Merge branch '10.2RC'

(cherry picked from commit 8d45fd36a1)

Co-authored-by: Mario <mario@mariovavti.com>

.debianinstall/README.md

@@ -27,9 +27,7 @@ if you look for more choices. The main differences are:
 - graphical installer whiptail
 - The script stops (fails) if it finds results of a previous installation. (The [debian-setup.sh](https://framagit.org/ojrandom/core/-/tree/dev/.debianinstall) will just jump over it.)
 - If something fails the script tries to clean up everything that was installed up to the point of failure. (That might cause trouble if certbot registered a certificate already.)
-- The script under [homeinstall](https://framagit.org/hubzilla/core/-/tree/master/.homeinstall) seems to be an older version of the scripts used for Streams
-  + [autoinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/autoinstall)
-  + [easyinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/easyinstall)
+- The script under [homeinstall](https://framagit.org/hubzilla/core/-/tree/master/.homeinstall) seems to be an older version of the scripts used for Streams, i.e. [autoinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/autoinstall) and [easyinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/easyinstall)
 
 ## Preconditions
 
@@ -153,6 +151,3 @@ to boot the Rapsi to the client console.
 
 DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
 
-## Reminder for Different Web Wervers
-
-For those of you who feel adventurous enough to use a different web server (i.e. Lighttpd...), don't forget that this script will install Apache or Nginx and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly.

.debianinstall/config.txt.template

@@ -93,9 +93,8 @@ freedns_key=
 # If left empty, both your database and user will be named after your zot instance (hubzilla, zap or misty)
 # Use custom name, at least fo the database, if you plan to run more than one hub/instance on the same server
 #
-zotserver_db_name=
-zotserver_db_user=
-zotserver_db_pass=$db_pass
+db_name=hubzilla
+db_user=hubzilla
 # 
 #
 # Password for package mysql-server

.debianinstall/debian-setup.sh

@@ -150,7 +150,7 @@ function install_sendmail {
 function install_php {
     # openssl and mbstring are included in libapache2-mod-php
     print_info "installing php..."
-    nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
+    nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip php-intl php-bcmath"
     phpversion=$(php -v|grep --only-matching --perl-regexp "(PHP )\d+\.\\d+\.\\d+"|cut -c 5-7)
     sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/$phpversion/apache2/php.ini
     sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/$phpversion/apache2/php.ini
@@ -256,12 +256,18 @@ function create_zotserver_db {
     then
         Q1="CREATE DATABASE IF NOT EXISTS $db_name;"
         Q2="GRANT USAGE ON *.* TO $db_user@localhost IDENTIFIED BY '$db_pass';"
-        Q3="GRANT ALL PRIVILEGES ON $name.* to $db_user@localhost identified by '$db_pass';"
+        Q3="GRANT ALL PRIVILEGES ON $db_name.* to $db_user@localhost identified by '$db_pass';"
         Q4="FLUSH PRIVILEGES;"
         SQL="${Q1}${Q2}${Q3}${Q4}"
         mysql -uroot -p$mysqlpass -e "$SQL"
     else
         echo "database $db_name does exist already"
+        Q1="CREATE DATABASE IF NOT EXISTS $db_name;"
+        Q2="GRANT USAGE ON *.* TO $db_user@localhost IDENTIFIED BY '$db_pass';"
+        Q3="GRANT ALL PRIVILEGES ON $db_name.* to $db_user@localhost identified by '$db_pass';"
+        Q4="FLUSH PRIVILEGES;"
+        SQL="${Q1}${Q2}${Q3}${Q4}"
+        mysql -uroot -p$mysqlpass -e "$SQL"
     fi
 }
 

.gitignore

@@ -48,9 +48,10 @@ doc/html/
 .zotshrc
 # external repositories for themes/addons
 extend/
-# files generated by phpunit
+
+# exclude test results and cache
 tests/.cache
-tests/.phpunit.result.cache
+tests/.phpunit*
 tests/results/
 
 ## exclude IDE files
@@ -67,7 +68,6 @@ nbproject/
 # PHPStorm
 .idea/
 
-
 ## composer
 # locally installed composer binary
 composer.phar
@@ -87,6 +87,7 @@ vendor/bin/php-parse
 vendor/bin/phpcbf
 vendor/bin/phpcs
 vendor/bin/phpmd
+vendor/bin/phpstan*
 vendor/bin/phpunit
 vendor/composer/pcre/
 vendor/composer/xdebug-handler/
@@ -98,18 +99,11 @@ vendor/pdepend/
 vendor/phar-io/
 vendor/php-mock/
 vendor/phpmd/
+vendor/phpstan
 vendor/phpunit/
 vendor/psr/container/
 vendor/sebastian/
 vendor/squizlabs/
-vendor/symfony/config/
-vendor/symfony/dependency-injection/
-vendor/symfony/deprecation-contracts/
-vendor/symfony/filesystem/
-vendor/symfony/polyfill-ctype/
-vendor/symfony/polyfill-mbstring/
-vendor/symfony/polyfill-php80/
-vendor/symfony/service-contracts/
 vendor/theseer/
 # /info is a directory containing site-specific HTML documents
 /info/

.gitlab-ci.yml

@@ -32,6 +32,7 @@ before_script:
   - apt-get install -yqq libicu-dev libjpeg-dev libpng-dev libpq-dev libyaml-dev libzip-dev mariadb-client postgresql-client unzip zip
   - pecl install xdebug yaml
   - docker-php-ext-enable xdebug yaml
+  - docker-php-ext-configure gd --with-jpeg=/usr/include/
   - docker-php-ext-install gd bcmath intl pdo_mysql pdo_pgsql zip
 
   # Install composer

.phpcs.xml

@@ -48,6 +48,10 @@
         <exclude name="Generic.Files.OneClassPerFile.MultipleFound"/>
         <exclude name="Generic.Files.OneObjectStructurePerFile.MultipleFound"/>
         <exclude name="Generic.Formatting.SpaceAfterCast.NoSpace"/>
+
+        <exclude name="Generic.Classes.OpeningBraceSameLine.BraceOnNewLine" />
+        <exclude name="Generic.WhiteSpace.DisallowSpaceIndent.SpacesUsed" />
+        <exclude name="Generic.Functions.OpeningFunctionBraceKernighanRitchie.BraceOnNewLine" />
     </rule>
 
 	<!--

CHANGELOG

@@ -1,3 +1,185 @@
+Hubzilla 10.2 (2025-03-17)
+	- Allow to send signed requests from the zot_probe tool
+	- Print an error message if OWA fails
+	- Remove possible leading @ before processing webfinger address
+	- Updated debian install script
+	- Calculate observer.baseurl from xchan_url instead of xchan_connurl
+	- Refactor unparse_url() to allow return of a custom field set only and add tests
+	- Slightly improve event object rendering
+	- Update smarty library to version 5 for PHP 8.4 compatibility
+	- Remove vendor/symfony from gitignore file
+	- Update composer libraries
+	- Add contextHistory field to activities and prefer it over context when consuming
+	- Implement highlight button in jot editor
+	- Add test results and PHPStan to gitignore
+	- Update spanish strings
+	- Remove EpubMeta library in favor of a custom solution
+	- Configue gd for jpeg support in CI
+	- Add error message on missing owa auth headers
+	- Add Zotlabs\Tests namespace to autloader in dev
+	- Add dba_pdo::update method
+	- Add dba_pdo::insert method
+	- Rewrite redbasic javascript to remove jquery dependency
+	- Add  security policy SECURITY.md
+
+	Bugfixes
+	- Fix notifications for likes on our comments
+	- Fix fullscreen view
+	- Fix boxy scheme text alignment for comments
+	- Fix poll date string to match with the autotime string
+	- Fix owner hash not set correctly when editing a post/comment
+	- Fix an issue where some participants could not post to forums
+	- Fix navbar selector conflict with possible additional navbars when using a cover photo
+	- Fix target and tgt_type not set for sourced rss items if we rewrite them to our own
+	- Fix auto save draft not set correctly
+	- Fix cover height calculation
+
+	Addons
+	- Diaspora: revisit import_diaspora_account()
+	- Pubcrawl: escape quotation marks in ActivityStreams link header
+	- Wiki: fixed wiki_page_list.tpl to use bootstrap class for layout
+	- BBmath: fix orientation for inline math
+	- BBmath: document imagemagick permissions
+	- Pubcrawl: ensure we select the correct hubloc hash when extending recipients list
+	- Msg_footer: do not add footer on edit, also dismiss anything but a create activity
+	- Pubcrawl: refactor activitypub addressing
+	- Wiki: added space to preview panel
+	- Startpage: update help text and some cleanup
+
+
+Hubzilla 10.0.8 (2025-02-01)
+	- Fix duplicating terms/iconfig in addToCollectionAndSync()
+	- Refactor Daemon/Importdoc for better SQL performance when looking up outdated entries
+	- Tweak SQL in mod sse_bs for possible performance improvements
+	- Fix PHP warnings
+	- Do not run post_local hook on add activities in pubcrawl addon
+	- Do not run post_local hook on add activities in diaspora addon
+	- Remove old rawmsg/fields before storing new rawmsg in pubcrawl addon
+	- Fix retractions in diaspora addon
+
+
+Hubzilla 10.0.7 (2025-01-22)
+	- Fix ownership check in consume_feed()
+	- Fix toast() if notification contains non-ascii characters
+	- Fix regression in notifications filter
+
+
+Hubzilla 10.0.6 (2025-01-05)
+	- Fix entries where primary location data is not complete not dismissed early
+	- Fix query to cleanup outdated doc entries called multiple times
+	- Fix query to cleanup outdated doc entries
+
+
+Hubzilla 10.0.5 (2024-12-29)
+	- Fix another instance of drop_item() not having permission to drop items
+
+
+Hubzilla 10.0.4 (2024-12-26)
+	- Fix missing argument name
+
+
+Hubzilla 10.0.3 (2024-12-26)
+	- Fix regression in Daemon/Channel_purge which could cause a possible infinite loop
+	- Fix regression in Daemon/Expire which could cause a infinite loop
+
+
+Hubzilla 10.0.2 (2024-12-25)
+	- Hotfix comment out Daemon/Expire
+	- Fix zid parameter allowed to override an existing remote login
+	- Slightly improved imagesLoaded()
+
+
+Hubzilla 10.0.1 (2024-12-22)
+	- Revert removing of openid library
+	- Fix SQL query in Daemon/Importdoc
+
+
+Hubzilla 10.0 (2024-12-21)
+	- Port updateConvItem() and notifications widget to vanilla javascript
+	- Remove jquery.timeago.js in favor of a native js implementation
+	- Introduce item_forwardable() a function to check if an item should be frowarded
+	- Always set item_delayed flag if we use a custom created date
+	- Add indicators to items in case they are delayed, have an expiration time or commenting is disabled
+	- Introduce relative_time() a new function to calculate the relative time
+	- Refactor mod admin/accounts
+	- Toggle aside if a notification or message is clicked
+	- Add Mailer class to replace z_mail()
+	- Provide a possibility to link to a specific day or month in mod cal via URL fragment e.g. #2024-12-24
+	- Refactor mod magic
+	- Introduce conversation containers a.k.a. FEP-171b
+	- Refactor mod item
+	- Refactor Thumbs\Epubthumb to adapt to new version of EPub meta lib
+	- Remove unused libraries
+	- Bring filed items to mod hq
+
+	Bugfixes
+	- Fix comments on/off toggle
+	- Fix various missing icons after transition from fork-awesome
+	- Fix performance issue in mod pubstream
+	- Fix mails with + in local part rejected
+	- Fix % calculation in mod import_progress
+	- Fix query vars not unset when constructing the server address
+	- Fix can_comment_on_post() logic after introduction of repeats
+	- Fix xchan_query() not including deleted hublocs
+	- Fix allday variable not set when clicking an event or a resource is provided
+
+	Addons
+	- Introduce conversation containers a.k.a. FEP-171b
+	- Cards: fix comments on/off state
+	- Articles: fix comments on/off state
+	- Pubcrawl: fix encoding of stored raw message
+	- Gallery fix zoom icon toggle
+	- Pubcrawl: fix follow to non primary hub location
+	- Pubcrawl: rewrite id host to local host instead of primary host
+
+
+Hubzilla 9.4.4 (2024-11-06)
+	- Update Norwegian translations
+	- Fix error adding things when multiple profiles not enabled
+	- Port mod thing to use $_GET/$_POST instead of $_REQUEST
+	- Move Norwegian translations from nb-no to nb
+	- Fix intact alernative network hublocs being marked deleted in Libsync::sync_locations()
+	- Fix modals only partly removed when DOM emlement updated via ajax
+	- Add explicit check for channel_address in channel_url()
+	- Fix PHP deprecation warnings in mod setup
+	- Fix PHP warning in Web/HttpMeta
+	- Fix typo in UnitTestCase
+	- Fix missing CSRF token checks in mod account_edit
+	- Fix OCAP tokens only added to images
+	- Fix unescaped zid parameter
+	- Fix wrong date format in published date in update question activities
+	- Fix include for en TOS page
+	- Fix query in copy_of_pubitem() returning duplicate items
+	- Fix edit button not clickable if below right aside when viewing webpages
+	- Fix rendering of category tags icons in the editor
+	- Fix regex to detect URLs in cleanup_bbcode
+	- Fix duplicate posts from forum clones
+	- Fix follow to non primary hub location in pubcrawl addon
+	- Fix id host not rewritten to local host in pubcrawl addon
+	- Fix regression when manually fetching items in pubcrawl addon
+
+
+Hubzilla 9.4.3 (2024-10-10)
+	- Discard Add/Remove activities (Hubzilla 10 and (streams) compatibility)
+	- Fix HQ channel activities icons
+	- Fix saved search icons
+
+
+Hubzilla 9.4.2 (2024-10-04)
+	- Indicate reacted state via icon color (community wish)
+	- Fix modal backdrop not removed when reacting from the modal
+	- Fix missing handle icon in mod pdledit_gui
+
+
+Hubzilla 9.4.1 (2024-10-02)
+	- Various fixes for the help module
+	- Update smarty library via composer
+	- Fix URLs replaced with bbcode in codeblocks if markdown enabled
+	- Fix unable to move multiple files when using postgresql DB backend
+	- Adjust icon for post app
+	- Fix check for while loop in wiki addon
+
+
 Hubzilla 9.4 (2024-09-25)
 	- If we got an ocap token try to authenticate with it first
 	- Hide comment titles

CHANGELOG.air

@@ -1,48 +0,0 @@
-"air" is a branch name for revision of Account-Invite-Register at the Hubzilla project
-
-Invite:
-* Rewritten and now language template driven
-* Selectable templates for the invite mails
-* Invitor may add personal notes in the mailtext
-+ Invite codes are bound to the recipients email address
-* Invite mod never more creates accounts
-* new db scheme for table register
-* existing register table will be migrated to the new schema even when detected at runtime
-* Bugfix: creating invite codes when admin only calls Invite w/o any further action
-* account library revision also together with invite mod
-* Depending on config: Users may send invitations also
-* Invitations expires, controlled by the invitor
-* Changed and new configs:
-* * invitation_only       As usual before
-* * invitation_also       Beside other registration policies, invitations may be used also
-* * invitation_max_per_day	defaults 50, may be changed in adminUI admin>site
-* * invitation_max_per_user defaults 4
-* Requirements:
-* * Addon language has to be installed
-
-Register:
-* Register panel (form) and js interaction changed
-* Unused registrations expire
-* Depending on config, anonymous registrations (w/o email) are supported
-* :... dont't panic, that may let grow security
-* Even anonymous users have to confirm their registration
-* Registrations may be enabled / disabled time driven for each day in the week (dudy)
-* Unsoliced registration floods may be blocked
-* Limited registrations from one single source ip
-* Using one additional log file, to easy interfare with f2b
-
-Account:
-* An user account always becomes created only if all depending conditions are satisfied
-* AdminUI for site configuration, accounts and registrations enhancements
-* Still untouched, but accountUI needs enhanced async control in case for mass delete
-  with deep level of recursion cascade of the dependencies (channels etc). An open TODO
-  since years for instances with many much users and channels.
-
-History:
-2020.03 Hubzilla Prod version 4.6 (master branch) of hubzilla/core was the base for AIR 
-        that was assigned Version 4.6.2 at sn/core
-2021.02 Hubzilla Prod version 5.2.1 (master branch) of hubzilla/core was new base for AIR
-        that was assigned version 5.2.2 at sn/core (air.5)
-        plus adjustment of hubzilla 5.2.2 (master) to sn/core (air.5) version 5.2.9
-
-

SECURITY.md

@@ -0,0 +1,31 @@
+# Hubzilla Security Policy
+
+The [Hubzilla] Project takes security, privacy and user control over personal data seriously. We ask that any security issues be disclosed to us in a responsible manner to allow us time to remediate the issues, and site administrators time to upgrade before information about the issue is made public.
+
+This document outlines security procedures and policies for the Hubzilla project. It covers the following components:
+
+* The Hubzilla core repository: https://framagit.org/hubzilla/core
+* The official addon repository: https://framagit.org/hubzilla/addons
+* The official themes repository: https://framagit.org/hubzilla/themes
+* The official widgets repository: https://framagit.org/hubzilla/widgets
+
+## Coordinated Disclosure Guidelines
+
+We are committed to working with security researchers to verify, reproduce, and respond to legitimate reported vulnerabilities. You can help us by following these simple guidelines:
+
+* Submit suspected vulnerabilities by email to `security@hubzilla.org`, or as a confidential issue in the relevant repository listed above.
+* Provide clear instructions on how to reproduce the issue, and if possible, a minimal Proof of Concept (PoC) exploit.
+* We will acknowledge your submission as soon as we can, and will keep you updated as it is being processed. We may ask for more information, or clarifications about the issue or the steps to reproduce it during this time.
+* We will assign a CVE to the issue once it is confirmed.
+* We will do our best to fix the issue as soon as we can after it has been confirmed. We request that information about the vulnerability or details about how to exploit it is not disclosed to other parties until after the fix is released and some time has passed, to allow site administrators to upgrade. We will normally make the CVE public one month after a fix has been released. (This grace period can differ based on severity, and can be negotiated.)
+* Please perform all tests against a local instance of the software, and refrain from running any Denial of Service or automated testing tools against public hubs or the project managers (and their partners') infrastructure.
+* If the issue belongs to a third party module that we depend on, we may help with reporting it upstream if the submitter wants us to.
+
+## Comments on this Policy
+
+We welcome comments and suggestions for improving this policy. You can reach us at:
+
+* Our ticketing system: https://framagit.org/hubzilla/core/-/issues
+* By sending us an email at `security@hubzilla.org`.
+
+[Hubzilla]: https://hubzilla.org

Zotlabs/ActivityStreams/ASObject.php

@@ -0,0 +1,776 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+
+use Zotlabs\Lib\BaseObject;
+
+class ASObject extends BaseObject
+{
+    public $id;
+    public $type;
+    public $attachment;
+    public $attributedTo;
+    public $audience;
+    public $content;
+    public $context;
+    public $name;
+    public $endTime;
+    public $generator;
+    public $icon;
+    public $image;
+    public $inReplyTo;
+    public $location;
+    public $preview;
+    public $published;
+    public $replies;
+    public $startTime;
+    public $summary;
+    public $tag;
+    public $updated;
+    public $url;
+    public $to;
+    public $bto;
+    public $cc;
+    public $bcc;
+    public $mediaType;
+    public $duration;
+    public $source;
+
+
+    // Extension properties
+
+    public $signature;
+    public $proof;
+    public $sensitive;
+    public $replyTo;
+    public $wall;
+    public $isContainedConversation;
+    public $expires;
+    public $canReply;
+    public $canSearch;
+    public $directMessage;
+    public $commentPolicy;
+
+    /**
+     * @return mixed
+     */
+    public function getDirectMessage()
+    {
+        return $this->directMessage;
+    }
+
+    /**
+     * @param mixed $directMessage
+     * @return ASObject
+     */
+    public function setDirectMessage($directMessage)
+    {
+        $this->directMessage = $directMessage;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getSignature()
+    {
+        return $this->signature;
+    }
+
+    /**
+     * @param mixed $signature
+     * @return ASObject
+     */
+    public function setSignature($signature)
+    {
+        $this->signature = $signature;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getProof()
+    {
+        return $this->proof;
+    }
+
+    /**
+     * @param mixed $proof
+     * @return ASObject
+     */
+    public function setProof($proof)
+    {
+        $this->proof = $proof;
+        return $this;
+    }
+
+
+    /**
+     * @return mixed
+     */
+    public function getSensitive()
+    {
+        return $this->sensitive;
+    }
+
+    /**
+     * @param mixed $sensitive
+     * @return ASObject
+     */
+    public function setSensitive($sensitive)
+    {
+        $this->sensitive = $sensitive;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getReplyTo()
+    {
+        return $this->replyTo;
+    }
+
+    /**
+     * @param mixed $replyTo
+     * @return ASObject
+     */
+    public function setReplyTo($replyTo)
+    {
+        $this->replyTo = $replyTo;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getWall()
+    {
+        return $this->wall;
+    }
+
+    /**
+     * @param mixed $wall
+     * @return ASObject
+     */
+    public function setWall($wall)
+    {
+        $this->wall = $wall;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getIsContainedConversation()
+    {
+        return $this->isContainedConversation;
+    }
+
+    /**
+     * @param mixed $isContainedConversation
+     * @return ASObject
+     */
+    public function setIsContainedConversation($isContainedConversation)
+    {
+        $this->isContainedConversation = $isContainedConversation;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getExpires()
+    {
+        return $this->expires;
+    }
+
+    /**
+     * @param mixed $expires
+     * @return ASObject
+     */
+    public function setExpires($expires)
+    {
+        $this->expires = $expires;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getCanReply()
+    {
+        return $this->canReply;
+    }
+
+    /**
+     * @param mixed $canReply
+     * @return ASObject
+     */
+    public function setCanReply($canReply)
+    {
+        $this->canReply = $canReply;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getCanSearch()
+    {
+        return $this->canSearch;
+    }
+
+    /**
+     * @param mixed $canSearch
+     * @return ASObject
+     */
+    public function setCanSearch($canSearch)
+    {
+        $this->canSearch = $canSearch;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getCommentPolicy()
+    {
+        return $this->commentPolicy;
+    }
+
+    /**
+     * @param mixed $commentPolicy
+     * @return ASObject
+     */
+    public function setCommentPolicy($commentPolicy)
+    {
+        $this->commentPolicy = $commentPolicy;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    /**
+     * @param mixed $id
+     * @return ASObject
+     */
+    public function setId($id)
+    {
+        $this->id = $id;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getType()
+    {
+        return $this->type;
+    }
+
+    /**
+     * @param mixed $type
+     * @return ASObject
+     */
+    public function setType($type)
+    {
+        $this->type = $type;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAttachment()
+    {
+        return $this->attachment;
+    }
+
+    /**
+     * @param mixed $attachment
+     * @return ASObject
+     */
+    public function setAttachment($attachment)
+    {
+        $this->attachment = $attachment;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAttributedTo()
+    {
+        return $this->attributedTo;
+    }
+
+    /**
+     * @param mixed $attributedTo
+     * @return ASObject
+     */
+    public function setAttributedTo($attributedTo)
+    {
+        $this->attributedTo = $attributedTo;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAudience()
+    {
+        return $this->audience;
+    }
+
+    /**
+     * @param mixed $audience
+     * @return ASObject
+     */
+    public function setAudience($audience)
+    {
+        $this->audience = $audience;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getContent()
+    {
+        return $this->content;
+    }
+
+    /**
+     * @param mixed $content
+     * @return ASObject
+     */
+    public function setContent($content)
+    {
+        $this->content = $content;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getContext()
+    {
+        return $this->context;
+    }
+
+    /**
+     * @param mixed $context
+     * @return ASObject
+     */
+    public function setContext($context)
+    {
+        $this->context = $context;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getName()
+    {
+        return $this->name;
+    }
+
+    /**
+     * @param mixed $name
+     * @return ASObject
+     */
+    public function setName($name)
+    {
+        $this->name = $name;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getEndTime()
+    {
+        return $this->endTime;
+    }
+
+    /**
+     * @param mixed $endTime
+     * @return ASObject
+     */
+    public function setEndTime($endTime)
+    {
+        $this->endTime = $endTime;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getGenerator()
+    {
+        return $this->generator;
+    }
+
+    /**
+     * @param mixed $generator
+     * @return ASObject
+     */
+    public function setGenerator($generator)
+    {
+        $this->generator = $generator;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getIcon()
+    {
+        return $this->icon;
+    }
+
+    /**
+     * @param mixed $icon
+     * @return ASObject
+     */
+    public function setIcon($icon)
+    {
+        $this->icon = $icon;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getImage()
+    {
+        return $this->image;
+    }
+
+    /**
+     * @param mixed $image
+     * @return ASObject
+     */
+    public function setImage($image)
+    {
+        $this->image = $image;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getInReplyTo()
+    {
+        return $this->inReplyTo;
+    }
+
+    /**
+     * @param mixed $inReplyTo
+     * @return ASObject
+     */
+    public function setInReplyTo($inReplyTo)
+    {
+        $this->inReplyTo = $inReplyTo;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getLocation()
+    {
+        return $this->location;
+    }
+
+    /**
+     * @param mixed $location
+     * @return ASObject
+     */
+    public function setLocation($location)
+    {
+        $this->location = $location;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPreview()
+    {
+        return $this->preview;
+    }
+
+    /**
+     * @param mixed $preview
+     * @return ASObject
+     */
+    public function setPreview($preview)
+    {
+        $this->preview = $preview;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPublished()
+    {
+        return $this->published;
+    }
+
+    /**
+     * @param mixed $published
+     * @return ASObject
+     */
+    public function setPublished($published)
+    {
+        $this->published = $published;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getReplies()
+    {
+        return $this->replies;
+    }
+
+    /**
+     * @param mixed $replies
+     * @return ASObject
+     */
+    public function setReplies($replies)
+    {
+        $this->replies = $replies;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getStartTime()
+    {
+        return $this->startTime;
+    }
+
+    /**
+     * @param mixed $startTime
+     * @return ASObject
+     */
+    public function setStartTime($startTime)
+    {
+        $this->startTime = $startTime;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getSummary()
+    {
+        return $this->summary;
+    }
+
+    /**
+     * @param mixed $summary
+     * @return ASObject
+     */
+    public function setSummary($summary)
+    {
+        $this->summary = $summary;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getTag()
+    {
+        return $this->tag;
+    }
+
+    /**
+     * @param mixed $tag
+     * @return ASObject
+     */
+    public function setTag($tag)
+    {
+        $this->tag = $tag;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getUpdated()
+    {
+        return $this->updated;
+    }
+
+    /**
+     * @param mixed $updated
+     * @return ASObject
+     */
+    public function setUpdated($updated)
+    {
+        $this->updated = $updated;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getUrl()
+    {
+        return $this->url;
+    }
+
+    /**
+     * @param mixed $url
+     * @return ASObject
+     */
+    public function setUrl($url)
+    {
+        $this->url = $url;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getTo()
+    {
+        return $this->to;
+    }
+
+    /**
+     * @param mixed $to
+     * @return ASObject
+     */
+    public function setTo($to)
+    {
+        $this->to = $to;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getBto()
+    {
+        return $this->bto;
+    }
+
+    /**
+     * @param mixed $bto
+     * @return ASObject
+     */
+    public function setBto($bto)
+    {
+        $this->bto = $bto;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getCc()
+    {
+        return $this->cc;
+    }
+
+    /**
+     * @param mixed $cc
+     * @return ASObject
+     */
+    public function setCc($cc)
+    {
+        $this->cc = $cc;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getBcc()
+    {
+        return $this->bcc;
+    }
+
+    /**
+     * @param mixed $bcc
+     * @return ASObject
+     */
+    public function setBcc($bcc)
+    {
+        $this->bcc = $bcc;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getMediaType()
+    {
+        return $this->mediaType;
+    }
+
+    /**
+     * @param mixed $mediaType
+     * @return ASObject
+     */
+    public function setMediaType($mediaType)
+    {
+        $this->mediaType = $mediaType;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getDuration()
+    {
+        return $this->duration;
+    }
+
+    /**
+     * @param mixed $duration
+     * @return ASObject
+     */
+    public function setDuration($duration)
+    {
+        $this->duration = $duration;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getSource()
+    {
+        return $this->source;
+    }
+
+    /**
+     * @param mixed $source
+     * @return ASObject
+     */
+    public function setSource($source)
+    {
+        $this->source = $source;
+        return $this;
+    }
+
+}

Zotlabs/ActivityStreams/Activity.php

@@ -0,0 +1,122 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class Activity extends ASObject
+{
+    public $actor;
+    public $object;
+    public $target;
+    public $result;
+    public $origin;
+    public $instrument;
+
+    /**
+     * @return mixed
+     */
+    public function getActor()
+    {
+        return $this->actor;
+    }
+
+    /**
+     * @param mixed $actor
+     * @return Activity
+     */
+    public function setActor($actor)
+    {
+        $this->actor = $actor;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getObject()
+    {
+        return $this->object;
+    }
+
+    /**
+     * @param mixed $object
+     * @return Activity
+     */
+    public function setObject($object)
+    {
+        $this->object = $object;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getTarget()
+    {
+        return $this->target;
+    }
+
+    /**
+     * @param mixed $target
+     * @return Activity
+     */
+    public function setTarget($target)
+    {
+        $this->target = $target;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getResult()
+    {
+        return $this->result;
+    }
+
+    /**
+     * @param mixed $result
+     * @return Activity
+     */
+    public function setResult($result)
+    {
+        $this->result = $result;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getOrigin()
+    {
+        return $this->origin;
+    }
+
+    /**
+     * @param mixed $origin
+     * @return Activity
+     */
+    public function setOrigin($origin)
+    {
+        $this->origin = $origin;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getInstrument()
+    {
+        return $this->instrument;
+    }
+
+    /**
+     * @param mixed $instrument
+     * @return Activity
+     */
+    public function setInstrument($instrument)
+    {
+        $this->instrument = $instrument;
+        return $this;
+    }
+
+}

Zotlabs/ActivityStreams/Actor.php

@@ -0,0 +1,428 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class Actor extends ASObject
+{
+    public $inbox;
+    public $outbox;
+    public $followers;
+    public $following;
+    public $permissions; /* extension property */
+    public $endpoints;
+    public $publicKey;
+    public $preferredUsername;
+    public $alsoKnownAs;
+
+    // Extension properties
+
+    public $movedTo;
+    public $copiedTo;
+    public $discoverable;
+    public $manuallyApprovesFollowers;
+    public $webfinger;
+    public $canSearch;
+    public $indexable;
+    public $assertionMethod;
+    public $gateways;
+    public $openwebauth;
+    public $authredirect;
+
+    /**
+     * @return mixed
+     */
+    public function getAlsoKnownAs()
+    {
+        return $this->alsoKnownAs;
+    }
+
+    /**
+     * @param mixed $alsoKnownAs
+     * @return Actor
+     */
+    public function setAlsoKnownAs($alsoKnownAs)
+    {
+        $this->alsoKnownAs = $alsoKnownAs;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getMovedTo()
+    {
+        return $this->movedTo;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getCopiedTo()
+    {
+        return $this->copiedTo;
+    }
+
+    /**
+     * @param mixed $copiedTo
+     * @return Actor
+     */
+    public function setCopiedTo($copiedTo)
+    {
+        $this->copiedTo = $copiedTo;
+        return $this;
+    }
+
+    /**
+     * @param mixed $movedTo
+     * @return Actor
+     */
+    public function setMovedTo($movedTo)
+    {
+        $this->movedTo = $movedTo;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getDiscoverable()
+    {
+        return $this->discoverable;
+    }
+
+    /**
+     * @param mixed $discoverable
+     * @return Actor
+     */
+    public function setDiscoverable($discoverable)
+    {
+        $this->discoverable = $discoverable;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getManuallyApprovesFollowers()
+    {
+        return $this->manuallyApprovesFollowers;
+    }
+
+    /**
+     * @param mixed $manuallyApprovesFollowers
+     * @return Actor
+     */
+    public function setManuallyApprovesFollowers($manuallyApprovesFollowers)
+    {
+        $this->manuallyApprovesFollowers = $manuallyApprovesFollowers;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPreferredUsername()
+    {
+        return $this->preferredUsername;
+    }
+
+    /**
+     * @param mixed $preferredUsername
+     * @return Actor
+     */
+    public function setPreferredUsername($preferredUsername)
+    {
+        $this->preferredUsername = $preferredUsername;
+        return $this;
+    }
+
+
+    /**
+     * @return mixed
+     */
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    /**
+     * @param mixed $id
+     * @return Actor
+     */
+    public function setId($id)
+    {
+        $this->id = $id;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getType()
+    {
+        return $this->type;
+    }
+
+    /**
+     * @param mixed $type
+     * @return Actor
+     */
+    public function setType($type)
+    {
+        $this->type = $type;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getInbox()
+    {
+        return $this->inbox;
+    }
+
+    /**
+     * @param mixed $inbox
+     * @return Actor
+     */
+    public function setInbox($inbox)
+    {
+        $this->inbox = $inbox;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getOutbox()
+    {
+        return $this->outbox;
+    }
+
+    /**
+     * @param mixed $outbox
+     * @return Actor
+     */
+    public function setOutbox($outbox)
+    {
+        $this->outbox = $outbox;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getFollowers()
+    {
+        return $this->followers;
+    }
+
+    /**
+     * @param mixed $followers
+     * @return Actor
+     */
+    public function setFollowers($followers)
+    {
+        $this->followers = $followers;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getFollowing()
+    {
+        return $this->following;
+    }
+
+    /**
+     * @param mixed $following
+     * @return Actor
+     */
+    public function setFollowing($following)
+    {
+        $this->following = $following;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getEndpoints()
+    {
+        return $this->endpoints;
+    }
+
+    /**
+     * @param mixed $endpoints
+     * @return Actor
+     */
+    public function setEndpoints($endpoints)
+    {
+        $this->endpoints = $endpoints;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPublicKey()
+    {
+        return $this->publicKey;
+    }
+
+    /**
+     * @param mixed $publicKey
+     * @return Actor
+     */
+    public function setPublicKey($publicKey)
+    {
+        $this->publicKey = $publicKey;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getWebfinger()
+    {
+        return $this->webfinger;
+    }
+
+    /**
+     * @param mixed $webfinger
+     * @return Actor
+     */
+    public function setWebfinger($webfinger)
+    {
+        $this->webfinger = $webfinger;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getCanSearch()
+    {
+        return $this->canSearch;
+    }
+
+    /**
+     * @param mixed $canSearch
+     * @return Actor
+     */
+    public function setCanSearch($canSearch)
+    {
+        $this->canSearch = $canSearch;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getIndexable()
+    {
+        return $this->indexable;
+    }
+
+    /**
+     * @param mixed $indexable
+     * @return Actor
+     */
+    public function setIndexable($indexable)
+    {
+        $this->indexable = $indexable;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAssertionMethod()
+    {
+        return $this->assertionMethod;
+    }
+
+    /**
+     * @param mixed $assertionMethod
+     * @return Actor
+     */
+    public function setAssertionMethod($assertionMethod)
+    {
+        $this->assertionMethod = $assertionMethod;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getGateways()
+    {
+        return $this->gateways;
+    }
+
+    /**
+     * @param mixed $gateways
+     * @return Actor
+     */
+    public function setGateways($gateways)
+    {
+        $this->gateways = $gateways;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPermissions()
+    {
+        return $this->permissions;
+    }
+
+    /**
+     * @param mixed $permissions
+     * @return Actor
+     */
+    public function setPermissions($permissions)
+    {
+        $this->permissions = $permissions;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getOpenwebauth()
+    {
+        return $this->openwebauth;
+    }
+
+    /**
+     * @param mixed $openwebauth
+     * @return Actor
+     */
+    public function setOpenwebauth($openwebauth)
+    {
+        $this->openwebauth = $openwebauth;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAuthredirect()
+    {
+        return $this->authredirect;
+    }
+
+    /**
+     * @param mixed $authredirect
+     * @return Actor
+     */
+    public function setAuthredirect($authredirect)
+    {
+        $this->authredirect = $authredirect;
+        return $this;
+    }
+
+}

Zotlabs/ActivityStreams/AssertionMethod.php

@@ -0,0 +1,87 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class AssertionMethod extends ASObject
+{
+    public $id;
+    public $type;
+    public $controller;
+    public $publicKeyMultibase;
+
+    /**
+     * @return mixed
+     */
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    /**
+     * @param mixed $id
+     * @return AssertionMethod
+     */
+    public function setId($id)
+    {
+        $this->id = $id;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getType()
+    {
+        return $this->type;
+    }
+
+    /**
+     * @param mixed $type
+     * @return AssertionMethod
+     */
+    public function setType($type)
+    {
+        $this->type = $type;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getController()
+    {
+        return $this->controller;
+    }
+
+    /**
+     * @param mixed $controller
+     * @return AssertionMethod
+     */
+    public function setController($controller)
+    {
+        $this->controller = $controller;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPublicKeyMultibase()
+    {
+        return $this->publicKeyMultibase;
+    }
+
+    /**
+     * @param mixed $publicKeyMultibase
+     * @return AssertionMethod
+     */
+    public function setPublicKeyMultibase($publicKeyMultibase)
+    {
+        $this->publicKeyMultibase = $publicKeyMultibase;
+        return $this;
+    }
+
+
+
+
+}

Zotlabs/ActivityStreams/Collection.php

@@ -0,0 +1,124 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class Collection extends ASObject
+{
+    public int $totalItems;
+    public string $current;
+    public string $first;
+    public string $last;
+    public array $items;
+
+    public mixed $collectionOf;
+
+    /**
+     * @return int
+     */
+    public function getTotalItems(): int
+    {
+        return $this->totalItems;
+    }
+
+    /**
+     * @param mixed $totalItems
+     * @return Collection
+     */
+    public function setTotalItems(mixed $totalItems): static
+    {
+        $this->totalItems = $totalItems;
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function getCurrent(): string
+    {
+        return $this->current;
+    }
+
+    /**
+     * @param mixed $current
+     * @return Collection
+     */
+    public function setCurrent(mixed $current): static
+    {
+        $this->current = $current;
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function getFirst(): string
+    {
+        return $this->first;
+    }
+
+    /**
+     * @param mixed $first
+     * @return Collection
+     */
+    public function setFirst(mixed $first): static
+    {
+        $this->first = $first;
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function getLast(): string
+    {
+        return $this->last;
+    }
+
+    /**
+     * @param mixed $last
+     * @return Collection
+     */
+    public function setLast(mixed $last): static
+    {
+        $this->last = $last;
+        return $this;
+    }
+
+    /**
+     * @return array
+     */
+    public function getItems(): array
+    {
+        return $this->items;
+    }
+
+    /**
+     * @param mixed $items
+     * @return Collection
+     */
+    public function setItems(mixed $items): static
+    {
+        $this->items = $items;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getCollectionOf(): mixed
+    {
+        return $this->collectionOf;
+    }
+
+    /**
+     * @param mixed $collectionOf
+     * @return Collection
+     */
+    public function setCollectionOf(mixed $collectionOf): static
+    {
+        $this->collectionOf = $collectionOf;
+        return $this;
+    }
+
+
+}

Zotlabs/ActivityStreams/CollectionPage.php

@@ -0,0 +1,73 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class CollectionPage extends Collection
+{
+    public $partOf;
+    public $next;
+    public $prev;
+
+    // startIndex only applies for OrderedCollectionPage. See
+    // https://www.w3.org/ns/activitystreams#OrderedCollectionPage
+    // It is provided here to avoid multiple inheritance
+
+    public $startIndex;
+
+    /**
+     * @return mixed
+     */
+    public function getPartOf()
+    {
+        return $this->partOf;
+    }
+
+    /**
+     * @param mixed $partOf
+     * @return CollectionPage
+     */
+    public function setPartOf($partOf)
+    {
+        $this->partOf = $partOf;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getNext()
+    {
+        return $this->next;
+    }
+
+    /**
+     * @param mixed $next
+     * @return CollectionPage
+     */
+    public function setNext($next)
+    {
+        $this->next = $next;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPrev()
+    {
+        return $this->prev;
+    }
+
+    /**
+     * @param mixed $prev
+     * @return CollectionPage
+     */
+    public function setPrev($prev)
+    {
+        $this->prev = $prev;
+        return $this;
+    }
+
+
+
+}

Zotlabs/ActivityStreams/IntransitiveActivity.php

@@ -0,0 +1,104 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+
+class IntransitiveActivity extends ASObject
+{
+    public $actor;
+    public $target;
+    public $result;
+    public $origin;
+    public $instrument;
+
+    /**
+     * @return mixed
+     */
+    public function getActor()
+    {
+        return $this->actor;
+    }
+
+    /**
+     * @param mixed $actor
+     * @return IntransitiveActivity
+     */
+    public function setActor($actor)
+    {
+        $this->actor = $actor;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getTarget()
+    {
+        return $this->target;
+    }
+
+    /**
+     * @param mixed $target
+     * @return IntransitiveActivity
+     */
+    public function setTarget($target)
+    {
+        $this->target = $target;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getResult()
+    {
+        return $this->result;
+    }
+
+    /**
+     * @param mixed $result
+     * @return IntransitiveActivity
+     */
+    public function setResult($result)
+    {
+        $this->result = $result;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getOrigin()
+    {
+        return $this->origin;
+    }
+
+    /**
+     * @param mixed $origin
+     * @return IntransitiveActivity
+     */
+    public function setOrigin($origin)
+    {
+        $this->origin = $origin;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getInstrument()
+    {
+        return $this->instrument;
+    }
+
+    /**
+     * @param mixed $instrument
+     * @return IntransitiveActivity
+     */
+    public function setInstrument($instrument)
+    {
+        $this->instrument = $instrument;
+        return $this;
+    }
+
+}

Zotlabs/ActivityStreams/Link.php

@@ -0,0 +1,183 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+use Zotlabs\Lib\BaseObject;
+
+class Link extends BaseObject
+{
+    public $type;
+    public $href;
+    public $rel;
+    public $mediaType;
+    public $name;
+    public $hreflang;
+    public $height;
+    public $width;
+    public $preview;
+
+
+
+    /**
+     * @return mixed
+     */
+    public function getType()
+    {
+        return $this->type;
+    }
+
+    /**
+     * @param mixed $type
+     * @return Link
+     */
+    public function setType($type)
+    {
+        $this->type = $type;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getHref()
+    {
+        return $this->href;
+    }
+
+    /**
+     * @param mixed $href
+     * @return Link
+     */
+    public function setHref($href)
+    {
+        $this->href = $href;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getRel()
+    {
+        return $this->rel;
+    }
+
+    /**
+     * @param mixed $rel
+     * @return Link
+     */
+    public function setRel($rel)
+    {
+        $this->rel = $rel;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getMediaType()
+    {
+        return $this->mediaType;
+    }
+
+    /**
+     * @param mixed $mediaType
+     * @return Link
+     */
+    public function setMediaType($mediaType)
+    {
+        $this->mediaType = $mediaType;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getName()
+    {
+        return $this->name;
+    }
+
+    /**
+     * @param mixed $name
+     * @return Link
+     */
+    public function setName($name)
+    {
+        $this->name = $name;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getHreflang()
+    {
+        return $this->hreflang;
+    }
+
+    /**
+     * @param mixed $hreflang
+     * @return Link
+     */
+    public function setHreflang($hreflang)
+    {
+        $this->hreflang = $hreflang;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getHeight()
+    {
+        return $this->height;
+    }
+
+    /**
+     * @param mixed $height
+     * @return Link
+     */
+    public function setHeight($height)
+    {
+        $this->height = $height;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getWidth()
+    {
+        return $this->width;
+    }
+
+    /**
+     * @param mixed $width
+     * @return Link
+     */
+    public function setWidth($width)
+    {
+        $this->width = $width;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPreview()
+    {
+        return $this->preview;
+    }
+
+    /**
+     * @param mixed $preview
+     * @return Link
+     */
+    public function setPreview($preview)
+    {
+        $this->preview = $preview;
+        return $this;
+    }
+
+}

Zotlabs/ActivityStreams/OrderedCollection.php

@@ -0,0 +1,8 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class OrderedCollection extends Collection
+{
+
+}

Zotlabs/ActivityStreams/OrderedCollectionPage.php

@@ -0,0 +1,92 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+/**
+ * According to the specification, OrderedCollectionPage extends
+ * both OrderedCollection and CollectionPage, but PHP is still a bit awkward
+ * when it comes to multiple inheritance. Rather than try and do this with
+ * traits, we'll just include the CollectionPage elements here - as this only
+ * consists of three properties.
+ */
+
+class OrderedCollectionPage extends OrderedCollection
+{
+    public $partOf;
+    public $next;
+    public $prev;
+    public $startIndex;
+
+    /**
+     * @return mixed
+     */
+    public function getPartOf()
+    {
+        return $this->partOf;
+    }
+
+    /**
+     * @param mixed $partOf
+     * @return OrderedCollectionPage
+     */
+    public function setPartOf($partOf)
+    {
+        $this->partOf = $partOf;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getNext()
+    {
+        return $this->next;
+    }
+
+    /**
+     * @param mixed $next
+     * @return OrderedCollectionPage
+     */
+    public function setNext($next)
+    {
+        $this->next = $next;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPrev()
+    {
+        return $this->prev;
+    }
+
+    /**
+     * @param mixed $prev
+     * @return OrderedCollectionPage
+     */
+    public function setPrev($prev)
+    {
+        $this->prev = $prev;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getStartIndex()
+    {
+        return $this->startIndex;
+    }
+
+    /**
+     * @param mixed $startIndex
+     * @return OrderedCollectionPage
+     */
+    public function setStartIndex($startIndex)
+    {
+        $this->startIndex = $startIndex;
+        return $this;
+    }
+
+}

Zotlabs/ActivityStreams/Place.php

@@ -0,0 +1,125 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class Place extends ASObject
+{
+
+    public $accuracy;
+    public $altitude;
+    public $latitude;
+    public $longitude;
+    public $radius;
+    public $units;
+
+    /**
+     * @return mixed
+     */
+    public function getAccuracy()
+    {
+        return $this->accuracy;
+    }
+
+    /**
+     * @param mixed $accuracy
+     * @return Place
+     */
+    public function setAccuracy($accuracy)
+    {
+        $this->accuracy = $accuracy;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAltitude()
+    {
+        return $this->altitude;
+    }
+
+    /**
+     * @param mixed $altitude
+     * @return Place
+     */
+    public function setAltitude($altitude)
+    {
+        $this->altitude = $altitude;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getLatitude()
+    {
+        return $this->latitude;
+    }
+
+    /**
+     * @param mixed $latitude
+     * @return Place
+     */
+    public function setLatitude($latitude)
+    {
+        $this->latitude = $latitude;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getLongitude()
+    {
+        return $this->longitude;
+    }
+
+    /**
+     * @param mixed $longitude
+     * @return Place
+     */
+    public function setLongitude($longitude)
+    {
+        $this->longitude = $longitude;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getRadius()
+    {
+        return $this->radius;
+    }
+
+    /**
+     * @param mixed $radius
+     * @return Place
+     */
+    public function setRadius($radius)
+    {
+        $this->radius = $radius;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getUnits()
+    {
+        return $this->units;
+    }
+
+    /**
+     * @param mixed $units
+     * @return Place
+     */
+    public function setUnits($units)
+    {
+        $this->units = $units;
+        return $this;
+    }
+
+
+
+}

Zotlabs/ActivityStreams/Profile.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class Profile extends ASObject
+{
+
+    public $describes;
+
+    /**
+     * @return mixed
+     */
+    public function getDescribes()
+    {
+        return $this->describes;
+    }
+
+    /**
+     * @param mixed $describes
+     * @return Profile
+     */
+    public function setDescribes($describes)
+    {
+        $this->describes = $describes;
+        return $this;
+    }
+
+
+}

Zotlabs/ActivityStreams/PublicKey.php

@@ -0,0 +1,68 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class PublicKey extends ASObject
+{
+    public $owner;
+    public $signatureAlgorithm;
+    public $publicKeyPem;
+
+    /**
+     * @return mixed
+     */
+    public function getOwner()
+    {
+        return $this->owner;
+    }
+
+    /**
+     * @param mixed $owner
+     * @return PublicKey
+     */
+    public function setOwner($owner)
+    {
+        $this->owner = $owner;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getSignatureAlgorithm()
+    {
+        return $this->signatureAlgorithm;
+    }
+
+    /**
+     * @param mixed $signatureAlgorithm
+     * @return PublicKey
+     */
+    public function setSignatureAlgorithm($signatureAlgorithm)
+    {
+        $this->signatureAlgorithm = $signatureAlgorithm;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPublicKeyPem()
+    {
+        return $this->publicKeyPem;
+    }
+
+    /**
+     * @param mixed $publicKeyPem
+     * @return PublicKey
+     */
+    public function setPublicKeyPem($publicKeyPem)
+    {
+        $this->publicKeyPem = $publicKeyPem;
+        return $this;
+    }
+
+
+
+
+}

Zotlabs/ActivityStreams/Question.php

@@ -0,0 +1,67 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class Question extends ASObject
+{
+    public $oneOf;
+    public $anyOf;
+    public $closed;
+
+    /**
+     * @return mixed
+     */
+    public function getOneOf()
+    {
+        return $this->oneOf;
+    }
+
+    /**
+     * @param mixed $oneOf
+     * @return Question
+     */
+    public function setOneOf($oneOf)
+    {
+        $this->oneOf = $oneOf;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAnyOf()
+    {
+        return $this->anyOf;
+    }
+
+    /**
+     * @param mixed $anyOf
+     * @return Question
+     */
+    public function setAnyOf($anyOf)
+    {
+        $this->anyOf = $anyOf;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getClosed()
+    {
+        return $this->closed;
+    }
+
+    /**
+     * @param mixed $closed
+     * @return Question
+     */
+    public function setClosed($closed)
+    {
+        $this->closed = $closed;
+        return $this;
+    }
+
+
+
+}

Zotlabs/ActivityStreams/Relationship.php

@@ -0,0 +1,67 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class Relationship extends ASObject
+{
+    public $subject;
+    public $object;
+    public $relationship;
+
+    /**
+     * @return mixed
+     */
+    public function getSubject()
+    {
+        return $this->subject;
+    }
+
+    /**
+     * @param mixed $subject
+     * @return Relationship
+     */
+    public function setSubject($subject)
+    {
+        $this->subject = $subject;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getObject()
+    {
+        return $this->object;
+    }
+
+    /**
+     * @param mixed $object
+     * @return Relationship
+     */
+    public function setObject($object)
+    {
+        $this->object = $object;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getRelationship()
+    {
+        return $this->relationship;
+    }
+
+    /**
+     * @param mixed $relationship
+     * @return Relationship
+     */
+    public function setRelationship($relationship)
+    {
+        $this->relationship = $relationship;
+        return $this;
+    }
+
+
+
+}

Zotlabs/ActivityStreams/Signature.php

@@ -0,0 +1,65 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class Signature extends ASObject
+{
+    public $nonce;
+    public $creator;
+    public $signatureValue;
+
+    /**
+     * @return mixed
+     */
+    public function getCreator()
+    {
+        return $this->creator;
+    }
+
+    /**
+     * @param mixed $creator
+     * @return Signature
+     */
+    public function setCreator($creator)
+    {
+        $this->creator = $creator;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getSignatureValue()
+    {
+        return $this->signatureValue;
+    }
+
+    /**
+     * @param mixed $signatureValue
+     * @return Signature
+     */
+    public function setSignatureValue($signatureValue)
+    {
+        $this->signatureValue = $signatureValue;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getNonce()
+    {
+        return $this->nonce;
+    }
+
+    /**
+     * @param mixed $nonce
+     * @return Signature
+     */
+    public function setNonce($nonce)
+    {
+        $this->nonce = $nonce;
+        return $this;
+    }
+
+}

Zotlabs/ActivityStreams/Tombstone.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class Tombstone extends ASObject
+{
+    public $formerType;
+    public $deleted;
+
+    /**
+     * @return mixed
+     */
+    public function getFormerType()
+    {
+        return $this->formerType;
+    }
+
+    /**
+     * @param mixed $formerType
+     * @return Tombstone
+     */
+    public function setFormerType($formerType)
+    {
+        $this->formerType = $formerType;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getDeleted()
+    {
+        return $this->deleted;
+    }
+
+    /**
+     * @param mixed $deleted
+     * @return Tombstone
+     */
+    public function setDeleted($deleted)
+    {
+        $this->deleted = $deleted;
+        return $this;
+    }
+
+
+
+}

Zotlabs/ActivityStreams/UnhandledElementException.php

@@ -0,0 +1,8 @@
+<?php
+
+namespace Zotlabs\ActivityStreams;
+
+class UnhandledElementException extends \Exception
+{
+
+}

Zotlabs/Daemon/Channel_purge.php

@@ -24,7 +24,7 @@ class Channel_purge {
 			);
 			if ($r) {
 				foreach ($r as $rv) {
-					drop_item($rv['id'], false);
+					drop_item($rv['id'], uid: $channel_id);
 				}
 			}
 		} while ($r);

Zotlabs/Daemon/Content_importer.php

@@ -38,7 +38,13 @@ class Content_importer {
 
 		$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512');
 
-		$x = z_fetch_url($hz_server . '/api/z/1.0/item/export_page?f=&since=' . urlencode($since) . '&until=' . urlencode($until) . '&page=' . $page,false,$redirects,[ 'headers' => $headers ]);
+		$redirects = 0;
+		$x = z_fetch_url(
+			$hz_server . '/api/z/1.0/item/export_page?f=&since=' . urlencode($since) . '&until=' . urlencode($until) . '&page=' . $page,
+			false,
+			$redirects,
+			[ 'headers' => $headers ]
+		);
 
 		// logger('item fetch: ' . print_r($x,true));
 
@@ -47,9 +53,9 @@ class Content_importer {
 			killme();
 		}
 
-		$j = json_decode($x['body'],true);
+		$j = json_decode($x['body'], true);
 
-		if(! is_array($j['item']) || ! count($j['item'])) {
+		if($j && empty($j['item'])) {
 			PConfig::Set($channel['channel_id'], 'import', 'content_completed', 1);
 			return;
 		}

Zotlabs/Daemon/Cron.php

@@ -69,18 +69,18 @@ class Cron {
 
 		// expire any expired items
 
-		$r = q("select id,item_wall from item where expires > '2001-01-01 00:00:00' and expires < %s
+		$r = q("select id, uid, item_wall from item where expires > '2001-01-01 00:00:00' and expires < %s
 			and item_deleted = 0 ",
 			db_utcnow()
 		);
+
 		if ($r) {
-			require_once('include/items.php');
 			foreach ($r as $rr) {
-				drop_item($rr['id'], false, (($rr['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
+				// pass uid of the message for permission check as we are running as a daemon process with no session.
+				drop_item($rr['id'], (($rr['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL), uid: intval($rr['uid']));
 				if ($rr['item_wall']) {
 					// The notifier isn't normally invoked unless item_drop is interactive.
 					Master::Summon(['Notifier', 'drop', $rr['id']]);
-
 					if ($interval) {
 						usleep($interval);
 					}
@@ -147,40 +147,29 @@ class Cron {
 		// (time travel posts). Restrict to items that have come of age in the last
 		// couple of days to limit the query to something reasonable.
 
-		$r = q("select id from item where item_delayed = 1 and created <= %s  and created > '%s' ",
+		$r = q("select * from item where item_delayed = 1 and created <= %s  and created > '%s' ",
 			db_utcnow(),
 			dbesc(datetime_convert('UTC', 'UTC', 'now - 2 days'))
 		);
-		if ($r) {
-			foreach ($r as $rr) {
-				$x = q("update item set item_delayed = 0 where id = %d",
-					intval($rr['id'])
-				);
-				if ($x) {
-					$z = q("select * from item where id = %d",
-						intval($rr['id'])
-					);
-					if ($z) {
-						xchan_query($z);
-						$sync_item = fetch_post_tags($z);
-						Libsync::build_sync_packet($sync_item[0]['uid'],
-							[
-								'item' => [encode_item($sync_item[0], true)]
-							]
-						);
-					}
-					Master::Summon(array('Notifier', 'wall-new', $rr['id']));
 
-					if ($interval) {
-						usleep($interval);
+		if ($r) {
+			xchan_query($r);
+			$items = fetch_post_tags($r);
+			foreach ($items as $item) {
+				$item['item_delayed'] = 0;
+				$post = item_store_update($item);
+
+				if($post['success']) {
+					Master::Summon(['Notifier', 'wall-new', $post['item_id']]);
+					if (!empty($post['approval_id'])) {
+						Master::Summon(['Notifier', 'wall-new', $post['approval_id']]);
 					}
 				}
-			}
-		}
-
-		require_once('include/attach.php');
-		attach_upgrade();
-
+				if ($interval) {
+					usleep($interval);
+				}
+            }
+        }
 		// once daily run birthday_updates and then expire in background
 
 		// FIXME: add birthday updates, both locally and for xprof for use

Zotlabs/Daemon/Expire.php

@@ -23,13 +23,13 @@ class Expire {
 
 		// perform final cleanup on previously delete items
 
-		$r = q("select id from item where item_deleted = 1 and item_pending_remove = 0 and changed < %s - INTERVAL %s",
+		$r = q("select id, uid from item where item_deleted = 1 and item_pending_remove = 0 and changed < %s - INTERVAL %s",
 			db_utcnow(),
 			db_quoteinterval('10 DAY')
 		);
 		if ($r) {
 			foreach ($r as $rr) {
-				drop_item($rr['id'], false, DROPITEM_PHASE2);
+				drop_item($rr['id'], DROPITEM_PHASE2, uid: $rr['uid']);
 			}
 		}
 

Zotlabs/Daemon/File_importer.php

@@ -38,7 +38,13 @@ class File_importer {
 		$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),true,'sha512');
 
 		// TODO: implement total count
-		$x = z_fetch_url($hz_server . '/api/z/1.0/file/export_page?f=records=1&page=' . $page, false, $redirects, [ 'headers' => $headers ]);
+		$redirects = 0;
+		$x = z_fetch_url(
+			$hz_server . '/api/z/1.0/file/export_page?f=records=1&page=' . $page,
+			false,
+			$redirects,
+			[ 'headers' => $headers ]
+		);
 		// logger('file fetch: ' . print_r($x,true));
 
 		if(! $x['success']) {

Zotlabs/Daemon/Importdoc.php

@@ -11,6 +11,21 @@ class Importdoc {
 
 		self::update_docs_dir('doc/*');
 
+		$sys = get_sys_channel();
+
+		// remove old files that weren't updated (indicates they were most likely deleted).
+		$i = q("select id from item where uid = %d and item_type = 5 and edited < %s - INTERVAL %s",
+			intval($sys['channel_id']),
+			db_utcnow(),
+			db_quoteinterval('14 DAY')
+		);
+
+		if ($i) {
+			foreach ($i as $iv) {
+				drop_item($iv['id'], uid: $sys['channel_id']);
+			}
+		}
+
 		return;
 
 	}
@@ -18,9 +33,13 @@ class Importdoc {
 	static public function update_docs_dir($s) {
 		$f = basename($s);
 		$d = dirname($s);
-		if ($s === 'doc/html')
+
+		if ($s === 'doc/html') {
 			return;
+		}
+
 		$files = glob("$d/$f");
+
 		if ($files) {
 			foreach ($files as $fi) {
 				if ($fi === 'doc/html') {

Zotlabs/Daemon/Notifier.php

@@ -241,11 +241,6 @@ class Notifier {
 
 			$target_item = $r[0];
 
-			if (in_array($target_item['author']['xchan_network'], ['rss', 'anon', 'token'])) {
-				logger('notifier: target item author is not a fetchable actor', LOGGER_DEBUG);
-				return;
-			}
-
 			if (intval($target_item['item_deleted'])) {
 				logger('notifier: target item ITEM_DELETED', LOGGER_DEBUG);
 			}
@@ -268,22 +263,9 @@ class Notifier {
 
 			}
 
-			// Check for non published items, but allow an exclusion for transmitting hidden file activities
-
-			if (intval($target_item['item_unpublished']) || intval($target_item['item_delayed']) ||
-				intval($target_item['item_blocked']) || intval($target_item['item_hidden'])) {
-				logger('notifier: target item not published, so not forwardable', LOGGER_DEBUG);
-				return;
-			}
-
-			// follow/unfollow is for internal use only
-			if (in_array($target_item['verb'], ['Follow', 'Ignore', ACTIVITY_FOLLOW, ACTIVITY_UNFOLLOW])) {
-				logger('not fowarding follow/unfollow note activity');
-				return;
-			}
-
-			if (strpos($target_item['postopts'], 'nodeliver') !== false) {
-				logger('notifier: target item is undeliverable', LOGGER_DEBUG);
+			if (!item_forwardable($target_item)) {
+				//hz_syslog(print_r($target_item,true));
+				logger('notifier: target item not forwardable', LOGGER_DEBUG);
 				return;
 			}
 
@@ -299,7 +281,7 @@ class Notifier {
 				return;
 			}
 
-			if ($target_item['verb'] === ACTIVITY_SHARE) {
+			if (in_array($target_item['verb'], [ACTIVITY_SHARE])) {
 				// Provide correct representation across the wire. Internally this is treated as a comment.
 				$target_item['parent_mid'] = $target_item['thr_parent'] = $target_item['mid'];
 			}
@@ -374,7 +356,6 @@ class Notifier {
 
 			if (($relay_to_owner || $uplink) && ($cmd !== 'relay')) {
 				logger('notifier: followup relay', LOGGER_DEBUG);
-				// If the Parent item is an Announce the real owner is the parent author
 				$sendto            = (($uplink) ? $parent_item['source_xchan'] : $parent_item['owner_xchan']);
 				self::$recipients  = [$sendto];
 				self::$private     = true;
@@ -389,7 +370,7 @@ class Notifier {
 					logger('normal (downstream) distribution', LOGGER_DEBUG);
 				}
 
-				if ($parent_item && $parent_item['item_private'] !== $target_item['item_private']) {
+				if (($parent_item && $parent_item['item_private'] !== $target_item['item_private']) || (intval($target_item['item_restrict']) & 1)) {
 					logger('conversation privacy mismatch - downstream delivery prevented');
 					return;
 				}
@@ -589,8 +570,6 @@ class Notifier {
 
 		foreach ($dhubs as $hub) {
 
-			logger('notifier_hub: ' . $hub['hubloc_url'], LOGGER_DEBUG);
-
 			if ($hub['hubloc_network'] !== 'zot6') {
 				$narr = [
 					'channel'        => self::$channel,

Zotlabs/Entity/Account.php

@@ -0,0 +1,352 @@
+<?php
+
+namespace Zotlabs\Entity;
+
+use Zotlabs\Lib\BaseObject;
+
+class Account extends BaseObject
+{
+    public $account_id;
+    public $account_parent;
+    public $account_default_channel;
+    public $account_salt;
+    public $account_password;
+    public $account_email;
+    public $account_external;
+    public $account_language;
+    public $account_created;
+    public $account_lastlog;
+    public $account_flags;
+    public $account_roles;
+    public $account_reset;
+    public $account_expires;
+    public $account_expire_notified;
+    public $account_service_class;
+    public $account_level;
+    public $account_password_change;
+
+    /**
+     * @return mixed
+     */
+    public function getId()
+    {
+        return $this->account_id;
+    }
+
+    /**
+     * @param mixed $account_id
+     * @return Account
+     */
+    public function setId($account_id)
+    {
+        $this->account_id = $account_id;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getParent()
+    {
+        return $this->account_parent;
+    }
+
+    /**
+     * @param mixed $account_parent
+     * @return Account
+     */
+    public function setParent($account_parent)
+    {
+        $this->account_parent = $account_parent;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getDefaultChannel()
+    {
+        return $this->account_default_channel;
+    }
+
+    /**
+     * @param mixed $account_default_channel
+     * @return Account
+     */
+    public function setDefaultChannel($account_default_channel)
+    {
+        $this->account_default_channel = $account_default_channel;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getSalt()
+    {
+        return $this->account_salt;
+    }
+
+    /**
+     * @param mixed $account_salt
+     * @return Account
+     */
+    public function setSalt($account_salt)
+    {
+        $this->account_salt = $account_salt;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPassword()
+    {
+        return $this->account_password;
+    }
+
+    /**
+     * @param mixed $account_password
+     * @return Account
+     */
+    public function setPassword($account_password)
+    {
+        $this->account_password = $account_password;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getEmail()
+    {
+        return $this->account_email;
+    }
+
+    /**
+     * @param mixed $account_email
+     * @return Account
+     */
+    public function setEmail($account_email)
+    {
+        $this->account_email = $account_email;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getExternal()
+    {
+        return $this->account_external;
+    }
+
+    /**
+     * @param mixed $account_external
+     * @return Account
+     */
+    public function setExternal($account_external)
+    {
+        $this->account_external = $account_external;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getLanguage()
+    {
+        return $this->account_language;
+    }
+
+    /**
+     * @param mixed $account_language
+     * @return Account
+     */
+    public function setLanguage($account_language)
+    {
+        $this->account_language = $account_language;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getCreated()
+    {
+        return $this->account_created;
+    }
+
+    /**
+     * @param mixed $account_created
+     * @return Account
+     */
+    public function setCreated($account_created)
+    {
+        $this->account_created = $account_created;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getLastlog()
+    {
+        return $this->account_lastlog;
+    }
+
+    /**
+     * @param mixed $account_lastlog
+     * @return Account
+     */
+    public function setLastlog($account_lastlog)
+    {
+        $this->account_lastlog = $account_lastlog;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getFlags()
+    {
+        return $this->account_flags;
+    }
+
+    /**
+     * @param mixed $account_flags
+     * @return Account
+     */
+    public function setFlags($account_flags)
+    {
+        $this->account_flags = $account_flags;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getRoles()
+    {
+        return $this->account_roles;
+    }
+
+    /**
+     * @param mixed $account_roles
+     * @return Account
+     */
+    public function setRoles($account_roles)
+    {
+        $this->account_roles = $account_roles;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getReset()
+    {
+        return $this->account_reset;
+    }
+
+    /**
+     * @param mixed $account_reset
+     * @return Account
+     */
+    public function setReset($account_reset)
+    {
+        $this->account_reset = $account_reset;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getExpires()
+    {
+        return $this->account_expires;
+    }
+
+    /**
+     * @param mixed $account_expires
+     * @return Account
+     */
+    public function setExpires($account_expires)
+    {
+        $this->account_expires = $account_expires;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getExpireNotified()
+    {
+        return $this->account_expire_notified;
+    }
+
+    /**
+     * @param mixed $account_expire_notified
+     * @return Account
+     */
+    public function setExpireNotified($account_expire_notified)
+    {
+        $this->account_expire_notified = $account_expire_notified;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getServiceClass()
+    {
+        return $this->account_service_class;
+    }
+
+    /**
+     * @param mixed $account_service_class
+     * @return Account
+     */
+    public function setServiceClass($account_service_class)
+    {
+        $this->account_service_class = $account_service_class;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getLevel()
+    {
+        return $this->account_level;
+    }
+
+    /**
+     * @param mixed $account_level
+     * @return Account
+     */
+    public function setLevel($account_level)
+    {
+        $this->account_level = $account_level;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPasswordChange()
+    {
+        return $this->account_password_change;
+    }
+
+    /**
+     * @param mixed $account_password_change
+     * @return Account
+     */
+    public function setPasswordChange($account_password_change)
+    {
+        $this->account_password_change = $account_password_change;
+        return $this;
+    }
+
+}

Zotlabs/Entity/Channel.php

@@ -0,0 +1,714 @@
+<?php
+
+namespace Zotlabs\Entity;
+
+use Zotlabs\Lib\BaseObject;
+
+class Channel extends BaseObject
+{
+    public $channel_id;
+    public $channel_account_id;
+    public $channel_primary;
+    public $channel_name;
+    public $channel_parent;
+    public $channel_address;
+    public $channel_guid;
+    public $channel_guid_sig;
+    public $channel_hash;
+    public $channel_timezone;
+    public $channel_location;
+    public $channel_theme;
+    public $channel_startpage;
+    public $channel_pubkey;
+    public $channel_prvkey;
+    public $channel_epubkey;
+    public $channel_eprvkey;
+    public $channel_notifyflags;
+    public $channel_pageflags;
+    public $channel_dirdate;
+    public $channel_lastpost;
+    public $channel_deleted;
+    public $channel_active;
+    public $channel_max_anon_mail;
+    public $channel_max_friend_req;
+    public $channel_expire_days;
+    public $channel_passwd_reset;
+    public $channel_default_group;
+    public $channel_allow_cid;
+    public $channel_allow_gid;
+    public $channel_deny_cid;
+    public $channel_deny_gid;
+    public $channel_removed;
+    public $channel_system;
+    public $channel_moved;
+    public $channel_password;
+    public $channel_salt;
+
+    /**
+     * @return mixed
+     */
+    public function getId()
+    {
+        return $this->channel_id;
+    }
+
+    /**
+     * @param mixed $channel_id
+     * @return Channel
+     */
+    public function setId($channel_id)
+    {
+        $this->channel_id = $channel_id;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAccountId()
+    {
+        return $this->channel_account_id;
+    }
+
+    /**
+     * @param mixed $channel_account_id
+     * @return Channel
+     */
+    public function setAccountId($channel_account_id)
+    {
+        $this->channel_account_id = $channel_account_id;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPrimary()
+    {
+        return $this->channel_primary;
+    }
+
+    /**
+     * @param mixed $channel_primary
+     * @return Channel
+     */
+    public function setPrimary($channel_primary)
+    {
+        $this->channel_primary = $channel_primary;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getName()
+    {
+        return $this->channel_name;
+    }
+
+    /**
+     * @param mixed $channel_name
+     * @return Channel
+     */
+    public function setName($channel_name)
+    {
+        $this->channel_name = $channel_name;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getParent()
+    {
+        return $this->channel_parent;
+    }
+
+    /**
+     * @param mixed $channel_parent
+     * @return Channel
+     */
+    public function setParent($channel_parent)
+    {
+        $this->channel_parent = $channel_parent;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAddress()
+    {
+        return $this->channel_address;
+    }
+
+    /**
+     * @param mixed $channel_address
+     * @return Channel
+     */
+    public function setAddress($channel_address)
+    {
+        $this->channel_address = $channel_address;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getGuid()
+    {
+        return $this->channel_guid;
+    }
+
+    /**
+     * @param mixed $channel_guid
+     * @return Channel
+     */
+    public function setGuid($channel_guid)
+    {
+        $this->channel_guid = $channel_guid;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getGuidSig()
+    {
+        return $this->channel_guid_sig;
+    }
+
+    /**
+     * @param mixed $channel_guid_sig
+     * @return Channel
+     */
+    public function setGuidSig($channel_guid_sig)
+    {
+        $this->channel_guid_sig = $channel_guid_sig;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getHash()
+    {
+        return $this->channel_hash;
+    }
+
+    /**
+     * @param mixed $channel_hash
+     * @return Channel
+     */
+    public function setHash($channel_hash)
+    {
+        $this->channel_hash = $channel_hash;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getTimezone()
+    {
+        return $this->channel_timezone;
+    }
+
+    /**
+     * @param mixed $channel_timezone
+     * @return Channel
+     */
+    public function setTimezone($channel_timezone)
+    {
+        $this->channel_timezone = $channel_timezone;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getLocation()
+    {
+        return $this->channel_location;
+    }
+
+    /**
+     * @param mixed $channel_location
+     * @return Channel
+     */
+    public function setLocation($channel_location)
+    {
+        $this->channel_location = $channel_location;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getTheme()
+    {
+        return $this->channel_theme;
+    }
+
+    /**
+     * @param mixed $channel_theme
+     * @return Channel
+     */
+    public function setTheme($channel_theme)
+    {
+        $this->channel_theme = $channel_theme;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getStartpage()
+    {
+        return $this->channel_startpage;
+    }
+
+    /**
+     * @param mixed $channel_startpage
+     * @return Channel
+     */
+    public function setStartpage($channel_startpage)
+    {
+        $this->channel_startpage = $channel_startpage;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPubkey()
+    {
+        return $this->channel_pubkey;
+    }
+
+    /**
+     * @param mixed $channel_pubkey
+     * @return Channel
+     */
+    public function setPubkey($channel_pubkey)
+    {
+        $this->channel_pubkey = $channel_pubkey;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPrvkey()
+    {
+        return $this->channel_prvkey;
+    }
+
+    /**
+     * @param mixed $channel_prvkey
+     * @return Channel
+     */
+    public function setPrvkey($channel_prvkey)
+    {
+        $this->channel_prvkey = $channel_prvkey;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getEpubkey()
+    {
+        return $this->channel_epubkey;
+    }
+
+    /**
+     * @param mixed $channel_epubkey
+     * @return Channel
+     */
+    public function setEpubkey($channel_epubkey)
+    {
+        $this->channel_epubkey = $channel_epubkey;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getEprvkey()
+    {
+        return $this->channel_eprvkey;
+    }
+
+    /**
+     * @param mixed $channel_eprvkey
+     * @return Channel
+     */
+    public function setEprvkey($channel_eprvkey)
+    {
+        $this->channel_eprvkey = $channel_eprvkey;
+        return $this;
+    }
+
+
+    /**
+     * @return mixed
+     */
+    public function getNotifyflags()
+    {
+        return $this->channel_notifyflags;
+    }
+
+    /**
+     * @param mixed $channel_notifyflags
+     * @return Channel
+     */
+    public function setNotifyflags($channel_notifyflags)
+    {
+        $this->channel_notifyflags = $channel_notifyflags;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPageflags()
+    {
+        return $this->channel_pageflags;
+    }
+
+    /**
+     * @param mixed $channel_pageflags
+     * @return Channel
+     */
+    public function setPageflags($channel_pageflags)
+    {
+        $this->channel_pageflags = $channel_pageflags;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getDirdate()
+    {
+        return $this->channel_dirdate;
+    }
+
+    /**
+     * @param mixed $channel_dirdate
+     * @return Channel
+     */
+    public function setDirdate($channel_dirdate)
+    {
+        $this->channel_dirdate = $channel_dirdate;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getLastpost()
+    {
+        return $this->channel_lastpost;
+    }
+
+    /**
+     * @param mixed $channel_lastpost
+     * @return Channel
+     */
+    public function setLastpost($channel_lastpost)
+    {
+        $this->channel_lastpost = $channel_lastpost;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getDeleted()
+    {
+        return $this->channel_deleted;
+    }
+
+    /**
+     * @param mixed $channel_deleted
+     * @return Channel
+     */
+    public function setDeleted($channel_deleted)
+    {
+        $this->channel_deleted = $channel_deleted;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getActive()
+    {
+        return $this->channel_active;
+    }
+
+    /**
+     * @param mixed $channel_active
+     * @return Channel
+     */
+    public function setActive($channel_active)
+    {
+        $this->channel_active = $channel_active;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getMaxAnonMail()
+    {
+        return $this->channel_max_anon_mail;
+    }
+
+    /**
+     * @param mixed $channel_max_anon_mail
+     * @return Channel
+     */
+    public function setMaxAnonMail($channel_max_anon_mail)
+    {
+        $this->channel_max_anon_mail = $channel_max_anon_mail;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getMaxFriendReq()
+    {
+        return $this->channel_max_friend_req;
+    }
+
+    /**
+     * @param mixed $channel_max_friend_req
+     * @return Channel
+     */
+    public function setMaxFriendReq($channel_max_friend_req)
+    {
+        $this->channel_max_friend_req = $channel_max_friend_req;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getExpireDays()
+    {
+        return $this->channel_expire_days;
+    }
+
+    /**
+     * @param mixed $channel_expire_days
+     * @return Channel
+     */
+    public function setExpireDays($channel_expire_days)
+    {
+        $this->channel_expire_days = $channel_expire_days;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPasswdReset()
+    {
+        return $this->channel_passwd_reset;
+    }
+
+    /**
+     * @param mixed $channel_passwd_reset
+     * @return Channel
+     */
+    public function setPasswdReset($channel_passwd_reset)
+    {
+        $this->channel_passwd_reset = $channel_passwd_reset;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getDefaultGroup()
+    {
+        return $this->channel_default_group;
+    }
+
+    /**
+     * @param mixed $channel_default_group
+     * @return Channel
+     */
+    public function setDefaultGroup($channel_default_group)
+    {
+        $this->channel_default_group = $channel_default_group;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAllowCid()
+    {
+        return $this->channel_allow_cid;
+    }
+
+    /**
+     * @param mixed $channel_allow_cid
+     * @return Channel
+     */
+    public function setAllowCid($channel_allow_cid)
+    {
+        $this->channel_allow_cid = $channel_allow_cid;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getAllowGid()
+    {
+        return $this->channel_allow_gid;
+    }
+
+    /**
+     * @param mixed $channel_allow_gid
+     * @return Channel
+     */
+    public function setAllowGid($channel_allow_gid)
+    {
+        $this->channel_allow_gid = $channel_allow_gid;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getDenyCid()
+    {
+        return $this->channel_deny_cid;
+    }
+
+    /**
+     * @param mixed $channel_deny_cid
+     * @return Channel
+     */
+    public function setDenyCid($channel_deny_cid)
+    {
+        $this->channel_deny_cid = $channel_deny_cid;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getDenyGid()
+    {
+        return $this->channel_deny_gid;
+    }
+
+    /**
+     * @param mixed $channel_deny_gid
+     * @return Channel
+     */
+    public function setDenyGid($channel_deny_gid)
+    {
+        $this->channel_deny_gid = $channel_deny_gid;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getRemoved()
+    {
+        return $this->channel_removed;
+    }
+
+    /**
+     * @param mixed $channel_removed
+     * @return Channel
+     */
+    public function setRemoved($channel_removed)
+    {
+        $this->channel_removed = $channel_removed;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getSystem()
+    {
+        return $this->channel_system;
+    }
+
+    /**
+     * @param mixed $channel_system
+     * @return Channel
+     */
+    public function setSystem($channel_system)
+    {
+        $this->channel_system = $channel_system;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getMoved()
+    {
+        return $this->channel_moved;
+    }
+
+    /**
+     * @param mixed $channel_moved
+     * @return Channel
+     */
+    public function setMoved($channel_moved)
+    {
+        $this->channel_moved = $channel_moved;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getPassword()
+    {
+        return $this->channel_password;
+    }
+
+    /**
+     * @param mixed $channel_password
+     * @return Channel
+     */
+    public function setPassword($channel_password)
+    {
+        $this->channel_password = $channel_password;
+        return $this;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getSalt()
+    {
+        return $this->channel_salt;
+    }
+
+    /**
+     * @param mixed $channel_salt
+     * @return Channel
+     */
+    public function setSalt($channel_salt)
+    {
+        $this->channel_salt = $channel_salt;
+        return $this;
+    }
+
+}

Zotlabs/Lib/Activity.php

@@ -8,6 +8,7 @@ use Zotlabs\Access\PermissionRoles;
 use Zotlabs\Access\Permissions;
 use Zotlabs\Daemon\Master;
 use Zotlabs\Web\HTTPSig;
+use Zotlabs\Entity\Item;
 
 require_once('include/event.php');
 require_once('include/html2plain.php');
@@ -503,15 +504,21 @@ class Activity {
 		$ret['diaspora:guid'] = $i['uuid'];
 
 		$images = [];
+		$audios = [];
+		$videos = [];
+
 		$has_images = preg_match_all('/\[[zi]mg(.*?)](.*?)\[/ism', $i['body'], $images, PREG_SET_ORDER);
+		$has_audios = preg_match_all('/\[zaudio](.*?)\[/ism', $i['body'], $audios, PREG_SET_ORDER);
+		$has_videos = preg_match_all('/\[zvideo](.*?)\[/ism', $i['body'], $videos, PREG_SET_ORDER);
 
 		// provide ocap access token for private media.
 		// set this for descendants even if the current item is not private
 		// because it may have been relayed from a private item.
 
 		$token = IConfig::Get($i, 'ocap', 'relay');
+		$matches_processed = [];
+
 		if ($token && $has_images) {
-			$matches_processed = [];
 			for ($n = 0; $n < count($images); $n++) {
 				$match = $images[$n];
 				if (str_starts_with($match[1], '=http') && str_contains($match[1], z_root() . '/photo/') && !in_array($match[1], $matches_processed)) {
@@ -526,6 +533,28 @@ class Activity {
 			}
 		}
 
+		if ($token && $has_audios) {
+			for ($n = 0; $n < count($audios); $n++) {
+				$match = $audios[$n];
+				if (str_contains($match[1], z_root() . '/attach/') && !in_array($match[1], $matches_processed)) {
+					$i['body'] = str_replace($match[1], $match[1] . '?token=' . $token, $i['body']);
+					$audios[$n][1] = $match[1] . '?token=' . $token;
+					$matches_processed[] = $match[1];
+				}
+			}
+		}
+
+		if ($token && $has_videos) {
+			for ($n = 0; $n < count($videos); $n++) {
+				$match = $videos[$n];
+				if (str_contains($match[1], z_root() . '/attach/') && !in_array($match[1], $matches_processed)) {
+					$i['body'] = str_replace($match[1], $match[1] . '?token=' . $token, $i['body']);
+					$videos[$n][1] = $match[1] . '?token=' . $token;
+					$matches_processed[] = $match[1];
+				}
+			}
+		}
+
 		if ($i['title'])
 			$ret['name'] = unescape_tags($i['title']);
 
@@ -570,6 +599,26 @@ class Activity {
 
 		if ($i['mid'] !== $i['parent_mid']) {
 			$ret['inReplyTo'] = ((strpos($i['thr_parent'], 'http') === 0) ? $i['thr_parent'] : z_root() . '/item/' . urlencode($i['thr_parent']));
+
+			$cnv = IConfig::Get($i['parent'], 'activitypub', 'context');
+			if (!$cnv) {
+				$cnv = $i['parent_mid'];
+			}
+		}
+
+		if (empty($cnv)) {
+			$cnv = IConfig::Get($i, 'activitypub', 'context');
+			if (!$cnv) {
+				$cnv = $i['parent_mid'];
+			}
+		}
+
+		if (!empty($cnv)) {
+			if (is_string($cnv) && str_starts_with($cnv, z_root())) {
+				$cnv = str_replace(['/item/', '/activity/'], ['/conversation/', '/conversation/'], $cnv);
+				$ret['contextHistory'] = $cnv;
+			}
+			$ret['context'] = $cnv;
 		}
 
 		if ($i['mimetype'] === 'text/bbcode') {
@@ -589,6 +638,12 @@ class Activity {
 
 		$t = self::encode_taxonomy($i);
 		if ($t) {
+			foreach($t as $tag) {
+				if (strcasecmp($tag['name'], '#nsfw') === 0 || strcasecmp($tag['name'], '#sensitive') === 0) {
+					$ret['sensitive'] = true;
+				}
+			}
+
 			$ret['tag'] = $t;
 		}
 
@@ -596,7 +651,20 @@ class Activity {
 		if ($a) {
 			$ret['attachment'] = $a;
 		}
-
+/*
+		if ($i['target']) {
+			if (is_string($i['target'])) {
+				$tmp = json_decode($i['target'], true);
+				if ($tmp !== null) {
+					$i['target'] = $tmp;
+				}
+			}
+			$tgt = self::encode_object($i['target']);
+			if ($tgt) {
+				$ret['target'] = $tgt;
+			}
+		}
+*/
 		if (intval($i['item_private']) === 0) {
 			$ret['to'] = [ACTIVITY_PUBLIC_INBOX];
 		}
@@ -694,6 +762,8 @@ class Activity {
 
 		$ret = [];
 
+		$token = IConfig::Get($item, 'ocap', 'relay');
+
 		if (!$iconfig && array_key_exists('attach', $item)) {
 			$atts = ((is_array($item['attach'])) ? $item['attach'] : json_decode($item['attach'], true));
 			if ($atts) {
@@ -702,11 +772,17 @@ class Activity {
 						continue;
 					}
 
-					if (isset($att['type']) && strpos($att['type'], 'image')) {
-						$ret[] = ['type' => 'Image', 'mediaType' => $att['type'], 'name' => $att['title'], 'url' => $att['href']];
+					if (str_starts_with($att['type'], 'image')) {
+						$ret[] = ['type' => 'Image', 'mediaType' => $att['type'], 'name' => $att['title'], 'url' => $att['href'] . (($token) ? '?token=' . $token : '')];
+					}
+					elseif (str_starts_with($att['type'], 'audio')) {
+						$ret[] = ['type' => 'Audio', 'mediaType' => $att['type'], 'name' => $att['title'], 'url' => $att['href'] . (($token) ? '?token=' . $token : '')];
+					}
+					elseif (str_starts_with($att['type'], 'video')) {
+						$ret[] = ['type' => 'Video', 'mediaType' => $att['type'], 'name' => $att['title'], 'url' => $att['href'] . (($token) ? '?token=' . $token : '')];
 					}
 					else {
-						$ret[] = ['type' => 'Link', 'mediaType' => $att['type'], 'name' => $att['title'], 'href' => $att['href']];
+						$ret[] = ['type' => 'Link', 'mediaType' => $att['type'], 'name' => $att['title'], 'href' => $att['href'] . (($token) ? '?token=' . $token : '')];
 					}
 				}
 			}
@@ -727,7 +803,7 @@ class Activity {
 
 		$ret = [];
 
-		if (isset($item['attachment'])) {
+		if (isset($item['attachment']) && is_array($item['attachment'])) {
 			$ptr = $item['attachment'];
 			if (!array_key_exists(0, $ptr)) {
 				$ptr = [$ptr];
@@ -807,12 +883,32 @@ class Activity {
 		$ret['type'] = self::activity_mapper($i['verb']);
 
 		if ((isset($i['item_deleted']) && intval($i['item_deleted'])) && !$recurse) {
-			$is_response = false;
 
-			if (ActivityStreams::is_response_activity($ret['type'])) {
+			if ($i['verb'] === 'Add' && str_contains($i['tgt_type'], 'Collection')) {
+				$ret['id'] = str_replace('/item/', '/activity/', $i['mid']) . '#Remove';
+				$ret['type'] = 'Remove';
+				if (is_string($i['obj'])) {
+					$obj = json_decode($i['obj'], true);
+				}
+				elseif(is_array($i['obj'])) {
+					$obj = $i['obj'];
+				}
+				if (isset($obj['id'])) {
+					$ret['object'] = $obj['id'];
+				}
+				else {
+					$ret['object'] = str_replace('/item/', '/activity/', $i['mid']);
+				}
+				$ret['target'] = is_array($i['target']) ? $i['target'] : json_decode($i['target'], true);
+
+				return $ret;
+			}
+
+			$is_response = ActivityStreams::is_response_activity($ret['type']);
+
+			if ($is_response) {
 				$ret['type'] = 'Undo';
 				$fragment    = 'undo';
-				$is_response = true;
 			}
 			else {
 				$ret['type'] = 'Delete';
@@ -935,9 +1031,29 @@ class Activity {
 			// inReplyTo needs to be set in the activity for followup actions (Like, Dislike, Announce, etc.),
 			// but *not* for comments and RSVPs, where it should only be present in the object
 
-			if (!in_array($ret['type'], ['Create', 'Update', 'Accept', 'Reject', 'TentativeAccept', 'TentativeReject'])) {
+			if (!in_array($ret['type'], ['Create', 'Update', 'Add', 'Remove', 'Accept', 'Reject', 'TentativeAccept', 'TentativeReject'])) {
 				$ret['inReplyTo'] = ((strpos($i['thr_parent'], 'http') === 0) ? $i['thr_parent'] : z_root() . '/item/' . urlencode($i['thr_parent']));
 			}
+
+			$cnv = IConfig::Get($i['parent'], 'activitypub', 'context');
+			if (!$cnv) {
+				$cnv = $i['parent_mid'];
+			}
+		}
+
+		if (empty($cnv)) {
+			$cnv = IConfig::Get($i, 'activitypub', 'context');
+			if (!$cnv) {
+				$cnv = $i['parent_mid'];
+			}
+		}
+
+		if (!empty($cnv)) {
+			if (is_string($cnv) && str_starts_with($cnv, z_root())) {
+				$cnv = str_replace(['/item/', '/activity/'], ['/conversation/', '/conversation/'], $cnv);
+				$ret['contextHistory'] = $cnv;
+			}
+			$ret['context'] = $cnv;
 		}
 
 		$actor = self::encode_person($i['author'], false);
@@ -1010,6 +1126,7 @@ class Activity {
 		call_hooks('encode_activity', $hookinfo);
 
 		return $hookinfo['encoded'];
+
 	}
 
 	// Returns an array of URLS for any mention tags found in the item array $i.
@@ -1253,81 +1370,6 @@ class Activity {
 		//	return false;
 	}
 
-	static function activity_decode_mapper($verb) {
-
-		$acts = [
-			'http://activitystrea.ms/schema/1.0/post'           => 'Create',
-		//	'http://activitystrea.ms/schema/1.0/share'          => 'Announce',
-			'http://activitystrea.ms/schema/1.0/update'         => 'Update',
-			'http://activitystrea.ms/schema/1.0/like'           => 'Like',
-			'http://activitystrea.ms/schema/1.0/favorite'       => 'Like',
-			'http://purl.org/zot/activity/dislike'              => 'Dislike',
-		//	'http://activitystrea.ms/schema/1.0/tag'            => 'Add',
-			'http://activitystrea.ms/schema/1.0/follow'         => 'Follow',
-			'http://activitystrea.ms/schema/1.0/unfollow'       => 'Unfollow',
-			'http://activitystrea.ms/schema/1.0/stop-following' => 'Unfollow',
-			'http://purl.org/zot/activity/attendyes'            => 'Accept',
-			'http://purl.org/zot/activity/attendno'             => 'Reject',
-			'http://purl.org/zot/activity/attendmaybe'          => 'TentativeAccept',
-			'Announce'                                          => 'Announce',
-			'Invite'                                            => 'Invite',
-			'Delete'                                            => 'Delete',
-			'Undo'                                              => 'Undo',
-			'Add'                                               => 'Add',
-			'Remove'                                            => 'Remove'
-		];
-
-		call_hooks('activity_decode_mapper', $acts);
-
-		foreach ($acts as $k => $v) {
-			if ($verb === $v) {
-				return $k;
-			}
-		}
-
-		logger('Unmapped activity: ' . $verb);
-		return 'Create';
-
-	}
-
-	static function activity_obj_decode_mapper($obj) {
-
-		$objs = [
-			'http://activitystrea.ms/schema/1.0/note'          => 'Note',
-			'http://activitystrea.ms/schema/1.0/note'          => 'Article',
-			'http://activitystrea.ms/schema/1.0/comment'       => 'Note',
-			'http://activitystrea.ms/schema/1.0/person'        => 'Person',
-			'http://purl.org/zot/activity/profile'             => 'Profile',
-			'http://activitystrea.ms/schema/1.0/photo'         => 'Image',
-			'http://activitystrea.ms/schema/1.0/profile-photo' => 'Icon',
-			'http://activitystrea.ms/schema/1.0/event'         => 'Event',
-			'http://purl.org/zot/activity/location'            => 'Place',
-			'http://purl.org/zot/activity/chessgame'           => 'Game',
-			'http://purl.org/zot/activity/tagterm'             => 'zot:Tag',
-			'http://purl.org/zot/activity/thing'               => 'Object',
-			'http://purl.org/zot/activity/file'                => 'zot:File',
-			'http://purl.org/zot/activity/mood'                => 'zot:Mood',
-			'Invite'                                           => 'Invite',
-			'Question'                                         => 'Question',
-			'Document'                                         => 'Document',
-			'Audio'                                            => 'Audio',
-			'Video'                                            => 'Video',
-			'Delete'                                           => 'Delete',
-			'Undo'                                             => 'Undo'
-		];
-
-		call_hooks('activity_obj_decode_mapper', $objs);
-
-		foreach ($objs as $k => $v) {
-			if ($obj === $v) {
-				return $k;
-			}
-		}
-
-		logger('Unmapped activity object: ' . $obj);
-		return 'Note';
-	}
-
 	static function activity_obj_mapper($obj) {
 
 		$objs = [
@@ -1606,9 +1648,9 @@ class Activity {
 		}
 
 		if (in_array($observer, [$r[0]['author_xchan'], $r[0]['owner_xchan']])) {
-			drop_item($r[0]['id'], false, (($r[0]['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
+			drop_item($r[0]['id'], (($r[0]['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL), observer_hash: $observer);
 		} elseif (in_array($act->actor['id'], [$r[0]['author_xchan'], $r[0]['owner_xchan']])) {
-			drop_item($r[0]['id'], false, (($r[0]['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
+			drop_item($r[0]['id'], (($r[0]['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
 		}
 
 		sync_an_item($channel['channel_id'], $r[0]['id']);
@@ -1676,9 +1718,9 @@ class Activity {
 			return;
 		}
 
-		$name = $person_obj['name'] ?? '';
+		$name = ((isset($person_obj['name'])) ? escape_tags($person_obj['name']) : '');
 		if (!$name) {
-			$name = $person_obj['preferredUsername'] ?? '';
+			$name = ((isset($person_obj['preferredUsername'])) ? escape_tags($person_obj['preferredUsername']) : '');
 		}
 		if (!$name) {
 			$name = t('Unknown');
@@ -1687,13 +1729,11 @@ class Activity {
 		$webfinger_addr = ((isset($person_obj['webfinger'])) ? str_replace('acct:', '', $person_obj['webfinger']) : '');
 		$hostname = '';
 		$baseurl  = '';
-		$site_url = '';
 
 		$m = parse_url($url);
 		if ($m) {
-			$hostname = $m['host'];
-			$baseurl  = $m['scheme'] . '://' . $m['host'] . ((isset($m['port'])) ? ':' . $m['port'] : '');
-			$site_url = $m['scheme'] . '://' . $m['host'];
+			$hostname = unparse_url($m, ['host']);
+			$baseurl  = unparse_url($m, ['scheme', 'host', 'port']);
 		}
 
 		if (!$webfinger_addr && !empty($person_obj['preferredUsername']) && $hostname) {
@@ -1795,7 +1835,7 @@ class Activity {
 
 			q("UPDATE site SET site_update = '%s', site_dead = 0 WHERE site_url = '%s'",
 				dbesc(datetime_convert()),
-				dbesc($site_url)
+				dbesc($baseurl)
 			);
 
 			// update existing xchan record
@@ -1906,129 +1946,173 @@ class Activity {
 
 	}
 
-	static function update_poll($item_id, $post) {
+	static function update_poll($pollItem, $response) {
 
-		$multi   = false;
-		$mid     = $post['mid'];
-		$content = $post['title'];
+		logger('updating poll');
 
-		if (!$item_id) {
+		$multi = false;
+
+		if (!$pollItem) {
+			logger('no item');
 			return false;
 		}
 
-		if (intval($post['item_blocked']) === ITEM_MODERATED) {
+		if (intval($pollItem['item_blocked']) === ITEM_MODERATED) {
+			logger('item blocked');
 			return false;
 		}
 
+		$channel = channelx_by_n($pollItem['uid']);
+		if (!$channel) {
+			logger('no channel');
+			return false;
+		}
+
+		$relatedItem = find_related($pollItem);
+
+		$ids = (($relatedItem) ? $pollItem['id'] . ',' . $relatedItem['id'] : $pollItem['id']);
+
 		dbq("START TRANSACTION");
+		// Using the provided items as is will produce desastrous race conditions
+		// in case of multiple choice polls - hence:
 
-		$item = q("SELECT * FROM item WHERE id = %d FOR UPDATE",
-			intval($item_id)
-		);
+		$items = dbq("SELECT * FROM item WHERE id in ($ids) FOR UPDATE");
 
-		if (!$item) {
-			dbq("COMMIT");
-			return false;
+		foreach ($items as $item) {
+			if ($item['id'] === $pollItem['id']) {
+				$pollItem = $item;
+			}
+			if (!empty($relatedItem['id']) && $item['id'] === $relatedItem['id']) {
+				$relatedItem = $item;
+			}
 		}
 
-		$item = $item[0];
+		$o = json_decode($pollItem['obj'], true);
 
-		$o = json_decode($item['obj'], true);
 		if ($o && array_key_exists('anyOf', $o)) {
 			$multi = true;
 		}
 
-		$r = q("select mid, title from item where parent_mid = '%s' and author_xchan = '%s'",
-			dbesc($item['mid']),
-			dbesc($post['author_xchan'])
-		);
+		if ($response) {
+			$mid = $response['mid'];
+			$content = trim($response['title']);
 
-		// prevent any duplicate votes by same author for oneOf and duplicate votes with same author and same answer for anyOf
-
-		if ($r) {
-			if ($multi) {
-				foreach ($r as $rv) {
-					if ($rv['title'] === $content && $rv['mid'] !== $mid) {
-						return false;
-					}
-				}
-			}
-			else {
-				foreach ($r as $rv) {
-					if ($rv['mid'] !== $mid) {
-						return false;
-					}
-				}
-			}
-		}
-
-		$answer_found = false;
-		$found        = false;
-		if ($multi) {
-			for ($c = 0; $c < count($o['anyOf']); $c++) {
-				if ($o['anyOf'][$c]['name'] === $content) {
-					$answer_found = true;
-					if (is_array($o['anyOf'][$c]['replies'])) {
-						foreach ($o['anyOf'][$c]['replies'] as $reply) {
-							if (is_array($reply) && array_key_exists('id', $reply) && $reply['id'] === $mid) {
-								$found = true;
-							}
-						}
-					}
-
-					if (!$found) {
-						$o['anyOf'][$c]['replies']['totalItems']++;
-						$o['anyOf'][$c]['replies']['items'][] = ['id' => $mid, 'type' => 'Note'];
-					}
-				}
-			}
-		}
-		else {
-			for ($c = 0; $c < count($o['oneOf']); $c++) {
-				if ($o['oneOf'][$c]['name'] === $content) {
-					$answer_found = true;
-					if (is_array($o['oneOf'][$c]['replies'])) {
-						foreach ($o['oneOf'][$c]['replies'] as $reply) {
-							if (is_array($reply) && array_key_exists('id', $reply) && $reply['id'] === $mid) {
-								$found = true;
-							}
-						}
-					}
-
-					if (!$found) {
-						$o['oneOf'][$c]['replies']['totalItems']++;
-						$o['oneOf'][$c]['replies']['items'][] = ['id' => $mid, 'type' => 'Note'];
-					}
-				}
-			}
-		}
-		logger('updated_poll: ' . print_r($o, true), LOGGER_DATA);
-		if ($answer_found && !$found) {
-			$u = q("update item set obj = '%s', edited = '%s' where id = %d",
-				dbesc(json_encode($o)),
-				dbesc(datetime_convert()),
-				intval($item['id'])
+			$r = q("select mid, title from item where parent_mid = '%s' and author_xchan = '%s' and mid != parent_mid ",
+				dbesc($pollItem['mid']),
+				dbesc($response['author_xchan'])
 			);
 
-			if ($u) {
-				dbq("COMMIT");
+			// prevent any duplicate votes by same author for oneOf and duplicate votes with same author and same answer for anyOf
 
+			if ($r) {
 				if ($multi) {
-					// wait some seconds for possible multiple answers to be processed
-					// before calling the notifier
-					sleep(3);
+					foreach ($r as $rv) {
+						if (trim($rv['title']) === $content && $rv['mid'] !== $mid) {
+							logger('already voted multi');
+							return false;
+						}
+					}
+				} else {
+					foreach ($r as $rv) {
+						if ($rv['mid'] !== $mid && $content) {
+							logger('already voted');
+							return false;
+						}
+					}
 				}
-
-				Master::Summon(['Notifier', 'wall-new', $item['id']]);
-				return true;
 			}
 
-			dbq("ROLLBACK");
+			$answer_found = false;
+			$foundPrevious = false;
+			if ($multi) {
+				for ($c = 0; $c < count($o['anyOf']); $c++) {
+					if (trim($o['anyOf'][$c]['name']) === $content) {
+						$answer_found = true;
 
+
+						if (is_array($o['anyOf'][$c]['replies'])) {
+							foreach ($o['anyOf'][$c]['replies'] as $reply) {
+								if (is_array($reply) && array_key_exists('id', $reply) && $reply['id'] === $mid) {
+									$foundPrevious = true;
+								}
+							}
+						}
+
+						if (!$foundPrevious) {
+							$o['anyOf'][$c]['replies']['totalItems']++;
+							$o['anyOf'][$c]['replies']['items'][] = ['id' => $mid, 'type' => 'Note'];
+						}
+					}
+				}
+			} else {
+				for ($c = 0; $c < count($o['oneOf']); $c++) {
+					if (trim($o['oneOf'][$c]['name']) === $content) {
+						$answer_found = true;
+						if (is_array($o['oneOf'][$c]['replies'])) {
+							foreach ($o['oneOf'][$c]['replies'] as $reply) {
+								if (is_array($reply) && array_key_exists('id', $reply) && $reply['id'] === $mid) {
+									$foundPrevious = true;
+								}
+							}
+						}
+
+						if (!$foundPrevious) {
+							$o['oneOf'][$c]['replies']['totalItems']++;
+							$o['oneOf'][$c]['replies']['items'][] = ['id' => $mid, 'type' => 'Note'];
+						}
+					}
+				}
+			}
+		}
+		if ($pollItem['comments_closed'] > NULL_DATE) {
+			if ($pollItem['comments_closed'] > datetime_convert()) {
+				$o['closed'] = datetime_convert('UTC', 'UTC', $pollItem['comments_closed'], ATOM_TIME);
+				// set this to force an update
+				$answer_found = true;
+			}
 		}
 
-		dbq("COMMIT");
-		return false;
+		// A change was made locally
+		if ($response && $answer_found && !$foundPrevious) {
+
+			// update this copy
+			$i = [$pollItem];
+			xchan_query($i, true);
+			$i = fetch_post_tags($i);
+			$i[0]['obj'] = $o;
+
+			$edited = datetime_convert();
+			$i[0]['edited'] = $edited;
+
+			// create the new object
+			$newObj = self::build_packet(self::encode_activity($i[0]), $channel, true);
+
+			// and immediately update the db
+			$u = q("UPDATE item
+				SET obj = (
+					CASE
+					WHEN item.id = %d THEN '%s'
+					WHEN item.id = %d THEN '%s'
+					END
+				),
+				edited = '%s'
+				WHERE id IN ($ids)",
+				intval($pollItem['id']),
+				dbesc(json_encode($o)),
+				intval($relatedItem['id']),
+				dbesc($newObj),
+				dbesc($edited)
+			);
+
+			dbq("COMMIT");
+
+			Master::Summon(['Notifier', 'edit_post', $pollItem['id'], $response['mid']]);
+			if (!empty($relatedItem['id'])) {
+				Master::Summon(['Notifier', 'edit_post', $relatedItem['id'], $response['mid']]);
+			}
+		}
+
+		return true;
 	}
 
 	static function decode_note($act) {
@@ -2225,6 +2309,8 @@ class Activity {
 
 		if ($s['mid'] === $s['parent_mid']) {
 			$s['item_thread_top'] = 1;
+			$s['item_nocomment'] = 0;
+			$s['comments_closed'] = NULL_DATE;
 
 			// it is a parent node - decode the comment policy info if present
 			if ($act->objprop('commentPolicy')) {
@@ -2232,7 +2318,7 @@ class Activity {
 				if ($until !== false) {
 					$s['comments_closed'] = datetime_convert('UTC', 'UTC', substr($act->obj['commentPolicy'], $until + 6));
 					if ($s['comments_closed'] < datetime_convert()) {
-						$s['nocomment'] = true;
+						$s['item_nocomment'] = 1;
 					}
 				}
 
@@ -2284,6 +2370,16 @@ class Activity {
 			$s['obj']['actor'] = $s['obj']['actor']['id'];
 		}
 
+		if (is_array($act->tgt) && $act->tgt) {
+			if (array_key_exists('type', $act->tgt)) {
+				$s['tgt_type'] = self::activity_obj_mapper($act->tgt['type']);
+			}
+			// We shouldn't need to store collection contents which could be large. We will often only require the meta-data
+			if (isset($s['tgt_type']) && str_contains($s['tgt_type'], 'Collection')) {
+				$s['target'] = ['id' => $act->tgt['id'], 'type' => $s['tgt_type'], 'attributedTo' => $act->tgt['attributedTo'] ?? $act->tgt['actor']];
+			}
+		}
+
 		$generator = $act->get_property_obj('generator');
 		if ((!$generator) && (!$response_activity)) {
 			$generator = $act->get_property_obj('generator', $act->obj);
@@ -2589,6 +2685,7 @@ class Activity {
 			}
 		}
 
+
 		if (!$ap_rawmsg && array_key_exists('signed', $raw_arr)) {
 			// zap
 			$ap_rawmsg = json_encode($act->data, JSON_UNESCAPED_SLASHES);
@@ -2622,8 +2719,7 @@ class Activity {
 		return $hookinfo['s'];
 
 	}
-
-	static function store($channel, $observer_hash, $act, $item, $fetch_parents = true, $force = false) {
+	static function store($channel, $observer_hash, $act, $item, $fetch_parents = true, $force = false, $is_collection_operation = false) {
 		$is_sys_channel = is_sys_channel($channel['channel_id']);
 		$is_child_node  = false;
 		$parent = null;
@@ -2654,6 +2750,8 @@ class Activity {
 		}
 
 		$allowed = false;
+		$relay = false;
+
 		$permit_mentions = intval(PConfig::Get($channel['channel_id'], 'system','permit_all_mentions') && i_am_mentioned($channel, $item));
 
 		if ($is_child_node) {
@@ -2680,13 +2778,22 @@ class Activity {
 				return;
 			}
 
+			$relay = $channel['channel_hash'] === $parent[0]['owner_xchan'];
+
+			if (str_contains($parent[0]['tgt_type'], 'Collection') && !$relay && !$isCollectionOperation) {
+				logger('not a collection activity');
+				return;
+			}
+
 			if ($parent[0]['obj_type'] === 'Question') {
 				if (in_array($item['obj_type'], ['Note', ACTIVITY_OBJ_COMMENT]) && $item['title'] && (!$item['body'])) {
 					$item['obj_type'] = 'Answer';
+					$item['item_hidden'] = 1;
 				}
 			}
 
 			if ($parent[0]['item_wall']) {
+
 				// set the owner to the owner of the parent
 				$item['owner_xchan'] = $parent[0]['owner_xchan'];
 
@@ -2867,6 +2974,13 @@ class Activity {
 		// This isn't perfect but the best we can do for now.
 		$item['comment_policy'] = ((isset($act->data['commentPolicy'])) ? $act->data['commentPolicy'] : 'authenticated');
 
+		if (!empty($act->obj['contextHistory'])) {
+			IConfig::Set($item, 'activitypub', 'context', $act->obj['contextHistory'], 1);
+		}
+		elseif (!empty($act->obj['context'])) {
+			IConfig::Set($item, 'activitypub', 'context', $act->obj['context'], 1);
+		}
+
 		IConfig::Set($item, 'activitypub', 'recips', $act->raw_recips);
 
 		if (intval($act->sigok)) {
@@ -2937,17 +3051,48 @@ class Activity {
 			dbesc($item['mid']),
 			intval($item['uid'])
 		);
+
 		if ($r) {
 			if ($item['edited'] > $r[0]['edited']) {
 				$item['id'] = $r[0]['id'];
-				$x          = item_store_update($item);
+				$x = item_store_update($item, deliver: false);
 			}
 			else {
 				return;
 			}
 		}
 		else {
-			$x = item_store($item);
+			$x = item_store($item, deliver: false, addAndSync: false);
+		}
+
+		if ($x['success']) {
+
+			if ($relay && $channel['channel_hash'] === $x['item']['owner_xchan'] && $x['item']['verb'] !== 'Add' && !$isCollectionOperation) {
+				$approval = Activity::addToCollection($channel, $act->data, $x['item']['parent_mid'], $x['item'], deliver: false);
+			}
+
+			if (check_item_source($channel['channel_id'], $x['item']) && in_array($x['item']['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) {
+				event_addtocal($x['item_id'], $channel['channel_id']);
+			}
+
+			tag_deliver($channel['channel_id'], $x['item_id']);
+
+			if ($relay && $is_child_node) {
+				// We are the owner of this conversation, so send all received comments back downstream
+				Master::Summon(['Notifier', 'comment-import', $x['item_id']]);
+				if (!empty($approval['item_id'])) {
+					Master::Summon(['Notifier', 'comment-import', $approval['item_id']]);
+				}
+			}
+
+			$r = q("select * from item where id = %d limit 1",
+				intval($x['item_id'])
+			);
+
+			if ($r) {
+				send_status_notifications($x['item_id'], $r[0]);
+			}
+			sync_an_item($channel['channel_id'], $x['item_id']);
 		}
 
 		if ($fetch_parents && $parent && !intval($parent[0]['item_private'])) {
@@ -2974,28 +3119,6 @@ class Activity {
 				}
 			}
 		}
-
-		if ($x['success']) {
-
-			if (check_item_source($channel['channel_id'], $x['item']) && in_array($x['item']['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) {
-				event_addtocal($x['item_id'], $channel['channel_id']);
-			}
-
-			if ($is_child_node) {
-				if ($item['owner_xchan'] === $channel['channel_hash']) {
-					// We are the owner of this conversation, so send all received comments back downstream
-					Master::Summon(['Notifier', 'comment-import', $x['item_id']]);
-				}
-				$r = q("select * from item where id = %d limit 1",
-					intval($x['item_id'])
-				);
-				if ($r) {
-					send_status_notifications($x['item_id'], $r[0]);
-				}
-			}
-			sync_an_item($channel['channel_id'], $x['item_id']);
-		}
-
 	}
 
 	/**
@@ -3574,6 +3697,8 @@ class Activity {
 
 		return [
 			'zot'              => z_root() . '/apschema#',
+
+			'contextHistory'   => 'https://w3id.org/fep/171b/contextHistory',
 			'schema'           => 'http://schema.org#',
 			'ostatus'          => 'http://ostatus.org#',
 			'diaspora'         => 'https://diasporafoundation.org/ns/',
@@ -3597,7 +3722,6 @@ class Activity {
 
 			'manuallyApprovesFollowers' => 'as:manuallyApprovesFollowers',
 			'Hashtag'          => 'as:Hashtag'
-
 		];
 
 	}
@@ -3676,5 +3800,76 @@ class Activity {
 		}
 	}
 
+	public static function addToCollection($channel, $object, $target, $sourceItem = null, $deliver = true) {
+		if (!isset($channel['xchan_hash'])) {
+			$channel = channelx_by_hash($channel['channel_hash']);
+		}
+
+		$item = ((new Item())
+			->setUid($channel['channel_id'])
+			->setVerb('Add')
+			->setAuthorXchan($channel['channel_hash'])
+			->setOwnerXchan($channel['channel_hash'])
+			->setObj($object)
+			->setObjType($object['type'])
+			->setParentMid(str_replace('/conversation/','/item/', $target))
+			->setThrParent(str_replace('/conversation/','/item/', $target))
+			->setTgtType('Collection')
+			->setTarget([
+				'id' => str_replace('/item/','/conversation/', $target),
+				'type' => 'Collection',
+				'attributedTo' => z_root() . '/channel/' . $channel['channel_address'],
+			])
+		);
+		if ($sourceItem) {
+			$item->setSourceXchan($sourceItem['source_xchan'])
+				->setAllowCid($sourceItem['allow_cid'])
+				->setAllowGid($sourceItem['allow_gid'])
+				->setDenyCid($sourceItem['deny_cid'])
+				->setDenyGid($sourceItem['deny_gid'])
+				->setPrivate($sourceItem['item_private'])
+				->setRestrict($sourceItem['item_restrict'])
+				->setHidden($sourceItem['item_hidden'])
+				->setDelayed($sourceItem['item_delayed'])
+				->setUnpublished($sourceItem['item_unpublished'])
+				->setBlocked($sourceItem['item_blocked'])
+				->setType($sourceItem['item_type'])
+				->setCommentPolicy($sourceItem['comment_policy'])
+				->setPublicPolicy($sourceItem['public_policy'])
+				->setPostopts($sourceItem['postopts']);
+		}
+		$result = post_activity_item($item->toArray(), deliver: $deliver, channel: $channel, observer: $channel, addAndSync: false);
+		logger('addToCollection: ' . print_r($result, true));
+
+		return $result;
+	}
+
+	public static function removeFromCollection($channel, $object, $target, $deliver = true) {
+		if (!isset($channel['xchan_hash'])) {
+			$channel = channelx_by_hash($channel['channel_hash']);
+		}
+
+		$item = ((new Item())
+			->setUid($channel['channel_id'])
+			->setVerb('Remove')
+			->setAuthorXchan($channel['channel_hash'])
+			->setOwnerXchan($channel['channel_hash'])
+			->setObj($object)
+			->setObjType($object['type'])
+			->setParentMid(str_replace('/conversation/','/item/', $target))
+			->setThrParent(str_replace('/conversation/','/item/', $target))
+			->setReplyto(z_root() . '/channel/' . $channel['channel_address'])
+			->setTgtType('Collection')
+			->setTarget([
+				'id' => str_replace('/item/','/conversation/', $target),
+				'type' => 'Collection',
+				'attributedTo' => z_root() . '/channel/' . $channel['channel_address']
+			])
+		);
+
+		$result = post_activity_item($item->toArray(), deliver: $deliver, channel: $channel, observer: $channel, addAndSync: false);
+		logger('removeFromCollection: ' . print_r($result, true));
+		return $result;
+	}
 
 }

Zotlabs/Lib/BaseObject.php

@@ -0,0 +1,80 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\ActivityStreams\UnhandledElementException;
+
+class BaseObject
+{
+
+    public $string;
+    public $ldContext;
+
+    /**
+     * @param $input
+     * @param $strict
+     * @throws UnhandledElementException if $strict
+     */
+
+    public function __construct($input = null, $strict = false)
+    {
+        if (isset($input)) {
+            if (is_string($input)) {
+                $this->string = $input;
+            }
+            elseif(is_array($input)) {
+                foreach ($input as $key => $value) {
+                    $key = ($key === '@context') ? 'ldContext' : $key;
+                    if ($strict && !property_exists($this, $key)) {
+                        throw new UnhandledElementException("Unhandled element: $key");
+                    }
+                    $this->{$key} = $value;
+                }
+            }
+        }
+        return $this;
+    }
+
+    public function getDataType($element, $object = null)
+    {
+        $object = $object ?? $this;
+        $type = gettype($object[$element]);
+        if ($type === 'array' && array_is_list($object[$element])) {
+            return 'list';
+        }
+        return $type;
+    }
+
+    public function toArray()
+    {
+        if ($this->string) {
+            return $this->string;
+        }
+        $returnValue = [];
+        foreach ((array) $this as $key => $value) {
+            if (isset($value)) {
+                $key = ($key === 'ldContext') ? '@context' : $key;
+                $returnValue[$key] = (($value instanceof BaseObject) ? $value->toArray() : $value);
+            }
+        }
+        return $returnValue;
+    }
+
+    /**
+     * @return mixed
+     */
+    public function getLdContext()
+    {
+        return $this->ldContext;
+    }
+
+    /**
+     * @param mixed $ldContext
+     * @return BaseObject
+     */
+    public function setLdContext($ldContext)
+    {
+        $this->ldContext = $ldContext;
+        return $this;
+    }
+}

Zotlabs/Lib/Chatroom.php

@@ -181,7 +181,7 @@ class Chatroom {
 	}
 
 
-	function leave($observer_xchan, $room_id, $client) {
+	public static function leave($observer_xchan, $room_id, $client) {
 		if(! $room_id || ! $observer_xchan)
 			return;
 

Zotlabs/Lib/Connect.php

@@ -24,10 +24,16 @@ class Connect {
 
 		$uid = $channel['channel_id'];
 
-		if (strpos($url,'@') === false && strpos($url,'/') === false) {
+		// If we get just a channel name and it is not an URL turn it into a local webbie
+		if (!str_contains($url, '@') && strpos($url,'/') === false) {
 			$url = $url . '@' . App::get_hostname();
 		}
 
+		// Remove a possible leading @
+		if (str_starts_with($url, '@')) {
+			$url = ltrim($url, '@');
+		}
+
 		$result = [ 'success' => false, 'message' => '' ];
 
 		$my_perms = false;

Zotlabs/Lib/DB_Upgrade.php

@@ -1,18 +1,35 @@
 <?php
+/**
+ * A class to handle database schema upgrades.
+ *
+ * SPDX-FileCopyrightText: 2024 Hubzilla Community
+ * SPDX-FileContributor: Harald Eilertsen
+ *
+ * SPDX-License-Identifier: MIT
+ */
 
 namespace Zotlabs\Lib;
 
 use Zotlabs\Lib\Config;
 
+/**
+ * Upgrade the database schema if necessary.
+ *
+ * Compares the currently active database schema version with the version
+ * required for this version of Hubzilla, and performs the upgrade if needed.
+ *
+ * If the difference consists of more than one revision of the schema, each of
+ * the intermediate upgrades are performed in turn.
+ */
 class DB_Upgrade {
 
-	public $config_name = '';
-	public $func_prefix = '';
-
-	function __construct($db_revision) {
-
-		$this->config_name = 'db_version';
-		$this->func_prefix = '_';
+	/**
+	 * Check the installed and required schema versions and perform the upgrade
+	 * if necessary.
+	 *
+	 * @param int $db_version	The required DB schema version.
+	 */
+	public static function run(int $db_revision): void {
 
 		$build = Config::Get('system', 'db_version', 0);
 		if(! intval($build))

Zotlabs/Lib/Enotify.php

@@ -213,28 +213,36 @@ class Enotify {
 		//$possess_desc = str_replace('<!item_type!>',$possess_desc);
 
 		// "a post"
-		$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]a %4$s[/zrl]'),
+		$dest_str = sprintf(
+			t('%1$s %2$s [zrl=%3$s]a %4$s[/zrl]'),
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$action,
 			$itemlink,
-			$item_post_type);
+			$item_post_type
+		);
 
 		// "George Bull's post"
-		if($p)
-			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]%4$s\'s %5$s[/zrl]'),
+		if($p) {
+			$dest_str = sprintf(
+				t('%1$s %2$s [zrl=%3$s]%4$s\'s %5$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$action,
 				$itemlink,
-				$p[0]['author']['xchan_name'],
-				$item_post_type);
+				$parent_item['author']['xchan_name'],
+				$item_post_type
+			);
+		}
 
 		// "your post"
-		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
-			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
+		if ($parent_item['owner']['xchan_hash'] === $recip['channel_hash'] && intval($parent_item['item_wall'])) {
+			$dest_str = sprintf(
+				t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$action,
 				$itemlink,
-				$item_post_type);
+				$item_post_type
+			);
+		}
 
 		// Some mail softwares relies on subject field for threading.
 		// So, we cannot have different subjects for notifications of the same thread.
@@ -308,7 +316,6 @@ class Enotify {
 		$item_post_type = item_post_type($p[0]);
 //		$private = $p[0]['item_private'];
 		$parent_id = $p[0]['id'];
-
 		$parent_item = $p[0];
 
 		//$verb = ((activity_match($params['item']['verb'], ACTIVITY_DISLIKE)) ? t('disliked') : t('liked'));
@@ -321,13 +328,14 @@ class Enotify {
 			$verb = (($moderated) ? t('requested to dislike') : t('disliked'));
 
 		// "your post"
-		if($p[0]['owner']['xchan_name'] === $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
+		if ($parent_item['author']['xchan_hash'] === $recip['channel_hash']) {
 			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$verb,
 				$itemlink,
 				$item_post_type
 			);
+		}
 		else {
 			pop_lang();
 			return;
@@ -406,6 +414,7 @@ class Enotify {
 	}
 
 	elseif (isset($params['type']) && $params['type'] === NOTIFY_TAGSHARE) {
+		$itemlink =  $params['link'];
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged your post') , $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s tagged your post at %2$s'),$sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') ,
@@ -415,7 +424,6 @@ class Enotify {
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
 		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
-		$itemlink =  $params['link'];
 	}
 
 	elseif (isset($params['type']) && $params['type'] === NOTIFY_INTRO) {
@@ -433,6 +441,7 @@ class Enotify {
 	}
 
 	elseif (isset($params['type']) && $params['type'] === NOTIFY_SUGGEST) {
+		$itemlink =  $params['link'];
 		$subject = sprintf( t('[$Projectname:Notify] Friend suggestion received'));
 		$preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'),
@@ -447,7 +456,6 @@ class Enotify {
 		$sitelink = t('Please visit %s to approve or reject the suggestion.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
 		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
-		$itemlink =  $params['link'];
 	}
 
 	elseif (isset($params['type']) && $params['type'] === NOTIFY_CONFIRM) {
@@ -595,7 +603,7 @@ class Enotify {
 
 	// send email notification if notification preferences permit
 
-	require_once('bbcode.php');
+	require_once('include/bbcode.php');
 	if ((intval($recip['channel_notifyflags']) & intval($params['type'])) || $params['type'] == NOTIFY_SYSTEM) {
 
 		logger('notification: sending notification email');

Zotlabs/Lib/Libsync.php

@@ -885,7 +885,7 @@ class Libsync {
 							dbesc($t)
 						);
 
-						q("update hubloc set hubloc_error = 1, hubloc_deleted = 1 where hubloc_url = '%s' and hubloc_sitekey != '%s'",
+						q("update hubloc set hubloc_error = 1, hubloc_deleted = 1 where hubloc_url = '%s' and hubloc_sitekey != '%s' and hubloc_network = 'zot6'",
 							dbesc($r[0]['hubloc_url']),
 							dbesc($r[0]['hubloc_sitekey'])
 						);

Zotlabs/Lib/Libzot.php

@@ -655,6 +655,11 @@ class Libzot {
 			return $ret;
 		}
 
+		if (empty($arr['primary_location']['address'])) {
+			logger('Empty primary location address: ' . print_r($arr, true), LOGGER_DEBUG);
+			return $ret;
+		}
+
 		/**
 		 * @hooks import_xchan
 		 *   Called when processing the result of zot_finger() to store the result
@@ -1134,6 +1139,7 @@ class Libzot {
 		}
 
 		$message_request = false;
+		$is_collection_operation = false;
 
 
 		$has_data = array_key_exists('data', $env) && $env['data'];
@@ -1141,15 +1147,37 @@ class Libzot {
 
 		$AS = null;
 
+
 		if ($env['encoding'] === 'activitystreams') {
 
 			$AS = new ActivityStreams($data);
-			if (!$AS->is_valid()) {
-				logger('Activity rejected: ' . print_r($data, true));
-				return;
+
+			// process add/remove from collection separately, as it requires a target.
+			// use the data object, as it will not include actor expansion
+			if (in_array($AS->type, ['Add', 'Remove'])
+				&& is_array($AS->obj)
+				&& array_key_exists('object', $AS->obj)
+				&& array_key_exists('actor', $AS->obj)
+				&& !empty($AS->tgt)) {
+
+				logger('relayed collection operation', LOGGER_DEBUG);
+				$is_collection_operation = true;
+
+				$original_id = $AS->id;
+				$original_type = $AS->type;
+
+				$raw_activity = $AS->data;
+
+				$AS = new ActivityStreams($raw_activity['object'], portable_id: $env['sender']);
+
+				// Store the original activity id and type for later usage
+				$AS->meta['original_id'] = $original_id;
+				$AS->meta['original_type'] = $original_type;
 			}
+
 			if (is_array($AS->obj)) {
 				$item = Activity::decode_note($AS);
+
 				if (!$item) {
 					logger('Could not decode activity: ' . print_r($AS, true));
 					return;
@@ -1158,6 +1186,12 @@ class Libzot {
 			else {
 				$item = [];
 			}
+
+			if (!$AS->is_valid()) {
+				logger('Activity rejected: ' . print_r($data, true));
+				return;
+			}
+
 			logger($AS->debug(), LOGGER_DATA);
 
 		}
@@ -1198,7 +1232,6 @@ class Libzot {
 
 			logger('public post');
 
-
 			// Public post. look for any site members who are or may be accepting posts from this sender
 			// and who are allowed to see them based on the sender's permissions
 			// @fixme;
@@ -1265,25 +1298,6 @@ class Libzot {
 					$item['item_private'] = 1;
 				}
 
-				if ($item['mid'] === $item['parent_mid']) {
-					if (is_array($AS->obj) && array_key_exists('commentPolicy', $AS->obj)) {
-						$p = strstr($AS->obj['commentPolicy'], 'until=');
-						if ($p !== false) {
-							$comments_closed_at = datetime_convert('UTC', 'UTC', substr($p, 6));
-							if ($comments_closed_at === $item['created']) {
-								$item['item_nocomment'] = 1;
-							}
-							else {
-								$item['comments_closed'] = $comments_closed_at;
-								$aritemr['comment_policy']  = trim(str_replace($p, '', $AS->obj['commentPolicy']));
-							}
-						}
-						else {
-							$item['comment_policy'] = $AS->obj['commentPolicy'];
-						}
-					}
-				}
-
 				if (!empty($AS->meta['hubloc']) || $AS->sigok) {
 					$item['item_verified'] = true;
 				}
@@ -1301,7 +1315,7 @@ class Libzot {
 
 				$relay = (($env['type'] === 'response') ? true : false);
 
-				$result = self::process_delivery($env['sender'], $AS, $item, $deliveries, $relay, false, $message_request);
+				$result = self::process_delivery($env['sender'], $AS, $item, $deliveries, $relay, false, $message_request, false, $is_collection_operation);
 
 				Activity::init_background_fetch($env['sender']);
 			}
@@ -1517,7 +1531,7 @@ class Libzot {
 	 * @return array
 	 */
 
-	static function process_delivery($sender, $act, $arr, $deliveries, $relay, $public = false, $request = false, $force = false) {
+	static function process_delivery($sender, $act, $arr, $deliveries, $relay, $public = false, $request = false, $force = false, $is_collection_operation = false) {
 		$result = [];
 
 		// We've validated the sender. Now make sure that the sender is the owner or author
@@ -1545,6 +1559,14 @@ class Libzot {
 
 			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
 
+			$conversation_operation = $is_collection_operation && isset($arr['target']['attributedTo']);
+
+			if (isset($arr['tgt_type']) && str_contains($arr['tgt_type'], 'Collection') && !$relay && !$conversation_operation) {
+				$DR->update('not a collection activity');
+				$result[] = $DR->get();
+				continue;
+			}
+
 			if (($act) && ($act->obj) && (!is_array($act->obj))) {
 				// The initial object fetch failed using the sys channel credentials.
 				// Try again using the delivery channel credentials.
@@ -1578,6 +1600,8 @@ class Libzot {
 			 *
 			 */
 
+
+
 			if ($sender === $channel['channel_hash'] && $arr['author_xchan'] === $channel['channel_hash'] && !str_starts_with($arr['mid'], z_root())) {
 				$DR->update('self delivery ignored');
 				$result[] = $DR->get();
@@ -1624,15 +1648,6 @@ class Libzot {
 			if (intval($channel['channel_system']) && (!$arr['item_private']) && (!$relay)) {
 				$local_public = true;
 
-				$r = q("select xchan_selfcensored from xchan where xchan_hash = '%s' limit 1",
-					dbesc($sender)
-				);
-				// don't import sys channel posts from selfcensored authors
-				if ($r && (intval($r[0]['xchan_selfcensored']))) {
-					$local_public = false;
-					continue;
-				}
-
 				$incl = Config::Get('system','pubstream_incl');
 				$excl = Config::Get('system','pubstream_excl');
 
@@ -1640,6 +1655,17 @@ class Libzot {
 					$local_public = false;
 					continue;
 				}
+
+				$r = q("select xchan_selfcensored, xchan_censored from xchan where xchan_hash = '%s'",
+					dbesc($sender)
+				);
+
+				// don't import sys channel posts from selfcensored or censored authors
+				if ($r && ($r[0]['xchan_selfcensored'] || $r[0]['xchan_censored'])) {
+					$local_public = false;
+					continue;
+				}
+
 			}
 
 			$tag_delivery = tgroup_check($channel['channel_id'], $arr);
@@ -1701,6 +1727,7 @@ class Libzot {
 					// If this is a poll response, convert the obj_type to our (internal-only) "Answer" type
 					if (in_array($arr['obj_type'], ['Note', ACTIVITY_OBJ_COMMENT]) && $arr['title'] && (!$arr['body'])) {
 						$arr['obj_type'] = 'Answer';
+						$arr['item_hidden'] = 1;
 					}
 				}
 
@@ -1826,11 +1853,19 @@ class Libzot {
 				dbesc($arr['author_xchan'])
 			);
 
-			// reactions such as like and dislike could	have an	mid with /activity/ in it.
+			// If we import an add/remove activity ($is_collection_operation) we strip off the
+			// add/remove part and only process the object.
+			// When looking up the item to pass it to the notifier for relay, we need to look up
+			// the original (stripped off) message id which we stored in $act->meta.
+
+			$sql_mid = (($is_collection_operation && $relay && $channel['channel_hash'] === $arr['owner_xchan']) ? $act->meta['original_id'] : $arr['mid']);
+
+			// Reactions such as like and dislike could	have an	mid with /activity/ in it.
 			// Check for both forms in order to prevent duplicates.
-			$r = q("select * from item where mid in ('%s','%s') and uid = %d limit 1",
-				dbesc($arr['mid']),
-				dbesc(str_replace(z_root() . '/activity/', z_root() . '/item/', $arr['mid'])),
+
+			$r = q("select * from item where mid in ('%s', '%s') and uid = %d limit 1",
+				dbesc($sql_mid),
+				dbesc(reverse_activity_mid($sql_mid)),
 				intval($channel['channel_id'])
 			);
 
@@ -1859,21 +1894,29 @@ class Libzot {
 						$DR->update('update ignored');
 						$result[] = $DR->get();
 					}
+
+					if ($relay && $channel['channel_hash'] === $item_result['item']['owner_xchan'] && $item_result['item']['verb'] !== 'Add' && !$is_collection_operation) {
+						$approval = Activity::addToCollection($channel, $act->data, $item_result['item']['parent_mid'], $item_result['item'], deliver: false);
+					}
+
 				}
 				else {
 					$DR->update('update ignored');
 					$result[] = $DR->get();
 
-					// We need this line to ensure wall-to-wall comments are relayed (by falling through to the relay bit),
+					// We need this line to ensure wall-to-wall comments and add/remove activities are relayed (by falling through to the relay bit),
 					// and at the same time not relay any other relayable posts more than once, because to do so is very wasteful.
 					if (!intval($r[0]['item_origin']))
 						continue;
 				}
+
+
 			}
 			else {
 				$arr['aid'] = $channel['channel_account_id'];
 				$arr['uid'] = $channel['channel_id'];
 
+
 				// if it's a sourced post, call the post_local hooks as if it were
 				// posted locally so that crosspost connectors will be triggered.
 				$item_source = check_item_source($arr['uid'], $arr);
@@ -1902,10 +1945,15 @@ class Libzot {
 				}
 
 				if (post_is_importable($arr['uid'], $arr, $abook)) {
-					$item_result = item_store($arr);
+					$item_result = item_store($arr, addAndSync: false);
+
 					if ($item_result['success']) {
 						$item_id = $item_result['item_id'];
 
+						if ($relay && $channel['channel_hash'] === $item_result['item']['owner_xchan'] && $item_result['item']['verb'] !== 'Add' && !$is_collection_operation) {
+							$approval = Activity::addToCollection($channel, $act->data, $item_result['item']['parent_mid'], $item_result['item'], deliver: false);
+						}
+
 						if ($item_source && in_array($item_result['item']['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) {
 							event_addtocal($item_id, $channel['channel_id']);
 						}
@@ -1948,12 +1996,16 @@ class Libzot {
 
 			if ((is_array($stored)) && ($stored['id'] != $stored['parent'])
 				&& ($stored['author_xchan'] === $channel['channel_hash'])) {
-				retain_item($stored['item']['parent']);
+				retain_item($stored['parent']);
 			}
 
-			if ($relay && $item_id && $stored['item_blocked'] !== ITEM_MODERATED) {
+			if ($relay && $item_id && item_forwardable($stored)) {
 				logger('Invoking relay');
 				Master::Summon(['Notifier', 'relay', intval($item_id)]);
+				if (!empty($approval) && $approval['item_id']) {
+					Master::Summon(['Notifier', 'relay', intval($approval['item_id'])]);
+				}
+
 				$DR->addto_update('relayed');
 				$result[] = $DR->get();
 			}
@@ -2006,6 +2058,7 @@ class Libzot {
 		foreach ($items as $activity) {
 
 			$AS = new ActivityStreams($activity);
+
 			if ($AS->is_valid() && $AS->type === 'Announce' && is_array($AS->obj)
 				&& array_key_exists('object', $AS->obj) && array_key_exists('actor', $AS->obj)) {
 				// This is a relayed/forwarded Activity (as opposed to a shared/boosted object)
@@ -2014,6 +2067,30 @@ class Libzot {
 				$AS = new ActivityStreams($AS->obj);
 			}
 
+			// process add/remove from collection separately, as it requires a target.
+			// use the raw object, as it will not include actor expansion
+			if (in_array($AS->type, ['Add', 'Remove'])
+				&& is_array($AS->obj)
+				&& array_key_exists('object', $AS->obj)
+				&& array_key_exists('actor', $AS->obj)
+				&& !empty($AS->tgt)) {
+
+				logger('relayed collection operation', LOGGER_DEBUG);
+
+				$is_collection_operation = true;
+
+				$original_id = $AS->id;
+				$original_type = $AS->type;
+
+				$raw_activity = $AS->data;
+
+				$AS = new ActivityStreams($raw_activity['object']);
+
+				// Store the original activity id and type for later usage
+				$AS->meta['original_id'] = $original_id;
+				$AS->meta['original_type'] = $original_type;
+			}
+
 			if (!$AS->is_valid()) {
 				logger('Fetched activity rejected: ' . print_r($activity, true));
 				continue;
@@ -2207,7 +2284,7 @@ class Libzot {
 		}
 
 
-		$x = item_store_update($item);
+		$x = item_store_update($item, addAndSync: false);
 
 		// If we're updating an event that we've saved locally, we store the item info first
 		// because event_addtocal will parse the body to get the 'new' event details
@@ -2323,21 +2400,20 @@ class Libzot {
 					);
 				}
 			} else {
-                if ($stored['id'] !== $stored['parent']) {
-                    q(
-                        "update item set commented = '%s', changed = '%s' where id = %d",
-                        dbesc(datetime_convert()),
-                        dbesc(datetime_convert()),
-                        intval($stored['parent'])
-                    );
-                }
-            }
+				if ($stored['id'] !== $stored['parent']) {
+					q("update item set commented = '%s', changed = '%s' where id = %d",
+						dbesc(datetime_convert()),
+						dbesc(datetime_convert()),
+						intval($stored['parent'])
+					);
+				}
+			}
 
 
 			// Use phased deletion to set the deleted flag, call both tag_deliver and the notifier to notify downstream channels
 			// and then clean up after ourselves with a cron job after several days to do the delete_item_lowlevel() (DROPITEM_PHASE2).
 
-			drop_item($post_id, false, DROPITEM_PHASE1);
+			drop_item($post_id, DROPITEM_PHASE1, uid: $uid);
 			tag_deliver($uid, $post_id);
 		}
 

Zotlabs/Lib/Mailer.php

@@ -0,0 +1,86 @@
+<?php
+/**
+ * Mailer class for sending emails from Hubzilla.
+ *
+ * SPDX-FileCopyrightText: 2024 Hubzilla Community
+ * SPDX-FileContributor: Harald Eilertsen
+ *
+ * SPDX-License-Identifier: MIT
+ */
+
+namespace Zotlabs\Lib;
+
+use App;
+
+/**
+ * A class for sending emails.
+ *
+ * Based on the previous `z_mail` function, but adaped and made more
+ * robust and usable as a class.
+ */
+class Mailer {
+
+	public function __construct(private array $params = []) {
+	}
+
+	public function deliver(): bool {
+
+		if(empty($this->params['fromEmail'])) {
+			$this->params['fromEmail'] = Config::Get('system','from_email');
+			if(empty($this->params['fromEmail'])) {
+				$this->params['fromEmail'] = 'Administrator@' . App::get_hostname();
+			}
+		}
+
+		if(empty($this->params['fromName'])) {
+			$this->params['fromName'] = Config::Get('system','from_email_name');
+			if(empty($this->params['fromName'])) {
+				$this->params['fromName'] = System::get_site_name();
+			}
+		}
+
+		if(empty($this->params['replyTo'])) {
+			$this->params['replyTo'] = Config::Get('system','reply_address');
+			if(empty($this->params['replyTo'])) {
+				$this->params['replyTo'] = 'noreply@' . App::get_hostname();
+			}
+		}
+
+		if (!isset($this->params['additionalMailHeader'])) {
+			$this->params['additionalMailHeader'] = '';
+		}
+
+		$this->params['sent']   = false;
+		$this->params['result'] = false;
+
+		/**
+		 * @hooks email_send
+		 *   * \e params @see z_mail()
+		 */
+		call_hooks('email_send', $this->params);
+
+		if($this->params['sent']) {
+			logger('notification: z_mail returns ' . (($this->params['result']) ? 'success' : 'failure'), LOGGER_DEBUG);
+			return $this->params['result'];
+		}
+
+		$fromName = email_header_encode(html_entity_decode($this->params['fromName'],ENT_QUOTES,'UTF-8'),'UTF-8');
+		$messageSubject = email_header_encode(html_entity_decode($this->params['messageSubject'],ENT_QUOTES,'UTF-8'),'UTF-8');
+
+		$messageHeader =
+			$this->params['additionalMailHeader'] .
+			"From: $fromName <{$this->params['fromEmail']}>" . PHP_EOL .
+			"Reply-To: $fromName <{$this->params['replyTo']}>" . PHP_EOL .
+			"Content-Type: text/plain; charset=UTF-8";
+
+		// send the message
+		$res = mail(
+			$this->params['toEmail'],								// send to address
+			$messageSubject,								// subject
+			$this->params['textVersion'],
+			$messageHeader									// message headers
+		);
+		logger('notification: z_mail returns ' . (($res) ? 'success' : 'failure'), LOGGER_DEBUG);
+		return $res;
+	}
+}

Zotlabs/Lib/SuperCurl.php

@@ -1,127 +0,0 @@
-<?php
-
-namespace Zotlabs\Lib;
-
-/**
- * @brief wrapper for z_fetch_url() which can be instantiated with several built-in parameters and 
- * these can be modified and re-used. Useful for CalDAV and other processes which need to authenticate
- * and set lots of CURL options (many of which stay the same from one call to the next). 
- */
-
-
-
-
-class SuperCurl {
-
-	
-    private $auth;
-    private $url;
-
-	private $curlopt = array();
-
-	private $headers = null;
-    public $filepos = 0;
-	public $filehandle = 0;
-    public $request_data = '';
-
-	private $request_method = 'GET';
-	private $upload = false;
-	private $cookies = false;
-
-
-    private function set_data($s) {
-        $this->request_data = $s;
-        $this->filepos = 0;
-    }
-
-    public function curl_read($ch,$fh,$size) {
-
-        if($this->filepos < 0) {
-            unset($fh);
-            return '';
-        }
-
-        $s = substr($this->request_data,$this->filepos,$size);
-
-        if(strlen($s) < $size)
-            $this->filepos = (-1);
-        else
-            $this->filepos = $this->filepos + $size;
-
-        return $s;
-    }
-
-
-	public function __construct($opts = array()) {
-		$this->set($opts);
-	}
-
-	private function set($opts = array()) {
-		if($opts) {
-			foreach($opts as $k => $v) {
-				switch($k) {
-					case 'http_auth':
-						$this->auth = $v;
-						break;
-					case 'magicauth':
-						// currently experimental
-						$this->magicauth = $v;
-						\Zotlabs\Daemon\Master::Summon([ 'CurlAuth', $v ]);
-						break;
-					case 'custom':
-						$this->request_method = $v;
-						break;
-					case 'url':
-						$this->url = $v;
-						break;
-					case 'data':
-						$this->set_data($v);
-						if($v) {
-							$this->upload = true;
-						}
-						else {
-							$this->upload = false;
-						}							
-						break;
-					case 'headers':
-						$this->headers = $v;
-						break;
-					default:
-						$this->curlopts[$k] = $v;
-						break;
-				}
-			}
-		}
-	}
-
-	function exec() {
-		$opts = $this->curlopts;
-		$url = $this->url;
-		if($this->auth)
-			$opts['http_auth'] = $this->auth;
-		if($this->magicauth) {
-			$opts['cookiejar']  = 'store/[data]/cookie_' . $this->magicauth;
-			$opts['cookiefile'] = 'store/[data]/cookie_' . $this->magicauth;
-			$opts['cookie'] = 'PHPSESSID=' . trim(file_get_contents('store/[data]/cookien_' . $this->magicauth));
-			$c = channelx_by_n($this->magicauth);
-			if($c)
-				$url = zid($this->url,channel_reddress($c));
-		}	
-		if($this->custom)
-			$opts['custom'] = $this->custom;
-		if($this->headers)
-			$opts['headers'] = $this->headers;
-		if($this->upload) {
-			$opts['upload'] = true;
-			$opts['infile'] = $this->filehandle;
-			$opts['infilesize'] = strlen($this->request_data);
-			$opts['readfunc'] = [ $this, 'curl_read' ] ;
-		}
-
-		$recurse = 0;
-		return z_fetch_url($this->url,true,$recurse,(($opts) ? $opts : null)); 
-		
-	}
-		
-	
-}

Zotlabs/Lib/ThreadItem.php

@@ -187,7 +187,7 @@ class ThreadItem {
 			$drop = [ 'dropping' => true, 'delete' => t('Admin Delete') ];
 		}
 
-		$filer = ((($conv->get_profile_owner() == local_channel()) && (! array_key_exists('real_uid',$item))) ? t("Save to Folder") : false);
+		$filer = (((local_channel() && $conv->get_profile_owner() === local_channel()) || (local_channel() && App::$module === 'pubstream')) ? t("Save to Folder") : false);
 
 		$profile_avatar = $item['author']['xchan_photo_s'];
 		$profile_link   = chanlink_hash($item['author_xchan']);
@@ -233,45 +233,6 @@ class ThreadItem {
 			$my_responses[$v] = ((isset($conv_responses[$v][$item['mid'] . '-m'])) ? 1 : 0);
 		}
 
-/*
-
-		$like_count = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid']] : '');
-		$like_list = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid'] . '-l'] : '');
-		if (($like_list) && (count($like_list) > MAX_LIKERS)) {
-			$like_list_part = array_slice($like_list, 0, MAX_LIKERS);
-			array_push($like_list_part, '<a class="dropdown-item" href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
-		} else {
-			$like_list_part = '';
-		}
-		$like_button_label = tt('Like','Likes',$like_count,'noun');
-
-		$repeat_count = ((x($conv_responses['announce'],$item['mid'])) ? $conv_responses['announce'][$item['mid']] : '');
-		$repeat_list = ((x($conv_responses['announce'],$item['mid'])) ? $conv_responses['announce'][$item['mid'] . '-l'] : '');
-		if (($repeat_list) && (count($repeat_list) > MAX_LIKERS)) {
-			$repeat_list_part = array_slice($repeat_list, 0, MAX_LIKERS);
-			array_push($repeat_list_part, '<a class="dropdown-item" href="#" data-toggle="modal" data-target="#repeatModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
-		} else {
-			$repeat_list_part = '';
-		}
-		$repeat_button_label = tt('Repeat','Repeats',$repeat_count,'noun');
-
-		$showdislike = '';
-		if (feature_enabled($conv->get_profile_owner(),'dislike')) {
-			$dislike_count = ((x($conv_responses['dislike'],$item['mid'])) ? $conv_responses['dislike'][$item['mid']] : '');
-			$dislike_list = ((x($conv_responses['dislike'],$item['mid'])) ? $conv_responses['dislike'][$item['mid'] . '-l'] : '');
-			$dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun');
-			if (($dislike_list) && (count($dislike_list) > MAX_LIKERS)) {
-				$dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS);
-				array_push($dislike_list_part, '<a class="dropdown-item" href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
-			} else {
-				$dislike_list_part = '';
-			}
-
-			$showdislike = ((x($conv_responses['dislike'],$item['mid'])) ? format_like($conv_responses['dislike'][$item['mid']],$conv_responses['dislike'][$item['mid'] . '-l'],'dislike',$item['mid']) : '');
-		}
-
-		$showlike    = ((x($conv_responses['like'],$item['mid'])) ? format_like($conv_responses['like'][$item['mid']],$conv_responses['like'][$item['mid'] . '-l'],'like',$item['mid']) : '');
-*/
 
 		/*
 		 * We should avoid doing this all the time, but it depends on the conversation mode
@@ -415,7 +376,6 @@ class ThreadItem {
 			'template' => $this->get_template(),
 			'mode' => $mode,
 			'item_type' => intval($item['item_type']),
-			//'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
 			'body' => $body['html'],
 			'tags' => $body['tags'],
 			'categories' => $body['categories'],
@@ -450,16 +410,15 @@ class ThreadItem {
 			'sparkle' => $sparkle,
 			'title' => $item['title'],
 			'title_tosource' => get_pconfig($conv->get_profile_owner(),'system','title_tosource'),
-			//'ago' => relative_date($item['created']),
 			'app' => $item['app'],
 			'str_app' => sprintf( t('from %s'), $item['app']),
 			'isotime' => datetime_convert('UTC', date_default_timezone_get(), $item['created'], 'c'),
-			'localtime' => datetime_convert('UTC', date_default_timezone_get(), $item['created'], 'r'),
-			'editedtime' => (($item['edited'] != $item['created']) ? sprintf( t('last edited: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['edited'], 'r')) : ''),
-			'expiretime' => (($item['expires'] > NULL_DATE) ? sprintf( t('Expires: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['expires'], 'r')):''),
+			'localtime' => datetime_convert('UTC', date_default_timezone_get(), $item['created']),
+			'editedtime' => (($item['edited'] != $item['created']) ? sprintf(t('Last edited %s'), relative_time($item['edited'])) : ''),
+			'expiretime' => (($item['expires'] > NULL_DATE) ? sprintf(t('Expires %s'), relative_time($item['expires'])) : ''),
 			'lock' => $lock,
 			'locktype' => $locktype,
-			'delayed' => $item['item_delayed'],
+			'delayed' => (($item['item_delayed']) ? sprintf(t('Published %s'), relative_time($item['created'])) : ''),
 			'privacy_warning' => $privacy_warning,
 			'verified' => $verified,
 			'unverified' => $unverified,
@@ -479,7 +438,7 @@ class ThreadItem {
 			'event' => $body['event'],
 			'has_tags' => $has_tags,
 			'reactions' => $this->reactions,
-// Item toolbar buttons
+			// Item toolbar buttons
 			'emojis'	=> (($this->is_toplevel() && $this->is_commentable() && $observer && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
 			'like'      => $like,
 			'dislike'   => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike : ''),
@@ -489,7 +448,7 @@ class ThreadItem {
 			'embed'     => $embed,
 			'rawmid'	=> $item['mid'],
 			'plink'     => get_plink($item),
-			'edpost'    => $edpost, // ((feature_enabled($conv->get_profile_owner(),'edit_posts')) ? $edpost : ''),
+			'edpost'    => $edpost,
 			'star'      => ((feature_enabled($conv->get_profile_owner(),'star_posts') && ($item['item_type'] == ITEM_TYPE_POST)) ? $star : ''),
 			'tagger'    => ((feature_enabled($conv->get_profile_owner(),'commtag')) ? $tagger : ''),
 			'filer'     => ((feature_enabled($conv->get_profile_owner(),'filing') && ($item['item_type'] == ITEM_TYPE_POST)) ? $filer : ''),
@@ -500,7 +459,7 @@ class ThreadItem {
 			'addtocal'  => (($has_event) ? t('Add to Calendar') : ''),
 			'drop'      => $drop,
 			'dropdown_extras' => $dropdown_extras,
-// end toolbar buttons
+			// end toolbar buttons
 			'unseen_comments' => $unseen_comments,
 			'comment_count' => $total_children,
 			'comment_count_txt' => $comment_count_txt,
@@ -508,30 +467,9 @@ class ThreadItem {
 			'markseen' => t('Mark all comments seen'),
 			'responses' => $responses,
 			'my_responses' => $my_responses,
-			/*
-			'like_count' => $like_count,
-			'like_list' => $like_list,
-			'like_list_part' => $like_list_part,
-			'like_button_label' => $like_button_label,
-			'like_modal_title' => t('Likes','noun'),
-
-			'repeat_count' => $repeat_count,
-			'repeat_list' => $repeat_list,
-			'repeat_list_part' => $repeat_list_part,
-			'repeat_button_label' => $repeat_button_label,
-			'repeat_modal_title' => t('Repeats','noun'),
-
-
-			'dislike_modal_title' => t('Dislikes','noun'),
-			'dislike_count' => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_count : ''),
-			'dislike_list' => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list : ''),
-			'dislike_list_part' => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_list_part : ''),
-			'dislike_button_label' => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike_button_label : ''),
-*/
 			'modal_dismiss' => t('Close'),
-		//	'showlike' => $showlike,
-		//	'showdislike' => $showdislike,
 			'comment' => ($item['item_delayed'] ? '' : $this->get_comment_box()),
+			'no_comment' => (($item['item_thread_top'] && $item['item_nocomment'])? t('Comments disabled') : ''),
 			'previewing' => ($conv->is_preview() ? true : false ),
 			'preview_lbl' => t('This is an unsaved preview'),
 			'wait' => t('Please wait'),
@@ -544,7 +482,8 @@ class ThreadItem {
 			'moderate_delete' => t('Delete'),
 			'rtl' => in_array($item['lang'], rtl_languages()),
 			'reactions_allowed' => $reactions_allowed,
-			'reaction_str' => [t('Add yours'), t('Remove yours')]
+			'reaction_str' => [t('Add yours'), t('Remove yours')],
+			'is_contained' => $this->is_toplevel() && str_contains($item['tgt_type'], 'Collection')
 		);
 
 		$arr = array('item' => $item, 'output' => $tmp_item);
@@ -555,15 +494,7 @@ class ThreadItem {
 		$result['children'] = array();
 		$nb_children = count($children);
 
-		$visible_comments = Config::Get('system','expanded_comments');
-		if($visible_comments === false)
-			$visible_comments = 3;
-
-//		needed for scroll to comment from notification but needs more work
-//		as we do not want to open all comments unless there is actually an #item_xx anchor
-//		and the url fragment is not sent to the server.
-//		if(in_array(\App::$module,['display','update_display']))
-//			$visible_comments = 99999;
+		$visible_comments = Config::Get('system', 'expanded_comments', 3);
 
 		if(($this->get_display_mode() === 'normal') && ($nb_children > 0)) {
 			foreach($children as $child) {
@@ -868,6 +799,7 @@ class ThreadItem {
 			'$submit' => t('Submit'),
 			'$edbold' => t('Bold'),
 			'$editalic' => t('Italic'),
+			'$edhighlighter' => t('Highlight selected text'),
 			'$eduline' => t('Underline'),
 			'$edquote' => t('Quote'),
 			'$edcode' => t('Code'),
@@ -875,7 +807,7 @@ class ThreadItem {
 			'$edatt' => t('Attach/Upload file'),
 			'$edurl' => t('Insert Link'),
 			'$edvideo' => t('Video'),
-			'$preview' => t('Preview'), // ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''),
+			'$preview' => t('Preview'),
 			'$can_upload' => (perm_is_allowed($conv->get_profile_owner(),get_observer_hash(),'write_storage') && $conv->is_uploadable()),
 			'$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false),
 			'$encrypt' => t('Encrypt text'),
@@ -896,7 +828,7 @@ class ThreadItem {
 	}
 
 	/**
-	 * Check if we are a wall to wall item and set the relevant properties
+	 * Check if we are a wall to wall or announce item and set the relevant properties
 	 */
 	protected function check_wall_to_wall() {
 		$conv = $this->get_conversation();

Zotlabs/Module/Achievements.php

@@ -8,25 +8,25 @@ class Achievements extends \Zotlabs\Web\Controller {
 		// This doesn't work, so
 		if (! is_developer())
 			return;
-	
+
 		if(argc() > 1)
 			$which = argv(1);
 		else {
 			notice( t('Requested profile is not available.') . EOL );
 			return;
 	}
-	
+
 		$profile = 0;
-		$profile = argv(1);		
+		$profile = argv(1);
 		profile_load($which,$profile);
-	
+
 		$r = q("select channel_id from channel where channel_address = '%s'",
 				dbesc($which)
 				);
 		if($r) {
 			$owner = intval($r[0]['channel_id']);
 			}
-	
+
 		$observer = \App::get_observer();
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
 		$perms = get_all_perms($owner,$ob_hash);
@@ -34,60 +34,60 @@ class Achievements extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 		return;
 	    }
-	
+
 		$newmembertext = t('Some blurb about what to do when you\'re new here');
-	
-	
+
+
 	//	By default, all badges are false
 		$contactbadge = false;
 		$profilebadge = false;
 		$keywordsbadge = false;
-		
+
 	// Check number of contacts.  Award a badge if over 10
-	// We'll figure these out on each page load instead of 
+	// We'll figure these out on each page load instead of
 	// writing them to the DB because that will mean one needs
 	// to retain their achievements - eg, you can't add
 	// a bunch of channels just to get your badge, and then
 	// delete them all again.  If these become popular or
 	// used in profiles or something, we may need to reconsider
 	// and add a table for this - because this won't scale.
-	    
+
 	    $r = q("select * from abook where abook_channel = %d",
 		intval($owner)
 		);
-	
+
 		if (count($r))
 			$contacts = count($r);
 		// We're checking for 11 to adjust for the abook record for self
 		if ($contacts >= 11)
 				$contactbadge = true;
-			
+
 	//	Check if an about field in the profile has been created.
-	
+
 		$r = q("select * from profile where uid = %d and about <> ''",
 				intval($owner)
 		);
-		
+
 		if ($r)
 			$profilebadge = 1;
-	
+
 	// Check if keywords have been set
-	
+
 		$r = q("select * from profile where uid = %d and keywords <> ''",
 				intval($owner)
 		);
-		
+
 		if($r)
 			$keywordsbadge = 1;
-	
+
 	    return replace_macros(get_markup_template("achievements.tpl"), array(
 	                '$newmembertext' => $newmembertext,
 	                '$profilebadge' => $profilebadge,
 	                '$contactbadge' => $contactbadge,
 	                '$keywordsbadge' => $keywordsbadge,
-	                '$channelsbadge' => $channelsbadge
+	                '$channelsbadge' => null,
 	));
-	
+
 	}
-	
+
 }

Zotlabs/Module/Activity.php

@@ -30,7 +30,7 @@ class Activity extends Controller {
 				dbesc(ACTIVITY_UNFOLLOW)
 			);
 
-			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
 
 			$i = null;
 
@@ -191,7 +191,7 @@ class Activity extends Controller {
 				dbesc(ACTIVITY_UNFOLLOW)
 			);
 
-			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
 
 			$sigdata = HTTPSig::verify(EMPTY_STR);
 			if ($sigdata['portable_id'] && $sigdata['header_valid']) {

Zotlabs/Module/Admin/Account_edit.php

@@ -8,6 +8,11 @@ class Account_edit {
 
 	function post() {
 
+		// Validate CSRF token
+		//
+		// We terminate with a 403 Forbidden status if the check fails.
+		check_form_security_token_ForbiddenOnErr('admin_account_edit', 'security');
+
 		$account_id = $_REQUEST['aid'];
 
 		if(! $account_id)
@@ -18,7 +23,7 @@ class Account_edit {
 		if($pass1 && $pass2 && ($pass1 === $pass2)) {
 			$salt = random_string(32);
 			$password_encoded = hash('whirlpool', $salt . $pass1);
-			$r = q("update account set account_salt = '%s', account_password = '%s', 
+			$r = q("update account set account_salt = '%s', account_password = '%s',
 				account_password_changed = '%s' where account_id = %d",
 				dbesc($salt),
 				dbesc($password_encoded),
@@ -34,7 +39,7 @@ class Account_edit {
 		$account_level = 5;
 		$account_language = trim($_REQUEST['account_language']);
 
-		$r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s' 
+		$r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s'
 			where account_id = %d",
 			dbesc($service_class),
 			intval($account_level),
@@ -62,8 +67,8 @@ class Account_edit {
 			return '';
 		}
 
-
 		$a = replace_macros(get_markup_template('admin_account_edit.tpl'), [
+			'$security' => get_form_security_token('admin_account_edit'),
 			'$account' => $x[0],
 			'$title' => t('Account Edit'),
 			'$pass1' => [ 'pass1', t('New Password'), ' ','' ],

Zotlabs/Module/Admin/Accounts.php

@@ -6,133 +6,33 @@ use Zotlabs\Lib\Config;
 
 class Accounts {
 
-	/**
-	 * @brief Handle POST actions on accounts admin page.
-	 *
-	 * This function is called when on the admin user/account page the form was
-	 * submitted to handle multiple operations at once. If one of the icons next
-	 * to an entry are pressed the function admin_page_accounts() will handle this.
-	 *
-	 */
 
 	const MYP = 	'ZAR';			// ZAR2x
 	const VERSION =	'2.0.0';
 
-	function post() {
+	/**
+	 * Handle POST actions on accounts admin page.
+	 */
+	public function post() {
 
-		$pending = ( x($_POST, 'pending') ? $_POST['pending'] : array() );
-		$users   = ( x($_POST, 'user')    ? $_POST['user']    : array() );
-		$blocked = ( x($_POST, 'blocked') ? $_POST['blocked'] : array() );
+		$pending = x($_POST, 'pending') ? $_POST['pending'] : array();
 
 		check_form_security_token_redirectOnErr('/admin/accounts', 'admin_accounts');
 
-		$isajax = is_ajax();
-		$rc = 0;
-
-		If (!is_site_admin()) {
-			if ($isajax) {
-				killme();
-				exit;
-			}
-			goaway(z_root() . '/');
-		}
-
-		if ($isajax) {
-			//$debug = print_r($_SESSION[self::MYP],true);
-			$zarop = (x($_POST['zardo']) && preg_match('/^[ad]{1,1}$/', $_POST['zardo']) )
-					 ? $_POST['zardo'] : '';
-			// zarat arrives with leading underscore _n
-			$zarat = (x($_POST['zarat']) && preg_match('/^_{1,1}[0-9]{1,6}$/', $_POST['zarat']) )
-					 ? substr($_POST['zarat'],1) : '';
-			$zarse = (x($_POST['zarse']) && preg_match('/^[0-9a-f]{8,8}$/', $_POST['zarse']) )
-					 ? hex2bin($_POST['zarse']) : '';
-
-			if ($zarop && $zarat >= 0 && $zarse && $zarse == $_SESSION[self::MYP]['h'][$zarat]) {
-
-				//
-				if ($zarop == 'd') {
-					$rd = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d AND SUBSTR(reg_hash,1,4) = '%s' ",
-						intval($_SESSION[self::MYP]['i'][$zarat]),
-						dbesc($_SESSION[self::MYP]['h'][$zarat])
-					);
-					$rc = '×';
-				}
-				elseif ($zarop == 'a') {
-					// approval, REGISTER_DENIED by user 0x0040, REGISTER_AGREED by user 0x0020 @Regate
-					$rd = q("UPDATE register SET reg_flags = (reg_flags & ~ 16), "
-						.	" reg_vital = (CASE (reg_flags & ~ 48) WHEN 0 THEN 0 ELSE 1 END) "
-						.	" WHERE reg_vital = 1 AND reg_id = %d AND SUBSTR(reg_hash,1,4) = '%s' ",
-						intval($_SESSION[self::MYP]['i'][$zarat]),
-						dbesc($_SESSION[self::MYP]['h'][$zarat])
-					);
-					$rc = 0;
-					$rs = q("SELECT * from register WHERE reg_id = %d ",
-							intval($_SESSION[self::MYP]['i'][$zarat])
-					);
-					if ($rs && ($rs[0]['reg_flags'] & ~ 48) == 0) {
-						// create account
-						$rc = 'ok'.$rs[0]['reg_id'];
-						$ac = create_account_from_register($rs[0]);
-						if ( $ac['success'] ) {
-							$rc .= '✔';
-
-							$auto_create  = Config::Get('system','auto_channel_create',1);
-
-							if($auto_create) {
-								$reonar = json_decode($rs[0]['reg_stuff'], true);
-								// prepare channel creation
-								if($reonar['chan.name'])
-									set_aconfig($ac['account']['account_id'], 'register', 'channel_name', $reonar['chan.name']);
-
-								if($reonar['chan.did1'])
-									set_aconfig($ac['account']['account_id'], 'register', 'channel_address', $reonar['chan.did1']);
-
-								$permissions_role  = Config::Get('system','default_permissions_role');
-								if($permissions_role)
-									set_aconfig($ac['account']['account_id'], 'register', 'permissions_role', $permissions_role);
-
-								// create channel
-								$new_channel = auto_channel_create($ac['account']['account_id']);
-
-								if($new_channel['success']) {
-									$rc .= ' c,ok' . $new_channel['channel']['channel_id'] . '✔';
-								}
-								else {
-									$rc .= ' c ×';
-								}
-							}
-
-
-						}
-					} else {
-						$rc='oh ×';
-					}
-				}
-				echo json_encode(array('re' => $zarop, 'at' => '_' . $zarat, 'rc' => $rc));
-			}
+		if (is_ajax()) {
+			$this->handle_ajax_request();
 			killme();
-			exit;
 		}
 
 		// change to switch structure?
 		// account block/unblock button was submitted
 		if (x($_POST, 'page_accounts_block')) {
-			for ($i = 0; $i < count($users); $i++) {
-				// if account is blocked remove blocked bit-flag, otherwise add blocked bit-flag
-				$op = ($blocked[$i]) ? '& ~' : '| ';
-				q("UPDATE account SET account_flags = (account_flags $op%d) WHERE account_id = %d",
-					intval(ACCOUNT_BLOCKED),
-					intval($users[$i])
-				);
-			}
-			notice( sprintf( tt("%s account blocked/unblocked", "%s account blocked/unblocked", count($users)), count($users)) );
+			$this->block_unblock_accounts();
 		}
+
 		// account delete button was submitted
 		if (x($_POST, 'page_accounts_delete')) {
-			foreach ($users as $uid){
-				account_remove($uid, true, false);
-			}
-			notice( sprintf( tt("%s account deleted", "%s accounts deleted", count($users)), count($users)) );
+			$this->delete_accounts();
 		}
 		// registration approved button was submitted
 		if (x($_POST, 'page_accounts_approve')) {
@@ -351,5 +251,143 @@ class Accounts {
 		return $o;
 	}
 
+	private function handle_ajax_request(): void {
+		//$debug = print_r($_SESSION[self::MYP],true);
+		$zarop = (x($_POST['zardo']) && preg_match('/^[ad]{1,1}$/', $_POST['zardo']) )
+			? $_POST['zardo'] : '';
+		// zarat arrives with leading underscore _n
+		$zarat = (x($_POST['zarat']) && preg_match('/^_{1,1}[0-9]{1,6}$/', $_POST['zarat']) )
+			? substr($_POST['zarat'],1) : '';
+		$zarse = (x($_POST['zarse']) && preg_match('/^[0-9a-f]{8,8}$/', $_POST['zarse']) )
+			? hex2bin($_POST['zarse']) : '';
+
+		if ($zarop && $zarat >= 0 && $zarse && $zarse == $_SESSION[self::MYP]['h'][$zarat]) {
+
+			//
+			if ($zarop == 'd') {
+				$rd = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d AND SUBSTR(reg_hash,1,4) = '%s' ",
+					intval($_SESSION[self::MYP]['i'][$zarat]),
+					dbesc($_SESSION[self::MYP]['h'][$zarat])
+				);
+				$rc = '×';
+			}
+			elseif ($zarop == 'a') {
+				// approval, REGISTER_DENIED by user 0x0040, REGISTER_AGREED by user 0x0020 @Regate
+				$rd = q("UPDATE register SET reg_flags = (reg_flags & ~ 16), "
+					.	" reg_vital = (CASE (reg_flags & ~ 48) WHEN 0 THEN 0 ELSE 1 END) "
+					.	" WHERE reg_vital = 1 AND reg_id = %d AND SUBSTR(reg_hash,1,4) = '%s' ",
+					intval($_SESSION[self::MYP]['i'][$zarat]),
+					dbesc($_SESSION[self::MYP]['h'][$zarat])
+				);
+				$rc = 0;
+				$rs = q("SELECT * from register WHERE reg_id = %d ",
+					intval($_SESSION[self::MYP]['i'][$zarat])
+				);
+				if ($rs && ($rs[0]['reg_flags'] & ~ 48) == 0) {
+					// create account
+					$rc = 'ok'.$rs[0]['reg_id'];
+					$ac = create_account_from_register($rs[0]);
+					if ( $ac['success'] ) {
+						$rc .= '✔';
+
+						$auto_create  = Config::Get('system','auto_channel_create',1);
+
+						if($auto_create) {
+							$reonar = json_decode($rs[0]['reg_stuff'], true);
+							// prepare channel creation
+							if($reonar['chan.name'])
+								set_aconfig($ac['account']['account_id'], 'register', 'channel_name', $reonar['chan.name']);
+
+							if($reonar['chan.did1'])
+								set_aconfig($ac['account']['account_id'], 'register', 'channel_address', $reonar['chan.did1']);
+
+							$permissions_role  = Config::Get('system','default_permissions_role');
+							if($permissions_role)
+								set_aconfig($ac['account']['account_id'], 'register', 'permissions_role', $permissions_role);
+
+							// create channel
+							$new_channel = auto_channel_create($ac['account']['account_id']);
+
+							if($new_channel['success']) {
+								$rc .= ' c,ok' . $new_channel['channel']['channel_id'] . '✔';
+							}
+							else {
+								$rc .= ' c ×';
+							}
+						}
+
+
+					}
+				} else {
+					$rc='oh ×';
+				}
+			}
+			echo json_encode(array('re' => $zarop, 'at' => '_' . $zarat, 'rc' => $rc));
+		}
+	}
+
+	/**
+	 * Block or unblock accounts given by the `user` and `blocked` POST params.
+	 *
+	 * The post params `user` and `blocked` must be present and arrays of equal
+	 * lengths. The `user` array should contain account id's or the accounts to
+	 * process, and the `blocked` array holds a corresponding boolean value to
+	 * indicate that the account at the same offset in the `user` array is or is
+	 * not blocked.
+	 *
+	 * An account that is _not_ blocked will be blocked, and accounts that _are_
+	 * blocked will be unblocked.
+	 *
+	 * @SuppressWarnings(PHPMD.ShortVariable)
+	 */
+	private function block_unblock_accounts(): void {
+		if (!isset($_POST['user']) || !isset($_POST['blocked'])) {
+			return;
+		}
+
+		$users = $_POST['user'];
+		$blocked = $_POST['blocked'];
+
+		if (!is_array($users) || !is_array($blocked)) {
+			return;
+		}
+
+		foreach($users as $i => $id) {
+			// if account is blocked remove blocked bit-flag, otherwise add blocked bit-flag
+			$op = $blocked[$i] ? '& ~' : '| ';
+
+			q("UPDATE account SET account_flags = (account_flags $op%d) WHERE account_id = %d",
+				intval(ACCOUNT_BLOCKED),
+				intval($id)
+			);
+		}
+
+		$count = count($users);
+		$fmt = tt("%s account blocked/unblocked", "%s account blocked/unblocked", $count);
+		notice(sprintf($fmt, $count));
+	}
+
+	/**
+	 * Delete multiple accounts given by the `user` POST param.
+	 */
+	private function delete_accounts(): void {
+		if (!isset($_POST['user'])) {
+			return;
+		}
+
+		$users = $_POST['user'];
+
+		if (!is_array($users)) {
+			return;
+		}
+
+		foreach ($users as $uid){
+			account_remove($uid, true, false);
+		}
+
+		$count = count($users);
+		$fmt = tt("%s account deleted", "%s accounts deleted", $count);
+		notice(sprintf($fmt, $count));
+	}
 }
 

Zotlabs/Module/Admin/Addons.php

@@ -3,9 +3,8 @@
 namespace Zotlabs\Module\Admin;
 
 use App;
-use \Zotlabs\Lib\Config;
-use \Zotlabs\Storage\GitRepo;
-use \Michelf\MarkdownExtra;
+use Zotlabs\Lib\Config;
+use Michelf\MarkdownExtra;
 
 class Addons {
 
@@ -24,227 +23,6 @@ class Addons {
 
 			goaway(z_root() . '/admin/addons/' . argv(2) );
 		}
-		elseif(argc() > 2) {
-			switch(argv(2)) {
-				case 'updaterepo':
-					if (array_key_exists('repoName', $_REQUEST)) {
-						$repoName = $_REQUEST['repoName'];
-					}
-					else {
-						json_return_and_die(array('message' => 'No repo name provided.', 'success' => false));
-					}
-					$extendDir = 'store/[data]/git/sys/extend';
-					$addonDir = $extendDir . '/addon';
-					if (!file_exists($extendDir)) {
-						if (!mkdir($extendDir, 0770, true)) {
-							logger('Error creating extend folder: ' . $extendDir);
-							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
-						}
-						else {
-							if (!symlink(realpath('extend/addon'), $addonDir)) {
-								logger('Error creating symlink to addon folder: ' . $addonDir);
-								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
-							}
-						}
-					}
-					$repoDir = 'store/[data]/git/sys/extend/addon/' . $repoName;
-					if (!is_dir($repoDir)) {
-						logger('Repo directory does not exist: ' . $repoDir);
-						json_return_and_die(array('message' => 'Invalid addon repo.', 'success' => false));
-					}
-					if (!is_writable($repoDir)) {
-						logger('Repo directory not writable to web server: ' . $repoDir);
-						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
-					}
-					$git = new GitRepo('sys', null, false, $repoName, $repoDir);
-					try {
-						if ($git->pull()) {
-							$files = array_diff(scandir($repoDir), array('.', '..'));
-							foreach ($files as $file) {
-								if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
-									$source = '../extend/addon/' . $repoName . '/' . $file;
-									$target = realpath('addon/') . '/' . $file;
-									unlink($target);
-									if (!symlink($source, $target)) {
-										logger('Error linking addons to /addon');
-										json_return_and_die(array('message' => 'Error linking addons to /addon', 'success' => false));
-									}
-								}
-							}
-							json_return_and_die(array('message' => 'Repo updated.', 'success' => true));
-						} else {
-							json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false));
-						}
-					} catch (\PHPGit\Exception\GitException $e) {
-						json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false));
-					}
-					break;
-				case 'removerepo':
-					if (array_key_exists('repoName', $_REQUEST)) {
-						$repoName = $_REQUEST['repoName'];
-					} else {
-						json_return_and_die(array('message' => 'No repo name provided.', 'success' => false));
-					}
-					$extendDir = 'store/[data]/git/sys/extend';
-					$addonDir = $extendDir . '/addon';
-					if (!file_exists($extendDir)) {
-						if (!mkdir($extendDir, 0770, true)) {
-							logger('Error creating extend folder: ' . $extendDir);
-							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
-						} else {
-							if (!symlink(realpath('extend/addon'), $addonDir)) {
-								logger('Error creating symlink to addon folder: ' . $addonDir);
-								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
-							}
-						}
-					}
-					$repoDir = 'store/[data]/git/sys/extend/addon/' . $repoName;
-					if (!is_dir($repoDir)) {
-						logger('Repo directory does not exist: ' . $repoDir);
-						json_return_and_die(array('message' => 'Invalid addon repo.', 'success' => false));
-					}
-					if (!is_writable($repoDir)) {
-						logger('Repo directory not writable to web server: ' . $repoDir);
-						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
-					}
-					/// @TODO remove directory and unlink /addon/files
-					if (rrmdir($repoDir)) {
-						json_return_and_die(array('message' => 'Repo deleted.', 'success' => true));
-					} else {
-						json_return_and_die(array('message' => 'Error deleting addon repo.', 'success' => false));
-					}
-					break;
-				case 'installrepo':
-					if (array_key_exists('repoURL', $_REQUEST)) {
-						require_once('library/PHPGit.autoload.php');			// Load PHPGit dependencies
-						$repoURL = $_REQUEST['repoURL'];
-						$extendDir = 'store/[data]/git/sys/extend';
-						$addonDir = $extendDir . '/addon';
-						if (!file_exists($extendDir)) {
-							if (!mkdir($extendDir, 0770, true)) {
-								logger('Error creating extend folder: ' . $extendDir);
-								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
-							} else {
-								if (!symlink(realpath('extend/addon'), $addonDir)) {
-									logger('Error creating symlink to addon folder: ' . $addonDir);
-									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
-								}
-							}
-						}
-						if (!is_writable($extendDir)) {
-							logger('Directory not writable to web server: ' . $extendDir);
-							json_return_and_die(array('message' => 'Directory not writable to web server.', 'success' => false));
-						}
-						$repoName = null;
-						if (array_key_exists('repoName', $_REQUEST) && $_REQUEST['repoName'] !== '') {
-							$repoName = $_REQUEST['repoName'];
-						} else {
-							$repoName = GitRepo::getRepoNameFromURL($repoURL);
-						}
-						if (!$repoName) {
-							logger('Invalid git repo');
-							json_return_and_die(array('message' => 'Invalid git repo', 'success' => false));
-						}
-						$repoDir = $addonDir . '/' . $repoName;
-						$tempRepoBaseDir = 'store/[data]/git/sys/temp/';
-						$tempAddonDir = $tempRepoBaseDir . $repoName;
-
-						if (!is_writable($addonDir) || !is_writable($tempAddonDir)) {
-							logger('Temp repo directory or /extend/addon not writable to web server: ' . $tempAddonDir);
-							json_return_and_die(array('message' => 'Temp repo directory not writable to web server.', 'success' => false));
-						}
-						rename($tempAddonDir, $repoDir);
-
-						if (!is_writable(realpath('addon/'))) {
-							logger('/addon directory not writable to web server: ' . $tempAddonDir);
-							json_return_and_die(array('message' => '/addon directory not writable to web server.', 'success' => false));
-						}
-						$files = array_diff(scandir($repoDir), array('.', '..'));
-						foreach ($files as $file) {
-							if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
-								$source = '../extend/addon/' . $repoName . '/' . $file;
-								$target = realpath('addon/') . '/' . $file;
-								unlink($target);
-								if (!symlink($source, $target)) {
-									logger('Error linking addons to /addon');
-									json_return_and_die(array('message' => 'Error linking addons to /addon', 'success' => false));
-								}
-							}
-						}
-						$git = new GitRepo('sys', $repoURL, false, $repoName, $repoDir);
-						$repo = $git->probeRepo();
-						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
-					}
-					break;
-				case 'addrepo':
-					if (array_key_exists('repoURL', $_REQUEST)) {
-						require_once('library/PHPGit.autoload.php');	 // Load PHPGit dependencies
-						$repoURL = $_REQUEST['repoURL'];
-						$extendDir = 'store/[data]/git/sys/extend';
-						$addonDir = $extendDir . '/addon';
-						$tempAddonDir = realpath('store/[data]') . '/git/sys/temp';
-						if (!file_exists($extendDir)) {
-							if (!mkdir($extendDir, 0770, true)) {
-								logger('Error creating extend folder: ' . $extendDir);
-								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
-							} else {
-								if (!symlink(realpath('extend/addon'), $addonDir)) {
-									logger('Error creating symlink to addon folder: ' . $addonDir);
-									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
-								}
-							}
-						}
-						if (!is_dir($tempAddonDir)) {
-							if (!mkdir($tempAddonDir, 0770, true)) {
-								logger('Error creating temp plugin repo folder: ' . $tempAddonDir);
-								json_return_and_die(array('message' => 'Error creating temp plugin repo folder: ' . $tempAddonDir, 'success' => false));
-							}
-						}
-						$repoName = null;
-						if (array_key_exists('repoName', $_REQUEST) && $_REQUEST['repoName'] !== '') {
-							$repoName = $_REQUEST['repoName'];
-						} else {
-							$repoName = GitRepo::getRepoNameFromURL($repoURL);
-						}
-						if (!$repoName) {
-							logger('Invalid git repo');
-							json_return_and_die(array('message' => 'Invalid git repo: ' . $repoName, 'success' => false));
-						}
-						$repoDir = $tempAddonDir . '/' . $repoName;
-						if (!is_writable($tempAddonDir)) {
-							logger('Temporary directory for new addon repo is not writable to web server: ' . $tempAddonDir);
-							json_return_and_die(array('message' => 'Temporary directory for new addon repo is not writable to web server.', 'success' => false));
-						}
-						// clone the repo if new automatically
-						$git = new GitRepo('sys', $repoURL, true, $repoName, $repoDir);
-
-						$remotes = $git->git->remote();
-						$fetchURL = $remotes['origin']['fetch'];
-						if ($fetchURL !== $git->url) {
-							if (rrmdir($repoDir)) {
-								$git = new GitRepo('sys', $repoURL, true, $repoName, $repoDir);
-							} else {
-								json_return_and_die(array('message' => 'Error deleting existing addon repo.', 'success' => false));
-							}
-						}
-						$repo = $git->probeRepo();
-						$repo['readme'] = $repo['manifest'] = null;
-						foreach ($git->git->tree('master') as $object) {
-							if ($object['type'] == 'blob' && (strtolower($object['file']) === 'readme.md' || strtolower($object['file']) === 'readme')) {
-								$repo['readme'] = MarkdownExtra::defaultTransform($git->git->cat->blob($object['hash']));
-							} else if ($object['type'] == 'blob' && strtolower($object['file']) === 'manifest.json') {
-								$repo['manifest'] = $git->git->cat->blob($object['hash']);
-							}
-						}
-						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
-					} else {
-						json_return_and_die(array('message' => 'No repo URL provided', 'success' => false));
-					}
-					break;
-				default:
-					break;
-			}
-		}
 	}
 
 	/**
@@ -408,37 +186,6 @@ class Addons {
 
 		usort($plugins,'self::plugin_sort');
 
-		$allowManageRepos = false;
-		if(is_writable('extend/addon') && is_writable('store/[data]')) {
-			$allowManageRepos = true;
-		}
-
-		$admin_plugins_add_repo_form= replace_macros(
-			get_markup_template('admin_plugins_addrepo.tpl'), array(
-				'$post' => 'admin/addons/addrepo',
-				'$desc' => t('Enter the public git repository URL of the addon repo.'),
-				'$repoURL' => array('repoURL', t('Addon repo git URL'), '', ''),
-				'$repoName' => array('repoName', t('Custom repo name'), '', '', t('(optional)')),
-				'$submit' => t('Download Addon Repo')
-			)
-		);
-		$newRepoModalID = random_string(3);
-		$newRepoModal = replace_macros(
-			get_markup_template('generic_modal.tpl'), array(
-				'$id' => $newRepoModalID,
-				'$title' => t('Install new repo'),
-				'$ok' => t('Install'),
-				'$cancel' => t('Cancel')
-			)
-		);
-
-		$reponames = $this->listAddonRepos();
-		$addonrepos = [];
-		foreach($reponames as $repo) {
-			$addonrepos[] = array('name' => $repo, 'description' => '');
-			/// @TODO Parse repo info to provide more information about repos
-		}
-
 		$t = get_markup_template('admin_plugins.tpl');
 		return replace_macros($t, array(
 			'$title' => t('Administration'),
@@ -449,37 +196,9 @@ class Addons {
 			'$plugins' => $plugins,
 			'$disabled' => t('Disabled - version incompatibility'),
 			'$form_security_token' => get_form_security_token('admin_addons'),
-			'$allowManageRepos' => $allowManageRepos,
-			'$managerepos' => t('Manage Repos'),
-			'$installedtitle' => t('Installed Addon Repositories'),
-			'$addnewrepotitle' =>	t('Install a New Addon Repository'),
-			'$expandform' => false,
-			'$form' => $admin_plugins_add_repo_form,
-			'$newRepoModal' => $newRepoModal,
-			'$newRepoModalID' => $newRepoModalID,
-			'$addonrepos' => $addonrepos,
-			'$repoUpdateButton' => t('Update'),
-			'$repoBranchButton' => t('Switch branch'),
-			'$repoRemoveButton' => t('Remove')
 		));
 	}
 
-	function listAddonRepos() {
-		$addonrepos = [];
-		$addonDir = 'extend/addon/';
-		if(is_dir($addonDir)) {
-			if ($handle = opendir($addonDir)) {
-				while (false !== ($entry = readdir($handle))) {
-					if ($entry != "." && $entry != "..") {
-						$addonrepos[] = $entry;
-					}
-				}
-				closedir($handle);
-			}
-		}
-		return $addonrepos;
-	}
-
 	static public function plugin_sort($a,$b) {
 		return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name'])));
 	}

Zotlabs/Module/Admin/Features.php

@@ -59,14 +59,13 @@ class Features {
 			}
 
 			$tpl = get_markup_template("admin_settings_features.tpl");
-			$o .= replace_macros($tpl, array(
+
+			return replace_macros($tpl, array(
 				'$form_security_token' => get_form_security_token("admin_manage_features"),
 				'$title'	=> t('Manage Additional Features'),
 				'$features' => $arr,
 				'$submit'   => t('Submit'),
 			));
-
-			return $o;
 		}
 	}
 

Zotlabs/Module/Admin/Site.php

@@ -6,6 +6,8 @@ use Zotlabs\Lib\Config;
 
 class Site {
 
+	private string $eol;
+	private string $joo;
 
 	/**
 	 * @brief POST handler for Admin Site Page.
@@ -208,7 +210,6 @@ class Site {
 		//Config::Set('system','force_queue_threshold', $force_queue);
 
 		Config::Set('system','no_community_page', $no_community_page);
-		Config::Set('system','no_utf', $no_utf);
 
 		Config::Set('system','sse_enabled', $sse_enabled);
 

Zotlabs/Module/Admin/Themes.php

@@ -2,7 +2,7 @@
 
 namespace Zotlabs\Module\Admin;
 
-use \Michelf\MarkdownExtra;
+use Michelf\MarkdownExtra;
 use Zotlabs\Lib\Config;
 
 /**

Zotlabs/Module/Api.php

@@ -108,6 +108,9 @@ class Api extends \Zotlabs\Web\Controller {
 
 		echo api_call();
 		killme();
+
+		// not reached
+		return;
 	}
 
 	function oauth_get_client($request){

Zotlabs/Module/Apporder.php

@@ -2,7 +2,7 @@
 
 namespace Zotlabs\Module;
 
-use \Zotlabs\Lib as Zlib;
+use Zotlabs\Lib as Zlib;
 
 class Apporder extends \Zotlabs\Web\Controller {
 
@@ -25,7 +25,7 @@ class Apporder extends \Zotlabs\Web\Controller {
 					$syslist[] = Zlib\Apps::app_encode($li);
 				}
 			}
-		
+
 			Zlib\Apps::translate_system_apps($syslist);
 
 			usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');

Zotlabs/Module/Apps.php

@@ -1,8 +1,8 @@
 <?php
 namespace Zotlabs\Module;
 
-use \Zotlabs\Lib\Config;
-use \Zotlabs\Lib as Zlib;
+use Zotlabs\Lib\Config;
+use Zotlabs\Lib as Zlib;
 
 class Apps extends \Zotlabs\Web\Controller {
 

Zotlabs/Module/Authorize.php

@@ -9,7 +9,7 @@ class Authorize extends \Zotlabs\Web\Controller {
 	function get() {
 		if (! local_channel()) {
 			return login();
-		} 
+		}
 		else {
 
 			$name = $_REQUEST['client_name'];
@@ -25,7 +25,7 @@ class Authorize extends \Zotlabs\Web\Controller {
 
 			$link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);
 
-			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), [
+			return replace_macros(get_markup_template('oauth_authorize.tpl'), [
 				'$title'        => t('Authorize'),
 				'$authorize'    => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ),
 				'$app'          => $app,
@@ -35,7 +35,6 @@ class Authorize extends \Zotlabs\Web\Controller {
 				'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
 				'$state'        => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
 			]);
-			return $o;
 		}
 	}
 
@@ -50,7 +49,7 @@ class Authorize extends \Zotlabs\Web\Controller {
 		// TODO: The automatic client registration protocol below should adhere more
 		// closely to "OAuth 2.0 Dynamic Client Registration Protocol" defined
 		// at https://tools.ietf.org/html/rfc7591
-		
+
 		// If no client_id was provided, generate a new one.
 		if (x($_POST, 'client_id')) {
 			$client_id = $_POST['client_id'];
@@ -67,7 +66,7 @@ class Authorize extends \Zotlabs\Web\Controller {
 		$request = \OAuth2\Request::createFromGlobals();
 		$response = new \OAuth2\Response();
 
-		// Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. 
+		// Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string.
 		$channel = channelx_by_n(local_channel());
 		$user_id = $channel['channel_id'];
 

Zotlabs/Module/Authtest.php

@@ -7,7 +7,7 @@ class Authtest extends \Zotlabs\Web\Controller {
 
 
 		$auth_success = false;
-		$o .= '<h3>Magic-Auth Diagnostic</h3>';
+		$o = '<h3>Magic-Auth Diagnostic</h3>';
 
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
@@ -27,7 +27,7 @@ class Authtest extends \Zotlabs\Web\Controller {
 
 			$_REQUEST['test'] = 1;
 			$mod = new Magic();
-			$x = $mod->init($a);
+			$x = $mod->init();
 
 			$o .= 'Local Setup returns: ' . print_r($x,true);
 

Zotlabs/Module/Changeaddr.php

@@ -5,30 +5,30 @@ namespace Zotlabs\Module;
 class Changeaddr extends \Zotlabs\Web\Controller {
 
 	function post() {
-	
+
 		if(! local_channel())
 			return;
-	
+
 		if($_SESSION['delegate'])
 			return;
-	
+
 		if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password']))))
 			return;
-	
+
 		if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify']))))
 			return;
-	
+
 		if($_POST['verify'] !== $_SESSION['remove_account_verify'])
 			return;
-	
-	
+
+
 		$account = \App::get_account();
 		$channel = \App::get_channel();
-	
+
 		$x = account_verify_password($account['account_email'],$_POST['qxz_password']);
 		if(! ($x && $x['account']))
 			return;
-	
+
 		if($account['account_password_changed'] > NULL_DATE) {
 			$d1 = datetime_convert('UTC','UTC','now - 48 hours');
 			if($account['account_password_changed'] > $d1) {
@@ -36,7 +36,7 @@ class Changeaddr extends \Zotlabs\Web\Controller {
 				return;
 			}
 		}
-	
+
 		$new_address = trim($_POST['newname']);
 
 		if($new_address === $channel['channel_address'])
@@ -55,23 +55,23 @@ class Changeaddr extends \Zotlabs\Web\Controller {
 		channel_change_address($channel,$new_address);
 
 		goaway(z_root() . '/changeaddr');
-	
+
 	}
-	
-	
+
+
 	function get() {
-	
+
 		if(! local_channel())
 			goaway(z_root());
-	
+
 		$channel = \App::get_channel();
 
 		$hash = random_string();
-	
+
 		$_SESSION['remove_account_verify'] = $hash;
-	
+
 		$tpl = get_markup_template('channel_rename.tpl');
-		$o .= replace_macros($tpl, array(
+		return replace_macros($tpl, array(
 			'$basedir' => z_root(),
 			'$hash' => $hash,
 			'$title' => t('Change channel nickname/address'),
@@ -80,9 +80,5 @@ class Changeaddr extends \Zotlabs\Web\Controller {
 			'$newname' => array('newname', t('New channel address'),$channel['channel_address'], ''),
 			'$submit' => t('Rename Channel')
 		));
-	
-		return $o;		
-	
 	}
-	
 }

Zotlabs/Module/Channel_calendar.php

@@ -179,26 +179,14 @@ class Channel_calendar extends Controller {
 		if ($post_tags)
 			$datarray['term'] = $post_tags;
 
-		$item_id = event_store_item($datarray, $event);
+		$post = event_store_item($datarray, $event);
 
-		if ($item_id) {
-			$r = q("select * from item where id = %d",
-				intval($item_id)
-			);
-			if ($r) {
-				xchan_query($r);
-				$sync_item = fetch_post_tags($r);
-				$z         = q("select * from event where event_hash = '%s' and uid = %d limit 1",
-					dbesc($r[0]['resource_id']),
-					intval($channel['channel_id'])
-				);
-				if ($z) {
-					Libsync::build_sync_packet($channel['channel_id'], array('event_item' => array(encode_item($sync_item[0], true)), 'event' => $z));
-				}
-			}
+		if (!empty($post['item_id'])) {
+			Master::Summon(['Notifier', 'event', $post['item_id']]);
+		}
+		if (!empty($post['approval_id'])) {
+			Master::Summon(['Notifier', 'event', $post['approval_id']]);
 		}
-
-		Master::Summon(array('Notifier', 'event', $item_id));
 
 		killme();
 
@@ -470,13 +458,14 @@ class Channel_calendar extends Controller {
 							}
 							else {
 								// complex deletion that needs to propagate and be performed in phases
-								drop_item($i[0]['id'], true, DROPITEM_PHASE1);
+								drop_item($i[0]['id'], DROPITEM_PHASE1);
 								$complex = true;
 							}
 
 							$ii = q("select * from item where id = %d",
 								intval($i[0]['id'])
 							);
+
 							if ($ii) {
 								xchan_query($ii);
 								$sync_item = fetch_post_tags($ii);
@@ -485,6 +474,9 @@ class Channel_calendar extends Controller {
 
 							if ($complex) {
 								tag_deliver($i[0]['uid'], $i[0]['id']);
+								if (intval($i[0]['item_wall'])) {
+									Master::Summon(['Notifier', 'drop', $i[0]['id']]);
+								}
 							}
 						}
 					}

Zotlabs/Module/Chatsvc.php

@@ -4,7 +4,7 @@ namespace Zotlabs\Module;
 
 require_once('include/security.php');
 
-use \Zotlabs\Lib as Zlib;
+use Zotlabs\Lib as Zlib;
 
 class Chatsvc extends \Zotlabs\Web\Controller {
 

Zotlabs/Module/Cloud.php

@@ -8,10 +8,10 @@ namespace Zotlabs\Module;
  */
 
 use Sabre\DAV as SDAV;
-use \Zotlabs\Web\Controller;
-use \Zotlabs\Storage\BasicAuth;
-use \Zotlabs\Storage\Directory;
-use \Zotlabs\Storage\Browser;
+use Zotlabs\Web\Controller;
+use Zotlabs\Storage\BasicAuth;
+use Zotlabs\Storage\Directory;
+use Zotlabs\Storage\Browser;
 
 
 // composer autoloader for SabreDAV

Zotlabs/Module/Conversation.php

@@ -16,7 +16,7 @@ class Conversation extends Controller {
 
 	public function init() {
 
-		if (ActivityStreams::is_as_request()) {
+		if (ActivityStreams::is_as_request() || Libzot::is_zot_request()) {
 			$item_id = argv(1);
 
 			if (!$item_id) {
@@ -30,14 +30,13 @@ class Conversation extends Controller {
 				dbesc(ACTIVITY_UNFOLLOW)
 			);
 
-			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
 
 			$i = null;
 
 			// do we have the item (at all)?
 
-			$r = q("select parent_mid from item where mid = '%s' or uuid = '%s' $item_normal order by item_wall desc limit 1",
-				dbesc(z_root() . '/item/' . $item_id),
+			$r = q("select parent_mid from item where uuid = '%s' $item_normal order by item_wall desc limit 1",
 				dbesc($item_id)
 			);
 
@@ -77,16 +76,16 @@ class Conversation extends Controller {
 					}
 				}
 			}
-			elseif (Config::get('system', 'require_authenticated_fetch', false)) {
+			elseif (Config::Get('system', 'require_authenticated_fetch', false)) {
 				http_status_exit(403, 'Permission denied');
 			}
 
 			// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
 			// with a bias towards those items owned by channels on this site (item_wall = 1)
 
-			$sql_extra = item_permissions_sql(0);
-
 			if (!$i) {
+				$sql_extra = item_permissions_sql(0);
+
 				$i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
 					dbesc($r[0]['parent_mid'])
 				);

Zotlabs/Module/Cover_photo.php

@@ -371,7 +371,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 
 			$tpl = get_markup_template('cover_photo.tpl');
 
-			$o .= replace_macros($tpl,array(
+			$output = replace_macros($tpl,array(
 				'$user'                => \App::$channel['channel_address'],
 				'$info'                => t('Your cover photo may be visible to anybody on the internet'),
 				'$existing'            => get_cover_photo(local_channel(),'array',PHOTO_RES_COVER_850),
@@ -397,15 +397,15 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 
 			));
 
-			call_hooks('cover_photo_content_end', $o);
+			call_hooks('cover_photo_content_end', $output);
 
-			return $o;
+			return $output;
 		}
 		else {
 			$filename = \App::$data['imagecrop'] . '-3';
 			$resolution = 3;
 			$tpl = get_markup_template("cropcover.tpl");
-			$o .= replace_macros($tpl,array(
+			return replace_macros($tpl,array(
 				'$filename'            => $filename,
 				'$profile'             => intval($_REQUEST['profile']),
 				'$resource'            => \App::$data['imagecrop'] . '-3',
@@ -415,7 +415,6 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 				'$form_security_token' => get_form_security_token("cover_photo"),
 				'$done'                => t('Done Editing')
 			));
-			return $o;
 		}
 	}
 

Zotlabs/Module/Dav.php

@@ -9,6 +9,7 @@
 namespace Zotlabs\Module;
 
 use Sabre\DAV as SDAV;
+use Zotlabs\Lib\Libzot;
 use Zotlabs\Storage;
 use Zotlabs\Web\HTTPSig;
 

Zotlabs/Module/Display.php

@@ -344,7 +344,12 @@ class Display extends Controller {
 					'$profile_page'  => xmlify(z_root() . '/display/' . gen_link_id($target_item['mid'])),
 				));
 
-				$x = [ 'xml' => $atom, 'channel' => $channel, 'observer_hash' => $observer_hash, 'params' => $params ];
+				$x = [
+					'xml' => $atom,
+					'channel' => $channel,
+					'observer_hash' => $observer_hash,
+					'params' => [],
+				];
 				call_hooks('atom_feed_top',$x);
 
 				$atom = $x['xml'];

Zotlabs/Module/Dreport.php

@@ -19,7 +19,7 @@ class Dreport extends \Zotlabs\Web\Controller {
 			$table = 'push';
 
 			if($mid) {
-				$i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
+				$i = q("select * from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
 					dbesc($mid),
 					intval($channel['channel_id']),
 					dbesc($channel['channel_hash']),
@@ -27,6 +27,12 @@ class Dreport extends \Zotlabs\Web\Controller {
 				);
 				if($i) {
 					\Zotlabs\Daemon\Master::Summon([ 'Notifier', 'edit_post', $i[0]['id'] ]);
+
+					$relatedItem = find_related($i[0]);
+					if (isset($relatedItem['id'])) {
+						\Zotlabs\Daemon\Master::Summon([ 'Notifier', 'edit_post', $relatedItem['id'] ]);
+					}
+
 				}
 			}
 			sleep(3);

Zotlabs/Module/Editpost.php

@@ -86,6 +86,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 			'bbco_autocomplete'=> 'bbcode',
 			'return_path' => 'hq',
 			'button' => t('Submit'),
+			'disable_comments' => (($itm[0]['item_thread_top']) ? false : true),
 			'hide_voting' => true,
 			'hide_future' => true,
 			'hide_location' => true,

Zotlabs/Module/Fbrowser.php

@@ -6,6 +6,8 @@ namespace Zotlabs\Module;
  * @author		Fabio Comuni <fabrixxm@kirgroup.com>
  */
 
+use function Zotlabs\Render\template_escape;
+
 require_once('include/photo/photo_driver.php');
 
 /**

Zotlabs/Module/Filer.php

@@ -1,43 +1,54 @@
 <?php
 namespace Zotlabs\Module;
 
-require_once('include/security.php');
-require_once('include/bbcode.php');
-require_once('include/items.php');
-
-
+use App;
 
 class Filer extends \Zotlabs\Web\Controller {
 
 	function get() {
-	
-		if(! local_channel()) {
+
+		if(!local_channel()) {
 			killme();
 		}
-	
-		$term = unxmlify(trim($_GET['term']));
-		$item_id = ((\App::$argc > 1) ? intval(\App::$argv[1]) : 0);
-	
+
+		$term = unxmlify(trim($_GET['term'] ?? ''));
+		$item_id = ((App::$argc > 1) ? intval(App::$argv[1]) : 0);
+
 		logger('filer: tag ' . $term . ' item ' . $item_id);
-	
+
 		if($item_id && strlen($term)){
+
+			$sys = get_sys_channel();
+
+			$r = q("SELECT * FROM item WHERE (uid = %d OR uid = %d) AND id = %d
+				and item_type in (0,6,7) and item_deleted = 0 and item_unpublished = 0
+				and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1",
+				intval(local_channel()),
+				intval($sys['channel_id']),
+				intval($item_id)
+			);
+
+			if ($r && $r[0]['uid'] === $sys['channel_id']) {
+				$r = [copy_of_pubitem(App::get_channel(), $r[0]['mid'])];
+			}
+
+			if(!$r) {
+				killme();
+			}
+
+			$item_id = $r[0]['id'];
+
 			// file item
 			store_item_tag(local_channel(),$item_id,TERM_OBJ_POST,TERM_FILE,$term,'');
-	
+
 			// protect the entire conversation from periodic expiration
-	
-			$r = q("select parent from item where id = %d and uid = %d limit 1",
-				intval($item_id),
+
+			q("update item set item_retained = 1, changed = '%s' where id = %d and uid = %d",
+				dbesc(datetime_convert()),
+				intval($r[0]['parent']),
 				intval(local_channel())
 			);
-			if($r) {
-				$x = q("update item set item_retained = 1, changed = '%s' where id = %d and uid = %d",
-					dbesc(datetime_convert()),
-					intval($r[0]['parent']),
-					intval(local_channel())
-				);
-			}
-		} 
+		}
 		else {
 			$filetags = array();
 			$r = q("select distinct(term) from term where uid = %d and ttype = %d order by term asc",
@@ -55,10 +66,10 @@ class Filer extends \Zotlabs\Web\Controller {
 				'$title' => t('Save to Folder'),
 				'$cancel' => t('Cancel')
 			));
-			
+
 			echo $o;
 		}
 		killme();
 	}
-	
+
 }

Zotlabs/Module/Go.php

@@ -2,7 +2,7 @@
 
 namespace Zotlabs\Module;
 
-use Zorlabs\Lib\Config;
+use Zotlabs\Lib\Config;
 
 class Go extends \Zotlabs\Web\Controller {
 
@@ -19,7 +19,7 @@ class Go extends \Zotlabs\Web\Controller {
 
 	function get() {
 		if(! local_channel()) {
-			notify( t('This page is available only to site members') . EOL);
+			notice( t('This page is available only to site members') . EOL);
 		}
 
 		$channel = \App::get_channel();

Zotlabs/Module/Help.php

@@ -30,7 +30,7 @@ class Help extends \Zotlabs\Web\Controller {
 		$this->determine_help_language();
 
 		if (empty($_REQUEST['search']) && argc() === 1) {
-			goaway("/help/{$this->lang['language']}/about/about");
+			goaway("/help/about/about");
 			killme();
 		}
 	}
@@ -155,7 +155,7 @@ class Help extends \Zotlabs\Web\Controller {
 		}
 
 		if (empty($args)) {
-			goaway("/help/{$this->lang['language']}/about/about");
+			goaway("/help/about/about");
 		}
 
 		// Keep the first remaining arg as the heading slug

Zotlabs/Module/Home.php

@@ -100,14 +100,25 @@ class Home extends Controller {
 			goaway($frontpage);
 		}
 
+		$o .= '<div class="generic-content-wrapper">';
+
 		$sitename = Config::Get('system', 'sitename');
-		if ($sitename)
-			$o .= '<h1 class="home-welcome">' . sprintf(t('Welcome to %s'), $sitename) . '</h1>';
+		if ($sitename) {
+			$o .= '<div class="section-title-wrapper">';
+			$o .= '<h2 class="">' . sprintf(t('Welcome to %s'), $sitename) . '</h2>';
+			$o .= '</div>';
+
+		}
+
+		$o .= '<div class="section-content-wrapper">';
 
 		$loginbox = Config::Get('system', 'login_on_homepage');
 		if (intval($loginbox) || $loginbox === false)
 			$o .= login(true);
 
+		$o .= '</div>';
+		$o .= '</div>';
+
 		return $o;
 
 	}

Zotlabs/Module/Hq.php

@@ -230,6 +230,7 @@ class Hq extends \Zotlabs\Web\Controller {
 		$options['offset'] = $_REQUEST['offset'] ?? 0;
 		$options['type'] = $_REQUEST['type'] ?? '';
 		$options['author'] = ((isset($_REQUEST['author'])) ? urldecode($_REQUEST['author']) : '');
+		$options['file'] = ((isset($_REQUEST['file'])) ? urldecode($_REQUEST['file']) : '');
 
 		$ret = Messages::get_messages_page($options);
 

Zotlabs/Module/Impel.php

@@ -164,7 +164,7 @@ class Impel extends \Zotlabs\Web\Controller {
 				$arr['id'] = $i[0]['id'];
 				// don't update if it has the same timestamp as the original
 				if($arr['edited'] > $i[0]['edited'])
-					$x = item_store_update($arr,$execflag);
+					$x = item_store_update($arr, $execflag , deliver: false, addAndSync: false);
 			}
 			else {
 				if(($i) && (intval($i[0]['item_deleted']))) {
@@ -175,7 +175,7 @@ class Impel extends \Zotlabs\Web\Controller {
 					);
 				}
 				else
-					$x = item_store($arr,$execflag);
+					$x = item_store($arr, $execflag, deliver: false, addAndSync: false);
 			}
 
 			if($x && $x['success']) {

Zotlabs/Module/Import.php

@@ -534,6 +534,7 @@ class Import extends Controller {
 		if ($api_path) {
 			$parsed = parse_url($api_path);
 			unset($parsed['path']);
+			unset($parsed['query']);
 
 			// store the import host so we can manually kick off item/file sync later in case anything did not work out
 			set_pconfig($channel['channel_id'], 'import', 'host', $parsed['host']);
@@ -551,7 +552,7 @@ class Import extends Controller {
 				$until = datetime_convert(date_default_timezone_get(), date_default_timezone_get(), 'now + 1 day');
 
 				//$poll_interval = Config::Get('system', 'poll_interval', 3);
-				$page          = 0;
+				$page = 0;
 
 				Master::Summon(['Content_importer', sprintf('%d', $page), $since, $until, $channel['channel_address'], urlencode($hz_server)]);
 				Master::Summon(['File_importer', sprintf('%d', $page), $channel['channel_address'], urlencode($hz_server)]);

Zotlabs/Module/Import_progress.php

@@ -29,14 +29,14 @@ class Import_progress extends \Zotlabs\Web\Controller {
 		$c = PConfig::Get(local_channel(), 'import', 'content_progress');
 
 		if ($c) {
-			$total_cpages = floor(intval($c['items_total']) / intval($c['items_page']));
+			$total_cpages = round(intval($c['items_total']) / intval($c['items_page']));
 			if(!$total_cpages) {
-				$total_cpages = 1; // because of floor
+				$total_cpages = 1; // because of round
 			}
 
 			$cpage = $c['last_page'] + 1; // because page count start at 0
 
-			$cprogress = intval(floor((intval($cpage) * 100) / $total_cpages));
+			$cprogress = intval(round((intval($cpage) * 100) / $total_cpages));
 			$ccompleted_str = t('Item sync completed!');
 
 			if(argv(1) === 'resume_itemsync' && $cprogress < 100) {
@@ -50,6 +50,7 @@ class Import_progress extends \Zotlabs\Web\Controller {
 				if ($alive) {
 					$parsed = parse_url($alive);
 					unset($parsed['path']);
+					unset($parsed['query']);
 
 					$hz_server = unparse_url($parsed);
 					$since = datetime_convert(date_default_timezone_get(), date_default_timezone_get(), '0001-01-01 00:00');
@@ -79,14 +80,14 @@ class Import_progress extends \Zotlabs\Web\Controller {
 		$f = PConfig::Get(local_channel(), 'import', 'files_progress');
 
 		if ($f) {
-			$total_fpages = floor(intval($f['files_total']) / intval($f['files_page']));
+			$total_fpages = round(intval($f['files_total']) / intval($f['files_page']));
 			if(!$total_fpages) {
 				$total_fpages = 1;
 			}
 
 			$fpage = $f['last_page'] + 1;
 
-			$fprogress = intval(floor((intval($fpage) * 100) / $total_fpages));
+			$fprogress = intval(round((intval($fpage) * 100) / $total_fpages));
 			$fcompleted_str = t('File sync completed!');
 
 			if(argv(1) === 'resume_filesync' && $fprogress < 100) {
@@ -120,6 +121,7 @@ class Import_progress extends \Zotlabs\Web\Controller {
 			}
 
 			$fcompleted_str = t('File sync completed but no files were found!');
+
 		}
 
 		$fprogress_str = ((intval($fprogress)) ? $fprogress . '%' : $fprogress);
@@ -127,13 +129,15 @@ class Import_progress extends \Zotlabs\Web\Controller {
 		if(is_ajax()) {
 			$ret = [
 				'cprogress' => $cprogress,
-				'fprogress' => $fprogress
+				'ccompleted_str' => $ccompleted_str,
+				'fprogress' => $fprogress,
+				'fcompleted_str' => $fcompleted_str
 			];
 
 			json_return_and_die($ret);
 		}
 
-		$o = replace_macros(get_markup_template("import_progress.tpl"), [
+		return replace_macros(get_markup_template('import_progress.tpl'), [
 			'$chtitle_str' => t('Channel clone status'),
 			'$ctitle_str' => t('Item sync status'),
 			'$ftitle_str' => t('File sync status'),
@@ -147,8 +151,6 @@ class Import_progress extends \Zotlabs\Web\Controller {
 			'$resume_str' => t('Resume'),
 			'$resume_helper_str' => t('Only resume if sync stalled!')
 		]);
-
-		return $o;
 	}
 
 }

Zotlabs/Module/Item.php

@@ -44,253 +44,30 @@ class Item extends Controller {
 	function init() {
 
 		if (Libzot::is_zot_request()) {
-
-			$item_id = argv(1);
-
-			if (!$item_id)
-				http_status_exit(404, 'Not found');
-
-			$portable_id = EMPTY_STR;
-
-			$item_normal_extra = sprintf(" and not verb in ('Follow', 'Ignore', '%s', '%s') ",
-				dbesc(ACTIVITY_FOLLOW),
-				dbesc(ACTIVITY_UNFOLLOW)
-			);
-
-			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";
-
-			$i = null;
-
-			// do we have the item (at all)?
-
-			$r = q("select parent_mid from item where uuid = '%s' $item_normal limit 1",
-				dbesc($item_id)
-			);
-
-			if (!$r) {
-				http_status_exit(404, 'Not found');
-			}
-
-			// process an authenticated fetch
-
-			$sigdata = HTTPSig::verify(($_SERVER['REQUEST_METHOD'] === 'POST') ? file_get_contents('php://input') : EMPTY_STR);
-			if ($sigdata['portable_id'] && $sigdata['header_valid']) {
-				$portable_id = $sigdata['portable_id'];
-				if (!check_channelallowed($portable_id)) {
-					http_status_exit(403, 'Permission denied');
-				}
-				if (!check_siteallowed($sigdata['signer'])) {
-					http_status_exit(403, 'Permission denied');
-				}
-				observer_auth($portable_id);
-
-				$i = q("select id as item_id, uid from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1",
-					dbesc($r[0]['parent_mid']),
-					dbesc($portable_id)
-				);
-			}
-			elseif (Config::get('system', 'require_authenticated_fetch', false)) {
-				http_status_exit(403, 'Permission denied');
-			}
-
-			// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
-			// with a bias towards those items owned by channels on this site (item_wall = 1)
-
-			$sql_extra = item_permissions_sql(0);
-
-			if (!$i) {
-				$i = q("select id as item_id, uid, item_private from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
-					dbesc($r[0]['parent_mid'])
-				);
-			}
-
-			if (!$i) {
-				http_status_exit(403, 'Forbidden');
-			}
-
-			$chan = channelx_by_n($i[0]['uid']);
-
-			if (!$chan) {
-				http_status_exit(404, 'Not found');
-			}
-
-			if (!perm_is_allowed($chan['channel_id'], get_observer_hash(), 'view_stream')) {
-				http_status_exit(403, 'Forbidden');
-			}
-
-			$parents_str = ids_to_querystr($i, 'item_id');
-
-			// We won't need to check for privacy mismatches if the verified observer is also owner
-			$parent_item_private = ((isset($i[0]['item_private'])) ? " and item_private = " . intval($i[0]['item_private']) . " " : '');
-
-			$total = q("SELECT count(*) AS count FROM item WHERE parent = %d $parent_item_private $item_normal ",
-				intval($parents_str)
-			);
-
-			App::set_pager_total($total[0]['count']);
-			App::set_pager_itemspage(30);
-
-			if (App::$pager['total'] > App::$pager['itemspage']) {
-				// let mod conversation handle this request
-				App::$query_string = str_replace('item', 'conversation', App::$query_string);
-				$i = Activity::paged_collection_init(App::$pager['total'], App::$query_string);
-				as_return_and_die($i ,$chan);
-			}
-			else {
-				$items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent = %d $parent_item_private $item_normal ORDER BY item.id",
-					intval($parents_str)
-				);
-
-				xchan_query($items, true);
-				$items = fetch_post_tags($items, true);
-
-				$i = Activity::encode_item_collection($items, App::$query_string, 'OrderedCollection', App::$pager['total']);
-			}
-
-			if ($portable_id && (!intval($items[0]['item_private']))) {
-				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
-					intval($items[0]['uid']),
-					dbesc($portable_id)
-				);
-				if (!$c) {
-					ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
-				}
-			}
-
-			as_return_and_die($i ,$chan);
+			$this->init_zot_request();
 		}
 
 		if (ActivityStreams::is_as_request()) {
-
-			$item_id = argv(1);
-			if (!$item_id)
-				http_status_exit(404, 'Not found');
-
-			$portable_id = EMPTY_STR;
-
-			$item_normal_extra = sprintf(" and not verb in ('Follow', 'Ignore', '%s', '%s') ",
-				dbesc(ACTIVITY_FOLLOW),
-				dbesc(ACTIVITY_UNFOLLOW)
-			);
-
-			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";
-
-			$i = null;
-
-			// do we have the item (at all)?
-			// add preferential bias to item owners (item_wall = 1)
-
-			$r = q("select * from item where uuid = '%s' $item_normal order by item_wall desc limit 1",
-				dbesc($item_id)
-			);
-
-			if (!$r) {
-				http_status_exit(404, 'Not found');
-			}
-
-			// process an authenticated fetch
-
-			$sigdata = HTTPSig::verify(EMPTY_STR);
-			if ($sigdata['portable_id'] && $sigdata['header_valid']) {
-				$portable_id = $sigdata['portable_id'];
-				if (!check_channelallowed($portable_id)) {
-					http_status_exit(403, 'Permission denied');
-				}
-				if (!check_siteallowed($sigdata['signer'])) {
-					http_status_exit(403, 'Permission denied');
-				}
-				observer_auth($portable_id);
-
-				$i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1 ",
-					dbesc($r[0]['parent_mid']),
-					dbesc($portable_id)
-				);
-			}
-			elseif (Config::get('system', 'require_authenticated_fetch', false)) {
-				http_status_exit(403, 'Permission denied');
-			}
-
-			// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
-			// with a bias towards those items owned by channels on this site (item_wall = 1)
-
-			$sql_extra = item_permissions_sql(0);
-
-			if (!$i) {
-				$i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
-					dbesc($r[0]['parent_mid'])
-				);
-			}
-
-			$bear = Activity::token_from_request();
-			if ($bear) {
-				logger('bear: ' . $bear, LOGGER_DEBUG);
-				if (!$i) {
-					$t = q("select * from iconfig where cat = 'ocap' and k = 'relay' and v = '%s'",
-						dbesc($bear)
-					);
-					if ($t) {
-						$i = q("select id as item_id from item where uuid = '%s' and id = %d $item_normal limit 1",
-							dbesc($item_id),
-							intval($t[0]['iid'])
-						);
-					}
-				}
-			}
-
-			if (!$i) {
-				http_status_exit(403, 'Forbidden');
-			}
-
-			// If we get to this point we have determined we can access the original in $r (fetched much further above), so use it.
-
-			xchan_query($r, true);
-			$items = fetch_post_tags($r, false);
-
-			$chan = channelx_by_n($items[0]['uid']);
-
-			if (!$chan)
-				http_status_exit(404, 'Not found');
-
-			if (!perm_is_allowed($chan['channel_id'], get_observer_hash(), 'view_stream'))
-				http_status_exit(403, 'Forbidden');
-
-			$i = Activity::encode_item($items[0]);
-
-			if (!$i)
-				http_status_exit(404, 'Not found');
-
-			if ($portable_id && (!intval($items[0]['item_private']))) {
-				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
-					intval($items[0]['uid']),
-					dbesc($portable_id)
-				);
-				if (!$c) {
-					ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
-				}
-			}
-
-			as_return_and_die($i ,$chan);
-
+			$this->init_as_request();
 		}
 
 
 		if (argc() > 1 && argv(1) !== 'drop') {
-			$x = q("select uid, item_wall, llink, mid, uuid from item where mid = '%s' or mid = '%s' or uuid = '%s'",
-				dbesc(z_root() . '/item/' . argv(1)),
-				dbesc(z_root() . '/activity/' . argv(1)),
+			$x = q("select uid, item_wall, llink, uuid from item where uuid = '%s' order by item_wall desc",
 				dbesc(argv(1))
 			);
+
 			if ($x) {
-				foreach ($x as $xv) {
-					if (intval($xv['item_wall'])) {
-						$c = channelx_by_n($xv['uid']);
-						if ($c) {
-							goaway(z_root() . '/channel/' . $c['channel_address'] . '?mid=' . $xv['uuid']);
-						}
+				if ($x[0]['item_wall']) {
+					$c = channelx_by_n($x[0]['uid']);
+					if ($c) {
+						goaway(z_root() . '/channel/' . $c['channel_address'] . '?mid=' . $x[0]['uuid']);
 					}
 				}
+
 				goaway($x[0]['llink']);
 			}
+
 			http_status_exit(404, 'Not found');
 		}
 
@@ -323,7 +100,6 @@ class Item extends Controller {
 		$item_deleted = false;
 		$item_hidden = false;
 		$item_unpublished = false;
-		$item_delayed = false;
 		$item_pending_remove = false;
 		$item_blocked = false;
 
@@ -401,6 +177,7 @@ class Item extends Controller {
 		$categories    = ((x($_REQUEST, 'category')) ? escape_tags($_REQUEST['category']) : '');
 		$webpage       = ((x($_REQUEST, 'webpage')) ? intval($_REQUEST['webpage']) : 0);
 		$item_obscured = ((x($_REQUEST, 'obscured')) ? intval($_REQUEST['obscured']) : 0);
+		$item_delayed  = ((x($_REQUEST, 'delayed')) ? intval($_REQUEST['delayed']) : 0);
 		$pagetitle     = ((x($_REQUEST, 'pagetitle')) ? escape_tags($_REQUEST['pagetitle']) : '');
 		$layout_mid    = ((x($_REQUEST, 'layout_mid')) ? escape_tags($_REQUEST['layout_mid']) : '');
 		$plink         = ((x($_REQUEST, 'permalink')) ? escape_tags($_REQUEST['permalink']) : '');
@@ -430,7 +207,6 @@ class Item extends Controller {
 
 
 		$expires = NULL_DATE;
-		$comments_closed = NULL_DATE;
 
 		$route          = '';
 		$parent_item    = null;
@@ -607,6 +383,7 @@ class Item extends Controller {
 		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
 			dbesc($channel['channel_hash'])
 		);
+
 		if ($r && count($r)) {
 			$owner_xchan = $r[0];
 		}
@@ -677,7 +454,7 @@ class Item extends Controller {
 			$title               = escape_tags(trim($_REQUEST['title']));
 			$summary             = escape_tags(trim($_REQUEST['summary']));
 			$body                = trim($_REQUEST['body']);
-			$item_flags          = $orig_post['item_flags'];
+			$item_flags           = $orig_post['item_flags'];
 			$item_origin         = $orig_post['item_origin'];
 			$item_unseen         = $orig_post['item_unseen'];
 			$item_starred        = $orig_post['item_starred'];
@@ -691,7 +468,7 @@ class Item extends Controller {
 			$item_mentionsme     = $orig_post['item_mentionsme'];
 			$item_nocomment      = $orig_post['item_nocomment'];
 			$item_obscured       = $orig_post['item_obscured'];
-			$item_verified       = $orig_post['item_verified'];
+			$item_verified        = $orig_post['item_verified'];
 			$item_retained       = $orig_post['item_retained'];
 			$item_rss            = $orig_post['item_rss'];
 			$item_deleted        = $orig_post['item_deleted'];
@@ -710,6 +487,7 @@ class Item extends Controller {
 			$thr_parent          = $orig_post['thr_parent'];
 			$parent_mid          = $orig_post['parent_mid'];
 			$plink               = $orig_post['plink'];
+			$owner_hash          = $orig_post['owner_xchan'];
 		}
 		else {
 			if (!$walltowall) {
@@ -1016,6 +794,7 @@ class Item extends Controller {
 		$item_origin    = (($origin) ? 1 : 0);
 		$item_consensus = (($consensus) ? 1 : 0);
 		$item_nocomment = (($nocomment) ? 1 : 0);
+		$comments_closed = (($nocomment) ? $comments_closed : NULL_DATE);
 
 		// determine if this is a wall post
 
@@ -1029,18 +808,42 @@ class Item extends Controller {
 		}
 
 
-		if ($moderated)
+		if ($moderated) {
 			$item_blocked = ITEM_MODERATED;
+		}
 
 
-		if (!strlen($verb))
+		if (!strlen($verb)) {
 			$verb = 'Create';
+		}
 
 		$notify_type = (($parent) ? 'comment-new' : 'wall-new');
 
 		$uuid = $uuid ?? $message_id ?? item_message_id();
 		$mid = $mid ?? z_root() . '/item/' . $uuid;
 
+
+		if (empty($owner_hash)) {
+			$owner_hash = $owner_xchan['xchan_hash'];
+		}
+
+		// Set the conversation target.
+		if ($owner_hash === $channel['channel_hash']) {
+			$attributedTo = z_root() . '/channel/' . $channel['channel_address'];
+
+			$conversation = isset($parent_item) ? $parent_item['mid'] : $mid;
+			$datarray['target'] = [
+				'id' => str_replace('/item/', '/conversation/', $conversation),
+				'type' => 'Collection',
+				'attributedTo' => $attributedTo,
+			];
+			$datarray['tgt_type'] = 'Collection';
+		}
+		elseif (!empty($parent_item['target'])) {
+			$datarray['target'] = $parent_item['target'];
+			$datarray['tgt_type'] = $parent_item['tgt_type'];
+		}
+
 		if ($is_poll) {
 			$poll = [
 				'question'         => $body,
@@ -1060,7 +863,7 @@ class Item extends Controller {
 			$obj['id']            = $mid;
 			$obj['diaspora:guid'] = $uuid;
 			$obj['attributedTo']  = channel_url($channel);
-			$obj['published']     = $created;
+			$obj['published']     = datetime_convert('UTC', 'UTC', $created, ATOM_TIME);
 			$obj['name']          = $title;
 
 			$datarray['obj']      = $obj;
@@ -1245,6 +1048,7 @@ class Item extends Controller {
 				$this->add_listeners($datarray);
 			}
 
+			/* sync this is done in item_store_update()
 			if (!$parent) {
 				$r = q("select * from item where id = %d",
 					intval($post_id)
@@ -1255,9 +1059,14 @@ class Item extends Controller {
 					Libsync::build_sync_packet($profile_uid, ['item' => [encode_item($sync_item[0], true)]]);
 				}
 			}
-			if (!$nopush)
-				Master::Summon(['Notifier', 'edit_post', $post_id]);
+			*/
 
+			if (!$nopush) {
+				Master::Summon(['Notifier', 'edit_post', $post_id]);
+				if (intval($x['approval_id'])) {
+					Master::Summon(['Notifier', 'edit_post', $x['approval_id']]);
+				}
+			}
 
 			if ($api_source)
 				return ($x);
@@ -1281,6 +1090,7 @@ class Item extends Controller {
 		}
 
 		$post_id = $post['item_id'];
+		$approval_id = $post['approval_id'] ?? 0;
 
 		$datarray = $post['item'];
 
@@ -1355,6 +1165,7 @@ class Item extends Controller {
 			killme();
 		}
 
+		/* sync this is done in item_store_update()
 		if ($parent || $datarray['item_private'] == 1) {
 			$r = q("select * from item where id = %d",
 				intval($post_id)
@@ -1365,6 +1176,7 @@ class Item extends Controller {
 				Libsync::build_sync_packet($profile_uid, ['item' => [encode_item($sync_item[0], true)]]);
 			}
 		}
+		*/
 
 		$datarray['id']    = $post_id;
 		$datarray['llink'] = z_root() . '/display/' . $datarray['uuid'];
@@ -1375,8 +1187,12 @@ class Item extends Controller {
 			$nopush = false;
 		}
 
-		if (!$nopush)
+		if (!$nopush) {
 			Master::Summon(['Notifier', $notify_type, $post_id]);
+			if ($approval_id) {
+				Master::Summon(['Notifier', $notify_type, $approval_id]);
+			}
+		}
 
 		logger('post_complete');
 
@@ -1429,9 +1245,7 @@ class Item extends Controller {
 
 		if ((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
 
-			require_once('include/items.php');
-
-			$i = q("select id, uid, item_origin, author_xchan, owner_xchan, source_xchan, item_type from item where id = %d limit 1",
+			$i = q("select * from item where id = %d limit 1",
 				intval(argv(2))
 			);
 
@@ -1458,7 +1272,6 @@ class Item extends Controller {
 						$can_delete = true;
 				}
 
-
 				if (!($can_delete || $local_delete)) {
 					notice(t('Permission denied.') . EOL);
 					return;
@@ -1474,13 +1287,14 @@ class Item extends Controller {
 				}
 				else {
 					// complex deletion that needs to propagate and be performed in phases
-					drop_item($i[0]['id'], true, DROPITEM_PHASE1);
+					drop_item($i[0]['id'], DROPITEM_PHASE1);
 					$complex = true;
 				}
 
 				$r = q("select * from item where id = %d",
 					intval($i[0]['id'])
 				);
+
 				if ($r) {
 					xchan_query($r);
 					$sync_item = fetch_post_tags($r);
@@ -1489,6 +1303,9 @@ class Item extends Controller {
 
 				if ($complex) {
 					tag_deliver($i[0]['uid'], $i[0]['id']);
+					if (intval($i[0]['item_wall']) || $i[0]['mid'] !== $i[0]['parent_mid']) {
+						Master::Summon(['Notifier', 'drop', $i[0]['id']]);
+					}
 				}
 
 			}
@@ -1672,5 +1489,234 @@ class Item extends Controller {
 		}
 	}
 
+	private function init_zot_request() {
+
+		$item_id = argv(1);
+
+		if (!$item_id)
+			http_status_exit(404, 'Not found');
+
+		$portable_id = EMPTY_STR;
+
+		$item_normal_extra = sprintf(" and not verb in ('Follow', 'Ignore', '%s', '%s') ",
+			dbesc(ACTIVITY_FOLLOW),
+			dbesc(ACTIVITY_UNFOLLOW)
+		);
+
+		$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
+
+		$i = null;
+
+		// do we have the item (at all)?
+
+		$r = q("select parent_mid from item where uuid = '%s' $item_normal limit 1",
+			dbesc($item_id)
+		);
+
+		if (!$r) {
+			http_status_exit(404, 'Not found');
+		}
+
+		// process an authenticated fetch
+
+		$sigdata = HTTPSig::verify(($_SERVER['REQUEST_METHOD'] === 'POST') ? file_get_contents('php://input') : EMPTY_STR);
+		if ($sigdata['portable_id'] && $sigdata['header_valid']) {
+			$portable_id = $sigdata['portable_id'];
+			if (!check_channelallowed($portable_id)) {
+				http_status_exit(403, 'Permission denied');
+			}
+			if (!check_siteallowed($sigdata['signer'])) {
+				http_status_exit(403, 'Permission denied');
+			}
+			observer_auth($portable_id);
+
+			$i = q("select id as item_id, uid from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1",
+				dbesc($r[0]['parent_mid']),
+				dbesc($portable_id)
+			);
+		}
+		elseif (Config::get('system', 'require_authenticated_fetch', false)) {
+			http_status_exit(403, 'Permission denied');
+		}
+
+		// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
+		// with a bias towards those items owned by channels on this site (item_wall = 1)
+
+		$sql_extra = item_permissions_sql(0);
+
+		if (!$i) {
+			$i = q("select id as item_id, uid, item_private from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
+				dbesc($r[0]['parent_mid'])
+			);
+		}
+
+		if (!$i) {
+			http_status_exit(403, 'Forbidden');
+		}
+
+		$chan = channelx_by_n($i[0]['uid']);
+
+		if (!$chan) {
+			http_status_exit(404, 'Not found');
+		}
+
+		if (!perm_is_allowed($chan['channel_id'], get_observer_hash(), 'view_stream')) {
+			http_status_exit(403, 'Forbidden');
+		}
+
+		$parents_str = ids_to_querystr($i, 'item_id');
+
+		// We won't need to check for privacy mismatches if the verified observer is also owner
+		$parent_item_private = ((isset($i[0]['item_private'])) ? " and item_private = " . intval($i[0]['item_private']) . " " : '');
+
+		$total = q("SELECT count(*) AS count FROM item WHERE parent = %d $parent_item_private $item_normal ",
+			intval($parents_str)
+		);
+
+		App::set_pager_total($total[0]['count']);
+		App::set_pager_itemspage(30);
+
+		if (App::$pager['total'] > App::$pager['itemspage']) {
+			// let mod conversation handle this request
+			App::$query_string = str_replace('item', 'conversation', App::$query_string);
+			$i = Activity::paged_collection_init(App::$pager['total'], App::$query_string);
+			as_return_and_die($i ,$chan);
+		}
+		else {
+			$items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent = %d $parent_item_private $item_normal ORDER BY item.id",
+				intval($parents_str)
+			);
+
+			xchan_query($items, true);
+			$items = fetch_post_tags($items, true);
+
+			$i = Activity::encode_item_collection($items, App::$query_string, 'OrderedCollection', App::$pager['total']);
+		}
+
+		if ($portable_id && (!intval($items[0]['item_private']))) {
+			$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
+				intval($items[0]['uid']),
+				dbesc($portable_id)
+			);
+			if (!$c) {
+				ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
+			}
+		}
+
+		as_return_and_die($i ,$chan);
+	}
+
+	private function init_as_request() {
+
+		$item_id = argv(1);
+		if (!$item_id)
+			http_status_exit(404, 'Not found');
+
+		$portable_id = EMPTY_STR;
+
+		$item_normal_extra = sprintf(" and not verb in ('Follow', 'Ignore', '%s', '%s') ",
+			dbesc(ACTIVITY_FOLLOW),
+			dbesc(ACTIVITY_UNFOLLOW)
+		);
+
+		$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
+
+		$i = null;
+
+		// do we have the item (at all)?
+		// add preferential bias to item owners (item_wall = 1)
+
+		$r = q("select * from item where uuid = '%s' $item_normal order by item_wall desc limit 1",
+			dbesc($item_id)
+		);
+
+		if (!$r) {
+			http_status_exit(404, 'Not found');
+		}
+
+		// process an authenticated fetch
+
+		$sigdata = HTTPSig::verify(EMPTY_STR);
+		if ($sigdata['portable_id'] && $sigdata['header_valid']) {
+			$portable_id = $sigdata['portable_id'];
+			if (!check_channelallowed($portable_id)) {
+				http_status_exit(403, 'Permission denied');
+			}
+			if (!check_siteallowed($sigdata['signer'])) {
+				http_status_exit(403, 'Permission denied');
+			}
+			observer_auth($portable_id);
+
+			$i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan = '%s' limit 1 ",
+				dbesc($r[0]['parent_mid']),
+				dbesc($portable_id)
+			);
+		}
+		elseif (Config::get('system', 'require_authenticated_fetch', false)) {
+			http_status_exit(403, 'Permission denied');
+		}
+
+		// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
+		// with a bias towards those items owned by channels on this site (item_wall = 1)
+
+		$sql_extra = item_permissions_sql(0);
+
+		if (!$i) {
+			$i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
+				dbesc($r[0]['parent_mid'])
+			);
+		}
+
+		$bear = Activity::token_from_request();
+		if ($bear) {
+			logger('bear: ' . $bear, LOGGER_DEBUG);
+			if (!$i) {
+				$t = q("select * from iconfig where cat = 'ocap' and k = 'relay' and v = '%s'",
+					dbesc($bear)
+				);
+				if ($t) {
+					$i = q("select id as item_id from item where uuid = '%s' and id = %d $item_normal limit 1",
+						dbesc($item_id),
+						intval($t[0]['iid'])
+					);
+				}
+			}
+		}
+
+		if (!$i) {
+			http_status_exit(403, 'Forbidden');
+		}
+
+		// If we get to this point we have determined we can access the original in $r (fetched much further above), so use it.
+
+		xchan_query($r, true);
+		$items = fetch_post_tags($r, false);
+
+		$chan = channelx_by_n($items[0]['uid']);
+
+		if (!$chan)
+			http_status_exit(404, 'Not found');
+
+		if (!perm_is_allowed($chan['channel_id'], get_observer_hash(), 'view_stream'))
+			http_status_exit(403, 'Forbidden');
+
+		$i = Activity::encode_item($items[0]);
+
+		if (!$i)
+			http_status_exit(404, 'Not found');
+
+		if ($portable_id && (!intval($items[0]['item_private']))) {
+			$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
+				intval($items[0]['uid']),
+				dbesc($portable_id)
+			);
+			if (!$c) {
+				ThreadListener::store(z_root() . '/item/' . $item_id, $portable_id);
+			}
+		}
+
+		as_return_and_die($i ,$chan);
+
+	}
 
 }

Zotlabs/Module/Like.php

@@ -284,7 +284,7 @@ class Like extends Controller {
 						intval($ch[0]['channel_id'])
 					);
 					if ($r)
-						drop_item($r[0]['id'], false);
+						drop_item($r[0]['id']);
 					if ($interactive) {
 						notice(t('Previous action reversed.') . EOL);
 						return $o;
@@ -387,17 +387,20 @@ class Like extends Controller {
 				// already liked it. Drop that item.
 				require_once('include/items.php');
 				foreach ($r as $rr) {
-					drop_item($rr['id'], false, DROPITEM_PHASE1);
+					drop_item($rr['id'], DROPITEM_PHASE1);
+
 					// set the changed timestamp on the parent so we'll see the update without a page reload
 					q("update item set changed = '%s' where id = %d and uid = %d",
 						dbesc(datetime_convert()),
 						intval($rr['parent']),
 						intval($rr['uid'])
 					);
+
 					// Prior activity was a duplicate of the one we're submitting, just undo it;
 					// don't fall through and create another
-					if (activity_match($rr['verb'], $activity))
+					if (activity_match($rr['verb'], $activity)) {
 						$multi_undo = false;
+					}
 
 					$d = q("select * from item where id = %d",
 						intval($rr['id'])
@@ -559,6 +562,7 @@ class Like extends Controller {
 
 		$post    = item_store($arr);
 		$post_id = $post['item_id'];
+		$approval_id = $post['approval_id'] ?? 0;
 
 		// save the conversation from expiration
 
@@ -574,6 +578,7 @@ class Like extends Controller {
 		}
 
 
+/* Item sync is now done in item_store()
 		$r = q("select * from item where id = %d",
 			intval($post_id)
 		);
@@ -582,7 +587,7 @@ class Like extends Controller {
 			$sync_item = fetch_post_tags($r);
 			Libsync::build_sync_packet($profile_uid, ['item' => [encode_item($sync_item[0], true)]]);
 		}
-
+*/
 
 		if ($extended_like) {
 			$r = q("insert into likes (channel_id,liker,likee,iid,i_mid,verb,target_type,target_id,target) values (%d,'%s','%s',%d,'%s','%s','%s','%s','%s')",
@@ -609,7 +614,10 @@ class Like extends Controller {
 
 		}
 
-		Master::Summon(array('Notifier', 'like', $post_id));
+		Master::Summon(['Notifier', 'like', $post_id]);
+		if ($approval_id) {
+			Master::Summon(['Notifier', 'like', $approval_id]);
+		}
 
 		if ($interactive) {
 			notice(t('Action completed.') . EOL);

Zotlabs/Module/Login.php

@@ -10,7 +10,16 @@ class Login extends \Zotlabs\Web\Controller {
 		if(remote_channel() && $_SESSION['atoken'])
 			goaway(z_root());
 
-		return login(true);
+		$o = '<div class="generic-content-wrapper">';
+		$o .= '<div class="section-title-wrapper">';
+		$o .= '<h2 class="">' . t('Login') . '</h2>';
+		$o .= '</div>';
+		$o .= '<div class="section-content-wrapper">';
+		$o .= login(true);
+		$o .= '</div>';
+		$o .= '</div>';
+
+		return $o;
 	}
 
 }

Zotlabs/Module/Magic.php

@@ -11,37 +11,43 @@ class Magic extends Controller {
 
 	function init() {
 
-		$ret =  [
-			'success' => false,
-			'url'     => '',
-			'message' => ''
-		];
-
 		logger('mod_magic: invoked', LOGGER_DEBUG);
 
-		logger('args: ' . print_r($_REQUEST,true),LOGGER_DATA);
+		if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+			$data = $_POST;
+		} elseif ($_SERVER['REQUEST_METHOD'] === 'GET') {
+			$data = $_GET;
+		} else {
+			http_status_exit(405, 'Method Not Allowed');
+		}
 
-		$addr     = ((x($_REQUEST,'addr'))     ? $_REQUEST['addr']         : '');
-		$bdest    = ((x($_REQUEST,'bdest'))    ? $_REQUEST['bdest']        : '');
-		$dest     = ((x($_REQUEST,'dest'))     ? $_REQUEST['dest']         : '');
-		$rev      = ((x($_REQUEST,'rev'))      ? intval($_REQUEST['rev'])  : 0);
-		$owa      = ((x($_REQUEST,'owa'))      ? intval($_REQUEST['owa'])  : 0);
-		$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate']     : '');
+		logger('request method: ' . print_r($_SERVER['REQUEST_METHOD'], true), LOGGER_DATA);
+		logger('args: ' . print_r($data, true), LOGGER_DATA);
+
+		$bdest    = $data['bdest'] ?? '';
+		$owa      = $data['owa'] ?? 0;
+		$delegate = $data['delegate'] ?? '';
 
 		// bdest is preferred as it is hex-encoded and can survive url rewrite and argument parsing
 
-		if ($bdest) {
-			$dest = hex2bin($bdest);
+		if (!$bdest) {
+			http_status_exit(400, 'Bad Request');
 		}
 
+		$dest = hex2bin($bdest);
 		$parsed = parse_url($dest);
 
-		if (! $parsed) {
-			goaway($dest);
+		if (!$parsed) {
+			http_status_exit(400, 'Bad Request');
 		}
 
-		$basepath = $parsed['scheme'] . '://' . $parsed['host'] . (isset($parsed['port']) ? ':' . $parsed['port'] : '');
-		$owapath = SConfig::get($basepath,'system','openwebauth', $basepath . '/owa');
+		$basepath = unparse_url(array_filter(
+			$parsed,
+			fn (string $key) => in_array($key, ['scheme', 'host', 'port']),
+			ARRAY_FILTER_USE_KEY
+		));
+
+		$owapath = SConfig::get($basepath, 'system', 'openwebauth', $basepath . '/owa');
 
 		// This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating.
 		// By default, we'll proceed without asking.
@@ -53,12 +59,14 @@ class Magic extends Controller {
 		];
 
 		call_hooks('magic_auth',$arr);
+
 		$dest = $arr['destination'];
-		if (! $arr['proceed']) {
+
+		if (!$arr['proceed']) {
 			goaway($dest);
 		}
 
-		if((get_observer_hash()) && (stripos($dest,z_root()) === 0)) {
+		if (get_observer_hash() && str_starts_with($dest, z_root())) {
 
 			// We are already authenticated on this site and a registered observer.
 			// First check if this is a delegate request on the local system and process accordingly.
@@ -106,29 +114,41 @@ class Magic extends Controller {
 				$headers['Content-Type'] = 'application/x-zot+json' ;
 				$headers['X-Open-Web-Auth'] = random_string();
 				$headers['Host'] = $parsed['host'];
-				$headers['(request-target)'] = 'get ' . '/owa';
+				$headers['(request-target)'] = 'get /owa';
 
 				$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512');
 				$redirects = 0;
+
 				$x = z_fetch_url($owapath, false, $redirects, ['headers' => $headers]);
 
 				logger('owa fetch returned: ' . print_r($x,true),LOGGER_DATA);
+
 				if ($x['success']) {
 					$j = json_decode($x['body'],true);
 					if ($j['success'] && $j['encrypted_token']) {
 						// decrypt the token using our private key
 						$token = '';
-						openssl_private_decrypt(base64url_decode($j['encrypted_token']),$token,$channel['channel_prvkey']);
+						openssl_private_decrypt(base64url_decode($j['encrypted_token']), $token, $channel['channel_prvkey']);
 						$x = strpbrk($dest,'?&');
 						// redirect using the encrypted token which will be exchanged for an authenticated session
-						$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
+						$args = (($x) ? '&owt=' . $token : '?owt=' . $token) . (($delegate) ? '&delegate=1' : '');
 						goaway($dest . $args);
 					}
+					else {
+						$o = '<h1>OWA ERROR</h1>';
+						if (!empty($j['message'])) {
+							$o .= '<h2>' . $j['message'] . '</h2>';
+						}
+						$o .= '<a href=' . $dest . '>' . $dest . '</a>';
+
+						echo $o;
+					}
 				}
 			}
 		}
 
-		goaway($dest);
+		killme();
+
 	}
 
 }

Zotlabs/Module/Mitem.php

@@ -184,8 +184,8 @@ class Mitem extends \Zotlabs\Web\Controller {
 				'$nick'        => $which,
 				'$sys'         => \App::$is_sys
 			));
-	
-			$o .= replace_macros(get_markup_template('mitemlist.tpl'),array(
+
+			return replace_macros(get_markup_template('mitemlist.tpl'),array(
 				'$title'       => t('Menu:'),
 				'$create'      => $create,
 				'$nametitle'   => t('Link Name'),
@@ -204,29 +204,27 @@ class Mitem extends \Zotlabs\Web\Controller {
 				'$hintedit'    => t('Edit this menu item'),
 				'$nick'        => $which,
 			));
-	
-			return $o;
 		}
-	
-	
+
+
 		if(argc() > 3) {
 
 			if(intval(argv(3))) {
-	
+
 				$m = q("select * from menu_item where mitem_id = %d and mitem_channel_id = %d limit 1",
 					intval(argv(3)),
 					intval($owner)
 				);
-	
+
 				if(! $m) {
 					notice( t('Menu item not found.') . EOL);
 					goaway(z_root() . '/menu/'. $which . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 				}
-	
+
 				$mitem = $m[0];
-	
+
 				$lockstate = (($mitem['allow_cid'] || $mitem['allow_gid'] || $mitem['deny_cid'] || $mitem['deny_gid']) ? 'lock' : 'unlock');
-	
+
 				if(argc() == 5 && argv(4) == 'drop') {
 					menu_sync_packet($owner,get_observer_hash(),$mitem['mitem_menu_id']);
 					$r = menu_del_item($mitem['mitem_menu_id'], $owner, intval(argv(3)));
@@ -235,12 +233,12 @@ class Mitem extends \Zotlabs\Web\Controller {
 						info( t('Menu item deleted.') . EOL);
 					else
 						notice( t('Menu item could not be deleted.'). EOL);
-	
+
 					goaway(z_root() . '/mitem/' . $which . '/' . $mitem['mitem_menu_id'] . ((\App::$is_sys) ? '?f=&sys=1' : ''));
 				}
-	
+
 				// edit menu item
-				$o = replace_macros(get_markup_template('mitemedit.tpl'), array(
+				return replace_macros(get_markup_template('mitemedit.tpl'), array(
 					'$header' => t('Edit Menu Element'),
 					'$menu_id' => \App::$data['menu']['menu_id'],
 					'$permissions' => t('Menu Item Permissions'),
@@ -261,10 +259,8 @@ class Mitem extends \Zotlabs\Web\Controller {
 					'$menu_names'  => $menu_names,
 					'$nick'  => $which
 				));
-	
-				return $o;
 			}
 		}
 	}
-	
+
 }

Zotlabs/Module/Moderate.php

@@ -74,7 +74,7 @@ class Moderate extends \Zotlabs\Web\Controller {
 					// let the sender know we received their comment but we don't permit spam here.
 					// Activity::send_rejection_activity(App::get_channel(), $item['author_xchan'], $item);
 
-					drop_item($post_id,false);
+					drop_item($post_id);
 					notice( t('Item deleted') . EOL);
 				}
 

Zotlabs/Module/Notify.php

@@ -1,8 +1,8 @@
 <?php
 namespace Zotlabs\Module;
 
-use \Zotlabs\Lib\PConfig;
-use \Zotlabs\Web\Controller;
+use Zotlabs\Lib\PConfig;
+use Zotlabs\Web\Controller;
 
 class Notify extends Controller {
 

Zotlabs/Module/OAuth2TestVehicle.php

@@ -31,8 +31,8 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 		$_SESSION['api_response'] = (x($_SESSION, 'api_response') ? $_SESSION['api_response'] : '');
 	}
 	function get() {
-		
-		$o .= replace_macros(get_markup_template('oauth2testvehicle.tpl'), array(
+
+		$output = replace_macros(get_markup_template('oauth2testvehicle.tpl'), array(
 			'$baseurl' => z_root(),
 			'$api_response' => $_SESSION['api_response'],
 			/*
@@ -97,8 +97,10 @@ class OAuth2TestVehicle extends \Zotlabs\Web\Controller {
 				)
 			)
 		));
+
 		$_SESSION['success'] = '';
-		return $o;
+
+		return $output;
 	}
 
 	function post() {

Zotlabs/Module/Oauth.php

@@ -103,7 +103,8 @@ class Oauth extends Controller {
 
 		if((argc() > 1) && (argv(1) === 'add')) {
 			$tpl = get_markup_template("oauth_edit.tpl");
-			$o .= replace_macros($tpl, array(
+
+			return replace_macros($tpl, array(
 				'$form_security_token' => get_form_security_token("oauth"),
 				'$title'	=> t('Add application'),
 				'$submit'	=> t('Submit'),
@@ -114,7 +115,6 @@ class Oauth extends Controller {
 				'$redirect'	=> array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')),
 				'$icon'		=> array('icon', t('Icon url'), '', t('Optional')),
 			));
-			return $o;
 		}
 
 		if((argc() > 2) && (argv(1) === 'edit')) {
@@ -129,7 +129,7 @@ class Oauth extends Controller {
 			$app = $r[0];
 
 			$tpl = get_markup_template("oauth_edit.tpl");
-			$o .= replace_macros($tpl, array(
+			return replace_macros($tpl, array(
 				'$form_security_token' => get_form_security_token("oauth"),
 				'$title'	=> t('Add application'),
 				'$submit'	=> t('Update'),
@@ -140,7 +140,6 @@ class Oauth extends Controller {
 				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], ''),
 				'$icon'		=> array('icon', t('Icon url'), $app['icon'], ''),
 			));
-			return $o;
 		}
 
 		if((argc() > 2) && (argv(1) === 'delete')) {
@@ -163,7 +162,8 @@ class Oauth extends Controller {
 
 
 		$tpl = get_markup_template("oauth.tpl");
-		$o .= replace_macros($tpl, array(
+
+		return replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("oauth"),
 			'$baseurl'	=> z_root(),
 			'$title'	=> t('Connected OAuth Apps'),
@@ -175,8 +175,6 @@ class Oauth extends Controller {
 			'$remove'	=> t('Remove authorization'),
 			'$apps'		=> $r,
 		));
-		return $o;
-
 	}
 
 }

Zotlabs/Module/Oauth2.php

@@ -108,7 +108,8 @@ class Oauth2 extends Controller {
 
 		if((argc() > 1) && (argv(1) === 'add')) {
 			$tpl = get_markup_template("oauth2_edit.tpl");
-			$o .= replace_macros($tpl, array(
+
+			return replace_macros($tpl, array(
 				'$form_security_token' => get_form_security_token("oauth2"),
 				'$title'	=> t('Add OAuth2 application'),
 				'$submit'	=> t('Submit'),
@@ -119,7 +120,6 @@ class Oauth2 extends Controller {
 				'$grant'     => array('grant', t('Grant Types'), '', t('leave blank unless your application sepcifically requires this')),
 				'$scope'     => array('scope', t('Authorization scope'), '', t('leave blank unless your application sepcifically requires this')),
 			));
-			return $o;
 		}
 
 		if((argc() > 2) && (argv(1) === 'edit')) {
@@ -136,7 +136,7 @@ class Oauth2 extends Controller {
 			$app = $r[0];
 
 			$tpl = get_markup_template("oauth2_edit.tpl");
-			$o .= replace_macros($tpl, array(
+			return replace_macros($tpl, array(
 				'$form_security_token' => get_form_security_token("oauth2"),
 				'$title'	=> t('Add application'),
 				'$submit'	=> t('Update'),
@@ -147,7 +147,6 @@ class Oauth2 extends Controller {
 				'$grant'     => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application specifically requires this')),
 				'$scope'     => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application specifically requires this')),
 			));
-			return $o;
 		}
 
 		if((argc() > 2) && (argv(1) === 'delete')) {
@@ -184,7 +183,8 @@ class Oauth2 extends Controller {
 		);
 
 		$tpl = get_markup_template("oauth2.tpl");
-		$o .= replace_macros($tpl, array(
+
+		return replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("oauth2"),
 			'$baseurl'	=> z_root(),
 			'$title'	=> t('Connected OAuth2 Apps'),
@@ -196,8 +196,6 @@ class Oauth2 extends Controller {
 			'$remove'	=> t('Remove authorization'),
 			'$apps'		=> $r,
 		));
-		return $o;
-
 	}
 
 }

Zotlabs/Module/Owa.php

@@ -18,96 +18,95 @@ use Zotlabs\Web\Controller;
 
 class Owa extends Controller {
 
-	function init() {
+	public function init(): void
+   	{
 
 		$ret = [ 'success' => false ];
 
-		if (array_key_exists('REDIRECT_REMOTE_USER',$_SERVER) && (! array_key_exists('HTTP_AUTHORIZATION',$_SERVER))) {
-			$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER'];
+		if (!$this->validateAuthorizationHeader()) {
+			$this->error('Missing or invalid authorization header.');
 		}
 
-		if (array_key_exists('HTTP_AUTHORIZATION',$_SERVER) && substr(trim($_SERVER['HTTP_AUTHORIZATION']),0,9) === 'Signature') {
-			$sigblock = HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']);
-			if ($sigblock) {
-				$keyId = $sigblock['keyId'];
-				$parsed = parse_url($keyId);
-				if (str_starts_with($parsed['scheme'],'http')) {
-				    unset($parsed['fragment']);
-				    unset($parsed['query']);
-				    $keyId = unparse_url($parsed);
+		$sigblock = HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']);
+		if ($sigblock) {
+			$keyId = $sigblock['keyId'];
+			$parsed = parse_url($keyId);
+			if (str_starts_with($parsed['scheme'],'http')) {
+				unset($parsed['fragment']);
+				unset($parsed['query']);
+				$keyId = unparse_url($parsed);
+			}
+			else {
+				$keyId = str_replace('acct:', '', $keyId);
+			}
+			if ($keyId) {
+				$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
+					WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s')
+					  AND hubloc_deleted = 0 AND xchan_pubkey != ''
+					ORDER BY hubloc_id DESC",
+					dbesc($keyId),
+					dbesc($keyId),
+					dbesc($keyId)
+				);
+				if (! $r) {
+					$found = discover_by_webbie($keyId);
+					logger('found = ' . print_r($found, true));
+					if ($found) {
+						$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
+							WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s') AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC ",
+							dbesc($keyId),
+							dbesc($keyId),
+							dbesc($keyId)
+						);
+					}
 				}
-				else {
-				    $keyId = str_replace('acct:', '', $keyId);
-				}
-				if ($keyId) {
-					$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-						WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s')
-						  AND hubloc_deleted = 0 AND xchan_pubkey != ''
-						ORDER BY hubloc_id DESC",
-						dbesc($keyId),
-						dbesc($keyId),
-						dbesc($keyId)
-					);
-					if (! $r) {
-						$found = discover_by_webbie($keyId);
-						logger('found = ' . print_r($found, true));
-						if ($found) {
-							$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-								WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s') AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC ",
-								dbesc($keyId),
-								dbesc($keyId),
-								dbesc($keyId)
-							);
+
+				if ($r) {
+					foreach ($r as $hubloc) {
+						$verified = HTTPSig::verify(file_get_contents('php://input'), $hubloc['xchan_pubkey']);
+						if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) {
+							logger('OWA header: ' . print_r($verified,true),LOGGER_DATA);
+							logger('OWA success: ' . $hubloc['hubloc_id_url'],LOGGER_DATA);
+							$ret['success'] = true;
+							$token = random_string(32);
+							Verify::create('owt',0,$token,$hubloc['hubloc_id_url']);
+							$result = '';
+							openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
+							$ret['encrypted_token'] = base64url_encode($result);
+							break;
+						} else {
+							logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']);
 						}
 					}
 
-					if ($r) {
-						foreach ($r as $hubloc) {
-							$verified = HTTPSig::verify(file_get_contents('php://input'), $hubloc['xchan_pubkey']);
-							if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) {
-								logger('OWA header: ' . print_r($verified,true),LOGGER_DATA);
-								logger('OWA success: ' . $hubloc['hubloc_id_url'],LOGGER_DATA);
-								$ret['success'] = true;
-								$token = random_string(32);
-								Verify::create('owt',0,$token,$hubloc['hubloc_id_url']);
-								$result = '';
-								openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
-								$ret['encrypted_token'] = base64url_encode($result);
-								break;
-							} else {
-								logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']);
-							}
-						}
+					if (!$ret['success']) {
 
-						if (!$ret['success']) {
+						// Possible a reinstall?
+						// In this case we probably already have an old hubloc
+						// but not the new one yet.
 
-							// Possible a reinstall?
-							// In this case we probably already have an old hubloc
-							// but not the new one yet.
+						$found = discover_by_webbie($keyId);
 
-							$found = discover_by_webbie($keyId);
+						if ($found) {
+							$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
+								WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s') AND hubloc_deleted = 0 ORDER BY hubloc_id DESC LIMIT 1",
+								dbesc(str_replace('acct:', '', $keyId)),
+								dbesc($keyId)
+							);
 
-							if ($found) {
-								$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-									WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s') AND hubloc_deleted = 0 ORDER BY hubloc_id DESC LIMIT 1",
-									dbesc(str_replace('acct:', '', $keyId)),
-									dbesc($keyId)
-								);
-
-								if ($r) {
-									$verified = HTTPSig::verify(file_get_contents('php://input'), $r[0]['xchan_pubkey']);
-									if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) {
-										logger('OWA header: ' . print_r($verified,true), LOGGER_DATA);
-										logger('OWA success: ' . $r[0]['hubloc_id_url'], LOGGER_DATA);
-										$ret['success'] = true;
-										$token = random_string(32);
-										Verify::create('owt', 0, $token, $r[0]['hubloc_id_url']);
-										$result = '';
-										openssl_public_encrypt($token, $result, $r[0]['xchan_pubkey']);
-										$ret['encrypted_token'] = base64url_encode($result);
-									} else {
-										logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']);
-									}
+							if ($r) {
+								$verified = HTTPSig::verify(file_get_contents('php://input'), $r[0]['xchan_pubkey']);
+								if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) {
+									logger('OWA header: ' . print_r($verified,true), LOGGER_DATA);
+									logger('OWA success: ' . $r[0]['hubloc_id_url'], LOGGER_DATA);
+									$ret['success'] = true;
+									$token = random_string(32);
+									Verify::create('owt', 0, $token, $r[0]['hubloc_id_url']);
+									$result = '';
+									openssl_public_encrypt($token, $result, $r[0]['xchan_pubkey']);
+									$ret['encrypted_token'] = base64url_encode($result);
+								} else {
+									logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']);
 								}
 							}
 						}
@@ -118,4 +117,33 @@ class Owa extends Controller {
 
 		json_return_and_die($ret,'application/x-zot+json');
 	}
+
+	private function validateAuthorizationHeader(): bool
+	{
+		if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
+			$auth = trim($_SERVER['HTTP_AUTHORIZATION']);
+		} else if (!empty($_SERVER['REDIRECT_REMOTE_USER'])) {
+			$auth = trim($_SERVER['REDIRECT_REMOTE_USER']);
+		} else {
+			return false;
+		}
+
+		return strncmp($auth, 'Signature', 9) === 0;
+	}
+
+	/**
+	 * Terminates the request, and return a json error response.
+	 *
+	 * @Note This function does not return!
+	 *
+	 * @param string $msg	The error message for the response.
+	 */
+	private function error(string $msg): void {
+		$ret = [
+			'success' => false,
+			'message' => $msg
+		];
+
+		json_return_and_die($ret,'application/x-zot+json');
+	}
 }

Zotlabs/Module/Page.php

@@ -183,9 +183,7 @@ class Page extends \Zotlabs\Web\Controller {
 		if($r[0]['mimetype'] === 'application/x-pdl')
 			\App::$page['pdl_content'] = true;
 
-		$o .= prepare_page($r[0]);
-		return $o;
-
+		return prepare_page($r[0]);
 	}
 
 }

Zotlabs/Module/Pdledit.php

@@ -51,7 +51,7 @@ class Pdledit extends Controller {
 		if(argc() > 1)
 			$module = 'mod_' . argv(1) . '.pdl';
 		else {
-			$o .= '<div class="generic-content-wrapper-styled">';
+			$o = '<div class="generic-content-wrapper-styled">';
 			$o .= '<h1>' . t('Edit System Page Description') . '</h1>';
 
 			$edited = [];

Zotlabs/Module/Permcat.php

@@ -2,7 +2,7 @@
 
 namespace Zotlabs\Module;
 
-use \Zotlabs\Lib as Zlib;
+use Zotlabs\Lib as Zlib;
 
 class Permcat extends \Zotlabs\Web\Controller {
 
@@ -22,4 +22,4 @@ class Permcat extends \Zotlabs\Web\Controller {
 	}
 
 
-}
+}

Zotlabs/Module/Photos.php

@@ -1122,7 +1122,7 @@ class Photos extends \Zotlabs\Web\Controller {
 
 					if(is_array($like_list) && (count($like_list) > MAX_LIKERS)) {
 						$like_list_part = array_slice($like_list, 0, MAX_LIKERS);
-						array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
+						array_push($like_list_part, '<a href="#" data-bs-toggle="modal" data-bs-target="#likeModal-' . $link_item['id'] . '"><b>' . t('View all') . '</b></a>');
 					} else {
 						$like_list_part = '';
 					}
@@ -1134,7 +1134,7 @@ class Photos extends \Zotlabs\Web\Controller {
 						$dislike_button_label = tt('Dislike','Dislikes',$dislike_count,'noun');
 						if (is_array($dislike_list) && (count($dislike_list) > MAX_LIKERS)) {
 							$dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS);
-							array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
+							array_push($dislike_list_part, '<a href="#" data-bs-toggle="modal" data-bs-target="#dislikeModal-' . $link_item['id'] . '"><b>' . t('View all') . '</b></a>');
 						} else {
 							$dislike_list_part = '';
 						}

Zotlabs/Module/Profperm.php

@@ -55,6 +55,8 @@ class Profperm extends \Zotlabs\Web\Controller {
 		}
 
 
+		$o = '';
+
 		if((argc() > 1) && (intval(argv(1)))) {
 			$r = q("SELECT * FROM profile WHERE id = %d AND uid = %d AND is_default = 0 LIMIT 1",
 				intval(argv(1)),

Zotlabs/Module/Pubstream.php

@@ -202,11 +202,9 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				if($mid) {
 					$r = q("SELECT parent AS item_id FROM item
 						left join abook on item.author_xchan = abook.abook_xchan
-						left join xchan on item.author_xchan = xchan.xchan_hash
 						WHERE item.$identifier = '%s' and item.item_private = 0
 						$uids $site_firehose_sql
 						$item_normal
-						and xchan.xchan_censored = 0
 						and (abook.abook_blocked = 0 or abook.abook_flags is null)
 						$sql_extra $net_query2",
 						dbesc($mid)
@@ -216,11 +214,9 @@ class Pubstream extends \Zotlabs\Web\Controller {
 					// Fetch a page full of parent items for this page
 					$r = dbq("SELECT parent AS item_id FROM item
 						left join abook on ( item.author_xchan = abook.abook_xchan $abook_uids )
-						left join xchan on item.author_xchan = xchan.xchan_hash
 						WHERE item.item_private = 0 $thread_top
 						$uids $site_firehose_sql
 						$item_normal
-						and xchan.xchan_censored = 0
 						and (abook.abook_blocked = 0 or abook.abook_flags is null)
 						$sql_extra $net_query2
 						ORDER BY $ordering DESC $pager_sql "
@@ -231,10 +227,8 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				if($mid) {
 					$r = q("SELECT parent AS item_id FROM item
 						left join abook on item.author_xchan = abook.abook_xchan
-						left join xchan on item.author_xchan = xchan.xchan_hash
 						WHERE item.$identifier = '%s' and item.item_private = 0
 						$uids $site_firehose_sql $item_normal_update $simple_update
-						and xchan.xchan_censored = 0
 						and (abook.abook_blocked = 0 or abook.abook_flags is null)
 						$sql_extra $net_query2",
 						dbesc($mid)
@@ -243,11 +237,9 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				else {
 					$r = dbq("SELECT parent AS item_id FROM item
 						left join abook on item.author_xchan = abook.abook_xchan
-						left join xchan on item.author_xchan = xchan.xchan_hash
 						WHERE item.item_private = 0 $thread_top
 						$uids $site_firehose_sql $item_normal_update
 						$simple_update
-						and xchan.xchan_censored = 0
 						and (abook.abook_blocked = 0 or abook.abook_flags is null)
 						$sql_extra $net_query2"
 					);

Zotlabs/Module/React.php

@@ -91,6 +91,9 @@ class React extends Controller {
 		if ($x['success']) {
 			$nid = $x['item_id'];
 			Master::Summon(['Notifier', 'like', $nid]);
+			if (!empty($x['approval_id'])) {
+				Master::Summon(['Notifier', 'like', $x['approval_id']]);
+			}
 		}
 	}
 

Zotlabs/Module/Removeaccount.php

@@ -36,22 +36,22 @@ class Removeaccount extends \Zotlabs\Web\Controller {
 				return;
 			}
 		}
-	
+
 		$global_remove = 0; //intval($_POST['global']);
-	
-		account_remove($account_id, 1 - $global_remove);		
+
+		account_remove($account_id, 1 - $global_remove);
 	}
-		
+
 	function get() {
-	
+
 		if(! local_channel())
 			goaway(z_root());
-	
+
 		$hash = random_string();
-	
+
 		$_SESSION['remove_account_verify'] = $hash;
 		$tpl = get_markup_template('removeaccount.tpl');
-		$o .= replace_macros($tpl, array(
+		return replace_macros($tpl, array(
 			'$basedir' => z_root(),
 			'$hash' => $hash,
 			'$title' => t('Remove This Account'),
@@ -60,9 +60,5 @@ class Removeaccount extends \Zotlabs\Web\Controller {
 			// '$global' => array('global', t('Remove this account, all its channels and all its channel clones from the network'), false, t('By default only the instances of the channels located on this hub will be removed from the network')),
 			'$submit' => t('Remove Account')
 		));
-	
-		return $o;		
-	
 	}
-	
 }

Zotlabs/Module/Removeme.php

@@ -54,7 +54,7 @@ class Removeme extends \Zotlabs\Web\Controller {
 		$_SESSION['remove_account_verify'] = $hash;
 
 		$tpl = get_markup_template('removeme.tpl');
-		$o .= replace_macros($tpl, array(
+		return replace_macros($tpl, array(
 			'$basedir' => z_root(),
 			'$hash'    => $hash,
 			'$title'   => t('Remove Channel'),
@@ -63,9 +63,5 @@ class Removeme extends \Zotlabs\Web\Controller {
 			// '$global'  => [ 'global', t('Remove this channel and all its clones from the network'), false, t('By default only the instance of the channel located on this hub will be removed from the network'),  [ t('No'),t('Yes') ] ],
 			'$submit'  => t('Remove Channel')
 		));
-
-		return $o;
-
 	}
-
 }