Merge commit 'origin/0.9.x' into 0.9.x

2010-08-16 02:52:23 +00:00 · 2010-08-16 02:52:23 +00:00 · 640e7e7c43
commit 640e7e7c43
parent af4fd32742 c1cab9bfb8
598 changed files with 87354 additions and 22386 deletions
--- a/EVENTS.txt
+++ b/EVENTS.txt
@ -818,3 +818,251 @@ EndDeleteUser: handling the post for deleting a user
 - $action: action being shown
 - $user: user being deleted
 StartActivityStart: starting the output for a notice activity <event>
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$attrs: <entry> attributes (mostly namespace declarations, if any)
 EndActivityStart: end the opening tag for an activity <event>
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $attrs: <entry> attributes (mostly namespace declarations, if any)
 StartActivitySource: before outputting the <source> element for a notice activity
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 EndActivitySource: after outputting the <source> element for a notice activity
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 StartActivityTitle: before outputting notice activity title
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$title: title of the notice, mutable
 EndActivityTitle: after outputting notice activity title
 - $notice: notice being output
 - &$xs: XMLStringer for output
 - $title: title of the notice
 StartActivityAuthor: before outputting atom author
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$atomAuthor: string for XML representing atom author
 EndActivityAuthor: after outputting atom author
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$atomAuthor: string for XML representing atom author
 StartActivityActor: before outputting activity actor element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$actor: string for XML representing activity actor
 EndActivityActor: after outputting activity actor element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$actor: string for XML representing activity actor
 StartActivityLink: before outputting activity HTML link element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$url: URL for activity HTML link element for a notice activity entry
 EndActivityLink: before outputting activity HTML link element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $url:  URL for activity HTML link element for a notice activity entry
 StartActivityId: before outputting atom:id element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$id: atom:id (notice URI by default)
 EndActivityId: after outputting atom:id element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $id:  atom:id (notice URI by default)
 StartActivityPublished: before outputting atom:published element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$published: atom:published value (notice created by default)
 EndActivityPublished: before outputting atom:published element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $published:  atom:published value (notice created by default)
 StartActivityUpdated: before outputting atom:updated element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$updated: atom:updated value (same as atom:published by default)
 EndActivityUpdated: after outputting atom:updated element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $updated: atom:updated value (same as atom:published by default)
 StartActivityContent: before outputting atom:content element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$content: atom:content value (notice rendered HTML by default)
 EndActivityContent: after outputting atom:content element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $content: atom:content value (notice rendered HTML by default)
 StartActivityVerb: before outputting activity:verb element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$verb: activity:verb URI ('http://activitystrea.ms/schema/1.0/post' by default)
 EndActivityVerb: after outputting activity:verb element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $verb: activity:verb URI ('http://activitystrea.ms/schema/1.0/post' by default)
 StartActivityDefaultObjectType: before outputting activity:object-type element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$type: activity:object-type URI for default object ('http://activitystrea.ms/schema/1.0/note' by default)
 EndActivityDefaultObjectType: after outputting activity:verb element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $type: activity:object-type URI for default object ('http://activitystrea.ms/schema/1.0/note' by default)
 StartActivityObjects: before outputting activity:object elements for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$objects: array of ActivityObject objects to output (empty by default)
 EndActivityObjects: after outputting activity:object elements for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $objects: array of ActivityObject objects to output (empty by default)
 StartActivityNoticeInfo: before outputting statusnet:notice-info element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$noticeInfoAttr: array of attributes for notice info element
 EndActivityNoticeInfo: after outputting statusnet:notice-info element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $noticeInfoAttr: array of attributes for notice info element
 StartActivityInReplyTo: before outputting thr:in-reply-to element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$replyNotice: Notice object the main notice is in-reply-to
 EndActivityInReplyTo: after outputting thr:in-reply-to element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $replyNotice: Notice object the main notice is in-reply-to
 StartActivityConversation: before outputting ostatus:conversation link element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$conv: Conversation object
 EndActivityConversation: after outputting ostatus:conversation link element for a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $conv: Conversation object
 StartActivityAttentionProfiles: before outputting ostatus:attention link element for people in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$replyProfiles: array of profiles of people being replied to
 EndActivityAttentionProfiles: after outputting ostatus:attention link element for people in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $replyProfiles: array of Profile object of people being replied to
 StartActivityAttentionGroups: before outputting ostatus:attention link element for groups in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$groups: array of Group objects of groups being addressed
 EndActivityAttentionGroups: after outputting ostatus:attention link element for groups in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $groups: array of Group objects of groups being addressed
 StartActivityForward: before outputting ostatus:forward link element in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$repeat: Notice that was repeated
 EndActivityForward: after outputting ostatus:forward link element in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $repeat: Notice that was repeated
 StartActivityCategories: before outputting atom:category elements in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$tags: array of strings for tags on the notice (used for categories)
 EndActivityCategories: after outputting atom:category elements in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $tags: array of strings for tags on the notice (used for categories)
 StartActivityEnclosures: before outputting enclosure link elements in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$enclosures: array of enclosure objects (see File::getEnclosure() for details)
 EndActivityEnclosures: after outputting enclosure link elements in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $enclosures: array of enclosure objects (see File::getEnclosure() for details)
 StartActivityGeo: before outputting geo:rss element in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - &$lat: latitude
 - &$lon: longitude
 EndActivityGeo: after outputting geo:rss element in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 - $lat: latitude
 - $lon: longitude
 StartActivityEnd: before the closing </entry> in a notice activity entry (last chance for data!)
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 EndActivityEnd: after the closing </entry> in a notice activity entry
 - &$notice: notice being output
 - &$xs: XMLStringer for output
 StartNoticeSaveWeb: before saving a notice through the Web interface
 - $action: action being executed (instance of NewNoticeAction)
 - &$authorId: integer ID of the author
 - &$text: text of the notice
 - &$options: additional options (location, replies, etc.)
 EndNoticeSaveWeb: after saving a notice through the Web interface
 - $action: action being executed (instance of NewNoticeAction)
 - $notice: notice that was saved
 StartRssEntryArray: at the start of copying a notice to an array
 - $notice: the notice being copied
 - &$entry: the entry (empty at beginning)
 EndRssEntryArray: at the end of copying a notice to an array
 - $notice: the notice being copied
 - &$entry: the entry, with all the fields filled up
 NoticeDeleteRelated: at the beginning of deleting related fields to a notice
 - $notice: notice being deleted
--- a/68
+++ b/68
@ -2,8 +2,8 @@
 README
 ------
-StatusNet 0.9.2 ("King of Birds")
+StatusNet 0.9.4beta2
-3 May 2010
+11 August 2010
 This is the README file for StatusNet, the Open Source microblogging
 platform. It includes installation instructions, descriptions of
@ -43,6 +43,10 @@ on status.net is identical to the software available for download, so
 you can move back and forth between a hosted version or a version
 installed on your own servers.
 A commercial software subscription is available from StatusNet Inc. It
 includes 24-hour technical support and developer support. More
 information at http://status.net/contact or email sales@status.net.
 License
 =======
@ -77,40 +81,31 @@ for additional terms.
 New this version
 ================
-This is a minor bug and feature release since version 0.9.1 released 28 
+This is a security, bug and feature release since version 0.9.3 released on
-March 2010.
+29 June 2010.
-Because of fixes to OStatus bugs, it is highly recommended that all
+For best compatibility with client software and site federation, and a lot of
-public sites upgrade to the new version immediately.
+bug fixes, it is highly recommended that all public sites upgrade to the new
 version.
 Changes from 0.9.4beta1:
 - fix for daemon config switching on multi-site setup
 Notable changes this version:
- Installer no longer fails with a PHP fatal error when trying to set up the
+- OpenID and OAuth libraries patched for potential timing attack
-  subscription to update@status.net
+- OStatus feed i/o updated for Activity Streams
- Fixed email notifications for @-replies that come in via OStatus
+- Correctness fixes on XRD, other discovery bits
- OStatus related Fixes to the cloudy theme
+- Support for contacting SNI-based SSL virtual hosts when SSL
- Pass geo locations over Twitter bridge (will only be used if enabled on the
+  certificate verification is enabled (requires PHP 5.3.2+ or
-  Twitter side)
+  enabling CURL backend with $config['http']['curl'] = true)
- scripts/showplugins.php - script to dump the list of activated plugins and
+- Experimental SubMirror plugin
-  their settings
+- Multi-site status_network table mode has been tweaked to support
- scripts/fixup_blocks.php - script to finds any stray subscriptions in
+  multiple tags better
-  violation of blocks, and removes them
+- Many updates to user interface translation from TranslateWiki
- Allow blocking someone who's not currently subscribed to you (prevents
+- Many other bugfixes
  seeing @-replies from them, or them subbing to you in future)
 - Default 2-second timeout on Geonames web service lookups
 - Improved localization for plugins
 - New anti-spam measures: added nofollow rels to group members list,
  subscribers list
 - Shared cache key option for Geonames plugin (lets multi-instance sites
  share their cached geoname lookups)
 - Stability fixes to the TwitterStatusFetcher
 - If user allows location sharing but turned off browser location use profile
  location
 - Improved group listing via the API
 - Improved FOAF output
 - Several other bugfixes
-A full changelog is available at http://status.net/wiki/StatusNet_0.9.2.
+A full changelog is available at http://status.net/wiki/StatusNet_0.9.4.
 Prerequisites
 =============
@ -121,8 +116,8 @@ run correctly.
 - PHP 5.2.3+. It may be possible to run this software on earlier
  versions of PHP, but many of the functions used are only available
  in PHP 5.2 or above. 5.2.6 or later is needed for XMPP background
-  daemons on 64-bit platforms. PHP 5.3.x should work but is known
+  daemons on 64-bit platforms. PHP 5.3.x should work correctly in this
-  to cause some failures for OpenID.
+  release, but problems with some plugins are possible.
 - MySQL 5.x. The StatusNet database is stored, by default, in a MySQL
  server. It has been primarily tested on 5.x servers, although it may
  be possible to install on earlier (or later!) versions. The server
@ -138,7 +133,6 @@ Your PHP installation must include the following PHP extensions:
 - MySQL. For accessing the database.
 - GD. For scaling down avatar images.
 - mbstring. For handling Unicode (UTF-8) encoded strings.
 - gettext. For multiple languages. Default on many PHP installs.
 For some functionality, you will also need the following extensions:
@ -153,6 +147,8 @@ For some functionality, you will also need the following extensions:
  Sphinx server to serve the search queries.
 - bcmath or gmp. For Salmon signatures (part of OStatus). Needed
  if you have OStatus configured.
 - gettext. For multiple languages. Default on many PHP installs;
  will be emulated if not present.
 You will almost definitely get 2-3 times better performance from your
 site if you install a PHP bytecode cache/accelerator. Some well-known
@ -222,7 +218,7 @@ especially if you've previously installed PHP/MySQL packages.
 1. Unpack the tarball you downloaded on your Web server. Usually a
   command like this will work:
-       tar zxf statusnet-0.9.2.tar.gz
+       tar zxf statusnet-0.9.4.tar.gz
   ...which will make a statusnet-0.9.2 subdirectory in your current
   directory. (If you don't have shell access on your Web server, you
@ -232,7 +228,7 @@ especially if you've previously installed PHP/MySQL packages.
 2. Move the tarball to a directory of your choosing in your Web root
   directory. Usually something like this will work:
-       mv statusnet-0.9.2 /var/www/statusnet
+       mv statusnet-0.9.4 /var/www/statusnet
   This will make your StatusNet instance available in the statusnet path of
   your server, like "http://example.net/statusnet". "microblog" or
--- a/actions/all.php
+++ b/actions/all.php
@ -18,15 +18,19 @@
 *
 * @category Actions
 * @package  Actions
 * @author   Evan Prodromou <evan@status.net>
 * @author   Mike Cochrane <mikec@mikenz.geek.nz>
 * @author   Robin Millette <millette@controlyourself.ca>
 * @author   Adrian Lang <mail@adrianlang.de>
- * @author   Meitar Moscovitz <meitarm@gmail.com>
+ * @author   Brenda Wallace <shiny@cpan.org>
- * @author   Sarven Capadisli <csarven@status.net>
+ * @author   Brion Vibber <brion@pobox.com>
 * @author   Craig Andrews <candrews@integralblue.com>
 * @author   Evan Prodromou <evan@status.net>
 * @author   Jeffery To <jeffery.to@gmail.com>
- * @author   Zach Copley <zach@controlyourself.ca>
+ * @author   Meitar Moscovitz <meitarm@gmail.com>
 * @author   Mike Cochrane <mikec@mikenz.geek.nz>
 * @author   Robin Millette <millette@status.net>
 * @author   Sarven Capadisli <csarven@status.net>
 * @author   Siebrand Mazeland <s.mazeland@xs4all.nl>
 * @author   Zach Copley <zach@status.net>
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license  GNU Affero General Public License http://www.gnu.org/licenses/
 * @link     http://status.net
 */
@ -139,10 +143,10 @@ class AllAction extends ProfileAction
                $message .= _('Try subscribing to more people, [join a group](%%action.groups%%) or post something yourself.');
            } else {
                // TRANS: %1$s is user nickname, %2$s is user nickname, %2$s is user nickname prefixed with "@"
-                $message .= sprintf(_('You can try to [nudge %1$s](../%2$s) from his profile or [post something to his or her attention](%%%%action.newnotice%%%%?status_textarea=%3$s).'), $this->user->nickname, $this->user->nickname, '@' . $this->user->nickname);
+                $message .= sprintf(_('You can try to [nudge %1$s](../%2$s) from their profile or [post something to them](%%%%action.newnotice%%%%?status_textarea=%3$s).'), $this->user->nickname, $this->user->nickname, '@' . $this->user->nickname);
            }
        } else {
-            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to his or her attention.'), $this->user->nickname);
+            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to them.'), $this->user->nickname);
        }
        $this->elementStart('div', 'guide');
--- a/actions/apiaccountratelimitstatus.php
+++ b/actions/apiaccountratelimitstatus.php
@ -21,8 +21,10 @@
 *
 * @category  API
 * @package   StatusNet
 * @author    Brion Vibber <brion@pobox.com>
 * @author    Evan Prodromou <evan@status.net>
 * @author    Robin Millette <robin@millette.info>
 * @author    Siebrand Mazeland <s.mazeland@xs4all.nl>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
--- a/actions/apiaccountupdatedeliverydevice.php
+++ b/actions/apiaccountupdatedeliverydevice.php
@ -21,6 +21,7 @@
 *
 * @category  API
 * @package   StatusNet
 * @author    Siebrand Mazeland <s.mazeland@xs4all.nl>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
--- a/actions/apiaccountupdateprofilecolors.php
+++ b/actions/apiaccountupdateprofilecolors.php
@ -22,7 +22,7 @@
 * @category  API
 * @package   StatusNet
 * @author    Zach Copley <zach@status.net>
- * @copyright 2009 StatusNet, Inc.
+ * @copyright 2009-2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -131,7 +131,7 @@ class ApiAccountUpdateProfileColorsAction extends ApiAuthAction
            try {
                $this->setColors($design);
            } catch (WebColorException $e) {
-                $this->clientError($e->getMessage());
+                $this->clientError($e->getMessage(), 400, $this->format);
                return false;
            }
@ -153,7 +153,7 @@ class ApiAccountUpdateProfileColorsAction extends ApiAuthAction
            try {
                $this->setColors($design);
            } catch (WebColorException $e) {
-                $this->clientError($e->getMessage());
+                $this->clientError($e->getMessage(), 400, $this->format);
                return false;
            }
--- a/actions/apiaccountverifycredentials.php
+++ b/actions/apiaccountverifycredentials.php
@ -75,7 +75,7 @@ class ApiAccountVerifyCredentialsAction extends ApiAuthAction
        if ($this->format == 'xml') {
            $this->initDocument('xml');
-            $this->showTwitterXmlUser($twitter_user);
+            $this->showTwitterXmlUser($twitter_user, 'user', true);
            $this->endDocument('xml');
        } elseif ($this->format == 'json') {
            $this->initDocument('json');
--- a/actions/apiblockcreate.php
+++ b/actions/apiblockcreate.php
@ -23,7 +23,7 @@
 * @package   StatusNet
 * @author    Evan Prodromou <evan@status.net>
 * @author    Zach Copley <zach@status.net>
- * @copyright 2009 StatusNet, Inc.
+ * @copyright 2009-2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -65,7 +65,7 @@ class ApiBlockCreateAction extends ApiAuthAction
        parent::prepare($args);
        $this->user   = $this->auth_user;
-        $this->other  = $this->getTargetUser($this->arg('id'));
+        $this->other  = $this->getTargetProfile($this->arg('id'));
        return true;
    }
--- a/actions/apiblockdestroy.php
+++ b/actions/apiblockdestroy.php
@ -23,7 +23,7 @@
 * @package   StatusNet
 * @author    Evan Prodromou <evan@status.net>
 * @author    Zach Copley <zach@status.net>
- * @copyright 2009 StatusNet, Inc.
+ * @copyright 2009-2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -64,7 +64,7 @@ class ApiBlockDestroyAction extends ApiAuthAction
        parent::prepare($args);
        $this->user   = $this->auth_user;
-        $this->other  = $this->getTargetUser($this->arg('id'));
+        $this->other  = $this->getTargetProfile($this->arg('id'));
        return true;
    }
--- a/actions/apidirectmessage.php
+++ b/actions/apidirectmessage.php
@ -232,7 +232,8 @@ class ApiDirectMessageAction extends ApiAuthAction
    function showXmlDirectMessages()
    {
        $this->initDocument('xml');
-        $this->elementStart('direct-messages', array('type' => 'array'));
+        $this->elementStart('direct-messages', array('type' => 'array',
                                                     'xmlns:statusnet' => 'http://status.net/schema/api/1/'));
        foreach ($this->messages as $m) {
            $dm_array = $this->directMessageArray($m);
--- a/actions/apifavoritecreate.php
+++ b/actions/apifavoritecreate.php
@ -25,6 +25,7 @@
 * @author    Evan Prodromou <evan@status.net>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apifavoritedestroy.php
+++ b/actions/apifavoritedestroy.php
@ -25,6 +25,7 @@
 * @author    Evan Prodromou <evan@status.net>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apifriendshipscreate.php
+++ b/actions/apifriendshipscreate.php
@ -24,7 +24,7 @@
 * @author    Dan Moore <dan@moore.cx>
 * @author    Evan Prodromou <evan@status.net>
 * @author    Zach Copley <zach@status.net>
- * @copyright 2009 StatusNet, Inc.
+ * @copyright 2009-2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -67,7 +67,7 @@ class ApiFriendshipsCreateAction extends ApiAuthAction
        parent::prepare($args);
        $this->user   = $this->auth_user;
-        $this->other  = $this->getTargetUser($id);
+        $this->other  = $this->getTargetProfile($this->arg('id'));
        return true;
    }
@ -106,7 +106,7 @@ class ApiFriendshipsCreateAction extends ApiAuthAction
        if (empty($this->other)) {
            $this->clientError(
-                _('Could not follow user: User not found.'),
+                _('Could not follow user: profile not found.'),
                403,
                $this->format
            );
--- a/actions/apifriendshipsdestroy.php
+++ b/actions/apifriendshipsdestroy.php
@ -24,7 +24,7 @@
 * @author    Dan Moore <dan@moore.cx>
 * @author    Evan Prodromou <evan@status.net>
 * @author    Zach Copley <zach@status.net>
- * @copyright 2009 StatusNet, Inc.
+ * @copyright 2009-2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -67,7 +67,7 @@ class ApiFriendshipsDestroyAction extends ApiAuthAction
        parent::prepare($args);
        $this->user   = $this->auth_user;
-        $this->other  = $this->getTargetUser($id);
+        $this->other  = $this->getTargetProfile($this->arg('id'));
        return true;
    }
@ -125,8 +125,7 @@ class ApiFriendshipsDestroyAction extends ApiAuthAction
        }
        // throws an exception on error
-        Subscription::cancel($this->user->getProfile(),
+        Subscription::cancel($this->user->getProfile(), $this->other);
                             $this->other->getProfile());
        $this->initDocument($this->format);
        $this->showProfile($this->other, $this->format);
--- a/actions/apifriendshipsexists.php
+++ b/actions/apifriendshipsexists.php
@ -24,7 +24,7 @@
 * @author    Dan Moore <dan@moore.cx>
 * @author    Evan Prodromou <evan@status.net>
 * @author    Zach Copley <zach@status.net>
- * @copyright 2009 StatusNet, Inc.
+ * @copyright 2009-2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -50,8 +50,8 @@ require_once INSTALLDIR . '/lib/apiprivateauth.php';
 class ApiFriendshipsExistsAction extends ApiPrivateAuthAction
 {
-    var $user_a = null;
+    var $profile_a = null;
-    var $user_b = null;
+    var $profile_b = null;
    /**
     * Take arguments for running
@ -66,11 +66,8 @@ class ApiFriendshipsExistsAction extends ApiPrivateAuthAction
    {
        parent::prepare($args);
-        $user_a_id = $this->trimmed('user_a');
+        $this->profile_a = $this->getTargetProfile($this->trimmed('user_a'));
-        $user_b_id = $this->trimmed('user_b');
+        $this->profile_b = $this->getTargetProfile($this->trimmed('user_b'));
        $this->user_a = $this->getTargetUser($user_a_id);
        $this->user_b = $this->getTargetUser($user_b_id);
        return true;
    }
@ -89,16 +86,16 @@ class ApiFriendshipsExistsAction extends ApiPrivateAuthAction
    {
        parent::handle($args);
-        if (empty($this->user_a) || empty($this->user_b)) {
+        if (empty($this->profile_a) || empty($this->profile_b)) {
            $this->clientError(
-                _('Two user ids or screen_names must be supplied.'),
+                _('Two valid IDs or screen_names must be supplied.'),
                400,
                $this->format
            );
            return;
        }
-        $result = $this->user_a->isSubscribed($this->user_b);
+        $result = Subscription::exists($this->profile_a, $this->profile_b);
        switch ($this->format) {
        case 'xml':
--- a/actions/apigroupcreate.php
+++ b/actions/apigroupcreate.php
@ -26,6 +26,7 @@
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apigroupismember.php
+++ b/actions/apigroupismember.php
@ -26,6 +26,7 @@
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apigroupjoin.php
+++ b/actions/apigroupjoin.php
@ -26,6 +26,7 @@
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apigroupleave.php
+++ b/actions/apigroupleave.php
@ -26,6 +26,7 @@
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apigrouplist.php
+++ b/actions/apigrouplist.php
@ -26,6 +26,7 @@
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apigrouplistall.php
+++ b/actions/apigrouplistall.php
@ -26,6 +26,7 @@
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apigroupmembership.php
+++ b/actions/apigroupmembership.php
@ -26,6 +26,7 @@
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apigroupshow.php
+++ b/actions/apigroupshow.php
@ -26,6 +26,7 @@
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apimediaupload.php
+++ b/actions/apimediaupload.php
@ -88,15 +88,15 @@ class ApiMediaUploadAction extends ApiAuthAction
        try {
            $upload = MediaFile::fromUpload('media', $this->auth_user);
-        } catch (ClientException $ce) {
+        } catch (Exception $e) {
-            $this->clientError($ce->getMessage());
+            $this->clientError($e->getMessage(), $e->getCode());
            return;
        }
        if (isset($upload)) {
            $this->showResponse($upload);
        } else {
-            $this->clientError('Upload failed.');
+            $this->clientError(_('Upload failed.'));
            return;
        }
    }
--- a/actions/twitapisearchatom.php
+++ b/actions/twitapisearchatom.php
@ -22,7 +22,7 @@
 * @category  Search
 * @package   StatusNet
 * @author    Zach Copley <zach@status.net>
- * @copyright 2008-2009 StatusNet, Inc.
+ * @copyright 2008-2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -31,6 +31,8 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
    exit(1);
 }
 require_once INSTALLDIR.'/lib/apiprivateauth.php';
 /**
 * Action for outputting search results in Twitter compatible Atom
 * format.
@ -44,10 +46,10 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
 * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link     http://status.net/
 *
- * @see      ApiAction
+ * @see      ApiPrivateAuthAction
 */
-class TwitapisearchatomAction extends ApiAction
+class ApiSearchAtomAction extends ApiPrivateAuthAction
 {
    var $cnt;
@ -96,8 +98,11 @@ class TwitapisearchatomAction extends ApiAction
    function prepare($args)
    {
        common_debug("in apisearchatom prepare()");
        parent::prepare($args);
        $this->query = $this->trimmed('q');
        $this->lang  = $this->trimmed('lang');
        $this->rpp   = $this->trimmed('rpp');
@ -138,6 +143,7 @@ class TwitapisearchatomAction extends ApiAction
    function handle($args)
    {
        parent::handle($args);
        common_debug("In apisearchatom handle()");
        $this->showAtom();
    }
--- a/actions/twitapisearchjson.php
+++ b/actions/twitapisearchjson.php
@ -22,7 +22,7 @@
 * @category  Search
 * @package   StatusNet
 * @author    Zach Copley <zach@status.net>
- * @copyright 2008-2009 StatusNet, Inc.
+ * @copyright 2008-2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -31,6 +31,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
    exit(1);
 }
 require_once INSTALLDIR.'/lib/apiprivateauth.php';
 require_once INSTALLDIR.'/lib/jsonsearchresultslist.php';
 /**
@ -44,7 +45,7 @@ require_once INSTALLDIR.'/lib/jsonsearchresultslist.php';
 * @see      ApiAction
 */
-class TwitapisearchjsonAction extends ApiAction
+class ApiSearchJSONAction extends ApiPrivateAuthAction
 {
    var $query;
    var $lang;
@ -64,6 +65,8 @@ class TwitapisearchjsonAction extends ApiAction
    function prepare($args)
    {
        common_debug("apisearchjson prepare()");
        parent::prepare($args);
        $this->query = $this->trimmed('q');
--- a/actions/apistatusesdestroy.php
+++ b/actions/apistatusesdestroy.php
@ -29,6 +29,7 @@
 * @author    Robin Millette <robin@millette.info>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -99,19 +100,27 @@ class ApiStatusesDestroyAction extends ApiAuthAction
        parent::handle($args);
        if (!in_array($this->format, array('xml', 'json'))) {
-             $this->clientError(_('API method not found.'), $code = 404);
+            $this->clientError(
                _('API method not found.'),
                404
            );
            return;
        }
        if (!in_array($_SERVER['REQUEST_METHOD'], array('POST', 'DELETE'))) {
-             $this->clientError(_('This method requires a POST or DELETE.'),
+            $this->clientError(
-                 400, $this->format);
+                _('This method requires a POST or DELETE.'),
                400,
                $this->format
            );
            return;
        }
        if (empty($this->notice)) {
-             $this->clientError(_('No status found with that ID.'),
+            $this->clientError(
-                 404, $this->format);
+                _('No status found with that ID.'),
                404, $this->format
            );
            return;
        }
@ -120,18 +129,14 @@ class ApiStatusesDestroyAction extends ApiAuthAction
            $replies->get('notice_id', $this->notice_id);
            $replies->delete();
            $this->notice->delete();
             if ($this->format == 'xml') {
                 $this->showSingleXmlStatus($this->notice);
             } elseif ($this->format == 'json') {
                 $this->show_single_json_status($this->notice);
             }
         } else {
             $this->clientError(_('You may not delete another user\'s status.'),
                 403, $this->format);
         }
 	        $this->showNotice();
        } else {
            $this->clientError(
                _('You may not delete another user\'s status.'),
                403,
                $this->format
            );
        }
    }
    /**
--- a/actions/apistatusesshow.php
+++ b/actions/apistatusesshow.php
@ -29,6 +29,7 @@
 * @author    Robin Millette <robin@millette.info>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/apistatusesupdate.php
+++ b/actions/apistatusesupdate.php
@ -29,6 +29,7 @@
 * @author    Robin Millette <robin@millette.info>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009-2010 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -195,7 +196,8 @@ class ApiStatusesUpdateAction extends ApiAuthAction
        if ($_SERVER['REQUEST_METHOD'] != 'POST') {
            $this->clientError(
                _('This method requires a POST.'),
-                400, $this->format
+                400,
                $this->format
            );
            return;
        }
@ -216,7 +218,7 @@ class ApiStatusesUpdateAction extends ApiAuthAction
        if (empty($this->status)) {
            $this->clientError(
-                'Client must provide a \'status\' parameter with a value.',
+                _('Client must provide a \'status\' parameter with a value.'),
                400,
                $this->format
            );
@ -290,8 +292,8 @@ class ApiStatusesUpdateAction extends ApiAuthAction
            try {
                $upload = MediaFile::fromUpload('media', $this->auth_user);
-            } catch (ClientException $ce) {
+            } catch (Exception $e) {
-                $this->clientError($ce->getMessage());
+                $this->clientError($e->getMessage(), $e->getCode(), $this->format);
                return;
            }
@ -304,7 +306,11 @@ class ApiStatusesUpdateAction extends ApiAuthAction
                        'Max notice size is %d chars, ' .
                        'including attachment URL.'
                    );
-                    $this->clientError(sprintf($msg, Notice::maxContent()));
+                    $this->clientError(
                        sprintf($msg, Notice::maxContent()),
                        400,
                        $this->format
                    );
                }
            }
@ -331,7 +337,7 @@ class ApiStatusesUpdateAction extends ApiAuthAction
                    $options
                );
            } catch (Exception $e) {
-                $this->clientError($e->getMessage());
+                $this->clientError($e->getMessage(), $e->getCode(), $this->format);
                return;
            }
--- a/actions/apisubscriptions.php
+++ b/actions/apisubscriptions.php
@ -206,7 +206,8 @@ class ApiSubscriptionsAction extends ApiBareAuthAction
    {
        switch ($this->format) {
        case 'xml':
-            $this->elementStart('users', array('type' => 'array'));
+            $this->elementStart('users', array('type' => 'array',
                                               'xmlns:statusnet' => 'http://status.net/schema/api/1/'));
            foreach ($this->profiles as $profile) {
                $this->showProfile(
                    $profile,
--- a/actions/apitimelinefavorites.php
+++ b/actions/apitimelinefavorites.php
@ -25,6 +25,7 @@
 * @author    Evan Prodromou <evan@status.net>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009-2010 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -150,7 +151,7 @@ class ApiTimelineFavoritesAction extends ApiBareAuthAction
            header('Content-Type: application/atom+xml; charset=utf-8');
-            $atom = new AtomNoticeFeed();
+            $atom = new AtomNoticeFeed($this->auth_user);
            $atom->setId($id);
            $atom->setTitle($title);
--- a/actions/apitimelinefriends.php
+++ b/actions/apitimelinefriends.php
@ -29,6 +29,7 @@
 * @author    Robin Millette <robin@millette.info>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009-2010 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -248,7 +249,7 @@ class ApiTimelineFriendsAction extends ApiBareAuthAction
            header('Content-Type: application/atom+xml; charset=utf-8');
-            $atom = new AtomNoticeFeed();
+            $atom = new AtomNoticeFeed($this->auth_user);
            $atom->setId($id);
            $atom->setTitle($title);
--- a/actions/apitimelinegroup.php
+++ b/actions/apitimelinegroup.php
@ -25,7 +25,8 @@
 * @author    Evan Prodromou <evan@status.net>
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
- * @copyright 2009 StatusNet, Inc.
+ * @copyright 2009-2010 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -105,7 +106,7 @@ class ApiTimelineGroupAction extends ApiPrivateAuthAction
    function showTimeline()
    {
        // We'll pull common formatting out of this for other formats
-        $atom = new AtomGroupNoticeFeed($this->group);
+        $atom = new AtomGroupNoticeFeed($this->group, $this->auth_user);
        $self = $this->getSelfUri();
@ -137,7 +138,9 @@ class ApiTimelineGroupAction extends ApiPrivateAuthAction
                $this->raw($atom->getString());
            } catch (Atom10FeedException $e) {
                $this->serverError(
-                    'Could not generate feed for group - ' . $e->getMessage()
+                    'Could not generate feed for group - ' . $e->getMessage(),
 		    400,
 		    $this->format
                );
                return;
            }
--- a/actions/apitimelinehome.php
+++ b/actions/apitimelinehome.php
@ -29,6 +29,7 @@
 * @author    Robin Millette <robin@millette.info>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -152,7 +153,7 @@ class ApiTimelineHomeAction extends ApiBareAuthAction
            header('Content-Type: application/atom+xml; charset=utf-8');
-            $atom = new AtomNoticeFeed();
+            $atom = new AtomNoticeFeed($this->auth_user);
            $atom->setId($id);
            $atom->setTitle($title);
--- a/actions/apitimelinementions.php
+++ b/actions/apitimelinementions.php
@ -29,6 +29,7 @@
 * @author    Robin Millette <robin@millette.info>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -151,7 +152,7 @@ class ApiTimelineMentionsAction extends ApiBareAuthAction
            header('Content-Type: application/atom+xml; charset=utf-8');
-            $atom = new AtomNoticeFeed();
+            $atom = new AtomNoticeFeed($this->auth_user);
            $atom->setId($id);
            $atom->setTitle($title);
--- a/actions/apitimelinepublic.php
+++ b/actions/apitimelinepublic.php
@ -29,6 +29,7 @@
 * @author    Robin Millette <robin@millette.info>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -219,7 +220,7 @@ class ApiTimelinePublicAction extends ApiPrivateAuthAction
            header('Content-Type: application/atom+xml; charset=utf-8');
-            $atom = new AtomNoticeFeed();
+            $atom = new AtomNoticeFeed($this->auth_user);
            $atom->setId($id);
            $atom->setTitle($title);
--- a/actions/apitimelineretweetsofme.php
+++ b/actions/apitimelineretweetsofme.php
@ -117,7 +117,7 @@ class ApiTimelineRetweetsOfMeAction extends ApiAuthAction
            header('Content-Type: application/atom+xml; charset=utf-8');
-            $atom = new AtomNoticeFeed();
+            $atom = new AtomNoticeFeed($this->auth_user);
            $atom->setId($id);
            $atom->setTitle($title);
--- a/actions/apitimelinetag.php
+++ b/actions/apitimelinetag.php
@ -26,6 +26,7 @@
 * @author    Jeffery To <jeffery.to@gmail.com>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009-2010 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -138,7 +139,7 @@ class ApiTimelineTagAction extends ApiPrivateAuthAction
            header('Content-Type: application/atom+xml; charset=utf-8');
-            $atom = new AtomNoticeFeed();
+            $atom = new AtomNoticeFeed($this->auth_user);
            $atom->setId($id);
            $atom->setTitle($title);
--- a/actions/apitimelineuser.php
+++ b/actions/apitimelineuser.php
@ -29,6 +29,7 @@
 * @author    Robin Millette <robin@millette.info>
 * @author    Zach Copley <zach@status.net>
 * @copyright 2009 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -115,7 +116,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
        // We'll use the shared params from the Atom stub
        // for other feed types.
-        $atom = new AtomUserNoticeFeed($this->user);
+        $atom = new AtomUserNoticeFeed($this->user, $this->auth_user);
        $link = common_local_url(
            'showstream',
--- a/actions/twitapitrends.php
+++ b/actions/twitapitrends.php
@ -22,7 +22,7 @@
 * @category  Search
 * @package   StatusNet
 * @author    Zach Copley <zach@status.net>
- * @copyright 2008-2009 StatusNet, Inc.
+ * @copyright 2008-2010 StatusNet, Inc.
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
@ -31,6 +31,8 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
    exit(1);
 }
 require_once INSTALLDIR.'/lib/apiprivateauth.php';
 /**
 *  Returns the top ten queries that are currently trending
 *
@ -43,7 +45,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
 * @see      ApiAction
 */
-class TwitapitrendsAction extends ApiAction
+class ApiTrendsAction extends ApiPrivateAuthAction
 {
    var $callback;
@ -82,7 +84,7 @@ class TwitapitrendsAction extends ApiAction
     */
    function showTrends()
    {
-        $this->serverError(_('API method under construction.'), $code = 501);
+        $this->serverError(_('API method under construction.'), 501);
    }
 }
--- a/actions/apiusershow.php
+++ b/actions/apiusershow.php
@ -113,7 +113,7 @@ class ApiUserShowAction extends ApiPrivateAuthAction
        if ($this->format == 'xml') {
            $this->initDocument('xml');
-            $this->showTwitterXmlUser($twitter_user);
+            $this->showTwitterXmlUser($twitter_user, 'user', true);
            $this->endDocument('xml');
        } elseif ($this->format == 'json') {
            $this->initDocument('json');
--- a/actions/designadminpanel.php
+++ b/actions/designadminpanel.php
@ -126,9 +126,19 @@ class DesignadminpanelAction extends AdminPanelAction
            return;
        }
-        // check for an image upload
+        // check for file uploads
        $bgimage = $this->saveBackgroundImage();
        $customTheme = $this->saveCustomTheme();
        $oldtheme = common_config('site', 'theme');
        if ($customTheme) {
            // This feels pretty hacky :D
            $this->args['theme'] = $customTheme;
            $themeChanged = true;
        } else {
            $themeChanged = ($this->trimmed('theme') != $oldtheme);
        }
        static $settings = array('theme', 'logo');
@ -140,15 +150,13 @@ class DesignadminpanelAction extends AdminPanelAction
        $this->validate($values);
        $oldtheme = common_config('site', 'theme');
        $config = new Config();
        $config->query('BEGIN');
        // Only update colors if the theme has not changed.
-        if ($oldtheme == $values['theme']) {
+        if (!$themeChanged) {
            $bgcolor = new WebColor($this->trimmed('design_background'));
            $ccolor  = new WebColor($this->trimmed('design_content'));
@ -190,6 +198,13 @@ class DesignadminpanelAction extends AdminPanelAction
            Config::save('design', 'backgroundimage', $bgimage);
        }
        if (common_config('custom_css', 'enabled')) {
            $css = $this->arg('css');
            if ($css != common_config('custom_css', 'css')) {
                Config::save('custom_css', 'css', $css);
            }
        }
        $config->query('COMMIT');
    }
@ -263,6 +278,33 @@ class DesignadminpanelAction extends AdminPanelAction
        }
    }
    /**
     * Save the custom theme if the user uploaded one.
     * 
     * @return mixed custom theme name, if succesful, or null if no theme upload.
     * @throws ClientException for invalid theme archives
     * @throws ServerException if trouble saving the theme files
     */
    function saveCustomTheme()
    {
        if (common_config('theme_upload', 'enabled') &&
            $_FILES['design_upload_theme']['error'] == UPLOAD_ERR_OK) {
            $upload = ThemeUploader::fromUpload('design_upload_theme');
            $basedir = common_config('local', 'dir');
            if (empty($basedir)) {
                $basedir = INSTALLDIR . '/local';
            }
            $name = 'custom'; // @todo allow multiples, custom naming?
            $outdir = $basedir . '/theme/' . $name;
            $upload->extract($outdir);
            return $name;
        } else {
            return null;
        }
    }
    /**
     * Attempt to validate setting values
     *
@ -371,7 +413,15 @@ class DesignAdminPanelForm extends AdminForm
    function formData()
    {
        $this->showLogo();
        $this->showTheme();
        $this->showBackground();
        $this->showColors();
        $this->showAdvanced();
    }
    function showLogo()
    {
        $this->out->elementStart('fieldset', array('id' => 'settings_design_logo'));
        $this->out->element('legend', null, _('Change logo'));
@ -384,6 +434,11 @@ class DesignAdminPanelForm extends AdminForm
        $this->out->elementEnd('ul');
        $this->out->elementEnd('fieldset');
    }
    function showTheme()
    {
        $this->out->elementStart('fieldset', array('id' => 'settings_design_theme'));
        $this->out->element('legend', null, _('Change theme'));
@ -407,10 +462,23 @@ class DesignAdminPanelForm extends AdminForm
                             false, $this->value('theme'));
        $this->unli();
        if (common_config('theme_upload', 'enabled')) {
            $this->li();
            $this->out->element('label', array('for' => 'design_upload_theme'), _('Custom theme'));
            $this->out->element('input', array('id' => 'design_upload_theme',
                                               'name' => 'design_upload_theme',
                                               'type' => 'file'));
            $this->out->element('p', 'form_guide', _('You can upload a custom StatusNet theme as a .ZIP archive.'));
            $this->unli();
        }
        $this->out->elementEnd('ul');
        $this->out->elementEnd('fieldset');
    }
    function showBackground()
    {
        $design = $this->out->design;
        $this->out->elementStart('fieldset', array('id' =>
@ -486,6 +554,11 @@ class DesignAdminPanelForm extends AdminForm
        $this->out->elementEnd('ul');
        $this->out->elementEnd('fieldset');
    }
    function showColors()
    {
        $design = $this->out->design;
        $this->out->elementStart('fieldset', array('id' => 'settings_design_color'));
        $this->out->element('legend', null, _('Change colours'));
@ -493,6 +566,7 @@ class DesignAdminPanelForm extends AdminForm
        $this->out->elementStart('ul', 'form_data');
        try {
            // @fixme avoid loop unrolling in non-performance-critical contexts like this
            $bgcolor = new WebColor($design->backgroundcolor);
@ -560,6 +634,7 @@ class DesignAdminPanelForm extends AdminForm
            $this->unli();
        } catch (WebColorException $e) {
            // @fixme normalize them individually!
            common_log(LOG_ERR, 'Bad color values in site design: ' .
                $e->getMessage());
        }
@ -569,6 +644,27 @@ class DesignAdminPanelForm extends AdminForm
        $this->out->elementEnd('ul');
    }
    function showAdvanced()
    {
        if (common_config('custom_css', 'enabled')) {
            $this->out->elementStart('fieldset', array('id' => 'settings_design_advanced'));
            $this->out->element('legend', null, _('Advanced'));
            $this->out->elementStart('ul', 'form_data');
            $this->li();
            $this->out->element('label', array('for' => 'css'), _('Custom CSS'));
            $this->out->element('textarea', array('name' => 'css',
                                            'id' => 'css',
                                            'cols' => '50',
                                            'rows' => '10'),
                                strval(common_config('custom_css', 'css')));
            $this->unli();
            $this->out->elementEnd('fieldset');
            $this->out->elementEnd('ul');
        }
    }
    /**
     * Action elements
     *
--- a/actions/favor.php
+++ b/actions/favor.php
@ -104,7 +104,7 @@ class FavorAction extends Action
    }
    /**
-     * Notifies a user when his notice is favorited.
+     * Notifies a user when their notice is favorited.
     *
     * @param class $notice favorited notice
     * @param class $user   user declaring a favorite
--- a/actions/finishremotesubscribe.php
+++ b/actions/finishremotesubscribe.php
@ -37,7 +37,7 @@ require_once INSTALLDIR.'/lib/omb.php';
 * Handler for remote subscription finish callback
 *
 * When a remote user subscribes a local user, a redirect to this action is
- * issued after the remote user authorized his service to subscribe.
+ * issued after the remote user authorized their service to subscribe.
 *
 * @category Action
 * @package  Laconica
--- a/actions/foaf.php
+++ b/actions/foaf.php
@ -154,7 +154,9 @@ class FoafAction extends Action
        }
        $person = $this->showMicrobloggingAccount($this->profile,
-                                     common_root_url(), $this->user->uri, false);
+                                     common_root_url(), $this->user->uri,
                                     /*$fetchSubscriptions*/true,
                                     /*$isSubscriber*/false);
        // Get people who subscribe to user
@ -209,7 +211,8 @@ class FoafAction extends Action
            $this->showMicrobloggingAccount($profile,
                                   ($local == 'local') ? common_root_url() : null,
                                   $uri,
-                                   true);
+                                   /*$fetchSubscriptions*/false,
                                   /*$isSubscriber*/($type == LISTENER || $type == BOTH));
            if ($foaf_url) {
                $this->element('rdfs:seeAlso', array('rdf:resource' => $foaf_url));
            }
@ -234,7 +237,21 @@ class FoafAction extends Action
        $this->elementEnd('PersonalProfileDocument');
    }
-    function showMicrobloggingAccount($profile, $service=null, $useruri=null, $isSubscriber=false)
+    /**
     * Output FOAF <account> bit for the given profile.
     * 
     * @param Profile $profile
     * @param mixed $service Root URL of this StatusNet instance for a local
     *                       user, otherwise null.
     * @param mixed $useruri URI string for the referenced profile..
     * @param boolean $fetchSubscriptions Should we load and list all their subscriptions?
     * @param boolean $isSubscriber if not fetching subs, we can still mark the user as following the current page.
     * 
     * @return array if $fetchSubscribers is set, return a list of info on those
     *               subscriptions.
     */
    function showMicrobloggingAccount($profile, $service=null, $useruri=null, $fetchSubscriptions=false, $isSubscriber=false)
    {
        $attr = array();
        if ($useruri) {
@ -256,9 +273,7 @@ class FoafAction extends Action
        $person = array();
-        if ($isSubscriber) {
+        if ($fetchSubscriptions) {
             $this->element('sioc:follows', array('rdf:resource'=>$this->user->uri . '#acct'));
        } else {
            // Get people user is subscribed to
            $sub = new Subscription();
            $sub->subscriber = $profile->id;
@ -283,6 +298,9 @@ class FoafAction extends Action
            }
            unset($sub);
        } else if ($isSubscriber) {
            // Just declare that they follow the user whose FOAF we're showing.
            $this->element('sioc:follows', array('rdf:resource' => $this->user->uri . '#acct'));
        }
        $this->elementEnd('OnlineAccount');
--- a/actions/geocode.php
+++ b/actions/geocode.php
@ -37,6 +37,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
 * @category Action
 * @package  StatusNet
 * @author   Craig Andrews <candrews@integralblue.com>
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
 * @link     http://status.net/
 */
--- a/actions/newnotice.php
+++ b/actions/newnotice.php
@ -131,6 +131,8 @@ class NewnoticeAction extends Action
        $user = common_current_user();
        assert($user); // XXX: maybe an error instead...
        $content = $this->trimmed('status_textarea');
        $options = array();
        Event::handle('StartSaveNewNoticeWeb', array($this, $user, &$content, &$options));
        if (!$content) {
            $this->clientError(_('No content!'));
@ -157,11 +159,9 @@ class NewnoticeAction extends Action
                                       Notice::maxContent()));
        }
-        $replyto = $this->trimmed('inreplyto');
+        $replyto = intval($this->trimmed('inreplyto'));
-        #If an ID of 0 is wrongly passed here, it will cause a database error,
+        if ($replyto) {
-        #so override it...
+            $options['reply_to'] = $replyto;
        if ($replyto == 0) {
            $replyto = 'false';
        }
        $upload = null;
@ -169,7 +169,10 @@ class NewnoticeAction extends Action
        if (isset($upload)) {
            if (Event::handle('StartSaveNewNoticeAppendAttachment', array($this, $upload, &$content_shortened, &$options))) {
                $content_shortened .= ' ' . $upload->shortUrl();
            }
            Event::handle('EndSaveNewNoticeAppendAttachment', array($this, $upload, &$content_shortened, &$options));
            if (Notice::contentTooLong($content_shortened)) {
                $upload->delete();
@ -182,8 +185,6 @@ class NewnoticeAction extends Action
            }
        }
        $options = array('reply_to' => ($replyto == 'false') ? null : $replyto);
        if ($user->shareLocation()) {
            // use browser data if checked; otherwise profile data
            if ($this->arg('notice_data-geo')) {
@ -203,12 +204,21 @@ class NewnoticeAction extends Action
            $options = array_merge($options, $locOptions);
        }
        $author_id = $user->id;
        $text      = $content_shortened;
        if (Event::handle('StartNoticeSaveWeb', array($this, &$author_id, &$text, &$options))) {
            $notice = Notice::saveNew($user->id, $content_shortened, 'web', $options);
            if (isset($upload)) {
                $upload->attachToNotice($notice);
            }
            Event::handle('EndNoticeSaveWeb', array($this, $notice));
        }
        Event::handle('EndSaveNewNoticeWeb', array($this, $user, &$content_shortened, &$options));
        if ($this->boolean('ajax')) {
            header('Content-Type: text/xml;charset=utf-8');
            $this->xw->startDocument('1.0', 'UTF-8');
--- a/actions/nudge.php
+++ b/actions/nudge.php
@ -82,7 +82,7 @@ class NudgeAction extends Action
        }
        if (!$other->email || !$other->emailnotifynudge) {
-            $this->clientError(_('This user doesn\'t allow nudges or hasn\'t confirmed or set his email yet.'));
+            $this->clientError(_('This user doesn\'t allow nudges or hasn\'t confirmed or set their email yet.'));
            return;
        }
--- a/actions/oembed.php
+++ b/actions/oembed.php
@ -23,6 +23,7 @@
 * @package   StatusNet
 * @author    Evan Prodromou <evan@status.net>
 * @copyright 2008 StatusNet, Inc.
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
 * @link      http://status.net/
 */
--- a/actions/publicxrds.php
+++ b/actions/publicxrds.php
@ -8,7 +8,9 @@
 * @category Action
 * @package  StatusNet
 * @author   Evan Prodromou <evan@status.net>
 * @author   Craig Andrews <candrews@integralblue.com>
 * @author   Robin Millette <millette@status.net>
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
 * @link     http://status.net/
 *
@ -44,6 +46,7 @@ require_once INSTALLDIR.'/lib/xrdsoutputter.php';
 * @author   Evan Prodromou <evan@status.net>
 * @author   Robin Millette <millette@status.net>
 * @author   Craig Andrews <candrews@integralblue.com>
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license  http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
 * @link     http://status.net/
 *
--- a/actions/replies.php
+++ b/actions/replies.php
@ -196,18 +196,18 @@ class RepliesAction extends OwnerDesignAction
    function showEmptyListMessage()
    {
-        $message = sprintf(_('This is the timeline showing replies to %1$s but %2$s hasn\'t received a notice to his attention yet.'), $this->user->nickname, $this->user->nickname) . ' ';
+        $message = sprintf(_('This is the timeline showing replies to %1$s but %2$s hasn\'t received a notice to them yet.'), $this->user->nickname, $this->user->nickname) . ' ';
        if (common_logged_in()) {
            $current_user = common_current_user();
            if ($this->user->id === $current_user->id) {
                $message .= _('You can engage other users in a conversation, subscribe to more people or [join groups](%%action.groups%%).');
            } else {
-                $message .= sprintf(_('You can try to [nudge %1$s](../%2$s) or [post something to his or her attention](%%%%action.newnotice%%%%?status_textarea=%3$s).'), $this->user->nickname, $this->user->nickname, '@' . $this->user->nickname);
+                $message .= sprintf(_('You can try to [nudge %1$s](../%2$s) or [post something to them](%%%%action.newnotice%%%%?status_textarea=%3$s).'), $this->user->nickname, $this->user->nickname, '@' . $this->user->nickname);
            }
        }
        else {
-            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to his or her attention.'), $this->user->nickname);
+            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to them.'), $this->user->nickname);
        }
        $this->elementStart('div', 'guide');
--- a/actions/showfavorites.php
+++ b/actions/showfavorites.php
@ -119,7 +119,7 @@ class ShowfavoritesAction extends OwnerDesignAction
        if (!empty($cur) && $cur->id == $this->user->id) {
            // Show imported/gateway notices as well as local if
-            // the user is looking at his own favorites
+            // the user is looking at their own favorites
            $this->notice = $this->user->favoriteNotices(true, ($this->page-1)*NOTICES_PER_PAGE,
                                                   NOTICES_PER_PAGE + 1);
@ -205,11 +205,11 @@ class ShowfavoritesAction extends OwnerDesignAction
            if ($this->user->id === $current_user->id) {
                $message = _('You haven\'t chosen any favorite notices yet. Click the fave button on notices you like to bookmark them for later or shed a spotlight on them.');
            } else {
-                $message = sprintf(_('%s hasn\'t added any notices to his favorites yet. Post something interesting they would add to their favorites :)'), $this->user->nickname);
+                $message = sprintf(_('%s hasn\'t added any favorite notices yet. Post something interesting they would add to their favorites :)'), $this->user->nickname);
            }
        }
        else {
-            $message = sprintf(_('%s hasn\'t added any notices to his favorites yet. Why not [register an account](%%%%action.register%%%%) and then post something interesting they would add to their favorites :)'), $this->user->nickname);
+            $message = sprintf(_('%s hasn\'t added any favorite notices yet. Why not [register an account](%%%%action.register%%%%) and then post something interesting they would add to their favorites :)'), $this->user->nickname);
        }
        $this->elementStart('div', 'guide');
--- a/actions/showgroup.php
+++ b/actions/showgroup.php
@ -430,14 +430,6 @@ class ShowgroupAction extends GroupDesignAction
    function showStatistics()
    {
        // XXX: WORM cache this
        $members = $this->group->getMembers();
        $members_count = 0;
        /** $member->count() doesn't work. */
        while ($members->fetch()) {
            $members_count++;
        }
        $this->elementStart('div', array('id' => 'entity_statistics',
                                         'class' => 'section'));
@ -451,7 +443,7 @@ class ShowgroupAction extends GroupDesignAction
        $this->elementStart('dl', 'entity_members');
        $this->element('dt', null, _('Members'));
-        $this->element('dd', null, (is_int($members_count)) ? $members_count : '0');
+        $this->element('dd', null, $this->group->getMemberCount());
        $this->elementEnd('dl');
        $this->elementEnd('div');
--- a/actions/showstream.php
+++ b/actions/showstream.php
@ -204,11 +204,11 @@ class ShowstreamAction extends ProfileAction
            if ($this->user->id === $current_user->id) {
                $message .= _('Seen anything interesting recently? You haven\'t posted any notices yet, now would be a good time to start :)');
            } else {
-                $message .= sprintf(_('You can try to nudge %1$s or [post something to his or her attention](%%%%action.newnotice%%%%?status_textarea=%2$s).'), $this->user->nickname, '@' . $this->user->nickname);
+                $message .= sprintf(_('You can try to nudge %1$s or [post something to them](%%%%action.newnotice%%%%?status_textarea=%2$s).'), $this->user->nickname, '@' . $this->user->nickname);
            }
        }
        else {
-            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to his or her attention.'), $this->user->nickname);
+            $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to them.'), $this->user->nickname);
        }
        $this->elementStart('div', 'guide');
--- a/actions/version.php
+++ b/actions/version.php
@ -41,6 +41,8 @@ if (!defined('STATUSNET')) {
 * @category Info
 * @package  StatusNet
 * @author   Evan Prodromou <evan@status.net>
 * @author   Craig Andrews <candrews@integralblue.com>
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPLv3
 * @link     http://status.net/
 */
--- a/classes/File.php
+++ b/classes/File.php
@ -116,7 +116,11 @@ class File extends Memcached_DataObject
        return false;
    }
-    function processNew($given_url, $notice_id=null) {
+    /**
     * @fixme refactor this mess, it's gotten pretty scary.
     * @param bool $followRedirects
     */
    function processNew($given_url, $notice_id=null, $followRedirects=true) {
        if (empty($given_url)) return -1;   // error, no url to process
        $given_url = File_redirection::_canonUrl($given_url);
        if (empty($given_url)) return -1;   // error, no url to process
@ -124,6 +128,10 @@ class File extends Memcached_DataObject
        if (empty($file)) {
            $file_redir = File_redirection::staticGet('url', $given_url);
            if (empty($file_redir)) {
                // @fixme for new URLs this also looks up non-redirect data
                // such as target content type, size, etc, which we need
                // for File::saveNew(); so we call it even if not following
                // new redirects.
                $redir_data = File_redirection::where($given_url);
                if (is_array($redir_data)) {
                    $redir_url = $redir_data['url'];
@ -131,14 +139,23 @@ class File extends Memcached_DataObject
                    $redir_url = $redir_data;
                    $redir_data = array();
                } else {
-                    throw new ServerException("Can't process url '$given_url'");
+                    // TRANS: Server exception thrown when a URL cannot be processed.
                    throw new ServerException(sprintf(_("Cannot process URL '%s'"), $given_url));
                }
                // TODO: max field length
-                if ($redir_url === $given_url || strlen($redir_url) > 255) {
+                if ($redir_url === $given_url || strlen($redir_url) > 255 || !$followRedirects) {
                    $x = File::saveNew($redir_data, $given_url);
                    $file_id = $x->id;
                } else {
-                    $x = File::processNew($redir_url, $notice_id);
+                    // This seems kind of messed up... for now skipping this part
                    // if we're already under a redirect, so we don't go into
                    // horrible infinite loops if we've been given an unstable
                    // redirect (where the final destination of the first request
                    // doesn't match what we get when we ask for it again).
                    //
                    // Seen in the wild with clojure.org, which redirects through
                    // wikispaces for auth and appends session data in the URL params.
                    $x = File::processNew($redir_url, $notice_id, /*followRedirects*/false);
                    $file_id = $x->id;
                    File_redirection::saveNew($redir_data, $file_id, $given_url);
                }
@ -153,7 +170,9 @@ class File extends Memcached_DataObject
        if (empty($x)) {
            $x = File::staticGet($file_id);
            if (empty($x)) {
-                throw new ServerException("Robin thinks something is impossible.");
+                // FIXME: This could possibly be a clearer message :)
                // TRANS: Server exception thrown when... Robin thinks something is impossible!
                throw new ServerException(_("Robin thinks something is impossible."));
            }
        }
@ -166,8 +185,10 @@ class File extends Memcached_DataObject
    function isRespectsQuota($user,$fileSize) {
        if ($fileSize > common_config('attachments', 'file_quota')) {
-            return sprintf(_('No file may be larger than %d bytes ' .
+            // TRANS: Message given if an upload is larger than the configured maximum.
-                             'and the file you sent was %d bytes. Try to upload a smaller version.'),
+            // TRANS: %1$d is the byte limit for uploads, %2$d is the byte count for the uploaded file.
            return sprintf(_('No file may be larger than %1$d bytes ' .
                             'and the file you sent was %2$d bytes. Try to upload a smaller version.'),
                           common_config('attachments', 'file_quota'), $fileSize);
        }
@ -176,6 +197,8 @@ class File extends Memcached_DataObject
        $this->fetch();
        $total = $this->total + $fileSize;
        if ($total > common_config('attachments', 'user_quota')) {
            // TRANS: Message given if an upload would exceed user quota.
            // TRANS: %d (number) is the user quota in bytes.
            return sprintf(_('A file this large would exceed your user quota of %d bytes.'), common_config('attachments', 'user_quota'));
        }
        $query .= ' AND EXTRACT(month FROM file.modified) = EXTRACT(month FROM now()) and EXTRACT(year FROM file.modified) = EXTRACT(year FROM now())';
@ -183,6 +206,8 @@ class File extends Memcached_DataObject
        $this->fetch();
        $total = $this->total + $fileSize;
        if ($total > common_config('attachments', 'monthly_quota')) {
            // TRANS: Message given id an upload would exceed a user's monthly quota.
            // TRANS: $d (number) is the monthly user quota in bytes.
            return sprintf(_('A file this large would exceed your monthly quota of %d bytes.'), common_config('attachments', 'monthly_quota'));
        }
        return true;
@ -219,7 +244,8 @@ class File extends Memcached_DataObject
    static function path($filename)
    {
        if (!self::validFilename($filename)) {
-            throw new ClientException("Invalid filename");
+            // TRANS: Client exception thrown if a file upload does not have a valid name.
            throw new ClientException(_("Invalid filename."));
        }
        $dir = common_config('attachments', 'dir');
@ -233,7 +259,8 @@ class File extends Memcached_DataObject
    static function url($filename)
    {
        if (!self::validFilename($filename)) {
-            throw new ClientException("Invalid filename");
+            // TRANS: Client exception thrown if a file upload does not have a valid name.
            throw new ClientException(_("Invalid filename."));
        }
        if(common_config('site','private')) {
@ -286,6 +313,7 @@ class File extends Memcached_DataObject
        if(! isset($this->filename)){
            $notEnclosureMimeTypes = array(null,'text/html','application/xhtml+xml');
            $mimetype = $this->mimetype;
            if($mimetype != null){
                $mimetype = strtolower($this->mimetype);
            }
@ -325,4 +353,3 @@ class File extends Memcached_DataObject
        return !empty($enclosure);
    }
 }
--- a/classes/File_redirection.php
+++ b/classes/File_redirection.php
@ -210,6 +210,14 @@ class File_redirection extends Memcached_DataObject
                } else if (is_string($redir_data)) {
                    // The file is a known redirect target.
                    $file = File::staticGet('url', $redir_data);
                    if (empty($file)) {
                        // @fixme should we save a new one?
                        // this case was triggering sometimes for redirects
                        // with unresolvable targets; found while fixing
                        // "can't linkify" bugs with shortened links to
                        // SSL sites with cert issues.
                        return null;
                    }
                    $file_id = $file->id;
                }
            } else {
--- a/classes/Foreign_user.php
+++ b/classes/Foreign_user.php
@ -39,6 +39,22 @@ class Foreign_user extends Memcached_DataObject
        return null;
    }
    static function getByNickname($nickname, $service)
    {
        if (empty($nickname) || empty($service)) {
            return null;
        } else {
            $fuser = new Foreign_user();
 	    $fuser->service = $service;
 	    $fuser->nickname = $nickname;
            $fuser->limit(1);
            $result = $fuser->find(true);
            return empty($result) ? null : $fuser;
        }
    }
    function updateKeys(&$orig)
    {
        $this->_connect();
--- a/classes/Group_member.php
+++ b/classes/Group_member.php
@ -38,6 +38,7 @@ class Group_member extends Memcached_DataObject
        if (!$result) {
            common_log_db_error($member, 'INSERT', __FILE__);
            // TRANS: Exception thrown when joining a group fails.
            throw new Exception(_("Group join failed."));
        }
@ -50,6 +51,7 @@ class Group_member extends Memcached_DataObject
                                              'profile_id' => $profile_id));
        if (empty($member)) {
            // TRANS: Exception thrown when trying to leave a group the user is not a member of.
            throw new Exception(_("Not part of group."));
        }
@ -57,6 +59,7 @@ class Group_member extends Memcached_DataObject
        if (!$result) {
            common_log_db_error($member, 'INSERT', __FILE__);
            // TRANS: Exception thrown when trying to leave a group fails.
            throw new Exception(_("Group leave failed."));
        }
--- a/classes/Inbox.php
+++ b/classes/Inbox.php
@ -115,9 +115,12 @@ class Inbox extends Memcached_DataObject
     */
    static function insertNotice($user_id, $notice_id)
    {
-        $inbox = DB_DataObject::staticGet('inbox', 'user_id', $user_id);
+		// Going straight to the DB rather than trusting our caching
-
+		// during an update. Note: not using DB_DataObject::staticGet,
-        if (empty($inbox)) {
+		// which is unsafe to use directly (in-process caching causes
 		// memory leaks, which accumulate in queue processes).
        $inbox = new Inbox();
        if (!$inbox->get('user_id', $user_id)) {
            $inbox = Inbox::initialize($user_id);
        }
--- a/classes/Local_group.php
+++ b/classes/Local_group.php
@ -38,6 +38,7 @@ class Local_group extends Memcached_DataObject
            $this->encache();
        } else {
            common_log_db_error($local, 'UPDATE', __FILE__);
            // TRANS: Server exception thrown when updating a local group fails.
            throw new ServerException(_('Could not update local group.'));
        }
--- a/classes/Login_token.php
+++ b/classes/Login_token.php
@ -73,6 +73,8 @@ class Login_token extends Memcached_DataObject
        if (!$result) {
            common_log_db_error($login_token, 'INSERT', __FILE__);
            // TRANS: Exception thrown when trying creating a login token failed.
            // TRANS: %s is the user nickname for which token creation failed.
            throw new Exception(sprintf(_('Could not create login token for %s'),
                                                 $user->nickname));
        }
--- a/classes/Memcached_DataObject.php
+++ b/classes/Memcached_DataObject.php
@ -128,12 +128,13 @@ class Memcached_DataObject extends Safe_DataObject
    }
    static function cacheKey($cls, $k, $v) {
-        if (is_object($cls) || is_object($k) || is_object($v)) {
+        if (is_object($cls) || is_object($k) || (is_object($v) && !($v instanceof DB_DataObject_Cast))) {
            $e = new Exception();
            common_log(LOG_ERR, __METHOD__ . ' object in param: ' .
                str_replace("\n", " ", $e->getTraceAsString()));
        }
-        return common_cache_key(strtolower($cls).':'.$k.':'.$v);
+        $vstr = self::valueString($v);
        return common_cache_key(strtolower($cls).':'.$k.':'.$vstr);
    }
    static function getcached($cls, $k, $v) {
@ -229,11 +230,12 @@ class Memcached_DataObject extends Safe_DataObject
                if (empty($this->$key)) {
                    continue;
                }
-                $ckeys[] = $this->cacheKey($this->tableName(), $key, $this->$key);
+                $ckeys[] = $this->cacheKey($this->tableName(), $key, self::valueString($this->$key));
            } else if ($type == 'K' || $type == 'N') {
                $pkey[] = $key;
-                $pval[] = $this->$key;
+                $pval[] = self::valueString($this->$key);
            } else {
                // Low level exception. No need for i18n as discussed with Brion.
                throw new Exception("Unknown key type $key => $type for " . $this->tableName());
            }
        }
@ -281,6 +283,7 @@ class Memcached_DataObject extends Safe_DataObject
                    } else if ($type == 'fulltext') {
                        $search_engine = new MySQLSearch($this, $table);
                    } else {
                        // Low level exception. No need for i18n as discussed with Brion.
                        throw new ServerException('Unknown search type: ' . $type);
                    }
                } else {
@ -526,7 +529,8 @@ class Memcached_DataObject extends Safe_DataObject
        }
        if (!$dsn) {
-            throw new Exception("No database name / dsn found anywhere");
+            // TRANS: Exception thrown when database name or Data Source Name could not be found.
            throw new Exception(_("No database name or DSN found anywhere."));
        }
        return $dsn;
@ -570,12 +574,13 @@ class Memcached_DataObject extends Safe_DataObject
    function raiseError($message, $type = null, $behaviour = null)
    {
        $id = get_class($this);
-        if ($this->id) {
+        if (!empty($this->id)) {
            $id .= ':' . $this->id;
        }
        if ($message instanceof PEAR_Error) {
            $message = $message->getMessage();
        }
        // Low level exception. No need for i18n as discussed with Brion.
        throw new ServerException("[$id] DB_DataObject error [$type]: $message");
    }
@ -592,7 +597,7 @@ class Memcached_DataObject extends Safe_DataObject
        return $c->get($cacheKey);
    }
-    static function cacheSet($keyPart, $value)
+    static function cacheSet($keyPart, $value, $flag=null, $expiry=null)
    {
        $c = self::memcache();
@ -602,7 +607,34 @@ class Memcached_DataObject extends Safe_DataObject
        $cacheKey = common_cache_key($keyPart);
-        return $c->set($cacheKey, $value);
+        return $c->set($cacheKey, $value, $flag, $expiry);
    }
    static function valueString($v)
    {
        $vstr = null;
        if (is_object($v) && $v instanceof DB_DataObject_Cast) {
            switch ($v->type) {
            case 'date':
                $vstr = $v->year . '-' . $v->month . '-' . $v->day;
                break;
            case 'blob':
            case 'string':
            case 'sql':
            case 'datetime':
            case 'time':
                // Low level exception. No need for i18n as discussed with Brion.
                throw new ServerException("Unhandled DB_DataObject_Cast type passed as cacheKey value: '$v->type'");
                break;
            default:
                // Low level exception. No need for i18n as discussed with Brion.
                throw new ServerException("Unknown DB_DataObject_Cast type passed as cacheKey value: '$v->type'");
                break;
            }
        } else {
            $vstr = strval($v);
        }
        return $vstr;
    }
 }
--- a/classes/Message.php
+++ b/classes/Message.php
@ -42,6 +42,7 @@ class Message extends Memcached_DataObject
        $sender = Profile::staticGet('id', $from);
        if (!$sender->hasRight(Right::NEWMESSAGE)) {
            // TRANS: Client exception thrown when a user tries to send a direct message while being banned from sending them.
            throw new ClientException(_('You are banned from sending direct messages.'));
        }
@ -58,6 +59,7 @@ class Message extends Memcached_DataObject
        if (!$result) {
            common_log_db_error($msg, 'INSERT', __FILE__);
            // TRANS: Message given when a message could not be stored on the server.
            return _('Could not insert message.');
        }
@ -68,6 +70,7 @@ class Message extends Memcached_DataObject
        if (!$result) {
            common_log_db_error($msg, 'UPDATE', __FILE__);
            // TRANS: Message given when a message could not be updated on the server.
            return _('Could not update message with new URI.');
        }
--- a/classes/Notice.php
+++ b/classes/Notice.php
@ -29,6 +29,7 @@
 * @author   Robin Millette <millette@controlyourself.ca>
 * @author   Sarven Capadisli <csarven@controlyourself.ca>
 * @author   Tom Adams <tom@holizz.com>
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
 * @license  GNU Affero General Public License http://www.gnu.org/licenses/
 */
@ -41,10 +42,10 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
 */
 require_once INSTALLDIR.'/classes/Memcached_DataObject.php';
-/* We keep the first three 20-notice pages, plus one for pagination check,
+/* We keep 200 notices, the max number of notices available per API request,
 * in the memcached cache. */
-define('NOTICE_CACHE_WINDOW', 61);
+define('NOTICE_CACHE_WINDOW', 200);
 define('MAX_BOXCARS', 128);
@ -89,7 +90,15 @@ class Notice extends Memcached_DataObject
    function getProfile()
    {
-        return Profile::staticGet('id', $this->profile_id);
+        $profile = Profile::staticGet('id', $this->profile_id);
        if (empty($profile)) {
            // TRANS: Server exception thrown when a user profile for a notice cannot be found.
            // TRANS: %1$d is a profile ID (number), %2$d is a notice ID (number).
            throw new ServerException(sprintf(_('No such profile (%1$d) for notice (%2$d).'), $this->profile_id, $this->id));
        }
        return $profile;
    }
    function delete()
@ -97,6 +106,10 @@ class Notice extends Memcached_DataObject
        // For auditing purposes, save a record that the notice
        // was deleted.
        // @fixme we have some cases where things get re-run and so the
        // insert fails.
        $deleted = Deleted_notice::staticGet('id', $this->id);
        if (!$deleted) {
            $deleted = new Deleted_notice();
            $deleted->id         = $this->id;
@ -106,6 +119,9 @@ class Notice extends Memcached_DataObject
            $deleted->deleted    = common_sql_now();
            $deleted->insert();
        }
        if (Event::handle('NoticeDeleteRelated', array($this))) {
            // Clear related records
@ -117,6 +133,7 @@ class Notice extends Memcached_DataObject
            // NOTE: we don't clear inboxes
            // NOTE: we don't clear queue items
        }
        $result = parent::delete();
@ -231,6 +248,8 @@ class Notice extends Memcached_DataObject
        if (!empty($options)) {
            $options = $options + $defaults;
            extract($options);
        } else {
            extract($defaults);
        }
        if (!isset($is_local)) {
@ -242,28 +261,34 @@ class Notice extends Memcached_DataObject
        $final = common_shorten_links($content);
        if (Notice::contentTooLong($final)) {
            // TRANS: Client exception thrown if a notice contains too many characters.
            throw new ClientException(_('Problem saving notice. Too long.'));
        }
        if (empty($profile)) {
            // TRANS: Client exception thrown when trying to save a notice for an unknown user.
            throw new ClientException(_('Problem saving notice. Unknown user.'));
        }
        if (common_config('throttle', 'enabled') && !Notice::checkEditThrottle($profile_id)) {
            common_log(LOG_WARNING, 'Excessive posting by profile #' . $profile_id . '; throttled.');
            // TRANS: Client exception thrown when a user tries to post too many notices in a given time frame.
            throw new ClientException(_('Too many notices too fast; take a breather '.
                                        'and post again in a few minutes.'));
        }
        if (common_config('site', 'dupelimit') > 0 && !Notice::checkDupes($profile_id, $final)) {
            common_log(LOG_WARNING, 'Dupe posting by profile #' . $profile_id . '; throttled.');
            // TRANS: Client exception thrown when a user tries to post too many duplicate notices in a given time frame.
            throw new ClientException(_('Too many duplicate messages too quickly;'.
                                        ' take a breather and post again in a few minutes.'));
        }
        if (!$profile->hasRight(Right::NEWNOTICE)) {
            common_log(LOG_WARNING, "Attempted post from user disallowed to post: " . $profile->nickname);
-            throw new ClientException(_('You are banned from posting notices on this site.'));
+
            // TRANS: Client exception thrown when a user tries to post while being banned.
            throw new ClientException(_('You are banned from posting notices on this site.'), 403);
        }
        $notice = new Notice();
@ -329,6 +354,7 @@ class Notice extends Memcached_DataObject
            if (!$id) {
                common_log_db_error($notice, 'INSERT', __FILE__);
                // TRANS: Server exception thrown when a notice cannot be saved.
                throw new ServerException(_('Problem saving notice.'));
            }
@ -355,6 +381,7 @@ class Notice extends Memcached_DataObject
            if ($changed) {
                if (!$notice->update($orig)) {
                    common_log_db_error($notice, 'UPDATE', __FILE__);
                    // TRANS: Server exception thrown when a notice cannot be updated.
                    throw new ServerException(_('Problem saving notice.'));
                }
            }
@ -463,7 +490,7 @@ class Notice extends Memcached_DataObject
    function saveKnownUrls($urls)
    {
        // @fixme validation?
-        foreach ($urls as $url) {
+        foreach (array_unique($urls) as $url) {
            File::processNew($url, $this->id);
        }
    }
@ -866,11 +893,12 @@ class Notice extends Memcached_DataObject
    function saveKnownGroups($group_ids)
    {
        if (!is_array($group_ids)) {
-            throw new ServerException("Bad type provided to saveKnownGroups");
+            // TRANS: Server exception thrown when no array is provided to the method saveKnownGroups().
            throw new ServerException(_("Bad type provided to saveKnownGroups"));
        }
        $groups = array();
-        foreach ($group_ids as $id) {
+        foreach (array_unique($group_ids) as $id) {
            $group = User_group::staticGet('id', $id);
            if ($group) {
                common_log(LOG_ERR, "Local delivery to group id $id, $group->nickname");
@ -964,6 +992,7 @@ class Notice extends Memcached_DataObject
            if (!$result) {
                common_log_db_error($gi, 'INSERT', __FILE__);
                // TRANS: Server exception thrown when an update for a group inbox fails.
                throw new ServerException(_('Problem saving group inbox.'));
            }
@ -992,7 +1021,7 @@ class Notice extends Memcached_DataObject
        }
        $sender = Profile::staticGet($this->profile_id);
-        foreach ($uris as $uri) {
+        foreach (array_unique($uris) as $uri) {
            $user = User::staticGet('uri', $uri);
@ -1005,6 +1034,7 @@ class Notice extends Memcached_DataObject
                $reply->notice_id  = $this->id;
                $reply->profile_id = $user->id;
                common_log(LOG_INFO, __METHOD__ . ": saving reply: notice $this->id to profile $user->id");
                $id = $reply->insert();
            }
@ -1069,7 +1099,9 @@ class Notice extends Memcached_DataObject
                if (!$id) {
                    common_log_db_error($reply, 'INSERT', __FILE__);
-                    throw new ServerException("Couldn't save reply for {$this->id}, {$mentioned->id}");
+                    // TRANS: Server exception thrown when a reply cannot be saved.
                    // TRANS: %1$d is a notice ID, %2$d is the ID of the mentioned user.
                    throw new ServerException(sprintf(_("Could not save reply for %1$d, %2$d."), $this->id, $mentioned->id));
                } else {
                    $replied[$mentioned->id] = 1;
                    self::blow('reply:stream:%d', $mentioned->id);
@ -1172,6 +1204,9 @@ class Notice extends Memcached_DataObject
        return $groups;
    }
    // This has gotten way too long. Needs to be sliced up into functional bits
    // or ideally exported to a utility class.
    function asAtomEntry($namespace=false, $source=false, $author=true, $cur=null)
    {
        $profile = $this->getProfile();
@ -1186,167 +1221,331 @@ class Notice extends Memcached_DataObject
                           'xmlns:media' => 'http://purl.org/syndication/atommedia',
                           'xmlns:poco' => 'http://portablecontacts.net/spec/1.0',
                           'xmlns:ostatus' => 'http://ostatus.org/schema/1.0',
-                           'xmlns:statusnet' => 'http://status.net/ont/');
+                           'xmlns:statusnet' => 'http://status.net/schema/api/1/');
        } else {
            $attrs = array();
        }
        if (Event::handle('StartActivityStart', array(&$this, &$xs, &$attrs))) {
            $xs->elementStart('entry', $attrs);
            Event::handle('EndActivityStart', array(&$this, &$xs, &$attrs));
        }
        if (Event::handle('StartActivitySource', array(&$this, &$xs))) {
            if ($source) {
                $atom_feed = $profile->getAtomFeed();
                if (!empty($atom_feed)) {
                    $xs->elementStart('source');
-            $xs->element('id', null, $profile->profileurl);
+
-            $xs->element('title', null, $profile->nickname . " - " . common_config('site', 'name'));
+                    // XXX: we should store the actual feed ID
-            $xs->element('link', array('href' => $profile->profileurl));
+
-            $user = User::staticGet('id', $profile->id);
+                    $xs->element('id', null, $atom_feed);
-            if (!empty($user)) {
+
-                $atom_feed = common_local_url('ApiTimelineUser',
+                    // XXX: we should store the actual feed title
-                                              array('format' => 'atom',
+
-                                                    'id' => $profile->nickname));
+                    $xs->element('title', null, $profile->getBestName());
                    $xs->element('link', array('rel' => 'alternate',
                                               'type' => 'text/html',
                                               'href' => $profile->profileurl));
                    $xs->element('link', array('rel' => 'self',
                                               'type' => 'application/atom+xml',
-                                           'href' => $profile->profileurl));
+                                               'href' => $atom_feed));
                    $xs->element('icon', null, $profile->avatarUrl(AVATAR_PROFILE_SIZE));
                    $notice = $profile->getCurrentNotice();
                    if (!empty($notice)) {
                        $xs->element('updated', null, self::utcDate($notice->created));
                    }
                    $user = User::staticGet('id', $profile->id);
                    if (!empty($user)) {
                        $xs->element('link', array('rel' => 'license',
                                                   'href' => common_config('license', 'url')));
                    }
            $xs->element('icon', null, $profile->avatarUrl(AVATAR_PROFILE_SIZE));
            $xs->element('updated', null, common_date_w3dtf($this->created));
        }
        if ($source) {
                    $xs->elementEnd('source');
                }
-
+            }
-        $xs->element('title', null, common_xml_safe_str($this->content));
+            Event::handle('EndActivitySource', array(&$this, &$xs));
        if ($author) {
            $xs->raw($profile->asAtomAuthor());
            $xs->raw($profile->asActivityActor());
        }
        $title = common_xml_safe_str($this->content);
        if (Event::handle('StartActivityTitle', array(&$this, &$xs, &$title))) {
            $xs->element('title', null, $title);
            Event::handle('EndActivityTitle', array($this, &$xs, $title));
        }
        $atomAuthor = '';
        if ($author) {
            $atomAuthor = $profile->asAtomAuthor($cur);
        }
        if (Event::handle('StartActivityAuthor', array(&$this, &$xs, &$atomAuthor))) {
            if (!empty($atomAuthor)) {
                $xs->raw($atomAuthor);
                Event::handle('EndActivityAuthor', array(&$this, &$xs, &$atomAuthor));
            }
        }
        $actor = '';
        if ($author) {
            $actor = $profile->asActivityActor();
        }
        if (Event::handle('StartActivityActor', array(&$this, &$xs, &$actor))) {
            if (!empty($actor)) {
                $xs->raw($actor);
                Event::handle('EndActivityActor', array(&$this, &$xs, &$actor));
            }
        }
        $url = $this->bestUrl();
        if (Event::handle('StartActivityLink', array(&$this, &$xs, &$url))) {
            $xs->element('link', array('rel' => 'alternate',
                                       'type' => 'text/html',
-                                   'href' => $this->bestUrl()));
+                                       'href' => $url));
            Event::handle('EndActivityLink', array(&$this, &$xs, $url));
        }
-        $xs->element('id', null, $this->uri);
+        $id = $this->uri;
-        $xs->element('published', null, common_date_w3dtf($this->created));
+        if (Event::handle('StartActivityId', array(&$this, &$xs, &$id))) {
-        $xs->element('updated', null, common_date_w3dtf($this->created));
+            $xs->element('id', null, $id);
            Event::handle('EndActivityId', array(&$this, &$xs, $id));
        }
-        $noticeInfoAttr = array(
+        $published = self::utcDate($this->created);
-            'local_id'   => $this->id,    // local notice ID (useful to clients for ordering)
+
-            'source'     => $this->source // the client name (source attribution)
+        if (Event::handle('StartActivityPublished', array(&$this, &$xs, &$published))) {
-        );
+            $xs->element('published', null, $published);
            Event::handle('EndActivityPublished', array(&$this, &$xs, $published));
        }
        $updated = $published; // XXX: notices are usually immutable
        if (Event::handle('StartActivityUpdated', array(&$this, &$xs, &$updated))) {
            $xs->element('updated', null, $updated);
            Event::handle('EndActivityUpdated', array(&$this, &$xs, $updated));
        }
        $content = common_xml_safe_str($this->rendered);
        if (Event::handle('StartActivityContent', array(&$this, &$xs, &$content))) {
            $xs->element('content', array('type' => 'html'), $content);
            Event::handle('EndActivityContent', array(&$this, &$xs, $content));
        }
        // Most of our notices represent POSTing a NOTE. This is the default verb
        // for activity streams, so we normally just leave it out.
        $verb = ActivityVerb::POST;
        if (Event::handle('StartActivityVerb', array(&$this, &$xs, &$verb))) {
            $xs->element('activity:verb', null, $verb);
            Event::handle('EndActivityVerb', array(&$this, &$xs, $verb));
        }
        // We use the default behavior for activity streams: if there's no activity:object,
        // then treat the entry itself as the object. Here, you can set the type of that object,
        // which is normally a NOTE.
        $type = ActivityObject::NOTE;
        if (Event::handle('StartActivityDefaultObjectType', array(&$this, &$xs, &$type))) {
            $xs->element('activity:object-type', null, $type);
            Event::handle('EndActivityDefaultObjectType', array(&$this, &$xs, $type));
        }
        // Since we usually use the entry itself as an object, we don't have an explicit
        // object. Some extensions may want to add them (for photo, event, music, etc.).
        $objects = array();
        if (Event::handle('StartActivityObjects', array(&$this, &$xs, &$objects))) {
            foreach ($objects as $object) {
                $xs->raw($object->asString());
            }
            Event::handle('EndActivityObjects', array(&$this, &$xs, $objects));
        }
        $noticeInfoAttr = array('local_id' => $this->id); // local notice ID (useful to clients for ordering)
        $ns = $this->getSource();
-        if ($ns) {
+
        if (!empty($ns)) {
            $noticeInfoAttr['source'] =  $ns->code;
            if (!empty($ns->url)) {
                $noticeInfoAttr['source_link'] = $ns->url;
                if (!empty($ns->name)) {
                    $noticeInfoAttr['source'] =  '<a href="'
                      . htmlspecialchars($ns->url)
                        . '" rel="nofollow">'
                      . htmlspecialchars($ns->name)
                        . '</a>';
                }
            }
        }
        if (!empty($cur)) {
-            $noticeInfoAttr['favorited'] = ($cur->hasFave($this)) ? 'true' : 'false';
+            $noticeInfoAttr['favorite'] = ($cur->hasFave($this)) ? "true" : "false";
            $profile = $cur->getProfile();
            $noticeInfoAttr['repeated'] = ($profile->hasRepeated($this->id)) ? "true" : "false";
        }
        if (!empty($this->repeat_of)) {
            $noticeInfoAttr['repeat_of'] = $this->repeat_of;
        }
        if (Event::handle('StartActivityNoticeInfo', array(&$this, &$xs, &$noticeInfoAttr))) {
            $xs->element('statusnet:notice_info', $noticeInfoAttr, null);
            Event::handle('EndActivityNoticeInfo', array(&$this, &$xs, $noticeInfoAttr));
        }
        $replyNotice = null;
        if ($this->reply_to) {
-            $reply_notice = Notice::staticGet('id', $this->reply_to);
+            $replyNotice = Notice::staticGet('id', $this->reply_to);
-            if (!empty($reply_notice)) {
+        }
        if (Event::handle('StartActivityInReplyTo', array(&$this, &$xs, &$replyNotice))) {
            if (!empty($replyNotice)) {
                $xs->element('link', array('rel' => 'related',
-                                           'href' => $reply_notice->bestUrl()));
+                                           'href' => $replyNotice->bestUrl()));
                $xs->element('thr:in-reply-to',
-                             array('ref' => $reply_notice->uri,
+                             array('ref' => $replyNotice->uri,
-                                   'href' => $reply_notice->bestUrl()));
+                                   'href' => $replyNotice->bestUrl()));
                Event::handle('EndActivityInReplyTo', array(&$this, &$xs, $replyNotice));
            }
        }
        $conv = null;
        if (!empty($this->conversation)) {
            $conv = Conversation::staticGet('id', $this->conversation);
        }
        if (Event::handle('StartActivityConversation', array(&$this, &$xs, &$conv))) {
            if (!empty($conv)) {
-                $xs->element(
+                $xs->element('link', array('rel' => 'ostatus:conversation',
-                    'link', array(
+                                           'href' => $conv->uri));
                        'rel' => 'ostatus:conversation',
                        'href' => $conv->uri
                    )
                );
            }
            Event::handle('EndActivityConversation', array(&$this, &$xs, $conv));
        }
        $replyProfiles = array();
        $reply_ids = $this->getReplies();
        foreach ($reply_ids as $id) {
            $profile = Profile::staticGet('id', $id);
            if (!empty($profile)) {
-                $xs->element(
+                $replyProfiles[] = $profile;
                    'link', array(
                        'rel' => 'ostatus:attention',
                        'href' => $profile->getUri()
                    )
                );
            }
        }
        if (Event::handle('StartActivityAttentionProfiles', array(&$this, &$xs, &$replyProfiles))) {
            foreach ($replyProfiles as $profile) {
                $xs->element('link', array('rel' => 'ostatus:attention',
                                           'href' => $profile->getUri()));
                $xs->element('link', array('rel' => 'mentioned',
                                           'href' => $profile->getUri()));
            }
            Event::handle('EndActivityAttentionProfiles', array(&$this, &$xs, $replyProfiles));
        }
        $groups = $this->getGroups();
        if (Event::handle('StartActivityAttentionGroups', array(&$this, &$xs, &$groups))) {
            foreach ($groups as $group) {
-            $xs->element(
+                $xs->element('link', array('rel' => 'ostatus:attention',
-                'link', array(
+                                           'href' => $group->permalink()));
-                    'rel' => 'ostatus:attention',
+                $xs->element('link', array('rel' => 'mentioned',
-                    'href' => $group->permalink()
+                                           'href' => $group->permalink()));
                )
            );
            }
            Event::handle('EndActivityAttentionGroups', array(&$this, &$xs, $groups));
        }
        $repeat = null;
        if (!empty($this->repeat_of)) {
            $repeat = Notice::staticGet('id', $this->repeat_of);
        }
        if (Event::handle('StartActivityForward', array(&$this, &$xs, &$repeat))) {
            if (!empty($repeat)) {
-                $xs->element(
+                $xs->element('ostatus:forward',
-                    'ostatus:forward',
+                             array('ref' => $repeat->uri,
-                     array('ref' => $repeat->uri, 'href' => $repeat->bestUrl())
+                                   'href' => $repeat->bestUrl()));
                );
            }
            }
-        $xs->element(
+            Event::handle('EndActivityForward', array(&$this, &$xs, $repeat));
            'content',
            array('type' => 'html'),
            common_xml_safe_str($this->rendered)
        );
        $tag = new Notice_tag();
        $tag->notice_id = $this->id;
        if ($tag->find()) {
            while ($tag->fetch()) {
                $xs->element('category', array('term' => $tag->tag));
        }
        }
        $tag->free();
-        # Enclosures
+        $tags = $this->getTags();
        if (Event::handle('StartActivityCategories', array(&$this, &$xs, &$tags))) {
            foreach ($tags as $tag) {
                $xs->element('category', array('term' => $tag));
            }
            Event::handle('EndActivityCategories', array(&$this, &$xs, $tags));
        }
        // Enclosures
        $enclosures = array();
        $attachments = $this->attachments();
-        if($attachments){
+
-            foreach($attachments as $attachment){
+        foreach ($attachments as $attachment) {
-                $enclosure=$attachment->getEnclosure();
+            $enclosure = $attachment->getEnclosure();
            if ($enclosure) {
-                    $attributes = array('rel'=>'enclosure','href'=>$enclosure->url,'type'=>$enclosure->mimetype,'length'=>$enclosure->size);
+                $enclosures[] = $enclosure;
                    if($enclosure->title){
                        $attributes['title']=$enclosure->title;
            }
        }
        if (Event::handle('StartActivityEnclosures', array(&$this, &$xs, &$enclosures))) {
            foreach ($enclosures as $enclosure) {
                $attributes = array('rel' => 'enclosure',
                                    'href' => $enclosure->url,
                                    'type' => $enclosure->mimetype,
                                    'length' => $enclosure->size);
                if ($enclosure->title) {
                    $attributes['title'] = $enclosure->title;
                }
                $xs->element('link', $attributes, null);
            }
-            }
+            Event::handle('EndActivityEnclosures', array(&$this, &$xs, $enclosures));
        }
-        if (!empty($this->lat) && !empty($this->lon)) {
+        $lat = $this->lat;
-            $xs->element('georss:point', null, $this->lat . ' ' . $this->lon);
+        $lon = $this->lon;
        if (Event::handle('StartActivityGeo', array(&$this, &$xs, &$lat, &$lon))) {
            if (!empty($lat) && !empty($lon)) {
                $xs->element('georss:point', null, $lat . ' ' . $lon);
            }
            Event::handle('EndActivityGeo', array(&$this, &$xs, $lat, $lon));
        }
        if (Event::handle('StartActivityEnd', array(&$this, &$xs))) {
            $xs->elementEnd('entry');
            Event::handle('EndActivityEnd', array(&$this, &$xs));
        }
        return $xs->getString();
    }
@ -1855,4 +2054,36 @@ class Notice extends Memcached_DataObject
        return $ns;
    }
    /**
     * Determine whether the notice was locally created
     *
     * @return boolean locality
     */
    public function isLocal()
    {
        return ($this->is_local == Notice::LOCAL_PUBLIC ||
                $this->is_local == Notice::LOCAL_NONPUBLIC);
    }
    public function getTags()
    {
        $tags = array();
        $tag = new Notice_tag();
        $tag->notice_id = $this->id;
        if ($tag->find()) {
            while ($tag->fetch()) {
                $tags[] = $tag->tag;
            }
        }
        $tag->free();
        return $tags;
    }
    static private function utcDate($dt)
    {
        $dateStr = date('d F Y H:i:s', strtotime($dt));
        $d = new DateTime($dateStr, new DateTimeZone('UTC'));
        return $d->format(DATE_W3C);
    }
 }
--- a/classes/Profile.php
+++ b/classes/Profile.php
@ -152,18 +152,17 @@ class Profile extends Memcached_DataObject
     *
     * @return mixed Notice or null
     */
    function getCurrentNotice()
    {
-        $notice = new Notice();
+        $notice = $this->getNotices(0, 1);
-        $notice->profile_id = $this->id;
+
-        // @fixme change this to sort on notice.id only when indexes are updated
+        if ($notice->fetch()) {
        $notice->orderBy('created DESC, notice.id DESC');
        $notice->limit(1);
        if ($notice->find(true)) {
            return $notice;
-        }
+        } else {
            return null;
        }
    }
    function getTaggedNotices($tag, $offset=0, $limit=NOTICES_PER_PAGE, $since_id=0, $max_id=0)
    {
@ -465,11 +464,9 @@ class Profile extends Memcached_DataObject
        $sub = new Subscription();
        $sub->subscribed = $this->id;
-
+        $sub->whereAdd('subscriber != subscribed');
        $cnt = (int) $sub->count('distinct subscriber');
        $cnt = ($cnt > 0) ? $cnt - 1 : $cnt;
        if (!empty($c)) {
            $c->set(common_cache_key('profile:subscriber_count:'.$this->id), $cnt);
        }
@ -735,14 +732,18 @@ class Profile extends Memcached_DataObject
                                            'role' => $name));
        if (empty($role)) {
-            throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; does not exist.');
+            // TRANS: Exception thrown when trying to revoke an existing role for a user that does not exist.
            // TRANS: %1$s is the role name, %2$s is the user ID (number).
            throw new Exception(sprintf(_('Cannot revoke role "%1$s" for user #%2$d; does not exist.'),$name, $this->id));
        }
        $result = $role->delete();
        if (!$result) {
            common_log_db_error($role, 'DELETE', __FILE__);
-            throw new Exception('Cannot revoke role "'.$name.'" for user #'.$this->id.'; database error.');
+            // TRANS: Exception thrown when trying to revoke a role for a user with a failing database query.
            // TRANS: %1$s is the role name, %2$s is the user ID (number).
            throw new Exception(sprintf(_('Cannot revoke role "%1$s" for user #%2$d; database error.'),$name, $this->id));
        }
        return true;
@ -849,15 +850,23 @@ class Profile extends Memcached_DataObject
     *
     * Assumes that Atom has been previously set up as the base namespace.
     *
     * @param Profile $cur the current authenticated user
     *
     * @return string
     */
-    function asAtomAuthor()
+    function asAtomAuthor($cur = null)
    {
        $xs = new XMLStringer(true);
        $xs->elementStart('author');
        $xs->element('name', null, $this->nickname);
        $xs->element('uri', null, $this->getUri());
        if ($cur != null) {
            $attrs = Array();
            $attrs['following'] = $cur->isSubscribed($this) ? 'true' : 'false';
            $attrs['blocking']  = $cur->hasBlocked($this) ? 'true' : 'false';
            $xs->element('statusnet:profile_info', $attrs, null);
        }
        $xs->elementEnd('author');
        return $xs->getString();
@ -935,4 +944,20 @@ class Profile extends Memcached_DataObject
        return $result;
    }
    function getAtomFeed()
    {
        $feed = null;
        if (Event::handle('StartProfileGetAtomFeed', array($this, &$feed))) {
            $user = User::staticGet('id', $this->id);
            if (!empty($user)) {
                $feed = common_local_url('ApiTimelineUser', array('id' => $user->id,
                                                                  'format' => 'atom'));
            }
            Event::handle('EndProfileGetAtomFeed', array($this, $feed));
        }
        return $feed;
    }
 }
--- a/classes/Queue_item.php
+++ b/classes/Queue_item.php
@ -64,4 +64,17 @@ class Queue_item extends Memcached_DataObject
        $qi = null;
        return null;
    }
    /**
     * Release a claimed item.
     */
    function releaseCLaim()
    {
        // DB_DataObject doesn't let us save nulls right now
        $sql = sprintf("UPDATE queue_item SET claimed=NULL WHERE id=%d", $this->id);
        $this->query($sql);
        $this->claimed = null;
        $this->encache();
    }
 }
--- a/classes/Remote_profile.php
+++ b/classes/Remote_profile.php
@ -50,7 +50,8 @@ class Remote_profile extends Memcached_DataObject
        if ($profile) {
            return $profile->hasright($right);
        } else {
-            throw new Exception("Missing profile");
+            // TRANS: Exception thrown when a right for a non-existing user profile is checked.
            throw new Exception(_("Missing profile."));
        }
    }
 }
--- a/classes/Safe_DataObject.php
+++ b/classes/Safe_DataObject.php
@ -116,6 +116,7 @@ class Safe_DataObject extends DB_DataObject
        if ($this->_call($method, $params, $return)) {
            return $return;
        } else {
            // Low level exception. No need for i18n as discussed with Brion.
            throw new Exception('Call to undefined method ' .
                get_class($this) . '::' . $method);
        }
@ -136,7 +137,6 @@ class Safe_DataObject extends DB_DataObject
     */
    function databaseStructure()
    {
        global $_DB_DATAOBJECT;
        // Assignment code
@ -178,8 +178,6 @@ class Safe_DataObject extends DB_DataObject
        }
        if (!$this->_database) {
            $this->_connect();
        }
@ -205,7 +203,6 @@ class Safe_DataObject extends DB_DataObject
            return true;
        }
        if (empty($_DB_DATAOBJECT['CONFIG'])) {
            DB_DataObject::_loadConfig();
        }
@ -223,7 +220,6 @@ class Safe_DataObject extends DB_DataObject
                explode(PATH_SEPARATOR,$_DB_DATAOBJECT['CONFIG']["ini_{$this->_database}"]);
        }
        /* BEGIN CHANGED FROM UPSTREAM */
        $_DB_DATAOBJECT['INI'][$this->_database] = $this->parseIniFiles($schemas);
        /* END CHANGED FROM UPSTREAM */
@ -245,7 +241,8 @@ class Safe_DataObject extends DB_DataObject
        }
        $this->debug("Cant find database schema: {$this->_database}/{$this->__table} \n".
                    "in links file data: " . print_r($_DB_DATAOBJECT['INI'],true),"databaseStructure",5);
-        // we have to die here!! - it causes chaos if we dont (including looping forever!)
+        // we have to die here!! - it causes chaos if we don't (including looping forever!)
        // Low level exception. No need for i18n as discussed with Brion.
        $this->raiseError( "Unable to load schema for database and table (turn debugging up to 5 for full error message)", DB_DATAOBJECT_ERROR_INVALIDARGS, PEAR_ERROR_DIE);
        return false;
    }
--- a/classes/Status_network.php
+++ b/classes/Status_network.php
@ -27,7 +27,8 @@ class Status_network extends Safe_DataObject
    /* the code below is auto generated do not remove the above tag */
    public $__table = 'status_network';                  // table name
-    public $nickname;                        // varchar(64)  primary_key not_null
+    public $site_id;                         // int(4) primary_key not_null
    public $nickname;                        // varchar(64)   unique_key not_null
    public $hostname;                        // varchar(255)  unique_key
    public $pathname;                        // varchar(255)  unique_key
    public $dbhost;                          // varchar(255)
@ -39,7 +40,6 @@ class Status_network extends Safe_DataObject
    public $logo;                            // varchar(255)
    public $created;                         // datetime()   not_null
    public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
    public $tags;                            // text
    /* Static get */
    function staticGet($k,$v=NULL) {
@ -144,6 +144,35 @@ class Status_network extends Safe_DataObject
        return parent::update($orig);
    }
    /**
     * DB_DataObject doesn't allow updating keys (even non-primary)
     */
    function updateKeys(&$orig)
    {
        $this->_connect();
        foreach (array('hostname', 'pathname') as $k) {
            if (strcmp($this->$k, $orig->$k) != 0) {
                $parts[] = $k . ' = ' . $this->_quote($this->$k);
            }
        }
        if (count($parts) == 0) {
            // No changes
            return true;
        }
        $toupdate = implode(', ', $parts);
        $table = common_database_tablename($this->tableName());
        $qry = 'UPDATE ' . $table . ' SET ' . $toupdate .
            ' WHERE nickname = ' . $this->_quote($this->nickname);
        $orig->decache();
        $result = $this->query($qry);
        if ($result) {
            $this->encache();
        }
        return $result;
    }
    function delete()
    {
        $this->decache(); # while we still have the values!
@ -152,18 +181,12 @@ class Status_network extends Safe_DataObject
    /**
     * @param string $servername hostname
     * @param string $pathname URL base path
     * @param string $wildcard hostname suffix to match wildcard config
     * @return mixed Status_network or null
     */
-    static function setupSite($servername, $pathname, $wildcard)
+    static function getFromHostname($servername, $wildcard)
    {
        global $config;
        $sn = null;
        // XXX I18N, probably not crucial for hostnames
        // XXX This probably needs a tune up
        if (0 == strncasecmp(strrev($wildcard), strrev($servername), strlen($wildcard))) {
            // special case for exact match
            if (0 == strcasecmp($servername, $wildcard)) {
@ -182,6 +205,23 @@ class Status_network extends Safe_DataObject
                }
            }
        }
        return $sn;
    }
    /**
     * @param string $servername hostname
     * @param string $pathname URL base path
     * @param string $wildcard hostname suffix to match wildcard config
     */
    static function setupSite($servername, $pathname, $wildcard)
    {
        global $config;
        $sn = null;
        // XXX I18N, probably not crucial for hostnames
        // XXX This probably needs a tune up
        $sn = self::getFromHostname($servername, $wildcard);
        if (!empty($sn)) {
@ -268,7 +308,61 @@ class Status_network extends Safe_DataObject
     */
    function getTags()
    {
-        return array_filter(explode("|", strval($this->tags)));
+        $result = array();
        $tags = new Status_network_tag();
        $tags->site_id = $this->site_id;
        if ($tags->find()) {
            while ($tags->fetch()) {
                $result[] = $tags->tag;
            }
        }
        // XXX : for backwards compatibility
        if (empty($result)) {
            return explode('|', $this->tags);
        }
        return $result;
    }
    /**
     * Save a given set of tags
     * @param array tags
     */
    function setTags($tags)
    {
        $this->clearTags();
        foreach ($tags as $tag) {
            if (!empty($tag)) {
                $snt = new Status_network_tag();
                $snt->site_id = $this->site_id;
                $snt->tag = $tag;
                $snt->created = common_sql_now();
                $id = $snt->insert();
                if (!$id) {
                    // TRANS: Exception thrown when a tag cannot be saved.
                    throw new Exception(_("Unable to save tag."));
                }
            }
        }
        return true;
    }
    function clearTags()
    {
        $tag = new Status_network_tag();
        $tag->site_id = $this->site_id;
        if ($tag->find()) {
            while($tag->fetch()) {
                $tag->delete();
            }
        }
        $tag->free();
    }
    /**
--- a/classes/Status_network_tag.php
+++ b/classes/Status_network_tag.php
@ -0,0 +1,69 @@
 <?php
 /*
 * StatusNet - the distributed open-source microblogging tool
 * Copyright (C) 2008, 2009, 2010 StatusNet, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 if (!defined('STATUSNET')) { exit(1); }
 class Status_network_tag extends Safe_DataObject
 {
    ###START_AUTOCODE
    /* the code below is auto generated do not remove the above tag */
    public $__table = 'status_network_tag';                      // table name
    public $site_id;                  // int(4)  primary_key not_null
    public $tag;                      // varchar(64)  primary_key not_null 
    public $created;                 // datetime()   not_null
    function __construct()
    {
        global $config;
        global $_DB_DATAOBJECT;
        $sn = new Status_network();
        $sn->_connect();
        $config['db']['table_'. $this->__table] = $sn->_database;
        $this->_connect();
    }
    /* Static get */
    function staticGet($k,$v=null)
    {
        $i = DB_DataObject::staticGet('Status_network_tag',$k,$v);
        // Don't use local process cache; if we're fetching multiple
        // times it's because we're reloading it in a long-running
        // process; we need a fresh copy!
        global $_DB_DATAOBJECT;
        unset($_DB_DATAOBJECT['CACHE']['status_network_tag']);
        return $i;
    }
    /* the code above is auto generated do not remove the tag below */
    ###END_AUTOCODE
    function pkeyGet($kv)
    {
        return Memcached_DataObject::pkeyGet('Status_network_tag', $kv);
    }
 }
--- a/classes/Subscription.php
+++ b/classes/Subscription.php
@ -71,14 +71,17 @@ class Subscription extends Memcached_DataObject
        }
        if (!$subscriber->hasRight(Right::SUBSCRIBE)) {
            // TRANS: Exception thrown when trying to subscribe while being banned from subscribing.
            throw new Exception(_('You have been banned from subscribing.'));
        }
        if (self::exists($subscriber, $other)) {
            // TRANS: Exception thrown when trying to subscribe while already subscribed.
            throw new Exception(_('Already subscribed!'));
        }
        if ($other->hasBlocked($subscriber)) {
            // TRANS: Exception thrown when trying to subscribe to a user who has blocked the subscribing user.
            throw new Exception(_('User has blocked you.'));
        }
@ -129,6 +132,7 @@ class Subscription extends Memcached_DataObject
        if (!$result) {
            common_log_db_error($sub, 'INSERT', __FILE__);
            // TRANS: Exception thrown when a subscription could not be stored on the server.
            throw new Exception(_('Could not save subscription.'));
        }
@ -160,17 +164,18 @@ class Subscription extends Memcached_DataObject
     * Cancel a subscription
     *
     */
    function cancel($subscriber, $other)
    {
        if (!self::exists($subscriber, $other)) {
            // TRANS: Exception thrown when trying to unsibscribe without a subscription.
            throw new Exception(_('Not subscribed!'));
        }
        // Don't allow deleting self subs
        if ($subscriber->id == $other->id) {
-            throw new Exception(_('Couldn\'t delete self-subscription.'));
+            // TRANS: Exception thrown when trying to unsubscribe a user from themselves.
            throw new Exception(_('Could not delete self-subscription.'));
        }
        if (Event::handle('StartUnsubscribe', array($subscriber, $other))) {
@ -197,7 +202,8 @@ class Subscription extends Memcached_DataObject
                    if (!$result) {
                        common_log_db_error($token, 'DELETE', __FILE__);
-                        throw new Exception(_('Couldn\'t delete subscription OMB token.'));
+                        // TRANS: Exception thrown when the OMB token for a subscription could not deleted on the server.
                        throw new Exception(_('Could not delete subscription OMB token.'));
                    }
                } else {
                    common_log(LOG_ERR, "Couldn't find credentials with token {$token->tok}");
@ -208,7 +214,8 @@ class Subscription extends Memcached_DataObject
            if (!$result) {
                common_log_db_error($sub, 'DELETE', __FILE__);
-                throw new Exception(_('Couldn\'t delete subscription.'));
+                // TRANS: Exception thrown when a subscription could not be deleted on the server.
                throw new Exception(_('Could not delete subscription.'));
            }
            self::blow('user:notices_with_friends:%d', $subscriber->id);
--- a/classes/User.php
+++ b/classes/User.php
@ -360,11 +360,12 @@ class User extends Memcached_DataObject
                               __FILE__);
                } else {
                    $notice = Notice::saveNew($welcomeuser->id,
                                              // TRANS: Notice given on user registration.
                                              // TRANS: %1$s is the sitename, $2$s is the registering user's nickname.
                                              sprintf(_('Welcome to %1$s, @%2$s!'),
                                                      common_config('site', 'name'),
                                                      $user->nickname),
                                              'system');
                }
            }
@ -375,7 +376,6 @@ class User extends Memcached_DataObject
    }
    // Things we do when the email changes
    function emailChanged()
    {
@ -524,7 +524,7 @@ class User extends Memcached_DataObject
        if ($this->id == $other->id) {
            common_log(LOG_WARNING,
                sprintf(
-                    "Profile ID %d (%s) tried to block his or herself.",
+                    "Profile ID %d (%s) tried to block themself.",
                    $this->id,
                    $this->nickname
                )
--- a/classes/User_group.php
+++ b/classes/User_group.php
@ -154,6 +154,21 @@ class User_group extends Memcached_DataObject
        return $members;
    }
    function getMemberCount()
    {
        // XXX: WORM cache this
        $members = $this->getMembers();
        $member_count = 0;
        /** $member->count() doesn't work. */
        while ($members->fetch()) {
            $member_count++;
        }
        return $member_count;
    }
    function getAdmins($offset=0, $limit=null)
    {
        $qry =
@ -477,6 +492,7 @@ class User_group extends Memcached_DataObject
        if (!$result) {
            common_log_db_error($group, 'INSERT', __FILE__);
            // TRANS: Server exception thrown when creating a group failed.
            throw new ServerException(_('Could not create group.'));
        }
@ -486,6 +502,7 @@ class User_group extends Memcached_DataObject
            $result = $group->update($orig);
            if (!$result) {
                common_log_db_error($group, 'UPDATE', __FILE__);
                // TRANS: Server exception thrown when updating a group URI failed.
                throw new ServerException(_('Could not set group URI.'));
            }
        }
@ -493,6 +510,7 @@ class User_group extends Memcached_DataObject
        $result = $group->setAliases($aliases);
        if (!$result) {
            // TRANS: Server exception thrown when creating group aliases failed.
            throw new ServerException(_('Could not create aliases.'));
        }
@ -507,6 +525,7 @@ class User_group extends Memcached_DataObject
        if (!$result) {
            common_log_db_error($member, 'INSERT', __FILE__);
            // TRANS: Server exception thrown when setting group membership failed.
            throw new ServerException(_('Could not set group membership.'));
        }
@ -521,6 +540,7 @@ class User_group extends Memcached_DataObject
            if (!$result) {
                common_log_db_error($local_group, 'INSERT', __FILE__);
                // TRANS: Server exception thrown when saving local group information failed.
                throw new ServerException(_('Could not save local group info.'));
            }
        }
--- a/classes/status_network.ini
+++ b/classes/status_network.ini
@ -1,4 +1,5 @@
 [status_network]
 site_id = 129
 nickname = 130
 hostname = 2
 pathname = 2
@ -11,9 +12,19 @@ theme = 2
 logo = 2
 created = 142
 modified = 384
 tags = 34
 [status_network__keys]
-nickname = K
+site_id  = K
 nickname = U
 hostname = U
 pathname = U
 [status_network_tag]
 site_id = 129
 tag = 130
 created = 142
 [status_network_tag__keys]
 site_id = K
 tag = K
--- a/db/08to09_pg.sql
+++ b/db/08to09_pg.sql
@ -100,6 +100,25 @@ insert into queue_item_new (frame,transport,created,claimed)
 alter table queue_item rename to queue_item_old;
 alter table queue_item_new rename to queue_item;
 ALTER TABLE confirm_address ALTER column sent set default CURRENT_TIMESTAMP;
 create table user_location_prefs (
    user_id integer not null /*comment 'user who has the preference'*/ references "user" (id),
    share_location int default 1 /* comment 'Whether to share location data'*/,
    created timestamp not null /*comment 'date this record was created'*/,
    modified timestamp /* comment 'date this record was modified'*/,
    primary key (user_id)
 );
 create table inbox (
    user_id integer not null /* comment 'user receiving the notice' */ references "user" (id),
    notice_ids bytea /* comment 'packed list of notice ids' */,
    primary key (user_id)
 );
 create table user_location_prefs (
    user_id integer not null /*comment 'user who has the preference'*/ references "user" (id),
--- a/db/notice_source.sql
+++ b/db/notice_source.sql
@ -9,6 +9,7 @@ VALUES
    ('bti','bti','http://gregkh.github.com/bti/', now()),
    ('choqok', 'Choqok', 'http://choqok.gnufolks.org/', now()),
    ('cliqset', 'Cliqset', 'http://www.cliqset.com/', now()),
    ('DarterosStatus', 'Darteros Status', 'http://www.darteros.com/doc/Darteros_Status', now()),
    ('deskbar','Deskbar-Applet','http://www.gnome.org/projects/deskbar-applet/', now()),
    ('Do','Gnome Do','http://do.davebsd.com/wiki/index.php?title=Microblog_Plugin', now()),
    ('drupal','Drupal','http://drupal.org/', now()),
@ -17,6 +18,7 @@ VALUES
    ('Facebook','Facebook','http://apps.facebook.com/identica/', now()),
    ('feed2omb','feed2omb','http://projects.ciarang.com/p/feed2omb/', now()),
    ('get2gnow', 'get2gnow', 'http://uberchicgeekchick.com/?projects=get2gnow', now()),
    ('gNewBook', 'gNewBook', 'http://www.gnewbook.org/', now()),
    ('gravity', 'Gravity', 'http://mobileways.de/gravity', now()),
    ('Gwibber','Gwibber','http://launchpad.net/gwibber', now()),
    ('HelloTxt','HelloTxt','http://hellotxt.com/', now()),
@ -49,6 +51,7 @@ VALUES
    ('smob','SMOB','http://smob.sioc-project.org/', now()),
    ('socialoomphBfD4pMqz31', 'SocialOomph', 'http://www.socialoomph.com/', now()),
    ('spaz','Spaz','http://funkatron.com/spaz', now()),
    ('StatusNet Desktop', 'StatusNet Desktop', 'http://status.net/desktop', now()),
    ('tarpipe','tarpipe','http://tarpipe.com/', now()),
    ('tjunar','Tjunar','http://nederflash.nl/boek/titels/tjunar-air', now()),
    ('tr.im','tr.im','http://tr.im/', now()),
--- a/db/site.sql
+++ b/db/site.sql
@ -2,7 +2,8 @@
 create table status_network (
-    nickname varchar(64) primary key comment 'nickname',
+    site_id  integer auto_increment primary key comment 'unique id',
    nickname varchar(64)  unique key comment 'nickname',
    hostname varchar(255) unique key comment 'alternate hostname if any',
    pathname varchar(255) unique key comment 'alternate pathname if any',
@ -21,3 +22,12 @@ create table status_network (
    modified timestamp comment 'date this record was modified'
 ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;
 create table status_network_tag (
    site_id integer  comment 'unique id',
    tag varchar(64) comment 'tag name',
    created datetime not null comment 'date the record was created',
    constraint primary key (site_id, tag)
 ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;
--- a/db/site_093to094.sql
+++ b/db/site_093to094.sql
@ -0,0 +1,13 @@
 alter table status_network 
      drop primary key,
      add column site_id integer auto_increment primary key first,
      add unique key (nickname);
 create table status_network_tag (
    site_id integer  comment 'unique id',
    tag varchar(64) comment 'tag name',
    created datetime not null comment 'date the record was created',
    constraint primary key (site_id, tag)
 ) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;
--- a/db/statusnet_pg.sql
+++ b/db/statusnet_pg.sql
@ -276,7 +276,7 @@ create table confirm_address (
    address_extra varchar(255) not null default '' /* comment 'carrier ID, for SMS' */,
    address_type varchar(8) not null /* comment 'address type ("email", "jabber", "sms")' */,
    claimed timestamp /* comment 'date this was claimed for queueing' */,
-    sent timestamp /* comment 'date this was sent for queueing' */,
+    sent timestamp default CURRENT_TIMESTAMP /* comment 'date this was sent for queueing' */,
    modified timestamp /* comment 'date this record was modified' */
 );
--- a/extlib/Auth/OpenID.php
+++ b/extlib/Auth/OpenID.php
@ -20,7 +20,7 @@
 /**
 * The library version string
 */
-define('Auth_OpenID_VERSION', '2.1.3');
+define('Auth_OpenID_VERSION', '2.2.2');
 /**
 * Require the fetcher code.
@ -102,9 +102,7 @@ define('Auth_OpenID_digits',
 define('Auth_OpenID_punct',
       "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~");
-if (Auth_OpenID_getMathLib() === null) {
+Auth_OpenID_include_init();
    Auth_OpenID_setNoMathSupport();
 }
 /**
 * The OpenID utility function class.
@ -120,7 +118,7 @@ class Auth_OpenID {
     *
     * @access private
     */
-    function isFailure($thing)
+    static function isFailure($thing)
    {
        return is_a($thing, 'Auth_OpenID_FailureResponse');
    }
@ -139,9 +137,12 @@ class Auth_OpenID {
     * Returns an empty array if neither GET nor POST was used, or if
     * POST was used but php://input cannot be opened.
     *
     * See background:
     * http://lists.openidenabled.com/pipermail/dev/2007-March/000395.html
     *
     * @access private
     */
-    function getQuery($query_str=null)
+    static function getQuery($query_str=null)
    {
        $data = array();
@ -177,7 +178,7 @@ class Auth_OpenID {
        return $data;
    }
-    function params_from_string($str)
+    static function params_from_string($str)
    {
        $chunks = explode("&", $str);
@ -190,7 +191,7 @@ class Auth_OpenID {
            }
            list($k, $v) = $parts;
-            $data[$k] = urldecode($v);
+            $data[urldecode($k)] = urldecode($v);
        }
        return $data;
@ -203,7 +204,7 @@ class Auth_OpenID {
     *
     * @access private
     */
-    function ensureDir($dir_name)
+    static function ensureDir($dir_name)
    {
        if (is_dir($dir_name) || @mkdir($dir_name)) {
            return true;
@ -225,7 +226,7 @@ class Auth_OpenID {
     *
     * @access private
     */
-    function addPrefix($values, $prefix)
+    static function addPrefix($values, $prefix)
    {
        $new_values = array();
        foreach ($values as $s) {
@ -241,7 +242,7 @@ class Auth_OpenID {
     *
     * @access private
     */
-    function arrayGet($arr, $key, $fallback = null)
+    static function arrayGet($arr, $key, $fallback = null)
    {
        if (is_array($arr)) {
            if (array_key_exists($key, $arr)) {
@ -261,7 +262,7 @@ class Auth_OpenID {
    /**
     * Replacement for PHP's broken parse_str.
     */
-    function parse_str($query)
+    static function parse_str($query)
    {
        if ($query === null) {
            return null;
@ -278,7 +279,7 @@ class Auth_OpenID {
            }
            list($key, $value) = $pair;
-            $new_parts[$key] = urldecode($value);
+            $new_parts[urldecode($key)] = urldecode($value);
        }
        return $new_parts;
@ -295,7 +296,7 @@ class Auth_OpenID {
     * pairs from $data into a URL query string
     * (e.g. "username=bob&id=56").
     */
-    function httpBuildQuery($data)
+    static function httpBuildQuery($data)
    {
        $pairs = array();
        foreach ($data as $key => $value) {
@ -323,7 +324,7 @@ class Auth_OpenID {
     * @return string $url The original URL with the new parameters added.
     *
     */
-    function appendArgs($url, $args)
+    static function appendArgs($url, $args)
    {
        if (count($args) == 0) {
            return $url;
@ -367,7 +368,7 @@ class Auth_OpenID {
     * @return string $url The URL resulting from assembling the
     * specified components.
     */
-    function urlunparse($scheme, $host, $port = null, $path = '/',
+    static function urlunparse($scheme, $host, $port = null, $path = '/',
                        $query = '', $fragment = '')
    {
@ -412,7 +413,7 @@ class Auth_OpenID {
     * @return mixed $new_url The URL after normalization, or null if
     * $url was malformed.
     */
-    function normalizeUrl($url)
+    static function normalizeUrl($url)
    {
        @$parsed = parse_url($url);
@ -443,7 +444,7 @@ class Auth_OpenID {
     *
     * @access private
     */
-    function intval($value)
+    static function intval($value)
    {
        $re = "/^\\d+$/";
@ -461,7 +462,7 @@ class Auth_OpenID {
     * @param string $str The string of bytes to count.
     * @return int The number of bytes in $str.
     */
-    function bytes($str)
+    static function bytes($str)
    {
        return strlen(bin2hex($str)) / 2;
    }
@ -470,7 +471,7 @@ class Auth_OpenID {
     * Get the bytes in a string independently of multibyte support
     * conditions.
     */
-    function toBytes($str)
+    static function toBytes($str)
    {
        $hex = bin2hex($str);
@ -486,7 +487,7 @@ class Auth_OpenID {
        return $b;
    }
-    function urldefrag($url)
+    static function urldefrag($url)
    {
        $parts = explode("#", $url, 2);
@ -497,7 +498,7 @@ class Auth_OpenID {
        }
    }
-    function filter($callback, &$sequence)
+    static function filter($callback, &$sequence)
    {
        $result = array();
@ -510,7 +511,7 @@ class Auth_OpenID {
        return $result;
    }
-    function update(&$dest, &$src)
+    static function update(&$dest, &$src)
    {
        foreach ($src as $k => $v) {
            $dest[$k] = $v;
@ -524,14 +525,14 @@ class Auth_OpenID {
     *
     * @param string $format_string The sprintf format for the message
     */
-    function log($format_string)
+    static function log($format_string)
    {
        $args = func_get_args();
        $message = call_user_func_array('sprintf', $args);
        error_log($message);
    }
-    function autoSubmitHTML($form, $title="OpenId transaction in progress")
+    static function autoSubmitHTML($form, $title="OpenId transaction in progress")
    {
        return("<html>".
               "<head><title>".
@ -549,4 +550,14 @@ class Auth_OpenID {
               "</html>");
    }
 }
-?>
+
 /*
 * Function to run when this file is included.
 * Abstracted to a function to make life easier
 * for some PHP optimizers.
 */
 function Auth_OpenID_include_init() {
  if (Auth_OpenID_getMathLib() === null) {
    Auth_OpenID_setNoMathSupport();
  }
 }
--- a/extlib/Auth/OpenID/AX.php
+++ b/extlib/Auth/OpenID/AX.php
@ -38,7 +38,7 @@ class Auth_OpenID_AX {
     * @return bool true if $thing is an Auth_OpenID_AX_Error; false
     * if not.
     */
-    function isError($thing)
+    static function isError($thing)
    {
        return is_a($thing, 'Auth_OpenID_AX_Error');
    }
@ -191,7 +191,7 @@ class Auth_OpenID_AX_AttrInfo {
     * Construct an attribute information object.  For parameter
     * details, see the constructor.
     */
-    function make($type_uri, $count=1, $required=false,
+    static function make($type_uri, $count=1, $required=false,
                  $alias=null)
    {
        if ($alias !== null) {
@ -235,7 +235,7 @@ class Auth_OpenID_AX_AttrInfo {
 * return null If an alias is present in the list of aliases but
 * is not present in the namespace map.
 */
-function Auth_OpenID_AX_toTypeURIs(&$namespace_map, $alias_list_s)
+function Auth_OpenID_AX_toTypeURIs($namespace_map, $alias_list_s)
 {
    $uris = array();
@ -386,7 +386,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
     * Auth_OpenID_AX_FetchRequest extracted from the request message if
     * successful
     */
-    function &fromOpenIDRequest($request)
+    static function fromOpenIDRequest($request)
    {
        $m = $request->message;
        $obj = new Auth_OpenID_AX_FetchRequest();
@ -484,7 +484,7 @@ class Auth_OpenID_AX_FetchRequest extends Auth_OpenID_AX_Message {
                         Auth_OpenID::arrayGet($ax_args, 'required'));
        foreach ($required as $type_uri) {
-            $attrib =& $this->requested_attributes[$type_uri];
+            $attrib = $this->requested_attributes[$type_uri];
            $attrib->required = true;
        }
@ -587,7 +587,7 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
     *
     * @access private
     */
-    function _getExtensionKVArgs(&$aliases)
+    function _getExtensionKVArgs($aliases)
    {
        if ($aliases === null) {
            $aliases = new Auth_OpenID_NamespaceMap();
@ -652,7 +652,7 @@ class Auth_OpenID_AX_KeyValueMessage extends Auth_OpenID_AX_Message {
        foreach ($aliases->iteritems() as $pair) {
            list($type_uri, $alias) = $pair;
-            if (array_key_exists('count.' . $alias, $ax_args)) {
+            if (array_key_exists('count.' . $alias, $ax_args) && ($ax_args['count.' . $alias] !== Auth_OpenID_AX_UNLIMITED_VALUES)) {
                $count_key = 'count.' . $alias;
                $count_s = $ax_args[$count_key];
@ -888,7 +888,7 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage {
            $ax_args['update_url'] = $update_url;
        }
-        Auth_OpenID::update(&$ax_args, $kv_args);
+        Auth_OpenID::update($ax_args, $kv_args);
        return $ax_args;
    }
@ -922,7 +922,7 @@ class Auth_OpenID_AX_FetchResponse extends Auth_OpenID_AX_KeyValueMessage {
     * @return $response A FetchResponse containing the data from the
     * OpenID message
     */
-    function fromSuccessResponse($success_response, $signed=true)
+    static function fromSuccessResponse($success_response, $signed=true)
    {
        $obj = new Auth_OpenID_AX_FetchResponse();
        if ($signed) {
@ -960,7 +960,7 @@ class Auth_OpenID_AX_StoreRequest extends Auth_OpenID_AX_KeyValueMessage {
    {
        $ax_args = $this->_newArgs();
        $kv_args = $this->_getExtensionKVArgs($aliases);
-        Auth_OpenID::update(&$ax_args, $kv_args);
+        Auth_OpenID::update($ax_args, $kv_args);
        return $ax_args;
    }
 }
@ -980,7 +980,7 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
     * Returns Auth_OpenID_AX_Error on error or an
     * Auth_OpenID_AX_StoreResponse object on success.
     */
-    function &make($succeeded=true, $error_message=null)
+    function make($succeeded=true, $error_message=null)
    {
        if (($succeeded) && ($error_message !== null)) {
            return new Auth_OpenID_AX_Error('An error message may only be '.
@ -1020,4 +1020,3 @@ class Auth_OpenID_AX_StoreResponse extends Auth_OpenID_AX_Message {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/Association.php
+++ b/extlib/Auth/OpenID/Association.php
@ -94,7 +94,7 @@ class Auth_OpenID_Association {
     * @return association An {@link Auth_OpenID_Association}
     * instance.
     */
-    function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
+    static function fromExpiresIn($expires_in, $handle, $secret, $assoc_type)
    {
        $issued = time();
        $lifetime = $expires_in;
@ -132,7 +132,7 @@ class Auth_OpenID_Association {
        $handle, $secret, $issued, $lifetime, $assoc_type)
    {
        if (!in_array($assoc_type,
-                      Auth_OpenID_getSupportedAssociationTypes())) {
+                      Auth_OpenID_getSupportedAssociationTypes(), true)) {
            $fmt = 'Unsupported association type (%s)';
            trigger_error(sprintf($fmt, $assoc_type), E_USER_ERROR);
        }
@ -206,7 +206,7 @@ class Auth_OpenID_Association {
     * @param string $assoc_s Association as serialized by serialize()
     * @return Auth_OpenID_Association $result instance of this class
     */
-    function deserialize($class_name, $assoc_s)
+    static function deserialize($class_name, $assoc_s)
    {
        $pairs = Auth_OpenID_KVForm::toArray($assoc_s, $strict = true);
        $keys = array();
@ -327,7 +327,7 @@ class Auth_OpenID_Association {
     *
     * @access private
     */
-    function _makePairs(&$message)
+    function _makePairs($message)
    {
        $signed = $message->getArg(Auth_OpenID_OPENID_NS, 'signed');
        if (!$signed || Auth_OpenID::isFailure($signed)) {
@ -352,7 +352,7 @@ class Auth_OpenID_Association {
     *
     * @access private
     */
-    function getMessageSignature(&$message)
+    function getMessageSignature($message)
    {
        $pairs = $this->_makePairs($message);
        return base64_encode($this->sign($pairs));
@ -364,7 +364,7 @@ class Auth_OpenID_Association {
     *
     * @access private
     */
-    function checkMessageSignature(&$message)
+    function checkMessageSignature($message)
    {
        $sig = $message->getArg(Auth_OpenID_OPENID_NS,
                                'sig');
@ -374,7 +374,42 @@ class Auth_OpenID_Association {
        }
        $calculated_sig = $this->getMessageSignature($message);
-        return $calculated_sig == $sig;
+
        return $this->constantTimeCompare($calculated_sig, $sig);
    }
    /**
     * String comparison function which will complete in a constant time
     * for strings of any given matching length, to help prevent an attacker
     * from distinguishing how much of a signature token they have guessed
     * correctly.
     *
     * For this usage, it's assumed that the length of the string is known,
     * so we may safely short-circuit on mismatched lengths which will be known
     * to be invalid by the attacker.
     *
     * http://lists.openid.net/pipermail/openid-security/2010-July/001156.html
     * http://rdist.root.org/2010/01/07/timing-independent-array-comparison/
     */
    private function constantTimeCompare($a, $b)
    {
        $len = strlen($a);
        if (strlen($b) !== $len) {
            // Short-circuit on length mismatch; attackers will already know
            // the correct target length so this is safe.
            return false;
        }
        if ($len == 0) {
            // 0-length valid input shouldn't really happen. :)
            return true;
        }
        $result = 0;
        for ($i = 0; $i < strlen($a); $i++) {
            // We use scary bitwise operations to avoid logical short-circuits
            // in lower-level code.
            $result |= ord($a{$i}) ^ ord($b{$i});
        }
        return ($result == 0);
    }
 }
@ -469,18 +504,16 @@ function Auth_OpenID_getOnlyEncryptedOrder()
    return $result;
 }
-function &Auth_OpenID_getDefaultNegotiator()
+function Auth_OpenID_getDefaultNegotiator()
 {
-    $x = new Auth_OpenID_SessionNegotiator(
+    return new Auth_OpenID_SessionNegotiator(
                 Auth_OpenID_getDefaultAssociationOrder());
    return $x;
 }
-function &Auth_OpenID_getEncryptedNegotiator()
+function Auth_OpenID_getEncryptedNegotiator()
 {
-    $x = new Auth_OpenID_SessionNegotiator(
+    return new Auth_OpenID_SessionNegotiator(
                 Auth_OpenID_getOnlyEncryptedOrder());
    return $x;
 }
 /**
@ -610,4 +643,3 @@ class Auth_OpenID_SessionNegotiator {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/BigMath.php
+++ b/extlib/Auth/OpenID/BigMath.php
@ -351,8 +351,7 @@ function Auth_OpenID_math_extensions()
                  'class' => 'Auth_OpenID_GmpMathWrapper');
    }
-    $result[] = array(
+    $result[] = array('modules' => array('bcmath', 'php_bcmath'),
                      'modules' => array('bcmath', 'php_bcmath'),
                      'extension' => 'bcmath',
                      'class' => 'Auth_OpenID_BcMathWrapper');
@ -366,27 +365,9 @@ function Auth_OpenID_detectMathLibrary($exts)
 {
    $loaded = false;
 	$hasDl = function_exists('dl');
    foreach ($exts as $extension) {
-        // See if the extension specified is already loaded.
+        if (extension_loaded($extension['extension'])) {
        if ($extension['extension'] &&
            extension_loaded($extension['extension'])) {
            $loaded = true;
        }
        // Try to load dynamic modules.
        if (!$loaded) {
            foreach ($extension['modules'] as $module) {
                if (@dl($module . "." . PHP_SHLIB_SUFFIX)) {
                    $loaded = true;
                    break;
                }
            }
        }
        // If the load succeeded, supply an instance of
        // Auth_OpenID_MathWrapper which wraps the specified
        // module's functionality.
        if ($loaded) {
            return $extension;
        }
    }
@ -405,7 +386,7 @@ function Auth_OpenID_detectMathLibrary($exts)
 * instance of a wrapper for that extension module.  If no extension
 * module is found, an instance of {@link Auth_OpenID_MathWrapper} is
 * returned, which wraps the native PHP integer implementation.  The
- * proper calling convention for this method is $lib =&
+ * proper calling convention for this method is $lib =
 * Auth_OpenID_getMathLib().
 *
 * This function checks for the existence of specific long number
@ -416,7 +397,7 @@ function Auth_OpenID_detectMathLibrary($exts)
 *
 * @package OpenID
 */
-function &Auth_OpenID_getMathLib()
+function Auth_OpenID_getMathLib()
 {
    // The instance of Auth_OpenID_MathWrapper that we choose to
    // supply will be stored here, so that subseqent calls to this
@ -468,4 +449,4 @@ function Auth_OpenID_noMathSupport()
    return defined('Auth_OpenID_NO_MATH_SUPPORT');
 }
-?>
+
--- a/extlib/Auth/OpenID/Consumer.php
+++ b/extlib/Auth/OpenID/Consumer.php
@ -258,19 +258,19 @@ class Auth_OpenID_Consumer {
     * when creating the internal consumer object.  This is used for
     * testing.
     */
-    function Auth_OpenID_Consumer(&$store, $session = null,
+    function Auth_OpenID_Consumer($store, $session = null,
                                  $consumer_cls = null)
    {
        if ($session === null) {
            $session = new Auth_Yadis_PHPSession();
        }
-        $this->session =& $session;
+        $this->session = $session;
        if ($consumer_cls !== null) {
-            $this->consumer =& new $consumer_cls($store);
+            $this->consumer = new $consumer_cls($store);
        } else {
-            $this->consumer =& new Auth_OpenID_GenericConsumer($store);
+            $this->consumer = new Auth_OpenID_GenericConsumer($store);
        }
        $this->_token_key = $this->session_key_prefix . $this->_token_suffix;
@ -281,7 +281,7 @@ class Auth_OpenID_Consumer {
     *
     * @access private
     */
-    function getDiscoveryObject(&$session, $openid_url,
+    function getDiscoveryObject($session, $openid_url,
                                $session_key_prefix)
    {
        return new Auth_Yadis_Discovery($session, $openid_url,
@ -339,7 +339,7 @@ class Auth_OpenID_Consumer {
                                           $this->consumer->fetcher);
        // Reset the 'stale' attribute of the manager.
-        $m =& $disco->getManager();
+        $m = $disco->getManager();
        if ($m) {
            $m->stale = false;
            $disco->session->set($disco->session_key,
@ -370,7 +370,7 @@ class Auth_OpenID_Consumer {
     * @return Auth_OpenID_AuthRequest $auth_request An OpenID
     * authentication request object.
     */
-    function &beginWithoutDiscovery($endpoint, $anonymous=false)
+    function beginWithoutDiscovery($endpoint, $anonymous=false)
    {
        $loader = new Auth_OpenID_ServiceEndpointLoader();
        $auth_req = $this->consumer->begin($endpoint);
@ -467,7 +467,7 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
    function getRequest()
    {
-        $math =& Auth_OpenID_getMathLib();
+        $math = Auth_OpenID_getMathLib();
        $cpub = $math->longToBase64($this->dh->public);
@ -496,7 +496,7 @@ class Auth_OpenID_DiffieHellmanSHA1ConsumerSession {
            return null;
        }
-        $math =& Auth_OpenID_getMathLib();
+        $math = Auth_OpenID_getMathLib();
        $spub = $math->base64ToLong($response->getArg(Auth_OpenID_OPENID_NS,
                                                      'dh_server_public'));
@ -611,11 +611,11 @@ class Auth_OpenID_GenericConsumer {
     * in the module description.  The default value is False, which
     * disables immediate mode.
     */
-    function Auth_OpenID_GenericConsumer(&$store)
+    function Auth_OpenID_GenericConsumer($store)
    {
-        $this->store =& $store;
+        $this->store = $store;
-        $this->negotiator =& Auth_OpenID_getDefaultNegotiator();
+        $this->negotiator = Auth_OpenID_getDefaultNegotiator();
-        $this->_use_assocs = ($this->store ? true : false);
+        $this->_use_assocs = (is_null($this->store) ? false : true);
        $this->fetcher = Auth_Yadis_Yadis::getHTTPFetcher();
@ -665,14 +665,14 @@ class Auth_OpenID_GenericConsumer {
        $method = Auth_OpenID::arrayGet($mode_methods, $mode,
                                        '_completeInvalid');
-        return call_user_func_array(array(&$this, $method),
+        return call_user_func_array(array($this, $method),
-                                    array($message, $endpoint, $return_to));
+                                    array($message, &$endpoint, $return_to));
    }
    /**
     * @access private
     */
-    function _completeInvalid($message, &$endpoint, $unused)
+    function _completeInvalid($message, $endpoint, $unused)
    {
        $mode = $message->getArg(Auth_OpenID_OPENID_NS, 'mode',
                                 '<No mode set>');
@ -684,7 +684,7 @@ class Auth_OpenID_GenericConsumer {
    /**
     * @access private
     */
-    function _complete_cancel($message, &$endpoint, $unused)
+    function _complete_cancel($message, $endpoint, $unused)
    {
        return new Auth_OpenID_CancelResponse($endpoint);
    }
@ -692,7 +692,7 @@ class Auth_OpenID_GenericConsumer {
    /**
     * @access private
     */
-    function _complete_error($message, &$endpoint, $unused)
+    function _complete_error($message, $endpoint, $unused)
    {
        $error = $message->getArg(Auth_OpenID_OPENID_NS, 'error');
        $contact = $message->getArg(Auth_OpenID_OPENID_NS, 'contact');
@ -705,7 +705,7 @@ class Auth_OpenID_GenericConsumer {
    /**
     * @access private
     */
-    function _complete_setup_needed($message, &$endpoint, $unused)
+    function _complete_setup_needed($message, $endpoint, $unused)
    {
        if (!$message->isOpenID2()) {
            return $this->_completeInvalid($message, $endpoint);
@ -719,7 +719,7 @@ class Auth_OpenID_GenericConsumer {
    /**
     * @access private
     */
-    function _complete_id_res($message, &$endpoint, $return_to)
+    function _complete_id_res($message, $endpoint, $return_to)
    {
        $user_setup_url = $message->getArg(Auth_OpenID_OPENID1_NS,
                                           'user_setup_url');
@ -1181,7 +1181,7 @@ class Auth_OpenID_GenericConsumer {
        // oidutil.log('Performing discovery on %s' % (claimed_id,))
        list($unused, $services) = call_user_func($this->discoverMethod,
                                                  $claimed_id,
-                                                  $this->fetcher);
+												  &$this->fetcher);
        if (!$services) {
            return new Auth_OpenID_FailureResponse(null,
@ -1197,7 +1197,7 @@ class Auth_OpenID_GenericConsumer {
     * @access private
     */
    function _verifyDiscoveryServices($claimed_id, 
-                                      &$services, &$to_match_endpoints)
+                                      $services, $to_match_endpoints)
    {
        // Search the services resulting from discovery to find one
        // that matches the information from the assertion
@ -1216,8 +1216,8 @@ class Auth_OpenID_GenericConsumer {
        }
        return new Auth_OpenID_FailureResponse(null,
-          sprintf('No matching endpoint found after discovering %s',
+          sprintf('No matching endpoint found after discovering %s: %s',
-                  $claimed_id));
+                  $claimed_id, $result->message));
    }
    /**
@ -1397,7 +1397,7 @@ class Auth_OpenID_GenericConsumer {
     *
     * @access private
     */
-    function _httpResponseToMessage($response, $server_url)
+    static function _httpResponseToMessage($response, $server_url)
    {
        // Should this function be named Message.fromHTTPResponse instead?
        $response_message = Auth_OpenID_Message::fromKVForm($response->body);
@ -1461,7 +1461,7 @@ class Auth_OpenID_GenericConsumer {
     *
     * @access private
     */
-    function _extractSupportedAssociationType(&$server_error, &$endpoint,
+    function _extractSupportedAssociationType($server_error, $endpoint,
                                              $assoc_type)
    {
        // Any error message whose code is not 'unsupported-type'
@ -1566,7 +1566,7 @@ class Auth_OpenID_GenericConsumer {
    /**
     * @access private
     */
-    function _extractAssociation(&$assoc_response, &$assoc_session)
+    function _extractAssociation($assoc_response, $assoc_session)
    {
        // Extract the common fields from the response, raising an
        // exception if they are not found
@ -1748,10 +1748,10 @@ class Auth_OpenID_AuthRequest {
     * class.  Instances of this class are created by the library when
     * needed.
     */
-    function Auth_OpenID_AuthRequest(&$endpoint, $assoc)
+    function Auth_OpenID_AuthRequest($endpoint, $assoc)
    {
        $this->assoc = $assoc;
-        $this->endpoint =& $endpoint;
+        $this->endpoint = $endpoint;
        $this->return_to_args = array();
        $this->message = new Auth_OpenID_Message(
            $endpoint->preferredNamespace());
@ -1764,7 +1764,7 @@ class Auth_OpenID_AuthRequest {
     * $extension_request: An object that implements the extension
     * request interface for adding arguments to an OpenID message.
     */
-    function addExtension(&$extension_request)
+    function addExtension($extension_request)
    {
        $extension_request->toMessage($this->message);
    }
@ -2089,7 +2089,7 @@ class Auth_OpenID_SuccessResponse extends Auth_OpenID_ConsumerResponse {
        foreach ($msg_args as $key => $value) {
            if (!$this->isSigned($ns_uri, $key)) {
-                return null;
+                unset($msg_args[$key]);
            }
        }
@ -2167,7 +2167,7 @@ class Auth_OpenID_ServerErrorContainer {
    /**
     * @access private
     */
-    function fromMessage($message)
+    static function fromMessage($message)
    {
        $error_text = $message->getArg(
           Auth_OpenID_OPENID_NS, 'error', '<no error message supplied>');
@ -2227,4 +2227,4 @@ class Auth_OpenID_SetupNeededResponse extends Auth_OpenID_ConsumerResponse {
    }
 }
-?>
+
--- a/extlib/Auth/OpenID/CryptUtil.php
+++ b/extlib/Auth/OpenID/CryptUtil.php
@ -37,7 +37,7 @@ class Auth_OpenID_CryptUtil {
     * @param int $num_bytes The length of the return value
     * @return string $bytes random bytes
     */
-    function getBytes($num_bytes)
+    static function getBytes($num_bytes)
    {
        static $f = null;
        $bytes = '';
@ -77,7 +77,7 @@ class Auth_OpenID_CryptUtil {
     * @return string $result A string of randomly-chosen characters
     * from $chrs
     */
-    function randomString($length, $population = null)
+    static function randomString($length, $population = null)
    {
        if ($population === null) {
            return Auth_OpenID_CryptUtil::getBytes($length);
@ -106,4 +106,3 @@ class Auth_OpenID_CryptUtil {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/DatabaseConnection.php
+++ b/extlib/Auth/OpenID/DatabaseConnection.php
@ -128,4 +128,3 @@ class Auth_OpenID_DatabaseConnection {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/DiffieHellman.php
+++ b/extlib/Auth/OpenID/DiffieHellman.php
@ -51,9 +51,9 @@ class Auth_OpenID_DiffieHellman {
                                       $private = null, $lib = null)
    {
        if ($lib === null) {
-            $this->lib =& Auth_OpenID_getMathLib();
+            $this->lib = Auth_OpenID_getMathLib();
        } else {
-            $this->lib =& $lib;
+            $this->lib = $lib;
        }
        if ($mod === null) {
@ -110,4 +110,4 @@ class Auth_OpenID_DiffieHellman {
    }
 }
-?>
+
--- a/extlib/Auth/OpenID/Discover.php
+++ b/extlib/Auth/OpenID/Discover.php
@ -28,8 +28,34 @@ function Auth_OpenID_getOpenIDTypeURIs()
                 Auth_OpenID_TYPE_2_0,
                 Auth_OpenID_TYPE_1_2,
                 Auth_OpenID_TYPE_1_1,
-                 Auth_OpenID_TYPE_1_0,
+                 Auth_OpenID_TYPE_1_0);
-                 Auth_OpenID_RP_RETURN_TO_URL_TYPE);
+}
 function Auth_OpenID_getOpenIDConsumerTypeURIs()
 {
    return array(Auth_OpenID_RP_RETURN_TO_URL_TYPE);
 }
 /*
 * Provides a user-readable interpretation of a type uri.
 * Useful for error messages.
 */
 function Auth_OpenID_getOpenIDTypeName($type_uri) {
    switch ($type_uri) {
    case Auth_OpenID_TYPE_2_0_IDP:
      return 'OpenID 2.0 IDP';
    case Auth_OpenID_TYPE_2_0:
      return 'OpenID 2.0';
    case Auth_OpenID_TYPE_1_2:
      return 'OpenID 1.2';
    case Auth_OpenID_TYPE_1_1:
      return 'OpenID 1.1';
    case Auth_OpenID_TYPE_1_0:
      return 'OpenID 1.0';
    case Auth_OpenID_RP_RETURN_TO_URL_TYPE:
      return 'OpenID relying party';
    }
 }
 /**
@ -124,7 +150,7 @@ class Auth_OpenID_ServiceEndpoint {
        return in_array(Auth_OpenID_TYPE_2_0_IDP, $this->type_uris);
    }
-    function fromOPEndpointURL($op_endpoint_url)
+    static function fromOPEndpointURL($op_endpoint_url)
    {
        // Construct an OP-Identifier OpenIDServiceEndpoint object for
        // a given OP Endpoint URL
@ -171,15 +197,34 @@ class Auth_OpenID_ServiceEndpoint {
        }
    }
    /*
     * Parse the given document as XRDS looking for OpenID consumer services.
     *
     * @return array of Auth_OpenID_ServiceEndpoint or null if the
     * document cannot be parsed.
     */
    function consumerFromXRDS($uri, $xrds_text)
    {
        $xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text);
        if ($xrds) {
            $yadis_services =
              $xrds->services(array('filter_MatchesAnyOpenIDConsumerType'));
            return Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services);
        }
        return null;
    }
    /*
     * Parse the given document as XRDS looking for OpenID services.
     *
     * @return array of Auth_OpenID_ServiceEndpoint or null if the
     * document cannot be parsed.
     */
-    function fromXRDS($uri, $xrds_text)
+    static function fromXRDS($uri, $xrds_text)
    {
-        $xrds =& Auth_Yadis_XRDS::parseXRDS($xrds_text);
+        $xrds = Auth_Yadis_XRDS::parseXRDS($xrds_text);
        if ($xrds) {
            $yadis_services =
@ -197,7 +242,7 @@ class Auth_OpenID_ServiceEndpoint {
     * @return array of Auth_OpenID_ServiceEndpoint or null if
     * endpoints cannot be created.
     */
-    function fromDiscoveryResult($discoveryResult)
+    static function fromDiscoveryResult($discoveryResult)
    {
        if ($discoveryResult->isXRDS()) {
            return Auth_OpenID_ServiceEndpoint::fromXRDS(
@ -210,7 +255,7 @@ class Auth_OpenID_ServiceEndpoint {
        }
    }
-    function fromHTML($uri, $html)
+    static function fromHTML($uri, $html)
    {
        $discovery_types = array(
                                 array(Auth_OpenID_TYPE_2_0,
@ -273,7 +318,7 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris)
    $service->parser->registerNamespace('xrd',
                                        Auth_Yadis_XMLNS_XRD_2_0);
-    $parser =& $service->parser;
+    $parser = $service->parser;
    $permitted_tags = array();
@ -305,7 +350,7 @@ function Auth_OpenID_findOPLocalIdentifier($service, $type_uris)
    return $local_id;
 }
-function filter_MatchesAnyOpenIDType(&$service)
+function filter_MatchesAnyOpenIDType($service)
 {
    $uris = $service->getTypes();
@ -318,6 +363,19 @@ function filter_MatchesAnyOpenIDType(&$service)
    return false;
 }
 function filter_MatchesAnyOpenIDConsumerType(&$service)
 {
    $uris = $service->getTypes();
    foreach ($uris as $uri) {
        if (in_array($uri, Auth_OpenID_getOpenIDConsumerTypeURIs())) {
            return true;
        }
    }
    return false;
 }
 function Auth_OpenID_bestMatchingService($service, $preferred_types)
 {
    // Return the index of the first matching type, or something
@ -415,7 +473,7 @@ function Auth_OpenID_makeOpenIDEndpoints($uri, $yadis_services)
    return $s;
 }
-function Auth_OpenID_discoverWithYadis($uri, &$fetcher,
+function Auth_OpenID_discoverWithYadis($uri, $fetcher,
              $endpoint_filter='Auth_OpenID_getOPOrUserServices',
              $discover_function=null)
 {
@ -433,12 +491,12 @@ function Auth_OpenID_discoverWithYadis($uri, &$fetcher,
    $openid_services = array();
    $response = call_user_func_array($discover_function,
-                                     array($uri, &$fetcher));
+                                     array($uri, $fetcher));
    $yadis_url = $response->normalized_uri;
    $yadis_services = array();
-    if ($response->isFailure()) {
+    if ($response->isFailure() && !$response->isXRDS()) {
        return array($uri, array());
    }
@ -460,18 +518,18 @@ function Auth_OpenID_discoverWithYadis($uri, &$fetcher,
    }
    $openid_services = call_user_func_array($endpoint_filter,
-                                            array(&$openid_services));
+                                            array($openid_services));
    return array($yadis_url, $openid_services);
 }
-function Auth_OpenID_discoverURI($uri, &$fetcher)
+function Auth_OpenID_discoverURI($uri, $fetcher)
 {
    $uri = Auth_OpenID::normalizeUrl($uri);
    return Auth_OpenID_discoverWithYadis($uri, $fetcher);
 }
-function Auth_OpenID_discoverWithoutYadis($uri, &$fetcher)
+function Auth_OpenID_discoverWithoutYadis($uri, $fetcher)
 {
    $http_resp = @$fetcher->get($uri);
@ -490,7 +548,7 @@ function Auth_OpenID_discoverWithoutYadis($uri, &$fetcher)
    return array($identity_url, $openid_services);
 }
-function Auth_OpenID_discoverXRI($iname, &$fetcher)
+function Auth_OpenID_discoverXRI($iname, $fetcher)
 {
    $resolver = new Auth_Yadis_ProxyResolver($fetcher);
    list($canonicalID, $yadis_services) =
@ -513,7 +571,7 @@ function Auth_OpenID_discoverXRI($iname, &$fetcher)
    return array($iname, $openid_services);
 }
-function Auth_OpenID_discover($uri, &$fetcher)
+function Auth_OpenID_discover($uri, $fetcher)
 {
    // If the fetcher (i.e., PHP) doesn't support SSL, we can't do
    // discovery on an HTTPS URL.
@ -545,4 +603,4 @@ function Auth_OpenID_discover($uri, &$fetcher)
    return $result;
 }
-?>
+
--- a/extlib/Auth/OpenID/DumbStore.php
+++ b/extlib/Auth/OpenID/DumbStore.php
@ -97,4 +97,3 @@ class Auth_OpenID_DumbStore extends Auth_OpenID_OpenIDStore {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/Extension.php
+++ b/extlib/Auth/OpenID/Extension.php
@ -39,7 +39,7 @@ class Auth_OpenID_Extension {
     *
     * Returns the message with the extension arguments added.
     */
-    function toMessage(&$message)
+    function toMessage($message)
    {
        $implicit = $message->isOpenID1();
        $added = $message->namespaces->addAlias($this->ns_uri,
@ -59,4 +59,3 @@ class Auth_OpenID_Extension {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/FileStore.php
+++ b/extlib/Auth/OpenID/FileStore.php
@ -367,7 +367,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
        }
        if ( abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
-            return False;
+            return false;
        }
        if ($server_url) {
@ -519,7 +519,7 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
    /**
     * @access private
     */
-    function _mkdtemp($dir)
+    static function _mkdtemp($dir)
    {
        foreach (range(0, 4) as $i) {
            $name = $dir . strval(DIRECTORY_SEPARATOR) . strval(getmypid()) .
@ -615,4 +615,4 @@ class Auth_OpenID_FileStore extends Auth_OpenID_OpenIDStore {
    }
 }
-?>
+
--- a/extlib/Auth/OpenID/HMAC.php
+++ b/extlib/Auth/OpenID/HMAC.php
@ -96,4 +96,3 @@ if (function_exists('hash_hmac') &&
    define('Auth_OpenID_HMACSHA256_SUPPORTED', false);
 }
 ?>
--- a/extlib/Auth/OpenID/Interface.php
+++ b/extlib/Auth/OpenID/Interface.php
@ -194,4 +194,3 @@ class Auth_OpenID_OpenIDStore {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/KVForm.php
+++ b/extlib/Auth/OpenID/KVForm.php
@ -26,7 +26,7 @@ class Auth_OpenID_KVForm {
     * @static
     * @access private
     */
-    function toArray($kvs, $strict=false)
+    static function toArray($kvs, $strict=false)
    {
        $lines = explode("\n", $kvs);
@ -78,7 +78,7 @@ class Auth_OpenID_KVForm {
     * @static
     * @access private
     */
-    function fromArray($values)
+    static function fromArray($values)
    {
        if ($values === null) {
            return null;
@ -109,4 +109,3 @@ class Auth_OpenID_KVForm {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/MemcachedStore.php
+++ b/extlib/Auth/OpenID/MemcachedStore.php
@ -205,4 +205,3 @@ class Auth_OpenID_MemcachedStore extends Auth_OpenID_OpenIDStore {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/Message.php
+++ b/extlib/Auth/OpenID/Message.php
@ -143,7 +143,7 @@ class Auth_OpenID_Mapping {
     * Returns true if $thing is an Auth_OpenID_Mapping object; false
     * if not.
     */
-    function isA($thing)
+    static function isA($thing)
    {
        return (is_object($thing) &&
                strtolower(get_class($thing)) == 'auth_openid_mapping');
@ -442,7 +442,7 @@ class Auth_OpenID_Message {
        return $this->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS;
    }
-    function fromPostArgs($args)
+    static function fromPostArgs($args)
    {
        // Construct a Message containing a set of POST arguments
        $obj = new Auth_OpenID_Message();
@ -477,7 +477,7 @@ class Auth_OpenID_Message {
        }
    }
-    function fromOpenIDArgs($openid_args)
+    static function fromOpenIDArgs($openid_args)
    {
        // Takes an array.
@ -594,7 +594,7 @@ class Auth_OpenID_Message {
        return $this->_openid_ns_uri;
    }
-    function fromKVForm($kvform_string)
+    static function fromKVForm($kvform_string)
    {
        // Create a Message from a KVForm string
        return Auth_OpenID_Message::fromOpenIDArgs(
@ -917,4 +917,4 @@ class Auth_OpenID_Message {
    }
 }
-?>
+
--- a/extlib/Auth/OpenID/MySQLStore.php
+++ b/extlib/Auth/OpenID/MySQLStore.php
@ -75,4 +75,3 @@ class Auth_OpenID_MySQLStore extends Auth_OpenID_SQLStore {
    }
 }
 ?>
--- a/extlib/Auth/OpenID/Nonce.php
+++ b/extlib/Auth/OpenID/Nonce.php
@ -106,4 +106,3 @@ function Auth_OpenID_mkNonce($when = null)
    return $time_str . $salt;
 }
 ?>
--- a/extlib/Auth/OpenID/PAPE.php
+++ b/extlib/Auth/OpenID/PAPE.php
@ -21,7 +21,7 @@ define('PAPE_AUTH_PHISHING_RESISTANT',
       'http://schemas.openid.net/pape/policies/2007/06/phishing-resistant');
 define('PAPE_TIME_VALIDATOR',
-       '^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$');
+      '/^[0-9]{4,4}-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z$/');
 /**
 * A Provider Authentication Policy request, sent from a relying party
 * to a provider
@ -82,7 +82,7 @@ class Auth_OpenID_PAPE_Request extends Auth_OpenID_Extension {
     * Instantiate a Request object from the arguments in a checkid_*
     * OpenID message
     */
-    function fromOpenIDRequest($request)
+    static function fromOpenIDRequest($request)
    {
        $obj = new Auth_OpenID_PAPE_Request();
        $args = $request->message->getArgs(Auth_OpenID_PAPE_NS_URI);
@ -201,7 +201,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
     * @returns: A provider authentication policy response from the
     * data that was supplied with the id_res response.
     */
-    function fromSuccessResponse($success_response)
+    static function fromSuccessResponse($success_response)
    {
        $obj = new Auth_OpenID_PAPE_Response();
@ -262,7 +262,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
        $auth_time = Auth_OpenID::arrayGet($args, 'auth_time');
        if ($auth_time !== null) {
-            if (ereg(PAPE_TIME_VALIDATOR, $auth_time)) {
+            if (preg_match(PAPE_TIME_VALIDATOR, $auth_time)) {
                $this->auth_time = $auth_time;
            } else if ($strict) {
                return false;
@ -287,7 +287,7 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
        }
        if ($this->auth_time !== null) {
-            if (!ereg(PAPE_TIME_VALIDATOR, $this->auth_time)) {
+            if (!preg_match(PAPE_TIME_VALIDATOR, $this->auth_time)) {
                return false;
            }
@ -298,4 +298,3 @@ class Auth_OpenID_PAPE_Response extends Auth_OpenID_Extension {
    }
 }
 ?>
--- a/Show More
+++ b/Show More