diff --git a/actions/apisearchjson.php b/actions/apisearchjson.php
index 79b2666554..612dbdda5c 100644
--- a/actions/apisearchjson.php
+++ b/actions/apisearchjson.php
@@ -89,6 +89,12 @@ class ApiSearchJSONAction extends ApiPrivateAuthAction
         $this->since_id = $this->trimmed('since_id');
         $this->geocode  = $this->trimmed('geocode');
 
+        if (!empty($this->auth_user)) {
+            $this->auth_profile = $this->auth_user->getProfile();
+        } else {
+            $this->auth_profile = null;
+        }
+
         return true;
     }
 
@@ -112,20 +118,27 @@ class ApiSearchJSONAction extends ApiPrivateAuthAction
      */
     function showResults()
     {
-        // TODO: Support search operators like from: and to:, boolean, etc.
-
-        $notice = new Notice();
-
-        // lcase it for comparison
         $q = strtolower($this->query);
 
-        $search_engine = $notice->getSearchEngine('notice');
-        $search_engine->set_sort_mode('chron');
-        $search_engine->limit(($this->page - 1) * $this->rpp, $this->rpp + 1, true);
-        if (false === $search_engine->query($q)) {
-            $cnt = 0;
+        // TODO: Support search operators like from: and to:, boolean, etc.
+
+        if (preg_match('/^#([\pL\pN_\-\.]{1,64})$/ue', $q)) {
+            $stream = new TagNoticeStream(substr($q, 1), $this->auth_profile);
+        } else if ($this->isAnURL($q)) {
+            $canon = File_redirection::_canonUrl($q);
+            $file = File::staticGet('url', $canon);
+            if (!empty($file)) {
+                $stream = new FileNoticeStream($file, $this->auth_profile);
+            }
         } else {
-            $cnt = $notice->find();
+            $stream = new SearchNoticeStream($q, $this->auth_profile);
+        }
+
+        if (empty($stream)) {
+            // XXX: This is hackish, but need some simple way to say "There's no results"
+            $notice = new ArrayWrapper(array());
+        } else {
+            $notice = $stream->getNotices(($this->page - 1) * $this->rpp, $this->rpp + 1);
         }
 
         // TODO: max_id, lang, geocode
@@ -137,6 +150,47 @@ class ApiSearchJSONAction extends ApiPrivateAuthAction
         $this->endDocument('json');
     }
 
+    function isAnURL($q) {
+        $regex = '#^'.
+            '(?:^|[\s\<\>\(\)\[\]\{\}\\\'\\\";]+)(?![\@\!\#])'.
+            '('.
+            '(?:'.
+            '(?:'. //Known protocols
+            '(?:'.
+            '(?:(?:https?|ftps?|mms|rtsp|gopher|news|nntp|telnet|wais|file|prospero|webcal|irc)://)'.
+            '|'.
+            '(?:(?:mailto|aim|tel|xmpp):)'.
+            ')'.
+            '(?:[\pN\pL\-\_\+\%\~]+(?::[\pN\pL\-\_\+\%\~]+)?\@)?'. //user:pass@
+            '(?:'.
+            '(?:'.
+            '\[[\pN\pL\-\_\:\.]+(?<![\.\:])\]'. //[dns]
+            ')|(?:'.
+            '[\pN\pL\-\_\:\.]+(?<![\.\:])'. //dns
+            ')'.
+            ')'.
+            ')'.
+            '|(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'. //IPv4
+            '|(?:'. //IPv6
+            '\[?(?:(?:(?:[0-9A-Fa-f]{1,4}:){7}(?:(?:[0-9A-Fa-f]{1,4})|:))|(?:(?:[0-9A-Fa-f]{1,4}:){6}(?::|(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})|(?::[0-9A-Fa-f]{1,4})))|(?:(?:[0-9A-Fa-f]{1,4}:){5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){4}(?::[0-9A-Fa-f]{1,4}){0,1}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){3}(?::[0-9A-Fa-f]{1,4}){0,2}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:){2}(?::[0-9A-Fa-f]{1,4}){0,3}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:[0-9A-Fa-f]{1,4}:)(?::[0-9A-Fa-f]{1,4}){0,4}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?::(?::[0-9A-Fa-f]{1,4}){0,5}(?:(?::(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})?)|(?:(?::[0-9A-Fa-f]{1,4}){1,2})))|(?:(?:(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})(?:\.(?:25[0-5]|2[0-4]\d|[01]?\d{1,2})){3})))\]?(?<!:)'.
+            ')|(?:'. //DNS
+            '(?:[\pN\pL\-\_\+\%\~]+(?:\:[\pN\pL\-\_\+\%\~]+)?\@)?'. //user:pass@
+            '[\pN\pL\-\_]+(?:\.[\pN\pL\-\_]+)*\.'.
+            //tld list from http://data.iana.org/TLD/tlds-alpha-by-domain.txt, also added local, loc, and onion
+            '(?:AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XN--0ZWM56D|测试|XN--11B5BS3A9AJ6G|परीक्षा|XN--80AKHBYKNJ4F|испытание|XN--9T4B11YI5A|테스트|XN--DEBA0AD|טעסט|XN--G6W251D|測試|XN--HGBK6AJ7F53BBA|آزمایشی|XN--HLCJ6AYA9ESC7A|பரிட்சை|XN--JXALPDLP|δοκιμή|XN--KGBECHTV|إختبار|XN--ZCKZAH|テスト|YE|YT|YU|ZA|ZM|ZW|local|loc|onion)'.
+            ')(?![\pN\pL\-\_])'.
+            ')'.
+            '(?:'.
+            '(?:\:\d+)?'. //:port
+            '(?:/[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@]*)?'. // /path
+            '(?:\?[\pN\pL\$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'@\/]*)?'. // ?query string
+            '(?:\#[\pN\pL$\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\+\'\@/\?\#]*)?'. // #fragment
+            ')(?<![\?\.\,\#\,])'.
+            ')'.
+            '$#ixu';
+        return preg_match($regex, $q);
+    }
+
     /**
      * Do we need to write to the database?
      *
diff --git a/classes/Notice.php b/classes/Notice.php
index 2c404e2550..bab9a0dbfd 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -1031,9 +1031,15 @@ class Notice extends Managed_DataObject
             }
 
             foreach ($ni as $id => $source) {
-                $user = User::staticGet('id', $id);
-                if (empty($user) || $user->hasBlocked($profile) ||
-                    ($originalProfile && $user->hasBlocked($originalProfile))) {
+                try {
+                    $user = User::staticGet('id', $id);
+                    if (empty($user) ||
+                        $user->hasBlocked($profile) ||
+                        ($originalProfile && $user->hasBlocked($originalProfile))) {
+                        unset($ni[$id]);
+                    }
+                } catch (UserNoProfileException $e) {
+                    // User doesn't have a profile; invalid; skip them.
                     unset($ni[$id]);
                 }
             }
diff --git a/lib/filenoticestream.php b/lib/filenoticestream.php
index fba6183fc2..f7bca1ed68 100644
--- a/lib/filenoticestream.php
+++ b/lib/filenoticestream.php
@@ -42,7 +42,7 @@ class FileNoticeStream extends ScopingNoticeStream
             $profile = Profile::current();
         }
         parent::__construct(new CachingNoticeStream(new RawFileNoticeStream($file),
-                                                    'file:notice-ids:'.$this->url),
+                                                    'file:notice-ids:'.$file->id),
                             $profile);
     }
 }