Merge branch '4.6RC'

(cherry picked from commit 295c08fcf3)

CHANGELOG

@@ -1,3 +1,72 @@
+Hubzilla 4.6 (2019-12-04)
+	- Improve opengraph support for channels
+	- Add opengraph support for articles
+	- Update abook_connected for RSS feeds only if handle_feed() returned success
+	- Do not embed PDF files by default but allow to enabled this feature in security options
+	- Check if file exists before we include it in the router
+	- Update jquery to version 3.4.1
+	- Update composer libraries
+	- Remove old and unused javascript libraries
+	- Improved BBcode to Markdown conversion
+	- Introduce inline SVG support via BBcode
+	- Sanitize title on Atom/RSS feed import
+	- Improved HTTP headers cache support for photos
+	- Add date headers to signed headers
+	- Add check if item['tag'] is an array
+	- Add hook comments_are_now_closed for addons to override date based comment closure
+	- Change mysql schema for item.llink and item.plink for new installs from char(191) to text
+	- Improved photo cache expiration
+	- Improved plural function processing on translation strings creation from .po file with util/po2php utlility
+	- Improved support for CDN/Infrastructure caching (especially profile images)
+	- New japanese translation
+	- Add connect button for non-zot networks not connected in current location
+	- Allow to send forum channels wall2wall or sent by mentions post to external sites via addons
+	- Allow addons to process forum posts published through mentions
+	- Improved internal routing for ActivityPub messages
+	- Improved admin documentation
+	- Add ITEM_TYPE_CUSTOM and hooks to permit addons to create and distribute custom item types
+	- Support "comment policy" in Zot6 communications
+	- Add selected text as quote on reply if comment button is used
+	- Add more nofollow tags to links to discourage backlink farmers
+	- Improved conversion of emoji reactions from zot to zot6
+	- Add CardDAV/CalDAV autodiscovery
+	- Label source project of zotfeed since it is not completely compatible across projects
+	- Update homeinstall script
+
+	Bugfixes
+	- Fix once cached embedded content is used and stored forever
+	- Fix wildcard tag issue
+	- Fix duplicate attachment in jot fileupload
+	- Fix regression with audio file upload
+	- Fix can not edit menu name or title (#1402)
+	- Fix pagination encoding issue for some server setups
+	- Fix Zap->Hubzilla event title compatibility
+	- Fix event timezones for Zot6
+	- Fix missing summary in mod article_edit
+	- Fix PHP warning failed to write session data using user defined save handler
+	- Fix possible thumbnails distortion on rebuild with util/thumbrepair utility
+	- Fix issues with image import to zot6
+	- Fix attachment permissions on clonned channels sync
+	- Fix entries without sitekey returned from DB in queue_deliver() and Lib/Queue
+
+	Addons
+	- Twitter: send tweet even if attached image uploading was unsuccessful
+	- Livejournal: add link to original post option
+	- Flashcards: update to version 2.08
+	- Pubcrawl: compatibility changes to support pixelfed
+	- Cart: update paypal button to API v2
+	- Photocache: rework for speed and lower memory consumption
+	- Photocache: etag support for cached photos
+	- Photocache: purge cache on addon uninstall
+	- Openstreetmap: fix regression if no default values set
+	- Livejournal: allow send posts from non channel owner
+	- Pubcrawl: fix event timezones
+	- Pubcrawl: better ActivityPub channel URL detection
+	- Pubcrawl: fix comments delivery for other channels on the same hub
+	- New addon "workflow" with initial basic "issue tracker" capability
+
+
+
 Hubzilla 4.4.1 (2019-08-16)
 	- Fix wrong profile photo displayed when previewing and editing profiles
 	- Fix regression from 4.4 which prevented encrypted signatures from being used for encrypted messages

Zotlabs/Daemon/Cron_daily.php

@@ -44,6 +44,11 @@ class Cron_daily {
 			db_utcnow(), db_quoteinterval('1 YEAR')
 		);
 
+		// Clean up emdedded content cache
+		q("DELETE FROM cache WHERE updated < %s - INTERVAL %s",
+		    db_utcnow(),
+		    db_quoteinterval(get_config('system','active_expire_days', '30') . ' DAY')
+		);
 
 		//update statistics in config
 		require_once('include/statistics_fns.php');

Zotlabs/Daemon/Onepoll.php

@@ -61,11 +61,13 @@ class Onepoll {
 
 		if($contact['xchan_network'] === 'rss') {
 			logger('onepoll: processing feed ' . $contact['xchan_name'], LOGGER_DEBUG);
-			handle_feed($importer['channel_id'],$contact_id,$contact['xchan_hash']);
-			q("update abook set abook_connected = '%s' where abook_id = %d",
-				dbesc(datetime_convert()),
-				intval($contact['abook_id'])
-			);
+			$alive = handle_feed($importer['channel_id'],$contact_id,$contact['xchan_hash']);
+			if ($alive) {
+				q("update abook set abook_connected = '%s' where abook_id = %d",
+					dbesc(datetime_convert()),
+					intval($contact['abook_id'])
+				);
+			}
 			return;
 		}
 	

Zotlabs/Lib/Activity.php

@@ -609,9 +609,15 @@ class Activity {
 		}
 
 		if($i['id'] != $i['parent']) {
-			$ret['inReplyTo'] = ((strpos($i['thr_parent'],'http') === 0) ? $i['thr_parent'] : z_root() . '/item/' . urlencode($i['thr_parent']));
 			$reply = true;
 
+			// inReplyTo needs to be set in the activity for followup actiions (Like, Dislike, Attend, Announce, etc.),
+			// but *not* for comments, where it should only be present in the object
+
+			if (! in_array($ret['type'],[ 'Create','Update' ])) {
+				$ret['inReplyTo'] = ((strpos($i['thr_parent'],'http') === 0) ? $i['thr_parent'] : z_root() . '/item/' . urlencode($i['thr_parent']));
+			}
+
 			if($i['item_private']) {
 				$d = q("select xchan_url, xchan_addr, xchan_name from item left join xchan on xchan_hash = author_xchan where id = %d limit 1",
 					intval($i['parent'])

Zotlabs/Lib/Cache.php

@@ -11,8 +11,10 @@ class Cache {
 
 		$hash = hash('whirlpool',$key);
 
-		$r = q("SELECT v FROM cache WHERE k = '%s' limit 1",
-			dbesc($hash)
+		$r = q("SELECT v FROM cache WHERE k = '%s' AND updated > %s - INTERVAL %s LIMIT 1",
+			dbesc($hash),
+			db_utcnow(),
+			db_quoteinterval(get_config('system','object_cache_days', '30') . ' DAY')
 		);
 			
 		if ($r)
@@ -40,12 +42,5 @@ class Cache {
 				dbesc(datetime_convert()));
 		}
 	}
-
-		
-	public static function clear() {
-		q("DELETE FROM cache WHERE updated < '%s'",
-			dbesc(datetime_convert('UTC','UTC',"now - 30 days")));			
-	}
-		
 }
 	 

Zotlabs/Lib/ThreadItem.php

@@ -778,8 +778,6 @@ class ThreadItem {
 		call_hooks('comment_buttons',$arr);
 		$comment_buttons = $arr['comment_buttons'];
 		
-		$feature_auto_save_draft = ((feature_enabled($conv->get_profile_owner(), 'auto_save_draft')) ? "true" : "false");
-
 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
 			'$threaded' => $this->is_threaded(),
@@ -814,8 +812,7 @@ class ThreadItem {
 			'$anoncomments' => ((($conv->get_mode() === 'channel' || $conv->get_mode() === 'display') && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
 			'$anonname' => [ 'anonname', t('Your full name (required)') ],
 			'$anonmail' => [ 'anonmail', t('Your email address (required)') ],
-			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ],
-			'$auto_save_draft' => $feature_auto_save_draft
+			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ]
 		));
 
 		return $comment_box;

Zotlabs/Module/Admin/Security.php

@@ -43,6 +43,12 @@ class Security {
 	
 		$be = $this->trim_array_elems(explode("\n",$_POST['embed_deny']));
 		set_config('system','embed_deny',$be);
+
+		$thumbnail_security = ((x($_POST,'thumbnail_security')) ? intval($_POST['thumbnail_security']) : 0);
+		set_config('system', 'thumbnail_security' , $thumbnail_security);
+
+		$inline_pdf = ((x($_POST,'inline_pdf')) ? intval($_POST['inline_pdf']) : 0);
+		set_config('system', 'inline_pdf' , $inline_pdf);
 	
 		$ts = ((x($_POST,'transport_security')) ? True : False);
 		set_config('system','transport_security_header',$ts);
@@ -86,7 +92,7 @@ class Security {
 		$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:"); 
 		$embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />");
 		$embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked.");
-	
+
 		$t = get_markup_template('admin_security.tpl');
 		return replace_macros($t, array(
 			'$title' => t('Administration'),
@@ -106,7 +112,9 @@ class Security {
 			'$embed_sslonly' => array('embed_sslonly',t('Only allow embeds from secure (SSL) websites and links.'), intval(get_config('system','embed_sslonly')),''),
 			'$embed_allow' => array('embed_allow', t('Allow unfiltered embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. By default embedded content is filtered.')),
 			'$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''),
-	
+			'$thumbnail_security'   => [ 'thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.") ],
+			'$inline_pdf'   => [ 'inline_pdf', t("Allow embedded (inline) PDF files"), get_config('system','inline_pdf',0), '' ],
+
 //	        '$embed_coop'     => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
 
 			'$submit' => t('Submit')
@@ -128,4 +136,4 @@ class Security {
 	}
 	
 	
-}
+}

Zotlabs/Module/Admin/Site.php

@@ -73,7 +73,6 @@ class Site {
 		$feed_contacts     = ((x($_POST,'feed_contacts'))    ? intval($_POST['feed_contacts'])    : 0);
 		$verify_email      = ((x($_POST,'verify_email'))     ? 1 : 0);
 		$imagick_path      = ((x($_POST,'imagick_path'))     ? trim($_POST['imagick_path'])   : '');
-		$thumbnail_security  = ((x($_POST,'thumbnail_security'))     ? intval($_POST['thumbnail_security'])   : 0);
 		$force_queue       = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue'])   : 3000);
 		$pub_incl = escape_tags(trim($_POST['pub_incl']));
 		$pub_excl = escape_tags(trim($_POST['pub_excl']));
@@ -100,7 +99,6 @@ class Site {
 		set_config('system', 'from_email', $from_email);
 		set_config('system', 'from_email_name' , $from_email_name);
 		set_config('system', 'imagick_convert_path' , $imagick_path);
-		set_config('system', 'thumbnail_security' , $thumbnail_security);
 		set_config('system', 'default_permissions_role', $permissions_role);
 		set_config('system', 'pubstream_incl',$pub_incl);
 		set_config('system', 'pubstream_excl',$pub_excl);
@@ -341,7 +339,6 @@ class Site {
 			'$force_queue'			=> array('force_queue', t("Queue Threshold"), get_config('system','force_queue_threshold',3000), t("Always defer immediate delivery if queue contains more than this number of entries.")),
 			'$poll_interval'			=> array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")),
 			'$imagick_path'			=> array('imagick_path', t("Path to ImageMagick convert program"), get_config('system','imagick_convert_path'), t("If set, use this program to generate photo thumbnails for huge images ( > 4000 pixels in either dimension), otherwise memory exhaustion may occur. Example: /usr/bin/convert")),
-			'$thumbnail_security'			=> array('thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.")),
 			'$maxloadavg'			=> array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")),
 			'$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')),
 			'$active_expire_days' => array('active_expire_days', t('Do not expire any posts which have comments less than this many days ago'), intval(get_config('system','active_expire_days',7)), ''),

Zotlabs/Module/Articles.php

@@ -211,7 +211,7 @@ class Articles extends Controller {
 		}
 
 		// Add Opengraph markup
-		opengraph_add_meta(((! empty($items)) ? $r[0] : array()), App::$profile);
+		opengraph_add_meta((! empty($items) ? $r[0] : []), $channel);
 
 		$mode = 'articles';
 			

Zotlabs/Module/Channel.php

@@ -110,8 +110,20 @@ class Channel extends Controller {
 
 		// Run profile_load() here to make sure the theme is set before
 		// we start loading content
-
 		profile_load($which,$profile);
+		
+		// Add Opengraph markup
+		$mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : '');
+		if(strpos($mid,'b64.') === 0)
+		    $mid = @base64url_decode(substr($mid,4));
+		    
+		if($mid)
+		    $r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d AND item_private = 0 LIMIT 1",
+		        dbesc($mid),
+		        intval($channel['channel_id'])
+		    );
+		    
+		opengraph_add_meta($r ? $r[0] : [], $channel);
 	}
 
 	function get($update = 0, $load = false) {
@@ -375,9 +387,6 @@ class Channel extends Controller {
 			$items = array();
 		}
 
-		// Add Opengraph markup
-		opengraph_add_meta((isset($decoded) && (! empty($items)) ? $r[0] : array()), App::$profile);
-
 		if((! $update) && (! $load)) {
 
 			if($decoded)

Zotlabs/Module/Photos.php

@@ -1080,7 +1080,6 @@ class Photos extends \Zotlabs\Web\Controller {
 				$comments = '';
 				if(! $r) {
 					if($observer && ($can_post || $can_comment)) {
-						$feature_auto_save_draft = ((feature_enabled($owner_uid, 'auto_save_draft')) ? "true" : "false");
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '', 
 							'$mode' => 'photos',
@@ -1096,8 +1095,7 @@ class Photos extends \Zotlabs\Web\Controller {
 							'$submit' => t('Submit'),
 							'$preview' => t('Preview'),
 							'$ww' => '',
-							'$feature_encrypt' => false,
-							'$auto_save_draft' => $feature_auto_save_draft
+							'$feature_encrypt' => false
 						));
 					}
 				}

Zotlabs/Web/Router.php

@@ -56,7 +56,7 @@ class Router {
 			$routes = Route::get();
 			if($routes) {
 				foreach($routes as $route) {
-					if(is_array($route) && strtolower($route[1]) === $module) {
+					if(is_array($route) && file_exists($route[0]) && strtolower($route[1]) === $module) {
 						include_once($route[0]);
 						if(class_exists($modname)) {
 							$this->controller = new $modname;

boot.php

@@ -50,7 +50,7 @@ require_once('include/attach.php');
 require_once('include/bbcode.php');
 
 define ( 'PLATFORM_NAME',           'hubzilla' );
-define ( 'STD_VERSION',             '4.6RC' );
+define ( 'STD_VERSION',             '4.6' );
 define ( 'ZOT_REVISION',            '6.0a' );
 
 define ( 'DB_UPDATE_VERSION',       1234 );
@@ -1205,7 +1205,8 @@ class App {
 				'$linkrel'         => head_get_links(),
 				'$js_strings'      => js_strings(),
 				'$zid'             => get_my_address(),
-				'$channel_id'      => self::$profile['uid']
+				'$channel_id'      => self::$profile['uid'],
+				'$auto_save_draft' => ((feature_enabled(self::$profile['uid'], 'auto_save_draft')) ? "true" : "false")
 			]
 		) . self::$page['htmlhead'];
 

doc/hidden_configs.bb

@@ -73,6 +73,7 @@ Options are:
   [*= system.max_tagged_forums ] Spam prevention. Limits the number of tagged forums which are recognised in any post. Default is 2. Only the first 'n' tags will be delivered as forums, the others will not cause any delivery. 
   [*= system.minimum_feedcheck_minutes ] The minimum interval between polling RSS feeds.  If this is lower than the cron interval, feeds will be polled with each cronjob. Defaults to 60 if not set. The site setting can also be over-ridden on a channel by channel basis by a service class setting aptly named 'minimum_feedcheck_minutes'.
   [*= system.no_age_restriction ] Do not restrict registration to people over the age of 13. This carries legal responsibilities in  many countries to require that age be provided and to block all personal information from minors,  so please check your local laws before changing.  
+  [*= system.object_cache_days] Set how long is cached embedded content can be used without refetching. Default is 30 days. 
   [*= system.openssl_conf_file ] Specify a file containing OpenSSL configuration. Needed in some Windows installations to  locate the openssl configuration file on the system.  Read the code first. If you can't read the code, don't play with it.
   [*= system.openssl_encrypt ] Use openssl encryption engine, default is false (uses mcrypt for AES encryption)
   [*= system.optimize_items ] Runs optimise_table during some tasks to keep your database nice and  defragmented.  This comes at a performance cost while the operations are running, but also keeps things a bit faster while it's not.   There also exist CLI utilities for performing this operation, which you may prefer, especially if you're a large site.

include/feedutils.php

@@ -1760,7 +1760,11 @@ function handle_feed($uid, $abook_id, $url) {
 	if($z['success']) {
 		consume_feed($z['body'], $channel, $x[0], 1);
 		consume_feed($z['body'], $channel, $x[0], 2);
+		return true;
 	}
+
+	return false;
+
 }
 
 

include/oembed.php

@@ -146,7 +146,7 @@ function oembed_fetch_url($embedurl){
 		$txt = Cache::get('[' . App::$videowidth . '] ' . $furl);
 	}
 
-	if(strpos(strtolower($embedurl),'.pdf') !== false) {
+	if(strpos(strtolower($embedurl),'.pdf') !== false && get_config('system','inline_pdf')) {
 		$action = 'allow';
 		$j = [
 			'html' => '<object data="' . $embedurl . '" type="application/pdf" style="width: 100%; height: 300px;"></object>',

include/opengraph.php

@@ -3,73 +3,70 @@
  * @file include/opengraph.php
  * @brief Add Opengraph metadata and related functions.
  */
- 
- 
+
+
  /**
  * @brief Adds Opengraph meta tags into HTML head
  *
  * @param array $item
- * @param array $profile
+ * @param array $channel
  *
  */
- 
- function opengraph_add_meta($item, $profile) {
 
-	if(! empty($item)) {
+ function opengraph_add_meta($item, $channel) {
 
-		if(! empty($item['title']))
-			$ogtitle = $item['title'];
+        if(! empty($item)) {
 
-		// find first image if exist
-		if(preg_match("/\[[zi]mg(=[0-9]+x[0-9]+)?\]([^\[]+)/is", $item['body'], $matches)) {
-			$ogimage = $matches[2];
-			$ogimagetype = guess_image_type($ogimage);	
-		}
+                if(! empty($item['title']))
+                        $ogtitle = $item['title'];
 
-		// use summary as description if exist
-		$ogdesc = (empty($item['summary']) ? $item['body'] : $item['summary'] );
-		
-		$ogdesc = str_replace("#^[", "[", $ogdesc);
-	
-		$ogdesc = bbcode($ogdesc, [ 'tryoembed' => false ]);
-		$ogdesc = trim(html2plain($ogdesc, 0, true));
-		$ogdesc = html_entity_decode($ogdesc, ENT_QUOTES, 'UTF-8');
-		
-		// remove all URLs
-		$ogdesc = preg_replace("/https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@]+/", "", $ogdesc);
-		
-		// shorten description
-		$ogdesc = substr($ogdesc, 0, 300);
-		$ogdesc = str_replace("\n", " ", $ogdesc);
-		while (strpos($ogdesc, "  ") !== false)
-			$ogdesc = str_replace("  ", " ", $ogdesc);
-		$ogdesc = (strlen($ogdesc) < 298 ? $ogdesc : rtrim(substr($ogdesc, 0, strrpos($ogdesc, " ")), "?.,:;!-") . "...");
-		
-		$ogtype = "article";
-	}
+                // find first image if exist
+                if(preg_match("/\[[zi]mg(=[0-9]+x[0-9]+)?\]([^\[]+)/is", $item['body'], $matches)) {
+                        $ogimage = $matches[2];
+                        $ogimagetype = guess_image_type($ogimage);
+                }
 
-	$channel = channelx_by_n($profile['profile_uid']);
+                // use summary as description if exist
+                $ogdesc = (empty($item['summary']) ? $item['body'] : $item['summary'] );
 
-	if(! isset($ogdesc)) {
-		if($profile['about'] && perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_profile')) {
-			$ogdesc = $profile['about'];
-		}
-		else {
-			$ogdesc = sprintf( t('This is the home page of %s.'), $channel['channel_name']);
-		}
-	}
-	
-	if(! isset($ogimage)) {
-		$ogimage = $channel['xchan_photo_l'];
-		$ogimagetype = $channel['xchan_photo_mimetype'];
-	}
+                $ogdesc = str_replace("#^[", "[", $ogdesc);
 
-	App::$page['htmlhead'] .= '<meta property="og:title" content="' . htmlspecialchars((isset($ogtitle) ? $ogtitle : $channel['channel_name'])) . '">' . "\r\n";
-	App::$page['htmlhead'] .= '<meta property="og:image" content="' . $ogimage . '">' . "\r\n";
-	App::$page['htmlhead'] .= '<meta property="og:image:type" content="' . $ogimagetype . '">' . "\r\n";
-	App::$page['htmlhead'] .= '<meta property="og:description" content="' . htmlspecialchars($ogdesc) . '">' . 	"\r\n";
-	App::$page['htmlhead'] .= '<meta property="og:type" content="' . (isset($ogtype) ? $ogtype : "profile") . '">' . "\r\n";
+                $ogdesc = bbcode($ogdesc, [ 'tryoembed' => false ]);
+                $ogdesc = trim(html2plain($ogdesc, 0, true));
+                $ogdesc = html_entity_decode($ogdesc, ENT_QUOTES, 'UTF-8');
 
-	return true;
+                // remove all URLs
+                $ogdesc = preg_replace("/https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@]+/", "", $ogdesc);
+
+                // shorten description
+                $ogdesc = substr($ogdesc, 0, 300);
+                $ogdesc = str_replace("\n", " ", $ogdesc);
+                while (strpos($ogdesc, "  ") !== false)
+                        $ogdesc = str_replace("  ", " ", $ogdesc);
+                $ogdesc = (strlen($ogdesc) < 298 ? $ogdesc : rtrim(substr($ogdesc, 0, strrpos($ogdesc, " ")), "?.,:;!-") . "...");
+
+                $ogtype = "article";
+        }
+
+        if(! isset($ogdesc)) {
+                if(App::$profile['about'] && perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_profile')) {
+                        $ogdesc = App::$profile['about'];
+                }
+                else {
+                        $ogdesc = sprintf( t('This is the home page of %s.'), $channel['channel_name']);
+                }
+        }
+
+        if(! isset($ogimage)) {
+                $ogimage = $channel['xchan_photo_l'];
+                $ogimagetype = $channel['xchan_photo_mimetype'];
+        }
+
+        App::$page['htmlhead'] .= '<meta property="og:title" content="' . htmlspecialchars((isset($ogtitle) ? $ogtitle : $channel['channel_name'])) . '">' . "\r\n";
+        App::$page['htmlhead'] .= '<meta property="og:image" content="' . $ogimage . '">' . "\r\n";
+        App::$page['htmlhead'] .= '<meta property="og:image:type" content="' . $ogimagetype . '">' . "\r\n";
+        App::$page['htmlhead'] .= '<meta property="og:description" content="' . htmlspecialchars($ogdesc) . '">' .      "\r\n";
+        App::$page['htmlhead'] .= '<meta property="og:type" content="' . (isset($ogtype) ? $ogtype : "profile") . '">' . "\r\n";
+
+        return true;
  }
- 

include/text.php

@@ -2789,6 +2789,9 @@ function handle_tag(&$body, &$str_tags, $profile_uid, $tag, $in_network = true)
 			// select someone by attag or nick and the name passed in
 
 			if(! $r) {
+				// strip user-supplied wildcards before running a wildcard search
+				$newname = str_replace('%','',$newname);
+
 				$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash
 					WHERE xchan_addr like ('%s') AND abook_channel = %d ",
 						dbesc(((strpos($newname,'@')) ? $newname : $newname . '@%')),

view/ru/hstrings.php

@@ -208,6 +208,7 @@ App::$strings["[no subject]"] = "[без темы]";
 App::$strings["Stored post could not be verified."] = "Сохранённая публикация не может быть проверена.";
 App::$strings["%1\$s wrote the following %2\$s %3\$s"] = "%1\$s была создана %2\$s %3\$s";
 App::$strings["post"] = "публикация";
+App::$strings["spoiler"] = "спойлер";
 App::$strings["Permission denied"] = "Доступ запрещен";
 App::$strings["(Unknown)"] = "(Неизвестный)";
 App::$strings["Visible to anybody on the internet."] = "Виден всем в интернете.";
@@ -320,6 +321,11 @@ App::$strings["next"] = "следующий";
 App::$strings["older"] = "старше";
 App::$strings["newer"] = "новее";
 App::$strings["No connections"] = "Нет контактов";
+App::$strings["Accepts"] = "Принимает";
+App::$strings["Comments"] = "комментарии";
+App::$strings["Stream items"] = "публикации в потоке";
+App::$strings["Wall posts"] = "публикации на стене";
+App::$strings["Nothing"] = "ничего";
 App::$strings["View all %s connections"] = "Просмотреть все %s контактов";
 App::$strings["Network: %s"] = "Сеть: %s";
 App::$strings["Search"] = "Поиск";
@@ -477,7 +483,6 @@ App::$strings["menu"] = "меню";
 App::$strings["card"] = "карточка";
 App::$strings["article"] = "статья";
 App::$strings["Click to open/close"] = "Нажмите, чтобы открыть/закрыть";
-App::$strings["spoiler"] = "спойлер";
 App::$strings["View article"] = "Просмотр статьи";
 App::$strings["View summary"] = "Просмотр резюме";
 App::$strings["Different viewers will see this text differently"] = "Различные зрители увидят этот текст по-разному";
@@ -1927,6 +1932,9 @@ App::$strings["Only allow embeds from secure (SSL) websites and links."] = "Ра
 App::$strings["Allow unfiltered embedded HTML content only from these domains"] = "Разрешить  встраивать нефильтруемое HTML-содержимое только для этих доменов";
 App::$strings["One site per line. By default embedded content is filtered."] = "Один сайт на строку. По умолчанию встраиваемое содержимое фильтруется.";
 App::$strings["Block embedded HTML from these domains"] = "Блокировать встраивание HTML-содержимого для этих доменов";
+App::$strings["Allow SVG thumbnails in file browser"] = "Разрешить SVG миниатюры в просмотрщике файлов";
+App::$strings["WARNING: SVG images may contain malicious code."] = "Внимание: изображения SVG могут содержать вредоносный код.";
+App::$strings["Allow embedded (inline) PDF files"] = "Разрешить встраивание для файлов PDF";
 App::$strings["Plugin %s disabled."] = "Плагин %s отключен.";
 App::$strings["Plugin %s enabled."] = "Плагин %s включен.";
 App::$strings["Disable"] = "Запретить";
@@ -2033,8 +2041,6 @@ App::$strings["Poll interval"] = "Интервал опроса";
 App::$strings["Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval."] = "Задержка фоновых процессов опроса на указанное количество секунд для снижения нагрузки на систему. Если 0 - использовать интервал доставки.";
 App::$strings["Path to ImageMagick convert program"] = "Путь к ImageMagick";
 App::$strings["If set, use this program to generate photo thumbnails for huge images ( > 4000 pixels in either dimension), otherwise memory exhaustion may occur. Example: /usr/bin/convert"] = "При установке эта программа генерирует миниатюры изображений для больших файлов (свыше 4000 в любом измерении) для предотвращения утечки памяти. Пример: /usr/bin/convert";
-App::$strings["Allow SVG thumbnails in file browser"] = "Разрешить SVG миниатюры в просмотрщике файлов";
-App::$strings["WARNING: SVG images may contain malicious code."] = "Внимание: изображения SVG могут содержать вредоносный код.";
 App::$strings["Maximum Load Average"] = "Максимальная средняя нагрузка";
 App::$strings["Maximum system load before delivery and poll processes are deferred - default 50."] = "Максимальная нагрузка системы для откладывания процессов опроса и доставки - по умолчанию 50.";
 App::$strings["Expiration period in days for imported (grid/network) content"] = "Срок хранения в днях для импортированного содержимого (из матрицы / сети).";
@@ -2911,6 +2917,7 @@ App::$strings["No Order Found"] = "Нет найденных заказов";
 App::$strings["An unknown error has occurred Please start again."] = "Произошла неизвестная ошибка. Пожалуйста, начните снова.";
 App::$strings["Invalid Payment Type.  Please start again."] = "Недействительный тип платежа. Пожалуйста, начните снова.";
 App::$strings["Order not found"] = "Заказ не найден";
+App::$strings["Price"] = "Цена";
 App::$strings["Enable Test Catalog"] = "Включить тестовый каталог";
 App::$strings["Enable Manual Payments"] = "Включить ручные платежи";
 App::$strings["Base Merchant Currency"] = "Основная торговая валюта";
@@ -2922,7 +2929,7 @@ App::$strings["New Sku"] = "Новый код";
 App::$strings["Cannot save edits to locked item."] = "Невозможно сохранить изменения заблокированной позиции.";
 App::$strings["Changes Locked"] = "Изменения заблокированы";
 App::$strings["Item available for purchase."] = "Позиция доступна для приобретения.";
-App::$strings["Price"] = "Цена";
+App::$strings["Photo URL"] = "URL изображения";
 App::$strings["Enable Subscription Management Module"] = "Включить модуль управления подписками";
 App::$strings["Cannot include subscription items with different terms in the same order."] = "Нельзя включать элементы подписки с разными условиями в том же заказе.";
 App::$strings["Select Subscription to Edit"] = "Выбрать подписку для редактирования";
@@ -2934,7 +2941,7 @@ App::$strings["Maximum active subscriptions to this item per account."] = "Ма
 App::$strings["Subscription price."] = "Цена подписки.";
 App::$strings["Quantity"] = "Количество";
 App::$strings["Term"] = "Условия";
-App::$strings["Enable Paypal Button Module"] = "Включить модуль кнопки Paypal";
+App::$strings["Enable Paypal Button Module (API-v2)"] = "Включить модуль кнопки Paypal (API-v2)";
 App::$strings["Use Production Key"] = "Использовать ключ Production";
 App::$strings["Paypal Sandbox Client Key"] = "Ключ клиента Paypal Sandbox";
 App::$strings["Paypal Sandbox Secret Key"] = "Секретный ключ Paypal Sandbox";
@@ -2942,6 +2949,7 @@ App::$strings["Paypal Production Client Key"] = "Ключ клиента Paypal
 App::$strings["Paypal Production Secret Key"] = "Секретный ключ Paypal Production";
 App::$strings["Paypal button payments are not enabled."] = "Кнопка Paypal для платежей не включена.";
 App::$strings["Paypal button payments are not properly configured.  Please choose another payment option."] = "Кнопка Paypal для платежей настроена неправильно. Пожалуйста, используйте другой вариант оплаты.";
+App::$strings["Enable Paypal Button Module"] = "Включить модуль кнопки Paypal";
 App::$strings["Enable Hubzilla Services Module"] = "Включить модуль сервиса Hubzilla";
 App::$strings["SKU not found."] = "Код не найден.";
 App::$strings["Invalid Activation Directive."] = "Недействительная директива активации.";
@@ -2976,6 +2984,7 @@ App::$strings["Livejournal username"] = "Имя пользователя Livejou
 App::$strings["Livejournal password"] = "Пароль Livejournal";
 App::$strings["Post to Livejournal by default"] = "Публиковать в Livejournal по умолчанию";
 App::$strings["Send wall-to-wall posts to Livejournal"] = "Отправлять публикации на стене в Livejournal";
+App::$strings["Add link to original post"] = "Добавить ссылку на оригинальную заметку";
 App::$strings["Livejournal Crosspost Connector"] = "Публикация в Livejournal";
 App::$strings["Random Planet App"] = "Приложение \"Случайная планета\"";
 App::$strings["Installed"] = "Установлено";
@@ -3477,6 +3486,7 @@ App::$strings["Workflow Settings"] = "Настройки \"Рабочего пр
 App::$strings["Workflow user."] = "Пользователь \"Рабочего процесса\".";
 App::$strings["This channel"] = "Этот канал";
 App::$strings["Workflow"] = "Рабочий процесс";
+App::$strings["No Workflows Available"] = "Нет доступных рабочих процессов";
 App::$strings["Add item to which workflow"] = "Подключить рабочий процесс к элементу";
 App::$strings["Create Workflow Item"] = "Создать элемент рабочего процесса";
 App::$strings["Link"] = "Ссылка";

view/tpl/admin_security.tpl

@@ -13,6 +13,9 @@
 	{{include file="field_checkbox.tpl" field=$content_security}}
 	{{include file="field_checkbox.tpl" field=$embed_sslonly}}
 
+	{{include file="field_checkbox.tpl" field=$thumbnail_security}}
+	{{include file="field_checkbox.tpl" field=$inline_pdf}}
+
 	{{include file="field_textarea.tpl" field=$allowed_email}}
 	{{include file="field_textarea.tpl" field=$not_allowed_email}}	
 

view/tpl/admin_site.tpl

@@ -96,7 +96,6 @@
 	
 	<h3>{{$advanced}}</h3>
 	{{include file="field_input.tpl" field=$imagick_path}}
-	{{include file="field_checkbox.tpl" field=$thumbnail_security}}
 	{{include file="field_input.tpl" field=$proxy}}
 	{{include file="field_input.tpl" field=$proxyuser}}
 	{{include file="field_input.tpl" field=$timeout}}

view/tpl/comment_item.tpl

@@ -1,6 +1,3 @@
-		<script>
-			var auto_save_draft = {{$auto_save_draft}};
-		</script>
 		{{if $threaded}}
 		<div class="comment-wwedit-wrapper threaded" id="comment-edit-wrapper-{{$id}}" style="display: block;">
 		{{else}}

view/tpl/head.tpl

@@ -15,6 +15,7 @@
 	{{if $channel_hash}}var channelHash = '{{$channel_hash}}';{{/if}}
 	{{if $channel_id}}var channelId = '{{$channel_id}}';{{/if}}{{* Used in e.g. autocomplete *}}
 	var preloadImages = {{$preload_images}};
+	var auto_save_draft = {{$auto_save_draft}};
 </script>