Merge branch 'dev' into oauth2

14 files changed, 135 insertions, 49 deletions

diff --git a/include/bbcode.php b/include/bbcode.php
index b33766757..67f40dd23 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -311,6 +311,19 @@ function bb_ShareAttributes($match) {
 	if ($matches[1] != "")
 		$posted = $matches[1];
 
+	$auth = "";
+	preg_match("/auth='(.*?)'/ism", $attributes, $matches);
+	if ($matches[1] != "") {
+		if($matches[1] === 'true')
+			$auth = true;
+		else
+			$auth = false;
+	}
+
+	if($auth === EMPTY_STR) {
+		$auth = is_matrix_url($profile);
+	}
+
 	// message_id is never used, do we still need it?
 	$message_id = "";
 	preg_match("/message_id='(.*?)'/ism", $attributes, $matches);
@@ -329,7 +342,7 @@ function bb_ShareAttributes($match) {
 	$headline = '<div class="shared_container"> <div class="shared_header">';
 
 	if ($avatar != "")
-		$headline .= '<a href="' . zid($profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>';
+		$headline .= '<a href="' . (($auth) ? zid($profile) : $profile) . '" ><img src="' . $avatar . '" alt="' . $author . '" height="32" width="32" /></a>';
 
 	if(strpos($link,'/cards/'))
 		$type = t('card');
@@ -341,8 +354,8 @@ function bb_ShareAttributes($match) {
 	// Bob Smith wrote the following post 2 hours ago
 
 	$fmt = sprintf( t('%1$s wrote the following %2$s %3$s'),
-		'<a href="' . zid($profile) . '" >' . $author . '</a>',
-		'<a href="' . zid($link) . '" >' . $type . '</a>',
+		'<a href="' . (($auth) ? zid($profile) : $profile) . '" >' . $author . '</a>',
+		'<a href="' . (($auth) ? zid($link) : $link) . '" >' . $type . '</a>',
 		$reldate
 	);
 
@@ -393,7 +406,7 @@ function bb_ShareAttributesSimple($match) {
 	if ($matches[1] != "")
 		$profile = $matches[1];
 
-	$text = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8') . ' <a href="' . $profile . '">' . $author . '</a>: div class="reshared-content">' . $match[2] . '</div>';
+	$text = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8') . ' <a href="' . $profile . '">' . $author . '</a>: <div class="reshared-content">' . $match[2] . '</div>';
 
 	return($text);
 }
diff --git a/include/channel.php b/include/channel.php
index a754d3504..c94f5c657 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -1234,7 +1234,7 @@ function profile_load($nickname, $profile = '') {
 	);
 	if($z) {
 		$p[0]['picdate'] = $z[0]['xchan_photo_date'];
-		$p[0]['reddress'] = str_replace('@','&#x40;',$z[0]['xchan_addr']);
+		$p[0]['reddress'] = str_replace('@','&#x40;',unpunify($z[0]['xchan_addr']));
 	}
 
 	// fetch user tags if this isn't the default profile
@@ -1255,7 +1255,7 @@ function profile_load($nickname, $profile = '') {
 
 	App::$profile = $p[0];
 	App::$profile_uid = $p[0]['profile_uid'];
-	App::$page['title'] = App::$profile['channel_name'] . " - " . channel_reddress(App::$profile);
+	App::$page['title'] = App::$profile['channel_name'] . " - " . unpunify(channel_reddress(App::$profile));
 
 	App::$profile['permission_to_view'] = $can_view_profile;
 
diff --git a/include/connections.php b/include/connections.php
index e9d7daa2d..c5d74d4ca 100644
--- a/include/connections.php
+++ b/include/connections.php
@@ -421,7 +421,10 @@ function random_profile() {
 
 	for($i = 0; $i < $retryrandom; $i++) {
 
-		$r = q("select xchan_url, xchan_hash from xchan left join hubloc on hubloc_hash = xchan_hash where xchan_hidden = 0 and xchan_system = 0 and hubloc_connected > %s - interval %s order by $randfunc limit 1",
+		$r = q("select xchan_url, xchan_hash from xchan left join hubloc on hubloc_hash = xchan_hash where
+			xchan_hidden = 0 and xchan_system = 0 and
+			xchan_network = 'zot' and xchan_deleted = 0 and
+			hubloc_connected > %s - interval %s order by $randfunc limit 1",
 			db_utcnow(),
 			db_quoteinterval('30 day')
 		);
diff --git a/include/conversation.php b/include/conversation.php
index 6374267eb..64beb1b0e 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -838,11 +838,11 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa
 
 					$item_object = new Zotlabs\Lib\ThreadItem($item);
 					$conv->add_thread($item_object);
-					if($page_mode === 'list') {
+					if(($page_mode === 'list') || ($page_mode === 'pager_list')) {
 						$item_object->set_template('conv_list.tpl');
 						$item_object->set_display_mode('list');
 					}
-					if($page_mode === 'cards') {
+					if($mode === 'cards' || $mode === 'articles') {
 						$item_object->set_reload($jsreload);
 					}
 
@@ -857,7 +857,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa
 		}
 	}
 
-	if($page_mode === 'traditional' || $page_mode === 'preview') {
+	if(in_array($page_mode, [ 'traditional', 'preview', 'pager_list'] )) {
 		$page_template = get_markup_template("threaded_conversation.tpl");
 	}
 	elseif($update) {
diff --git a/include/feedutils.php b/include/feedutils.php
index 369193fce..023caaad6 100644
--- a/include/feedutils.php
+++ b/include/feedutils.php
@@ -668,6 +668,14 @@ function get_atom_elements($feed, $item) {
 			}
 			$termterm = notags(trim(unxmlify($term)));
 
+			// Mastodon auto generates an nsfw category tag for any 'content-warning' message.
+			// Most people use CW and use both summary/content as a spoiler and we honour that 
+			// construct so the post will already be collapsed. The generated tag is almost 
+			// always wrong and even if it isn't we would already be doing the right thing.
+	
+			if($mastodon && $termterm === 'nsfw' && $summary && $res['body'])
+				continue;
+
 			if($termterm) {
 				$terms[] = array(
 					'otype' => TERM_OBJ_POST,
@@ -926,6 +934,7 @@ function feed_get_reshare(&$res,$item) {
 			"' profile='"    . $share['profile'] .
 			"' avatar='"     . $share['avatar']  .
 			"' link='"       . $share['alternate']    .
+			"' auth='"       . 'false' .
 			"' posted='"     . $share['created'] .
 			"' message_id='" . $share['message_id'] . "']";
 
diff --git a/include/items.php b/include/items.php
index 50f663836..d1625e944 100755
--- a/include/items.php
+++ b/include/items.php
@@ -969,6 +969,10 @@ function import_author_unknown($x) {
 	return false;
 }
 
+function empty_acl($item) {
+	return (($item['allow_cid'] === EMPTY_STR && $item['allow_gid'] === EMPTY_STR && $item['deny_cid'] === EMPTY_STR && $item['deny_gid'] === EMPTY_STR) ? true : false);
+}
+
 function encode_item($item,$mirror = false) {
 	$x = array();
 	$x['type'] = 'activity';
@@ -1973,23 +1977,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
 	 */
 	call_hooks('post_remote_end', $arr);
 
-	// update the commented timestamp on the parent - unless this is potentially a clone of an older item
-	// which we don't wish to bring to the surface. As the queue only holds deliveries for 3 days, it's
-	// suspected of being an older cloned item if the creation time is older than that.
-
-	if($arr['created'] > datetime_convert('','','now - 4 days')) {
-		$z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ",
-			dbesc($arr['parent_mid']),
-			intval($arr['uid'])
-		);
-
-		q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d",
-			dbesc(($z) ? $z[0]['commented'] : (datetime_convert())),
-			dbesc(datetime_convert()),
-			intval($parent_id)
-		);
-	}
-
+	item_update_parent_commented($arr);
 
 	// If _creating_ a deleted item, don't propagate it further or send out notifications.
 	// We need to store the item details just in case the delete came in before the original post,
@@ -2320,6 +2308,36 @@ function item_store_update($arr, $allow_exec = false, $deliver = true) {
 	return $ret;
 }
 
+function item_update_parent_commented($item) {
+
+
+	$update_parent = true;
+
+	// update the commented timestamp on the parent 
+	// - unless this is a moderated comment or a potential clone of an older item
+	// which we don't wish to bring to the surface. As the queue only holds deliveries 
+	// for 3 days, it's suspected of being an older cloned item if the creation time 
+	//is older than that.
+
+	if(intval($item['item_blocked']) === ITEM_MODERATED)
+		$update_parent = false;
+ 
+	if($item['created'] < datetime_convert('','','now - 4 days'))
+		$update_parent = false;
+
+	if($update_parent) {
+		$z = q("select max(created) as commented from item where parent_mid = '%s' and uid = %d and item_delayed = 0 ",
+			dbesc($item['parent_mid']),
+			intval($item['uid'])
+		);
+
+		q("UPDATE item set commented = '%s', changed = '%s' WHERE id = %d",
+			dbesc(($z) ? $z[0]['commented'] : datetime_convert()),
+			dbesc(datetime_convert()),
+			intval($item['parent'])
+		);
+	}
+}
 
 
 function send_status_notifications($post_id,$item) {
diff --git a/include/markdown.php b/include/markdown.php
index e4a35e3c3..431ba84a4 100644
--- a/include/markdown.php
+++ b/include/markdown.php
@@ -207,7 +207,7 @@ function bb_to_markdown($Text, $options = []) {
 	$Text = bbcode($Text, [ 'tryoembed' => false ]);
 
 	// Markdownify does not preserve previously escaped html entities such as <> and &.
-	$Text = str_replace(array('&lt;','&gt;','&amp;'),array('&_lt_;','&_gt_;','&_amp_;'),$Text);
+	//$Text = str_replace(array('&lt;','&gt;','&amp;'),array('&_lt_;','&_gt_;','&_amp_;'),$Text);
 
 	// Now convert HTML to Markdown
 
@@ -215,7 +215,7 @@ function bb_to_markdown($Text, $options = []) {
 
 	// It also adds backslashes to our attempt at getting around the html entity preservation for some weird reason.
 
-	$Text = str_replace(array('&\\_lt\\_;','&\\_gt\\_;','&\\_amp\\_;'),array('&lt;','&gt;','&amp;'),$Text);
+	//$Text = str_replace(array('&\\_lt\\_;','&\\_gt\\_;','&\\_amp\\_;'),array('&lt;','&gt;','&amp;'),$Text);
 
 	// If the text going into bbcode() has a plain URL in it, i.e.
 	// with no [url] tags around it, it will come out of parseString()
diff --git a/include/oembed.php b/include/oembed.php
index c2bf0a0ed..eee53b6c1 100755
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -32,6 +32,7 @@ function oembed_action($embedurl) {
 			$action = 'block';
 		}
 	}
+
 	if(strpos($embedurl,'.well-known') !== false)
 		$action = 'block';
 
diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php
index 6af753195..22d2b776d 100644
--- a/include/photo/photo_driver.php
+++ b/include/photo/photo_driver.php
@@ -273,7 +273,7 @@ abstract class photo_driver {
 		}
 
 		if($f) {
-			return @exif_read_data($f);
+			return @exif_read_data($f,null,true);
 		}
 
 		return false;
@@ -289,12 +289,12 @@ abstract class photo_driver {
 			return false;
 		}
 
-		$ort = $exif['IFD0']['Orientation'];
+		$ort = ((array_key_exists('IFD0',$exif)) ? $exif['IFD0']['Orientation'] : $exif['Orientation']);
 
 		if(! $ort) {
 			return false;
 		}
-
+		
 		switch($ort) {
 			case 1: // nothing
 				break;
diff --git a/include/photos.php b/include/photos.php
index b1391f284..321f7159c 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -333,10 +333,17 @@ function photo_upload($channel, $observer, $args) {
 
 	$lat = $lon = null;
 
-	if($exif && $exif['GPS']) {
-		if(feature_enabled($channel_id,'photo_location')) {
-			$lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
-			$lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
+	if($exif && feature_enabled($channel_id,'photo_location')) {
+		$gps = null;
+		if(array_key_exists('GPS',$exif)) {
+			$gps = $exif['GPS'];
+		}
+		elseif(array_key_exists('GPSLatitude',$exif)) {
+			$gps = $exif;
+		}
+		if($gps) {
+			$lat = getGps($gps['GPSLatitude'], $gps['GPSLatitudeRef']);
+			$lon = getGps($gps['GPSLongitude'], $gps['GPSLongitudeRef']);
 		}
 	}
 
diff --git a/include/taxonomy.php b/include/taxonomy.php
index 393b8718e..4a3818096 100644
--- a/include/taxonomy.php
+++ b/include/taxonomy.php
@@ -182,11 +182,10 @@ function tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0, $re
 		$sql_options .= " and owner_xchan  = '" . dbesc($owner) . "' ";
 	}	
 
-
 	// Fetch tags
 	$r = q("select term, count(term) as total from term left join item on term.oid = item.id
 		where term.uid = %d and term.ttype = %d 
-		and otype = %d and item_type = %d and item_private = 0
+		and otype = %d and item_type = %d 
 		$sql_options $item_normal
 		group by term order by total desc %s",
 		intval($uid),
@@ -196,6 +195,7 @@ function tagadelic($uid, $count = 0, $authors = '', $owner = '', $flags = 0, $re
 		((intval($count)) ? "limit $count" : '')
 	);
 
+
 	if(! $r)
 		return array();
 
diff --git a/include/text.php b/include/text.php
index 6675043e6..c1e064857 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3318,3 +3318,19 @@ function featured_sort($a,$b) {
 	$s2 = substr($b,strpos($b,'id='),20);
 	return(strcmp($s1,$s2));
 }
+
+
+function punify($s) {
+	require_once('vendor/simplepie/simplepie/idn/idna_convert.class.php');
+	$x = new idna_convert(['encoding' => 'utf8']);
+	return $x->encode($s);
+
+}
+
+function unpunify($s) {
+	require_once('vendor/simplepie/simplepie/idn/idna_convert.class.php');
+	$x = new idna_convert(['encoding' => 'utf8']);
+	return $x->decode($s);
+
+}
+
diff --git a/include/zid.php b/include/zid.php
index 67c1d9f6c..5275c6d5a 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -53,13 +53,13 @@ function zid($s, $address = '') {
 	$mine = get_my_url();
 	$myaddr = (($address) ? $address : get_my_address());
 
-	/**
-	 * @FIXME checking against our own channel url is no longer reliable. We may have a lot
-	 * of urls attached to our channel. Should probably match against our site, since we
-	 * will not need to remote authenticate on our own site anyway.
-	 */
+	$mine_parsed = parse_url($mine);
+	$s_parsed = parse_url($s);
 
-	if ($mine && $myaddr && (! link_compare($mine,$s)))
+	if($mine_parsed['host'] === $s_parsed['host'])
+		$url_match = true;
+
+	if ($mine && $myaddr && (! $url_match))
 		$zurl = $s . (($num_slashes >= 3) ? '' : '/') . $achar . 'zid=' . urlencode($myaddr);
 	else
 		$zurl = $s;
@@ -109,6 +109,7 @@ function clean_query_string($s = '') {
 	$x = strip_zids(($s) ? $s : \App::$query_string);
 	$x = strip_owt($x);
 	$x = strip_zats($x);
+	$x = strip_query_param($x,'sort');
 
 	return strip_query_param($x,'f');
 }
@@ -346,4 +347,4 @@ function owt_init($token) {
 		info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name']));
 
 	logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']);
-}
\ No newline at end of file
+}
diff --git a/include/zot.php b/include/zot.php
index c11cace2a..25ea9b8fb 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -2285,13 +2285,31 @@ function process_mail_delivery($sender, $arr, $deliveries) {
 			continue;
 		}
 
+
 		if(! perm_is_allowed($channel['channel_id'],$sender['hash'],'post_mail')) {
-			logger("permission denied for mail delivery {$channel['channel_id']}");
-			$DR->update('permission denied');
-			$result[] = $DR->get();
-			continue;
+
+			/* 
+			 * Always allow somebody to reply if you initiated the conversation. It's anti-social
+			 * and a bit rude to send a private message to somebody and block their ability to respond.
+			 * If you are being harrassed and want to put an end to it, delete the conversation.
+			 */
+
+			$return = false;
+			if($arr['parent_mid']) {
+				$return = q("select * from mail where mid = '%s' and channel_id = %d limit 1",
+					dbesc($arr['parent_mid']),
+					intval($channel['channel_id'])
+				);
+			}
+			if(! $return) {
+				logger("permission denied for mail delivery {$channel['channel_id']}");
+				$DR->update('permission denied');
+				$result[] = $DR->get();
+				continue;
+			}
 		}
 
+
 		$r = q("select id from mail where mid = '%s' and channel_id = %d limit 1",
 			dbesc($arr['mid']),
 			intval($channel['channel_id'])