13 files changed, 51 insertions, 38 deletions

diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php
index 5e5798cac..a7082f45a 100644
--- a/Zotlabs/Lib/Enotify.php
+++ b/Zotlabs/Lib/Enotify.php
@@ -754,9 +754,9 @@ class Enotify {
 		// generate a multipart/alternative message header
 		$messageHeader =
 			$params['additionalMailHeader'] .
-			"From: $fromName <{$params['fromEmail']}>\n" .
-			"Reply-To: $fromName <{$params['replyTo']}>\n" .
-			"MIME-Version: 1.0\n" .
+			"From: $fromName <{$params['fromEmail']}>" . PHP_EOL .
+			"Reply-To: $fromName <{$params['replyTo']}>" . PHP_EOL . 
+			"MIME-Version: 1.0" . PHP_EOL . 
 			"Content-Type: multipart/alternative; boundary=\"{$mimeBoundary}\"";
 
 		// assemble the final multipart message body with the text and html types included
@@ -764,15 +764,15 @@ class Enotify {
 		$htmlBody = chunk_split(base64_encode($params['htmlVersion']));
 
 		$multipartMessageBody =
-			"--" . $mimeBoundary . "\n" .					// plain text section
-			"Content-Type: text/plain; charset=UTF-8\n" .
-			"Content-Transfer-Encoding: base64\n\n" .
-			$textBody . "\n" .
-			"--" . $mimeBoundary . "\n" .					// text/html section
-			"Content-Type: text/html; charset=UTF-8\n" .
-			"Content-Transfer-Encoding: base64\n\n" .
-			$htmlBody . "\n" .
-			"--" . $mimeBoundary . "--\n";					// message ending
+			"--" . $mimeBoundary . PHP_EOL .					// plain text section
+			"Content-Type: text/plain; charset=UTF-8" . PHP_EOL .
+			"Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL .
+			$textBody . PHP_EOL .
+			"--" . $mimeBoundary . PHP_EOL .					// text/html section
+			"Content-Type: text/html; charset=UTF-8" . PHP_EOL .
+			"Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL . 
+			$htmlBody . PHP_EOL .
+			"--" . $mimeBoundary . "--" . PHP_EOL;					// message ending
 
 		// send the message
 		$res = mail(
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php
index 5fdefd805..d4ef94e06 100644
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -414,12 +414,12 @@ class Channel extends Controller {
 				'$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
 				'$search' => $search,
 				'$xchan' => '',
-				'$order' => $order,
+				'$order' => (($order) ? urlencode($order) : ''),
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$file' => '',
 				'$cats' => (($category) ? urlencode($category) : ''),
 				'$tags' => (($hashtags) ? urlencode($hashtags) : ''),
-				'$mid' => $mid,
+				'$mid' => (($mid) ? urlencode($mid) : ''),
 				'$verb' => '',
 				'$net' => '',
 				'$dend' => $datequery,
diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php
index 967e9521d..6a93b3462 100644
--- a/Zotlabs/Module/Connections.php
+++ b/Zotlabs/Module/Connections.php
@@ -329,7 +329,7 @@ class Connections extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 			$o .= replace_macros(get_markup_template('connections.tpl'),array(
 				'$header' => t('Connections') . (($head) ? ': ' . $head : ''),
 				'$tabs' => $tabs,
diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php
index c29fa8326..5448a4816 100644
--- a/Zotlabs/Module/Directory.php
+++ b/Zotlabs/Module/Directory.php
@@ -399,7 +399,7 @@ class Directory extends \Zotlabs\Web\Controller {
 	
 							$dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory'));
 	
-							$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . ";  </script>";
+							$o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . ";  </script>";
 							$o .= replace_macros($tpl, array(
 								'$search' => $search,
 								'$desc' => t('Find'),
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 04e5f9fce..258aac556 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -233,7 +233,7 @@ class Display extends \Zotlabs\Web\Controller {
 				'$dbegin'  => '',
 				'$verb'    => '',
 				'$net'     => '',
-				'$mid'     => $mid
+				'$mid'     => (($mid) ? urlencode($mid) : '')
 			));
 
 			head_add_link([ 
diff --git a/Zotlabs/Module/Dreport.php b/Zotlabs/Module/Dreport.php
index 2c125b7a9..0fc36dc29 100644
--- a/Zotlabs/Module/Dreport.php
+++ b/Zotlabs/Module/Dreport.php
@@ -16,17 +16,20 @@ class Dreport extends \Zotlabs\Web\Controller {
 		$channel = \App::get_channel();
 		
 		$mid = ((argc() > 1) ? argv(1) : '');
+		$encoded_mid = '';
 
-		if(strpos($mid,'b64.') === 0)
+		if(strpos($mid,'b64.') === 0) {
+			$encoded_mid = $mid;
 			$mid = @base64url_decode(substr($mid,4));
-
-
+		}
 		if($mid === 'push') {
 			$table = 'push';
 			$mid = ((argc() > 2) ? argv(2) : '');
 
-			if(strpos($mid,'b64.') === 0)
+			if(strpos($mid,'b64.') === 0) {
+				$encoded_mid = $mid;
 				$mid = @base64url_decode(substr($mid,4));
+			}
 
 			if($mid) {	
 				$i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
@@ -40,7 +43,7 @@ class Dreport extends \Zotlabs\Web\Controller {
 				}
 			}
 			sleep(3);
-			goaway(z_root() . '/dreport/' . urlencode($mid));
+			goaway(z_root() . '/dreport/' . (($encoded_mid) ? $encoded_mid : $mid));
 		}
 
 		if($mid === 'mail') {
@@ -159,6 +162,7 @@ class Dreport extends \Zotlabs\Web\Controller {
 			'$title' => sprintf( t('Delivery report for %1$s'),basename($mid)) . '...',
 			'$table' => $table,
 			'$mid' => urlencode($mid),
+			'$safe_mid' => urlencode(gen_link_id($mid)),
 			'$options' => t('Options'),
 			'$push' => t('Redeliver'),
 			'$entries' => $entries
diff --git a/Zotlabs/Module/Hq.php b/Zotlabs/Module/Hq.php
index 3535ac71a..848fe3e25 100644
--- a/Zotlabs/Module/Hq.php
+++ b/Zotlabs/Module/Hq.php
@@ -194,7 +194,7 @@ class Hq extends \Zotlabs\Web\Controller {
 				'$dbegin'  => '',
 				'$verb'    => '',
 				'$net'     => '',
-				'$mid'     => $mid
+				'$mid'     => (($mid) ? urlencode($mid) : '')
 			]);
 		}
 
diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php
index 0daf28aa9..9d047ed7b 100644
--- a/Zotlabs/Module/Import.php
+++ b/Zotlabs/Module/Import.php
@@ -472,6 +472,9 @@ class Import extends \Zotlabs\Web\Controller {
 		if(is_array($data['app']))
 			import_apps($channel,$data['app']);
 
+		if(is_array($data['sysapp']))
+			import_sysapps($channel,$data['sysapp']);
+
 		if(is_array($data['chatroom']))
 			import_chatrooms($channel,$data['chatroom']);
 
diff --git a/Zotlabs/Module/Network.php b/Zotlabs/Module/Network.php
index 2019082ed..1c16e34ef 100644
--- a/Zotlabs/Module/Network.php
+++ b/Zotlabs/Module/Network.php
@@ -368,19 +368,19 @@ class Network extends \Zotlabs\Web\Controller {
 				'$static'  => $static, 
 				'$list'    => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$page'    => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
-				'$search'  => (($search) ? $search : ''),
-				'$xchan'   => $xchan,
+				'$search'  => (($search) ? urlencode($search) : ''),
+				'$xchan'   => (($xchan) ? urlencode($xchan) : ''),
 				'$order'   => $order,
-				'$file'    => $file,
-				'$cats'    => urlencode($category),
-				'$tags'    => urlencode($hashtags),
+				'$file'    => (($file) ? urlencode($file) : ''),
+				'$cats'    => (($category) ? urlencode($category) : ''),
+				'$tags'    => (($hashtags) ? urlencode($hashtags) : ''),
 				'$dend'    => $datequery,
 				'$mid'     => '',
-				'$verb'    => $verb,
-				'$net'     => $net,
+				'$verb'    => (($verb) ? urlencode($verb) : ''),
+				'$net'     => (($net) ? urlencode($net) : ''),
 				'$dbegin'  => $datequery2,
-				'$pf'      => (($pf) ? $pf : '0'),
-				'$unseen'  => $unseen
+				'$pf'      => (($pf) ? intval($pf) : 0),
+				'$unseen'  => (($unseen) ? urlencode($unseen) : '')
 			));
 		}
 	
diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php
index a761dbd14..3a6d77f00 100644
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -848,7 +848,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				killme();
 			}
 			else {
-				$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+				$o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 				$tpl = get_markup_template('photo_album.tpl');
 				$o .= replace_macros($tpl, array(
 					'$photos' => $photos,
@@ -1396,7 +1396,7 @@ class Photos extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 			$tpl = get_markup_template('photos_recent.tpl'); 
 			$o .= replace_macros($tpl, array(
 				'$title' => t('Recent Photos'),
diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php
index 94df29984..84ac42f72 100644
--- a/Zotlabs/Module/Pubstream.php
+++ b/Zotlabs/Module/Pubstream.php
@@ -149,11 +149,11 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				'$order'   => 'comment',
 				'$file'    => '',
 				'$cats'    => '',
-				'$tags'    => $hashtags,
+				'$tags'    => (($hashtags) ? urlencode($hashtags) : ''),
 				'$dend'    => '',
-				'$mid'     => $mid,
+				'$mid'     => (($mid) ? urlencode($mid) : ''),
 				'$verb'    => '',
-				'$net'     => $net,
+				'$net'     => (($net) ? urlencode($net) : ''),
 				'$dbegin'  => ''
 			));
 		}
diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php
index ce0538099..c809ff5ec 100644
--- a/Zotlabs/Module/Setup.php
+++ b/Zotlabs/Module/Setup.php
@@ -732,6 +732,12 @@ class Setup extends \Zotlabs\Web\Controller {
 		// install the standard theme
 		set_config('system', 'allowed_themes', 'redbasic');
 
+		// if imagick converter is installed, use it
+		if(@is_executable('/usr/bin/convert')) {
+			set_config('system','imagick_convert_path','/usr/bin/convert');
+		}
+
+
 		// Set a lenient list of ciphers if using openssl. Other ssl engines
 		// (e.g. NSS used in RedHat) require different syntax, so hopefully
 		// the default curl cipher list will work for most sites. If not,
diff --git a/Zotlabs/Module/Viewconnections.php b/Zotlabs/Module/Viewconnections.php
index 0a5e86907..30df0b9e4 100644
--- a/Zotlabs/Module/Viewconnections.php
+++ b/Zotlabs/Module/Viewconnections.php
@@ -107,7 +107,7 @@ class Viewconnections extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= "<script> var page_query = '" . escape_tags(urlencode($_GET['q'])) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 			$tpl = get_markup_template("viewcontact_template.tpl");
 			$o .= replace_macros($tpl, array(
 				'$title' => t('View Connections'),