND mail_seen = 0 and from_xchan != '%s' ",
+					intval($channels[$x]['channel_id']),
+					dbesc($channels[$x]['channel_hash'])
+				);
 	
-					if($mails)
-						$channels[$x]['mail'] = intval($mails[0]['total']);
+				if($mails)
+					$channels[$x]['mail'] = intval($mails[0]['total']);
 			
 	
-					$events = q("SELECT etype, dtstart, adjust FROM event
-						WHERE event.uid = %d AND dtstart < '%s' AND dtstart > '%s' and dismissed = 0
-						ORDER BY dtstart ASC ",
-						intval($channels[$x]['channel_id']),
-						dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')),
-						dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days'))
-					);
+				$events = q("SELECT etype, dtstart, adjust FROM event
+					WHERE event.uid = %d AND dtstart < '%s' AND dtstart > '%s' and dismissed = 0
+					ORDER BY dtstart ASC ",
+					intval($channels[$x]['channel_id']),
+					dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')),
+					dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days'))
+				);
 	
-					if($events) {
-						$channels[$x]['all_events'] = count($events);
-	
-						if($channels[$x]['all_events']) {
-							$str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d');
-							foreach($events as $e) {
-								$bd = false;
-								if($e['etype'] === 'birthday') {
-									$channels[$x]['birthdays'] ++;
-									$bd = true;
-								}
-								else {
-									$channels[$x]['events'] ++;
-								}
-								if(datetime_convert('UTC', ((intval($e['adjust'])) ? date_default_timezone_get() : 'UTC'), $e['dtstart'], 'Y-m-d') === $str_now) {
-									$channels[$x]['all_events_today'] ++;
-									if($bd)
-										$channels[$x]['birthdays_today'] ++;
-									else
-										$channels[$x]['events_today'] ++;
-								}
+				if($events) {
+					$channels[$x]['all_events'] = count($events);
+
+					if($channels[$x]['all_events']) {
+						$str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d');
+						foreach($events as $e) {
+							$bd = false;
+							if($e['etype'] === 'birthday') {
+								$channels[$x]['birthdays'] ++;
+								$bd = true;
+							}
+							else {
+								$channels[$x]['events'] ++;
+							}
+							if(datetime_convert('UTC', ((intval($e['adjust'])) ? date_default_timezone_get() : 'UTC'), $e['dtstart'], 'Y-m-d') === $str_now) {
+								$channels[$x]['all_events_today'] ++;
+								if($bd)
+									$channels[$x]['birthdays_today'] ++;
+								else
+									$channels[$x]['events_today'] ++;
 							}
 						}
 					}
 				}
 			}
-			
-		    $r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0",
-				intval(get_account_id())
-			);
-			$limit = account_service_class_fetch(get_account_id(),'total_identities');
-			if($limit !== false) {
-				$channel_usage_message = sprintf( t("You have created %1$.0f of %2$.0f allowed channels."), $r[0]['total'], $limit);
-			}
-			else {
-				$channel_usage_message = '';
-	 		}
+
+		}			
+		
+		$r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0",
+			intval(get_account_id())
+		);
+		$limit = account_service_class_fetch(get_account_id(),'total_identities');
+		if($limit !== false) {
+			$channel_usage_message = sprintf( t("You have created %1$.0f of %2$.0f allowed channels."), $r[0]['total'], $limit);
 		}
+		else {
+			$channel_usage_message = '';
+	 	}
+	
 	
 		$create = array( 'new_channel', t('Create a new channel'), t('Create New'));
 	
-		$delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where 
-			abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = '1' )",
-			intval(local_channel()),
-			intval(local_channel())
-		);
+		$delegates = null;
+
+		if(local_channel()) {
+			$delegates = q("select * from abook left join xchan on abook_xchan = xchan_hash where 
+				abook_channel = %d and abook_xchan in ( select xchan from abconfig where chan = %d and cat = 'their_perms' and k = 'delegate' and v = '1' )",
+				intval(local_channel()),
+				intval(local_channel())
+			);
+		}
 	
 		if($delegates) {
 			for($x = 0; $x < count($delegates); $x ++) {
--- a/Zotlabs/Module/Moderate.php
+++ b/Zotlabs/Module/Moderate.php
@@ -0,0 +1,76 @@
+<?php
+
+namespace Zotlabs\Module;
+
+require_once('include/conversation.php');
+
+
+class Moderate extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+		if(! local_channel()) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+
+		if(argc() > 2) {
+			$post_id = intval(argv(1));
+			if(! $post_id)
+				goaway(z_root() . '/moderate');
+
+			$action = argv(2);
+
+			$r = q("select * from item where uid = %d and id = %d and item_blocked = %d limit 1",
+				intval(local_channel()),
+				intval($post_id),
+				intval(ITEM_MODERATED)
+			);
+
+			if($r) {
+				if($action === 'approve') {
+					q("update item set item_blocked = 0 where uid = %d and id = %d",
+						intval(local_channel()),
+						intval($post_id)
+					);
+					notice( t('Comment approved') . EOL);
+				}
+				elseif($action === 'drop') {
+					drop_item($post_id,false);
+					notice( t('Comment deleted') . EOL);
+				} 
+			
+				$r = q("select * from item where id = %d",
+					intval($post_id)
+				);
+				if($r) {
+					xchan_query($r);
+					$sync_item = fetch_post_tags($r);
+					build_sync_packet(local_channel(),array('item' => array(encode_item($sync_item[0],true))));
+				}
+				if($action === 'approve') {
+					\Zotlabs\Daemon\Master::Summon(array('Notifier', 'comment-new', $post_id));
+				}
+				goaway(z_root() . '/moderate');
+			}
+		}
+		$r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+			intval(local_channel()),
+			intval(ITEM_MODERATED)
+		);
+
+		if($r) {
+			xchan_query($r);
+			$items = fetch_post_tags($r,true);
+		}
+		else {
+			$items = array();
+		}
+
+		$o = conversation($items,'moderate',false,'traditional');
+		return $o;
+
+	}
+
+}
--- a/Zotlabs/Module/Mood.php
+++ b/Zotlabs/Module/Mood.php
@@ -110,17 +110,17 @@ class Mood extends \Zotlabs\Web\Controller {
 	
 	
 	
-		function get() {
+	function get() {
 	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
+
+		nav_set_selected(t('Mood'));
+
 		$parent = ((x($_GET,'parent')) ? intval($_GET['parent']) : '0');
 	
-	
-	
 		$verbs = get_mood_verbs();
 	
 		$shortlist = array();
--- a/Zotlabs/Module/Network.php
+++ b/Zotlabs/Module/Network.php
@@ -118,8 +118,8 @@ class Network extends \Zotlabs\Web\Controller {
 		$cmax     = ((x($_GET,'cmax'))  ? intval($_GET['cmax'])  : 99);
 		$firehose = ((x($_GET,'fh'))    ? intval($_GET['fh'])    : 0);
 		$file     = ((x($_GET,'file'))  ? $_GET['file']          : '');
-	
-	
+		$xchan    = ((x($_GET,'xchan')) ? $_GET['xchan']         : '');
+		
 		$deftag = '';
 	
 		if(x($_GET,'search') || x($_GET,'file'))
@@ -154,7 +154,7 @@ class Network extends \Zotlabs\Web\Controller {
 				));
 			}
 	
-			nav_set_selected('network');
+			nav_set_selected(t('Activity'));

 			$channel_acl = array(
 				'allow_cid' => $channel['channel_allow_cid'], 
@@ -257,6 +257,26 @@ class Network extends \Zotlabs\Web\Controller {
 				goaway(z_root() . '/network');
 			}
 		}
+		elseif($xchan) {
+				$r = q("select * from xchan where xchan_hash = '%s'",
+					dbesc($xchan)
+				);
+				if($r) {
+					$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($xchan) . "' or owner_xchan = '" . dbesc($xchan) . "' ) $item_normal ) ";
+					$title = replace_macros(get_markup_template("section_title.tpl"),array(
+						'$title' => '<a href="' . zid($r[0]['xchan_url']) . '" ><img src="' . zid($r[0]['xchan_photo_s'])  . '" alt="' . urlencode($r[0]['xchan_name']) . '" /></a> <a href="' . zid($r[0]['xchan_url']) . '" >' . $r[0]['xchan_name'] . '</a>'
+				));
+				$o = $tabs;
+				$o .= $title;
+				$o .= $status_editor;
+
+			}
+			else {
+				notice( t('Invalid channel.') . EOL);
+				goaway(z_root() . '/network');
+			}
+
+		}
 	
 		if(x($category)) {
 			$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
@@ -302,10 +322,11 @@ class Network extends \Zotlabs\Web\Controller {
 				'$list'    => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$page'    => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
 				'$search'  => (($search) ? $search : ''),
+				'$xchan'   => $xchan,
 				'$order'   => $order,
 				'$file'    => $file,
-				'$cats'    => $category,
-				'$tags'    => $hashtags,
+				'$cats'    => urlencode($category),
+				'$tags'    => urlencode($hashtags),
 				'$dend'    => $datequery,
 				'$mid'     => '',
 				'$verb'     => $verb,
@@ -388,8 +409,9 @@ class Network extends \Zotlabs\Web\Controller {
 		}
 	
 		$abook_uids = " and abook.abook_channel = " . local_channel() . " ";
-	
-		if($firehose && (! get_config('system','disable_discover_tab'))) {
+
+		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
+		if($firehose && (! $disable_discover_tab)) {
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
 			$uids = " and item.uid  = " . intval($sys['channel_id']) . " ";
@@ -530,7 +552,7 @@ class Network extends \Zotlabs\Web\Controller {
 	
 		$mode = (($nouveau) ? 'network-new' : 'network');
 	
-		$o .= conversation($a,$items,$mode,$update,$page_mode);
+		$o .= conversation($items,$mode,$update,$page_mode);
 	
 		if(($items) && (! $update))
 			$o .= alt_pager($a,count($items));
--- a/Zotlabs/Module/New_channel.php
+++ b/Zotlabs/Module/New_channel.php
@@ -134,7 +134,7 @@ class New_channel extends \Zotlabs\Web\Controller {
 		$name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'), "*");
 		$nickhub = '@' . \App::get_hostname();
 		$nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub), "*");
-		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
+		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Account_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
 	
 		$o = replace_macros(get_markup_template('new_channel.tpl'), array(
 			'$title'        => t('Create Channel'),
--- a/Zotlabs/Module/Notifications.php
+++ b/Zotlabs/Module/Notifications.php
@@ -40,7 +40,7 @@ class Notifications extends \Zotlabs\Web\Controller {
 			
 		$o .= replace_macros(get_markup_template('notifications.tpl'),array(
 			'$notif_header' => t('System Notifications'),
-			'$notif_link_mark_seen' => t('Mark all system notifications seen'),
+			'$notif_link_mark_seen' => t('Mark all seen'),
 			'$notif_content' => $notif_content,
 			'$notifications_available' => $notifications_available,
 		));
--- a/Zotlabs/Module/Oembed.php
+++ b/Zotlabs/Module/Oembed.php
@@ -22,7 +22,7 @@ class Oembed extends \Zotlabs\Web\Controller {
 			}
 		
 			else {
-				echo "<html><head><base target=\"_blank\" /></head><body>";
+				echo "<html><head><base target=\"_blank\" rel=\"nofollow noopener\" /></head><body>";
 				$src = base64url_decode(argv(1));
 				$j = oembed_fetch_url($src);
 				echo $j['html'];
--- a/Zotlabs/Module/Oep.php
+++ b/Zotlabs/Module/Oep.php
@@ -108,7 +108,7 @@ class Oep extends \Zotlabs\Web\Controller {
 		$ret['type'] = 'rich';
 	
 		$w = (($maxwidth) ? $maxwidth : 640);
-		$h = (($maxheight) ? $maxheight : $w * 2 / 3);
+		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
 	
 		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
 		
@@ -167,7 +167,7 @@ class Oep extends \Zotlabs\Web\Controller {
 		$ret['type'] = 'rich';
 	
 		$w = (($maxwidth) ? $maxwidth : 640);
-		$h = (($maxheight) ? $maxheight : $w * 2 / 3);
+		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
 	
 		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
 		
--- a/Zotlabs/Module/Ofeed.php
+++ b/Zotlabs/Module/Ofeed.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Zotlabs\Module;
+
+/* Ofeed: Broken feed for software which requires broken feeds */
+
+require_once('include/items.php');
+
+class Ofeed extends \Zotlabs\Web\Controller {
+
+	function init() {
+	
+		$params = [];
+	
+		$params['begin']     = ((x($_REQUEST,'date_begin')) ? $_REQUEST['date_begin']       : NULL_DATE);
+		$params['end']       = ((x($_REQUEST,'date_end'))   ? $_REQUEST['date_end']         : '');
+		$params['type']      = ((stristr(argv(0),'json'))   ? 'json'                        : 'xml');
+		$params['pages']     = ((x($_REQUEST,'pages'))      ? intval($_REQUEST['pages'])    : 0);
+		$params['top']       = ((x($_REQUEST,'top'))        ? intval($_REQUEST['top'])      : 0);
+		$params['start']     = ((x($params,'start'))        ? intval($params['start'])      : 0);
+		$params['records']   = ((x($params,'records'))      ? intval($params['records'])    : 40);
+		$params['direction'] = ((x($params,'direction'))    ? dbesc($params['direction'])   : 'desc');
+		$params['cat']       = ((x($_REQUEST,'cat'))        ? escape_tags($_REQUEST['cat']) : '');
+		$params['compat']    = ((x($_REQUEST,'compat'))     ? intval($_REQUEST['compat'])   : 1);	
+
+
+		if(argc() > 1) {
+
+			if(observer_prohibited(true)) {
+				killme();
+			}
+
+			$channel = channelx_by_nick(argv(1));
+			if(! $channel) {
+				killme();
+			}
+	
+	 
+			logger('public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
+	
+			echo get_public_feed($channel,$params);
+	
+			killme();
+		}
+	
+	}
+	
+}
--- a/Zotlabs/Module/Page.php
+++ b/Zotlabs/Module/Page.php
@@ -3,7 +3,6 @@ namespace Zotlabs\Module;

 require_once('include/items.php');
 require_once('include/conversation.php');
-require_once('include/page_widgets.php');


 class Page extends \Zotlabs\Web\Controller {
@@ -43,11 +42,31 @@ class Page extends \Zotlabs\Web\Controller {
 	
 		$channel_address = argv(1);
 	
+		// Always look first for the page name prefixed by the observer language; for instance page/nickname/de/foo
+		// followed by page/nickname/foo if that is not found.
+		// If your browser language is de and you want to access the default in this case, 
+		// use page/nickname/-/foo to over-ride the language and access only the page with pagelink of 'foo'
+
+		$page_name = '';
+		$ignore_language = false;
+
+		for($x = 2; $x < argc(); $x ++) {
+			if($page_name === '' && argv($x) === '-') {
+				$ignore_language = true;
+				continue;
+			}
+			if($page_name)
+				$page_name .= '/';
+			$page_name .= argv($x);
+		}
+
+
 		// The page link title was stored in a urlencoded format
 		// php or the browser may/will have decoded it, so re-encode it for our search
 	
-		$page_id = urlencode(argv(2));
-	
+		$page_id = urlencode($page_name);
+		$lang_page_id = urlencode(\App::$language . '/' . $page_name);
+
 		$u = q("select channel_id from channel where channel_address = '%s' limit 1",
 			dbesc($channel_address)
 		);
@@ -64,16 +83,31 @@ class Page extends \Zotlabs\Web\Controller {
 	
 		require_once('include/security.php');
 		$sql_options = item_permissions_sql($u[0]['channel_id']);
-	
-		$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
-			where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 
-			and (( iconfig.k = 'WEBPAGE' and item_type = %d ) 
-			OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1",
-			intval($u[0]['channel_id']),
-			dbesc($page_id),
-			intval(ITEM_TYPE_WEBPAGE),
-			intval(ITEM_TYPE_PDL)
-		);
+
+		$r = null;	
+
+		if(! $ignore_language) {
+			$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 
+				and (( iconfig.k = 'WEBPAGE' and item_type = %d ) 
+				OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1",
+				intval($u[0]['channel_id']),
+				dbesc($lang_page_id),
+				intval(ITEM_TYPE_WEBPAGE),
+				intval(ITEM_TYPE_PDL)
+			);
+		}
+		if(! $r) {
+			$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 
+				and (( iconfig.k = 'WEBPAGE' and item_type = %d ) 
+				OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1",
+				intval($u[0]['channel_id']),
+				dbesc($page_id),
+				intval(ITEM_TYPE_WEBPAGE),
+				intval(ITEM_TYPE_PDL)
+			);
+		}
 		if(! $r) {
 	
 			// Check again with no permissions clause to see if it is a permissions issue
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -127,7 +127,6 @@ class Photo extends \Zotlabs\Web\Controller {
 				  }
 			}
 			
-
 			$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
 				dbesc($photo),
 				intval($resolution)
@@ -150,12 +149,16 @@ class Photo extends \Zotlabs\Web\Controller {
 				$channel = channelx_by_n($r[0]['uid']);

 				// Now we'll see if we can access the photo
-	
 				$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d $sql_extra LIMIT 1",
 					dbesc($photo),
 					intval($resolution)
 				);
-	
+
+				// viewing cover photos is allowed unless a plugin chooses to block it. 
+
+				if($r && intval($r[0]['photo_usage']) === PHOTO_COVER && $resolution >= PHOTO_RES_COVER_1200)
+					$allowed = 1;
+ 
 				$d = [ 'imgscale' => $resolution, 'resource_id' => $photo, 'photo' => $r, 'allowed' => $allowed ];
 				call_hooks('get_photo',$d);

--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -15,13 +15,10 @@ class Photos extends \Zotlabs\Web\Controller {

 	function init() {
 	
-	
 		if(observer_prohibited()) {
 			return;
 		}
 	
-		$o = '';
-	
 		if(argc() > 1) {
 			$nick = argv(1);
 	
@@ -54,7 +51,6 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 		logger('mod-photos: photos_post: begin' , LOGGER_DEBUG);
 	
-	
 		logger('mod_photos: REQUEST ' . print_r($_REQUEST,true), LOGGER_DATA);
 		logger('mod_photos: FILES '   . print_r($_FILES,true), LOGGER_DATA);
 	
@@ -92,14 +88,9 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 		if((argc() > 3) && (argv(2) === 'album')) {
 	
-			$album = hex2bin(argv(3));
-	
-			if($album === t('Profile Photos')) {
-				// not allowed
-				goaway(z_root() . '/' . $_SESSION['photo_return']);
-			}
-	
-			if(! photos_album_exists($page_owner_uid,$album)) {
+			$album = argv(3);
+
+			if(! photos_album_exists($page_owner_uid, get_observer_hash(), $album)) {
 				notice( t('Album not found.') . EOL);
 				goaway(z_root() . '/' . $_SESSION['photo_return']);
 			}
@@ -121,7 +112,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 				$folder_hash = '';
 	 
-				$r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'",
+				$r = q("select * from attach where is_dir = 1 and uid = %d and hash = '%s'",
 					intval($page_owner_uid),
 					dbesc($album)
 				);
@@ -129,14 +120,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					notice( t('Album not found.') . EOL);
 					return;
 				}
-				if(count($r) > 1) {
-					notice( t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL);
-					return;
-				}
-				else {
-					$folder_hash = $r[0]['hash'];
-				}
-	
+				$folder_hash = $r[0]['hash'];
 	
 	
 				$res = array();
@@ -468,7 +452,7 @@ class Photos extends \Zotlabs\Web\Controller {
 		 * default post action - upload a photo
 		 */
 	
-		$channel = \App::$data['channel'];
+		$channel  = \App::$data['channel'];
 		$observer = \App::$data['observer'];
 	
 		$_REQUEST['source'] = 'photos';
@@ -485,12 +469,10 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 		if(! $r['success']) {
 			notice($r['message'] . EOL);
+			goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']);
 		}		
-		
-		if($_REQUEST['newalbum'])
-			goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
-		else
-			goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC',date_default_timezone_get(),'now', 'Y')));		
+
+		goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $r['data']['folder']);
 	
 	}
 	
@@ -569,7 +551,11 @@ class Photos extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		$sql_extra = permissions_sql($owner_uid);
+		$sql_item = item_permissions_sql($owner_uid,get_observer_hash());
+		$sql_extra = permissions_sql($owner_uid,get_observer_hash(),'photo');
+		$sql_attach = permissions_sql($owner_uid,get_observer_hash(),'attach');
+
+		nav_set_selected(t('Photos'));
 	
 		$o = "";
 	
@@ -579,7 +565,7 @@ class Photos extends \Zotlabs\Web\Controller {
 		// tabs
 	
 		$_is_owner = (local_channel() && (local_channel() == $owner_uid));
-		$o .= profile_tabs($a,$_is_owner, \App::$data['channel']['channel_address']);	
+		//$o .= profile_tabs($a,$_is_owner, \App::$data['channel']['channel_address']);	
 	
 		/**
 		 * Display upload form
@@ -628,8 +614,14 @@ class Photos extends \Zotlabs\Web\Controller {
 			if(! $aclselect) {
 				$aclselect = '<input id="group_allow" type="hidden" name="allow_gid[]" value="" /><input id="contact_allow" type="hidden" name="allow_cid[]" value="" /><input id="group_deny" type="hidden" name="deny_gid[]" value="" /><input id="contact_deny" type="hidden" name="deny_cid[]" value="" />';
 			}
-	
-			$selname = (($datum) ? hex2bin($datum) : '');
+
+			$selname = '';
+
+			if($datum) {
+				$h = attach_by_hash_nodata($datum,get_observer_hash());
+				$selname = $h['data']['display_path'];
+			}	
+
 	
 			$albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer']));
 	
@@ -680,29 +672,13 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 		if($datatype === 'album') {
 	
-			if(strlen($datum)) {
-				if((strlen($datum) & 1) || (! ctype_xdigit($datum))) {
-					notice( t('Album name could not be decoded') . EOL);
-					logger('mod_photos: illegal album encoding: ' . $datum);
-					$datum = '';
-					goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']);
-				}
-			}
-	
-			$album = (($datum) ? hex2bin($datum) : '');
-
 			\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n";

-			//check if the album exists and if we have perms
-			$r = q("SELECT album FROM photo WHERE uid = %d AND album = '%s' and is_nsfw = %d $sql_extra LIMIT 1",
-				intval($owner_uid),
-				dbesc($album),
-				intval($unsafe)
-			);
-
-			if($r) {
+			if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) {
 				\App::set_pager_itemspage(60);
-			} else {
+				$album = $x['display_path'];
+			} 
+			else {
 				goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']);
 			}

@@ -712,26 +688,26 @@ class Photos extends \Zotlabs\Web\Controller {
 				$order = 'DESC';

 			$r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.imgscale, p.description, p.created FROM photo p INNER JOIN
-					(SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph 
+					(SELECT resource_id, max(imgscale) imgscale FROM photo left join attach on folder = '%s' and photo.resource_id = attach.hash WHERE attach.uid = %d AND imgscale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph 
 					ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale)
 				ORDER BY created $order LIMIT %d OFFSET %d",
+				dbesc($x['hash']),
 				intval($owner_uid),
-				dbesc($album),
 				intval(PHOTO_NORMAL),
 				intval(PHOTO_PROFILE),
 				intval($unsafe),
 				intval(\App::$pager['itemspage']),
 				intval(\App::$pager['start'])
 			);
-			
-			//edit album name
+
+			// edit album name
 			$album_edit = null;
-			if(($album !== t('Profile Photos')) && ($album !== 'Profile Photos') && ($album !== 'Contact Photos') && ($album !== t('Contact Photos'))) {
-				if($can_post) {
-					$album_e = $album;
-					$albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer']));
+
+			if($can_post) {
+				$album_e = $album;
+				$albums = ((array_key_exists('albums', \App::$data)) ? \App::$data['albums'] : photos_albums_list(\App::$data['channel'],\App::$data['observer']));
 	
-					// @fixme - syncronise actions with DAV
+				// @fixme - syncronise actions with DAV
 		
 	//				$edit_tpl = get_markup_template('album_edit.tpl');
 	//				$album_edit = replace_macros($edit_tpl,array(
@@ -745,13 +721,12 @@ class Photos extends \Zotlabs\Web\Controller {
 	//					'$dropsubmit' => t('Delete Album')
 	//				));
 	
-				}
 			}
 	
 			if($_GET['order'] === 'posted')
-				$order =  array(t('Show Newest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($album));
+				$order =  array(t('Show Newest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum);
 			else
-				$order = array(t('Show Oldest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($album) . '?f=&order=posted');
+				$order = array(t('Show Oldest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum . '?f=&order=posted');
 	
 			$photos = array();
 			if(count($r)) {
@@ -805,10 +780,10 @@ class Photos extends \Zotlabs\Web\Controller {
 				$o .= replace_macros($tpl, array(
 					'$photos' => $photos,
 					'$album' => $album,
-					'$album_id' => bin2hex($album),
+					'$album_id' => $datum,
 					'$album_edit' => array(t('Edit Album'), $album_edit),
 					'$can_post' => $can_post,
-					'$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . bin2hex($album)),
+					'$upload' => array(t('Upload'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/upload/' . $datum),
 					'$order' => $order,
 					'$upload_form' => $upload_form,
 					'$usage' => $usage_message
@@ -822,8 +797,6 @@ class Photos extends \Zotlabs\Web\Controller {
 				killme();
 			}
 	
-	//		$o .= paginate($a);
-	
 			return $o;
 	
 		}	
@@ -836,6 +809,11 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 			\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n";
 	
+			$x = q("select folder from attach where hash = '%s' and uid = %d $sql_attach limit 1",
+				dbesc($datum),
+				intval($owner_uid)
+			);
+
 			// fetch image, item containing image, then comments
 	
 			$ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,description,album,filename,mimetype,height,width,filesize,imgscale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM photo WHERE uid = %d AND resource_id = '%s' 
@@ -844,7 +822,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				dbesc($datum)
 			);
 	
-			if(! $ph) {
+			if(! ($ph && $x)) {
 	
 				/* Check again - this time without specifying permissions */
 	
@@ -869,16 +847,16 @@ class Photos extends \Zotlabs\Web\Controller {
 			else
 				$order = 'DESC';
 	
-	
-			$prvnxt = q("SELECT resource_id FROM photo WHERE album = '%s' AND uid = %d AND imgscale = 0 
-				$sql_extra ORDER BY created $order ",
-				dbesc($ph[0]['album']),
+
+			$prvnxt = q("SELECT hash FROM attach WHERE folder = '%s' AND uid = %d AND is_photo = 1
+				$sql_attach ORDER BY created $order ",
+				dbesc($x[0]['folder']),
 				intval($owner_uid)
 			); 
-	
+
 			if(count($prvnxt)) {
 				for($z = 0; $z < count($prvnxt); $z++) {
-					if($prvnxt[$z]['resource_id'] == $ph[0]['resource_id']) {
+					if($prvnxt[$z]['hash'] == $ph[0]['resource_id']) {
 						$prv = $z - 1;
 						$nxt = $z + 1;
 						if($prv < 0)
@@ -889,8 +867,8 @@ class Photos extends \Zotlabs\Web\Controller {
 					}
 				}
 	
-				$prevlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '');
-				$nextlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['resource_id'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '');
+				$prevlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['hash'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '');
+				$nextlink = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['hash'] . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '');
 	 		}
 	
 	
@@ -907,7 +885,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				}
 			}
 	
-			$album_link = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($ph[0]['album']);
+			$album_link = z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $x[0]['folder'];
 	 		$tools = Null;
 	 		$lock = Null;
 	 
@@ -947,7 +925,7 @@ class Photos extends \Zotlabs\Web\Controller {
 			// Do we have an item for this photo?
 	
 			$linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' 
-				$sql_extra LIMIT 1",
+				$sql_item LIMIT 1",
 				dbesc($datum)
 			);
 	
@@ -962,7 +940,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				$item_normal = item_normal();
 	
 				$r = q("select * from item where parent_mid = '%s' 
-					$item_normal and uid = %d $sql_extra ",
+					$item_normal and uid = %d $sql_item ",
 					dbesc($link_item['mid']),
 					intval($link_item['uid'])
 	
@@ -1008,13 +986,6 @@ class Photos extends \Zotlabs\Web\Controller {
 			$edit = null;
 			if($can_post) {

-				$m = q("select folder from attach where hash = '%s' and uid = %d limit 1",
-					dbesc($ph[0]['resource_id']),
-					intval($ph[0]['uid'])
-				);
-				if($m)
-					$album_hash = $m[0]['folder'];
-					
 				$album_e = $ph[0]['album'];
 				$caption_e = $ph[0]['description'];
 				$aclselect_e = (($_is_owner) ? populate_acl($ph[0], true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : '');
@@ -1024,35 +995,35 @@ class Photos extends \Zotlabs\Web\Controller {

 				$folder_list = attach_folder_select_list($ph[0]['uid']);
 	
-				$edit = array(
+				$edit = [
 					'edit' => t('Edit photo'),
 					'id' => $link_item['id'],
-					'rotatecw' => t('Rotate CW (right)'),
-					'rotateccw' => t('Rotate CCW (left)'),
-					'albums' => $albums['albums'],
-					'album' => $album_e,
-					'album_select' => [ 'move_to_album', t('Move photo to album'), $album_hash, '', $folder_list ],
-					'newalbum_label' => t('Enter a new album name'),
+					'rotatecw'             => t('Rotate CW (right)'),
+					'rotateccw'            => t('Rotate CCW (left)'),
+					'albums'               => $albums['albums'],
+					'album'                => $album_e,
+					'album_select'         => [ 'move_to_album', t('Move photo to album'), $x[0]['folder'], '', $folder_list ],
+					'newalbum_label'       => t('Enter a new album name'),
 					'newalbum_placeholder' => t('or select an existing one (doubleclick)'),
-					'nickname' => \App::$data['channel']['channel_address'],
-					'resource_id' => $ph[0]['resource_id'],
-					'capt_label' => t('Caption'),
-					'caption' => $caption_e,
-					'tag_label' => t('Add a Tag'),
-					'permissions' => t('Permissions'),
-					'aclselect' => $aclselect_e,
-					'allow_cid' => acl2json($ph[0]['allow_cid']),
-					'allow_gid' => acl2json($ph[0]['allow_gid']),
-					'deny_cid' => acl2json($ph[0]['deny_cid']),
-					'deny_gid' => acl2json($ph[0]['deny_gid']),
-					'lockstate' => $lockstate[0],
-					'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'),
-					'item_id' => ((count($linked_items)) ? $link_item['id'] : 0),
-					'adult_enabled' => feature_enabled($owner_uid,'adult_photo_flagging'),
-					'adult' => array('adult',t('Flag as adult in album view'), intval($ph[0]['is_nsfw']),''),
-					'submit' => t('Submit'),
-					'delete' => t('Delete Photo')
-				);
+					'nickname'             => \App::$data['channel']['channel_address'],
+					'resource_id'          => $ph[0]['resource_id'],
+					'capt_label'           => t('Caption'),
+					'caption'              => $caption_e,
+					'tag_label'            => t('Add a Tag'),
+					'permissions'          => t('Permissions'),
+					'aclselect'            => $aclselect_e,
+					'allow_cid'            => acl2json($ph[0]['allow_cid']),
+					'allow_gid'            => acl2json($ph[0]['allow_gid']),
+					'deny_cid'             => acl2json($ph[0]['deny_cid']),
+					'deny_gid'             => acl2json($ph[0]['deny_gid']),
+					'lockstate'            => $lockstate[0],
+					'help_tags'            => t('Example: @bob, @Barbara_Jensen, @jim@example.com'),
+					'item_id'              => ((count($linked_items)) ? $link_item['id'] : 0),
+					'adult_enabled'        => feature_enabled($owner_uid,'adult_photo_flagging'),
+					'adult'                => array('adult',t('Flag as adult in album view'), intval($ph[0]['is_nsfw']),''),
+					'submit'               => t('Submit'),
+					'delete'               => t('Delete Photo')
+				];
 			}
 	
 			if(count($linked_items)) {
@@ -1066,13 +1037,13 @@ class Photos extends \Zotlabs\Web\Controller {
 				$likebuttons = '';
 	
 				if($can_post || $can_comment) {
-					$likebuttons = array(
-						'id' => $link_item['id'],
+					$likebuttons = [
+						'id'       => $link_item['id'],
 						'likethis' => t("I like this \x28toggle\x29"),
-						'nolike' => t("I don't like this \x28toggle\x29"),
-						'share' => t('Share'),
-						'wait' => t('Please wait')
-					);
+						'nolike'   => t("I don't like this \x28toggle\x29"),
+						'share'    => t('Share'),
+						'wait'     => t('Please wait')
+					];
 				}
 	
 				$comments = '';
@@ -1277,25 +1248,13 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 		\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n";
 	
-		/*
-		$r = q("SELECT resource_id, max(imgscale) AS imgscale FROM photo WHERE uid = %d 
-			and photo_usage in ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id",
-			intval(\App::$data['channel']['channel_id']),
-			intval(PHOTO_NORMAL),
-			intval(PHOTO_PROFILE),
-			intval($unsafe)
-		);
-		if($r) {
-			\App::set_pager_total(count($r));
-			\App::set_pager_itemspage(60);
-		}
-		*/

 		\App::set_pager_itemspage(60);
 		
-		$r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.album, p.imgscale, p.created FROM photo p 
+		$r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.album, p.imgscale, p.created, p.display_path 
+			FROM photo p 
 			INNER JOIN ( SELECT resource_id, max(imgscale) imgscale FROM photo 
-				WHERE uid = %d AND photo_usage IN ( %d, %d ) 
+				WHERE photo.uid = %d AND photo_usage IN ( %d, %d ) 
 				AND is_nsfw = %d $sql_extra group by resource_id ) ph 
 			ON (p.resource_id = ph.resource_id and p.imgscale = ph.imgscale) 
 			ORDER by p.created DESC LIMIT %d OFFSET %d",
@@ -1313,21 +1272,19 @@ class Photos extends \Zotlabs\Web\Controller {
 		if($r) {
 			$twist = 'rotright';
 			foreach($r as $rr) {
+
+				if(! attach_can_view_folder(\App::$data['channel']['channel_id'],get_observer_hash(),$rr['resource_id']))
+					continue;
+
 				if($twist == 'rotright')
 					$twist = 'rotleft';
 				else
 					$twist = 'rotright';
 				$ext = $phototypes[$rr['mimetype']];
 				
-				if(\App::get_template_engine() === 'internal') {
-					$alt_e = template_escape($rr['filename']);
-					$name_e = template_escape($rr['album']);
-				}
-				else {
-					$alt_e = $rr['filename'];
-					$name_e = $rr['album'];
-				}
-	
+				$alt_e = $rr['filename'];
+				$name_e = dirname($rr['display_path']);
+
 				$photos[] = array(
 					'id'       => $rr['id'],
 					'twist'    => ' ' . $twist . rand(2,4),
@@ -1336,9 +1293,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					'src'     	=> z_root() . '/photo/' . $rr['resource_id'] . '-' . ((($rr['imgscale']) == 6) ? 4 : $rr['imgscale']) . '.' . $ext,
 					'alt'     	=> $alt_e,
 					'album'	=> array(
-						'link'  => z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($rr['album']),
 						'name'  => $name_e,
-						'alt'   => t('View Album'),
 					),
 					
 				);
--- a/Zotlabs/Module/Poke.php
+++ b/Zotlabs/Module/Poke.php
@@ -41,7 +41,10 @@ class Poke extends \Zotlabs\Web\Controller {
 		$activity = ACTIVITY_POKE . '#' . urlencode($verbs[$verb][0]);
 	
 		$contact_id = intval($_REQUEST['cid']);
-		if(! $contact_id)
+
+		$xchan = trim($_REQUEST['xchan']);
+
+		if(! ($contact_id || $xchan))
 			return;
 	
 		$parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0);
@@ -49,13 +52,20 @@ class Poke extends \Zotlabs\Web\Controller {
 		logger('poke: verb ' . $verb . ' contact ' . $contact_id, LOGGER_DEBUG);
 	
 	
-		$r = q("SELECT * FROM abook left join xchan on xchan_hash = abook_xchan where abook_id = %d and abook_channel = %d LIMIT 1",
-			intval($contact_id),
-			intval($uid)
-		);
-	
+		if($contact_id) {
+			$r = q("SELECT * FROM abook left join xchan on xchan_hash = abook_xchan where abook_id = %d and abook_channel = %d LIMIT 1",
+				intval($contact_id),
+				intval($uid)
+			);
+		}
+		if($xchan) {
+			$r = q("SELECT * FROM xchan where xchan_hash like ( '%s' ) LIMIT 1",
+				dbesc($xchan . '%')
+			);
+		}
+			
 		if(! $r) {
-			logger('poke: no target ' . $contact_id);
+			logger('poke: no target.');
 			return;
 		}
 	
@@ -79,7 +89,7 @@ class Poke extends \Zotlabs\Web\Controller {
 				$deny_gid     = $r[0]['deny_gid'];
 			}
 		}
-		else {
+		elseif($contact_id) {
 	
 			$item_private = ((x($_GET,'private')) ? intval($_GET['private']) : 0);
 	
@@ -92,9 +102,11 @@ class Poke extends \Zotlabs\Web\Controller {
 	
 		$arr = array();
 	
+
+
 		$arr['item_wall']     = 1;
 		$arr['owner_xchan']   = (($parent_item) ? $parent_item['owner_xchan'] : $channel['channel_hash']);
-		$arr['parent_mid']    = (($parent_mid) ? $parent_mid : $mid);
+		$arr['parent_mid']    = (($parent_mid) ? $parent_mid : '');
 		$arr['title']         = '';
 		$arr['allow_cid']     = $allow_cid;
 		$arr['allow_gid']     = $allow_gid;
@@ -131,12 +143,14 @@ class Poke extends \Zotlabs\Web\Controller {
 	
 	
 	
-		function get() {
+	function get() {
 	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		nav_set_selected(t('Poke'));
 	
 		$name = '';
 		$id = '';
--- a/Zotlabs/Module/Probe.php
+++ b/Zotlabs/Module/Probe.php
@@ -7,7 +7,9 @@ require_once('include/zot.php');
 class Probe extends \Zotlabs\Web\Controller {

 	function get() {
-	
+
+		nav_set_selected(t('Remote Diagnostics'));
+
 		$o .= '<h3>Probe Diagnostic</h3>';
 	
 		$o .= '<form action="probe" method="get">';
--- a/Zotlabs/Module/Profile.php
+++ b/Zotlabs/Module/Profile.php
@@ -21,6 +21,8 @@ class Profile extends \Zotlabs\Web\Controller {
 			\App::$error = 404;
 			return;
 		}
+
+		nav_set_selected('Profile');
 	
 		$profile = '';
 		$channel = \App::get_channel();
@@ -101,7 +103,7 @@ class Profile extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
+		//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
 	
 		\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
 	
--- a/Zotlabs/Module/Profile_photo.php
+++ b/Zotlabs/Module/Profile_photo.php
@@ -108,11 +108,13 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 					$aid = get_account_id();
 	
 					$p = [ 
-						'aid'         => $aid, 
-						'uid'         => local_channel(), 
-						'resource_id' => $base_image['resource_id'],
-						'filename'    => $base_image['filename'], 
-						'album'       => t('Profile Photos')
+						'aid'          => $aid, 
+						'uid'          => local_channel(), 
+						'resource_id'  => $base_image['resource_id'],
+						'filename'     => $base_image['filename'], 
+						'album'        => t('Profile Photos'),
+						'os_path'      => $base_image['os_path'],
+						'display_path' => $base_image['display_path']
 					];
 	
 					$p['imgscale']    = PHOTO_RES_PROFILE_300;
@@ -188,7 +190,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 						build_sync_packet($channel['channel_id'],array('file' => array($sync)));


-					// Similarly, tell the nav bar to bypass the cache and update the avater image.
+					// Similarly, tell the nav bar to bypass the cache and update the avatar image.
 					$_SESSION['reload_avatar'] = true;
 	
 					info( t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL);
--- a/Zotlabs/Module/Profiles.php
+++ b/Zotlabs/Module/Profiles.php
@@ -9,7 +9,7 @@ class Profiles extends \Zotlabs\Web\Controller {

 	function init() {
 	
-		nav_set_selected('profiles');
+		nav_set_selected('Profiles');
 	
 		if(! local_channel()) {
 			return;
@@ -317,8 +317,10 @@ class Profiles extends \Zotlabs\Web\Controller {
 	
 			$hide_friends = ((intval($_POST['hide_friends'])) ? 1: 0);
 	
+// start fresh and create a new vcard. TODO: preserve the original guid or whatever else needs saving
+//			$orig_vcard = (($orig[0]['profile_vcard']) ? \Sabre\VObject\Reader::read($orig[0]['profile_vcard']) : null); 

-			$orig_vcard = (($orig[0]['profile_vcard']) ? \Sabre\VObject\Reader::read($orig[0]['profile_vcard']) : null); 
+			$orig_vcard = null;

 			$channel = \App::get_channel();

@@ -330,13 +332,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 				'photo'      => $channel['xchan_photo_l'],
 				'adr'        => [],
 				'adr_type'   => [ $default_vcard_cat ],
-				'tel'        => [],
-				'tel_type'   => [ $default_vcard_cat ],
-				'email'      => [],
-				'email_type' => [ $default_vcard_cat ],
-				'impp'       => [],
-				'impp_type'  => [ $default_vcard_cat ],
-				'url'        => [],
+				'url'        => [ $homepage ],
 				'url_type'   => [ $default_vcard_cat ]
 			];

@@ -350,9 +346,12 @@ class Profiles extends \Zotlabs\Web\Controller {
 				6 => $country_name
 			];
 				
-
 			$profile_vcard = update_vcard($defcard,$orig_vcard);

+			$orig_vcard = \Sabre\VObject\Reader::read($profile_vcard);
+
+			$profile_vcard = update_vcard($_REQUEST,$orig_vcard);
+

 			require_once('include/text.php');
 			linkify_tags($a, $likes, local_channel());
@@ -700,6 +699,10 @@ class Profiles extends \Zotlabs\Web\Controller {
 			}
 	
 	//logger('extra_fields: ' . print_r($extra_fields,true));
+
+			$vc = $r[0]['profile_vcard'];
+			$vctmp = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); 
+			$vcard = (($vctmp) ? get_vcard_array($vctmp,$r[0]['id']) : [] );
 	
 			$f = get_config('system','birthday_input_format');
 			if(! $f)
@@ -717,6 +720,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 					. get_form_security_token("profile_drop"),
 	
 				'$fields'       => $fields,
+				'$vcard'        => $vcard,
 				'$guid'         => $r[0]['profile_guid'],
 				'$banner'       => t('Edit Profile Details'),
 				'$submit'       => t('Submit'),
@@ -776,11 +780,28 @@ class Profiles extends \Zotlabs\Web\Controller {
 				'$film'         => array('film', t('Film/Dance/Culture/Entertainment'), $r[0]['film']),
 				'$interest'     => array('interest', t('Hobbies/Interests'), $r[0]['interest']),
 				'$romance'      => array('romance',t('Love/Romance'), $r[0]['romance']),
-				'$work'         => array('work', t('Work/Employment'), $r[0]['employment']),
+				'$employ'         => array('work', t('Work/Employment'), $r[0]['employment']),
 				'$education'    => array('education', t('School/Education'), $r[0]['education']),
 				'$contact'      => array('contact', t('Contact information and social networks'), $r[0]['contact']),
 				'$channels'     => array('channels', t('My other channels'), $r[0]['channels']),
 				'$extra_fields' => $extra_fields,
+				'$comms'          => t('Communications'),
+                '$tel_label'      => t('Phone'),
+                '$email_label'    => t('Email'),
+                '$impp_label'     => t('Instant messenger'),
+                '$url_label'      => t('Website'),
+                '$adr_label'      => t('Address'),
+                '$note_label'     => t('Note'),
+                '$mobile'         => t('Mobile'),
+                '$home'           => t('Home'),
+                '$work'           => t('Work'),
+                '$other'          => t('Other'),
+                '$add_card'       => t('Add Contact'),
+                '$add_field'      => t('Add Field'),
+                '$create'         => t('Create'),
+                '$update'         => t('Update'),
+                '$delete'         => t('Delete'),
+                '$cancel'         => t('Cancel'),
 			));
 	
 			$arr = array('profile' => $r[0], 'entry' => $o);
--- a/Zotlabs/Module/Pubstream.php
+++ b/Zotlabs/Module/Pubstream.php
@@ -16,8 +16,8 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				return login();
 		}
 	
-	
-		if(get_config('system','disable_discover_tab'))
+		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
+		if($disable_discover_tab)
 			return;
 	
 		$item_normal = item_normal();
@@ -57,6 +57,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				'$static'  => $static,
 				'$page'    => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
 				'$search'  => '',
+				'$xchan'   => '',
 				'$order'   => 'comment',
 				'$file'    => '',
 				'$cats'    => '',
@@ -166,7 +167,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 		// fake it
 		$mode = ('network');
 	
-		$o .= conversation($a,$items,$mode,$update,$page_mode);
+		$o .= conversation($items,$mode,$update,$page_mode);
 	
 		if(($items) && (! $update))
 			$o .= alt_pager($a,count($items));
--- a/Zotlabs/Module/Randprof.php
+++ b/Zotlabs/Module/Randprof.php
@@ -8,7 +8,7 @@ class Randprof extends \Zotlabs\Web\Controller {
 	function init() {
 		$x = random_profile();
 		if($x)
-			goaway(chanlink_url($x));
+			goaway(chanlink_hash($x));
 	
 		/** FIXME this doesn't work at the moment as a fallback */
 		goaway(z_root() . '/profile');
--- a/Zotlabs/Module/React.php
+++ b/Zotlabs/Module/React.php
@@ -39,6 +39,10 @@ class React extends \Zotlabs\Web\Controller {
 			$n['author_xchan'] = $channel['channel_hash'];

 			$x = item_store($n); 
+
+			if(local_channel())
+				retain_item($postid);
+
 			if($x['success']) {
 				$nid = $x['item_id'];
 				 \Zotlabs\Daemon\Master::Summon(array('Notifier','like',$nid));
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -151,7 +151,7 @@ class Register extends \Zotlabs\Web\Controller {
 		$new_channel = false;
 		$next_page = 'new_channel';
 	
-		if(get_config('system','auto_channel_create') || get_config('system','server_role') == 'basic') {
+		if(get_config('system','auto_channel_create')) {
 			$new_channel = auto_channel_create($result['account']['account_id']);
 			if($new_channel['success']) {
 				$channel_id = $new_channel['channel']['channel_id'];
@@ -237,14 +237,12 @@ class Register extends \Zotlabs\Web\Controller {
 		$name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'));
 		$nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl'));
 		$nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub));
-		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
+		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Account_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
 		$tos = array('tos', $label_tos, '', '', array(t('no'),t('yes')));

-		$server_role = get_config('system','server_role');	

-
-		$auto_create  = (($server_role == 'basic') || (get_config('system','auto_channel_create')) ? true : false);
-		$default_role = (($server_role == 'basic') ? 'social' : get_config('system','default_permissions_role'));
+		$auto_create  = (get_config('system','auto_channel_create') ? true : false);
+		$default_role = get_config('system','default_permissions_role');
 	
 		require_once('include/bbcode.php');
 	
--- a/Zotlabs/Module/Rpost.php
+++ b/Zotlabs/Module/Rpost.php
@@ -59,6 +59,8 @@ class Rpost extends \Zotlabs\Web\Controller {
 			}
 			return login();
 		}
+
+		nav_set_selected(t('Post'));
 	
 		// If we have saved rpost session variables, but nothing in the current $_REQUEST, recover the saved variables
 	
--- a/Zotlabs/Module/Search.php
+++ b/Zotlabs/Module/Search.php
@@ -15,14 +15,14 @@ class Search extends \Zotlabs\Web\Controller {
 		if((get_config('system','block_public')) || (get_config('system','block_public_search'))) {
 			if ((! local_channel()) && (! remote_channel())) {
 				notice( t('Public access denied.') . EOL);
-			return;
+				return;
 			}
 		}
 	
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
 	
-		nav_set_selected('search');
+		nav_set_selected(t('Search'));
 	
 		require_once("include/bbcode.php");
 		require_once('include/security.php');
@@ -81,11 +81,12 @@ class Search extends \Zotlabs\Web\Controller {
 			return $o;
 	
 		if($tag) {
-			$sql_extra = sprintf(" AND item.id IN (select oid from term where otype = %d and ttype in ( %d , %d) and term = '%s') ",
+			$wildtag = str_replace('*','%',$search);
+			$sql_extra = sprintf(" AND item.id IN (select oid from term where otype = %d and ttype in ( %d , %d) and term like '%s') ",
 				intval(TERM_OBJ_POST),
 				intval(TERM_HASHTAG),
 				intval(TERM_COMMUNITYTAG),
-				dbesc(protect_sprintf($search))
+				dbesc(protect_sprintf($wildtag))
 			);
 		}
 		else {
@@ -130,6 +131,7 @@ class Search extends \Zotlabs\Web\Controller {
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
 				'$search' => (($tag) ? urlencode('#') : '') . $search,
+				'$xchan' => '',
 				'$order' => '',
 				'$file' => '',
 				'$cats' => '',
@@ -143,7 +145,7 @@ class Search extends \Zotlabs\Web\Controller {
 	
 		}
 	
-		$item_normal = item_normal();
+		$item_normal = item_normal_search();
 		$pub_sql = public_permissions_sql($observer_hash);
 	
 		require_once('include/channel.php');
@@ -224,7 +226,7 @@ class Search extends \Zotlabs\Web\Controller {
 		else
 			$o .= '<h2>' . sprintf( t('Search results for: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>';
 	
-		$o .= conversation($a,$items,'search',$update,'client');
+		$o .= conversation($items,'search',$update,'client');
 	
 		$o .= '</div>';
 	
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -53,7 +53,7 @@ class Settings extends \Zotlabs\Web\Controller {
 	
 	function get() {
 	
-		nav_set_selected('settings');
+		nav_set_selected('Settings');
 	
 		if((! local_channel()) || ($_SESSION['delegate'])) {
 			notice( t('Permission denied.') . EOL );
--- a/Zotlabs/Module/Settings/Account.php
+++ b/Zotlabs/Module/Settings/Account.php
@@ -16,7 +16,7 @@ class Account {

 		$account = \App::get_account();
 		if($email != $account['account_email']) {
-			if(! valid_email($email))
+			if(! validate_email($email))
 				$errs[] = t('Not valid email.');
 			$adm = trim(get_config('system','admin_email'));
 			if(($adm) && (strcasecmp($email,$adm) == 0)) {
--- a/Zotlabs/Module/Settings/Channel.php
+++ b/Zotlabs/Module/Settings/Channel.php
@@ -277,8 +277,8 @@ class Channel {
 		if($email_changed && \App::$config['system']['register_policy'] == REGISTER_VERIFY) {
 	
 			// FIXME - set to un-verified, blocked and redirect to logout
-			// Why? Are we verifying people or email addresses?
-	
+			// Q: Why? Are we verifying people or email addresses?
+			// A: the policy is to verify email addresses
 		}
 	
 		goaway(z_root() . '/settings' );
@@ -324,7 +324,7 @@ class Channel {
 		foreach($global_perms as $k => $perm) {
 			$options = array();
 			foreach($perm_opts as $opt) {
-				if((! strstr($k,'view')) && $opt[1] == PERMS_PUBLIC)
+				if(((! strstr($k,'view')) && $k !== 'post_comments') && $opt[1] == PERMS_PUBLIC)
 					continue;
 				$options[$opt[1]] = $opt[0];
 			}
@@ -489,7 +489,6 @@ class Channel {
 	
 			'$h_prv' 	=> t('Security and Privacy Settings'),
 			'$permissions_set' => $permissions_set,
-			'$server_role' => \Zotlabs\Lib\System::get_server_role(),
 			'$perms_set_msg' => t('Your permissions are already configured. Click to view/adjust'),
 	
 			'$hide_presence' => array('hide_presence', t('Hide my online presence'),$hide_presence, t('Prevents displaying in your profile that you are online'), $yes_no),
@@ -575,7 +574,7 @@ class Channel {
 			'$removeme' => t('Remove Channel'),
 			'$removechannel' => t('Remove this channel.'),
 			'$firefoxshare' => t('Firefox Share $Projectname provider'),
-			'$cal_first_day' => array('first_day', t('Start calendar week on monday'), ((get_pconfig(local_channel(),'system','cal_first_day')) ? 1 : ''), '', $yes_no),
+			'$cal_first_day' => array('first_day', t('Start calendar week on Monday'), ((get_pconfig(local_channel(),'system','cal_first_day')) ? 1 : ''), '', $yes_no),
 		));
 	
 		call_hooks('settings_form',$o);
--- a/Zotlabs/Module/Settings/Featured.php
+++ b/Zotlabs/Module/Settings/Featured.php
@@ -10,14 +10,16 @@ class Featured {
 	
 		call_hooks('feature_settings_post', $_POST);
 	
-		if(intval($_POST['affinity_cmax'])) {
-			set_pconfig(local_channel(),'affinity','cmax',intval($_POST['affinity_cmax']));
-		}
-		if(intval($_POST['affinity_cmin'])) {
-			set_pconfig(local_channel(),'affinity','cmin',intval($_POST['affinity_cmin']));			
-		}
-		if(intval($_POST['affinity_cmax']) || intval($_POST['affinity_cmin'])) {
-			info( t('Affinity Slider settings updated.') . EOL);
+		if($_POST['affinity_slider-submit']) {
+			if(intval($_POST['affinity_cmax'])) {
+				set_pconfig(local_channel(),'affinity','cmax',intval($_POST['affinity_cmax']));
+			}
+			if(intval($_POST['affinity_cmin'])) {
+				set_pconfig(local_channel(),'affinity','cmin',intval($_POST['affinity_cmin']));			
+			}
+			if(intval($_POST['affinity_cmax']) || intval($_POST['affinity_cmin'])) {
+				info( t('Affinity Slider settings updated.') . EOL);
+			}
 		}
 		
 		build_sync_packet();
--- a/Zotlabs/Module/Settings/Permcats.php
+++ b/Zotlabs/Module/Settings/Permcats.php
@@ -42,8 +42,6 @@ class Permcats {

 	function get() {

-logger('cmd: ' . \App::$cmd);
-
 		if(! local_channel())
 			return;

@@ -85,7 +83,7 @@ logger('cmd: ' . \App::$cmd);
 			if($existing[$k])
 				$thisperm = "1";

-			$perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
+			$perms[] = array('perms_' . $k, $v, '',$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
 		}


@@ -114,4 +112,4 @@ logger('cmd: ' . \App::$cmd);
 		return $o;
 	}
 	
-}
+}
--- a/Show More
+++ b/Show More