* android, desktop: open correct image in fullscreen viewer
Fullscreen image viewer occasionally opened a different image than
the one clicked. Root cause: when the LaunchedEffect probe at
ImageFullScreenView.kt:48-55 calls getMedia(initialIndex - 1) to check
whether a previous media item exists, getMedia returns null for both
"no item" and "item found but failed to load" (e.g. undecodable bytes,
missing file, crypto error). The probe treated null as "no previous
item" and called scrollToStart(), which rewrote initialChatId to the
chat's oldest media item - making the viewer display that oldest item
instead of the clicked one.
Fix: scrollToStart() no longer rewrites initialChatId. The pager is
still repositioned to page 0; getMedia(0) resolves against the
already-set initialChatId (the clicked item) and renders it correctly.
* android, desktop: regression test for fullscreen viewer anchor preservation
Drives the public providerForGallery interface: moves the anchor away from
cItemId via currentPageChanged, calls scrollToStart, then reads the anchor
back through onDismiss's scrollTo callback. The pre-fix code rewrote
initialChatId to the chat's oldest showable, which would surface as
scrollTo(2); the fix preserves the anchor and produces scrollTo(1).
* plan: design doc for fullscreen viewer wrong-image fix
Documents the pager state model, the root cause of the wrong-image bug,
why the one-line deletion in scrollToStart fixes it for both call sites,
and why the wider getMedia null-overload refactor is deliberately out of
scope for this fix.
* desktop: fix copying selected text in reports
Text selection in report items rendered a red reason prefix (e.g. "Spam: ")
before the user's comment but dropped the prefix when copying, because
selection offsets are in rendered-text space while copy extraction was
operating on ci.text / ci.formattedText directly.
Introduce itemPrefixText(ci) as the single source of truth for the rendered
prefix, and drive both selection copy and snap-to-segment from a unified
itemDisplaySegments list that prepends the prefix as a leading segment.
This also fixes mention/link snapping on the selection boundary inside
report comments.
* desktop: scope report-selection fix to report items
Inline a prefix preamble + offset shift in selectedItemCopiedText and
snapOffset instead of routing every item through itemDisplaySegments.
Non-report items now run the original pre-PR loop unchanged; reports
emit the selected slice of the rendered prefix and shift body offsets
by prefix.length.
* desktop: simplify report selection arithmetic
Selection offsets are in display-text space, which already includes the
leading itemPrefixText for reports. Treat the prefix as the leading
display segment and seed displayOffset with prefix.length, instead of
shifting body offsets by prefix.length in the inner loop and gating
snapOffset on offset <= prefix.length.
The inner loop body of selectedItemCopiedText becomes identical to
pre-PR for non-reports (prefix is "" so displayOffset starts at 0),
and snapOffset reduces to a one-line seed change. Same fix, smaller
diff, fewer intermediate variables.
* desktop: drop helper, inline report-prefix in selection only
Revert itemPrefixText helper extraction (TextItemView.kt and
FramedItemView.kt back to pre-PR). Inline the report-prefix expression
at its two use sites in TextSelection.kt directly.
PR diff is now confined to TextSelection.kt: +13/-6.
* desktop: extract itemPrefixText, drop dead defensive code
Re-introduce itemPrefixText(ci) helper in TextItemView.kt and migrate all
four sites that compute the report prefix (FramedItemView,
ChatPreviewView, TextSelection x2). The prefix expression now has one
definition and one place to change.
Also drop the unreachable sel.first.coerceAtLeast(0) on the prefix-slice
append — selectedRange guarantees sel.first >= 0.
* plans: justify desktop fix for copying selected text in reports
Add 2026-05-08-fix-select-in-reports.md covering the problem, the offset
flow, the minimal structural change (seed displayOffset with prefix.length),
the itemPrefixText single-source-of-truth migration across the four
prefix sites, the verified edge-case table, and the rollback path.
* desktop: fix RTL text rendering under the send button (#4137)
The chat composer's text field reserved 50dp on the wrong horizontal side
when an RTL message was typed under an LTR system locale: BiDi auto-detection
right-aligned the text onto the BottomEnd edge where the send button sits,
hiding the first characters as they were typed.
The padding was originally written inside the CompositionLocalProvider(
LocalLayoutDirection provides Rtl) scope (#4675), where start resolved to
the right edge for RTL paragraphs. The "edge to edge design" refactor
(#5051) lifted the modifier out of that scope onto the outer BasicTextField,
so start began resolving against the global LTR direction and the
reservation drifted to the left.
Always reserve on the global end - the same side Alignment.BottomEnd in
SendMsgView resolves to - so the reservation tracks the send button
regardless of locale or typed-text direction. Behavior is byte-identical
for LTR text and for any RTL-locale combination; only the buggy
"RTL text + LTR system locale" pair changes.
* desktop: minimise diff of RTL fix to 2 lines (#4137)
The previous commit (bfc111cc6) renamed/removed several helper locals
and rewrote the comment block alongside the behaviour change. The
behaviour-changing part is just two lines: making startPadding always
0.dp and endPadding equal to startEndPadding.
Restore the surrounding code (startEndPadding name, startPadding decl,
PaddingValues argument, .padding modifier, and the original two-line
comment) to its master form so the PR's only effect on master is the
two-line fix.
Behaviour: cases 1, 3, 4 of the locale x text matrix are byte-identical
to master. Only case 2 (LTR locale + RTL text) flips the reservation
from the wrong side to the correct side.
* plans: desktop RTL composer fix (#4137)
* plans: align with surgical 2-line fix in PR (#4137)
* bots: document APIGetChats command and CRApiChats response
* bots: regenerate API docs and TypeScript types
* simplex-chat-nodejs: add apiGetChats
* support bot: avoid OOM on large databases
apiListGroups / apiListContacts return every record in one response and
overflow V8's string allocation on large DBs. Replace list-then-find-by-id
patterns with apiGetChat(type, id, 0) lookups, and the one genuine scan
(refreshAllCards) with paginated apiGetChats, count=1000.
* support bot: update test assertions to match current message text
* bots: simplify PaginationByTime, expose only PTLast
* simplex-chat-nodejs: bump types and nodejs versions
* ui: fix crash and logo cutoff on About SimpleX Chat
OnboardingShrinkingLayout calls .first() on each slot's measurables,
crashing when the button slot is empty. About passes onboardingStage =
null, in which case the button slot emits no children. Have the About
branch emit a 0x0 Spacer so the slot always has one measurable.
Also add a top inset for the SimpleX logo when reached from About in
non-oneHandUI mode — without it the top app bar overlaps the logo.
* style
Co-authored-by: Evgeny <evgeny@poberezkin.com>
* Apply suggestion from @epoberezkin
Co-authored-by: Evgeny <evgeny@poberezkin.com>
---------
Co-authored-by: Evgeny <evgeny@poberezkin.com>
* android: fix link preview fetch via SOCKS
* fix: add timeouts to link preview image fetch
Match the 10s timeout already on the Jsoup HTML fetch. Without these,
a slow or dead SOCKS proxy hangs the image fetch indefinitely, holding
the previewMutex and blocking every subsequent preview.
* timeout
---------
Co-authored-by: Evgeny @ SimpleX Chat <259188159+evgeny-simplex@users.noreply.github.com>
Co-authored-by: shum <github.shum@liber.li>
* android, desktop: fix link previews bypassing SOCKS proxy
getLinkPreview used Jsoup.connect() and URL.openStream() directly,
bypassing the configured SOCKS proxy. Both the HTML fetch and image
download now route through the proxy when one is configured.
If the proxy address is misconfigured (unparseable port), the preview
is cancelled and the user is alerted rather than falling back to a
direct connection.
When enabling SOCKS proxy with link previews active, or enabling link
previews while SOCKS is active, the user is warned that DNS lookups
may still occur locally and given the option to disable previews.
Updates the SOCKS proxy limitations notice to clarify that calls
cannot be proxied, and highlights it in warning colour.
Note: DNS lookups may still occur locally before the SOCKS connection
is established. Full SOCKS5h hostname forwarding is a separate follow-up.
* android, desktop: fix SOCKS proxy parser, auth credentials, and repeated alert in link previews
- Build proxy from typed NetworkProxy fields instead of parsing socksProxy string, fixing breakage on IPv6 hosts and USERNAME auth configurations
- Register java.net.Authenticator for SOCKS5 credential negotiation (Java 21 SocksSocketImpl uses RequestorType.SERVER for this callback)
- Remove per-keystroke invalid-proxy alert, which fired on every URL change for valid but unparseable proxy strings
* ui: drop link preview SOCKS warnings and strings
* ui: soften link preview alert when SOCKS is on
Show the link previews opt-in alert in both SOCKS-on and SOCKS-off
cases (previously skipped entirely when SOCKS was on). When SOCKS
is on, use a softer description that mentions the proxy and the
remaining local DNS lookup risk, and render the Disable button in
primary colour instead of red.
Also drop the link-previews caveat from the SOCKS limitations
footer since previews now go through the proxy.
* fix: harden socks proxy auth in link previews
- Gate the SOCKS5 Authenticator on host:port match so destination 401
challenges no longer leak proxy credentials via the JDK auto-retry.
- Snapshot Authenticator.getDefault() and restore in finally to stop
leaking process-global state.
- Mutex around getLinkPreview to serialize concurrent calls.
- Generate a random UUID per call in ISOLATE mode for stream isolation.
- Skip auth when USERNAME mode has empty username or password.
* ui: shift red emphasis from Disable to Enable in link preview alert
Disable is now always primary; Enable is red by default and primary
when SOCKS is on. The dangerous action is enabling without proxy
protection, not disabling.
* ui: append SOCKS notice to link preview alert
---------
Co-authored-by: iversonianGremling <24989959+iversonianGremling@users.noreply.github.com>
* directory: re-invite owner who left owners' group
The /invite command's alreadyMember check treated any GroupMember row as
a current member, including rows with status GSMemLeft or GSMemRemoved.
Owners who had left the owners' group could therefore not be re-invited.
Use memberCurrent to only block re-invite when the member is actually in
the group.
* directory tests: account for admin notification and renamed group on re-invite
The owners' group has no GroupReg by design, so when an owner leaves it
the directory service notifies admins with "Error: contact left, group: N
owners, group registration not found" - expected behavior, but the test
for re-inviting an owner who left the owners' group did not consume this
DM and failed at bracket cleanup.
The test also assumed bob's new invitation would land in #owners, but the
chat client disambiguates it to #owners_1 because bob's old left
membership of #owners is still present locally.
Consume the admin DM explicitly and update the invitation assertions to
#owners_1 / /j owners_1.
---------
Co-authored-by: Evgeny Poberezkin <evgeny@poberezkin.com>
The active-call action button row (mute, speaker, hang up, flip/toggle camera)
was rendered with only a fixed 20.dp bottom padding. Under edge-to-edge layout
on devices with 3-button navigation, the system nav bar (~48.dp) drew on top
of these buttons, hiding part of them.
Add `.navigationBarsPadding()` to the BoxWithConstraints holding the buttons
so the row floats above the system nav bar inset. No effect on devices using
gesture nav (the inset there is small enough to not collide).
Narasimha-sc