================================= Wacintaki Poteto Revision History ================================= ===================================================================== v1.6.10 - July 22 2023: CHANGES: - Added some new filters and sanity limits to user profile information. - If a forwarding error occurs, clicking the close link will go back, rather than close the window. - All members may now use apostrophes, quotes, and symbols in their usernames. - Passwords may now contain all visible symbols. - Removed unused "edit_resource.php" file. - Improved database error reporting when installing. - NoteBBS now has its own datatype distinct from PaintBBS. BUGFIXES: - Fixed bug that allowed owners to have quotes in usernames when they weren't allowed. - MySQL 8: Quoted `comment`, `language`, and `rank` database fields to avoid keyword conflicts. - MySQL 8: Quoted all database table names and a few other things, just to be safe. - PHP 8.2: Uploads did not have width/height saved reliably (it worked, but wrong function used). - PHP 8.2: Fixed yet more null string processing issues (mostly with fresh installations). - Draw screen now remembers app numbers correctly and deletes app settings cookie correctly. - Diagnostics page will no longer try to find average filesizes if board has no pictures. - When new registrations are granted, permission flags are properly shown to registrees. - Fixed database layer closing connection before logging errors during database selection. - Fixed undefined variable in lightbox code when viewing a member profile. ===================================================================== v1.6.9 - March 19, 2023: CHANGES: - NiftyToo updated with a new URL auto-parser which substitutes long queries. - Added support for JPEG-XL (jpl) uploads. Hopefully it will catch on. - Updated database timer to hrtime() if available. Better timer results on Windows. BUGFIXES: - PHP 8.2: Calls to trim(), preg_*(), and other string functions no longer parse null values. - PHP 8.2: Time calculations cast floats to ints before using modulus operator. - PHP 8.2: Replace deprecated UTF-8 string encoding functions in updater. - PHP 8.1: Avatar editor now appends filename strings correctly. - Updated all templates to resolve undefined variable warnings while building. - Windows OS detection was not working correctly in database layer when using the updater. ===================================================================== v1.6.8 - March 7, 2022: CHANGES: - Updated ChickenPaint to v0.4.0, which requires many old files to be deleted. - More changes to improve compatibility with PHP 7.4 (update deprecated syntax). - Password hashing now uses Blowfish as minimum. PHP 8 has removed support for DES. - Finally added support for WEBP uploads (though this graphic format still sucks). ===================================================================== v1.6.7 - February 5, 2019: CHANGES: - Refactored deprecated each() in comment.php to be PHP7.2 compatible. - Made default date formats in installer compatible with MySQL 8 strict mode ("0000-00-00" no longer allowed). - Installer and updater now use global rather than local debug flags. ===================================================================== v1.6.6 - May 20, 2018: HOTFIX 5/21/2018: - Forgot to add ChickenPaint as a datatype option to the upload script. CHANGES: - Changed some logic in boot for user agent detection. - Removed lazy compress feature for popular browsers (out of date). - Removed detection for obscure PHP bug that returns TRUE rather than a MySQL link (presumed obsolete). BUGFIXES: - Fixed edit variables not being nullified correclty when editing someone else's picture. - Fixed leftover short PHP tag in install.php. ===================================================================== v1.6.5 - January 23, 2018: BUGFIXES: - Fixed "wactest" variable and "PASSWORD_STRENGTH" constant being undefined when running the installer. - Changed detection of OekakiPoteto v4.0 in updater to avoid undeclared variable warning. - Login script will now return an error if the user database was not created properly. - Changed FAQ to prevent potential warnings with PHP 7.2 when counting the number of questions and answers. ===================================================================== v1.6.4 - August 13, 2016: HOTFIX 8/16/2016: - Fixed HTTP_USER_AGENT throwing an undefined variable error in boot.php. I thought PHP always populated this. CHANGES: - Wacintaki supports PHP 5.2 again (tested). - NiftyToo autolinking is now more robust and has improved handling of punctuation. - Some SQL errors are now logged to the syslog instead of the internal log system. - Changed usage of func_get_args() in common.php to aid PHP backward compatibility. - Added hacks setting to disable support for all Java applets (will change to cfg setting later). BUGFIXES: - NiftyToo autolinking fixed for HTTPS protocol. - Fixed undefined $quiet_mode variable in db_layer.php (broken in 1.6.0). - Fixed undefined $outerrow variable in profile.php. - Fixed undefined $import_info variable in comment.php. FEATURES: - Added support for ChickenPaint HTML5 app. Woohoo! - Added HRTimer support for Windows servers (requires HRTimer for PHP and must be manually enabled in db_layer.php). EXPERIMENTAL: - mail() wrapper now sets "Return-path" so automatic mails that bounce should return to the admin e-mail address, not the automailer. Not all hosts or recipient clients support this. ===================================================================== v1.6.3 - August 21, 2015 CHANGES: - Wacintaki now requires PHP 5.3 or higher. - Updated NiftyToo (BBCode) system to be PHP7 compatible: Replaced deprecated preg_replace /e modifier with callbacks. Removed $mode function parameter as it was always > 0. - Performance improvement for NiftyToo system (about 3-4 times faster). - Performance improvements for language translation functions. - Support for the "_target" HTML attribute in autolinks dropped. BUGFIXES: - Fixed database layer not printing stack trace correctly when displaying SQL errors (developers only). - Board now exits immediately after a database connect error. Language files require DB escaping, which does not work without a connection. - NiftyToo now handles the [s] BBCode tag corectly, and this tag is now case insensitive. - Fixed NiftyToo so autolinked URLs may contain apostrophes. Many valid URLs still will not work. - Moved password field in register.php to avoid the Firefox password auto-complete bug. ===================================================================== v1.6.2 - August 7, 2015 CHANGES: - Small cleanup to parameters array with PaintBBS/ShiBBS applet capture code. - Adjusted report_err() hack to exclude HTTP_RAW_POST_DATA. - Cleaned up some of the JavaScript to work in strict mode and fixed a bitwise operator bug. - Finally fixed the NoteBBS gradient tool so it will reset the drop-down values correctly after applying a gradient. BUGFIXES: - User-selected templates and languages were not being applied correctly. Globals are bad, m'kay? - Applet capture code would return untranslated error messages if no picture data was received. FEATURES: - NoteBBS gradient tool now has color previews. - Board now recognizes (but does not support) WebP image uploads. PHP does not support WebP natively, so I have to complete my own WebM parser. ===================================================================== v1.6.1 - April 14, 2015 BUGFIXES: - Fixed problem with mysqli_free_result() throwing a notice while updating the picture cache. - When changing the WIP status of the latest picture, the picture cache would sometimes be updated twice. ===================================================================== v1.6.0 - March 1, 2015 NOTES: - Wacintaki has not reached EOL and I do intend to maintain it, but I doubt I'll do much more overhauling as Java applets are effectively dead and there's little point to extending Wacintaki. - If a good HTML5 paint app shows up, Wacintaki will be recoded from the ground up and probably renamed. - 1.6.x will be the last branch to support mods and custom templates/translations. Future versions will cleanup all the global, config, and database messes. CHANGES: - Several modernizations, while respecting things that might break mods (such as globals and template controlers). - Some syntactic cleanup, such as removing trailing "?>", fixing capitalization, alignment issues, etc. - boot.php has had most of its globals cleaned up and organized. - New $glob[] array for program state and config values NOT found in config.php file. - $user and $flags arrays now cascade, allowing for cleaner defaults. - Database layer now uses mysqli exclusively. The mysql_* functions have been deprecated since PHP 5.5. - Database layer error reporting and debugging has been much improved. - Finally using SQL LEFT JOINs for avatars on index page. Cuts number of SQL queries roughly in half. - Hacks entry FORCE_MYSQL_API removed (hacks file is still 1.2.0 compatible). - Replaced badly-written PHP version detection with version_compare(). - Microtime handling improved with proper string casting. - Replaced $mailbox_status[] array with constants. - Updated all applet code to eliminate $OekakiU and updated boot to salvage login details from multiple sources. - Fixed missing 'all' flag in parse_flags() for legacy reasons. - Removed $header_extra_metatags (only used in WaxPoteto). - New password hashing using Blowfish if available and Extended DES as a fallback. - Oekaki automatically updates old password hashes to the strength defined in boot.php. - Random salt generator for passwords. Uses mcrypt, openssl, or /dev/urandom/ if available and a decent fallback for Windows. - Password detection no longer relies on config salt, so salt may be changed. - Salt removed from installer and is now set automatically during installation (and is virtually useless). - Retouching password-protected pictures now uses a standard hash format with the salt intact. - Removed blinking mailbox hack (as most browsers no longer support it) and "stupid name" hack. - report_err() now includes "error.php" rather than using an HTTP redirect. This solves many technical and usability problems compared to passing error messages via CGI. - Added experimental "X_DISABLE_REPORT_ERR_HACK" to boot to disable the report_err() hack. Use this if your custom header isn't working with the new error reporting. - Removed multiple tries from applet picture save code -- potential DDoS vector. - Debug config no longer overlaps with NineChime.com specific hacks. BUGFIXES: - age_to_date(): fixed problem with $_GLOBALS being confused with $GLOBALS. - Fixed a non-destructive issue with update_rc.php where a recode that timed out may restart at the beginning rather than resuming. - Fixed problem where people may not be able to edit comments after retouching another artist's picture and a password is set. - Fixed problem with comment editor clearing a non-public password if the original owner retouches the picture. - Fixed error message in image uploader not reporting max dimensions upon rejection. - Fixed logic error with cache management causing language files to rebuild on every page view. Wacintaki should be a bit faster, now. FEATURES: - Now PHP 5.0 native. Many PHP 5.3+ enhancements. PHP4 fallback code removed. - Diagnostics page now shows avatar stats as well as deprecated salt setting and database encoding state. - Database log and statistics table for when board is in debug mode. "U-DO-IT": - I've done a lot of cleanup of globals and other nasty stuff, but many issues remain as I wish to remain friendly to mods and old templates. Be aware that a diff will show radical changes, but little has actually been recoded. Check the top of boot.php for most of the rearranged stuff. - Use the $glob array for anything you need to make global, local vaiables for everything else. $cfg, $user, $flags, and $datef are still distinct singletons. - Password handling has radically changed. Make sure to use the new functions in common.php to check hashes. Do NOT use $cfg['salt'] as it has been obsoleted and using fixed salts is bad practice. ===================================================================== v1.5.15 - September 28, 2014 CHANGES: - Fixed PHP error if web client returns an invalid or corrupt Accept-language header. - Update to ShiPainter. This is a hotfix version that has the same version number as the previous version. ===================================================================== v1.5.14 - June 8, 2013 HOTFIX 6/20/2013: - Installer will now set rules.php correctly. This has been an overlooked problem for a while. CHANGES: - Added some extra database debugging to updater. - Changed updater error reporting for adding the 'edited' column in 555->556 (should be 'editedby'). - Changed "MSN" field in profile to "Skype". - Reduced the anti-spam setting for sending e-mails during registration. - Fixed bug with registration language not being set on some PHP installations. - Fixed registration with blank e-mails. - Workaround in profile editor for Firefox autocomplete bug. Firefox will automatically add a username into any field preceding a password field (in this case, the IRC Channel). - Fixed password recovery allowing blank password. - Updated maintenance e-mails to include the name of the oekaki, rather than "Oekaki" and "Automated Deletion" and other scripts names. - Fixed undefined DISABLE_EMAIL_CONFIRMATION error in UTF-8 mailer if an old hacks file is used. FEATURES: - Finally added admin e-mail notification when a person registers and manual approval is enabled. ===================================================================== v1.5.13 - October 20, 2012 CHANGES: - Filetype recognition will now recognize PSD files correctly (previously broken). - Login redirect on IIS servers will now display UTF-8 properly. FEATURES: - Finally added GZip compression which should help considerably with bandwidth and download speed. - Added hacks options to disable and configure GZip compression. - Superadmins and owners may now change the user names of accounts. ===================================================================== v1.5.12 - May 4, 2012 CHANGES: - Registration rejection will now correctly show the registration expiration value, not the autokill value. - Fixed strange bug where picture titles consisting of all numbers would fail to submit. ===================================================================== v1.5.11 - April 25, 2012 CHANGES: - Fix for the latest picture log in resource folder not updating correctly with certain edits. - Slight corrections to Spanish translation, courtesy of Federico Arboleda. - Made sanity checks in functions.php file slightly longer and return more specific error messages. ===================================================================== v1.5.10 - December 19, 2011 CHANGES: - Security fix on comment screen for pictures without passwords. FEATURES: - Banner/Notice editor now includes a default button to restore original text. - Banner editor now includes button to add properly formed tag. ===================================================================== v1.5.9 - November 13, 2011 CHANGES: - Finally fixed problem with animation viewer showing corruption with some AMD video cards under WindowsXP. - Fixed undeclared guest variables and missing URL field in chatbox.php. - Fixed cookie handling for guest comments in chat room. - Fixed installer to make MySQL 5.5 happy (removed display width suffix on TIMESTAMP). - Added "Erase" and "Add Banner Image" buttons to editnotice.php. - Updated the manual to include information about Java and JAR file issues. - Updated .htaccess files in documentation folder to help with JAR file issues. ===================================================================== v1.5.8 - September 6, 2011 CHANGES: - Updated Traditional Chinese language pack, thanks to Kevin (http://3eye.ws/blog/). - Fixed guest language defaulting to English, and now the oekaki default will be used. - The online list will no longer show the error script (error.php) as a location. - Rewrote the search whitelist on the memberlist to allow for future expansion as well as language translation of search results. - Fixed the memberlist not searching by template name. - Spanish translation slightly updated, courtesy of Federico Arboleda. - Diagnostics page now calculates animation percentage correctly. - Database layer now supports field names in db_result(). Works ONLY with mysql, not mysqli. Use ONLY for legacy support! - Fixed problem with debugger in updater ($wactest). - Fixed "Username" showing up twice in the "sort by" list. - The profile editor will now ignore the adult flag if the submitted age is less than MIN_AGE_ADULT. FEATURES: - New latest picture log in resource folder allows blog owners to track latest updates to the oekaki. Needs some more work and translation. - New hacks file option to force a specific MySQL API. Useful for when you need to import database code from another part of your web site into the banner/notice/etc. ===================================================================== v1.5.7 - April 23, 2011 CHANGES: - Reworked logic for flag and rank modification, and made some improvements to the drop-down menu in modflags.php. - The owner may only change his or her own rank if there is more than one owner. - Restored compatibility with PHP 4 (array_combine() is PHP 5 only). - Fixed missing 'o_niftyusage' variable in language file. - Fixed '\n' showing up in index when displaying "(Original by {username})". ===================================================================== v1.5.6 - April 6, 2011 CHANGES: - Huge changes to language files. Edited multiple language references. - Moved some and tags into language files, to help readability of logographic languages. Still lots of work to do. - Fixed help messages for multiple WIPs in comment.php. - Board no longer sends HTTP 403 as an anti-spam measure (still sends 404 for expired form data). - Removed mod version number from boot.php. - Removed newest/oldest pictures from diagnostics page. Obsolete with new sorting system. - Manual registration approval will no longer return an e-mail warning if e-mails are turned off in the cpanel. - Fixed installer so language drop-down menu has a "Submit" button and no longer requires JavaScript. - The online list and the log now use language translation properly. - Fixed undefined index issue when modflags.php sends checkbox values to functions.php. - Cleaned up error reporting in boot.php to use HTML rather than plain text. - Fixed question HTML links in FAQ for administration section. - Finally disabled DNS host lookup by default. Almost nobody needs it, and it can severely affect load times for some members. - ENABLE_DNS_HOST_LOOKUP added to hacks file to re-enable DNS lookup. Use with caution. - USE_UTF8_ENGLISH removed from hacks file. - Rewrote the FAQ, and removed the Firefox download button. - Updated links in FAQ. JTablet now available for Mac and Linux. - Rewrote Niftytoo usage directions. - Fixed problem with procedural-style MySQLi string escapement not finding the link resource. - Fixed db_error() backtrace to be strict compliant (cannot use next() with function references). - db_error() and db_history() now store more than one value. - Fixed db_close() to give a proper return value. - Board will now send e-mails and mailbox messages in a member's chosen language. - Fixed language system so translations will not be self-modified. - Language translation system now handles embedded substitutions. - Fixed a few undeclared variable issues with $user. - Memberlist will no longer search for e-mails members have masked (the memberlist would always hide results, though). - Fixed error reporting in viewani.php to not check the size of missing animations. - Fixed undeclared parameters in paintbbsget.php and shiget.php. - Fixed login to give more specific error messages. - Fixed updater not exiting properly ("w_exit;" instead of "w_exit();"). - The chat system finally sorts messages top to bottom, rather than bottom to top. - Quoted text in comments will now parse correctly so blockquotes will always be closed. - Fixed how Java command line options for DirectX are being passed through the applet parameters. - Logging into the oekaki will now remove the guest language cookie. - Added new database columns: "edited" (date), "editedby" (username), and "uploaded" (int). - Fixed an XSS vulnerability with the memberlist. - Fixed some HTML encoding issues with stored URLs. - The installer will no longer complain about duplicate columns when installing multiple boards. - Board will convert ISO-8859-1 passwords to UTF-8 passwords. Note: Big5 passwords will need to be reset. FEATURES: - New Spanish translation, courtesy of Federico Arboleda. - New German translation, courtesy of Nadin Unbehau (Trunski). - Overhauled language usage, substitutions, read order, blocking, and punctuation. - Wacintaki will now automatically serve a guest's preferred language based on HTTP_USER_AGENT. - All language packs now use UTF-8. - Updater will recode old databases from ISO-8859-1 (Latin1) to UTF-8. - Date formats, including drop-down menus, are now controlled by language files (needs some work). - Installer allows admin account to have a different language than the oekaki. - Language select drop-down menu now sorts properly and shows both native and English names. - New lockout for updater: automatically enables maintenance mode and requires login. - Finally added a caching system. Currently only used for language names. - Added new language packs for ShiPainter: Catalan, Italian, and Spanish. ===================================================================== v1.5.6 Public Beta - March 27, 2011 HOTFIX 3/28/2011: - Updater will now print version number correctly when detecting the most recent version. - Fixed "NoteBBS" and "ShiBBS" not being translated properly on the online list. ===================================================================== v1.5.5 - December 30, 2010 CHANGES: - New config file format. - "hacks.php" options CUT_EMAIL and ALLOW_ADDITIONAL_WIPS moved to config file. - Fixed bug in viewani.php where a missing animation number would not return an error message. - Fixed "flase" param spelling error in viewani.php. Doesn't appear to affect anything, though. - Board will not send e-mails when flushing accounts over 1 year old. - Fixed avatars not being deleted with auto kill feature (was fine in Wax Poteto, though!) - HTML meta data now shows current date instead of oekaki release date. - Added many new entries into language files, including error messages from "functions.php". - Streamlined installer a bit. - Corrected "unsupported version" bug in updater when trying to verify a successful update. - Updated all repair scripts in documentation folder. FEATURES: - Private oekaki feature now blocks most content unless a person registers or logs in. Changes mostly to "header.php". ===================================================================== v1.5.4 - December 17, 2010 CHANGES: - Changed user cookie and applet parameters from username to userID. Helps with moving board towards full UTF-8 support. - Removed PHP unserialize() function from draw preferences. Not secure when used with user input. - Fixed smilies code so smilies at the start of a multi-line comment will now work correctly. - Fixed duplicate HTML form name in header.php. - Mass mail will now only show active members if there are more than 15 members. - ShiPainter now tests for and fixes broken animations due to linefeed corruption. Some servers do not use good methods for detecting text. - Updater now uses new database layer. Helps fix boards broken by server updates. - Reworked updater warnings and error reporting. - Fixed local links and e-mails not working correctly with error.php. FEATURES: - Guests may now choose a language setting (stored in a browser cookie). - Guest language feature may be disabled in hacks file, or if there is only one language available. ===================================================================== v1.5.3 - Sept 4, 2010 CHANGES: - Board now forces the default template if there is only 1 active template. - Fixed one missing language translation in the profile editor. - Installer shows correct language and translator in the footer. - Custom search by picture title (not yet implemented). ===================================================================== v1.5.2 - July 18, 2010 CHANGES: - Finally fixed broken Chinese Traditional language pack (encoding corruption). - Fixed incorrect count of active members in memberlist. - Mass mail can now send messages only to active members (default setting for activity is 6 months). - Active login status can be changed in hacks file. - Changed log message when filetype errors occur. Occasional errors mean a corrupt upload (client issue). Frequent errors mean there's a problem with the server. - Fixed incorrect "$lang['realname']" entry for English language pack. ===================================================================== v1.5.1 - April 18, 2010 NOTES: - "Modders" don't have to update to the new applet screens. The footer is for free server accounts that require ads. CHANGES: - Upload screen now shows same WIP reminders as Draw screen. - Changed MySQLi database detection. Even if MySQLi is available, it doesn't mean PHP is configured properly to use it. - Fixed undefined MySQLi contants when the extension is not available. - Improved db_result() so it handles the native offset pointer. MySQLi and MySQL should now behave identically. - Fixed dimensions not being checked when uploading files (not the applets). - Updated control panel subtext regarding stored pictures. - Disk space usage on diagnostics page is a bit more accurate. - Added footer to paint applet screens to help people with ad-sponsored hosts. ===================================================================== v1.5.0 - March 4, 2010 KNOWN ISSUES: - Chinese language packs temporarily suspended. Character encoding has become corrupt over the last few versions of Wacintaki and needs to be cleaned up. CHANGES: - New database layer supports updated MySQL 5 authentication (mysqli). MySQL compatibility should now be better in the future. - New database error reporting makes diagnostics and installation easier. Moving towards PostgreSQL support. - Moved regular maintenance into "maint.php". Todo: refactor into a cron manager. - Fixed default password issue with uploader and strict syntax with MySQL 5. - Fixed very strange problem with duplicate names being added to online list if pages are refreshed very quickly, particularly with the mailbox (?!) - Removed some "windows-1252" charset codes from comments (PHP may output garbage even when codes are commented out). - New debug added to paintsave which helps to identify upload issues on servers with bizarre security policies. - JavaScript is no longer needed for pop-up windows (such as the online list). - Language selector will no longer show index files if one is in the language folder. - Fixed two undefined index issues with the avatar editor. - Simplified updater, and fixed a few issues with version detection for 1.3.x updates. FEATURES: - PHP 6 compatible (fixed NiftyToo and short tag support, plus userflag parsing). - New function-based language system improves translation and prevents missing translations. - Language system now supports basic plurals, as well as the singular zero cluase. - Editing old comments now redirects to the correct page/post. - Cleaned up guest IP/Host output so it can be copy/pasted to a text file. - Picture recovery now shows friendlier dates and time remaining until WIP deletion. - Comments now allowed in ban list, to help identify users and reasons for banning. - SQL direct call script makes tech support easier (removable, available to owner only). "U-DO-IT": - For a tool to convert old language files to the new format, check the NineChime products page. - Language usage as follows: Using the new t() function: echo "{$langop_something}\n"; echo ''.t('something')."\n"; The tt() function replaces echo() and short PHP tags: Don't use tt() when concatenating: Substitutions: // 'report_vars' = "There are {1} of type {2} available." t('report_vars', $number, $name); Easily change the order of substitutions in the language files: // 'report_vars' = "Type {2}: {1} available." t('report_vars', $number, $name); Plurals: // {p?x:y} where p is the parameter number, x is singular, and y is plural $lang['something'] = '{1} {1?member:members}' found.'; $lang['something'] = 'There {1?is:are} {1} {1?value:values} found.'; $lang['something'] = 'Set {1} {1?value:values}' on {2} {2?system:systems}'; // Embedding WILL NOT work: $lang['something'] = 'There {1?is {1} value and it is:are {1} values and they are} useless.'; // Simplify sentence structure to avoid gotchas. // Zero can be set to singular in language config (example: French uses singular zero) $lang['cfg_zero_plural'] = 0; ===================================================================== v1.4.3 - September 7, 2009 HOTFIX 1/3/10: - Fix for code that tries to disable magic quotes. Some servers have this disabled when they force magic quotes to be off. CHANGES: - Applet code now disables DirectDraw support with Java. Hopefully, this will fix the zoom, erase, and Bezier curve problems with PaintBBS and ShiPainter. - Fixed admin edits not disabling "Edited On" text when editing pictures (comment edits were fine). - Reducing picture storage now removes more pictures immediately (up to 500 at a time). - Deleting safety saves no longer reduces a member's picture count. - Adjusted for bug in Firefox 3.5 where windows smaller than ~680 pixels will have no scrollbar. Windows are 700px minimum for Mozilla browsers. - Updated the manual. FEATURES: - Default subject line when e-mailing admins. - Finally, the board logs IP addresses properly when people register/login (database updated). ===================================================================== v1.4.2b - July 31, 2009 CHANGES: - Fixed updater having to run after fresh installation. ===================================================================== v1.4.2 - May 5, 2009 HOTFIX 6/4/09: - By request, some of the max values allowed for control panel settings have been increased. CHANGES: - Memberlist now filters out blank results when calculating search totals. - PHP code in notice now limited to owners by default. May be enabled for superadmins (hacks.php file updated). - Reducing the number of pictures stored now requires confirmation. - Fixed new window opening when submitting chat comments. - Post times for current day now added to chat room. - Fixed username escape issue with mass mail. - Fixed missing in comment.php. - "Stupid Name" hack now supports HTML code. - "Special" section of profile viewer now shows admin/general flags more clearly. - Age code now shows birthdays properly (USA Eastern Standard Time only). - Updated multiple files to accommodate new moderator account. - Fixed a few more undefined variables (functions, mailsend). - UTF-8 override added to hacks file. Use with caution, as the paint applets cannot use usernames with UTF-8 characters! FEATURES: - At long last, all post comments now show up on the comment screen. - Lytebox support. It should be easy to switch to Floatbox, Slimbox, or your Lightbox clone of choice. - Profile option to enable/disable Lytebox (requires database update). - New moderator account, most actions logged. Permissions include: Edit picture info Edit comment Delete comment Upload Lock thread Post in locked thread WIP picture (not delete) Adult flag toggle Bump - Draw screen now remembers settings in a web browser cookie. - Window close confirmation helps prevent applets from being closed accidentally. - Templates now rebuild automatically if the template is newer than the CSS (admin logins only). ERRATA: - Added new JNLP Java resource files to help fix new Direct3D slowdown issues with Java 1.6.0_12. Unfortunately, they can cause problems with canvas restoration, and therefore are not being enabled by default. Copy them from the documentation folder to the oekaki folder if you want to use them to speed up Java. ===================================================================== v1.4.1 - August 12, 2008 CHANGES: - Fixed Chibi Paint layers file not always being read into applet with regular image. - Old Chibi Paint layer files will now be removed from the pictures folder if not updated when retouching. - Profile viewer will now hide location and chat information from non-members. - Slight XHTML update for URLs shown in profile viewer. ===================================================================== v1.4.0 - August 2, 2008 CHANGES: - Chat now prints guest IP/host only for admins. - Chat comments limited to 200 characters. - Slight cleanup of code layout in memberlist. - Memberlist now properly encodes web site URLs. - Fixed picture recovery not properly deleting WIP post files. - Changed subject line from nifty2_convert() to w_html_chars() in mailread.php. - Fixed XSS issue with language and template selections. - Fixed url encoding of JavaScript parameter in mailout.php. - Changed HTML filtering in functions to prevent double-encoding of comments. - DB row count added to editpic.php and comment.php. - Fixed missing in editavatar.php. - Fixed missing in niftyusage.php. - Fixed leftover tag in addusr.php. - Cleaned up NiftyToo markup system to handle HTML encoding without breaking URLs. - Corrected anti-spam test to handle/count BBCode links. - Owners can now change profiles without having to change age statement. - Birth year capped to > 1900 || < 3000. - Fixed PaintBBSCallback() issue with noteBBS.php and paintBBS.php. - Minor NoteBBS JavaScript cleanup. - Rearranged order of applets in draw.php and upload.php. - Removed some error masking in paintsave.php to help diagnose GDlib problems with large picture uploads. - Fixed userflag assignment when an admin edits another user's profile. - Increased cutoff in clean_picture_slots() from 10 to 30. - Update to paintsave.php to handle Chibi Paint layers file cleanup (incomplete). - Fixed old bug where picture recovery could not play animations. - Owners may now change permissions of other owners directly in modflags.php (for diagnostic reasons). FEATURES: - The Chibi Paint layers file is now supported, which makes retouching much easier. - Diagnostics screen now shows statistics about pictures folder, including space used. - Board now allows custom background color with thumbnails (in the hacks file) so images with an alpha channel won't be black. - NiftyToo now works more like BBcode, so you can use both '=' and ':'. - NiftyToo now supports quoted, big, and small text, and double brackets. - Chinese simplified language pack fully updated by Kevin (http://3eye.ws/blog/). - Current picture now added to editpic.php. - Save routine now checks for truncated PNG files. ===================================================================== v1.3.14 - July 6, 2008 Hotfix 7/12/08: - Fixed major problem with URL encoding that prevented some people from posting pictures with PaintBBS or ShiPainter. These applets are not compatible with encoded URLs. - Corrected updater so verification of 1.3.12 database completes without printing version conflict error. - Changed memberlist to restrict number of searchable fields in database. - Default sorting in memberlist fixed. - Memberlist now supports sort by e-mail and rank. CHANGES: - Corrected a number of old HTML/CSS compliance issues w/HTML Tidy. - Rewrote all applet parameters to be properly URL/HTML encoded. - Fixed excess table tags and missing alt attributes in profile viewer. - Fixed table parsing bugs in memberlist, mailbox, and mailout. - Fixed longstanding encoding bug with canvas imports and public retouch. - Added more bad characters to the badChars() filter. - E-mail address and URL filters integrated into w_gcp(). - Removed logging of empty functions.php requests. - Closed several XSS attacks. The code is now pretty clean, thanks to the XHTML rewrite. - Size cap for comments and titles, so pages won't break. Needs to be expanded. - Stand-alone scripts (which do not use header.php) now set charset server headers. - Fixed log issue when archiving pictures. - Spam link count marker changed from "h://" to "://" to allow for video links and SSL. - Updated the manual and readme files. Fixed some links, added Chibi Paint info. FEATURES: - Chibi Paint support! Yes, a new applet! Caution: some people are having trouble when using JTablet with Chibi Paint. - Wacintaki is now XHTML Transitional, so Lightbox/Slimbox mods are supported. - Purge button added to View Pending list. - Confirmation when deleting comments on index page. - Hacks override for comment delete dialog. ===================================================================== v1.3.13 - June 8, 2008 CHANGES: - Started converting board to be PHP6 compatible. - Draw screen shows proper default dimensions with custom canvas previews. - Header now shows current artist being searched (previously omitted as an interface feature). - w_exit() wrapper for exit() closes database if open. - Log now tracks self-bumps on retouch. - Added more testing for troublesome passwords when editing profiles. - Removed old PHP "MAX_FILE_SIZE" flag from animation uploader, since it is a global flag and doesn't really do anything. - Fixed some HTML encoding issues with the pending registration list, memberlist, and profile viewer. - Updated the Wacintaki manual with some new info and clarifications. - Verified updater to handle Wax 5.6.0 updates to Wacintaki. Wax and Wacintaki now have identical config/db/hacks resources. - Fixed artist and sort encoding when using drop-down menus. - Closed several XSS attacks. - Removed logging of empty functions.php requests. - Removed new_chat system. New browsers won't work with it anymore due to HTML parsing issues. ===================================================================== v1.3.12 - May 5, 2008 CHANGES: - New hacks.php file (still 1.2.0 compatible). - Picture upload now works properly with multiple WIPs. - Picture count now works correctly when deleting WIPs. - Adjusted humanity test so first option (the default) will never be the correct answer. - Corrected JavaScript error with Maximize applet (no CSS units). - Small change to "comment.php" to allow control over how many smilies are displayed. - Updater cleaned up, fixed a very old version detection bug. - Updated error reporting when trying to post a comment on a picture that does not exist. - Updated ban code to ignore hosts file if host lookup fails or is disabled. - Improved reminders when members have more than one WIP saved. - Confirmation for install and update script removal. - Changed variable reference usage in common.php and paintsave.php. - Fixed cookie corruption issue when changing password in profile editor. - Finally fixed the "new window" code so pop-ups have toolbars, since Firefox's tabbed browsing feature causes flow issues. - Changed cookie/login handling in paint capture code (again) to help prevent PHP errors from interfering with return codes for applets. - Members may now upload animations if they have animation access. Previously, only admins could upload animations. - 404 returned when posting comment on non-existent picture to help kick spambots. - Updated the Wacintaki manual to cover new features. - Updated the .htaccess file to include short tag support. FEATURES: - New resize buttons on paint screens allow applets to be bigger than the screen. - Admins may now edit member profiles and avatars via the Modify Permissions menu, and the profile viewer. - Profile option to hide e-mail. - Profile option to disable smilies. - New logging system tracks system/admin/member activity, including deletes, edits, bumps, archives, and more. - Registration form now enforces age declaration. - Minimum age for adult browsing is now adjustable in hacks.php file. Default is still 18. - Registrations may now be rejected without sending rejection e-mail (anti-spam measure). ===================================================================== v1.3.11 - January 2, 2008 NOTES: - "Modders" don't have to update to the new header.php or footer.php. CHANGES: - Adjusted orphaned file cleanup in updater for better accuracy with JPEGs. - Forced registration will now login properly before redirecting to profile editor. - "Time invested" on upload screen now allows values higher than just 3 hours (bug). - Updated credits in footer to correct a spelling error. - Corrected some variable scope issues with noteBBS.js. - 1.3.8b: header.php now uses updated JavaScript