6 files changed, 93 insertions, 23 deletions
diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php
index 0bf7689be..cf78ac690 100644
--- a/Zotlabs/Module/Attach.php
+++ b/Zotlabs/Module/Attach.php
@@ -14,6 +14,7 @@ class Attach extends Controller {
 
 		$attach_ids = ((x($_REQUEST, 'attach_ids')) ? $_REQUEST['attach_ids'] : []);
 		$attach_path = ((x($_REQUEST, 'attach_path')) ? $_REQUEST['attach_path'] : '');
+		$download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : '');
 
 		$channel_id = ((x($_REQUEST, 'channel_id')) ? intval($_REQUEST['channel_id']) : 0);
 		$channel = channelx_by_n($channel_id);
@@ -52,6 +53,9 @@ class Attach extends Controller {
 				];
 
 				Verify::create('zip_token', 0, $token, json_encode($meta));
+				Verify::create('download_token', 0, $download_token, $token);
+
+
 
 				json_return_and_die([
 					'success' => true,
@@ -69,12 +73,32 @@ class Attach extends Controller {
 			return;
 		}
 
-		if(argv(1) === 'download') {
+		$token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : '');
+		$download_token = ((x($_REQUEST, 'download_token')) ? $_REQUEST['download_token'] : '');
 
-			$token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : '');
+		if(argv(1) === 'check') {
+			$meta = Verify::get_meta('download_token', 0, $download_token);
+
+			if(! $meta)
+				killme();
+
+			json_return_and_die([
+				'success' => true,
+				'token' => $meta
+			]);
+		}
+
+		if(argv(1) === 'download') {
 			$meta = Verify::get_meta('zip_token', 0, $token);
+
+			if(! $meta)
+				killme();
+
 			$meta = json_decode($meta, true);
 
+			// make sure we remove the download_token in case we have not checked yet
+			Verify::get_meta('download_token', 0, $download_token);
+
 			header('Content-Type: application/zip');
 			header('Content-Disposition: attachment; filename="'. $meta['zip_filename'] . '"');
 			header('Content-Length: ' . filesize($meta['zip_path']));
@@ -82,7 +106,7 @@ class Attach extends Controller {
 			$istream = fopen($meta['zip_path'], 'rb');
 			$ostream = fopen('php://output', 'wb');
 			if($istream && $ostream) {
-				pipe_streams($istream,$ostream);
+				pipe_streams($istream, $ostream);
 				fclose($istream);
 				fclose($ostream);
 			}
@@ -123,7 +147,7 @@ class Attach extends Controller {
 				$istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb');
 			$ostream = fopen('php://output','wb');
 			if($istream && $ostream) {
-				pipe_streams($istream,$ostream);
+				pipe_streams($istream, $ostream);
 				fclose($istream);
 				fclose($ostream);
 			}
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index 01edda9ae..814705a85 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -35,7 +35,7 @@ class Photo extends \Zotlabs\Web\Controller {
 		call_hooks('cache_mode_hook', $cache_mode);
 		
 		$observer_xchan = get_observer_hash();
-		$cachecontrol = '';
+		$cachecontrol = ', no-cache';
 
 		if(isset($type)) {
 	
@@ -102,7 +102,7 @@ class Photo extends \Zotlabs\Web\Controller {
 			    $modified = filemtime($default);
 			}
 
-			$cachecontrol = ', must-revalidate';
+			$cachecontrol .= ', must-revalidate';
 		}
 		else {
 	
@@ -169,6 +169,7 @@ class Photo extends \Zotlabs\Web\Controller {
 									$url = z_root() . '/sslify/' . $filename . '?f=&url=' . urlencode($url);
 								goaway($url);
 							}
+							$cachecontrol = '';
 						}
 					}
 				}
@@ -271,7 +272,7 @@ class Photo extends \Zotlabs\Web\Controller {
 			// in the event that infrastructure caching is present.
 			$smaxage = intval($maxage/12);
 
-			header("Cache-Control: no-cache, s-maxage=" . $smaxage . ", max-age=" . $maxage . $cachecontrol);
+			header("Cache-Control: s-maxage=" . $smaxage . ", max-age=" . $maxage . $cachecontrol);
 	
 		}
 
diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php
index 287c24829..534c63d46 100644
--- a/Zotlabs/Module/Sse_bs.php
+++ b/Zotlabs/Module/Sse_bs.php
@@ -162,7 +162,7 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		if ($notifications) {
-			$items = q("SELECT * FROM item 
+			$items = q("SELECT * FROM item
 				WHERE uid = %d
 				AND created <= '%s'
 				AND item_unseen = 1 AND item_wall = 0 AND item_private IN (0, 1)
@@ -190,7 +190,7 @@ class Sse_bs extends Controller {
 
 		}
 
-		$r = q("SELECT count(id) as total FROM item 
+		$r = q("SELECT count(id) as total FROM item
 			WHERE uid = %d and item_unseen = 1 AND item_wall = 0 AND item_private IN (0, 1)
 			AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 			AND author_xchan != '%s'
@@ -231,10 +231,10 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		if ($notifications) {
-			$items = q("SELECT * FROM item 
+			$items = q("SELECT * FROM item
 				WHERE uid = %d
 				AND created <= '%s'
-				AND item_unseen = 1 AND item_wall = 0 AND item_private = 2
+				AND item_unseen = 1 AND item_private = 2
 				AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 				AND author_xchan != '%s'
 				$item_normal
@@ -259,8 +259,8 @@ class Sse_bs extends Controller {
 
 		}
 
-		$r = q("SELECT count(id) as total FROM item 
-			WHERE uid = %d and item_unseen = 1 AND item_wall = 0 AND item_private = 2
+		$r = q("SELECT count(id) as total FROM item
+			WHERE uid = %d and item_unseen = 1 AND item_private = 2
 			$item_normal
 			$sql_extra
 			AND author_xchan != '%s'",
@@ -300,10 +300,10 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		if ($notifications) {
-			$items = q("SELECT * FROM item 
+			$items = q("SELECT * FROM item
 				WHERE uid = %d
 				AND created <= '%s'
-				AND item_unseen = 1 AND item_wall = 1 
+				AND item_unseen = 1 AND item_wall = 1 AND item_private IN (0, 1)
 				AND obj_type NOT IN ('Document', 'Video', 'Audio', 'Image')
 				AND author_xchan != '%s'
 				$item_normal
@@ -328,8 +328,8 @@ class Sse_bs extends Controller {
 
 		}
 
-		$r = q("SELECT count(id) as total FROM item 
-			WHERE uid = %d and item_unseen = 1 AND item_wall = 1 
+		$r = q("SELECT count(id) as total FROM item
+			WHERE uid = %d and item_unseen = 1 AND item_wall = 1 AND item_private IN (0, 1)
 			$item_normal
 			$sql_extra
 			AND author_xchan != '%s'",
@@ -379,7 +379,7 @@ class Sse_bs extends Controller {
 		$item_normal = item_normal();
 
 		if ($notifications) {
-			$items = q("SELECT * FROM item 
+			$items = q("SELECT * FROM item
 				WHERE uid = %d
 				AND created <= '%s'
 				AND item_unseen = 1
@@ -410,7 +410,7 @@ class Sse_bs extends Controller {
 
 		}
 
-		$r = q("SELECT count(id) as total FROM item 
+		$r = q("SELECT count(id) as total FROM item
 			WHERE uid = %d AND item_unseen = 1
 			AND created > '%s'
 			$item_normal
@@ -516,7 +516,7 @@ class Sse_bs extends Controller {
 				$p_str = ids_to_querystr($p, 'parent');
 				$p_sql = (($p_str) ? "OR parent IN ( $p_str )" : '');
 
-				$r = q("select mid from item 
+				$r = q("select mid from item
 					where uid = %d and ( owner_xchan = '%s' OR author_xchan = '%s' $p_sql ) and item_unseen = 1 $sql_extra $item_normal",
 					intval(self::$uid),
 					dbesc($forums[$x]['xchan_hash']),
@@ -577,7 +577,7 @@ class Sse_bs extends Controller {
 
 		$item_normal = item_normal();
 
-		$r = q("SELECT * FROM item 
+		$r = q("SELECT * FROM item
 			WHERE verb = '%s'
 			AND obj_type IN ('Document', 'Video', 'Audio', 'Image')
 			AND uid = %d
diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php
index 52f761b65..f61919eea 100644
--- a/include/photo/photo_driver.php
+++ b/include/photo/photo_driver.php
@@ -38,6 +38,10 @@ function photo_factory($data, $type = null) {
 		$v = Imagick::getVersion();
 		preg_match('/ImageMagick ([0-9]+\.[0-9]+\.[0-9]+)/', $v['versionString'], $m);
 		if(version_compare($m[1], '6.6.7') >= 0) {
+			$limits = get_config('system', 'imagick_limits', false);
+			if ($limits)
+				foreach ($limits as $k => $v)
+					IMagick::setResourceLimit($k, $v);
 			$ph = new PhotoImagick($data, $type);
 		} else {
 			// earlier imagick versions have issues with scaling png's
diff --git a/view/js/main.js b/view/js/main.js
index 7df705603..3e3fd057c 100644
--- a/view/js/main.js
+++ b/view/js/main.js
@@ -1997,3 +1997,13 @@ function sse_fallback() {
 		sse_handleNotifications(obj, false, false);
 	});
 }
+
+function makeid(length) {
+	var result = '';
+	var characters = 'abcdef0123456789';
+	var charactersLength = characters.length;
+	for ( var i = 0; i < length; i++ ) {
+		result += characters.charAt(Math.floor(Math.random() * charactersLength));
+	}
+	return result;
+}
diff --git a/view/js/mod_cloud.js b/view/js/mod_cloud.js
index aa9d308eb..aeaac8c69 100644
--- a/view/js/mod_cloud.js
+++ b/view/js/mod_cloud.js
@@ -70,8 +70,11 @@ $(document).ready(function () {
 		$('body').css('cursor', 'wait');
 		$.jGrowl('Please stand by while your download is being prepared...', { sticky: false, theme: 'info', life: 10000 });
 
+		var download_token = makeid(32);
+
 		let data = [
 			{name: 'attach_path', value: window.location.pathname},
+			{name: 'download_token', value: download_token},
 			{name: 'channel_id', value: channelId},
 			{name: 'attach_ids[]', value: id}
 		]
@@ -79,10 +82,22 @@ $(document).ready(function () {
 		$.post('attach', data, function (data) {
 			if (data.success) {
 				$('body').css('cursor', 'auto');
-				window.location.href = '/attach/download?token=' + data.token;
+				window.location.href = '/attach/download?token=' + data.token + '&download_token=' + download_token;
+				clearInterval(fallback);
 			}
 		});
 
+		// fallback if server timed out
+
+		var fallback = setInterval(function(){ $.get('/attach/check?download_token=' + download_token, function(data){
+			if (data.success) {
+				$('body').css('cursor', 'auto');
+				window.location.href = '/attach/download?token=' + data.token;
+				clearInterval(fallback);
+			}
+
+		}); }, 30000);
+
 	});
 
 	$('.cloud-tool-delete-btn').on('click', function (e) {
@@ -298,18 +313,34 @@ $(document).ready(function () {
 		$('body').css('cursor', 'wait');
 		$.jGrowl('Please stand by while your download is being prepared...', { sticky: false, theme: 'info', life: 10000 });
 
+		var download_token = makeid(32);
+
 		post_data.push(
 			{name: 'attach_path', value: window.location.pathname},
+			{name: 'download_token', value: download_token},
 			{name: 'channel_id', value: channelId},
 		);
 
 		$.post('attach', post_data, function (data) {
 			if (data.success) {
 				$('body').css('cursor', 'auto');
-				window.location.href = '/attach/download?token=' + data.token;
+				window.location.href = '/attach/download?token=' + data.token + '&download_token=' + download_token;
+				clearInterval(fallback);
 			}
 		});
 
+		// fallback if server timed out
+
+		var fallback = setInterval(function(){ $.get('/attach/check?download_token=' + download_token, function(data){
+			if (data.success) {
+				$('body').css('cursor', 'auto');
+				window.location.href = '/attach/download?token=' + data.token;
+				clearInterval(fallback);
+			}
+
+		}); }, 30000);
+
+
 	});
 
 	$('#cloud-multi-tool-delete-btn').on('click', function (e) {