version 5.0.8

(cherry picked from commit 817e72846e)

CHANGELOG

@@ -1,3 +1,16 @@
+Hubzilla 5.0.8 (2020-12-30)
+	- Fix single quotes not escaped in the notifications title (issue 1503)
+	- Return zot6 xchans for random_profile()
+	- Return zot6 entries in dirsearch
+	- Fix comment sync issue
+	- Fix duplicate entries in contact autocomplete
+	- Fix issue where direct message notifications where not displayed for wall items
+	- Do not revalidate cached photos
+	- Implement imagemagic resource consumption limiting
+	- Specify key in mod owa
+	- Fix issue where array was passed to get_key()
+
+
 Hubzilla 5.0.7 (2020-12-21)
 	- Fix CardDAV addressbook ID
 	- Use Zot6 for CardDAV and CalDAV sync between clones

Zotlabs/Lib/Enotify.php

@@ -64,7 +64,7 @@ class Enotify {
 		$sitename   = get_config('system','sitename');
 		$site_admin = sprintf( t('%s Administrator'), $sitename);
 		$opt_out1   = sprintf( t('This email was sent by %1$s at %2$s.'), t('$Projectname'), \App::get_hostname());
-		$opt_out2   = sprintf( t('To stop receiving these messages, please adjust your Notification Settings at %s'), z_root() . '/settings');		
+		$opt_out2   = sprintf( t('To stop receiving these messages, please adjust your Notification Settings at %s'), z_root() . '/settings');
 		$hopt_out2  = sprintf( t('To stop receiving these messages, please adjust your %s.'), '<a href="' . z_root() . '/settings' . '">' . t('Notification Settings')  . '</a>');
 		$sender_name = $product;
 		$hostname = \App::get_hostname();
@@ -80,7 +80,7 @@ class Enotify {
 		$sender_email = get_config('system','from_email');
 		if(! $sender_email)
 			$sender_email = 'Administrator' . '@' . $hostname;
-	
+
 		$sender_name = get_config('system','from_email_name');
 		if(! $sender_name)
 			$sender_name = \Zotlabs\Lib\System::get_site_name();
@@ -108,7 +108,7 @@ class Enotify {
 				logger('notification invoked for an old item which may have been refetched.',LOGGER_DEBUG,LOG_INFO);
 				return;
 			}
-		} 
+		}
 		else {
 			$title = $body = '';
 		}
@@ -181,7 +181,7 @@ class Enotify {
 			pop_lang();
 			return;
 		}
-	
+
 
 		// if it's a post figure out who's post it is.
 
@@ -219,7 +219,7 @@ class Enotify {
 				$itemlink,
 				$p[0]['author']['xchan_name'],
 				$item_post_type);
-		
+
 		// "your post"
 		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
 			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
@@ -230,15 +230,15 @@ class Enotify {
 
 		// Some mail softwares relies on subject field for threading.
 		// So, we cannot have different subjects for notifications of the same thread.
-		// Before this we have the name of the replier on the subject rendering 
+		// Before this we have the name of the replier on the subject rendering
 		// differents subjects for messages on the same thread.
 
 		if($moderated)
 			$subject = sprintf( t('[$Projectname:Notify] Moderated Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		else
 			$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s commented on an item/conversation you have been following.'), $sender['xchan_name']); 
-		$epreamble = $dest_str; 
+		$preamble = sprintf( t('%1$s commented on an item/conversation you have been following.'), $sender['xchan_name']);
+		$epreamble = $dest_str;
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -247,7 +247,7 @@ class Enotify {
 			$tsitelink .= "\n\n" . sprintf( t('Please visit %s to approve or reject this comment.'), z_root() . '/moderate' );
 			$hsitelink .= "<br><br>" . sprintf( t('Please visit %s to approve or reject this comment.'), '<a href="' . z_root() . '/moderate">' . z_root() . '/moderate</a>' );
 		}
-		
+
 	}
 
 	if ($params['type'] == NOTIFY_LIKE) {
@@ -278,7 +278,7 @@ class Enotify {
 			pop_lang();
 			return;
 		}
-	
+
 
 		// if it's a post figure out who's post it is.
 
@@ -314,12 +314,12 @@ class Enotify {
 
 		// Some mail softwares relies on subject field for threading.
 		// So, we cannot have different subjects for notifications of the same thread.
-		// Before this we have the name of the replier on the subject rendering 
+		// Before this we have the name of the replier on the subject rendering
 		// differents subjects for messages on the same thread.
 
 		$subject = sprintf( t('[$Projectname:Notify] Like received to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s liked an item/conversation you created.'), $sender['xchan_name']); 
-		$epreamble = $dest_str; 
+		$preamble = sprintf( t('%1$s liked an item/conversation you created.'), $sender['xchan_name']);
+		$epreamble = $dest_str;
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -335,7 +335,7 @@ class Enotify {
 
 		$epreamble = sprintf( t('%1$s posted to [zrl=%2$s]your wall[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
-			$params['link']); 
+			$params['link']);
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -355,12 +355,12 @@ class Enotify {
 			pop_lang();
 			return;
 		}
-	
+
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged you') , $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
-			$params['link']); 
+			$params['link']);
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -373,7 +373,7 @@ class Enotify {
 		$preamble = sprintf( t('%1$s poked you at %2$s') , $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
-			$params['link']); 
+			$params['link']);
 
 		$subject = str_replace('poked', t($params['activity']), $subject);
 		$preamble = str_replace('poked', t($params['activity']), $preamble);
@@ -390,7 +390,7 @@ class Enotify {
 		$preamble = sprintf( t('%1$s tagged your post at %2$s'),$sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
-			$itemlink); 
+			$itemlink);
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -400,10 +400,10 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_INTRO) {
 		$subject = sprintf( t('[$Projectname:Notify] Introduction received'));
-		$preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a new connection request[/zrl] from %2$s.'),
 			$siteurl . '/connections/ifpending',
-			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
+			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]');
 		$body = sprintf( t('You may visit their profile at %s'),$sender['xchan_url']);
 
 		$sitelink = t('Please visit %s to approve or reject the connection request.');
@@ -414,11 +414,11 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_SUGGEST) {
 		$subject = sprintf( t('[$Projectname:Notify] Friend suggestion received'));
-		$preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'),
 			$itemlink,
 			'[zrl=' . $params['item']['url'] . ']' . $params['item']['name'] . '[/zrl]',
-			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
+			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]');
 
 		$body = t('Name:') . ' ' . $params['item']['name'] . "\n";
 		$body .= t('Photo:') . ' ' . $params['item']['photo'] . "\n";
@@ -462,7 +462,7 @@ class Enotify {
 	$sitelink  = $h['sitelink'];
 	$tsitelink = $h['tsitelink'];
 	$hsitelink = $h['hsitelink'];
-	$itemlink  = $h['itemlink']; 
+	$itemlink  = $h['itemlink'];
 
 
 	require_once('include/html2bbcode.php');
@@ -510,7 +510,7 @@ class Enotify {
 	// Mark some notifications as seen right away
 	// Note! The notification have to be created, because they are used to send emails
 	// So easiest solution to hide them from Notices is to mark them as seen right away.
-	// Another option would be to not add them to the DB, and change how emails are handled 
+	// Another option would be to not add them to the DB, and change how emails are handled
 	// (probably would be better that way)
 
 	if (!$always_show_in_notices) {
@@ -555,7 +555,7 @@ class Enotify {
 	// wretched hack, but we don't want to duplicate all the preamble variations and we also don't want to screw up a translation
 
 	if ((\App::$language === 'en' || (! \App::$language)) && strpos($msg,', '))
-		$msg = substr($msg,strpos($msg,', ')+1);	
+		$msg = substr($msg,strpos($msg,', ')+1);
 
 	$datarray['id'] = $notify_id;
 	$datarray['msg'] = $msg;
@@ -587,12 +587,12 @@ class Enotify {
 		$htmlversion = bbcode(stripslashes(str_replace(array("\\r","\\n"), array("","<br />\n"),$body)));
 
 
-		// use $_SESSION['zid_override'] to force zid() to use 
+		// use $_SESSION['zid_override'] to force zid() to use
 		// the recipient address instead of the current observer
 
 		$_SESSION['zid_override'] = channel_reddress($recip);
 		$_SESSION['zrl_override'] = z_root() . '/channel/' . $recip['channel_address'];
-		
+
 		$textversion = zidify_links($textversion);
 		$htmlversion = zidify_links($htmlversion);
 
@@ -754,7 +754,7 @@ class Enotify {
 			return $params['result'];
 		}
 
-		$fromName = email_header_encode(html_entity_decode($params['fromName'],ENT_QUOTES,'UTF-8'),'UTF-8'); 
+		$fromName = email_header_encode(html_entity_decode($params['fromName'],ENT_QUOTES,'UTF-8'),'UTF-8');
 		$messageSubject = email_header_encode(html_entity_decode($params['messageSubject'],ENT_QUOTES,'UTF-8'),'UTF-8');
 
 		// generate a mime boundary
@@ -767,8 +767,8 @@ class Enotify {
 		$messageHeader =
 			$params['additionalMailHeader'] .
 			"From: $fromName <{$params['fromEmail']}>" . PHP_EOL .
-			"Reply-To: $fromName <{$params['replyTo']}>" . PHP_EOL . 
-			"MIME-Version: 1.0" . PHP_EOL . 
+			"Reply-To: $fromName <{$params['replyTo']}>" . PHP_EOL .
+			"MIME-Version: 1.0" . PHP_EOL .
 			"Content-Type: multipart/alternative; boundary=\"{$mimeBoundary}\"";
 
 		// assemble the final multipart message body with the text and html types included
@@ -782,7 +782,7 @@ class Enotify {
 			$textBody . PHP_EOL .
 			"--" . $mimeBoundary . PHP_EOL .					// text/html section
 			"Content-Type: text/html; charset=UTF-8" . PHP_EOL .
-			"Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL . 
+			"Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL .
 			$htmlBody . PHP_EOL .
 			"--" . $mimeBoundary . "--" . PHP_EOL;					// message ending
 
@@ -803,7 +803,7 @@ class Enotify {
 
 		require_once('include/conversation.php');
 
-		// Call localize_item to get a one line status for activities. 
+		// Call localize_item to get a one line status for activities.
 		// This should set $item['localized'] to indicate we have a brief summary.
 		// and perhaps $item['shortlocalized'] for an even briefer summary
 
@@ -860,7 +860,7 @@ class Enotify {
 			//'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])),
 			'thread_top' => (($item['item_thread_top']) ? true : false),
 			'message' => bbcode(escape_tags($itemem_text)),
-			'body' =>  htmlentities(html2plain(bbcode($item['body']), 75, true), ENT_COMPAT, 'UTF-8', false),
+			'body' =>  htmlentities(html2plain(bbcode($item['body']), 75, true), ENT_QUOTES, 'UTF-8', false),
 			// these are for the superblock addon
 			'hash' => $item[$who]['xchan_hash'],
 			'uid' => $item['uid'],

Zotlabs/Module/Acl.php

@@ -215,7 +215,7 @@ class Acl extends \Zotlabs\Web\Controller {
 
 				// add connections
 	
-				$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self 
+				$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self 
 					FROM abook left join xchan on abook_xchan = xchan_hash 
 					WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
 					intval(local_channel())
@@ -225,7 +225,7 @@ class Acl extends \Zotlabs\Web\Controller {
 
 			}
 			else { // Visitors
-				$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
+				$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
 					FROM xchan left join xlink on xlink_link = xchan_hash
 					WHERE xlink_xchan  = '%s' AND xchan_deleted = 0 $sql_extra2_xchan order by $order_extra2 xchan_name asc" ,
 					dbesc(get_observer_hash())
@@ -241,7 +241,7 @@ class Acl extends \Zotlabs\Web\Controller {
 							$known_hashes[] = "'".$rr['hash']."'";
 					$known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')';
 	
-					$r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self 
+					$r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self 
 						FROM abook left join xchan on abook_xchan = xchan_hash 
 						WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc");
 					if($r2)
@@ -269,7 +269,7 @@ class Acl extends \Zotlabs\Web\Controller {
 				}
 			}
 			if((count($r) < 100) && $type == 'c') {
-				$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self 
+				$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self 
 					FROM xchan 
 					WHERE xchan_deleted = 0 and not xchan_network  in ('rss','anon','unknown') $sql_extra2_xchan order by $order_extra2 xchan_name asc"
 				);
@@ -282,7 +282,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		elseif($type == 'm') {
 
 			$r = array();
-			$z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url 
+			$z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url 
 				FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d 
 				and xchan_deleted = 0
@@ -302,7 +302,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		}
 		elseif($type == 'a') {
 	
-			$r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
+			$r = q("SELECT abook_id as id, xchan_name as name, xchan_network as net, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d
 				and xchan_deleted = 0
 				$sql_extra3
@@ -336,9 +336,11 @@ class Acl extends \Zotlabs\Web\Controller {
 			$r = array();
 	
 		if($r) {
+			$i = count($contacts);
+			$x = [];
 			foreach($r as $g) {
 	
-				if(in_array($g['network'],['rss','anon','unknown']) && ($type != 'a'))
+				if(in_array($g['net'],['rss','anon','unknown']) && ($type != 'a'))
 					continue;
 
 				$g['hash'] = urlencode($g['hash']);
@@ -347,14 +349,19 @@ class Acl extends \Zotlabs\Web\Controller {
 					$g['nick'] = $g['url'];
 				}
 
+				$clink = ($g['nick']) ? $g['nick'] : $g['url'];
+				$lkey = md5($clink);
+				if (! array_key_exists($lkey, $x))
+					$x[$lkey] = $i;
+
 				if(in_array($g['hash'],$permitted) && $type === 'f' && (! $noforums)) {
-					$contacts[] = array(
+					$contacts[$i] = array(
 						"type"     => "c",
 						"photo"    => "images/twopeople.png",
 						"name"     => $g['name'],
 						"id"	   => urlencode($g['id']),
 						"xid"      => $g['hash'],
-						"link"     => (($g['nick']) ? $g['nick'] : $g['url']),
+						"link"     => $clink,
 						"nick"     => substr($g['nick'],0,strpos($g['nick'],'@')),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
 						"taggable" => 'taggable',
@@ -362,19 +369,23 @@ class Acl extends \Zotlabs\Web\Controller {
 					);
 				}
 				if($type !== 'f') {
-					$contacts[] = array(
-						"type"     => "c",
-						"photo"    => $g['micro'],
-						"name"     => $g['name'],
-						"id"	   => urlencode($g['id']),
-						"xid"      => $g['hash'],
-						"link"     => (($g['nick']) ? $g['nick'] : $g['url']),
-						"nick"     => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
-						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
-						"taggable" => '',
-						"label"    => '',
-					);
+					if (! array_key_exists($x[$lkey], $contacts) || ($contacts[$x[$lkey]]['net'] !== 'zot6' && ($g['net'] == 'zot6' || $g['net'] == 'zot'))) {
+						$contacts[$x[$lkey]] = array(
+							"type"     => "c",
+							"photo"    => $g['micro'],
+							"name"     => $g['name'],
+							"id"	   => urlencode($g['id']),
+							"xid"      => $g['hash'],
+							"link"     => $clink,
+							"nick"     => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
+							"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
+							"taggable" => '',
+							"label"    => '',
+							"net"      => $g['net']
+						);
+					}
 				}
+				$i++;
 			}			
 		}
 			

Zotlabs/Module/Dirsearch.php

@@ -192,7 +192,7 @@ class Dirsearch extends Controller {
 		else {
 			$qlimit = " LIMIT " . intval($perpage) . " OFFSET " . intval($startrec);
 			if($return_total) {
-				$r = q("SELECT COUNT(xchan_hash) AS total FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql ");
+				$r = q("SELECT COUNT(xchan_hash) AS total FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot6' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql ");
 				if($r) {
 					$ret['total_items'] = $r[0]['total'];
 				}
@@ -261,7 +261,7 @@ class Dirsearch extends Controller {
 		else {
 	
 			$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash 
-				where ( $logic $sql_extra ) $hub_query and xchan_network = 'zot' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 
+				where ( $logic $sql_extra ) $hub_query and xchan_network = 'zot6' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 
 				$safesql $order $qlimit "
 			);
 	

Zotlabs/Module/Item.php

@@ -1337,7 +1337,7 @@ class Item extends Controller {
 			killme();
 		}
 
-		if(($parent == $post_id) || ($datarray['item_private'] == 1)) {
+		if($parent || $datarray['item_private'] == 1) {
 			$r = q("select * from item where id = %d",
 				intval($post_id)
 			);

Zotlabs/Module/Owa.php

@@ -46,7 +46,7 @@ class Owa extends Controller {
 					}
 					if ($r) {
 						foreach ($r as $hubloc) {
-							$verified = HTTPSig::verify(file_get_contents('php://input'));
+							$verified = HTTPSig::verify(file_get_contents('php://input'), $hubloc['xchan_pubkey']);
 							if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) {
 								logger('OWA header: ' . print_r($verified,true),LOGGER_DATA);
 								logger('OWA success: ' . $hubloc['hubloc_id_url'],LOGGER_DATA);

Zotlabs/Module/Photo.php

@@ -35,7 +35,7 @@ class Photo extends \Zotlabs\Web\Controller {
 		call_hooks('cache_mode_hook', $cache_mode);
 		
 		$observer_xchan = get_observer_hash();
-		$cachecontrol = '';
+		$cachecontrol = ', no-cache';
 
 		if(isset($type)) {
 	
@@ -102,7 +102,7 @@ class Photo extends \Zotlabs\Web\Controller {
 			    $modified = filemtime($default);
 			}
 
-			$cachecontrol = ', must-revalidate';
+			$cachecontrol .= ', must-revalidate';
 		}
 		else {
 	
@@ -169,6 +169,7 @@ class Photo extends \Zotlabs\Web\Controller {
 									$url = z_root() . '/sslify/' . $filename . '?f=&url=' . urlencode($url);
 								goaway($url);
 							}
+							$cachecontrol = '';
 						}
 					}
 				}
@@ -271,7 +272,7 @@ class Photo extends \Zotlabs\Web\Controller {
 			// in the event that infrastructure caching is present.
 			$smaxage = intval($maxage/12);
 
-			header("Cache-Control: no-cache, s-maxage=" . $smaxage . ", max-age=" . $maxage . $cachecontrol);
+			header("Cache-Control: s-maxage=" . $smaxage . ", max-age=" . $maxage . $cachecontrol);
 	
 		}
 

Zotlabs/Module/Sse_bs.php

@@ -162,7 +162,7 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		if ($notifications) {
-			$items = q("SELECT * FROM item 
+			$items = q("SELECT * FROM item
 				WHERE uid = %d
 				AND created <= '%s'
 				AND item_unseen = 1 AND item_wall = 0 AND item_private IN (0, 1)
@@ -190,7 +190,7 @@ class Sse_bs extends Controller {
 
 		}
 
-		$r = q("SELECT count(id) as total FROM item 
+		$r = q("SELECT count(id) as total FROM item
 			WHERE uid = %d and item_unseen = 1 AND item_wall = 0 AND item_private IN (0, 1)
 			AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 			AND author_xchan != '%s'
@@ -231,10 +231,10 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		if ($notifications) {
-			$items = q("SELECT * FROM item 
+			$items = q("SELECT * FROM item
 				WHERE uid = %d
 				AND created <= '%s'
-				AND item_unseen = 1 AND item_wall = 0 AND item_private = 2
+				AND item_unseen = 1 AND item_private = 2
 				AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 				AND author_xchan != '%s'
 				$item_normal
@@ -259,8 +259,8 @@ class Sse_bs extends Controller {
 
 		}
 
-		$r = q("SELECT count(id) as total FROM item 
-			WHERE uid = %d and item_unseen = 1 AND item_wall = 0 AND item_private = 2
+		$r = q("SELECT count(id) as total FROM item
+			WHERE uid = %d and item_unseen = 1 AND item_private = 2
 			$item_normal
 			$sql_extra
 			AND author_xchan != '%s'",
@@ -300,10 +300,10 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		if ($notifications) {
-			$items = q("SELECT * FROM item 
+			$items = q("SELECT * FROM item
 				WHERE uid = %d
 				AND created <= '%s'
-				AND item_unseen = 1 AND item_wall = 1 
+				AND item_unseen = 1 AND item_wall = 1 AND item_private IN (0, 1)
 				AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 				AND author_xchan != '%s'
 				$item_normal
@@ -328,8 +328,8 @@ class Sse_bs extends Controller {
 
 		}
 
-		$r = q("SELECT count(id) as total FROM item 
-			WHERE uid = %d and item_unseen = 1 AND item_wall = 1 
+		$r = q("SELECT count(id) as total FROM item
+			WHERE uid = %d and item_unseen = 1 AND item_wall = 1 AND item_private IN (0, 1)
 			$item_normal
 			$sql_extra
 			AND author_xchan != '%s'",
@@ -379,7 +379,7 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		if ($notifications) {
-			$items = q("SELECT * FROM item 
+			$items = q("SELECT * FROM item
 				WHERE uid = %d
 				AND created <= '%s'
 				AND item_unseen = 1
@@ -410,7 +410,7 @@ class Sse_bs extends Controller {
 
 		}
 
-		$r = q("SELECT count(id) as total FROM item 
+		$r = q("SELECT count(id) as total FROM item
 			WHERE uid = %d AND item_unseen = 1
 			AND created > '%s'
 			$item_normal
@@ -516,7 +516,7 @@ class Sse_bs extends Controller {
 				$p_str = ids_to_querystr($p, 'parent');
 				$p_sql = (($p_str) ? "OR parent IN ( $p_str )" : '');
 
-				$r = q("select mid from item 
+				$r = q("select mid from item
 					where uid = %d and ( owner_xchan = '%s' OR author_xchan = '%s' $p_sql ) and item_unseen = 1 $sql_extra $item_normal",
 					intval(self::$uid),
 					dbesc($forums[$x]['xchan_hash']),
@@ -577,7 +577,7 @@ class Sse_bs extends Controller {
 
 		$item_normal = item_normal();
 
-		$r = q("SELECT * FROM item 
+		$r = q("SELECT * FROM item
 			WHERE verb = '%s'
 			AND obj_type IN ('Document', 'Video', 'Audio', 'Image')
 			AND uid = %d

Zotlabs/Web/HTTPSig.php

@@ -151,13 +151,13 @@ class HTTPSig {
 
 		$result['signer'] = $sig_block['keyId'];
 
-		$key = self::get_key($key,$keytype,$result['signer']);
+		$cached_key = self::get_key($key,$keytype,$result['signer']);
 
-		if(! ($key && $key['public_key'])) {
+		if(! ($cached_key && $cached_key['public_key'])) {
 			return $result;
 		}
 
-		$x = rsa_verify($signed_data,$sig_block['signature'],$key['public_key'],$algorithm);
+		$x = rsa_verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm);
 
 		logger('verified: ' . $x, LOGGER_DEBUG);
 
@@ -166,15 +166,15 @@ class HTTPSig {
 			// try again, ignoring the local actor (xchan) cache and refetching the key
 			// from its source
 
-			$fkey = self::get_key($key,$keytype,$result['signer'],true);
+			$fetched_key = self::get_key($key,$keytype,$result['signer'],true);
 
-			if ($fkey && $fkey['public_key']) {
-				$y = rsa_verify($signed_data,$sig_block['signature'],$fkey['public_key'],$algorithm);
+			if ($fetched_key && $fetched_key['public_key']) {
+				$y = rsa_verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm);
 				logger('verified: (cache reload) ' . $x, LOGGER_DEBUG);
 			}
 
 			if (! $y) {
-				logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($fkey['public_key']) ? '' : ' no key'));
+				logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($fetched_key['public_key']) ? '' : ' no key'));
 				$sig_block['signature'] = base64_encode($sig_block['signature']);
 				logger('affected sigblock: ' . print_r($sig_block,true));
 				logger('headers: ' . print_r($headers,true));
@@ -184,6 +184,8 @@ class HTTPSig {
 
 		}
 
+		$key = (($fetched_key) ? $fetched_key : $cached_key);
+
 		$result['portable_id'] = $key['portable_id'];
 		$result['header_valid'] = true;
 
@@ -244,7 +246,7 @@ class HTTPSig {
 
 	function convertKey($key) {
 
-		if(strstr($key,'RSA ')) { 
+		if(strstr($key,'RSA ')) {
 			return rsatopem($key);
 		}
 		elseif(substr($key,0,5) === 'data:') {
@@ -453,7 +455,7 @@ class HTTPSig {
 			foreach($headers as $h) {
 				header($h);
 			}
-		} 
+		}
 	}
 
 

boot.php

@@ -50,7 +50,7 @@ require_once('include/attach.php');
 require_once('include/bbcode.php');
 
 define ( 'PLATFORM_NAME',           'hubzilla' );
-define ( 'STD_VERSION',             '5.0.7' );
+define ( 'STD_VERSION',             '5.0.8' );
 define ( 'ZOT_REVISION',            '6.0' );
 
 define ( 'DB_UPDATE_VERSION',       1240 );

include/connections.php

@@ -471,7 +471,7 @@ function random_profile() {
 
 		$r = q("select xchan_url, xchan_hash from xchan left join hubloc on hubloc_hash = xchan_hash where
 			xchan_hidden = 0 and xchan_system = 0 and
-			xchan_network = 'zot' and xchan_deleted = 0 and
+			xchan_network = 'zot6' and xchan_deleted = 0 and
 			hubloc_connected > %s - interval %s order by $randfunc limit 1",
 			db_utcnow(),
 			db_quoteinterval('30 day')

include/photo/photo_driver.php

@@ -38,6 +38,10 @@ function photo_factory($data, $type = null) {
 		$v = Imagick::getVersion();
 		preg_match('/ImageMagick ([0-9]+\.[0-9]+\.[0-9]+)/', $v['versionString'], $m);
 		if(version_compare($m[1], '6.6.7') >= 0) {
+			$limits = get_config('system', 'imagick_limits', false);
+			if ($limits)
+				foreach ($limits as $k => $v)
+					IMagick::setResourceLimit($k, $v);
 			$ph = new PhotoImagick($data, $type);
 		} else {
 			// earlier imagick versions have issues with scaling png's