X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=5c708c0b70a079cdc6f65fb9bbd6735a4bf960aa;hb=bf35ff27d33bf73a4ba00582d6726d6f0ac3ec23;hp=4be0ff24afb9707959cfe1371d19ce6af4ca7640;hpb=ae3c9eceedb0c98572ab5c1babee83e9f25306af;p=friendica.git diff --git a/include/api.php b/include/api.php index 4be0ff24af..ef73889126 100644 --- a/include/api.php +++ b/include/api.php @@ -1,5 +1,22 @@ . + * * Friendica implementation of statusnet/twitter API * * @file include/api.php @@ -8,27 +25,24 @@ use Friendica\App; use Friendica\Content\ContactSelector; -use Friendica\Content\Feature; use Friendica\Content\Text\BBCode; use Friendica\Content\Text\HTML; -use Friendica\Core\Config; use Friendica\Core\Hook; -use Friendica\Core\L10n; use Friendica\Core\Logger; -use Friendica\Core\NotificationsManager; -use Friendica\Core\PConfig; use Friendica\Core\Protocol; use Friendica\Core\Session; use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBA; +use Friendica\DI; use Friendica\Model\Contact; use Friendica\Model\Group; use Friendica\Model\Item; use Friendica\Model\Mail; +use Friendica\Model\Notify; use Friendica\Model\Photo; -use Friendica\Model\Profile; use Friendica\Model\User; +use Friendica\Model\UserItem; use Friendica\Network\FKOAuth1; use Friendica\Network\HTTPException; use Friendica\Network\HTTPException\BadRequestException; @@ -41,16 +55,18 @@ use Friendica\Network\HTTPException\NotImplementedException; use Friendica\Network\HTTPException\TooManyRequestsException; use Friendica\Network\HTTPException\UnauthorizedException; use Friendica\Object\Image; +use Friendica\Protocol\Activity; use Friendica\Protocol\Diaspora; use Friendica\Util\DateTimeFormat; +use Friendica\Util\Images; use Friendica\Util\Network; use Friendica\Util\Proxy as ProxyUtils; use Friendica\Util\Strings; use Friendica\Util\XML; -require_once 'mod/share.php'; -require_once 'mod/item.php'; -require_once 'mod/wall_upload.php'; +require_once __DIR__ . '/../mod/share.php'; +require_once __DIR__ . '/../mod/item.php'; +require_once __DIR__ . '/../mod/wall_upload.php'; define('API_METHOD_ANY', '*'); define('API_METHOD_GET', 'GET'); @@ -63,11 +79,11 @@ $API = []; $called_api = []; /** + * Auth API user + * * It is not sufficient to use local_user() to check whether someone is allowed to use the API, * because this will open CSRF holes (just embed an image with src=friendicasite.com/api/statuses/update?status=CSRF * into a page, and visitors will post something without noticing it). - * - * @brief Auth API user */ function api_user() { @@ -79,13 +95,13 @@ function api_user() } /** + * Get source name from API client + * * Clients can send 'source' parameter to be show in post metadata * as "sent via ". * Some clients doesn't send a source param, we support ones we know * (only Twidere, atm) * - * @brief Get source name from API client - * * @return string * Client source name, default to "api" if unset/unknown * @throws Exception @@ -111,7 +127,7 @@ function api_source() } /** - * @brief Format date for API + * Format date for API * * @param string $str Source date, as UTC * @return string Date in UTC formatted as "D M d H:i:s +0000 Y" @@ -126,9 +142,7 @@ function api_date($str) /** * Register a function to be the endpoint for defined API path. * - * @brief Register API endpoint - * - * @param string $path API URL path, relative to System::baseUrl() + * @param string $path API URL path, relative to DI::baseUrl() * @param string $func Function name to call on path request * @param bool $auth API need logged user * @param string $method HTTP method reqiured to call this endpoint. @@ -159,9 +173,8 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY * Log in user via OAuth1 or Simple HTTP Auth. * Simple Auth allow username in form of 
user@server
, ignoring server part * - * @brief Login API user - * * @param App $a App + * @throws ForbiddenException * @throws InternalServerErrorException * @throws UnauthorizedException * @hook 'authenticate' @@ -170,8 +183,6 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY * 'password' => password from login form * 'authenticated' => return status, * 'user_record' => return authenticated user record - * @hook 'logged_in' - * array $user logged user record */ function api_login(App $a) { @@ -182,7 +193,7 @@ function api_login(App $a) list($consumer, $token) = $oauth1->verify_request($request); if (!is_null($token)) { $oauth1->loginUser($token->uid); - Hook::callAll('logged_in', $a->user); + Session::set('allow_api', true); return; } echo __FILE__.__LINE__.__FUNCTION__ . "
";
@@ -208,8 +219,8 @@ function api_login(App $a)
 		throw new UnauthorizedException("This API requires login");
 	}
 
-	$user = defaults($_SERVER, 'PHP_AUTH_USER', '');
-	$password = defaults($_SERVER, 'PHP_AUTH_PW', '');
+	$user = $_SERVER['PHP_AUTH_USER'] ?? '';
+	$password = $_SERVER['PHP_AUTH_PW'] ?? '';
 
 	// allow "user@server" login (but ignore 'server' part)
 	$at = strstr($user, "@", true);
@@ -251,7 +262,7 @@ function api_login(App $a)
 		throw new UnauthorizedException("This API requires login");
 	}
 
-	Session::setAuthenticatedForUser($a, $record);
+	DI::auth()->setForUser($a, $record);
 
 	$_SESSION["allow_api"] = true;
 
@@ -259,12 +270,12 @@ function api_login(App $a)
 }
 
 /**
+ * Check HTTP method of called API
+ *
  * API endpoints can define which HTTP method to accept when called.
  * This function check the current HTTP method agains endpoint
  * registered method.
  *
- * @brief Check HTTP method of called API
- *
  * @param string $method Required methods, uppercase, separated by comma
  * @return bool
  */
@@ -273,47 +284,50 @@ function api_check_method($method)
 	if ($method == "*") {
 		return true;
 	}
-	return (stripos($method, defaults($_SERVER, 'REQUEST_METHOD', 'GET')) !== false);
+	return (stripos($method, $_SERVER['REQUEST_METHOD'] ?? 'GET') !== false);
 }
 
 /**
- * Authenticate user, call registered API function, set HTTP headers
+ * Main API entry point
  *
- * @brief Main API entry point
+ * Authenticate user, call registered API function, set HTTP headers
  *
  * @param App $a App
+ * @param App\Arguments $args The app arguments (optional, will retrieved by the DI-Container in case of missing)
  * @return string|array API call result
  * @throws Exception
  */
-function api_call(App $a)
+function api_call(App $a, App\Arguments $args = null)
 {
 	global $API, $called_api;
 
+	if ($args == null) {
+		$args = DI::args();
+	}
+
 	$type = "json";
-	if (strpos($a->query_string, ".xml") > 0) {
+	if (strpos($args->getQueryString(), ".xml") > 0) {
 		$type = "xml";
 	}
-	if (strpos($a->query_string, ".json") > 0) {
+	if (strpos($args->getQueryString(), ".json") > 0) {
 		$type = "json";
 	}
-	if (strpos($a->query_string, ".rss") > 0) {
+	if (strpos($args->getQueryString(), ".rss") > 0) {
 		$type = "rss";
 	}
-	if (strpos($a->query_string, ".atom") > 0) {
+	if (strpos($args->getQueryString(), ".atom") > 0) {
 		$type = "atom";
 	}
 
 	try {
 		foreach ($API as $p => $info) {
-			if (strpos($a->query_string, $p) === 0) {
+			if (strpos($args->getQueryString(), $p) === 0) {
 				if (!api_check_method($info['method'])) {
 					throw new MethodNotAllowedException();
 				}
 
 				$called_api = explode("/", $p);
-				//unset($_SERVER['PHP_AUTH_USER']);
 
-				/// @TODO should be "true ==[=] $info['auth']", if you miss only one = character, you assign a variable (only with ==). Let's make all this even.
 				if (!empty($info['auth']) && api_user() === false) {
 					api_login($a);
 				}
@@ -323,11 +337,11 @@ function api_call(App $a)
 
 				$stamp =  microtime(true);
 				$return = call_user_func($info['func'], $type);
-				$duration = (float) (microtime(true) - $stamp);
+				$duration = floatval(microtime(true) - $stamp);
 
 				Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username'], 'duration' => round($duration, 2)]);
 
-				$a->getProfiler()->saveLog($a->getLogger(), API_LOG_PREFIX . 'performance');
+				DI::profiler()->saveLog(DI::logger(), API_LOG_PREFIX . 'performance');
 
 				if (false === $return) {
 					/*
@@ -364,31 +378,30 @@ function api_call(App $a)
 			}
 		}
 
-		Logger::warning(API_LOG_PREFIX . 'not implemented', ['module' => 'api', 'action' => 'call', 'query' => $a->query_string]);
+		Logger::warning(API_LOG_PREFIX . 'not implemented', ['module' => 'api', 'action' => 'call', 'query' => DI::args()->getQueryString()]);
 		throw new NotImplementedException();
 	} catch (HTTPException $e) {
 		header("HTTP/1.1 {$e->getCode()} {$e->httpdesc}");
-		return api_error($type, $e);
+		return api_error($type, $e, $args);
 	}
 }
 
 /**
- * @brief Format API error string
+ * Format API error string
  *
  * @param string $type Return type (xml, json, rss, as)
  * @param object $e    HTTPException Error object
+ * @param App\Arguments $args The App arguments
  * @return string|array error message formatted as $type
  */
-function api_error($type, $e)
+function api_error($type, $e, App\Arguments $args)
 {
-	$a = \get_app();
-
 	$error = ($e->getMessage() !== "" ? $e->getMessage() : $e->httpdesc);
 	/// @TODO:  https://dev.twitter.com/overview/api/response-codes
 
 	$error = ["error" => $error,
 			"code" => $e->getCode() . " " . $e->httpdesc,
-			"request" => $a->query_string];
+			"request" => $args->getQueryString()];
 
 	$return = api_format_data('status', $type, ['status' => $error]);
 
@@ -412,7 +425,7 @@ function api_error($type, $e)
 }
 
 /**
- * @brief Set values for RSS template
+ * Set values for RSS template
  *
  * @param App   $a
  * @param array $arr       Array to be passed to template
@@ -433,12 +446,12 @@ function api_rss_extra(App $a, $arr, $user_info)
 	$arr['$user'] = $user_info;
 	$arr['$rss'] = [
 		'alternate'    => $user_info['url'],
-		'self'         => System::baseUrl() . "/" . $a->query_string,
-		'base'         => System::baseUrl(),
+		'self'         => DI::baseUrl() . "/" . DI::args()->getQueryString(),
+		'base'         => DI::baseUrl(),
 		'updated'      => api_date(null),
 		'atom_updated' => DateTimeFormat::utcNow(DateTimeFormat::ATOM),
 		'language'     => $user_info['lang'],
-		'logo'         => System::baseUrl() . "/images/friendica-32.png",
+		'logo'         => DI::baseUrl() . "/images/friendica-32.png",
 	];
 
 	return $arr;
@@ -446,7 +459,7 @@ function api_rss_extra(App $a, $arr, $user_info)
 
 
 /**
- * @brief Unique contact to contact url.
+ * Unique contact to contact url.
  *
  * @param int $id Contact id
  * @return bool|string
@@ -465,7 +478,7 @@ function api_unique_id_to_nurl($id)
 }
 
 /**
- * @brief Get user info array.
+ * Get user info array.
  *
  * @param App        $a          App
  * @param int|string $contact_id Contact ID or URL
@@ -603,17 +616,12 @@ function api_get_user(App $a, $contact_id = null)
 		$contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => Strings::normaliseLink($url)]);
 
 		if (DBA::isResult($contact)) {
-			// If no nick where given, extract it from the address
-			if (($contact['nick'] == "") || ($contact['name'] == $contact['nick'])) {
-				$contact['nick'] = api_get_nick($contact["url"]);
-			}
-
 			$ret = [
 				'id' => $contact["id"],
 				'id_str' => (string) $contact["id"],
 				'name' => $contact["name"],
 				'screen_name' => (($contact['nick']) ? $contact['nick'] : $contact['name']),
-				'location' => ($contact["location"] != "") ? $contact["location"] : ContactSelector::networkToName($contact['network'], $contact['url']),
+				'location' => ($contact["location"] != "") ? $contact["location"] : ContactSelector::networkToName($contact['network'], $contact['url'], $contact['protocol']),
 				'description' => BBCode::toPlaintext($contact["about"]),
 				'profile_image_url' => $contact["micro"],
 				'profile_image_url_https' => $contact["micro"],
@@ -666,11 +674,6 @@ function api_get_user(App $a, $contact_id = null)
 	$countfollowers = 0;
 	$starred = 0;
 
-	// Add a nick if it isn't present there
-	if (($uinfo[0]['nick'] == "") || ($uinfo[0]['name'] == $uinfo[0]['nick'])) {
-		$uinfo[0]['nick'] = api_get_nick($uinfo[0]["url"]);
-	}
-
 	$pcontact_id  = Contact::getIdForURL($uinfo[0]['url'], 0, true);
 
 	if (!empty($profile['about'])) {
@@ -684,7 +687,7 @@ function api_get_user(App $a, $contact_id = null)
 	} elseif (!empty($uinfo[0]["location"])) {
 		$location = $uinfo[0]["location"];
 	} else {
-		$location = ContactSelector::networkToName($uinfo[0]['network'], $uinfo[0]['url']);
+		$location = ContactSelector::networkToName($uinfo[0]['network'], $uinfo[0]['url'], $uinfo[0]['protocol']);
 	}
 
 	$ret = [
@@ -719,7 +722,7 @@ function api_get_user(App $a, $contact_id = null)
 		'statusnet_blocking' => false,
 		'notifications' => false,
 		/// @TODO old way?
-		//'statusnet_profile_url' => System::baseUrl()."/contact/".$uinfo[0]['cid'],
+		//'statusnet_profile_url' => DI::baseUrl()."/contact/".$uinfo[0]['cid'],
 		'statusnet_profile_url' => $uinfo[0]['url'],
 		'uid' => intval($uinfo[0]['uid']),
 		'cid' => intval($uinfo[0]['cid']),
@@ -732,7 +735,7 @@ function api_get_user(App $a, $contact_id = null)
 	if ($ret['self']) {
 		$theme_info = DBA::selectFirst('user', ['theme'], ['uid' => $ret['uid']]);
 		if ($theme_info['theme'] === 'frio') {
-			$schema = PConfig::get($ret['uid'], 'frio', 'schema');
+			$schema = DI::pConfig()->get($ret['uid'], 'frio', 'schema');
 
 			if ($schema && ($schema != '---')) {
 				if (file_exists('view/theme/frio/schema/'.$schema.'.php')) {
@@ -740,9 +743,9 @@ function api_get_user(App $a, $contact_id = null)
 					require_once $schemefile;
 				}
 			} else {
-				$nav_bg = PConfig::get($ret['uid'], 'frio', 'nav_bg');
-				$link_color = PConfig::get($ret['uid'], 'frio', 'link_color');
-				$bgcolor = PConfig::get($ret['uid'], 'frio', 'background_color');
+				$nav_bg = DI::pConfig()->get($ret['uid'], 'frio', 'nav_bg');
+				$link_color = DI::pConfig()->get($ret['uid'], 'frio', 'link_color');
+				$bgcolor = DI::pConfig()->get($ret['uid'], 'frio', 'background_color');
 			}
 			if (empty($nav_bg)) {
 				$nav_bg = "#708fa0";
@@ -764,7 +767,7 @@ function api_get_user(App $a, $contact_id = null)
 }
 
 /**
- * @brief return api-formatted array for item's author and owner
+ * return api-formatted array for item's author and owner
  *
  * @param App   $a    App
  * @param array $item item from db
@@ -776,14 +779,14 @@ function api_get_user(App $a, $contact_id = null)
  */
 function api_item_get_user(App $a, $item)
 {
-	$status_user = api_get_user($a, defaults($item, 'author-id', null));
+	$status_user = api_get_user($a, $item['author-id'] ?? null);
 
 	$author_user = $status_user;
 
-	$status_user["protected"] = defaults($item, 'private', 0);
+	$status_user["protected"] = isset($item['private']) && ($item['private'] == Item::PRIVATE);
 
-	if (defaults($item, 'thr-parent', '') == defaults($item, 'uri', '')) {
-		$owner_user = api_get_user($a, defaults($item, 'owner-id', null));
+	if (($item['thr-parent'] ?? '') == ($item['uri'] ?? '')) {
+		$owner_user = api_get_user($a, $item['owner-id'] ?? null);
 	} else {
 		$owner_user = $author_user;
 	}
@@ -792,7 +795,7 @@ function api_item_get_user(App $a, $item)
 }
 
 /**
- * @brief walks recursively through an array with the possibility to change value and key
+ * walks recursively through an array with the possibility to change value and key
  *
  * @param array    $array    The array to walk through
  * @param callable $callback The callback function
@@ -820,7 +823,7 @@ function api_walk_recursive(array &$array, callable $callback)
 }
 
 /**
- * @brief Callback function to transform the array in an array that can be transformed in a XML file
+ * Callback function to transform the array in an array that can be transformed in a XML file
  *
  * @param mixed  $item Array item value
  * @param string $key  Array key
@@ -846,7 +849,7 @@ function api_reformat_xml(&$item, &$key)
 }
 
 /**
- * @brief Creates the XML from a JSON style array
+ * Creates the XML from a JSON style array
  *
  * @param array  $data         JSON style array
  * @param string $root_element Name of the root element
@@ -891,7 +894,7 @@ function api_create_xml(array $data, $root_element)
 }
 
 /**
- * @brief Formats the data according to the data type
+ * Formats the data according to the data type
  *
  * @param string $root_element Name of the root element
  * @param string $type         Return type (atom, rss, xml, json)
@@ -935,7 +938,7 @@ function api_format_data($root_element, $type, $data)
  */
 function api_account_verify_credentials($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -947,7 +950,7 @@ function api_account_verify_credentials($type)
 	unset($_REQUEST["screen_name"]);
 	unset($_GET["screen_name"]);
 
-	$skip_status = defaults($_REQUEST, 'skip_status', false);
+	$skip_status = $_REQUEST['skip_status'] ?? false;
 
 	$user_info = api_get_user($a);
 
@@ -957,7 +960,7 @@ function api_account_verify_credentials($type)
 	// - Adding last status
 	if (!$skip_status) {
 		$item = api_get_last_status($user_info['pid'], $user_info['uid']);
-		if ($item) {
+		if (!empty($item)) {
 			$user_info['status'] = api_format_item($item, $type);
 		}
 	}
@@ -1003,7 +1006,7 @@ function requestdata($k)
  */
 function api_statuses_mediap($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		Logger::log('api_statuses_update: no user');
@@ -1057,7 +1060,7 @@ api_register_func('api/statuses/mediap', 'api_statuses_mediap', true, API_METHOD
  */
 function api_statuses_update($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		Logger::log('api_statuses_update: no user');
@@ -1106,7 +1109,7 @@ function api_statuses_update($type)
 
 	if (!$parent) {
 		// Check for throttling (maximum posts per day, week and month)
-		$throttle_day = Config::get('system', 'throttle_limit_day');
+		$throttle_day = DI::config()->get('system', 'throttle_limit_day');
 		if ($throttle_day > 0) {
 			$datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60);
 
@@ -1115,12 +1118,12 @@ function api_statuses_update($type)
 
 			if ($posts_day > $throttle_day) {
 				Logger::log('Daily posting limit reached for user '.api_user(), Logger::DEBUG);
-				// die(api_error($type, L10n::t("Daily posting limit of %d posts reached. The post was rejected.", $throttle_day));
-				throw new TooManyRequestsException(L10n::tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day));
+				// die(api_error($type, DI::l10n()->t("Daily posting limit of %d posts reached. The post was rejected.", $throttle_day));
+				throw new TooManyRequestsException(DI::l10n()->tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day));
 			}
 		}
 
-		$throttle_week = Config::get('system', 'throttle_limit_week');
+		$throttle_week = DI::config()->get('system', 'throttle_limit_week');
 		if ($throttle_week > 0) {
 			$datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7);
 
@@ -1129,12 +1132,12 @@ function api_statuses_update($type)
 
 			if ($posts_week > $throttle_week) {
 				Logger::log('Weekly posting limit reached for user '.api_user(), Logger::DEBUG);
-				// die(api_error($type, L10n::t("Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week)));
-				throw new TooManyRequestsException(L10n::tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week));
+				// die(api_error($type, DI::l10n()->t("Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week)));
+				throw new TooManyRequestsException(DI::l10n()->tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week));
 			}
 		}
 
-		$throttle_month = Config::get('system', 'throttle_limit_month');
+		$throttle_month = DI::config()->get('system', 'throttle_limit_month');
 		if ($throttle_month > 0) {
 			$datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30);
 
@@ -1143,8 +1146,8 @@ function api_statuses_update($type)
 
 			if ($posts_month > $throttle_month) {
 				Logger::log('Monthly posting limit reached for user '.api_user(), Logger::DEBUG);
-				// die(api_error($type, L10n::t("Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month));
-				throw new TooManyRequestsException(L10n::t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month));
+				// die(api_error($type, DI::l10n()->t("Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month));
+				throw new TooManyRequestsException(DI::l10n()->t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month));
 			}
 		}
 	}
@@ -1166,11 +1169,11 @@ function api_statuses_update($type)
 				api_user()
 			);
 			if (DBA::isResult($r)) {
-				$phototypes = Image::supportedTypes();
+				$phototypes = Images::supportedTypes();
 				$ext = $phototypes[$r[0]['type']];
 				$description = $r[0]['desc'] ?? '';
-				$_REQUEST['body'] .= "\n\n" . '[url=' . System::baseUrl() . '/photos/' . $r[0]['nickname'] . '/image/' . $r[0]['resource-id'] . ']';
-				$_REQUEST['body'] .= '[img=' . System::baseUrl() . '/photo/' . $r[0]['resource-id'] . '-' . $r[0]['scale'] . '.' . $ext . ']' . $description . '[/img][/url]';
+				$_REQUEST['body'] .= "\n\n" . '[url=' . DI::baseUrl() . '/photos/' . $r[0]['nickname'] . '/image/' . $r[0]['resource-id'] . ']';
+				$_REQUEST['body'] .= '[img=' . DI::baseUrl() . '/photo/' . $r[0]['resource-id'] . '-' . $r[0]['scale'] . '.' . $ext . ']' . $description . '[/img][/url]';
 			}
 		}
 	}
@@ -1207,7 +1210,7 @@ api_register_func('api/statuses/update_with_media', 'api_statuses_update', true,
  */
 function api_media_upload()
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		Logger::log('no user');
@@ -1262,7 +1265,7 @@ api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST)
  */
 function api_media_metadata_create($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		Logger::info('no user');
@@ -1316,7 +1319,7 @@ function api_status_show($type, $item_id)
 	$status_info = [];
 
 	$item = api_get_item(['id' => $item_id]);
-	if ($item) {
+	if (!empty($item)) {
 		$status_info = api_format_item($item, $type);
 	}
 
@@ -1339,7 +1342,7 @@ function api_get_last_status($ownerId, $uid)
 		'author-id'=> $ownerId,
 		'uid'      => $uid,
 		'gravity'  => [GRAVITY_PARENT, GRAVITY_COMMENT],
-		'private'  => false
+		'private'  => [Item::PUBLIC, Item::UNLISTED]
 	];
 
 	$item = api_get_item($condition);
@@ -1375,12 +1378,12 @@ function api_get_item(array $condition)
  */
 function api_users_show($type)
 {
-	$a = \Friendica\BaseObject::getApp();
+	$a = Friendica\DI::app();
 
 	$user_info = api_get_user($a);
 
 	$item = api_get_last_status($user_info['pid'], $user_info['uid']);
-	if ($item) {
+	if (!empty($item)) {
 		$user_info['status'] = api_format_item($item, $type);
 	}
 
@@ -1409,37 +1412,42 @@ api_register_func('api/externalprofile/show', 'api_users_show');
  */
 function api_users_search($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	$userlist = [];
 
 	if (!empty($_GET['q'])) {
-		$r = q("SELECT id FROM `contact` WHERE `uid` = 0 AND `name` = '%s'", DBA::escape($_GET["q"]));
-
-		if (!DBA::isResult($r)) {
-			$r = q("SELECT `id` FROM `contact` WHERE `uid` = 0 AND `nick` = '%s'", DBA::escape($_GET["q"]));
-		}
+		$contacts = Contact::selectToArray(
+			['id'],
+			[
+				'`uid` = 0 AND (`name` = ? OR `nick` = ? OR `url` = ? OR `addr` = ?)',
+				$_GET['q'],
+				$_GET['q'],
+				$_GET['q'],
+				$_GET['q'],
+			]
+		);
 
-		if (DBA::isResult($r)) {
+		if (DBA::isResult($contacts)) {
 			$k = 0;
-			foreach ($r as $user) {
-				$user_info = api_get_user($a, $user["id"]);
+			foreach ($contacts as $contact) {
+				$user_info = api_get_user($a, $contact['id']);
 
-				if ($type == "xml") {
-					$userlist[$k++.":user"] = $user_info;
+				if ($type == 'xml') {
+					$userlist[$k++ . ':user'] = $user_info;
 				} else {
 					$userlist[] = $user_info;
 				}
 			}
-			$userlist = ["users" => $userlist];
+			$userlist = ['users' => $userlist];
 		} else {
-			throw new BadRequestException("User ".$_GET["q"]." not found.");
+			throw new NotFoundException('User ' . $_GET['q'] . ' not found.');
 		}
 	} else {
-		throw new BadRequestException("No user specified.");
+		throw new BadRequestException('No search term specified.');
 	}
 
-	return api_format_data("users", $type, $userlist);
+	return api_format_data('users', $type, $userlist);
 }
 
 /// @TODO move to top of file or somewhere better
@@ -1466,7 +1474,7 @@ function api_users_lookup($type)
 	if (!empty($_REQUEST['user_id'])) {
 		foreach (explode(',', $_REQUEST['user_id']) as $id) {
 			if (!empty($id)) {
-				$users[] = api_get_user(get_app(), $id);
+				$users[] = api_get_user(DI::app(), $id);
 			}
 		}
 	}
@@ -1497,10 +1505,12 @@ api_register_func('api/users/lookup', 'api_users_lookup', true);
  */
 function api_search($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
-	if (api_user() === false || $user_info === false) { throw new ForbiddenException(); }
+	if (api_user() === false || $user_info === false) {
+		throw new ForbiddenException();
+	}
 
 	if (empty($_REQUEST['q'])) {
 		throw new BadRequestException('q parameter is required.');
@@ -1517,11 +1527,13 @@ function api_search($type)
 	} elseif (!empty($_REQUEST['count'])) {
 		$count = $_REQUEST['count'];
 	}
-	
-	$since_id = defaults($_REQUEST, 'since_id', 0);
-	$max_id = defaults($_REQUEST, 'max_id', 0);
-	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0);
-	$start = $page * $count;
+
+	$since_id = $_REQUEST['since_id'] ?? 0;
+	$max_id = $_REQUEST['max_id'] ?? 0;
+	$page = $_REQUEST['page'] ?? 1;
+
+	$start = max(0, ($page - 1) * $count);
+
 	$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
 	if (preg_match('/^#(\w+)$/', $searchTerm, $matches) === 1 && isset($matches[1])) {
 		$searchTerm = $matches[1];
@@ -1551,7 +1563,7 @@ function api_search($type)
 
 		$condition = [implode(' AND ', $preCondition)];
 	} else {
-		$condition = ["`id` > ? 
+		$condition = ["`id` > ?
 			" . ($exclude_replies ? " AND `id` = `parent` " : ' ') . "
 			AND (`uid` = 0 OR (`uid` = ? AND NOT `global`))
 			AND `body` LIKE CONCAT('%',?,'%')",
@@ -1562,7 +1574,21 @@ function api_search($type)
 		}
 	}
 
-	$statuses = Item::selectForUser(api_user(), [], $condition, $params);
+	$statuses = [];
+
+	if (parse_url($searchTerm, PHP_URL_SCHEME) != '') {
+		$id = Item::fetchByLink($searchTerm, api_user());
+		if (!$id) {
+			// Public post
+			$id = Item::fetchByLink($searchTerm);
+		}
+
+		if (!empty($id)) {
+			$statuses = Item::select([], ['id' => $id]);
+		}
+	}
+
+	$statuses = $statuses ?: Item::selectForUser(api_user(), [], $condition, $params);
 
 	$data['status'] = api_format_items(Item::inArray($statuses), $user_info);
 
@@ -1593,7 +1619,7 @@ api_register_func('api/search', 'api_search', true);
  */
 function api_statuses_home_timeline($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -1609,17 +1635,14 @@ function api_statuses_home_timeline($type)
 	// get last network messages
 
 	// params
-	$count = defaults($_REQUEST, 'count', 20);
-	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0);
-	if ($page < 0) {
-		$page = 0;
-	}
-	$since_id = defaults($_REQUEST, 'since_id', 0);
-	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$count = $_REQUEST['count'] ?? 20;
+	$page = $_REQUEST['page']?? 0;
+	$since_id = $_REQUEST['since_id'] ?? 0;
+	$max_id = $_REQUEST['max_id'] ?? 0;
 	$exclude_replies = !empty($_REQUEST['exclude_replies']);
-	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
+	$conversation_id = $_REQUEST['conversation_id'] ?? 0;
 
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 
 	$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `item`.`id` > ?",
 		api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id];
@@ -1689,7 +1712,7 @@ api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline',
  */
 function api_statuses_public_timeline($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -1699,21 +1722,18 @@ function api_statuses_public_timeline($type)
 	// get last network messages
 
 	// params
-	$count = defaults($_REQUEST, 'count', 20);
-	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] -1 : 0);
-	if ($page < 0) {
-		$page = 0;
-	}
-	$since_id = defaults($_REQUEST, 'since_id', 0);
-	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$count = $_REQUEST['count'] ?? 20;
+	$page = $_REQUEST['page'] ?? 1;
+	$since_id = $_REQUEST['since_id'] ?? 0;
+	$max_id = $_REQUEST['max_id'] ?? 0;
 	$exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0);
-	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
+	$conversation_id = $_REQUEST['conversation_id'] ?? 0;
 
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 
 	if ($exclude_replies && !$conversation_id) {
-		$condition = ["`gravity` IN (?, ?) AND `iid` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall` AND NOT `author`.`hidden`",
-			GRAVITY_PARENT, GRAVITY_COMMENT, $since_id];
+		$condition = ["`gravity` IN (?, ?) AND `iid` > ? AND `private` = ? AND `wall` AND NOT `author`.`hidden`",
+			GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, Item::PUBLIC];
 
 		if ($max_id > 0) {
 			$condition[0] .= " AND `thread`.`iid` <= ?";
@@ -1725,8 +1745,8 @@ function api_statuses_public_timeline($type)
 
 		$r = Item::inArray($statuses);
 	} else {
-		$condition = ["`gravity` IN (?, ?) AND `id` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall` AND `item`.`origin` AND NOT `author`.`hidden`",
-			GRAVITY_PARENT, GRAVITY_COMMENT, $since_id];
+		$condition = ["`gravity` IN (?, ?) AND `id` > ? AND `private` = ? AND `wall` AND `item`.`origin` AND NOT `author`.`hidden`",
+			GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, Item::PUBLIC];
 
 		if ($max_id > 0) {
 			$condition[0] .= " AND `item`.`id` <= ?";
@@ -1765,8 +1785,6 @@ api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline'
 /**
  * Returns the most recent statuses posted by users this node knows about.
  *
- * @brief Returns the list of public federated posts this node knows about
- *
  * @param string $type Return format: json, xml, atom, rss
  * @return array|string
  * @throws BadRequestException
@@ -1777,26 +1795,24 @@ api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline'
  */
 function api_statuses_networkpublic_timeline($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
 		throw new ForbiddenException();
 	}
 
-	$since_id        = defaults($_REQUEST, 'since_id', 0);
-	$max_id          = defaults($_REQUEST, 'max_id', 0);
+	$since_id        = $_REQUEST['since_id'] ?? 0;
+	$max_id          = $_REQUEST['max_id'] ?? 0;
 
 	// pagination
-	$count = defaults($_REQUEST, 'count', 20);
-	$page  = defaults($_REQUEST, 'page', 1);
-	if ($page < 1) {
-		$page = 1;
-	}
-	$start = ($page - 1) * $count;
+	$count = $_REQUEST['count'] ?? 20;
+	$page  = $_REQUEST['page'] ?? 1;
 
-	$condition = ["`uid` = 0 AND `gravity` IN (?, ?) AND `thread`.`iid` > ? AND NOT `private`",
-		GRAVITY_PARENT, GRAVITY_COMMENT, $since_id];
+	$start = max(0, ($page - 1) * $count);
+
+	$condition = ["`uid` = 0 AND `gravity` IN (?, ?) AND `thread`.`iid` > ? AND `private` = ?",
+		GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, Item::PUBLIC];
 
 	if ($max_id > 0) {
 		$condition[0] .= " AND `thread`.`iid` <= ?";
@@ -1840,7 +1856,7 @@ api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpu
  */
 function api_statuses_show($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -1848,15 +1864,15 @@ function api_statuses_show($type)
 	}
 
 	// params
-	$id = intval(defaults($a->argv, 3, 0));
+	$id = intval($a->argv[3] ?? 0);
 
 	if ($id == 0) {
-		$id = intval(defaults($_REQUEST, 'id', 0));
+		$id = intval($_REQUEST['id'] ?? 0);
 	}
 
 	// Hotot workaround
 	if ($id == 0) {
-		$id = intval(defaults($a->argv, 4, 0));
+		$id = intval($a->argv[4] ?? 0);
 	}
 
 	Logger::log('API: api_statuses_show: ' . $id);
@@ -1919,7 +1935,7 @@ api_register_func('api/statuses/show', 'api_statuses_show', true);
  */
 function api_conversation_show($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -1927,24 +1943,21 @@ function api_conversation_show($type)
 	}
 
 	// params
-	$id       = intval(defaults($a->argv , 3         , 0));
-	$since_id = intval(defaults($_REQUEST, 'since_id', 0));
-	$max_id   = intval(defaults($_REQUEST, 'max_id'  , 0));
-	$count    = intval(defaults($_REQUEST, 'count'   , 20));
-	$page     = intval(defaults($_REQUEST, 'page'    , 1)) - 1;
-	if ($page < 0) {
-		$page = 0;
-	}
+	$id       = intval($a->argv[3]           ?? 0);
+	$since_id = intval($_REQUEST['since_id'] ?? 0);
+	$max_id   = intval($_REQUEST['max_id']   ?? 0);
+	$count    = intval($_REQUEST['count']    ?? 20);
+	$page     = intval($_REQUEST['page']     ?? 1);
 
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 
 	if ($id == 0) {
-		$id = intval(defaults($_REQUEST, 'id', 0));
+		$id = intval($_REQUEST['id'] ?? 0);
 	}
 
 	// Hotot workaround
 	if ($id == 0) {
-		$id = intval(defaults($a->argv, 4, 0));
+		$id = intval($a->argv[4] ?? 0);
 	}
 
 	Logger::info(API_LOG_PREFIX . '{subaction}', ['module' => 'api', 'action' => 'conversation', 'subaction' => 'show', 'id' => $id]);
@@ -2004,7 +2017,7 @@ function api_statuses_repeat($type)
 {
 	global $called_api;
 
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -2013,21 +2026,21 @@ function api_statuses_repeat($type)
 	api_get_user($a);
 
 	// params
-	$id = intval(defaults($a->argv, 3, 0));
+	$id = intval($a->argv[3] ?? 0);
 
 	if ($id == 0) {
-		$id = intval(defaults($_REQUEST, 'id', 0));
+		$id = intval($_REQUEST['id'] ?? 0);
 	}
 
 	// Hotot workaround
 	if ($id == 0) {
-		$id = intval(defaults($a->argv, 4, 0));
+		$id = intval($a->argv[4] ?? 0);
 	}
 
 	Logger::log('API: api_statuses_repeat: '.$id);
 
-	$fields = ['body', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink'];
-	$item = Item::selectFirst($fields, ['id' => $id, 'private' => false]);
+	$fields = ['body', 'title', 'attach', 'tag', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink'];
+	$item = Item::selectFirst($fields, ['id' => $id, 'private' => [Item::PUBLIC, Item::UNLISTED]]);
 
 	if (DBA::isResult($item) && $item['body'] != "") {
 		if (strpos($item['body'], "[/share]") !== false) {
@@ -2036,10 +2049,16 @@ function api_statuses_repeat($type)
 		} else {
 			$post = share_header($item['author-name'], $item['author-link'], $item['author-avatar'], $item['guid'], $item['created'], $item['plink']);
 
+			if (!empty($item['title'])) {
+				$post .= '[h3]' . $item['title'] . "[/h3]\n";
+			}
+
 			$post .= $item['body'];
 			$post .= "[/share]";
 		}
 		$_REQUEST['body'] = $post;
+		$_REQUEST['tag'] = $item['tag'];
+		$_REQUEST['attach'] = $item['attach'];
 		$_REQUEST['profile_uid'] = api_user();
 		$_REQUEST['api_source'] = true;
 
@@ -2075,7 +2094,7 @@ api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHO
  */
 function api_statuses_destroy($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -2084,15 +2103,15 @@ function api_statuses_destroy($type)
 	api_get_user($a);
 
 	// params
-	$id = intval(defaults($a->argv, 3, 0));
+	$id = intval($a->argv[3] ?? 0);
 
 	if ($id == 0) {
-		$id = intval(defaults($_REQUEST, 'id', 0));
+		$id = intval($_REQUEST['id'] ?? 0);
 	}
 
 	// Hotot workaround
 	if ($id == 0) {
-		$id = intval(defaults($a->argv, 4, 0));
+		$id = intval($a->argv[4] ?? 0);
 	}
 
 	Logger::log('API: api_statuses_destroy: '.$id);
@@ -2122,7 +2141,7 @@ api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METH
  */
 function api_statuses_mentions($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -2138,27 +2157,42 @@ function api_statuses_mentions($type)
 	// get last network messages
 
 	// params
-	$since_id = defaults($_REQUEST, 'since_id', 0);
-	$max_id   = defaults($_REQUEST, 'max_id'  , 0);
-	$count    = defaults($_REQUEST, 'count'   , 20);
-	$page     = defaults($_REQUEST, 'page'    , 1);
-	if ($page < 1) {
-		$page = 1;
-	}
-
-	$start = ($page - 1) * $count;
-
-	$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `item`.`id` > ? AND `author-id` != ?
-		AND `item`.`parent` IN (SELECT `iid` FROM `thread` WHERE `thread`.`uid` = ? AND `thread`.`mention` AND NOT `thread`.`ignored`)",
-		api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['pid'], api_user()];
+	$since_id = $_REQUEST['since_id'] ?? 0;
+	$max_id   = $_REQUEST['max_id']   ?? 0;
+	$count    = $_REQUEST['count']    ?? 20;
+	$page     = $_REQUEST['page']     ?? 1;
+
+	$start = max(0, ($page - 1) * $count);
+
+	$query = "SELECT `item`.`id` FROM `user-item`
+		INNER JOIN `item` ON `item`.`id` = `user-item`.`iid` AND `item`.`gravity` IN (?, ?)
+		WHERE (`user-item`.`hidden` IS NULL OR NOT `user-item`.`hidden`) AND
+			`user-item`.`uid` = ? AND `user-item`.`notification-type` & ? != 0
+			AND `user-item`.`iid` > ?";
+	$condition = [GRAVITY_PARENT, GRAVITY_COMMENT, api_user(),
+		UserItem::NOTIF_EXPLICIT_TAGGED | UserItem::NOTIF_IMPLICIT_TAGGED |
+		UserItem::NOTIF_THREAD_COMMENT | UserItem::NOTIF_DIRECT_COMMENT |
+		UserItem::NOTIF_DIRECT_THREAD_COMMENT,
+		$since_id];
 
 	if ($max_id > 0) {
-		$condition[0] .= " AND `item`.`id` <= ?";
+		$query .= " AND `item`.`id` <= ?";
 		$condition[] = $max_id;
 	}
 
+	$query .= " ORDER BY `user-item`.`iid` DESC LIMIT ?, ?";
+	$condition[] = $start;
+	$condition[] = $count;
+
+	$useritems = DBA::p($query, $condition);
+	$itemids = [];
+	while ($useritem = DBA::fetch($useritems)) {
+		$itemids[] = $useritem['id'];
+	}
+	DBA::close($useritems);
+
 	$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
-	$statuses = Item::selectForUser(api_user(), [], $condition, $params);
+	$statuses = Item::selectForUser(api_user(), [], ['id' => $itemids], $params);
 
 	$ret = api_format_items(Item::inArray($statuses), $user_info, false, $type);
 
@@ -2181,8 +2215,6 @@ api_register_func('api/statuses/replies', 'api_statuses_mentions', true);
 /**
  * Returns the most recent statuses posted by the user.
  *
- * @brief Returns a user's public timeline
- *
  * @param string $type Either "json" or "xml"
  * @return string|array
  * @throws BadRequestException
@@ -2194,7 +2226,7 @@ api_register_func('api/statuses/replies', 'api_statuses_mentions', true);
  */
 function api_statuses_user_timeline($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -2208,18 +2240,16 @@ function api_statuses_user_timeline($type)
 		Logger::DEBUG
 	);
 
-	$since_id        = defaults($_REQUEST, 'since_id', 0);
-	$max_id          = defaults($_REQUEST, 'max_id', 0);
+	$since_id        = $_REQUEST['since_id'] ?? 0;
+	$max_id          = $_REQUEST['max_id'] ?? 0;
 	$exclude_replies = !empty($_REQUEST['exclude_replies']);
-	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
+	$conversation_id = $_REQUEST['conversation_id'] ?? 0;
 
 	// pagination
-	$count = defaults($_REQUEST, 'count', 20);
-	$page  = defaults($_REQUEST, 'page', 1);
-	if ($page < 1) {
-		$page = 1;
-	}
-	$start = ($page - 1) * $count;
+	$count = $_REQUEST['count'] ?? 20;
+	$page  = $_REQUEST['page'] ?? 1;
+
+	$start = max(0, ($page - 1) * $count);
 
 	$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `item`.`id` > ? AND `item`.`contact-id` = ?",
 		api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['cid']];
@@ -2280,7 +2310,7 @@ api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', tr
  */
 function api_favorites_create_destroy($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -2298,9 +2328,9 @@ function api_favorites_create_destroy($type)
 	}
 	$action = str_replace("." . $type, "", $a->argv[$action_argv_id]);
 	if ($a->argc == $action_argv_id + 2) {
-		$itemid = intval(defaults($a->argv, $action_argv_id + 1, 0));
+		$itemid = intval($a->argv[$action_argv_id + 1] ?? 0);
 	} else {
-		$itemid = intval(defaults($_REQUEST, 'id', 0));
+		$itemid = intval($_REQUEST['id'] ?? 0);
 	}
 
 	$item = Item::selectFirstForUser(api_user(), [], ['id' => $itemid, 'uid' => api_user()]);
@@ -2363,7 +2393,7 @@ function api_favorites($type)
 {
 	global $called_api;
 
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
@@ -2380,15 +2410,12 @@ function api_favorites($type)
 		$ret = [];
 	} else {
 		// params
-		$since_id = defaults($_REQUEST, 'since_id', 0);
-		$max_id = defaults($_REQUEST, 'max_id', 0);
-		$count = defaults($_GET, 'count', 20);
-		$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] -1 : 0);
-		if ($page < 0) {
-			$page = 0;
-		}
+		$since_id = $_REQUEST['since_id'] ?? 0;
+		$max_id = $_REQUEST['max_id'] ?? 0;
+		$count = $_GET['count'] ?? 20;
+		$page = $_REQUEST['page'] ?? 1;
 
-		$start = $page*$count;
+		$start = max(0, ($page - 1) * $count);
 
 		$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `starred`",
 			api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id];
@@ -2439,14 +2466,14 @@ function api_format_messages($item, $recipient, $sender)
 		'sender_id'             => $sender['id'],
 		'text'                  => "",
 		'recipient_id'          => $recipient['id'],
-		'created_at'            => api_date(defaults($item, 'created', DateTimeFormat::utcNow())),
+		'created_at'            => api_date($item['created'] ?? DateTimeFormat::utcNow()),
 		'sender_screen_name'    => $sender['screen_name'],
 		'recipient_screen_name' => $recipient['screen_name'],
 		'sender'                => $sender,
 		'recipient'             => $recipient,
 		'title'                 => "",
-		'friendica_seen'        => defaults($item, 'seen', 0),
-		'friendica_parent_uri'  => defaults($item, 'parent-uri', ''),
+		'friendica_seen'        => $item['seen'] ?? 0,
+		'friendica_parent_uri'  => $item['parent-uri'] ?? '',
 	];
 
 	// "uid" and "self" are only needed for some internal stuff, so remove it from here
@@ -2492,6 +2519,9 @@ function api_format_messages($item, $recipient, $sender)
 function api_convert_item($item)
 {
 	$body = $item['body'];
+	$entities = api_get_entitities($statustext, $body);
+
+	// Add pictures to the attachment array and remove them from the body
 	$attachments = api_get_attachments($body);
 
 	// Workaround for ostatus messages where the title is identically to the body
@@ -2509,11 +2539,11 @@ function api_convert_item($item)
 		$statustext = trim($statustitle."\n\n".$statusbody);
 	}
 
-	if ((defaults($item, 'network', Protocol::PHANTOM) == Protocol::FEED) && (mb_strlen($statustext)> 1000)) {
-		$statustext = mb_substr($statustext, 0, 1000) . "... \n" . defaults($item, 'plink', '');
+	if ((($item['network'] ?? Protocol::PHANTOM) == Protocol::FEED) && (mb_strlen($statustext)> 1000)) {
+		$statustext = mb_substr($statustext, 0, 1000) . "... \n" . ($item['plink'] ?? '');
 	}
 
-	$statushtml = BBCode::convert(api_clean_attachments($body), false);
+	$statushtml = BBCode::convert(BBCode::removeAttachment($body), false);
 
 	// Workaround for clients with limited HTML parser functionality
 	$search = ["
", "
", "
",
@@ -2544,12 +2574,10 @@ function api_convert_item($item)
 	}
 
 	// feeds without body should contain the link
-	if ((defaults($item, 'network', Protocol::PHANTOM) == Protocol::FEED) && (strlen($item['body']) == 0)) {
+	if ((($item['network'] ?? Protocol::PHANTOM) == Protocol::FEED) && (strlen($item['body']) == 0)) {
 		$statushtml .= BBCode::convert($item['plink']);
 	}
 
-	$entities = api_get_entitities($statustext, $body);
-
 	return [
 		"text" => $statustext,
 		"html" => $statushtml,
@@ -2567,32 +2595,29 @@ function api_convert_item($item)
  */
 function api_get_attachments(&$body)
 {
-	$text = $body;
-	$text = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $text);
+	$body = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $body);
+	$body = preg_replace("/\[img\=(.*?)\](.*?)\[\/img\]/ism", '[img]$1[/img]', $body);
 
 	$URLSearchString = "^\[\]";
-	$ret = preg_match_all("/\[img\]([$URLSearchString]*)\[\/img\]/ism", $text, $images);
-
-	if (!$ret) {
+	if (!preg_match_all("/\[img\]([$URLSearchString]*)\[\/img\]/ism", $body, $images)) {
 		return [];
 	}
 
+	// Remove all embedded pictures, since they are added as attachments
+	foreach ($images[0] as $orig) {
+		$body = str_replace($orig, '', $body);
+	}
+
 	$attachments = [];
 
 	foreach ($images[1] as $image) {
-		$imagedata = Image::getInfoFromURL($image);
+		$imagedata = Images::getInfoFromURLCached($image);
 
 		if ($imagedata) {
 			$attachments[] = ["url" => $image, "mimetype" => $imagedata["mime"], "size" => $imagedata["size"]];
 		}
 	}
 
-	if (strstr(defaults($_SERVER, 'HTTP_USER_AGENT', ''), "AndStatus")) {
-		foreach ($images[0] as $orig) {
-			$body = str_replace($orig, "", $body);
-		}
-	}
-
 	return $attachments;
 }
 
@@ -2607,7 +2632,7 @@ function api_get_attachments(&$body)
  */
 function api_get_entitities(&$text, $bbcode)
 {
-	$include_entities = strtolower(defaults($_REQUEST, 'include_entities', "false"));
+	$include_entities = strtolower($_REQUEST['include_entities'] ?? 'false');
 
 	if ($include_entities != "true") {
 		preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images);
@@ -2635,7 +2660,6 @@ function api_get_entitities(&$text, $bbcode)
 	$bbcode = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '#$2', $bbcode);
 
 	$bbcode = preg_replace("/\[bookmark\=([$URLSearchString]*)\](.*?)\[\/bookmark\]/ism", '[url=$1]$2[/url]', $bbcode);
-	//$bbcode = preg_replace("/\[url\](.*?)\[\/url\]/ism",'[url=$1]$1[/url]',$bbcode);
 	$bbcode = preg_replace("/\[video\](.*?)\[\/video\]/ism", '[url=$1]$1[/url]', $bbcode);
 
 	$bbcode = preg_replace(
@@ -2654,12 +2678,10 @@ function api_get_entitities(&$text, $bbcode)
 
 	$bbcode = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $bbcode);
 
-	//preg_match_all("/\[url\]([$URLSearchString]*)\[\/url\]/ism", $bbcode, $urls1);
 	preg_match_all("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", $bbcode, $urls);
 
 	$ordered_urls = [];
 	foreach ($urls[1] as $id => $url) {
-		//$start = strpos($text, $url, $offset);
 		$start = iconv_strpos($text, $url, 0, "UTF-8");
 		if (!($start === false)) {
 			$ordered_urls[$start] = ["url" => $url, "title" => $urls[2][$id]];
@@ -2669,7 +2691,7 @@ function api_get_entitities(&$text, $bbcode)
 	ksort($ordered_urls);
 
 	$offset = 0;
-	//foreach ($urls[1] AS $id=>$url) {
+
 	foreach ($ordered_urls as $url) {
 		if ((substr($url["title"], 0, 7) != "http://") && (substr($url["title"], 0, 8) != "https://")
 			&& !strpos($url["title"], "http://") && !strpos($url["title"], "https://")
@@ -2684,7 +2706,6 @@ function api_get_entitities(&$text, $bbcode)
 			}
 		}
 
-		//$start = strpos($text, $url, $offset);
 		$start = iconv_strpos($text, $url["url"], $offset, "UTF-8");
 		if (!($start === false)) {
 			$entities["urls"][] = ["url" => $url["url"],
@@ -2711,7 +2732,7 @@ function api_get_entitities(&$text, $bbcode)
 			$ordered_images[$start] = ['url' => $image, 'alt' => ''];
 		}
 	}
-	//$entities["media"] = array();
+
 	$offset = 0;
 
 	foreach ($ordered_images as $image) {
@@ -2727,27 +2748,27 @@ function api_get_entitities(&$text, $bbcode)
 
 		$start = iconv_strpos($text, $url, $offset, "UTF-8");
 		if (!($start === false)) {
-			$image = Image::getInfoFromURL($url);
+			$image = Images::getInfoFromURLCached($url);
 			if ($image) {
 				// If image cache is activated, then use the following sizes:
 				// thumb  (150), small (340), medium (600) and large (1024)
-				if (!Config::get("system", "proxy_disabled")) {
+				if (!DI::config()->get("system", "proxy_disabled")) {
 					$media_url = ProxyUtils::proxifyUrl($url);
 
 					$sizes = [];
-					$scale = Image::getScalingDimensions($image[0], $image[1], 150);
+					$scale = Images::getScalingDimensions($image[0], $image[1], 150);
 					$sizes["thumb"] = ["w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"];
 
 					if (($image[0] > 150) || ($image[1] > 150)) {
-						$scale = Image::getScalingDimensions($image[0], $image[1], 340);
+						$scale = Images::getScalingDimensions($image[0], $image[1], 340);
 						$sizes["small"] = ["w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"];
 					}
 
-					$scale = Image::getScalingDimensions($image[0], $image[1], 600);
+					$scale = Images::getScalingDimensions($image[0], $image[1], 600);
 					$sizes["medium"] = ["w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"];
 
 					if (($image[0] > 600) || ($image[1] > 600)) {
-						$scale = Image::getScalingDimensions($image[0], $image[1], 1024);
+						$scale = Images::getScalingDimensions($image[0], $image[1], 1024);
 						$sizes["large"] = ["w" => $scale["width"], "h" => $scale["height"], "resize" => "fit"];
 					}
 				} else {
@@ -2787,7 +2808,7 @@ function api_format_items_embeded_images($item, $text)
 	$text = preg_replace_callback(
 		'|data:image/([^;]+)[^=]+=*|m',
 		function () use ($item) {
-			return System::baseUrl() . '/display/' . $item['guid'];
+			return DI::baseUrl() . '/display/' . $item['guid'];
 		},
 		$text
 	);
@@ -2795,7 +2816,7 @@ function api_format_items_embeded_images($item, $text)
 }
 
 /**
- * @brief return name as array
+ * return name as array
  *
  * @param string $txt text
  * @return array
@@ -2822,7 +2843,7 @@ function api_contactlink_to_array($txt)
 
 
 /**
- * @brief return likes, dislikes and attend status for item
+ * return likes, dislikes and attend status for item
  *
  * @param array  $item array
  * @param string $type Return type (atom, rss, xml, json)
@@ -2837,7 +2858,7 @@ function api_contactlink_to_array($txt)
  */
 function api_format_items_activities($item, $type = "json")
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	$activities = [
 		'like' => [],
@@ -2845,9 +2866,10 @@ function api_format_items_activities($item, $type = "json")
 		'attendyes' => [],
 		'attendno' => [],
 		'attendmaybe' => [],
+		'announce' => [],
 	];
 
-	$condition = ['uid' => $item['uid'], 'thr-parent' => $item['uri']];
+	$condition = ['uid' => $item['uid'], 'thr-parent' => $item['uri'], 'gravity' => GRAVITY_ACTIVITY];
 	$ret = Item::selectForUser($item['uid'], ['author-id', 'verb'], $condition);
 
 	while ($parent_item = Item::fetch($ret)) {
@@ -2857,21 +2879,24 @@ function api_format_items_activities($item, $type = "json")
 		// get user data and add it to the array of the activity
 		$user = api_get_user($a, $parent_item['author-id']);
 		switch ($parent_item['verb']) {
-			case ACTIVITY_LIKE:
+			case Activity::LIKE:
 				$activities['like'][] = $user;
 				break;
-			case ACTIVITY_DISLIKE:
+			case Activity::DISLIKE:
 				$activities['dislike'][] = $user;
 				break;
-			case ACTIVITY_ATTEND:
+			case Activity::ATTEND:
 				$activities['attendyes'][] = $user;
 				break;
-			case ACTIVITY_ATTENDNO:
+			case Activity::ATTENDNO:
 				$activities['attendno'][] = $user;
 				break;
-			case ACTIVITY_ATTENDMAYBE:
+			case Activity::ATTENDMAYBE:
 				$activities['attendmaybe'][] = $user;
 				break;
+			case Activity::ANNOUNCE:
+				$activities['announce'][] = $user;
+				break;
 			default:
 				break;
 		}
@@ -2896,62 +2921,8 @@ function api_format_items_activities($item, $type = "json")
 	return $activities;
 }
 
-
 /**
- * @brief return data from profiles
- *
- * @param array $profile_row array containing data from db table 'profile'
- * @return array
- * @throws InternalServerErrorException
- */
-function api_format_items_profiles($profile_row)
-{
-	$profile = [
-		'profile_id'       => $profile_row['id'],
-		'profile_name'     => $profile_row['profile-name'],
-		'is_default'       => $profile_row['is-default'] ? true : false,
-		'hide_friends'     => $profile_row['hide-friends'] ? true : false,
-		'profile_photo'    => $profile_row['photo'],
-		'profile_thumb'    => $profile_row['thumb'],
-		'publish'          => $profile_row['publish'] ? true : false,
-		'net_publish'      => $profile_row['net-publish'] ? true : false,
-		'description'      => $profile_row['pdesc'],
-		'date_of_birth'    => $profile_row['dob'],
-		'address'          => $profile_row['address'],
-		'city'             => $profile_row['locality'],
-		'region'           => $profile_row['region'],
-		'postal_code'      => $profile_row['postal-code'],
-		'country'          => $profile_row['country-name'],
-		'hometown'         => $profile_row['hometown'],
-		'gender'           => $profile_row['gender'],
-		'marital'          => $profile_row['marital'],
-		'marital_with'     => $profile_row['with'],
-		'marital_since'    => $profile_row['howlong'],
-		'sexual'           => $profile_row['sexual'],
-		'politic'          => $profile_row['politic'],
-		'religion'         => $profile_row['religion'],
-		'public_keywords'  => $profile_row['pub_keywords'],
-		'private_keywords' => $profile_row['prv_keywords'],
-		'likes'            => BBCode::convert(api_clean_plain_items($profile_row['likes'])    , false, 2),
-		'dislikes'         => BBCode::convert(api_clean_plain_items($profile_row['dislikes']) , false, 2),
-		'about'            => BBCode::convert(api_clean_plain_items($profile_row['about'])    , false, 2),
-		'music'            => BBCode::convert(api_clean_plain_items($profile_row['music'])    , false, 2),
-		'book'             => BBCode::convert(api_clean_plain_items($profile_row['book'])     , false, 2),
-		'tv'               => BBCode::convert(api_clean_plain_items($profile_row['tv'])       , false, 2),
-		'film'             => BBCode::convert(api_clean_plain_items($profile_row['film'])     , false, 2),
-		'interest'         => BBCode::convert(api_clean_plain_items($profile_row['interest']) , false, 2),
-		'romance'          => BBCode::convert(api_clean_plain_items($profile_row['romance'])  , false, 2),
-		'work'             => BBCode::convert(api_clean_plain_items($profile_row['work'])     , false, 2),
-		'education'        => BBCode::convert(api_clean_plain_items($profile_row['education']), false, 2),
-		'social_networks'  => BBCode::convert(api_clean_plain_items($profile_row['contact'])  , false, 2),
-		'homepage'         => $profile_row['homepage'],
-		'users'            => null
-	];
-	return $profile;
-}
-
-/**
- * @brief format items to be returned by api
+ * format items to be returned by api
  *
  * @param array  $items       array of items
  * @param array  $user_info
@@ -2965,7 +2936,7 @@ function api_format_items_profiles($profile_row)
  */
 function api_format_items($items, $user_info, $filter_user = false, $type = "json")
 {
-	$a = \Friendica\BaseObject::getApp();
+	$a = Friendica\DI::app();
 
 	$ret = [];
 
@@ -2999,7 +2970,7 @@ function api_format_items($items, $user_info, $filter_user = false, $type = "jso
  */
 function api_format_item($item, $type = "json", $status_user = null, $author_user = null, $owner_user = null)
 {
-	$a = \Friendica\BaseObject::getApp();
+	$a = Friendica\DI::app();
 
 	if (empty($status_user) || empty($author_user) || empty($owner_user)) {
 		list($status_user, $author_user, $owner_user) = api_item_get_user($a, $item);
@@ -3034,12 +3005,14 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use
 		'user' =>  $status_user,
 		'friendica_author' => $author_user,
 		'friendica_owner' => $owner_user,
-		'friendica_private' => $item['private'] == 1,
+		'friendica_private' => $item['private'] == Item::PRIVATE,
 		//'entities' => NULL,
 		'statusnet_html' => $converted["html"],
 		'statusnet_conversation_id' => $item['parent'],
-		'external_url' => System::baseUrl() . "/display/" . $item['guid'],
+		'external_url' => DI::baseUrl() . "/display/" . $item['guid'],
 		'friendica_activities' => api_format_items_activities($item, $type),
+		'friendica_title' => $item['title'],
+		'friendica_html' => BBCode::convert($item['body'], false)
 	];
 
 	if (count($converted["attachments"]) > 0) {
@@ -3051,9 +3024,9 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use
 	}
 
 	if ($status["source"] == 'web') {
-		$status["source"] = ContactSelector::networkToName($item['network'], $item['author-link']);
-	} elseif (ContactSelector::networkToName($item['network'], $item['author-link']) != $status["source"]) {
-		$status["source"] = trim($status["source"].' ('.ContactSelector::networkToName($item['network'], $item['author-link']).')');
+		$status["source"] = ContactSelector::networkToName($item['author-network'], $item['author-link'], $item['network']);
+	} elseif (ContactSelector::networkToName($item['author-network'], $item['author-link'], $item['network']) != $status["source"]) {
+		$status["source"] = trim($status["source"].' ('.ContactSelector::networkToName($item['author-network'], $item['author-link'], $item['network']).')');
 	}
 
 	$retweeted_item = [];
@@ -3078,22 +3051,31 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use
 	}
 
 	if (!empty($quoted_item)) {
-		$conv_quoted = api_convert_item($quoted_item);
-		$quoted_status = $status;
+		if ($quoted_item['id'] != $item['id']) {
+			$quoted_status = api_format_item($quoted_item);
+			/// @todo Only remove the attachments that are also contained in the quotes status
+			unset($status['attachments']);
+			unset($status['entities']);
+		} else {
+			$conv_quoted = api_convert_item($quoted_item);
+			$quoted_status = $status;
+			unset($quoted_status['attachments']);
+			unset($quoted_status['entities']);
+			unset($quoted_status['statusnet_conversation_id']);
+			$quoted_status['text'] = $conv_quoted['text'];
+			$quoted_status['statusnet_html'] = $conv_quoted['html'];
+			try {
+				$quoted_status["user"] = api_get_user($a, $quoted_item["author-id"]);
+			} catch (BadRequestException $e) {
+				// user not found. should be found?
+				/// @todo check if the user should be always found
+				$quoted_status["user"] = [];
+			}
+		}
 		unset($quoted_status['friendica_author']);
 		unset($quoted_status['friendica_owner']);
 		unset($quoted_status['friendica_activities']);
 		unset($quoted_status['friendica_private']);
-		unset($quoted_status['statusnet_conversation_id']);
-		$quoted_status['text'] = $conv_quoted['text'];
-		$quoted_status['statusnet_html'] = $conv_quoted['html'];
-		try {
-			$quoted_status["user"] = api_get_user($a, $quoted_item["author-id"]);
-		} catch (BadRequestException $e) {
-			// user not found. should be found?
-			/// @todo check if the user should be always found
-			$quoted_status["user"] = [];
-		}
 	}
 
 	if (!empty($retweeted_item)) {
@@ -3243,7 +3225,7 @@ api_register_func('api/lists/subscriptions', 'api_lists_list', true);
  */
 function api_lists_ownerships($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -3292,7 +3274,7 @@ api_register_func('api/lists/ownerships', 'api_lists_ownerships', true);
  */
 function api_lists_statuses($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	$user_info = api_get_user($a);
 	if (api_user() === false || $user_info === false) {
@@ -3310,17 +3292,14 @@ function api_lists_statuses($type)
 	}
 
 	// params
-	$count = defaults($_REQUEST, 'count', 20);
-	$page = (!empty($_REQUEST['page']) ? $_REQUEST['page'] - 1 : 0);
-	if ($page < 0) {
-		$page = 0;
-	}
-	$since_id = defaults($_REQUEST, 'since_id', 0);
-	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$count = $_REQUEST['count'] ?? 20;
+	$page = $_REQUEST['page'] ?? 1;
+	$since_id = $_REQUEST['since_id'] ?? 0;
+	$max_id = $_REQUEST['max_id'] ?? 0;
 	$exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0);
-	$conversation_id = defaults($_REQUEST, 'conversation_id', 0);
+	$conversation_id = $_REQUEST['conversation_id'] ?? 0;
 
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 
 	$condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `group_member`.`gid` = ?",
 		api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $_REQUEST['list_id']];
@@ -3358,11 +3337,11 @@ function api_lists_statuses($type)
 api_register_func('api/lists/statuses', 'api_lists_statuses', true);
 
 /**
+ * Returns either the friends of the follower list
+ *
  * Considers friends and followers lists to be private and won't return
  * anything if any user_id parameter is passed.
  *
- * @brief Returns either the friends of the follower list
- *
  * @param string $qtype Either "friends" or "followers"
  * @return boolean|array
  * @throws BadRequestException
@@ -3373,19 +3352,17 @@ api_register_func('api/lists/statuses', 'api_lists_statuses', true);
  */
 function api_statuses_f($qtype)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
 	}
 
 	// pagination
-	$count = defaults($_GET, 'count', 20);
-	$page = defaults($_GET, 'page', 1);
-	if ($page < 1) {
-		$page = 1;
-	}
-	$start = ($page - 1) * $count;
+	$count = $_GET['count'] ?? 20;
+	$page = $_GET['page'] ?? 1;
+
+	$start = max(0, ($page - 1) * $count);
 
 	$user_info = api_get_user($a);
 
@@ -3451,9 +3428,7 @@ function api_statuses_f($qtype)
 
 
 /**
- * Returns the user's friends.
- *
- * @brief      Returns the list of friends of the provided user
+ * Returns the list of friends of the provided user
  *
  * @deprecated By Twitter API in favor of friends/list
  *
@@ -3472,9 +3447,7 @@ function api_statuses_friends($type)
 }
 
 /**
- * Returns the user's followers.
- *
- * @brief      Returns the list of followers of the provided user
+ * Returns the list of followers of the provided user
  *
  * @deprecated By Twitter API in favor of friends/list
  *
@@ -3558,17 +3531,15 @@ api_register_func('api/friendships/incoming', 'api_friendships_incoming', true);
  */
 function api_statusnet_config($type)
 {
-	$a = \get_app();
-
-	$name      = Config::get('config', 'sitename');
-	$server    = $a->getHostName();
-	$logo      = System::baseUrl() . '/images/friendica-64.png';
-	$email     = Config::get('config', 'admin_email');
-	$closed    = intval(Config::get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED ? 'true' : 'false';
-	$private   = Config::get('system', 'block_public') ? 'true' : 'false';
-	$textlimit = (string) Config::get('config', 'api_import_size', Config::get('config', 'max_import_size', 200000));
-	$ssl       = Config::get('system', 'have_ssl') ? 'true' : 'false';
-	$sslserver = Config::get('system', 'have_ssl') ? str_replace('http:', 'https:', System::baseUrl()) : '';
+	$name      = DI::config()->get('config', 'sitename');
+	$server    = DI::baseUrl()->getHostname();
+	$logo      = DI::baseUrl() . '/images/friendica-64.png';
+	$email     = DI::config()->get('config', 'admin_email');
+	$closed    = intval(DI::config()->get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED ? 'true' : 'false';
+	$private   = DI::config()->get('system', 'block_public') ? 'true' : 'false';
+	$textlimit = (string) DI::config()->get('config', 'api_import_size', DI::config()->get('config', 'max_import_size', 200000));
+	$ssl       = DI::config()->get('system', 'have_ssl') ? 'true' : 'false';
+	$sslserver = DI::config()->get('system', 'have_ssl') ? str_replace('http:', 'https:', DI::baseUrl()) : '';
 
 	$config = [
 		'site' => ['name' => $name,'server' => $server, 'theme' => 'default', 'path' => '',
@@ -3614,6 +3585,7 @@ api_register_func('api/statusnet/version', 'api_statusnet_version', false);
  *
  * @param string $type Return type (atom, rss, xml, json)
  *
+ * @param int $rel A contact relationship constant
  * @return array|string|void
  * @throws BadRequestException
  * @throws ForbiddenException
@@ -3622,38 +3594,41 @@ api_register_func('api/statusnet/version', 'api_statusnet_version', false);
  * @throws UnauthorizedException
  * @todo use api_format_data() to return data
  */
-function api_ff_ids($type)
+function api_ff_ids($type, int $rel)
 {
 	if (!api_user()) {
 		throw new ForbiddenException();
 	}
 
-	$a = \get_app();
+	$a = DI::app();
 
 	api_get_user($a);
 
-	$stringify_ids = defaults($_REQUEST, 'stringify_ids', false);
+	$stringify_ids = $_REQUEST['stringify_ids'] ?? false;
 
-	$r = q(
-		"SELECT `pcontact`.`id` FROM `contact`
-			INNER JOIN `contact` AS `pcontact` ON `contact`.`nurl` = `pcontact`.`nurl` AND `pcontact`.`uid` = 0
-			WHERE `contact`.`uid` = %s AND NOT `contact`.`self`",
-		intval(api_user())
+	$contacts = DBA::p("SELECT `pcontact`.`id`
+		FROM `contact`
+		INNER JOIN `contact` AS `pcontact`
+		    ON `contact`.`nurl` = `pcontact`.`nurl`
+		    AND `pcontact`.`uid` = 0
+		WHERE `contact`.`uid` = ?
+		AND NOT `contact`.`self`
+		AND `contact`.`rel` IN (?, ?)",
+		api_user(),
+		$rel,
+		Contact::FRIEND
 	);
-	if (!DBA::isResult($r)) {
-		return;
-	}
 
 	$ids = [];
-	foreach ($r as $rr) {
+	foreach (DBA::toArray($contacts) as $contact) {
 		if ($stringify_ids) {
-			$ids[] = $rr['id'];
+			$ids[] = $contact['id'];
 		} else {
-			$ids[] = intval($rr['id']);
+			$ids[] = intval($contact['id']);
 		}
 	}
 
-	return api_format_data("ids", $type, ['id' => $ids]);
+	return api_format_data('ids', $type, ['id' => $ids]);
 }
 
 /**
@@ -3664,11 +3639,14 @@ function api_ff_ids($type)
  * @return array|string
  * @throws BadRequestException
  * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friends-ids
  */
 function api_friends_ids($type)
 {
-	return api_ff_ids($type);
+	return api_ff_ids($type, Contact::SHARING);
 }
 
 /**
@@ -3679,11 +3657,14 @@ function api_friends_ids($type)
  * @return array|string
  * @throws BadRequestException
  * @throws ForbiddenException
+ * @throws ImagickException
+ * @throws InternalServerErrorException
+ * @throws UnauthorizedException
  * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-followers-ids
  */
 function api_followers_ids($type)
 {
-	return api_ff_ids($type);
+	return api_ff_ids($type, Contact::FOLLOWER);
 }
 
 /// @TODO move to top of file or somewhere better
@@ -3706,7 +3687,7 @@ api_register_func('api/followers/ids', 'api_followers_ids', true);
  */
 function api_direct_messages_new($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -3783,9 +3764,7 @@ function api_direct_messages_new($type)
 api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, API_METHOD_POST);
 
 /**
- * Destroys a direct message.
- *
- * @brief delete a direct_message from mail table through api
+ * delete a direct_message from mail table through api
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
@@ -3798,7 +3777,7 @@ api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, AP
  */
 function api_direct_messages_destroy($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -3807,9 +3786,9 @@ function api_direct_messages_destroy($type)
 	// params
 	$user_info = api_get_user($a);
 	//required
-	$id = defaults($_REQUEST, 'id', 0);
+	$id = $_REQUEST['id'] ?? 0;
 	// optional
-	$parenturi = defaults($_REQUEST, 'friendica_parenturi', "");
+	$parenturi = $_REQUEST['friendica_parenturi'] ?? '';
 	$verbose = (!empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false");
 	/// @todo optional parameter 'include_entities' from Twitter API not yet implemented
 
@@ -3871,8 +3850,6 @@ api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy',
 /**
  * Unfollow Contact
  *
- * @brief unfollow contact
- *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
  * @throws BadRequestException
@@ -3890,7 +3867,7 @@ function api_friendships_destroy($type)
 		throw new ForbiddenException();
 	}
 
-	$contact_id = defaults($_REQUEST, 'user_id');
+	$contact_id = $_REQUEST['user_id'] ?? 0;
 
 	if (empty($contact_id)) {
 		Logger::notice(API_LOG_PREFIX . 'No user_id specified', ['module' => 'api', 'action' => 'friendships_destroy']);
@@ -3966,22 +3943,19 @@ api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, AP
  */
 function api_direct_messages_box($type, $box, $verbose)
 {
-	$a = \get_app();
+	$a = DI::app();
 	if (api_user() === false) {
 		throw new ForbiddenException();
 	}
 	// params
-	$count = defaults($_GET, 'count', 20);
-	$page = defaults($_REQUEST, 'page', 1) - 1;
-	if ($page < 0) {
-		$page = 0;
-	}
+	$count = $_GET['count'] ?? 20;
+	$page = $_REQUEST['page'] ?? 1;
 
-	$since_id = defaults($_REQUEST, 'since_id', 0);
-	$max_id = defaults($_REQUEST, 'max_id', 0);
+	$since_id = $_REQUEST['since_id'] ?? 0;
+	$max_id = $_REQUEST['max_id'] ?? 0;
 
-	$user_id = defaults($_REQUEST, 'user_id', '');
-	$screen_name = defaults($_REQUEST, 'screen_name', '');
+	$user_id = $_REQUEST['user_id'] ?? '';
+	$screen_name = $_REQUEST['screen_name'] ?? '';
 
 	//  caller user info
 	unset($_REQUEST["user_id"]);
@@ -3997,7 +3971,7 @@ function api_direct_messages_box($type, $box, $verbose)
 	$profile_url = $user_info["url"];
 
 	// pagination
-	$start = $page * $count;
+	$start = max(0, ($page - 1) * $count);
 
 	$sql_extra = "";
 
@@ -4005,7 +3979,7 @@ function api_direct_messages_box($type, $box, $verbose)
 	if ($box=="sentbox") {
 		$sql_extra = "`mail`.`from-url`='" . DBA::escape($profile_url) . "'";
 	} elseif ($box == "conversation") {
-		$sql_extra = "`mail`.`parent-uri`='" . DBA::escape(defaults($_GET, 'uri', ''))  . "'";
+		$sql_extra = "`mail`.`parent-uri`='" . DBA::escape($_GET['uri'] ?? '')  . "'";
 	} elseif ($box == "all") {
 		$sql_extra = "true";
 	} elseif ($box == "inbox") {
@@ -4171,7 +4145,7 @@ api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);
 
 
 /**
- * @brief delete a complete photoalbum with all containing photos from database through api
+ * delete a complete photoalbum with all containing photos from database through api
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
@@ -4185,7 +4159,7 @@ function api_fr_photoalbum_delete($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$album = defaults($_REQUEST, 'album', "");
+	$album = $_REQUEST['album'] ?? '';
 
 	// we do not allow calls without album string
 	if ($album == "") {
@@ -4226,7 +4200,7 @@ function api_fr_photoalbum_delete($type)
 }
 
 /**
- * @brief update the name of the album for all photos of an album
+ * update the name of the album for all photos of an album
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
@@ -4240,8 +4214,8 @@ function api_fr_photoalbum_update($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$album = defaults($_REQUEST, 'album', "");
-	$album_new = defaults($_REQUEST, 'album_new', "");
+	$album = $_REQUEST['album'] ?? '';
+	$album_new = $_REQUEST['album_new'] ?? '';
 
 	// we do not allow calls without album string
 	if ($album == "") {
@@ -4268,7 +4242,7 @@ function api_fr_photoalbum_update($type)
 
 
 /**
- * @brief list all photos of the authenticated user
+ * list all photos of the authenticated user
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
@@ -4299,7 +4273,7 @@ function api_fr_photos_list($type)
 			$photo['album'] = $rr['album'];
 			$photo['filename'] = $rr['filename'];
 			$photo['type'] = $rr['type'];
-			$thumb = System::baseUrl() . "/photo/" . $rr['resource-id'] . "-" . $rr['scale'] . "." . $typetoext[$rr['type']];
+			$thumb = DI::baseUrl() . "/photo/" . $rr['resource-id'] . "-" . $rr['scale'] . "." . $typetoext[$rr['type']];
 			$photo['created'] = $rr['created'];
 			$photo['edited'] = $rr['edited'];
 			$photo['desc'] = $rr['desc'];
@@ -4316,7 +4290,7 @@ function api_fr_photos_list($type)
 }
 
 /**
- * @brief upload a new photo or change an existing photo
+ * upload a new photo or change an existing photo
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
@@ -4332,14 +4306,14 @@ function api_fr_photo_create_update($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$photo_id = defaults($_REQUEST, 'photo_id', null);
-	$desc = defaults($_REQUEST, 'desc', (array_key_exists('desc', $_REQUEST) ? "" : null)) ; // extra check necessary to distinguish between 'not provided' and 'empty string'
-	$album = defaults($_REQUEST, 'album', null);
-	$album_new = defaults($_REQUEST, 'album_new', null);
-	$allow_cid = defaults($_REQUEST, 'allow_cid', (array_key_exists('allow_cid', $_REQUEST) ? " " : null));
-	$deny_cid  = defaults($_REQUEST, 'deny_cid' , (array_key_exists('deny_cid' , $_REQUEST) ? " " : null));
-	$allow_gid = defaults($_REQUEST, 'allow_gid', (array_key_exists('allow_gid', $_REQUEST) ? " " : null));
-	$deny_gid  = defaults($_REQUEST, 'deny_gid' , (array_key_exists('deny_gid' , $_REQUEST) ? " " : null));
+	$photo_id  = $_REQUEST['photo_id']  ?? null;
+	$desc      = $_REQUEST['desc']      ?? null;
+	$album     = $_REQUEST['album']     ?? null;
+	$album_new = $_REQUEST['album_new'] ?? null;
+	$allow_cid = $_REQUEST['allow_cid'] ?? null;
+	$deny_cid  = $_REQUEST['deny_cid' ] ?? null;
+	$allow_gid = $_REQUEST['allow_gid'] ?? null;
+	$deny_gid  = $_REQUEST['deny_gid' ] ?? null;
 	$visibility = !empty($_REQUEST['visibility']) && $_REQUEST['visibility'] !== "false";
 
 	// do several checks on input parameters
@@ -4455,7 +4429,7 @@ function api_fr_photo_create_update($type)
 }
 
 /**
- * @brief delete a single photo from the database through api
+ * delete a single photo from the database through api
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
@@ -4470,7 +4444,7 @@ function api_fr_photo_delete($type)
 	}
 
 	// input params
-	$photo_id = defaults($_REQUEST, 'photo_id', null);
+	$photo_id = $_REQUEST['photo_id'] ?? null;
 
 	// do several checks on input parameters
 	// we do not allow calls without photo id
@@ -4508,7 +4482,7 @@ function api_fr_photo_delete($type)
 
 
 /**
- * @brief returns the details of a specified photo id, if scale is given, returns the photo data in base 64
+ * returns the details of a specified photo id, if scale is given, returns the photo data in base 64
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
@@ -4537,9 +4511,7 @@ function api_fr_photo_detail($type)
 
 
 /**
- * Updates the user’s profile image.
- *
- * @brief updates the profile image for the user (either a specified profile or the default profile)
+ * updates the profile image for the user (either a specified profile or the default profile)
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  *
@@ -4557,7 +4529,7 @@ function api_account_update_profile_image($type)
 		throw new ForbiddenException();
 	}
 	// input params
-	$profile_id = defaults($_REQUEST, 'profile_id', 0);
+	$profile_id = $_REQUEST['profile_id'] ?? 0;
 
 	// error if image data is missing
 	if (empty($_FILES['image'])) {
@@ -4584,7 +4556,7 @@ function api_account_update_profile_image($type)
 		$media = $_FILES['media'];
 	}
 	// save new profile image
-	$data = save_media_to_database("profileimage", $media, $type, L10n::t('Profile Photos'), "", "", "", "", "", $is_default_profile);
+	$data = save_media_to_database("profileimage", $media, $type, DI::l10n()->t('Profile Photos'), "", "", "", "", "", $is_default_profile);
 
 	// get filetype
 	if (is_array($media['type'])) {
@@ -4605,16 +4577,16 @@ function api_account_update_profile_image($type)
 		$condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], api_user()];
 		Photo::update(['profile' => false], $condition);
 	} else {
-		$fields = ['photo' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext,
-			'thumb' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext];
+		$fields = ['photo' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext,
+			'thumb' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext];
 		DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => api_user()]);
 	}
 
 	Contact::updateSelfFromUserID(api_user(), true);
 
 	// Update global directory in background
-	$url = System::baseUrl() . '/profile/' . \get_app()->user['nickname'];
-	if ($url && strlen(Config::get('system', 'directory'))) {
+	$url = DI::baseUrl() . '/profile/' . DI::app()->user['nickname'];
+	if ($url && strlen(DI::config()->get('system', 'directory'))) {
 		Worker::add(PRIORITY_LOW, "Directory", $url);
 	}
 
@@ -4654,7 +4626,7 @@ api_register_func('api/account/update_profile_image', 'api_account_update_profil
 function api_account_update_profile($type)
 {
 	$local_user = api_user();
-	$api_user = api_get_user(get_app());
+	$api_user = api_get_user(DI::app());
 
 	if (!empty($_POST['name'])) {
 		DBA::update('profile', ['name' => $_POST['name']], ['uid' => $local_user]);
@@ -4671,7 +4643,7 @@ function api_account_update_profile($type)
 
 	Worker::add(PRIORITY_LOW, 'ProfileUpdate', $local_user);
 	// Update global directory in background
-	if ($api_user['url'] && strlen(Config::get('system', 'directory'))) {
+	if ($api_user['url'] && strlen(DI::config()->get('system', 'directory'))) {
 		Worker::add(PRIORITY_LOW, "Directory", $api_user['url']);
 	}
 
@@ -4689,9 +4661,10 @@ api_register_func('api/account/update_profile', 'api_account_update_profile', tr
  */
 function check_acl_input($acl_string)
 {
-	if ($acl_string == null || $acl_string == " ") {
+	if (empty($acl_string)) {
 		return false;
 	}
+
 	$contact_not_found = false;
 
 	// split  into array of cid's
@@ -4709,7 +4682,6 @@ function check_acl_input($acl_string)
 }
 
 /**
- *
  * @param string  $mediatype
  * @param array   $media
  * @param string  $type
@@ -4728,6 +4700,7 @@ function check_acl_input($acl_string)
  * @throws ImagickException
  * @throws InternalServerErrorException
  * @throws NotFoundException
+ * @throws UnauthorizedException
  */
 function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $profile = 0, $visibility = false, $photo_id = null)
 {
@@ -4761,7 +4734,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 	}
 
 	if ($filetype == "") {
-		$filetype=Image::guessType($filename);
+		$filetype = Images::guessType($filename);
 	}
 	$imagedata = @getimagesize($src);
 	if ($imagedata) {
@@ -4778,7 +4751,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 		throw new InternalServerErrorException("image size exceeds PHP config settings, file was rejected by server");
 	}
 	// check against max upload size within Friendica instance
-	$maximagesize = Config::get('system', 'maximagesize');
+	$maximagesize = DI::config()->get('system', 'maximagesize');
 	if ($maximagesize && ($filesize > $maximagesize)) {
 		$formattedBytes = Strings::formatBytes($maximagesize);
 		throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)");
@@ -4796,7 +4769,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 	@unlink($src);
 
 	// check max length of images on server
-	$max_length = Config::get('system', 'max_image_length');
+	$max_length = DI::config()->get('system', 'max_image_length');
 	if (!$max_length) {
 		$max_length = MAX_IMAGE_LENGTH;
 	}
@@ -4808,19 +4781,19 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 	$height = $Image->getHeight();
 
 	// create a new resource-id if not already provided
-	$hash = ($photo_id == null) ? Photo::newResource() : $photo_id;
+	$resource_id = ($photo_id == null) ? Photo::newResource() : $photo_id;
 
 	if ($mediatype == "photo") {
 		// upload normal image (scales 0, 1, 2)
 		Logger::log("photo upload: starting new photo upload", Logger::DEBUG);
 
-		$r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 0, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+		$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 0, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 		if (!$r) {
 			Logger::log("photo upload: image upload with scale 0 (original size) failed");
 		}
 		if ($width > 640 || $height > 640) {
 			$Image->scaleDown(640);
-			$r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 1, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 1, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				Logger::log("photo upload: image upload with scale 1 (640x640) failed");
 			}
@@ -4828,7 +4801,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 
 		if ($width > 320 || $height > 320) {
 			$Image->scaleDown(320);
-			$r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 2, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 2, 0, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				Logger::log("photo upload: image upload with scale 2 (320x320) failed");
 			}
@@ -4840,7 +4813,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 
 		if ($width > 300 || $height > 300) {
 			$Image->scaleDown(300);
-			$r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 4, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 4, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				Logger::log("photo upload: profile image upload with scale 4 (300x300) failed");
 			}
@@ -4848,7 +4821,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 
 		if ($width > 80 || $height > 80) {
 			$Image->scaleDown(80);
-			$r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 5, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 5, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				Logger::log("photo upload: profile image upload with scale 5 (80x80) failed");
 			}
@@ -4856,7 +4829,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 
 		if ($width > 48 || $height > 48) {
 			$Image->scaleDown(48);
-			$r = Photo::store($Image, local_user(), $visitor, $hash, $filename, $album, 6, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
+			$r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 6, $profile, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc);
 			if (!$r) {
 				Logger::log("photo upload: profile image upload with scale 6 (48x48) failed");
 			}
@@ -4868,10 +4841,10 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $
 	if (isset($r) && $r) {
 		// create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo
 		if ($photo_id == null && $mediatype == "photo") {
-			post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility);
+			post_photo_item($resource_id, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility);
 		}
 		// on success return image data in json/xml format (like /api/friendica/photo does when no scale is given)
-		return prepare_photo_data($type, false, $hash);
+		return prepare_photo_data($type, false, $resource_id);
 	} else {
 		throw new InternalServerErrorException("image upload failed");
 	}
@@ -4924,8 +4897,8 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f
 			];
 
 	// adds link to the thumbnail scale photo
-	$arr['body'] = '[url=' . System::baseUrl() . '/photos/' . $owner_record['nick'] . '/image/' . $hash . ']'
-				. '[img]' . System::baseUrl() . '/photo/' . $hash . '-' . "2" . '.'. $typetoext[$filetype] . '[/img]'
+	$arr['body'] = '[url=' . DI::baseUrl() . '/photos/' . $owner_record['nick'] . '/image/' . $hash . ']'
+				. '[img]' . DI::baseUrl() . '/photo/' . $hash . '-' . "2" . '.'. $typetoext[$filetype] . '[/img]'
 				. '[/url]';
 
 	// do the magic for storing the item in the database and trigger the federation to other contacts
@@ -4948,7 +4921,7 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f
  */
 function prepare_photo_data($type, $scale, $photo_id)
 {
-	$a = \get_app();
+	$a = DI::app();
 	$user_info = api_get_user($a);
 
 	if ($user_info === false) {
@@ -4993,14 +4966,14 @@ function prepare_photo_data($type, $scale, $photo_id)
 			for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) {
 				$data['photo']['links'][$k . ":link"]["@attributes"] = ["type" => $data['photo']['type'],
 										"scale" => $k,
-										"href" => System::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]];
+										"href" => DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]];
 			}
 		} else {
 			$data['photo']['link'] = [];
 			// when we have profile images we could have only scales from 4 to 6, but index of array always needs to start with 0
 			$i = 0;
 			for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) {
-				$data['photo']['link'][$i] = System::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']];
+				$data['photo']['link'][$i] = DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']];
 				$i++;
 			}
 		}
@@ -5014,6 +4987,9 @@ function prepare_photo_data($type, $scale, $photo_id)
 	// retrieve item element for getting activities (like, dislike etc.) related to photo
 	$condition = ['uid' => local_user(), 'resource-id' => $photo_id, 'type' => 'photo'];
 	$item = Item::selectFirstForUser(local_user(), ['id'], $condition);
+	if (!DBA::isResult($item)) {
+		throw new NotFoundException('Photo-related item not found.');
+	}
 
 	$data['photo']['friendica_activities'] = api_format_items_activities($item, $type);
 
@@ -5062,8 +5038,8 @@ function prepare_photo_data($type, $scale, $photo_id)
  */
 function api_friendica_remoteauth()
 {
-	$url = defaults($_GET, 'url', '');
-	$c_url = defaults($_GET, 'c_url', '');
+	$url = $_GET['url'] ?? '';
+	$c_url = $_GET['c_url'] ?? '';
 
 	if ($url === '' || $c_url === '') {
 		throw new BadRequestException("Wrong parameters.");
@@ -5074,14 +5050,17 @@ function api_friendica_remoteauth()
 	// traditional DFRN
 
 	$contact = DBA::selectFirst('contact', [], ['uid' => api_user(), 'nurl' => $c_url]);
-
-	if (!DBA::isResult($contact) || ($contact['network'] !== Protocol::DFRN)) {
+	if (!DBA::isResult($contact)) {
 		throw new BadRequestException("Unknown contact");
 	}
 
 	$cid = $contact['id'];
 
-	$dfrn_id = defaults($contact, 'issued-id', $contact['dfrn-id']);
+	$dfrn_id = $contact['issued-id'] ?: $contact['dfrn-id'];
+
+	if (($contact['network'] !== Protocol::DFRN) || empty($dfrn_id)) {
+		System::externalRedirect($url ?: $c_url);
+	}
 
 	if ($contact['duplex'] && $contact['issued-id']) {
 		$orig_id = $contact['issued-id'];
@@ -5133,7 +5112,7 @@ function api_get_announce($item)
 	}
 
 	$fields = ['author-id', 'author-name', 'author-link', 'author-avatar'];
-	$activity = Item::activityToIndex(ACTIVITY2_ANNOUNCE);
+	$activity = Item::activityToIndex(Activity::ANNOUNCE);
 	$condition = ['parent-uri' => $item['uri'], 'gravity' => GRAVITY_ACTIVITY, 'uid' => [0, $item['uid']], 'activity' => $activity];
 	$announce = Item::selectFirstForUser($item['uid'], $fields, $condition, ['order' => ['received' => true]]);
 	if (!DBA::isResult($announce)) {
@@ -5144,7 +5123,7 @@ function api_get_announce($item)
 }
 
 /**
- * @brief Return the item shared, if the item contains only the [share] tag
+ * Return the item shared, if the item contains only the [share] tag
  *
  * @param array $item Sharer item
  * @return array|false Shared item or false if not a reshare
@@ -5169,186 +5148,48 @@ function api_share_as_retweet(&$item)
 		}
 	}
 
-	/// @TODO "$1" should maybe mean '$1' ?
-	$attributes = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism", "$1", $body);
-	/*
-	 * Skip if there is no shared message in there
-	 * we already checked this in diaspora::isReshare()
-	 * but better one more than one less...
-	 */
-	if (($body == $attributes) || empty($attributes)) {
+	$reshared = Item::getShareArray($item);
+	if (empty($reshared)) {
 		return false;
 	}
 
-	// build the fake reshared item
 	$reshared_item = $item;
 
-	$author = "";
-	preg_match("/author='(.*?)'/ism", $attributes, $matches);
-	if (!empty($matches[1])) {
-		$author = html_entity_decode($matches[1], ENT_QUOTES, 'UTF-8');
-	}
-
-	preg_match('/author="(.*?)"/ism', $attributes, $matches);
-	if (!empty($matches[1])) {
-		$author = $matches[1];
-	}
-
-	$profile = "";
-	preg_match("/profile='(.*?)'/ism", $attributes, $matches);
-	if (!empty($matches[1])) {
-		$profile = $matches[1];
-	}
-
-	preg_match('/profile="(.*?)"/ism', $attributes, $matches);
-	if (!empty($matches[1])) {
-		$profile = $matches[1];
-	}
-
-	$avatar = "";
-	preg_match("/avatar='(.*?)'/ism", $attributes, $matches);
-	if (!empty($matches[1])) {
-		$avatar = $matches[1];
-	}
-
-	preg_match('/avatar="(.*?)"/ism', $attributes, $matches);
-	if (!empty($matches[1])) {
-		$avatar = $matches[1];
-	}
-
-	$link = "";
-	preg_match("/link='(.*?)'/ism", $attributes, $matches);
-	if (!empty($matches[1])) {
-		$link = $matches[1];
-	}
-
-	preg_match('/link="(.*?)"/ism', $attributes, $matches);
-	if (!empty($matches[1])) {
-		$link = $matches[1];
-	}
-
-	$posted = "";
-	preg_match("/posted='(.*?)'/ism", $attributes, $matches);
-	if (!empty($matches[1])) {
-		$posted = $matches[1];
-	}
-
-	preg_match('/posted="(.*?)"/ism', $attributes, $matches);
-	if (!empty($matches[1])) {
-		$posted = $matches[1];
-	}
-
-	if (!preg_match("/(.*?)\[share.*?\]\s?(.*?)\s?\[\/share\]\s?(.*?)/ism", $body, $matches)) {
+	if (empty($reshared['shared']) || empty($reshared['profile']) || empty($reshared['author']) || empty($reshared['avatar']) || empty($reshared['posted'])) {
 		return false;
 	}
 
-	$pre_body = trim($matches[1]);
-	if ($pre_body != '') {
-		$item['body'] = $pre_body;
-	}
-
-	$shared_body = trim($matches[2]);
-
-	if (($shared_body == "") || ($profile == "") || ($author == "") || ($avatar == "") || ($posted == "")) {
-		return false;
-	}
-
-	$reshared_item["share-pre-body"] = $pre_body;
-	$reshared_item["body"] = $shared_body;
-	$reshared_item["author-id"] = Contact::getIdForURL($profile, 0, true);
-	$reshared_item["author-name"] = $author;
-	$reshared_item["author-link"] = $profile;
-	$reshared_item["author-avatar"] = $avatar;
-	$reshared_item["plink"] = $link;
-	$reshared_item["created"] = $posted;
-	$reshared_item["edited"] = $posted;
-
-	return $reshared_item;
-}
-
-/**
- *
- * @param string $profile
- *
- * @return string|false
- * @throws InternalServerErrorException
- * @todo remove trailing junk from profile url
- * @todo pump.io check has to check the website
- */
-function api_get_nick($profile)
-{
-	$nick = "";
-
-	$r = q(
-		"SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'",
-		DBA::escape(Strings::normaliseLink($profile))
-	);
-
-	if (DBA::isResult($r)) {
-		$nick = $r[0]["nick"];
-	}
-
-	if (!$nick == "") {
-		$r = q(
-			"SELECT `nick` FROM `contact` WHERE `uid` = 0 AND `nurl` = '%s'",
-			DBA::escape(Strings::normaliseLink($profile))
-		);
-
-		if (DBA::isResult($r)) {
-			$nick = $r[0]["nick"];
-		}
+	if (!empty($reshared['comment'])) {
+		$item['body'] = $reshared['comment'];
 	}
 
-	if (!$nick == "") {
-		$friendica = preg_replace("=https?://(.*)/profile/(.*)=ism", "$2", $profile);
-		if ($friendica != $profile) {
-			$nick = $friendica;
-		}
-	}
+	$reshared_item["share-pre-body"] = $reshared['comment'];
+	$reshared_item["body"] = $reshared['shared'];
+	$reshared_item["author-id"] = Contact::getIdForURL($reshared['profile'], 0, true);
+	$reshared_item["author-name"] = $reshared['author'];
+	$reshared_item["author-link"] = $reshared['profile'];
+	$reshared_item["author-avatar"] = $reshared['avatar'];
+	$reshared_item["plink"] = $reshared['link'] ?? '';
+	$reshared_item["created"] = $reshared['posted'];
+	$reshared_item["edited"] = $reshared['posted'];
 
-	if (!$nick == "") {
-		$diaspora = preg_replace("=https?://(.*)/u/(.*)=ism", "$2", $profile);
-		if ($diaspora != $profile) {
-			$nick = $diaspora;
-		}
+	// Try to fetch the original item
+	if (!empty($reshared['guid'])) {
+		$condition = ['guid' => $reshared['guid'], 'uid' => [0, $item['uid']]];
+	} elseif (!empty($reshared_item['plink']) && ($original_id = Item::searchByLink($reshared_item['plink']))) {
+		$condition = ['id' => $original_id];
+	} else {
+		$condition = [];
 	}
 
-	if (!$nick == "") {
-		$twitter = preg_replace("=https?://twitter.com/(.*)=ism", "$1", $profile);
-		if ($twitter != $profile) {
-			$nick = $twitter;
+	if (!empty($condition)) {
+		$original_item = Item::selectFirst([], $condition);
+		if (DBA::isResult($original_item)) {
+			$reshared_item = array_merge($reshared_item, $original_item);
 		}
 	}
 
-
-	if (!$nick == "") {
-		$StatusnetHost = preg_replace("=https?://(.*)/user/(.*)=ism", "$1", $profile);
-		if ($StatusnetHost != $profile) {
-			$StatusnetUser = preg_replace("=https?://(.*)/user/(.*)=ism", "$2", $profile);
-			if ($StatusnetUser != $profile) {
-				$UserData = Network::fetchUrl("http://".$StatusnetHost."/api/users/show.json?user_id=".$StatusnetUser);
-				$user = json_decode($UserData);
-				if ($user) {
-					$nick = $user->screen_name;
-				}
-			}
-		}
-	}
-
-	// To-Do: look at the page if its really a pumpio site
-	//if (!$nick == "") {
-	//	$pumpio = preg_replace("=https?://(.*)/(.*)/=ism", "$2", $profile."/");
-	//	if ($pumpio != $profile)
-	//		$nick = $pumpio;
-		//      

-
-	//}
-
-	if ($nick != "") {
-		return $nick;
-	}
-
-	return false;
+	return $reshared_item;
 }
 
 /**
@@ -5382,10 +5223,6 @@ function api_in_reply_to($item)
 		$parent = Item::selectFirst($fields, ['id' => $in_reply_to['status_id']]);
 
 		if (DBA::isResult($parent)) {
-			if ($parent['author-nick'] == "") {
-				$parent['author-nick'] = api_get_nick($parent['author-link']);
-			}
-
 			$in_reply_to['screen_name'] = (($parent['author-nick']) ? $parent['author-nick'] : $parent['author-name']);
 			$in_reply_to['user_id'] = intval($parent['author-id']);
 			$in_reply_to['user_id_str'] = (string) intval($parent['author-id']);
@@ -5416,7 +5253,7 @@ function api_in_reply_to($item)
  */
 function api_clean_plain_items($text)
 {
-	$include_entities = strtolower(defaults($_REQUEST, 'include_entities', "false"));
+	$include_entities = strtolower($_REQUEST['include_entities'] ?? 'false');
 
 	$text = BBCode::cleanPictureLinks($text);
 	$URLSearchString = "^\[\]";
@@ -5428,42 +5265,11 @@ function api_clean_plain_items($text)
 	}
 
 	// Simplify "attachment" element
-	$text = api_clean_attachments($text);
+	$text = BBCode::removeAttachment($text);
 
 	return $text;
 }
 
-/**
- * @brief Removes most sharing information for API text export
- *
- * @param string $body The original body
- *
- * @return string Cleaned body
- * @throws InternalServerErrorException
- */
-function api_clean_attachments($body)
-{
-	$data = BBCode::getAttachmentData($body);
-
-	if (empty($data)) {
-		return $body;
-	}
-	$body = "";
-
-	if (isset($data["text"])) {
-		$body = $data["text"];
-	}
-	if (($body == "") && isset($data["title"])) {
-		$body = $data["title"];
-	}
-	if (isset($data["url"])) {
-		$body .= "\n".$data["url"];
-	}
-	$body .= $data["after"];
-
-	return $body;
-}
-
 /**
  *
  * @param array $contacts
@@ -5546,7 +5352,7 @@ function api_best_nickname(&$contacts)
  */
 function api_friendica_group_show($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5554,7 +5360,7 @@ function api_friendica_group_show($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$gid = defaults($_REQUEST, 'gid', 0);
+	$gid = $_REQUEST['gid'] ?? 0;
 	$uid = $user_info['uid'];
 
 	// get data of the specified group id or all groups if not specified
@@ -5616,7 +5422,7 @@ api_register_func('api/friendica/group_show', 'api_friendica_group_show', true);
  */
 function api_friendica_group_delete($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5624,8 +5430,8 @@ function api_friendica_group_delete($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$gid = defaults($_REQUEST, 'gid', 0);
-	$name = defaults($_REQUEST, 'name', "");
+	$gid = $_REQUEST['gid'] ?? 0;
+	$name = $_REQUEST['name'] ?? '';
 	$uid = $user_info['uid'];
 
 	// error if no gid specified
@@ -5683,7 +5489,7 @@ api_register_func('api/friendica/group_delete', 'api_friendica_group_delete', tr
  */
 function api_lists_destroy($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5691,7 +5497,7 @@ function api_lists_destroy($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$gid = defaults($_REQUEST, 'list_id', 0);
+	$gid = $_REQUEST['list_id'] ?? 0;
 	$uid = $user_info['uid'];
 
 	// error if no gid specified
@@ -5805,7 +5611,7 @@ function group_create($name, $uid, $users = [])
  */
 function api_friendica_group_create($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5813,7 +5619,7 @@ function api_friendica_group_create($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$name = defaults($_REQUEST, 'name', "");
+	$name = $_REQUEST['name'] ?? '';
 	$uid = $user_info['uid'];
 	$json = json_decode($_POST['json'], true);
 	$users = $json['user'];
@@ -5839,7 +5645,7 @@ api_register_func('api/friendica/group_create', 'api_friendica_group_create', tr
  */
 function api_lists_create($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5847,7 +5653,7 @@ function api_lists_create($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$name = defaults($_REQUEST, 'name', "");
+	$name = $_REQUEST['name'] ?? '';
 	$uid = $user_info['uid'];
 
 	$success = group_create($name, $uid);
@@ -5878,7 +5684,7 @@ api_register_func('api/lists/create', 'api_lists_create', true, API_METHOD_POST)
  */
 function api_friendica_group_update($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5887,8 +5693,8 @@ function api_friendica_group_update($type)
 	// params
 	$user_info = api_get_user($a);
 	$uid = $user_info['uid'];
-	$gid = defaults($_REQUEST, 'gid', 0);
-	$name = defaults($_REQUEST, 'name', "");
+	$gid = $_REQUEST['gid'] ?? 0;
+	$name = $_REQUEST['name'] ?? '';
 	$json = json_decode($_POST['json'], true);
 	$users = $json['user'];
 
@@ -5957,7 +5763,7 @@ api_register_func('api/friendica/group_update', 'api_friendica_group_update', tr
  */
 function api_lists_update($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -5965,8 +5771,8 @@ function api_lists_update($type)
 
 	// params
 	$user_info = api_get_user($a);
-	$gid = defaults($_REQUEST, 'list_id', 0);
-	$name = defaults($_REQUEST, 'name', "");
+	$gid = $_REQUEST['list_id'] ?? 0;
+	$name = $_REQUEST['name'] ?? '';
 	$uid = $user_info['uid'];
 
 	// error if no gid specified
@@ -6007,7 +5813,7 @@ api_register_func('api/lists/update', 'api_lists_update', true, API_METHOD_POST)
  */
 function api_friendica_activity($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -6015,9 +5821,9 @@ function api_friendica_activity($type)
 	$verb = strtolower($a->argv[3]);
 	$verb = preg_replace("|\..*$|", "", $verb);
 
-	$id = defaults($_REQUEST, 'id', 0);
+	$id = $_REQUEST['id'] ?? 0;
 
-	$res = Item::performLike($id, $verb);
+	$res = Item::performActivity($id, $verb);
 
 	if ($res) {
 		if ($type == "xml") {
@@ -6044,17 +5850,18 @@ api_register_func('api/friendica/activity/unattendno', 'api_friendica_activity',
 api_register_func('api/friendica/activity/unattendmaybe', 'api_friendica_activity', true, API_METHOD_POST);
 
 /**
- * @brief Returns notifications
+ * Returns notifications
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
+ *
  * @return string|array
- * @throws BadRequestException
  * @throws ForbiddenException
- * @throws InternalServerErrorException
+ * @throws BadRequestException
+ * @throws Exception
  */
 function api_friendica_notification($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -6062,27 +5869,31 @@ function api_friendica_notification($type)
 	if ($a->argc!==3) {
 		throw new BadRequestException("Invalid argument count");
 	}
-	$nm = new NotificationsManager();
 
-	$notes = $nm->getAll([], ['seen' => 'ASC', 'date' => 'DESC'], 50);
+	$notifications = DI::notification()->getApiList(local_user());
 
 	if ($type == "xml") {
-		$xmlnotes = [];
-		if (!empty($notes)) {
-			foreach ($notes as $note) {
-				$xmlnotes[] = ["@attributes" => $note];
+		$xmlnotes = false;
+		if (!empty($notifications)) {
+			foreach ($notifications as $notification) {
+				$xmlnotes[] = ["@attributes" => $notification->toArray()];
 			}
 		}
 
-		$notes = $xmlnotes;
+		$result = $xmlnotes;
+	} elseif (count($notifications) > 0) {
+		$result = $notifications->getArrayCopy();
+	} else {
+		$result = false;
 	}
-	return api_format_data("notes", $type, ['note' => $notes]);
+
+	return api_format_data("notes", $type, ['note' => $result]);
 }
 
 /**
- * POST request with 'id' param as notification id
+ * Set notification as seen and returns associated item (if possible)
  *
- * @brief Set notification as seen and returns associated item (if possible)
+ * POST request with 'id' param as notification id
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array
@@ -6094,37 +5905,38 @@ function api_friendica_notification($type)
  */
 function api_friendica_notification_seen($type)
 {
-	$a = \get_app();
+	$a         = DI::app();
 	$user_info = api_get_user($a);
 
 	if (api_user() === false || $user_info === false) {
 		throw new ForbiddenException();
 	}
-	if ($a->argc!==4) {
+	if ($a->argc !== 4) {
 		throw new BadRequestException("Invalid argument count");
 	}
 
 	$id = (!empty($_REQUEST['id']) ? intval($_REQUEST['id']) : 0);
 
-	$nm = new NotificationsManager();
-	$note = $nm->getByID($id);
-	if (is_null($note)) {
-		throw new BadRequestException("Invalid argument");
-	}
-
-	$nm->setSeen($note);
-	if ($note['otype']=='item') {
-		// would be really better with an ItemsManager and $im->getByID() :-P
-		$item = Item::selectFirstForUser(api_user(), [], ['id' => $note['iid'], 'uid' => api_user()]);
-		if (DBA::isResult($item)) {
-			// we found the item, return it to the user
-			$ret = api_format_items([$item], $user_info, false, $type);
-			$data = ['status' => $ret];
-			return api_format_data("status", $type, $data);
+	try {
+		$notify = DI::notify()->getByID($id, api_user());
+		DI::notify()->setSeen(true, $notify);
+
+		if ($notify->otype === Notify\ObjectType::ITEM) {
+			$item = Item::selectFirstForUser(api_user(), [], ['id' => $notify->iid, 'uid' => api_user()]);
+			if (DBA::isResult($item)) {
+				// we found the item, return it to the user
+				$ret  = api_format_items([$item], $user_info, false, $type);
+				$data = ['status' => $ret];
+				return api_format_data("status", $type, $data);
+			}
+			// the item can't be found, but we set the notification as seen, so we count this as a success
 		}
-		// the item can't be found, but we set the note as seen, so we count this as a success
+		return api_format_data('result', $type, ['result' => "success"]);
+	} catch (NotFoundException $e) {
+		throw new BadRequestException('Invalid argument', $e);
+	} catch (Exception $e) {
+		throw new InternalServerErrorException('Internal Server exception', $e);
 	}
-	return api_format_data('result', $type, ['result' => "success"]);
 }
 
 /// @TODO move to top of file or somewhere better
@@ -6132,7 +5944,7 @@ api_register_func('api/friendica/notification/seen', 'api_friendica_notification
 api_register_func('api/friendica/notification', 'api_friendica_notification', true, API_METHOD_GET);
 
 /**
- * @brief update a direct_message to seen state
+ * update a direct_message to seen state
  *
  * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
  * @return string|array (success result=ok, error result=error with error message)
@@ -6144,7 +5956,7 @@ api_register_func('api/friendica/notification', 'api_friendica_notification', tr
  */
 function api_friendica_direct_messages_setseen($type)
 {
-	$a = \get_app();
+	$a = DI::app();
 	if (api_user() === false) {
 		throw new ForbiddenException();
 	}
@@ -6152,7 +5964,7 @@ function api_friendica_direct_messages_setseen($type)
 	// params
 	$user_info = api_get_user($a);
 	$uid = $user_info['uid'];
-	$id = defaults($_REQUEST, 'id', 0);
+	$id = $_REQUEST['id'] ?? 0;
 
 	// return error if id is zero
 	if ($id == "") {
@@ -6183,7 +5995,7 @@ function api_friendica_direct_messages_setseen($type)
 api_register_func('api/friendica/direct_messages_setseen', 'api_friendica_direct_messages_setseen', true);
 
 /**
- * @brief search for direct_messages containing a searchstring through api
+ * search for direct_messages containing a searchstring through api
  *
  * @param string $type      Known types are 'atom', 'rss', 'xml' and 'json'
  * @param string $box
@@ -6198,7 +6010,7 @@ api_register_func('api/friendica/direct_messages_setseen', 'api_friendica_direct
  */
 function api_friendica_direct_messages_search($type, $box = "")
 {
-	$a = \get_app();
+	$a = DI::app();
 
 	if (api_user() === false) {
 		throw new ForbiddenException();
@@ -6206,7 +6018,7 @@ function api_friendica_direct_messages_search($type, $box = "")
 
 	// params
 	$user_info = api_get_user($a);
-	$searchstring = defaults($_REQUEST, 'searchstring', "");
+	$searchstring = $_REQUEST['searchstring'] ?? '';
 	$uid = $user_info['uid'];
 
 	// error if no searchstring specified
@@ -6253,78 +6065,6 @@ function api_friendica_direct_messages_search($type, $box = "")
 /// @TODO move to top of file or somewhere better
 api_register_func('api/friendica/direct_messages_search', 'api_friendica_direct_messages_search', true);
 
-/**
- * @brief return data of all the profiles a user has to the client
- *
- * @param string $type Known types are 'atom', 'rss', 'xml' and 'json'
- * @return string|array
- * @throws BadRequestException
- * @throws ForbiddenException
- * @throws ImagickException
- * @throws InternalServerErrorException
- * @throws UnauthorizedException
- */
-function api_friendica_profile_show($type)
-{
-	$a = \get_app();
-
-	if (api_user() === false) {
-		throw new ForbiddenException();
-	}
-
-	// input params
-	$profile_id = defaults($_REQUEST, 'profile_id', 0);
-
-	// retrieve general information about profiles for user
-	$multi_profiles = Feature::isEnabled(api_user(), 'multi_profiles');
-	$directory = Config::get('system', 'directory');
-
-	// get data of the specified profile id or all profiles of the user if not specified
-	if ($profile_id != 0) {
-		$r = Profile::getById(api_user(), $profile_id);
-		// error message if specified gid is not in database
-		if (!DBA::isResult($r)) {
-			throw new BadRequestException("profile_id not available");
-		}
-	} else {
-		$r = Profile::getListByUser(api_user());
-	}
-	// loop through all returned profiles and retrieve data and users
-	$k = 0;
-	$profiles = [];
-	if (DBA::isResult($r)) {
-		foreach ($r as $rr) {
-			$profile = api_format_items_profiles($rr);
-
-			// select all users from contact table, loop and prepare standard return for user data
-			$users = [];
-			$nurls = Contact::selectToArray(['id', 'nurl'], ['uid' => api_user(), 'profile-id' => $rr['id']]);
-			foreach ($nurls as $nurl) {
-				$user = api_get_user($a, $nurl['nurl']);
-				($type == "xml") ? $users[$k++ . ":user"] = $user : $users[] = $user;
-			}
-			$profile['users'] = $users;
-
-			// add prepared profile data to array for final return
-			if ($type == "xml") {
-				$profiles[$k++ . ":profile"] = $profile;
-			} else {
-				$profiles[] = $profile;
-			}
-		}
-	}
-
-	// return settings, authenticated user and profiles data
-	$self = DBA::selectFirst('contact', ['nurl'], ['uid' => api_user(), 'self' => true]);
-
-	$result = ['multi_profiles' => $multi_profiles ? true : false,
-					'global_dir' => $directory,
-					'friendica_owner' => api_get_user($a, $self['nurl']),
-					'profiles' => $profiles];
-	return api_format_data("friendica_profiles", $type, ['$result' => $result]);
-}
-api_register_func('api/friendica/profile/show', 'api_friendica_profile_show', true, API_METHOD_GET);
-
 /**
  * Returns a list of saved searches.
  *
@@ -6360,9 +6100,9 @@ function api_saved_searches_list($type)
 api_register_func('api/saved_searches/list', 'api_saved_searches_list', true);
 
 /*
- * Bind comment numbers(friendica_comments: Int) on each statuses page of *_timeline / favorites / search
+ * Number of comments
  *
- * @brief Number of comments
+ * Bind comment numbers(friendica_comments: Int) on each statuses page of *_timeline / favorites / search
  *
  * @param object $data [Status, Status]
  *