Merge remote-tracking branch 'upstream/master'

Conflicts: boot.php database.sql library/fancybox/jquery.fancybox-1.3.4.css mod/search.php update.php
2013-02-17 12:35:40 +01:00 · 2013-02-17 12:35:40 +01:00 · 93143702ed
commit 93143702ed
parent 3e58060b30 2e6577fb32
831 changed files with 37929 additions and 30644 deletions
--- a/include/Contact.php
+++ b/include/Contact.php
@ -219,16 +219,16 @@ function contact_photo_menu($contact) {

 	$poke_link = $a->get_baseurl() . '/poke/?f=&c=' . $contact['id'];
 	$contact_url = $a->get_baseurl() . '/contacts/' . $contact['id'];
-	$posts_link = $a->get_baseurl() . '/network/?cid=' . $contact['id'];
+	$posts_link = $a->get_baseurl() . '/network/0?nets=all&cid=' . $contact['id'];

 	$menu = Array(
-		t("Poke") => $poke_link,
-		t("View Status") => $status_link,
-		t("View Profile") => $profile_link,
-		t("View Photos") => $photos_link,		
-		t("Network Posts") => $posts_link, 
-		t("Edit Contact") => $contact_url,
-		t("Send PM") => $pm_url,
+		'poke' => array(t("Poke"), $poke_link),
+		'status' => array(t("View Status"), $status_link),
+		'profile' => array(t("View Profile"), $profile_link),
+		'photos' => array(t("View Photos"), $photos_link),		
+		'network' => array(t("Network Posts"), $posts_link), 
+		'edit' => array(t("Edit Contact"), $contact_url),
+		'pm' => array(t("Send PM"), $pm_url),
 	);
 	
 	
@ -236,7 +236,7 @@ function contact_photo_menu($contact) {
 	
 	call_hooks('contact_photo_menu', $args);
 	
-	$o = "";
+/*	$o = "";
 	foreach($menu as $k=>$v){
 		if ($v!="") {
 			if(($k !== t("Network Posts")) && ($k !== t("Send PM")) && ($k !== t('Edit Contact')))
@ -245,7 +245,16 @@ function contact_photo_menu($contact) {
 				$o .= "<li><a href=\"$v\">$k</a></li>\n";
 		}
 	}
-	return $o;
+	return $o;*/
+	foreach($menu as $k=>$v){
+		if ($v[1]!="") {
+			if(($v[0] !== t("Network Posts")) && ($v[0] !== t("Send PM")) && ($v[0] !== t('Edit Contact')))
+				$menu[$k][2] = 1;
+			else
+				$menu[$k][2] = 0;
+		}
+	}
+	return $menu;
 }}


--- a/include/acl_selectors.php
+++ b/include/acl_selectors.php
@ -1,4 +1,7 @@
 <?php
+
+require_once("include/contact_selectors.php");
+
 /**
 * 
 */
@ -236,16 +239,14 @@ function prune_deadguys($arr) {
 	if($r) {
 		$ret = array();
 		foreach($r as $rr) 
-			$ret[] = $rr['id'];
+			$ret[] = intval($rr['id']);
 		return $ret;
 	}
 	return array();
 }


-
-function populate_acl($user = null,$celeb = false) {
-
+function get_acl_permissions($user = null) {
 	$allow_cid = $allow_gid = $deny_cid = $deny_gid = false;

 	if(is_array($user)) {
@ -265,6 +266,19 @@ function populate_acl($user = null,$celeb = false) {

 	$allow_cid = prune_deadguys($allow_cid);

+	return array(
+		'allow_cid' => $allow_cid,
+		'allow_gid' => $allow_gid,
+		'deny_cid' => $deny_cid,
+		'deny_gid' => $deny_gid,
+	);
+}
+
+
+function populate_acl($user = null,$celeb = false) {
+
+	$perms = get_acl_permissions($user);
+
 	// We shouldn't need to prune deadguys from the block list. Either way they can't get the message.
 	// Also no point enumerating groups and checking them, that will take place on delivery.

@ -311,10 +325,10 @@ function populate_acl($user = null,$celeb = false) {
 		'$showall'=> t("Visible to everybody"),
 		'$show'		 => t("show"),
 		'$hide'		 => t("don't show"),
-		'$allowcid' => json_encode($allow_cid),
-		'$allowgid' => json_encode($allow_gid),
-		'$denycid' => json_encode($deny_cid),
-		'$denygid' => json_encode($deny_gid),
+		'$allowcid' => json_encode($perms['allow_cid']),
+		'$allowgid' => json_encode($perms['allow_gid']),
+		'$denycid' => json_encode($perms['deny_cid']),
+		'$denygid' => json_encode($perms['deny_gid']),
 	));
 	
 	
@ -322,3 +336,238 @@ function populate_acl($user = null,$celeb = false) {

 }

+function construct_acl_data(&$a, $user) {
+
+	// Get group and contact information for html ACL selector
+	$acl_data = acl_lookup($a, 'html');
+
+	$user_defaults = get_acl_permissions($user);
+
+	if($acl_data['groups']) {
+		foreach($acl_data['groups'] as $key=>$group) {
+			// Add a "selected" flag to groups that are posted to by default
+			if($user_defaults['allow_gid'] &&
+			   in_array($group['id'], $user_defaults['allow_gid']) && !in_array($group['id'], $user_defaults['deny_gid']) )
+				$acl_data['groups'][$key]['selected'] = 1;
+			else
+				$acl_data['groups'][$key]['selected'] = 0;
+		}
+	}
+	if($acl_data['contacts']) {
+		foreach($acl_data['contacts'] as $key=>$contact) {
+			// Add a "selected" flag to groups that are posted to by default
+			if($user_defaults['allow_cid'] &&
+			   in_array($contact['id'], $user_defaults['allow_cid']) && !in_array($contact['id'], $user_defaults['deny_cid']) )
+				$acl_data['contacts'][$key]['selected'] = 1;
+			else
+				$acl_data['contacts'][$key]['selected'] = 0;
+		}
+	}
+
+	return $acl_data;
+
+}
+
+function acl_lookup(&$a, $out_type = 'json') {
+
+	if(!local_user())
+		return "";
+
+
+	$start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
+	$count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
+	$search = (x($_REQUEST,'search')?$_REQUEST['search']:"");
+	$type = (x($_REQUEST,'type')?$_REQUEST['type']:"");
+	
+
+	// For use with jquery.autocomplete for private mail completion
+
+	if(x($_REQUEST,'query') && strlen($_REQUEST['query'])) {
+		if(! $type)
+			$type = 'm';
+		$search = $_REQUEST['query'];
+	}
+
+
+	if ($search!=""){
+		$sql_extra = "AND `name` LIKE '%%".dbesc($search)."%%'";
+		$sql_extra2 = "AND (`attag` LIKE '%%".dbesc($search)."%%' OR `name` LIKE '%%".dbesc($search)."%%' OR `nick` LIKE '%%".dbesc($search)."%%')";
+	} else {
+		$sql_extra = $sql_extra2 = "";
+	}
+	
+	// count groups and contacts
+	if ($type=='' || $type=='g'){
+		$r = q("SELECT COUNT(`id`) AS g FROM `group` WHERE `deleted` = 0 AND `uid` = %d $sql_extra",
+			intval(local_user())
+		);
+		$group_count = (int)$r[0]['g'];
+	} else {
+		$group_count = 0;
+	}
+	
+	if ($type=='' || $type=='c'){
+		$r = q("SELECT COUNT(`id`) AS c FROM `contact` 
+				WHERE `uid` = %d AND `self` = 0 
+				AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0
+				AND `notify` != '' $sql_extra2" ,
+			intval(local_user())
+		);
+		$contact_count = (int)$r[0]['c'];
+	} 
+	elseif ($type == 'm') {
+
+		// autocomplete for Private Messages
+
+		$r = q("SELECT COUNT(`id`) AS c FROM `contact` 
+				WHERE `uid` = %d AND `self` = 0 
+				AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0 
+				AND `network` IN ('%s','%s','%s') $sql_extra2" ,
+			intval(local_user()),
+			dbesc(NETWORK_DFRN),
+			dbesc(NETWORK_ZOT),
+			dbesc(NETWORK_DIASPORA)
+		);
+		$contact_count = (int)$r[0]['c'];
+
+	}
+	elseif ($type == 'a') {
+
+		// autocomplete for Contacts
+
+		$r = q("SELECT COUNT(`id`) AS c FROM `contact` 
+				WHERE `uid` = %d AND `self` = 0 
+				AND `pending` = 0 $sql_extra2" ,
+			intval(local_user())
+		);
+		$contact_count = (int)$r[0]['c'];
+
+	} else {
+		$contact_count = 0;
+	}
+	
+	$tot = $group_count+$contact_count;
+	
+	$groups = array();
+	$contacts = array();
+	
+	if ($type=='' || $type=='g'){
+		
+		$r = q("SELECT `group`.`id`, `group`.`name`, GROUP_CONCAT(DISTINCT `group_member`.`contact-id` SEPARATOR ',') as uids
+				FROM `group`,`group_member` 
+				WHERE `group`.`deleted` = 0 AND `group`.`uid` = %d 
+					AND `group_member`.`gid`=`group`.`id`
+					$sql_extra
+				GROUP BY `group`.`id`
+				ORDER BY `group`.`name` 
+				LIMIT %d,%d",
+			intval(local_user()),
+			intval($start),
+			intval($count)
+		);
+
+		foreach($r as $g){
+//		logger('acl: group: ' . $g['name'] . ' members: ' . $g['uids']);		
+			$groups[] = array(
+				"type"  => "g",
+				"photo" => "images/twopeople.png",
+				"name"  => $g['name'],
+				"id"	=> intval($g['id']),
+				"uids"  => array_map("intval", explode(",",$g['uids'])),
+				"link"  => ''
+			);
+		}
+	}
+	
+	if ($type=='' || $type=='c'){
+	
+		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag` FROM `contact` 
+			WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0 AND `notify` != ''
+			$sql_extra2
+			ORDER BY `name` ASC ",
+			intval(local_user())
+		);
+	}
+	elseif($type == 'm') {
+		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag` FROM `contact` 
+			WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0
+			AND `network` IN ('%s','%s','%s')
+			$sql_extra2
+			ORDER BY `name` ASC ",
+			intval(local_user()),
+			dbesc(NETWORK_DFRN),
+			dbesc(NETWORK_ZOT),
+			dbesc(NETWORK_DIASPORA)
+		);
+	}
+	elseif($type == 'a') {
+		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag` FROM `contact` 
+			WHERE `uid` = %d AND `pending` = 0
+			$sql_extra2
+			ORDER BY `name` ASC ",
+			intval(local_user())
+		);
+	}
+	else
+		$r = array();
+
+
+	if($type == 'm' || $type == 'a') {
+		$x = array();
+		$x['query'] = $search;
+		$x['photos'] = array();
+		$x['links'] = array();
+		$x['suggestions'] = array();
+		$x['data'] = array();
+		if(count($r)) {
+			foreach($r as $g) {
+				$x['photos'][] = $g['micro'];
+				$x['links'][] = $g['url'];
+				$x['suggestions'][] = $g['name'];
+				$x['data'][] = intval($g['id']);
+			}
+		}
+		echo json_encode($x);
+		killme();
+	}
+
+	if(count($r)) {
+		foreach($r as $g){
+			$contacts[] = array(
+				"type"  => "c",
+				"photo" => $g['micro'],
+				"name"  => $g['name'],
+				"id"	=> intval($g['id']),
+				"network" => $g['network'],
+				"link" => $g['url'],
+				"nick" => ($g['attag']) ? $g['attag'] : $g['nick'],
+			);
+		}			
+	}
+		
+	$items = array_merge($groups, $contacts);
+
+
+	if($out_type === 'html') {
+		$o = array(
+			'tot'		=> $tot,
+			'start'	=> $start,
+			'count'	=> $count,
+			'groups'	=> $groups,
+			'contacts'	=> $contacts,
+		);
+		return $o;
+	}
+	
+	$o = array(
+		'tot'	=> $tot,
+		'start' => $start,
+		'count'	=> $count,
+		'items'	=> $items,
+	);
+	
+	echo json_encode($o);
+
+	killme();
+}
+
--- a/include/api.php
+++ b/include/api.php
@ -450,6 +450,11 @@
 			case "xml":
 				$data = array_xmlify($data);
 				$tpl = get_markup_template("api_".$templatename."_".$type.".tpl");
+				if(! $tpl) {
+					header ("Content-Type: text/xml");
+					echo '<?xml version="1.0" encoding="UTF-8"?>'."\n".'<status><error>not implemented</error></status>';
+					killme();
+				}
 				$ret = replace_macros($tpl, $data);
 				break;
 			case "json":
--- a/include/attach.php
+++ b/include/attach.php
--- a/include/config.php
+++ b/include/config.php
@ -85,6 +85,15 @@ function get_config($family, $key, $instore = false) {
 if(! function_exists('set_config')) {
 function set_config($family,$key,$value) {
 	global $a;
+
+	// If $a->config[$family] has been previously set to '!<unset>!', then
+	// $a->config[$family][$key] will evaluate to $a->config[$family][0], and
+	// $a->config[$family][$key] = $value will be equivalent to
+	// $a->config[$family][0] = $value[0] (this causes infuriating bugs),
+	// so unset the family before assigning a value to a family's key
+	if($a->config[$family] === '!<unset>!')
+		unset($a->config[$family]);
+
 	// manage array value
 	$dbvalue = (is_array($value)?serialize($value):$value);
 	$dbvalue = (is_bool($dbvalue) ? intval($dbvalue) : $dbvalue);
--- a/include/conversation.php
+++ b/include/conversation.php
@ -1,6 +1,7 @@
 <?php

 require_once("include/bbcode.php");
+require_once("include/acl_selectors.php");


 // Note: the code in 'item_extract_images' and 'item_redir_and_replace_images'
@ -702,6 +703,8 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
 					continue;
 				}

+				call_hooks('display_item', $arr);
+
 				$item['pagedrop'] = $page_dropping;

 				if($item['id'] == $item['parent']) {
@ -720,6 +723,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {

 	$o = replace_macros($page_template, array(
 		'$baseurl' => $a->get_baseurl($ssl_state),
+		'$return_path' => $a->query_string,
 		'$live_update' => $live_update_div,
 		'$remove' => t('remove'),
 		'$mode' => $mode,
@ -809,7 +813,7 @@ function item_photo_menu($item){
 	if(($cid) && (! $item['self'])) {
 		$poke_link = $a->get_baseurl($ssl_state) . '/poke/?f=&c=' . $cid;
 		$contact_url = $a->get_baseurl($ssl_state) . '/contacts/' . $cid;
-		$posts_link = $a->get_baseurl($ssl_state) . '/network/?cid=' . $cid;
+		$posts_link = $a->get_baseurl($ssl_state) . '/network/0?nets=all&cid=' . $cid;

 		$clean_url = normalise_link($item['author-link']);

@ -924,7 +928,7 @@ function format_like($cnt,$arr,$type,$id) {
 			$str .= sprintf( t(', and %d other people'), $total - MAX_LIKERS );
 		}
 		$str = (($type === 'like') ? sprintf( t('%s like this.'), $str) : sprintf( t('%s don\'t like this.'), $str));
-		$o .= "\t" . '<div id="' . $type . 'list-' . $id . '" style="display: none;" >' . $str . '</div>';
+		$o .= "\t" . '<div class="wall-item-' . $type . '-expanded" id="' . $type . 'list-' . $id . '" style="display: none;" >' . $str . '</div>';
 	}
 	return $o;
 }}
@ -978,8 +982,6 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
 	));


-	$tpl = get_markup_template("jot.tpl");
-
 	$jotplugins = '';
 	$jotnets = '';

@ -1010,10 +1012,31 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
 	if($notes_cid)
 		$jotnets .= '<input type="hidden" name="contact_allow[]" value="' . $notes_cid .'" />';

+
+	// Private/public post links for the non-JS ACL form
+	$private_post = 1;
+	if($_REQUEST['public'])
+		$private_post = 0;
+
+	$query_str = $a->query_string;
+	if(strpos($query_str, 'public=1') !== false)
+		$query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str);
+
+	// I think $a->query_string may never have ? in it, but I could be wrong
+	// It looks like it's from the index.php?q=[etc] rewrite that the web
+	// server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
+	if(strpos($query_str, '?') === false)
+		$public_post_link = '?public=1';
+	else
+		$public_post_link = '&public=1';
+
+
+
 //	$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
+	$tpl = get_markup_template("jot.tpl");

 	$o .= replace_macros($tpl,array(
-		'$return_path' => $a->query_string,
+		'$return_path' => $query_str,
 		'$action' =>  $a->get_baseurl(true) . '/item',
 		'$share' => (x($x,'button') ? $x['button'] : t('Share')),
 		'$upload' => t('Upload photo'),
@ -1049,14 +1072,22 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
 		'$jotnets' => $jotnets,
 		'$emtitle' => t('Example: bob@example.com, mary@example.com'),
 		'$lockstate' => $x['lockstate'],
-		'$acl' => $x['acl'],
 		'$bang' => $x['bang'],
 		'$profile_uid' => $x['profile_uid'],
 		'$preview' => ((feature_enabled($x['profile_uid'],'preview')) ? t('Preview') : ''),
 		'$jotplugins' => $jotplugins,
 		'$sourceapp' => t($a->sourcename),
 		'$cancel' => t('Cancel'),
-		'$rand_num' => random_digits(12)
+		'$rand_num' => random_digits(12),
+
+		// ACL permissions box
+		'$acl' => $x['acl'],
+		'$acl_data' => $x['acl_data'],
+		'$group_perms' => t('Post to Groups'),
+		'$contact_perms' => t('Post to Contacts'),
+		'$private' => t('Private post'),
+		'$is_private' => $private_post,
+		'$public_link' => $public_post_link,
 	));


--- a/include/dbupdate.php
+++ b/include/dbupdate.php
@ -19,7 +19,7 @@ function dbupdate_run(&$argv, &$argc) {
 	load_config('config');
 	load_config('system');

-	check_config($a);
+	update_db($a);
 }

 if (array_search(__file__,get_included_files())===0){
--- a/include/enotify.php
+++ b/include/enotify.php
@ -56,12 +56,13 @@ function notification($params) {

 		$parent_id = $params['parent'];

-		// Check to see if there was already a tag notify for this post.
+		// Check to see if there was already a tag notify or comment notify for this post.
 		// If so don't create a second notification
 		
 		$p = null;
-		$p = q("select id from notify where type = %d and link = '%s' and uid = %d limit 1",
+		$p = q("select id from notify where ( type = %d or type = %d ) and link = '%s' and uid = %d limit 1",
 			intval(NOTIFY_TAGSELF),
+			intval(NOTIFY_COMMENT),
 			dbesc($params['link']),
 			intval($params['uid'])
 		);
@ -299,6 +300,38 @@ function notification($params) {
 		return;
 	}

+	// we seem to have a lot of duplicate comment notifications due to race conditions, mostly from forums
+	// After we've stored everything, look again to see if there are any duplicates and if so remove them
+
+	$p = null;
+	$p = q("select id from notify where ( type = %d or type = %d ) and link = '%s' and uid = %d order by id",
+		intval(NOTIFY_TAGSELF),
+		intval(NOTIFY_COMMENT),
+		dbesc($params['link']),
+		intval($params['uid'])
+	);
+	if($p && (count($p) > 1)) {
+		for ($d = 1; $d < count($p); $d ++) {
+			q("delete from notify where id = %d limit 1",
+				intval($p[$d]['id'])
+			);
+		}
+
+		// only continue on if we stored the first one
+
+		if($notify_id != $p[0]['id']) {
+			pop_lang();
+			return;
+		}
+	}
+
+
+
+
+
+
+
+
 	$itemlink = $a->get_baseurl() . '/notify/view/' . $notify_id;
 	$msg = replace_macros($epreamble,array('$itemlink' => $itemlink));
 	$r = q("update notify set msg = '%s' where id = %d and uid = %d limit 1",
--- a/include/items.php
+++ b/include/items.php
@ -3665,7 +3665,7 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) {
 			// Only embed locally hosted photos
 			$replace = false;
 			$i = basename($image);
-			$i = str_replace(array('.jpg','.png'),array('',''),$i);
+			$i = str_replace(array('.jpg','.png','.gif'),array('','',''),$i);
 			$x = strpos($i,'-');

 			if($x) {
@ -3676,7 +3676,7 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) {
 					intval($res),
 					intval($uid)
 				);
-				if(count($r)) {
+				if($r) {

 					// Check to see if we should replace this photo link with an embedded image
 					// 1. No need to do so if the photo is public
@ -3945,6 +3945,34 @@ function drop_item($id,$interactive = true) {

 	if((local_user() == $item['uid']) || ($cid) || (! $interactive)) {

+		// Check if we should do HTML-based delete confirmation
+		if($_REQUEST['confirm']) {
+			// <form> can't take arguments in its "action" parameter
+			// so add any arguments as hidden inputs
+			$query = explode_querystring($a->query_string);
+			$inputs = array();
+			foreach($query['args'] as $arg) {
+				if(strpos($arg, 'confirm=') === false) {
+					$arg_parts = explode('=', $arg);
+					$inputs[] = array('name' => $arg_parts[0], 'value' => $arg_parts[1]);
+				}
+			}
+
+			return replace_macros(get_markup_template('confirm.tpl'), array(
+				'$method' => 'get',
+				'$message' => t('Do you really want to delete this item?'),
+				'$extra_inputs' => $inputs,
+				'$confirm' => t('Yes'),
+				'$confirm_url' => $query['base'],
+				'$confirm_name' => 'confirmed',
+				'$cancel' => t('Cancel'),
+			));
+		}
+		// Now check how the user responded to the confirmation query
+		if($_REQUEST['canceled']) {
+			goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+		}
+
 		logger('delete item: ' . $item['id'], LOGGER_DEBUG);
 		// delete the item

--- a/include/nav.php
+++ b/include/nav.php
@ -8,8 +8,6 @@ function nav(&$a) {
 	 *
 	 */

-	$ssl_state = ((local_user()) ? true : false);
-
 	if(!(x($a->page,'nav')))
 		$a->page['nav'] = '';

@ -19,6 +17,35 @@ function nav(&$a) {

 	$a->page['nav'] .= '<div id="panel" style="display: none;"></div>' ;

+	$nav_info = nav_info($a);
+
+	/**
+	 * Build the page
+	 */
+
+	$tpl = get_markup_template('nav.tpl');
+
+	$a->page['nav'] .= replace_macros($tpl, array(
+        '$baseurl' => $a->get_baseurl(),
+		'$langselector' => lang_selector(),
+		'$sitelocation' => $nav_info['sitelocation'],
+		'$nav' => $nav_info['nav'],
+		'$banner' =>  $nav_info['banner'],
+		'$emptynotifications' => t('Nothing new here'),
+		'$userinfo' => $nav_info['userinfo'],
+		'$sel' => 	$a->nav_sel,
+		'$apps' => $a->apps,
+		'$clear_notifs' => t('Clear notifications')
+	));
+
+	call_hooks('page_header', $a->page['nav']);
+}
+
+
+function nav_info(&$a) {
+
+	$ssl_state = ((local_user()) ? true : false);
+
 	/**
 	 *
 	 * Our network is distributed, and as you visit friends some of the 
@ -152,6 +179,9 @@ function nav(&$a) {
 	 }


+	 $nav['navigation'] = array('navigation/', t('Navigation'), "", t('Site map'));
+
+
 	/**
 	 *
 	 * Provide a banner/logo/whatever
@ -164,23 +194,15 @@ function nav(&$a) {
 		$banner .= '<a href="http://friendica.com"><img id="logo-img" src="images/friendica-32.png" alt="logo" /></a><span id="logo-text"><a href="http://friendica.com">Friendica</a></span>';


-	$tpl = get_markup_template('nav.tpl');
-
-	$a->page['nav'] .= replace_macros($tpl, array(
-        '$baseurl' => $a->get_baseurl(),
-		'$langselector' => lang_selector(),
-		'$sitelocation' => $sitelocation,
-		'$nav' => $nav,
-		'$banner' =>  $banner,
-		'$emptynotifications' => t('Nothing new here'),
-		'$userinfo' => $userinfo,
-		'$sel' => 	$a->nav_sel,
-		'$apps' => $a->apps,
-	));
-
-	call_hooks('page_header', $a->page['nav']);
+	return array(
+		'sitelocation' => $sitelocation,
+		'nav' => $nav,
+		'banner' => $banner,
+		'userinfo' => $userinfo,
+	);
 }

+
 /*
 * Set a menu item in navbar as selected
 * 
--- a/include/plugin.php
+++ b/include/plugin.php
@ -164,6 +164,10 @@ function call_hooks($name, &$data = null) {

 	if((is_array($a->hooks)) && (array_key_exists($name,$a->hooks))) {
 		foreach($a->hooks[$name] as $hook) {
+			// Don't run a theme's hook if the user isn't using the theme
+			if(strpos($hook[0], 'view/theme/') !== false && strpos($hook[0], 'view/theme/'.current_theme()) === false)
+				continue;
+
 			@include_once($hook[0]);
 			if(function_exists($hook[1])) {
 				$func = $hook[1];
@ -328,6 +332,42 @@ function get_theme_screenshot($theme) {
 	return($a->get_baseurl() . '/images/blank.png');
 }

+// install and uninstall theme
+if (! function_exists('uninstall_theme')){
+function uninstall_theme($theme){
+	logger("Addons: uninstalling theme " . $theme);
+    
+	@include_once("view/theme/$theme/theme.php");
+	if(function_exists("{$theme}_uninstall")) {
+		$func = "{$theme}_uninstall";
+		$func();
+	}
+}}
+
+if (! function_exists('install_theme')){
+function install_theme($theme) {
+	// silently fail if theme was removed
+
+	if(! file_exists("view/theme/$theme/theme.php"))
+		return false;
+
+	logger("Addons: installing theme $theme");
+
+	@include_once("view/theme/$theme/theme.php");
+
+	if(function_exists("{$theme}_install")) {
+		$func = "{$theme}_install";
+		$func();
+		return true;
+	}
+	else {
+		logger("Addons: FAILED installing theme $theme");
+		return false;
+	}
+
+}}
+
+

 // check service_class restrictions. If there are no service_classes defined, everything is allowed.
 // if $usage is supplied, we check against a maximum count and return true if the current usage is 
--- a/include/queue.php
+++ b/include/queue.php
@ -41,7 +41,7 @@ function queue_run(&$argv, &$argc){
 	$interval = ((get_config('system','delivery_interval') === false) ? 2 : intval(get_config('system','delivery_interval')));

 	$r = q("select * from deliverq where 1");
-	if(count($r)) {
+	if($r) {
 		foreach($r as $rr) {
 			logger('queue: deliverq');
 			proc_run('php','include/delivery.php',$rr['cmd'],$rr['item'],$rr['contact']);
@ -53,7 +53,7 @@ function queue_run(&$argv, &$argc){
 	$r = q("SELECT `queue`.*, `contact`.`name`, `contact`.`uid` FROM `queue` 
 		LEFT JOIN `contact` ON `queue`.`cid` = `contact`.`id` 
 		WHERE `queue`.`created` < UTC_TIMESTAMP() - INTERVAL 3 DAY");
-	if(count($r)) {
+	if($r) {
 		foreach($r as $rr) {
 			logger('Removing expired queue item for ' . $rr['name'] . ', uid=' . $rr['uid']);
 			logger('Expired queue data :' . $rr['content'], LOGGER_DATA);
@ -73,7 +73,7 @@ function queue_run(&$argv, &$argc){

 		$r = q("SELECT `id` FROM `queue` WHERE (( `created` > UTC_TIMESTAMP() - INTERVAL 12 HOUR && `last` < UTC_TIMESTAMP() - INTERVAL 15 MINUTE ) OR ( `last` < UTC_TIMESTAMP() - INTERVAL 1 HOUR ))");
 	}
-	if(! count($r)){
+	if(! $r){
 		return;
 	}

--- a/include/security.php
+++ b/include/security.php
@ -266,8 +266,8 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 	 * Profile owner - everything is visible
 	 */

-	if(($local_user) && ($local_user == $owner_id)) {
-		$sql = ''; 
+	if($local_user && ($local_user == $owner_id)) {
+		$sql = '';
 	}

 	/**
@ -300,7 +300,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 			} 

 			$sql = sprintf(
-				" AND ( private = 0 OR ( private = 1 AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
+				/*" AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) 
 				  AND ( deny_cid  = '' OR  NOT deny_cid REGEXP '<%d>' ) 
 				  AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
 				  AND ( deny_gid  = '' OR NOT deny_gid REGEXP '%s'))) 
@ -309,6 +309,15 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
 				intval($remote_user),
 				dbesc($gs),
 				dbesc($gs)
+*/
+				" AND ( private = 0 OR ( private in (1,2) AND wall = 1
+				  AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
+				  AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '')))))
+				",
+				intval($remote_user),
+				dbesc($gs),
+				intval($remote_user),
+				dbesc($gs)
 			);
 		}
 	}
--- a/include/template_processor.php
+++ b/include/template_processor.php
@ -259,15 +259,15 @@ class Template {
 	public function replace($s, $r) {
 		$this->r = $r;

+		// remove comments block
+		$s = preg_replace('/{#(.*?\s*?)*?#}/', "", $s);
+
 		$s = $this->_build_nodes($s);

 		$s = preg_replace_callback('/\|\|([0-9]+)\|\|/', array($this, "_replcb_node"), $s);
 		if ($s == Null)
 			$this->_preg_error();

-		// remove comments block
-		$s = preg_replace('/{#[^#]*#}/', "", $s);
-
 		// replace strings recursively (limit to 10 loops)
 		$os = "";
 		$count = 0;
--- a/include/text.php
+++ b/include/text.php
@ -174,10 +174,11 @@ function autoname($len) {

 if(! function_exists('xmlify')) {
 function xmlify($str) {
-	$buffer = '';
+/*	$buffer = '';
 	
-	for($x = 0; $x < mb_strlen($str); $x ++) {
-		$char = $str[$x];
+	$len = mb_strlen($str);
+	for($x = 0; $x < $len; $x ++) {
+		$char = mb_substr($str,$x,1);
        
 		switch( $char ) {

@ -205,7 +206,14 @@ function xmlify($str) {
 				$buffer .= $char;
 				break;
 		}	
-	}
+	}*/
+
+	$buffer = mb_ereg_replace("&", "&amp;", $str);
+	$buffer = mb_ereg_replace("'", "&apos;", $buffer);
+	$buffer = mb_ereg_replace("\"", "&quot;", $buffer);
+	$buffer = mb_ereg_replace("<", "&lt;", $buffer);
+	$buffer = mb_ereg_replace(">", "&gt;", $buffer);
+
 	$buffer = trim($buffer);
 	return($buffer);
 }}
@ -215,8 +223,13 @@ function xmlify($str) {

 if(! function_exists('unxmlify')) {
 function unxmlify($s) {
-	$ret = str_replace('&amp;','&', $s);
-	$ret = str_replace(array('&lt;','&gt;','&quot;','&apos;'),array('<','>','"',"'"),$ret);
+//	$ret = str_replace('&amp;','&', $s);
+//	$ret = str_replace(array('&lt;','&gt;','&quot;','&apos;'),array('<','>','"',"'"),$ret);
+	$ret = mb_ereg_replace('&amp;', '&', $s);
+	$ret = mb_ereg_replace('&apos;', "'", $ret);
+	$ret = mb_ereg_replace('&quot;', '"', $ret);
+	$ret = mb_ereg_replace('&lt;', "<", $ret);
+	$ret = mb_ereg_replace('&gt;', ">", $ret);
 	return $ret;	
 }}

@ -1083,7 +1096,18 @@ function prepare_body($item,$attach = false) {
 			$cnt = preg_match_all('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"|',$r,$matches, PREG_SET_ORDER);
 			if($cnt) {
 				foreach($matches as $mtch) {
-					$icontype = strtolower(substr($mtch[3],0,strpos($mtch[3],'/')));
+					$filetype = strtolower(substr( $mtch[3], 0, strpos($mtch[3],'/') ));
+					if($filetype) {
+						$filesubtype = strtolower(substr( $mtch[3], strpos($mtch[3],'/') + 1 ));
+						$filesubtype = str_replace('.', '-', $filesubtype);
+					}
+					else {
+						$filetype = 'unkn';
+						$filesubtype = 'unkn';
+					}
+
+					$icon = '<div class="attachtype icon s22 type-' . $filetype . ' subtype-' . $filesubtype . '"></div>';
+					/*$icontype = strtolower(substr($mtch[3],0,strpos($mtch[3],'/')));
 					switch($icontype) {
 						case 'video':
 						case 'audio':
@ -1094,7 +1118,8 @@ function prepare_body($item,$attach = false) {
 						default:
 							$icon = '<div class="attachtype icon s22 type-unkn"></div>';
 							break;
-					}
+					}*/
+
 					$title = ((strlen(trim($mtch[4]))) ? escape_tags(trim($mtch[4])) : escape_tags($mtch[1]));
 					$title .= ' ' . $mtch[2] . ' ' . t('bytes');
 					if((local_user() == $item['uid']) && ($item['contact-id'] != $a->contact['id']) && ($item['network'] == NETWORK_DFRN))