Merge branch '8.4RC'

Owa compatibility for Friendica

See merge request hubzilla/core!2036

.gitlab-ci.yml

@@ -3,7 +3,7 @@
 # Use a prepared Hubzilla image to optimise pipeline duration
 # image: registry.gitlab.com/dawnbreak/hubzilla/core:php7.3
 
-image: php:8.0
+image: php:8.1
 
 stages:
   - test
@@ -96,8 +96,8 @@ before_script:
       - tests/results/
 
 
-# PHP8.0
-php8.0:
+# PHP8.1
+php8.1:
   <<: *job_definition_php
 
 # PHP8.0 with MySQL 5.7

CHANGELOG

@@ -1,3 +1,212 @@
+Hubzilla 8.4 (2023-05-17)
+	- Slightly rewrite Activity::store() to save a query
+	- Use act->objprop() in decode_note() to get activity values
+	- Make sure to re-discover a channel upon connecting if we have just an xchan but no hubloc
+	- Updated ES translations
+	- Updated RU translations
+	- Redesigned profile vcard to implement cover images
+	- Slightly improved discovery of AP quoted messages
+	- Updated bootstrap library
+	- Changed hashtag encoding to match mastodons expectations (issue #1750)
+	- Implement fedearted directory flags from trusted directory servers
+	- Use Activity::get_actor_hublocs() in Libzot::fetch_conversation() instead of custom queries
+	- Add the conversation endpoint
+	- Implement paginated fetch for zot requests in mod item
+	- Implement Zotconvo daemon to fetch conversations in the background
+	- Expose deleted channels to webfinger (otherwise we can not mark them deleted locally)
+	- Expire items in batches to prevent memory exhaustion
+	- Remove legacy zot compatibility tweaks
+	- Rewrite and simplify directory sync
+	- Improve potentially long running sql query finding the thread parent
+	- Implement option to override permissions for posts with mentions
+
+	Bugfixes
+	- Fix parent_mid and thr_parent not set correctly for response activities
+	- Fix query for postgres in attach_list_files()
+	- Fix item_url_replace() failing on arrays
+	- Fix OWA compatibility with friendica
+	- Fix regression in decoding the object type
+	- Fix xss vulnerability in justified gallery library
+	- Fix permissions not initialized after accepted follow request from AP
+	- Fix empty path passed to fopen()
+	- Fix % value in format_poll() not rounded
+	- Fix remove_all_xchan_resources() executed for local channels
+	- Fix likes not synced via libsync between clones
+
+	Addons
+	- Pubcrawl: fix xchan_url used as follow object instead of xchan_hash
+	- Channelreputation: moved to unmaintained repo due to duplication issues when storing data in pconfig
+	- Pubcrawl: add lemmy accept/reject follow quirks
+	- Diaspora: handle 4xx return codes in queue management
+	- Diaspora: fix fatal error in the case where parent_guid is set but empty
+	- Pubcrawl: if shared inbox delivery fails deliver to contacts instead of everybody we know from that site
+	- Articles: fix PHP error
+	- Diaspora: rewrite synced (from a clone) item author to primary
+	- Diaspora: improve reshare detection
+	- Diaspora: fix contact role not sets
+	- Pubcrawl: rewrite synced (from a clone) item author to primary
+	- Pubcrawl: if we receive a public message to the shared inbox deliver to following *and* directly addressed
+
+
+Hubzilla 8.2 (2023-03-19)
+	- Remove redundant untranslated htconfig templates
+	- Implement workaround for friendica image/attachment construct
+	- Implement notification exception for forum posts repeated by group actors
+	- Updated es translations
+	- Rewrite totp multifactor auth and move it from addon to core (ported from streams)
+	- Implement page load progress indicator for pwa standalone mode
+	- Improved mod HQ logic to save some DB lookups
+	- Default owner_xchan to sender in Activity::store() except for fetched items
+	- Improved contact search
+	- Do not force new thread if announce comes from group actor
+	- Disable oembed in notes app
+	- Improved queue handling
+	- Slightly restructure conv item head
+	- Implemet author images in HQ widget
+	- Implement author filter in HQ widget
+	- Add config option db_skip_locked_supported which should be set if the DB backend supports skip locked
+	- Updated simple pie library
+	- Updated smarty library
+	- Updated forkawesome library
+	- Updated fullcalendar library
+	- Implement native dark/light mode in favour of dark/light schema
+	- Updated bootstrap library
+
+	Bugfixes
+	- Fix channel calendar location html not interpreted - issue #1728
+	- Fix max oembed size check if content length header is an array
+	- Fix group actor wall posts turned into direct messages when posting article or card
+	- Fix non zot profile mentions using zrl tag
+	- Fix message filter > and < not decoded
+	- Fix deleted hublocs included in author lookup
+	- Fix some more PHP warnings
+	- Fix syntax for get_compund_property()
+	- Fix xchan_pubforum not set on actor updates
+	- Fix duplicate directory entries for xchans with bogus second primary entry
+	- Fix missing created timestamp in like activity - issue #1729
+	- Fix messages not signed when posting from non primary locations
+	- Fix pinned post regression
+	- Fix autocomplete items not selectable on mobile
+	- Fix hubloc confusion in Libzot::fetch_conversation()
+	- Fix valid duplicate notification entries deduplicated
+	- Fix ics file import
+	- Fix recipients deduplication in some places
+	- Fix hashtag encoded with href instead of id
+
+	Addons
+	- Pubcrawl: re-implement encrypted content which got lost in transition
+	- Pubcrawl: flag fetched items
+	- Totp: removed from addons in favor of implementation in core
+	- Pubcrawl: fix delivery issues for relayed activities
+	- Cart: fix missing bootstrap namespace
+	- Gallery: do not inject gallery code in webpages
+	- Pubcrawl: fix sql error if mentions string is empty
+	- Cart: fix paypal order hash size
+
+
+Hubzilla 8.0 (2023-01-13)
+	- Updated ru strings
+	- Implement ability to edit addon PDL with pdledit_gui and pdledit
+	- Implement queueworker auto sleep time
+	- Always add sys channel to receivers for public items
+	- Improved server sent events loop
+	- Exclude not tagable xchan networks handle_tag()
+	- Add mark html tag to the html2bbcode parser
+	- Embed or attach uploaded files depending on file type
+	- Changed logic to enable site only public stream - please revisit admin setting
+	- Updated nb-no strings
+	- Moved queueworker to core
+	- Provide a PDL file for mod invite and set the profile
+	- Disabled outdated context help
+	- Mark unseen items seen after a certain amount of time (default 90 days)
+	- Slightly restructure lib webfinger
+	- Improved redbasic dark schema
+	- Implement unseen thread and unseen items count in HQ widget
+	- In unseen items notifications just count the first 99 and display 99+ if there are more
+
+	Bugfixes
+	- Fix race conditions when processing multiple choice polls
+	- Fix affinity slider updates - issue #1714
+	- Fix issue where accounts created with a did2 could change their password
+	- Fix no message displayed if file not found in mod cloud
+	- Fix pubstream tagcloud unthreaded view
+	- Fix french invite template
+	- Fix comment permission issue in site only public stream
+	- Fix privacy tag not referring to latest hubloc entry
+	- Fix selected item not highlighted
+	- Fix poll issue when special chars and spaces are involved
+	- Fix prune_hub_reinstalls() to only care about zot6 hublocs
+	- Fix redis session PHP warnings
+	- Fix remote visitor photo uploads
+	- Fix mod shredwithme not showing any items
+	- Fix api_auth not referring to latest hubloc entry
+	- Fix category widget URLs
+	- Fix poller always polling broken feeds
+	- Fix sse event always triggered if public stream notification are off or the app is not installed
+	- Fix more PHP8 warnings
+	- Fix wrong variable in tag_deliver()
+	- Fix mod follow use trim() after punify() - issue #1698
+
+	Addons
+	- Cards: update widget info
+	- Articles: update widget info
+	- Wiki: update widget info
+	- Sse: filter apporvals
+	- Cards: use html_entity_decode before purify and html2plain for summary
+	- Articles: use html_entity_decode before purify and html2plain for summary
+	- Wiki: use html_entity_decode before purify and html2plain for summary
+	- Cards: fix comments not displayed if filter by category
+	- Articles: fix comments not displayed if filter by category
+	- Sse: respect the site public stream setting
+	- Queueworker: moved to core
+	- Pubcrawl: move db query out of foreach loop
+	- Pubcrawl: add mentions and thread owner to recipients for public items
+
+
+Hubzilla 7.8.7 (2022-12-03)
+	- Fix regression when adding feed contacts
+	- Fix regression new channel calendar event not created
+
+
+Hubzilla 7.8.6 (2022-11-14)
+	- Fix typo in boot.php
+
+
+Hubzilla 7.8.5 (2022-11-13)
+	- Fix outbound edit activity not of type update
+	- Fix mod display not falling through to fetch public item
+	- Fix more PHP warnings
+	- Fix regression in items_fetch() which resulted in empty atom feed
+	- Pubcrawl: cleanup and slightly restructre mod inbox
+
+
+Hubzilla 7.8.4 (2022-11-09)
+	- Fix new uuid created when editing a post
+
+
+Hubzilla 7.8.3 (2022-11-07)
+	- Fix regression where auto created directories were not created with public permissions
+	- Fix regression where pinned/featured state of apps was not displayed correctly
+
+
+Hubzilla 7.8.2 (2022-11-05)
+	- Pubcrawl: fix regression in inbox
+	- Fix display issue of shares coming from streams
+	- Throw a 404 if we could not determine which channel to load
+	- If we have a cached xchan/hubloc entry, make sure we fetch the latest
+	- Gallery: paint the background grid with css
+
+
+Hubzilla 7.8.1 (2022-10-26)
+	- Silence tons of PHP warnings in core
+	- Catch decryption failure edgecase in receiver
+	- Deal with conversation privacy mismatches in Activity::store()
+	- Composer libs updates
+	- Fix timeago strings not always translated
+	- Fix edit link regression in cards addon
+	- Fix edit link regression in article addon
+
+
 Hubzilla 7.8 (2022-10-10)
 	- Updated spanish translations
 	- Always update hubloc_updated timestamp if a hubloc is updated

Zotlabs/Access/AccessList.php

@@ -139,6 +139,11 @@ class AccessList {
 	 * @param boolean $explicit (optional) default true
 	 */
 	function set_from_array($arr, $explicit = true) {
+		$arr['contact_allow'] = $arr['contact_allow'] ?? [];
+		$arr['group_allow'] = $arr['group_allow'] ?? [];
+		$arr['contact_deny'] = $arr['contact_deny'] ?? [];
+		$arr['group_deny'] = $arr['group_deny'] ?? [];
+
 		$this->allow_cid = perms2str((is_array($arr['contact_allow']))
 			? $arr['contact_allow'] : explode(',', $arr['contact_allow']));
 		$this->allow_gid = perms2str((is_array($arr['group_allow']))

Zotlabs/Daemon/Addon.php

@@ -7,6 +7,7 @@ class Addon {
 	static public function run($argc, $argv) {
 
 		call_hooks('daemon_addon', $argv);
+		return;
 
 	}
 

Zotlabs/Daemon/Cache_embeds.php

@@ -19,8 +19,10 @@ class Cache_embeds {
 		$item = $c[0];
 
 		// bbcode conversion by default processes embeds that aren't already cached.
-		// Ignore the returned html output. 
+		// Ignore the returned html output.
 
 		bbcode($item['body']);
+
+		return;
 	}
 }

Zotlabs/Daemon/Cache_query.php

@@ -24,7 +24,7 @@ class Cache_query {
 
 		array_shift($argv);
 		array_shift($argv);
-		
+
 		$arr = json_decode(base64_decode($argv[0]), true);
 
 		$r = call_user_func_array('q', $arr);
@@ -32,5 +32,7 @@ class Cache_query {
 			Cache::set($key, serialize($r));
 
 		del_config('procid', $key);
+
+		return;
 	}
 }

Zotlabs/Daemon/Checksites.php

@@ -10,6 +10,9 @@ class Checksites {
 
 		logger('checksites: start');
 
+		$site_id = '';
+		$sql_options = '';
+
 		if (($argc > 1) && ($argv[1]))
 			$site_id = $argv[1];
 

Zotlabs/Daemon/Cli_suggest.php

@@ -9,6 +9,7 @@ class Cli_suggest {
 	static public function run($argc,$argv) {
 
 		update_suggestions();
+		return;
 
 	}
 }

Zotlabs/Daemon/Convo.php

@@ -30,6 +30,7 @@ class Convo {
 			intval($channel_id),
 			dbesc($contact_hash)
 		);
+
 		if (!$r) {
 			return;
 		}
@@ -40,19 +41,26 @@ class Convo {
 
 		$messages = $obj->get();
 
-		if ($messages) {
-			foreach ($messages as $message) {
-				if (is_string($message)) {
-					$message = Activity::fetch($message, $channel);
-				}
-				// set client flag because comments will probably just be objects and not full blown activities
-				// and that lets us use implied_create
-				$AS = new ActivityStreams($message);
-				if ($AS->is_valid() && is_array($AS->obj)) {
-					$item = Activity::decode_note($AS);
-					Activity::store($channel, $contact['abook_xchan'], $AS, $item);
-				}
+		if (!$messages) {
+			return;
+		}
+
+		foreach ($messages as $message) {
+			if (is_string($message)) {
+				$message = Activity::fetch($message, $channel);
+			}
+
+			// set client flag because comments will probably just be objects and not full blown activities
+			// and that lets us use implied_create
+			$AS = new ActivityStreams($message);
+			if ($AS->is_valid() && is_array($AS->obj)) {
+				$item = Activity::decode_note($AS);
+				$item['item_fetched'] = true;
+				Activity::store($channel, $contact['abook_xchan'], $AS, $item);
 			}
 		}
+
+		return;
+
 	}
 }

Zotlabs/Daemon/Cron.php

@@ -3,6 +3,7 @@
 namespace Zotlabs\Daemon;
 
 use Zotlabs\Lib\Libsync;
+use Zotlabs\Lib\Libzotdir;
 
 class Cron {
 
@@ -19,6 +20,7 @@ class Cron {
 			}
 		}
 
+/*
 		// Check for a lockfile.  If it exists, but is over an hour old, it's stale.  Ignore it.
 		$lockfile = 'store/[data]/cron';
 		if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 3600))
@@ -30,9 +32,21 @@ class Cron {
 		// Create a lockfile.  Needs two vars, but $x doesn't need to contain anything.
 		$x = '';
 		file_put_contents($lockfile, $x);
+*/
 
 		logger('cron: start');
 
+		// If this is a directory server, request a sync with an upstream
+		// directory at least once a day, up to once every poll interval.
+		// Pull remote changes and push local changes.
+		// potential issue: how do we keep from creating an endless update loop?
+
+		$dirmode = get_config('system', 'directory_mode');
+
+		if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
+			Libzotdir::sync_directories($dirmode);
+		}
+
 		// run queue delivery process in the background
 
 		Master::Summon(array('Queue'));
@@ -50,7 +64,7 @@ class Cron {
 		require_once('include/account.php');
 		remove_expired_registrations();
 
-		$interval = get_config('system', 'delivery_interval', 3);
+		$interval = get_config('queueworker', 'queue_interval', 500000);
 
 		// expire any expired items
 
@@ -65,8 +79,10 @@ class Cron {
 				if ($rr['item_wall']) {
 					// The notifier isn't normally invoked unless item_drop is interactive.
 					Master::Summon(['Notifier', 'drop', $rr['id']]);
-					if ($interval)
-						@time_sleep_until(microtime(true) + (float)$interval);
+
+					if ($interval) {
+						usleep($interval);
+					}
 				}
 			}
 		}
@@ -96,8 +112,10 @@ class Cron {
 		if ($r) {
 			foreach ($r as $rr) {
 				Master::Summon(array('Directory', $rr['channel_id'], 'force'));
-				if ($interval)
-					@time_sleep_until(microtime(true) + (float)$interval);
+
+				if ($interval) {
+					usleep($interval);
+				}
 			}
 		}
 
@@ -151,8 +169,10 @@ class Cron {
 						);
 					}
 					Master::Summon(array('Notifier', 'wall-new', $rr['id']));
-					if ($interval)
-						@time_sleep_until(microtime(true) + (float)$interval);
+
+					if ($interval) {
+						usleep($interval);
+					}
 				}
 			}
 		}
@@ -203,10 +223,10 @@ class Cron {
 		}
 
 
-		// pull in some public posts
+		// pull in some public posts if allowed
 
-		$disable_discover_tab = get_config('system', 'disable_discover_tab') || get_config('system', 'disable_discover_tab') === false;
-		if (!$disable_discover_tab)
+		$disable_externals = get_config('system', 'disable_discover_tab') || get_config('system', 'disable_discover_tab') === false || get_config('system', 'site_firehose');
+		if (!$disable_externals)
 			Master::Summon(['Externals']);
 
 		$restart = false;
@@ -228,7 +248,7 @@ class Cron {
 		set_config('system', 'lastcron', datetime_convert());
 
 		//All done - clear the lockfile
-		@unlink($lockfile);
+		//@unlink($lockfile);
 
 		return;
 	}

Zotlabs/Daemon/Cron_daily.php

@@ -49,6 +49,22 @@ class Cron_daily {
 			dbesc('sse_id.%')
 		);
 
+		// Mark items seen after X days (default 90)
+
+		$r = dbq("select channel_id from channel where channel_removed = 0");
+		if ($r) {
+			foreach ($r as $rr) {
+				$mark_seen_days = get_pconfig($rr['channel_id'], 'system', 'mark_seen_days', 90);
+				q("UPDATE item SET item_unseen = 0 WHERE
+					uid = %d AND item_unseen = 1
+					AND created < %s - INTERVAL %s",
+					intval($rr['channel_id']),
+					db_utcnow(),
+					db_quoteinterval($mark_seen_days . ' DAY')
+				);
+			}
+		}
+
 		// Clean up emdedded content cache
 		q("DELETE FROM cache WHERE updated < %s - INTERVAL %s",
 			db_utcnow(),
@@ -78,17 +94,6 @@ class Cron_daily {
 		// expire any expired accounts
 		downgrade_accounts();
 
-		// If this is a directory server, request a sync with an upstream
-		// directory at least once a day, up to once every poll interval.
-		// Pull remote changes and push local changes.
-		// potential issue: how do we keep from creating an endless update loop?
-
-		$dirmode = get_config('system', 'directory_mode');
-
-		if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
-			Libzotdir::sync_directories($dirmode);
-		}
-
 		Master::Summon(array('Expire'));
 		Master::Summon(array('Cli_suggest'));
 
@@ -103,5 +108,7 @@ class Cron_daily {
 		/**
 		 * End Cron Daily
 		 */
+
+		 return;
 	}
 }

Zotlabs/Daemon/Cron_weekly.php

@@ -22,12 +22,12 @@ class Cron_weekly {
 
 		mark_orphan_hubsxchans();
 
-		// Find channels that were removed in the last three weeks, but 
+		// Find channels that were removed in the last three weeks, but
 		// haven't been finally cleaned up. These should be older than 10
-		// days to ensure that "purgeall" messages have gone out or bounced 
-		// or timed out. 
+		// days to ensure that "purgeall" messages have gone out or bounced
+		// or timed out.
 
-		$r = q("select channel_id from channel where channel_removed = 1 and 
+		$r = q("select channel_id from channel where channel_removed = 1 and
 			channel_deleted >  %s - INTERVAL %s and channel_deleted < %s - INTERVAL %s",
 			db_utcnow(), db_quoteinterval('21 DAY'),
 			db_utcnow(), db_quoteinterval('10 DAY')
@@ -59,5 +59,6 @@ class Cron_weekly {
 		 * End Cron Weekly
 		 */
 
+		return;
 	}
-}
+}

Zotlabs/Daemon/Deliver.php

@@ -28,6 +28,8 @@ class Deliver {
 
 		}
 
+		return;
+
 	}
 
 }

Zotlabs/Daemon/Deliver_hooks.php

@@ -12,8 +12,12 @@ class Deliver_hooks {
 		$r = q("select * from item where id = '%d'",
 			intval($argv[1])
 		);
-		if ($r)
+
+		if ($r) {
 			call_hooks('notifier_normal', $r[0]);
+		}
+
+		return;
 
 	}
 }

Zotlabs/Daemon/Directory.php

@@ -97,5 +97,7 @@ class Directory {
 		if ($pushall) {
 			Master::Summon(array('Notifier', 'refresh_all', $channel['channel_id']));
 		}
+
+		return;
 	}
 }

Zotlabs/Daemon/Expire.php

@@ -32,7 +32,6 @@ class Expire {
 		}
 
 		// physically remove anything that has been deleted for more than two months
-		/** @FIXME - this is a wretchedly inefficient query */
 
 		q("delete from item where item_pending_remove = 1 and changed < %s - INTERVAL %s",
 			db_utcnow(),
@@ -59,8 +58,8 @@ class Expire {
 					continue;
 
 				// service class default (if non-zero) over-rides the site default
-
 				$service_class_expire = service_class_fetch($rr['channel_id'], 'expire_days');
+
 				if (intval($service_class_expire))
 					$channel_expire = $service_class_expire;
 				else
@@ -85,7 +84,6 @@ class Expire {
 
 			// this should probably just fetch the channel_expire_days from the sys channel,
 			// but there's no convenient way to set it.
-
 			$expire_days = get_config('system', 'sys_expire_days');
 			if ($expire_days === false)
 				$expire_days = 30;
@@ -96,12 +94,15 @@ class Expire {
 
 			logger('Expire: sys interval: ' . $expire_days, LOGGER_DEBUG);
 
-			if ($expire_days)
+			if ($expire_days) {
 				item_expire($x['channel_id'], $expire_days, $commented_days);
+			}
 
 			logger('Expire: sys: done', LOGGER_DEBUG);
 		}
 
 		del_config('procid', 'expire');
+
+		return;
 	}
 }

Zotlabs/Daemon/Externals.php

@@ -19,6 +19,7 @@ class Externals {
 		$importer = get_sys_channel();
 		$total    = 0;
 		$attempts = 0;
+		$url = '';
 
 		logger('externals: startup', LOGGER_DEBUG);
 
@@ -67,9 +68,8 @@ class Externals {
 					datetime_convert('UTC', 'UTC', 'now - 30 days')
 				);
 
-				$contact = $r[0];
-
-				if ($contact) {
+				if ($r) {
+					$contact = $r[0];
 					$url = $contact['hubloc_id_url'];
 				}
 			}
@@ -143,7 +143,8 @@ class Externals {
 						$AS = new ActivityStreams($message);
 						if ($AS->is_valid() && is_array($AS->obj)) {
 							$item = Activity::decode_note($AS);
-							Activity::store($importer, $contact['abook_xchan'], $AS, $item);
+							$item['item_fetched'] = true;
+							Activity::store($importer, $contact['hubloc_hash'], $AS, $item);
 							$total++;
 						}
 					}

Zotlabs/Daemon/Gprobe.php

@@ -38,10 +38,9 @@ class Gprobe {
 
 			if ($url) {
 				$zf = Zotfinger::exec($url, null);
-			}
-
-			if (is_array($zf) && array_path_exists('signature/signer', $zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
-				Libzot::import_xchan($zf['data']);
+				if (is_array($zf) && array_path_exists('signature/signer', $zf) && $zf['signature']['signer'] === $url && intval($zf['signature']['header_valid'])) {
+					Libzot::import_xchan($zf['data']);
+				}
 			}
 		}
 

Zotlabs/Daemon/Importdoc.php

@@ -11,6 +11,8 @@ class Importdoc {
 
 		self::update_docs_dir('doc/*');
 
+		return;
+
 	}
 
 	static public function update_docs_dir($s) {

Zotlabs/Daemon/Master.php

@@ -2,6 +2,8 @@
 
 namespace Zotlabs\Daemon;
 
+use Zotlabs\Lib\QueueWorker;
+
 if (array_search(__file__, get_included_files()) === 0) {
 	require_once('include/cli_startup.php');
 	array_shift($argv);
@@ -9,6 +11,7 @@ if (array_search(__file__, get_included_files()) === 0) {
 
 	if ($argc)
 		Master::Release($argc, $argv);
+
 	return;
 }
 
@@ -16,6 +19,10 @@ if (array_search(__file__, get_included_files()) === 0) {
 class Master {
 
 	static public function Summon($arr) {
+
+		QueueWorker::Summon($arr);
+		return;
+/*
 		$hookinfo = [
 			'argv' => $arr
 		];
@@ -32,11 +39,15 @@ class Master {
 
 		$phpbin = get_config('system', 'phpbin', 'php');
 		proc_run($phpbin, 'Zotlabs/Daemon/Master.php', $arr);
+*/
 	}
 
 	static public function Release($argc, $argv) {
 		cli_startup();
 
+		QueueWorker::Release($argv);
+		return;
+/*
 		$hookinfo = [
 			'argv' => $argv
 		];
@@ -54,5 +65,6 @@ class Master {
 		logger('Master: release: ' . json_encode($argv), LOGGER_ALL, LOG_DEBUG);
 		$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
 		$cls::run($argc, $argv);
+*/
 	}
 }

Zotlabs/Daemon/Notifier.php

@@ -79,10 +79,7 @@ class Notifier {
 	static public $encoded_item = null;
 	static public $channel = null;
 	static public $private = false;
-	// $fragment can contain additional info to omit de-duplication in the queueworker.
-	// E.g. if an item is updated many times in a row from different sources (multiple vote updates) the
-	// update source mid or a timestamp or random string can be added.
-	static public $fragment = null;
+
 
 	static public function run($argc, $argv) {
 
@@ -107,14 +104,13 @@ class Notifier {
 		self::$encoded_item = null;
 		self::$channel      = null;
 		self::$private      = false;
-		self::$fragment     = null;
 
 		$sys         = get_sys_channel();
 		$normal_mode = true;
 		$upstream = false;
 		$uplink = false;
-		$target_item = [];
-		$parent_item = [];
+		$target_item = null;
+		$parent_item = null;
 		$top_level_post = false;
 		$relay_to_owner = false;
 
@@ -233,8 +229,6 @@ class Notifier {
 
 			// Fetch the target item
 
-			self::$fragment = $argv[3] ?? '';
-
 			$r = q("SELECT * FROM item WHERE id = %d AND parent != 0",
 				intval($item_id)
 			);
@@ -415,8 +409,6 @@ class Notifier {
 				self::$private    = false;
 				self::$recipients = collect_recipients($parent_item, self::$private);
 
-				// FIXME add any additional recipients such as mentions, etc.
-
 				if ($top_level_post) {
 					// remove clones who will receive the post via sync
 					self::$recipients = array_values(array_diff(self::$recipients, [$target_item['owner_xchan']]));
@@ -509,6 +501,7 @@ class Notifier {
 		// public posts won't make it to the local public stream unless there's a recipient on this site.
 		// This code block sees if it's a public post and localhost is missing, and if so adds an entry for the local sys channel to the $hubs list
 
+		/* sys channel is now added in collect recipients
 		if (!self::$private) {
 			$found_localhost = false;
 			if ($hubs) {
@@ -529,6 +522,7 @@ class Notifier {
 				}
 			}
 		}
+		*/
 
 		if (!$hubs) {
 			logger('notifier: no hubs', LOGGER_NORMAL, LOG_NOTICE);
@@ -651,13 +645,14 @@ class Notifier {
 			// This shouldn't produce false positives on comment boosts that were generated on other platforms
 			// because we won't be delivering them.
 
-			if (isset($target_item) && isset($target_item['verb']) && $target_item['verb'] === 'Announce' && $target_item['author_xchan'] === $target_item['owner_xchan'] && ! intval($target_item['item_thread_top'])) {
+			if (isset($target_item['verb']) && $target_item['verb'] === 'Announce' && $target_item['author_xchan'] === $target_item['owner_xchan'] && ! intval($target_item['item_thread_top'])) {
 				continue;
 			}
 
 			$hash = new_uuid();
 
-			$env = (($hub_env && $hub_env[$hub['hubloc_site_id']]) ? $hub_env[$hub['hubloc_site_id']] : '');
+			$env = $hub_env[$hub['hubloc_site_id']] ?? '';
+
 			if ((self::$private) && (!$env)) {
 				continue;
 			}
@@ -694,11 +689,11 @@ class Notifier {
 
 		}
 
-		if ($normal_mode) {
+		if ($normal_mode && is_array($target_item)) {
 			// This wastes a process if there are no delivery hooks configured, so check this before launching the new process
 			$x = q("select * from hook where hook = 'notifier_normal'");
 			if ($x) {
-				Master::Summon(['Deliver_hooks', $target_item['id'], self::$fragment]);
+				Master::Summon(['Deliver_hooks', $target_item['id']]);
 			}
 		}
 

Zotlabs/Daemon/Onedirsync.php

@@ -15,61 +15,45 @@ class Onedirsync {
 			$update_id = intval($argv[1]);
 
 		if (!$update_id) {
-			logger('onedirsync: no update');
+			logger('onedirsync: no update id');
 			return;
 		}
 
-		$r = q("select * from updates where ud_id = %d limit 1",
+		$r = q("select * from updates where ud_id = %d",
 			intval($update_id)
 		);
 
-		if (!$r)
-			return;
-
-		if (($r[0]['ud_flags'] & UPDATE_FLAGS_UPDATED) || (!$r[0]['ud_addr']))
-			return;
-
-		// Have we probed this channel more recently than the other directory server
-		// (where we received this update from) ?
-		// If we have, we don't need to do anything except mark any older entries updated
-
-		$x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d )>0 order by ud_date desc limit 1",
-			dbesc($r[0]['ud_addr']),
-			dbesc($r[0]['ud_date']),
-			intval(UPDATE_FLAGS_UPDATED)
-		);
-		if ($x) {
-			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 and ud_date != '%s'",
-				intval(UPDATE_FLAGS_UPDATED),
-				dbesc($r[0]['ud_addr']),
-				intval(UPDATE_FLAGS_UPDATED),
-				dbesc($x[0]['ud_date'])
-			);
+		if (!$r) {
+			logger('onedirsync: update id not found');
 			return;
 		}
 
 		// ignore doing an update if this ud_addr refers to a known dead hubloc
 
-		$h = q("select * from hubloc where hubloc_addr = '%s'",
+		$h = q("select * from hubloc where hubloc_id_url = '%s' order by hubloc_id desc",
 			dbesc($r[0]['ud_addr']),
 		);
 
 		$h = Libzot::zot_record_preferred($h);
 
 		if (($h) && (($h['hubloc_status'] & HUBLOC_OFFLINE) || $h['hubloc_deleted'] || $h['hubloc_error'])) {
-			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 ",
-				intval(UPDATE_FLAGS_DELETED),
-				dbesc($r[0]['ud_addr']),
-				intval(UPDATE_FLAGS_UPDATED)
-			);
-			return;
+
+			// 2023-04-12: Try to update anyway since the info is not always correct
+			// This might change after all directory servers run the new code.
+
+			// q("update updates set ud_flags = 9 where ud_hash = '%s' and ud_flags != 9",
+			//	dbesc($r[0]['ud_hash'])
+			//);
+
+			// return;
 		}
 
 		// we might have to pull this out some day, but for now update_directory_entry()
 		// runs zot_finger() and is kind of zot specific
 
-		if ($h && $h['hubloc_network'] !== 'zot6')
+		if ($h && $h['hubloc_network'] !== 'zot6') {
 			return;
+		}
 
 		Libzotdir::update_directory_entry($r[0]);
 

Zotlabs/Daemon/Onepoll.php

@@ -30,14 +30,10 @@ class Onepoll {
 			$sql_extra = ' and abook_feed = 0 ';
 		}
 
-		$contacts = q("SELECT abook.*, xchan.*, account.*
-			FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan
-			where abook_id = %d $sql_extra
-			and abook_pending = 0 and abook_archived = 0 and abook_blocked = 0 and abook_ignored = 0
-			AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1",
-			intval($contact_id),
-			intval(ACCOUNT_OK),
-			intval(ACCOUNT_UNVERIFIED)
+		$contacts = q("SELECT abook.*, xchan.* FROM abook
+			LEFT JOIN xchan ON xchan_hash = abook_xchan
+			WHERE abook_id = %d",
+			intval($contact_id)
 		);
 
 		if (!$contacts) {
@@ -64,12 +60,21 @@ class Onepoll {
 		if ($contact['xchan_network'] === 'rss') {
 			logger('onepoll: processing feed ' . $contact['xchan_name'], LOGGER_DEBUG);
 			$alive = handle_feed($importer['channel_id'], $contact_id, $contact['xchan_hash']);
-			if ($alive) {
-				q("update abook set abook_connected = '%s' where abook_id = %d",
+
+			if (!$alive) {
+				q("update abook set abook_updated = '%s' where abook_id = %d",
 					dbesc(datetime_convert()),
 					intval($contact['abook_id'])
 				);
+				return;
 			}
+
+			q("update abook set abook_updated = '%s', abook_connected = '%s' where abook_id = %d",
+				dbesc(datetime_convert()),
+				dbesc(datetime_convert()),
+				intval($contact['abook_id'])
+			);
+
 			return;
 		}
 
@@ -163,6 +168,7 @@ class Onepoll {
 							$AS = new ActivityStreams($message);
 							if ($AS->is_valid() && is_array($AS->obj)) {
 								$item = Activity::decode_note($AS);
+								$item['item_fetched'] = true;
 								Activity::store($importer, $contact['abook_xchan'], $AS, $item);
 							}
 						}

Zotlabs/Daemon/Poller.php

@@ -17,21 +17,7 @@ class Poller {
 			}
 		}
 
-		$interval = intval(get_config('system', 'poll_interval'));
-		if (!$interval)
-			$interval = ((get_config('system', 'delivery_interval') === false) ? 3 : intval(get_config('system', 'delivery_interval')));
-
-		// Check for a lockfile.  If it exists, but is over an hour old, it's stale.  Ignore it.
-		$lockfile = 'store/[data]/poller';
-		if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 3600))
-			&& (!get_config('system', 'override_poll_lockfile'))) {
-			logger("poller: Already running");
-			return;
-		}
-
-		// Create a lockfile.  Needs two vars, but $x doesn't need to contain anything.
-		$x = '';
-		file_put_contents($lockfile, $x);
+		$interval = get_config('queueworker', 'queue_interval', 500000);
 
 		logger('poller: start');
 
@@ -63,6 +49,11 @@ class Poller {
 			: ''
 		);
 
+		$allow_feeds = get_config('system', 'feed_contacts');
+		if(!$allow_feeds) {
+			$sql_extra .= ' and abook_feed = 0 ';
+		}
+
 		$randfunc = db_getfunc('RAND');
 
 		$contacts = q("SELECT abook.abook_updated, abook.abook_connected, abook.abook_feed,
@@ -72,7 +63,7 @@ class Poller {
 			account.account_lastlog, account.account_flags
 			FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash
 			LEFT JOIN account on abook_account = account_id
-			where abook_self = 0
+			where abook_self = 0 and abook_pending = 0 and abook_archived = 0 and abook_blocked = 0 and abook_ignored = 0
 			$sql_extra
 			AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY $randfunc",
 			intval(ACCOUNT_OK),
@@ -93,13 +84,24 @@ class Poller {
 						$min = intval(get_config('system', 'minimum_feedcheck_minutes'));
 					if (!$min)
 						$min = 60;
-					$x = datetime_convert('UTC', 'UTC', "now - $min minutes");
-					if ($c < $x) {
-						Master::Summon(['Onepoll', $contact['abook_id']]);
-						if ($interval)
-							@time_sleep_until(microtime(true) + (float)$interval);
+
+					if ($t !== $c) {
+						// if the last fetch failed only attempt fetch once a day
+						$min = 60 * 24;
 					}
+
+					$x = datetime_convert('UTC', 'UTC', "now - $min minutes");
+
+					if ($t < $x) {
+						Master::Summon(['Onepoll', $contact['abook_id']]);
+
+						if ($interval) {
+							usleep($interval);
+						}
+					}
+
 					continue;
+
 				}
 
 				if ($contact['xchan_network'] !== 'zot6')
@@ -158,20 +160,22 @@ class Poller {
 					continue;
 
 				Master::Summon(['Onepoll', $contact['abook_id']]);
-				if ($interval)
-					@time_sleep_until(microtime(true) + (float)$interval);
 
+				if ($interval) {
+					usleep($interval);
+				}
 			}
 		}
 
 		$dirmode = intval(get_config('system', 'directory_mode'));
 
 		if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
-			$r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last <= '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ",
-				intval(UPDATE_FLAGS_UPDATED),
+			$r = q("SELECT * FROM updates WHERE ud_update = 1 AND (ud_last = '%s' OR ud_last > %s - INTERVAL %s)",
 				dbesc(NULL_DATE),
-				db_utcnow(), db_quoteinterval('7 DAY')
+				db_utcnow(),
+				db_quoteinterval('7 DAY')
 			);
+
 			if ($r) {
 				foreach ($r as $rr) {
 
@@ -181,19 +185,18 @@ class Poller {
 					if ($rr['ud_last'] > NULL_DATE)
 						if ($rr['ud_last'] > datetime_convert('UTC', 'UTC', 'now - 1 day'))
 							continue;
+
 					Master::Summon(['Onedirsync', $rr['ud_id']]);
-					if ($interval)
-						@time_sleep_until(microtime(true) + (float)$interval);
+
+					if ($interval) {
+						usleep($interval);
+					}
 				}
 			}
 		}
 
 		set_config('system', 'lastpoll', datetime_convert());
 
-		//All done - clear the lockfile
-
-		@unlink($lockfile);
-
 		return;
 	}
 }

Zotlabs/Daemon/Queue.php

@@ -7,77 +7,57 @@ use Zotlabs\Lib\Queue as LibQueue;
 class Queue {
 
 	static public function run($argc, $argv) {
-
-		require_once('include/items.php');
-		require_once('include/bbcode.php');
-
-		if ($argc > 1)
-			$queue_id = $argv[1];
-		else
-			$queue_id = EMPTY_STR;
+		$queue_id = ($argc > 1) ? $argv[1] : '';
 
 		logger('queue: start');
 
 		// delete all queue items more than 3 days old
 		// but first mark these sites dead if we haven't heard from them in a month
 
-		$r = q("select outq_posturl from outq where outq_created < %s - INTERVAL %s",
-			db_utcnow(), db_quoteinterval('3 DAY')
+		$oldqItems = q("select outq_posturl, outq_hash from outq where outq_created < %s - INTERVAL %s",
+			db_utcnow(),
+			db_quoteinterval('3 DAY')
 		);
-		if ($r) {
-			foreach ($r as $rr) {
-				$h       = parse_url($rr['outq_posturl']);
-				$desturl = $h['scheme'] . '://' . $h['host'] . (isset($h['port']) ? ':' . $h['port'] : '');
+
+		if ($oldqItems) {
+			foreach ($oldqItems as $qItem) {
+				$h = parse_url($qItem['outq_posturl']);
+				$site_url = $h['scheme'] . '://' . $h['host'] . ((!empty($h['port'])) ? ':' . $h['port'] : '');
 				q("update site set site_dead = 1 where site_dead = 0 and site_url = '%s' and site_update < %s - INTERVAL %s",
-					dbesc($desturl),
-					db_utcnow(), db_quoteinterval('1 MONTH')
+					dbesc($site_url),
+					db_utcnow(),
+					db_quoteinterval('1 MONTH')
 				);
 			}
+
+			$old_hashes = ids_to_querystr($oldqItems, 'outq_hash', true);
+
+			logger('Removing ' . count($oldqItems) . ' old queue entries');
+			dbq("DELETE FROM outq WHERE outq_hash IN ($old_hashes)");
+
 		}
 
-		q("DELETE FROM outq WHERE outq_created < %s - INTERVAL %s",
-			db_utcnow(), db_quoteinterval('3 DAY')
-		);
+		$deliveries = [];
 
 		if ($queue_id) {
-			$r = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1",
+			$qItems = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1",
 				dbesc($queue_id)
 			);
+			logger('queue deliver: ' . $qItems[0]['outq_hash'] . ' to ' . $qItems[0]['outq_posturl'], LOGGER_DEBUG);
+			LibQueue::deliver($qItems[0]);
 		}
 		else {
-
-			// For the first 12 hours we'll try to deliver every 15 minutes
-			// After that, we'll only attempt delivery once per hour.
-			// This currently only handles the default queue drivers ('zot' or '') which we will group by posturl
-			// so that we don't start off a thousand deliveries for a couple of dead hubs.
-			// The zot driver will deliver everything destined for a single hub once contact is made (*if* contact is made).
-			// Other drivers will have to do something different here and may need their own query.
-
-			// Note: this requires some tweaking as new posts to long dead hubs once a day will keep them in the
-			// "every 15 minutes" category. We probably need to prioritise them when inserted into the queue
-			// or just prior to this query based on recent and long-term delivery history. If we have good reason to believe
-			// the site is permanently down, there's no reason to attempt delivery at all, or at most not more than once
-			// or twice a day.
-
-			$sqlrandfunc = db_getfunc('rand');
-
-			$r = q("SELECT *,$sqlrandfunc as rn FROM outq WHERE outq_delivered = 0 and outq_scheduled < %s order by rn limit 1",
+			$qItems = q("SELECT outq_hash FROM outq WHERE outq_scheduled < %s ",
 				db_utcnow()
 			);
-			while ($r) {
-				foreach ($r as $rv) {
-					LibQueue::deliver($rv);
-				}
-				$r = q("SELECT *,$sqlrandfunc as rn FROM outq WHERE outq_delivered = 0 and outq_scheduled < %s order by rn limit 1",
-					db_utcnow()
-				);
-			}
-		}
-		if (!$r)
-			return;
 
-		foreach ($r as $rv) {
-			LibQueue::deliver($rv);
-		}
+			if ($qItems) {
+				foreach ($qItems as $qItem) {
+					$deliveries[] = $qItem['outq_hash'];
+				}
+				do_delivery($deliveries, true);
+			}
+		 }
 	}
+
 }

Zotlabs/Daemon/Thumbnail.php

@@ -73,5 +73,7 @@ class Thumbnail {
 				|| (filectime(dbunescbin($attach['content']) . 'thumb') < (time() - 60)))) {
 			$default_controller->Thumb($attach, $preview_style, $preview_width, $preview_height);
 		}
+
+		return;
 	}
 }

Zotlabs/Daemon/Zotconvo.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace Zotlabs\Daemon;
+
+use Zotlabs\Lib\Libzot;
+
+class Zotconvo {
+
+	static public function run($argc, $argv) {
+
+		logger('Zotconvo invoked: ' . print_r($argv, true));
+
+		if ($argc != 3) {
+			return;
+		}
+
+		$mid = $argv[2];
+		if (!$mid) {
+			return;
+		}
+
+		$channel = channelx_by_n(intval($argv[1]));
+		if (!$channel) {
+			return;
+		}
+
+		Libzot::fetch_conversation($channel, $mid);
+
+		return;
+
+	}
+}

Zotlabs/Lib/ASCollection.php

@@ -24,6 +24,8 @@ class ASCollection {
 		$this->direction = $direction;
 		$this->limit     = $limit;
 
+		$data = null;
+
 		if (is_array($obj)) {
 			$data = $obj;
 		}
@@ -147,4 +149,4 @@ class ASCollection {
 		}
 		logger('nextpage: ' . $this->nextpage, LOGGER_DEBUG);
 	}
-}
+}

Zotlabs/Lib/AbConfig.php

@@ -6,12 +6,17 @@ namespace Zotlabs\Lib;
 class AbConfig {
 
 	static public function Load($chan,$xhash,$family = '') {
-		if($family)
+		$where = '';
+
+		if($family) {
 			$where = sprintf(" and cat = '%s' ",dbesc($family));
+		}
+
 		$r = q("select * from abconfig where chan = %d and xchan = '%s' $where",
 			intval($chan),
 			dbesc($xhash)
 		);
+
 		return $r;
 	}
 
@@ -21,7 +26,7 @@ class AbConfig {
 			intval($chan),
 			dbesc($xhash),
 			dbesc($family),
-			dbesc($key)		
+			dbesc($key)
 		);
 		if($r) {
 			return ((preg_match('|^a:[0-9]+:{.*}$|s', $r[0]['v'])) ? unserialize($r[0]['v']) : $r[0]['v']);
@@ -41,19 +46,19 @@ class AbConfig {
 				dbesc($xhash),
 				dbesc($family),
 				dbesc($key),
-				dbesc($dbvalue)		
+				dbesc($dbvalue)
 			);
 		}
 		else {
 			$r = q("update abconfig set v = '%s' where chan = %d and xchan = '%s' and cat = '%s' and k = '%s' ",
-				dbesc($dbvalue),		
+				dbesc($dbvalue),
 				dbesc($chan),
 				dbesc($xhash),
 				dbesc($family),
 				dbesc($key)
 			);
 		}
-	
+
 		if($r)
 			return $value;
 		return false;

Zotlabs/Lib/Activity.php

@@ -68,6 +68,10 @@ class Activity {
 		else {
 			$m = parse_url($url);
 
+			if (!$m) {
+				return null;
+			}
+
 			// handle bearcaps
 			if ($m['scheme'] === 'bear') {
 				$params = explode('&', $m['query']);
@@ -117,7 +121,7 @@ class Activity {
 			$y = json_decode($x['body'], true);
 			logger('returned: ' . json_encode($y, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES), LOGGER_DEBUG);
 
-			if (ActivityStreams::is_an_actor($y['type'])) {
+			if (isset($y['type']) && ActivityStreams::is_an_actor($y['type'])) {
 				XConfig::Set($y['id'], 'system', 'actor_record', $y);
 			}
 
@@ -285,7 +289,7 @@ class Activity {
 
 	static function encode_item_collection($items, $id, $type, $total = 0) {
 
-		if ($total > 30) {
+		if ($total > App::$pager['itemspage']) {
 			$ret = [
 				'id'   => z_root() . '/' . $id,
 				'type' => $type . 'Page',
@@ -415,10 +419,6 @@ class Activity {
 			$objtype = self::activity_obj_mapper($i['obj_type']);
 		}
 
-		if ($i['obj']) {
-			$ret = Activity::encode_object($i['obj']);
-		}
-
 		if (intval($i['item_deleted'])) {
 			$ret['type']       = 'Tombstone';
 			$ret['formerType'] = $objtype;
@@ -430,7 +430,7 @@ class Activity {
 			return $ret;
 		}
 
-		if ($i['obj']) {
+		if (isset($i['obj']) && $i['obj']) {
 			if (is_array($i['obj'])) {
 				$ret = $i['obj'];
 			}
@@ -541,6 +541,7 @@ class Activity {
 
 		call_hooks('encode_item', $hookinfo);
 
+
 		return $hookinfo['encoded'];
 
 	}
@@ -621,6 +622,10 @@ class Activity {
 			$atts = ((is_array($item['attach'])) ? $item['attach'] : json_decode($item['attach'], true));
 			if ($atts) {
 				foreach ($atts as $att) {
+					if (!isset($att['type'], $att['href'])) {
+						continue;
+					}
+
 					if (isset($att['type']) && strpos($att['type'], 'image')) {
 						$ret[] = ['type' => 'Image', 'url' => $att['href']];
 					}
@@ -667,6 +672,7 @@ class Activity {
 				}
 			}
 		}
+
 		return $ret;
 	}
 
@@ -674,7 +680,7 @@ class Activity {
 
 		$ret = [];
 
-		if (isset($item['attachment'])) {
+		if (isset($item['attachment']) && is_array($item['attachment'])) {
 			$ptr = $item['attachment'];
 			if (!array_key_exists(0, $ptr)) {
 				$ptr = [$ptr];
@@ -694,6 +700,13 @@ class Activity {
 				if (array_key_exists('name', $att) && $att['name']) {
 					$entry['name'] = html2plain(purify_html($att['name']), 256);
 				}
+				// Friendica attachments don't match the URL in the body.
+				// This makes it more difficult to detect image duplication in bb_attach()
+				// which adds images to plaintext microblog software. For these we need to examine both the
+				// url and image properties.
+				if (isset($att['image']) && is_string($att['image']) && isset($att['url']) && $att['image'] !== $att['url']) {
+					$entry['image'] = $att['image'];
+				}
 				if ($entry) {
 					$ret[] = $entry;
 				}
@@ -717,7 +730,7 @@ class Activity {
 
 		$ret['type'] = self::activity_mapper($i['verb']);
 
-		if (intval($i['item_deleted']) && !$recurse) {
+		if ((isset($i['item_deleted']) && intval($i['item_deleted'])) && !$recurse) {
 			$is_response = false;
 
 			if (ActivityStreams::is_response_activity($ret['type'])) {
@@ -801,10 +814,10 @@ class Activity {
 
 		$ret['diaspora:guid'] = $i['uuid'];
 
-		if ($i['title'])
+		if (isset($i['title']) && $i['title'])
 			$ret['name'] = html2plain(bbcode($i['title'], ['cache' => true]));
 
-		if ($i['summary'])
+		if (isset($i['summary']) && $i['summary'])
 			$ret['summary'] = bbcode($i['summary'], ['cache' => true]);
 
 		if ($ret['type'] === 'Announce') {
@@ -817,12 +830,18 @@ class Activity {
 		}
 
 		$ret['published'] = datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME);
-		if ($i['created'] !== $i['edited'])
+
+		if (isset($i['created'], $i['edited']) && $i['created'] !== $i['edited']) {
 			$ret['updated'] = datetime_convert('UTC', 'UTC', $i['edited'], ATOM_TIME);
-		if ($i['app']) {
+			if ($ret['type'] === 'Create') {
+				$ret['type'] = 'Update';
+			}
+		}
+
+		if (isset($i['app']) && $i['app']) {
 			$ret['generator'] = ['type' => 'Application', 'name' => $i['app']];
 		}
-		if ($i['location'] || $i['coord']) {
+		if (isset($i['location']) || isset($i['coord'])) {
 			$ret['location'] = ['type' => 'Place'];
 			if ($i['location']) {
 				$ret['location']['name'] = $i['location'];
@@ -851,7 +870,7 @@ class Activity {
 		else
 			return [];
 
-		if ($i['obj']) {
+		if (isset($i['obj']) && $i['obj']) {
 			if (!is_array($i['obj'])) {
 				$i['obj'] = json_decode($i['obj'], true);
 			}
@@ -879,7 +898,7 @@ class Activity {
 			$ret['type'] = 'Invite';
 		}
 
-		if ($i['target']) {
+		if (isset($i['target']) && $i['target']) {
 			if (!is_array($i['target'])) {
 				$i['target'] = json_decode($i['target'], true);
 			}
@@ -1318,7 +1337,8 @@ class Activity {
 			}
 		}
 
-		$x           = PermissionRoles::role_perms('personal');
+		$role = get_pconfig($channel['channel_id'], 'system', 'permissions_role', 'personal');
+		$x = PermissionRoles::role_perms($role);
 		$their_perms = Permissions::FilledPerms($x['perms_connect']);
 
 		if ($contact && $contact['abook_id']) {
@@ -1343,10 +1363,15 @@ class Activity {
 					return;
 
 				case 'Accept':
+					// They accepted our Follow request.
+					// Set default permissions except for send_stream and post_wall
 
-					// They accepted our Follow request - set default permissions
-
-					set_abconfig($channel['channel_id'], $contact['abook_xchan'], 'system', 'their_perms', $their_perms);
+					foreach ($their_perms as $k => $v) {
+						if(in_array($k, ['send_stream', 'post_wall'])) {
+							$v = 0; // Those will be set once we accept their follow request
+						}
+						set_abconfig($channel['channel_id'], $contact['abook_xchan'], 'their_perms', $k, $v);
+					}
 
 					$abook_instance = $contact['abook_instance'];
 
@@ -1596,15 +1621,18 @@ class Activity {
 		// we already store this in Activity::fetch()
 		// XConfig::Set($url, 'system', 'actor_record', $person_obj);
 
-		$name = $person_obj['name'];
+		$name = $person_obj['name'] ?? '';
 		if (!$name) {
-			$name = $person_obj['preferredUsername'];
+			$name = $person_obj['preferredUsername'] ?? '';
 		}
 		if (!$name) {
 			$name = t('Unknown');
 		}
 
 		$webfinger_addr = '';
+		$hostname = '';
+		$baseurl  = '';
+		$site_url = '';
 
 		$m = parse_url($url);
 		if ($m) {
@@ -1613,7 +1641,7 @@ class Activity {
 			$site_url = $m['scheme'] . '://' . $m['host'];
 		}
 
-		if (!empty($person_obj['preferredUsername']) && isset($parsed_url['host'])) {
+		if (!empty($person_obj['preferredUsername']) && $hostname) {
 			$webfinger_addr = escape_tags($person_obj['preferredUsername']) . '@' . $hostname;
 		}
 
@@ -1640,7 +1668,7 @@ class Activity {
 		$links   = false;
 		$profile = false;
 
-		if (is_array($person_obj['url'])) {
+		if (isset($person_obj['url']) && is_array($person_obj['url'])) {
 			if (!array_key_exists(0, $person_obj['url'])) {
 				$links = [$person_obj['url']];
 			}
@@ -1649,7 +1677,7 @@ class Activity {
 			}
 		}
 
-		if ($links) {
+		if (is_array($links) && $links) {
 			foreach ($links as $link) {
 				if (is_array($link) && array_key_exists('mediaType', $link) && $link['mediaType'] === 'text/html') {
 					$profile = $link['href'];
@@ -1676,6 +1704,8 @@ class Activity {
 			}
 		}
 
+		$group_actor = ($person_obj['type'] === 'Group');
+
 		$r = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s'",
 			dbesc($url)
 		);
@@ -1694,18 +1724,17 @@ class Activity {
 			);
 
 			// update existing xchan record
-			q("update xchan set xchan_name = '%s', xchan_guid = '%s', xchan_pubkey = '%s', xchan_addr = '%s', xchan_network = 'activitypub', xchan_name_date = '%s' where xchan_hash = '%s'",
+			q("update xchan set xchan_name = '%s', xchan_pubkey = '%s', xchan_addr = '%s', xchan_network = 'activitypub', xchan_name_date = '%s', xchan_pubforum = %d where xchan_hash = '%s'",
 				dbesc(escape_tags($name)),
-				dbesc($url),
 				dbesc(escape_tags($pubkey)),
 				dbesc(escape_tags($webfinger_addr)),
 				dbescdate(datetime_convert()),
+				intval($group_actor),
 				dbesc($url)
 			);
 
 			// update existing hubloc record
-			q("update hubloc set hubloc_guid = '%s', hubloc_addr = '%s', hubloc_network = 'activitypub', hubloc_url = '%s', hubloc_host = '%s', hubloc_callback = '%s', hubloc_updated = '%s', hubloc_id_url = '%s' where hubloc_hash = '%s'",
-				dbesc($url),
+			q("update hubloc set hubloc_addr = '%s', hubloc_network = 'activitypub', hubloc_url = '%s', hubloc_host = '%s', hubloc_callback = '%s', hubloc_updated = '%s', hubloc_id_url = '%s' where hubloc_hash = '%s'",
 				dbesc(escape_tags($webfinger_addr)),
 				dbesc($baseurl),
 				dbesc($hostname),
@@ -1727,7 +1756,8 @@ class Activity {
 					'xchan_url'       => $profile,
 					'xchan_name'      => escape_tags($name),
 					'xchan_name_date' => datetime_convert(),
-					'xchan_network'   => 'activitypub'
+					'xchan_network'   => 'activitypub',
+					'xchan_pubforum'  => intval($group_actor)
 				]
 			);
 
@@ -1756,6 +1786,10 @@ class Activity {
 				dbesc($url)
 			);
 			if (!$zx) {
+				// FIXME: we might need to fetch and store this url immediately
+				// otherwise at least the first post of a yet unknown author might
+				// be stored with the activitypub url instead of the portable id.
+				// Another solution could be to fix the items after Gprobe has done its work.
 				Master::Summon(['Gprobe', bin2hex($url)]);
 			}
 		}
@@ -2069,16 +2103,29 @@ class Activity {
 
 	}
 
-	static function update_poll($item, $post) {
+	static function update_poll($item_id, $post) {
 
 		$multi   = false;
 		$mid     = $post['mid'];
 		$content = $post['title'];
 
-		if (!$item) {
+		if (!$item_id) {
 			return false;
 		}
 
+		dbq("START TRANSACTION");
+
+		$item = q("SELECT * FROM item WHERE id = %d FOR UPDATE",
+			intval($item_id)
+		);
+
+		if (!$item) {
+			dbq("COMMIT");
+			return false;
+		}
+
+		$item = $item[0];
+
 		$o = json_decode($item['obj'], true);
 		if ($o && array_key_exists('anyOf', $o)) {
 			$multi = true;
@@ -2150,36 +2197,45 @@ class Activity {
 		}
 		logger('updated_poll: ' . print_r($o, true), LOGGER_DATA);
 		if ($answer_found && !$found) {
-			q("update item set obj = '%s', edited = '%s' where id = %d",
+			$u = q("update item set obj = '%s', edited = '%s' where id = %d",
 				dbesc(json_encode($o)),
 				dbesc(datetime_convert()),
 				intval($item['id'])
 			);
 
-			Master::Summon(['Notifier', 'wall-new', $item['id'], $post['mid'] /* trick queueworker de-duplication  */ ]);
-			return true;
+			if ($u) {
+				dbq("COMMIT");
+
+				if ($multi) {
+					// wait some seconds for possible multiple answers to be processed
+					// before calling the notifier
+					sleep(3);
+				}
+
+				Master::Summon(['Notifier', 'wall-new', $item['id']]);
+				return true;
+			}
+
+			dbq("ROLLBACK");
+
 		}
 
+		dbq("COMMIT");
 		return false;
 	}
 
 	static function decode_note($act) {
-
 		$response_activity = false;
-
 		$s = [];
 
 		// These activities should have been handled separately in the Inbox module and should not be turned into posts
 
 		if (
 			in_array($act->type, ['Follow', 'Accept', 'Reject', 'Create', 'Update']) &&
-			is_array($act->obj) &&
-			array_key_exists('type', $act->obj) &&
-			($act->obj['type'] === 'Follow' || ActivityStreams::is_an_actor($act->obj['type']))
+			($act->objprop('type') === 'Follow' || ActivityStreams::is_an_actor($act->objprop('type')))
 		) {
 			return false;
 		}
-
 		// Within our family of projects, Follow/Unfollow of a thread is an internal activity which should not be transmitted,
 		// hence if we receive it - ignore or reject it.
 		// Unfollow is not defined by ActivityStreams, which prefers Undo->Follow.
@@ -2200,11 +2256,13 @@ class Activity {
 		$s['owner_xchan']  = $act->actor['id'];
 		$s['author_xchan'] = $act->actor['id'];
 
+		$content = [];
+
 		if (is_array($act->obj)) {
 			$content = self::get_content($act->obj);
 		}
 
-		$s['mid'] = ((is_array($act->obj) && isset($act->obj['id'])) ? $act->obj['id'] : $act->obj);
+		$s['mid'] = $act->objprop('id') ?: $act->obj;
 
 		if (!$s['mid']) {
 			return false;
@@ -2212,7 +2270,7 @@ class Activity {
 
 		// Friendica sends the diaspora guid in a nonstandard field via AP
 		// If no uuid is provided we will create an uuid v5 from the mid
-		$s['uuid'] = ((is_array($act->obj) && isset($act->obj['diaspora:guid'])) ? $act->obj['diaspora:guid'] : uuid_from_url($s['mid']));
+		$s['uuid'] = (($act->objprop('diaspora:guid')) ?: uuid_from_url($s['mid']));
 
 		$s['parent_mid'] = $act->parent_id;
 
@@ -2220,24 +2278,24 @@ class Activity {
 			$s['created']   = datetime_convert('UTC', 'UTC', $act->data['published']);
 			$s['commented'] = $s['created'];
 		}
-		elseif (is_array($act->obj) && array_key_exists('published', $act->obj)) {
+		elseif ($act->objprop('published')) {
 			$s['created']   = datetime_convert('UTC', 'UTC', $act->obj['published']);
 			$s['commented'] = $s['created'];
 		}
 		if (array_key_exists('updated', $act->data)) {
 			$s['edited'] = datetime_convert('UTC', 'UTC', $act->data['updated']);
 		}
-		elseif (is_array($act->obj) && array_key_exists('updated', $act->obj)) {
+		elseif ($act->objprop('updated')) {
 			$s['edited'] = datetime_convert('UTC', 'UTC', $act->obj['updated']);
 		}
 		if (array_key_exists('expires', $act->data)) {
 			$s['expires'] = datetime_convert('UTC', 'UTC', $act->data['expires']);
 		}
-		elseif (is_array($act->obj) && array_key_exists('expires', $act->obj)) {
+		elseif ($act->objprop('expires')) {
 			$s['expires'] = datetime_convert('UTC', 'UTC', $act->obj['expires']);
 		}
 
-		if ($act->type === 'Invite' && is_array($act->obj) && array_key_exists('type', $act->obj) && $act->obj['type'] === 'Event') {
+		if ($act->type === 'Invite' && $act->objprop('type') === 'Event') {
 			$s['mid'] = $s['parent_mid'] = $act->id;
 		}
 
@@ -2246,9 +2304,18 @@ class Activity {
 			$response_activity = true;
 
 			$s['mid'] = $act->id;
-			$s['uuid'] = ((is_array($act->data) && isset($act->data['diaspora:guid'])) ? $act->data['diaspora:guid'] : uuid_from_url($s['mid']));
+			$s['uuid'] = ((!empty($act->data['diaspora:guid'])) ? $act->data['diaspora:guid'] : uuid_from_url($s['mid']));
 
-			$s['parent_mid'] = ((is_array($act->obj) && isset($act->obj['id'])) ? $act->obj['id'] : $act->obj);
+			if ($act->objprop('inReplyTo')) {
+				$s['parent_mid'] = $act->objprop('inReplyTo');
+			}
+
+			$s['thr_parent'] = $act->objprop('id') ?: $act->obj;
+
+			if (empty($s['parent_mid']) || empty($s['thr_parent'])) {
+				logger('response activity without parent_mid or thr_parent');
+				return;
+			}
 
 			// over-ride the object timestamp with the activity
 
@@ -2260,7 +2327,11 @@ class Activity {
 				$s['edited'] = datetime_convert('UTC', 'UTC', $act->data['updated']);
 			}
 
-			$obj_actor = ((isset($act->obj['actor'])) ? $act->obj['actor'] : $act->get_actor('attributedTo', $act->obj));
+			$obj_actor = $act->objprop('actor') ?: $act->get_actor('attributedTo', $act->obj);
+
+			if (!isset($obj_actor['id'])) {
+				return false;
+			}
 
 			// ensure we store the original actor
 			self::actor_store($obj_actor['id'], $obj_actor);
@@ -2268,14 +2339,14 @@ class Activity {
 			$mention = self::get_actor_bbmention($obj_actor['id']);
 
 			if ($act->type === 'Like') {
-				$content['content'] = sprintf(t('Likes %1$s\'s %2$s'), $mention, $act->obj['type']) . "\n\n" . $content['content'];
+				$content['content'] = sprintf(t('Likes %1$s\'s %2$s'), $mention, $act->obj['type']) . "\n\n" . $content['content'] ?? '';
 			}
 			if ($act->type === 'Dislike') {
-				$content['content'] = sprintf(t('Doesn\'t like %1$s\'s %2$s'), $mention, $act->obj['type']) . "\n\n" . $content['content'];
+				$content['content'] = sprintf(t('Doesn\'t like %1$s\'s %2$s'), $mention, $act->obj['type']) . "\n\n" . $content['content'] ?? '';
 			}
 
 			// handle event RSVPs
-			if (($act->obj['type'] === 'Event') || ($act->obj['type'] === 'Invite' && array_path_exists('object/type', $act->obj) && $act->obj['object']['type'] === 'Event')) {
+			if (($act->objprop('type') === 'Event') || ($act->objprop('type') === 'Invite' && array_path_exists('object/type', $act->obj) && $act->obj['object']['type'] === 'Event')) {
 				if ($act->type === 'Accept') {
 					$content['content'] = sprintf(t('Will attend %s\'s event'), $mention) . EOL . EOL . $content['content'];
 				}
@@ -2310,7 +2381,7 @@ class Activity {
 			$s['item_thread_top'] = 1;
 
 			// it is a parent node - decode the comment policy info if present
-			if (isset($act->obj['commentPolicy'])) {
+			if ($act->objprop('commentPolicy')) {
 				$until = strpos($act->obj['commentPolicy'], 'until=');
 				if ($until !== false) {
 					$s['comments_closed'] = datetime_convert('UTC', 'UTC', substr($act->obj['commentPolicy'], $until + 6));
@@ -2323,9 +2394,6 @@ class Activity {
 				if ($remainder) {
 					$s['comment_policy'] = $remainder;
 				}
-				if (!(isset($item['comment_policy']) && strlen($item['comment_policy']))) {
-					$s['comment_policy'] = 'contacts';
-				}
 			}
 		}
 
@@ -2339,7 +2407,7 @@ class Activity {
 		$s['summary'] = self::bb_content($content, 'summary');
 		$s['body']    = ((self::bb_content($content, 'bbcode') && (!$response_activity)) ? self::bb_content($content, 'bbcode') : self::bb_content($content, 'content'));
 
-		if (isset($act->obj['quoteUrl'])) {
+		if ($act->objprop('quoteUrl')) {
 			$quote_bbcode = self::get_quote_bbcode($act->obj['quoteUrl']);
 
 			if ($s['body']) {
@@ -2352,21 +2420,24 @@ class Activity {
 		$s['verb'] = self::activity_decode_mapper($act->type);
 
 		// Mastodon does not provide update timestamps when updating poll tallies which means race conditions may occur here.
-		if ($act->type === 'Update' && $act->obj['type'] === 'Question' && $s['edited'] === $s['created']) {
+		if ($act->type === 'Update' && $act->objprop('type') === 'Question' && $s['edited'] === $s['created']) {
 			$s['edited'] = datetime_convert();
 		}
 
-		if (in_array($act->type, ['Delete', 'Undo', 'Tombstone']) || ($act->type === 'Create' && $act->obj['type'] === 'Tombstone')) {
+		if (in_array($act->type, ['Delete', 'Undo', 'Tombstone']) || ($act->type === 'Create' && (isset($act->obj['type']) && $act->obj['type'] === 'Tombstone'))) {
 			$s['item_deleted'] = 1;
 		}
 
-		$s['obj_type'] = self::activity_obj_decode_mapper($act->obj['type']);
+		if (isset($act->obj['type'])) {
+			$s['obj_type'] = self::activity_obj_decode_mapper($act->obj['type']);
+		}
+
 		if ($s['obj_type'] === ACTIVITY_OBJ_NOTE && $s['mid'] !== $s['parent_mid']) {
 			$s['obj_type'] = ACTIVITY_OBJ_COMMENT;
 		}
 
 		$s['obj'] = $act->obj;
-		if (is_array($s['obj']) && array_path_exists('actor/id', $s['obj'])) {
+		if (array_path_exists('actor/id', $s['obj'])) {
 			$s['obj']['actor'] = $s['obj']['actor']['id'];
 		}
 
@@ -2442,29 +2513,27 @@ class Activity {
 				$s['attach'] = $a;
 			}
 
-			$a = self::decode_iconfig($act->obj);
+			$a = self::decode_iconfig($act->data);
 			if ($a) {
 				$s['iconfig'] = $a;
 			}
 		}
 
-		if (array_key_exists('type', $act->obj)) {
 
-			// Objects that might have media attachments which aren't already provided in the content element.
-			// We'll check specific media objects separately.
+		// Objects that might have media attachments which aren't already provided in the content element.
+		// We'll check specific media objects separately.
 
-			if (in_array($act->obj['type'], ['Article', 'Document', 'Event', 'Note', 'Page', 'Place', 'Question']) && isset($s['attach']) && $s['attach']) {
-				$s = self::bb_attach($s);
-			}
+		if (in_array($act->objprop('type',''), ['Article', 'Document', 'Event', 'Note', 'Page', 'Place', 'Question']) && !empty($s['attach'])) {
+			$s = self::bb_attach($s);
+		}
 
-			if ($act->obj['type'] === 'Question' && in_array($act->type, ['Create', 'Update'])) {
-				if (array_key_exists('endTime', $act->obj)) {
-					$s['comments_closed'] = datetime_convert('UTC', 'UTC', $act->obj['endTime']);
-				}
+		if ($act->objprop('type') === 'Question' && in_array($act->type, ['Create', 'Update'])) {
+			if ($act->objprop('endTime')) {
+				$s['comments_closed'] = datetime_convert('UTC', 'UTC', $act->obj['endTime']);
 			}
 		}
 
-		if (array_key_exists('closed', $act->obj)) {
+		if ($act->objprop('closed')) {
 			$s['comments_closed'] = datetime_convert('UTC', 'UTC', $act->obj['closed']);
 		}
 
@@ -2472,14 +2541,18 @@ class Activity {
 			if ($act->type === 'Announce') {
 				$s['author_xchan'] = self::get_attributed_to_actor_url($act);
 				$s['mid'] = $act->obj['id'];
-				$s['parent_mid'] = $act->obj['id'];
+
+				// Do not force new thread if the announce is from a group actor
+				if ($act->actor['type'] !== 'Group') {
+					$s['parent_mid'] = $act->obj['id'];
+				}
 			}
 
 			// we will need a hook here to extract magnet links e.g. peertube
 			// right now just link to the largest mp4 we find that will fit in our
 			// standard content region
 
-			if ($act->obj['type'] === 'Video') {
+			if ($act->objprop('type') === 'Video') {
 
 				$vtypes = [
 					'video/mp4',
@@ -2493,7 +2566,7 @@ class Activity {
 
 				// try to find a poster to display on the video element
 
-				if (array_key_exists('icon',$act->obj)) {
+				if ($act->objprop('icon')) {
 					if (is_array($act->obj['icon'])) {
 						if (array_key_exists(0,$act->obj['icon'])) {
 							$ptr = $act->obj['icon'];
@@ -2514,7 +2587,7 @@ class Activity {
 				$tag = (($poster) ? '[video poster="' . $poster . '"]' : '[video]' );
 				$ptr = null;
 
-				if (array_key_exists('url',$act->obj)) {
+				if ($act->objprop('url')) {
 					if (is_array($act->obj['url'])) {
 						if (array_key_exists(0,$act->obj['url'])) {
 							$ptr = $act->obj['url'];
@@ -2547,20 +2620,20 @@ class Activity {
 					if ($mps) {
 						usort($mps,[ '\Zotlabs\Lib\Activity', 'vid_sort' ]);
 						foreach ($mps as $m) {
-							if (intval($m['height']) < 500 && Activity::media_not_in_body($m['href'],$s['body'])) {
+							if (intval($m['height']) < 500 && self::media_not_in_body($m['href'],$s['body'])) {
 								$s['body'] = $tag . $m['href'] . '[/video]' . "\r\n" . $s['body'];
 								break;
 							}
 						}
 					}
-					elseif (is_string($act->obj['url']) && Activity::media_not_in_body($act->obj['url'],$s['body'])) {
+					elseif (is_string($act->obj['url']) && self::media_not_in_body($act->obj['url'],$s['body'])) {
 						$s['body'] = $tag . $act->obj['url'] . '[/video]' . "\r\n" . $s['body'];
 					}
 
 				}
 			}
 
-			if ($act->obj['type'] === 'Audio') {
+			if ($act->objprop('type') === 'Audio') {
 
 				$atypes = [
 					'audio/mpeg',
@@ -2592,7 +2665,7 @@ class Activity {
 
 			}
 
-			if ($act->obj['type'] === 'Image' && strpos($s['body'], 'zrl=') === false) {
+			if ($act->objprop('type') === 'Image' && strpos($s['body'], 'zrl=') === false) {
 
 				$ptr = null;
 
@@ -2621,7 +2694,7 @@ class Activity {
 			}
 
 
-			if ($act->obj['type'] === 'Page' && !$s['body']) {
+			if ($act->objprop('type') === 'Page' && !$s['body']) {
 
 				$ptr  = null;
 				$purl = EMPTY_STR;
@@ -2661,7 +2734,7 @@ class Activity {
 			}
 		}
 
-		if (in_array($act->obj['type'], ['Note', 'Article', 'Page'])) {
+		if (in_array($act->objprop('type', ''), ['Note', 'Article', 'Page'])) {
 			$ptr = null;
 
 			if (array_key_exists('url', $act->obj)) {
@@ -2696,10 +2769,8 @@ class Activity {
 			$s['item_private'] = 0;
 		}
 
-		if (is_array($act->obj)) {
-			if (array_key_exists('directMessage', $act->obj) && intval($act->obj['directMessage'])) {
-				$s['item_private'] = 2;
-			}
+		if ($act->objprop('directMessage')) {
+			$s['item_private'] = 2;
 		}
 
 		$ap_rawmsg = '';
@@ -2772,8 +2843,9 @@ class Activity {
 			set_iconfig($s, 'diaspora', 'fields', $diaspora_rawmsg, 1);
 		}
 
-		set_iconfig($s, 'activitypub', 'recips', $act->raw_recips);
-
+		if ($act->raw_recips) {
+			set_iconfig($s, 'activitypub', 'recips', $act->raw_recips);
+		}
 
 		$hookinfo = [
 			'act' => $act,
@@ -2781,18 +2853,14 @@ class Activity {
 		];
 
 		call_hooks('decode_note', $hookinfo);
-
-		$s = $hookinfo['s'];
-
-
-
-		return $s;
+		return $hookinfo['s'];
 
 	}
 
 	static function store($channel, $observer_hash, $act, $item, $fetch_parents = true, $force = false) {
 		$is_sys_channel = is_sys_channel($channel['channel_id']);
 		$is_child_node  = false;
+		$parent = null;
 
 		// TODO: not implemented
 		// Pleroma scrobbles can be really noisy and contain lots of duplicate activities. Disable them by default.
@@ -2804,26 +2872,31 @@ class Activity {
 			$is_child_node = true;
 		}
 
-		$allowed = false;
+		if (empty($item['item_fetched'])) {
+			$item['owner_xchan'] = $observer_hash;
+		}
 
-		// TODO: not implemented
-		// $permit_mentions = intval(PConfig::Get($channel['channel_id'], 'system','permit_all_mentions') && i_am_mentioned($channel,$item));
+		$allowed = false;
+		$permit_mentions = intval(PConfig::Get($channel['channel_id'], 'system','permit_all_mentions') && i_am_mentioned($channel, $item));
 
 		if ($is_child_node) {
 
-			$p = q("select * from item where mid = '%s' and uid = %d and item_wall = 1",
+			$parent = q("select * from item where mid = '%s' and uid = %d",
 				dbesc($item['parent_mid']),
 				intval($channel['channel_id'])
 			);
-			if ($p) {
+
+			// TODO: if we do not have a parent stop here and move the fetch to background?
+
+			if ($parent && $parent[0]['item_wall']) {
 				// set the owner to the owner of the parent
-				$item['owner_xchan'] = $p[0]['owner_xchan'];
+				$item['owner_xchan'] = $parent[0]['owner_xchan'];
 
 				// quietly reject group comment boosts by group owner
 				// (usually only sent via ActivityPub so groups will work on microblog platforms)
 				// This catches those activities if they slipped in via a conversation fetch
 
-				if ($p[0]['parent_mid'] !== $item['parent_mid']) {
+				if ($parent[0]['parent_mid'] !== $item['parent_mid']) {
 					if ($item['verb'] === 'Announce' && $item['author_xchan'] === $item['owner_xchan']) {
 						logger('group boost activity by group owner rejected');
 						return;
@@ -2832,8 +2905,8 @@ class Activity {
 
 				// check permissions against the author, not the sender
 				$allowed = perm_is_allowed($channel['channel_id'], $item['author_xchan'], 'post_comments');
-				if ((!$allowed)/* && $permit_mentions*/) {
-					if ($p[0]['owner_xchan'] === $channel['channel_hash']) {
+				if ((!$allowed) && $permit_mentions) {
+					if ($parent[0]['owner_xchan'] === $channel['channel_hash']) {
 						$allowed = false;
 					}
 					else {
@@ -2842,7 +2915,7 @@ class Activity {
 				}
 
 				// TODO: not implemented
-				/*if (absolutely_no_comments($p[0])) {
+				/*if (absolutely_no_comments($parent[0])) {
 					$allowed = false;
 				}*/
 
@@ -2864,13 +2937,14 @@ class Activity {
 			else {
 
 				$allowed = true;
+
 				// reject public stream comments that weren't sent by the conversation owner
 				if ($is_sys_channel && $item['owner_xchan'] !== $observer_hash && !$fetch_parents) {
 					$allowed = false;
 				}
 			}
 
-			if ($p && $p[0]['obj_type'] === 'Question') {
+			if ($parent && $parent[0]['obj_type'] === 'Question') {
 				if ($item['obj_type'] === ACTIVITY_OBJ_COMMENT && $item['title'] && (!$item['body'])) {
 					$item['obj_type'] = 'Answer';
 				}
@@ -2880,13 +2954,13 @@ class Activity {
 
 			// The $item['item_fetched'] flag is set in fetch_and_store_parents().
 			// In this case we should check against author permissions because sender is not owner.
-			if (perm_is_allowed($channel['channel_id'], ((isset($item['item_fetched']) && $item['item_fetched']) ? $item['author_xchan'] : $observer_hash), 'send_stream') || $is_sys_channel) {
+			if (perm_is_allowed($channel['channel_id'], ((!empty($item['item_fetched'])) ? $item['author_xchan'] : $observer_hash), 'send_stream') || $is_sys_channel) {
 				$allowed = true;
 			}
-			// TODO: not implemented
-			/*if ($permit_mentions) {
+
+			if ($permit_mentions) {
 				$allowed = true;
-			}*/
+			}
 		}
 
 		if (tgroup_check($channel['channel_id'], $item) && (!$is_child_node)) {
@@ -2995,50 +3069,29 @@ class Activity {
 
 		set_iconfig($item, 'activitypub', 'recips', $act->raw_recips);
 
-		// TODO: inheritPrivacy should probably be set in encode activity. Zap does not do so yet - check what this is about
-		if (!(isset($act->data['inheritPrivacy']) && $act->data['inheritPrivacy'])) {
-			if ($item['item_private']) {
-				$item['item_restrict'] = $item['item_restrict'] & 1;
-				if ($is_child_node) {
-					$item['allow_cid'] = '<' . $channel['channel_hash'] . '>';
-					$item['allow_gid'] = $item['deny_cid'] = $item['deny_gid'] = '';
-				}
-				logger('restricted');
-			}
-		}
-
 		if (intval($act->sigok)) {
 			$item['item_verified'] = 1;
 		}
 
-		$parent = null;
-
 		if ($is_child_node) {
-
-			$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
-				dbesc($item['parent_mid']),
-				intval($item['uid'])
-			);
-
 			if (!$parent) {
 				if (!plugin_is_installed('pubcrawl')) {
 					return;
 				}
-				else {
-					$fetch = false;
 
-					// TODO: debug
-					// if (perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && (PConfig::Get($channel['channel_id'],'system','hyperdrive',true) || $act->type === 'Announce')) {
-					if (perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') || $is_sys_channel) {
-						$fetch = (($fetch_parents) ? self::fetch_and_store_parents($channel, $observer_hash, $item, $force) : false);
-					}
+				$fetch = false;
 
-					if ($fetch) {
-						$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
-							dbesc($item['parent_mid']),
-							intval($item['uid'])
-						);
-					}
+				// TODO: debug
+				// if (perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && (PConfig::Get($channel['channel_id'],'system','hyperdrive',true) || $act->type === 'Announce')) {
+				if (perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') || $is_sys_channel) {
+					$fetch = (($fetch_parents) ? self::fetch_and_store_parents($channel, $observer_hash, $item, $force) : false);
+				}
+
+				if ($fetch) {
+					$parent = q("select * from item where mid = '%s' and uid = %d",
+						dbesc($item['parent_mid']),
+						intval($item['uid'])
+					);
 				}
 			}
 
@@ -3047,6 +3100,7 @@ class Activity {
 				return;
 			}
 
+/*
 			if ($parent[0]['parent_mid'] !== $item['parent_mid']) {
 				$item['thr_parent'] = $item['parent_mid'];
 			}
@@ -3054,7 +3108,25 @@ class Activity {
 				$item['thr_parent'] = $parent[0]['parent_mid'];
 			}
 			$item['parent_mid'] = $parent[0]['parent_mid'];
-			//$item['item_private'] = $parent[0]['item_private'];
+*/
+
+			/*
+			 *
+			 * Check for conversation privacy mismatches
+			 * We can only do this if we have a channel and we have fetched the parent
+			 *
+			 */
+
+			// public conversation, but this comment went rogue and was published privately
+			// hide it from everybody except the channel owner
+
+			if (intval($parent[0]['item_private']) === 0) {
+				if (intval($item['item_private'])) {
+					$item['item_restrict'] = $item['item_restrict'] | 1;
+					$item['allow_cid'] = '<' . $channel['channel_hash'] . '>';
+					$item['allow_gid'] = $item['deny_cid'] = $item['deny_gid'] = '';
+				}
+			}
 
 		}
 
@@ -3184,7 +3256,7 @@ class Activity {
 			$item = $hookinfo['item'];
 
 			if ($item) {
-				$item['item_fetched'] = 1;
+				$item['item_fetched'] = true;
 
 				if (intval($channel['channel_system']) && intval($item['item_private'])) {
 					$p = [];
@@ -3298,7 +3370,7 @@ class Activity {
 
 			return false;
 		}
-	*/
+
 	static public function fetch_and_store_replies($channel, $arr) {
 
 		logger('fetching replies');
@@ -3355,6 +3427,7 @@ class Activity {
 		}
 
 	}
+*/
 
 /* this is deprecated and not used anymore
 	static function announce_note($channel, $observer_hash, $act) {
@@ -3630,7 +3703,21 @@ class Activity {
 				if ($a['type'] === 'image/svg+xml' && strpos($item['body'], '[/svg]')) {
 					continue;
 				}
-				if (self::media_not_in_body($a['href'], $item['body'])) {
+				// Friendica attachment weirdness
+				// Check both the attachment image and href since they can be different and the one in the href is a different link with different resolution.
+				// Otheriwse you'll get duplicated images
+				if (isset($a['image'])) {
+					if (self::media_not_in_body($a['image'], $item['body']) && self::media_not_in_body($a['href'], $item['body'])) {
+						if (isset($a['name']) && $a['name']) {
+							$alt = htmlspecialchars($a['name'], ENT_QUOTES);
+							$item['body'] = '[img=' . $a['href']  . ']' . $alt . '[/img]' . "\r\n" . $item['body'];
+						} else {
+							$item['body'] = '[img]' . $a['href'] . '[/img]' . "\r\n" . $item['body'];
+						}
+					}
+					continue;
+				}
+				elseif (self::media_not_in_body($a['href'], $item['body'])) {
 					if (isset($a['name']) && $a['name']) {
 						$alt = htmlspecialchars($a['name'], ENT_QUOTES);
 						$item['body'] = '[img=' . $a['href']  . ']' . $alt . '[/img]' . "\r\n" . $item['body'];
@@ -3809,7 +3896,7 @@ class Activity {
 		}
 
 		if (array_path_exists('source/mediaType', $act) && array_path_exists('source/content', $act)) {
-			if ($act['source']['mediaType'] === 'text/bbcode') {
+			if (in_array($act['source']['mediaType'], ['text/bbcode', 'text/x-multicode'])) {
 				$content['bbcode'] = purify_html($act['source']['content']);
 			}
 		}
@@ -3910,18 +3997,18 @@ class Activity {
 
 		switch ($options) {
 			case 'activitypub':
-				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where hubloc_hash = '%s' and hubloc_deleted = 0 ",
+				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where hubloc_hash = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 					dbesc($url)
 				);
 				break;
 			case 'zot6':
-				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where hubloc_id_url = '%s' and hubloc_deleted = 0 ",
+				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where hubloc_id_url = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 					dbesc($url)
 				);
 				break;
 			case 'all':
 			default:
-				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where ( hubloc_id_url = '%s' OR hubloc_hash = '%s' ) and hubloc_deleted = 0 ",
+				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where ( hubloc_id_url = '%s' OR hubloc_hash = '%s' ) and hubloc_deleted = 0 order by hubloc_id desc",
 					dbesc($url),
 					dbesc($url)
 				);
@@ -3981,9 +4068,9 @@ class Activity {
 			if ($act->is_valid()) {
 				$content = self::get_content($act->obj);
 
-				$ret .= "[share author='" . urlencode($act->actor['name']) .
+				$ret .= "[share author='" . urlencode($act->actor['name'] ?? $act->actor['preferredUsername']) .
 					"' profile='" . $act->actor['id'] .
-					"' avatar='" . $act->actor['icon']['url'] .
+					"' avatar='" . ($act->actor['icon']['url'] ?? z_root() . '/' . get_default_profile_photo(80)) .
 					"' link='" . $act->obj['id'] .
 					"' auth='" . ((is_matrix_url($act->actor['id'])) ? 'true' : 'false') .
 					"' posted='" . $act->obj['published'] .

Zotlabs/Lib/ActivityStreams.php

@@ -113,7 +113,7 @@ class ActivityStreams {
 			// fetch recursive or embedded activities
 
 			if ($this->obj && is_array($this->obj) && array_key_exists('object', $this->obj)) {
-				$this->obj['object'] = $this->get_compound_property($this->obj['object']);
+				$this->obj['object'] = $this->get_compound_property('object', $this->obj);
 			}
 
 			if ($this->obj && is_array($this->obj) && isset($this->obj['actor']))
@@ -126,6 +126,7 @@ class ActivityStreams {
 			if ((!$this->parent_id) && is_array($this->obj) && isset($this->obj['inReplyTo'])) {
 				$this->parent_id = $this->obj['inReplyTo'];
 			}
+
 			if ((!$this->parent_id) && is_array($this->obj) && isset($this->obj['id'])) {
 				$this->parent_id = $this->obj['id'];
 			}
@@ -145,36 +146,59 @@ class ActivityStreams {
 		$this->saved_recips = $arr;
 	}
 
+	/**
+	 * @brief get single property from Activity object
+	 *
+	 * @param string $property
+	 * @param mixed $default return value if property or object not set
+	 *    or object is a string id which could not be fetched.
+	 * @return mixed
+	 */
+	public function objprop(string $property, mixed $default = false): mixed {
+		$x = $this->get_property_obj($property, $this->obj);
+		return (isset($x)) ? $x : $default;
+	}
+
 	/**
 	 * @brief Collects all recipients.
 	 *
-	 * @param string $base
+	 * @param mixed $base
 	 * @param string $namespace (optional) default empty
 	 * @return array
 	 */
-	function collect_recips($base = '', $namespace = '') {
-		$x = [];
+	public function collect_recips(mixed $base = '', string $namespace = ''): array {
+		$result = [];
+		$tmp = [];
 
 		$fields = ['to', 'cc', 'bto', 'bcc', 'audience'];
-		foreach ($fields as $f) {
-			$y = $this->get_compound_property($f, $base, $namespace);
-			if ($y) {
-				if (!is_array($this->raw_recips)) {
-					$this->raw_recips = [];
-				}
-
-				if (!is_array($y)) {
-					$y = [$y];
-				}
-				$this->raw_recips[$f] = $y;
-				$x                    = array_merge($x, $y);
+		foreach ($fields as $field) {
+			// don't expand these yet
+			$values = $this->get_property_obj($field, $base, $namespace);
+			if ($values) {
+				$values = force_array($values);
+				$tmp[$field] = $values;
+				$result = array_values(array_unique(array_merge($result, $values)));
+			}
+			// Merge the object recipients if they exist.
+			$values = $this->objprop($field);
+			if ($values) {
+				$values = force_array($values);
+				$tmp[$field] = ((isset($tmp[$field])) ? array_merge($tmp[$field], $values) : $values);
+				$result = array_values(array_unique(array_merge($result, $values)));
+			}
+			// remove duplicates
+			if (isset($tmp[$field])) {
+				$tmp[$field] = array_values(array_unique($tmp[$field]));
 			}
 		}
-// not yet ready for prime time
-//		$x = $this->expand($x,$base,$namespace);
-		return $x;
+		$this->raw_recips = $tmp;
+
+		// not yet ready for prime time
+		//      $result = $this->expand($result,$base,$namespace);
+		return $result;
 	}
 
+
 	function expand($arr, $base = '', $namespace = '') {
 		$ret = [];
 
@@ -341,6 +365,7 @@ class ActivityStreams {
 	 */
 	function get_compound_property($property, $base = '', $namespace = '', $first = false) {
 		$x = $this->get_property_obj($property, $base, $namespace);
+
 		if ($this->is_url($x)) {
 			$y = $this->fetch_property($x);
 			if (is_array($y)) {

Zotlabs/Lib/Apps.php

@@ -159,7 +159,7 @@ class Apps {
 		foreach(self::$available_apps as $iapp) {
 			if($iapp['app_id'] == hash('whirlpool',$app['name'])) {
 				$notfound = false;
-				if(($iapp['app_version'] !== $app['version'])
+				if((isset($app['version']) && $iapp['app_version'] !== $app['version'])
 					|| ($app['plugin'] && (! $iapp['app_plugin']))) {
 					return intval($iapp['app_id']);
 				}
@@ -236,6 +236,7 @@ class Apps {
 			$ret['photo'] = $baseurl . '/' . get_default_profile_photo(80);
 
 		$ret['type'] = 'system';
+		$ret['plugin'] = '';
 
 		foreach($ret as $k => $v) {
 			if(strpos($v,'http') === 0) {
@@ -600,12 +601,12 @@ class Apps {
 			'$edit' => ((local_channel() && $installed && $mode == 'edit') ? t('Edit') : ''),
 			'$delete' => ((local_channel() && $mode == 'edit') ? t('Delete') : ''),
 			'$undelete' => ((local_channel() && $mode == 'edit') ? t('Undelete') : ''),
-			'$settings_url' => ((local_channel() && $installed && $mode == 'list') ? $papp['settings_url'] : ''),
-			'$deleted' => $papp['deleted'],
+			'$settings_url' => ((local_channel() && $installed && $mode == 'list' && isset($papp['settings_url'])) ? $papp['settings_url'] : ''),
+			'$deleted' => $papp['deleted'] ?? false,
 			'$feature' => ((isset($papp['embed']) || $mode == 'edit') ? false : true),
 			'$pin' => ((isset($papp['embed']) || $mode == 'edit') ? false : true),
-			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
-			'$pinned' => ((strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true),
+			'$featured' => ((isset($papp['categories']) && strpos($papp['categories'], 'nav_featured_app') !== false) ? true : false),
+			'$pinned' => ((isset($papp['categories']) && strpos($papp['categories'], 'nav_pinned_app') !== false) ? true : false),
 			'$mode' => $mode,
 			'$add' => t('Add to app-tray'),
 			'$remove' => t('Remove from app-tray'),
@@ -644,7 +645,7 @@ class Apps {
 			);
 			if($r) {
 				if($app['uid']) {
-					if($app['categories'] && (! $app['term'])) {
+					if((isset($app['categories']) && $app['categories']) && !(isset($app['term']) && $app['term'])) {
 						$r[0]['term'] = q("select * from term where otype = %d and oid = %d",
 							intval(TERM_OBJ_APP),
 							intval($r[0]['id'])
@@ -1189,7 +1190,7 @@ class Apps {
 			$ret['success'] = true;
 			$ret['app_id'] = $darray['app_id'];
 		}
-		if($arr['categories']) {
+		if(isset($arr['categories']) && $arr['categories']) {
 			$x = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
 				dbesc($darray['app_id']),
 				intval($darray['app_channel'])
@@ -1287,7 +1288,7 @@ class Apps {
 				intval(TERM_OBJ_APP),
 				intval($x[0]['id'])
 			);
-			if($arr['categories']) {
+			if(isset($arr['categories']) && $arr['categories']) {
 				$y = explode(',',$arr['categories']);
 				if($y) {
 					foreach($y as $t) {

Zotlabs/Lib/Connect.php

@@ -69,7 +69,8 @@ class Connect {
 		$xchan_hash = '';
 		$sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : '');
 
-		$r = q("select * from xchan where ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s') $sql_options ",
+		// We need both, the xchan and the hubloc here hence use JOIN instead of LEFT JOIN
+		$r = q("SELECT * FROM xchan JOIN hubloc ON xchan_hash = hubloc_hash WHERE ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s') $sql_options ORDER BY hubloc_id DESC",
 			dbesc($url),
 			dbesc($url),
 			dbesc($url)
@@ -80,12 +81,13 @@ class Connect {
 			// reset results to the best record or the first if we don't have the best
 			// note: this is a single record and not an array of results
 
-			$r = Libzot::zot_record_preferred($r,'xchan_network');
+			$r = Libzot::zot_record_preferred($r, 'xchan_network');
 
 		}
 
 		$singleton = false;
 		$d = false;
+		$wf = false;
 
 		if (! $r) {
 
@@ -108,10 +110,12 @@ class Connect {
 
 		if ($wf || $d) {
 
+			$xchan_hash = (($wf) ? $wf : $url);
+
 			// something was discovered - find the record which was just created.
 
 			$r = q("select * from xchan where ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s' ) $sql_options",
-				dbesc(($wf) ? $wf : $url),
+				dbesc($xchan_hash),
 				dbesc($url),
 				dbesc($url)
 			);
@@ -119,7 +123,7 @@ class Connect {
 			// convert to a single record (once again preferring a zot solution in the case of multiples)
 
 			if ($r) {
-				$r = Libzot::zot_record_preferred($r,'xchan_network');
+				$r = Libzot::zot_record_preferred($r, 'xchan_network');
 			}
 		}
 

Zotlabs/Lib/DReport.php

@@ -94,19 +94,6 @@ class DReport {
 		if(! $c)
 			return false;
 
-		// legacy zot recipients add a space and their name to the xchan. remove it if true.
-
-		$legacy_recipient = strpos($dr['recipient'], ' ');
-		if($legacy_recipient !== false) {
-			$legacy_recipient_parts = explode(' ', $dr['recipient'], 2);
-			$rxchan = $legacy_recipient_parts[0];
-		}
-		else {
-			$rxchan = $dr['recipient'];
-		}
-
-
-
 		// is the recipient one of our connections, or do we want to store every report?
 
 		$pcf = get_pconfig($c[0]['channel_id'],'system','dreport_store_all');
@@ -117,7 +104,7 @@ class DReport {
 		// So if a remote site says they can't find us, that's no big surprise
 		// and just creates a lot of extra report noise
 
-		if(($dr['location'] !== z_root()) && ($dr['sender'] === $rxchan) && ($dr['status'] === 'recipient not found'))
+		if(($dr['location'] !== z_root()) && ($dr['sender'] === $dr['recipient']) && ($dr['status'] === 'recipient not found'))
 			return false;
 
 		// If you have a private post with a recipient list, every single site is going to report
@@ -126,14 +113,14 @@ class DReport {
 		// have a channel on that site.
 
 		$r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and hubloc_url = '%s'",
-			dbesc($rxchan),
+			dbesc($dr['recipient']),
 			dbesc($dr['location'])
 		);
 		if((! $r) && ($dr['status'] === 'recipient_not_found'))
 			return false;
 
 		$r = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
-			dbesc($rxchan),
+			dbesc($dr['recipient']),
 			intval($c[0]['channel_id'])
 		);
 		if($r)

Zotlabs/Lib/Enotify.php

@@ -122,8 +122,11 @@ class Enotify {
 	// e.g. "your post", "David's photo", etc.
 	$possess_desc = t('%s <!item_type!>');
 
+	$parent_mid = '';
+	$parent_item = [];
+
 // @@TODO: consider using switch instead of those elseif
-	if ($params['type'] == NOTIFY_MAIL) {
+	if (isset($params['type']) && $params['type'] == NOTIFY_MAIL) {
 		logger('notification: mail');
 		$subject = 	sprintf( t('[$Projectname:Notify] New direct message received at %s'), $sitename);
 
@@ -135,7 +138,7 @@ class Enotify {
 		$itemlink = $siteurl . '/hq/' . gen_link_id($params['item']['mid']);
 	}
 
-	elseif ($params['type'] === NOTIFY_COMMENT) {
+	elseif (isset($params['type']) && $params['type'] === NOTIFY_COMMENT) {
 		//logger("notification: params = " . print_r($params, true), LOGGER_DEBUG);
 
 		$moderated = (($params['item']['item_blocked'] == ITEM_MODERATED) ? true : false);
@@ -167,7 +170,7 @@ class Enotify {
 
 		}
 
-		$parent_mid = $params['parent_mid'];
+		$parent_mid = $params['parent_mid'] ?? '';
 
 		// Check to see if there was already a notify for this post.
 		// If so don't create a second notification
@@ -251,7 +254,7 @@ class Enotify {
 
 	}
 
-	elseif ($params['type'] === NOTIFY_LIKE) {
+	elseif (isset($params['type']) && $params['type'] === NOTIFY_LIKE) {
 //		logger("notification: params = " . print_r($params, true), LOGGER_DEBUG);
 
 		$itemlink =  $params['link'];
@@ -264,7 +267,7 @@ class Enotify {
 			}
 		}
 
-		$parent_mid = $params['parent_mid'];
+		$parent_mid = $params['parent_mid'] ?? '';
 
 		// Check to see if there was already a notify for this post.
 		// If so don't create a second notification
@@ -335,7 +338,7 @@ class Enotify {
 
 
 
-	elseif($params['type'] === NOTIFY_WALL) {
+	elseif(isset($params['type']) && $params['type'] === NOTIFY_WALL) {
 		$subject = sprintf( t('[$Projectname:Notify] %s posted to your profile wall') , $sender['xchan_name']);
 
 		$preamble = sprintf( t('%1$s posted to your profile wall at %2$s') , $sender['xchan_name'], $sitename);
@@ -350,7 +353,7 @@ class Enotify {
 		$itemlink =  $params['link'];
 	}
 
-	elseif ($params['type'] === NOTIFY_TAGSELF) {
+	elseif (isset($params['type']) && $params['type'] === NOTIFY_TAGSELF) {
 
 		$p = q("select id from notify where link = '%s' and uid = %d limit 1",
 			dbesc($params['link']),
@@ -374,7 +377,7 @@ class Enotify {
 		$itemlink =  $params['link'];
 	}
 
-	elseif ($params['type'] === NOTIFY_POKE) {
+	elseif (isset($params['type']) && $params['type'] === NOTIFY_POKE) {
 		$subject =	sprintf( t('[$Projectname:Notify] %1$s poked you') , $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s poked you at %2$s') , $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') ,
@@ -391,7 +394,7 @@ class Enotify {
 		$itemlink =  $params['link'];
 	}
 
-	elseif ($params['type'] === NOTIFY_TAGSHARE) {
+	elseif (isset($params['type']) && $params['type'] === NOTIFY_TAGSHARE) {
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged your post') , $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s tagged your post at %2$s'),$sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') ,
@@ -404,7 +407,7 @@ class Enotify {
 		$itemlink =  $params['link'];
 	}
 
-	elseif ($params['type'] === NOTIFY_INTRO) {
+	elseif (isset($params['type']) && $params['type'] === NOTIFY_INTRO) {
 		$subject = sprintf( t('[$Projectname:Notify] Introduction received'));
 		$preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a new connection request[/zrl] from %2$s.'),
@@ -418,7 +421,7 @@ class Enotify {
 		$itemlink = $params['link'];
 	}
 
-	elseif ($params['type'] === NOTIFY_SUGGEST) {
+	elseif (isset($params['type']) && $params['type'] === NOTIFY_SUGGEST) {
 		$subject = sprintf( t('[$Projectname:Notify] Friend suggestion received'));
 		$preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'),
@@ -436,11 +439,11 @@ class Enotify {
 		$itemlink =  $params['link'];
 	}
 
-	elseif ($params['type'] === NOTIFY_CONFIRM) {
+	elseif (isset($params['type']) && $params['type'] === NOTIFY_CONFIRM) {
 		// ?
 	}
 
-	elseif ($params['type'] === NOTIFY_SYSTEM) {
+	elseif (isset($params['type']) && $params['type'] === NOTIFY_SYSTEM) {
 		// ?
 	}
 
@@ -495,12 +498,13 @@ class Enotify {
 	$datarray['link']   = $itemlink;
 	$datarray['parent'] = $parent_mid;
 	$datarray['parent_item'] = $parent_item;
-	$datarray['ntype']   = $params['type'];
-	$datarray['verb']   = $params['verb'];
-	$datarray['otype']  = $params['otype'];
+	$datarray['ntype']   = $params['type'] ?? '';
+	$datarray['verb']   = $params['verb'] ?? '';
+	$datarray['otype']  = $params['otype'] ?? '';
  	$datarray['abort']  = false;
+	$datarray['seen'] = 0;
 
-	$datarray['item'] = $params['item'];
+	$datarray['item'] = $params['item'] ?? [];
 
 	call_hooks('enotify_store', $datarray);
 
@@ -511,7 +515,6 @@ class Enotify {
 
 
 	// create notification entry in DB
-	$seen = 0;
 
 	// Mark some notifications as seen right away
 	// Note! The notification have to be created, because they are used to send emails
@@ -521,7 +524,7 @@ class Enotify {
 
 	if (!$always_show_in_notices) {
 		if (($params['type'] === NOTIFY_WALL) || ($params['type'] === NOTIFY_MAIL) || ($params['type'] === NOTIFY_INTRO)) {
-			$seen = 1;
+			$datarray['seen'] = 1;
 		}
 	}
 
@@ -537,7 +540,7 @@ class Enotify {
 		intval($datarray['uid']),
 		dbesc($datarray['link']),
 		dbesc($datarray['parent']),
-		intval($seen),
+		intval($datarray['seen']),
 		intval($datarray['ntype']),
 		dbesc($datarray['verb']),
 		dbesc($datarray['otype'])
@@ -613,8 +616,8 @@ class Enotify {
 		$datarray['preamble']     = $preamble;
 		$datarray['sitename']     = $sitename;
 		$datarray['siteurl']      = $siteurl;
-		$datarray['type']         = $params['type'];
-		$datarray['parent']       = $params['parent_mid'];
+		$datarray['type']         = $params['type'] ?? '';
+		$datarray['parent']       = $params['parent_mid'] ?? '';
 		$datarray['source_name']  = $sender['xchan_name'];
 		$datarray['source_link']  = $sender['xchan_url'];
 		$datarray['source_photo'] = $sender['xchan_photo_s'];
@@ -681,7 +684,6 @@ class Enotify {
 			'$source_name'  => $datarray['source_name'],
 			'$source_link'  => $datarray['source_link'],
 			'$source_photo' => $datarray['source_photo'],
-			'$username'     => $datarray['to_name'],
 			'$hsitelink'    => $datarray['hsitelink'],
 			'$hitemlink'    => $datarray['hitemlink'],
 			'$thanks'       => $datarray['thanks'],
@@ -703,7 +705,6 @@ class Enotify {
 			'$source_name'  => $datarray['source_name'],
 			'$source_link'  => $datarray['source_link'],
 			'$source_photo' => $datarray['source_photo'],
-			'$username'     => $datarray['to_name'],
 			'$tsitelink'    => $datarray['tsitelink'],
 			'$titemlink'    => $datarray['titemlink'],
 			'$thanks'       => $datarray['thanks'],
@@ -827,7 +828,7 @@ class Enotify {
 				: (($item['obj_type'] === 'Answer') ? sprintf( t('voted on %s\'s poll'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]') : sprintf( t('commented on %s\'s post'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]'))
 			);
 
-			if($item['verb'] === ACTIVITY_SHARE) {
+			if($item['verb'] === ACTIVITY_SHARE && empty($item['owner']['xchan_pubforum'])) {
 				$itemem_text = sprintf( t('repeated %s\'s post'), '[bdi]' . $item['author']['xchan_name'] . '[/bdi]');
 			}
 
@@ -859,7 +860,7 @@ class Enotify {
 
 		// convert this logic into a json array just like the system notifications
 
-		$who = (($item['verb'] === ACTIVITY_SHARE) ? 'owner' : 'author');
+		$who = (($item['verb'] === ACTIVITY_SHARE && empty($item['owner']['xchan_pubforum'])) ? 'owner' : 'author');
 		$body = html2plain(bbcode($item['body'], ['drop_media' => true, 'tryoembed' => false]), 75, true);
 		if ($body) {
 			$body = htmlentities($body, ENT_QUOTES, 'UTF-8', false);
@@ -868,7 +869,7 @@ class Enotify {
 		$x = array(
 			'notify_link' => $item['llink'],
 			'name' => $item[$who]['xchan_name'],
-			'addr' => (($item[$who]['xchan_addr']) ? $item[$who]['xchan_addr'] : $item[$who]['xchan_url']),
+			'addr' => $item[$who]['xchan_addr'] ? $item[$who]['xchan_addr'] : $item[$who]['xchan_url'],
 			'url' => $item[$who]['xchan_url'],
 			'photo' => $item[$who]['xchan_photo_s'],
 			'when' => (($edit) ? datetime_convert('UTC', date_default_timezone_get(), $item['edited']) : datetime_convert('UTC', date_default_timezone_get(), $item['created'])),

Zotlabs/Lib/Libsync.php

@@ -135,14 +135,13 @@ class Libsync {
 				$info['collection_members'] = $r;
 		}
 
-		$interval = ((get_config('system', 'delivery_interval') !== false)
-			? intval(get_config('system', 'delivery_interval')) : 2);
+		$interval = get_config('queueworker', 'queue_interval', 500000);
 
 		logger('Packet: ' . print_r($info, true), LOGGER_DATA, LOG_DEBUG);
 
 		$total = count($synchubs);
 		foreach ($synchubs as $hub) {
-			$hash = random_string();
+			$hash = new_uuid();
 			$n    = Libzot::build_packet($channel, 'sync', $env_recips, json_encode($info), 'hz', $hub['hubloc_sitekey'], $hub['site_crypto']);
 			Queue::insert([
 				'hash'       => $hash,
@@ -155,19 +154,26 @@ class Libsync {
 			]);
 
 
+			/*
 			$x = q("select count(outq_hash) as total from outq where outq_delivered = 0");
+
 			if (intval($x[0]['total']) > intval(get_config('system', 'force_queue_threshold', 3000))) {
 				logger('immediate delivery deferred.', LOGGER_DEBUG, LOG_INFO);
 				Queue::update($hash);
 				continue;
 			}
-
+			*/
 
 			Master::Summon(['Deliver', $hash]);
-			$total = $total - 1;
 
-			if ($interval && $total)
-				@time_sleep_until(microtime(true) + (float)$interval);
+			/*
+			$total = $total - 1;
+			*/
+
+			if ($interval) {
+				usleep($interval);
+			}
+
 		}
 	}
 
@@ -192,7 +198,10 @@ class Libsync {
 				dbesc($sender)
 			);
 
-			$DR = new DReport(z_root(), $sender, $d, 'sync');
+			$mid = 'sync';
+
+
+			$DR = new DReport(z_root(), $sender, $d, $mid);
 
 			if (!$r) {
 				$DR->update('recipient not found');
@@ -202,6 +211,7 @@ class Libsync {
 
 			$channel = $r[0];
 
+
 			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
 
 			$max_friends = service_class_fetch($channel['channel_id'], 'total_channels');
@@ -293,8 +303,10 @@ class Libsync {
 			if (array_key_exists('event_item', $arr) && $arr['event_item'])
 				sync_items($channel, $arr['event_item'], ((array_key_exists('relocate', $arr)) ? $arr['relocate'] : null));
 
-			if (array_key_exists('item', $arr) && $arr['item'])
+			if (array_key_exists('item', $arr) && $arr['item']) {
 				sync_items($channel, $arr['item'], ((array_key_exists('relocate', $arr)) ? $arr['relocate'] : null));
+				$mid = $arr['item'][0]['message_id'] . '#sync';
+			}
 
 			// deprecated, maintaining for a few months for upward compatibility
 			// this should sync webpages, but the logic is a bit subtle
@@ -740,13 +752,12 @@ class Libsync {
 			 */
 			call_hooks('process_channel_sync_delivery', $addon);
 
-			$DR = new DReport(z_root(), $d, $d, 'sync', 'channel sync delivered');
+			$DR = new DReport(z_root(), $d, $d, $mid, 'channel sync processed');
 
 			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
 
 			$result[] = $DR->get();
 		}
-
 		return $result;
 	}
 
@@ -755,13 +766,19 @@ class Libsync {
 	 *
 	 * @param array $sender
 	 * @param array $arr
-	 * @param boolean $absolute (optional) default false
 	 * @return array
 	 */
 
-	static function sync_locations($sender, $arr, $absolute = false) {
+	static function sync_locations($sender, $arr) {
 
-		$ret = [];
+		$ret = [
+			'change_message' => '',
+			'changed' => false,
+			'message' => ''
+		];
+
+		$what = '';
+		$changed = false;
 
 		// If a sender reports that the channel has been deleted, delete its hubloc
 		if (isset($arr['deleted_locally']) && intval($arr['deleted_locally'])) {
@@ -772,12 +789,9 @@ class Libsync {
 			);
 		}
 
-		if ($arr['locations']) {
+		if (isset($arr['locations']) && $arr['locations']) {
 
-			if ($absolute)
-				Libzot::check_location_move($sender['hash'], $arr['locations']);
-
-			$xisting = q("select * from hubloc where hubloc_hash = '%s'",
+			$xisting = q("select * from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0",
 				dbesc($sender['hash'])
 			);
 
@@ -849,7 +863,9 @@ class Libsync {
 						);
 					}
 
-					// update connection timestamp if this is the site we're talking to
+					// Update connection timestamp if this is the site we're talking to.
+					// Also mark all entries from the current site with different sitekeys
+					// deleted (the site has been re-installed)
 					// This only happens when called from import_xchan
 
 					$current_site = false;
@@ -863,6 +879,12 @@ class Libsync {
 							intval($r[0]['hubloc_id']),
 							dbesc($t)
 						);
+
+						q("update hubloc set hubloc_error = 1, hubloc_deleted = 1 where hubloc_url = '%s' and hubloc_sitekey != '%s'",
+							dbesc($r[0]['hubloc_url']),
+							dbesc($r[0]['hubloc_sitekey'])
+						);
+
 						$current_site = true;
 					}
 
@@ -912,14 +934,7 @@ class Libsync {
 						$what    .= 'primary_hub ';
 						$changed = true;
 					}
-					elseif ($absolute) {
-						// Absolute sync - make sure the current primary is correctly reflected in the xchan
-						$pr = hubloc_change_primary($r[0]);
-						if ($pr) {
-							$what    .= 'xchan_primary ';
-							$changed = true;
-						}
-					}
+
 					if (intval($r[0]['hubloc_deleted']) && (!intval($location['deleted']))) {
 						q("update hubloc set hubloc_deleted = 0, hubloc_updated = '%s' where hubloc_id_url = '%s'",
 							dbesc(datetime_convert()),
@@ -988,9 +1003,9 @@ class Libsync {
 				}
 			}
 
-			// get rid of any hubs we have for this channel which weren't reported.
+			// get rid of any hublocs we have for this channel which weren't reported.
 
-			if ($absolute && $xisting) {
+			if ($xisting) {
 				foreach ($xisting as $x) {
 					if (!array_key_exists('updated', $x)) {
 						logger('Deleting unreferenced hub location ' . $x['hubloc_addr']);

Zotlabs/Lib/Libzot.php

@@ -101,7 +101,6 @@ class Libzot {
 	static function build_packet($channel, $type = 'activity', $recipients = null, $msg = [], $encoding = 'activitystreams', $remote_key = null, $methods = '') {
 
 		$sig_method = get_config('system', 'signature_algorithm', 'sha256');
-
 		$data = [
 			'type'     => $type,
 			'encoding' => $encoding,
@@ -115,9 +114,9 @@ class Libzot {
 		}
 
 		if ($msg) {
-			$actor = channel_url($channel);
-			if ($encoding === 'activitystreams' && array_key_exists('actor', $msg) && is_string($msg['actor']) && $actor === $msg['actor']) {
-				$msg = JSalmon::sign($msg, $actor, $channel['channel_prvkey']);
+			$actors = get_hubloc_id_urls_by_x($channel['channel_hash']);
+			if ($encoding === 'activitystreams' && array_key_exists('actor', $msg) && is_string($msg['actor']) && in_array($msg['actor'], $actors)) {
+				$msg = JSalmon::sign($msg, $actors[0], $channel['channel_prvkey']);
 			}
 			$data['data'] = $msg;
 		}
@@ -291,6 +290,12 @@ class Libzot {
 		}
 
 		$m = parse_url($url);
+
+		if (!$m) {
+			logger('zot_refresh: could not parse url');
+			return false;
+		}
+
 		$site_url = unparse_url([ 'scheme' => $m['scheme'], 'host' => $m['host'] ]);
 
 		$s = q("select site_dead from site where site_url = '%s' limit 1",
@@ -323,7 +328,7 @@ class Libzot {
 
 		logger('zot-info: ' . print_r($record, true), LOGGER_DATA, LOG_DEBUG);
 
-		$x = self::import_xchan($record['data'], (($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
+		$x = self::import_xchan($record['data']);
 
 		if (!$x['success']) {
 			return false;
@@ -473,7 +478,7 @@ class Libzot {
 						unset($new_connection[0]['abook_account']);
 						unset($new_connection[0]['abook_channel']);
 
-						$abconfig = load_abconfig($channel['channel_id'], $new_connection['abook_xchan']);
+						$abconfig = load_abconfig($channel['channel_id'], $new_connection[0]['abook_xchan']);
 
 						if ($abconfig) {
 							$new_connection['abconfig'] = $abconfig;
@@ -589,8 +594,6 @@ class Libzot {
 	 */
 	static function register_hub($id) {
 
-		$hsig_valid = false;
-
 		$result = ['success' => false];
 
 		if (!$id) {
@@ -599,8 +602,14 @@ class Libzot {
 
 		$record = Zotfinger::exec($id);
 
+		if (!$record) {
+			return $result;
+		}
+
 		// Check the HTTP signature
 
+		$hsig_valid = false;
+
 		$hsig = $record['signature'];
 		if ($hsig['signer'] === $id && $hsig['header_valid'] === true && $hsig['content_valid'] === true) {
 			$hsig_valid = true;
@@ -626,21 +635,24 @@ class Libzot {
 	 *   all internal data structures which need to be updated as a result.
 	 *
 	 * @param array $arr => json_decoded discovery packet
-	 * @param int $ud_flags
-	 *    Determines whether to create a directory update record if any changes occur, default is UPDATE_FLAGS_UPDATED
-	 *    $ud_flags = UPDATE_FLAGS_FORCED indicates a forced refresh where we unconditionally create a directory update record
-	 *      this typically occurs once a month for each channel as part of a scheduled ping to notify the directory
-	 *      that the channel still exists
-	 * @param array $ud_arr
-	 *    If set [typically by update_directory_entry()] indicates a specific update table row and more particularly
-	 *    contains a particular address (ud_addr) which needs to be updated in that table.
-	 *
+
 	 * @return array An associative array with:
 	 *   * \e boolean \b success boolean true or false
 	 *   * \e string \b message (optional) error string only if success is false
 	 */
 
-	static function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
+	static function import_xchan($arr) {
+
+		$ret = [
+			'success' => false,
+			'message' => ''
+		];
+
+		if (!is_array($arr)) {
+			logger('Not an array: ' . print_r($arr, true), LOGGER_DEBUG);
+			return $ret;
+		}
+
 		/**
 		 * @hooks import_xchan
 		 *   Called when processing the result of zot_finger() to store the result
@@ -648,8 +660,7 @@ class Libzot {
 		 */
 		call_hooks('import_xchan', $arr);
 
-		$ret     = ['success' => false];
-		$dirmode = intval(get_config('system', 'directory_mode'));
+		$dirmode = intval(get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL));
 
 		$changed = false;
 		$what    = '';
@@ -667,15 +678,11 @@ class Libzot {
 		$sig_methods = ((array_key_exists('signing', $arr) && is_array($arr['signing'])) ? $arr['signing'] : ['sha256']);
 		$verified    = false;
 
-		if (!self::verify($arr['id'], $arr['id_sig'], $arr['public_key'])) {
-			logger('Unable to verify channel signature for ' . $arr['address']);
-			return $ret;
-		}
-		else {
+		if (self::verify($arr['id'], $arr['id_sig'], $arr['public_key'])) {
 			$verified = true;
 		}
-
-		if (!$verified) {
+		else {
+			logger('Unable to verify channel signature for ' . $xchan_hash . ' (' . $arr['primary_location']['address']) . ')';
 			$ret['message'] = t('Unable to verify channel signature');
 			return $ret;
 		}
@@ -698,23 +705,24 @@ class Libzot {
 			if ($arr['photo'] && array_key_exists('updated', $arr['photo']) && $arr['photo']['updated'] > $r[0]['xchan_photo_date'])
 				$import_photos = true;
 
+
 			// if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry.
 			/** @TODO: check if we're the same directory realm, which would mean we are allowed to see it */
 
 			$dirmode = get_config('system', 'directory_mode');
 
-			if ((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) && ($arr['site']['url'] != z_root()))
+			if (((isset($arr['site']['directory_mode']) && $arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) && ($arr['site']['url'] != z_root()))
 				$arr['searchable'] = false;
 
 			$hidden = (1 - intval($arr['searchable']));
 
 			$hidden_changed = $adult_changed = $deleted_changed = $pubforum_changed = 0;
 
-			if (intval($r[0]['xchan_hidden']) != (1 - intval($arr['searchable'])))
+			if (isset($arr['searchable']) && intval($r[0]['xchan_hidden']) != (1 - intval($arr['searchable'])))
 				$hidden_changed = 1;
-			if (intval($r[0]['xchan_selfcensored']) != intval($arr['adult_content']))
+			if (isset($arr['adult_content']) && intval($r[0]['xchan_selfcensored']) != intval($arr['adult_content']))
 				$adult_changed = 1;
-			if (intval($r[0]['xchan_deleted']) != intval($arr['deleted']))
+			if (isset($arr['deleted']) && intval($r[0]['xchan_deleted']) != intval($arr['deleted']))
 				$deleted_changed = 1;
 
 			// new style 6-MAR-2019
@@ -733,7 +741,7 @@ class Libzot {
 
 			// old style
 
-			if (intval($r[0]['xchan_pubforum']) != intval($arr['public_forum']))
+			if (isset($arr['public_forum']) && intval($r[0]['xchan_pubforum']) != intval($arr['public_forum']))
 				$pubforum_changed = 1;
 
 
@@ -761,10 +769,10 @@ class Libzot {
 					dbesc($arr['name_updated']),
 					dbesc($arr['primary_location']['connections_url']),
 					dbesc($arr['primary_location']['follow_url']),
-					dbesc($arr['primary_location']['connect_url']),
+					dbesc($arr['connect_url']),
 					intval(1 - intval($arr['searchable'])),
 					intval($arr['adult_content']),
-					intval($arr['deleted']),
+					intval($arr['deleted'] ?? 0),
 					intval($arr['public_forum']),
 					dbesc(escape_tags($arr['primary_location']['address'])),
 					dbesc(escape_tags($arr['primary_location']['url'])),
@@ -804,7 +812,7 @@ class Libzot {
 					'xchan_name_date'      => $arr['name_updated'],
 					'xchan_hidden'         => intval(1 - intval($arr['searchable'])),
 					'xchan_selfcensored'   => $arr['adult_content'],
-					'xchan_deleted'        => $arr['deleted'],
+					'xchan_deleted'        => $arr['deleted'] ?? 0,
 					'xchan_pubforum'       => $arr['public_forum']
 				]
 			);
@@ -885,7 +893,7 @@ class Libzot {
 				else {
 					$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
 						where xchan_hash = '%s'",
-						dbescdate(datetime_convert('UTC', 'UTC', $arr['photo_updated'])),
+						dbescdate(datetime_convert('UTC', 'UTC', $arr['photo']['updated'])),
 						dbesc($photos[0]),
 						dbesc($photos[1]),
 						dbesc($photos[2]),
@@ -904,30 +912,26 @@ class Libzot {
 		$s = Libsync::sync_locations($arr, $arr);
 
 		if ($s) {
-			if (isset($s['change_message']))
+			if (!empty($s['change_message']))
 				$what .= $s['change_message'];
-			if (isset($s['changed']))
-				$changed = $s['changed'];
-			if (isset($s['message']))
+			if (!empty($s['changed']))
+				$changed .= $s['changed'];
+			if (!empty($s['message']))
 				$ret['message'] .= $s['message'];
 		}
 
-		// Which entries in the update table are we interested in updating?
-
-		$address = (($ud_arr && $ud_arr['ud_addr']) ? $ud_arr['ud_addr'] : $arr['address']);
-
-
-		// Are we a directory server of some kind?
 
 		$other_realm = false;
 		$realm       = get_directory_realm();
-		if (array_key_exists('site', $arr)
-			&& array_key_exists('realm', $arr['site'])
-			&& (strpos($arr['site']['realm'], $realm) === false))
+		if (array_key_exists('site', $arr) && array_key_exists('realm', $arr['site']) && (strpos($arr['site']['realm'], $realm) === false)) {
 			$other_realm = true;
+		}
 
+		$address = $arr['primary_location']['url'];
 
-		if ($dirmode != DIRECTORY_MODE_NORMAL) {
+		// Are we a directory server of some kind?
+
+		if ($dirmode !== DIRECTORY_MODE_NORMAL) {
 
 			// We're some kind of directory server. However we can only add directory information
 			// if the entry is in the same realm (or is a sub-realm). Sub-realms are denoted by
@@ -935,7 +939,7 @@ class Libzot {
 			// be in directories for the local realm (foo) and also the RED_GLOBAL realm.
 
 			if (array_key_exists('profile', $arr) && is_array($arr['profile']) && (!$other_realm)) {
-				$profile_changed = Libzotdir::import_directory_profile($xchan_hash, $arr['profile'], $address, $ud_flags, 1);
+				$profile_changed = Libzotdir::import_directory_profile($xchan_hash, $arr['profile']);
 				if ($profile_changed) {
 					$what    .= 'profile ';
 					$changed = true;
@@ -961,21 +965,10 @@ class Libzot {
 			}
 		}
 
-		if (($changed) || ($ud_flags == UPDATE_FLAGS_FORCED)) {
-			$guid = random_string() . '@' . \App::get_hostname();
-			Libzotdir::update_modtime($xchan_hash, $guid, $address, $ud_flags);
-			logger('Changed: ' . $what, LOGGER_DEBUG);
-		}
-		elseif (!$ud_flags) {
-			// nothing changed but we still need to update the updates record
-			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) > 0 ",
-				intval(UPDATE_FLAGS_UPDATED),
-				dbesc($address),
-				intval(UPDATE_FLAGS_UPDATED)
-			);
-		}
+		// update updates if anything changed bump the ud_date
+		Libzotdir::update($xchan_hash, $address, $changed);
 
-		if (!x($ret, 'message')) {
+		if (empty($ret['message'])) {
 			$ret['success'] = true;
 			$ret['hash']    = $xchan_hash;
 		}
@@ -1027,26 +1020,16 @@ class Libzot {
 				// handle remote validation issues
 
 				$b = q("update dreport set dreport_result = '%s', dreport_time = '%s' where dreport_queue = '%s'",
-					dbesc(($x['message']) ? $x['message'] : 'unknown delivery error'),
+					dbesc($x['message'] ?? 'unknown delivery error'),
 					dbesc(datetime_convert()),
 					dbesc($outq['outq_hash'])
 				);
 			}
 
 			if (is_array($x) && array_key_exists('delivery_report', $x) && is_array($x['delivery_report'])) {
-
 				foreach ($x['delivery_report'] as $xx) {
 					call_hooks('dreport_process', $xx);
 					if (is_array($xx) && array_key_exists('message_id', $xx) && DReport::is_storable($xx)) {
-
-						// legacy recipients add a space and their name to the xchan. split those if true.
-						$legacy_recipient = strpos($xx['recipient'], ' ');
-						if ($legacy_recipient !== false) {
-							$legacy_recipient_parts = explode(' ', $xx['recipient'], 2);
-							$xx['recipient']        = $legacy_recipient_parts[0];
-							$xx['name']             = $legacy_recipient_parts[1];
-						}
-
 						q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_name, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s', '%s','%s','%s','%s','%s' ) ",
 							dbesc($xx['message_id']),
 							dbesc($xx['location']),
@@ -1161,10 +1144,14 @@ class Libzot {
 				return;
 			}
 			if (is_array($AS->obj)) {
-				$arr = Activity::decode_note($AS);
+				$item = Activity::decode_note($AS);
+				if (!$item) {
+					logger('Could not decode activity: ' . print_r($AS, true));
+					return;
+				}
 			}
 			else {
-				$arr = [];
+				$item = [];
 			}
 
 			logger($AS->debug(), LOGGER_DATA);
@@ -1223,7 +1210,6 @@ class Libzot {
 			return;
 		}
 
-
 		if ($has_data) {
 
 			if (in_array($env['type'], ['activity', 'response'])) {
@@ -1233,7 +1219,7 @@ class Libzot {
 					return;
 				}
 
-				$r = q("select hubloc_hash, hubloc_network, hubloc_url from hubloc where hubloc_id_url = '%s' order by hubloc_id desc",
+				$r = q("select hubloc_hash, hubloc_network, hubloc_url from hubloc where hubloc_id_url = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 					dbesc($AS->actor['id'])
 				);
 
@@ -1241,7 +1227,7 @@ class Libzot {
 					// Author is unknown to this site. Perform channel discovery and try again.
 					$z = discover_by_webbie($AS->actor['id']);
 					if ($z) {
-						$r = q("select hubloc_hash, hubloc_network, hubloc_url from hubloc where hubloc_id_url = '%s' order by hubloc_id desc",
+						$r = q("select hubloc_hash, hubloc_network, hubloc_url from hubloc where hubloc_id_url = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 							dbesc($AS->actor['id'])
 						);
 					}
@@ -1249,15 +1235,15 @@ class Libzot {
 
 				if ($r) {
 					$r = self::zot_record_preferred($r);
-					$arr['author_xchan'] = $r['hubloc_hash'];
+					$item['author_xchan'] = $r['hubloc_hash'];
 				}
 
-				if (! $arr['author_xchan']) {
+				if (! $item['author_xchan']) {
 					logger('No author!');
 					return;
 				}
 
-				$arr['owner_xchan'] = $env['sender'];
+				$item['owner_xchan'] = $env['sender'];
 
 				if(filter_var($env['sender'], FILTER_VALIDATE_URL)) {
 					// in individual delivery, change owner if needed
@@ -1266,67 +1252,67 @@ class Libzot {
 					);
 
 					if ($s) {
-						$arr['owner_xchan'] = $s[0]['hubloc_hash'];
+						$item['owner_xchan'] = $s[0]['hubloc_hash'];
 					}
 				}
 
-				if (! $arr['owner_xchan']) {
+				if (! $item['owner_xchan']) {
 					logger('No owner!');
 					return;
 				}
 
-				if ($private && (!intval($arr['item_private']))) {
-					$arr['item_private'] = 1;
+				if ($private && (!intval($item['item_private']))) {
+					$item['item_private'] = 1;
 				}
 
-				if ($arr['mid'] === $arr['parent_mid']) {
+				if ($item['mid'] === $item['parent_mid']) {
 					if (is_array($AS->obj) && array_key_exists('commentPolicy', $AS->obj)) {
 						$p = strstr($AS->obj['commentPolicy'], 'until=');
 						if ($p !== false) {
 							$comments_closed_at = datetime_convert('UTC', 'UTC', substr($p, 6));
-							if ($comments_closed_at === $arr['created']) {
-								$arr['item_nocomment'] = 1;
+							if ($comments_closed_at === $item['created']) {
+								$item['item_nocomment'] = 1;
 							}
 							else {
-								$arr['comments_closed'] = $comments_closed_at;
-								$arr['comment_policy']  = trim(str_replace($p, '', $AS->obj['commentPolicy']));
+								$item['comments_closed'] = $comments_closed_at;
+								$aritemr['comment_policy']  = trim(str_replace($p, '', $AS->obj['commentPolicy']));
 							}
 						}
 						else {
-							$arr['comment_policy'] = $AS->obj['commentPolicy'];
+							$item['comment_policy'] = $AS->obj['commentPolicy'];
 						}
 					}
 				}
 
-				if ($AS->meta['hubloc']) {
-					$arr['item_verified'] = true;
+				if (isset($AS->meta['hubloc']) && $AS->meta['hubloc']) {
+					$item['item_verified'] = true;
 				}
 
-				if (!array_key_exists('comment_policy', $arr)) {
-					$arr['comment_policy'] = 'authenticated';
+				if (!array_key_exists('comment_policy', $item)) {
+					$item['comment_policy'] = 'authenticated';
 				}
 
-				if ($AS->meta['signed_data']) {
-					IConfig::Set($arr, 'activitypub', 'signed_data', $AS->meta['signed_data'], false);
+				if (isset($AS->meta['signed_data']) && $AS->meta['signed_data']) {
+					IConfig::Set($item, 'activitypub', 'signed_data', $AS->meta['signed_data'], false);
 				}
 
-				logger('Activity received: ' . print_r($arr, true), LOGGER_DATA, LOG_DEBUG);
+				logger('Activity received: ' . print_r($item, true), LOGGER_DATA, LOG_DEBUG);
 				logger('Activity recipients: ' . print_r($deliveries, true), LOGGER_DATA, LOG_DEBUG);
 
 				$relay = (($env['type'] === 'response') ? true : false);
 
-				$result = self::process_delivery($env['sender'], $AS, $arr, $deliveries, $relay, false, $message_request);
+				$result = self::process_delivery($env['sender'], $AS, $item, $deliveries, $relay, false, $message_request);
 			}
 			elseif ($env['type'] === 'sync') {
-				// $arr = get_channelsync_elements($data);
+				// $item = get_channelsync_elements($data);
 
-				$arr = json_decode($data, true);
+				$item = json_decode($data, true);
 
-				logger('Channel sync received: ' . print_r($arr, true), LOGGER_DATA, LOG_DEBUG);
+				logger('Channel sync received: ' . print_r($item, true), LOGGER_DATA, LOG_DEBUG);
 				logger('Channel sync recipients: ' . print_r($deliveries, true), LOGGER_DATA, LOG_DEBUG);
 
 				if ($env['encoding'] === 'hz') {
-					$result = Libsync::process_channel_sync_delivery($env['sender'], $arr, $deliveries);
+					$result = Libsync::process_channel_sync_delivery($env['sender'], $item, $deliveries);
 				}
 				else {
 					logger('sync packet type not supported.');
@@ -1356,7 +1342,7 @@ class Libzot {
 				return false;
 			}
 			$x = self::find_parent($env, $act);
-			if ($x === $act->id || $x === $act->obj['id']) {
+			if ($x === $act->id || (is_array($act->obj) && array_key_exists('id', $act->obj) && $x === $act->obj['id'])) {
 				return true;
 			}
 		}
@@ -1376,6 +1362,31 @@ class Libzot {
 		return false;
 	}
 
+	static function find_parent_owner_hashes($env, $act) {
+		$r = [];
+		$thread_parent = self::find_parent($env, $act);
+		if ($thread_parent) {
+			$uids = q("SELECT uid FROM item WHERE thr_parent = '%s' OR parent_mid = '%s'",
+				dbesc($thread_parent),
+				dbesc($thread_parent)
+			);
+
+			if ($uids) {
+				$uids = ids_to_querystr($uids, 'uid');
+
+				$z = q("SELECT channel_hash FROM channel WHERE channel_hash != '%s' AND channel_id IN ($uids)",
+					dbesc($env['sender'])
+				);
+
+				if ($z) {
+					foreach ($z as $zv) {
+						$r[] = $zv['channel_hash'];
+					}
+				}
+			}
+		}
+		return $r;
+	}
 
 	/**
 	 * @brief
@@ -1414,7 +1425,9 @@ class Libzot {
 
 		$r = [];
 
-		$c = q("select channel_id, channel_hash from channel where channel_removed = 0");
+		$c = q("select channel_id, channel_hash from channel where channel_hash != '%s' and channel_removed = 0",
+			dbesc($msg['sender'])
+		);
 
 		if ($c) {
 			foreach ($c as $cc) {
@@ -1437,14 +1450,15 @@ class Libzot {
 		if ($check_mentions) {
 			// It's a top level post. Look at the tags. See if any of them are mentions and are on this hub.
 			if ($act && $act->obj) {
-				if (is_array($act->obj['tag']) && $act->obj['tag']) {
+				if (isset($act->obj['tag']) && is_array($act->obj['tag']) && $act->obj['tag']) {
 					foreach ($act->obj['tag'] as $tag) {
 						if ($tag['type'] === 'Mention' && (strpos($tag['href'], z_root()) !== false)) {
 							$address = basename($tag['href']);
 							if ($address) {
-								$z = q("select channel_hash as hash from channel where channel_address = '%s'
+								$z = q("select channel_hash as hash from channel where channel_address = '%s' and channel_hash != '%s'
 									and channel_removed = 0 limit 1",
-									dbesc($address)
+									dbesc($address),
+									dbesc($msg['sender'])
 								);
 								if ($z) {
 									$r[] = $z[0]['hash'];
@@ -1453,25 +1467,23 @@ class Libzot {
 						}
 					}
 				}
+				if ($act->obj['type'] === 'Tombstone') {
+					// This is a delete. There are no tags to look at - add anyone owning the item.
+					$parent_owners = self::find_parent_owner_hashes($msg, $act);
+					if ($parent_owners) {
+						$r = array_merge($r, $parent_owners);
+					}
+				}
+
 			}
 		}
 		else {
 			// This is a comment. We need to find any parent with ITEM_UPLINK set. But in fact, let's just return
 			// everybody that stored a copy of the parent. This way we know we're covered. We'll check the
 			// comment permissions when we deliver them.
-
-			$thread_parent = self::find_parent($msg, $act);
-
-			if ($thread_parent) {
-				$z = q("select channel_hash as hash from channel left join item on channel.channel_id = item.uid where ( item.thr_parent = '%s' OR item.parent_mid = '%s' ) ",
-					dbesc($thread_parent),
-					dbesc($thread_parent)
-				);
-				if ($z) {
-					foreach ($z as $zv) {
-						$r[] = $zv['hash'];
-					}
-				}
+			$parent_owners = self::find_parent_owner_hashes($msg, $act);
+			if ($parent_owners) {
+				$r = array_merge($r, $parent_owners);
 			}
 		}
 
@@ -1516,6 +1528,7 @@ class Libzot {
 		foreach ($deliveries as $d) {
 
 			$local_public = $public;
+			$item_result = null;
 
 			$DR = new DReport(z_root(), $sender, $d, $arr['mid']);
 
@@ -1555,9 +1568,14 @@ class Libzot {
 			 * There's a chance the current delivery could take place before the cloned copy arrives
 			 * hence the item could have the wrong ACL and *could* be used in subsequent deliveries or
 			 * access checks.
+			 *
+			 * 30.3.23: block all incoming items from ourselves except if the origin is local.
+			 * This is to prevent multiple relay delivery of items that arrive via sync.
+			 * They have already been relayed at the origin location.
+			 *
 			 */
 
-			if ($sender === $channel['channel_hash'] && $arr['author_xchan'] === $channel['channel_hash'] && $arr['mid'] === $arr['parent_mid']) {
+			if ($sender === $channel['channel_hash'] && $arr['author_xchan'] === $channel['channel_hash'] && !str_starts_with($arr['mid'], z_root())) {
 				$DR->update('self delivery ignored');
 				$result[] = $DR->get();
 				continue;
@@ -1607,13 +1625,23 @@ class Libzot {
 			if ((!$tag_delivery) && (!$local_public)) {
 				$allowed = (perm_is_allowed($channel['channel_id'], $sender, $perm));
 
-				if ((!$allowed) && $perm === 'post_comments') {
-					$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
-						dbesc($arr['parent_mid']),
-						intval($channel['channel_id'])
-					);
-					if ($parent) {
-						$allowed = can_comment_on_post($sender, $parent[0]);
+				$permit_mentions = intval(PConfig::Get($channel['channel_id'], 'system', 'permit_all_mentions') && i_am_mentioned($channel, $arr));
+
+				if (!$allowed) {
+					if ($perm === 'post_comments') {
+						$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
+							dbesc($arr['parent_mid']),
+							intval($channel['channel_id'])
+						);
+						if ($parent) {
+							$allowed = can_comment_on_post($sender, $parent[0]);
+							if (!$allowed && $permit_mentions) {
+								$allowed = true;
+							}
+						}
+
+					} elseif ($permit_mentions) {
+						$allowed = true;
 					}
 				}
 
@@ -1695,7 +1723,7 @@ class Libzot {
 					// this is just an exercise in futility.
 
 					if (perm_is_allowed($channel['channel_id'], $sender, 'send_stream')) {
-						self::fetch_conversation($channel, $arr['parent_mid']);
+						Master::Summon(['Zotconvo', $channel['channel_id'], $arr['parent_mid']]);
 					}
 
 					continue;
@@ -1908,9 +1936,9 @@ class Libzot {
 
 			// preserve conversations with which you are involved from expiration
 
-			$stored = (($item_result && $item_result['item']) ? $item_result['item'] : false);
+			$stored = ((isset($item_result['item'])) ? $item_result['item'] : false);
 			if ((is_array($stored)) && ($stored['id'] != $stored['parent'])
-				&& ($stored['author_xchan'] === $channel['channel_hash'] || $stored['author_xchan'] === $channel['channel_hash'])) {
+				&& ($stored['author_xchan'] === $channel['channel_hash'])) {
 				retain_item($stored['item']['parent']);
 			}
 
@@ -1944,7 +1972,7 @@ class Libzot {
 			return false;
 		}
 
-		if ($a['data']['type'] !== 'OrderedCollection') {
+		if (isset($a['data']['type']) && $a['data']['type'] !== 'OrderedCollection') {
 			return false;
 		}
 
@@ -1958,7 +1986,7 @@ class Libzot {
 		$ret = [];
 
 
-		$signer = q("select hubloc_hash, hubloc_url from hubloc where hubloc_id_url = '%s' and hubloc_network = 'zot6' limit 1",
+		$signer = q("select hubloc_hash, hubloc_url from hubloc where hubloc_id_url = '%s' and hubloc_network = 'zot6' order by hubloc_id desc limit 1",
 			dbesc($a['signature']['signer'])
 		);
 
@@ -1978,21 +2006,20 @@ class Libzot {
 				logger('FOF Activity rejected: ' . print_r($activity, true));
 				continue;
 			}
-			$arr = Activity::decode_note($AS);
 
 			// logger($AS->debug());
 
-			$r = q("select hubloc_hash, hubloc_network from hubloc where hubloc_id_url = '%s'",
-				dbesc($AS->actor['id'])
-			);
-			$r = self::zot_record_preferred($r);
+			if(empty($AS->actor['id'])) {
+				logger('No actor id!');
+				continue;
+			}
 
+			$r = Activity::get_actor_hublocs($AS->actor['id']);
+			$r = self::zot_record_preferred($r);
 			if (!$r) {
 				$y = import_author_xchan(['url' => $AS->actor['id']]);
 				if ($y) {
-					$r = q("select hubloc_hash, hubloc_network from hubloc where hubloc_id_url = '%s'",
-						dbesc($AS->actor['id'])
-					);
+					$r = Activity::get_actor_hublocs($AS->actor['id']);
 					$r = self::zot_record_preferred($r);
 				}
 				if (!$r) {
@@ -2001,18 +2028,31 @@ class Libzot {
 				}
 			}
 
-			if ($AS->obj['actor'] && $AS->obj['actor']['id'] && $AS->obj['actor']['id'] !== $AS->actor['id']) {
-				$y = import_author_xchan(['url' => $AS->obj['actor']['id']]);
-				if (!$y) {
-					logger('FOF Activity: no object actor');
-					continue;
+			if (isset($AS->obj['actor']['id']) && $AS->obj['actor']['id'] !== $AS->actor['id']) {
+				$ro = Activity::get_actor_hublocs($AS->obj['actor']['id']);
+				$ro = self::zot_record_preferred($ro);
+				if (!$ro) {
+					$y = import_author_xchan(['url' => $AS->obj['actor']['id']]);
+					if ($y) {
+						$ro = Activity::get_actor_hublocs($AS->obj['actor']['id']);
+						$ro = self::zot_record_preferred($ro);
+					}
+					if (!$ro) {
+						logger('FOF Activity: no obj actor');
+						continue;
+					}
 				}
 			}
 
-			if ($r) {
-				$arr['author_xchan'] = $r['hubloc_hash'];
+			$arr = Activity::decode_note($AS);
+
+			if (!$arr) {
+				logger('FOF Activity: could not decode');
+				continue;
 			}
 
+			$arr['author_xchan'] = $r['hubloc_hash'];
+
 			if ($signer) {
 				$arr['owner_xchan'] = $signer[0]['hubloc_hash'];
 			}
@@ -2279,120 +2319,6 @@ class Libzot {
 	}
 
 
-	/**
-	 * @brief Processes delivery of profile.
-	 *
-	 * @param string $sender
-	 * @param array $arr
-	 * @param array $deliveries (unused)
-	 * @return void
-	 * @see import_directory_profile()
-	 *
-	 */
-	static function process_profile_delivery($sender, $arr, $deliveries) {
-
-		logger('process_profile_delivery', LOGGER_DEBUG);
-
-		$r = q("select xchan_addr from xchan where xchan_hash = '%s' limit 1",
-			dbesc($sender)
-		);
-		if ($r) {
-			Libzotdir::import_directory_profile($sender, $arr, $r[0]['xchan_addr'], UPDATE_FLAGS_UPDATED, 0);
-		}
-	}
-
-
-	/**
-	 * @brief
-	 *
-	 * @param string $sender
-	 * @param array $arr
-	 * @param array $deliveries (unused) deliveries is irrelevant
-	 * @return void
-	 */
-	static function process_location_delivery($sender, $arr, $deliveries) {
-
-		// deliveries is irrelevant
-		logger('process_location_delivery', LOGGER_DEBUG);
-
-		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
-			dbesc($sender)
-		);
-		if ($r) {
-			$xchan = ['id'   => $r[0]['xchan_guid'], 'id_sig' => $r[0]['xchan_guid_sig'],
-					  'hash' => $r[0]['xchan_hash'], 'public_key' => $r[0]['xchan_pubkey']];
-		}
-		if (array_key_exists('locations', $arr) && $arr['locations']) {
-			$x = Libsync::sync_locations($xchan, $arr, true);
-			logger('results: ' . print_r($x, true), LOGGER_DEBUG);
-			if ($x['changed']) {
-				//$guid = random_string() . '@' . App::get_hostname();
-				Libzotdir::update_modtime($sender, $r[0]['xchan_guid'], $arr['locations'][0]['address'], UPDATE_FLAGS_UPDATED);
-			}
-		}
-	}
-
-	/**
-	 * @brief Checks for a moved channel and sets the channel_moved flag.
-	 *
-	 * Currently the effect of this flag is to turn the channel into 'read-only' mode.
-	 * New content will not be processed (there was still an issue with blocking the
-	 * ability to post comments as of 10-Mar-2016).
-	 * We do not physically remove the channel at this time. The hub admin may choose
-	 * to do so, but is encouraged to allow a grace period of several days in case there
-	 * are any issues migrating content. This packet will generally be received by the
-	 * original site when the basic channel import has been processed.
-	 *
-	 * This will only be executed on the old location
-	 * if a new location is reported and there is only one location record.
-	 * The rest of the hubloc syncronisation will be handled within
-	 * sync_locations
-	 *
-	 * @param string $sender_hash A channel hash
-	 * @param array $locations
-	 * @return void
-	 */
-	static function check_location_move($sender_hash, $locations) {
-
-		if (!$locations)
-			return;
-
-		if (count($locations) != 1)
-			return;
-
-		$loc = $locations[0];
-
-		$r = q("select * from channel where channel_hash = '%s' limit 1",
-			dbesc($sender_hash)
-		);
-
-		if (!$r)
-			return;
-
-		if ($loc['url'] !== z_root()) {
-			$x = q("update channel set channel_moved = '%s' where channel_hash = '%s' limit 1",
-				dbesc($loc['url']),
-				dbesc($sender_hash)
-			);
-
-			// federation plugins may wish to notify connections
-			// of the move on singleton networks
-
-			$arr = [
-				'channel'   => $r[0],
-				'locations' => $locations
-			];
-			/**
-			 * @hooks location_move
-			 *   Called when a new location has been provided to a UNO channel (indicating a move rather than a clone).
-			 *   * \e array \b channel
-			 *   * \e array \b locations
-			 */
-			call_hooks('location_move', $arr);
-		}
-	}
-
-
 	/**
 	 * @brief Returns an array with all known distinct hubs for this channel.
 	 *
@@ -2429,19 +2355,6 @@ class Libzot {
 					'deleted'  => (intval($hub['hubloc_deleted']) ? true : false)
 				];
 
-				// version compatibility tweaks
-
-				if (!strpos($z['url_sig'], '.')) {
-					$z['url_sig'] = 'sha256.' . $z['url_sig'];
-				}
-
-				if (!$z['id_url']) {
-					$z['id_url'] = $z['url'] . '/channel/' . substr($z['address'], 0, strpos($z['address'], '@'));
-				}
-				if (!$z['site_id']) {
-					$z['site_id'] = Libzot::make_xchan_hash($z['url'], $z['sitekey']);
-				}
-
 				$ret[] = $z;
 			}
 		}
@@ -2478,32 +2391,32 @@ class Libzot {
 		}
 
 		$site_directory = 0;
-		if ($arr['directory_mode'] == 'normal')
+		if (isset($arr['directory_mode']) && $arr['directory_mode'] == 'normal')
 			$site_directory = DIRECTORY_MODE_NORMAL;
-		if ($arr['directory_mode'] == 'primary')
+		if (isset($arr['directory_mode']) && $arr['directory_mode'] == 'primary')
 			$site_directory = DIRECTORY_MODE_PRIMARY;
-		if ($arr['directory_mode'] == 'secondary')
+		if (isset($arr['directory_mode']) && $arr['directory_mode'] == 'secondary')
 			$site_directory = DIRECTORY_MODE_SECONDARY;
-		if ($arr['directory_mode'] == 'standalone')
+		if (isset($arr['directory_mode']) && $arr['directory_mode'] == 'standalone')
 			$site_directory = DIRECTORY_MODE_STANDALONE;
 
 		$register_policy = 0;
-		if ($arr['register_policy'] == 'closed')
+		if (isset($arr['register_policy']) && $arr['register_policy'] == 'closed')
 			$register_policy = REGISTER_CLOSED;
-		if ($arr['register_policy'] == 'open')
+		if (isset($arr['register_policy']) && $arr['register_policy'] == 'open')
 			$register_policy = REGISTER_OPEN;
-		if ($arr['register_policy'] == 'approve')
+		if (isset($arr['register_policy']) && $arr['register_policy'] == 'approve')
 			$register_policy = REGISTER_APPROVE;
 
 		$access_policy = 0;
 		if (array_key_exists('access_policy', $arr)) {
-			if ($arr['access_policy'] === 'private')
+			if (isset($arr['access_policy']) && $arr['access_policy'] === 'private')
 				$access_policy = ACCESS_PRIVATE;
-			if ($arr['access_policy'] === 'paid')
+			if (isset($arr['access_policy']) && $arr['access_policy'] === 'paid')
 				$access_policy = ACCESS_PAID;
-			if ($arr['access_policy'] === 'free')
+			if (isset($arr['access_policy']) && $arr['access_policy'] === 'free')
 				$access_policy = ACCESS_FREE;
-			if ($arr['access_policy'] === 'tiered')
+			if (isset($arr['access_policy']) && $arr['access_policy'] === 'tiered')
 				$access_policy = ACCESS_TIERED;
 		}
 
@@ -2813,12 +2726,12 @@ class Libzot {
 		$e = $r[0];
 		$id = $e['channel_id'];
 
-		$sys_channel     = (intval($e['channel_system']) ? true : false);
+		$sys_channel     = ((empty($e['channel_system'])) ? false : true);
 		$special_channel = (($e['channel_pageflags'] & PAGE_PREMIUM) ? true : false);
 		$adult_channel   = (($e['channel_pageflags'] & PAGE_ADULT) ? true : false);
 		$censored        = (($e['channel_pageflags'] & PAGE_CENSORED) ? true : false);
 		$searchable      = (($e['channel_pageflags'] & PAGE_HIDDEN) ? false : true);
-		$deleted         = (intval($e['xchan_deleted']) ? true : false);
+		$deleted         = ((empty($e['xchan_deleted'])) ? false : true);
 
 		if ($deleted || $censored || $sys_channel)
 			$searchable = false;
@@ -2870,8 +2783,8 @@ class Libzot {
 
 		// Communication details
 
-		$ret['id']     = $e['xchan_guid'];
-		$ret['id_sig'] = self::sign($e['xchan_guid'], $e['channel_prvkey']);
+		$ret['id']     = $e['channel_guid'];
+		$ret['id_sig'] = self::sign($e['channel_guid'], $e['channel_prvkey']);
 
 		$ret['primary_location'] = [
 			'address'         => $e['xchan_addr'],
@@ -2880,10 +2793,10 @@ class Libzot {
 			'follow_url'      => $e['xchan_follow'],
 		];
 
-		$ret['public_key']   = $e['xchan_pubkey'];
+		$ret['public_key']   = $e['channel_pubkey'];
 		$ret['signing_algorithm'] = 'rsa-sha256';
 		$ret['username']     = $e['channel_address'];
-		$ret['name']         = $e['xchan_name'];
+		$ret['name']         = $e['channel_name'];
 		$ret['name_updated'] = $e['xchan_name_date'];
 		$ret['photo']        = [
 			'url'     => $e['xchan_photo_l'],
@@ -2916,7 +2829,7 @@ class Libzot {
 		$ret['mail']     = map_scope(PermissionLimits::Get($e['channel_id'], 'post_mail'));
 
 		if ($deleted)
-			$ret['deleted'] = $deleted;
+			$ret['deleted'] = true;
 
 		if (intval($e['channel_removed'])) {
 			$ret['deleted_locally'] = true;
@@ -2988,18 +2901,17 @@ class Libzot {
 		$signing_key = get_config('system', 'prvkey');
 		$sig_method  = get_config('system', 'signature_algorithm', 'sha256');
 
-		$ret                         = [];
-		$ret['site']                 = [];
-		$ret['site']['url']          = z_root();
-		$ret['site']['site_sig']     = self::sign(z_root(), $signing_key);
-		$ret['site']['post']         = z_root() . '/zot';
-		$ret['site']['openWebAuth']  = z_root() . '/owa';
-		$ret['site']['authRedirect'] = z_root() . '/magic';
-		$ret['site']['sitekey']      = get_config('system', 'pubkey');
+		$ret                           = [];
+		$ret['site']                   = [];
+		$ret['site']['url']            = z_root();
+		$ret['site']['site_sig']       = self::sign(z_root(), $signing_key);
+		$ret['site']['post']           = z_root() . '/zot';
+		$ret['site']['openWebAuth']    = z_root() . '/owa';
+		$ret['site']['authRedirect']   = z_root() . '/magic';
+		$ret['site']['sitekey']        = get_config('system', 'pubkey');
+		$ret['site']['directory_mode'] = 'normal';
 
 		$dirmode = get_config('system', 'directory_mode');
-		if (($dirmode === false) || ($dirmode == DIRECTORY_MODE_NORMAL))
-			$ret['site']['directory_mode'] = 'normal';
 
 		if ($dirmode == DIRECTORY_MODE_PRIMARY)
 			$ret['site']['directory_mode'] = 'primary';

Zotlabs/Lib/Libzotdir.php

@@ -145,8 +145,8 @@ class Libzotdir {
 		if(! $directory_sort_order)
 			$directory_sort_order = 'date';
 
-		$current_order = (($_REQUEST['order']) ? $_REQUEST['order'] : $directory_sort_order);
-		$suggest = (($_REQUEST['suggest']) ? '&suggest=' . $_REQUEST['suggest'] : '');
+		$current_order = $_REQUEST['order'] ?? $directory_sort_order;
+		$suggest = ((isset($_REQUEST['suggest'])) ? '&suggest=' . $_REQUEST['suggest'] : '');
 
 		$url = 'directory?f=';
 
@@ -172,13 +172,12 @@ class Libzotdir {
 	}
 
 	/**
-	 * @brief Checks the directory mode of this hub.
+	 * @brief fetches updates from known directories
 	 *
 	 * Checks the directory mode of this hub to see if it is some form of directory server. If it is,
 	 * get the directory realm of this hub. Fetch a list of all other directory servers in this realm and request
-	 * a directory sync packet. This will contain both directory updates and new ratings. Store these all in the DB.
-	 * In the case of updates, we will query each of them asynchronously from a poller task. Ratings are stored
-	 * directly if the rater's signature matches.
+	 * a directory sync packet. Store these all in the DB.
+	 * In the case of updates, we will query each of them asynchronously from a poller task.
 	 *
 	 * @param int $dirmode;
 	 */
@@ -233,6 +232,8 @@ class Libzotdir {
 		if (! $r)
 			return;
 
+		$dir_trusted_hosts = array_merge(get_directory_fallback_servers(), get_config('system', 'trusted_directory_servers', []));
+
 		foreach ($r as $rr) {
 			if (! $rr['site_directory'])
 				continue;
@@ -264,31 +265,65 @@ class Libzotdir {
 
 			if (is_array($j['transactions']) && count($j['transactions'])) {
 				foreach ($j['transactions'] as $t) {
-
-					if (empty($t['hash']) || empty($t['transaction_id']) || empty($t['address'])) {
+					if (empty($t['hash']) || empty($t['host']) || empty($t['address'])) {
 						continue;
 					}
 
-					$r = q("select * from updates where ud_guid = '%s' limit 1",
-						dbesc($t['transaction_id'])
+					$r = q("select * from updates where ud_hash = '%s' limit 1",
+						dbesc($t['hash'])
 					);
-					if($r)
-						continue;
 
-					$ud_flags = 0;
-					if (is_array($t['flags']) && in_array('deleted',$t['flags']))
-						$ud_flags |= UPDATE_FLAGS_DELETED;
-					if (is_array($t['flags']) && in_array('forced',$t['flags']))
-						$ud_flags |= UPDATE_FLAGS_FORCED;
+					if ($r) {
+						$update = 0;
 
-					$z = q("insert into updates ( ud_hash, ud_guid, ud_date, ud_flags, ud_addr )
-						values ( '%s', '%s', '%s', %d, '%s' ) ",
-						dbesc($t['hash']),
-						dbesc($t['transaction_id']),
-						dbesc($t['timestamp']),
-						intval($ud_flags),
-						dbesc($t['address'])
-					);
+						// no need to look at updates that originated from our own site
+						if ($t['host'] === z_root()) {
+							continue;
+						}
+
+						// there is more recent xchan information
+						if ($r[0]['ud_date'] <= $t['timestamp']) {
+							$update = 1;
+						}
+
+						// the host is trusted and flags have changed - update flags immediately
+						if (in_array($t['host'], $dir_trusted_hosts) &&
+							$rr['site_url'] === $t['host'] &&
+							intval($r[0]['ud_flags']) !== intval($t['flags'])) {
+
+							q("UPDATE updates SET ud_update = %d, ud_flags = %d WHERE ud_id = %d",
+								intval($update),
+								intval($t['flags']),
+								dbesc($r[0]['ud_id'])
+							);
+
+							q("UPDATE xchan SET xchan_censored = %d WHERE xchan_hash = '%s'",
+								intval($t['flags']),
+								dbesc($r[0]['ud_hash'])
+							);
+
+							continue;
+						}
+
+						if (!$update) {
+							continue;
+						}
+
+						q("UPDATE updates SET ud_update = %d WHERE ud_id = %d",
+							intval($update),
+							dbesc($r[0]['ud_id'])
+						);
+					}
+					else {
+						q("insert into updates ( ud_hash, ud_host, ud_date, ud_addr, ud_update, ud_flags )
+							values ( '%s', '%s', '%s', '%s', 1, %d) ",
+							dbesc($t['hash']),
+							dbesc($t['host']),
+							dbesc($t['timestamp']),
+							dbesc($t['address']),
+							dbesc(in_array($t['host'], $dir_trusted_hosts) ? $t['flags'] : 0)
+						);
+					}
 				}
 			}
 		}
@@ -303,8 +338,9 @@ class Libzotdir {
 	 *
 	 * Ignore updating records marked as deleted.
 	 *
-	 * If successful, sets ud_last in the DB to the current datetime for this
+	 * If successful, sets ud_updated in the DB to the current datetime for this
 	 * reddress/webbie.
+	 * Else update ud_last so we can stop trying after 7 days (Daemon/Poller.php)
 	 *
 	 * @param array $ud Entry from update table
 	 */
@@ -313,32 +349,47 @@ class Libzotdir {
 
 		logger('update_directory_entry: ' . print_r($ud,true), LOGGER_DATA);
 
-		if ($ud['ud_addr'] && (! ($ud['ud_flags'] & UPDATE_FLAGS_DELETED))) {
-			$success = false;
-			$zf = [];
+		// TODO: remove this check after all directory servers have version > 8.4
+		// ud_addr will always be the channel url at that time
+		$href = ((strpos($ud['ud_addr'], '://') === false) ? Webfinger::zot_url(punify($ud['ud_addr'])) : punify($ud['ud_addr']));
+		if($href) {
+			$zf = Zotfinger::exec($href);
+			if($zf && array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
+				$xc = Libzot::import_xchan($zf['data']);
+
+				// xchan_hash mismatch - this can happen after a site re-install at the same url
+				if ($xc['success'] && $xc['hash'] !== $ud['ud_hash']) {
+					self::delete_by_hash($ud['ud_hash']);
+				}
+
+				// backwards compatibility: Libzot::import_xchan(), where self::update() is called,
+				// will fail with versions < 8.4 if the channel has been locally deleted.
+				// In this case we will update the updates record here without bumping the date
+				// since we could not verify if anything changed.
+				if (!$xc['success'] && !empty($zf['data']['deleted_locally'])) {
+					self::update($ud['ud_hash'], $ud['ud_addr'], false);
+				}
 
-			$href = Webfinger::zot_url(punify($ud['ud_addr']));
-			if($href) {
-				$zf = Zotfinger::exec($href);
-			}
-			if(array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
-				$xc = Libzot::import_xchan($zf['data'], 0, $ud);
 				// This is a workaround for a missing xchan_updated column
 				// TODO: implement xchan_updated in the xchan table and update this column instead
-				if($zf['data']['primary_location']['address'] && $zf['data']['primary_location']['url']) {
+				if(!empty($zf['data']['primary_location']['url'])) {
 					q("UPDATE hubloc SET hubloc_updated = '%s' WHERE hubloc_id_url = '%s' AND hubloc_primary = 1",
 						dbesc(datetime_convert()),
 						dbesc($zf['data']['primary_location']['url'])
 					);
 				}
-			}
-			else {
-				q("update updates set ud_last = '%s' where ud_addr = '%s'",
-					dbesc(datetime_convert()),
-					dbesc($ud['ud_addr'])
-				);
+
+				return true;
 			}
 		}
+
+		q("UPDATE updates SET ud_addr = '%s', ud_last = '%s' WHERE ud_hash = '%s'",
+			dbesc($href ? $href : $ud['ud_addr']),
+			dbesc(datetime_convert()),
+			dbesc($ud['ud_hash'])
+		);
+
+		return false;
 	}
 
 
@@ -353,85 +404,78 @@ class Libzotdir {
 	 */
 
 	static function local_dir_update($uid, $force) {
+		logger('local_dir_update uid: ' . $uid, LOGGER_DEBUG);
 
-
-		logger('local_dir_update: uid: ' . $uid, LOGGER_DEBUG);
-
-		$p = q("select channel.channel_hash, channel_address, channel_timezone, profile.* from profile left join channel on channel_id = uid where uid = %d and is_default = 1",
+		$p = q("select channel.channel_hash, channel_address, channel_timezone, profile.*, xchan.xchan_hidden, xchan.xchan_url from profile left join channel on channel_id = uid left join xchan on channel_hash = xchan_hash where profile.uid = %d and profile.is_default = 1",
 			intval($uid)
 		);
 
-		$profile = array();
-		$profile['encoding'] = 'zot';
-
-		if ($p) {
-			$hash = $p[0]['channel_hash'];
-
-			$profile['description'] = $p[0]['pdesc'];
-			$profile['birthday']    = $p[0]['dob'];
-			if ($age = age($p[0]['dob'],$p[0]['channel_timezone'],''))
-				$profile['age'] = $age;
-
-			$profile['gender']      = $p[0]['gender'];
-			$profile['marital']     = $p[0]['marital'];
-			$profile['sexual']      = $p[0]['sexual'];
-			$profile['locale']      = $p[0]['locality'];
-			$profile['region']      = $p[0]['region'];
-			$profile['postcode']    = $p[0]['postal_code'];
-			$profile['country']     = $p[0]['country_name'];
-			$profile['about']       = $p[0]['about'];
-			$profile['homepage']    = $p[0]['homepage'];
-			$profile['hometown']    = $p[0]['hometown'];
-
-			if ($p[0]['keywords']) {
-				$tags = array();
-				$k = explode(' ', $p[0]['keywords']);
-				if ($k)
-					foreach ($k as $kk)
-						if (trim($kk))
-							$tags[] = trim($kk);
-
-				if ($tags)
-					$profile['keywords'] = $tags;
-			}
-
-			$hidden = (1 - intval($p[0]['publish']));
-
-			logger('hidden: ' . $hidden);
-
-			$r = q("select xchan_hidden from xchan where xchan_hash = '%s'",
-				dbesc($p[0]['channel_hash'])
-			);
-
-			if(intval($r[0]['xchan_hidden']) != $hidden) {
-				$r = q("update xchan set xchan_hidden = %d where xchan_hash = '%s'",
-					intval($hidden),
-					dbesc($hash)
-				);
-			}
-
-			$arr = [ 'channel_id' => $uid, 'hash' => $hash, 'profile' => $profile ];
-			call_hooks('local_dir_update', $arr);
-
-			$address = channel_reddress($p[0]);
-
-			if (perm_is_allowed($uid, '', 'view_profile')) {
-				self::import_directory_profile($hash, $arr['profile'], $address, 0);
-			}
-			else {
-				// they may have made it private
-				q("delete from xprof where xprof_hash = '%s'",
-					dbesc($hash)
-				);
-				q("delete from xtag where xtag_hash = '%s'",
-					dbesc($hash)
-				);
-			}
-
+		if (!$p) {
+			logger('profile not found');
+			return;
 		}
 
-		$ud_hash = random_string() . '@' . \App::get_hostname();
-		self::update_modtime($hash, $ud_hash, channel_reddress($p[0]),(($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
+		$profile = [];
+		$profile['encoding'] = 'zot';
+
+		$hash = $p[0]['channel_hash'];
+
+		$profile['description'] = $p[0]['pdesc'];
+		$profile['birthday']    = $p[0]['dob'];
+		if ($age = age($p[0]['dob'],$p[0]['channel_timezone'],''))
+			$profile['age'] = $age;
+
+		$profile['gender']      = $p[0]['gender'];
+		$profile['marital']     = $p[0]['marital'];
+		$profile['sexual']      = $p[0]['sexual'];
+		$profile['locale']      = $p[0]['locality'];
+		$profile['region']      = $p[0]['region'];
+		$profile['postcode']    = $p[0]['postal_code'];
+		$profile['country']     = $p[0]['country_name'];
+		$profile['about']       = $p[0]['about'];
+		$profile['homepage']    = $p[0]['homepage'];
+		$profile['hometown']    = $p[0]['hometown'];
+
+		if ($p[0]['keywords']) {
+			$tags = array();
+			$k = explode(' ', $p[0]['keywords']);
+			if ($k)
+				foreach ($k as $kk)
+					if (trim($kk))
+						$tags[] = trim($kk);
+
+			if ($tags)
+				$profile['keywords'] = $tags;
+		}
+
+		$hidden = (1 - intval($p[0]['publish']));
+
+		logger('hidden: ' . $hidden);
+
+		if(intval($p[0]['xchan_hidden']) !== $hidden) {
+			q("update xchan set xchan_hidden = %d where xchan_hash = '%s'",
+				intval($hidden),
+				dbesc($hash)
+			);
+		}
+
+		$arr = [ 'channel_id' => $uid, 'hash' => $hash, 'profile' => $profile ];
+		call_hooks('local_dir_update', $arr);
+
+		if (perm_is_allowed($uid, '', 'view_profile')) {
+			self::import_directory_profile($hash, $arr['profile']);
+		}
+		else {
+			// they may have made it private
+			q("delete from xprof where xprof_hash = '%s'",
+				dbesc($hash)
+			);
+			q("delete from xtag where xtag_hash = '%s'",
+				dbesc($hash)
+			);
+		}
+
+		self::update($hash, $p[0]['xchan_url']);
 	}
 
 
@@ -441,39 +485,48 @@ class Libzotdir {
 	 *
 	 * @param string $hash
 	 * @param array $profile
-	 * @param string $addr
-	 * @param number $ud_flags (optional) UPDATE_FLAGS_UPDATED
-	 * @param number $suppress_update (optional) default 0
 	 * @return boolean $updated if something changed
 	 */
 
-	static function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLAGS_UPDATED, $suppress_update = 0) {
+	static function import_directory_profile($hash, $profile) {
 
 		logger('import_directory_profile', LOGGER_DEBUG);
 		if (! $hash)
 			return false;
 
-		$arr = array();
+		$arr = [];
 
-		$arr['xprof_hash']         = $hash;
-		$arr['xprof_dob']          = (($profile['birthday'] === '0000-00-00') ? $profile['birthday'] : datetime_convert('','',$profile['birthday'],'Y-m-d')); // !!!! check this for 0000 year
-		$arr['xprof_age']          = (($profile['age'])         ? intval($profile['age']) : 0);
-		$arr['xprof_desc']         = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_gender']       = (($profile['gender'])      ? htmlspecialchars($profile['gender'],      ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_marital']      = (($profile['marital'])     ? htmlspecialchars($profile['marital'],     ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_sexual']       = (($profile['sexual'])      ? htmlspecialchars($profile['sexual'],      ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_locale']       = (($profile['locale'])      ? htmlspecialchars($profile['locale'],      ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_region']       = (($profile['region'])      ? htmlspecialchars($profile['region'],      ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_postcode']     = (($profile['postcode'])    ? htmlspecialchars($profile['postcode'],    ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_country']      = (($profile['country'])     ? htmlspecialchars($profile['country'],     ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_about']        = (($profile['about'])       ? htmlspecialchars($profile['about'],       ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_homepage']     = (($profile['homepage'])    ? htmlspecialchars($profile['homepage'],    ENT_COMPAT,'UTF-8',false) : '');
-		$arr['xprof_hometown']     = (($profile['hometown'])    ? htmlspecialchars($profile['hometown'],    ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_hash'] = $hash;
+		$arr['xprof_dob'] = '0000-00-00';
+
+		if (isset($profile['birthday'])) {
+			$arr['xprof_dob'] = (($profile['birthday'] === '0000-00-00')
+			? $profile['birthday']
+			: datetime_convert('', '', $profile['birthday'], 'Y-m-d')); // !!!! check this for 0000 year
+		}
+
+		$arr['xprof_age']          = ((isset($profile['age']) && $profile['age']) ? intval($profile['age']) : 0);
+		$arr['xprof_desc']         = ((isset($profile['description']) && $profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_gender']       = ((isset($profile['gender']) && $profile['gender'])     ? htmlspecialchars($profile['gender'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_marital']      = ((isset($profile['marital']) && $profile['marital'])   ? htmlspecialchars($profile['marital'],     ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_sexual']       = ((isset($profile['sexual']) && $profile['sexual'])     ? htmlspecialchars($profile['sexual'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_locale']       = ((isset($profile['locale']) && $profile['locale'])     ? htmlspecialchars($profile['locale'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_region']       = ((isset($profile['region']) && $profile['region'])     ? htmlspecialchars($profile['region'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_postcode']     = ((isset($profile['postcode']) && $profile['postcode']) ? htmlspecialchars($profile['postcode'],    ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_country']      = ((isset($profile['country']) && $profile['country'])   ? htmlspecialchars($profile['country'],     ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_about']        = ((isset($profile['about']) && $profile['about'])       ? htmlspecialchars($profile['about'],       ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_homepage']     = ((isset($profile['homepage']) && $profile['homepage']) ? htmlspecialchars($profile['homepage'],    ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_hometown']     = ((isset($profile['hometown']) && $profile['hometown']) ? htmlspecialchars($profile['hometown'],    ENT_COMPAT,'UTF-8',false) : '');
 
 		$clean = array();
 		if (array_key_exists('keywords', $profile) and is_array($profile['keywords'])) {
 			self::import_directory_keywords($hash,$profile['keywords']);
+
 			foreach ($profile['keywords'] as $kw) {
+				if (in_array($kw, $clean)) {
+					continue;
+				}
+
 				$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
 				$kw = trim($kw, ',');
 				$clean[] = $kw;
@@ -580,9 +633,6 @@ class Libzotdir {
 		 */
 		call_hooks('import_directory_profile', $d);
 
-		if (($d['update']) && (! $suppress_update))
-			self::update_modtime($arr['xprof_hash'],random_string() . '@' . \App::get_hostname(), $addr, $ud_flags);
-
 		return $d['update'];
 	}
 
@@ -600,6 +650,10 @@ class Libzotdir {
 			dbesc($hash)
 		);
 
+		$xchan = q("select xchan_censored from xchan where xchan_hash = '%s'",
+			dbesc($hash)
+		);
+
 		if($r) {
 			foreach($r as $rr)
 				$existing[] = $rr['xtag_term'];
@@ -607,6 +661,10 @@ class Libzotdir {
 
 		$clean = array();
 		foreach($keywords as $kw) {
+			if (in_array($kw, $clean)) {
+				continue;
+			}
+
 			$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
 			$kw = trim($kw, ',');
 			$clean[] = $kw;
@@ -621,9 +679,10 @@ class Libzotdir {
 		}
 		foreach($clean as $x) {
 			if(! in_array($x, $existing)) {
-				$r = q("insert into xtag ( xtag_hash, xtag_term, xtag_flags) values ( '%s' ,'%s', 0 )",
+				$r = q("insert into xtag ( xtag_hash, xtag_term, xtag_flags) values ( '%s' ,'%s', %d )",
 					dbesc($hash),
-					dbesc($x)
+					dbesc($x),
+					intval($xchan[0]['xchan_censored'])
 				);
 			}
 		}
@@ -633,13 +692,12 @@ class Libzotdir {
 	/**
 	 * @brief
 	 *
-	 * @param string $hash
-	 * @param string $guid
-	 * @param string $addr
-	 * @param int $flags (optional) default 0
+	 * @param string $hash the channel hash
+	 * @param string $addr the channel url
+	 * @param bool $bump_date (optional) default true
 	 */
 
-	static function update_modtime($hash, $guid, $addr, $flags = 0) {
+	static function update($hash, $addr, $bump_date = true, $flag = null) {
 
 		$dirmode = intval(get_config('system', 'directory_mode'));
 
@@ -647,26 +705,70 @@ class Libzotdir {
 			return;
 		}
 
-		if (empty($hash) || empty($guid) || empty($addr)) {
+		if (empty($hash) || empty($addr)) {
 			return;
 		}
 
-		if($flags) {
-			q("insert into updates (ud_hash, ud_guid, ud_date, ud_flags, ud_addr ) values ( '%s', '%s', '%s', %d, '%s' )",
-				dbesc($hash),
-				dbesc($guid),
-				dbesc(datetime_convert()),
-				intval($flags),
-				dbesc($addr)
-			);
+		$u = q("SELECT * FROM updates WHERE ud_hash = '%s' LIMIT 1",
+			dbesc($hash)
+		);
+
+		$date_sql = '';
+		if ($bump_date) {
+			$date_sql = "ud_date = '" . dbesc(datetime_convert()) . "',";
 		}
-		else {
-			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
-				intval(UPDATE_FLAGS_UPDATED),
+
+		$flag_sql = '';
+		if ($flag !== null) {
+			$flag_sql = "ud_flags = '" . intval($flag) . "',";
+		}
+
+
+		if ($u) {
+			$x = q("UPDATE updates SET $date_sql $flag_sql ud_last = '%s', ud_host = '%s', ud_addr = '%s', ud_update = 0 WHERE ud_id = %d",
+				dbesc(NULL_DATE),
+				dbesc(z_root()),
 				dbesc($addr),
-				intval(UPDATE_FLAGS_UPDATED)
+				intval($u[0]['ud_id'])
 			);
+
+			return;
 		}
+
+		q("INSERT INTO updates (ud_hash, ud_host, ud_date, ud_addr, ud_flags) VALUES ( '%s', '%s', '%s', '%s', %d )",
+			dbesc($hash),
+			dbesc(z_root()),
+			dbesc(datetime_convert()),
+			dbesc($addr),
+			intval($flag)
+		);
+
+		return;
+
+	}
+
+
+	/**
+	 * @brief deletes a entry in updates by hash
+	 *
+	 * @param string $hash the channel hash
+	 * @return boolean
+	 */
+
+	static function delete_by_hash($hash) {
+		if (!$hash) {
+			return false;
+		}
+
+		$x = q("DELETE FROM updates WHERE ud_hash = '%s'",
+			dbesc($hash)
+		);
+
+		if ($x) {
+			return true;
+		}
+
+		return false;
 	}
 
 }

Zotlabs/Lib/MessageFilter.php

@@ -25,7 +25,7 @@ class MessageFilter {
 
 		if ($exclude) {
 			foreach ($exclude as $word) {
-				$word = trim($word);
+				$word = html_entity_decode(trim($word));
 				if (! $word) {
 					continue;
 				}
@@ -73,7 +73,7 @@ class MessageFilter {
 
 		if ($include) {
 			foreach ($include as $word) {
-				$word = trim($word);
+				$word = html_entity_decode(trim($word));
 				if (! $word) {
 					continue;
 				}

Zotlabs/Lib/Queue.php

@@ -57,7 +57,6 @@ class Queue {
 			outq_priority = outq_priority + %d,
 			outq_scheduled = '%s'
 			WHERE outq_hash = '%s'",
-
 			dbesc(datetime_convert()),
 			intval($add_priority),
 			dbesc($next),
@@ -65,16 +64,38 @@ class Queue {
 		);
 	}
 
-
-	static function remove($id,$channel_id = 0) {
-		logger('queue: remove queue item ' . $id,LOGGER_DEBUG);
+	public static function remove($id, $channel_id = 0) {
+		logger('queue: remove queue item ' . $id, LOGGER_DEBUG);
 		$sql_extra = (($channel_id) ? " and outq_channel = " . intval($channel_id) . " " : '');
 
-		q("DELETE FROM outq WHERE outq_hash = '%s' $sql_extra",
+		// figure out what endpoint it is going to.
+		$record = q("select outq_posturl from outq where outq_hash = '%s' $sql_extra",
 			dbesc($id)
 		);
-	}
 
+		if ($record) {
+			q("DELETE FROM outq WHERE outq_hash = '%s' $sql_extra",
+				dbesc($id)
+			);
+
+			// If there's anything remaining in the queue for this site, move one of them to the next active
+			// queue run by setting outq_scheduled back to the present. We may be attempting to deliver it
+			// as a 'piled_up' delivery, but this ensures the site has an active queue entry as long as queued
+			// entries still exist for it. This fixes an issue where one immediate delivery left everything
+			// else for that site undeliverable since all the other entries had been pushed far into the future.
+
+			$r = q("SELECT outq_hash, outq_posturl FROM outq WHERE outq_posturl = '%s' LIMIT 1",
+				dbesc($record[0]['outq_posturl'])
+			);
+
+			if ($r) {
+				$hashes = ids_to_querystr($r, 'outq_hash', true);
+				$x = q("UPDATE outq SET outq_scheduled = '%s' WHERE outq_hash IN ($hashes)",
+					dbesc(datetime_convert())
+				);
+			}
+		}
+	}
 
 	static function remove_by_posturl($posturl) {
 		logger('queue: remove queue posturl ' . $posturl,LOGGER_DEBUG);
@@ -84,8 +105,6 @@ class Queue {
 		);
 	}
 
-
-
 	static function set_delivered($id,$channel = 0) {
 		logger('queue: set delivered ' . $id,LOGGER_DEBUG);
 		$sql_extra = (($channel['channel_id']) ? " and outq_channel = " . intval($channel['channel_id']) . " " : '');
@@ -152,17 +171,19 @@ class Queue {
 			$y = q("select site_update, site_dead from site where site_url = '%s' ",
 				dbesc($base)
 			);
-			if($y) {
-				if(intval($y[0]['site_dead'])) {
+
+			if ($y) {
+				// Don't bother delivering if the site is dead.
+				// And if we haven't heard from the site in over a month - let them through but 3 strikes you're out.
+				if (intval($y[0]['site_dead']) || ($y[0]['site_update'] < datetime_convert('UTC', 'UTC', 'now - 1 month') && $outq['outq_priority'] > 20)) {
+					q("update dreport set dreport_result = '%s' where dreport_queue = '%s'",
+						dbesc('site dead'),
+						dbesc($outq['outq_hash'])
+					);
 					self::remove_by_posturl($outq['outq_posturl']);
 					logger('dead site ignored ' . $base);
 					return;
 				}
-				if($y[0]['site_update'] < datetime_convert('UTC','UTC','now - 1 month')) {
-					self::update($outq['outq_hash'], 10);
-					logger('immediate delivery deferred for site ' . $base);
-					return;
-				}
 			}
 			else {
 
@@ -225,7 +246,7 @@ class Queue {
 
 			if($result['success']) {
 				logger('deliver: remote zot delivery succeeded to ' . $outq['outq_posturl']);
-				Libzot::process_response($outq['outq_posturl'],$result, $outq);
+				Libzot::process_response($outq['outq_posturl'], $result, $outq);
 			}
 			else {
 				logger('deliver: remote zot delivery failed to ' . $outq['outq_posturl']);

Zotlabs/Lib/QueueWorker.php

@@ -0,0 +1,378 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use Ramsey\Uuid\Uuid;
+use Ramsey\Uuid\Exception\UnableToBuildUuidException;
+
+class QueueWorker {
+
+	public static $queueworker = null;
+	public static $maxworkers = 0;
+	public static $workermaxage = 0;
+	public static $workersleep = 100;
+	public static $default_priorities = [
+		'Notifier'         => 10,
+		'Deliver'          => 10,
+		'Cache_query'      => 10,
+		'Content_importer' => 1,
+		'File_importer'    => 1,
+		'Channel_purge'    => 1,
+		'Directory'        => 1
+	];
+
+	// Exceptions for processtimeout ($workermaxage) value.
+	// Currently the value is overriden with 3600 seconds (1h).
+	public static $long_running_cmd = [
+		'Queue',
+		'Expire'
+	];
+
+	private static function qstart() {
+		q('START TRANSACTION');
+	}
+
+	private static function qcommit() {
+		q("COMMIT");
+	}
+
+	private static function qrollback() {
+		q("ROLLBACK");
+	}
+
+	public static function Summon($argv) {
+
+		if ($argv[0] !== 'Queueworker') {
+
+			$priority = 0; // @TODO allow reprioritization
+
+			if (isset(self::$default_priorities[$argv[0]])) {
+				$priority = self::$default_priorities[$argv[0]];
+			}
+
+			$workinfo      = ['argc' => count($argv), 'argv' => $argv];
+			$workinfo_json = json_encode($workinfo);
+			$uuid          = self::getUuid($workinfo_json);
+
+			$r = q("SELECT * FROM workerq WHERE workerq_uuid = '%s'",
+				dbesc($uuid)
+			);
+			if ($r) {
+				logger("Summon: Ignoring duplicate workerq task", LOGGER_DEBUG);
+				logger(print_r($workinfo, true));
+				return;
+			}
+
+			self::qstart();
+			$r = q("INSERT INTO workerq (workerq_priority, workerq_data, workerq_uuid, workerq_cmd) VALUES (%d, '%s', '%s', '%s')",
+				intval($priority),
+				$workinfo_json,
+				dbesc($uuid),
+				dbesc($argv[0])
+			);
+			if (!$r) {
+				self::qrollback();
+				logger("INSERT FAILED", LOGGER_DEBUG);
+				return;
+			}
+			self::qcommit();
+			logger('INSERTED: ' . $workinfo_json, LOGGER_DEBUG);
+		}
+
+		$workers = self::GetWorkerCount();
+		if ($workers < self::$maxworkers) {
+			logger($workers . '/' . self::$maxworkers . ' workers active', LOGGER_DEBUG);
+			$phpbin = get_config('system', 'phpbin', 'php');
+			proc_run($phpbin, 'Zotlabs/Daemon/Master.php', ['Queueworker']);
+		}
+	}
+
+	public static function Release($argv) {
+
+		if ($argv[0] !== 'Queueworker') {
+
+			$priority = 0; // @TODO allow reprioritization
+			if (isset(self::$default_priorities[$argv[0]])) {
+				$priority = self::$default_priorities[$argv[0]];
+			}
+
+			$workinfo      = ['argc' => count($argv), 'argv' => $argv];
+			$workinfo_json = json_encode($workinfo);
+			$uuid          = self::getUuid($workinfo_json);
+
+			$r = q("SELECT * FROM workerq WHERE workerq_uuid = '%s'",
+				dbesc($uuid)
+			);
+			if ($r) {
+				logger("Release: Duplicate task - do not insert.", LOGGER_DEBUG);
+				logger(print_r($workinfo, true));
+				return;
+			}
+
+			self::qstart();
+			$r = q("INSERT INTO workerq (workerq_priority, workerq_data, workerq_uuid, workerq_cmd) VALUES (%d, '%s', '%s', '%s')",
+				intval($priority),
+				$workinfo_json,
+				dbesc($uuid),
+				dbesc($argv[0])
+			);
+			if (!$r) {
+				self::qrollback();
+				logger("Insert failed: " . $workinfo_json, LOGGER_DEBUG);
+				return;
+			}
+			self::qcommit();
+			logger('INSERTED: ' . $workinfo_json, LOGGER_DEBUG);
+		}
+
+		self::Process();
+	}
+
+	public static function GetWorkerCount() {
+		if (self::$maxworkers == 0) {
+			self::$maxworkers = get_config('queueworker', 'max_queueworkers', 4);
+			self::$maxworkers = self::$maxworkers > 3 ? self::$maxworkers : 4;
+		}
+		if (self::$workermaxage == 0) {
+			self::$workermaxage = get_config('queueworker', 'max_queueworker_age');
+			self::$workermaxage = self::$workermaxage > 120 ? self::$workermaxage : 300;
+		}
+
+		self::qstart();
+
+		// skip locked is preferred but is not supported by mariadb < 10.6 which is still used a lot - hence make it optional
+		$sql_quirks = ((get_config('system', 'db_skip_locked_supported')) ? 'SKIP LOCKED' : 'NOWAIT');
+
+		$r = q("SELECT workerq_id FROM workerq WHERE workerq_reservationid IS NOT NULL AND workerq_processtimeout < %s FOR UPDATE $sql_quirks",
+			db_utcnow()
+		);
+
+		if ($r) {
+			// TODO: some long running services store their pid in config.procid.daemon
+			// we could possibly check if a pid exist and check if the process is still alive
+			// prior to reseting workerq_reservationid
+
+			$ids = ids_to_querystr($r, 'workerq_id');
+			$u = dbq("update workerq set workerq_reservationid = null where workerq_id in ($ids)");
+		}
+
+		self::qcommit();
+
+		//q("update workerq set workerq_reservationid = null where workerq_reservationid is not null and workerq_processtimeout < %s",
+			//db_utcnow()
+		//);
+
+		//usleep(self::$workersleep);
+
+		$workers = dbq("select count(*) as total from workerq where workerq_reservationid is not null");
+		logger("WORKERCOUNT: " . $workers[0]['total'], LOGGER_DEBUG);
+
+		return intval($workers[0]['total']);
+	}
+
+	public static function GetWorkerID() {
+		if (self::$queueworker) {
+			return self::$queueworker;
+		}
+
+		$wid = uniqid('', true);
+
+		//usleep(mt_rand(300000, 1000000)); //Sleep .3 - 1 seconds before creating a new worker.
+
+		$workers = self::GetWorkerCount();
+
+		if ($workers >= self::$maxworkers) {
+			logger("Too many active workers ($workers) max = " . self::$maxworkers, LOGGER_DEBUG);
+			return false;
+		}
+
+		self::$queueworker = $wid;
+
+		return $wid;
+	}
+
+	private static function getWorkId() {
+		self::GetWorkerCount();
+
+		self::qstart();
+
+		// skip locked is preferred but is not supported by mariadb < 10.6 which is still used a lot - hence make it optional
+		$sql_quirks = ((get_config('system', 'db_skip_locked_supported')) ? 'SKIP LOCKED' : 'NOWAIT');
+
+		$work = dbq("SELECT workerq_id, workerq_cmd FROM workerq WHERE workerq_reservationid IS NULL ORDER BY workerq_priority DESC, workerq_id ASC LIMIT 1 FOR UPDATE $sql_quirks");
+
+		if (!$work) {
+			self::qrollback();
+			return false;
+		}
+
+		$id = $work[0]['workerq_id'];
+		$cmd = $work[0]['workerq_cmd'];
+		$age = self::$workermaxage;
+
+		if (in_array($cmd, self::$long_running_cmd)) {
+			$age = 3600; // 1h TODO: make this configurable
+		}
+
+		$work = q("UPDATE workerq SET workerq_reservationid = '%s', workerq_processtimeout = %s + INTERVAL %s WHERE workerq_id = %d",
+			self::$queueworker,
+			db_utcnow(),
+			db_quoteinterval($age . " SECOND"),
+			intval($id)
+		);
+
+		if (!$work) {
+			self::qrollback();
+			logger("Could not update workerq.", LOGGER_DEBUG);
+			return false;
+		}
+
+		logger("GOTWORK: " . json_encode($work), LOGGER_DEBUG);
+		self::qcommit();
+
+		return $id;
+	}
+
+	public static function Process() {
+		$sleep = intval(get_config('queueworker', 'queue_worker_sleep', 100));
+		$auto_queue_worker_sleep = get_config('queueworker', 'auto_queue_worker_sleep', 0);
+
+		if (!self::GetWorkerID()) {
+			if ($auto_queue_worker_sleep) {
+				set_config('queueworker', 'queue_worker_sleep', $sleep + 100);
+			}
+
+			logger('Unable to get worker ID. Exiting.', LOGGER_DEBUG);
+			killme();
+		}
+
+		if ($auto_queue_worker_sleep && $sleep > 100) {
+			$next_sleep = $sleep - 100;
+			set_config('queueworker', 'queue_worker_sleep', (($next_sleep < 100) ? 100 : $next_sleep));
+		}
+
+		$jobs               = 0;
+		$workid             = self::getWorkId();
+		$load_average_sleep = false;
+		self::$workersleep  = $sleep;
+		self::$workersleep  = ((intval(self::$workersleep) > 100) ? intval(self::$workersleep) : 100);
+
+		if (function_exists('sys_getloadavg') && get_config('queueworker', 'load_average_sleep')) {
+			// very experimental!
+			$load_average_sleep = true;
+		}
+
+		while ($workid) {
+
+			if ($load_average_sleep) {
+				$load_average      = sys_getloadavg();
+				self::$workersleep = intval($load_average[0]) * 10000;
+
+				if (!self::$workersleep) {
+					self::$workersleep = 100;
+				}
+			}
+
+			logger('queue_worker_sleep: ' . self::$workersleep, LOGGER_DEBUG);
+
+			usleep(self::$workersleep);
+
+			$workitem = dbq("SELECT * FROM workerq WHERE workerq_id = $workid");
+
+			if ($workitem) {
+				// At least SOME work to do.... in case there's more, let's ramp up workers.
+				$workers = self::GetWorkerCount();
+
+				if ($workers < self::$maxworkers) {
+					logger($workers . '/' . self::$maxworkers . ' workers active', LOGGER_DEBUG);
+					$phpbin = get_config('system', 'phpbin', 'php');
+					proc_run($phpbin, 'Zotlabs/Daemon/Master.php', ['Queueworker']);
+				}
+
+				$jobs++;
+
+				logger("Workinfo: " . $workitem[0]['workerq_data'], LOGGER_DEBUG);
+
+				$workinfo = json_decode($workitem[0]['workerq_data'], true);
+				$argv     = $workinfo['argv'];
+
+				$cls  = '\\Zotlabs\\Daemon\\' . $argv[0];
+				$argv = flatten_array_recursive($argv);
+				$argc = count($argv);
+				$rnd = random_string();
+
+				logger('PROCESSING: ' . $rnd . ' ' . print_r($argv[0], true));
+
+				$cls::run($argc, $argv);
+
+				logger('COMPLETED: ' . $rnd);
+
+				// @FIXME: Right now we assume that if we get a return, everything is OK.
+				// At some point we may want to test whether the run returns true/false
+				// and requeue the work to be tried again if needed.  But we probably want
+				// to implement some sort of "retry interval" first.
+
+				dbq("delete from workerq where workerq_id = $workid");
+			}
+			else {
+				logger("NO WORKITEM!", LOGGER_DEBUG);
+			}
+			$workid = self::getWorkId();
+		}
+		logger('Master: Worker Thread: queue items processed:' . $jobs, LOGGER_DEBUG);
+	}
+
+	public static function ClearQueue() {
+		$work = q("select * from workerq");
+		while ($work) {
+			foreach ($work as $workitem) {
+				$workinfo = json_decode($workitem['v'], true);
+				$argc     = $workinfo['argc'];
+				$argv     = $workinfo['argv'];
+
+				logger('Master: process: ' . print_r($argv, true), LOGGER_ALL, LOG_DEBUG);
+
+				if (!isset($argv[0])) {
+					q("delete from workerq where workerq_id = %d",
+						$work[0]['workerq_id']
+					);
+					continue;
+				}
+
+				$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
+				$cls::run($argc, $argv);
+
+				q("delete from workerq where workerq_id = %d",
+					$work[0]['workerq_id']
+				);
+
+				//Give the server .3 seconds to catch its breath between tasks.
+				//This will hopefully keep it from crashing to it's knees entirely
+				//if the last task ended up initiating other parallel processes
+				//(eg. polling remotes)
+				usleep(300000);
+			}
+
+			//Make sure nothing new came in
+			$work = q("select * from workerq");
+		}
+	}
+
+	/**
+	 * @brief Generate a name-based v5 UUID with custom namespace
+	 *
+	 * @param string $data
+	 * @return string $uuid
+	 */
+	private static function getUuid(string $data) {
+		$namespace = '3a112e42-f147-4ccf-a78b-f6841339ea2a';
+		try {
+			$uuid = Uuid::uuid5($namespace, $data)->toString();
+		} catch (UnableToBuildUuidException $e) {
+			logger('UUID generation failed');
+			return '';
+		}
+		return $uuid;
+	}
+
+}

Zotlabs/Lib/ThreadItem.php

@@ -84,10 +84,8 @@ class ThreadItem {
 
 	public function get_template_data($conv_responses, $thread_level=1, $conv_flags = []) {
 
-		$result = array();
-
-		$item     = $this->get_data();
-
+		$result = [];
+		$item = $this->get_data();
 		$commentww = '';
 		$sparkle = '';
 		$buttons = '';
@@ -139,13 +137,7 @@ class ThreadItem {
 			$shareable = false;
 		}
 
-		$privacy_warning = false;
-		if(intval($item['item_private']) && ($item['owner']['xchan_network'] === 'activitypub')) {
-			$recips = get_iconfig($item['parent'], 'activitypub', 'recips');
-
-			if(! is_array($recips['to']) || ! in_array($observer['xchan_url'], $recips['to']))
-				$privacy_warning = true;
-		}
+		$privacy_warning = ($item['owner']['xchan_network'] === 'activitypub' && intval($item['item_private']) === 1);
 
 		if ($lock) {
  			if (($item['mid'] == $item['parent_mid']) && isset($item['term']) && count(get_terms_oftype($item['term'], TERM_FORUM))) {
@@ -205,7 +197,7 @@ class ThreadItem {
 		$response_verbs = array('like');
 		if(feature_enabled($conv->get_profile_owner(),'dislike'))
 			$response_verbs[] = 'dislike';
-		if($item['obj_type'] === ACTIVITY_OBJ_EVENT) {
+		if(in_array($item['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) {
 			$response_verbs[] = 'attendyes';
 			$response_verbs[] = 'attendno';
 			$response_verbs[] = 'attendmaybe';
@@ -240,6 +232,7 @@ class ThreadItem {
 		}
 		$like_button_label = tt('Like','Likes',$like_count,'noun');
 
+		$showdislike = '';
 		if (feature_enabled($conv->get_profile_owner(),'dislike')) {
 			$dislike_count = ((x($conv_responses['dislike'],$item['mid'])) ? $conv_responses['dislike'][$item['mid']] : '');
 			$dislike_list = ((x($conv_responses['dislike'],$item['mid'])) ? $conv_responses['dislike'][$item['mid'] . '-l'] : '');
@@ -250,11 +243,11 @@ class ThreadItem {
 			} else {
 				$dislike_list_part = '';
 			}
+
+			$showdislike = ((x($conv_responses['dislike'],$item['mid'])) ? format_like($conv_responses['dislike'][$item['mid']],$conv_responses['dislike'][$item['mid'] . '-l'],'dislike',$item['mid']) : '');
 		}
 
 		$showlike    = ((x($conv_responses['like'],$item['mid'])) ? format_like($conv_responses['like'][$item['mid']],$conv_responses['like'][$item['mid'] . '-l'],'like',$item['mid']) : '');
-		$showdislike = ((x($conv_responses['dislike'],$item['mid']) && feature_enabled($conv->get_profile_owner(),'dislike'))
-				? format_like($conv_responses['dislike'][$item['mid']],$conv_responses['dislike'][$item['mid'] . '-l'],'dislike',$item['mid']) : '');
 
 		/*
 		 * We should avoid doing this all the time, but it depends on the conversation mode
@@ -298,7 +291,7 @@ class ThreadItem {
 		}
 
 		$has_bookmarks = false;
-		if(Apps::system_app_installed(local_channel(), 'Bookmarks') && is_array($item['term'])) {
+		if(Apps::system_app_installed(local_channel(), 'Bookmarks') && isset($item['term']) && is_array($item['term'])) {
 			foreach($item['term'] as $t) {
 				if(($t['ttype'] == TERM_BOOKMARK))
 					$has_bookmarks = true;
@@ -306,7 +299,7 @@ class ThreadItem {
 		}
 
 		$has_event = false;
-		if(($item['obj_type'] === ACTIVITY_OBJ_EVENT) && $conv->get_profile_owner() == local_channel())
+		if((in_array($item['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) && $conv->get_profile_owner() == local_channel())
 			$has_event = true;
 
 		$like = [];
@@ -359,8 +352,8 @@ class ThreadItem {
 		if($conv->get_mode() === 'channel')
 			$viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . urlencode(gen_link_id($item['mid']));
 
-		$comment_count_txt = sprintf( tt('%d comment','%d comments',$total_children),$total_children );
-		$list_unseen_txt = (($unseen_comments) ? sprintf( t('%d unseen'),$unseen_comments) : '');
+		$comment_count_txt = sprintf(tt('%d Comment', '%d Comments', $total_children), $total_children);
+		$list_unseen_txt = (($unseen_comments) ? sprintf(t('%d unseen'), $unseen_comments) : '');
 
 		$children = $this->get_children();
 

Zotlabs/Lib/ThreadListener.php

@@ -4,18 +4,30 @@ namespace Zotlabs\Lib;
 
 class ThreadListener {
 
+	public static function isEnabled() {
+		return Config::Get('system','enable_thread_listener');
+	}
+
 	static public function store($target_id,$portable_id,$ltype = 0) {
+		if (!self::isEnabled()) {
+			return true;
+		}
+
 		$x = self::fetch($target_id,$portable_id,$ltype = 0);
-		if(! $x) {  
+		if(! $x) {
 			$r = q("insert into listeners ( target_id, portable_id, ltype ) values ( '%s', '%s' , %d ) ",
 				dbesc($target_id),
 				dbesc($portable_id),
 				intval($ltype)
 			);
-		}  	
+		}
 	}
 
 	static public function fetch($target_id,$portable_id,$ltype = 0) {
+		if (!self::isEnabled()) {
+			return false;
+		}
+
 		$x = q("select * from listeners where target_id = '%s' and portable_id = '%s' and ltype = %d limit 1",
 			dbesc($target_id),
 			dbesc($portable_id),
@@ -28,6 +40,10 @@ class ThreadListener {
 	}
 
 	static public function fetch_by_target($target_id,$ltype = 0) {
+		if (!self::isEnabled()) {
+			return [];
+		}
+
 		$x = q("select * from listeners where target_id = '%s' and ltype = %d",
 			dbesc($target_id),
 			intval($ltype)

Zotlabs/Lib/Webfinger.php

@@ -52,15 +52,21 @@ class Webfinger {
 
 		if(strpos($resource,'http') === 0) {
 			$m = parse_url($resource);
-			if($m) {
-				if($m['scheme'] !== 'https') {
-					return false;
-				}
-				self::$server = $m['host'] . ((isset($m['port'])) ? ':' . $m['port'] : '');
-			}
-			else {
+
+			if (!$m) {
 				return false;
 			}
+
+			if(isset($m['scheme']) && $m['scheme'] !== 'https') {
+				return false;
+			}
+
+			if(!isset($m['host'])) {
+				return false;
+			}
+
+			self::$server = $m['host'] . ((isset($m['port'])) ? ':' . $m['port'] : '');
+
 		}
 		elseif(strpos($resource,'tag:') === 0) {
 			$arr = explode(':',$resource); // split the tag

Zotlabs/Lib/XConfig.php

@@ -162,7 +162,7 @@ class XConfig {
 	 */
 	static public function Delete($xchan, $family, $key) {
 
-		if(x(\App::$config[$xchan][$family], $key))
+		if(isset(\App::$config[$xchan][$family][$key]))
 			unset(\App::$config[$xchan][$family][$key]);
 
 		$ret = q("DELETE FROM xconfig WHERE xchan = '%s' AND cat = '%s' AND k = '%s'",

Zotlabs/Module/Acl.php

@@ -284,7 +284,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		}
 		elseif($type == 'm') {
 			$r = array();
-			$z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
+			$z = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, abook_self
 				FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d
 				and xchan_deleted = 0
@@ -304,7 +304,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		}
 		elseif($type == 'a') {
 
-			$r = q("SELECT abook_id as id, xchan_name as name, xchan_network as net, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
+			$r = q("SELECT abook_id as id, xchan_name as name, xchan_network as net, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, xchan_addr as attag, abook_their_perms, abook_self FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d
 				and xchan_deleted = 0
 				$sql_extra3
@@ -378,6 +378,7 @@ class Acl extends \Zotlabs\Web\Controller {
 							"name"     => $g['name'],
 							"id"	   => urlencode($g['id']),
 							"xid"      => $g['hash'],
+							"url"      => $g['url'],
 							"link"     => $clink,
 							"nick"     => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
 							"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),

Zotlabs/Module/Activity.php

@@ -182,7 +182,7 @@ class Activity extends Controller {
 				return;
 			}
 
-			$ob_authorise = false;
+			$ob_authorize = false;
 			$item_uid = 0;
 
 			$bear = ZlibActivity::token_from_request();

Zotlabs/Module/Admin/Addons.php

@@ -77,6 +77,7 @@ class Addons {
 					} catch (\PHPGit\Exception\GitException $e) {
 						json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false));
 					}
+					break;
 				case 'removerepo':
 					if (array_key_exists('repoName', $_REQUEST)) {
 						$repoName = $_REQUEST['repoName'];
@@ -111,6 +112,7 @@ class Addons {
 					} else {
 						json_return_and_die(array('message' => 'Error deleting addon repo.', 'success' => false));
 					}
+					break;
 				case 'installrepo':
 					if (array_key_exists('repoURL', $_REQUEST)) {
 						require_once('library/PHPGit.autoload.php');			// Load PHPGit dependencies
@@ -172,6 +174,7 @@ class Addons {
 						$repo = $git->probeRepo();
 						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
 					}
+					break;
 				case 'addrepo':
 					if (array_key_exists('repoURL', $_REQUEST)) {
 						require_once('library/PHPGit.autoload.php');	 // Load PHPGit dependencies

Zotlabs/Module/Admin/Dbsync.php

@@ -5,11 +5,11 @@ namespace Zotlabs\Module\Admin;
 
 
 class Dbsync {
-	
+
 
 	function get() {
 		$o = '';
-	
+
 		if(argc() > 3 && intval(argv(3)) && argv(2) === 'mark') {
 			// remove the old style config if it exists
 			del_config('database', 'update_r' . intval(argv(3)));
@@ -29,7 +29,7 @@ class Dbsync {
 				if(method_exists($c,'verify')) {
 					$retval = $c->verify();
 					if($retval === UPDATE_FAILED) {
-						$o .= sprintf( t('Verification of update %s failed. Check system logs.'), $s); 
+						$o .= sprintf( t('Verification of update %s failed. Check system logs.'), $s);
 					}
 					elseif($retval === UPDATE_SUCCESS) {
 						$o .= sprintf( t('Update %s was successfully applied.'), $s);
@@ -44,20 +44,8 @@ class Dbsync {
 			}
 			else
 				$o .= sprintf( t('Update function %s could not be found.'), $s);
-	
+
 			return $o;
-
-
-
-
-
-			// remove the old style config if it exists
-			del_config('database', 'update_r' . intval(argv(3)));
-			set_config('database', '_' . intval(argv(3)), 'success');
-			if(intval(get_config('system','db_version')) < intval(argv(3)))
-				set_config('system','db_version',intval(argv(3)));
-			info( t('Update has been marked successful') . EOL);
-			goaway(z_root() . '/admin/dbsync');
 		}
 
 		if(argc() > 2 && intval(argv(2))) {
@@ -68,7 +56,7 @@ class Dbsync {
 				$c =  new $cls();
 				$retval = $c->run();
 				if($retval === UPDATE_FAILED) {
-					$o .= sprintf( t('Executing update procedure %s failed. Check system logs.'), $s); 
+					$o .= sprintf( t('Executing update procedure %s failed. Check system logs.'), $s);
 				}
 				elseif($retval === UPDATE_SUCCESS) {
 					$o .= sprintf( t('Update %s was successfully applied.'), $s);
@@ -79,10 +67,10 @@ class Dbsync {
 			}
 			else
 				$o .= sprintf( t('Update function %s could not be found.'), $s);
-	
+
 			return $o;
 		}
-	
+
 		$failed = array();
 		$r = q("select * from config where cat = 'database' ");
 		if(count($r)) {
@@ -107,7 +95,7 @@ class Dbsync {
 		else {
 			return '<div class="generic-content-wrapper-styled"><h3>' . t('No failed updates.') . '</h3></div>';
 		}
-	
+
 		return $o;
 	}
-}
+}

Zotlabs/Module/Admin/Queueworker.php

@@ -0,0 +1,121 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+use App;
+use Zotlabs\Web\Controller;
+
+class Queueworker extends Controller {
+
+	function init() {
+
+	}
+
+	function post() {
+
+		check_form_security_token('form_security_token', 'queueworker');
+
+		$maxqueueworkers = intval($_POST['queueworker_maxworkers']);
+		$maxqueueworkers = ($maxqueueworkers > 3) ? $maxqueueworkers : 4;
+		set_config('queueworker', 'max_queueworkers', $maxqueueworkers);
+
+		$maxworkerage = intval($_POST['queueworker_max_age']);
+		$maxworkerage = ($maxworkerage >= 120) ? $maxworkerage : 300;
+		set_config('queueworker', 'queueworker_max_age', $maxworkerage);
+
+		$queueworkersleep = intval($_POST['queue_worker_sleep']);
+		$queueworkersleep = ($queueworkersleep > 100) ? $queueworkersleep : 100;
+		set_config('queueworker', 'queue_worker_sleep', $queueworkersleep);
+
+		$auto_queue_worker_sleep = intval($_POST['auto_queue_worker_sleep']);
+		set_config('queueworker', 'auto_queue_worker_sleep', $auto_queue_worker_sleep);
+
+		goaway(z_root() . '/admin/queueworker');
+	}
+
+	function get() {
+
+		$content = "<H1>Queue Status</H1>\n";
+
+		$r = q('select count(*) as total from workerq');
+
+		$content .= "<H4>There are " . $r[0]['total'] . " queue items to be processed.</H4>";
+
+		$r = dbq("select count(*) as qworkers from workerq where workerq_reservationid is not null");
+
+		$content .= "<H4>Active workers: " . $r[0]['qworkers'] . "</H4>";
+
+		$r = dbq("select workerq_cmd, count(*) as total from workerq where true group by workerq_cmd");
+
+		if ($r) {
+			$content .= "<H4>Work items</H4>";
+			foreach($r as $rr) {
+				$content .= $rr['workerq_cmd'] . ': ' . $rr['total'] . '<br>';
+			}
+		}
+
+		$maxqueueworkers = get_config('queueworker', 'max_queueworkers', 4);
+		$maxqueueworkers = ($maxqueueworkers > 3) ? $maxqueueworkers : 4;
+
+		$sc = '';
+
+		$sc .= replace_macros(get_markup_template('field_input.tpl'), [
+			'$field' => [
+				'queueworker_maxworkers',
+				t('Max queueworker threads'),
+				$maxqueueworkers,
+				t('Minimum 4, default 4')
+			]
+		]);
+
+		$workermaxage = get_config('queueworker', 'queueworker_max_age');
+		$workermaxage = ($workermaxage >= 120) ? $workermaxage : 300;
+
+		$sc .= replace_macros(get_markup_template('field_input.tpl'), [
+			'$field' => [
+				'queueworker_max_age',
+				t('Assume workers dead after'),
+				$workermaxage,
+				t('Minimum 120, default 300 seconds')
+			]
+		]);
+
+		$queueworkersleep = get_config('queueworker', 'queue_worker_sleep');
+		$queueworkersleep = ($queueworkersleep > 100) ? $queueworkersleep : 100;
+
+		$auto_queue_worker_sleep = get_config('queueworker', 'auto_queue_worker_sleep', 0);
+
+		$sc .= replace_macros(get_markup_template('field_input.tpl'), [
+			'$field' => [
+				'queue_worker_sleep',
+				t('Pause before starting next task'),
+				$queueworkersleep,
+				t('Minimum 100, default 100 microseconds'),
+				'',
+				(($auto_queue_worker_sleep) ? 'disabled' : '')
+			]
+		]);
+
+		$sc .= replace_macros(get_markup_template('field_checkbox.tpl'), [
+			'$field' => [
+				'auto_queue_worker_sleep',
+				t('Automatically adjust pause before starting next task'),
+				$auto_queue_worker_sleep,
+			]
+		]);
+
+		$tpl = get_markup_template('settings_addon.tpl');
+		$content .= replace_macros($tpl, [
+				'$action_url' => 'admin/queueworker',
+				'$form_security_token' => get_form_security_token('queueworker'),
+				'$title' => t('Queueworker Settings'),
+				'$content' => $sc,
+				'$baseurl' => z_root(),
+				'$submit' => t('Save')
+			]
+		);
+
+		return $content;
+
+	}
+}

Zotlabs/Module/Admin/Security.php

@@ -7,12 +7,12 @@ class Security {
 
 	function post() {
 		check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
-	
+
 		$allowed_email        = ((x($_POST,'allowed_email'))	    ? notags(trim($_POST['allowed_email']))		: '');
 		$not_allowed_email    = ((x($_POST,'not_allowed_email'))	? notags(trim($_POST['not_allowed_email']))		: '');
 
 		set_config('system','allowed_email', $allowed_email);
-		set_config('system','not_allowed_email', $not_allowed_email);	
+		set_config('system','not_allowed_email', $not_allowed_email);
 
 		$block_public         = ((x($_POST,'block_public'))		? True	: False);
 		set_config('system','block_public',$block_public);
@@ -25,22 +25,22 @@ class Security {
 
 		$ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
 		set_config('system','whitelisted_sites',$ws);
-	
+
 		$bs = $this->trim_array_elems(explode("\n",$_POST['blacklisted_sites']));
 		set_config('system','blacklisted_sites',$bs);
-	
+
 		$wc = $this->trim_array_elems(explode("\n",$_POST['whitelisted_channels']));
 		set_config('system','whitelisted_channels',$wc);
-	
+
 		$bc = $this->trim_array_elems(explode("\n",$_POST['blacklisted_channels']));
 		set_config('system','blacklisted_channels',$bc);
-	
+
 		$embed_sslonly         = ((x($_POST,'embed_sslonly'))		? True	: False);
 		set_config('system','embed_sslonly',$embed_sslonly);
-	
+
 		$we = $this->trim_array_elems(explode("\n",$_POST['embed_allow']));
 		set_config('system','embed_allow',$we);
-	
+
 		$be = $this->trim_array_elems(explode("\n",$_POST['embed_deny']));
 		set_config('system','embed_deny',$be);
 
@@ -49,47 +49,54 @@ class Security {
 
 		$inline_pdf = ((x($_POST,'inline_pdf')) ? intval($_POST['inline_pdf']) : 0);
 		set_config('system', 'inline_pdf' , $inline_pdf);
-	
+
 		$ts = ((x($_POST,'transport_security')) ? True : False);
 		set_config('system','transport_security_header',$ts);
 
 		$cs = ((x($_POST,'content_security')) ? True : False);
 		set_config('system','content_security_policy',$cs);
 
+		$trusted_directory_servers = $this->trim_array_elems(explode("\n", $_POST['trusted_directory_servers']));
+		set_config('system', 'trusted_directory_servers', $trusted_directory_servers);
+
 		goaway(z_root() . '/admin/security');
 	}
-	
-	
+
+
 
 	function get() {
-	
+
 		$whitesites = get_config('system','whitelisted_sites');
 		$whitesites_str = ((is_array($whitesites)) ? implode("\n",$whitesites) : '');
-	
+
 		$blacksites = get_config('system','blacklisted_sites');
 		$blacksites_str = ((is_array($blacksites)) ? implode("\n",$blacksites) : '');
-	
-	
+
+
 		$whitechannels = get_config('system','whitelisted_channels');
 		$whitechannels_str = ((is_array($whitechannels)) ? implode("\n",$whitechannels) : '');
-	
+
 		$blackchannels = get_config('system','blacklisted_channels');
 		$blackchannels_str = ((is_array($blackchannels)) ? implode("\n",$blackchannels) : '');
-	
-	
+
+
 		$whiteembeds = get_config('system','embed_allow');
 		$whiteembeds_str = ((is_array($whiteembeds)) ? implode("\n",$whiteembeds) : '');
-	
+
 		$blackembeds = get_config('system','embed_deny');
 		$blackembeds_str = ((is_array($blackembeds)) ? implode("\n",$blackembeds) : '');
-	
+
+		$trusted_directory_servers = get_config('system', 'trusted_directory_servers');
+		$trusted_directory_servers_str = ((is_array($trusted_directory_servers)) ? implode("\n", $trusted_directory_servers) : '');
+		$is_dir = (intval(get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL)) !== DIRECTORY_MODE_NORMAL);
+
 		$embed_coop = intval(get_config('system','embed_coop'));
-	
+
 		if((! $whiteembeds) && (! $blackembeds)) {
 			$embedhelp1 = t("By default, unfiltered HTML is allowed in embedded media. This is inherently insecure.");
 		}
 
-		$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:"); 
+		$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:");
 		$embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />");
 		$embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked.");
 
@@ -99,7 +106,7 @@ class Security {
 			'$page' => t('Security'),
 			'$form_security_token' => get_form_security_token('admin_security'),
 	        '$block_public'     => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
-			'$cloud_noroot'     => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ], 
+			'$cloud_noroot'     => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ],
 			'$cloud_disksize'     => [ 'cloud_disksize', t('Show total disk space available to cloud uploads'), intval(get_config('system','cloud_report_disksize')), '' ],
 			'$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(get_config('system','transport_security_header')),''),
 			'$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(get_config('system','content_security_policy')),''),
@@ -115,6 +122,8 @@ class Security {
 			'$thumbnail_security'   => [ 'thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.") ],
 			'$inline_pdf'   => [ 'inline_pdf', t("Allow embedded (inline) PDF files"), get_config('system','inline_pdf',0), '' ],
 
+			'$trusted_directory_servers' => (($is_dir) ? ['trusted_directory_servers', t('Additional trusted directory server URLs'), $trusted_directory_servers_str, t('Accept directory flags (spam, nsfw) from those servers. One per line like https://example.tld')] : ''),
+
 //	        '$embed_coop'     => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
 
 			'$submit' => t('Submit')
@@ -124,7 +133,7 @@ class Security {
 
 	function trim_array_elems($arr) {
 		$narr = array();
-	
+
 		if($arr && is_array($arr)) {
 			for($x = 0; $x < count($arr); $x ++) {
 				$y = trim($arr[$x]);
@@ -134,6 +143,6 @@ class Security {
 		}
 		return $narr;
 	}
-	
-	
+
+
 }

Zotlabs/Module/Admin/Site.php

@@ -67,7 +67,6 @@ class Site {
 		$open_pubstream     =   ((x($_POST,'open_pubstream')) ? True : False);
 		$login_on_homepage	=	((x($_POST,'login_on_homepage'))		? True	:	False);
 		$enable_context_help = ((x($_POST,'enable_context_help'))		? True	:	False);
-		$global_directory     = ((x($_POST,'directory_submit_url'))	? notags(trim($_POST['directory_submit_url']))	: '');
 		$no_community_page    = !((x($_POST,'no_community_page'))	? True	:	False);
 		$default_expire_days  = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0);
 		$active_expire_days  = ((array_key_exists('active_expire_days',$_POST)) ? intval($_POST['active_expire_days']) : 7);
@@ -100,7 +99,7 @@ class Site {
 		$reg_expire 	   = (preg_match('/^[a-z]{1,1}$/', $regexpireu) ? $regexpiren . $regexpireu : '');
 
 		$imagick_path      = ((x($_POST,'imagick_path'))     ? trim($_POST['imagick_path'])   : '');
-		$force_queue       = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue'])   : 3000);
+		//$force_queue       = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue'])   : 3000);
 		$pub_incl = escape_tags(trim($_POST['pub_incl']));
 		$pub_excl = escape_tags(trim($_POST['pub_excl']));
 
@@ -129,7 +128,7 @@ class Site {
 					set_config('system', 'register_duty', $this->register_duty);
 					set_config('system', 'register_duty_jso', $this->joo);
 				} else {
-					notice('ZAR0130E,'.t('Errors') . ': ' . $this->error) . EOL . $this->msgfg;
+					notice('ZAR0130E,' . t('Errors') . ': ' . $this->error . EOL . $this->msgfg . EOL);
 				}
 			}
 		}
@@ -181,7 +180,7 @@ class Site {
 			set_config('system', 'admininfo', $admininfo);
 		}
 		set_config('system','siteinfo',$siteinfo);
-		set_config('system', 'language', $language);
+		//set_config('system', 'language', $language);
 		set_config('system', 'theme', $theme);
 		//		if ( $theme_mobile === '---' ) {
 		//			del_config('system', 'mobile_theme');
@@ -205,12 +204,7 @@ class Site {
 		set_config('system','disable_discover_tab', $disable_discover_tab);
 		set_config('system','site_firehose', $site_firehose);
 		set_config('system','open_pubstream', $open_pubstream);
-		set_config('system','force_queue_threshold', $force_queue);
-		if ($global_directory == '') {
-			del_config('system', 'directory_submit_url');
-		} else {
-			set_config('system', 'directory_submit_url', $global_directory);
-		}
+		//set_config('system','force_queue_threshold', $force_queue);
 
 		set_config('system','no_community_page', $no_community_page);
 		set_config('system','no_utf', $no_utf);
@@ -283,7 +277,7 @@ class Site {
 		}
 
 		$dir_choices = null;
-		$dirmode = get_config('system','directory_mode');
+		$dirmode = get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL);
 		$realm = get_directory_realm();
 
 		// directory server should not be set or settable unless we are a directory client
@@ -301,6 +295,12 @@ class Site {
 					$dir_choices[$xx['site_url']] = $xx['site_url'];
 				}
 			}
+			if ($realm === DIRECTORY_REALM) {
+				$fallback_servers = get_directory_fallback_servers();
+				foreach ($fallback_servers as $fallback_server) {
+					$dir_choices[$fallback_server] = $fallback_server;
+				}
+			}
 		}
 
 		/* Banner */
@@ -425,7 +425,7 @@ class Site {
 			'$banner'			=> array('banner', t("Banner/Logo"), $banner, t('Unfiltered HTML/CSS/JS is allowed')),
 			'$admininfo'		=> array('admininfo', t("Administrator Information"), $admininfo, t("Contact information for site administrators.  Displayed on siteinfo page.  BBCode can be used here")),
 			'$siteinfo'		=> array('siteinfo', t('Site Information'), get_config('system','siteinfo'), t("Publicly visible description of this site.  Displayed on siteinfo page.  BBCode can be used here")),
-			'$language' 		=> array('language', t("System language"), get_config('system','language'), "", $lang_choices),
+			//'$language' 		=> array('language', t("System language"), get_config('system','language'), "", $lang_choices),
 			'$theme' 			=> array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices),
 		//			'$theme_mobile' 	=> array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile),
 		//			'$site_channel' 	=> array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")),
@@ -508,10 +508,10 @@ class Site {
 			'$frontpage'	=> array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'pubstream' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")),
 			'$mirror_frontpage'	=> array('mirror_frontpage', t("Preserve site homepage URL"), get_config('system','mirror_frontpage'), t('Present the site homepage in a frame at the original location instead of redirecting')),
 			'$allowed_sites'	=> array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")),
-			'$force_publish'	=> array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")),
-			'$disable_discover_tab'	=> array('disable_discover_tab', t('Import Public Streams'), $discover_tab, t('Import and allow access to public content pulled from other sites. Warning: this content is unmoderated.')),
-			'$site_firehose'	=> array('site_firehose', t('Site only Public Streams'), get_config('system','site_firehose'), t('Allow access to public content originating only from this site if Imported Public Streams are disabled.')),
-			'$open_pubstream'	=> array('open_pubstream', t('Allow anybody on the internet to access the Public streams'), get_config('system','open_pubstream',1), t('Disable to require authentication before viewing. Warning: this content is unmoderated.')),
+			'$force_publish'	=> array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory")),
+			'$disable_discover_tab'	=> array('disable_discover_tab', t('Enable public stream'), $discover_tab, t('Enable the public stream. Warning: this content is unmoderated')),
+			'$site_firehose'	=> array('site_firehose', t('Site only public stream'), get_config('system','site_firehose'), t('Restrict the public stream to content originating at this site')),
+			'$open_pubstream'	=> array('open_pubstream', t('Allow anybody on the internet to access the public streams'), get_config('system','open_pubstream',1), t('Disable to require authentication before viewing')),
 			'$incl'           => array('pub_incl',t('Only import Public stream posts with this text'), get_config('system','pubstream_incl'),t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')),
 			'$excl'           => array('pub_excl',t('Do not import Public stream posts with this text'), get_config('system','pubstream_excl'),t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')),
 
@@ -532,7 +532,7 @@ class Site {
 			'$timeout'			=> array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
 			'$delivery_interval'			=> array('delivery_interval', t("Delivery interval"), (x(get_config('system','delivery_interval'))?get_config('system','delivery_interval'):2), t("Delay background delivery processes by this many seconds to reduce system load. Recommend: 4-5 for shared hosts, 2-3 for virtual private servers. 0-1 for large dedicated servers.")),
 			'$delivery_batch_count' => array('delivery_batch_count', t('Deliveries per process'),(x(get_config('system','delivery_batch_count'))?get_config('system','delivery_batch_count'):1), t("Number of deliveries to attempt in a single operating system process. Adjust if necessary to tune system performance. Recommend: 1-5.")),
-			'$force_queue'			=> array('force_queue', t("Queue Threshold"), get_config('system','force_queue_threshold',3000), t("Always defer immediate delivery if queue contains more than this number of entries.")),
+			//'$force_queue'			=> array('force_queue', t("Queue Threshold"), get_config('system','force_queue_threshold',3000), t("Always defer immediate delivery if queue contains more than this number of entries.")),
 			'$poll_interval'			=> array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")),
 			'$imagick_path'			=> array('imagick_path', t("Path to ImageMagick convert program"), get_config('system','imagick_convert_path'), t("If set, use this program to generate photo thumbnails for huge images ( > 4000 pixels in either dimension), otherwise memory exhaustion may occur. Example: /usr/bin/convert")),
 			'$maxloadavg'			=> array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")),

Zotlabs/Module/Appman.php

@@ -13,7 +13,7 @@ class Appman extends \Zotlabs\Web\Controller {
 		if(! local_channel())
 			return;
 
-		if($_POST['url']) {
+		if(isset($_POST['url']) && $_POST['url']) {
 			$arr = array(
 				'uid' => intval($_REQUEST['uid']),
 				'url' => escape_tags($_REQUEST['url']),
@@ -50,7 +50,7 @@ class Appman extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		if($_POST['install']) {
+		if(isset($_POST['install']) && $_POST['install']) {
 			Apps::app_install(local_channel(),$papp);
 			if(Apps::app_installed(local_channel(),$papp))
 				info( t('App installed.') . EOL);
@@ -65,15 +65,15 @@ class Appman extends \Zotlabs\Web\Controller {
 			}
 
 			if (intval($sync[0]['app_system'])) {
-				Libsync::build_sync_packet($uid, ['sysapp' => $sync]);
+				Libsync::build_sync_packet(local_channel(), ['sysapp' => $sync]);
 			}
 			else {
-				Libsync::build_sync_packet($uid, ['app' => $sync]);
+				Libsync::build_sync_packet(local_channel(), ['app' => $sync]);
 			}
 
 		}
 
-		if($_POST['delete']) {
+		if(isset($_POST['delete']) && $_POST['delete']) {
 
 			// Fetch the app for sync before it is deleted (if it is deletable))
 			$sync = q("SELECT * FROM app WHERE app_channel = %d AND app_id = '%s' LIMIT 1",
@@ -91,18 +91,18 @@ class Appman extends \Zotlabs\Web\Controller {
 			$sync[0]['app_deleted'] = 1;
 
 			if (intval($sync[0]['app_system'])) {
-				Libsync::build_sync_packet($uid, ['sysapp' => $sync]);
+				Libsync::build_sync_packet(local_channel(), ['sysapp' => $sync]);
 			}
 			else {
-				Libsync::build_sync_packet($uid, ['app' => $sync]);
+				Libsync::build_sync_packet(local_channel(), ['app' => $sync]);
 			}
 		}
 
-		if($_POST['edit']) {
+		if(isset($_POST['edit']) && $_POST['edit']) {
 			return;
 		}
 
-		if($_POST['feature']) {
+		if(isset($_POST['feature']) && $_POST['feature']) {
 			Apps::app_feature(local_channel(), $papp, $_POST['feature']);
 
 			$sync = q("SELECT * FROM app WHERE app_channel = %d AND app_id = '%s' LIMIT 1",
@@ -111,14 +111,14 @@ class Appman extends \Zotlabs\Web\Controller {
 			);
 
 			if (intval($sync[0]['app_system'])) {
-				Libsync::build_sync_packet($uid, ['sysapp' => $sync]);
+				Libsync::build_sync_packet(local_channel(), ['sysapp' => $sync]);
 			}
 			else {
-				Libsync::build_sync_packet($uid, ['app' => $sync]);
+				Libsync::build_sync_packet(local_channel(), ['app' => $sync]);
 			}
 		}
 
-		if($_POST['pin']) {
+		if(isset($_POST['pin']) && $_POST['pin']) {
 			Apps::app_feature(local_channel(), $papp, $_POST['pin']);
 
 			$sync = q("SELECT * FROM app WHERE app_channel = %d AND app_id = '%s' LIMIT 1",
@@ -127,14 +127,14 @@ class Appman extends \Zotlabs\Web\Controller {
 			);
 
 			if (intval($sync[0]['app_system'])) {
-				Libsync::build_sync_packet($uid, ['sysapp' => $sync]);
+				Libsync::build_sync_packet(local_channel(), ['sysapp' => $sync]);
 			}
 			else {
-				Libsync::build_sync_packet($uid, ['app' => $sync]);
+				Libsync::build_sync_packet(local_channel(), ['app' => $sync]);
 			}
 		}
 
-		if($_POST['aj']) {
+		if(isset($_POST['aj']) && $_POST['aj']) {
 			killme();
 		}
 
@@ -171,7 +171,7 @@ class Appman extends \Zotlabs\Web\Controller {
 
 		$app = null;
 		$embed = null;
-		if($_REQUEST['appid']) {
+		if(isset($_REQUEST['appid']) && $_REQUEST['appid']) {
 			$r = q("select * from app where app_id = '%s' and app_channel = %d limit 1",
 				dbesc($_REQUEST['appid']),
 				dbesc(local_channel())
@@ -200,27 +200,25 @@ class Appman extends \Zotlabs\Web\Controller {
 		}
 
 		return replace_macros(get_markup_template('app_create.tpl'), array(
-
 			'$banner' => (($app) ? t('Edit App') : t('Create App')),
 			'$app' => $app,
-			'$guid' => (($app) ? $app['app_id'] : ''),
-			'$author' => (($app) ? $app['app_author'] : $channel['channel_hash']),
-			'$addr' => (($app) ? $app['app_addr'] : $channel['xchan_addr']),
-			'$name' => array('name', t('Name of app'),(($app) ? $app['app_name'] : ''), t('Required')),
-			'$url' => array('url', t('Location (URL) of app'),(($app) ? $app['app_url'] : ''), t('Required')),
-	 		'$desc' => array('desc', t('Description'),(($app) ? $app['app_desc'] : ''), ''),
-			'$photo' => array('photo', t('Photo icon URL'),(($app) ? $app['app_photo'] : ''), t('80 x 80 pixels - optional')),
-			'$categories' => array('categories',t('Categories (optional, comma separated list)'),(($app) ? $app['categories'] : ''),''),
-			'$version' => array('version', t('Version ID'),(($app) ? $app['app_version'] : ''), ''),
-			'$price' => array('price', t('Price of app'),(($app) ? $app['app_price'] : ''), ''),
-			'$page' => array('page', t('Location (URL) to purchase app'),(($app) ? $app['app_page'] : ''), ''),
-			'$system' => (($app) ? intval($app['app_system']) : 0),
-			'$plugin' => (($app) ? $app['app_plugin'] : ''),
-			'$requires' => (($app) ? $app['app_requires'] : ''),
+			'$guid' => $app['app_id'] ?? '',
+			'$author' => $app['app_author'] ?? $channel['channel_hash'],
+			'$addr' => $app['app_addr'] ?? $channel['xchan_addr'],
+			'$name' => array('name', t('Name of app'), $app['app_name'] ?? '', t('Required')),
+			'$url' => array('url', t('Location (URL) of app'), $app['app_url'] ?? '', t('Required')),
+	 		'$desc' => array('desc', t('Description'), $app['app_desc'] ?? '', ''),
+			'$photo' => array('photo', t('Photo icon URL'),$app['app_photo'] ?? '', t('80 x 80 pixels - optional')),
+			'$categories' => array('categories',t('Categories (optional, comma separated list)'), $app['categories'] ?? '',''),
+			'$version' => array('version', t('Version ID'), $app['app_version'] ?? '', ''),
+			'$price' => array('price', t('Price of app'), $app['app_price'] ?? '', ''),
+			'$page' => array('page', t('Location (URL) to purchase app'), $app['app_page'] ?? '', ''),
+			'$system' => $app['app_system'] ?? 0,
+			'$plugin' => $app['app_plugin'] ?? '',
+			'$requires' => $app['app_requires'] ?? '',
 			'$embed' => $embed,
 			'$submit' => t('Submit')
 		));
-
 	}
 
 }

Zotlabs/Module/Apps.php

@@ -19,7 +19,8 @@ class Apps extends \Zotlabs\Web\Controller {
 
 		$_SESSION['return_url'] = \App::$query_string;
 
-		$apps = array();
+		$apps = [];
+		$cat = [];
 
 		if(local_channel()) {
 			Zlib\Apps::import_system_apps();

Zotlabs/Module/Blocks.php

@@ -9,43 +9,43 @@ require_once('include/acl_selectors.php');
 class Blocks extends \Zotlabs\Web\Controller {
 
 	function init() {
-	
+
 		if(argc() > 1 && argv(1) === 'sys' && is_site_admin()) {
 			$sys = get_sys_channel();
 			if($sys && intval($sys['channel_id'])) {
 				\App::$is_sys = true;
 			}
 		}
-	
+
 		if(argc() > 1)
 			$which = argv(1);
 		else
 			return;
-	
+
 		profile_load($which);
-	
+
 	}
-	
-	
+
+
 	function get() {
-	
+
 		if(! \App::$profile) {
 			notice( t('Requested profile is not available.') . EOL );
 			\App::$error = 404;
 			return;
 		}
-	
+
 		$which = argv(1);
-	
+
 		$_SESSION['return_url'] = \App::$query_string;
-	
+
 		$uid = local_channel();
 		$owner = 0;
 		$channel = null;
 		$observer = \App::get_observer();
-	
+
 		$channel = \App::get_channel();
-	
+
 		if(\App::$is_sys && is_site_admin()) {
 			$sys = get_sys_channel();
 			if($sys && intval($sys['channel_id'])) {
@@ -54,7 +54,7 @@ class Blocks extends \Zotlabs\Web\Controller {
 				$observer = $sys;
 			}
 		}
-	
+
 		if(! $owner) {
 			// Figure out who the page owner is.
 			$r = q("select channel_id from channel where channel_address = '%s'",
@@ -64,24 +64,24 @@ class Blocks extends \Zotlabs\Web\Controller {
 				$owner = intval($r[0]['channel_id']);
 			}
 		}
-	
+
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
-	
+
 		$perms = get_all_perms($owner,$ob_hash);
-	
+
 		if(! $perms['write_pages']) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
-		// Block design features from visitors 
-	
+
+		// Block design features from visitors
+
 		if((! $uid) || ($uid != $owner)) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
-		$mimetype = (($_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype'));
+
+		$mimetype = ((isset($_REQUEST['mimetype']) && $_REQUEST['mimetype']) ? $_REQUEST['mimetype'] : get_pconfig($owner,'system','page_mimetype'));
 
 		$x = array(
 			'webpage' => ITEM_TYPE_BLOCK,
@@ -101,27 +101,25 @@ class Blocks extends \Zotlabs\Web\Controller {
 			'bbco_autocomplete' => 'bbcode',
 			'bbcode' => true
 		);
-	
-		if($_REQUEST['title'])
-			$x['title'] = $_REQUEST['title'];
-		if($_REQUEST['body'])
-			$x['body'] = $_REQUEST['body'];
-		if($_REQUEST['pagetitle'])
-			$x['pagetitle'] = $_REQUEST['pagetitle'];
-	
-		$editor = status_editor($a,$x,false,'Blocks');
-	
 
-		$r = q("select iconfig.iid, iconfig.k, iconfig.v, mid, title, body, mimetype, created, edited from iconfig 
+		$x['title'] = $_REQUEST['title'] ?? '';
+		$x['body'] = $_REQUEST['body'] ?? '';
+		$x['pagetitle'] = $_REQUEST['pagetitle'] ?? '';
+
+		$a = '';
+		$editor = status_editor($a,$x,false,'Blocks');
+
+
+		$r = q("select iconfig.iid, iconfig.k, iconfig.v, mid, title, body, mimetype, created, edited from iconfig
 			left join item on iconfig.iid = item.id
-			where uid = %d and iconfig.cat = 'system' and iconfig.k = 'BUILDBLOCK' 
+			where uid = %d and iconfig.cat = 'system' and iconfig.k = 'BUILDBLOCK'
 			and item_type = %d order by item.created desc",
 			intval($owner),
 			intval(ITEM_TYPE_BLOCK)
 		);
-	
+
 		$pages = null;
-	
+
 		if($r) {
 			$pages = array();
 			foreach($r as $rr) {
@@ -143,13 +141,13 @@ class Blocks extends \Zotlabs\Web\Controller {
 					'edited' => $rr['edited'],
 					'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]'
 				);
-			} 
+			}
 		}
-	
+
 		//Build the base URL for edit links
-		$url = z_root() . '/editblock/' . $which; 
-	
-		$o .= replace_macros(get_markup_template('blocklist.tpl'), array(
+		$url = z_root() . '/editblock/' . $which;
+
+		$o = replace_macros(get_markup_template('blocklist.tpl'), array(
 			'$baseurl'    => $url,
 			'$title'      => t('Blocks'),
 			'$name'       => t('Block Name'),
@@ -166,8 +164,8 @@ class Blocks extends \Zotlabs\Web\Controller {
 			'$view'       => t('View'),
 			'$preview'    => '1',
 		));
-	    
+
 		return $o;
 	}
-	
+
 }

Zotlabs/Module/Cal.php

@@ -39,7 +39,7 @@ class Cal extends Controller {
 
 			head_set_icon(App::$data['channel']['xchan_photo_s']);
 
-			App::$page['htmlhead'] .= "<script> var profile_uid = " . ((App::$data['channel']) ? App::$data['channel']['channel_id'] : 0) . "; </script>" ;
+			App::$page['htmlhead'] = "<script> var profile_uid = " . ((App::$data['channel']) ? App::$data['channel']['channel_id'] : 0) . "; </script>" ;
 
 		}
 
@@ -65,13 +65,9 @@ class Cal extends Controller {
 
 		nav_set_selected('Calendar');
 
-		head_add_css('/library/fullcalendar/packages/core/main.min.css');
-		head_add_css('/library/fullcalendar/packages/daygrid/main.min.css');
+		head_add_js('/library/fullcalendar/dist/index.global.js');
 		head_add_css('cdav_calendar.css');
 
-		head_add_js('/library/fullcalendar/packages/core/main.min.js');
-		head_add_js('/library/fullcalendar/packages/daygrid/main.min.js');
-
 		$sql_extra = permissions_sql($channel['channel_id'], get_observer_hash(), 'event');
 
 		if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_contacts') || App::$profile['hide_friends'])

Zotlabs/Module/Cdav.php

@@ -200,7 +200,7 @@ class Cdav extends Controller {
 						$etag = (isset($_SERVER['HTTP_IF_MATCH']) ? $_SERVER['HTTP_IF_MATCH'] : false);
 
 						// delete
-						if($httpmethod === 'DELETE' && $cdavdata['etag'] == $etag) {
+						if($httpmethod === 'DELETE' && $etag && isset($cdavdata['etag']) && $cdavdata['etag'] == $etag) {
 							Libsync::build_sync_packet($channel['channel_id'], [
 								$sync => [
 									'action' => 'delete_card',
@@ -210,7 +210,7 @@ class Cdav extends Controller {
 							]);
 						}
 						else {
-							if($etag && $cdavdata['etag'] !== $etag) {
+							if($etag && isset($cdavdata['etag']) && $cdavdata['etag'] !== $etag) {
 								// update
 								Libsync::build_sync_packet($channel['channel_id'], [
 									$sync => [
@@ -317,7 +317,7 @@ class Cdav extends Controller {
 			$calendars = $caldavBackend->getCalendarsForUser($principalUri);
 
 			//create new calendar
-			if($_REQUEST['{DAV:}displayname'] && $_REQUEST['create']) {
+			if((isset($_REQUEST['{DAV:}displayname']) && $_REQUEST['{DAV:}displayname']) && (isset($_REQUEST['create']) && $_REQUEST['create'])) {
 				do {
 					$duplicate = false;
 					$calendarUri = random_string(40);
@@ -332,9 +332,9 @@ class Cdav extends Controller {
 				} while ($duplicate == true);
 
 				$properties = [
-					'{DAV:}displayname' => $_REQUEST['{DAV:}displayname'],
-					'{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color'],
-					'{urn:ietf:params:xml:ns:caldav}calendar-description' => $channel['channel_name']
+					'{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname']),
+					'{http://apple.com/ns/ical/}calendar-color' => escape_tags($_REQUEST['color']),
+					'{urn:ietf:params:xml:ns:caldav}calendar-description' => escape_tags($channel['channel_name'])
 				];
 
 				$id = $caldavBackend->createCalendar($principalUri, $calendarUri, $properties);
@@ -352,7 +352,7 @@ class Cdav extends Controller {
 			}
 
 			//create new calendar object via ajax request
-			if($_REQUEST['submit'] === 'create_event' && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) {
+			if((isset($_REQUEST['submit']) && $_REQUEST['submit'] === 'create_event') && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) {
 
 				$id = explode(':', $_REQUEST['target']);
 
@@ -366,7 +366,7 @@ class Cdav extends Controller {
 
 				$allday = $_REQUEST['allday'];
 
-				$title = $_REQUEST['title'];
+				$title = escape_tags($_REQUEST['title']);
 				$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
 				$dtstart = new \DateTime($start);
 
@@ -374,8 +374,8 @@ class Cdav extends Controller {
 					$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
 					$dtend = new \DateTime($end);
 				}
-				$description = $_REQUEST['description'];
-				$location = $_REQUEST['location'];
+				$description = escape_tags($_REQUEST['description']);
+				$location = escape_tags($_REQUEST['location']);
 
 				do {
 					$duplicate = false;
@@ -431,7 +431,7 @@ class Cdav extends Controller {
 			}
 
 			//edit calendar name and color
-			if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && $_REQUEST['id']) {
+			if((isset($_REQUEST['{DAV:}displayname']) && $_REQUEST['{DAV:}displayname']) && $_REQUEST['edit'] && $_REQUEST['id']) {
 
 				$id = explode(':', $_REQUEST['id']);
 
@@ -441,8 +441,8 @@ class Cdav extends Controller {
 				$cdavdata = $this->get_cdav_data($id[0], 'calendarinstances');
 
 				$mutations = [
-					'{DAV:}displayname' => $_REQUEST['{DAV:}displayname'],
-					'{http://apple.com/ns/ical/}calendar-color' => $_REQUEST['color']
+					'{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname']),
+					'{http://apple.com/ns/ical/}calendar-color' => escape_tags($_REQUEST['color'])
 				];
 
 				$patch = new \Sabre\DAV\PropPatch($mutations);
@@ -459,7 +459,7 @@ class Cdav extends Controller {
 			}
 
 			//edit calendar object via ajax request
-			if($_REQUEST['submit'] === 'update_event' && $_REQUEST['uri'] && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) {
+			if((isset($_REQUEST['submit']) && $_REQUEST['submit'] === 'update_event') && $_REQUEST['uri'] && $_REQUEST['title'] && $_REQUEST['target'] && $_REQUEST['dtstart']) {
 
 				$id = explode(':', $_REQUEST['target']);
 
@@ -471,18 +471,18 @@ class Cdav extends Controller {
 				$timezone = ((x($_POST,'timezone_select')) ? escape_tags(trim($_POST['timezone_select'])) : '');
 				$tz = (($timezone) ? $timezone : date_default_timezone_get());
 
-				$allday = $_REQUEST['allday'];
+				$allday = intval($_REQUEST['allday']);
 
-				$uri = $_REQUEST['uri'];
-				$title = $_REQUEST['title'];
+				$uri = escape_tags($_REQUEST['uri']);
+				$title = escape_tags($_REQUEST['title']);
 				$start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']);
 				$dtstart = new \DateTime($start);
 				if($_REQUEST['dtend']) {
 					$end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']);
 					$dtend = new \DateTime($end);
 				}
-				$description = $_REQUEST['description'];
-				$location = $_REQUEST['location'];
+				$description = escape_tags($_REQUEST['description']);
+				$location = escape_tags($_REQUEST['location']);
 
 				$object = $caldavBackend->getCalendarObject($id, $uri);
 
@@ -654,7 +654,7 @@ class Cdav extends Controller {
 						$duplicate = true;
 				} while ($duplicate == true);
 
-				$properties = ['{DAV:}displayname' => $_REQUEST['{DAV:}displayname']];
+				$properties = ['{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname'])];
 
 				$carddavBackend->createAddressBook($principalUri, $addressbookUri, $properties);
 
@@ -668,9 +668,9 @@ class Cdav extends Controller {
 			}
 
 			//edit addressbook
-			if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && intval($_REQUEST['id'])) {
+			if($_REQUEST['{DAV:}displayname'] && $_REQUEST['edit'] && $_REQUEST['id']) {
 
-				$id = $_REQUEST['id'];
+				$id = intval($_REQUEST['id']);
 
 				if(! cdav_perms($id,$addressbooks))
 					return;
@@ -678,7 +678,7 @@ class Cdav extends Controller {
 				$cdavdata = $this->get_cdav_data($id, 'addressbooks');
 
 				$mutations = [
-					'{DAV:}displayname' => $_REQUEST['{DAV:}displayname']
+					'{DAV:}displayname' => escape_tags($_REQUEST['{DAV:}displayname'])
 				];
 
 				$patch = new \Sabre\DAV\PropPatch($mutations);
@@ -901,19 +901,10 @@ class Cdav extends Controller {
 
 		//Display calendar(s) here
 		if(argc() <= 3 && argv(1) === 'calendar') {
-
-			head_add_css('/library/fullcalendar/packages/core/main.min.css');
-			head_add_css('/library/fullcalendar/packages/daygrid/main.min.css');
-			head_add_css('/library/fullcalendar/packages/timegrid/main.min.css');
-			head_add_css('/library/fullcalendar/packages/list/main.min.css');
+			head_add_js('/library/fullcalendar/dist/index.global.js');
 			head_add_css('cdav_calendar.css');
 
-			head_add_js('/library/fullcalendar/packages/core/main.min.js');
-			head_add_js('/library/fullcalendar/packages/interaction/main.min.js');
-			head_add_js('/library/fullcalendar/packages/daygrid/main.min.js');
-			head_add_js('/library/fullcalendar/packages/timegrid/main.min.js');
-			head_add_js('/library/fullcalendar/packages/list/main.min.js');
-
+			$o = '';
 			$sources = '';
 			$resource_id = '';
 			$resource = null;
@@ -921,6 +912,8 @@ class Cdav extends Controller {
 			if(argc() == 3)
 				$resource_id = argv(2);
 
+			$categories = '';
+
 			if($resource_id) {
 				$r = q("SELECT event.*, item.author_xchan, item.owner_xchan, item.plink, item.id as item_id FROM event LEFT JOIN item ON event.event_hash = item.resource_id
 					WHERE event.uid = %d AND event.event_hash = '%s' LIMIT 1",
@@ -944,7 +937,6 @@ class Cdav extends Controller {
 					$resource = $r[0];
 
 					$catsenabled = feature_enabled(local_channel(),'categories');
-					$categories = '';
 					if($catsenabled){
 						if($r[0]['term']) {
 							$cats = get_terms_oftype($r[0]['term'], TERM_CATEGORY);

Zotlabs/Module/Channel.php

@@ -31,8 +31,10 @@ class Channel extends Controller {
 			goaway(z_root() . '/search?f=&search=' . $_GET['search']);
 
 		$which = null;
-		if (argc() > 1)
+		if (argc() > 1) {
 			$which = argv(1);
+		}
+
 		if (!$which) {
 			if (local_channel()) {
 				$channel = App::get_channel();
@@ -40,9 +42,9 @@ class Channel extends Controller {
 					$which = $channel['channel_address'];
 			}
 		}
+
 		if (!$which) {
-			notice(t('You must be logged in to see this page.') . EOL);
-			return;
+			http_status_exit(404, 'Not found');
 		}
 
 		$profile = 0;
@@ -245,9 +247,7 @@ class Channel extends Controller {
 				$channel_acl = ['allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => ''];
 			}
 
-
 			if ($perms['post_wall']) {
-
 				$x = [
 					'is_owner'            => $is_owner,
 					'allow_location'      => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'], 'system', 'use_browser_location')))) ? true : false),
@@ -271,6 +271,12 @@ class Channel extends Controller {
 				$o .= status_editor($a, $x, false, 'Channel');
 			}
 
+			// Add pinned content
+			if (!x($_REQUEST, 'mid') && !$search) {
+				$pinned = new \Zotlabs\Widget\Pinned;
+				$r = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]);
+				$o .= $r['html'];
+			}
 		}
 
 
@@ -294,7 +300,7 @@ class Channel extends Controller {
 		$abook_uids = " and abook.abook_channel = " . intval(App::$profile['profile_uid']) . " ";
 
 		$simple_update = '';
-		if ($update && $_SESSION['loadtime'])
+		if ($update && isset($_SESSION['loadtime']))
 			$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' )  OR item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) ";
 
 		if ($search) {
@@ -421,17 +427,14 @@ class Channel extends Controller {
 			$items = [];
 		}
 
-		// Add pinned content
-		if (!x($_REQUEST, 'mid') && !$search) {
-			$pinned = new \Zotlabs\Widget\Pinned;
-			$r      = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]);
-			$o      .= $r['html'];
-		}
+
 
 		$mode = (($search) ? 'search' : 'channel');
 
 		if ((!$update) && (!$load)) {
 
+
+
 			//if we got a decoded hash we must encode it again before handing to javascript
 			$mid = gen_link_id($mid);
 

Zotlabs/Module/Channel_calendar.php

@@ -30,7 +30,7 @@ class Channel_calendar extends Controller {
 
 		$xchan = ((x($_POST, 'xchan')) ? dbesc($_POST['xchan']) : '');
 
-		// only allow editing your own events. 
+		// only allow editing your own events.
 		if (($xchan) && ($xchan !== get_observer_hash()))
 			return;
 
@@ -55,8 +55,8 @@ class Channel_calendar extends Controller {
 
 		// Don't allow the event to finish before it begins.
 		// It won't hurt anything, but somebody will file a bug report
-		// and we'll waste a bunch of time responding to it. Time that 
-		// could've been spent doing something else. 
+		// and we'll waste a bunch of time responding to it. Time that
+		// could've been spent doing something else.
 
 		if (strcmp($finish, $start) < 0) {
 			notice(t('Event can not end before it has started.') . EOL);
@@ -319,12 +319,12 @@ class Channel_calendar extends Controller {
 				// fixed an issue with "nofinish" events not showing up in the calendar.
 				// There's still an issue if the finish date crosses the end of month.
 				// Noting this for now - it will need to be fixed here and in Friendica.
-				// Ultimately the finish date shouldn't be involved in the query. 
+				// Ultimately the finish date shouldn't be involved in the query.
 
 				$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id
-					from event left join item on event.event_hash = item.resource_id 
-					where item.resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored 
-					AND (( event.adjust = 0 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' ) 
+					from event left join item on event.event_hash = item.resource_id
+					where item.resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored
+					AND (( event.adjust = 0 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' )
 					OR  (  event.adjust = 1 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' )) ",
 					intval(local_channel()),
 					dbesc($start),
@@ -357,7 +357,7 @@ class Channel_calendar extends Controller {
 					$catsenabled = feature_enabled(local_channel(), 'categories');
 					$categories  = '';
 					if ($catsenabled) {
-						if ($rr['term']) {
+						if (isset($rr['term']) && $rr['term']) {
 							$cats = get_terms_oftype($rr['term'], TERM_CATEGORY);
 							foreach ($cats as $cat) {
 								if (strlen($categories))
@@ -449,7 +449,7 @@ class Channel_calendar extends Controller {
 						}
 
 						// The site admin can delete any post/item on the site.
-						// If the item originated on this site+channel the deletion will propagate downstream. 
+						// If the item originated on this site+channel the deletion will propagate downstream.
 						// Otherwise just the local copy is removed.
 
 						if (is_site_admin()) {

Zotlabs/Module/Chanview.php

@@ -16,17 +16,17 @@ class Chanview extends \Zotlabs\Web\Controller {
 
 		$r = null;
 
-		if($_REQUEST['hash']) {
+		if(!empty($_REQUEST['hash'])) {
 			$r = q("select * from xchan where xchan_hash = '%s' and xchan_deleted = 0",
 				dbesc($_REQUEST['hash'])
 			);
 		}
-		if($_REQUEST['address']) {
+		if(!empty($_REQUEST['address'])) {
 			$r = q("select * from xchan where xchan_addr = '%s' and xchan_deleted = 0",
 				dbesc(punify($_REQUEST['address']))
 			);
 		}
-		elseif(local_channel() && intval($_REQUEST['cid'])) {
+		elseif(local_channel() && !empty($_REQUEST['cid'])) {
 			$r = q("SELECT abook.*, xchan.*
 				FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d and abook_id = %d and xchan_deleted = 0",
@@ -34,8 +34,7 @@ class Chanview extends \Zotlabs\Web\Controller {
 				intval($_REQUEST['cid'])
 			);
 		}
-		elseif($_REQUEST['url']) {
-
+		elseif(!empty($_REQUEST['url'])) {
 			// if somebody re-installed they will have more than one xchan, use the most recent name date as this is
 			// the most useful consistently ascending table item we have.
 
@@ -56,7 +55,7 @@ class Chanview extends \Zotlabs\Web\Controller {
 		if(! App::$poi) {
 			logger('mod_chanview: fallback');
 
-			if($_REQUEST['address']) {
+			if(!empty($_REQUEST['address'])) {
 				$href = Webfinger::zot_url(punify($_REQUEST['address']));
 				if($href) {
 					$_REQUEST['url'] = $href;
@@ -65,9 +64,9 @@ class Chanview extends \Zotlabs\Web\Controller {
 
 			$r = null;
 
-			if($_REQUEST['url']) {
+			if(!empty($_REQUEST['url'])) {
 
-				$zf = Zotfinger::exec($_REQUEST['url'], null);
+				$zf = Zotfinger::exec($_REQUEST['url']);
 
 				if(array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $_REQUEST['url'] && intval($zf['signature']['header_valid'])) {
 					Libzot::import_xchan($zf['data']);
@@ -79,6 +78,7 @@ class Chanview extends \Zotlabs\Web\Controller {
 					}
 				}
 				if(! $r) {
+
 					if(discover_by_webbie($_REQUEST['url'])) {
 						$r = q("select * from xchan where xchan_url = '%s' and xchan_deleted = 0",
 							dbesc($_REQUEST['url'])

Zotlabs/Module/Chat.php

@@ -174,7 +174,8 @@ class Chat extends Controller {
 			$x = Chatroom::enter($observer,$room_id,'online',$_SERVER['REMOTE_ADDR']);
 			if(! $x)
 				return;
-			$x = q("select * from chatroom where cr_id = %d and cr_uid = %d $sql_extra limit 1",
+
+			$x = q("select * from chatroom where cr_id = %d and cr_uid = %d limit 1",
 				intval($room_id),
 				intval(App::$profile['profile_uid'])
 			);

Zotlabs/Module/Chatsvc.php

@@ -1,6 +1,6 @@
 <?php /** @file */
 
-namespace Zotlabs\Module; 
+namespace Zotlabs\Module;
 
 require_once('include/security.php');
 
@@ -9,76 +9,76 @@ use \Zotlabs\Lib as Zlib;
 class Chatsvc extends \Zotlabs\Web\Controller {
 
 	function init() {
-	
+
 		//logger('chatsvc');
-	
+
 		$ret = array('success' => false);
-	
+
 		\App::$data['chat']['room_id'] = intval($_REQUEST['room_id']);
 		$x = q("select cr_uid from chatroom where cr_id = %d and cr_id != 0 limit 1",
 			intval(\App::$data['chat']['room_id'])
 		);
 		if(! $x)
 			json_return_and_die($ret);
-	
+
 		\App::$data['chat']['uid'] = $x[0]['cr_uid'];
-	
+
 		if(! perm_is_allowed(\App::$data['chat']['uid'],get_observer_hash(),'chat')) {
 	        json_return_and_die($ret);
 	    }
-	
+
 	}
-	
+
 	function post() {
-	
+
 		$ret = array('success' => false);
-	
+
 		$room_id = \App::$data['chat']['room_id'];
 		$text = escape_tags($_REQUEST['chat_text']);
 		if(! $text)
 			return;
-	
+
 		$sql_extra = permissions_sql(\App::$data['chat']['uid']);
-	
+
 		$r = q("select * from chatroom where cr_uid = %d and cr_id = %d $sql_extra",
 			intval(\App::$data['chat']['uid']),
 			intval(\App::$data['chat']['room_id'])
 		);
 		if(! $r)
 			json_return_and_die($ret);
-	
+
 		$arr = array(
 			'chat_room' => \App::$data['chat']['room_id'],
 			'chat_xchan' => get_observer_hash(),
 			'chat_text' => $text
 		);
-	
+
 		call_hooks('chat_post',$arr);
-	
+
 		$x = q("insert into chat ( chat_room, chat_xchan, created, chat_text )
 			values( %d, '%s', '%s', '%s' )",
 			intval(\App::$data['chat']['room_id']),
 			dbesc(get_observer_hash()),
 			dbesc(datetime_convert()),
-			dbesc(str_rot47(base64url_encode($arr['chat_text'])))		
+			dbesc(str_rot47(base64url_encode($arr['chat_text'])))
 		);
-	
+
 		$ret['success'] = true;
 		json_return_and_die($ret);
 	}
-	
+
 	function get() {
-	
-		$status = strip_tags($_REQUEST['status']);
+
+		$status = ((isset($_REQUEST['status'])) ? strip_tags($_REQUEST['status']) : '');
 		$room_id = intval(\App::$data['chat']['room_id']);
 		$stopped = ((x($_REQUEST,'stopped') && intval($_REQUEST['stopped'])) ? true : false);
-	
+
 		if($status && $room_id) {
-	
+
 			$x = q("select channel_address from channel where channel_id = %d limit 1",
 				intval(\App::$data['chat']['uid'])
-			);			
-	
+			);
+
 			$r = q("update chatpresence set cp_status = '%s', cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'",
 				dbesc($status),
 				dbesc(datetime_convert()),
@@ -86,27 +86,27 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 				dbesc(get_observer_hash()),
 				dbesc($_SERVER['REMOTE_ADDR'])
 			);
-	
-			goaway(z_root() . '/chat/' . $x[0]['channel_address'] . '/' . $room_id);		
+
+			goaway(z_root() . '/chat/' . $x[0]['channel_address'] . '/' . $room_id);
 		}
-	
+
 		if(! $stopped) {
-	
+
 			$lastseen = intval($_REQUEST['last']);
-	
+
 			$ret = array('success' => false);
-	
+
 			$sql_extra = permissions_sql(\App::$data['chat']['uid']);
-	
+
 			$r = q("select * from chatroom where cr_uid = %d and cr_id = %d $sql_extra",
 				intval(\App::$data['chat']['uid']),
 				intval(\App::$data['chat']['room_id'])
 			);
 			if(! $r)
 				json_return_and_die($ret);
-	
+
 			$inroom = array();
-	
+
 			$r = q("select * from chatpresence left join xchan on xchan_hash = cp_xchan where cp_room = %d order by xchan_name",
 				intval(\App::$data['chat']['room_id'])
 			);
@@ -120,9 +120,9 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 						$rv['xchan_url'] = z_root();
 						$rv['xchan_hidden'] = 1;
 						$rv['xchan_photo_mimetype'] = 'image/png';
-						$rv['xchan_photo_l'] = z_root() . '/' . get_default_profile_photo(300); 
-						$rv['xchan_photo_m'] = z_root() . '/' . get_default_profile_photo(80); 
-						$rv['xchan_photo_s'] = z_root() . '/' . get_default_profile_photo(48); 
+						$rv['xchan_photo_l'] = z_root() . '/' . get_default_profile_photo(300);
+						$rv['xchan_photo_m'] = z_root() . '/' . get_default_profile_photo(80);
+						$rv['xchan_photo_s'] = z_root() . '/' . get_default_profile_photo(48);
 
 					}
 
@@ -137,13 +137,13 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 							$status_class = 'online';
 							break;
 					}
-		
+
 					$inroom[] = array('img' => zid($rv['xchan_photo_m']), 'img_type' => $rv['xchan_photo_mimetype'],'name' => $rv['xchan_name'], 'status' => $status, 'status_class' => $status_class);
 				}
 			}
-	
+
 			$chats = array();
-	
+
 			$r = q("select * from chat left join xchan on chat_xchan = xchan_hash where chat_room = %d and chat_id > %d order by created",
 				intval(\App::$data['chat']['room_id']),
 				intval($lastseen)
@@ -152,7 +152,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 				foreach($r as $rr) {
 					$chats[] = array(
 						'id' => $rr['chat_id'],
-						'img' => zid($rr['xchan_photo_m']), 
+						'img' => zid($rr['xchan_photo_m']),
 						'img_type' => $rr['xchan_photo_mimetype'],
 						'name' => $rr['xchan_name'],
 						'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'),
@@ -163,22 +163,22 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 				}
 			}
 		}
-	
+
 		$r = q("update chatpresence set cp_last = '%s' where cp_room = %d and cp_xchan = '%s' and cp_client = '%s'",
 			dbesc(datetime_convert()),
 			intval(\App::$data['chat']['room_id']),
 			dbesc(get_observer_hash()),
 			dbesc($_SERVER['REMOTE_ADDR'])
 		);
-	
+
 		$ret['success'] = true;
 		if(! $stopped) {
 			$ret['inroom'] = $inroom;
 			$ret['chats'] = $chats;
 		}
 		json_return_and_die($ret);
-	
+
 	}
-			 
-	
+
+
 }

Zotlabs/Module/Cloud.php

@@ -70,7 +70,7 @@ class Cloud extends Controller {
 			$_SESSION['cloud_sort'] = 'name';
 		}
 
-		$_SESSION['cloud_sort'] = (($_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']);
+		$_SESSION['cloud_sort'] = ((isset($_REQUEST['sort']) && $_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']);
 
 		$x = clean_query_string();
 		if($x !== \App::$query_string)
@@ -100,7 +100,6 @@ class Cloud extends Controller {
 
 
 		// over-ride the default XML output on thrown exceptions
-
 		$server->on('exception', [ $this, 'DAVException' ]);
 
 		// All we need to do now, is to fire up the server
@@ -117,21 +116,19 @@ class Cloud extends Controller {
 	function DAVException($err) {
 
 		if($err instanceof \Sabre\DAV\Exception\NotFound) {
-			notice( t('Not found') . EOL);
+			\App::$page['content'] = '<h2>404 Not found</h2>';
 		}
 		elseif($err instanceof \Sabre\DAV\Exception\Forbidden) {
-			notice( t('Permission denied') . EOL);
+			\App::$page['content'] = '<h2>403 Forbidden</h2>';
 		}
 		elseif($err instanceof \Sabre\DAV\Exception\NotImplemented) {
-			// notice( t('Please refresh page') . EOL);
 			goaway(z_root() . '/' . \App::$query_string);
 		}
 		else {
-			notice( t('Unknown error') . EOL);
+			\App::$page['content'] = '<h2>Unknown error</h2>';
 		}
 
 		construct_page();
-
 		killme();
 	}
 

Zotlabs/Module/Cloud_tiles.php

@@ -6,7 +6,7 @@ class Cloud_tiles extends \Zotlabs\Web\Controller {
 
 	function init() {
 
-		if(intval($_SESSION['cloud_tiles']))
+		if(isset($_SESSION['cloud_tiles']) && intval($_SESSION['cloud_tiles']))
 			$_SESSION['cloud_tiles'] = 0;
 		else
 			$_SESSION['cloud_tiles'] = 1;
@@ -18,4 +18,4 @@ class Cloud_tiles extends \Zotlabs\Web\Controller {
 		goaway(z_root() . '/' . hex2bin(argv(1)));
 
 	}
-}
+}

Zotlabs/Module/Connections.php

@@ -45,7 +45,7 @@ class Connections extends \Zotlabs\Web\Controller {
 		$unconnected = false;
 		$all         = false;
 
-		if(! $_REQUEST['aj'])
+		if(!(isset($_REQUEST['aj']) && $_REQUEST['aj']))
 			$_SESSION['return_url'] = App::$query_string;
 
 		$search_flags = "";
@@ -128,7 +128,9 @@ class Connections extends \Zotlabs\Web\Controller {
 			$unblocked = true;
 		}
 
-		switch($_REQUEST['order']) {
+		$order = $_REQUEST['order'] ?? '';
+
+		switch($order) {
 			case 'name_desc':
 				$sql_order = 'xchan_name DESC';
 				break;
@@ -143,6 +145,7 @@ class Connections extends \Zotlabs\Web\Controller {
 		}
 
 		$search = ((x($_REQUEST,'search')) ? notags(trim($_REQUEST['search'])) : '');
+		$search_xchan = ((x($_REQUEST,'search_xchan')) ? notags(trim($_REQUEST['search_xchan'])) : '');
 
 		$tabs = array(
 			/*
@@ -227,14 +230,21 @@ class Connections extends \Zotlabs\Web\Controller {
 		//$t = replace_macros($tab_tpl, array('$tabs'=>$tabs));
 
 		$searching = false;
+		$search_hdr = '';
+
 		if($search) {
 			$search_hdr = $search;
-			$search_txt = dbesc(protect_sprintf(preg_quote($search)));
-			$searching = true;
-		}
-		$sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : "");
+			$search_txt = (($search_xchan) ? urldecode($search_xchan) : preg_quote($search));
 
-		if($_REQUEST['gid']) {
+			if ($search_xchan) {
+				$sql_extra .= " AND xchan_hash = '" . protect_sprintf(dbesc($search_txt)) . "' ";
+			}
+			else {
+				$sql_extra .= " AND xchan_name LIKE '%%" . protect_sprintf(dbesc($search_txt)) . "%%' ";
+			}
+		}
+
+		if(isset($_REQUEST['gid']) && $_REQUEST['gid']) {
 			$sql_extra .= " and xchan_hash in ( select xchan from pgrp_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) ";
 		}
 
@@ -272,14 +282,13 @@ class Connections extends \Zotlabs\Web\Controller {
 			foreach($r as $rr) {
 				if($rr['xchan_url']) {
 
-					if(($rr['vcard']) && is_array($rr['vcard']['tels']) && $rr['vcard']['tels'][0]['nr'])
+					if((isset($rr['vcard'])) && is_array($rr['vcard']['tels']) && $rr['vcard']['tels'][0]['nr'])
 						$phone = $rr['vcard']['tels'][0]['nr'];
 					else
 						$phone = '';
 
 					$status_str = '';
 					$status = array(
-						((intval($rr['abook_active'])) ? t('Active') : ''),
 						((intval($rr['abook_pending'])) ? t('Pending approval') : ''),
 						((intval($rr['abook_archived'])) ? t('Archived') : ''),
 						((intval($rr['abook_hidden'])) ? t('Hidden') : ''),
@@ -354,9 +363,9 @@ class Connections extends \Zotlabs\Web\Controller {
 						'oneway' => $oneway,
 						'perminfo' => $perminfo,
 						'connect' => (intval($rr['abook_not_here']) ? t('Connect') : ''),
-						'follow' => z_root() . '/follow/?f=&url=' . urlencode($rr['xchan_hash']) . '&interactive=0',
+						'follow' => z_root() . '/follow/?f=&url=' . urlencode($rr['xchan_hash']) . '&interactive=1',
 						'connect_hover' => t('Connect at this location'),
-						'role' => $roles_dict[$rr['abook_role']],
+						'role' => $roles_dict[$rr['abook_role']] ?? '',
 						'pending' => intval($rr['abook_pending'])
 					);
 				}
@@ -365,13 +374,13 @@ class Connections extends \Zotlabs\Web\Controller {
 
 		$limit = service_class_fetch(local_channel(),'total_channels');
 		if($limit !== false) {
-			$abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $$total, $limit);
+			$abook_usage_message = sprintf( t("You have %1$.0f of %2$.0f allowed connections."), $total, $limit);
 		}
 		else {
 			$abook_usage_message = '';
  		}
 
-		if($_REQUEST['aj']) {
+		if(isset($_REQUEST['aj']) && $_REQUEST['aj']) {
 			if($contacts) {
 				$o = replace_macros(get_markup_template('contactsajax.tpl'),array(
 					'$contacts' => $contacts,
@@ -393,7 +402,7 @@ class Connections extends \Zotlabs\Web\Controller {
 				'$search' => $search_hdr,
 				'$label' => t('Search'),
 				'$role_label' => t('Contact role'),
-				'$desc' => t('Search your connections'),
+				'$desc' => $search ?? t('Search your connections'),
 				'$finding' => (($searching) ? t('Contact search') . ": '" . $search . "'" : ""),
 				'$submit' => t('Find'),
 				'$edit' => t('Edit'),

Zotlabs/Module/Conversation.php

@@ -0,0 +1,188 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\Activity;
+use Zotlabs\Lib\Libzot;
+use Zotlabs\Web\HTTPSig;
+use Zotlabs\Lib\LDSignatures;
+use Zotlabs\Lib\ThreadListener;
+use Zotlabs\Lib\Config;
+use App;
+
+class Conversation extends Controller {
+
+	public function init() {
+
+		if (ActivityStreams::is_as_request()) {
+			$item_id = argv(1);
+
+			if (!$item_id) {
+				http_status_exit(404, 'Not found');
+			}
+
+			$portable_id = EMPTY_STR;
+
+			$item_normal_extra = sprintf(" and not verb in ('%s', '%s') ",
+				dbesc(ACTIVITY_FOLLOW),
+				dbesc(ACTIVITY_UNFOLLOW)
+			);
+
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";
+
+			$i = null;
+
+			// do we have the item (at all)?
+
+			$r = q("select parent_mid from item where mid = '%s' or uuid = '%s' $item_normal order by item_wall desc limit 1",
+				dbesc(z_root() . '/item/' . $item_id),
+				dbesc($item_id)
+			);
+
+			if (!$r) {
+				http_status_exit(404, 'Not found');
+			}
+
+			// process an authenticated fetch
+
+			$sigdata = HTTPSig::verify(EMPTY_STR);
+			if ($sigdata['portable_id'] && $sigdata['header_valid']) {
+				$portable_id = $sigdata['portable_id'];
+				observer_auth($portable_id);
+
+				// first see if we have a copy of this item's parent owned by the current signer
+				// include xchans for all zot-like networks - these will have the same guid and public key
+
+				$x = q(
+					"select * from xchan where xchan_hash = '%s'",
+					dbesc($sigdata['portable_id'])
+				);
+
+				if ($x) {
+					$xchans = q(
+						"select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ",
+						dbesc($sigdata['portable_id']),
+						dbesc($x[0]['xchan_guid']),
+						dbesc($x[0]['xchan_pubkey'])
+					);
+
+					if ($xchans) {
+						$hashes = ids_to_querystr($xchans, 'xchan_hash', true);
+						$i = q(
+							"select id as item_id from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) limit 1",
+							dbesc($r[0]['parent_mid'])
+						);
+					}
+				}
+			}
+			elseif (Config::get('system', 'require_authenticated_fetch', false)) {
+				http_status_exit(403, 'Permission denied');
+			}
+
+			// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
+			// with a bias towards those items owned by channels on this site (item_wall = 1)
+
+			$sql_extra = item_permissions_sql(0);
+
+			if (!$i) {
+				$i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
+					dbesc($r[0]['parent_mid'])
+				);
+			}
+
+			if (!$i) {
+				http_status_exit(403, 'Forbidden');
+			}
+
+			$parents_str = ids_to_querystr($i, 'item_id');
+			$itemspage = 30;
+			$page = $_REQUEST['page'] ?? 1;
+			$offset = (intval($page) - 1) * $itemspage;
+
+			$items = dbq("SELECT item.*,
+				item.id AS item_id,
+				(SELECT count(*) FROM item WHERE item.parent IN ( $parents_str ) $item_normal) AS total
+				FROM item WHERE item.parent IN ( $parents_str ) $item_normal order by item.id LIMIT $itemspage OFFSET $offset"
+			);
+
+			if (!$items) {
+				http_status_exit(404, 'Not found');
+			}
+
+			xchan_query($items, true);
+			$items = fetch_post_tags($items);
+
+			$observer = App::get_observer();
+			$parent = $items[0];
+			$recips = (($parent['owner']['xchan_network'] === 'activitypub') ? get_iconfig($parent['id'], 'activitypub', 'recips', []) : []);
+			$to = (($recips && array_key_exists('to', $recips) && is_array($recips['to'])) ? $recips['to'] : null);
+			$nitems = [];
+			foreach ($items as $i) {
+				$mids = [];
+
+				if (intval($i['item_private'])) {
+					if (!$observer) {
+						continue;
+					}
+					/*
+					// ignore private reshare, possibly from hubzilla
+					if ($i['verb'] === 'Announce') {
+						if (!in_array($i['thr_parent'], $mids)) {
+							$mids[] = $i['thr_parent'];
+						}
+						continue;
+					}
+					// also ignore any children of the private reshares
+					if (in_array($i['thr_parent'], $mids)) {
+						continue;
+					}
+					*/
+
+					if ((!$to) || (!in_array($observer['xchan_url'], $to))) {
+						continue;
+					}
+				}
+				$nitems[] = $i;
+			}
+
+			if (!$nitems) {
+				http_status_exit(404, 'Not found');
+			}
+
+			App::set_pager_total($nitems[0]['total']);
+			App::set_pager_itemspage($itemspage);
+
+			$channel = channelx_by_n($nitems[0]['uid']);
+
+			if (!$channel) {
+				http_status_exit(404, 'Not found');
+			}
+
+			if (!perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_stream')) {
+				http_status_exit(403, 'Forbidden');
+			}
+
+			$i = Activity::encode_item_collection($nitems, App::$query_string, 'OrderedCollection', $nitems[0]['total']);
+
+			if (!$i) {
+				http_status_exit(404, 'Not found');
+			}
+
+			if ($portable_id && (!intval($nitems[0]['item_private']))) {
+				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
+					intval($nitems[0]['uid']),
+					dbesc($portable_id)
+				);
+				if (!$c) {
+					ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
+				}
+			}
+
+			as_return_and_die($i, $channel);
+		}
+
+		goaway(z_root() . '/item/' . argv(1));
+	}
+}

Zotlabs/Module/Cover_photo.php

@@ -3,7 +3,7 @@ namespace Zotlabs\Module;
 
 use Zotlabs\Lib\Libsync;
 
-/* 
+/*
    @file cover_photo.php
    @brief Module-file with functions for handling of cover-photos
 
@@ -29,43 +29,43 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 		if(! local_channel()) {
 			return;
 		}
-	
+
 		$channel = \App::get_channel();
-		profile_load($channel['channel_address']);	
+		profile_load($channel['channel_address']);
 	}
-	
+
 	/**
 	 * @brief Evaluate posted values
 	 *
 	 * @return void
 	 *
 	 */
-	
+
 	function post() {
-	
+
 		if(! local_channel()) {
 			return;
 		}
-	
+
 		$channel = \App::get_channel();
-		
+
 		check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo');
 
 		// Remove cover photo
 		if(isset($_POST['remove'])) {
-			
+
 			$r = q("SELECT resource_id FROM photo WHERE photo_usage = %d AND uid = %d LIMIT 1",
 				intval(PHOTO_COVER),
 				intval(local_channel())
 			);
-			
+
 			if($r) {
 			    q("update photo set photo_usage = %d where photo_usage = %d and uid = %d",
 			    	intval(PHOTO_NORMAL),
 				    intval(PHOTO_COVER),
 				    intval(local_channel())
 			    );
-			
+
 				$sync = attach_export_data($channel,$r[0]['resource_id']);
 				if($sync)
 				    Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));
@@ -76,47 +76,47 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 
 			goaway(z_root() . '/cover_photo');
 		}
-	        
+
 		if((array_key_exists('cropfinal',$_POST)) && ($_POST['cropfinal'] == 1)) {
-	
+
 			// phase 2 - we have finished cropping
-	
+
 			if(argc() != 2) {
 				notice( t('Image uploaded but image cropping failed.') . EOL );
 				return;
 			}
-	
+
 			$image_id = argv(1);
-	
+
 			if(substr($image_id,-2,1) == '-') {
 				$scale = substr($image_id,-1,1);
 				$image_id = substr($image_id,0,-2);
 			}
-				
+
 
 
 			$srcX = intval($_POST['xstart']);
 			$srcY = intval($_POST['ystart']);
 			$srcW = intval($_POST['xfinal']) - $srcX;
 			$srcH = intval($_POST['yfinal']) - $srcY;
-	
+
 			$r = q("select gender from profile where uid = %d and is_default = 1 limit 1",
 				intval(local_channel())
 			);
 			if($r) {
 				$profile = $r[0];
 			}
-	
+
 			$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND uid = %d AND imgscale = 0 LIMIT 1",
 				dbesc($image_id),
 				intval(local_channel())
 			);
-	
+
 			if($r) {
 
 				$max_thumb = intval(get_config('system','max_thumbnail',1600));
 				$iscaled = false;
-				if(intval($r[0]['height']) > $max_thumb || intval($r[0]['width']) > $max_thumb) { 
+				if(intval($r[0]['height']) > $max_thumb || intval($r[0]['width']) > $max_thumb) {
 					$imagick_path = get_config('system','imagick_convert_path');
 					if($imagick_path && @file_exists($imagick_path) && intval($r[0]['os_storage'])) {
 
@@ -150,63 +150,63 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 
 				$im = photo_factory($base_image['content'], $base_image['mimetype']);
 				if($im->is_valid()) {
-	
-					// We are scaling and cropping the relative pixel locations to the original photo instead of the 
+
+					// We are scaling and cropping the relative pixel locations to the original photo instead of the
 					// scaled photo we operated on.
-	
+
 					// First load the scaled photo to check its size. (Should probably pass this in the post form and save
 					// a query.)
-	
+
 					$g = q("select width, height from photo where resource_id = '%s' and uid = %d and imgscale = 3",
 						dbesc($image_id),
 						intval(local_channel())
 					);
-	
-	
+
+
 					$scaled_width = $g[0]['width'];
 					$scaled_height = $g[0]['height'];
-	
+
 					if((! $scaled_width) || (! $scaled_height)) {
 						logger('potential divide by zero scaling cover photo');
 						return;
 					}
-	
+
 					// unset all other cover photos
-	
+
 					q("update photo set photo_usage = %d where photo_usage = %d and uid = %d",
 						intval(PHOTO_NORMAL),
 						intval(PHOTO_COVER),
 						intval(local_channel())
 					);
-	
+
 					$orig_srcx = ( $base_image['width'] / $scaled_width ) * $srcX;
 					$orig_srcy = ( $base_image['height'] / $scaled_height ) * $srcY;
 	 				$orig_srcw = ( $srcW / $scaled_width ) * $base_image['width'];
 	 				$orig_srch = ( $srcH / $scaled_height ) * $base_image['height'];
-	
+
 					$im->cropImageRect(1200,435,$orig_srcx, $orig_srcy, $orig_srcw, $orig_srch);
-	
+
 					$aid = get_account_id();
-	
-					$p = [ 
-						'aid'          => $aid, 
-						'uid'          => local_channel(), 
+
+					$p = [
+						'aid'          => $aid,
+						'uid'          => local_channel(),
 						'resource_id'  => $base_image['resource_id'],
-						'filename'     => $base_image['filename'], 
+						'filename'     => $base_image['filename'],
 						'album'        => t('Cover Photos'),
 						'os_path'      => $base_image['os_path'],
 						'display_path' => $base_image['display_path'],
 						'photo_usage'  => PHOTO_COVER
 					];
-					
+
 					$r1 = $im->storeThumbnail($p, PHOTO_RES_COVER_1200);
-	
+
 					$im->doScaleImage(850,310);
 					$r2 = $im->storeThumbnail($p, PHOTO_RES_COVER_850);
-	
+
 					$im->doScaleImage(425,160);
 					$r3 = $im->storeThumbnail($p, PHOTO_RES_COVER_425);
-					
+
 					if($r1 === false || $r2 === false || $r3 === false) {
 						// if one failed, delete them all so we can start over.
 						notice( t('Image resize failed.') . EOL );
@@ -214,7 +214,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 							dbesc($base_image['resource_id']),
 							local_channel()
 						);
-						
+
 						$x = q("SELECT content FROM photo WHERE resource_id = '%s' AND uid = %d AND os_storage = 1 AND imgscale >= 7",
 							dbesc($base_image['resource_id']),
 							local_channel()
@@ -229,7 +229,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 					}
 
 					$this->send_cover_photo_activity($channel,$base_image,$profile);
-					
+
 					$sync = attach_export_data($channel,$base_image['resource_id']);
 					if($sync)
 					    Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));
@@ -240,33 +240,33 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 				else
 					notice( t('Unable to process image') . EOL);
 			}
-	
+
 			goaway(z_root() . '/channel/' . $channel['channel_address']);
-	
+
 		}
-	
-	
+
+
 		$hash = photo_new_resource();
 		$smallest = 0;
-	
+
 		require_once('include/attach.php');
-	
+
 		$res = attach_store(\App::get_channel(), get_observer_hash(), '', array('album' => t('Cover Photos'), 'hash' => $hash, 'nosync' => true));
-	
+
 		logger('attach_store: ' . print_r($res,true));
-	
+
 		if($res && intval($res['data']['is_photo'])) {
 			$i = q("select * from photo where resource_id = '%s' and uid = %d and imgscale = 0",
 				dbesc($hash),
 				intval(local_channel())
 			);
-	
+
 			if(! $i) {
 				notice( t('Image upload failed.') . EOL );
 				return;
 			}
 			$os_storage = false;
-	
+
 			foreach($i as $ii) {
 				$smallest   = intval($ii['imgscale']);
 				$os_storage = intval($ii['os_storage']);
@@ -274,91 +274,91 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 				$filetype   = $ii['mimetype'];
 			}
 		}
-	
+
 		$imagedata = (($os_storage) ? @file_get_contents(dbunescbin($imagedata)) : dbunescbin($imagedata));
 		$ph = photo_factory($imagedata, $filetype);
-	
+
 		if(! $ph->is_valid()) {
 			notice( t('Unable to process image.') . EOL );
 			return;
 		}
-	
+
 		return $this->cover_photo_crop_ui_head($a, $ph, $hash, $smallest);
-		
+
 	}
-	
+
 	function send_cover_photo_activity($channel,$photo,$profile) {
-	
+
 		$arr = array();
 		$arr['item_thread_top'] = 1;
 		$arr['item_origin'] = 1;
 		$arr['item_wall'] = 1;
-	
+
 		if($profile && stripos($profile['gender'],t('female')) !== false)
 			$t = t('%1$s updated her %2$s');
 		elseif($profile && stripos($profile['gender'],t('male')) !== false)
 			$t = t('%1$s updated his %2$s');
 		else
 			$t = t('%1$s updated their %2$s');
-	
+
 		$ptext = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo['resource_id'] . ']' . t('cover photo') . '[/zrl]';
-	
-		$ltext = '[zrl=' . z_root() . '/profile/' . $channel['channel_address'] . ']' . '[zmg]' . z_root() . '/photo/' . $photo['resource_id'] . '-8[/zmg][/zrl]'; 
-	
+
+		$ltext = '[zrl=' . z_root() . '/profile/' . $channel['channel_address'] . ']' . '[zmg]' . z_root() . '/photo/' . $photo['resource_id'] . '-8[/zmg][/zrl]';
+
 		$arr['body'] = sprintf($t,$channel['channel_name'],$ptext) . "\n\n" . $ltext;
-	
+
 		$acl = new \Zotlabs\Access\AccessList($channel);
 		$x = $acl->get();
 		$arr['allow_cid'] = $x['allow_cid'];
-	
+
 		$arr['allow_gid'] = $x['allow_gid'];
 		$arr['deny_cid'] = $x['deny_cid'];
 		$arr['deny_gid'] = $x['deny_gid'];
-	
+
 		$arr['uid'] = $channel['channel_id'];
 		$arr['aid'] = $channel['channel_account_id'];
-	
+
 		$arr['owner_xchan'] = $channel['channel_hash'];
 		$arr['author_xchan'] = $channel['channel_hash'];
-	
+
 		post_activity_item($arr);
-	
-	
+
+
 	}
-	
-	
+
+
 	/**
 	 * @brief Generate content of profile-photo view
 	 *
 	 * @return string
 	 *
 	 */
-	
-	
+
+
 	function get() {
-	
+
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL );
 			return;
 		}
-	
+
 		$channel = \App::get_channel();
-	
+
 		$newuser = false;
-	
+
 		if(argc() == 2 && argv(1) === 'new')
 			$newuser = true;
-	
+
 		if(argv(1) === 'use') {
 			if (argc() < 3) {
 				notice( t('Permission denied.') . EOL );
 				return;
 			};
-			
+
 	//		check_form_security_token_redirectOnErr('/cover_photo', 'cover_photo');
-	        
+
 			$resource_id = argv(2);
-	
+
 			$r = q("SELECT id, album, imgscale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY imgscale ASC",
 				intval(local_channel()),
 				dbesc($resource_id)
@@ -372,22 +372,22 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 				if($rr['imgscale'] == 7)
 					$havescale = true;
 			}
-	
+
 			$r = q("SELECT content, mimetype, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1",
 				intval($r[0]['id']),
 				intval(local_channel())
-	
+
 			);
 			if(! $r) {
 				notice( t('Photo not available.') . EOL );
 				return;
 			}
-	
+
 			if(intval($r[0]['os_storage']))
 				$data = @file_get_contents(dbunescbin($r[0]['content']));
 			else
-				$data = dbunescbin($r[0]['content']); 
-	
+				$data = dbunescbin($r[0]['content']);
+
 			$ph = photo_factory($data, $r[0]['mimetype']);
 			$smallest = 0;
 			if($ph->is_valid()) {
@@ -396,7 +396,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 					dbesc($r[0]['resource_id']),
 					intval(local_channel())
 				);
-	
+
 				if($i) {
 					$hash = $i[0]['resource_id'];
 					foreach($i as $ii) {
@@ -404,15 +404,15 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 					}
 	            }
 	        }
-	 
+
 			$this->cover_photo_crop_ui_head($a, $ph, $hash, $smallest);
 		}
-	
-	
+
+
 		if(! x(\App::$data,'imagecrop')) {
-	
+
 			$tpl = get_markup_template('cover_photo.tpl');
-	
+
 			$o .= replace_macros($tpl,array(
 				'$user'                => \App::$channel['channel_address'],
 				'$info'                => t('Your cover photo may be visible to anybody on the internet'),
@@ -422,7 +422,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 				'$title'               => t('Change Cover Photo'),
 				'$submit'              => t('Upload'),
 				'$remove'              => t('Remove'),
-				'$profiles'            => $profiles,
+				'$profiles'            => false,
 				'$embedPhotos' => t('Use a photo from your albums'),
 				'$embedPhotosModalTitle' => t('Use a photo from your albums'),
 				'$embedPhotosModalCancel' => t('Cancel'),
@@ -434,13 +434,13 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 				'$modalerrorlink' => t('Error getting photo link'),
 				'$modalerroralbum' => t('Error getting album'),
 				'$form_security_token' => get_form_security_token("cover_photo"),
-					/// @FIXME - yuk  
+					/// @FIXME - yuk
 				'$select' => t('Select existing photo'),
 
 			));
-			
+
 			call_hooks('cover_photo_content_end', $o);
-			
+
 			return $o;
 		}
 		else {
@@ -459,10 +459,8 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			));
 			return $o;
 		}
-	
-		return; // NOTREACHED
 	}
-	
+
 	/* @brief Generate the UI for photo-cropping
 	 *
 	 * @param $a Current application
@@ -470,30 +468,30 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 	 * @return void
 	 *
 	 */
-	
+
 	function cover_photo_crop_ui_head(&$a, $ph, $hash, $smallest){
-	
+
 		$max_length = get_config('system','max_image_length');
 		if(! $max_length)
 			$max_length = MAX_IMAGE_LENGTH;
 		if($max_length > 0)
 			$ph->scaleImage($max_length);
-	
+
 		$width  = $ph->getWidth();
 		$height = $ph->getHeight();
-	
+
 		if($width < 300 || $height < 300) {
 			$ph->scaleImageUp(240);
 			$width  = $ph->getWidth();
 			$height = $ph->getHeight();
 		}
-	
-	
+
+
 		\App::$data['imagecrop'] = $hash;
 		\App::$data['imagecrop_resolution'] = $smallest;
 		\App::$page['htmlhead'] .= replace_macros(get_markup_template("crophead.tpl"), array());
 		return;
 	}
-	
-	
+
+
 }

Zotlabs/Module/Defperms.php

@@ -258,7 +258,6 @@ class Defperms extends Controller {
 				'$sections'       => $sections,
 				'$autolbl'        => t('The permissions indicated on this page will be applied to all new connections.'),
 				'$autoapprove'    => t('Automatic approval settings'),
-				'$unapproved'     => $unapproved,
 				'$inherited'      => t('inherited'),
 				'$submit'         => t('Submit'),
 				'$me'             => t('My Settings'),

Zotlabs/Module/Dircensor.php

@@ -4,6 +4,7 @@ namespace Zotlabs\Module;
 
 use App;
 use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Libzotdir;
 
 
 class Dircensor extends Controller {
@@ -15,11 +16,12 @@ class Dircensor extends Controller {
 
 		$dirmode = intval(get_config('system','directory_mode'));
 
-		if (! ($dirmode == DIRECTORY_MODE_PRIMARY || $dirmode == DIRECTORY_MODE_STANDALONE)) {
+		if(!in_array($dirmode, [DIRECTORY_MODE_PRIMARY, DIRECTORY_MODE_SECONDARY, DIRECTORY_MODE_STANDALONE])) {
 			return;
 		}
 
 		$xchan = argv(1);
+
 		if(! $xchan) {
 			return;
 		}
@@ -32,19 +34,43 @@ class Dircensor extends Controller {
 			return;
 		}
 
-		$val = (($r[0]['xchan_censored']) ? 0 : 1);
+		$severity = intval($_REQUEST['severity'] ?? 0);
+		$flag = DIRECTORY_FLAG_OK;
 
-		q("update xchan set xchan_censored = $val where xchan_hash = '%s'",
+		if ($severity === 1) {
+			$flag = DIRECTORY_FLAG_UNSAFE;
+		}
+
+		if ($severity === 2) {
+			$flag = DIRECTORY_FLAG_HIDDEN;
+		}
+
+		Libzotdir::update($xchan, $r[0]['xchan_url'], true, $flag);
+
+		q("UPDATE xchan SET xchan_censored = %d WHERE xchan_hash = '%s'",
+			intval($flag),
 			dbesc($xchan)
 		);
 
-		if($val) {
+		q("UPDATE xtag SET xtag_flags = %d WHERE xtag_hash = '%s'",
+			intval($flag),
+			dbesc($xchan)
+		);
+
+		if($flag) {
 			info( t('Entry censored') . EOL);
 		}
 		else {
-			info( t('Entry uncensored') . EOL);
+			info( t('Entry OK') . EOL);
 		}
-		
+
+		if (isset($_REQUEST['aj'])) {
+			json_return_and_die([
+				'success' => 1,
+				'flag' => $flag
+			]);
+		}
+
 		goaway(z_root() . '/directory');
 
 	}

Zotlabs/Module/Directory.php

@@ -83,7 +83,7 @@ class Directory extends Controller {
 		$globaldir = Libzotdir::get_directory_setting($observer, 'globaldir');
 
 		// override your personal global search pref if we're doing a navbar search of the directory
-		if(intval($_REQUEST['navsearch']))
+		if(isset($_REQUEST['navsearch']) && intval($_REQUEST['navsearch']))
 			$globaldir = 1;
 
 		$safe_mode = Libzotdir::get_directory_setting($observer, 'safemode');
@@ -98,15 +98,18 @@ class Directory extends Controller {
 		else
 			$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
 
-
+		$advanced = '';
 		if(strpos($search,'=') && local_channel() && feature_enabled(local_channel(), 'advanced_dirsearch'))
 			$advanced = $search;
 
-		$keywords = (($_GET['keywords']) ? $_GET['keywords'] : '');
+		$keywords = $_GET['keywords'] ?? '';
 
 		// Suggest channels if no search terms or keywords are given
 		$suggest = (local_channel() && x($_REQUEST,'suggest')) ? $_REQUEST['suggest'] : '';
 
+		$addresses = [];
+		$common = [];
+
 		if($suggest) {
 
 			// the directory options have no effect in suggestion mode
@@ -123,8 +126,7 @@ class Directory extends Controller {
 			}
 
 			// Remember in which order the suggestions were
-			$addresses = array();
-			$common = array();
+
 			$index = 0;
 			foreach($r as $rr) {
 				$common[$rr['xchan_addr']] = ((intval($rr['total']) > 0) ? intval($rr['total']) - 1 : 0);
@@ -132,7 +134,7 @@ class Directory extends Controller {
 			}
 
 			// Build query to get info about suggested people
-			$advanced = '';
+
 			foreach(array_keys($addresses) as $address) {
 				$advanced .= "address=\"$address\" ";
 			}
@@ -147,7 +149,9 @@ class Directory extends Controller {
 
 		$directory_admin = false;
 
-		if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
+		$url = '';
+
+		if(in_array($dirmode, [DIRECTORY_MODE_PRIMARY, DIRECTORY_MODE_SECONDARY, DIRECTORY_MODE_STANDALONE])) {
 			$url = z_root() . '/dirsearch';
 			if (is_site_admin()) {
 				$directory_admin = true;
@@ -187,7 +191,10 @@ class Directory extends Controller {
 			if(get_config('system','disable_directory_keywords'))
 				$kw = 0;
 
-			$query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : '');
+			if (intval($safe_mode) === 0 && $directory_admin)
+				$safe_mode = -1;
+
+			$query = $url . '?f=&kw=' . $kw . (($safe_mode < 1) ? '&safe=' . $safe_mode : '');
 
 			if($token)
 				$query .= '&t=' . $token;
@@ -228,7 +235,7 @@ class Directory extends Controller {
 				$j = json_decode($x['body'],true);
 				if($j) {
 
-					if($j['results']) {
+					if(isset($j['results']) && $j['results']) {
 
 						$results = $j['results'];
 						if($suggest) {
@@ -275,19 +282,12 @@ class Directory extends Controller {
 
 							$page_type = '';
 
-							$rating_enabled = get_config('system','rating_enabled');
-
-							if($rr['total_ratings'] && $rating_enabled)
-								$total_ratings = sprintf( tt("%d rating", "%d ratings", $rr['total_ratings']), $rr['total_ratings']);
-							else
-								$total_ratings = '';
-
 							$profile = $rr;
 
-							if ((x($profile,'locale') == 1)
-								|| (x($profile,'region') == 1)
-								|| (x($profile,'postcode') == 1)
-								|| (x($profile,'country') == 1))
+					//		if ((x($profile,'locale') == 1)
+					//			|| (x($profile,'region') == 1)
+					//			|| (x($profile,'postcode') == 1)
+					//			|| (x($profile,'country') == 1))
 
 							$gender = ((x($profile,'gender') == 1) ? t('Gender: ') . $profile['gender']: False);
 
@@ -299,10 +299,11 @@ class Directory extends Controller {
 							$hometown = ((x($profile,'hometown') == 1) ? html2plain($profile['hometown'])  : False);
 
 							$about = ((x($profile,'about') == 1) ? zidify_links(bbcode($profile['about'], ['tryoembed' => false])) : False);
-							if ($about && $safe_mode) {
-								$about = html2plain($about);
+							if ($about && $safe_mode > 0) {
+								$about = strip_tags($about, '<br>');
 							}
 
+
 							$keywords = ((x($profile,'keywords')) ? $profile['keywords'] : '');
 
 
@@ -312,7 +313,7 @@ class Directory extends Controller {
 								$keywords = str_replace(',',' ', $keywords);
 								$keywords = str_replace('  ',' ', $keywords);
 								$karr = explode(' ', $keywords);
-
+								$marr = [];
 								if($karr) {
 									if(local_channel()) {
 										$r = q("select keywords from profile where uid = %d and is_default = 1 limit 1",
@@ -352,16 +353,17 @@ class Directory extends Controller {
 								'location' => $location,
 								'location_label' => t('Location:'),
 								'gender'   => $gender,
-								'total_ratings' => $total_ratings,
-								'viewrate' => true,
-								'canrate' => (($rating_enabled && local_channel()) ? true : false),
 								'pdesc'	=> $pdesc,
 								'pdesc_label' => t('Description:'),
-								'censor' => (($directory_admin) ? 'dircensor/' . $rr['hash'] : ''),
-								'censor_label' => (($rr['censored']) ? t('Uncensor') : t('Censor')),
+								'censor' => (($directory_admin) ? 'dircensor/' . $rr['hash'] . '?severity=' . ((intval($rr['censored']) > 0) ? 0 : 1) : ''),
+								'censor_label' => t('Unsafe'),
+								'censor_class' => ((intval($rr['censored']) === 1) ? 'active' : ''),
+								'censor_2' => (($directory_admin) ? 'dircensor/' . $rr['hash'] . '?severity=' . ((intval($rr['censored']) > 1) ? 0 : 2) : ''),
+								'censor_2_label' => t('Spam'),
+								'censor_2_class' => ((intval($rr['censored']) > 1) ? 'active' : ''),
 								'marital'  => $marital,
 								'homepage' => $homepage,
-								'homepageurl' => (($safe_mode) ? $homepageurl : linkify($homepageurl)),
+								'homepageurl' => (($safe_mode  > 0) ? $homepageurl : linkify($homepageurl)),
 								'hometown' => $hometown,
 								'hometown_label' => t('Hometown:'),
 								'about' => $about,
@@ -374,9 +376,9 @@ class Directory extends Controller {
 								'keywords' => $out,
 								'ignlink' => $suggest ? z_root() . '/directory?ignore=' . $rr['hash'] : '',
 								'ignore_label' => t('Don\'t suggest'),
-								'common_friends' => (($common[$rr['address']]) ? intval($common[$rr['address']]) : ''),
+								'common_friends' => $common[$rr['address']] ?? '',
 								'common_label' => t('Common connections (estimated):'),
-								'common_count' => intval($common[$rr['address']]),
+								'common_count' => $common[$rr['address']] ?? '',
 								'safe' => $safe_mode
 							);
 
@@ -402,14 +404,15 @@ class Directory extends Controller {
 
 						ksort($entries); // Sort array by key so that foreach-constructs work as expected
 
-						if($j['keywords']) {
+						if(isset($j['keywords']) && $j['keywords']) {
 							App::$data['directory_keywords'] = $j['keywords'];
 						}
 
 						logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA);
 
+						$aj = $_REQUEST['aj'] ?? '';
 
-						if($_REQUEST['aj']) {
+						if($aj) {
 							if($entries) {
 								$o = replace_macros(get_markup_template('directajax.tpl'),array(
 									'$entries' => $entries
@@ -441,7 +444,8 @@ class Directory extends Controller {
 								'$reverse' => t('Reverse Alphabetic'),
 								'$date' => t('Newest to Oldest'),
 								'$reversedate' => t('Oldest to Newest'),
-								'$suggest' => $suggest ? '&suggest=1' : ''
+								'$suggest' => $suggest ? '&suggest=1' : '',
+								'$directory_admin' => $directory_admin
 							));
 
 
@@ -449,12 +453,12 @@ class Directory extends Controller {
 
 					}
 					else {
-						if($_REQUEST['aj']) {
+						if(isset($_REQUEST['aj']) && $_REQUEST['aj']) {
 							$o = '<div id="content-complete"></div>';
 							echo $o;
 							killme();
 						}
-						if(App::$pager['page'] == 1 && $j['records'] == 0 && strpos($search,'@')) {
+						if(App::$pager['page'] == 1 && (isset($j['records']) && $j['records'] == 0) && strpos($search,'@')) {
 							goaway(z_root() . '/chanview/?f=&address=' . $search);
 						}
 						info( t("No entries (some entries may be hidden).") . EOL);

Zotlabs/Module/Dirsearch.php

@@ -15,8 +15,7 @@ class Dirsearch extends Controller {
 
 		$ret = array('success' => false);
 
-	//	logger('request: ' . print_r($_REQUEST,true));
-
+		// logger('request: ' . print_r($_REQUEST,true));
 
 		$dirmode = intval(get_config('system','directory_mode'));
 
@@ -25,8 +24,7 @@ class Dirsearch extends Controller {
 			json_return_and_die($ret);
 		}
 
-
-		$access_token = $_REQUEST['t'];
+		$access_token = $_REQUEST['t'] ?? '';
 
 		$token = get_config('system','realm_token');
 		if($token && $access_token != $token) {
@@ -41,11 +39,12 @@ class Dirsearch extends Controller {
 		}
 
 		$sql_extra = '';
-
+		$keywords_query = '';
+		$hub_query = '';
 
 		$tables = array('name','address','locale','region','postcode','country','gender','marital','sexual','keywords');
 
-		if($_REQUEST['query']) {
+		if(isset($_REQUEST['query']) && $_REQUEST['query']) {
 			$advanced = $this->dir_parse_query($_REQUEST['query']);
 			if($advanced) {
 				foreach($advanced as $adv) {
@@ -61,22 +60,23 @@ class Dirsearch extends Controller {
 			}
 		}
 
-		$hash     = ((x($_REQUEST['hash']))    ? $_REQUEST['hash']     : '');
+		$hash     = $_REQUEST['hash'] ?? '';
+
+		$name     = $_REQUEST['name'] ?? '';
+		$hub      = $_REQUEST['hub'] ?? '';
+		$address  = $_REQUEST['address'] ?? '';
+		$locale   = $_REQUEST['locale'] ?? '';
+		$region   = $_REQUEST['region'] ?? '';
+		$postcode = $_REQUEST['postcode'] ?? '';
+		$country  = $_REQUEST['country'] ?? '';
+		$gender   = $_REQUEST['gender'] ?? '';
+		$marital  = $_REQUEST['marital'] ?? '';
+		$sexual   = $_REQUEST['sexual'] ?? '';
+		$keywords = $_REQUEST['keywords'] ?? '';
+		$agege    = $_REQUEST['agege'] ?? 0;
+		$agele    = $_REQUEST['agele'] ?? 0;
+		$kw       = $_REQUEST['kw'] ?? 0;
 
-		$name     = ((x($_REQUEST,'name'))     ? $_REQUEST['name']     : '');
-		$hub      = ((x($_REQUEST,'hub'))      ? $_REQUEST['hub']      : '');
-		$address  = ((x($_REQUEST,'address'))  ? $_REQUEST['address']  : '');
-		$locale   = ((x($_REQUEST,'locale'))   ? $_REQUEST['locale']   : '');
-		$region   = ((x($_REQUEST,'region'))   ? $_REQUEST['region']   : '');
-		$postcode = ((x($_REQUEST,'postcode')) ? $_REQUEST['postcode'] : '');
-		$country  = ((x($_REQUEST,'country'))  ? $_REQUEST['country']  : '');
-		$gender   = ((x($_REQUEST,'gender'))   ? $_REQUEST['gender']   : '');
-		$marital  = ((x($_REQUEST,'marital'))  ? $_REQUEST['marital']  : '');
-		$sexual   = ((x($_REQUEST,'sexual'))   ? $_REQUEST['sexual']   : '');
-		$keywords = ((x($_REQUEST,'keywords')) ? $_REQUEST['keywords'] : '');
-		$agege    = ((x($_REQUEST,'agege'))    ? intval($_REQUEST['agege']) : 0 );
-		$agele    = ((x($_REQUEST,'agele'))    ? intval($_REQUEST['agele']) : 0 );
-		$kw       = ((x($_REQUEST,'kw'))       ? intval($_REQUEST['kw'])    : 0 );
 		$forums   = ((array_key_exists('pubforums',$_REQUEST)) ? intval($_REQUEST['pubforums']) : 0);
 
 		if(get_config('system','disable_directory_keywords'))
@@ -84,9 +84,7 @@ class Dirsearch extends Controller {
 
 
 		// by default use a safe search
-		$safe     = ((x($_REQUEST,'safe')));    // ? intval($_REQUEST['safe'])  : 1 );
-		if ($safe === false)
-				$safe = 1;
+		$safe = $_REQUEST['safe'] ?? 1;
 
 		if(array_key_exists('sync',$_REQUEST)) {
 			if($_REQUEST['sync'])
@@ -101,15 +99,15 @@ class Dirsearch extends Controller {
 			$hub = \App::get_hostname();
 		}
 
-		if($hub)
-			$hub_query = " and xchan_hash in (select hubloc_hash from hubloc where hubloc_host =  '" . protect_sprintf(dbesc($hub)) . "') ";
-		else
-			$hub_query = '';
+		if($hub) {
+			$hub_query = " and xchan_hash in (select hubloc_hash from hubloc where hubloc_deleted = 0 and hubloc_host =  '" . protect_sprintf(dbesc($hub)) . "') ";
+		}
+
 
 		$sort_order  = ((x($_REQUEST,'order')) ? $_REQUEST['order'] : '');
 
 		$joiner = ' OR ';
-		if($_REQUEST['and'])
+		if(isset($_REQUEST['and']) && $_REQUEST['and'])
 			$joiner = ' AND ';
 
 		if($name)
@@ -130,9 +128,16 @@ class Dirsearch extends Controller {
 			$sql_extra .= $this->dir_query_build($joiner,'xprof_marital',$marital);
 		if($sexual)
 			$sql_extra .= $this->dir_query_build($joiner,'xprof_sexual',$sexual);
-		if($keywords)
+		if($keywords && $name) {
+			// this is a general search
 			$sql_extra .= $this->dir_query_build($joiner,'xprof_keywords',$keywords);
-
+		}
+		if($keywords && !$name) {
+			// this is a search for keywords only
+			$keywords_arr = explode(',', $keywords);
+			stringify_array_elms($keywords_arr, true);
+			$keywords_query = " AND xchan_hash IN (SELECT xtag_hash FROM xtag WHERE xtag_term IN (" . protect_sprintf(implode(',', $keywords_arr)) . ")) ";
+		}
 
 		// we only support an age range currently. You must set both agege
 		// (greater than or equal) and agele (less than or equal)
@@ -148,11 +153,11 @@ class Dirsearch extends Controller {
 		}
 
 
-	    $perpage      = (($_REQUEST['n'])              ? $_REQUEST['n']                    : 60);
-	    $page         = (($_REQUEST['p'])              ? intval($_REQUEST['p'] - 1)        : 0);
+	    $perpage      = $_REQUEST['n'] ?? 60;
+	    $page         = ((isset($_REQUEST['p']) && $_REQUEST['p']) ? intval($_REQUEST['p'] - 1) : 0);
 	    $startrec     = (($page+1) * $perpage) - $perpage;
-		$limit        = (($_REQUEST['limit'])          ? intval($_REQUEST['limit'])        : 0);
-		$return_total = ((x($_REQUEST,'return_total')) ? intval($_REQUEST['return_total']) : 0);
+		$limit        = $_REQUEST['limit'] ?? 0;
+		$return_total = $_REQUEST['return_total'] ?? 0;
 
 		// mtime is not currently working
 
@@ -176,9 +181,15 @@ class Dirsearch extends Controller {
 			$sql_extra .= " and xchan_addr like '%%" . \App::get_hostname() . "' ";
 		}
 
-		$safesql = (($safe > 0) ? " and xchan_censored = 0 and xchan_selfcensored = 0 " : '');
+		$safesql = '';
+		if($safe > 0)
+			$safesql = " and xchan_censored = 0 and xchan_selfcensored = 0 ";
+
+		if($safe < 1)
+			$safesql = " and xchan_censored < 2 and xchan_selfcensored < 2 ";
+
 		if($safe < 0)
-			$safesql = " and ( xchan_censored = 1 OR xchan_selfcensored = 1 ) ";
+			$safesql = " and xchan_censored < 3 and xchan_selfcensored < 2 ";
 
 		if($forums)
 			$safesql .= " and xchan_pubforum = " . ((intval($forums)) ? '1 ' : '0 ');
@@ -214,26 +225,25 @@ class Dirsearch extends Controller {
 
 		if($sync) {
 			$spkt = array('transactions' => array());
-			$r = q("select * from updates where ud_date >= '%s' and ud_guid != '' and ud_addr != '' order by ud_date desc",
+
+			$r = q("SELECT * FROM updates WHERE ud_update = 0 AND ud_last = '%s' AND ud_date >= '%s' ORDER BY ud_date DESC",
+				dbesc(NULL_DATE),
 				dbesc($sync)
 			);
+
 			if($r) {
 				foreach($r as $rr) {
-					$flags = array();
-					if($rr['ud_flags'] & UPDATE_FLAGS_DELETED)
-						$flags[] = 'deleted';
-					if($rr['ud_flags'] & UPDATE_FLAGS_FORCED)
-						$flags[] = 'forced';
-
-					$spkt['transactions'][] = array(
+					$spkt['transactions'][] = [
 						'hash' => $rr['ud_hash'],
 						'address' => $rr['ud_addr'],
-						'transaction_id' => $rr['ud_guid'],
+						'host' => $rr['ud_host'],
+						'transaction_id' => $rr['ud_host'], // deprecated 2023-04-12 - can be removed after dir servers at version >= 8.4
 						'timestamp' => $rr['ud_date'],
-						'flags' => $flags
-					);
+						'flags' => $rr['ud_flags']
+					];
 				}
 			}
+
 			json_return_and_die($spkt);
 		}
 		else {
@@ -262,8 +272,8 @@ class Dirsearch extends Controller {
 				xprof.xprof_homepage as homepage,
 				xprof.xprof_hometown as hometown,
 				xprof.xprof_keywords as keywords
-				from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on hubloc_hash = xchan_hash
-				where hubloc_primary = 1 and hubloc_updated > %s - INTERVAL %s and ( $logic $sql_extra ) $hub_query and xchan_network = 'zot6' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0
+				from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on (hubloc_id_url = xchan_url and hubloc_hash = xchan_hash)
+				where hubloc_primary = 1 and hubloc_updated > %s - INTERVAL %s and ( $logic $sql_extra ) $hub_query $keywords_query and xchan_network = 'zot6' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0
 				$safesql $order $qlimit",
 				db_utcnow(),
 				db_quoteinterval('30 DAY')

Zotlabs/Module/Display.php

@@ -36,7 +36,7 @@ class Display extends \Zotlabs\Web\Controller {
 			}
 		}
 
-		if($_REQUEST['mid']) {
+		if(isset($_REQUEST['mid']) && $_REQUEST['mid']) {
 			$item_hash = $_REQUEST['mid'];
 		}
 
@@ -56,6 +56,8 @@ class Display extends \Zotlabs\Web\Controller {
 
 		$observer_is_owner = false;
 
+		$o = '';
+
 		if(local_channel() && (! $update)) {
 
 			$channel = App::get_channel();
@@ -72,7 +74,7 @@ class Display extends \Zotlabs\Web\Controller {
 				'allow_location'      => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
 				'default_location'    => $channel['channel_location'],
 				'nickname'            => $channel['channel_address'],
-				'lockstate'           => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
+				'lockstate'           => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
 				'acl'                 => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'),
 				'permissions'         => $channel_acl,
 				'bang'                => '',
@@ -87,7 +89,8 @@ class Display extends \Zotlabs\Web\Controller {
 				'reset'               => t('Reset form')
 			);
 
-			$o = '<div id="jot-popup">';
+			$o .= '<div id="jot-popup">';
+			$a = '';
 			$o .= status_editor($a,$x,false,'Display');
 			$o .= '</div>';
 		}
@@ -107,17 +110,21 @@ class Display extends \Zotlabs\Web\Controller {
 			dbesc($item_hash)
 		);
 
-		if($r) {
-			$target_item = $r[0];
+		if (!$r) {
+			notice( t('Item not found.') . EOL);
+			return '';
 		}
 
+		$target_item = $r[0];
+
+		/* not yet ready for prime time
 		$x = q("select * from xchan where xchan_hash = '%s' limit 1",
 			dbesc($target_item['author_xchan'])
 		);
 		if($x) {
-// not yet ready for prime time
-//			App::$poi = $x[0];
+			App::$poi = $x[0];
 		}
+		*/
 
 		//if the item is to be moderated redirect to /moderate
 		if($target_item['item_blocked'] == ITEM_MODERATED) {
@@ -206,27 +213,27 @@ class Display extends \Zotlabs\Web\Controller {
 		$observer_hash = get_observer_hash();
 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
-
-		$sql_extra = ((local_channel()) ? EMPTY_STR : item_permissions_sql(0, $observer_hash));
+		$sql_extra = '';
+		$r = [];
 
 		if($noscript_content || $load) {
-
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
 			// in case somebody turned off public access to sys channel content using permissions
 			// make that content unsearchable by ensuring the owner uid can't match
 			$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
 
-			$r = null;
-
 			if(local_channel()) {
 				$r = q("SELECT item.id AS item_id FROM item WHERE uid = %d AND mid = '%s' $item_normal LIMIT 1",
 					intval(local_channel()),
 					dbesc($target_item['parent_mid'])
 				);
+
 			}
 
-			if($r === null) {
+			if(!$r) {
+				$sql_extra = item_permissions_sql(0, $observer_hash);
+
 				$r = q("SELECT item.id AS item_id FROM item
 					WHERE ((mid = '%s'
 					AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid  = ''
@@ -250,7 +257,6 @@ class Display extends \Zotlabs\Web\Controller {
 			// make that content unsearchable by ensuring the owner uid can't match
 			$sys_id = perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream') ? $sys['channel_id'] : 0;
 
-			$r = null;
 			if(local_channel()) {
 				$r = q("SELECT item.parent AS item_id from item
 					WHERE uid = %d
@@ -263,7 +269,9 @@ class Display extends \Zotlabs\Web\Controller {
 				);
 			}
 
-			if($r === null) {
+			if(!$r) {
+				$sql_extra = item_permissions_sql(0, $observer_hash);
+
 				$r = q("SELECT item.id as item_id from item
 					WHERE ((parent_mid = '%s'
 					AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid  = ''
@@ -280,10 +288,6 @@ class Display extends \Zotlabs\Web\Controller {
 			}
 		}
 
-		else {
-			$r = [];
-		}
-
 		if($r) {
 			$parents_str = ids_to_querystr($r,'item_id');
 			if($parents_str) {
@@ -301,71 +305,71 @@ class Display extends \Zotlabs\Web\Controller {
 			$items = array();
 		}
 
-
 		switch($module_format) {
 
-		case 'html':
+			case 'html':
 
-			if ($update) {
-				$o .= conversation($items, 'display', $update, 'client');
-			}
-			else {
-				$o .= '<noscript>';
-				if($noscript_content) {
-					$o .= conversation($items, 'display', $update, 'traditional');
+				if ($update) {
+					$o .= conversation($items, 'display', $update, 'client');
 				}
 				else {
-					$o .= '<div class="section-content-warning-wrapper">' . t('You must enable javascript for your browser to be able to view this content.') . '</div>';
+					$o .= '<noscript>';
+					if($noscript_content) {
+						$o .= conversation($items, 'display', $update, 'traditional');
+					}
+					else {
+						$o .= '<div class="section-content-warning-wrapper">' . t('You must enable javascript for your browser to be able to view this content.') . '</div>';
+					}
+					$o .= '</noscript>';
+
+					if (isset($items[0]['title'])) {
+						App::$page['title'] = $items[0]['title'] . ' - ' . App::$page['title'];
+					}
+
+					$o .= conversation($items, 'display', $update, 'client');
 				}
-				$o .= '</noscript>';
 
-				App::$page['title'] = (($items[0]['title']) ? $items[0]['title'] . " - " . App::$page['title'] : App::$page['title']);
+				break;
 
-				$o .= conversation($items, 'display', $update, 'client');
-			}
+			case 'atom':
 
-			break;
+				$atom = replace_macros(get_markup_template('atom_feed.tpl'), array(
+					'$version'       => xmlify(\Zotlabs\Lib\System::get_project_version()),
+					'$generator'     => xmlify(\Zotlabs\Lib\System::get_platform_name()),
+					'$generator_uri' => 'https://hubzilla.org',
+					'$feed_id'       => xmlify(App::$cmd),
+					'$feed_title'    => xmlify(t('Article')),
+					'$feed_updated'  => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)),
+					'$author'        => '',
+					'$owner'         => '',
+					'$profile_page'  => xmlify(z_root() . '/display/' . gen_link_id($target_item['mid'])),
+				));
 
-		case 'atom':
+				$x = [ 'xml' => $atom, 'channel' => $channel, 'observer_hash' => $observer_hash, 'params' => $params ];
+				call_hooks('atom_feed_top',$x);
 
-			$atom = replace_macros(get_markup_template('atom_feed.tpl'), array(
-				'$version'       => xmlify(\Zotlabs\Lib\System::get_project_version()),
-				'$generator'     => xmlify(\Zotlabs\Lib\System::get_platform_name()),
-				'$generator_uri' => 'https://hubzilla.org',
-				'$feed_id'       => xmlify(App::$cmd),
-				'$feed_title'    => xmlify(t('Article')),
-				'$feed_updated'  => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)),
-				'$author'        => '',
-				'$owner'         => '',
-				'$profile_page'  => xmlify(z_root() . '/display/' . gen_link_id($target_item['mid'])),
-			));
+				$atom = $x['xml'];
 
-			$x = [ 'xml' => $atom, 'channel' => $channel, 'observer_hash' => $observer_hash, 'params' => $params ];
-			call_hooks('atom_feed_top',$x);
-
-			$atom = $x['xml'];
-
-			// a much simpler interface
-			call_hooks('atom_feed', $atom);
+				// a much simpler interface
+				call_hooks('atom_feed', $atom);
 
 
-			if($items) {
-				$type = 'html';
-				foreach($items as $item) {
-					if($item['item_private'])
-						continue;
-					$atom .= atom_entry($item, $type, null, '', true, '', false);
+				if($items) {
+					$type = 'html';
+					foreach($items as $item) {
+						if($item['item_private'])
+							continue;
+						$atom .= atom_entry($item, $type, null, '', true, '', false);
+					}
 				}
-			}
 
-			call_hooks('atom_feed_end', $atom);
+				call_hooks('atom_feed_end', $atom);
 
-			$atom .= '</feed>' . "\r\n";
-
-			header('Content-type: application/atom+xml');
-			echo $atom;
-			killme();
+				$atom .= '</feed>' . "\r\n";
 
+				header('Content-type: application/atom+xml');
+				echo $atom;
+				killme();
 		}
 
 		$o .= '<div id="content-complete"></div>';

Zotlabs/Module/Dreport.php

@@ -56,10 +56,12 @@ class Dreport extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		$r = q("select * from dreport where dreport_xchan = '%s' and (dreport_mid = '%s' or dreport_mid = '%s')",
+		$r = q("select * from dreport where dreport_xchan = '%s' and (dreport_mid = '%s' or dreport_mid = '%s' or dreport_mid = '%s' or dreport_mid = '%s')",
 			dbesc($channel['channel_hash']),
 			dbesc($mid),
-			dbesc(str_replace('/item/', '/activity/', $mid))
+			dbesc($mid . '#sync'),
+			dbesc(str_replace('/item/', '/activity/', $mid)),
+			dbesc(str_replace('/item/', '/activity/', $mid) . '#sync')
 		);
 
 		if(! $r) {
@@ -94,6 +96,7 @@ class Dreport extends \Zotlabs\Web\Controller {
 				case 'updated':
 					$r[$x]['gravity'] = 5;
 					$r[$x]['dreport_result'] = t('updated');
+					break;
 				case 'update ignored':
 					$r[$x]['gravity'] = 6;
 					$r[$x]['dreport_result'] = t('update ignored');

Zotlabs/Module/Editpost.php

@@ -57,15 +57,17 @@ class Editpost extends \Zotlabs\Web\Controller {
 		$catsenabled = ((feature_enabled($owner_uid,'categories')) ? 'categories' : '');
 
 		if ($catsenabled){
-		        $itm = fetch_post_tags($itm);
-
-	                $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY);
-
-		        foreach ($cats as $cat) {
-		                if (strlen($category))
-		                        $category .= ', ';
-		                $category .= $cat['term'];
-		        }
+			$itm = fetch_post_tags($itm);
+			if (isset($itm[0]['term'])) {
+				$cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY);
+				if ($cats) {
+					foreach ($cats as $cat) {
+						if (strlen($category))
+								$category .= ', ';
+						$category .= $cat['term'];
+					}
+				}
+			}
 		}
 
 		if($itm[0]['attach']) {
@@ -104,6 +106,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 			'bbcode' => true
 		);
 
+		$a = '';
 		$editor = status_editor($a, $x, false, 'Editpost');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(

Zotlabs/Module/Fhublocs.php

@@ -60,25 +60,26 @@ class Fhublocs extends \Zotlabs\Web\Controller {
 
 				$h = hubloc_store_lowlevel(
 					[
-						'hubloc_guid'     => $rr['channel_guid'],
-						'hubloc_guid_sig' => $rr['channel_guid_sig'],
-						'hubloc_hash'     => $rr['channel_hash'],
-						'hubloc_id_url'   => channel_url($rr),
-						'hubloc_addr'     => channel_reddress($rr),
-						'hubloc_primary'  => intval($primary),
-						'hubloc_url'      => z_root(),
-						'hubloc_url_sig'  => Libzot::sign(z_root(), $rr['channel_prvkey']),
-						'hubloc_site_id'  => Libzot::make_xchan_hash(z_root(), $sitekey),
-						'hubloc_host'     => \App::get_hostname(),
-						'hubloc_callback' => z_root() . '/zot',
-						'hubloc_sitekey'  => $sitekey,
-						'hubloc_network'  => 'zot6',
-						'hubloc_updated'  => datetime_convert()
+						'hubloc_guid'      => $rr['channel_guid'],
+						'hubloc_guid_sig'  => $rr['channel_guid_sig'],
+						'hubloc_hash'      => $rr['channel_hash'],
+						'hubloc_id_url'    => channel_url($rr),
+						'hubloc_addr'      => channel_reddress($rr),
+						'hubloc_primary'   => intval($primary),
+						'hubloc_url'       => z_root(),
+						'hubloc_url_sig'   => Libzot::sign(z_root(), $rr['channel_prvkey']),
+						'hubloc_site_id'   => Libzot::make_xchan_hash(z_root(), $sitekey),
+						'hubloc_host'      => \App::get_hostname(),
+						'hubloc_callback'  => z_root() . '/zot',
+						'hubloc_sitekey'   => $sitekey,
+						'hubloc_network'   => 'zot6',
+						'hubloc_updated'   => datetime_convert(),
+						'hubloc_connected' => datetime_convert()
 					]
 				);
 
 				if($h)
-					$o . 'local hubloc created for ' . $rr['channel_name'] . EOL;
+					$o .= 'local hubloc created for ' . $rr['channel_name'] . EOL;
 				else
 					$o .= 'DB update failed for ' . $rr['channel_name'] . EOL;
 

Zotlabs/Module/File_upload.php

@@ -30,12 +30,12 @@ class File_upload extends \Zotlabs\Web\Controller {
 			$_REQUEST['group_deny']    = expand_acl($channel['channel_deny_gid']);
 		}
 
-		$_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']);
-		$_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']);
-		$_REQUEST['deny_cid']  = perms2str($_REQUEST['contact_deny']);
-		$_REQUEST['deny_gid']  = perms2str($_REQUEST['group_deny']);
+		$_REQUEST['allow_cid'] = ((isset($_REQUEST['contact_allow'])) ? perms2str($_REQUEST['contact_allow']) : '');
+		$_REQUEST['allow_gid'] = ((isset($_REQUEST['group_allow'])) ? perms2str($_REQUEST['group_allow']) : '');
+		$_REQUEST['deny_cid']  = ((isset($_REQUEST['contact_deny'])) ? perms2str($_REQUEST['contact_deny']) : '');
+		$_REQUEST['deny_gid']  = ((isset($_REQUEST['group_deny'])) ? perms2str($_REQUEST['group_deny']) : '');
 
-		if($_REQUEST['filename']) {
+		if(isset($_REQUEST['filename']) && $_REQUEST['filename']) {
 			$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
 			if($r['success']) {
 				$hash = $r['data']['hash'];

Zotlabs/Module/Follow.php

@@ -70,13 +70,12 @@ class Follow extends Controller {
 		}
 
 		$uid = local_channel();
-		$url = notags(trim(punify($_REQUEST['url'])));
+		$url = notags(punify(trim($_REQUEST['url'])));
 		$return_url = $_SESSION['return_url'];
-		$confirm = intval($_REQUEST['confirm']);
-		$interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1);
+		$interactive = $_REQUEST['interactive'] ?? 1;
 		$channel = App::get_channel();
 
-		$result = Connect::connect($channel,$url);
+		$result = Connect::connect($channel, $url);
 
 		if ($result['success'] == false) {
 			if ($result['message']) {

Zotlabs/Module/Help.php

@@ -17,7 +17,9 @@ class Help extends \Zotlabs\Web\Controller {
 	function get() {
 		nav_set_selected('Help');
 
-		if($_REQUEST['search']) {
+		$o = '';
+
+		if(isset($_REQUEST['search']) && $_REQUEST['search']) {
 			$o .= '<div id="help-content" class="generic-content-wrapper">';
 			$o .= '<div class="section-title-wrapper">';
 			$o .= '<h2>' . t('Documentation Search') . ' - ' . htmlspecialchars($_REQUEST['search']) . '</h2>';
@@ -44,8 +46,8 @@ class Help extends \Zotlabs\Web\Controller {
 
 			return $o;
 		}
-				
-				
+
+
 		if(argc() > 2 && argv(argc()-2) === 'assets') {
 			$path = '';
 			for($x = 1; $x < argc(); $x ++) {
@@ -87,11 +89,12 @@ class Help extends \Zotlabs\Web\Controller {
 			'tutorials' => t('Tutorials')
 		];
 
+		$heading = '';
 		if(array_key_exists(argv(1), $headings))
 			$heading = $headings[argv(1)];
 
 		$content =  get_help_content();
-		
+
 		$language = determine_help_language()['language'];
 
 		return replace_macros(get_markup_template('help.tpl'), array(

Zotlabs/Module/Hq.php

@@ -51,13 +51,20 @@ class Hq extends \Zotlabs\Web\Controller {
 		$o = '';
 
 		if($item_hash) {
+			// select the target item with a bias to our own item
+			$sql_order = ((local_channel() > $sys['channel_id']) ? 'DESC' : 'ASC');
 
-			$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid = '%s' limit 1",
+			$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where uid in (%d, %d) and mid = '%s' order by uid $sql_order limit 2",
+				intval(local_channel()),
+				intval($sys['channel_id']),
 				dbesc($item_hash)
 			);
 
 			if($r) {
 				$target_item = $r[0];
+				if (intval($target_item['uid']) === intval($sys['channel_id'])) {
+					$sys_item = true;
+				}
 			}
 
 			//if the item is to be moderated redirect to /moderate
@@ -158,19 +165,18 @@ class Hq extends \Zotlabs\Web\Controller {
 		}
 
 		if($load && $target_item) {
-			$r = null;
 
-			$r = q("SELECT item.id AS item_id FROM item
-				WHERE uid = %d
-				AND mid = '%s'
-				$item_normal
-				LIMIT 1",
-				intval(local_channel()),
-				dbesc($target_item['parent_mid'])
-			);
-
-			if(!$r) {
-				$sys_item = true;
+			if (!$sys_item) {
+				$r = q("SELECT item.id AS item_id FROM item
+					WHERE uid = %d
+					AND mid = '%s'
+					$item_normal
+					LIMIT 1",
+					intval(local_channel()),
+					dbesc($target_item['parent_mid'])
+				);
+			}
+			else {
 				$sql_extra = item_permissions_sql($sys['channel_id']);
 
 				$r = q("SELECT item.id AS item_id FROM item
@@ -184,20 +190,18 @@ class Hq extends \Zotlabs\Web\Controller {
 			}
 		}
 		elseif($update && $target_item) {
-			$r = null;
-
-			$r = q("SELECT item.parent AS item_id FROM item
-				WHERE uid = %d
-				AND parent_mid = '%s'
-				$item_normal_update
-				$simple_update
-				LIMIT 1",
-				intval(local_channel()),
-				dbesc($target_item['parent_mid'])
-			);
-
-			if(!$r) {
-				$sys_item = true;
+			if (!$sys_item) {
+				$r = q("SELECT item.parent AS item_id FROM item
+					WHERE uid = %d
+					AND parent_mid = '%s'
+					$item_normal_update
+					$simple_update
+					LIMIT 1",
+					intval(local_channel()),
+					dbesc($target_item['parent_mid'])
+				);
+			}
+			else {
 				$sql_extra = item_permissions_sql($sys['channel_id']);
 
 				$r = q("SELECT item.parent AS item_id FROM item
@@ -243,8 +247,9 @@ class Hq extends \Zotlabs\Web\Controller {
 		if (!local_channel())
 			return;
 
-		$options['offset'] = $_REQUEST['offset'];
-		$options['type'] = $_REQUEST['type'];
+		$options['offset'] = $_REQUEST['offset'] ?? 0;
+		$options['type'] = $_REQUEST['type'] ?? '';
+		$options['author'] = ((isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : '');
 
 		$ret = Messages::get_messages_page($options);
 

Zotlabs/Module/Import.php

@@ -536,7 +536,7 @@ class Import extends Controller {
 				$since = datetime_convert(date_default_timezone_get(), date_default_timezone_get(), '0001-01-01 00:00');
 				$until = datetime_convert(date_default_timezone_get(), date_default_timezone_get(), 'now + 1 day');
 
-				$poll_interval = get_config('system', 'poll_interval', 3);
+				//$poll_interval = get_config('system', 'poll_interval', 3);
 				$page          = 0;
 
 				Master::Summon(['Content_importer', sprintf('%d', $page), $since, $until, $channel['channel_address'], urlencode($hz_server)]);

Zotlabs/Module/Invite.php

@@ -43,6 +43,19 @@ class Invite extends Controller {
 	const MYP = 	'ZAI';
 	const VERSION =	'2.0.0';
 
+	function init() {
+
+		if (!local_channel()) {
+			return;
+		}
+
+		$channel = App::get_channel();
+		if ($channel) {
+			profile_load($channel['channel_address']);
+		}
+
+	}
+
 	function post() {
 
 		// zai02

Zotlabs/Module/Item.php

@@ -63,8 +63,8 @@ class Item extends Controller {
 
 			// do we have the item (at all)?
 
-			$r = q("select * from item where mid = '%s' $item_normal limit 1",
-				dbesc(z_root() . '/item/' . $item_id)
+			$r = q("select parent_mid from item where uuid = '%s' $item_normal limit 1",
+				dbesc($item_id)
 			);
 
 			if (!$r) {
@@ -84,7 +84,7 @@ class Item extends Controller {
 				}
 				observer_auth($portable_id);
 
-				$i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1",
+				$i = q("select id as item_id, uid from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1",
 					dbesc($r[0]['parent_mid']),
 					dbesc($portable_id)
 				);
@@ -99,7 +99,7 @@ class Item extends Controller {
 			$sql_extra = item_permissions_sql(0);
 
 			if (!$i) {
-				$i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
+				$i = q("select id as item_id, uid from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
 					dbesc($r[0]['parent_mid'])
 				);
 			}
@@ -108,57 +108,53 @@ class Item extends Controller {
 				http_status_exit(403, 'Forbidden');
 			}
 
+			$chan = channelx_by_n($i[0]['uid']);
+
+			if (!$chan) {
+				http_status_exit(404, 'Not found');
+			}
+
+			if (!perm_is_allowed($chan['channel_id'], get_observer_hash(), 'view_stream')) {
+				http_status_exit(403, 'Forbidden');
+			}
+
 			$parents_str = ids_to_querystr($i, 'item_id');
 
-			$items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal order by item.id asc",
-				dbesc($parents_str)
+			$total = q("SELECT count(*) AS count FROM item WHERE parent = %d $item_normal",
+				intval($parents_str)
 			);
 
-			if (!$items) {
-				http_status_exit(404, 'Not found');
+			App::set_pager_total($total[0]['count']);
+			App::set_pager_itemspage(30);
+
+			if (App::$pager['total'] > App::$pager['itemspage']) {
+				// let mod conversation handle this request
+				App::$query_string = str_replace('item', 'conversation', App::$query_string);
+				$i = Activity::paged_collection_init(App::$pager['total'], App::$query_string);
+				as_return_and_die($i ,$chan);
 			}
+			else {
+				$items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent = %d $item_normal ORDER BY item.id",
+					intval($parents_str)
+				);
 
-			xchan_query($items, true);
-			$items = fetch_post_tags($items, true);
+				xchan_query($items, true);
+				$items = fetch_post_tags($items, true);
 
-			if (!$items)
-				http_status_exit(404, 'Not found');
-
-			$chan = channelx_by_n($items[0]['uid']);
-
-			if (!$chan)
-				http_status_exit(404, 'Not found');
-
-			if (!perm_is_allowed($chan['channel_id'], get_observer_hash(), 'view_stream'))
-				http_status_exit(403, 'Forbidden');
-
-
-			$i = Activity::encode_item_collection($items, 'conversation/' . $item_id, 'OrderedCollection');
-
-			if (!$i)
-				http_status_exit(404, 'Not found');
+				$i = Activity::encode_item_collection($items, App::$query_string, 'OrderedCollection', App::$pager['total']);
+			}
 
 			if ($portable_id && (!intval($items[0]['item_private']))) {
-				ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
+				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
+					intval($items[0]['uid']),
+					dbesc($portable_id)
+				);
+				if (!$c) {
+					ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
+				}
 			}
 
-			$x = array_merge(['@context' => [
-				ACTIVITYSTREAMS_JSONLD_REV,
-				'https://w3id.org/security/v1',
-				z_root() . ZOT_APSCHEMA_REV
-			]], $i);
-
-			$headers                     = [];
-			$headers['Content-Type']     = 'application/x-zot+json';
-			$x['signature']              = LDSignatures::sign($x, $chan);
-			$ret                         = json_encode($x, JSON_UNESCAPED_SLASHES);
-			$headers['Digest']           = HTTPSig::generate_digest_header($ret);
-			$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
-			$h                           = HTTPSig::create_sig($headers, $chan['channel_prvkey'], channel_url($chan));
-			HTTPSig::set_headers($h);
-			echo $ret;
-			killme();
-
+			as_return_and_die($i ,$chan);
 		}
 
 		if (ActivityStreams::is_as_request()) {
@@ -181,8 +177,7 @@ class Item extends Controller {
 			// do we have the item (at all)?
 			// add preferential bias to item owners (item_wall = 1)
 
-			$r = q("select * from item where mid = '%s' or uuid = '%s' $item_normal order by item_wall desc limit 1",
-				dbesc(z_root() . '/item/' . $item_id),
+			$r = q("select * from item where uuid = '%s' $item_normal order by item_wall desc limit 1",
 				dbesc($item_id)
 			);
 
@@ -255,23 +250,7 @@ class Item extends Controller {
 				}
 			}
 
-			$x = array_merge(['@context' => [
-				ACTIVITYSTREAMS_JSONLD_REV,
-				'https://w3id.org/security/v1',
-				z_root() . ZOT_APSCHEMA_REV
-			]], $i);
-
-			$headers                     = [];
-			$headers['Content-Type']     = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"';
-			$x['signature']              = LDSignatures::sign($x, $chan);
-			$ret                         = json_encode($x, JSON_UNESCAPED_SLASHES);
-			$headers['Date']             = datetime_convert('UTC', 'UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T');
-			$headers['Digest']           = HTTPSig::generate_digest_header($ret);
-			$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
-			$h                           = HTTPSig::create_sig($headers, $chan['channel_prvkey'], channel_url($chan));
-			HTTPSig::set_headers($h);
-			echo $ret;
-			killme();
+			as_return_and_die($i ,$chan);
 
 		}
 
@@ -312,6 +291,21 @@ class Item extends Controller {
 		$observer = null;
 		$datarray = [];
 
+		$item_starred = false;
+		$item_uplink = false;
+		$item_notshown = false;
+		$item_nsfw = false;
+		$item_relay = false;
+		$item_mentionsme = false;
+		$item_verified = false;
+		$item_retained = false;
+		$item_rss = false;
+		$item_deleted = false;
+		$item_hidden = false;
+		$item_unpublished = false;
+		$item_delayed = false;
+		$item_pending_remove = false;
+		$item_blocked = false;
 
 		/**
 		 * Is this a reply to something?
@@ -319,7 +313,7 @@ class Item extends Controller {
 
 		$parent     = ((x($_REQUEST, 'parent')) ? intval($_REQUEST['parent']) : 0);
 		$parent_mid = ((x($_REQUEST, 'parent_mid')) ? trim($_REQUEST['parent_mid']) : '');
-		$mode       = (($_REQUEST['conv_mode'] === 'channel') ? 'channel' : 'network');
+		$mode       = ((isset($_REQUEST['conv_mode']) && $_REQUEST['conv_mode'] === 'channel') ? 'channel' : 'network');
 
 		$remote_xchan = ((x($_REQUEST, 'remote_xchan')) ? trim($_REQUEST['remote_xchan']) : false);
 		$r            = q("select * from xchan where xchan_hash = '%s' limit 1",
@@ -355,10 +349,10 @@ class Item extends Controller {
 
 		$api_source = ((x($_REQUEST, 'api_source') && $_REQUEST['api_source']) ? true : false);
 
-		$consensus = intval($_REQUEST['consensus']);
-		$nocomment = intval($_REQUEST['nocomment']);
+		$consensus = $_REQUEST['consensus'] ?? 0;
+		$nocomment = $_REQUEST['nocomment'] ?? 0;
 
-		$is_poll = ((trim((string)$_REQUEST['poll_answers'][0]) != '' && trim((string)$_REQUEST['poll_answers'][1]) != '') ? true : false);
+		$is_poll = ((isset($_REQUEST['poll_answers'][0]) && $_REQUEST['poll_answers'][0]) && (isset($_REQUEST['poll_answers'][1]) && $_REQUEST['poll_answers'][1]));
 
 		// 'origin' (if non-zero) indicates that this network is where the message originated,
 		// for the purpose of relaying comments to other conversation members.
@@ -378,7 +372,7 @@ class Item extends Controller {
 
 		$owner_hash = null;
 
-		$message_id    = ((x($_REQUEST, 'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
+		$message_id    = ((x($_REQUEST, 'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : null);
 		$created       = ((x($_REQUEST, 'created')) ? datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['created']) : datetime_convert());
 		$post_id       = ((x($_REQUEST, 'post_id')) ? intval($_REQUEST['post_id']) : 0);
 		$app           = ((x($_REQUEST, 'source')) ? strip_tags($_REQUEST['source']) : '');
@@ -695,6 +689,7 @@ class Item extends Controller {
 			$expires             = $orig_post['expires'];
 			$comments_closed     = $orig_post['comments_closed'];
 			$mid                 = $orig_post['mid'];
+			$uuid                = $orig_post['uuid'];
 			$thr_parent          = $orig_post['thr_parent'];
 			$parent_mid          = $orig_post['parent_mid'];
 			$plink               = $orig_post['plink'];
@@ -720,18 +715,18 @@ class Item extends Controller {
 			}
 
 
-			$location = notags(trim((string)$_REQUEST['location']));
-			$coord    = notags(trim((string)$_REQUEST['coord']));
-			$verb     = notags(trim((string)$_REQUEST['verb']));
-			$title    = escape_tags(trim((string)$_REQUEST['title']));
-			$summary  = trim((string)$_REQUEST['summary']);
-			$body     = trim((string)$_REQUEST['body']);
-			$body     .= trim((string)$_REQUEST['attachment']);
+			$location = ((isset($_REQUEST['location'])) ? notags(trim($_REQUEST['location'])) : '');
+			$coord    = ((isset($_REQUEST['coord'])) ? notags(trim($_REQUEST['coord'])) : '');
+			$verb     = ((isset($_REQUEST['verb'])) ? notags(trim($_REQUEST['verb'])) : '');
+			$title    = ((isset($_REQUEST['title'])) ? escape_tags(trim($_REQUEST['title'])) : '');
+			$summary  = ((isset($_REQUEST['summary'])) ? trim($_REQUEST['summary']) : '');
+			$body     = ((isset($_REQUEST['body'])) ? trim($_REQUEST['body']) : '');
+			$body     .= ((isset($_REQUEST['attachment'])) ? trim($_REQUEST['attachment']) : '');
 			$postopts = '';
 
 			$allow_empty = ((array_key_exists('allow_empty', $_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0);
 
-			$private = (($private) ? $private : intval($acl->is_private() || ($public_policy)));
+			$private = ((isset($private) && $private) ? $private : intval($acl->is_private() || ($public_policy)));
 
 			// If this is a comment, set the permissions from the parent.
 
@@ -767,7 +762,8 @@ class Item extends Controller {
 		}
 
 
-		$mimetype = notags(trim((string)$_REQUEST['mimetype']));
+		$mimetype = ((isset($_REQUEST['mimetype'])) ? notags(trim($_REQUEST['mimetype'])) : '');
+
 		if (!$mimetype)
 			$mimetype = 'text/bbcode';
 
@@ -801,7 +797,7 @@ class Item extends Controller {
 
 		$is_group = get_pconfig($profile_uid, 'system', 'group_actor');
 
-		if (($is_group) && ($walltowall) && (!$walltowall_comment)) {
+		if ($is_group && $walltowall && !$walltowall_comment && !$webpage) {
 			$groupww           = true;
 			$str_contact_allow = $owner_xchan['xchan_hash'];
 			$str_group_allow   = '';
@@ -957,7 +953,7 @@ class Item extends Controller {
 
 
 		$item_unseen    = ((local_channel() != $profile_uid) ? 1 : 0);
-		$item_wall      = (($_REQUEST['type'] === 'wall' || $_REQUEST['type'] === 'wall-comment') ? 1 : 0);
+		$item_wall      = ((isset($_REQUEST['type']) && ($_REQUEST['type'] === 'wall' || $_REQUEST['type'] === 'wall-comment')) ? 1 : 0);
 		$item_origin    = (($origin) ? 1 : 0);
 		$item_consensus = (($consensus) ? 1 : 0);
 		$item_nocomment = (($nocomment) ? 1 : 0);
@@ -984,12 +980,8 @@ class Item extends Controller {
 
 		$notify_type = (($parent) ? 'comment-new' : 'wall-new');
 
-		$uuid = (($message_id) ? $message_id : item_message_id());
-
-		if (!$mid) {
-			$mid  = z_root() . '/item/' . $uuid;
-		}
-
+		$uuid = $uuid ?? $message_id ?? item_message_id();
+		$mid = $mid ?? z_root() . '/item/' . $uuid;
 
 		if ($is_poll) {
 			$poll = [
@@ -1045,7 +1037,7 @@ class Item extends Controller {
 			$plink = $mid;
 		}
 
-		if ($datarray['obj']) {
+		if (isset($datarray['obj']) && $datarray['obj']) {
 			$datarray['obj']['id'] = $mid;
 		}
 
@@ -1085,7 +1077,6 @@ class Item extends Controller {
 		$datarray['item_type']           = $webpage;
 		$datarray['item_private']        = intval($private);
 		$datarray['item_thread_top']     = intval($item_thread_top);
-		$datarray['item_unseen']         = intval($item_unseen);
 		$datarray['item_starred']        = intval($item_starred);
 		$datarray['item_uplink']         = intval($item_uplink);
 		$datarray['item_consensus']      = intval($item_consensus);
@@ -1182,12 +1173,15 @@ class Item extends Controller {
 				(($remote_id) ? $remote_id : basename($datarray['mid'])), true);
 		}
 
-
 		if ($orig_post) {
 			$datarray['id'] = $post_id;
 
 			$x = item_store_update($datarray, $execflag);
 
+			if ($x['success']) {
+				$this->add_listeners($datarray);
+			}
+
 			// We only need edit activities for other federated protocols
 			// which do not support edits natively. While this does federate
 			// edits, it presents a number of issues locally - such as #757 and #758.
@@ -1226,6 +1220,10 @@ class Item extends Controller {
 
 		$post = item_store($datarray, $execflag);
 
+		if ($post['success']) {
+			$this->add_listeners($datarray);
+		}
+
 		$post_id = $post['item_id'];
 
 		$datarray = $post['item'];
@@ -1285,7 +1283,7 @@ class Item extends Controller {
 			// This way we don't see every picture in your new photo album posted to your wall at once.
 			// They will show up as people comment on them.
 
-			if (intval($parent_item['item_hidden'])) {
+			if ($parent_item && intval($parent_item['item_hidden'])) {
 				$r = q("UPDATE item SET item_hidden = 0 WHERE id = %d",
 					intval($parent_item['id'])
 				);
@@ -1437,7 +1435,11 @@ class Item extends Controller {
 				if ($complex) {
 					tag_deliver($i[0]['uid'], $i[0]['id']);
 				}
+
 			}
+
+			killme();
+
 		}
 	}
 
@@ -1502,8 +1504,9 @@ class Item extends Controller {
 
 		if (preg_match_all('/\[answer\](.*?)\[\/answer\]/ism', $body, $matches, PREG_SET_ORDER)) {
 			foreach ($matches as $match) {
-				$ptr[] = ['name' => $match[1], 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]];
-				$body  = str_replace('[answer]' . $match[1] . '[/answer]', EMPTY_STR, $body);
+				$answer = escape_tags(trim($match[1]));
+				$ptr[] = ['name' => $answer, 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]];
+				$body  = str_replace('[answer]' . $answer . '[/answer]', EMPTY_STR, $body);
 			}
 		}
 
@@ -1557,8 +1560,10 @@ class Item extends Controller {
 		$obj['content'] = bbcode($question);
 
 		foreach ($answers as $answer) {
-			if (trim($answer))
-				$ptr[] = ['name' => escape_tags($answer), 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]];
+			$answer = escape_tags(trim($answer));
+			if ($answer) {
+				$ptr[] = ['name' => $answer, 'type' => 'Note', 'replies' => ['type' => 'Collection', 'totalItems' => 0]];
+			}
 		}
 
 		if ($multiple) {
@@ -1584,4 +1589,33 @@ class Item extends Controller {
 	}
 
 
+	function add_listeners($item) {
+		// ONLY public items!
+		if ($item['item_thread_top'] && !$item['item_private'] && !empty($item['term'])) {
+			foreach($item['term'] as $t) {
+				if (empty($t['url']) || $t['ttype'] != TERM_MENTION || $t['otype'] != TERM_OBJ_POST) {
+					continue;
+				}
+
+				$listener = q("select hubloc_hash, hubloc_network from hubloc where hubloc_id_url = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
+					dbesc($t['url'])
+				);
+
+				if ($listener) {
+					$listener = Libzot::zot_record_preferred($listener);
+
+					$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
+						intval($profile_uid),
+						dbesc($listener['hubloc_hash'])
+					);
+
+					if (!$c) {
+						ThreadListener::store($item['mid'], $listener['hubloc_hash']);
+					}
+				}
+			}
+		}
+	}
+
+
 }

Zotlabs/Module/Layouts.php

@@ -72,7 +72,7 @@ class Layouts extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		// Block design features from visitors 
+		// Block design features from visitors
 
 		if((! $uid) || ($uid != $owner)) {
 			notice( t('Permission denied.') . EOL);
@@ -95,8 +95,8 @@ class Layouts extends \Zotlabs\Web\Controller {
 		// Use the buildin share/install feature instead.
 
 		if((argc() > 3) && (argv(2) === 'share') && (argv(3))) {
-			$r = q("select iconfig.v, iconfig.k, mimetype, title, body from iconfig 
-				left join item on item.id = iconfig.iid 
+			$r = q("select iconfig.v, iconfig.k, mimetype, title, body from iconfig
+				left join item on item.id = iconfig.iid
 				where uid = %d and mid = '%s' and iconfig.cat = 'system' and iconfig.k = 'PDL' order by iconfig.v asc",
 				intval($owner),
 				dbesc(argv(3))
@@ -110,7 +110,7 @@ class Layouts extends \Zotlabs\Web\Controller {
 		}
 
 		// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages
-		// Nickname is set to the observers xchan, and profile_uid to the owners.  
+		// Nickname is set to the observers xchan, and profile_uid to the owners.
 		// This lets you post pages at other people's channels.
 
 		$x = array(
@@ -134,16 +134,14 @@ class Layouts extends \Zotlabs\Web\Controller {
 			'bbco_autocomplete' => 'comanche'
 		);
 
-		if($_REQUEST['title'])
-			$x['title'] = $_REQUEST['title'];
-		if($_REQUEST['body'])
-			$x['body'] = $_REQUEST['body'];
-		if($_REQUEST['pagetitle'])
-			$x['pagetitle'] = $_REQUEST['pagetitle'];
+		$x['title'] = $_REQUEST['title'] ?? '';
+		$x['body'] = $_REQUEST['body'] ?? '';
+		$x['pagetitle'] = $_REQUEST['pagetitle'] ?? '';
 
+		$a = '';
 		$editor = status_editor($a,$x,false,'Layouts');
 
-		$r = q("select iconfig.iid, iconfig.v, mid, title, body, mimetype, created, edited, item_type from iconfig 
+		$r = q("select iconfig.iid, iconfig.v, mid, title, body, mimetype, created, edited, item_type from iconfig
 			left join item on iconfig.iid = item.id
 			where uid = %d and iconfig.cat = 'system' and iconfig.k = 'PDL' and item_type = %d order by item.created desc",
 			intval($owner),
@@ -178,9 +176,9 @@ class Layouts extends \Zotlabs\Web\Controller {
 		}
 
 		//Build the base URL for edit links
-		$url = z_root() . '/editlayout/' . $which; 
+		$url = z_root() . '/editlayout/' . $which;
 
-		$o .= replace_macros(get_markup_template('layoutlist.tpl'), array(
+		$o = replace_macros(get_markup_template('layoutlist.tpl'), array(
 			'$title'   => t('Layouts'),
 			'$create'  => t('Create'),
 			'$help'    => array('text' => t('Help'), 'url' => 'help/comanche', 'title' => t('Comanche page description language help')),

Zotlabs/Module/Like.php

@@ -106,7 +106,7 @@ class Like extends Controller {
 		$o           = EMPTY_STR;
 		$sys_channel = get_sys_channel();
 		$observer    = App::get_observer();
-		$interactive = $_REQUEST['interactive'];
+		$interactive = $_REQUEST['interactive'] ?? false;
 
 		if ((!$observer) || ($interactive)) {
 			$o .= '<h1>' . t('Like/Dislike') . '</h1>';
@@ -140,7 +140,7 @@ class Like extends Controller {
 		$extended_like = false;
 		$object        = $target = null;
 		$post_type     = EMPTY_STR;
-		$objtype       = EMPTY_STR;
+		$obj_type       = EMPTY_STR;
 
 		if (argc() == 3) {
 
@@ -182,7 +182,7 @@ class Like extends Controller {
 					}
 				}
 				$post_type = t('channel');
-				$objtype   = ACTIVITY_OBJ_PROFILE;
+				$obj_type   = ACTIVITY_OBJ_PROFILE;
 
 				$profile = $r[0];
 			}
@@ -211,7 +211,7 @@ class Like extends Controller {
 					$public = false;
 
 				$post_type = t('thing');
-				$objtype   = ACTIVITY_OBJ_PROFILE;
+				$obj_type   = ACTIVITY_OBJ_PROFILE;
 				$tgttype   = ACTIVITY_OBJ_THING;
 
 				$links   = array();
@@ -273,7 +273,7 @@ class Like extends Controller {
 				intval($ch[0]['channel_id']),
 				dbesc($observer['xchan_hash']),
 				dbesc($activity),
-				dbesc(($tgttype) ? $tgttype : $objtype),
+				dbesc(($tgttype) ? $tgttype : $obj_type),
 				dbesc($obj_id)
 			);
 
@@ -407,12 +407,20 @@ class Like extends Controller {
 					if (activity_match($rr['verb'], $activity))
 						$multi_undo = false;
 
+					$d = q("select * from item where id = %d",
+						intval($rr['id'])
+					);
+					if ($d) {
+						xchan_query($d);
+						$sync_item = fetch_post_tags($d);
+						Libsync::build_sync_packet($profile_uid, ['item' => [encode_item($sync_item[0], true)]]);
+					}
+
 					// drop_item was not done interactively, so we need to invoke the notifier
 					// in order to push the changes to connections
 
 					Master::Summon(array('Notifier', 'drop', $rr['id']));
 
-
 				}
 
 				if ($interactive)
@@ -443,13 +451,13 @@ class Like extends Controller {
 		}
 		else {
 			$post_type = (($item['resource_type'] === 'photo') ? t('photo') : t('status'));
-			if ($item['obj_type'] === ACTIVITY_OBJ_EVENT)
+			if (in_array($item['obj_type'], ['Event', ACTIVITY_OBJ_EVENT]))
 				$post_type = t('event');
 
-			$objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE);
+			$obj_type = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE);
 
-			if ($objtype === ACTIVITY_OBJ_NOTE && (!intval($item['item_thread_top'])))
-				$objtype = ACTIVITY_OBJ_COMMENT;
+			if ($obj_type === ACTIVITY_OBJ_NOTE && (!intval($item['item_thread_top'])))
+				$obj_type = ACTIVITY_OBJ_COMMENT;
 
 			$object = json_encode(Activity::fetch_item(['id' => $item['mid']]));
 
@@ -499,7 +507,7 @@ class Like extends Controller {
 			$private = (($public) ? 0 : 1);
 		}
 		else {
-			$arr['parent']     = $item['id'];
+			$arr['parent']     = $item['parent'];
 			$arr['thr_parent'] = $item['mid'];
 			$ulink             = '[zrl=' . $item_author['xchan_url'] . '][bdi]' . $item_author['xchan_name'] . '[/bdi][/zrl]';
 			$alink             = '[zrl=' . $observer['xchan_url'] . '][bdi]' . $observer['xchan_name'] . '[/bdi][/zrl]';
@@ -508,7 +516,7 @@ class Like extends Controller {
 			$allow_gid         = $item['allow_gid'];
 			$deny_cid          = $item['deny_cid'];
 			$deny_gid          = $item['deny_gid'];
-			$private           = $item['private'];
+			$private           = $item['item_private'];
 
 		}
 
@@ -516,7 +524,7 @@ class Like extends Controller {
 		$arr['uid']          = $owner_uid;
 		$arr['item_flags']   = $item['item_flags'];
 		$arr['item_wall']    = $item['item_wall'];
-		$arr['parent_mid']   = (($extended_like) ? $arr['mid'] : $item['mid']);
+		$arr['parent_mid']   = (($extended_like) ? $arr['mid'] : $item['parent_mid']);
 		$arr['owner_xchan']  = (($extended_like) ? $ch[0]['xchan_hash'] : $thread_owner['xchan_hash']);
 		$arr['author_xchan'] = $observer['xchan_hash'];
 		$arr['body']         = sprintf($bodyverb, $alink, $ulink, $plink);
@@ -533,7 +541,7 @@ class Like extends Controller {
 		}
 
 		$arr['verb']     = $activity;
-		$arr['obj_type'] = $objtype;
+		$arr['obj_type'] = $obj_type;
 		$arr['obj']      = $object;
 
 		if ($target) {
@@ -546,6 +554,7 @@ class Like extends Controller {
 		$arr['deny_cid']     = $deny_cid;
 		$arr['deny_gid']     = $deny_gid;
 		$arr['item_private'] = $private;
+		$arr['created']      = datetime_convert();
 
 		call_hooks('post_local', $arr);
 
@@ -561,6 +570,15 @@ class Like extends Controller {
 
 		call_hooks('post_local_end', $arr);
 
+		$r = q("select * from item where id = %d",
+			intval($post_id)
+		);
+		if ($r) {
+			xchan_query($r);
+			$sync_item = fetch_post_tags($r);
+			Libsync::build_sync_packet($profile_uid, ['item' => [encode_item($sync_item[0], true)]]);
+		}
+
 		if ($extended_like) {
 			$r = q("insert into likes (channel_id,liker,likee,iid,i_mid,verb,target_type,target_id,target) values (%d,'%s','%s',%d,'%s','%s','%s','%s','%s')",
 				intval($ch[0]['channel_id']),
@@ -569,7 +587,7 @@ class Like extends Controller {
 				intval($post_id),
 				dbesc($arr['mid']),
 				dbesc($activity),
-				dbesc(($tgttype) ? $tgttype : $objtype),
+				dbesc(($tgttype) ? $tgttype : $obj_type),
 				dbesc($obj_id),
 				dbesc(($target) ? $target : $object)
 			);
@@ -578,7 +596,7 @@ class Like extends Controller {
 				dbesc($ch[0]['channel_hash']),
 				dbesc($arr['mid']),
 				dbesc($activity),
-				dbesc(($tgttype) ? $tgttype : $objtype),
+				dbesc(($tgttype) ? $tgttype : $obj_type),
 				dbesc($obj_id)
 			);
 			if ($r)

Zotlabs/Module/Lockview.php

@@ -101,7 +101,7 @@ class Lockview extends Controller {
 			killme();
 		}
 
-		if (intval($item['item_private']) && (!strlen($item['allow_cid'])) && (!strlen($item['allow_gid']))
+		if ((isset($item['item_private']) && intval($item['item_private'])) && (!strlen($item['allow_cid'])) && (!strlen($item['allow_gid']))
 			&& (!strlen($item['deny_cid'])) && (!strlen($item['deny_gid']))) {
 
 			// if the post is private, but public_policy is blank ("visible to the internet"), and there aren't any

Zotlabs/Module/Lostpass.php

@@ -6,32 +6,32 @@ namespace Zotlabs\Module;
 class Lostpass extends \Zotlabs\Web\Controller {
 
 	function post() {
-	
+
 		$loginame = notags(trim($_POST['login-name']));
 		if(! $loginame)
 			goaway(z_root());
-	
+
 		$r = q("SELECT * FROM account WHERE account_email = '%s' LIMIT 1",
 			dbesc($loginame)
 		);
-	
+
 		if(! $r) {
 			notice( t('No valid account found.') . EOL);
 			goaway(z_root());
 		}
-	
+
 		$aid = $r[0]['account_id'];
 		$email = $r[0]['account_email'];
-	
+
 		$hash = random_string();
-	
+
 		$r = q("UPDATE account SET account_reset = '%s' WHERE account_id = %d",
 			dbesc($hash),
 			intval($aid)
 		);
 		if($r)
 			info( t('Password reset request issued. Check your email.') . EOL);
-	
+
 		$email_tpl = get_intltext_template("lostpass_eml.tpl");
 		$message = replace_macros($email_tpl, array(
 				'$sitename' => get_config('system','sitename'),
@@ -40,11 +40,11 @@ class Lostpass extends \Zotlabs\Web\Controller {
 				'$email' => $email,
 				'$reset_link' => z_root() . '/lostpass?verify=' . $hash
 		));
-	
+
 		$subject = email_header_encode(sprintf( t('Password reset requested at %s'),get_config('system','sitename')), 'UTF-8');
-	
+
 		$res = z_mail(
-			[ 
+			[
 			'toEmail' => $email,
 			'messageSubject' => sprintf( t('Password reset requested at %s'), get_config('system','sitename')),
 			'textVersion' => $message,
@@ -53,14 +53,14 @@ class Lostpass extends \Zotlabs\Web\Controller {
 
 		goaway(z_root());
 	}
-	
-	
+
+
 	function get() {
-	
-	
+
+
 		if(x($_GET,'verify')) {
 			$verify = $_GET['verify'];
-	
+
 			$r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1",
 				dbesc($verify)
 			);
@@ -69,25 +69,25 @@ class Lostpass extends \Zotlabs\Web\Controller {
 				goaway(z_root());
 				return;
 			}
-	
+
 			$aid = $r[0]['account_id'];
 			$email = $r[0]['account_email'];
-	
+
 			$new_password = autoname(6) . mt_rand(100,9999);
-	
+
 			$salt = random_string(32);
 			$password_encoded = hash('whirlpool', $salt . $new_password);
-			
+
 			$r = q("UPDATE account SET account_salt = '%s', account_password = '%s', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d",
 				dbesc($salt),
 				dbesc($password_encoded),
 				intval(ACCOUNT_UNVERIFIED),
 				intval($aid)
 			);
-	
+
 			if($r) {
 				$tpl = get_markup_template('pwdreset.tpl');
-				$o .= replace_macros($tpl,array(
+				$o = replace_macros($tpl,array(
 					'$lbl1' => t('Password Reset'),
 					'$lbl2' => t('Your password has been reset as requested.'),
 					'$lbl3' => t('Your new password is'),
@@ -96,23 +96,23 @@ class Lostpass extends \Zotlabs\Web\Controller {
 					'$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'),
 					'$newpass' => $new_password,
 					'$baseurl' => z_root()
-	
+
 				));
-				
+
 				info("Your password has been reset." . EOL);
-	
+
 				$email_tpl = get_intltext_template("passchanged_eml.tpl");
 				$message = replace_macros($email_tpl, array(
 					'$sitename' => \App::$config['sitename'],
 					'$siteurl' =>  z_root(),
 					'$username' => sprintf( t('Site Member (%s)'), $email),
 					'$email' => $email,
-					'$new_password' => $new_password,
-					'$uid' => $newuid )
+					'$new_password' => $new_password
+					)
 				);
-	
+
 				$res = z_mail(
-					[ 
+					[
 					'toEmail'        => $email,
 					'messageSubject' => sprintf( t('Your password has changed at %s'), get_config('system','sitename')),
 					'textVersion'    => $message,
@@ -121,21 +121,21 @@ class Lostpass extends \Zotlabs\Web\Controller {
 
 				return $o;
 			}
-		
+
 		}
 		else {
 			$tpl = get_markup_template('lostpass.tpl');
-	
-			$o .= replace_macros($tpl,array(
+
+			$o = replace_macros($tpl,array(
 				'$title' => t('Forgot your Password?'),
 				'$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'),
 				'$name' => t('Email Address'),
-				'$submit' => t('Reset') 
+				'$submit' => t('Reset')
 			));
-	
+
 			return $o;
 		}
-	
+
 	}
-	
+
 }

Zotlabs/Module/Magic.php

@@ -16,7 +16,7 @@ class Magic extends Controller {
 			'url'     => '',
 			'message' => ''
 		];
-	
+
 		logger('mod_magic: invoked', LOGGER_DEBUG);
 
 		logger('args: ' . print_r($_REQUEST,true),LOGGER_DATA);
@@ -43,12 +43,12 @@ class Magic extends Controller {
 		$basepath = $parsed['scheme'] . '://' . $parsed['host'] . (isset($parsed['port']) ? ':' . $parsed['port'] : '');
 		$owapath = SConfig::get($basepath,'system','openwebauth', $basepath . '/owa');
 
-		// This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. 
+		// This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating.
 		// By default, we'll proceed without asking.
 
 		$arr = [
 			'channel_id'  => local_channel(),
-			'destination' => $dest, 
+			'destination' => $dest,
 			'proceed'     => true
 		];
 

Zotlabs/Module/Manage.php

@@ -6,7 +6,7 @@ class Manage extends \Zotlabs\Web\Controller {
 
 	function get() {
 
-		if((! get_account_id()) || ($_SESSION['delegate'])) {
+		if((! get_account_id()) || (isset($_SESSION['delegate']) && $_SESSION['delegate'])) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}

Zotlabs/Module/Menu.php

@@ -26,9 +26,9 @@ class Menu extends \Zotlabs\Web\Controller {
 
 	}
 
-	
+
 	function post() {
-	
+
 		if(! \App::$profile) {
 			return;
 		}
@@ -37,23 +37,23 @@ class Menu extends \Zotlabs\Web\Controller {
 
 
 		$uid = \App::$profile['channel_id'];
-	
+
 		if(array_key_exists('sys', $_REQUEST) && $_REQUEST['sys'] && is_site_admin()) {
 			$sys = get_sys_channel();
 			$uid = intval($sys['channel_id']);
 			\App::$is_sys = true;
 		}
-	
+
 		if(! $uid)
 			return;
-	
+
 		$_REQUEST['menu_channel_id'] = $uid;
-	
+
 		if($_REQUEST['menu_bookmark'])
 			$_REQUEST['menu_flags'] |= MENU_BOOKMARK;
 		if($_REQUEST['menu_system'])
 			$_REQUEST['menu_flags'] |= MENU_SYSTEM;
-	
+
 		$menu_id = ((argc() > 2) ? intval(argv(2)) : 0);
 
 		if($menu_id) {
@@ -62,7 +62,7 @@ class Menu extends \Zotlabs\Web\Controller {
 			if($r) {
 				menu_sync_packet($uid,get_observer_hash(),$menu_id);
 				//info( t('Menu updated.') . EOL);
-				goaway(z_root() . '/mitem/' . $which . '/' . $menu_id . ((\App::$is_sys) ? '?f=&sys=1' : '')); 
+				goaway(z_root() . '/mitem/' . $which . '/' . $menu_id . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 			}
 			else
 				notice( t('Unable to update menu.'). EOL);
@@ -71,21 +71,21 @@ class Menu extends \Zotlabs\Web\Controller {
 			$r = menu_create($_REQUEST);
 			if($r) {
 				menu_sync_packet($uid,get_observer_hash(),$r);
-	
+
 				//info( t('Menu created.') . EOL);
-				goaway(z_root() . '/mitem/' . $which . '/' . $r . ((\App::$is_sys) ? '?f=&sys=1' : '')); 
+				goaway(z_root() . '/mitem/' . $which . '/' . $r . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 			}
 			else
 				notice( t('Unable to create menu.'). EOL);
-	
+
 		}
 	}
-	
-	
-	
-	
+
+
+
+
 	function get() {
-	
+
 
 
 		if(! \App::$profile) {
@@ -101,8 +101,8 @@ class Menu extends \Zotlabs\Web\Controller {
 		$uid = local_channel();
 		$owner = 0;
 		$channel = null;
+		$sys = [];
 		$observer = \App::get_observer();
-
 		$channel = \App::get_channel();
 
 		if(\App::$is_sys && is_site_admin()) {
@@ -143,9 +143,9 @@ class Menu extends \Zotlabs\Web\Controller {
 		}
 
 		if(argc() == 2) {
-	
+
 			$channel = (($sys) ? $sys : channelx_by_n($owner));
-	
+
 			// list menus
 			$x = menu_list($owner);
 			if($x) {
@@ -156,7 +156,7 @@ class Menu extends \Zotlabs\Web\Controller {
 					$x[$y]['bookmark'] = (($x[$y]['menu_flags'] & MENU_BOOKMARK) ? true : false);
 				}
 			}
-	
+
 			$create = replace_macros(get_markup_template('menuedit.tpl'), array(
 				'$menu_name' => array('menu_name', t('Menu Name'), '', t('Unique name (not visible on webpage) - required'), '*'),
 				'$menu_desc' => array('menu_desc', t('Menu Title'), '', t('Visible on webpage - leave empty for no title'), ''),
@@ -166,7 +166,7 @@ class Menu extends \Zotlabs\Web\Controller {
 				'$nick' => $which,
 				'$display' => 'none'
 			));
-	
+
 			$o = replace_macros(get_markup_template('menulist.tpl'),array(
 				'$title' => t('Menus'),
 				'$create' => $create,
@@ -186,30 +186,30 @@ class Menu extends \Zotlabs\Web\Controller {
 				'$nick' => $which,
 				'$sys' => \App::$is_sys
 			));
-	
+
 			return $o;
-	
+
 		}
-	
+
 		if(argc() > 2) {
 			if(intval(argv(2))) {
-	
+
 				if(argc() == 4 && argv(3) == 'drop') {
 					menu_sync_packet($owner,get_observer_hash(),intval(argv(1)),true);
 					$r = menu_delete_id(intval(argv(2)),$owner);
 					if(!$r)
 						notice( t('Menu could not be deleted.'). EOL);
-	
+
 					goaway(z_root() . '/menu/' . $which . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 				}
-	
+
 				$m = menu_fetch_id(intval(argv(2)),$owner);
-	
+
 				if(! $m) {
 					notice( t('Menu not found.') . EOL);
 					return '';
 				}
-	
+
 				$o = replace_macros(get_markup_template('menuedit.tpl'), array(
 					'$header' => t('Edit Menu'),
 					'$sys' => \App::$is_sys,
@@ -224,16 +224,16 @@ class Menu extends \Zotlabs\Web\Controller {
 					'$nick' => $which,
 					'$submit' => t('Submit and proceed')
 				));
-	
+
 				return $o;
-	
+
 			}
 			else {
 				notice( t('Not found.') . EOL);
 				return;
 			}
 		}
-	
+
 	}
-	
+
 }

Zotlabs/Module/Mood.php

@@ -24,7 +24,7 @@ class Mood extends Controller {
 
 		$uid = local_channel();
 		$channel = App::get_channel();
-		$verb = notags(trim($_GET['verb']));
+		$verb = ((isset($_GET['verb'])) ? notags(trim($_GET['verb'])) : '');
 
 		if(! $verb)
 			return;

Zotlabs/Module/Notes.php

@@ -39,7 +39,7 @@ class Notes extends Controller {
 			}
 			set_pconfig(local_channel(),'notes','text',$body);
 
-			$ret['html'] = bbcode($body);
+			$ret['html'] = bbcode($body, ['tryoembed' => false]);
 			$ret['success'] = true;
 
 		}

Zotlabs/Module/Notify.php

@@ -10,7 +10,7 @@ class Notify extends Controller {
 		if(! local_channel())
 			return;
 
-		if($_REQUEST['notify_id']) {
+		if(isset($_REQUEST['notify_id']) && $_REQUEST['notify_id']) {
 			$update_notices_per_parent = PConfig::Get(local_channel(), 'system', 'update_notices_per_parent', 1);
 
 			if($update_notices_per_parent) {

Zotlabs/Module/Oep.php

@@ -15,7 +15,7 @@ class Oep extends \Zotlabs\Web\Controller {
 		logger('oep: ' . print_r($_REQUEST,true), LOGGER_DEBUG, LOG_INFO);
 
 		$html = ((argc() > 1 && argv(1) === 'html') ? true : false);
-		if($_REQUEST['url']) {
+		if(isset($_REQUEST['url'])) {
 			$_REQUEST['url'] = strip_zids($_REQUEST['url']);
 			$url = $_REQUEST['url'];
 		}
@@ -23,9 +23,9 @@ class Oep extends \Zotlabs\Web\Controller {
 		if(! $url)
 			http_status_exit(404, 'Not found');
 
-		$maxwidth  = $_REQUEST['maxwidth'];
-		$maxheight = $_REQUEST['maxheight'];
-		$format = $_REQUEST['format'];
+		$maxwidth  = $_REQUEST['maxwidth'] ?? 0;
+		$maxheight = $_REQUEST['maxheight'] ?? 0;
+		$format = $_REQUEST['format'] ?? '';
 		if($format && $format !== 'json')
 			http_status_exit(501, 'Not implemented');
 
@@ -70,8 +70,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) {
 			$res = $matches[2];
@@ -159,8 +159,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = [];
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('#//(.*?)/cards/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
 			$nick = $matches[2];
@@ -246,8 +246,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = [];
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('#//(.*?)/articles/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
 			$nick = $matches[2];
@@ -333,8 +333,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) {
 			$chn = $matches[3];
@@ -343,6 +343,7 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		if(! ($chn && $res))
 			return;
+
 		$c = q("select * from channel where channel_address = '%s' limit 1",
 			dbesc($chn)
 		);
@@ -454,8 +455,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('|//(.*?)/(.*?)/(.*?)/album/|',$url,$matches)) {
 			$chn = $matches[3];
@@ -519,8 +520,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('|//(.*?)/(.*?)/(.*?)$|',$url,$matches)) {
 			$chn = $matches[3];
@@ -582,8 +583,8 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$ret = array();
 		$url = $args['url'];
-		$maxwidth  = intval($args['maxwidth']);
-		$maxheight = intval($args['maxheight']);
+		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
+		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
 		if(preg_match('|//(.*?)/(.*?)/(.*?)/image/|',$url,$matches)) {
 			$chn = $matches[3];

Zotlabs/Module/Owa.php

@@ -32,14 +32,15 @@ class Owa extends Controller {
 				$keyId = $sigblock['keyId'];
 				if ($keyId) {
 					$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-						WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 ORDER BY hubloc_id DESC",
+						WHERE ( hubloc_addr = '%s' OR hubloc_id_url = '%s' ) AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC",
+						dbesc(str_replace('acct:', '', $keyId)),
 						dbesc($keyId)
 					);
 					if (! $r) {
 						$found = discover_by_webbie($keyId);
 						if ($found) {
 							$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-								WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 ORDER BY hubloc_id DESC ",
+								WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC ",
 								dbesc($keyId)
 							);
 						}

Zotlabs/Module/Pconfig.php

@@ -13,8 +13,9 @@ class Pconfig extends \Zotlabs\Web\Controller {
 			return;
 
 
-		if($_SESSION['delegate'])
+		if(isset($_SESSION['delegate'])) {
 			return;
+		}
 
 		check_form_security_token_redirectOnErr('/pconfig', 'pconfig');
 

Zotlabs/Module/Pdledit.php

@@ -78,6 +78,23 @@ class Pdledit extends Controller {
 				}
 			}
 
+			// addons
+			$o .= '<h2>Addons</h2>';
+
+			$addons = plugins_installed_list();
+
+			foreach ($addons as $addon) {
+
+				$path = 'addon/' . $addon . '/Mod_' . ucfirst($addon) . '.php';
+
+				if (!file_exists($path))
+					continue;
+
+				$o .= '<a href="pdledit/' . $addon . '" >' . $addon . '</a>' . ((in_array($addon, $edited)) ? ' ' . t('(modified)') . ' <a href="pdledit/' . $addon . '/reset" >' . t('Reset') . '</a>': '' ) . '<br />';
+
+			}
+
+
 			$o .= '</div>';
 
 			// list module pdl files
@@ -85,11 +102,25 @@ class Pdledit extends Controller {
 		}
 
 		$t = get_pconfig(local_channel(),'system',$module);
-		$s = file_get_contents(theme_include($module));
-		if(! $t) {
+		$s = '';
+
+		if(!$t) {
+			$sys_path = theme_include($module);
+
+			if ($sys_path) {
+				$s = file_get_contents($sys_path);
+			}
+			else {
+				$addon_path = 'addon/' . argv(1) . '/' . $module;
+				if (file_exists($addon_path)) {
+					$s = file_get_contents($addon_path);
+				}
+			}
+
 			$t = $s;
 		}
-		if(! $t) {
+
+		if(!$t) {
 			notice( t('Layout not found.') . EOL);
 			return '';
 		}

Zotlabs/Module/Pdledit_gui.php

@@ -6,6 +6,7 @@ use App;
 use Zotlabs\Web\Controller;
 use Zotlabs\Render\Comanche;
 use Zotlabs\Lib\Libsync;
+use Zotlabs\Lib\Apps;
 
 class Pdledit_gui extends Controller {
 
@@ -220,6 +221,7 @@ class Pdledit_gui extends Controller {
 
 	function get_modules() {
 		$ret = '';
+		$arr = [];
 
 		$files = glob('Zotlabs/Module/*.php');
 		if($files) {
@@ -232,23 +234,61 @@ class Pdledit_gui extends Controller {
 
 				$x = theme_include('mod_' . $name . '.pdl');
 				if($x) {
-					$ret .= '<div class="mb-2"><a href="pdledit_gui/' . $name . '">' . $name . '</a></div>';
+					$arr[] = $name;
 				}
 			}
 		}
 
+		$addons = plugins_installed_list();
+		if ($addons) {
+			foreach ($addons as $name) {
+				if (!Apps::addon_app_installed(local_channel(), $name)) {
+					continue;
+				}
+
+				$path = 'addon/' . $name . '/mod_' . $name . '.pdl';
+				if (file_exists($path)) {
+					$arr[] = $name;
+				}
+			}
+		}
+
+		sort($arr);
+
+		foreach ($arr as $name) {
+			$ret .= '<div class="mb-2"><a href="pdledit_gui/' . $name . '">' . $name . '</a></div>';
+		}
+
 		return $ret;
+
 	}
 
 	function get_widgets($module) {
 		$ret = [];
 
+
 		$checkpaths = [
 			'Zotlabs/Widget/*.php'
 		];
 
+		$addons = plugins_installed_list();
+
+		if ($addons) {
+			foreach ($addons as $name) {
+				if (!Apps::addon_app_installed(local_channel(), $name)) {
+					continue;
+				}
+
+				$path = 'addon/' . $name . '/Widget';
+				if (is_dir($path)) {
+					$checkpaths[] = $path . '/*.php';
+				}
+			}
+		}
+
 		foreach ($checkpaths as $path) {
 			$files = glob($path);
+
 			if($files) {
 				foreach($files as $f) {
 					$name = lcfirst(basename($f, '.php'));
@@ -272,6 +312,8 @@ class Pdledit_gui extends Controller {
 			}
 		}
 
+		usort($ret, fn($a, $b) => $a['name'] <=> $b['name']);
+
 		return $ret;
 	}
 
@@ -536,12 +578,21 @@ class Pdledit_gui extends Controller {
 			'modified' => true
 		];
 
-		$pdl_path = 'mod_' . $module . '.pdl';
+		$pdl = 'mod_' . $module . '.pdl';
+		$pdl_path = '';
 
-		$ret['pdl'] = get_pconfig(local_channel(), 'system', $pdl_path);
+		$ret['pdl'] = get_pconfig(local_channel(), 'system', $pdl);
 
 		if(!$ret['pdl']) {
-			$pdl_path = theme_include($pdl_path);
+			$pdl_path = theme_include($pdl);
+
+			if (!$pdl_path) {
+				$addon_path = 'addon/' . $module . '/' . $pdl;
+				if (file_exists($addon_path)) {
+					$pdl_path = $addon_path;
+				}
+			}
+
 			if ($pdl_path) {
 				$ret['pdl'] = file_get_contents($pdl_path);
 				$ret['modified'] = false;

Zotlabs/Module/Permcats.php

@@ -213,7 +213,7 @@ class Permcats extends Controller {
 			$thisperm       = Permcat::find_permcat($existing, $k);
 			$checkinherited = PermissionLimits::Get(local_channel(), $k);
 
-			if ($existing[$k])
+			if (isset($existing[$k]) && $existing[$k])
 				$thisperm = 1;
 
 			$perms[] = [

Zotlabs/Module/Photo.php

@@ -271,7 +271,6 @@ class Photo extends \Zotlabs\Web\Controller {
  		    $modified = time();
 
 		header_remove('Pragma');
-
 		if((isset($_SERVER['HTTP_IF_NONE_MATCH']) && $_SERVER['HTTP_IF_NONE_MATCH'] === $etag) || (!isset($_SERVER['HTTP_IF_NONE_MATCH']) && isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && $_SERVER['HTTP_IF_MODIFIED_SINCE'] === gmdate("D, d M Y H:i:s", $modified) . " GMT")) {
 			header_remove('Expires');
 			header_remove('Cache-Control');
@@ -307,6 +306,8 @@ class Photo extends \Zotlabs\Web\Controller {
 			// This has performance considerations but we highly recommend you
 			// leave it alone.
 
+
+
 			$maxage = $cache_mode['age'];
 
 			if($cache_mode['exp'] || (! isset($expires)) || (isset($expires) && $expires - 60 < time()))

Zotlabs/Module/Photos.php

@@ -40,7 +40,7 @@ class Photos extends \Zotlabs\Web\Controller {
 
 			head_set_icon(\App::$data['channel']['xchan_photo_s']);
 
-			\App::$page['htmlhead'] .= "<script> var profile_uid = " . ((\App::$data['channel']) ? \App::$data['channel']['channel_id'] : 0) . "; </script>" ;
+			\App::$page['htmlhead'] = "<script> var profile_uid = " . ((\App::$data['channel']) ? \App::$data['channel']['channel_id'] : 0) . "; </script>" ;
 
 		}
 
@@ -74,18 +74,6 @@ class Photos extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		$s = abook_self($page_owner_uid);
-
-		if(! $s) {
-			notice( t('Page owner information could not be retrieved.') . EOL);
-			logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
-			if(is_ajax())
-				killme();
-			return;
-		}
-
-		$owner_record = $s[0];
-
 		$acl = new \Zotlabs\Access\AccessList(\App::$data['channel']);
 
 		if((argc() > 3) && (argv(2) === 'album')) {
@@ -467,7 +455,7 @@ class Photos extends \Zotlabs\Web\Controller {
 		if($partial) {
 			$x = save_chunk($channel,$matches[1],$matches[2],$matches[3]);
 
-			if($x['partial']) {
+			if(isset($x['partial']) && $x['partial']) {
 				header('Range: bytes=0-' . (($x['length']) ? $x['length'] - 1 : 0));
 				json_return_and_die($x);
 			}
@@ -545,6 +533,7 @@ class Photos extends \Zotlabs\Web\Controller {
 		//
 
 		$can_comment = perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'post_comments');
+		$datum = '';
 
 		if(argc() > 3) {
 			$datatype = argv(2);
@@ -552,7 +541,6 @@ class Photos extends \Zotlabs\Web\Controller {
 		} else {
 			if(argc() > 2) {
 				$datatype = argv(2);
-				$datum = '';
 			}
 			else
 				$datatype = 'summary';
@@ -576,8 +564,8 @@ class Photos extends \Zotlabs\Web\Controller {
 
 		$observer = \App::get_observer();
 
-		$can_post = perm_is_allowed($owner_uid,$observer['xchan_hash'],'write_storage');
-		$can_view = perm_is_allowed($owner_uid,$observer['xchan_hash'],'view_storage');
+		$can_post = perm_is_allowed($owner_uid,get_observer_hash(),'write_storage');
+		$can_view = perm_is_allowed($owner_uid,get_observer_hash(),'view_storage');
 
 		if(! $can_view) {
 			notice( t('Access to this item is restricted.') . EOL);
@@ -604,7 +592,10 @@ class Photos extends \Zotlabs\Web\Controller {
 		 * Display upload form
 		 */
 
-		if( $can_post) {
+		$upload_form = '';
+		$usage_message = '';
+
+		if($can_post) {
 
 			$uploader = '';
 
@@ -620,14 +611,12 @@ class Photos extends \Zotlabs\Web\Controller {
 				intval(\App::$data['channel']['channel_account_id'])
 			);
 
-
+			$usage_message = sprintf( t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000 );
 			$limit = engr_units_to_bytes(service_class_fetch(\App::$data['channel']['channel_id'],'photo_upload_limit'));
+
 			if($limit !== false) {
 				$usage_message = sprintf( t("%1$.2f MB of %2$.2f MB photo storage used."), $r[0]['total'] / 1024000, $limit / 1024000 );
 			}
-			else {
-				$usage_message = sprintf( t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000 );
-	 		}
 
 			if($_is_owner) {
 				$channel = \App::get_channel();
@@ -712,17 +701,17 @@ class Photos extends \Zotlabs\Web\Controller {
 				'title' => 'oembed'
 			]);
 
+			$folder_hash = '';
+			$album = '/';
+
 			if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) {
 				$album = $x['display_path'];
-			}
-			else {
-				$album = '/';
-				//goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']);
+				$folder_hash = $x['hash'];
 			}
 
 			\App::set_pager_itemspage(30);
 
-			if($_GET['order'] === 'posted')
+			if(isset($_GET['order']) && $_GET['order'] === 'posted')
 				$order = 'ASC';
 			else
 				$order = 'DESC';
@@ -731,7 +720,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					(SELECT resource_id, max(imgscale) imgscale FROM photo left join attach on folder = '%s' and photo.resource_id = attach.hash WHERE attach.uid = %d AND imgscale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph
 					ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale)
 				ORDER BY created $order LIMIT %d OFFSET %d",
-				dbesc($x['hash']),
+				dbesc($folder_hash),
 				intval($owner_uid),
 				intval(PHOTO_NORMAL),
 				intval(PHOTO_PROFILE),
@@ -763,7 +752,7 @@ class Photos extends \Zotlabs\Web\Controller {
 
 			}
 
-			if($_GET['order'] === 'posted')
+			if(isset($_GET['order']) && $_GET['order'] === 'posted')
 				$order =  array(t('Show Newest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum);
 			else
 				$order = array(t('Show Oldest First'), z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $datum . '?f=&order=posted');
@@ -784,7 +773,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					$desc_e = $rr['description'];
 
 					$imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id']
-					. (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''));
+					. ((isset($_GET['order']) && $_GET['order'] === 'posted') ? '?f=&order=posted' : ''));
 
 					$photos[] = array(
 						'id' => $rr['id'],
@@ -801,7 +790,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				}
 			}
 
-			if($_REQUEST['aj']) {
+			if(isset($_REQUEST['aj']) && $_REQUEST['aj']) {
 				if($photos) {
 					$o = replace_macros(get_markup_template('photosajax.tpl'),array(
 						'$photos' => $photos,
@@ -831,7 +820,7 @@ class Photos extends \Zotlabs\Web\Controller {
 
 			}
 
-			if((! $photos) && ($_REQUEST['aj'])) {
+			if((! $photos) && (isset($_REQUEST['aj']) && $_REQUEST['aj'])) {
 				$o .= '<div id="content-complete"></div>';
 				echo $o;
 				killme();
@@ -1021,7 +1010,7 @@ class Photos extends \Zotlabs\Web\Controller {
 
 			// FIXME - remove this when we move to conversation module
 
-			$r = $r[0]['children'];
+			$r = $r[0]['children'] ?? [];
 
 			$edit = null;
 			if($can_post) {
@@ -1121,9 +1110,6 @@ class Photos extends \Zotlabs\Web\Controller {
 					'attendyes' => array('title' => t('Attending','title')), 'attendno' => array('title' => t('Not attending','title')), 'attendmaybe' => array('title' => t('Might attend','title'))
 				);
 
-
-
-
 				if($r) {
 
 					foreach($r as $item) {
@@ -1266,19 +1252,19 @@ class Photos extends \Zotlabs\Web\Controller {
 				'$likebuttons' => $likebuttons,
 				'$like' => $like_e,
 				'$dislike' => $dislike_e,
-				'$like_count' => $like_count,
-				'$like_list' => $like_list,
-				'$like_list_part' => $like_list_part,
-				'$like_button_label' => $like_button_label,
+				'$like_count' => $like_count ?? '',
+				'$like_list' => $like_list ?? '',
+				'$like_list_part' => $like_list_part ?? '',
+				'$like_button_label' => $like_button_label ?? '',
 				'$like_modal_title' => t('Likes','noun'),
 				'$dislike_modal_title' => t('Dislikes','noun'),
-				'$dislike_count' => $dislike_count,  //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_count : ''),
-				'$dislike_list' => $dislike_list, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list : ''),
-				'$dislike_list_part' => $dislike_list_part, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list_part : ''),
-				'$dislike_button_label' => $dislike_button_label, //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_button_label : ''),
+				'$dislike_count' => $dislike_count ?? '',  //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_count : ''),
+				'$dislike_list' => $dislike_list ?? '', //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list : ''),
+				'$dislike_list_part' => $dislike_list_part ?? '', //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list_part : ''),
+				'$dislike_button_label' => $dislike_button_label ?? '', //((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_button_label : ''),
 				'$modal_dismiss' => t('Close'),
 				'$comments' => $comments,
-				'$commentbox' => $commentbox,
+				'$commentbox' => $commentbox ?? '',
 				'$paginate' => $paginate,
 				'$onclick' => $hookdata['onclick']
 			));
@@ -1345,7 +1331,7 @@ class Photos extends \Zotlabs\Web\Controller {
 			}
 		}
 
-		if($_REQUEST['aj']) {
+		if(isset($_REQUEST['aj']) && $_REQUEST['aj']) {
 			if($photos) {
 				$o = replace_macros(get_markup_template('photosajax.tpl'),array(
 					'$photos' => $photos,
@@ -1373,7 +1359,7 @@ class Photos extends \Zotlabs\Web\Controller {
 
 		}
 
-		if((! $photos) && ($_REQUEST['aj'])) {
+		if((! $photos) && (isset($_REQUEST['aj']) && $_REQUEST['aj'])) {
 			$o .= '<div id="content-complete"></div>';
 			echo $o;
 			killme();