From a1f3a5d9b680157b8a9f0bf61852a76530ee11f3 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Mon, 17 Sep 2018 22:16:10 +0200
Subject: remove unused variable

---
 Zotlabs/Module/Settings/Network.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Zotlabs/Module/Settings/Network.php b/Zotlabs/Module/Settings/Network.php
index 14a118f2c..7d19d7c51 100644
--- a/Zotlabs/Module/Settings/Network.php
+++ b/Zotlabs/Module/Settings/Network.php
@@ -37,7 +37,6 @@ class Network {
 			'$form_security_token' => get_form_security_token("settings_network"),
 			'$title' => t('Activity Settings'),
 			'$features'  => $arr,
-			'$baseurl'   => z_root(),
 			'$submit'    => t('Submit'),
 		));
 	
-- 
cgit v1.2.3


From 71c599f50ef2933f3898d55823aec351f95d5828 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Mon, 17 Sep 2018 22:16:42 +0200
Subject: remove superfluous comma

---
 Zotlabs/Module/Settings/Network.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Zotlabs/Module/Settings/Network.php b/Zotlabs/Module/Settings/Network.php
index 7d19d7c51..4e2e3915e 100644
--- a/Zotlabs/Module/Settings/Network.php
+++ b/Zotlabs/Module/Settings/Network.php
@@ -37,7 +37,7 @@ class Network {
 			'$form_security_token' => get_form_security_token("settings_network"),
 			'$title' => t('Activity Settings'),
 			'$features'  => $arr,
-			'$submit'    => t('Submit'),
+			'$submit'    => t('Submit')
 		));
 	
 		return $o;
-- 
cgit v1.2.3


From 34fec995f711b03bc19580ee9e57c22712cf51df Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Wed, 19 Sep 2018 15:00:06 +0200
Subject: allow a second url in apd files for settings, hide pin and star
 buttons in edit mode and use strpos() instead of strstr() in some places

---
 Zotlabs/Lib/Apps.php | 30 +++++++++++++++++++-----------
 app/grid.apd         |  4 ++--
 view/tpl/app.tpl     |  1 +
 3 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php
index aa7e2282d..905a20ee0 100644
--- a/Zotlabs/Lib/Apps.php
+++ b/Zotlabs/Lib/Apps.php
@@ -388,9 +388,7 @@ class Apps {
 
 		// This will catch somebody clicking on a system "available" app that hasn't had the path macros replaced
 		// and they are allowed to see the app
-
-
-		if(strstr($papp['url'],'$baseurl') || strstr($papp['url'],'$nick') || strstr($papp['photo'],'$baseurl') || strstr($pap['photo'],'$nick')) {
+		if(strpos($papp['url'],'$baseurl') || strpos($papp['url'],'$nick') || strpos($papp['photo'],'$baseurl') || strpos($papp['photo'],'$nick')) {
 			$view_channel = local_channel();
 			if(! $view_channel) {
 				$sys = get_sys_channel();
@@ -399,7 +397,13 @@ class Apps {
 			self::app_macros($view_channel,$papp); 
 		}
 
-		if(! strstr($papp['url'],'://'))
+		if(strpos($papp['url'], ',')) {
+			$urls = explode(',', $papp['url']);
+			$papp['url'] = trim($urls[0]);
+			$papp['settings_url'] = trim($urls[1]);
+		}
+
+		if(! strpos($papp['url'],'://'))
 			$papp['url'] = z_root() . ((strpos($papp['url'],'/') === 0) ? '' : '/') . $papp['url'];
 
 
@@ -468,7 +472,9 @@ class Apps {
 		$hosturl = '';
 
 		if(local_channel()) {
-			$installed = self::app_installed(local_channel(),$papp);
+			if(self::app_installed(local_channel(),$papp) && !$papp['deleted'])
+				$installed = true;
+
 			$hosturl = z_root() . '/';
 		}
 		elseif(remote_channel()) {
@@ -495,6 +501,7 @@ class Apps {
 		if($mode === 'install') {
 			$papp['embed'] = true;
 		}
+
 		return replace_macros(get_markup_template('app.tpl'),array(
 			'$app' => $papp,
 			'$icon' => $icon,
@@ -503,11 +510,12 @@ class Apps {
 			'$installed' => $installed,
 			'$action_label' => (($hosturl && in_array($mode, ['view','install'])) ? $install_action : ''),
 			'$edit' => ((local_channel() && $installed && $mode == 'edit') ? t('Edit') : ''),
-			'$delete' => ((local_channel() && $installed && $mode == 'edit') ? t('Delete') : ''),
-			'$undelete' => ((local_channel() && $installed && $mode == 'edit') ? t('Undelete') : ''),
+			'$delete' => ((local_channel() && $mode == 'edit') ? t('Delete') : ''),
+			'$undelete' => ((local_channel() && $mode == 'edit') ? t('Undelete') : ''),
+			'$settings_url' => ((local_channel() && $installed && $mode == 'list') ? $papp['settings_url'] : ''),
 			'$deleted' => $papp['deleted'],
-			'$feature' => (($papp['embed']) ? false : true),
-			'$pin' => (($papp['embed']) ? false : true),
+			'$feature' => (($papp['embed'] || $mode == 'edit') ? false : true),
+			'$pin' => (($papp['embed'] || $mode == 'edit') ? false : true),
 			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
 			'$pinned' => ((strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true),
 			'$navapps' => (($mode == 'nav') ? true : false),
@@ -912,7 +920,7 @@ class Apps {
 			$arr['author'] = $sys['channel_hash'];
 		}
 
-		if($arr['photo'] && (strpos($arr['photo'],'icon:') === false) && (! strstr($arr['photo'],z_root()))) {
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') === false) && (! strpos($arr['photo'],z_root()))) {
 			$x = import_xchan_photo(str_replace('$baseurl',z_root(),$arr['photo']),get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
@@ -998,7 +1006,7 @@ class Apps {
 		if((! $darray['app_url']) || (! $darray['app_id']))
 			return $ret;
 
-		if($arr['photo'] && (strpos($arr['photo'],'icon:') === false) && (! strstr($arr['photo'],z_root()))) {
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') === false) && (! strpos($arr['photo'],z_root()))) {
 			$x = import_xchan_photo(str_replace('$baseurl',z_root(),$arr['photo']),get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
diff --git a/app/grid.apd b/app/grid.apd
index c826974a4..026b3c349 100644
--- a/app/grid.apd
+++ b/app/grid.apd
@@ -1,5 +1,5 @@
-version: 1
-url: $baseurl/network
+version: 1.1
+url: $baseurl/network, $baseurl/settings/network
 requires: local_channel
 name: Grid
 photo: icon:th
diff --git a/view/tpl/app.tpl b/view/tpl/app.tpl
index 3245a86e0..042f48704 100644
--- a/view/tpl/app.tpl
+++ b/view/tpl/app.tpl
@@ -20,6 +20,7 @@
 		{{if $delete}}<button type="submit" name="delete" value="{{if $deleted}}{{$undelete}}{{else}}{{$delete}}{{/if}}" class="btn btn-outline-secondary btn-sm" title="{{if $deleted}}{{$undelete}}{{else}}{{$delete}}{{/if}}" ><i class="fa fa-fw fa-trash-o drop-icons"></i></button>{{/if}}
 		{{if $feature}}<button type="submit" name="feature" value="nav_featured_app" class="btn btn-outline-secondary btn-sm" title="{{if $featured}}{{$remove}}{{else}}{{$add}}{{/if}}"><i class="fa fa-fw fa-star{{if $featured}} text-warning{{/if}}"></i></button>{{/if}}
 		{{if $pin}}<button type="submit" name="pin" value="nav_pinned_app" class="btn btn-outline-secondary btn-sm" title="{{if $pinned}}{{$remove_nav}}{{else}}{{$add_nav}}{{/if}}"><i class="fa fa-fw fa-thumb-tack{{if $pinned}} text-success{{/if}}"></i></button>{{/if}}
+		{{if $settings_url}}<a href="{{$settings_url}}" class="btn btn-outline-secondary btn-sm"><i class="fa fa-fw fa-cog"></i></a>{{/if}}
 		</form>
 	</div>
 	{{/if}}
-- 
cgit v1.2.3


From f2c59b3881d50dce907821054d9b79df4d009827 Mon Sep 17 00:00:00 2001
From: "M.Dent (DM42.Net)" <dentm42@gmail.com>
Date: Wed, 19 Sep 2018 21:18:06 -0400
Subject: Document new hooks

---
 doc/hook/attach_delete.bb           | 11 +++++++++++
 doc/hook/content_security_policy.bb | 39 +++++++++++++++++++++++++++++++++++++
 doc/hook/dreport_process.bb         |  7 +++++++
 doc/hook/dropdown_extras.bb         | 17 ++++++++++++++++
 doc/hooklist.bb                     | 26 ++++++++++++++++++-------
 5 files changed, 93 insertions(+), 7 deletions(-)
 create mode 100644 doc/hook/attach_delete.bb
 create mode 100644 doc/hook/content_security_policy.bb
 create mode 100644 doc/hook/dreport_process.bb
 create mode 100644 doc/hook/dropdown_extras.bb

diff --git a/doc/hook/attach_delete.bb b/doc/hook/attach_delete.bb
new file mode 100644
index 000000000..3b63f28d3
--- /dev/null
+++ b/doc/hook/attach_delete.bb
@@ -0,0 +1,11 @@
+[h2]attach_delete[/h2]
+
+Invoked when an attachment is deleted using attach_delete().
+
+[code]
+$arr = ['channel_id' => $channel_id, 'resource' => $resource, 'is_photo'=>$is_photo];
+call_hooks("attach_delete",$arr);
+[/code]
+
+
+See include/attach.php
diff --git a/doc/hook/content_security_policy.bb b/doc/hook/content_security_policy.bb
new file mode 100644
index 000000000..96b8095ae
--- /dev/null
+++ b/doc/hook/content_security_policy.bb
@@ -0,0 +1,39 @@
+[h2]content_security_policy[/h2]
+
+Called to modify CSP settings prior to the output of the Content-Security-Policy header.
+
+This hook permits addons to modify the content-security-policy if necessary to allow loading of foreign js libraries or css styles.
+
+[code]
+if(App::$config['system']['content_security_policy']) {
+        $cspsettings = Array (
+                'script-src' => Array ("'self'","'unsafe-inline'","'unsafe-eval'"),
+                'style-src' => Array ("'self'","'unsafe-inline'")
+        );
+        call_hooks('content_security_policy',$cspsettings);
+
+        // Legitimate CSP directives (cxref: https://content-security-policy.com/)
+        $validcspdirectives=Array(
+                "default-src", "script-src", "style-src",
+                "img-src", "connect-src", "font-src",
+                "object-src", "media-src", 'frame-src',
+                'sandbox', 'report-uri', 'child-src',
+                'form-action', 'frame-ancestors', 'plugin-types'
+        );
+        $cspheader = "Content-Security-Policy:";
+        foreach ($cspsettings as $cspdirective => $csp) {
+                if (!in_array($cspdirective,$validcspdirectives)) {
+                        logger("INVALID CSP DIRECTIVE: ".$cspdirective,LOGGER_DEBUG);
+                        continue;
+                }
+                $cspsettingsarray=array_unique($cspsettings[$cspdirective]);
+                $cspsetpolicy = implode(' ',$cspsettingsarray);
+                if ($cspsetpolicy) {
+                        $cspheader .= " ".$cspdirective." ".$cspsetpolicy.";";
+                }
+        }
+        header($cspheader);
+}
+[/code]
+
+see: boot.php
diff --git a/doc/hook/dreport_process.bb b/doc/hook/dreport_process.bb
new file mode 100644
index 000000000..3ad331f41
--- /dev/null
+++ b/doc/hook/dreport_process.bb
@@ -0,0 +1,7 @@
+[h2]dreport_process[/h2]
+
+Called for each delivery report received
+
+Passed a delivery_report array.
+
+see: include/zot.php
diff --git a/doc/hook/dropdown_extras.bb b/doc/hook/dropdown_extras.bb
new file mode 100644
index 000000000..6d7110a76
--- /dev/null
+++ b/doc/hook/dropdown_extras.bb
@@ -0,0 +1,17 @@
+[h2]dropdown_extras[/h2]
+
+Modify the dropdown menu available through the cog of items as displayed by conv_item.tpl
+
+This hook allows plugins to add arbitrary html to the cog dropdown of thread items displayed with the conv_item.tpl template.
+
+It is fed an array of ['item' => $item, 'dropdown_extras' => ''].  Any additions to the cog menu should be prepended/appended to
+the ['dropdown_extras'] element.
+
+[code]
+$dropdown_extras_arr = [ 'item' => $item , 'dropdown_extras' => '' ];
+call_hooks('dropdown_extras',$dropdown_extras_arr);
+$dropdown_extras = $dropdown_extras_arr['dropdown_extras'];
+[/code]
+
+see: Zotlabs/Lib/ThreadItem.php
+see: view/tpl/conv_item.tpl
diff --git a/doc/hooklist.bb b/doc/hooklist.bb
index 4b36fa3e0..591c3cab0 100644
--- a/doc/hooklist.bb
+++ b/doc/hooklist.bb
@@ -52,6 +52,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/app_menu]app_menu[/zrl]
 	Called when generating the app_menu dropdown (may be obsolete)
 
+[zrl=[baseurl]/help/hook/attach_delete]attach_delete[/zrl]
+	Called when attachments are deleted from the attach table
+
 [zrl=[baseurl]/help/hook/atom_author]atom_author[/zrl]
 	Called when generating an author or owner element for an Atom ActivityStream feed
 
@@ -113,7 +116,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	Validate the email provided in an account registration
 
 [zrl=[baseurl]/help/hook/check_account_invite]check_account_invite[/zrl]
-	Validate an invitation code when using site invitations	
+	Validate an invitation code when using site invitations
 
 [zrl=[baseurl]/help/hook/check_account_password]check_account_password[/zrl]
 	Used to provide policy control over account passwords (minimum length, character set inclusion, etc.)
@@ -137,7 +140,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	Called when posting to the features/addon settings page
 
 [zrl=[baseurl]/help/hook/construct_page]construct_page[/zrl]
-	General purpose hook to provide content to certain page regions. Called when constructing the Comanche page. 
+	General purpose hook to provide content to certain page regions. Called when constructing the Comanche page.
 
 [zrl=[baseurl]/help/hook/contact_block_end]contact_block_end[/zrl]
 	Called when generating the sidebar "Connections" widget
@@ -151,8 +154,11 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/contact_select_options]contact_select_options[/zrl]
 	Deprecated/unused
 
+[zrl=[baseurl]/help/hook/content_security_policy]content_security_policy[/zrl]
+	Called prior to output of the Content-Security-Policy header
+
 [zrl=[baseurl]/help/hook/conversation_start]conversation_start[/zrl]
-	Called in the beginning of rendering a conversation (message or message collection or stream)	
+	Called in the beginning of rendering a conversation (message or message collection or stream)
 
 [zrl=[baseurl]/help/hook/cover_photo_content_end]cover_photo_content_end[/zrl]
 	Called after a cover photo has been uplaoded
@@ -183,7 +189,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 
 [zrl=[baseurl]/help/hook/display_item]display_item[/zrl]
 	Called for each item being displayed in a conversation thread
-	
+
 [zrl=[baseurl]/help/hook/display_settings]display_settings[/zrl]
 	Called from settings module when displaying the 'display settings' section
 
@@ -202,6 +208,12 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/dreport_is_storable]dreport_is_storable[/zrl]
 	called before storing a dreport record to determine whether to store it
 
+[zrl=[baseurl]/help/hook/dreport_process]dreport_process[/zrl]
+	called for each valid delivery report
+
+[zrl=[baseurl]/help/hook/dropdown_extras]dropdown_extras[/zrl]
+	Add additional items to the dropdown cog when item/threads are displayed.
+
 [zrl=[baseurl]/help/hook/drop_item]drop_item[/zrl]
 	called when an 'item' is removed
 
@@ -260,7 +272,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	called to generate the HTML for displaying a map location by text location
 
 [zrl=[baseurl]/help/hook/get_all_api_perms]get_all_api_perms[/zrl]
-	Called when retrieving the permissions for API uses 
+	Called when retrieving the permissions for API uses
 
 [zrl=[baseurl]/help/hook/get_all_perms]get_all_perms[/zrl]
 	called when get_all_perms() is used
@@ -446,7 +458,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	Called when probing a URL to generate post content from it
 
 [zrl=[baseurl]/help/hook/pdl_selector]pdl_selector[/zrl]
-	Called when creating a layout selection in a form	
+	Called when creating a layout selection in a form
 
 [zrl=[baseurl]/help/hook/perm_is_allowed]perm_is_allowed[/zrl]
 	Called during perm_is_allowed() to determine if a permission is allowed for this channel and observer
@@ -540,7 +552,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 
 [zrl=[baseurl]/help/hook/queue_deliver]queue_deliver[/zrl]
 	Called when delivering a queued message
- 
+
 [zrl=[baseurl]/help/hook/register_account]register_account[/zrl]
 	Called when an account has been created
 
-- 
cgit v1.2.3


From 456fe71ca9b768980f578494ee39c46cba946bc8 Mon Sep 17 00:00:00 2001
From: "M.Dent (DM42.Net)" <dentm42@gmail.com>
Date: Wed, 19 Sep 2018 21:54:46 -0400
Subject: add hook: permit_hook

---
 doc/hook/permit_hook.bb |  0
 doc/hooklist.bb         | 17 ++++++++++-------
 include/plugin.php      | 12 ++++++++++++
 3 files changed, 22 insertions(+), 7 deletions(-)
 create mode 100644 doc/hook/permit_hook.bb

diff --git a/doc/hook/permit_hook.bb b/doc/hook/permit_hook.bb
new file mode 100644
index 000000000..e69de29bb
diff --git a/doc/hooklist.bb b/doc/hooklist.bb
index 4b36fa3e0..373547d8b 100644
--- a/doc/hooklist.bb
+++ b/doc/hooklist.bb
@@ -113,7 +113,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	Validate the email provided in an account registration
 
 [zrl=[baseurl]/help/hook/check_account_invite]check_account_invite[/zrl]
-	Validate an invitation code when using site invitations	
+	Validate an invitation code when using site invitations
 
 [zrl=[baseurl]/help/hook/check_account_password]check_account_password[/zrl]
 	Used to provide policy control over account passwords (minimum length, character set inclusion, etc.)
@@ -137,7 +137,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	Called when posting to the features/addon settings page
 
 [zrl=[baseurl]/help/hook/construct_page]construct_page[/zrl]
-	General purpose hook to provide content to certain page regions. Called when constructing the Comanche page. 
+	General purpose hook to provide content to certain page regions. Called when constructing the Comanche page.
 
 [zrl=[baseurl]/help/hook/contact_block_end]contact_block_end[/zrl]
 	Called when generating the sidebar "Connections" widget
@@ -152,7 +152,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	Deprecated/unused
 
 [zrl=[baseurl]/help/hook/conversation_start]conversation_start[/zrl]
-	Called in the beginning of rendering a conversation (message or message collection or stream)	
+	Called in the beginning of rendering a conversation (message or message collection or stream)
 
 [zrl=[baseurl]/help/hook/cover_photo_content_end]cover_photo_content_end[/zrl]
 	Called after a cover photo has been uplaoded
@@ -183,7 +183,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 
 [zrl=[baseurl]/help/hook/display_item]display_item[/zrl]
 	Called for each item being displayed in a conversation thread
-	
+
 [zrl=[baseurl]/help/hook/display_settings]display_settings[/zrl]
 	Called from settings module when displaying the 'display settings' section
 
@@ -260,7 +260,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	called to generate the HTML for displaying a map location by text location
 
 [zrl=[baseurl]/help/hook/get_all_api_perms]get_all_api_perms[/zrl]
-	Called when retrieving the permissions for API uses 
+	Called when retrieving the permissions for API uses
 
 [zrl=[baseurl]/help/hook/get_all_perms]get_all_perms[/zrl]
 	called when get_all_perms() is used
@@ -446,7 +446,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 	Called when probing a URL to generate post content from it
 
 [zrl=[baseurl]/help/hook/pdl_selector]pdl_selector[/zrl]
-	Called when creating a layout selection in a form	
+	Called when creating a layout selection in a form
 
 [zrl=[baseurl]/help/hook/perm_is_allowed]perm_is_allowed[/zrl]
 	Called during perm_is_allowed() to determine if a permission is allowed for this channel and observer
@@ -457,6 +457,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/permissions_update]permissions_update[/zrl]
 	Called when a permissions refresh is transmitted
 
+[zrl=[baseurl]/help/hook/permit_hook]permit_hook[/zrl]
+	Called before a registered hook is actually executed to determine if it should be allowed or blocked
+
 [zrl=[baseurl]/help/hook/personal_xrd]personal_xrd[/zrl]
 	Called when generating the personal XRD for "old webfinger" (Diaspora)
 
@@ -540,7 +543,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 
 [zrl=[baseurl]/help/hook/queue_deliver]queue_deliver[/zrl]
 	Called when delivering a queued message
- 
+
 [zrl=[baseurl]/help/hook/register_account]register_account[/zrl]
 	Called when an account has been created
 
diff --git a/include/plugin.php b/include/plugin.php
index 9757be356..2239f017d 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -458,6 +458,18 @@ function call_hooks($name, &$data = null) {
 
 	if (isset(App::$hooks[$name])) { 
 		foreach(App::$hooks[$name] as $hook) {
+
+			if ($name != 'permit_hook') { // avoid looping
+				$checkhook = [
+ 					'name'=>$name,
+ 					'hook'=>$hook,
+ 					'permit'=>true
+ 					];
+ 				call_hooks('permit_hook',$checkhook);
+ 				if (!$checkhook['permit']) {
+ 					continue;
+ 				}
+			}
 			$origfn = $hook[1];
 			if($hook[0])
 				@include_once($hook[0]);
-- 
cgit v1.2.3


From 3ee632514c44317ede9280a6975a698c61775aa1 Mon Sep 17 00:00:00 2001
From: "M.Dent (DM42.Net)" <dentm42@gmail.com>
Date: Wed, 19 Sep 2018 22:33:25 -0400
Subject: Add  structure to permit_hook

---
 include/plugin.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/plugin.php b/include/plugin.php
index 2239f017d..fdc62b3a7 100755
--- a/include/plugin.php
+++ b/include/plugin.php
@@ -463,12 +463,19 @@ function call_hooks($name, &$data = null) {
 				$checkhook = [
  					'name'=>$name,
  					'hook'=>$hook,
+                                        'data'=>$data,
+						// Note: Since PHP uses COPY-ON-WRITE
+                                                // for variables, there is no cost to
+						// passing the $data structure (unless
+						// the permit_hook processors change the
+						// information it contains.
  					'permit'=>true
  					];
  				call_hooks('permit_hook',$checkhook);
  				if (!$checkhook['permit']) {
  					continue;
  				}
+				$data = $checkhook['data'];
 			}
 			$origfn = $hook[1];
 			if($hook[0])
-- 
cgit v1.2.3


From ad8226d549f40a1ae1ea47a83778afffb9230042 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Thu, 20 Sep 2018 12:10:27 +0200
Subject: deal with the ability to provide settings url in apd files in
 include/nav.php

---
 include/nav.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/nav.php b/include/nav.php
index 9afba7945..f8d6f2438 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -206,7 +206,14 @@ function nav($template = 'default') {
 		);
 	
 		if($active_app) {
-			$url = $active_app[0]['app_url'];
+			if(strpos($active_app[0]['app_url'], ',')) {
+				$urls = explode(',', $active_app[0]['app_url']);
+				$url = trim($urls[0]);
+				$settings_url = trim($urls[1]);
+			}
+			else {
+				$url = $active_app[0]['app_url'];
+			}
 		}
 	}
 
-- 
cgit v1.2.3


From 1ca558f011b21b0a493d294501f530e57bdd574e Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Thu, 20 Sep 2018 13:22:41 +0200
Subject: move connection filtering setting from network to connections,
 provide a link to settings in the navbar if present for a module and some
 code optimisation

---
 Zotlabs/Module/Connections.php          | 21 ++++++++------
 Zotlabs/Module/Settings/Connections.php | 51 +++++++++++++++++++++++++++++++++
 Zotlabs/Module/Settings/Network.php     | 14 ++-------
 app/connections.apd                     |  4 +--
 include/features.php                    | 17 +++++++++++
 include/nav.php                         | 11 +++++--
 view/tpl/navbar_default.tpl             |  8 ++++++
 view/tpl/settings_addon.tpl             | 13 +++++++++
 8 files changed, 113 insertions(+), 26 deletions(-)
 create mode 100644 Zotlabs/Module/Settings/Connections.php
 create mode 100644 view/tpl/settings_addon.tpl

diff --git a/Zotlabs/Module/Connections.php b/Zotlabs/Module/Connections.php
index cecada769..0e5f1dfe2 100644
--- a/Zotlabs/Module/Connections.php
+++ b/Zotlabs/Module/Connections.php
@@ -1,6 +1,7 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
 
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
@@ -12,8 +13,10 @@ class Connections extends \Zotlabs\Web\Controller {
 	
 		if(! local_channel())
 			return;
+
+		App::$profile_uid = local_channel();
 	
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 		if($channel)
 			head_set_icon($channel['xchan_photo_s']);
 	
@@ -43,7 +46,7 @@ class Connections extends \Zotlabs\Web\Controller {
 		$all         = false;
 	
 		if(! $_REQUEST['aj'])
-			$_SESSION['return_url'] = \App::$query_string;
+			$_SESSION['return_url'] = App::$query_string;
 	
 		$search_flags = "";
 		$head = '';
@@ -88,14 +91,14 @@ class Connections extends \Zotlabs\Web\Controller {
 						$search_flags = " and abook_pending = 1 ";
 						$head = t('New');
 						$pending = true;
-						\App::$argv[1] = 'pending';
+						App::$argv[1] = 'pending';
 					}
 					else {
 						$head = t('All');
 						$search_flags = '';
 						$all = true;
-						\App::$argc = 1;
-						unset(\App::$argv[1]);
+						App::$argc = 1;
+						unset(App::$argv[1]);
 					}
 					break;
 	//			case 'unconnected':
@@ -225,15 +228,15 @@ class Connections extends \Zotlabs\Web\Controller {
 			intval(local_channel())
 		);
 		if($r) {
-			\App::set_pager_total($r[0]['total']);
+			App::set_pager_total($r[0]['total']);
 			$total = $r[0]['total'];
 		}
 	
 		$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash
 			WHERE abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d OFFSET %d ",
 			intval(local_channel()),
-			intval(\App::$pager['itemspage']),
-			intval(\App::$pager['start'])
+			intval(App::$pager['itemspage']),
+			intval(App::$pager['start'])
 		);
 	
 		$contacts = array();
@@ -337,7 +340,7 @@ class Connections extends \Zotlabs\Web\Controller {
 				'$finding' => (($searching) ? t('Connections search') . ": '" . $search . "'" : ""),
 				'$submit' => t('Find'),
 				'$edit' => t('Edit'),
-				'$cmd' => \App::$cmd,
+				'$cmd' => App::$cmd,
 				'$contacts' => $contacts,
 				'$paginate' => paginate($a),
 	
diff --git a/Zotlabs/Module/Settings/Connections.php b/Zotlabs/Module/Settings/Connections.php
new file mode 100644
index 000000000..361d86ccb
--- /dev/null
+++ b/Zotlabs/Module/Settings/Connections.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace Zotlabs\Module\Settings;
+
+
+class Connections {
+
+	function post() {
+		check_form_security_token_redirectOnErr('/settings/connections', 'settings_connections');
+	
+		$features = self::get_features();
+
+		process_features_post(local_channel(), $features, $_POST);
+		
+		build_sync_packet();
+		return;
+	}
+
+	function get() {
+		
+		$features = self::get_features();
+
+		$tpl = get_markup_template("settings_module.tpl");
+
+		$o .= replace_macros($tpl, array(
+			'$action_url' => 'settings/connections',
+			'$form_security_token' => get_form_security_token("settings_connections"),
+			'$title' => t('Connections Settings'),
+			'$features'  => process_features_get(local_channel(), $features),
+			'$submit'    => t('Submit')
+		));
+	
+		return $o;
+	}
+
+	function get_features() {
+		$arr = [
+			[
+				'connfilter',
+				t('Connection Filtering'),
+				t('Filter incoming posts from connections based on keywords/content'),
+				false,
+				get_config('feature_lock','connfilter')
+			]
+		];
+
+		return $arr;
+
+	}
+
+}
diff --git a/Zotlabs/Module/Settings/Network.php b/Zotlabs/Module/Settings/Network.php
index 4e2e3915e..eaf11f3da 100644
--- a/Zotlabs/Module/Settings/Network.php
+++ b/Zotlabs/Module/Settings/Network.php
@@ -10,13 +10,7 @@ class Network {
 	
 		$features = self::get_features();
 
-		foreach($features as $f) {
-			$k = $f[0];
-			if(array_key_exists("feature_$k",$_POST))
-				set_pconfig(local_channel(),'feature',$k, (string) $_POST["feature_$k"]);
-			else
-				set_pconfig(local_channel(),'feature', $k, '');
-		}
+		process_features_post(local_channel(), $features, $_POST);
 		
 		build_sync_packet();
 		return;
@@ -26,17 +20,13 @@ class Network {
 		
 		$features = self::get_features();
 
-		foreach($features as $f) {
-			$arr[] = array('feature_' . $f[0],$f[1],((intval(feature_enabled(local_channel(),$f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On')));
-		}
-
 		$tpl = get_markup_template("settings_module.tpl");
 
 		$o .= replace_macros($tpl, array(
 			'$action_url' => 'settings/network',
 			'$form_security_token' => get_form_security_token("settings_network"),
 			'$title' => t('Activity Settings'),
-			'$features'  => $arr,
+			'$features'  => process_features_get(local_channel(), $features),
 			'$submit'    => t('Submit')
 		));
 	
diff --git a/app/connections.apd b/app/connections.apd
index 631f093a8..6ab5977af 100644
--- a/app/connections.apd
+++ b/app/connections.apd
@@ -1,5 +1,5 @@
-version: 1
-url: $baseurl/connections
+version: 1.1
+url: $baseurl/connections, $baseurl/settings/connections
 requires: local_channel
 name: Connections
 photo: icon:users
diff --git a/include/features.php b/include/features.php
index 5479be122..c3ef54945 100644
--- a/include/features.php
+++ b/include/features.php
@@ -44,6 +44,23 @@ function feature_level($feature,$def) {
 	return $def;
 }
 
+function process_features_get($uid, $features) {
+	foreach($features as $f) {
+		$arr[] = array('feature_' . $f[0],$f[1],((intval(feature_enabled($uid, $f[0]))) ? "1" : ''),$f[2],array(t('Off'),t('On')));
+	}
+	return $arr;
+}
+
+function process_features_post($uid, $features, $post_arr) {
+	foreach($features as $f) {
+		$k = $f[0];
+		if(array_key_exists("feature_$k",$post_arr))
+			set_pconfig($uid,'feature',$k, (string) $post_arr["feature_$k"]);
+		else
+			set_pconfig($uid,'feature', $k, '');
+	}
+}
+
 function get_features($filtered = true, $level = (-1)) {
 
 	$account = \App::get_account();
diff --git a/include/nav.php b/include/nav.php
index f8d6f2438..5a2096e02 100644
--- a/include/nav.php
+++ b/include/nav.php
@@ -199,17 +199,21 @@ function nav($template = 'default') {
 	// turned off until somebody discovers this and figures out a good location for it. 
 	$powered_by = '';
 
+	$url = '';
+	$settings_url = '';
+
 	if(App::$profile_uid && App::$nav_sel['raw_name']) {
 		$active_app = q("SELECT app_url FROM app WHERE app_channel = %d AND app_name = '%s' LIMIT 1",
 			intval(App::$profile_uid),
 			dbesc(App::$nav_sel['raw_name'])
 		);
-	
+
 		if($active_app) {
 			if(strpos($active_app[0]['app_url'], ',')) {
 				$urls = explode(',', $active_app[0]['app_url']);
 				$url = trim($urls[0]);
-				$settings_url = trim($urls[1]);
+				if($is_owner)
+					$settings_url = trim($urls[1]);
 			}
 			else {
 				$url = $active_app[0]['app_url'];
@@ -296,7 +300,8 @@ function nav($template = 'default') {
 		'$addapps' => t('Add Apps'),
 		'$orderapps' => t('Arrange Apps'),
 		'$sysapps_toggle' => t('Toggle System Apps'),
-		'$url' => (($url) ? $url : App::$cmd)
+		'$url' => (($url) ? $url : App::$cmd),
+		'$settings_url' => $settings_url
 	));
 
 	if(x($_SESSION, 'reload_avatar') && $observer) {
diff --git a/view/tpl/navbar_default.tpl b/view/tpl/navbar_default.tpl
index 0eb0a964c..a11b9b5ea 100755
--- a/view/tpl/navbar_default.tpl
+++ b/view/tpl/navbar_default.tpl
@@ -70,9 +70,17 @@
 		<br><small>{{$sitelocation}}</small>
 		{{/if}}
 	</a>
+
+</div>
+{{if $settings_url}}
+<div id="nav-app-settings-link-wrapper" class="navbar-nav mr-auto">
+	<a id="nav-app-settings-link" href="{{$settings_url}}" class="nav-link">
+		<i class="fa fa-fw fa-cog"></i>
+	</a>
 </div>
 {{/if}}
 {{/if}}
+{{/if}}
 <div class="navbar-toggler-right">
 	{{if $nav.help.6}}
 	<button id="context-help-btn" class="navbar-toggler border-0" type="button" onclick="contextualHelp(); return false;">
diff --git a/view/tpl/settings_addon.tpl b/view/tpl/settings_addon.tpl
new file mode 100644
index 000000000..b5665f579
--- /dev/null
+++ b/view/tpl/settings_addon.tpl
@@ -0,0 +1,13 @@
+<div class="generic-content-wrapper">
+	<div class="section-title-wrapper">
+		<h2>{{$title}}</h2>
+	</div>
+	<div class="section-content-wrapper">
+		<form action="{{$action_url}}" method="post" autocomplete="off">
+		<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
+		{{$content}}
+		<div class="settings-submit-wrapper" >
+			<button type="submit" name="submit" class="btn btn-primary">{{$submit}}</button>
+		</div>
+	</div>
+</div>
-- 
cgit v1.2.3


From 369f34b2d122c7bd22522101fc9e4ce0f597a04e Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Thu, 20 Sep 2018 13:25:47 +0200
Subject: remove connection filter from network settings

---
 Zotlabs/Module/Settings/Network.php | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/Zotlabs/Module/Settings/Network.php b/Zotlabs/Module/Settings/Network.php
index eaf11f3da..1e39121c8 100644
--- a/Zotlabs/Module/Settings/Network.php
+++ b/Zotlabs/Module/Settings/Network.php
@@ -98,14 +98,6 @@ class Network {
 				t('Show friend and connection suggestions'),
 				false,
 				get_config('feature_lock','suggest')
-			],
-
-			[
-				'connfilter',
-				t('Connection Filtering'),
-				t('Filter incoming posts from connections based on keywords/content'),
-				false,
-				get_config('feature_lock','connfilter')
 			]
 
 		];
-- 
cgit v1.2.3