Merge remote-tracking branch 'upstream/develop' into http-417

2019-10-17 21:37:24 +00:00 · 2019-10-17 21:37:24 +00:00 · 36ba7fa79c
parent 5ea8116cfd 409d9df4af
commit 36ba7fa79c
316 changed files with 39229 additions and 36498 deletions
--- a/.codecov.yml
+++ b/.codecov.yml
@ -1,10 +1,14 @@
 codecov:
  branch: develop
  ci:
    - drone.friendi.ca
 coverage:
  precision: 2
  round: down
  range: "70...100"
  status:
-    project:
+    project: off
-      default:
+    patch: off
        target: auto
        threshold: null
        base: auto
 comment: off
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,439 @@
 kind: pipeline
 name: mysql8.0-php7.1
 steps:
 - name: mysql8.0-php7.1
  image: friendicaci/php7.1:php7.1.32
  commands:
      - NOCOVERAGE=true ./autotest.sh mysql
  environment:
    MYSQL_USERNAME: friendica
    MYSQL_PASSWORD: friendica
    MYSQL_DATABASE: friendica
    MYSQL_HOST: mysql
 services:
 - name: mysql
  image: mysql:8.0
  command: [ "--default-authentication-plugin=mysql_native_password" ]
  environment:
    MYSQL_ROOT_PASSWORD: friendica
    MYSQL_USER: friendica
    MYSQL_PASSWORD: friendica
    MYSQL_DATABASE: friendica
  volumes: 
    - name: cache
      path: /var/lib/mysql
 volumes:
 - name: cache
  temp: {}
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: mysql8.0-php7.2
 steps:
 - name: mysql8.0-php7.2
  image: friendicaci/php7.2:php7.2.22
  commands:
    - NOCOVERAGE=true ./autotest.sh mysql
  environment:
    MYSQL_USERNAME: friendica
    MYSQL_PASSWORD: friendica
    MYSQL_DATABASE: friendica
    MYSQL_HOST: mysql
 services:
 - name: mysql
  image: mysql:8.0
  command: [ "--default-authentication-plugin=mysql_native_password" ]
  environment:
    MYSQL_ROOT_PASSWORD: friendica
    MYSQL_USER: friendica
    MYSQL_PASSWORD: friendica
    MYSQL_DATABASE: friendica
  volumes:
    - name: cache
      path: /var/lib/mysql
 volumes:
  - name: cache
    temp: {}
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: mysql8.0-php7.3
 steps:
 - name: mysql8.0-php7.3
  image: friendicaci/php7.3:php7.3.9
  commands:
      - NOCOVERAGE=true ./autotest.sh mysql
  environment:
      MYSQL_USERNAME: friendica
      MYSQL_PASSWORD: friendica
      MYSQL_DATABASE: friendica
      MYSQL_HOST: mysql
 services:
 - name: mysql
  image: mysql:8.0
  command: [ "--default-authentication-plugin=mysql_native_password" ]
  environment:
      MYSQL_ROOT_PASSWORD: friendica
      MYSQL_USER: friendica
      MYSQL_PASSWORD: friendica
      MYSQL_DATABASE: friendica
  volumes:
    - name: cache
      path: /var/lib/mysql
 volumes:
  - name: cache
    temp: {}
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: mariadb10.1-php7.1
 steps:
 - name: mariadb10.1-php7.1
  image: friendicaci/php7.1:php7.1.32
  commands:
      - phpenmod xdebug
      - sleep 20
      - ./autotest.sh mariadb
      - wget https://codecov.io/bash -O codecov.sh
      - sh -c "if [ '$DRONE_BUILD_EVENT' = 'pull_request' ]; then bash codecov.sh -B $DRONE_BRANCH -C $DRONE_COMMIT -P $DRONE_PULL_REQUEST -t 5ce7d64e-07b4-4adf-8700-e2eae27e14ec -f tests/autotest-clover.xml; fi"
      - sh -c "if [ '$DRONE_BUILD_EVENT' != 'pull_request' ]; then bash codecov.sh -B $DRONE_BRANCH -C $DRONE_COMMIT -t 5ce7d64e-07b4-4adf-8700-e2eae27e14ec -f tests/autotest-clover.xml; fi"
  environment:
      MYSQL_USER: friendica
      MYSQL_PASSWORD: friendica
      MYSQL_DATABASE: friendica
      MYSQL_HOST: mariadb
 services:
 - name: mariadb
  image: mariadb:10.1
  environment:
      MYSQL_ROOT_PASSWORD: friendica
      MYSQL_USER: friendica
      MYSQL_PASSWORD: friendica
      MYSQL_DATABASE: friendica
  volumes:
    - name: cache
      path: /var/lib/mysql
 volumes:
  - name: cache
    temp: {}
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: mariadb10.1-php7.2
 steps:
 - name: mariadb10.1-php7.2
  image: friendicaci/php7.2:php7.2.22
  commands:
      - NOCOVERAGE=true ./autotest.sh mariadb
  environment:
      MYSQL_USER: friendica
      MYSQL_PASSWORD: friendica
      MYSQL_DATABASE: friendica
      MYSQL_HOST: mariadb
 services:
 - name: mariadb
  image: mariadb:10.1
  environment:
      MYSQL_ROOT_PASSWORD: friendica
      MYSQL_USER: friendica
      MYSQL_PASSWORD: friendica
      MYSQL_DATABASE: friendica
  volumes:
    - name: cache
      path: /var/lib/mysql
 volumes:
  - name: cache
    temp: {}
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: mariadb10.1-php7.3
 steps:
 - name: mariadb10.1-php7.3
  image: friendicaci/php7.3:php7.3.9
  commands:
      - NOCOVERAGE=true ./autotest.sh mariadb
  environment:
      MYSQL_USER: friendica
      MYSQL_PASSWORD: friendica
      MYSQL_DATABASE: friendica
      MYSQL_HOST: mariadb
 services:
 - name: mariadb
  image: mariadb:10.1
  environment:
      MYSQL_ROOT_PASSWORD: friendica
      MYSQL_USER: friendica
      MYSQL_PASSWORD: friendica
      MYSQL_DATABASE: friendica
  volumes:
    - name: cache
      path: /var/lib/mysql
 volumes:
  - name: cache
    temp: {}
 ---
 kind: pipeline
 name: redis-php7.1
 steps:
 - name: redis-php7.1
  image: friendicaci/php7.1:php7.1.32
  commands:
    - phpenmod xdebug
    - sleep 20
    - NOINSTALL=true TEST_SELECTION=REDIS ./autotest.sh mysql
    - wget https://codecov.io/bash -O codecov.sh
    - sh -c "if [ '$DRONE_BUILD_EVENT' = 'pull_request' ]; then bash codecov.sh -B $DRONE_BRANCH -C $DRONE_COMMIT -P $DRONE_PULL_REQUEST -t 5ce7d64e-07b4-4adf-8700-e2eae27e14ec -f tests/autotest-clover.xml; fi"
    - sh -c "if [ '$DRONE_BUILD_EVENT' != 'pull_request' ]; then bash codecov.sh -B $DRONE_BRANCH -C $DRONE_COMMIT -t 5ce7d64e-07b4-4adf-8700-e2eae27e14ec -f tests/autotest-clover.xml; fi"
  environment:
      REDIS_HOST: redis
 services:
 - name: redis
  image: redis
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: redis-php7.2
 steps:
 - name: redis-php7.2
  image: friendicaci/php7.2:php7.2.22
  commands:
      - NOCOVERAGE=true NOINSTALL=true TEST_SELECTION=REDIS ./autotest.sh mysql
  environment:
    REDIS_HOST: redis
 services:
 - name: redis
  image: redis
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: redis-php7.3
 steps:
 - name: redis-php7.3
  image: friendicaci/php7.3:php7.3.9
  commands:
      - NOCOVERAGE=true NOINSTALL=true TEST_SELECTION=REDIS ./autotest.sh mysql
  environment:
    REDIS_HOST: redis
 services:
 - name: redis
  image: redis
 ---
 kind: pipeline
 name: memcache-php7.1
 steps:
 - name: memcache-php7.1
  image: friendicaci/php7.1:php7.1.32
  commands:
      - phpenmod xdebug
      - sleep 20
      - NOINSTALL=true TEST_SELECTION=MEMCACHE ./autotest.sh mysql
      - wget https://codecov.io/bash -O codecov.sh
      - sh -c "if [ '$DRONE_BUILD_EVENT' = 'pull_request' ]; then bash codecov.sh -B $DRONE_BRANCH -C $DRONE_COMMIT -P $DRONE_PULL_REQUEST -t 5ce7d64e-07b4-4adf-8700-e2eae27e14ec -f tests/autotest-clover.xml; fi"
      - sh -c "if [ '$DRONE_BUILD_EVENT' != 'pull_request' ]; then bash codecov.sh -B $DRONE_BRANCH -C $DRONE_COMMIT -t 5ce7d64e-07b4-4adf-8700-e2eae27e14ec -f tests/autotest-clover.xml; fi"
  environment:
      MEMCACHE_HOST: memcached
 services:
 - name: memcached
  image: memcached
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: memcache-php7.2
 steps:
 - name: memcache-php7.2
  image: friendicaci/php7.2:php7.2.22
  commands:
      - NOCOVERAGE=true NOINSTALL=true TEST_SELECTION=MEMCACHE ./autotest.sh mysql
  environment:
      MEMCACHE_HOST: memcached
 services:
 - name: memcached
  image: memcached
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: memcache-php7.3
 steps:
 - name: memcache-php7.3
  image: friendicaci/php7.3:php7.3.9
  commands:
      - NOCOVERAGE=true NOINSTALL=true TEST_SELECTION=MEMCACHE ./autotest.sh mysql
  environment:
      MEMCACHE_HOST: memcached
 services:
 - name: memcached
  image: memcached
 ---
 kind: pipeline
 name: memcached-php7.1
 steps:
 - name: memcached-php7.1
  image: friendicaci/php7.1:php7.1.32
  commands:
      - phpenmod xdebug
      - sleep 20
      - NOINSTALL=true TEST_SELECTION=MEMCACHED ./autotest.sh mysql
      - wget https://codecov.io/bash -O codecov.sh
      - sh -c "if [ '$DRONE_BUILD_EVENT' = 'pull_request' ]; then bash codecov.sh -B $DRONE_BRANCH -C $DRONE_COMMIT -P $DRONE_PULL_REQUEST -t 5ce7d64e-07b4-4adf-8700-e2eae27e14ec -f tests/autotest-clover.xml; fi"
      - sh -c "if [ '$DRONE_BUILD_EVENT' != 'pull_request' ]; then bash codecov.sh -B $DRONE_BRANCH -C $DRONE_COMMIT -t 5ce7d64e-07b4-4adf-8700-e2eae27e14ec -f tests/autotest-clover.xml; fi"
  environment:
      MEMCACHED_HOST: memcached
 services:
 - name: memcached
  image: memcached
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: memcached-php7.2
 steps:
 - name: memcached-php7.2
  image: friendicaci/php7.2:php7.2.22
  commands:
      - NOCOVERAGE=true NOINSTALL=true TEST_SELECTION=MEMCACHED ./autotest.sh mysql
  environment:
      MEMCACHED_HOST: memcached
 services:
 - name: memcached
  image: memcached
 trigger:
  branch:
    - master
    - develop
    - "*-rc"
  event:
    - pull_request
    - push
 ---
 kind: pipeline
 name: memcached-php7.3
 steps:
 - name: memcached-php7.3
  image: friendicaci/php7.3:php7.3.9
  commands:
      - NOCOVERAGE=true NOINSTALL=true TEST_SELECTION=MEMCACHED ./autotest.sh mysql
  environment:
      MEMCACHED_HOST: memcached
 services:
 - name: memcached
  image: memcached
--- a/.travis.yml
+++ b/.travis.yml
@ -26,4 +26,4 @@ before_script:
 - phpenv config-add .travis/redis.ini
 - phpenv config-add .travis/memcached.ini
-after_success: bash <(curl -s https://codecov.io/bash)
+script: vendor/bin/phpunit --configuration tests/phpunit.xml
--- a/66
+++ b/66
@ -1,24 +1,44 @@
-Version 2019.09-dev (UNRELEASED)
+Version 2019.12-dev (unreleased)
  Friendica Core:
-    Update to the translations (CS, DE, FR, JA, NL) [translation teams]
+    Enhanced the manage functionality [annando]
    Fixed some problems with the remote auth functionality [annando]
    Added router configuration file [nupplaphil]
    Added drone.io as CI service [nupplaphil]
  Friendica Addons:
    mailstream:
      Support for new img format was added [mexon]
      BB Code is now included as plaintext [mexon]
      Logging format is enhanced [mexon]
      ActivityPub "announce" notifications are not included [mexon]
  Closed Issues:
    1071, 7548, 7657, 7681
 Version 2019.09 (2019-09-29)
  Friendica Core:
    Update to the translations (CS, DE, EN GB, EN US, FR, JA, NL, PL) [translation teams]
    Update to the themes (frio, vier) [JeroenED, MrPetovan, tobiasd, vinzv]
-    Update to the documentation [guzzisti, vinzv]
+    Update to the documentation [annando, tobiasd, guzzisti, vinzv]
    Enhanced the log output of the background process [annando]
-    Enhanced the vcard translation in the profile (JeroenED)
+    Enhanced the vcard translation in the profile [JeroenED]
    Enhanced the delivery count [annando]
    Enhanced ActivityPub envelopes [MrPetovan]
    Enhanced communication about deleted accounts via AP [annando]
    Enhanced the following process [annando]
    Enhanced the tests [nupplaphil]
-    Enhanced the frontend worker [annando]
+    Enhanced the front-end worker [annando]
    Enhanced the img format to allow alternative texts [annando]
    Enhanced the detection of supported protocols for contacts [annando]
-    Enhanced the reshare of items [annando]
+    Enhanced the re-share of items [annando]
    Enhanced 2FA process [MrPetovan]
    Enhanced server wide theme settings [MrPetovan]
    Enhanced config loading process [MrPetovan, nupplaphil]
    Enhanced handling of emoticons [MrPetovan]
-    Fixed a bug in the admin panel leading to orphand options [tobiasd]
+    Enhanced performance [annando]
    Fixed a bug in the admin panel leading to orphaned options [tobiasd]
    Fixed a problem that could lead to duplicated Pleroma contacts [annando]
    Fixed a problem with the hide profile setting [annando]
    Fixed the problem sending out the post when hitting the enter key in the ACL dialog [MrPetovan]
    Fixed a bug in HTML special character escaping of event titles [MrPetovan]
    Fixed a bug in HTML special character conversion in item titles [MrPetovan]
@ -26,7 +46,19 @@ Version 2019.09-dev (UNRELEASED)
    Fixed a bug that prevented the display of images in some postings from diaspora* [MrPetovan]
    Fixed a bug in setting the permissions on uploaded images [annando]
    Fixed a bug that lead to potentially unwanted importing threads started by contacts of contacts [annando]
    Fixed implicit self mentions [MrPetovan]
    Fixed display of register links on closed nodes landing pages [MrPetovan]
    Fixed the display of [spoiler] tags [MrPetovan]
    Fixed an issue with photo permissions in private mails [annando]
    Fixed a bug in the process of following Pleroma accounts [annando]
    Fixed a bug that caused notifications about locally deleted items [annando]
    Fixed the link to the source of an event [MrPetovan]
    Fixed a problem that caused authors from twitter postings having no profile pic [annando]
    Fixed a bug in BBCode -> Markdown conversation for font size [annando]
    Fixed a BBCode parser problem with the audio tag [MrPetovan]
    Fixed a session problem [annando]
    Fixed a problem with the auto-installer [nupplaphil]
    Fixed a bug with magic links redirection for non profiles [annando]
    General code cleaning [annando, MrPetovan, nupplaphil]
    Removed contacts auto completion (in /contacts [MrPetovan]
    Replaced FontAwesome by ForkAwesome in frio theme [vinzv]
@ -37,19 +69,29 @@ Version 2019.09-dev (UNRELEASED)
    Added support of wildcards to server block lists [MrPetovan]
    Added app specific passwords when using 2FA [MrPetovan]
    Added fetching of postings via URL to interact with public postings [annando]
    Added opt-out flag for federated search engines and associated header information for profiles [annando]
  Friendica Addons:
-    Update to the translation (CS, DE, FR, JA, NL SV) [translation teams]
+    Update to the translation (CS, DE, EN GB, EN US, ES, FR, JA, NL SV) [translation teams]
    General code cleanup [nupplaphil, Quix0r]
    blockbot:
      Added translations
      Added more bots [annando]
      Added admin panel settings [annando]
    tumblr:
      Changed used URLs to https adopting tumblrs change [annando]
    twitter:
      Enhanced handling of multi image postings [annando]
      Enhanced display of quoted tweets [MrPetovan]
      Added alternative text support for images [annando]
  Closed Issues:
-    3816, 4815, 6384, 6675, 7235, 7293, 7314, 7317, 7337, 7338, 7346,
+     870, 1605, 2199, 3239, 3816, 4117, 4815, 5721, 6384, 6521, 6553,
-    7350, 7367, 7383, 7396, 7397, 7401, 7406, 7408, 7426, 7428, 7456,
+    6675, 7212, 7235, 7285, 7293, 7314, 7317, 7337, 7338, 7346, 7350,
-    7442, 7457, 7468, 7471, 7473, 7488, 7497, 7498, 7501, 7507, 7522,
+    7367, 7383, 7396, 7397, 7401, 7406, 7408, 7426, 7428, 7456, 7442,
-    7527, 7536, 7542, 7545
+    7457, 7468, 7471, 7473, 7488, 7497, 7498, 7501, 7507, 7521, 7526,
    7527, 7536, 7542, 7545, 7576, 7586, 7594, 7597, 7603, 7610, 7618,
    7629, 7635, 7638, 7663, 7665, 7672
 Version 2019.06 (2019-06-23)
  Friendica Core:
--- a/2
+++ b/2
@ -1 +1 @@
-2019.09-rc
+2019.12-dev
--- a/4
+++ b/4
@ -6,8 +6,8 @@ server_timezone = "UTC"
 public_folder = "/vagrant"
 Vagrant.configure(2) do |config|
-  # Set server to Ubuntu 16.04
+  # Set server to Debian 10 / Buster 64bit
-  config.vm.box = "ubuntu/xenial64"
+  config.vm.box = "debian/buster64"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
--- a/autotest.sh
+++ b/autotest.sh
@ -0,0 +1,279 @@
 #!/usr/bin/env bash
 #
 # This script is used for autotesting the Friendica codebase with different
 # types of tests and environments.
 #
 # Currently, there are three types of autotesting possibilities:
 # - "USEDOCKER=true ./autotest.sh" will start a database docker container for testing
 # - "./autotest.sh" on the Drone CI environment will use the database container of the drone CI pipeline
 # - "./autotest.sh" on a local environment will try to use the local database instance for testing
 #
 # You can specify a database (mysql, mariadb currently) for the db backend of Friendica ("./autotest.sh mysql")
 # And you can specify some parameters for the test, like:
 # - NOCOVERAGE=true ... Don't create a coverage XML (this is only useful if you will send coverage to codecov.io)
 # - NOINSTALL=true  ... Skip the whole Friendica installation process (e.g. you just test Caching drivers)
 # - TEST_SELECTION= ... Specify which tests are used to run (based on the test-labeling)
 # - XDEBUG_CONFIG=  ... Set some XDEBUG specific environment settings for development
 DATABASENAME=${MYSQL_DATABASE:-test}
 DATABASEUSER=${MYSQL_USERNAME:-friendica}
 DATABASEHOST=${MYSQL_HOST:-localhost}
 BASEDIR=$PWD
 DBCONFIGS="mysql mariadb"
 TESTS="REDIS MEMCACHE MEMCACHED APCU NODB"
 export MYSQL_DATABASE="$DATABASENAME"
 export MYSQL_USERNAME="$DATABASEUSER"
 export MYSQL_PASSWORD="friendica"
 if [ -z "$PHP_EXE" ]; then
  PHP_EXE=php
 fi
 PHP=$(which "$PHP_EXE")
 # Use the Friendica internal composer
 COMPOSER="$BASEDIR/bin/composer.phar"
 set -e
 _XDEBUG_CONFIG=$XDEBUG_CONFIG
 unset XDEBUG_CONFIG
 function show_syntax() {
  echo -e "Syntax: ./autotest.sh [dbconfigname] [testfile]\n" >&2
  echo -e "\t\"dbconfigname\" can be one of: $DBCONFIGS" >&2
  echo -e "\t\"testfile\" is the name of a test file, for example lib/template.php" >&2
  echo -e "\nDatabase environment variables:\n" >&2
  echo -e "\t\"MYSQL_HOST\" Mysql Hostname (Default: localhost)" >&2
  echo -e "\t\"MYSQL_USDRNAME\" Mysql Username (Default: friendica)" >&2
  echo -e "\t\"MYSQL_DATABASE\" Mysql Database (Default: test)" >&2
  echo -e "\nOther environment variables:\n" >&2
  echo -e "\t\"TEST_SELECTION\" test a specific group of tests, can be one of: $TESTS" >&2
  echo -e "\t\"NOINSTALL\" If set to true, skip the db and install process" >&2
  echo -e "\t\"NOCOVERAGE\" If set to true, don't create a coverage output" >&2
  echo -e "\t\"USEDOCKER\" If set to true, the DB server will be executed inside a docker container" >&2
  echo -e "\nExample: NOCOVERAGE=true ./autotest.sh mysql src/Core/Cache/MemcacheTest.php" >&2
  echo "will run the test suite from \"tests/src/Core/Cache/MemcacheTest.php\" without a Coverage" >&2
  echo -e "\nIf no arguments are specified, all tests will be run with all database configs" >&2
 }
 if [ -x "$PHP" ]; then
  echo "Using PHP executable $PHP"
 else
  echo "Could not find PHP executable $PHP_EXE" >&2
  exit 3
 fi
 echo "Installing depdendencies"
 $PHP "$COMPOSER" install
 PHPUNIT="$BASEDIR/vendor/bin/phpunit"
 if [ -x "$PHPUNIT" ]; then
  echo "Using PHPUnit executable $PHPUNIT"
 else
  echo "Could not find PHPUnit executable after composer $PHPUNIT" >&2
  exit 3
 fi
 if ! [ \( -w config -a ! -f config/local.config.php \) -o \( -f config/local.config.php -a -w config/local.config.php \) ]; then
  echo "Please enable write permissions on config and config/config.php" >&2
  exit 1
 fi
 if [ "$1" ]; then
  FOUND=0
  for DBCONFIG in $DBCONFIGS; do
    if [ "$1" = "$DBCONFIG" ]; then
      FOUND=1
      break
    fi
  done
  if [ $FOUND = 0 ]; then
    echo -e "Unknown database config name \"$1\"\n" >&2
    show_syntax
    exit 2
  fi
 fi
 # Back up existing (dev) config if one exists and backup not already there
 if [ -f config/local.config.php ] && [ ! -f config/local.config-autotest-backup.php ]; then
  mv config/local.config.php config/local.config-autotest-backup.php
 fi
 function cleanup_config() {
  if [ -n "$DOCKER_CONTAINER_ID" ]; then
    echo "Kill the docker $DOCKER_CONTAINER_ID"
    docker stop "$DOCKER_CONTAINER_ID"
    docker rm -f "$DOCKER_CONTAINER_ID"
  fi
  cd "$BASEDIR"
  # Restore existing config
  if [ -f config/local.config-autotest-backup.php ]; then
    mv config/local.config-autotest-backup.php config/local.config.php
  fi
 }
 # restore config on exit
 trap cleanup_config EXIT
 function execute_tests() {
  DB=$1
  echo "Setup environment for $DB testing ..."
  # back to root folder
  cd "$BASEDIR"
  # backup current config
  if [ -f config/local.config.php ]; then
    mv config/local.config.php config/local.config-autotest-backup.php
  fi
  if [ -z "$NOINSTALL" ]; then
    #drop database
    if [ "$DB" == "mysql" ]; then
      if [ -n "$USEDOCKER" ]; then
        echo "Fire up the mysql docker"
        DOCKER_CONTAINER_ID=$(docker run \
          -e MYSQL_ROOT_PASSWORD=friendica \
          -e MYSQL_USER="$DATABASEUSER" \
          -e MYSQL_PASSWORD=friendica \
          -e MYSQL_DATABASE="$DATABASENAME" \
          -d mysql)
        DATABASEHOST=$(docker inspect --format="{{.NetworkSettings.IPAddress}}" "$DOCKER_CONTAINER_ID")
      else
        if [ -z "$DRONE" ]; then # no need to drop the DB when we are on CI
          if [ "mysql" != "$(mysql --version | grep -o mysql)" ]; then
            echo "Your mysql binary is not provided by mysql"
            echo "To use the docker container set the USEDOCKER environment variable"
            exit 3
          fi
          mysql -u "$DATABASEUSER" -pfriendica -e "DROP DATABASE IF EXISTS $DATABASENAME" -h $DATABASEHOST || true
          mysql -u "$DATABASEUSER" -pfriendica -e "CREATE DATABASE $DATABASENAME DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci" -h $DATABASEHOST
        else
          DATABASEHOST=mysql
        fi
      fi
      echo "Waiting for MySQL $DATABASEHOST initialization..."
      if ! bin/wait-for-connection $DATABASEHOST 3306 300; then
        echo "[ERROR] Waited 300 seconds, no response" >&2
        exit 1
      fi
      echo "MySQL is up."
    fi
    if [ "$DB" == "mariadb" ]; then
      if [ -n "$USEDOCKER" ]; then
        echo "Fire up the mariadb docker"
        DOCKER_CONTAINER_ID=$(docker run \
          -e MYSQL_ROOT_PASSWORD=friendica \
          -e MYSQL_USER="$DATABASEUSER" \
          -e MYSQL_PASSWORD=friendica \
          -e MYSQL_DATABASE="$DATABASENAME" \
          -d mariadb)
        DATABASEHOST=$(docker inspect --format="{{.NetworkSettings.IPAddress}}" "$DOCKER_CONTAINER_ID")
      else
        if [ -z "$DRONE" ]; then # no need to drop the DB when we are on CI
          if [ "MariaDB" != "$(mysql --version | grep -o MariaDB)" ]; then
            echo "Your mysql binary is not provided by mysql"
            echo "To use the docker container set the USEDOCKER environment variable"
            exit 3
          fi
          mysql -u "$DATABASEUSER" -pfriendica -e "DROP DATABASE IF EXISTS $DATABASENAME" -h $DATABASEHOST || true
          mysql -u "$DATABASEUSER" -pfriendica -e "CREATE DATABASE $DATABASENAME DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci" -h $DATABASEHOST
        else
          DATABASEHOST=mariadb
        fi
      fi
      echo "Waiting for MariaDB $DATABASEHOST initialization..."
      if ! bin/wait-for-connection $DATABASEHOST 3306 300; then
        echo "[ERROR] Waited 300 seconds, no response" >&2
        exit 1
      fi
      echo "MariaDB is up."
    fi
    if [ -n "$USEDOCKER" ]; then
      echo "Initialize database..."
      docker exec $DOCKER_CONTAINER_ID mysql -u root -pfriendica -e 'CREATE DATABASE IF NOT EXISTS $DATABASENAME;'
    fi
    export MYSQL_HOST="$DATABASEHOST"
    #call installer
    echo "Installing Friendica..."
    "$PHP" ./bin/console.php autoinstall --dbuser="$DATABASEUSER" --dbpass=friendica --dbdata="$DATABASENAME" --dbhost="$DATABASEHOST" --url=https://friendica.local --admin=admin@friendica.local
  fi
  #test execution
  echo "Testing..."
  rm -fr "coverage-html"
  mkdir "coverage-html"
  if [[ "$_XDEBUG_CONFIG" ]]; then
    export XDEBUG_CONFIG=$_XDEBUG_CONFIG
  fi
  COVER=''
  if [ -z "$NOCOVERAGE" ]; then
    COVER="--coverage-clover tests/autotest-clover.xml"
  else
    echo "No coverage"
  fi
  # per default, there is no cache installed
  GROUP='--exclude-group REDIS,MEMCACHE,MEMCACHED,APCU'
  if [ "$TEST_SELECTION" == "REDIS" ]; then
    GROUP="--group REDIS"
  fi
  if [ "$TEST_SELECTION" == "MEMCACHE" ]; then
    GROUP="--group MEMCACHE"
  fi
  if [ "$TEST_SELECTION" == "MEMCACHED" ]; then
    GROUP="--group MEMCACHED"
  fi
  if [ "$TEST_SELECTION" == "APCU" ]; then
    GROUP="--group APCU"
  fi
  if [ "$TEST_SELECTION" == "NODB" ]; then
    GROUP="--exclude-group DB,SLOWDB"
  fi
  INPUT="$BASEDIR/tests"
  if [ -n "$2" ]; then
    INPUT="$INPUT/$2"
  fi
  echo "${PHPUNIT[@]}" --configuration tests/phpunit.xml $GROUP $COVER --log-junit "autotest-results.xml" "$INPUT" "$3"
  "${PHPUNIT[@]}" --configuration tests/phpunit.xml $GROUP $COVER --log-junit "autotest-results.xml" "$INPUT" "$3"
  RESULT=$?
  if [ -n "$DOCKER_CONTAINER_ID" ]; then
    echo "Kill the docker $DOCKER_CONTAINER_ID"
    docker stop $DOCKER_CONTAINER_ID
    docker rm -f $DOCKER_CONTAINER_ID
    unset $DOCKER_CONTAINER_ID
  fi
 }
 #
 # Start the test execution
 #
 if [ -z "$1" ] && [ -n "$TEST_SELECTION" ]; then
  # run all known database configs
  for DBCONFIG in $DBCONFIGS; do
    execute_tests "$DBCONFIG"
  done
 else
  FILENAME="$2"
  if [ -n "$2" ] && [ ! -f "tests/$FILENAME" ] && [ "${FILENAME:0:2}" != "--" ]; then
    FILENAME="../$FILENAME"
  fi
  execute_tests "$1" "$FILENAME" "$3"
 fi
--- a/bin/auth_ejabberd.php
+++ b/bin/auth_ejabberd.php
@ -36,6 +36,7 @@ use Dice\Dice;
 use Friendica\App\Mode;
 use Friendica\BaseObject;
 use Friendica\Util\ExAuth;
 use Psr\Log\LoggerInterface;
 if (sizeof($_SERVER["argv"]) == 0) {
 	die();
@ -54,6 +55,8 @@ chdir($directory);
 require dirname(__DIR__) . '/vendor/autoload.php';
 $dice = (new Dice())->addRules(include __DIR__ . '/../static/dependencies.config.php');
 $dice = $dice->addRule(LoggerInterface::class,['constructParams' => ['auth_ejabberd']]);
 BaseObject::setDependencyInjection($dice);
 $appMode = $dice->create(Mode::class);
--- a/bin/console.php
+++ b/bin/console.php
@ -2,9 +2,11 @@
 <?php
 use Dice\Dice;
 use Psr\Log\LoggerInterface;
 require dirname(__DIR__) . '/vendor/autoload.php';
 $dice = (new Dice())->addRules(include __DIR__ . '/../static/dependencies.config.php');
 $dice = $dice->addRule(LoggerInterface::class,['constructParams' => ['console']]);
 (new Friendica\Core\Console($dice, $argv))->execute();
--- a/bin/daemon.php
+++ b/bin/daemon.php
@ -12,6 +12,7 @@ use Friendica\Core\Config;
 use Friendica\Core\Logger;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Psr\Log\LoggerInterface;
 // Get options
 $shortopts = 'f';
@ -33,6 +34,7 @@ if (!file_exists("boot.php") && (sizeof($_SERVER["argv"]) != 0)) {
 require dirname(__DIR__) . '/vendor/autoload.php';
 $dice = (new Dice())->addRules(include __DIR__ . '/../static/dependencies.config.php');
 $dice = $dice->addRule(LoggerInterface::class,['constructParams' => ['daemon']]);
 \Friendica\BaseObject::setDependencyInjection($dice);
 $a = \Friendica\BaseObject::getApp();
--- a/bin/dev/vagrant_provision.sh
+++ b/bin/dev/vagrant_provision.sh
@ -37,9 +37,9 @@ sudo apt-get install -y apache2
 sudo a2enmod rewrite actions ssl
 sudo cp /vagrant/bin/dev/vagrant_vhost.sh /usr/local/bin/vhost
 sudo chmod guo+x /usr/local/bin/vhost
-    sudo vhost -s 192.168.22.10.xip.io -d /var/www -p /etc/ssl/xip.io -c xip.io -a friendica.local
+sudo vhost -s 192.168.22.10.xip.io -d /var/www -p /etc/ssl/xip.io -c xip.io -a friendica.local
-    sudo a2dissite 000-default
+sudo a2dissite 000-default
-    sudo service apache2 restart
+sudo service apache2 restart
 #Install php
 echo ">>> Installing PHP7"
@ -48,9 +48,9 @@ sudo systemctl restart apache2
 #Install mysql
 echo ">>> Installing Mysql"
-sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password root"
+sudo debconf-set-selections <<< "mariadb-server mariadb-server/root_password password root"
-sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password root"
+sudo debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password root"
-sudo apt-get install -qq mysql-server
+sudo apt-get install -qq mariadb-server
 # enable remote access
 # setting the mysql bind-address to allow connections from everywhere
 sed -i "s/bind-address.*/bind-address = 0.0.0.0/" /etc/mysql/my.cnf
@ -76,6 +76,9 @@ debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Local Only'
 sudo apt-get install -y postfix mailutils libmailutils-dev
 sudo echo -e "friendica1:	vagrant\nfriendica2:	vagrant\nfriendica3:	vagrant\nfriendica4:	vagrant\nfriendica5:	vagrant" >> /etc/aliases && sudo newaliases
 # Friendica needs git for fetching some dependencies
 sudo apt-get install -y git
 #make the vagrant directory the docroot
 sudo rm -rf /var/www/
 sudo ln -fs /vagrant /var/www
@ -83,7 +86,7 @@ sudo ln -fs /vagrant /var/www
 # install deps with composer
 sudo apt install unzip
 cd /var/www
-php bin/composer.phar install
+sudo -u www-data php bin/composer.phar install
 # initial config file for friendica in vagrant
 cp /vagrant/mods/local.config.vagrant.php /vagrant/config/local.config.php
--- a/bin/wait-for-connection
+++ b/bin/wait-for-connection
@ -0,0 +1,45 @@
 #!/usr/bin/php
 #
 # This script tries to connect to a database for a given interval
 # Useful in case of installation e.g. to wait for the database to not generate unnecessary errors
 #
 # Usage: php bin/wait-for-connection {HOST} {PORT} [{TIMEOUT}]
 <?php
 $timeout = 60;
 switch ($argc) {
 	case 4:
 		$timeout = (float)$argv[3];
 	case 3:
 		$host = $argv[1];
 		$port = (int)$argv[2];
 		break;
 	default:
 		fwrite(STDERR, 'Usage: '.$argv[0].' host port [timeout]'."\n");
 		exit(2);
 }
 if ($timeout < 0) {
 	fwrite(STDERR, 'Timeout must be greater than zero'."\n");
 	exit(2);
 }
 if ($port < 1) {
 	fwrite(STDERR, 'Port must be an integer greater than zero'."\n");
 	exit(2);
 }
 $socketTimeout = (float)ini_get('default_socket_timeout');
 if ($socketTimeout > $timeout) {
 	$socketTimeout = $timeout;
 }
 $stopTime = time() + $timeout;
 do {
 	$sock = @fsockopen($host, $port, $errno, $errstr, $socketTimeout);
 	if ($sock !== false) {
 		fclose($sock);
 		fwrite(STDOUT, "\n");
 		exit(0);
 	}
 	sleep(1);
 	fwrite(STDOUT, '.');
 } while (time() < $stopTime);
 fwrite(STDOUT, "\n");
 exit(1);
--- a/bin/worker.php
+++ b/bin/worker.php
@ -11,6 +11,7 @@ use Friendica\BaseObject;
 use Friendica\Core\Config;
 use Friendica\Core\Update;
 use Friendica\Core\Worker;
 use Psr\Log\LoggerInterface;
 // Get options
 $shortopts = 'sn';
@ -32,6 +33,7 @@ if (!file_exists("boot.php") && (sizeof($_SERVER["argv"]) != 0)) {
 require dirname(__DIR__) . '/vendor/autoload.php';
 $dice = (new Dice())->addRules(include __DIR__ . '/../static/dependencies.config.php');
 $dice = $dice->addRule(LoggerInterface::class,['constructParams' => ['worker']]);
 BaseObject::setDependencyInjection($dice);
 $a = BaseObject::getApp();
--- a/boot.php
+++ b/boot.php
@ -23,6 +23,7 @@ use Friendica\Core\Config;
 use Friendica\Core\PConfig;
 use Friendica\Core\Protocol;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Term;
@ -31,7 +32,7 @@ use Friendica\Util\DateTimeFormat;
 define('FRIENDICA_PLATFORM',     'Friendica');
 define('FRIENDICA_CODENAME',     'Dalmatian Bellflower');
-define('FRIENDICA_VERSION',      '2019.09-rc');
+define('FRIENDICA_VERSION',      '2019.12-dev');
 define('DFRN_PROTOCOL_VERSION',  '2.23');
 define('NEW_UPDATE_ROUTINE_VERSION', 1170);
@ -321,47 +322,6 @@ function get_app()
 	return BaseObject::getApp();
 }
 /**
 * Return the provided variable value if it exists and is truthy or the provided
 * default value instead.
 *
 * Works with initialized variables and potentially uninitialized array keys
 *
 * Usages:
 * - defaults($var, $default)
 * - defaults($array, 'key', $default)
 *
 * @param array $args
 * @brief Returns a defaut value if the provided variable or array key is falsy
 * @return mixed
 * @deprecated since version 2019.06, use native coalesce operator (??) instead
 */
 function defaults(...$args)
 {
 	if (count($args) < 2) {
 		throw new BadFunctionCallException('defaults() requires at least 2 parameters');
 	}
 	if (count($args) > 3) {
 		throw new BadFunctionCallException('defaults() cannot use more than 3 parameters');
 	}
 	if (count($args) === 3 && is_null($args[1])) {
 		throw new BadFunctionCallException('defaults($arr, $key, $def) $key is null');
 	}
 	// The default value always is the last argument
 	$return = array_pop($args);
 	if (count($args) == 2 && is_array($args[0]) && !empty($args[0][$args[1]])) {
 		$return = $args[0][$args[1]];
 	}
 	if (count($args) == 1 && !empty($args[0])) {
 		$return = $args[0];
 	}
 	return $return;
 }
 /**
 * @brief Used to end the current process, after saving session state.
 * @deprecated
@ -415,20 +375,14 @@ function public_contact()
 */
 function remote_user()
 {
-	// You cannot be both local and remote.
+	if (empty($_SESSION['authenticated'])) {
 	// Unncommented by rabuzarus because remote authentication to local
 	// profiles wasn't possible anymore (2018-04-12).
 //	if (local_user()) {
 //		return false;
 //	}
 	if (empty($_SESSION)) {
 		return false;
 	}
-	if (!empty($_SESSION['authenticated']) && !empty($_SESSION['visitor_id'])) {
+	if (!empty($_SESSION['visitor_id'])) {
 		return intval($_SESSION['visitor_id']);
 	}
 	return false;
 }
@ -532,7 +486,7 @@ function is_site_admin()
 	$adminlist = explode(',', str_replace(' ', '', $admin_email));
-	return local_user() && $admin_email && in_array(defaults($a->user, 'email', ''), $adminlist);
+	return local_user() && $admin_email && in_array($a->user['email'] ?? '', $adminlist);
 }
 function explode_querystring($query)
--- a/composer.lock
+++ b/composer.lock
--- a/doc/Addons.md
+++ b/doc/Addons.md
@ -533,7 +533,7 @@ Here is a complete list of all hook callbacks with file locations (as of 24-Sep-
    Hook::callAll("parse_link", $arr);
-### mod/manage.php
+### src/Module/Delegation.php
    Hook::callAll('home_init', $ret);
--- a/doc/BBCode.md
+++ b/doc/BBCode.md
@ -602,6 +602,9 @@ While taking pictures in the woods I had a really strange encounter...</td>
 The [abstract] element is not working with connectors where we post HTML directly, like Tumblr, Wordpress or Pump.io.
 For the native connections--that is to e.g. Friendica, Hubzilla, Diaspora or GNU Social--the full posting is used and the contacts instance will display the posting as desired.
 For postings that are delivered via ActivityPub, the text from the abstract is placed in the summary field.
 On Mastodon this field is used for the content warning.
 ## Special
 <table class="bbcodes">
--- a/doc/Developers-Intro.md
+++ b/doc/Developers-Intro.md
@ -81,6 +81,7 @@ Here's a few primers if you are new to Friendica or to the PSR-2 coding standard
 * No closing PHP tag
 * No trailing spaces
 * Array declarations use the new square brackets syntax
 * Quoting style is single quotes by default, except for needed string interpolation, SQL query strings by convention and comments that should stay in natural language.
 Don't worry, you don't have to know by heart the PSR-2 coding standards to start contributing to Friendica.
 There are a few tools you can use to check or fix your files before you commit.
--- a/doc/Forums.md
+++ b/doc/Forums.md
@ -40,7 +40,7 @@ You are not required to do this, but the alternative is to log out and log back
 This could get cumbersome if you manage several different forums/identities. 
 You may also appoint a delegate to manage your forum.
-Do this by visiting the [Delegation Setup Page](delegate).
+Do this by visiting the [Delegation Setup Page](settings/delegation).
 This will provide you with a list of contacts on this system under "Potential Delegates".
 Selecting one or more persons will give them access to manage your forum.
 They will be able to edit contacts, profiles, and all content for this account/page.
--- a/doc/Remove-Account.md
+++ b/doc/Remove-Account.md
@ -11,13 +11,13 @@ with your web browser.
 You will need to be logged in at the time.
 You will be asked for your password to confirm the request.
-If this matches your stored password, your account will immediately be blocked to all probing.
+If this matches your stored password, your account will immediately be marked as deleted.
-Unlike some social networks we do **not** hold onto it for a grace period in case you change your mind.
+There is no grace period, this action cannot be reverted.
-All your content and user data, etc is instantly removed.
+Most of your content and user data will be deleted shortly in the background.
 For all intents and purposes, the account is gone in moments.  
-We then send out an "unfriend" signal to all of your contacts.
+We then send out a notification about the account removal to all of your contacts so that they can do the same with their copy of your data.
-This signal deletes all content on those networks.
+
-Unfortunately, due to limitations of the other networks, this only works well with Friendica contacts.
+For technical reasons some of your user data is still needed to transmit this removal message.
-We allow four days for this, in case some servers were down and the unfriend signal was queued.
+This remaining data will be deleted after a period of around seven days.
-After this, we finish off deleting the account.
+
 To disallow impersonation we have to save your used nickname, so that it can't be used again to register on this node.
--- a/doc/de/Addons.md
+++ b/doc/de/Addons.md
@ -256,7 +256,7 @@ Eine komplette Liste aller Hook-Callbacks mit den zugehörigen Dateien (am 01-Ap
    Hook::callAll("parse_link", $arr);
-### mod/manage.php
+### src/Module/Delegation.php
    Hook::callAll('home_init', $ret);
--- a/doc/de/BBCode.md
+++ b/doc/de/BBCode.md
@ -580,6 +580,9 @@ F&uuml;r Verbindungen zu Netzwerken, zu denen Friendica den HTML Code postet, wi
 Bei nativen Verbindungen; das hei&szlig;t zu z.B. Friendica, Hubzilla, Diaspora oder GNU Social Kontakten; wird der ungek&uuml;rzte Beitrag &uuml;bertragen.
 Die Instanz des Kontakts k&uuml;mmert sich um die Darstellung.
 Wird ein Beitrag über das ActivityPub Protokoll &uuml;bermittelt, wird der Text des Abstracts f&uuml;r das "summary" (Zusammenfassung) Feld verwendet.
 Dieses Feld wird von Mastodon f&uuml;r die Inhaltswarnung (content warning) verwendet.
 ## Special
 <table class="bbcodes">
--- a/doc/de/Forums.md
+++ b/doc/de/Forums.md
@ -38,7 +38,7 @@ Du musst das nicht machen, die Alternative ist allerdings, Dich immer wieder aus
 Und das kann umständlich sein, wenn Du mehrere verschiedene Foren/Identitäten verwaltest.
 Du kannst ebenso jemanden wählen, der Dein Forum verwaltet. 
-Mach das, indem Du die [Delegations-Setup-Seite](/delegate) besuchst. 
+Mach das, indem Du die [Delegations-Setup-Seite](/settings/delegation) besuchst. 
 Dort wird Dir eine Liste an "Potentiellen Bevollmächtigen" angezeigt. 
 Die Auswahl einer oder mehrerer Personen gibt diesen die Möglichkeit, Dein Forum zu verwalten. 
 Sie können Kontakte, Profile und alle Inhalte Deines Accounts/deiner Seite bearbeiten. 
--- a/doc/de/Remove-Account.md
+++ b/doc/de/Remove-Account.md
@ -10,24 +10,14 @@ Wir freuen uns nicht, wenn Leute Friendica verlassen, aber wenn du deinen Accoun
 in deinem Webbrowser. Du musst dabei eingeloggt sein. 
 Du wirst nach deinem Passwort gefragt, um die Anfrage zu bestätigen. 
-Wenn dieses mit deinem gespeichertem Passwort übereinstimmt, dann wird dein Account sofort gelöscht. 
+Wenn dieses mit deinem gespeichertem Passwort übereinstimmt, dann wird dein Account als "gelöscht" markiert.
-Anders als andere Netzwerke, behalten wir die Daten **nicht** für eine gewisse Zeit, falls du deine Meinung noch änderst. 
+Dies passiert sofort und kann nicht rückgängig gemacht werden.
-Deine Nutzerdetails, deine Unterhaltungen, deine Photos, deine Freunde - alles; wird sofort gelöscht und du wirst ausgeloggt.
+Die meisten Deiner Inhalte und Benutzerdaten werden kurzfristig danach durch Hintergrundprozesse gelöscht.
-Wenn Beiträge ablaufen, schicken wir Mitteilungen an Friendica, um diese zu löschen. 
+Parallel dazu senden wir eine Mitteilung an die Server deiner Kontakte, damit sie deine dort vorliegenden Daten ebenfalls löschen.
-Diaspora hat keine automatische Löschfunktion, so dass diese Funktion in dem Netzwerk deaktiviert ist. 
+Wir haben keinen Einfluss darauf, wie sorgfältig und ob überhaupt diese Systeme der Löschaufforderung nachgehen.
 Und hoffentlich ist klar, dass das Löschen auch in anderen Netzwerken nicht funktioniert. 
 Wenn du manuell einen Beitrag bzw. eine Reihe von Beiträgen löschst, dann senden wir individuelle Mitteilungen zu Friendica und Diaspora für jeden gelöschten Post. 
-Diaspora versäumt dieses oft.
+Aus technischen Gründen benötigen wir für die Übetragung dieser Mitteilung ein paar Benutzerdaten.
 Diese Daten werden dann nach einer Frist von etwa sieben Tagen ebenfalls gelöscht.
-Wenn du einen Beitrag löscht, aber jemand diesem Beitrag folgt, wird es trotzdem gelöscht. 
+Wir speichern deinen Benutzernamen dauerhaft, damit sich niemand einen Account unter deinem Spitznamen anlegen kann.
 Dein Wunsch hat Priorität. 
 Wenn du deinen Account löscht, dann löschen wir alle Beiträge, dein Profil, die Nutzerdaten etc. sofort. 
 Um einen Gesamtlöschauftrag zu versenden, bräuchten wir zunächst noch deinen Account; auch, um deinen Freunden zu zeigen, wer diese Anfrage stellt. 
 Das können wir nicht tun, wenn du keinen Account mehr hast. 
 Deine Freunde können möglicherweise noch deine Beiträge sehen, wenn dein Account gelöscht wurde, aber es gibt keinen öffentlichen Ort in Friendica mehr, wo diese angeschaut werden können. 
 Wenn du Freunde bei Diaspora hast, kann es sein, dass deine Beiträge weiterhin vorhanden und für andere aus diesem Netzwerk sichtbar sind. 
--- a/doc/smarty3-templates.md
+++ b/doc/smarty3-templates.md
@ -177,6 +177,7 @@ Field parameter:
 1. Label for the input box,
 2. Current text for the box,
 3. Help text for the input box.
 4. if set to "required" modern browser will check that this input box is filled when submitting the form,
 ### field_yesno.tpl
--- a/include/api.php
+++ b/include/api.php
@ -48,9 +48,9 @@ use Friendica\Util\Proxy as ProxyUtils;
 use Friendica\Util\Strings;
 use Friendica\Util\XML;
-require_once 'mod/share.php';
+require_once __DIR__ . '/../mod/share.php';
-require_once 'mod/item.php';
+require_once __DIR__ . '/../mod/item.php';
-require_once 'mod/wall_upload.php';
+require_once __DIR__ . '/../mod/wall_upload.php';
 define('API_METHOD_ANY', '*');
 define('API_METHOD_GET', 'GET');
@ -162,6 +162,7 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY
 * @brief Login API user
 *
 * @param App $a App
 * @throws ForbiddenException
 * @throws InternalServerErrorException
 * @throws UnauthorizedException
 * @hook  'authenticate'
@ -170,8 +171,6 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY
 *               'password' => password from login form
 *               'authenticated' => return status,
 *               'user_record' => return authenticated user record
 * @hook  'logged_in'
 *               array $user    logged user record
 */
 function api_login(App $a)
 {
@ -182,7 +181,7 @@ function api_login(App $a)
 		list($consumer, $token) = $oauth1->verify_request($request);
 		if (!is_null($token)) {
 			$oauth1->loginUser($token->uid);
-			Hook::callAll('logged_in', $a->user);
+			Session::set('allow_api', true);
 			return;
 		}
 		echo __FILE__.__LINE__.__FUNCTION__ . "<pre>";
@ -208,8 +207,8 @@ function api_login(App $a)
 		throw new UnauthorizedException("This API requires login");
 	}
-	$user = defaults($_SERVER, 'PHP_AUTH_USER', '');
+	$user = $_SERVER['PHP_AUTH_USER'] ?? '';
-	$password = defaults($_SERVER, 'PHP_AUTH_PW', '');
+	$password = $_SERVER['PHP_AUTH_PW'] ?? '';
 	// allow "user@server" login (but ignore 'server' part)
 	$at = strstr($user, "@", true);
@ -273,7 +272,7 @@ function api_check_method($method)
 	if ($method == "*") {
 		return true;
 	}
-	return (stripos($method, defaults($_SERVER, 'REQUEST_METHOD', 'GET')) !== false);
+	return (stripos($method, $_SERVER['REQUEST_METHOD'] ?? 'GET') !== false);
 }
 /**
@ -323,7 +322,7 @@ function api_call(App $a)
 				$stamp =  microtime(true);
 				$return = call_user_func($info['func'], $type);
-				$duration = (float) (microtime(true) - $stamp);
+				$duration = floatval(microtime(true) - $stamp);
 				Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username'], 'duration' => round($duration, 2)]);
@ -776,14 +775,14 @@ function api_get_user(App $a, $contact_id = null)
 */
 function api_item_get_user(App $a, $item)
 {
-	$status_user = api_get_user($a, defaults($item, 'author-id', null));
+	$status_user = api_get_user($a, $item['author-id'] ?? null);
 	$author_user = $status_user;
-	$status_user["protected"] = defaults($item, 'private', 0);
+	$status_user["protected"] = $item['private'] ?? 0;
-	if (defaults($item, 'thr-parent', '') == defaults($item, 'uri', '')) {
+	if (($item['thr-parent'] ?? '') == ($item['uri'] ?? '')) {
-		$owner_user = api_get_user($a, defaults($item, 'owner-id', null));
+		$owner_user = api_get_user($a, $item['owner-id'] ?? null);
 	} else {
 		$owner_user = $author_user;
 	}
@ -947,7 +946,7 @@ function api_account_verify_credentials($type)
 	unset($_REQUEST["screen_name"]);
 	unset($_GET["screen_name"]);
-	$skip_status = defaults($_REQUEST, 'skip_status', false);
+	$skip_status = $_REQUEST['skip_status'] ?? false;
 	$user_info = api_get_user($a);
@ -1518,10 +1517,12 @@ function api_search($type)
 		$count = $_REQUEST['count'];
 	}
-	$since_id = defaults($_REQUEST, 'since_id', 0);
+	$since_id = $_REQUEST['since_id'] ?? 0;
-	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$max_id = $_REQUEST['max_id'] ?? 0;
-	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0);
+	$page = $_REQUEST['page'] ?? 1;
-	$start = $page * $count;
+
 	$start = max(0, ($page - 1) * $count);
 	$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
 	if (preg_match('/^#(\w+)$/', $searchTerm, $matches) === 1 && isset($matches[1])) {
 		$searchTerm = $matches[1];
@ -1609,17 +1610,14 @@ function api_statuses_home_timeline($type)
 	// get last network messages
 	// params
-	$count = defaults($_REQUEST, 'count', 20);
+	$count = $_REQUEST['count'] ?? 20;
-	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0);
+	$page = $_REQUEST['page']?? 0;
-	if ($page < 0) {
+	$since_id = $_REQUEST['since_id'] ?? 0;
-		$page = 0;
+	$max_id = $_REQUEST['max_id'] ?? 0;
 	}
 	$since_id = defaults($_REQUEST, 'since_id', 0);
 	$max_id = defaults($_REQUEST, 'max_id', 0);
 	$exclude_replies = !empty($_REQUEST['exclude_replies']);
-	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
+	$conversation_id = $_REQUEST['conversation_id'] ?? 0;
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 	$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `item`.`id` > ?",
 		api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id];
@ -1699,17 +1697,14 @@ function api_statuses_public_timeline($type)
 	// get last network messages
 	// params
-	$count = defaults($_REQUEST, 'count', 20);
+	$count = $_REQUEST['count'] ?? 20;
-	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] -1 : 0);
+	$page = $_REQUEST['page'] ?? 1;
-	if ($page < 0) {
+	$since_id = $_REQUEST['since_id'] ?? 0;
-		$page = 0;
+	$max_id = $_REQUEST['max_id'] ?? 0;
 	}
 	$since_id = defaults($_REQUEST, 'since_id', 0);
 	$max_id = defaults($_REQUEST, 'max_id', 0);
 	$exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0);
-	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
+	$conversation_id = $_REQUEST['conversation_id'] ?? 0;
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 	if ($exclude_replies && !$conversation_id) {
 		$condition = ["`gravity` IN (?, ?) AND `iid` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall` AND NOT `author`.`hidden`",
@ -1784,16 +1779,14 @@ function api_statuses_networkpublic_timeline($type)
 		throw new ForbiddenException();
 	}
-	$since_id        = defaults($_REQUEST, 'since_id', 0);
+	$since_id        = $_REQUEST['since_id'] ?? 0;
-	$max_id          = defaults($_REQUEST, 'max_id', 0);
+	$max_id          = $_REQUEST['max_id'] ?? 0;
 	// pagination
-	$count = defaults($_REQUEST, 'count', 20);
+	$count = $_REQUEST['count'] ?? 20;
-	$page  = defaults($_REQUEST, 'page', 1);
+	$page  = $_REQUEST['page'] ?? 1;
-	if ($page < 1) {
+
-		$page = 1;
+	$start = max(0, ($page - 1) * $count);
 	}
 	$start = ($page - 1) * $count;
 	$condition = ["`uid` = 0 AND `gravity` IN (?, ?) AND `thread`.`iid` > ? AND NOT `private`",
 		GRAVITY_PARENT, GRAVITY_COMMENT, $since_id];
@ -1848,15 +1841,15 @@ function api_statuses_show($type)
 	}
 	// params
-	$id = intval(defaults($a->argv, 3, 0));
+	$id = intval($a->argv[3] ?? 0);
 	if ($id == 0) {
-		$id = intval(defaults($_REQUEST, 'id', 0));
+		$id = intval($_REQUEST['id'] ?? 0);
 	}
 	// Hotot workaround
 	if ($id == 0) {
-		$id = intval(defaults($a->argv, 4, 0));
+		$id = intval($a->argv[4] ?? 0);
 	}
 	Logger::log('API: api_statuses_show: ' . $id);
@ -1927,24 +1920,21 @@ function api_conversation_show($type)
 	}
 	// params
-	$id       = intval(defaults($a->argv , 3         , 0));
+	$id       = intval($a->argv[3]           ?? 0);
-	$since_id = intval(defaults($_REQUEST, 'since_id', 0));
+	$since_id = intval($_REQUEST['since_id'] ?? 0);
-	$max_id   = intval(defaults($_REQUEST, 'max_id'  , 0));
+	$max_id   = intval($_REQUEST['max_id']   ?? 0);
-	$count    = intval(defaults($_REQUEST, 'count'   , 20));
+	$count    = intval($_REQUEST['count']    ?? 20);
-	$page     = intval(defaults($_REQUEST, 'page'    , 1)) - 1;
+	$page     = intval($_REQUEST['page']     ?? 1);
 	if ($page < 0) {
 		$page = 0;
 	}
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 	if ($id == 0) {
-		$id = intval(defaults($_REQUEST, 'id', 0));
+		$id = intval($_REQUEST['id'] ?? 0);
 	}
 	// Hotot workaround
 	if ($id == 0) {
-		$id = intval(defaults($a->argv, 4, 0));
+		$id = intval($a->argv[4] ?? 0);
 	}
 	Logger::info(API_LOG_PREFIX . '{subaction}', ['module' => 'api', 'action' => 'conversation', 'subaction' => 'show', 'id' => $id]);
@ -2013,15 +2003,15 @@ function api_statuses_repeat($type)
 	api_get_user($a);
 	// params
-	$id = intval(defaults($a->argv, 3, 0));
+	$id = intval($a->argv[3] ?? 0);
 	if ($id == 0) {
-		$id = intval(defaults($_REQUEST, 'id', 0));
+		$id = intval($_REQUEST['id'] ?? 0);
 	}
 	// Hotot workaround
 	if ($id == 0) {
-		$id = intval(defaults($a->argv, 4, 0));
+		$id = intval($a->argv[4] ?? 0);
 	}
 	Logger::log('API: api_statuses_repeat: '.$id);
@ -2084,15 +2074,15 @@ function api_statuses_destroy($type)
 	api_get_user($a);
 	// params
-	$id = intval(defaults($a->argv, 3, 0));
+	$id = intval($a->argv[3] ?? 0);
 	if ($id == 0) {
-		$id = intval(defaults($_REQUEST, 'id', 0));
+		$id = intval($_REQUEST['id'] ?? 0);
 	}
 	// Hotot workaround
 	if ($id == 0) {
-		$id = intval(defaults($a->argv, 4, 0));
+		$id = intval($a->argv[4] ?? 0);
 	}
 	Logger::log('API: api_statuses_destroy: '.$id);
@ -2138,15 +2128,12 @@ function api_statuses_mentions($type)
 	// get last network messages
 	// params
-	$since_id = defaults($_REQUEST, 'since_id', 0);
+	$since_id = $_REQUEST['since_id'] ?? 0;
-	$max_id   = defaults($_REQUEST, 'max_id'  , 0);
+	$max_id   = $_REQUEST['max_id']   ?? 0;
-	$count    = defaults($_REQUEST, 'count'   , 20);
+	$count    = $_REQUEST['count']    ?? 20;
-	$page     = defaults($_REQUEST, 'page'    , 1);
+	$page     = $_REQUEST['page']     ?? 1;
 	if ($page < 1) {
 		$page = 1;
 	}
-	$start = ($page - 1) * $count;
+	$start = max(0, ($page - 1) * $count);
 	$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `item`.`id` > ? AND `author-id` != ?
 		AND `item`.`parent` IN (SELECT `iid` FROM `thread` WHERE `thread`.`uid` = ? AND `thread`.`mention` AND NOT `thread`.`ignored`)",
@ -2208,18 +2195,16 @@ function api_statuses_user_timeline($type)
 		Logger::DEBUG
 	);
-	$since_id        = defaults($_REQUEST, 'since_id', 0);
+	$since_id        = $_REQUEST['since_id'] ?? 0;
-	$max_id          = defaults($_REQUEST, 'max_id', 0);
+	$max_id          = $_REQUEST['max_id'] ?? 0;
 	$exclude_replies = !empty($_REQUEST['exclude_replies']);
-	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
+	$conversation_id = $_REQUEST['conversation_id'] ?? 0;
 	// pagination
-	$count = defaults($_REQUEST, 'count', 20);
+	$count = $_REQUEST['count'] ?? 20;
-	$page  = defaults($_REQUEST, 'page', 1);
+	$page  = $_REQUEST['page'] ?? 1;
-	if ($page < 1) {
+
-		$page = 1;
+	$start = max(0, ($page - 1) * $count);
 	}
 	$start = ($page - 1) * $count;
 	$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `item`.`id` > ? AND `item`.`contact-id` = ?",
 		api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['cid']];
@ -2298,9 +2283,9 @@ function api_favorites_create_destroy($type)
 	}
 	$action = str_replace("." . $type, "", $a->argv[$action_argv_id]);
 	if ($a->argc == $action_argv_id + 2) {
-		$itemid = intval(defaults($a->argv, $action_argv_id + 1, 0));
+		$itemid = intval($a->argv[$action_argv_id + 1] ?? 0);
 	} else {
-		$itemid = intval(defaults($_REQUEST, 'id', 0));
+		$itemid = intval($_REQUEST['id'] ?? 0);
 	}
 	$item = Item::selectFirstForUser(api_user(), [], ['id' => $itemid, 'uid' => api_user()]);
@ -2380,15 +2365,12 @@ function api_favorites($type)
 		$ret = [];
 	} else {
 		// params
-		$since_id = defaults($_REQUEST, 'since_id', 0);
+		$since_id = $_REQUEST['since_id'] ?? 0;
-		$max_id = defaults($_REQUEST, 'max_id', 0);
+		$max_id = $_REQUEST['max_id'] ?? 0;
-		$count = defaults($_GET, 'count', 20);
+		$count = $_GET['count'] ?? 20;
-		$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] -1 : 0);
+		$page = $_REQUEST['page'] ?? 1;
 		if ($page < 0) {
 			$page = 0;
 		}
-		$start = $page*$count;
+		$start = max(0, ($page - 1) * $count);
 		$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `starred`",
 			api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id];
@ -2439,14 +2421,14 @@ function api_format_messages($item, $recipient, $sender)
 		'sender_id'             => $sender['id'],
 		'text'                  => "",
 		'recipient_id'          => $recipient['id'],
-		'created_at'            => api_date(defaults($item, 'created', DateTimeFormat::utcNow())),
+		'created_at'            => api_date($item['created'] ?? DateTimeFormat::utcNow()),
 		'sender_screen_name'    => $sender['screen_name'],
 		'recipient_screen_name' => $recipient['screen_name'],
 		'sender'                => $sender,
 		'recipient'             => $recipient,
 		'title'                 => "",
-		'friendica_seen'        => defaults($item, 'seen', 0),
+		'friendica_seen'        => $item['seen'] ?? 0,
-		'friendica_parent_uri'  => defaults($item, 'parent-uri', ''),
+		'friendica_parent_uri'  => $item['parent-uri'] ?? '',
 	];
 	// "uid" and "self" are only needed for some internal stuff, so remove it from here
@ -2509,8 +2491,8 @@ function api_convert_item($item)
 		$statustext = trim($statustitle."\n\n".$statusbody);
 	}
-	if ((defaults($item, 'network', Protocol::PHANTOM) == Protocol::FEED) && (mb_strlen($statustext)> 1000)) {
+	if ((($item['network'] ?? Protocol::PHANTOM) == Protocol::FEED) && (mb_strlen($statustext)> 1000)) {
-		$statustext = mb_substr($statustext, 0, 1000) . "... \n" . defaults($item, 'plink', '');
+		$statustext = mb_substr($statustext, 0, 1000) . "... \n" . ($item['plink'] ?? '');
 	}
 	$statushtml = BBCode::convert(api_clean_attachments($body), false);
@ -2544,7 +2526,7 @@ function api_convert_item($item)
 	}
 	// feeds without body should contain the link
-	if ((defaults($item, 'network', Protocol::PHANTOM) == Protocol::FEED) && (strlen($item['body']) == 0)) {
+	if ((($item['network'] ?? Protocol::PHANTOM) == Protocol::FEED) && (strlen($item['body']) == 0)) {
 		$statushtml .= BBCode::convert($item['plink']);
 	}
@ -2587,7 +2569,7 @@ function api_get_attachments(&$body)
 		}
 	}
-	if (strstr(defaults($_SERVER, 'HTTP_USER_AGENT', ''), "AndStatus")) {
+	if (strstr($_SERVER['HTTP_USER_AGENT'] ?? '', 'AndStatus')) {
 		foreach ($images[0] as $orig) {
 			$body = str_replace($orig, "", $body);
 		}
@ -2607,7 +2589,7 @@ function api_get_attachments(&$body)
 */
 function api_get_entitities(&$text, $bbcode)
 {
-	$include_entities = strtolower(defaults($_REQUEST, 'include_entities', "false"));
+	$include_entities = strtolower($_REQUEST['include_entities'] ?? 'false');
 	if ($include_entities != "true") {
 		preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images);
@ -3040,6 +3022,8 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use
 		'statusnet_conversation_id' => $item['parent'],
 		'external_url' => System::baseUrl() . "/display/" . $item['guid'],
 		'friendica_activities' => api_format_items_activities($item, $type),
 		'friendica_title' => $item['title'],
 		'friendica_html' => BBCode::convert($item['body'], false)
 	];
 	if (count($converted["attachments"]) > 0) {
@ -3310,17 +3294,14 @@ function api_lists_statuses($type)
 	}
 	// params
-	$count = defaults($_REQUEST, 'count', 20);
+	$count = $_REQUEST['count'] ?? 20;
-	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0);
+	$page = $_REQUEST['page'] ?? 1;
-	if ($page < 0) {
+	$since_id = $_REQUEST['since_id'] ?? 0;
-		$page = 0;
+	$max_id = $_REQUEST['max_id'] ?? 0;
 	}
 	$since_id = defaults($_REQUEST, 'since_id', 0);
 	$max_id = defaults($_REQUEST, 'max_id', 0);
 	$exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0);
-	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
+	$conversation_id = $_REQUEST['conversation_id'] ?? 0;
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 	$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `group_member`.`gid` = ?",
 		api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $_REQUEST['list_id']];
@ -3380,12 +3361,10 @@ function api_statuses_f($qtype)
 	}
 	// pagination
-	$count = defaults($_GET, 'count', 20);
+	$count = $_GET['count'] ?? 20;
-	$page = defaults($_GET, 'page', 1);
+	$page = $_GET['page'] ?? 1;
-	if ($page < 1) {
+
-		$page = 1;
+	$start = max(0, ($page - 1) * $count);
 	}
 	$start = ($page - 1) * $count;
 	$user_info = api_get_user($a);
@ -3632,7 +3611,7 @@ function api_ff_ids($type)
 	api_get_user($a);
-	$stringify_ids = defaults($_REQUEST, 'stringify_ids', false);
+	$stringify_ids = $_REQUEST['stringify_ids'] ?? false;
 	$r = q(
 		"SELECT `pcontact`.`id` FROM `contact`
@ -3807,9 +3786,9 @@ function api_direct_messages_destroy($type)
 	// params
 	$user_info = api_get_user($a);
 	//required
-	$id = defaults($_REQUEST, 'id', 0);
+	$id = $_REQUEST['id'] ?? 0;
 	// optional
-	$parenturi = defaults($_REQUEST, 'friendica_parenturi', "");
+	$parenturi = $_REQUEST['friendica_parenturi'] ?? '';
 	$verbose = (!empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false");
 	/// @todo optional parameter 'include_entities' from Twitter API not yet implemented
@ -3890,7 +3869,7 @@ function api_friendships_destroy($type)
 		throw new ForbiddenException();
 	}
-	$contact_id = defaults($_REQUEST, 'user_id');
+	$contact_id = $_REQUEST['user_id'] ?? 0;
 	if (empty($contact_id)) {
 		Logger::notice(API_LOG_PREFIX . 'No user_id specified', ['module' => 'api', 'action' => 'friendships_destroy']);
@ -3971,17 +3950,14 @@ function api_direct_messages_box($type, $box, $verbose)
 		throw new ForbiddenException();
 	}
 	// params
-	$count = defaults($_GET, 'count', 20);
+	$count = $_GET['count'] ?? 20;
-	$page = defaults($_REQUEST, 'page', 1) - 1;
+	$page = $_REQUEST['page'] ?? 1;
 	if ($page < 0) {
 		$page = 0;
 	}
-	$since_id = defaults($_REQUEST, 'since_id', 0);
+	$since_id = $_REQUEST['since_id'] ?? 0;
-	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$max_id = $_REQUEST['max_id'] ?? 0;
-	$user_id = defaults($_REQUEST, 'user_id', '');
+	$user_id = $_REQUEST['user_id'] ?? '';
-	$screen_name = defaults($_REQUEST, 'screen_name', '');
+	$screen_name = $_REQUEST['screen_name'] ?? '';
 	//  caller user info
 	unset($_REQUEST["user_id"]);
@ -3997,7 +3973,7 @@ function api_direct_messages_box($type, $box, $verbose)
 	$profile_url = $user_info["url"];
 	// pagination
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 	$sql_extra = "";
@ -4005,7 +3981,7 @@ function api_direct_messages_box($type, $box, $verbose)
 	if ($box=="sentbox") {
 		$sql_extra = "`mail`.`from-url`='" . DBA::escape($profile_url) . "'";
 	} elseif ($box == "conversation") {
-		$sql_extra = "`mail`.`parent-uri`='" . DBA::escape(defaults($_GET, 'uri', ''))  . "'";
+		$sql_extra = "`mail`.`parent-uri`='" . DBA::escape($_GET['uri'] ?? '')  . "'";
 	} elseif ($box == "all") {
 		$sql_extra = "true";
 	} elseif ($box == "inbox") {
@ -4185,7 +4161,7 @@ function api_fr_photoalbum_delete($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$album = defaults($_REQUEST, 'album', "");
+	$album = $_REQUEST['album'] ?? '';
 	// we do not allow calls without album string
 	if ($album == "") {
@ -4240,8 +4216,8 @@ function api_fr_photoalbum_update($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$album = defaults($_REQUEST, 'album', "");
+	$album = $_REQUEST['album'] ?? '';
-	$album_new = defaults($_REQUEST, 'album_new', "");
+	$album_new = $_REQUEST['album_new'] ?? '';
 	// we do not allow calls without album string
 	if ($album == "") {
@ -4332,14 +4308,14 @@ function api_fr_photo_create_update($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$photo_id = defaults($_REQUEST, 'photo_id', null);
+	$photo_id  = $_REQUEST['photo_id']  ?? null;
-	$desc = defaults($_REQUEST, 'desc', (array_key_exists('desc', $_REQUEST) ? "" : null)) ; // extra check necessary to distinguish between 'not provided' and 'empty string'
+	$desc      = $_REQUEST['desc']      ?? null;
-	$album = defaults($_REQUEST, 'album', null);
+	$album     = $_REQUEST['album']     ?? null;
-	$album_new = defaults($_REQUEST, 'album_new', null);
+	$album_new = $_REQUEST['album_new'] ?? null;
-	$allow_cid = defaults($_REQUEST, 'allow_cid', (array_key_exists('allow_cid', $_REQUEST) ? " " : null));
+	$allow_cid = $_REQUEST['allow_cid'] ?? null;
-	$deny_cid  = defaults($_REQUEST, 'deny_cid' , (array_key_exists('deny_cid' , $_REQUEST) ? " " : null));
+	$deny_cid  = $_REQUEST['deny_cid' ] ?? null;
-	$allow_gid = defaults($_REQUEST, 'allow_gid', (array_key_exists('allow_gid', $_REQUEST) ? " " : null));
+	$allow_gid = $_REQUEST['allow_gid'] ?? null;
-	$deny_gid  = defaults($_REQUEST, 'deny_gid' , (array_key_exists('deny_gid' , $_REQUEST) ? " " : null));
+	$deny_gid  = $_REQUEST['deny_gid' ] ?? null;
 	$visibility = !empty($_REQUEST['visibility']) && $_REQUEST['visibility'] !== "false";
 	// do several checks on input parameters
@ -4470,7 +4446,7 @@ function api_fr_photo_delete($type)
 	}
 	// input params
-	$photo_id = defaults($_REQUEST, 'photo_id', null);
+	$photo_id = $_REQUEST['photo_id'] ?? null;
 	// do several checks on input parameters
 	// we do not allow calls without photo id
@ -4557,7 +4533,7 @@ function api_account_update_profile_image($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$profile_id = defaults($_REQUEST, 'profile_id', 0);
+	$profile_id = $_REQUEST['profile_id'] ?? 0;
 	// error if image data is missing
 	if (empty($_FILES['image'])) {
@ -4689,9 +4665,10 @@ api_register_func('api/account/update_profile', 'api_account_update_profile', tr
 */
 function check_acl_input($acl_string)
 {
-	if ($acl_string == null || $acl_string == " ") {
+	if (empty($acl_string)) {
 		return false;
 	}
 	$contact_not_found = false;
 	// split <x><y><z> into array of cid's
@ -4709,7 +4686,6 @@ function check_acl_input($acl_string)
 }
 /**
 *
 * @param string  $mediatype
 * @param array   $media
 * @param string  $type
@ -4728,6 +4704,7 @@ function check_acl_input($acl_string)
 * @throws ImagickException
 * @throws InternalServerErrorException
 * @throws NotFoundException
 * @throws UnauthorizedException
 */
 function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $profile = 0, $visibility = false, $photo_id = null)
 {
@ -5062,8 +5039,8 @@ function prepare_photo_data($type, $scale, $photo_id)
 */
 function api_friendica_remoteauth()
 {
-	$url = defaults($_GET, 'url', '');
+	$url = $_GET['url'] ?? '';
-	$c_url = defaults($_GET, 'c_url', '');
+	$c_url = $_GET['c_url'] ?? '';
 	if ($url === '' || $c_url === '') {
 		throw new BadRequestException("Wrong parameters.");
@ -5081,7 +5058,7 @@ function api_friendica_remoteauth()
 	$cid = $contact['id'];
-	$dfrn_id = defaults($contact, 'issued-id', $contact['dfrn-id']);
+	$dfrn_id = $contact['issued-id'] ?? $contact['dfrn-id'];
 	if ($contact['duplex'] && $contact['issued-id']) {
 		$orig_id = $contact['issued-id'];
@ -5416,7 +5393,7 @@ function api_in_reply_to($item)
 */
 function api_clean_plain_items($text)
 {
-	$include_entities = strtolower(defaults($_REQUEST, 'include_entities', "false"));
+	$include_entities = strtolower($_REQUEST['include_entities'] ?? 'false');
 	$text = BBCode::cleanPictureLinks($text);
 	$URLSearchString = "^\[\]";
@ -5554,7 +5531,7 @@ function api_friendica_group_show($type)
 	// params
 	$user_info = api_get_user($a);
-	$gid = defaults($_REQUEST, 'gid', 0);
+	$gid = $_REQUEST['gid'] ?? 0;
 	$uid = $user_info['uid'];
 	// get data of the specified group id or all groups if not specified
@ -5624,8 +5601,8 @@ function api_friendica_group_delete($type)
 	// params
 	$user_info = api_get_user($a);
-	$gid = defaults($_REQUEST, 'gid', 0);
+	$gid = $_REQUEST['gid'] ?? 0;
-	$name = defaults($_REQUEST, 'name', "");
+	$name = $_REQUEST['name'] ?? '';
 	$uid = $user_info['uid'];
 	// error if no gid specified
@ -5691,7 +5668,7 @@ function api_lists_destroy($type)
 	// params
 	$user_info = api_get_user($a);
-	$gid = defaults($_REQUEST, 'list_id', 0);
+	$gid = $_REQUEST['list_id'] ?? 0;
 	$uid = $user_info['uid'];
 	// error if no gid specified
@ -5813,7 +5790,7 @@ function api_friendica_group_create($type)
 	// params
 	$user_info = api_get_user($a);
-	$name = defaults($_REQUEST, 'name', "");
+	$name = $_REQUEST['name'] ?? '';
 	$uid = $user_info['uid'];
 	$json = json_decode($_POST['json'], true);
 	$users = $json['user'];
@ -5847,7 +5824,7 @@ function api_lists_create($type)
 	// params
 	$user_info = api_get_user($a);
-	$name = defaults($_REQUEST, 'name', "");
+	$name = $_REQUEST['name'] ?? '';
 	$uid = $user_info['uid'];
 	$success = group_create($name, $uid);
@ -5887,8 +5864,8 @@ function api_friendica_group_update($type)
 	// params
 	$user_info = api_get_user($a);
 	$uid = $user_info['uid'];
-	$gid = defaults($_REQUEST, 'gid', 0);
+	$gid = $_REQUEST['gid'] ?? 0;
-	$name = defaults($_REQUEST, 'name', "");
+	$name = $_REQUEST['name'] ?? '';
 	$json = json_decode($_POST['json'], true);
 	$users = $json['user'];
@ -5965,8 +5942,8 @@ function api_lists_update($type)
 	// params
 	$user_info = api_get_user($a);
-	$gid = defaults($_REQUEST, 'list_id', 0);
+	$gid = $_REQUEST['list_id'] ?? 0;
-	$name = defaults($_REQUEST, 'name', "");
+	$name = $_REQUEST['name'] ?? '';
 	$uid = $user_info['uid'];
 	// error if no gid specified
@ -6015,7 +5992,7 @@ function api_friendica_activity($type)
 	$verb = strtolower($a->argv[3]);
 	$verb = preg_replace("|\..*$|", "", $verb);
-	$id = defaults($_REQUEST, 'id', 0);
+	$id = $_REQUEST['id'] ?? 0;
 	$res = Item::performLike($id, $verb);
@ -6152,7 +6129,7 @@ function api_friendica_direct_messages_setseen($type)
 	// params
 	$user_info = api_get_user($a);
 	$uid = $user_info['uid'];
-	$id = defaults($_REQUEST, 'id', 0);
+	$id = $_REQUEST['id'] ?? 0;
 	// return error if id is zero
 	if ($id == "") {
@ -6206,7 +6183,7 @@ function api_friendica_direct_messages_search($type, $box = "")
 	// params
 	$user_info = api_get_user($a);
-	$searchstring = defaults($_REQUEST, 'searchstring', "");
+	$searchstring = $_REQUEST['searchstring'] ?? '';
 	$uid = $user_info['uid'];
 	// error if no searchstring specified
@ -6273,7 +6250,7 @@ function api_friendica_profile_show($type)
 	}
 	// input params
-	$profile_id = defaults($_REQUEST, 'profile_id', 0);
+	$profile_id = $_REQUEST['profile_id'] ?? 0;
 	// retrieve general information about profiles for user
 	$multi_profiles = Feature::isEnabled(api_user(), 'multi_profiles');
--- a/include/conversation.php
+++ b/include/conversation.php
@ -365,7 +365,7 @@ function localize_item(&$item)
 		'network' => $item['author-network'], 'url' => $item['author-link']];
 	// Only create a redirection to a magic link when logged in
-	if (!empty($item['plink']) && (local_user() || remote_user())) {
+	if (!empty($item['plink']) && Session::isAuthenticated()) {
 		$item['plink'] = Contact::magicLinkByContact($author, $item['plink']);
 	}
 }
@ -1208,7 +1208,7 @@ function status_editor(App $a, $x, $notes_cid = 0, $popup = false)
 		'$new_post' => L10n::t('New Post'),
 		'$return_path'  => $query_str,
 		'$action'       => 'item',
-		'$share'        => defaults($x, 'button', L10n::t('Share')),
+		'$share'        => ($x['button'] ?? '') ?: L10n::t('Share'),
 		'$upload'       => L10n::t('Upload photo'),
 		'$shortupload'  => L10n::t('upload photo'),
 		'$attach'       => L10n::t('Attach file'),
@ -1225,17 +1225,17 @@ function status_editor(App $a, $x, $notes_cid = 0, $popup = false)
 		'$shortsetloc'  => L10n::t('set location'),
 		'$noloc'        => L10n::t('Clear browser location'),
 		'$shortnoloc'   => L10n::t('clear location'),
-		'$title'        => defaults($x, 'title', ''),
+		'$title'        => $x['title'] ?? '',
 		'$placeholdertitle' => L10n::t('Set title'),
-		'$category'     => defaults($x, 'category', ''),
+		'$category'     => $x['category'] ?? '',
 		'$placeholdercategory' => Feature::isEnabled(local_user(), 'categories') ? L10n::t("Categories \x28comma-separated list\x29") : '',
 		'$wait'         => L10n::t('Please wait'),
 		'$permset'      => L10n::t('Permission settings'),
 		'$shortpermset' => L10n::t('permissions'),
 		'$wall'         => $notes_cid ? 0 : 1,
 		'$posttype'     => $notes_cid ? Item::PT_PERSONAL_NOTE : Item::PT_ARTICLE,
-		'$content'      => defaults($x, 'content', ''),
+		'$content'      => $x['content'] ?? '',
-		'$post_id'      => defaults($x, 'post_id', ''),
+		'$post_id'      => $x['post_id'] ?? '',
 		'$baseurl'      => System::baseUrl(true),
 		'$defloc'       => $x['default_location'],
 		'$visitor'      => $x['visitor'],
@ -1527,9 +1527,9 @@ function get_responses(array $conv_responses, array $response_verbs, array $item
 	$ret = [];
 	foreach ($response_verbs as $v) {
 		$ret[$v] = [];
-		$ret[$v]['count'] = defaults($conv_responses[$v], $item['uri'], 0);
+		$ret[$v]['count'] = $conv_responses[$v][$item['uri']] ?? 0;
-		$ret[$v]['list']  = defaults($conv_responses[$v], $item['uri'] . '-l', []);
+		$ret[$v]['list']  = $conv_responses[$v][$item['uri'] . '-l'] ?? [];
-		$ret[$v]['self']  = defaults($conv_responses[$v], $item['uri'] . '-self', '0');
+		$ret[$v]['self']  = $conv_responses[$v][$item['uri'] . '-self'] ?? '0';
 		if (count($ret[$v]['list']) > MAX_LIKERS) {
 			$ret[$v]['list_part'] = array_slice($ret[$v]['list'], 0, MAX_LIKERS);
 			array_push($ret[$v]['list_part'], '<a href="#" data-toggle="modal" data-target="#' . $v . 'Modal-'
--- a/include/enotify.php
+++ b/include/enotify.php
@ -46,10 +46,10 @@ function notification($params)
 		return false;
 	}
-	$params['notify_flags'] = defaults($params, 'notify_flags', $user['notify-flags']);
+	$params['notify_flags'] = ($params['notify_flags'] ?? '') ?: $user['notify-flags'];
-	$params['language']     = defaults($params, 'language'    , $user['language']);
+	$params['language']     = ($params['language']     ?? '') ?: $user['language'];
-	$params['to_name']      = defaults($params, 'to_name'     , $user['username']);
+	$params['to_name']      = ($params['to_name']      ?? '') ?: $user['username'];
-	$params['to_email']     = defaults($params, 'to_email'    , $user['email']);
+	$params['to_email']     = ($params['to_email']     ?? '') ?: $user['email'];
 	// from here on everything is in the recipients language
 	L10n::pushLang($params['language']);
@ -142,7 +142,7 @@ function notification($params)
 	}
 	if ($params['type'] == NOTIFY_COMMENT || $params['type'] == NOTIFY_TAGSELF) {
-		$thread = Item::selectFirstThreadForUser($params['uid'], ['ignored'], ['iid' => $parent_id]);
+		$thread = Item::selectFirstThreadForUser($params['uid'], ['ignored'], ['iid' => $parent_id, 'deleted' => false]);
 		if (DBA::isResult($thread) && $thread['ignored']) {
 			Logger::log('Thread ' . $parent_id . ' will be ignored', Logger::DEBUG);
 			L10n::popLang();
@ -161,7 +161,7 @@ function notification($params)
 		// if it's a post figure out who's post it is.
 		$item = null;
 		if ($params['otype'] === 'item' && $parent_id) {
-			$item = Item::selectFirstForUser($params['uid'], Item::ITEM_FIELDLIST, ['id' => $parent_id]);
+			$item = Item::selectFirstForUser($params['uid'], Item::ITEM_FIELDLIST, ['id' => $parent_id, 'deleted' => false]);
 		}
 		$item_post_type = Item::postType($item);
@ -456,17 +456,17 @@ function notification($params)
 		if (!isset($params['subject'])) {
 			Logger::warning('subject isn\'t set.', ['type' => $params['type']]);
 		}
-		$subject = defaults($params, 'subject', '');
+		$subject = $params['subject'] ?? '';
 		if (!isset($params['preamble'])) {
 			Logger::warning('preamble isn\'t set.', ['type' => $params['type'], 'subject' => $subject]);
 		}
-		$preamble = defaults($params, 'preamble', '');
+		$preamble = $params['preamble'] ?? '';
 		if (!isset($params['body'])) {
 			Logger::warning('body isn\'t set.', ['type' => $params['type'], 'subject' => $subject, 'preamble' => $preamble]);
 		}
-		$body = defaults($params, 'body', '');
+		$body = $params['body'] ?? '';
 		$show_in_notification_page = false;
 	}
@ -613,11 +613,11 @@ function notification($params)
 		$datarray['siteurl'] = $siteurl;
 		$datarray['type'] = $params['type'];
 		$datarray['parent'] = $parent_id;
-		$datarray['source_name'] = defaults($params, 'source_name', '');
+		$datarray['source_name'] = $params['source_name'] ?? '';
-		$datarray['source_link'] = defaults($params, 'source_link', '');
+		$datarray['source_link'] = $params['source_link'] ?? '';
-		$datarray['source_photo'] = defaults($params, 'source_photo', '');
+		$datarray['source_photo'] = $params['source_photo'] ?? '';
 		$datarray['uid'] = $params['uid'];
-		$datarray['username'] = defaults($params, 'to_name', '');
+		$datarray['username'] = $params['to_name'] ?? '';
 		$datarray['hsitelink'] = $hsitelink;
 		$datarray['tsitelink'] = $tsitelink;
 		$datarray['hitemlink'] = '<a href="'.$itemlink.'">'.$itemlink.'</a>';
@ -783,7 +783,7 @@ function check_item_notification($itemid, $uid, $defaulttype = "") {
 	$fields = ['id', 'mention', 'tag', 'parent', 'title', 'body',
 		'author-link', 'author-name', 'author-avatar', 'author-id',
 		'guid', 'parent-uri', 'uri', 'contact-id', 'network'];
-	$condition = ['id' => $itemid, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]];
+	$condition = ['id' => $itemid, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'deleted' => false];
 	$item = Item::selectFirstForUser($uid, $fields, $condition);
 	if (!DBA::isResult($item) || in_array($item['author-id'], $contacts)) {
 		return false;
@ -840,7 +840,7 @@ function check_item_notification($itemid, $uid, $defaulttype = "") {
 	// Is it a post that the user had started?
 	$fields = ['ignored', 'mention'];
-	$thread = Item::selectFirstThreadForUser($params['uid'], $fields, ['iid' => $item["parent"]]);
+	$thread = Item::selectFirstThreadForUser($params['uid'], $fields, ['iid' => $item["parent"], 'deleted' => false]);
 	if ($thread['mention'] && !$thread['ignored'] && !isset($params["type"])) {
 		$params["type"] = NOTIFY_COMMENT;
@ -848,7 +848,7 @@ function check_item_notification($itemid, $uid, $defaulttype = "") {
 	}
 	// And now we check for participation of one of our contacts in the thread
-	$condition = ['parent' => $item["parent"], 'author-id' => $contacts];
+	$condition = ['parent' => $item["parent"], 'author-id' => $contacts, 'deleted' => false];
 	if (!$thread['ignored'] && !isset($params["type"]) && Item::exists($condition)) {
 		$params["type"] = NOTIFY_COMMENT;
--- a/include/items.php
+++ b/include/items.php
@ -13,6 +13,7 @@ use Friendica\Core\PConfig;
 use Friendica\Core\Protocol;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Model\Item;
 use Friendica\Protocol\DFRN;
@ -41,7 +42,7 @@ function add_page_info_data(array $data, $no_photos = false)
 		$data["type"] = "link";
 	}
-	$data["title"] = defaults($data, "title", "");
+	$data["title"] = $data["title"] ?? '';
 	if ((($data["type"] != "link") && ($data["type"] != "video") && ($data["type"] != "photo")) || ($data["title"] == $data["url"])) {
 		return "";
@ -326,7 +327,7 @@ function drop_items(array $items)
 {
 	$uid = 0;
-	if (!local_user() && !remote_user()) {
+	if (!Session::isAuthenticated()) {
 		return;
 	}
@ -362,14 +363,8 @@ function drop_item($id, $return = '')
 	$contact_id = 0;
 	// check if logged in user is either the author or owner of this item
-
+	if (Session::getRemoteContactID($item['uid']) == $item['contact-id']) {
-	if (!empty($_SESSION['remote'])) {
+		$contact_id = $item['contact-id'];
 		foreach ($_SESSION['remote'] as $visitor) {
 			if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
 				$contact_id = $visitor['cid'];
 				break;
 			}
 		}
 	}
 	if ((local_user() == $item['uid']) || $contact_id) {
--- a/include/text.php
+++ b/include/text.php
@ -122,7 +122,7 @@ function redir_private_images($a, &$item)
 			}
 			if ((local_user() == $item['uid']) && ($item['private'] == 1) && ($item['contact-id'] != $a->contact['id']) && ($item['network'] == Protocol::DFRN)) {
-				$img_url = 'redir?f=1&quiet=1&url=' . urlencode($mtch[1]) . '&conurl=' . urlencode($item['author-link']);
+				$img_url = 'redir/' . $item['contact-id'] . '?url=' . urlencode($mtch[1]);
 				$item['body'] = str_replace($mtch[0], '[img]' . $img_url . '[/img]', $item['body']);
 			}
 		}
--- a/index.php
+++ b/index.php
@ -13,6 +13,7 @@ if (!file_exists(__DIR__ . '/vendor/autoload.php')) {
 require __DIR__ . '/vendor/autoload.php';
 $dice = (new Dice())->addRules(include __DIR__ . '/static/dependencies.config.php');
 $dice = $dice->addRule(Friendica\App\Mode::class, ['call' => [['determineRunMode', [false, $_SERVER], Dice::CHAIN_CALL]]]);
 \Friendica\BaseObject::setDependencyInjection($dice);
--- a/library/OAuth1.php
+++ b/library/OAuth1.php
@ -4,27 +4,30 @@
 /* Generic exception class
 */
 if (!class_exists('OAuthException', false)) {
-  class OAuthException extends Exception {
+  class OAuthException extends Exception
-    // pass
+  { }
  }
 }
-class OAuthConsumer {
+class OAuthConsumer
 {
  public $key;
  public $secret;
-  function __construct($key, $secret, $callback_url=NULL) {
+  function __construct($key, $secret, $callback_url = NULL)
  {
    $this->key = $key;
    $this->secret = $secret;
    $this->callback_url = $callback_url;
  }
-  function __toString() {
+  function __toString()
  {
    return "OAuthConsumer[key=$this->key,secret=$this->secret]";
  }
 }
-class OAuthToken {
+class OAuthToken
 {
  // access tokens and request tokens
  public $key;
  public $secret;
@ -37,7 +40,8 @@ class OAuthToken {
   * key = the token
   * secret = the token secret
   */
-  function __construct($key, $secret) {
+  function __construct($key, $secret)
  {
    $this->key = $key;
    $this->secret = $secret;
  }
@ -46,14 +50,16 @@ class OAuthToken {
   * generates the basic string serialization of a token that a server
   * would respond to request_token and access_token calls with
   */
-  function to_string() {
+  function to_string()
  {
    return "oauth_token=" .
-           OAuthUtil::urlencode_rfc3986($this->key) .
+      OAuthUtil::urlencode_rfc3986($this->key) .
-           "&oauth_token_secret=" .
+      "&oauth_token_secret=" .
-           OAuthUtil::urlencode_rfc3986($this->secret);
+      OAuthUtil::urlencode_rfc3986($this->secret);
  }
-  function __toString() {
+  function __toString()
  {
    return $this->to_string();
  }
 }
@ -62,7 +68,8 @@ class OAuthToken {
 * A class for implementing a Signature Method
 * See section 9 ("Signing Requests") in the spec
 */
-abstract class OAuthSignatureMethod {
+abstract class OAuthSignatureMethod
 {
  /**
   * Needs to return the name of the Signature Method (ie HMAC-SHA1)
   * @return string
@ -89,25 +96,29 @@ abstract class OAuthSignatureMethod {
   * @param string $signature
   * @return bool
   */
-  public function check_signature($request, $consumer, $token, $signature) {
+  public function check_signature($request, $consumer, $token, $signature)
  {
    $built = $this->build_signature($request, $consumer, $token);
    return ($built == $signature);
  }
 }
 /**
- * The HMAC-SHA1 signature method uses the HMAC-SHA1 signature algorithm as defined in [RFC2104] 
+ * The HMAC-SHA1 signature method uses the HMAC-SHA1 signature algorithm as defined in [RFC2104]
- * where the Signature Base String is the text and the key is the concatenated values (each first 
+ * where the Signature Base String is the text and the key is the concatenated values (each first
- * encoded per Parameter Encoding) of the Consumer Secret and Token Secret, separated by an '&' 
+ * encoded per Parameter Encoding) of the Consumer Secret and Token Secret, separated by an '&'
 * character (ASCII code 38) even if empty.
 *   - Chapter 9.2 ("HMAC-SHA1")
 */
-class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {
+class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod
-  function get_name() {
+{
  function get_name()
  {
    return "HMAC-SHA1";
  }
-  public function build_signature($request, $consumer, $token) {
+  public function build_signature($request, $consumer, $token)
  {
    $base_string = $request->get_signature_base_string();
    $request->base_string = $base_string;
@ -126,25 +137,28 @@ class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod {
 }
 /**
- * The PLAINTEXT method does not provide any security protection and SHOULD only be used 
+ * The PLAINTEXT method does not provide any security protection and SHOULD only be used
 * over a secure channel such as HTTPS. It does not use the Signature Base String.
 *   - Chapter 9.4 ("PLAINTEXT")
 */
-class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod {
+class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod
-  public function get_name() {
+{
  public function get_name()
  {
    return "PLAINTEXT";
  }
  /**
-   * oauth_signature is set to the concatenated encoded values of the Consumer Secret and 
+   * oauth_signature is set to the concatenated encoded values of the Consumer Secret and
-   * Token Secret, separated by a '&' character (ASCII code 38), even if either secret is 
+   * Token Secret, separated by a '&' character (ASCII code 38), even if either secret is
   * empty. The result MUST be encoded again.
   *   - Chapter 9.4.1 ("Generating Signatures")
   *
   * Please note that the second encoding MUST NOT happen in the SignatureMethod, as
   * OAuthRequest handles this!
   */
-  public function build_signature($request, $consumer, $token) {
+  public function build_signature($request, $consumer, $token)
  {
    $key_parts = array(
      $consumer->secret,
      ($token) ? $token->secret : ""
@ -159,15 +173,17 @@ class OAuthSignatureMethod_PLAINTEXT extends OAuthSignatureMethod {
 }
 /**
- * The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in 
+ * The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in
- * [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for 
+ * [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for
- * EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a 
+ * EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a
- * verified way to the Service Provider, in a manner which is beyond the scope of this 
+ * verified way to the Service Provider, in a manner which is beyond the scope of this
 * specification.
 *   - Chapter 9.3 ("RSA-SHA1")
 */
-abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
+abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod
-  public function get_name() {
+{
  public function get_name()
  {
    return "RSA-SHA1";
  }
@ -185,7 +201,8 @@ abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
  // Either way should return a string representation of the certificate
  protected abstract function fetch_private_cert(&$request);
-  public function build_signature($request, $consumer, $token) {
+  public function build_signature($request, $consumer, $token)
  {
    $base_string = $request->get_signature_base_string();
    $request->base_string = $base_string;
@ -204,7 +221,8 @@ abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
    return base64_encode($signature);
  }
-  public function check_signature($request, $consumer, $token, $signature) {
+  public function check_signature($request, $consumer, $token, $signature)
  {
    $decoded_sig = base64_decode($signature);
    $base_string = $request->get_signature_base_string();
@ -225,7 +243,8 @@ abstract class OAuthSignatureMethod_RSA_SHA1 extends OAuthSignatureMethod {
  }
 }
-class OAuthRequest {
+class OAuthRequest
 {
  private $parameters;
  private $http_method;
  private $http_url;
@ -234,9 +253,10 @@ class OAuthRequest {
  public static $version = '1.0';
  public static $POST_INPUT = 'php://input';
-  function __construct($http_method, $http_url, $parameters=NULL) {
+  function __construct($http_method, $http_url, $parameters = NULL)
  {
    @$parameters or $parameters = array();
-    $parameters = array_merge( OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
+    $parameters = array_merge(OAuthUtil::parse_parameters(parse_url($http_url, PHP_URL_QUERY)), $parameters);
    $this->parameters = $parameters;
    $this->http_method = $http_method;
    $this->http_url = $http_url;
@ -246,15 +266,16 @@ class OAuthRequest {
  /**
   * attempt to build up a request from what was passed to the server
   */
-  public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) {
+  public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
  {
    $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
-              ? 'http'
+      ? 'http'
-              : 'https';
+      : 'https';
    @$http_url or $http_url = $scheme .
-                              '://' . $_SERVER['HTTP_HOST'] .
+      '://' . $_SERVER['HTTP_HOST'] .
-                              ':' .
+      ':' .
-                              $_SERVER['SERVER_PORT'] .
+      $_SERVER['SERVER_PORT'] .
-                              $_SERVER['REQUEST_URI'];
+      $_SERVER['REQUEST_URI'];
    @$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
    // We weren't handed any parameters, so let's find the ones relevant to
@ -270,10 +291,13 @@ class OAuthRequest {
      // It's a POST request of the proper content-type, so parse POST
      // parameters and add those overriding any duplicates from GET
-      if ($http_method == "POST"
+      if (
-          && @strstr($request_headers["Content-Type"],
+        $http_method == "POST"
-                     "application/x-www-form-urlencoded")
+        && @strstr(
-          ) {
+          $request_headers["Content-Type"],
          "application/x-www-form-urlencoded"
        )
      ) {
        $post_data = OAuthUtil::parse_parameters(
          file_get_contents(self::$POST_INPUT)
        );
@ -288,25 +312,27 @@ class OAuthRequest {
        );
        $parameters = array_merge($parameters, $header_parameters);
      }
    }
    // fix for friendica redirect system
-    
+
-    $http_url =  substr($http_url, 0, strpos($http_url,$parameters['pagename'])+strlen($parameters['pagename']));
+    $http_url =  substr($http_url, 0, strpos($http_url, $parameters['pagename']) + strlen($parameters['pagename']));
-    unset( $parameters['pagename'] );
+    unset($parameters['pagename']);
-    
+
    return new OAuthRequest($http_method, $http_url, $parameters);
  }
  /**
   * pretty much a helper function to set up the request
   */
-  public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {
+  public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters = NULL)
  {
    @$parameters or $parameters = array();
-    $defaults = array("oauth_version" => OAuthRequest::$version,
+    $defaults = array(
-                      "oauth_nonce" => OAuthRequest::generate_nonce(),
+      "oauth_version" => OAuthRequest::$version,
-                      "oauth_timestamp" => OAuthRequest::generate_timestamp(),
+      "oauth_nonce" => OAuthRequest::generate_nonce(),
-                      "oauth_consumer_key" => $consumer->key);
+      "oauth_timestamp" => OAuthRequest::generate_timestamp(),
      "oauth_consumer_key" => $consumer->key
    );
    if ($token)
      $defaults['oauth_token'] = $token->key;
@ -315,7 +341,8 @@ class OAuthRequest {
    return new OAuthRequest($http_method, $http_url, $parameters);
  }
-  public function set_parameter($name, $value, $allow_duplicates = true) {
+  public function set_parameter($name, $value, $allow_duplicates = true)
  {
    if ($allow_duplicates && isset($this->parameters[$name])) {
      // We have already added parameter(s) with this name, so add to the list
      if (is_scalar($this->parameters[$name])) {
@ -330,15 +357,18 @@ class OAuthRequest {
    }
  }
-  public function get_parameter($name) {
+  public function get_parameter($name)
  {
    return isset($this->parameters[$name]) ? $this->parameters[$name] : null;
  }
-  public function get_parameters() {
+  public function get_parameters()
  {
    return $this->parameters;
  }
-  public function unset_parameter($name) {
+  public function unset_parameter($name)
  {
    unset($this->parameters[$name]);
  }
@ -346,7 +376,8 @@ class OAuthRequest {
   * The request parameters, sorted and concatenated into a normalized string.
   * @return string
   */
-  public function get_signable_parameters() {
+  public function get_signable_parameters()
  {
    // Grab all parameters
    $params = $this->parameters;
@ -366,7 +397,8 @@ class OAuthRequest {
   * and the parameters (normalized), each urlencoded
   * and the concated with &.
   */
-  public function get_signature_base_string() {
+  public function get_signature_base_string()
  {
    $parts = array(
      $this->get_normalized_http_method(),
      $this->get_normalized_http_url(),
@ -381,7 +413,8 @@ class OAuthRequest {
  /**
   * just uppercases the http method
   */
-  public function get_normalized_http_method() {
+  public function get_normalized_http_method()
  {
    return strtoupper($this->http_method);
  }
@ -389,7 +422,8 @@ class OAuthRequest {
   * parses the url and rebuilds it to be
   * scheme://host/path
   */
-  public function get_normalized_http_url() {
+  public function get_normalized_http_url()
  {
    $parts = parse_url($this->http_url);
    $port = @$parts['port'];
@ -400,7 +434,8 @@ class OAuthRequest {
    $port or $port = ($scheme == 'https') ? '443' : '80';
    if (($scheme == 'https' && $port != '443')
-        || ($scheme == 'http' && $port != '80')) {
+      || ($scheme == 'http' && $port != '80')
    ) {
      $host = "$host:$port";
    }
    return "$scheme://$host$path";
@ -409,11 +444,12 @@ class OAuthRequest {
  /**
   * builds a url usable for a GET request
   */
-  public function to_url() {
+  public function to_url()
  {
    $post_data = $this->to_postdata();
    $out = $this->get_normalized_http_url();
    if ($post_data) {
-      $out .= '?'.$post_data;
+      $out .= '?' . $post_data;
    }
    return $out;
  }
@ -421,9 +457,10 @@ class OAuthRequest {
  /**
   * builds the data one would send in a POST request
   */
-  public function to_postdata($raw = false) {
+  public function to_postdata($raw = false)
  {
    if ($raw)
-      return($this->parameters);
+      return $this->parameters;
    else
      return OAuthUtil::build_http_query($this->parameters);
  }
@ -431,15 +468,15 @@ class OAuthRequest {
  /**
   * builds the Authorization: header
   */
-  public function to_header($realm=null) {
+  public function to_header($realm = null)
  {
    $first = true;
-	if($realm) {
+    if ($realm) {
      $out = 'Authorization: OAuth realm="' . OAuthUtil::urlencode_rfc3986($realm) . '"';
      $first = false;
    } else
      $out = 'Authorization: OAuth';
    $total = array();
    foreach ($this->parameters as $k => $v) {
      if (substr($k, 0, 5) != "oauth") continue;
      if (is_array($v)) {
@ -447,20 +484,22 @@ class OAuthRequest {
      }
      $out .= ($first) ? ' ' : ',';
      $out .= OAuthUtil::urlencode_rfc3986($k) .
-              '="' .
+        '="' .
-              OAuthUtil::urlencode_rfc3986($v) .
+        OAuthUtil::urlencode_rfc3986($v) .
-              '"';
+        '"';
      $first = false;
    }
    return $out;
  }
-  public function __toString() {
+  public function __toString()
  {
    return $this->to_url();
  }
-  public function sign_request($signature_method, $consumer, $token) {
+  public function sign_request($signature_method, $consumer, $token)
  {
    $this->set_parameter(
      "oauth_signature_method",
      $signature_method->get_name(),
@ -470,7 +509,8 @@ class OAuthRequest {
    $this->set_parameter("oauth_signature", $signature, false);
  }
-  public function build_signature($signature_method, $consumer, $token) {
+  public function build_signature($signature_method, $consumer, $token)
  {
    $signature = $signature_method->build_signature($this, $consumer, $token);
    return $signature;
  }
@ -478,33 +518,35 @@ class OAuthRequest {
  /**
   * util function: current timestamp
   */
-  private static function generate_timestamp() {
+  private static function generate_timestamp()
  {
    return time();
  }
  /**
   * util function: current nonce
   */
-  private static function generate_nonce() {
+  private static function generate_nonce()
-    $mt = microtime();
+  {
-    $rand = mt_rand();
+    return Friendica\Util\Strings::getRandomHex(32);
    return md5($mt . $rand); // md5s look nicer than numbers
  }
 }
-class OAuthServer {
+class OAuthServer
 {
  protected $timestamp_threshold = 300; // in seconds, five minutes
  protected $version = '1.0';             // hi blaine
  protected $signature_methods = array();
  protected $data_store;
-  function __construct($data_store) {
+  function __construct($data_store)
  {
    $this->data_store = $data_store;
  }
-  public function add_signature_method($signature_method) {
+  public function add_signature_method($signature_method)
  {
    $this->signature_methods[$signature_method->get_name()] =
      $signature_method;
  }
@ -515,7 +557,8 @@ class OAuthServer {
   * process a request_token request
   * returns the request token on success
   */
-  public function fetch_request_token(&$request) {
+  public function fetch_request_token(&$request)
  {
    $this->get_version($request);
    $consumer = $this->get_consumer($request);
@ -536,7 +579,8 @@ class OAuthServer {
   * process an access_token request
   * returns the access token on success
   */
-  public function fetch_access_token(&$request) {
+  public function fetch_access_token(&$request)
  {
    $this->get_version($request);
    $consumer = $this->get_consumer($request);
@ -556,22 +600,24 @@ class OAuthServer {
  /**
   * verify an api call, checks all the parameters
   */
-  public function verify_request(&$request) {
+  public function verify_request(&$request)
  {
    $this->get_version($request);
    $consumer = $this->get_consumer($request);
    $token = $this->get_token($request, $consumer, "access");
    $this->check_signature($request, $consumer, $token);
-    return array($consumer, $token);
+    return [$consumer, $token];
  }
  // Internals from here
  /**
   * version 1
   */
-  private function get_version(&$request) {
+  private function get_version(&$request)
  {
    $version = $request->get_parameter("oauth_version");
    if (!$version) {
-      // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present. 
+      // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
      // Chapter 7.0 ("Accessing Protected Ressources")
      $version = '1.0';
    }
@ -584,9 +630,10 @@ class OAuthServer {
  /**
   * figure out the signature with some defaults
   */
-  private function get_signature_method(&$request) {
+  private function get_signature_method(&$request)
  {
    $signature_method =
-        @$request->get_parameter("oauth_signature_method");
+      @$request->get_parameter("oauth_signature_method");
    if (!$signature_method) {
      // According to chapter 7 ("Accessing Protected Ressources") the signature-method
@ -594,12 +641,14 @@ class OAuthServer {
      throw new OAuthException('No signature method parameter. This parameter is required');
    }
-    if (!in_array($signature_method,
+    if (!in_array(
-                  array_keys($this->signature_methods))) {
+      $signature_method,
      array_keys($this->signature_methods)
    )) {
      throw new OAuthException(
        "Signature method '$signature_method' not supported " .
-        "try one of the following: " .
+          "try one of the following: " .
-        implode(", ", array_keys($this->signature_methods))
+          implode(", ", array_keys($this->signature_methods))
      );
    }
    return $this->signature_methods[$signature_method];
@ -608,7 +657,8 @@ class OAuthServer {
  /**
   * try to find the consumer for the provided request's consumer key
   */
-  private function get_consumer(&$request) {
+  private function get_consumer(&$request)
  {
    $consumer_key = @$request->get_parameter("oauth_consumer_key");
    if (!$consumer_key) {
      throw new OAuthException("Invalid consumer key");
@ -625,10 +675,13 @@ class OAuthServer {
  /**
   * try to find the token for the provided request's token key
   */
-  private function get_token(&$request, $consumer, $token_type="access") {
+  private function get_token(&$request, $consumer, $token_type = "access")
  {
    $token_field = @$request->get_parameter('oauth_token');
    $token = $this->data_store->lookup_token(
-      $consumer, $token_type, $token_field
+      $consumer,
      $token_type,
      $token_field
    );
    if (!$token) {
      throw new OAuthException("Invalid $token_type token: $token_field");
@ -640,7 +693,8 @@ class OAuthServer {
   * all-in-one function to check the signature on a request
   * should guess the signature method appropriately
   */
-  private function check_signature(&$request, $consumer, $token) {
+  private function check_signature(&$request, $consumer, $token)
  {
    // this should probably be in a different method
    $timestamp = @$request->get_parameter('oauth_timestamp');
    $nonce = @$request->get_parameter('oauth_nonce');
@ -657,7 +711,7 @@ class OAuthServer {
      $token,
      $signature
    );
-	
+
    if (!$valid_sig) {
      throw new OAuthException("Invalid signature");
@ -667,12 +721,13 @@ class OAuthServer {
  /**
   * check that the timestamp is new enough
   */
-  private function check_timestamp($timestamp) {
+  private function check_timestamp($timestamp)
-    if( ! $timestamp )
+  {
    if (!$timestamp)
      throw new OAuthException(
        'Missing timestamp parameter. The parameter is required'
      );
-    
+
    // verify that timestamp is recentish
    $now = time();
    if (abs($now - $timestamp) > $this->timestamp_threshold) {
@ -685,8 +740,9 @@ class OAuthServer {
  /**
   * check that the nonce is not repeated
   */
-  private function check_nonce($consumer, $token, $nonce, $timestamp) {
+  private function check_nonce($consumer, $token, $nonce, $timestamp)
-    if( ! $nonce )
+  {
    if (!$nonce)
      throw new OAuthException(
        'Missing nonce parameter. The parameter is required'
      );
@ -702,65 +758,73 @@ class OAuthServer {
      throw new OAuthException("Nonce already used: $nonce");
    }
  }
 }
-class OAuthDataStore {
+class OAuthDataStore
-  function lookup_consumer($consumer_key) {
+{
  function lookup_consumer($consumer_key)
  {
    // implement me
  }
-  function lookup_token($consumer, $token_type, $token) {
+  function lookup_token($consumer, $token_type, $token)
  {
    // implement me
  }
-  function lookup_nonce($consumer, $token, $nonce, $timestamp) {
+  function lookup_nonce($consumer, $token, $nonce, $timestamp)
  {
    // implement me
  }
-  function new_request_token($consumer, $callback = null) {
+  function new_request_token($consumer, $callback = null)
  {
    // return a new token attached to this consumer
  }
-  function new_access_token($token, $consumer, $verifier = null) {
+  function new_access_token($token, $consumer, $verifier = null)
  {
    // return a new access token attached to this consumer
    // for the user associated with this token if the request token
    // is authorized
    // should also invalidate the request token
  }
 }
-class OAuthUtil {
+class OAuthUtil
-  public static function urlencode_rfc3986($input) {
+{
-  if (is_array($input)) {
+  public static function urlencode_rfc3986($input)
-    return array_map(array('OAuthUtil', 'urlencode_rfc3986'), $input);
+  {
-  } else if (is_scalar($input)) {
+    if (is_array($input)) {
-    return str_replace(
+      return array_map(['OAuthUtil', 'urlencode_rfc3986'], $input);
-      '+',
+    } else if (is_scalar($input)) {
-      ' ',
+      return str_replace(
-      str_replace('%7E', '~', rawurlencode($input))
+        '+',
-    );
+        ' ',
-  } else {
+        str_replace('%7E', '~', rawurlencode($input))
-    return '';
+      );
    } else {
      return '';
    }
  }
 }
  // This decode function isn't taking into consideration the above
  // modifications to the encoding process. However, this method doesn't
  // seem to be used anywhere so leaving it as is.
-  public static function urldecode_rfc3986($string) {
+  public static function urldecode_rfc3986($string)
  {
    return urldecode($string);
  }
  // Utility function for turning the Authorization: header into
  // parameters, has to do some unescaping
  // Can filter out any non-oauth parameters if needed (default behaviour)
-  public static function split_header($header, $only_allow_oauth_parameters = true) {
+  public static function split_header($header, $only_allow_oauth_parameters = true)
  {
    $pattern = '/(([-_a-z]*)=("([^"]*)"|([^,]*)),?)/';
    $offset = 0;
-    $params = array();
+    $params = [];
    while (preg_match($pattern, $header, $matches, PREG_OFFSET_CAPTURE, $offset) > 0) {
      $match = $matches[0];
      $header_name = $matches[2][0];
@ -779,7 +843,8 @@ class OAuthUtil {
  }
  // helper to try to sort out headers for people who aren't running apache
-  public static function get_headers() {
+  public static function get_headers()
  {
    if (function_exists('apache_request_headers')) {
      // we need this to get the actual Authorization: header
      // because apache tends to tell us it doesn't exist
@ -789,22 +854,22 @@ class OAuthUtil {
      // we always want the keys to be Cased-Like-This and arh()
      // returns the headers in the same case as they are in the
      // request
-      $out = array();
+      $out = [];
-      foreach( $headers AS $key => $value ) {
+      foreach ($headers as $key => $value) {
        $key = str_replace(
-            " ",
+          " ",
-            "-",
+          "-",
-            ucwords(strtolower(str_replace("-", " ", $key)))
+          ucwords(strtolower(str_replace("-", " ", $key)))
-          );
+        );
        $out[$key] = $value;
      }
    } else {
      // otherwise we don't have apache and are just going to have to hope
      // that $_SERVER actually contains what we need
-      $out = array();
+      $out = [];
-      if( isset($_SERVER['CONTENT_TYPE']) )
+      if (isset($_SERVER['CONTENT_TYPE']))
        $out['Content-Type'] = $_SERVER['CONTENT_TYPE'];
-      if( isset($_ENV['CONTENT_TYPE']) )
+      if (isset($_ENV['CONTENT_TYPE']))
        $out['Content-Type'] = $_ENV['CONTENT_TYPE'];
      foreach ($_SERVER as $key => $value) {
@ -827,12 +892,13 @@ class OAuthUtil {
  // This function takes a input like a=b&a=c&d=e and returns the parsed
  // parameters like this
  // array('a' => array('b','c'), 'd' => 'e')
-  public static function parse_parameters( $input ) {
+  public static function parse_parameters($input)
  {
    if (!isset($input) || !$input) return array();
    $pairs = explode('&', $input);
-    $parsed_parameters = array();
+    $parsed_parameters = [];
    foreach ($pairs as $pair) {
      $split = explode('=', $pair, 2);
      $parameter = OAuthUtil::urldecode_rfc3986($split[0]);
@ -845,7 +911,7 @@ class OAuthUtil {
        if (is_scalar($parsed_parameters[$parameter])) {
          // This is the first duplicate, so transform scalar (string) into an array
          // so we can add the duplicates
-          $parsed_parameters[$parameter] = array($parsed_parameters[$parameter]);
+          $parsed_parameters[$parameter] = [$parsed_parameters[$parameter]];
        }
        $parsed_parameters[$parameter][] = $value;
@ -856,7 +922,8 @@ class OAuthUtil {
    return $parsed_parameters;
  }
-  public static function build_http_query($params) {
+  public static function build_http_query($params)
  {
    if (!$params) return '';
    // Urlencode both keys and values
@ -868,7 +935,7 @@ class OAuthUtil {
    // Ref: Spec: 9.1.1 (1)
    uksort($params, 'strcmp');
-    $pairs = array();
+    $pairs = [];
    foreach ($params as $parameter => $value) {
      if (is_array($value)) {
        // If two or more parameters share the same name, they are sorted by their value
@ -886,5 +953,3 @@ class OAuthUtil {
    return implode('&', $pairs);
  }
 }
 ?>
--- a/mod/acl.php
+++ b/mod/acl.php
@ -1,316 +0,0 @@
 <?php
 /* ACL selector json backend */
 use Friendica\App;
 use Friendica\Content\Widget;
 use Friendica\Core\ACL;
 use Friendica\Core\Hook;
 use Friendica\Core\Logger;
 use Friendica\Core\Protocol;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Item;
 use Friendica\Util\Proxy as ProxyUtils;
 use Friendica\Util\Strings;
 function acl_content(App $a)
 {
 	if (!local_user()) {
 		return '';
 	}
 	$start   = defaults($_REQUEST, 'start'       , 0);
 	$count   = defaults($_REQUEST, 'count'       , 100);
 	$search  = defaults($_REQUEST, 'search'      , '');
 	$type    = defaults($_REQUEST, 'type'        , '');
 	$conv_id = defaults($_REQUEST, 'conversation', null);
 	// For use with jquery.textcomplete for private mail completion
 	if (!empty($_REQUEST['query'])) {
 		if (!$type) {
 			$type = 'm';
 		}
 		$search = $_REQUEST['query'];
 	}
 	Logger::info('ACL {action} - {subaction}', ['module' => 'acl', 'action' => 'content', 'subaction' => 'search', 'search' => $search, 'type' => $type, 'conversation' => $conv_id]);
 	if ($search != '') {
 		$sql_extra = "AND `name` LIKE '%%" . DBA::escape($search) . "%%'";
 		$sql_extra2 = "AND (`attag` LIKE '%%" . DBA::escape($search) . "%%' OR `name` LIKE '%%" . DBA::escape($search) . "%%' OR `nick` LIKE '%%" . DBA::escape($search) . "%%')";
 	} else {
 		/// @TODO Avoid these needless else blocks by putting variable-initialization atop of if()
 		$sql_extra = $sql_extra2 = '';
 	}
 	// count groups and contacts
 	$group_count = 0;
 	if ($type == '' || $type == 'g') {
 		$r = q("SELECT COUNT(*) AS g FROM `group` WHERE NOT `deleted` AND `uid` = %d $sql_extra",
 			intval(local_user())
 		);
 		$group_count = (int) $r[0]['g'];
 	}
 	$sql_extra2 .= ' ' . Widget::unavailableNetworks();
 	$contact_count = 0;
 	if ($type == '' || $type == 'c') {
 		// autocomplete for editor mentions
 		$r = q("SELECT COUNT(*) AS c FROM `contact`
 				WHERE `uid` = %d AND NOT `self` AND NOT `deleted`
 				AND NOT `blocked` AND NOT `pending` AND NOT `archive`
 				AND `notify` != '' $sql_extra2",
 			intval(local_user())
 		);
 		$contact_count = (int) $r[0]['c'];
 	} elseif ($type == 'f') {
 		// autocomplete for editor mentions of forums
 		$r = q("SELECT COUNT(*) AS c FROM `contact`
 				WHERE `uid` = %d AND NOT `self` AND NOT `deleted`
 				AND NOT `blocked` AND NOT `pending` AND NOT `archive`
 				AND (`forum` OR `prv`)
 				AND `notify` != '' $sql_extra2",
 			intval(local_user())
 		);
 		$contact_count = (int) $r[0]['c'];
 	} elseif ($type == 'm') {
 		// autocomplete for Private Messages
 		$r = q("SELECT COUNT(*) AS c FROM `contact`
 				WHERE `uid` = %d AND NOT `self` AND NOT `deleted`
 				AND NOT `blocked` AND NOT `pending` AND NOT `archive`
 				AND `network` IN ('%s', '%s', '%s') $sql_extra2",
 			intval(local_user()),
 			DBA::escape(Protocol::ACTIVITYPUB),
 			DBA::escape(Protocol::DFRN),
 			DBA::escape(Protocol::DIASPORA)
 		);
 		$contact_count = (int) $r[0]['c'];
 	} elseif ($type == 'a') {
 		// autocomplete for Contacts
 		$r = q("SELECT COUNT(*) AS c FROM `contact`
 				WHERE `uid` = %d AND NOT `self`
 				AND NOT `pending` AND NOT `deleted` $sql_extra2",
 			intval(local_user())
 		);
 		$contact_count = (int) $r[0]['c'];
 	}
 	$tot = $group_count + $contact_count;
 	$groups = [];
 	$contacts = [];
 	if ($type == '' || $type == 'g') {
 		/// @todo We should cache this query.
 		// This can be done when we can delete cache entries via wildcard
 		$r = q("SELECT `group`.`id`, `group`.`name`, GROUP_CONCAT(DISTINCT `group_member`.`contact-id` SEPARATOR ',') AS uids
 				FROM `group`
 				INNER JOIN `group_member` ON `group_member`.`gid`=`group`.`id`
 				WHERE NOT `group`.`deleted` AND `group`.`uid` = %d
 					$sql_extra
 				GROUP BY `group`.`name`, `group`.`id`
 				ORDER BY `group`.`name`
 				LIMIT %d,%d",
 			intval(local_user()),
 			intval($start),
 			intval($count)
 		);
 		foreach ($r as $g) {
 			$groups[] = [
 				'type'  => 'g',
 				'photo' => 'images/twopeople.png',
 				'name'  => htmlspecialchars($g['name']),
 				'id'    => intval($g['id']),
 				'uids'  => array_map('intval', explode(',', $g['uids'])),
 				'link'  => '',
 				'forum' => '0'
 			];
 		}
 		if ((count($groups) > 0) && ($search == '')) {
 			$groups[] = ['separator' => true];
 		}
 	}
 	$r = [];
 	if ($type == '') {
 		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv`, (`prv` OR `forum`) AS `frm` FROM `contact`
 				WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
 				AND NOT (`network` IN ('%s', '%s'))
 				$sql_extra2
 				ORDER BY `name` ASC ",
 			intval(local_user()),
 			DBA::escape(Protocol::OSTATUS),
 			DBA::escape(Protocol::STATUSNET)
 		);
 	} elseif ($type == 'c') {
 		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
 				WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
 				AND NOT (`network` IN ('%s'))
 				$sql_extra2
 				ORDER BY `name` ASC ",
 			intval(local_user()),
 			DBA::escape(Protocol::STATUSNET)
 		);
 	} elseif ($type == 'f') {
 		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
 				WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
 				AND NOT (`network` IN ('%s'))
 				AND (`forum` OR `prv`)
 				$sql_extra2
 				ORDER BY `name` ASC ",
 			intval(local_user()),
 			DBA::escape(Protocol::STATUSNET)
 		);
 	} elseif ($type == 'm') {
 		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr` FROM `contact`
 				WHERE `uid` = %d AND NOT `self` AND NOT `deleted` AND NOT `blocked` AND NOT `pending` AND NOT `archive`
 				AND `network` IN ('%s', '%s', '%s')
 				$sql_extra2
 				ORDER BY `name` ASC ",
 			intval(local_user()),
 			DBA::escape(Protocol::ACTIVITYPUB),
 			DBA::escape(Protocol::DFRN),
 			DBA::escape(Protocol::DIASPORA)
 		);
 	} elseif ($type == 'a') {
 		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `addr`, `forum`, `prv` FROM `contact`
 				WHERE `uid` = %d AND NOT `deleted` AND NOT `pending` AND NOT `archive`
 				$sql_extra2
 				ORDER BY `name` ASC ",
 			intval(local_user())
 		);
 	} elseif ($type == 'x') {
 		// autocomplete for global contact search (e.g. navbar search)
 		$search = Strings::escapeTags(trim($_REQUEST['search']));
 		$mode = $_REQUEST['smode'];
 		$r = ACL::contactAutocomplete($search, $mode);
 		$contacts = [];
 		foreach ($r as $g) {
 			$contacts[] = [
 				'photo'   => ProxyUtils::proxifyUrl($g['photo'], false, ProxyUtils::SIZE_MICRO),
 				'name'    => htmlspecialchars($g['name']),
 				'nick'    => defaults($g, 'addr', $g['url']),
 				'network' => $g['network'],
 				'link'    => $g['url'],
 				'forum'   => !empty($g['community']) ? 1 : 0,
 			];
 		}
 		$o = [
 			'start' => $start,
 			'count' => $count,
 			'items' => $contacts,
 		];
 		echo json_encode($o);
 		exit;
 	}
 	if (DBA::isResult($r)) {
 		$forums = [];
 		foreach ($r as $g) {
 			$entry = [
 				'type'    => 'c',
 				'photo'   => ProxyUtils::proxifyUrl($g['micro'], false, ProxyUtils::SIZE_MICRO),
 				'name'    => htmlspecialchars($g['name']),
 				'id'      => intval($g['id']),
 				'network' => $g['network'],
 				'link'    => $g['url'],
 				'nick'    => htmlentities(defaults($g, 'attag', $g['nick'])),
 				'addr'    => htmlentities(defaults($g, 'addr', $g['url'])),
 				'forum'   => !empty($g['forum']) || !empty($g['prv']) ? 1 : 0,
 			];
 			if ($entry['forum']) {
 				$forums[] = $entry;
 			} else {
 				$contacts[] = $entry;
 			}
 		}
 		if (count($forums) > 0) {
 			if ($search == '') {
 				$forums[] = ['separator' => true];
 			}
 			$contacts = array_merge($forums, $contacts);
 		}
 	}
 	$items = array_merge($groups, $contacts);
 	if ($conv_id) {
 		// In multi threaded posts the conv_id is not the parent of the whole thread
 		$parent_item = Item::selectFirst(['parent'], ['id' => $conv_id]);
 		if (DBA::isResult($parent_item)) {
 			$conv_id = $parent_item['parent'];
 		}
 		/*
 		 * if $conv_id is set, get unknown contacts in thread
 		 * but first get known contacts url to filter them out
 		 */
 		$known_contacts = array_map(function ($i) {
 			return $i['link'];
 		}, $contacts);
 		$unknown_contacts = [];
 		$condition = ["`parent` = ?", $conv_id];
 		$params = ['order' => ['author-name' => true]];
 		$authors = Item::selectForUser(local_user(), ['author-link'], $condition, $params);
 		$item_authors = [];
 		while ($author = Item::fetch($authors)) {
 			$item_authors[$author['author-link']] = $author['author-link'];
 		}
 		DBA::close($authors);
 		foreach ($item_authors as $author) {
 			if (in_array($author, $known_contacts)) {
 				continue;
 			}
 			$contact = Contact::getDetailsByURL($author);
 			if (count($contact) > 0) {
 				$unknown_contacts[] = [
 					'type'    => 'c',
 					'photo'   => ProxyUtils::proxifyUrl($contact['micro'], false, ProxyUtils::SIZE_MICRO),
 					'name'    => htmlspecialchars($contact['name']),
 					'id'      => intval($contact['cid']),
 					'network' => $contact['network'],
 					'link'    => $contact['url'],
 					'nick'    => htmlentities(defaults($contact, 'nick', $contact['addr'])),
 					'addr'    => htmlentities(defaults($contact, 'addr', $contact['url'])),
 					'forum'   => $contact['forum']
 				];
 			}
 		}
 		$items = array_merge($items, $unknown_contacts);
 		$tot += count($unknown_contacts);
 	}
 	$results = [
 		'tot'      => $tot,
 		'start'    => $start,
 		'count'    => $count,
 		'groups'   => $groups,
 		'contacts' => $contacts,
 		'items'    => $items,
 		'type'     => $type,
 		'search'   => $search,
 	];
 	Hook::callAll('acl_lookup_end', $results);
 	$o = [
 		'tot'   => $results['tot'],
 		'start' => $results['start'],
 		'count' => $results['count'],
 		'items' => $results['items'],
 	];
 	echo json_encode($o);
 	exit;
 }
--- a/mod/api.php
+++ b/mod/api.php
@ -2,6 +2,7 @@
 /**
 * @file mod/api.php
 */
 use Friendica\App;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
@ -9,7 +10,7 @@ use Friendica\Core\Renderer;
 use Friendica\Database\DBA;
 use Friendica\Module\Login;
-require_once 'include/api.php';
+require_once __DIR__ . '/../include/api.php';
 function oauth_get_client(OAuthRequest $request)
 {
--- a/mod/cal.php
+++ b/mod/cal.php
@ -14,6 +14,7 @@ use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Event;
@ -26,11 +27,7 @@ use Friendica\Util\Temporal;
 function cal_init(App $a)
 {
-	if ($a->argc > 1) {
+	if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
 		DFRN::autoRedir($a, $a->argv[1]);
 	}
 	if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
 		throw new \Friendica\Network\HTTPException\ForbiddenException(L10n::t('Access denied.'));
 	}
@ -113,18 +110,11 @@ function cal_content(App $a)
 	$owner_uid = intval($a->data['user']['uid']);
 	$nick = $a->data['user']['nickname'];
-	if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
+	if (!empty(Session::getRemoteContactID($a->profile['profile_uid']))) {
-		foreach ($_SESSION['remote'] as $v) {
+		$contact_id = Session::getRemoteContactID($a->profile['profile_uid']);
 			if ($v['uid'] == $a->profile['profile_uid']) {
 				$contact_id = $v['cid'];
 				break;
 			}
 		}
 	}
 	$groups = [];
 	if ($contact_id) {
 		$groups = Group::getIdsByContactId($contact_id);
 		$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
 			intval($contact_id),
 			intval($a->profile['profile_uid'])
@ -142,7 +132,7 @@ function cal_content(App $a)
 	}
 	// get the permissions
-	$sql_perms = Item::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+	$sql_perms = Item::getPermissionsSQLByUserId($owner_uid);
 	// we only want to have the events of the profile owner
 	$sql_extra = " AND `event`.`cid` = 0 " . $sql_perms;
@ -210,7 +200,7 @@ function cal_content(App $a)
 		// put the event parametes in an array so we can better transmit them
 		$event_params = [
-			'event_id'      => intval(defaults($_GET, 'id', 0)),
+			'event_id'      => intval($_GET['id'] ?? 0),
 			'start'         => $start,
 			'finish'        => $finish,
 			'adjust_start'  => $adjust_start,
--- a/mod/common.php
+++ b/mod/common.php
@ -118,7 +118,7 @@ function common_content(App $a)
 		$entry = [
 			'url'          => Model\Contact::magicLink($common_friend['url']),
-			'itemurl'      => defaults($contact_details, 'addr', $common_friend['url']),
+			'itemurl'      => ($contact_details['addr'] ?? '') ?: $common_friend['url'],
 			'name'         => $contact_details['name'],
 			'thumb'        => ProxyUtils::proxifyUrl($contact_details['thumb'], false, ProxyUtils::SIZE_THUMB),
 			'img_hover'    => $contact_details['name'],
--- a/mod/community.php
+++ b/mod/community.php
@ -17,19 +17,11 @@ use Friendica\Database\DBA;
 use Friendica\Model\Item;
 use Friendica\Model\User;
 function community_init(App $a)
 {
 	if (!local_user()) {
 		unset($_SESSION['theme']);
 		unset($_SESSION['mobile-theme']);
 	}
 }
 function community_content(App $a, $update = 0)
 {
 	$o = '';
-	if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+	if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
 		notice(L10n::t('Public access denied.') . EOL);
 		return;
 	}
@ -227,6 +219,7 @@ function community_getitems($start, $itemspage, $content, $accounttype)
 			$values = [$start, $itemspage];
 		}
 		/// @todo Use "unsearchable" here as well (instead of "hidewall")
 		$r = DBA::p("SELECT `item`.`uri`, `author`.`url` AS `author-link` FROM `thread`
 			STRAIGHT_JOIN `user` ON `user`.`uid` = `thread`.`uid` AND NOT `user`.`hidewall`
 			STRAIGHT_JOIN `item` ON `item`.`id` = `thread`.`iid`
@ -237,9 +230,9 @@ function community_getitems($start, $itemspage, $content, $accounttype)
 		return DBA::toArray($r);
 	} elseif ($content == 'global') {
 		if (!is_null($accounttype)) {
-			$condition = ["`uid` = ? AND `owner`.`contact-type` = ?", 0, $accounttype];
+			$condition = ["`uid` = ? AND NOT `author`.`unsearchable` AND NOT `owner`.`unsearchable` AND `owner`.`contact-type` = ?", 0, $accounttype];
 		} else {
-			$condition = ['uid' => 0];
+			$condition = ["`uid` = ? AND NOT `author`.`unsearchable` AND NOT `owner`.`unsearchable`", 0];
 		}
 		$r = Item::selectThreadForUser(0, ['uri'], $condition, ['order' => ['commented' => true], 'limit' => [$start, $itemspage]]);
--- a/mod/crepair.php
+++ b/mod/crepair.php
@ -38,17 +38,17 @@ function crepair_post(App $a)
 		return;
 	}
-	$name        = defaults($_POST, 'name'       , $contact['name']);
+	$name        = ($_POST['name']        ?? '') ?: $contact['name'];
-	$nick        = defaults($_POST, 'nick'       , '');
+	$nick        =  $_POST['nick']        ?? '';
-	$url         = defaults($_POST, 'url'        , '');
+	$url         =  $_POST['url']         ?? '';
-	$alias       = defaults($_POST, 'alias'      , '');
+	$alias       =  $_POST['alias']       ?? '';
-	$request     = defaults($_POST, 'request'    , '');
+	$request     =  $_POST['request']     ?? '';
-	$confirm     = defaults($_POST, 'confirm'    , '');
+	$confirm     =  $_POST['confirm']     ?? '';
-	$notify      = defaults($_POST, 'notify'     , '');
+	$notify      =  $_POST['notify']      ?? '';
-	$poll        = defaults($_POST, 'poll'       , '');
+	$poll        =  $_POST['poll']        ?? '';
-	$attag       = defaults($_POST, 'attag'      , '');
+	$attag       =  $_POST['attag']       ?? '';
-	$photo       = defaults($_POST, 'photo'      , '');
+	$photo       =  $_POST['photo']       ?? '';
-	$remote_self = defaults($_POST, 'remote_self', false);
+	$remote_self =  $_POST['remote_self'] ?? false;
 	$nurl        = Strings::normaliseLink($url);
 	$r = DBA::update(
--- a/mod/delegate.php
+++ b/mod/delegate.php
@ -1,191 +0,0 @@
 <?php
 /**
 * @file mod/delegate.php
 */
 use Friendica\App;
 use Friendica\BaseModule;
 use Friendica\Core\L10n;
 use Friendica\Core\Protocol;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Model\User;
 use Friendica\Util\Strings;
 require_once 'mod/settings.php';
 function delegate_init(App $a)
 {
 	settings_init($a);
 }
 function delegate_post(App $a)
 {
 	if (!local_user()) {
 		return;
 	}
 	if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {
 		notice(L10n::t('Permission denied.') . EOL);
 		return;
 	}
 	BaseModule::checkFormSecurityTokenRedirectOnError('/delegate', 'delegate');
 	$parent_uid = defaults($_POST, 'parent_user', 0);
 	$parent_password = defaults($_POST, 'parent_password', '');
 	if ($parent_uid != 0) {
 		$user = DBA::selectFirst('user', ['nickname'], ['uid' => $parent_uid]);
 		if (!DBA::isResult($user)) {
 			notice(L10n::t('Parent user not found.') . EOL);
 			return;
 		}
 		$success = User::authenticate($user['nickname'], trim($parent_password));
 		if (!$success) {
 			notice(L10n::t('Permission denied.') . EOL);
 			return;
 		}
 	}
 	DBA::update('user', ['parent-uid' => $parent_uid], ['uid' => local_user()]);
 }
 function delegate_content(App $a)
 {
 	if (!local_user()) {
 		notice(L10n::t('Permission denied.') . EOL);
 		return;
 	}
 	if ($a->argc > 2 && $a->argv[1] === 'add' && intval($a->argv[2])) {
 		// delegated admins can view but not change delegation permissions
 		if (!empty($_SESSION['submanage'])) {
 			$a->internalRedirect('delegate');
 		}
 		$user_id = $a->argv[2];
 		$user = DBA::selectFirst('user', ['nickname'], ['uid' => $user_id]);
 		if (DBA::isResult($user)) {
 			$condition = [
 				'uid' => local_user(),
 				'nurl' => Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname'])
 			];
 			if (DBA::exists('contact', $condition)) {
 				DBA::insert('manage', ['uid' => $user_id, 'mid' => local_user()]);
 			}
 		}
 		$a->internalRedirect('delegate');
 	}
 	if ($a->argc > 2 && $a->argv[1] === 'remove' && intval($a->argv[2])) {
 		// delegated admins can view but not change delegation permissions
 		if (!empty($_SESSION['submanage'])) {
 			$a->internalRedirect('delegate');
 		}
 		DBA::delete('manage', ['uid' => $a->argv[2], 'mid' => local_user()]);
 		$a->internalRedirect('delegate');
 	}
 	// find everybody that currently has delegated management to this account/page
 	$delegates = [];
 	$r = q("SELECT * FROM `user` WHERE `uid` IN (SELECT `uid` FROM `manage` WHERE `mid` = %d)",
 		intval(local_user())
 	);
 	if (DBA::isResult($r)) {
 		$delegates = $r;
 	}
 	$uids = [];
 	foreach ($delegates as $rr) {
 		$uids[] = $rr['uid'];
 	}
 	// find every contact who might be a candidate for delegation
 	$potentials = [];
 	$r = q("SELECT `nurl`
 		FROM `contact`
 		WHERE `self` = 0
 		AND SUBSTRING_INDEX(`nurl`, '/', 3) = '%s'
 		AND `uid` = %d
 		AND `network` = '%s' ",
 		DBA::escape(Strings::normaliseLink(System::baseUrl())),
 		intval(local_user()),
 		DBA::escape(Protocol::DFRN)
 	);
 	if (DBA::isResult($r)) {
 		$nicknames = [];
 		foreach ($r as $rr) {
 			$nicknames[] = "'" . DBA::escape(basename($rr['nurl'])) . "'";
 		}
 		$nicks = implode(',', $nicknames);
 		// get user records for all potential page delegates who are not already delegates or managers
 		$r = q("SELECT `uid`, `username`, `nickname` FROM `user` WHERE `nickname` IN ($nicks)");
 		if (DBA::isResult($r)) {
 			foreach ($r as $rr) {
 				if (!in_array($rr['uid'], $uids)) {
 					$potentials[] = $rr;
 				}
 			}
 		}
 	}
 	settings_init($a);
 	$user = DBA::selectFirst('user', ['parent-uid', 'email'], ['uid' => local_user()]);
 	$parent_user = null;
 	if (DBA::isResult($user)) {
 		if (!DBA::exists('user', ['parent-uid' => local_user()])) {
 			$parent_uid = $user['parent-uid'];
 			$parents = [0 => L10n::t('No parent user')];
 			$fields = ['uid', 'username', 'nickname'];
 			$condition = ['email' => $user['email'], 'verified' => true, 'blocked' => false, 'parent-uid' => 0];
 			$parent_users = DBA::select('user', $fields, $condition);
 			while ($parent = DBA::fetch($parent_users)) {
 				if ($parent['uid'] != local_user()) {
 					$parents[$parent['uid']] = sprintf('%s (%s)', $parent['username'], $parent['nickname']);
 				}
 			}
 			$parent_user = ['parent_user', '', $parent_uid, '', $parents];
 		}
 	}
 	if (!is_null($parent_user)) {
 		$parent_password = ['parent_password', L10n::t('Parent Password:'), '', L10n::t('Please enter the password of the parent account to legitimize your request.')];
 	} else {
 		$parent_password = '';
 	}
 	$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('delegate.tpl'), [
 		'$form_security_token' => BaseModule::getFormSecurityToken('delegate'),
 		'$parent_header' => L10n::t('Parent User'),
 		'$parent_user' => $parent_user,
 		'$parent_password' => $parent_password,
 		'$parent_desc' => L10n::t('Parent users have total control about this account, including the account settings. Please double check whom you give this access.'),
 		'$submit' => L10n::t('Save Settings'),
 		'$header' => L10n::t('Delegate Page Management'),
 		'$delegates_header' => L10n::t('Delegates'),
 		'$base' => System::baseUrl(),
 		'$desc' => L10n::t('Delegates are able to manage all aspects of this account/page except for basic account settings. Please do not delegate your personal account to anybody that you do not trust completely.'),
 		'$head_delegates' => L10n::t('Existing Page Delegates'),
 		'$delegates' => $delegates,
 		'$head_potentials' => L10n::t('Potential Delegates'),
 		'$potentials' => $potentials,
 		'$remove' => L10n::t('Remove'),
 		'$add' => L10n::t('Add'),
 		'$none' => L10n::t('No entries.')
 	]);
 	return $o;
 }
--- a/mod/dfrn_confirm.php
+++ b/mod/dfrn_confirm.php
@ -59,7 +59,7 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 	 * since we are operating on behalf of our registered user to approve a friendship.
 	 */
 	if (empty($_POST['source_url'])) {
-		$uid = defaults($handsfree, 'uid', local_user());
+		$uid = ($handsfree['uid'] ?? 0) ?: local_user();
 		if (!$uid) {
 			notice(L10n::t('Permission denied.') . EOL);
 			return;
@ -78,13 +78,13 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 			$intro_id = $handsfree['intro_id'];
 			$duplex   = $handsfree['duplex'];
 			$cid      = 0;
-			$hidden   = intval(defaults($handsfree, 'hidden'  , 0));
+			$hidden   = intval($handsfree['hidden'] ?? 0);
 		} else {
-			$dfrn_id  = Strings::escapeTags(trim(defaults($_POST, 'dfrn_id'   , '')));
+			$dfrn_id  = Strings::escapeTags(trim($_POST['dfrn_id'] ?? ''));
-			$intro_id =      intval(defaults($_POST, 'intro_id'  , 0));
+			$intro_id = intval($_POST['intro_id']   ?? 0);
-			$duplex   =      intval(defaults($_POST, 'duplex'    , 0));
+			$duplex   = intval($_POST['duplex']     ?? 0);
-			$cid      =      intval(defaults($_POST, 'contact_id', 0));
+			$cid      = intval($_POST['contact_id'] ?? 0);
-			$hidden   =      intval(defaults($_POST, 'hidden'    , 0));
+			$hidden   = intval($_POST['hidden']     ?? 0);
 		}
 		/*
@ -347,12 +347,12 @@ function dfrn_confirm_post(App $a, $handsfree = null)
 	 */
 	if (!empty($_POST['source_url'])) {
 		// We are processing an external confirmation to an introduction created by our user.
-		$public_key =         defaults($_POST, 'public_key', '');
+		$public_key =         $_POST['public_key'] ?? '';
-		$dfrn_id    = hex2bin(defaults($_POST, 'dfrn_id'   , ''));
+		$dfrn_id    = hex2bin($_POST['dfrn_id']    ?? '');
-		$source_url = hex2bin(defaults($_POST, 'source_url', ''));
+		$source_url = hex2bin($_POST['source_url'] ?? '');
-		$aes_key    =         defaults($_POST, 'aes_key'   , '');
+		$aes_key    =         $_POST['aes_key']    ?? '';
-		$duplex     =  intval(defaults($_POST, 'duplex'    , 0));
+		$duplex     =  intval($_POST['duplex']     ?? 0);
-		$page       =  intval(defaults($_POST, 'page'      , 0));
+		$page       =  intval($_POST['page']       ?? 0);
 		$forum = (($page == 1) ? 1 : 0);
 		$prv   = (($page == 2) ? 1 : 0);
--- a/mod/dfrn_notify.php
+++ b/mod/dfrn_notify.php
@ -26,7 +26,7 @@ function dfrn_notify_post(App $a) {
 	if (empty($_POST) || !empty($postdata)) {
 		$data = json_decode($postdata);
 		if (is_object($data)) {
-			$nick = defaults($a->argv, 1, '');
+			$nick = $a->argv[1] ?? '';
 			$user = DBA::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]);
 			if (!DBA::isResult($user)) {
@ -42,8 +42,8 @@ function dfrn_notify_post(App $a) {
 	$dfrn_id      = (!empty($_POST['dfrn_id'])      ? Strings::escapeTags(trim($_POST['dfrn_id']))   : '');
 	$dfrn_version = (!empty($_POST['dfrn_version']) ? (float) $_POST['dfrn_version']    : 2.0);
 	$challenge    = (!empty($_POST['challenge'])    ? Strings::escapeTags(trim($_POST['challenge'])) : '');
-	$data         = defaults($_POST, 'data', '');
+	$data         = $_POST['data'] ?? '';
-	$key          = defaults($_POST, 'key', '');
+	$key          = $_POST['key'] ?? '';
 	$rino_remote  = (!empty($_POST['rino'])         ? intval($_POST['rino'])            :  0);
 	$dissolve     = (!empty($_POST['dissolve'])     ? intval($_POST['dissolve'])        :  0);
 	$perm         = (!empty($_POST['perm'])         ? Strings::escapeTags(trim($_POST['perm']))      : 'r');
--- a/mod/dfrn_poll.php
+++ b/mod/dfrn_poll.php
@ -9,6 +9,7 @@ use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Module\Login;
 use Friendica\Protocol\DFRN;
@ -21,17 +22,17 @@ function dfrn_poll_init(App $a)
 {
 	Login::sessionAuth();
-	$dfrn_id         = defaults($_GET, 'dfrn_id'        , '');
+	$dfrn_id         =  $_GET['dfrn_id']         ?? '';
-	$type            = defaults($_GET, 'type'           , 'data');
+	$type            = ($_GET['type']            ?? '') ?: 'data';
-	$last_update     = defaults($_GET, 'last_update'    , '');
+	$last_update     =  $_GET['last_update']     ?? '';
-	$destination_url = defaults($_GET, 'destination_url', '');
+	$destination_url =  $_GET['destination_url'] ?? '';
-	$challenge       = defaults($_GET, 'challenge'      , '');
+	$challenge       =  $_GET['challenge']       ?? '';
-	$sec             = defaults($_GET, 'sec'            , '');
+	$sec             =  $_GET['sec']             ?? '';
-	$dfrn_version    = (float) defaults($_GET, 'dfrn_version'   , 2.0);
+	$dfrn_version    = floatval(($_GET['dfrn_version'] ?? 0.0) ?: 2.0);
 	$quiet			 = !empty($_GET['quiet']);
 	// Possibly it is an OStatus compatible server that requests a user feed
-	$user_agent = defaults($_SERVER, 'HTTP_USER_AGENT', '');
+	$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? '';
 	if (($a->argc > 1) && ($dfrn_id == '') && !strstr($user_agent, 'Friendica')) {
 		$nickname = $a->argv[1];
 		header("Content-type: application/atom+xml");
@ -49,7 +50,7 @@ function dfrn_poll_init(App $a)
 	$hidewall = false;
 	if (($dfrn_id === '') && empty($_POST['dfrn_id'])) {
-		if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+		if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
 			throw new \Friendica\Network\HTTPException\ForbiddenException();
 		}
@ -110,17 +111,14 @@ function dfrn_poll_init(App $a)
 				if ((int)$xml->status === 1) {
 					$_SESSION['authenticated'] = 1;
 					if (empty($_SESSION['remote'])) {
 						$_SESSION['remote'] = [];
 					}
 					$_SESSION['remote'][] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']];
 					$_SESSION['visitor_id'] = $r[0]['id'];
 					$_SESSION['visitor_home'] = $r[0]['url'];
 					$_SESSION['visitor_handle'] = $r[0]['addr'];
 					$_SESSION['visitor_visiting'] = $r[0]['uid'];
 					$_SESSION['my_url'] = $r[0]['url'];
 					Session::setVisitorsContacts();
 					if (!$quiet) {
 						info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
 					}
@ -227,13 +225,13 @@ function dfrn_poll_init(App $a)
 function dfrn_poll_post(App $a)
 {
-	$dfrn_id      = defaults($_POST, 'dfrn_id'  , '');
+	$dfrn_id      =  $_POST['dfrn_id']   ?? '';
-	$challenge    = defaults($_POST, 'challenge', '');
+	$challenge    =  $_POST['challenge'] ?? '';
-	$url          = defaults($_POST, 'url'      , '');
+	$url          =  $_POST['url']       ?? '';
-	$sec          = defaults($_POST, 'sec'      , '');
+	$sec          =  $_POST['sec']       ?? '';
-	$ptype        = defaults($_POST, 'type'     , '');
+	$ptype        =  $_POST['type']      ?? '';
-	$perm         = defaults($_POST, 'perm'     , 'r');
+	$perm         = ($_POST['perm']      ?? '') ?: 'r';
-	$dfrn_version = !empty($_POST['dfrn_version']) ? (float) $_POST['dfrn_version'] : 2.0;
+	$dfrn_version = floatval(($_GET['dfrn_version'] ?? 0.0) ?: 2.0);
 	if ($ptype === 'profile-check') {
 		if (strlen($challenge) && strlen($sec)) {
@ -393,12 +391,12 @@ function dfrn_poll_post(App $a)
 function dfrn_poll_content(App $a)
 {
-	$dfrn_id         = defaults($_GET, 'dfrn_id'        , '');
+	$dfrn_id         =  $_GET['dfrn_id']         ?? '';
-	$type            = defaults($_GET, 'type'           , 'data');
+	$type            = ($_GET['type']            ?? '') ?: 'data';
-	$last_update     = defaults($_GET, 'last_update'    , '');
+	$last_update     =  $_GET['last_update']     ?? '';
-	$destination_url = defaults($_GET, 'destination_url', '');
+	$destination_url =  $_GET['destination_url'] ?? '';
-	$sec             = defaults($_GET, 'sec'            , '');
+	$sec             =  $_GET['sec']             ?? '';
-	$dfrn_version    = !empty($_GET['dfrn_version'])    ? (float) $_GET['dfrn_version'] : 2.0;
+	$dfrn_version    = floatval(($_GET['dfrn_version'] ?? 0.0) ?: 2.0);
 	$quiet           = !empty($_GET['quiet']);
 	$direction = -1;
@ -517,15 +515,13 @@ function dfrn_poll_content(App $a)
 				if (((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
 					$_SESSION['authenticated'] = 1;
 					if (empty($_SESSION['remote'])) {
 						$_SESSION['remote'] = [];
 					}
 					$_SESSION['remote'][] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']];
 					$_SESSION['visitor_id'] = $r[0]['id'];
 					$_SESSION['visitor_home'] = $r[0]['url'];
 					$_SESSION['visitor_visiting'] = $r[0]['uid'];
 					$_SESSION['my_url'] = $r[0]['url'];
 					Session::setVisitorsContacts();
 					if (!$quiet) {
 						info(L10n::t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']) . EOL);
 					}
--- a/mod/dfrn_request.php
+++ b/mod/dfrn_request.php
@ -19,6 +19,7 @@ use Friendica\Core\Logger;
 use Friendica\Core\Protocol;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Group;
@ -79,7 +80,7 @@ function dfrn_request_post(App $a)
 		if (local_user() && ($a->user['nickname'] == $a->argv[1]) && !empty($_POST['dfrn_url'])) {
 			$dfrn_url    = Strings::escapeTags(trim($_POST['dfrn_url']));
 			$aes_allow   = !empty($_POST['aes_allow']);
-			$confirm_key = defaults($_POST, 'confirm_key', "");
+			$confirm_key = $_POST['confirm_key'] ?? '';
 			$hidden      = (!empty($_POST['hidden-contact']) ? intval($_POST['hidden-contact']) : 0);
 			$contact_record = null;
 			$blocked     = 1;
@ -168,7 +169,7 @@ function dfrn_request_post(App $a)
 				$r = q("SELECT `id`, `network` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `site-pubkey` = '%s' LIMIT 1",
 					intval(local_user()),
 					DBA::escape($dfrn_url),
-					defaults($parms, 'key', '') // Potentially missing
+					$parms['key'] ?? '' // Potentially missing
 				);
 				if (DBA::isResult($r)) {
 					Group::addMember(User::getDefaultGroup(local_user(), $r[0]["network"]), $r[0]['id']);
@ -422,7 +423,7 @@ function dfrn_request_post(App $a)
 					intval($uid),
 					intval($contact_record['id']),
 					intval(!empty($_POST['knowyou'])),
-					DBA::escape(Strings::escapeTags(trim(defaults($_POST, 'dfrn-request-message', '')))),
+					DBA::escape(Strings::escapeTags(trim($_POST['dfrn-request-message'] ?? ''))),
 					DBA::escape($hash),
 					DBA::escape(DateTimeFormat::utcNow())
 				);
@ -498,7 +499,7 @@ function dfrn_request_content(App $a)
 		$dfrn_url = Strings::escapeTags(trim(hex2bin($_GET['dfrn_url'])));
 		$aes_allow = !empty($_GET['aes_allow']);
-		$confirm_key = defaults($_GET, 'confirm_key', "");
+		$confirm_key = $_GET['confirm_key'] ?? '';
 		// Checking fastlane for validity
 		if (!empty($_SESSION['fastlane']) && (Strings::normaliseLink($_SESSION["fastlane"]) == Strings::normaliseLink($dfrn_url))) {
@ -592,7 +593,7 @@ function dfrn_request_content(App $a)
 		exit();
 	} else {
 		// Normal web request. Display our user's introduction form.
-		if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
+		if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
 			if (!Config::get('system', 'local_block')) {
 				notice(L10n::t('Public access denied.') . EOL);
 				return;
--- a/mod/display.php
+++ b/mod/display.php
@ -14,6 +14,7 @@ use Friendica\Core\Logger;
 use Friendica\Core\Protocol;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Group;
@ -31,7 +32,7 @@ function display_init(App $a)
 		Objects::rawContent();
 	}
-	if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+	if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
 		return;
 	}
@ -52,9 +53,11 @@ function display_init(App $a)
 			if (DBA::isResult($item)) {
 				$nick = $a->user["nickname"];
 			}
 		}
 		// Is this item private but could be visible to the remove visitor?
-		} elseif (remote_user()) {
+		if (!DBA::isResult($item) && remote_user()) {
-			$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
+			$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]);
 			if (DBA::isResult($item)) {
 				if (!Contact::isFollower(remote_user(), $item['uid'])) {
 					$item = null;
@ -84,10 +87,6 @@ function display_init(App $a)
 		displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
 	}
 	if ($a->argc >= 3 && $nick == 'feed-item') {
 		displayShowFeed($item['id'], $a->argc > 3 && $a->argv[3] == 'conversation.atom');
 	}
 	if (!empty($_SERVER['HTTP_ACCEPT']) && strstr($_SERVER['HTTP_ACCEPT'], 'application/atom+xml')) {
 		Logger::log('Directly serving XML for id '.$item["id"], Logger::DEBUG);
 		displayShowFeed($item["id"], false);
@ -102,7 +101,7 @@ function display_init(App $a)
 	if (strstr(Strings::normaliseLink($profiledata["url"]), Strings::normaliseLink(System::baseUrl()))) {
 		$nickname = str_replace(Strings::normaliseLink(System::baseUrl())."/profile/", "", Strings::normaliseLink($profiledata["url"]));
-		if (($nickname != $a->user["nickname"])) {
+		if ($nickname != $a->user["nickname"]) {
 			$profile = DBA::fetchFirst("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `contact`.`avatar-date` AS picdate, `user`.* FROM `profile`
 				INNER JOIN `contact` on `contact`.`uid` = `profile`.`uid` INNER JOIN `user` ON `profile`.`uid` = `user`.`uid`
 				WHERE `user`.`nickname` = ? AND `profile`.`is-default` AND `contact`.`self` LIMIT 1",
@ -188,14 +187,16 @@ function display_fetchauthor($a, $item)
 	$profiledata = Contact::getDetailsByURL($profiledata["url"], local_user(), $profiledata);
-	$profiledata["photo"] = System::removedBaseUrl($profiledata["photo"]);
+	if (!empty($profiledata["photo"])) {
 		$profiledata["photo"] = System::removedBaseUrl($profiledata["photo"]);
 	}
 	return $profiledata;
 }
 function display_content(App $a, $update = false, $update_uid = 0)
 {
-	if (Config::get('system','block_public') && !local_user() && !remote_user()) {
+	if (Config::get('system','block_public') && !Session::isAuthenticated()) {
 		throw new HTTPException\ForbiddenException(L10n::t('Public access denied.'));
 	}
@ -227,8 +228,10 @@ function display_content(App $a, $update = false, $update_uid = 0)
 					$item_parent = $item["parent"];
 					$item_parent_uri = $item['parent-uri'];
 				}
-			} elseif (remote_user()) {
+			}
-				$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1]);
+
 			if (($item_parent == 0) && remote_user()) {
 				$item = Item::selectFirst($fields, ['guid' => $a->argv[1], 'private' => 1, 'origin' => true]);
 				if (DBA::isResult($item) && Contact::isFollower(remote_user(), $item['uid'])) {
 					$item_id = $item["id"];
 					$item_parent = $item["parent"];
@ -267,34 +270,26 @@ function display_content(App $a, $update = false, $update_uid = 0)
 				['$alternate' => $alternate,
 					'$conversation' => $conversation]);
 	$groups = [];
 	$remote_cid = null;
 	$is_remote_contact = false;
 	$item_uid = local_user();
 	if (isset($item_parent_uri)) {
 		$parent = Item::selectFirst(['uid'], ['uri' => $item_parent_uri, 'wall' => true]);
 		if (DBA::isResult($parent)) {
-			$a->profile['uid'] = defaults($a->profile, 'uid', $parent['uid']);
+			$a->profile['uid'] = ($a->profile['uid'] ?? 0) ?: $parent['uid'];
-			$a->profile['profile_uid'] = defaults($a->profile, 'profile_uid', $parent['uid']);
+			$a->profile['profile_uid'] = ($a->profile['profile_uid'] ?? 0) ?: $parent['uid'];
-			$is_remote_contact = Contact::isFollower(remote_user(), $a->profile['profile_uid']);
+			$is_remote_contact = Session::getRemoteContactID($a->profile['profile_uid']);
 			if ($is_remote_contact) {
-				$cdata = Contact::getPublicAndUserContacID(remote_user(), $a->profile['profile_uid']);
+				$item_uid = $parent['uid'];
 				if (!empty($cdata['user'])) {
 					$groups = Group::getIdsByContactId($cdata['user']);
 					$remote_cid = $cdata['user'];
 					$item_uid = $parent['uid'];
 				}
 			}
 		}
 	}
 	$page_contact = DBA::selectFirst('contact', [], ['self' => true, 'uid' => $a->profile['uid']]);
 	if (DBA::isResult($page_contact)) {
 		$a->page_contact = $page_contact;
 	}
 	$is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false);
 	if (!empty($a->profile['hidewall']) && !$is_owner && !$is_remote_contact) {
@ -316,7 +311,7 @@ function display_content(App $a, $update = false, $update_uid = 0)
 		];
 		$o .= status_editor($a, $x, 0, true);
 	}
-	$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid'], $is_remote_contact, $groups, $remote_cid);
+	$sql_extra = Item::getPermissionsSQLByUserId($a->profile['profile_uid']);
 	if (local_user() && (local_user() == $a->profile['profile_uid'])) {
 		$condition = ['parent-uri' => $item_parent_uri, 'uid' => local_user(), 'unseen' => true];
@ -330,8 +325,8 @@ function display_content(App $a, $update = false, $update_uid = 0)
 	}
 	$condition = ["`id` = ? AND `item`.`uid` IN (0, ?) " . $sql_extra, $item_id, $item_uid];
-	$fields = ['parent-uri', 'body', 'title', 'author-name', 'author-avatar', 'plink'];
+	$fields = ['parent-uri', 'body', 'title', 'author-name', 'author-avatar', 'plink', 'author-id', 'owner-id', 'contact-id'];
-	$item = Item::selectFirstForUser(local_user(), $fields, $condition);
+	$item = Item::selectFirstForUser($a->profile['profile_uid'], $fields, $condition);
 	if (!DBA::isResult($item)) {
 		throw new HTTPException\NotFoundException(L10n::t('The requested item doesn\'t exist or has been deleted.'));
@ -370,7 +365,10 @@ function display_content(App $a, $update = false, $update_uid = 0)
 	$title = htmlspecialchars($title, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
 	$author_name = htmlspecialchars($author_name, ENT_COMPAT, 'UTF-8', true); // allow double encoding here
-	//<meta name="keywords" content="">
+	if (DBA::exists('contact', ['unsearchable' => true, 'id' => [$item['contact-id'], $item['author-id'], $item['owner-id']]])) {
 		$a->page['htmlhead'] .= '<meta content="noindex, noarchive" name="robots" />' . "\n";
 	}
 	$a->page['htmlhead'] .= '<meta name="author" content="'.$author_name.'" />'."\n";
 	$a->page['htmlhead'] .= '<meta name="title" content="'.$title.'" />'."\n";
 	$a->page['htmlhead'] .= '<meta name="fulltitle" content="'.$title.'" />'."\n";
--- a/mod/events.php
+++ b/mod/events.php
@ -59,11 +59,11 @@ function events_post(App $a)
 	$cid = !empty($_POST['cid']) ? intval($_POST['cid']) : 0;
 	$uid = local_user();
-	$start_text  = Strings::escapeHtml(defaults($_REQUEST, 'start_text', ''));
+	$start_text  = Strings::escapeHtml($_REQUEST['start_text'] ?? '');
-	$finish_text = Strings::escapeHtml(defaults($_REQUEST, 'finish_text', ''));
+	$finish_text = Strings::escapeHtml($_REQUEST['finish_text'] ?? '');
-	$adjust   = intval(defaults($_POST, 'adjust', 0));
+	$adjust   = intval($_POST['adjust'] ?? 0);
-	$nofinish = intval(defaults($_POST, 'nofinish', 0));
+	$nofinish = intval($_POST['nofinish'] ?? 0);
 	// The default setting for the `private` field in event_store() is false, so mirror that
 	$private_event = false;
@ -96,9 +96,9 @@ function events_post(App $a)
 	// and we'll waste a bunch of time responding to it. Time that
 	// could've been spent doing something else.
-	$summary  = trim(defaults($_POST, 'summary' , ''));
+	$summary  = trim($_POST['summary']  ?? '');
-	$desc     = trim(defaults($_POST, 'desc'    , ''));
+	$desc     = trim($_POST['desc']     ?? '');
-	$location = trim(defaults($_POST, 'location', ''));
+	$location = trim($_POST['location'] ?? '');
 	$type     = 'event';
 	$params = [
@ -132,7 +132,7 @@ function events_post(App $a)
 		$a->internalRedirect($onerror_path);
 	}
-	$share = intval(defaults($_POST, 'share', 0));
+	$share = intval($_POST['share'] ?? 0);
 	$c = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `self` LIMIT 1",
 		intval(local_user())
@ -146,10 +146,10 @@ function events_post(App $a)
 	if ($share) {
-		$str_group_allow   = perms2str(defaults($_POST, 'group_allow'  , ''));
+		$str_group_allow   = perms2str($_POST['group_allow']   ?? '');
-		$str_contact_allow = perms2str(defaults($_POST, 'contact_allow', ''));
+		$str_contact_allow = perms2str($_POST['contact_allow'] ?? '');
-		$str_group_deny    = perms2str(defaults($_POST, 'group_deny'   , ''));
+		$str_group_deny    = perms2str($_POST['group_deny']    ?? '');
-		$str_contact_deny  = perms2str(defaults($_POST, 'contact_deny' , ''));
+		$str_contact_deny  = perms2str($_POST['contact_deny']  ?? '');
 		// Undo the pseudo-contact of self, since there are real contacts now
 		if (strpos($str_contact_allow, '<' . $self . '>') !== false) {
@ -321,7 +321,7 @@ function events_content(App $a)
 		// put the event parametes in an array so we can better transmit them
 		$event_params = [
-			'event_id'      => intval(defaults($_GET, 'id', 0)),
+			'event_id'      => intval($_GET['id'] ?? 0),
 			'start'         => $start,
 			'finish'        => $finish,
 			'adjust_start'  => $adjust_start,
--- a/mod/fbrowser.php
+++ b/mod/fbrowser.php
@ -29,7 +29,7 @@ function fbrowser_content(App $a)
 	}
 	// Needed to match the correct template in a module that uses a different theme than the user/site/default
-	$theme = Strings::sanitizeFilePathItem(defaults($_GET, 'theme', null));
+	$theme = Strings::sanitizeFilePathItem($_GET['theme'] ?? null);
 	if ($theme && is_file("view/theme/$theme/config.php")) {
 		$a->setCurrentTheme($theme);
 	}
--- a/mod/follow.php
+++ b/mod/follow.php
@ -62,7 +62,7 @@ function follow_content(App $a)
 	$uid = local_user();
 	// Issue 4815: Silently removing a prefixing @
-	$url = ltrim(Strings::escapeTags(trim(defaults($_REQUEST, 'url', ''))), '@!');
+	$url = ltrim(Strings::escapeTags(trim($_REQUEST['url'] ?? '')), '@!');
 	// Issue 6874: Allow remote following from Peertube
 	if (strpos($url, 'acct:') === 0) {
--- a/mod/fsuggest.php
+++ b/mod/fsuggest.php
@ -45,7 +45,7 @@ function fsuggest_post(App $a)
 		return;
 	}
-	$note = Strings::escapeHtml(trim(defaults($_POST, 'note', '')));
+	$note = Strings::escapeHtml(trim($_POST['note'] ?? ''));
 	$fields = ['uid' => local_user(),'cid' => $contact_id, 'name' => $contact['name'],
 		'url' => $contact['url'], 'request' => $contact['request'],
--- a/mod/hcard.php
+++ b/mod/hcard.php
@ -6,13 +6,14 @@ use Friendica\App;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Model\Contact;
 use Friendica\Model\Profile;
 use Friendica\Model\User;
 function hcard_init(App $a)
 {
-	$blocked = Config::get('system', 'block_public') && !local_user() && !remote_user();
+	$blocked = Config::get('system', 'block_public') && !Session::isAuthenticated();
 	if ($a->argc > 1) {
 		$which = $a->argv[1];
@ -40,7 +41,7 @@ function hcard_init(App $a)
 	}
 	if (!$blocked) {
-		$keywords = defaults($a->profile, 'pub_keywords', '');
+		$keywords = $a->profile['pub_keywords'] ?? '';
 		$keywords = str_replace([',',' ',',,'], [' ',',',','], $keywords);
 		if (strlen($keywords)) {
 			$a->page['htmlhead'] .= '<meta name="keywords" content="' . $keywords . '" />' . "\r\n";
--- a/mod/hovercard.php
+++ b/mod/hovercard.php
@ -26,8 +26,8 @@ function hovercard_init(App $a)
 function hovercard_content()
 {
-	$profileurl = defaults($_REQUEST, 'profileurl', '');
+	$profileurl =  $_REQUEST['profileurl'] ?? '';
-	$datatype   = defaults($_REQUEST, 'datatype'  , 'json');
+	$datatype   = ($_REQUEST['datatype']   ?? '') ?: 'json';
 	// Get out if the system doesn't have public access allowed
 	if (intval(Config::get('system', 'block_public'))) {
@ -50,7 +50,7 @@ function hovercard_content()
 	if (strpos($profileurl, 'redir/') === 0) {
 		$cid = intval(substr($profileurl, 6));
 		$remote_contact = DBA::selectFirst('contact', ['nurl'], ['id' => $cid]);
-		$profileurl = defaults($remote_contact, 'nurl', '');
+		$profileurl = $remote_contact['nurl'] ?? '';
 	}
 	$contact = [];
@ -97,7 +97,7 @@ function hovercard_content()
 	$profile = [
 		'name'         => $contact['name'],
 		'nick'         => $contact['nick'],
-		'addr'         => defaults($contact, 'addr', $contact['url']),
+		'addr'         => ($contact['addr'] ?? '') ?: $contact['url'],
 		'thumb'        => ProxyUtils::proxifyUrl($contact['thumb'], false, ProxyUtils::SIZE_THUMB),
 		'url'          => Contact::magicLink($contact['url']),
 		'nurl'         => $contact['nurl'], // We additionally store the nurl as identifier
--- a/mod/ignored.php
+++ b/mod/ignored.php
@ -33,7 +33,7 @@ function ignored_init(App $a)
 	}
 	// See if we've been passed a return path to redirect to
-	$return_path = defaults($_REQUEST, 'return', '');
+	$return_path = $_REQUEST['return'] ?? '';
 	if ($return_path) {
 		$rand = '_=' . time();
 		if (strpos($return_path, '?')) {
--- a/mod/item.php
+++ b/mod/item.php
@ -25,6 +25,7 @@ use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 use Friendica\Core\Protocol;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\Model\Attach;
@ -42,10 +43,10 @@ use Friendica\Util\Security;
 use Friendica\Util\Strings;
 use Friendica\Worker\Delivery;
-require_once 'include/items.php';
+require_once __DIR__ . '/../include/items.php';
 function item_post(App $a) {
-	if (!local_user() && !remote_user()) {
+	if (!Session::isAuthenticated()) {
 		return 0;
 	}
@ -63,12 +64,12 @@ function item_post(App $a) {
 	Logger::log('postvars ' . print_r($_REQUEST, true), Logger::DATA);
-	$api_source = defaults($_REQUEST, 'api_source', false);
+	$api_source = $_REQUEST['api_source'] ?? false;
 	$message_id = ((!empty($_REQUEST['message_id']) && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
-	$return_path = defaults($_REQUEST, 'return', '');
+	$return_path = $_REQUEST['return'] ?? '';
-	$preview = intval(defaults($_REQUEST, 'preview', 0));
+	$preview = intval($_REQUEST['preview'] ?? 0);
 	/*
 	 * Check for doubly-submitted posts, and reject duplicates
@ -85,8 +86,8 @@ function item_post(App $a) {
 	}
 	// Is this a reply to something?
-	$toplevel_item_id = intval(defaults($_REQUEST, 'parent', 0));
+	$toplevel_item_id = intval($_REQUEST['parent'] ?? 0);
-	$thr_parent_uri = trim(defaults($_REQUEST, 'parent_uri', ''));
+	$thr_parent_uri = trim($_REQUEST['parent_uri'] ?? '');
 	$thread_parent_id = 0;
 	$thread_parent_contact = null;
@ -97,8 +98,8 @@ function item_post(App $a) {
 	$parent_contact = null;
 	$objecttype = null;
-	$profile_uid = defaults($_REQUEST, 'profile_uid', local_user());
+	$profile_uid = ($_REQUEST['profile_uid'] ?? 0) ?: local_user();
-	$posttype = defaults($_REQUEST, 'post_type', Item::PT_ARTICLE);
+	$posttype = ($_REQUEST['post_type'] ?? '') ?: Item::PT_ARTICLE;
 	if ($toplevel_item_id || $thr_parent_uri) {
 		if ($toplevel_item_id) {
@ -137,10 +138,10 @@ function item_post(App $a) {
 		Logger::info('mod_item: item_post parent=' . $toplevel_item_id);
 	}
-	$post_id     = intval(defaults($_REQUEST, 'post_id', 0));
+	$post_id     = intval($_REQUEST['post_id'] ?? 0);
-	$app         = strip_tags(defaults($_REQUEST, 'source', ''));
+	$app         = strip_tags($_REQUEST['source'] ?? '');
-	$extid       = strip_tags(defaults($_REQUEST, 'extid', ''));
+	$extid       = strip_tags($_REQUEST['extid'] ?? '');
-	$object      = defaults($_REQUEST, 'object', '');
+	$object      = $_REQUEST['object'] ?? '';
 	// Don't use "defaults" here. It would turn 0 to 1
 	if (!isset($_REQUEST['wall'])) {
@ -193,20 +194,20 @@ function item_post(App $a) {
 	$categories = '';
 	$postopts = '';
 	$emailcc = '';
-	$body = defaults($_REQUEST, 'body', '');
+	$body = $_REQUEST['body'] ?? '';
-	$has_attachment = defaults($_REQUEST, 'has_attachment', 0);
+	$has_attachment = $_REQUEST['has_attachment'] ?? 0;
 	// If we have a speparate attachment, we need to add it to the body.
 	if (!empty($has_attachment)) {
-		$attachment_type  = defaults($_REQUEST, 'attachment_type',  '');
+		$attachment_type  = $_REQUEST['attachment_type'] ??  '';
-		$attachment_title = defaults($_REQUEST, 'attachment_title', '');
+		$attachment_title = $_REQUEST['attachment_title'] ?? '';
-		$attachment_text  = defaults($_REQUEST, 'attachment_text',  '');
+		$attachment_text  = $_REQUEST['attachment_text'] ??  '';
-		$attachment_url     = hex2bin(defaults($_REQUEST, 'attachment_url',     ''));
+		$attachment_url     = hex2bin($_REQUEST['attachment_url'] ??     '');
-		$attachment_img_src = hex2bin(defaults($_REQUEST, 'attachment_img_src', ''));
+		$attachment_img_src = hex2bin($_REQUEST['attachment_img_src'] ?? '');
-		$attachment_img_width  = defaults($_REQUEST, 'attachment_img_width',  0);
+		$attachment_img_width  = $_REQUEST['attachment_img_width'] ??  0;
-		$attachment_img_height = defaults($_REQUEST, 'attachment_img_height', 0);
+		$attachment_img_height = $_REQUEST['attachment_img_height'] ?? 0;
 		$attachment = [
 			'type'   => $attachment_type,
 			'title'  => $attachment_title,
@ -228,6 +229,9 @@ function item_post(App $a) {
 		$body .= $att_bbcode;
 	}
 	// Convert links with empty descriptions to links without an explicit description
 	$body = preg_replace('#\[url=([^\]]*?)\]\[/url\]#ism', '[url]$1[/url]', $body);
 	if (!empty($orig_post)) {
 		$str_group_allow   = $orig_post['allow_gid'];
 		$str_contact_allow = $orig_post['allow_cid'];
@ -265,29 +269,25 @@ function item_post(App $a) {
 			$str_contact_deny  = $user['deny_cid'];
 		} else {
 			// use the posted permissions
-			$str_group_allow   = perms2str(defaults($_REQUEST, 'group_allow', ''));
+			$str_group_allow   = perms2str($_REQUEST['group_allow'] ?? '');
-			$str_contact_allow = perms2str(defaults($_REQUEST, 'contact_allow', ''));
+			$str_contact_allow = perms2str($_REQUEST['contact_allow'] ?? '');
-			$str_group_deny    = perms2str(defaults($_REQUEST, 'group_deny', ''));
+			$str_group_deny    = perms2str($_REQUEST['group_deny'] ?? '');
-			$str_contact_deny  = perms2str(defaults($_REQUEST, 'contact_deny', ''));
+			$str_contact_deny  = perms2str($_REQUEST['contact_deny'] ?? '');
 		}
-		$title             = Strings::escapeTags(trim(defaults($_REQUEST, 'title'   , '')));
+		$title             = Strings::escapeTags(trim($_REQUEST['title']    ?? ''));
-		$location          = Strings::escapeTags(trim(defaults($_REQUEST, 'location', '')));
+		$location          = Strings::escapeTags(trim($_REQUEST['location'] ?? ''));
-		$coord             = Strings::escapeTags(trim(defaults($_REQUEST, 'coord'   , '')));
+		$coord             = Strings::escapeTags(trim($_REQUEST['coord']    ?? ''));
-		$verb              = Strings::escapeTags(trim(defaults($_REQUEST, 'verb'    , '')));
+		$verb              = Strings::escapeTags(trim($_REQUEST['verb']     ?? ''));
-		$emailcc           = Strings::escapeTags(trim(defaults($_REQUEST, 'emailcc' , '')));
+		$emailcc           = Strings::escapeTags(trim($_REQUEST['emailcc']  ?? ''));
 		$body              = Strings::escapeHtml(trim($body));
-		$network           = Strings::escapeTags(trim(defaults($_REQUEST, 'network' , Protocol::DFRN)));
+		$network           = Strings::escapeTags(trim(($_REQUEST['network']  ?? '') ?: Protocol::DFRN));
 		$guid              = System::createUUID();
-		$postopts = defaults($_REQUEST, 'postopts', '');
+		$postopts = $_REQUEST['postopts'] ?? '';
 		$private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0);
 		if ($user['hidewall']) {
 			$private = 2;
 		}
 		// If this is a comment, set the permissions from the parent.
 		if ($toplevel_item) {
@ -307,7 +307,7 @@ function item_post(App $a) {
 			$wall              = $toplevel_item['wall'];
 		}
-		$pubmail_enabled = defaults($_REQUEST, 'pubmail_enable', false) && !$private;
+		$pubmail_enabled = ($_REQUEST['pubmail_enable'] ?? false) && !$private;
 		// if using the API, we won't see pubmail_enable - figure out if it should be set
 		if ($api_source && $profile_uid && $profile_uid == local_user() && !$private) {
@ -335,7 +335,7 @@ function item_post(App $a) {
 	// save old and new categories, so we can determine what needs to be deleted from pconfig
 	$categories_old = $categories;
-	$categories = FileTag::listToFile(trim(defaults($_REQUEST, 'category', '')), 'category');
+	$categories = FileTag::listToFile(trim($_REQUEST['category'] ?? ''), 'category');
 	$categories_new = $categories;
 	if (!empty($filedas) && is_array($filedas)) {
@ -352,18 +352,8 @@ function item_post(App $a) {
 	if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
 		$self = true;
 		$author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]);
-	} elseif (remote_user()) {
+	} elseif (!empty(Session::getRemoteContactID($profile_uid))) {
-		if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
+		$author = DBA::selectFirst('contact', [], ['id' => Session::getRemoteContactID($profile_uid)]);
 			foreach ($_SESSION['remote'] as $v) {
 				if ($v['uid'] == $profile_uid) {
 					$contact_id = $v['cid'];
 					break;
 				}
 			}
 		}
 		if ($contact_id) {
 			$author = DBA::selectFirst('contact', [], ['id' => $contact_id]);
 		}
 	}
 	if (DBA::isResult($author)) {
@ -874,7 +864,7 @@ function item_post_return($baseurl, $api_source, $return_path)
 function item_content(App $a)
 {
-	if (!local_user() && !remote_user()) {
+	if (!Session::isAuthenticated()) {
 		return;
 	}
@ -1025,7 +1015,7 @@ function handle_tag(&$body, &$inform, &$str_tags, $profile_uid, $tag, $network =
 			$profile = $contact["url"];
 			$alias   = $contact["alias"];
-			$newname = defaults($contact, "name", $contact["nick"]);
+			$newname = ($contact["name"] ?? '') ?: $contact["nick"];
 		}
 		//if there is an url for this persons profile
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@ -1,4 +1,5 @@
 <?php
 /**
 * @file mod/lostpass.php
 */
@ -27,7 +28,7 @@ function lostpass_post(App $a)
 		$a->internalRedirect();
 	}
-	$pwdreset_token = Strings::getRandomName(12) . mt_rand(1000, 9999);
+	$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
 	$fields = [
 		'pwdreset' => $pwdreset_token,
--- a/mod/manage.php
+++ b/mod/manage.php
@ -1,188 +0,0 @@
 <?php
 /**
 * @file mod/manage.php
 */
 use Friendica\App;
 use Friendica\Core\Hook;
 use Friendica\Core\L10n;
 use Friendica\Core\Renderer;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 function manage_post(App $a) {
 	if (! local_user()) {
 		return;
 	}
 	$uid = local_user();
 	$orig_record = $a->user;
 	if(!empty($_SESSION['submanage'])) {
 		$r = q("select * from user where uid = %d limit 1",
 			intval($_SESSION['submanage'])
 		);
 		if (DBA::isResult($r)) {
 			$uid = intval($r[0]['uid']);
 			$orig_record = $r[0];
 		}
 	}
 	$r = q("SELECT * FROM `manage` WHERE `uid` = %d",
 		intval($uid)
 	);
 	$submanage = $r;
 	$identity = (!empty($_POST['identity']) ? intval($_POST['identity']) : 0);
 	if (!$identity) {
 		return;
 	}
 	$limited_id = 0;
 	$original_id = $uid;
 	if (DBA::isResult($submanage)) {
 		foreach ($submanage as $m) {
 			if ($identity == $m['mid']) {
 				$limited_id = $m['mid'];
 				break;
 			}
 		}
 	}
 	if ($limited_id) {
 		$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
 			intval($limited_id)
 		);
 	} else {
 		// Check if the target user is one of our children
 		$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
 			intval($identity),
 			DBA::escape($orig_record['uid'])
 		);
 		// Check if the target user is one of our siblings
 		if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0)) {
 			$r = q("SELECT * FROM `user` WHERE `uid` = %d AND `parent-uid` = %d LIMIT 1",
 				intval($identity),
 				DBA::escape($orig_record['parent-uid'])
 			);
 		}
 		// Check if it's our parent
 		if (!DBA::isResult($r) && ($orig_record['parent-uid'] != 0) && ($orig_record['parent-uid'] == $identity)) {
 			$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
 				intval($identity)
 			);
 		}
 		// Finally check if it's out own user
 		if (!DBA::isResult($r) && ($orig_record['uid'] != 0) && ($orig_record['uid'] == $identity)) {
 			$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
 				intval($identity)
 			);
 		}
 	}
 	if (!DBA::isResult($r)) {
 		return;
 	}
 	unset($_SESSION['authenticated']);
 	unset($_SESSION['uid']);
 	unset($_SESSION['visitor_id']);
 	unset($_SESSION['administrator']);
 	unset($_SESSION['cid']);
 	unset($_SESSION['theme']);
 	unset($_SESSION['mobile-theme']);
 	unset($_SESSION['page_flags']);
 	unset($_SESSION['return_path']);
 	if (!empty($_SESSION['submanage'])) {
 		unset($_SESSION['submanage']);
 	}
 	if (!empty($_SESSION['sysmsg'])) {
 		unset($_SESSION['sysmsg']);
 	}
 	if (!empty($_SESSION['sysmsg_info'])) {
 		unset($_SESSION['sysmsg_info']);
 	}
 	Session::setAuthenticatedForUser($a, $r[0], true, true);
 	if ($limited_id) {
 		$_SESSION['submanage'] = $original_id;
 	}
 	$ret = [];
 	Hook::callAll('home_init',$ret);
 	$a->internalRedirect('profile/' . $a->user['nickname'] );
 	// NOTREACHED
 }
 function manage_content(App $a) {
 	if (! local_user()) {
 		notice(L10n::t('Permission denied.') . EOL);
 		return;
 	}
 	if (!empty($_GET['identity'])) {
 		$_POST['identity'] = $_GET['identity'];
 		manage_post($a);
 		return;
 	}
 	$identities = $a->identities;
 	//getting additinal information for each identity
 	foreach ($identities as $key=>$id) {
 		$thumb = q("SELECT `thumb` FROM `contact` WHERE `uid` = '%s' AND `self` = 1",
 			DBA::escape($id['uid'])
 		);
 		$identities[$key]['thumb'] = $thumb[0]['thumb'];
 		$identities[$key]['selected'] = ($id['nickname'] === $a->user['nickname']);
 		$notifications = 0;
 		$r = q("SELECT DISTINCT(`parent`) FROM `notify` WHERE `uid` = %d AND NOT `seen` AND NOT (`type` IN (%d, %d))",
 			intval($id['uid']), intval(NOTIFY_INTRO), intval(NOTIFY_MAIL));
 		if (DBA::isResult($r)) {
 			$notifications = sizeof($r);
 		}
 		$r = q("SELECT DISTINCT(`convid`) FROM `mail` WHERE `uid` = %d AND NOT `seen`",
 			intval($id['uid']));
 		if (DBA::isResult($r)) {
 			$notifications = $notifications + sizeof($r);
 		}
 		$r = q("SELECT COUNT(*) AS `introductions` FROM `intro` WHERE NOT `blocked` AND NOT `ignore` AND `uid` = %d",
 			intval($id['uid']));
 		if (DBA::isResult($r)) {
 			$notifications = $notifications + $r[0]["introductions"];
 		}
 		$identities[$key]['notifications'] = $notifications;
 	}
 	$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('manage.tpl'), [
 		'$title' => L10n::t('Manage Identities and/or Pages'),
 		'$desc' => L10n::t('Toggle between different identities or community/group pages which share your account details or which you have been granted "manage" permissions'),
 		'$choose' => L10n::t('Select an identity to manage: '),
 		'$identities' => $identities,
 		'$submit' => L10n::t('Submit'),
 	]);
 	return $o;
 }
--- a/mod/match.php
+++ b/mod/match.php
@ -66,7 +66,7 @@ function match_content(App $a)
 	$msearch = json_decode($msearch_json);
-	$start = defaults($_GET, 'start', 0);
+	$start = $_GET['start'] ?? 0;
 	$entries = [];
 	$paginate = '';
@ -92,11 +92,11 @@ function match_content(App $a)
 			$entry = [
 				'url'          => Contact::magicLink($profile->url),
-				'itemurl'      => defaults($contact_details, 'addr', $profile->url),
+				'itemurl'      => $contact_details['addr'] ?? $profile->url,
 				'name'         => $profile->name,
-				'details'      => defaults($contact_details, 'location', ''),
+				'details'      => $contact_details['location'] ?? '',
-				'tags'         => defaults($contact_details, 'keywords', ''),
+				'tags'         => $contact_details['keywords'] ?? '',
-				'about'        => defaults($contact_details, 'about', ''),
+				'about'        => $contact_details['about'] ?? '',
 				'account_type' => Contact::getAccountType($contact_details),
 				'thumb'        => ProxyUtils::proxifyUrl($profile->photo, false, ProxyUtils::SIZE_THUMB),
 				'conntxt'      => L10n::t('Connect'),
--- a/mod/message.php
+++ b/mod/message.php
@ -249,8 +249,8 @@ function message_content(App $a)
 			'$prefill'    => $prefill,
 			'$preid'      => $preid,
 			'$subject'    => L10n::t('Subject:'),
-			'$subjtxt'    => defaults($_REQUEST, 'subject', ''),
+			'$subjtxt'    => $_REQUEST['subject'] ?? '',
-			'$text'       => defaults($_REQUEST, 'body', ''),
+			'$text'       => $_REQUEST['body'] ?? '',
 			'$readonly'   => '',
 			'$yourmessage'=> L10n::t('Your message:'),
 			'$select'     => $select,
@ -530,7 +530,7 @@ function render_messages(array $msg, $t)
 			'$id' => $rr['id'],
 			'$from_name' => $participants,
 			'$from_url' => Contact::magicLink($rr['url']),
-			'$from_addr' => defaults($contact, 'addr', ''),
+			'$from_addr' => $contact['addr'] ?? '',
 			'$sparkle' => ' sparkle',
 			'$from_photo' => ProxyUtils::proxifyUrl($from_photo, false, ProxyUtils::SIZE_THUMB),
 			'$subject' => $rr['title'],
--- a/mod/msearch.php
+++ b/mod/msearch.php
@ -6,9 +6,9 @@ use Friendica\Database\DBA;
 function msearch_post(App $a)
 {
-	$search = defaults($_POST, 's', '');
+	$search = $_POST['s'] ?? '';
-	$perpage  = intval(defaults($_POST, 'n', 80));
+	$perpage  = intval(($_POST['n'] ?? 0) ?: 80);
-	$page     = intval(defaults($_POST, 'p', 1));
+	$page     = intval(($_POST['p'] ?? 0) ?: 1);
 	$startrec = ($page - 1) * $perpage;
 	$total = 0;
--- a/mod/network.php
+++ b/mod/network.php
@ -40,22 +40,6 @@ function network_init(App $a)
 	Hook::add('head', __FILE__, 'network_infinite_scroll_head');
 	$search = (!empty($_GET['search']) ? Strings::escapeHtml($_GET['search']) : '');
 	if (($search != '') && !empty($_GET['submit'])) {
 		$a->internalRedirect('search?search=' . urlencode($search));
 	}
 	if (!empty($_GET['save'])) {
 		$exists = DBA::exists('search', ['uid' => local_user(), 'term' => $search]);
 		if (!$exists) {
 			DBA::insert('search', ['uid' => local_user(), 'term' => $search]);
 		}
 	}
 	if (!empty($_GET['remove'])) {
 		DBA::delete('search', ['uid' => local_user(), 'term' => $search]);
 	}
 	$is_a_date_query = false;
 	$group_id = (($a->argc > 1 && is_numeric($a->argv[1])) ? intval($a->argv[1]) : 0);
@ -82,7 +66,7 @@ function network_init(App $a)
 	// fetch last used network view and redirect if needed
 	if (!$is_a_date_query) {
-		$sel_nets = defaults($_GET, 'nets', '');
+		$sel_nets = $_GET['nets'] ?? '';
 		$sel_tabs = network_query_get_sel_tab($a);
 		$sel_groups = network_query_get_sel_group($a);
 		$last_sel_tabs = PConfig::get(local_user(), 'network.view', 'tab.selected');
@ -154,46 +138,9 @@ function network_init(App $a)
 	$a->page['aside'] .= Group::sidebarWidget('network/0', 'network', 'standard', $group_id);
 	$a->page['aside'] .= ForumManager::widget(local_user(), $cid);
 	$a->page['aside'] .= Widget::postedByYear('network', local_user(), false);
-	$a->page['aside'] .= Widget::networks('network', defaults($_GET, 'nets', '') );
+	$a->page['aside'] .= Widget::networks('network', $_GET['nets'] ?? '');
-	$a->page['aside'] .= saved_searches($search);
+	$a->page['aside'] .= Widget\SavedSearches::getHTML($a->query_string);
-	$a->page['aside'] .= Widget::fileAs('network', defaults($_GET, 'file', '') );
+	$a->page['aside'] .= Widget::fileAs('network', $_GET['file'] ?? '');
 }
 function saved_searches($search)
 {
 	$srchurl = '/network?f='
 		. (!empty($_GET['cid'])   ? '&cid='   . rawurlencode($_GET['cid'])   : '')
 		. (!empty($_GET['star'])  ? '&star='  . rawurlencode($_GET['star'])  : '')
 		. (!empty($_GET['bmark']) ? '&bmark=' . rawurlencode($_GET['bmark']) : '')
 		. (!empty($_GET['conv'])  ? '&conv='  . rawurlencode($_GET['conv'])  : '')
 		. (!empty($_GET['nets'])  ? '&nets='  . rawurlencode($_GET['nets'])  : '')
 		. (!empty($_GET['cmin'])  ? '&cmin='  . rawurlencode($_GET['cmin'])  : '')
 		. (!empty($_GET['cmax'])  ? '&cmax='  . rawurlencode($_GET['cmax'])  : '')
 		. (!empty($_GET['file'])  ? '&file='  . rawurlencode($_GET['file'])  : '');
 	;
 	$terms = DBA::select('search', ['id', 'term'], ['uid' => local_user()]);
 	$saved = [];
 	while ($rr = DBA::fetch($terms)) {
 		$saved[] = [
 			'id'          => $rr['id'],
 			'term'        => $rr['term'],
 			'encodedterm' => urlencode($rr['term']),
 			'delete'      => L10n::t('Remove term'),
 			'selected'    => ($search == $rr['term']),
 		];
 	}
 	$tpl = Renderer::getMarkupTemplate('saved_searches_aside.tpl');
 	$o = Renderer::replaceMacros($tpl, [
 		'$title'     => L10n::t('Saved Searches'),
 		'$add'       => L10n::t('add'),
 		'$searchbox' => HTML::search($search, 'netsearch-box', $srchurl),
 		'$saved'     => $saved,
 	]);
 	return $o;
 }
 /**
@ -409,7 +356,7 @@ function networkFlatView(App $a, $update = 0)
 	$o = '';
-	$file = defaults($_GET, 'file', '');
+	$file = $_GET['file'] ?? '';
 	if (!$update && !$rawmode) {
 		$tabs = network_tabs($a);
@ -532,12 +479,12 @@ function networkThreadedView(App $a, $update, $parent)
 	$o = '';
-	$cid   = intval(defaults($_GET, 'cid'  , 0));
+	$cid   = intval($_GET['cid']   ?? 0);
-	$star  = intval(defaults($_GET, 'star' , 0));
+	$star  = intval($_GET['star']  ?? 0);
-	$bmark = intval(defaults($_GET, 'bmark', 0));
+	$bmark = intval($_GET['bmark'] ?? 0);
-	$conv  = intval(defaults($_GET, 'conv' , 0));
+	$conv  = intval($_GET['conv']  ?? 0);
-	$order = Strings::escapeTags(defaults($_GET, 'order', 'comment'));
+	$order = Strings::escapeTags(($_GET['order'] ?? '') ?: 'comment');
-	$nets  =        defaults($_GET, 'nets' , '');
+	$nets  =        $_GET['nets']  ?? '';
 	$allowedCids = [];
 	if ($cid) {
@ -676,7 +623,7 @@ function networkThreadedView(App $a, $update, $parent)
 			$entries[0] = [
 				'id' => 'network',
 				'name' => $contact['name'],
-				'itemurl' => defaults($contact, 'addr', $contact['nurl']),
+				'itemurl' => ($contact['addr'] ?? '') ?: $contact['nurl'],
 				'thumb' => ProxyUtils::proxifyUrl($contact['thumb'], false, ProxyUtils::SIZE_THUMB),
 				'details' => $contact['location'],
 			];
@ -1066,7 +1013,7 @@ function network_infinite_scroll_head(App $a, &$htmlhead)
 	global $pager;
 	if (PConfig::get(local_user(), 'system', 'infinite_scroll')
-		&& defaults($_GET, 'mode', '') != 'minimal'
+		&& ($_GET['mode'] ?? '') != 'minimal'
 	) {
 		$tpl = Renderer::getMarkupTemplate('infinite_scroll_head.tpl');
 		$htmlhead .= Renderer::replaceMacros($tpl, [
--- a/mod/noscrape.php
+++ b/mod/noscrape.php
@ -49,7 +49,7 @@ function noscrape_init(App $a)
 		exit;
 	}
-	$keywords = defaults($a->profile, 'pub_keywords', '');
+	$keywords = $a->profile['pub_keywords'] ?? '';
 	$keywords = str_replace(['#',',',' ',',,'], ['',' ',',',','], $keywords);
 	$keywords = explode(',', $keywords);
--- a/mod/notifications.php
+++ b/mod/notifications.php
@ -12,9 +12,11 @@ use Friendica\Core\L10n;
 use Friendica\Core\NotificationsManager;
 use Friendica\Core\Protocol;
 use Friendica\Core\Renderer;
 use Friendica\Core\Logger;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Module\Login;
 use Friendica\Model\Contact;
 function notifications_post(App $a)
 {
@ -46,13 +48,18 @@ function notifications_post(App $a)
 		if ($_POST['submit'] == L10n::t('Discard')) {
 			DBA::delete('intro', ['id' => $intro_id]);
 			if (!$fid) {
-				// The check for blocked and pending is in case the friendship was already approved
+				// When the contact entry had been created just for that intro, we want to get rid of it now
 				// and we just want to get rid of the now pointless notification
 				$condition = ['id' => $contact_id, 'uid' => local_user(),
-					'self' => false, 'blocked' => true, 'pending' => true];
+					'self' => false, 'pending' => true, 'rel' => [0, Contact::FOLLOWER]];
-				DBA::delete('contact', $condition);
+				$contact_pending = DBA::exists('contact', $condition);
 				// Remove the "pending" to stop the reappearing in any case
 				DBA::update('contact', ['pending' => false], ['id' => $contact_id]);
 				if ($contact_pending) {
 					Contact::remove($contact_id);
 				}
 			}
 			$a->internalRedirect('notifications/intros');
 		}
@ -71,8 +78,8 @@ function notifications_content(App $a)
 		return Login::form();
 	}
-	$page = defaults($_REQUEST, 'page', 1);
+	$page = ($_REQUEST['page'] ?? 0) ?: 1;
-	$show = defaults($_REQUEST, 'show', 0);
+	$show =  $_REQUEST['show'] ?? 0;
 	Nav::setSelected('notifications');
@ -98,9 +105,14 @@ function notifications_content(App $a)
 	if ((($a->argc > 1) && ($a->argv[1] == 'intros')) || (($a->argc == 1))) {
 		Nav::setSelected('introductions');
 		$id = 0;
 		if (!empty($a->argv[2]) && intval($a->argv[2]) != 0) {
 			$id = (int)$a->argv[2];
 		}
 		$all = (($a->argc > 2) && ($a->argv[2] == 'all'));
-		$notifs = $nm->introNotifs($all, $startrec, $perpage);
+		$notifs = $nm->introNotifs($all, $startrec, $perpage, $id);
 	// Get the network notifications
 	} elseif (($a->argc > 1) && ($a->argv[1] == 'network')) {
@ -146,7 +158,7 @@ function notifications_content(App $a)
 	];
 	// Process the data for template creation
-	if (defaults($notifs, 'ident', '') === 'introductions') {
+	if (($notifs['ident'] ?? '') == 'introductions') {
 		$sugg = Renderer::getMarkupTemplate('suggestions.tpl');
 		$tpl = Renderer::getMarkupTemplate('intros.tpl');
--- a/mod/openid.php
+++ b/mod/openid.php
@ -13,21 +13,20 @@ use Friendica\Util\Strings;
 function openid_content(App $a) {
-	$noid = Config::get('system','no_openid');
+	if (Config::get('system','no_openid')) {
 	if($noid)
 		$a->internalRedirect();
 	}
 	Logger::log('mod_openid ' . print_r($_REQUEST,true), Logger::DATA);
-	if(!empty($_GET['openid_mode']) && !empty($_SESSION['openid'])) {
+	if (!empty($_GET['openid_mode']) && !empty($_SESSION['openid'])) {
 		$openid = new LightOpenID($a->getHostName());
-		if($openid->validate()) {
+		if ($openid->validate()) {
 			$authid = $openid->identity;
-			$authid = $_REQUEST['openid_identity'];
+			if (empty($authid)) {
 			if(! strlen($authid)) {
 				Logger::log(L10n::t('OpenID protocol error. No ID returned.') . EOL);
 				$a->internalRedirect();
 			}
@ -37,22 +36,16 @@ function openid_content(App $a) {
 			//       mod/settings.php in 8367cad so it might have left mixed
 			//       records in the user table
 			//
-			$r = q("SELECT *
+			$condition = ['blocked' => false, 'account_expired' => false, 'account_removed' => false, 'verified' => true,
-				FROM `user`
+				'openid' => [$authid, Strings::normaliseOpenID($authid)]];
-				WHERE ( `openid` = '%s' OR `openid` = '%s' )
+			$user  = DBA::selectFirst('user', [], $condition);
-				AND `blocked` = 0 AND `account_expired` = 0
+			if (DBA::isResult($user)) {
 				AND `account_removed` = 0 AND `verified` = 1
 				LIMIT 1",
 				DBA::escape($authid), DBA::escape(Strings::normaliseOpenID($authid))
 			);
 			if (DBA::isResult($r)) {
 				// successful OpenID login
 				unset($_SESSION['openid']);
-				Session::setAuthenticatedForUser($a, $r[0],true,true);
+				Session::setAuthenticatedForUser($a, $user, true, true);
 				// just in case there was no return url set
 				// and we fell through
@ -76,10 +69,10 @@ function openid_content(App $a) {
 					if ($k === 'namePerson/friendly') {
 						$nick = Strings::escapeTags(trim($v));
 					}
-					if($k === 'namePerson/first') {
+					if ($k === 'namePerson/first') {
 						$first = Strings::escapeTags(trim($v));
 					}
-					if($k === 'namePerson') {
+					if ($k === 'namePerson') {
 						$args .= '&username=' . urlencode(Strings::escapeTags(trim($v)));
 					}
 					if ($k === 'contact/email') {
@ -95,15 +88,13 @@ function openid_content(App $a) {
 			}
 			if (!empty($nick)) {
 				$args .= '&nickname=' . urlencode($nick);
-			}
+			} elseif (!empty($first)) {
 			elseif (!empty($first)) {
 				$args .= '&nickname=' . urlencode($first);
 			}
 			if (!empty($photosq)) {
 				$args .= '&photo=' . urlencode($photosq);
-			}
+			} elseif (!empty($photo)) {
 			elseif (!empty($photo)) {
 				$args .= '&photo=' . urlencode($photo);
 			}
--- a/mod/photos.php
+++ b/mod/photos.php
@ -15,6 +15,7 @@ use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\Group;
@ -35,11 +36,7 @@ use Friendica\Util\XML;
 function photos_init(App $a) {
-	if ($a->argc > 1) {
+	if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
 		DFRN::autoRedir($a, $a->argv[1]);
 	}
 	if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
 		return;
 	}
@ -66,14 +63,14 @@ function photos_init(App $a) {
 		$vcard_widget = Renderer::replaceMacros($tpl, [
 			'$name' => $profile['name'],
 			'$photo' => $profile['photo'],
-			'$addr' => defaults($profile, 'addr', ''),
+			'$addr' => $profile['addr'] ?? '',
 			'$account_type' => $account_type,
-			'$pdesc' => defaults($profile, 'pdesc', ''),
+			'$pdesc' => $profile['pdesc'] ?? '',
 		]);
 		$albums = Photo::getAlbums($a->data['user']['uid']);
-		$albums_visible = ((intval($a->data['user']['hidewall']) && !local_user() && !remote_user()) ? false : true);
+		$albums_visible = ((intval($a->data['user']['hidewall']) && !Session::isAuthenticated()) ? false : true);
 		// add various encodings to the array so we can just loop through and pick them out in a template
 		$ret = ['success' => false];
@ -88,7 +85,7 @@ function photos_init(App $a) {
 			$ret['albums'] = [];
 			foreach ($albums as $k => $album) {
 				//hide profile photos to others
-				if (!$is_owner && !remote_user() && ($album['album'] == L10n::t('Profile Photos')))
+				if (!$is_owner && !Session::getRemoteContactID($a->profile_uid) && ($album['album'] == L10n::t('Profile Photos')))
 					continue;
 				$entry = [
 					'text'      => $album['album'],
@ -154,24 +151,10 @@ function photos_post(App $a)
 	if (local_user() && (local_user() == $page_owner_uid)) {
 		$can_post = true;
-	} elseif ($community_page && remote_user()) {
+	} elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
-		$contact_id = 0;
+		$contact_id = Session::getRemoteContactID($page_owner_uid);
-
+		$can_post = true;
-		if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
+		$visitor = $contact_id;
 			foreach ($_SESSION['remote'] as $v) {
 				if ($v['uid'] == $page_owner_uid) {
 					$contact_id = $v['cid'];
 					break;
 				}
 			}
 		}
 		if ($contact_id > 0) {
 			if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
 				$can_post = true;
 				$visitor = $contact_id;
 			}
 		}
 	}
 	if (!$can_post) {
@ -647,10 +630,10 @@ function photos_post(App $a)
 		$visible = 0;
 	}
-	$group_allow   = defaults($_REQUEST, 'group_allow'  , []);
+	$group_allow   = $_REQUEST['group_allow']   ?? [];
-	$contact_allow = defaults($_REQUEST, 'contact_allow', []);
+	$contact_allow = $_REQUEST['contact_allow'] ?? [];
-	$group_deny    = defaults($_REQUEST, 'group_deny'   , []);
+	$group_deny    = $_REQUEST['group_deny']    ?? [];
-	$contact_deny  = defaults($_REQUEST, 'contact_deny' , []);
+	$contact_deny  = $_REQUEST['contact_deny']  ?? [];
 	$str_group_allow   = perms2str(is_array($group_allow)   ? $group_allow   : explode(',', $group_allow));
 	$str_contact_allow = perms2str(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow));
@ -683,7 +666,7 @@ function photos_post(App $a)
 				notice(L10n::t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL);
 				break;
 			case UPLOAD_ERR_FORM_SIZE:
-				notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
+				notice(L10n::t('Image exceeds size limit of %s', Strings::formatBytes($_REQUEST['MAX_FILE_SIZE'] ?? 0)) . EOL);
 				break;
 			case UPLOAD_ERR_PARTIAL:
 				notice(L10n::t('Image upload didn\'t complete, please try again') . EOL);
@ -846,7 +829,7 @@ function photos_content(App $a)
 	// photos/name/image/xxxxx/edit
 	// photos/name/image/xxxxx/drop
-	if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
+	if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
 		notice(L10n::t('Public access denied.') . EOL);
 		return;
 	}
@ -892,50 +875,24 @@ function photos_content(App $a)
 	if (local_user() && (local_user() == $owner_uid)) {
 		$can_post = true;
-	} else {
+	} elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) {
-		if ($community_page && remote_user()) {
+		$contact_id = Session::getRemoteContactID($owner_uid);
-			if (is_array($_SESSION['remote'])) {
+		$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
 				foreach ($_SESSION['remote'] as $v) {
 					if ($v['uid'] == $owner_uid) {
 						$contact_id = $v['cid'];
 						break;
 					}
 				}
 			}
-			if ($contact_id) {
+		if (DBA::isResult($contact)) {
-				$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
+			$can_post = true;
-
+			$remote_contact = true;
-				if (DBA::isResult($contact)) {
+			$visitor = $contact_id;
 					$can_post = true;
 					$remote_contact = true;
 					$visitor = $contact_id;
 				}
 			}
 		}
 	}
 	$groups = [];
 	// perhaps they're visiting - but not a community page, so they wouldn't have write access
-	if (remote_user() && !$visitor) {
+	if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) {
-		$contact_id = 0;
+		$contact_id = Session::getRemoteContactID($owner_uid);
 		if (is_array($_SESSION['remote'])) {
 			foreach ($_SESSION['remote'] as $v) {
 				if ($v['uid'] == $owner_uid) {
 					$contact_id = $v['cid'];
 					break;
 				}
 			}
 		}
-		if ($contact_id) {
+		$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
 			$groups = Group::getIdsByContactId($contact_id);
-			$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
+		$remote_contact = DBA::isResult($contact);
 			$remote_contact = DBA::isResult($contact);
 		}
 	}
 	if (!$remote_contact && local_user()) {
@ -948,7 +905,7 @@ function photos_content(App $a)
 		return;
 	}
-	$sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+	$sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
 	$o = "";
@ -1049,7 +1006,7 @@ function photos_content(App $a)
 		$pager = new Pager($a->query_string, 20);
 		/// @TODO I have seen this many times, maybe generalize it script-wide and encapsulate it?
-		$order_field = defaults($_GET, 'order', '');
+		$order_field = $_GET['order'] ?? '';
 		if ($order_field === 'posted') {
 			$order = 'ASC';
 		} else {
@ -1201,7 +1158,7 @@ function photos_content(App $a)
 		 * By now we hide it if someone wants to.
 		 */
 		if ($cmd === 'view' && !Config::get('system', 'no_count', false)) {
-			$order_field = defaults($_GET, 'order', '');
+			$order_field = $_GET['order'] ?? '';
 			if ($order_field === 'posted') {
 				$order = 'ASC';
@ -1607,7 +1564,7 @@ function photos_content(App $a)
 		$twist = false;
 		foreach ($r as $rr) {
 			//hide profile photos to others
-			if (!$is_owner && !remote_user() && ($rr['album'] == L10n::t('Profile Photos'))) {
+			if (!$is_owner && !Session::getRemoteContactID($owner_uid) && ($rr['album'] == L10n::t('Profile Photos'))) {
 				continue;
 			}
--- a/mod/poco.php
+++ b/mod/poco.php
@ -36,7 +36,7 @@ function poco_init(App $a) {
 		$system_mode = true;
 	}
-	$format = defaults($_GET, 'format', 'json');
+	$format = ($_GET['format'] ?? '') ?: 'json';
 	$justme = false;
 	$global = false;
--- a/mod/profiles.php
+++ b/mod/profiles.php
@ -594,7 +594,7 @@ function profiles_content(App $a) {
 			'$default' => (($is_default) ? '<p id="profile-edit-default-desc">' . L10n::t('This is your <strong>public</strong> profile.<br />It <strong>may</strong> be visible to anybody using the internet.') . '</p>' : ""),
 			'$name' => ['name', L10n::t('Your Full Name:'), $r[0]['name']],
 			'$pdesc' => ['pdesc', L10n::t('Title/Description:'), $r[0]['pdesc']],
-			'$dob' => Temporal::getDateofBirthField($r[0]['dob']),
+			'$dob' => Temporal::getDateofBirthField($r[0]['dob'], $a->user['timezone']),
 			'$hide_friends' => $hide_friends,
 			'$address' => ['address', L10n::t('Street Address:'), $r[0]['address']],
 			'$locality' => ['locality', L10n::t('Locality/City:'), $r[0]['locality']],
--- a/mod/pubsub.php
+++ b/mod/pubsub.php
@ -33,10 +33,10 @@ function pubsub_init(App $a)
 	$contact_id = (($a->argc > 2) ? intval($a->argv[2])       : 0 );
 	if ($_SERVER['REQUEST_METHOD'] === 'GET') {
-		$hub_mode      = Strings::escapeTags(trim(defaults($_GET, 'hub_mode', '')));
+		$hub_mode      = Strings::escapeTags(trim($_GET['hub_mode'] ?? ''));
-		$hub_topic     = Strings::escapeTags(trim(defaults($_GET, 'hub_topic', '')));
+		$hub_topic     = Strings::escapeTags(trim($_GET['hub_topic'] ?? ''));
-		$hub_challenge = Strings::escapeTags(trim(defaults($_GET, 'hub_challenge', '')));
+		$hub_challenge = Strings::escapeTags(trim($_GET['hub_challenge'] ?? ''));
-		$hub_verify    = Strings::escapeTags(trim(defaults($_GET, 'hub_verify_token', '')));
+		$hub_verify    = Strings::escapeTags(trim($_GET['hub_verify_token'] ?? ''));
 		Logger::log('Subscription from ' . $_SERVER['REMOTE_ADDR'] . ' Mode: ' . $hub_mode . ' Nick: ' . $nick);
 		Logger::log('Data: ' . print_r($_GET,true), Logger::DATA);
--- a/mod/redir.php
+++ b/mod/redir.php
@ -13,18 +13,18 @@ use Friendica\Util\Strings;
 function redir_init(App $a) {
-	$url = defaults($_GET, 'url', '');
+	$url = $_GET['url'] ?? '';
 	$quiet = !empty($_GET['quiet']) ? '&quiet=1' : '';
 	$con_url = defaults($_GET, 'conurl', '');
 	if ($a->argc > 1 && intval($a->argv[1])) {
 		$cid = intval($a->argv[1]);
 	} elseif (local_user() && !empty($con_url)) {
 		$cid = Contact::getIdForURL($con_url, local_user());
 	} else {
 		$cid = 0;
 	}
 	// Try magic auth before the legacy stuff
 	redir_magic($a, $cid, $url);
 	if (!empty($cid)) {
 		$fields = ['id', 'uid', 'nurl', 'url', 'addr', 'name', 'network', 'poll', 'issued-id', 'dfrn-id', 'duplex', 'pending'];
 		$contact = DBA::selectFirst('contact', $fields, ['id' => $cid, 'uid' => [0, local_user()]]);
@ -35,10 +35,10 @@ function redir_init(App $a) {
 		$contact_url = $contact['url'];
-		if ((!local_user() && !remote_user()) // Visitors (not logged in or not remotes) can't authenticate.
+		if (!Session::isAuthenticated() // Visitors (not logged in or not remotes) can't authenticate.
 			|| (!empty($a->contact['id']) && $a->contact['id'] == $cid)) // Local user is already authenticated.
 		{
-			$a->redirect(defaults($url, $contact_url));
+			$a->redirect($url ?: $contact_url);
 		}
 		if ($contact['uid'] == 0 && local_user()) {
@ -52,7 +52,7 @@ function redir_init(App $a) {
 			if (!empty($a->contact['id']) && $a->contact['id'] == $cid) {
 				// Local user is already authenticated.
-				$target_url = defaults($url, $contact_url);
+				$target_url = $url ?: $contact_url;
 				Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
 				$a->redirect($target_url);
 			}
@ -66,34 +66,16 @@ function redir_init(App $a) {
 			// with the local contact. Otherwise the local user would ask the local contact
 			// for authentification everytime he/she is visiting a profile page of the local
 			// contact.
-			if ($host == $remotehost
+			if (($host == $remotehost) && (Session::getRemoteContactID(Session::get('visitor_visiting')) == Session::get('visitor_id'))) {
-				&& !empty($_SESSION['remote'])
+				// Remote user is already authenticated.
-				&& is_array($_SESSION['remote']))
+				$target_url = $url ?: $contact_url;
-			{
+				Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
-				foreach ($_SESSION['remote'] as $v) {
+				$a->redirect($target_url);
 					if (!empty($v['uid']) && !empty($v['cid']) &&
 					    $v['uid'] == Session::get('visitor_visiting') &&
 					    $v['cid'] == Session::get('visitor_id')) {
 						// Remote user is already authenticated.
 						$target_url = defaults($url, $contact_url);
 						Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
 						$a->redirect($target_url);
 					}
 				}
 			}
 		}
 		// When the remote page does support OWA, then we enforce the use of it
 		$basepath = Contact::getBasepath($contact_url);
 		if (Strings::compareLink($basepath, System::baseUrl())) {
 			$use_magic = true;
 		} else {
 			$serverret = Network::curl($basepath . '/magic');
 			$use_magic = $serverret->isSuccess();
 		}
 		// Doing remote auth with dfrn.
-		if (local_user() && !$use_magic && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) {
+		if (local_user() && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) {
 			$dfrn_id = $orig_id = (($contact['issued-id']) ? $contact['issued-id'] : $contact['dfrn-id']);
 			if ($contact['duplex'] && $contact['issued-id']) {
@ -119,7 +101,7 @@ function redir_init(App $a) {
 				. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest . $quiet);
 		}
-		$url = defaults($url, $contact_url);
+		$url = $url ?: $contact_url;
 	}
 	// If we don't have a connected contact, redirect with
@ -140,3 +122,46 @@ function redir_init(App $a) {
 	notice(L10n::t('Contact not found.'));
 	$a->internalRedirect();
 }
 function redir_magic($a, $cid, $url)
 {
 	$visitor = Profile::getMyURL();
 	if (!empty($visitor)) {
 		Logger::info('Got my url', ['visitor' => $visitor]);
 	}
 	$contact = DBA::selectFirst('contact', ['url'], ['id' => $cid]);
 	if (!DBA::isResult($contact)) {
 		Logger::info('Contact not found', ['id' => $cid]);
 		// Shouldn't happen under normal conditions
 		notice(L10n::t('Contact not found.'));
 		if (!empty($url)) {
 			$a->redirect($url);
 		} else {
 			$a->internalRedirect();
 		}
 	} else {
 		$contact_url = $contact['url'];
 		$target_url = $url ?: $contact_url;
 	}
 	$basepath = Contact::getBasepath($contact_url);
 	// We don't use magic auth when there is no visitor, we are on the same system or we visit our own stuff
 	if (empty($visitor) || Strings::compareLink($basepath, System::baseUrl()) || Strings::compareLink($contact_url, $visitor)) {
 		Logger::info('Redirecting without magic', ['target' => $target_url, 'visitor' => $visitor, 'contact' => $contact_url]);
 		$a->redirect($target_url);
 	}
 	// Test for magic auth on the target system
 	$serverret = Network::curl($basepath . '/magic');
 	if ($serverret->isSuccess()) {
 		$separator = strpos($target_url, '?') ? '&' : '?';
 		$target_url .= $separator . 'zrl=' . urlencode($visitor) . '&addr=' . urlencode($contact_url);
 		Logger::info('Redirecting with magic', ['target' => $target_url, 'visitor' => $visitor, 'contact' => $contact_url]);
 		$a->redirect($target_url);
 	} else {
 		Logger::info('No magic for contact', ['contact' => $contact_url]);
 	}
 }
--- a/mod/regmod.php
+++ b/mod/regmod.php
@ -44,7 +44,7 @@ function user_allow($hash)
 		$user,
 		Config::get('config', 'sitename'),
 		$a->getBaseUrl(),
-		defaults($register, 'password', 'Sent in a previous email')
+		($register['password'] ?? '') ?: 'Sent in a previous email'
 	);
 	L10n::popLang();
--- a/mod/search.php
+++ b/mod/search.php
@ -1,245 +0,0 @@
 <?php
 /**
 * @file mod/search.php
 */
 use Friendica\App;
 use Friendica\Content\Nav;
 use Friendica\Content\Pager;
 use Friendica\Content\Text\HTML;
 use Friendica\Core\Cache;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 use Friendica\Core\Renderer;
 use Friendica\Database\DBA;
 use Friendica\Model\Item;
 use Friendica\Module\BaseSearchModule;
 use Friendica\Util\Strings;
 function search_saved_searches() {
 	$o = '';
 	$search = (!empty($_GET['search']) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
 	$r = q("SELECT `id`,`term` FROM `search` WHERE `uid` = %d",
 		intval(local_user())
 	);
 	if (DBA::isResult($r)) {
 		$saved = [];
 		foreach ($r as $rr) {
 			$saved[] = [
 				'id'		=> $rr['id'],
 				'term'		=> $rr['term'],
 				'encodedterm'	=> urlencode($rr['term']),
 				'delete'	=> L10n::t('Remove term'),
 				'selected'	=> ($search==$rr['term']),
 			];
 		}
 		$tpl = Renderer::getMarkupTemplate("saved_searches_aside.tpl");
 		$o .= Renderer::replaceMacros($tpl, [
 			'$title'	=> L10n::t('Saved Searches'),
 			'$add'		=> '',
 			'$searchbox'	=> '',
 			'$saved' 	=> $saved,
 		]);
 	}
 	return $o;
 }
 function search_init(App $a) {
 	$search = (!empty($_GET['search']) ? Strings::escapeTags(trim(rawurldecode($_GET['search']))) : '');
 	if (local_user()) {
 		if (!empty($_GET['save']) && $search) {
 			$r = q("SELECT * FROM `search` WHERE `uid` = %d AND `term` = '%s' LIMIT 1",
 				intval(local_user()),
 				DBA::escape($search)
 			);
 			if (!DBA::isResult($r)) {
 				DBA::insert('search', ['uid' => local_user(), 'term' => $search]);
 			}
 		}
 		if (!empty($_GET['remove']) && $search) {
 			DBA::delete('search', ['uid' => local_user(), 'term' => $search]);
 		}
 		/// @todo Check if there is a case at all that "aside" is prefilled here
 		if (!isset($a->page['aside'])) {
 			$a->page['aside'] = '';
 		}
 		$a->page['aside'] .= search_saved_searches();
 	} else {
 		unset($_SESSION['theme']);
 		unset($_SESSION['mobile-theme']);
 	}
 }
 function search_content(App $a) {
 	if (Config::get('system','block_public') && !local_user() && !remote_user()) {
 		notice(L10n::t('Public access denied.') . EOL);
 		return;
 	}
 	if (Config::get('system','local_search') && !local_user() && !remote_user()) {
 		$e = new \Friendica\Network\HTTPException\ForbiddenException(L10n::t("Only logged in users are permitted to perform a search."));
 		$e->httpdesc = L10n::t("Public access denied.");
 		throw $e;
 	}
 	if (Config::get('system','permit_crawling') && !local_user() && !remote_user()) {
 		// Default values:
 		// 10 requests are "free", after the 11th only a call per minute is allowed
 		$free_crawls = intval(Config::get('system','free_crawls'));
 		if ($free_crawls == 0)
 			$free_crawls = 10;
 		$crawl_permit_period = intval(Config::get('system','crawl_permit_period'));
 		if ($crawl_permit_period == 0)
 			$crawl_permit_period = 10;
 		$remote = $_SERVER["REMOTE_ADDR"];
 		$result = Cache::get("remote_search:".$remote);
 		if (!is_null($result)) {
 			$resultdata = json_decode($result);
 			if (($resultdata->time > (time() - $crawl_permit_period)) && ($resultdata->accesses > $free_crawls)) {
 				throw new \Friendica\Network\HTTPException\TooManyRequestsException(L10n::t("Only one search per minute is permitted for not logged in users."));
 			}
 			Cache::set("remote_search:".$remote, json_encode(["time" => time(), "accesses" => $resultdata->accesses + 1]), Cache::HOUR);
 		} else
 			Cache::set("remote_search:".$remote, json_encode(["time" => time(), "accesses" => 1]), Cache::HOUR);
 	}
 	Nav::setSelected('search');
 	$search = (!empty($_REQUEST['search']) ? Strings::escapeTags(trim(rawurldecode($_REQUEST['search']))) : '');
 	$tag = false;
 	if (!empty($_GET['tag'])) {
 		$tag = true;
 		$search = (!empty($_GET['tag']) ? '#' . Strings::escapeTags(trim(rawurldecode($_GET['tag']))) : '');
 	}
 	// contruct a wrapper for the search header
 	$o = Renderer::replaceMacros(Renderer::getMarkupTemplate("content_wrapper.tpl"),[
 		'name' => "search-header",
 		'$title' => L10n::t("Search"),
 		'$title_size' => 3,
 		'$content' => HTML::search($search,'search-box','search', false)
 	]);
 	if (strpos($search,'#') === 0) {
 		$tag = true;
 		$search = substr($search,1);
 	}
 	if (strpos($search,'@') === 0) {
 		return BaseSearchModule::performSearch();
 	}
 	if (strpos($search,'!') === 0) {
 		return BaseSearchModule::performSearch();
 	}
 	if (parse_url($search, PHP_URL_SCHEME) != '') {
 		$id = Item::fetchByLink($search);
 		if (!empty($id)) {
 			$item = Item::selectFirst(['guid'], ['id' => $id]);
 			if (DBA::isResult($item)) {
 				$a->internalRedirect('display/' . $item['guid']);
 			}
 		}
 	}
 	if (!empty($_GET['search-option']))
 		switch($_GET['search-option']) {
 			case 'fulltext':
 				break;
 			case 'tags':
 				$tag = true;
 				break;
 			case 'contacts':
 				return BaseSearchModule::performSearch('@');
 			case 'forums':
 				return BaseSearchModule::performSearch('!');
 		}
 	if (!$search)
 		return $o;
 	if (Config::get('system','only_tag_search'))
 		$tag = true;
 	// Here is the way permissions work in the search module...
 	// Only public posts can be shown
 	// OR your own posts if you are a logged in member
 	// No items will be shown if the member has a blocked profile wall.
 	$pager = new Pager($a->query_string);
 	if ($tag) {
 		Logger::log("Start tag search for '".$search."'", Logger::DEBUG);
 		$condition = ["(`uid` = 0 OR (`uid` = ? AND NOT `global`))
 			AND `otype` = ? AND `type` = ? AND `term` = ?",
 			local_user(), TERM_OBJ_POST, TERM_HASHTAG, $search];
 		$params = ['order' => ['received' => true],
 			'limit' => [$pager->getStart(), $pager->getItemsPerPage()]];
 		$terms = DBA::select('term', ['oid'], $condition, $params);
 		$itemids = [];
 		while ($term = DBA::fetch($terms)) {
 			$itemids[] = $term['oid'];
 		}
 		DBA::close($terms);
 		if (!empty($itemids)) {
 			$params = ['order' => ['id' => true]];
 			$items = Item::selectForUser(local_user(), [], ['id' => $itemids], $params);
 			$r = Item::inArray($items);
 		} else {
 			$r = [];
 		}
 	} else {
 		Logger::log("Start fulltext search for '".$search."'", Logger::DEBUG);
 		$condition = ["(`uid` = 0 OR (`uid` = ? AND NOT `global`))
 			AND `body` LIKE CONCAT('%',?,'%')",
 			local_user(), $search];
 		$params = ['order' => ['id' => true],
 			'limit' => [$pager->getStart(), $pager->getItemsPerPage()]];
 		$items = Item::selectForUser(local_user(), [], $condition, $params);
 		$r = Item::inArray($items);
 	}
 	if (!DBA::isResult($r)) {
 		info(L10n::t('No results.') . EOL);
 		return $o;
 	}
 	if ($tag) {
 		$title = L10n::t('Items tagged with: %s', $search);
 	} else {
 		$title = L10n::t('Results for: %s', $search);
 	}
 	$o .= Renderer::replaceMacros(Renderer::getMarkupTemplate("section_title.tpl"),[
 		'$title' => $title
 	]);
 	Logger::log("Start Conversation for '".$search."'", Logger::DEBUG);
 	$o .= conversation($a, $r, $pager, 'search', false, false, 'commented', local_user());
 	$o .= $pager->renderMinimal(count($r));
 	Logger::log("Done '".$search."'", Logger::DEBUG);
 	return $o;
 }
--- a/mod/settings.php
+++ b/mod/settings.php
@ -35,7 +35,7 @@ function get_theme_config_file($theme)
 	$theme = Strings::sanitizeFilePathItem($theme);
 	$a = \get_app();
-	$base_theme = defaults($a->theme_info, 'extends');
+	$base_theme = $a->theme_info['extends'] ?? '';
 	if (file_exists("view/theme/$theme/config.php")) {
 		return "view/theme/$theme/config.php";
@ -115,8 +115,8 @@ function settings_init(App $a)
 	$tabs[] =	[
 		'label'	=> L10n::t('Delegations'),
-		'url' 	=> 'delegate',
+		'url' 	=> 'settings/delegation',
-		'selected'	=> (($a->argc == 1) && ($a->argv[0] === 'delegate')?'active':''),
+		'selected'	=> (($a->argc > 1) && ($a->argv[1] === 'delegation')?'active':''),
 		'accesskey' => 'd',
 	];
@ -180,11 +180,11 @@ function settings_post(App $a)
 	if (($a->argc > 2) && ($a->argv[1] === 'oauth')  && ($a->argv[2] === 'edit'||($a->argv[2] === 'add')) && !empty($_POST['submit'])) {
 		BaseModule::checkFormSecurityTokenRedirectOnError('/settings/oauth', 'settings_oauth');
-		$name     = defaults($_POST, 'name'    , '');
+		$name     = $_POST['name']     ?? '';
-		$key      = defaults($_POST, 'key'     , '');
+		$key      = $_POST['key']      ?? '';
-		$secret   = defaults($_POST, 'secret'  , '');
+		$secret   = $_POST['secret']   ?? '';
-		$redirect = defaults($_POST, 'redirect', '');
+		$redirect = $_POST['redirect'] ?? '';
-		$icon     = defaults($_POST, 'icon'    , '');
+		$icon     = $_POST['icon']     ?? '';
 		if ($name == "" || $key == "" || $secret == "") {
 			notice(L10n::t("Missing some important data!"));
@ -241,24 +241,21 @@ function settings_post(App $a)
 			PConfig::set(local_user(), 'ostatus', 'default_group', $_POST['group-selection']);
 			PConfig::set(local_user(), 'ostatus', 'legacy_contact', $_POST['legacy_contact']);
 		} elseif (!empty($_POST['imap-submit'])) {
 			$mail_server       =                 $_POST['mail_server']       ?? '';
 			$mail_port         =                 $_POST['mail_port']         ?? '';
 			$mail_ssl          = strtolower(trim($_POST['mail_ssl']          ?? ''));
 			$mail_user         =                 $_POST['mail_user']         ?? '';
 			$mail_pass         =            trim($_POST['mail_pass']         ?? '');
 			$mail_action       =            trim($_POST['mail_action']       ?? '');
 			$mail_movetofolder =            trim($_POST['mail_movetofolder'] ?? '');
 			$mail_replyto      =                 $_POST['mail_replyto']      ?? '';
 			$mail_pubmail      =                 $_POST['mail_pubmail']      ?? '';
-			$mail_server       = defaults($_POST, 'mail_server', '');
+			if (
-			$mail_port         = defaults($_POST, 'mail_port', '');
+				!Config::get('system', 'dfrn_only')
-			$mail_ssl          = (!empty($_POST['mail_ssl']) ? strtolower(trim($_POST['mail_ssl'])) : '');
+				&& function_exists('imap_open')
-			$mail_user         = defaults($_POST, 'mail_user', '');
+				&& !Config::get('system', 'imap_disabled')
-			$mail_pass         = (!empty($_POST['mail_pass']) ? trim($_POST['mail_pass']) : '');
+			) {
 			$mail_action       = (!empty($_POST['mail_action']) ? trim($_POST['mail_action']) : '');
 			$mail_movetofolder = (!empty($_POST['mail_movetofolder']) ? trim($_POST['mail_movetofolder']) : '');
 			$mail_replyto      = defaults($_POST, 'mail_replyto', '');
 			$mail_pubmail      = defaults($_POST, 'mail_pubmail', '');
 			$mail_disabled = ((function_exists('imap_open') && (!Config::get('system', 'imap_disabled'))) ? 0 : 1);
 			if (Config::get('system', 'dfrn_only')) {
 				$mail_disabled = 1;
 			}
 			if (!$mail_disabled) {
 				$failed = false;
 				$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1",
 					intval(local_user())
@ -1092,7 +1089,7 @@ function settings_content(App $a)
 	if (strlen(Config::get('system', 'directory'))) {
 		$profile_in_net_dir = Renderer::replaceMacros($opt_tpl, [
-			'$field' => ['profile_in_netdirectory', L10n::t('Publish your default profile in the global social directory?'), $profile['net-publish'], L10n::t('Your profile will be published in the global friendica directories (e.g. <a href="%s">%s</a>). Your profile will be visible in public.', Config::get('system', 'directory'), Config::get('system', 'directory')), [L10n::t('No'), L10n::t('Yes')]]
+			'$field' => ['profile_in_netdirectory', L10n::t('Publish your default profile in the global social directory?'), $profile['net-publish'], L10n::t('Your profile will be published in the global friendica directories (e.g. <a href="%s">%s</a>). Your profile will be visible in public.', Config::get('system', 'directory'), Config::get('system', 'directory'))	. " " . L10n::t("This setting also determines whether Friendica will inform search engines that your profile should be indexed or not. Third-party search engines may or may not respect this setting."), [L10n::t('No'), L10n::t('Yes')]]
 		]);
 	} else {
 		$profile_in_net_dir = '';
--- a/mod/subthread.php
+++ b/mod/subthread.php
@ -6,6 +6,7 @@ use Friendica\App;
 use Friendica\Core\Hook;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 use Friendica\Core\Session;
 use Friendica\Core\System;
 use Friendica\Database\DBA;
 use Friendica\Model\Item;
@ -15,7 +16,7 @@ use Friendica\Util\XML;
 function subthread_content(App $a) {
-	if (!local_user() && !remote_user()) {
+	if (!Session::isAuthenticated()) {
 		return;
 	}
--- a/mod/tagger.php
+++ b/mod/tagger.php
@ -7,6 +7,7 @@ use Friendica\Core\Hook;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
 use Friendica\Model\Item;
@ -16,7 +17,7 @@ use Friendica\Worker\Delivery;
 function tagger_content(App $a) {
-	if (!local_user() && !remote_user()) {
+	if (!Session::isAuthenticated()) {
 		return;
 	}
--- a/mod/tagrm.php
+++ b/mod/tagrm.php
@ -22,11 +22,11 @@ function tagrm_post(App $a)
 	}
 	$tags = [];
-	foreach (defaults($_POST, 'tag', []) as $tag) {
+	foreach ($_POST['tag'] ?? [] as $tag) {
 		$tags[] = hex2bin(Strings::escapeTags(trim($tag)));
 	}
-	$item_id = defaults($_POST,'item', 0);
+	$item_id = $_POST['item'] ?? 0;
 	update_tags($item_id, $tags);
 	info(L10n::t('Tag(s) removed') . EOL);
--- a/mod/uimport.php
+++ b/mod/uimport.php
@ -41,14 +41,6 @@ function uimport_content(App $a)
 		}
 	}
 	if (!empty($_SESSION['theme'])) {
 		unset($_SESSION['theme']);
 	}
 	if (!empty($_SESSION['mobile-theme'])) {
 		unset($_SESSION['mobile-theme']);
 	}
 	$tpl = Renderer::getMarkupTemplate("uimport.tpl");
 	return Renderer::replaceMacros($tpl, [
 		'$regbutt' => L10n::t('Import'),
--- a/mod/unfollow.php
+++ b/mod/unfollow.php
@ -25,7 +25,7 @@ function unfollow_post(App $a)
 	}
 	$uid = local_user();
-	$url = Strings::escapeTags(trim(defaults($_REQUEST, 'url', '')));
+	$url = Strings::escapeTags(trim($_REQUEST['url'] ?? ''));
 	$condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)",
 		$uid, Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url),
--- a/mod/videos.php
+++ b/mod/videos.php
@ -10,6 +10,7 @@ use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Model\Attach;
 use Friendica\Model\Contact;
@ -22,11 +23,7 @@ use Friendica\Util\Security;
 function videos_init(App $a)
 {
-	if ($a->argc > 1) {
+	if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
 		DFRN::autoRedir($a, $a->argv[1]);
 	}
 	if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
 		return;
 	}
@ -54,9 +51,9 @@ function videos_init(App $a)
 		$vcard_widget = Renderer::replaceMacros($tpl, [
 			'$name' => $profile['name'],
 			'$photo' => $profile['photo'],
-			'$addr' => defaults($profile, 'addr', ''),
+			'$addr' => $profile['addr'] ?? '',
 			'$account_type' => $account_type,
-			'$pdesc' => defaults($profile, 'pdesc', ''),
+			'$pdesc' => $profile['pdesc'] ?? '',
 		]);
 		// If not there, create 'aside' empty
@ -114,7 +111,7 @@ function videos_content(App $a)
 	// videos/name/video/xxxxx/edit
-	if ((Config::get('system', 'block_public')) && (!local_user()) && (!remote_user())) {
+	if (Config::get('system', 'block_public') && !Session::isAuthenticated()) {
 		notice(L10n::t('Public access denied.') . EOL);
 		return;
 	}
@ -154,64 +151,25 @@ function videos_content(App $a)
 	if ((local_user()) && (local_user() == $owner_uid)) {
 		$can_post = true;
-	} elseif ($community_page && remote_user()) {
+	} elseif ($community_page && !empty(Session::getRemoteContactID($owner_uid))) {
-		if (!empty($_SESSION['remote'])) {
+		$contact_id = Session::getRemoteContactID($owner_uid);
-			foreach ($_SESSION['remote'] as $v) {
+		$can_post = true;
-				if ($v['uid'] == $owner_uid) {
+		$remote_contact = true;
-					$contact_id = $v['cid'];
+		$visitor = $contact_id;
 					break;
 				}
 			}
 		}
 		if ($contact_id > 0) {
 			$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
 				intval($contact_id),
 				intval($owner_uid)
 			);
 			if (DBA::isResult($r)) {
 				$can_post = true;
 				$remote_contact = true;
 				$visitor = $contact_id;
 			}
 		}
 	}
 	$groups = [];
 	// perhaps they're visiting - but not a community page, so they wouldn't have write access
-	if (remote_user() && (!$visitor)) {
+	if (!empty(Session::getRemoteContactID($owner_uid)) && !$visitor) {
-		$contact_id = 0;
+		$contact_id = Session::getRemoteContactID($owner_uid);
-
+		$remote_contact = true;
 		if (!empty($_SESSION['remote'])) {
 			foreach($_SESSION['remote'] as $v) {
 				if($v['uid'] == $owner_uid) {
 					$contact_id = $v['cid'];
 					break;
 				}
 			}
 		}
 		if ($contact_id > 0) {
 			$groups = Group::getIdsByContactId($contact_id);
 			$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
 				intval($contact_id),
 				intval($owner_uid)
 			);
 			if (DBA::isResult($r)) {
 				$remote_contact = true;
 			}
 		}
 	}
-	if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && (!$remote_contact)) {
+	if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && !$remote_contact) {
 		notice(L10n::t('Access to this item is restricted.') . EOL);
 		return;
 	}
-	$sql_extra = Security::getPermissionsSQLByUserId($owner_uid, $remote_contact, $groups);
+	$sql_extra = Security::getPermissionsSQLByUserId($owner_uid);
 	$o = "";
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@ -6,6 +6,7 @@
 use Friendica\App;
 use Friendica\Core\Config;
 use Friendica\Core\L10n;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Model\Attach;
 use Friendica\Model\User;
@ -43,35 +44,21 @@ function wall_attach_post(App $a) {
 	$page_owner_cid   = $r[0]['id'];
 	$community_page   = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false);
-	if ((local_user()) && (local_user() == $page_owner_uid)) {
+	if (local_user() && (local_user() == $page_owner_uid)) {
 		$can_post = true;
-	} else {
+	} elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
-		if ($community_page && remote_user()) {
+		$contact_id = Session::getRemoteContactID($page_owner_uid);
-			$contact_id = 0;
+		$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
 			intval($contact_id),
 			intval($page_owner_uid)
 		);
-			if (is_array($_SESSION['remote'])) {
+		if (DBA::isResult($r)) {
-				foreach ($_SESSION['remote'] as $v) {
+			$can_post = true;
 					if ($v['uid'] == $page_owner_uid) {
 						$contact_id = $v['cid'];
 						break;
 					}
 				}
 			}
 			if ($contact_id > 0) {
 				$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
 					intval($contact_id),
 					intval($page_owner_uid)
 				);
 				if (DBA::isResult($r)) {
 					$can_post = true;
 				}
 			}
 		}
 	}
-	if (! $can_post) {
+	if (!$can_post) {
 		if ($r_json) {
 			echo json_encode(['error' => L10n::t('Permission denied.')]);
 			exit();
--- a/mod/wall_upload.php
+++ b/mod/wall_upload.php
@ -12,6 +12,7 @@ use Friendica\App;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Core\Config;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
@ -74,34 +75,21 @@ function wall_upload_post(App $a, $desktopmode = true)
 	if ((local_user()) && (local_user() == $page_owner_uid)) {
 		$can_post = true;
-	} else {
+	} elseif ($community_page && !empty(Session::getRemoteContactID($page_owner_uid))) {
-		if ($community_page && remote_user()) {
+		$contact_id = Session::getRemoteContactID($page_owner_uid);
 			$contact_id = 0;
 			if (is_array($_SESSION['remote'])) {
 				foreach ($_SESSION['remote'] as $v) {
 					if ($v['uid'] == $page_owner_uid) {
 						$contact_id = $v['cid'];
 						break;
 					}
 				}
 			}
-			if ($contact_id) {
+		$r = q("SELECT `uid` FROM `contact`
-				$r = q("SELECT `uid` FROM `contact`
+			WHERE `blocked` = 0 AND `pending` = 0
-					WHERE `blocked` = 0 AND `pending` = 0
+			AND `id` = %d AND `uid` = %d LIMIT 1",
-					AND `id` = %d AND `uid` = %d LIMIT 1",
+			intval($contact_id),
-					intval($contact_id),
+			intval($page_owner_uid)
-					intval($page_owner_uid)
+		);
-				);
+		if (DBA::isResult($r)) {
-				if (DBA::isResult($r)) {
+			$can_post = true;
-					$can_post = true;
+			$visitor = $contact_id;
 					$visitor = $contact_id;
 				}
 			}
 		}
 	}
 	if (!$can_post) {
 		if ($r_json) {
 			echo json_encode(['error' => L10n::t('Permission denied.')]);
--- a/mod/wallmessage.php
+++ b/mod/wallmessage.php
@ -131,8 +131,8 @@ function wallmessage_content(App $a) {
 		'$subject'    => L10n::t('Subject:'),
 		'$recipname'  => $user['username'],
 		'$nickname'   => $user['nickname'],
-		'$subjtxt'    => defaults($_REQUEST, 'subject', ''),
+		'$subjtxt'    => $_REQUEST['subject'] ?? '',
-		'$text'       => defaults($_REQUEST, 'body', ''),
+		'$text'       => $_REQUEST['body'] ?? '',
 		'$readonly'   => '',
 		'$yourmessage'=> L10n::t('Your message:'),
 		'$parent'     => '',
--- a/mods/sample-Lighttpd.config
+++ b/mods/sample-Lighttpd.config
@ -102,8 +102,8 @@ $HTTP["scheme"] == "https" {
        # Got the following 'Drupal Clean URL'after Mike suggested trying
        # something along those lines, from http://drupal.org/node/1414950
        url.rewrite-if-not-file = (
-            "^\/([^\?]*)\?(.*)$" => "/index.php?q=$1&$2",
+            "^\/([^\?]*)\?(.*)$" => "/index.php?pagename=$1&$2",
-            "^\/(.*)$" => "/index.php?q=$1"
+            "^\/(.*)$" => "/index.php?pagename=$1"
        )
    }
    else $HTTP["host"] !~ "(friendica.example.com|wordpress.example.com)" {
--- a/src/App.php
+++ b/src/App.php
@ -92,10 +92,10 @@ class App
 	 */
 	private $baseURL;
-	/**
+	/** @var string The name of the current theme */
 	 * @var string The name of the current theme
 	 */
 	private $currentTheme;
 	/** @var string The name of the current mobile theme */
 	private $currentMobileTheme;
 	/**
 	 * @var Configuration The config
@ -450,10 +450,10 @@ class App
 	}
 	/**
-	 * Returns the current theme name.
+	 * Returns the current theme name. May be overriden by the mobile theme name.
 	 *
-	 * @return string the name of the current theme
+	 * @return string
-	 * @throws HTTPException\InternalServerErrorException
+	 * @throws Exception
 	 */
 	public function getCurrentTheme()
 	{
@ -461,6 +461,16 @@ class App
 			return '';
 		}
 		// Specific mobile theme override
 		if (($this->mode->isMobile() || $this->mode->isTablet()) && Core\Session::get('show-mobile', true)) {
 			$user_mobile_theme = $this->getCurrentMobileTheme();
 			// --- means same mobile theme as desktop
 			if (!empty($user_mobile_theme) && $user_mobile_theme !== '---') {
 				return $user_mobile_theme;
 			}
 		}
 		if (!$this->currentTheme) {
 			$this->computeCurrentTheme();
 		}
@ -468,13 +478,37 @@ class App
 		return $this->currentTheme;
 	}
 	/**
 	 * Returns the current mobile theme name.
 	 *
 	 * @return string
 	 * @throws Exception
 	 */
 	public function getCurrentMobileTheme()
 	{
 		if ($this->mode->isInstall()) {
 			return '';
 		}
 		if (is_null($this->currentMobileTheme)) {
 			$this->computeCurrentMobileTheme();
 		}
 		return $this->currentMobileTheme;
 	}
 	public function setCurrentTheme($theme)
 	{
 		$this->currentTheme = $theme;
 	}
 	public function setCurrentMobileTheme($theme)
 	{
 		$this->currentMobileTheme = $theme;
 	}
 	/**
-	 * Computes the current theme name based on the node settings, the user settings and the device type
+	 * Computes the current theme name based on the node settings, the page owner settings and the user settings
 	 *
 	 * @throws Exception
 	 */
@ -486,7 +520,7 @@ class App
 		}
 		// Sane default
-		$this->currentTheme = $system_theme;
+		$this->setCurrentTheme($system_theme);
 		$page_theme = null;
 		// Find the theme that belongs to the user whose stuff we are looking at
@ -499,24 +533,7 @@ class App
 			}
 		}
-		$user_theme = Core\Session::get('theme', $system_theme);
+		$theme_name = $page_theme ?: Core\Session::get('theme', $system_theme);
 		// Specific mobile theme override
 		if (($this->is_mobile || $this->is_tablet) && Core\Session::get('show-mobile', true)) {
 			$system_mobile_theme = $this->config->get('system', 'mobile-theme');
 			$user_mobile_theme   = Core\Session::get('mobile-theme', $system_mobile_theme);
 			// --- means same mobile theme as desktop
 			if (!empty($user_mobile_theme) && $user_mobile_theme !== '---') {
 				$user_theme = $user_mobile_theme;
 			}
 		}
 		if ($page_theme) {
 			$theme_name = $page_theme;
 		} else {
 			$theme_name = $user_theme;
 		}
 		$theme_name = Strings::sanitizeFilePathItem($theme_name);
 		if ($theme_name
@ -524,7 +541,40 @@ class App
 		    && (file_exists('view/theme/' . $theme_name . '/style.css')
 		        || file_exists('view/theme/' . $theme_name . '/style.php'))
 		) {
-			$this->currentTheme = $theme_name;
+			$this->setCurrentTheme($theme_name);
 		}
 	}
 	/**
 	 * Computes the current mobile theme name based on the node settings, the page owner settings and the user settings
 	 */
 	private function computeCurrentMobileTheme()
 	{
 		$system_mobile_theme = $this->config->get('system', 'mobile-theme', '');
 		// Sane default
 		$this->setCurrentMobileTheme($system_mobile_theme);
 		$page_mobile_theme = null;
 		// Find the theme that belongs to the user whose stuff we are looking at
 		if ($this->profile_uid && ($this->profile_uid != local_user())) {
 			// Allow folks to override user themes and always use their own on their own site.
 			// This works only if the user is on the same server
 			if (!Core\PConfig::get(local_user(), 'system', 'always_my_theme')) {
 				$page_mobile_theme = Core\PConfig::get($this->profile_uid, 'system', 'mobile-theme');
 			}
 		}
 		$mobile_theme_name = $page_mobile_theme ?: Core\Session::get('mobile-theme', $system_mobile_theme);
 		$mobile_theme_name = Strings::sanitizeFilePathItem($mobile_theme_name);
 		if ($mobile_theme_name == '---'
 			||
 			in_array($mobile_theme_name, Theme::getAllowedList())
 			&& (file_exists('view/theme/' . $mobile_theme_name . '/style.css')
 				|| file_exists('view/theme/' . $mobile_theme_name . '/style.php'))
 		) {
 			$this->setCurrentMobileTheme($mobile_theme_name);
 		}
 	}
@ -534,7 +584,7 @@ class App
 	 * Provide a sane default if nothing is chosen or the specified theme does not exist.
 	 *
 	 * @return string
-	 * @throws HTTPException\InternalServerErrorException
+	 * @throws Exception
 	 */
 	public function getCurrentThemeStylesheetPath()
 	{
@ -587,7 +637,11 @@ class App
 	 *
 	 * This probably should change to limit the size of this monster method.
 	 *
-	 * @param App\Module $module The determined module
+	 * @param App\Module     $module The determined module
 	 * @param App\Router     $router
 	 * @param PConfiguration $pconfig
 	 * @throws HTTPException\InternalServerErrorException
 	 * @throws \ImagickException
 	 */
 	public function runFrontend(App\Module $module, App\Router $router, PConfiguration $pconfig)
 	{
@ -733,8 +787,7 @@ class App
 			$module = $module->determineClass($this->args, $router, $this->config);
 			// Let the module run it's internal process (init, get, post, ...)
-			$module->run($this->l10n, $this, $this->logger, $this->getCurrentTheme(), $_SERVER, $_POST);
+			$module->run($this->l10n, $this, $this->logger, $_SERVER, $_POST);
 		} catch (HTTPException $e) {
 			ModuleHTTPException::rawContent($e);
 		}
--- a/src/App/Arguments.php
+++ b/src/App/Arguments.php
@ -70,7 +70,7 @@ class Arguments
 	/**
 	 * Returns the value of a argv key
-	 * @todo there are a lot of $a->argv usages in combination with defaults() which can be replaced with this method
+	 * @todo there are a lot of $a->argv usages in combination with ?? which can be replaced with this method
 	 *
 	 * @param int   $position the position of the argument
 	 * @param mixed $default  the default value if not found
--- a/src/App/BaseURL.php
+++ b/src/App/BaseURL.php
@ -338,12 +338,12 @@ class BaseURL
 		/* Relative script path to the web server root
 		 * Not all of those $_SERVER properties can be present, so we do by inverse priority order
 		 */
-		$relative_script_path = '';
+		$relative_script_path =
-		$relative_script_path = defaults($this->server, 'REDIRECT_URL', $relative_script_path);
+			($this->server['REDIRECT_URL']        ?? '') ?:
-		$relative_script_path = defaults($this->server, 'REDIRECT_URI', $relative_script_path);
+			($this->server['REDIRECT_URI']        ?? '') ?:
-		$relative_script_path = defaults($this->server, 'REDIRECT_SCRIPT_URL', $relative_script_path);
+			($this->server['REDIRECT_SCRIPT_URL'] ?? '') ?:
-		$relative_script_path = defaults($this->server, 'SCRIPT_URL', $relative_script_path);
+			($this->server['SCRIPT_URL']          ?? '') ?:
-		$relative_script_path = defaults($this->server, 'REQUEST_URI', $relative_script_path);
+			 $this->server['REQUEST_URI']         ?? '';
 		/* $relative_script_path gives /relative/path/to/friendica/module/parameter
 		 * QUERY_STRING gives pagename=module/parameter
--- a/src/App/Mode.php
+++ b/src/App/Mode.php
@ -106,15 +106,16 @@ class Mode
 	/**
 	 * Checks if the site is called via a backend process
 	 *
 	 * @param bool         $isBackend    True, if the call is from a backend script (daemon, worker, ...)
 	 * @param Module       $module       The pre-loaded module (just name, not class!)
 	 * @param array        $server       The $_SERVER variable
 	 * @param MobileDetect $mobileDetect The mobile detection library
 	 *
 	 * @return Mode returns the determined mode
 	 */
-	public function determineRunMode(Module $module, array $server, MobileDetect $mobileDetect)
+	public function determineRunMode(bool $isBackend, Module $module, array $server, MobileDetect $mobileDetect)
 	{
-		$isBackend = basename(($server['PHP_SELF'] ?? ''), '.php') !== 'index' ||
+		$isBackend = $isBackend ||
 		             $module->isBackend();
 		$isMobile  = $mobileDetect->isMobile();
 		$isTablet  = $mobileDetect->isTablet();
--- a/src/App/Module.php
+++ b/src/App/Module.php
@ -7,7 +7,10 @@ use Friendica\BaseObject;
 use Friendica\Core;
 use Friendica\LegacyModule;
 use Friendica\Module\Home;
-use Friendica\Module\PageNotFound;
+use Friendica\Module\HTTPException\MethodNotAllowed;
 use Friendica\Module\HTTPException\PageNotFound;
 use Friendica\Network\HTTPException\MethodNotAllowedException;
 use Friendica\Network\HTTPException\NotFoundException;
 use Psr\Log\LoggerInterface;
 /**
@ -138,51 +141,49 @@ class Module
 	 *
 	 * @return Module The determined module of this call
 	 *
-	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
+	 * @throws \Exception
 	 */
 	public function determineClass(Arguments $args, Router $router, Core\Config\Configuration $config)
 	{
 		$printNotAllowedAddon = false;
 		$module_class = null;
 		/**
 		 * ROUTING
 		 *
 		 * From the request URL, routing consists of obtaining the name of a BaseModule-extending class of which the
 		 * post() and/or content() static methods can be respectively called to produce a data change or an output.
 		 **/
-
+		try {
-		// First we try explicit routes defined in App\Router
+			$module_class = $router->getModuleClass($args->getCommand());
-		$router->collectRoutes();
+		} catch (MethodNotAllowedException $e) {
-
+			$module_class = MethodNotAllowed::class;
-		$data = $router->getRouteCollector();
+		} catch (NotFoundException $e) {
-		Core\Hook::callAll('route_collection', $data);
+			// Then we try addon-provided modules that we wrap in the LegacyModule class
-
+			if (Core\Addon::isEnabled($this->module) && file_exists("addon/{$this->module}/{$this->module}.php")) {
-		$module_class = $router->getModuleClass($args->getCommand());
+				//Check if module is an app and if public access to apps is allowed or not
-
+				$privateapps = $config->get('config', 'private_addons', false);
-		// Then we try addon-provided modules that we wrap in the LegacyModule class
+				if ((!local_user()) && Core\Hook::isAddonApp($this->module) && $privateapps) {
-		if (!$module_class && Core\Addon::isEnabled($this->module) && file_exists("addon/{$this->module}/{$this->module}.php")) {
+					$printNotAllowedAddon = true;
-			//Check if module is an app and if public access to apps is allowed or not
+				} else {
-			$privateapps = $config->get('config', 'private_addons', false);
+					include_once "addon/{$this->module}/{$this->module}.php";
-			if ((!local_user()) && Core\Hook::isAddonApp($this->module) && $privateapps) {
+					if (function_exists($this->module . '_module')) {
-				$printNotAllowedAddon = true;
+						LegacyModule::setModuleFile("addon/{$this->module}/{$this->module}.php");
-			} else {
+						$module_class = LegacyModule::class;
-				include_once "addon/{$this->module}/{$this->module}.php";
+					}
 				if (function_exists($this->module . '_module')) {
 					LegacyModule::setModuleFile("addon/{$this->module}/{$this->module}.php");
 					$module_class = LegacyModule::class;
 				}
 			}
 		}
-		/* Finally, we look for a 'standard' program module in the 'mod' directory
+			/* Finally, we look for a 'standard' program module in the 'mod' directory
-		 * We emulate a Module class through the LegacyModule class
+			 * We emulate a Module class through the LegacyModule class
-		 */
+			 */
-		if (!$module_class && file_exists("mod/{$this->module}.php")) {
+			if (!$module_class && file_exists("mod/{$this->module}.php")) {
-			LegacyModule::setModuleFile("mod/{$this->module}.php");
+				LegacyModule::setModuleFile("mod/{$this->module}.php");
-			$module_class = LegacyModule::class;
+				$module_class = LegacyModule::class;
-		}
+			}
-		$module_class = !isset($module_class) ? PageNotFound::class : $module_class;
+			$module_class = $module_class ?: PageNotFound::class;
 		}
 		return new Module($this->module, $module_class, $this->isBackend, $printNotAllowedAddon);
 	}
@ -193,13 +194,12 @@ class Module
 	 * @param Core\L10n\L10n  $l10n         The L10n instance
 	 * @param App             $app          The whole Friendica app (for method arguments)
 	 * @param LoggerInterface $logger       The Friendica logger
 	 * @param string          $currentTheme The chosen theme
 	 * @param array           $server       The $_SERVER variable
 	 * @param array           $post         The $_POST variables
 	 *
 	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 */
-	public function run(Core\L10n\L10n $l10n, App $app, LoggerInterface $logger, string $currentTheme, array $server, array $post)
+	public function run(Core\L10n\L10n $l10n, App $app, LoggerInterface $logger, array $server, array $post)
 	{
 		if ($this->printNotAllowedAddon) {
 			info($l10n->t("You must be logged in to use addons. "));
@ -239,17 +239,6 @@ class Module
 		// This endpoint doesn't need any theme initialization or other comparable stuff.
 		call_user_func([$this->module_class, 'rawContent']);
 		// Load current theme info after module has been initialized as theme could have been set in module
 		$theme_info_file = 'view/theme/' . $currentTheme . '/theme.php';
 		if (file_exists($theme_info_file)) {
 			require_once $theme_info_file;
 		}
 		if (function_exists(str_replace('-', '_', $currentTheme) . '_init')) {
 			$func = str_replace('-', '_', $currentTheme) . '_init';
 			$func($app);
 		}
 		if ($server['REQUEST_METHOD'] === 'POST') {
 			Core\Hook::callAll($this->module . '_mod_post', $post);
 			call_user_func([$this->module_class, 'post']);
--- a/src/App/Page.php
+++ b/src/App/Page.php
@ -364,6 +364,18 @@ class Page implements ArrayAccess
 		 */
 		$this->initContent($module, $mode);
 		// Load current theme info after module has been initialized as theme could have been set in module
 		$currentTheme = $app->getCurrentTheme();
 		$theme_info_file = 'view/theme/' . $currentTheme . '/theme.php';
 		if (file_exists($theme_info_file)) {
 			require_once $theme_info_file;
 		}
 		if (function_exists(str_replace('-', '_', $currentTheme) . '_init')) {
 			$func = str_replace('-', '_', $currentTheme) . '_init';
 			$func($app);
 		}
 		/* Create the page head after setting the language
 		 * and getting any auth credentials.
 		 *
--- a/src/App/Router.php
+++ b/src/App/Router.php
@ -7,7 +7,9 @@ use FastRoute\DataGenerator\GroupCountBased;
 use FastRoute\Dispatcher;
 use FastRoute\RouteCollector;
 use FastRoute\RouteParser\Std;
-use Friendica\Module;
+use Friendica\Core\Hook;
 use Friendica\Core\L10n;
 use Friendica\Network\HTTPException;
 /**
 * Wrapper for FastRoute\Router
@ -21,212 +23,129 @@ use Friendica\Module;
 */
 class Router
 {
 	const POST = 'POST';
 	const GET  = 'GET';
 	const ALLOWED_METHODS = [
 		self::POST,
 		self::GET,
 	];
 	/** @var RouteCollector */
 	protected $routeCollector;
 	/**
-	 * Static declaration of Friendica routes.
+	 * @var string The HTTP method
 	 *
 	 * Supports:
 	 * - Route groups
 	 * - Variable parts
 	 * Disregards:
 	 * - HTTP method other than GET
 	 * - Named parameters
 	 *
 	 * Handler must be the name of a class extending Friendica\BaseModule.
 	 *
 	 * @brief Static declaration of Friendica routes.
 	 */
-	public function collectRoutes()
+	private $httpMethod;
 	/**
 	 * @param array $server The $_SERVER variable
 	 * @param RouteCollector|null $routeCollector Optional the loaded Route collector
 	 */
 	public function __construct(array $server, RouteCollector $routeCollector = null)
 	{
-		$this->routeCollector->addRoute(['GET'],         '[/]',               Module\Home::class);
+		$httpMethod = $server['REQUEST_METHOD'] ?? self::GET;
-		$this->routeCollector->addGroup('/.well-known', function (RouteCollector $collector) {
+		$this->httpMethod = in_array($httpMethod, self::ALLOWED_METHODS) ? $httpMethod : self::GET;
 			$collector->addRoute(['GET'], '/host-meta'       , Module\WellKnown\HostMeta::class);
 			$collector->addRoute(['GET'], '/nodeinfo[/1.0]'  , Module\NodeInfo::class);
 			$collector->addRoute(['GET'], '/webfinger'       , Module\Xrd::class);
 			$collector->addRoute(['GET'], '/x-social-relay'  , Module\WellKnown\XSocialRelay::class);
 		});
 		$this->routeCollector->addGroup('/2fa', function (RouteCollector $collector) {
 			$collector->addRoute(['GET', 'POST'], '[/]'                     , Module\TwoFactor\Verify::class);
 			$collector->addRoute(['GET', 'POST'], '/recovery'               , Module\TwoFactor\Recovery::class);
 		});
 		$this->routeCollector->addGroup('/admin', function (RouteCollector $collector) {
 			$collector->addRoute(['GET']        , '[/]'                     , Module\Admin\Summary::class);
-			$collector->addRoute(['GET', 'POST'], '/addons'                 , Module\Admin\Addons\Index::class);
+		$this->routeCollector = isset($routeCollector) ?
-			$collector->addRoute(['GET', 'POST'], '/addons/{addon}'         , Module\Admin\Addons\Details::class);
+			$routeCollector :
-
+			new RouteCollector(new Std(), new GroupCountBased());
 			$collector->addRoute(['GET', 'POST'], '/blocklist/contact'      , Module\Admin\Blocklist\Contact::class);
 			$collector->addRoute(['GET', 'POST'], '/blocklist/server'       , Module\Admin\Blocklist\Server::class);
 			$collector->addRoute(['GET']        , '/dbsync[/check]'         , Module\Admin\DBSync::class);
 			$collector->addRoute(['GET']        , '/dbsync/{update:\d+}'    , Module\Admin\DBSync::class);
 			$collector->addRoute(['GET']        , '/dbsync/mark/{update:\d+}', Module\Admin\DBSync::class);
 			$collector->addRoute(['GET', 'POST'], '/features'               , Module\Admin\Features::class);
 			$collector->addRoute(['GET']        , '/federation'             , Module\Admin\Federation::class);
 			$collector->addRoute(['GET', 'POST'], '/item/delete'            , Module\Admin\Item\Delete::class);
 			$collector->addRoute(['GET', 'POST'], '/item/source[/{guid}]'   , Module\Admin\Item\Source::class);
 			$collector->addRoute(['GET']        , '/logs/view'              , Module\Admin\Logs\View::class);
 			$collector->addRoute(['GET', 'POST'], '/logs'                   , Module\Admin\Logs\Settings::class);
 			$collector->addRoute(['GET']        , '/phpinfo'                , Module\Admin\PhpInfo::class);
 			$collector->addRoute(['GET']        , '/queue[/deferred]'       , Module\Admin\Queue::class);
 			$collector->addRoute(['GET', 'POST'], '/site'                   , Module\Admin\Site::class);
 			$collector->addRoute(['GET', 'POST'], '/themes'                 , Module\Admin\Themes\Index::class);
 			$collector->addRoute(['GET', 'POST'], '/themes/{theme}'         , Module\Admin\Themes\Details::class);
 			$collector->addRoute(['GET', 'POST'], '/themes/{theme}/embed'   , Module\Admin\Themes\Embed::class);
 			$collector->addRoute(['GET', 'POST'], '/tos'                    , Module\Admin\Tos::class);
 			$collector->addRoute(['GET', 'POST'], '/users[/{action}/{uid}]' , Module\Admin\Users::class);
 		});
 		$this->routeCollector->addRoute(['GET'],         '/amcd',                Module\AccountManagementControlDocument::class);
 		$this->routeCollector->addRoute(['GET'],         '/acctlink',            Module\Acctlink::class);
 		$this->routeCollector->addRoute(['GET'],         '/allfriends/{id:\d+}', Module\AllFriends::class);
 		$this->routeCollector->addRoute(['GET'],         '/apps',                Module\Apps::class);
 		$this->routeCollector->addRoute(['GET'],         '/attach/{item:\d+}',   Module\Attach::class);
 		$this->routeCollector->addRoute(['GET'],         '/babel',               Module\Debug\Babel::class);
 		$this->routeCollector->addRoute(['GET'],         '/bookmarklet',         Module\Bookmarklet::class);
 		$this->routeCollector->addRoute(['GET', 'POST'], '/compose[/{type}]',    Module\Item\Compose::class);
 		$this->routeCollector->addGroup('/contact', function (RouteCollector $collector) {
 			$collector->addRoute(['GET'], '[/]',                                 Module\Contact::class);
 			$collector->addRoute(['GET', 'POST'], '/{id:\d+}[/]',                Module\Contact::class);
 			$collector->addRoute(['GET'], '/{id:\d+}/archive',                   Module\Contact::class);
 			$collector->addRoute(['GET'], '/{id:\d+}/block',                     Module\Contact::class);
 			$collector->addRoute(['GET'], '/{id:\d+}/conversations',             Module\Contact::class);
 			$collector->addRoute(['GET'], '/{id:\d+}/drop',                      Module\Contact::class);
 			$collector->addRoute(['GET'], '/{id:\d+}/ignore',                    Module\Contact::class);
 			$collector->addRoute(['GET'], '/{id:\d+}/posts',                     Module\Contact::class);
 			$collector->addRoute(['GET'], '/{id:\d+}/update',                    Module\Contact::class);
 			$collector->addRoute(['GET'], '/{id:\d+}/updateprofile',             Module\Contact::class);
 			$collector->addRoute(['GET'], '/archived',                           Module\Contact::class);
 			$collector->addRoute(['GET', 'POST'], '/batch',                      Module\Contact::class);
 			$collector->addRoute(['GET'], '/blocked',                            Module\Contact::class);
 			$collector->addRoute(['GET'], '/hidden',                             Module\Contact::class);
 			$collector->addRoute(['GET'], '/ignored',                            Module\Contact::class);
 		});
 		$this->routeCollector->addRoute(['GET'],         '/credits',             Module\Credits::class);
 		$this->routeCollector->addRoute(['GET'],         '/dirfind',             Module\Search\Directory::class);
 		$this->routeCollector->addRoute(['GET'],         '/directory',           Module\Directory::class);
 		$this->routeCollector->addGroup('/feed', function (RouteCollector $collector) {
 			$collector->addRoute(['GET'], '/{nickname}',                         Module\Feed::class);
 			$collector->addRoute(['GET'], '/{nickname}/posts',                   Module\Feed::class);
 			$collector->addRoute(['GET'], '/{nickname}/comments',                Module\Feed::class);
 			$collector->addRoute(['GET'], '/{nickname}/replies',                 Module\Feed::class);
 			$collector->addRoute(['GET'], '/{nickname}/activity',                Module\Feed::class);
 		});
 		$this->routeCollector->addRoute(['GET'],         '/feedtest',            Module\Debug\Feed::class);
 		$this->routeCollector->addGroup('/fetch', function (RouteCollector $collector) {
 			$collector->addRoute(['GET'], '/post/{guid}',                        Module\Diaspora\Fetch::class);
 			$collector->addRoute(['GET'], '/status_message/{guid}',              Module\Diaspora\Fetch::class);
 			$collector->addRoute(['GET'], '/reshare/{guid}',                     Module\Diaspora\Fetch::class);
 		});
 		$this->routeCollector->addRoute(['GET'],         '/filer[/{id:\d+}]',    Module\Filer\SaveTag::class);
 		$this->routeCollector->addRoute(['GET'],         '/filerm/{id:\d+}',     Module\Filer\RemoveTag::class);
 		$this->routeCollector->addRoute(['GET', 'POST'], '/follow_confirm',      Module\FollowConfirm::class);
 		$this->routeCollector->addRoute(['GET'],         '/followers/{owner}',   Module\Followers::class);
 		$this->routeCollector->addRoute(['GET'],         '/following/{owner}',   Module\Following::class);
 		$this->routeCollector->addRoute(['GET'],         '/friendica[/json]',    Module\Friendica::class);
 		$this->routeCollector->addGroup('/group', function (RouteCollector $collector) {
 			$collector->addRoute(['GET', 'POST'], '[/]',                         Module\Group::class);
 			$collector->addRoute(['GET', 'POST'], '/{group:\d+}',                Module\Group::class);
 			$collector->addRoute(['GET', 'POST'], '/none',                       Module\Group::class);
 			$collector->addRoute(['GET', 'POST'], '/new',                        Module\Group::class);
 			$collector->addRoute(['GET', 'POST'], '/drop/{group:\d+}',           Module\Group::class);
 			$collector->addRoute(['GET', 'POST'], '/{group:\d+}/{contact:\d+}',  Module\Group::class);
 			$collector->addRoute(['GET', 'POST'], '/{group:\d+}/add/{contact:\d+}',     Module\Group::class);
 			$collector->addRoute(['GET', 'POST'], '/{group:\d+}/remove/{contact:\d+}',  Module\Group::class);
 		});
 		$this->routeCollector->addRoute(['GET'],         '/hashtag',             Module\Hashtag::class);
 		$this->routeCollector->addRoute(['GET'],         '/home',                Module\Home::class);
 		$this->routeCollector->addRoute(['GET'],         '/help[/{doc:.+}]',     Module\Help::class);
 		$this->routeCollector->addRoute(['GET'],         '/inbox[/{nickname}]',  Module\Inbox::class);
 		$this->routeCollector->addRoute(['GET', 'POST'], '/invite',              Module\Invite::class);
 		$this->routeCollector->addGroup('/install', function (RouteCollector $collector) {
 			$collector->addRoute(['GET', 'POST'], '[/]',                         Module\Install::class);
 			$collector->addRoute(['GET'],         '/testrewrite',                Module\Install::class);
 		});
 		$this->routeCollector->addRoute(['GET'],         '/like/{item:\d+}',     Module\Like::class);
 		$this->routeCollector->addRoute(['GET', 'POST'], '/localtime',           Module\Debug\Localtime::class);
 		$this->routeCollector->addRoute(['GET', 'POST'], '/login',               Module\Login::class);
 		$this->routeCollector->addRoute(['GET', 'POST'], '/logout',              Module\Logout::class);
 		$this->routeCollector->addRoute(['GET'],         '/magic',               Module\Magic::class);
 		$this->routeCollector->addRoute(['GET'],         '/maintenance',         Module\Maintenance::class);
 		$this->routeCollector->addRoute(['GET'],         '/manifest',            Module\Manifest::class);
 		$this->routeCollector->addRoute(['GET'],         '/modexp/{nick}',       Module\PublicRSAKey::class);
 		$this->routeCollector->addRoute(['GET'],         '/newmember',           Module\Welcome::class);
 		$this->routeCollector->addRoute(['GET'],         '/nodeinfo/1.0',        Module\NodeInfo::class);
 		$this->routeCollector->addRoute(['GET'],         '/nogroup',             Module\Group::class);
 		$this->routeCollector->addGroup('/notify', function (RouteCollector $collector) {
 			$collector->addRoute(['GET'], '[/]',                                 Module\Notifications\Notify::class);
 			$collector->addRoute(['GET'], '/view/{id:\d+}',                      Module\Notifications\Notify::class);
 			$collector->addRoute(['GET'], '/mark/all',                           Module\Notifications\Notify::class);
 		});
 		$this->routeCollector->addRoute(['GET'],         '/objects/{guid}',      Module\Objects::class);
 		$this->routeCollector->addGroup('/oembed', function (RouteCollector $collector) {
 			$collector->addRoute(['GET'], '/b2h',                                Module\Oembed::class);
 			$collector->addRoute(['GET'], '/h2b',                                Module\Oembed::class);
 			$collector->addRoute(['GET'], '/{hash}',                             Module\Oembed::class);
 		});
 		$this->routeCollector->addRoute(['GET'],         '/outbox/{owner}',      Module\Outbox::class);
 		$this->routeCollector->addRoute(['GET'],         '/owa',                 Module\Owa::class);
 		$this->routeCollector->addRoute(['GET'],         '/opensearch',          Module\OpenSearch::class);
 		$this->routeCollector->addGroup('/photo', function (RouteCollector $collector) {
 			$collector->addRoute(['GET'], '/{name}',                             Module\Photo::class);
 			$collector->addRoute(['GET'], '/{type}/{name}',                      Module\Photo::class);
 			$collector->addRoute(['GET'], '/{type}/{customize}/{name}',          Module\Photo::class);
 		});
 		$this->routeCollector->addRoute(['GET'],         '/pretheme',            Module\ThemeDetails::class);
 		$this->routeCollector->addRoute(['GET'],         '/probe',               Module\Debug\Probe::class);
 		$this->routeCollector->addGroup('/profile', function (RouteCollector $collector) {
 			$collector->addRoute(['GET'], '/{nickname}',                         Module\Profile::class);
 			$collector->addRoute(['GET'], '/{nickname}/{to:\d{4}-\d{2}-\d{2}}/{from:\d{4}-\d{2}-\d{2}}', Module\Profile::class);
 			$collector->addRoute(['GET'], '/{nickname}/contacts[/{type}]',       Module\Profile\Contacts::class);
 			$collector->addRoute(['GET'], '/{profile:\d+}/view',                 Module\Profile::class);
 		});
 		$this->routeCollector->addGroup('/proxy', function (RouteCollector $collector) {
 			$collector->addRoute(['GET'], '[/]'                                , Module\Proxy::class);
 			$collector->addRoute(['GET'], '/{url}'                             , Module\Proxy::class);
 			$collector->addRoute(['GET'], '/{sub1}/{url}'                      , Module\Proxy::class);
 			$collector->addRoute(['GET'], '/{sub1}/{sub2}/{url}'               , Module\Proxy::class);
 		});
 		$this->routeCollector->addGroup('/settings', function (RouteCollector $collector) {
 			$collector->addGroup('/2fa', function (RouteCollector $collector) {
 				$collector->addRoute(['GET', 'POST'], '[/]'                    , Module\Settings\TwoFactor\Index::class);
 				$collector->addRoute(['GET', 'POST'], '/recovery'              , Module\Settings\TwoFactor\Recovery::class);
 				$collector->addRoute(['GET', 'POST'], '/app_specific'          , Module\Settings\TwoFactor\AppSpecific::class);
 				$collector->addRoute(['GET', 'POST'], '/verify'                , Module\Settings\TwoFactor\Verify::class);
 			});
 		});
 		$this->routeCollector->addRoute(['GET'],         '/randprof',            Module\RandomProfile::class);
 		$this->routeCollector->addRoute(['GET', 'POST'], '/register',            Module\Register::class);
 		$this->routeCollector->addRoute(['GET'],         '/robots.txt',          Module\RobotsTxt::class);
 		$this->routeCollector->addRoute(['GET'],         '/rsd.xml',             Module\ReallySimpleDiscovery::class);
 		$this->routeCollector->addRoute(['GET'],         '/smilies[/json]',      Module\Smilies::class);
 		$this->routeCollector->addRoute(['GET'],         '/statistics.json',     Module\Statistics::class);
 		$this->routeCollector->addRoute(['GET'],         '/starred/{item:\d+}',  Module\Starred::class);
 		$this->routeCollector->addRoute(['GET'],         '/toggle_mobile',       Module\ToggleMobile::class);
 		$this->routeCollector->addRoute(['GET'],         '/tos',                 Module\Tos::class);
 		$this->routeCollector->addRoute(['GET'],         '/view/theme/{theme}/style.pcss',  Module\Theme::class);
 		$this->routeCollector->addRoute(['GET'],         '/viewsrc/{item:\d+}',  Module\Debug\ItemBody::class);
 		$this->routeCollector->addRoute(['GET'],         '/webfinger',           Module\Debug\WebFinger::class);
 		$this->routeCollector->addRoute(['GET'],         '/xrd',                 Module\Xrd::class);
 	}
-	public function __construct()
+	/**
 	 * @param array $routes The routes to add to the Router
 	 *
 	 * @return self The router instance with the loaded routes
 	 *
 	 * @throws HTTPException\InternalServerErrorException In case of invalid configs
 	 */
 	public function addRoutes(array $routes)
 	{
-		$this->routeCollector = new RouteCollector(new Std(), new GroupCountBased());
+		$routeCollector = (isset($this->routeCollector) ?
 			$this->routeCollector :
 			new RouteCollector(new Std(), new GroupCountBased()));
 		foreach ($routes as $route => $config) {
 			if ($this->isGroup($config)) {
 				$this->addGroup($route, $config, $routeCollector);
 			} elseif ($this->isRoute($config)) {
 				$routeCollector->addRoute($config[1], $route, $config[0]);
 			} else {
 				throw new HTTPException\InternalServerErrorException("Wrong route config for route '" . print_r($route, true) . "'");
 			}
 		}
 		$this->routeCollector = $routeCollector;
 		return $this;
 	}
 	/**
 	 * Adds a group of routes to a given group
 	 *
 	 * @param string         $groupRoute     The route of the group
 	 * @param array          $routes         The routes of the group
 	 * @param RouteCollector $routeCollector The route collector to add this group
 	 */
 	private function addGroup(string $groupRoute, array $routes, RouteCollector $routeCollector)
 	{
 		$routeCollector->addGroup($groupRoute, function (RouteCollector $routeCollector) use ($routes) {
 			foreach ($routes as $route => $config) {
 				if ($this->isGroup($config)) {
 					$this->addGroup($route, $config, $routeCollector);
 				} elseif ($this->isRoute($config)) {
 					$routeCollector->addRoute($config[1], $route, $config[0]);
 				}else {
 					throw new HTTPException\InternalServerErrorException("Wrong route config for route '" . print_r($route, true) . "'");
 				}
 			}
 		});
 	}
 	/**
 	 * Returns true in case the config is a group config
 	 *
 	 * @param array $config
 	 *
 	 * @return bool
 	 */
 	private function isGroup(array $config)
 	{
 		return
 			is_array($config) &&
 			is_string(array_keys($config)[0]) &&
 			// This entry should NOT be a BaseModule
 			(substr(array_keys($config)[0], 0, strlen('Friendica\Module')) !== 'Friendica\Module') &&
 			// The second argument is an array (another routes)
 			is_array(array_values($config)[0]);
 	}
 	/**
 	 * Returns true in case the config is a route config
 	 *
 	 * @param array $config
 	 *
 	 * @return bool
 	 */
 	private function isRoute(array $config)
 	{
 		return
 			// The config array should at least have one entry
 			!empty($config[0]) &&
 			// This entry should be a BaseModule
 			(substr($config[0], 0, strlen('Friendica\Module')) === 'Friendica\Module') &&
 			// Either there is no other argument
 			(empty($config[1]) ||
 			 // Or the second argument is an array (HTTP-Methods)
 			 is_array($config[1]));
 	}
 	/**
 	 * The current route collector
 	 *
 	 * @return RouteCollector|null
 	 */
 	public function getRouteCollector()
 	{
 		return $this->routeCollector;
@ -236,21 +155,31 @@ class Router
 	 * Returns the relevant module class name for the given page URI or NULL if no route rule matched.
 	 *
 	 * @param string $cmd The path component of the request URL without the query string
-	 * @return string|null A Friendica\BaseModule-extending class name if a route rule matched
+	 *
 	 * @return string A Friendica\BaseModule-extending class name if a route rule matched
 	 *
 	 * @throws HTTPException\InternalServerErrorException
 	 * @throws HTTPException\MethodNotAllowedException    If a rule matched but the method didn't
 	 * @throws HTTPException\NotFoundException            If no rule matched
 	 */
 	public function getModuleClass($cmd)
 	{
 		// Add routes from addons
 		Hook::callAll('route_collection', $this->routeCollector);
 		$cmd = '/' . ltrim($cmd, '/');
 		$dispatcher = new \FastRoute\Dispatcher\GroupCountBased($this->routeCollector->getData());
 		$moduleClass = null;
-		// @TODO: Enable method-specific modules
+		$routeInfo  = $dispatcher->dispatch($this->httpMethod, $cmd);
 		$httpMethod = 'GET';
 		$routeInfo = $dispatcher->dispatch($httpMethod, $cmd);
 		if ($routeInfo[0] === Dispatcher::FOUND) {
 			$moduleClass = $routeInfo[1];
 		} elseif ($routeInfo[0] === Dispatcher::METHOD_NOT_ALLOWED) {
 			throw new HTTPException\MethodNotAllowedException(L10n::t('Method not allowed for this module. Allowed method(s): %s', implode(', ', $routeInfo[1])));
 		} else {
 			throw new HTTPException\NotFoundException(L10n::t('Page not found.'));
 		}
 		return $moduleClass;
--- a/src/BaseModule.php
+++ b/src/BaseModule.php
@ -4,7 +4,6 @@ namespace Friendica;
 use Friendica\Core\L10n;
 use Friendica\Core\Logger;
 use Friendica\Core\System;
 /**
 * All modules in Friendica should extend BaseModule, although not all modules
@ -121,7 +120,7 @@ abstract class BaseModule extends BaseObject
 		$a = \get_app();
 		$x = explode('.', $hash);
-		if (time() > (IntVal($x[0]) + $max_livetime)) {
+		if (time() > (intval($x[0]) + $max_livetime)) {
 			return false;
 		}
--- a/src/BaseObject.php
+++ b/src/BaseObject.php
@ -60,7 +60,7 @@ class BaseObject
 			throw new InternalServerErrorException('DICE isn\'t initialized.');
 		}
-		if (class_exists($name) || interface_exists($name   )) {
+		if (class_exists($name) || interface_exists($name)) {
 			return self::$dice->create($name);
 		} else {
 			throw new InternalServerErrorException('Class \'' . $name . '\' isn\'t valid.');
--- a/src/Console/AutomaticInstallation.php
+++ b/src/Console/AutomaticInstallation.php
@ -129,16 +129,13 @@ HELP;
 		$config_file = $this->getOption(['f', 'file']);
 		if (!empty($config_file)) {
-			if ($config_file != 'config' . DIRECTORY_SEPARATOR . 'local.config.php') {
+
-				// Copy config file
+			if (!file_exists($config_file)) {
-				$this->out("Copying config file...\n");
+				throw new RuntimeException("ERROR: Config file does not exist.\n");
 				if (!copy($basePathConf . DIRECTORY_SEPARATOR . $config_file, $basePathConf . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'local.config.php')) {
 					throw new RuntimeException("ERROR: Saving config file failed. Please copy '$config_file' to '" . $basePathConf . "'" . DIRECTORY_SEPARATOR . "config" . DIRECTORY_SEPARATOR . "local.config.php' manually.\n");
 				}
 			}
 			//reload the config cache
-			$loader = new ConfigFileLoader($basePathConf);
+			$loader = new ConfigFileLoader($config_file);
 			$loader->setupCache($configCache);
 		} else {
@ -195,7 +192,7 @@ HELP;
 			$installer->createConfig($configCache);
 		}
-		$this->out(" Complete!\n\n");
+		$this->out("Complete!\n\n");
 		// Check database connection
 		$this->out("Checking database...\n");
@ -219,6 +216,14 @@ HELP;
 			throw new RuntimeException($errorMessage);
 		}
 		if (!empty($config_file) && $config_file != 'config' . DIRECTORY_SEPARATOR . 'local.config.php') {
 			// Copy config file
 			$this->out("Copying config file...\n");
 			if (!copy($basePathConf . DIRECTORY_SEPARATOR . $config_file, $basePathConf . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'local.config.php')) {
 				throw new RuntimeException("ERROR: Saving config file failed. Please copy '$config_file' to '" . $basePathConf . "'" . DIRECTORY_SEPARATOR . "config" . DIRECTORY_SEPARATOR . "local.config.php' manually.\n");
 			}
 		}
 		$this->out(" Complete!\n\n");
 		// Install theme
--- a/src/Content/ForumManager.php
+++ b/src/Content/ForumManager.php
@ -43,7 +43,7 @@ class ForumManager
 			$params = ['order' => ['name']];
 		}
-		$condition_str = "`network` = ? AND `uid` = ? AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND ";
+		$condition_str = "`network` IN (?, ?) AND `uid` = ? AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND ";
 		if ($showprivate) {
 			$condition_str .= '(`forum` OR `prv`)';
@ -58,7 +58,7 @@ class ForumManager
 		$forumlist = [];
 		$fields = ['id', 'url', 'name', 'micro', 'thumb'];
-		$condition = [$condition_str, Protocol::DFRN, $uid];
+		$condition = [$condition_str, Protocol::DFRN, Protocol::ACTIVITYPUB, $uid];
 		$contacts = DBA::select('contact', $fields, $condition, $params);
 		if (!$contacts) {
 			return($forumlist);
--- a/src/Content/Nav.php
+++ b/src/Content/Nav.php
@ -29,7 +29,7 @@ class Nav
 		'directory' => null,
 		'settings'  => null,
 		'contacts'  => null,
-		'manage'    => null,
+		'delegation'=> null,
 		'events'    => null,
 		'register'  => null
 	];
@ -149,7 +149,7 @@ class Nav
 		$nav['usermenu'] = [];
 		$userinfo = null;
-		if (local_user() || remote_user()) {
+		if (Session::isAuthenticated()) {
 			$nav['logout'] = ['logout', L10n::t('Logout'), '', L10n::t('End this session')];
 		} else {
 			$nav['login'] = ['login', L10n::t('Login'), ($a->module == 'login' ? 'selected' : ''), L10n::t('Sign in')];
@ -182,7 +182,7 @@ class Nav
 			$nav['home'] = [$homelink, L10n::t('Home'), '', L10n::t('Home Page')];
 		}
-		if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::OPEN && !local_user() && !remote_user()) {
+		if (intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::OPEN && !Session::isAuthenticated()) {
 			$nav['register'] = ['register', L10n::t('Register'), '', L10n::t('Create an account')];
 		}
@ -257,11 +257,9 @@ class Nav
 			$nav['messages']['new'] = ['message/new', L10n::t('New Message'), '', L10n::t('New Message')];
 			if (is_array($a->identities) && count($a->identities) > 1) {
-				$nav['manage'] = ['manage', L10n::t('Manage'), '', L10n::t('Manage other pages')];
+				$nav['delegation'] = ['delegation', L10n::t('Delegation'), '', L10n::t('Manage other pages')];
 			}
 			$nav['delegations'] = ['delegate', L10n::t('Delegations'), '', L10n::t('Delegate Page Management')];
 			$nav['settings'] = ['settings', L10n::t('Settings'), '', L10n::t('Account settings')];
 			if (Feature::isEnabled(local_user(), 'multi_profiles')) {
--- a/src/Content/Pager.php
+++ b/src/Content/Pager.php
@ -39,7 +39,7 @@ class Pager
 	{
 		$this->setQueryString($queryString);
 		$this->setItemsPerPage($itemsPerPage);
-		$this->setPage(defaults($_GET, 'page', 1));
+		$this->setPage(($_GET['page'] ?? 0) ?: 1);
 	}
 	/**
--- a/src/Content/Text/BBCode.php
+++ b/src/Content/Text/BBCode.php
@ -38,7 +38,7 @@ class BBCode extends BaseObject
 	 *
 	 * @param string $body Message body
 	 * @return array
-	 *                     'type' -> Message type ("link", "video", "photo")
+	 *                     'type' -> Message type ('link', 'video', 'photo')
 	 *                     'text' -> Text before the shared message
 	 *                     'after' -> Text after the shared message
 	 *                     'image' -> Preview image of the message
@ -56,19 +56,19 @@ class BBCode extends BaseObject
 		if (preg_match_all("(\[class=(.*?)\](.*?)\[\/class\])ism", $body, $attached, PREG_SET_ORDER)) {
 			foreach ($attached as $data) {
-				if (!in_array($data[1], ["type-link", "type-video", "type-photo"])) {
+				if (!in_array($data[1], ['type-link', 'type-video', 'type-photo'])) {
 					continue;
 				}
-				$post["type"] = substr($data[1], 5);
+				$post['type'] = substr($data[1], 5);
 				$pos = strpos($body, $data[0]);
 				if ($pos > 0) {
-					$post["text"] = trim(substr($body, 0, $pos));
+					$post['text'] = trim(substr($body, 0, $pos));
-					$post["after"] = trim(substr($body, $pos + strlen($data[0])));
+					$post['after'] = trim(substr($body, $pos + strlen($data[0])));
 				} else {
-					$post["text"] = trim(str_replace($data[0], "", $body));
+					$post['text'] = trim(str_replace($data[0], '', $body));
-					$post["after"] = '';
+					$post['after'] = '';
 				}
 				$attacheddata = $data[2];
@ -79,25 +79,25 @@ class BBCode extends BaseObject
 					if ($picturedata) {
 						if (($picturedata[0] >= 500) && ($picturedata[0] >= $picturedata[1])) {
-							$post["image"] = $matches[1];
+							$post['image'] = $matches[1];
 						} else {
-							$post["preview"] = $matches[1];
+							$post['preview'] = $matches[1];
 						}
 					}
 				}
 				if (preg_match("/\[bookmark\=(.*?)\](.*?)\[\/bookmark\]/ism", $attacheddata, $matches)) {
-					$post["url"] = $matches[1];
+					$post['url'] = $matches[1];
-					$post["title"] = $matches[2];
+					$post['title'] = $matches[2];
 				}
-				if (!empty($post["url"]) && (in_array($post["type"], ["link", "video"]))
+				if (!empty($post['url']) && (in_array($post['type'], ['link', 'video']))
 					&& preg_match("/\[url\=(.*?)\](.*?)\[\/url\]/ism", $attacheddata, $matches)) {
-					$post["url"] = $matches[1];
+					$post['url'] = $matches[1];
 				}
 				// Search for description
 				if (preg_match("/\[quote\](.*?)\[\/quote\]/ism", $attacheddata, $matches)) {
-					$post["description"] = $matches[1];
+					$post['description'] = $matches[1];
 				}
 			}
 		}
@ -109,7 +109,7 @@ class BBCode extends BaseObject
 	 *
 	 * @param string $body Message body
 	 * @return array
-	 *                     'type' -> Message type ("link", "video", "photo")
+	 *                     'type' -> Message type ('link', 'video', 'photo')
 	 *                     'text' -> Text before the shared message
 	 *                     'after' -> Text after the shared message
 	 *                     'image' -> Preview image of the message
@ -136,9 +136,9 @@ class BBCode extends BaseObject
 		$attributes = $match[2];
-		$data["text"] = trim($match[1]);
+		$data['text'] = trim($match[1]);
-		$type = "";
+		$type = '';
 		preg_match("/type='(.*?)'/ism", $attributes, $matches);
 		if (!empty($matches[1])) {
 			$type = strtolower($matches[1]);
@ -149,19 +149,19 @@ class BBCode extends BaseObject
 			$type = strtolower($matches[1]);
 		}
-		if ($type == "") {
+		if ($type == '') {
 			return [];
 		}
-		if (!in_array($type, ["link", "audio", "photo", "video"])) {
+		if (!in_array($type, ['link', 'audio', 'photo', 'video'])) {
 			return [];
 		}
-		if ($type != "") {
+		if ($type != '') {
-			$data["type"] = $type;
+			$data['type'] = $type;
 		}
-		$url = "";
+		$url = '';
 		preg_match("/url='(.*?)'/ism", $attributes, $matches);
 		if (!empty($matches[1])) {
 			$url = $matches[1];
@ -172,11 +172,11 @@ class BBCode extends BaseObject
 			$url = $matches[1];
 		}
-		if ($url != "") {
+		if ($url != '') {
-			$data["url"] = html_entity_decode($url, ENT_QUOTES, 'UTF-8');
+			$data['url'] = html_entity_decode($url, ENT_QUOTES, 'UTF-8');
 		}
-		$title = "";
+		$title = '';
 		preg_match("/title='(.*?)'/ism", $attributes, $matches);
 		if (!empty($matches[1])) {
 			$title = $matches[1];
@ -187,14 +187,14 @@ class BBCode extends BaseObject
 			$title = $matches[1];
 		}
-		if ($title != "") {
+		if ($title != '') {
 			$title = self::convert(html_entity_decode($title, ENT_QUOTES, 'UTF-8'), false, true);
 			$title = html_entity_decode($title, ENT_QUOTES, 'UTF-8');
-			$title = str_replace(["[", "]"], ["&#91;", "&#93;"], $title);
+			$title = str_replace(['[', ']'], ['&#91;', '&#93;'], $title);
-			$data["title"] = $title;
+			$data['title'] = $title;
 		}
-		$image = "";
+		$image = '';
 		preg_match("/image='(.*?)'/ism", $attributes, $matches);
 		if (!empty($matches[1])) {
 			$image = $matches[1];
@ -205,11 +205,11 @@ class BBCode extends BaseObject
 			$image = $matches[1];
 		}
-		if ($image != "") {
+		if ($image != '') {
-			$data["image"] = html_entity_decode($image, ENT_QUOTES, 'UTF-8');
+			$data['image'] = html_entity_decode($image, ENT_QUOTES, 'UTF-8');
 		}
-		$preview = "";
+		$preview = '';
 		preg_match("/preview='(.*?)'/ism", $attributes, $matches);
 		if (!empty($matches[1])) {
 			$preview = $matches[1];
@ -220,13 +220,13 @@ class BBCode extends BaseObject
 			$preview = $matches[1];
 		}
-		if ($preview != "") {
+		if ($preview != '') {
-			$data["preview"] = html_entity_decode($preview, ENT_QUOTES, 'UTF-8');
+			$data['preview'] = html_entity_decode($preview, ENT_QUOTES, 'UTF-8');
 		}
-		$data["description"] = trim($match[3]);
+		$data['description'] = trim($match[3]);
-		$data["after"] = trim($match[4]);
+		$data['after'] = trim($match[4]);
 		return $data;
 	}
@ -244,7 +244,7 @@ class BBCode extends BaseObject
 		*/
 		$has_title = !empty($item['title']);
-		$plink = defaults($item, 'plink', '');
+		$plink = $item['plink'] ?? '';
 		$post = self::getAttachmentData($body);
 		// Get all linked images with alternative image description
@ -268,11 +268,11 @@ class BBCode extends BaseObject
 		}
 		// if nothing is found, it maybe having an image.
-		if (!isset($post["type"])) {
+		if (!isset($post['type'])) {
 			// Simplify image codes
 			$body = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $body);
 			$body = preg_replace("/\[img\=(.*?)\](.*?)\[\/img\]/ism", '[img]$1[/img]', $body);
-			$post["text"] = $body;
+			$post['text'] = $body;
 			if (preg_match_all("(\[url=(.*?)\]\s*\[img\](.*?)\[\/img\]\s*\[\/url\])ism", $body, $pictures, PREG_SET_ORDER)) {
 				if ((count($pictures) == 1) && !$has_title) {
@ -288,75 +288,75 @@ class BBCode extends BaseObject
 					// Workaround:
 					// Sometimes photo posts to the own album are not detected at the start.
 					// So we seem to cannot use the cache for these cases. That's strange.
-					if (($data["type"] != "photo") && strstr($pictures[0][1], "/photos/")) {
+					if (($data['type'] != 'photo') && strstr($pictures[0][1], "/photos/")) {
 						$data = ParseUrl::getSiteinfo($pictures[0][1], true);
 					}
-					if ($data["type"] == "photo") {
+					if ($data['type'] == 'photo') {
-						$post["type"] = "photo";
+						$post['type'] = 'photo';
-						if (isset($data["images"][0])) {
+						if (isset($data['images'][0])) {
-							$post["image"] = $data["images"][0]["src"];
+							$post['image'] = $data['images'][0]['src'];
-							$post["url"] = $data["url"];
+							$post['url'] = $data['url'];
 						} else {
-							$post["image"] = $data["url"];
+							$post['image'] = $data['url'];
 						}
-						$post["preview"] = $pictures[0][2];
+						$post['preview'] = $pictures[0][2];
-						$post["text"] = trim(str_replace($pictures[0][0], "", $body));
+						$post['text'] = trim(str_replace($pictures[0][0], '', $body));
 					} else {
 						$imgdata = Image::getInfoFromURL($pictures[0][1]);
-						if ($imgdata && substr($imgdata["mime"], 0, 6) == "image/") {
+						if ($imgdata && substr($imgdata['mime'], 0, 6) == 'image/') {
-							$post["type"] = "photo";
+							$post['type'] = 'photo';
-							$post["image"] = $pictures[0][1];
+							$post['image'] = $pictures[0][1];
-							$post["preview"] = $pictures[0][2];
+							$post['preview'] = $pictures[0][2];
-							$post["text"] = trim(str_replace($pictures[0][0], "", $body));
+							$post['text'] = trim(str_replace($pictures[0][0], '', $body));
 						}
 					}
 				} elseif (count($pictures) > 0) {
-					$post["type"] = "link";
+					$post['type'] = 'link';
-					$post["url"] = $plink;
+					$post['url'] = $plink;
-					$post["image"] = $pictures[0][2];
+					$post['image'] = $pictures[0][2];
-					$post["text"] = $body;
+					$post['text'] = $body;
 					foreach ($pictures as $picture) {
-						$post["text"] = trim(str_replace($picture[0], "", $post["text"]));
+						$post['text'] = trim(str_replace($picture[0], '', $post['text']));
 					}
 				}
 			} elseif (preg_match_all("(\[img\](.*?)\[\/img\])ism", $body, $pictures, PREG_SET_ORDER)) {
 				if ((count($pictures) == 1) && !$has_title) {
-					$post["type"] = "photo";
+					$post['type'] = 'photo';
-					$post["image"] = $pictures[0][1];
+					$post['image'] = $pictures[0][1];
-					$post["text"] = str_replace($pictures[0][0], "", $body);
+					$post['text'] = str_replace($pictures[0][0], '', $body);
 				} elseif (count($pictures) > 0) {
-					$post["type"] = "link";
+					$post['type'] = 'link';
-					$post["url"] = $plink;
+					$post['url'] = $plink;
-					$post["image"] = $pictures[0][1];
+					$post['image'] = $pictures[0][1];
-					$post["text"] = $body;
+					$post['text'] = $body;
 					foreach ($pictures as $picture) {
-						$post["text"] = trim(str_replace($picture[0], "", $post["text"]));
+						$post['text'] = trim(str_replace($picture[0], '', $post['text']));
 					}
 				}
 			}
 			// Test for the external links
-			preg_match_all("(\[url\](.*?)\[\/url\])ism", $post["text"], $links1, PREG_SET_ORDER);
+			preg_match_all("(\[url\](.*?)\[\/url\])ism", $post['text'], $links1, PREG_SET_ORDER);
-			preg_match_all("(\[url\=(.*?)\].*?\[\/url\])ism", $post["text"], $links2, PREG_SET_ORDER);
+			preg_match_all("(\[url\=(.*?)\].*?\[\/url\])ism", $post['text'], $links2, PREG_SET_ORDER);
 			$links = array_merge($links1, $links2);
 			// If there is only a single one, then use it.
 			// This should cover link posts via API.
-			if ((count($links) == 1) && !isset($post["preview"]) && !$has_title) {
+			if ((count($links) == 1) && !isset($post['preview']) && !$has_title) {
-				$post["type"] = "link";
+				$post['type'] = 'link';
-				$post["url"] = $links[0][1];
+				$post['url'] = $links[0][1];
 			}
 			// Now count the number of external media links
-			preg_match_all("(\[vimeo\](.*?)\[\/vimeo\])ism", $post["text"], $links1, PREG_SET_ORDER);
+			preg_match_all("(\[vimeo\](.*?)\[\/vimeo\])ism", $post['text'], $links1, PREG_SET_ORDER);
-			preg_match_all("(\[youtube\\](.*?)\[\/youtube\\])ism", $post["text"], $links2, PREG_SET_ORDER);
+			preg_match_all("(\[youtube\\](.*?)\[\/youtube\\])ism", $post['text'], $links2, PREG_SET_ORDER);
-			preg_match_all("(\[video\\](.*?)\[\/video\\])ism", $post["text"], $links3, PREG_SET_ORDER);
+			preg_match_all("(\[video\\](.*?)\[\/video\\])ism", $post['text'], $links3, PREG_SET_ORDER);
-			preg_match_all("(\[audio\\](.*?)\[\/audio\\])ism", $post["text"], $links4, PREG_SET_ORDER);
+			preg_match_all("(\[audio\\](.*?)\[\/audio\\])ism", $post['text'], $links4, PREG_SET_ORDER);
 			// Add them to the other external links
 			$links = array_merge($links, $links1, $links2, $links3, $links4);
@ -364,19 +364,19 @@ class BBCode extends BaseObject
 			// Are there more than one?
 			if (count($links) > 1) {
 				// The post will be the type "text", which means a blog post
-				unset($post["type"]);
+				unset($post['type']);
-				$post["url"] = $plink;
+				$post['url'] = $plink;
 			}
-			if (!isset($post["type"])) {
+			if (!isset($post['type'])) {
-				$post["type"] = "text";
+				$post['type'] = "text";
-				$post["text"] = trim($body);
+				$post['text'] = trim($body);
 			}
-		} elseif (isset($post["url"]) && ($post["type"] == "video")) {
+		} elseif (isset($post['url']) && ($post['type'] == 'video')) {
-			$data = ParseUrl::getSiteinfoCached($post["url"], true);
+			$data = ParseUrl::getSiteinfoCached($post['url'], true);
-			if (isset($data["images"][0])) {
+			if (isset($data['images'][0])) {
-				$post["image"] = $data["images"][0]["src"];
+				$post['image'] = $data['images'][0]['src'];
 			}
 		}
@ -581,27 +581,27 @@ class BBCode extends BaseObject
 	private static function convertAttachment($return, $simplehtml = false, $tryoembed = true)
 	{
 		$data = self::getAttachmentData($return);
-		if (empty($data) || empty($data["url"])) {
+		if (empty($data) || empty($data['url'])) {
 			return $return;
 		}
-		if (isset($data["title"])) {
+		if (isset($data['title'])) {
-			$data["title"] = strip_tags($data["title"]);
+			$data['title'] = strip_tags($data['title']);
-			$data["title"] = str_replace(["http://", "https://"], "", $data["title"]);
+			$data['title'] = str_replace(['http://', 'https://'], '', $data['title']);
 		} else {
-			$data["title"] = null;
+			$data['title'] = null;
 		}
-		if (((strpos($data["text"], "[img=") !== false) || (strpos($data["text"], "[img]") !== false) || Config::get('system', 'always_show_preview')) && !empty($data["image"])) {
+		if (((strpos($data['text'], "[img=") !== false) || (strpos($data['text'], "[img]") !== false) || Config::get('system', 'always_show_preview')) && !empty($data['image'])) {
-			$data["preview"] = $data["image"];
+			$data['preview'] = $data['image'];
-			$data["image"] = "";
+			$data['image'] = '';
 		}
 		$return = '';
 		if (in_array($simplehtml, [7, 9])) {
-			$return = self::convertUrlForOStatus($data["url"]);
+			$return = self::convertUrlForActivityPub($data['url']);
 		} elseif (($simplehtml != 4) && ($simplehtml != 0)) {
-			$return = sprintf('<a href="%s" target="_blank">%s</a><br>', $data["url"], $data["title"]);
+			$return = sprintf('<a href="%s" target="_blank">%s</a><br>', $data['url'], $data['title']);
 		} else {
 			try {
 				if ($tryoembed && OEmbed::isAllowedURL($data['url'])) {
@ -610,28 +610,28 @@ class BBCode extends BaseObject
 					throw new Exception('OEmbed is disabled for this attachment.');
 				}
 			} catch (Exception $e) {
-				$data["title"] = defaults($data, 'title', $data['url']);
+				$data['title'] = ($data['title'] ?? '') ?: $data['url'];
 				if ($simplehtml != 4) {
-					$return = sprintf('<div class="type-%s">', $data["type"]);
+					$return = sprintf('<div class="type-%s">', $data['type']);
 				}
 				if (!empty($data['title']) && !empty($data['url'])) {
-					if (!empty($data["image"]) && empty($data["text"]) && ($data["type"] == "photo")) {
+					if (!empty($data['image']) && empty($data['text']) && ($data['type'] == 'photo')) {
-						$return .= sprintf('<a href="%s" target="_blank"><img src="%s" alt="" title="%s" class="attachment-image" /></a>', $data["url"], self::proxyUrl($data["image"], $simplehtml), $data["title"]);
+						$return .= sprintf('<a href="%s" target="_blank"><img src="%s" alt="" title="%s" class="attachment-image" /></a>', $data['url'], self::proxyUrl($data['image'], $simplehtml), $data['title']);
 					} else {
-						if (!empty($data["image"])) {
+						if (!empty($data['image'])) {
-							$return .= sprintf('<a href="%s" target="_blank"><img src="%s" alt="" title="%s" class="attachment-image" /></a><br />', $data["url"], self::proxyUrl($data["image"], $simplehtml), $data["title"]);
+							$return .= sprintf('<a href="%s" target="_blank"><img src="%s" alt="" title="%s" class="attachment-image" /></a><br />', $data['url'], self::proxyUrl($data['image'], $simplehtml), $data['title']);
-						} elseif (!empty($data["preview"])) {
+						} elseif (!empty($data['preview'])) {
-							$return .= sprintf('<a href="%s" target="_blank"><img src="%s" alt="" title="%s" class="attachment-preview" /></a><br />', $data["url"], self::proxyUrl($data["preview"], $simplehtml), $data["title"]);
+							$return .= sprintf('<a href="%s" target="_blank"><img src="%s" alt="" title="%s" class="attachment-preview" /></a><br />', $data['url'], self::proxyUrl($data['preview'], $simplehtml), $data['title']);
 						}
 						$return .= sprintf('<h4><a href="%s">%s</a></h4>', $data['url'], $data['title']);
 					}
 				}
-				if (!empty($data["description"]) && $data["description"] != $data["title"]) {
+				if (!empty($data['description']) && $data['description'] != $data['title']) {
 					// Sanitize the HTML by converting it to BBCode
-					$bbcode = HTML::toBBCode($data["description"]);
+					$bbcode = HTML::toBBCode($data['description']);
 					$return .= sprintf('<blockquote>%s</blockquote>', trim(self::convert($bbcode)));
 				}
@ -645,7 +645,7 @@ class BBCode extends BaseObject
 			}
 		}
-		return trim(defaults($data, 'text', '') . ' ' . $return . ' ' . defaults($data, 'after', ''));
+		return trim(($data['text'] ?? '') . ' ' . $return . ' ' . ($data['after'] ?? ''));
 	}
 	public static function removeShareInformation($Text, $plaintext = false, $nolink = false)
@ -655,36 +655,36 @@ class BBCode extends BaseObject
 		if (!$data) {
 			return $Text;
 		} elseif ($nolink) {
-			return $data["text"] . defaults($data, 'after', '');
+			return $data['text'] . ($data['after'] ?? '');
 		}
-		$title = htmlentities(defaults($data, 'title', ''), ENT_QUOTES, 'UTF-8', false);
+		$title = htmlentities($data['title'] ?? '', ENT_QUOTES, 'UTF-8', false);
-		$text = htmlentities($data["text"], ENT_QUOTES, 'UTF-8', false);
+		$text = htmlentities($data['text'], ENT_QUOTES, 'UTF-8', false);
-		if ($plaintext || (($title != "") && strstr($text, $title))) {
+		if ($plaintext || (($title != '') && strstr($text, $title))) {
-			$data["title"] = $data["url"];
+			$data['title'] = $data['url'];
-		} elseif (($text != "") && strstr($title, $text)) {
+		} elseif (($text != '') && strstr($title, $text)) {
-			$data["text"] = $data["title"];
+			$data['text'] = $data['title'];
-			$data["title"] = $data["url"];
+			$data['title'] = $data['url'];
 		}
-		if (empty($data["text"]) && !empty($data["title"]) && empty($data["url"])) {
+		if (empty($data['text']) && !empty($data['title']) && empty($data['url'])) {
-			return $data["title"] . $data["after"];
+			return $data['title'] . $data['after'];
 		}
 		// If the link already is included in the post, don't add it again
-		if (!empty($data["url"]) && strpos($data["text"], $data["url"])) {
+		if (!empty($data['url']) && strpos($data['text'], $data['url'])) {
-			return $data["text"] . $data["after"];
+			return $data['text'] . $data['after'];
 		}
-		$text = $data["text"];
+		$text = $data['text'];
-		if (!empty($data["url"]) && !empty($data["title"])) {
+		if (!empty($data['url']) && !empty($data['title'])) {
-			$text .= "\n[url=" . $data["url"] . "]" . $data["title"] . "[/url]";
+			$text .= "\n[url=" . $data['url'] . ']' . $data['title'] . '[/url]';
-		} elseif (!empty($data["url"])) {
+		} elseif (!empty($data['url'])) {
-			$text .= "\n[url]" . $data["url"] . "[/url]";
+			$text .= "\n[url]" . $data['url'] . '[/url]';
 		}
-		return $text . "\n" . $data["after"];
+		return $text . "\n" . $data['after'];
 	}
 	/**
@ -694,7 +694,7 @@ class BBCode extends BaseObject
 	 * @param array $match Array with the matching values
 	 * @return string reformatted link including HTML codes
 	 */
-	private static function convertUrlForOStatusCallback($match)
+	private static function convertUrlForActivityPubCallback($match)
 	{
 		$url = $match[1];
@ -707,15 +707,26 @@ class BBCode extends BaseObject
 			return $match[0];
 		}
-		return self::convertUrlForOStatus($url);
+		return self::convertUrlForActivityPub($url);
 	}
 	/**
-	 * @brief Converts [url] BBCodes in a format that looks fine on OStatus systems.
+	 * @brief Converts [url] BBCodes in a format that looks fine on ActivityPub systems.
 	 * @param string $url URL that is about to be reformatted
 	 * @return string reformatted link including HTML codes
 	 */
-	private static function convertUrlForOStatus($url)
+	private static function convertUrlForActivityPub($url)
 	{
 		$html = '<a href="%s" target="_blank">%s</a>';
 		return sprintf($html, $url, self::getStyledURL($url));
 	}
 	/**
 	 * Converts an URL in a nicer format (without the scheme and possibly shortened)
 	 * @param string $url URL that is about to be reformatted
 	 * @return string reformatted link
 	 */
 	private static function getStyledURL($url)
 	{
 		$parts = parse_url($url);
 		$scheme = $parts['scheme'] . '://';
@ -725,9 +736,7 @@ class BBCode extends BaseObject
 			$styled_url = substr($styled_url, 0, 30) . "…";
 		}
-		$html = '<a href="%s" target="_blank">%s</a>';
+		return $styled_url;
 		return sprintf($html, $url, $styled_url);
 	}
 	/*
@ -932,7 +941,7 @@ class BBCode extends BaseObject
 				$attributes = [];
 				foreach(['author', 'profile', 'avatar', 'link', 'posted'] as $field) {
 					preg_match("/$field=(['\"])(.+?)\\1/ism", $attribute_string, $matches);
-					$attributes[$field] = html_entity_decode(defaults($matches, 2, ''), ENT_QUOTES, 'UTF-8');
+					$attributes[$field] = html_entity_decode($matches[2] ?? '', ENT_QUOTES, 'UTF-8');
 				}
 				// We only call this so that a previously unknown contact can be added.
@ -951,11 +960,11 @@ class BBCode extends BaseObject
 				Contact::getIdForURL($attributes['profile'], 0, true, $default);
 				$author_contact = Contact::getDetailsByURL($attributes['profile']);
-				$author_contact['addr'] = defaults($author_contact, 'addr' , Protocol::getAddrFromProfileUrl($attributes['profile']));
+				$author_contact['addr'] = ($author_contact['addr']  ?? '') ?: Protocol::getAddrFromProfileUrl($attributes['profile']);
-				$attributes['author']   = defaults($author_contact, 'name' , $attributes['author']);
+				$attributes['author']   = ($author_contact['name']  ?? '') ?: $attributes['author'];
-				$attributes['avatar']   = defaults($author_contact, 'micro', $attributes['avatar']);
+				$attributes['avatar']   = ($author_contact['micro'] ?? '') ?: $attributes['avatar'];
-				$attributes['profile']  = defaults($author_contact, 'url'  , $attributes['profile']);
+				$attributes['profile']  = ($author_contact['url']   ?? '') ?: $attributes['profile'];
 				if ($attributes['avatar']) {
 					$attributes['avatar'] = ProxyUtils::proxifyUrl($attributes['avatar'], false, ProxyUtils::SIZE_THUMB);
@ -1056,7 +1065,8 @@ class BBCode extends BaseObject
 	private static function removePictureLinksCallback($match)
 	{
-		$text = Cache::get($match[1]);
+		$cache_key = 'remove:' . $match[1];
 		$text = Cache::get($cache_key);
 		if (is_null($text)) {
 			$a = self::getApp();
@ -1072,10 +1082,10 @@ class BBCode extends BaseObject
 			$a->getProfiler()->saveTimestamp($stamp1, "network", System::callstack());
-			if (substr($curl_info["content_type"], 0, 6) == "image/") {
+			if (substr($curl_info['content_type'], 0, 6) == 'image/') {
-				$text = "[url=" . $match[1] . "]" . $match[1] . "[/url]";
+				$text = "[url=" . $match[1] . ']' . $match[1] . "[/url]";
 			} else {
-				$text = "[url=" . $match[2] . "]" . $match[2] . "[/url]";
+				$text = "[url=" . $match[2] . ']' . $match[2] . "[/url]";
 				// if its not a picture then look if its a page that contains a picture link
 				$body = Network::fetchUrl($match[1]);
@ -1093,12 +1103,12 @@ class BBCode extends BaseObject
 						}
 					}
-					if (strtolower($attr["name"]) == "twitter:image") {
+					if (strtolower($attr['name']) == 'twitter:image') {
-						$text = "[url=" . $attr["content"] . "]" . $attr["content"] . "[/url]";
+						$text = '[url=' . $attr['content'] . ']' . $attr['content'] . '[/url]';
 					}
 				}
 			}
-			Cache::set($match[1], $text);
+			Cache::set($cache_key, $text);
 		}
 		return $text;
@ -1106,7 +1116,7 @@ class BBCode extends BaseObject
 	private static function expandLinksCallback($match)
 	{
-		if (($match[3] == "") || ($match[2] == $match[3]) || stristr($match[2], $match[3])) {
+		if (($match[3] == '') || ($match[2] == $match[3]) || stristr($match[2], $match[3])) {
 			return ($match[1] . "[url]" . $match[2] . "[/url]");
 		} else {
 			return ($match[1] . $match[3] . " [url]" . $match[2] . "[/url]");
@ -1115,58 +1125,72 @@ class BBCode extends BaseObject
 	private static function cleanPictureLinksCallback($match)
 	{
-		$text = Cache::get($match[1]);
+		$a = self::getApp();
-		if (is_null($text)) {
+		// When the picture link is the own photo path then we can avoid fetching the link
-			$a = self::getApp();
+		$own_photo_url = preg_quote(Strings::normaliseLink($a->getBaseURL()) . '/photos/');
-
+		if (preg_match('|' . $own_photo_url . '.*?/image/|', Strings::normaliseLink($match[1]))) {
-			$stamp1 = microtime(true);
+			if (!empty($match[3])) {
-
+				$text = '[img=' . str_replace('-1.', '-0.', $match[2]) . ']' . $match[3] . '[/img]';
 			$ch = @curl_init($match[1]);
 			@curl_setopt($ch, CURLOPT_NOBODY, true);
 			@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 			@curl_setopt($ch, CURLOPT_USERAGENT, $a->getUserAgent());
 			@curl_exec($ch);
 			$curl_info = @curl_getinfo($ch);
 			$a->getProfiler()->saveTimestamp($stamp1, "network", System::callstack());
 			// if its a link to a picture then embed this picture
 			if (substr($curl_info["content_type"], 0, 6) == "image/") {
 				$text = "[img]" . $match[1] . "[/img]";
 			} else {
-				if (!empty($match[3])) {
+				$text = '[img]' . str_replace('-1.', '-0.', $match[2]) . '[/img]';
-					$text = "[img=" . $match[2] . "]" . $match[3] . "[/img]";
+			}
-				} else {
+			return $text;
-					$text = "[img]" . $match[2] . "[/img]";
+		}
 		$cache_key = 'clean:' . $match[1];
 		$text = Cache::get($cache_key);
 		if (!is_null($text)) {
 			return $text;
 		}
 		// Only fetch the header, not the content
 		$stamp1 = microtime(true);
 		$ch = @curl_init($match[1]);
 		@curl_setopt($ch, CURLOPT_NOBODY, true);
 		@curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 		@curl_setopt($ch, CURLOPT_USERAGENT, $a->getUserAgent());
 		@curl_exec($ch);
 		$curl_info = @curl_getinfo($ch);
 		$a->getProfiler()->saveTimestamp($stamp1, "network", System::callstack());
 		// if its a link to a picture then embed this picture
 		if (substr($curl_info['content_type'], 0, 6) == 'image/') {
 			$text = '[img]' . $match[1] . '[/img]';
 		} else {
 			if (!empty($match[3])) {
 				$text = '[img=' . $match[2] . ']' . $match[3] . '[/img]';
 			} else {
 				$text = '[img]' . $match[2] . '[/img]';
 			}
 			// if its not a picture then look if its a page that contains a picture link
 			$body = Network::fetchUrl($match[1]);
 			$doc = new DOMDocument();
 			@$doc->loadHTML($body);
 			$xpath = new DOMXPath($doc);
 			$list = $xpath->query("//meta[@name]");
 			foreach ($list as $node) {
 				$attr = [];
 				if ($node->attributes->length) {
 					foreach ($node->attributes as $attribute) {
 						$attr[$attribute->name] = $attribute->value;
 					}
 				}
-				// if its not a picture then look if its a page that contains a picture link
+				if (strtolower($attr['name']) == "twitter:image") {
-				$body = Network::fetchUrl($match[1]);
+					if (!empty($match[3])) {
-
+						$text = "[img=" . $attr['content'] . "]" . $match[3] . "[/img]";
-				$doc = new DOMDocument();
+					} else {
-				@$doc->loadHTML($body);
+						$text = "[img]" . $attr['content'] . "[/img]";
 				$xpath = new DOMXPath($doc);
 				$list = $xpath->query("//meta[@name]");
 				foreach ($list as $node) {
 					$attr = [];
 					if ($node->attributes->length) {
 						foreach ($node->attributes as $attribute) {
 							$attr[$attribute->name] = $attribute->value;
 						}
 					}
 					if (strtolower($attr["name"]) == "twitter:image") {
 						if (!empty($match[3])) {
 							$text = "[img=" . $attr["content"] . "]" . $match[3] . "[/img]";
 						} else {
 							$text = "[img]" . $attr["content"] . "[/img]";
 						}
 					}
 				}
 			}
 			Cache::set($match[1], $text);
 		}
 		Cache::set($cache_key, $text);
 		return $text;
 	}
@ -1217,7 +1241,7 @@ class BBCode extends BaseObject
 		$try_oembed_callback = function ($match)
 		{
 			$url = $match[1];
-			$title = defaults($match, 2, null);
+			$title = $match[2] ?? null;
 			try {
 				$return = OEmbed::getHTML($url, $title);
@ -1318,7 +1342,7 @@ class BBCode extends BaseObject
 		$text = str_replace($search, $replace, $text);
 		// removing multiplicated newlines
-		if (Config::get("system", "remove_multiplicated_lines")) {
+		if (Config::get('system', 'remove_multiplicated_lines')) {
 			$search = ["\n\n\n", "\n ", " \n", "[/quote]\n\n", "\n[/quote]", "[/li]\n", "\n[li]", "\n[ul]", "[/ul]\n", "\n\n[share ", "[/attachment]\n",
 					"\n[h1]", "[/h1]\n", "\n[h2]", "[/h2]\n", "\n[h3]", "[/h3]\n", "\n[h4]", "[/h4]\n", "\n[h5]", "[/h5]\n", "\n[h6]", "[/h6]\n"];
 			$replace = ["\n\n", "\n", "\n", "[/quote]\n", "[/quote]", "[/li]", "[li]", "[ul]", "[/ul]", "\n[share ", "[/attachment]",
@ -1389,8 +1413,14 @@ class BBCode extends BaseObject
 		// Check for sized text
 		// [size=50] --> font-size: 50px (with the unit).
-		$text = preg_replace("(\[size=(\d*?)\](.*?)\[\/size\])ism", "<span style=\"font-size: $1px; line-height: initial;\">$2</span>", $text);
+		if ($simple_html != 3) {
-		$text = preg_replace("(\[size=(.*?)\](.*?)\[\/size\])ism", "<span style=\"font-size: $1; line-height: initial;\">$2</span>", $text);
+			$text = preg_replace("(\[size=(\d*?)\](.*?)\[\/size\])ism", "<span style=\"font-size: $1px; line-height: initial;\">$2</span>", $text);
 			$text = preg_replace("(\[size=(.*?)\](.*?)\[\/size\])ism", "<span style=\"font-size: $1; line-height: initial;\">$2</span>", $text);
 		} else {
 			// Issue 2199: Diaspora doesn't interpret the construct above, nor the <small> or <big> element
 			$text = preg_replace("(\[size=(.*?)\](.*?)\[\/size\])ism", "$2", $text);
 		}
 		// Check for centered text
 		$text = preg_replace("(\[center\](.*?)\[\/center\])ism", "<div style=\"text-align:center;\">$1</div>", $text);
@ -1445,6 +1475,11 @@ class BBCode extends BaseObject
 		$text = str_replace('[hr]', '<hr />', $text);
 		if (!$for_plaintext) {
 			// Autolinker for isolated URLs
 			$text = preg_replace(Strings::autoLinkRegEx(), '[url]$1[/url]', $text);
 		}
 		// This is actually executed in Item::prepareBody()
 		$nosmile = strpos($text, '[nosmile]') !== false;
@ -1454,24 +1489,22 @@ class BBCode extends BaseObject
 		$text = preg_replace("/\[font=(.*?)\](.*?)\[\/font\]/sm", "<span style=\"font-family: $1;\">$2</span>", $text);
 		// Declare the format for [spoiler] layout
-		$SpoilerLayout = '<blockquote class="spoiler">$1</blockquote>';
+		$SpoilerLayout = '<details class="spoiler"><summary>' . L10n::t('Click to open/close') . '</summary>$1</details>';
 		// Check for [spoiler] text
 		// handle nested quotes
 		$endlessloop = 0;
 		while ((strpos($text, "[/spoiler]") !== false) && (strpos($text, "[spoiler]") !== false) && (++$endlessloop < 20)) {
-			$text = preg_replace("/\[spoiler\](.*?)\[\/spoiler\]/ism", "$SpoilerLayout", $text);
+			$text = preg_replace("/\[spoiler\](.*?)\[\/spoiler\]/ism", $SpoilerLayout, $text);
 		}
-		// Check for [spoiler=Author] text
+		// Check for [spoiler=Title] text
 		$t_wrote = L10n::t('$1 wrote:');
 		// handle nested quotes
 		$endlessloop = 0;
 		while ((strpos($text, "[/spoiler]")!== false)  && (strpos($text, "[spoiler=") !== false) && (++$endlessloop < 20)) {
 			$text = preg_replace("/\[spoiler=[\"\']*(.*?)[\"\']*\](.*?)\[\/spoiler\]/ism",
-				"<br /><strong class=".'"spoiler"'.">" . $t_wrote . "</strong><blockquote class=".'"spoiler"'.">$2</blockquote>",
+				'<details class="spoiler"><summary>$1</summary>$2</details>',
 				$text);
 		}
@ -1629,12 +1662,10 @@ class BBCode extends BaseObject
 			$text = Smilies::replace($text);
 		}
 		// if the HTML is used to generate plain text, then don't do this search, but replace all URL of that kind to text
 		if (!$for_plaintext) {
 			$text = preg_replace(Strings::autoLinkRegEx(), '[url]$1[/url]', $text);
 			if (in_array($simple_html, [7, 9])) {
-				$text = preg_replace_callback("/\[url\](.*?)\[\/url\]/ism", 'self::convertUrlForOStatusCallback', $text);
+				$text = preg_replace_callback("/\[url\](.*?)\[\/url\]/ism", 'self::convertUrlForActivityPubCallback', $text);
-				$text = preg_replace_callback("/\[url\=(.*?)\](.*?)\[\/url\]/ism", 'self::convertUrlForOStatusCallback', $text);
+				$text = preg_replace_callback("/\[url\=(.*?)\](.*?)\[\/url\]/ism", 'self::convertUrlForActivityPubCallback', $text);
 			}
 		} else {
 			$text = preg_replace("(\[url\](.*?)\[\/url\])ism", " $1 ", $text);
@ -1810,7 +1841,7 @@ class BBCode extends BaseObject
 		// Clean up the HTML by loading and saving the HTML with the DOM.
 		// Bad structured html can break a whole page.
 		// For performance reasons do it only with activated item cache or at export.
-		if (!$try_oembed || (get_itemcachepath() != "")) {
+		if (!$try_oembed || (get_itemcachepath() != '')) {
 			$doc = new DOMDocument();
 			$doc->preserveWhiteSpace = false;
@ -1818,10 +1849,10 @@ class BBCode extends BaseObject
 			$doctype = '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">';
 			$encoding = '<?xml encoding="UTF-8">';
-			@$doc->loadHTML($encoding.$doctype."<html><body>".$text."</body></html>");
+			@$doc->loadHTML($encoding . $doctype . '<html><body>' . $text . '</body></html>');
 			$doc->encoding = 'UTF-8';
 			$text = $doc->saveHTML();
-			$text = str_replace(["<html><body>", "</body></html>", $doctype, $encoding], ["", "", "", ""], $text);
+			$text = str_replace(['<html><body>', '</body></html>', $doctype, $encoding], ['', '', '', ''], $text);
 			$text = str_replace('<br></li>', '</li>', $text);
@ -1861,9 +1892,9 @@ class BBCode extends BaseObject
 	 * @param string $addon The addon for which the abstract is meant for
 	 * @return string The abstract
 	 */
-	public static function getAbstract($text, $addon = "")
+	public static function getAbstract($text, $addon = '')
 	{
-		$abstract = "";
+		$abstract = '';
 		$abstracts = [];
 		$addon = strtolower($addon);
@ -1877,7 +1908,7 @@ class BBCode extends BaseObject
 			$abstract = $abstracts[$addon];
 		}
-		if ($abstract == "" && preg_match("/\[abstract\](.*?)\[\/abstract\]/ism", $text, $result)) {
+		if ($abstract == '' && preg_match("/\[abstract\](.*?)\[\/abstract\]/ism", $text, $result)) {
 			$abstract = $result[1];
 		}
@ -1953,7 +1984,7 @@ class BBCode extends BaseObject
 			// Add all tags that maybe were removed
 			if (preg_match_all("/#\[url\=([$url_search_string]*)\](.*?)\[\/url\]/ism", $original_text, $tags)) {
-				$tagline = "";
+				$tagline = '';
 				foreach ($tags[2] as $tag) {
 					$tag = html_entity_decode($tag, ENT_QUOTES, 'UTF-8');
 					if (!strpos(html_entity_decode($text, ENT_QUOTES, 'UTF-8'), '#' . $tag)) {
@ -1971,7 +2002,7 @@ class BBCode extends BaseObject
 		// If a link is followed by a quote then there should be a newline before it
 		// Maybe we should make this newline at every time before a quote.
-		$text = str_replace(["</a><blockquote>"], ["</a><br><blockquote>"], $text);
+		$text = str_replace(['</a><blockquote>'], ['</a><br><blockquote>'], $text);
 		$stamp1 = microtime(true);
--- a/src/Content/Text/HTML.php
+++ b/src/Content/Text/HTML.php
@ -42,14 +42,32 @@ class HTML
 		return $cleaned;
 	}
-	private static function tagToBBCode(DOMDocument $doc, $tag, $attributes, $startbb, $endbb)
+	/**
 	 * Search all instances of a specific HTML tag node in the provided DOM document and replaces them with BBCode text nodes.
 	 *
 	 * @see HTML::tagToBBCodeSub()
 	 */
 	private static function tagToBBCode(DOMDocument $doc, string $tag, array $attributes, string $startbb, string $endbb, bool $ignoreChildren = false)
 	{
 		do {
-			$done = self::tagToBBCodeSub($doc, $tag, $attributes, $startbb, $endbb);
+			$done = self::tagToBBCodeSub($doc, $tag, $attributes, $startbb, $endbb, $ignoreChildren);
 		} while ($done);
 	}
-	private static function tagToBBCodeSub(DOMDocument $doc, $tag, $attributes, $startbb, $endbb)
+	/**
 	 * Search the first specific HTML tag node in the provided DOM document and replaces it with BBCode text nodes.
 	 *
 	 * @param DOMDocument $doc
 	 * @param string      $tag            HTML tag name
 	 * @param array       $attributes     Array of attributes to match and optionally use the value from
 	 * @param string      $startbb        BBCode tag opening
 	 * @param string      $endbb          BBCode tag closing
 	 * @param bool        $ignoreChildren If set to false, the HTML tag children will be appended as text inside the BBCode tag
 	 *                                    Otherwise, they will be entirely ignored. Useful for simple BBCode that draw their
 	 *                                    inner value from an attribute value and disregard the tag children.
 	 * @return bool Whether a replacement was done
 	 */
 	private static function tagToBBCodeSub(DOMDocument $doc, string $tag, array $attributes, string $startbb, string $endbb, bool $ignoreChildren = false)
 	{
 		$savestart = str_replace('$', '\x01', $startbb);
 		$replace = false;
@ -98,7 +116,7 @@ class HTML
 				$node->parentNode->insertBefore($StartCode, $node);
-				if ($node->hasChildNodes()) {
+				if (!$ignoreChildren && $node->hasChildNodes()) {
 					/** @var \DOMNode $child */
 					foreach ($node->childNodes as $key => $child) {
 						/* Remove empty text nodes at the start or at the end of the children list */
@ -296,14 +314,14 @@ class HTML
 		self::tagToBBCode($doc, 'a', ['href' => '/mailto:(.+)/'], '[mail=$1]', '[/mail]');
 		self::tagToBBCode($doc, 'a', ['href' => '/(.+)/'], '[url=$1]', '[/url]');
-		self::tagToBBCode($doc, 'img', ['src' => '/(.+)/', 'alt' => '/(.+)/'], '[img=$1]$2', '[/img]');
+		self::tagToBBCode($doc, 'img', ['src' => '/(.+)/', 'alt' => '/(.+)/'], '[img=$1]$2', '[/img]', true);
-		self::tagToBBCode($doc, 'img', ['src' => '/(.+)/', 'width' => '/(\d+)/', 'height' => '/(\d+)/'], '[img=$2x$3]$1', '[/img]');
+		self::tagToBBCode($doc, 'img', ['src' => '/(.+)/', 'width' => '/(\d+)/', 'height' => '/(\d+)/'], '[img=$2x$3]$1', '[/img]', true);
-		self::tagToBBCode($doc, 'img', ['src' => '/(.+)/'], '[img]$1', '[/img]');
+		self::tagToBBCode($doc, 'img', ['src' => '/(.+)/'], '[img]$1', '[/img]', true);
-		self::tagToBBCode($doc, 'video', ['src' => '/(.+)/'], '[video]$1', '[/video]');
+		self::tagToBBCode($doc, 'video', ['src' => '/(.+)/'], '[video]$1', '[/video]', true);
-		self::tagToBBCode($doc, 'audio', ['src' => '/(.+)/'], '[audio]$1', '[/audio]');
+		self::tagToBBCode($doc, 'audio', ['src' => '/(.+)/'], '[audio]$1', '[/audio]', true);
-		self::tagToBBCode($doc, 'iframe', ['src' => '/(.+)/'], '[iframe]$1', '[/iframe]');
+		self::tagToBBCode($doc, 'iframe', ['src' => '/(.+)/'], '[iframe]$1', '[/iframe]', true);
 		self::tagToBBCode($doc, 'key', [], '[code]', '[/code]');
 		self::tagToBBCode($doc, 'code', [], '[code]', '[/code]');
@ -854,8 +872,8 @@ class HTML
 			$url = '';
 		}
-		return Renderer::replaceMacros(Renderer::getMarkupTemplate(($textmode)?'micropro_txt.tpl':'micropro_img.tpl'), [
+		return Renderer::replaceMacros(Renderer::getMarkupTemplate($textmode ? 'micropro_txt.tpl' : 'micropro_img.tpl'), [
-			'$click' => defaults($contact, 'click', ''),
+			'$click' => $contact['click'] ?? '',
 			'$class' => $class,
 			'$url' => $url,
 			'$photo' => ProxyUtils::proxifyUrl($contact['thumb'], false, ProxyUtils::SIZE_THUMB),
@ -875,9 +893,9 @@ class HTML
 	 * @param bool   $aside Display the search widgit aside.
 	 *
 	 * @return string Formatted HTML.
-	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
+	 * @throws \Exception
 	 */
-	public static function search($s, $id = 'search-box', $url = 'search', $aside = true)
+	public static function search($s, $id = 'search-box', $aside = true)
 	{
 		$mode = 'text';
@ -887,24 +905,25 @@ class HTML
 		$save_label = $mode === 'text' ? L10n::t('Save') : L10n::t('Follow');
 		$values = [
-				'$s' => $s,
+			'$s'            => $s,
-				'$id' => $id,
+			'$q'            => urlencode($s),
-				'$action_url' => $url,
+			'$id'           => $id,
-				'$search_label' => L10n::t('Search'),
+			'$search_label' => L10n::t('Search'),
-				'$save_label' => $save_label,
+			'$save_label'   => $save_label,
-				'$savedsearch' => 'savedsearch',
+			'$search_hint'  => L10n::t('@name, !forum, #tags, content'),
-				'$search_hint' => L10n::t('@name, !forum, #tags, content'),
+			'$mode'         => $mode,
-				'$mode' => $mode
+			'$return_url'   => urlencode('search?q=' . urlencode($s)),
-			];
+		];
 		if (!$aside) {
-			$values['$searchoption'] = [
+			$values['$search_options'] = [
-						L10n::t("Full Text"),
+				'fulltext' => L10n::t('Full Text'),
-						L10n::t("Tags"),
+				'tags'     => L10n::t('Tags'),
-						L10n::t("Contacts")];
+				'contacts' => L10n::t('Contacts')
 			];
 			if (Config::get('system', 'poco_local_search')) {
-				$values['$searchoption'][] = L10n::t("Forums");
+				$values['$searchoption']['forums'] = L10n::t('Forums');
 			}
 		}
--- a/src/Content/Widget.php
+++ b/src/Content/Widget.php
@ -11,6 +11,7 @@ use Friendica\Core\PConfig;
 use Friendica\Core\Protocol;
 use Friendica\Core\Renderer;
 use Friendica\Core\System;
 use Friendica\Core\Session;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\FileTag;
@ -337,16 +338,9 @@ class Widget
 			return;
 		}
-		$cid = $zcid = 0;
+		$zcid = 0;
-		if (!empty($_SESSION['remote'])) {
+		$cid = Session::getRemoteContactID($profile_uid);
 			foreach ($_SESSION['remote'] as $visitor) {
 				if ($visitor['uid'] == $profile_uid) {
 					$cid = $visitor['cid'];
 					break;
 				}
 			}
 		}
 		if (!$cid) {
 			if (Profile::getMyURL()) {
--- a/src/Content/Widget/CalendarExport.php
+++ b/src/Content/Widget/CalendarExport.php
@ -57,7 +57,7 @@ class CalendarExport
 		// $a->data is only available if the profile page is visited. If the visited page is not part
 		// of the profile page it should be the personal /events page. So we can use $a->user.
-		$user = defaults($a->data['user'], 'nickname', $a->user['nickname']);
+		$user = ($a->data['user']['nickname'] ?? '') ?: $a->user['nickname'];
 		$tpl = Renderer::getMarkupTemplate("widget/events.tpl");
 		$return = Renderer::replaceMacros($tpl, [
--- a/src/Content/Widget/ContactBlock.php
+++ b/src/Content/Widget/ContactBlock.php
@ -61,7 +61,7 @@ class ContactBlock
 		if ($total) {
 			// Only show followed for personal accounts, followers for pages
-			if (defaults($profile, 'account-type', User::ACCOUNT_TYPE_PERSON) == User::ACCOUNT_TYPE_PERSON) {
+			if ((($profile['account-type'] ?? '') ?: User::ACCOUNT_TYPE_PERSON) == User::ACCOUNT_TYPE_PERSON) {
 				$rel = [Contact::SHARING, Contact::FRIEND];
 			} else {
 				$rel = [Contact::FOLLOWER, Contact::FRIEND];
--- a/src/Content/Widget/SavedSearches.php
+++ b/src/Content/Widget/SavedSearches.php
@ -0,0 +1,47 @@
 <?php
 namespace Friendica\Content\Widget;
 use Friendica\Core\L10n;
 use Friendica\Core\Renderer;
 use Friendica\Database\DBA;
 class SavedSearches
 {
 	/**
 	 * @param string $return_url
 	 * @param string $search
 	 * @return string
 	 * @throws \Exception
 	 */
 	public static function getHTML($return_url, $search = '')
 	{
 		$o = '';
 		$saved_searches = DBA::select('search', ['id', 'term'], ['uid' => local_user()]);
 		if (DBA::isResult($saved_searches)) {
 			$saved = [];
 			foreach ($saved_searches as $saved_search) {
 				$saved[] = [
 					'id'          => $saved_search['id'],
 					'term'        => $saved_search['term'],
 					'encodedterm' => urlencode($saved_search['term']),
 					'delete'      => L10n::t('Remove term'),
 					'selected'    => $search == $saved_search['term'],
 				];
 			}
 			$tpl = Renderer::getMarkupTemplate('widget/saved_searches.tpl');
 			$o = Renderer::replaceMacros($tpl, [
 				'$title'      => L10n::t('Saved Searches'),
 				'$add'        => '',
 				'$searchbox'  => '',
 				'$saved'      => $saved,
 				'$return_url' => urlencode($return_url),
 			]);
 		}
 		return $o;
 	}
 }
--- a/src/Core/ACL.php
+++ b/src/Core/ACL.php
@ -11,6 +11,7 @@ use Friendica\Content\Feature;
 use Friendica\Database\DBA;
 use Friendica\Model\Contact;
 use Friendica\Model\GContact;
 use Friendica\Core\Session;
 use Friendica\Util\Network;
 /**
@ -40,12 +41,12 @@ class ACL extends BaseObject
 		$networks = null;
-		$size = defaults($options, 'size', 4);
+		$size = ($options['size'] ?? 0) ?: 4;
 		$mutual = !empty($options['mutual_friends']);
 		$single = !empty($options['single']) && empty($options['multiple']);
-		$exclude = defaults($options, 'exclude', false);
+		$exclude = $options['exclude'] ?? false;
-		switch (defaults($options, 'networks', Protocol::PHANTOM)) {
+		switch (($options['networks'] ?? '') ?: Protocol::PHANTOM) {
 			case 'DFRN_ONLY':
 				$networks = [Protocol::DFRN];
 				break;
@ -225,13 +226,13 @@ class ACL extends BaseObject
 		$acl_regex = '/<([0-9]+)>/i';
-		preg_match_all($acl_regex, defaults($user, 'allow_cid', ''), $matches);
+		preg_match_all($acl_regex, $user['allow_cid'] ?? '', $matches);
 		$allow_cid = $matches[1];
-		preg_match_all($acl_regex, defaults($user, 'allow_gid', ''), $matches);
+		preg_match_all($acl_regex, $user['allow_gid'] ?? '', $matches);
 		$allow_gid = $matches[1];
-		preg_match_all($acl_regex, defaults($user, 'deny_cid', ''), $matches);
+		preg_match_all($acl_regex, $user['deny_cid'] ?? '', $matches);
 		$deny_cid = $matches[1];
-		preg_match_all($acl_regex, defaults($user, 'deny_gid', ''), $matches);
+		preg_match_all($acl_regex, $user['deny_gid'] ?? '', $matches);
 		$deny_gid = $matches[1];
 		// Reformats the ACL data so that it is accepted by the JS frontend
@ -300,10 +301,10 @@ class ACL extends BaseObject
 			'$showall' => L10n::t('Visible to everybody'),
 			'$show' => L10n::t('show'),
 			'$hide' => L10n::t('don\'t show'),
-			'$allowcid' => json_encode(defaults($default_permissions, 'allow_cid', [])), // we need arrays for Javascript since we call .remove() and .push() on this values
+			'$allowcid' => json_encode(($default_permissions['allow_cid'] ?? '') ?: []), // We need arrays for
-			'$allowgid' => json_encode(defaults($default_permissions, 'allow_gid', [])),
+			'$allowgid' => json_encode(($default_permissions['allow_gid'] ?? '') ?: []), // Javascript since we
-			'$denycid' => json_encode(defaults($default_permissions, 'deny_cid', [])),
+			'$denycid'  => json_encode(($default_permissions['deny_cid']  ?? '') ?: []), // call .remove() and
-			'$denygid' => json_encode(defaults($default_permissions, 'deny_gid', [])),
+			'$denygid'  => json_encode(($default_permissions['deny_gid']  ?? '') ?: []), // .push() on these values
 			'$networks' => $show_jotnets,
 			'$emailcc' => L10n::t('CC: email addresses'),
 			'$emtitle' => L10n::t('Example: bob@example.com, mary@example.com'),
@ -320,46 +321,4 @@ class ACL extends BaseObject
 		return $o;
 	}
 	/**
 	 * Searching for global contacts for autocompletion
 	 *
 	 * @brief Searching for global contacts for autocompletion
 	 * @param string $search Name or part of a name or nick
 	 * @param string $mode   Search mode (e.g. "community")
 	 * @return array with the search results
 	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 */
 	public static function contactAutocomplete($search, $mode)
 	{
 		if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
 			return [];
 		}
 		// don't search if search term has less than 2 characters
 		if (!$search || mb_strlen($search) < 2) {
 			return [];
 		}
 		if (substr($search, 0, 1) === '@') {
 			$search = substr($search, 1);
 		}
 		// check if searching in the local global contact table is enabled
 		if (Config::get('system', 'poco_local_search')) {
 			$return = GContact::searchByName($search, $mode);
 		} else {
 			$p = defaults($_GET, 'page', 1) != 1 ? '&p=' . defaults($_GET, 'page', 1) : '';
 			$curlResult = Network::curl(get_server() . '/lsearch?f=' . $p . '&search=' . urlencode($search));
 			if ($curlResult->isSuccess()) {
 				$lsearch = json_decode($curlResult->getBody(), true);
 				if (!empty($lsearch['results'])) {
 					$return = $lsearch['results'];
 				}
 			}
 		}
 		return defaults($return, []);
 	}
 }
--- a/src/Core/Authentication.php
+++ b/src/Core/Authentication.php
@ -1,4 +1,5 @@
 <?php
 /**
 * @file /src/Core/Authentication.php
 */
@ -10,8 +11,8 @@ use Friendica\BaseObject;
 use Friendica\Network\HTTPException\ForbiddenException;
 /**
-* Handle Authentification, Session and Cookies
+ * Handle Authentification, Session and Cookies
-*/
+ */
 class Authentication extends BaseObject
 {
 	/**
@ -24,9 +25,11 @@ class Authentication extends BaseObject
 	 */
 	public static function getCookieHashForUser($user)
 	{
-		return(hash("sha256", Config::get("system", "site_prvkey") .
+		return hash_hmac(
-				$user["prvkey"] .
+			"sha256",
-				$user["password"]));
+			hash_hmac("sha256", $user["password"], $user["prvkey"]),
 			Config::get("system", "site_prvkey")
 		);
 	}
 	/**
@ -43,9 +46,11 @@ class Authentication extends BaseObject
 		}
 		if ($user) {
-			$value = json_encode(["uid" => $user["uid"],
+			$value = json_encode([
 				"uid" => $user["uid"],
 				"hash" => self::getCookieHashForUser($user),
-				"ip" => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0')]);
+				"ip" => ($_SERVER['REMOTE_ADDR'] ?? '') ?: '0.0.0.0'
 			]);
 		} else {
 			$value = "";
 		}
@ -88,4 +93,3 @@ class Authentication extends BaseObject
 		}
 	}
 }
--- a/Show More
+++ b/Show More