Merge pull request #4 from friendica/master

Fork aligned to red master

22 files changed, 334 insertions, 46 deletions

diff --git a/mod/acl.php b/mod/acl.php
index b886b7e58..bd19c4bb7 100644
--- a/mod/acl.php
+++ b/mod/acl.php
@@ -228,6 +228,10 @@ function navbar_complete(&$a) {
 
 //	logger('navbar_complete');
 
+	if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
+		return;
+	}
+
 	$dirmode = intval(get_config('system','directory_mode'));
 	$search = ((x($_REQUEST,'query')) ? htmlentities($_REQUEST['query'],ENT_COMPAT,'UTF-8',false) : '');
 	if(! $search || mb_strlen($search) < 2)
@@ -278,4 +282,4 @@ function navbar_complete(&$a) {
 		}
 	}
 	return array();
-}
\ No newline at end of file
+}
diff --git a/mod/blocks.php b/mod/blocks.php
index 170d37256..4604790c3 100644
--- a/mod/blocks.php
+++ b/mod/blocks.php
@@ -62,6 +62,7 @@ require_once ('include/conversation.php');
 			'bang' => (($group || $cid) ? '!' : ''),
 			'visitor' => 'block',
 			'mimetype' => 'choose',
+			'ptlabel' => t('Block Name'),
 			'profile_uid' => intval($owner),
 		);
 
diff --git a/mod/connections.php b/mod/connections.php
index bcb78f138..1ad9fedbc 100644
--- a/mod/connections.php
+++ b/mod/connections.php
@@ -32,6 +32,9 @@ function connections_init(&$a) {
 
 function connections_aside(&$a) {
 
+	if (! local_user())
+		return;
+	
 	if(x($a->data,'abook')) {
 		$a->set_widget('vcard',vcard_from_xchan($a->data['abook'],$a->get_observer()));
 	}
@@ -172,7 +175,7 @@ function connections_content(&$a) {
 
 	if(! local_user()) {
 		notice( t('Permission denied.') . EOL);
-		return;
+		return login();
 	}
 
 	if(argc() == 3) {
diff --git a/mod/directory.php b/mod/directory.php
index 13855cff7..1f22e9bf8 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -14,8 +14,15 @@ function directory_aside(&$a) {
 		require_once('include/contact_widgets.php');
 		$a->set_widget('find_people',findpeople_widget());
 	}
-	$a->set_widget('dir_sort_order',dir_sort_links());
 
+	if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
+		return;
+	}
+	
+	$a->set_widget('safe_search',dir_safe_mode());
+
+	$a->set_widget('dir_sort_order',dir_sort_links());
+	
 }
 
 
@@ -28,8 +35,10 @@ function directory_content(&$a) {
 
 	$safe_mode = 1;
 
-	if(local_user()) {
-		$safe_mode = get_pconfig(local_user(),'directory','safe_mode');
+	$observer = get_observer_hash();
+	
+	if($observer) {
+		$safe_mode = get_xconfig($observer,'directory','safe_mode');
 	}
 	if($safe_mode === false)
 		$safe_mode = 1;
@@ -37,7 +46,10 @@ function directory_content(&$a) {
 		$safe_mode = intval($safe_mode);
 
 	if(x($_REQUEST,'safe'))
-		$safe_mode = intval($_REQUEST['safe']);
+		$safe_mode = (intval($_REQUEST['safe']));
+
+
+
 
 	$o = '';
 	nav_set_selected('directory');
@@ -89,6 +101,7 @@ function directory_content(&$a) {
 
 		$kw = ((intval($numtags)) ? $numtags : 24);
 		$query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : '');
+
 		if($search)
 			$query .= '&name=' . urlencode($search) . '&keywords=' . urlencode($search);
 		if(strpos($search,'@'))
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 115bc2235..dcacef651 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -43,9 +43,10 @@ function dirsearch_content(&$a) {
 	$kw       = ((x($_REQUEST,'kw'))       ? intval($_REQUEST['kw'])    : 0 );
 
 	// by default use a safe search
-	$safe     = ((x($_REQUEST,'safe'))     ? intval($_REQUEST['safe'])  : 1 );
-
-
+	$safe     = ((x($_REQUEST,'safe')));    // ? intval($_REQUEST['safe'])  : 1 );
+	if ($safe === false)
+			$safe = 1;
+		
 	if(array_key_exists('sync',$_REQUEST)) {
 		if($_REQUEST['sync'])
 			$sync = datetime_convert('UTC','UTC',$_REQUEST['sync']);
@@ -131,12 +132,12 @@ function dirsearch_content(&$a) {
 	}
 
 
-	if($sort_order == 'date')
-		$order = " order by xchan_name_date desc ";
+	if($sort_order == 'normal')
+		$order = " order by xchan_name asc ";
 	elseif($sort_order == 'reverse')
 		$order = " order by xchan_name desc ";
 	else	
-		$order = " order by xchan_name asc ";
+		$order = " order by xchan_name_date desc ";
 
 
 	if($sync) {
@@ -181,8 +182,8 @@ function dirsearch_content(&$a) {
 			$entry['name']        = $rr['xchan_name'];
 			$entry['hash']        = $rr['xchan_hash'];
 
-			$entry['updated']     = (($rr['ud_date']) ? $rr['ud_date'] : '0000-00-00 00:00:00');
-			$entry['update_guid'] = (($rr['ud_guid']) ? $rr['ud_guid'] : ''); 
+//			$entry['updated']     = (($rr['ud_date']) ? $rr['ud_date'] : '0000-00-00 00:00:00');
+//			$entry['update_guid'] = (($rr['ud_guid']) ? $rr['ud_guid'] : ''); 
 			$entry['url']         = $rr['xchan_url'];
 			$entry['photo']       = $rr['xchan_photo_m'];
 			$entry['address']     = $rr['xchan_addr'];
@@ -242,7 +243,7 @@ function list_public_sites() {
 			else
 				$register = 'closed';
 
-			$ret['sites'][] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage']);
+			$ret['sites'][] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location']);
 		}
 	}
 	return $ret;
diff --git a/mod/display.php b/mod/display.php
index d91d14d01..e95a038ea 100644
--- a/mod/display.php
+++ b/mod/display.php
@@ -69,7 +69,7 @@ function display_content(&$a, $update = 0, $load = false) {
 
 	$target_item = null;
 
-	$r = q("select mid, parent_mid from item where mid = '%s' limit 1",
+	$r = q("select id, uid, mid, parent_mid, item_restrict from item where mid = '%s' limit 1",
 		dbesc($item_hash)
 	);
 
@@ -77,6 +77,24 @@ function display_content(&$a, $update = 0, $load = false) {
 		$target_item = $r[0];
 	}
 
+	if($target_item['item_restrict'] & ITEM_WEBPAGE) {
+		$x = q("select * from channel where channel_id = %d limit 1",
+			intval($target_item['uid'])
+		);
+		$y = q("select * from item_id where uid = %d and service = 'WEBPAGE' and iid = %d limit 1",
+			intval($target_item['uid']),
+			intval($target_item['id'])
+		);
+		if($x && $y) {
+			goaway(z_root() . '/page/' . $x[0]['channel_address'] . '/' . $y[0]['sid']);
+		}
+		else {
+			notice( t('Page not found.') . EOL);
+		 	return '';
+		}
+	}
+
+
 	if((! $update) && (! $load)) {
 
 
diff --git a/mod/editblock.php b/mod/editblock.php
index a111f6666..9c691640b 100644
--- a/mod/editblock.php
+++ b/mod/editblock.php
@@ -144,6 +144,9 @@ function editblock_content(&$a) {
 		'$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''),
 		'$jotplugins' => $jotplugins,
 		'$sourceapp' => t($a->sourcename),
+		'$defexpire' => '',
+		'$feature_expire' => 'none',
+		'$expires' => t('Set expiration date'),
 	));
 
 
diff --git a/mod/editlayout.php b/mod/editlayout.php
index 7bcd02512..f8906d981 100644
--- a/mod/editlayout.php
+++ b/mod/editlayout.php
@@ -129,6 +129,9 @@ function editlayout_content(&$a) {
 		'$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''),
 		'$jotplugins' => $jotplugins,
 		'$sourceapp' => t($a->sourcename),
+		'$defexpire' => '',
+		'$feature_expire' => 'none',
+		'$expires' => t('Set expiration date'),
 	));
 
 	$ob = get_observer_hash();
diff --git a/mod/editpost.php b/mod/editpost.php
index 8d510ce05..b01afe9b3 100644
--- a/mod/editpost.php
+++ b/mod/editpost.php
@@ -1,4 +1,4 @@
-<?php
+<?php /** @file */
 
 require_once('acl_selectors.php');
 require_once('include/crypto.php');
@@ -36,6 +36,8 @@ function editpost_content(&$a) {
 	if(feature_enabled(local_user(),'richtext'))
 		$plaintext = false;
 
+	$channel = $a->get_channel();
+
 	$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 		'$title' => t('Edit post')
 	));
@@ -46,7 +48,8 @@ function editpost_content(&$a) {
 		'$editselect' =>  (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
 		'$ispublic' => '&nbsp;', // t('Visible to <strong>everybody</strong>'),
 		'$geotag' => $geotag,
-		'$nickname' => $a->user['nickname']
+		'$nickname' => $channel['channel_address'],
+		'$expireswhen' => t('Expires YYYY-MM-DD HH:MM'),
 	));
 
 
@@ -124,6 +127,11 @@ function editpost_content(&$a) {
 		'$jotplugins' => $jotplugins,
 		'$sourceapp' => t($a->sourcename),
 		'$catsenabled' => $catsenabled,
+		'$defexpire' => $itm[0]['expires'],
+		'$feature_expire' => 'none',
+		'$expires' => t('Set expiration date'),
+		'$feature_encrypt' => 'none',
+		'$encrypt' => t('Encrypt text'),
 	));
 
 	return $o;
diff --git a/mod/editwebpage.php b/mod/editwebpage.php
index 44ac0bc85..5a21aa78d 100644
--- a/mod/editwebpage.php
+++ b/mod/editwebpage.php
@@ -150,6 +150,10 @@ function editwebpage_content(&$a) {
 		'$preview' => ((feature_enabled(local_user(),'preview')) ? t('Preview') : ''),
 		'$jotplugins' => $jotplugins,
 		'$sourceapp' => t($a->sourcename),
+		'$defexpire' => '',
+		'$feature_expire' => 'none',
+		'$expires' => t('Set expiration date'),
+
 	));
 
 	$ob = get_observer_hash();
diff --git a/mod/invite.php b/mod/invite.php
index cb8cd1f63..bceca4515 100644
--- a/mod/invite.php
+++ b/mod/invite.php
@@ -139,7 +139,7 @@ function invite_content(&$a) {
 		'$invite' => t('Send invitations'),
 		'$addr_text' => t('Enter email addresses, one per line:'),
 		'$msg_text' => t('Your message:'),
-		'$default_message' => t('You are cordially invited to join me and some other close friends on the Red Matrix - a revolutionary new decentralised social and information tool.') . "\r\n" . "\r\n"
+		'$default_message' => t('You are cordially invited to join me and some other close friends on the Red Matrix - a revolutionary new decentralised communication and information tool.') . "\r\n" . "\r\n"
 			. $linktxt
 			. (($invonly) ? "\r\n" . "\r\n" . t('You will need to supply this invitation code: $invite_code') . "\r\n" . "\r\n" : '') 
 
@@ -147,7 +147,7 @@ function invite_content(&$a) {
 			. "\r\n" . "\r\n"
 			. z_root() . "/channel/" . $channel['channel_address']
 			. "\r\n" . "\r\n"
-						. t('Once you have registered, please connect with my Red Matrix channel address:') 
+						. t('Once you have registered (on ANY Red Matrix site - they are all inter-connected), please connect with my Red Matrix channel address:') 
 			. "\r\n" . "\r\n" . $ob['xchan_addr']
 			. "\r\n" . "\r\n" . t('For more information about the Red Matrix Project and why it has the potential to change the internet as we know it, please visit http://getzot.com') . "\r\n" . "\r\n"  ,
 		'$submit' => t('Submit')
diff --git a/mod/item.php b/mod/item.php
index 218e9c174..be24d242c 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -327,11 +327,9 @@ function item_post(&$a) {
 
 	$expires = '0000-00-00 00:00:00';
 
-	if(feature_enabled($profile_uid,'expire')) {
-		// expire_quantity, e.g. '3'
-		// expire_units, e.g. days, weeks, months
-		if(x($_REQUEST,'expire_quantity') && (x($_REQUEST,'expire_units'))) {
-			$expire = datetime_convert('UTC','UTC', 'now + ' . $_REQUEST['expire_quantity'] . ' ' . $_REQUEST['expire_units']);
+	if(feature_enabled($profile_uid,'content_expire')) {
+		if(x($_REQUEST,'expire')) {
+			$expires = datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expire']);
 			if($expires <= datetime_convert())
 				$expires = '0000-00-00 00:00:00';
 		}
@@ -411,7 +409,7 @@ function item_post(&$a) {
 		 * owner from seeing it. This is because the permissions may not yet have been
 		 * set for the post. If it's private, the photo permissions should be set
 		 * appropriately. But we didn't know the final permissions on the post until
-		 * now. So now we'll look for links of uploaded messages that are in the
+		 * now. So now we'll look for links of uploaded photos and attachments that are in the
 		 * post and set them to the same permissions as the post itself.
 		 *
 		 */
diff --git a/mod/layouts.php b/mod/layouts.php
index cd6e61f88..b1f53d4d8 100644
--- a/mod/layouts.php
+++ b/mod/layouts.php
@@ -47,6 +47,17 @@ function layouts_content(&$a) {
             $a->set_widget('design',design_tools());
         }
 
+		$tabs = array(
+			array(
+			'label' => t('Layout Help'),
+			'url'   => 'help/Comanche',
+			'sel'   => '',
+			'title' => t('Help with this feature'),
+			'id'    => 'layout-help-tab',
+		));
+
+
+		$o .= replace_macros(get_markup_template('common_tabs.tpl'),array('$tabs' => $tabs));
 
 
 // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages
@@ -58,7 +69,9 @@ require_once ('include/conversation.php');
 			'nickname' => $a->profile['channel_address'],
 			'lockstate' => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
 			'bang' => (($group || $cid) ? '!' : ''),
-			'visitor' => 'block',
+			'visitor' => 'none',
+			'nopreview' => 1,
+			'ptlabel' => t('Layout Name'),
 			'profile_uid' => intval($owner),
 		);
 
diff --git a/mod/message.php b/mod/message.php
index 1b4c6ae26..c03875e24 100644
--- a/mod/message.php
+++ b/mod/message.php
@@ -9,6 +9,9 @@ require_once('include/Contact.php');
 
 function message_aside(&$a) {
 
+	if (! local_user())
+		return;
+
 	$a->set_widget('msgaside',replace_macros(get_markup_template('message_side.tpl'), array(
 		'$tabs'=> array(),
 
@@ -37,6 +40,7 @@ function message_post(&$a) {
 	$body      = ((x($_REQUEST,'body'))         ? escape_tags(trim($_REQUEST['body']))    : '');
 	$recipient = ((x($_REQUEST,'messageto'))    ? notags(trim($_REQUEST['messageto']))    : '');
 	$rstr      = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : '');
+	$expires   = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : '0000-00-00 00:00:00');
 
 	// If we have a raw string for a recipient which hasn't been auto-filled,
 	// it means they probably aren't in our address book, hence we don't know
@@ -108,7 +112,7 @@ function message_post(&$a) {
 
 	// We have a local_user, let send_message use the session channel and save a lookup
 	
-	$ret = send_message(0, $recipient, $body, $subject, $replyto);
+	$ret = send_message(0, $recipient, $body, $subject, $replyto, $expires);
 
 	if(! $ret['success']) {
 		notice($ret['message']);
@@ -202,7 +206,7 @@ function message_content(&$a) {
 
 	if(! local_user()) {
 		notice( t('Permission denied.') . EOL);
-		return;
+		return login();
 	}
 
 	$channel = $a->get_channel();
@@ -268,7 +272,8 @@ function message_content(&$a) {
 			'$baseurl' => $a->get_baseurl(true),
 			'$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
 			'$nickname' => $channel['channel_address'],
-			'$linkurl' => t('Please enter a link URL:')
+			'$linkurl' => t('Please enter a link URL:'),
+			'$expireswhen' => t('Expires YYYY-MM-DD HH:MM')
 		));
 	
 		$preselect = (isset($a->argv[2])?array($a->argv[2]):false);
@@ -319,7 +324,10 @@ function message_content(&$a) {
 			'$attach' => t('Attach file'),
 			'$insert' => t('Insert web link'),
 			'$wait' => t('Please wait'),
-			'$submit' => t('Submit')
+			'$submit' => t('Submit'),
+			'$defexpire' => '',
+			'$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'),
+			'$expires' => t('Set expiration date'),
 		));
 
 		return $o;
@@ -395,7 +403,8 @@ function message_content(&$a) {
 			'$nickname' => $channel['channel_addr'],
 			'$baseurl' => $a->get_baseurl(true),
 			'$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
-			'$linkurl' => t('Please enter a link URL:')
+			'$linkurl' => t('Please enter a link URL:'),
+			'$expireswhen' => t('Expires YYYY-MM-DD HH:MM')
 		));
 
 
@@ -460,8 +469,6 @@ function message_content(&$a) {
 
 		}
 
-		logger('mails: ' . print_r($mails,true), LOGGER_DATA);
-
 		$recp = (($message['from_xchan'] === $channel['channel_hash']) ? 'to' : 'from');
 
 // FIXME - move this HTML to template
@@ -495,8 +502,10 @@ function message_content(&$a) {
 			'$attach' => t('Attach file'),
 			'$insert' => t('Insert web link'),
 			'$submit' => t('Submit'),
-			'$wait' => t('Please wait')
-
+			'$wait' => t('Please wait'),
+			'$defexpire' => '',
+			'$feature_expire' => ((feature_enabled(local_user(),'content_expire')) ? 'block' : 'none'),
+			'$expires' => t('Set expiration date'),
 		));
 
 		return $o;
diff --git a/mod/photos.php b/mod/photos.php
index 075d01cf2..fe5777fe9 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -36,7 +36,7 @@ function photos_init(&$a) {
 
 
 		$a->set_widget('vcard',vcard_from_xchan($a->data['channel'],$observer));
-
+		head_set_icon($a->data['channel']['xchan_photo_s']);
 		if($a->data['perms']['view_photos']) {
 			$a->data['albums'] = photos_albums_list($a->data['channel'],$observer);
 			$a->set_widget('photo_albums',photos_album_widget($a->data['channel'],$observer,$a->data['albums']));
diff --git a/mod/pubsites.php b/mod/pubsites.php
index 9728d0704..0441f928b 100644
--- a/mod/pubsites.php
+++ b/mod/pubsites.php
@@ -21,13 +21,16 @@ function pubsites_content(&$a) {
 
 	$o .= '<h1>' . t('Public Sites') . '</h1>';
 
+	$o .= '<div class="descriptive-text">' . 
+		t('The listed sites allow public registration into the Red Matrix. All sites in the matrix are interlinked so membership on any of them conveys membership in the matrix as a whole. Some sites may require subscription or provide tiered service plans. The provider links may provide additional details.') . '</div>' . EOL;
+
 	$ret = z_fetch_url($url);
 	if($ret['success']) {
 		$j = json_decode($ret['body'],true);
 		if($j) {
-			$o .= '<table border="1"><tr><td>' . t('Site URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td></tr>';
+			$o .= '<table border="1"><tr><td>' . t('Site URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td><td>' . t('Location') . '</td></tr>';
 			foreach($j['sites'] as $jj) {
-				$o .= '<tr><td>' . '<a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url']) . '" >' . $jj['url'] . '</a>' . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td></tr>';
+				$o .= '<tr><td>' . '<a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url']) . '" >' . $jj['url'] . '</a>' . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><td>' . $jj['location'] . '</td></tr>';
 			}
 	
 			$o .= '</table>';
diff --git a/mod/rpost.php b/mod/rpost.php
new file mode 100644
index 000000000..820799218
--- /dev/null
+++ b/mod/rpost.php
@@ -0,0 +1,120 @@
+<?php /** @file */
+
+require_once('acl_selectors.php');
+require_once('include/crypto.php');
+require_once('include/items.php');
+require_once('include/taxonomy.php');
+require_once('include/conversation.php');
+require_once('include/zot.php');
+
+/**
+ * remote post
+ * 
+ * https://yoursite/rpost?f=&title=&body=&remote_return=
+ *
+ * This can be called via either GET or POST, use POST for long body content as suhosin often limits GET parameter length
+ *
+ * f= placeholder, often required
+ * title= Title of post
+ * body= Body of post
+ * remote_return= absolute URL to return after posting is finished
+ * type= choices are 'html' or 'bbcode', default is 'bbcode'
+ *
+ */
+
+
+
+function rpost_content(&$a) {
+
+	$o = '';
+
+	if(! local_user()) {
+		if(remote_user()) {
+			// redirect to your own site.
+			// We can only do this with a GET request so you'll need to keep the text short or risk getting truncated
+			// by the wretched beast called 'shusoin'. All the browsers now allow long GET requests, but suhosin
+			// blocks them.
+
+			$url = get_rpost_path($a->get_observer());
+			// make sure we're not looping to our own hub
+			if(($url) && (! stristr($url, $a->get_hostname()))) {
+				foreach($_REQUEST as $key => $arg) {
+					$url .= '&' . $key . '=' . $arg;
+				}
+				goaway($url);
+			}
+		}
+
+		// The login procedure is going to bugger our $_REQUEST variables
+		// so save them in the session.
+
+		if(array_key_exists('body',$_REQUEST)) {
+			$_SESSION['rpost'] = $_REQUEST;
+		}
+		return login();
+	}
+
+	// If we have saved rpost session variables, but nothing in the current $_REQUEST, recover the saved variables
+
+	if((! array_key_exists('body',$_REQUEST)) && (array_key_exists('rpost',$_SESSION))) {
+		$_REQUEST = $_SESSION['rpost'];
+		unset($_SESSION['rpost']);
+	}
+
+	if($_REQUEST['remote_return']) {
+		$_SESSION['remote_return'] = $_REQUEST['remote_return'];
+	}
+	if(argc() > 1 && argv(1) === 'return' && $_SESSION['remote_return']) {
+		goaway($_SESSION['remote_return']);
+	}
+
+	$plaintext = true;
+	if(feature_enabled(local_user(),'richtext'))
+		$plaintext = false;
+
+	if(array_key_exists('type', $_REQUEST) && $_REQUEST['type'] === 'html') {
+		require_once('include/html2bbcode.php');
+		$_REQUEST['body'] = html2bbcode($_REQUEST['body']); 
+	}
+
+	$channel = $a->get_channel();
+
+	$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
+		'$title' => t('Edit post')
+	));
+
+	
+//	$a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array(
+//		'$baseurl' => $a->get_baseurl(),
+//		'$editselect' =>  (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
+//		'$ispublic' => '&nbsp;', // t('Visible to <strong>everybody</strong>'),
+//		'$geotag' => $geotag,
+//		'$nickname' => $channel['channel_address']
+//	));
+
+
+
+	$x = array(
+		'is_owner' => true,
+		'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
+		'default_location' => $channel['channel_location'],
+		'nickname' => $channel['channel_address'],
+		'lockstate' => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] 
+			|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
+		'acl' => populate_acl($channel, $false),
+		'bang' => '',
+		'visitor' => 'block',
+		'profile_uid' => local_user(),
+		'title' => $_REQUEST['title'],
+		'body' => $_REQUEST['body'],
+		'return_path' => 'rpost/return'
+	);
+
+
+	$o .= status_editor($a,$x);
+
+	return $o;
+
+}
+
+
diff --git a/mod/settings.php b/mod/settings.php
index 5f1106be5..4e122607b 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -22,6 +22,8 @@ function settings_init(&$a) {
 
 function settings_aside(&$a) {
 
+if (! local_user())
+	return;
 
 	// default is channel settings in the absence of other arguments
 
@@ -623,7 +625,7 @@ function settings_content(&$a) {
 
 	if(! local_user()) {
 		notice( t('Permission denied.') . EOL );
-		return;
+		return login();
 	}
 
 
diff --git a/mod/setup.php b/mod/setup.php
index b825b5e0d..429be43af 100755
--- a/mod/setup.php
+++ b/mod/setup.php
@@ -4,7 +4,25 @@ $install_wizard_pass=1;
 
 
 function setup_init(&$a){
+
+	// Ensure that if somebody hasn't read the install documentation and doesn't have all 
+	// the required modules or has a totally borked shared hosting provider and they can't 
+	// figure out what the hell is going on - that we at least spit out an error message which
+	// we can inquire about when they write to tell us that our software doesn't work.
+
+	// The worst thing we can do at this point is throw a white screen of death and rely on 
+	// them knowing about servers and php modules and logfiles enough so that we can guess 
+	// at the source of the problem. As ugly as it may be, we need to throw a technically worded
+	// PHP error message in their face. Once installation is complete application errors will 
+	// throw a white screen because these error messages divulge information which can 
+	// potentially be useful to hackers.       
+	
 	
+	error_reporting(E_ERROR | E_WARNING | E_PARSE ); 
+	ini_set('log_errors','0'); 
+	ini_set('display_errors', '1');
+
+
 	// $baseurl/setup/testrwrite to test if rewite in .htaccess is working
 	if (argc() ==2  && argv(1)=="testrewrite") {
 		echo "ok";
@@ -14,6 +32,7 @@ function setup_init(&$a){
 	if (x($_POST,'pass'))
 		$install_wizard_pass = intval($_POST['pass']);
 
+
 }
 
 function setup_post(&$a) {
diff --git a/mod/share.php b/mod/share.php
index 1f767578d..48965ad36 100644
--- a/mod/share.php
+++ b/mod/share.php
@@ -1,20 +1,45 @@
 <?php
 
+require_once('include/security.php');
 require_once('bbcode.php');
 
 function share_init(&$a) {
 
 	$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
-	if((! $post_id) || (! local_user()))
+
+	if(! $post_id)
+		killme();
+
+	if(! (local_user() || remote_user()))
 		killme();
 
-	$r = q("SELECT * from item WHERE id = %d AND uid = %d and item_restrict = 0 LIMIT 1",
-		intval($post_id),
-		intval(local_user())
+
+	$r = q("SELECT * from item WHERE id = %d  LIMIT 1",
+		intval($post_id)
 	);
 	if((! $r) || $r[0]['item_private'])
 		killme();
 
+	$sql_extra = item_permissions_sql($r[0]['uid']);
+
+	$r = q("select * from item where id = %d $sql_extra",
+		intval($post_id)
+	);
+	if(! $r)
+		killme();
+
+	// FIXME - we only share bbcode
+
+	if($r[0]['mimetype'] !== 'text/bbcode')
+		killme();
+
+	// FIXME - eventually we want to post remotely via rpost
+	// on your home site.
+	// When that works remove this next bit:
+
+	if(! local_user())
+		killme();
+
 	xchan_query($r);
 
 	if (strpos($r[0]['body'], "[/share]") !== false) {
@@ -32,7 +57,24 @@ function share_init(&$a) {
 		$o.= "[/share]";
 	}
 
-	echo $o;
-	killme();
+	if(local_user()) {
+		echo $o;
+		killme();
+	}
+	
+	$observer = $a->get_observer();
+	$parsed = $observer['xchan_url'];
+	if($parsed) {
+		$post_url = $parsed['scheme'] . ':' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '')
+			. '/rpost';
+		// FIXME - we were probably called from JS
+		// so we don't know the return page.
+		// in fact we won't be able to load the remote page.
+		// we might need an iframe
+
+		$x = z_post_url($post_url, array('f' => '', 'body' => $o ));
+		killme();
+	}
+	
 
 }
diff --git a/mod/toggle_safesearch.php b/mod/toggle_safesearch.php
new file mode 100644
index 000000000..5fb18f694
--- /dev/null
+++ b/mod/toggle_safesearch.php
@@ -0,0 +1,23 @@
+<?php
+
+function toggle_safesearch_init(&$a) {
+
+$observer = get_observer_hash();
+
+if($observer) 
+	$safe_mode = get_xconfig($observer,'directory','safe_mode');
+if ($safe_mode == '')
+	set_xconfig($observer,'directory','safe_mode', '0');
+elseif($safe_mode == '0')
+	set_xconfig($observer,'directory','safe_mode', '1');
+elseif($safe_mode == '1')
+	set_xconfig($observer,'directory','safe_mode', '0');
+
+if(isset($_GET['address']))
+	$address = $_GET['address'];
+else
+	$address = z_root() . '/directory';
+
+	goaway($address);
+}
+	
diff --git a/mod/zfinger.php b/mod/zfinger.php
index 3671da56e..59cef5549 100644
--- a/mod/zfinger.php
+++ b/mod/zfinger.php
@@ -248,6 +248,7 @@ function zfinger_init(&$a) {
 		$ret['site']['sitehash'] = get_config('system','location_hash');
 		$ret['site']['sitename'] = get_config('system','sitename');
 		$ret['site']['sellpage'] = get_config('system','sellpage');
+		$ret['site']['location'] = get_config('system','site_location');
 
 	}
 	json_return_and_die($ret);