6 files changed, 147 insertions, 18 deletions

diff --git a/include/contact_widgets.php b/include/contact_widgets.php
index af05f8c9f..2fa5dee0b 100644
--- a/include/contact_widgets.php
+++ b/include/contact_widgets.php
@@ -1,5 +1,6 @@
 <?php /** @file */
 
+
 function follow_widget() {
 	$a = get_app();
 	$uid =$a->channel['channel_id'];
@@ -149,4 +150,58 @@ function common_friends_visitor_widget($profile_uid) {
 		'$items' => $r
 	)); 
 
-};
\ No newline at end of file
+};
+
+
+function suggest_widget() {
+
+	require_once('include/socgraph.php');
+
+	$r = suggestion_query(local_user(),get_observer_hash(),0,20);
+
+	if(! $r) {
+		return;
+	}
+
+	$arr = array();
+
+	// Get two random entries from the top 20 returned.
+	// We'll grab the first one and the one immediately following.
+	// This will throw some entropy intot he situation so you won't 
+	// be looking at the same two mug shots every time the widget runs
+
+
+	$index = ((count($r) > 2) ? mt_rand(0,count($r) - 2) : 0);
+		
+
+	for($x = $index; $x <= ($index+1); $x ++) {
+
+		$rr = $r[$x];
+		if(! $rr['xchan_url'])
+			break;
+		
+		$connlnk = z_root() . '/follow/?url=' . $rr['xchan_addr'];
+
+		$arr[] = array(
+			'url' => chanlink_url($rr['xchan_url']),
+			'profile' => $rr['xchan_url'],
+			'name' => $rr['xchan_name'],
+			'photo' => $rr['xchan_photo_m'],
+			'ignlnk' => z_root() . '/suggest?ignore=' . $rr['xchan_hash'],
+			'conntxt' => t('Connect'),
+			'connlnk' => $connlnk,
+			'ignore' => t('Ignore/Hide')
+		);
+	}
+
+
+	$o = replace_macros(get_markup_template('suggest_widget.tpl'),array(
+		'$title' => t('Suggestions'),
+		'$more' => t('See more...'),
+		'$entries' => $arr
+	));
+
+	return $o;
+
+}
+
diff --git a/include/conversation.php b/include/conversation.php
index 13990e89b..f5fc9da93 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -203,6 +203,10 @@ function localize_item(&$item){
 	}
 
 	if (stristr($item['verb'],ACTIVITY_POKE)) {
+
+		// FIXME for obscured private posts, until then leave untranslated
+		return;
+
 		$verb = urldecode(substr($item['verb'],strpos($item['verb'],'#')+1));
 		if(! $verb)
 			return;
diff --git a/include/crypto.php b/include/crypto.php
index ca01814da..e9372fbb4 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -75,6 +75,8 @@ function aes_encapsulate($data,$pubkey) {
 }
 
 function crypto_unencapsulate($data,$prvkey) {
+	if(! $data)
+		return;
 	$alg = ((array_key_exists('alg',$data)) ? $data['alg'] : 'aes256cbc');
 	if($alg === 'aes256cbc')
 		return aes_unencapsulate($data,$prvkey);
diff --git a/include/items.php b/include/items.php
index b6a196f4a..4af544de1 100755
--- a/include/items.php
+++ b/include/items.php
@@ -202,11 +202,29 @@ function post_activity_item($arr) {
 		return $ret;
 	}
 
-	if(array_key_exists('content_type',$arr) && $arr['content_type'] == 'text/html')
-		$arr['body'] = purify_html($arr['body']);
-	else
-		$arr['body'] = escape_tags($arr['body']);
 
+	if(! array_key_exists('mimetype',$arr))
+		$arr['mimetype'] = 'text/bbcode';
+
+	if(array_key_exists('item_private',$arr) && $arr['item_private']) {
+
+		$arr['body'] = z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']);
+
+		if($channel) {
+			if($channel['channel_hash'] === $arr['author_xchan']) {
+				$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
+				$arr['item_flags'] = $arr['item_flags'] | ITEM_VERIFIED;
+			}
+		}
+
+		logger('Encrypting local storage');
+		$key = get_config('system','pubkey');
+		$arr['item_flags'] = $arr['item_flags'] | ITEM_OBSCURED;
+		if($arr['title'])
+			$arr['title'] = json_encode(aes_encapsulate($arr['title'],$key));
+		if($arr['body'])
+			$arr['body']  = json_encode(aes_encapsulate($arr['body'],$key));
+	}
 
 	$arr['mid']          = 	((x($arr,'mid')) ? $arr['mid'] : item_message_id());
 	$arr['parent_mid']   =  ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
@@ -238,7 +256,7 @@ function post_activity_item($arr) {
 
 
 	$post = item_store($arr);	
-	if($post['result'])
+	if($post['success'])
 		$post_id = $post['item_id'];
 
 	if($post_id) {
diff --git a/include/menu.php b/include/menu.php
index 900b48e65..c10a669b3 100644
--- a/include/menu.php
+++ b/include/menu.php
@@ -196,6 +196,31 @@ function menu_add_item($menu_id, $uid, $arr) {
 	$mitem_desc = escape_tags($arr['mitem_desc']);
 	$mitem_order = intval($arr['mitem_order']);	
 	$mitem_flags = intval($arr['mitem_flags']);
+
+	if(local_user() == $uid) {
+		$channel = get_app()->get_channel();	
+	}
+
+	if ((! $arr['contact_allow'])
+		&& (! $arr['group_allow'])
+		&& (! $arr['contact_deny'])
+		&& (! $arr['group_deny'])) {
+		$str_group_allow   = $channel['channel_allow_gid'];
+		$str_contact_allow = $channel['channel_allow_cid'];
+		$str_group_deny    = $channel['channel_deny_gid'];
+		$str_contact_deny  = $channel['channel_deny_cid'];
+	}
+	else {
+
+		// use the posted permissions
+
+		$str_group_allow   = perms2str($arr['group_allow']);
+		$str_contact_allow = perms2str($arr['contact_allow']);
+		$str_group_deny    = perms2str($arr['group_deny']);
+		$str_contact_deny  = perms2str($arr['contact_deny']);
+	}
+
+
 	$allow_cid = perms2str($arr['allow_cid']);
 	$allow_gid = perms2str($arr['allow_gid']);
 	$deny_cid = perms2str($arr['deny_cid']);
@@ -205,10 +230,10 @@ function menu_add_item($menu_id, $uid, $arr) {
 		dbesc($mitem_link),
 		dbesc($mitem_desc),
 		intval($mitem_flags),
-		dbesc($allow_cid),
-		dbesc($allow_gid),
-		dbesc($deny_cid),
-		dbesc($deny_gid),
+		dbesc($str_contact_allow),
+		dbesc($str_group_allow),
+		dbesc($str_contact_deny),
+		dbesc($str_group_deny),
 		intval($uid),
 		intval($menu_id),
 		intval($mitem_order)
@@ -225,19 +250,40 @@ function menu_edit_item($menu_id, $uid, $arr) {
 	$mitem_desc = escape_tags($arr['mitem_desc']);
 	$mitem_order = intval($arr['mitem_order']);	
 	$mitem_flags = intval($arr['mitem_flags']);
-	$allow_cid = perms2str($arr['allow_cid']);
-	$allow_gid = perms2str($arr['allow_gid']);
-	$deny_cid = perms2str($arr['deny_cid']);
-	$deny_gid = perms2str($arr['deny_gid']);
+
+
+	if(local_user() == $uid) {
+		$channel = get_app()->get_channel();	
+	}
+
+	if ((! $arr['contact_allow'])
+		&& (! $arr['group_allow'])
+		&& (! $arr['contact_deny'])
+		&& (! $arr['group_deny'])) {
+		$str_group_allow   = $channel['channel_allow_gid'];
+		$str_contact_allow = $channel['channel_allow_cid'];
+		$str_group_deny    = $channel['channel_deny_gid'];
+		$str_contact_deny  = $channel['channel_deny_cid'];
+	}
+	else {
+
+		// use the posted permissions
+
+		$str_group_allow   = perms2str($arr['group_allow']);
+		$str_contact_allow = perms2str($arr['contact_allow']);
+		$str_group_deny    = perms2str($arr['group_deny']);
+		$str_contact_deny  = perms2str($arr['contact_deny']);
+	}
+
 
 	$r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d  where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d limit 1",
 		dbesc($mitem_link),
 		dbesc($mitem_desc),
 		intval($mitem_flags),
-		dbesc($allow_cid),
-		dbesc($allow_gid),
-		dbesc($deny_cid),
-		dbesc($deny_gid),
+		dbesc($str_contact_allow),
+		dbesc($str_group_allow),
+		dbesc($str_contact_deny),
+		dbesc($str_group_deny),
 		intval($mitem_order),
 		intval($uid),
 		intval($menu_id),
diff --git a/include/socgraph.php b/include/socgraph.php
index b34d5142c..0e91eba60 100644
--- a/include/socgraph.php
+++ b/include/socgraph.php
@@ -287,11 +287,13 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) {
 		and not xlink_link in ( select xchan from xign where uid = %d )
 		and xlink_xchan != ''
 		and not ( xchan_flags & %d )
+		and not ( xchan_flags & %d )
 		group by xchan_hash order by total desc limit %d, %d ",
 		intval($uid),
 		intval($uid),
 		intval($uid),
 		intval(XCHAN_FLAGS_HIDDEN),
+		intval(XCHAN_FLAGS_DELETED),
 		intval($start),
 		intval($limit)
 	);
@@ -305,10 +307,12 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) {
 		and not xlink_link in ( select abook_xchan from abook where abook_channel = %d )
 		and not xlink_link in ( select xchan from xign where uid = %d )
 		and not ( xchan_flags & %d )
+		and not ( xchan_flags & %d )
 		group by xchan_hash order by total desc limit %d, %d ",
 		intval($uid),
 		intval($uid),
 		intval(XCHAN_FLAGS_HIDDEN),
+		intval(XCHAN_FLAGS_DELETED),
 		intval($start),
 		intval($limit)
 	);