Merge branch 'hotfix/0.7.18.2'

This fix was heavily inspired by Mastodon's fix for GHSA-9928-3cp5-93fm.
So, thank you Cure53 for finding this issue, thank you Mozilla for
paying Cure53 to look into it, and thanks for Mastodon for fixing it.

.eslintrc

@@ -10,16 +10,17 @@
     "autosize": false,
     "Backbone": false,
     "Bloodhound": false,
+    "blueimp": false,
     "gon": false,
     "Handlebars": false,
     "HandlebarsTemplates": false,
     "ImagePaths": false,
     "jsxc": false,
     "L": false,
-    "Routes": false,
     "OSM": false,
+    "PerfectScrollbar": false,
     "qq": false,
-    "blueimp": false,
+    "Routes": false,
 
     "loginAs": true,
     "logout": true,

.github/workflows/ci.yml

@@ -0,0 +1,63 @@
+name: CI
+on:
+  push:
+    branches:
+      - develop
+      - next-minor
+      - main
+      - master
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 2.7
+          - 2.6
+        db:
+          - mysql
+          - postgresql
+        kind:
+          - cucumber
+          - other
+    env:
+      DB: ${{ matrix.db }}
+      RAILS_ENV: test
+      BUNDLE_WITH: ${{ matrix.db }}
+      BUNDLE_WITHOUT: development
+      BUNDLE_FROZEN: true
+      BUNDLE_DISABLE_SHARED_GEMS: true
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        ports:
+          - 5432:5432
+    steps:
+      - name: Install system dependencies
+        run: sudo apt update && sudo apt install -y build-essential curl git gsfonts imagemagick libcurl4-openssl-dev libidn11-dev libmagickwand-dev libssl-dev libxml2-dev libxslt1-dev
+      - name: Start MySQL
+        run: sudo systemctl start mysql.service
+        if: matrix.db == 'mysql'
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Prepare
+        run: script/ci/prepare.sh
+      - name: Run tests
+        run: bin/rake --trace ci:${{ matrix.kind }}
+      - name: Run Jasmine
+        run: bin/rake jasmine:ci
+        timeout-minutes: 2
+        if: matrix.kind == 'other'

.gitignore

@@ -9,6 +9,7 @@ app/views/terms/terms.*
 app/assets/images/custom/
 
 # Configuration files
+config/diaspora.toml
 config/diaspora.yml
 config/initializers/secret_token.rb
 .bundle
@@ -16,6 +17,7 @@ vendor/bundle/
 vendor/cache/
 config/database.yml
 config/oidc_key.pem
+config/schedule.yml
 
 # Generated files
 log/
@@ -50,9 +52,9 @@ public/source.tar*
 tmp/
 
 # Temporary files of every sort
+.byebug_history
 .sass-cache/
 .DS_Store
-.idea
 .redcar
 .stgit*
 *.swap
@@ -71,6 +73,8 @@ capybara-*.html
 *.rbc
 
 # IDE
+.idea
+.vscode
 diaspora.iml
 
 # Dolphin's directory's preferences files
@@ -78,3 +82,9 @@ diaspora.iml
 
 # WebTranslateIt
 .wti
+
+# MacOS
+/__MACOSX/
+
+# yarn
+node_modules

.rubocop.yml

@@ -1,23 +1,24 @@
+require: rubocop-rails
+
 AllCops:
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.6
+  NewCops: enable
   Exclude:
     - "bin/**/*"
     - "db/schema.rb"
-
-Rails:
-  Enabled: true
+    - "config/locales/cldr/plurals.rb"
 
 # Disable for rails 4
 Rails/HttpPositionalArguments:
   Enabled: false
 
 # Commonly used screens these days easily fit more than 80 characters.
-Metrics/LineLength:
+Layout/LineLength:
   Max: 120
 
 # Too short methods lead to extraction of single-use methods, which can make
 # the code easier to read (by naming things), but can also clutter the class
-Metrics/MethodLength: 
+Metrics/MethodLength:
   Max: 20
 
 # The guiding principle of classes is SRP, SRP can't be accurately measured by LoC
@@ -25,11 +26,17 @@ Metrics/ClassLength:
   Max: 1500
 Metrics/ModuleLength:
   Max: 1500
-  
-# Raise AbcSize from 15 to 20
+
+# Raise complexity metrics
 Metrics/AbcSize:
   Max: 20
 
+Metrics/CyclomaticComplexity:
+  Max: 20
+
+Metrics/PerceivedComplexity:
+  Max: 20
+
 # Some blocks are longer.
 Metrics/BlockLength:
   ExcludedMethods:
@@ -50,13 +57,19 @@ Layout/SpaceAroundEqualsInParameterDefault:
 # are needed.
 Style/StringLiterals:
   EnforcedStyle: double_quotes
+  Exclude:
+    # These files are generated by rails, so it's best to keep them close to the original for smaller diffs
+    - "config/application.rb"
+    - "config/boot.rb"
+    - "config/environment.rb"
+    - "config/environments/*.rb"
 
 # We do not need to support Ruby 1.9, so this is good to use.
 Style/SymbolArray:
   Enabled: true
 
 # Most readable form.
-Layout/AlignHash:
+Layout/HashAlignment:
   EnforcedHashRocketStyle: table
   EnforcedColonStyle: table
 
@@ -78,7 +91,6 @@ Style/CollectionMethods:
     # inject seems more common in the community.
     reduce: "inject"
 
-
 # Either allow this style or don't. Marking it as safe with parenthesis
 # is silly. Let's try to live without them for now.
 Style/ParenthesesAroundCondition:
@@ -87,7 +99,7 @@ Lint/AssignmentInCondition:
   AllowSafeAssignment: false
 
 # A specialized exception class will take one or more arguments and construct the message from it.
-# So both variants make sense. 
+# So both variants make sense.
 Style/RaiseArgs:
   Enabled: false
 
@@ -105,7 +117,7 @@ Style/SignalException:
 # Suppressing exceptions can be perfectly fine, and be it to avoid to
 # explicitly type nil into the rescue since that's what you want to return,
 # or suppressing LoadError for optional dependencies
-Lint/HandleExceptions:
+Lint/SuppressedException:
   Enabled: false
 
 Layout/SpaceInsideBlockBraces:
@@ -150,11 +162,11 @@ Lint/ShadowingOuterLocalVariable:
 
 # Check with yard instead.
 Style/Documentation:
-  Enabled: false 
+  Enabled: false
 
 # This is just silly. Calling the argument `other` in all cases makes no sense.
 Naming/BinaryOperatorParameterName:
-  Enabled: false 
+  Enabled: false
 
 # There are valid cases, for example debugging Cucumber steps,
 # also they'll fail CI anyway
@@ -168,3 +180,11 @@ Style/NumericPredicate:
 # Reset some HoundCI changes back to Rubocop defaults
 Layout/DotPosition:
   EnforcedStyle: leading
+
+# Not enabled by default but good
+Style/HashEachMethods:
+  Enabled: true
+
+# It makes more sense to allow to structure and group them how it makes sense in the code
+Style/AccessorGrouping:
+  Enabled: false

.ruby-version

@@ -1 +1 @@
-2.4
+2.7

.travis.yml

@@ -1,40 +0,0 @@
-language: ruby
-
-rvm:
-  - 2.4.2
-  - 2.3.5
-
-env:
-  - DB=postgresql BUILD_TYPE=cucumber
-  - DB=mysql BUILD_TYPE=cucumber
-  - DB=postgresql BUILD_TYPE=other
-  - DB=mysql BUILD_TYPE=other
-
-sudo: false
-cache:
-  bundler: true
-  directories:
-    - app/assets/images
-    - tmp/cache/assets
-
-branches:
-  only:
-    - 'master'
-    - 'next-minor'
-    - 'develop'
-
-before_install:
-  - script/ci/prepare.sh
-  - mkdir travis-phantomjs
-  - wget http://cifiles.diasporafoundation.org/phantomjs-2.1.1-linux-x86_64.tar.bz2 -O $PWD/travis-phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2
-  - tar -xvf $PWD/travis-phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 -C $PWD/travis-phantomjs
-  - export PATH=$PWD/travis-phantomjs/phantomjs-2.1.1-linux-x86_64/bin:$PATH
-
-script: "bin/rake --trace ci:travis:${BUILD_TYPE}"
-
-notifications:
-  irc:
-    channels:
-      - secure: YvYkeTAw+5oOl/RaXVwu7JkKGNWPoFosNQRmLvJkBFbWzZ1s5LZD1u3+Qj819bT3lGzJu9pxmJg765IRYrGWmBi4mcAV3dpO6qowVdFTcorf0JsnLw3Kvkga9rrDunsRNr21KTAQqHOO5mKUzw9DtMzd52BiWuZwIj3xcl72gQI=
-    template:
-      - "%{repository_slug}#%{commit} (%{branch} - %{commit_subject}): %{message} %{build_url}"

Changelog.md

@@ -1,3 +1,248 @@
+# 0.7.18.2
+
+To avoid potential security issues, diaspora\* now makes sure that ImageMagick image processing always runs with a restricted `policy.xml`, regardless of the global system settings.
+
+# 0.7.18.1
+
+## Bug fixes
+* Update binstubs to fix diaspora\* being unable to start when multiple bundler versions were available [#8392](https://github.com/diaspora/diaspora/pull/8392/commits/bfd42a1914a99ac9c71ecb16bbf6fa5bb118148a)
+
+# 0.7.18.0
+
+## Refactor
+* Fix order-dependent jasmine test failures and switch to random order [#8333](https://github.com/diaspora/diaspora/pull/8333)
+* Get rid of some uses of "execute\_script" in feature specs [#8331](https://github.com/diaspora/diaspora/pull/8331)
+* Fix deprecation warnings for sidekiq 7.0 [#8359](https://github.com/diaspora/diaspora/pull/8359)
+* Remove entypo-rails dependency to prepare for rails 6 [#8361](https://github.com/diaspora/diaspora/pull/8361)
+* Remove compass-rails dependency which is not supported anymore [#8362](https://github.com/diaspora/diaspora/pull/8362)
+* Switch to sassc-rails which speeds up `assets:precompile` a lot [#8362](https://github.com/diaspora/diaspora/pull/8362)
+* Remove markerb dependency which doesn't exist anymore [#8365](https://github.com/diaspora/diaspora/pull/8365)
+* Upgrade to rails 6.1 [#8366](https://github.com/diaspora/diaspora/pull/8366)
+* Update the suggested Ruby version to 2.7. If you run into trouble during the update and you followed our installation guides, run `rvm install 2.7`. [#8366](https://github.com/diaspora/diaspora/pull/8366)
+* Upgrade to bundler 2 [#8366](https://github.com/diaspora/diaspora/pull/8366)
+* Stop checking `/.well-known/host-meta`, check for `/.well-known/nodeinfo` instead [#8377](https://github.com/diaspora/diaspora/pull/8377)
+* Handle NodeInfo timeouts gracefully [#8380](https://github.com/diaspora/diaspora/pull/8380)
+
+## Bug fixes
+* Fix that no mails were sent after photo export [#8365](https://github.com/diaspora/diaspora/pull/8365)
+* Fix people with quotes in the name causing issues with mail sender [#8365](https://github.com/diaspora/diaspora/pull/8365)
+
+## Features
+* Render posts and comments as HTML in HTML mails [#8365](https://github.com/diaspora/diaspora/pull/8365)
+* Add NodeInfo 2.1 support and also read newer versions of NodeInfo [#8379](https://github.com/diaspora/diaspora/pull/8379)
+
+# 0.7.17.0
+
+## Security
+* Bump Rails to 5.2.7 to address [CVE-2022-22577](https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533) and [CVE-2022-27777](https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534) [#8350](https://github.com/diaspora/diaspora/pull/8350)
+* Do not allow the user to mass assign their own password and 2fa settings alongside other parameters. Reported by Breno Vitório (@brenu) - thank you! [#8351](https://github.com/diaspora/diaspora/pull/8351)
+
+## Bug fixes
+* Don't suggest to retry exports on failure [#8343](https://github.com/diaspora/diaspora/pull/8343)
+
+# 0.7.16.0
+
+## Security
+
+* Update rails to fix [CVE-2022-23633](https://github.com/advisories/GHSA-wh98-p28r-vrc9) [#8336](https://github.com/diaspora/diaspora/pull/8336)
+
+## Refactor
+* Cache local posts/comments count for statistics [#8241](https://github.com/diaspora/diaspora/pull/8241)
+* Fix html-syntax in some handlebars templates [#8251](https://github.com/diaspora/diaspora/pull/8251)
+* Remove `chat_enabled` flag from archive export [#8265](https://github.com/diaspora/diaspora/pull/8265)
+* Change thumbnails in image slideshow to squares [#8275](https://github.com/diaspora/diaspora/pull/8275)
+* Replace uglifier with terser for JS compression [#8268](https://github.com/diaspora/diaspora/pull/8268)
+
+## Bug fixes
+* Ensure the log folder exists [#8287](https://github.com/diaspora/diaspora/pull/8287)
+* Limit name length in header [#8313](https://github.com/diaspora/diaspora/pull/8313)
+* Fix fallback avatar in hovercards [#8316](https://github.com/diaspora/diaspora/pull/8316)
+* Use old person private key for export if relayable author migrated away [#8310](https://github.com/diaspora/diaspora/pull/8310)
+
+## Features
+* Add tags to tumblr posts [#8244](https://github.com/diaspora/diaspora/pull/8244)
+* Add blocks to the archive export [#8263](https://github.com/diaspora/diaspora/pull/8263)
+* Allow points and dashes in the username [#8266](https://github.com/diaspora/diaspora/pull/8266)
+* Add support for footnotes in markdown [#8277](https://github.com/diaspora/diaspora/pull/8277)
+* Send `AccountMigration` if receiving message to a migrated account [#8288](https://github.com/diaspora/diaspora/pull/8288)
+* Add podmin mail address to the footer [#8242](https://github.com/diaspora/diaspora/pull/8242)
+* Add username to password-reset mail [#8037](https://github.com/diaspora/diaspora/pull/8037)
+* Resend account migration and deletion for closed recipients [#8309](https://github.com/diaspora/diaspora/pull/8309)
+* Add sharing status to hovercards [#8317](https://github.com/diaspora/diaspora/pull/8317)
+* Migrate photo URLs and cleanup old uploaded photos [#8314](https://github.com/diaspora/diaspora/pull/8314)
+
+# 0.7.15.0
+
+## Refactor
+* Replaced some `http://` links in the UI with their `https://` counterparts [#8207](https://github.com/diaspora/diaspora/pull/8207)
+* Testing: Replaced phantomjs with headless Chrome/Chromium [#8234](https://github.com/diaspora/diaspora/pull/8234)
+
+## Bug fixes
+* Update comment counter when weleting a comment in the Single Post View [#7938](https://github.com/diaspora/diaspora/pull/7938)
+* Link diaspora only poduptime list [#8174](https://github.com/diaspora/diaspora/pull/8174)
+* Delete a user's invitation code during account deletion [#8202](https://github.com/diaspora/diaspora/pull/8202)
+* Bump mimemagic [#8231](https://github.com/diaspora/diaspora/pull/8231)
+* Removed support for defunct Uni Heidelberg OSM tile server, Mapbox is now required if you want to show maps [#8215](https://github.com/diaspora/diaspora/pull/8215)
+* Render only two fractional digits in the posts per user/day admin statistics [#8227](https://github.com/diaspora/diaspora/pull/8227)
+* Make aspect dropdowns scrollable [#8213](https://github.com/diaspora/diaspora/pull/8213)
+* Fix `Photo#ownserhip_of_status_message` validation [#8214](https://github.com/diaspora/diaspora/pull/8214)
+
+## Features
+* Support and recommend TOML as configuration format [#8132](https://github.com/diaspora/diaspora/pull/8132)
+
+# 0.7.14.0
+
+## Refactor
+* Update the suggested Ruby version to 2.6. If you run into trouble during the update and you followed our installation guides, run `rvm install 2.6`. [#7929](https://github.com/diaspora/diaspora/pull/7929)
+
+## Bug fixes
+* Don't link to deleted users in admin user stats [#8063](https://github.com/diaspora/diaspora/pull/8063)
+* Properly validate a profile's gender field length instead of failing with a database error. [#8127](https://github.com/diaspora/diaspora/pull/8127)
+
+## Features
+
+# 0.7.13.0
+
+## Security
+* Fixes [USN-4274-1](https://usn.ubuntu.com/4274-1/), a potential Denial-of-Service vulnerability in Nokogiri. [#8108](https://github.com/diaspora/diaspora/pull/8108)
+
+## Refactor
+* Set better example values for unicorn stdout/stderr log settings [#8058](https://github.com/diaspora/diaspora/pull/8058)
+* Replace dependency on rails-assets.org with custom gems cache at gems.diasporafoundation.org [#8087](https://github.com/diaspora/diaspora/pull/8087)
+
+## Bug fixes
+* Fix error while trying to fetch some sites with invalid OpenGraph data [#8049](https://github.com/diaspora/diaspora/pull/8049)
+* Don't show sign up link on mobile when registrations are disabled [#8060](https://github.com/diaspora/diaspora/pull/8060)
+
+## Features
+* Add cronjob to cleanup pending photos which were never posted [#8041](https://github.com/diaspora/diaspora/pull/8041)
+
+# 0.7.12.0
+
+## Refactor
+* Harmonize markdown titles sizes [#8029](https://github.com/diaspora/diaspora/pull/8029)
+
+## Bug fixes
+* Improve handling of mixed case hostnames while fetching OpenGraph data [#8021](https://github.com/diaspora/diaspora/pull/8021)
+* Fix "remember me" with two factor authentication enabled [#8031](https://github.com/diaspora/diaspora/pull/8031)
+
+## Features
+* Add line mentioning diaspora\* on the splash page [#7966](https://github.com/diaspora/diaspora/pull/7966)
+* Improve communication about signing up on closed pods [#7896](https://github.com/diaspora/diaspora/pull/7896)
+
+# 0.7.11.0
+
+## Refactor
+* Enable paranoid mode for devise [#8003](https://github.com/diaspora/diaspora/pull/8003)
+* Refactor likes cucumber test [#8002](https://github.com/diaspora/diaspora/pull/8002)
+
+## Bug fixes
+* Fix old photos without remote url for export [#8012](https://github.com/diaspora/diaspora/pull/8012)
+
+## Features
+* Add a manifest.json file as a first step to make diaspora\* a Progressive Web App [#7998](https://github.com/diaspora/diaspora/pull/7998)
+* Allow `web+diaspora://` links to link to a profile with only the diaspora ID [#8000](https://github.com/diaspora/diaspora/pull/8000)
+* Support TOTP two factor authentication [#7751](https://github.com/diaspora/diaspora/pull/7751)
+
+# 0.7.10.0
+
+## Refactor
+* Replace dandelion.jpg with a public domain photo [#7976](https://github.com/diaspora/diaspora/pull/7976)
+
+## Bug fixes
+* Fix incorrect post sorting on tag streams and tag searches for tags containing the word "activity" [#7959](https://github.com/diaspora/diaspora/issues/7959)
+
+# 0.7.9.0
+
+## Refactor
+* Improve public stream performance and cleanup unused indexes [#7944](https://github.com/diaspora/diaspora/pull/7944)
+* Improve wording of "Toggle mobile" [#7926](https://github.com/diaspora/diaspora/pull/7926)
+
+## Bug fixes
+* Do not autofollow back a user you are ignoring [#7913](https://github.com/diaspora/diaspora/pull/7913)
+* Fix photos gallery when too many thumbnails are shown [#7943](https://github.com/diaspora/diaspora/pull/7943)
+* Fix extended profile visibility switch showing the wrong state [#7955](https://github.com/diaspora/diaspora/pull/7955)
+
+## Features
+* Support ignore users on mobile [#7884](https://github.com/diaspora/diaspora/pull/7884)
+
+# 0.7.8.0
+
+## Refactor
+* Make setting up a development environment 9001% easier by adding a Docker-based setup [#7870](https://github.com/diaspora/diaspora/pull/7870)
+* Improve `web+diaspora://` handler description [#7909](https://github.com/diaspora/diaspora/pull/7909)
+* Move comment timestamp next to author name [#7905](https://github.com/diaspora/diaspora/pull/7905)
+* Sharpen small and medium thumbnails [#7924](https://github.com/diaspora/diaspora/pull/7924)
+* Show full-res image in Desktop's full-screen image view [#7890](https://github.com/diaspora/diaspora/pull/7890)
+
+## Bug fixes
+* Ignore invalid URLs for camo [#7922](https://github.com/diaspora/diaspora/pull/7922)
+* Unliking a post did not update the participation icon without a reload [#7882](https://github.com/diaspora/diaspora/pull/7882)
+* Fix broken Instagram embedding [#7920](https://github.com/diaspora/diaspora/pull/7920)
+
+## Features
+* Add the ability to assign roles in the admin panel [#7868](https://github.com/diaspora/diaspora/pull/7868)
+* Improve memory usage with libjemalloc if available [#7919](https://github.com/diaspora/diaspora/pull/7919)
+
+# 0.7.7.1
+
+Fixes a potential cross-site scripting issue with maliciously crafted OpenGraph metadata on the mobile interface.
+
+# 0.7.7.0
+
+## Refactor
+* Remove mention of deprecated `statistic.json` [#7867](https://github.com/diaspora/diaspora/pull/7867)
+* Add quotes in `database.yml.example` to fields that may contain special characters [#7875](https://github.com/diaspora/diaspora/pull/7875)
+* Removed broken, and thus deprecated, Facebook integration [#7874](https://github.com/diaspora/diaspora/pull/7874)
+
+## Bug fixes
+* Add compatibility with macOS to `script/configure_bundler` [#7830](https://github.com/diaspora/diaspora/pull/7830)
+* Fix comment and like notifications on posts without text [#7857](https://github.com/diaspora/diaspora/pull/7857) [#7853](https://github.com/diaspora/diaspora/pull/7853)
+* Fix issue with some language fallbacks not working correctly [#7861](https://github.com/diaspora/diaspora/pull/7861)
+* Make sure URLs are encoded before sending them to camo [#7871](https://github.com/diaspora/diaspora/pull/7871)
+
+## Features
+* Add `web+diaspora://` link handler [#7826](https://github.com/diaspora/diaspora/pull/7826)
+
+# 0.7.6.0
+
+## Refactor
+* Add unique index to poll participations on `poll_id` and `author_id` [#7798](https://github.com/diaspora/diaspora/pull/7798)
+* Add 'completed at' date to account migrations [#7805](https://github.com/diaspora/diaspora/pull/7805)
+* Handle duplicates for TagFollowing on account merging [#7807](https://github.com/diaspora/diaspora/pull/7807)
+* Add link to the pod in the email footer [#7814](https://github.com/diaspora/diaspora/pull/7814)
+
+## Bug fixes
+* Fix compatibility with newer glibc versions [#7828](https://github.com/diaspora/diaspora/pull/7828)
+* Allow fonts to be served from asset host in CSP [#7825](https://github.com/diaspora/diaspora/pull/7825)
+
+## Features
+* Support fetching StatusMessage by Poll GUID [#7815](https://github.com/diaspora/diaspora/pull/7815)
+* Always include link to diaspora in facebook cross-posts [#7774](https://github.com/diaspora/diaspora/pull/7774)
+
+# 0.7.5.0
+
+## Refactor
+* Remove the 'make contacts in this aspect visible to each other' option [#7769](https://github.com/diaspora/diaspora/pull/7769)
+* Remove the requirement to have at least two users to disable the /podmin redirect [#7783](https://github.com/diaspora/diaspora/pull/7783)
+* Randomize start times of daily Sidekiq-Cron jobs [#7787](https://github.com/diaspora/diaspora/pull/7787)
+
+## Bug fixes
+* Prefill conversation form on contacts page only with mutual contacts [#7744](https://github.com/diaspora/diaspora/pull/7744)
+* Fix profiles sometimes not loading properly in background tabs [#7740](https://github.com/diaspora/diaspora/pull/7740)
+* Show error message when creating posts with invalid aspects [#7742](https://github.com/diaspora/diaspora/pull/7742)
+* Fix mention syntax backport for two immediately consecutive mentions [#7777](https://github.com/diaspora/diaspora/pull/7777)
+* Fix link to 'make yourself an admin' [#7783](https://github.com/diaspora/diaspora/pull/7783)
+* Fix calculation of content lengths when cross-posting to twitter [#7791](https://github.com/diaspora/diaspora/pull/7791)
+
+## Features
+* Make public stream accessible for logged out users [#7775](https://github.com/diaspora/diaspora/pull/7775)
+* Add account-merging support when receiving an account migration [#7803](https://github.com/diaspora/diaspora/pull/7803)
+
+# 0.7.4.1
+
+Fixes a possible cross-site scripting issue with maliciously crafted OpenGraph metadata.
+
 # 0.7.4.0
 
 ## Refactor

Gemfile

@@ -2,124 +2,124 @@
 
 source "https://rubygems.org"
 
-gem "rails", "5.1.4"
+gem "rails", "6.1.6.1"
 
 # Legacy Rails features, remove me!
 # responders (class level)
-gem "responders", "2.4.0"
+gem "responders", "3.0.1"
 
 # Appserver
 
-gem "unicorn", "5.3.0", require: false
-gem "unicorn-worker-killer", "0.4.4"
+gem "unicorn", "6.1.0", require: false
+gem "unicorn-worker-killer", "0.4.5"
 
 # Federation
 
-gem "diaspora_federation-json_schema", "0.2.4"
-gem "diaspora_federation-rails", "0.2.4"
+gem "diaspora_federation-json_schema", "0.2.8"
+gem "diaspora_federation-rails", "0.2.8"
 
 # API and JSON
 
 gem "acts_as_api", "1.0.1"
-gem "json",        "2.1.0"
-gem "json-schema", "2.8.0"
+gem "json",        "2.6.2"
+gem "json-schema", "3.0.0"
 
 # Authentication
 
-gem "devise", "4.4.1"
+gem "devise", "4.8.1"
 gem "devise_lastseenable", "0.0.6"
+gem "devise-two-factor", "4.0.2"
+gem "rqrcode", "2.1.1"
 
 # Captcha
 
-gem "simple_captcha2", "0.4.3", require: "simple_captcha"
+gem "simple_captcha2", "0.5.0", require: "simple_captcha"
 
 # Background processing
 
-gem "sidekiq", "5.0.4"
+gem "redis", "4.7.0"
+gem "sidekiq", "6.5.1"
 
 # Scheduled processing
 
-gem "sidekiq-cron", "0.6.3"
+gem "sidekiq-cron", "1.6.0"
 
 # Compression
 
-gem "uglifier", "3.2.0"
+gem "terser", "1.1.10"
 
 # Configuration
 
-gem "configurate", "0.3.1"
+gem "configurate", "0.5.0"
+gem "toml-rb", "2.1.2"
 
 # Cross-origin resource sharing
 
-gem "rack-cors", "1.0.1", require: "rack/cors"
+gem "rack-cors", "1.1.1", require: "rack/cors"
 
 # CSS
 
-gem "autoprefixer-rails",     "7.1.4.1"
-gem "bootstrap-sass",         "3.3.7"
-gem "bootstrap-switch-rails", "3.3.3"
-gem "compass-rails",          "3.0.2"
-gem "sass-rails",             "5.0.6"
-gem "sprockets-rails",        "3.2.1"
+gem "autoprefixer-rails",     "10.4.7.0"
+gem "bootstrap-sass",         "3.4.1"
+gem "bootstrap-switch-rails", "3.3.3" # 3.3.4 and 3.3.5 is broken, see https://github.com/Bttstrp/bootstrap-switch/issues/691
+gem "sassc-rails",            "2.1.2"
+gem "sprockets-rails",        "3.4.2"
 
 # Database
 
 group :mysql, optional: true do
-  gem "mysql2", "0.4.9"
+  gem "mysql2", "0.5.4"
 end
 group :postgresql, optional: true do
-  gem "pg",     "0.21.0"
+  gem "pg",     "1.4.1"
 end
 
-
-gem "activerecord-import", "0.20.1"
+gem "activerecord-import", "1.4.0"
 
 # File uploading
 
-gem "carrierwave", "1.1.0"
-gem "fog-aws",     "1.4.1"
-gem "mini_magick", "4.8.0"
+gem "carrierwave", "2.2.2"
+gem "fog-aws",     "3.14.0"
+gem "mini_magick", "4.11.0"
 
 # GUID generation
-gem "uuid", "2.3.8"
-
-# Icons
-
-gem "entypo-rails", "3.0.0"
+gem "uuid", "2.3.9"
 
 # JavaScript
 
-gem "handlebars_assets", "0.23.2"
-gem "jquery-rails",      "4.3.1"
-gem "js-routes",         "1.4.1"
-gem "js_image_paths",    "0.1.1"
+gem "handlebars_assets", "0.23.9"
+gem "jquery-rails",      "4.5.0"
+gem "js_image_paths",    "0.2.0"
+gem "js-routes",         "2.2.4"
 
-source "https://rails-assets.org" do
-  gem "rails-assets-jquery",                              "3.2.1" # Should be kept in sync with jquery-rails
+source "https://gems.diasporafoundation.org" do
+  gem "rails-assets-jquery",                              "3.6.0" # Should be kept in sync with jquery-rails
   gem "rails-assets-jquery.ui",                           "1.11.4"
 
   gem "rails-assets-highlightjs",                         "9.12.0"
-  gem "rails-assets-markdown-it",                         "8.4.0"
-  gem "rails-assets-markdown-it-hashtag",                 "0.4.0"
+  gem "rails-assets-markdown-it",                         "8.4.2"
   gem "rails-assets-markdown-it-diaspora-mention",        "1.2.0"
-  gem "rails-assets-markdown-it-sanitizer",               "0.4.3"
+  gem "rails-assets-markdown-it-footnote",                "3.0.3"
+  gem "rails-assets-markdown-it-hashtag",                 "0.4.0"
   gem "rails-assets-markdown-it--markdown-it-for-inline", "0.1.1"
+  gem "rails-assets-markdown-it-sanitizer",               "0.4.3"
   gem "rails-assets-markdown-it-sub",                     "1.0.0"
   gem "rails-assets-markdown-it-sup",                     "1.0.0"
 
   gem "rails-assets-backbone",                            "1.3.3"
+  gem "rails-assets-bootstrap",                           "3.4.1"
   gem "rails-assets-bootstrap-markdown",                  "2.10.0"
-  gem "rails-assets-corejs-typeahead",                    "1.1.1"
+  gem "rails-assets-corejs-typeahead",                    "1.2.1"
   gem "rails-assets-fine-uploader",                       "5.13.0"
 
   # jQuery plugins
 
-  gem "rails-assets-autosize",                            "4.0.0"
-  gem "rails-assets-blueimp-gallery",                     "2.27.0"
+  gem "rails-assets-autosize",                            "4.0.2"
+  gem "rails-assets-blueimp-gallery",                     "2.33.0"
   gem "rails-assets-jquery.are-you-sure",                 "1.9.0"
   gem "rails-assets-jquery-placeholder",                  "2.3.1"
   gem "rails-assets-jquery-textchange",                   "0.2.3"
-  gem "rails-assets-perfect-scrollbar",                   "0.6.16"
+  gem "rails-assets-utatti-perfect-scrollbar",            "1.4.0"
 end
 
 gem "markdown-it-html5-embed", "1.0.0"
@@ -128,70 +128,66 @@ gem "markdown-it-html5-embed", "1.0.0"
 
 gem "http_accept_language", "2.1.1"
 gem "i18n-inflector-rails", "1.0.7"
-gem "rails-i18n",           "5.1.1"
-
-# Mail
-
-gem "markerb",             "1.1.0"
+gem "rails-i18n",           "6.0.0"
 
 # Map
-gem "leaflet-rails",       "1.2.0"
+gem "leaflet-rails",       "1.7.0"
 
 # Parsing
 
-gem "nokogiri",          "1.8.2"
-gem "open_graph_reader", "0.6.2" # also update User-Agent in features/support/webmock.rb
-gem "redcarpet",         "3.4.0"
-gem "ruby-oembed",       "0.12.0"
+gem "nokogiri",          "1.13.7"
+gem "open_graph_reader", "0.7.2" # also update User-Agent in features/support/webmock.rb and open_graph_cache_spec.rb
+gem "redcarpet",         "3.5.1"
+gem "ruby-oembed",       "0.16.1"
 gem "twitter-text",      "1.14.7"
 
 # RTL support
 
-gem "string-direction", "1.2.0"
+gem "string-direction", "1.2.2"
 
 # Security Headers
 
-gem "secure_headers", "3.7.1"
+gem "secure_headers", "6.3.3"
 
 # Services
 
-gem "omniauth",           "1.6.1"
-gem "omniauth-facebook",  "4.0.0"
-gem "omniauth-tumblr",    "1.2"
-gem "omniauth-twitter",   "1.4.0"
-gem "twitter",            "6.1.0"
-gem "omniauth-wordpress", "0.2.2"
+gem "omniauth",                       "2.1.0"
+gem "omniauth-rails_csrf_protection", "1.0.1"
+gem "omniauth-tumblr",                "1.2"
+gem "omniauth-twitter",               "1.4.0"
+gem "omniauth-wordpress",             "0.2.2"
+gem "twitter",                        "7.0.0"
 
 # OpenID Connect
-gem "openid_connect", "1.1.3"
+gem "openid_connect", "1.3.0"
 
 # Serializers
 
-gem "active_model_serializers", "0.9.7"
+gem "active_model_serializers", "0.9.8"
 
 # XMPP chat dependencies
 gem "diaspora-prosody-config",    "0.0.7"
-gem "rails-assets-diaspora_jsxc", "0.1.5.develop.7", source: "https://rails-assets.org"
+gem "rails-assets-diaspora_jsxc", "0.1.5.develop.7", source: "https://gems.diasporafoundation.org"
 
 # Tags
 
-gem "acts-as-taggable-on", "5.0.0"
+gem "acts-as-taggable-on", "9.0.1"
 
 # URIs and HTTP
 
-gem "addressable",        "2.5.2", require: "addressable/uri"
-gem "faraday",            "0.11.0" # also update User-Agent in OpenID specs
-gem "faraday_middleware", "0.12.2"
-gem "faraday-cookie_jar", "0.0.6"
-gem "typhoeus",           "1.3.0"
+gem "addressable",        "2.8.0", require: "addressable/uri"
+gem "faraday",            "0.17.5"
+gem "faraday-cookie_jar", "0.0.7"
+gem "faraday_middleware", "0.14.0"
+gem "typhoeus",           "1.4.0"
 
 # Views
 
-gem "gon",                     "6.1.0"
-gem "hamlit",                  "2.8.6"
+gem "gon",                     "6.4.0"
+gem "hamlit",                  "2.16.0"
 gem "mobile-fu",               "1.4.0"
-gem "rails-timeago",           "2.16.0"
-gem "will_paginate",           "3.1.6"
+gem "rails-timeago",           "2.20.0"
+gem "will_paginate",           "3.3.1"
 
 # Logging
 
@@ -199,16 +195,16 @@ gem "logging-rails", "0.6.0", require: "logging/rails"
 
 # Reading and writing zip files
 
-gem "rubyzip", "1.2.1", require: "zip"
+gem "rubyzip", "2.3.2", require: "zip"
 
 # Prevent occasions where minitest is not bundled in
 # packaged versions of ruby. See following issues/prs:
 # https://github.com/gitlabhq/gitlabhq/issues/3826
 # https://github.com/gitlabhq/gitlabhq/pull/3852
 # https://github.com/discourse/discourse/pull/238
-gem "minitest"
+gem "minitest",  "5.15.0"
 
-gem "versionist", "1.6.0"
+gem "versionist", "2.0.1"
 
 # Windows and OSX have an execjs compatible runtime built-in, Linux users should
 # install Node.js or use "therubyracer".
@@ -225,7 +221,7 @@ group :production do # we don"t install these on travis to speed up test runs
 
   # Process management
 
-  gem "eye", "0.9.2"
+  gem "eye", "0.10.0"
 
   # Redirects
 
@@ -234,85 +230,71 @@ group :production do # we don"t install these on travis to speed up test runs
 
   # Third party asset hosting
 
-  gem "asset_sync", "2.2.0", require: false
+  gem "asset_sync", "2.15.2", require: false
 end
 
 group :development do
-  # Automatic test runs
-  gem "guard",          "2.14.1", require: false
-  gem "guard-cucumber", "2.1.2", require: false
-  gem "guard-rspec",    "4.7.3", require: false
-  gem "guard-rubocop",  "1.3.0", require: false
-  gem "rb-fsevent",     "0.10.2", require: false
-  gem "rb-inotify",     "0.9.10", require: false
-
   # Linters
-  gem "haml_lint",      "0.26.0", require: false
-  gem "pronto",         "0.9.5", require: false
-  gem "pronto-eslint",  "0.9.1", require: false
-  gem "pronto-haml",    "0.9.0", require: false
-  gem "pronto-rubocop", "0.9.0", require: false
-  gem "pronto-scss",    "0.9.1", require: false
-  gem "rubocop",        "0.50.0", require: false
-
-  # Preloading environment
-
-  gem "spring", "2.0.2"
-  gem "spring-commands-rspec", "1.0.4"
-  gem "spring-commands-cucumber", "1.0.1"
+  gem "haml_lint",      "0.40.0", require: false
+  gem "pronto",         "0.11.0", require: false
+  gem "pronto-eslint",  "0.11.0", require: false
+  gem "pronto-haml",    "0.11.1", require: false
+  gem "pronto-rubocop", "0.11.1", require: false
+  gem "pronto-scss",    "0.11.0", require: false
+  gem "rubocop",        "0.93.1", require: false
+  gem "rubocop-rails",  "2.9.1", require: false
 
   # Debugging
   gem "pry"
   gem "pry-byebug"
 
   # test coverage
-  gem "simplecov", "0.14.1", require: false
+  gem "simplecov", "0.21.2", require: false
 
   gem "turbo_dev_assets", "0.0.2"
+
+  gem "listen", "3.7.1"
 end
 
 group :test do
   # RSpec (unit tests, some integration tests)
 
-  gem "fixture_builder",   "0.5.0"
-  gem "fuubar",            "2.2.0"
-  gem "json-schema-rspec", "0.0.4"
+  gem "fixture_builder",   "0.5.2"
+  gem "fuubar",            "2.5.1"
   gem "rspec-json_expectations", "~> 2.1"
 
   # Cucumber (integration tests)
 
-  gem "capybara",           "2.15.1"
-  gem "database_cleaner",   "1.6.1"
-  gem "poltergeist",        "1.16.0"
+  gem "apparition",       "0.6.0"
+  gem "capybara",         "3.35.3"
+  gem "database_cleaner-active_record", "2.0.1"
 
-  gem "cucumber-api-steps", "0.13", require: false
+  gem "cucumber-api-steps", "0.14", require: false
 
   # General helpers
 
-  gem "factory_girl_rails", "4.8.0"
-  gem "shoulda-matchers",   "3.1.2"
-  gem "timecop",            "0.9.1"
-  gem "webmock",            "3.0.1", require: false
+  gem "factory_girl_rails", "4.9.0"
+  gem "shoulda-matchers",   "4.5.1"
+  gem "timecop",            "0.9.5"
+  gem "webmock",            "3.14.0", require: false
 
-  gem "diaspora_federation-test", "0.2.4"
-
-  # Coverage
-  gem "coveralls", "0.8.21", require: false
+  gem "diaspora_federation-test", "0.2.8"
 end
 
 group :development, :test do
   # RSpec (unit tests, some integration tests)
-  gem "rspec-rails", "3.6.1"
+  gem "rspec-rails", "5.1.2"
 
   # Cucumber (integration tests)
-  gem "cucumber-rails", "1.5.0", require: false
+  gem "cucumber-rails", "2.5.1", require: false
 
   # Jasmine (client side application tests (JS))
-  gem "jasmine",                   "2.8.0"
+  gem "chrome_remote",             "0.3.0"
+  gem "jasmine",                   "3.10.0"
   gem "jasmine-jquery-rails",      "2.0.3"
-  gem "rails-assets-jasmine-ajax", "3.3.1", source: "https://rails-assets.org"
+  gem "rails-assets-jasmine-ajax", "4.0.0", source: "https://gems.diasporafoundation.org"
   gem "sinon-rails",               "1.15.0"
 
   # For `assigns` in controller specs
-  gem "rails-controller-testing", "1.0.2"
+  gem "rails-controller-testing", "1.0.5"
 end

Guardfile

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-guard :rspec, cmd: "bin/spring rspec", all_on_start: false, all_after_pass: false do
-  watch(/^spec\/.+_spec\.rb$/)
-  watch(/^lib\/(.+)\.rb$/)       {|m| "spec/lib/#{m[1]}_spec.rb" }
-  watch(/spec\/spec_helper.rb/)  { "spec" }
-
-  # Rails example
-  watch(/^spec\/.+_spec\.rb$/)
-  watch(/^app\/(.+)\.rb$/)                            {|m| "spec/#{m[1]}_spec.rb" }
-  watch(/^lib\/(.+)\.rb$/)                            {|m| "spec/lib/#{m[1]}_spec.rb" }
-  watch(%r{^app/controllers/(.+)_(controller)\.rb$}) {|m|
-    ["spec/routing/#{m[1]}_routing_spec.rb",
-     "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb",
-     "spec/acceptance/#{m[1]}_spec.rb"]
-  }
-  watch(%r{^spec/support/(.+)\.rb$})                  { "spec" }
-  watch("spec/spec_helper.rb")                        { "spec" }
-  watch("config/routes.rb")                           { "spec/routing" }
-  watch("app/controllers/application_controller.rb")  { "spec/controllers" }
-
-  # Capybara request specs
-  watch(%r{^app/views/(.+)/.*\.(erb|haml)$})          {|m| "spec/requests/#{m[1]}_spec.rb" }
-end
-
-guard(:cucumber,
-      cmd:            "bin/spring cucumber",
-      all_on_start:   false,
-      all_after_pass: false) do
-  watch(/^features\/.+\.feature$/)
-  watch(%r{^features/support/.+$})          { "features" }
-  watch(%r{^features/step_definitions/(.+)_steps\.rb$}) {|m|
-    Dir[File.join("**/#{m[1]}.feature")][0] || "features"
-  }
-end
-
-guard :rubocop, all_on_start: false, keep_failed: false do
-  watch(/(?:app|config|db|lib|features|spec)\/.+\.rb$/)
-  watch(/(config.ru|Gemfile|Guardfile|Rakefile)$/)
-end

README.md

@@ -1,14 +1,6 @@
-# diaspora*
+# diaspora\*
 ### A privacy-aware, distributed, open source social network
 
-**master:** [![Build Status master](https://secure.travis-ci.org/diaspora/diaspora.svg?branch=master)](http://travis-ci.org/diaspora/diaspora)
-**next-minor:** [![Build Status next-minor](https://secure.travis-ci.org/diaspora/diaspora.svg?branch=next-minor)](http://travis-ci.org/diaspora/diaspora)
-[![Coverage Status next-minor](https://coveralls.io/repos/github/diaspora/diaspora/badge.svg?branch=next-minor)](https://coveralls.io/github/diaspora/diaspora?branch=next-minor)|
-**develop:** [![Build Status develop](https://secure.travis-ci.org/diaspora/diaspora.svg?branch=develop)](http://travis-ci.org/diaspora/diaspora)
-[![Coverage Status develop](https://coveralls.io/repos/github/diaspora/diaspora/badge.svg?branch=develop)](https://coveralls.io/github/diaspora/diaspora?branch=develop) |
-[![Dependency Status](https://gemnasium.com/badges/github.com/diaspora/diaspora.svg)](https://gemnasium.com/diaspora/diaspora)
-[![Code Climate](https://codeclimate.com/github/diaspora/diaspora/badges/gpa.svg)](https://codeclimate.com/github/diaspora/diaspora)
-
 [Project site](https://diasporafoundation.org) |
 [Wiki](https://wiki.diasporafoundation.org) |
 [Bugtracker](https://github.com/diaspora/diaspora/issues) |
@@ -18,9 +10,9 @@
 
 ## Installation
 
-You don't have to install diaspora* to use the network. There are many servers connected to diaspora*s network which are open to anyone, and you can create an account on one of these servers. Have a look at our [tips for finding a home](https://wiki.diasporafoundation.org/Choosing_a_pod), or you can just go straight to the [list of open servers](http://podupti.me) to sign up.
+You don't have to install diaspora\* to use the network. There are many servers connected to diaspora\*s network which are open to anyone, and you can create an account on one of these servers. Have a look at our [tips for finding a home](https://wiki.diasporafoundation.org/Choosing_a_pod), or you can just go straight to the [list of open servers](https://diaspora.fediverse.observer) to sign up.
 
-Want to own your data and install diaspora*? Whether you just want to try it out, want to install it on your server or want to contribute and need a development setup, our [installation guides](https://wiki.diasporafoundation.org/Installation) will get you started!
+Want to own your data and install diaspora\*? Whether you just want to try it out, want to install it on your server or want to contribute and need a development setup, our [installation guides](https://wiki.diasporafoundation.org/Installation) will get you started!
 
 ## Questions?
 
@@ -36,4 +28,4 @@ Everyone interacting in diaspora’s codebases, issue trackers, chat rooms, the
 
 ## Security
 
-Found a security issue? Please disclose it responsibly. We have a team of developers listening to [security@diasporafoundation.org](mailto:security@diasporafoundation.org). The PGP fingerprint is [AB0D AB02 0FC5 D398 03AB 3CE1 6F70 243F 27AD 886A](https://pgp.mit.edu/pks/lookup?op=get&search=0x6F70243F27AD886A).
+See [`SECURITY.md`](/SECURITY.md) for instructions on how to responsibly report a security vulnerability.

SECURITY.md

@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+We support the latest stable release, as well as the current state of the `next-minor` and `develop` branches. Security issues for older releases are out of scope.
+
+## Reporting a Vulnerability
+
+Found a security issue? Please disclose it responsibly. We have a team of developers listening to [security@diasporafoundation.org](mailto:security@diasporafoundation.org). The PGP fingerprint is [AB0D AB02 0FC5 D398 03AB 3CE1 6F70 243F 27AD 886A](https://pgp.mit.edu/pks/lookup?op=get&search=0x6F70243F27AD886A).

app/assets/config/manifest.js

@@ -1,12 +1,14 @@
+//= link_tree ../images
+
+//= link main.js
+//= link mobile/mobile.js
 //= link contact-list.js
 //= link jquery3.js
 //= link jquery_ujs.js
-//= link main.js
 //= link jsxc.js
 //= link bookmarklet.js
 //= link mobile/bookmarklet.js
-//= link mobile/mobile.js
-//= link templates.js
-//= link error_pages.css
+
 //= link admin.css
+//= link error_pages.css
 //= link rtl.css

app/assets/javascripts/app/app.js

@@ -14,7 +14,7 @@
 //= require_tree ./collections
 //= require_tree ./views
 
-//= require perfect-scrollbar/perfect-scrollbar.jquery
+//= require utatti-perfect-scrollbar/dist/perfect-scrollbar
 
 var app = {
   collections: {},

app/assets/javascripts/app/helpers/handlebars-helpers.js

@@ -44,7 +44,7 @@ Handlebars.registerHelper('linkToPerson', function(context, block) {
 // relationship indicator for profile page
 Handlebars.registerHelper("sharingMessage", function(person) {
   var i18nScope = "people.helper.is_not_sharing";
-  var icon = "circle";
+  var icon = "entypo-record";
   if( person.is_sharing ) {
     i18nScope = "people.helper.is_sharing";
     icon = "entypo-check";

app/assets/javascripts/app/helpers/handlebars-partials.js

@@ -1,7 +1,4 @@
 // @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-v3-or-Later
 
-/* we need to wrap this in a document ready to ensure JST is accessible */
-$(function(){
-  Handlebars.registerPartial('status-message', HandlebarsTemplates['status-message_tpl']);
-});
+Handlebars.registerPartial("status-message", HandlebarsTemplates["status-message_tpl"]);
 // @license-end

app/assets/javascripts/app/helpers/locations.js

@@ -1,25 +1,23 @@
 (function() {
   app.helpers.locations = {
     getTiles: function() {
-      // If the mapbox option is enabled in the diaspora.yml, the mapbox tiles with the podmin's credentials are used.
+      // If the mapbox option is enabled in the diaspora.toml, the mapbox tiles with the podmin's credentials are used.
       if (gon.appConfig.map.mapbox.enabled) {
-        return L.tileLayer("https://api.mapbox.com/styles/v1/{style}/tiles/256/{z}/{x}/{y}?access_token={accessToken}", {
-          accessToken: gon.appConfig.map.mapbox.access_token,
-          style: gon.appConfig.map.mapbox.style,
-          attribution: "Map data &copy; <a href='http://openstreetmap.org'>OpenStreetMap</a> contributors, " +
-                       "<a href='http://creativecommons.org/licenses/by-sa/2.0/''>CC-BY-SA</a>, " +
-                       "Imagery © <a href='https://www.mapbox.com'>Mapbox</a>",
-          maxZoom: 18
-        });
+        return L.tileLayer(
+          "https://api.mapbox.com/styles/v1/{style}/tiles/256/{z}/{x}/{y}?access_token={accessToken}",
+          {
+            accessToken: gon.appConfig.map.mapbox.access_token,
+            style: gon.appConfig.map.mapbox.style,
+            attribution:
+              "Map data &copy; <a href='https://openstreetmap.org'>OpenStreetMap</a> contributors, " +
+              "<a href='http://opendatacommons.org/licenses/dbcl/1.0/'>Open Database License, ODbL 1.0</a>, " +
+              "Imagery © <a href='https://www.mapbox.com'>Mapbox</a>",
+            maxZoom: 18,
+            tileSize: 512,
+            zoomOffset: -1
+          }
+        );
       }
-
-      // maptiles from the Heidelberg University are used by default.
-      return L.tileLayer("http://korona.geog.uni-heidelberg.de/tiles/roads/x={x}&y={y}&z={z}", {
-        attribution: "Map data &copy; <a href='http://openstreetmap.org'>OpenStreetMap</a> contributors, " +
-                     "rendering <a href='http://giscience.uni-hd.de/'>" +
-                     "GIScience Research Group @ Heidelberg University</a>",
-        maxZoom: 18
-      });
     }
   };
 })();

app/assets/javascripts/app/helpers/text_formatter.js

@@ -16,6 +16,9 @@
       typographer: true
     });
 
+    var footnote = window.markdownitFootnote;
+    md.use(footnote);
+
     var inlinePlugin = window.markdownitForInline;
     md.use(inlinePlugin, "utf8_symbols", "text", function (tokens, idx) {
       tokens[idx].content = tokens[idx].content.replace(/<->/g, "↔")
@@ -40,7 +43,7 @@
 
     var hashtagPlugin = window.markdownitHashtag;
     md.use(hashtagPlugin, {
-      // compare tag_text_regexp in app/models/acts_as_taggable_on-tag.rb
+      // compare tag_text_regexp in config/initializers/acts_as_taggable_on.rb
       hashtagRegExp: "[" + PosixBracketExpressions.word +
                            "\\u055b" + // Armenian emphasis mark
                            "\\u055c" + // Armenian exclamation mark

app/assets/javascripts/app/helpers/truncate.js

@@ -1,14 +1,11 @@
 (function() {
   app.helpers.truncate = function(passedString, length) {
-    if (passedString === null || passedString === undefined) {
+    if (passedString === null || passedString === undefined || passedString.length < length) {
       return passedString;
     }
 
-    if (passedString.length > length) {
-      var lastBlank = passedString.lastIndexOf(' ', length);
-      var trimstring = passedString.substring(0, Math.min(length, lastBlank));
-      return new Handlebars.SafeString(trimstring + " ...");
-    }
-    return new Handlebars.SafeString(passedString);
+    var lastBlank = passedString.lastIndexOf(" ", length);
+    var trimstring = passedString.substring(0, Math.min(length, lastBlank));
+    return trimstring + " ...";
   };
 })();

app/assets/javascripts/app/models/post/interactions.js

@@ -60,9 +60,13 @@ app.models.Post.Interactions = Backbone.Model.extend({
   unlike : function() {
     var self = this;
     this.userLike().destroy({success : function() {
+      self.post.set({participation: false});
       self.trigger('change');
       self.set({"likes_count" : self.get("likes_count") - 1});
       self.likes.trigger("change");
+    },
+      error: function(model, response) {
+        app.flashMessages.handleAjaxError(response);
     }});
   },
 
@@ -81,6 +85,10 @@ app.models.Post.Interactions = Backbone.Model.extend({
     });
   },
 
+  removedComment: function() {
+    this.set({"comments_count": this.get("comments_count") - 1});
+  },
+
   reshare : function(){
     var interactions = this;
 

app/assets/javascripts/app/models/stream.js

@@ -69,7 +69,7 @@ app.models.Stream = Backbone.Collection.extend({
   },
 
   sortOrder : function() {
-    return /activity/.test(this.basePath()) ? "interactedAt" : "createdAt";
+    return /^\/activity/.test(this.basePath()) ? "interactedAt" : "createdAt";
   },
 
   /* This function is for adding a large number of posts one by one.

app/assets/javascripts/app/pages/contacts.js

@@ -5,7 +5,6 @@ app.pages.Contacts = Backbone.View.extend({
   el: "#contacts_container",
 
   events: {
-    "click #contacts_visibility_toggle" : "toggleContactVisibility",
     "click #chat_privilege_toggle" : "toggleChatPrivilege",
     "click #change_aspect_name" : "showAspectNameForm",
     "click .conversation_button": "showMessageModal",
@@ -13,7 +12,6 @@ app.pages.Contacts = Backbone.View.extend({
   },
 
   initialize: function(opts) {
-    this.visibilityToggle = $("#contacts_visibility_toggle i");
     this.chatToggle = $("#chat_privilege_toggle i");
     this.stream = opts.stream;
     this.stream.render();
@@ -45,25 +43,6 @@ app.pages.Contacts = Backbone.View.extend({
     }
   },
 
-  toggleContactVisibility: function() {
-    if (this.visibilityToggle.hasClass("entypo-lock-open")) {
-      this.visibilityToggle.removeClass("entypo-lock-open")
-                            .addClass("entypo-lock")
-                            .tooltip("destroy")
-                            .removeAttr("data-original-title")
-                            .attr("title", Diaspora.I18n.t("contacts.aspect_list_is_not_visible"))
-                            .tooltip({"placement": "bottom"});
-    }
-    else {
-      this.visibilityToggle.removeClass("entypo-lock")
-                            .addClass("entypo-lock-open")
-                            .tooltip("destroy")
-                            .removeAttr("data-original-title")
-                            .attr("title", Diaspora.I18n.t("contacts.aspect_list_is_visible"))
-                            .tooltip({"placement": "bottom"});
-    }
-  },
-
   showAspectNameForm: function() {
     $(".header > h3").hide();
     var aspectName = $.trim($(".header h3 #aspect_name").text());
@@ -81,7 +60,7 @@ app.pages.Contacts = Backbone.View.extend({
   showMessageModal: function(){
     $("#conversationModal").on("modal:loaded", function() {
       var people = _.pluck(app.contacts.filter(function(contact) {
-        return contact.inAspect(app.aspect.get("id"));
+        return contact.person.get("relationship") === "mutual" && contact.inAspect(app.aspect.get("id"));
       }), "person");
       new app.views.ConversationsForm({prefill: people});
     });

app/assets/javascripts/app/pages/profile.js

@@ -24,9 +24,6 @@ app.pages.Profile = app.views.Base.extend({
     if (app.hasPreload("photos_count")) {
       this.photos = app.parsePreload("photos_count");
     }
-    if (app.hasPreload("contacts_count")) {
-      this.contacts = app.parsePreload("contacts_count");
-    }
 
     this.streamCollection = _.has(opts, "streamCollection") ? opts.streamCollection : null;
     this.streamViewClass = _.has(opts, "streamView") ? opts.streamView : null;
@@ -70,7 +67,6 @@ app.pages.Profile = app.views.Base.extend({
     return new app.views.ProfileHeader({
       model: this.model,
       photos: this.photos,
-      contacts: this.contacts
     });
   },
 

app/assets/javascripts/app/pages/settings.js

@@ -15,6 +15,10 @@ app.pages.Settings = Backbone.View.extend({
       form: $("#post-default-aspects")
     });
     $("#update_profile_form").areYouSure();
+
+    $("#register-protocol-handler").click(function() {
+      Diaspora.ProtocolHandler.register();
+    });
   }
 });
 // @license-end

app/assets/javascripts/app/router.js

@@ -20,7 +20,6 @@ app.Router = Backbone.Router.extend({
     "p/:id(/)": "singlePost",
     "people(/)": "peopleSearch",
     "people/:id(/)": "profile",
-    "people/:id/contacts(/)": "profile",
     "people/:id/photos(/)": "photos",
     "posts/:id(/)": "singlePost",
     "profile/edit(/)": "settings",

app/assets/javascripts/app/views/aspect_create_view.js

@@ -21,10 +21,6 @@ app.views.AspectCreate = app.views.Base.extend({
     });
   },
 
-  _contactsVisible: function() {
-    return this.$("#aspect_contacts_visible").is(":checked");
-  },
-
   _name: function() {
     return this.$("#aspect_name").val();
   },
@@ -71,8 +67,7 @@ app.views.AspectCreate = app.views.Base.extend({
 
     app.aspects.create({
       "person_id": this._personId || null,
-      "name": this._name(),
-      "contacts_visible": this._contactsVisible()
+      "name": this._name()
     });
   },
 

app/assets/javascripts/app/views/aspect_membership_view.js

@@ -16,10 +16,8 @@ app.views.AspectMembership = app.views.Base.extend({
   },
 
   events: {
-    "click ul.aspect_membership.dropdown-menu > li.aspect_selector"
-        : "_clickHandler",
-    "keypress ul.aspect_membership.dropdown-menu > li.aspect_selector"
-        : "_clickHandler"
+    "click ul.aspect-membership.dropdown-menu > li.aspect_selector": "_clickHandler",
+    "keypress ul.aspect-membership.dropdown-menu > li.aspect_selector": "_clickHandler"
   },
 
   initialize: function(opts) {

app/assets/javascripts/app/views/comment_stream_view.js

@@ -135,7 +135,10 @@ app.views.CommentStream = app.views.Base.extend({
   },
 
   removeComment: function(comment) {
-    this.$("#" + comment.get("guid")).closest(".comment.media").remove();
+    var result = this.$("#" + comment.get("guid")).closest(".comment.media").remove();
+    if (result.hasClass("deleting")) {
+      this.model.interactions.removedComment();
+    }
   },
 
   expandComments: function(evt){

app/assets/javascripts/app/views/gallery_view.js

@@ -31,12 +31,20 @@ app.views.Gallery = app.views.Base.extend({
     return {
       index: link,
       event: event,
-      hidePageScrollbars: false,
-      disableScroll: true,
       continuous: true,
       toggleControlsOnReturn: false,
       onopened: this.preventHideControls,
-      slideshowInterval: 2000
+      slideshowInterval: 2000,
+      onslidecomplete: function(index, slide) {
+        // If the image is very tall (more than twice its width), then it is scrollable instead of resized
+        var image = slide.firstElementChild;
+        if (image.naturalHeight > window.innerHeight && image.naturalHeight > image.naturalWidth * 2) {
+          image.classList.add("too-tall");
+        } else {
+          var margins = 110; // Margins are 80px for thumbnails height and 15px for top image margin + scroll-x height
+          image.style = "max-height: " + (window.innerHeight - margins) + "px";
+        }
+      }
     };
   }
 });

app/assets/javascripts/app/views/help_view.js

@@ -13,9 +13,10 @@ app.views.Help = app.views.StaticContentView.extend({
     "click .faq-link-chat": "chat"
   },
 
+  /* eslint-disable camelcase */
   initialize : function() {
     this.GETTING_HELP_SUBS = {
-      getting_started_a: {tutorial_series: this.linkHtml("http://diasporafoundation.org/getting_started/sign_up", Diaspora.I18n.t("getting_started_tutorial"))},
+      getting_started_a: {tutorial_series: this.linkHtml("https://diasporafoundation.org/getting_started/sign_up", Diaspora.I18n.t("getting_started_tutorial"))},
       get_support_a_website: {link: this.linkHtml("https://diasporafoundation.org/", Diaspora.I18n.t("foundation_website"))},
       get_support_a_tutorials: {tutorials: this.linkHtml("https://diasporafoundation.org/tutorials", Diaspora.I18n.t("tutorials"))},
       get_support_a_wiki: {link: this.linkHtml("https://wiki.diasporafoundation.org/Special:Search", Diaspora.I18n.t("wiki"))},
@@ -28,10 +29,11 @@ app.views.Help = app.views.StaticContentView.extend({
     this.POSTS_AND_POSTING_SUBS = {
       post_report_a: {community_guidelines: this.linkHtml("https://diasporafoundation.org/community_guidelines", Diaspora.I18n.t("community_guidelines"))},
       format_text_a: {
-        markdown: this.linkHtml("http://diasporafoundation.org/formatting", Diaspora.I18n.t( 'markdown' )),
-        here: this.linkHtml("http://daringfireball.net/projects/markdown/syntax", Diaspora.I18n.t( 'here' ))
+        markdown: this.linkHtml("https://diasporafoundation.org/formatting", Diaspora.I18n.t("markdown")),
+        here: this.linkHtml("https://daringfireball.net/projects/markdown/syntax", Diaspora.I18n.t("here"))
       }
     };
+  /* eslint-enable camelcase */
 
     this.TAGS_SUBS = {
       filter_tags_a: {

app/assets/javascripts/app/views/hovercard_view.js

@@ -19,10 +19,15 @@ app.views.Hovercard = app.views.Base.extend({
 
     this.showMe = false;
     this.parent = null;  // current 'hovercardable' element that caused HC to appear
-
     this.active = true;
   },
 
+  presenter: function() {
+    return _.extend({}, this.defaultPresenter(), {
+      person: this.person
+    });
+  },
+
   postRenderTemplate: function() {
     this.$el.appendTo($("body"));
 
@@ -102,14 +107,14 @@ app.views.Hovercard = app.views.Base.extend({
       if( !person || person.length === 0 ) {
         throw new Error("received data is not a person object");
       }
-
+      var personModel = new app.models.Person(person);
+      person.is_sharing = personModel.isSharing();
+      self.person = person;
       if (app.currentUser.authenticated()) {
-        self.aspectMembershipDropdown = new app.views.AspectMembership({person: new app.models.Person(person)});
+        self.aspectMembershipDropdown = new app.views.AspectMembership({person: personModel});
       }
-
       self.render();
 
-      self._populateHovercardWith(person);
       if( !self.showMe ) {
         // mouse has left element
         return;
@@ -118,23 +123,6 @@ app.views.Hovercard = app.views.Base.extend({
     });
   },
 
-  _populateHovercardWith: function(person) {
-    this.avatarLink.attr("href", this.href());
-    this.personLink.attr("href", this.href());
-    this.personLink.text(person.name);
-    this.personID.text(person.diaspora_id);
-
-    if (person.profile) {
-      this.avatar.attr("src", person.profile.avatar);
-
-      // set hashtags
-      this.hashtags.empty();
-      this.hashtags.html($(_.map(person.profile.tags, function(tag) {
-        return $("<a/>", {href: Routes.tag(tag)}).text("#" + tag)[0];
-      })));
-    }
-  },
-
   _positionHovercard: function() {
     var p_pos = this.parent.offset();
     var p_height = this.parent.height();

app/assets/javascripts/app/views/locator.js

@@ -19,7 +19,7 @@ app.views.Location = Backbone.View.extend({
     var locator = new OSM.Locator();
     locator.getAddress(function(address, latlng){
       $(element).empty();
-      $("<input/>",
+      $("<input></input>",
         { id: "location_address",
           value: address,
           type: "text",

app/assets/javascripts/app/views/notification_dropdown_view.js

@@ -12,7 +12,7 @@ app.views.NotificationDropdown = app.views.Base.extend({
     this.dropdown = $("#notification-dropdown");
     this.dropdownNotifications = this.dropdown.find(".notifications");
     this.ajaxLoader = this.dropdown.find(".ajax-loader");
-    this.perfectScrollbarInitialized = false;
+    this.perfectScrollbar = null;
     this.dropdownNotifications.scroll(this.dropdownScroll.bind(this));
     this.bindCollectionEvents();
   },
@@ -106,18 +106,17 @@ app.views.NotificationDropdown = app.views.Base.extend({
   },
 
   updateScrollbar: function() {
-    if(this.perfectScrollbarInitialized) {
-      this.dropdownNotifications.perfectScrollbar("update");
+    if (this.perfectScrollbar) {
+      this.perfectScrollbar.update();
     } else {
-      this.dropdownNotifications.perfectScrollbar();
-      this.perfectScrollbarInitialized = true;
+      this.perfectScrollbar = new PerfectScrollbar(this.dropdownNotifications[0]);
     }
   },
 
   destroyScrollbar: function() {
-    if(this.perfectScrollbarInitialized) {
-      this.dropdownNotifications.perfectScrollbar("destroy");
-      this.perfectScrollbarInitialized = false;
+    if (this.perfectScrollbar) {
+      this.perfectScrollbar.destroy();
+      this.perfectScrollbar = null;
     }
   }
 });

app/assets/javascripts/app/views/profile_header_view.js

@@ -14,7 +14,6 @@ app.views.ProfileHeader = app.views.Base.extend({
 
   initialize: function(opts) {
     this.photos = _.has(opts, 'photos') ? opts.photos : null;
-    this.contacts = _.has(opts, 'contacts') ? opts.contacts : null;
     this.model.on("change", this.render, this);
     $("#mentionModal").on("modal:loaded", this.mentionModalLoaded.bind(this));
     $("#mentionModal").on("hidden.bs.modal", this.mentionModalHidden);
@@ -24,13 +23,11 @@ app.views.ProfileHeader = app.views.Base.extend({
     return _.extend({}, this.defaultPresenter(), {
       show_profile_btns: this._shouldShowProfileBtns(),
       show_photos: this._shouldShowPhotos(),
-      show_contacts: this._shouldShowContacts(),
       is_blocked: this.model.isBlocked(),
       is_sharing: this.model.isSharing(),
       is_receiving: this.model.isReceiving(),
       is_mutual: this.model.isMutual(),
       has_tags: this._hasTags(),
-      contacts: this.contacts,
       photos: this.photos
     });
   },
@@ -51,10 +48,6 @@ app.views.ProfileHeader = app.views.Base.extend({
     return (this.photos && this.photos > 0);
   },
 
-  _shouldShowContacts: function() {
-    return (this.contacts && this.contacts > 0);
-  },
-
   showMentionModal: function() {
     app.helpers.showModal("#mentionModal");
   },

app/assets/javascripts/app/views/publisher_view.js

@@ -351,7 +351,7 @@ app.views.Publisher = Backbone.View.extend({
     };
 
     var previewPost = new app.views.PreviewPost({model: new app.models.Post(previewMessage)}).render().el;
-    return $("<div/>").append(previewPost).html();
+    return $("<div></div>").append(previewPost).html();
   },
 
   keyDown : function(evt) {

app/assets/javascripts/app/views/single-post-viewer/single_post_content_view.js

@@ -36,8 +36,9 @@ app.views.SinglePostContent = app.views.Base.extend({
 
     var map = L.map(mapContainer[0]).setView([location.lat, location.lng], 14);
     var tiles = app.helpers.locations.getTiles();
-
-    tiles.addTo(map);
+    if (tiles) {
+      tiles.addTo(map);
+    }
 
     // put marker on map
     L.marker(location).addTo(map);

app/assets/javascripts/app/views/stream_view.js

@@ -25,7 +25,7 @@ app.views.Stream = app.views.InfScroll.extend({
 
   markNavSelected : function() {
     var activeStream = Backbone.history.fragment;
-    var streamSelection = $("#stream_selection");
+    var streamSelection = $("#stream-selection");
     streamSelection.find("[data-stream]").removeClass("selected");
     streamSelection.find("[data-stream='" + activeStream + "']").addClass("selected");
 

app/assets/javascripts/app/views/tag_following_list_view.js

@@ -48,7 +48,7 @@ app.views.TagFollowingList = app.views.Base.extend({
     if(evt){ evt.preventDefault(); }
 
     var name = this.$(".tag_input").val();
-    // compare tag_text_regexp in app/models/acts_as_taggable_on-tag.rb
+    // compare tag_text_regexp in config/initializers/acts_as_taggable_on.rb
     var normalizedName = (name === "<3" ? name : name.replace(
         new RegExp("[^" + PosixBracketExpressions.alnum + "_\\-]+", "gi"), "").toLowerCase());
 

app/assets/javascripts/helpers/protocol_handler.js

@@ -0,0 +1,21 @@
+// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPL-v3-or-Later
+
+Diaspora.ProtocolHandler = {
+  register: function() {
+    if (!window.navigator.registerProtocolHandler) {
+      return false;
+    }
+
+    try {
+      window.navigator.registerProtocolHandler(
+        "web+diaspora",
+        [window.location.protocol, "//", window.location.host, "/link?q=%s"].join(""),
+        gon.appConfig.settings.podname
+      );
+    } catch (_) {
+      return false;
+    }
+
+    return true;
+  }
+};

app/assets/javascripts/jasmine-load-all.js

@@ -1,6 +1,5 @@
 //= require jquery3
 //= require handlebars.runtime
-//= require templates
 //= require main
 //= require fine-uploader/fine-uploader.core
 //= require mobile/mobile

app/assets/javascripts/main.js

@@ -18,10 +18,12 @@
 //= require jquery.autoSuggest.custom
 //= require fine-uploader/fine-uploader.core
 //= require handlebars.runtime
+//= require_tree ../templates
 //= require posix-bracket-expressions
 //= require markdown-it
 //= require markdown-it-diaspora-mention
 //= require markdown-it-for-inline
+//= require markdown-it-footnote
 //= require markdown-it-hashtag
 //= require markdown-it-sanitizer
 //= require markdown-it-sub
@@ -44,4 +46,5 @@
 //= require api/authorization_page
 //= require bootstrap-markdown/bootstrap-markdown
 //= require helpers/markdown_editor
+//= require helpers/protocol_handler
 //= require jquery.are-you-sure

app/assets/javascripts/mobile/mobile_comments.js

@@ -185,8 +185,8 @@
 
     addNewComments: function(bottomBar, data) {
       if ($(".comment-container", bottomBar).length === 0) {
-        $(".show-comments", bottomBar).after($("<div/>", {"class": "comment-container"}));
-        $(".comment-container", bottomBar).append($("<ul/>", {"class": "comments"}));
+        $(".show-comments", bottomBar).after($("<div></div>", {"class": "comment-container"}));
+        $(".comment-container", bottomBar).append($("<ul></ul>", {"class": "comments"}));
       }
       $(".comment-container .comments", bottomBar).append(data);
     },
@@ -212,8 +212,10 @@
         var postGuid = bottomBar.parents(".stream-element").data("guid");
 
         toggleReactionsLink.remove();
-        toggleReactionsLink = $("<a/>", {"class": "show-comments", "href": Routes.postComments(postGuid) + ".mobile"})
-          .html(text + "<i class='entypo-chevron-up'/>");
+        toggleReactionsLink = $("<a></a>", {
+          "class": "show-comments",
+          "href": Routes.postComments(postGuid) + ".mobile"
+        }).html(text + "<i class='entypo-chevron-up'/>");
         parent.prepend(toggleReactionsLink);
         bottomBar.removeClass("inactive").addClass("active");
       }

app/assets/javascripts/mobile/publisher.js

@@ -33,7 +33,7 @@ $(document).ready(function(){
     if(hiddenField.length > 0) { hiddenField.remove(); }
     else {
       $("#new_status_message").append(
-        $("<input/>", {
+        $("<input></input>", {
           name: "services[]",
           type: "hidden",
           value: provider

app/assets/javascripts/templates.js

@@ -1,5 +0,0 @@
-/*   Copyright (c) 2010-2011, Diaspora Inc.  This file is
- *   licensed under the Affero General Public License version 3 or later.  See
- *   the COPYRIGHT file.
- */
-//= require_tree ../templates

app/assets/stylesheets/_application.scss

@@ -1,4 +1,4 @@
-@import 'perfect-scrollbar';
+@import 'utatti-perfect-scrollbar/css/perfect-scrollbar';
 
 @import 'color-variables';
 @import 'bootstrap-complete';
@@ -11,13 +11,11 @@
 @import 'icons';
 @import 'animations';
 @import 'flash_messages';
-@import 'sprites';
 @import 'hovercard';
 @import 'base';
 @import 'interactions';
 @import 'spinner';
 @import 'timeago';
-@import 'vendor/fileuploader';
 @import 'vendor/autoSuggest';
 @import 'typeahead';
 @import 'colors';

app/assets/stylesheets/aspects.scss

@@ -21,3 +21,7 @@
     }
   }
 }
+.aspect-membership {
+  max-height: 300px;
+  overflow: auto;
+}

app/assets/stylesheets/base.scss

@@ -10,14 +10,15 @@ body {
 .page-contacts,
 .page-conversations,
 .page-notifications,
-.page-people.action-show,
 .page-people.action-contacts,
+.page-people.action-show,
 .page-photos,
 .page-posts,
 .page-profiles.action-edit,
 .page-services.action-index,
 .page-streams,
 .page-tags,
+.page-two_factor_authentications,
 .page-user_applications,
 .page-users.action-edit,
 .page-users.action-update,

app/assets/stylesheets/color_themes/_color_theme_override_dark.scss

@@ -55,8 +55,8 @@ body {
 
   .tag:hover { background-color: desaturate(darken($link-color, 35%), 20%); }
 
-  #profile_container .profile_header {
-    #author_info #sharing_message.entypo-check { color: lighten($green, 10%); }
+  #sharing_message.entypo-check {
+    color: lighten($green, 10%);
   }
 
   #invitationsModal #email_invitation { border-top: 1px dashed $gray-light; }

app/assets/stylesheets/comments.scss

@@ -44,6 +44,19 @@
     }
   }
 
+  .permalink {
+    @include transition(opacity);
+    opacity: 0;
+  }
+
+  .comment:hover .permalink {
+    opacity: .8;
+
+    &:hover {
+      opacity: 1;
+    }
+  }
+
   .comment.new-comment-form-wrapper { padding-bottom: 0; }
 
   .submit-button {

app/assets/stylesheets/forms.scss

@@ -93,5 +93,10 @@ textarea {
     }
 
     ::placeholder { text-transform: uppercase; }
+
+    p {
+      margin-top: .5rem;
+      text-align: center;
+    }
   }
 }

app/assets/stylesheets/gallery.scss

@@ -1,12 +1,24 @@
-$thumbnail-size: 12px;
-$thumbnail-margin: 2px;
-$thumbnail-active-size: $thumbnail-size + $thumbnail-margin;
+$thumbnail-size: 50px;
+$margin: 15px;
 
 #blueimp-gallery {
   .slides {
-    height: calc(100% - 40px);
-    padding: 20px 0 0 0;
     margin: 0;
+
+    .slide {
+      overflow-y: auto;
+    }
+
+    .slide-content {
+      bottom: $margin * 2 + $thumbnail-size;
+      top: $margin;
+    }
+
+    .too-tall {
+      margin-bottom: $margin * 2 + $thumbnail-size;
+      max-height: none;
+      position: static;
+    }
   }
 
   [class^="entypo-"], [class*="entypo-"] {
@@ -37,24 +49,29 @@ $thumbnail-active-size: $thumbnail-size + $thumbnail-margin;
   }
 
   .indicator {
-    margin: 8px 0;
-    position: unset;
-    height: $thumbnail-size + 5px;
+    bottom: 0;
+    overflow-x: auto;
+    white-space: nowrap;
+
     li {
-      border: none;
-      margin: $thumbnail-margin;
+      border: 0;
+      height: $thumbnail-size;
+      margin: $margin 6px;
       vertical-align: middle;
       width: $thumbnail-size;
-      height: $thumbnail-size;
-      border-radius: $thumbnail-size / 2;
+      background-size: cover;
 
-      &.active, &:hover{
-        margin: $thumbnail-margin / 2;
-        width: $thumbnail-active-size;
-        height: $thumbnail-active-size;
-        border-radius: $thumbnail-active-size / 2;
-        transition: linear 0.2s;
-        transition-property: height, width, margin;
+      &.active,
+      &:hover {
+        opacity: 1;
+      }
+
+      &:hover::after {
+        opacity: 0; // We don't want another thumbnail
+      }
+
+      &:only-child {
+        display: none;
       }
     }
   }

app/assets/stylesheets/header.scss

@@ -119,6 +119,19 @@
     }
   }
 
+  .dropdown-toggle {
+    align-items: center;
+    display: flex;
+
+    .user-name {
+      margin-right: 3px;
+      max-width: 250px;
+      overflow: hidden;
+      text-overflow: ellipsis;
+      white-space: nowrap;
+    }
+  }
+
   .user-menu-dropdown {
     padding: 0;
   }

app/assets/stylesheets/home.scss

@@ -42,6 +42,14 @@
     padding: 15px;
   }
 
+  .part-of-diaspora {
+    font-style: italic;
+
+    a {
+      color: $white;
+    }
+  }
+
   .login-form {
     fieldset { background: none; }
 

app/assets/stylesheets/hovercard.scss

@@ -33,6 +33,12 @@
     text-overflow: ellipsis;
   }
 
+  .status-container {
+    align-items: center;
+    display: flex;
+    margin-bottom: 5px;
+  }
+
   #hovercard_dropdown_container {
     overflow: visible !important; /* otherwise the aspect dropdown is cropped */
   }
@@ -53,10 +59,7 @@
 
   .handle {
     color: $text-grey;
-    line-height: 18px;
-    padding-top: 0px;
-    margin-top: 0px;
-    margin-bottom: 5px;
+    margin-right: 2px;
   }
 
   .btn-group.aspect-membership-dropdown { margin: 0 !important; }

app/assets/stylesheets/login.scss

@@ -1,12 +1,13 @@
 .page-sessions.action-new,
+.page-sessions.action-create,
 .page-passwords.action-new,
 .page-passwords.action-edit {
   padding-top: 25px;
 
   .logos-asterisk {
+    background: image-url('branding/logos/asterisk.png') no-repeat;
     height: 154px;
-    margin: auto;
-    margin-bottom: 12px;
+    margin: auto auto 12px;
     width: 154px;
   }
 

app/assets/stylesheets/markdown-content.scss

@@ -16,6 +16,30 @@
     }
   }
 
+  h1 {
+    font-size: 2.7rem;
+  }
+
+  h2 {
+    font-size: 2.3rem;
+  }
+
+  h3 {
+    font-size: 2rem;
+  }
+
+  h4 {
+    font-size: 1.8rem;
+  }
+
+  h5 {
+    font-size: 1.6rem;
+  }
+
+  h6 {
+    font-size: 1.4rem;
+  }
+
   .img-responsive {
     display: inline;
   }

app/assets/stylesheets/mobile/mobile.scss

@@ -350,6 +350,7 @@ footer {
   }
 
   .bottom-bar {
+    margin: 0;
     position: static;
   }
 }
@@ -694,6 +695,21 @@ select#aspect_ids_ {
   .entypo-camera { margin-right: 0; }
 }
 
+.mobile-icon-bar {
+  background: $framed-background;
+  border-top: 1px solid $border-grey;
+  display: block;
+  padding: 1px 6px;
+  position: relative;
+}
+
+.mobile-icon-bar-button {
+  color: $text-grey;
+  float: right;
+  font-size: large;
+  padding: 0;
+}
+
 #publisher-textarea-wrapper {
   border-radius: 2px;
   margin: 12px 0px;

app/assets/stylesheets/navbar_left.scss

@@ -199,14 +199,26 @@
     }
     text-align: center;
 
-    .social-media-logos-facebook-24x24,
     .social-media-logos-twitter-24x24,
     .social-media-logos-tumblr-24x24,
     .social-media-logos-wordpress-24x24 {
+      background-repeat: no-repeat;
       height: 24px;
       width: 24px;
     }
 
+    .social-media-logos-twitter-24x24 {
+      background-image: image-url('social-media-logos/twitter-24x24.png');
+    }
+
+    .social-media-logos-tumblr-24x24 {
+      background-image: image-url('social-media-logos/tumblr-24x24.png');
+    }
+
+    .social-media-logos-wordpress-24x24 {
+      background-image: image-url('social-media-logos/wordpress-24x24.png');
+    }
+
     a {
       display: inline-block;
     }

app/assets/stylesheets/people.scss

@@ -5,6 +5,7 @@
   }
   .invitations-button { padding-left: 0; }
 }
+
 #people-stream {
   .media, .media-body {
     overflow: visible;
@@ -28,6 +29,7 @@
     .info { font-size: $font-size-small; }
   }
 }
+
 #blocked_people {
   .blocked-person {
     border-bottom: 1px solid $border-grey;
@@ -45,3 +47,13 @@
     .btn-danger { margin-top: 9px; }
   }
 }
+
+#sharing_message {
+  &.entypo-check {
+    color: darken($brand-success, 20%);
+  }
+
+  &.entypo-record {
+    color: $text-grey;
+  }
+}

app/assets/stylesheets/profile.scss

@@ -28,11 +28,6 @@
       #sharing_message {
         cursor: default;
         font-size: 20px;
-        &.circle {
-          color: $text-grey;
-          &:before { content: '\26aa'; }
-        }
-        &.entypo-check { color: darken($brand-success,20%); }
       }
       .description {
         margin-bottom: 20px;
@@ -145,14 +140,6 @@
   }
 }
 
-#email-form{
-  padding: 0;
-  .form-group{
-    margin-left: 0;
-    margin-right: 0;
-  }
-}
-
 #birth-date{
   text-align: center;
   select{

app/assets/stylesheets/publisher.scss

@@ -43,6 +43,7 @@
         .btn.btn-link.question_mark:hover .entypo-cog { color: $black; }
         .dim { opacity: 0.3; }
         .social-media-logos-wordpress-16x16 {
+          background: image-url('social-media-logos/wordpress-16x16.png') no-repeat;
           display: inline-block;
           height: 16px;
           width: 16px;

app/assets/stylesheets/registration.scss

@@ -1,5 +1,4 @@
-.page-registrations.action-new,
-.page-registrations.action-create {
+.page-registrations {
   .ball {
     background: image-url('branding/ball.png') no-repeat;
     background-size: contain;
@@ -12,19 +11,24 @@
     height: 633px;
   }
 
+  @media (max-width: $screen-xs-max) {
+    .v-center {
+      height: auto;
+    }
+  }
+
   .content {
     display: table-cell;
     vertical-align: middle;
 
-    h2 {
+    h1 {
       font-size: 35px;
-      margin: 12px;
-      text-align: center;
+      margin: 12px 0;
     }
   }
 
   form {
-    max-width: 400px;
+    max-width: 500px;
   }
 
   .captcha-img {
@@ -34,16 +38,13 @@
     width: 120px;
   }
 
-  .captcha-input {
+  .form-control.captcha-input {
     border-bottom: 1px solid $input-border;
     border-bottom-left-radius: 5px;
     border-bottom-right-radius: 5px;
     box-sizing: border-box;
-    font-size: 16px;
-    height: 40px;
     line-height: $line-height-base;
-    padding: 10px 10px 10px 130px;
-    width: 100%;
+    padding-left: 130px;
   }
 
   .terms > a {

app/assets/stylesheets/sprites.scss

@@ -1,5 +0,0 @@
-/* ===== sprites ===== */
-@import 'branding/logos/*.png';
-@import 'social-media-logos/*.png';
-@include all-logos-sprites;
-@include all-social-media-logos-sprites;

app/assets/stylesheets/stream.scss

@@ -4,6 +4,10 @@
   }
 }
 
+.public-stream {
+  float: none;
+}
+
 .main-stream-publisher {
   margin-top: 20px;
   padding: 0;

app/assets/stylesheets/stream_element.scss

@@ -122,9 +122,12 @@
     opacity: 0;
   }
 
-  &:hover .permalink {
+  &:hover .post-timestamp .permalink {
     opacity: .8;
-    &:hover { opacity: 1; }
+
+    &:hover {
+      opacity: 1;
+    }
   }
 
   div.reshare {

app/assets/stylesheets/vendor/fileuploader.css

@@ -1,74 +0,0 @@
-.qq-uploader {
-    position:relative;
-    width: 100%;
-}
-
-.qq-upload-button {
-    display:block; /* or inline-block */
-    width: 105px;
-    padding: 7px 0;
-    text-align:center;
-    background:#333;
-    border-bottom:1px solid #999;
-    color:#fff;
-}
-
-.qq-upload-drop-area {
-    position:absolute;
-    top:0; left:0;
-    width:100%;
-    height:100%;
-    min-height: 70px;
-    z-index:2;
-    background:#ccc;
-    text-align:center;
-}
-
-.qq-upload-drop-area span {
-    display:block;
-    position:absolute;
-    top: 50%;
-    width:100%;
-    margin-top:-8px;
-    font-size:16px;
-}
-
-.qq-upload-drop-area-active {
-    background:#FF7171;
-}
-
-.qq-upload-list {
-    margin:15px 35px;
-    padding:0;
-    list-style:disc;
-}
-
-.qq-upload-list li {
-    margin:0;
-    padding:0;
-    line-height:15px;
-    font-size:12px;
-}
-
-.qq-upload-file, .qq-upload-spinner, .qq-upload-size, .qq-upload-cancel, .qq-upload-failed-text {
-    margin-right: 7px;
-}
-
-.qq-upload-spinner {
-    display:inline-block;
-    background: url("loading.gif");
-    width:15px;
-    height:15px;
-    vertical-align:text-bottom;
-}
-
-.qq-upload-size,.qq-upload-cancel {
-    font-size:11px;
-}
-
-.qq-upload-failed-text {
-    display:none;
-}
-.qq-upload-fail .qq-upload-failed-text {
-    display:inline;
-}

app/assets/templates/aspect_create_modal_tpl.jst.hbs

@@ -22,16 +22,6 @@
                   <input id="aspect_name" class="input-block-level form-control" maxlength=20 type="text"/>
                 </div>
               </div>
-
-              <div class="form-group">
-                <div class="col-sm-offset-2 col-sm-10">
-                  <div class="checkbox">
-                   <label for="aspect_contacts_visible" class="checkbox inline">
-                      <input id="aspect_contacts_visible" type="checkbox"> {{ t "aspects.make_aspect_list_visible" }}
-                   </label>
-                  </div>
-                </div>
-              </div>
             </form>
 
           </fieldset>

app/assets/templates/aspect_membership_dropdown_tpl.jst.hbs

@@ -10,10 +10,10 @@
       {{ t "aspect_dropdown.toggle" count=aspectMembershipsLength }}
     {{/if}}
   </span>
-  <span class="caret" />
+  <span class="caret"></span>
 </button>
 
-<ul class="dropdown-menu aspect_membership pull-right" unselectable="on">
+<ul class="dropdown-menu aspect-membership pull-right" unselectable="on">
 {{#each aspects}}
   <li
     {{#if membership}}
@@ -29,8 +29,8 @@
   >
     <a>
       <span class="status_indicator">
-        <i class="glyphicon glyphicon-ok" />
-        <i class="glyphicon glyphicon-refresh" />
+        <i class="glyphicon glyphicon-ok"></i>
+        <i class="glyphicon glyphicon-refresh"></i>
       </span>
       <span class="text">
         {{name}}
@@ -39,7 +39,7 @@
   </li>
 {{/each}}
 {{#if dropdownMayCreateNewAspect}}
-  <li class="divider" />
+  <li class="divider"></li>
   <li class="newItem add_aspect">
     <a data-target="#newAspectModal" data-toggle="modal" href="#">
       {{ t "aspects.create.add_a_new_aspect" }}
@@ -48,5 +48,5 @@
 {{/if}}
 </ul>
 {{#if dropdownMayCreateNewAspect}}
-  <div class="newAspectContainer"/>
+  <div class="newAspectContainer"></div>
 {{/if}}

app/assets/templates/aspects-list_tpl.jst.hbs

@@ -1,5 +1,5 @@
 <li class="hoverable">
-  <a class="selectable toggle_selector" href="#">
+  <a class="selectable toggle_selector aspect-membership" href="#">
     {{ t "aspect_navigation.select_all" }}
   </a>
 </li>

app/assets/templates/comment-stream_tpl.jst.hbs

@@ -29,7 +29,7 @@
             class="new-comment" id="new-comment-on-{{id}}" method="post">
 
         <textarea class="comment-box form-control mention-textarea"
-                  id="comment_text_on_{{id}}" name="text" rows="1" required placeholder="{{t "stream.comment"}}" />
+                  id="comment_text_on_{{id}}" name="text" rows="1" required placeholder="{{t "stream.comment"}}"></textarea>
         <div class="typeahead-mention-box-wrap">
           <input class="typeahead-mention-box hidden" type="text">
         </div>

app/assets/templates/comment_tpl.jst.hbs

@@ -11,7 +11,7 @@
       {{#if canRemove}}
         <a href="#" class="delete comment_delete" title="{{t "delete"}}">
           <i class="entypo-trash"></i>
-        <a/>
+        </a>
       {{else}}
         <a href="#" data-type="Comment" class="comment_report" title="{{t "report.name"}}">
           <i class="entypo-warning"></i>
@@ -20,18 +20,21 @@
     {{/if}}
     </div>
 
-    {{#linkToAuthor author}}
-      {{name}}
-    {{/linkToAuthor}}
+    <div>
+      {{#linkToAuthor author}}
+        {{name}}
+      {{/linkToAuthor}}
+      -
+      <a href="/posts/{{parent.id}}#{{guid}}" class="permalink_comment">
+        <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}"></time>
+      </a>
+      <a href="/posts/{{parent.guid}}#{{guid}}" class="permalink gray" title="{{t "stream.permalink"}}">
+        <i class="entypo-link"></i>
+      </a>
+    </div>
 
     <div class="collapsible comment-content markdown-content">
       {{{text}}}
     </div>
-
-    <div class="info">
-      <a href="/posts/{{parent.id}}#{{guid}}" class="permalink_comment">
-        <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}"/>
-      </a>
-    </div>
   </div>
 </div>

app/assets/templates/header_tpl.jst.hbs

@@ -64,13 +64,12 @@
           <ul class="nav navbar-nav navbar-left visible-sm-block visible-xs-block">
             <li class="visible-xs-block"><a href="/stream">{{t "my_stream"}}</a></li>
             <li class="visible-xs-block"><a href="/activity">{{t "my_activity"}}</a></li>
-            <li><a href="/mobile/toggle">{{t "header.toggle_mobile"}}</a></li>
           </ul>
 
           <ul class="nav navbar-nav navbar-right">
             <li class="dropdown user-menu" id="user-menu">
               <a href="{{urlTo "person" current_user.guid}}" class="dropdown-toggle hidden-xs hidden-sm" data-toggle="dropdown" role="button" aria-expanded="false">
-                <span class="user-avatar pull-left">
+                <span class="user-avatar">
                   {{{personImage current_user "small"}}}
                 </span>
                 <span class="user-name">{{current_user.name}}</span>
@@ -87,6 +86,7 @@
                 {{else if current_user.moderator}}
                    <li><a href="/report">{{t "header.moderator"}}</a></li>
                 {{/if}}
+                <li><a class="visible-xs-block" href="/mobile/toggle">{{t "header.switch_to_touch_optimized_mode"}}</a></li>
                 <li><a href="/users/sign_out" data-method="delete">{{t "header.log_out"}}</a></li>
               </ul>
             </li>

app/assets/templates/help_tpl.jst.hbs

@@ -17,7 +17,7 @@
             <span class="section-selected">{{ title_account_and_data_management }}</span>
           </li>
           <li>
-            <a href="#" class="section-unselected faq-link" data-section="aspects" data-items="what_is_an_aspect who_sees_post contacts_know_aspect person_multiple_aspects contacts_visible remove_notification change_aspect_of_post post_multiple_aspects restrict_posts_i_see rename_aspect delete_aspect">{{ title_aspects }}</a>
+            <a href="#" class="section-unselected faq-link" data-section="aspects" data-items="what_is_an_aspect who_sees_post contacts_know_aspect person_multiple_aspects remove_notification change_aspect_of_post post_multiple_aspects restrict_posts_i_see rename_aspect delete_aspect">{{ title_aspects }}</a>
             <span class="section-selected">{{ title_aspects }}</span>
           </li>
           <li>

app/assets/templates/hovercard_tpl.jst.hbs

@@ -1,15 +1,22 @@
+{{#with person}}
 <div id="hovercard">
-  <a class='person_avatar'>
-    <img class="avatar">
+  <a class="person_avatar" href="{{urlTo 'person' guid}}">
+    <img class="avatar" src="{{profile.avatar}}" />
   </a>
   <h4>
-    <a class="person"></a>
+    <a class="person" href="{{urlTo 'person' guid}}">{{name}}</a>
   </h4>
-  <div class="handle"></div>
+  <div class="status-container">
+    <div class="handle">{{diaspora_id}}</div>
+    {{{sharingMessage this}}}
+  </div>
   <div id="hovercard_dropdown_container"></div>
   <div class="card-footer">
     <div class="footer-container">
-      <div class="hashtags"></div>
+      <div class="hashtags">
+        {{fmtTags profile.tags}}
+      </div>
     </div>
   </div>
 </div>
+{{/with}}

app/assets/templates/photo_tpl.jst.hbs

@@ -19,7 +19,7 @@
     </div>
   {{/if}}
 
-  <a href="{{sizes.large}}" class="thumbnail img-thumbnail photo-link gallery-picture">
+  <a href="{{sizes.raw}}" class="thumbnail img-thumbnail photo-link gallery-picture">
     <img src="{{sizes.large}}" class="photo big-photo">
   </a>
 
@@ -27,10 +27,10 @@
     <div class="footer-container">
       {{#if status_message}}
         <a href="{{urlTo "post" status_message.id}}">
-          <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}" />
+          <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}"></time>
         </a>
       {{else}}
-          <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}" />
+          <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}"></time>
       {{/if}}
     </div>
   </div>

app/assets/templates/pod_table_entry_tpl.jst.hbs

@@ -1,5 +1,5 @@
 
-<td class="ssl-status"">
+<td class="ssl-status">
   {{#if ssl}}
     <i title="{{t 'admin.pods.ssl_enabled'}}" class="entypo-check">
   {{else}}
@@ -9,19 +9,20 @@
 </td>
 <td class="pod-title" title="{{host}}">{{host}}</td>
 <td class="added">
-  <small><time datetime="{{created_at}}" title="{{localTime created_at}}" /></small>
+  <small><time datetime="{{created_at}}" title="{{localTime created_at}}"></time></small>
 </td>
 <td>
   {{#if has_no_errors}}
     <i title="{{status_text}}" class="glyphicon glyphicon-ok"></i>
+    {{software}}
   {{else}}
     {{status_text}}
   {{/if}}
   {{#unless is_unchecked}}
-    <br><small>{{t 'admin.pods.last_check'}} <time datetime="{{checked_at}}" title="{{localTime checked_at}}" /></small>
+    <br><small>{{t 'admin.pods.last_check'}} <time datetime="{{checked_at}}" title="{{localTime checked_at}}"></time></small>
   {{/unless}}
   {{#if offline}}
-    | <small>{{t 'admin.pods.offline_since'}} <time datetime="{{offline_since}}" title="{{localTime offline_since}}" /></small>
+    | <small>{{t 'admin.pods.offline_since'}} <time datetime="{{offline_since}}" title="{{localTime offline_since}}"></time></small>
   {{/if}}
   {{#if is_unchecked}}<br><small class="text-muted">{{t 'admin.pods.no_info'}}</small>{{/if}}
   <pre class="details" style="display: none;">

app/assets/templates/profile_header_tpl.jst.hbs

@@ -82,22 +82,5 @@
         </a>
       </li>
     {{/if}}
-    {{#if show_contacts}}
-      <li {{#isCurrentPage 'personContacts' guid}} class="active" {{/isCurrentPage}}>
-        {{#if is_own_profile}}
-          <a href="{{urlTo 'contacts'}}" id="contacts_link">
-            <i class="entypo-users"></i>
-            {{t 'profile.contacts'}}
-            <div class="badge badge-default">{{contacts}}</div>
-          </a>
-        {{else}}
-          <a href="{{urlTo 'personContacts' guid}}" id="contacts_link">
-            <i class="entypo-users"></i>
-            {{t 'profile.contacts'}}
-            <div class="badge badge-default">{{contacts}}</div>
-          </a>
-        {{/if}}
-      </li>
-    {{/if}}
   </div>
 </div>

app/assets/templates/reshare_tpl.jst.hbs

@@ -15,7 +15,7 @@
             <span class="details gray">
               -
               <a href="/posts/{{id}}">
-                <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}" />
+                <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}"></time>
               </a>
             </span>
           </div>

app/assets/templates/single-post-viewer/single-post-content_tpl.jst.hbs

@@ -40,11 +40,11 @@
             <span class="post-time">
               {{#if root}}
                 <a href="/posts/{{root.guid}}">
-                  <time datetime="{{root.created_at}}" title="{{localTime root.created_at}}" />
+                  <time datetime="{{root.created_at}}" title="{{localTime root.created_at}}"></time>
                 </a>
               {{else}}
                 <a href="/posts/{{guid}}">
-                  <time datetime="{{created_at}}" title="{{localTime created_at}}" />
+                  <time datetime="{{created_at}}" title="{{localTime created_at}}"></time>
                 </a>
               {{/if}}
             </span>
@@ -59,12 +59,12 @@
             {{/if}}
           </div>
           {{#unless root}}
-            <div id="single-post-moderation" />
+            <div id="single-post-moderation"></div>
           {{/unless}}
         </div>
       </div>
       {{#unless root}}
-        <div id="single-post-actions" class="col-md-4" />
+        <div id="single-post-actions" class="col-md-4"></div>
       {{/unless}}
     </div>
     {{#if location.lat}}
@@ -92,13 +92,13 @@
           <div class="post-context">
             <span class="post-time">
               <a href="/posts/{{guid}}">
-                <time datetime="{{created_at}}" title="{{localTime created_at}}" />
+                <time datetime="{{created_at}}" title="{{localTime created_at}}"></time>
               </a>
             </span>
-            <span id="single-post-moderation" />
+            <span id="single-post-moderation"></span>
           </div>
         </div>
-        <div id="single-post-actions" class="col-md-4" />
+        <div id="single-post-actions" class="col-md-4"></div>
       </div>
     {{/if}}
   </div>

app/assets/templates/status-message_tpl.jst.hbs

@@ -25,13 +25,13 @@
 {{#if largePhoto}}
   <div class="photo-attachments nsfw-hidden">
     {{#with largePhoto}}
-      <a href="{{sizes.large}}" class="stream-photo-link gallery-picture">
+      <a href="{{sizes.raw}}" class="stream-photo-link gallery-picture">
         <img src="{{sizes.large}}" class="stream-photo big_stream_photo">
       </a>
     {{/with}}
 
     {{#each smallPhotos}}
-      <a href="{{sizes.large}}" class="stream-photo-link gallery-picture">
+      <a href="{{sizes.raw}}" class="stream-photo-link gallery-picture">
         <img src="{{sizes.small}}" class="stream-photo thumb_small">
       </a>
     {{/each}}

app/assets/templates/stream-element_tpl.jst.hbs

@@ -19,10 +19,10 @@
           {{~name~}}
         {{/linkToAuthor}}
 
-        <span class="details gray">
+        <span class="details gray post-timestamp">
           -
           <a href="/posts/{{id}}">
-            <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}" />
+            <time class="timeago" data-original-title="{{{localTime created_at}}}" datetime="{{created_at}}"></time>
           </a>
 
           <a href="/posts/{{guid}}" class="permalink" title="{{t "stream.permalink"}}">

app/controllers/admin/users_controller.rb

@@ -2,6 +2,7 @@
 
 module Admin
   class UsersController < AdminController
+    before_action :validate_user, only: %i(make_admin remove_admin make_moderator remove_moderator make_spotlight remove_spotlight)
 
     def close_account
       u = User.find(params[:id])
@@ -21,5 +22,71 @@ module Admin
       redirect_to user_search_path, notice: t("admins.user_search.account_unlocking_scheduled", name: u.username)
     end
 
+    def make_admin
+      unless Role.is_admin? @user.person
+        Role.add_admin @user.person
+        notice = "admins.user_search.add_admin"
+      else
+        notice = "admins.user_search.role_implemented"
+      end
+      redirect_to user_search_path, notice: t(notice, name: @user.username)
+    end
+
+    def remove_admin
+      if Role.is_admin? @user.person
+        Role.remove_admin @user.person
+        notice = "admins.user_search.delete_admin"
+      else
+        notice = "admins.user_search.role_removal_implemented"
+      end
+      redirect_to user_search_path, notice: t(notice, name: @user.username)
+    end
+
+    def make_moderator
+      unless Role.moderator_only? @user.person
+        Role.add_moderator @user.person
+        notice = "admins.user_search.add_moderator"
+      else
+        notice = "admins.user_search.role_implemented"
+      end
+      redirect_to user_search_path, notice: t(notice, name: @user.username)
+    end
+
+    def remove_moderator
+      if Role.moderator_only? @user.person
+        Role.remove_moderator @user.person
+        notice = "admins.user_search.delete_moderator"
+      else
+        notice = "admins.user_search.role_removal_implemented"
+      end
+      redirect_to user_search_path, notice: t(notice, name: @user.username)
+    end
+
+    def make_spotlight
+      unless Role.spotlight? @user.person
+        Role.add_spotlight @user.person
+        notice = "admins.user_search.add_spotlight"
+      else
+        notice = "admins.user_search.role_implemented"
+      end
+      redirect_to user_search_path, notice: t(notice, name: @user.username)
+    end
+
+    def remove_spotlight
+      if Role.spotlight? @user.person
+        Role.remove_spotlight @user.person
+        notice = "admins.user_search.delete_spotlight"
+      else
+        notice = "admins.user_search.role_removal_implemented"
+      end
+      redirect_to user_search_path, notice: t(notice, name: @user.username)
+    end
+
+    private
+
+    def validate_user
+      @user = User.where(id: params[:id]).first
+      redirect_to user_search_path, notice: t("admins.user_search.does_not_exist") unless @user
+    end
   end
 end

app/controllers/admins_controller.rb

@@ -43,7 +43,7 @@ class AdminsController < Admin::AdminController
     @created_users = User.where("username IS NOT NULL and created_at IS NOT NULL")
     @created_users.find_each do |u|
       week = u.created_at.beginning_of_week.strftime("%Y-%m-%d")
-      @created_users_by_week[week] << u.username
+      @created_users_by_week[week] << {username: u.username, closed_account: u.person.closed_account}
     end
 
     @selected_week = params[:week] || @created_users_by_week.keys.last
@@ -51,7 +51,11 @@ class AdminsController < Admin::AdminController
   end
 
   def stats
-    @popular_tags = ActsAsTaggableOn::Tagging.joins(:tag).limit(50).order('count(taggings.id) DESC').group(:tag).count
+    @popular_tags = ActsAsTaggableOn::Tagging.joins(:tag)
+                                             .limit(50)
+                                             .order(Arel.sql("count(taggings.id) DESC"))
+                                             .group(:tag)
+                                             .count
 
     case params[:range]
     when "week"
@@ -72,7 +76,10 @@ class AdminsController < Admin::AdminController
       create_hash(model, :range => range)
     end
 
-    @posts_per_day = Post.where("created_at >= ?", Date.today - 21.days).group("DATE(created_at)").order("DATE(created_at) ASC").count
+    @posts_per_day = Post.where("created_at >= ?", Time.zone.today - 21.days)
+                         .group(Arel.sql("DATE(created_at)"))
+                         .order(Arel.sql("DATE(created_at) ASC"))
+                         .count
     @most_posts_within = @posts_per_day.values.max.to_f
 
     @user_count = User.count

app/controllers/api/openid_connect/authorizations_controller.rb

@@ -104,8 +104,9 @@ module Api
       end
 
       def handle_start_point_response(endpoint)
-        _status, header, response = endpoint.call(request.env)
-        if response.redirect?
+        status, header, _response = endpoint.call(request.env)
+
+        if status.in?([301, 302, 303, 307, 308])
           redirect_to header["Location"]
         else
           save_params_and_render_consent_form(endpoint)

app/controllers/application_controller.rb

@@ -27,6 +27,7 @@ class ApplicationController < ActionController::Base
   before_action :gon_set_current_user
   before_action :gon_set_appconfig
   before_action :gon_set_preloads
+  before_action :configure_permitted_parameters, if: :devise_controller?
 
   inflection_method grammatical_gender: :gender
 
@@ -182,4 +183,10 @@ class ApplicationController < ActionController::Base
     return unless gon.preloads.nil?
     gon.preloads = {}
   end
+
+  protected
+
+  def configure_permitted_parameters
+    devise_parameter_sanitizer.permit(:sign_in, keys: [:otp_attempt])
+  end
 end

app/controllers/aspects_controller.rb

@@ -29,21 +29,19 @@ class AspectsController < ApplicationController
   end
 
   def destroy
-    @aspect = current_user.aspects.where(id: params[:id]).first
-
     begin
-      if current_user.auto_follow_back && @aspect.id == current_user.auto_follow_back_aspect.id
+      if current_user.auto_follow_back && aspect.id == current_user.auto_follow_back_aspect.id
         current_user.update(auto_follow_back: false, auto_follow_back_aspect: nil)
-        flash[:notice] = I18n.t "aspects.destroy.success_auto_follow_back", name: @aspect.name
+        flash[:notice] = I18n.t "aspects.destroy.success_auto_follow_back", name: aspect.name
       else
-        flash[:notice] = I18n.t "aspects.destroy.success", name: @aspect.name
+        flash[:notice] = I18n.t "aspects.destroy.success", name: aspect.name
       end
-      @aspect.destroy
+      aspect.destroy
     rescue ActiveRecord::StatementInvalid => e
-      flash[:error] = I18n.t "aspects.destroy.failure", name: @aspect.name
+      flash[:error] = I18n.t "aspects.destroy.failure", name: aspect.name
     end
 
-    if request.referer.include?('contacts')
+    if request.referer.include?("contacts")
       redirect_to contacts_path
     else
       redirect_to aspects_path
@@ -51,53 +49,41 @@ class AspectsController < ApplicationController
   end
 
   def show
-    if @aspect = current_user.aspects.where(:id => params[:id]).first
-      redirect_to aspects_path('a_ids[]' => @aspect.id)
+    if aspect
+      redirect_to aspects_path("a_ids[]" => aspect.id)
     else
       redirect_to aspects_path
     end
   end
 
   def update
-    @aspect = current_user.aspects.where(:id => params[:id]).first
-
-    if @aspect.update_attributes!(aspect_params)
-      flash[:notice] = I18n.t 'aspects.update.success', :name => @aspect.name
+    if aspect.update!(aspect_params)
+      flash[:notice] = I18n.t "aspects.update.success", name: aspect.name
     else
-      flash[:error] = I18n.t 'aspects.update.failure', :name => @aspect.name
+      flash[:error] = I18n.t "aspects.update.failure", name: aspect.name
     end
-    render :json => { :id => @aspect.id, :name => @aspect.name }
+    render json: {id: aspect.id, name: aspect.name}
   end
 
   def update_order
     params[:ordered_aspect_ids].each_with_index do |id, i|
-      current_user.aspects.find(id).update_attributes(order_id: i)
+      current_user.aspects.find(id).update(order_id: i)
     end
     head :no_content
   end
 
   def toggle_chat_privilege
-    @aspect = current_user.aspects.where(:id => params[:aspect_id]).first
-
-    @aspect.chat_enabled = !@aspect.chat_enabled
-    @aspect.save
-    head :no_content
-  end
-
-  def toggle_contact_visibility
-    @aspect = current_user.aspects.where(:id => params[:aspect_id]).first
-
-    if @aspect.contacts_visible?
-      @aspect.contacts_visible = false
-    else
-      @aspect.contacts_visible = true
-    end
-    @aspect.save
+    aspect.chat_enabled = !aspect.chat_enabled
+    aspect.save
     head :no_content
   end
 
   private
 
+  def aspect
+    @aspect ||= current_user.aspects.where(id: (params[:id] || params[:aspect_id])).first
+  end
+
   def connect_person_to_aspect(aspecting_person_id)
     @person = Person.find(aspecting_person_id)
     if @contact = current_user.contact_for(@person)
@@ -109,6 +95,6 @@ class AspectsController < ApplicationController
   end
 
   def aspect_params
-    params.require(:aspect).permit(:name, :contacts_visible, :chat_enabled, :order_id)
+    params.require(:aspect).permit(:name, :chat_enabled, :order_id)
   end
 end

app/controllers/blocks_controller.rb

@@ -10,6 +10,7 @@ class BlocksController < ApplicationController
 
     respond_to do |format|
       format.json { head :no_content }
+      format.any { redirect_back fallback_location: root_path }
     end
   end
 

app/controllers/contacts_controller.rb

@@ -66,7 +66,7 @@ class ContactsController < ApplicationController
       when "receiving"
         current_user.contacts.receiving
       when "by_aspect"
-        order.unshift "contact_id IS NOT NULL DESC"
+        order.unshift Arel.sql("contact_id IS NOT NULL DESC")
         contacts_by_aspect(@aspect.id)
       else
         raise ArgumentError, "unknown type #{type}"

app/controllers/home_controller.rb

@@ -21,7 +21,7 @@ class HomeController < ApplicationController
           partial_dir.join("_show.html.erb").exist? ||
           partial_dir.join("_show.haml").exist?
       render :show
-    elsif User.count > 1 && Role.where(name: "admin").any?
+    elsif Role.admins.any?
       render :default
     else
       redirect_to podmin_path

app/controllers/links_controller.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class LinksController < ApplicationController
+  def resolve
+    entity = DiasporaLinkService.new(query).find_or_fetch_entity
+    raise ActiveRecord::RecordNotFound if entity.nil?
+
+    redirect_to url_for(entity)
+  end
+
+  private
+
+  def query
+    @query ||= params.fetch(:q)
+  end
+end

app/controllers/manifest_controller.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+class ManifestController < ApplicationController
+  def show # rubocop:disable Metrics/MethodLength
+    render json: {
+      short_name:       AppConfig.settings.pod_name,
+      name:             AppConfig.settings.pod_name,
+      description:      "diaspora* is a free, decentralized and privacy-respecting social network",
+      icons:            [
+        {
+          src:   helpers.image_path("branding/logos/app-icon.png"),
+          type:  "image/png",
+          sizes: "192x192"
+        },
+        {
+          src:   helpers.image_path("branding/logos/app-icon-512.png"),
+          type:  "image/png",
+          sizes: "512x512"
+        }
+      ],
+      start_url:        "/",
+      background_color: "#000000",
+      display:          "standalone",
+      theme_color:      "#000000"
+    }
+  end
+end

app/controllers/people_controller.rb

@@ -15,8 +15,7 @@ class PeopleController < ApplicationController
   respond_to :json, :only => [:index, :show]
 
   rescue_from ActiveRecord::RecordNotFound do
-    render :file => Rails.root.join('public', '404').to_s,
-           :format => :html, :layout => false, :status => 404
+    render file: Rails.root.join("public/404.html").to_s, format: :html, layout: false, status: :not_found
   end
 
   rescue_from Diaspora::AccountClosed do
@@ -77,7 +76,6 @@ class PeopleController < ApplicationController
         end
         gon.preloads[:person] = @presenter.as_json
         gon.preloads[:photos_count] = Photo.visible(current_user, @person).count(:all)
-        gon.preloads[:contacts_count] = Contact.contact_contacts_for(current_user, @person).count(:all)
         respond_with @presenter, layout: "with_header"
       end
 
@@ -114,39 +112,6 @@ class PeopleController < ApplicationController
     end
   end
 
-  def retrieve_remote
-    if params[:diaspora_handle]
-      Workers::FetchWebfinger.perform_async(params[:diaspora_handle])
-      head :ok
-    else
-      head :unprocessable_entity
-    end
-  end
-
-  def contacts
-    respond_to do |format|
-      format.json { head :not_acceptable }
-
-      format.any do
-        @person = Person.find_by_guid(params[:person_id])
-
-        if @person
-          @contact = current_user.contact_for(@person)
-          @contacts_of_contact = Contact.contact_contacts_for(current_user, @person)
-          gon.preloads[:person] = PersonPresenter.new(@person, current_user).as_json
-          gon.preloads[:photos_count] = Photo.visible(current_user, @person).count(:all)
-          gon.preloads[:contacts_count] = @contacts_of_contact.count(:all)
-          @contacts_of_contact = @contacts_of_contact.paginate(page: params[:page], per_page: (params[:limit] || 15))
-          @hashes = hashes_for_people @contacts_of_contact, @aspects
-          respond_with @person, layout: "with_header"
-        else
-          flash[:error] = I18n.t "people.show.does_not_exist"
-          redirect_to people_path
-        end
-      end
-    end
-  end
-
   private
 
   def find_person

app/controllers/photos_controller.rb

@@ -31,7 +31,6 @@ class PhotosController < ApplicationController
         format.all do
           gon.preloads[:person] = @presenter.as_json
           gon.preloads[:photos_count] = Photo.visible(current_user, @person).count(:all)
-          gon.preloads[:contacts_count] = Contact.contact_contacts_for(current_user, @person).count(:all)
           render "people/show", layout: "with_header"
         end
         format.mobile { render "people/show" }
@@ -148,12 +147,7 @@ class PhotosController < ApplicationController
         current_user.dispatch_post(@photo, to: photo_params[:aspect_ids])
       end
 
-      if photo_params[:set_profile_photo]
-        profile_params = {:image_url => @photo.url(:thumb_large),
-                          :image_url_medium => @photo.url(:thumb_medium),
-                          :image_url_small => @photo.url(:thumb_small)}
-        current_user.update_profile(profile_params)
-      end
+      current_user.update_profile(photo: @photo) if photo_params[:set_profile_photo]
 
       respond_to do |format|
         format.json{ render(:layout => false , :json => {"success" => true, "data" => @photo}.to_json )}