more changelog

(cherry picked from commit 4338e4ef86)

.debianinstall/README.md

@@ -0,0 +1,158 @@
+
+# How to use
+
+## Disclaimers
+
+- **This script does work with a fresh install of Debian 12 only**.
+- Do not use if you have already installed and configured a webserver or sql server that was not installed by this script.
+
+### Keep it Simple and Stupid
+
+The script keeps everything as simple as possible (KISS):
+
+- Apache as webserver (there is no choice to use another webserver like nginx)
+- default PHP version of Debian
+- one single Hubzilla intance only
+- re-running the script does no harm
+
+### When to use other Scripts
+
+Use the scripts under [homeinstall](https://framagit.org/hubzilla/core/-/tree/master/.homeinstall)
+if you look for more choices. The main differences are:
+
+- Apache or nginx as webserver
+- install multiple instances (domains) that run side by side on the server
+- adds apache vhosts (instead of using the standard doc root /var/www/html)
+- install PHP from https://packages.sury.org/php/ (instead of using the Debian repository)
+- graphical installer whiptail
+- The script stops (fails) if it finds results of a previous installation. (The [debian-setup.sh](https://framagit.org/ojrandom/core/-/tree/dev/.debianinstall) will just jump over it.)
+- If something fails the script tries to clean up everything that was installed up to the point of failure. (That might cause trouble if certbot registered a certificate already.)
+- The script under [homeinstall](https://framagit.org/hubzilla/core/-/tree/master/.homeinstall) seems to be an older version of the scripts used for Streams
+  + [autoinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/autoinstall)
+  + [easyinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/easyinstall)
+
+## Preconditions
+
+Hardware
+
++ internet connection and router at home
++ computer connected to your router (a Raspberry 3 will do for very small Hubs)
+
+Software
+
++ fresh installation of Debian 12 (bookworm)
++ router with open ports 80 and 443 for your web server
+
+You can of course run the script on a VPS or any distant server as long as the above sotfware requirements are satisfied.
+
+## How to run the script
+
++ Register your own domain (for example at selfHOST) or a free subdomain (for example at freeDNS)
++ Log on to your fresh Debian
+  - apt-get install git
+  - mkdir -p /var/www
+  - cd /var/www
+  - git clone https://framagit.org/hubzilla/core.git html
+  - cd html/.debianinstall
+  - cp config.txt.template config.txt
+  - nano config.txt
+    - read the comments carefully
+    - enter your values: db pass, domain
+    - (optionally) Enter your values for dyn DNS
+  - ./debian-setup.sh as root
+    - ... wait, wait, wait until the script is finished
++ Open your domain with a browser and step throught the initial configuration of your hubzilla instance.
+  - default database name = hubzilla
+  - default dababase user = hubzilla
+
+## Optional - Switch verification of email on/off
+
+Do this just before you register the first user without email verification.
+
+In a terminal
+
+    su -
+    cd /var/www/html
+
+Check the current setting 
+
+    util/config system verify_email
+
+Switch the verification off
+
+    util/config system verify_email 0
+
+## What the script will do for you...
+
++ install everything required by your hubzilla instance, basically a web server (Apache), PHP, a database (MySQL), certbot,...
++ create a database
++ run certbot to have everything for a secure connection (httpS)
++ create a script for daily maintenance
+  - renew certfificate (letsencrypt)
+  - update of your hubzilla instance for core and addons (git)
+  - update of Debian
+  - restart
++ create cron jobs for
+  - DynDNS (selfHOST.de or freedns.afraid.org) every 5 minutes
+  - Master.php for your hubzilla instance every 10 minutes
+  - daily maintenance script every day at 05:30
+
+The script is known to work without adjustments with
+
++ Hardware
+  - standard PC with Debian 12 (bookworm)
+  - Raspberry 4 with Raspbian, Debian 12 (TODO: needs confirmation after swich to Debian12)
+  - for tesing purposes: under localhost inside a virtual machine, [KVM](https://wiki.debian.org/KVM)
++ DynDNS
+  - selfHOST.de
+  - freedns.afraid.org
+
+# Step-by-Step - some Details
+
+## Preparations
+
+## Configure your Router
+
+Your webserver has to be visible in the internet.  
+
+Open the ports 80 and 443 on your router for your Debian. Make sure your web server is marked as "exposed host".
+
+## Preparations Dynamic IP Address
+
+Follow the instructions in .debianinstall/config.txt.  
+
+In short...  
+
+Your Hubzilla server must be reachable by a domain that you can type in your browser
+
+    cooldomain.org
+
+You can use subdomains as well
+
+    my.cooldomain.org
+
+There are two ways to get a domain...
+
+### Method 1: Buy a Domain 
+
+...for example buy at selfHOST.de  
+
+The cost is 1,50 € per month (2019).
+
+### Method 2: Register a free subdomain
+
+...for example register at freedns.afraid.org
+
+## Note on Rasperry 
+
+It is recommended to run the Raspi without graphical frontend (X-Server). Use...
+
+    sudo raspi-config
+
+to boot the Rapsi to the client console.
+
+DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
+
+## Reminder for Different Web Wervers
+
+For those of you who feel adventurous enough to use a different web server (i.e. Lighttpd...), don't forget that this script will install Apache or Nginx and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly.

.debianinstall/config.txt.template

@@ -0,0 +1,111 @@
+
+###############################################
+### MANDATORY - database password #############
+#
+# Please give your database password
+# It is better to not use blanks inside the password.
+#   Example: db_pass=pass_word_with_no_blanks_in_it
+db_pass=
+
+###############################################
+### MANDATORY - let's encrypt #################
+#
+# Zot requires encrypted communication via secure HTTP (HTTPS).
+# This script automates installation of an SSL certificate from
+# Let's Encrypt (https://letsencrypt.org)
+#
+# Please give the domain name of your hub/instance
+#
+#     Example: my.cooldomain.org
+#     Example: cooldomain.org
+#
+# You might use "localhost" for a LOCAL TEST installation.
+# This is usefull if you want to debug the server inside a VM.
+#
+#     Example: localhost
+#
+# Email is optional if you use "localhost".
+#
+#
+le_domain=
+le_email=
+
+
+###############################################
+### OPTIONAL - selfHOST - dynamic IP address ##
+#
+# 1. Register a domain at selfhost.de
+#    - choose offer "DOMAIN dynamisch" 1,50€/mon at 04/2019
+# 2. Get your configuration for dynamic IP update
+#    - Log in at selfhost.de
+#    - go to "DynDNS Accounte"
+#    - klick "Details" of your (freshly) registered domain
+#    - You will find the configuration there
+#      - Benutzername (user name) > use this for "selfhost_user="
+#      - Passwort (pass word) > use this for "selfhost_pass="
+#
+#
+selfhost_user=
+selfhost_pass=
+
+###############################################
+### OPTIONAL - FreeDNS - dynamic IP address ###
+#
+# Please give the alpha-numeric-key of freedns
+#
+# Get a free subdomain from freedns and use it for your dynamic ip address
+# Documentation under http://www.techjawab.com/2013/06/setup-dynamic-dns-dyndns-for-free-on.html
+#
+# - Register for a Free domain at http://freedns.afraid.org/signup/
+# - WATCH THIS: Make sure you choose a domain with as less subdomains as
+#   possible. Why? Let's encrpyt issues a limited count of certificates each
+#   day. Possible other users of this domain will try to issue a certificate
+#   at the same day.
+# - Logon to FreeDNS (where you just registered)
+# - Goto http://freedns.afraid.org/dynamic/
+# - Right click on "Direct Link" and copy the URL and paste it somewhere.
+# - You should notice a large and unique alpha-numeric key in the URL
+#
+#       http://freedns.afraid.org/dynamic/update.php?alpha-numeric-key
+#
+#   Provided your url from freedns is
+#
+#	http://freedns.afraid.org/dynamic/update.php?U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5
+#
+#   Then you have to provide
+#
+#       freedns_key=U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5
+#
+#
+freedns_key=
+
+
+###############################################
+### OPTIONAL - do not mess with things below ##
+#              (...if you are not certain)
+#
+# Usually you are done here
+# Everything below is OPTIONAL
+#
+###############################################
+#
+# Database for your hub/instance
+# If left empty, both your database and user will be named after your zot instance (hubzilla, zap or misty)
+# Use custom name, at least fo the database, if you plan to run more than one hub/instance on the same server
+#
+zotserver_db_name=
+zotserver_db_user=
+zotserver_db_pass=$db_pass
+# 
+#
+# Password for package mysql-server
+#   Example: mysqlpass=aberhallo
+#   Example: mysqlpass="aber hallo has blanks in it"
+#
+mysqlpass=$db_pass
+
+# Password for package phpmyadmin
+#   Example: phpmyadminpass=aberhallo
+#   Example: phpmyadminpass="aber hallo has blanks in it"
+phpmyadminpass=$db_pass
+

.debianinstall/debian-setup.sh

@@ -0,0 +1,527 @@
+#!/bin/bash
+#
+# How to use
+# ----------
+#
+# This file automates the installation of hubzilla: https://framagit.org/hubzilla/core
+# under Debian Linux "bookworm"
+#
+# 1) Copy the file "config.txt.template" to "config.txt"
+#       Follow the instuctions there
+#
+# 2) Switch to user "root" by typing "su -"
+#
+# 3) Run with "./debian-setup.sh"
+#       If this fails check if you can execute the script.
+#       - To make it executable type "chmod +x debian-setup.sh"
+#       - or run "bash debian-setup.sh"
+#
+#
+# What does this script do basically?
+# -----------------------------------
+#
+# This file automates the installation of a Hubzilla instance under Debian Linux
+# - install
+#        * apache webserver,
+#        * php,
+#        * mariadb,
+#        * adminer,
+#        * addons
+# - configure cron
+#        * "Master.php" for regular background processes of your hubzilla instance
+#        * "apt-get update" and "apt-get dist-upgrade" and "apt-get autoremove" to keep linux up-to-date
+#        * run command to keep the IP up-to-date > DynDNS provided by selfHOST.de or freedns.afraid.org
+# - run letsencrypt to create, register and use a certifacte for https
+#
+#
+# Credits
+# -------
+#
+# The script is derived from the easyinstall script of the Streams repository, which is based on
+# - Tom Wiedenhöfts (OJ Random) script homeinstall (for Hubzilla, ZAP,...) that was based on
+# - Thomas Willinghams script "debian-setup.sh" which he used to install the red#matrix.
+
+function check_sanity {
+    # Do some sanity checking.
+    print_info "Sanity check..."
+    if [ $(/usr/bin/id -u) != "0" ]
+    then
+        die 'Must be run by root user'
+    fi
+
+    if [ -f /etc/lsb-release ]
+    then
+        die "Distribution is not supported"
+    fi
+    if [ ! -f /etc/debian_version ]
+    then
+        die "Debian is supported only"
+    fi
+    if ! grep -q 'Linux 12' /etc/issue
+    then
+        die "Linux 12 (bookworm) is supported only"x
+    fi
+}
+
+function check_config {
+    print_info "config check..."
+    # Check for required parameters
+    if [ -z "$db_pass" ]
+    then
+        die "db_pass not set in $configfile"
+    fi
+    if [ -z "$le_domain" ]
+    then
+        die "le_domain not set in $configfile"
+    fi
+}
+
+function die {
+    echo "ERROR: $1" > /dev/null 1>&2
+    exit 1
+}
+
+
+function update_upgrade {
+    print_info "updated and upgrade..."
+    # Run through the apt-get update/upgrade first. This should be done before
+    # we try to install any package
+    apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove
+    print_info "updated and upgraded linux"
+}
+
+function nocheck_install {
+    # export DEBIAN_FRONTEND=noninteractive ... answers from the package configuration database
+    # - q ... without progress information
+    # - y ... answer interactive questions with "yes"
+    # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
+    # DEBIAN_FRONTEND=noninteractive apt-get --install-suggests -q -y install $1
+    DEBIAN_FRONTEND=noninteractive apt-get -q -y install $1
+    print_info "installed $1"
+}
+
+
+function print_info {
+    echo -n -e '\e[1;34m'
+    echo -n $1
+    echo -e '\e[0m'
+}
+
+function print_warn {
+    echo -n -e '\e[1;31m'
+    echo -n $1
+    echo -e '\e[0m'
+}
+
+function stop_zotserver {
+    print_info "stopping apache..."
+    systemctl stop apache2
+    print_info "stopping mysql db..."
+    systemctl stop mariadb
+}
+
+function install_apache {
+    print_info "installing apache..."
+    nocheck_install "apache2 apache2-utils"
+    a2enmod rewrite
+    systemctl restart apache2
+}
+
+function install_imagemagick {
+    print_info "installing imagemagick..."
+    nocheck_install "imagemagick"
+}
+
+function install_curl {
+    print_info "installing curl..."
+    nocheck_install "curl"
+}
+
+function install_wget {
+    print_info "installing wget..."
+    nocheck_install "wget"
+}
+
+function install_sendmail {
+    print_info "installing sendmail..."
+    nocheck_install "sendmail sendmail-bin"
+}
+
+function install_php {
+    # openssl and mbstring are included in libapache2-mod-php
+    print_info "installing php..."
+    nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
+    phpversion=$(php -v|grep --only-matching --perl-regexp "(PHP )\d+\.\\d+\.\\d+"|cut -c 5-7)
+    sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/$phpversion/apache2/php.ini
+    sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/$phpversion/apache2/php.ini
+}
+
+function install_composer {
+    print_info "We check if Composer is already downloaded"
+    if [ ! -f /usr/local/bin/composer ]
+    then
+        EXPECTED_CHECKSUM="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')"
+        php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+        ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
+        if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]
+        then
+            >&2 echo 'ERROR: Invalid installer checksum'
+            rm composer-setup.php
+            die 'ERROR: Invalid installer checksum'
+        fi
+        php composer-setup.php --quiet
+        RESULT=$?
+        rm composer-setup.php
+        # exit $RESULT
+        # We install Composer globally
+        mv composer.phar /usr/local/bin/composer
+        print_info "Composer was successfully downloaded."
+    else
+        print_info "Composer is already downloaded on this system."
+    fi
+    cd $install_path
+    export COMPOSER_ALLOW_SUPERUSER=1;
+    /usr/local/bin/composer install --no-dev
+    /usr/local/bin/composer show
+    export COMPOSER_ALLOW_SUPERUSER=0;
+}
+
+
+function install_mysql {
+    print_info "installing mysql..."
+    if [ -z "$mysqlpass" ]
+    then
+        die "mysqlpass not set in $configfile"
+    fi
+	if type mysql ; then
+        echo "Yes, mysql is installed"
+	else
+        echo "mariadb-server"
+        nocheck_install "mariadb-server"
+        systemctl status mariadb
+        systemctl start mariadb
+        mysql --user=root <<_EOF_
+UPDATE mysql.user SET Password=PASSWORD('${mysqlpass}') WHERE User='root';
+DELETE FROM mysql.user WHERE User='';
+DROP DATABASE IF EXISTS test;
+DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
+FLUSH PRIVILEGES;
+_EOF_
+    fi
+}
+
+function install_adminer {
+    print_info "installing adminer..."
+    nocheck_install "adminer"
+    if [ ! -f /etc/adminer/adminer.conf ]
+    then
+        echo "Alias /adminer /usr/share/adminer/adminer" > /etc/adminer/adminer.conf
+        ln -s /etc/adminer/adminer.conf /etc/apache2/conf-available/adminer.conf
+    else
+        print_info "file /etc/adminer/adminer.conf exists already"
+    fi
+
+    a2enmod rewrite
+
+    if [ ! -f /etc/apache2/apache2.conf ]
+    then
+        die "could not find file /etc/apache2/apache2.conf"
+    fi
+    sed -i \
+        "s/AllowOverride None/AllowOverride all/" \
+        /etc/apache2/apache2.conf
+
+    a2enconf adminer
+    systemctl restart mariadb
+    systemctl reload apache2
+}
+
+function create_zotserver_db {
+    print_info "creating zotserver database..."
+    if [ -z "$db_name" ]
+    then
+        die "db_name not set in $configfile"
+    fi
+    if [ -z "$db_user" ]
+    then
+        die "db_user not set in $configfile"
+    fi
+    if [ -z "$db_pass" ]
+    then
+        die "db_pass not set in $configfile"
+    fi
+    systemctl restart mariadb
+    # Make sure we don't write over an already existing database if we install more than one Zot hub/instance
+    if [ -z $(mysql -h localhost -u root -p$mysqlpass -e "SHOW DATABASES;" | grep $db_name) ]
+    then
+        Q1="CREATE DATABASE IF NOT EXISTS $db_name;"
+        Q2="GRANT USAGE ON *.* TO $db_user@localhost IDENTIFIED BY '$db_pass';"
+        Q3="GRANT ALL PRIVILEGES ON $name.* to $db_user@localhost identified by '$db_pass';"
+        Q4="FLUSH PRIVILEGES;"
+        SQL="${Q1}${Q2}${Q3}${Q4}"
+        mysql -uroot -p$mysqlpass -e "$SQL"
+    else
+        echo "database $db_name does exist already"
+    fi
+}
+
+function run_freedns {
+    print_info "run freedns (dynamic IP)..."
+    if [ -z "$freedns_key" ]
+    then
+        print_info "freedns was not started because 'freedns_key' is empty in $configfile"
+    else
+        if [ -n "$selfhost_user" ]
+        then
+            die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
+        fi
+        wget --no-check-certificate -O - http://freedns.afraid.org/dynamic/update.php?$freedns_key
+    fi
+}
+
+function install_run_selfhost {
+    print_info "install and start selfhost (dynamic IP)..."
+    if [ -z "$selfhost_user" ]
+    then
+        print_info "selfHOST was not started because 'selfhost_user' is empty in $configfile"
+    else
+        if [ -n "$freedns_key" ]
+        then
+            die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
+        fi
+        if [ -z "$selfhost_pass" ]
+        then
+            die "selfHOST was not started because 'selfhost_pass' is empty in $configfile"
+        fi
+        if [ ! -d $selfhostdir ]
+        then
+            mkdir $selfhostdir
+        fi
+        # the old way
+        # https://carol.selfhost.de/update?username=123456&password=supersafe
+        #
+        # the prefered way
+        wget --output-document=$selfhostdir/$selfhostscript http://jonaspasche.de/selfhost-updater
+        echo "router" > $selfhostdir/device
+        echo "$selfhost_user" > $selfhostdir/user
+        echo "$selfhost_pass" > $selfhostdir/pass
+        bash $selfhostdir/$selfhostscript update
+    fi
+}
+
+function ping_domain {
+    print_info "ping domain $domain..."
+    # Is the domain resolved? Try to ping 6 times à 10 seconds
+    COUNTER=0
+    for i in {1..6}
+    do
+        print_info "loop $i for ping -c 1 $domain ..."
+        if ping -c 4 -W 1 $le_domain
+        then
+            print_info "$le_domain resolved"
+            break
+        else
+            if [ $i -gt 5 ]
+            then
+                die "Failed to: ping -c 1 $domain not resolved"
+            fi
+        fi
+        sleep 10
+    done
+    sleep 5
+}
+
+function configure_cron_freedns {
+    print_info "configure cron for freedns..."
+    if [ -z "$freedns_key" ]
+    then
+        print_info "freedns is not configured because freedns_key is empty in $configfile"
+    else
+        # Use cron for dynamich ip update
+        #   - at reboot
+        #   - every 30 minutes
+        if [ -z "`grep 'freedns.afraid.org' /etc/crontab`" ]
+        then
+            echo "@reboot root http://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
+            echo "*/30 * * * * root wget --no-check-certificate -O - http://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
+        else
+            print_info "cron for freedns was configured already"
+        fi
+    fi
+}
+
+function configure_cron_selfhost {
+    print_info "configure cron for selfhost..."
+    if [ -z "$selfhost_user" ]
+    then
+        print_info "selfhost is not configured because selfhost_key is empty in $configfile"
+    else
+        # Use cron for dynamich ip update
+        #   - at reboot
+        #   - every 5 minutes
+        if [ -z "`grep 'selfhost-updater.sh' /etc/crontab`" ]
+        then
+            echo "@reboot root bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
+            echo "*/5 * * * * root /bin/bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
+        else
+            print_info "cron for selfhost was configured already"
+        fi
+    fi
+}
+
+function install_letsencrypt {
+    print_info "installing let's encrypt ..."
+    # check if user gave domain
+    if [ -z "$le_domain" ]
+    then
+        die "Failed to install let's encrypt: 'le_domain' is empty in $configfile"
+    fi
+    if [ -z "$le_email" ]
+    then
+        die "Failed to install let's encrypt: 'le_email' is empty in $configfile"
+    fi
+    nocheck_install "certbot python-certbot-apache"
+    print_info "run certbot ..."
+    certbot --apache -w $install_path -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
+    service apache2 restart
+}
+
+function check_https {
+    print_info "checking httpS > testing ..."
+    url_https=https://$le_domain
+    wget_output=$(wget -nv --spider --max-redirect 0 $url_https)
+    if [ $? -ne 0 ]
+    then
+        print_warn "check not ok"
+    else
+        print_info "check ok"
+    fi
+}
+
+function install_zotserver {
+    print_info "installing addons..."
+    cd $install_path
+    util/add_addon_repo https://framagit.org/hubzilla/addons hzaddons
+    mkdir -p "store/[data]/smarty3"
+    # chmod -R 777 store
+    touch .htconfig.php
+    # The next run of $cron_job (daily-update script) will correct the permissions of the next line
+    chmod ou+w .htconfig.php  
+    cd /var/www/
+    chown -R www-data:www-data $install_path
+	chown root:www-data $install_path/
+	chown root:www-data $install_path/.htaccess
+	chmod 0644 $install_path/.htaccess
+    print_info "installed addons"
+}
+
+function configure_cron_daily {
+    print_info "configuring cron..."
+    # every 10 min for poller.php
+    if [ -z "`grep 'php Zotlabs/Daemon/Master.php' /etc/crontab`" ]
+    then
+        echo "*/10 * * * * www-data cd $install_path; php Zotlabs/Daemon/Master.php Cron >> /dev/null 2>&1" >> /etc/crontab
+    fi
+    # Run external script daily at 05:30
+    # - stop apache/nginx and mysql-server
+    # - renew the certificate of letsencrypt
+    # - update repository core and addon
+    # - update and upgrade linux
+    # - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system
+    echo "#!/bin/sh" > /var/www/$cron_job
+    echo "#" >> /var/www/$cron_job
+    echo "echo \" \"" >> /var/www/$cron_job
+    echo "echo \"+++ \$(date) +++\"" >> /var/www/$cron_job
+    echo "echo \" \"" >> /var/www/$cron_job
+    echo "echo \"\$(date) - stopping apache and mysql...\"" >> /var/www/$cron_job
+    echo "service apache2 stop" >> /var/www/$cron_job
+    echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$cron_job
+    echo "#" >> /var/www/$cron_job
+    echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$cron_job
+    echo "certbot renew --noninteractive" >> /var/www/$cron_job
+    echo "#" >> /var/www/$cron_job
+    echo "echo \"\$(date) - db size...\"" >> /var/www/$cron_job
+    echo "du -h /var/lib/mysql/ | grep mysql/" >> /var/www/$cron_job
+    echo "#" >> /var/www/$cron_job    
+    echo "# update of $le_domain Zot hub/instance" >> /var/www/$cron_job
+    echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$cron_job
+    echo "echo \"reaching git repository for $le_domain $zotserver hub/instance...\"" >> /var/www/$cron_job
+    echo "(cd $install_path ; util/udall)" >> /var/www/$cron_job
+    echo "chown -R www-data:www-data $install_path # make all accessible for the webserver" >> /var/www/$cron_job
+    echo "chown root:www-data $install_path/.htaccess" >> /var/www/$cron_job
+    echo "chmod 0644 $install_path/.htaccess # www-data can read but not write it" >> /var/www/$cron_job    
+    echo "echo \"\$(date) - updating linux...\"" >> /var/www/$cron_job
+    echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$cron_job
+    echo "echo \"\$(date) - Update finished. Rebooting...\"" >> /var/www/$cron_job
+    echo "#" >> /var/www/$cron_job
+    echo "shutdown -r now" >> /var/www/$cron_job
+
+    chmod a+x /var/www/$cron_job
+
+    # If global cron job does not exist we add it to /etc/crontab
+    if grep -q $cron_job /etc/crontab
+    then
+        echo "cron job already in /etc/crontab"
+    else
+        echo "30 05 * * * root /bin/bash /var/www/$cron_job >> /var/www/daily-updates.log 2>&1" >> /etc/crontab
+        echo "0 0 1 * * root rm /var/www/daily-updates.log" >> /etc/crontab
+    fi
+
+    # This is active after either "reboot" or cron reload"
+    systemctl restart cron
+    print_info "configured cron for updates/upgrades"
+}
+
+########################################################################
+# START OF PROGRAM
+########################################################################
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
+check_sanity
+
+print_info "We're installing a $zotserver instance"
+install_path="$(dirname "$(pwd)")"
+
+# Read config file edited by user
+configfile=config.txt
+source $configfile
+
+selfhostdir=/etc/selfhost
+selfhostscript=selfhost-updater.sh
+cron_job="cron_job.sh"
+
+#set -x    # activate debugging from here
+
+zotserver=hubzilla
+check_config
+stop_zotserver
+update_upgrade
+install_curl
+install_wget
+install_sendmail
+install_apache
+install_imagemagick
+install_php
+install_composer
+install_mysql
+install_adminer
+create_zotserver_db
+run_freedns
+install_run_selfhost
+ping_domain
+configure_cron_freedns
+configure_cron_selfhost
+
+if [ "$le_domain" != "localhost" ]
+then
+    install_letsencrypt
+    check_https
+else
+    print_info "is localhost - skipped installation of letsencrypt and configuration of apache for https"
+fi
+
+install_zotserver
+
+configure_cron_daily
+
+
+#set +x    # stop debugging from here

.gitlab-ci.yml

@@ -3,7 +3,7 @@
 # Use a prepared Hubzilla image to optimise pipeline duration
 # image: registry.gitlab.com/dawnbreak/hubzilla/core:php7.3
 
-image: php:8.0
+image: php:8.1
 
 stages:
   - test
@@ -96,8 +96,8 @@ before_script:
       - tests/results/
 
 
-# PHP8.0
-php8.0:
+# PHP8.1
+php8.1:
   <<: *job_definition_php
 
 # PHP8.0 with MySQL 5.7

CHANGELOG

@@ -1,22 +1,213 @@
+Hubzilla 8.6.3 (2023-09-16)
+	- Fix regression in jsonld_document_loader()
+	- Improve type checking for announce activities
+	- Improve query in drop_item() to prevent possible memory exhaustion
+	- Addon gallery: only add gallery code if the module is supported
+	- Adon hsse: port to bootstrap 5 namespaces - core issue #1793
+
+
+Hubzilla 8.6.2 (2023-08-27)
+	- Fix public stream comments/reactions fetching
+	- Fix notification text for likes in cases where obj.actor is not set
+	- Fix missing pdl file for mod cover_photo
+	- Fix unable to create folders with name 0
+	- Fix index name mixup in mysql schema file
+	- Fix missing semicolon in mysql schema file
+	- Removed unused variable
+	- Fix typo in manifest
+	- Fix cached jsonld files fetched via network
+	- Page rendering performance improvements
+	- Fix internal follow activity possibly creating notification items
+	- Fix admin table highlight color for dark mode
+	- Pubcrawl: do not handle not implemented listen activity
+	- Diaspora: fix unshare not implemented
+
+
+Hubzilla 8.6.1 (2023-07-18)
+	- Fix diaspora discovery
+
+
+Hubzilla 8.6 (2023-07-11)
+	- Update fullcalendar library
+	- Improve and unify selection of deliverable abook xchans
+	- Remove unused pseudo_abook()
+	- Implement optional moderation for unsolicited items
+	- Hardened comment permission handling for unsolicited items
+	- Remove unused templates
+	- Deprecate ActivityStreams::fetch() and provide the possibility to fetch local items directly
+	- Add simplified version of automated install script
+	- Shuffle queue deliveries for more randomness
+	- Update composer libraries
+	- Add new 2-column templates
+	- Implement optional OCAP for items to allow access to restricted media without OWA
+
+	Bugfixes
+	- Fix content in nobb and noparse text linkified - issue #1776
+	- Fix editing an event changes the set time - issue #1771
+	- Fix person object with mixed up hubloc info - issue #1770
+	- Fix $escape variable not passed on to stringify_array_elms()
+	- Fix relaying and syncing in Activity::drop()
+	- Fix allow code not sticking after channel sync - issue #1769
+	- Fix channel oembed regressions
+
+	Addons
+	- Diaspora: fix signature check for likes
+	- Diaspora: fix relaying retractions
+	- Diaspora: port to core unsolicited comments option
+	- Gallery: add an exception for streams reshares
+	- Pubcrawl: dismiss comments that are expected to arrive via owner relay
+	- Pubcrawl: improved inbox handling
+	- Pubcrawl: catch gup.pe updates to followers collection
+	- Pubcrawl: fix follow allow hook
+	- Diaspora: fix follow allow hook
+	- Content_import: fix crash in post handler
+	- Pubcrawl: store follow url when fetching webfinger
+	- Diaspora: store follow url when fetching webfinger
+	- Pubcrawl: move addressing to separate function
+
+
+Hubzilla 8.4.2 (2023-06-02)
+	- Update bootstrap to stable version 5.3.0
+	- Fix hubloc confusion in mod rmagic
+	- Improved unseen forums notification
+	- Add workaround for friendica accept header bug for nginx
+	- Fix acl not set correctly in attach_store()
+	- Fix attachment name parsing
+	- Fix display issue in oembed video template
+	- content_import: fix crash in post handler
+	- pubcrawl: move addressing to separate function
+
+
+Hubzilla 8.4.1 (2023-05-20)
+	- Fix issue where accepting AP contacts would reset send stream permission
+	- Fix link to release page in upgrade info addon
+
+
+Hubzilla 8.4 (2023-05-17)
+	- Slightly rewrite Activity::store() to save a query
+	- Use act->objprop() in decode_note() to get activity values
+	- Make sure to re-discover a channel upon connecting if we have just an xchan but no hubloc
+	- Updated ES translations
+	- Updated RU translations
+	- Redesigned profile vcard to implement cover images
+	- Slightly improved discovery of AP quoted messages
+	- Updated bootstrap library
+	- Changed hashtag encoding to match mastodons expectations (issue #1750)
+	- Implement fedearted directory flags from trusted directory servers
+	- Use Activity::get_actor_hublocs() in Libzot::fetch_conversation() instead of custom queries
+	- Add the conversation endpoint
+	- Implement paginated fetch for zot requests in mod item
+	- Implement Zotconvo daemon to fetch conversations in the background
+	- Expose deleted channels to webfinger (otherwise we can not mark them deleted locally)
+	- Expire items in batches to prevent memory exhaustion
+	- Remove legacy zot compatibility tweaks
+	- Rewrite and simplify directory sync
+	- Improve potentially long running sql query finding the thread parent
+	- Implement option to override permissions for posts with mentions
+
+	Bugfixes
+	- Fix parent_mid and thr_parent not set correctly for response activities
+	- Fix query for postgres in attach_list_files()
+	- Fix item_url_replace() failing on arrays
+	- Fix OWA compatibility with friendica
+	- Fix regression in decoding the object type
+	- Fix xss vulnerability in justified gallery library
+	- Fix permissions not initialized after accepted follow request from AP
+	- Fix empty path passed to fopen()
+	- Fix % value in format_poll() not rounded
+	- Fix remove_all_xchan_resources() executed for local channels
+	- Fix likes not synced via libsync between clones
+
+	Addons
+	- Pubcrawl: fix xchan_url used as follow object instead of xchan_hash
+	- Channelreputation: moved to unmaintained repo due to duplication issues when storing data in pconfig
+	- Pubcrawl: add lemmy accept/reject follow quirks
+	- Diaspora: handle 4xx return codes in queue management
+	- Diaspora: fix fatal error in the case where parent_guid is set but empty
+	- Pubcrawl: if shared inbox delivery fails deliver to contacts instead of everybody we know from that site
+	- Articles: fix PHP error
+	- Diaspora: rewrite synced (from a clone) item author to primary
+	- Diaspora: improve reshare detection
+	- Diaspora: fix contact role not sets
+	- Pubcrawl: rewrite synced (from a clone) item author to primary
+	- Pubcrawl: if we receive a public message to the shared inbox deliver to following *and* directly addressed
+
+
+Hubzilla 8.2 (2023-03-19)
+	- Remove redundant untranslated htconfig templates
+	- Implement workaround for friendica image/attachment construct
+	- Implement notification exception for forum posts repeated by group actors
+	- Updated es translations
+	- Rewrite totp multifactor auth and move it from addon to core (ported from streams)
+	- Implement page load progress indicator for pwa standalone mode
+	- Improved mod HQ logic to save some DB lookups
+	- Default owner_xchan to sender in Activity::store() except for fetched items
+	- Improved contact search
+	- Do not force new thread if announce comes from group actor
+	- Disable oembed in notes app
+	- Improved queue handling
+	- Slightly restructure conv item head
+	- Implemet author images in HQ widget
+	- Implement author filter in HQ widget
+	- Add config option db_skip_locked_supported which should be set if the DB backend supports skip locked
+	- Updated simple pie library
+	- Updated smarty library
+	- Updated forkawesome library
+	- Updated fullcalendar library
+	- Implement native dark/light mode in favour of dark/light schema
+	- Updated bootstrap library
+
+	Bugfixes
+	- Fix channel calendar location html not interpreted - issue #1728
+	- Fix max oembed size check if content length header is an array
+	- Fix group actor wall posts turned into direct messages when posting article or card
+	- Fix non zot profile mentions using zrl tag
+	- Fix message filter > and < not decoded
+	- Fix deleted hublocs included in author lookup
+	- Fix some more PHP warnings
+	- Fix syntax for get_compund_property()
+	- Fix xchan_pubforum not set on actor updates
+	- Fix duplicate directory entries for xchans with bogus second primary entry
+	- Fix missing created timestamp in like activity - issue #1729
+	- Fix messages not signed when posting from non primary locations
+	- Fix pinned post regression
+	- Fix autocomplete items not selectable on mobile
+	- Fix hubloc confusion in Libzot::fetch_conversation()
+	- Fix valid duplicate notification entries deduplicated
+	- Fix ics file import
+	- Fix recipients deduplication in some places
+	- Fix hashtag encoded with href instead of id
+
+	Addons
+	- Pubcrawl: re-implement encrypted content which got lost in transition
+	- Pubcrawl: flag fetched items
+	- Totp: removed from addons in favor of implementation in core
+	- Pubcrawl: fix delivery issues for relayed activities
+	- Cart: fix missing bootstrap namespace
+	- Gallery: do not inject gallery code in webpages
+	- Pubcrawl: fix sql error if mentions string is empty
+	- Cart: fix paypal order hash size
+
+
 Hubzilla 8.0 (2023-01-13)
-	Updated ru strings
-	Implement ability to edit addon PDL with pdledit_gui and pdledit
-	Implement queueworker auto sleep time
-	Always add sys channel to receivers for public items
-	Improved server sent events loop
-	Exclude not tagable xchan networks handle_tag()
-	Add mark html tag to the html2bbcode parser
-	Embed or attach uploaded files depending on file type
-	Changed logic to enable site only public stream - please revisit admin setting
-	Updated nb-no strings
-	Moved queueworker to core
-	Provide a PDL file for mod invite and set the profile
-	Disabled outdated context help
-	Mark unseen items seen after a certain amount of time (default 90 days)
-	Slightly restructure lib webfinger
-	Improved redbasic dark schema
-	Implement unseen thread and unseen items count in HQ widget
-	In unseen items notifications just count the first 99 and display 99+ if there are more
+	- Updated ru strings
+	- Implement ability to edit addon PDL with pdledit_gui and pdledit
+	- Implement queueworker auto sleep time
+	- Always add sys channel to receivers for public items
+	- Improved server sent events loop
+	- Exclude not tagable xchan networks handle_tag()
+	- Add mark html tag to the html2bbcode parser
+	- Embed or attach uploaded files depending on file type
+	- Changed logic to enable site only public stream - please revisit admin setting
+	- Updated nb-no strings
+	- Moved queueworker to core
+	- Provide a PDL file for mod invite and set the profile
+	- Disabled outdated context help
+	- Mark unseen items seen after a certain amount of time (default 90 days)
+	- Slightly restructure lib webfinger
+	- Improved redbasic dark schema
+	- Implement unseen thread and unseen items count in HQ widget
+	- In unseen items notifications just count the first 99 and display 99+ if there are more
 
 	Bugfixes
 	- Fix race conditions when processing multiple choice polls

Zotlabs/Daemon/Convo.php

@@ -55,6 +55,7 @@ class Convo {
 			$AS = new ActivityStreams($message);
 			if ($AS->is_valid() && is_array($AS->obj)) {
 				$item = Activity::decode_note($AS);
+				$item['item_fetched'] = true;
 				Activity::store($channel, $contact['abook_xchan'], $AS, $item);
 			}
 		}

Zotlabs/Daemon/Cron.php

@@ -3,6 +3,7 @@
 namespace Zotlabs\Daemon;
 
 use Zotlabs\Lib\Libsync;
+use Zotlabs\Lib\Libzotdir;
 
 class Cron {
 
@@ -35,6 +36,17 @@ class Cron {
 
 		logger('cron: start');
 
+		// If this is a directory server, request a sync with an upstream
+		// directory at least once a day, up to once every poll interval.
+		// Pull remote changes and push local changes.
+		// potential issue: how do we keep from creating an endless update loop?
+
+		$dirmode = get_config('system', 'directory_mode');
+
+		if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
+			Libzotdir::sync_directories($dirmode);
+		}
+
 		// run queue delivery process in the background
 
 		Master::Summon(array('Queue'));

Zotlabs/Daemon/Cron_daily.php

@@ -94,17 +94,6 @@ class Cron_daily {
 		// expire any expired accounts
 		downgrade_accounts();
 
-		// If this is a directory server, request a sync with an upstream
-		// directory at least once a day, up to once every poll interval.
-		// Pull remote changes and push local changes.
-		// potential issue: how do we keep from creating an endless update loop?
-
-		$dirmode = get_config('system', 'directory_mode');
-
-		if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
-			Libzotdir::sync_directories($dirmode);
-		}
-
 		Master::Summon(array('Expire'));
 		Master::Summon(array('Cli_suggest'));
 

Zotlabs/Daemon/Expire.php

@@ -32,7 +32,6 @@ class Expire {
 		}
 
 		// physically remove anything that has been deleted for more than two months
-		/** @FIXME - this is a wretchedly inefficient query */
 
 		q("delete from item where item_pending_remove = 1 and changed < %s - INTERVAL %s",
 			db_utcnow(),
@@ -59,8 +58,8 @@ class Expire {
 					continue;
 
 				// service class default (if non-zero) over-rides the site default
-
 				$service_class_expire = service_class_fetch($rr['channel_id'], 'expire_days');
+
 				if (intval($service_class_expire))
 					$channel_expire = $service_class_expire;
 				else
@@ -85,7 +84,6 @@ class Expire {
 
 			// this should probably just fetch the channel_expire_days from the sys channel,
 			// but there's no convenient way to set it.
-
 			$expire_days = get_config('system', 'sys_expire_days');
 			if ($expire_days === false)
 				$expire_days = 30;
@@ -96,8 +94,9 @@ class Expire {
 
 			logger('Expire: sys interval: ' . $expire_days, LOGGER_DEBUG);
 
-			if ($expire_days)
+			if ($expire_days) {
 				item_expire($x['channel_id'], $expire_days, $commented_days);
+			}
 
 			logger('Expire: sys: done', LOGGER_DEBUG);
 		}

Zotlabs/Daemon/Externals.php

@@ -143,6 +143,7 @@ class Externals {
 						$AS = new ActivityStreams($message);
 						if ($AS->is_valid() && is_array($AS->obj)) {
 							$item = Activity::decode_note($AS);
+							$item['item_fetched'] = true;
 							Activity::store($importer, $contact['hubloc_hash'], $AS, $item);
 							$total++;
 						}

Zotlabs/Daemon/Notifier.php

@@ -409,9 +409,7 @@ class Notifier {
 				self::$private    = false;
 				self::$recipients = collect_recipients($parent_item, self::$private);
 
-				// FIXME add any additional recipients such as mentions, etc.
-
-				if ($top_level_post) {
+				if ($top_level_post && intval($target_item['item_wall'])) {
 					// remove clones who will receive the post via sync
 					self::$recipients = array_values(array_diff(self::$recipients, [$target_item['owner_xchan']]));
 				}

Zotlabs/Daemon/Onedirsync.php

@@ -15,61 +15,45 @@ class Onedirsync {
 			$update_id = intval($argv[1]);
 
 		if (!$update_id) {
-			logger('onedirsync: no update');
+			logger('onedirsync: no update id');
 			return;
 		}
 
-		$r = q("select * from updates where ud_id = %d limit 1",
+		$r = q("select * from updates where ud_id = %d",
 			intval($update_id)
 		);
 
-		if (!$r)
-			return;
-
-		if (($r[0]['ud_flags'] & UPDATE_FLAGS_UPDATED) || (!$r[0]['ud_addr']))
-			return;
-
-		// Have we probed this channel more recently than the other directory server
-		// (where we received this update from) ?
-		// If we have, we don't need to do anything except mark any older entries updated
-
-		$x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d )>0 order by ud_date desc limit 1",
-			dbesc($r[0]['ud_addr']),
-			dbesc($r[0]['ud_date']),
-			intval(UPDATE_FLAGS_UPDATED)
-		);
-		if ($x) {
-			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 and ud_date != '%s'",
-				intval(UPDATE_FLAGS_UPDATED),
-				dbesc($r[0]['ud_addr']),
-				intval(UPDATE_FLAGS_UPDATED),
-				dbesc($x[0]['ud_date'])
-			);
+		if (!$r) {
+			logger('onedirsync: update id not found');
 			return;
 		}
 
 		// ignore doing an update if this ud_addr refers to a known dead hubloc
 
-		$h = q("select * from hubloc where hubloc_addr = '%s'",
+		$h = q("select * from hubloc where hubloc_id_url = '%s' order by hubloc_id desc",
 			dbesc($r[0]['ud_addr']),
 		);
 
 		$h = Libzot::zot_record_preferred($h);
 
 		if (($h) && (($h['hubloc_status'] & HUBLOC_OFFLINE) || $h['hubloc_deleted'] || $h['hubloc_error'])) {
-			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 ",
-				intval(UPDATE_FLAGS_DELETED),
-				dbesc($r[0]['ud_addr']),
-				intval(UPDATE_FLAGS_UPDATED)
-			);
-			return;
+
+			// 2023-04-12: Try to update anyway since the info is not always correct
+			// This might change after all directory servers run the new code.
+
+			// q("update updates set ud_flags = 9 where ud_hash = '%s' and ud_flags != 9",
+			//	dbesc($r[0]['ud_hash'])
+			//);
+
+			// return;
 		}
 
 		// we might have to pull this out some day, but for now update_directory_entry()
 		// runs zot_finger() and is kind of zot specific
 
-		if ($h && $h['hubloc_network'] !== 'zot6')
+		if ($h && $h['hubloc_network'] !== 'zot6') {
 			return;
+		}
 
 		Libzotdir::update_directory_entry($r[0]);
 

Zotlabs/Daemon/Onepoll.php

@@ -30,14 +30,10 @@ class Onepoll {
 			$sql_extra = ' and abook_feed = 0 ';
 		}
 
-		$contacts = q("SELECT abook.*, xchan.*, account.*
-			FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan
-			where abook_id = %d $sql_extra
-			and abook_pending = 0 and abook_archived = 0 and abook_blocked = 0 and abook_ignored = 0
-			AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1",
-			intval($contact_id),
-			intval(ACCOUNT_OK),
-			intval(ACCOUNT_UNVERIFIED)
+		$contacts = q("SELECT abook.*, xchan.* FROM abook
+			LEFT JOIN xchan ON xchan_hash = abook_xchan
+			WHERE abook_id = %d",
+			intval($contact_id)
 		);
 
 		if (!$contacts) {
@@ -172,6 +168,7 @@ class Onepoll {
 							$AS = new ActivityStreams($message);
 							if ($AS->is_valid() && is_array($AS->obj)) {
 								$item = Activity::decode_note($AS);
+								$item['item_fetched'] = true;
 								Activity::store($importer, $contact['abook_xchan'], $AS, $item);
 							}
 						}

Zotlabs/Daemon/Poller.php

@@ -19,24 +19,6 @@ class Poller {
 
 		$interval = get_config('queueworker', 'queue_interval', 500000);
 
-/*
-		if (!$interval) {
-			$interval = ((get_config('system', 'delivery_interval') === false) ? 3 : intval(get_config('system', 'delivery_interval')));
-		}
-
-		// Check for a lockfile.  If it exists, but is over an hour old, it's stale.  Ignore it.
-		$lockfile = 'store/[data]/poller';
-		if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 3600))
-			&& (!get_config('system', 'override_poll_lockfile'))) {
-			logger("poller: Already running");
-			return;
-		}
-
-		// Create a lockfile.  Needs two vars, but $x doesn't need to contain anything.
-		$x = '';
-		file_put_contents($lockfile, $x);
-*/
-
 		logger('poller: start');
 
 		$manual_id  = 0;
@@ -67,6 +49,11 @@ class Poller {
 			: ''
 		);
 
+		$allow_feeds = get_config('system', 'feed_contacts');
+		if(!$allow_feeds) {
+			$sql_extra .= ' and abook_feed = 0 ';
+		}
+
 		$randfunc = db_getfunc('RAND');
 
 		$contacts = q("SELECT abook.abook_updated, abook.abook_connected, abook.abook_feed,
@@ -76,7 +63,7 @@ class Poller {
 			account.account_lastlog, account.account_flags
 			FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash
 			LEFT JOIN account on abook_account = account_id
-			where abook_self = 0
+			where abook_self = 0 and abook_pending = 0 and abook_archived = 0 and abook_blocked = 0 and abook_ignored = 0
 			$sql_extra
 			AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY $randfunc",
 			intval(ACCOUNT_OK),
@@ -183,11 +170,12 @@ class Poller {
 		$dirmode = intval(get_config('system', 'directory_mode'));
 
 		if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
-			$r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last <= '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ",
-				intval(UPDATE_FLAGS_UPDATED),
+			$r = q("SELECT * FROM updates WHERE ud_update = 1 AND (ud_last = '%s' OR ud_last > %s - INTERVAL %s)",
 				dbesc(NULL_DATE),
-				db_utcnow(), db_quoteinterval('7 DAY')
+				db_utcnow(),
+				db_quoteinterval('7 DAY')
 			);
+
 			if ($r) {
 				foreach ($r as $rr) {
 
@@ -209,10 +197,6 @@ class Poller {
 
 		set_config('system', 'lastpoll', datetime_convert());
 
-		//All done - clear the lockfile
-/*
-		@unlink($lockfile);
-*/
 		return;
 	}
 }

Zotlabs/Daemon/Queue.php

@@ -7,79 +7,59 @@ use Zotlabs\Lib\Queue as LibQueue;
 class Queue {
 
 	static public function run($argc, $argv) {
-
-		require_once('include/items.php');
-		require_once('include/bbcode.php');
-
-		if ($argc > 1)
-			$queue_id = $argv[1];
-		else
-			$queue_id = EMPTY_STR;
+		$queue_id = ($argc > 1) ? $argv[1] : '';
 
 		logger('queue: start');
 
 		// delete all queue items more than 3 days old
 		// but first mark these sites dead if we haven't heard from them in a month
 
-		$r = q("select outq_posturl from outq where outq_created < %s - INTERVAL %s",
-			db_utcnow(), db_quoteinterval('3 DAY')
+		$oldqItems = q("select outq_posturl, outq_hash from outq where outq_created < %s - INTERVAL %s",
+			db_utcnow(),
+			db_quoteinterval('3 DAY')
 		);
-		if ($r) {
-			foreach ($r as $rr) {
-				$h       = parse_url($rr['outq_posturl']);
-				$desturl = $h['scheme'] . '://' . $h['host'] . (isset($h['port']) ? ':' . $h['port'] : '');
+
+		if ($oldqItems) {
+			foreach ($oldqItems as $qItem) {
+				$h = parse_url($qItem['outq_posturl']);
+				$site_url = $h['scheme'] . '://' . $h['host'] . ((!empty($h['port'])) ? ':' . $h['port'] : '');
 				q("update site set site_dead = 1 where site_dead = 0 and site_url = '%s' and site_update < %s - INTERVAL %s",
-					dbesc($desturl),
-					db_utcnow(), db_quoteinterval('1 MONTH')
+					dbesc($site_url),
+					db_utcnow(),
+					db_quoteinterval('1 MONTH')
 				);
 			}
+
+			$old_hashes = ids_to_querystr($oldqItems, 'outq_hash', true);
+
+			logger('Removing ' . count($oldqItems) . ' old queue entries');
+			dbq("DELETE FROM outq WHERE outq_hash IN ($old_hashes)");
+
 		}
 
-		q("DELETE FROM outq WHERE outq_created < %s - INTERVAL %s",
-			db_utcnow(), db_quoteinterval('3 DAY')
-		);
+		$deliveries = [];
 
 		if ($queue_id) {
-			$r = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1",
+			$qItems = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1",
 				dbesc($queue_id)
 			);
+			logger('queue deliver: ' . $qItems[0]['outq_hash'] . ' to ' . $qItems[0]['outq_posturl'], LOGGER_DEBUG);
+			LibQueue::deliver($qItems[0]);
 		}
 		else {
-
-			// For the first 12 hours we'll try to deliver every 15 minutes
-			// After that, we'll only attempt delivery once per hour.
-			// This currently only handles the default queue drivers ('zot' or '') which we will group by posturl
-			// so that we don't start off a thousand deliveries for a couple of dead hubs.
-			// The zot driver will deliver everything destined for a single hub once contact is made (*if* contact is made).
-			// Other drivers will have to do something different here and may need their own query.
-
-			// Note: this requires some tweaking as new posts to long dead hubs once a day will keep them in the
-			// "every 15 minutes" category. We probably need to prioritise them when inserted into the queue
-			// or just prior to this query based on recent and long-term delivery history. If we have good reason to believe
-			// the site is permanently down, there's no reason to attempt delivery at all, or at most not more than once
-			// or twice a day.
-
-			$sqlrandfunc = db_getfunc('rand');
-
-			$r = q("SELECT *,$sqlrandfunc as rn FROM outq WHERE outq_delivered = 0 and outq_scheduled < %s order by rn limit 1",
+			$qItems = q("SELECT outq_hash FROM outq WHERE outq_scheduled < %s ",
 				db_utcnow()
 			);
-			while ($r) {
-				foreach ($r as $rv) {
-					LibQueue::deliver($rv);
+
+			if ($qItems) {
+				foreach ($qItems as $qItem) {
+					$deliveries[] = $qItem['outq_hash'];
 				}
-				$r = q("SELECT *,$sqlrandfunc as rn FROM outq WHERE outq_delivered = 0 and outq_scheduled < %s order by rn limit 1",
-					db_utcnow()
-				);
+
+				shuffle($deliveries);
+				do_delivery($deliveries, true);
 			}
-		}
-		if (!$r)
-			return;
-
-		foreach ($r as $rv) {
-			LibQueue::deliver($rv);
-		}
-
-		return;
+		 }
 	}
+
 }

Zotlabs/Daemon/Zotconvo.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace Zotlabs\Daemon;
+
+use Zotlabs\Lib\Libzot;
+
+class Zotconvo {
+
+	static public function run($argc, $argv) {
+
+		logger('Zotconvo invoked: ' . print_r($argv, true));
+
+		if ($argc != 3) {
+			return;
+		}
+
+		$mid = $argv[2];
+		if (!$mid) {
+			return;
+		}
+
+		$channel = channelx_by_n(intval($argv[1]));
+		if (!$channel) {
+			return;
+		}
+
+		Libzot::fetch_conversation($channel, $mid);
+
+		return;
+
+	}
+}

Zotlabs/Lib/Activity.php

@@ -50,7 +50,27 @@ class Activity {
 
 	}
 
+	public static function fetch_local($url, $portable_id) {
+		$sql_extra = item_permissions_sql(0, $portable_id);
+		$item_normal = item_normal();
+
+		// Find the original object
+		$j = q(
+			"select *, id as item_id from item where mid = '%s' and item_wall = 1 $item_normal $sql_extra",
+			dbesc($url)
+		);
+		if ($j) {
+			xchan_query($j, true);
+			$items = fetch_post_tags($j);
+		}
+		if ($items) {
+			return self::encode_item(array_shift($items), true);
+		}
+		return null;
+	}
+
 	static function fetch($url, $channel = null) {
+
 		$redirects = 0;
 		if (!check_siteallowed($url)) {
 			logger('blacklisted: ' . $url);
@@ -289,7 +309,7 @@ class Activity {
 
 	static function encode_item_collection($items, $id, $type, $total = 0) {
 
-		if ($total > 30) {
+		if ($total > App::$pager['itemspage']) {
 			$ret = [
 				'id'   => z_root() . '/' . $id,
 				'type' => $type . 'Page',
@@ -419,10 +439,6 @@ class Activity {
 			$objtype = self::activity_obj_mapper($i['obj_type']);
 		}
 
-		if (isset($i['obj']) && $i['obj']) {
-			$ret = Activity::encode_object($i['obj']);
-		}
-
 		if (intval($i['item_deleted'])) {
 			$ret['type']       = 'Tombstone';
 			$ret['formerType'] = $objtype;
@@ -463,6 +479,30 @@ class Activity {
 		$ret['id']            = ((strpos($i['mid'], 'http') === 0) ? $i['mid'] : z_root() . '/item/' . urlencode($i['mid']));
 		$ret['diaspora:guid'] = $i['uuid'];
 
+		$images = [];
+		$has_images = preg_match_all('/\[[zi]mg(.*?)](.*?)\[/ism', $i['body'], $images, PREG_SET_ORDER);
+
+		// provide ocap access token for private media.
+		// set this for descendants even if the current item is not private
+		// because it may have been relayed from a private item.
+
+		$token = get_iconfig($i, 'ocap', 'relay');
+		if ($token && $has_images) {
+			$matches_processed = [];
+			for ($n = 0; $n < count($images); $n++) {
+				$match = $images[$n];
+				if (str_starts_with($match[1], '=http') && str_contains($match[1], z_root() . '/photo/') && !in_array($match[1], $matches_processed)) {
+					$i['body'] = str_replace($match[1], $match[1] . '?token=' . $token, $i['body']);
+					$images[$n][2] = substr($match[1], 1) . '?token=' . $token;
+					$matches_processed[] = $match[1];
+				} elseif (str_contains($match[2], z_root() . '/photo/') && !in_array($match[2], $matches_processed)) {
+					$i['body'] = str_replace($match[2], $match[2] . '?token=' . $token, $i['body']);
+					$images[$n][2] = $match[2] . '?token=' . $token;
+					$matches_processed[] = $match[2];
+				}
+			}
+		}
+
 		if ($i['title'])
 			$ret['name'] = $i['title'];
 
@@ -626,11 +666,15 @@ class Activity {
 			$atts = ((is_array($item['attach'])) ? $item['attach'] : json_decode($item['attach'], true));
 			if ($atts) {
 				foreach ($atts as $att) {
+					if (!isset($att['type'], $att['href'])) {
+						continue;
+					}
+
 					if (isset($att['type']) && strpos($att['type'], 'image')) {
-						$ret[] = ['type' => 'Image', 'url' => $att['href']];
+						$ret[] = ['type' => 'Image', 'mediaType' => $att['type'], 'name' => $att['title'], 'url' => $att['href']];
 					}
 					else {
-						$ret[] = ['type' => 'Link', 'mediaType' => $att['type'], 'href' => $att['href']];
+						$ret[] = ['type' => 'Link', 'mediaType' => $att['type'], 'name' => $att['title'], 'href' => $att['href']];
 					}
 				}
 			}
@@ -680,7 +724,7 @@ class Activity {
 
 		$ret = [];
 
-		if (isset($item['attachment'])) {
+		if (isset($item['attachment']) && is_array($item['attachment'])) {
 			$ptr = $item['attachment'];
 			if (!array_key_exists(0, $ptr)) {
 				$ptr = [$ptr];
@@ -700,6 +744,13 @@ class Activity {
 				if (array_key_exists('name', $att) && $att['name']) {
 					$entry['name'] = html2plain(purify_html($att['name']), 256);
 				}
+				// Friendica attachments don't match the URL in the body.
+				// This makes it more difficult to detect image duplication in bb_attach()
+				// which adds images to plaintext microblog software. For these we need to examine both the
+				// url and image properties.
+				if (isset($att['image']) && is_string($att['image']) && isset($att['url']) && $att['image'] !== $att['url']) {
+					$entry['image'] = $att['image'];
+				}
 				if ($entry) {
 					$ret[] = $entry;
 				}
@@ -822,7 +873,8 @@ class Activity {
 			];
 		}
 
-		$ret['published'] = ((isset($i['created'])) ? datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME) : datetime_convert());
+		$ret['published'] = datetime_convert('UTC', 'UTC', $i['created'], ATOM_TIME);
+
 		if (isset($i['created'], $i['edited']) && $i['created'] !== $i['edited']) {
 			$ret['updated'] = datetime_convert('UTC', 'UTC', $i['edited'], ATOM_TIME);
 			if ($ret['type'] === 'Create') {
@@ -833,7 +885,7 @@ class Activity {
 		if (isset($i['app']) && $i['app']) {
 			$ret['generator'] = ['type' => 'Application', 'name' => $i['app']];
 		}
-		if (isset($i['location']) || isset($i['coord'])) {
+		if (!empty($i['location']) || !empty($i['coord'])) {
 			$ret['location'] = ['type' => 'Place'];
 			if ($i['location']) {
 				$ret['location']['name'] = $i['location'];
@@ -921,7 +973,6 @@ class Activity {
 		];
 
 		call_hooks('encode_activity', $hookinfo);
-
 		return $hookinfo['encoded'];
 	}
 
@@ -966,10 +1017,14 @@ class Activity {
 			$tmp  = expand_acl($i['allow_cid']);
 			$list = stringify_array($tmp, true);
 			if ($list) {
-				$details = q("select hubloc_id_url from hubloc where hubloc_hash in (" . $list . ") and hubloc_id_url != '' and hubloc_deleted = 0");
+				$details = q("select hubloc_id_url, hubloc_hash, hubloc_network from hubloc where hubloc_hash in (" . $list . ") and hubloc_id_url != '' and hubloc_deleted = 0");
 				if ($details) {
 					foreach ($details as $d) {
-						$ret[] = $d['hubloc_id_url'];
+						if ($d['hubloc_network'] === 'activitypub') {
+							$ret[] = $d['hubloc_hash'];
+						} else {
+							$ret[] = $d['hubloc_id_url'];
+						}
 					}
 				}
 			}
@@ -999,16 +1054,19 @@ class Activity {
 
 	static function encode_person($p, $extended = true) {
 
-		if (!$p['xchan_url'])
-			return [];
+		$c = ((array_key_exists('channel_id', $p)) ? $p : channelx_by_hash($p['xchan_hash']));
 
-		if (!$extended) {
-			return $p['xchan_url'];
+		$id = (($c) ? channel_url($c) : ((filter_var($p['xchan_hash'], FILTER_VALIDATE_URL)) ? $p['xchan_hash'] : $p['xchan_url']));
+
+		$ret = (($extended) ? [] : '');
+
+		if (!$id) {
+			return $ret;
 		}
 
-		$ret = [];
-
-		$c = ((array_key_exists('channel_id', $p)) ? $p : channelx_by_hash($p['xchan_hash']));
+		if (!$extended) {
+			return $id;
+		}
 
 		$ret['type'] = 'Person';
 
@@ -1020,15 +1078,9 @@ class Activity {
 			$ret['manuallyApprovesFollowers'] = ((get_pconfig($c['channel_id'], 'system', 'autoperms')) ? false : true);
 		}
 
-		if ($c) {
-			$ret['id'] = channel_url($c);
-		}
-		else {
-			$ret['id'] = ((strpos($p['xchan_hash'], 'http') === 0) ? $p['xchan_hash'] : $p['xchan_url']);
-		}
+		$ret['id'] = $id;
 
-		if ($p['xchan_addr'] && strpos($p['xchan_addr'], '@'))
-			$ret['preferredUsername'] = substr($p['xchan_addr'], 0, strpos($p['xchan_addr'], '@'));
+		$ret['preferredUsername'] = (($c) ? $c['channel_address'] : substr($p['xchan_addr'], 0, strpos($p['xchan_addr'], '@')));
 
 		$ret['name']    = $p['xchan_name'];
 		$ret['updated'] = datetime_convert('UTC', 'UTC', $p['xchan_name_date'], ATOM_TIME);
@@ -1066,11 +1118,11 @@ class Activity {
 		];
 */
 
-		$ret['url'] = $p['xchan_url'];
+		$ret['url'] = $id;
 
 		$ret['publicKey'] = [
-			'id'                 => $p['xchan_url'],
-			'owner'              => $p['xchan_url'],
+			'id'                 => $id,
+			'owner'              => $id,
 			'signatureAlgorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
 			'publicKeyPem'       => $p['xchan_pubkey']
 		];
@@ -1093,6 +1145,7 @@ class Activity {
 		call_hooks('encode_person', $arr);
 
 		$ret = $arr['encoded'];
+
 		return $ret;
 	}
 
@@ -1329,7 +1382,8 @@ class Activity {
 			}
 		}
 
-		$x           = PermissionRoles::role_perms('personal');
+		$role = get_pconfig($channel['channel_id'], 'system', 'permissions_role', 'personal');
+		$x = PermissionRoles::role_perms($role);
 		$their_perms = Permissions::FilledPerms($x['perms_connect']);
 
 		if ($contact && $contact['abook_id']) {
@@ -1354,10 +1408,15 @@ class Activity {
 					return;
 
 				case 'Accept':
+					// They accepted our Follow request.
+					// Set default permissions except for send_stream and post_wall
 
-					// They accepted our Follow request - set default permissions
-
-					set_abconfig($channel['channel_id'], $contact['abook_xchan'], 'system', 'their_perms', $their_perms);
+					foreach ($their_perms as $k => $v) {
+						if(in_array($k, ['send_stream', 'post_wall'])) {
+							continue; // Those will be set once we accept their follow request
+						}
+						set_abconfig($channel['channel_id'], $contact['abook_xchan'], 'their_perms', $k, $v);
+					}
 
 					$abook_instance = $contact['abook_instance'];
 
@@ -1527,10 +1586,17 @@ class Activity {
 		}
 
 		if (in_array($observer, [$r[0]['author_xchan'], $r[0]['owner_xchan']])) {
-			drop_item($r[0]['id'], false);
+			drop_item($r[0]['id'], false, (($r[0]['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
 		} elseif (in_array($act->actor['id'], [$r[0]['author_xchan'], $r[0]['owner_xchan']])) {
-			drop_item($r[0]['id'], false);
+			drop_item($r[0]['id'], false, (($r[0]['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
 		}
+
+		sync_an_item($channel['channel_id'], $r[0]['id']);
+
+		if ($r[0]['item_wall']) {
+			Master::Summon(['Notifier', 'drop', $r[0]['id']]);
+		}
+
 	}
 
 
@@ -1690,6 +1756,8 @@ class Activity {
 			}
 		}
 
+		$group_actor = ($person_obj['type'] === 'Group');
+
 		$r = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s'",
 			dbesc($url)
 		);
@@ -1708,11 +1776,12 @@ class Activity {
 			);
 
 			// update existing xchan record
-			q("update xchan set xchan_name = '%s', xchan_pubkey = '%s', xchan_addr = '%s', xchan_network = 'activitypub', xchan_name_date = '%s' where xchan_hash = '%s'",
+			q("update xchan set xchan_name = '%s', xchan_pubkey = '%s', xchan_addr = '%s', xchan_network = 'activitypub', xchan_name_date = '%s', xchan_pubforum = %d where xchan_hash = '%s'",
 				dbesc(escape_tags($name)),
 				dbesc(escape_tags($pubkey)),
 				dbesc(escape_tags($webfinger_addr)),
 				dbescdate(datetime_convert()),
+				intval($group_actor),
 				dbesc($url)
 			);
 
@@ -1739,7 +1808,8 @@ class Activity {
 					'xchan_url'       => $profile,
 					'xchan_name'      => escape_tags($name),
 					'xchan_name_date' => datetime_convert(),
-					'xchan_network'   => 'activitypub'
+					'xchan_network'   => 'activitypub',
+					'xchan_pubforum'  => intval($group_actor)
 				]
 			);
 
@@ -1768,6 +1838,10 @@ class Activity {
 				dbesc($url)
 			);
 			if (!$zx) {
+				// FIXME: we might need to fetch and store this url immediately
+				// otherwise at least the first post of a yet unknown author might
+				// be stored with the activitypub url instead of the portable id.
+				// Another solution could be to fix the items after Gprobe has done its work.
 				Master::Summon(['Gprobe', bin2hex($url)]);
 			}
 		}
@@ -2091,6 +2165,10 @@ class Activity {
 			return false;
 		}
 
+		if (intval($post['item_blocked']) === ITEM_MODERATED) {
+			return false;
+		}
+
 		dbq("START TRANSACTION");
 
 		$item = q("SELECT * FROM item WHERE id = %d FOR UPDATE",
@@ -2205,20 +2283,16 @@ class Activity {
 	static function decode_note($act) {
 
 		$response_activity = false;
-
 		$s = [];
 
 		// These activities should have been handled separately in the Inbox module and should not be turned into posts
 
 		if (
 			in_array($act->type, ['Follow', 'Accept', 'Reject', 'Create', 'Update']) &&
-			is_array($act->obj) &&
-			array_key_exists('type', $act->obj) &&
-			($act->obj['type'] === 'Follow' || ActivityStreams::is_an_actor($act->obj['type']))
+			($act->objprop('type') === 'Follow' || ActivityStreams::is_an_actor($act->objprop('type')))
 		) {
 			return false;
 		}
-
 		// Within our family of projects, Follow/Unfollow of a thread is an internal activity which should not be transmitted,
 		// hence if we receive it - ignore or reject it.
 		// Unfollow is not defined by ActivityStreams, which prefers Undo->Follow.
@@ -2245,7 +2319,7 @@ class Activity {
 			$content = self::get_content($act->obj);
 		}
 
-		$s['mid'] = ((is_array($act->obj) && isset($act->obj['id'])) ? $act->obj['id'] : $act->obj);
+		$s['mid'] = $act->objprop('id') ?: $act->obj;
 
 		if (!$s['mid']) {
 			return false;
@@ -2253,7 +2327,7 @@ class Activity {
 
 		// Friendica sends the diaspora guid in a nonstandard field via AP
 		// If no uuid is provided we will create an uuid v5 from the mid
-		$s['uuid'] = ((is_array($act->obj) && isset($act->obj['diaspora:guid'])) ? $act->obj['diaspora:guid'] : uuid_from_url($s['mid']));
+		$s['uuid'] = (($act->objprop('diaspora:guid')) ?: uuid_from_url($s['mid']));
 
 		$s['parent_mid'] = $act->parent_id;
 
@@ -2261,24 +2335,24 @@ class Activity {
 			$s['created']   = datetime_convert('UTC', 'UTC', $act->data['published']);
 			$s['commented'] = $s['created'];
 		}
-		elseif (is_array($act->obj) && array_key_exists('published', $act->obj)) {
+		elseif ($act->objprop('published')) {
 			$s['created']   = datetime_convert('UTC', 'UTC', $act->obj['published']);
 			$s['commented'] = $s['created'];
 		}
 		if (array_key_exists('updated', $act->data)) {
 			$s['edited'] = datetime_convert('UTC', 'UTC', $act->data['updated']);
 		}
-		elseif (is_array($act->obj) && array_key_exists('updated', $act->obj)) {
+		elseif ($act->objprop('updated')) {
 			$s['edited'] = datetime_convert('UTC', 'UTC', $act->obj['updated']);
 		}
 		if (array_key_exists('expires', $act->data)) {
 			$s['expires'] = datetime_convert('UTC', 'UTC', $act->data['expires']);
 		}
-		elseif (is_array($act->obj) && array_key_exists('expires', $act->obj)) {
+		elseif ($act->objprop('expires')) {
 			$s['expires'] = datetime_convert('UTC', 'UTC', $act->obj['expires']);
 		}
 
-		if ($act->type === 'Invite' && is_array($act->obj) && array_key_exists('type', $act->obj) && $act->obj['type'] === 'Event') {
+		if ($act->type === 'Invite' && $act->objprop('type') === 'Event') {
 			$s['mid'] = $s['parent_mid'] = $act->id;
 		}
 
@@ -2287,10 +2361,22 @@ class Activity {
 			$response_activity = true;
 
 			$s['mid'] = $act->id;
-			$s['uuid'] = ((is_array($act->data) && isset($act->data['diaspora:guid'])) ? $act->data['diaspora:guid'] : uuid_from_url($s['mid']));
+			$s['uuid'] = ((!empty($act->data['diaspora:guid'])) ? $act->data['diaspora:guid'] : uuid_from_url($s['mid']));
 
-			$s['parent_mid'] = ((is_array($act->obj) && isset($act->obj['id'])) ? $act->obj['id'] : $act->obj);
+			$s['parent_mid'] = $act->objprop('id') ?: $act->obj;
 
+/*
+			if ($act->objprop('inReplyTo')) {
+				$s['parent_mid'] = $act->objprop('inReplyTo');
+			}
+
+			$s['thr_parent'] = $act->objprop('id') ?: $act->obj;
+
+			if (empty($s['parent_mid']) || empty($s['thr_parent'])) {
+				logger('response activity without parent_mid or thr_parent');
+				return;
+			}
+*/
 			// over-ride the object timestamp with the activity
 
 			if (isset($act->data['published'])) {
@@ -2301,7 +2387,7 @@ class Activity {
 				$s['edited'] = datetime_convert('UTC', 'UTC', $act->data['updated']);
 			}
 
-			$obj_actor = ((isset($act->obj['actor'])) ? $act->obj['actor'] : $act->get_actor('attributedTo', $act->obj));
+			$obj_actor = $act->objprop('actor') ?: $act->get_actor('attributedTo', $act->obj);
 
 			if (!isset($obj_actor['id'])) {
 				return false;
@@ -2320,7 +2406,7 @@ class Activity {
 			}
 
 			// handle event RSVPs
-			if (($act->obj['type'] === 'Event') || ($act->obj['type'] === 'Invite' && array_path_exists('object/type', $act->obj) && $act->obj['object']['type'] === 'Event')) {
+			if (($act->objprop('type') === 'Event') || ($act->objprop('type') === 'Invite' && array_path_exists('object/type', $act->obj) && $act->obj['object']['type'] === 'Event')) {
 				if ($act->type === 'Accept') {
 					$content['content'] = sprintf(t('Will attend %s\'s event'), $mention) . EOL . EOL . $content['content'];
 				}
@@ -2355,7 +2441,7 @@ class Activity {
 			$s['item_thread_top'] = 1;
 
 			// it is a parent node - decode the comment policy info if present
-			if (isset($act->obj['commentPolicy'])) {
+			if ($act->objprop('commentPolicy')) {
 				$until = strpos($act->obj['commentPolicy'], 'until=');
 				if ($until !== false) {
 					$s['comments_closed'] = datetime_convert('UTC', 'UTC', substr($act->obj['commentPolicy'], $until + 6));
@@ -2381,7 +2467,7 @@ class Activity {
 		$s['summary'] = self::bb_content($content, 'summary');
 		$s['body']    = ((self::bb_content($content, 'bbcode') && (!$response_activity)) ? self::bb_content($content, 'bbcode') : self::bb_content($content, 'content'));
 
-		if (isset($act->obj['quoteUrl'])) {
+		if ($act->objprop('quoteUrl')) {
 			$quote_bbcode = self::get_quote_bbcode($act->obj['quoteUrl']);
 
 			if ($s['body']) {
@@ -2394,21 +2480,24 @@ class Activity {
 		$s['verb'] = self::activity_decode_mapper($act->type);
 
 		// Mastodon does not provide update timestamps when updating poll tallies which means race conditions may occur here.
-		if ($act->type === 'Update' && $act->obj['type'] === 'Question' && $s['edited'] === $s['created']) {
+		if ($act->type === 'Update' && $act->objprop('type') === 'Question' && $s['edited'] === $s['created']) {
 			$s['edited'] = datetime_convert();
 		}
 
-		if (in_array($act->type, ['Delete', 'Undo', 'Tombstone']) || ($act->type === 'Create' && $act->obj['type'] === 'Tombstone')) {
+		if (in_array($act->type, ['Delete', 'Undo', 'Tombstone']) || ($act->type === 'Create' && (isset($act->obj['type']) && $act->obj['type'] === 'Tombstone'))) {
 			$s['item_deleted'] = 1;
 		}
 
-		$s['obj_type'] = self::activity_obj_decode_mapper($act->obj['type']);
+		if (isset($act->obj['type'])) {
+			$s['obj_type'] = self::activity_obj_decode_mapper($act->obj['type']);
+		}
+
 		if ($s['obj_type'] === ACTIVITY_OBJ_NOTE && $s['mid'] !== $s['parent_mid']) {
 			$s['obj_type'] = ACTIVITY_OBJ_COMMENT;
 		}
 
 		$s['obj'] = $act->obj;
-		if (is_array($s['obj']) && array_path_exists('actor/id', $s['obj'])) {
+		if (array_path_exists('actor/id', $s['obj'])) {
 			$s['obj']['actor'] = $s['obj']['actor']['id'];
 		}
 
@@ -2490,38 +2579,40 @@ class Activity {
 			}
 		}
 
-		if (array_key_exists('type', $act->obj)) {
 
-			// Objects that might have media attachments which aren't already provided in the content element.
-			// We'll check specific media objects separately.
+		// Objects that might have media attachments which aren't already provided in the content element.
+		// We'll check specific media objects separately.
 
-			if (in_array($act->obj['type'], ['Article', 'Document', 'Event', 'Note', 'Page', 'Place', 'Question']) && isset($s['attach']) && $s['attach']) {
-				$s = self::bb_attach($s);
-			}
+		if (in_array($act->objprop('type',''), ['Article', 'Document', 'Event', 'Note', 'Page', 'Place', 'Question']) && !empty($s['attach'])) {
+			$s = self::bb_attach($s);
+		}
 
-			if ($act->obj['type'] === 'Question' && in_array($act->type, ['Create', 'Update'])) {
-				if (array_key_exists('endTime', $act->obj)) {
-					$s['comments_closed'] = datetime_convert('UTC', 'UTC', $act->obj['endTime']);
-				}
+		if ($act->objprop('type') === 'Question' && in_array($act->type, ['Create', 'Update'])) {
+			if ($act->objprop('endTime')) {
+				$s['comments_closed'] = datetime_convert('UTC', 'UTC', $act->obj['endTime']);
 			}
 		}
 
-		if (array_key_exists('closed', $act->obj)) {
+		if ($act->objprop('closed')) {
 			$s['comments_closed'] = datetime_convert('UTC', 'UTC', $act->obj['closed']);
 		}
 
 		if (!$response_activity) {
 			if ($act->type === 'Announce') {
 				$s['author_xchan'] = self::get_attributed_to_actor_url($act);
-				$s['mid'] = $act->obj['id'];
-				$s['parent_mid'] = $act->obj['id'];
+				$s['mid'] = $act->objprop('id') ?: $act->obj;
+
+				// Do not force new thread if the announce is from a group actor
+				if ($act->actor['type'] !== 'Group') {
+					$s['parent_mid'] = $act->objprop('id') ?: $act->obj;
+				}
 			}
 
 			// we will need a hook here to extract magnet links e.g. peertube
 			// right now just link to the largest mp4 we find that will fit in our
 			// standard content region
 
-			if ($act->obj['type'] === 'Video') {
+			if ($act->objprop('type') === 'Video') {
 
 				$vtypes = [
 					'video/mp4',
@@ -2535,7 +2626,7 @@ class Activity {
 
 				// try to find a poster to display on the video element
 
-				if (array_key_exists('icon',$act->obj)) {
+				if ($act->objprop('icon')) {
 					if (is_array($act->obj['icon'])) {
 						if (array_key_exists(0,$act->obj['icon'])) {
 							$ptr = $act->obj['icon'];
@@ -2556,7 +2647,7 @@ class Activity {
 				$tag = (($poster) ? '[video poster=&quot;' . $poster . '&quot;]' : '[video]' );
 				$ptr = null;
 
-				if (array_key_exists('url',$act->obj)) {
+				if ($act->objprop('url')) {
 					if (is_array($act->obj['url'])) {
 						if (array_key_exists(0,$act->obj['url'])) {
 							$ptr = $act->obj['url'];
@@ -2589,20 +2680,20 @@ class Activity {
 					if ($mps) {
 						usort($mps,[ '\Zotlabs\Lib\Activity', 'vid_sort' ]);
 						foreach ($mps as $m) {
-							if (intval($m['height']) < 500 && Activity::media_not_in_body($m['href'],$s['body'])) {
+							if (intval($m['height']) < 500 && self::media_not_in_body($m['href'],$s['body'])) {
 								$s['body'] = $tag . $m['href'] . '[/video]' . "\r\n" . $s['body'];
 								break;
 							}
 						}
 					}
-					elseif (is_string($act->obj['url']) && Activity::media_not_in_body($act->obj['url'],$s['body'])) {
+					elseif (is_string($act->obj['url']) && self::media_not_in_body($act->obj['url'],$s['body'])) {
 						$s['body'] = $tag . $act->obj['url'] . '[/video]' . "\r\n" . $s['body'];
 					}
 
 				}
 			}
 
-			if ($act->obj['type'] === 'Audio') {
+			if ($act->objprop('type') === 'Audio') {
 
 				$atypes = [
 					'audio/mpeg',
@@ -2634,7 +2725,7 @@ class Activity {
 
 			}
 
-			if ($act->obj['type'] === 'Image' && strpos($s['body'], 'zrl=') === false) {
+			if ($act->objprop('type') === 'Image' && strpos($s['body'], 'zrl=') === false) {
 
 				$ptr = null;
 
@@ -2663,7 +2754,7 @@ class Activity {
 			}
 
 
-			if ($act->obj['type'] === 'Page' && !$s['body']) {
+			if ($act->objprop('type') === 'Page' && !$s['body']) {
 
 				$ptr  = null;
 				$purl = EMPTY_STR;
@@ -2703,7 +2794,7 @@ class Activity {
 			}
 		}
 
-		if (in_array($act->obj['type'], ['Note', 'Article', 'Page'])) {
+		if (in_array($act->objprop('type', ''), ['Note', 'Article', 'Page'])) {
 			$ptr = null;
 
 			if (array_key_exists('url', $act->obj)) {
@@ -2738,10 +2829,8 @@ class Activity {
 			$s['item_private'] = 0;
 		}
 
-		if (is_array($act->obj)) {
-			if (array_key_exists('directMessage', $act->obj) && intval($act->obj['directMessage'])) {
-				$s['item_private'] = 2;
-			}
+		if ($act->objprop('directMessage')) {
+			$s['item_private'] = 2;
 		}
 
 		$ap_rawmsg = '';
@@ -2824,7 +2913,6 @@ class Activity {
 		];
 
 		call_hooks('decode_note', $hookinfo);
-
 		return $hookinfo['s'];
 
 	}
@@ -2832,6 +2920,7 @@ class Activity {
 	static function store($channel, $observer_hash, $act, $item, $fetch_parents = true, $force = false) {
 		$is_sys_channel = is_sys_channel($channel['channel_id']);
 		$is_child_node  = false;
+		$parent = null;
 
 		// TODO: not implemented
 		// Pleroma scrobbles can be really noisy and contain lots of duplicate activities. Disable them by default.
@@ -2843,26 +2932,37 @@ class Activity {
 			$is_child_node = true;
 		}
 
-		$allowed = false;
+		if (empty($item['item_fetched'])) {
+			$item['owner_xchan'] = $observer_hash;
+		}
 
-		// TODO: not implemented
-		// $permit_mentions = intval(PConfig::Get($channel['channel_id'], 'system','permit_all_mentions') && i_am_mentioned($channel,$item));
+		$allowed = false;
+		$permit_mentions = intval(PConfig::Get($channel['channel_id'], 'system','permit_all_mentions') && i_am_mentioned($channel, $item));
 
 		if ($is_child_node) {
 
-			$p = q("select * from item where mid = '%s' and uid = %d and item_wall = 1",
+			$parent = q("select * from item where mid = '%s' and uid = %d",
 				dbesc($item['parent_mid']),
 				intval($channel['channel_id'])
 			);
-			if ($p) {
+
+			// TODO: if we do not have a parent stop here and move the fetch to background?
+
+			if ($parent && $parent[0]['obj_type'] === 'Question') {
+				if ($item['obj_type'] === ACTIVITY_OBJ_COMMENT && $item['title'] && (!$item['body'])) {
+					$item['obj_type'] = 'Answer';
+				}
+			}
+
+			if ($parent && $parent[0]['item_wall']) {
 				// set the owner to the owner of the parent
-				$item['owner_xchan'] = $p[0]['owner_xchan'];
+				$item['owner_xchan'] = $parent[0]['owner_xchan'];
 
 				// quietly reject group comment boosts by group owner
 				// (usually only sent via ActivityPub so groups will work on microblog platforms)
 				// This catches those activities if they slipped in via a conversation fetch
 
-				if ($p[0]['parent_mid'] !== $item['parent_mid']) {
+				if ($parent[0]['parent_mid'] !== $item['parent_mid']) {
 					if ($item['verb'] === 'Announce' && $item['author_xchan'] === $item['owner_xchan']) {
 						logger('group boost activity by group owner rejected');
 						return;
@@ -2871,8 +2971,8 @@ class Activity {
 
 				// check permissions against the author, not the sender
 				$allowed = perm_is_allowed($channel['channel_id'], $item['author_xchan'], 'post_comments');
-				if ((!$allowed)/* && $permit_mentions*/) {
-					if ($p[0]['owner_xchan'] === $channel['channel_hash']) {
+				if ((!$allowed) && $permit_mentions) {
+					if ($parent[0]['owner_xchan'] === $channel['channel_hash']) {
 						$allowed = false;
 					}
 					else {
@@ -2881,18 +2981,25 @@ class Activity {
 				}
 
 				// TODO: not implemented
-				/*if (absolutely_no_comments($p[0])) {
+				/*if (absolutely_no_comments($parent[0])) {
 					$allowed = false;
 				}*/
 
 				if (!$allowed) {
-					logger('rejected comment from ' . $item['author_xchan'] . ' for ' . $channel['channel_address']);
-					logger('rejected: ' . print_r($item, true), LOGGER_DATA);
+					if (get_pconfig($channel['channel_id'], 'system', 'moderate_unsolicited_comments') && $item['obj_type'] !== 'Answer') {
+						$item['item_blocked'] = ITEM_MODERATED;
+						$allowed = true;
+					}
+					else {
+						logger('rejected comment from ' . $item['author_xchan'] . ' for ' . $channel['channel_address']);
+						logger('rejected: ' . print_r($item, true), LOGGER_DATA);
 
-					// TODO: not implemented
-					// let the sender know we received their comment but we don't permit spam here.
-					// self::send_rejection_activity($channel,$item['author_xchan'],$item);
-					return;
+						// TODO: not implemented
+						// let the sender know we received their comment but we don't permit spam here.
+						// self::send_rejection_activity($channel,$item['author_xchan'],$item);
+
+						return;
+					}
 				}
 
 				// TODO: not implemented
@@ -2901,17 +3008,11 @@ class Activity {
 				}*/
 			}
 			else {
-
 				$allowed = true;
-				// reject public stream comments that weren't sent by the conversation owner
-				if ($is_sys_channel && $item['owner_xchan'] !== $observer_hash && !$fetch_parents) {
-					$allowed = false;
-				}
-			}
 
-			if ($p && $p[0]['obj_type'] === 'Question') {
-				if ($item['obj_type'] === ACTIVITY_OBJ_COMMENT && $item['title'] && (!$item['body'])) {
-					$item['obj_type'] = 'Answer';
+				// reject public stream comments that weren't sent by the conversation owner
+				if ($is_sys_channel && $item['owner_xchan'] !== $observer_hash && !$fetch_parents && empty($item['item_fetched'])) {
+					$allowed = false;
 				}
 			}
 		}
@@ -2919,13 +3020,13 @@ class Activity {
 
 			// The $item['item_fetched'] flag is set in fetch_and_store_parents().
 			// In this case we should check against author permissions because sender is not owner.
-			if (perm_is_allowed($channel['channel_id'], ((isset($item['item_fetched']) && $item['item_fetched']) ? $item['author_xchan'] : $observer_hash), 'send_stream') || $is_sys_channel) {
+			if (perm_is_allowed($channel['channel_id'], ((!empty($item['item_fetched'])) ? $item['author_xchan'] : $observer_hash), 'send_stream') || $is_sys_channel) {
 				$allowed = true;
 			}
-			// TODO: not implemented
-			/*if ($permit_mentions) {
+
+			if ($permit_mentions) {
 				$allowed = true;
-			}*/
+			}
 		}
 
 		if (tgroup_check($channel['channel_id'], $item) && (!$is_child_node)) {
@@ -3038,34 +3139,23 @@ class Activity {
 			$item['item_verified'] = 1;
 		}
 
-		$parent = null;
-
 		if ($is_child_node) {
-
-			$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
-				dbesc($item['parent_mid']),
-				intval($item['uid'])
-			);
-
 			if (!$parent) {
 				if (!plugin_is_installed('pubcrawl')) {
 					return;
 				}
-				else {
-					$fetch = false;
 
-					// TODO: debug
-					// if (perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && (PConfig::Get($channel['channel_id'],'system','hyperdrive',true) || $act->type === 'Announce')) {
-					if (perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') || $is_sys_channel) {
-						$fetch = (($fetch_parents) ? self::fetch_and_store_parents($channel, $observer_hash, $item, $force) : false);
-					}
+				$fetch = false;
 
-					if ($fetch) {
-						$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
-							dbesc($item['parent_mid']),
-							intval($item['uid'])
-						);
-					}
+				if (perm_is_allowed($channel['channel_id'], $observer_hash, 'send_stream') || $is_sys_channel) {
+					$fetch = (($fetch_parents) ? self::fetch_and_store_parents($channel, $observer_hash, $item, $force) : false);
+				}
+
+				if ($fetch) {
+					$parent = q("select * from item where mid = '%s' and uid = %d",
+						dbesc($item['parent_mid']),
+						intval($item['uid'])
+					);
 				}
 			}
 
@@ -3074,6 +3164,7 @@ class Activity {
 				return;
 			}
 
+
 			if ($parent[0]['parent_mid'] !== $item['parent_mid']) {
 				$item['thr_parent'] = $item['parent_mid'];
 			}
@@ -3082,6 +3173,7 @@ class Activity {
 			}
 			$item['parent_mid'] = $parent[0]['parent_mid'];
 
+
 			/*
 			 *
 			 * Check for conversation privacy mismatches
@@ -3100,6 +3192,16 @@ class Activity {
 				}
 			}
 
+			// private conversation, but this comment went rogue and was published publicly
+			// hide it from everybody except the channel owner
+
+			if (intval($parent[0]['item_private'])) {
+				if (!intval($item['item_private'])) {
+					$item['item_private'] = intval($parent_item['item_private']);
+					$item['allow_cid'] = '<' . $channel['channel_hash'] . '>';
+					$item['allow_gid'] = $item['deny_cid'] = $item['deny_gid'] = '';
+				}
+			}
 		}
 
 		// An ugly and imperfect way to recognise a mastodon direct message
@@ -3115,7 +3217,6 @@ class Activity {
 
 		// TODO: not implemented
 		// self::rewrite_mentions($item);
-
 		$r = q("select id, created, edited from item where mid = '%s' and uid = %d limit 1",
 			dbesc($item['mid']),
 			intval($item['uid'])
@@ -3228,7 +3329,7 @@ class Activity {
 			$item = $hookinfo['item'];
 
 			if ($item) {
-				$item['item_fetched'] = 1;
+				$item['item_fetched'] = true;
 
 				if (intval($channel['channel_system']) && intval($item['item_private'])) {
 					$p = [];
@@ -3342,7 +3443,7 @@ class Activity {
 
 			return false;
 		}
-	*/
+
 	static public function fetch_and_store_replies($channel, $arr) {
 
 		logger('fetching replies');
@@ -3399,6 +3500,7 @@ class Activity {
 		}
 
 	}
+*/
 
 /* this is deprecated and not used anymore
 	static function announce_note($channel, $observer_hash, $act) {
@@ -3674,7 +3776,21 @@ class Activity {
 				if ($a['type'] === 'image/svg+xml' && strpos($item['body'], '[/svg]')) {
 					continue;
 				}
-				if (self::media_not_in_body($a['href'], $item['body'])) {
+				// Friendica attachment weirdness
+				// Check both the attachment image and href since they can be different and the one in the href is a different link with different resolution.
+				// Otheriwse you'll get duplicated images
+				if (isset($a['image'])) {
+					if (self::media_not_in_body($a['image'], $item['body']) && self::media_not_in_body($a['href'], $item['body'])) {
+						if (isset($a['name']) && $a['name']) {
+							$alt = htmlspecialchars($a['name'], ENT_QUOTES);
+							$item['body'] = '[img=' . $a['href']  . ']' . $alt . '[/img]' . "\r\n" . $item['body'];
+						} else {
+							$item['body'] = '[img]' . $a['href'] . '[/img]' . "\r\n" . $item['body'];
+						}
+					}
+					continue;
+				}
+				elseif (self::media_not_in_body($a['href'], $item['body'])) {
 					if (isset($a['name']) && $a['name']) {
 						$alt = htmlspecialchars($a['name'], ENT_QUOTES);
 						$item['body'] = '[img=' . $a['href']  . ']' . $alt . '[/img]' . "\r\n" . $item['body'];
@@ -3853,12 +3969,11 @@ class Activity {
 		}
 
 		if (array_path_exists('source/mediaType', $act) && array_path_exists('source/content', $act)) {
-			if (in_array($act['source']['mediaType'], ['text/bbcode', 'text/x-multicode'])) {
+			if (in_array($act['source']['mediaType'], ['text/bbcode'])) {
 				$content['bbcode'] = purify_html($act['source']['content']);
 			}
 		}
 
-
 		return $content;
 	}
 
@@ -3954,18 +4069,18 @@ class Activity {
 
 		switch ($options) {
 			case 'activitypub':
-				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where hubloc_hash = '%s' and hubloc_deleted = 0 ",
+				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where hubloc_hash = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 					dbesc($url)
 				);
 				break;
 			case 'zot6':
-				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where hubloc_id_url = '%s' and hubloc_deleted = 0 ",
+				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where hubloc_id_url = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 					dbesc($url)
 				);
 				break;
 			case 'all':
 			default:
-				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where ( hubloc_id_url = '%s' OR hubloc_hash = '%s' ) and hubloc_deleted = 0 ",
+				$hublocs = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash where ( hubloc_id_url = '%s' OR hubloc_hash = '%s' ) and hubloc_deleted = 0 order by hubloc_id desc",
 					dbesc($url),
 					dbesc($url)
 				);
@@ -4025,9 +4140,9 @@ class Activity {
 			if ($act->is_valid()) {
 				$content = self::get_content($act->obj);
 
-				$ret .= "[share author='" . urlencode($act->actor['name']) .
+				$ret .= "[share author='" . urlencode($act->actor['name'] ?? $act->actor['preferredUsername']) .
 					"' profile='" . $act->actor['id'] .
-					"' avatar='" . $act->actor['icon']['url'] .
+					"' avatar='" . ($act->actor['icon']['url'] ?? z_root() . '/' . get_default_profile_photo(80)) .
 					"' link='" . $act->obj['id'] .
 					"' auth='" . ((is_matrix_url($act->actor['id'])) ? 'true' : 'false') .
 					"' posted='" . $act->obj['published'] .

Zotlabs/Lib/ActivityStreams.php

@@ -14,6 +14,7 @@ class ActivityStreams {
 	public $meta = null;
 	public $valid = false;
 	public $deleted = false;
+	public $portable_id = null;
 	public $id = '';
 	public $parent_id = '';
 	public $type = '';
@@ -35,12 +36,13 @@ class ActivityStreams {
 	 *
 	 * @param string $string
 	 */
-	function __construct($string) {
+	function __construct($string, $portable_id = null) {
 
 		if(!$string)
 			return;
 
 		$this->raw = $string;
+		$this->portable_id = $portable_id;
 
 		if (is_array($string)) {
 			$this->data = $string;
@@ -113,7 +115,7 @@ class ActivityStreams {
 			// fetch recursive or embedded activities
 
 			if ($this->obj && is_array($this->obj) && array_key_exists('object', $this->obj)) {
-				$this->obj['object'] = $this->get_compound_property($this->obj['object']);
+				$this->obj['object'] = $this->get_compound_property('object', $this->obj);
 			}
 
 			if ($this->obj && is_array($this->obj) && isset($this->obj['actor']))
@@ -123,12 +125,14 @@ class ActivityStreams {
 
 			$this->parent_id = $this->get_property_obj('inReplyTo');
 
-			if ((!$this->parent_id) && is_array($this->obj) && isset($this->obj['inReplyTo'])) {
+			if (!$this->parent_id && is_array($this->obj) && isset($this->obj['inReplyTo'])) {
 				$this->parent_id = $this->obj['inReplyTo'];
 			}
-			if ((!$this->parent_id) && is_array($this->obj) && isset($this->obj['id'])) {
+
+			if (!$this->parent_id && is_array($this->obj) && isset($this->obj['id'])) {
 				$this->parent_id = $this->obj['id'];
 			}
+
 		}
 	}
 
@@ -145,36 +149,59 @@ class ActivityStreams {
 		$this->saved_recips = $arr;
 	}
 
+	/**
+	 * @brief get single property from Activity object
+	 *
+	 * @param string $property
+	 * @param mixed $default return value if property or object not set
+	 *    or object is a string id which could not be fetched.
+	 * @return mixed
+	 */
+	public function objprop(string $property, mixed $default = false): mixed {
+		$x = $this->get_property_obj($property, $this->obj);
+		return (isset($x)) ? $x : $default;
+	}
+
 	/**
 	 * @brief Collects all recipients.
 	 *
-	 * @param string $base
+	 * @param mixed $base
 	 * @param string $namespace (optional) default empty
 	 * @return array
 	 */
-	function collect_recips($base = '', $namespace = '') {
-		$x = [];
+	public function collect_recips(mixed $base = '', string $namespace = ''): array {
+		$result = [];
+		$tmp = [];
 
 		$fields = ['to', 'cc', 'bto', 'bcc', 'audience'];
-		foreach ($fields as $f) {
-			$y = $this->get_compound_property($f, $base, $namespace);
-			if ($y) {
-				if (!is_array($this->raw_recips)) {
-					$this->raw_recips = [];
-				}
-
-				if (!is_array($y)) {
-					$y = [$y];
-				}
-				$this->raw_recips[$f] = $y;
-				$x                    = array_merge($x, $y);
+		foreach ($fields as $field) {
+			// don't expand these yet
+			$values = $this->get_property_obj($field, $base, $namespace);
+			if ($values) {
+				$values = force_array($values);
+				$tmp[$field] = $values;
+				$result = array_values(array_unique(array_merge($result, $values)));
+			}
+			// Merge the object recipients if they exist.
+			$values = $this->objprop($field);
+			if ($values) {
+				$values = force_array($values);
+				$tmp[$field] = ((isset($tmp[$field])) ? array_merge($tmp[$field], $values) : $values);
+				$result = array_values(array_unique(array_merge($result, $values)));
+			}
+			// remove duplicates
+			if (isset($tmp[$field])) {
+				$tmp[$field] = array_values(array_unique($tmp[$field]));
 			}
 		}
-// not yet ready for prime time
-//		$x = $this->expand($x,$base,$namespace);
-		return $x;
+		$this->raw_recips = $tmp;
+
+		// not yet ready for prime time
+		//      $result = $this->expand($result,$base,$namespace);
+		return $result;
 	}
 
+
 	function expand($arr, $base = '', $namespace = '') {
 		$ret = [];
 
@@ -278,12 +305,26 @@ class ActivityStreams {
 	 * @return NULL|mixed
 	 */
 
-	function fetch_property($url) {
-		return self::fetch($url);
-	}
+	function fetch_property($url, $channel = null) {
+		$x = null;
 
-	static function fetch($url, $channel = null) {
-		return Activity::fetch($url, $channel);
+		if (str_starts_with($url, z_root() . '/item/')) {
+			$x = Activity::fetch_local($url, $this->portable_id ?? '');
+			logger('local: ' . print_r($x,true));
+		}
+
+		if (!$x) {
+			$x = Activity::fetch($url, $channel);
+			if ($x === null && strpos($url, '/channel/')) {
+				// look for other nomadic channels which might be alive
+				$zf = Zotfinger::exec($url, $channel);
+
+				$url = $zf['signature']['signer'];
+				$x = Activity::fetch($url, $channel);
+			}
+		}
+
+		return $x;
 	}
 
 	static function is_an_actor($s) {
@@ -341,6 +382,7 @@ class ActivityStreams {
 	 */
 	function get_compound_property($property, $base = '', $namespace = '', $first = false) {
 		$x = $this->get_property_obj($property, $base, $namespace);
+
 		if ($this->is_url($x)) {
 			$y = $this->fetch_property($x);
 			if (is_array($y)) {

Zotlabs/Lib/Connect.php

@@ -69,7 +69,8 @@ class Connect {
 		$xchan_hash = '';
 		$sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : '');
 
-		$r = q("SELECT * FROM xchan LEFT JOIN hubloc ON xchan_hash = hubloc_hash WHERE ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s') $sql_options ORDER BY hubloc_id DESC",
+		// We need both, the xchan and the hubloc here hence use JOIN instead of LEFT JOIN
+		$r = q("SELECT * FROM xchan JOIN hubloc ON xchan_hash = hubloc_hash WHERE ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s') $sql_options ORDER BY hubloc_id DESC",
 			dbesc($url),
 			dbesc($url),
 			dbesc($url)

Zotlabs/Lib/DReport.php

@@ -94,19 +94,6 @@ class DReport {
 		if(! $c)
 			return false;
 
-		// legacy zot recipients add a space and their name to the xchan. remove it if true.
-
-		$legacy_recipient = strpos($dr['recipient'], ' ');
-		if($legacy_recipient !== false) {
-			$legacy_recipient_parts = explode(' ', $dr['recipient'], 2);
-			$rxchan = $legacy_recipient_parts[0];
-		}
-		else {
-			$rxchan = $dr['recipient'];
-		}
-
-
-
 		// is the recipient one of our connections, or do we want to store every report?
 
 		$pcf = get_pconfig($c[0]['channel_id'],'system','dreport_store_all');
@@ -117,7 +104,7 @@ class DReport {
 		// So if a remote site says they can't find us, that's no big surprise
 		// and just creates a lot of extra report noise
 
-		if(($dr['location'] !== z_root()) && ($dr['sender'] === $rxchan) && ($dr['status'] === 'recipient not found'))
+		if(($dr['location'] !== z_root()) && ($dr['sender'] === $dr['recipient']) && ($dr['status'] === 'recipient not found'))
 			return false;
 
 		// If you have a private post with a recipient list, every single site is going to report
@@ -126,14 +113,14 @@ class DReport {
 		// have a channel on that site.
 
 		$r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and hubloc_url = '%s'",
-			dbesc($rxchan),
+			dbesc($dr['recipient']),
 			dbesc($dr['location'])
 		);
 		if((! $r) && ($dr['status'] === 'recipient_not_found'))
 			return false;
 
 		$r = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
-			dbesc($rxchan),
+			dbesc($dr['recipient']),
 			intval($c[0]['channel_id'])
 		);
 		if($r)

Zotlabs/Lib/Enotify.php

@@ -145,7 +145,7 @@ class Enotify {
 
 		$itemlink = $params['link'];
 
-		$action = t('commented on');
+		$action = (($moderated) ? t('requested to comment on') : t('commented on'));
 
 		if(array_key_exists('item',$params)) {
 
@@ -158,10 +158,10 @@ class Enotify {
 				}
 
 				if(activity_match($params['verb'], ACTIVITY_LIKE))
-					$action = t('liked');
+					$action = (($moderated) ? t('requested to like') : t('liked'));
 
 				if(activity_match($params['verb'], ACTIVITY_DISLIKE))
-					$action = t('disliked');
+					$action = (($moderated) ? t('requested to dislike') : t('disliked'));
 
 			}
 
@@ -307,7 +307,14 @@ class Enotify {
 
 		$parent_item = $p[0];
 
-		$verb = ((activity_match($params['item']['verb'], ACTIVITY_DISLIKE)) ? t('disliked') : t('liked'));
+		//$verb = ((activity_match($params['item']['verb'], ACTIVITY_DISLIKE)) ? t('disliked') : t('liked'));
+		$moderated = (($params['item']['item_blocked'] == ITEM_MODERATED) ? true : false);
+
+		if(activity_match($params['item']['verb'], ACTIVITY_LIKE))
+			$verb = (($moderated) ? t('requested to like') : t('liked'));
+
+		if(activity_match($params['item']['verb'], ACTIVITY_DISLIKE))
+			$verb = (($moderated) ? t('requested to dislike') : t('disliked'));
 
 		// "your post"
 		if($p[0]['owner']['xchan_name'] === $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
@@ -828,7 +835,7 @@ class Enotify {
 				: (($item['obj_type'] === 'Answer') ? sprintf( t('voted on %s\'s poll'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]') : sprintf( t('commented on %s\'s post'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]'))
 			);
 
-			if($item['verb'] === ACTIVITY_SHARE) {
+			if($item['verb'] === ACTIVITY_SHARE && empty($item['owner']['xchan_pubforum'])) {
 				$itemem_text = sprintf( t('repeated %s\'s post'), '[bdi]' . $item['author']['xchan_name'] . '[/bdi]');
 			}
 
@@ -860,7 +867,7 @@ class Enotify {
 
 		// convert this logic into a json array just like the system notifications
 
-		$who = (($item['verb'] === ACTIVITY_SHARE) ? 'owner' : 'author');
+		$who = (($item['verb'] === ACTIVITY_SHARE && empty($item['owner']['xchan_pubforum'])) ? 'owner' : 'author');
 		$body = html2plain(bbcode($item['body'], ['drop_media' => true, 'tryoembed' => false]), 75, true);
 		if ($body) {
 			$body = htmlentities($body, ENT_QUOTES, 'UTF-8', false);
@@ -869,7 +876,7 @@ class Enotify {
 		$x = array(
 			'notify_link' => $item['llink'],
 			'name' => $item[$who]['xchan_name'],
-			'addr' => $item[$who]['xchan_addr'] ?? $item[$who]['xchan_url'],
+			'addr' => $item[$who]['xchan_addr'] ? $item[$who]['xchan_addr'] : $item[$who]['xchan_url'],
 			'url' => $item[$who]['xchan_url'],
 			'photo' => $item[$who]['xchan_photo_s'],
 			'when' => (($edit) ? datetime_convert('UTC', date_default_timezone_get(), $item['edited']) : datetime_convert('UTC', date_default_timezone_get(), $item['created'])),

Zotlabs/Lib/IConfig.php

@@ -13,7 +13,7 @@ class IConfig {
 	static public function Get(&$item, $family, $key, $default = false) {
 
 		$is_item = false;
-	
+
 		if(is_array($item)) {
 			$is_item = true;
 			if((! array_key_exists('iconfig',$item)) || (! is_array($item['iconfig'])))
@@ -22,7 +22,7 @@ class IConfig {
 			if(array_key_exists('item_id',$item))
 				$iid = $item['item_id'];
 			else
-				$iid = $item['id'];
+				$iid = $item['id'] ?? 0;
 		}
 		elseif(intval($item))
 			$iid = $item;
@@ -36,7 +36,7 @@ class IConfig {
 					return $c['v'];
 			}
 		}
-		 
+
 		$r = q("select * from iconfig where iid = %d and cat = '%s' and k = '%s' limit 1",
 			intval($iid),
 			dbesc($family),
@@ -63,11 +63,11 @@ class IConfig {
 	 * $value - value of meta variable
 	 * $sharing - boolean (default false); if true the meta information is propagated with the item
 	 *   to other sites/channels, mostly useful when $item is an array and has not yet been stored/delivered.
-	 *   If the meta information is added after delivery and you wish it to be shared, it may be necessary to 
-	 *   alter the item edited timestamp and invoke the delivery process on the updated item. The edited 
+	 *   If the meta information is added after delivery and you wish it to be shared, it may be necessary to
+	 *   alter the item edited timestamp and invoke the delivery process on the updated item. The edited
 	 *   timestamp needs to be altered in order to trigger an item_store_update() at the receiving end.
 	 */
- 
+
 
 	static public function Set(&$item, $family, $key, $value, $sharing = false) {
 
@@ -162,4 +162,4 @@ class IConfig {
 
 	}
 
-}
+}

Zotlabs/Lib/Libsync.php

@@ -141,7 +141,7 @@ class Libsync {
 
 		$total = count($synchubs);
 		foreach ($synchubs as $hub) {
-			$hash = random_string();
+			$hash = new_uuid();
 			$n    = Libzot::build_packet($channel, 'sync', $env_recips, json_encode($info), 'hz', $hub['hubloc_sitekey'], $hub['site_crypto']);
 			Queue::insert([
 				'hash'       => $hash,
@@ -328,7 +328,7 @@ class Libsync {
 				$remote_channel               = $arr['channel'];
 				$remote_channel['channel_id'] = $channel['channel_id'];
 
-				if (array_key_exists('channel_pageflags', $arr['channel']) && intval($arr['channel']['channel_pageflags'])) {
+				if (array_key_exists('channel_pageflags', $arr['channel'])) {
 
 					// Several pageflags are site-specific and cannot be sync'd.
 					// Only allow those bits which are shareable from the remote and then
@@ -766,13 +766,17 @@ class Libsync {
 	 *
 	 * @param array $sender
 	 * @param array $arr
-	 * @param boolean $absolute (optional) default false
 	 * @return array
 	 */
 
-	static function sync_locations($sender, $arr, $absolute = false) {
+	static function sync_locations($sender, $arr) {
+
+		$ret = [
+			'change_message' => '',
+			'changed' => false,
+			'message' => ''
+		];
 
-		$ret = [];
 		$what = '';
 		$changed = false;
 
@@ -787,10 +791,7 @@ class Libsync {
 
 		if (isset($arr['locations']) && $arr['locations']) {
 
-			if ($absolute)
-				Libzot::check_location_move($sender['hash'], $arr['locations']);
-
-			$xisting = q("select * from hubloc where hubloc_hash = '%s'",
+			$xisting = q("select * from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0",
 				dbesc($sender['hash'])
 			);
 
@@ -933,14 +934,7 @@ class Libsync {
 						$what    .= 'primary_hub ';
 						$changed = true;
 					}
-					elseif ($absolute) {
-						// Absolute sync - make sure the current primary is correctly reflected in the xchan
-						$pr = hubloc_change_primary($r[0]);
-						if ($pr) {
-							$what    .= 'xchan_primary ';
-							$changed = true;
-						}
-					}
+
 					if (intval($r[0]['hubloc_deleted']) && (!intval($location['deleted']))) {
 						q("update hubloc set hubloc_deleted = 0, hubloc_updated = '%s' where hubloc_id_url = '%s'",
 							dbesc(datetime_convert()),
@@ -1009,9 +1003,9 @@ class Libsync {
 				}
 			}
 
-			// get rid of any hubs we have for this channel which weren't reported.
+			// get rid of any hublocs we have for this channel which weren't reported.
 
-			if ($absolute && $xisting) {
+			if ($xisting) {
 				foreach ($xisting as $x) {
 					if (!array_key_exists('updated', $x)) {
 						logger('Deleting unreferenced hub location ' . $x['hubloc_addr']);

Zotlabs/Lib/Libzot.php

@@ -101,7 +101,6 @@ class Libzot {
 	static function build_packet($channel, $type = 'activity', $recipients = null, $msg = [], $encoding = 'activitystreams', $remote_key = null, $methods = '') {
 
 		$sig_method = get_config('system', 'signature_algorithm', 'sha256');
-
 		$data = [
 			'type'     => $type,
 			'encoding' => $encoding,
@@ -115,9 +114,9 @@ class Libzot {
 		}
 
 		if ($msg) {
-			$actor = channel_url($channel);
-			if ($encoding === 'activitystreams' && array_key_exists('actor', $msg) && is_string($msg['actor']) && $actor === $msg['actor']) {
-				$msg = JSalmon::sign($msg, $actor, $channel['channel_prvkey']);
+			$actors = get_hubloc_id_urls_by_x($channel['channel_hash']);
+			if ($encoding === 'activitystreams' && array_key_exists('actor', $msg) && is_string($msg['actor']) && in_array($msg['actor'], $actors)) {
+				$msg = JSalmon::sign($msg, $actors[0], $channel['channel_prvkey']);
 			}
 			$data['data'] = $msg;
 		}
@@ -329,7 +328,7 @@ class Libzot {
 
 		logger('zot-info: ' . print_r($record, true), LOGGER_DATA, LOG_DEBUG);
 
-		$x = self::import_xchan($record['data'], (($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
+		$x = self::import_xchan($record['data']);
 
 		if (!$x['success']) {
 			return false;
@@ -636,23 +635,18 @@ class Libzot {
 	 *   all internal data structures which need to be updated as a result.
 	 *
 	 * @param array $arr => json_decoded discovery packet
-	 * @param int $ud_flags
-	 *    Determines whether to create a directory update record if any changes occur, default is UPDATE_FLAGS_UPDATED
-	 *    $ud_flags = UPDATE_FLAGS_FORCED indicates a forced refresh where we unconditionally create a directory update record
-	 *      this typically occurs once a month for each channel as part of a scheduled ping to notify the directory
-	 *      that the channel still exists
-	 * @param array $ud_arr
-	 *    If set [typically by update_directory_entry()] indicates a specific update table row and more particularly
-	 *    contains a particular address (ud_addr) which needs to be updated in that table.
-	 *
+
 	 * @return array An associative array with:
 	 *   * \e boolean \b success boolean true or false
 	 *   * \e string \b message (optional) error string only if success is false
 	 */
 
-	static function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
+	static function import_xchan($arr) {
 
-		$ret     = ['success' => false];
+		$ret = [
+			'success' => false,
+			'message' => ''
+		];
 
 		if (!is_array($arr)) {
 			logger('Not an array: ' . print_r($arr, true), LOGGER_DEBUG);
@@ -666,7 +660,7 @@ class Libzot {
 		 */
 		call_hooks('import_xchan', $arr);
 
-		$dirmode = intval(get_config('system', 'directory_mode'));
+		$dirmode = intval(get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL));
 
 		$changed = false;
 		$what    = '';
@@ -684,15 +678,11 @@ class Libzot {
 		$sig_methods = ((array_key_exists('signing', $arr) && is_array($arr['signing'])) ? $arr['signing'] : ['sha256']);
 		$verified    = false;
 
-		if (!self::verify($arr['id'], $arr['id_sig'], $arr['public_key'])) {
-			logger('Unable to verify channel signature for ' . $arr['primary_location']['address']);
-			return $ret;
-		}
-		else {
+		if (self::verify($arr['id'], $arr['id_sig'], $arr['public_key'])) {
 			$verified = true;
 		}
-
-		if (!$verified) {
+		else {
+			logger('Unable to verify channel signature for ' . $xchan_hash . ' (' . $arr['primary_location']['address']) . ')';
 			$ret['message'] = t('Unable to verify channel signature');
 			return $ret;
 		}
@@ -715,6 +705,7 @@ class Libzot {
 			if ($arr['photo'] && array_key_exists('updated', $arr['photo']) && $arr['photo']['updated'] > $r[0]['xchan_photo_date'])
 				$import_photos = true;
 
+
 			// if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry.
 			/** @TODO: check if we're the same directory realm, which would mean we are allowed to see it */
 
@@ -731,7 +722,7 @@ class Libzot {
 				$hidden_changed = 1;
 			if (isset($arr['adult_content']) && intval($r[0]['xchan_selfcensored']) != intval($arr['adult_content']))
 				$adult_changed = 1;
-			if (isset($arr['xchan_deleted']) && intval($r[0]['xchan_deleted']) != intval($arr['deleted']))
+			if (isset($arr['deleted']) && intval($r[0]['xchan_deleted']) != intval($arr['deleted']))
 				$deleted_changed = 1;
 
 			// new style 6-MAR-2019
@@ -921,30 +912,26 @@ class Libzot {
 		$s = Libsync::sync_locations($arr, $arr);
 
 		if ($s) {
-			if (isset($s['change_message']))
+			if (!empty($s['change_message']))
 				$what .= $s['change_message'];
-			if (isset($s['changed']))
-				$changed = $s['changed'];
-			if (isset($s['message']))
+			if (!empty($s['changed']))
+				$changed .= $s['changed'];
+			if (!empty($s['message']))
 				$ret['message'] .= $s['message'];
 		}
 
-		// Which entries in the update table are we interested in updating?
-
-		$address = (($ud_arr && $ud_arr['ud_addr']) ? $ud_arr['ud_addr'] : $arr['primary_location']['address']);
-
-
-		// Are we a directory server of some kind?
 
 		$other_realm = false;
 		$realm       = get_directory_realm();
-		if (array_key_exists('site', $arr)
-			&& array_key_exists('realm', $arr['site'])
-			&& (strpos($arr['site']['realm'], $realm) === false))
+		if (array_key_exists('site', $arr) && array_key_exists('realm', $arr['site']) && (strpos($arr['site']['realm'], $realm) === false)) {
 			$other_realm = true;
+		}
 
+		$address = $arr['primary_location']['url'];
 
-		if ($dirmode != DIRECTORY_MODE_NORMAL) {
+		// Are we a directory server of some kind?
+
+		if ($dirmode !== DIRECTORY_MODE_NORMAL) {
 
 			// We're some kind of directory server. However we can only add directory information
 			// if the entry is in the same realm (or is a sub-realm). Sub-realms are denoted by
@@ -952,7 +939,7 @@ class Libzot {
 			// be in directories for the local realm (foo) and also the RED_GLOBAL realm.
 
 			if (array_key_exists('profile', $arr) && is_array($arr['profile']) && (!$other_realm)) {
-				$profile_changed = Libzotdir::import_directory_profile($xchan_hash, $arr['profile'], $address, $ud_flags, 1);
+				$profile_changed = Libzotdir::import_directory_profile($xchan_hash, $arr['profile']);
 				if ($profile_changed) {
 					$what    .= 'profile ';
 					$changed = true;
@@ -978,21 +965,10 @@ class Libzot {
 			}
 		}
 
-		if (($changed) || ($ud_flags == UPDATE_FLAGS_FORCED)) {
-			$guid = random_string() . '@' . \App::get_hostname();
-			Libzotdir::update_modtime($xchan_hash, $guid, $address, $ud_flags);
-			logger('Changed: ' . $what, LOGGER_DEBUG);
-		}
-		elseif (!$ud_flags) {
-			// nothing changed but we still need to update the updates record
-			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) > 0 ",
-				intval(UPDATE_FLAGS_UPDATED),
-				dbesc($address),
-				intval(UPDATE_FLAGS_UPDATED)
-			);
-		}
+		// update updates if anything changed bump the ud_date
+		Libzotdir::update($xchan_hash, $address, $changed);
 
-		if (!x($ret, 'message')) {
+		if (empty($ret['message'])) {
 			$ret['success'] = true;
 			$ret['hash']    = $xchan_hash;
 		}
@@ -1051,19 +1027,9 @@ class Libzot {
 			}
 
 			if (is_array($x) && array_key_exists('delivery_report', $x) && is_array($x['delivery_report'])) {
-
 				foreach ($x['delivery_report'] as $xx) {
 					call_hooks('dreport_process', $xx);
 					if (is_array($xx) && array_key_exists('message_id', $xx) && DReport::is_storable($xx)) {
-
-						// legacy recipients add a space and their name to the xchan. split those if true.
-						$legacy_recipient = strpos($xx['recipient'], ' ');
-						if ($legacy_recipient !== false) {
-							$legacy_recipient_parts = explode(' ', $xx['recipient'], 2);
-							$xx['recipient']        = $legacy_recipient_parts[0];
-							$xx['name']             = $legacy_recipient_parts[1];
-						}
-
 						q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_name, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s', '%s','%s','%s','%s','%s' ) ",
 							dbesc($xx['message_id']),
 							dbesc($xx['location']),
@@ -1244,7 +1210,6 @@ class Libzot {
 			return;
 		}
 
-
 		if ($has_data) {
 
 			if (in_array($env['type'], ['activity', 'response'])) {
@@ -1254,17 +1219,13 @@ class Libzot {
 					return;
 				}
 
-				$r = q("select hubloc_hash, hubloc_network, hubloc_url from hubloc where hubloc_id_url = '%s' order by hubloc_id desc",
-					dbesc($AS->actor['id'])
-				);
+				$r = Activity::get_actor_hublocs($AS->actor['id']);
 
 				if (! $r) {
 					// Author is unknown to this site. Perform channel discovery and try again.
 					$z = discover_by_webbie($AS->actor['id']);
 					if ($z) {
-						$r = q("select hubloc_hash, hubloc_network, hubloc_url from hubloc where hubloc_id_url = '%s' order by hubloc_id desc",
-							dbesc($AS->actor['id'])
-						);
+						$r = Activity::get_actor_hublocs($AS->actor['id']);
 					}
 				}
 
@@ -1377,7 +1338,7 @@ class Libzot {
 				return false;
 			}
 			$x = self::find_parent($env, $act);
-			if ($x === $act->id || $x === $act->obj['id']) {
+			if ($x === $act->id || (is_array($act->obj) && array_key_exists('id', $act->obj) && $x === $act->obj['id'])) {
 				return true;
 			}
 		}
@@ -1397,6 +1358,31 @@ class Libzot {
 		return false;
 	}
 
+	static function find_parent_owner_hashes($env, $act) {
+		$r = [];
+		$thread_parent = self::find_parent($env, $act);
+		if ($thread_parent) {
+			$uids = q("SELECT uid FROM item WHERE thr_parent = '%s' OR parent_mid = '%s'",
+				dbesc($thread_parent),
+				dbesc($thread_parent)
+			);
+
+			if ($uids) {
+				$uids = ids_to_querystr($uids, 'uid');
+
+				$z = q("SELECT channel_hash FROM channel WHERE channel_hash != '%s' AND channel_id IN ($uids)",
+					dbesc($env['sender'])
+				);
+
+				if ($z) {
+					foreach ($z as $zv) {
+						$r[] = $zv['channel_hash'];
+					}
+				}
+			}
+		}
+		return $r;
+	}
 
 	/**
 	 * @brief
@@ -1435,7 +1421,9 @@ class Libzot {
 
 		$r = [];
 
-		$c = q("select channel_id, channel_hash from channel where channel_removed = 0");
+		$c = q("select channel_id, channel_hash from channel where channel_hash != '%s' and channel_removed = 0",
+			dbesc($msg['sender'])
+		);
 
 		if ($c) {
 			foreach ($c as $cc) {
@@ -1463,9 +1451,10 @@ class Libzot {
 						if ($tag['type'] === 'Mention' && (strpos($tag['href'], z_root()) !== false)) {
 							$address = basename($tag['href']);
 							if ($address) {
-								$z = q("select channel_hash as hash from channel where channel_address = '%s'
+								$z = q("select channel_hash as hash from channel where channel_address = '%s' and channel_hash != '%s'
 									and channel_removed = 0 limit 1",
-									dbesc($address)
+									dbesc($address),
+									dbesc($msg['sender'])
 								);
 								if ($z) {
 									$r[] = $z[0]['hash'];
@@ -1474,25 +1463,23 @@ class Libzot {
 						}
 					}
 				}
+				if ($act->obj['type'] === 'Tombstone') {
+					// This is a delete. There are no tags to look at - add anyone owning the item.
+					$parent_owners = self::find_parent_owner_hashes($msg, $act);
+					if ($parent_owners) {
+						$r = array_merge($r, $parent_owners);
+					}
+				}
+
 			}
 		}
 		else {
 			// This is a comment. We need to find any parent with ITEM_UPLINK set. But in fact, let's just return
 			// everybody that stored a copy of the parent. This way we know we're covered. We'll check the
 			// comment permissions when we deliver them.
-
-			$thread_parent = self::find_parent($msg, $act);
-
-			if ($thread_parent) {
-				$z = q("select channel_hash as hash from channel left join item on channel.channel_id = item.uid where ( item.thr_parent = '%s' OR item.parent_mid = '%s' ) ",
-					dbesc($thread_parent),
-					dbesc($thread_parent)
-				);
-				if ($z) {
-					foreach ($z as $zv) {
-						$r[] = $zv['hash'];
-					}
-				}
+			$parent_owners = self::find_parent_owner_hashes($msg, $act);
+			if ($parent_owners) {
+				$r = array_merge($r, $parent_owners);
 			}
 		}
 
@@ -1577,9 +1564,14 @@ class Libzot {
 			 * There's a chance the current delivery could take place before the cloned copy arrives
 			 * hence the item could have the wrong ACL and *could* be used in subsequent deliveries or
 			 * access checks.
+			 *
+			 * 30.3.23: block all incoming items from ourselves except if the origin is local.
+			 * This is to prevent multiple relay delivery of items that arrive via sync.
+			 * They have already been relayed at the origin location.
+			 *
 			 */
 
-			if ($sender === $channel['channel_hash'] && $arr['author_xchan'] === $channel['channel_hash'] && $arr['mid'] === $arr['parent_mid']) {
+			if ($sender === $channel['channel_hash'] && $arr['author_xchan'] === $channel['channel_hash'] && !str_starts_with($arr['mid'], z_root())) {
 				$DR->update('self delivery ignored');
 				$result[] = $DR->get();
 				continue;
@@ -1629,13 +1621,23 @@ class Libzot {
 			if ((!$tag_delivery) && (!$local_public)) {
 				$allowed = (perm_is_allowed($channel['channel_id'], $sender, $perm));
 
-				if ((!$allowed) && $perm === 'post_comments') {
-					$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
-						dbesc($arr['parent_mid']),
-						intval($channel['channel_id'])
-					);
-					if ($parent) {
-						$allowed = can_comment_on_post($sender, $parent[0]);
+				$permit_mentions = intval(PConfig::Get($channel['channel_id'], 'system', 'permit_all_mentions') && i_am_mentioned($channel, $arr));
+
+				if (!$allowed) {
+					if ($perm === 'post_comments') {
+						$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
+							dbesc($arr['parent_mid']),
+							intval($channel['channel_id'])
+						);
+						if ($parent) {
+							$allowed = can_comment_on_post($sender, $parent[0]);
+							if (!$allowed && $permit_mentions) {
+								$allowed = true;
+							}
+						}
+
+					} elseif ($permit_mentions) {
+						$allowed = true;
 					}
 				}
 
@@ -1717,7 +1719,7 @@ class Libzot {
 					// this is just an exercise in futility.
 
 					if (perm_is_allowed($channel['channel_id'], $sender, 'send_stream')) {
-						self::fetch_conversation($channel, $arr['parent_mid']);
+						Master::Summon(['Zotconvo', $channel['channel_id'], $arr['parent_mid']]);
 					}
 
 					continue;
@@ -1980,7 +1982,7 @@ class Libzot {
 		$ret = [];
 
 
-		$signer = q("select hubloc_hash, hubloc_url from hubloc where hubloc_id_url = '%s' and hubloc_network = 'zot6' limit 1",
+		$signer = q("select hubloc_hash, hubloc_url from hubloc where hubloc_id_url = '%s' and hubloc_network = 'zot6' order by hubloc_id desc limit 1",
 			dbesc($a['signature']['signer'])
 		);
 
@@ -2008,18 +2010,12 @@ class Libzot {
 				continue;
 			}
 
-			$r = q("select hubloc_hash, hubloc_network from hubloc where hubloc_id_url = '%s'",
-				dbesc($AS->actor['id'])
-			);
-
+			$r = Activity::get_actor_hublocs($AS->actor['id']);
 			$r = self::zot_record_preferred($r);
-
 			if (!$r) {
 				$y = import_author_xchan(['url' => $AS->actor['id']]);
 				if ($y) {
-					$r = q("select hubloc_hash, hubloc_network from hubloc where hubloc_id_url = '%s'",
-						dbesc($AS->actor['id'])
-					);
+					$r = Activity::get_actor_hublocs($AS->actor['id']);
 					$r = self::zot_record_preferred($r);
 				}
 				if (!$r) {
@@ -2029,22 +2025,29 @@ class Libzot {
 			}
 
 			if (isset($AS->obj['actor']['id']) && $AS->obj['actor']['id'] !== $AS->actor['id']) {
-				$y = import_author_xchan(['url' => $AS->obj['actor']['id']]);
-				if (!$y) {
-					logger('FOF Activity: no object actor');
-					continue;
+				$ro = Activity::get_actor_hublocs($AS->obj['actor']['id']);
+				$ro = self::zot_record_preferred($ro);
+				if (!$ro) {
+					$y = import_author_xchan(['url' => $AS->obj['actor']['id']]);
+					if ($y) {
+						$ro = Activity::get_actor_hublocs($AS->obj['actor']['id']);
+						$ro = self::zot_record_preferred($ro);
+					}
+					if (!$ro) {
+						logger('FOF Activity: no obj actor');
+						continue;
+					}
 				}
 			}
 
 			$arr = Activity::decode_note($AS);
 
 			if (!$arr) {
+				logger('FOF Activity: could not decode');
 				continue;
 			}
 
-			if ($r) {
-				$arr['author_xchan'] = $r['hubloc_hash'];
-			}
+			$arr['author_xchan'] = $r['hubloc_hash'];
 
 			if ($signer) {
 				$arr['owner_xchan'] = $signer[0]['hubloc_hash'];
@@ -2312,120 +2315,6 @@ class Libzot {
 	}
 
 
-	/**
-	 * @brief Processes delivery of profile.
-	 *
-	 * @param string $sender
-	 * @param array $arr
-	 * @param array $deliveries (unused)
-	 * @return void
-	 * @see import_directory_profile()
-	 *
-	 */
-	static function process_profile_delivery($sender, $arr, $deliveries) {
-
-		logger('process_profile_delivery', LOGGER_DEBUG);
-
-		$r = q("select xchan_addr from xchan where xchan_hash = '%s' limit 1",
-			dbesc($sender)
-		);
-		if ($r) {
-			Libzotdir::import_directory_profile($sender, $arr, $r[0]['xchan_addr'], UPDATE_FLAGS_UPDATED, 0);
-		}
-	}
-
-
-	/**
-	 * @brief
-	 *
-	 * @param string $sender
-	 * @param array $arr
-	 * @param array $deliveries (unused) deliveries is irrelevant
-	 * @return void
-	 */
-	static function process_location_delivery($sender, $arr, $deliveries) {
-
-		// deliveries is irrelevant
-		logger('process_location_delivery', LOGGER_DEBUG);
-
-		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
-			dbesc($sender)
-		);
-		if ($r) {
-			$xchan = ['id'   => $r[0]['xchan_guid'], 'id_sig' => $r[0]['xchan_guid_sig'],
-					  'hash' => $r[0]['xchan_hash'], 'public_key' => $r[0]['xchan_pubkey']];
-		}
-		if (array_key_exists('locations', $arr) && $arr['locations']) {
-			$x = Libsync::sync_locations($xchan, $arr, true);
-			logger('results: ' . print_r($x, true), LOGGER_DEBUG);
-			if ($x['changed']) {
-				//$guid = random_string() . '@' . App::get_hostname();
-				Libzotdir::update_modtime($sender, $r[0]['xchan_guid'], $arr['locations'][0]['address'], UPDATE_FLAGS_UPDATED);
-			}
-		}
-	}
-
-	/**
-	 * @brief Checks for a moved channel and sets the channel_moved flag.
-	 *
-	 * Currently the effect of this flag is to turn the channel into 'read-only' mode.
-	 * New content will not be processed (there was still an issue with blocking the
-	 * ability to post comments as of 10-Mar-2016).
-	 * We do not physically remove the channel at this time. The hub admin may choose
-	 * to do so, but is encouraged to allow a grace period of several days in case there
-	 * are any issues migrating content. This packet will generally be received by the
-	 * original site when the basic channel import has been processed.
-	 *
-	 * This will only be executed on the old location
-	 * if a new location is reported and there is only one location record.
-	 * The rest of the hubloc syncronisation will be handled within
-	 * sync_locations
-	 *
-	 * @param string $sender_hash A channel hash
-	 * @param array $locations
-	 * @return void
-	 */
-	static function check_location_move($sender_hash, $locations) {
-
-		if (!$locations)
-			return;
-
-		if (count($locations) != 1)
-			return;
-
-		$loc = $locations[0];
-
-		$r = q("select * from channel where channel_hash = '%s' limit 1",
-			dbesc($sender_hash)
-		);
-
-		if (!$r)
-			return;
-
-		if ($loc['url'] !== z_root()) {
-			$x = q("update channel set channel_moved = '%s' where channel_hash = '%s' limit 1",
-				dbesc($loc['url']),
-				dbesc($sender_hash)
-			);
-
-			// federation plugins may wish to notify connections
-			// of the move on singleton networks
-
-			$arr = [
-				'channel'   => $r[0],
-				'locations' => $locations
-			];
-			/**
-			 * @hooks location_move
-			 *   Called when a new location has been provided to a UNO channel (indicating a move rather than a clone).
-			 *   * \e array \b channel
-			 *   * \e array \b locations
-			 */
-			call_hooks('location_move', $arr);
-		}
-	}
-
-
 	/**
 	 * @brief Returns an array with all known distinct hubs for this channel.
 	 *
@@ -2462,19 +2351,6 @@ class Libzot {
 					'deleted'  => (intval($hub['hubloc_deleted']) ? true : false)
 				];
 
-				// version compatibility tweaks
-
-				if (!strpos($z['url_sig'], '.')) {
-					$z['url_sig'] = 'sha256.' . $z['url_sig'];
-				}
-
-				if (!$z['id_url']) {
-					$z['id_url'] = $z['url'] . '/channel/' . substr($z['address'], 0, strpos($z['address'], '@'));
-				}
-				if (!$z['site_id']) {
-					$z['site_id'] = Libzot::make_xchan_hash($z['url'], $z['sitekey']);
-				}
-
 				$ret[] = $z;
 			}
 		}
@@ -2846,12 +2722,12 @@ class Libzot {
 		$e = $r[0];
 		$id = $e['channel_id'];
 
-		$sys_channel     = (intval($e['channel_system']) ? true : false);
+		$sys_channel     = ((empty($e['channel_system'])) ? false : true);
 		$special_channel = (($e['channel_pageflags'] & PAGE_PREMIUM) ? true : false);
 		$adult_channel   = (($e['channel_pageflags'] & PAGE_ADULT) ? true : false);
 		$censored        = (($e['channel_pageflags'] & PAGE_CENSORED) ? true : false);
 		$searchable      = (($e['channel_pageflags'] & PAGE_HIDDEN) ? false : true);
-		$deleted         = (intval($e['xchan_deleted']) ? true : false);
+		$deleted         = ((empty($e['xchan_deleted'])) ? false : true);
 
 		if ($deleted || $censored || $sys_channel)
 			$searchable = false;
@@ -2903,8 +2779,8 @@ class Libzot {
 
 		// Communication details
 
-		$ret['id']     = $e['xchan_guid'];
-		$ret['id_sig'] = self::sign($e['xchan_guid'], $e['channel_prvkey']);
+		$ret['id']     = $e['channel_guid'];
+		$ret['id_sig'] = self::sign($e['channel_guid'], $e['channel_prvkey']);
 
 		$ret['primary_location'] = [
 			'address'         => $e['xchan_addr'],
@@ -2913,10 +2789,10 @@ class Libzot {
 			'follow_url'      => $e['xchan_follow'],
 		];
 
-		$ret['public_key']   = $e['xchan_pubkey'];
+		$ret['public_key']   = $e['channel_pubkey'];
 		$ret['signing_algorithm'] = 'rsa-sha256';
 		$ret['username']     = $e['channel_address'];
-		$ret['name']         = $e['xchan_name'];
+		$ret['name']         = $e['channel_name'];
 		$ret['name_updated'] = $e['xchan_name_date'];
 		$ret['photo']        = [
 			'url'     => $e['xchan_photo_l'],

Zotlabs/Lib/Libzotdir.php

@@ -172,13 +172,12 @@ class Libzotdir {
 	}
 
 	/**
-	 * @brief Checks the directory mode of this hub.
+	 * @brief fetches updates from known directories
 	 *
 	 * Checks the directory mode of this hub to see if it is some form of directory server. If it is,
 	 * get the directory realm of this hub. Fetch a list of all other directory servers in this realm and request
-	 * a directory sync packet. This will contain both directory updates and new ratings. Store these all in the DB.
-	 * In the case of updates, we will query each of them asynchronously from a poller task. Ratings are stored
-	 * directly if the rater's signature matches.
+	 * a directory sync packet. Store these all in the DB.
+	 * In the case of updates, we will query each of them asynchronously from a poller task.
 	 *
 	 * @param int $dirmode;
 	 */
@@ -233,6 +232,8 @@ class Libzotdir {
 		if (! $r)
 			return;
 
+		$dir_trusted_hosts = array_merge(get_directory_fallback_servers(), get_config('system', 'trusted_directory_servers', []));
+
 		foreach ($r as $rr) {
 			if (! $rr['site_directory'])
 				continue;
@@ -264,31 +265,65 @@ class Libzotdir {
 
 			if (is_array($j['transactions']) && count($j['transactions'])) {
 				foreach ($j['transactions'] as $t) {
-
-					if (empty($t['hash']) || empty($t['transaction_id']) || empty($t['address'])) {
+					if (empty($t['hash']) || empty($t['host']) || empty($t['address'])) {
 						continue;
 					}
 
-					$r = q("select * from updates where ud_guid = '%s' limit 1",
-						dbesc($t['transaction_id'])
+					$r = q("select * from updates where ud_hash = '%s' limit 1",
+						dbesc($t['hash'])
 					);
-					if($r)
-						continue;
 
-					$ud_flags = 0;
-					if (is_array($t['flags']) && in_array('deleted',$t['flags']))
-						$ud_flags |= UPDATE_FLAGS_DELETED;
-					if (is_array($t['flags']) && in_array('forced',$t['flags']))
-						$ud_flags |= UPDATE_FLAGS_FORCED;
+					if ($r) {
+						$update = 0;
 
-					$z = q("insert into updates ( ud_hash, ud_guid, ud_date, ud_flags, ud_addr )
-						values ( '%s', '%s', '%s', %d, '%s' ) ",
-						dbesc($t['hash']),
-						dbesc($t['transaction_id']),
-						dbesc($t['timestamp']),
-						intval($ud_flags),
-						dbesc($t['address'])
-					);
+						// no need to look at updates that originated from our own site
+						if ($t['host'] === z_root()) {
+							continue;
+						}
+
+						// there is more recent xchan information
+						if ($r[0]['ud_date'] <= $t['timestamp']) {
+							$update = 1;
+						}
+
+						// the host is trusted and flags have changed - update flags immediately
+						if (in_array($t['host'], $dir_trusted_hosts) &&
+							$rr['site_url'] === $t['host'] &&
+							intval($r[0]['ud_flags']) !== intval($t['flags'])) {
+
+							q("UPDATE updates SET ud_update = %d, ud_flags = %d WHERE ud_id = %d",
+								intval($update),
+								intval($t['flags']),
+								dbesc($r[0]['ud_id'])
+							);
+
+							q("UPDATE xchan SET xchan_censored = %d WHERE xchan_hash = '%s'",
+								intval($t['flags']),
+								dbesc($r[0]['ud_hash'])
+							);
+
+							continue;
+						}
+
+						if (!$update) {
+							continue;
+						}
+
+						q("UPDATE updates SET ud_update = %d WHERE ud_id = %d",
+							intval($update),
+							dbesc($r[0]['ud_id'])
+						);
+					}
+					else {
+						q("insert into updates ( ud_hash, ud_host, ud_date, ud_addr, ud_update, ud_flags )
+							values ( '%s', '%s', '%s', '%s', 1, %d) ",
+							dbesc($t['hash']),
+							dbesc($t['host']),
+							dbesc($t['timestamp']),
+							dbesc($t['address']),
+							dbesc(in_array($t['host'], $dir_trusted_hosts) ? $t['flags'] : 0)
+						);
+					}
 				}
 			}
 		}
@@ -303,8 +338,9 @@ class Libzotdir {
 	 *
 	 * Ignore updating records marked as deleted.
 	 *
-	 * If successful, sets ud_last in the DB to the current datetime for this
+	 * If successful, sets ud_updated in the DB to the current datetime for this
 	 * reddress/webbie.
+	 * Else update ud_last so we can stop trying after 7 days (Daemon/Poller.php)
 	 *
 	 * @param array $ud Entry from update table
 	 */
@@ -313,32 +349,47 @@ class Libzotdir {
 
 		logger('update_directory_entry: ' . print_r($ud,true), LOGGER_DATA);
 
-		if ($ud['ud_addr'] && (! ($ud['ud_flags'] & UPDATE_FLAGS_DELETED))) {
-			$success = false;
-			$zf = [];
+		// TODO: remove this check after all directory servers have version > 8.4
+		// ud_addr will always be the channel url at that time
+		$href = ((strpos($ud['ud_addr'], '://') === false) ? Webfinger::zot_url(punify($ud['ud_addr'])) : punify($ud['ud_addr']));
+		if($href) {
+			$zf = Zotfinger::exec($href);
+			if($zf && array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
+				$xc = Libzot::import_xchan($zf['data']);
+
+				// xchan_hash mismatch - this can happen after a site re-install at the same url
+				if ($xc['success'] && $xc['hash'] !== $ud['ud_hash']) {
+					self::delete_by_hash($ud['ud_hash']);
+				}
+
+				// backwards compatibility: Libzot::import_xchan(), where self::update() is called,
+				// will fail with versions < 8.4 if the channel has been locally deleted.
+				// In this case we will update the updates record here without bumping the date
+				// since we could not verify if anything changed.
+				if (!$xc['success'] && !empty($zf['data']['deleted_locally'])) {
+					self::update($ud['ud_hash'], $ud['ud_addr'], false);
+				}
 
-			$href = Webfinger::zot_url(punify($ud['ud_addr']));
-			if($href) {
-				$zf = Zotfinger::exec($href);
-			}
-			if(array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
-				$xc = Libzot::import_xchan($zf['data'], 0, $ud);
 				// This is a workaround for a missing xchan_updated column
 				// TODO: implement xchan_updated in the xchan table and update this column instead
-				if($zf['data']['primary_location']['address'] && $zf['data']['primary_location']['url']) {
+				if(!empty($zf['data']['primary_location']['url'])) {
 					q("UPDATE hubloc SET hubloc_updated = '%s' WHERE hubloc_id_url = '%s' AND hubloc_primary = 1",
 						dbesc(datetime_convert()),
 						dbesc($zf['data']['primary_location']['url'])
 					);
 				}
-			}
-			else {
-				q("update updates set ud_last = '%s' where ud_addr = '%s'",
-					dbesc(datetime_convert()),
-					dbesc($ud['ud_addr'])
-				);
+
+				return true;
 			}
 		}
+
+		q("UPDATE updates SET ud_addr = '%s', ud_last = '%s' WHERE ud_hash = '%s'",
+			dbesc($href ? $href : $ud['ud_addr']),
+			dbesc(datetime_convert()),
+			dbesc($ud['ud_hash'])
+		);
+
+		return false;
 	}
 
 
@@ -353,85 +404,78 @@ class Libzotdir {
 	 */
 
 	static function local_dir_update($uid, $force) {
+		logger('local_dir_update uid: ' . $uid, LOGGER_DEBUG);
 
-
-		logger('local_dir_update: uid: ' . $uid, LOGGER_DEBUG);
-
-		$p = q("select channel.channel_hash, channel_address, channel_timezone, profile.* from profile left join channel on channel_id = uid where uid = %d and is_default = 1",
+		$p = q("select channel.channel_hash, channel_address, channel_timezone, profile.*, xchan.xchan_hidden, xchan.xchan_url from profile left join channel on channel_id = uid left join xchan on channel_hash = xchan_hash where profile.uid = %d and profile.is_default = 1",
 			intval($uid)
 		);
 
-		$profile = array();
-		$profile['encoding'] = 'zot';
-
-		if ($p) {
-			$hash = $p[0]['channel_hash'];
-
-			$profile['description'] = $p[0]['pdesc'];
-			$profile['birthday']    = $p[0]['dob'];
-			if ($age = age($p[0]['dob'],$p[0]['channel_timezone'],''))
-				$profile['age'] = $age;
-
-			$profile['gender']      = $p[0]['gender'];
-			$profile['marital']     = $p[0]['marital'];
-			$profile['sexual']      = $p[0]['sexual'];
-			$profile['locale']      = $p[0]['locality'];
-			$profile['region']      = $p[0]['region'];
-			$profile['postcode']    = $p[0]['postal_code'];
-			$profile['country']     = $p[0]['country_name'];
-			$profile['about']       = $p[0]['about'];
-			$profile['homepage']    = $p[0]['homepage'];
-			$profile['hometown']    = $p[0]['hometown'];
-
-			if ($p[0]['keywords']) {
-				$tags = array();
-				$k = explode(' ', $p[0]['keywords']);
-				if ($k)
-					foreach ($k as $kk)
-						if (trim($kk))
-							$tags[] = trim($kk);
-
-				if ($tags)
-					$profile['keywords'] = $tags;
-			}
-
-			$hidden = (1 - intval($p[0]['publish']));
-
-			logger('hidden: ' . $hidden);
-
-			$r = q("select xchan_hidden from xchan where xchan_hash = '%s'",
-				dbesc($p[0]['channel_hash'])
-			);
-
-			if(intval($r[0]['xchan_hidden']) != $hidden) {
-				$r = q("update xchan set xchan_hidden = %d where xchan_hash = '%s'",
-					intval($hidden),
-					dbesc($hash)
-				);
-			}
-
-			$arr = [ 'channel_id' => $uid, 'hash' => $hash, 'profile' => $profile ];
-			call_hooks('local_dir_update', $arr);
-
-			$address = channel_reddress($p[0]);
-
-			if (perm_is_allowed($uid, '', 'view_profile')) {
-				self::import_directory_profile($hash, $arr['profile'], $address, 0);
-			}
-			else {
-				// they may have made it private
-				q("delete from xprof where xprof_hash = '%s'",
-					dbesc($hash)
-				);
-				q("delete from xtag where xtag_hash = '%s'",
-					dbesc($hash)
-				);
-			}
-
+		if (!$p) {
+			logger('profile not found');
+			return;
 		}
 
-		$ud_hash = random_string() . '@' . \App::get_hostname();
-		self::update_modtime($hash, $ud_hash, channel_reddress($p[0]),(($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
+		$profile = [];
+		$profile['encoding'] = 'zot';
+
+		$hash = $p[0]['channel_hash'];
+
+		$profile['description'] = $p[0]['pdesc'];
+		$profile['birthday']    = $p[0]['dob'];
+		if ($age = age($p[0]['dob'],$p[0]['channel_timezone'],''))
+			$profile['age'] = $age;
+
+		$profile['gender']      = $p[0]['gender'];
+		$profile['marital']     = $p[0]['marital'];
+		$profile['sexual']      = $p[0]['sexual'];
+		$profile['locale']      = $p[0]['locality'];
+		$profile['region']      = $p[0]['region'];
+		$profile['postcode']    = $p[0]['postal_code'];
+		$profile['country']     = $p[0]['country_name'];
+		$profile['about']       = $p[0]['about'];
+		$profile['homepage']    = $p[0]['homepage'];
+		$profile['hometown']    = $p[0]['hometown'];
+
+		if ($p[0]['keywords']) {
+			$tags = array();
+			$k = explode(' ', $p[0]['keywords']);
+			if ($k)
+				foreach ($k as $kk)
+					if (trim($kk))
+						$tags[] = trim($kk);
+
+			if ($tags)
+				$profile['keywords'] = $tags;
+		}
+
+		$hidden = (1 - intval($p[0]['publish']));
+
+		logger('hidden: ' . $hidden);
+
+		if(intval($p[0]['xchan_hidden']) !== $hidden) {
+			q("update xchan set xchan_hidden = %d where xchan_hash = '%s'",
+				intval($hidden),
+				dbesc($hash)
+			);
+		}
+
+		$arr = [ 'channel_id' => $uid, 'hash' => $hash, 'profile' => $profile ];
+		call_hooks('local_dir_update', $arr);
+
+		if (perm_is_allowed($uid, '', 'view_profile')) {
+			self::import_directory_profile($hash, $arr['profile']);
+		}
+		else {
+			// they may have made it private
+			q("delete from xprof where xprof_hash = '%s'",
+				dbesc($hash)
+			);
+			q("delete from xtag where xtag_hash = '%s'",
+				dbesc($hash)
+			);
+		}
+
+		self::update($hash, $p[0]['xchan_url']);
 	}
 
 
@@ -441,13 +485,10 @@ class Libzotdir {
 	 *
 	 * @param string $hash
 	 * @param array $profile
-	 * @param string $addr
-	 * @param number $ud_flags (optional) UPDATE_FLAGS_UPDATED
-	 * @param number $suppress_update (optional) default 0
 	 * @return boolean $updated if something changed
 	 */
 
-	static function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLAGS_UPDATED, $suppress_update = 0) {
+	static function import_directory_profile($hash, $profile) {
 
 		logger('import_directory_profile', LOGGER_DEBUG);
 		if (! $hash)
@@ -480,7 +521,12 @@ class Libzotdir {
 		$clean = array();
 		if (array_key_exists('keywords', $profile) and is_array($profile['keywords'])) {
 			self::import_directory_keywords($hash,$profile['keywords']);
+
 			foreach ($profile['keywords'] as $kw) {
+				if (in_array($kw, $clean)) {
+					continue;
+				}
+
 				$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
 				$kw = trim($kw, ',');
 				$clean[] = $kw;
@@ -587,9 +633,6 @@ class Libzotdir {
 		 */
 		call_hooks('import_directory_profile', $d);
 
-		if (($d['update']) && (! $suppress_update))
-			self::update_modtime($arr['xprof_hash'],random_string() . '@' . \App::get_hostname(), $addr, $ud_flags);
-
 		return $d['update'];
 	}
 
@@ -607,6 +650,10 @@ class Libzotdir {
 			dbesc($hash)
 		);
 
+		$xchan = q("select xchan_censored from xchan where xchan_hash = '%s'",
+			dbesc($hash)
+		);
+
 		if($r) {
 			foreach($r as $rr)
 				$existing[] = $rr['xtag_term'];
@@ -614,6 +661,10 @@ class Libzotdir {
 
 		$clean = array();
 		foreach($keywords as $kw) {
+			if (in_array($kw, $clean)) {
+				continue;
+			}
+
 			$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
 			$kw = trim($kw, ',');
 			$clean[] = $kw;
@@ -628,9 +679,10 @@ class Libzotdir {
 		}
 		foreach($clean as $x) {
 			if(! in_array($x, $existing)) {
-				$r = q("insert into xtag ( xtag_hash, xtag_term, xtag_flags) values ( '%s' ,'%s', 0 )",
+				$r = q("insert into xtag ( xtag_hash, xtag_term, xtag_flags) values ( '%s' ,'%s', %d )",
 					dbesc($hash),
-					dbesc($x)
+					dbesc($x),
+					intval($xchan[0]['xchan_censored'])
 				);
 			}
 		}
@@ -640,13 +692,12 @@ class Libzotdir {
 	/**
 	 * @brief
 	 *
-	 * @param string $hash
-	 * @param string $guid
-	 * @param string $addr
-	 * @param int $flags (optional) default 0
+	 * @param string $hash the channel hash
+	 * @param string $addr the channel url
+	 * @param bool $bump_date (optional) default true
 	 */
 
-	static function update_modtime($hash, $guid, $addr, $flags = 0) {
+	static function update($hash, $addr, $bump_date = true, $flag = null) {
 
 		$dirmode = intval(get_config('system', 'directory_mode'));
 
@@ -654,26 +705,70 @@ class Libzotdir {
 			return;
 		}
 
-		if (empty($hash) || empty($guid) || empty($addr)) {
+		if (empty($hash) || empty($addr)) {
 			return;
 		}
 
-		if($flags) {
-			q("insert into updates (ud_hash, ud_guid, ud_date, ud_flags, ud_addr ) values ( '%s', '%s', '%s', %d, '%s' )",
-				dbesc($hash),
-				dbesc($guid),
-				dbesc(datetime_convert()),
-				intval($flags),
-				dbesc($addr)
-			);
+		$u = q("SELECT * FROM updates WHERE ud_hash = '%s' LIMIT 1",
+			dbesc($hash)
+		);
+
+		$date_sql = '';
+		if ($bump_date) {
+			$date_sql = "ud_date = '" . dbesc(datetime_convert()) . "',";
 		}
-		else {
-			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
-				intval(UPDATE_FLAGS_UPDATED),
+
+		$flag_sql = '';
+		if ($flag !== null) {
+			$flag_sql = "ud_flags = '" . intval($flag) . "',";
+		}
+
+
+		if ($u) {
+			$x = q("UPDATE updates SET $date_sql $flag_sql ud_last = '%s', ud_host = '%s', ud_addr = '%s', ud_update = 0 WHERE ud_id = %d",
+				dbesc(NULL_DATE),
+				dbesc(z_root()),
 				dbesc($addr),
-				intval(UPDATE_FLAGS_UPDATED)
+				intval($u[0]['ud_id'])
 			);
+
+			return;
 		}
+
+		q("INSERT INTO updates (ud_hash, ud_host, ud_date, ud_addr, ud_flags) VALUES ( '%s', '%s', '%s', '%s', %d )",
+			dbesc($hash),
+			dbesc(z_root()),
+			dbesc(datetime_convert()),
+			dbesc($addr),
+			intval($flag)
+		);
+
+		return;
+
+	}
+
+
+	/**
+	 * @brief deletes a entry in updates by hash
+	 *
+	 * @param string $hash the channel hash
+	 * @return boolean
+	 */
+
+	static function delete_by_hash($hash) {
+		if (!$hash) {
+			return false;
+		}
+
+		$x = q("DELETE FROM updates WHERE ud_hash = '%s'",
+			dbesc($hash)
+		);
+
+		if ($x) {
+			return true;
+		}
+
+		return false;
 	}
 
 }

Zotlabs/Lib/MessageFilter.php

@@ -25,7 +25,7 @@ class MessageFilter {
 
 		if ($exclude) {
 			foreach ($exclude as $word) {
-				$word = trim($word);
+				$word = html_entity_decode(trim($word));
 				if (! $word) {
 					continue;
 				}
@@ -73,7 +73,7 @@ class MessageFilter {
 
 		if ($include) {
 			foreach ($include as $word) {
-				$word = trim($word);
+				$word = html_entity_decode(trim($word));
 				if (! $word) {
 					continue;
 				}

Zotlabs/Lib/Queue.php

@@ -57,7 +57,6 @@ class Queue {
 			outq_priority = outq_priority + %d,
 			outq_scheduled = '%s'
 			WHERE outq_hash = '%s'",
-
 			dbesc(datetime_convert()),
 			intval($add_priority),
 			dbesc($next),
@@ -65,16 +64,38 @@ class Queue {
 		);
 	}
 
-
-	static function remove($id,$channel_id = 0) {
-		logger('queue: remove queue item ' . $id,LOGGER_DEBUG);
+	public static function remove($id, $channel_id = 0) {
+		logger('queue: remove queue item ' . $id, LOGGER_DEBUG);
 		$sql_extra = (($channel_id) ? " and outq_channel = " . intval($channel_id) . " " : '');
 
-		q("DELETE FROM outq WHERE outq_hash = '%s' $sql_extra",
+		// figure out what endpoint it is going to.
+		$record = q("select outq_posturl from outq where outq_hash = '%s' $sql_extra",
 			dbesc($id)
 		);
-	}
 
+		if ($record) {
+			q("DELETE FROM outq WHERE outq_hash = '%s' $sql_extra",
+				dbesc($id)
+			);
+
+			// If there's anything remaining in the queue for this site, move one of them to the next active
+			// queue run by setting outq_scheduled back to the present. We may be attempting to deliver it
+			// as a 'piled_up' delivery, but this ensures the site has an active queue entry as long as queued
+			// entries still exist for it. This fixes an issue where one immediate delivery left everything
+			// else for that site undeliverable since all the other entries had been pushed far into the future.
+
+			$r = q("SELECT outq_hash, outq_posturl FROM outq WHERE outq_posturl = '%s' LIMIT 1",
+				dbesc($record[0]['outq_posturl'])
+			);
+
+			if ($r) {
+				$hashes = ids_to_querystr($r, 'outq_hash', true);
+				$x = q("UPDATE outq SET outq_scheduled = '%s' WHERE outq_hash IN ($hashes)",
+					dbesc(datetime_convert())
+				);
+			}
+		}
+	}
 
 	static function remove_by_posturl($posturl) {
 		logger('queue: remove queue posturl ' . $posturl,LOGGER_DEBUG);
@@ -84,8 +105,6 @@ class Queue {
 		);
 	}
 
-
-
 	static function set_delivered($id,$channel = 0) {
 		logger('queue: set delivered ' . $id,LOGGER_DEBUG);
 		$sql_extra = (($channel['channel_id']) ? " and outq_channel = " . intval($channel['channel_id']) . " " : '');
@@ -152,17 +171,19 @@ class Queue {
 			$y = q("select site_update, site_dead from site where site_url = '%s' ",
 				dbesc($base)
 			);
-			if($y) {
-				if(intval($y[0]['site_dead'])) {
+
+			if ($y) {
+				// Don't bother delivering if the site is dead.
+				// And if we haven't heard from the site in over a month - let them through but 3 strikes you're out.
+				if (intval($y[0]['site_dead']) || ($y[0]['site_update'] < datetime_convert('UTC', 'UTC', 'now - 1 month') && $outq['outq_priority'] > 20)) {
+					q("update dreport set dreport_result = '%s' where dreport_queue = '%s'",
+						dbesc('site dead'),
+						dbesc($outq['outq_hash'])
+					);
 					self::remove_by_posturl($outq['outq_posturl']);
 					logger('dead site ignored ' . $base);
 					return;
 				}
-				if($y[0]['site_update'] < datetime_convert('UTC','UTC','now - 1 month')) {
-					self::update($outq['outq_hash'], 10);
-					logger('immediate delivery deferred for site ' . $base);
-					return;
-				}
 			}
 			else {
 
@@ -225,7 +246,7 @@ class Queue {
 
 			if($result['success']) {
 				logger('deliver: remote zot delivery succeeded to ' . $outq['outq_posturl']);
-				Libzot::process_response($outq['outq_posturl'],$result, $outq);
+				Libzot::process_response($outq['outq_posturl'], $result, $outq);
 			}
 			else {
 				logger('deliver: remote zot delivery failed to ' . $outq['outq_posturl']);

Zotlabs/Lib/QueueWorker.php

@@ -24,7 +24,8 @@ class QueueWorker {
 	// Exceptions for processtimeout ($workermaxage) value.
 	// Currently the value is overriden with 3600 seconds (1h).
 	public static $long_running_cmd = [
-		'Queue'
+		'Queue',
+		'Expire'
 	];
 
 	private static function qstart() {
@@ -137,13 +138,33 @@ class QueueWorker {
 			self::$workermaxage = self::$workermaxage > 120 ? self::$workermaxage : 300;
 		}
 
-		q("update workerq set workerq_reservationid = null where workerq_reservationid is not null and workerq_processtimeout < %s",
+		self::qstart();
+
+		// skip locked is preferred but is not supported by mariadb < 10.6 which is still used a lot - hence make it optional
+		$sql_quirks = ((get_config('system', 'db_skip_locked_supported')) ? 'SKIP LOCKED' : 'NOWAIT');
+
+		$r = q("SELECT workerq_id FROM workerq WHERE workerq_reservationid IS NOT NULL AND workerq_processtimeout < %s FOR UPDATE $sql_quirks",
 			db_utcnow()
 		);
 
+		if ($r) {
+			// TODO: some long running services store their pid in config.procid.daemon
+			// we could possibly check if a pid exist and check if the process is still alive
+			// prior to reseting workerq_reservationid
+
+			$ids = ids_to_querystr($r, 'workerq_id');
+			$u = dbq("update workerq set workerq_reservationid = null where workerq_id in ($ids)");
+		}
+
+		self::qcommit();
+
+		//q("update workerq set workerq_reservationid = null where workerq_reservationid is not null and workerq_processtimeout < %s",
+			//db_utcnow()
+		//);
+
 		//usleep(self::$workersleep);
 
-		$workers = dbq("select count(distinct workerq_reservationid) as total from workerq where workerq_reservationid is not null");
+		$workers = dbq("select count(*) as total from workerq where workerq_reservationid is not null");
 		logger("WORKERCOUNT: " . $workers[0]['total'], LOGGER_DEBUG);
 
 		return intval($workers[0]['total']);
@@ -156,7 +177,7 @@ class QueueWorker {
 
 		$wid = uniqid('', true);
 
-		usleep(mt_rand(300000, 1000000)); //Sleep .3 - 1 seconds before creating a new worker.
+		//usleep(mt_rand(300000, 1000000)); //Sleep .3 - 1 seconds before creating a new worker.
 
 		$workers = self::GetWorkerCount();
 
@@ -175,13 +196,13 @@ class QueueWorker {
 
 		self::qstart();
 
-		// This is probably the better solution but is not supported by mariadb < 10.6 which is still used a lot.
-		// $work = dbq("SELECT workerq_id FROM workerq WHERE workerq_reservationid IS NULL ORDER BY workerq_priority DESC, workerq_id ASC LIMIT 1 FOR UPDATE SKIP LOCKED;");
+		// skip locked is preferred but is not supported by mariadb < 10.6 which is still used a lot - hence make it optional
+		$sql_quirks = ((get_config('system', 'db_skip_locked_supported')) ? 'SKIP LOCKED' : 'NOWAIT');
 
-		$work = dbq("SELECT workerq_id, workerq_cmd FROM workerq WHERE workerq_reservationid IS NULL ORDER BY workerq_priority DESC, workerq_id ASC LIMIT 1 FOR UPDATE;");
+		$work = dbq("SELECT workerq_id, workerq_cmd FROM workerq WHERE workerq_reservationid IS NULL ORDER BY workerq_priority DESC, workerq_id ASC LIMIT 1 FOR UPDATE $sql_quirks");
 
 		if (!$work) {
-			self::qcommit();
+			self::qrollback();
 			return false;
 		}
 

Zotlabs/Lib/ThreadItem.php

@@ -197,7 +197,7 @@ class ThreadItem {
 		$response_verbs = array('like');
 		if(feature_enabled($conv->get_profile_owner(),'dislike'))
 			$response_verbs[] = 'dislike';
-		if($item['obj_type'] === ACTIVITY_OBJ_EVENT) {
+		if(in_array($item['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) {
 			$response_verbs[] = 'attendyes';
 			$response_verbs[] = 'attendno';
 			$response_verbs[] = 'attendmaybe';
@@ -299,7 +299,7 @@ class ThreadItem {
 		}
 
 		$has_event = false;
-		if(($item['obj_type'] === ACTIVITY_OBJ_EVENT) && $conv->get_profile_owner() == local_channel())
+		if((in_array($item['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) && $conv->get_profile_owner() == local_channel())
 			$has_event = true;
 
 		$like = [];
@@ -503,7 +503,10 @@ class ThreadItem {
 			'thread_level' => $thread_level,
 			'settings' => $settings,
 			'thr_parent' => (($item['parent_mid'] != $item['thr_parent']) ? gen_link_id($item['thr_parent']) : ''),
-			'contact_id' => (($contact) ? $contact['abook_id'] : '')
+			'contact_id' => (($contact) ? $contact['abook_id'] : ''),
+			'moderate' => ($item['item_blocked'] == ITEM_MODERATED),
+			'moderate_approve' => t('Approve'),
+			'moderate_delete' => t('Delete')
 
 		);
 

Zotlabs/Lib/ThreadListener.php

@@ -4,18 +4,30 @@ namespace Zotlabs\Lib;
 
 class ThreadListener {
 
+	public static function isEnabled() {
+		return Config::Get('system','enable_thread_listener');
+	}
+
 	static public function store($target_id,$portable_id,$ltype = 0) {
+		if (!self::isEnabled()) {
+			return true;
+		}
+
 		$x = self::fetch($target_id,$portable_id,$ltype = 0);
-		if(! $x) {  
+		if(! $x) {
 			$r = q("insert into listeners ( target_id, portable_id, ltype ) values ( '%s', '%s' , %d ) ",
 				dbesc($target_id),
 				dbesc($portable_id),
 				intval($ltype)
 			);
-		}  	
+		}
 	}
 
 	static public function fetch($target_id,$portable_id,$ltype = 0) {
+		if (!self::isEnabled()) {
+			return false;
+		}
+
 		$x = q("select * from listeners where target_id = '%s' and portable_id = '%s' and ltype = %d limit 1",
 			dbesc($target_id),
 			dbesc($portable_id),
@@ -28,6 +40,10 @@ class ThreadListener {
 	}
 
 	static public function fetch_by_target($target_id,$ltype = 0) {
+		if (!self::isEnabled()) {
+			return [];
+		}
+
 		$x = q("select * from listeners where target_id = '%s' and ltype = %d",
 			dbesc($target_id),
 			intval($ltype)

Zotlabs/Module/Acl.php

@@ -378,6 +378,7 @@ class Acl extends \Zotlabs\Web\Controller {
 							"name"     => $g['name'],
 							"id"	   => urlencode($g['id']),
 							"xid"      => $g['hash'],
+							"url"      => $g['url'],
 							"link"     => $clink,
 							"nick"     => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
 							"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),

Zotlabs/Module/Admin/Queueworker.php

@@ -41,7 +41,7 @@ class Queueworker extends Controller {
 
 		$content .= "<H4>There are " . $r[0]['total'] . " queue items to be processed.</H4>";
 
-		$r = dbq("select count(distinct workerq_reservationid) as qworkers from workerq where workerq_reservationid is not null");
+		$r = dbq("select count(*) as qworkers from workerq where workerq_reservationid is not null");
 
 		$content .= "<H4>Active workers: " . $r[0]['qworkers'] . "</H4>";
 

Zotlabs/Module/Admin/Security.php

@@ -7,12 +7,12 @@ class Security {
 
 	function post() {
 		check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
-	
+
 		$allowed_email        = ((x($_POST,'allowed_email'))	    ? notags(trim($_POST['allowed_email']))		: '');
 		$not_allowed_email    = ((x($_POST,'not_allowed_email'))	? notags(trim($_POST['not_allowed_email']))		: '');
 
 		set_config('system','allowed_email', $allowed_email);
-		set_config('system','not_allowed_email', $not_allowed_email);	
+		set_config('system','not_allowed_email', $not_allowed_email);
 
 		$block_public         = ((x($_POST,'block_public'))		? True	: False);
 		set_config('system','block_public',$block_public);
@@ -25,22 +25,22 @@ class Security {
 
 		$ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
 		set_config('system','whitelisted_sites',$ws);
-	
+
 		$bs = $this->trim_array_elems(explode("\n",$_POST['blacklisted_sites']));
 		set_config('system','blacklisted_sites',$bs);
-	
+
 		$wc = $this->trim_array_elems(explode("\n",$_POST['whitelisted_channels']));
 		set_config('system','whitelisted_channels',$wc);
-	
+
 		$bc = $this->trim_array_elems(explode("\n",$_POST['blacklisted_channels']));
 		set_config('system','blacklisted_channels',$bc);
-	
+
 		$embed_sslonly         = ((x($_POST,'embed_sslonly'))		? True	: False);
 		set_config('system','embed_sslonly',$embed_sslonly);
-	
+
 		$we = $this->trim_array_elems(explode("\n",$_POST['embed_allow']));
 		set_config('system','embed_allow',$we);
-	
+
 		$be = $this->trim_array_elems(explode("\n",$_POST['embed_deny']));
 		set_config('system','embed_deny',$be);
 
@@ -49,47 +49,54 @@ class Security {
 
 		$inline_pdf = ((x($_POST,'inline_pdf')) ? intval($_POST['inline_pdf']) : 0);
 		set_config('system', 'inline_pdf' , $inline_pdf);
-	
+
 		$ts = ((x($_POST,'transport_security')) ? True : False);
 		set_config('system','transport_security_header',$ts);
 
 		$cs = ((x($_POST,'content_security')) ? True : False);
 		set_config('system','content_security_policy',$cs);
 
+		$trusted_directory_servers = $this->trim_array_elems(explode("\n", $_POST['trusted_directory_servers']));
+		set_config('system', 'trusted_directory_servers', $trusted_directory_servers);
+
 		goaway(z_root() . '/admin/security');
 	}
-	
-	
+
+
 
 	function get() {
-	
+
 		$whitesites = get_config('system','whitelisted_sites');
 		$whitesites_str = ((is_array($whitesites)) ? implode("\n",$whitesites) : '');
-	
+
 		$blacksites = get_config('system','blacklisted_sites');
 		$blacksites_str = ((is_array($blacksites)) ? implode("\n",$blacksites) : '');
-	
-	
+
+
 		$whitechannels = get_config('system','whitelisted_channels');
 		$whitechannels_str = ((is_array($whitechannels)) ? implode("\n",$whitechannels) : '');
-	
+
 		$blackchannels = get_config('system','blacklisted_channels');
 		$blackchannels_str = ((is_array($blackchannels)) ? implode("\n",$blackchannels) : '');
-	
-	
+
+
 		$whiteembeds = get_config('system','embed_allow');
 		$whiteembeds_str = ((is_array($whiteembeds)) ? implode("\n",$whiteembeds) : '');
-	
+
 		$blackembeds = get_config('system','embed_deny');
 		$blackembeds_str = ((is_array($blackembeds)) ? implode("\n",$blackembeds) : '');
-	
+
+		$trusted_directory_servers = get_config('system', 'trusted_directory_servers');
+		$trusted_directory_servers_str = ((is_array($trusted_directory_servers)) ? implode("\n", $trusted_directory_servers) : '');
+		$is_dir = (intval(get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL)) !== DIRECTORY_MODE_NORMAL);
+
 		$embed_coop = intval(get_config('system','embed_coop'));
-	
+
 		if((! $whiteembeds) && (! $blackembeds)) {
 			$embedhelp1 = t("By default, unfiltered HTML is allowed in embedded media. This is inherently insecure.");
 		}
 
-		$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:"); 
+		$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:");
 		$embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />");
 		$embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked.");
 
@@ -99,7 +106,7 @@ class Security {
 			'$page' => t('Security'),
 			'$form_security_token' => get_form_security_token('admin_security'),
 	        '$block_public'     => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
-			'$cloud_noroot'     => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ], 
+			'$cloud_noroot'     => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ],
 			'$cloud_disksize'     => [ 'cloud_disksize', t('Show total disk space available to cloud uploads'), intval(get_config('system','cloud_report_disksize')), '' ],
 			'$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(get_config('system','transport_security_header')),''),
 			'$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(get_config('system','content_security_policy')),''),
@@ -115,6 +122,8 @@ class Security {
 			'$thumbnail_security'   => [ 'thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.") ],
 			'$inline_pdf'   => [ 'inline_pdf', t("Allow embedded (inline) PDF files"), get_config('system','inline_pdf',0), '' ],
 
+			'$trusted_directory_servers' => (($is_dir) ? ['trusted_directory_servers', t('Additional trusted directory server URLs'), $trusted_directory_servers_str, t('Accept directory flags (spam, nsfw) from those servers. One per line like https://example.tld')] : ''),
+
 //	        '$embed_coop'     => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
 
 			'$submit' => t('Submit')
@@ -124,7 +133,7 @@ class Security {
 
 	function trim_array_elems($arr) {
 		$narr = array();
-	
+
 		if($arr && is_array($arr)) {
 			for($x = 0; $x < count($arr); $x ++) {
 				$y = trim($arr[$x]);
@@ -134,6 +143,6 @@ class Security {
 		}
 		return $narr;
 	}
-	
-	
+
+
 }

Zotlabs/Module/Admin/Site.php

@@ -67,7 +67,6 @@ class Site {
 		$open_pubstream     =   ((x($_POST,'open_pubstream')) ? True : False);
 		$login_on_homepage	=	((x($_POST,'login_on_homepage'))		? True	:	False);
 		$enable_context_help = ((x($_POST,'enable_context_help'))		? True	:	False);
-		$global_directory     = ((x($_POST,'directory_submit_url'))	? notags(trim($_POST['directory_submit_url']))	: '');
 		$no_community_page    = !((x($_POST,'no_community_page'))	? True	:	False);
 		$default_expire_days  = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0);
 		$active_expire_days  = ((array_key_exists('active_expire_days',$_POST)) ? intval($_POST['active_expire_days']) : 7);
@@ -181,7 +180,7 @@ class Site {
 			set_config('system', 'admininfo', $admininfo);
 		}
 		set_config('system','siteinfo',$siteinfo);
-		set_config('system', 'language', $language);
+		//set_config('system', 'language', $language);
 		set_config('system', 'theme', $theme);
 		//		if ( $theme_mobile === '---' ) {
 		//			del_config('system', 'mobile_theme');
@@ -206,11 +205,6 @@ class Site {
 		set_config('system','site_firehose', $site_firehose);
 		set_config('system','open_pubstream', $open_pubstream);
 		//set_config('system','force_queue_threshold', $force_queue);
-		if ($global_directory == '') {
-			del_config('system', 'directory_submit_url');
-		} else {
-			set_config('system', 'directory_submit_url', $global_directory);
-		}
 
 		set_config('system','no_community_page', $no_community_page);
 		set_config('system','no_utf', $no_utf);
@@ -283,7 +277,7 @@ class Site {
 		}
 
 		$dir_choices = null;
-		$dirmode = get_config('system','directory_mode');
+		$dirmode = get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL);
 		$realm = get_directory_realm();
 
 		// directory server should not be set or settable unless we are a directory client
@@ -301,6 +295,12 @@ class Site {
 					$dir_choices[$xx['site_url']] = $xx['site_url'];
 				}
 			}
+			if ($realm === DIRECTORY_REALM) {
+				$fallback_servers = get_directory_fallback_servers();
+				foreach ($fallback_servers as $fallback_server) {
+					$dir_choices[$fallback_server] = $fallback_server;
+				}
+			}
 		}
 
 		/* Banner */
@@ -425,7 +425,7 @@ class Site {
 			'$banner'			=> array('banner', t("Banner/Logo"), $banner, t('Unfiltered HTML/CSS/JS is allowed')),
 			'$admininfo'		=> array('admininfo', t("Administrator Information"), $admininfo, t("Contact information for site administrators.  Displayed on siteinfo page.  BBCode can be used here")),
 			'$siteinfo'		=> array('siteinfo', t('Site Information'), get_config('system','siteinfo'), t("Publicly visible description of this site.  Displayed on siteinfo page.  BBCode can be used here")),
-			'$language' 		=> array('language', t("System language"), get_config('system','language'), "", $lang_choices),
+			//'$language' 		=> array('language', t("System language"), get_config('system','language'), "", $lang_choices),
 			'$theme' 			=> array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices),
 		//			'$theme_mobile' 	=> array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile),
 		//			'$site_channel' 	=> array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")),

Zotlabs/Module/Attach.php

@@ -95,7 +95,7 @@ class Attach extends Controller {
 			killme();
 		}
 
-		$r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0));
+		$r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0), $token);
 
 		if (!$r['success']) {
 			notice($r['message'] . EOL);

Zotlabs/Module/Cal.php

@@ -65,13 +65,9 @@ class Cal extends Controller {
 
 		nav_set_selected('Calendar');
 
-		head_add_css('/library/fullcalendar/packages/core/main.min.css');
-		head_add_css('/library/fullcalendar/packages/daygrid/main.min.css');
+		head_add_js('/library/fullcalendar/dist/index.global.js');
 		head_add_css('cdav_calendar.css');
 
-		head_add_js('/library/fullcalendar/packages/core/main.min.js');
-		head_add_js('/library/fullcalendar/packages/daygrid/main.min.js');
-
 		$sql_extra = permissions_sql($channel['channel_id'], get_observer_hash(), 'event');
 
 		if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_contacts') || App::$profile['hide_friends'])

Zotlabs/Module/Cdav.php

@@ -901,19 +901,9 @@ class Cdav extends Controller {
 
 		//Display calendar(s) here
 		if(argc() <= 3 && argv(1) === 'calendar') {
-
-			head_add_css('/library/fullcalendar/packages/core/main.min.css');
-			head_add_css('/library/fullcalendar/packages/daygrid/main.min.css');
-			head_add_css('/library/fullcalendar/packages/timegrid/main.min.css');
-			head_add_css('/library/fullcalendar/packages/list/main.min.css');
+			head_add_js('/library/fullcalendar/dist/index.global.js');
 			head_add_css('cdav_calendar.css');
 
-			head_add_js('/library/fullcalendar/packages/core/main.min.js');
-			head_add_js('/library/fullcalendar/packages/interaction/main.min.js');
-			head_add_js('/library/fullcalendar/packages/daygrid/main.min.js');
-			head_add_js('/library/fullcalendar/packages/timegrid/main.min.js');
-			head_add_js('/library/fullcalendar/packages/list/main.min.js');
-
 			$o = '';
 			$sources = '';
 			$resource_id = '';

Zotlabs/Module/Channel.php

@@ -247,9 +247,7 @@ class Channel extends Controller {
 				$channel_acl = ['allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => ''];
 			}
 
-
 			if ($perms['post_wall']) {
-
 				$x = [
 					'is_owner'            => $is_owner,
 					'allow_location'      => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'], 'system', 'use_browser_location')))) ? true : false),
@@ -273,6 +271,12 @@ class Channel extends Controller {
 				$o .= status_editor($a, $x, false, 'Channel');
 			}
 
+			// Add pinned content
+			if (!x($_REQUEST, 'mid') && !$search) {
+				$pinned = new \Zotlabs\Widget\Pinned;
+				$r = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]);
+				$o .= $r['html'];
+			}
 		}
 
 
@@ -280,13 +284,9 @@ class Channel extends Controller {
 		 * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
 		 */
 
-		$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_deleted = 0
-		    and item.item_unpublished = 0 and item.item_pending_remove = 0
-		    and item.item_blocked = 0 ";
-		if (!$is_owner)
-			$item_normal .= "and item.item_delayed = 0 ";
+		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
-		$sql_extra          = item_permissions_sql(App::$profile['profile_uid']);
+		$sql_extra = item_permissions_sql(App::$profile['profile_uid']);
 
 		if (feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && (!$mid))
 			$page_mode = 'list';
@@ -423,17 +423,14 @@ class Channel extends Controller {
 			$items = [];
 		}
 
-		// Add pinned content
-		if (!x($_REQUEST, 'mid') && !$search) {
-			$pinned = new \Zotlabs\Widget\Pinned;
-			$r      = $pinned->widget(intval(App::$profile['profile_uid']), [ITEM_TYPE_POST]);
-			$o      .= $r['html'];
-		}
+
 
 		$mode = (($search) ? 'search' : 'channel');
 
 		if ((!$update) && (!$load)) {
 
+
+
 			//if we got a decoded hash we must encode it again before handing to javascript
 			$mid = gen_link_id($mid);
 

Zotlabs/Module/Chanview.php

@@ -16,17 +16,17 @@ class Chanview extends \Zotlabs\Web\Controller {
 
 		$r = null;
 
-		if(isset($_REQUEST['hash']) && $_REQUEST['hash']) {
+		if(!empty($_REQUEST['hash'])) {
 			$r = q("select * from xchan where xchan_hash = '%s' and xchan_deleted = 0",
 				dbesc($_REQUEST['hash'])
 			);
 		}
-		if(isset($_REQUEST['address']) && $_REQUEST['address']) {
+		if(!empty($_REQUEST['address'])) {
 			$r = q("select * from xchan where xchan_addr = '%s' and xchan_deleted = 0",
 				dbesc(punify($_REQUEST['address']))
 			);
 		}
-		elseif(local_channel() && isset($_REQUEST['cid']) && $_REQUEST['cid']) {
+		elseif(local_channel() && !empty($_REQUEST['cid'])) {
 			$r = q("SELECT abook.*, xchan.*
 				FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d and abook_id = %d and xchan_deleted = 0",
@@ -34,8 +34,7 @@ class Chanview extends \Zotlabs\Web\Controller {
 				intval($_REQUEST['cid'])
 			);
 		}
-		elseif(isset($_REQUEST['url']) && $_REQUEST['url']) {
-
+		elseif(!empty($_REQUEST['url'])) {
 			// if somebody re-installed they will have more than one xchan, use the most recent name date as this is
 			// the most useful consistently ascending table item we have.
 
@@ -56,7 +55,7 @@ class Chanview extends \Zotlabs\Web\Controller {
 		if(! App::$poi) {
 			logger('mod_chanview: fallback');
 
-			if(isset($_REQUEST['address']) && $_REQUEST['address']) {
+			if(!empty($_REQUEST['address'])) {
 				$href = Webfinger::zot_url(punify($_REQUEST['address']));
 				if($href) {
 					$_REQUEST['url'] = $href;
@@ -65,9 +64,9 @@ class Chanview extends \Zotlabs\Web\Controller {
 
 			$r = null;
 
-			if(isset($_REQUEST['url']) && $_REQUEST['url']) {
+			if(!empty($_REQUEST['url'])) {
 
-				$zf = Zotfinger::exec($_REQUEST['url'], null);
+				$zf = Zotfinger::exec($_REQUEST['url']);
 
 				if(array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $_REQUEST['url'] && intval($zf['signature']['header_valid'])) {
 					Libzot::import_xchan($zf['data']);
@@ -79,6 +78,7 @@ class Chanview extends \Zotlabs\Web\Controller {
 					}
 				}
 				if(! $r) {
+
 					if(discover_by_webbie($_REQUEST['url'])) {
 						$r = q("select * from xchan where xchan_url = '%s' and xchan_deleted = 0",
 							dbesc($_REQUEST['url'])

Zotlabs/Module/Chat.php

@@ -212,7 +212,7 @@ class Chat extends Controller {
 				'$online' => t('I am online'),
 				'$bookmark_link' => $bookmark_link,
 				'$bookmark' => t('Bookmark this room'),
-				'$feature_encrypt' => ((feature_enabled(local_channel(),'content_encrypt')) ? true : false),
+				'$feature_encrypt' => ((feature_enabled(App::$profile['profile_uid'], 'content_encrypt')) ? true : false),
 				'$cipher' => $cipher,
 				'$linkurl' => t('Please enter a link URL:'),
 				'$encrypt' => t('Encrypt text'),

Zotlabs/Module/Connections.php

@@ -145,6 +145,7 @@ class Connections extends \Zotlabs\Web\Controller {
 		}
 
 		$search = ((x($_REQUEST,'search')) ? notags(trim($_REQUEST['search'])) : '');
+		$search_xchan = ((x($_REQUEST,'search_xchan')) ? notags(trim($_REQUEST['search_xchan'])) : '');
 
 		$tabs = array(
 			/*
@@ -233,10 +234,15 @@ class Connections extends \Zotlabs\Web\Controller {
 
 		if($search) {
 			$search_hdr = $search;
-			$search_txt = dbesc(protect_sprintf(preg_quote($search)));
-			$searching = true;
+			$search_txt = (($search_xchan) ? urldecode($search_xchan) : preg_quote($search));
+
+			if ($search_xchan) {
+				$sql_extra .= " AND xchan_hash = '" . protect_sprintf(dbesc($search_txt)) . "' ";
+			}
+			else {
+				$sql_extra .= " AND xchan_name LIKE '%%" . protect_sprintf(dbesc($search_txt)) . "%%' ";
+			}
 		}
-		$sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : "");
 
 		if(isset($_REQUEST['gid']) && $_REQUEST['gid']) {
 			$sql_extra .= " and xchan_hash in ( select xchan from pgrp_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) ";
@@ -396,7 +402,7 @@ class Connections extends \Zotlabs\Web\Controller {
 				'$search' => $search_hdr,
 				'$label' => t('Search'),
 				'$role_label' => t('Contact role'),
-				'$desc' => t('Search your connections'),
+				'$desc' => $search ?? t('Search your connections'),
 				'$finding' => (($searching) ? t('Contact search') . ": '" . $search . "'" : ""),
 				'$submit' => t('Find'),
 				'$edit' => t('Edit'),

Zotlabs/Module/Conversation.php

@@ -0,0 +1,188 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\Activity;
+use Zotlabs\Lib\Libzot;
+use Zotlabs\Web\HTTPSig;
+use Zotlabs\Lib\LDSignatures;
+use Zotlabs\Lib\ThreadListener;
+use Zotlabs\Lib\Config;
+use App;
+
+class Conversation extends Controller {
+
+	public function init() {
+
+		if (ActivityStreams::is_as_request()) {
+			$item_id = argv(1);
+
+			if (!$item_id) {
+				http_status_exit(404, 'Not found');
+			}
+
+			$portable_id = EMPTY_STR;
+
+			$item_normal_extra = sprintf(" and not verb in ('%s', '%s') ",
+				dbesc(ACTIVITY_FOLLOW),
+				dbesc(ACTIVITY_UNFOLLOW)
+			);
+
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";
+
+			$i = null;
+
+			// do we have the item (at all)?
+
+			$r = q("select parent_mid from item where mid = '%s' or uuid = '%s' $item_normal order by item_wall desc limit 1",
+				dbesc(z_root() . '/item/' . $item_id),
+				dbesc($item_id)
+			);
+
+			if (!$r) {
+				http_status_exit(404, 'Not found');
+			}
+
+			// process an authenticated fetch
+
+			$sigdata = HTTPSig::verify(EMPTY_STR);
+			if ($sigdata['portable_id'] && $sigdata['header_valid']) {
+				$portable_id = $sigdata['portable_id'];
+				observer_auth($portable_id);
+
+				// first see if we have a copy of this item's parent owned by the current signer
+				// include xchans for all zot-like networks - these will have the same guid and public key
+
+				$x = q(
+					"select * from xchan where xchan_hash = '%s'",
+					dbesc($sigdata['portable_id'])
+				);
+
+				if ($x) {
+					$xchans = q(
+						"select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ",
+						dbesc($sigdata['portable_id']),
+						dbesc($x[0]['xchan_guid']),
+						dbesc($x[0]['xchan_pubkey'])
+					);
+
+					if ($xchans) {
+						$hashes = ids_to_querystr($xchans, 'xchan_hash', true);
+						$i = q(
+							"select id as item_id from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) limit 1",
+							dbesc($r[0]['parent_mid'])
+						);
+					}
+				}
+			}
+			elseif (Config::get('system', 'require_authenticated_fetch', false)) {
+				http_status_exit(403, 'Permission denied');
+			}
+
+			// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
+			// with a bias towards those items owned by channels on this site (item_wall = 1)
+
+			$sql_extra = item_permissions_sql(0);
+
+			if (!$i) {
+				$i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
+					dbesc($r[0]['parent_mid'])
+				);
+			}
+
+			if (!$i) {
+				http_status_exit(403, 'Forbidden');
+			}
+
+			$parents_str = ids_to_querystr($i, 'item_id');
+			$itemspage = 30;
+			$page = $_REQUEST['page'] ?? 1;
+			$offset = (intval($page) - 1) * $itemspage;
+
+			$items = dbq("SELECT item.*,
+				item.id AS item_id,
+				(SELECT count(*) FROM item WHERE item.parent IN ( $parents_str ) $item_normal) AS total
+				FROM item WHERE item.parent IN ( $parents_str ) $item_normal order by item.id LIMIT $itemspage OFFSET $offset"
+			);
+
+			if (!$items) {
+				http_status_exit(404, 'Not found');
+			}
+
+			xchan_query($items, true);
+			$items = fetch_post_tags($items);
+
+			$observer = App::get_observer();
+			$parent = $items[0];
+			$recips = (($parent['owner']['xchan_network'] === 'activitypub') ? get_iconfig($parent['id'], 'activitypub', 'recips', []) : []);
+			$to = (($recips && array_key_exists('to', $recips) && is_array($recips['to'])) ? $recips['to'] : null);
+			$nitems = [];
+			foreach ($items as $i) {
+				$mids = [];
+
+				if (intval($i['item_private'])) {
+					if (!$observer) {
+						continue;
+					}
+					/*
+					// ignore private reshare, possibly from hubzilla
+					if ($i['verb'] === 'Announce') {
+						if (!in_array($i['thr_parent'], $mids)) {
+							$mids[] = $i['thr_parent'];
+						}
+						continue;
+					}
+					// also ignore any children of the private reshares
+					if (in_array($i['thr_parent'], $mids)) {
+						continue;
+					}
+					*/
+
+					if ((!$to) || (!in_array($observer['xchan_url'], $to))) {
+						continue;
+					}
+				}
+				$nitems[] = $i;
+			}
+
+			if (!$nitems) {
+				http_status_exit(404, 'Not found');
+			}
+
+			App::set_pager_total($nitems[0]['total']);
+			App::set_pager_itemspage($itemspage);
+
+			$channel = channelx_by_n($nitems[0]['uid']);
+
+			if (!$channel) {
+				http_status_exit(404, 'Not found');
+			}
+
+			if (!perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_stream')) {
+				http_status_exit(403, 'Forbidden');
+			}
+
+			$i = Activity::encode_item_collection($nitems, App::$query_string, 'OrderedCollection', $nitems[0]['total']);
+
+			if (!$i) {
+				http_status_exit(404, 'Not found');
+			}
+
+			if ($portable_id && (!intval($nitems[0]['item_private']))) {
+				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
+					intval($nitems[0]['uid']),
+					dbesc($portable_id)
+				);
+				if (!$c) {
+					ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
+				}
+			}
+
+			as_return_and_die($i, $channel);
+		}
+
+		goaway(z_root() . '/item/' . argv(1));
+	}
+}

Zotlabs/Module/Dircensor.php

@@ -4,6 +4,7 @@ namespace Zotlabs\Module;
 
 use App;
 use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Libzotdir;
 
 
 class Dircensor extends Controller {
@@ -15,11 +16,12 @@ class Dircensor extends Controller {
 
 		$dirmode = intval(get_config('system','directory_mode'));
 
-		if (! ($dirmode == DIRECTORY_MODE_PRIMARY || $dirmode == DIRECTORY_MODE_STANDALONE)) {
+		if(!in_array($dirmode, [DIRECTORY_MODE_PRIMARY, DIRECTORY_MODE_SECONDARY, DIRECTORY_MODE_STANDALONE])) {
 			return;
 		}
 
 		$xchan = argv(1);
+
 		if(! $xchan) {
 			return;
 		}
@@ -32,19 +34,43 @@ class Dircensor extends Controller {
 			return;
 		}
 
-		$val = (($r[0]['xchan_censored']) ? 0 : 1);
+		$severity = intval($_REQUEST['severity'] ?? 0);
+		$flag = DIRECTORY_FLAG_OK;
 
-		q("update xchan set xchan_censored = $val where xchan_hash = '%s'",
+		if ($severity === 1) {
+			$flag = DIRECTORY_FLAG_UNSAFE;
+		}
+
+		if ($severity === 2) {
+			$flag = DIRECTORY_FLAG_HIDDEN;
+		}
+
+		Libzotdir::update($xchan, $r[0]['xchan_url'], true, $flag);
+
+		q("UPDATE xchan SET xchan_censored = %d WHERE xchan_hash = '%s'",
+			intval($flag),
 			dbesc($xchan)
 		);
 
-		if($val) {
+		q("UPDATE xtag SET xtag_flags = %d WHERE xtag_hash = '%s'",
+			intval($flag),
+			dbesc($xchan)
+		);
+
+		if($flag) {
 			info( t('Entry censored') . EOL);
 		}
 		else {
-			info( t('Entry uncensored') . EOL);
+			info( t('Entry OK') . EOL);
 		}
-		
+
+		if (isset($_REQUEST['aj'])) {
+			json_return_and_die([
+				'success' => 1,
+				'flag' => $flag
+			]);
+		}
+
 		goaway(z_root() . '/directory');
 
 	}

Zotlabs/Module/Directory.php

@@ -151,7 +151,7 @@ class Directory extends Controller {
 
 		$url = '';
 
-		if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
+		if(in_array($dirmode, [DIRECTORY_MODE_PRIMARY, DIRECTORY_MODE_SECONDARY, DIRECTORY_MODE_STANDALONE])) {
 			$url = z_root() . '/dirsearch';
 			if (is_site_admin()) {
 				$directory_admin = true;
@@ -191,7 +191,10 @@ class Directory extends Controller {
 			if(get_config('system','disable_directory_keywords'))
 				$kw = 0;
 
-			$query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : '');
+			if (intval($safe_mode) === 0 && $directory_admin)
+				$safe_mode = -1;
+
+			$query = $url . '?f=&kw=' . $kw . (($safe_mode < 1) ? '&safe=' . $safe_mode : '');
 
 			if($token)
 				$query .= '&t=' . $token;
@@ -296,10 +299,11 @@ class Directory extends Controller {
 							$hometown = ((x($profile,'hometown') == 1) ? html2plain($profile['hometown'])  : False);
 
 							$about = ((x($profile,'about') == 1) ? zidify_links(bbcode($profile['about'], ['tryoembed' => false])) : False);
-							if ($about && $safe_mode) {
-								$about = html2plain($about);
+							if ($about && $safe_mode > 0) {
+								$about = strip_tags($about, '<br>');
 							}
 
+
 							$keywords = ((x($profile,'keywords')) ? $profile['keywords'] : '');
 
 
@@ -351,11 +355,15 @@ class Directory extends Controller {
 								'gender'   => $gender,
 								'pdesc'	=> $pdesc,
 								'pdesc_label' => t('Description:'),
-								'censor' => (($directory_admin) ? 'dircensor/' . $rr['hash'] : ''),
-								'censor_label' => (($rr['censored']) ? t('Uncensor') : t('Censor')),
+								'censor' => (($directory_admin) ? 'dircensor/' . $rr['hash'] . '?severity=' . ((intval($rr['censored']) > 0) ? 0 : 1) : ''),
+								'censor_label' => t('Unsafe'),
+								'censor_class' => ((intval($rr['censored']) === 1) ? 'active' : ''),
+								'censor_2' => (($directory_admin) ? 'dircensor/' . $rr['hash'] . '?severity=' . ((intval($rr['censored']) > 1) ? 0 : 2) : ''),
+								'censor_2_label' => t('Spam'),
+								'censor_2_class' => ((intval($rr['censored']) > 1) ? 'active' : ''),
 								'marital'  => $marital,
 								'homepage' => $homepage,
-								'homepageurl' => (($safe_mode) ? $homepageurl : linkify($homepageurl)),
+								'homepageurl' => (($safe_mode  > 0) ? $homepageurl : linkify($homepageurl)),
 								'hometown' => $hometown,
 								'hometown_label' => t('Hometown:'),
 								'about' => $about,
@@ -436,7 +444,8 @@ class Directory extends Controller {
 								'$reverse' => t('Reverse Alphabetic'),
 								'$date' => t('Newest to Oldest'),
 								'$reversedate' => t('Oldest to Newest'),
-								'$suggest' => $suggest ? '&suggest=1' : ''
+								'$suggest' => $suggest ? '&suggest=1' : '',
+								'$directory_admin' => $directory_admin
 							));
 
 

Zotlabs/Module/Dirsearch.php

@@ -15,8 +15,7 @@ class Dirsearch extends Controller {
 
 		$ret = array('success' => false);
 
-	//	logger('request: ' . print_r($_REQUEST,true));
-
+		// logger('request: ' . print_r($_REQUEST,true));
 
 		$dirmode = intval(get_config('system','directory_mode'));
 
@@ -25,7 +24,6 @@ class Dirsearch extends Controller {
 			json_return_and_die($ret);
 		}
 
-
 		$access_token = $_REQUEST['t'] ?? '';
 
 		$token = get_config('system','realm_token');
@@ -41,7 +39,8 @@ class Dirsearch extends Controller {
 		}
 
 		$sql_extra = '';
-
+		$keywords_query = '';
+		$hub_query = '';
 
 		$tables = array('name','address','locale','region','postcode','country','gender','marital','sexual','keywords');
 
@@ -85,9 +84,7 @@ class Dirsearch extends Controller {
 
 
 		// by default use a safe search
-		$safe     = ((x($_REQUEST,'safe')));    // ? intval($_REQUEST['safe'])  : 1 );
-		if ($safe === false)
-				$safe = 1;
+		$safe = $_REQUEST['safe'] ?? 1;
 
 		if(array_key_exists('sync',$_REQUEST)) {
 			if($_REQUEST['sync'])
@@ -102,10 +99,10 @@ class Dirsearch extends Controller {
 			$hub = \App::get_hostname();
 		}
 
-		if($hub)
-			$hub_query = " and xchan_hash in (select hubloc_hash from hubloc where hubloc_host =  '" . protect_sprintf(dbesc($hub)) . "') ";
-		else
-			$hub_query = '';
+		if($hub) {
+			$hub_query = " and xchan_hash in (select hubloc_hash from hubloc where hubloc_deleted = 0 and hubloc_host =  '" . protect_sprintf(dbesc($hub)) . "') ";
+		}
+
 
 		$sort_order  = ((x($_REQUEST,'order')) ? $_REQUEST['order'] : '');
 
@@ -131,9 +128,16 @@ class Dirsearch extends Controller {
 			$sql_extra .= $this->dir_query_build($joiner,'xprof_marital',$marital);
 		if($sexual)
 			$sql_extra .= $this->dir_query_build($joiner,'xprof_sexual',$sexual);
-		if($keywords)
+		if($keywords && $name) {
+			// this is a general search
 			$sql_extra .= $this->dir_query_build($joiner,'xprof_keywords',$keywords);
-
+		}
+		if($keywords && !$name) {
+			// this is a search for keywords only
+			$keywords_arr = explode(',', $keywords);
+			stringify_array_elms($keywords_arr, true);
+			$keywords_query = " AND xchan_hash IN (SELECT xtag_hash FROM xtag WHERE xtag_term IN (" . protect_sprintf(implode(',', $keywords_arr)) . ")) ";
+		}
 
 		// we only support an age range currently. You must set both agege
 		// (greater than or equal) and agele (less than or equal)
@@ -177,9 +181,15 @@ class Dirsearch extends Controller {
 			$sql_extra .= " and xchan_addr like '%%" . \App::get_hostname() . "' ";
 		}
 
-		$safesql = (($safe > 0) ? " and xchan_censored = 0 and xchan_selfcensored = 0 " : '');
+		$safesql = '';
+		if($safe > 0)
+			$safesql = " and xchan_censored = 0 and xchan_selfcensored = 0 ";
+
+		if($safe < 1)
+			$safesql = " and xchan_censored < 2 and xchan_selfcensored < 2 ";
+
 		if($safe < 0)
-			$safesql = " and ( xchan_censored = 1 OR xchan_selfcensored = 1 ) ";
+			$safesql = " and xchan_censored < 3 and xchan_selfcensored < 2 ";
 
 		if($forums)
 			$safesql .= " and xchan_pubforum = " . ((intval($forums)) ? '1 ' : '0 ');
@@ -215,26 +225,25 @@ class Dirsearch extends Controller {
 
 		if($sync) {
 			$spkt = array('transactions' => array());
-			$r = q("select * from updates where ud_date >= '%s' and ud_guid != '' and ud_addr != '' order by ud_date desc",
+
+			$r = q("SELECT * FROM updates WHERE ud_update = 0 AND ud_last = '%s' AND ud_date >= '%s' ORDER BY ud_date DESC",
+				dbesc(NULL_DATE),
 				dbesc($sync)
 			);
+
 			if($r) {
 				foreach($r as $rr) {
-					$flags = array();
-					if($rr['ud_flags'] & UPDATE_FLAGS_DELETED)
-						$flags[] = 'deleted';
-					if($rr['ud_flags'] & UPDATE_FLAGS_FORCED)
-						$flags[] = 'forced';
-
-					$spkt['transactions'][] = array(
+					$spkt['transactions'][] = [
 						'hash' => $rr['ud_hash'],
 						'address' => $rr['ud_addr'],
-						'transaction_id' => $rr['ud_guid'],
+						'host' => $rr['ud_host'],
+						'transaction_id' => $rr['ud_host'], // deprecated 2023-04-12 - can be removed after dir servers at version >= 8.4
 						'timestamp' => $rr['ud_date'],
-						'flags' => $flags
-					);
+						'flags' => $rr['ud_flags']
+					];
 				}
 			}
+
 			json_return_and_die($spkt);
 		}
 		else {
@@ -263,8 +272,8 @@ class Dirsearch extends Controller {
 				xprof.xprof_homepage as homepage,
 				xprof.xprof_hometown as hometown,
 				xprof.xprof_keywords as keywords
-				from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on hubloc_hash = xchan_hash
-				where hubloc_primary = 1 and hubloc_updated > %s - INTERVAL %s and ( $logic $sql_extra ) $hub_query and xchan_network = 'zot6' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0
+				from xchan left join xprof on xchan_hash = xprof_hash left join hubloc on (hubloc_id_url = xchan_url and hubloc_hash = xchan_hash)
+				where hubloc_primary = 1 and hubloc_updated > %s - INTERVAL %s and ( $logic $sql_extra ) $hub_query $keywords_query and xchan_network = 'zot6' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 and hubloc_deleted = 0
 				$safesql $order $qlimit",
 				db_utcnow(),
 				db_quoteinterval('30 DAY')

Zotlabs/Module/File_upload.php

@@ -35,7 +35,7 @@ class File_upload extends \Zotlabs\Web\Controller {
 		$_REQUEST['deny_cid']  = ((isset($_REQUEST['contact_deny'])) ? perms2str($_REQUEST['contact_deny']) : '');
 		$_REQUEST['deny_gid']  = ((isset($_REQUEST['group_deny'])) ? perms2str($_REQUEST['group_deny']) : '');
 
-		if(isset($_REQUEST['filename']) && $_REQUEST['filename']) {
+		if(isset($_REQUEST['filename']) && strlen($_REQUEST['filename'])) {
 			$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
 			if($r['success']) {
 				$hash = $r['data']['hash'];

Zotlabs/Module/Hq.php

@@ -17,8 +17,6 @@ class Hq extends \Zotlabs\Web\Controller {
 	function init() {
 		if(! local_channel())
 			return;
-
-		App::$profile_uid = local_channel();
 	}
 
 	function get($update = 0, $load = false) {
@@ -27,6 +25,8 @@ class Hq extends \Zotlabs\Web\Controller {
 			return;
 		}
 
+		App::$profile_uid = local_channel();
+
 		$item_hash = '';
 
 		if(argc() > 1 && argv(1) !== 'load') {
@@ -51,18 +51,20 @@ class Hq extends \Zotlabs\Web\Controller {
 		$o = '';
 
 		if($item_hash) {
+			// select the target item with a bias to our own item
+			$sql_order = ((local_channel() > $sys['channel_id']) ? 'DESC' : 'ASC');
 
-			$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid = '%s' limit 1",
+			$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where uid in (%d, %d) and mid = '%s' order by uid $sql_order limit 2",
+				intval(local_channel()),
+				intval($sys['channel_id']),
 				dbesc($item_hash)
 			);
 
 			if($r) {
 				$target_item = $r[0];
-			}
-
-			//if the item is to be moderated redirect to /moderate
-			if($target_item['item_blocked'] == ITEM_MODERATED) {
-				goaway(z_root() . '/moderate/' . $target_item['id']);
+				if (intval($target_item['uid']) === intval($sys['channel_id'])) {
+					$sys_item = true;
+				}
 			}
 
 			$simple_update = '';
@@ -158,19 +160,18 @@ class Hq extends \Zotlabs\Web\Controller {
 		}
 
 		if($load && $target_item) {
-			$r = null;
 
-			$r = q("SELECT item.id AS item_id FROM item
-				WHERE uid = %d
-				AND mid = '%s'
-				$item_normal
-				LIMIT 1",
-				intval(local_channel()),
-				dbesc($target_item['parent_mid'])
-			);
-
-			if(!$r) {
-				$sys_item = true;
+			if (!$sys_item) {
+				$r = q("SELECT item.id AS item_id FROM item
+					WHERE uid = %d
+					AND mid = '%s'
+					$item_normal
+					LIMIT 1",
+					intval(local_channel()),
+					dbesc($target_item['parent_mid'])
+				);
+			}
+			else {
 				$sql_extra = item_permissions_sql($sys['channel_id']);
 
 				$r = q("SELECT item.id AS item_id FROM item
@@ -184,20 +185,18 @@ class Hq extends \Zotlabs\Web\Controller {
 			}
 		}
 		elseif($update && $target_item) {
-			$r = null;
-
-			$r = q("SELECT item.parent AS item_id FROM item
-				WHERE uid = %d
-				AND parent_mid = '%s'
-				$item_normal_update
-				$simple_update
-				LIMIT 1",
-				intval(local_channel()),
-				dbesc($target_item['parent_mid'])
-			);
-
-			if(!$r) {
-				$sys_item = true;
+			if (!$sys_item) {
+				$r = q("SELECT item.parent AS item_id FROM item
+					WHERE uid = %d
+					AND parent_mid = '%s'
+					$item_normal_update
+					$simple_update
+					LIMIT 1",
+					intval(local_channel()),
+					dbesc($target_item['parent_mid'])
+				);
+			}
+			else {
 				$sql_extra = item_permissions_sql($sys['channel_id']);
 
 				$r = q("SELECT item.parent AS item_id FROM item
@@ -245,6 +244,7 @@ class Hq extends \Zotlabs\Web\Controller {
 
 		$options['offset'] = $_REQUEST['offset'] ?? 0;
 		$options['type'] = $_REQUEST['type'] ?? '';
+		$options['author'] = ((isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : '');
 
 		$ret = Messages::get_messages_page($options);
 

Zotlabs/Module/Item.php

@@ -63,8 +63,8 @@ class Item extends Controller {
 
 			// do we have the item (at all)?
 
-			$r = q("select * from item where mid = '%s' $item_normal limit 1",
-				dbesc(z_root() . '/item/' . $item_id)
+			$r = q("select parent_mid from item where uuid = '%s' $item_normal limit 1",
+				dbesc($item_id)
 			);
 
 			if (!$r) {
@@ -84,7 +84,7 @@ class Item extends Controller {
 				}
 				observer_auth($portable_id);
 
-				$i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1",
+				$i = q("select id as item_id, uid from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1",
 					dbesc($r[0]['parent_mid']),
 					dbesc($portable_id)
 				);
@@ -99,7 +99,7 @@ class Item extends Controller {
 			$sql_extra = item_permissions_sql(0);
 
 			if (!$i) {
-				$i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
+				$i = q("select id as item_id, uid from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
 					dbesc($r[0]['parent_mid'])
 				);
 			}
@@ -108,57 +108,53 @@ class Item extends Controller {
 				http_status_exit(403, 'Forbidden');
 			}
 
+			$chan = channelx_by_n($i[0]['uid']);
+
+			if (!$chan) {
+				http_status_exit(404, 'Not found');
+			}
+
+			if (!perm_is_allowed($chan['channel_id'], get_observer_hash(), 'view_stream')) {
+				http_status_exit(403, 'Forbidden');
+			}
+
 			$parents_str = ids_to_querystr($i, 'item_id');
 
-			$items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal order by item.id asc",
-				dbesc($parents_str)
+			$total = q("SELECT count(*) AS count FROM item WHERE parent = %d $item_normal",
+				intval($parents_str)
 			);
 
-			if (!$items) {
-				http_status_exit(404, 'Not found');
+			App::set_pager_total($total[0]['count']);
+			App::set_pager_itemspage(30);
+
+			if (App::$pager['total'] > App::$pager['itemspage']) {
+				// let mod conversation handle this request
+				App::$query_string = str_replace('item', 'conversation', App::$query_string);
+				$i = Activity::paged_collection_init(App::$pager['total'], App::$query_string);
+				as_return_and_die($i ,$chan);
 			}
+			else {
+				$items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent = %d $item_normal ORDER BY item.id",
+					intval($parents_str)
+				);
 
-			xchan_query($items, true);
-			$items = fetch_post_tags($items, true);
+				xchan_query($items, true);
+				$items = fetch_post_tags($items, true);
 
-			if (!$items)
-				http_status_exit(404, 'Not found');
-
-			$chan = channelx_by_n($items[0]['uid']);
-
-			if (!$chan)
-				http_status_exit(404, 'Not found');
-
-			if (!perm_is_allowed($chan['channel_id'], get_observer_hash(), 'view_stream'))
-				http_status_exit(403, 'Forbidden');
-
-
-			$i = Activity::encode_item_collection($items, 'conversation/' . $item_id, 'OrderedCollection');
-
-			if (!$i)
-				http_status_exit(404, 'Not found');
+				$i = Activity::encode_item_collection($items, App::$query_string, 'OrderedCollection', App::$pager['total']);
+			}
 
 			if ($portable_id && (!intval($items[0]['item_private']))) {
-				ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
+				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
+					intval($items[0]['uid']),
+					dbesc($portable_id)
+				);
+				if (!$c) {
+					ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
+				}
 			}
 
-			$x = array_merge(['@context' => [
-				ACTIVITYSTREAMS_JSONLD_REV,
-				'https://w3id.org/security/v1',
-				z_root() . ZOT_APSCHEMA_REV
-			]], $i);
-
-			$headers                     = [];
-			$headers['Content-Type']     = 'application/x-zot+json';
-			$x['signature']              = LDSignatures::sign($x, $chan);
-			$ret                         = json_encode($x, JSON_UNESCAPED_SLASHES);
-			$headers['Digest']           = HTTPSig::generate_digest_header($ret);
-			$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
-			$h                           = HTTPSig::create_sig($headers, $chan['channel_prvkey'], channel_url($chan));
-			HTTPSig::set_headers($h);
-			echo $ret;
-			killme();
-
+			as_return_and_die($i ,$chan);
 		}
 
 		if (ActivityStreams::is_as_request()) {
@@ -181,8 +177,7 @@ class Item extends Controller {
 			// do we have the item (at all)?
 			// add preferential bias to item owners (item_wall = 1)
 
-			$r = q("select * from item where mid = '%s' or uuid = '%s' $item_normal order by item_wall desc limit 1",
-				dbesc(z_root() . '/item/' . $item_id),
+			$r = q("select * from item where uuid = '%s' $item_normal order by item_wall desc limit 1",
 				dbesc($item_id)
 			);
 
@@ -223,6 +218,22 @@ class Item extends Controller {
 				);
 			}
 
+			$bear = Activity::token_from_request();
+			if ($bear) {
+				logger('bear: ' . $bear, LOGGER_DEBUG);
+				if (!$i) {
+					$t = q("select * from iconfig where cat = 'ocap' and k = 'relay' and v = '%s'",
+						dbesc($bear)
+					);
+					if ($t) {
+						$i = q("select id as item_id from item where uuid = '%s' and id = %d $item_normal limit 1",
+							dbesc($item_id),
+							intval($t[0]['iid'])
+						);
+					}
+				}
+			}
+
 			if (!$i) {
 				http_status_exit(403, 'Forbidden');
 			}
@@ -255,23 +266,7 @@ class Item extends Controller {
 				}
 			}
 
-			$x = array_merge(['@context' => [
-				ACTIVITYSTREAMS_JSONLD_REV,
-				'https://w3id.org/security/v1',
-				z_root() . ZOT_APSCHEMA_REV
-			]], $i);
-
-			$headers                     = [];
-			$headers['Content-Type']     = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"';
-			$x['signature']              = LDSignatures::sign($x, $chan);
-			$ret                         = json_encode($x, JSON_UNESCAPED_SLASHES);
-			$headers['Date']             = datetime_convert('UTC', 'UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T');
-			$headers['Digest']           = HTTPSig::generate_digest_header($ret);
-			$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
-			$h                           = HTTPSig::create_sig($headers, $chan['channel_prvkey'], channel_url($chan));
-			HTTPSig::set_headers($h);
-			echo $ret;
-			killme();
+			as_return_and_die($i ,$chan);
 
 		}
 
@@ -307,7 +302,9 @@ class Item extends Controller {
 		if ((!local_channel()) && (!remote_channel()) && (!x($_REQUEST, 'anonname')))
 			return;
 
-		$uid      = local_channel();
+		$uid = local_channel();
+		$token = '';
+
 		$channel  = null;
 		$observer = null;
 		$datarray = [];
@@ -818,7 +815,7 @@ class Item extends Controller {
 
 		$is_group = get_pconfig($profile_uid, 'system', 'group_actor');
 
-		if (($is_group) && ($walltowall) && (!$walltowall_comment)) {
+		if ($is_group && $walltowall && !$walltowall_comment && !$webpage) {
 			$groupww           = true;
 			$str_contact_allow = $owner_xchan['xchan_hash'];
 			$str_group_allow   = '';
@@ -830,7 +827,6 @@ class Item extends Controller {
 
 			require_once('include/text.php');
 
-
 			// BBCODE alert: the following functions assume bbcode input
 			// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)
 			// we may need virtual or template classes to implement the possible alternatives
@@ -866,6 +862,21 @@ class Item extends Controller {
 				$private = 2;
 			}
 
+			if ($private && get_pconfig($profile_uid, 'system', 'ocap_enabled')) {
+				// for edited posts, re-use any existing OCAP token (if found).
+				// Otherwise generate a new one.
+
+				if ($iconfig) {
+					foreach ($iconfig as $cfg) {
+						if ($cfg['cat'] === 'ocap' && $cfg['k'] === 'relay') {
+							$token = $cfg['v'];
+						}
+					}
+				}
+				if (!$token) {
+					$token = new_token();
+				}
+			}
 
 			/**
 			 *
@@ -887,9 +898,9 @@ class Item extends Controller {
 			 */
 
 			if (!$preview) {
-				fix_attached_photo_permissions($profile_uid, $owner_xchan['xchan_hash'], ((strpos($body, '[/crypt]')) ? $_POST['media_str'] : $body), $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
-				fix_attached_photo_permissions($profile_uid, $owner_xchan['xchan_hash'], ((strpos($summary, '[/crypt]')) ? $_POST['media_str'] : $summary), $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
-				fix_attached_file_permissions($channel, $observer['xchan_hash'], ((strpos($body, '[/crypt]')) ? $_POST['media_str'] : $body), $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
+				fix_attached_permissions($profile_uid, ((strpos($body, '[/crypt]')) ? $_POST['media_str'] : $body), $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $token);
+				//fix_attached_photo_permissions($profile_uid, $owner_xchan['xchan_hash'], ((strpos($body, '[/crypt]')) ? $_POST['media_str'] : $body), $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $token);
+				//fix_attached_file_permissions($channel, $observer['xchan_hash'], ((strpos($body, '[/crypt]')) ? $_POST['media_str'] : $body), $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $token);
 			}
 
 			$attachments = '';
@@ -972,14 +983,12 @@ class Item extends Controller {
 			}
 		}
 
-
 		$item_unseen    = ((local_channel() != $profile_uid) ? 1 : 0);
 		$item_wall      = ((isset($_REQUEST['type']) && ($_REQUEST['type'] === 'wall' || $_REQUEST['type'] === 'wall-comment')) ? 1 : 0);
 		$item_origin    = (($origin) ? 1 : 0);
 		$item_consensus = (($consensus) ? 1 : 0);
 		$item_nocomment = (($nocomment) ? 1 : 0);
 
-
 		// determine if this is a wall post
 
 		if ($parent) {
@@ -1128,8 +1137,13 @@ class Item extends Controller {
 		if (!empty_acl($datarray))
 			$datarray['public_policy'] = '';
 
-		if ($iconfig)
+		if ($iconfig) {
 			$datarray['iconfig'] = $iconfig;
+		}
+
+		if ($token) {
+			IConfig::set($datarray, 'ocap', 'relay', $token);
+		}
 
 		// preview mode - prepare the body for display and send it via json
 
@@ -1194,12 +1208,15 @@ class Item extends Controller {
 				(($remote_id) ? $remote_id : basename($datarray['mid'])), true);
 		}
 
-
 		if ($orig_post) {
 			$datarray['id'] = $post_id;
 
 			$x = item_store_update($datarray, $execflag);
 
+			if ($x['success']) {
+				$this->add_listeners($datarray);
+			}
+
 			// We only need edit activities for other federated protocols
 			// which do not support edits natively. While this does federate
 			// edits, it presents a number of issues locally - such as #757 and #758.
@@ -1238,6 +1255,10 @@ class Item extends Controller {
 
 		$post = item_store($datarray, $execflag);
 
+		if ($post['success']) {
+			$this->add_listeners($datarray);
+		}
+
 		$post_id = $post['item_id'];
 
 		$datarray = $post['item'];
@@ -1603,4 +1624,33 @@ class Item extends Controller {
 	}
 
 
+	function add_listeners($item) {
+		// ONLY public items!
+		if ($item['item_thread_top'] && !$item['item_private'] && !empty($item['term'])) {
+			foreach($item['term'] as $t) {
+				if (empty($t['url']) || $t['ttype'] != TERM_MENTION || $t['otype'] != TERM_OBJ_POST) {
+					continue;
+				}
+
+				$listener = q("select hubloc_hash, hubloc_network from hubloc where hubloc_id_url = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
+					dbesc($t['url'])
+				);
+
+				if ($listener) {
+					$listener = Libzot::zot_record_preferred($listener);
+
+					$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
+						intval($profile_uid),
+						dbesc($listener['hubloc_hash'])
+					);
+
+					if (!$c) {
+						ThreadListener::store($item['mid'], $listener['hubloc_hash']);
+					}
+				}
+			}
+		}
+	}
+
+
 }

Zotlabs/Module/Like.php

@@ -407,12 +407,20 @@ class Like extends Controller {
 					if (activity_match($rr['verb'], $activity))
 						$multi_undo = false;
 
+					$d = q("select * from item where id = %d",
+						intval($rr['id'])
+					);
+					if ($d) {
+						xchan_query($d);
+						$sync_item = fetch_post_tags($d);
+						Libsync::build_sync_packet($profile_uid, ['item' => [encode_item($sync_item[0], true)]]);
+					}
+
 					// drop_item was not done interactively, so we need to invoke the notifier
 					// in order to push the changes to connections
 
 					Master::Summon(array('Notifier', 'drop', $rr['id']));
 
-
 				}
 
 				if ($interactive)
@@ -443,7 +451,7 @@ class Like extends Controller {
 		}
 		else {
 			$post_type = (($item['resource_type'] === 'photo') ? t('photo') : t('status'));
-			if ($item['obj_type'] === ACTIVITY_OBJ_EVENT)
+			if (in_array($item['obj_type'], ['Event', ACTIVITY_OBJ_EVENT]))
 				$post_type = t('event');
 
 			$obj_type = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE);
@@ -499,7 +507,7 @@ class Like extends Controller {
 			$private = (($public) ? 0 : 1);
 		}
 		else {
-			$arr['parent']     = $item['id'];
+			$arr['parent']     = $item['parent'];
 			$arr['thr_parent'] = $item['mid'];
 			$ulink             = '[zrl=' . $item_author['xchan_url'] . '][bdi]' . $item_author['xchan_name'] . '[/bdi][/zrl]';
 			$alink             = '[zrl=' . $observer['xchan_url'] . '][bdi]' . $observer['xchan_name'] . '[/bdi][/zrl]';
@@ -516,7 +524,7 @@ class Like extends Controller {
 		$arr['uid']          = $owner_uid;
 		$arr['item_flags']   = $item['item_flags'];
 		$arr['item_wall']    = $item['item_wall'];
-		$arr['parent_mid']   = (($extended_like) ? $arr['mid'] : $item['mid']);
+		$arr['parent_mid']   = (($extended_like) ? $arr['mid'] : $item['parent_mid']);
 		$arr['owner_xchan']  = (($extended_like) ? $ch[0]['xchan_hash'] : $thread_owner['xchan_hash']);
 		$arr['author_xchan'] = $observer['xchan_hash'];
 		$arr['body']         = sprintf($bodyverb, $alink, $ulink, $plink);
@@ -546,6 +554,7 @@ class Like extends Controller {
 		$arr['deny_cid']     = $deny_cid;
 		$arr['deny_gid']     = $deny_gid;
 		$arr['item_private'] = $private;
+		$arr['created']      = datetime_convert();
 
 		call_hooks('post_local', $arr);
 
@@ -561,6 +570,15 @@ class Like extends Controller {
 
 		call_hooks('post_local_end', $arr);
 
+		$r = q("select * from item where id = %d",
+			intval($post_id)
+		);
+		if ($r) {
+			xchan_query($r);
+			$sync_item = fetch_post_tags($r);
+			Libsync::build_sync_packet($profile_uid, ['item' => [encode_item($sync_item[0], true)]]);
+		}
+
 		if ($extended_like) {
 			$r = q("insert into likes (channel_id,liker,likee,iid,i_mid,verb,target_type,target_id,target) values (%d,'%s','%s',%d,'%s','%s','%s','%s','%s')",
 				intval($ch[0]['channel_id']),

Zotlabs/Module/Lockview.php

@@ -15,6 +15,7 @@ class Lockview extends Controller {
 		$atoken_xchans     = [];
 		$access_list       = [];
 		$guest_access_list = [];
+		$ocap_access_list  = [];
 
 		if (local_channel()) {
 			$at = q("select * from atoken where atoken_uid = %d",
@@ -166,6 +167,24 @@ class Lockview extends Controller {
 					}
 				}
 			}
+			$ocap_tokens = [];
+			foreach ($allowed_users as $allowed_user) {
+				$allowed_user = trim($allowed_user, '\'');
+				if (str_starts_with($allowed_user, 'token:')) {
+					$ocap_tokens[] = str_replace('token:', '', $allowed_user);
+				}
+			}
+
+			if ($ocap_tokens) {
+				stringify_array_elms($ocap_tokens, true);
+				$ocap_mids = dbq("select id, mid from item where id in (select iid from iconfig where cat = 'ocap' and k = 'relay' and v in (" . implode(', ', $ocap_tokens) . "))");
+
+				foreach ($ocap_mids as $ocap) {
+					$ocap_access_list[] = '<a href="' . $ocap['mid'] . '" class="dropdown-item-text" target="_blank">' . t('Item') . ' ' . $ocap['id'] . '</a>';
+				}
+
+			}
+
 		}
 
 		$profile_groups = [];
@@ -205,9 +224,6 @@ class Lockview extends Controller {
 		}
 
 		if ($atokens && $allowed_xchans && $url) {
-
-			$guest_access_list = [];
-
 			$allowed_xchans = array_unique($allowed_xchans);
 			foreach ($atokens as $atoken) {
 				if (in_array($atoken['xchan_hash'], $allowed_xchans)) {
@@ -216,22 +232,25 @@ class Lockview extends Controller {
 			}
 		}
 
-		$access_list_header = '';
+		$access_list_header = '<div class="dropdown-header text-uppercase h6">' . t('Access') . '</div>';
+		$guest_access_list_header = '<div class="dropdown-header text-uppercase h6">' . t('Guest access') . '</div>';
+		$ocap_access_list_header = '<div class="dropdown-header text-uppercase h6">' . t('OCAP access') . '</div>';
+		$divider = '<div class="dropdown-divider"></div>';
+		$str = '';
+
 		if ($access_list) {
-			$access_list_header = '<div class="dropdown-header text-uppercase h6">' . t('Access') . '</div>';
+			$str .= $access_list_header . implode($access_list);
 		}
 
-		$guest_access_list_header = '';
 		if ($guest_access_list) {
-			$guest_access_list_header = '<div class="dropdown-header text-uppercase h6">' . t('Guest access') . '</div>';
+			$str .= $divider . $guest_access_list_header . implode($guest_access_list);
 		}
 
-		$divider = '';
-		if ($access_list && $guest_access_list) {
-				$divider = '<div class="dropdown-divider"></div>';
+		if ($ocap_access_list) {
+			$str .= $divider . $ocap_access_list_header . implode($ocap_access_list);
 		}
 
-		echo $access_list_header . implode($access_list) . $divider . $guest_access_list_header . implode($guest_access_list);
+		echo $str;
 		killme();
 
 	}

Zotlabs/Module/Magic.php

@@ -16,7 +16,7 @@ class Magic extends Controller {
 			'url'     => '',
 			'message' => ''
 		];
-	
+
 		logger('mod_magic: invoked', LOGGER_DEBUG);
 
 		logger('args: ' . print_r($_REQUEST,true),LOGGER_DATA);
@@ -43,12 +43,12 @@ class Magic extends Controller {
 		$basepath = $parsed['scheme'] . '://' . $parsed['host'] . (isset($parsed['port']) ? ':' . $parsed['port'] : '');
 		$owapath = SConfig::get($basepath,'system','openwebauth', $basepath . '/owa');
 
-		// This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. 
+		// This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating.
 		// By default, we'll proceed without asking.
 
 		$arr = [
 			'channel_id'  => local_channel(),
-			'destination' => $dest, 
+			'destination' => $dest,
 			'proceed'     => true
 		];
 
@@ -105,13 +105,13 @@ class Magic extends Controller {
 				$headers['Accept'] = 'application/x-zot+json' ;
 				$headers['Content-Type'] = 'application/x-zot+json' ;
 				$headers['X-Open-Web-Auth'] = random_string();
-				$headers['Digest'] = HTTPSig::generate_digest_header($data);
 				$headers['Host'] = $parsed['host'];
-				$headers['(request-target)'] = 'post ' . '/owa';
+				$headers['(request-target)'] = 'get ' . '/owa';
 
 				$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512');
 				$redirects = 0;
-				$x = z_post_url($owapath,$data,$redirects,[ 'headers' => $headers ]);
+				$x = z_fetch_url($owapath, false, $redirects, ['headers' => $headers]);
+
 				logger('owa fetch returned: ' . print_r($x,true),LOGGER_DATA);
 				if ($x['success']) {
 					$j = json_decode($x['body'],true);

Zotlabs/Module/Manifest.php

@@ -23,7 +23,7 @@ class Manifest extends Controller {
 				[ 'src' => '/images/app/hz-144.png', 'sizes' => '144x144', 'type' => 'image/png' ],
 				[ 'src' => '/images/app/hz-152.png', 'sizes' => '152x152', 'type' => 'image/png' ],
 				[ 'src' => '/images/app/hz-192.png', 'sizes' => '192x192', 'type' => 'image/png', 'purpose' => 'any maskable' ],
-				[ 'src' => '/images/app/hz-348.png', 'sizes' => '384x384', 'type' => 'image/png' ],
+				[ 'src' => '/images/app/hz-384.png', 'sizes' => '384x384', 'type' => 'image/png' ],
 				[ 'src' => '/images/app/hz-512.png', 'sizes' => '512x512', 'type' => 'image/png' ],
 				[ 'src' => '/images/app/hz.svg', 'sizes' => '64x64', 'type' => 'image/xml+svg' ]
 			],

Zotlabs/Module/Moderate.php

@@ -17,7 +17,7 @@ class Moderate extends \Zotlabs\Web\Controller {
 		}
 
 		\App::set_pager_itemspage(30);
-		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));               
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
 
 		//show all items
 		if(argc() == 1) {
@@ -40,8 +40,13 @@ class Moderate extends \Zotlabs\Web\Controller {
 
 		if(argc() > 2) {
 			$post_id = intval(argv(1));
-			if(! $post_id)
+			if(! $post_id) {
+				if (is_ajax()) {
+					killme();
+				}
+
 				goaway(z_root() . '/moderate');
+			}
 
 			$action = argv(2);
 
@@ -61,18 +66,20 @@ class Moderate extends \Zotlabs\Web\Controller {
 					);
 
 					$item['item_blocked'] = 0;
-
 					item_update_parent_commented($item);
-
-					notice( t('Comment approved') . EOL);
+					notice( t('Item approved') . EOL);
 				}
 				elseif($action === 'drop') {
+					// TODO: not implemented
+					// let the sender know we received their comment but we don't permit spam here.
+					// Activity::send_rejection_activity(App::get_channel(), $item['author_xchan'], $item);
+
 					drop_item($post_id,false);
-					notice( t('Comment deleted') . EOL);
-				} 
+					notice( t('Item deleted') . EOL);
+				}
 
 				// refetch the item after changes have been made
-			
+
 				$r = q("select * from item where id = %d",
 					intval($post_id)
 				);
@@ -84,6 +91,11 @@ class Moderate extends \Zotlabs\Web\Controller {
 				if($action === 'approve') {
 					\Zotlabs\Daemon\Master::Summon(array('Notifier', 'comment-new', $post_id));
 				}
+
+				if (is_ajax()) {
+					killme();
+				}
+
 				goaway(z_root() . '/moderate');
 			}
 		}

Zotlabs/Module/Network.php

@@ -43,6 +43,8 @@ class Network extends \Zotlabs\Web\Controller {
 			return login(false);
 		}
 
+		App::$profile_uid = local_channel();
+
 		$o = '';
 
 		$arr = array('query' => App::$query_string);

Zotlabs/Module/Notes.php

@@ -39,7 +39,7 @@ class Notes extends Controller {
 			}
 			set_pconfig(local_channel(),'notes','text',$body);
 
-			$ret['html'] = bbcode($body);
+			$ret['html'] = bbcode($body, ['tryoembed' => false]);
 			$ret['success'] = true;
 
 		}

Zotlabs/Module/Oep.php

@@ -28,7 +28,6 @@ class Oep extends \Zotlabs\Web\Controller {
 		$format = $_REQUEST['format'] ?? '';
 		if($format && $format !== 'json')
 			http_status_exit(501, 'Not implemented');
-
 		if(fnmatch('*/photos/*/album/*',$url))
 			$arr = $this->oep_album_reply($_REQUEST);
 		elseif(fnmatch('*/photos/*/image/*',$url))
@@ -95,12 +94,12 @@ class Oep extends \Zotlabs\Web\Controller {
 
 		$c = channelx_by_n($p[0]['uid']);
 
-
 		if(! ($c && $res))
 			return;
 
-		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
+		if(! perm_is_allowed($c['channel_id'], get_observer_hash(), 'view_stream')) {
 			return;
+		}
 
 		$sql_extra = item_permissions_sql($c['channel_id']);
 
@@ -336,32 +335,51 @@ class Oep extends \Zotlabs\Web\Controller {
 		$maxwidth  = ((isset($args['maxwidth'])) ? $args['maxwidth']  : 0);
 		$maxheight = ((isset($args['maxheight'])) ? $args['maxheight']  : 0);
 
-		if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) {
-			$chn = $matches[3];
-			$res = $matches[5];
+		$parsed = parse_url($url);
+		if (empty($parsed['path'])) {
+			return;
 		}
 
-		if(! ($chn && $res))
+		$nick = basename($parsed['path']);
+		if (!$nick) {
 			return;
+		}
 
-		$c = q("select * from channel where channel_address = '%s' limit 1",
-			dbesc($chn)
+		if (empty($parsed['query'])) {
+			return;
+		}
+
+		parse_str($parsed['query'], $query);
+
+		if (empty($query['mid'])) {
+			return;
+		}
+
+		$mid = unpack_link_id($query['mid']);
+		if (!$mid) {
+			return;
+		}
+
+		$c = channelx_by_nick($nick);
+		if(! $c) {
+			return;
+		}
+
+		if(! perm_is_allowed($c['channel_id'], get_observer_hash(), 'view_stream')) {
+			return;
+		}
+
+		$sql_extra = item_permissions_sql($c['channel_id']);
+		$item_normal = item_normal();
+
+		$p = q("select * from item where mid = '%s' and uid = %d $sql_extra $item_normal limit 1",
+			dbesc($mid),
+			intval($c['channel_id'])
 		);
 
-		if(! $c)
-			return;
-
-		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
-			return;
-
-		$sql_extra = item_permissions_sql($c[0]['channel_id']);
-
-		$p = q("select * from item where mid = '%s' and uid = %d $sql_extra limit 1",
-	  		dbesc($res),
-			intval($c[0]['channel_id'])
-		);
-		if(! $p)
+		if(! $p) {
 			return;
+		}
 
 		xchan_query($p,true);
 		$p = fetch_post_tags($p,true);

Zotlabs/Module/Owa.php

@@ -32,20 +32,27 @@ class Owa extends Controller {
 				$keyId = $sigblock['keyId'];
 				if ($keyId) {
 					$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-						WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC",
+						WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s') AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC",
+						dbesc(str_replace('acct:', '', $keyId)),
 						dbesc($keyId)
 					);
 					if (! $r) {
 						$found = discover_by_webbie($keyId);
 						if ($found) {
 							$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-								WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC ",
+								WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s') AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC ",
+								dbesc(str_replace('acct:', '', $keyId)),
 								dbesc($keyId)
 							);
 						}
 					}
+
 					if ($r) {
 						foreach ($r as $hubloc) {
+							// fix friendica accept header for nginx
+							if (str_starts_with($keyId, 'acct:') && $_SERVER['HTTP_ACCEPT'] === 'application/x-zot+json')
+								$_SERVER['HTTP_ACCEPT'] = 'application/x-dfrn+json, application/x-zot+json';
+
 							$verified = HTTPSig::verify(file_get_contents('php://input'), $hubloc['xchan_pubkey']);
 							if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) {
 								logger('OWA header: ' . print_r($verified,true),LOGGER_DATA);
@@ -72,7 +79,8 @@ class Owa extends Controller {
 
 							if ($found) {
 								$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-									WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 ORDER BY hubloc_id DESC LIMIT 1",
+									WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s') AND hubloc_deleted = 0 ORDER BY hubloc_id DESC LIMIT 1",
+									dbesc(str_replace('acct:', '', $keyId)),
 									dbesc($keyId)
 								);
 

Zotlabs/Module/Photo.php

@@ -46,7 +46,7 @@ class Photo extends \Zotlabs\Web\Controller {
 				dbesc(argv(1))
 			);
 			if ($r) {
-				$allowed = attach_can_view($r[0]['uid'],$observer_xchan,argv(1)/*,$bear*/);
+				$allowed = attach_can_view($r[0]['uid'], $observer_xchan, argv(1), $bear);
 			}
 			if (! $allowed) {
 				http_status_exit(404,'Permission denied.');
@@ -154,6 +154,11 @@ class Photo extends \Zotlabs\Web\Controller {
 		}
 		else {
 
+			$bear = Activity::token_from_request();
+			if ($bear) {
+				logger('bear: ' . $bear, LOGGER_DEBUG);
+			}
+
 			/**
 			 * Other photos
 			 */
@@ -223,7 +228,7 @@ class Photo extends \Zotlabs\Web\Controller {
 				}
 
 				if($allowed === (-1))
-					$allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo);
+					$allowed = attach_can_view($r[0]['uid'], $observer_xchan, $photo, $bear);
 
 				$channel = channelx_by_n($r[0]['uid']);
 
@@ -262,16 +267,15 @@ class Photo extends \Zotlabs\Web\Controller {
 				http_status_exit(404,'not found');
 		}
 
- 		if(! $data)
- 			killme();
+		if(! $data)
+			killme();
 
- 		$etag = '"' . md5($data . $modified) . '"';
+		$etag = '"' . md5($data . $modified) . '"';
 
- 		if($modified == 0)
- 		    $modified = time();
+		if($modified == 0)
+		    $modified = time();
 
 		header_remove('Pragma');
-
 		if((isset($_SERVER['HTTP_IF_NONE_MATCH']) && $_SERVER['HTTP_IF_NONE_MATCH'] === $etag) || (!isset($_SERVER['HTTP_IF_NONE_MATCH']) && isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && $_SERVER['HTTP_IF_MODIFIED_SINCE'] === gmdate("D, d M Y H:i:s", $modified) . " GMT")) {
 			header_remove('Expires');
 			header_remove('Cache-Control');
@@ -307,6 +311,8 @@ class Photo extends \Zotlabs\Web\Controller {
 			// This has performance considerations but we highly recommend you
 			// leave it alone.
 
+
+
 			$maxage = $cache_mode['age'];
 
 			if($cache_mode['exp'] || (! isset($expires)) || (isset($expires) && $expires - 60 < time()))

Zotlabs/Module/Profiles.php

@@ -217,7 +217,6 @@ class Profiles extends \Zotlabs\Web\Controller {
 
 			check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
 
-
 			$is_default = (($orig[0]['is_default']) ? 1 : 0);
 
 			$profile_name = notags(trim($_POST['profile_name']));
@@ -579,12 +578,12 @@ class Profiles extends \Zotlabs\Web\Controller {
 			$channel = \App::get_channel();
 
 			if($namechanged && $is_default) {
-				// change name on all associated xchans by matching the url
-				q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_url = '%s'",
+				q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s'",
 					dbesc($name),
 					dbesc(datetime_convert()),
-					dbesc(z_root() . '/channel/' . $channel['channel_address'])
+					dbesc($channel['xchan_hash'])
 				);
+
 				q("UPDATE channel SET channel_name = '%s' WHERE channel_hash = '%s'",
 					dbesc($name),
 					dbesc($channel['xchan_hash'])

Zotlabs/Module/Rmagic.php

@@ -12,13 +12,13 @@ class Rmagic extends \Zotlabs\Web\Controller {
 
 		$me = get_my_address();
 		if($me) {
-			$r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0",
+			$r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 				dbesc($me)
 			);
 			if(! $r) {
 				$w = discover_by_webbie($me);
 				if($w) {
-					$r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0",
+					$r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 						dbesc($me)
 					);
 				}
@@ -57,13 +57,13 @@ class Rmagic extends \Zotlabs\Web\Controller {
 
 			$r = null;
 			if($address) {
-				$r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0",
+				$r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 					dbesc($address)
 				);
 				if(! $r) {
 					$w = discover_by_webbie($address);
 					if($w) {
-						$r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0",
+						$r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0 order by hubloc_id desc",
 							dbesc($address)
 						);
 					}

Zotlabs/Module/Rpost.php

@@ -169,16 +169,8 @@ class Rpost extends \Zotlabs\Web\Controller {
 
 		$channel = \App::get_channel();
 
-		if(isset($_REQUEST['acl']) && $_REQUEST['acl']) {
-				$acl = new \Zotlabs\Access\AccessList([]);
-				$acl->set($_REQUEST['acl']);
-				$channel_acl = $acl->get();
-		}
-		else {
-				$acl = new \Zotlabs\Access\AccessList($channel);
-				$channel_acl = $acl->get();
-		}
-
+		$acl = new \Zotlabs\Access\AccessList($channel);
+		$channel_acl = $acl->get();
 
 		if(isset($_REQUEST['url']) && $_REQUEST['url']) {
 			$x = z_fetch_url(z_root() . '/linkinfo?f=&url=' . urlencode($_REQUEST['url']));

Zotlabs/Module/Search.php

@@ -58,7 +58,7 @@ class Search extends Controller {
 
 		$o .= search($search, 'search-box', '/search', ((local_channel()) ? true : false));
 
-		if (local_channel() && strpos($search, 'https://') === 0 && !$update && !$load) {
+		if (local_channel() && str_starts_with($search, 'https://') && !$update && !$load) {
 
 			$url = htmlspecialchars_decode($search);
 
@@ -75,7 +75,7 @@ class Search extends Controller {
 			if ($f) {
 				$mid = $f[0]['message_id'];
 				foreach ($f as $m) {
-					if (strpos($search, $m['message_id']) === 0) {
+					if (str_starts_with($url, $m['message_id'])) {
 						$mid = $m['message_id'];
 						break;
 					}

Zotlabs/Module/Settings/Account.php

@@ -105,6 +105,7 @@ class Account {
 			'$password1'        => array('npassword', t('Enter New Password'), '', ''),
 			'$password2'        => array('confirm', t('Confirm New Password'), '', t('Leave password fields blank unless changing')),
 			'$submit'           => t('Submit'),
+			'$mfa'              => t('Multi-Factor Authentication'),
 			'$email'            => array('email', t('DId2 or Email Address:'), $email, '', '', $attremail),
 			'$email_hidden'     => (($attremail) ? $email : ''),
 			'$removeme'         => t('Remove Account'),

Zotlabs/Module/Settings/Multifactor.php

@@ -0,0 +1,90 @@
+<?php
+
+namespace Zotlabs\Module\Settings;
+
+use App;
+use chillerlan\QRCode\QRCode;
+use Zotlabs\Lib\AConfig;
+use Zotlabs\Lib\System;
+use OTPHP\TOTP;
+use ParagonIE\ConstantTime\Base32;
+
+
+class Multifactor {
+	public function post() {
+		check_form_security_token_redirectOnErr('/settings/multifactor', 'settings_mfa');
+
+		$account = App::get_account();
+		if (!$account) {
+			return;
+		}
+
+		if (empty($_POST['password'])) {
+			notice(t('Password is required') . EOL);
+			return;
+		}
+
+		$password = trim($_POST['password']);
+		if(!account_verify_password($account['account_email'], $password)) {
+			notice(t('The provided password is not correct') . EOL);
+			return;
+		}
+
+		$enable_mfa = isset($_POST['enable_mfa']) ? (int) $_POST['enable_mfa'] : false;
+		AConfig::Set($account['account_id'], 'system', 'mfa_enabled', $enable_mfa);
+		if ($enable_mfa) {
+			$_SESSION['2FA_VERIFIED'] = true;
+		}
+	}
+
+	public function get() {
+		$account = App::get_account();
+		if (!$account) {
+			return '';
+		}
+
+		if (!$account['account_external']) {
+			$otp = TOTP::create();
+			$otp->setLabel($account['account_email']);
+			// $otp->setLabel(rawurlencode(System::get_platform_name()));
+			$otp->setIssuer(rawurlencode(System::get_platform_name()));
+
+			$mySecret = trim(Base32::encodeUpper(random_bytes(32)), '=');
+			$otp = TOTP::create($mySecret);
+			q("UPDATE account set account_external = '%s' where account_id = %d",
+				dbesc($otp->getSecret()),
+				intval($account['account_id'])
+			);
+			$account['account_external'] = $otp->getSecret();
+		}
+
+		$otp = TOTP::create($account['account_external']);
+		$otp->setLabel($account['account_email']);
+		$otp->setIssuer(rawurlencode(System::get_platform_name()));
+		$uri = $otp->getProvisioningUri();
+		return replace_macros(get_markup_template('totp_setup.tpl'),
+			[
+				'$form_security_token' => get_form_security_token("settings_mfa"),
+				'$title' => t('Account Multi-Factor Authentication'),
+				'$secret_text' => t('This is your generated secret. It may be used in some cases if the QR image cannot be read. Please store it in a safe place.'),
+				'$test_title' => t('Please enter the code from your authenticator app'),
+				'$test_title_sub' => t('You will only be able to enable MFA if the test passes'),
+				'$qrcode' => (new QRCode())->render($uri),
+				'$uri' => $uri,
+				'$secret' => ($account['account_external'] ?? ''),
+				'$test_pass' => t("Congratulations, the provided code was correct"),
+				'$test_fail' => t("Incorrect code"),
+				'$enable_mfa' => [
+					'enable_mfa',
+					t('Enable Multi-Factor Authentication'),
+					AConfig::Get($account['account_id'], 'system', 'mfa_enabled'),
+					t('Logging in will require you to be in possession of your smartphone'),
+					[t('No'), t('Yes')]
+				],
+				'$password' => ['password', t('Your account password'), '', t('Required')],
+				'$submit' => t('Submit'),
+				'$test' => t('Test')
+			]
+		);
+	}
+}

Zotlabs/Module/Settings/Privacy.php

@@ -22,6 +22,15 @@ class Privacy {
 		$autoperms = (((x($_POST, 'autoperms')) && (intval($_POST['autoperms']) == 1)) ? 1 : 0);
 		set_pconfig(local_channel(), 'system', 'autoperms', $autoperms);
 
+		$permit_all_mentions = (((x($_POST, 'permit_all_mentions')) && (intval($_POST['permit_all_mentions']) == 1)) ? 1 : 0);
+		set_pconfig(local_channel(), 'system', 'permit_all_mentions', $permit_all_mentions);
+
+		$moderate_unsolicited_comments = (((x($_POST, 'moderate_unsolicited_comments')) && (intval($_POST['moderate_unsolicited_comments']) == 1)) ? 1 : 0);
+		set_pconfig(local_channel(), 'system', 'moderate_unsolicited_comments', $moderate_unsolicited_comments);
+
+		$ocap_enabled = (((x($_POST, 'ocap_enabled')) && (intval($_POST['ocap_enabled']) == 1)) ? 1 : 0);
+		set_pconfig(local_channel(), 'system', 'ocap_enabled', $ocap_enabled);
+
 		$role = get_pconfig(local_channel(), 'system', 'permissions_role');
 		if ($role === 'custom') {
 
@@ -99,6 +108,9 @@ class Privacy {
 		$autoperms = get_pconfig(local_channel(), 'system', 'autoperms');
 		$index_opt_out = get_pconfig(local_channel(), 'system', 'index_opt_out');
 		$group_actor = get_pconfig(local_channel(), 'system', 'group_actor');
+		$permit_all_mentions = get_pconfig(local_channel(), 'system', 'permit_all_mentions');
+		$moderate_unsolicited_comments = get_pconfig(local_channel(), 'system', 'moderate_unsolicited_comments');
+		$ocap_enabled = get_pconfig(local_channel(), 'system', 'ocap_enabled');
 
 		$permissions_role   = get_pconfig(local_channel(), 'system', 'permissions_role', 'custom');
 		$permission_limits  = ($permissions_role === 'custom');
@@ -119,7 +131,10 @@ class Privacy {
 			],
 			'$autoperms' => ['autoperms', t('Automatically approve new contacts'), $autoperms, '', [t('No'), t('Yes')]],
 			'$index_opt_out' => ['index_opt_out', t('Opt-out of search engine indexing'), $index_opt_out, '', [t('No'), t('Yes')]],
-			'$group_actor' => ['group_actor', t('Group actor'), $group_actor, t('Allow this channel to act as a forum'), [t('No'), t('Yes')]]
+			'$group_actor' => ['group_actor', t('Group actor'), $group_actor, t('Allow this channel to act as a forum'), [t('No'), t('Yes')]],
+			'$permit_all_mentions' => ['permit_all_mentions', t('Accept all messages which mention you'), $permit_all_mentions, t('This setting bypasses normal permissions'), [t('No'), t('Yes')]],
+			'$moderate_unsolicited_comments' => ['moderate_unsolicited_comments', t('Accept unsolicited comments for moderation'), $moderate_unsolicited_comments, t('Otherwise they will be silently dropped'), [t('No'), t('Yes')]],
+			'$ocap_enabled' => ['ocap_enabled', t('Enable OCAP access'), $ocap_enabled, t('Grant limited posts the right to access linked private media'), [t('No'), t('Yes')]],
 		]);
 
 		return $o;

Zotlabs/Module/Sse_bs.php

@@ -169,12 +169,12 @@ class Sse_bs extends Controller {
 
 		$sql_extra2 = '';
 		if(self::$xchans)
-			$sql_extra2 = " AND CASE WHEN verb = '" . ACTIVITY_SHARE . "' THEN owner_xchan ELSE author_xchan END IN (" . self::$xchans . ") ";
+			$sql_extra2 = " AND CASE WHEN verb = '" . dbesc(ACTIVITY_SHARE) . "' THEN owner_xchan ELSE author_xchan END IN (" . self::$xchans . ") ";
 
 		$item_normal = item_normal();
 
-		// FEP-5624 filter approvals for comments
-		$approvals = " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject') ";
+		// Filter FEP-5624 approvals for comments and internal follow activities
+		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
 
 		if ($notifications) {
 			$items = q("SELECT * FROM item
@@ -184,7 +184,6 @@ class Sse_bs extends Controller {
 				AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 				AND author_xchan != '%s'
 				$item_normal
-				$approvals
 				$sql_extra
 				$sql_extra2
 				ORDER BY created DESC LIMIT $limit OFFSET $offset",
@@ -214,7 +213,6 @@ class Sse_bs extends Controller {
 			AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 			AND author_xchan != '%s'
 			$item_normal
-			$approvals
 			$sql_extra LIMIT 100",
 			intval(self::$uid),
 			dbesc(self::$ob_hash)
@@ -258,8 +256,8 @@ class Sse_bs extends Controller {
 
 		$item_normal = item_normal();
 
-		// FEP-5624 filter approvals for comments
-		$approvals = " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject') ";
+		// Filter FEP-5624 approvals for comments and internal follow activities
+		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
 
 		if ($notifications) {
 			$items = q("SELECT * FROM item
@@ -269,7 +267,6 @@ class Sse_bs extends Controller {
 				AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 				AND author_xchan != '%s'
 				$item_normal
-				$approvals
 				$sql_extra
 				$sql_extra2
 				ORDER BY created DESC LIMIT $limit OFFSET $offset",
@@ -297,7 +294,6 @@ class Sse_bs extends Controller {
 		$r = q("SELECT id FROM item
 			WHERE uid = %d and item_unseen = 1 AND item_private = 2
 			$item_normal
-			$approvals
 			$sql_extra
 			AND author_xchan != '%s' LIMIT 100",
 			intval(self::$uid),
@@ -343,8 +339,8 @@ class Sse_bs extends Controller {
 
 		$item_normal = item_normal();
 
-		// FEP-5624 filter approvals for comments
-		$approvals = " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject') ";
+		// Filter FEP-5624 approvals for comments and internal follow activities
+		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
 
 		if ($notifications) {
 			$items = q("SELECT * FROM item
@@ -354,7 +350,6 @@ class Sse_bs extends Controller {
 				AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 				AND author_xchan != '%s'
 				$item_normal
-				$approvals
 				$sql_extra
 				$sql_extra2
 				ORDER BY created DESC LIMIT $limit OFFSET $offset",
@@ -382,7 +377,6 @@ class Sse_bs extends Controller {
 		$r = q("SELECT id FROM item
 			WHERE uid = %d and item_unseen = 1 AND item_wall = 1 AND item_private IN (0, 1)
 			$item_normal
-			$approvals
 			$sql_extra
 			AND author_xchan != '%s' LIMIT 100",
 			intval(self::$uid),
@@ -445,8 +439,8 @@ class Sse_bs extends Controller {
 
 		$item_normal = item_normal();
 
-		// FEP-5624 filter approvals for comments
-		$approvals = " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject') ";
+		// Filter FEP-5624 approvals for comments and internal follow activities
+		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
 
 		if ($notifications) {
 			$items = q("SELECT * FROM item
@@ -456,7 +450,6 @@ class Sse_bs extends Controller {
 				AND author_xchan != '%s'
 				AND created > '%s'
 				$item_normal
-				$approvals
 				$sql_extra
 				$sql_extra2
 				ORDER BY created DESC LIMIT $limit OFFSET $offset",
@@ -484,7 +477,6 @@ class Sse_bs extends Controller {
 			WHERE true $uids
 			AND created > '%s'
 			$item_normal
-			$approvals
 			$sql_extra
 			AND author_xchan != '%s' LIMIT 100",
 			dbescdate($_SESSION['static_loadtime']),
@@ -586,29 +578,23 @@ class Sse_bs extends Controller {
 				$p_str = ids_to_querystr($p, 'parent');
 				$p_sql = (($p_str) ? "OR parent IN ( $p_str )" : '');
 
-				$r = q("select mid from item
+				$r = q("select count(*) as total from item
 					where uid = %d and ( owner_xchan = '%s' OR author_xchan = '%s' $p_sql ) and item_unseen = 1 $sql_extra $item_normal",
 					intval(self::$uid),
 					dbesc($forums[$x]['xchan_hash']),
 					dbesc($forums[$x]['xchan_hash'])
 				);
 
-				if($r) {
-					$mids = flatten_array_recursive($r);
-					$b64mids = [];
-
-					foreach($mids as $mid)
-						$b64mids[] =  gen_link_id($mid);
+				if($r[0]['total']) {
 
 					$forums[$x]['notify_link'] = z_root() . '/network/?f=&pf=1&unseen=1&cid=' . $forums[$x]['abook_id'];
 					$forums[$x]['name'] = $forums[$x]['xchan_name'];
 					$forums[$x]['addr'] = $forums[$x]['xchan_addr'] ?? $forums[$x]['xchan_url'];
 					$forums[$x]['url'] = $forums[$x]['xchan_url'];
 					$forums[$x]['photo'] = $forums[$x]['xchan_photo_s'];
-					$forums[$x]['unseen'] = count($b64mids);
+					$forums[$x]['unseen'] = $r[0]['total'];
 					$forums[$x]['private_forum'] = ((isset($forums[$x]['private_forum']) && $forums[$x]['private_forum']) ? 'lock' : '');
 					$forums[$x]['message'] = ((isset($forums[$x]['private_forum']) && $forums[$x]['private_forum']) ? t('Private forum') : t('Public forum'));
-					$forums[$x]['mids'] = json_encode($b64mids);
 
 					unset($forums[$x]['abook_id']);
 					unset($forums[$x]['xchan_hash']);
@@ -616,7 +602,7 @@ class Sse_bs extends Controller {
 					unset($forums[$x]['xchan_url']);
 					unset($forums[$x]['xchan_photo_s']);
 
-					$i = $i + count($mids);
+					$i = $i + $r[0]['total'];
 
 				}
 				else {
@@ -647,6 +633,10 @@ class Sse_bs extends Controller {
 
 		$item_normal = item_normal();
 
+		// Filter FEP-5624 approvals for comments and internal follow activities
+		$item_normal .= " AND verb NOT IN ('" . dbesc(ACTIVITY_ATTEND) . "', 'Accept', '" . dbesc(ACTIVITY_ATTENDNO) . "', 'Reject', '" . dbesc(ACTIVITY_FOLLOW) . "') ";
+
+
 		$r = q("SELECT * FROM item
 			WHERE verb = '%s'
 			AND obj_type IN ('Document', 'Video', 'Audio', 'Image')

Zotlabs/Module/Totp_check.php

@@ -0,0 +1,86 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use App;
+use Zotlabs\Web\Controller;
+use OTPHP\TOTP;
+
+class Totp_check extends Controller {
+
+	public function post() {
+		$retval = ['status' => false];
+		$static = $_POST['totp_code_static'] ?? false;
+
+		if (!local_channel()) {
+			if ($static) {
+				goaway(z_root());
+			}
+
+			json_return_and_die($retval);
+		}
+
+		$account = App::get_account();
+		if (!$account) {
+			json_return_and_die($retval);
+		}
+
+		$secret = $account['account_external'];
+		$input = (isset($_POST['totp_code'])) ? trim($_POST['totp_code']) : '';
+
+		if ($secret && $input) {
+			$otp = TOTP::create($secret); // create TOTP object from the secret.
+			if ($otp->verify($_POST['totp_code']) || $input === $secret ) {
+				logger('otp_success');
+				$_SESSION['2FA_VERIFIED'] = true;
+
+				if ($static) {
+					goaway(z_root());
+				}
+
+				$retval['status'] = true;
+				json_return_and_die($retval);
+			}
+			logger('otp_fail');
+		}
+
+		if ($static) {
+			if(empty($_SESSION['totp_try_count'])) {
+				$_SESSION['totp_try_count'] = 1;
+			}
+
+			if ($_SESSION['totp_try_count'] > 2) {
+				goaway('logout');
+			}
+
+			$_SESSION['totp_try_count']++;
+			goaway(z_root());
+		}
+
+		json_return_and_die($retval);
+	}
+
+	public function get() {
+
+		if (!local_channel() || App::$module === 'totp_check') {
+			goaway(z_root());
+		}
+
+		$account = App::get_account();
+		if (!$account) {
+			return t('Account not found.');
+		}
+
+		$id = $account['account_email'];
+
+		return replace_macros(get_markup_template('totp.tpl'),
+			[
+				'$header' => t('Multifactor Verification'),
+				'$id' => $id,
+				'$desc'   => t('Please enter the verification key from your authenticator app'),
+				'$submit' => t('Verify')
+			]
+		);
+	}
+}
+

Zotlabs/Module/Wall_attach.php

@@ -18,10 +18,10 @@ class Wall_attach extends \Zotlabs\Web\Controller {
 
 
 	function post() {
-	
+
 		$using_api = false;
 
-		$result = [];	
+		$result = [];
 
 		if($_REQUEST['api_source'] && array_key_exists('media',$_FILES)) {
 			$using_api = true;
@@ -69,7 +69,7 @@ class Wall_attach extends \Zotlabs\Web\Controller {
 				];
 			}
 		}
-		else {	
+		else {
 			if(! array_key_exists('userfile',$_FILES)) {
 				$_FILES['userfile'] = [
 					'name'     => $_FILES['files']['name'],
@@ -82,18 +82,18 @@ class Wall_attach extends \Zotlabs\Web\Controller {
 		}
 
 		$observer = \App::get_observer();
-	
-	
+
+
 		$def_album  = get_pconfig($channel['channel_id'],'system','photo_path');
 		$def_attach = get_pconfig($channel['channel_id'],'system','attach_path');
-	
-		$r = attach_store($channel,(($observer) ? $observer['xchan_hash'] : ''),'', array('source' => 'editor', 'visible' => 0, 'album' => $def_album, 'directory' => $def_attach, 'allow_cid' => '<' . $channel['channel_hash'] . '>'));
+
+		$r = attach_store($channel,(($observer) ? $observer['xchan_hash'] : ''),'', array('source' => 'editor', 'visible' => 0, 'album' => $def_album, 'directory' => $def_attach, 'flags' => 1, 'allow_cid' => '<' . $channel['channel_hash'] . '>'));
 
 		if(! $r['success']) {
 			notice( $r['message'] . EOL);
 			killme();
 		}
-	
+
 		if(intval($r['data']['is_photo'])) {
 			$s = "\n\n" . $r['body'] . "\n\n";
 		}
@@ -130,7 +130,7 @@ class Wall_attach extends \Zotlabs\Web\Controller {
 					logger('unable to read svg data file: ' . 'store/' . $channel['channel_address'] . '/' . $r['data']['os_path']);
 				}
 			}
-						
+
 			$s .=  "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n";
 		}
 
@@ -144,8 +144,8 @@ class Wall_attach extends \Zotlabs\Web\Controller {
 
 		$result['message'] = $s;
 		json_return_and_die($result);
-		
+
 	}
-	
+
 
 }

Zotlabs/Module/Wall_upload.php

@@ -12,7 +12,6 @@ class Wall_upload extends \Zotlabs\Web\Controller {
 
 	function post() {
 
-
 		$using_api = ((x($_FILES,'media')) ? true : false);
 
 		if($using_api) {

Zotlabs/Module/Wfinger.php

@@ -76,7 +76,10 @@ class Wfinger extends \Zotlabs\Web\Controller {
 				}
 			}
 			else {
-				$r = channelx_by_nick($channel);
+				// Also provide already deleted channels info here.
+				// This is required in the case where we need to verify keys
+				// of updates which we have got via directory sync.
+				$r = channelx_by_nick($channel, true);
 			}
 		}
 
@@ -94,10 +97,6 @@ class Wfinger extends \Zotlabs\Web\Controller {
 					'href' => z_root() . '/owa',
 				],
 			];
-
-
-
-
 		}
 
 		if($resource && $r) {

Zotlabs/Thumbs/Epubthumb.php

@@ -30,9 +30,14 @@ class Epubthumb {
 	 */
 	function Thumb($attach, $preview_style, $height = 300, $width = 300) {
 
+		$file = dbunescbin($attach['content']);
+		if (!$file) {
+			return;
+		}
+
 		$photo = false;
 
-		$ep = new \EPub(dbunescbin($attach['content']));
+		$ep = new \EPub($file);
 		$data = $ep->Cover();
 
 		if($data['found']) {

Zotlabs/Thumbs/Mp3audio.php

@@ -11,9 +11,16 @@ class Mp3audio {
 	}
 
 	function Thumb($attach,$preview_style,$height = 300, $width = 300) {
+
+		$file = dbunescbin($attach['content']);
+		if (!$file) {
+			return;
+		}
+
+		$photo = false;
 		$p = new ID3Parser();
 
-        $id = $p->analyze(dbunescbin($attach['content']));
+        $id = $p->analyze($file);
 
         $photo = isset($id['id3v2']['APIC'][0]['data']) ? $id['id3v2']['APIC'][0]['data'] : null;
         if(is_null($photo) && isset($id['id3v2']['PIC'][0]['data'])) {

Zotlabs/Thumbs/Pdf.php

@@ -11,9 +11,13 @@ class Pdf {
 
 	function Thumb($attach,$preview_style,$height = 300, $width = 300) {
 
+		$file = dbunescbin($attach['content']);
+		if (!$file) {
+			return;
+		}
+
 		$photo = false;
 
-		$file = dbunescbin($attach['content']);
 		$tmpfile = $file . '.pdf';
 		$outfile = $file . '.jpg';
 

Zotlabs/Thumbs/Text.php

@@ -11,7 +11,12 @@ class Text {
 
 	function Thumb($attach,$preview_style,$height = 300, $width = 300) {
 
-		$stream = @fopen(dbunescbin($attach['content']),'rb');
+		$file = dbunescbin($attach['content']);
+		if (!$file) {
+			return;
+		}
+
+		$stream = @fopen($file,'rb');
 		if($stream) {
 			$content = trim(stream_get_contents($stream,4096));
 			$content = str_replace("\r",'',$content);
@@ -25,13 +30,13 @@ class Text {
 			$colour = imagecolorallocate($image,0,0,0);
 			$border = imagecolorallocate($image,208,208,208);
 
-			$x1 = 0; 
-			$y1 = 0; 
-			$x2 = ImageSX($image) - 1; 
-			$y2 = ImageSY($image) - 1; 
+			$x1 = 0;
+			$y1 = 0;
+			$x2 = ImageSX($image) - 1;
+			$y2 = ImageSY($image) - 1;
 
-			for($i = 0; $i < 2; $i++) { 
-				ImageRectangle($image, $x1++, $y1++, $x2--, $y2--, $border); 
+			for($i = 0; $i < 2; $i++) {
+				ImageRectangle($image, $x1++, $y1++, $x2--, $y2--, $border);
 			}
 
 			foreach($content_a as $l => $t) {
@@ -46,4 +51,4 @@ class Text {
 			imagejpeg($image,dbunescbin($attach['content']) . '.thumb');
 		}
 	}
-}
+}

Zotlabs/Thumbs/Video.php

@@ -11,16 +11,19 @@ class Video {
 
 	function Thumb($attach,$preview_style,$height = 300, $width = 300) {
 
+		$file = dbunescbin($attach['content']);
+		if (!$file) {
+			return;
+		}
+
 		$photo = false;
 
 		$t = explode('/',$attach['filetype']);
 		if($t[1])
 			$extension = '.' . $t[1];
 		else
-			return; 
+			return;
 
-
-		$file = dbunescbin($attach['content']);
 		$tmpfile = $file . $extension;
 		$outfile = $file . '.jpg';
 
@@ -40,7 +43,7 @@ class Video {
 
 
 		$ffmpeg = trim(shell_exec('which ffmpeg'));
-		if($ffmpeg) { 
+		if($ffmpeg) {
 			logger('ffmpeg not found in path. Video thumbnails may fail.');
 		}
 
@@ -59,7 +62,7 @@ class Video {
 				@rename($outfile,$file . '.thumb');
 			}
 		}
-	
+
 		@unlink($tmpfile);
 	}
 }

Zotlabs/Update/_1256.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1256 {
+
+	function run() {
+
+		dbq("START TRANSACTION");
+
+		$r1 = dbq("TRUNCATE TABLE updates");
+
+		if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
+			$r2a = dbq("ALTER TABLE updates add ud_update numeric(1) NOT NULL DEFAULT '0'");
+			$r2b = dbq("CREATE INDEX ud_update ON updates (ud_update)");
+
+			$r2 = ($r2a && $r2b);
+		}
+
+		if(ACTIVE_DBTYPE == DBTYPE_MYSQL) {
+			$r2 = dbq("ALTER TABLE updates add ud_update tinyint(1) NOT NULL DEFAULT '0',
+				ADD INDEX (ud_update);"
+			);
+		}
+
+		if($r1 && $r2) {
+			dbq("COMMIT");
+			return UPDATE_SUCCESS;
+		}
+
+		q("ROLLBACK");
+		return UPDATE_FAILED;
+
+	}
+
+}

Zotlabs/Update/_1257.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1257 {
+
+	function run() {
+
+		dbq("START TRANSACTION");
+
+		$r1 = dbq("TRUNCATE TABLE updates");
+
+		if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
+			$r2 = dbq("ALTER TABLE updates add ud_host text NOT NULL DEFAULT ''");
+		}
+
+		if(ACTIVE_DBTYPE == DBTYPE_MYSQL) {
+			$r2 = dbq("ALTER TABLE updates add ud_host varchar(191) NOT NULL DEFAULT ''");
+		}
+
+		$r3 = dbq("ALTER TABLE updates DROP COLUMN ud_guid");
+
+		if($r1 && $r2 && $r3) {
+			dbq("COMMIT");
+			return UPDATE_SUCCESS;
+		}
+
+		q("ROLLBACK");
+		return UPDATE_FAILED;
+
+	}
+
+}

Zotlabs/Update/_1258.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace Zotlabs\Update;
+
+class _1258 {
+
+	function run() {
+
+		dbq("DELETE FROM pconfig WHERE cat = 'channelreputation'");
+		dbq("DELETE FROM iconfig WHERE cat = 'channelreputation'");
+
+	}
+
+}

Zotlabs/Web/HTTPSig.php

@@ -4,7 +4,7 @@ namespace Zotlabs\Web;
 
 use DateTime;
 use DateTimeZone;
-use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\Activity;
 use Zotlabs\Lib\Crypto;
 use Zotlabs\Lib\Keyutils;
 use Zotlabs\Lib\Webfinger;
@@ -303,7 +303,8 @@ class HTTPSig {
 
 		// $force is used to ignore the local cache and only use the remote data; for instance the cached key might be stale
 		if (!$force) {
-			$x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where (hubloc_id_url = '%s' or hubloc_hash = '%s') and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc",
+			$x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where (hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s') and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc",
+				dbesc(str_replace('acct:', '', $url)),
 				dbesc($url),
 				dbesc($url)
 			);
@@ -323,7 +324,7 @@ class HTTPSig {
 		}
 
 		// The record wasn't in cache. Fetch it now.
-		$r = ActivityStreams::fetch($id);
+		$r = Activity::fetch($id);
 		$signatureAlgorithm = EMPTY_STR;
 
 		if ($r) {
@@ -378,7 +379,9 @@ class HTTPSig {
 		$best = [];
 
 		if (!$force) {
-			$x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc",
+			$x = q("select * from xchan join hubloc on xchan_hash = hubloc_hash where (hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s') and hubloc_network in ('zot6', 'activitypub') order by hubloc_id desc",
+				dbesc(str_replace('acct:', '', $id)),
+				dbesc($id),
 				dbesc($id)
 			);
 

Zotlabs/Widget/Channel_activities.php

@@ -179,7 +179,7 @@ class Channel_activities {
 
 		$account = App::get_account();
 
-		$r = q("SELECT channel_id, channel_name, xchan_photo_s FROM channel
+		$r = q("SELECT channel_id, channel_name, xchan_addr, xchan_photo_s FROM channel
 			LEFT JOIN xchan ON channel_hash = xchan_hash
 			WHERE channel_account_id = %d
 			AND channel_id != %d AND channel_removed = 0",
@@ -223,7 +223,7 @@ class Channel_activities {
 			$i[] = [
 				'url' => z_root() . '/manage/' . $rr['channel_id'],
 				'title' => '',
-				'summary' => '<img src="' . $rr['xchan_photo_s'] . '" class="menu-img-2">' . $rr['channel_name'],
+				'summary' => '<div class="text-truncate lh-sm"><img src="' . $rr['xchan_photo_s'] . '" class="menu-img-2">' . '<strong>' . $rr['channel_name'] . '</strong><br><small class="opacity-75">' . $rr['xchan_addr'] . '</small></div>',
 				'footer' => $footer
 			];
 

Zotlabs/Widget/Messages.php

@@ -35,7 +35,8 @@ class Messages {
 				'notice_messages_title' => t('Notices'),
 				'loading' => t('Loading'),
 				'empty' => t('No messages'),
-				'unseen_count' => t('Unseen')
+				'unseen_count' => t('Unseen'),
+				'filter' => t('Filter by name or address')
 			]
 		]);
 
@@ -47,7 +48,8 @@ class Messages {
 			return;
 
 		$offset = $options['offset'] ?? 0;
-		$type = $options['type'] ?? 'default';
+		$type = $options['type'] ?? '';
+		$author = $options['author'] ?? '';
 
 		if ($offset == -1) {
 			return;
@@ -58,15 +60,19 @@ class Messages {
 		}
 
 		$channel = App::get_channel();
-		$item_normal_i = str_replace('item.', 'i.', item_normal());
-		$item_normal_c = str_replace('item.', 'c.', item_normal());
+		$item_normal = item_normal();
+		$item_normal .= " and item.verb != '" . ACTIVITY_FOLLOW . "'";
+		$item_normal_i = str_replace('item.', 'i.', $item_normal);
+		$item_normal_c = str_replace('item.', 'c.', $item_normal);
 		$entries = [];
 		$limit = 30;
 		$dummy_order_sql = '';
+		$author_sql = '';
 		$loadtime = (($offset) ? $_SESSION['messages_loadtime'] : datetime_convert());
 		$vnotify = get_pconfig(local_channel(), 'system', 'vnotify', -1);
 
-		$vnotify_sql = '';
+		$vnotify_sql_c = '';
+		$vnotify_sql_i = '';
 
 		if (!($vnotify & VNOTIFY_LIKE)) {
 			$vnotify_sql_c = " AND c.verb NOT IN ('" . dbesc(ACTIVITY_LIKE) . "', '" . dbesc(ACTIVITY_DISLIKE) . "') ";
@@ -77,6 +83,10 @@ class Messages {
 			$vnotify_sql_i = " AND i.verb NOT IN ('" . dbesc(ACTIVITY_DISLIKE) . "') ";
 		}
 
+		if($author) {
+			$author_sql = " AND i.owner_xchan = '" . protect_sprintf(dbesc($author)) . "' ";
+		}
+
 		switch($type) {
 			case 'direct':
 				$type_sql = ' AND i.item_private = 2 ';
@@ -100,6 +110,7 @@ class Messages {
 			AND i.created <= '%s'
 			$type_sql
 			AND i.item_thread_top = 1
+			$author_sql
 			$item_normal_i
 			ORDER BY i.created DESC $dummy_order_sql
 			LIMIT $limit OFFSET $offset",
@@ -153,7 +164,7 @@ class Messages {
 				$summary = '...';
 			}
 			else {
-				$summary = substr_words($summary, 68);
+				$summary = substr_words($summary, 140);
 			}
 
 			switch(intval($item['item_private'])) {
@@ -169,6 +180,7 @@ class Messages {
 
 			$entries[$i]['author_name'] = $item['author']['xchan_name'];
 			$entries[$i]['author_addr'] = (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']);
+			$entries[$i]['author_img'] = $item['author']['xchan_photo_s'];
 			$entries[$i]['info'] = $info;
 			$entries[$i]['created'] = datetime_convert('UTC', date_default_timezone_get(), $item['created']);
 			$entries[$i]['summary'] = $summary;
@@ -240,6 +252,7 @@ class Messages {
 		if (!local_channel())
 			return;
 
+
 		$limit  = 30;
 
 		$offset = 0;
@@ -247,7 +260,14 @@ class Messages {
 			$offset = intval($options['offset']);
 		}
 
-		$notices = q("SELECT * FROM notify WHERE uid = %d
+		$author_url = $options['author'] ?? '';
+		$author_sql = '';
+
+		if($author_url) {
+			$author_sql = " AND url = '" . protect_sprintf(dbesc($author_url)) . "' ";
+		}
+
+		$notices = q("SELECT * FROM notify WHERE uid = %d $author_sql
 			ORDER BY created DESC LIMIT $limit OFFSET $offset",
 			intval(local_channel())
 		);
@@ -265,6 +285,7 @@ class Messages {
 
 			$entries[$i]['author_name'] = $notice['xname'];
 			$entries[$i]['author_addr'] = $notice['url'];
+			$entries[$i]['author_img'] = $notice['photo'];// $item['author']['xchan_photo_s'];
 			$entries[$i]['info'] = '';
 			$entries[$i]['created'] = datetime_convert('UTC', date_default_timezone_get(), $notice['created']);
 			$entries[$i]['summary'] = $summary;

Zotlabs/Widget/Pinned.php

@@ -42,6 +42,8 @@ class Pinned {
 
 		$observer = \App::get_observer();
 
+		xchan_query($items);
+
 		foreach($items as $item) {
 
 			$midb64 = gen_link_id($item['mid']);
@@ -49,8 +51,8 @@ class Pinned {
 			if(isset($observer['xchan_hash']) && in_array($observer['xchan_hash'], get_pconfig($item['uid'], 'pinned_hide', $midb64, [])))
 				continue;
 
-			$author = channelx_by_hash($item['author_xchan']);
-			$owner = channelx_by_hash($item['owner_xchan']);
+			$author = $item['author'];
+			$owner = $item['owner'];
 
 			$profile_avatar = $author['xchan_photo_m'];
 			$profile_link = chanlink_hash($item['author_xchan']);
@@ -65,7 +67,7 @@ class Pinned {
 
 			$conv_responses = [];
 
-			if($item['obj_type'] === ACTIVITY_OBJ_EVENT) {
+			if(in_array($item['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) {
 				$conv_responses['attendyes'] = [ 'title' => t('Attending','title') ];
 				$conv_responses['attendno'] = [ 'title' => t('Not attending','title') ];
 				$conv_responses['attendmaybe'] = [ 'title' => t('Might attend','title') ];
@@ -159,7 +161,9 @@ class Pinned {
 				'hide'		 => (! $is_new && isset($observer['xchan_hash']) && $observer['xchan_hash'] != $owner['xchan_hash'] ? t("Don't show") : ''),
 				// end toolbar buttons
 				'modal_dismiss' => t('Close'),
-				'responses'	 => $conv_responses
+				'responses'	 => $conv_responses,
+				'author_id' => (($author['xchan_addr']) ? $author['xchan_addr'] : $author['xchan_url'])
+
 			];
 
 			$tpl = get_markup_template('pinned_item.tpl');

boot.php

@@ -60,10 +60,10 @@ require_once('include/bbcode.php');
 require_once('include/items.php');
 
 define('PLATFORM_NAME', 'hubzilla');
-define('STD_VERSION', '8.0');
+define('STD_VERSION', '8.6.3');
 define('ZOT_REVISION', '6.0');
 
-define('DB_UPDATE_VERSION', 1255);
+define('DB_UPDATE_VERSION', 1258);
 
 define('PROJECT_BASE', __DIR__);
 
@@ -84,6 +84,10 @@ define('DIRECTORY_MODE_PRIMARY', 0x0001); // There can only be *one* primary dir
 define('DIRECTORY_MODE_SECONDARY', 0x0002); // All other mirror directory servers
 define('DIRECTORY_MODE_STANDALONE', 0x0100); // A detached (off the grid) hub with itself as directory server.
 
+define('DIRECTORY_FLAG_OK',     0);
+define('DIRECTORY_FLAG_UNSAFE', 1);
+define('DIRECTORY_FLAG_HIDDEN', 2);
+
 // We will look for upstream directories whenever me make contact
 // with other sites, but if this is a new installation and isn't
 // a standalone hub, we need to seed the service with a starting
@@ -96,8 +100,7 @@ define('DIRECTORY_FALLBACK_MASTER', 'https://hub.netzgemeinde.eu');
 function get_directory_fallback_servers() {
 	$ret = [
 		'https://hub.netzgemeinde.eu',
-		'https://zotsite.net',
-		'https://hub.libranet.de'
+		'https://zotsite.net'
 	];
 
 	return $ret;
@@ -364,11 +367,6 @@ define('POLL_TENSCALE', 0x0002);  // 1-10
 define('POLL_MULTIPLE_CHOICE', 0x0004);
 define('POLL_OVERWRITE', 0x8000);  // If you vote twice remove the prior entry
 
-
-define('UPDATE_FLAGS_UPDATED', 0x0001);
-define('UPDATE_FLAGS_FORCED', 0x0002);
-define('UPDATE_FLAGS_DELETED', 0x1000);
-
 define('HUBLOC_OFFLINE', 0x0001);
 
 define('DROPITEM_NORMAL', 0);
@@ -1862,10 +1860,9 @@ function can_view_public_stream() {
 		}
 	}
 
-	$site_firehose = ((intval(get_config('system', 'site_firehose', 0))) ? true : false);
 	$net_firehose  = ((get_config('system', 'disable_discover_tab', 1)) ? false : true);
 
-	if (!($site_firehose || $net_firehose)) {
+	if (!$net_firehose) {
 		return false;
 	}
 

composer.json

@@ -41,11 +41,13 @@
         "lukasreschke/id3parser": "^0.0.3",
         "smarty/smarty": "^4.1",
         "ramsey/uuid": "^4.1",
-        "twbs/bootstrap": "^5.0.1",
+        "twbs/bootstrap": "^5.3",
         "blueimp/jquery-file-upload": "^10.3",
         "desandro/imagesloaded": "^4.1",
         "phpseclib/phpseclib": "~2.0",
-        "jbroadway/urlify": "^1.2"
+        "jbroadway/urlify": "^1.2",
+        "chillerlan/php-qrcode": "^4.3",
+        "spomky-labs/otphp": "^11.1"
     },
     "require-dev": {
         "phpunit/phpunit": "^9.4",

doc/hooklist.bb

@@ -443,7 +443,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	Called when a magic-auth was successful
 
 [zrl=[baseurl]/help/hook/main_slider]main_slider[/zrl]
-	Called whne generating the affinity tool
+	Called when generating the affinity tool
 
 [zrl=[baseurl]/help/hook/marital_selector]marital_selector[/zrl]
 	Called when generating the list of choices for the 'marital status' profile dropdown (advanced profile)

images/default_cover_photos/hubzilla/cover.svg

@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="210mm"
+   height="297mm"
+   viewBox="0 0 210 297"
+   version="1.1"
+   id="svg5"
+   inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
+   sodipodi:docname="cover.svg"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <sodipodi:namedview
+     id="namedview7"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:document-units="mm"
+     showgrid="false"
+     inkscape:zoom="0.094804191"
+     inkscape:cx="2019.9529"
+     inkscape:cy="-1128.6421"
+     inkscape:window-width="1440"
+     inkscape:window-height="831"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:current-layer="layer1" />
+  <defs
+     id="defs2" />
+  <g
+     inkscape:label="Ebene 1"
+     inkscape:groupmode="layer"
+     id="layer1">
+    <rect
+       style="fill:#c83771;stroke-width:0.264999;stop-color:#000000"
+       id="rect111"
+       width="1200"
+       height="435"
+       x="-554.39471"
+       y="-88.229851"
+       inkscape:export-filename="1200.png"
+       inkscape:export-xdpi="25.4"
+       inkscape:export-ydpi="25.4" />
+    <path
+       d="m -49.632961,-275.98711 c 41.1402495,20.31029 79.11616,59.36325 98.93794,101.55051 7.83678,18.87322 16.06483,37.48582 14.3668,81.305955 -1.47011,39.509911 -4.24319,55.052081 -16.55487,81.239731 -32.58551,69.55035 -96.71568,116.048784 -169.958999,120.815394 l -39.57518,2.67788 -13.87676,55.05207 c -11.6583,45.84517 -12.73334,61.25731 -12.73334,61.25731 13.22338,14.04083 43.26374,22.72602 55.83374,55.24839 17.14367,33.14275 15.18352,80.19576 -6.72376,107.42783 -35.85241,44.40762 -89.30435,57.73041 -136.35923,33.17565 -42.7737,-22.46543 -65.209,-78.0407 -51.85267,-126.69371 3.19853,-12.30971 -0.52422,-16.06441 -51.85267,-49.72982 l -55.60961,-36.89738 -20.30802,16.58754 c -96.74987,77.518 -238.46531,9.07684 -237.90689,-115.46082 0,-80.195794 63.67052,-142.692854 145.40021,-142.203044 41.14405,0 65.76362,9.07782 96.22944,36.8983604 l 22.4315,20.3093396 49.72918,-25.1422396 50.2876,-24.5881204 -5.35621,-17.63249 c -7.51009,-26.18712 -5.87664,-84.439736 3.20233,-113.860256 10.18439,-35.26497 41.72905,-79.11751 71.67065,-101.02734 60.96202,-44.96317 144.32516,-52.99608 210.609209,-20.34315 z m -367.344829,453.22173 111.44335,76.60315 c 0,0 33.8277,-28.50571 79.67458,-32.52188 l 28.53606,-121.14186 c 0,0 -88.16094,-28.539064 -113.14139,-90.4486536 L -413.74508,58.704806 c 0,0 24.42204,60.995264 -3.19853,118.464054 z"
+       id="path11720"
+       style="fill:#a02c5a;stroke-width:0.264582"
+       inkscape:export-filename="/home/mario/path11720.png"
+       inkscape:export-xdpi="270"
+       inkscape:export-ydpi="270" />
+    <path
+       d="m 692.60113,-48.906947 c 25.73115,12.703053 49.48314,37.128692 61.88066,63.514677 4.90151,11.80424 10.04773,23.445476 8.9857,50.852742 -0.91949,24.711441 -2.65391,34.432268 -10.35423,50.811388 -20.38058,43.5002 -60.49073,72.58261 -106.30069,75.56387 l -24.75227,1.67488 -8.67921,34.43227 c -7.29166,28.67381 -7.96405,38.31334 -7.96405,38.31334 8.27056,8.78182 27.05927,14.21395 34.92115,34.55505 10.7225,20.72909 9.49652,50.15836 -4.20536,67.19064 -22.42386,27.7747 -55.85532,36.10743 -85.28576,20.74967 -26.75277,-14.05098 -40.7849,-48.81048 -32.43119,-79.24046 2.00051,-7.69911 -0.32789,-10.04748 -32.4312,-31.10347 l -34.78099,-23.07744 -12.70164,10.37467 c -60.5121,48.48356 -149.14791,5.6771 -148.79864,-72.21488 0,-50.15837 39.82267,-89.24713 90.94043,-88.94078 25.73351,0 41.13179,5.67774 60.18661,23.07808 l 14.02977,12.70246 31.10306,-15.7252 31.45233,-15.37861 -3.35004,-11.028315 c -4.69717,-16.378699 -3.67553,-52.812744 2.00291,-71.213777 6.3698,-22.0564475 26.09939,-49.483992 44.82634,-63.187472 38.12863,-28.122168 90.26804,-33.146349 131.72533,-12.723604 z m -229.75547,283.467197 69.70213,47.91138 c 0,0 21.15752,-17.82888 49.8324,-20.34079 l 17.84786,-75.76806 c 0,0 -55.14019,-17.84973 -70.76418,-56.57102 l -64.59631,30.63414 c 0,0 15.27474,38.14942 -2.00053,74.09323 z"
+       id="path11720-7"
+       style="fill:#a02c5a;stroke-width:0.264582"
+       inkscape:export-filename="/home/mario/path11720.png"
+       inkscape:export-xdpi="270"
+       inkscape:export-ydpi="270" />
+  </g>
+</svg>

include/account.php

@@ -1117,6 +1117,7 @@ function account_service_class_allows($aid, $property, $usage = false) {
  */
 function service_class_fetch($uid, $property) {
 
+	$service_class = null;
 
 	if($uid == local_channel()) {
 		$service_class = App::$account['account_service_class'];
@@ -1127,7 +1128,7 @@ function service_class_fetch($uid, $property) {
 				where c.channel_account_id=a.account_id and c.channel_id= %d limit 1",
 				intval($uid)
 		);
-		if($r !== false and count($r)) {
+		if($r) {
 			$service_class = $r[0]['service_class'];
 		}
 	}
@@ -1161,7 +1162,7 @@ function account_service_class_fetch($aid, $property) {
 	$r = q("select account_service_class as service_class from account where account_id = %d limit 1",
 		intval($aid)
 	);
-	if($r !== false && count($r)) {
+	if($r) {
 		$service_class = $r[0]['service_class'];
 	}
 

include/attach.php

@@ -220,7 +220,7 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $
 		$sql_extra .= protect_sprintf(" and filetype like '%" . dbesc($filetype) . "%' ");
 
 	if($entries)
-		$limit = " limit " . intval($start) . ", " . intval($entries) . " ";
+		$limit = " LIMIT " . intval($entries) . " OFFSET " . intval($start) . " ";
 
 	if(! $since)
 		$since = NULL_DATE;
@@ -254,7 +254,7 @@ function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $
  * @param int $rev (optional) Revision default 0
  * @return array
  */
-function attach_by_hash($hash, $observer_hash, $rev = 0) {
+function attach_by_hash($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) {
 
 	$ret = array('success' => false);
 
@@ -274,7 +274,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) {
 		return $ret;
 	}
 
-	if(! attach_can_view($r[0]['uid'], $observer_hash, $hash)) {
+	if(! attach_can_view($r[0]['uid'], $observer_hash, $hash, $token)) {
 		$ret['message'] = t('Permission denied.');
 		return $ret;
 	}
@@ -311,7 +311,7 @@ function attach_by_hash($hash, $observer_hash, $rev = 0) {
  * @param string $observer_hash
  * @return array
  */
-function attach_by_id($id, $observer_hash) {
+function attach_by_id($id, $observer_hash, $token = EMPTY_STR) {
 
 	$ret = array('success' => false);
 
@@ -325,7 +325,7 @@ function attach_by_id($id, $observer_hash) {
 		return $ret;
 	}
 
-	if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'])) {
+	if(! attach_can_view($r[0]['uid'], $observer_hash, $r[0]['hash'], $token)) {
 		$ret['message'] = t('Permission denied.');
 		return $ret;
 	}
@@ -338,49 +338,56 @@ function attach_by_id($id, $observer_hash) {
 	return $ret;
 }
 
-function attach_can_view($uid,$ob_hash,$resource) {
+function attach_can_view($uid, $ob_hash, $resource, $token = EMPTY_STR) {
 
-	$sql_extra = permissions_sql($uid,$ob_hash);
-	$hash = $resource;
-
-	if(! perm_is_allowed($uid,$ob_hash,'view_storage')) {
-		return false;
+	if (!$token) {
+		if(! perm_is_allowed($uid, $ob_hash, 'view_storage')) {
+			return false;
+		}
 	}
 
+	$sql_extra = permissions_sql($uid, $ob_hash, '', $token);
+
 	$r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra",
-		dbesc($hash),
+		dbesc($resource),
 		intval($uid)
 	);
-	if(! $r) {
+
+	if(!$r) {
 		return false;
 	}
 
-	return attach_can_view_folder($uid,$ob_hash,$r[0]['folder']);
+	// don't perform recursive folder check when using OCAP. Only when using ACL access.
+	// For OCAP if the token is valid they can see the thing.
+
+	if ($token) {
+		return true;
+	}
+
+	return attach_can_view_folder($uid, $ob_hash, $r[0]['folder'], $token);
 
 }
 
 
 
-function attach_can_view_folder($uid,$ob_hash,$folder_hash) {
+function attach_can_view_folder($uid, $ob_hash, $folder_hash, $token = EMPTY_STR) {
 
-	$sql_extra = permissions_sql($uid,$ob_hash);
-	$hash = $folder_hash;
-
-	if(! $folder_hash) {
-		return perm_is_allowed($uid,$ob_hash,'view_storage');
+	if(!$folder_hash && !$token) {
+		return perm_is_allowed($uid, $ob_hash, 'view_storage');
 	}
 
+	$sql_extra = permissions_sql($uid, $ob_hash, '', $token);
 
 	do {
 		$r = q("select folder from attach where hash = '%s' and uid = %d $sql_extra",
-			dbesc($hash),
+			dbesc($folder_hash),
 			intval($uid)
 		);
 		if(! $r)
 			return false;
 
-		$hash = $r[0]['folder'];
-	} while($hash);
+		$folder_hash = $r[0]['folder'];
+	} while($folder_hash);
 
 	return true;
 }
@@ -400,7 +407,7 @@ function attach_can_view_folder($uid,$ob_hash,$folder_hash) {
  *  * \e string \b message (optional) only when success is false
  *  * \e array \b data array of attach DB entry without data component
  */
-function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) {
+function attach_by_hash_nodata($hash, $observer_hash, $rev = 0, $token = EMPTY_STR) {
 
 	$ret = array('success' => false);
 
@@ -425,7 +432,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) {
 		return $ret;
 	}
 
-	$sql_extra = permissions_sql($r[0]['uid'], $observer_hash);
+	$sql_extra = permissions_sql($r[0]['uid'], $observer_hash, '', $token);
 
 	// Now we'll see if we can access the attachment
 
@@ -440,7 +447,7 @@ function attach_by_hash_nodata($hash, $observer_hash, $rev = 0) {
 	}
 
 	if($r[0]['folder']) {
-		$x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder']);
+		$x = attach_can_view_folder($r[0]['uid'], $observer_hash, $r[0]['folder'], $token);
 		if(! $x) {
 			$ret['message'] = t('Permission denied.');
 			return $ret;
@@ -508,7 +515,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 	$upload_path = $arr['directory'] ?? '';
 	$visible = $arr['visible'] ?? 0;
 	$notify = $arr['notify'] ?? 0;
-
+	$flags = (($arr && array_key_exists('flags', $arr)) ? intval($arr['flags']) : 0);
 	$observer = array();
 
 	$dosync = ((array_key_exists('nosync',$arr) && $arr['nosync']) ? 0 : 1);
@@ -684,7 +691,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 		$type = $gis['mime'];
 	}
 
-	$pathname = '';
+	$pathname = null;
 
 	if($source === 'photos') {
 		if($newalbum) {
@@ -701,7 +708,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 		$pathname = find_path_by_hash($channel['channel_id'], $arr['folder']);
 	}
 
-	if(! $pathname) {
+	if($pathname === null) {
 		$pathname = filepath_macro($upload_path);
 	}
 
@@ -933,8 +940,8 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 		);
 	}
 	else {
-		$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, content, created, edited, os_path, display_path, allow_cid, allow_gid,deny_cid, deny_gid )
-			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
+		$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, flags, content, created, edited, os_path, display_path, allow_cid, allow_gid,deny_cid, deny_gid )
+			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
 			intval($channel['channel_account_id']),
 			intval($channel_id),
 			dbesc($hash),
@@ -946,6 +953,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 			intval(0),
 			intval(1),
 			intval($is_photo),
+			intval($flags),
 			dbescbin($os_basepath . $os_relpath),
 			dbesc($created),
 			dbesc($created),
@@ -963,7 +971,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 		$args = array( 'source' => $source, 'visible' => $visible, 'resource_id' => $hash, 'album' => $pathname, 'os_syspath' => $os_basepath . $os_relpath, 'os_path' => $os_path, 'display_path' => $display_path, 'filename' => $filename, 'getimagesize' => $gis, 'directory' => $direct, 'options' => $options );
 		if (array_key_exists('contact_allow', $arr))
 			$args['contact_allow'] = $arr['contact_allow'];
-		if (array_key_exists('contact_deny', $arr))
+		if (array_key_exists('group_allow', $arr))
 			$args['group_allow'] = $arr['group_allow'];
 		if (array_key_exists('contact_deny', $arr))
 			$args['contact_deny'] = $arr['contact_deny'];
@@ -1172,7 +1180,7 @@ function attach_mkdir($channel, $observer_hash, $arr = null) {
 		return $ret;
 	}
 
-	if(! $arr['filename']) {
+	if(isset($arr['filename']) && !strlen($arr['filename'])) {
 		$ret['message'] = t('Empty pathname');
 		return $ret;
 	}
@@ -1413,6 +1421,23 @@ function attach_change_permissions($channel_id, $resource, $allow_cid, $allow_gi
 	if(! $r)
 		return;
 
+	$private = $allow_cid || $allow_gid || $deny_cid || $deny_gid;
+
+	// preserve any existing tokens that may have been set for this file
+	// @fixme - we need a way to unconditionally clear these if desired.
+
+	if ($private) {
+		$token_matches = null;
+		if (preg_match_all('/\<token:(.*?)\>/', $r[0]['allow_cid'], $token_matches, PREG_SET_ORDER)) {
+			foreach ($token_matches as $m) {
+				$tok = '<token:' . $m[1] . '>';
+				if (!str_contains($allow_cid, $tok)) {
+					$allow_cid .= $tok;
+				}
+			}
+		}
+	}
+
 	if(intval($r[0]['is_dir'])) {
 		if($recurse) {
 			$r = q("select hash, flags, is_dir from attach where folder = '%s' and uid = %d",

include/auth.php

@@ -10,6 +10,8 @@
  */
 
 use Zotlabs\Lib\Libzot;
+use Zotlabs\Lib\AConfig;
+use Zotlabs\Module\Totp_check;
 
 require_once('include/api_auth.php');
 require_once('include/security.php');
@@ -263,8 +265,16 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
 				App::$session->extend_cookie();
 				$login_refresh = true;
 			}
+
+			$multiFactor = AConfig::Get(App::$account['account_id'], 'system', 'mfa_enabled');
+			if ($multiFactor && empty($_SESSION['2FA_VERIFIED']) && App::$module !== 'totp_check') {
+				$o = new Totp_check;
+				echo $o->get();
+				killme();
+			}
+
 			$ch = (($_SESSION['uid']) ? channelx_by_n($_SESSION['uid']) : null);
-			authenticate_success($r[0], null, $ch, false, false, $login_refresh);
+			authenticate_success($r[0], $ch, false, false, $login_refresh);
 		}
 		else {
 			$_SESSION['account_id'] = 0;

include/bbcode.php

@@ -295,9 +295,11 @@ function bb_parse_b64_crypt($match) {
 	if(empty($match[2]))
 		return;
 
-	$r .= '----- ENCRYPTED CONTENT -----' . PHP_EOL;
-	$r .= $match[2] . PHP_EOL;
+	$r .= '<code>';
+	$r .= '----- ENCRYPTED CONTENT -----' . '<br>';
+	$r .= $match[2] . '<br>';
 	$r .= '----- END ENCRYPTED CONTENT -----';
+	$r .= '</code>';
 
 	return $r;