Merge branch 'dispy' of github.com:fabrixxm/friendika into dispy

.gitignore

@@ -1,11 +1,9 @@
 favicon.*
 .htconfig.php
 \#*
-wip/*
 include/jquery-1.4.2.min.js
 *.log
 *.out
 *.version*
-push*
-langup
+favicon.*
 home.html

.htaccess

@@ -9,12 +9,13 @@ Deny from all
 <IfModule mod_rewrite.c>
   RewriteEngine on
 
-#  RewriteRule api.* - [E=REMOTE_USER:%{HTTP:Authorization},L]
-
-  # Protect repo directory from browsing
+  # Protect repository directory from browsing
   RewriteRule "(^|/)\.git" - [F]
 
   # Rewrite current-style URLs of the form 'index.php?q=x'.
+  # Also place auth information into REMOTE_USER for sites running
+  # in CGI mode.
+
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteRule ^(.*)$ index.php?q=$1 [E=REMOTE_USER:%{HTTP:Authorization},L,QSA]

INSTALL.txt

@@ -113,3 +113,95 @@ $a->config['system']['addon'] = 'js_upload,poormancron';
 
 and save your changes.
 
+
+
+#####################################################################
+
+		If things don't work...
+
+#####################################################################
+
+
+#####################################################################
+- If you get the message 
+	"System is currently unavailable. Please try again later"
+#####################################################################
+	
+	Check your database settings. It usually means your database could not 
+be opened or accessed. If the database resides on the same machine, check that
+the database server name is "localhost". 
+
+#####################################################################
+- 500 Internal Error
+#####################################################################
+
+	This could be the result of one of our Apache directives not being 
+supported by your version of Apache. Examine your apache server logs.
+	You might remove the line "Options -Indexes" from the .htaccess file if 
+you are using a Windows server as this has been known to cause problems.
+Also check your file permissions. Your website and all contents must generally 
+be world-readable.
+
+	It is likely that your web server reported the source of the problem in
+its error log files. Please review these system error logs to determine what 
+caused the problem. Often this will need to be resolved with your hosting
+provider or (if self-hosted) your web server configuration. 
+
+#####################################################################
+- 400 and 4xx "File not found" errors
+#####################################################################
+
+	First check your file permissions. Your website and all contents must 
+generally be world-readable.
+
+	Ensure that mod-rewite is installed and working, and that your
+.htaccess file is being used. To verify the latter, create a file test.out
+containing the word "test" in the top directory of Friendika, make it world 
+readable and point your web browser to
+
+http://yoursitenamehere.com/test.out
+
+	This file should be blocked. You should get a permission denied message.
+
+	If you see the word "test" your Apache configuration is not allowing
+your .htaccess file to be used (there are rules in this file to block access
+to any file with .out at the end, as these are typically used for system logs).
+
+	Make certain the .htaccess file exists and is readable by everybody, then 
+look for the existence of "AllowOverride None" in the Apache server 
+configuration for your site. This will need to be changed to 
+"AllowOverride All".  
+
+	If you do not see the word "test", your .htaccess is working, but it is 
+likely that mod-rewrite is not installed in your web server or is not working.
+
+	On most flavour of Linux,
+
+% a2enmod rewrite
+% /etc/init.d/apache2 restart
+
+	Consult your hosting provider, experts on your particular Linux 
+distribution or (if Windows) the provider of your Apache server software if 
+you need to change either of these and can not figure out how. There is 
+a lot of help available on the web. Google "mod-rewrite" along with the 
+name of your operating system distribution or Apache package (if using 
+Windows).
+
+  
+#####################################################################
+- If you are unable to write the file .htconfig.php during installation 
+due to permissions issues:
+#####################################################################
+
+	create an empty file with that name and give it world-write permission.
+For Linux:
+
+% touch .htconfig.php
+% chmod 777 .htconfig.php
+
+Retry the installation. As soon as the database has been created, 
+
+******* this is important *********
+
+% chmod 755 .htconfig.php
+

addon/facebook/facebook.php

@@ -43,6 +43,25 @@
 
 define('FACEBOOK_MAXPOSTLEN', 420);
 
+
+function facebook_install() {
+	register_hook('post_local_end',   'addon/facebook/facebook.php', 'facebook_post_hook');
+	register_hook('jot_networks',     'addon/facebook/facebook.php', 'facebook_jot_nets');
+	register_hook('plugin_settings',  'addon/facebook/facebook.php', 'facebook_plugin_settings');
+	register_hook('cron',             'addon/facebook/facebook.php', 'facebook_cron');
+	register_hook('queue_predeliver', 'addon/facebook/facebook.php', 'fb_queue_hook');
+}
+
+
+function facebook_uninstall() {
+	unregister_hook('post_local_end',   'addon/facebook/facebook.php', 'facebook_post_hook');
+	unregister_hook('jot_networks',     'addon/facebook/facebook.php', 'facebook_jot_nets');
+	unregister_hook('plugin_settings',  'addon/facebook/facebook.php', 'facebook_plugin_settings');
+	unregister_hook('cron',             'addon/facebook/facebook.php', 'facebook_cron');
+	unregister_hook('queue_predeliver', 'addon/facebook/facebook.php', 'fb_queue_hook');
+}
+
+
 /* declare the facebook_module function so that /facebook url requests will land here */
 
 function facebook_module() {}
@@ -339,22 +358,6 @@ function facebook_content(&$a) {
 	return $o;
 }
 
-function facebook_install() {
-	register_hook('post_local_end',   'addon/facebook/facebook.php', 'facebook_post_hook');
-	register_hook('jot_networks',     'addon/facebook/facebook.php', 'facebook_jot_nets');
-	register_hook('plugin_settings',  'addon/facebook/facebook.php', 'facebook_plugin_settings');
-	register_hook('cron',             'addon/facebook/facebook.php', 'facebook_cron');
-	register_hook('queue_predeliver', 'addon/facebook/facebook.php', 'fb_queue_hook');
-}
-
-
-function facebook_uninstall() {
-	unregister_hook('post_local_end',   'addon/facebook/facebook.php', 'facebook_post_hook');
-	unregister_hook('jot_networks',     'addon/facebook/facebook.php', 'facebook_jot_nets');
-	unregister_hook('plugin_settings',  'addon/facebook/facebook.php', 'facebook_plugin_settings');
-	unregister_hook('cron',             'addon/facebook/facebook.php', 'facebook_cron');
-	unregister_hook('queue_predeliver', 'addon/facebook/facebook.php', 'fb_queue_hook');
-}
 
 
 function facebook_cron($a,$b) {
@@ -373,9 +376,12 @@ function facebook_cron($a,$b) {
 
 	logger('facebook_cron');
 
-	set_config('facebook','last_poll', time());
 
-	$r = q("SELECT * FROM `pconfig` WHERE `cat` = 'facebook' AND `k` = 'post' AND `v` = '1' ");
+	// Find the FB users on this site and randomize in case one of them
+	// uses an obscene amount of memory. It may kill this queue run
+	// but hopefully we'll get a few others through on each run. 
+
+	$r = q("SELECT * FROM `pconfig` WHERE `cat` = 'facebook' AND `k` = 'post' AND `v` = '1' ORDER BY RAND() ");
 	if(count($r)) {
 		foreach($r as $rr) {
 			// check for new friends once a day
@@ -389,6 +395,9 @@ function facebook_cron($a,$b) {
 			fb_consume_all($rr['uid']);
 		}
 	}	
+
+	set_config('facebook','last_poll', time());
+
 }
 
 
@@ -431,6 +440,10 @@ function facebook_post_hook(&$a,&$b) {
 
 	if((local_user()) && (local_user() == $b['uid'])) {
 
+		// Facebook is not considered a private network
+		if($b['prvnets'] && $b['private'])
+			return;
+
 		if($b['parent']) {
 			$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
 				intval($b['parent']),
@@ -817,7 +830,7 @@ function fb_consume_stream($uid,$j,$wall = false) {
 				$datarray['owner-avatar'] = $self[0]['thumb'];
 			}
 			if(isset($entry->application) && isset($entry->application->name) && strlen($entry->application->name))
-				$datarray['app'] = $entry->application->name;
+				$datarray['app'] = strip_tags($entry->application->name);
 			else
 				$datarray['app'] = 'facebook';
 			$datarray['author-name'] = $from->name;

addon/oembed/oembed.php

@@ -25,9 +25,9 @@ function oembed_uninstall() {
 function oembed_settings_post($a,$b){
     if(! local_user())
 		return;
-	if (isset($_POST['oembed-submit'])){
-		set_pconfig(local_user(), 'oembed', 'use_for_youtube', (isset($_POST['oembed_use_for_youtube'])? intval($_POST['oembed_use_for_youtube']):0));
-		notice( t('OEmbed settings updated') . EOL);
+	if (x($_POST,'oembed-submit')){
+		set_pconfig(local_user(), 'oembed', 'use_for_youtube', (x($_POST,'oembed_use_for_youtube')? intval($_POST['oembed_use_for_youtube']):0));
+		info( t('OEmbed settings updated') . EOL);
 	}
 }
 
@@ -36,21 +36,13 @@ function oembed_settings(&$a,&$o) {
 		return;
 	$uofy = intval(get_pconfig(local_user(), 'oembed', 'use_for_youtube' ));
 
-	$o.='
-	<div class="settings-block">
-	<h3 class="settings-heading">OEmbed</h3>
-	<div id="settings-username-wrapper">
-		<label for="oembed_use_for_youtube">'
-			.t('Use OEmbed for YouTube videos: ') 
-		.'</label><input type="checkbox" id="oembed_use_for_youtube" name="oembed_use_for_youtube" value="1"'
-		. ($uofy==1?'checked="true"':'')
-		.' />
-	</div>
-	<div id="settings-username-end"></div>
-	<div class="settings-submit-wrapper">
-		<input type="submit" value="'.t('Submit').'" class="settings-submit" name="oembed-submit" />
-	</div>
-	</div>';
+	$t = file_get_contents( dirname(__file__). "/settings.tpl" );
+	$o .= replace_macros($t, array(
+		'$submit' => t('Submit'),
+		'$title' => "OEmbed",
+		'$useoembed' => array('oembed_use_for_youtube', t('Use OEmbed for YouTube videos'), $uofy, ""),
+	));
+	
 }
 
 

addon/oembed/settings.tpl

@@ -0,0 +1,7 @@
+<div class="settings-block">
+	<h3 class="settings-heading">$title</h3>
+	{{ inc field_checkbox.tpl with $field=$useoembed }}{{ endinc }}
+	<div class="settings-submit-wrapper">
+		<input type="submit" value="$submit" class="settings-submit" name="oembed-submit" />
+	</div>
+</div>

addon/piwik/admin.tpl

@@ -0,0 +1,4 @@
+{{ inc field_input.tpl with $field=$baseurl }}{{ endinc }}
+{{ inc field_input.tpl with $field=$siteid }}{{ endinc }}
+{{ inc field_checkbox.tpl with $field=$optout }}{{ endinc }}
+<div class="submit"><input type="submit" name="page_site" value="$submit" /></div>

addon/piwik/piwik.php

@@ -18,10 +18,10 @@
  *     Add the following two lines to your .htconfig.php file:
  *
  *     $a->config['piwik']['baseurl'] = 'www.example.com/piwik/';
- *     $a->config['piwik']['sideid'] = '1';
+ *     $a->config['piwik']['siteid'] = '1';
  *     $a->config['piwik']['optout'] = true;  // set to false to disable
  *
- *     Change the sideid to the ID that the Piwik tracker for your Friendika
+ *     Change the siteid to the ID that the Piwik tracker for your Friendika
  *     installation has. Alter the baseurl to fit your needs, don't care
  *     about http/https but beware to put the trailing / at the end of your
  *     setting.
@@ -54,13 +54,13 @@ function piwik_analytics($a,&$b) {
 	 *   Get the configuration variables from the .htconfig file.
 	 */
 	$baseurl = get_config('piwik','baseurl');
-	$sideod  = get_config('piwik','sideid');
+	$siteid  = get_config('piwik','siteid');
 	$optout  = get_config('piwik','optout');
 
 	/*
-	 *   Add the Piwik code for the side.
+	 *   Add the Piwik code for the site.
 	 */
-	$b .= "<div id='piwik-code-block'> <!-- Piwik -->\r\n <script type=\"text/javascript\">\r\n var pkBaseURL = ((\"https:\" == document.location.protocol) ? \"https://".$baseurl."\" : \"http://".$baseurl."\");\r\n document.write(unescape(\"%3Cscript src='\" + pkBaseURL + \"piwik.js' type='text/javascript'%3E%3C/script%3E\"));\r\n </script>\r\n<script type=\"text/javascript\">\r\n try {\r\n var piwikTracker = Piwik.getTracker(pkBaseURL + \"piwik.php\", 8);\r\n piwikTracker.trackPageView();\r\n piwikTracker.enableLinkTracking();\r\n }\r\n catch( err ) {}\r\n </script>\r\n<noscript><p><img src=\"http://".$baseurl."/piwik.php?idsite=8\" style=\"border:0\" alt=\"\" /></p></noscript>\r\n <!-- End Piwik Tracking Tag --> </div>";
+	$b .= "<div id='piwik-code-block'> <!-- Piwik -->\r\n <script type=\"text/javascript\">\r\n var pkBaseURL = ((\"https:\" == document.location.protocol) ? \"https://".$baseurl."\" : \"http://".$baseurl."\");\r\n document.write(unescape(\"%3Cscript src='\" + pkBaseURL + \"piwik.js' type='text/javascript'%3E%3C/script%3E\"));\r\n </script>\r\n<script type=\"text/javascript\">\r\n try {\r\n var piwikTracker = Piwik.getTracker(pkBaseURL + \"piwik.php\", ".$siteid.");\r\n piwikTracker.trackPageView();\r\n piwikTracker.enableLinkTracking();\r\n }\r\n catch( err ) {}\r\n </script>\r\n<noscript><p><img src=\"http://".$baseurl."/piwik.php?idsite=".$siteid."\" style=\"border:0\" alt=\"\" /></p></noscript>\r\n <!-- End Piwik Tracking Tag --> </div>";
 	/*
 	 *   If the optout variable is set to true then display the notice
 	 *   otherwise just include the above code into the page.
@@ -70,4 +70,21 @@ function piwik_analytics($a,&$b) {
 	}
 
 }
-
+function piwik_plugin_admin (&$a, &$o) {
+    $t = file_get_contents( dirname(__file__)."/admin.tpl");
+    $o = replace_macros( $t, array(
+            '$submit' => t('Submit'),
+            '$baseurl' => array('baseurl', t('Piwik Base URL'), get_config('piwik','baseurl' ), ''),
+            '$siteid' => array('siteid', t('Site ID'), get_config('piwik','siteid' ), ''),
+            '$optout' => array('optout', t('Show opt-out cookie link?'), get_config('piwik','optout' ), ''),
+        ));
+}
+function piwik_plugin_admin_post (&$a) {
+    $url = ((x($_POST, 'baseurl')) ? notags(trim($_POST['baseurl'])) : '');
+    $id = ((x($_POST, 'siteid')) ? trim($_POST['siteid']) : '');
+    $optout = ((x($_POST, 'optout')) ? trim($_POST['optout']) : '');
+    set_config('piwik', 'baseurl', $url);
+    set_config('piwik', 'siteid', $id);
+    set_config('piwik', 'optout', $optout);
+    info( t('Settings updated.'). EOL);
+}

addon/statusnet/statusnet.php

@@ -89,6 +89,9 @@ function statusnet_jot_nets(&$a,&$b) {
 function statusnet_settings_post ($a,$post) {
 	if(! local_user())
 	    return;
+	// don't check statusnet settings if statusnet submit button is not clicked
+	if (!x($_POST,'statusnet-submit')) return;
+	
 	if (isset($_POST['statusnet-disconnect'])) {
             /***
              * if the statusnet-disconnect checkbox is set, clear the statusnet configuration
@@ -152,28 +155,28 @@ function statusnet_settings_post ($a,$post) {
                 goaway($a->get_baseurl().'/settings/addon');
             } else {
     	        if (isset($_POST['statusnet-pin'])) {
-	            //  if the user supplied us with a PIN from Twitter, let the magic of OAuth happen
-	            logger('got a StatusNet security code');
+					//  if the user supplied us with a PIN from Twitter, let the magic of OAuth happen
+					logger('got a StatusNet security code');
                     $api     = get_pconfig(local_user(), 'statusnet', 'baseapi');
-        	    $ckey    = get_pconfig(local_user(), 'statusnet', 'consumerkey'  );
-        	    $csecret = get_pconfig(local_user(), 'statusnet', 'consumersecret' );
-        	    //  the token and secret for which the PIN was generated were hidden in the settings
-        	    //  form as token and token2, we need a new connection to Twitter using these token
-        	    //  and secret to request a Access Token with the PIN
-        	    $connection = new StatusNetOAuth($api, $ckey, $csecret, $_POST['statusnet-token'], $_POST['statusnet-token2']);
-        	    $token   = $connection->getAccessToken( $_POST['statusnet-pin'] );
-        	    //  ok, now that we have the Access Token, save them in the user config
-         	    set_pconfig(local_user(),'statusnet', 'oauthtoken',  $token['oauth_token']);
-        	    set_pconfig(local_user(),'statusnet', 'oauthsecret', $token['oauth_token_secret']);
+					$ckey    = get_pconfig(local_user(), 'statusnet', 'consumerkey'  );
+					$csecret = get_pconfig(local_user(), 'statusnet', 'consumersecret' );
+					//  the token and secret for which the PIN was generated were hidden in the settings
+					//  form as token and token2, we need a new connection to Twitter using these token
+					//  and secret to request a Access Token with the PIN
+					$connection = new StatusNetOAuth($api, $ckey, $csecret, $_POST['statusnet-token'], $_POST['statusnet-token2']);
+					$token   = $connection->getAccessToken( $_POST['statusnet-pin'] );
+					//  ok, now that we have the Access Token, save them in the user config
+					set_pconfig(local_user(),'statusnet', 'oauthtoken',  $token['oauth_token']);
+					set_pconfig(local_user(),'statusnet', 'oauthsecret', $token['oauth_token_secret']);
                     set_pconfig(local_user(),'statusnet', 'post', 1);
                     //  reload the Addon Settings page, if we don't do it see Bug #42
                     goaway($a->get_baseurl().'/settings/addon');
-        	} else {
-        	    //  if no PIN is supplied in the POST variables, the user has changed the setting
-        	    //  to post a tweet for every new __public__ posting to the wall
-        	    set_pconfig(local_user(),'statusnet','post',intval($_POST['statusnet-enable']));
-        	    set_pconfig(local_user(),'statusnet','post_by_default',intval($_POST['statusnet-default']));
-        		info( t('StatusNet settings updated.') . EOL);
+				} else {
+					//  if no PIN is supplied in the POST variables, the user has changed the setting
+					//  to post a tweet for every new __public__ posting to the wall
+					set_pconfig(local_user(),'statusnet','post',intval($_POST['statusnet-enable']));
+					set_pconfig(local_user(),'statusnet','post_by_default',intval($_POST['statusnet-default']));
+					info( t('StatusNet settings updated.') . EOL);
         	}}}}
 }
 function statusnet_settings(&$a,&$s) {
@@ -217,7 +220,7 @@ function statusnet_settings(&$a,&$s) {
                     $s .= '<input type="radio" name="statusnet-preconf-apiurl" value="'. $asn['apiurl'] .'">'. $asn['sitename'] .'<br />';
                 }
                 $s .= '<p></p><div class="clear"></div></div>';
-                $s .= '<div class="settings-submit-wrapper" ><input type="submit" name="submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
+                $s .= '<div class="settings-submit-wrapper" ><input type="submit" name="statusnet-submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
             }
             $s .= '<h4>' . t('Provide your own OAuth Credentials') . '</h4>';
             $s .= '<p>'. t('No consumer key pair for StatusNet found. Register your Friendika Account as an desktop client on your StatusNet account, copy the consumer key pair here and enter the API base root.<br />Before you register your own OAuth key pair ask the administrator if there is already a key pair for this Friendika installation at your favorited StatusNet installation.') .'</p>';
@@ -231,7 +234,7 @@ function statusnet_settings(&$a,&$s) {
             $s .= '<label id="statusnet-baseapi-label" for="statusnet-baseapi">'. t("Base API Path \x28remember the trailing /\x29") .'</label>';
             $s .= '<input id="statusnet-baseapi" type="text" name="statusnet-baseapi" size="35" /><br />';
             $s .= '<p></p><div class="clear"></div></div>';
-            $s .= '<div class="settings-submit-wrapper" ><input type="submit" name="submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
+            $s .= '<div class="settings-submit-wrapper" ><input type="submit" name="statusnet-submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
 	} else {
 		/***
 		 * ok we have a consumer key pair now look into the OAuth stuff
@@ -256,15 +259,15 @@ function statusnet_settings(&$a,&$s) {
 			$s .= '<input id="statusnet-pin" type="text" name="statusnet-pin" />';
 			$s .= '<input id="statusnet-token" type="hidden" name="statusnet-token" value="'.$token.'" />';
 			$s .= '<input id="statusnet-token2" type="hidden" name="statusnet-token2" value="'.$request_token['oauth_token_secret'].'" />';
-                        $s .= '</div><div class="clear"></div>';
-                        $s .= '<div class="settings-submit-wrapper" ><input type="submit" name="submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
-                        $s .= '<h4>'.t('Cancel Connection Process').'</h4>';
-                        $s .= '<div id="statusnet-cancel-wrapper">';
-                        $s .= '<p>'.t('Current StatusNet API is').': '.$api.'</p>';
-                        $s .= '<label id="statusnet-cancel-label" for="statusnet-cancel">'. t('Cancel StatusNet Connection') . '</label>';
-                        $s .= '<input id="statusnet-cancel" type="checkbox" name="statusnet-disconnect" value="1" />';
-                        $s .= '</div><div class="clear"></div>';
-                        $s .= '<div class="settings-submit-wrapper" ><input type="submit" name="submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
+			$s .= '</div><div class="clear"></div>';
+			$s .= '<div class="settings-submit-wrapper" ><input type="submit" name="submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
+			$s .= '<h4>'.t('Cancel Connection Process').'</h4>';
+			$s .= '<div id="statusnet-cancel-wrapper">';
+			$s .= '<p>'.t('Current StatusNet API is').': '.$api.'</p>';
+			$s .= '<label id="statusnet-cancel-label" for="statusnet-cancel">'. t('Cancel StatusNet Connection') . '</label>';
+			$s .= '<input id="statusnet-cancel" type="checkbox" name="statusnet-disconnect" value="1" />';
+			$s .= '</div><div class="clear"></div>';
+			$s .= '<div class="settings-submit-wrapper" ><input type="submit" name="statusnet-submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
 		} else {
 			/***
 			 *  we have an OAuth key / secret pair for the user
@@ -286,7 +289,7 @@ function statusnet_settings(&$a,&$s) {
                         $s .= '<label id="statusnet-disconnect-label" for="statusnet-disconnect">'. t('Clear OAuth configuration') .'</label>';
                         $s .= '<input id="statusnet-disconnect" type="checkbox" name="statusnet-disconnect" value="1" />';
 			$s .= '</div><div class="clear"></div>';
-			$s .= '<div class="settings-submit-wrapper" ><input type="submit" name="submit" class="settings-submit" value="' . t('Submit') . '" /></div>'; 
+			$s .= '<div class="settings-submit-wrapper" ><input type="submit" name="statusnet-submit" class="settings-submit" value="' . t('Submit') . '" /></div>'; 
 		}
 	}
         $s .= '</div><div class="clear"></div></div>';
@@ -303,10 +306,14 @@ function statusnet_post_hook(&$a,&$b) {
 
 	if((local_user()) && (local_user() == $b['uid']) && (! $b['private']) && (!$b['parent']) ) {
 
-                load_pconfig(local_user(), 'statusnet');
+		// Status.Net is not considered a private network
+		if($b['prvnets'])
+			return;
+
+		load_pconfig(local_user(), 'statusnet');
             
-                $api     = get_pconfig(local_user(), 'statusnet', 'baseapi');
-                $ckey    = get_pconfig(local_user(), 'statusnet', 'consumerkey'  );
+		$api     = get_pconfig(local_user(), 'statusnet', 'baseapi');
+		$ckey    = get_pconfig(local_user(), 'statusnet', 'consumerkey'  );
 		$csecret = get_pconfig(local_user(), 'statusnet', 'consumersecret' );
 		$otoken  = get_pconfig(local_user(), 'statusnet', 'oauthtoken'  );
 		$osecret = get_pconfig(local_user(), 'statusnet', 'oauthsecret' );

addon/twitter/twitter.php

@@ -76,6 +76,9 @@ function twitter_jot_nets(&$a,&$b) {
 function twitter_settings_post ($a,$post) {
 	if(! local_user())
 		return;
+	// don't check twitter settings if twitter submit button is not clicked	
+	if (!x($_POST,'twitter-submit')) return;
+	
 	if (isset($_POST['twitter-disconnect'])) {
 		/***
 		 * if the twitter-disconnect checkbox is set, clear the OAuth key/secret pair
@@ -159,7 +162,7 @@ function twitter_settings(&$a,&$s) {
 			$s .= '<input id="twitter-token" type="hidden" name="twitter-token" value="'.$token.'" />';
 			$s .= '<input id="twitter-token2" type="hidden" name="twitter-token2" value="'.$request_token['oauth_token_secret'].'" />';
             $s .= '</div><div class="clear"></div>';
-            $s .= '<div class="settings-submit-wrapper" ><input type="submit" name="submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
+            $s .= '<div class="settings-submit-wrapper" ><input type="submit" name="twitter-submit" class="settings-submit" value="' . t('Submit') . '" /></div>';
 		} else {
 			/***
 			 *  we have an OAuth key / secret pair for the user
@@ -178,7 +181,7 @@ function twitter_settings(&$a,&$s) {
                         $s .= '<label id="twitter-disconnect-label" for="twitter-disconnect">'. t('Clear OAuth configuration') .'</label>';
                         $s .= '<input id="twitter-disconnect" type="checkbox" name="twitter-disconnect" value="1" />';
 			$s .= '</div><div class="clear"></div>';
-			$s .= '<div class="settings-submit-wrapper" ><input type="submit" name="submit" class="settings-submit" value="' . t('Submit') . '" /></div>'; 
+			$s .= '<div class="settings-submit-wrapper" ><input type="submit" name="twitter-submit" class="settings-submit" value="' . t('Submit') . '" /></div>'; 
 		}
 	}
         $s .= '</div><div class="clear"></div></div>';
@@ -195,6 +198,11 @@ function twitter_post_hook(&$a,&$b) {
 
 	if((local_user()) && (local_user() == $b['uid']) && (! $b['private']) && (! $b['parent']) ) {
 
+		// Twitter is not considered a private network
+		if($b['prvnets'])
+			return;
+
+
 		load_pconfig(local_user(), 'twitter');
 
 		$ckey    = get_config('twitter', 'consumerkey'  );

addon/widgets/settings.tpl

@@ -0,0 +1,19 @@
+<div class="settings-block">
+	<h3 class="settings-heading">$title</h3>
+	<div class='field noedit'>
+		<label>$label</label>
+		<tt>$key</tt>
+	</div>
+	
+	<div class="settings-submit-wrapper">
+		<input type="submit" value="$submit" class="settings-submit" name="widgets-submit" />
+	</div>
+	
+	<h4>$widgets_h</h4>
+	<ul>
+		{{ for $widgets as $w }}
+			<li><a href="$baseurl/widgets/$w.0/?k=$key&p=1">$w.1</a></li>
+		{{ endfor }}
+	</ul>
+	
+</div>

addon/widgets/widgets.php

@@ -33,34 +33,32 @@ function widgets_settings(&$a,&$o) {
 	
 	$key = get_pconfig(local_user(), 'widgets', 'key' );
 	if ($key=='') { $key = mt_rand(); set_pconfig(local_user(), 'widgets', 'key', $key); }
-	
-	$o .='<h3 class="settings-heading">Widgets</h3>';
-	
-	
-	$o.='
-	<div id="settings-username-wrapper">
-		'. t('Widgets key: ') .'<strong>'.$key.'</strong>
-	</div>
-	<div id="settings-username-end"></div>
-	<div class="settings-submit-wrapper">
-		<input type="submit" value="'.t('Generate new key').'" class="settings-submit" name="widgets-submit">
-	</div>';
-	
-	
-	$o.='<h4>Widgets:</h4>';
-	$o .= '<ul>';
+
+	$widgets = array();
 	$d = dir(dirname(__file__));
 	while(false !== ($f = $d->read())) {
 		 if(substr($f,0,7)=="widget_") {
 			 preg_match("|widget_([^.]+).php|", $f, $m);
 			 $w=$m[1];
 			 require_once($f);
-			 $o.='<li><a href="'.$a->get_baseurl().'/widgets/'.$w.'/?k='.$key.'&p=1">'. call_user_func($w."_widget_name") .'</a></li>';
+			 $widgets[] = array($w, call_user_func($w."_widget_name"));
+
 		 }
 	}
 
-	$o .= '</ul>';
-
+	
+	
+	$t = file_get_contents( dirname(__file__). "/settings.tpl" );
+	$o .= replace_macros($t, array(
+		'$submit' => t('Generate new key'),
+		'$baseurl' => $a->get_baseurl(),
+		'$title' => "Widgets",
+		'$label' => t('Widgets key'),
+		'$key' => $key,
+		'$widgets_h' => t('Widgets available'),
+		'$widgets' => $widgets,
+	));
+	
 }
 
 function widgets_module() {

boot.php

@@ -4,9 +4,9 @@ set_time_limit(0);
 ini_set('pcre.backtrack_limit', 250000);
 
 
-define ( 'FRIENDIKA_VERSION',      '2.2.1019' );
+define ( 'FRIENDIKA_VERSION',      '2.2.1030' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.21'    );
-define ( 'DB_UPDATE_VERSION',      1066      );
+define ( 'DB_UPDATE_VERSION',      1073      );
 
 define ( 'EOL',                    "<br />\r\n"     );
 define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );
@@ -56,9 +56,9 @@ define ( 'REGISTER_OPEN',          2 );
  * this relationship with contact['name']
  */
 
-define ( 'REL_VIP',        1);
-define ( 'REL_FAN',        2);
-define ( 'REL_BUD',        3);
+define ( 'REL_VIP',        1);     // other person is 'following' us
+define ( 'REL_FAN',        2);     // we are 'following' other person
+define ( 'REL_BUD',        3);     // mutual relationship
 
 /**
  * Hook array order
@@ -296,6 +296,8 @@ class App {
 			$this->module = str_replace(".", "_", $this->argv[0]);
 		}
 		else {
+			$this->argc = 1;
+			$this->argv = array('home');
 			$this->module = 'home';
 		}
 
@@ -498,9 +500,6 @@ function install_plugin($plugin){
 if(! function_exists('check_config')) {
 function check_config(&$a) {
 
-
-	load_config('system');
-
 	$build = get_config('system','build');
 	if(! x($build))
 		$build = set_config('system','build',DB_UPDATE_VERSION);
@@ -674,7 +673,7 @@ function fetch_url($url,$binary = false, &$redirects = 0) {
 
 	curl_setopt($ch, CURLOPT_HEADER, true);
 	curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
-
+	curl_setopt($ch, CURLOPT_USERAGENT, "Friendika");
 
 	$curl_time = intval(get_config('system','curl_timeout'));
 	curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60));
@@ -703,13 +702,21 @@ function fetch_url($url,$binary = false, &$redirects = 0) {
 
 	$s = @curl_exec($ch);
 
-	$http_code = intval(curl_getinfo($ch, CURLINFO_HTTP_CODE));
-	$header = substr($s,0,strpos($s,"\r\n\r\n"));
-	if(stristr($header,'100') && (strlen($header) < 30)) {
-		// 100 Continue has two headers, get the real one
-		$s = substr($s,strlen($header)+4);
-		$header = substr($s,0,strpos($s,"\r\n\r\n"));
+	$base = $s;
+	$curl_info = curl_getinfo($ch);
+	$http_code = $curl_info['http_code'];
+
+	$header = '';
+
+	// Pull out multiple headers, e.g. proxy and continuation headers
+	// allow for HTTP/2.x without fixing code
+
+	while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) {
+		$chunk = substr($base,0,strpos($base,"\r\n\r\n")+4);
+		$header .= $chunk;
+		$base = substr($base,strlen($chunk));
 	}
+
 	if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) {
         $matches = array();
         preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
@@ -720,16 +727,10 @@ function fetch_url($url,$binary = false, &$redirects = 0) {
             return fetch_url($url,$binary,$redirects);
         }
     }
+
 	$a->set_curl_code($http_code);
 
-	$body = substr($s,strlen($header)+4);
-
-	/* one more try to make sure there are no more headers */
-
-	if(strpos($body,'HTTP/') === 0) {
-		$header = substr($body,0,strpos($body,"\r\n\r\n"));
-		$body = substr($body,strlen($header)+4);
-	}
+	$body = substr($s,strlen($header));
 
 	$a->set_curl_headers($header);
 
@@ -750,6 +751,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0) {
 	curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
 	curl_setopt($ch, CURLOPT_POST,1);
 	curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
+	curl_setopt($ch, CURLOPT_USERAGENT, "Friendika");
 
 	$curl_time = intval(get_config('system','curl_timeout'));
 	curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60));
@@ -775,13 +777,21 @@ function post_url($url,$params, $headers = null, &$redirects = 0) {
 
 	$s = @curl_exec($ch);
 
-	$http_code = intval(curl_getinfo($ch, CURLINFO_HTTP_CODE));
-	$header = substr($s,0,strpos($s,"\r\n\r\n"));
-	if(stristr($header,'100') && (strlen($header) < 30)) {
-		// 100 Continue has two headers, get the real one
-		$s = substr($s,strlen($header)+4);
-		$header = substr($s,0,strpos($s,"\r\n\r\n"));
+	$base = $s;
+	$curl_info = curl_getinfo($ch);
+	$http_code = $curl_info['http_code'];
+
+	$header = '';
+
+	// Pull out multiple headers, e.g. proxy and continuation headers
+	// allow for HTTP/2.x without fixing code
+
+	while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) {
+		$chunk = substr($base,0,strpos($base,"\r\n\r\n")+4);
+		$header .= $chunk;
+		$base = substr($base,strlen($chunk));
 	}
+
 	if($http_code == 301 || $http_code == 302 || $http_code == 303) {
         $matches = array();
         preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
@@ -793,14 +803,7 @@ function post_url($url,$params, $headers = null, &$redirects = 0) {
         }
     }
 	$a->set_curl_code($http_code);
-	$body = substr($s,strlen($header)+4);
-
-	/* one more try to make sure there are no more headers */
-
-	if(strpos($body,'HTTP/') === 0) {
-		$header = substr($body,0,strpos($body,"\r\n\r\n"));
-		$body = substr($body,strlen($header)+4);
-	}
+	$body = substr($s,strlen($header));
 
 	$a->set_curl_headers($header);
 
@@ -1218,7 +1221,11 @@ function load_config($family) {
 	if(count($r)) {
 		foreach($r as $rr) {
 			$k = $rr['k'];
-			$a->config[$family][$k] = $rr['v'];
+			if ($rr['cat'] === 'config') {
+				$a->config[$k] = $rr['v'];
+			} else {
+				$a->config[$family][$k] = $rr['v'];
+			}
 		}
 	}
 }}
@@ -1685,8 +1692,10 @@ function fetch_lrdd_template($host) {
 	$url1 = 'https://' . $host . '/.well-known/host-meta' ;
 	$url2 = 'http://' . $host . '/.well-known/host-meta' ;
 	$links = fetch_xrd_links($url1);
+	logger('fetch_lrdd_template from: ' . $url1);
 	logger('template (https): ' . print_r($links,true));
 	if(! count($links)) {
+		logger('fetch_lrdd_template from: ' . $url2);
 		$links = fetch_xrd_links($url2);
 		logger('template (http): ' . print_r($links,true));
 	}
@@ -2015,7 +2024,7 @@ function get_tags($s) {
 
 	$s = preg_replace('/\[code\](.*?)\[\/code\]/sm','',$s);
 
-	if(preg_match_all('/([@#][^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
+	if(preg_match_all('/([@#][^ \x0D\x0A,:?]+ [^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
 		foreach($match[1] as $mtch) {
 			if(strstr($mtch,"]")) {
 				// we might be inside a bbcode color tag - leave it alone
@@ -2028,6 +2037,18 @@ function get_tags($s) {
 		}
 	}
 
+	if(preg_match_all('/([@#][^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
+		foreach($match[1] as $mtch) {
+			if(strstr($mtch,"]")) {
+				// we might be inside a bbcode color tag - leave it alone
+				continue;
+			}
+			if(substr($mtch,-1,1) === '.')
+				$ret[] = substr($mtch,0,-1);
+			else
+				$ret[] = $mtch;
+		}
+	}
 	return $ret;
 }}
 
@@ -2415,7 +2436,7 @@ function profile_sidebar($profile) {
 	));
 
 
-	$arr = array('profile' => $profile, 'entry' => $o);
+	$arr = array('profile' => &$profile, 'entry' => &$o);
 
 	call_hooks('profile_sidebar', $arr);
 
@@ -2891,3 +2912,15 @@ function get_plugin_info($plugin){
 	}
 	return $info;
 }}
+
+if(! function_exists('return_bytes')) {
+function return_bytes ($size_str) {
+    switch (substr ($size_str, -1))
+    {
+        case 'M': case 'm': return (int)$size_str * 1048576;
+        case 'K': case 'k': return (int)$size_str * 1024;
+        case 'G': case 'g': return (int)$size_str * 1073741824;
+        default: return $size_str;
+    }
+}}
+

database.sql

@@ -169,9 +169,10 @@ CREATE TABLE IF NOT EXISTS `item` (
   `parent-uri` char(255) NOT NULL,
   `extid` char(255) NOT NULL,
   `thr-parent` char(255) NOT NULL,
-  `created` datetime NOT NULL,
-  `edited` datetime NOT NULL,
-  `changed` datetime NOT NULL,
+  `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  `edited` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  `received` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  `changed` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
   `owner-name` char(255) NOT NULL,
   `owner-link` char(255) NOT NULL,
   `owner-avatar` char(255) NOT NULL,
@@ -201,6 +202,7 @@ CREATE TABLE IF NOT EXISTS `item` (
   `private` tinyint(1) NOT NULL DEFAULT '0',
   `pubmail` tinyint(1) NOT NULL DEFAULT '0',
   `visible` tinyint(1) NOT NULL DEFAULT '0',
+  `starred` tinyint(1) NOT NULL DEFAULT '0',
   `unseen` tinyint(1) NOT NULL DEFAULT '1',
   `deleted` tinyint(1) NOT NULL DEFAULT '0',
   `last-child` tinyint(1) unsigned NOT NULL DEFAULT '1',
@@ -215,7 +217,9 @@ CREATE TABLE IF NOT EXISTS `item` (
   KEY `extid` (`extid`),
   KEY `created` (`created`),
   KEY `edited` (`edited`),
+  KEY `received` (`received`),
   KEY `visible` (`visible`),
+  KEY `starred` (`starred`),
   KEY `deleted` (`deleted`),
   KEY `last-child` (`last-child`),
   KEY `unseen` (`unseen`),
@@ -241,7 +245,7 @@ CREATE TABLE IF NOT EXISTS `mail` (
   `from-url` char(255) NOT NULL,
   `contact-id` char(255) NOT NULL,
   `title` char(255) NOT NULL,
-  `body` text NOT NULL,
+  `body` mediumtext NOT NULL,
   `seen` tinyint(1) NOT NULL,
   `replied` tinyint(1) NOT NULL,
   `uri` char(255) NOT NULL,
@@ -276,7 +280,12 @@ CREATE TABLE IF NOT EXISTS `photo` (
   `allow_gid` mediumtext NOT NULL,
   `deny_cid` mediumtext NOT NULL,
   `deny_gid` mediumtext NOT NULL,
-  PRIMARY KEY (`id`)
+  PRIMARY KEY (`id`),
+  KEY `uid` (`uid`),
+  KEY `resource-id` (`resource-id`),
+  KEY `album` (`album`),
+  KEY `scale` (`scale`),
+  KEY `profile` (`profile`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8;
 
 -- --------------------------------------------------------
@@ -507,7 +516,8 @@ CREATE TABLE IF NOT EXISTS `fcontact` (
 `id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ,
 `url` CHAR( 255 ) NOT NULL ,
 `name` CHAR( 255 ) NOT NULL ,
-`photo` CHAR( 255 ) NOT NULL
+`photo` CHAR( 255 ) NOT NULL ,
+`request` CHAR( 255 ) NOT NULL
 ) ENGINE = MYISAM DEFAULT CHARSET=utf8;
 
 CREATE TABLE IF NOT EXISTS `ffinder` (
@@ -518,6 +528,19 @@ CREATE TABLE IF NOT EXISTS `ffinder` (
 ) ENGINE = MYISAM DEFAULT CHARSET=utf8;
 
 
+CREATE TABLE IF NOT EXISTS `fsuggest` (
+`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`uid` INT NOT NULL ,
+`cid` INT NOT NULL ,
+`name` CHAR( 255 ) NOT NULL ,
+`url` CHAR( 255 ) NOT NULL ,
+`request` CHAR( 255 ) NOT NULL,
+`photo` CHAR( 255 ) NOT NULL ,
+`note` TEXT NOT NULL ,
+`created` DATETIME NOT NULL
+) ENGINE = MYISAM DEFAULT CHARSET=utf8;
+ 
+
 CREATE TABLE IF NOT EXISTS `mailacct` (
 `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
 `uid` INT NOT NULL,

include/Photo.php

@@ -230,21 +230,21 @@ function import_profile_photo($photo,$uid,$cid) {
 					
 		$hash = photo_new_resource();
 
-		$r = $img->store($uid, $cid, $hash, $filename, t('Contact Photos'), 4 );
+		$r = $img->store($uid, $cid, $hash, $filename, 'Contact Photos', 4 );
 
 		if($r === false)
 			$photo_failure = true;
 
 		$img->scaleImage(80);
 
-		$r = $img->store($uid, $cid, $hash, $filename, t('Contact Photos'), 5 );
+		$r = $img->store($uid, $cid, $hash, $filename, 'Contact Photos', 5 );
 
 		if($r === false)
 			$photo_failure = true;
 
 		$img->scaleImage(48);
 
-		$r = $img->store($uid, $cid, $hash, $filename, t('Contact Photos'), 6 );
+		$r = $img->store($uid, $cid, $hash, $filename, 'Contact Photos', 6 );
 
 		if($r === false)
 			$photo_failure = true;

include/Scrape.php

@@ -423,7 +423,7 @@ function probe_url($url) {
 				$poll = $tapi . '?user_id=' . $tid;
 			else
 				$poll = $tapi . '?screen_name=' . $tid;
-			$profile = 'http://twitter.com/!#/' . $tid;
+			$profile = 'http://twitter.com/#!/' . $tid;
 		}
 
 		if(! x($vcard,'fn'))
@@ -442,7 +442,7 @@ function probe_url($url) {
 
 			if(x($feedret,'photo'))
 				$vcard['photo'] = $feedret['photo'];
-			require_once('simplepie/simplepie.inc');
+			require_once('library/simplepie/simplepie.inc');
 		    $feed = new SimplePie();
 			$xml = fetch_url($poll);
 

include/acl_selectors.php

@@ -41,6 +41,115 @@ function group_select($selname,$selclass,$preselected = false,$size = 4) {
 }
 
 
+function contact_selector($selname, $selclass, $preselected = false, $options) {
+
+	$a = get_app();
+
+	$mutual = false;
+	$networks = null;
+	$single = false;
+	$exclude = false;
+	$size = 4;
+
+	if(is_array($options)) {
+		if(x($options,'size'))
+			$size = $options['size'];
+
+		if(x($options,'mutual_friends'))
+			$mutual = true;
+		if(x($options,'single'))
+			$single = true;
+		if(x($options,'multiple'))
+			$single = false;
+		if(x($options,'exclude'))
+			$exclude = $options['exclude'];
+
+		if(x($options,'networks')) {
+			switch($options['networks']) {
+				case 'DFRN_ONLY':
+					$networks = array('dfrn');
+					break;
+				case 'PRIVATE':
+					if(is_array($a->user) && $a->user['prvnets'])
+						$networks = array('dfrn','mail','dspr');
+					else
+						$networks = array('dfrn','face','mail', 'dspr');
+					break;
+				case 'TWO_WAY':
+					if(is_array($a->user) && $a->user['prvnets'])
+						$networks = array('dfrn','mail','dspr');
+					else
+						$networks = array('dfrn','face','mail','dspr','stat');
+					break;					
+				default:
+					break;
+			}
+		}
+	}
+		
+	$x = array('options' => $options, 'size' => $size, 'single' => $single, 'mutual' => $mutual, 'exclude' => $exclude, 'networks' => $networks);
+
+	call_hooks('contact_select_options', $x);
+
+	$o = '';
+
+	$sql_extra = '';
+
+	if($x['mutual']) {
+		$sql_extra .= sprintf(" AND `rel` = %d ", intval(REL_BUD));
+	}
+
+	if(intval($x['exclude']))
+		$sql_extra .= sprintf(" AND `id` != %d ", intval($x['exclude']));
+
+	if(is_array($x['networks']) && count($x['networks'])) {
+		for($y = 0; $y < count($x['networks']) ; $y ++)
+			$x['networks'][$y] = "'" . dbesc($x['networks'][$y]) . "'";
+		$str_nets = implode(',',$x['networks']);
+		$sql_extra .= " AND `network` IN ( $str_nets ) ";
+	}
+
+	if($x['single'])
+		$o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"" . $x['size'] . "\" >\r\n";
+	else 
+		$o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"" . $x['size'] . "$\" >\r\n";
+
+	$r = q("SELECT `id`, `name`, `url`, `network` FROM `contact` 
+		WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 AND `notify` != ''
+		$sql_extra
+		ORDER BY `name` ASC ",
+		intval(local_user())
+	);
+
+
+	$arr = array('contact' => $r, 'entry' => $o);
+
+	// e.g. 'network_pre_contact_deny', 'profile_pre_contact_allow'
+
+	call_hooks($a->module . '_pre_' . $selname, $arr);
+
+	if(count($r)) {
+		foreach($r as $rr) {
+			if((is_array($preselected)) && in_array($rr['id'], $preselected))
+				$selected = " selected=\"selected\" ";
+			else
+				$selected = '';
+
+			$trimmed = mb_substr($rr['name'],0,20);
+
+			$o .= "<option value=\"{$rr['id']}\" $selected title=\"{$rr['name']}|{$rr['url']}\" >$trimmed</option>\r\n";
+		}
+	
+	}
+
+	$o .= "</select>\r\n";
+
+	call_hooks($a->module . '_post_' . $selname, $o);
+
+	return $o;
+}
+
+
 
 function contact_select($selname, $selclass, $preselected = false, $size = 4, $privmail = false, $celeb = false, $privatenet = false) {
 
@@ -64,6 +173,8 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p
 		$sql_extra .= " AND `network` IN ( 'dfrn', 'mail', 'face' ) ";
 	}
 
+
+
 	if($privmail)
 		$o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"$size\" >\r\n";
 	else 
@@ -104,6 +215,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p
 	return $o;
 }
 
+
 function fixacl(&$item) {
 	$item = intval(str_replace(array('<','>'),array('',''),$item));
 }

include/conversation.php

@@ -177,6 +177,7 @@ function conversation(&$a, $items, $mode, $update) {
 
 				$drop = replace_macros($droptpl,array('$id' => $item['id']));
 				$lock = '<div class="wall-item-lock"></div>';
+				$star = '';
 
 				$body = prepare_body($item,true);
 				
@@ -197,6 +198,7 @@ function conversation(&$a, $items, $mode, $update) {
 					'$owner_url' => $owner_url,
 					'$owner_photo' => $owner_photo,
 					'$owner_name' => $owner_name,
+					'$star' => $star,
 					'$drop' => $drop,
 					'$conv' => '<a href="' . $a->get_baseurl() . '/display/' . $nickname . '/' . $item['id'] . '">' . t('View in context') . '</a>'
 				));
@@ -381,8 +383,8 @@ function conversation(&$a, $items, $mode, $update) {
 			}
 
 			$edpost = (((($profile_owner == local_user()) && ($toplevelpost) && (intval($item['wall']) == 1)) || ($mode === 'notes'))
-					? '<a class="editpost" href="' . $a->get_baseurl() . '/editpost/' . $item['id'] 
-						. '" title="' . t('Edit') . '"><img src="images/pencil.gif" /></a>'
+					? '<a class="editpost icon pencil" href="' . $a->get_baseurl() . '/editpost/' . $item['id'] 
+						. '" title="' . t('Edit') . '"></a>'
 					: '');
 
 
@@ -394,6 +396,8 @@ function conversation(&$a, $items, $mode, $update) {
 
             $drop = replace_macros((($dropping)? $droptpl : $fakedrop), array('$id' => $item['id'], '$select' => t('Select'), '$delete' => t('Delete')));
 
+			$star = (($profile_owner == local_user() && $toplevelpost) ? '<a href="#" id="starred-' . $item['id'] . '" onclick="dostar(' . $item['id'] . '); return false;" class="star-item icon ' . (($item['starred']) ? 'starred' : 'unstarred') . '" title="' . t('toggle star status')  . '"></a>' : '');
+
 
 			$photo = $item['photo'];
 			$thumb = $item['thumb'];
@@ -473,6 +477,7 @@ function conversation(&$a, $items, $mode, $update) {
 				'$owner_name' => $owner_name,
 				'$plink' => get_plink($item),
 				'$edpost' => $edpost,
+				'$star' => $star,
 				'$drop' => $drop,
 				'$vote' => $likebuttons,
 				'$like' => $like,

include/country.js

@@ -17,7 +17,7 @@ var gArCountryInfo;
 var gArStateInfo;
 // NOTE:
 // Some editors may exhibit problems viewing 2803 characters...
-var sCountryString = "|Afghanistan|Albania|Algeria|American Samoa|Angola|Anguilla|Antartica|Antigua and Barbuda|Argentina|Armenia|Aruba|Ashmore and Cartier Island|Australia|Austria|Azerbaijan|Bahamas|Bahrain|Bangladesh|Barbados|Belarus|Belgium|Belize|Benin|Bermuda|Bhutan|Bolivia|Bosnia and Herzegovina|Botswana|Brazil|British Virgin Islands|Brunei|Bulgaria|Burkina Faso|Burma|Burundi|Cambodia|Cameroon|Canada|Cape Verde|Cayman Islands|Central African Republic|Chad|Chile|China|Christmas Island|Clipperton Island|Cocos (Keeling) Islands|Colombia|Comoros|Congo, Democratic Republic of the|Congo, Republic of the|Cook Islands|Costa Rica|Cote d'Ivoire|Croatia|Cuba|Cyprus|Czeck Republic|Denmark|Djibouti|Dominica|Dominican Republic|Ecuador|Egypt|El Salvador|Equatorial Guinea|Eritrea|Estonia|Ethiopia|Europa Island|Falkland Islands (Islas Malvinas)|Faroe Islands|Fiji|Finland|France|French Guiana|French Polynesia|French Southern and Antarctic Lands|Gabon|Gambia, The|Gaza Strip|Georgia|Germany|Ghana|Gibraltar|Glorioso Islands|Greece|Greenland|Grenada|Guadeloupe|Guam|Guatemala|Guernsey|Guinea|Guinea-Bissau|Guyana|Haiti|Heard Island and McDonald Islands|Holy See (Vatican City)|Honduras|Hong Kong|Howland Island|Hungary|Iceland|India|Indonesia|Iran|Iraq|Ireland|Ireland, Northern|Israel|Italy|Jamaica|Jan Mayen|Japan|Jarvis Island|Jersey|Johnston Atoll|Jordan|Juan de Nova Island|Kazakhstan|Kenya|Kiribati|Korea, North|Korea, South|Kuwait|Kyrgyzstan|Laos|Latvia|Lebanon|Lesotho|Liberia|Libya|Liechtenstein|Lithuania|Luxembourg|Macau|Macedonia, Former Yugoslav Republic of|Madagascar|Malawi|Malaysia|Maldives|Mali|Malta|Man, Isle of|Marshall Islands|Martinique|Mauritania|Mauritius|Mayotte|Mexico|Micronesia, Federated States of|Midway Islands|Moldova|Monaco|Mongolia|Montserrat|Morocco|Mozambique|Namibia|Nauru|Nepal|Netherlands|Netherlands Antilles|New Caledonia|New Zealand|Nicaragua|Niger|Nigeria|Niue|Norfolk Island|Northern Mariana Islands|Norway|Oman|Pakistan|Palau|Panama|Papua New Guinea|Paraguay|Peru|Philippines|Pitcaim Islands|Poland|Portugal|Puerto Rico|Qatar|Reunion|Romainia|Russia|Rwanda|Saint Helena|Saint Kitts and Nevis|Saint Lucia|Saint Pierre and Miquelon|Saint Vincent and the Grenadines|Samoa|San Marino|Sao Tome and Principe|Saudi Arabia|Scotland|Senegal|Seychelles|Sierra Leone|Singapore|Slovakia|Slovenia|Solomon Islands|Somalia|South Africa|South Georgia and South Sandwich Islands|Spain|Spratly Islands|Sri Lanka|Sudan|Suriname|Svalbard|Swaziland|Sweden|Switzerland|Syria|Taiwan|Tajikistan|Tanzania|Thailand|Tobago|Toga|Tokelau|Tonga|Trinidad|Tunisia|Turkey|Turkmenistan|Tuvalu|Uganda|Ukraine|United Arab Emirates|United Kingdom|Uruguay|USA|Uzbekistan|Vanuatu|Venezuela|Vietnam|Virgin Islands|Wales|Wallis and Futuna|West Bank|Western Sahara|Yemen|Yugoslavia|Zambia|Zimbabwe";
+var sCountryString = "|Afghanistan|Albania|Algeria|American Samoa|Angola|Anguilla|Antartica|Antigua and Barbuda|Argentina|Armenia|Aruba|Ashmore and Cartier Island|Australia|Austria|Azerbaijan|Bahamas|Bahrain|Bangladesh|Barbados|Belarus|Belgium|Belize|Benin|Bermuda|Bhutan|Bolivia|Bosnia and Herzegovina|Botswana|Brazil|British Virgin Islands|Brunei|Bulgaria|Burkina Faso|Burma|Burundi|Cambodia|Cameroon|Canada|Cape Verde|Cayman Islands|Central African Republic|Chad|Chile|China|Christmas Island|Clipperton Island|Cocos (Keeling) Islands|Colombia|Comoros|Congo, Democratic Republic of the|Congo, Republic of the|Cook Islands|Costa Rica|Cote d'Ivoire|Croatia|Cuba|Cyprus|Czech Republic|Denmark|Djibouti|Dominica|Dominican Republic|Ecuador|Egypt|El Salvador|Equatorial Guinea|Eritrea|Estonia|Ethiopia|Europa Island|Falkland Islands (Islas Malvinas)|Faroe Islands|Fiji|Finland|France|French Guiana|French Polynesia|French Southern and Antarctic Lands|Gabon|Gambia, The|Gaza Strip|Georgia|Germany|Ghana|Gibraltar|Glorioso Islands|Greece|Greenland|Grenada|Guadeloupe|Guam|Guatemala|Guernsey|Guinea|Guinea-Bissau|Guyana|Haiti|Heard Island and McDonald Islands|Holy See (Vatican City)|Honduras|Hong Kong|Howland Island|Hungary|Iceland|India|Indonesia|Iran|Iraq|Ireland|Ireland, Northern|Israel|Italy|Jamaica|Jan Mayen|Japan|Jarvis Island|Jersey|Johnston Atoll|Jordan|Juan de Nova Island|Kazakhstan|Kenya|Kiribati|Korea, North|Korea, South|Kuwait|Kyrgyzstan|Laos|Latvia|Lebanon|Lesotho|Liberia|Libya|Liechtenstein|Lithuania|Luxembourg|Macau|Macedonia, Former Yugoslav Republic of|Madagascar|Malawi|Malaysia|Maldives|Mali|Malta|Man, Isle of|Marshall Islands|Martinique|Mauritania|Mauritius|Mayotte|Mexico|Micronesia, Federated States of|Midway Islands|Moldova|Monaco|Mongolia|Montserrat|Morocco|Mozambique|Namibia|Nauru|Nepal|Netherlands|Netherlands Antilles|New Caledonia|New Zealand|Nicaragua|Niger|Nigeria|Niue|Norfolk Island|Northern Mariana Islands|Norway|Oman|Pakistan|Palau|Panama|Papua New Guinea|Paraguay|Peru|Philippines|Pitcaim Islands|Poland|Portugal|Puerto Rico|Qatar|Reunion|Romainia|Russia|Rwanda|Saint Helena|Saint Kitts and Nevis|Saint Lucia|Saint Pierre and Miquelon|Saint Vincent and the Grenadines|Samoa|San Marino|Sao Tome and Principe|Saudi Arabia|Scotland|Senegal|Seychelles|Sierra Leone|Singapore|Slovakia|Slovenia|Solomon Islands|Somalia|South Africa|South Georgia and South Sandwich Islands|Spain|Spratly Islands|Sri Lanka|Sudan|Suriname|Svalbard|Swaziland|Sweden|Switzerland|Syria|Taiwan|Tajikistan|Tanzania|Thailand|Tobago|Toga|Tokelau|Tonga|Trinidad|Tunisia|Turkey|Turkmenistan|Tuvalu|Uganda|Ukraine|United Arab Emirates|United Kingdom|Uruguay|USA|Uzbekistan|Vanuatu|Venezuela|Vietnam|Virgin Islands|Wales|Wallis and Futuna|West Bank|Western Sahara|Yemen|Yugoslavia|Zambia|Zimbabwe";
 var aStates = new Array();
 
 aStates[0]="";

include/datetime.php

@@ -65,9 +65,9 @@ if(! function_exists('datetime_convert')) {
 function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d H:i:s") {
 
 	// Slight hackish adjustment so that 'zero' datetime actually returns what is intended
-        // otherwise we end up with -0001-11-30 ...
+	// otherwise we end up with -0001-11-30 ...
 	// add 32 days so that we at least get year 00, and then hack around the fact that 
-        // months and days always start with 1. 
+	// months and days always start with 1. 
 
 	if(substr($s,0,10) == '0000-00-00') {
 		$d = new DateTime($s . ' + 32 days', new DateTimeZone('UTC'));
@@ -176,6 +176,11 @@ function relative_date($posted_date) {
 	$localtime = datetime_convert('UTC',date_default_timezone_get(),$posted_date); 
 
 	$abs = strtotime($localtime);
+    
+    if (is_null($posted_date) || $posted_date === '0000-00-00 00:00:00' || $abs === False) {
+		 return t('never');
+	}
+
 	$etime = time() - $abs;
     
 	if ($etime < 1) {
@@ -183,12 +188,12 @@ function relative_date($posted_date) {
 	}
     
 	$a = array( 12 * 30 * 24 * 60 * 60  =>  array( t('year'),   t('years')),
-		    30 * 24 * 60 * 60       =>  array( t('month'),  t('months')),
-		    7  * 24 * 60 * 60       =>  array( t('week'),   t('weeks')),
-		    24 * 60 * 60            =>  array( t('day'),    t('days')),
-		    60 * 60                 =>  array( t('hour'),   t('hours')),
-		    60                      =>  array( t('minute'), t('minutes')),
-		    1                       =>  array( t('second'), t('seconds'))
+				30 * 24 * 60 * 60       =>  array( t('month'),  t('months')),
+				7  * 24 * 60 * 60       =>  array( t('week'),   t('weeks')),
+				24 * 60 * 60            =>  array( t('day'),    t('days')),
+				60 * 60                 =>  array( t('hour'),   t('hours')),
+				60                      =>  array( t('minute'), t('minutes')),
+				1                       =>  array( t('second'), t('seconds'))
 	);
     
 	foreach ($a as $secs => $str) {

include/directory.php

@@ -2,18 +2,22 @@
 require_once("boot.php");
 
 function directory_run($argv, $argc){
-  global $a, $db;
+	global $a, $db;
 
-  if(is_null($a)){
-    $a = new App;
-  }
+	if(is_null($a)) {
+		$a = new App;
+	}
   
-  if(is_null($db)){
-    @include(".htconfig.php");
-    require_once("dba.php");
-    $db = new dba($db_host, $db_user, $db_pass, $db_data);
-    unset($db_host, $db_user, $db_pass, $db_data);
-  };
+	if(is_null($db)) {
+		@include(".htconfig.php");
+		require_once("dba.php");
+		$db = new dba($db_host, $db_user, $db_pass, $db_data);
+				unset($db_host, $db_user, $db_pass, $db_data);
+	};
+
+	load_config('config');
+	load_config('system');
+
 
 	if($argc != 2)
 		return;

include/event.php

@@ -8,7 +8,7 @@ function format_event_html($ev) {
 	if(! ((is_array($ev)) && count($ev)))
 		return '';
 
-	$bd_format = t('l F d, Y \@ g A') ; // Friday January 18, 2011 @ 8 AM
+	$bd_format = t('l F d, Y \@ g:i A') ; // Friday January 18, 2011 @ 8 AM
 
 	$o = '<div class="vevent">' . "\r\n";
 
@@ -212,7 +212,29 @@ function event_store($arr) {
 		$contact = $c[0];
 
 
+	// Existing event being modified
+
 	if($arr['id']) {
+
+		// has the event actually changed?
+
+		$r = q("SELECT * FROM `event` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+			intval($arr['id']),
+			intval($arr['uid'])
+		);
+		if((! count($r)) || ($r[0]['edited'] === $arr['edited'])) {
+
+			// Nothing has changed. Grab the item id to return.
+
+			$r = q("SELECT * FROM `item` WHERE `event-id` = %d AND `uid` = %d LIMIT 1",
+				intval($arr['id']),
+				intval($arr['uid'])
+			);
+			return((count($r)) ? $r[0]['id'] : 0);
+		}
+
+		// The event changed. Update it.
+
 		$r = q("UPDATE `event` SET
 			`edited` = '%s',
 			`start` = '%s',
@@ -260,7 +282,7 @@ function event_store($arr) {
 				dbesc($arr['allow_gid']),
 				dbesc($arr['deny_cid']),
 				dbesc($arr['deny_gid']),
-				dbesc(datetime_convert()),
+				dbesc($arr['edited']),
 				intval($r[0]['id']),
 				intval($arr['uid'])
 			);
@@ -272,6 +294,8 @@ function event_store($arr) {
 	}
 	else {
 
+		// New event. Store it. 
+
 		$r = q("INSERT INTO `event` ( `uid`,`cid`,`uri`,`created`,`edited`,`start`,`finish`,`desc`,`location`,`type`,
 			`adjust`,`nofinish`,`allow_cid`,`allow_gid`,`deny_cid`,`deny_gid`)
 			VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' ) ",

include/expire.php

@@ -16,12 +16,16 @@ function expire_run($argv, $argc){
     	unset($db_host, $db_user, $db_pass, $db_data);
   	};
 
-	require_once('session.php');
-	require_once('datetime.php');
-	require_once('simplepie/simplepie.inc');
+	require_once('include/session.php');
+	require_once('include/datetime.php');
+	require_once('library/simplepie/simplepie.inc');
 	require_once('include/items.php');
 	require_once('include/Contact.php');
 
+	load_config('config');
+	load_config('system');
+
+
 	$a->set_baseurl(get_config('system','url'));
 
 

include/group.php

@@ -136,7 +136,7 @@ function group_public_members($gid) {
 
 
 
-function group_side($every="contacts",$each="group",$edit = false) {
+function group_side($every="contacts",$each="group",$edit = false, $group_id = 0) {
 
 	$o = '';
 
@@ -145,19 +145,15 @@ function group_side($every="contacts",$each="group",$edit = false) {
 
 	$createtext = t('Create a new group');
 	$linktext= t('Everybody');
-
+	$selected = (($group_id == 0) ? ' class="group-selected" ' : '');
 $o .= <<< EOT
 
 <div id="group-sidebar">
 <h3>Groups</h3>
 
-<div id="sidebar-new-group">
-<a href="group/new">$createtext</a>
-</div>
-
 <div id="sidebar-group-list">
 	<ul id="sidebar-group-ul">
-	<li class="sidebar-group-li" ><a href="$every" >$linktext</a></li>
+	<li class="sidebar-group-li" ><a href="$every" $selected >$linktext</a></li>
 
 EOT;
 
@@ -165,10 +161,21 @@ EOT;
 		intval($_SESSION['uid'])
 	);
 	if(count($r)) {
-		foreach($r as $rr)
-			$o .= '	<li class="sidebar-group-li">' . (($edit) ? "<a href=\"group/{$rr['id']}\" title=\"" . t('Edit') . "\" ><img src=\"images/spencil.gif\" alt=\"" . t('Edit') . "\"></a> " : "") . "<a href=\"$each/{$rr['id']}\">{$rr['name']}</a></li>\r\n";
+		foreach($r as $rr) {
+			$selected = (($group_id == $rr['id']) ? ' class="group-selected" ' : '');
+			$o .= '	<li class="sidebar-group-li">' . (($edit) ? "<a href=\"group/{$rr['id']}\" title=\"" . t('Edit') . "\" ><img src=\"images/spencil.gif\" alt=\"" . t('Edit') . "\"></a> " : "") . "<a href=\"$each/{$rr['id']}\" $selected >{$rr['name']}</a></li>\r\n";
+		}
 	}
-	$o .= "	</ul>\r\n	</div>\r\n</div>";	
+	$o .= "	</ul>\r\n	</div>";
+
+	$o .= <<< EOT
+
+  <div id="sidebar-new-group">
+  <a href="group/new">$createtext</a>
+  </div>
+</div>
+	
+EOT;
 
 	return $o;
 }

include/hostxrd.php

@@ -2,6 +2,7 @@
 
 function hostxrd($baseurl) {
 
+	header('Access-Control-Allow-Origin: *');
 	header("Content-type: text/xml");
 	$tpl = file_get_contents('view/xrd_host.tpl');
 	echo str_replace('$domain',$baseurl,$tpl);

include/items.php

@@ -338,7 +338,7 @@ function get_atom_elements($feed,$item) {
 
 	$apps = $item->get_item_tags(NAMESPACE_STATUSNET,'notice_info');
 	if($apps && $apps[0]['attribs']['']['source']) {
-		$res['app'] = $apps[0]['attribs']['']['source'];
+		$res['app'] = strip_tags(unxmlify($apps[0]['attribs']['']['source']));
 		if($res['app'] === 'web')
 			$res['app'] = 'OStatus';
 	}		   
@@ -669,6 +669,7 @@ function item_store($arr,$force_parent = false) {
 	$arr['owner-avatar']  = ((x($arr,'owner-avatar'))  ? notags(trim($arr['owner-avatar']))  : '');
 	$arr['created']       = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert());
 	$arr['edited']        = ((x($arr,'edited')  !== false) ? datetime_convert('UTC','UTC',$arr['edited'])  : datetime_convert());
+	$arr['received']      = datetime_convert();
 	$arr['changed']       = datetime_convert();
 	$arr['title']         = ((x($arr,'title'))         ? notags(trim($arr['title']))         : '');
 	$arr['location']      = ((x($arr,'location'))      ? notags(trim($arr['location']))      : '');
@@ -994,7 +995,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
 
 function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_feed = false) {
 
-	require_once('simplepie/simplepie.inc');
+	require_once('library/simplepie/simplepie.inc');
 
 	$feed = new SimplePie();
 	$feed->set_raw_data($xml);
@@ -1071,13 +1072,13 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee
 			$img->scaleImageSquare(175);
 				
 			$hash = $resource_id;
-			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), t('Contact Photos') , 4);
+			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
 				
 			$img->scaleImage(80);
-			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), t('Contact Photos') , 5);
+			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
 
 			$img->scaleImage(48);
-			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), t('Contact Photos') , 6);
+			$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
 
 			$a = get_app();
 
@@ -1346,6 +1347,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee
 					if(x($ev,'desc') && x($ev,'start')) {
 						$ev['uid'] = $importer['uid'];
 						$ev['uri'] = $item_id;
+						$ev['edited'] = $datarray['edited'];
 
 						if(is_array($contact))
 							$ev['cid'] = $contact['id'];
@@ -1447,11 +1449,11 @@ function new_follower($importer,$contact,$datarray,$item) {
 	}
 	else {
 	
-		// create contact record - set to readonly
+		// create contact record
 
 		$r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `name`, `nick`, `photo`, `network`, `rel`, 
 			`blocked`, `readonly`, `pending`, `writable` )
-			VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, 0, 1, 1, 1 ) ",
+			VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 1, 1 ) ",
 			intval($importer['uid']),
 			dbesc(datetime_convert()),
 			dbesc($url),

include/main.js

@@ -47,11 +47,7 @@
 			if(mail == 0) { mail = '';  $('#mail-update').hide() } else { $('#mail-update').show() }
 			$('#mail-update').html(mail);
 			var intro = $(data).find('intro').text();
-			var register = $(data).find('register').text();
-			if(intro == 0) { intro = ''; }
-			if(register != 0 && intro != '') { intro = intro+'/'+register; }
-			if(register != 0 && intro == '') { intro = '0/'+register; }
-			if (intro == '') { $('#notify-update').hide() } else { $('#notify-update').show() }
+			if(intro == 0) { intro = ''; $('#notify-update').hide() } else { $('#notify-update').show() }
 			$('#notify-update').html(intro);
 		});
 		
@@ -178,6 +174,21 @@
 		liking = 1;
 	}
 
+	function dostar(ident) {
+		$('#like-rotator-' + ident.toString()).show();
+		$.get('starred/' + ident.toString(), function(data) {
+			if(data.match(/1/)) {
+				$('#starred-' + ident.toString()).addClass('starred');
+				$('#starred-' + ident.toString()).removeClass('unstarred');
+			}
+			else {			
+				$('#starred-' + ident.toString()).addClass('unstarred');
+				$('#starred-' + ident.toString()).removeClass('starred');
+			}
+			$('#like-rotator-' + ident.toString()).hide();	
+		});
+	}
+
 	function getPosition(e) {
 		var cursor = {x:0, y:0};
 		if ( e.pageX || e.pageY  ) {

include/notifier.php

@@ -20,6 +20,9 @@ function notifier_run($argv, $argc){
 	require_once('include/items.php');
 	require_once('include/bbcode.php');
 
+	load_config('config');
+	load_config('system');
+
 	load_hooks();
 
 	if($argc < 3)
@@ -71,6 +74,16 @@ function notifier_run($argv, $argc){
 		if(! count($items))
 			return;
 	}
+	elseif($cmd === 'suggest') {
+		$suggest = q("SELECT * FROM `fsuggest` WHERE `id` = %d LIMIT 1",
+			intval($item_id)
+		);
+		if(! count($suggest))
+			return;
+		$uid = $suggest[0]['uid'];
+		$recipients[] = $suggest[0]['cid'];
+		$item = $suggest[0];
+	}
 	else {
 
 		// find ancestors
@@ -106,7 +119,8 @@ function notifier_run($argv, $argc){
 			$top_level = true;
 	}
 
-	$r = q("SELECT `contact`.*, `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`, `user`.`page-flags` 
+	$r = q("SELECT `contact`.*, `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`, 
+		`user`.`page-flags`, `user`.`prvnets`
 		FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` 
 		WHERE `contact`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1",
 		intval($uid)
@@ -125,7 +139,7 @@ function notifier_run($argv, $argc){
 	// fill this in with a single salmon slap if applicable
 	$slap = '';
 
-	if($cmd != 'mail') {
+	if($cmd != 'mail' && $cmd != 'suggest') {
 
 		require_once('include/group.php');
 
@@ -224,6 +238,8 @@ function notifier_run($argv, $argc){
 	if($cmd === 'mail') {
 		$notify_hub = false;  // mail is  not public
 
+		$body = fix_private_photos($item['body'],$owner['uid']);
+
 		$atom .= replace_macros($mail_template, array(
 			'$name'         => xmlify($owner['name']),
 			'$profile_page' => xmlify($owner['url']),
@@ -231,10 +247,30 @@ function notifier_run($argv, $argc){
 			'$item_id'      => xmlify($item['uri']),
 			'$subject'      => xmlify($item['title']),
 			'$created'      => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , ATOM_TIME)),
-			'$content'      => xmlify($item['body']),
+			'$content'      => xmlify($body),
 			'$parent_id'    => xmlify($item['parent-uri'])
 		));
 	}
+	elseif($cmd === 'suggest') {
+		$notify_hub = false;  // suggestions are not public
+
+		$sugg_template = get_markup_template('atom_suggest.tpl');
+
+		$atom .= replace_macros($sugg_template, array(
+			'$name'         => xmlify($item['name']),
+			'$url'          => xmlify($item['url']),
+			'$photo'        => xmlify($item['photo']),
+			'$request'      => xmlify($item['request']),
+			'$note'         => xmlify($item['note'])
+		));
+
+		// We don't need this any more
+
+		q("DELETE FROM `fsuggest` WHERE `id` = %d LIMIT 1",
+			intval($item['id'])
+		);
+
+	}
 	else {
 		if($followup) {
 			foreach($items as $item) {  // there is only one item
@@ -329,7 +365,8 @@ function notifier_run($argv, $argc){
 					}
 					break;
 				case 'stat':
-
+					if($owner['prvnets'])
+						break;
 					if($followup && $contact['notify']) {
 						logger('notifier: slapdelivery: ' . $contact['name']);
 						$deliver_status = slapper($owner,$contact['notify'],$slap);
@@ -373,6 +410,7 @@ function notifier_run($argv, $argc){
 						}
 					}
 					break;
+
 				case 'mail':
 						
 					// WARNING: does not currently convert to RFC2047 header encodings, etc.
@@ -447,9 +485,9 @@ function notifier_run($argv, $argc){
 						mail($addr, $subject, $message, $headers);
 					}
 					break;
-				case 'dspr':
 				case 'feed':
 				case 'face':
+				case 'dspr':
 				default:
 					break;
 			}

include/poller.php

@@ -2,6 +2,7 @@
 
 require_once("boot.php");
 
+
 function poller_run($argv, $argc){
 	global $a, $db;
 
@@ -17,13 +18,16 @@ function poller_run($argv, $argc){
   	};
 
 
-	require_once('session.php');
-	require_once('datetime.php');
-	require_once('simplepie/simplepie.inc');
+	require_once('include/session.php');
+	require_once('include/datetime.php');
+	require_once('library/simplepie/simplepie.inc');
 	require_once('include/items.php');
 	require_once('include/Contact.php');
 	require_once('include/email.php');
 
+	load_config('config');
+	load_config('system');
+
 	$a->set_baseurl(get_config('system','url'));
 
 	load_hooks();
@@ -44,18 +48,26 @@ function poller_run($argv, $argc){
 		proc_run('php','include/expire.php');
 	}
 
-
 	// clear old cache
 	q("DELETE FROM `cache` WHERE `updated` < '%s'",
 		dbesc(datetime_convert('UTC','UTC',"now - 30 days")));
 
 	$manual_id  = 0;
+	$generation = 0;
 	$hub_update = false;
 	$force      = false;
+	$restart    = false;
 
 	if(($argc > 1) && ($argv[1] == 'force'))
 		$force = true;
 
+	if(($argc > 1) && ($argv[1] == 'restart')) {
+		$restart = true;
+		$generation = intval($argv[2]);
+		if(! $generation)
+			killme();		
+	}
+
 	if(($argc > 1) && intval($argv[1])) {
 		$manual_id = intval($argv[1]);
 		$force     = true;
@@ -67,7 +79,8 @@ function poller_run($argv, $argc){
 
 	$d = datetime_convert();
 
-	call_hooks('cron', $d);
+	if(! $restart)
+		call_hooks('cron', $d);
 
 
 	$contacts = q("SELECT `id` FROM `contact` 
@@ -151,6 +164,22 @@ function poller_run($argv, $argc){
 					continue;
 			}
 
+			// Check to see if we are running out of memory - if so spawn a new process and kill this one
+
+			$avail_memory = return_bytes(ini_get('memory_limit'));
+			$memused = memory_get_peak_usage(true);
+			if(intval($avail_memory)) {
+				if(($memused / $avail_memory) > 0.95) {
+					if($generation + 1 > 10) {
+						logger('poller: maximum number of spawns exceeded. Terminating.');
+						killme();
+					}
+					logger('poller: memory exceeded. ' . $memused . ' bytes used. Spawning new poll.');
+					proc_run('php', 'include/poller.php', 'restart', (string) $generation + 1);
+					killme();
+				}
+			}
+
 			$importer_uid = $contact['uid'];
 		
 			$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
@@ -281,13 +310,22 @@ function poller_run($argv, $argc){
 
 				// Upgrading DB fields from an older Friendika version
 				// Will only do this once per notify-enabled OStatus contact
+				// or if relationship changes
 
-				if(($contact['notify']) && (! $contact['writable'])) {
-					q("UPDATE `contact` SET `writable` = 1 WHERE `id` = %d LIMIT 1",
+				$stat_writeable = ((($contact['notify']) && ($contact['rel'] == REL_VIP || $contact['rel'] == REL_BUD)) ? 1 : 0);
+
+				if($stat_writeable != $contact['writable']) {
+					q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1",
+						intval($stat_writeable),
 						intval($contact['id'])
 					);
 				}
 
+				// Are we allowed to import from this person?
+
+				if($contact['rel'] == REL_VIP || $contact['blocked'] || $contact['readonly'])
+					continue;
+
 				$xml = fetch_url($contact['poll']);
 			}
 			elseif($contact['network'] === NETWORK_MAIL) {

include/queue.php

@@ -22,6 +22,9 @@ function queue_run($argv, $argc){
 	require_once('include/items.php');
 	require_once('include/bbcode.php');
 
+	load_config('config');
+	load_config('system');
+
 	$a->set_baseurl(get_config('system','url'));
 
 	load_hooks();

include/salmon.php

@@ -145,9 +145,9 @@ EOT;
 
 	// Setup RSA stuff to PKCS#1 sign the data
 
-	set_include_path(get_include_path() . PATH_SEPARATOR . 'phpsec');
+	set_include_path(get_include_path() . PATH_SEPARATOR . 'library' . PATH_SEPARATOR . 'phpsec');
 
-	require_once('phpsec/Crypt/RSA.php');
+	require_once('library/phpsec/Crypt/RSA.php');
 
     $rsa = new CRYPT_RSA();
     $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;

include/security.php

@@ -44,3 +44,74 @@ function can_write_wall(&$a,$owner) {
 
 	return false;
 }
+
+
+function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
+
+	$local_user = local_user();
+	$remote_user = remote_user();
+
+	/**
+	 * Construct permissions
+	 *
+	 * default permissions - anonymous user
+	 */
+
+	$sql = " AND allow_cid = '' 
+			 AND allow_gid = '' 
+			 AND deny_cid  = '' 
+			 AND deny_gid  = '' 
+	";
+
+	/**
+	 * Profile owner - everything is visible
+	 */
+
+	if(($local_user) && ($local_user == $owner_id)) {
+		$sql = ''; 
+	}
+
+	/**
+	 * Authenticated visitor. Unless pre-verified, 
+	 * check that the contact belongs to this $owner_id
+	 * and load the groups the visitor belongs to.
+	 * If pre-verified, the caller is expected to have already
+	 * done this and passed the groups into this function.
+	 */
+
+	elseif($remote_user) {
+
+		if(! $remote_verified) {
+			$r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1",
+				intval($remote_user),
+				intval($owner_id)
+			);
+			if(count($r)) {
+				$remote_verified = true;
+				$groups = init_groups_visitor($remote_user);
+			}
+		}
+		if($remote_verified) {
+		
+			$gs = '<<>>'; // should be impossible to match
+
+			if(is_array($groups) && count($groups)) {
+				foreach($groups as $g)
+					$gs .= '|<' . intval($g) . '>';
+			} 
+
+			$sql = sprintf(
+				" AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
+				  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
+				  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
+				  AND ( deny_gid  = '' OR NOT deny_gid REGEXP '%s') 
+				",
+				intval($remote_user),
+				intval($remote_user),
+				dbesc($gs),
+				dbesc($gs)
+			);
+		}
+	}
+	return $sql;
+}

index.php

@@ -44,18 +44,19 @@ $db = new dba($db_host, $db_user, $db_pass, $db_data, $install);
         unset($db_host, $db_user, $db_pass, $db_data);
 
 
-/**
- * Load configs from db. Overwrite configs from .htconfig.php
- */
-$r = q("SELECT * FROM `config` WHERE `cat` IN ('system', 'config')");
-foreach ($r as $c) {
-	if ($c['cat']=='config') {
-		$a->config[$c['k']] = $c['v'];
-	} else {
-		$a->config[$c['cat']][$c['k']] = $c['v'];
-	}
+if(! $install) {
+
+	/**
+	 * Load configs from db. Overwrite configs from .htconfig.php
+	 */
+
+	load_config('config');
+	load_config('system');
+
+	require_once("session.php");
+	load_hooks();
+	call_hooks('init_1');
 }
-unset($r);
 
 
 /**
@@ -70,14 +71,6 @@ unset($r);
  *
  */
 
-if(! $install) {
-	require_once("session.php");
-	load_hooks();
-	call_hooks('init_1');
-}
-
-
-
 require_once("datetime.php");
 
 $a->timezone = (($default_timezone) ? $default_timezone : 'UTC');