From 16930c1c54ef4bb3077bb868a366c0165eb33fae Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 15 May 2018 16:08:51 -0700
Subject: anybody authenticated not correctly handled in can_comment_on_post()

---
 include/items.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/items.php b/include/items.php
index 55b5a73db..e75a9659d 100755
--- a/include/items.php
+++ b/include/items.php
@@ -261,6 +261,7 @@ function can_comment_on_post($observer_xchan, $item) {
 				return true;
 			break;
 		case 'public':
+		case 'authenticated':
 			// We don't really allow or support public comments yet, but anonymous
 			// folks won't ever reach this point (as $observer_xchan will be empty).
 			// This means the viewer has an xchan and we can identify them.
@@ -268,7 +269,6 @@ function can_comment_on_post($observer_xchan, $item) {
 			break;
 		case 'any connections':
 		case 'contacts':
-		case 'authenticated':
 		case '':
 			if(array_key_exists('owner',$item) && get_abconfig($item['uid'],$item['owner']['abook_xchan'],'their_perms','post_comments')) {
 					return true;
-- 
cgit v1.2.3


From aac5fd96cc9ea03a329234f6b2bd8b12a0f4ae5f Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 15 May 2018 16:51:04 -0700
Subject: provide function to fetch photo contents from url

---
 Zotlabs/Module/Linkinfo.php |  6 +++---
 Zotlabs/Module/Photo.php    | 11 ++++-------
 include/photos.php          | 20 ++++++++++++++++++++
 3 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/Zotlabs/Module/Linkinfo.php b/Zotlabs/Module/Linkinfo.php
index 3f58f3e01..f0d62b5e0 100644
--- a/Zotlabs/Module/Linkinfo.php
+++ b/Zotlabs/Module/Linkinfo.php
@@ -55,10 +55,10 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 			$h = explode("\n",$result['header']);
 			foreach ($h as $l) {
 				list($k,$v) = array_map("trim", explode(":", trim($l), 2));
-				$hdrs[$k] = $v;
+				$hdrs[strtolower($k)] = $v;
 			}
-			if (array_key_exists('Content-Type', $hdrs))
-				$type = $hdrs['Content-Type'];
+			if (array_key_exists('content-type', $hdrs))
+				$type = $hdrs['content-type'];
 			if($type) {
 				$zrl = is_matrix_url($url);
 				if(stripos($type,'image/') !== false) {
diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index ccc59ed09..29ad06e80 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -83,7 +83,7 @@ class Photo extends \Zotlabs\Web\Controller {
 					$data = file_get_contents($data);
 			}
 			if(! $data) {
-				$data = file_get_contents($default);
+				$data = fetch_image_from_url($default,$mimetype);
 			}
 			if(! $mimetype) {
 				$mimetype = 'image/png';
@@ -183,16 +183,13 @@ class Photo extends \Zotlabs\Web\Controller {
 				switch($resolution) {
 	
 					case 4:
-						$data = file_get_contents(z_root() . '/' . get_default_profile_photo());
-						$mimetype = 'image/png';
+						$data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(),$mimetype);
 						break;
 					case 5:
-						$data = file_get_contents(z_root() . '/' . get_default_profile_photo(80));
-						$mimetype = 'image/png';
+						$data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(80),$mimetype);
 						break;
 					case 6:
-						$data = file_get_contents(z_root() . '/' . get_default_profile_photo(48));
-						$mimetype = 'image/png';
+						$data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(48),$mimetype);
 						break;
 					default:
 						killme();
diff --git a/include/photos.php b/include/photos.php
index 2d2c9cc13..9fb872700 100644
--- a/include/photos.php
+++ b/include/photos.php
@@ -1011,3 +1011,23 @@ function profile_photo_set_profile_perms($uid, $profileid = 0) {
 		}
 	}
 }
+
+function fetch_image_from_url($url,&$mimetype) {
+
+	$redirects = 0;
+	$x = z_fetch_url($url,true,$redirects,[ 'novalidate' => true ]);
+	if($x['success']) {
+		$hdrs = [];
+		$h = explode("\n",$x['header']);
+		foreach ($h as $l) {
+			list($k,$v) = array_map("trim", explode(":", trim($l), 2));
+			$hdrs[strtolower($k)] = $v;
+		}
+		if (array_key_exists('content-type', $hdrs))
+			$mimetype = $hdrs['content-type'];
+
+		return $x['body'];
+	}
+
+	return EMPTY_STR;
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 12c571a1878348c77362a345853eb9575943ef38 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Wed, 16 May 2018 10:47:18 +0200
Subject: missing include

---
 Zotlabs/Module/Photo.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php
index 29ad06e80..f348866d9 100644
--- a/Zotlabs/Module/Photo.php
+++ b/Zotlabs/Module/Photo.php
@@ -4,6 +4,7 @@ namespace Zotlabs\Module;
 require_once('include/security.php');
 require_once('include/attach.php');
 require_once('include/photo/photo_driver.php');
+require_once('include/photos.php');
 
 
 class Photo extends \Zotlabs\Web\Controller {
-- 
cgit v1.2.3


From 5a6141faa2a87a4aeb00a566c1230f35544ff3d2 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Thu, 17 May 2018 12:58:59 +0200
Subject: display address in contact_format() instead of nick

---
 view/js/autocomplete.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/view/js/autocomplete.js b/view/js/autocomplete.js
index e5a551344..54eb03e13 100644
--- a/view/js/autocomplete.js
+++ b/view/js/autocomplete.js
@@ -40,7 +40,7 @@ function contact_format(item) {
 		var desc = ((item.label) ? item.nick + ' ' + item.label : item.nick);
 		if(typeof desc === 'undefined') desc = '';
 		if(desc) desc = ' ('+desc+')';
-		return "<div class='{0} dropdown-item dropdown-notification clearfix' title='{4}'><img class='menu-img-2' src='{1}'><span class='contactname'>{2}</span><span class='dropdown-sub-text'>{3}</span></div>".format(item.taggable, item.photo, item.name, desc, typeof(item.link) !== 'undefined' ? item.link : desc.replace('(','').replace(')',''));
+		return "<div class='{0} dropdown-item dropdown-notification clearfix' title='{4}'><img class='menu-img-2' src='{1}'><span class='contactname'>{2}</span><span class='dropdown-sub-text'>{4}</span></div>".format(item.taggable, item.photo, item.name, desc, typeof(item.link) !== 'undefined' ? item.link : desc.replace('(','').replace(')',''));
 	}
 	else
 		return "<div>" + item.text + "</div>";
-- 
cgit v1.2.3