[advancedcontentfilter] Stop using advancedcontentfilter_get_rules() outside of router context

- This used to work with Slim v2, but the new requirements for module functions broke it

advancedcontentfilter/advancedcontentfilter.php

@@ -253,7 +253,7 @@ function advancedcontentfilter_content()
 				'cancel'            => DI::l10n()->t('Cancel'),
 			],
 			'$current_theme' => DI::app()->getCurrentTheme(),
-			'$rules' => advancedcontentfilter_get_rules(),
+			'$rules' => DBA::toArray(DBA::select('advancedcontentfilter_rules', [], ['uid' => DI::userSession()->getLocalUserId()])),
 			'$form_security_token' => BaseModule::getFormSecurityToken()
 		]);
 	}
@@ -305,7 +305,7 @@ function advancedcontentfilter_build_fields($data)
  * API
  */
 
-function advancedcontentfilter_get_rules(ServerRequestInterface $request, ResponseInterface $response)
+function advancedcontentfilter_get_rules(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
 {
 	if (!DI::userSession()->getLocalUserId()) {
 		throw new HTTPException\UnauthorizedException(DI::l10n()->t('You must be logged in to use this method'));

advancedcontentfilter/templates/settings.tpl

@@ -3,7 +3,7 @@
 	<div id="rules"></div>
 
 	<script>
-		var existingRules = {{$rules nofilter}};
+		var existingRules = {{$rules|json_encode nofilter}};
 
 		var messages = {
 	{{foreach $messages as $key => $value}}

blockbot/blockbot.php

@@ -27,16 +27,18 @@ function blockbot_addon_admin(string &$o)
 	$t = Renderer::getMarkupTemplate('admin.tpl', 'addon/blockbot/');
 
 	$o = Renderer::replaceMacros($t, [
-		'$submit' => DI::l10n()->t('Save Settings'),
-		'$good_crawlers' => ['good_crawlers', DI::l10n()->t('Allow "good" crawlers'), DI::config()->get('blockbot', 'good_crawlers'), DI::l10n()->t("Don't block fediverse crawlers, relay servers and other bots with good purposes.")],
-		'$block_gab' => ['block_gab', DI::l10n()->t('Block GabSocial'), DI::config()->get('blockbot', 'block_gab'), DI::l10n()->t('Block the software GabSocial. This will block every access for that software. You can block dedicated gab instances in the blocklist settings in the admin section.')],
-		'$training' => ['training', DI::l10n()->t('Training mode'), DI::config()->get('blockbot', 'training'), DI::l10n()->t("Activates the training mode. This is only meant for developing purposes. Don't activate this on a production machine. This can cut communication with some systems.")],
+		'$submit'             => DI::l10n()->t('Save Settings'),
+		'$good_crawlers'      => ['good_crawlers', DI::l10n()->t('Allow "good" crawlers'), DI::config()->get('blockbot', 'good_crawlers'), DI::l10n()->t("Don't block fediverse crawlers, relay servers and other bots with good purposes.")],
+		'$socialmedia_agents' => ['socialmedia_agents', DI::l10n()->t('Allow preview agents'), DI::config()->get('blockbot', 'socialmedia_agents'), DI::l10n()->t("Don't block agents from social media systems that want to generate preview data for links that had been set by their users.")],
+		'$block_gab'          => ['block_gab', DI::l10n()->t('Block GabSocial'), DI::config()->get('blockbot', 'block_gab'), DI::l10n()->t('Block the software GabSocial. This will block every access for that software. You can block dedicated gab instances in the blocklist settings in the admin section.')],
+		'$training'           => ['training', DI::l10n()->t('Training mode'), DI::config()->get('blockbot', 'training'), DI::l10n()->t("Activates the training mode. This is only meant for developing purposes. Don't activate this on a production machine. This can cut communication with some systems.")],
 	]);
 }
 
 function blockbot_addon_admin_post()
 {
 	DI::config()->set('blockbot', 'good_crawlers', $_POST['good_crawlers'] ?? false);
+	DI::config()->set('blockbot', 'socialmedia_agents', $_POST['socialmedia_agents'] ?? false);
 	DI::config()->set('blockbot', 'block_gab', $_POST['block_gab'] ?? false);
 	DI::config()->set('blockbot', 'training', $_POST['training'] ?? false);
 }
@@ -53,34 +55,41 @@ function blockbot_init_1()
 	$good_agents = [
 		'fediverse.space crawler', 'fediverse.network crawler', 'Active_Pods_CheckBot_3.0',
 		'Social-Relay/', 'Test Certificate Info', 'Uptimebot/', 'GNUSocialBot', 'UptimeRobot/',
-		'PTST/', 'Zabbix', 'Poduptime/'
+		'PTST/', 'Zabbix', 'Poduptime/', 'FediFetcher', 'lemmy-stats-crawler',
+		'FedditLemmyverseCrawler/', 'kbinBot/', 'lemmy-explorer-crawler/',
 	];
 
-	// List of known crawlers.
+	// List of agents from social media systems that fetch preview data via opem graph or twitter cards
+	$socialmedia_agents = ['Twitterbot/', 'facebookexternalhit/', 'SkypeUriPreview Preview/',
+		'TelegramBot', 'WhatsApp/', 'github-camo', 'Bluesky Cardyb/', 'XING-contenttabreceiver/', 
+		'LinkedInBot/', 'Instagram ', 'Synapse (bot; ', 'Discordbot/'];
+
+	// List of known unwanted crawlers.
 	$agents = [
 		'SemrushBot', 's~feedly-nikon3', 'Qwantify/Bleriot/', 'ltx71', 'Sogou web spider/',
-		'Diffbot/', 'Twitterbot/', 'YisouSpider', 'evc-batch/', 'LivelapBot/', 'TrendsmapResolver/',
+		'Diffbot/', 'YisouSpider', 'evc-batch/', 'LivelapBot/', 'TrendsmapResolver/',
 		'PaperLiBot/', 'Nuzzel', 'um-LN/', 'Google Favicon', 'Datanyze', 'BLEXBot/', '360Spider',
 		'adscanner/', 'HeadlessChrome', 'wpif', 'startmebot/', 'Googlebot/', 'Applebot/',
-		'facebookexternalhit/', 'GoogleImageProxy', 'bingbot/', 'heritrix/', 'ldspider',
+		'GoogleImageProxy', 'bingbot/', 'heritrix/', 'ldspider',
 		'AwarioRssBot/', 'TweetmemeBot/', 'dcrawl/', 'PhantomJS/', 'Googlebot-Image/',
 		'CrowdTanglebot/', 'Mediapartners-Google', 'Baiduspider/', 'datagnionbot',
 		'MegaIndex.ru/', 'SMUrlExpander', 'Hatena-Favicon/', 'Wappalyzer', 'FlipboardProxy/',
 		'NetcraftSurveyAgent/', 'Dataprovider.com', 'SMTBot/', 'Nimbostratus-Bot/',
 		'DuckDuckGo-Favicons-Bot/', 'IndieWebCards/', 'proximic', 'netEstate NE Crawler',
-		'AhrefsBot/', 'YandexBot/', 'Exabot/', 'Mediumbot-MetaTagFetcher/', 'WhatsApp/',
-		'TelegramBot', 'SurdotlyBot/', 'BingPreview/', 'SabsimBot/', 'CCBot/', 'WbSrch/',
+		'AhrefsBot/', 'YandexBot/', 'Exabot/', 'Mediumbot-MetaTagFetcher/',
+		'SurdotlyBot/', 'BingPreview/', 'SabsimBot/', 'CCBot/', 'WbSrch/',
 		'DuckDuckBot-Https/', 'HTTP Banner Detection', 'YandexImages/', 'archive.org_bot',
 		'ArchiveTeam ArchiveBot/', 'yacybot', 'https://developers.google.com/+/web/snippet/',
-		'Scrapy/', 'github-camo', 'MJ12bot/', 'DotBot/', 'Pinterestbot/', 'Jooblebot/',
+		'Scrapy/', 'MJ12bot/', 'DotBot/', 'Pinterestbot/', 'Jooblebot/',
 		'Cliqzbot/', 'YaK/', 'Mediatoolkitbot', 'Snacktory', 'FunWebProducts', 'oBot/',
 		'7Siters/', 'KOCMOHABT', 'Google-SearchByImage', 'FemtosearchBot/',
 		'HubSpot Crawler', 'DomainStatsBot/', 'Re-re Studio', 'AwarioSmartBot/',
 		'SummalyBot/', 'DNSResearchBot/', 'PetalBot;', 'Nmap Scripting Engine;',
 		'Google-Apps-Script; beanserver;', 'woorankreview/', 'Seekport Crawler;', 'AHC/',
-		'SkypeUriPreview Preview/', 'Semanticbot/', 'Embed PHP library', 'XoviOnpageCrawler;',
+		'Semanticbot/', 'Embed PHP library', 'XoviOnpageCrawler;', 'Pinterest/',
 		'GetHPinfo.com-Bot/', 'BoardReader Favicon Fetcher', 'Google-Adwords-Instant', 'newspaper/',
-		'YurichevBot/', 'Crawling at Home Project', 'InfoTigerBot/'
+		'YurichevBot/', 'Crawling at Home Project', 'InfoTigerBot/',
+		'AdIdxBot/', 'MicrosoftPreview/', 'masscan/'
 	];
 
 	if (!DI::config()->get('blockbot', 'good_crawlers')) {
@@ -93,13 +102,23 @@ function blockbot_init_1()
 		}
 	}
 
+	if (!DI::config()->get('blockbot', 'socialmedia_agents')) {
+		$agents = array_merge($agents, $socialmedia_agents);
+	} else {
+		foreach ($socialmedia_agents as $socialmedia_agent) {
+			if (stristr($_SERVER['HTTP_USER_AGENT'], $socialmedia_agent)) {
+				return;
+			}
+		}
+	}
+
 	if (DI::config()->get('blockbot', 'block_gab')) {
 		$agents[] = 'GabSocial/';
 	}
 
 	foreach ($agents as $agent) {
 		if (stristr($_SERVER['HTTP_USER_AGENT'], $agent)) {
-			throw new ForbiddenException('Bots are not allowed');
+			throw new ForbiddenException('Bots are not allowed. If you consider this a mistake, create an issue at https://github.com/friendica/friendica');
 		}
 	}
 
@@ -125,7 +144,7 @@ function blockbot_init_1()
 		'lua-resty-http/', 'Tiny Tiny RSS/', 'Wget/', 'PostmanRuntime/',
 		'W3C_Validator/', 'NetNewsWire', 'FeedValidator/', 'theoldreader.com', 'axios/',
 		'Paw/', 'PeerTube/', 'fedi.inex.dev', 'FediDB/', 'index.community crawler',
-		'Slackbot-LinkExpanding'
+		'Slackbot-LinkExpanding', 'Firefish/', 'Takahe/', 'Akkoma ', 'Misskey/'
 	];
 
 	if (DI::config()->get('blockbot', 'good_crawlers')) {
@@ -140,5 +159,5 @@ function blockbot_init_1()
 	}
 
 	logger::notice('Blocked bot', $logdata);
-	throw new ForbiddenException('Bots are not allowed');
+	throw new ForbiddenException('Bots are not allowed. If you consider this a mistake, create an issue at https://github.com/friendica/friendica');
 }

blockbot/lang/C/messages.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-12-13 06:17+0000\n"
+"POT-Creation-Date: 2024-03-04 05:35+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -32,21 +32,31 @@ msgid ""
 msgstr ""
 
 #: blockbot.php:32
-msgid "Block GabSocial"
+msgid "Allow preview agents"
 msgstr ""
 
 #: blockbot.php:32
 msgid ""
+"Don't block agents from social media systems that want to generate preview "
+"data for links that had been set by their users."
+msgstr ""
+
+#: blockbot.php:33
+msgid "Block GabSocial"
+msgstr ""
+
+#: blockbot.php:33
+msgid ""
 "Block the software GabSocial. This will block every access for that "
 "software. You can block dedicated gab instances in the blocklist settings in "
 "the admin section."
 msgstr ""
 
-#: blockbot.php:33
+#: blockbot.php:34
 msgid "Training mode"
 msgstr ""
 
-#: blockbot.php:33
+#: blockbot.php:34
 msgid ""
 "Activates the training mode. This is only meant for developing purposes. "
 "Don't activate this on a production machine. This can cut communication with "

blockbot/templates/admin.tpl

@@ -1,4 +1,5 @@
 {{include file="field_checkbox.tpl" field=$good_crawlers}}
+{{include file="field_checkbox.tpl" field=$socialmedia_agents}}
 {{include file="field_checkbox.tpl" field=$block_gab}}
 {{include file="field_checkbox.tpl" field=$training}}
 <div class="submit"><button type="submit" class="btn btn-primary" name="page_site" value="{{$submit}}">{{$submit}}</button></div>

bluesky/bluesky.php

@@ -717,8 +717,24 @@ function bluesky_create_post(array $item, stdClass $root = null, stdClass $paren
 		$language = '';
 	}
 
-	$did  = DI::pConfig()->get($uid, 'bluesky', 'did');
-	$urls = bluesky_get_urls(Post\Media::removeFromBody($item['body']));
+	$item['body'] = Post\Media::removeFromBody($item['body']);
+
+	foreach (Post\Media::getByURIId($item['uri-id'], [Post\Media::AUDIO, Post\Media::VIDEO, Post\Media::ACTIVITY]) as $media) {
+		if (strpos($item['body'], $media['url']) === false) {
+			$item['body'] .= "\n[url]" . $media['url'] . "[/url]\n";
+		}
+	}
+	
+	if (!empty($item['quote-uri-id'])) {
+		$quote = Post::selectFirstPost(['uri', 'plink'], ['uri-id' => $item['quote-uri-id']]);
+		if (!empty($quote)) {
+			if ((strpos($item['body'], $quote['plink'] ?: $quote['uri']) === false) && (strpos($item['body'], $quote['uri']) === false)) {
+				$item['body'] .= "\n[url]" . ($quote['plink'] ?: $quote['uri']) . "[/url]\n";
+			}
+		}
+	}
+	
+	$urls = bluesky_get_urls($item['body']);
 	$item['body'] = $urls['body'];
 
 	$msg = Plaintext::getPost($item, 300, false, BBCode::BLUESKY);
@@ -756,7 +772,7 @@ function bluesky_create_post(array $item, stdClass $root = null, stdClass $paren
 
 		$post = [
 			'collection' => 'app.bsky.feed.post',
-			'repo'       => $did,
+			'repo'       => DI::pConfig()->get($uid, 'bluesky', 'did'),
 			'record'     => $record
 		];
 
@@ -1646,13 +1662,59 @@ function bluesky_get_preferences(int $uid): stdClass
 	return $data;
 }
 
-function bluesky_get_did(string $handle): string
+function bluesky_get_did_by_wellknown(string $handle): string
 {
-	$data = bluesky_get(BLUESKY_PDS . '/xrpc/com.atproto.identity.resolveHandle?handle=' . urlencode($handle));
-	if (empty($data)) {
+	$curlResult = DI::httpClient()->get('http://' . $handle . '/.well-known/atproto-did');
+	if ($curlResult->isSuccess() && substr($curlResult->getBodyString(), 0, 4) == 'did:') {
+		$did = $curlResult->getBodyString();
+		if (!bluesky_valid_did($did, $handle)) {
+			Logger::notice('Invalid DID', ['handle' => $handle, 'did' => $did]);	
+			return '';
+		}
+		Logger::debug('Got DID by wellknown', ['handle' => $handle, 'did' => $did]);
+		return $did;
+	}
+	return '';
+}
+
+function bluesky_get_did_by_dns(string $handle): string
+{
+	$records = @dns_get_record('_atproto.' . $handle . '.', DNS_TXT);
+	if (empty($records)) {
 		return '';
 	}
-	Logger::debug('Got DID', ['return' => $data]);
+	foreach ($records as $record) {
+		if (!empty($record['txt']) && substr($record['txt'], 0, 4) == 'did=') {
+			$did = substr($record['txt'], 4);
+			if (!bluesky_valid_did($did, $handle)) {
+				Logger::notice('Invalid DID', ['handle' => $handle, 'did' => $did]);	
+				return '';
+			}
+			Logger::debug('Got DID by DNS', ['handle' => $handle, 'did' => $did]);
+			return $did;
+		}
+	}
+	return '';
+}
+
+function bluesky_get_did(string $handle): string
+{
+	// Deactivated at the moment, since it isn't reliable by now
+	//$did = bluesky_get_did_by_dns($handle);
+	//if ($did != '') {
+	//	return $did;
+	//}
+	
+	//$did = bluesky_get_did_by_wellknown($handle);
+	//if ($did != '') {
+	//	return $did;
+	//}
+	
+	$data = bluesky_get(BLUESKY_PDS . '/xrpc/com.atproto.identity.resolveHandle?handle=' . urlencode($handle));
+	if (empty($data) || empty($data->did)) {
+		return '';
+	}
+	Logger::debug('Got DID by PDS call', ['handle' => $handle, 'did' => $data->did]);
 	return $data->did;
 }
 
@@ -1688,6 +1750,16 @@ function bluesky_get_pds(string $did): ?string
 	return null;
 }
 
+function bluesky_valid_did(string $did, string $handle): bool
+{
+	$data = bluesky_get(BLUESKY_DIRECTORY . '/' . $did);
+	if (empty($data) || empty($data->alsoKnownAs)) {
+		return false;
+	}
+
+	return in_array('at://' . $handle, $data->alsoKnownAs);
+}
+
 function bluesky_get_token(int $uid): string
 {
 	$token   = DI::pConfig()->get($uid, 'bluesky', 'access_token');

bluesky/templates/connector_settings.tpl

@@ -3,7 +3,9 @@
 {{include file="field_checkbox.tpl" field=$bydefault}}
 {{include file="field_checkbox.tpl" field=$import}}
 {{include file="field_checkbox.tpl" field=$import_feeds}}
-{{include file="field_checkbox.tpl" field=$custom_handle}}
+{{if $custom_handle}}
+	{{include file="field_checkbox.tpl" field=$custom_handle}}
+{{/if}}
 {{include file="field_input.tpl" field=$pds}}
 {{include file="field_input.tpl" field=$handle}}
 {{include file="field_input.tpl" field=$did}}

mailstream/mailstream.php

@@ -169,6 +169,10 @@ function mailstream_post_hook(array &$item)
 			Logger::debug('mailstream: like item ' . $item['id']);
 			return;
 		}
+		if ($item['verb'] == Activity::DISLIKE) {
+			Logger::debug('mailstream: dislike item ' . $item['id']);
+			return;
+		}
 	}
 
 	$message_id = mailstream_generate_id($item['uri']);

pnut/README.md

@@ -2,4 +2,9 @@
 
 With this addon to friendica you can give your users the possibility to post their *public* messages to pnut.io. 
 
-No setup is needed for the admins to make it work for their users.
+No setup is needed for the admins to make it work for their users, however it is possible for the admin to create a client, so that the users don't have to.
+
+To do so, go to https://pnut.io/dev and scroll down to "Create New Client".
+Enter a name of your choice and enter your Friendica host name as the website.
+Use https://(yourhost.name)/pnut/connect as a redirect url, replace "(yourhost.name)" with the host name of your system.
+Limit the scope to "basic,files,follow,polls,presence,stream,update_profile,write_post"

pnut/lang/C/messages.po

@@ -0,0 +1,74 @@
+# ADDON pnut
+# Copyright (C) 
+# This file is distributed under the same license as the Friendica pnut addon package.
+# 
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: \n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2024-03-03 11:53+0000\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: pnut.php:42
+msgid "Permission denied."
+msgstr ""
+
+#: pnut.php:79
+msgid "You are now authenticated with pnut.io."
+msgstr ""
+
+#: pnut.php:82
+msgid "Error fetching token. Please try again."
+msgstr ""
+
+#: pnut.php:85
+msgid "return to the connector page"
+msgstr ""
+
+#: pnut.php:103
+msgid "Save Settings"
+msgstr ""
+
+#: pnut.php:104 pnut.php:150
+msgid "Client ID"
+msgstr ""
+
+#: pnut.php:105 pnut.php:151
+msgid "Client Secret"
+msgstr ""
+
+#: pnut.php:139
+msgid "Authenticate with pnut.io"
+msgstr ""
+
+#: pnut.php:143
+msgid "Disconnect"
+msgstr ""
+
+#: pnut.php:148
+msgid "Enable Pnut Post Addon"
+msgstr ""
+
+#: pnut.php:149
+msgid "Post to Pnut by default"
+msgstr ""
+
+#: pnut.php:152
+msgid "Access Token"
+msgstr ""
+
+#: pnut.php:161
+msgid "Pnut Export"
+msgstr ""
+
+#: pnut.php:203
+msgid "Post to Pnut"
+msgstr ""

pnut/pnut.php

@@ -2,7 +2,7 @@
 /**
  * Name: Pnut Connector
  * Description: Post to pnut.io
- * Version: 0.1.1
+ * Version: 0.1.2
  * Author: Morgan McMillian <https://social.clacks.network/profile/spacenerdmo>
  * Status: In Development
  */
@@ -18,12 +18,10 @@ use Friendica\Core\Logger;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\DI;
-use Friendica\Model\Item;
 use Friendica\Model\Photo;
-use Friendica\Object\Image;
-use Friendica\Network\HTTPClient\Client\HttpClientAccept;
-use Friendica\Network\HTTPClient\Client\HttpClientOptions;
-use Friendica\Util\DateTimeFormat;
+use phpnut\phpnutException;
+
+const PNUT_LIMIT = 256;
 
 function pnut_install()
 {
@@ -63,19 +61,25 @@ function pnut_content()
 
 function pnut_connect()
 {
-	$client_id     = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'client_id');
-	$client_secret = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'client_secret');
+	$client_id     = DI::config()->get('pnut', 'client_id');
+	$client_secret = DI::config()->get('pnut', 'client_secret');
+
+	if (empty($client_id) || empty($client_secret)) {
+		$client_id     = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'client_id');
+		$client_secret = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'client_secret');
+	}
+
 	$callback_url = DI::baseUrl() . '/pnut/connect';
 
 	$nut = new phpnut\phpnut($client_id, $client_secret);
 
 	try {
 		$token = $nut->getAccessToken($callback_url);
-		Logger::debug('TOKEN', [$token]);
+		Logger::debug('Got Token', [$token]);
 		$o = DI::l10n()->t('You are now authenticated with pnut.io.');
 		DI::pConfig()->set(DI::userSession()->getLocalUserId(), 'pnut', 'access_token', $token);
 	} catch (phpnutException $e) {
-		$o = DI::l10n()->t('Error fetching token. Please try again.');
+		$o = DI::l10n()->t('Error fetching token. Please try again.', ['code' => $e->getCode(), 'message' => $e->getMessage()]);
 	}
 
 	$o .= '<br /><a href="' . DI::baseUrl() . '/settings/connectors">' . DI::l10n()->t("return to the connector page").'</a>';
@@ -88,6 +92,26 @@ function pnut_load_config(ConfigFileManager $loader)
 	DI::app()->getConfigCache()->load($loader->loadAddonConfig('pnut'), \Friendica\Core\Config\ValueObject\Cache::SOURCE_STATIC);
 }
 
+function pnut_addon_admin(string &$o)
+{
+	$client_id     = DI::config()->get('pnut', 'client_id');
+	$client_secret = DI::config()->get('pnut', 'client_secret');
+
+	$t = Renderer::getMarkupTemplate('admin.tpl', 'addon/pnut/');
+
+	$o = Renderer::replaceMacros($t, [
+		'$submit'        => DI::l10n()->t('Save Settings'),
+		'$client_id'     => ['pnut_client_id', DI::l10n()->t('Client ID'), $client_id],
+		'$client_secret' => ['pnut_client_secret', DI::l10n()->t('Client Secret'), $client_secret],
+	]);
+}
+
+function pnut_addon_admin_post()
+{
+	DI::config()->set('pnut', 'client_id',     $_POST['pnut_client_id']);
+	DI::config()->set('pnut', 'client_secret', $_POST['pnut_client_secret']);
+}
+
 function pnut_settings(array &$data)
 {
 	if (!DI::userSession()->getLocalUserId()) {
@@ -99,12 +123,15 @@ function pnut_settings(array &$data)
 
 	$enabled       = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'post') ?? false;
 	$def_enabled   = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'post_by_default') ?? false;
-	$client_id     = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'client_id');
-	$client_secret = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'client_secret');
+	$client_id     = DI::config()->get('pnut', 'client_id');
+	$client_secret = DI::config()->get('pnut', 'client_secret');
 	$token         = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'access_token');
-
-	Logger::debug('CLIENT_ID', [$client_id]);
-	Logger::debug('CLIENT_SECRET', [$client_secret]);
+	
+	$user_client = empty($client_id) || empty($client_secret);
+	if ($user_client) {
+		$client_id     = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'client_id');
+		$client_secret = DI::pConfig()->get(DI::userSession()->getLocalUserId(), 'pnut', 'client_secret');
+	}
 
 	if (!empty($client_id) && !empty($client_secret) && empty($token)) {
 		$nut = new phpnut\phpnut($client_id, $client_secret);
@@ -118,19 +145,20 @@ function pnut_settings(array &$data)
 
 	$t    = Renderer::getMarkupTemplate('connector_settings.tpl', 'addon/pnut/');
 	$html = Renderer::replaceMacros($t, [
-		'$enable'        => ['pnut', DI::l10n()->t('Enable Pnut Post Addon'), $enabled],
-		'$bydefault'     => ['pnut_bydefault', DI::l10n()->t('Post to Pnut by default'), $def_enabled],
-		'$client_id'     => ['pnut_client_id', DI::l10n()->t('Client ID'), $client_id],
-		'$client_secret' => ['pnut_client_secret', DI::l10n()->t('Client Secret'), $client_secret],
-		'$access_token'  => ['pnut_access_token', DI::l10n()->t('Access Token'), $token, '', '', 'readonly'],
-		'$authorize_url' => $authorize_url ?? '',
+		'$enable'         => ['pnut', DI::l10n()->t('Enable Pnut Post Addon'), $enabled],
+		'$bydefault'      => ['pnut_bydefault', DI::l10n()->t('Post to Pnut by default'), $def_enabled],
+		'$client_id'      => ['pnut_client_id', DI::l10n()->t('Client ID'), $client_id],
+		'$client_secret'  => ['pnut_client_secret', DI::l10n()->t('Client Secret'), $client_secret],
+		'$access_token'   => ['pnut_access_token', DI::l10n()->t('Access Token'), $token, '', '', 'readonly'],
+		'$authorize_url'  => $authorize_url ?? '',
 		'$authorize_text' => $authorize_text ?? '',
-		'$disconn_btn' => $disconn_btn ?? '',
+		'$disconn_btn'    => $disconn_btn ?? '',
+		'user_client'     => $user_client,
 	]);
 
 	$data = [
 		'connector' => 'pnut',
-		'title'     => DI::l10n()->t('Pnut Import/Export'),
+		'title'     => DI::l10n()->t('Pnut Export'),
 		'image'     => 'addon/pnut/pnut.svg',
 		'enabled'   => $enabled,
 		'html'      => $html,
@@ -152,8 +180,12 @@ function pnut_settings_post(array &$b)
 	} else {
 		DI::pConfig()->set(DI::userSession()->getLocalUserId(), 'pnut', 'post',            intval($_POST['pnut']));
 		DI::pConfig()->set(DI::userSession()->getLocalUserId(), 'pnut', 'post_by_default', intval($_POST['pnut_bydefault']));
-		DI::pConfig()->set(DI::userSession()->getLocalUserId(), 'pnut', 'client_id',       $_POST['pnut_client_id']);
-		DI::pConfig()->set(DI::userSession()->getLocalUserId(), 'pnut', 'client_secret',   $_POST['pnut_client_secret']);
+		if (!empty($_POST['pnut_client_id'])) {
+			DI::pConfig()->set(DI::userSession()->getLocalUserId(), 'pnut', 'client_id',     $_POST['pnut_client_id']);
+		}
+		if (!empty($_POST['pnut_client_secret'])) {
+			DI::pConfig()->set(DI::userSession()->getLocalUserId(), 'pnut', 'client_secret', $_POST['pnut_client_secret']);
+		}
 	}
 }
 
@@ -243,7 +275,7 @@ function pnut_post_hook(array &$b)
 	$token = DI::pConfig()->get($b['uid'], 'pnut', 'access_token');
 	$nut = new phpnut\phpnut($token);
 
-	$msgarr = Plaintext::getPost($b, 256, true, BBCode::EXTERNAL);
+	$msgarr = Plaintext::getPost($b, PNUT_LIMIT, true, BBCode::EXTERNAL);
 	$text = $msgarr['text'];
 	$raw = [];
 
@@ -275,7 +307,7 @@ function pnut_post_hook(array &$b)
 			$picturedata = Photo::getImageForPhoto($photo);
 
 			Logger::debug('PNUT photo', $photo);
-			$picurefile = System::getTempPath() . DIRECTORY_SEPARATOR . $photo['filename'];
+			$picurefile = tempnam(System::getTempPath(), 'pnut');
 			file_put_contents($picurefile, $picturedata);
 			Logger::debug('PNUT got file?', ['filename' => $picurefile]);
 			$imagefile = $nut->createFile($picurefile, $fileraw);

pnut/templates/admin.tpl

@@ -0,0 +1,3 @@
+{{include file="field_input.tpl" field=$client_id}}
+{{include file="field_input.tpl" field=$client_secret}}
+<div class="submit"><input type="submit" name="page_site" value="{{$submit}}" /></div>

pnut/templates/connector_settings.tpl

@@ -1,9 +1,11 @@
 <p>{{$status}}</p>
 {{include file="field_checkbox.tpl" field=$enable}}
 {{include file="field_checkbox.tpl" field=$bydefault}}
-{{include file="field_input.tpl" field=$client_id}}
-{{include file="field_input.tpl" field=$client_secret}}
-{{include file="field_input.tpl" field=$access_token}}
+{{if $user_client}}
+	{{include file="field_input.tpl" field=$client_id}}
+	{{include file="field_input.tpl" field=$client_secret}}
+	{{include file="field_input.tpl" field=$access_token}}
+{{/if}}
 {{if $authorize_url}}
 	<a href="{{$authorize_url}}">{{$authorize_text}}</a>
 {{/if}}