hotfix release version 10.0.2

Merge branch 'dev'
version 10.0.1
2026-06-21 09:01:15 -04:00 · 2024-12-25 12:03:43 +00:00 · 2024-12-25 12:02:32 +00:00 · 2024-12-22 08:51:48 +00:00 · 2024-12-22 08:51:15 +00:00 · 2024-12-22 08:31:04 +00:00
6260 changed files with 348570 additions and 600527 deletions
--- a/.debianinstall/README.md
+++ b/.debianinstall/README.md
@@ -27,21 +27,23 @@ if you look for more choices. The main differences are:
 - graphical installer whiptail
 - The script stops (fails) if it finds results of a previous installation. (The [debian-setup.sh](https://framagit.org/ojrandom/core/-/tree/dev/.debianinstall) will just jump over it.)
 - If something fails the script tries to clean up everything that was installed up to the point of failure. (That might cause trouble if certbot registered a certificate already.)
- The script under [homeinstall](https://framagit.org/hubzilla/core/-/tree/master/.homeinstall) seems to be an older version of the scripts used for Streams, i.e. [autoinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/autoinstall) and [easyinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/easyinstall)
+- The script under [homeinstall](https://framagit.org/hubzilla/core/-/tree/master/.homeinstall) seems to be an older version of the scripts used for Streams
+  + [autoinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/autoinstall)
+  + [easyinstall](https://codeberg.org/streams/streams/src/branch/dev/contrib/easyinstall)

 ## Preconditions

 Hardware

 + internet connection and router at home
-+ computer connected to your router (a Raspberry 4 will do for very small Hubs)
+ computer connected to your router (a Raspberry 3 will do for very small Hubs)

 Software

-+ fresh installation of Debian 12 (bookworm) or Raspberry Pi OS
+ fresh installation of Debian 12 (bookworm)
 + router with open ports 80 and 443 for your web server

-You can of course run the script on a VPS or any distant server as long as the above software requirements are satisfied.
+You can of course run the script on a VPS or any distant server as long as the above sotfware requirements are satisfied.

 ## How to run the script

@@ -80,11 +82,6 @@ Switch the verification off

    util/config system verify_email 0

-Check if updates from the repository do work
-
-    util/udall
-
-
 ## What the script will do for you...

 + install everything required by your hubzilla instance, basically a web server (Apache), PHP, a database (MySQL), certbot,...
@@ -104,7 +101,7 @@ The script is known to work without adjustments with

 + Hardware
  - standard PC with Debian 12 (bookworm)
-  - Raspberry 5 with Raspberry Pi OS, Debian 12
+  - Raspberry 4 with Raspbian, Debian 12 (TODO: needs confirmation after swich to Debian12)
  - for tesing purposes: under localhost inside a virtual machine, [KVM](https://wiki.debian.org/KVM)
 + DynDNS
  - selfHOST.de
@@ -154,3 +151,8 @@ It is recommended to run the Raspi without graphical frontend (X-Server). Use...

 to boot the Rapsi to the client console.

+DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
+
+## Reminder for Different Web Wervers
+
+For those of you who feel adventurous enough to use a different web server (i.e. Lighttpd...), don't forget that this script will install Apache or Nginx and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly.
--- a/.debianinstall/config.txt.template
+++ b/.debianinstall/config.txt.template
@@ -93,8 +93,9 @@ freedns_key=
 # If left empty, both your database and user will be named after your zot instance (hubzilla, zap or misty)
 # Use custom name, at least fo the database, if you plan to run more than one hub/instance on the same server
 #
-db_name=hubzilla
-db_user=hubzilla
+zotserver_db_name=
+zotserver_db_user=
+zotserver_db_pass=$db_pass
 # 
 #
 # Password for package mysql-server
--- a/.debianinstall/debian-setup.sh
+++ b/.debianinstall/debian-setup.sh
@@ -150,7 +150,7 @@ function install_sendmail {
 function install_php {
    # openssl and mbstring are included in libapache2-mod-php
    print_info "installing php..."
-    nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip php-intl php-bcmath"
+    nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
    phpversion=$(php -v|grep --only-matching --perl-regexp "(PHP )\d+\.\\d+\.\\d+"|cut -c 5-7)
    sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/$phpversion/apache2/php.ini
    sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/$phpversion/apache2/php.ini
@@ -160,8 +160,8 @@ function install_composer {
    print_info "We check if Composer is already downloaded"
    if [ ! -f /usr/local/bin/composer ]
    then
-        EXPECTED_CHECKSUM="`wget -qO- https://composer.github.io/installer.sig`"
-        wget https://getcomposer.org/installer -O composer-setup.php
+        EXPECTED_CHECKSUM="$(php -r 'copy("https://composer.github.io/installer.sig", "php://stdout");')"
+        php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
        ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
        if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]
        then
@@ -171,7 +171,6 @@ function install_composer {
        fi
        php composer-setup.php --quiet
        RESULT=$?
-        composer --version
        rm composer-setup.php
        # exit $RESULT
        # We install Composer globally
@@ -182,7 +181,7 @@ function install_composer {
    fi
    cd $install_path
    export COMPOSER_ALLOW_SUPERUSER=1;
-    /usr/local/bin/composer install --no-dev --quiet
+    /usr/local/bin/composer install --no-dev
    /usr/local/bin/composer show
    export COMPOSER_ALLOW_SUPERUSER=0;
 }
@@ -257,18 +256,12 @@ function create_zotserver_db {
    then
        Q1="CREATE DATABASE IF NOT EXISTS $db_name;"
        Q2="GRANT USAGE ON *.* TO $db_user@localhost IDENTIFIED BY '$db_pass';"
-        Q3="GRANT ALL PRIVILEGES ON $db_name.* to $db_user@localhost identified by '$db_pass';"
+        Q3="GRANT ALL PRIVILEGES ON $name.* to $db_user@localhost identified by '$db_pass';"
        Q4="FLUSH PRIVILEGES;"
        SQL="${Q1}${Q2}${Q3}${Q4}"
        mysql -uroot -p$mysqlpass -e "$SQL"
    else
        echo "database $db_name does exist already"
-        Q1="CREATE DATABASE IF NOT EXISTS $db_name;"
-        Q2="GRANT USAGE ON *.* TO $db_user@localhost IDENTIFIED BY '$db_pass';"
-        Q3="GRANT ALL PRIVILEGES ON $db_name.* to $db_user@localhost identified by '$db_pass';"
-        Q4="FLUSH PRIVILEGES;"
-        SQL="${Q1}${Q2}${Q3}${Q4}"
-        mysql -uroot -p$mysqlpass -e "$SQL"
    fi
 }

@@ -308,19 +301,10 @@ function install_run_selfhost {
        # https://carol.selfhost.de/update?username=123456&password=supersafe
        #
        # the prefered way
-        if [ ! -f $selfhostdir/$selfhostscript ]
-        then
-            wget --output-document=$selfhostdir/$selfhostscript https://jonaspasche.de/selfhost-updater
-            if [ ! -s $selfhostdir/$selfhostscript ]
-            then
-                die "Failed to download selfHOST file for dynDNS"
-            fi
-            echo "router" > $selfhostdir/device
-            echo "$selfhost_user" > $selfhostdir/user
-            echo "$selfhost_pass" > $selfhostdir/pass
-            print_info "Wrote file to update dynamic IP. File: $selfhostdir/$selfhostscript"
-        fi
-        print_info "executing $selfhostdir/$selfhostscript update..."
+        wget --output-document=$selfhostdir/$selfhostscript http://jonaspasche.de/selfhost-updater
+        echo "router" > $selfhostdir/device
+        echo "$selfhost_user" > $selfhostdir/user
+        echo "$selfhost_pass" > $selfhostdir/pass
        bash $selfhostdir/$selfhostscript update
    fi
 }
@@ -396,7 +380,7 @@ function install_letsencrypt {
    then
        die "Failed to install let's encrypt: 'le_email' is empty in $configfile"
    fi
-    nocheck_install "certbot python3-certbot-apache"
+    nocheck_install "certbot python-certbot-apache"
    print_info "run certbot ..."
    certbot --apache -w $install_path -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
    service apache2 restart
@@ -451,7 +435,7 @@ function configure_cron_daily {
    echo "echo \" \"" >> /var/www/$cron_job
    echo "echo \"\$(date) - stopping apache and mysql...\"" >> /var/www/$cron_job
    echo "service apache2 stop" >> /var/www/$cron_job
-    echo "systemctl stop  mysql.service # to avoid inconsistencies" >> /var/www/$cron_job
+    echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$cron_job
    echo "#" >> /var/www/$cron_job
    echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$cron_job
    echo "certbot renew --noninteractive" >> /var/www/$cron_job
--- a/.gitignore
+++ b/.gitignore
@@ -48,10 +48,9 @@ doc/html/
 .zotshrc
 # external repositories for themes/addons
 extend/
-
-# exclude test results and cache
+# files generated by phpunit
 tests/.cache
-tests/.phpunit*
+tests/.phpunit.result.cache
 tests/results/

 ## exclude IDE files
@@ -68,6 +67,7 @@ nbproject/
 # PHPStorm
 .idea/

+
 ## composer
 # locally installed composer binary
 composer.phar
@@ -87,7 +87,6 @@ vendor/bin/php-parse
 vendor/bin/phpcbf
 vendor/bin/phpcs
 vendor/bin/phpmd
-vendor/bin/phpstan*
 vendor/bin/phpunit
 vendor/composer/pcre/
 vendor/composer/xdebug-handler/
@@ -99,11 +98,18 @@ vendor/pdepend/
 vendor/phar-io/
 vendor/php-mock/
 vendor/phpmd/
-vendor/phpstan
 vendor/phpunit/
 vendor/psr/container/
 vendor/sebastian/
 vendor/squizlabs/
+vendor/symfony/config/
+vendor/symfony/dependency-injection/
+vendor/symfony/deprecation-contracts/
+vendor/symfony/filesystem/
+vendor/symfony/polyfill-ctype/
+vendor/symfony/polyfill-mbstring/
+vendor/symfony/polyfill-php80/
+vendor/symfony/service-contracts/
 vendor/theseer/
 # /info is a directory containing site-specific HTML documents
 /info/
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,4 @@
 stages:
-  - pretest
  - test
  - deploy

@@ -26,6 +25,22 @@ variables:
  POSTGRES_USER: ci-user
  POSTGRES_PASSWORD: ci-pass

+
+before_script:
+  # Install & enable Xdebug for code coverage reports
+  - apt-get update
+  - apt-get install -yqq libicu-dev libjpeg-dev libpng-dev libpq-dev libyaml-dev libzip-dev mariadb-client postgresql-client unzip zip
+  - pecl install xdebug yaml
+  - docker-php-ext-enable xdebug yaml
+  - docker-php-ext-install gd bcmath intl pdo_mysql pdo_pgsql zip
+
+  # Install composer
+  - curl -sS https://getcomposer.org/installer | php
+  # Install dev libraries from composer
+  - php ./composer.phar install --no-progress
+  # php.ini settings
+  - echo 'xdebug.mode=coverage' >> /usr/local/etc/php/php.ini
+
 # hidden job definition with template for MySQL/MariaDB
 .job_template_mysql: &job_definition_mysql
  stage: test
@@ -37,13 +52,13 @@ variables:
    HZ_TEST_DB_DATABASE: $MYSQL_DATABASE
  script:
    # Import hubzilla's DB schema
-    - echo "USE $MYSQL_DATABASE; $(cat ./install/schema_mysql.sql)" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host="$DB_HOST" --skip-ssl "$MYSQL_DATABASE"
+    - echo "USE $MYSQL_DATABASE; $(cat ./install/schema_mysql.sql)" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host="$DB_HOST" "$MYSQL_DATABASE"
    # Show databases and relations/tables of hubzilla's database
-    - echo "SHOW DATABASES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host="$DB_HOST" --skip-ssl "$MYSQL_DATABASE"
-    - echo "USE $MYSQL_DATABASE; SHOW TABLES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host="$DB_HOST" --skip-ssl "$MYSQL_DATABASE"
+    - echo "SHOW DATABASES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host="$DB_HOST" "$MYSQL_DATABASE"
+    - echo "USE $MYSQL_DATABASE; SHOW TABLES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host="$DB_HOST" "$MYSQL_DATABASE"
    # Run the actual tests
    - touch dbfail.out
-    - vendor/bin/phpunit -d memory_limit=256M --configuration tests/phpunit.xml --no-progress --stop-on-error --coverage-text --colors=never --log-junit tests/results/junit.xml || exit_code=$?
+    - vendor/bin/phpunit --configuration tests/phpunit.xml --no-progress --stop-on-error --coverage-text --colors=never --log-junit tests/results/junit.xml || exit_code=$?
    - if [ $exit_code -ne 0 ]; then echo "Test barfed!"; cat dbfail.out; exit $exit_code; fi
  coverage: '/^\s*Lines:\s*\d+.\d+\%/'

@@ -68,7 +83,7 @@ variables:
    - psql -h "postgres" -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "\dt;"
    # Run the actual tests
    - touch dbfail.out
-    - vendor/bin/phpunit -d memory_limit=256M --configuration tests/phpunit.xml --no-progress --stop-on-error --coverage-text --colors=never --log-junit tests/results/junit.xml || exit_code=$?
+    - vendor/bin/phpunit --configuration tests/phpunit.xml --no-progress --stop-on-error --coverage-text --colors=never --log-junit tests/results/junit.xml || exit_code=$?
    - if [ $exit_code -ne 0 ]; then echo "Test barfed!"; cat dbfail.out; exit $exit_code; fi
  coverage: '/^\s*Lines:\s*\d+.\d+\%/'

@@ -84,55 +99,29 @@ variables:
    paths:
      - tests/results/

-default:
-  image: php:8.2
-  before_script:
-    # Install & enable Xdebug for code coverage reports
-    - apt-get update
-    - apt-get install -yqq libicu-dev libjpeg-dev libpng-dev libpq-dev libyaml-dev libgmp-dev libzip-dev mariadb-client postgresql-client libmagickcore-7.q16-dev libmagickwand-dev unzip zip
-    - pecl install imagick xdebug yaml
-    - docker-php-ext-enable imagick xdebug yaml
-    - docker-php-ext-configure gd --with-jpeg=/usr/include/
-    - docker-php-ext-install gd gmp intl pdo_mysql pdo_pgsql zip exif

-    # Install composer
-    - curl -sS https://getcomposer.org/installer | php
-    # Install dev libraries from composer
-    - php ./composer.phar install --no-progress
-    # php.ini settings
-    - echo 'xdebug.mode=coverage' >> /usr/local/etc/php/php.ini
-
-check_templates:
-  stage: pretest
-  script:
-    - touch .htconfig.php
-    - php util/precompile_smarty3.php
-
-phpstan:
-  stage: pretest
-  script:
-    - touch .htconfig.php
-    - vendor/bin/phpstan --memory-limit=512M
-
-# PHP8.2 with MySQL 8.0
-php8.2_mysql8.0.22:
+# PHP8.1 with MySQL 8.0
+php8.1_mysql8.0.22:
+  image: php:8.1
  services:
    - mysql:8.0
  <<: *job_definition_mysql
  <<: *artifacts_template

-# PHP8.2 with MariaDB 10.6
-php8.2_mariadb10.6:
+# PHP8.1 with MariaDB 10.6
+php8.1_mariadb10.6:
+  image: php:8.1
  services:
    - name: mariadb:10.6
      alias: mysql
  <<: *job_definition_mysql
  <<: *artifacts_template

-# PHP8.2 with PostgreSQL 14
-php8.2_postgres14:
+# PHP8.1 with PostgreSQL 12
+php8.1_postgres12:
+  image: php:8.1
  services:
-    - postgres:14-alpine
+    - postgres:12-alpine
  <<: *job_definition_postgres
  <<: *artifacts_template

--- a/483
+++ b/483
@@ -1,486 +1,3 @@
-Hubzilla 11.2.1 (2026-05-20)
-	- Fix channel creation failing in some situations
-	- Drop payloads with unsafe json-ld keys in LDSignatures::verify() and add tests
-	- Fix App::$profile set for removed channels
-	- Fix MessageFilter breaking when expecting string but array is given
-	- Superblock: fix blocking failed in some setups (sponsored by NLnet NGI0 Commons Fund/Superblock)
-	- Superblock: fix missing import of attribute (sponsored by NLnet NGI0 Commons Fund/Superblock)
-	- Superblock: improved detection of reshares (sponsored by NLnet NGI0 Commons Fund/Superblock)
-	- Cards: fix PHP warning
-	- Gallery: fix PHP warnings and only implement observer related javascript if there actually is an observer
-	- Diaspora: fix missing local namespace for thr_parent
-
-
-Hubzilla 11.2 (2026-03-26)
-	Features
-	- Introduce parse_webbie() for preparing webbies and URLs for webfinger usage
-	- Allow to override cUrl useragent
-	- New HQ system status widget for admins (sponsored by NLnet NGI0 Commons Fund/Performance Profiling)
-	- Refactor drop_query_params() to deal with array params and add test
-
-	Maintenance
-	- Remove private members from API docs
-	- Remove custom CA certs
-	- Add type annotations in Extend\Route
-	- Set method visibility in Extend\Route
-	- Add API docs and licence info to Extend\Route
-	- Add a short sleep interval to Activity::init_background_fetch() when adding new work items in a loop
-	- Add a short sleep interval to the convo daemon loop to spread the load for large collections
-	- Use PHP matching rules in util/run_xgettext
-	- Store translation templates as .pot instead of .po
-	- Deprecate NULL_DATE constant in favor of DBA::get_null_date()
-	- Composer require guzzlehttp/psr7
-	- Update composer libs
-	- Move HQ channel notifications widget HTML to template
-	- Deprecate tags and attachment in activities
-	- Update the nginx config example to meet the more modern approach
-
-	Bugfixes
-	- Fix route and widget register() not deduplicating entries
-	- Fix issue in route and widget unregister() where we unregistered even if only one of the two arguments did not match
-	- Fix issue in Storage/Directory where we returned a partial path instead of throwing exception if a directory of a path could not be found
-	- Fix possible endless loop in externals daemon
-	- Fix fatal error in italian translation file
-	- Fix mod network not displaying direct messages when filters active - issue #1973
-	- Fix ghost notifications with reshared items - issue #1970
-	- Fix issue with double typed objects in Lib/Activity
-	- Fix events displaying event timezone instead of adjusted to timezone
-	- Fix duplicated terms in activity object
-	- Fix last modified timestamp not updating in attach_store()
-
-	Addons
-	- Wopi: fix headers already set warning when serving the file to the client
-	- Superblock: complete rewrite with extended functionality and added tests for version 3.0 (sponsored by NLnet NGI0 Commons Fund/Superblock)
-	- Diaspora: use Diaspora/2 useragent when fetching hcards to prevent being redirected to some shady bot guard
-	- Add composer config and autoload files for addons
-	- Wopi: return early in construct_page hook and
-	- Wopi: fix wrong hook name in uninstall function
-
-
-Hubzilla 11.0 (2026-01-30)
-	Features
-	- Rewrite Lib/MessageFilter (ported from forte) and add more tests
-	- Rewrite editor encryption feature to implement libsodium and PBDKF2 for password hashing
-	- Change default feed behaviour to return only toplevels - issue #1953
-	- Add active themes list to siteinfo
-	- Show viewsource link for pubstream items
-	- Implement singleton object cache
-	- Restructure cross protocol message payload
-	- View source will now display the raw object instead of just the object body
-	- Implement OWA2
-
-	Maintenance
-	- Remove capability to update xchan entries via api
-	- Move mod search HTML to template
-	- Move channel activities HTML to template
-	- Update util/run_xgettext.sh to ignore not relevant directories
-	- Update composer libs
-	- Move mod bookmarks HTML to template
-	- Update italian translation
-	- Use finfo class to determine mime type in attach_store()
-	- Bump attach.filetype field length to match photo.mimetype
-	- Move share container HTML to template
-	- Update cloud directory template to provid necessary data for the WOPI addon
-	- Remove appearances of curl_close() - deprected and noop since PHP version 8.0
-	- Remove appearances of GD imagedestroy() - deprected and noop since PHP version 8.0
-	- Improve replies id detection
-	- Remove deprecated ofeed and ochannel modules
-	- Remove support for deprecated AS1 verbs and objects in the network stream filters
-	- Improve detection of allday events
-	- Improve handling of events with no endTime
-	- Provide the event hash and timezone in the event object
-	- Improve test isolation
-	- Add quoteUri field to activities
-	- Update API docs for hooks
-	- Improve share to quote conversion
-	- Rename (un)serialise() -> json_(un)serialize()
-	- CI: Replace use of create_identity in MagicTest
-	- CI: Add test db fixtures for hubloc table
-	- CI: Stub crypto calls from CreateIdentityTest (performance)
-	- CI: Add tests for Profiles module
-	- CI: Add tests for Zotfinger module
-	- Use json serialisation for iconfig
-	- CI: Add test db fixtures for channel table
-	- CI: Reload test fixtures from db
-	- CI: Set logged in channel for delete account test
-	- CI: Use root passwd to set up MySQL test db
-	- Improve dba_pdo::insert function
-	- Update install document
-	- Remove unused sprintf.js
-	- Move twitteroauth lib to addon_common
-	- Move slinky lib to addon_common
-	- Move openid lib to openid addon
-	- Move XRI lib to wppost addon
-	- Move diff lib to wiki addon
-	- Remove unused bootbox lib
-	- Remove unused images
-	- Move language specific folders into its own subfolder in /view
-	- Remove deprecated sjcl lib and references
-	- Deprecate outbound JSalmon signatures
-
-	Bugfixes
-	- Fix reply-to button not diplayed for anonymous visitors allthough permission is granted
-	- Fix wrong icon class in mod cloud
-	- Fix bulk deleting files
-	- Fix cloud root folder shows unknown error
-	- Fix edited timestamp in attach_store() in case of update
-	- Fix grammar in Lib/Enotify::submit()
-	- Fix content-type and length header in Module\TestCase
-	- Fix args in xchan_fetch() not escaped
-	- Fix notification for events linking to wrong message id - issue #1954
-	- Fix post_mail permission not working independend from the send_stream/post_comment permissions - issue #1951
-	- Fix item relayed again in case it comes back from a channel that sources our channel
-	- Fix activity signer not set
-	- Fix category link not update at clone - issue #1932
-	- Fix tag delivery attempted item type is not post - fix issue #1941
-	- Fix block/unblock account - issue #1947
-	- Fix warnings in profile_edit template
-	- Fix warnings for optional args in field templates
-	- Fix undefined vars in mod profiles
-	- Fix fullscreen button class
-	- Fix delivery report when syncing cloned channels
-
-	Addon
-	- New addon implementing basic WOPI protocol - integrates collabora with the Files app
-	- Redphotos: addon removed - was used for migration from redmatrix to hubzilla
-	- Redfiles: addon removed - was used for migration from redmatrix to hubzilla
-	- Nsfw: rewrite to implement new MessageFilter
-	- Wiki: fix long loading time due to oembed attempts
-	- Wiki: improved SQL query
-
-
-Hubzilla 10.6.1 (2025-11-21)
-	- Fix insufficient target attribution for forums
-	- Fix reshare regression in forum logic
-
-
-Hubzilla 10.6 (2025-11-04)
-	Features
-	- Improved background fetching of replies collection
-	- Refactor ASCache and implement ASCache::isCacheable()
-	- Implement ASCache in ASCollection to improve performance
-	- Add json support for help index widget and add a new template
-	- Implement hidden pconfig system.notifications_count_limit
-	- Implement hidden pconfig system.invert_notifications_order
-	- Implement mark seen button for unseen pubstream notifications
-	- Iplemented per forum unseen items notifications
-	- Intoduce Activity::pasteQuote() to paste the quote into the body at the right place if applicable and add test
-	- Implement ASCache in Activity::get_quote()
-	- Display webfinger address instead of channel URL in HQ widget notifications tab for consistency with other tabs
-	- Implement FEP-e232 object links
-
-	Maintenance
-	- Use a better supported json canonicalization library
-	- CI: up PHP images to version 8.2
-	- Enable gmp PHP extension in gitlab-ci
-	- Update composer libs which now require gmp PHP extension
-	- HTTPSig: return early if we got no key info
-	- Removed deprecated conv_list template
-	- Refactor PhotoGd::imageString() to reduce complexity
-	- Add ImageQuality class to hold quality values
-	- CI: introduce a quick test to check that smarty templates compile in the pretest stage
-	- CI: upgrade to postgres 13
-	- CI: add pretest step and run PHPStan
-	- Updated Spanish strings
-	- Remove redundant f arg in tagcloud widget
-	- Remove dead code in handle_tag()
-	- Enable unit tests for extensions
-	- Remove obsolete phpunit configurations
-	- Code cleanup
-
-	Bugfixes
-	- Fix encoding for webpage, layout and block title and body when editing - issue #1946
-	- Fix issues which prevented files and photos to be updated correctly after rename via DAV
-	- Fix contact edit modal logic hijacking URL fragment on pages other than /connections
-	- Fix deprecation notice in MessagesWidgetTest
-	- Fix whole URL punified in mod follow
-	- Fix whole URL punified in mod search
-	- Fix setup check for zip PHP extension
-	- Fix issue where remote channels could post to wall if they had write_storage permission - issue #1940
-	- Fix not all notification icons updated
-	- Fix notification icon not updated on medium screen size
-	- Fix image/gif not handled in PhotoGd::imageString()
-	- Fix issue where not all seen items where removed from the unseen notifications
-	- Fix item_by_item_id() not returning Announce items - issue #1936
-	- Fix archive widget not returning results if in single item mode - issue #1911
-	- Fix db query in verify_email_address()
-	- Fix search in mod channel only returning single post items - issue #1929
-	- Fix commented out register_account hook breaking notify admin addon
-
-	Addon
-	- Superblock: add tests
-	- Wiki: fix photo embed buton for markdown
-	- Pubcrawl: return early if we could not find an AS actor id and add some logging
-	- Cart: adapt logic to fetch tpl from theme folder first
-	- Cavatar: remove redundant arg from cavatar_init()
-
-
-Hubzilla 10.4.4 (2025-10-06)
-	- Fix issue when confirming pending registrations
-	- Fix TOS headings
-	- Fix TOS paths
-	- Add english TermsOfService.md
-	- CI: skip ssl check
-
-
-Hubzilla 10.4.3 (2025-08-15)
-	- Refactor module vote to prohibit double votes at the sender side
-	- Fix vote answers counted as comments
-	- Start transition of deprecated AS1 item.verb vocabulary to AS2 on demand in mod channel, articles and cards
-	- Fix regression in retrieving channel address in wtagblock() and whitespace fixes
-
-
-Hubzilla 10.4.2 (2025-08-08)
-	- Implement item_custom_display hook in mod HQ
-	- Refactor item fetching functions to reflect item_normal() changes
-	- Refactor item_normal() to optionally deal with various item types
-	- Fix missing reactions modal in threaded_conversation.tpl
-	- Improve memory consumption in drop_related() to fix deleting of big threads
-	- Fix PHP error with the potential to stuff up the queueworker
-	- Update the contact edit header so that both, image and text are linked to the profile
-	- Articles: refactor to reflect item_normal() changes
-	- Cards: refactor to reflect item_normal() changes
-
-
-Hubzilla 10.4.1 (2025-07-31)
-	- Fix regression in pubstream tag view
-	- Fix photos meta data not updated when renaming folder in files app
-	- Fix syntax error in custom emoji sample code
-	- Fix rendering issue when image load event triggered after timeout
-	- Fix comment preview not always displayed
-	- Fix new created comment rendering offscreen
-	- Update derived theme tutorial and add it to the help index
-	- Add 'extends' attribute to theme info
-	- Fix reply modal remaining hidden after reactions loaded
-	- Refactor tagcloud to use smarty template file
-	- Fix regression in tagadelic
-	- Fix possible performance issue with archive widget
-	- Fix various addons which still used the deprecated $a global
-
-
-Hubzilla 10.4 (2025-07-15)
-	- Add support for did:key verification method to checkEddsaSignature()
-	- Introduce util/init_sys_channel to create the sys channel if required
-	- Update norwegian translations
-	- Add init_sys_channel utility to create the sys channel in case of headless installation or failure
-	- Upgrade http-message-signer to version 2.3
-	- Upgrade phpseclib to version 3
-	- Minor cleanup to the account functions and added tests
-	- Do not sign (request-target) on response
-	- Start verifying incoming RFC9421 HTTP signatures
-	- Convert geo URIs into clickable links
-	- Allow geo URIs in url bbcode tags
-	- Cleanup obsolete and unused functions
-	- Remove unused Xref module
-	- Make sure we have the keys before attempting to sign with JcsEddsa2022
-	- Implement lazy loading of toplevel comments
-	- Update german help files
-	- Add App::$page_layouts attribute for comanche
-	- Refactor and fix numerous issues in guess_image_type()
-	- Add tests for Widget\Messages
-	- Refactor cache_embeds daemon to be called with uuid (instead of item id) so that it will only be processed once
-	- Add avif support for php-gd
-	- Exclude Add/Remove items from network nouveau query
-	- Always preload images and remove pre image preload setting
-	- Introduce per channel conversation mode setting
-	- Add API docs for the observer file
-	- Move observer helper functions to separate source
-	- Introduce helper functions to access the various fields of the xchan stored in App::$observer
-	- Refactor item_normal() to accept an owner uid
-	- Implement reply modal if comment replies are enabled
-	- Streamline wording conversation > comment > reply
-	- Streamline default ordering to created date
-	- Default to threaded conversation mode
-	- Implement lazy loading of reactions
-	- Do not store dismissed create activities in dreport
-	- Refactor mod item to deprecate x() and use $_POST instead of $_REQUEST superglobal
-	- Improved styling for dreport module
-	- Start deprecation of the function x()
-	- Minor cleanup and refactor for Web/Router
-	- Minor cleanup and refactor for Lib/Webserver
-	- Set App::$query_string from from server.request_uri instead of server.query_string because the latter will mostly be urldecoded by the server already
-	- Refactor language selector
-	- Extend message filter to support until=2025-04-18 20:49:00 for date/time based filtering and add tests
-	- Extend message filter to deal with && and || conditions and add tests
-	- Prevent storing files/folder with filenames exceeding their max name length
-	- Deal with attachment of type link
-	- Revert translation of network to stream
-	- Updated debian install script
-	- Add suport for strong bbcode tag
-	- Change photo.filename to type text for new installs
-	- Provide methods to get mid and uuid from activity object
-	- Minor update for boxy schema
-	- Update composer libs
-	- Reorganize emojis and allow custom site emojis
-	- Change item.obj and item.target to mediumtext for mysql new installs
-	- Move jot related functions to jot-header and some cleanup
-	- Port photo selector to vanilla javascript
-	- Enable photo selector for comments if OCAP access is enabled
-	- Add :hubzilla: emoji
-	- Add :zot: emoji
-	- Include unapproved connections in deliverable_abook_xchans()
-	- Port showHideComments() to vanilla javascript
-	- Disable browser rotating image based on EXIF metadata
-
-	Bugfixes
-	- Fix blog mode if threaded view is disabled
-	- Fix markdown issue with mentions
-	- Fix issue where item_wall was not set for article and card item types
-	- Fix first created account was not necessarily the admin account
-	- Fix notice not emited on failed login
-	- Fix intro notifications not handled via /notify/view and hence not marked seen
-	- Fix undefined static function in Zot6Handler
-	- Fix missing return in Render\Theme::current
-	- Fix announce source title (addr) not correct
-	- Fix offset calculation if element position is relative
-	- Fix autosave for comments
-	- Fix notfication issue with update activities
-	- Fix sess_data not updated to mediumtext in mysql schema file
-	- Fix title and summary converted to bbcode
-	- Fix preloading images if dom element is not yet in page
-	- Fix verb and hash for notifications
-	- Fix notification button for medium screen size (right aside collapsed)
-	- Fix new result set created for updated results (dreport)
-	- Fix regex to catch codeblocks with params like class in smilies()
-	- Fix term.imgurl not stored in item_store_update()
-	- Fix folder names are not URL escaped in Files app (issue #1903)
-	- Fix stephenhill/base58 PHP warnings
-	- Fix color bbcode markup
-	- Fix video poster display issue
-	- Fix relayed emoji reactions
-	- Fix some javascript errors on mobile devices
-	- Fix our own activities visible in unseen forum notifications
-	- Fix duplicated head_get_icon()
-
-	Addons
-	- Wiki: fix spacing in wikilist widget
-	- Gallery: look for templates in theme directory first
-	- Articles: look for templates in theme directory first
-	- Wiki: look for templates in theme directory first
-	- Pubcrawl: remove unused force note setting
-	- Flashcards: major refactor and added functionality
-	- Superblock: refactor and new siteblock option for admins
-	- Cart: fix issue related to HTTP3
-	- Pubcrawl: avoid DB lookup if not valid AS request in mod followers and mod following
-	- Photocache: implement prefetch via cache_embeds daemon and minor refactor
-	- Articles: fix Add/Remove activities not dismissed in channel activities query
-	- Cards: fix Add/Remove activities not dismissed in channel activities query
-	- Diaspora: make sure item_thread_top is set for reshares (info for filters)
-	- Gallery: fix missing folder field from query
-	- Pubcrawl: update mod ap_probe to show a visual representation if applicable
-
-
-Hubzilla 10.2.3 (2025-04-11)
-	- Fix bogus merge from 10.2.2 release
-
-
-Hubzilla 10.2.2 (2025-04-11)
-	- Cleanup deprecated forum queries, improved performance
-	- Fix zot6 handler returning success allthough Libzot::fetch() did not return anything useful
-	- Fix json encoding of a possibly empty item.target
-	- Fix permalink for forum posts and comments
-	- Fix an obscure delivering issue which could produce duplicate posts
-	- Lazy load profile photos for reactions to reduce server load
-	- Pubcrawl: deal with Update(Tombstone)
-	- Pubcrawl: fix mentions not mapped to "to" in public toplevel posts (regression)
-
-
-Hubzilla 10.2.1 (2025-03-18)
-	- Fix OWA in cases where Signature is in the REDIRECT_REMOTE_USER field
-	- Fix query in mod sse_bs
-
-
-Hubzilla 10.2 (2025-03-17)
-	- Allow to send signed requests from the zot_probe tool
-	- Print an error message if OWA fails
-	- Remove possible leading @ before processing webfinger address
-	- Updated debian install script
-	- Calculate observer.baseurl from xchan_url instead of xchan_connurl
-	- Refactor unparse_url() to allow return of a custom field set only and add tests
-	- Slightly improve event object rendering
-	- Update smarty library to version 5 for PHP 8.4 compatibility
-	- Remove vendor/symfony from gitignore file
-	- Update composer libraries
-	- Add contextHistory field to activities and prefer it over context when consuming
-	- Implement highlight button in jot editor
-	- Add test results and PHPStan to gitignore
-	- Update spanish strings
-	- Remove EpubMeta library in favor of a custom solution
-	- Configue gd for jpeg support in CI
-	- Add error message on missing owa auth headers
-	- Add Zotlabs\Tests namespace to autloader in dev
-	- Add dba_pdo::update method
-	- Add dba_pdo::insert method
-	- Rewrite redbasic javascript to remove jquery dependency
-	- Add  security policy SECURITY.md
-
-	Bugfixes
-	- Fix notifications for likes on our comments
-	- Fix fullscreen view
-	- Fix boxy scheme text alignment for comments
-	- Fix poll date string to match with the autotime string
-	- Fix owner hash not set correctly when editing a post/comment
-	- Fix an issue where some participants could not post to forums
-	- Fix navbar selector conflict with possible additional navbars when using a cover photo
-	- Fix target and tgt_type not set for sourced rss items if we rewrite them to our own
-	- Fix auto save draft not set correctly
-	- Fix cover height calculation
-
-	Addons
-	- Diaspora: revisit import_diaspora_account()
-	- Pubcrawl: escape quotation marks in ActivityStreams link header
-	- Wiki: fixed wiki_page_list.tpl to use bootstrap class for layout
-	- BBmath: fix orientation for inline math
-	- BBmath: document imagemagick permissions
-	- Pubcrawl: ensure we select the correct hubloc hash when extending recipients list
-	- Msg_footer: do not add footer on edit, also dismiss anything but a create activity
-	- Pubcrawl: refactor activitypub addressing
-	- Wiki: added space to preview panel
-	- Startpage: update help text and some cleanup
-
-
-Hubzilla 10.0.8 (2025-02-01)
-	- Fix duplicating terms/iconfig in addToCollectionAndSync()
-	- Refactor Daemon/Importdoc for better SQL performance when looking up outdated entries
-	- Tweak SQL in mod sse_bs for possible performance improvements
-	- Fix PHP warnings
-	- Do not run post_local hook on add activities in pubcrawl addon
-	- Do not run post_local hook on add activities in diaspora addon
-	- Remove old rawmsg/fields before storing new rawmsg in pubcrawl addon
-	- Fix retractions in diaspora addon
-
-
-Hubzilla 10.0.7 (2025-01-22)
-	- Fix ownership check in consume_feed()
-	- Fix toast() if notification contains non-ascii characters
-	- Fix regression in notifications filter
-
-
-Hubzilla 10.0.6 (2025-01-05)
-	- Fix entries where primary location data is not complete not dismissed early
-	- Fix query to cleanup outdated doc entries called multiple times
-	- Fix query to cleanup outdated doc entries
-
-
-Hubzilla 10.0.5 (2024-12-29)
-	- Fix another instance of drop_item() not having permission to drop items
-
-
-Hubzilla 10.0.4 (2024-12-26)
-	- Fix missing argument name
-
-
-Hubzilla 10.0.3 (2024-12-26)
-	- Fix regression in Daemon/Channel_purge which could cause a possible infinite loop
-	- Fix regression in Daemon/Expire which could cause a infinite loop
-
-
-Hubzilla 10.0.2 (2024-12-25)
-	- Hotfix comment out Daemon/Expire
-	- Fix zid parameter allowed to override an existing remote login
-	- Slightly improved imagesLoaded()
-
-
 Hubzilla 10.0.1 (2024-12-22)
 	- Revert removing of openid library
 	- Fix SQL query in Daemon/Importdoc
--- a/CHANGELOG.air
+++ b/CHANGELOG.air
@@ -0,0 +1,48 @@
+"air" is a branch name for revision of Account-Invite-Register at the Hubzilla project
+
+Invite:
+* Rewritten and now language template driven
+* Selectable templates for the invite mails
+* Invitor may add personal notes in the mailtext
+ Invite codes are bound to the recipients email address
+* Invite mod never more creates accounts
+* new db scheme for table register
+* existing register table will be migrated to the new schema even when detected at runtime
+* Bugfix: creating invite codes when admin only calls Invite w/o any further action
+* account library revision also together with invite mod
+* Depending on config: Users may send invitations also
+* Invitations expires, controlled by the invitor
+* Changed and new configs:
+* * invitation_only       As usual before
+* * invitation_also       Beside other registration policies, invitations may be used also
+* * invitation_max_per_day	defaults 50, may be changed in adminUI admin>site
+* * invitation_max_per_user defaults 4
+* Requirements:
+* * Addon language has to be installed
+
+Register:
+* Register panel (form) and js interaction changed
+* Unused registrations expire
+* Depending on config, anonymous registrations (w/o email) are supported
+* :... dont't panic, that may let grow security
+* Even anonymous users have to confirm their registration
+* Registrations may be enabled / disabled time driven for each day in the week (dudy)
+* Unsoliced registration floods may be blocked
+* Limited registrations from one single source ip
+* Using one additional log file, to easy interfare with f2b
+
+Account:
+* An user account always becomes created only if all depending conditions are satisfied
+* AdminUI for site configuration, accounts and registrations enhancements
+* Still untouched, but accountUI needs enhanced async control in case for mass delete
+  with deep level of recursion cascade of the dependencies (channels etc). An open TODO
+  since years for instances with many much users and channels.
+
+History:
+2020.03 Hubzilla Prod version 4.6 (master branch) of hubzilla/core was the base for AIR 
+        that was assigned Version 4.6.2 at sn/core
+2021.02 Hubzilla Prod version 5.2.1 (master branch) of hubzilla/core was new base for AIR
+        that was assigned version 5.2.2 at sn/core (air.5)
+        plus adjustment of hubzilla 5.2.2 (master) to sn/core (air.5) version 5.2.9
+
+
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,31 +0,0 @@
-# Hubzilla Security Policy
-
-The [Hubzilla] Project takes security, privacy and user control over personal data seriously. We ask that any security issues be disclosed to us in a responsible manner to allow us time to remediate the issues, and site administrators time to upgrade before information about the issue is made public.
-
-This document outlines security procedures and policies for the Hubzilla project. It covers the following components:
-
-* The Hubzilla core repository: https://framagit.org/hubzilla/core
-* The official addon repository: https://framagit.org/hubzilla/addons
-* The official themes repository: https://framagit.org/hubzilla/themes
-* The official widgets repository: https://framagit.org/hubzilla/widgets
-
-## Coordinated Disclosure Guidelines
-
-We are committed to working with security researchers to verify, reproduce, and respond to legitimate reported vulnerabilities. You can help us by following these simple guidelines:
-
-* Submit suspected vulnerabilities by email to `security@hubzilla.org`, or as a confidential issue in the relevant repository listed above.
-* Provide clear instructions on how to reproduce the issue, and if possible, a minimal Proof of Concept (PoC) exploit.
-* We will acknowledge your submission as soon as we can, and will keep you updated as it is being processed. We may ask for more information, or clarifications about the issue or the steps to reproduce it during this time.
-* We will assign a CVE to the issue once it is confirmed.
-* We will do our best to fix the issue as soon as we can after it has been confirmed. We request that information about the vulnerability or details about how to exploit it is not disclosed to other parties until after the fix is released and some time has passed, to allow site administrators to upgrade. We will normally make the CVE public one month after a fix has been released. (This grace period can differ based on severity, and can be negotiated.)
-* Please perform all tests against a local instance of the software, and refrain from running any Denial of Service or automated testing tools against public hubs or the project managers (and their partners') infrastructure.
-* If the issue belongs to a third party module that we depend on, we may help with reporting it upstream if the submitter wants us to.
-
-## Comments on this Policy
-
-We welcome comments and suggestions for improving this policy. You can reach us at:
-
-* Our ticketing system: https://framagit.org/hubzilla/core/-/issues
-* By sending us an email at `security@hubzilla.org`.
-
-[Hubzilla]: https://hubzilla.org
--- a/Zotlabs/Access/PermissionRoles.php
+++ b/Zotlabs/Access/PermissionRoles.php
@@ -38,6 +38,7 @@ class PermissionRoles {
 				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 				$ret['limits']['post_comments'] = PERMS_AUTHED;
+				$ret['limits']['post_mail'] = PERMS_AUTHED;
 				$ret['limits']['post_like'] = PERMS_AUTHED;
 				$ret['limits']['chat'] = PERMS_AUTHED;
 				break;
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -212,7 +212,6 @@ class Permissions {
 	 * @return array Associative array with
 	 *   * \e array \b perms Permission array
 	 *   * \e int \b automatic 0 or 1
-	 *   * \e srtring \b role
 	 */
 	static public function connect_perms($channel_id) {

@@ -231,6 +230,70 @@ class Permissions {
 			}
 		}

+		// look up the permission role to see if it specified auto-connect
+		// and if there was no permcat or a default permcat, set the perms
+		// from the role
+/*
+		$role = get_pconfig($channel_id, 'system', 'permissions_role');
+		if ($role) {
+			$xx = PermissionRoles::role_perms($role);
+			if ($xx['perms_auto'])
+				$automatic = 1;
+
+			if ((!$my_perms) && ($xx['perms_connect'])) {
+				$default_perms = $xx['perms_connect'];
+				$my_perms      = Permissions::FilledPerms($default_perms);
+			}
+		}
+*/
+
+		// If we reached this point without having any permission information,
+		// it is likely a custom permissions role. First see if there are any
+		// automatic permissions.
+/*
+		if (!$my_perms) {
+			$m = Permissions::FilledAutoperms($channel_id);
+			if ($m) {
+				$automatic = 1;
+				$my_perms  = $m;
+			}
+		}
+*/
+		// If we reached this point with no permissions, the channel is using
+		// custom perms but they are not automatic. They will be stored in abconfig with
+		// the channel's channel_hash (the 'self' connection).
+
+/*
+		if (!$my_perms) {
+			$r = q("select channel_hash from channel where channel_id = %d",
+				intval($channel_id)
+			);
+			if ($r) {
+				$x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'",
+					intval($channel_id),
+					dbesc($r[0]['channel_hash'])
+				);
+				if ($x) {
+					foreach ($x as $xv) {
+						$my_perms[$xv['k']] = intval($xv['v']);
+					}
+				}
+			}
+		}
+*/
 		return (['perms' => $my_perms, 'automatic' => $automatic, 'role' => $pc]);
 	}
+/*
+	static public function serialise($p) {
+		$n = [];
+		if ($p) {
+			foreach ($p as $k => $v) {
+				if (intval($v)) {
+					$n[] = $k;
+				}
+			}
+		}
+		return implode(',', $n);
+	}
+*/
 }
--- a/Zotlabs/Daemon/Cache_embeds.php
+++ b/Zotlabs/Daemon/Cache_embeds.php
@@ -6,28 +6,23 @@ class Cache_embeds {

 	static public function run($argc,$argv) {

-		if(!$argc == 2) {
+		if(! $argc == 2)
 			return;
-		}

-		$c = q("select uid, aid, body, item_private from item where uuid = '%s'",
-			dbesc($argv[1])
+		$c = q("select body from item where id = %d ",
+			dbesc(intval($argv[1]))
 		);

-		if(!$c) {
+		if(! $c)
 			return;
-		}

 		$item = $c[0];

 		// bbcode conversion by default processes embeds that aren't already cached.
 		// Ignore the returned html output.
-		bbcode($item['body']);

-		// photocache addon hook to prefetch one copy of public item images for the sys channel
-		call_hooks('cache_prefetch_hook', $item);
+		bbcode($item['body']);

 		return;
 	}
-
 }
--- a/Zotlabs/Daemon/Channel_purge.php
+++ b/Zotlabs/Daemon/Channel_purge.php
@@ -24,7 +24,7 @@ class Channel_purge {
 			);
 			if ($r) {
 				foreach ($r as $rv) {
-					drop_item($rv['id'], uid: $channel_id);
+					drop_item($rv['id']);
 				}
 			}
 		} while ($r);
--- a/Zotlabs/Daemon/Convo.php
+++ b/Zotlabs/Daemon/Convo.php
@@ -5,8 +5,6 @@ namespace Zotlabs\Daemon;
 use Zotlabs\Lib\Activity;
 use Zotlabs\Lib\ActivityStreams;
 use Zotlabs\Lib\ASCollection;
-use Zotlabs\Lib\ASCache;
-use Zotlabs\Lib\Config;

 class Convo {

@@ -14,77 +12,52 @@ class Convo {

 		logger('convo invoked: ' . print_r($argv, true));

-		if ($argc < 4) {
+		if ($argc != 4) {
 			return;
 		}

-		$channels = explode(',', $argv[1]);
-		if (!$channels) {
+		$id           = $argv[1];
+		$channel_id   = intval($argv[2]);
+		$contact_hash = $argv[3];
+
+		$channel = channelx_by_n($channel_id);
+		if (!$channel) {
 			return;
 		}

-		$observer_hash = $argv[2];
-		if (!$observer_hash) {
+		$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash
+			WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
+			intval($channel_id),
+			dbesc($contact_hash)
+		);
+
+		if (!$r) {
 			return;
 		}

-		$mid = $argv[3];
-		if (!$mid) {
+		$contact = array_shift($r);
+
+		$obj = new ASCollection($id, $channel);
+
+		$messages = $obj->get();
+
+		if (!$messages) {
 			return;
 		}

-		$force = $argv[4] ?? false;
-		$interval = Config::Get('queueworker', 'queue_interval', 500000);
-
-		foreach ($channels as $channel_id) {
-			$channel = channelx_by_n($channel_id);
-
-			$obj = new ASCollection($mid, $channel);
-
-			$messages = $obj->get();
-
-			if (!$messages) {
-				continue;
+		foreach ($messages as $message) {
+			if (is_string($message)) {
+				$message = Activity::fetch($message, $channel);
 			}

-			foreach ($messages as $message) {
-				$network_fetch = false;
-
-				if (is_string($message)) {
-					$cached = ASCache::Get($message);
-					if ($cached) {
-						// logger('convo_cached: ' . $message);
-						$data = $cached;
-					}
-					else {
-						// logger('convo_fetching: ' . $message);
-						$network_fetch = true;
-
-						$data = Activity::fetch($message, $channel);
-						if ($data) {
-							ASCache::Set($message, $data);
-						}
-					}
-
-				}
-				else {
-					$data = $message;
-				}
-
-				if (!$network_fetch) {
-					// Add some delay so that the DB will not be overwhelmed
-					// Fetched from network will already have a slight delay
-					usleep($interval);
-				}
-
-				$AS = new ActivityStreams($data);
-				if ($AS->is_valid() && is_array($AS->obj)) {
-					$item = Activity::decode_note($AS);
-					$item['item_fetched'] = true;
-					Activity::store($channel, $observer_hash, $AS, $item, false, $force);
-				}
+			// set client flag because comments will probably just be objects and not full blown activities
+			// and that lets us use implied_create
+			$AS = new ActivityStreams($message);
+			if ($AS->is_valid() && is_array($AS->obj)) {
+				$item = Activity::decode_note($AS);
+				$item['item_fetched'] = true;
+				Activity::store($channel, $contact['abook_xchan'], $AS, $item);
 			}
-
 		}

 		return;
--- a/Zotlabs/Daemon/Cron.php
+++ b/Zotlabs/Daemon/Cron.php
@@ -2,9 +2,7 @@

 namespace Zotlabs\Daemon;

-use DBA;
 use Zotlabs\Lib\Config;
-use Zotlabs\Lib\ObjCache;
 use Zotlabs\Lib\Libsync;
 use Zotlabs\Lib\Libzotdir;

@@ -94,7 +92,7 @@ class Cron {
 		// delete expired access tokens

 		$r = q("select atoken_id from atoken where atoken_expires > '%s' and atoken_expires < %s",
-			dbesc(DBA::$dba->get_null_date()),
+			dbesc(NULL_DATE),
 			db_utcnow()
 		);
 		if ($r) {
@@ -127,15 +125,14 @@ class Cron {
 		$r = q("SELECT DISTINCT xchan, content FROM photo WHERE photo_usage = %d AND expires < %s - INTERVAL %s",
 			intval(PHOTO_CACHE),
 			db_utcnow(),
-			db_quoteinterval(Config::Get('system', 'default_expire_days', 30) . ' DAY')
+			db_quoteinterval(Config::Get('system', 'cache_expire_days', 7) . ' DAY')
 		);
 		if ($r) {
 			q("DELETE FROM photo WHERE photo_usage = %d AND expires < %s - INTERVAL %s",
 				intval(PHOTO_CACHE),
 				db_utcnow(),
-				db_quoteinterval(Config::Get('system', 'default_expire_days', 30) . ' DAY')
+				db_quoteinterval(Config::Get('system', 'cache_expire_days', 7) . ' DAY')
 			);
-
 			foreach ($r as $rr) {
 				$file = dbunescbin($rr['content']);
 				if (is_file($file)) {
@@ -238,73 +235,6 @@ class Cron {
 		if (!$restart)
 			Master::Summon(array('Cronhooks'));

-
-		// move as obj cache to fs
-		if (!Config::Get('system', 'as_objects_moved')) {
-			$results = dbq("select iconfig.*, item.mid from iconfig left join item on iid = item.id where cat = 'activitypub' and k = 'rawmsg' limit 300");
-			if ($results) {
-				foreach ($results as $result) {
-					if (is_string($result['v'])) {
-						if (str_starts_with($result['v'], '{')) {
-							$result['v'] = json_decode($result['v'], true);
-						}
-
-						elseif (str_starts_with($result['v'], 'json:')) {
-							$result['v'] = json_unserialize($result['v']);
-						}
-
-						elseif (preg_match('|^a:[0-9]+:{.*}$|s', $result['v'])) {
-							$result['v'] = unserialize($result['v'], ['allowed_classes' => false]);
-						}
-					}
-
-					if (is_array($result['v'])) {
-						ObjCache::Set($result['mid'], $result['v']);
-					}
-
-					q("delete from iconfig where id = %d",
-						intval($result['id'])
-					);
-				}
-			}
-			else {
-				Config::Set('system', 'as_objects_moved', 1);
-			}
-		}
-
-		// move diaspora obj cache to fs
-		if (!Config::Get('system', 'diaspora_objects_moved')) {
-			$results = dbq("select iconfig.*, item.mid from iconfig left join item on iid = item.id where cat = 'diaspora' and k = 'fields' limit 300");
-			if ($results) {
-				foreach ($results as $result) {
-					if (is_string($result['v'])) {
-						if (str_starts_with($result['v'], '{')) {
-							$result['v'] = json_decode($result['v'], true);
-						}
-
-						elseif (str_starts_with($result['v'], 'json:')) {
-							$result['v'] = json_unserialize($result['v']);
-						}
-
-						elseif (preg_match('|^a:[0-9]+:{.*}$|s', $result['v'])) {
-							$result['v'] = unserialize($result['v'], ['allowed_classes' => false]);
-						}
-					}
-
-					if (is_array($result['v'])) {
-						ObjCache::Set($result['mid'], $result['v'], 'diaspora');
-					}
-
-					q("delete from iconfig where id = %d",
-						intval($result['id'])
-					);
-				}
-			}
-			else {
-				Config::Set('system', 'diaspora_objects_moved', 1);
-			}
-		}
-
 		Config::Set('system', 'lastcron', datetime_convert());

 		//All done - clear the lockfile
--- a/Zotlabs/Daemon/Cron_daily.php
+++ b/Zotlabs/Daemon/Cron_daily.php
@@ -95,7 +95,7 @@ class Cron_daily {
 		// expire any expired accounts
 		downgrade_accounts();

-		Master::Summon(array('Expire'));
+	//	Master::Summon(array('Expire'));
 		Master::Summon(array('Cli_suggest'));

 		remove_obsolete_hublocs();
--- a/Zotlabs/Daemon/Expire.php
+++ b/Zotlabs/Daemon/Expire.php
@@ -23,13 +23,13 @@ class Expire {

 		// perform final cleanup on previously delete items

-		$r = q("select id, uid from item where item_deleted = 1 and item_pending_remove = 0 and changed < %s - INTERVAL %s",
+		$r = q("select id from item where item_deleted = 1 and item_pending_remove = 0 and changed < %s - INTERVAL %s",
 			db_utcnow(),
 			db_quoteinterval('10 DAY')
 		);
 		if ($r) {
 			foreach ($r as $rr) {
-				drop_item($rr['id'], DROPITEM_PHASE2, uid: $rr['uid']);
+				drop_item($rr['id'], DROPITEM_PHASE2);
 			}
 		}

--- a/Zotlabs/Daemon/Externals.php
+++ b/Zotlabs/Daemon/Externals.php
@@ -74,8 +74,6 @@ class Externals {
 				}
 			}

-			$attempts++;
-
 			if (!$url) {
 				continue;
 			}
@@ -87,6 +85,7 @@ class Externals {
 				$blacklisted = true;
 			}

+			$attempts++;

 			// make sure we can eventually break out if somebody blacklists all known sites

--- a/Zotlabs/Daemon/Fetchparents.php
+++ b/Zotlabs/Daemon/Fetchparents.php
@@ -36,8 +36,6 @@ class Fetchparents {
 			Activity::fetch_and_store_parents($channel, $observer_hash, $mid, null, $force);
 		}

-		Activity::init_background_fetch($observer_hash);
-
 		return;

 	}
--- a/Zotlabs/Daemon/Importdoc.php
+++ b/Zotlabs/Daemon/Importdoc.php
@@ -11,21 +11,6 @@ class Importdoc {

 		self::update_docs_dir('doc/*');

-		$sys = get_sys_channel();
-
-		// remove old files that weren't updated (indicates they were most likely deleted).
-		$i = q("select id from item where uid = %d and item_type = 5 and edited < %s - INTERVAL %s",
-			intval($sys['channel_id']),
-			db_utcnow(),
-			db_quoteinterval('14 DAY')
-		);
-
-		if ($i) {
-			foreach ($i as $iv) {
-				drop_item($iv['id'], uid: $sys['channel_id']);
-			}
-		}
-
 		return;

 	}
@@ -56,6 +41,18 @@ class Importdoc {
 				}
 			}
 		}
+
+		// remove old files that weren't updated (indicates they were most likely deleted).
+		$i = q("select * from item where item_type = 5 and edited < %s - INTERVAL %s",
+			db_utcnow(),
+			db_quoteinterval('14 DAY', true)
+		);
+
+		if ($i) {
+			foreach ($i as $iv) {
+				drop_item($iv['id'], DROPITEM_NORMAL, true);
+			}
+		}
 	}
 }

--- a/Zotlabs/Daemon/Notifier.php
+++ b/Zotlabs/Daemon/Notifier.php
@@ -4,8 +4,6 @@ namespace Zotlabs\Daemon;

 use Zotlabs\Lib\Activity;
 use Zotlabs\Lib\Config;
-use Zotlabs\Lib\IConfig;
-use Zotlabs\Lib\ObjCache;
 use Zotlabs\Lib\Libzot;
 use Zotlabs\Lib\Queue;

@@ -266,6 +264,7 @@ class Notifier {
 			}

 			if (!item_forwardable($target_item)) {
+				//hz_syslog(print_r($target_item,true));
 				logger('notifier: target item not forwardable', LOGGER_DEBUG);
 				return;
 			}
@@ -318,24 +317,13 @@ class Notifier {
 				return;
 			}

-			$m = ObjCache::Get($target_item['mid']);
-
-			if (!$m) {
-				$m = IConfig::Get($target_item, 'activitypub', 'rawmsg');
-			}
-
+			$m = get_iconfig($target_item, 'activitypub', 'signed_data');
 			// Re-use existing signature unless the activity type changed to a Tombstone, which won't verify.
 			if ($m && (!intval($target_item['item_deleted']))) {
-				self::$encoded_item = $m;
+				self::$encoded_item = json_decode($m, true);
 			}
 			else {
-				$activity = Activity::encode_activity($target_item);
-
-				if (!$activity) {
-					return;
-				}
-
-				self::$encoded_item = Activity::build_packet($activity, self::$channel, false);
+				self::$encoded_item = Activity::build_packet(Activity::encode_activity($target_item), self::$channel, false);
 			}

 			logger('target_item: ' . print_r($target_item, true), LOGGER_DEBUG);
@@ -352,10 +340,6 @@ class Notifier {

 			$relay_to_owner = (!$top_level_post && intval($target_item['item_origin']) && comment_local_origin($target_item));

-			if (self::$channel['channel_hash'] === $target_item['owner_xchan']) {
-				$relay_to_owner = false;
-			}
-
 			// $cmd === 'relay' indicates the owner is sending it to the original recipients
 			// don't allow the item in the relay command to relay to owner under any circumstances, it will loop

--- a/Zotlabs/Daemon/Onedirsync.php
+++ b/Zotlabs/Daemon/Onedirsync.php
@@ -9,14 +9,10 @@ class Onedirsync {

 	static public function run($argc, $argv) {

-		if ($argc < 2 || is_int($argv[1]) === false) {
-			logger('onedirsync: no update id');
-			return;
-		}
-
 		logger('onedirsync: start ' . intval($argv[1]));

-		$update_id = intval($argv[1]);
+		if (($argc > 1) && (intval($argv[1])))
+			$update_id = intval($argv[1]);

 		if (!$update_id) {
 			logger('onedirsync: no update id');
--- a/Zotlabs/Daemon/Onepoll.php
+++ b/Zotlabs/Daemon/Onepoll.php
@@ -2,7 +2,6 @@

 namespace Zotlabs\Daemon;

-use DBA;
 use Zotlabs\Lib\Activity;
 use Zotlabs\Lib\ActivityStreams;
 use Zotlabs\Lib\ASCollection;
@@ -16,14 +15,10 @@ class Onepoll {

 	static public function run($argc, $argv) {

-		if ($argc < 2 || is_int($argv[1]) === false) {
-			logger('onepoll: no contact');
-			return;
-		}
-
 		logger('onepoll: start');

-		$contact_id = intval($argv[1]);
+		if (($argc > 1) && (intval($argv[1])))
+			$contact_id = intval($argv[1]);

 		if (!$contact_id) {
 			logger('onepoll: no contact');
@@ -39,7 +34,7 @@ class Onepoll {
 		$contacts = q("SELECT abook.*, xchan.* FROM abook
 			LEFT JOIN xchan ON xchan_hash = abook_xchan
 			WHERE abook_id = %d",
-			$contact_id
+			intval($contact_id)
 		);

 		if (!$contacts) {
@@ -58,7 +53,7 @@ class Onepoll {

 		logger("onepoll: poll: ($contact_id) IMPORTER: {$importer['xchan_name']}, CONTACT: {$contact['xchan_name']}");

-		$last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] <= DBA::$dba->get_null_date()))
+		$last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] <= NULL_DATE))
 			? datetime_convert('UTC', 'UTC', 'now - 7 days')
 			: datetime_convert('UTC', 'UTC', $contact['abook_updated'] . ' - 2 days')
 		);
--- a/Zotlabs/Daemon/Poller.php
+++ b/Zotlabs/Daemon/Poller.php
@@ -2,7 +2,6 @@

 namespace Zotlabs\Daemon;

-use DBA;
 use Zotlabs\Lib\Config;

 class Poller {
@@ -118,7 +117,7 @@ class Poller {

 					// if we've never connected with them, start the mark for death countdown from now

-					if ($c <= DBA::$dba->get_null_date()) {
+					if ($c <= NULL_DATE) {
 						q("update abook set abook_connected = '%s'  where abook_id = %d",
 							dbesc(datetime_convert()),
 							intval($contact['abook_id'])
@@ -174,7 +173,7 @@ class Poller {

 		if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
 			$r = q("SELECT * FROM updates WHERE ud_update = 1 AND (ud_last = '%s' OR ud_last > %s - INTERVAL %s)",
-				dbesc(DBA::$dba->get_null_date()),
+				dbesc(NULL_DATE),
 				db_utcnow(),
 				db_quoteinterval('7 DAY')
 			);
@@ -185,7 +184,7 @@ class Poller {
 					// If they didn't respond when we attempted before, back off to once a day
 					// After 7 days we won't bother anymore

-					if ($rr['ud_last'] > DBA::$dba->get_null_date())
+					if ($rr['ud_last'] > NULL_DATE)
 						if ($rr['ud_last'] > datetime_convert('UTC', 'UTC', 'now - 1 day'))
 							continue;

--- a/Zotlabs/Extend/Hook.php
+++ b/Zotlabs/Extend/Hook.php
@@ -1,57 +1,15 @@
 <?php
-/*
- * SPDX-FileCopyrightText: 2025 The Hubzilla Community
- * SPDX-FileContributor: redmatrix
- * SPDX-FileContributor: Klaus Weidenbach
- * SPDX-FileContributor: zotlabs
- * SPDX-FileContributor: Harald Eilertsen <haraldei@anduin.net>
- *
- * SPDX-License-Identifier: MIT
- */

 namespace Zotlabs\Extend;

 use App;

 /**
- * A class for hooking into Hubzilla.
+ * @brief Hook class.
 *
- * Hooks are functions that Hubzilla will invoke at certain points in the code
- * during execution. An addon can register a callback  handler that will be
- * called whenever the specified hook is invoked. A callback handler is a
- * function that takes a reference to an array containing the callback
- * arguments as it's only argument.
- *
- * @see call_hooks
- * @see load_hooks
 */
 class Hook {

-	/**
-	 * Register a callback handler for a hook.
-	 *
-	 * A callback handler is a function that takes a reference to an array
-	 * containing the callback arguments as it's only argument.
-	 *
-	 * The contents and meaning of the array depends on the hook invoked. By
-	 * modifying the contents of the array the hook can pass data back to the
-	 * caller.
-	 *
-	 * Once the `Hook::register` function has been called, the callback may be
-	 * invoked.
-	 *
-	 * @param string $hook		The name of the hook to register a handler for.
-	 * @param string $file		The source file of the callback handler.
-	 * @param string|array $function
-	 *                          The function name of the callback handler, as a
-	 *                          string or an array.
-	 * @param int $version		Hook interface version, allways 1.
-	 * @param int $priority		The priority of the callback handler, higher
-	 *                          numbers takes precedence.
-	 *
-	 * @return true if the handler was already registered, otherwise the result
-	 *		from inserting the hook in the database.
-	 */
 	static public function register($hook,$file,$function,$version = 1,$priority = 0) {
 		if(is_array($function)) {
 			$function = serialize($function);
@@ -87,14 +45,6 @@ class Hook {
 		return $r;
 	}

-	/**
-	 * Register an array of hook callback handlers.
-	 *
-	 * All of the handlers must be in the same source file.
-	 *
-	 * @param string $file	The source file of the callback handlers.
-	 * @param array $arr	An array of `hookname => functionname` pairs.
-	 */
 	static public function register_array($file,$arr) {
 		if($arr) {
 			foreach($arr as $k => $v) {
@@ -104,20 +54,6 @@ class Hook {
 	}


-	/**
-	 * Unregister a hook callback handler.
-	 *
-	 * @param string $hook		The name of the hook to register a callback handler for.
-	 * @param string $file		The source file of the hook callback handler.
-	 * @param string|array $function
-	 *                          The function name of the callback handler, as a
-	 *                          string or an array.
-	 * @param int $version		Hook interface version, allways 1.
-	 * @param int $priority		The priority of the callback handler, higher
-	 *                          numbers takes precedence.
-	 *
-	 * @return The result of the database delete operation.
-	 */
 	static public function unregister($hook,$file,$function,$version = 1,$priority = 0) {
 		if(is_array($function)) {
 			$function = serialize($function);
@@ -134,13 +70,11 @@ class Hook {
 	}

 	/**
-	 * Unregister all hooks handlers from a given source file.
+	 * @brief Unregister all hooks with this file component.
 	 *
 	 * Useful for addon upgrades where you want to clean out old interfaces.
 	 *
-	 * @param string $file		The source file where the hook handlers were defined.
-	 *
-	 * @return The result from the database delete operation.
+	 * @param string $file
 	 */
 	static public function unregister_by_file($file) {
 		$r = q("DELETE FROM hook WHERE file = '%s' ",
@@ -151,22 +85,31 @@ class Hook {
 	}

 	/**
-	 * Inserts a hook into a page request.
+	 * @brief Inserts a hook into a page request.
 	 *
-	 * Insert a short-lived hook into the running page request. Hooks are
-	 * normally persistent so that they can be called across asynchronous
-	 * processes such as delivery and poll processes.
+	 * Insert a short-lived hook into the running page request.
+	 * Hooks are normally persistent so that they can be called
+	 * across asynchronous processes such as delivery and poll
+	 * processes.
 	 *
-	 * This function lets you attach a hook callback immediately which will not
-	 * persist beyond the life of this page request or the current process.
+	 * insert_hook lets you attach a hook callback immediately
+	 * which will not persist beyond the life of this page request
+	 * or the current process.
 	 *
-	 * @param string $hook		Name of hook to attach callback.
-	 * @param string|array $fn	Name of callback handler as a string or array.
-	 * @param int $version		Hook interface version, allways 1.
-	 * @param int $priority		Currently not implemented in this function,
-	 *                          would require the hook array to be resorted.
+	 * @param string $hook
+	 *     name of hook to attach callback
+	 * @param string $fn
+	 *     function name of callback handler
+	 * @param int $version
+	 *     hook interface version, 0 uses two callback params, 1 uses one callback param
+	 * @param int $priority
+	 *     currently not implemented in this function, would require the hook array to be resorted
 	 */
 	static public function insert($hook, $fn, $version = 0, $priority = 0) {
+		if(is_array($fn)) {
+			$fn = serialize($fn);
+		}
+
 		if(! is_array(App::$hooks))
 			App::$hooks = array();

@@ -176,4 +119,4 @@ class Hook {
 		App::$hooks[$hook][] = array('', $fn, $priority, $version);
 	}

-}
+}
--- a/Zotlabs/Extend/Route.php
+++ b/Zotlabs/Extend/Route.php
@@ -1,106 +1,23 @@
 <?php
-/*
- * SPDX-FileCopyrightText: 2018 The Hubzilla Community
- * SPDX-FileContributor: Zotlabs
- * SPDX-FileContributor: Mario <mario@mariovavti.com>
- * SPDX-FileContributor: Harald Eilertsen <haraldei@anduin.net>
- *
- * SPDX-License-Identifier: MIT
- */

 namespace Zotlabs\Extend;

 use Zotlabs\Lib\Config;

-/**
- * Class for managing routes.
- *
- * Routes connect a URL path to a module that will handle requests to that
- * path.
- *
- * For example by registering a route like this:
- *
- * ```php
- * Route::register(
- *     __DIR__ . '/Mod_Myroute.php',
- *     'myroute'
- * );
- * ```
- *
- * Hubzilla will direct requests to the '/myroute' URL path to the 'Myroute'
- * controller located in the '/Mod_Myroute.php' file in the same directory as
- * the file this code was called from.
- *
- * Routes are stored persistently, so this function will typically be called from
- * the `<addon>_load()` function if called from an addon. Accordingly, the route must
- * be unregistered when no longer needed, like this:
- *
- * ```php
- * Route::unregister(
- *     __DIR__ . '/Mod_Myroute.php',
- *     'myroute'
- * );
- * ```
- *
- * This will typically be called from the `<addon>_unload()` function in an addon.
- */
 class Route {

-	/**
-	 * Register a new route.
-	 *
-	 * Example:
-	 * ```php
-	 * Route::register(
-	 *     __DIR__ . '/Mod_Myroute.php',
-	 *     'myroute'
-	 * );
-	 * ```
-	 *
-	 * The route is stored persistently, and must be unregistered when no longer needed.
-	 *
-	 * @param string $file      The file containing the controller for handling requests to this route.
-	 * @param string $modname   The name of the module (URL path).
-	 *
-	 * @see {@link Zotlabs::Extend::Route.unregister() unregister()}
-	 * @see {@link Zotlabs::Extend::Route.unregister_by_file() unregister_by_file()}
-	 */
-	public static function register(string $file, string $modname): void {
+	static function register($file,$modname) {
 		$rt = self::get();
-
-		foreach ($rt as $r) {
-			if ($r[0] === $file && $r[1] === $modname) {
-				return;
-			}
-		}
-
 		$rt[] = [ $file, $modname ];
 		self::set($rt);
 	}

-	/**
-	 * Unregister a route.
-	 *
-	 * Example:
-	 * ```php
-	 * Route::unregister(
-	 *     __DIR__ . '/Mod_Myroute.php',
-	 *     'myroute'
-	 * );
-	 * ```
-	 *
-	 * @param string $file      The file containing the controller for handling requests to this route.
-	 * @param string $modname   The name of the module (URL path).
-	 *
-	 * @see {@link Zotlabs::Extend::Route.register() register()}
-	 * @see {@link Zotlabs::Extend::Route.unregister_by_file() unregister_by_file()}
-	 */
-	public static function unregister(string $file, string $modname): void {
+	static function unregister($file,$modname) {
 		$rt = self::get();
 		if($rt) {
 			$n = [];
 			foreach($rt as $r) {
-				if(!($r[0] === $file && $r[1] === $modname)) {
+				if($r[0] !== $file && $r[1] !== $modname) {
 					$n[] = $r;
 				}
 			}
@@ -108,23 +25,7 @@ class Route {
 		}
 	}

-	/**
-	 * Unregister all routes by source file.
-	 *
-	 * Removes all persistently stored routes with hanclers in the
-	 * given source file.
-	 *
-	 * Example:
-	 * ```php
-	 * Route::unregister_by_file(__DIR__ . '/Mod_Myroute.php');
-	 * ```
-	 *
-	 * @param string $file      The file containing the controllers to remove.
-	 *
-	 * @see {@link Zotlabs::Extend::Route.register() register()}
-	 * @see {@link Zotlabs::Extend::Route.unregister() unregister()}
-	 */
-	public static function unregister_by_file(string $file): void {
+	static function unregister_by_file($file) {
 		$rt = self::get();
 		if($rt) {
 			$n = [];
@@ -137,18 +38,11 @@ class Route {
 		}
 	}

-	/**
-	 * Get an array of all defined routes.
-	 *
-	 * @return An array of routes, where each entry is an array
-	 *               containing two elements, the file, and the module
-	 *               name.
-	 */
-	public static function get(): array {
+	static function get() {
 		return Config::Get('system','routes',[]);
 	}

-	private static function set(array $r): mixed {
+	static function set($r) {
 		return Config::Set('system','routes',$r);
 	}
 }
--- a/Zotlabs/Extend/Widget.php
+++ b/Zotlabs/Extend/Widget.php
@@ -8,13 +8,6 @@ class Widget {

 	static function register($file,$widget) {
 		$rt = self::get();
-
-		foreach ($rt as $r) {
-			if ($r[0] === $file && $r[1] === $widget) {
-				return;
-			}
-		}
-
 		$rt[] = [ $file, $widget ];
 		self::set($rt);
 	}
@@ -24,7 +17,7 @@ class Widget {
 		if($rt) {
 			$n = [];
 			foreach($rt as $r) {
-				if(!($r[0] === $file && $r[1] === $widget)) {
+				if($r[0] !== $file && $r[1] !== $widget) {
 					$n[] = $r;
 				}
 			}
--- a/Zotlabs/Lib/ASCache.php
+++ b/Zotlabs/Lib/ASCache.php
@@ -7,63 +7,27 @@ namespace Zotlabs\Lib;
 	 */

 class ASCache {
-	public static function isEnabled()
-	{
+	public static function isEnabled() {
 		return Config::Get('system', 'as_object_cache_enabled', true);
 	}

-	public static function getAge(): string
-	{
+	public static function getAge() {
 		return Config::Get('system', 'as_object_cache_time', '10 MINUTE');
 	}

-	public static function Get(string $key): array
-	{
-		if (!self::isEnabled()) {
-			return [];
-		}
-
-		$ret = Cache::get($key, self::getAge());
-
-		if ($ret) {
-			return json_unserialize($ret);
-		}
-
-		return [];
-	}
-
-	public static function Set(string $key, array $obj): void
-	{
+	public static function Get($key) {
 		if (!self::isEnabled()) {
 			return;
 		}

-		if (!self::isCacheable($obj)) {
+		return Cache::get($key, self::getAge());
+	}
+
+	public static function Set($key, $value) {
+		if (!self::isEnabled()) {
 			return;
 		}

-		Cache::set($key, json_serialize($obj));
-	}
-
-	public static function isCacheable(array $obj): bool
-	{
-		$to = [];
-		$cc = [];
-
-		if (isset($obj['to'])) {
-			$to = is_array($obj['to']) ? $obj['to'] : [$obj['to']];
-		}
-
-		if (isset($obj['cc'])) {
-			$cc = is_array($obj['cc']) ? $obj['cc'] : [$obj['cc']];
-		}
-
-		$receivers = array_merge($to, $cc);
-
-		if ($receivers && !in_array(ACTIVITY_PUBLIC_INBOX, $receivers)) {
-			return false;
-		}
-
-		return true;
+		Cache::set($key, $value);
 	}
 }
--- a/Zotlabs/Lib/ASCollection.php
+++ b/Zotlabs/Lib/ASCollection.php
@@ -31,19 +31,7 @@ class ASCollection {
 		}

 		if (is_string($obj)) {
-			$cached = ASCache::Get($obj);
-			if ($cached) {
-				// logger('cached: ' . $obj);
-				$data = $cached;
-			}
-			else {
-				// logger('fetching: ' . $obj);
-				$data = Activity::fetch($obj, $channel);
-				if ($data) {
-					ASCache::Set($obj, $data);
-				}
-			}
-
+			$data            = Activity::fetch($obj, $channel);
 			$this->history[] = $obj;
 		}

@@ -95,8 +83,6 @@ class ASCollection {
 			return false;
 		}

-		$data = null;
-
 		if (is_array($this->nextpage)) {
 			$data = $this->nextpage;
 		}
@@ -106,20 +92,7 @@ class ASCollection {
 				// recursion detected
 				return false;
 			}
-
-			$cached = ASCache::Get($this->nextpage);
-			if ($cached) {
-				// logger('cached: ' . $this->nextpage);
-				$data = $cached;
-			}
-			else {
-				$data = Activity::fetch($this->nextpage, $this->channel);
-				if ($data) {
-					// logger('fetching: ' . $this->nextpage);
-					ASCache::Set($this->nextpage, $data);
-				}
-			}
-
+			$data            = Activity::fetch($this->nextpage, $this->channel);
 			$this->history[] = $this->nextpage;
 		}

--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
--- a/Zotlabs/Lib/ActivityStreams.php
+++ b/Zotlabs/Lib/ActivityStreams.php
@@ -97,7 +97,7 @@ class ActivityStreams {
 			}

 			// cache for future use
-			ASCache::Set($this->id, $this->data);
+			ASCache::Set($this->id, 'json:' . $this->raw);

 			$this->type   = $this->get_primary_type();
 			$this->actor  = $this->get_actor('actor', '', '');
@@ -413,13 +413,13 @@ class ActivityStreams {
 			$cached = ASCache::Get($x);
 			if ($cached) {
 				// logger('AS cached: ' . $x);
-				$y = $cached;
+				$y = unserialise($cached);
 			}
 			else {
 				// logger('AS fetching: ' . $x);
 				$y = $this->fetch_property($x);
 				if ($y) {
-					ASCache::Set($x, $y);
+					ASCache::Set($x, serialise($y));
 				}
 			}
 			if (is_array($y)) {
@@ -528,60 +528,49 @@ class ActivityStreams {
 	}

 	public function checkEddsaSignature() {
-		$publicKey = null;
 		$signer = $this->get_property_obj('verificationMethod', $this->sig);

-		if ($signer && str_starts_with($signer, 'did:key:')) {
-			$publicKey = str_replace('did:key:', '', $signer);
-			$this->signer = ['id' => $signer];
-			if (strpos($publicKey, '#') !== false) {
-				$publicKey = substr($publicKey,0, strpos($publicKey, '#'));
+		$parseUrl = parse_url($signer);
+
+		if (isset($parseUrl['fragment'])) {
+			if (str_starts_with($parseUrl['fragment'], 'z6Mk')) {
+				$publicKey = $parseUrl['fragment'];
+			}
+			unset($parseUrl['fragment']);
+		}
+
+		if (isset($parseUrl['query'])) {
+			unset($parseUrl['query']);
+		}
+
+		$url = unparse_url($parseUrl);
+
+		$hublocs = Activity::get_actor_hublocs($url);
+
+		$hasStoredKey = false;
+		if ($hublocs) {
+			foreach ($hublocs as $hubloc) {
+				if ($publicKey && $hubloc['xchan_epubkey'] === $publicKey) {
+					$hasStoredKey = true;
+					break;
+				}
 			}
 		}
-        else {
-			$parseUrl = parse_url($signer);

-			if (isset($parseUrl['fragment'])) {
-				if (str_starts_with($parseUrl['fragment'], 'z6Mk')) {
-					$publicKey = $parseUrl['fragment'];
+		if (!$hasStoredKey) {
+			$this->signer = Activity::get_actor($url);
+
+			if (isset($this->signer['assertionMethod'])) {
+				if (!isset($this->signer['assertionMethod'][0])) {
+					$this->signer['assertionMethod'] = [$this->signer['assertionMethod']];
 				}
-				unset($parseUrl['fragment']);
-			}

-			if (isset($parseUrl['query'])) {
-				unset($parseUrl['query']);
-			}
-
-			$url = unparse_url($parseUrl);
-			$this->signer = ['id' => $url];
-
-			$hublocs = Activity::get_actor_hublocs($url);
-
-			$hasStoredKey = false;
-			if ($hublocs) {
-				foreach ($hublocs as $hubloc) {
-					if ($publicKey && $hubloc['xchan_epubkey'] === $publicKey) {
-						$hasStoredKey = true;
-						break;
-					}
-				}
-			}
-
-			if (!$hasStoredKey) {
-				$this->signer = Activity::get_actor($url);
-
-				if (isset($this->signer['assertionMethod'])) {
-					if (!isset($this->signer['assertionMethod'][0])) {
-						$this->signer['assertionMethod'] = [$this->signer['assertionMethod']];
-					}
-
-					foreach($this->signer['assertionMethod'] as $am) {
-						if ($url === $am['controller'] &&
-							$am['type'] === 'Multikey' &&
-							str_starts_with($am['publicKeyMultibase'], 'z6Mk')
-						) {
-							$publicKey = $am['publicKeyMultibase'];
-						}
+				foreach($this->signer['assertionMethod'] as $am) {
+					if ($url === $am['controller'] &&
+						$am['type'] === 'Multikey' &&
+						str_starts_with($am['publicKeyMultibase'], 'z6Mk')
+					) {
+						$publicKey = $am['publicKeyMultibase'];
 					}
 				}
 			}
--- a/Zotlabs/Lib/Apps.php
+++ b/Zotlabs/Lib/Apps.php
@@ -341,7 +341,7 @@ class Apps {
 			'Suggest Channels' => t('Suggest Channels'),
 			'Login' => t('Login'),
 			'Channel Manager' => t('Channel Manager'),
-			'Network' => t('Network'),
+			'Network' => t('Stream'),
 			'Settings' => t('Settings'),
 			'Files' => t('Files'),
 			'Webpages' => t('Webpages'),
@@ -1028,7 +1028,12 @@ class Apps {
 		if(! $syslist)
 			return;

-		$position = array_find_key($syslist, fn ($v) => $v['guid'] === $guid);
+		foreach($syslist as $k => $li) {
+			if($li['guid'] === $guid) {
+				$position = $k;
+				break;
+			}
+		}
 		if(! $position)
 			return;

@@ -1077,7 +1082,12 @@ class Apps {
 		if(! $syslist)
 			return;

-		$position = array_find_key($syslist, fn ($v) => $v['guid'] === $guid);
+		foreach($syslist as $k => $li) {
+			if($li['guid'] === $guid) {
+				$position = $k;
+				break;
+			}
+		}
 		if($position >= count($syslist) - 1)
 			return;

--- a/Zotlabs/Lib/Config.php
+++ b/Zotlabs/Lib/Config.php
@@ -132,8 +132,8 @@ class Config {
 			$value = App::$config[$family][$key];

 			if (! is_array($value)) {
-				if (str_starts_with($value, 'json:')) {
-					return json_unserialize($value);
+				if (substr($value, 0, 5) == 'json:') {
+					return json_decode(substr($value, 5), true);
 				} else if (preg_match('|^a:[0-9]+:{.*}$|s', $value)) {
 					// Unserialize in inherently unsafe. Try to mitigate by not
 					// allowing unserializing objects. Only kept for backwards
--- a/Zotlabs/Lib/Connect.php
+++ b/Zotlabs/Lib/Connect.php
@@ -24,16 +24,10 @@ class Connect {

 		$uid = $channel['channel_id'];

-		// If we get just a channel name and it is not an URL turn it into a local webbie
-		if (!str_contains($url, '@') && strpos($url,'/') === false) {
+		if (strpos($url,'@') === false && strpos($url,'/') === false) {
 			$url = $url . '@' . App::get_hostname();
 		}

-		// Remove a possible leading @
-		if (str_starts_with($url, '@')) {
-			$url = ltrim($url, '@');
-		}
-
 		$result = [ 'success' => false, 'message' => '' ];

 		$my_perms = false;
--- a/Zotlabs/Lib/DReport.php
+++ b/Zotlabs/Lib/DReport.php
@@ -35,7 +35,7 @@ class DReport {
 	}

 	function addto_update($status) {
-		$this->status = $this->status . ', ' . $status;
+		$this->status = $this->status . ' ' . $status;
 	}


@@ -89,14 +89,8 @@ class DReport {
 		if(array_key_exists('reject',$dr) && intval($dr['reject']))
 			return false;

-		if (!$dr['sender']) {
+		if(! ($dr['sender']))
 			return false;
-		}
-
-		// do not store dismissed create activities
-		if ($dr['status'] === 'not a collection activity') {
-			return false;
-		}

 		// Is the sender one of our channels?

--- a/Zotlabs/Lib/DbStats.php
+++ b/Zotlabs/Lib/DbStats.php
@@ -1,43 +0,0 @@
-<?php
-/*
- * SPDX-FileCopyrightText: 2026 The Hubzilla Community
- * SPDX-FileContributor: Harald Eilertsen <haraldei@anduin.net>
- *
- * SPDX-License-Identifier: MIT
- */
-
-namespace Zotlabs\Lib;
-
-use DBA;
-
-/**
- * Abstract class to obtain statistics from the database.
- *
- * This class should not be instantiated on it's own, but you can get
- * a concrete class for the configured database type of this site by
- * calling the `DbStats::getStats()` function.
- */
-abstract class DbStats {
-
-	/**
-	 * Get an object for getting statistics from the database.
-	 *
-	 * @return DbStats	The concrete class for obtaining the statistics from
-	 *                  this instances database.
-	 */
-	public static function getStats(): DbStats {
-		return DBA::$dba->is_postgres()
-			? new PostgresDbStats()
-			: new MySQLDbStats();
-	}
-
-	/**
-	 * Return the number of queries recorded by the database.
-	 *
-	 * @return int Number of queries.
-	 */
-	public abstract function getQueries(): int;
-
-	// Prevent instantiation of this class
-	private function __construct() {}
-}
--- a/Zotlabs/Lib/Enotify.php
+++ b/Zotlabs/Lib/Enotify.php
@@ -95,8 +95,8 @@ class Enotify {
 			if (array_key_exists('verb', $params['item'])) {
 				// localize_item() alters the original item so make a copy first
 				$i = $params['item'];
-			//	logger('calling localize');
-			//	localize_item($i);
+				logger('calling localize');
+				localize_item($i);
 				$title = $i['title'];
 				$body = $i['body'];
 				$private = (($i['item_private']) || intval($i['item_obscured']));
@@ -131,9 +131,9 @@ class Enotify {
 		logger('notification: mail');
 		$subject = 	sprintf( t('[$Projectname:Notify] New direct message received at %s'), $sitename);

-		$preamble = sprintf( t('%1$s sent you a new private message at %2$s'), $sender['xchan_name'], $sitename);
+		$preamble = sprintf( t('%1$s sent you a new direct message at %2$s'), $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s sent you %2$s.'), '[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', '[zrl=$itemlink]' . t('a direct message') . '[/zrl]');
-		$sitelink = t('Please visit %s to view and/or reply to your private messages.');
+		$sitelink = t('Please visit %s to view and/or reply to your direct messages.');
 		$tsitelink = sprintf( $sitelink, $siteurl . '/hq/' . gen_link_id($params['item']['mid']));
 		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '/hq/' . gen_link_id($params['item']['mid']) . '">' . $sitename . '</a>');
 		$itemlink = $siteurl . '/hq/' . gen_link_id($params['item']['mid']);
@@ -146,7 +146,7 @@ class Enotify {

 		$itemlink = $params['link'];

-		$action = (($moderated) ? t('requested to post in') : t('posted in'));
+		$action = (($moderated) ? t('requested to comment on') : t('commented on'));

 		if(array_key_exists('item',$params)) {

@@ -164,8 +164,8 @@ class Enotify {
 				if(activity_match($params['verb'], ['Dislike', ACTIVITY_DISLIKE]))
 					$action = (($moderated) ? t('requested to dislike') : t('disliked'));

-				if(activity_match($params['verb'], [ACTIVITY_SHARE]))
-					$action = (($moderated) ? t('requested to repeat') : t('repeated'));
+				if(activity_match($params['verb'], ACTIVITY_SHARE))
+					$action = t('repeated');

 			}

@@ -213,36 +213,28 @@ class Enotify {
 		//$possess_desc = str_replace('<!item_type!>',$possess_desc);

 		// "a post"
-		$dest_str = sprintf(
-			t('%1$s %2$s [zrl=%3$s]a %4$s[/zrl]'),
+		$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]a %4$s[/zrl]'),
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$action,
 			$itemlink,
-			$item_post_type
-		);
+			$item_post_type);

 		// "George Bull's post"
-		if($p) {
-			$dest_str = sprintf(
-				t('%1$s %2$s [zrl=%3$s]%4$s\'s %5$s[/zrl]'),
+		if($p)
+			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]%4$s\'s %5$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$action,
 				$itemlink,
-				$parent_item['author']['xchan_name'],
-				$item_post_type
-			);
-		}
+				$p[0]['author']['xchan_name'],
+				$item_post_type);

 		// "your post"
-		if ($parent_item['owner']['xchan_hash'] === $recip['channel_hash'] && intval($parent_item['item_wall'])) {
-			$dest_str = sprintf(
-				t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
+		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
+			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$action,
 				$itemlink,
-				$item_post_type
-			);
-		}
+				$item_post_type);

 		// Some mail softwares relies on subject field for threading.
 		// So, we cannot have different subjects for notifications of the same thread.
@@ -271,7 +263,7 @@ class Enotify {

 		$itemlink =  $params['link'];

-		if (array_key_exists('item',$params) && (activity_match($params['item']['verb'], ['Like', 'Dislike', ACTIVITY_LIKE, ACTIVITY_DISLIKE, 'Announce']))) {
+		if (array_key_exists('item',$params) && (activity_match($params['item']['verb'], ['Like', 'Dislike', ACTIVITY_LIKE, ACTIVITY_DISLIKE]))) {
 			if(! $always_show_in_notices  || !($vnotify & VNOTIFY_LIKE) || !feature_enabled($recip['channel_id'], 'dislike')) {
 				logger('notification: not a visible activity. Ignoring.');
 				pop_lang();
@@ -316,6 +308,7 @@ class Enotify {
 		$item_post_type = item_post_type($p[0]);
 //		$private = $p[0]['item_private'];
 		$parent_id = $p[0]['id'];
+
 		$parent_item = $p[0];

 		//$verb = ((activity_match($params['item']['verb'], ACTIVITY_DISLIKE)) ? t('disliked') : t('liked'));
@@ -327,18 +320,14 @@ class Enotify {
 		if(activity_match($params['item']['verb'], ['Dislike', ACTIVITY_DISLIKE]))
 			$verb = (($moderated) ? t('requested to dislike') : t('disliked'));

-		if(activity_match($params['item']['verb'], [ACTIVITY_SHARE]))
-			$verb = (($moderated) ? t('requested to repeat') : t('repeated'));
-
 		// "your post"
-		if ($parent_item['author']['xchan_hash'] === $recip['channel_hash']) {
+		if($p[0]['owner']['xchan_name'] === $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
 			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$verb,
 				$itemlink,
 				$item_post_type
 			);
-		}
 		else {
 			pop_lang();
 			return;
@@ -431,7 +420,7 @@ class Enotify {

 	elseif (isset($params['type']) && $params['type'] === NOTIFY_INTRO) {
 		$subject = sprintf( t('[$Projectname:Notify] Introduction received'));
-		$preamble = sprintf( t('You\'ve received a new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename);
+		$preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a new connection request[/zrl] from %2$s.'),
 			$siteurl . '/connections/ifpending',
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]');
@@ -511,14 +500,9 @@ class Enotify {
 */


-	$hash = ((in_array($params['verb'], ['Create', 'Update', 'Invite'])) ? $params['item']['uuid']  : $params['item']['thr_parent_uuid']);
-
-	if (!$hash) {
-		$hash = new_uuid();
-	}

 	$datarray = [];
-	$datarray['hash'] = $hash;
+	$datarray['hash']   = $params['item']['uuid'] ?? new_uuid();
 	$datarray['sender_hash'] = $sender['xchan_hash'];
 	$datarray['xname']   = $sender['xchan_name'];
 	$datarray['url']    = $sender['xchan_url'];
@@ -577,9 +561,8 @@ class Enotify {
 		dbesc($datarray['otype'])
 	);

-	$r = q("select id from notify where hash = '%s' and link = '%s' and ntype = %d and uid = %d limit 1",
+	$r = q("select id from notify where hash = '%s' and ntype = %d and uid = %d limit 1",
 		dbesc($datarray['hash']),
-		dbesc($itemlink),
 		intval($datarray['ntype']),
 		intval($recip['channel_id'])
 	);
@@ -857,8 +840,8 @@ class Enotify {
 		}
 		else {
 			$itemem_text = (($item['item_thread_top'])
-				? (($item['obj_type'] === 'Question') ? t('started a poll') : t('started a conversation'))
-				: (($item['obj_type'] === 'Answer') ? sprintf( t('voted on %s\'s poll'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]') : sprintf( t('posted in %s\'s conversation'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]'))
+				? (($item['obj_type'] === 'Question') ? t('created a new poll') : t('created a new post'))
+				: (($item['obj_type'] === 'Answer') ? sprintf( t('voted on %s\'s poll'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]') : sprintf( t('commented on %s\'s post'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]'))
 			);

 			if(in_array($item['obj_type'], ['Document', 'Video', 'Audio', 'Image'])) {
@@ -870,7 +853,12 @@ class Enotify {

 		if($item['edited'] > $item['created']) {
 			$edit = true;
-			$itemem_text = sprintf( t('edited a message dated %s'), relative_date($item['created']));
+			if($item['item_thread_top']) {
+				$itemem_text = sprintf( t('edited a post dated %s'), relative_date($item['created']));
+			}
+			else {
+				$itemem_text = sprintf( t('edited a comment dated %s'), relative_date($item['created']));
+			}
 		}


@@ -890,7 +878,7 @@ class Enotify {
 			'when' => (($edit) ? datetime_convert('UTC', date_default_timezone_get(), $item['edited']) : datetime_convert('UTC', date_default_timezone_get(), $item['created'])),
 			'class' => (intval($item['item_unseen']) ? 'notify-unseen' : 'notify-seen'),
 		//	'b64mid' => (($item['mid']) ? gen_link_id($item['mid']) : ''),
-			'b64mid' => ((in_array($item['verb'] , ['Like', 'Dislike', 'Announce']) && !empty($item['thr_parent_uuid'])) ? $item['thr_parent_uuid'] : $item['uuid'] ?? ''),
+			'b64mid' => (($item['uuid']) ? $item['uuid'] : ''),
 			//'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? gen_link_id($item['thr_parent']) : gen_link_id($item['mid'])),
 			'thread_top' => (($item['item_thread_top']) ? true : false),
 			'message' => bbcode(escape_tags($itemem_text)),
@@ -910,13 +898,14 @@ class Enotify {
 	}

 	static public function format_notify($tt) {
+
 		$message = trim(strip_tags(bbcode($tt['msg'])));

 		if(strpos($message, $tt['xname']) === 0)
 			$message = substr($message, strlen($tt['xname']) + 1);

 		$x = [
-			'notify_link' => (($tt['ntype'] === NOTIFY_INTRO) ? z_root() . '/notify/view/' . $tt['id'] : $tt['link']),
+			'notify_link' => (($tt['ntype'] === NOTIFY_MAIL) ? $tt['link'] : z_root() . '/notify/view/' . $tt['id']),
 			'name' => $tt['xname'],
 			'url' => $tt['url'],
 			'photo' => $tt['photo'],
@@ -928,9 +917,11 @@ class Enotify {
 		];

 		return $x;
+
 	}

 	static public function format_intros($rr) {
+
 		return [
 			'notify_link' => z_root() . '/connections#' . $rr['abook_id'],
 			'name' => $rr['xchan_name'],
--- a/Zotlabs/Lib/IConfig.php
+++ b/Zotlabs/Lib/IConfig.php
@@ -13,7 +13,6 @@ class IConfig {
 	static public function Get(&$item, $family, $key, $default = false) {

 		$is_item = false;
-		$iid = null;

 		if(is_array($item)) {
 			$is_item = true;
@@ -28,26 +27,13 @@ class IConfig {
 		elseif(intval($item))
 			$iid = $item;

-		if (!$iid)
+		if(! $iid)
 			return $default;

-
 		if(is_array($item) && array_key_exists('iconfig',$item) && is_array($item['iconfig'])) {
 			foreach($item['iconfig'] as $c) {
-				if (isset($c['iid']) && $c['iid'] == $iid && isset($c['cat']) && $c['cat'] == $family && isset($c['k']) && $c['k'] == $key) {
-					if (is_string($c['v'])) {
-						if (str_starts_with($c['v'], 'json:')) {
-							$c['v'] = json_unserialize($c['v']);
-						} else if (preg_match('|^a:[0-9]+:{.*}$|s', $c['v'])) {
-							// Unserialize in inherently unsafe. Try to mitigate by not
-							// allowing unserializing objects. Only kept for backwards
-							// compatibility. JSON serialization should be prefered.
-							$c['v'] = unserialize($c['v'], ['allowed_classes' => false]);
-						}
-					}
-
+				if($c['iid'] == $iid && $c['cat'] == $family && $c['k'] == $key)
 					return $c['v'];
-				}
 			}
 		}

@@ -56,24 +42,12 @@ class IConfig {
 			dbesc($family),
 			dbesc($key)
 		);
-
 		if($r) {
-			if (str_starts_with($r[0]['v'], 'json:')) {
-				$r[0]['v'] = json_unserialize($r[0]['v']);
-			} else if (preg_match('|^a:[0-9]+:{.*}$|s', $r[0]['v'])) {
-				// Unserialize in inherently unsafe. Try to mitigate by not
-				// allowing unserializing objects. Only kept for backwards
-				// compatibility. JSON serialization should be prefered.
-				$r[0]['v'] = unserialize($r[0]['v'], ['allowed_classes' => false]);
-			}
-
-			if ($is_item) {
+			$r[0]['v'] = ((preg_match('|^a:[0-9]+:{.*}$|s',$r[0]['v'])) ? unserialize($r[0]['v']) : $r[0]['v']);
+			if($is_item)
 				$item['iconfig'][] = $r[0];
-			}
-
 			return $r[0]['v'];
 		}
-
 		return $default;

 	}
@@ -97,7 +71,7 @@ class IConfig {

 	static public function Set(&$item, $family, $key, $value, $sharing = false) {

-		$dbvalue = ((is_array($value))  ? json_serialize($value) : $value);
+		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);

 		$is_item = false;
@@ -123,11 +97,11 @@ class IConfig {
 			return $value;
 		}

-		if(intval($item)) {
+		if(intval($item))
 			$iid = intval($item);
-		} else {
+
+		if(! $iid)
 			return false;
-		}

 		if(self::Get($item, $family, $key) === false) {
 			$r = q("insert into iconfig( iid, cat, k, v, sharing ) values ( %d, '%s', '%s', '%s', %d ) ",
@@ -174,11 +148,11 @@ class IConfig {
 			return true;
 		}

-		if(intval($item)) {
+		if(intval($item))
 			$iid = intval($item);
-		} else {
+
+		if(! $iid)
 			return false;
-		}

 		return q("delete from iconfig where iid = %d and cat = '%s' and  k = '%s' ",
 			intval($iid),
--- a/Zotlabs/Lib/Img_filesize.php
+++ b/Zotlabs/Lib/Img_filesize.php
@@ -25,18 +25,18 @@ class Img_filesize {


 	static function getLocalFileSize($url) {
-
+	
 		$fname = basename($url);
 		$resolution = 0;
-
+	
 		if(strpos($fname,'.') !== false)
 			$fname = substr($fname,0,strpos($fname,'.'));
-
+	
 		if(substr($fname,-2,1) == '-') {
 			$resolution = intval(substr($fname,-1,1));
 			$fname = substr($fname,0,-2);
 		}
-
+			
 		$r = q("SELECT filesize FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
 			dbesc($fname),
 			intval($resolution)
@@ -116,6 +116,7 @@ function getRemoteFileSize($url)

    curl_exec($ch);
    curl_getinfo($ch);
+	curl_close($ch);

    return $size;
-}
+}
--- a/Zotlabs/Lib/JcsEddsa2022.php
+++ b/Zotlabs/Lib/JcsEddsa2022.php
@@ -2,33 +2,16 @@

 namespace Zotlabs\Lib;

-use Root23\JsonCanonicalizer\JsonCanonicalizer;
+use Mmccook\JsonCanonicalizator\JsonCanonicalizatorFactory;
 use StephenHill\Base58;

 class JcsEddsa2022 {

-	/**
-	 * Sign arbitrary data with the keys of the provided channel.
-	 *
-	 * @param $data				The data to be signed.
-	 * @param array $channel	A channel as an array of key/value pairs.
-	 *
-	 * @return An array with the following fields:
-	 *		- `type`: The type of signature, always `DataIntegrityProof`.
-	 *		- `cryptosuite`: The cryptographic algorithm used, always `eddsa-jcs-2022`.
-	 *		- `created`: The UTC date and timestamp when the signature was created.
-	 *		- `verificationMethod`: The channel URL and the public key separated by a `#`.
-	 *		- `proofPurpose`: The purpose of the signature, always `assertionMethod`.
-	 *		- `proofValue`: The signature itself.
-	 *
-	 * @throws JcsEddsa2022SignatureException if the channel is missing, or
-	 * don't have valid keys.
-	 */
-	public function sign($data, $channel): array {
-		if (!is_array($channel) || !isset($channel['channel_epubkey'], $channel['channel_eprvkey'])) {
-			throw new JcsEddsa2022SignException('Invalid or missing channel provided.');
-		}
+	public  function  __construct() {
+		return $this;
+	}

+	public function sign($data, $channel): array {
 		$base58 = new Base58();
 		$pubkey = (new Multibase())->publicKey($channel['channel_epubkey']);
 		$options = [
@@ -62,16 +45,14 @@ class JcsEddsa2022 {
 		try {
 			$result = sodium_crypto_sign_verify_detached($base58->decode($encodedSignature), $optionsHash . $dataHash,
 				(new Multibase())->decode($publicKey, true));
-
-			logger('SignatureVerify (eddsa-jcs-2022) ' . (($result) ? 'true' : 'false'));
-
-			return $result;
 		}
 		catch (\Exception $e) {
 			logger('verify exception:' .  $e->getMessage());
 		}

-		return false;
+		logger('SignatureVerify (eddsa-jcs-2022) ' . (($result) ? 'true' : 'false'));
+
+		return $result;
 	}

 	public function signableData($data) {
@@ -104,8 +85,8 @@ class JcsEddsa2022 {
 	}

 	public function canonicalize($data) {
-		$canonicalizer = new JsonCanonicalizer();
-		return $canonicalizer->canonicalize($data);
+		$canonicalization = JsonCanonicalizatorFactory::getInstance();
+		return $canonicalization->canonicalize($data);
 	}

 }
--- a/Zotlabs/Lib/JcsEddsa2022SignException.php
+++ b/Zotlabs/Lib/JcsEddsa2022SignException.php
@@ -1,15 +0,0 @@
-<?php
-/*
- * SPDX-FileCopyrightText: 2025 The Hubzilla Community
- * SPDX-FileContributor: Harald Eilertsen <haraldei@anduin.net>
- *
- * SPDX-License-Identifier: MIT
- */
-
-namespace Zotlabs\Lib;
-
-use Exception;
-
-class JcsEddsa2022SignException extends Exception
-{
-}
--- a/Zotlabs/Lib/Keyutils.php
+++ b/Zotlabs/Lib/Keyutils.php
@@ -2,8 +2,8 @@

 namespace Zotlabs\Lib;

-use phpseclib3\Crypt\PublicKeyLoader;
-use phpseclib3\Math\BigInteger;
+use phpseclib\Crypt\RSA;
+use phpseclib\Math\BigInteger;

 /**
 * Keyutils
@@ -16,42 +16,41 @@ class Keyutils {
 	 * @param string $e exponent
 	 * @return string
 	 */
-	public static function meToPem(string $m, string $e): string
-	{
-		$parsedKey = PublicKeyLoader::load([
+	public static function meToPem($m, $e) {
+
+		$rsa = new RSA();
+		$rsa->loadKey([
 			'e' => new BigInteger($e, 256),
 			'n' => new BigInteger($m, 256)
 		]);
-		if (method_exists($parsedKey, 'getPublicKey')) {
-			$parsedKey = $parsedKey->getPublicKey();
-		}
-		return $parsedKey->toString('PKCS8');
+		return $rsa->getPublicKey();
+
 	}

 	/**
 	 * @param string key
 	 * @return string
 	 */
-    public static function rsaToPem(string $key): string
-	{
-		$parsedKey = PublicKeyLoader::load($key);
-		if (method_exists($parsedKey, 'getPublicKey')) {
-			$parsedKey = $parsedKey->getPublicKey();
-		}
-		return $parsedKey->toString('PKCS8');
+	public static function rsaToPem($key) {
+
+		$rsa = new RSA();
+		$rsa->setPublicKey($key);
+
+		return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8);
+
 	}

 	/**
 	 * @param string key
 	 * @return string
 	 */
-	public static function pemToRsa(string $key): string
-	{
-		$parsedKey = PublicKeyLoader::load($key);
-		if (method_exists($parsedKey, 'getPublicKey')) {
-			$parsedKey = $parsedKey->getPublicKey();
-		}
-		return $parsedKey->toString('PKCS1');
+	public static function pemToRsa($key) {
+
+		$rsa = new RSA();
+		$rsa->setPublicKey($key);
+
+		return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS1);
+
 	}

 	/**
@@ -59,28 +58,23 @@ class Keyutils {
 	 * @param string $m reference modulo
 	 * @param string $e reference exponent
 	 */
-	public static function pemToMe(string $key): array
-	{
-		$parsedKey = PublicKeyLoader::load($key);
-		if (method_exists($parsedKey, 'getPublicKey')) {
-			$parsedKey = $parsedKey->getPublicKey();
-		}
-		$raw = $parsedKey->toString('Raw');
+	public static function pemToMe($key, &$m, &$e) {

-		$m = $raw['n'];
-		$e = $raw['e'];
+		$rsa = new RSA();
+		$rsa->loadKey($key);
+		$rsa->setPublicKey();
+
+		$m = $rsa->modulus->toBytes();
+		$e = $rsa->exponent->toBytes();

-		return [$m->toBytes(), $e->toBytes()];
 	}

 	/**
 	 * @param string $pubkey
 	 * @return string
 	 */
-	public static function salmonKey(string $pubkey): string
-	{
-		[$m, $e] = self::pemToMe($pubkey);
-		/** @noinspection PhpRedundantOptionalArgumentInspection */
+	public static function salmonKey($pubkey) {
+		self::pemToMe($pubkey, $m, $e);
 		return 'RSA' . '.' . base64url_encode($m, true) . '.' . base64url_encode($e, true);
 	}

@@ -88,13 +82,11 @@ class Keyutils {
 	 * @param string $key
 	 * @return string
 	 */
-	public static function convertSalmonKey(string $key): string
-	{
-		if (str_contains($key, ',')) {
+	public static function convertSalmonKey($key) {
+		if (strstr($key, ','))
 			$rawkey = substr($key, strpos($key, ',') + 1);
-		} else {
+		else
 			$rawkey = substr($key, 5);
-		}

 		$key_info = explode('.', $rawkey);

@@ -104,4 +96,4 @@ class Keyutils {
 		return self::meToPem($m, $e);
 	}

-}
+}
--- a/Zotlabs/Lib/LDSignatures.php
+++ b/Zotlabs/Lib/LDSignatures.php
@@ -8,10 +8,9 @@ class LDSignatures {


 	static function verify($data,$pubkey) {
-		$expand_and_check_unsafe = true;

-		$ohash = self::hash(self::signable_options($data['signature']), $expand_and_check_unsafe);
-		$dhash = self::hash(self::signable_data($data), $expand_and_check_unsafe);
+		$ohash = self::hash(self::signable_options($data['signature']));
+		$dhash = self::hash(self::signable_data($data));

 		$x = Crypto::verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey);
 		logger('LD-verify: ' . intval($x));
@@ -75,11 +74,11 @@ class LDSignatures {
 		return json_encode($newopts,JSON_UNESCAPED_SLASHES);
 	}

-	static function hash($obj, $expand_and_check_unsafe = false) {
-		return hash('sha256', self::normalise($obj, $expand_and_check_unsafe));
+	static function hash($obj) {
+		return hash('sha256', self::normalise($obj));
 	}

-	static function normalise($data, $expand_and_check_unsafe) {
+	static function normalise($data) {
 		$ret = '';

 		if(is_string($data)) {
@@ -91,15 +90,6 @@ class LDSignatures {

 		jsonld_set_document_loader('jsonld_document_loader');

-		if ($expand_and_check_unsafe) {
-			$expanded = jsonld_expand($data);
-
-			if (self::contains_unsafe_keys($expanded)) {
-				logger('contains_unsafe_keys: ' . print_r($data,true));
-				throw new \Exception('json-ld graph modification operation detected');
-			}
-		}
-
 		try {
 			$ret = jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]);
 		}
@@ -142,41 +132,6 @@ class LDSignatures {

 	}

-	static function contains_unsafe_keys(array|object $data, int $depth = 0): bool
-	{
-		if ($depth > 64) {
-			return true;
-		}

-		$unsafe_keys = ['@graph', '@included', '@reverse'];
-
-		if (is_object($data)) {
-			$data = (array) $data;
-		}
-
-		if (is_array($data)) {
-			foreach ($data as $key => $value) {
-				//
-				// We can't use `in_array` since the keys may contain more than
-				// just the keyword after expansion, typically "_:@included"
-				// for an unnamed node with the "@included" key.
-				//
-				// So we use `array_filter` with a callback instead:
-				$matches = array_filter($unsafe_keys, fn ($k) => strpos($key, $k) !== false);
-
-				if (!empty($matches)) {
-					return true;
-				}
-
-				if (is_array($value) || is_object($value)) {
-					if (self::contains_unsafe_keys($value, $depth + 1)) {
-						return true;
-					}
-				}
-			}
-		}
-
-		return false;
-	}

 }
--- a/Zotlabs/Lib/Libsync.php
+++ b/Zotlabs/Lib/Libsync.php
@@ -199,7 +199,8 @@ class Libsync {
 				dbesc($sender)
 			);

-			$mid = $arr['item'][0]['message_id'] ?? 'sync';
+			$mid = 'sync';
+

 			$DR = new DReport(z_root(), $sender, $d, $mid);

@@ -305,8 +306,15 @@ class Libsync {

 			if (array_key_exists('item', $arr) && $arr['item']) {
 				sync_items($channel, $arr['item'], ((array_key_exists('relocate', $arr)) ? $arr['relocate'] : null));
+				$mid = $arr['item'][0]['message_id'] . '#sync';
 			}

+			// deprecated, maintaining for a few months for upward compatibility
+			// this should sync webpages, but the logic is a bit subtle
+
+			//if (array_key_exists('item_id', $arr) && $arr['item_id'])
+			//	sync_items($channel, $arr['item_id']);
+
 			if (array_key_exists('menu', $arr) && $arr['menu'])
 				sync_menus($channel, $arr['menu']);

@@ -749,11 +757,12 @@ class Libsync {
 			 */
 			call_hooks('process_channel_sync_delivery', $addon);

-			$DR->update('channel sync processed');
+			$DR = new DReport(z_root(), $d, $d, $mid, 'channel sync processed');
+
+			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');

 			$result[] = $DR->get();
 		}
-
 		return $result;
 	}

--- a/Zotlabs/Lib/Libzot.php
+++ b/Zotlabs/Lib/Libzot.php
@@ -3,10 +3,10 @@
 namespace Zotlabs\Lib;

 use App;
-use DBA;
 use Zotlabs\Access\PermissionLimits;
 use Zotlabs\Access\Permissions;
 use Zotlabs\Daemon\Master;
+use Zotlabs\Lib\Config;
 use Zotlabs\Web\HTTPSig;

 require_once('include/crypto.php');
@@ -116,6 +116,10 @@ class Libzot {
 		}

 		if ($msg) {
+			$actors = get_hubloc_id_urls_by_x($channel['channel_hash']);
+			if ($encoding === 'activitystreams' && array_key_exists('actor', $msg) && is_string($msg['actor']) && in_array($msg['actor'], $actors)) {
+				$msg = JSalmon::sign($msg, $actors[0], $channel['channel_prvkey']);
+			}
 			$data['data'] = $msg;
 		}
 		else {
@@ -349,7 +353,7 @@ class Libzot {
 				$next_birthday = datetime_convert('UTC', 'UTC', $record['data']['profile']['next_birthday']);
 			}
 			else {
-				$next_birthday = DBA::$dba->get_null_date();
+				$next_birthday = NULL_DATE;
 			}

 			$profile_assign = get_pconfig($channel['channel_id'], 'system', 'profile_assign', '');
@@ -651,11 +655,6 @@ class Libzot {
 			return $ret;
 		}

-		if (empty($arr['primary_location']['address'])) {
-			logger('Empty primary location address: ' . print_r($arr, true), LOGGER_DEBUG);
-			return $ret;
-		}
-
 		/**
 		 * @hooks import_xchan
 		 *   Called when processing the result of zot_finger() to store the result
@@ -1165,6 +1164,10 @@ class Libzot {
 				$raw_activity = $AS->data;

 				$AS = new ActivityStreams($raw_activity['object'], portable_id: $env['sender']);
+
+				// Store the original activity id and type for later usage
+				$AS->meta['original_id'] = $original_id;
+				$AS->meta['original_type'] = $original_type;
 			}

 			if (is_array($AS->obj)) {
@@ -1298,17 +1301,8 @@ class Libzot {
 					$item['comment_policy'] = 'authenticated';
 				}

-				if (!ObjCache::Get($item['mid'])) {
-					ObjCache::Set($item['mid'], $AS->data);
-				}
-				else {
-					$existing = q("SELECT owner_xchan, author_xchan FROM item WHERE mid = '%s' LIMIT 1",
-						dbesc($item['mid'])
-					);
-
-					if ($existing && $existing[0]['owner_xchan'] === $item['owner_xchan'] && $existing[0]['author_xchan'] === $item['author_xchan']) {
-						ObjCache::Set($item['mid'], $AS->data);
-					}
+				if (isset($AS->meta['signed_data']) && $AS->meta['signed_data']) {
+					IConfig::Set($item, 'activitypub', 'signed_data', $AS->meta['signed_data'], false);
 				}

 				logger('Activity received: ' . print_r($item, true), LOGGER_DATA, LOG_DEBUG);
@@ -1547,7 +1541,6 @@ class Libzot {

 			$local_public = $public;
 			$item_result = null;
-			$parent = null;

 			$DR = new DReport(z_root(), $sender, $d, $arr['mid'], $arr['uuid']);

@@ -1563,7 +1556,7 @@ class Libzot {

 			$conversation_operation = $is_collection_operation && isset($arr['target']['attributedTo']);

-			if (isset($arr['tgt_type']) && str_contains($arr['tgt_type'], 'Collection') && !$relay && !$conversation_operation) {
+			if (str_contains($arr['tgt_type'], 'Collection') && !$relay && !$conversation_operation) {
 				$DR->update('not a collection activity');
 				$result[] = $DR->get();
 				continue;
@@ -1650,19 +1643,12 @@ class Libzot {
 			if (intval($channel['channel_system']) && (!$arr['item_private']) && (!$relay)) {
 				$local_public = true;

-				$incl = Config::Get('system','pubstream_incl', '');
-				$excl = Config::Get('system','pubstream_excl', '');
+				$incl = Config::Get('system','pubstream_incl');
+				$excl = Config::Get('system','pubstream_excl');

-				if ($incl || $excl) {
-					$plaintext = prepare_text($arr['body'], ((isset($arr['mimetype'])) ? $arr['mimetype'] : 'text/bbcode'));
-					$plaintext = html2plain((isset($arr['summary']) && $arr['summary']) ? $arr['summary'] . ' ' . $plaintext : $plaintext);
-					$plaintext = html2plain((isset($arr['title']) && $arr['title']) ? $arr['title'] . ' ' . $plaintext : $plaintext);
-
-					if (!(new MessageFilter($arr, html_entity_decode($incl), html_entity_decode($excl), ['plaintext' => $plaintext]))->evaluate()) {
-						logger('post is filtered');
-						$local_public = false;
-						continue;
-					}
+				if(($incl || $excl) && !MessageFilter::evaluate($arr, $incl, $excl)) {
+					$local_public = false;
+					continue;
 				}

 				$r = q("select xchan_selfcensored, xchan_censored from xchan where xchan_hash = '%s'",
@@ -1671,7 +1657,6 @@ class Libzot {

 				// don't import sys channel posts from selfcensored or censored authors
 				if ($r && ($r[0]['xchan_selfcensored'] || $r[0]['xchan_censored'])) {
-					logger('author is censored');
 					$local_public = false;
 					continue;
 				}
@@ -1842,7 +1827,9 @@ class Libzot {
 				}

 				if (intval($arr['item_private']) === 2) {
-					$allowed = perm_is_allowed($channel['channel_id'], $sender, 'post_mail');
+					if (!perm_is_allowed($channel['channel_id'], $sender, 'post_mail')) {
+						$allowed = false;
+					}
 				}

 				if (!$allowed) {
@@ -1861,12 +1848,19 @@ class Libzot {
 				dbesc($arr['author_xchan'])
 			);

+			// If we import an add/remove activity ($is_collection_operation) we strip off the
+			// add/remove part and only process the object.
+			// When looking up the item to pass it to the notifier for relay, we need to look up
+			// the original (stripped off) message id which we stored in $act->meta.
+
+			$sql_mid = (($is_collection_operation && $relay && $channel['channel_hash'] === $arr['owner_xchan']) ? $act->meta['original_id'] : $arr['mid']);
+
 			// Reactions such as like and dislike could	have an	mid with /activity/ in it.
 			// Check for both forms in order to prevent duplicates.

 			$r = q("select * from item where mid in ('%s', '%s') and uid = %d limit 1",
-				dbesc($arr['mid']),
-				dbesc(reverse_activity_mid($arr['mid'])),
+				dbesc($sql_mid),
+				dbesc(reverse_activity_mid($sql_mid)),
 				intval($channel['channel_id'])
 			);

@@ -1904,13 +1898,11 @@ class Libzot {
 				else {
 					$DR->update('update ignored');
 					$result[] = $DR->get();
+
 					// We need this line to ensure wall-to-wall comments and add/remove activities are relayed (by falling through to the relay bit),
 					// and at the same time not relay any other relayable posts more than once, because to do so is very wasteful.
-
-					// The second part should prevent possible items that come back to us from channels that source our channel from being relayed again (sender != owner or author).
-					if (!intval($r[0]['item_origin']) || (intval($r[0]['item_origin']) && !in_array($sender, [$r[0]['owner_xchan'], $r[0]['author_xchan']]))) {
+					if (!intval($r[0]['item_origin']))
 						continue;
-					}
 				}


@@ -2010,7 +2002,7 @@ class Libzot {
 				}

 				$DR->addto_update('relayed');
-				$result = [$DR->get()];
+				$result[] = $DR->get();
 			}
 		}

@@ -2161,9 +2153,10 @@ class Libzot {
 			}

 			if (isset($AS->meta['signed_data'])) {
+				IConfig::Set($arr, 'activitypub', 'signed_data', $AS->meta['signed_data'], false);
 				$j = json_decode($AS->meta['signed_data'], true);
 				if ($j) {
-					ObjCache::Set($arr['mid'], json_encode(JSalmon::unpack($j['data'])));
+					IConfig::Set($arr, 'activitypub', 'rawmsg', json_encode(JSalmon::unpack($j['data'])), true);
 				}
 			}

--- a/Zotlabs/Lib/Libzotdir.php
+++ b/Zotlabs/Lib/Libzotdir.php
@@ -2,7 +2,6 @@

 namespace Zotlabs\Lib;

-use DBA;
 use Zotlabs\Lib\Config;
 use Zotlabs\Lib\Libzot;
 use Zotlabs\Lib\Zotfinger;
@@ -217,7 +216,7 @@ class Libzotdir {
 				[
 					'site_url'       => DIRECTORY_FALLBACK_MASTER,
 					'site_flags'     => DIRECTORY_MODE_PRIMARY,
-					'site_update'    => DBA::$dba->get_null_date(),
+					'site_update'    => NULL_DATE,
 					'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch',
 					'site_realm'     => DIRECTORY_REALM,
 					'site_valid'     => 1,
@@ -248,7 +247,7 @@ class Libzotdir {

 			$token = Config::Get('system','realm_token');

-			$syncdate = (($rr['site_sync'] <= DBA::$dba->get_null_date()) ? datetime_convert('UTC','UTC','now - 2 days') : $rr['site_sync']);
+			$syncdate = (($rr['site_sync'] <= NULL_DATE) ? datetime_convert('UTC','UTC','now - 2 days') : $rr['site_sync']);
 			$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate) . (($token) ? '&t=' . $token : ''));

 			if (! $x['success'])
@@ -725,7 +724,7 @@ class Libzotdir {

 		if ($u) {
 			$x = q("UPDATE updates SET $date_sql $flag_sql ud_last = '%s', ud_host = '%s', ud_addr = '%s', ud_update = 0 WHERE ud_id = %d",
-				dbesc(DBA::$dba->get_null_date()),
+				dbesc(NULL_DATE),
 				dbesc(z_root()),
 				dbesc($addr),
 				intval($u[0]['ud_id'])
--- a/Zotlabs/Lib/MessageFilter.php
+++ b/Zotlabs/Lib/MessageFilter.php
@@ -4,417 +4,242 @@ namespace Zotlabs\Lib;

 require_once('include/html2plain.php');

-class MessageFilter
-{
-    protected $lastMatch = '';
-    protected $item = null;
-    protected $include = '';
-    protected $exclude = '';
-    protected $options = [];
-    protected $tags = null;
-    protected $language = '';
-    protected $text = '';
-    protected $excludeRules = [];
-    protected $includeRules = [];
+class MessageFilter {

-    public function __construct($item, $include = '', $exclude = '', $options = [])
-    {
-        $this->item = $item;
-        $this->include = $include;
-        $this->exclude = $exclude;
-        $this->options = $options;
-        $this->setup();
-    }
+	public static function evaluate($item, $incl, $excl) {

-    protected function setup()
-    {
-        // Option: plaintext
-        // Improve language detection by providing a plaintext version of $item['body'] which has no markup constructs/tags.
+		$text = prepare_text($item['body'],((isset($item['mimetype'])) ? $item['mimetype'] : 'text/bbcode'));
+		$text = html2plain(($item['title']) ? $item['title'] . ' ' . $text : $text);

-        if (array_key_exists('plaintext', $this->options)) {
-            $this->text = $this->options['plaintext'];
-        } else {
-            $this->text = $this->item['body'];
-        }
+		$lang = null;

-        $this->language = '';
+		if ((strpos($incl, 'lang=') !== false) || (strpos($excl, 'lang=') !== false) || (strpos($incl, 'lang!=') !== false) || (strpos($excl, 'lang!=') !== false)) {
+			$lang = detect_language($text);
+		}

-        // Language matching is a bit tricky, because the language can be ambiguous (detect_language() returns '').
-        // If the language is ambiguous, the message will pass (be accepted) regardless of language rules.
+		$tags = ((isset($item['term']) && is_array($item['term']) && count($item['term'])) ? $item['term'] : false);

-        if (str_contains($this->include, 'lang=')
-            || str_contains($this->exclude, 'lang=')
-            || str_contains($this->include, 'lang!=')
-            || str_contains($this->exclude, 'lang!=')) {
-            $this->language = detect_language($this->text);
-        }
+		// exclude always has priority

-        $this->tags = ((isset($this->item['term']) && is_array($this->item['term'])
-            && count($this->item['term'])) ? $this->item['term'] : null);
+		$exclude = (($excl) ? explode("\n", $excl) : null);

-        $this->excludeRules = $this->parse($this->exclude);
-        $this->includeRules = $this->parse($this->include);
+		if ($exclude) {
+			foreach ($exclude as $word) {
+				$word = html_entity_decode(trim($word));
+				if (! $word) {
+					continue;
+				}
+				if (isset($lang) && ((strpos($word, 'lang=') === 0) || (strpos($word, 'lang!=') === 0))) {
+					if (!strlen($lang)) {
+						// Result is ambiguous. As we are matching deny rules only at this time, continue tests.
+						// Any matching deny rule concludes testing.
+						continue;
+					}
+					if (strpos($word, 'lang=') === 0 && strcasecmp($lang, trim(substr($word, 5))) == 0) {
+						return false;
+					} elseif (strpos($word, 'lang!=') === 0 && strcasecmp($lang, trim(substr($word, 6))) != 0) {
+						return false;
+					}
+				}
+                elseif (substr($word, 0, 1) === '#' && $tags) {
+					foreach ($tags as $t) {
+						if ((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word, 1)) || (substr($word, 1) === '*'))) {
+							return false;
+						}
+					}
+				} elseif (substr($word, 0, 1) === '$' && $tags) {
+					foreach ($tags as $t) {
+						if (($t['ttype'] == TERM_CATEGORY) && (($t['term'] === substr($word, 1)) || (substr($word, 1) === '*'))) {
+							return false;
+						}
+					}
+				} elseif (substr($word, 0, 2) === '?+') {
+					if (self::test_condition(substr($word, 2), $item['obj'])) {
+						return false;
+					}
+				} elseif (substr($word, 0, 1) === '?') {
+					if (self::test_condition(substr($word, 1), $item)) {
+						return false;
+					}
+				} elseif ((strpos($word, '/') === 0) && preg_match($word, $text)) {
+					return false;
+				} elseif (stristr($text, $word) !== false) {
+					return false;
+				}
+			}
+		}

-    }
+		$include = (($incl) ? explode("\n", $incl) : null);

-    protected function parse($string): array
-    {
-        $rules = [];
-        if (! strlen($string)) {
-            return $rules;
-        }
+		if ($include) {
+			foreach ($include as $word) {
+				$word = html_entity_decode(trim($word));
+				if (! $word) {
+					continue;
+				}
+				if (isset($lang) && ((strpos($word, 'lang=') === 0) || (strpos($word, 'lang!=') === 0))) {
+					if (!strlen($lang))  {
+						// Result is ambiguous. However we are checking allow rules
+						// and an ambiguous language is always permitted.
+						return true;
+					}
+					if (strpos($word, 'lang=') === 0 && strcasecmp($lang, trim(substr($word, 5))) == 0) {
+						return true;
+					} elseif (strpos($word, 'lang!=') === 0 && strcasecmp($lang, trim(substr($word, 6))) != 0) {
+						return true;
+					}
+				}
+                elseif (substr($word, 0, 1) === '#' && $tags) {
+					foreach ($tags as $t) {
+						if ((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word, 1)) || (substr($word, 1) === '*'))) {
+							return true;
+						}
+					}
+				} elseif (substr($word, 0, 1) === '$' && $tags) {
+					foreach ($tags as $t) {
+						if (($t['ttype'] == TERM_CATEGORY) && (($t['term'] === substr($word, 1)) || (substr($word, 1) === '*'))) {
+							return true;
+						}
+					}
+				} elseif (substr($word, 0, 2) === '?+') {
+					if (self::test_condition(substr($word, 2), $item['obj'])) {
+						return true;
+					}
+				} elseif (substr($word, 0, 1) === '?') {
+					if (self::test_condition(substr($word, 1), $item)) {
+						return true;
+					}
+				} elseif ((strpos($word, '/') === 0) && preg_match($word, $text)) {
+					return true;
+				} elseif (stristr($text, $word) !== false) {
+					return true;
+				}
+			}
+		} else {
+			return true;
+		}

-        $phrases = preg_split("/(\s\|\|\s|\s&&\s|\n)/", $string, flags: PREG_SPLIT_DELIM_CAPTURE);
-
-        if (!$phrases) {
-            return $rules;
-        }
-        for ($index = 0; $index < count($phrases); $index ++) {
-            // Even indices are rules and odd indices are operations, linefeed is an implict OR.
-            if (!($index & 1)) {
-                $currentRule = ['operation' => '', 'rule' => $phrases[$index]];
-                if ($index && isset($phrases[$index - 1])) {
-                    $currentRule['operation'] = $phrases[$index - 1];
-                    if ($currentRule['operation'] === "\n") {
-                        $currentRule['operation'] = ' || ';
-                    }
-                    $index++;
-                }
-                $rules[] = $currentRule;
-            }
-        }
-        return $rules;
-    }
+		return false;
+	}


-
-    public function evaluate(): bool
-    {
-
-        $previousResult = $newResult = null;
-
-        // exclude always has priority
-
-        $exclude = $this->excludeRules;
-        $include = $this->includeRules;
-
-        if ($exclude) {
-            foreach ($exclude as $rule) {
-                if (!strlen(trim($rule['rule']))) {
-                    continue;
-                }
-                if (!strlen($this->language) && ((str_starts_with($rule['rule'], 'lang=')) || (str_starts_with($rule['rule'], 'lang!=')))) {
-                    continue;
-                }
-
-                $result = $this->evaluateRule($rule['rule']);
-
-                switch ($rule['operation']) {
-                    case '':
-                        $previousResult = $newResult = $result;
-                        break;
-                    case ' || ':
-                        $newResult = $previousResult || $result;
-                        break;
-                    case ' && ':
-                        $newResult = $previousResult && $result;
-                        break;
-                }
-            }
-            if ($newResult) {
-                return false;
-            }
-        }
-
-        $previousResult = $newResult = null;
-
-        if ($include) {
-            foreach ($include as $rule) {
-                if (!strlen(trim($rule['rule']))) {
-                    continue;
-                }
-                if (!strlen($this->language) && ((str_starts_with($rule['rule'], 'lang=')) || (str_starts_with($rule['rule'], 'lang!=')))) {
-                    continue;
-                }
-                $result = $this->evaluateRule($rule['rule']);
-
-                switch ($rule['operation']) {
-                    case '':
-                        $previousResult = $newResult = $result;
-                        break;
-                    case ' || ':
-                        $newResult = $previousResult || $result;
-                        break;
-                    case ' && ':
-                        $newResult = $previousResult && $result;
-                        break;
-
-                }
-            }
-        }
-        return $newResult ?? true;
-    }
-
-    protected function evaluateRule($ruleText): bool
-    {
-        $ruleText = trim($ruleText);
-
-        if (($this->language) && ((str_starts_with($ruleText, 'lang=')) || (str_starts_with($ruleText, 'lang!=')))) {
-            if (str_starts_with($ruleText, 'lang=') && strcasecmp($this->language, trim(substr($ruleText, 5))) == 0) {
-                $this->lastMatch = $ruleText;
-                return true;
-            } elseif (str_starts_with($ruleText, 'lang!=') && strcasecmp($this->language, trim(substr($ruleText, 6))) != 0) {
-                $this->lastMatch = $ruleText;
-                return true;
-            }
-        } elseif (str_starts_with($ruleText, 'until=')) {
-            $until = strtotime(trim(substr($ruleText, 6)));
-
-            if ($until > strtotime($this->item['created'] . ' UTC')) {
-                $this->lastMatch = $ruleText;
-                return true;
-            }
-        } elseif (str_starts_with($ruleText, '#') && $this->tags) {
-            // #hashtag match
-            foreach ($this->tags as $t) {
-                if ((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (!strcasecmp($t['term'], substr($ruleText, 1)) || (substr($ruleText, 1) === '*'))) {
-                    $this->lastMatch = $ruleText;
-                    return true;
-                }
-            }
-            // hashtag count match
-            if (substr($ruleText, 1, 1) === '>') {
-                $hashtagLimit = (int)substr($ruleText, 2);
-                $hashtagCount = 0;
-                foreach ($this->tags as $t) {
-                    if ($t['ttype'] == TERM_HASHTAG || $t['ttype'] == TERM_COMMUNITYTAG) {
-                        $hashtagCount++;
-                    }
-                }
-                if ($hashtagLimit && $hashtagCount > $hashtagLimit) {
-                    $this->lastMatch = $ruleText;
-                    return true;
-                }
-            }
-        } elseif (str_starts_with($ruleText, '@') && $this->tags) {
-            // @mention match
-            foreach ($this->tags as $t) {
-                if ((($t['ttype'] == TERM_MENTION && (!strcasecmp($t['term'], substr($ruleText, 1)))) || (substr($ruleText, 1) === '*'))) {
-                    $this->lastMatch = $ruleText;
-                    return true;
-                }
-            }
-            // mention count match
-            if (substr($ruleText, 1, 1) === '>') {
-                $mentionLimit = (int)substr($ruleText, 2);
-                $mentionCount = 0;
-                foreach ($this->tags as $t) {
-                    if ($t['ttype'] == TERM_MENTION) {
-                        $mentionCount++;
-                    }
-                }
-                if ($mentionLimit && $mentionCount > $mentionLimit) {
-                    $this->lastMatch = $ruleText;
-                    return true;
-                }
-            }
-        } elseif (str_starts_with($ruleText, '$') && $this->tags) {
-            foreach ($this->tags as $t) {
-                if (($t['ttype'] == TERM_CATEGORY) && (($t['term'] === substr($ruleText, 1)) || (substr($ruleText, 1) === '*'))) {
-                    $this->lastMatch = $ruleText;
-                    return true;
-                }
-            }
-        } elseif (str_starts_with($ruleText, '?+') && is_array($this->item['obj'])) {
-            if ($this->test_condition(substr($ruleText, 2), $this->item['obj'])) {
-                $this->lastMatch = $ruleText;
-                return true;
-            }
-        } elseif (str_starts_with($ruleText, '?')) {
-            $this->item['ua'] = $_SERVER['HTTP_USER_AGENT'] ?? '';
-            if (empty($this->item['app'])) {
-                $author_app = $this->item['author']['site_project'] ?? '';
-                if (!$author_app && isset($this->item['author'])) {
-                    if (str_contains($this->item['author']['xchan_hash'], 'threads.net') || str_contains($this->item['author']['xchan_hash'], 'threads.com')) {
-                        $author_app = 'threads';
-                    }
-                }
-                $this->item['app'] = $author_app;
-            }
-            if ($this->test_condition(substr($ruleText, 1), $this->item)) {
-                unset($this->item['ua']);
-                $this->lastMatch = $ruleText;
-                return true;
-            }
-            unset($this->item['ua']);
-        } elseif ((str_starts_with($ruleText, '/')) && preg_match($ruleText, $this->item['body'])) {
-            $this->lastMatch = $ruleText;
-            return true;
-        } elseif (stristr($this->item['body'], $ruleText) !== false) {
-            $this->lastMatch = $ruleText;
-            return true;
-        }
-        return false;
-    }
-
-
-    public function getLastMatch(): string
-    {
-        return $this->lastMatch;
-    }
-    public function setLastMatch($string): MessageFilter
-    {
-        $this->lastMatch = $string;
-        return $this;
-    }
-    /**
-     * @brief Test for Conditional Execution conditions. Shamelessly ripped off from src/Render/Comanche
-     *
-     * This is extensible. The first version of variable testing supports tests of the forms:
-     *
-     * - ?foo ~= baz will check if item.foo contains the string 'baz';
-     * - ?foo == baz will check if item.foo is the string 'baz';
-     * - ?foo != baz will check if item.foo is not the string 'baz';
-     * - ?foo // baz will check if item.foo matches the regular expression 'baz';
-     * - ?foo >= 3 will check if item.foo is greater than or equal to 3;
-     * - ?foo > 3 will check if item.foo is greater than 3;
-     * - ?foo <= 3 will check if item.foo is less than or equal to 3;
-     * - ?foo < 3 will check if item.foo is less than 3;
-     * - ?foo & 2 will check if item.foo has the second bit set.
-     * - ?foo !& 2 will check if item.foo does not have the second bit set.
-     *
-     * - ?foo {} baz which will check if 'baz' is an array element in item.foo
-     * - ?foo {*} baz which will check if 'baz' is an array key in item.foo
-     * - ?foo which will check for a return of a true condition for item.foo;
+	/**
+	 * @brief Test for Conditional Execution conditions. Shamelessly ripped off from Code/Render/Comanche
+	 *
+	 * This is extensible. The first version of variable testing supports tests of the forms:
+	 *
+	 * - ?foo ~= baz which will check if item.foo contains the string 'baz';
+	 * - ?foo == baz which will check if item.foo is the string 'baz';
+	 * - ?foo != baz which will check if item.foo is not the string 'baz';
+	 * - ?foo >= 3 which will check if item.foo is greater than or equal to 3;
+	 * - ?foo > 3 which will check if item.foo is greater than 3;
+	 * - ?foo <= 3 which will check if item.foo is less than or equal to 3;
+	 * - ?foo < 3 which will check if item.foo is less than 3;
+	 *
+	 * - ?foo {} baz which will check if 'baz' is an array element in item.foo
+	 * - ?foo {*} baz which will check if 'baz' is an array key in item.foo
+	 * - ?foo which will check for a return of a true condition for item.foo;
     * - ?!foo which will check for a return of a false condition for item.foo;
     *
-     * The values 0, '', an empty array, and an unset value will all evaluate to false.
-     *
-     * @param string $s
-     * @param array $item
-     * @return bool
-     */
-    protected function test_condition($s,$item)
-    {
-        $s = trim($s);
+	 * The values 0, '', an empty array, and an unset value will all evaluate to false.
+	 *
+	 * @param string $s
+	 * @param array $item
+	 * @return bool
+	 */

-        if (preg_match('/(.*?)\s&\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if ($x & (int) trim($matches[2])) {
-                return true;
-            }
-            return false;
-        }
+	public static function test_condition($s,$item) {

-        if (preg_match('/(.*?)\s!&\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if (!($x & (int) trim($matches[2]))) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/(.*?)\s\~\=\s(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if (stripos($x, trim($matches[2])) !== false) {
+				return true;
+			}
+			return false;
+		}

-        if (preg_match('/(.*?)\s~=\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if (is_string($x) && stripos($x, trim($matches[2])) !== false) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/(.*?)\s\=\=\s(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if ($x == trim($matches[2])) {
+				return true;
+			}
+			return false;
+		}

-        if (preg_match('/(.*?)\s==\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if ($x == trim($matches[2])) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/(.*?)\s\!\=\s(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if ($x != trim($matches[2])) {
+				return true;
+			}
+			return false;
+		}

-        if (preg_match('/(.*?)\s!=\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if ($x != trim($matches[2])) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/(.*?)\s\>\=\s(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if ($x >= trim($matches[2])) {
+				return true;
+			}
+			return false;
+		}

-        if (preg_match('/(.*?)\s\/\/\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if (substr(trim($matches[2]),0,1) !== substr(trim($matches[2]),-1)) {
-                $matches[2] = '/' . trim($matches[2]) . '/';
-            }
-            if (preg_match(trim($matches[2]), $x)) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/(.*?)\s\<\=\s(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if ($x <= trim($matches[2])) {
+				return true;
+			}
+			return false;
+		}

-        if (preg_match('/(.*?)\s>=\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if ($x >= trim($matches[2])) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/(.*?)\s\>\s(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if ($x > trim($matches[2])) {
+				return true;
+			}
+			return false;
+		}

-        if (preg_match('/(.*?)\s<=\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if ($x <= trim($matches[2])) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/(.*?)\s\>\s(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if ($x < trim($matches[2])) {
+				return true;
+			}
+			return false;
+		}

-        if (preg_match('/(.*?)\s>\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if ($x > trim($matches[2])) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/[\$](.*?)\s\{\}\s(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if (is_array($x) && in_array(trim($matches[2]), $x)) {
+				return true;
+			}
+			return false;
+		}

-        if (preg_match('/(.*?)\s<\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if ($x < trim($matches[2])) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/(.*?)\s\{\*\}\s(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if (is_array($x) && array_key_exists(trim($matches[2]), $x)) {
+				return true;
+			}
+			return false;
+		}

-        // Array contains value
-        if (preg_match('/(.*?)\s\{\}\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if (is_array($x) && in_array(trim($matches[2]), $x)) {
-                return true;
-            }
-            return false;
-        }
+		// Ordering of this check (for falsiness) with relation to the following one (check for truthiness) is important.
+		if (preg_match('/\!(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if (!$x) {
+				return true;
+			}
+			return false;
+		}

-        // Array contains key
-        if (preg_match('/(.*?)\s\{\*}\s(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if (is_array($x) && array_key_exists(trim($matches[2]), $x)) {
-                return true;
-            }
-            return false;
-        }
+		if (preg_match('/(.*?)$/', $s, $matches)) {
+			$x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
+			if ($x) {
+				return true;
+			}
+			return false;
+		}

-        // Ordering of this check (for falseness) with relation to the following one (check for truthiness) is important.
-        if (preg_match('/!(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if (!$x) {
-                return true;
-            }
-            return false;
-        }
+		return false;
+	}

-        if (preg_match('/(.*?)$/', $s, $matches)) {
-            $x = ((array_key_exists(trim($matches[1]),$item)) ? $item[trim($matches[1])] : EMPTY_STR);
-            if ($x) {
-                return true;
-            }
-            return false;
-        }
-        return false;
-    }
 }
--- a/Zotlabs/Lib/MySQLDbStats.php
+++ b/Zotlabs/Lib/MySQLDbStats.php
@@ -1,37 +0,0 @@
-<?php
-/*
- * SPDX-FileCopyrightText: 2026 The Hubzilla Community
- * SPDX-FileContributor: Harald Eilertsen <haraldei@anduin.net>
- *
- * SPDX-License-Identifier: MIT
- */
-
-namespace Zotlabs\Lib;
-
-use DBA;
-use PDO;
-
-/**
- * Concrete implementation for getting stats from MySQL and MariaDB databases.
- */
-class MySQLDbStats extends DbStats {
-
-	public function getQueries(): int {
-		//
-		// We can't use the regular Hubzilla db helper function here, as
-		// it will only return information from a `SELECT` statement.
-		//
-		// Use the basic PDO access instead.
-		//
-		$query = DBA::$dba->db->prepare('SHOW STATUS LIKE "Queries"');
-		$query->execute();
-
-		$result = $query->fetch(PDO::FETCH_ASSOC);
-		logger(print_r($result, true));
-		if (!empty($result)) {
-			return $result['Value'] ?? -1;
-		}
-
-		return 0;
-	}
-}
--- a/Zotlabs/Lib/ObjCache.php
+++ b/Zotlabs/Lib/ObjCache.php
@@ -1,40 +0,0 @@
-<?php
-
-namespace Zotlabs\Lib;
-
-class ObjCache
-{
-	public static function Get($path, $type = 'as')
-	{
-		if (!$path) {
-			return [];
-		}
-
-		$localpath = Hashpath::path($path, 'store/[data]/[obj]/' . $type, 2, alg: 'sha256');
-		if (file_exists($localpath)) {
-			return json_unserialize(file_get_contents($localpath));
-		}
-
-		return [];
-	}
-
-	public static function Set($path, $content, $type = 'as') {
-		if (!$path) {
-			return;
-		}
-
-		$localpath = Hashpath::path($path, 'store/[data]/[obj]/' . $type, 2, alg: 'sha256');
-		file_put_contents($localpath, json_serialize($content));
-	}
-
-	public static function Delete($path, $type = 'as') {
-		if (!$path) {
-			return;
-		}
-
-		$localpath = Hashpath::path($path, 'store/[data]/[obj]/' . $type, 2, alg: 'sha256');
-		if (file_exists($localpath)) {
-			unlink($localpath);
-		}
-	}
-}
--- a/Zotlabs/Lib/PostgresDbStats.php
+++ b/Zotlabs/Lib/PostgresDbStats.php
@@ -1,32 +0,0 @@
-<?php
-/*
- * SPDX-FileCopyrightText: 2026 The Hubzilla Community
- * SPDX-FileContributor: Harald Eilertsen <haraldei@anduin.net>
- *
- * SPDX-License-Identifier: MIT
- */
-
-namespace Zotlabs\Lib;
-
-use DBA;
-
-/**
- * Concrete implementation for getting stats from PostgreSQL databases.
- */
-class PostgresDbStats extends DbStats {
-
-	public function getQueries(): int {
-		$sqlGetQps = <<<'SQL'
-				select (xact_commit + xact_rollback) as queries
-				from pg_stat_database
-				where datname='%s'
-				SQL;
-
-		$result = q($sqlGetQps, DBA::$dba->dbname);
-		if (!empty($result)) {
-			return $result[0]['queries'] ?? -1;
-		}
-
-		return 0;
-	}
-}
--- a/Zotlabs/Lib/Queue.php
+++ b/Zotlabs/Lib/Queue.php
@@ -7,20 +7,6 @@ use Zotlabs\Zot6\Zot6Handler;

 class Queue {

-	/**
-	 * Get number of entries in the out queue.
-	 *
-	 * When delivery is successful, the item is removed from the out queue, so
-	 * the number of items in the queue reflects the number of pending delivery
-	 * attempts.
-	 *
-	 * @return int Number of items in the out queue.
-	 */
-	static function count(): int {
-		$r = dbq('select count(*) as total from outq');
-		return $r[0]['total'] ?? 0;
-	}
-
 	static function update($id, $add_priority = 0) {

 		logger('queue: requeue item ' . $id,LOGGER_DEBUG);
--- a/Zotlabs/Lib/QueueWorkerStats.php
+++ b/Zotlabs/Lib/QueueWorkerStats.php
@@ -1,28 +0,0 @@
-<?php
-/*
- * SPDX-FileCopyrightText: 2026 The Hubzilla Community
- * SPDX-FileContributor: Harald Eilertsen <haraldei@anduin.net>
- *
- * SPDX-License-Identifier: MIT
- */
-
-namespace Zotlabs\Lib;
-
-class QueueWorkerStats
-{
-	public readonly int $size;
-	public readonly int $active;
-
-	public function __construct() {
-		$query = <<<'SQL'
-			select count(*) as total from workerq
-			union (select count(*) as qworkers from workerq where workerq_reservationid is not null)
-			SQL;
-
-		$result = dbq('select count(*) as total from workerq');
-		$this->size = !empty($result) ? $result[0]['total'] : -1;
-
-		$result = dbq('select count(*) as qworkers from workerq where workerq_reservationid is not null');
-		$this->active = !empty($result) ? $result[0]['qworkers'] : -1;
-	}
-}
--- a/Zotlabs/Lib/Share.php
+++ b/Zotlabs/Lib/Share.php
@@ -118,28 +118,26 @@ class Share {
 			$photo_bb = $object['body'];
 		}

-		if (!str_contains($this->item['body'], '[/share]')) {
-			$quote = in_array($this->item['author']['xchan_network'], ['zot6', 'activitypub']) ? "quote='true'" : '';
-
-			$bb .= "[share author='" . urlencode($this->item['author']['xchan_name']) . "'
-				profile='" . $this->item['author']['xchan_url'] . "'
-				avatar='" . $this->item['author']['xchan_photo_s'] . "'
-				link='" . $this->item['plink'] . "'
-				auth='" . (($this->item['author']['xchan_network'] === 'zot6') ? 'true' : 'false') . "'
-				posted='" . $this->item['created'] . "'
-				message_id='" . $this->item['mid'] . "'
-				$quote
-			]";
-
-			if ($this->item['title']) {
+		if (strpos($this->item['body'], "[/share]") !== false) {
+			$pos = strpos($this->item['body'], "[share");
+			$bb = substr($this->item['body'], $pos);
+		} else {
+			$bb = "[share author='".urlencode($this->item['author']['xchan_name']).
+				"' profile='"    . $this->item['author']['xchan_url'] .
+				"' avatar='"     . $this->item['author']['xchan_photo_s'] .
+				"' link='"       . $this->item['plink'] .
+				"' auth='"       . (($this->item['author']['xchan_network'] === 'zot6') ? 'true' : 'false') .
+				"' posted='"     . $this->item['created'] .
+				"' message_id='" . $this->item['mid'] .
+			"']";
+			if($this->item['title'])
 				$bb .= '[h3][b]'.$this->item['title'].'[/b][/h3]'."\r\n";
-			}
-
 			$bb .= (($is_photo) ? $photo_bb . "\r\n" . $this->item['body'] : $this->item['body']);
 			$bb .= "[/share]";
 		}

 		return $bb;
+
 	}

 }
--- a/Zotlabs/Lib/Text.php
+++ b/Zotlabs/Lib/Text.php
@@ -21,13 +21,4 @@ class Text {
 		return htmlspecialchars($string, ENT_COMPAT, 'UTF-8', false);
 	}

-	public static function rawurlencode_parts(string $string): string {
-		if (!$string) {
-			return EMPTY_STR;
-		}
-
-		return implode('/', array_map('rawurlencode', explode('/', $string)));
-	}
-
-
 }
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -3,8 +3,9 @@
 namespace Zotlabs\Lib;

 use App;
-use DBA;
 use Zotlabs\Access\AccessList;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Lib\Config;

 require_once('include/text.php');

@@ -25,7 +26,6 @@ class ThreadItem {
 	private $parent = null;
 	private $conversation = null;
 	private $redirect_url = null;
-	private $owner_addr = '';
 	private $owner_url = '';
 	private $owner_photo = '';
 	private $owner_name = '';
@@ -35,12 +35,14 @@ class ThreadItem {
 	private $channel = null;
 	private $display_mode = 'normal';
 	private $reload = '';
+	private $mid_uuid_map = [];
+

 	public function __construct($data) {

 		$this->data = $data;
 		$this->toplevel = ($this->get_id() == $this->get_data_value('parent'));
-		$this->threaded = ((local_channel()) ? PConfig::Get(local_channel(), 'system', 'thread_allow', true) : Config::Get('system', 'thread_allow', true));
+		$this->threaded = Config::Get('system','thread_allow');

 		// Prepare the children
 		if(isset($data['children'])) {
@@ -63,6 +65,8 @@ class ThreadItem {
 			unset($this->data['children']);
 		}

+
+
 		// allow a site to configure the order and content of the reaction emoji list
 		if($this->toplevel) {
 			$x = Config::Get('system','reactions');
@@ -80,7 +84,7 @@ class ThreadItem {
 	 *      _ false on failure
 	 */

-	public function get_template_data($thread_level=1, $conv_flags = []) {
+	public function get_template_data($conv_responses, $mid_uuid_map, $thread_level=1, $conv_flags = []) {

 		$result = [];
 		$item = $this->get_data();
@@ -99,8 +103,6 @@ class ThreadItem {
 		$conv = $this->get_conversation();
 		$observer = $conv->get_observer();

-		$conv->mid_uuid_map[$item['mid']] = $item['uuid'];
-
 		$acl = new AccessList([]);
 		$acl->set($item);

@@ -112,7 +114,7 @@ class ThreadItem {
 		$locktype = intval($item['item_private']);

 		if ($locktype === 2) {
-			$lock = t('Private message');
+			$lock = t('Direct message');
 		}

 		// 0 = limited based on public policy
@@ -121,10 +123,10 @@ class ThreadItem {
 			$locktype = 0;
 		}

-		$shareable = ((local_channel() && $conv->get_profile_owner() == local_channel()) && (intval($item['item_private']) === 0) && !str_contains($item['body'], '[/share]'));
+		$shareable = ((local_channel() && $conv->get_profile_owner() == local_channel()) && (intval($item['item_private']) === 0));

 		// allow an exemption for sharing stuff from your private feeds
-		if ($item['author']['xchan_network'] === 'rss')
+		if($item['author']['xchan_network'] === 'rss')
 			$shareable = true;

 		$repeatable = ((local_channel() && $conv->get_profile_owner() == local_channel()) && intval($item['item_private']) === 0 && in_array($item['author']['xchan_network'], ['zot6', 'activitypub']));
@@ -207,9 +209,9 @@ class ThreadItem {
 		}

 		if (in_array($item['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) {
-			$response_verbs[] = 'accept';
-			$response_verbs[] = 'reject';
-			$response_verbs[] = 'tentativeaccept';
+			$response_verbs[] = 'attendyes';
+			$response_verbs[] = 'attendno';
+			$response_verbs[] = 'attendmaybe';
 			if($this->is_commentable() && $observer) {
 				$isevent = true;
 				$attend = array( t('I will attend'), t('I will not attend'), t('I might attend'));
@@ -220,8 +222,17 @@ class ThreadItem {
 			$response_verbs[] = 'answer';
 		}

-		$response_verbs[] = 'comment';
-		$responses = get_responses($response_verbs, $item);
+		if (!feature_enabled($conv->get_profile_owner(),'dislike')) {
+			unset($conv_responses['dislike']);
+		}
+
+		$responses = get_responses($conv_responses,$response_verbs,$this,$item);
+
+		$my_responses = [];
+		foreach($response_verbs as $v) {
+			$my_responses[$v] = ((isset($conv_responses[$v][$item['mid'] . '-m'])) ? 1 : 0);
+		}
+

 		/*
 		 * We should avoid doing this all the time, but it depends on the conversation mode
@@ -231,13 +242,7 @@ class ThreadItem {

 		$this->check_wall_to_wall();

-		$children = $this->get_children();
-		$children_count = count($children);
-
 		if($this->is_toplevel()) {
-			$conv->comments_total = $responses['comment']['count'] ?? 0;
-			$conv->comments_loaded = $children_count;
-
 			if((local_channel() && $conv->get_profile_owner() === local_channel()) || (local_channel() && App::$module === 'pubstream')) {
 				$star = [
 					'toggle' => t("Toggle Star Status"),
@@ -249,6 +254,7 @@ class ThreadItem {
 			$is_comment = true;
 		}

+
 		$verified = (intval($item['item_verified']) ? t('Message signature validated') : '');
 		$forged = ((($item['sig']) && (! intval($item['item_verified']))) ? t('Message signature incorrect') : '');
 		$unverified = '' ; // (($this->is_wall_to_wall() && (! intval($item['item_verified']))) ? t('Message cannot be verified') : '');
@@ -281,15 +287,16 @@ class ThreadItem {
 		if((in_array($item['obj_type'], ['Event', ACTIVITY_OBJ_EVENT])) && $conv->get_profile_owner() == local_channel())
 			$has_event = true;

+		$like = [];
+		$dislike = [];
 		$reply_to = [];
 		$reactions_allowed = false;

-		if($this->is_commentable()) {
-			$reply_to = array( t("Reply to this message"), t("reply"), t("Reply to"));
-
-			if ($observer) {
-				$reactions_allowed = true;
-			}
+		if($this->is_commentable() && $observer) {
+			$like = array( t("I like this \x28toggle\x29"), t("like"));
+			$dislike = array( t("I don't like this \x28toggle\x29"), t("dislike"));
+			$reply_to = array( t("Reply to this comment"), t("reply"), t("Reply to"));
+			$reactions_allowed = true;
 		}

 		$share = [];
@@ -332,9 +339,10 @@ class ThreadItem {
 			$viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . urlencode(gen_link_id($item['mid']));

 		$comment_count_txt = ['label' => sprintf(tt('%d comment', '%d comments', $total_children), $total_children), 'count' => $total_children];
-
 		$list_unseen_txt = $unseen_comments ? ['label' => sprintf(t('%d unseen'), $unseen_comments), 'count' => $unseen_comments] : [];

+		$children = $this->get_children();
+
 		$has_tags = (($body['tags'] || $body['categories'] || $body['mentions'] || $body['attachments'] || $body['folders']) ? true : false);

                $dropdown_extras_arr = [ 'item' => $item , 'dropdown_extras' => '' ];
@@ -343,7 +351,14 @@ class ThreadItem {

 		$midb64 = $item['uuid'];
 		$mids = [ $item['uuid'] ];
+		$response_mids = [];
+		foreach($response_verbs as $v) {
+			if(isset($conv_responses[$v]['mids'][$item['mid']])) {
+				$response_mids = array_merge($response_mids, $conv_responses[$v]['mids'][$item['mid']]);
+			}
+		}

+		$mids = array_merge($mids, $response_mids);
 		$json_mids = json_encode($mids);

 		// Pinned item processing
@@ -357,22 +372,6 @@ class ThreadItem {
 			$contact = App::$contacts[$item['author_xchan']];
 		}

-		$blog_mode = $this->get_display_mode() === 'list';
-		$load_more = false;
-		$load_more_title = '';
-		$comments_total_percent = 0;
-		if (($conv->comments_total > $conv->comments_loaded) || ($blog_mode && $conv->comments_total > 3)) {
-			// provide a load more comments button
-			$load_more = true;
-			$load_more_title = sprintf(t('Load the next few of total %d comments'), $conv->comments_total);
-			$comments_total_percent = round(100 * 3 / $conv->comments_total);
-		}
-
-		$expand = '';
-		if ($this->threaded && !empty($item['comment_count'] && !$this->is_toplevel())) {
-			$expand = t('Expand Replies');
-		}
-
 		$tmp_item = array(
 			'template' => $this->get_template(),
 			'mode' => $mode,
@@ -385,9 +384,9 @@ class ThreadItem {
 			'folders' => $body['folders'],
 			'text' => strip_tags($body['html']),
 			'id' => $this->get_id(),
-			'parent' => $item['parent'],
 			'mid' => $midb64,
 			'mids' => $json_mids,
+			'parent' => $item['parent'],
 			'author_id' => (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']),
 			'author_is_group_actor' => (($item['author']['xchan_pubforum']) ? t('Forum') : ''),
 			'isevent' => $isevent,
@@ -416,7 +415,7 @@ class ThreadItem {
 			'isotime' => datetime_convert('UTC', date_default_timezone_get(), $item['created'], 'c'),
 			'localtime' => datetime_convert('UTC', date_default_timezone_get(), $item['created']),
 			'editedtime' => (($item['edited'] != $item['created']) ? sprintf(t('Last edited %s'), relative_time($item['edited'])) : ''),
-			'expiretime' => (($item['expires'] > DBA::$dba->get_null_date()) ? sprintf(t('Expires %s'), relative_time($item['expires'])) : ''),
+			'expiretime' => (($item['expires'] > NULL_DATE) ? sprintf(t('Expires %s'), relative_time($item['expires'])) : ''),
 			'lock' => $lock,
 			'locktype' => $locktype,
 			'delayed' => (($item['item_delayed']) ? sprintf(t('Published %s'), relative_time($item['created'])) : ''),
@@ -432,7 +431,6 @@ class ThreadItem {
 			'vote_title' => t('Voting Options'),
 			'is_comment' => $is_comment,
 			'is_new' => $is_new,
-			'owner_addr' => $this->get_owner_addr(),
 			'owner_url' => $this->get_owner_url(),
 			'owner_photo' => $this->get_owner_photo(),
 			'owner_name' => $this->get_owner_name(),
@@ -442,12 +440,13 @@ class ThreadItem {
 			'reactions' => $this->reactions,
 			// Item toolbar buttons
 			'emojis'	=> (($this->is_toplevel() && $this->is_commentable() && $observer && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
-			'reply_to'	=> ((feature_enabled($conv->get_profile_owner(),'reply_to')) ? $reply_to : ''),
+			'like'      => $like,
+			'dislike'   => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike : ''),
+			'reply_to'	=> (((! $this->is_toplevel()) && feature_enabled($conv->get_profile_owner(),'reply_to')) ? $reply_to : ''),
 			'top_hint'	=> t("Go to previous comment"),
 			'share'     => $share,
 			'embed'     => $embed,
 			'rawmid'	=> $item['mid'],
-			'parent_mid' => $item['parent_mid'],
 			'plink'     => get_plink($item),
 			'edpost'    => $edpost,
 			'star'      => ((feature_enabled($conv->get_profile_owner(),'star_posts') && ($item['item_type'] == ITEM_TYPE_POST)) ? $star : ''),
@@ -467,17 +466,16 @@ class ThreadItem {
 			'list_unseen_txt' => $list_unseen_txt,
 			'markseen' => t('Mark all comments seen'),
 			'responses' => $responses,
-		//	'my_responses' => $my_responses,
+			'my_responses' => $my_responses,
 			'modal_dismiss' => t('Close'),
 			'comment' => ($item['item_delayed'] ? '' : $this->get_comment_box()),
-			'comment_hidden' => feature_enabled($conv->get_profile_owner(),'reply_to'),
 			'no_comment' => (($item['item_thread_top'] && $item['item_nocomment'])? t('Comments disabled') : ''),
 			'previewing' => ($conv->is_preview() ? true : false ),
 			'preview_lbl' => t('This is an unsaved preview'),
 			'wait' => t('Please wait'),
 			'thread_level' => $thread_level,
 			'settings' => $settings,
-			'thr_parent_uuid' => (($item['parent_mid'] !== $item['thr_parent'] && isset($conv->mid_uuid_map[$item['thr_parent']])) ? $conv->mid_uuid_map[$item['thr_parent']] : ''),
+			'thr_parent_uuid' => (($item['parent_mid'] != $item['thr_parent']) ? $mid_uuid_map[$item['thr_parent']] : ''),
 			'contact_id' => (($contact) ? $contact['abook_id'] : ''),
 			'moderate' => ($item['item_blocked'] == ITEM_MODERATED),
 			'moderate_approve' => t('Approve'),
@@ -485,25 +483,7 @@ class ThreadItem {
 			'rtl' => in_array($item['lang'], rtl_languages()),
 			'reactions_allowed' => $reactions_allowed,
 			'reaction_str' => [t('Add yours'), t('Remove yours')],
-			'is_contained' => $this->is_toplevel() && str_contains($item['tgt_type'], 'Collection'),
-			'observer_activity' => [
-				'like' => intval($item['observer_like_count'] ?? 0),
-				'dislike' => intval($item['observer_dislike_count'] ?? 0),
-				'announce' => intval($item['observer_announce_count'] ?? 0),
-				'comment' => intval($item['observer_comment_count'] ?? 0),
-				'accept' => intval($item['observer_accept_count'] ?? 0),
-				'reject' => intval($item['observer_reject_count'] ?? 0),
-				'tentativeaccept' => intval($item['observer_tentativeaccept_count'] ?? 0)
-			],
-			'threaded' => $this->threaded,
-			'blog_mode' => $blog_mode,
-			'collapse_comments' => t('show less'),
-			'expand_comments' =>  $this->threaded ? t('show more') : t('show all'),
-			'load_more' => $load_more,
-			'load_more_title' => $load_more_title,
-			'comments_total' => $conv->comments_total,
-			'comments_total_percent' => $comments_total_percent,
-			'expand' => $expand
+			'is_contained' => $this->is_toplevel() && str_contains($item['tgt_type'], 'Collection')
 		);

 		$arr = array('item' => $item, 'output' => $tmp_item);
@@ -512,19 +492,25 @@ class ThreadItem {
 		$result = $arr['output'];

 		$result['children'] = array();
+		$nb_children = count($children);

-		$visible_comments = 3; // Config::Get('system', 'expanded_comments', 3);
+		$visible_comments = Config::Get('system', 'expanded_comments', 3);

-		if(($this->get_display_mode() === 'normal') && ($children_count > 0)) {
+		if(($this->get_display_mode() === 'normal') && ($nb_children > 0)) {
 			foreach($children as $child) {
-				$result['children'][] = $child->get_template_data($thread_level + 1, $conv_flags);
+				$result['children'][] = $child->get_template_data($conv_responses, $mid_uuid_map, $thread_level + 1,$conv_flags);
 			}
-
 			// Collapse
-			if($thread_level === 1 && $children_count > $visible_comments) {
+			if(($nb_children > $visible_comments) || ($thread_level > 1)) {
 				$result['children'][0]['comment_firstcollapsed'] = true;
 				$result['children'][0]['num_comments'] = $comment_count_txt['label'];
-				$result['children'][$children_count - ($visible_comments + 1)]['comment_lastcollapsed'] = true;
+				$result['children'][0]['hide_text'] = t('show all');
+				if($thread_level > 1) {
+					$result['children'][$nb_children - 1]['comment_lastcollapsed'] = true;
+				}
+				else {
+					$result['children'][$nb_children - ($visible_comments + 1)]['comment_lastcollapsed'] = true;
+				}
 			}
 		}

@@ -777,7 +763,7 @@ class ThreadItem {
 	 */
 	private function get_comment_box() {

-		if(!$this->is_toplevel()) {
+		if(!$this->is_toplevel() && !Config::Get('system','thread_allow')) {
 			return '';
 		}

@@ -813,11 +799,10 @@ class ThreadItem {
 			'$submit' => t('Submit'),
 			'$edbold' => t('Bold'),
 			'$editalic' => t('Italic'),
-			'$edhighlighter' => t('Highlight selected text'),
 			'$eduline' => t('Underline'),
 			'$edquote' => t('Quote'),
 			'$edcode' => t('Code'),
-			'$edimg' => t('Embed (existing) photo from your photo albums'),
+			'$edimg' => t('Image'),
 			'$edatt' => t('Attach/Upload file'),
 			'$edurl' => t('Insert Link'),
 			'$edvideo' => t('Video'),
@@ -848,7 +833,6 @@ class ThreadItem {
 		$conv = $this->get_conversation();
 		$this->wall_to_wall = false;
 		$this->owner_url = '';
-		$this->owner_addr = '';
 		$this->owner_photo = '';
 		$this->owner_name = '';

@@ -857,14 +841,12 @@ class ThreadItem {

 		if($this->is_toplevel() && ($this->get_data_value('author_xchan') != $this->get_data_value('owner_xchan'))) {
 			$this->owner_url = chanlink_hash($this->data['owner']['xchan_hash']);
-			$this->owner_addr = $this->data['owner']['xchan_addr'];
 			$this->owner_photo = $this->data['owner']['xchan_photo_s'];
 			$this->owner_name = $this->data['owner']['xchan_name'];
 			$this->wall_to_wall = true;
 		}
 		elseif($this->is_toplevel() && $this->get_data_value('verb') === 'Announce' && isset($this->data['source'])) {
 			$this->owner_url = chanlink_hash($this->data['source']['xchan_hash']);
-			$this->owner_addr = $this->data['source']['xchan_addr'];
 			$this->owner_photo = $this->data['source']['xchan_photo_s'];
 			$this->owner_name = $this->data['source']['xchan_name'];
 			$this->wall_to_wall = true;
@@ -879,10 +861,6 @@ class ThreadItem {
 		return $this->owner_url;
 	}

-	private function get_owner_addr() {
-		return $this->owner_addr;
-	}
-
 	private function get_owner_photo() {
 		return $this->owner_photo;
 	}
--- a/Zotlabs/Lib/ThreadStream.php
+++ b/Zotlabs/Lib/ThreadStream.php
@@ -24,10 +24,6 @@ class ThreadStream {
 	private $prepared_item = '';
 	public $reload = '';
 	private $cipher = 'AES-128-CCM';
-	public $mid_uuid_map = [];
-	public $comments_total = 0;
-	public $comments_loaded = 0;
-

 	// $prepared_item is for use by alternate conversation structures such as photos
 	// wherein we've already prepared a top level item which doesn't look anything like
@@ -215,15 +211,16 @@ class ThreadStream {
 	 *      _ The data requested on success
 	 *      _ false on failure
 	 */
-	public function get_template_data() {
+	public function get_template_data($conv_responses, $mid_uuid_map) {
 		$result = array();

 		foreach($this->threads as $item) {
+
 			if(($item->get_data_value('id') == $item->get_data_value('parent')) && $this->prepared_item) {
 				$item_data = $this->prepared_item;
 			}
 			else {
-				$item_data = $item->get_template_data();
+				$item_data = $item->get_template_data($conv_responses, $mid_uuid_map);
 			}
 			if(!$item_data) {
 				logger('Failed to get item template data ('. $item->get_id() .').', LOGGER_DEBUG, LOG_ERR);
--- a/Zotlabs/Lib/Traits/HelpHelperTrait.php
+++ b/Zotlabs/Lib/Traits/HelpHelperTrait.php
@@ -9,7 +9,7 @@ trait HelpHelperTrait {
 	// PHP versions before 8.2 does not support trait constants,
 	// Leave this commented out until we drop support for PHP 8.1.
 	//
-	// const VALID_FILE_EXT = ['md', 'bb', 'html', 'json'];
+	// const VALID_FILE_EXT = ['md', 'bb', 'html'];

 	private string $file_name = '';
 	private string $file_type = '';
@@ -58,7 +58,7 @@ trait HelpHelperTrait {
 	private function find_help_file(string $base_path, string $lang): void {

 		// Use local variable until we can use trait constants.
-		$valid_file_ext = ['md', 'bb', 'html', 'json'];
+		$valid_file_ext = ['md', 'bb', 'html'];

 		$base_path_with_lang = "doc/{$lang}/${base_path}";

@@ -89,7 +89,7 @@ trait HelpHelperTrait {
 		);

 		return bbcode(
-			t("This page is not yet available in {$prefered_language_name}. See [observer.baseurl]/help/developer/developers_guide#Translations for information about how to help.")
+			t("This page is not yet available in {$prefered_language_name}. See [observer.baseurl]/help/developer/developer_guide#Translations for information about how to help.")
 		);
 	}
 }
--- a/Zotlabs/Lib/Url.php
+++ b/Zotlabs/Lib/Url.php
@@ -1,132 +0,0 @@
-<?php
-/*
- * SPDX-FileCopyrightText: 2026 The Hubzilla Community
- * SPDX-FileContributor: Mario Vavti <mario@mariovavti.com>
- *
- * SPDX-License-Identifier: MIT
- */
-
-namespace Zotlabs\Lib;
-
-class Url {
-
-	/**
-	 * @brief Adds a zid parameter to a url.
-	 *
-	 * @param string $s
-	 *   The url to accept the zid
-	 * @param string $address
-	 *   $address to use instead of session environment
-	 * @return string
-	 */
-	public static function zid(string $url, string $address = ''): string
-	{
-		if (!$url || strpos($url, 'zid=') !== false) {
-			return $url;
-		}
-
-		$parts = parse_url($url);
-		if ($parts === false) {
-			return $url;
-		}
-
-		$mine   = get_my_url();
-		$myaddr = $address ?: get_my_address();
-
-		if (!$mine || !$myaddr) {
-			return $url;
-		}
-
-		$mine_parts = parse_url($mine);
-		$same_host = isset($mine_parts['host'], $parts['host']) && strcasecmp($mine_parts['host'], $parts['host']) === 0;
-
-		if ($same_host) {
-			return $url;
-		}
-
-		$query = [];
-		if (!empty($parts['query'])) {
-			parse_str($parts['query'], $query);
-		}
-
-		$query['zid'] = $myaddr;
-		$parts['query'] = http_build_query($query);
-
-		$hookdata = [
-			'url' => $url,
-			'zid' => urlencode($myaddr),
-			'result' => self::unparse($parts)
-		];
-
-		/**
-		 * @hooks zid
-		 *   Called when adding the observer's zid to a URL.
-		 *   * \e string \b url - url to accept zid
-		 *   * \e string \b zid - urlencoded zid
-		 *   * \e string \b result - the return string we calculated, change it if you want to return something else
-		 */
-		call_hooks('zid', $hookdata);
-
-		return $hookdata['result'];
-	}
-
-
-	/**
-	 * Reconstructs a URL from its parsed components.
-	 *
-	 * This function takes a parsed URL as an associative array and reconstructs
-	 * the URL based on the specified components (scheme, host, port, user, pass, path, query, fragment).
-	 * You can specify which components should be included in the final URL by passing the optional
-	 * `$parts` array. The function will return the complete URL string formed by combining
-	 * only the parts that exist in both the parsed URL and the `$parts` array.
-	 *
-	 * @param array $parsed_url The parsed URL components as an associative array.
-	 *                          The array can include keys like 'scheme', 'host', 'port', 'user', 'pass',
-	 *                          'path', 'query', 'fragment'.
-	 *
-	 * @param array $parts An optional array that specifies which components of the URL
-	 *                     should be included in the final string. Defaults to:
-	 *                     ['scheme', 'host', 'port', 'user', 'pass', 'path', 'query', 'fragment'].
-	 *                     If any of the components are not required, they can be omitted from the array.
-	 *
-	 * @return string The reconstructed URL as a string.
-	 */
-	public static function unparse(array $parsed_url, array $parts = ['scheme', 'host', 'port', 'user', 'pass', 'path', 'query', 'fragment']): string {
-		$url_parts = [];
-
-		if (in_array('scheme', $parts) && array_key_exists('scheme', $parsed_url)) {
-			$url_parts[] = $parsed_url['scheme'] . '://';
-		}
-
-		if (in_array('user', $parts) && array_key_exists('user', $parsed_url)) {
-			$url_parts[] = $parsed_url['user'];
-			if (in_array('pass', $parts) && array_key_exists('pass', $parsed_url)) {
-				$url_parts[] = ':' . $parsed_url['pass'];
-			}
-			$url_parts[] = '@';
-		}
-
-		if (in_array('host', $parts) && array_key_exists('host', $parsed_url)) {
-			$url_parts[] = $parsed_url['host'];
-		}
-
-		if (in_array('port', $parts) && array_key_exists('port', $parsed_url)) {
-			$url_parts[] = ':' . $parsed_url['port'];
-		}
-
-		if (in_array('path', $parts) && array_key_exists('path', $parsed_url)) {
-			$url_parts[] = $parsed_url['path'];
-		}
-
-		if (in_array('query', $parts) && array_key_exists('query', $parsed_url)) {
-			$url_parts[] = '?' . $parsed_url['query'];
-		}
-
-		if (in_array('fragment', $parts) && array_key_exists('fragment', $parsed_url)) {
-			$url_parts[] = '#' . $parsed_url['fragment'];
-		}
-
-		return implode('', $url_parts);
-	}
-
-}
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -29,11 +29,11 @@ class Acl extends \Zotlabs\Web\Controller {

 		// logger('mod_acl: ' . print_r($_GET,true),LOGGER_DATA);

-		$start    = (!empty($_REQUEST['start'])  ? $_REQUEST['start']  : 0);
-		$count    = (!empty($_REQUEST['count'])  ? $_REQUEST['count']  : 500);
-		$search   = (!empty($_REQUEST['search']) ? $_REQUEST['search'] : '');
-		$type     = (!empty($_REQUEST['type'])   ? $_REQUEST['type']   : '');
-		$noforums = (!empty($_REQUEST['n'])      ? $_REQUEST['n']      : false);
+		$start    = (x($_REQUEST,'start')  ? $_REQUEST['start']  : 0);
+		$count    = (x($_REQUEST,'count')  ? $_REQUEST['count']  : 500);
+		$search   = (x($_REQUEST,'search') ? $_REQUEST['search'] : '');
+		$type     = (x($_REQUEST,'type')   ? $_REQUEST['type']   : '');
+		$noforums = (x($_REQUEST,'n')      ? $_REQUEST['n']      : false);


 		// $type =
@@ -53,7 +53,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		// List of channels whose connections to also suggest,
 		// e.g. currently viewed channel or channels mentioned in a post

-		$extra_channels = (!empty($_REQUEST['extra_channels']) ? $_REQUEST['extra_channels'] : []);
+		$extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array());

 		// The different autocomplete libraries use different names for the search text
 		// parameter. Internally we'll use $search to represent the search text no matter
@@ -416,7 +416,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		}

 		$dirmode = intval(Config::Get('system','directory_mode'));
-		$search = ((!empty($_REQUEST['search'])) ? htmlentities($_REQUEST['search'], ENT_COMPAT, 'UTF-8', false) : '');
+		$search = ((x($_REQUEST,'search')) ? htmlentities($_REQUEST['search'],ENT_COMPAT,'UTF-8',false) : '');
 		if(! $search || mb_strlen($search) < 2)
 			return array();

@@ -437,14 +437,16 @@ class Acl extends \Zotlabs\Web\Controller {

 		if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
 			$url = z_root() . '/dirsearch';
-		} else {
+		}
+
+		if(! $url) {
 			$directory = Libzotdir::find_upstream_directory($dirmode);
 			$url = $directory['url'] . '/dirsearch';
 		}

 		$token = Config::Get('system','realm_token');

-		$count = (!empty($_REQUEST['count']) ?  $_REQUEST['count'] : 100);
+		$count = (x($_REQUEST,'count') ?  $_REQUEST['count'] : 100);
 		if($url) {
 			$query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : '');
 			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : '');
--- a/Zotlabs/Module/Activity.php
+++ b/Zotlabs/Module/Activity.php
@@ -23,14 +23,14 @@ class Activity extends Controller {
 			if (! $item_id)
 				http_status_exit(404, 'Not found');

-			$portable_id = null;
+			$portable_id = EMPTY_STR;

 			$item_normal_extra = sprintf(" and not verb in ('Follow', 'Ignore', '%s', '%s') ",
 				dbesc(ACTIVITY_FOLLOW),
 				dbesc(ACTIVITY_UNFOLLOW)
 			);

-			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";

 			$i = null;

@@ -166,7 +166,6 @@ class Activity extends Controller {
 				return;
 			}

-			$portable_id = null;
 			$ob_authorize = false;
 			$item_uid = 0;

@@ -192,7 +191,7 @@ class Activity extends Controller {
 				dbesc(ACTIVITY_UNFOLLOW)
 			);

-			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";

 			$sigdata = HTTPSig::verify(EMPTY_STR);
 			if ($sigdata['portable_id'] && $sigdata['header_valid']) {
@@ -210,7 +209,7 @@ class Activity extends Controller {
 			// Give ocap tokens priority

 			if ($ob_authorize) {
-				$sql_extra = " and item.uid = " . intval($item_uid) . " ";
+				$sql_extra = " and item.uid = " . intval($token['uid']) . " ";
 			}
 			else {
 				$sql_extra = item_permissions_sql(0);
--- a/Zotlabs/Module/Admin.php
+++ b/Zotlabs/Module/Admin.php
@@ -8,7 +8,6 @@

 namespace Zotlabs\Module;

-use DBA;
 use Zotlabs\Lib\Config;

 require_once('include/account.php');
@@ -91,7 +90,7 @@ class Admin extends \Zotlabs\Web\Controller {
 		$r = q("SELECT COUNT(CASE WHEN account_id > 0 THEN 1 ELSE NULL END) AS total, COUNT(CASE WHEN account_expires > %s THEN 1 ELSE NULL END) AS expiring, COUNT(CASE WHEN account_expires < %s AND account_expires > '%s' THEN 1 ELSE NULL END) AS expired, COUNT(CASE WHEN (account_flags & %d)>0 THEN 1 ELSE NULL END) AS blocked FROM account",
 			db_utcnow(),
 			db_utcnow(),
-			dbesc(DBA::$dba->get_null_date()),
+			dbesc(NULL_DATE),
 			intval(ACCOUNT_BLOCKED)
 		);
 		if ($r) {
--- a/Zotlabs/Module/Admin/Account_edit.php
+++ b/Zotlabs/Module/Admin/Account_edit.php
@@ -55,10 +55,11 @@ class Account_edit {


 	function get() {
-		$account_id = intval(argv(2));
+		if(argc() > 2)
+			$account_id = argv(2);

 		$x = q("select * from account where account_id = %d limit 1",
-			$account_id
+			intval($account_id)
 		);

 		if(! $x) {
--- a/Zotlabs/Module/Admin/Accounts.php
+++ b/Zotlabs/Module/Admin/Accounts.php
@@ -203,6 +203,7 @@ class Accounts {
 		$t = get_markup_template('admin_accounts.tpl');
 		$o = replace_macros($t, array(
 			// strings //
+			'$debug' => $debug,
 			'$title' => t('Administration'),
 			'$page' => t('Accounts'),
 			'$submit' => t('Submit'),
@@ -262,7 +263,7 @@ class Accounts {

 		if ($zarop && $zarat >= 0 && $zarse && $zarse == $_SESSION[self::MYP]['h'][$zarat]) {

-			$rc = 0;
+			//
 			if ($zarop == 'd') {
 				$rd = q("UPDATE register SET reg_vital = 0 WHERE reg_id = %d AND SUBSTR(reg_hash,1,4) = '%s' ",
 					intval($_SESSION[self::MYP]['i'][$zarat]),
@@ -278,6 +279,7 @@ class Accounts {
 					intval($_SESSION[self::MYP]['i'][$zarat]),
 					dbesc($_SESSION[self::MYP]['h'][$zarat])
 				);
+				$rc = 0;
 				$rs = q("SELECT * from register WHERE reg_id = %d ",
 					intval($_SESSION[self::MYP]['i'][$zarat])
 				);
@@ -339,27 +341,29 @@ class Accounts {
 	 * @SuppressWarnings(PHPMD.ShortVariable)
 	 */
 	private function block_unblock_accounts(): void {
-		if (!isset($_POST['user'])) {
+		if (!isset($_POST['user']) || !isset($_POST['blocked'])) {
 			return;
 		}

 		$users = $_POST['user'];
+		$blocked = $_POST['blocked'];

-		if (!is_array($users)) {
+		if (!is_array($users) || !is_array($blocked)) {
 			return;
 		}

-		$xor = db_getfunc('^');
+		foreach($users as $i => $id) {
+			// if account is blocked remove blocked bit-flag, otherwise add blocked bit-flag
+			$op = $blocked[$i] ? '& ~' : '| ';

-		foreach($users as $id) {
-			q("UPDATE account SET account_flags = (account_flags $xor %d) WHERE account_id = %d",
+			q("UPDATE account SET account_flags = (account_flags $op%d) WHERE account_id = %d",
 				intval(ACCOUNT_BLOCKED),
 				intval($id)
 			);
 		}

 		$count = count($users);
-		$fmt = tt("%s account blocked/unblocked", "%s accounts blocked/unblocked", $count);
+		$fmt = tt("%s account blocked/unblocked", "%s account blocked/unblocked", $count);
 		notice(sprintf($fmt, $count));
 	}

--- a/Zotlabs/Module/Admin/Security.php
+++ b/Zotlabs/Module/Admin/Security.php
@@ -24,9 +24,6 @@ class Security {
 		$cloud_disksize       = ((x($_POST,'cloud_disksize'))	? 1	: 0);
 		Config::Set('system','cloud_report_disksize',$cloud_disksize);

-		$propfind_depth_infinity = ((x($_POST, 'propfind_depth_infinity')) ? 1 : 0);
-		Config::Set('system','propfind_depth_infinity', $propfind_depth_infinity);
-
 		$ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
 		Config::Set('system','whitelisted_sites',$ws);

@@ -112,7 +109,6 @@ class Security {
 	        '$block_public'     => array('block_public', t("Block public"), Config::Get('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
 			'$cloud_noroot'     => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(Config::Get('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ],
 			'$cloud_disksize'     => [ 'cloud_disksize', t('Show total disk space available to cloud uploads'), intval(Config::Get('system','cloud_report_disksize')), '' ],
-			'$propfind_depth_infinity' => ['propfind_depth_infinity', t('Allow propfind requests with infinity depth'), intval(Config::Get('system', 'propfind_depth_infinity')), t('Only turn this on if you know what you are doing')],
 			'$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(Config::Get('system','transport_security_header')),''),
 			'$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(Config::Get('system','content_security_policy')),''),
 			'$allowed_email'	=> array('allowed_email', t("Allowed email domains"), Config::Get('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")),
--- a/Zotlabs/Module/Apporder.php
+++ b/Zotlabs/Module/Apporder.php
@@ -32,9 +32,6 @@ class Apporder extends \Zotlabs\Web\Controller {

 			$syslist = Zlib\Apps::app_order(local_channel(),$syslist, $l);

-			$navbar_apps = [];
-			$nav_apps = [];
-
 			foreach($syslist as $app) {
 				if($l === 'nav_pinned_app') {
 					$navbar_apps[] = Zlib\Apps::app_render($app,'nav-order-pinned');
--- a/Zotlabs/Module/Attach_edit.php
+++ b/Zotlabs/Module/Attach_edit.php
@@ -82,7 +82,7 @@ class Attach_edit extends Controller {
 			$admin_delete = false;

 			$is_creator = (($creator == $observer_hash) ? true : false);
-			$move = ((!$delete && !$copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false);
+			$move = ((! $copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false);

 			$perms = get_all_perms($channel_id, $observer_hash);

@@ -133,11 +133,6 @@ class Attach_edit extends Controller {
 				}
 				$x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));

-				if (!$x['success']) {
-					notice($x['message'] . EOL);
-					goaway($return_path);
-				}
-
 				$actions_done .= 'move,';

 			}
--- a/Zotlabs/Module/Authorize.php
+++ b/Zotlabs/Module/Authorize.php
@@ -12,31 +12,28 @@ class Authorize extends \Zotlabs\Web\Controller {
 		}
 		else {

-			$name = $_GET['client_name'];
+			$name = $_REQUEST['client_name'];
 			if(! $name) {
-				$name = $_GET['client_id'] ?: t('Unknown App');
+				$name = (($_REQUEST['client_id']) ?: t('Unknown App'));
 			}

 			$app = [
-				'name' => escape_tags($name),
-				'icon' => (x($_GET, 'logo_uri')    ? $_GET['logo_uri'] : z_root() . '/images/icons/plugin.png'),
-				'url'  => (x($_GET, 'client_uri')  ? $_GET['client_uri'] : ''),
+				'name' => $name,
+				'icon' => (x($_REQUEST, 'logo_uri')    ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
+				'url'  => (x($_REQUEST, 'client_uri')  ? $_REQUEST['client_uri'] : ''),
 			];

-			$link = $app['url']
-				? '<a style="float: none;" href="' . escape_url($app['url']) . '">' . $app['name'] . '</a> '
-				: $app['name'];
+			$link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);

 			return replace_macros(get_markup_template('oauth_authorize.tpl'), [
 				'$title'        => t('Authorize'),
-				'$security'		=> get_form_security_token('oauth_authorize'),
 				'$authorize'    => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ),
 				'$app'          => $app,
 				'$yes'          => t('Allow'),
 				'$no'           => t('Deny'),
-				'$client_id'    => (x($_GET, 'client_id') ? $_GET['client_id'] : ''),
-				'$redirect_uri' => (x($_GET, 'redirect_uri') ? $_GET['redirect_uri'] : ''),
-				'$state'        => (x($_GET, 'state') ? $_GET['state'] : ''),
+				'$client_id'    => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
+				'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
+				'$state'        => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
 			]);
 		}
 	}
@@ -46,10 +43,6 @@ class Authorize extends \Zotlabs\Web\Controller {
 			return;
 		}

-		if (! check_form_security_token('oauth_authorize')) {
-			http_status_exit(401, t('You are not authorized to perform this action.'));
-		}
-
 		$storage = new OAuth2Storage(\DBA::$dba->db);
 		$s = new \Zotlabs\Identity\OAuth2Server($storage);

--- a/Zotlabs/Module/Block.php
+++ b/Zotlabs/Module/Block.php
@@ -7,63 +7,63 @@ require_once('include/conversation.php');
 class Block extends \Zotlabs\Web\Controller {

 	function init() {
-
+	
 		$which = argv(1);
 		$profile = 0;
 		profile_load($which,$profile);
-
+	
 		if(\App::$profile['profile_uid'])
 			head_set_icon(\App::$profile['thumb']);
-
+	
 	}
-
-
+	
+	
 		function get() {
-
+	
 		if(! perm_is_allowed(\App::$profile['profile_uid'],get_observer_hash(),'view_pages')) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-
+	
 		if(argc() < 3) {
 			notice( t('Invalid item.') . EOL);
 			return;
 		}
-
+	
 		$channel_address = argv(1);
 		$page_id = argv(2);
-
+	
 		$u = q("select channel_id from channel where channel_address = '%s' limit 1",
 			dbesc($channel_address)
 		);
-
+	
 		if(! $u) {
 			notice( t('Channel not found.') . EOL);
 			return;
 		}
-
+	
 		if($_REQUEST['rev'])
 			$revision = " and revision = " . intval($_REQUEST['rev']) . " ";
 		else
 			$revision = " order by revision desc ";
-
+	
 		require_once('include/security.php');
 		$sql_options = item_permissions_sql($u[0]['channel_id']);
-
+	
 		$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
-			where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and iconfig.k = 'BUILDBLOCK' and
+			where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and iconfig.k = 'BUILDBLOCK' and 
 			item_type = %d $sql_options $revision limit 1",
 			intval($u[0]['channel_id']),
 			dbesc($page_id),
 			intval(ITEM_TYPE_BLOCK)
 		);
-
+	
 		if(! $r) {
-
+	
 			// Check again with no permissions clause to see if it is a permissions issue
-
+	
 			$x = q("select item.* from item left join iconfig on item.id = iconfig.iid
-			where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and iconfig.k = 'BUILDBLOCK' and
+			where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and iconfig.k = 'BUILDBLOCK' and 
 			item_type = %d $revision limit 1",
 				intval($u[0]['channel_id']),
 				dbesc($page_id),
@@ -78,12 +78,13 @@ class Block extends \Zotlabs\Web\Controller {
 			}
 			return;
 		}
-
+	
 		xchan_query($r);
 		$r = fetch_post_tags($r,true);
-
-		return prepare_page($r[0]);
-
+	
+		$o .= prepare_page($r[0]);
+		return $o;
+	
 	}
-
+	
 }
--- a/Zotlabs/Module/Bookmarks.php
+++ b/Zotlabs/Module/Bookmarks.php
@@ -83,31 +83,37 @@ class Bookmarks extends \Zotlabs\Web\Controller {

 		$channel = \App::get_channel();

-		$bookmarks = [];
-		$x = menu_list(local_channel(), '', MENU_BOOKMARK);
-		if ($x) {
-			foreach ($x as $xx) {
-				$y = menu_fetch($xx['menu_name'], local_channel(), get_observer_hash());
-				$bookmarks[] = menu_render($y, '', true);
+		$o = '';
+
+		$o .= '<div class="generic-content-wrapper-styled">';
+
+		$o .= '<h3>' . t('Bookmarks') . '</h3>';
+
+		$x = menu_list(local_channel(),'',MENU_BOOKMARK);
+
+		if($x) {
+			foreach($x as $xx) {
+				$y = menu_fetch($xx['menu_name'],local_channel(),get_observer_hash());
+				$o .= menu_render($y,'',true);
 			}
 		}

-		$conn_bookmarks = [];
-		$x = menu_list(local_channel(), '', MENU_SYSTEM | MENU_BOOKMARK);
-		if ($x) {
-			foreach ($x as $xx) {
-				$y = menu_fetch($xx['menu_name'], local_channel(), get_observer_hash());
-				$conn_bookmarks[] = menu_render($y, '', true);
+		$o .= '<h3>' . t('My Connections Bookmarks') . '</h3>';
+
+
+		$x = menu_list(local_channel(),'',MENU_SYSTEM|MENU_BOOKMARK);
+
+		if($x) {
+			foreach($x as $xx) {
+				$y = menu_fetch($xx['menu_name'],local_channel(),get_observer_hash());
+				$o .= menu_render($y,'',true);
 			}
 		}

-		return replace_macros(get_markup_template('bookmarks.tpl'), [
-			'$title1' => t('Bookmarks'),
-			'$title2' => t('My Connections Bookmarks'),
-			'$bookmarks' => $bookmarks,
-			'$conn_bookmarks' => $conn_bookmarks,
-		]);
-		
+		$o .= '</div>';
+
+		return $o;
+
 	}


--- a/Zotlabs/Module/Cal.php
+++ b/Zotlabs/Module/Cal.php
@@ -136,13 +136,15 @@ class Cal extends Controller {
 				}

 				$html = '';
-				$tz = get_iconfig($rr, 'event', 'timezone', 'UTC');
-
 				if (x($_GET,'id')) {
 					$rr['timezone'] = $tz;
 					$html = format_event_html($rr);
 				}

+				$tz = get_iconfig($rr, 'event', 'timezone');
+				if(! $tz)
+					$tz = 'UTC';
+
 				$events[] = array(
 					'calendar_id' => 'channel_calendar',
 					'rw' => true,
--- a/Zotlabs/Module/Changeaddr.php
+++ b/Zotlabs/Module/Changeaddr.php
@@ -1,7 +1,6 @@
 <?php
 namespace Zotlabs\Module;

-use DBA;

 class Changeaddr extends \Zotlabs\Web\Controller {

@@ -30,7 +29,7 @@ class Changeaddr extends \Zotlabs\Web\Controller {
 		if(! ($x && $x['account']))
 			return;

-		if($account['account_password_changed'] > DBA::$dba->get_null_date()) {
+		if($account['account_password_changed'] > NULL_DATE) {
 			$d1 = datetime_convert('UTC','UTC','now - 48 hours');
 			if($account['account_password_changed'] > $d1) {
 				notice( t('Channel name changes are not allowed within 48 hours of changing the account password.') . EOL);
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -85,7 +85,7 @@ class Channel extends Controller {
 			$headers = [
 				'Content-Type'     => 'application/x-zot+json',
 				'Digest'           => HTTPSig::generate_digest_header($data),
-				'Date'             => datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T')
+				'(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']
 			];

 			$h = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_url($channel));
@@ -148,14 +148,14 @@ class Channel extends Controller {
 			'rel'   => 'alternate',
 			'type'  => 'application/atom+xml',
 			'title' => t('Posts and comments'),
-			'href'  => z_root() . '/feed/' . $which . '?top=0'
+			'href'  => z_root() . '/feed/' . $which
 		]);

 		head_add_link([
 			'rel'   => 'alternate',
 			'type'  => 'application/atom+xml',
 			'title' => t('Only posts'),
-			'href'  => z_root() . '/feed/' . $which . '?top=1'
+			'href'  => z_root() . '/feed/' . $which . '?f=&top=1'
 		]);


@@ -243,7 +243,7 @@ class Channel extends Controller {
 			// search terms header
 			if ($search) {
 				$o .= replace_macros(get_markup_template("section_title.tpl"), [
-					'$title' => t('Searching for:') . ' ' . htmlspecialchars($search, ENT_COMPAT, 'UTF-8')
+					'$title' => t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT, 'UTF-8')
 				]);
 			}

@@ -266,7 +266,7 @@ class Channel extends Controller {
 					'default_location'    => (($is_owner) ? App::$profile['channel_location'] : ''),
 					'nickname'            => App::$profile['channel_address'],
 					'lockstate'           => (((strlen(App::$profile['channel_allow_cid'])) || (strlen(App::$profile['channel_allow_gid'])) || (strlen(App::$profile['channel_deny_cid'])) || (strlen(App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
-					'acl'                 => (($is_owner) ? populate_acl($channel_acl, true, PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'member/permissions') : ''),
+					'acl'                 => (($is_owner) ? populate_acl($channel_acl, true, PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''),
 					'permissions'         => $channel_acl,
 					'showacl'             => (($is_owner) ? 'yes' : ''),
 					'bang'                => '',
@@ -298,15 +298,12 @@ class Channel extends Controller {

 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
-		$sql_extra = '';
-		$permission_sql = item_permissions_sql(App::$profile['profile_uid']);
+		$sql_extra = item_permissions_sql(App::$profile['profile_uid']);

-		$page_mode = 'client';
-
-		$blog_mode = feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && !$mid;
-		if ($blog_mode) {
+		if (feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && (!$mid))
 			$page_mode = 'list';
-		}
+		else
+			$page_mode = 'client';

 		$abook_uids = " and abook.abook_channel = " . intval(App::$profile['profile_uid']) . " ";

@@ -337,8 +334,8 @@ class Channel extends Controller {
 		if (($update) && (!$load)) {

 			if ($mid) {
-				$r = q("SELECT *, parent AS item_id from item where $identifier = '%s' and uid = %d $item_normal_update
-					AND item_wall = 1 $simple_update $permission_sql $sql_extra limit 1",
+				$r = q("SELECT parent AS item_id, uuid from item where $identifier = '%s' and uid = %d $item_normal_update
+					AND item_wall = 1 $simple_update $sql_extra limit 1",
 					dbesc($mid),
 					intval(App::$profile['profile_uid'])
 				);
@@ -349,7 +346,6 @@ class Channel extends Controller {
 					WHERE uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update
 					AND (abook.abook_blocked = 0 or abook.abook_flags is null)
-					$permission_sql
 					$sql_extra
 					ORDER BY created DESC",
 					intval(App::$profile['profile_uid'])
@@ -386,8 +382,8 @@ class Channel extends Controller {

 			if ($noscript_content || $load) {
 				if ($mid) {
-					$r = q("SELECT item.parent AS item_id, item.verb from item where $identifier = '%s' and item.uid = %d $item_normal
-						AND item.item_wall = 1 $permission_sql $sql_extra limit 1",
+					$r = q("SELECT parent AS item_id, uuid from item where $identifier = '%s' and uid = %d $item_normal
+						AND item_wall = 1 $sql_extra limit 1",
 						dbesc($mid),
 						intval(App::$profile['profile_uid'])
 					);
@@ -396,18 +392,13 @@ class Channel extends Controller {
 					}
 				}
 				else {
-					$r = q("SELECT item.parent AS item_id, item.verb, $ordering FROM item
-						LEFT JOIN abook ON (item.author_xchan = abook.abook_xchan $abook_uids)
-						WHERE item.uid = %d
-						AND item.id = item.parent
+					$r = q("SELECT DISTINCT item.parent AS item_id, $ordering FROM item
+						left join abook on ( item.author_xchan = abook.abook_xchan $abook_uids )
+						WHERE true and item.uid = %d $item_normal
 						AND (abook.abook_blocked = 0 or abook.abook_flags is null)
-						AND item.item_wall = 1
-						$item_normal
-						$permission_sql
-						$sql_extra
-						$sql_extra2
-						ORDER BY $ordering DESC, item_id
-						$pager_sql",
+						AND item.item_wall = 1 AND item.item_thread_top = 1
+						$sql_extra $sql_extra2
+						ORDER BY $ordering DESC, item_id $pager_sql ",
 						intval(App::$profile['profile_uid'])
 					);
 				}
@@ -417,20 +408,19 @@ class Channel extends Controller {
 			}
 		}
 		if ($r) {
+			$parents_str = ids_to_querystr($r, 'item_id');

-			// 11.08.2025 start transition deprecated AS1 item.verb vocabulary to AS2 on demand.
-			// Keep this until we officially deprecate AS1 data.
-			AS1_to_AS2_verbs($r);
+			$r = q("SELECT item.*, item.id AS item_id
+				FROM item
+				WHERE item.uid = %d $item_normal
+				AND item.parent IN ( %s )
+				$sql_extra ",
+				intval(App::$profile['profile_uid']),
+				dbesc($parents_str)
+			);

-			$thr_parents = null;
-			if ($mid) {
-				$thr_parents = get_recursive_thr_parents($r[0]);
-			}
-
-			$items = items_by_parent_ids($r, $thr_parents, $permission_sql, $blog_mode);
-
-			xchan_query($items);
-			$items = fetch_post_tags($items, true);
+			xchan_query($r);
+			$items = fetch_post_tags($r, true);
 			$items = conv_sort($items, $ordering);

 			if ($load && $mid && (!count($items))) {
@@ -444,7 +434,10 @@ class Channel extends Controller {
 			$items = [];
 		}

-		$mode = 'channel';
+
+
+		$mode = (($search) ? 'search' : 'channel');
+

 		if ((!$update) && (!$load)) {

--- a/Zotlabs/Module/Channel_calendar.php
+++ b/Zotlabs/Module/Channel_calendar.php
@@ -3,7 +3,6 @@
 namespace Zotlabs\Module;

 use App;
-use DBA;
 use Zotlabs\Web\Controller;
 use Zotlabs\Lib\Libsync;
 use Zotlabs\Access\AccessList;
@@ -301,7 +300,7 @@ class Channel_calendar extends Controller {
 					from event left join item on item.resource_id = event.event_hash
 					where event.uid = %d and event.dtstart > '%s' and event.dtend > event.dtstart",
 					intval(local_channel()),
-					dbesc(DBA::$dba->get_null_date())
+					dbesc(NULL_DATE)
 				);
 			}
 			else {
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -7,7 +7,6 @@ namespace Zotlabs\Module;
 * Module for accessing the DAV storage area.
 */

-use App;
 use Sabre\DAV as SDAV;
 use Zotlabs\Web\Controller;
 use Zotlabs\Storage\BasicAuth;
@@ -33,20 +32,19 @@ class Cloud extends Controller {
 	 */
 	function init() {

-		if (!is_dir('store')) {
+		if (! is_dir('store'))
 			os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
-		}

 		$which = null;
-		if (argc() > 1) {
+		if (argc() > 1)
 			$which = argv(1);
-		}

 		$profile = 0;

-		if ($which) {
+		if ($which)
 			profile_load( $which, $profile);
-		}
+
+

 		$auth = new BasicAuth();

@@ -54,7 +52,7 @@ class Cloud extends Controller {

 		if ($ob_hash) {
 			if (local_channel()) {
-				$channel = App::get_channel();
+				$channel = \App::get_channel();
 				$auth->setCurrentUser($channel['channel_address']);
 				$auth->channel_account_id = $channel['channel_account_id'];
 				$auth->channel_id = $channel['channel_id'];
@@ -65,12 +63,19 @@ class Cloud extends Controller {
 			$auth->observer = $ob_hash;
 		}

-		if (!array_key_exists('cloud_sort',$_SESSION)) {
+		// if we arrived at this path with any query parameters in the url, build a clean url without
+		// them and redirect.
+
+		if(! array_key_exists('cloud_sort',$_SESSION)) {
 			$_SESSION['cloud_sort'] = 'name';
 		}

 		$_SESSION['cloud_sort'] = ((isset($_REQUEST['sort']) && $_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']);

+		$x = clean_query_string();
+		if($x !== \App::$query_string)
+			goaway(z_root() . '/' . $x);
+
 		$rootDirectory = new Directory('/', [], $auth);

 		// A SabreDAV server-object
@@ -93,6 +98,7 @@ class Cloud extends Controller {
 		//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
 		//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));

+
 		// over-ride the default XML output on thrown exceptions
 		$server->on('exception', [ $this, 'DAVException' ]);

@@ -100,9 +106,8 @@ class Cloud extends Controller {

 		$server->start();

-		if ($browser->build_page) {
+		if($browser->build_page)
 			construct_page();
-		}

 		killme();
 	}
@@ -111,16 +116,16 @@ class Cloud extends Controller {
 	function DAVException($err) {

 		if($err instanceof \Sabre\DAV\Exception\NotFound) {
-			App::$page['content'] = '<h2>404 Not found</h2>';
+			\App::$page['content'] = '<h2>404 Not found</h2>';
 		}
 		elseif($err instanceof \Sabre\DAV\Exception\Forbidden) {
-			App::$page['content'] = '<h2>403 Forbidden</h2>';
+			\App::$page['content'] = '<h2>403 Forbidden</h2>';
 		}
 		elseif($err instanceof \Sabre\DAV\Exception\NotImplemented) {
-			goaway(z_root() . '/' . App::$query_string);
+			goaway(z_root() . '/' . \App::$query_string);
 		}
 		else {
-			App::$page['content'] = '<h2>Unknown error</h2>';
+			\App::$page['content'] = '<h2>Unknown error</h2>';
 		}

 		construct_page();
--- a/Zotlabs/Module/Conversation.php
+++ b/Zotlabs/Module/Conversation.php
@@ -30,7 +30,7 @@ class Conversation extends Controller {
 				dbesc(ACTIVITY_UNFOLLOW)
 			);

-			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";

 			$i = null;

@@ -83,9 +83,9 @@ class Conversation extends Controller {
 			// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
 			// with a bias towards those items owned by channels on this site (item_wall = 1)

-			if (!$i) {
-				$sql_extra = item_permissions_sql(0);
+			$sql_extra = item_permissions_sql(0);

+			if (!$i) {
 				$i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
 					dbesc($r[0]['parent_mid'])
 				);
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -10,7 +10,6 @@ namespace Zotlabs\Module;

 use Sabre\DAV as SDAV;
 use Zotlabs\Lib\Libzot;
-use Zotlabs\Lib\Config;
 use Zotlabs\Storage;
 use Zotlabs\Web\HTTPSig;

@@ -107,16 +106,20 @@ class Dav extends \Zotlabs\Web\Controller {
 		// A SabreDAV server-object
 		$server = new SDAV\Server($rootDirectory);

+
 		$authPlugin = new \Sabre\DAV\Auth\Plugin($auth);
 		$server->addPlugin($authPlugin);

+
 		// prevent overwriting changes each other with a lock backend
 		$lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
 		$lockPlugin = new SDAV\Locks\Plugin($lockBackend);

 		$server->addPlugin($lockPlugin);

-		$server->enablePropfindDepthInfinity = Config::Get('system', 'propfind_depth_infinity', false);
+		// provide a directory view for the cloud in Hubzilla
+		$browser = new \Zotlabs\Storage\Browser($auth);
+		$auth->setBrowserPlugin($browser);

 		// Experimental QuotaPlugin
 		// $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
--- a/Zotlabs/Module/Dirsearch.php
+++ b/Zotlabs/Module/Dirsearch.php
@@ -2,7 +2,6 @@
 namespace Zotlabs\Module;

 use App;
-use DBA;
 use Zotlabs\Lib\Config;
 use Zotlabs\Web\Controller;

@@ -233,7 +232,7 @@ class Dirsearch extends Controller {
 			$spkt = array('transactions' => array());

 			$r = q("SELECT * FROM updates WHERE ud_update = 0 AND ud_last = '%s' AND ud_date >= '%s' ORDER BY ud_date DESC",
-				dbesc(DBA::$dba->get_null_date()),
+				dbesc(NULL_DATE),
 				dbesc($sync)
 			);

--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -81,7 +81,7 @@ class Display extends Controller {
 				'default_location'    => $channel['channel_location'],
 				'nickname'            => $channel['channel_address'],
 				'lockstate'           => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-				'acl'                 => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'member/permissions'),
+				'acl'                 => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'),
 				'permissions'         => $channel_acl,
 				'bang'                => '',
 				'visitor'             => true,
@@ -212,7 +212,7 @@ class Display extends Controller {
 		$observer_hash = get_observer_hash();
 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
-		$permission_sql = '';
+		$sql_extra = '';
 		$r = [];

 		if($noscript_content || $load) {
@@ -231,7 +231,7 @@ class Display extends Controller {
 			}

 			if(!$r) {
-				$permission_sql = item_permissions_sql(0, $observer_hash);
+				$sql_extra = item_permissions_sql(0, $observer_hash);

 				$r = q("SELECT item.id AS item_id FROM item
 					WHERE ((mid = '%s'
@@ -239,7 +239,7 @@ class Display extends Controller {
 					AND item.deny_gid  = '' AND item_private = 0 )
 					AND uid IN ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 					OR uid = %d ))) OR
-					(mid = '%s' $permission_sql ))
+					(mid = '%s' $sql_extra ))
 					$item_normal
 					limit 1",
 					dbesc($target_item['parent_mid']),
@@ -269,7 +269,7 @@ class Display extends Controller {
 			}

 			if(!$r) {
-				$permission_sql = item_permissions_sql(0, $observer_hash);
+				$sql_extra = item_permissions_sql(0, $observer_hash);

 				$r = q("SELECT item.id as item_id from item
 					WHERE ((parent_mid = '%s'
@@ -277,7 +277,7 @@ class Display extends Controller {
 					AND item.deny_gid  = '' AND item_private = 0 )
 					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 					OR uid = %d ))) OR
-					(parent_mid = '%s' $permission_sql ))
+					(parent_mid = '%s' $sql_extra ))
 					$item_normal
 					limit 1",
 					dbesc($target_item['parent_mid']),
@@ -288,12 +288,17 @@ class Display extends Controller {
 		}

 		if($r) {
-			$thr_parents = get_recursive_thr_parents($target_item);
-			$items = items_by_parent_ids($r, $thr_parents, $permission_sql);
-
-			xchan_query($items);
-			$items = fetch_post_tags($items,true);
-			$items = conv_sort($items,'created');
+			$parents_str = ids_to_querystr($r,'item_id');
+			if($parents_str) {
+				$items = q("SELECT item.*, item.id AS item_id
+					FROM item
+					WHERE parent in ( %s ) $sql_extra $item_normal ",
+					dbesc($parents_str)
+				);
+				xchan_query($items);
+				$items = fetch_post_tags($items,true);
+				$items = conv_sort($items,'created');
+			}
 		}
 		else {
 			$items = array();
--- a/Zotlabs/Module/Dreport.php
+++ b/Zotlabs/Module/Dreport.php
@@ -61,10 +61,12 @@ class Dreport extends \Zotlabs\Web\Controller {
 			return;
 		}

-		$r = q("select * from dreport where dreport_xchan = '%s' and (dreport_mid = '%s' or dreport_mid = '%s')",
+		$r = q("select * from dreport where dreport_xchan = '%s' and (dreport_mid = '%s' or dreport_mid = '%s' or dreport_mid = '%s' or dreport_mid = '%s')",
 			dbesc($channel['channel_hash']),
 			dbesc($mid),
-			dbesc(str_replace('/item/', '/activity/', $mid))
+			dbesc($mid . '#sync'),
+			dbesc(str_replace('/item/', '/activity/', $mid)),
+			dbesc(str_replace('/item/', '/activity/', $mid) . '#sync')
 		);

 		if(! $r) {
--- a/Zotlabs/Module/Editblock.php
+++ b/Zotlabs/Module/Editblock.php
@@ -122,10 +122,10 @@ class Editblock extends \Zotlabs\Web\Controller {
 			'ptyp' => $itm[0]['type'],
 			'mimeselect' => true,
 			'mimetype' => $itm[0]['mimetype'],
-			'body' => htmlspecialchars_decode(undo_post_tagging($content), ENT_COMPAT),
+			'body' => undo_post_tagging($content),
 			'post_id' => $post_id,
 			'visitor' => true,
-			'title' => htmlspecialchars_decode($itm[0]['title'], ENT_COMPAT),
+			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
 			'placeholdertitle' => t('Title (optional)'),
 			'pagetitle' => $block_title,
 			'profile_uid' => (intval($channel['channel_id'])),
--- a/Zotlabs/Module/Editlayout.php
+++ b/Zotlabs/Module/Editlayout.php
@@ -121,9 +121,9 @@ class Editlayout extends \Zotlabs\Web\Controller {
 			'hide_preview' => true,
 			'disable_comments' => true,
 			'ptyp' => $itm[0]['obj_type'],
-			'body' => htmlspecialchars_decode(undo_post_tagging($itm[0]['body']), ENT_COMPAT),
+			'body' => undo_post_tagging($itm[0]['body']),
 			'post_id' => $post_id,
-			'title' => htmlspecialchars_decode($itm[0]['title'], ENT_COMPAT),
+			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
 			'pagetitle' => $layout_title,
 			'ptlabel' => t('Layout Name'),
 			'placeholdertitle' => t('Layout Description (Optional)'),
--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -144,7 +144,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			'hide_location' => true,
 			'hide_voting' => true,
 			'ptyp' => $itm[0]['type'],
-			'body' => htmlspecialchars_decode(undo_post_tagging($content), ENT_COMPAT),
+			'body' => undo_post_tagging($content),
 			'post_id' => $post_id,
 			'visitor' => ($is_owner) ? true : false,
 			'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')),
@@ -154,7 +154,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			'mimeselect' => true,
 			'layout' => $layout,
 			'layoutselect' => true,
-			'title' => htmlspecialchars_decode($itm[0]['title'], ENT_COMPAT),
+			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
 			'lockstate' => (((strlen($itm[0]['allow_cid'])) || (strlen($itm[0]['allow_gid'])) || (strlen($itm[0]['deny_cid'])) || (strlen($itm[0]['deny_gid']))) ? 'lock' : 'unlock'),
 			'profile_uid' => (intval($owner)),
 			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
--- a/Zotlabs/Module/Embed.php
+++ b/Zotlabs/Module/Embed.php
@@ -0,0 +1,22 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once('include/security.php');
+require_once('include/bbcode.php');
+
+
+class Embed extends \Zotlabs\Web\Controller {
+
+	function init() {
+	
+		$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
+	
+		if(! $post_id)
+			killme();
+	
+		echo '[share=' . $post_id . '][/share]';
+		killme();
+
+	}
+	
+}
--- a/Zotlabs/Module/Embedphotos.php
+++ b/Zotlabs/Module/Embedphotos.php
@@ -43,7 +43,7 @@ class Embedphotos extends \Zotlabs\Web\Controller {
 			$arr = explode('/', $href);
 			$resource_id = array_pop($arr);
 			$x = self::photolink($resource_id);
-			if($x)
+			if($x) 
 				json_return_and_die(array('status' => true, 'photolink' => $x, 'resource_id' => $resource_id));
 			json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
 		}
@@ -55,7 +55,7 @@ class Embedphotos extends \Zotlabs\Web\Controller {
 		$output = EMPTY_STR;
 		if($channel) {
 			$resolution = ((feature_enabled($channel['channel_id'],'large_photos')) ? 1 : 2);
-			$r = q("select mimetype, filename from photo where resource_id = '%s' and $resolution = %d and uid = %d limit 1",
+			$r = q("select mimetype, height, width from photo where resource_id = '%s' and $resolution = %d and uid = %d limit 1",
 				dbesc($resource),
 				intval($resolution),
 				intval($channel['channel_id'])
@@ -63,8 +63,6 @@ class Embedphotos extends \Zotlabs\Web\Controller {
 			if(! $r)
 				return $output;

-			$filename = $r[0]['filename'];
-
 			if($r[0]['mimetype'] === 'image/jpeg')
 				$ext = '.jpg';
 			elseif($r[0]['mimetype'] === 'image/png')
@@ -77,7 +75,7 @@ class Embedphotos extends \Zotlabs\Web\Controller {
 				$ext = EMPTY_STR;

 			$output = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $resource . ']' .
-				'[zmg=' . z_root() . '/photo/' . $resource . '-' . $resolution .  $ext . ']' . $filename . '[/zmg][/zrl]' . "\r\n";
+				'[zmg=' . $r[0]['width'] . 'x' . $r[0]['height'] . ']' . z_root() . '/photo/' . $resource . '-' . $resolution .  $ext . '[/zmg][/zrl]';

 			return $output;
 		}
--- a/Zotlabs/Module/Feed.php
+++ b/Zotlabs/Module/Feed.php
@@ -2,47 +2,49 @@

 namespace Zotlabs\Module;

-use DBA;
-use Zotlabs\Lib\PConfig;
-use Zotlabs\Web\Controller;

-class Feed extends Controller {
+require_once('include/items.php');
+
+class Feed extends \Zotlabs\Web\Controller {

 	function init() {
-		if (argc() < 2) {
-			killme();
-		}
+	
+		$params = [];
+	
+		$params['begin']     = ((x($_REQUEST,'date_begin')) ? $_REQUEST['date_begin']       : NULL_DATE);
+		$params['end']       = ((x($_REQUEST,'date_end'))   ? $_REQUEST['date_end']         : '');
+		$params['type']      = ((stristr(argv(0),'json'))   ? 'json'                        : 'xml');
+		$params['pages']     = ((x($_REQUEST,'pages'))      ? intval($_REQUEST['pages'])    : 0);
+		$params['top']       = ((x($_REQUEST,'top'))        ? intval($_REQUEST['top'])      : 0);
+		$params['start']     = ((x($_REQUEST,'start'))      ? intval($_REQUEST['start'])      : 0);
+		$params['records']   = ((x($_REQUEST,'records'))    ? intval($_REQUEST['records'])    : 10);
+		$params['direction'] = ((x($_REQUEST,'direction'))  ? dbesc($_REQUEST['direction'])   : 'desc');
+		$params['cat']       = ((x($_REQUEST,'cat'))        ? escape_tags($_REQUEST['cat']) : '');
+		$params['compat']    = ((x($_REQUEST,'compat'))     ? intval($_REQUEST['compat'])   : 0);	

-		if (observer_prohibited(true)) {
-			killme();
-		}
-
-		$channel = channelx_by_nick(argv(1));
-		if (!$channel) {
-			killme();
-		}
-
-		$params['begin'] = $_REQUEST['date_begin'] ?? DBA::$dba->get_null_date();
-		$params['end'] = $_REQUEST['date_end'] ?? '';
-		$params['type'] = 'xml';
-		$params['pages'] = ((!empty($_REQUEST['pages'])) ? intval($_REQUEST['pages']) : 0);
-		$params['top'] = ((array_key_exists('top', $_REQUEST)) ? intval($_REQUEST['top']) : PConfig::Get($channel['channel_id'], 'system', 'channel_simple_feed', 1));
-		$params['start'] = ((!empty($_REQUEST['start'])) ? intval($_REQUEST['start']) : 0);
-		$params['records'] = ((!empty($_REQUEST['records'])) ? intval($_REQUEST['records']) : 10);
-		$params['cat'] = ((!empty($_REQUEST['cat'])) ? escape_tags($_REQUEST['cat']) : '');
-		$params['compat'] = ((!empty($_REQUEST['compat'])) ? intval($_REQUEST['compat']) : 0);
-		$params['direction'] = ((!empty($_REQUEST['direction'])) ? dbesc($_REQUEST['direction']) : 'desc');
-
-		if (!in_array($params['direction'], ['asc', 'desc'])) {
+		if(! in_array($params['direction'],['asc','desc'])) {
 			$params['direction'] = 'desc';
 		}

-		logger('public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
+		if(argc() > 1) {

-		echo get_public_feed($channel, $params);
-
-		killme();
+			if(observer_prohibited(true)) {
+				killme();
+			}

+			$channel = channelx_by_nick(argv(1));
+			if(! $channel) {
+				killme();
+			}
+	
+	 
+			logger('public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
+	
+			echo get_public_feed($channel,$params);
+	
+			killme();
+		}
+	
 	}
-
+	
 }
--- a/Zotlabs/Module/File_upload.php
+++ b/Zotlabs/Module/File_upload.php
@@ -11,42 +11,39 @@ require_once('include/photos.php');
 class File_upload extends \Zotlabs\Web\Controller {

 	function post() {
-		logger('file upload: ' . print_r($_POST,true));
+		logger('file upload: ' . print_r($_REQUEST,true));
 		logger('file upload: ' . print_r($_FILES,true));

-		$channel = (($_POST['channick']) ? channelx_by_nick($_POST['channick']) : null);
+		$channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null);

-		if (!$channel) {
+		if(! $channel) {
 			logger('channel not found');
-			is_ajax() ? killme() : goaway(z_root() . '/' . $_POST['return_url']);
+			killme();
 		}

-		$_POST['source'] = 'file_upload';
+		$_REQUEST['source'] = 'file_upload';

 		if($channel['channel_id'] != local_channel()) {
-			$_POST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
-			$_POST['group_allow']   = expand_acl($channel['channel_allow_gid']);
-			$_POST['contact_deny']  = expand_acl($channel['channel_deny_cid']);
-			$_POST['group_deny']    = expand_acl($channel['channel_deny_gid']);
+			$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
+			$_REQUEST['group_allow']   = expand_acl($channel['channel_allow_gid']);
+			$_REQUEST['contact_deny']  = expand_acl($channel['channel_deny_cid']);
+			$_REQUEST['group_deny']    = expand_acl($channel['channel_deny_gid']);
 		}

-		$_POST['allow_cid'] = ((isset($_POST['contact_allow'])) ? perms2str($_POST['contact_allow']) : '');
-		$_POST['allow_gid'] = ((isset($_POST['group_allow'])) ? perms2str($_POST['group_allow']) : '');
-		$_POST['deny_cid']  = ((isset($_POST['contact_deny'])) ? perms2str($_POST['contact_deny']) : '');
-		$_POST['deny_gid']  = ((isset($_POST['group_deny'])) ? perms2str($_POST['group_deny']) : '');
+		$_REQUEST['allow_cid'] = ((isset($_REQUEST['contact_allow'])) ? perms2str($_REQUEST['contact_allow']) : '');
+		$_REQUEST['allow_gid'] = ((isset($_REQUEST['group_allow'])) ? perms2str($_REQUEST['group_allow']) : '');
+		$_REQUEST['deny_cid']  = ((isset($_REQUEST['contact_deny'])) ? perms2str($_REQUEST['contact_deny']) : '');
+		$_REQUEST['deny_gid']  = ((isset($_REQUEST['group_deny'])) ? perms2str($_REQUEST['group_deny']) : '');

-		if(isset($_POST['filename']) && strlen($_POST['filename'])) {
-			$r = attach_mkdir($channel, get_observer_hash(), $_POST);
-
-			if (!$r['success']) {
-				notice($r['message'] . EOL);
-				is_ajax() ? killme() : goaway(z_root() . '/' . $_POST['return_url']);
-			}
-
-			$hash = $r['data']['hash'];
-			$sync = attach_export_data($channel,$hash);
-			if ($sync) {
-				Libsync::build_sync_packet($channel['channel_id'], ['file' => [$sync]]);
+		if(isset($_REQUEST['filename']) && strlen($_REQUEST['filename'])) {
+			$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
+			if($r['success']) {
+				$hash = $r['data']['hash'];
+				$sync = attach_export_data($channel,$hash);
+				if($sync) {
+					Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+				}
+				goaway(z_root() . '/' . $_REQUEST['return_url']);
 			}
 		}
 		else {
@@ -93,19 +90,19 @@ class File_upload extends \Zotlabs\Web\Controller {
 				}
 			}

-			$r = attach_store($channel, get_observer_hash(), '', $_POST);
-			if (!$r['success']) {
-				notice($r['message'] . EOL);
-				is_ajax() ? killme() : goaway(z_root() . '/' . $_POST['return_url']);
-			}
+			$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
+			if($r['success']) {
+				$sync = attach_export_data($channel,$r['data']['hash']);
+				if($sync)
+					Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));

-			$sync = attach_export_data($channel,$r['data']['hash']);
-			if ($sync) {
-				Libsync::build_sync_packet($channel['channel_id'], ['file' => [$sync]]);
 			}
 		}

-		is_ajax() ? killme() : goaway(z_root() . '/' . $_POST['return_url']);
+		if(is_ajax())
+			killme();
+
+		goaway(z_root() . '/' . $_REQUEST['return_url']);

 	}

--- a/Zotlabs/Module/Follow.php
+++ b/Zotlabs/Module/Follow.php
@@ -53,14 +53,7 @@ class Follow extends Controller {
 		}

 		$uid = local_channel();
-		$url = notags(trim($_REQUEST['url']));
-
-		$parsed = parse_url($url);
-		if (isset($parsed['host'])) {
-			$parsed['host'] = punify($parsed['host']);
-			$url = unparse_url($parsed);
-		}
-
+		$url = notags(punify(trim($_REQUEST['url'])));
 		$return_url = $_SESSION['return_url'];
 		$interactive = $_REQUEST['interactive'] ?? 1;
 		$channel = App::get_channel();
--- a/Zotlabs/Module/Help.php
+++ b/Zotlabs/Module/Help.php
@@ -30,7 +30,7 @@ class Help extends \Zotlabs\Web\Controller {
 		$this->determine_help_language();

 		if (empty($_REQUEST['search']) && argc() === 1) {
-			goaway("/help/about");
+			goaway("/help/about/about");
 			killme();
 		}
 	}
@@ -85,7 +85,7 @@ class Help extends \Zotlabs\Web\Controller {
 		}


-		if(argc() > 2 && argv(argc()-2) === 'pic') {
+		if(argc() > 2 && argv(argc()-2) === 'assets') {
 			$path = '';
 			for($x = 1; $x < argc(); $x ++) {
 				if(strlen($path))
--- a/Zotlabs/Module/Home.php
+++ b/Zotlabs/Module/Home.php
@@ -24,13 +24,9 @@ class Home extends Controller {
 			$key = Config::Get('system', 'prvkey');
 			$ret = json_encode(Libzot::site_info());

-			$headers = [
-				'Content-Type' => 'application/x-zot+json',
-				'Digest' => HTTPSig::generate_digest_header($ret),
-				'Date' => datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T')
-			];
-
-			$h = HTTPSig::create_sig($headers, $key, z_root());
+			$headers                     = ['Content-Type' => 'application/x-zot+json', 'Digest' => HTTPSig::generate_digest_header($ret)];
+			$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
+			$h                           = HTTPSig::create_sig($headers, $key, z_root());
 			HTTPSig::set_headers($h);

 			echo $ret;
@@ -72,9 +68,9 @@ class Home extends Controller {

 		$o = '';

-		if (isset($_SESSION['theme']))
+		if (x($_SESSION, 'theme'))
 			unset($_SESSION['theme']);
-		if (isset($_SESSION['mobile_theme']))
+		if (x($_SESSION, 'mobile_theme'))
 			unset($_SESSION['mobile_theme']);

 		$splash = ((argc() > 1 && argv(1) === 'splash') ? true : false);
@@ -104,15 +100,15 @@ class Home extends Controller {
 			goaway($frontpage);
 		}

-		$sitename = Config::Get('system', 'sitename', 'Hubzilla');
-		$welcome = sprintf(t('Welcome to %s'), $sitename);
-		$login_on_homepage = Config::Get('system', 'login_on_homepage');
+		$sitename = Config::Get('system', 'sitename');
+		if ($sitename)
+			$o .= '<h1 class="home-welcome">' . sprintf(t('Welcome to %s'), $sitename) . '</h1>';

-		$tpl = get_markup_template('home.tpl');
-		return replace_macros($tpl, [
-			'welcome' => $welcome,
-			'loginbox' => $login_on_homepage ? login(true) : false,
-		]);
+		$loginbox = Config::Get('system', 'login_on_homepage');
+		if (intval($loginbox) || $loginbox === false)
+			$o .= login(true);
+
+		return $o;

 	}

--- a/Zotlabs/Module/Hq.php
+++ b/Zotlabs/Module/Hq.php
@@ -3,7 +3,6 @@ namespace Zotlabs\Module;

 use App;
 use Zotlabs\Widget\Messages;
-use Zotlabs\Lib\Config;

 class Hq extends \Zotlabs\Web\Controller {

@@ -51,18 +50,14 @@ class Hq extends \Zotlabs\Web\Controller {
 			// select the target item with a bias to our own item
 			$sql_order = ((local_channel() > $sys['channel_id']) ? 'DESC' : 'ASC');

-			$r = q("select id, uid, mid, parent, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where uid in (%d, %d) and $identifier = '%s' order by uid $sql_order limit 2",
+			$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where uid in (%d, %d) and $identifier = '%s' order by uid $sql_order limit 2",
 				intval(local_channel()),
 				intval($sys['channel_id']),
 				dbesc($item_hash)
 			);

-
 			if($r) {
 				$target_item = $r[0];
-
-				call_hooks('item_custom_display', $target_item);
-
 				if (intval($target_item['uid']) === intval($sys['channel_id'])) {
 					$sys_item = true;
 				}
@@ -91,7 +86,7 @@ class Hq extends \Zotlabs\Web\Controller {
 				'default_location'    => $channel['channel_location'],
 				'nickname'            => $channel['channel_address'],
 				'lockstate'           => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-				'acl'                 => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'member/permissions'),
+				'acl'                 => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'),
 				'permissions'         => $channel_acl,
 				'bang'                => '',
 				'visitor'             => true,
@@ -134,7 +129,7 @@ class Hq extends \Zotlabs\Web\Controller {
 				'$nouveau' => '0',
 				'$wall'    => '0',
 				'$page'    => '1',
-				'$list'    => ((!empty($_REQUEST['list'])) ? intval($_REQUEST['list']) : 0),
+				'$list'    => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$search'  => '',
 				'$xchan'   => '',
 				'$order'   => '',
@@ -150,6 +145,7 @@ class Hq extends \Zotlabs\Web\Controller {
 		}

 		if($load && $target_item) {
+
 			if (!$sys_item) {
 				$r = q("SELECT item.id AS item_id FROM item
 					WHERE uid = %d
@@ -203,8 +199,11 @@ class Hq extends \Zotlabs\Web\Controller {
 		}

 		if($r) {
-			$thr_parents = get_recursive_thr_parents($target_item);
-			$items = items_by_parent_ids($r, $thr_parents);
+			$items = q("SELECT item.*, item.id AS item_id
+				FROM item
+				WHERE parent = '%s' $item_normal $sql_extra",
+				dbesc($r[0]['item_id'])
+			);

 			xchan_query($items,true,(($sys_item) ? local_channel() : 0));
 			$items = fetch_post_tags($items,true);
--- a/Zotlabs/Module/Id.php
+++ b/Zotlabs/Module/Id.php
@@ -6,8 +6,8 @@ namespace Zotlabs\Module;
 *
 * Controller for responding to x-zot: protocol requests
 * x-zot:_jkfRG85nJ-714zn-LW_VbTFW8jSjGAhAydOcJzHxqHkvEHWG2E0RbA_pbch-h4R63RG1YJZifaNzgccoLa3MQ/453c1678-1a79-4af7-ab65-6b012f6cab77
- *
- */
+ *  
+ */  

 use Zotlabs\Lib\Activity;
 use Zotlabs\Lib\ActivityStreams;
@@ -104,7 +104,7 @@ class Id extends Controller {
 			$headers['Content-Type'] = 'application/x-zot+json' ;
 			$ret = json_encode($x, JSON_UNESCAPED_SLASHES);
 			$headers['Digest'] = HTTPSig::generate_digest_header($ret);
-			$headers['Date'] = datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T');
+			$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
 			$h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],channel_url($chan));
 			HTTPSig::set_headers($h);
 			echo $ret;
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -7,7 +7,6 @@ require_once('include/import.php');
 require_once('include/perm_upgrade.php');

 use App;
-use DBA;
 use URLify;
 use Zotlabs\Daemon\Master;
 use Zotlabs\Lib\Config;
@@ -332,7 +331,7 @@ class Import extends Controller {
 				else {
 					$photos = import_xchan_photo($xchan['xchan_photo_l'], $xchan['xchan_hash']);
 					if ($photos[4])
-						$photodate = DBA::$dba->get_null_date();
+						$photodate = NULL_DATE;
 					else
 						$photodate = $xchan['xchan_photo_date'];

--- a/Zotlabs/Module/Invite.php
+++ b/Zotlabs/Module/Invite.php
@@ -310,9 +310,9 @@ class Invite extends Controller {

 	function get() {

-		$channel_id = local_channel();
+		// zai1

-		if ($channel_id === false || $channel_id < 1) {
+		if(! local_channel()) {
 			notice( 'ZAI0101E,' . t('Permission denied.') . EOL);
 			return;
 		}
@@ -330,15 +330,15 @@ class Invite extends Controller {
 			return $o;
 		}

-		$ihave = $this->count_invites_by_user($channel_id);
+		// invitation_by_user may still not configured, the default 'na' will tell this
+		// if configured, 0 disables invitations by users, other numbers are how many invites a user may propagate
+		$invuser = Config::Get('system','invitation_by_user', 'na');

-		if (is_site_admin()) {
-			// Admins have unlimited invites
-			$invuser = '∞';
-		} else {
-			// invitation_by_user may still not configured, the default 'na' will tell this
-			// if configured, 0 disables invitations by users, other numbers are how many invites a user may propagate
-			$invuser = Config::Get('system','invitation_by_user', 4);
+		// if the mortal user drives the invitation
+		If (! is_site_admin()) {
+
+			// when not configured, 4 is the default
+			$invuser = ($invuser === 'na') ? 4 : $invuser;

 			// a config value 0 disables invitation by users
 			if (!$invuser) {
@@ -350,6 +350,12 @@ class Invite extends Controller {
 				notice( 'ZAI0105W,' . t('You have no more invitations available') . EOL);
 				return '';
 			}
+
+		} else {
+			// general deity admin invite limit infinite (theoretical)
+			if ($invuser === 'na') Config::Set('system','invitation_by_user', 4);
+			// for display only
+			$invuser = '∞';
 		}

 		// xchan record of the page observer
@@ -388,6 +394,17 @@ class Invite extends Controller {
 			}
 		}

+		if ($wehave > $invmaxau) {
+			if (! is_site_admin()) {
+				$feedbk .= 'ZAI0200E,' . t('All users invitation limit exceeded.') . $eol;
+			}
+		}
+
+		// let see how many invites currently used by the user
+		$r = q("SELECT count(reg_id) AS n FROM register WHERE reg_vital = 1 AND reg_byc = %d",
+			 intval(local_channel()));
+		$ihave = $r ? $r[0]['n'] : 0;
+
 		$tpl = get_markup_template('invite.tpl');

 		$inv_rabots = array(
@@ -403,11 +420,11 @@ class Invite extends Controller {
 			 	'field' => 	array(
 			 		'name'  => 'expire',
 			 		'title' => t('duration up from now'),
-			 		'value' => 2,
+			 		'value' => ($invexpire_n ? $invexpire_n : 2),
 			 		'min'  => '1',
 			 		'max'  => '99',
 			 		'size' => '2',
-					'default' => 'd',
+					'default' => ($invexpire_u ? $invexpire_u : 'd')
 			 	),
 			 	'rabot'	=> 	$inv_rabots
 			 )
@@ -566,18 +583,5 @@ class Invite extends Controller {
 		}
 		return false;
 	}
-
-	/**
-	 * Find how many invites the given channel is currently using.
-	 *
-	 * @param int $channel_id		The id of the channel
-	 *
-	 * @return int	Number of invites this channel is currently using.
-	 */
-	private function count_invites_by_user(int $channel): int {
-		$r = q("SELECT count(reg_id) AS n FROM register WHERE reg_vital = 1 AND reg_byc = %d", $channel);
-
-		return $r ? $r[0]['n'] : 0;
-	}
 }

--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -3,7 +3,6 @@
 namespace Zotlabs\Module;

 use App;
-use DBA;
 use URLify;
 use Zotlabs\Lib\Config;
 use Zotlabs\Lib\IConfig;
@@ -18,7 +17,6 @@ use Zotlabs\Lib\Libzot;
 use Zotlabs\Lib\Libsync;
 use Zotlabs\Lib\ThreadListener;
 use Zotlabs\Access\PermissionRoles;
-use Zotlabs\Lib\ObjCache;

 require_once('include/crypto.php');
 require_once('include/items.php');
@@ -55,12 +53,12 @@ class Item extends Controller {


 		if (argc() > 1 && argv(1) !== 'drop') {
-			$x = q("select uid, item_wall, item_type, llink, uuid from item where uuid = '%s' order by item_wall desc",
+			$x = q("select uid, item_wall, llink, uuid from item where uuid = '%s' order by item_wall desc",
 				dbesc(argv(1))
 			);

 			if ($x) {
-				if ($x[0]['item_wall'] && $x[0]['item_type'] === ITEM_TYPE_POST) {
+				if ($x[0]['item_wall']) {
 					$c = channelx_by_n($x[0]['uid']);
 					if ($c) {
 						goaway(z_root() . '/channel/' . $c['channel_address'] . '?mid=' . $x[0]['uuid']);
@@ -80,7 +78,7 @@ class Item extends Controller {
 		// This will change. Figure out who the observer is and whether or not
 		// they have permission to post here. Else ignore the post.

-		if ((!local_channel()) && (!remote_channel()) && (empty($_POST['anonname'])))
+		if ((!local_channel()) && (!remote_channel()) && (!x($_REQUEST, 'anonname')))
 			return;

 		$uid = local_channel();
@@ -109,13 +107,12 @@ class Item extends Controller {
 		 * Is this a reply to something?
 		 */

-		$parent     = ((!empty($_POST['parent'])) ? intval($_POST['parent']) : 0);
-		$thr_parent_id = $parent;
-		$parent_mid = ((!empty($_POST['parent_mid'])) ? trim($_POST['parent_mid']) : '');
-		$mode       = ((isset($_POST['conv_mode']) && $_POST['conv_mode'] === 'channel') ? 'channel' : 'network');
+		$parent     = ((x($_REQUEST, 'parent')) ? intval($_REQUEST['parent']) : 0);
+		$parent_mid = ((x($_REQUEST, 'parent_mid')) ? trim($_REQUEST['parent_mid']) : '');
+		$mode       = ((isset($_REQUEST['conv_mode']) && $_REQUEST['conv_mode'] === 'channel') ? 'channel' : 'network');

-		$remote_xchan = ((!empty($_POST['remote_xchan'])) ? trim($_POST['remote_xchan']) : false);
-		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+		$remote_xchan = ((x($_REQUEST, 'remote_xchan')) ? trim($_REQUEST['remote_xchan']) : false);
+		$r            = q("select * from xchan where xchan_hash = '%s' limit 1",
 			dbesc($remote_xchan)
 		);
 		if ($r)
@@ -123,7 +120,7 @@ class Item extends Controller {
 		else
 			$remote_xchan = $remote_observer = false;

-		$profile_uid = ((!empty($_POST['profile_uid'])) ? intval($_POST['profile_uid']) : 0);
+		$profile_uid = ((x($_REQUEST, 'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0);
 		require_once('include/channel.php');

 		$sys = get_sys_channel();
@@ -133,25 +130,25 @@ class Item extends Controller {
 			$observer = $sys;
 		}

-		if (!empty($_POST['dropitems'])) {
+		if (x($_REQUEST, 'dropitems')) {
 			require_once('include/items.php');
-			$arr_drop = explode(',', $_POST['dropitems']);
+			$arr_drop = explode(',', $_REQUEST['dropitems']);
 			drop_items($arr_drop);
 			$json = ['success' => 1];
 			echo json_encode($json);
 			killme();
 		}

-		call_hooks('post_local_start', $_POST);
+		call_hooks('post_local_start', $_REQUEST);

-		// logger('postvars ' . print_r($_POST,true), LOGGER_DATA);
+		// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);

-		$api_source = ((!empty($_POST['api_source'])) ? true : false);
+		$api_source = ((x($_REQUEST, 'api_source') && $_REQUEST['api_source']) ? true : false);

-		$consensus = $_POST['consensus'] ?? 0;
-		$nocomment = $_POST['nocomment'] ?? 0;
+		$consensus = $_REQUEST['consensus'] ?? 0;
+		$nocomment = $_REQUEST['nocomment'] ?? 0;

-		$is_poll = ((isset($_POST['poll_answers'][0]) && $_POST['poll_answers'][0]) && (isset($_POST['poll_answers'][1]) && $_POST['poll_answers'][1]));
+		$is_poll = ((isset($_REQUEST['poll_answers'][0]) && $_REQUEST['poll_answers'][0]) && (isset($_REQUEST['poll_answers'][1]) && $_REQUEST['poll_answers'][1]));

 		// 'origin' (if non-zero) indicates that this network is where the message originated,
 		// for the purpose of relaying comments to other conversation members.
@@ -162,44 +159,43 @@ class Item extends Controller {

 		// If you are unsure, it is prudent (and important) to leave it unset.

-		$origin = (($api_source && array_key_exists('origin', $_POST)) ? intval($_REQU_POSTEST['origin']) : 1);
+		$origin = (($api_source && array_key_exists('origin', $_REQUEST)) ? intval($_REQUEST['origin']) : 1);

 		// To represent message-ids on other networks - this will create an iconfig record

-		$namespace = (($api_source && array_key_exists('namespace', $_POST)) ? strip_tags($_POST['namespace']) : '');
-		$remote_id = (($api_source && array_key_exists('remote_id', $_POST)) ? strip_tags($_POST['remote_id']) : '');
+		$namespace = (($api_source && array_key_exists('namespace', $_REQUEST)) ? strip_tags($_REQUEST['namespace']) : '');
+		$remote_id = (($api_source && array_key_exists('remote_id', $_REQUEST)) ? strip_tags($_REQUEST['remote_id']) : '');

 		$owner_hash = null;

-		$message_id    = ((!empty($_POST['message_id']) && $api_source) ? strip_tags($_POST['message_id']) : null);
-		$created       = ((!empty($_POST['created'])) ? datetime_convert(date_default_timezone_get(), 'UTC', $_POST['created']) : datetime_convert());
-		$post_id       = ((!empty($_POST['post_id'])) ? intval($_POST['post_id']) : 0);
-		$app           = ((!empty($_POST['source'])) ? strip_tags($_POST['source']) : '');
-		$return_path   = ((!empty($_POST['return'])) ? $_POST['return'] : '');
-		$preview       = ((!empty($_POST['preview'])) ? intval($_POST['preview']) : 0);
-		$categories    = ((!empty($_POST['category'])) ? escape_tags($_POST['category']) : '');
-		$item_type     = ((!empty($_POST['webpage'])) ? intval($_POST['webpage']) : ITEM_TYPE_POST);
-		$item_obscured = ((!empty($_POST['obscured'])) ? intval($_POST['obscured']) : 0);
-		$item_delayed  = ((!empty($_POST['delayed'])) ? intval($_POST['delayed']) : 0);
-		$pagetitle     = ((!empty($_POST['pagetitle'])) ? escape_tags($_POST['pagetitle']) : '');
-		$layout_mid    = ((!empty($_POST['layout_mid'])) ? escape_tags($_POST['layout_mid']) : '');
-		$plink         = ((!empty($_POST['permalink'])) ? escape_tags($_POST['permalink']) : null);
-		$obj_type      = ((!empty($_POST['obj_type'])) ? escape_tags($_POST['obj_type']) : 'Note');
+		$message_id    = ((x($_REQUEST, 'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : null);
+		$created       = ((x($_REQUEST, 'created')) ? datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['created']) : datetime_convert());
+		$post_id       = ((x($_REQUEST, 'post_id')) ? intval($_REQUEST['post_id']) : 0);
+		$app           = ((x($_REQUEST, 'source')) ? strip_tags($_REQUEST['source']) : '');
+		$return_path   = ((x($_REQUEST, 'return')) ? $_REQUEST['return'] : '');
+		$preview       = ((x($_REQUEST, 'preview')) ? intval($_REQUEST['preview']) : 0);
+		$categories    = ((x($_REQUEST, 'category')) ? escape_tags($_REQUEST['category']) : '');
+		$webpage       = ((x($_REQUEST, 'webpage')) ? intval($_REQUEST['webpage']) : 0);
+		$item_obscured = ((x($_REQUEST, 'obscured')) ? intval($_REQUEST['obscured']) : 0);
+		$item_delayed  = ((x($_REQUEST, 'delayed')) ? intval($_REQUEST['delayed']) : 0);
+		$pagetitle     = ((x($_REQUEST, 'pagetitle')) ? escape_tags($_REQUEST['pagetitle']) : '');
+		$layout_mid    = ((x($_REQUEST, 'layout_mid')) ? escape_tags($_REQUEST['layout_mid']) : '');
+		$plink         = ((x($_REQUEST, 'permalink')) ? escape_tags($_REQUEST['permalink']) : '');
+		$obj_type      = ((x($_REQUEST, 'obj_type')) ? escape_tags($_REQUEST['obj_type']) : 'Note');

 		// allow API to bulk load a bunch of imported items with sending out a bunch of posts.
-		$nopush = ((!empty($_POST['nopush'])) ? intval($_POST['nopush']) : $item_type !== ITEM_TYPE_POST);
-
+		$nopush = ((x($_REQUEST, 'nopush')) ? intval($_REQUEST['nopush']) : 0);

 		/*
 		 * Check service class limits
 		 */
-		if ($uid && empty($_POST['parent']) && empty($_POST['post_id'])) {
-			$ret = $this->item_check_service_class($uid, (($_POST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false));
+		if ($uid && !(x($_REQUEST, 'parent')) && !(x($_REQUEST, 'post_id'))) {
+			$ret = $this->item_check_service_class($uid, (($_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false));
 			if (!$ret['success']) {
 				notice(t($ret['message']) . EOL);
 				if ($api_source)
 					return (['success' => false, 'message' => 'service class exception']);
-				if (!empty($_POST['return']))
+				if (x($_REQUEST, 'return'))
 					goaway(z_root() . "/" . $return_path);
 				killme();
 			}
@@ -210,7 +206,7 @@ class Item extends Controller {
 		}


-		$expires = DBA::$dba->get_null_date();
+		$expires = NULL_DATE;

 		$route          = '';
 		$parent_item    = null;
@@ -220,8 +216,8 @@ class Item extends Controller {

 		if ($parent || $parent_mid) {

-			if (empty($_POST['type']))
-				$_POST['type'] = 'net-comment';
+			if (!x($_REQUEST, 'type'))
+				$_REQUEST['type'] = 'net-comment';

 			if ($parent) {
 				$r = q("SELECT * FROM item WHERE id = %d LIMIT 1",
@@ -257,7 +253,7 @@ class Item extends Controller {
 				notice(t('Unable to locate original post.') . EOL);
 				if ($api_source)
 					return (['success' => false, 'message' => 'invalid post id']);
-				if (!empty($_POST['return']))
+				if (x($_REQUEST, 'return'))
 					goaway(z_root() . "/" . $return_path);
 				killme();
 			}
@@ -280,7 +276,7 @@ class Item extends Controller {
 		if (!$observer) {
 			$observer = App::get_observer();
 			if (!$observer) {
-				$observer = anon_identity_init($_POST);
+				$observer = anon_identity_init($_REQUEST);
 				if ($observer) {
 					$moderated    = true;
 					$remote_xchan = $remote_observer = $observer;
@@ -292,7 +288,7 @@ class Item extends Controller {
 			notice(t('Permission denied.') . EOL);
 			if ($api_source)
 				return (['success' => false, 'message' => 'permission denied']);
-			if (!empty($_POST['return']))
+			if (x($_REQUEST, 'return'))
 				goaway(z_root() . "/" . $return_path);
 			killme();
 		}
@@ -311,17 +307,17 @@ class Item extends Controller {
 				notice(t('Permission denied.') . EOL);
 				if ($api_source)
 					return (['success' => false, 'message' => 'permission denied']);
-				if (!empty($_POST['return']))
+				if (x($_REQUEST, 'return'))
 					goaway(z_root() . "/" . $return_path);
 				killme();
 			}
 		}
 		else {
-			if (!perm_is_allowed($profile_uid, $observer['xchan_hash'], (intval($item_type) === ITEM_TYPE_POST) ? 'post_wall' : 'write_pages')) {
+			if (!perm_is_allowed($profile_uid, $observer['xchan_hash'], ($webpage) ? 'write_pages' : 'post_wall')) {
 				notice(t('Permission denied.') . EOL);
 				if ($api_source)
 					return (['success' => false, 'message' => 'permission denied']);
-				if (!empty($_POST['return']))
+				if (x($_REQUEST, 'return'))
 					goaway(z_root() . "/" . $return_path);
 				killme();
 			}
@@ -377,7 +373,7 @@ class Item extends Controller {
 			logger("mod_item: no channel.");
 			if ($api_source)
 				return (['success' => false, 'message' => 'no channel']);
-			if (!empty($_POST['return']))
+			if (x($_REQUEST, 'return'))
 				goaway(z_root() . "/" . $return_path);
 			killme();
 		}
@@ -387,7 +383,6 @@ class Item extends Controller {
 		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
 			dbesc($channel['channel_hash'])
 		);
-
 		if ($r && count($r)) {
 			$owner_xchan = $r[0];
 		}
@@ -395,7 +390,7 @@ class Item extends Controller {
 			logger("mod_item: no owner.");
 			if ($api_source)
 				return (['success' => false, 'message' => 'no owner']);
-			if (!empty($_POST['return']))
+			if (x($_REQUEST, 'return'))
 				goaway(z_root() . "/" . $return_path);
 			killme();
 		}
@@ -429,21 +424,17 @@ class Item extends Controller {
 		$view_policy    = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'], 'view_stream');
 		$comment_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'], 'post_comments');

-		$public_policy = '';
-
-		if (intval($item_type) === ITEM_TYPE_POST) {
-			$public_policy = ((!empty($_POST['public_policy'])) ? escape_tags($_POST['public_policy']) : map_scope($view_policy, true));
-		}
-
-		if ($public_policy) {
+		$public_policy = ((x($_REQUEST, 'public_policy')) ? escape_tags($_REQUEST['public_policy']) : map_scope($view_policy, true));
+		if ($webpage)
+			$public_policy = '';
+		if ($public_policy)
 			$private = 1;
-		}

 		if ($orig_post) {
 			$private = 0;
-			// Normal conversation items are not allowed to change ACL.
-			if (intval($item_type) !== ITEM_TYPE_POST) {
-				$acl->set_from_array($_POST);
+			// webpages are allowed to change ACLs after the fact. Normal conversation items aren't.
+			if ($webpage) {
+				$acl->set_from_array($_REQUEST);
 			}
 			else {
 				$acl->set($orig_post);
@@ -459,9 +450,9 @@ class Item extends Controller {
 			$coord               = $orig_post['coord'];
 			$verb                = $orig_post['verb'];
 			$app                 = $orig_post['app'];
-			$title               = escape_tags(trim($_POST['title']));
-			$summary             = escape_tags(trim($_POST['summary']));
-			$body                = trim($_POST['body']);
+			$title               = escape_tags(trim($_REQUEST['title']));
+			$summary             = escape_tags(trim($_REQUEST['summary']));
+			$body                = trim($_REQUEST['body']);
 			$item_flags           = $orig_post['item_flags'];
 			$item_origin         = $orig_post['item_origin'];
 			$item_unseen         = $orig_post['item_unseen'];
@@ -495,15 +486,14 @@ class Item extends Controller {
 			$thr_parent          = $orig_post['thr_parent'];
 			$parent_mid          = $orig_post['parent_mid'];
 			$plink               = $orig_post['plink'];
-			$owner_hash          = $orig_post['owner_xchan'];
 		}
 		else {
 			if (!$walltowall) {
-				if ((array_key_exists('contact_allow', $_POST))
-					|| (array_key_exists('group_allow', $_POST))
-					|| (array_key_exists('contact_deny', $_POST))
-					|| (array_key_exists('group_deny', $_POST))) {
-					$acl->set_from_array($_POST);
+				if ((array_key_exists('contact_allow', $_REQUEST))
+					|| (array_key_exists('group_allow', $_REQUEST))
+					|| (array_key_exists('contact_deny', $_REQUEST))
+					|| (array_key_exists('group_deny', $_REQUEST))) {
+					$acl->set_from_array($_REQUEST);
 				}
 				elseif (!$api_source) {

@@ -518,16 +508,16 @@ class Item extends Controller {
 			}


-			$location = ((isset($_POST['location'])) ? notags(trim($_POST['location'])) : '');
-			$coord    = ((isset($_POST['coord'])) ? notags(trim($_POST['coord'])) : '');
-			$verb     = ((isset($_POST['verb'])) ? notags(trim($_POST['verb'])) : '');
-			$title    = ((isset($_POST['title'])) ? escape_tags(trim($_POST['title'])) : '');
-			$summary  = ((isset($_POST['summary'])) ? escape_tags(trim($_POST['summary'])) : '');
-			$body     = ((isset($_POST['body'])) ? trim($_POST['body']) : '');
-			$body     .= ((isset($_POST['attachment'])) ? trim($_POST['attachment']) : '');
+			$location = ((isset($_REQUEST['location'])) ? notags(trim($_REQUEST['location'])) : '');
+			$coord    = ((isset($_REQUEST['coord'])) ? notags(trim($_REQUEST['coord'])) : '');
+			$verb     = ((isset($_REQUEST['verb'])) ? notags(trim($_REQUEST['verb'])) : '');
+			$title    = ((isset($_REQUEST['title'])) ? escape_tags(trim($_REQUEST['title'])) : '');
+			$summary  = ((isset($_REQUEST['summary'])) ? escape_tags(trim($_REQUEST['summary'])) : '');
+			$body     = ((isset($_REQUEST['body'])) ? trim($_REQUEST['body']) : '');
+			$body     .= ((isset($_REQUEST['attachment'])) ? trim($_REQUEST['attachment']) : '');
 			$postopts = '';

-			$allow_empty = ((array_key_exists('allow_empty', $_POST)) ? intval($_POST['allow_empty']) : 0);
+			$allow_empty = ((array_key_exists('allow_empty', $_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0);

 			$private = ((isset($private) && $private) ? $private : intval($acl->is_private() || ($public_policy)));

@@ -538,7 +528,7 @@ class Item extends Controller {
 				$private       = intval($parent_item['item_private']);
 				$public_policy = $parent_item['public_policy'];
 				$owner_hash    = $parent_item['owner_xchan'];
-				$item_type       = $parent_item['item_type'];
+				$webpage       = $parent_item['item_type'];
 			}


@@ -549,7 +539,7 @@ class Item extends Controller {
 				info(t('Empty post discarded.') . EOL);
 				if ($api_source)
 					return (['success' => false, 'message' => 'no content']);
-				if (!empty($_POST['return']))
+				if (x($_REQUEST, 'return'))
 					goaway(z_root() . "/" . $return_path);
 				killme();
 			}
@@ -557,15 +547,15 @@ class Item extends Controller {


 		if (feature_enabled($profile_uid, 'content_expire')) {
-			if (!empty($_POST['expire'])) {
-				$expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expire']);
+			if (x($_REQUEST, 'expire')) {
+				$expires = datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['expire']);
 				if ($expires <= datetime_convert())
-					$expires = DBA::$dba->get_null_date();
+					$expires = NULL_DATE;
 			}
 		}


-		$mimetype = ((isset($_POST['mimetype'])) ? notags(trim($_POST['mimetype'])) : '');
+		$mimetype = ((isset($_REQUEST['mimetype'])) ? notags(trim($_REQUEST['mimetype'])) : '');

 		if (!$mimetype)
 			$mimetype = 'text/bbcode';
@@ -599,7 +589,7 @@ class Item extends Controller {

 		$is_group = get_pconfig($profile_uid, 'system', 'group_actor');

-		if ($is_group && $walltowall && !$walltowall_comment && (intval($item_type) === ITEM_TYPE_POST)) {
+		if ($is_group && $walltowall && !$walltowall_comment && !$webpage) {
 			$groupww           = true;
 			$str_contact_allow = $owner_xchan['xchan_hash'];
 			$str_group_allow   = '';
@@ -758,7 +748,7 @@ class Item extends Controller {
 			$cats = explode(',', $categories);
 			foreach ($cats as $cat) {

-				$catlink = channel_url($channel) . '?cat=' . urlencode(trim($cat));
+				$catlink = $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat));

 				$post_tags[] = [
 					'uid'   => $profile_uid,
@@ -798,21 +788,23 @@ class Item extends Controller {
 		}

 		$item_unseen    = ((local_channel() != $profile_uid) ? 1 : 0);
-		$item_wall      = ((isset($_POST['type']) && ($_POST['type'] === 'wall' || $_POST['type'] === 'wall-comment')) ? 1 : 0);
+		$item_wall      = ((isset($_REQUEST['type']) && ($_REQUEST['type'] === 'wall' || $_REQUEST['type'] === 'wall-comment')) ? 1 : 0);
 		$item_origin    = (($origin) ? 1 : 0);
 		$item_consensus = (($consensus) ? 1 : 0);
 		$item_nocomment = (($nocomment) ? 1 : 0);
-		$comments_closed = (($nocomment) ? $comments_closed : DBA::$dba->get_null_date());
+		$comments_closed = (($nocomment) ? $comments_closed : NULL_DATE);

 		// determine if this is a wall post

-		if (in_array($item_type, [ITEM_TYPE_POST, ITEM_TYPE_CARD, ITEM_TYPE_ARTICLE])) {
-			$item_wall = 1;
-		}
-
 		if ($parent) {
 			$item_wall = $parent_item['item_wall'];
 		}
+		else {
+			if (!$webpage) {
+				$item_wall = 1;
+			}
+		}
+

 		if ($moderated) {
 			$item_blocked = ITEM_MODERATED;
@@ -829,34 +821,36 @@ class Item extends Controller {
 		$mid = $mid ?? z_root() . '/item/' . $uuid;


-		if (empty($owner_hash)) {
-			$owner_hash = $owner_xchan['xchan_hash'];
-		}
+        // Set the conversation target.
+        if (empty($owner_hash)) {
+            $owner_hash = $owner_xchan['xchan_hash'];
+        }
+
+        if ($owner_hash === $channel['channel_hash']) {
+            $attributedTo = z_root() . '/channel/' . $channel['channel_address'];
+
+            $conversation = isset($parent_item) ? $parent_item['mid'] : $mid;
+            $datarray['target'] = [
+                'id' => str_replace('/item/', '/conversation/', $conversation),
+                'type' => 'Collection',
+                'attributedTo' => $attributedTo,
+            ];
+            $datarray['tgt_type'] = 'Collection';
+        }
+        elseif (!empty($parent_item['target'])) {
+            $datarray['target'] = $parent_item['target'];
+            $datarray['tgt_type'] = $parent_item['tgt_type'];
+        }

-		// Set the conversation target.
-		if ($owner_hash === $channel['channel_hash']) {
-			$attributedTo = z_root() . '/channel/' . $channel['channel_address'];

-			$conversation = isset($parent_item) ? $parent_item['mid'] : $mid;
-			$datarray['target'] = [
-				'id' => str_replace('/item/', '/conversation/', $conversation),
-				'type' => 'Collection',
-				'attributedTo' => $attributedTo,
-			];
-			$datarray['tgt_type'] = 'Collection';
-		}
-		elseif (!empty($parent_item['target'])) {
-			$datarray['target'] = $parent_item['target'];
-			$datarray['tgt_type'] = $parent_item['tgt_type'];
-		}

 		if ($is_poll) {
 			$poll = [
 				'question'         => $body,
-				'answers'          => $_POST['poll_answers'],
-				'multiple_answers' => $_POST['poll_multiple_answers'],
-				'expire_value'     => $_POST['poll_expire_value'],
-				'expire_unit'      => $_POST['poll_expire_unit']
+				'answers'          => $_REQUEST['poll_answers'],
+				'multiple_answers' => $_REQUEST['poll_multiple_answers'],
+				'expire_value'     => $_REQUEST['poll_expire_value'],
+				'expire_unit'      => $_REQUEST['poll_expire_unit']
 			];
 			$obj  = $this->extract_poll_data($poll, ['item_private' => $private, 'allow_cid' => $str_contact_allow, 'allow_gid' => $str_contact_deny]);
 		}
@@ -876,7 +870,7 @@ class Item extends Controller {

 			if ($obj['endTime']) {
 				$d = datetime_convert('UTC','UTC', $obj['endTime']);
-				if ($d > DBA::$dba->get_null_date()) {
+				if ($d > NULL_DATE) {
 					$comments_closed = $d;
 				}
 			}
@@ -891,13 +885,19 @@ class Item extends Controller {
 		if ($parent_item)
 			$parent_mid = $parent_item['mid'];

+
 		// Fallback so that we always have a thr_parent

 		if (!$thr_parent)
 			$thr_parent = $mid;

+
 		$item_thread_top = ((!$parent) ? 1 : 0);

+		if ((!$plink) && ($item_thread_top)) {
+			$plink = $mid;
+		}
+
 		if (isset($datarray['obj']) && $datarray['obj']) {
 			$datarray['obj']['id'] = $mid;
 		}
@@ -935,7 +935,7 @@ class Item extends Controller {
 		$datarray['item_unseen']         = intval($item_unseen);
 		$datarray['item_wall']           = intval($item_wall);
 		$datarray['item_origin']         = intval($item_origin);
-		$datarray['item_type']           = $item_type;
+		$datarray['item_type']           = $webpage;
 		$datarray['item_private']        = intval($private);
 		$datarray['item_thread_top']     = intval($item_thread_top);
 		$datarray['item_starred']        = intval($item_starred);
@@ -960,7 +960,7 @@ class Item extends Controller {
 		$datarray['public_policy']       = $public_policy;
 		$datarray['comment_policy']      = map_scope($comment_policy);
 		$datarray['term']                = array_unique($post_tags, SORT_REGULAR);
-		$datarray['plink']               = $plink ?? $mid;
+		$datarray['plink']               = $plink;
 		$datarray['route']               = $route;

 		// A specific ACL over-rides public_policy completely
@@ -1014,14 +1014,14 @@ class Item extends Controller {

 		call_hooks('post_local', $datarray);

-		if (!empty($datarray['cancel'])) {
+		if (x($datarray, 'cancel')) {
 			logger('mod_item: post cancelled by plugin or duplicate suppressed.');
 			if ($return_path)
 				goaway(z_root() . "/" . $return_path);
 			if ($api_source)
 				return (['success' => false, 'message' => 'operation cancelled']);
 			$json           = ['cancel' => 1];
-			$json['reload'] = z_root() . '/' . $_POST['jsreload'];
+			$json['reload'] = z_root() . '/' . $_REQUEST['jsreload'];
 			echo json_encode($json);
 			killme();
 		}
@@ -1030,8 +1030,8 @@ class Item extends Controller {
 		if (mb_strlen($datarray['title']) > 191)
 			$datarray['title'] = mb_substr($datarray['title'], 0, 191);

-		if (intval($item_type) !== ITEM_TYPE_POST) {
-			IConfig::Set($datarray, 'system', item_type_to_namespace($item_type),
+		if ($webpage) {
+			IConfig::Set($datarray, 'system', webpage_to_namespace($webpage),
 				(($pagetitle) ? $pagetitle : basename($datarray['mid'])), true);
 		}
 		elseif ($namespace) {
@@ -1044,16 +1044,23 @@ class Item extends Controller {

 			$x = item_store_update($datarray, $execflag);

-			if ($x['success'] && intval($item_type) === ITEM_TYPE_POST) {
-				$item = [$x['item']];
-				xchan_query($item);
-				$item = fetch_post_tags($item);
-				$encoded_item = Activity::build_packet(Activity::encode_activity($item[0]), $channel, false);
-				ObjCache::Set($item[0]['mid'], $encoded_item);
-
+			if ($x['success']) {
 				$this->add_listeners($datarray);
 			}

+			/* sync this is done in item_store_update()
+			if (!$parent) {
+				$r = q("select * from item where id = %d",
+					intval($post_id)
+				);
+				if ($r) {
+					xchan_query($r);
+					$sync_item = fetch_post_tags($r);
+					Libsync::build_sync_packet($profile_uid, ['item' => [encode_item($sync_item[0], true)]]);
+				}
+			}
+			*/
+
 			if (!$nopush) {
 				Master::Summon(['Notifier', 'edit_post', $post_id]);
 				if (intval($x['approval_id'])) {
@@ -1064,7 +1071,7 @@ class Item extends Controller {
 			if ($api_source)
 				return ($x);

-			if ((!empty($_POST['return'])) && strlen($return_path)) {
+			if ((x($_REQUEST, 'return')) && strlen($return_path)) {
 				logger('return: ' . $return_path);

 				if ($return_path === 'hq') {
@@ -1076,17 +1083,9 @@ class Item extends Controller {
 			killme();
 		}

-
 		$post = item_store($datarray, $execflag);

-		if ($post['success'] && intval($item_type) === ITEM_TYPE_POST) {
-			$item = [$post['item']];
-			xchan_query($item);
-			// TODO: fetch_post_tags() will add term and iconfig twice if called twice and it looks like they are already added here
-			//$item = fetch_post_tags($item);
-			$encoded_item = Activity::build_packet(Activity::encode_activity($item[0]), $channel, false);
-			ObjCache::Set($item[0]['mid'], $encoded_item);
-
+		if ($post['success']) {
 			$this->add_listeners($datarray);
 		}

@@ -1166,6 +1165,19 @@ class Item extends Controller {
 			killme();
 		}

+		/* sync this is done in item_store_update()
+		if ($parent || $datarray['item_private'] == 1) {
+			$r = q("select * from item where id = %d",
+				intval($post_id)
+			);
+			if ($r) {
+				xchan_query($r);
+				$sync_item = fetch_post_tags($r);
+				Libsync::build_sync_packet($profile_uid, ['item' => [encode_item($sync_item[0], true)]]);
+			}
+		}
+		*/
+
 		$datarray['id']    = $post_id;
 		$datarray['llink'] = z_root() . '/display/' . $datarray['uuid'];

@@ -1204,15 +1216,19 @@ class Item extends Controller {
 		if ($mode === 'channel')
 			profile_load($channel['channel_address']);

+		$item[]            = $datarray;
+		$item[0]['owner']  = $owner_xchan;
+		$item[0]['author'] = $observer;
+		$item[0]['attach'] = $datarray['attach'];
+
 		$json = [
 			'success' => 1,
 			'id'      => $post_id,
-			'thr_parent_id'  => $thr_parent_id,
 			'html'    => conversation($item, $mode, true, 'r_preview'),
 		];

-		if (!empty($_POST['jsreload']))
-			$json['reload'] = z_root() . '/' . $_POST['jsreload'];
+		if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload']))
+			$json['reload'] = z_root() . '/' . $_REQUEST['jsreload'];

 		logger('post_json: ' . print_r($json, true), LOGGER_DEBUG);

@@ -1487,7 +1503,7 @@ class Item extends Controller {
 			dbesc(ACTIVITY_UNFOLLOW)
 		);

-		$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
+		$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";

 		$i = null;

@@ -1603,7 +1619,7 @@ class Item extends Controller {
 			dbesc(ACTIVITY_UNFOLLOW)
 		);

-		$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 and item.item_uplink = 0 $item_normal_extra ";
+		$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 $item_normal_extra ";

 		$i = null;

--- a/Zotlabs/Module/Lang.php
+++ b/Zotlabs/Module/Lang.php
@@ -65,22 +65,8 @@ class Lang extends Controller {
 		}

 		nav_set_selected('Language');
-		return $this->lang_selector();
+		return lang_selector();

 	}

-	private function lang_selector(): string
-   	{
-		$lang_options = language_list();
-		array_unshift($lang_options, t('default'));
-
-		$tpl = get_markup_template('lang_selector.tpl');
-
-		return replace_macros($tpl, [
-			'$title' => t('Select an alternate language'),
-			'$langs' => array($lang_options, App::$language),
-
-		]);
-	}
-
 }
--- a/Zotlabs/Module/Like.php
+++ b/Zotlabs/Module/Like.php
@@ -22,9 +22,9 @@ class Like extends Controller {
 			'like'        => 'Like',
 			'dislike'     => 'Dislike',
 			'announce'    => ACTIVITY_SHARE,
-			'accept'   => 'Accept',
-			'reject'    => 'Reject',
-			'tentativeaccept' => 'TentativeAccept'
+			'attendyes'   => 'Accept',
+			'attendno'    => 'Reject',
+			'attendmaybe' => 'TentativeAccept'
 		];

 		// unlike (etc.) reactions are an undo of positive reactions, rather than a negative action.
@@ -52,31 +52,43 @@ class Like extends Controller {
 			profile_load($parts[0]);
 		}

-		if ($page_mode === 'list') {
-			$item_normal = item_normal();
+		$item_normal = item_normal();

+		if ($page_mode === 'list') {
 			$items = q("SELECT item.*, item.id AS item_id FROM item
 				WHERE uid = %d $item_normal
 				AND parent = %d",
 				intval($arr['item']['uid']),
 				intval($arr['item']['parent'])
 			);
-
 			xchan_query($items, true);
 			$items = fetch_post_tags($items, true);
 			$items = conv_sort($items, 'commented');
 		}
 		else {
-			$item = item_by_item_id($arr['item']['id'], $arr['item']['parent'], type: $arr['item']['item_type']);
-			xchan_query($item, true);
-			$item = fetch_post_tags($item, true);
+			$activities = q("SELECT item.*, item.id AS item_id FROM item
+				WHERE uid = %d $item_normal
+				AND thr_parent = '%s'
+				AND verb IN ('%s', '%s', '%s', '%s', '%s', '%s', 'Accept', 'Reject', 'TentativeAccept')",
+				intval($arr['item']['uid']),
+				dbesc($arr['item']['mid']),
+				dbesc('Like'),
+				dbesc('Dislike'),
+				dbesc(ACTIVITY_SHARE),
+				dbesc(ACTIVITY_ATTEND),
+				dbesc(ACTIVITY_ATTENDNO),
+				dbesc(ACTIVITY_ATTENDMAYBE)
+			);
+			xchan_query($activities, true);
+			$items = array_merge([$arr['item']], $activities);
+			$items = fetch_post_tags($items, true);
 		}

 		$ret = [
 			'success' => 1,
 			'orig_id' => $arr['orig_item_id'], //this is required for pubstream items where $item_id != $item['id']
 			'id'      => $arr['item']['id'],
-			'html'    => conversation($item, $conv_mode, true, $page_mode),
+			'html'    => conversation($items, $conv_mode, true, $page_mode),
 		];

 		// mod photos
@@ -127,7 +139,7 @@ class Like extends Controller {
 		$extended_like = false;
 		$object        = $target = null;
 		$post_type     = EMPTY_STR;
-		$obj_type      = EMPTY_STR;
+		$obj_type       = EMPTY_STR;

 		if (argc() == 3) {

@@ -305,6 +317,8 @@ class Like extends Controller {
 			// parent, copy that as well.

 			if ($r) {
+				$obj_type = $r[0]['obj_type'];
+
 				if ($r[0]['uid'] === $sys_channel['channel_id'] && local_channel()) {
 					$r = [copy_of_pubitem(App::get_channel(), $r[0]['mid'])];
 				}
@@ -320,8 +334,6 @@ class Like extends Controller {
 			$item      = $r[0];
 			$owner_uid = $r[0]['uid'];
 			$owner_aid = $r[0]['aid'];
-			$obj_type  = $r[0]['obj_type'];
-			$item_type = $r[0]['item_type'];

 			if ((array_key_exists('owner', $item)) && intval($item['owner']['abook_self']))
 				$can_comment = perm_is_allowed($item['uid'], $observer['xchan_hash'], 'post_comments');
@@ -362,7 +374,7 @@ class Like extends Controller {
 				$multi_undo = true;
 			}

-			$item_normal = item_normal(type: $item_type);
+			$item_normal = item_normal();

 			$r = q("SELECT id, parent, uid, verb FROM item WHERE verb in ( $verbs ) $item_normal
 				AND author_xchan = '%s' AND thr_parent = '%s' and uid = %d ",
@@ -433,7 +445,7 @@ class Like extends Controller {
 			$arr['item_wall']       = 1;
 		}
 		else {
-			switch ($item['obj_type']) {
+			switch ($item['object_type']) {
 				case 'Image':
 					$post_type = t('image');
 					break;
@@ -474,11 +486,11 @@ class Like extends Controller {
 			$bodyverb = t('%1$s likes %2$s\'s %3$s');
 		if ($verb === 'dislike')
 			$bodyverb = t('%1$s doesn\'t like %2$s\'s %3$s');
-		if ($verb === 'accept')
+		if ($verb === 'attendyes')
 			$bodyverb = t('%1$s is attending %2$s\'s %3$s');
-		if ($verb === 'reject')
+		if ($verb === 'attendno')
 			$bodyverb = t('%1$s is not attending %2$s\'s %3$s');
-		if ($verb === 'tentativeaccept')
+		if ($verb === 'attendmaybe')
 			$bodyverb = t('%1$s may attend %2$s\'s %3$s');

 		if (!isset($bodyverb))
@@ -561,7 +573,7 @@ class Like extends Controller {

 		call_hooks('post_local_end', $arr);

-		if ($is_rsvp && in_array($verb, ['accept', 'tentativeaccept'])) {
+		if ($is_rsvp && in_array($verb, ['attendyes', 'attendmaybe'])) {
 			event_addtocal($item_id, local_channel());
 		}

--- a/Zotlabs/Module/Lockview.php
+++ b/Zotlabs/Module/Lockview.php
@@ -110,7 +110,7 @@ class Lockview extends Controller {
 			// as unknown specific recipients. The sender will have the visibility list and will fall through to the
 			// next section.

-			echo '<div class="dropdown-item-text">' . escape_tags(translate_scope((!$item['public_policy']) ? 'specific' : $item['public_policy'])) . '</div>';
+			echo '<div class="dropdown-item-text">' . translate_scope((!$item['public_policy']) ? 'specific' : $item['public_policy']) . '</div>';
 			killme();
 		}

@@ -232,17 +232,25 @@ class Lockview extends Controller {
 			}
 		}

-		$tpl = get_markup_template('access_dropdown.tpl');
+		$access_list_header = '<div class="dropdown-header text-uppercase h6">' . t('Access') . '</div>';
+		$guest_access_list_header = '<div class="dropdown-header text-uppercase h6">' . t('Guest access') . '</div>';
+		$ocap_access_list_header = '<div class="dropdown-header text-uppercase h6">' . t('OCAP access') . '</div>';
+		$divider = '<div class="dropdown-divider"></div>';
+		$str = '';

-		echo replace_macros($tpl, [
-			'$access_header'        => t('Access'),
-			'$guest_access_header'  => t('Guest access'),
-			'$ocap_access_header'   => t('OCAP access'),
+		if ($access_list) {
+			$str .= $access_list_header . implode($access_list);
+		}

-			'$access_list'         => $access_list ? implode($access_list) : '',
-			'$guest_access_list'   => $guest_access_list ? implode($guest_access_list) : '',
-			'$ocap_access_list'    => $ocap_access_list ? implode($ocap_access_list) : '',
-		]);
+		if ($guest_access_list) {
+			$str .= $divider . $guest_access_list_header . implode($guest_access_list);
+		}
+
+		if ($ocap_access_list) {
+			$str .= $divider . $ocap_access_list_header . implode($ocap_access_list);
+		}
+
+		echo $str;
 		killme();

 	}
--- a/Zotlabs/Module/Login.php
+++ b/Zotlabs/Module/Login.php
@@ -5,28 +5,12 @@ namespace Zotlabs\Module;
 class Login extends \Zotlabs\Web\Controller {

 	function get() {
-		if (local_channel()) {
+		if(local_channel())
 			goaway(z_root());
-		}
-
-		if (remote_channel() && $_SESSION['atoken']) {
+		if(remote_channel() && $_SESSION['atoken'])
 			goaway(z_root());
-		}

-		if (!empty($_GET['retry'])) {
-			notice( t('Login failed.') . EOL );
-		}
-
-		$o = '<div class="generic-content-wrapper">';
-		$o .= '<div class="section-title-wrapper">';
-		$o .= '<h2 class="">' . t('Login') . '</h2>';
-		$o .= '</div>';
-		$o .= '<div class="section-content-wrapper">';
-		$o .= login(true);
-		$o .= '</div>';
-		$o .= '</div>';
-
-		return $o;
+		return login(true);
 	}

 }
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -6,8 +6,6 @@ use Zotlabs\Web\Controller;
 use Zotlabs\Web\HTTPSig;
 use Zotlabs\Lib\Libzot;
 use Zotlabs\Lib\SConfig;
-use GuzzleHttp\Psr7\Request;
-use HttpSignature\HttpMessageSigner;

 class Magic extends Controller {

@@ -43,7 +41,11 @@ class Magic extends Controller {
 			http_status_exit(400, 'Bad Request');
 		}

-		$basepath = unparse_url($parsed, ['scheme', 'host', 'port']);
+		$basepath = unparse_url(array_filter(
+			$parsed,
+			fn (string $key) => in_array($key, ['scheme', 'host', 'port']),
+			ARRAY_FILTER_USE_KEY
+		));

 		$owapath = SConfig::get($basepath, 'system', 'openwebauth', $basepath . '/owa');

@@ -103,65 +105,26 @@ class Magic extends Controller {
 				$dest = strip_zids($dest);
 				$dest = strip_query_param($dest,'f');

-				// try RFC9421 first
+				// We now post to the OWA endpoint. This improves security by providing a signed digest

-				$request = new Request(
-					'GET',
-					$owapath,
-					[
-						'Host' => $parsed['host'],
-						'Date' => gmdate('D, d M Y H:i:s T'),
-						'Accept' => 'application/x-zot+json',
-						'X-Open-Web-Auth' => random_string(),
-					],
-				);
+				$data = json_encode([ 'OpenWebAuth' => random_string() ]);

-				$signer = new HttpMessageSigner();
-
-				$signer->setPrivateKey($channel['channel_prvkey']);
-				$signer->setAlgorithm('rsa-v1_5-sha256');
-				$signer->setKeyId(channel_url($channel));
-				$signer->setCreated(time());
-				$signer->setExpires(time() + 3600);
-
-				$coveredFields = '("@method" "@target-uri" "host" "date" "accept" "x-open-web-auth")';
-				$request = $signer->signRequest($coveredFields, $request);
-				$signedHeaders = $signer->getHeaders($request);
-
-				$curlHeaders = [];
-				foreach ($signedHeaders as $key => $value) {
-					$curlHeaders[] = $key . ': ' . $value;
-				}
+				$headers = [];
+				$headers['Accept'] = 'application/x-zot+json' ;
+				$headers['Content-Type'] = 'application/x-zot+json' ;
+				$headers['X-Open-Web-Auth'] = random_string();
+				$headers['Host'] = $parsed['host'];
+				$headers['(request-target)'] = 'get /owa';

+				$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512');
 				$redirects = 0;
-				$x = z_fetch_url($owapath, false, $redirects,  ['headers' => $curlHeaders]);
-				logger('owa RFC9421 fetch returned: ' . print_r($x,true),LOGGER_DATA);

-				$rfc9421 = false;
+				$x = z_fetch_url($owapath, false, $redirects, ['headers' => $headers]);

-				if ($x['success']) {
-					$rfc9421_result = json_decode($x['body'], true);
-					$rfc9421 = $rfc9421_result['success'];
-				}
-
-				if (!$rfc9421 || ($x['return_code'] >= 400 && $x['return_code'] != 404)) {
-					$headers = [];
-					$headers['Accept'] = 'application/x-zot+json' ;
-					$headers['Content-Type'] = 'application/x-zot+json' ;
-					$headers['X-Open-Web-Auth'] = random_string();
-					$headers['Host'] = $parsed['host'];
-					$headers['(request-target)'] = 'get /owa';
-
-					$headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512');
-					$redirects = 0;
-
-					$x = z_fetch_url($owapath, false, $redirects, ['headers' => $headers]);
-					logger('owa fetch returned: ' . print_r($x,true),LOGGER_DATA);
-				}
+				logger('owa fetch returned: ' . print_r($x,true),LOGGER_DATA);

 				if ($x['success']) {
 					$j = json_decode($x['body'],true);
-
 					if ($j['success'] && $j['encrypted_token']) {
 						// decrypt the token using our private key
 						$token = '';
@@ -171,21 +134,11 @@ class Magic extends Controller {
 						$args = (($x) ? '&owt=' . $token : '?owt=' . $token) . (($delegate) ? '&delegate=1' : '');
 						goaway($dest . $args);
 					}
-					else {
-						$o = '<h1>OWA ERROR</h1>';
-						if (!empty($j['message'])) {
-							$o .= '<h2>' . $j['message'] . '</h2>';
-						}
-						$o .= '<a href=' . $dest . '>' . $dest . '</a>';
-
-						echo $o;
-						killme();
-					}
 				}
 			}
 		}

-		goaway($dest);
+		killme();

 	}

--- a/Zotlabs/Module/Moderate.php
+++ b/Zotlabs/Module/Moderate.php
@@ -67,7 +67,7 @@ class Moderate extends \Zotlabs\Web\Controller {

 					$item['item_blocked'] = 0;
 					item_update_parent_commented($item);
-					info(t('Item approved') . EOL);
+					notice( t('Item approved') . EOL);
 				}
 				elseif($action === 'drop') {
 					// TODO: not implemented
@@ -75,7 +75,7 @@ class Moderate extends \Zotlabs\Web\Controller {
 					// Activity::send_rejection_activity(App::get_channel(), $item['author_xchan'], $item);

 					drop_item($post_id);
-					info(t('Item deleted') . EOL);
+					notice( t('Item deleted') . EOL);
 				}

 				// refetch the item after changes have been made
--- a/Zotlabs/Module/Network.php
+++ b/Zotlabs/Module/Network.php
@@ -70,19 +70,17 @@ class Network extends \Zotlabs\Web\Controller {
 		$dm         = ((x($_REQUEST,'dm')) ? $_REQUEST['dm'] : 0);


-		$order = get_pconfig(local_channel(), 'mod_network', 'order', 'created');
+		$order = get_pconfig(local_channel(), 'mod_network', 'order', 0);
 		switch($order) {
-			case 'commented':
-				$ordering = 'commented';
+			case 0:
+				$order = 'comment';
 				break;
-			case 'created':
-				$ordering = 'created';
+			case 1:
+				$order = 'post';
 				break;
-			case 'unthreaded':
+			case 2:
 				$nouveau = true;
 				break;
-			default:
-				$ordering = 'created';
 		}

 		$search = $_GET['search'] ?? '';
@@ -94,7 +92,7 @@ class Network extends \Zotlabs\Web\Controller {
 		}

 		if($datequery)
-			$order = 'created';
+			$order = 'post';


 		// filter by collection (e.g. group)
@@ -135,6 +133,7 @@ class Network extends \Zotlabs\Web\Controller {

 		$status_editor = '';

+
 		if (Apps::system_app_installed(local_channel(), 'Affinity Tool')) {
 			$affinity_locked = intval(get_pconfig(local_channel(), 'affinity', 'lock', 1));
 			if ($affinity_locked) {
@@ -143,11 +142,8 @@ class Network extends \Zotlabs\Web\Controller {
 			}
 		}

-		if($search || $file || (!$pf && $cid) || $hashtags || $verb || $category || $conv || $unseen) {
+		if(x($_GET, 'search') || $file || (!$pf && $cid) || $hashtags || $verb || $category || $conv || $unseen)
 			$nouveau = true;
-		}
-
-		$dismiss_privacy_filter = array_intersect(['cid', 'star', 'conv', 'file', 'verb', 'cat', 'search'], array_keys($_GET));

 		$cid_r = [];

@@ -205,7 +201,7 @@ class Network extends \Zotlabs\Web\Controller {
 				'default_location' => $channel['channel_location'],
 				'nickname'         => $channel['channel_address'],
 				'lockstate'        => (($private_editing || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-				'acl'              => populate_acl((($private_editing) ? $def_acl : $channel_acl), true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'member/permissions'),
+				'acl'              => populate_acl((($private_editing) ? $def_acl : $channel_acl), true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'),
 				'permissions'      => (($private_editing) ? $def_acl : $channel_acl),
 				'bang'             => (($private_editing) ? $bang : ''),
 				'visitor'          => true,
@@ -275,9 +271,39 @@ class Network extends \Zotlabs\Web\Controller {
 					// This is for nouveau view cid queries (not a public forum)
 					$sql_extra = " AND author_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' ";
 				}
+				elseif($pf && $unseen && $nouveau) {
+
+					$vnotify = get_pconfig(local_channel(), 'system', 'vnotify');
+					if(! ($vnotify & VNOTIFY_LIKE))
+						$likes_sql = " AND verb NOT IN ('Like', 'Dislike', '" . dbesc(ACTIVITY_LIKE) . "', '" . dbesc(ACTIVITY_DISLIKE) . "') ";
+
+					// This is for nouveau view public forum cid queries (if a forum notification is clicked)
+					//$p = q("SELECT oid AS parent FROM term WHERE uid = %d AND ttype = %d AND term = '%s'",
+						//intval(local_channel()),
+						//intval(TERM_FORUM),
+						//dbesc($cid_r[0]['xchan_name'])
+					//);
+
+					//$p_str = ids_to_querystr($p, 'parent');
+
+					$p_sql = '';
+					//if($p_str)
+						//$p_sql = " OR item.parent IN ( $p_str ) ";
+
+					$sql_extra = " AND ( owner_xchan = '" . protect_sprintf(dbesc($cid_r[0]['abook_xchan'])) . "' OR owner_xchan = '" . protect_sprintf(dbesc($cid_r[0]['abook_xchan'])) . "' $p_sql ) AND item_unseen = 1 $likes_sql ";
+				}
 				else {
 					// This is for threaded view cid queries (e.g. if a forum is selected from the forum filter)
-					$sql_extra = " AND item.parent IN (SELECT DISTINCT parent FROM item WHERE uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' OR owner_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' ) $item_normal) ";
+					$ttype = (($pf) ? TERM_FORUM : TERM_MENTION);
+
+					$p1 = dbq("SELECT DISTINCT parent FROM item WHERE uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' OR owner_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' ) $item_normal ");
+					$p2 = dbq("SELECT oid AS parent FROM term WHERE uid = " . intval(local_channel()) . " AND ttype = $ttype AND term = '" . dbesc($cid_r[0]['xchan_name']) . "'");
+
+					$p_str = ids_to_querystr(array_merge($p1, $p2), 'parent');
+					if(! $p_str)
+						killme();
+
+					$sql_extra = " AND item.parent IN ( $p_str ) ";
 				}
 			}

@@ -349,15 +375,15 @@ class Network extends \Zotlabs\Web\Controller {
 			// The name 'verb' is a holdover from the earlier XML
 			// ActivityStreams specification.

-			if (str_starts_with($verb, '.')) {
+			if (substr($verb, 0, 1) === '.') {
 				$sql_verb = substr($verb, 1);
-				$sql_extra .= sprintf(" AND item.obj_type = '%s' AND item.verb IN ('Create', 'Update', 'Invite') ",
-					dbesc(protect_sprintf($sql_verb))
+				$sql_extra .= sprintf(" AND item.obj_type like '%s' ",
+					dbesc(protect_sprintf('%' . $sql_verb . '%'))
 				);
 			}
 			else {
-				$sql_extra .= sprintf(" AND item.verb = '%s' ",
-					dbesc(protect_sprintf($verb))
+				$sql_extra .= sprintf(" AND item.verb like '%s' ",
+					dbesc(protect_sprintf('%' . $verb . '%'))
 				);
 			}
 		}
@@ -366,23 +392,30 @@ class Network extends \Zotlabs\Web\Controller {
 			$sql_extra .= term_query('item', $file, TERM_FILE);
 		}

-		if (!$dismiss_privacy_filter) {
-			if ($dm) {
-				$sql_extra .= ' AND item.item_private = 2 ';
-			}
-			else {
-				$sql_extra .= ' AND item.item_private IN (0, 1) ';
-			}
+		if ($dm) {
+			$sql_extra .= ' AND item_private = 2 ';
 		}
+		else {
+			$sql_extra .= ' AND item_private IN (0, 1) ';
+		}
+

 		if($conv) {
 			$item_thread_top = '';
 			$sql_extra .= " AND ( author_xchan = '" . dbesc($channel['channel_hash']) . "' OR item_mentionsme = 1 ) ";
 		}

-		$itemspage = get_pconfig(local_channel(), 'system', 'itemspage');
-		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10));
-		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
+		if($update && ! $load) {
+
+			// only setup pagination on initial page view
+			$pager_sql = '';
+
+		}
+		else {
+			$itemspage = get_pconfig(local_channel(), 'system', 'itemspage');
+			App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10));
+			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
+		}

 		// cmin and cmax are both -1 when the affinity tool is disabled

@@ -412,12 +445,12 @@ class Network extends \Zotlabs\Web\Controller {
 		$abook_uids = ' and abook.abook_channel = ' . local_channel() . ' ';
 		$uids = ' and item.uid = ' . local_channel() . ' ';

-		$page_mode = 'client';
-
-		$blog_mode = feature_enabled(local_channel(), 'network_list_mode');
-		if ($blog_mode) {
+		if(feature_enabled(local_channel(), 'network_list_mode'))
 			$page_mode = 'list';
-		}
+		else
+			$page_mode = 'client';
+
+		$parents_str = '';

 		// This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day
 		// or three and look at your matrix page - after opening up your browser. The first page loads just as it
@@ -439,23 +472,33 @@ class Network extends \Zotlabs\Web\Controller {

 		if($nouveau && $load) {
 			// "New Item View" - show all items unthreaded in reverse created date order
-			$items = dbq("SELECT item.*, item.id AS item_id FROM item
+			$items = dbq("SELECT item.*, item.id AS item_id, created FROM item
 				left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 				$net_query
 				WHERE true $uids $item_normal
 				and (abook.abook_blocked = 0 or abook.abook_flags is null)
-				AND item.verb NOT IN ('Add', 'Remove')
 				$sql_extra $sql_options $sql_nets
 				$net_query2
 				ORDER BY item.created DESC $pager_sql "
 			);

+			$parents_str = ids_to_querystr($items, 'item_id');
+
+			require_once('include/items.php');
+
 			xchan_query($items);

 			$items = fetch_post_tags($items, true);
 		}
 		elseif($update) {

+			// Normal conversation view
+
+			if($order === 'post')
+				$ordering = 'created';
+			else
+				$ordering = 'commented';
+
 			if($load) {
 				// Fetch a page full of parent items for this page
 				$r = dbq("SELECT item.parent AS item_id FROM item
@@ -484,7 +527,12 @@ class Network extends \Zotlabs\Web\Controller {
 			// Then fetch all the children of the parents that are on this page

 			if($r) {
-				$items = items_by_parent_ids($r, blog_mode: $blog_mode);
+				$parents_str = ids_to_querystr($r, 'item_id');
+				$items = dbq("SELECT item.*, item.id AS item_id FROM item
+					WHERE true $uids $item_normal
+					AND item.parent IN ( $parents_str )
+					$sql_extra "
+				);

 				xchan_query($items, true);
 				$items = fetch_post_tags($items, true);
--- a/Show More
+++ b/Show More