X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=052d32b17b1f8d788db0d7c65559febeb6cd3aa1;hb=33b491f2a6ce9f7030851fcdd55394c575e4322f;hp=5bfb2d65a2fdb7d153038f5acce84fd762c224af;hpb=53e9203d37ee0c1a2afed0faf295e3c622ac2e17;p=friendica.git diff --git a/include/api.php b/include/api.php index 5bfb2d65a2..052d32b17b 100644 --- a/include/api.php +++ b/include/api.php @@ -11,9 +11,9 @@ use Friendica\Content\ContactSelector; use Friendica\Content\Feature; use Friendica\Content\Text\BBCode; use Friendica\Content\Text\HTML; -use Friendica\Core\Addon; use Friendica\Core\Authentication; use Friendica\Core\Config; +use Friendica\Core\Hook; use Friendica\Core\L10n; use Friendica\Core\Logger; use Friendica\Core\NotificationsManager; @@ -31,6 +31,7 @@ use Friendica\Model\User; use Friendica\Network\FKOAuth1; use Friendica\Network\HTTPException; use Friendica\Network\HTTPException\BadRequestException; +use Friendica\Network\HTTPException\ExpectationFailedException; use Friendica\Network\HTTPException\ForbiddenException; use Friendica\Network\HTTPException\InternalServerErrorException; use Friendica\Network\HTTPException\MethodNotAllowedException; @@ -46,7 +47,6 @@ use Friendica\Util\Proxy as ProxyUtils; use Friendica\Util\Strings; use Friendica\Util\XML; -require_once 'include/conversation.php'; require_once 'mod/share.php'; require_once 'mod/item.php'; require_once 'mod/wall_upload.php'; @@ -56,6 +56,8 @@ define('API_METHOD_GET', 'GET'); define('API_METHOD_POST', 'POST,PUT'); define('API_METHOD_DELETE', 'POST,DELETE'); +define('API_LOG_PREFIX', 'API {action} - '); + $API = []; $called_api = []; @@ -68,7 +70,7 @@ $called_api = []; */ function api_user() { - if (x($_SESSION, 'allow_api')) { + if (!empty($_SESSION['allow_api'])) { return local_user(); } @@ -84,7 +86,8 @@ function api_user() * @brief Get source name from API client * * @return string - * Client source name, default to "api" if unset/unknown + * Client source name, default to "api" if unset/unknown + * @throws Exception */ function api_source() { @@ -98,9 +101,9 @@ function api_source() return "Twidere"; } - Logger::log("Unrecognized user-agent ".$_SERVER['HTTP_USER_AGENT'], Logger::DEBUG); + Logger::info(API_LOG_PREFIX . 'Unrecognized user-agent', ['module' => 'api', 'action' => 'source', 'http_user_agent' => $_SERVER['HTTP_USER_AGENT']]); } else { - Logger::log("Empty user-agent", Logger::DEBUG); + Logger::info(API_LOG_PREFIX . 'Empty user-agent', ['module' => 'api', 'action' => 'source']); } return "api"; @@ -111,6 +114,7 @@ function api_source() * * @param string $str Source date, as UTC * @return string Date in UTC formatted as "D M d H:i:s +0000 Y" + * @throws Exception */ function api_date($str) { @@ -156,15 +160,17 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY * * @brief Login API user * - * @param object $a App - * @hook 'authenticate' - * array $addon_auth - * 'username' => username from login form - * 'password' => password from login form - * 'authenticated' => return status, - * 'user_record' => return authenticated user record - * @hook 'logged_in' - * array $user logged user record + * @param App $a App + * @throws InternalServerErrorException + * @throws UnauthorizedException + * @hook 'authenticate' + * array $addon_auth + * 'username' => username from login form + * 'password' => password from login form + * 'authenticated' => return status, + * 'user_record' => return authenticated user record + * @hook 'logged_in' + * array $user logged user record */ function api_login(App $a) { @@ -175,19 +181,19 @@ function api_login(App $a) list($consumer, $token) = $oauth1->verify_request($request); if (!is_null($token)) { $oauth1->loginUser($token->uid); - Addon::callHooks('logged_in', $a->user); + Hook::callAll('logged_in', $a->user); return; } echo __FILE__.__LINE__.__FUNCTION__ . "
";
 		var_dump($consumer, $token);
 		die();
 	} catch (Exception $e) {
-		Logger::log($e);
+		Logger::warning(API_LOG_PREFIX . 'error', ['module' => 'api', 'action' => 'login', 'exception' => $e->getMessage()]);
 	}
 
 	// workaround for HTTP-auth in CGI mode
-	if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
-		$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+	if (!empty($_SERVER['REDIRECT_REMOTE_USER'])) {
+		$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
 		if (strlen($userpass)) {
 			list($name, $password) = explode(':', $userpass);
 			$_SERVER['PHP_AUTH_USER'] = $name;
@@ -195,8 +201,8 @@ function api_login(App $a)
 		}
 	}
 
-	if (!x($_SERVER, 'PHP_AUTH_USER')) {
-		Logger::log('API_login: ' . print_r($_SERVER, true), Logger::DEBUG);
+	if (empty($_SERVER['PHP_AUTH_USER'])) {
+		Logger::debug(API_LOG_PREFIX . 'failed', ['module' => 'api', 'action' => 'login', 'parameters' => $_SERVER]);
 		header('WWW-Authenticate: Basic realm="Friendica"');
 		throw new UnauthorizedException("This API requires login");
 	}
@@ -225,7 +231,7 @@ function api_login(App $a)
 	* Addons should never set 'authenticated' except to indicate success - as hooks may be chained
 	* and later addons should not interfere with an earlier one that succeeded.
 	*/
-	Addon::callHooks('authenticate', $addon_auth);
+	Hook::callAll('authenticate', $addon_auth);
 
 	if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
 		$record = $addon_auth['user_record'];
@@ -237,7 +243,7 @@ function api_login(App $a)
 	}
 
 	if (!DBA::isResult($record)) {
-		Logger::log('API_login failure: ' . print_r($_SERVER, true), Logger::DEBUG);
+		Logger::debug(API_LOG_PREFIX . 'failed', ['module' => 'api', 'action' => 'login', 'parameters' => $_SERVER]);
 		header('WWW-Authenticate: Basic realm="Friendica"');
 		//header('HTTP/1.0 401 Unauthorized');
 		//die('This api requires login');
@@ -248,7 +254,7 @@ function api_login(App $a)
 
 	$_SESSION["allow_api"] = true;
 
-	Addon::callHooks('logged_in', $a->user);
+	Hook::callAll('logged_in', $a->user);
 }
 
 /**
@@ -274,8 +280,9 @@ function api_check_method($method)
  *
  * @brief Main API entry point
  *
- * @param object $a App
+ * @param App $a App
  * @return string|array API call result
+ * @throws Exception
  */
 function api_call(App $a)
 {
@@ -310,33 +317,35 @@ function api_call(App $a)
 					api_login($a);
 				}
 
-				Logger::log('API call for ' . $a->user['username'] . ': ' . $a->query_string);
-				Logger::log('API parameters: ' . print_r($_REQUEST, true));
+				Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username']]);
+				Logger::debug(API_LOG_PREFIX . 'parameters', ['module' => 'api', 'action' => 'call', 'parameters' => $_REQUEST]);
 
 				$stamp =  microtime(true);
 				$return = call_user_func($info['func'], $type);
 				$duration = (float) (microtime(true) - $stamp);
-				Logger::log("API call duration: " . round($duration, 2) . "\t" . $a->query_string, Logger::DEBUG);
+
+				Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username'], 'duration' => round($duration, 2)]);
 
 				if (Config::get("system", "profiler")) {
 					$duration = microtime(true)-$a->performance["start"];
 
 					/// @TODO round() really everywhere?
-					Logger::log(
-						parse_url($a->query_string, PHP_URL_PATH) . ": " . sprintf(
-							"Database: %s/%s, Cache %s/%s, Network: %s, I/O: %s, Other: %s, Total: %s",
-							round($a->performance["database"] - $a->performance["database_write"], 3),
-							round($a->performance["database_write"], 3),
-							round($a->performance["cache"], 3),
-							round($a->performance["cache_write"], 3),
-							round($a->performance["network"], 2),
-							round($a->performance["file"], 2),
-							round($duration - ($a->performance["database"]
-								+ $a->performance["cache"] + $a->performance["cache_write"]
-								+ $a->performance["network"] + $a->performance["file"]), 2),
-							round($duration, 2)
-						),
-						Logger::DEBUG
+					Logger::debug(
+						API_LOG_PREFIX . 'performance',
+						[
+							'module' => 'api',
+							'action' => 'call',
+							'database_read' => round($a->performance["database"] - $a->performance["database_write"], 3),
+							'database_write' => round($a->performance["database_write"], 3),
+							'cache_read' => round($a->performance["cache"], 3),
+							'cache_write' => round($a->performance["cache_write"], 3),
+							'network_io' => round($a->performance["network"], 2),
+							'file_io' => round($a->performance["file"], 2),
+							'other_io' => round($duration - ($a->performance["database"]
+									+ $a->performance["cache"] + $a->performance["cache_write"]
+									+ $a->performance["network"] + $a->performance["file"]), 2),
+							'total' => round($duration, 2)
+						]
 					);
 
 					if (Config::get("rendertime", "callstack")) {
@@ -377,7 +386,7 @@ function api_call(App $a)
 								$o .= $func . ": " . $time . "\n";
 							}
 						}
-						Logger::log($o, Logger::DEBUG);
+						Logger::debug(API_LOG_PREFIX . $o, ['module' => 'api', 'action' => 'call']);
 					}
 				}
 
@@ -396,7 +405,7 @@ function api_call(App $a)
 					case "json":
 						header("Content-Type: application/json");
 						$json = json_encode(end($return));
-						if (x($_GET, 'callback')) {
+						if (!empty($_GET['callback'])) {
 							$json = $_GET['callback'] . "(" . $json . ")";
 						}
 						$return = $json;
@@ -414,7 +423,7 @@ function api_call(App $a)
 			}
 		}
 
-		Logger::log('API call not implemented: ' . $a->query_string);
+		Logger::warning(API_LOG_PREFIX . 'not implemented', ['module' => 'api', 'action' => 'call']);
 		throw new NotImplementedException();
 	} catch (HTTPException $e) {
 		header("HTTP/1.1 {$e->httpcode} {$e->httpdesc}");
@@ -431,7 +440,7 @@ function api_call(App $a)
  */
 function api_error($type, $e)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	$error = ($e->getMessage() !== "" ? $e->getMessage() : $e->httpdesc);
 	/// @TODO:  https://dev.twitter.com/overview/api/response-codes
@@ -464,11 +473,15 @@ function api_error($type, $e)
 /**
  * @brief Set values for RSS template
  *
- * @param App $a
+ * @param App   $a
  * @param array $arr       Array to be passed to template
  * @param array $user_info User info
  * @return array
- * @todo find proper type-hints
+ * @throws BadRequestException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
+ * @todo  find proper type-hints
  */
 function api_rss_extra(App $a, $arr, $user_info)
 {
@@ -496,7 +509,8 @@ function api_rss_extra(App $a, $arr, $user_info)
  *
  * @param int $id Contact id
  * @return bool|string
- * 		Contact url or False if contact id is unknown
+ *                Contact url or False if contact id is unknown
+ * @throws Exception
  */
 function api_unique_id_to_nurl($id)
 {
@@ -512,8 +526,13 @@ function api_unique_id_to_nurl($id)
 /**
  * @brief Get user info array.
  *
- * @param object     $a          App
+ * @param App        $a          App
  * @param int|string $contact_id Contact ID or URL
+ * @return array|bool
+ * @throws BadRequestException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_get_user(App $a, $contact_id = null)
 {
@@ -523,7 +542,7 @@ function api_get_user(App $a, $contact_id = null)
 	$extra_query = "";
 	$url = "";
 
-	Logger::log("api_get_user: Fetching user data for user ".$contact_id, Logger::DEBUG);
+	Logger::info(API_LOG_PREFIX . 'Fetching data for user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $contact_id]);
 
 	// Searching for contact URL
 	if (!is_null($contact_id) && (intval($contact_id) == 0)) {
@@ -550,7 +569,7 @@ function api_get_user(App $a, $contact_id = null)
 		}
 	}
 
-	if (is_null($user) && x($_GET, 'user_id')) {
+	if (is_null($user) && !empty($_GET['user_id'])) {
 		$user = DBA::escape(api_unique_id_to_nurl($_GET['user_id']));
 
 		if ($user == "") {
@@ -563,7 +582,7 @@ function api_get_user(App $a, $contact_id = null)
 			$extra_query .= "AND `contact`.`uid`=" . intval(api_user());
 		}
 	}
-	if (is_null($user) && x($_GET, 'screen_name')) {
+	if (is_null($user) && !empty($_GET['screen_name'])) {
 		$user = DBA::escape($_GET['screen_name']);
 		$extra_query = "AND `contact`.`nick` = '%s' ";
 		if (api_user() !== false) {
@@ -571,7 +590,7 @@ function api_get_user(App $a, $contact_id = null)
 		}
 	}
 
-	if (is_null($user) && x($_GET, 'profileurl')) {
+	if (is_null($user) && !empty($_GET['profileurl'])) {
 		$user = DBA::escape(Strings::normaliseLink($_GET['profileurl']));
 		$extra_query = "AND `contact`.`nurl` = '%s' ";
 		if (api_user() !== false) {
@@ -607,7 +626,7 @@ function api_get_user(App $a, $contact_id = null)
 		}
 	}
 
-	Logger::log("api_get_user: user ".$user, Logger::DEBUG);
+	Logger::info(API_LOG_PREFIX . 'getting user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user]);
 
 	if (!$user) {
 		if (api_user() === false) {
@@ -619,7 +638,7 @@ function api_get_user(App $a, $contact_id = null)
 		}
 	}
 
-	Logger::log('api_user: ' . $extra_query . ', user: ' . $user);
+	Logger::info(API_LOG_PREFIX . 'found user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user, 'extra_query' => $extra_query]);
 
 	// user info
 	$uinfo = q(
@@ -643,8 +662,6 @@ function api_get_user(App $a, $contact_id = null)
 		$contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => Strings::normaliseLink($url)]);
 
 		if (DBA::isResult($contact)) {
-			$network_name = ContactSelector::networkToName($contact['network'], $contact['url']);
-
 			// If no nick where given, extract it from the address
 			if (($contact['nick'] == "") || ($contact['name'] == $contact['nick'])) {
 				$contact['nick'] = api_get_nick($contact["url"]);
@@ -655,7 +672,7 @@ function api_get_user(App $a, $contact_id = null)
 				'id_str' => (string) $contact["id"],
 				'name' => $contact["name"],
 				'screen_name' => (($contact['nick']) ? $contact['nick'] : $contact['name']),
-				'location' => ($contact["location"] != "") ? $contact["location"] : $network_name,
+				'location' => ($contact["location"] != "") ? $contact["location"] : ContactSelector::networkToName($contact['network'], $contact['url']),
 				'description' => $contact["about"],
 				'profile_image_url' => $contact["micro"],
 				'profile_image_url_https' => $contact["micro"],
@@ -713,8 +730,6 @@ function api_get_user(App $a, $contact_id = null)
 		$uinfo[0]['nick'] = api_get_nick($uinfo[0]["url"]);
 	}
 
-	$network_name = ContactSelector::networkToName($uinfo[0]['network'], $uinfo[0]['url']);
-
 	$pcontact_id  = Contact::getIdForURL($uinfo[0]['url'], 0, true);
 
 	if (!empty($profile['about'])) {
@@ -728,7 +743,7 @@ function api_get_user(App $a, $contact_id = null)
 	} elseif (!empty($uinfo[0]["location"])) {
 		$location = $uinfo[0]["location"];
 	} else {
-		$location = $network_name;
+		$location = ContactSelector::networkToName($uinfo[0]['network'], $uinfo[0]['url']);
 	}
 
 	$ret = [
@@ -810,9 +825,13 @@ function api_get_user(App $a, $contact_id = null)
 /**
  * @brief return api-formatted array for item's author and owner
  *
- * @param object $a    App
- * @param array  $item item from db
+ * @param App   $a    App
+ * @param array $item item from db
  * @return array(array:author, array:owner)
+ * @throws BadRequestException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_item_get_user(App $a, $item)
 {
@@ -832,8 +851,8 @@ function api_item_get_user(App $a, $item)
 /**
  * @brief walks recursively through an array with the possibility to change value and key
  *
- * @param array  $array    The array to walk through
- * @param string $callback The callback function
+ * @param array    $array    The array to walk through
+ * @param callable $callback The callback function
  *
  * @return array the transformed array
  */
@@ -935,7 +954,7 @@ function api_create_xml(array $data, $root_element)
  * @param string $type         Return type (atom, rss, xml, json)
  * @param array  $data         JSON style array
  *
- * @return (string|array) XML data or JSON data
+ * @return array|string (string|array) XML data or JSON data
  */
 function api_format_data($root_element, $type, $data)
 {
@@ -950,7 +969,6 @@ function api_format_data($root_element, $type, $data)
 			$ret = $data;
 			break;
 	}
-
 	return $ret;
 }
 
@@ -961,14 +979,21 @@ function api_format_data($root_element, $type, $data)
 /**
  * Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful;
  * returns a 401 status code and an error message if not.
+ *
  * @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/get-account-verify_credentials
  *
  * @param string $type Return type (atom, rss, xml, json)
+ * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_account_verify_credentials($type)
 {
 
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -980,7 +1005,7 @@ function api_account_verify_credentials($type)
 	unset($_REQUEST["screen_name"]);
 	unset($_GET["screen_name"]);
 
-	$skip_status = (x($_REQUEST, 'skip_status')?$_REQUEST['skip_status'] : false);
+	$skip_status = defaults($_REQUEST, 'skip_status', false);
 
 	$user_info = api_get_user($a);
 
@@ -1011,13 +1036,14 @@ api_register_func('api/account/verify_credentials', 'api_account_verify_credenti
  * Get data from $_POST or $_GET
  *
  * @param string $k
+ * @return null
  */
 function requestdata($k)
 {
-	if (x($_POST, $k)) {
+	if (!empty($_POST[$k])) {
 		return $_POST[$k];
 	}
-	if (x($_GET, $k)) {
+	if (!empty($_GET[$k])) {
 		return $_GET[$k];
 	}
 	return null;
@@ -1029,10 +1055,15 @@ function requestdata($k)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_statuses_mediap($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		Logger::log('api_statuses_update: no user');
@@ -1076,11 +1107,17 @@ api_register_func('api/statuses/mediap', 'api_statuses_mediap', true, API_METHOD
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws TooManyRequestsException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-update
  */
 function api_statuses_update($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		Logger::log('api_statuses_update: no user');
@@ -1172,7 +1209,7 @@ function api_statuses_update($type)
 		}
 	}
 
-	if (x($_FILES, 'media')) {
+	if (!empty($_FILES['media'])) {
 		// upload the image if we have one
 		$picture = wall_upload_post($a, false);
 		if (is_array($picture)) {
@@ -1199,7 +1236,7 @@ function api_statuses_update($type)
 
 	$_REQUEST['api_source'] = true;
 
-	if (!x($_REQUEST, "source")) {
+	if (empty($_REQUEST['source'])) {
 		$_REQUEST["source"] = api_source();
 	}
 
@@ -1218,11 +1255,16 @@ api_register_func('api/statuses/update_with_media', 'api_statuses_update', true,
  * Uploads an image to Friendica.
  *
  * @return array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-upload
  */
 function api_media_upload()
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		Logger::log('no user');
@@ -1231,7 +1273,7 @@ function api_media_upload()
 
 	api_get_user($a);
 
-	if (!x($_FILES, 'media')) {
+	if (empty($_FILES['media'])) {
 		// Output error
 		throw new BadRequestException("No media.");
 	}
@@ -1247,8 +1289,9 @@ function api_media_upload()
 	$returndata["media_id_string"] = (string)$media["id"];
 	$returndata["size"] = $media["size"];
 	$returndata["image"] = ["w" => $media["width"],
-					"h" => $media["height"],
-					"image_type" => $media["type"]];
+				"h" => $media["height"],
+				"image_type" => $media["type"],
+				"friendica_preview_url" => $media["preview"]];
 
 	Logger::log("Media uploaded: " . print_r($returndata, true), Logger::DEBUG);
 
@@ -1262,22 +1305,21 @@ api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST)
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @param int    $item_id
  * @return array|string
+ * @throws BadRequestException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_status_show($type, $item_id = 0)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	$user_info = api_get_user($a);
 
 	Logger::log('api_status_show: user_info: '.print_r($user_info, true), Logger::DEBUG);
 
-	if ($type == "raw") {
-		$privacy_sql = "AND NOT `private`";
-	} else {
-		$privacy_sql = "";
-	}
-
 	if (!empty($item_id)) {
 		// Get the item with the given id
 		$condition = ['id' => $item_id];
@@ -1286,6 +1328,11 @@ function api_status_show($type, $item_id = 0)
 		$condition = ['owner-id' => $user_info['pid'], 'uid' => api_user(),
 			'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]];
 	}
+
+	if ($type == "raw") {
+		$condition['private'] = false;
+	}
+
 	$lastwall = Item::selectFirst(Item::ITEM_FIELDLIST, $condition, ['order' => ['id' => true]]);
 
 	if (DBA::isResult($lastwall)) {
@@ -1361,11 +1408,16 @@ function api_status_show($type, $item_id = 0)
  * The author's most recent status will be returned inline.
  *
  * @param string $type Return type (atom, rss, xml, json)
+ * @return array|string
+ * @throws BadRequestException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-users-show
  */
 function api_users_show($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	$user_info = api_get_user($a);
 
@@ -1437,15 +1489,19 @@ api_register_func('api/externalprofile/show', 'api_users_show');
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-users-search
  */
 function api_users_search($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	$userlist = [];
 
-	if (x($_GET, 'q')) {
+	if (!empty($_GET['q'])) {
 		$r = q("SELECT id FROM `contact` WHERE `uid` = 0 AND `name` = '%s'", DBA::escape($_GET["q"]));
 
 		if (!DBA::isResult($r)) {
@@ -1485,7 +1541,11 @@ api_register_func('api/users/search', 'api_users_search');
  * @param string $type Return format: json or xml
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
  * @throws NotFoundException if the results are empty.
+ * @throws UnauthorizedException
  */
 function api_users_lookup($type)
 {
@@ -1518,52 +1578,83 @@ api_register_func('api/users/lookup', 'api_users_lookup', true);
  *
  * @return array|string
  * @throws BadRequestException if the "q" parameter is missing.
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_search($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
-	if (api_user() === false || $user_info === false) {
-		throw new ForbiddenException();
-	}
-
-	$data = [];
+	if (api_user() === false || $user_info === false) { throw new ForbiddenException(); }
 
-	if (!x($_REQUEST, 'q')) {
-		throw new BadRequestException("q parameter is required.");
-	}
+	if (empty($_REQUEST['q'])) { throw new BadRequestException('q parameter is required.'); }
+	
+	$searchTerm = trim(rawurldecode($_REQUEST['q']));
 
-	if (x($_REQUEST, 'rpp')) {
+	$data = [];
+	$data['status'] = [];
+	$count = 15;
+	$exclude_replies = !empty($_REQUEST['exclude_replies']);
+	if (!empty($_REQUEST['rpp'])) {
 		$count = $_REQUEST['rpp'];
-	} elseif (x($_REQUEST, 'count')) {
+	} elseif (!empty($_REQUEST['count'])) {
 		$count = $_REQUEST['count'];
-	} else {
-		$count = 15;
 	}
-
-	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-	$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
-
+	
+	$since_id = defaults($_REQUEST, 'since_id', 0);
+	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0);
 	$start = $page * $count;
+	$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
+	if (preg_match('/^#(\w+)$/', $searchTerm, $matches) === 1 && isset($matches[1])) {
+		$searchTerm = $matches[1];
+		$condition = ["`oid` > ?
+			AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) 
+			AND `otype` = ? AND `type` = ? AND `term` = ?",
+			$since_id, local_user(), TERM_OBJ_POST, TERM_HASHTAG, $searchTerm];
+		if ($max_id > 0) {
+			$condition[0] .= ' AND `oid` <= ?';
+			$condition[] = $max_id;
+		}
+		$terms = DBA::select('term', ['oid'], $condition, []);
+		$itemIds = [];
+		while ($term = DBA::fetch($terms)) {
+			$itemIds[] = $term['oid'];
+		}
+		DBA::close($terms);
 
-	$condition = ["`gravity` IN (?, ?) AND `item`.`id` > ?
-		AND (`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`))
-		AND `item`.`body` LIKE CONCAT('%',?,'%')",
-		GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, api_user(), $_REQUEST['q']];
+		if (empty($itemIds)) {
+			return api_format_data('statuses', $type, $data);
+		}
 
-	if ($max_id > 0) {
-		$condition[0] .= " AND `item`.`id` <= ?";
-		$condition[] = $max_id;
+		$preCondition = ['`id` IN (' . implode(', ', $itemIds) . ')'];
+		if ($exclude_replies) {
+			$preCondition[] = '`id` = `parent`';
+		}
+
+		$condition = [implode(' AND ', $preCondition)];
+	} else {
+		$condition = ["`id` > ? 
+			" . ($exclude_replies ? " AND `id` = `parent` " : ' ') . "
+			AND (`uid` = 0 OR (`uid` = ? AND NOT `global`))
+			AND `body` LIKE CONCAT('%',?,'%')",
+			$since_id, api_user(), $_REQUEST['q']];
+		if ($max_id > 0) {
+			$condition[0] .= ' AND `id` <= ?';
+			$condition[] = $max_id;
+		}
 	}
 
-	$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
 	$statuses = Item::selectForUser(api_user(), [], $condition, $params);
 
 	$data['status'] = api_format_items(Item::inArray($statuses), $user_info);
 
-	return api_format_data("statuses", $type, $data);
+	bindComments($data['status']);
+
+	return api_format_data('statuses', $type, $data);
 }
 
 /// @TODO move to top of file or somewhere better
@@ -1573,16 +1664,22 @@ api_register_func('api/search', 'api_search', true);
 /**
  * Returns the most recent statuses posted by the user and the users they follow.
  *
- * @see https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-home_timeline
+ * @see  https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-home_timeline
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @todo Optional parameters
  * @todo Add reply info
  */
 function api_statuses_home_timeline($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -1598,16 +1695,15 @@ function api_statuses_home_timeline($type)
 	// get last network messages
 
 	// params
-	$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
-	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
+	$count = defaults($_REQUEST, 'count', 20);
+	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0);
 	if ($page < 0) {
 		$page = 0;
 	}
-	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-	$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-	//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
-	$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
-	$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
+	$since_id = defaults($_REQUEST, 'since_id', 0);
+	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$exclude_replies = !empty($_REQUEST['exclude_replies']);
+	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
 
 	$start = $page * $count;
 
@@ -1618,7 +1714,7 @@ function api_statuses_home_timeline($type)
 		$condition[0] .= " AND `item`.`id` <= ?";
 		$condition[] = $max_id;
 	}
-	if ($exclude_replies > 0) {
+	if ($exclude_replies) {
 		$condition[0] .= ' AND `item`.`parent` = `item`.`id`';
 	}
 	if ($conversation_id > 0) {
@@ -1645,10 +1741,13 @@ function api_statuses_home_timeline($type)
 			Item::update(['unseen' => false], ['unseen' => true, 'id' => $idarray]);
 		}
 	}
+	
+	bindComments($ret);
 
 	$data = ['status' => $ret];
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $user_info);
 			break;
@@ -1657,6 +1756,7 @@ function api_statuses_home_timeline($type)
 	return api_format_data("statuses", $type, $data);
 }
 
+
 /// @TODO move to top of file or somewhere better
 api_register_func('api/statuses/home_timeline', 'api_statuses_home_timeline', true);
 api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', true);
@@ -1667,10 +1767,15 @@ api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline',
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_statuses_public_timeline($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -1680,19 +1785,17 @@ function api_statuses_public_timeline($type)
 	// get last network messages
 
 	// params
-	$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
-	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0);
+	$count = defaults($_REQUEST, 'count', 20);
+	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] -1 : 0);
 	if ($page < 0) {
 		$page = 0;
 	}
-	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-	$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-	//$since_id = 0;//$since_id = (x($_REQUEST, 'since_id')?$_REQUEST['since_id'] : 0);
-	$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
-	$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
+	$since_id = defaults($_REQUEST, 'since_id', 0);
+	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0);
+	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
 
 	$start = $page * $count;
-	$sql_extra = '';
 
 	if ($exclude_replies && !$conversation_id) {
 		$condition = ["`gravity` IN (?, ?) AND `iid` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall`",
@@ -1728,9 +1831,12 @@ function api_statuses_public_timeline($type)
 
 	$ret = api_format_items($r, $user_info, false, $type);
 
+	bindComments($ret);
+
 	$data = ['status' => $ret];
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $user_info);
 			break;
@@ -1749,23 +1855,27 @@ api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline'
  *
  * @param string $type Return format: json, xml, atom, rss
  * @return array|string
+ * @throws BadRequestException
  * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_statuses_networkpublic_timeline($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
 		throw new ForbiddenException();
 	}
 
-	$since_id        = x($_REQUEST, 'since_id')        ? $_REQUEST['since_id']        : 0;
-	$max_id          = x($_REQUEST, 'max_id')          ? $_REQUEST['max_id']          : 0;
+	$since_id        = defaults($_REQUEST, 'since_id', 0);
+	$max_id          = defaults($_REQUEST, 'max_id', 0);
 
 	// pagination
-	$count = x($_REQUEST, 'count') ? $_REQUEST['count']   : 20;
-	$page  = x($_REQUEST, 'page')  ? $_REQUEST['page']    : 1;
+	$count = defaults($_REQUEST, 'count', 20);
+	$page  = defaults($_REQUEST, 'page', 1);
 	if ($page < 1) {
 		$page = 1;
 	}
@@ -1784,9 +1894,12 @@ function api_statuses_networkpublic_timeline($type)
 
 	$ret = api_format_items(Item::inArray($statuses), $user_info, false, $type);
 
+	bindComments($ret);
+
 	$data = ['status' => $ret];
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $user_info);
 			break;
@@ -1803,11 +1916,17 @@ api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpu
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/get-statuses-show-id
  */
 function api_statuses_show($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -1876,11 +1995,17 @@ api_register_func('api/statuses/show', 'api_statuses_show', true);
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @todo nothing to say?
  */
 function api_conversation_show($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -1908,7 +2033,7 @@ function api_conversation_show($type)
 		$id = intval(defaults($a->argv, 4, 0));
 	}
 
-	Logger::log('API: api_conversation_show: '.$id);
+	Logger::info(API_LOG_PREFIX . '{subaction}', ['module' => 'api', 'action' => 'conversation', 'subaction' => 'show', 'id' => $id]);
 
 	// try to fetch the item for the local user - or the public item, if there is no local one
 	$item = Item::selectFirst(['parent-uri'], ['id' => $id]);
@@ -1953,13 +2078,19 @@ api_register_func('api/statusnet/conversation', 'api_conversation_show', true);
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-retweet-id
  */
 function api_statuses_repeat($type)
 {
 	global $called_api;
 
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -1998,7 +2129,7 @@ function api_statuses_repeat($type)
 		$_REQUEST['profile_uid'] = api_user();
 		$_REQUEST['api_source'] = true;
 
-		if (!x($_REQUEST, "source")) {
+		if (empty($_REQUEST['source'])) {
 			$_REQUEST["source"] = api_source();
 		}
 
@@ -2020,11 +2151,17 @@ api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHO
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-destroy-id
  */
 function api_statuses_destroy($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -2061,11 +2198,17 @@ api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METH
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see http://developer.twitter.com/doc/get/statuses/mentions
  */
 function api_statuses_mentions($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -2108,6 +2251,7 @@ function api_statuses_mentions($type)
 	$data = ['status' => $ret];
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $user_info);
 			break;
@@ -2127,12 +2271,16 @@ api_register_func('api/statuses/replies', 'api_statuses_mentions', true);
  *
  * @param string $type Either "json" or "xml"
  * @return string|array
+ * @throws BadRequestException
  * @throws ForbiddenException
- * @see https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-user_timeline
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
+ * @see   https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-user_timeline
  */
 function api_statuses_user_timeline($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -2146,14 +2294,14 @@ function api_statuses_user_timeline($type)
 		Logger::DEBUG
 	);
 
-	$since_id        = x($_REQUEST, 'since_id')        ? $_REQUEST['since_id']        : 0;
-	$max_id          = x($_REQUEST, 'max_id')          ? $_REQUEST['max_id']          : 0;
-	$exclude_replies = x($_REQUEST, 'exclude_replies') ? 1                            : 0;
-	$conversation_id = x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0;
+	$since_id        = defaults($_REQUEST, 'since_id', 0);
+	$max_id          = defaults($_REQUEST, 'max_id', 0);
+	$exclude_replies = !empty($_REQUEST['exclude_replies']);
+	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
 
 	// pagination
-	$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 20;
-	$page  = x($_REQUEST, 'page')  ? $_REQUEST['page']  : 1;
+	$count = defaults($_REQUEST, 'count', 20);
+	$page  = defaults($_REQUEST, 'page', 1);
 	if ($page < 1) {
 		$page = 1;
 	}
@@ -2166,7 +2314,7 @@ function api_statuses_user_timeline($type)
 		$condition[0] .= ' AND `item`.`wall` ';
 	}
 
-	if ($exclude_replies > 0) {
+	if ($exclude_replies) {
 		$condition[0] .= ' AND `item`.`parent` = `item`.`id`';
 	}
 
@@ -2185,9 +2333,12 @@ function api_statuses_user_timeline($type)
 
 	$ret = api_format_items(Item::inArray($statuses), $user_info, true, $type);
 
+	bindComments($ret);
+
 	$data = ['status' => $ret];
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $user_info);
 			break;
@@ -2205,11 +2356,17 @@ api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', tr
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://web.archive.org/web/20131019055350/https://dev.twitter.com/docs/api/1/post/favorites/create/%3Aid
  */
 function api_favorites_create_destroy($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -2263,8 +2420,10 @@ function api_favorites_create_destroy($type)
 	$data = ['status' => $ret];
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $user_info);
+			break;
 	}
 
 	return api_format_data("status", $type, $data);
@@ -2280,12 +2439,17 @@ api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true,
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_favorites($type)
 {
 	global $called_api;
 
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -2296,16 +2460,16 @@ function api_favorites($type)
 
 	// in friendica starred item are private
 	// return favorites only for self
-	Logger::log('api_favorites: self:' . $user_info['self']);
+	Logger::info(API_LOG_PREFIX . 'for {self}', ['module' => 'api', 'action' => 'favorites', 'self' => $user_info['self']]);
 
 	if ($user_info['self'] == 0) {
 		$ret = [];
 	} else {
 		// params
-		$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-		$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-		$count = (x($_GET, 'count') ? $_GET['count'] : 20);
-		$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] -1 : 0);
+		$since_id = defaults($_REQUEST, 'since_id', 0);
+		$max_id = defaults($_REQUEST, 'max_id', 0);
+		$count = defaults($_GET, 'count', 20);
+		$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] -1 : 0);
 		if ($page < 0) {
 			$page = 0;
 		}
@@ -2327,11 +2491,15 @@ function api_favorites($type)
 		$ret = api_format_items(Item::inArray($statuses), $user_info, false, $type);
 	}
 
+	bindComments($ret);
+
 	$data = ['status' => $ret];
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $user_info);
+			break;
 	}
 
 	return api_format_data("statuses", $type, $data);
@@ -2347,6 +2515,7 @@ api_register_func('api/favorites', 'api_favorites', true);
  * @param array $sender
  *
  * @return array
+ * @throws InternalServerErrorException
  */
 function api_format_messages($item, $recipient, $sender)
 {
@@ -2381,7 +2550,7 @@ function api_format_messages($item, $recipient, $sender)
 	}
 
 	//don't send title to regular StatusNET requests to avoid confusing these apps
-	if (x($_GET, 'getText')) {
+	if (!empty($_GET['getText'])) {
 		$ret['title'] = $item['title'];
 		if ($_GET['getText'] == 'html') {
 			$ret['text'] = BBCode::convert($item['body'], false);
@@ -2391,7 +2560,7 @@ function api_format_messages($item, $recipient, $sender)
 	} else {
 		$ret['text'] = $item['title'] . "\n" . HTML::toPlaintext(BBCode::convert(api_clean_plain_items($item['body']), false, 2, true), 0);
 	}
-	if (x($_GET, 'getUserObjects') && $_GET['getUserObjects'] == 'false') {
+	if (!empty($_GET['getUserObjects']) && $_GET['getUserObjects'] == 'false') {
 		unset($ret['sender']);
 		unset($ret['recipient']);
 	}
@@ -2404,6 +2573,7 @@ function api_format_messages($item, $recipient, $sender)
  * @param array $item
  *
  * @return array
+ * @throws InternalServerErrorException
  */
 function api_convert_item($item)
 {
@@ -2479,6 +2649,7 @@ function api_convert_item($item)
  * @param string $body
  *
  * @return array
+ * @throws InternalServerErrorException
  */
 function api_get_attachments(&$body)
 {
@@ -2517,11 +2688,12 @@ function api_get_attachments(&$body)
  * @param string $bbcode
  *
  * @return array
+ * @throws InternalServerErrorException
  * @todo Links at the first character of the post
  */
 function api_get_entitities(&$text, $bbcode)
 {
-	$include_entities = strtolower(x($_REQUEST, 'include_entities') ? $_REQUEST['include_entities'] : "false");
+	$include_entities = strtolower(defaults($_REQUEST, 'include_entities', "false"));
 
 	if ($include_entities != "true") {
 		preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images);
@@ -2661,7 +2833,7 @@ function api_get_entitities(&$text, $bbcode)
 
 				$entities["media"][] = [
 							"id" => $start+1,
-							"id_str" => (string)$start+1,
+							"id_str" => (string) ($start + 1),
 							"indices" => [$start, $start+strlen($url)],
 							"media_url" => Strings::normaliseLink($media_url),
 							"media_url_https" => $media_url,
@@ -2727,16 +2899,20 @@ function api_contactlink_to_array($txt)
 /**
  * @brief return likes, dislikes and attend status for item
  *
- * @param array $item array
+ * @param array  $item array
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array
- * 			likes => int count,
- * 			dislikes => int count
+ *            likes => int count,
+ *            dislikes => int count
+ * @throws BadRequestException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_format_items_activities($item, $type = "json")
 {
-	$a = get_app();
+	$a = \get_app();
 
 	$activities = [
 		'like' => [],
@@ -2799,8 +2975,9 @@ function api_format_items_activities($item, $type = "json")
 /**
  * @brief return data from profiles
  *
- * @param array  $profile_row array containing data from db table 'profile'
+ * @param array $profile_row array containing data from db table 'profile'
  * @return array
+ * @throws InternalServerErrorException
  */
 function api_format_items_profiles($profile_row)
 {
@@ -2851,18 +3028,23 @@ function api_format_items_profiles($profile_row)
 /**
  * @brief format items to be returned by api
  *
- * @param array  $r array of items
+ * @param array  $r           array of items
  * @param array  $user_info
  * @param bool   $filter_user filter items by $user_info
- * @param string $type Return type (atom, rss, xml, json)
+ * @param string $type        Return type (atom, rss, xml, json)
+ * @return array
+ * @throws BadRequestException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_format_items($r, $user_info, $filter_user = false, $type = "json")
 {
-	$a = get_app();
+	$a = \get_app();
 
 	$ret = [];
 
-	foreach ($r as $item) {
+	foreach ((array)$r as $item) {
 		localize_item($item);
 		list($status_user, $owner_user) = api_item_get_user($a, $item);
 
@@ -2923,6 +3105,7 @@ function api_format_items($r, $user_info, $filter_user = false, $type = "json")
 			$retweeted_item = api_share_as_retweet($item);
 			if ($retweeted_item !== false) {
 				$retweeted_status = $status;
+				$status['user'] = $status['friendica_owner'];
 				try {
 					$retweeted_status["user"] = api_get_user($a, $retweeted_item["author-id"]);
 				} catch (BadRequestException $e) {
@@ -2968,6 +3151,7 @@ function api_format_items($r, $user_info, $filter_user = false, $type = "json")
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws Exception
  */
 function api_account_rate_limit_status($type)
 {
@@ -3043,11 +3227,16 @@ api_register_func('api/lists/subscriptions', 'api_lists_list', true);
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/get-lists-ownerships
  */
 function api_lists_ownerships($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -3087,11 +3276,16 @@ api_register_func('api/lists/ownerships', 'api_lists_ownerships', true);
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/get-lists-ownerships
  */
 function api_lists_statuses($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	$user_info = api_get_user($a);
 	if (api_user() === false || $user_info === false) {
@@ -3109,15 +3303,15 @@ function api_lists_statuses($type)
 	}
 
 	// params
-	$count = (x($_REQUEST, 'count') ? $_REQUEST['count'] : 20);
-	$page = (x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0);
+	$count = defaults($_REQUEST, 'count', 20);
+	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0);
 	if ($page < 0) {
 		$page = 0;
 	}
-	$since_id = (x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0);
-	$max_id = (x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0);
-	$exclude_replies = (x($_REQUEST, 'exclude_replies') ? 1 : 0);
-	$conversation_id = (x($_REQUEST, 'conversation_id') ? $_REQUEST['conversation_id'] : 0);
+	$since_id = defaults($_REQUEST, 'since_id', 0);
+	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0);
+	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
 
 	$start = $page * $count;
 
@@ -3144,6 +3338,7 @@ function api_lists_statuses($type)
 	$data = ['status' => $items];
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $user_info);
 			break;
@@ -3163,19 +3358,23 @@ api_register_func('api/lists/statuses', 'api_lists_statuses', true);
  *
  * @param string $qtype Either "friends" or "followers"
  * @return boolean|array
+ * @throws BadRequestException
  * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_statuses_f($qtype)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
 	}
 
 	// pagination
-	$count = x($_GET, 'count') ? $_GET['count'] : 20;
-	$page = x($_GET, 'page') ? $_GET['page'] : 1;
+	$count = defaults($_GET, 'count', 20);
+	$page = defaults($_GET, 'page', 1);
 	if ($page < 1) {
 		$page = 1;
 	}
@@ -3183,7 +3382,7 @@ function api_statuses_f($qtype)
 
 	$user_info = api_get_user($a);
 
-	if (x($_GET, 'cursor') && $_GET['cursor'] == 'undefined') {
+	if (!empty($_GET['cursor']) && $_GET['cursor'] == 'undefined') {
 		/* this is to stop Hotot to load friends multiple times
 		*  I'm not sure if I'm missing return something or
 		*  is a bug in hotot. Workaround, meantime
@@ -3247,12 +3446,14 @@ function api_statuses_f($qtype)
 /**
  * Returns the user's friends.
  *
- * @brief Returns the list of friends of the provided user
+ * @brief      Returns the list of friends of the provided user
  *
  * @deprecated By Twitter API in favor of friends/list
  *
  * @param string $type Either "json" or "xml"
  * @return boolean|string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
  */
 function api_statuses_friends($type)
 {
@@ -3266,12 +3467,14 @@ function api_statuses_friends($type)
 /**
  * Returns the user's followers.
  *
- * @brief Returns the list of followers of the provided user
+ * @brief      Returns the list of followers of the provided user
  *
  * @deprecated By Twitter API in favor of friends/list
  *
  * @param string $type Either "json" or "xml"
  * @return boolean|string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
  */
 function api_statuses_followers($type)
 {
@@ -3294,6 +3497,8 @@ api_register_func('api/statuses/followers', 'api_statuses_followers', true);
  * @param string $type Either "json" or "xml"
  *
  * @return boolean|string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
  */
 function api_blocks_list($type)
 {
@@ -3315,6 +3520,8 @@ api_register_func('api/blocks/list', 'api_blocks_list', true);
  * @param string $type Either "json" or "xml"
  *
  * @return boolean|string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
  */
 function api_friendships_incoming($type)
 {
@@ -3340,16 +3547,17 @@ api_register_func('api/friendships/incoming', 'api_friendships_incoming', true);
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws InternalServerErrorException
  */
 function api_statusnet_config($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	$name      = Config::get('config', 'sitename');
 	$server    = $a->getHostName();
 	$logo      = System::baseUrl() . '/images/friendica-64.png';
 	$email     = Config::get('config', 'admin_email');
-	$closed    = intval(Config::get('config', 'register_policy')) === REGISTER_CLOSED ? 'true' : 'false';
+	$closed    = intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED ? 'true' : 'false';
 	$private   = Config::get('system', 'block_public') ? 'true' : 'false';
 	$textlimit = (string) Config::get('config', 'api_import_size', Config::get('config', 'max_import_size', 200000));
 	$ssl       = Config::get('system', 'have_ssl') ? 'true' : 'false';
@@ -3399,6 +3607,12 @@ api_register_func('api/statusnet/version', 'api_statusnet_version', false);
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @return array|string|void
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @todo use api_format_data() to return data
  */
 function api_ff_ids($type)
@@ -3407,7 +3621,7 @@ function api_ff_ids($type)
 		throw new ForbiddenException();
 	}
 
-	$a = get_app();
+	$a = \get_app();
 
 	api_get_user($a);
 
@@ -3441,6 +3655,8 @@ function api_ff_ids($type)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friends-ids
  */
 function api_friends_ids($type)
@@ -3454,6 +3670,8 @@ function api_friends_ids($type)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-followers-ids
  */
 function api_followers_ids($type)
@@ -3471,11 +3689,17 @@ api_register_func('api/followers/ids', 'api_followers_ids', true);
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws NotFoundException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/new-message
  */
 function api_direct_messages_new($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -3510,8 +3734,7 @@ function api_direct_messages_new($type)
 	}
 
 	$replyto = '';
-	$sub     = '';
-	if (x($_REQUEST, 'replyto')) {
+	if (!empty($_REQUEST['replyto'])) {
 		$r = q(
 			'SELECT `parent-uri`, `title` FROM `mail` WHERE `uid`=%d AND `id`=%d',
 			intval(api_user()),
@@ -3520,7 +3743,7 @@ function api_direct_messages_new($type)
 		$replyto = $r[0]['parent-uri'];
 		$sub     = $r[0]['title'];
 	} else {
-		if (x($_REQUEST, 'title')) {
+		if (!empty($_REQUEST['title'])) {
 			$sub = $_REQUEST['title'];
 		} else {
 			$sub = ((strlen($_POST['text'])>10) ? substr($_POST['text'], 0, 10)."...":$_POST['text']);
@@ -3540,8 +3763,10 @@ function api_direct_messages_new($type)
 
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $sender);
+			break;
 	}
 
 	return api_format_data("direct-messages", $type, $data);
@@ -3557,11 +3782,16 @@ api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, AP
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
- * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/delete-message
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
+ * @see   https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/delete-message
  */
 function api_direct_messages_destroy($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -3570,10 +3800,10 @@ function api_direct_messages_destroy($type)
 	// params
 	$user_info = api_get_user($a);
 	//required
-	$id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0);
+	$id = defaults($_REQUEST, 'id', 0);
 	// optional
-	$parenturi = (x($_REQUEST, 'friendica_parenturi') ? $_REQUEST['friendica_parenturi'] : "");
-	$verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false");
+	$parenturi = defaults($_REQUEST, 'friendica_parenturi', "");
+	$verbose = (!empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false");
 	/// @todo optional parameter 'include_entities' from Twitter API not yet implemented
 
 	$uid = $user_info['uid'];
@@ -3634,11 +3864,16 @@ api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy',
 /**
  * Unfollow Contact
  *
- * @brief unfollow contact 
+ * @brief unfollow contact
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
- * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/post-friendships-destroy.html
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws NotFoundException
+ * @see   https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/post-friendships-destroy.html
  */
 function api_friendships_destroy($type)
 {
@@ -3651,7 +3886,7 @@ function api_friendships_destroy($type)
 	$contact_id = defaults($_REQUEST, 'user_id');
 
 	if (empty($contact_id)) {
-		Logger::log("No user_id specified", Logger::DEBUG);
+		Logger::notice(API_LOG_PREFIX . 'No user_id specified', ['module' => 'api', 'action' => 'friendships_destroy']);
 		throw new BadRequestException("no user_id specified");
 	}
 
@@ -3659,7 +3894,7 @@ function api_friendships_destroy($type)
 	$contact = DBA::selectFirst('contact', ['url'], ['id' => $contact_id, 'uid' => 0, 'self' => false]);
 
 	if(!DBA::isResult($contact)) {
-		Logger::log("No contact found for ID" . $contact_id, Logger::DEBUG);
+		Logger::notice(API_LOG_PREFIX . 'No contact found for ID {contact}', ['module' => 'api', 'action' => 'friendships_destroy', 'contact' => $contact_id]);
 		throw new NotFoundException("no contact found to given ID");
 	}
 
@@ -3671,12 +3906,12 @@ function api_friendships_destroy($type)
 	$contact = DBA::selectFirst('contact', [], $condition);
 
 	if (!DBA::isResult($contact)) {
-		Logger::log("Not following Contact", Logger::DEBUG);
+		Logger::notice(API_LOG_PREFIX . 'Not following contact', ['module' => 'api', 'action' => 'friendships_destroy']);
 		throw new NotFoundException("Not following Contact");
 	}
 
 	if (!in_array($contact['network'], Protocol::NATIVE_SUPPORT)) {
-		Logger::log("Not supported", Logger::DEBUG);
+		Logger::notice(API_LOG_PREFIX . 'Not supported for {network}', ['module' => 'api', 'action' => 'friendships_destroy', 'network' => $contact['network']]);
 		throw new ExpectationFailedException("Not supported");
 	}
 
@@ -3687,7 +3922,7 @@ function api_friendships_destroy($type)
 		Contact::terminateFriendship($owner, $contact, $dissolve);
 	}
 	else {
-		Logger::log("No owner found", Logger::DEBUG);
+		Logger::notice(API_LOG_PREFIX . 'No owner {uid} found', ['module' => 'api', 'action' => 'friendships_destroy', 'uid' => $uid]);
 		throw new NotFoundException("Error Processing Request");
 	}
 
@@ -3716,10 +3951,15 @@ api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, AP
  * @param string $verbose
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_direct_messages_box($type, $box, $verbose)
 {
-	$a = get_app();
+	$a = \get_app();
 	if (api_user() === false) {
 		throw new ForbiddenException();
 	}
@@ -3806,8 +4046,10 @@ function api_direct_messages_box($type, $box, $verbose)
 	$data = ['direct_message' => $ret];
 	switch ($type) {
 		case "atom":
+			break;
 		case "rss":
 			$data = api_rss_extra($a, $data, $user_info);
+			break;
 	}
 
 	return api_format_data("direct-messages", $type, $data);
@@ -3819,11 +4061,13 @@ function api_direct_messages_box($type, $box, $verbose)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
  * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/get-sent-message
  */
 function api_direct_messages_sentbox($type)
 {
-	$verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false");
+	$verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false";
 	return api_direct_messages_box($type, "sentbox", $verbose);
 }
 
@@ -3833,11 +4077,13 @@ function api_direct_messages_sentbox($type)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
  * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/get-messages
  */
 function api_direct_messages_inbox($type)
 {
-	$verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false");
+	$verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false";
 	return api_direct_messages_box($type, "inbox", $verbose);
 }
 
@@ -3846,10 +4092,12 @@ function api_direct_messages_inbox($type)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
  */
 function api_direct_messages_all($type)
 {
-	$verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false");
+	$verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false";
 	return api_direct_messages_box($type, "all", $verbose);
 }
 
@@ -3858,10 +4106,12 @@ function api_direct_messages_all($type)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
  */
 function api_direct_messages_conversation($type)
 {
-	$verbose = (x($_GET, 'friendica_verbose') ? strtolower($_GET['friendica_verbose']) : "false");
+	$verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false";
 	return api_direct_messages_box($type, "conversation", $verbose);
 }
 
@@ -3883,10 +4133,10 @@ function api_oauth_request_token()
 		$r = $oauth1->fetch_request_token(OAuthRequest::from_request());
 	} catch (Exception $e) {
 		echo "error=" . OAuthUtil::urlencode_rfc3986($e->getMessage());
-		killme();
+		exit();
 	}
 	echo $r;
-	killme();
+	exit();
 }
 
 /**
@@ -3902,10 +4152,10 @@ function api_oauth_access_token()
 		$r = $oauth1->fetch_access_token(OAuthRequest::from_request());
 	} catch (Exception $e) {
 		echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage());
-		killme();
+		exit();
 	}
 	echo $r;
-	killme();
+	exit();
 }
 
 /// @TODO move to top of file or somewhere better
@@ -3918,6 +4168,9 @@ api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws InternalServerErrorException
  */
 function api_fr_photoalbum_delete($type)
 {
@@ -3925,7 +4178,7 @@ function api_fr_photoalbum_delete($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$album = (x($_REQUEST, 'album') ? $_REQUEST['album'] : "");
+	$album = defaults($_REQUEST, 'album', "");
 
 	// we do not allow calls without album string
 	if ($album == "") {
@@ -3954,7 +4207,7 @@ function api_fr_photoalbum_delete($type)
 	}
 
 	// now let's delete all photos from the album
-	$result = DBA::delete('photo', ['uid' => api_user(), 'album' => $album]);
+	$result = Photo::delete(['uid' => api_user(), 'album' => $album]);
 
 	// return success of deletion or error message
 	if ($result) {
@@ -3970,6 +4223,9 @@ function api_fr_photoalbum_delete($type)
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws InternalServerErrorException
  */
 function api_fr_photoalbum_update($type)
 {
@@ -3977,8 +4233,8 @@ function api_fr_photoalbum_update($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$album = (x($_REQUEST, 'album') ? $_REQUEST['album'] : "");
-	$album_new = (x($_REQUEST, 'album_new') ? $_REQUEST['album_new'] : "");
+	$album = defaults($_REQUEST, 'album', "");
+	$album_new = defaults($_REQUEST, 'album_new', "");
 
 	// we do not allow calls without album string
 	if ($album == "") {
@@ -3988,11 +4244,11 @@ function api_fr_photoalbum_update($type)
 		throw new BadRequestException("no new albumname specified");
 	}
 	// check if album is existing
-	if (!DBA::exists('photo', ['uid' => api_user(), 'album' => $album])) {
+	if (!Photo::exists(['uid' => api_user(), 'album' => $album])) {
 		throw new BadRequestException("album not available");
 	}
 	// now let's update all photos to the albumname
-	$result = DBA::update('photo', ['album' => $album_new], ['uid' => api_user(), 'album' => $album]);
+	$result = Photo::update(['album' => $album_new], ['uid' => api_user(), 'album' => $album]);
 
 	// return success of updating or error message
 	if ($result) {
@@ -4009,6 +4265,8 @@ function api_fr_photoalbum_update($type)
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
+ * @throws ForbiddenException
+ * @throws InternalServerErrorException
  */
 function api_fr_photos_list($type)
 {
@@ -4055,6 +4313,11 @@ function api_fr_photos_list($type)
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws NotFoundException
  */
 function api_fr_photo_create_update($type)
 {
@@ -4062,15 +4325,15 @@ function api_fr_photo_create_update($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$photo_id = (x($_REQUEST, 'photo_id') ? $_REQUEST['photo_id'] : null);
-	$desc = (x($_REQUEST, 'desc') ? $_REQUEST['desc'] : (array_key_exists('desc', $_REQUEST) ? "" : null)); // extra check necessary to distinguish between 'not provided' and 'empty string'
-	$album = (x($_REQUEST, 'album') ? $_REQUEST['album'] : null);
-	$album_new = (x($_REQUEST, 'album_new') ? $_REQUEST['album_new'] : null);
-	$allow_cid = (x($_REQUEST, 'allow_cid') ? $_REQUEST['allow_cid'] : (array_key_exists('allow_cid', $_REQUEST) ? " " : null));
-	$deny_cid = (x($_REQUEST, 'deny_cid') ? $_REQUEST['deny_cid'] : (array_key_exists('deny_cid', $_REQUEST) ? " " : null));
-	$allow_gid = (x($_REQUEST, 'allow_gid') ? $_REQUEST['allow_gid'] : (array_key_exists('allow_gid', $_REQUEST) ? " " : null));
-	$deny_gid = (x($_REQUEST, 'deny_gid') ? $_REQUEST['deny_gid'] : (array_key_exists('deny_gid', $_REQUEST) ? " " : null));
-	$visibility = (x($_REQUEST, 'visibility') ? (($_REQUEST['visibility'] == "true" || $_REQUEST['visibility'] == 1) ? true : false) : false);
+	$photo_id = defaults($_REQUEST, 'photo_id', null);
+	$desc = defaults($_REQUEST, 'desc', (array_key_exists('desc', $_REQUEST) ? "" : null)) ; // extra check necessary to distinguish between 'not provided' and 'empty string'
+	$album = defaults($_REQUEST, 'album', null);
+	$album_new = defaults($_REQUEST, 'album_new', null);
+	$allow_cid = defaults($_REQUEST, 'allow_cid', (array_key_exists('allow_cid', $_REQUEST) ? " " : null));
+	$deny_cid  = defaults($_REQUEST, 'deny_cid' , (array_key_exists('deny_cid' , $_REQUEST) ? " " : null));
+	$allow_gid = defaults($_REQUEST, 'allow_gid', (array_key_exists('allow_gid', $_REQUEST) ? " " : null));
+	$deny_gid  = defaults($_REQUEST, 'deny_gid' , (array_key_exists('deny_gid' , $_REQUEST) ? " " : null));
+	$visibility = !empty($_REQUEST['visibility']) && $_REQUEST['visibility'] !== "false";
 
 	// do several checks on input parameters
 	// we do not allow calls without album string
@@ -4082,7 +4345,7 @@ function api_fr_photo_create_update($type)
 		$mode = "create";
 
 		// error if no media posted in create-mode
-		if (!x($_FILES, 'media')) {
+		if (empty($_FILES['media'])) {
 			// Output error
 			throw new BadRequestException("no media data submitted");
 		}
@@ -4092,14 +4355,8 @@ function api_fr_photo_create_update($type)
 	} else {
 		$mode = "update";
 
-		// check if photo is existing in database
-		$r = q(
-			"SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'",
-			intval(api_user()),
-			DBA::escape($photo_id),
-			DBA::escape($album)
-		);
-		if (!DBA::isResult($r)) {
+		// check if photo is existing in databasei
+		if (!Photo::exists(['resource-id' => $photo_id, 'uid' => api_user(), 'album' => $album])) {
 			throw new BadRequestException("photo not available");
 		}
 	}
@@ -4128,52 +4385,45 @@ function api_fr_photo_create_update($type)
 
 	// now let's do the changes in update-mode
 	if ($mode == "update") {
-		$sql_extra = "";
+		$updated_fields = [];
 
 		if (!is_null($desc)) {
-			$sql_extra .= (($sql_extra != "") ? " ," : "") . "`desc` = '$desc'";
+			$updated_fields['desc'] = $desc;
 		}
 
 		if (!is_null($album_new)) {
-			$sql_extra .= (($sql_extra != "") ? " ," : "") . "`album` = '$album_new'";
+			$updated_fields['album'] = $album_new;
 		}
 
 		if (!is_null($allow_cid)) {
 			$allow_cid = trim($allow_cid);
-			$sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_cid` = '$allow_cid'";
+			$updated_fields['allow_cid'] = $allow_cid;
 		}
 
 		if (!is_null($deny_cid)) {
 			$deny_cid = trim($deny_cid);
-			$sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_cid` = '$deny_cid'";
+			$updated_fields['deny_cid'] = $deny_cid;
 		}
 
 		if (!is_null($allow_gid)) {
 			$allow_gid = trim($allow_gid);
-			$sql_extra .= (($sql_extra != "") ? " ," : "") . "`allow_gid` = '$allow_gid'";
+			$updated_fields['allow_gid'] = $allow_gid;
 		}
 
 		if (!is_null($deny_gid)) {
 			$deny_gid = trim($deny_gid);
-			$sql_extra .= (($sql_extra != "") ? " ," : "") . "`deny_gid` = '$deny_gid'";
+			$updated_fields['deny_gid'] = $deny_gid;
 		}
 
 		$result = false;
-		if ($sql_extra != "") {
+		if (count($updated_fields) > 0) {
 			$nothingtodo = false;
-			$result = q(
-				"UPDATE `photo` SET %s, `edited`='%s' WHERE `uid` = %d AND `resource-id` = '%s' AND `album` = '%s'",
-				$sql_extra,
-				DateTimeFormat::utcNow(),   // update edited timestamp
-				intval(api_user()),
-				DBA::escape($photo_id),
-				DBA::escape($album)
-			);
+			$result = Photo::update($updated_fields, ['uid' => api_user(), 'resource-id' => $photo_id, 'album' => $album]);
 		} else {
 			$nothingtodo = true;
 		}
 
-		if (x($_FILES, 'media')) {
+		if (!empty($_FILES['media'])) {
 			$nothingtodo = false;
 			$media = $_FILES['media'];
 			$data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, 0, $visibility, $photo_id);
@@ -4202,6 +4452,9 @@ function api_fr_photo_create_update($type)
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws InternalServerErrorException
  */
 function api_fr_photo_delete($type)
 {
@@ -4209,7 +4462,7 @@ function api_fr_photo_delete($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$photo_id = (x($_REQUEST, 'photo_id') ? $_REQUEST['photo_id'] : null);
+	$photo_id = defaults($_REQUEST, 'photo_id', null);
 
 	// do several checks on input parameters
 	// we do not allow calls without photo id
@@ -4217,16 +4470,12 @@ function api_fr_photo_delete($type)
 		throw new BadRequestException("no photo_id specified");
 	}
 	// check if photo is existing in database
-	$r = q(
-		"SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
-		intval(api_user()),
-		DBA::escape($photo_id)
-	);
-	if (!DBA::isResult($r)) {
+	$r = Photo::exists(['resource-id' => $photo_id, 'uid' => api_user()]);
+	if (!$r) {
 		throw new BadRequestException("photo not available");
 	}
 	// now we can perform on the deletion of the photo
-	$result = DBA::delete('photo', ['uid' => api_user(), 'resource-id' => $photo_id]);
+	$result = Photo::delete(['uid' => api_user(), 'resource-id' => $photo_id]);
 
 	// return success of deletion or error message
 	if ($result) {
@@ -4254,17 +4503,21 @@ function api_fr_photo_delete($type)
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws InternalServerErrorException
+ * @throws NotFoundException
  */
 function api_fr_photo_detail($type)
 {
 	if (api_user() === false) {
 		throw new ForbiddenException();
 	}
-	if (!x($_REQUEST, 'photo_id')) {
+	if (empty($_REQUEST['photo_id'])) {
 		throw new BadRequestException("No photo id.");
 	}
 
-	$scale = (x($_REQUEST, 'scale') ? intval($_REQUEST['scale']) : false);
+	$scale = (!empty($_REQUEST['scale']) ? intval($_REQUEST['scale']) : false);
 	$photo_id = $_REQUEST['photo_id'];
 
 	// prepare json/xml output with data from database for the requested photo
@@ -4282,7 +4535,12 @@ function api_fr_photo_detail($type)
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  *
  * @return string|array
- * @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/post-account-update_profile_image
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws NotFoundException
+ * @see   https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/post-account-update_profile_image
  */
 function api_account_update_profile_image($type)
 {
@@ -4293,7 +4551,7 @@ function api_account_update_profile_image($type)
 	$profile_id = defaults($_REQUEST, 'profile_id', 0);
 
 	// error if image data is missing
-	if (!x($_FILES, 'image')) {
+	if (empty($_FILES['image'])) {
 		throw new BadRequestException("no media data submitted");
 	}
 
@@ -4311,9 +4569,9 @@ function api_account_update_profile_image($type)
 
 	// get mediadata from image or media (Twitter call api/account/update_profile_image provides image)
 	$media = null;
-	if (x($_FILES, 'image')) {
+	if (!empty($_FILES['image'])) {
 		$media = $_FILES['image'];
-	} elseif (x($_FILES, 'media')) {
+	} elseif (!empty($_FILES['media'])) {
 		$media = $_FILES['media'];
 	}
 	// save new profile image
@@ -4336,17 +4594,17 @@ function api_account_update_profile_image($type)
 	// change specified profile or all profiles to the new resource-id
 	if ($is_default_profile) {
 		$condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], api_user()];
-		DBA::update('photo', ['profile' => false], $condition);
+		Photo::update(['profile' => false], $condition);
 	} else {
-		$fields = ['photo' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $filetype,
-			'thumb' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $filetype];
+		$fields = ['photo' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext,
+			'thumb' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext];
 		DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => api_user()]);
 	}
 
 	Contact::updateSelfFromUserID(api_user(), true);
 
 	// Update global directory in background
-	$url = System::baseUrl() . '/profile/' . get_app()->user['nickname'];
+	$url = System::baseUrl() . '/profile/' . \get_app()->user['nickname'];
 	if ($url && strlen(Config::get('system', 'directory'))) {
 		Worker::add(PRIORITY_LOW, "Directory", $url);
 	}
@@ -4378,6 +4636,11 @@ api_register_func('api/account/update_profile_image', 'api_account_update_profil
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_account_update_profile($type)
 {
@@ -4412,6 +4675,8 @@ api_register_func('api/account/update_profile', 'api_account_update_profile', tr
 /**
  *
  * @param string $acl_string
+ * @return bool
+ * @throws Exception
  */
 function check_acl_input($acl_string)
 {
@@ -4448,6 +4713,12 @@ function check_acl_input($acl_string)
  * @param integer $profile
  * @param boolean $visibility
  * @param string  $photo_id
+ * @return array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws NotFoundException
  */
 function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $profile = 0, $visibility = false, $photo_id = null)
 {
@@ -4606,6 +4877,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
  * @param string  $deny_gid
  * @param string  $filetype
  * @param boolean $visibility
+ * @throws InternalServerErrorException
  */
 function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility = false)
 {
@@ -4658,10 +4930,16 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f
  * @param string $photo_id
  *
  * @return array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws NotFoundException
+ * @throws UnauthorizedException
  */
 function prepare_photo_data($type, $scale, $photo_id)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if ($user_info === false) {
@@ -4773,8 +5051,8 @@ function prepare_photo_data($type, $scale, $photo_id)
  */
 function api_friendica_remoteauth()
 {
-	$url = (x($_GET, 'url') ? $_GET['url'] : '');
-	$c_url = (x($_GET, 'c_url') ? $_GET['c_url'] : '');
+	$url = defaults($_GET, 'url', '');
+	$c_url = defaults($_GET, 'c_url', '');
 
 	if ($url === '' || $c_url === '') {
 		throw new BadRequestException("Wrong parameters.");
@@ -4809,7 +5087,7 @@ function api_friendica_remoteauth()
 		'sec' => $sec, 'expire' => time() + 45];
 	DBA::insert('profile_check', $fields);
 
-	Logger::log($contact['name'] . ' ' . $sec, Logger::DEBUG);
+	Logger::info(API_LOG_PREFIX . 'for contact {contact}', ['module' => 'api', 'action' => 'friendica_remoteauth', 'contact' => $contact['name'], 'hey' => $sec]);
 	$dest = ($url ? '&destination_url=' . $url : '');
 
 	System::externalRedirect(
@@ -4825,6 +5103,8 @@ api_register_func('api/friendica/remoteauth', 'api_friendica_remoteauth', true);
  *
  * @param array $item Sharer item
  * @return array|false Shared item or false if not a reshare
+ * @throws ImagickException
+ * @throws InternalServerErrorException
  */
 function api_share_as_retweet(&$item)
 {
@@ -4920,6 +5200,7 @@ function api_share_as_retweet(&$item)
 	}
 
 	$reshared_item["body"] = $shared_body;
+	$reshared_item["author-id"] = Contact::getIdForURL($profile, 0, true);
 	$reshared_item["author-name"] = $author;
 	$reshared_item["author-link"] = $profile;
 	$reshared_item["author-avatar"] = $avatar;
@@ -4935,6 +5216,7 @@ function api_share_as_retweet(&$item)
  * @param string $profile
  *
  * @return string|false
+ * @throws InternalServerErrorException
  * @todo remove trailing junk from profile url
  * @todo pump.io check has to check the website
  */
@@ -5019,6 +5301,7 @@ function api_get_nick($profile)
  * @param array $item
  *
  * @return array
+ * @throws Exception
  */
 function api_in_reply_to($item)
 {
@@ -5057,7 +5340,7 @@ function api_in_reply_to($item)
 		// https://github.com/friendica/friendica/issues/1010
 		// This is a bugfix for that.
 		if (intval($in_reply_to['status_id']) == intval($item['id'])) {
-			Logger::log('this message should never appear: id: '.$item['id'].' similar to reply-to: '.$in_reply_to['status_id'], Logger::DEBUG);
+			Logger::warning(API_LOG_PREFIX . 'ID {id} is similar to reply-to {reply-to}', ['module' => 'api', 'action' => 'in_reply_to', 'id' => $item['id'], 'reply-to' => $in_reply_to['status_id']]);
 			$in_reply_to['status_id'] = null;
 			$in_reply_to['user_id'] = null;
 			$in_reply_to['status_id_str'] = null;
@@ -5074,10 +5357,11 @@ function api_in_reply_to($item)
  * @param string $text
  *
  * @return string
+ * @throws InternalServerErrorException
  */
 function api_clean_plain_items($text)
 {
-	$include_entities = strtolower(x($_REQUEST, 'include_entities') ? $_REQUEST['include_entities'] : "false");
+	$include_entities = strtolower(defaults($_REQUEST, 'include_entities', "false"));
 
 	$text = BBCode::cleanPictureLinks($text);
 	$URLSearchString = "^\[\]";
@@ -5100,6 +5384,7 @@ function api_clean_plain_items($text)
  * @param string $body The original body
  *
  * @return string Cleaned body
+ * @throws InternalServerErrorException
  */
 function api_clean_attachments($body)
 {
@@ -5128,7 +5413,7 @@ function api_clean_attachments($body)
  *
  * @param array $contacts
  *
- * @return array
+ * @return void
  */
 function api_best_nickname(&$contacts)
 {
@@ -5198,10 +5483,15 @@ function api_best_nickname(&$contacts)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_friendica_group_show($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5209,7 +5499,7 @@ function api_friendica_group_show($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0);
+	$gid = defaults($_REQUEST, 'gid', 0);
 	$uid = $user_info['uid'];
 
 	// get data of the specified group id or all groups if not specified
@@ -5263,10 +5553,15 @@ api_register_func('api/friendica/group_show', 'api_friendica_group_show', true);
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_friendica_group_delete($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5274,8 +5569,8 @@ function api_friendica_group_delete($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0);
-	$name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : "");
+	$gid = defaults($_REQUEST, 'gid', 0);
+	$name = defaults($_REQUEST, 'name', "");
 	$uid = $user_info['uid'];
 
 	// error if no gid specified
@@ -5324,11 +5619,16 @@ api_register_func('api/friendica/group_delete', 'api_friendica_group_delete', tr
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/post-lists-destroy
  */
 function api_lists_destroy($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5336,7 +5636,7 @@ function api_lists_destroy($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$gid = (x($_REQUEST, 'list_id') ? $_REQUEST['list_id'] : 0);
+	$gid = defaults($_REQUEST, 'list_id', 0);
 	$uid = $user_info['uid'];
 
 	// error if no gid specified
@@ -5368,10 +5668,11 @@ api_register_func('api/lists/destroy', 'api_lists_destroy', true, API_METHOD_DEL
  * Add a new group to the database.
  *
  * @param  string $name  Group name
- * @param  int	  $uid   User ID
+ * @param  int    $uid   User ID
  * @param  array  $users List of users to add to the group
  *
  * @return array
+ * @throws BadRequestException
  */
 function group_create($name, $uid, $users = [])
 {
@@ -5441,10 +5742,15 @@ function group_create($name, $uid, $users = [])
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_friendica_group_create($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5452,7 +5758,7 @@ function api_friendica_group_create($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : "");
+	$name = defaults($_REQUEST, 'name', "");
 	$uid = $user_info['uid'];
 	$json = json_decode($_POST['json'], true);
 	$users = $json['user'];
@@ -5469,11 +5775,16 @@ api_register_func('api/friendica/group_create', 'api_friendica_group_create', tr
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/post-lists-create
  */
 function api_lists_create($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5481,7 +5792,7 @@ function api_lists_create($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : "");
+	$name = defaults($_REQUEST, 'name', "");
 	$uid = $user_info['uid'];
 
 	$success = group_create($name, $uid);
@@ -5504,10 +5815,15 @@ api_register_func('api/lists/create', 'api_lists_create', true, API_METHOD_POST)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_friendica_group_update($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5516,8 +5832,8 @@ function api_friendica_group_update($type)
 	// params
 	$user_info = api_get_user($a);
 	$uid = $user_info['uid'];
-	$gid = (x($_REQUEST, 'gid') ? $_REQUEST['gid'] : 0);
-	$name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : "");
+	$gid = defaults($_REQUEST, 'gid', 0);
+	$name = defaults($_REQUEST, 'name', "");
 	$json = json_decode($_POST['json'], true);
 	$users = $json['user'];
 
@@ -5577,11 +5893,16 @@ api_register_func('api/friendica/group_update', 'api_friendica_group_update', tr
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/post-lists-update
  */
 function api_lists_update($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5589,8 +5910,8 @@ function api_lists_update($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$gid = (x($_REQUEST, 'list_id') ? $_REQUEST['list_id'] : 0);
-	$name = (x($_REQUEST, 'name') ? $_REQUEST['name'] : "");
+	$gid = defaults($_REQUEST, 'list_id', 0);
+	$name = defaults($_REQUEST, 'name', "");
 	$uid = $user_info['uid'];
 
 	// error if no gid specified
@@ -5624,10 +5945,14 @@ api_register_func('api/lists/update', 'api_lists_update', true, API_METHOD_POST)
  * @param string $type Return type (atom, rss, xml, json)
  *
  * @return array|string
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
  */
 function api_friendica_activity($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5635,7 +5960,7 @@ function api_friendica_activity($type)
 	$verb = strtolower($a->argv[3]);
 	$verb = preg_replace("|\..*$|", "", $verb);
 
-	$id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0);
+	$id = defaults($_REQUEST, 'id', 0);
 
 	$res = Item::performLike($id, $verb);
 
@@ -5668,10 +5993,13 @@ api_register_func('api/friendica/activity/unattendmaybe', 'api_friendica_activit
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
-*/
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws InternalServerErrorException
+ */
 function api_friendica_notification($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5693,7 +6021,6 @@ function api_friendica_notification($type)
 
 		$notes = $xmlnotes;
 	}
-
 	return api_format_data("notes", $type, ['note' => $notes]);
 }
 
@@ -5704,10 +6031,15 @@ function api_friendica_notification($type)
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_friendica_notification_seen($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -5717,7 +6049,7 @@ function api_friendica_notification_seen($type)
 		throw new BadRequestException("Invalid argument count");
 	}
 
-	$id = (x($_REQUEST, 'id') ? intval($_REQUEST['id']) : 0);
+	$id = (!empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0);
 
 	$nm = new NotificationsManager();
 	$note = $nm->getByID($id);
@@ -5749,10 +6081,15 @@ api_register_func('api/friendica/notification', 'api_friendica_notification', tr
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array (success result=ok, error result=error with error message)
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_friendica_direct_messages_setseen($type)
 {
-	$a = get_app();
+	$a = \get_app();
 	if (api_user() === false) {
 		throw new ForbiddenException();
 	}
@@ -5760,7 +6097,7 @@ function api_friendica_direct_messages_setseen($type)
 	// params
 	$user_info = api_get_user($a);
 	$uid = $user_info['uid'];
-	$id = (x($_REQUEST, 'id') ? $_REQUEST['id'] : 0);
+	$id = defaults($_REQUEST, 'id', 0);
 
 	// return error if id is zero
 	if ($id == "") {
@@ -5793,15 +6130,20 @@ api_register_func('api/friendica/direct_messages_setseen', 'api_friendica_direct
 /**
  * @brief search for direct_messages containing a searchstring through api
  *
- * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
+ * @param string $type      Known types are 'atom', 'rss', 'xml' and 'json'
  * @param string $box
  * @return string|array (success: success=true if found and search_result contains found messages,
  *                          success=false if nothing was found, search_result='nothing found',
- * 		   error: result=error with error message)
+ *                          error: result=error with error message)
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_friendica_direct_messages_search($type, $box = "")
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5809,7 +6151,7 @@ function api_friendica_direct_messages_search($type, $box = "")
 
 	// params
 	$user_info = api_get_user($a);
-	$searchstring = (x($_REQUEST, 'searchstring') ? $_REQUEST['searchstring'] : "");
+	$searchstring = defaults($_REQUEST, 'searchstring', "");
 	$uid = $user_info['uid'];
 
 	// error if no searchstring specified
@@ -5861,17 +6203,22 @@ api_register_func('api/friendica/direct_messages_search', 'api_friendica_direct_
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
+ * @throws BadRequestException
+ * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  */
 function api_friendica_profile_show($type)
 {
-	$a = get_app();
+	$a = \get_app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
 	}
 
 	// input params
-	$profile_id = (x($_REQUEST, 'profile_id') ? $_REQUEST['profile_id'] : 0);
+	$profile_id = defaults($_REQUEST, 'profile_id', 0);
 
 	// retrieve general information about profiles for user
 	$multi_profiles = Feature::isEnabled(api_user(), 'multi_profiles');
@@ -5942,6 +6289,7 @@ api_register_func('api/friendica/profile/show', 'api_friendica_profile_show', tr
  * @param  string $type Return format: json or xml
  *
  * @return string|array
+ * @throws Exception
  */
 function api_saved_searches_list($type)
 {
@@ -5967,6 +6315,42 @@ function api_saved_searches_list($type)
 /// @TODO move to top of file or somewhere better
 api_register_func('api/saved_searches/list', 'api_saved_searches_list', true);
 
+/*
+ * Bind comment numbers(friendica_comments: Int) on each statuses page of *_timeline / favorites / search
+ *
+ * @brief Number of comments
+ *
+ * @param object $data [Status, Status]
+ *
+ * @return void
+ */
+function bindComments(&$data) 
+{
+	if (count($data) == 0) {
+		return;
+	}
+	
+	$ids = [];
+	$comments = [];
+	foreach ($data as $item) {
+		$ids[] = $item['id'];
+	}
+
+	$idStr = DBA::escape(implode(', ', $ids));
+	$sql = "SELECT `parent`, COUNT(*) as comments FROM `item` WHERE `parent` IN ($idStr) AND `deleted` = ? AND `gravity`= ? GROUP BY `parent`";
+	$items = DBA::p($sql, 0, GRAVITY_COMMENT);
+	$itemsData = DBA::toArray($items);
+
+	foreach ($itemsData as $item) {
+		$comments[$item['parent']] = $item['comments'];
+	}
+
+	foreach ($data as $idx => $item) {
+		$id = $item['id'];
+		$data[$idx]['friendica_comments'] = isset($comments[$id]) ? $comments[$id] : 0;
+	}
+}
+
 /*
 @TODO Maybe open to implement?
 To.Do: