8 files changed, 44 insertions, 21 deletions
diff --git a/Zotlabs/Daemon/Cron.php b/Zotlabs/Daemon/Cron.php
index 65edbedfa..01c43262a 100644
--- a/Zotlabs/Daemon/Cron.php
+++ b/Zotlabs/Daemon/Cron.php
@@ -78,7 +78,7 @@ class Cron {
 		// channels and sites that quietly vanished and prevent the directory from accumulating stale
 		// or dead entries.
 
-		$r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s",
+		$r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s and channel_removed = 0",
 			db_utcnow(), 
 			db_quoteinterval('30 DAY')
 		);
diff --git a/Zotlabs/Daemon/Cron_weekly.php b/Zotlabs/Daemon/Cron_weekly.php
index 5b185f475..d44400767 100644
--- a/Zotlabs/Daemon/Cron_weekly.php
+++ b/Zotlabs/Daemon/Cron_weekly.php
@@ -21,6 +21,21 @@ class Cron_weekly {
 	
 		mark_orphan_hubsxchans();
 
+		// Find channels that were removed in the last three weeks, but 
+		// haven't been finally cleaned up. These should be older than 10
+		// days to ensure that "purgeall" messages have gone out or bounced 
+		// or timed out. 
+
+		$r = q("select channel_id from channel where channel_removed = 1 and 
+			channel_deleted >  %s - INTERVAL %s and channel_deleted < %s - INTERVAL %s",
+			db_utcnow(), db_quoteinterval('21 DAY'),
+			db_utcnow(), db_quoteinterval('10 DAY')
+		);
+		if($r) {
+			foreach($r as $rv) {
+				channel_remove_final($rv['channel_id']);
+			}
+		}
 
 		// get rid of really old poco records
 
diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php
index e164875e8..ad1c8b8cd 100644
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -176,11 +176,18 @@ class Acl extends \Zotlabs\Web\Controller {
 					$extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 ";
 
 
-				// Add atokens belonging to the local channel @TODO restrict by search
+				// Add atokens belonging to the local channel
+
+				if($search) {
+					$sql_extra_atoken = "AND ( atoken_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . ") ";
+				}
+				else {
+					$sql_extra_atoken = '';
+				}
 
 				$r2 = null;
 
-				$r1 = q("select * from atoken where atoken_uid = %d",
+				$r1 = q("select * from atoken where atoken_uid = %d $sql_extra_atoken",
 					intval(local_channel())
 				);
 
diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php
index 256667ef3..b1552a694 100644
--- a/Zotlabs/Module/Directory.php
+++ b/Zotlabs/Module/Directory.php
@@ -64,6 +64,11 @@ class Directory extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
+		if(get_config('system','block_public_directory',false) && (! get_observer_hash())) {
+			notice( t('Public access denied.') . EOL);
+			return;
+		}
+			
 		$observer = get_observer_hash();
 	
 		$globaldir = get_directory_setting($observer, 'globaldir');
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index b54de0fb9..f2b850ffc 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -577,15 +577,6 @@ class Item extends \Zotlabs\Web\Controller {
 			 * so we'll set the permissions regardless and realise that the media may not be 
 			 * referenced in the post. 
 			 *
-			 * What is preventing us from being able to upload photos into comments is dealing with
-			 * the photo and attachment permissions, since we don't always know who was in the 
-			 * distribution for the top level post.
-			 * 
-			 * We might be able to provide this functionality with a lot of fiddling:
-			 * - if the top level post is public (make the photo public)
-			 * - if the top level post was written by us or a wall post that belongs to us (match the top level post)
-			 * - if the top level post has privacy mentions, add those to the permissions.
-			 * - otherwise disallow the photo *or* make the photo public. This is the part that gets messy. 
 			 */
 	
 			if(! $preview) {
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php
index 332bf6896..947a9fde3 100644
--- a/Zotlabs/Storage/File.php
+++ b/Zotlabs/Storage/File.php
@@ -127,12 +127,15 @@ class File extends DAV\Node implements DAV\IFile {
 
 		$is_photo = false;
 		$album = '';
+		$os_path = '';
 
-		$r = q("SELECT flags, folder, os_storage, filename, is_photo FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1",
+		$r = q("SELECT flags, folder, os_storage, os_path, filename, is_photo FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1",
 			dbesc($this->data['hash']),
 			intval($c[0]['channel_id'])
 		);
 		if ($r) {
+			$os_path = $r[0]['os_path'];
+
 			if (intval($r[0]['os_storage'])) {
 				$d = q("select folder, content from attach where hash = '%s' and uid = %d limit 1",
 					dbesc($this->data['hash']),
@@ -150,7 +153,7 @@ class File extends DAV\Node implements DAV\IFile {
 						}
 					}
 					$fname = dbunescbin($d[0]['content']);
-					if(strpos($fname,'store') === false)
+					if(strpos($fname,'store/') === false)
 						$f = 'store/' . $this->auth->owner_nick . '/' . $fname ;
 					else
 						$f = $fname;
@@ -196,7 +199,7 @@ class File extends DAV\Node implements DAV\IFile {
 
 		if($is_photo) {
 			require_once('include/photos.php');
-			$args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct );
+			$args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_syspath' => $f, 'os_path' => $os_path, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct );
 			$p = photo_upload($c[0],\App::get_observer(),$args);
 		}
 
diff --git a/Zotlabs/Widget/Conversations.php b/Zotlabs/Widget/Conversations.php
index 56510750f..267d50fa0 100644
--- a/Zotlabs/Widget/Conversations.php
+++ b/Zotlabs/Widget/Conversations.php
@@ -28,6 +28,8 @@ class Conversations {
 
 			require_once('include/message.php');
 
+			$o = '';
+
 			// private_messages_list() can do other more complicated stuff, for now keep it simple
 			$r = private_messages_list(local_channel(), $mailbox, \App::$pager['start'], \App::$pager['itemspage']);
 
@@ -36,13 +38,13 @@ class Conversations {
 				return $o;
 			}
 
-			$messages = array();
+			$messages = [];
 
 			foreach($r as $rr) {
 
 				$selected = ((argc() == 3) ? intval(argv(2)) == intval($rr['id']) : $r[0]['id'] == $rr['id']);
 
-				$messages[] = array(
+				$messages[] = [
 					'mailbox'      => $mailbox,
 					'id'           => $rr['id'],
 					'from_name'    => $rr['from']['xchan_name'],
@@ -57,14 +59,14 @@ class Conversations {
 					'date'         => datetime_convert('UTC',date_default_timezone_get(),$rr['created'], 'c'),
 					'seen'         => $rr['seen'],
 					'selected'     => ((argv(1) != 'new') ? $selected : '')
-				);
+				];
 			}
 
 			$tpl = get_markup_template('mail_head.tpl');
-			$o .= replace_macros($tpl, array(
+			$o .= replace_macros($tpl, [
 				'$header' => $header,
 				'$messages' => $messages
-			));
+			]);
 
 		}
 		return $o;
diff --git a/Zotlabs/Widget/Wiki_pages.php b/Zotlabs/Widget/Wiki_pages.php
index ac44b8d88..39d4b1717 100644
--- a/Zotlabs/Widget/Wiki_pages.php
+++ b/Zotlabs/Widget/Wiki_pages.php
@@ -12,7 +12,7 @@ class Wiki_pages {
 
 		if(! $arr['resource_id']) {
 			$c = channelx_by_nick(argv(1));
-			$w = \Zotlabs\Lib\NativeWiki::exists_by_name($c['channel_id'],argv(2));
+			$w = \Zotlabs\Lib\NativeWiki::exists_by_name($c['channel_id'],urldecode(argv(2)));
 			$arr = array(
 				'resource_id' => $w['resource_id'],
 				'channel_id' => $c['channel_id'],