diff --git a/boot.php b/boot.php
index 3b8c27f602..ea304b1e8c 100644
--- a/boot.php
+++ b/boot.php
@@ -7,7 +7,7 @@ require_once('include/text.php');
 require_once("include/pgettext.php");
 
 
-define ( 'FRIENDIKA_VERSION',      '2.2.1067' );
+define ( 'FRIENDIKA_VERSION',      '2.2.1068' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.21'    );
 define ( 'DB_UPDATE_VERSION',      1079      );
 
diff --git a/include/group.php b/include/group.php
index 8ee7face6d..1ebae7b7b0 100644
--- a/include/group.php
+++ b/include/group.php
@@ -170,7 +170,7 @@ EOT;
 			$o .= '	<li class="sidebar-group-li">' 
 			. (($edit) ? "<a href=\"group/{$rr['id']}\" title=\"" . t('Edit') 
 				. "\" ><img src=\"images/spencil.gif\" alt=\"" . t('Edit') . "\"></a> " : "") 
-			. (($cid) ? '<input type="checkbox" onclick="contactgroupChangeMember(' . $rr['id'] . ',' . $cid . ');return true;" '
+			. (($cid) ? '<input type="checkbox" class="' . (($selected) ? 'ticked' : 'unticked') . '" onclick="contactgroupChangeMember(' . $rr['id'] . ',' . $cid . ');return true;" '
 				. ((in_array($rr['id'],$member_of)) ? ' checked="checked" ' : '') . '/>' : '')
 			. "<a href=\"$each/{$rr['id']}\" $selected >{$rr['name']}</a></li>\r\n";
 		}
diff --git a/include/main.js b/include/main.js
index e5c78a0654..6db1f41795 100644
--- a/include/main.js
+++ b/include/main.js
@@ -344,7 +344,7 @@
 	function contactgroupChangeMember(gid,cid) {
 		$('body').css('cursor', 'wait');
 		$.get('contactgroup/' + gid + '/' + cid, function(data) {
-				$('body').css('cursor', 'auto');				
+				$('body').css('cursor', 'auto');
 		});
 	}
 
@@ -402,3 +402,4 @@ Array.prototype.remove = function(item) {
   this.length = from < 0 ? this.length + from : from;
   return this.push.apply(this, rest);
 };
+
diff --git a/include/poller.php b/include/poller.php
index 611dd20bf0..6ac99fc7d0 100644
--- a/include/poller.php
+++ b/include/poller.php
@@ -421,6 +421,8 @@ function poller_run($argv, $argc){
 							$datarray['contact-id'] = $contact['id'];
 							if($datarray['parent-uri'] === $datarray['uri'])
 								$datarray['private'] = 1;
+							if(! get_pconfig($importer_uid,'system','allow_public_email_replies'))
+								$datarray['private'] = 1;
 							$datarray['author-name'] = $contact['name'];
 							$datarray['author-link'] = 'mailbox';
 							$datarray['author-avatar'] = $contact['photo'];
diff --git a/include/text.php b/include/text.php
index 0641689d50..aeb20bb0f9 100644
--- a/include/text.php
+++ b/include/text.php
@@ -19,11 +19,18 @@ function replace_macros($s,$r) {
 }}
 
 
-// random hex string, 64 chars max
+// random string, there are 86 characters max in text mode, 128 for hex
+// output is urlsafe
+
+define('RANDOM_STRING_HEX',  0x00 );
+define('RANDOM_STRING_TEXT', 0x01 );
 
 if(! function_exists('random_string')) {
-function random_string($size = 64) {
-	return(substr(hash('sha256',uniqid(rand(),true)),0,$size));
+function random_string($size = 64,$type = RANDOM_STRING_HEX) {
+	// generate a bit of entropy and run it through the whirlpool
+	$s = hash('whirlpool', (string) rand() . uniqid(rand(),true) . (string) rand(),(($type == RANDOM_STRING_TEXT) ? true : false));
+	$s = (($type == RANDOM_STRING_TEXT) ? str_replace("\n","",base64url_encode($s,true)) : $s);
+	return(substr($s,0,$size));
 }}
 
 /**