From 3016d694289e308f2b289dcee196952e0f336f90 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 1 Apr 2024 19:36:03 +0200
Subject: [PATCH 001/336] Share REST call code and separate components via
 dependency injection

---
 composer.json                   |   4 +-
 inc/config.php                  |   2 +
 inc/context.php                 |  28 +++++
 inc/driver/http-driver.php      | 151 +++++++++++++++++++++++
 inc/service/captcha-queries.php | 102 ++++++++++++++++
 post.php                        | 208 ++++++++++++++++----------------
 6 files changed, 392 insertions(+), 103 deletions(-)
 create mode 100644 inc/context.php
 create mode 100644 inc/driver/http-driver.php
 create mode 100644 inc/service/captcha-queries.php

diff --git a/composer.json b/composer.json
index ec4a090d..e1951679 100644
--- a/composer.json
+++ b/composer.json
@@ -32,7 +32,9 @@
             "inc/mod/auth.php",
             "inc/lock.php",
             "inc/queue.php",
-            "inc/functions.php"
+            "inc/functions.php",
+            "inc/driver/http-driver.php",
+            "inc/service/captcha-queries.php"
         ]
     },
     "license": "Tinyboard + vichan",
diff --git a/inc/config.php b/inc/config.php
index 0cece593..ffd1b544 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1232,6 +1232,8 @@
 	$config['error']['captcha']		= _('You seem to have mistyped the verification.');
 	$config['error']['flag_undefined']	= _('The flag %s is undefined, your PHP version is too old!');
 	$config['error']['flag_wrongtype']	= _('defined_flags_accumulate(): The flag %s is of the wrong type!');
+	$config['error']['remote_io_error']	= _('IO error while interacting with a remote service.');
+	$config['error']['local_io_error']	= _('IO error while interacting with a local resource or service.');
 
 
 	// Moderator errors
diff --git a/inc/context.php b/inc/context.php
new file mode 100644
index 00000000..5e540bab
--- /dev/null
+++ b/inc/context.php
@@ -0,0 +1,28 @@
+<?php
+namespace Vichan;
+
+defined('TINYBOARD') or exit;
+
+use Vichan\Driver\{HttpDriver, HttpDrivers};
+
+
+interface Context {
+	public function getHttpDriver(): HttpDriver;
+}
+
+class AppContext implements Context {
+	private array $config;
+	private ?HttpDriver $http;
+
+
+	public function __construct(array $config) {
+		$this->config = $config;
+	}
+
+	public function getHttpDriver(): HttpDriver {
+		if (is_null($this->http)) {
+			$this->http = HttpDrivers::getHttpDriver($this->config['upload_by_url_timeout'], $this->config['max_filesize']);
+		}
+		return $this->http;
+	}
+}
diff --git a/inc/driver/http-driver.php b/inc/driver/http-driver.php
new file mode 100644
index 00000000..cfbedfad
--- /dev/null
+++ b/inc/driver/http-driver.php
@@ -0,0 +1,151 @@
+<?php // Honestly this is just a wrapper for cURL. Still useful to mock it and have an OOP API on PHP 7.
+namespace Vichan\Driver;
+
+use RuntimeException;
+
+defined('TINYBOARD') or exit;
+
+
+class HttpDrivers {
+	private const DEFAULT_USER_AGENT = 'Tinyboard';
+
+
+	public static function getHttpDriver(int $timeout, int $max_file_size): HttpDriver {
+		return new HttpDriver($timeout, self::DEFAULT_USER_AGENT, $max_file_size);
+	}
+}
+
+class HttpDriver {
+	private mixed $inner;
+	private int $timeout;
+	private string $user_agent;
+	private int $max_file_size;
+
+
+	private function resetTowards(string $url, int $timeout): void {
+		curl_reset($this->inner);
+		curl_setopt_array($this->inner, array(
+			CURLOPT_URL => $url,
+			CURLOPT_TIMEOUT => $this->timeout,
+			CURLOPT_USERAGENT => $this->user_agent,
+			CURLOPT_PROTOCOLS => CURLPROTO_HTTP | CURLPROTO_HTTPS,
+		));
+	}
+
+	private function setSizeLimit(): void {
+		// Adapted from: https://stackoverflow.com/a/17642638
+		curl_setopt($this->inner, CURLOPT_NOPROGRESS, false);
+
+		if (PHP_MAJOR_VERSION >= 8 && PHP_MINOR_VERSION >= 2) {
+			curl_setopt($this->inner, CURLOPT_XFERINFOFUNCTION, function($res, $next_dl, $dl, $next_up, $up) {
+				return (int)($dl <= $this->max_file_size);
+			});
+		} else {
+			curl_setopt($this->inner, CURLOPT_PROGRESSFUNCTION, function($res, $next_dl, $dl, $next_up, $up) {
+				return (int)($dl <= $this->max_file_size);
+			});
+		}
+	}
+
+	function __construct($timeout, $user_agent, $max_file_size) {
+		$this->inner = curl_init();
+		$this->timeout = $timeout;
+		$this->user_agent = $user_agent;
+		$this->max_file_size = $max_file_size;
+	}
+
+	function __destruct() {
+		curl_close($this->inner);
+	}
+
+	/**
+	 * Execute a GET request.
+	 *
+	 * @param string $endpoint Uri endpoint.
+	 * @param ?array $data Optional GET parameters.
+	 * @param int $timeout Optional request timeout in seconds. Use the default timeout if 0.
+	 * @return string Returns the body of the response.
+	 * @throws RuntimeException Throws on IO error.
+	 */
+	public function requestGet(string $endpoint, ?array $data, int $timeout = 0): string {
+		if (!empty($data)) {
+			$endpoint .= '?' . http_build_query($data);
+		}
+		if ($timeout == 0) {
+			$timeout = $this->timeout;
+		}
+
+		$this->resetTowards($endpoint, $timeout);
+		curl_setopt($this->inner, CURLOPT_RETURNTRANSFER, true);
+		$ret = curl_exec($this->inner);
+
+		if ($ret === false) {
+			throw new \RuntimeException(curl_error($this->inner));
+		}
+		return $ret;
+	}
+
+	/**
+	 * Execute a POST request.
+	 *
+	 * @param string $endpoint Uri endpoint.
+	 * @param ?array $data Optional POST parameters.
+	 * @param int $timeout Optional request timeout in seconds. Use the default timeout if 0.
+	 * @return string Returns the body of the response.
+	 * @throws RuntimeException Throws on IO error.
+	 */
+	public function requestPost(string $endpoint, ?array $data, int $timeout = 0): string {
+		if ($timeout == 0) {
+			$timeout = $this->timeout;
+		}
+
+		$this->resetTowards($endpoint, $timeout);
+		curl_setopt($this->inner, CURLOPT_POST, true);
+		if (!empty($data)) {
+			curl_setopt($this->inner, CURLOPT_POSTFIELDS, http_build_query($data));
+		}
+		curl_setopt($this->inner, CURLOPT_RETURNTRANSFER, true);
+		$ret = curl_exec($this->inner);
+
+		if ($ret === false) {
+			throw new \RuntimeException(curl_error($this->inner));
+		}
+		return $ret;
+	}
+
+	/**
+	 * Download the url's target with curl.
+	 *
+	 * @param string $url Url to the file to download.
+	 * @param ?array $data Optional GET parameters.
+	 * @param resource $fd File descriptor to save the content to.
+	 * @param int $timeout Optional request timeout in seconds. Use the default timeout if 0.
+	 * @return bool Returns true on success, false if the file was too large.
+	 * @throws RuntimeException Throws on IO error.
+	 */
+	public function requestGetInto(string $endpoint, ?array $data, mixed $fd, int $timeout = 0): bool {
+		if (!empty($data)) {
+			$endpoint .= '?' . http_build_query($data);
+		}
+		if ($timeout == 0) {
+			$timeout = $this->timeout;
+		}
+
+		$this->resetTowards($endpoint, $timeout);
+		curl_setopt($this->inner, CURLOPT_FAILONERROR, true);
+		curl_setopt($this->inner, CURLOPT_FOLLOWLOCATION, false);
+		curl_setopt($this->inner, CURLOPT_FILE, $fd);
+		curl_setopt($this->inner, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
+		$this->setSizeLimit();
+		$ret = curl_exec($this->inner);
+
+		if ($ret === false) {
+			if (curl_errno($this->inner) === CURLE_ABORTED_BY_CALLBACK) {
+				return false;
+			}
+
+			throw new \RuntimeException(curl_error($this->inner));
+		}
+		return true;
+	}
+}
diff --git a/inc/service/captcha-queries.php b/inc/service/captcha-queries.php
new file mode 100644
index 00000000..d7966501
--- /dev/null
+++ b/inc/service/captcha-queries.php
@@ -0,0 +1,102 @@
+<?php // Verify captchas server side.
+namespace Vichan\Service;
+
+use Vichan\Driver\HttpDriver;
+
+defined('TINYBOARD') or exit;
+
+
+class RemoteCaptchaQuery {
+	private HttpDriver $http;
+	private string $secret;
+	private string $endpoint;
+
+
+	/**
+	 * Creates a new CaptchaRemoteQueries instance using the google recaptcha service.
+	 *
+	 * @param HttpDriver $http The http client.
+	 * @param string $secret Server side secret.
+	 * @return CaptchaRemoteQueries A new captcha query instance.
+	 */
+	public static function withRecaptcha(HttpDriver $http, string $secret): RemoteCaptchaQuery {
+		return new self($http, $secret, 'https://www.google.com/recaptcha/api/siteverify');
+	}
+
+	/**
+	 * Creates a new CaptchaRemoteQueries instance using the hcaptcha service.
+	 *
+	 * @param HttpDriver $http The http client.
+	 * @param string $secret Server side secret.
+	 * @return CaptchaRemoteQueries A new captcha query instance.
+	 */
+	public static function withHCaptcha(HttpDriver $http, string $secret): RemoteCaptchaQuery {
+		return new self($http, $secret, 'https://hcaptcha.com/siteverify');
+	}
+
+	private function __construct(HttpDriver $http, string $secret, string $endpoint) {
+		$this->http = $http;
+		$this->secret = $secret;
+		$this->endpoint = $endpoint;
+	}
+
+	/**
+	 * Checks if the user at the remote ip passed the captcha.
+	 *
+	 * @param string $response User provided response.
+	 * @param string $remote_ip User ip.
+	 * @return bool Returns true if the user passed the captcha.
+	 * @throws RuntimeException|JsonException Throws on IO errors or if it fails to decode the answer.
+	 */
+	public function verify(string $response, string $remote_ip): bool {
+		$data = array(
+			'secret' => $this->secret,
+			'response' => $response,
+			'remoteip' => $remote_ip
+		);
+
+		$ret = $this->http->requestGet($this->endpoint, $data);
+		$resp = json_decode($ret, true, 16, JSON_THROW_ON_ERROR);
+
+		return isset($resp['success']) && $resp['success'];
+	}
+}
+
+class NativeCaptchaQuery {
+	private HttpDriver $http;
+	private string $domain;
+	private string $provider_check;
+
+
+	/**
+	 * @param HttpDriver $http The http client.
+	 * @param string $domain The server's domain.
+	 * @param string $provider_check Path to the endpoint.
+	 */
+	function __construct(HttpDriver $http, string $domain, string $provider_check) {
+		$this->http = $http;
+		$this->domain = $domain;
+		$this->provider_check = $provider_check;
+	}
+
+	/**
+	 * Checks if the user at the remote ip passed the native vichan captcha.
+	 *
+	 * @param string $extra Extra http parameters.
+	 * @param string $user_text Remote user's text input.
+	 * @param string $user_cookie Remote user cookie.
+	 * @return bool Returns true if the user passed the check.
+	 * @throws RuntimeException Throws on IO errors.
+	 */
+	public function verify(string $extra, string $user_text, string $user_cookie): bool {
+		$data = array(
+			'mode' => 'check',
+			'text' => $user_text,
+			'extra' => $extra,
+			'cookie' => $user_cookie
+		);
+
+		$ret = $this->http->requestGet($this->domain . '/' . $this->provider_check, $data);
+		return $ret === '1';
+	}
+}
diff --git a/post.php b/post.php
index 2cc99071..d43f37a5 100644
--- a/post.php
+++ b/post.php
@@ -5,6 +5,10 @@
 
 require_once 'inc/bootstrap.php';
 
+use Vichan\AppContext;
+use Vichan\Driver\HttpDriver;
+use Vichan\Service\{RemoteCaptchaQuery, NativeCaptchaQuery};
+
 /**
  * Utility functions
  */
@@ -61,54 +65,27 @@ function strip_symbols($input) {
 	}
 }
 
-/**
- * Download the url's target with curl.
- *
- * @param string $url Url to the file to download.
- * @param int $timeout Request timeout in seconds.
- * @param File $fd File descriptor to save the content to.
- * @return null|string Returns a string on error.
- */
-function download_file_into($url, $timeout, $fd) {
-	$err = null;
-	$curl = curl_init();
-	curl_setopt($curl, CURLOPT_URL, $url);
-	curl_setopt($curl, CURLOPT_FAILONERROR, true);
-	curl_setopt($curl, CURLOPT_FOLLOWLOCATION, false);
-	curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);
-	curl_setopt($curl, CURLOPT_TIMEOUT, $timeout);
-	curl_setopt($curl, CURLOPT_USERAGENT, 'Tinyboard');
-	curl_setopt($curl, CURLOPT_FILE, $fd);
-	curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
-	curl_setopt($curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
-
-	if (curl_exec($curl) === false) {
-		$err = curl_error($curl);
-	}
-
-	curl_close($curl);
-	return $err;
-}
-
 /**
  * Download a remote file from the given url.
  * The file is deleted at shutdown.
  *
+ * @param HttpDriver $http The http client.
  * @param string $file_url The url to download the file from.
  * @param int $request_timeout Timeout to retrieve the file.
  * @param array $extra_extensions Allowed file extensions.
  * @param string $tmp_dir Temporary directory to save the file into.
  * @param array $error_array An array with error codes, used to create exceptions on failure.
- * @return array Returns an array describing the file on success.
- * @throws Exception on error.
+ * @return array|false Returns an array describing the file on success, or false if the file was too large
+ * @throws InvalidArgumentException|RuntimeException Throws on invalid arguments and IO errors.
  */
-function download_file_from_url($file_url, $request_timeout, $allowed_extensions, $tmp_dir, &$error_array) {
+function download_file_from_url(HttpDriver $http, $file_url, $request_timeout, $allowed_extensions, $tmp_dir, &$error_array) {
 	if (!preg_match('@^https?://@', $file_url)) {
 		throw new InvalidArgumentException($error_array['invalidimg']);
 	}
 
-	if (mb_strpos($file_url, '?') !== false) {
-		$url_without_params = mb_substr($file_url, 0, mb_strpos($file_url, '?'));
+	$param_idx = mb_strpos($file_url, '?');
+	if ($param_idx !== false) {
+		$url_without_params = mb_substr($file_url, 0, $param_idx);
 	} else {
 		$url_without_params = $file_url;
 	}
@@ -128,10 +105,13 @@ function download_file_from_url($file_url, $request_timeout, $allowed_extensions
 
 	$fd = fopen($tmp_file, 'w');
 
-	$dl_err = download_file_into($fd, $request_timeout, $fd);
-	fclose($fd);
-	if ($dl_err !== null) {
-		throw new Exception($error_array['nomove'] . '<br/>Curl says: ' . $dl_err);
+	try {
+		$success = $http->requestGetInto($url_without_params, null, $fd, $request_timeout);
+		if (!$success) {
+			return false;
+		}
+	} finally {
+		fclose($fd);
 	}
 
 	return array(
@@ -165,6 +145,7 @@ function ocr_image(array $config, string $img_path): string {
 	return trim($ret);
 }
 
+
 /**
  * Trim an image's EXIF metadata
  *
@@ -190,6 +171,7 @@ function strip_image_metadata(string $img_path): int {
  */
 
 $dropped_post = false;
+$context = new AppContext($config);
 
 // Is it a post coming from NNTP? Let's extract it and pretend it's a normal post.
 if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
@@ -487,22 +469,32 @@ if (isset($_POST['delete'])) {
 	if (count($report) > $config['report_limit'])
 		error($config['error']['toomanyreports']);
 
-	if ($config['report_captcha'] && !isset($_POST['captcha_text'], $_POST['captcha_cookie'])) {
-		error($config['error']['bot']);
-	}
 
 	if ($config['report_captcha']) {
-		$ch = curl_init($config['domain'].'/'.$config['captcha']['provider_check'] . "?" . http_build_query([
-			'mode' => 'check',
-			'text' => $_POST['captcha_text'],
-			'extra' => $config['captcha']['extra'],
-			'cookie' => $_POST['captcha_cookie']
-		]));
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-		$resp = curl_exec($ch);
+		if (!isset($_POST['captcha_text'], $_POST['captcha_cookie'])) {
+			error($config['error']['bot']);
+		}
 
-		if ($resp !== '1') {
-			error($config['error']['captcha']);
+		try {
+			$query = new NativeCaptchaQuery(
+				$context->getHttpDriver(),
+				$config['domain'],
+				$config['captcha']['provider_check']
+			);
+			$success = $query->verify(
+				$config['captcha']['extra'],
+				$_POST['captcha_text'],
+				$_POST['captcha_cookie']
+			);
+
+			if (!$success) {
+				error($config['error']['captcha']);
+			}
+		} catch (RuntimeException $e) {
+			if ($config['syslog']) {
+				_syslog(LOG_ERR, "Native captcha IO exception: {$e->getMessage()}");
+			}
+			error($config['error']['local_io_error']);
 		}
 	}
 
@@ -598,62 +590,60 @@ if (isset($_POST['delete'])) {
 		// Check if banned
 		checkBan($board['uri']);
 
-		// Check for CAPTCHA right after opening the board so the "return" link is in there
-		if ($config['recaptcha']) {
-			if (!isset($_POST['g-recaptcha-response']))
-				error($config['error']['bot']);
+		// Check for CAPTCHA right after opening the board so the "return" link is in there.
+		try {
+			// With our custom captcha provider
+			if ($config['captcha']['enabled'] || ($post['op'] && $config['new_thread_capt'])) {
+				$query = new NativeCaptchaQuery($context->getHttpDriver(), $config['domain'], $config['captcha']['provider_check']);
+				$success = $query->verify($config['captcha']['extra'], $_POST['captcha_text'], $_POST['captcha_cookie']);
 
-			// Check what reCAPTCHA has to say...
-			$resp = json_decode(file_get_contents(sprintf('https://www.recaptcha.net/recaptcha/api/siteverify?secret=%s&response=%s&remoteip=%s',
-				$config['recaptcha_private'],
-				urlencode($_POST['g-recaptcha-response']),
-				$_SERVER['REMOTE_ADDR'])), true);
-
-			if (!$resp['success']) {
-				error($config['error']['captcha']);
+				if (!$success) {
+					error(
+						$config['error']['captcha']
+						. '<script>if (actually_load_captcha !== undefined) actually_load_captcha("'
+						. $config['captcha']['provider_get']
+						.'", "'
+						. $config['captcha']['extra']
+						. '");</script>'
+					);
+				}
 			}
-		}
-		// hCaptcha
-		if ($config['hcaptcha']) {
-			if (!isset($_POST['h-captcha-response'])) {
-				error($config['error']['bot']);
+			// Remote 3rd party captchas.
+			else {
+				// recaptcha
+				if ($config['recaptcha']) {
+					if (!isset($_POST['g-recaptcha-response'])) {
+						error($config['error']['bot']);
+					}
+					$response = $_POST['g-recaptcha-response'];
+					$query = RemoteCaptchaQuery::withRecaptcha($context->getHttpDriver(), $config['recaptcha_private']);
+				}
+				// hCaptcha
+				elseif ($config['hcaptcha']) {
+					if (!isset($_POST['h-captcha-response'])) {
+						error($config['error']['bot']);
+					}
+					$response = $_POST['g-recaptcha-response'];
+					$query = RemoteCaptchaQuery::withHCaptcha($context->getHttpDriver(), $config['hcaptcha_private']);
+				}
+
+				$success = $query->verify($response, $_SERVER['REMOTE_ADDR']);
+				if (!$success) {
+					error($config['error']['captcha']);
+				}
 			}
-
-			$data = array(
-				'secret' => $config['hcaptcha_private'],
-				'response' => $_POST['h-captcha-response'],
-				'remoteip' => $_SERVER['REMOTE_ADDR']
-			);
-
-			$hcaptchaverify = curl_init();
-			curl_setopt($hcaptchaverify, CURLOPT_URL, "https://hcaptcha.com/siteverify");
-			curl_setopt($hcaptchaverify, CURLOPT_POST, true);
-			curl_setopt($hcaptchaverify, CURLOPT_POSTFIELDS, http_build_query($data));
-			curl_setopt($hcaptchaverify, CURLOPT_RETURNTRANSFER, true);
-			$hcaptcharesponse = curl_exec($hcaptchaverify);
-
-			$resp = json_decode($hcaptcharesponse, true); // Decoding $hcaptcharesponse instead of $response
-
-			if (!$resp['success']) {
-				error($config['error']['captcha']);
+		} catch (RuntimeException $e) {
+			if ($config['syslog']) {
+				_syslog(LOG_ERR, "Captcha IO exception: {$e->getMessage()}");
 			}
+			error($config['error']['remote_io_error']);
+		} catch (JsonException $e) {
+			if ($config['syslog']) {
+				_syslog(LOG_ERR, "Bad JSON reply to captcha: {$e->getMessage()}");
+			}
+			error($config['error']['remote_io_error']);
 		}
-		// Same, but now with our custom captcha provider
- 		if (($config['captcha']['enabled']) || (($post['op']) && ($config['new_thread_capt'])) ) {
-		$ch = curl_init($config['domain'].'/'.$config['captcha']['provider_check'] . "?" . http_build_query([
-			'mode' => 'check',
-			'text' => $_POST['captcha_text'],
-			'extra' => $config['captcha']['extra'],
-			'cookie' => $_POST['captcha_cookie']
-		]));
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-		$resp = curl_exec($ch);
 
-		if ($resp !== '1') {
-			error($config['error']['captcha'] .
-				'<script>if (actually_load_captcha !== undefined) actually_load_captcha("'.$config['captcha']['provider_get'].'", "'.$config['captcha']['extra'].'");</script>');
-		}
-	}
 
 		if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
 			(!$post['op'] && $_POST['post'] == $config['button_reply'])))
@@ -757,7 +747,21 @@ if (isset($_POST['delete'])) {
 		}
 
 		try {
-			$_FILES['file'] = download_file_from_url($_POST['file_url'], $config['upload_by_url_timeout'], $allowed_extensions, $config['tmp'], $config['error']);
+			$ret = download_file_from_url(
+				$context->getHttpDriver(),
+				$_POST['file_url'],
+				$config['upload_by_url_timeout'],
+				$allowed_extensions,
+				$config['tmp'],
+				$config['error']
+			);
+			if ($ret === false) {
+				error(sprintf3($config['error']['filesize'], array(
+					'filesz' => 'more than that',
+					'maxsz' => number_format($config['max_filesize'])
+				)));
+			}
+			$_FILES['file'] = $ret;
 		} catch (Exception $e) {
 			error($e->getMessage());
 		}

From 650ef8bcc28f7d364fc55f30ea19c6985d54fe30 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 1 Apr 2024 19:36:37 +0200
Subject: [PATCH 002/336] Fix crash if no captcha is enabled

---
 post.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/post.php b/post.php
index d43f37a5..954b2ed5 100644
--- a/post.php
+++ b/post.php
@@ -627,9 +627,11 @@ if (isset($_POST['delete'])) {
 					$query = RemoteCaptchaQuery::withHCaptcha($context->getHttpDriver(), $config['hcaptcha_private']);
 				}
 
-				$success = $query->verify($response, $_SERVER['REMOTE_ADDR']);
-				if (!$success) {
-					error($config['error']['captcha']);
+				if (isset($query, $response)) {
+					$success = $query->verify($response, $_SERVER['REMOTE_ADDR']);
+					if (!$success) {
+						error($config['error']['captcha']);
+					}
 				}
 			}
 		} catch (RuntimeException $e) {

From 8120c42440ad6e74017b0c5b0cdf07355228c3b3 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 1 Apr 2024 19:46:04 +0200
Subject: [PATCH 003/336] Format injected javascript on failed native captcha

---
 post.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/post.php b/post.php
index 954b2ed5..6fdbfc0b 100644
--- a/post.php
+++ b/post.php
@@ -599,12 +599,14 @@ if (isset($_POST['delete'])) {
 
 				if (!$success) {
 					error(
-						$config['error']['captcha']
-						. '<script>if (actually_load_captcha !== undefined) actually_load_captcha("'
-						. $config['captcha']['provider_get']
-						.'", "'
-						. $config['captcha']['extra']
-						. '");</script>'
+						"{$config['error']['captcha']}
+						<script>
+							if (actually_load_captcha !== undefined)
+								actually_load_captcha(
+									\"{$config['captcha']['provider_get']}\",
+									\"{$config['captcha']['extra']}\"
+								);
+						</script>"
 					);
 				}
 			}

From 00b05099f33257bd33ebb1548bec3664b653e235 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 16 Feb 2024 14:18:55 +0100
Subject: [PATCH 004/336] Format lock.php

---
 inc/lock.php | 68 +++++++++++++++++++++++++++-------------------------
 1 file changed, 36 insertions(+), 32 deletions(-)

diff --git a/inc/lock.php b/inc/lock.php
index 4fb2f5df..23c0bce4 100644
--- a/inc/lock.php
+++ b/inc/lock.php
@@ -1,39 +1,43 @@
 <?php
 class Lock {
-  function __construct($key) { global $config;
-    if ($config['lock']['enabled'] == 'fs') {
-      $key = str_replace('/', '::', $key);
-      $key = str_replace("\0", '', $key);
+	function __construct($key) {
+		global $config;
+		if ($config['lock']['enabled'] == 'fs') {
+			$key = str_replace('/', '::', $key);
+			$key = str_replace("\0", '', $key);
 
-      $this->f = fopen("tmp/locks/$key", "w");
-    }
-  }
+			$this->f = fopen("tmp/locks/$key", "w");
+		}
+	}
 
-  // Get a shared lock
-  function get($nonblock = false) { global $config;
-    if ($config['lock']['enabled'] == 'fs') {
-      $wouldblock = false;
-      flock($this->f, LOCK_SH | ($nonblock ? LOCK_NB : 0), $wouldblock);
-      if ($nonblock && $wouldblock) return false;
-    }
-    return $this;
-  }
+	// Get a shared lock
+	function get($nonblock = false) {
+		global $config;
+		if ($config['lock']['enabled'] == 'fs') {
+			$wouldblock = false;
+			flock($this->f, LOCK_SH | ($nonblock ? LOCK_NB : 0), $wouldblock);
+			if ($nonblock && $wouldblock) return false;
+		}
+		return $this;
+	}
 
-  // Get an exclusive lock
-  function get_ex($nonblock = false) { global $config;
-    if ($config['lock']['enabled'] == 'fs') {
-      $wouldblock = false;
-      flock($this->f, LOCK_EX | ($nonblock ? LOCK_NB : 0), $wouldblock);
-      if ($nonblock && $wouldblock) return false;
-    }
-    return $this;
-  }
+	// Get an exclusive lock
+	function get_ex($nonblock = false) {
+		global $config;
+		if ($config['lock']['enabled'] == 'fs') {
+			$wouldblock = false;
+			flock($this->f, LOCK_EX | ($nonblock ? LOCK_NB : 0), $wouldblock);
+			if ($nonblock && $wouldblock) return false;
+		}
+		return $this;
+	}
 
-  // Free a lock
-  function free() { global $config;
-    if ($config['lock']['enabled'] == 'fs') {
-      flock($this->f, LOCK_UN);
-    }
-    return $this;
-  }
+	// Free a lock
+	function free() {
+		global $config;
+		if ($config['lock']['enabled'] == 'fs') {
+			flock($this->f, LOCK_UN);
+		}
+		return $this;
+	}
 }

From 760431606d1309180929eda8f203d65a42039bf6 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 16 Feb 2024 14:47:20 +0100
Subject: [PATCH 005/336] Refactor lock.php

---
 inc/lock.php  | 105 +++++++++++++++++++++++++++++++++++---------------
 inc/queue.php |   2 +-
 2 files changed, 74 insertions(+), 33 deletions(-)

diff --git a/inc/lock.php b/inc/lock.php
index 23c0bce4..5a83562a 100644
--- a/inc/lock.php
+++ b/inc/lock.php
@@ -1,43 +1,84 @@
 <?php
-class Lock {
-	function __construct($key) {
-		global $config;
-		if ($config['lock']['enabled'] == 'fs') {
-			$key = str_replace('/', '::', $key);
-			$key = str_replace("\0", '', $key);
 
-			$this->f = fopen("tmp/locks/$key", "w");
+class Locks {
+	private static function filesystem(string $key): Lock|false {
+		$key = str_replace('/', '::', $key);
+		$key = str_replace("\0", '', $key);
+
+		$fd = fopen("tmp/locks/$key", "w");
+		if ($fd === false) {
+			return false;
 		}
+
+		return new class($fd) implements Lock {
+			// Resources have no type in php.
+			private mixed $f;
+
+
+			function __construct($fd) {
+				$this->f = $fd;
+			}
+
+			public function get(bool $nonblock = false): Lock|false {
+				$wouldblock = false;
+				flock($this->f, LOCK_SH | ($nonblock ? LOCK_NB : 0), $wouldblock);
+				if ($nonblock && $wouldblock) {
+					return false;
+				}
+				return $this;
+			}
+
+			public function get_ex(bool $nonblock = false): Lock|false {
+				$wouldblock = false;
+				flock($this->f, LOCK_EX | ($nonblock ? LOCK_NB : 0), $wouldblock);
+				if ($nonblock && $wouldblock) {
+					return false;
+				}
+				return $this;
+			}
+
+			public function free(): Lock {
+				flock($this->f, LOCK_UN);
+				return $this;
+			}
+		};
 	}
 
-	// Get a shared lock
-	function get($nonblock = false) {
-		global $config;
-		if ($config['lock']['enabled'] == 'fs') {
-			$wouldblock = false;
-			flock($this->f, LOCK_SH | ($nonblock ? LOCK_NB : 0), $wouldblock);
-			if ($nonblock && $wouldblock) return false;
-		}
-		return $this;
+	/**
+	 * No-op. Can be used for mocking.
+	 */
+	public static function none(): Lock|false {
+		return new class() implements Lock {
+			public function get(bool $nonblock = false): Lock|false {
+				return $this;
+			}
+
+			public function get_ex(bool $nonblock = false): Lock|false {
+				return $this;
+			}
+
+			public function free(): Lock {
+				return $this;
+			}
+		};
 	}
 
-	// Get an exclusive lock
-	function get_ex($nonblock = false) {
-		global $config;
+	public static function get_lock(array $config, string $key): Lock|false {
 		if ($config['lock']['enabled'] == 'fs') {
-			$wouldblock = false;
-			flock($this->f, LOCK_EX | ($nonblock ? LOCK_NB : 0), $wouldblock);
-			if ($nonblock && $wouldblock) return false;
+			return self::filesystem($key);
+		} else {
+			return self::none();
 		}
-		return $this;
-	}
-
-	// Free a lock
-	function free() {
-		global $config;
-		if ($config['lock']['enabled'] == 'fs') {
-			flock($this->f, LOCK_UN);
-		}
-		return $this;
 	}
 }
+
+interface Lock {
+	// Get a shared lock
+	public function get(bool $nonblock = false): Lock|false;
+
+	// Get an exclusive lock
+	public function get_ex(bool $nonblock = false): Lock|false;
+
+	// Free a lock
+	public function free(): Lock;
+}
diff --git a/inc/queue.php b/inc/queue.php
index 66305b3b..a3873491 100644
--- a/inc/queue.php
+++ b/inc/queue.php
@@ -3,7 +3,7 @@
 class Queue {
   function __construct($key) { global $config;
     if ($config['queue']['enabled'] == 'fs') {
-      $this->lock = new Lock($key);
+      $this->lock = Locks::get_lock($config, $key);
       $key = str_replace('/', '::', $key);
       $key = str_replace("\0", '', $key);
       $this->key = "tmp/queue/$key/";

From 55034762b07cdcb143c4daa42ba26c52260094a9 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 16 Feb 2024 14:48:42 +0100
Subject: [PATCH 006/336] Format queue.php

---
 inc/queue.php | 74 +++++++++++++++++++++++++--------------------------
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/inc/queue.php b/inc/queue.php
index a3873491..2801170e 100644
--- a/inc/queue.php
+++ b/inc/queue.php
@@ -1,49 +1,49 @@
 <?php
 
 class Queue {
-  function __construct($key) { global $config;
-    if ($config['queue']['enabled'] == 'fs') {
-      $this->lock = Locks::get_lock($config, $key);
-      $key = str_replace('/', '::', $key);
-      $key = str_replace("\0", '', $key);
-      $this->key = "tmp/queue/$key/";
-    }
-  }
+	function __construct($key) { global $config;
+		if ($config['queue']['enabled'] == 'fs') {
+			$this->lock = Locks::get_lock($config, $key);
+			$key = str_replace('/', '::', $key);
+			$key = str_replace("\0", '', $key);
+			$this->key = "tmp/queue/$key/";
+		}
+	}
 
-  function push($str) { global $config;
-    if ($config['queue']['enabled'] == 'fs') {
-      $this->lock->get_ex();
-      file_put_contents($this->key.microtime(true), $str);
-      $this->lock->free();
-    }
-    return $this;
-  }
+	function push($str) { global $config;
+		if ($config['queue']['enabled'] == 'fs') {
+			$this->lock->get_ex();
+			file_put_contents($this->key.microtime(true), $str);
+			$this->lock->free();
+		}
+		return $this;
+	}
 
-  function pop($n = 1) { global $config;
-    if ($config['queue']['enabled'] == 'fs') {
-      $this->lock->get_ex();
-      $dir = opendir($this->key);
-      $paths = array();
-      while ($n > 0) {
-        $path = readdir($dir);
-        if ($path === FALSE) break;
-        elseif ($path == '.' || $path == '..') continue;
-        else { $paths[] = $path; $n--; }
-      }
-      $out = array();
-      foreach ($paths as $v) {
-        $out []= file_get_contents($this->key.$v);
-        unlink($this->key.$v);
-      }
-      $this->lock->free();
-      return $out;
-    }
-  }
+	function pop($n = 1) { global $config;
+		if ($config['queue']['enabled'] == 'fs') {
+			$this->lock->get_ex();
+			$dir = opendir($this->key);
+			$paths = array();
+			while ($n > 0) {
+				$path = readdir($dir);
+				if ($path === FALSE) break;
+				elseif ($path == '.' || $path == '..') continue;
+				else { $paths[] = $path; $n--; }
+			}
+			$out = array();
+			foreach ($paths as $v) {
+				$out []= file_get_contents($this->key.$v);
+				unlink($this->key.$v);
+			}
+			$this->lock->free();
+			return $out;
+		}
+	}
 }
 
 // Don't use the constructor. Use the get_queue function.
 $queues = array();
 
 function get_queue($name) { global $queues;
-  return $queues[$name] = isset ($queues[$name]) ? $queues[$name] : new Queue($name);
+	return $queues[$name] = isset ($queues[$name]) ? $queues[$name] : new Queue($name);
 }

From e61ed35aa06c633db93903d64244a3f82221586f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 16 Feb 2024 15:18:17 +0100
Subject: [PATCH 007/336] Refactor queue.php

---
 inc/functions.php |  12 ++++-
 inc/queue.php     | 121 ++++++++++++++++++++++++++++++++--------------
 2 files changed, 95 insertions(+), 38 deletions(-)

diff --git a/inc/functions.php b/inc/functions.php
index 50e0ca38..5890da8a 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -2918,8 +2918,16 @@ function generation_strategy($fun, $array=array()) { global $config;
 			return 'rebuild';
 		case 'defer':
 			// Ok, it gets interesting here :)
-			get_queue('generate')->push(serialize(array('build', $fun, $array, $action)));
-			return 'ignore';
+			$queue = Queues::get_queue($config, 'generate');
+			if ($queue === false) {
+				if ($config['syslog']) {
+					_syslog(LOG_ERR, "Could not initialize generate queue, falling back to immediate rebuild strategy");
+				}
+				return 'rebuild';
+			} else {
+				$queue->push(serialize(array('build', $fun, $array, $action)));
+				return 'ignore';
+			}
 		case 'build_on_load':
 			return 'delete';
 	}
diff --git a/inc/queue.php b/inc/queue.php
index 2801170e..0ecd1e3c 100644
--- a/inc/queue.php
+++ b/inc/queue.php
@@ -1,49 +1,98 @@
 <?php
 
-class Queue {
-	function __construct($key) { global $config;
-		if ($config['queue']['enabled'] == 'fs') {
-			$this->lock = Locks::get_lock($config, $key);
-			$key = str_replace('/', '::', $key);
-			$key = str_replace("\0", '', $key);
-			$this->key = "tmp/queue/$key/";
-		}
+class Queues {
+	private static $queues = array();
+
+
+	/**
+	 * This queue implementation isn't actually ordered, so it works more as a "bag".
+	 */
+	private static function filesystem(string $key, Lock $lock): Queue {
+		$key = str_replace('/', '::', $key);
+		$key = str_replace("\0", '', $key);
+		$key = "tmp/queue/$key/";
+
+		return new class($key, $lock) implements Queue {
+			private Lock $lock;
+			private string $key;
+
+
+			function __construct(string $key, Lock $lock) {
+				$this->lock = $lock;
+				$this->key = $key;
+			}
+
+			public function push(string $str): Queue {
+				$this->lock->get_ex();
+				file_put_contents($this->key . microtime(true), $str);
+				$this->lock->free();
+				return $this;
+			}
+
+			public function pop(int $n = 1): array {
+				$this->lock->get_ex();
+				$dir = opendir($this->key);
+				$paths = array();
+
+				while ($n > 0) {
+					$path = readdir($dir);
+					if ($path === false) {
+						break;
+					} elseif ($path == '.' || $path == '..') {
+						continue;
+					} else {
+						$paths[] = $path;
+						$n--;
+					}
+				}
+
+				$out = array();
+				foreach ($paths as $v) {
+					$out[] = file_get_contents($this->key . $v);
+					unlink($this->key . $v);
+				}
+
+				$this->lock->free();
+				return $out;
+			}
+		};
 	}
 
-	function push($str) { global $config;
-		if ($config['queue']['enabled'] == 'fs') {
-			$this->lock->get_ex();
-			file_put_contents($this->key.microtime(true), $str);
-			$this->lock->free();
-		}
-		return $this;
+	/**
+	 * No-op. Can be used for mocking.
+	 */
+	public static function none(): Queue {
+		return new class() implements Queue {
+			public function push(string $str): Queue {
+				return $this;
+			}
+
+			public function pop(int $n = 1): array {
+				return array();
+			}
+		};
 	}
 
-	function pop($n = 1) { global $config;
-		if ($config['queue']['enabled'] == 'fs') {
-			$this->lock->get_ex();
-			$dir = opendir($this->key);
-			$paths = array();
-			while ($n > 0) {
-				$path = readdir($dir);
-				if ($path === FALSE) break;
-				elseif ($path == '.' || $path == '..') continue;
-				else { $paths[] = $path; $n--; }
+	public static function get_queue(array $config, string $name): Queue|false {
+		if (!isset(self::$queues[$name])) {
+			if ($config['queue']['enabled'] == 'fs') {
+				$lock = Locks::get_lock($config, $name);
+				if ($lock === false) {
+					return false;
+				}
+				self::$queues[$name] = self::filesystem($name, $lock);
+			} else {
+				self::$queues[$name] = self::none();
 			}
-			$out = array();
-			foreach ($paths as $v) {
-				$out []= file_get_contents($this->key.$v);
-				unlink($this->key.$v);
-			}
-			$this->lock->free();
-			return $out;
 		}
+		return self::$queues[$name];
 	}
 }
 
-// Don't use the constructor. Use the get_queue function.
-$queues = array();
+interface Queue {
+	// Push a string in the queue.
+	public function push(string $str): Queue;
 
-function get_queue($name) { global $queues;
-	return $queues[$name] = isset ($queues[$name]) ? $queues[$name] : new Queue($name);
+	// Get a string from the queue.
+	public function pop(int $n = 1): array;
 }

From 09dc44ec406cdfc12d4d9a0be7f37caa1e5a7ba8 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Mon, 11 Mar 2024 10:31:19 +0100
Subject: [PATCH 008/336] functions.php: trim

---
 inc/functions.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/inc/functions.php b/inc/functions.php
index 5890da8a..ad69e55a 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -428,10 +428,10 @@ function rebuildThemes($action, $boardname = false) {
 		$board = $_board;
 
 		// Reload the locale
-	        if ($config['locale'] != $current_locale) {
-	                $current_locale = $config['locale'];
-	                init_locale($config['locale']);
-	        }
+		if ($config['locale'] != $current_locale) {
+			$current_locale = $config['locale'];
+			init_locale($config['locale']);
+		}
 
 		if (PHP_SAPI === 'cli') {
 			echo "Rebuilding theme ".$theme['theme']."... ";
@@ -450,8 +450,8 @@ function rebuildThemes($action, $boardname = false) {
 
 	// Reload the locale
 	if ($config['locale'] != $current_locale) {
-	        $current_locale = $config['locale'];
-	        init_locale($config['locale']);
+		$current_locale = $config['locale'];
+		init_locale($config['locale']);
 	}
 }
 

From f47332cdffb00cfe33cb5371de6e0a3d300e25f7 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 16 Feb 2024 15:48:18 +0100
Subject: [PATCH 009/336] Allow queue push to fail gracefully

---
 inc/functions.php | 11 ++++++++---
 inc/queue.php     | 12 ++++++------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/inc/functions.php b/inc/functions.php
index ad69e55a..71231203 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -2924,10 +2924,15 @@ function generation_strategy($fun, $array=array()) { global $config;
 					_syslog(LOG_ERR, "Could not initialize generate queue, falling back to immediate rebuild strategy");
 				}
 				return 'rebuild';
-			} else {
-				$queue->push(serialize(array('build', $fun, $array, $action)));
-				return 'ignore';
 			}
+			$ret = $queue->push(serialize(array('build', $fun, $array, $action)));
+			if ($ret === false) {
+				if ($config['syslog']) {
+					_syslog(LOG_ERR, "Could not push item in the queue, falling back to immediate rebuild strategy");
+				}
+				return 'rebuild';
+			}
+			return 'ignore';
 		case 'build_on_load':
 			return 'delete';
 	}
diff --git a/inc/queue.php b/inc/queue.php
index 0ecd1e3c..a5905c84 100644
--- a/inc/queue.php
+++ b/inc/queue.php
@@ -22,11 +22,11 @@ class Queues {
 				$this->key = $key;
 			}
 
-			public function push(string $str): Queue {
+			public function push(string $str): bool {
 				$this->lock->get_ex();
-				file_put_contents($this->key . microtime(true), $str);
+				$ret = file_put_contents($this->key . microtime(true), $str);
 				$this->lock->free();
-				return $this;
+				return $ret !== false;
 			}
 
 			public function pop(int $n = 1): array {
@@ -63,8 +63,8 @@ class Queues {
 	 */
 	public static function none(): Queue {
 		return new class() implements Queue {
-			public function push(string $str): Queue {
-				return $this;
+			public function push(string $str): bool {
+				return true;
 			}
 
 			public function pop(int $n = 1): array {
@@ -91,7 +91,7 @@ class Queues {
 
 interface Queue {
 	// Push a string in the queue.
-	public function push(string $str): Queue;
+	public function push(string $str): bool;
 
 	// Get a string from the queue.
 	public function pop(int $n = 1): array;

From 542c9f3342ed712c2758765ebb9677afa6bc8edf Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Mon, 12 Feb 2024 12:45:47 +0100
Subject: [PATCH 010/336] Remove check-updates functionality. It relies on the
 defunct vichan.net website, no point keeping it around.

---
 inc/config.php    |  5 -----
 inc/mod/pages.php | 54 -----------------------------------------------
 2 files changed, 59 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 0cece593..c42328fa 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -36,11 +36,6 @@
 	// $config['global_message'] = 'This is an important announcement!';
 	$config['blotter'] = &$config['global_message'];
 
-	// Automatically check if a newer version of vichan is available when an administrator logs in.
-	$config['check_updates'] = false;
-	// How often to check for updates
-	$config['check_updates_time'] = 43200; // 12 hours
-
 	// Shows some extra information at the bottom of pages. Good for development/debugging.
 	$config['debug'] = false;
 	// For development purposes. Displays (and "dies" on) all errors and warnings. Turn on with the above.
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 1e803424..16072b9d 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -107,60 +107,6 @@ function mod_dashboard() {
 	$query = query('SELECT COUNT(*) FROM ``ban_appeals``') or error(db_error($query));
 	$args['appeals'] = $query->fetchColumn();
 
-	if ($mod['type'] >= ADMIN && $config['check_updates']) {
-		if (!$config['version'])
-			error(_('Could not find current version! (Check .installed)'));
-
-		if (isset($_COOKIE['update'])) {
-			$latest = unserialize($_COOKIE['update']);
-		} else {
-			$ctx = stream_context_create(array('http' => array('timeout' => 5)));
-			if ($code = @file_get_contents('http://engine.vichan.info/version.txt', 0, $ctx)) {
-				$ver = strtok($code, "\n");
-
-				if (preg_match('@^// v(\d+)\.(\d+)\.(\d+)\s*?$@', $ver, $matches)) {
-					$latest = array(
-						'massive' => $matches[1],
-						'major' => $matches[2],
-						'minor' => $matches[3]
-					);
-					if (preg_match('/(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $matches)) {
-						$current = array(
-							'massive' => (int) $matches[1],
-							'major' => (int) $matches[2],
-							'minor' => (int) $matches[3]
-						);
-						if (isset($m[4])) {
-							// Development versions are always ahead in the versioning numbers
-							$current['minor'] --;
-						}
-						// Check if it's newer
-						if (!(	$latest['massive'] > $current['massive'] ||
-							$latest['major'] > $current['major'] ||
-								($latest['massive'] == $current['massive'] &&
-									$latest['major'] == $current['major'] &&
-									$latest['minor'] > $current['minor']
-								)))
-							$latest = false;
-					} else {
-						$latest = false;
-					}
-				} else {
-					// Couldn't get latest version
-					$latest = false;
-				}
-			} else {
-				// Couldn't get latest version
-				$latest = false;
-			}
-
-			setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
-		}
-
-		if ($latest)
-			$args['newer_release'] = $latest;
-	}
-
 	$args['logout_token'] = make_secure_link_token('logout');
 
 	mod_page(_('Dashboard'), $config['file_mod_dashboard'], $args);

From 9a014e855741405ad2f33047f6a27d83736dd7da Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 16:11:54 +0200
Subject: [PATCH 011/336] template.php: fix deprecated string interning syntax

---
 inc/template.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/template.php b/inc/template.php
index 0362111c..fb75aaf6 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -58,7 +58,7 @@ function Element($templateFile, array $options) {
 	}
 	
 	// Read the template file
-	if (@file_get_contents("{$config['dir']['template']}/${templateFile}")) {
+	if (@file_get_contents("{$config['dir']['template']}/{$templateFile}")) {
 		$body = $twig->render($templateFile, $options);
 		
 		if ($config['minify_html'] && preg_match('/\.html$/', $templateFile)) {
@@ -67,7 +67,7 @@ function Element($templateFile, array $options) {
 		
 		return $body;
 	} else {
-		throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
+		throw new Exception("Template file '{$templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
 	}
 }
 

From 7479360aad2764eaf34d2dd4399535b70bebb718 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 17:18:52 +0200
Subject: [PATCH 012/336] catalog.html: format template

---
 templates/themes/catalog/catalog.html | 68 +++++++++++++--------------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/templates/themes/catalog/catalog.html b/templates/themes/catalog/catalog.html
index 34202907..de7d1461 100644
--- a/templates/themes/catalog/catalog.html
+++ b/templates/themes/catalog/catalog.html
@@ -19,24 +19,24 @@
 		</div>
 	</header>
 
-        <span>{% trans 'Sort by' %}: </span>
-        <select id="sort_by" style="display: inline-block">
-                <option selected value="bump:desc">{% trans 'Bump order' %}</option>
-                <option value="time:desc">{% trans 'Creation date' %}</option>
-                <option value="reply:desc">{% trans 'Reply count' %}</option>
-                <option value="random:desc">{% trans 'Random' %}</option>
-        </select>
- 
-        <span>{% trans 'Image size' %}: </span>
-        <select id="image_size" style="display: inline-block">
-                <option value="vsmall">{% trans 'Very small' %}</option>
-                <option selected value="small">{% trans 'Small' %}</option>
-                <option value="large">{% trans 'Large' %}</option>
-        </select>
-        <div class="threads">
-                <div id="Grid">
-                {% for post in recent_posts %}
-                        <div class="mix"
+	<span>{% trans 'Sort by' %}: </span>
+	<select id="sort_by" style="display: inline-block">
+		<option selected value="bump:desc">{% trans 'Bump order' %}</option>
+		<option value="time:desc">{% trans 'Creation date' %}</option>
+		<option value="reply:desc">{% trans 'Reply count' %}</option>
+		<option value="random:desc">{% trans 'Random' %}</option>
+	</select>
+
+	<span>{% trans 'Image size' %}: </span>
+	<select id="image_size" style="display: inline-block">
+		<option value="vsmall">{% trans 'Very small' %}</option>
+		<option selected value="small">{% trans 'Small' %}</option>
+		<option value="large">{% trans 'Large' %}</option>
+	</select>
+	<div class="threads">
+		<div id="Grid">
+		{% for post in recent_posts %}
+			<div class="mix"
 				data-reply="{{ post.reply_count }}"
 				 data-bump="{{ post.bump }}"
 				 data-time="{{ post.time }}"
@@ -44,18 +44,18 @@
 				 data-sticky="{% if post.sticky %}true{% else %}false{% endif %}"
 				 data-locked="{% if post.locked %}true{% else %}false{% endif %}"
 			>
-                                <div class="thread grid-li grid-size-small">  
-                                        <a href="{{post.link}}">  
+				<div class="thread grid-li grid-size-small">
+					<a href="{{post.link}}">
 						{% if post.youtube %}
-							<img src="//img.youtube.com/vi/{{ post.youtube }}/0.jpg" 
+							<img src="//img.youtube.com/vi/{{ post.youtube }}/0.jpg"
 						{% else %}
-							<img src="{{post.file}}" 
+							<img src="{{post.file}}"
 						{% endif %}
-                                                 id="img-{{ post.id }}" data-subject="{% if post.subject %}{{ post.subject|e }}{% endif %}" data-name="{{ post.name|e }}" data-muhdifference="{{ post.muhdifference }}" class="{{post.board}} thread-image" title="{{post.bump|date('%b %d %H:%M')}}">
-                                        </a>
-                                                <div class="replies">
-                                                        <strong>R: {{ post.reply_count }} / I: {{ post.image_count }}{% if post.sticky %} (sticky){% endif %}</strong>
-                                                        {% if post.subject %}
+						 id="img-{{ post.id }}" data-subject="{% if post.subject %}{{ post.subject|e }}{% endif %}" data-name="{{ post.name|e }}" data-muhdifference="{{ post.muhdifference }}" class="{{post.board}} thread-image" title="{{post.bump|date('%b %d %H:%M')}}">
+					</a>
+						<div class="replies">
+							<strong>R: {{ post.reply_count }} / I: {{ post.image_count }}{% if post.sticky %} (sticky){% endif %}</strong>
+							{% if post.subject %}
 								<p class="intro">
 									<span class="subject">
 										{{ post.subject|e }}
@@ -66,13 +66,13 @@
 							{% endif %}
 
 								{{ post.body }}
-                                                </div>
-                                </div>
-                        </div>
-                {% endfor %}
-                </div>
-        </div>
-	
+						</div>
+				</div>
+			</div>
+		{% endfor %}
+		</div>
+	</div>
+
 	<hr/>
 	{% include 'footer.html' %}
 	<script type="text/javascript">{% verbatim %}

From 1fa60e7386d8c20907c39460fcb32f5041c553ec Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 17:19:45 +0200
Subject: [PATCH 013/336] index.hmtl: trim template

---
 templates/themes/basic/index.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/themes/basic/index.html b/templates/themes/basic/index.html
index 231d73d3..98cd0e39 100644
--- a/templates/themes/basic/index.html
+++ b/templates/themes/basic/index.html
@@ -17,7 +17,7 @@
 		<h1>{{ settings.title }}</h1>
 		<div class="subtitle">{{ settings.subtitle }}</div>
 	</header>
-	
+
 	<div class="ban">
 		{% if news|length == 0 %}
 			<p style="text-align:center" class="unimportant">(No news to show.)</p>
@@ -35,7 +35,7 @@
 			{% endfor %}
 		{% endif %}
 	</div>
-	
+
 	<hr/>
 		{% include 'footer.html' %}
 </body>

From 4ffe91e384648f3c368fea9ed3fa3e9a5136ef17 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 17:14:49 +0200
Subject: [PATCH 014/336] templates: substitute deprecated functions

---
 inc/config.php                        | 8 ++++----
 inc/template.php                      | 8 ++------
 templates/post/time.html              | 2 +-
 templates/themes/basic/index.html     | 2 +-
 templates/themes/catalog/catalog.html | 2 +-
 templates/themes/sitemap/sitemap.xml  | 2 +-
 6 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 0cece593..dae61ce6 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -976,11 +976,11 @@
 
 	// Timezone to use for displaying dates/times.
 	$config['timezone'] = 'America/Los_Angeles';
-	// The format string passed to strftime() for displaying dates.
-	// http://www.php.net/manual/en/function.strftime.php
-	$config['post_date'] = '%m/%d/%y (%a) %H:%M:%S';
+	// The format string passed to date_format() for displaying dates. ISO 8601-like by default.
+	// https://www.php.net/manual/en/datetime.format.php
+	$config['post_date'] = 'd-m-Y (D) H:i:s';
 	// Same as above, but used for "you are banned' pages.
-	$config['ban_date'] = '%A %e %B, %Y';
+	$config['ban_date'] = 'l j F, Y';
 
 	// The names on the post buttons. (On most imageboards, these are both just "Post").
 	$config['button_newtopic'] = _('New Topic');
diff --git a/inc/template.php b/inc/template.php
index fb75aaf6..12d398d7 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -113,7 +113,6 @@ class Tinyboard extends Twig\Extension\AbstractExtension
 		return array(
 			new Twig\TwigFunction('time', 'time'),
 			new Twig\TwigFunction('floor', 'floor'),
-			new Twig\TwigFunction('timezone', 'twig_timezone_function'),
 			new Twig\TwigFunction('hiddenInputs', 'hiddenInputs'),
 			new Twig\TwigFunction('hiddenInputsHash', 'hiddenInputsHash'),
 			new Twig\TwigFunction('ratio', 'twig_ratio_function'),
@@ -134,17 +133,14 @@ class Tinyboard extends Twig\Extension\AbstractExtension
 	}
 }
 
-function twig_timezone_function() {
-	return 'Z';
-}
-
 function twig_push_filter($array, $value) {
 	array_push($array, $value);
 	return $array;
 }
 
 function twig_date_filter($date, $format) {
-	return gmstrftime($format, $date);
+	$date = new DateTime($date, new DateTimeZone('UTC'));
+	return $date->format($format);
 }
 
 function twig_hasPermission_filter($mod, $permission, $board = null) {
diff --git a/templates/post/time.html b/templates/post/time.html
index e6273f94..518a34b6 100644
--- a/templates/post/time.html
+++ b/templates/post/time.html
@@ -1 +1 @@
- <time datetime="{{ post.time|date('%Y-%m-%dT%H:%M:%S') }}{{ timezone() }}">{{ post.time|date(config.post_date) }}</time>
+ <time datetime="{{ post.time|date('Y-m-d\\TH:i:s\Z') }}">{{ post.time|date(config.post_date) }}</time>
diff --git a/templates/themes/basic/index.html b/templates/themes/basic/index.html
index 98cd0e39..02bc4387 100644
--- a/templates/themes/basic/index.html
+++ b/templates/themes/basic/index.html
@@ -29,7 +29,7 @@
 					{% else %}
 						<em>no subject</em>
 					{% endif %}
-					<span class="unimportant"> &mdash; by {{ entry.name }} at {{ entry.time|date(config.post_date, config.timezone) }}</span>
+					<span class="unimportant"> &mdash; by {{ entry.name }} at {{ entry.time|date(config.post_date) }}</span>
 				</h2>
 				<p>{{ entry.body }}</p>
 			{% endfor %}
diff --git a/templates/themes/catalog/catalog.html b/templates/themes/catalog/catalog.html
index de7d1461..fefaec54 100644
--- a/templates/themes/catalog/catalog.html
+++ b/templates/themes/catalog/catalog.html
@@ -51,7 +51,7 @@
 						{% else %}
 							<img src="{{post.file}}"
 						{% endif %}
-						 id="img-{{ post.id }}" data-subject="{% if post.subject %}{{ post.subject|e }}{% endif %}" data-name="{{ post.name|e }}" data-muhdifference="{{ post.muhdifference }}" class="{{post.board}} thread-image" title="{{post.bump|date('%b %d %H:%M')}}">
+						 id="img-{{ post.id }}" data-subject="{% if post.subject %}{{ post.subject|e }}{% endif %}" data-name="{{ post.name|e }}" data-muhdifference="{{ post.muhdifference }}" class="{{post.board}} thread-image" title="{{post.bump|date('M d H:i')}}">
 					</a>
 						<div class="replies">
 							<strong>R: {{ post.reply_count }} / I: {{ post.image_count }}{% if post.sticky %} (sticky){% endif %}</strong>
diff --git a/templates/themes/sitemap/sitemap.xml b/templates/themes/sitemap/sitemap.xml
index 30033239..8c4a9fa2 100644
--- a/templates/themes/sitemap/sitemap.xml
+++ b/templates/themes/sitemap/sitemap.xml
@@ -10,7 +10,7 @@
 		{% for thread in thread_list %}
 			<url>
 				<loc>{{ settings.url ~ (config.board_path | format(board)) ~ config.dir.res ~ link_for(thread) }}</loc>
-				<lastmod>{{ thread.lastmod | date('%Y-%m-%dT%H:%M:%S') }}{{ timezone() }}</lastmod>
+				<lastmod>{{ thread.lastmod | date('Y-m-d\\TH:i:s\Z') }}</lastmod>
 				<changefreq>{{ settings.changefreq }}</changefreq>
 			</url>
 		{% endfor %}

From 99133c90fab934835d894eda007ae1a0d1727dc0 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 17:38:12 +0200
Subject: [PATCH 015/336] config.php: fix date time diplay documentation

---
 inc/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/config.php b/inc/config.php
index dae61ce6..6014759a 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -976,7 +976,7 @@
 
 	// Timezone to use for displaying dates/times.
 	$config['timezone'] = 'America/Los_Angeles';
-	// The format string passed to date_format() for displaying dates. ISO 8601-like by default.
+	// The format string passed to DateTime::format() for displaying dates. ISO 8601-like by default.
 	// https://www.php.net/manual/en/datetime.format.php
 	$config['post_date'] = 'd-m-Y (D) H:i:s';
 	// Same as above, but used for "you are banned' pages.

From 429ae8e352a42b90c9db4a33ad7eba70a825b40a Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Wed, 3 Apr 2024 12:15:06 -0700
Subject: [PATCH 016/336] Revert "Remove check-updates functionality"

---
 inc/config.php    |  5 +++++
 inc/mod/pages.php | 54 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)

diff --git a/inc/config.php b/inc/config.php
index c42328fa..0cece593 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -36,6 +36,11 @@
 	// $config['global_message'] = 'This is an important announcement!';
 	$config['blotter'] = &$config['global_message'];
 
+	// Automatically check if a newer version of vichan is available when an administrator logs in.
+	$config['check_updates'] = false;
+	// How often to check for updates
+	$config['check_updates_time'] = 43200; // 12 hours
+
 	// Shows some extra information at the bottom of pages. Good for development/debugging.
 	$config['debug'] = false;
 	// For development purposes. Displays (and "dies" on) all errors and warnings. Turn on with the above.
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 16072b9d..1e803424 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -107,6 +107,60 @@ function mod_dashboard() {
 	$query = query('SELECT COUNT(*) FROM ``ban_appeals``') or error(db_error($query));
 	$args['appeals'] = $query->fetchColumn();
 
+	if ($mod['type'] >= ADMIN && $config['check_updates']) {
+		if (!$config['version'])
+			error(_('Could not find current version! (Check .installed)'));
+
+		if (isset($_COOKIE['update'])) {
+			$latest = unserialize($_COOKIE['update']);
+		} else {
+			$ctx = stream_context_create(array('http' => array('timeout' => 5)));
+			if ($code = @file_get_contents('http://engine.vichan.info/version.txt', 0, $ctx)) {
+				$ver = strtok($code, "\n");
+
+				if (preg_match('@^// v(\d+)\.(\d+)\.(\d+)\s*?$@', $ver, $matches)) {
+					$latest = array(
+						'massive' => $matches[1],
+						'major' => $matches[2],
+						'minor' => $matches[3]
+					);
+					if (preg_match('/(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $matches)) {
+						$current = array(
+							'massive' => (int) $matches[1],
+							'major' => (int) $matches[2],
+							'minor' => (int) $matches[3]
+						);
+						if (isset($m[4])) {
+							// Development versions are always ahead in the versioning numbers
+							$current['minor'] --;
+						}
+						// Check if it's newer
+						if (!(	$latest['massive'] > $current['massive'] ||
+							$latest['major'] > $current['major'] ||
+								($latest['massive'] == $current['massive'] &&
+									$latest['major'] == $current['major'] &&
+									$latest['minor'] > $current['minor']
+								)))
+							$latest = false;
+					} else {
+						$latest = false;
+					}
+				} else {
+					// Couldn't get latest version
+					$latest = false;
+				}
+			} else {
+				// Couldn't get latest version
+				$latest = false;
+			}
+
+			setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+		}
+
+		if ($latest)
+			$args['newer_release'] = $latest;
+	}
+
 	$args['logout_token'] = make_secure_link_token('logout');
 
 	mod_page(_('Dashboard'), $config['file_mod_dashboard'], $args);

From 9072ce59926c2c7d12131af229a60231df7b1d14 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 19:51:41 +0200
Subject: [PATCH 017/336] post.php: strip metadata from png and webp image file
 types

---
 post.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/post.php b/post.php
index 2cc99071..4781b87a 100644
--- a/post.php
+++ b/post.php
@@ -1113,7 +1113,8 @@ if (isset($_POST['delete'])) {
 
 			$dont_copy_file = false;
 
-			if ($config['redraw_image'] || (!@$file['exif_stripped'] && $config['strip_exif'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg'))) {
+			$strippable_image_ext = $file['extension'] === 'jpg' || $file['extension'] === 'jpeg' || $file['extension'] === 'webp' || $file['extension'] == 'png';
+			if ($config['redraw_image'] || (!@$file['exif_stripped'] && $config['strip_exif'] && $strippable_image_ext)) {
 				if (!$config['redraw_image'] && $config['use_exiftool']) {
 					try {
 						$file['size'] = strip_image_metadata($file['tmp_name']);

From 2bb1b0b9d4557e12ee0484d8fdb7f3c0177ce156 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 21:24:10 +0200
Subject: [PATCH 018/336] post.php: remove double check

---
 post.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post.php b/post.php
index 4781b87a..bd7f798c 100644
--- a/post.php
+++ b/post.php
@@ -1052,7 +1052,7 @@ if (isset($_POST['delete'])) {
 			if ($config['convert_auto_orient'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) {
 				// The following code corrects the image orientation.
 				// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered.
-				if (!($config['redraw_image'] || (($config['strip_exif'] && !$config['use_exiftool']) && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')))) {
+				if (!($config['redraw_image'] || (($config['strip_exif'] && !$config['use_exiftool'])))) {
 					if (in_array($config['thumb_method'], array('convert', 'convert+gifsicle', 'gm', 'gm+gifsicle'))) {
 						$exif = @exif_read_data($file['tmp_name']);
 						$gm = in_array($config['thumb_method'], array('gm', 'gm+gifsicle'));

From 6ceee8261ef2802d5b0c50afe3b4b0a9760a25a8 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 21:34:51 +0200
Subject: [PATCH 019/336] post.php: strip and reorient png and webp images

---
 post.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/post.php b/post.php
index bd7f798c..05fb731e 100644
--- a/post.php
+++ b/post.php
@@ -1047,9 +1047,11 @@ if (isset($_POST['delete'])) {
 			if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
 				error($config['error']['maxsize']);
 			}
+			// If, on the basis of the file extension, the image file has metadata we can operate on.
+			$file_image_has_operable_metadata = $file['extension'] === 'jpg' || $file['extension'] === 'jpeg' || $file['extension'] === 'webp' || $file['extension'] == 'png';
 
 
-			if ($config['convert_auto_orient'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) {
+			if ($file_image_has_operable_metadata && $config['convert_auto_orient']) {
 				// The following code corrects the image orientation.
 				// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered.
 				if (!($config['redraw_image'] || (($config['strip_exif'] && !$config['use_exiftool'])))) {
@@ -1113,8 +1115,7 @@ if (isset($_POST['delete'])) {
 
 			$dont_copy_file = false;
 
-			$strippable_image_ext = $file['extension'] === 'jpg' || $file['extension'] === 'jpeg' || $file['extension'] === 'webp' || $file['extension'] == 'png';
-			if ($config['redraw_image'] || (!@$file['exif_stripped'] && $config['strip_exif'] && $strippable_image_ext)) {
+			if ($config['redraw_image'] || ($file_image_has_operable_metadata && !@$file['exif_stripped'] && $config['strip_exif'])) {
 				if (!$config['redraw_image'] && $config['use_exiftool']) {
 					try {
 						$file['size'] = strip_image_metadata($file['tmp_name']);

From eaacf2719965cc4609778dfe0f5ddb2b24e7eaf7 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 19:51:58 +0200
Subject: [PATCH 020/336] post.php: do not strip orientation metadata

---
 post.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post.php b/post.php
index 05fb731e..c6575992 100644
--- a/post.php
+++ b/post.php
@@ -173,7 +173,7 @@ function ocr_image(array $config, string $img_path): string {
  * @throws RuntimeException Throws on IO errors.
  */
 function strip_image_metadata(string $img_path): int {
-	$err = shell_exec_error('exiftool -overwrite_original -ignoreMinorErrors -q -q -all= ' . escapeshellarg($img_path));
+	$err = shell_exec_error('exiftool -overwrite_original -ignoreMinorErrors -q -q -all= -Orientation ' . escapeshellarg($img_path));
 	if ($err === false) {
 		throw new RuntimeException('Could not strip EXIF metadata!');
 	}

From 4d9d68b550091d64ef384b7389bbc1ee7df74ded Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 4 Apr 2024 11:07:15 +0200
Subject: [PATCH 021/336] Substitute deprecated php functions calls

---
 post.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/post.php b/post.php
index 387b1a97..f9c0b858 100644
--- a/post.php
+++ b/post.php
@@ -317,7 +317,7 @@ if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
 					$ret[] = ">>".$v['id'];
 				}
 			}
-			return implode($ret, ", ");
+			return implode(", ", $ret);
 		}
 	}, $content);
 
@@ -1036,7 +1036,7 @@ if (isset($_POST['delete'])) {
 		if ($file['is_an_image']) {
 			if ($config['ie_mime_type_detection'] !== false) {
 				// Check IE MIME type detection XSS exploit
-				$buffer = file_get_contents($upload, null, null, null, 255);
+				$buffer = file_get_contents($upload, false, null, 0, 255);
 				if (preg_match($config['ie_mime_type_detection'], $buffer)) {
 					undoImage($post);
 					error($config['error']['mime_exploit']);

From 28395d55e5d3e7a1c7b302a3a5d34459803db12d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 4 Feb 2024 12:42:21 +0100
Subject: [PATCH 022/336] Refactor the logging system

---
 inc/config.php            |  17 +++-
 inc/driver/log-driver.php | 189 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 204 insertions(+), 2 deletions(-)
 create mode 100644 inc/driver/log-driver.php

diff --git a/inc/config.php b/inc/config.php
index ffd1b544..c34eb034 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -65,8 +65,21 @@
 	// been generated. This keeps the script from querying the database and causing strain when not needed.
 	$config['has_installed'] = '.installed';
 
-	// Use syslog() for logging all error messages and unauthorized login attempts.
-	$config['syslog'] = false;
+	// Deprecated, use 'log_system'.
+	// $config['syslog'] = false;
+
+	$config['log_system'] = [];
+	// Log all error messages and unauthorized login attempts.
+	// Can be "syslog", "error_log" (default), "file", "stderr" or "none".
+	$config['log_system']['type'] = 'error_log';
+	// The application name used by the logging system. Defaults to "tinyboard" for backwards compatibility.
+	$config['log_system']['name'] = 'tinyboard';
+	// Only relevant if 'log_system' is set to "syslog". If true, double print the logs also in stderr.
+	// Defaults to false.
+	$config['log_system']['syslog_stderr'] = false;
+	// Only relevant if "log_system" is set to `file`. Sets the file that vichan will log to.
+	// Defaults to '/var/log/vichan.log'.
+	$config['log_system']['file_path'] = '/var/log/vichan.log';
 
 	// Use `host` via shell_exec() to lookup hostnames, avoiding query timeouts. May not work on your system.
 	// Requires safe_mode to be disabled.
diff --git a/inc/driver/log-driver.php b/inc/driver/log-driver.php
new file mode 100644
index 00000000..0026f009
--- /dev/null
+++ b/inc/driver/log-driver.php
@@ -0,0 +1,189 @@
+<?php // Logging
+namespace Vichan\Driver;
+
+use InvalidArgumentException;
+use RuntimeException;
+
+defined('TINYBOARD') or exit;
+
+
+class LogDrivers {
+	public static function levelToString(int $level): string {
+		switch ($level) {
+			case Log::EMERG:
+				return 'EMERG';
+			case Log::ERROR:
+				return 'ERROR';
+			case Log::WARNING:
+				return 'WARNING';
+			case Log::NOTICE:
+				return 'NOTICE';
+			case Log::INFO:
+				return 'INFO';
+			case Log::DEBUG:
+				return 'DEBUG';
+			default:
+				throw new InvalidArgumentException('Not a logging level');
+		}
+	}
+
+	/**
+	 * Log to syslog.
+	 */
+	public static function syslog(string $name, int $level, bool $print_stderr): Log {
+		$flags = LOG_ODELAY;
+		if ($print_stderr) {
+			$flags |= LOG_PERROR;
+		}
+
+		if (!openlog($name, $flags, LOG_USER)) {
+			throw new RuntimeException('Unable to open syslog');
+		}
+
+		return new class($level) implements Log {
+			private $level;
+
+			public function __construct(int $level) {
+				$this->level = $level;
+			}
+
+			public function log(int $level, string $message): void {
+				if ($level <= $this->level) {
+					if (isset($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) {
+						// CGI
+						syslog($level, "$message - client: {$_SERVER['REMOTE_ADDR']}, request: \"{$_SERVER['REQUEST_METHOD']} {$_SERVER['REQUEST_URI']}\"");
+					} else {
+						syslog($level, $message);
+					}
+				}
+			}
+		};
+	}
+
+	/**
+	 * Log via the php function error_log.
+	 */
+	public static function error_log(string $name, int $level): Log {
+		return new class($name, $level) implements Log {
+			private string $name;
+			private int $level;
+
+			public function __construct(string $name, int $level) {
+				$this->name = $name;
+				$this->level = $level;
+			}
+
+			public function log(int $level, string $message): void {
+				if ($level <= $this->level) {
+					$lv = LogDrivers::levelToString($level);
+					$line = "{$this->name} $lv: $message";
+					error_log($line, 0, null, null);
+				}
+			}
+		};
+	}
+
+	/**
+	 * Log to a file.
+	 */
+	public static function file(string $name, int $level, string $file_path): Log {
+		/*
+		 * error_log is slow as hell in it's 3rd mode, so use fopen + file locking instead.
+		 * https://grobmeier.solutions/performance-ofnonblocking-write-to-files-via-php-21082009.html
+		 *
+		 * Whatever file appending is atomic is contentious:
+		 *  - There are no POSIX guarantees: https://stackoverflow.com/a/7237901
+		 *  - But linus suggested they are on linux, on some filesystems: https://web.archive.org/web/20151201111541/http://article.gmane.org/gmane.linux.kernel/43445
+		 *  - But it doesn't seem to be always the case: https://www.notthewizard.com/2014/06/17/are-files-appends-really-atomic/
+		 *
+		 * So we just use file locking to be sure.
+		 */
+
+		$fd = fopen($file_path, 'a');
+		if ($fd === false) {
+			throw new RuntimeException("Unable to open log file at $file_path");
+		}
+
+		$logger = new class($name, $level, $fd) implements Log {
+			private string $name;
+			private int $level;
+			private mixed $fd;
+
+			public function __construct(string $name, int $level, mixed $fd) {
+				$this->name = $name;
+				$this->level = $level;
+				$this->fd = $fd;
+			}
+
+			public function log(int $level, string $message): void {
+				if ($level <= $this->level) {
+					$lv = LogDrivers::levelToString($level);
+					$line = "{$this->name} $lv: $message\n";
+					flock($this->fd, LOCK_EX);
+					fwrite($this->fd, $line);
+					flock($this->fd, LOCK_UN);
+				}
+			}
+
+			public function close() {
+				fclose($this->fd);
+			}
+		};
+
+		// Close the file on shutdown.
+		register_shutdown_function([$logger, 'close']);
+
+		return $logger;
+	}
+
+	/**
+	 * Log to php's standard error file stream.
+	 */
+	public static function stderr(string $name, int $level): Log {
+		return new class($name, $level) implements Log {
+			private $name;
+			private $level;
+
+			public function __construct(string $name, int $level) {
+				$this->name = $name;
+				$this->level = $level;
+			}
+
+			public function log(int $level, string $message): void {
+				if ($level <= $this->level) {
+					$lv = LogDrivers::levelToString($level);
+					fwrite(STDERR, "{$this->name} $lv: $message\n");
+				}
+			}
+		};
+	}
+
+	/**
+	 * No-op logging system.
+	 */
+	public static function none(): Log {
+		return new class() implements Log {
+			public function log($level, $message): void {
+				// No-op.
+			}
+		};
+	}
+}
+
+interface Log {
+	public const EMERG = LOG_EMERG;
+	public const ERROR = LOG_ERR;
+	public const WARNING = LOG_WARNING;
+	public const NOTICE = LOG_NOTICE;
+	public const INFO = LOG_INFO;
+	public const DEBUG = LOG_DEBUG;
+
+
+	/**
+	 * Log a message if the level of relevancy is at least the minimum.
+	 *
+	 * @param int $level Message level. Use Log interface constants.
+	 * @param string $message The message to log.
+	 */
+	public function log(int $level, string $message): void;
+}

From f05c290b67ed5a359a0e8170ac5177eddbb70ad9 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 4 Apr 2024 09:56:59 +0200
Subject: [PATCH 023/336] log-driver.php: autoload the logging dirver

---
 composer.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/composer.json b/composer.json
index e1951679..b06ff6a1 100644
--- a/composer.json
+++ b/composer.json
@@ -34,6 +34,7 @@
             "inc/queue.php",
             "inc/functions.php",
             "inc/driver/http-driver.php",
+            "inc/driver/log-driver.php",
             "inc/service/captcha-queries.php"
         ]
     },

From 55cb6bc400513ea5ca23ea0aac6cefa7c212f122 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 23:42:05 +0200
Subject: [PATCH 024/336] context.php: add log driver

---
 inc/context.php | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/inc/context.php b/inc/context.php
index 5e540bab..3e52b569 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -1,24 +1,53 @@
 <?php
 namespace Vichan;
 
-defined('TINYBOARD') or exit;
+use Vichan\Driver\{HttpDriver, HttpDrivers, Log, LogDrivers};
 
-use Vichan\Driver\{HttpDriver, HttpDrivers};
+defined('TINYBOARD') or exit;
 
 
 interface Context {
+	public function getLog(): Log;
 	public function getHttpDriver(): HttpDriver;
 }
 
 class AppContext implements Context {
 	private array $config;
+	private ?Log $log;
 	private ?HttpDriver $http;
 
 
+	private function initLogDriver(): Log {
+		$name = $this->config['log_system']['name'];
+		$level = $this->config['debug'] ? Log::DEBUG : Log::NOTICE;
+		$backend = $this->config['log_system']['type'];
+
+		// Check 'syslog' for backwards compatibility.
+		if ((isset($this->config['syslog']) && $this->config['syslog']) || $backend === 'syslog') {
+			return LogDrivers::syslog($name, $level, $this->config['log_system']['syslog_stderr']);
+		} elseif ($backend === 'file') {
+			return LogDrivers::file($name, $level, $this->config['log_system']['file_path']);
+		} elseif ($backend === 'stderr') {
+			return LogDrivers::stderr($name, $level);
+		} elseif ($backend === 'none') {
+			return LogDrivers::none();
+		} else {
+			return LogDrivers::error_log($name, $level);
+		}
+	}
+
+
 	public function __construct(array $config) {
 		$this->config = $config;
 	}
 
+	public function getLog(): Log {
+		if (is_null($this->log)) {
+			$this->log = $this->initLogDriver();
+		}
+		return $this->log;
+	}
+
 	public function getHttpDriver(): HttpDriver {
 		if (is_null($this->http)) {
 			$this->http = HttpDrivers::getHttpDriver($this->config['upload_by_url_timeout'], $this->config['max_filesize']);

From 710f6aa6c2983dee3295e7586b19782c7f2fa88c Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 3 Apr 2024 23:51:02 +0200
Subject: [PATCH 025/336] post.php: use logger

---
 post.php | 54 +++++++++++++++++++++++-------------------------------
 1 file changed, 23 insertions(+), 31 deletions(-)

diff --git a/post.php b/post.php
index 387b1a97..487cf2dc 100644
--- a/post.php
+++ b/post.php
@@ -7,6 +7,7 @@ require_once 'inc/bootstrap.php';
 
 use Vichan\AppContext;
 use Vichan\Driver\HttpDriver;
+use Vichan\Driver\Log;
 use Vichan\Service\{RemoteCaptchaQuery, NativeCaptchaQuery};
 
 /**
@@ -250,7 +251,7 @@ if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
 		$content = file_get_contents("php://input");
 	}
 	elseif ($ct == 'multipart/mixed' || $ct == 'multipart/form-data') {
-		_syslog(LOG_INFO, "MM: Files: ".print_r($GLOBALS, true)); // Debug
+		$context->getLog()->log(Log::DEBUG, 'MM: Files: ' . print_r($GLOBALS, true));
 
 		$content = '';
 
@@ -415,8 +416,9 @@ if (isset($_POST['delete'])) {
 				modLog("User at $ip deleted their own post #$id");
 			}
 
-			_syslog(LOG_INFO, 'Deleted post: ' .
-				'/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
+			$context->getLog()->log(
+				Log::INFO,
+				'Deleted post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
 			);
 		}
 	}
@@ -491,9 +493,7 @@ if (isset($_POST['delete'])) {
 				error($config['error']['captcha']);
 			}
 		} catch (RuntimeException $e) {
-			if ($config['syslog']) {
-				_syslog(LOG_ERR, "Native captcha IO exception: {$e->getMessage()}");
-			}
+			$context->getLog()->log(Log::ERROR, "Native captcha IO exception: {$e->getMessage()}");
 			error($config['error']['local_io_error']);
 		}
 	}
@@ -512,9 +512,7 @@ if (isset($_POST['delete'])) {
 
 		$post = $query->fetch(PDO::FETCH_ASSOC);
 		if ($post === false) {
-			if ($config['syslog']) {
-				_syslog(LOG_INFO, "Failed to report non-existing post #{$id} in {$board['dir']}");
-			}
+			$context->getLog()->log(Log::INFO, "Failed to report non-existing post #{$id} in {$board['dir']}");
 			error($config['error']['nopost']);
 		}
 
@@ -523,11 +521,12 @@ if (isset($_POST['delete'])) {
 			error($error);
 		}
 
-		if ($config['syslog'])
-			_syslog(LOG_INFO, 'Reported post: ' .
-				'/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '') .
-				' for "' . $reason . '"'
-			);
+		$context->getLog()->log(
+			Log::INFO,
+			'Reported post: /'
+				 . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
+				 . " for \"$reason\""
+		);
 		$query = prepare("INSERT INTO ``reports`` VALUES (NULL, :time, :ip, :board, :post, :reason)");
 		$query->bindValue(':time', time(), PDO::PARAM_INT);
 		$query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
@@ -637,14 +636,10 @@ if (isset($_POST['delete'])) {
 				}
 			}
 		} catch (RuntimeException $e) {
-			if ($config['syslog']) {
-				_syslog(LOG_ERR, "Captcha IO exception: {$e->getMessage()}");
-			}
+			$context->getLog()->log(Log::ERROR, "Captcha IO exception: {$e->getMessage()}");
 			error($config['error']['remote_io_error']);
 		} catch (JsonException $e) {
-			if ($config['syslog']) {
-				_syslog(LOG_ERR, "Bad JSON reply to captcha: {$e->getMessage()}");
-			}
+			$context->getLog()->log(Log::ERROR, "Bad JSON reply to captcha: {$e->getMessage()}");
 			error($config['error']['remote_io_error']);
 		}
 
@@ -1128,11 +1123,9 @@ if (isset($_POST['delete'])) {
 					try {
 						$file['size'] = strip_image_metadata($file['tmp_name']);
 					} catch (RuntimeException $e) {
-						if ($config['syslog']) {
-							_syslog(LOG_ERR, "Could not strip image metadata: {$e->getMessage()}");
-							// Since EXIF metadata can countain sensible info, fail the request.
-							error(_('Could not strip EXIF metadata!'), null, $error);
-						}
+						$context->getLog()->log(Log::ERROR, "Could not strip image metadata: {$e->getMessage()}");
+						// Since EXIF metadata can countain sensible info, fail the request.
+						error(_('Could not strip EXIF metadata!'), null, $error);
 					}
 				} else {
 					$image->to($file['file']);
@@ -1168,9 +1161,7 @@ if (isset($_POST['delete'])) {
 						$post['body_nomarkup'] .= "<tinyboard ocr image $key>" . htmlspecialchars($value) . "</tinyboard>";
 					}
 				} catch (RuntimeException $e) {
-					if ($config['syslog']) {
-						_syslog(LOG_ERR, "Could not OCR image: {$e->getMessage()}");
-					}
+					$context->getLog()->log(Log::ERROR, "Could not OCR image: {$e->getMessage()}");
 				}
 			}
 		}
@@ -1360,9 +1351,10 @@ if (isset($_POST['delete'])) {
 
 	buildThread($post['op'] ? $id : $post['thread']);
 
-	if ($config['syslog'])
-		_syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] .
-			link_for($post) . (!$post['op'] ? '#' . $id : ''));
+	$context->getLog()->log(
+		Log::INFO,
+		'New post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . (!$post['op'] ? '#' . $id : '')
+	);
 
 	if (!$post['mod']) header('X-Associated-Content: "' . $redirect . '"');
 

From fc716fd0a8d4f104d62e2b959bc28569c8f6542f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 19:51:37 +0200
Subject: [PATCH 026/336] install.php: better SQL error reporting

---
 install.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/install.php b/install.php
index c174771b..e72d7117 100644
--- a/install.php
+++ b/install.php
@@ -988,12 +988,16 @@ if ($step == 0) {
 	$queries[] = Element('posts.sql', array('board' => 'b'));
 
 	$sql_errors = '';
+	$sql_err_count = 0;
 	foreach ($queries as $query) {
 		if ($mysql_version < 50503)
 			$query = preg_replace('/(CHARSET=|CHARACTER SET )utf8mb4/', '$1utf8', $query);
 		$query = preg_replace('/^([\w\s]*)`([0-9a-zA-Z$_\x{0080}-\x{FFFF}]+)`/u', '$1``$2``', $query);
-		if (!query($query))
-			$sql_errors .= '<li>' . db_error() . '</li>';
+		if (!query($query)) {
+			$sql_err_count++;
+			$error = db_error();
+			$sql_errors .= "<li>$sql_err_count<ul><li>$query</li><li>$error</li></ul></li>";
+		}
 	}
 
 	$page['title'] = 'Installation complete';

From f93dd1fae5c31a6dc793a2a2e540222dae2369f2 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 9 Apr 2024 11:20:04 +0200
Subject: [PATCH 027/336] Context: extract dependency building from the
 container

---
 inc/context.php | 37 ++++++++++++++++++++++++++-----------
 post.php        |  7 +++----
 2 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/inc/context.php b/inc/context.php
index 3e52b569..46dd5061 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -6,18 +6,20 @@ use Vichan\Driver\{HttpDriver, HttpDrivers, Log, LogDrivers};
 defined('TINYBOARD') or exit;
 
 
-interface Context {
-	public function getLog(): Log;
-	public function getHttpDriver(): HttpDriver;
+interface DependencyFactory {
+	public function buildLogDriver(): Log;
+	public function buildHttpDriver(): HttpDriver;
 }
 
-class AppContext implements Context {
+class WebDependencyFactory implements DependencyFactory {
 	private array $config;
-	private ?Log $log;
-	private ?HttpDriver $http;
 
 
-	private function initLogDriver(): Log {
+	public function __construct(array $config) {
+		$this->config = $config;
+	}
+
+	public function buildLogDriver(): Log {
 		$name = $this->config['log_system']['name'];
 		$level = $this->config['debug'] ? Log::DEBUG : Log::NOTICE;
 		$backend = $this->config['log_system']['type'];
@@ -36,21 +38,34 @@ class AppContext implements Context {
 		}
 	}
 
+	public function buildHttpDriver(): HttpDriver {
+		return HttpDrivers::getHttpDriver(
+			$this->config['upload_by_url_timeout'],
+			$this->config['max_filesize']
+		);
+	}
+}
 
-	public function __construct(array $config) {
-		$this->config = $config;
+class Context {
+	private DependencyFactory $factory;
+	private ?Log $log;
+	private ?HttpDriver $http;
+
+
+	public function __construct(DependencyFactory $factory) {
+		$this->factory = $factory;
 	}
 
 	public function getLog(): Log {
 		if (is_null($this->log)) {
-			$this->log = $this->initLogDriver();
+			$this->log = $this->factory->buildLogDriver();
 		}
 		return $this->log;
 	}
 
 	public function getHttpDriver(): HttpDriver {
 		if (is_null($this->http)) {
-			$this->http = HttpDrivers::getHttpDriver($this->config['upload_by_url_timeout'], $this->config['max_filesize']);
+			$this->http = $this->factory->buildHttpDriver();
 		}
 		return $this->http;
 	}
diff --git a/post.php b/post.php
index 923828c0..4b28a908 100644
--- a/post.php
+++ b/post.php
@@ -5,9 +5,8 @@
 
 require_once 'inc/bootstrap.php';
 
-use Vichan\AppContext;
-use Vichan\Driver\HttpDriver;
-use Vichan\Driver\Log;
+use Vichan\{Context, WebDependencyFactory};
+use Vichan\Driver\{HttpDriver, Log};
 use Vichan\Service\{RemoteCaptchaQuery, NativeCaptchaQuery};
 
 /**
@@ -172,7 +171,7 @@ function strip_image_metadata(string $img_path): int {
  */
 
 $dropped_post = false;
-$context = new AppContext($config);
+$context = new Context(new WebDependencyFactory($config));
 
 // Is it a post coming from NNTP? Let's extract it and pretend it's a normal post.
 if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {

From a83bcf14a4704566960f64e600014b7e869aa3a1 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 9 Apr 2024 11:43:46 +0200
Subject: [PATCH 028/336] Context: simplify lazy initialization

---
 inc/context.php | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/inc/context.php b/inc/context.php
index 46dd5061..98e30d6d 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -52,21 +52,22 @@ class Context {
 	private ?HttpDriver $http;
 
 
+	private function lazyGet(mixed &$field_ref, string $dependency_name): mixed {
+		if (is_null($field_ref)) {
+			$field_ref = [$this->factory, "build{$dependency_name}"]();
+		}
+		return $field_ref;
+	}
+
 	public function __construct(DependencyFactory $factory) {
 		$this->factory = $factory;
 	}
 
 	public function getLog(): Log {
-		if (is_null($this->log)) {
-			$this->log = $this->factory->buildLogDriver();
-		}
-		return $this->log;
+		return $this->lazyGet($this->log, 'logDriver');
 	}
 
 	public function getHttpDriver(): HttpDriver {
-		if (is_null($this->http)) {
-			$this->http = $this->factory->buildHttpDriver();
-		}
-		return $this->http;
+		return $this->lazyGet($this->http, 'httpDriver');
 	}
 }

From 8389c399bd421be954416f9c5bd519cc15b278e1 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 10 Apr 2024 17:29:25 +0200
Subject: [PATCH 029/336] Context: shorter lazy initialization

---
 inc/context.php | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/inc/context.php b/inc/context.php
index 98e30d6d..bb261047 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -52,22 +52,15 @@ class Context {
 	private ?HttpDriver $http;
 
 
-	private function lazyGet(mixed &$field_ref, string $dependency_name): mixed {
-		if (is_null($field_ref)) {
-			$field_ref = [$this->factory, "build{$dependency_name}"]();
-		}
-		return $field_ref;
-	}
-
 	public function __construct(DependencyFactory $factory) {
 		$this->factory = $factory;
 	}
 
 	public function getLog(): Log {
-		return $this->lazyGet($this->log, 'logDriver');
+		return $this->log ??= $this->factory->buildLogDriver();
 	}
 
 	public function getHttpDriver(): HttpDriver {
-		return $this->lazyGet($this->http, 'httpDriver');
+		return $this->http ??= $this->factory->buildHttpDriver();
 	}
 }

From 3a769b437f58b53d87e0495b4a5f8f46b32ce15c Mon Sep 17 00:00:00 2001
From: Barbara Pitt <cyberleftagitprop@gmail.com>
Date: Sun, 27 Dec 2020 17:15:12 -0600
Subject: [PATCH 030/336] adding docker items

---
 Dockerfile         | 22 ++++++++++++++++++++++
 docker-compose.yml | 45 +++++++++++++++++++++++++++++++++++++++++++++
 site.conf          | 16 ++++++++++++++++
 3 files changed, 83 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 docker-compose.yml
 create mode 100644 site.conf

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..c568280f
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,22 @@
+FROM php:5.6-fpm
+RUN docker-php-ext-install pdo pdo_mysql
+RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev
+RUN docker-php-ext-install mbstring
+RUN apt-get update -y && apt-get install -y libmcrypt-dev
+RUN docker-php-ext-install -j$(nproc) mcrypt
+RUN docker-php-ext-install iconv
+RUN apt-get update -y && apt-get install -y imagemagick
+RUN apt-get update -y && apt-get install -y graphicsmagick
+RUN apt-get update -y && apt-get install -y gifsicle
+RUN docker-php-ext-configure gd \
+        --with-png-dir=/usr \
+        --with-jpeg-dir=/usr
+RUN docker-php-ext-install gd
+RUN apt-get update -y \
+  && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev \
+  && pecl install memcached-2.2.0 \
+  && echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \
+  && apt-get remove -y build-essential libmemcached-dev libz-dev \
+  && apt-get autoremove -y \
+  && apt-get clean \
+  && rm -rf /tmp/pear
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 00000000..3d61f915
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,45 @@
+services:
+  #nginx webserver + php 5.6
+  web:
+      image: nginx:1.19.6-alpine
+      ports:
+        - "8080:80"
+      depends_on:
+        - db
+      volumes:
+          - ./:/code
+          - ./site.conf:/etc/nginx/conf.d/default.conf
+      networks:
+        leftchan_net:
+          ipv4_address: 172.20.0.3
+      links:
+          - php
+  php:
+      build: .
+      volumes:
+          - ./:/code
+      networks:
+        leftchan_net:
+          ipv4_address: 172.20.0.4
+  #MySQL Service
+  db:
+    image: mysql:5.6.50
+    container_name: db
+    restart: unless-stopped
+    tty: true
+    ports:
+      - "3306:3306"
+    environment:
+      MYSQL_DATABASE: lainchan
+      MYSQL_ROOT_PASSWORD: M9q5lO0RxJVh
+    networks:
+        leftchan_net:
+            ipv4_address: 172.20.0.2
+
+#Docker Networks
+networks:
+    leftchan_net:
+        ipam:
+            driver: default
+            config:
+                - subnet: 172.20.0.0/16
\ No newline at end of file
diff --git a/site.conf b/site.conf
new file mode 100644
index 00000000..80bc50fb
--- /dev/null
+++ b/site.conf
@@ -0,0 +1,16 @@
+server {
+    index index.php index.html;
+    error_log  /var/log/nginx/error.log;
+    access_log /var/log/nginx/access.log;
+    root /code;
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass php:9000;
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+    }
+}
\ No newline at end of file

From 90235b2bab1a9e438034b8391c786726e50af4a6 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 13:22:53 +0200
Subject: [PATCH 031/336] docker: remove unused configuration

---
 site.conf | 16 ----------------
 1 file changed, 16 deletions(-)
 delete mode 100644 site.conf

diff --git a/site.conf b/site.conf
deleted file mode 100644
index 80bc50fb..00000000
--- a/site.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-server {
-    index index.php index.html;
-    error_log  /var/log/nginx/error.log;
-    access_log /var/log/nginx/access.log;
-    root /code;
-
-    location ~ \.php$ {
-        try_files $uri =404;
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass php:9000;
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param PATH_INFO $fastcgi_path_info;
-    }
-}
\ No newline at end of file

From 5ca2d194b4f5923f03ca0620ec89294f70863f0d Mon Sep 17 00:00:00 2001
From: zeke <sfpj5l17y@mozmail.com>
Date: Wed, 17 Jan 2024 11:06:22 -0800
Subject: [PATCH 032/336] Update dependencies for Docker image

---
 Dockerfile         | 25 ++++++++++++++++---------
 docker-compose.yml |  6 +++---
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c568280f..4e76f72e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,22 +1,29 @@
-FROM php:5.6-fpm
+FROM php:8.1.8-fpm
+
+COPY . /code
+
 RUN docker-php-ext-install pdo pdo_mysql
-RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev
+RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev libonig-dev
 RUN docker-php-ext-install mbstring
 RUN apt-get update -y && apt-get install -y libmcrypt-dev
-RUN docker-php-ext-install -j$(nproc) mcrypt
+# RUN docker-php-ext-install -j$(nproc) mcrypt
 RUN docker-php-ext-install iconv
 RUN apt-get update -y && apt-get install -y imagemagick
 RUN apt-get update -y && apt-get install -y graphicsmagick
 RUN apt-get update -y && apt-get install -y gifsicle
-RUN docker-php-ext-configure gd \
-        --with-png-dir=/usr \
-        --with-jpeg-dir=/usr
+# RUN docker-php-ext-configure gd
+#         --with-jpeg=/usr/include
+#         --with-png-dir=/usr \
 RUN docker-php-ext-install gd
 RUN apt-get update -y \
-  && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev \
-  && pecl install memcached-2.2.0 \
+  && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev git \
+  && pecl install memcached \
   && echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \
   && apt-get remove -y build-essential libmemcached-dev libz-dev \
   && apt-get autoremove -y \
   && apt-get clean \
-  && rm -rf /tmp/pear
\ No newline at end of file
+  && rm -rf /tmp/pear \
+  && curl -sS https://getcomposer.org/installer -o composer-setup.php \
+  && php composer-setup.php --install-dir=/usr/local/bin --filename=composer \
+  && docker-php-ext-install bcmath \
+  && cd /code && composer install
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 3d61f915..0008c064 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
-  #nginx webserver + php 5.6
+  #nginx webserver + php 8.x
   web:
-      image: nginx:1.19.6-alpine
+      image: nginx:1.25.3-alpine
       ports:
         - "8080:80"
       depends_on:
@@ -23,7 +23,7 @@ services:
           ipv4_address: 172.20.0.4
   #MySQL Service
   db:
-    image: mysql:5.6.50
+    image: mysql:8.0.35
     container_name: db
     restart: unless-stopped
     tty: true

From fc63de4ed420cebf1d5f0bfb7862321f65ed27ed Mon Sep 17 00:00:00 2001
From: zeke <sfpj5l17y@mozmail.com>
Date: Thu, 1 Feb 2024 18:05:08 -0800
Subject: [PATCH 033/336] Use two Dockerfiles, move Docker stuff to /docker

---
 docker-compose.yml         | 16 ++++++---
 docker/common-setup.sh     | 32 ++++++++++++++++++
 docker/nginx/Dockerfile    |  8 +++++
 docker/nginx/leftypol.conf | 68 ++++++++++++++++++++++++++++++++++++++
 docker/nginx/nginx.conf    | 32 ++++++++++++++++++
 docker/nginx/proxy.conf    | 40 ++++++++++++++++++++++
 docker/php/Dockerfile      | 44 ++++++++++++++++++++++++
 docker/php/custom.ini      | 15 +++++++++
 docker/php/www.conf        | 10 ++++++
 9 files changed, 261 insertions(+), 4 deletions(-)
 create mode 100755 docker/common-setup.sh
 create mode 100644 docker/nginx/Dockerfile
 create mode 100644 docker/nginx/leftypol.conf
 create mode 100644 docker/nginx/nginx.conf
 create mode 100644 docker/nginx/proxy.conf
 create mode 100644 docker/php/Dockerfile
 create mode 100644 docker/php/custom.ini
 create mode 100644 docker/php/www.conf

diff --git a/docker-compose.yml b/docker-compose.yml
index 0008c064..98e93884 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,23 +1,31 @@
 services:
   #nginx webserver + php 8.x
   web:
-      image: nginx:1.25.3-alpine
+      build:
+        context: .
+        dockerfile: ./docker/nginx/Dockerfile
       ports:
         - "8080:80"
       depends_on:
         - db
       volumes:
           - ./:/code
-          - ./site.conf:/etc/nginx/conf.d/default.conf
+          - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf
+          - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
+          - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
       networks:
         leftchan_net:
           ipv4_address: 172.20.0.3
       links:
           - php
   php:
-      build: .
+      build:
+        context: .
+        dockerfile: ./docker/php/Dockerfile
       volumes:
           - ./:/code
+          - ./docker/php/custom.ini:/usr/local/etc/php/conf.d/custom.ini
+          - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       networks:
         leftchan_net:
           ipv4_address: 172.20.0.4
@@ -42,4 +50,4 @@ networks:
         ipam:
             driver: default
             config:
-                - subnet: 172.20.0.0/16
\ No newline at end of file
+                - subnet: 172.20.0.0/16
diff --git a/docker/common-setup.sh b/docker/common-setup.sh
new file mode 100755
index 00000000..c7ea147e
--- /dev/null
+++ b/docker/common-setup.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# not exactly elegant, but one container is Debian, the other is Alpine
+useradd -MU leftypol
+addgroup leftypol
+adduser -DHG leftypol leftypol
+
+set -eu
+
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol
+ln -s \
+   /code/banners/ \
+   /code/static/ \
+   /code/stylesheets/ \
+   /code/tools/ \
+   /code/walls/ \
+   /code/*.php \
+   /code/404.html \
+   /code/LICENSE.* \
+   /code/robots.txt \
+   /code/install.sql \
+   /var/www-leftypol/
+
+install -m 775 -o leftypol -g leftypol -d /var/www/js
+ln -s /code/js/* /var/www/js/
+
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache
+ln -s /code/templates/* /var/www-leftypol/templates/
+
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/inc
+ln -s /code/inc/* /var/www-leftypol/inc/
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
new file mode 100644
index 00000000..9c2392b2
--- /dev/null
+++ b/docker/nginx/Dockerfile
@@ -0,0 +1,8 @@
+FROM nginx:1.25.3-alpine
+
+COPY . /code
+RUN /code/docker/common-setup.sh
+
+
+CMD ["nginx", "-g", "daemon off;"]
+EXPOSE 80 443
\ No newline at end of file
diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf
new file mode 100644
index 00000000..a825fea7
--- /dev/null
+++ b/docker/nginx/leftypol.conf
@@ -0,0 +1,68 @@
+upstream php-upstream {
+    server php:9000;
+}
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server ipv6only=on;
+    server_name leftypol;
+    root /var/www-leftypol;
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.html index.php;
+
+    charset utf-8;
+
+    location ~ ^([^.\?]*[^\/])$ {
+       try_files                 $uri @addslash;
+    }
+
+    # Expire rules for static content
+    # Media: images, icons, video, audio, HTC
+    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
+    	expires 1M;
+    	access_log off;
+    	log_not_found off;
+    	add_header Cache-Control "public";
+    }
+    # CSS and Javascript
+    location ~* \.(?:css|js)$ {
+    	expires 1y;
+    	access_log off;
+    	log_not_found off;
+    	add_header Cache-Control "public";
+    }
+
+    location ~* \.(html)$ {
+        expires -1;
+    }
+
+    location @addslash {
+       return                    301 $uri/;
+    }
+
+    location / {
+         try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    client_max_body_size 2G;
+
+    location ~ \.php$ {
+        proxy_set_header X-Real-IP  $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Request-Id $x_request_id;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header Forwarded-Request-Id $x_request_id;
+        fastcgi_pass php-upstream;
+        fastcgi_index index.php;
+        fastcgi_buffers 16 16k;
+        fastcgi_buffer_size 32k;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_read_timeout 600;
+        include fastcgi_params;
+    }
+
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+}
\ No newline at end of file
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
new file mode 100644
index 00000000..447ab989
--- /dev/null
+++ b/docker/nginx/nginx.conf
@@ -0,0 +1,32 @@
+# This and proxy.conf are based on
+# https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf
+
+user  leftypol;
+worker_processes  4;
+
+error_log /dev/stdout warn;
+pid        /var/run/nginx.pid;
+events {
+    worker_connections  1024;
+}
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    #access_log  /var/log/nginx/access.log;
+    # Switch logging to console out to view via Docker
+    access_log /dev/stdout;
+    error_log /dev/stdout warn;
+    sendfile        on;
+    keepalive_timeout  5;
+
+    gzip              on;
+    gzip_http_version 1.0;
+    gzip_vary         on;
+    gzip_comp_level   6;
+    gzip_types        text/xml text/plain text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php;
+    gzip_disable      "MSIE [1-6]\.";
+
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-available/*.conf;
+}
\ No newline at end of file
diff --git a/docker/nginx/proxy.conf b/docker/nginx/proxy.conf
new file mode 100644
index 00000000..bc22ea34
--- /dev/null
+++ b/docker/nginx/proxy.conf
@@ -0,0 +1,40 @@
+proxy_cache_path  /var/cache/nginx levels=1:2 keys_zone=czone:4m max_size=50m inactive=120m;
+proxy_temp_path   /var/tmp/nginx;
+proxy_cache_key   "$scheme://$host$request_uri";
+
+
+map $http_forwarded_request_id $x_request_id {
+	""          $request_id;
+	default     $http_forwarded_request_id;
+}
+
+map $http_forwarded_forwarded_host $forwardedhost {
+	""          $host;
+	default     $http_forwarded_forwarded_host;
+}
+
+
+map $http_x_forwarded_proto $fcgi_https {
+	default "";
+	https on;
+}
+
+map $http_x_forwarded_proto $real_scheme {
+	default $scheme;
+	https https;
+}
+
+proxy_set_header  Host               $host;
+proxy_set_header  X-Real-IP          $remote_addr;
+proxy_set_header  X-Forwarded-Host   $host;
+proxy_set_header  X-Forwarded-Server $host;
+
+real_ip_header X-Forwarded-For;
+
+set_real_ip_from 10.0.0.0/8;
+set_real_ip_from 172.16.0.0/12;
+set_real_ip_from 172.18.0.0/12;
+set_real_ip_from 192.168.0.0/24;
+set_real_ip_from 127.0.0.0/8;
+
+real_ip_recursive on;
\ No newline at end of file
diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
new file mode 100644
index 00000000..2db11415
--- /dev/null
+++ b/docker/php/Dockerfile
@@ -0,0 +1,44 @@
+# Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile
+
+FROM composer AS composer
+FROM php:8.1-fpm-bullseye
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+COPY . /code
+
+RUN apt-get update && apt-get upgrade -y && apt-get install -y \
+      zlib1g-dev libicu-dev g++ \
+      libjpeg62-turbo-dev \
+      libzip-dev \
+      libpng-dev \
+      libwebp-dev \
+      libfreetype6-dev \
+      libxml2-dev \
+      git \
+      zip \
+      ffmpeg \
+      libonig-dev \
+      unzip \
+      libcurl4-openssl-dev \
+      libmagickwand-dev \
+      gifsicle \
+      graphicsmagick \
+      gettext \
+      imagemagick \
+      locales locales-all \
+      libmagickwand-dev \
+      libmcrypt-dev \
+    && docker-php-ext-configure gd \
+        --with-webp=/usr/include/webp \
+        --with-jpeg=/usr/include \
+        --with-freetype=/usr/include/freetype2/ \
+    && pecl install redis \
+    && pecl install imagick \
+    && pecl install -o -f igbinary \
+    && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
+    && docker-php-ext-enable igbinary redis imagick
+
+
+RUN /code/docker/common-setup.sh
+WORKDIR "/var/www-leftypol"
+CMD ["php-fpm"]
+EXPOSE 9000
\ No newline at end of file
diff --git a/docker/php/custom.ini b/docker/php/custom.ini
new file mode 100644
index 00000000..aacb2d72
--- /dev/null
+++ b/docker/php/custom.ini
@@ -0,0 +1,15 @@
+; based on https://github.com/dead-guru/devichan/blob/master/php-fpm/custom.ini
+
+memory_limit = 2G
+max_execution_time = 30
+upload_max_filesize = 2G
+post_max_size = 2G
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 5
+pm.min_spare_servers = 3
+pm.max_spare_servers = 10
+
+extension = igbinary.so
+extension = redis.so
+extension = imagick.so
\ No newline at end of file
diff --git a/docker/php/www.conf b/docker/php/www.conf
new file mode 100644
index 00000000..f6c4f00e
--- /dev/null
+++ b/docker/php/www.conf
@@ -0,0 +1,10 @@
+[www]
+user = leftypol
+group = leftypol
+listen = 127.0.0.1:9000
+pm = dynamic
+pm.max_children = 200
+pm.start_servers = 10
+pm.min_spare_servers = 1
+pm.max_spare_servers = 20
+pm.max_requests = 20000

From f3c7bad9cdb15a9acbd9be9b9d688891df77c8ee Mon Sep 17 00:00:00 2001
From: zeke <sfpj5l17y@mozmail.com>
Date: Sun, 4 Feb 2024 23:29:38 -0800
Subject: [PATCH 034/336] Remove extension lines (added by
 docker-php-ext-enable)

---
 docker/php/custom.ini | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/docker/php/custom.ini b/docker/php/custom.ini
index aacb2d72..527f44e7 100644
--- a/docker/php/custom.ini
+++ b/docker/php/custom.ini
@@ -9,7 +9,3 @@ pm.max_children = 20
 pm.start_servers = 5
 pm.min_spare_servers = 3
 pm.max_spare_servers = 10
-
-extension = igbinary.so
-extension = redis.so
-extension = imagick.so
\ No newline at end of file

From 03228eb87debf286ffd84dfbff7aa0ba4160ed5f Mon Sep 17 00:00:00 2001
From: zeke <sfpj5l17y@mozmail.com>
Date: Wed, 7 Feb 2024 10:47:36 -0800
Subject: [PATCH 035/336] Fix user and group creation for docker containers

---
 docker/common-setup.sh  | 5 -----
 docker/nginx/Dockerfile | 5 ++++-
 docker/php/Dockerfile   | 6 +++++-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/docker/common-setup.sh b/docker/common-setup.sh
index c7ea147e..e8a3f007 100755
--- a/docker/common-setup.sh
+++ b/docker/common-setup.sh
@@ -1,10 +1,5 @@
 #!/bin/sh
 
-# not exactly elegant, but one container is Debian, the other is Alpine
-useradd -MU leftypol
-addgroup leftypol
-adduser -DHG leftypol leftypol
-
 set -eu
 
 install -m 775 -o leftypol -g leftypol -d /var/www-leftypol
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
index 9c2392b2..e58381da 100644
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -1,7 +1,10 @@
 FROM nginx:1.25.3-alpine
 
 COPY . /code
-RUN /code/docker/common-setup.sh
+RUN addgroup --system leftypol \
+   && adduser --system leftypol \
+   && adduser leftypol leftypol \
+   && /code/docker/common-setup.sh
 
 
 CMD ["nginx", "-g", "daemon off;"]
diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index 2db11415..78e979d3 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -35,7 +35,11 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \
     && pecl install imagick \
     && pecl install -o -f igbinary \
     && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
-    && docker-php-ext-enable igbinary redis imagick
+    && docker-php-ext-enable igbinary redis imagick \
+    && useradd -MU leftypol \
+    && /code/docker/common-setup.sh \
+    && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \
+    && cd /var/www-leftypol && composer install
 
 
 RUN /code/docker/common-setup.sh

From 460aee0dad613d7b301ca26dd55a2e0e4017d244 Mon Sep 17 00:00:00 2001
From: zeke <sfpj5l17y@mozmail.com>
Date: Wed, 7 Feb 2024 12:03:05 -0800
Subject: [PATCH 036/336] Remove unused Dockerfile

---
 Dockerfile | 29 -----------------------------
 1 file changed, 29 deletions(-)
 delete mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 4e76f72e..00000000
--- a/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-FROM php:8.1.8-fpm
-
-COPY . /code
-
-RUN docker-php-ext-install pdo pdo_mysql
-RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev libonig-dev
-RUN docker-php-ext-install mbstring
-RUN apt-get update -y && apt-get install -y libmcrypt-dev
-# RUN docker-php-ext-install -j$(nproc) mcrypt
-RUN docker-php-ext-install iconv
-RUN apt-get update -y && apt-get install -y imagemagick
-RUN apt-get update -y && apt-get install -y graphicsmagick
-RUN apt-get update -y && apt-get install -y gifsicle
-# RUN docker-php-ext-configure gd
-#         --with-jpeg=/usr/include
-#         --with-png-dir=/usr \
-RUN docker-php-ext-install gd
-RUN apt-get update -y \
-  && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev git \
-  && pecl install memcached \
-  && echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \
-  && apt-get remove -y build-essential libmemcached-dev libz-dev \
-  && apt-get autoremove -y \
-  && apt-get clean \
-  && rm -rf /tmp/pear \
-  && curl -sS https://getcomposer.org/installer -o composer-setup.php \
-  && php composer-setup.php --install-dir=/usr/local/bin --filename=composer \
-  && docker-php-ext-install bcmath \
-  && cd /code && composer install
\ No newline at end of file

From 7ac0460b0a6e6d7dba66fd277c49a8fb44aee4a1 Mon Sep 17 00:00:00 2001
From: zeke <sfpj5l17y@mozmail.com>
Date: Fri, 9 Feb 2024 11:01:07 -0800
Subject: [PATCH 037/336] Apply suggested changes

---
 docker-compose.yml         |   1 -
 docker/nginx/leftypol.conf | 106 ++++++++++++++++++-------------------
 docker/nginx/nginx.conf    |  36 ++++++-------
 docker/php/custom.ini      |  11 ----
 docker/php/www.conf        |   9 ++--
 5 files changed, 74 insertions(+), 89 deletions(-)
 delete mode 100644 docker/php/custom.ini

diff --git a/docker-compose.yml b/docker-compose.yml
index 98e93884..9ae4f02f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,7 +24,6 @@ services:
         dockerfile: ./docker/php/Dockerfile
       volumes:
           - ./:/code
-          - ./docker/php/custom.ini:/usr/local/etc/php/conf.d/custom.ini
           - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       networks:
         leftchan_net:
diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf
index a825fea7..ad421a9f 100644
--- a/docker/nginx/leftypol.conf
+++ b/docker/nginx/leftypol.conf
@@ -1,68 +1,66 @@
 upstream php-upstream {
-    server php:9000;
+	server php:9000;
 }
 
 server {
-    listen 80 default_server;
-    listen [::]:80 default_server ipv6only=on;
-    server_name leftypol;
-    root /var/www-leftypol;
-    add_header X-Frame-Options "SAMEORIGIN";
-    add_header X-Content-Type-Options "nosniff";
+	listen 80 default_server;
+	listen [::]:80 default_server ipv6only=on;
+	server_name leftypol;
+	root /var/www-leftypol;
+	add_header X-Frame-Options "SAMEORIGIN";
+	add_header X-Content-Type-Options "nosniff";
 
-    index index.html index.php;
+	index index.html index.php;
 
-    charset utf-8;
+	charset utf-8;
 
-    location ~ ^([^.\?]*[^\/])$ {
-       try_files                 $uri @addslash;
-    }
+	location ~ ^([^.\?]*[^\/])$ {
+		try_files                 $uri @addslash;
+	}
 
-    # Expire rules for static content
-    # Media: images, icons, video, audio, HTC
-    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-    	expires 1M;
-    	access_log off;
-    	log_not_found off;
-    	add_header Cache-Control "public";
-    }
-    # CSS and Javascript
-    location ~* \.(?:css|js)$ {
-    	expires 1y;
-    	access_log off;
-    	log_not_found off;
-    	add_header Cache-Control "public";
-    }
+	# Expire rules for static content
+	# Media: images, icons, video, audio, HTC
+	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
+		expires 1M;
+		access_log off;
+		log_not_found off;
+		add_header Cache-Control "public";
+	}
+	# CSS and Javascript
+	location ~* \.(?:css|js)$ {
+		expires 1y;
+		access_log off;
+		log_not_found off;
+		add_header Cache-Control "public";
+	}
 
-    location ~* \.(html)$ {
-        expires -1;
-    }
+	location ~* \.(html)$ {
+		expires -1;
+	}
 
-    location @addslash {
-       return                    301 $uri/;
-    }
+	location @addslash {
+	   return                    301 $uri/;
+	}
 
-    location / {
-         try_files $uri $uri/ /index.php$is_args$args;
-    }
+	location / {
+		try_files $uri $uri/ /index.php$is_args$args;
+	}
 
-    client_max_body_size 2G;
+	client_max_body_size 2G;
 
-    location ~ \.php$ {
-        proxy_set_header X-Real-IP  $remote_addr;
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Request-Id $x_request_id;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header Forwarded-Request-Id $x_request_id;
-        fastcgi_pass php-upstream;
-        fastcgi_index index.php;
-        fastcgi_buffers 16 16k;
-        fastcgi_buffer_size 32k;
-        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
-        fastcgi_read_timeout 600;
-        include fastcgi_params;
-    }
+	location ~ \.php$ {
+		proxy_set_header X-Real-IP  $remote_addr;
+		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_set_header X-Request-Id $x_request_id;
+		proxy_set_header X-Forwarded-Host $host;
+		proxy_set_header Forwarded-Request-Id $x_request_id;
+		fastcgi_pass php-upstream;
+		fastcgi_index index.php;
+		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+		fastcgi_read_timeout 600;
+		include fastcgi_params;
+	}
 
-    location = /favicon.ico { access_log off; log_not_found off; }
-    location = /robots.txt  { access_log off; log_not_found off; }
-}
\ No newline at end of file
+	location = /favicon.ico { access_log off; log_not_found off; }
+	location = /robots.txt  { access_log off; log_not_found off; }
+}
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
index 447ab989..89ac1ffc 100644
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -2,31 +2,31 @@
 # https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf
 
 user  leftypol;
-worker_processes  4;
+worker_processes auto;
 
 error_log /dev/stdout warn;
 pid        /var/run/nginx.pid;
 events {
-    worker_connections  1024;
+	worker_connections  1024;
 }
 http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-    #access_log  /var/log/nginx/access.log;
-    # Switch logging to console out to view via Docker
-    access_log /dev/stdout;
-    error_log /dev/stdout warn;
-    sendfile        on;
-    keepalive_timeout  5;
+	include       /etc/nginx/mime.types;
+	default_type  application/octet-stream;
 
-    gzip              on;
-    gzip_http_version 1.0;
-    gzip_vary         on;
-    gzip_comp_level   6;
-    gzip_types        text/xml text/plain text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php;
-    gzip_disable      "MSIE [1-6]\.";
+	# Switch logging to console out to view via Docker
+	access_log /dev/stdout;
+	error_log /dev/stdout warn;
+	sendfile        on;
+	keepalive_timeout  5;
+
+	gzip              on;
+	gzip_http_version 1.0;
+	gzip_vary         on;
+	gzip_comp_level   6;
+	gzip_types        text/xml text/plain text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php;
+	gzip_disable      "MSIE [1-6]\.";
 
 
-    include /etc/nginx/conf.d/*.conf;
-    include /etc/nginx/sites-available/*.conf;
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-available/*.conf;
 }
\ No newline at end of file
diff --git a/docker/php/custom.ini b/docker/php/custom.ini
deleted file mode 100644
index 527f44e7..00000000
--- a/docker/php/custom.ini
+++ /dev/null
@@ -1,11 +0,0 @@
-; based on https://github.com/dead-guru/devichan/blob/master/php-fpm/custom.ini
-
-memory_limit = 2G
-max_execution_time = 30
-upload_max_filesize = 2G
-post_max_size = 2G
-pm = dynamic
-pm.max_children = 20
-pm.start_servers = 5
-pm.min_spare_servers = 3
-pm.max_spare_servers = 10
diff --git a/docker/php/www.conf b/docker/php/www.conf
index f6c4f00e..07fa7c28 100644
--- a/docker/php/www.conf
+++ b/docker/php/www.conf
@@ -2,9 +2,8 @@
 user = leftypol
 group = leftypol
 listen = 127.0.0.1:9000
-pm = dynamic
-pm.max_children = 200
-pm.start_servers = 10
+pm = static
+pm.max_children = 16
+pm.start_servers = 2
 pm.min_spare_servers = 1
-pm.max_spare_servers = 20
-pm.max_requests = 20000
+pm.max_spare_servers = 3

From 62f0e9894ca8db8d2ded225f9542ddbfd98481b9 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 11 Feb 2024 10:28:36 +0100
Subject: [PATCH 038/336] docker: trim PHP configuration

---
 docker/php/www.conf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docker/php/www.conf b/docker/php/www.conf
index 07fa7c28..6a7ac20e 100644
--- a/docker/php/www.conf
+++ b/docker/php/www.conf
@@ -4,6 +4,3 @@ group = leftypol
 listen = 127.0.0.1:9000
 pm = static
 pm.max_children = 16
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3

From 1d385ad6aa9c82e84dba58ef343677cf03a23f16 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 11 Feb 2024 11:00:29 +0100
Subject: [PATCH 039/336] docker: remove "meaningless" bits from nginx
 configuration

---
 docker/nginx/proxy.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/nginx/proxy.conf b/docker/nginx/proxy.conf
index bc22ea34..6830cd5f 100644
--- a/docker/nginx/proxy.conf
+++ b/docker/nginx/proxy.conf
@@ -33,7 +33,7 @@ real_ip_header X-Forwarded-For;
 
 set_real_ip_from 10.0.0.0/8;
 set_real_ip_from 172.16.0.0/12;
-set_real_ip_from 172.18.0.0/12;
+set_real_ip_from 172.18.0.0;
 set_real_ip_from 192.168.0.0/24;
 set_real_ip_from 127.0.0.0/8;
 

From cc8e4589069783f52cca90ed9543a59bc7dc3913 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 11 Feb 2024 15:45:55 +0100
Subject: [PATCH 040/336] docker: split up application and dependency layers

---
 docker/php/Dockerfile | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index 78e979d3..f70a05b9 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -2,8 +2,6 @@
 
 FROM composer AS composer
 FROM php:8.1-fpm-bullseye
-COPY --from=composer /usr/bin/composer /usr/bin/composer
-COPY . /code
 
 RUN apt-get update && apt-get upgrade -y && apt-get install -y \
       zlib1g-dev libicu-dev g++ \
@@ -36,8 +34,12 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \
     && pecl install -o -f igbinary \
     && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
     && docker-php-ext-enable igbinary redis imagick \
-    && useradd -MU leftypol \
-    && /code/docker/common-setup.sh \
+    && useradd -MU leftypol
+
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+COPY . /code
+
+RUN /code/docker/common-setup.sh \
     && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \
     && cd /var/www-leftypol && composer install
 
@@ -45,4 +47,4 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \
 RUN /code/docker/common-setup.sh
 WORKDIR "/var/www-leftypol"
 CMD ["php-fpm"]
-EXPOSE 9000
\ No newline at end of file
+EXPOSE 9000

From 482962844a63d47e551d68196942542787954abf Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 11 Feb 2024 16:04:57 +0100
Subject: [PATCH 041/336] docker: fix missing tmp directory

---
 docker/common-setup.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docker/common-setup.sh b/docker/common-setup.sh
index e8a3f007..649a3049 100755
--- a/docker/common-setup.sh
+++ b/docker/common-setup.sh
@@ -16,8 +16,12 @@ ln -s \
    /code/install.sql \
    /var/www-leftypol/
 
-install -m 775 -o leftypol -g leftypol -d /var/www/js
-ln -s /code/js/* /var/www/js/
+install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol
+install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol/cache
+ln -s /var/tmp/leftypol /var/www-leftypol/tmp
+
+install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/js
+ln -s /code/js/* /var/www-leftypol/js/
 
 install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates
 install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache

From d55961995cd5163eff7c51b7f4b862631f246a0c Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 31 Mar 2024 15:41:02 +0200
Subject: [PATCH 042/336] docker: change the work directory to /var/www

---
 docker/common-setup.sh     | 20 ++++++++++----------
 docker/nginx/leftypol.conf |  4 ++--
 docker/php/Dockerfile      |  9 ++++-----
 3 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/docker/common-setup.sh b/docker/common-setup.sh
index 649a3049..e8e8ed2e 100755
--- a/docker/common-setup.sh
+++ b/docker/common-setup.sh
@@ -2,7 +2,7 @@
 
 set -eu
 
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol
+install -m 775 -o leftypol -g leftypol -d /var/www
 ln -s \
    /code/banners/ \
    /code/static/ \
@@ -14,18 +14,18 @@ ln -s \
    /code/LICENSE.* \
    /code/robots.txt \
    /code/install.sql \
-   /var/www-leftypol/
+   /var/www/
 
 install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol
 install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol/cache
-ln -s /var/tmp/leftypol /var/www-leftypol/tmp
+ln -s /var/tmp/leftypol /var/www/tmp
 
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/js
-ln -s /code/js/* /var/www-leftypol/js/
+install -m 775 -o leftypol -g leftypol -d /var/www/js
+ln -s /code/js/* /var/www/js/
 
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache
-ln -s /code/templates/* /var/www-leftypol/templates/
+install -m 775 -o leftypol -g leftypol -d /var/www/templates
+install -m 775 -o leftypol -g leftypol -d /var/www/templates/cache
+ln -s /code/templates/* /var/www/templates/
 
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/inc
-ln -s /code/inc/* /var/www-leftypol/inc/
+install -m 775 -o leftypol -g leftypol -d /var/www/inc
+ln -s /code/inc/* /var/www/inc/
diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf
index ad421a9f..527873c5 100644
--- a/docker/nginx/leftypol.conf
+++ b/docker/nginx/leftypol.conf
@@ -6,7 +6,7 @@ server {
 	listen 80 default_server;
 	listen [::]:80 default_server ipv6only=on;
 	server_name leftypol;
-	root /var/www-leftypol;
+	root /var/www;
 	add_header X-Frame-Options "SAMEORIGIN";
 	add_header X-Content-Type-Options "nosniff";
 
@@ -56,7 +56,7 @@ server {
 		proxy_set_header Forwarded-Request-Id $x_request_id;
 		fastcgi_pass php-upstream;
 		fastcgi_index index.php;
-		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+		fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
 		fastcgi_read_timeout 600;
 		include fastcgi_params;
 	}
diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index f70a05b9..bbae84fd 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -40,11 +40,10 @@ COPY --from=composer /usr/bin/composer /usr/bin/composer
 COPY . /code
 
 RUN /code/docker/common-setup.sh \
-    && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \
-    && cd /var/www-leftypol && composer install
+    && ln -s /code/composer.json /code/composer.lock /var/www/ \
+    && cd /var/www && composer install
 
-
-RUN /code/docker/common-setup.sh
-WORKDIR "/var/www-leftypol"
+# RUN /code/docker/common-setup.sh php
+WORKDIR "/var/www"
 CMD ["php-fpm"]
 EXPOSE 9000

From 7979404c1b85c0462b16fb147ab9a49b608a5790 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 31 Mar 2024 15:49:09 +0200
Subject: [PATCH 043/336] docker: change user to www-data

---
 docker/common-setup.sh  | 14 +++++++-------
 docker/nginx/Dockerfile | 11 +++++------
 docker/nginx/nginx.conf |  6 ++++--
 docker/php/Dockerfile   |  6 ++----
 docker/php/www.conf     |  4 ++--
 5 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/docker/common-setup.sh b/docker/common-setup.sh
index e8e8ed2e..3530c97c 100755
--- a/docker/common-setup.sh
+++ b/docker/common-setup.sh
@@ -2,7 +2,7 @@
 
 set -eu
 
-install -m 775 -o leftypol -g leftypol -d /var/www
+install -m 775 -o www-data -g www-data -d /var/www
 ln -s \
    /code/banners/ \
    /code/static/ \
@@ -16,16 +16,16 @@ ln -s \
    /code/install.sql \
    /var/www/
 
-install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol
-install -m 775 -o leftypol -g leftypol -d /var/tmp/leftypol/cache
+install -m 775 -o www-data -g www-data -d /var/tmp/leftypol
+install -m 775 -o www-data -g www-data -d /var/tmp/leftypol/cache
 ln -s /var/tmp/leftypol /var/www/tmp
 
-install -m 775 -o leftypol -g leftypol -d /var/www/js
+install -m 775 -o www-data -g www-data -d /var/www/js
 ln -s /code/js/* /var/www/js/
 
-install -m 775 -o leftypol -g leftypol -d /var/www/templates
-install -m 775 -o leftypol -g leftypol -d /var/www/templates/cache
+install -m 775 -o www-data -g www-data -d /var/www/templates
+install -m 775 -o www-data -g www-data -d /var/www/templates/cache
 ln -s /code/templates/* /var/www/templates/
 
-install -m 775 -o leftypol -g leftypol -d /var/www/inc
+install -m 775 -o www-data -g www-data -d /var/www/inc
 ln -s /code/inc/* /var/www/inc/
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
index e58381da..5fa002d3 100644
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -1,11 +1,10 @@
 FROM nginx:1.25.3-alpine
 
 COPY . /code
-RUN addgroup --system leftypol \
-   && adduser --system leftypol \
-   && adduser leftypol leftypol \
-   && /code/docker/common-setup.sh
+RUN adduser --system www-data \
+  && adduser www-data www-data \
+  && /code/docker/common-setup.sh
 
 
-CMD ["nginx", "-g", "daemon off;"]
-EXPOSE 80 443
\ No newline at end of file
+CMD [ "nginx", "-g", "daemon off;" ]
+EXPOSE 80
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
index 89ac1ffc..7c6b6587 100644
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -1,14 +1,16 @@
 # This and proxy.conf are based on
 # https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf
 
-user  leftypol;
+user www-data;
 worker_processes auto;
 
 error_log /dev/stdout warn;
-pid        /var/run/nginx.pid;
+pid       /var/run/nginx.pid;
+
 events {
 	worker_connections  1024;
 }
+
 http {
 	include       /etc/nginx/mime.types;
 	default_type  application/octet-stream;
diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index bbae84fd..962ef695 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -33,8 +33,7 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \
     && pecl install imagick \
     && pecl install -o -f igbinary \
     && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
-    && docker-php-ext-enable igbinary redis imagick \
-    && useradd -MU leftypol
+    && docker-php-ext-enable igbinary redis imagick
 
 COPY --from=composer /usr/bin/composer /usr/bin/composer
 COPY . /code
@@ -43,7 +42,6 @@ RUN /code/docker/common-setup.sh \
     && ln -s /code/composer.json /code/composer.lock /var/www/ \
     && cd /var/www && composer install
 
-# RUN /code/docker/common-setup.sh php
 WORKDIR "/var/www"
-CMD ["php-fpm"]
+CMD [ "php-fpm" ]
 EXPOSE 9000
diff --git a/docker/php/www.conf b/docker/php/www.conf
index 6a7ac20e..0f53aebf 100644
--- a/docker/php/www.conf
+++ b/docker/php/www.conf
@@ -1,6 +1,6 @@
 [www]
-user = leftypol
-group = leftypol
+user = www-data
+group = www-data
 listen = 127.0.0.1:9000
 pm = static
 pm.max_children = 16

From bd3bf7e4f8cf0fbec2b70d59f5200f1e6c16f5ba Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 31 Mar 2024 17:35:31 +0200
Subject: [PATCH 044/336] docker: reduce file permissions

---
 docker/common-setup.sh | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/docker/common-setup.sh b/docker/common-setup.sh
index 3530c97c..3b61b712 100755
--- a/docker/common-setup.sh
+++ b/docker/common-setup.sh
@@ -2,7 +2,7 @@
 
 set -eu
 
-install -m 775 -o www-data -g www-data -d /var/www
+install -m 544 -o www-data -g www-data -d /var/www
 ln -s \
    /code/banners/ \
    /code/static/ \
@@ -16,16 +16,16 @@ ln -s \
    /code/install.sql \
    /var/www/
 
-install -m 775 -o www-data -g www-data -d /var/tmp/leftypol
-install -m 775 -o www-data -g www-data -d /var/tmp/leftypol/cache
+install -m 540 -o www-data -g www-data -d /var/tmp/leftypol
+install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache
 ln -s /var/tmp/leftypol /var/www/tmp
 
-install -m 775 -o www-data -g www-data -d /var/www/js
+install -m 544 -o www-data -g www-data -d /var/www/js
 ln -s /code/js/* /var/www/js/
 
-install -m 775 -o www-data -g www-data -d /var/www/templates
-install -m 775 -o www-data -g www-data -d /var/www/templates/cache
+install -m 544 -o www-data -g www-data -d /var/www/templates
+install -m 544 -o www-data -g www-data -d /var/www/templates/cache
 ln -s /code/templates/* /var/www/templates/
 
-install -m 775 -o www-data -g www-data -d /var/www/inc
+install -m 544 -o www-data -g www-data -d /var/www/inc
 ln -s /code/inc/* /var/www/inc/

From b1b28dcb90279fa82beddb6cf18881b89e36ad90 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 31 Mar 2024 23:12:19 +0200
Subject: [PATCH 045/336] docker-compose: use local www root

---
 .dockerignore      | 3 +++
 .gitignore         | 1 +
 docker-compose.yml | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..60786eb9
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,3 @@
+**/.git
+**/.gitignore
+/local-www
diff --git a/.gitignore b/.gitignore
index 220b0e11..9d1640ae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -44,5 +44,6 @@ Thumbs.db
 #vichan custom
 favicon.ico
 /static/spoiler.png
+local-www
 
 /vendor/
diff --git a/docker-compose.yml b/docker-compose.yml
index 9ae4f02f..cb095748 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -23,7 +23,7 @@ services:
         context: .
         dockerfile: ./docker/php/Dockerfile
       volumes:
-          - ./:/code
+          - ./local-www:/var/www
           - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       networks:
         leftchan_net:

From 7aca69125f601c34c724f25fa75bf85248d60620 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 31 Mar 2024 23:17:38 +0200
Subject: [PATCH 046/336] docker: extract the vichan directory and make it
 optionally exposable

---
 docker/common-setup.sh     | 31 ----------------
 docker/doc.md              |  4 +++
 docker/nginx/Dockerfile    |  4 +--
 docker/nginx/leftypol.conf | 21 +++++++++--
 docker/php/Dockerfile      | 26 ++++++++++----
 docker/php/bootstrap.sh    | 74 ++++++++++++++++++++++++++++++++++++++
 6 files changed, 117 insertions(+), 43 deletions(-)
 delete mode 100755 docker/common-setup.sh
 create mode 100644 docker/doc.md
 create mode 100755 docker/php/bootstrap.sh

diff --git a/docker/common-setup.sh b/docker/common-setup.sh
deleted file mode 100755
index 3b61b712..00000000
--- a/docker/common-setup.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-install -m 544 -o www-data -g www-data -d /var/www
-ln -s \
-   /code/banners/ \
-   /code/static/ \
-   /code/stylesheets/ \
-   /code/tools/ \
-   /code/walls/ \
-   /code/*.php \
-   /code/404.html \
-   /code/LICENSE.* \
-   /code/robots.txt \
-   /code/install.sql \
-   /var/www/
-
-install -m 540 -o www-data -g www-data -d /var/tmp/leftypol
-install -m 540 -o www-data -g www-data -d /var/tmp/leftypol/cache
-ln -s /var/tmp/leftypol /var/www/tmp
-
-install -m 544 -o www-data -g www-data -d /var/www/js
-ln -s /code/js/* /var/www/js/
-
-install -m 544 -o www-data -g www-data -d /var/www/templates
-install -m 544 -o www-data -g www-data -d /var/www/templates/cache
-ln -s /code/templates/* /var/www/templates/
-
-install -m 544 -o www-data -g www-data -d /var/www/inc
-ln -s /code/inc/* /var/www/inc/
diff --git a/docker/doc.md b/docker/doc.md
new file mode 100644
index 00000000..13ad93a6
--- /dev/null
+++ b/docker/doc.md
@@ -0,0 +1,4 @@
+The `php-fpm` process runs containerized.
+The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it
+is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`.
+This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;`
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
index 5fa002d3..d9d4bcc4 100644
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -2,9 +2,7 @@ FROM nginx:1.25.3-alpine
 
 COPY . /code
 RUN adduser --system www-data \
-  && adduser www-data www-data \
-  && /code/docker/common-setup.sh
-
+  && adduser www-data www-data
 
 CMD [ "nginx", "-g", "daemon off;" ]
 EXPOSE 80
diff --git a/docker/nginx/leftypol.conf b/docker/nginx/leftypol.conf
index 527873c5..1c66e95f 100644
--- a/docker/nginx/leftypol.conf
+++ b/docker/nginx/leftypol.conf
@@ -6,7 +6,7 @@ server {
 	listen 80 default_server;
 	listen [::]:80 default_server ipv6only=on;
 	server_name leftypol;
-	root /var/www;
+	root /var/www/html;
 	add_header X-Frame-Options "SAMEORIGIN";
 	add_header X-Content-Type-Options "nosniff";
 
@@ -15,9 +15,24 @@ server {
 	charset utf-8;
 
 	location ~ ^([^.\?]*[^\/])$ {
-		try_files                 $uri @addslash;
+		try_files $uri @addslash;
 	}
 
+	# Expire rules for static content
+	# Media: images, icons, video, audio, HTC
+	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
+		expires 1M;
+		access_log off;
+		log_not_found off;
+		add_header Cache-Control "public";
+	}
+	# CSS and Javascript
+	location ~* \.(?:css|js)$ {
+		expires 1y;
+		access_log off;
+		log_not_found off;
+		add_header Cache-Control "public";
+	}
 	# Expire rules for static content
 	# Media: images, icons, video, audio, HTC
 	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
@@ -39,7 +54,7 @@ server {
 	}
 
 	location @addslash {
-	   return                    301 $uri/;
+		return 301 $uri/;
 	}
 
 	location / {
diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index 962ef695..5734dc1e 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -33,15 +33,29 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y \
     && pecl install imagick \
     && pecl install -o -f igbinary \
     && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
-    && docker-php-ext-enable igbinary redis imagick
+    && docker-php-ext-enable igbinary redis imagick \
+    && rm -rf /var/cache/* \
+    && rmdir /var/www/html \
+    && install -d -m 744 -o www-data -g www-data /var/www \
+    && install -d -m 700 -o www-data -g www-data /var/tmp/leftypol \
+    && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \
+    && install -d -m 700 -o www-data -g www-data /var/cache/template-cache
 
-COPY --from=composer /usr/bin/composer /usr/bin/composer
+COPY --from=composer /usr/bin/composer /usr/local/bin/composer
+
+# Copy the bootstrap script.
+COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh
+
+# Copy the actual project (use .dockerignore to exclude stuff).
 COPY . /code
 
-RUN /code/docker/common-setup.sh \
-    && ln -s /code/composer.json /code/composer.lock /var/www/ \
-    && cd /var/www && composer install
+# Make the instance configuration owned by www-data.
+# Make it writable by php.
+# Install the compose depedencies.
+RUN chown www-data /code/inc/instance-config.php && chgrp www-data /code/inc/instance-config.php \
+    && chmod 660 /code/inc/instance-config.php \
+    && cd /code && composer install
 
 WORKDIR "/var/www"
-CMD [ "php-fpm" ]
+CMD [ "bootstrap.sh" ]
 EXPOSE 9000
diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh
new file mode 100755
index 00000000..cc5390dc
--- /dev/null
+++ b/docker/php/bootstrap.sh
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+set -eu
+
+if ! mountpoint -q /var/www; then
+    echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!"
+fi
+
+if [ ! -w /var/www ] ; then
+    echo "ERROR: '/var/www' is not writable. Closing."
+    exit 1
+fi
+
+# Link the entrypoints from the exposed directory.
+ln -nfs \
+    /code/banners/ \
+    /code/static/ \
+    /code/stylesheets/ \
+    /code/tools/ \
+    /code/walls/ \
+    /code/*.php \
+    /code/LICENSE.* \
+    /code/404.html \
+    /code/install.sql \
+    /var/www/
+# Ensure correct permissions are set, since this might be bind mount.
+chown www-data /var/www
+chgrp www-data /var/www
+
+# Initialize robots.txt with the default if it doesn't exist.
+cp -n /code/robots.txt /var/www
+
+# Link the cache and tmp files directory.
+ln -nfs /var/tmp/leftypol /var/www/tmp
+
+# Link the javascript directory.
+ln -nfs /code/js /var/www/
+
+# Link the html templates directory and it's cache.
+ln -nfs /code/templates /var/www/
+ln -nfs -T /var/cache/template-cache /var/www/templates/cache
+chown -h www-data /var/www/templates/cache
+chgrp -h www-data /var/www/templates/cache
+
+# Link the generic cache.
+ln -nfs -T /var/cache/gen-cache /var/www/tmp/cache
+chown -h www-data /var/www/tmp/cache
+chgrp -h www-data /var/www/tmp/cache
+
+# Create the included files directory and link them
+install -d -m 700 -o www-data -g www-data /var/www/inc
+for file in /code/inc/*; do
+    file="${file##*/}"
+    if [ ! -e /var/www/inc/$file ]; then
+        ln -s /code/inc/$file /var/www/inc/
+    fi
+done
+# Copy an empty instance configuration if the file is a link (it was linked because it did not exist before).
+if [ -L '/var/www/inc/instance-config.php' ]; then
+    echo 'INFO: Resetting instance configuration'
+    rm /var/www/inc/instance-config.php
+    cp /code/inc/instance-config.php /var/www/inc/instance-config.php
+    chown www-data /var/www/inc/instance-config.php
+    chgrp www-data /var/www/inc/instance-config.php
+    chmod 600 /var/www/inc/instance-config.php
+else
+    echo 'INFO: Using existing instance configuration'
+fi
+
+# Link the composer dependencies.
+ln -nfs /code/vendor /var/www/
+
+# Start the php-fpm server.
+exec php-fpm

From efdf93e3dde39bcfbf03e7328047605ac4976713 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 17:38:00 +0200
Subject: [PATCH 047/336] template.php: trim

---
 inc/template.php | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/inc/template.php b/inc/template.php
index 0362111c..11e74b7c 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -28,17 +28,17 @@ function load_twig() {
 
 function Element($templateFile, array $options) {
 	global $config, $debug, $twig, $build_pages;
-	
+
 	if (!$twig)
 		load_twig();
-	
+
 	if (function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod'])) && !preg_match('!^mod/!', $templateFile)) {
 		$options['pm'] = create_pm_header();
 	}
-	
+
 	if (isset($options['body']) && $config['debug']) {
 		$_debug = $debug;
-		
+
 		if (isset($debug['start'])) {
 			$_debug['time']['total'] = '~' . round((microtime(true) - $_debug['start']) * 1000, 2) . 'ms';
 			$_debug['time']['init'] = '~' . round(($_debug['start_debug'] - $_debug['start']) * 1000, 2) . 'ms';
@@ -56,15 +56,15 @@ function Element($templateFile, array $options) {
 				str_replace("\n", '<br/>', utf8tohtml(print_r($_debug, true))) .
 			'</pre>';
 	}
-	
+
 	// Read the template file
 	if (@file_get_contents("{$config['dir']['template']}/${templateFile}")) {
 		$body = $twig->render($templateFile, $options);
-		
+
 		if ($config['minify_html'] && preg_match('/\.html$/', $templateFile)) {
 			$body = trim(preg_replace("/[\t\r\n]/", '', $body));
 		}
-		
+
 		return $body;
 	} else {
 		throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
@@ -102,7 +102,7 @@ class Tinyboard extends Twig\Extension\AbstractExtension
 			new Twig\TwigFilter('cloak_mask', 'cloak_mask'),
 		);
 	}
-	
+
 	/**
 	* Returns a list of functions to add to the existing list.
 	*
@@ -122,7 +122,7 @@ class Tinyboard extends Twig\Extension\AbstractExtension
 			new Twig\TwigFunction('link_for', 'link_for')
 		);
 	}
-	
+
 	/**
 	* Returns the name of the extension.
 	*
@@ -154,7 +154,7 @@ function twig_hasPermission_filter($mod, $permission, $board = null) {
 function twig_extension_filter($value, $case_insensitive = true) {
 	$ext = mb_substr($value, mb_strrpos($value, '.') + 1);
 	if($case_insensitive)
-		$ext = mb_strtolower($ext);		
+		$ext = mb_strtolower($ext);
 	return $ext;
 }
 
@@ -179,7 +179,7 @@ function twig_filename_truncate_filter($value, $length = 30, $separator = '…')
 		$value = strrev($value);
 		$array = array_reverse(explode(".", $value, 2));
 		$array = array_map("strrev", $array);
-		
+
 		$filename = &$array[0];
 		$extension = isset($array[1]) ? $array[1] : false;
 

From 3de9fa24dd133d55731bee75bb790e677b63b4c6 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 31 Mar 2024 23:10:07 +0200
Subject: [PATCH 048/336] template.php install.php: handle cache directory
 being a symlink

---
 inc/template.php | 6 ++++--
 install.php      | 5 ++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/inc/template.php b/inc/template.php
index 11e74b7c..26ba6cc0 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -11,12 +11,14 @@ $twig = false;
 function load_twig() {
 	global $twig, $config;
 
+	$cache_dir = "{$config['dir']['template']}/cache/";
+
 	$loader = new Twig\Loader\FilesystemLoader($config['dir']['template']);
 	$loader->setPaths($config['dir']['template']);
 	$twig = new Twig\Environment($loader, array(
 		'autoescape' => false,
-		'cache' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')) ?
-			new Twig_Cache_TinyboardFilesystem("{$config['dir']['template']}/cache") : false,
+		'cache' => is_writable('templates/') || (is_dir($cache_dir) && is_writable($cache_dir)) ?
+			new Twig_Cache_TinyboardFilesystem($cache_dir) : false,
 		'debug' => $config['debug'],
 		'auto_reload' => $config['twig_auto_reload']
 	));
diff --git a/install.php b/install.php
index c174771b..cb2a44cd 100644
--- a/install.php
+++ b/install.php
@@ -856,14 +856,14 @@ if ($step == 0) {
 		array(
 			'category' => 'File permissions',
 			'name' => getcwd() . '/templates/cache',
-			'result' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')),
+			'result' => is_dir('templates/cache/') && is_writable('templates/cache/'),
 			'required' => true,
 			'message' => 'You must give vichan permission to create (and write to) the <code>templates/cache</code> directory or performance will be drastically reduced.'
 		),
 		array(
 			'category' => 'File permissions',
 			'name' => getcwd() . '/tmp/cache',
-			'result' => is_dir('tmp/cache') && is_writable('tmp/cache'),
+			'result' => is_dir('tmp/cache/') && is_writable('tmp/cache/'),
 			'required' => true,
 			'message' => 'You must give vichan permission to write to the <code>tmp/cache</code> directory.'
 		),
@@ -1032,4 +1032,3 @@ if ($step == 0) {
 
 	echo Element('page.html', $page);
 }
-

From 8799c142b0026b06d12acf0657405ddec9842924 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 4 Apr 2024 17:05:27 +0200
Subject: [PATCH 049/336] install.php: check that secrets.php is writable

---
 install.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/install.php b/install.php
index cb2a44cd..0d17d0da 100644
--- a/install.php
+++ b/install.php
@@ -5,6 +5,11 @@ define('VERSION', '5.1.4');
 require 'inc/bootstrap.php';
 loadConfig();
 
+if (!is_writable('inc/secrets.php')) {
+	echo 'install.php does not have permission to write to /inc/secrets.php, without permission the installer cannot continue';
+	exit();
+}
+
 // Salt generators
 class SaltGen {
 	public $salt_length = 128;

From 2af07d006bf998392da6dfe17443984df3d14ce9 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 4 Apr 2024 17:33:22 +0200
Subject: [PATCH 050/336] docker: create empty robots.txt

---
 docker/php/bootstrap.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh
index cc5390dc..5aaec0b2 100755
--- a/docker/php/bootstrap.sh
+++ b/docker/php/bootstrap.sh
@@ -27,8 +27,8 @@ ln -nfs \
 chown www-data /var/www
 chgrp www-data /var/www
 
-# Initialize robots.txt with the default if it doesn't exist.
-cp -n /code/robots.txt /var/www
+# Initialize an empty robots.txt with the default if it doesn't exist.
+touch /var/www/robots.txt
 
 # Link the cache and tmp files directory.
 ln -nfs /var/tmp/leftypol /var/www/tmp

From 1fed05c5ee07d4798ec4f9d7100892714509b2b6 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 4 Apr 2024 17:41:03 +0200
Subject: [PATCH 051/336] docker: ignore empty gitkeep directories

---
 .dockerignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.dockerignore b/.dockerignore
index 60786eb9..1b82198d 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,4 @@
 **/.git
 **/.gitignore
 /local-www
+**/.gitkeep

From c058ec12f998196e375cdab0eae31c8863119d11 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 4 Apr 2024 17:41:31 +0200
Subject: [PATCH 052/336] Remove template/cache directory

---
 templates/cache/.gitkeep | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 templates/cache/.gitkeep

diff --git a/templates/cache/.gitkeep b/templates/cache/.gitkeep
deleted file mode 100644
index 8b137891..00000000
--- a/templates/cache/.gitkeep
+++ /dev/null
@@ -1 +0,0 @@
-

From eb01768191d7ff6f49f8f83bae9e634174ce3c42 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 4 Apr 2024 17:42:37 +0200
Subject: [PATCH 053/336] docker: use less used port for compose

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index cb095748..c50f95aa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,7 +5,7 @@ services:
         context: .
         dockerfile: ./docker/nginx/Dockerfile
       ports:
-        - "8080:80"
+        - "9090:80"
       depends_on:
         - db
       volumes:

From 79183ae8e6a32a77d40196784a117e593623141a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 4 Apr 2024 23:57:25 +0200
Subject: [PATCH 054/336] docker: handle secrets.php

---
 docker/php/bootstrap.sh | 5 +++++
 install.php             | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh
index 5aaec0b2..006eea80 100755
--- a/docker/php/bootstrap.sh
+++ b/docker/php/bootstrap.sh
@@ -30,6 +30,11 @@ chgrp www-data /var/www
 # Initialize an empty robots.txt with the default if it doesn't exist.
 touch /var/www/robots.txt
 
+# Initialize an empty writable secrests.php with the default if it doesn't exist.
+touch /var/www/inc/secrets.php
+chown www-data /var/www/inc/secrets.php
+chgrp www-data /var/www/inc/secrets.php
+
 # Link the cache and tmp files directory.
 ln -nfs /var/tmp/leftypol /var/www/tmp
 
diff --git a/install.php b/install.php
index 0d17d0da..696543a3 100644
--- a/install.php
+++ b/install.php
@@ -5,8 +5,8 @@ define('VERSION', '5.1.4');
 require 'inc/bootstrap.php';
 loadConfig();
 
-if (!is_writable('inc/secrets.php')) {
-	echo 'install.php does not have permission to write to /inc/secrets.php, without permission the installer cannot continue';
+if (!is_writable('inc/secrets.php') || !is_writable('inc/')) {
+	echo 'install.php does not have permission to write to /inc/secrets.php and/or /inc/, without permission the installer cannot continue';
 	exit();
 }
 

From 9d9804db138ac1cc80f616663728df4ffa4776af Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 5 Apr 2024 00:45:26 +0200
Subject: [PATCH 055/336] docker: compose mount local-www as root directory in
 nginx

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index c50f95aa..7383781b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,7 +9,7 @@ services:
       depends_on:
         - db
       volumes:
-          - ./:/code
+          - ./local-www:/var/www/html
           - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf
           - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
           - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf

From 711e824153985a0210b9e953314dcfc0272e2138 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 13:16:33 +0200
Subject: [PATCH 056/336] docker: remove lainchan branding from compose file

---
 docker-compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 7383781b..319e0dff 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -37,8 +37,8 @@ services:
     ports:
       - "3306:3306"
     environment:
-      MYSQL_DATABASE: lainchan
-      MYSQL_ROOT_PASSWORD: M9q5lO0RxJVh
+      MYSQL_DATABASE: vichan
+      MYSQL_ROOT_PASSWORD: test-database
     networks:
         leftchan_net:
             ipv4_address: 172.20.0.2

From 5bdbe49f3836f19ad239c6b85eb8062e88c80fd4 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 13:17:17 +0200
Subject: [PATCH 057/336] docker: move image to alpine linux

---
 docker/php/Dockerfile | 90 ++++++++++++++++++++++++++++---------------
 1 file changed, 60 insertions(+), 30 deletions(-)

diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index 5734dc1e..e3bd206f 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -1,43 +1,73 @@
 # Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile
 
 FROM composer AS composer
-FROM php:8.1-fpm-bullseye
+FROM php:8.1-fpm-alpine
 
-RUN apt-get update && apt-get upgrade -y && apt-get install -y \
-      zlib1g-dev libicu-dev g++ \
-      libjpeg62-turbo-dev \
-      libzip-dev \
-      libpng-dev \
-      libwebp-dev \
-      libfreetype6-dev \
-      libxml2-dev \
-      git \
-      zip \
-      ffmpeg \
-      libonig-dev \
-      unzip \
-      libcurl4-openssl-dev \
-      libmagickwand-dev \
-      gifsicle \
-      graphicsmagick \
-      gettext \
-      imagemagick \
-      locales locales-all \
-      libmagickwand-dev \
-      libmcrypt-dev \
+RUN apk add --no-cache \
+    zlib \
+    zlib-dev \
+    libpng \
+    libpng-dev \
+    libjpeg-turbo \
+    libjpeg-turbo-dev \
+    libwebp \
+    libwebp-dev \
+    libcurl \
+    curl-dev \
+    imagemagick \
+    graphicsmagick \
+    gifsicle \
+    ffmpeg \
+    bind-tools \
+    gettext \
+    gettext-dev \
+    icu-dev \
+    oniguruma \
+    oniguruma-dev \
+    libmcrypt \
+    libmcrypt-dev \
+    lz4-libs \
+    lz4-dev \
+    imagemagick-dev \
+    pcre-dev \
+    $PHPIZE_DEPS \
     && docker-php-ext-configure gd \
         --with-webp=/usr/include/webp \
         --with-jpeg=/usr/include \
-        --with-freetype=/usr/include/freetype2/ \
+    && docker-php-ext-install -j$(nproc) \
+        gd \
+        curl \
+        bcmath \
+        opcache \
+        pdo_mysql \
+        gettext \
+        intl \
+        mbstring \
+    && pecl update-channels \
+    && pecl install -o -f igbinary \
     && pecl install redis \
     && pecl install imagick \
-    && pecl install -o -f igbinary \
-    && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
-    && docker-php-ext-enable igbinary redis imagick \
-    && rm -rf /var/cache/* \
-    && rmdir /var/www/html \
+    $$ docker-php-ext-enable \
+        igbinary \
+        redis \
+        imagick \
+    && apk del \
+        zlib-dev \
+        libpng-dev \
+        libjpeg-turbo-dev \
+        libwebp-dev \
+        curl-dev \
+        gettext-dev \
+        oniguruma-dev \
+        libmcrypt-dev \
+        lz4-dev \
+        imagemagick-dev \
+        pcre-dev \
+        $PHPIZE_DEPS \
+    && rm -rf /var/cache/*
+RUN rmdir /var/www/html \
     && install -d -m 744 -o www-data -g www-data /var/www \
-    && install -d -m 700 -o www-data -g www-data /var/tmp/leftypol \
+    && install -d -m 700 -o www-data -g www-data /var/tmp/vichan \
     && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \
     && install -d -m 700 -o www-data -g www-data /var/cache/template-cache
 

From d117619ce6170ea6b4695fd359fa09b1503e4291 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 13:18:38 +0200
Subject: [PATCH 058/336] docker: boostrap script handle secrets.php, copy
 static files

---
 docker/php/bootstrap.sh | 39 +++++++++++++++++++++------------------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh
index 006eea80..5436b2c2 100755
--- a/docker/php/bootstrap.sh
+++ b/docker/php/bootstrap.sh
@@ -2,6 +2,19 @@
 
 set -eu
 
+function set_cfg() {
+    if [ -L "/var/www/inc/$1" ]; then
+        echo "INFO: Resetting $1"
+        rm "/var/www/inc/$1"
+        cp "/code/inc/$1" "/var/www/inc/$1"
+        chown www-data "/var/www/inc/$1"
+        chgrp www-data "/var/www/inc/$1"
+        chmod 600 "/var/www/inc/$1"
+    else
+        echo "INFO: Using existing $1"
+    fi
+}
+
 if ! mountpoint -q /var/www; then
     echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!"
 fi
@@ -14,8 +27,6 @@ fi
 # Link the entrypoints from the exposed directory.
 ln -nfs \
     /code/banners/ \
-    /code/static/ \
-    /code/stylesheets/ \
     /code/tools/ \
     /code/walls/ \
     /code/*.php \
@@ -23,6 +34,10 @@ ln -nfs \
     /code/404.html \
     /code/install.sql \
     /var/www/
+# Static files accessible from the webserver must be copied.
+cp -ur /code/static /var/www/
+cp -ur /code/stylesheets /var/www/
+
 # Ensure correct permissions are set, since this might be bind mount.
 chown www-data /var/www
 chgrp www-data /var/www
@@ -30,13 +45,8 @@ chgrp www-data /var/www
 # Initialize an empty robots.txt with the default if it doesn't exist.
 touch /var/www/robots.txt
 
-# Initialize an empty writable secrests.php with the default if it doesn't exist.
-touch /var/www/inc/secrets.php
-chown www-data /var/www/inc/secrets.php
-chgrp www-data /var/www/inc/secrets.php
-
 # Link the cache and tmp files directory.
-ln -nfs /var/tmp/leftypol /var/www/tmp
+ln -nfs /var/tmp/vichan /var/www/tmp
 
 # Link the javascript directory.
 ln -nfs /code/js /var/www/
@@ -60,17 +70,10 @@ for file in /code/inc/*; do
         ln -s /code/inc/$file /var/www/inc/
     fi
 done
+
 # Copy an empty instance configuration if the file is a link (it was linked because it did not exist before).
-if [ -L '/var/www/inc/instance-config.php' ]; then
-    echo 'INFO: Resetting instance configuration'
-    rm /var/www/inc/instance-config.php
-    cp /code/inc/instance-config.php /var/www/inc/instance-config.php
-    chown www-data /var/www/inc/instance-config.php
-    chgrp www-data /var/www/inc/instance-config.php
-    chmod 600 /var/www/inc/instance-config.php
-else
-    echo 'INFO: Using existing instance configuration'
-fi
+set_cfg 'instance-config.php'
+set_cfg 'secrets.php'
 
 # Link the composer dependencies.
 ln -nfs /code/vendor /var/www/

From 729219a3c4444896b81dc58ae96b03d288739db3 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 18:20:34 +0200
Subject: [PATCH 059/336] docker: bootstrap remove leftypol specific files

---
 docker/php/bootstrap.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh
index 5436b2c2..6d6b5c15 100755
--- a/docker/php/bootstrap.sh
+++ b/docker/php/bootstrap.sh
@@ -26,12 +26,9 @@ fi
 
 # Link the entrypoints from the exposed directory.
 ln -nfs \
-    /code/banners/ \
     /code/tools/ \
-    /code/walls/ \
     /code/*.php \
     /code/LICENSE.* \
-    /code/404.html \
     /code/install.sql \
     /var/www/
 # Static files accessible from the webserver must be copied.

From 5a5d31533006cd70ce4ce22e57aad093dbcdcee7 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 13:20:58 +0200
Subject: [PATCH 060/336] docker: remove leftypol branding from nginx compose

---
 docker-compose.yml                          | 2 +-
 docker/nginx/{leftypol.conf => vichan.conf} | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename docker/nginx/{leftypol.conf => vichan.conf} (96%)

diff --git a/docker-compose.yml b/docker-compose.yml
index 319e0dff..6bb99192 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,7 @@ services:
         - db
       volumes:
           - ./local-www:/var/www/html
-          - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf
+          - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf
           - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
           - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
       networks:
diff --git a/docker/nginx/leftypol.conf b/docker/nginx/vichan.conf
similarity index 96%
rename from docker/nginx/leftypol.conf
rename to docker/nginx/vichan.conf
index 1c66e95f..ea46476e 100644
--- a/docker/nginx/leftypol.conf
+++ b/docker/nginx/vichan.conf
@@ -5,7 +5,7 @@ upstream php-upstream {
 server {
 	listen 80 default_server;
 	listen [::]:80 default_server ipv6only=on;
-	server_name leftypol;
+	server_name vichan;
 	root /var/www/html;
 	add_header X-Frame-Options "SAMEORIGIN";
 	add_header X-Content-Type-Options "nosniff";
@@ -64,7 +64,7 @@ server {
 	client_max_body_size 2G;
 
 	location ~ \.php$ {
-		proxy_set_header X-Real-IP  $remote_addr;
+		proxy_set_header X-Real-IP $remote_addr;
 		proxy_set_header X-Forwarded-For $remote_addr;
 		proxy_set_header X-Request-Id $x_request_id;
 		proxy_set_header X-Forwarded-Host $host;

From f8ea32376e76ef0017481ce370cbb0ed45d0f442 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 10 Apr 2024 16:05:30 +0200
Subject: [PATCH 061/336] docker: remove leftchan references from compose

---
 docker-compose.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 6bb99192..f1429037 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,7 +14,7 @@ services:
           - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
           - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
       networks:
-        leftchan_net:
+        vichan_net:
           ipv4_address: 172.20.0.3
       links:
           - php
@@ -26,7 +26,7 @@ services:
           - ./local-www:/var/www
           - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       networks:
-        leftchan_net:
+        vichan_net:
           ipv4_address: 172.20.0.4
   #MySQL Service
   db:
@@ -40,12 +40,12 @@ services:
       MYSQL_DATABASE: vichan
       MYSQL_ROOT_PASSWORD: test-database
     networks:
-        leftchan_net:
+        vichan_net:
             ipv4_address: 172.20.0.2
 
 #Docker Networks
 networks:
-    leftchan_net:
+    vichan_net:
         ipam:
             driver: default
             config:

From 050bc59588b03754b7c7ab566fe852bea31bc5b1 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 10 Apr 2024 16:06:20 +0200
Subject: [PATCH 062/336] docker: enable JIT by default on compose

---
 docker-compose.yml | 1 +
 docker/php/jit.ini | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 docker/php/jit.ini

diff --git a/docker-compose.yml b/docker-compose.yml
index f1429037..c261562f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -25,6 +25,7 @@ services:
       volumes:
           - ./local-www:/var/www
           - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
+          - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
       networks:
         vichan_net:
           ipv4_address: 172.20.0.4
diff --git a/docker/php/jit.ini b/docker/php/jit.ini
new file mode 100644
index 00000000..ecfb44c5
--- /dev/null
+++ b/docker/php/jit.ini
@@ -0,0 +1,2 @@
+opcache.jit_buffer_size=192M
+opcache.jit=tracing

From 575b265c743ee35dd5b4d351b5e1f551b436a05d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 10 Apr 2024 16:06:56 +0200
Subject: [PATCH 063/336] docker: adjust php-fpm pool log config on compose

---
 docker/php/www.conf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docker/php/www.conf b/docker/php/www.conf
index 0f53aebf..6e78ad26 100644
--- a/docker/php/www.conf
+++ b/docker/php/www.conf
@@ -1,6 +1,13 @@
 [www]
+access.log = /proc/self/fd/2
+
+; Ensure worker stdout and stderr are sent to the main error log.
+catch_workers_output = yes
+decorate_workers_output = no
+
 user = www-data
 group = www-data
+
 listen = 127.0.0.1:9000
 pm = static
 pm.max_children = 16

From fb191a0ffda34e90c10879ff7b3ae8c10cc9f48f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 10 Apr 2024 17:17:46 +0200
Subject: [PATCH 064/336] docker: change compose database root password

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index c261562f..240d0e88 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -39,7 +39,7 @@ services:
       - "3306:3306"
     environment:
       MYSQL_DATABASE: vichan
-      MYSQL_ROOT_PASSWORD: test-database
+      MYSQL_ROOT_PASSWORD: password
     networks:
         vichan_net:
             ipv4_address: 172.20.0.2

From 5c99b0f4f3e0017e3a799fde7142d22947e57598 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 12 Apr 2024 17:10:19 +0200
Subject: [PATCH 065/336] docker: enable profiling with xdebug

---
 docker-compose.yml            |  3 ++-
 docker/php/Dockerfile.profile | 16 ++++++++++++++++
 docker/php/bootstrap.sh       |  8 ++++++++
 docker/php/xdebug-prof.ini    |  7 +++++++
 4 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 docker/php/Dockerfile.profile
 create mode 100644 docker/php/xdebug-prof.ini

diff --git a/docker-compose.yml b/docker-compose.yml
index 240d0e88..47ab8d7b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -21,11 +21,12 @@ services:
   php:
       build:
         context: .
-        dockerfile: ./docker/php/Dockerfile
+        dockerfile: ./docker/php/Dockerfile.profile
       volumes:
           - ./local-www:/var/www
           - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
           - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
+          - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini
       networks:
         vichan_net:
           ipv4_address: 172.20.0.4
diff --git a/docker/php/Dockerfile.profile b/docker/php/Dockerfile.profile
new file mode 100644
index 00000000..ad2019ab
--- /dev/null
+++ b/docker/php/Dockerfile.profile
@@ -0,0 +1,16 @@
+# syntax = devthefuture/dockerfile-x
+INCLUDE ./docker/php/Dockerfile
+
+RUN apk add --no-cache \
+        linux-headers \
+        $PHPIZE_DEPS \
+    && pecl update-channels \
+    && pecl install xdebug \
+    && docker-php-ext-enable xdebug \
+    && apk del \
+        linux-headers \
+        $PHPIZE_DEPS \
+    && rm -rf /var/cache/*
+
+ENV XDEBUG_OUT_DIR=/var/www/xdebug_out
+CMD [ "bootstrap.sh" ]
\ No newline at end of file
diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh
index 6d6b5c15..4ee088ba 100755
--- a/docker/php/bootstrap.sh
+++ b/docker/php/bootstrap.sh
@@ -24,6 +24,14 @@ if [ ! -w /var/www ] ; then
     exit 1
 fi
 
+if [ -z "$XDEBUG_OUT_DIR" ] ; then
+    echo "INFO: Initializing xdebug out directory at $XDEBUG_OUT_DIR"
+    mkdir -p "$XDEBUG_OUT_DIR"
+    chown www-data "$XDEBUG_OUT_DIR"
+    chgrp www-data "$XDEBUG_OUT_DIR"
+    chmod 755 "$XDEBUG_OUT_DIR"
+fi
+
 # Link the entrypoints from the exposed directory.
 ln -nfs \
     /code/tools/ \
diff --git a/docker/php/xdebug-prof.ini b/docker/php/xdebug-prof.ini
new file mode 100644
index 00000000..c6dc008e
--- /dev/null
+++ b/docker/php/xdebug-prof.ini
@@ -0,0 +1,7 @@
+zend_extension=xdebug
+
+[xdebug]
+xdebug.mode = profile
+xdebug.start_with_request = start
+error_reporting = E_ALL
+xdebug.output_dir = /var/www/xdebug_out

From fbbdb5afd6bb1a581bcaedeb2e2baba54d4769fc Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 16 Apr 2024 20:49:31 +0200
Subject: [PATCH 066/336] docker: fix variable checking in bootstrapping script

---
 docker/php/bootstrap.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/php/bootstrap.sh b/docker/php/bootstrap.sh
index 4ee088ba..cc3f43d0 100755
--- a/docker/php/bootstrap.sh
+++ b/docker/php/bootstrap.sh
@@ -24,7 +24,7 @@ if [ ! -w /var/www ] ; then
     exit 1
 fi
 
-if [ -z "$XDEBUG_OUT_DIR" ] ; then
+if [ -z  "${XDEBUG_OUT_DIR:-''}" ] ; then
     echo "INFO: Initializing xdebug out directory at $XDEBUG_OUT_DIR"
     mkdir -p "$XDEBUG_OUT_DIR"
     chown www-data "$XDEBUG_OUT_DIR"

From 107592f70ce1916ca994da2d63f012938645b55e Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 16 Apr 2024 20:50:27 +0200
Subject: [PATCH 067/336] docker: simplify composer file

---
 docker-compose.yml | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 47ab8d7b..a531be88 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,11 +13,9 @@ services:
           - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf
           - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
           - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
-      networks:
-        vichan_net:
-          ipv4_address: 172.20.0.3
       links:
           - php
+
   php:
       build:
         context: .
@@ -27,9 +25,7 @@ services:
           - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
           - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
           - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini
-      networks:
-        vichan_net:
-          ipv4_address: 172.20.0.4
+
   #MySQL Service
   db:
     image: mysql:8.0.35
@@ -41,14 +37,3 @@ services:
     environment:
       MYSQL_DATABASE: vichan
       MYSQL_ROOT_PASSWORD: password
-    networks:
-        vichan_net:
-            ipv4_address: 172.20.0.2
-
-#Docker Networks
-networks:
-    vichan_net:
-        ipam:
-            driver: default
-            config:
-                - subnet: 172.20.0.0/16

From f161de3d5744a90dc333b083715fa2fb30ae65b3 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 16 Apr 2024 20:51:13 +0200
Subject: [PATCH 068/336] docker: format compose file

---
 docker-compose.yml | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index a531be88..b32a3ae8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,30 +1,30 @@
 services:
   #nginx webserver + php 8.x
   web:
-      build:
-        context: .
-        dockerfile: ./docker/nginx/Dockerfile
-      ports:
-        - "9090:80"
-      depends_on:
-        - db
-      volumes:
-          - ./local-www:/var/www/html
-          - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf
-          - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
-          - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
-      links:
-          - php
+    build:
+      context: .
+      dockerfile: ./docker/nginx/Dockerfile
+    ports:
+      - "9090:80"
+    depends_on:
+      - db
+    volumes:
+      - ./local-www:/var/www/html
+      - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf
+      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
+    links:
+      - php
 
   php:
-      build:
-        context: .
-        dockerfile: ./docker/php/Dockerfile.profile
-      volumes:
-          - ./local-www:/var/www
-          - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
-          - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
-          - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini
+    build:
+      context: .
+      dockerfile: ./docker/php/Dockerfile.profile
+    volumes:
+      - ./local-www:/var/www
+      - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
+      - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
+      - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini
 
   #MySQL Service
   db:

From bf4f388a042e4ab659530f46dec1b3df7a32d847 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 16 Apr 2024 20:51:37 +0200
Subject: [PATCH 069/336] docker: make non-profile the default compose setting

---
 docker-compose.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index b32a3ae8..f0170c7b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -19,12 +19,11 @@ services:
   php:
     build:
       context: .
-      dockerfile: ./docker/php/Dockerfile.profile
+      dockerfile: ./docker/php/Dockerfile
     volumes:
       - ./local-www:/var/www
       - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
-      - ./docker/php/xdebug-prof.ini:/usr/local/etc/php/conf.d/xdebug-prof.ini
 
   #MySQL Service
   db:

From 024f9553388050a36738668e6a04bbc3083447a3 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 16 Apr 2024 21:03:47 +0200
Subject: [PATCH 070/336] docker: remove special handling of
 instance-config.php from build

---
 docker/php/Dockerfile | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index e3bd206f..0e2f741d 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -71,20 +71,16 @@ RUN rmdir /var/www/html \
     && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \
     && install -d -m 700 -o www-data -g www-data /var/cache/template-cache
 
-COPY --from=composer /usr/bin/composer /usr/local/bin/composer
-
 # Copy the bootstrap script.
 COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh
 
+COPY --from=composer /usr/bin/composer /usr/local/bin/composer
+
 # Copy the actual project (use .dockerignore to exclude stuff).
 COPY . /code
 
-# Make the instance configuration owned by www-data.
-# Make it writable by php.
 # Install the compose depedencies.
-RUN chown www-data /code/inc/instance-config.php && chgrp www-data /code/inc/instance-config.php \
-    && chmod 660 /code/inc/instance-config.php \
-    && cd /code && composer install
+RUN cd /code && composer install
 
 WORKDIR "/var/www"
 CMD [ "bootstrap.sh" ]

From c3619c49fb9b681507ebdc3d86a98dcbfbe7a8ab Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 16 Apr 2024 21:31:56 +0200
Subject: [PATCH 071/336] docker: prepare compose for multiple test instances

---
 .dockerignore      |  2 +-
 .gitignore         |  2 +-
 docker-compose.yml |  6 ++++--
 docker/doc.md      | 12 ++++++++++++
 4 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index 1b82198d..8ae84728 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,4 +1,4 @@
 **/.git
 **/.gitignore
-/local-www
+/local-instances
 **/.gitkeep
diff --git a/.gitignore b/.gitignore
index 9d1640ae..5e0ab052 100644
--- a/.gitignore
+++ b/.gitignore
@@ -44,6 +44,6 @@ Thumbs.db
 #vichan custom
 favicon.ico
 /static/spoiler.png
-local-www
+/local-instances
 
 /vendor/
diff --git a/docker-compose.yml b/docker-compose.yml
index f0170c7b..da45b113 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,7 +9,7 @@ services:
     depends_on:
       - db
     volumes:
-      - ./local-www:/var/www/html
+      - ./local-instances/1/www:/var/www/html
       - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf
       - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
       - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
@@ -21,7 +21,7 @@ services:
       context: .
       dockerfile: ./docker/php/Dockerfile
     volumes:
-      - ./local-www:/var/www
+      - ./local-instances/1/www:/var/www
       - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
 
@@ -36,3 +36,5 @@ services:
     environment:
       MYSQL_DATABASE: vichan
       MYSQL_ROOT_PASSWORD: password
+    volumes:
+      - ./local-instances/1/mysql:/var/lib/mysql
diff --git a/docker/doc.md b/docker/doc.md
index 13ad93a6..e022f170 100644
--- a/docker/doc.md
+++ b/docker/doc.md
@@ -2,3 +2,15 @@ The `php-fpm` process runs containerized.
 The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it
 is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`.
 This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;`
+
+The default docker compose settings are intended for development and testing purposes.
+The folder structure expected by compose is as follows
+
+```
+<vichan-project>
+└── local-instances
+    └── 1
+        ├── mysql
+        └── www
+```
+The vichan container is by itself much less rigid.

From b86b9e375da7c67acbf0874a933baaccc117955a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 16 Apr 2024 22:39:32 +0200
Subject: [PATCH 072/336] post.php: fix hcaptcha reading wrong post field

---
 post.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post.php b/post.php
index 4b28a908..22bc67fa 100644
--- a/post.php
+++ b/post.php
@@ -623,7 +623,7 @@ if (isset($_POST['delete'])) {
 					if (!isset($_POST['h-captcha-response'])) {
 						error($config['error']['bot']);
 					}
-					$response = $_POST['g-recaptcha-response'];
+					$response = $_POST['h-captcha-response'];
 					$query = RemoteCaptchaQuery::withHCaptcha($context->getHttpDriver(), $config['hcaptcha_private']);
 				}
 

From 0428c356842bd9188d6672ae14ec86653165ffd0 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 13 Apr 2024 00:07:03 +0200
Subject: [PATCH 073/336] b.php: make banners redirect instead of serving the
 image directly

---
 b.php | 22 +++++-----------------
 1 file changed, 5 insertions(+), 17 deletions(-)

diff --git a/b.php b/b.php
index 83285b81..446fb47c 100644
--- a/b.php
+++ b/b.php
@@ -1,20 +1,8 @@
 <?php
-$dir = "static/banners/";
-$files = scandir($dir, SCANDIR_SORT_NONE);
-$images = array_diff($files, array('.', '..'));
-$name = $images[array_rand($images)];
-// open the file in a binary mode
-$fp = fopen($dir . $name, 'rb');
 
-// send the right headers
-header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1
-header('Pragma: no-cache'); // HTTP 1.0
-header('Expires: 0'); // Proxies
-$fstat = fstat($fp);
-header('Content-Type: ' . mime_content_type($dir . $name));
-header('Content-Length: ' . $fstat['size']);
+$files = scandir('static/banners/', SCANDIR_SORT_NONE);
+$files = array_diff($files, ['.', '..']);
 
-// dump the picture and stop the script
-fpassthru($fp);
-exit;
-?>
+$name = $files[array_rand($files)];
+header("Location: /static/banners/$name", true, 307);
+header('Cache-Control: no-cache');

From df07515397a4bdade03adccdff1a0e9ef841e4a7 Mon Sep 17 00:00:00 2001
From: discomrade <nice@try.fbi>
Date: Fri, 1 Oct 2021 05:15:54 -0200
Subject: [PATCH 074/336] Enable filtering by flag name

---
 js/post-filter.js | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/js/post-filter.js b/js/post-filter.js
index 3bf55a51..c9e903d8 100644
--- a/js/post-filter.js
+++ b/js/post-filter.js
@@ -375,7 +375,7 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 
 			var list = getList();
 			var postId = $post.find('.post_no').not('[id]').text();
-			var name, trip, uid, subject, comment;
+			var name, trip, uid, subject, comment, flag;
 			var i, length, array, rule, pattern;  // temp variables
 
 			var boardId	      = $post.data('board');
@@ -388,6 +388,7 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 
 			var hasTrip = ($post.find('.trip').length > 0);
 			var hasSub = ($post.find('.subject').length > 0);
+			var hasFlag = ($post.find('.flag').length > 0);
 
 			$post.data('hidden', false);
 			$post.data('hiddenByUid', false);
@@ -396,6 +397,7 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 			$post.data('hiddenByTrip', false);
 			$post.data('hiddenBySubject', false);
 			$post.data('hiddenByComment', false);
+			$post.data('hiddenByFlag', false);
 
 			// add post with matched UID to localList
 			if (hasUID &&
@@ -436,6 +438,8 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 			});
 			comment = array.join(' ');
 
+			if (hasFlag)
+				flag = $post.find('.flag').attr('title')
 
 			for (i = 0, length = list.generalFilter.length; i < length; i++) {
 				rule = list.generalFilter[i];
@@ -467,6 +471,12 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 								hide(post);
 							}
 							break;
+						case 'flag':
+							if (hasFlag && pattern.test(flag)) {
+								$post.data('hiddenByFlag', true);
+								hide(post);
+							}
+							break;
 					}
 				} else {
 					switch (rule.type) {
@@ -496,6 +506,13 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 								hide(post);
 							}
 							break;
+						case 'flag':
+							pattern = new RegExp('\\b'+ rule.value+ '\\b');
+							if (hasFlag && pattern.test(flag)) {
+								$post.data('hiddenByFlag', true);
+								hide(post);
+							}
+							break;
 					}
 				}
 			}
@@ -621,7 +638,8 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 				name: 'name',
 				trip: 'tripcode',
 				sub: 'subject',
-				com: 'comment'
+				com: 'comment',
+				flag: 'flag'
 			};
 
 			$ele.empty();
@@ -660,6 +678,7 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 							'<option value="trip">'+_('Tripcode')+'</option>' +
 							'<option value="sub">'+_('Subject')+'</option>' +
 							'<option value="com">'+_('Comment')+'</option>' +
+							'<option value="flag">'+_('Flag')+'</option>' +
 						'</select>' +
 						'<input type="text">' +
 						'<input type="checkbox">' +

From cbb15710633f0848235d435581e79a470e8e053a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 18 Apr 2024 23:32:48 +0200
Subject: [PATCH 075/336] docker: remove duplicated nginx configuration

---
 docker/nginx/vichan.conf | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/docker/nginx/vichan.conf b/docker/nginx/vichan.conf
index ea46476e..b5b49deb 100644
--- a/docker/nginx/vichan.conf
+++ b/docker/nginx/vichan.conf
@@ -18,21 +18,6 @@ server {
 		try_files $uri @addslash;
 	}
 
-	# Expire rules for static content
-	# Media: images, icons, video, audio, HTC
-	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-		expires 1M;
-		access_log off;
-		log_not_found off;
-		add_header Cache-Control "public";
-	}
-	# CSS and Javascript
-	location ~* \.(?:css|js)$ {
-		expires 1y;
-		access_log off;
-		log_not_found off;
-		add_header Cache-Control "public";
-	}
 	# Expire rules for static content
 	# Media: images, icons, video, audio, HTC
 	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {

From 9d7ddd46c58222980c0af45ea3ec48eb46008654 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 18 Apr 2024 23:33:47 +0200
Subject: [PATCH 076/336] dokcer: cache webp images files in nginx

---
 docker/nginx/vichan.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/nginx/vichan.conf b/docker/nginx/vichan.conf
index b5b49deb..35f6bc08 100644
--- a/docker/nginx/vichan.conf
+++ b/docker/nginx/vichan.conf
@@ -20,7 +20,7 @@ server {
 
 	# Expire rules for static content
 	# Media: images, icons, video, audio, HTC
-	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
+	location ~* \.(?:jpg|jpeg|gif|png|webp|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
 		expires 1M;
 		access_log off;
 		log_not_found off;

From 2836ace5512af354af713ce88a65968fa37d1f93 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 18 Apr 2024 23:44:09 +0200
Subject: [PATCH 077/336] readme: add basic docker documentation in the README

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index b1794df9..2c7001be 100644
--- a/README.md
+++ b/README.md
@@ -119,6 +119,11 @@ WebM support
 ------------
 Read `inc/lib/webm/README.md` for information about enabling webm.
 
+Docker
+------------
+Vichan comes with a Dockerfile and docker-compose configuration, the latter aimed primarily at development and testing.
+See the `docker/doc.md` file for more information.
+
 vichan API
 ----------
 vichan provides by default a 4chan-compatible JSON API. For documentation on this, see:

From 85471e007e644f216ca6334d597f3135a97bd418 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 19 Apr 2024 12:03:49 -0700
Subject: [PATCH 078/336] vichan likes to error on the ban appeals page if this
 isn't set this way

---
 inc/display.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/inc/display.php b/inc/display.php
index 1d74424f..8a863648 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -351,13 +351,20 @@ class Post {
 		if (isset($this->files) && $this->files) {
 			$this->files = is_string($this->files) ? json_decode($this->files) : $this->files;
 			// Compatibility for posts before individual file hashing
-			foreach ($this->files as $i => &$file) {
+						foreach ($this->files as $i => &$file) {
 				if (empty($file)) {
 					unset($this->files[$i]);
 					continue;
 				}
-				if (!isset($file->hash))
-					$file->hash = $this->filehash;
+				if (is_array($file)) {
+					if (!isset($file['hash'])) {
+						$file['hash'] = $this->filehash;
+					}
+				} else if (is_object($file)) {
+					if (!isset($file->hash)) {
+						$file->hash = $this->filehash;
+					}
+				}
 			}
 		}
 		

From 4bb0f40cd1cc544350b6d85787554607ad5cd85d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 24 Apr 2024 17:00:55 +0200
Subject: [PATCH 079/336] index.html: trim

---
 templates/index.html | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/templates/index.html b/templates/index.html
index 118ddbcc..e0fad639 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -18,10 +18,10 @@
 </head>
 <body class="8chan vichan {% if mod %}is-moderator{% else %}is-not-moderator{% endif %} active-{% if not no_post_form %}index{% else %}ukko{% endif %}" data-stylesheet="{% if config.default_stylesheet.1 != '' %}{{ config.default_stylesheet.1 }}{% else %}default{% endif %}">
 	{{ boardlist.top }}
-	
+
 	{% if pm %}<div class="top_notice">You have <a href="?/PM/{{ pm.id }}">an unread PM</a>{% if pm.waiting > 0 %}, plus {{ pm.waiting }} more waiting{% endif %}.</div><hr />{% endif %}
 	{% if config.url_banner %}<img class="board_image" src="{{ config.url_banner }}" {% if config.banner_width or config.banner_height %}style="{% if config.banner_width %}width:{{ config.banner_width }}px{% endif %};{% if config.banner_width %}height:{{ config.banner_height }}px{% endif %}" {% endif %}alt="" />{% endif %}
-	
+
 	<header>
 		<h1>{{ board.url }} - {{ board.title|e }}</h1>
 		<div class="subtitle">
@@ -54,7 +54,7 @@
 			{{ btn.next }}
 		</div>
 	{% endif %}
-	
+
 	{% if config.global_message %}<hr /><div class="blotter">{{ config.global_message }}</div>{% endif %}
 	<hr />
 	{% if config.board_search %}
@@ -74,7 +74,7 @@
 	{{ body }}
 	{% include 'report_delete.html' %}
 	</form>
-	
+
 	<div class="pages">
 		{{ btn.prev }} {% for page in pages %}
 		 [<a {% if page.selected %}class="selected"{% endif %}{% if not page.selected %}href="{{ page.link }}"{% endif %}>{{ page.num }}</a>]{% if loop.last %} {% endif %}
@@ -83,7 +83,7 @@
 			 | <a href="{{ config.root }}{% if mod %}{{ config.file_mod }}?/{% endif %}{{ board.dir }}{{ config.catalog_link }}">{% trans %}Catalog{% endtrans %}</a>
 		{% endif %}
 	</div>
-	
+
 	{{ boardlist.bottom }}
 
 	{{ config.ad.bottom }}
@@ -92,6 +92,6 @@
 	<script type="text/javascript">{% verbatim %}
 		ready();
 	{% endverbatim %}</script>
-	
+
 </body>
 </html>

From 735180cf542a755c9c6e39297aba36751b23f289 Mon Sep 17 00:00:00 2001
From: discomrade <nice@try.fbi>
Date: Fri, 12 Nov 2021 04:50:47 -0100
Subject: [PATCH 080/336] Improve social media cards

---
 templates/index.html                    | 12 ++++++++++++
 templates/themes/categories/frames.html |  9 ++++++++-
 templates/thread.html                   |  3 +++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/templates/index.html b/templates/index.html
index e0fad639..685dc0a9 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -14,6 +14,18 @@
         </script>
 
 	{% include 'header.html' %}
+
+	{% set meta_subject %}{% if config.thread_subject_in_title and thread.subject %}{{ thread.subject|e }}{% else %}{{ thread.body_nomarkup|remove_modifiers[:256]|e }}{% endif %}{% endset %}
+
+	<meta name="description" content="{{ meta_subject }}" />
+	<meta name="twitter:card" value="summary">
+	<meta name="twitter:title" content="{{ board.url }} - {{ board.title|e }}" />
+	<meta name="twitter:description" content="{{ meta_subject }}" />
+	<meta name="twitter:image" content="{{ config.domain }}/{{ config.logo }}" />
+	<meta property="og:title" content="{{ board.url }} - {{ board.title|e }}" />
+	<meta property="og:type" content="article" />
+	<meta property="og:image" content="{{ config.domain }}/{{ config.logo }}" />
+	<meta property="og:description" content="{{ meta_subject }}" />
 	<title>{{ board.url }} - {{ board.title|e }}</title>
 </head>
 <body class="8chan vichan {% if mod %}is-moderator{% else %}is-not-moderator{% endif %} active-{% if not no_post_form %}index{% else %}ukko{% endif %}" data-stylesheet="{% if config.default_stylesheet.1 != '' %}{{ config.default_stylesheet.1 }}{% else %}default{% endif %}">
diff --git a/templates/themes/categories/frames.html b/templates/themes/categories/frames.html
index 48066bcd..291ca59f 100644
--- a/templates/themes/categories/frames.html
+++ b/templates/themes/categories/frames.html
@@ -1,7 +1,14 @@
 <!doctype html>
 <html>
 <head>
-        <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
+	<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
+	<meta name="twitter:card" value="summary">
+	<meta name="twitter:title" content="{{ settings.title }}" />
+	<meta name="twitter:image" content="{{ config.domain }}/{{ config.logo }}" />
+	<meta property="og:title" content="{{ settings.title }}" />
+	<meta property="og:type" content="article" />
+	<meta property="og:url" content="{{ config.domain }}" />
+	<meta property="og:image" content="{{ config.domain }}/{{ config.logo }}" />
 	<link rel="stylesheet" media="screen" href="{{ config.url_stylesheet }}">
 	<style type="text/css">
 		iframe{border:none;margin:0;padding:0;height:99%;position:absolute}
diff --git a/templates/thread.html b/templates/thread.html
index 89eda7b0..4e8fbcec 100644
--- a/templates/thread.html
+++ b/templates/thread.html
@@ -15,6 +15,9 @@
 
 	<meta name="description" content="{{ board.url }} - {{ board.title|e }} - {{ meta_subject }}" />
 	<meta name="twitter:card" value="summary">
+	<meta name="twitter:title" content="{{ meta_subject }}" />
+	<meta name="twitter:description" content="{{ thread.body_nomarkup|e }}" />
+	{% if thread.files.0.thumb %}<meta name="twitter:image" content="{{ config.domain }}/{{ board.uri }}/{{ config.dir.thumb }}{{ thread.files.0.thumb }}" />{% endif %}
 	<meta property="og:title" content="{{ meta_subject }}" />
 	<meta property="og:type" content="article" />
 	<meta property="og:url" content="{{ config.domain }}/{{ board.uri }}/{{ config.dir.res }}{{ thread.id }}.html" />

From ebbb5fce53927c313b9c0184bd04acdb5ade30b4 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 26 Apr 2024 14:01:32 +0200
Subject: [PATCH 081/336] Move twig template cache

---
 inc/cache.php    | 28 ----------------------------
 inc/template.php | 28 +++++++++++++++++++++++++++-
 2 files changed, 27 insertions(+), 29 deletions(-)

diff --git a/inc/cache.php b/inc/cache.php
index 0979138b..c4053610 100644
--- a/inc/cache.php
+++ b/inc/cache.php
@@ -165,31 +165,3 @@ class Cache {
 		return false;
 	}
 }
-
-class Twig_Cache_TinyboardFilesystem extends Twig\Cache\FilesystemCache
-{
-	private $directory;
-	private $options;
-
-	/**
-	 * {@inheritdoc}
-	 */
-	public function __construct($directory, $options = 0)
-	{
-		parent::__construct($directory, $options);
-
-		$this->directory = $directory;
-	}
-
-	/**
-	 * This function was removed in Twig 2.x due to developer views on the Twig library. Who says we can't keep it for ourselves though?
-	 */
-	public function clear()
-	{
-		foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($this->directory), RecursiveIteratorIterator::LEAVES_ONLY) as $file) {
-			if ($file->isFile()) {
-				@unlink($file->getPathname());
-			}
-		}
-	}
-}
\ No newline at end of file
diff --git a/inc/template.php b/inc/template.php
index 26ba6cc0..19c0d8b8 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -18,7 +18,7 @@ function load_twig() {
 	$twig = new Twig\Environment($loader, array(
 		'autoescape' => false,
 		'cache' => is_writable('templates/') || (is_dir($cache_dir) && is_writable($cache_dir)) ?
-			new Twig_Cache_TinyboardFilesystem($cache_dir) : false,
+			new TinyboardTwigCache($cache_dir) : false,
 		'debug' => $config['debug'],
 		'auto_reload' => $config['twig_auto_reload']
 	));
@@ -73,6 +73,32 @@ function Element($templateFile, array $options) {
 	}
 }
 
+class TinyboardTwigCache extends Twig\Cache\FilesystemCache {
+	private string $directory;
+
+	public function __construct(string $directory) {
+		parent::__construct($directory);
+		$this->directory = $directory;
+	}
+
+	/**
+	 * This function was removed in Twig 2.x due to developer views on the Twig library.
+	 * Who says we can't keep it for ourselves though?
+	 */
+	public function clear() {
+		$iter = new RecursiveIteratorIterator(
+			new RecursiveDirectoryIterator($this->directory),
+			RecursiveIteratorIterator::LEAVES_ONLY
+		);
+
+		foreach ($iter as $file) {
+			if ($file->isFile()) {
+				@unlink($file->getPathname());
+			}
+		}
+	}
+}
+
 class Tinyboard extends Twig\Extension\AbstractExtension
 {
 	/**

From af06d84094505c192e55a24d74e579e2a339af54 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sat, 27 Apr 2024 19:35:33 +0200
Subject: [PATCH 082/336] style.css: limit user options panel width on mobile

---
 stylesheets/style.css | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/stylesheets/style.css b/stylesheets/style.css
index 6d1d1829..6991c84c 100644
--- a/stylesheets/style.css
+++ b/stylesheets/style.css
@@ -906,7 +906,8 @@ pre {
   display: block;
   width: 100%;
   height: 100%;
-  margin-top: 0px;
+  max-width: 620px;
+  margin: auto;
 }
 
 .mentioned {

From 4674f44327fe400df39418ce85b750e65f0090a8 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Mon, 29 Apr 2024 15:18:54 -0700
Subject: [PATCH 083/336] soyjak upstream for api changes

---
 inc/api.php | 69 ++++++++++++++++++++++++++++-------------------------
 1 file changed, 36 insertions(+), 33 deletions(-)

diff --git a/inc/api.php b/inc/api.php
index 0dd479ac..bdf20319 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -16,39 +16,42 @@ class Api {
 		 */
 		$this->config = $config;
 
-		$this->postFields = array(
-			'id' => 'no',
-			'thread' => 'resto',
-			'subject' => 'sub',
-			'body' => 'com',
-			'email' => 'email',
-			'name' => 'name',
-			'trip' => 'trip',
-			'capcode' => 'capcode',
-			'time' => 'time',
-			'omitted' => 'omitted_posts',
-			'omitted_images' => 'omitted_images',
-			'replies' => 'replies',
-			'images' => 'images',
-			'sticky' => 'sticky',
-			'locked' => 'locked',
-			'cycle' => 'cyclical',
-			'bump' => 'last_modified',
-			'embed' => 'embed',
-		);
-
-		$this->threadsPageFields = array(
-			'id' => 'no',
-			'bump' => 'last_modified'
-		);
-
-		$this->fileFields = array(
-			'thumbheight' => 'tn_h',
-			'thumbwidth' => 'tn_w',
-			'height' => 'h',
-			'width' => 'w',
-			'size' => 'fsize',
-		);
+		        $this->postFields = array(
+		            'id' => 'no',
+		            'thread' => 'resto',
+		            'subject' => 'sub',
+		            'body' => 'com',
+		            'body_nomarkup' => '___body_nomarkup',
+		            'email' => 'email',
+		            'name' => 'name',
+		            'trip' => 'trip',
+		            'capcode' => 'capcode',
+		            'time' => 'time',
+		            'omitted' => 'omitted_posts',
+		            'omitted_images' => 'omitted_images',
+		            'replies' => 'replies',
+		            'images' => 'images',
+		            'sticky' => 'sticky',
+		            'locked' => 'locked',
+		            'cycle' => 'cyclical',
+		            'bump' => 'last_modified',
+		            'embed' => 'embed',
+		        );
+		
+		        $this->threadsPageFields = array(
+		            'id' => 'no',
+		            'bump' => 'last_modified'
+		        );
+		
+		        $this->fileFields = array(
+		            'thumbheight' => 'tn_h',
+		            'thumbwidth' => 'tn_w',
+		            'height' => 'h',
+		            'width' => 'w',
+		            'size' => 'fsize',
+		            'thumb' => 'thumb',
+		            'filename' => 'filename',
+		        );
 
 		if (isset($config['api']['extra_fields']) && gettype($config['api']['extra_fields']) == 'array'){
 			$this->postFields = array_merge($this->postFields, $config['api']['extra_fields']);

From 6cd11d546fd7e5401e51f7c55fe3754edc7a3175 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Mon, 29 Apr 2024 15:20:17 -0700
Subject: [PATCH 084/336] undid to do a pr for it

---
 inc/api.php | 69 +++++++++++++++++++++++++----------------------------
 1 file changed, 33 insertions(+), 36 deletions(-)

diff --git a/inc/api.php b/inc/api.php
index bdf20319..0dd479ac 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -16,42 +16,39 @@ class Api {
 		 */
 		$this->config = $config;
 
-		        $this->postFields = array(
-		            'id' => 'no',
-		            'thread' => 'resto',
-		            'subject' => 'sub',
-		            'body' => 'com',
-		            'body_nomarkup' => '___body_nomarkup',
-		            'email' => 'email',
-		            'name' => 'name',
-		            'trip' => 'trip',
-		            'capcode' => 'capcode',
-		            'time' => 'time',
-		            'omitted' => 'omitted_posts',
-		            'omitted_images' => 'omitted_images',
-		            'replies' => 'replies',
-		            'images' => 'images',
-		            'sticky' => 'sticky',
-		            'locked' => 'locked',
-		            'cycle' => 'cyclical',
-		            'bump' => 'last_modified',
-		            'embed' => 'embed',
-		        );
-		
-		        $this->threadsPageFields = array(
-		            'id' => 'no',
-		            'bump' => 'last_modified'
-		        );
-		
-		        $this->fileFields = array(
-		            'thumbheight' => 'tn_h',
-		            'thumbwidth' => 'tn_w',
-		            'height' => 'h',
-		            'width' => 'w',
-		            'size' => 'fsize',
-		            'thumb' => 'thumb',
-		            'filename' => 'filename',
-		        );
+		$this->postFields = array(
+			'id' => 'no',
+			'thread' => 'resto',
+			'subject' => 'sub',
+			'body' => 'com',
+			'email' => 'email',
+			'name' => 'name',
+			'trip' => 'trip',
+			'capcode' => 'capcode',
+			'time' => 'time',
+			'omitted' => 'omitted_posts',
+			'omitted_images' => 'omitted_images',
+			'replies' => 'replies',
+			'images' => 'images',
+			'sticky' => 'sticky',
+			'locked' => 'locked',
+			'cycle' => 'cyclical',
+			'bump' => 'last_modified',
+			'embed' => 'embed',
+		);
+
+		$this->threadsPageFields = array(
+			'id' => 'no',
+			'bump' => 'last_modified'
+		);
+
+		$this->fileFields = array(
+			'thumbheight' => 'tn_h',
+			'thumbwidth' => 'tn_w',
+			'height' => 'h',
+			'width' => 'w',
+			'size' => 'fsize',
+		);
 
 		if (isset($config['api']['extra_fields']) && gettype($config['api']['extra_fields']) == 'array'){
 			$this->postFields = array_merge($this->postFields, $config['api']['extra_fields']);

From 39ce0e7dfc8082ec2a544cdc35ba30508a3735eb Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 11:34:53 +0200
Subject: [PATCH 085/336] auth.php: trim

---
 inc/mod/auth.php | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 493149c8..43297173 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -9,14 +9,14 @@ defined('TINYBOARD') or exit;
 // create a hash/salt pair for validate logins
 function mkhash($username, $password, $salt = false) {
 	global $config;
-	
+
 	if (!$salt) {
 		// create some sort of salt for the hash
 		$salt = substr(base64_encode(sha1(rand() . time(), true) . $config['cookies']['salt']), 0, 15);
-		
+
 		$generated_salt = true;
 	}
-	
+
 	// generate hash (method is not important as long as it's strong)
 	$hash = substr(
 		base64_encode(
@@ -30,7 +30,7 @@ function mkhash($username, $password, $salt = false) {
 			)
 		), 0, 20
 	);
-	
+
 	if (isset($generated_salt))
 		return array($hash, $salt);
 	else
@@ -81,11 +81,11 @@ function generate_salt() {
 
 function login($username, $password) {
 	global $mod, $config;
-	
+
 	$query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username");
 	$query->bindValue(':username', $username);
 	$query->execute() or error(db_error($query));
-	
+
 	if ($user = $query->fetch(PDO::FETCH_ASSOC)) {
 		list($version, $ok) = test_password($user['password'], $user['version'], $password);
 
@@ -109,7 +109,7 @@ function login($username, $password) {
 			);
 		}
 	}
-	
+
 	return false;
 }
 
@@ -117,10 +117,10 @@ function setCookies() {
 	global $mod, $config;
 	if (!$mod)
 		error('setCookies() was called for a non-moderator!');
-	
+
 	setcookie($config['cookies']['mod'],
 			$mod['username'] . // username
-			':' . 
+			':' .
 			$mod['hash'][0] . // password
 			':' .
 			$mod['hash'][1], // salt
@@ -147,36 +147,36 @@ function modLog($action, $_board=null) {
 	else
 		$query->bindValue(':board', null, PDO::PARAM_NULL);
 	$query->execute() or error(db_error($query));
-	
+
 	if ($config['syslog'])
 		_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
 }
 
 function create_pm_header() {
 	global $mod, $config;
-	
+
 	if ($config['cache']['enabled'] && ($header = cache::get('pm_unread_' . $mod['id'])) != false) {
 		if ($header === true)
 			return false;
-	
+
 		return $header;
 	}
-	
+
 	$query = prepare("SELECT `id` FROM ``pms`` WHERE `to` = :id AND `unread` = 1");
 	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
 	$query->execute() or error(db_error($query));
-	
+
 	if ($pm = $query->fetch(PDO::FETCH_ASSOC))
 		$header = array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1);
 	else
 		$header = true;
-	
+
 	if ($config['cache']['enabled'])
 		cache::set('pm_unread_' . $mod['id'], $header);
-	
+
 	if ($header === true)
 		return false;
-	
+
 	return $header;
 }
 
@@ -197,12 +197,12 @@ function check_login($prompt = false) {
 			if ($prompt) mod_login();
 			exit;
 		}
-		
+
 		$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
 		$query->bindValue(':username', $cookie[0]);
 		$query->execute() or error(db_error($query));
 		$user = $query->fetch(PDO::FETCH_ASSOC);
-		
+
 		// validate password hash
 		if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
 			// Malformed cookies
@@ -210,7 +210,7 @@ function check_login($prompt = false) {
 			if ($prompt) mod_login();
 			exit;
 		}
-		
+
 		$mod = array(
 			'id' => (int)$user['id'],
 			'type' => (int)$user['type'],

From b7eed34b832e70f45cdfa211e9601d177f5b0248 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 12:32:40 +0200
Subject: [PATCH 086/336] functions: split off time formatting functions

---
 inc/bans.php             |  3 ++-
 inc/functions.php        | 36 ------------------------------------
 inc/functions/format.php | 28 ++++++++++++++++++++++++++++
 inc/mod/pages.php        |  4 +++-
 inc/template.php         |  4 ++--
 post.php                 |  5 +++--
 6 files changed, 38 insertions(+), 42 deletions(-)
 create mode 100644 inc/functions/format.php

diff --git a/inc/bans.php b/inc/bans.php
index 8ea3b921..126d38b8 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -1,5 +1,6 @@
 <?php
 
+use Vichan\Functions\Format;
 use Lifo\IP\CIDR;
 
 class Bans {
@@ -371,7 +372,7 @@ class Bans {
 		$query->execute() or error(db_error($query));
 		if (isset($mod['id']) && $mod['id'] == $mod_id) {
 			modLog('Created a new ' .
-				($length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', until($length)) : 'permanent') .
+				($length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', Format\until($length)) : 'permanent') .
 				' ban on ' .
 				($ban_board ? '/' . $ban_board . '/' : 'all boards') .
 				' for ' .
diff --git a/inc/functions.php b/inc/functions.php
index 71231203..c18ca57e 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -797,42 +797,6 @@ function listBoards($just_uri = false) {
 	return $boards;
 }
 
-function until($timestamp) {
-	$difference = $timestamp - time();
-	switch(TRUE){
-	case ($difference < 60):
-		return $difference . ' ' . ngettext('second', 'seconds', $difference);
-	case ($difference < 3600): //60*60 = 3600
-		return ($num = round($difference/(60))) . ' ' . ngettext('minute', 'minutes', $num);
-	case ($difference < 86400): //60*60*24 = 86400
-		return ($num = round($difference/(3600))) . ' ' . ngettext('hour', 'hours', $num);
-	case ($difference < 604800): //60*60*24*7 = 604800
-		return ($num = round($difference/(86400))) . ' ' . ngettext('day', 'days', $num);
-	case ($difference < 31536000): //60*60*24*365 = 31536000
-		return ($num = round($difference/(604800))) . ' ' . ngettext('week', 'weeks', $num);
-	default:
-		return ($num = round($difference/(31536000))) . ' ' . ngettext('year', 'years', $num);
-	}
-}
-
-function ago($timestamp) {
-	$difference = time() - $timestamp;
-	switch(TRUE){
-	case ($difference < 60) :
-		return $difference . ' ' . ngettext('second', 'seconds', $difference);
-	case ($difference < 3600): //60*60 = 3600
-		return ($num = round($difference/(60))) . ' ' . ngettext('minute', 'minutes', $num);
-	case ($difference <  86400): //60*60*24 = 86400
-		return ($num = round($difference/(3600))) . ' ' . ngettext('hour', 'hours', $num);
-	case ($difference < 604800): //60*60*24*7 = 604800
-		return ($num = round($difference/(86400))) . ' ' . ngettext('day', 'days', $num);
-	case ($difference < 31536000): //60*60*24*365 = 31536000
-		return ($num = round($difference/(604800))) . ' ' . ngettext('week', 'weeks', $num);
-	default:
-		return ($num = round($difference/(31536000))) . ' ' . ngettext('year', 'years', $num);
-	}
-}
-
 function displayBan($ban) {
 	global $config, $board;
 
diff --git a/inc/functions/format.php b/inc/functions/format.php
new file mode 100644
index 00000000..79a71021
--- /dev/null
+++ b/inc/functions/format.php
@@ -0,0 +1,28 @@
+<?php
+namespace Vichan\Functions\Format;
+
+
+function format_timestamp(int $delta): string {
+	switch (true) {
+		case $delta < 60:
+			return $delta . ' ' . ngettext('second', 'seconds', $delta);
+		case $delta < 3600: //60*60 = 3600
+			return ($num = round($delta/ 60)) . ' ' . ngettext('minute', 'minutes', $num);
+		case $delta < 86400: //60*60*24 = 86400
+			return ($num = round($delta / 3600)) . ' ' . ngettext('hour', 'hours', $num);
+		case $delta < 604800: //60*60*24*7 = 604800
+			return ($num = round($delta / 86400)) . ' ' . ngettext('day', 'days', $num);
+		case $delta < 31536000: //60*60*24*365 = 31536000
+			return ($num = round($delta / 604800)) . ' ' . ngettext('week', 'weeks', $num);
+		default:
+			return ($num = round($delta / 31536000)) . ' ' . ngettext('year', 'years', $num);
+	}
+}
+
+function until(int $timestamp): string {
+	return format_timestamp($timestamp - time());
+}
+
+function ago(int $timestamp): string {
+	return format_timestamp(time() - $timestamp);
+}
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 1e803424..c3aa7110 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -3,9 +3,11 @@
 /*
  *  Copyright (c) 2010-2013 Tinyboard Development Group
  */
+use Vichan\Functions\Format;
 
 defined('TINYBOARD') or exit;
 
+
 function mod_page($title, $template, $args, $subtitle = false) {
 	global $config, $mod;
 
@@ -1553,7 +1555,7 @@ function mod_ban_post($board, $delete, $post, $token = false) {
 
 		if (isset($_POST['public_message'], $_POST['message'])) {
 			// public ban message
-			$length_english = Bans::parse_time($_POST['length']) ? 'for ' . until(Bans::parse_time($_POST['length'])) : 'permanently';
+			$length_english = Bans::parse_time($_POST['length']) ? 'for ' . Format\until(Bans::parse_time($_POST['length'])) : 'permanently';
 			$_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']);
 			$_POST['message'] = str_replace('%length%', $length_english, $_POST['message']);
 			$_POST['message'] = str_replace('%LENGTH%', strtoupper($length_english), $_POST['message']);
diff --git a/inc/template.php b/inc/template.php
index 19c0d8b8..e6549d07 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -121,8 +121,8 @@ class Tinyboard extends Twig\Extension\AbstractExtension
 			new Twig\TwigFilter('date', 'twig_date_filter'),
 			new Twig\TwigFilter('poster_id', 'poster_id'),
 			new Twig\TwigFilter('count', 'count'),
-			new Twig\TwigFilter('ago', 'ago'),
-			new Twig\TwigFilter('until', 'until'),
+			new Twig\TwigFilter('ago', 'Vichan\Functions\Format\ago'),
+			new Twig\TwigFilter('until', 'Vichan\Functions\Format\until'),
 			new Twig\TwigFilter('push', 'twig_push_filter'),
 			new Twig\TwigFilter('bidi_cleanup', 'bidi_cleanup'),
 			new Twig\TwigFilter('addslashes', 'addslashes'),
diff --git a/post.php b/post.php
index 22bc67fa..e3f0682d 100644
--- a/post.php
+++ b/post.php
@@ -8,6 +8,7 @@ require_once 'inc/bootstrap.php';
 use Vichan\{Context, WebDependencyFactory};
 use Vichan\Driver\{HttpDriver, Log};
 use Vichan\Service\{RemoteCaptchaQuery, NativeCaptchaQuery};
+use Vichan\Functions\Format;
 
 /**
  * Utility functions
@@ -394,14 +395,14 @@ if (isset($_POST['delete'])) {
 			}
 
 			if ($post['time'] < time() - $config['max_delete_time'] && $config['max_delete_time'] != false) {
-				error(sprintf($config['error']['delete_too_late'], until($post['time'] + $config['max_delete_time'])));
+				error(sprintf($config['error']['delete_too_late'], Format\until($post['time'] + $config['max_delete_time'])));
 			}
 
 			if ($password != '' && $post['password'] != $password && (!$thread || $thread['password'] != $password))
 				error($config['error']['invalidpassword']);
 
 			if ($post['time'] > time() - $config['delete_time'] && (!$thread || $thread['password'] != $password)) {
-				error(sprintf($config['error']['delete_too_soon'], until($post['time'] + $config['delete_time'])));
+				error(sprintf($config['error']['delete_too_soon'], Format\until($post['time'] + $config['delete_time'])));
 			}
 
 			$ip = $_SERVER['REMOTE_ADDR'];

From 687e8e078a6c72b79465ccf28ae2498d067f60e9 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 12:34:39 +0200
Subject: [PATCH 087/336] Add format.php to autoload

---
 composer.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/composer.json b/composer.json
index b06ff6a1..0075d879 100644
--- a/composer.json
+++ b/composer.json
@@ -33,6 +33,7 @@
             "inc/lock.php",
             "inc/queue.php",
             "inc/functions.php",
+            "inc/functions/format.php",
             "inc/driver/http-driver.php",
             "inc/driver/log-driver.php",
             "inc/service/captcha-queries.php"

From 7041cd13df0efcecd4223a11f5b83e67ffd36098 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 12:46:26 +0200
Subject: [PATCH 088/336] functions: split off numeric functions

---
 inc/functions/num.php | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 inc/functions/num.php

diff --git a/inc/functions/num.php b/inc/functions/num.php
new file mode 100644
index 00000000..678312f3
--- /dev/null
+++ b/inc/functions/num.php
@@ -0,0 +1,33 @@
+<?php
+namespace Vichan\Functions\Num;
+
+// Highest common factor
+function hcf($a, $b){
+	$gcd = 1;
+
+	if ($a > $b) {
+		$a = $a+$b;
+		$b = $a-$b;
+		$a = $a-$b;
+	}
+	if ($b == (round($b / $a)) * $a) {
+		$gcd = $a;
+	} else {
+		for ($i = round($a / 2); $i; $i--) {
+			if ($a == round($a / $i) * $i && $b == round($b / $i) * $i) {
+				$gcd = $i;
+				$i = false;
+			}
+		}
+	}
+
+	return $gcd;
+}
+
+function fraction($numerator, $denominator, $sep) {
+	$gcf = hcf($numerator, $denominator);
+	$numerator = $numerator / $gcf;
+	$denominator = $denominator / $gcf;
+
+	return "{$numerator}{$sep}{$denominator}";
+}

From f6960b8b3a920ae3260981301e51ef47f6eec60a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 12:46:44 +0200
Subject: [PATCH 089/336] functions.php: format and trim

---
 inc/functions.php | 130 ++++++++++++++--------------------------------
 1 file changed, 40 insertions(+), 90 deletions(-)

diff --git a/inc/functions.php b/inc/functions.php
index c18ca57e..1d98f9cf 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -21,9 +21,7 @@ loadConfig();
 
 function init_locale($locale, $error='error') {
 	if (extension_loaded('gettext')) {
-		if (setlocale(LC_ALL, $locale) === false) {
-			//$error('The specified locale (' . $locale . ') does not exist on your platform!');
-		}
+		setlocale(LC_ALL, $locale);
 		bindtextdomain('tinyboard', './inc/locale');
 		bind_textdomain_codeset('tinyboard', 'UTF-8');
 		textdomain('tinyboard');
@@ -55,8 +53,9 @@ function loadConfig() {
 
 
 	if (isset($config['cache_config']) &&
-	    $config['cache_config'] &&
-            $config = Cache::get('config_' . $boardsuffix ) ) {
+		$config['cache_config'] &&
+		$config = Cache::get('config_' . $boardsuffix))
+	{
 		$events = Cache::get('events_' . $boardsuffix );
 
 		define_groups();
@@ -66,11 +65,10 @@ function loadConfig() {
 		}
 
 		if ($config['locale'] != $current_locale) {
-                	$current_locale = $config['locale'];
-                	init_locale($config['locale'], $error);
-        	}
-	}
-	else {
+					$current_locale = $config['locale'];
+					init_locale($config['locale'], $error);
+			}
+	} else {
 		$config = array();
 
 		reset_events();
@@ -180,8 +178,8 @@ function loadConfig() {
 							'(' .
 								str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) . '|' .
 								str_replace('%d', '\d+', preg_quote($config['file_page50'], '/')) . '|' .
-	                                                        str_replace(array('%d', '%s'), array('\d+', '[a-z0-9-]+'), preg_quote($config['file_page_slug'], '/')) . '|' .
-	                                                        str_replace(array('%d', '%s'), array('\d+', '[a-z0-9-]+'), preg_quote($config['file_page50_slug'], '/')) .
+								str_replace(array('%d', '%s'), array('\d+', '[a-z0-9-]+'), preg_quote($config['file_page_slug'], '/')) . '|' .
+								str_replace(array('%d', '%s'), array('\d+', '[a-z0-9-]+'), preg_quote($config['file_page50_slug'], '/')) .
 							')' .
 						'|' .
 							preg_quote($config['file_mod'], '/') . '\?\/.+' .
@@ -242,12 +240,13 @@ function loadConfig() {
 			$__version = file_exists('.installed') ? trim(file_get_contents('.installed')) : false;
 		$config['version'] = $__version;
 
-		if ($config['allow_roll'])
+		if ($config['allow_roll']) {
 			event_handler('post', 'diceRoller');
+		}
 
-		if (in_array('webm', $config['allowed_ext_files']) ||
-        	    in_array('mp4',  $config['allowed_ext_files']))
+		if (in_array('webm', $config['allowed_ext_files']) || in_array('mp4',  $config['allowed_ext_files'])) {
 			event_handler('post', 'postHandler');
+		}
 	}
 	// Effectful config processing below:
 
@@ -280,8 +279,7 @@ function loadConfig() {
 	if ($config['cache']['enabled'])
 		require_once 'inc/cache.php';
 
-	if (in_array('webm', $config['allowed_ext_files']) ||
-            in_array('mp4',  $config['allowed_ext_files']))
+	if (in_array('webm', $config['allowed_ext_files']) || in_array('mp4',  $config['allowed_ext_files']))
 		require_once 'inc/lib/webm/posthandler.php';
 
 	event('load-config');
@@ -517,12 +515,11 @@ function mb_substr_replace($string, $replacement, $start, $length) {
 function setupBoard($array) {
 	global $board, $config;
 
-	$board = array(
+	$board = [
 		'uri' => $array['uri'],
 		'title' => $array['title'],
 		'subtitle' => $array['subtitle'],
-		#'indexed' => $array['indexed'],
-	);
+	];
 
 	// older versions
 	$board['name'] = &$board['title'];
@@ -720,8 +717,8 @@ function file_unlink($path) {
 
 	$ret = @unlink($path);
 
-        if ($config['gzip_static']) {
-                $gzpath = "$path.gz";
+		if ($config['gzip_static']) {
+				$gzpath = "$path.gz";
 
 		@unlink($gzpath);
 	}
@@ -1231,25 +1228,25 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) {
 	$query->bindValue(':board', $board['uri']);
 	$query->execute() or error(db_error($query));
 
-        // No need to run on OPs
-        if ($config['anti_bump_flood'] && isset($thread_id)) {
-                $query = prepare(sprintf("SELECT `sage` FROM ``posts_%s`` WHERE `id` = :thread", $board['uri']));
-                $query->bindValue(':thread', $thread_id);
-                $query->execute() or error(db_error($query));
-                $bumplocked = (bool)$query->fetchColumn();
+	// No need to run on OPs
+	if ($config['anti_bump_flood'] && isset($thread_id)) {
+		$query = prepare(sprintf("SELECT `sage` FROM ``posts_%s`` WHERE `id` = :thread", $board['uri']));
+		$query->bindValue(':thread', $thread_id);
+		$query->execute() or error(db_error($query));
+		$bumplocked = (bool)$query->fetchColumn();
 
-                if (!$bumplocked) {
-                        $query = prepare(sprintf("SELECT `time` FROM ``posts_%s`` WHERE (`thread` = :thread AND NOT email <=> 'sage') OR `id` = :thread ORDER BY `time` DESC LIMIT 1", $board['uri']));
-                        $query->bindValue(':thread', $thread_id);
-                        $query->execute() or error(db_error($query));
-                        $bump = $query->fetchColumn();
+		if (!$bumplocked) {
+			$query = prepare(sprintf("SELECT `time` FROM ``posts_%s`` WHERE (`thread` = :thread AND NOT email <=> 'sage') OR `id` = :thread ORDER BY `time` DESC LIMIT 1", $board['uri']));
+			$query->bindValue(':thread', $thread_id);
+			$query->execute() or error(db_error($query));
+			$bump = $query->fetchColumn();
 
-                        $query = prepare(sprintf("UPDATE ``posts_%s`` SET `bump` = :bump WHERE `id` = :thread", $board['uri']));
-                        $query->bindValue(':bump', $bump);
-                        $query->bindValue(':thread', $thread_id);
-                        $query->execute() or error(db_error($query));
-                }
-        }
+			$query = prepare(sprintf("UPDATE ``posts_%s`` SET `bump` = :bump WHERE `id` = :thread", $board['uri']));
+			$query->bindValue(':bump', $bump);
+			$query->bindValue(':thread', $thread_id);
+			$query->execute() or error(db_error($query));
+		}
+	}
 
 	if (isset($rebuild) && $rebuild_after) {
 		buildThread($rebuild);
@@ -2536,35 +2533,6 @@ function generate_tripcode($name) {
 	return array($name, $trip);
 }
 
-// Highest common factor
-function hcf($a, $b){
-	$gcd = 1;
-	if ($a>$b) {
-		$a = $a+$b;
-		$b = $a-$b;
-		$a = $a-$b;
-	}
-	if ($b==(round($b/$a))*$a)
-		$gcd=$a;
-	else {
-		for ($i=round($a/2);$i;$i--) {
-			if ($a == round($a/$i)*$i && $b == round($b/$i)*$i) {
-				$gcd = $i;
-				$i = false;
-			}
-		}
-	}
-	return $gcd;
-}
-
-function fraction($numerator, $denominator, $sep) {
-	$gcf = hcf($numerator, $denominator);
-	$numerator = $numerator / $gcf;
-	$denominator = $denominator / $gcf;
-
-	return "{$numerator}{$sep}{$denominator}";
-}
-
 function getPostByHash($hash) {
 	global $board;
 	$query = prepare(sprintf("SELECT `id`,`thread` FROM ``posts_%s`` WHERE `filehash` = :hash", $board['uri']));
@@ -2799,10 +2767,10 @@ function link_for($post, $page50 = false, $foreignlink = false, $thread = false)
 
 			if ($slug === false) {
 				$query = prepare(sprintf("SELECT `slug` FROM ``posts_%s`` WHERE `id` = :id", $b['uri']));
-		                $query->bindValue(':id', $id, PDO::PARAM_INT);
-        		        $query->execute() or error(db_error($query));
+				$query->bindValue(':id', $id, PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
 
-		                $thread = $query->fetch(PDO::FETCH_ASSOC);
+				$thread = $query->fetch(PDO::FETCH_ASSOC);
 
 				$slug = $thread['slug'];
 
@@ -2818,7 +2786,7 @@ function link_for($post, $page50 = false, $foreignlink = false, $thread = false)
 	}
 
 
-	     if ( $page50 &&  $slug)  $tpl = $config['file_page50_slug'];
+		 if ( $page50 &&  $slug)  $tpl = $config['file_page50_slug'];
 	else if (!$page50 &&  $slug)  $tpl = $config['file_page_slug'];
 	else if ( $page50 && !$slug)  $tpl = $config['file_page50'];
 	else if (!$page50 && !$slug)  $tpl = $config['file_page'];
@@ -2830,24 +2798,6 @@ function prettify_textarea($s){
 	return str_replace("\t", '&#09;', str_replace("\n", '&#13;&#10;', htmlentities($s)));
 }
 
-/*class HTMLPurifier_URIFilter_NoExternalImages extends HTMLPurifier_URIFilter {
-	public $name = 'NoExternalImages';
-	public function filter(&$uri, $c, $context) {
-		global $config;
-		$ct = $context->get('CurrentToken');
-
-		if (!$ct || $ct->name !== 'img') return true;
-
-		if (!isset($uri->host) && !isset($uri->scheme)) return true;
-
-		if (!in_array($uri->scheme . '://' . $uri->host . '/', $config['allowed_offsite_urls'])) {
-			error('No off-site links in board announcement images.');
-		}
-
-		return true;
-	}
-}*/
-
 function purify_html($s) {
 	global $config;
 

From 5bb1202def16d3f005ee069294dc21e8c5bb2d78 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 12:48:02 +0200
Subject: [PATCH 090/336] Add num.php to autoloader

---
 composer.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/composer.json b/composer.json
index 0075d879..a61b6ce7 100644
--- a/composer.json
+++ b/composer.json
@@ -33,6 +33,7 @@
             "inc/lock.php",
             "inc/queue.php",
             "inc/functions.php",
+            "inc/functions/num.php",
             "inc/functions/format.php",
             "inc/driver/http-driver.php",
             "inc/driver/log-driver.php",

From 5a378dd605ff82e42c1af57abd94954329187dfe Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Mon, 29 Apr 2024 16:46:51 +0200
Subject: [PATCH 091/336] config.php: reduce default login cookie expire
 timeout

---
 inc/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/config.php b/inc/config.php
index c34eb034..03e6044e 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -186,7 +186,7 @@
 
 	// How long should the cookies last (in seconds). Defines how long should moderators should remain logged
 	// in (0 = browser session).
-	$config['cookies']['expire'] = 60 * 60 * 24 * 30 * 6; // ~6 months
+	$config['cookies']['expire'] = 60 * 60 * 24 * 7; // 1 week.
 
 	// Make this something long and random for security.
 	$config['cookies']['salt'] = 'abcdefghijklmnopqrstuvwxyz09123456789!@#$%^&*()';

From abdf82e1c89563fc3de55a201b3507da41f297df Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 11:41:19 +0200
Subject: [PATCH 092/336] auth.php: remove obsolete code

---
 inc/mod/auth.php | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 43297173..3b62559e 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -37,12 +37,6 @@ function mkhash($username, $password, $salt = false) {
 		return $hash;
 }
 
-function crypt_password_old($password) {
-	$salt = generate_salt();
-	$password = hash('sha256', $salt . sha1($password));
-	return array($salt, $password);
-}
-
 function crypt_password($password) {
 	global $config;
 	// `salt` database field is reused as a version value. We don't want it to be 0.
@@ -69,13 +63,6 @@ function test_password($password, $salt, $test) {
 }
 
 function generate_salt() {
-	// mcrypt_create_iv() was deprecated in PHP 7.1.0, only use it if we're below that version number.
-	if (PHP_VERSION_ID < 70100) {
-		// 128 bits of entropy
-		return strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
-	}
-
-	// Otherwise, use random_bytes()
 	return strtr(base64_encode(random_bytes(16)), '+', '.');
 }
 

From 9db8444c3cfea34a6eb8d8ffa64d2777373a749f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Mon, 29 Apr 2024 16:46:03 +0200
Subject: [PATCH 093/336] auth.php: use secured names and directives for mod
 cookies

---
 inc/mod/auth.php | 80 ++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 68 insertions(+), 12 deletions(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 3b62559e..d9073b50 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -66,6 +66,18 @@ function generate_salt() {
 	return strtr(base64_encode(random_bytes(16)), '+', '.');
 }
 
+function calc_cookie_name($is_https, $is_path_jailed, $base_name) {
+	if ($is_https) {
+		if ($is_path_jailed) {
+			return "__Host-$base_name";
+		} else {
+			return "__Secure-$base_name";
+		}
+	} else {
+		return $base_name;
+	}
+}
+
 function login($username, $password) {
 	global $mod, $config;
 
@@ -102,22 +114,62 @@ function login($username, $password) {
 
 function setCookies() {
 	global $mod, $config;
-	if (!$mod)
+	if (!$mod) {
 		error('setCookies() was called for a non-moderator!');
+	}
 
-	setcookie($config['cookies']['mod'],
-			$mod['username'] . // username
-			':' .
-			$mod['hash'][0] . // password
-			':' .
-			$mod['hash'][1], // salt
-		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', $config['cookies']['httponly']);
+	$is_https = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
+	$is_path_jailed = $config['cookies']['jail'];
+	$name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
+
+	// <username>:<password>:<salt>
+	$value = "{$mod['username']}:{$mod['hash'][0]}:{$mod['hash'][1]}";
+
+	$options = [
+		'expires' => time() + $config['cookies']['expire'],
+		'path' => $is_path_jailed ? $config['cookies']['path'] : '/',
+		'secure' => $is_https,
+		'httponly' => $config['cookies']['httponly'],
+		'samesite' => 'Strict'
+	];
+
+	setcookie($name, $value, $options);
 }
 
 function destroyCookies() {
 	global $config;
-	// Delete the cookies
-	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+	$base_name = $config['cookies']['mod'];
+	$del_time = time() - 60 * 60 * 24 * 365; // 1 year.
+	$jailed_path = $config['cookies']['jail'] ? $config['cookies']['path'] : '/';
+	$http_only = $config['cookies']['httponly'];
+
+	$options_multi = [
+		$base_name => [
+			'expires' => $del_time,
+			'path' => $jailed_path ,
+			'secure' => false,
+			'httponly' => $http_only,
+			'samesite' => 'Strict'
+		],
+		"__Host-$base_name" => [
+			'expires' => $del_time,
+			'path' => $jailed_path,
+			'secure' => true,
+			'httponly' => $http_only,
+			'samesite' => 'Strict'
+		],
+		"__Secure-$base_name" => [
+			'expires' => $del_time,
+			'path' => '/',
+			'secure' => true,
+			'httponly' => $http_only,
+			'samesite' => 'Strict'
+		]
+	];
+
+	foreach ($options_multi as $name => $options) {
+		setcookie($name, 'deleted', $options);
+	}
 }
 
 function modLog($action, $_board=null) {
@@ -174,10 +226,14 @@ function make_secure_link_token($uri) {
 
 function check_login($prompt = false) {
 	global $config, $mod;
+	$is_https = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
+	$is_path_jailed = $config['cookies']['jail'];
+	$expected_cookie_name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
+
 	// Validate session
-	if (isset($_COOKIE[$config['cookies']['mod']])) {
+	if (isset($expected_cookie_name)) {
 		// Should be username:hash:salt
-		$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
+		$cookie = explode(':', $_COOKIE[$expected_cookie_name]);
 		if (count($cookie) != 3) {
 			// Malformed cookies
 			destroyCookies();

From 0c51d46cdf5bc84ccdb9b95543985511d98234b7 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 15:58:42 +0200
Subject: [PATCH 094/336] auth.php: check if the cookie is set before deletion

---
 inc/mod/auth.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index d9073b50..4cc20df5 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -168,7 +168,10 @@ function destroyCookies() {
 	];
 
 	foreach ($options_multi as $name => $options) {
-		setcookie($name, 'deleted', $options);
+		if (isset($_COOKIE[$name])) {
+			setcookie($name, 'deleted', $options);
+			unset($_COOKIE[$name]);
+		}
 	}
 }
 

From da4842eb7b9e7c78d14fdd2731d59855a4ec2a81 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 11:31:06 +0200
Subject: [PATCH 095/336] auth.php: disallow unencrypted logins by default

---
 composer.json         |  1 +
 inc/config.php        |  5 +++++
 inc/functions/net.php | 10 ++++++++++
 inc/mod/auth.php      |  7 +++++--
 inc/mod/pages.php     |  9 +++++++--
 5 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 inc/functions/net.php

diff --git a/composer.json b/composer.json
index b06ff6a1..e5b73d9b 100644
--- a/composer.json
+++ b/composer.json
@@ -33,6 +33,7 @@
             "inc/lock.php",
             "inc/queue.php",
             "inc/functions.php",
+            "inc/functions/net.php",
             "inc/driver/http-driver.php",
             "inc/driver/log-driver.php",
             "inc/service/captcha-queries.php"
diff --git a/inc/config.php b/inc/config.php
index 03e6044e..2b271ee2 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -194,6 +194,10 @@
 	// Whether or not you can access the mod cookie in JavaScript. Most users should not need to change this.
 	$config['cookies']['httponly'] = true;
 
+	// Do not allow logins via unencrypted HTTP. Should only be changed in testing environments or if you connect to a
+	// load-balancer without encryption.
+	$config['cookies']['secure_login_only'] = true;
+
 	// Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).
 	$config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';
 
@@ -1252,6 +1256,7 @@
 	// Moderator errors
 	$config['error']['toomanyunban']	= _('You are only allowed to unban %s users at a time. You tried to unban %u users.');
 	$config['error']['invalid']		= _('Invalid username and/or password.');
+	$config['error']['insecure']		= _('Login on insecure connections is disabled.');
 	$config['error']['notamod']		= _('You are not a mod…');
 	$config['error']['invalidafter']	= _('Invalid username and/or password. Your user may have been deleted or changed.');
 	$config['error']['malformed']		= _('Invalid/malformed cookies.');
diff --git a/inc/functions/net.php b/inc/functions/net.php
new file mode 100644
index 00000000..ab08c3cb
--- /dev/null
+++ b/inc/functions/net.php
@@ -0,0 +1,10 @@
+<?php
+namespace Vichan\Functions\Net;
+
+
+/**
+ * @return bool Returns if the client-server connection is an encrypted one (HTTPS).
+ */
+function is_connection_secure(): bool {
+	return !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
+}
diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 4cc20df5..e299fdb5 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -4,6 +4,8 @@
  *  Copyright (c) 2010-2013 Tinyboard Development Group
  */
 
+use Vichan\Functions\Net;
+
 defined('TINYBOARD') or exit;
 
 // create a hash/salt pair for validate logins
@@ -118,7 +120,7 @@ function setCookies() {
 		error('setCookies() was called for a non-moderator!');
 	}
 
-	$is_https = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
+	$is_https = Net\is_connection_secure();
 	$is_path_jailed = $config['cookies']['jail'];
 	$name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
 
@@ -229,7 +231,8 @@ function make_secure_link_token($uri) {
 
 function check_login($prompt = false) {
 	global $config, $mod;
-	$is_https = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
+
+	$is_https = Net\is_connection_secure();
 	$is_path_jailed = $config['cookies']['jail'];
 	$expected_cookie_name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
 
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 1e803424..fc81531e 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -4,8 +4,11 @@
  *  Copyright (c) 2010-2013 Tinyboard Development Group
  */
 
+use Vichan\Functions\Net;
+
 defined('TINYBOARD') or exit;
 
+
 function mod_page($title, $template, $args, $subtitle = false) {
 	global $config, $mod;
 
@@ -29,9 +32,11 @@ function mod_page($title, $template, $args, $subtitle = false) {
 function mod_login($redirect = false) {
 	global $config;
 
-	$args = array();
+	$args = [];
 
-	if (isset($_POST['login'])) {
+	if ($config['cookies']['secure_login_only'] && !Net\is_connection_secure()) {
+		$args['error'] = $config['error']['insecure'];
+	} elseif (isset($_POST['login'])) {
 		// Check if inputs are set and not empty
 		if (!isset($_POST['username'], $_POST['password']) || $_POST['username'] == '' || $_POST['password'] == '') {
 			$args['error'] = $config['error']['invalid'];

From 1b6d6f38f1d4fcd5071d21e0907404b10cba67c0 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Tue, 30 Apr 2024 19:34:26 +0200
Subject: [PATCH 096/336] auth.php: add typing

---
 inc/mod/auth.php | 65 +++++++++++++++++++++++++-----------------------
 1 file changed, 34 insertions(+), 31 deletions(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index e299fdb5..c96a0487 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -9,7 +9,7 @@ use Vichan\Functions\Net;
 defined('TINYBOARD') or exit;
 
 // create a hash/salt pair for validate logins
-function mkhash($username, $password, $salt = false) {
+function mkhash(string $username, string $password, bool $salt = false): array|string {
 	global $config;
 
 	if (!$salt) {
@@ -33,42 +33,40 @@ function mkhash($username, $password, $salt = false) {
 		), 0, 20
 	);
 
-	if (isset($generated_salt))
-		return array($hash, $salt);
-	else
+	if (isset($generated_salt)) {
+		return [ $hash, $salt ];
+	} else {
 		return $hash;
+	}
 }
 
-function crypt_password($password) {
+function crypt_password(string $password): array {
 	global $config;
 	// `salt` database field is reused as a version value. We don't want it to be 0.
 	$version = $config['password_crypt_version'] ? $config['password_crypt_version'] : 1;
 	$new_salt = generate_salt();
 	$password = crypt($password, $config['password_crypt'] . $new_salt . "$");
-	return array($version, $password);
+	return [ $version, $password ];
 }
 
-function test_password($password, $salt, $test) {
-	global $config;
-
+function test_password(string $password, string $salt, string $test): array {
 	// Version = 0 denotes an old password hashing schema. In the same column, the
 	// password hash was kept previously
-	$version = (strlen($salt) <= 8) ? (int) $salt : 0;
+	$version = strlen($salt) <= 8 ? (int)$salt : 0;
 
 	if ($version == 0) {
 		$comp = hash('sha256', $salt . sha1($test));
-	}
-	else {
+	} else {
 		$comp = crypt($test, $password);
 	}
-	return array($version, hash_equals($password, $comp));
+	return [ $version, hash_equals($password, $comp) ];
 }
 
-function generate_salt() {
+function generate_salt(): string {
 	return strtr(base64_encode(random_bytes(16)), '+', '.');
 }
 
-function calc_cookie_name($is_https, $is_path_jailed, $base_name) {
+function calc_cookie_name(bool $is_https, bool $is_path_jailed, string $base_name): string {
 	if ($is_https) {
 		if ($is_path_jailed) {
 			return "__Host-$base_name";
@@ -80,7 +78,7 @@ function calc_cookie_name($is_https, $is_path_jailed, $base_name) {
 	}
 }
 
-function login($username, $password) {
+function login(string $username, string $password): array|false {
 	global $mod, $config;
 
 	$query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username");
@@ -101,20 +99,20 @@ function login($username, $password) {
 				$query->execute() or error(db_error($query));
 			}
 
-			return $mod = array(
+			return $mod = [
 				'id' => $user['id'],
 				'type' => $user['type'],
 				'username' => $username,
 				'hash' => mkhash($username, $user['password']),
 				'boards' => explode(',', $user['boards'])
-			);
+			];
 		}
 	}
 
 	return false;
 }
 
-function setCookies() {
+function setCookies(): void {
 	global $mod, $config;
 	if (!$mod) {
 		error('setCookies() was called for a non-moderator!');
@@ -138,7 +136,7 @@ function setCookies() {
 	setcookie($name, $value, $options);
 }
 
-function destroyCookies() {
+function destroyCookies(): void {
 	global $config;
 	$base_name = $config['cookies']['mod'];
 	$del_time = time() - 60 * 60 * 24 * 365; // 1 year.
@@ -177,7 +175,7 @@ function destroyCookies() {
 	}
 }
 
-function modLog($action, $_board=null) {
+function modLog(string $action, ?string $_board = null): void {
 	global $mod, $board, $config;
 	$query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)");
 	$query->bindValue(':id', (isset($mod['id']) ? $mod['id'] : -1), PDO::PARAM_INT);
@@ -192,16 +190,18 @@ function modLog($action, $_board=null) {
 		$query->bindValue(':board', null, PDO::PARAM_NULL);
 	$query->execute() or error(db_error($query));
 
-	if ($config['syslog'])
+	if ($config['syslog']) {
 		_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
+	}
 }
 
-function create_pm_header() {
+function create_pm_header(): mixed {
 	global $mod, $config;
 
 	if ($config['cache']['enabled'] && ($header = cache::get('pm_unread_' . $mod['id'])) != false) {
-		if ($header === true)
+		if ($header === true) {
 			return false;
+		}
 
 		return $header;
 	}
@@ -210,26 +210,29 @@ function create_pm_header() {
 	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
 	$query->execute() or error(db_error($query));
 
-	if ($pm = $query->fetch(PDO::FETCH_ASSOC))
-		$header = array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1);
-	else
+	if ($pm = $query->fetch(PDO::FETCH_ASSOC)) {
+		$header = [ 'id' => $pm['id'], 'waiting' => $query->rowCount() - 1 ];
+	} else {
 		$header = true;
+	}
 
-	if ($config['cache']['enabled'])
+	if ($config['cache']['enabled']) {
 		cache::set('pm_unread_' . $mod['id'], $header);
+	}
 
-	if ($header === true)
+	if ($header === true) {
 		return false;
+	}
 
 	return $header;
 }
 
-function make_secure_link_token($uri) {
+function make_secure_link_token(string $uri): string {
 	global $mod, $config;
 	return substr(sha1($config['cookies']['salt'] . '-' . $uri . '-' . $mod['id']), 0, 8);
 }
 
-function check_login($prompt = false) {
+function check_login(bool $prompt = false): void {
 	global $config, $mod;
 
 	$is_https = Net\is_connection_secure();

From a7658fe3c2aed04966f6d891729e0a842561d68b Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 3 May 2024 15:54:09 -0700
Subject: [PATCH 097/336] allow tripcodes to be disabled

---
 inc/config.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/inc/config.php b/inc/config.php
index 2b271ee2..d75f0e48 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -628,6 +628,9 @@
 	// Example: Custom secure tripcode.
 	// $config['custom_tripcode']['##securetrip'] = '!!somethingelse';
 
+	//Disable tripcodes. This will make it so all new posts will act as if no tripcode exists.
+	$config['disable_tripcodes'] = false;
+
 	// Allow users to mark their image as a "spoiler" when posting. The thumbnail will be replaced with a
 	// static spoiler image instead (see $config['spoiler_image']).
 	$config['spoiler_images'] = false;

From 82881fe512b98283f2af2e3b97860fd1b1932d95 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Wed, 8 May 2024 18:34:35 -0700
Subject: [PATCH 098/336] disabling tripcodes

---
 post.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/post.php b/post.php
index e3f0682d..aba6c6be 100644
--- a/post.php
+++ b/post.php
@@ -850,7 +850,12 @@ if (isset($_POST['delete'])) {
 
 	$trip = generate_tripcode($post['name']);
 	$post['name'] = $trip[0];
-	$post['trip'] = isset($trip[1]) ? $trip[1] : ''; // XX: Dropped posts and tripcodes
+	if ($config['disable_tripcodes'] = true && !$mod) {
+		$post['trip'] = '';
+	}
+	else {
+		$post['trip'] = isset($trip[1]) ? $trip[1] : ''; // XX: Dropped posts and tripcodes
+	}
 
 	$noko = false;
 	if (strtolower($post['email']) == 'noko') {

From b1bdb1222ae198148f4d43720fd759be6ea92b2d Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Wed, 8 May 2024 18:53:29 -0700
Subject: [PATCH 099/336] Add files via upload

---
 static/banners/defaultbanner.png | Bin 15367 -> 3903 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/static/banners/defaultbanner.png b/static/banners/defaultbanner.png
index 8773c82bcb8654b317471bc900928061b4e5b678..44fee96256509af627456c6672f40d63d1bf1dcf 100644
GIT binary patch
literal 3903
zcmbtV_ct4i*Ebp>f;2*@mDDaJMo}|jJgC~WYVXn7HHtowL@2eXQKe=*cI{bWwX|w)
z8qrp1Y--ec{qX${-gEA`=iVRgx$E<}_l1$cKTM#TASx;<CS4s(6Dlfd@hjT}NOPs@
zopUm&s95N9HPy{R=Qk{*%GQm!n=+?dq&dKHt_@iNx?rayB(hfeQ92mUv7x0mD2{aK
zrK1K>jfC4DO?EA`%Ky`Rv=vB+nAnXZUFMQbj!wT`Le4L0mY0_yZ1GxSN;(42qA`y6
zenM}7gI<Y=rfrq^WlLUHEqfrrLsk#`dU*9|+^=OsF(O0n^jwvNe8e_F)Uf=|Z09sc
z@n^ujp5q8rUNkQ{ahn-YyX3<_Yg03m)R{5z3xKncXkOUN)+czipG4#hyCFnjpqO6c
z+Zhs>j47oPp3>P3mg1q)F4B$xS!##=6;pAVx7_NjYG&R|toM@Pp+af8w^A?yX@f`&
zWnTJyIK!~p#ClM<+3lK{c)cDnlC4MhzO_VVG@9su3{}qih^U;QSORW@CusA-MxH<2
z*sN!=Cw--0Vjxu~5kSCOa^gq+Y)2%ANQT~!QI$D@92akCl4@PWo1kqLZ-lbAu2D0i
z;cI-GV<(?bJLVCgSODqybsxPq*u5F7#*BzY!Ts8oW@{2VBb&&S1@dvhjPdd3pLKp`
zxK`4(!ZHI67kt(4Q8@R)X7HnA8;P06avJuDADyer8HHdVWABsmi$BjgEyaTrc}|l4
zQkcvu*wp%+{NGIwXBrnaoxlTb_39<%0GuK9Zf}@szIWsNDMZyCx{K=P|3dLVax8XG
z)ApP>j)0Kc0PN1C_#5$Ygdz$=6NRBt#{^-RlZ~LzH*dMl)CeiYzJC*9c$MJw3tM00
zWa>#4q@($<^{ooljjawNZYkQFgX(5@Q+YWEi!xhmdLk9KJ@nK5@qh+eM7PXh$8KMF
z;!#*$+NuJx9pZthot!SzWX0rmWq<$6yzdIDCoPfw(2K!h&m3MSbOZm^LNW2Djf&z_
z<Wns1jeOjx7IiY!Zzs~x{q$%SP6D}0jA%>Y4tBMQ8}?W;08Z`LmF*s|!}+!)oN}&>
z6!(?Y2HRRZqw`uhv3lhXo!2)>OP1oWpk9{$vu1WQ#XuMGO_-V0tC-aEWHBB^b_nAB
z7%1Q`l~}k|&C0H|o9iI3hR)dzL8s|98I<w9`TaqWxSW_qx{nUhk=Vpoj>6}@rU)Pr
zR0t6Ac+impIA+`hkfRl$K~VR+^~`Cj&etT<>jTdPg|2N9vmpBbA=&I=VFXoHHy+hL
zKNg8#c(S!Tkz7hq%!H~X<CpJ8lDgVW|Jzur6UQ#Nlx{h~oB$*HeUwquzpXS1Nl6=J
zL;)3s=ri~2vxn^Tg(7+GdSY^NAFz!XB^g!bSh$C$uNctWiB0`9=oL1jB&k-76Ii$Z
z;HyhWG&0-}aUw1AEp$8g<n=w$6)(igZH`!UM4lVm6p)3ssdWDgnA;2v@BH?xQzEXg
zT=zm1!R91;GjfYnHQ&(9Lv~hxi4J!X@x0S+{SLo(0oSzj^}={uc!ZA}*A_l+dedYF
z9F|wlJ_3#HGMqg~!7K{fh_i1jlLdXGx#17nw`z2+Qi<t$eEI?)G<EA-LGC4<4wo|O
zfaG9cqT?^P;u-WNxXJKSW4o>w<JbDQ-j)?kYk<Z+a(A4Ct7n5w7~;h5XtMkOb>tkT
zQuUCaNnCXd*oLONdS2D<<-x)58kae?&alpM=??WG(~T%u<I&zO9#(P1lY*gOFRl~+
z89#*|Ijpz>*5>*-@%`>Gru8tsKcyN3yi6~kv;0<{Q7D<+imEW%FZM2jGoDL%1auuF
zdH{D79XHK9-Yr8AeYDY=VSJ7gjvC|Hy8@MAOMFHTmhu^5EYpxCE#!%M6FeHEqGJ`;
zHz}w9+xE#b5T1W-z!kuO<=>CcEh5^Pjxb)u_GFI*_S}?$Wrnpc?VaJJ$q;X-Hb_1h
zaj{kfdzKvI&uW?pe^JD?*mr+&>Em~Gz+W6^=3xZD(VAoY>q~ye1dcdwQ+Rif;sd2V
zU%NIMa9;(DjYVa`bss;@6)lnCQCxb7j-f3!cz1s{cFn7?P=_Dtb;82Z6V#m??8eRD
z-DlK&{#^J!k+=qpv*2Vtxz)Oi(+^{;dIj`LtU~1y>W}Wz2C3$Ao+Z0CFGRKr!%Atd
zMpUG0$xom$qV@aC<r#DQhDG$+#afVJu~htWnzwLDcb0;73(+<9MnN)~#pKm3!KVx}
z??)GR?)xjuG^k(EJ?5(#Y<*#K^@DpC$s$eV&Lvqri}|Xb15n((0$~E$Aa&ro{~qG2
zjw(0voZ)gfe>9hJFB*?#RJqz<(4=6lhBTj#0DCv(&)?x*BZFt(VvsyYfm}`rjxNRD
ze{;X@W<|uxWa9coesKIfSG5($w+Vcg;zv8Pdkbd0rvBNaxJbgdHJ%MXSUj_vZnr9H
zv61*Q)ZuDXcQF9ceAwUkD^g^FT4O%@xq3eSu9Jw*U@{`;s+<k`Hw~<G)^;AA??hhW
zyJp`xQ(rw!jQYj&#H=xM6dsO%BXoc|Kqw6qi^u#wT<69>CWE>&n*-mlrY8&klZ3`6
z3*WYt{<PWs?#O$iKeFL7<r^F*7Tv15RXTC6bz@lUOZc0e9lMR6$BUK~LhLa11AiZZ
z`FF(@UNUS}OlYm>=xD|W?dEga>rAM)!52tX`7R`1y=Hjk@j=&RZHvd3#!9SyMe$FV
zOL(c0T4KAua)fX-^4DZO=gE509WX18$p@R4$^o*ExtgTpg!Q6oxl=6K7-`oZ_gzSX
zdtx^rcD2<@FIAmwCXap`;cOpK1P+3|jzzW<-}+2-VpM!D+v^M_(fLw?VJ|@VpV$Z)
z<>Mv$SY<PU`th9;+ZUJ}&0~WXxvtOCz$-`<wWqBlm%so*TN81?7%qOJLC)dT;dD$(
zlfjn+v0iw`^~lm=c#y$)6mc(D<!{4v<JUAdKK(oh@d5F-+F*=Yqq|I0yB<Vf<FjX7
zA^3KzMcmY3ppW#Y5<z*(RBimrAj&7hrQ!EqU%l;@=_DZQi!>T1J7BH382#<wF0tLp
zxo;XX$0HlRE#tE@ixNd4w{I)Kb2nA=E9FEbiF6D=n_d2p;4*}AbH>F)3ngU8y|s+(
zxoP}l?**qFRnziOfLHRX{Bo3s;kD*prsMakB6Xh?Q63B>(A&#i>iZ(ISu<Im<ivD`
zwXsKnj?PnRtN5V#y)Jj@(IOAQgsB(|Ij!Y2d5*X`y`Fl=DD9ZU!??gK2sS2KT{v-e
zUF12q-FkjZPnROe%9{%!C74pu|MIXV_!`*%5}G$@SDOCwdFQ|&q;Y!oH0SIUA7?kK
z?a0bD$Be@qU`{zS)tzrktBep%5>_>ZHwe#j)x9E-M$!#0539*`&9d~Za=p55e$Vkm
z_{en7u`%>~^p}6y94;L5d#2Ffw>fYMkxut{k-Np{jC*U^jw|AJM3O_|(`|w`;F$cv
z$Y-}zN;_ESuH@Y0I#yj_zH`5K*1JU&OqZ6T17Whjt@WhU{h)tuArL?#6B&x!;@@H#
z1l2mnn?*s&E9*6$?p~~(zGSx@by#ei^i5qX#;>mLw1ct&Aazd$)U*Qi&j%RZJ63OY
zr_0kJG}=B9(^O7x&T$^e{xi|qVJzozk~Pp8;vVI9B7jp9>RcwOrK+uU956FK)Y?9L
z>k7gLYsYBF?=up{9=bU2kbN0|<QQ;(r{FPI#uPGC&@vfPXvqb(_Ipf)kT)m147{h3
z&@Si&jq8v+jIOK?8_Dk{xf#>i<a~ZenJQyd{zkg?zT+gYBSs7|&q>_<4&;)CSnHL?
zn5qzMZXh4=+Kjad*2-K@!~7fDmfS9NBTOO&;zuk3GS_|-Esn5w^dv&h4q7oSk$Bhl
zV{X#d7bp=LiWChxt1@NIQGxW1|4^Fmu(<z8RQ+F>pZr5Mnk&zf+;UC#2mR_DdyDFN
zPwcv7ZY3b{X<`mZU6g9BZm!r=AprW6-~5?hI0PPLk5DKZL3L{|qst_T+~jF$_Zg?4
zphu%7V}RsZ&i|x%OuF_$)1SSkmh1Jd)q<?Fc%Lm|xd&wOs*lZSPu&JY+u`1AGpNre
z+MXDCwWma6b-^4@hjrBG1yCJ09sUUS3Vvrm?M^9YvJm?hTVln_ViCJO600qXQ%w#Q
z@+|3Npd*$0_#e27knz8nZvFI#4U`?UuyI<*Gw6L8u7E2+A3O~DVfE`4v!5iaNcB$*
z$|DJXG$fh2|EYFO91FQ?npz~9|5+7^GrH0D4|r5oLNY0FFSK%00a#Eo`-2q^dTcj-
z`*OXFdXJljt6^_wp`*vfAZA(EI{-$7I?bLKiDkIjj3ALgQ{}xVFr}mxC{XRHL0LCr
zQJ-1CBvZ_+5cPbF!{*Q6*J%9LQqr#7<jgMHKWh#;M3N@}bBtBNV0+KOntLzUKtVjf
zB}_XDyAa4pdT&DZ;_z*W^103|JGni;19tu9F%1ZRsJB5MH!A2l<$}WY4n$nDz=*9S
z{Mrq<F4fG0_xs_%MuF1S8vExkM3vC=STL|?9ss*F-uxwC!eAf9Gh0!n<by!)3pL4=
zO87_T7P3ri*Q=9^TbmCxi!u6JJ?@;QDyLF0&IVT?)~)?FD26w`f^*Vsd1Q|ll&Eaz
z!Hoygg^7hhOy25@o1c!13Qi2G@T~N*mkjT7mM{?xomJHURH8R%WZ1^st}s&idd&S^
zC&7!29}cs)3v(F6LhyU?WBpZ0f#1hz5eIo^ElK{{Lw_irO4mN@?(2k%x9zY=?%u)e
z7_AAdN*?kU<~j1FrmYH~#0s?yBZpj$@HhLTB<?6YcDRP$xLcsdsx8jtri8PA(c|H>
z4WF_CD}mag=?~YVAbGP@S%DC-(w$$h(Z{uFVI2}i4XO^+1DbQUO;pXJAX^QgfU+-y
z3QudT?i-Mspx3p7b3JTka5FrklE}mj*FFW5peqkTDt1HArSN$MPOwBTHf32oIi2=*
zGE~!(I_@*%Fxev8IpV#Hw&-a7aZ&0eFLo)E^WRH@FVSkRb5FbK?t}1gu&b+XQmhkY
nlyVDz*7~1|D$_|Ryrfl{c;^~gfr-BQ?^L>42Ab7q2kid=oP<Tb

literal 15367
zcmeIZbyQqU^Da8LyZfLC1ew8If)g~jCc`keySr;}2n2#VfndSiEkFqF?vP+15Y8m;
zr|Wmly7yc6p8r19&};ARs;8=-uCCp?dnQU<RUQYE5)%Lb;3z7{yaWIc*x}b^=&0~g
z6al9T03h@5*3xr*3Go0rIy;zK*}{OXUXCyz%+tyo0PtL_dTZs(B#;#LILNw-KA*k?
zz>Qc~ejP8dhQ-2KR>+^+l2y;flAK9^ezWHwwY~Lt(|PlQuEV<GfVClk-w?|;Ro~n|
zlzijJrt@)7ef4qegITWpMZ%;+mG5ebC);<PfCu53J+D14+QG@Q?=DHV4|iuseiD%}
z@>fj~l~-Q=j~724gkDp2((cy<Q+G~KPwe63BJEu2Pg(3->uY2cJZ?<K`%M^$tHrJT
zN?q2h;JEI2WDZ+h+P+Z8b3OE`|7>H`fmZ$s<-u$7=gnC<%hwdqLF!wHy~~D?$^cfb
zoP@K-hmEj}2j;zrN7lKf^B|p%$U4FjPwtG$qksHdyw@oRxVZA*eCC*R<b840a{c`~
z+48;U9g0B1F9LoEW2%$yN%w<|;qZE{+=Q#2l4}7&5_@W$65ns-obPsi+~P!@Q9e|!
z+~hc|#q6@_SbfR&<2?LHxF+9bUlD!QO1UOhkM;$ZcHiflSP$kvvnq(i?z`uJ%$WoG
zMIVX7<xPn!G>X~l@LqX1CuQvkn#$W@lc&UfgIV4=KeiE=j{DVz4=gw?#7=zGESy5W
zhZ1>NMN_kP0DlT}=63$<@!@*`E>COdXfQQaRInhSpZ0%Phg||!)ijO_*U!#gb$*#s
zMmsXx?MA7t$^9UGOc{Wr>reI03$nAPn+%o6MN(%_HP**=(J{3I&&}&;sFj68WuxL4
zu#4>^@zX>$6!$V{4mVFx7l*if&!JsQFMivR6Rz#z<vbqeMB{2XRr!+b_5c=`r|rVg
z&@<E?FMMR(Z1v6HNaeE4`?P3o)%$GgpzcGWJcV2R)F8P_Wu|#}$B~)pUWQ9`zap8u
zNt@3_aD)4zSGuvsl3#*YZaem^Uaj?b3r<#}s_+lcddWNgflLc8*Z14~6#{4CzIQE>
zC%cCB?I+iJ@giq;2a6?D0e8R9jAL@Ei<&gOA&&=?lh?oeBA*JE9a7M|V4gl#o!ckx
z(wQXRf0-m)l9MN|EUUu)v0Ug$In=erQ~7Ejchyh$M!o-0X)Q;5wWH{<-X+1{MnL3d
zuj4^`E?%o=HQp~SFPf5jMpv%-dy1CYYQtr+dy!n;B2CMsD%gWcjeiMRTxU0U3{jyX
zTzOaLv$#~9+w8X|Qp%3ia0vCBA6v!zzPQ+ON}9vX>RJ&(8rtT~)~)(si9U4Q0-}B2
z6=IQ@?xlL@GqLTKk?A?E;y^<$LEJa98O%7k;g;IsTHNs2vz4_;w!nRK;jmHN{-Z+Y
z_tzV8ibgLbJ`P$egYB(FQ>Wc*jO3O89CPmyikufO{VggQkf=Br$XaLTa%wpVZsW$S
zwp@<(o4f>tXmW6q<+}In77IN_eL#-8LYMnK-dluane4&VosFDblg5*k?#GqAKhm8P
z*mNzLaBz7sF1F<=22b2ajH?O=cXCn;Iz_aVIxSJ(1Q4DJB_GV=xFRu?N14Sgb%mtA
zs2b3z3W8uUrjHYtw!?~eCzN;@Z4YlgkBm9Wu%UcrIEnqbXpn}me$Y<*b#9mPM!6#W
zXfv>4QnBjBdQaxaq{_t#>P(<DO?@-tB33c3G^HnRbV<ScQB+41ff88nB&bcjD`vP(
z$ncFUCzDXVlkpUhTP;|7^AJ$ml%ncDf>}f1>u~wzM>`J>Gd_B+^?ct**oxqTe!bhm
z#Q?9Yh12YLF4gfEnYUJa@}496*UEA)ak0X8FY_(}i@0AQnO0b(FSKE_1XA$wL|O1$
zF!NqEuM2^h(#q;_e3!nlKF85|f9I4MT(lB_sh26$yW4cKd~E&;^N?(vb>$-F;g)SD
zTq#rUE#4bE=<%CHfHhFCGD0?iK_z}qxvg`syKTE{m(kB~t`ntp$^*d<%VgL-^U85`
ze*f*UY(R8TT9AJNnc$EG7gn70xj$756to$OHP=Bg<ZfW%maEB4C?d~R<CjOP28kk-
zdh%VL91+*TO5nYq=ZnqtxRDc_VP?`9&dw&JCV<Q*5{a=G74g>AkPrlNyh!7ZWm)qz
zr8FO2U1}EMWg2B*;fhz~QjAa3=%B8$t@h`izX?l3uCqBG*fwPcx^dTQORg>hP5e~&
z<eNllLo~|Pzlme2DV7?xs~ulA`Y@5=@X?c4Ig?xg9O}(yTeeuIHvHXAzm(~ys>^J@
zw4%Dt<pw|7T%AS^O)2JCd*8f%Cpfjro8Bq;of^*^F?tt263j>;%dinxYxueuEtm&2
zyEd;8%dzTNh8b@1U}IT0G`!T12{TZTDt01MQwOsY2I>`Ba@n`v_+hux*ur+M1?9Mo
zJHQEPj$w!41H4A%>c761Xi^9`6OA)Dp*pP_4Q#zDuE%E6d~4;~)O_R^!IGUiUyQBp
z!aH=$Agv>mg^C&f6gn3*^^tmZ<1poI;?A2etee*<;1s#FiBvZF<aoW$N$8_{FgGx2
zS%J)xJFD#m*Nn^>o)^&T3Lf-lxDqwm+HHudbslI-+C-D0mDrc1J)EnQ(*6`VXl3iV
z=prGTkzY($E<f{bk>k9~VF#F8<0@zR;I@#3M4{vv(0PwAifVOmD0gXpLAu8pHuNDe
z!9aKVmCc2>{2VdvfCYO<kgBXL%4(>04ddisfrdT;I|g8ULpg*-1Jx>tc&SJcsgON{
zNcP2!B!fqKCym$d9m{D@V@^p(-59##yRSdv4g){=0DQbLsCUJm3nZ;5Nv2sN(eq{l
zo6FRDyVW->Z0SHg**IH$VehoGZ^N5<)F9~m10quLp7DTignfUiwTf8MkS$lL0$Ddg
z6X)Q!Jqi|xe%YA9-RI9fU%fvfPXIpOiY*m5M?sdEn6m!HDUoshhTha6(0@SkL^0_8
ztEy8){&^ny%fShQ6?_I0B*M&k<hGbbO?4FDU^L4}DCclA`-v7X=W+eXFDTDMv$!P9
z(t(iuSKR)2A^CFD1}X#OYDRuuQ*Ku7EAt<(YoR$o<i}0%Z2UF;VT#KTApJx>!d_0z
z50vd@DZ70Dh)q?DmFIElgYslIt$E$_5`$(NovXVLDMER^XVq5zh*li<^<vkC-Ow{@
z!U3UAoRjsz3sT+5*mj`<3~!}_`+{+_8zB_6H}P~^CpevXugFhgPyoN0Hg@_Ezbi2V
zpBcEy!H9zw7#U|Nts_x-Y1Vn(fJL)J9eaj*L_S#$F$rcoCpdb3sjt*bK`v9o_vL<F
z4uJLWt%JqW{c<Z5liBUKxtOaFfpnrv7m}Ir4*l0_Pj;a3;1rOR@d~Xm^fg=ElG8`>
zxAAE8VIh(ur2y$YVrKpx46lAcBZBUB?QMKaN!L0Fis>Aq{vZzWk!%rN3jNX3LZENN
zhC$7D<jgp?0g}WQ6d(H6Lt><!Tz_(sP(~5A#!u1d4zf2@di7#O(y(RO48?~Y;Qu^h
zH1ekzx1JS#a7G7WnC>Fp@d0{Y9aa(rt`g!3VYS|~qyn*+3Kjls{8R(w8yv|ozh}yj
zkvu~=<P1|4R-?(qNJjdN5W#3s98+woZX|TloW}fk#Tm3csZvx;$>4G(*K2Aa2}4gz
zBD~i~`9KVn_ZCCGM<f)wgie6@THb?G6K7zT6Gp6~xaZ~b;Ov_EU~0u&9a*|)CY<Uv
z$Sak3er!=TLiMAix@@sNyd6c3b4}t;U*%7vYk*T@gd=2Dux5PV;)ig|t9}irsy#+Z
z$Y^%8kyoTQE`g+j32pw8Ek=Lz5N0)mLoX6_vzRFDZATuKBfqT7*Y4uy*{`iKh&3MT
z11WFNwkB)YWp@c?K1X3O;9);b$r5O3I4;*aPx&GZYjAeO&N_2EQz=v|_hk8E+{7Nd
zjPCM=A&u0$X#c!*Mz~F0Q1(mcN^!@P<f@E79>$|&OJ1IuQ30`lyr3?9w2DrO5V0cB
zN-z6*Uz*F5R0ryKVUPvbib;Mxlv*)iFPceV2_T(6o82doDdUTg$g~_30;PG4YwTdD
zFLn0`_sq!qFr;92ow&ry@7xI;QB%GO$a(oTP+j$Oq}$P-G2FqNGCm>yN7XR<_85;O
z@Wal?fdTXmjHUPNg%XlcXDk92z}IleBkY3{Z(0&-+bA!g)2h61+*D`_SlLYsxeHMX
zfqryQF$DB-1$07O<BP(kkRee2;!V;;J<(1Zg|IMFZlDj>H7|PM>p+ELa@ta6h%cf^
z_$7jFb3P+5sUgf40bQ}2NmS!=4w>s@FzDdt!3_ghxdAG4A464@9$!~Vd1E<af)!#S
z?GiQ|k^KpiTkKY9hTd8|r)F@mQ~Q1zMg&3?tSI5h)`MY#<>*e9a)fj@+67ZpvyC#Y
zP~<~ie{(1PxU-YGA=tbe!Kfr9!t)0I8c`;(VH>@?aoC2@Of|*~#gmkP{Y>4$h{NTS
z7vHAB-6L;ob&PSfkB)hlF20WUm^7QR`1PC*y1Ss!p%sz-#jP?*9IjCAC%683mM7tu
zb&sowmY&-0(eQ$SKa>#zuhB~(bK-h0=QeBQL--`cSjnAZ-=IksTlSYvA?~wVPy}G2
zHFp73hSn}S7?K!~tl2$>ruif*R#ZWVeIl99UZ)Muc~)w=;P|}??OGc?F{5EYM3_!<
zNey{UdP9LXpi9O0lxtWm9(TqEFq9qleAF*wI1Fnbx(E8@<rjgq_SEXvR;S8z2TvDF
z_<|^eiHAdg_H2kCW&|f2zxSbh-K90dqp)+!Fj#F}s?N+6cC+X<+Co%eJGOsUVPwI^
z<hhlRk@6zqpg<WeBeaRJ`sY5Vp2$5)BPnGrWUo=RWk8fDY$xKvIMkp`;xc78Il9W`
zT7y_-?pgFY(bZm-MmjTMc|wwad0U$y5%Zb893rFOaQYYJEb?q}7b5b5@;LL9sBO~T
zqmd^Tnyhp=`6kM&k$ce^qo0(sH055zdOhtcbOJr+cQUW**J_ZTPp#cxkX(`FS7YSf
z=&xT09PVO3wlro@8IW7zk3JZCD@qwu-hZ?`S^hNPSr5bh>Swn2sS);McI4{=@k*s~
zRn@H;oo5UUXWWPcukNB4f$k`F$Lk*r`_X%xwVQB5<hn>9G4Vw7GWgjsqH~{N^TeZ3
zOF_}LnN_j`PkmS4X1MSmp-a4a5}lL2)YEuEj(AM(T!PW(vw8j6<Yg;lvO!jn0f<-0
zG95%4RT4^IuyDj9dz#+a-#}6IQgPUPA2hpGTU>=Rl7qX$xK*j@n7~eg6dnFjN@9L2
zlHy&|NaA+&+-Ad}d7_^kb8o8y;g)YKM<&6hSQJwO_}0=%lp?<ud%y)$K&8AU;~l!=
z6bo{RW2lZns}xiL$z+ELG?Zz~tS8kG1%GrGOSe)Z*F5QCXB&qwCMOl??aLu-`XoN;
z2NBcSONwTgch<1Fc2Jb)oPRdHu{~7h_N*U&LA;=g4*<}D_ju%1!%>NjQ&a+3Lkbim
zMPe)*J;{4?0`pN3qyjQdNmd<kc~U|qcl+M!4n~;_vodgH<MbPt(l3LnQ`W<3H<w>r
zymJ#rHeU~^rzvaX&+xL)0Q24KM<l6Ze2y&OH=(Dul*ZcAx@v$eS`AGq5g{9|uyjk5
zg$fGWv7++fQft|@MSlOW<$6pXbbL;|SK?ER1Ixvyx{qi(F^(=)_1Fbe>7HPQOs1nw
z>3~Y8*ifmn+<y&o{fxUVLM%)cmH4LnWfymWaEOYf^9|L4@QRejMdA>WpQtoMROyRG
zQ#3e?lR;FDvYv;|c-jft)|yQ&Q@zp<DWu83RQa8~<Kb9m4Z7Nn!6isY&1@sb=r%Zo
zK3L<^Zy_MfRSH5|F~`19MJiH^y0;k_^FeOiue8jKMSaEU&x(QCKNLYCxzxv5`nJ|t
zcXcQVzc0pWHe5s6BvM<ZE1X~CMvD^l&3R0oviciymAA!;5<dNL6UuE`B%>P%B0NpF
z;%Qzv?8Zq+&z4u}Hv%(7=DVMtA4a9TJ3X$!B1*m(UNm_T>4d|?NXQzfrzw&lU*~>+
zPfh3MlAVOSFF5=BJR?Ee2T&y#Jy8lRX4A@_B)IR*o$UNM5a0@QMZ&Stpv5p{G1Y7?
zic5+wC;DpQ&Kz;JN*5hv7pGCYE9g?p5ns_hAq&Waxu>L%OJXHm52Fom;wZ?Ou(63r
z=axv?Dle)>cMXrQzsFP;fw(5k%1Xt;5EbdAjkIPO68YYXMbe7ii~0&?a~3#@UA5<&
zx8}OZWh!zae|nDy9Q<I9AeEnKpN#N4;0$9IEi1aH<qhTAk!2i|J5q*5$^<nwqrN4K
z(E?^F4@|c%7r7QAPxkGyuD#nD`BnjimP@U~e%Qxzw=Xzo=?xS+&zW;xlb&!0XPz_-
zGST0vLeNgoq<KJ3;|f)YjW_42iKiN*Vk4p)-lZarp3#*9zdv&_eKlk=uP39I8`OOZ
z-XmWdLfOn+6Uz=`L_CkLc@*WJ`2GTx+xhfj@5!$y@Cc4+(%Aa1$dU|lnKO1~5<v&Y
zDXfRi4FnPSlitL!0(|aFbHrSFbifwr3L*j?K?&<(2F|1sjY`x0RIennA%0w!w)UCW
zQG0J8Re51fP&e{N&w;-6Rjb?L1#%l+#3*Lk>H@0zRHe@Cb1jpIe9Em@msuKmR%QxE
zA~hF-(8jDUrs;e87QL$OkN4>%(EimCt`!gFrue0+{teebC_v%cna>{TO9-#Q0H1xo
z!P0a>p%|hd6*pFm;33F9u&t(udr3Fz1e8ONacM>PMwT!i>D-P~o6^~@SCM5NNU#{L
zbGe58?fv7Y%*~3DyKtDvm$LQa&|4-uE)UcF+K^b@hnM^9kudC^Qly#T6PFhZ69t8d
z&+Nu$edR}RweqfJo_9mmI(Rfz&@uE7Z0Wp^Ue!kCFZ%TnxvFDwLEW4%6sbtZcZ$<R
zpNf8vX1SF2Gusq|QIb895Kn1jK1rJ5>s>@)8BA7K^|SU0mtOx;jWXX&*#l8&VVrOX
zyAKFPByf?(6h0Z|RT82hSfG-RsU4{1zRFJ5tUY9R`1<A~&xFp1uF~_I$2WP%Ldw?F
zgN7wzjN}*Q*GwR;VP8w34HJeb(++0FWcYK(b(H?#MV(#+`IApa%$*Sn-9hYzGKehi
zoWHs>fP=g&4Ra9MpS4s_Xm=5_W9y*%Vi9bt*c*=|O-d50G<Qh*>9KVevwnH6n&?cD
zR${kN^b-r6s_{m}wGTx*n7*>i=SrSYNG!H$>3zzAF>!!VZcrC7wqJNLOOnQ=E?+Hu
z3IU0cX_1VQo`_}|S`(JBp#9f^(_6vb;`)&tXi<YkX~In=s__y!b7#e#Y_wd<5djr{
z=6VD^bW+_U<*`9uJMZB^S)M`g`I%?<{Z%54FFEH{5f-U0nW`k!G&SdhynEA4n~1M{
zjChj8l~Z5{8u8QQ?DMG=1zVcyI$hc6Sh?vg<)<IQ36SOQY-Nnd!FL1M5QSm7b{N)(
zffCOGSwaMZfD-Dg>d87^*>km>L)zxO3;d$y<)!k{Ud1Ps;}_aY!XXRfRqa>$h%0^>
z<n`kK`;{~M7HwZtwvmK4v@6pCrCob(@uCe{j(!RLBF_gVsAsSpsR|Rd)Ak@;gZI*7
zoP?ekoA!D$oO?Q4*K$Tr5&SG&N{s!?P%X)3WNGQc<1_!rH)}p^{PhX_dEpCzm6<U-
z?wBc=XI6avr0bQOLpFOTS9+XRvrqUlhKp!|gPw^xMJ*C8#(=<xg#}@Br;GX{9~xw`
z$`F4Ui&J{&zTO4;YUORWUxDhAx9=*Mk|rtDm_+cfeImG`-ldTBH1d-Nb13Br^Fpk?
zYP5v3g?=}!OpdJ|FBil_^-kKH;-dyYGzjYP&lIB$DL>7{fmYp9R}DiL%B-Jb+|$ru
zisDvN<Av8$eh2Cuy|r($fl>?&`!Dua9Gvo5Kz;<{LqZE|b^Ud5_~h>H)n;Q@XQerd
zX!kREsmNOb*S|e;Uxm5SsB@k)Du~1tmQLPSuBnQgX4B3-I7g|)Jkp5V-4FVc)&LPU
zegs(aev0+#68{3<lMl0!mR47kmj3$|JbdFl+b>Z}p;wZ+|CM1wJ_&(Hq@YY`iyl6S
z(-$`4yyvAP25z9{OKHpLH-(=BF{@F~BuFc8IVW0#KVb&1qeT`ZC+Ekc+;$dzW*7+B
z@^5Rs`Q(FkTOnKgmIE4Ct}n+;OEjHHLVp{rdifqFggh~$Y%<yuF=y+DR=i_X)+_C%
zSwcQNiH~BPDAFRsUa#+{PctiR!YfyB3^VDuud1l^XOt+qX3p080im;+T#N8HE$4Va
zW%lhXJ$q9fkk+Q+W@Nr~%9&bgrQ_;mCFy9TzuK=Jbsa;KP2q8bzS=<9NPJ*HEDkY*
zUa3MZI*RFJQ1t#G{uNWYay1Ufd8`1LBxwunF=TD!ZF7{904p()!7JOJP;~TD#D-|Q
z0J<gj6J&HzBwd5vSLKK^xrMrv2HWWStEimSRBzkRj7|Z5YAt38@x<>BCU*jFc<zd^
zKl@<0R<^Xy-Z<R>3QH^ca2y@cvG-Vg#<x~Z#@io!idWb0JkgxXk_}Ll;AbVCR`4?s
zJr!kPsDm9R#LU4I#_4J22tPA{pPEQ`Izpf}Fjt@{%)-iEjNz=clL2UDCdQ!4rvg%O
zl!jSaDR?`>G`&@|px!o6Au|REaZFK9VK{&t%oPIkw6nE$5%v^g_=779zy4j##Q^*x
z;%Xztpr@h^ly-220eLxjIYAt<o>uPM4C0tTQD-xA;g>RUe}jPEi7{BZx;hGTad~)n
zaC-1?IyhT!frW&GxIo-o+}s>+2@V%8dsm1jhrJ8qZ-~DzWMD2(XDdfnD+hbvZ%l}(
zgPW@u0|UGr_;>&8992~Q0dMc}Hx}T0aCt%;xxkztE;~D}f7Nhtm34=M{LP{Nt%i#h
z{Ah{mCCtUa%^3=lb%)uzGX5)s8T23ej&9Djf4XA^<$~G5?BJp<aI4^dGbyjAqW%w!
z-xOF_**X5vf|LDklCD<f|0L_*eEZ$<r#t`Z2weRixc?^o_rCuThD)ia2+KG?-F~~L
zC?m%3+rF@w1Jue)_|GMTkDmtyf(de%LQMrZctPge9H#sbUJf%5*i3+j2W$p02mK3_
zqP>eN#2yO!4Fw11w1VRZfJ{N$=KL@YC?C{}gV&6g9}d9-;o#wifuOwnLfkMR!GD2J
zbGCv<CB*h$z4{Gh28S{OafA7x0;U}NyyhSdULkWZhY%m1DTg4x8Qe{<DNK<2FK^7C
z!g3DIb`bb*TG>G?U|f#&7JqE~CR|ubT~UmIoAWQxKQ-#M5La`!f*6CcmA#wiKSi~y
z>|mO%kl$>A`S}I;`2|3{eEfVMZf?GR3hBU{UEq=U8xsuT<l+9)@_Sf>;hljK3;7+V
zaDYGc@V*F3JHsHZ4$fK*4z^+pza0Sn*8E4a3Vb@5L0lm+5LXx+6mCoy3>F3pXo0}O
zJOaYpd>kM?VbH(GJD6FSd;LF2|DHTR(Z7aV!O8`0-|J7+Uo%P*=JeOyU$?eaf2I-;
z_-9fGL!f_k!3E+DGyCHw9P6(ps3pYS0tU|>e+$>Y*IWH>LV?>11Qp^lg>VQ62*INX
zBEZ8T1OjuzuRu@%K{FwK7_Y#;qq{hmyLv#JVNw=w9^qWU!}AYUz^8u(iuK>6JuG3r
zM*&V42N=xpKMCXdTZg%R=ZwGiSd{C3a3cCg;9rsqT<@<sc=CehLau)#!@qI%JMH{m
z{QKKj{9m*HhyJgT|A^oJ()C}u{v!tdBjNu>*MI5yj~Mumg#Q~||G&|N`OnuWm_2+I
z<N<$K;?Ioy3V+c;HGLs3^XHWd@I$&a0DgtxsG#ox0B|z?{zvdEl5mGtqPZ%n$fE6H
z5uh?tP?hOQ!K)}-W%XR89qfLu$^m~Ci!d{whn1@(@b_X-Hwc#u03e=Il#$Z%Ts(Q_
zqouX8I@sBZy$%9;v;~#|gEx!5`0^!qu^y#Zt;TyRh`qJiE6p@_SkP~tHYlb^crw$p
zgTROF=U3sztrE&Dt9keo$ij^oVkAQm^d^YnHR|rSwgA`p33tw8F(blTzptiMVw3)-
zofZLm&11jlA+cb5WGPp~<(Hb8^oa_d0qx#bJ=sDoH6CXsDXFO!giI_f&KJCt;|{BV
z*X0Qrz7jvSi8!lOOO7t>o<v6I)EuMe=;&-7edru0*RBBBFAEZrlD<?UK)!Iq&@nKe
zB!_~?u?3yC(E;ld??mQXJ-DujrSS3gut#TRh<MD$*2T}3n~7MGhaoJ(!^3UNFjrUJ
zG<N;q!a}Cj7pdjtY}CT8=r7XPrEG24b*c=)G)q*wEqTA0d*%Ayv68au1@7-#j%5kp
zMMXuGmX|y0B_t&g9<R1jecziL9LwZ!I$xLCzw$Q8{`SrJc&(ETUM+8C#<V-072)^u
zI<KwGNIe2(VFA55oFx}=XXm$_5BzQ6HK=P!SzCdsGTnW4c2>~q8<Y9?+pswkAC($<
zEG(>AmpxTDIGSd$a;;S>IhFq0-bm^*)t_3*%kif~`B+IwNj(4%fSrRQj;~<Wy4evh
zX35JvK>qV`My<K#@X&gI9Qs5xd%eHmSC*I$|IE>qQAb!<m~CGqf%}$8n`a_;V17JH
zVBvF~^vM8)fIaoIXV132)m107cOs$TIyzxtV$QF3hnx&hiF$&bJ$+h}<=`Sx_wi$P
z8cLv5!=g?De9P2t`KsbW$4K_n%OwH(<soI3WJ{{315L1#NWNNRb)0cGH#zq4P$Hwz
zZ8#29w)ha9DTsXjV5X$mGcz+Y7CgXCie=d52`0<Q&K^5FJk;~^6C0hFFo(a+w+Y&O
zt%RherjD6$gBuLSi&e4)05vzOK9lx-tKLT(#Z#7g+S(*p;(o$NT|GTL84I@N=5?9<
z{rzCT*x+D<ajSbAA0J=s^0LwH)>bc|MmB~NT(@A`^bRgH{!S$QMQ&EsC?yq@zMNcm
z-0Oy7oZt4W8{X=(r;)~4yt5xo<4~@c<*w2hZM0qJ347J-ESnP7cUhM4iDveRi~u3K
zPXIkVJ;#J-y#dG1`|pzr-*!e%{6mV1i{WFSSuxw@5a6RX=ybUUw?0l?d6b-<KDbk7
zF-gnW*4UVqes+Db<OQ=|YK&|3xH&a$J*g}$T^Dy)X-Q4@KUr)L?Y35-s(#hUIq&)P
zz<#xDI7^W~;t4Zz)W^gOakqxYrMlnzj;(TonV68b1``JBt!B=9u(*Ki>|+~A)3*H3
z-f*1xCWqW!!SSE3uCA_(^purjS3Z4pqRyK+`26Jya<kC{79J+%=1H&q+>|hUD1UyN
z4hs)=o^x|^<M?{iefjY7#-WZsG&J;6ef`bV)lRj~_3^N=4KJkzzc;>x9~;Z5!xWqd
zA!fMeUA54`8t*IX64P1V==pn~?OF$o@H^aC@Y7VKtWTI>!L1XMlTBH<ZrQiDo}hu_
zUt)r#2wmeR{w_>}QN6yi)_i9<R}SNC?d^t@b0G(C8fH1|@TKkSI6SK0p=}co5TL<N
zI8#!69Uy;&F{Pr4(GN^jYPM-M!o|bGv*e|u7WbWJu|HdFul2kz1#~sqEjfPMR^;X7
zmHaTrC?Y}ykEs3G3bM`3O#mQ^-|o4&ISYL3At3ViIu(gYNx=p33DMOhZXJeA_OkZ&
zoUw9@DN4-Zx9dm%Nh71|UWf1R-vh^T#Ik($Q<a$Et=v33wLUlY5wHdrRkqXi5W&8y
zF#L1+gcSg?od;>~TXQXzt2sM6f12sNyma*rK1fl&?ND@c<Kv->vptwDQoUhO%@(9T
zOi?d-DI_{>BhF`ifZugzRwiUr^s+WG61~++PDTcls<gwqHa4c*T@q?Hg$i!0xw+ZR
za^OxLW?Gapz0<ONY-&`iHfbLTd-cgNh~Lc;?*%n?Cbo$CaaRqb*YW<==~HVfbayP%
zb30KU<n_%g>z06kK+t6u8=i?T9&XmQri)%=2)nVFPv*pF6v!a}^7Hc@f8Bd=s_N*F
z%EeKJ5irWVo-S1MyquCZF1OLrBA%X^NzBfU{qjZ2sNI`{Q9izpXHqmIlgA=oEmvH1
zCV_$nRbO9!zB53Ao0}U1=|L8~S$0upOZD7}6R;hzPT&`0;Nc;%va(W8Q<GOw!AavV
z3`fBtb*y^^hLa}T0*~v6P!oR^^!%k`2m!Lxo7aCYf@R?kk-rx*7DVheWWyGdIXf$&
zKG*CXTzq`9MToSh0v)DC<jG5r{DQ$x-LEC#d3bYc%L;oMJ7)js$GW;^G!7n~y3sF1
z?Mp>3%ha{BLY=k-rhp9H43XEcg^#f1(WPI%e&x@+YV(9MMGzSuUp!%p*Znc)qd5#F
z<TieUo>v{+-|~udtLGDQOV$!3PA()g6#4hlAu%yguftb}kdW|AZf-)FN#y)T7?xZD
z?YJK;JnQSGT}gngs$#6^-H2b3<uwu|r57+~<Lj=oBxAszD|!vqB;J?%QqUUapTa&r
zgy31dH9aY5Gs(uphpRT)Nt=D3;R89@z_$DR*OT*Tl4sOu`WhM=^=teNtH&U_Iu|Lh
zyGQ67Va&1^^(Bnq(N%J?Z%Go+*qxo7h0rN-SKBomES(qCUMJ0zq+8{Br8cj?oUy|v
zHC0O+i;D)Qt7V!c8B>;K!tdhCwAdQqX-Y?5e<44^sKYmNl#!7!#N$JQJDH)pg&ToQ
zYuYz&$5<>Ul-033>4=Pk1Uv_$>3>?F<1N<H?SF3kGujEFY#(8_f}5qx!tb;xgBoZD
zPj|*}#MHDj?vQTa{8dC9nqlS234L)qM^r5NQWOb0eRWrstnc0B!SRa6S`ql^=MH=B
z1wTBVuQo?$5{83y1DS9_BAv9Cj~6{Qdcp)9*8%V}X`h@cb~DP+3?hxjZ|Z%1cn$0f
zTiQVL`mB+s#nvB$gjQqPkJ<Kcy+khN&D+!4OF&H>3x7gjET+54*%)gz!DtMjBDHpI
z+nCe<r57)p;JHINlRIqSz2wi9A3uILVX(2W+42u$)y7-I@yxYd<8PJEYyV|X$-_m2
znuH__9t2;$e$6i}MVGigNAmUatMz~IE-WmpSE?~M%5UK~nx|Zfva4X!T^~o20f2mO
z9VtT)PmcI4KLb?{;32AEWQ1KX6}h=-%EZLvs6<Xe0&4<K7=2%qj;$~SSNrvU0+A|t
zIEgIZ+x_T9qmwMt>M^Yaii%Q$!Qkb2e1<y{6BAK_k9zE!3+)_-`<0xgc6;nxKIl#;
zxPZZUn%)+-BYb>(NvL|M9|iO{%b~-m1y#)JTOm9qXx_a?chhG7`nLefIE!Ae<Q29X
zZFbo+Sne$^E337cD=uc4;w=9?QWJ*^U)?zxMpHF=cH46uIv>&o-lP8<0lXfFg&!OZ
zOIcg9O;1n1*J2}}qKbis)#idluA4B-ZkX>wfmJ)cZolaYSBw*cJ@j<jU5_PMs!C_;
z{>S&*gOc1gIXS=6xpIyu#iYceC~d&Kla!CYd;)F%uZN$BX=&zlCDR6Ev!;J~H>myM
z<fHtH>MnTN!2ys9IWxsc5nQ_s%Q~ByGMIQDFaspr+!|hVo-#+Cjx9FWXlQDNz}I_+
z*aSnRSm^m%PHwLnTBXkj36ZC)-ao#T#z!8nK@SEh{4Tl~{<T1k0ip;0qab7t2BQC?
z_#^($;{UrMa!gC${|kIe67EAph_C+<=vt?J6ibBKkMyCfSHw;KPlmLMT`(Q^@+?HQ
zMC8Gec6nvlP`k0)wrd5I&t70TxLh2M!j0^WLt9@A(Uv&v1tV^gj|4e~-2K&nw;B0M
zyHgtKdok2I8F=QE@z{O1?_@9zxX&vc6@a~3BB?k<Jb@6%Jjs)+=s6u}vQkv2AM5!Q
zQ&aQEaEQJskk|bs@Ps+5#ZLmR{VuJbHXVPSv2<k=!xc|1d(T^j)%5dPg#@A~68PCo
zEw0_s<En6E)&M)83zYB#G{l2C=!(IlXB<X7KIz$D$;oy6Q1jrKKS$hparPy3v)}hu
zdndBphPifi_OiCXs<gWsX-W(Aw!rRlJGOA6%{YaGyvXy|o~Mt4_$w~x+uY6T?hpAN
z`Z7l}Z#A;QO}B6^JrcSFbDx}R4V_I5RwS(OlA23}bx<>3^{daWNajg}<qwEz>5r__
z9|XO&BF`5MXD}d$k$;eb1SZEBT0E>Ptq3E1kiSTW#O)5?ay))(SEjCBzyLT#P&?o(
z$MU4EO<`9&1Ap-#zf*)dEmdy!Bvr%<6IZ@?8^aGF3Snv0YFsTG)b;4->hL*RTAl%@
zAANU{!t>QZ>ibbO_$<)|dB>;dj+;NVGALf#8PcqhI@In#8&U27+3RA$zM->PYAg?c
zLJtUky1^u?il_zR^cAYm)G@{`e(>nXRT3~4R)4MH^VMmgLy4Pn8qJ6RG_CHRfzcV;
z2Vd8(K_mBt&<PcU9|XVh>Oc(-<W9dY`8@_Xp8b-9-DGQfEU0*7W?^Fmn`}ya3MWp1
zf5$7z=3~bBY&(<5Jkd8HbnVdQnmP4^@gGzt(b_h*%`8+O$U29JkXM_;D|(BQbTu5x
zZ602}xKZmPJM(&aWIpb+B5vexM{spaYoC>>Fh@7|q|>(N1xn{&gx6VKvEoeGU`?1l
z{;M{$PCfVu<fIQ*Z_29L6s?Xf%=a_$`(U~>4L^c9lJA}nHaqc=F#%5q&-2}u>#A4I
z05Y86wwl%Hr<GVMp?aMg>O;hzv#v_*DrF(>FmK+TVvO9Jkx+p~EtpBK48sFygVg8J
zH`?=?-gBETKk_%G(964!Y=t~IpKf`vOt9BP3%ws;&|1Ya;pXxjCU#7QuN%G=ROVr0
zG<kfFAMN})099S_4fVmZoNH+yE4xyBI?mM-0rpwnTCLNJUvnX`cw_K*L}pd$imrp}
zOJbjN>Q}Q?WJvdgk({SJ{d-SGOFD90{}@)Qx?9@K!WsuL;{zRmv5Eczjjzd1Fqbmt
zMX$UD8c5s|(Yxg)REr_3X^bi_T3vL?2Gjf|>&eqIgpY}OG|jZ#-|!WfUtWI49W1XA
zu-zn?C7Tb8!=Q}OWte;Ix~_M5eHfBM+wrD(c%8*5BwabEG$*9?<C;O1E1R)@>s*zX
z27l4k=#sqf&b;<qI;8c^pRR-FwTQ2n@6^h{w~|n`2<1TmH?&WaP2)<X^<LzgWIuD6
zjgUH~Pq&Jqu<m(8i^OEo-Kwt3RpxUM=kh)<)X$!Hg3Xvk3u)VG@Fz|9FRaHK+-C$b
zshp}<(B|qT3M2!Nn%>&ykGw<`t8mgY*Ph{`c_|>J;BQ>4c9|6&6s>^li7L5qic=<o
z`A#FI;%#oCdIym;&nvTJUJ=lTgM@d75CMbO+fp+s%7qUv_Gi1#prvad{1wTX@Y?|f
zBYx_lVw)Qat=T=n?v~;onN;NC_neMNFJP&ZO13?we&J1uBF}dk^Y=D(Aw=e;a#=Oc
zS5#~{y+h{Eo`du*PfP^z;C!}8xJIn_AmjvPO#f8uyQB{OM5PHq=*%{B>nA5TS16&V
zTU$}tNZZ@;7EM@y1OST;IfI#9k|B`K-1k-YZk)%j_%QU$3^2Je5lc>s&NtOA?m|X+
z7~V~}qtd5)H7JVsnl=6eJ-_DRjiapW{PE<A!H8`7Fu4spmiYYI?o8jBB6L*jb<XHQ
zD-X1w*E-T*55K85u_e_^SV~P=d~vP6oc9y<na@;$XDKMi1QBYyO{nx~oOyM@Lr*YE
zjvf=pZhou_RmViPo_v&cu(nL*|Ku$bP<tp(ReSgD9;I#B0q4&1N;ct<-Ophz)l}nG
z3T~C5PgfW1;T=I$fg!aJ@-=!7me{LZwbqIxr)J?~GSXxI_u8E#m}lTF7Ui<m>#W9h
z^$#C0e3*SX;7<idQxt%9T&JtI$eNw{mg_@0|Hd!cUzde5*cC1puAg10=T7&;OZa?)
zj^Y;D1hJ5Gdo&LZoGE&J<pCZ)Ah|0`VTw|kOJ-XuB(bDRevD<I4(>cWTY5X`cnuHY
zIwyg-trDhfP=eiAJWLM<PsMg1e7`8`6z}v^b2kl=AH$CqeZ`b*j&{5O<|pmgk2DXe
zt&JN^Z0X1qMBIG>q)29r8m27)NxJsCbaiUz-uc?FP}Vz0(3*j-M%~X}NpEIf`*l12
zP8$&a-n=(n(hgsxmkRrF>^OPlaCWb=*6dGcpC%x?-q$dC;F{_`>aOo?B>2Q>-`-!-
zXWQJ)N!xWQ%@|Y9J`k0XrrW!nn?E&+)=8y#bt@tG@_XWppw~bEbQ;zH>X`K*%fWg_
z-_ka#aa2Qjls%xxuGA$p9?=H+7BL(4rbQ7fVafVSr(^Z>p@cZVHu+{H?K*&>30t;}
zE+H)o%ioW$_zS;(_S&7h-OZL1(S=iyh{JB8QF^2qjDc&_hJNYXiOj|LTjAXEG4yw`
zGfA8>O?L~&x4^;9k2$o<{76eLio16APdtUrH!^l3hI}^8kdoGMn?n%R<Hz$bZa)ML
zwx(1)64s+Q;I3{@pB<pTg@_Tu=c8%bq!LvVHT^U?_IIi&^PM4>Gdpb!_T*JgkgW=7
zikr}<yvc537w|SA9ric!XoX432}5Zg9$`mz++nqipCb+z1^hToDs0$}bisqfMCWEh
zGw3(8uWx8ZBceP|9l{Jc;XnG2eQG%*FFRwb_4YJ>ObZ=rY@d-PlKvY(<P~ku6hZ=h
y7tfoVQ_jdxjE7nrDSTuO42=Kd!Yp6<M}YQ%z3@wu^^4y-r;4(wGS$yt2mdb}VqyRQ


From 2fa3b3c93eef3970dfa5715f3d43ebdf6c9b10f2 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 9 May 2024 23:00:51 -0700
Subject: [PATCH 100/336] allow exclusion of boards

---
 search.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/search.php b/search.php
index fe5f2850..e7970fc5 100644
--- a/search.php
+++ b/search.php
@@ -17,7 +17,19 @@
 	
 	$body = Element('search_form.html', Array('boards' => $boards, 'board' => isset($_GET['board']) ? $_GET['board'] : false, 'search' => isset($_GET['search']) ? str_replace('"', '&quot;', utf8tohtml($_GET['search'])) : false));
 	
-	if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) {		
+	if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) {	
+
+		//Before we do any of that, is this a disallowed board? If so, don't allow people to peer into it.
+                if (in_array($_GET['board'], $config['search']['disallowed_boards'])) {
+			$body .= '<hr/><p class="unimportant" style="text-align:center">('._('Disallowed board.').')</p>';
+			echo Element($config['file_page_template'], Array(
+				'config'=>$config,
+				'title'=>'Search',
+				'body'=>$body,
+			));
+			exit;
+		}
+		
 		$phrase = $_GET['search'];
 		$_body = '';
 		

From ad653af0829ccdd8ea65bc30a99700a2a3da1513 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 9 May 2024 23:06:45 -0700
Subject: [PATCH 101/336] allow excluding searches from boards

---
 inc/config.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/inc/config.php b/inc/config.php
index cf731b01..d3ad0157 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1854,6 +1854,9 @@
 	// Boards for searching
 	//$config['search']['boards'] = array('a', 'b', 'c', 'd', 'e');
 
+	// Blacklist boards for searching, basically the opposite of the one above
+	//$config['search']['disallowed_boards'] = array('j', 'z');
+
 	// Enable public logs? 0: NO, 1: YES, 2: YES, but drop names
 	$config['public_logs'] = 0;
 

From 21cbdfef0460a3da5c579e652d192c4be3296a38 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 9 May 2024 23:19:50 -0700
Subject: [PATCH 102/336] change the search exclusion error to just be a
 blacklist via server side verification

---
 search.php | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/search.php b/search.php
index e7970fc5..f114c37f 100644
--- a/search.php
+++ b/search.php
@@ -9,26 +9,21 @@
 	$queries_per_minutes_all = $config['search']['queries_per_minutes_all'];
 	$search_limit = $config['search']['search_limit'];
 	
+	//Is there a whitelist? Let's list those boards and if not, let's list everything.
 	if (isset($config['search']['boards'])) {
 		$boards = $config['search']['boards'];
 	} else {
 		$boards = listBoards(TRUE);
 	}
+
+	//Let's remove any disallowed boards from the above list (the blacklist)
+	if (isset($config['search']['disallowed_boards'])) {
+		$boards = array_values(array_diff($boards, $config['search']['disallowed_boards']));
+	}
 	
 	$body = Element('search_form.html', Array('boards' => $boards, 'board' => isset($_GET['board']) ? $_GET['board'] : false, 'search' => isset($_GET['search']) ? str_replace('"', '&quot;', utf8tohtml($_GET['search'])) : false));
 	
-	if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) {	
-
-		//Before we do any of that, is this a disallowed board? If so, don't allow people to peer into it.
-                if (in_array($_GET['board'], $config['search']['disallowed_boards'])) {
-			$body .= '<hr/><p class="unimportant" style="text-align:center">('._('Disallowed board.').')</p>';
-			echo Element($config['file_page_template'], Array(
-				'config'=>$config,
-				'title'=>'Search',
-				'body'=>$body,
-			));
-			exit;
-		}
+	if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) {		
 		
 		$phrase = $_GET['search'];
 		$_body = '';

From 8170e226ecb93b76a9fe5a3b7c46dab1e36e9afe Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 9 May 2024 23:30:07 -0700
Subject: [PATCH 103/336] we don't need vichan to require two versions of php.
 removed redundant 5.6.

---
 install.php | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/install.php b/install.php
index eeab3b0b..e21e8a30 100644
--- a/install.php
+++ b/install.php
@@ -1,7 +1,7 @@
 <?php
 
 // Installation/upgrade file
-define('VERSION', '5.1.4');
+define('VERSION', '5.2.0');
 require 'inc/bootstrap.php';
 loadConfig();
 
@@ -739,13 +739,6 @@ if ($step == 0) {
 			'required' => true,
 			'message' => 'vichan requires PHP 7.4 or better.',
 		),
-		array(
-			'category' => 'PHP',
-			'name' => 'PHP &ge; 5.6',
-			'result' => PHP_VERSION_ID >= 50600,
-			'required' => false,
-			'message' => 'vichan works best on PHP 5.6 or better.',
-		),
 		array(
 			'category' => 'PHP',
 			'name' => 'mbstring extension installed',

From b90d6f56807d510a0bcca6dd49b8e81903f2beb6 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 00:04:20 +0200
Subject: [PATCH 104/336] Fix broken login

---
 inc/mod/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index c96a0487..f95fbb86 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -9,7 +9,7 @@ use Vichan\Functions\Net;
 defined('TINYBOARD') or exit;
 
 // create a hash/salt pair for validate logins
-function mkhash(string $username, string $password, bool $salt = false): array|string {
+function mkhash(string $username, string $password, mixed $salt = false): array|string {
 	global $config;
 
 	if (!$salt) {

From 44fd0dfb82820cd0b8b9630c74a95e2339deb515 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 00:12:13 +0200
Subject: [PATCH 105/336] config.php: reenable syslog default

---
 inc/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/config.php b/inc/config.php
index d3ad0157..9568fb0d 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -66,7 +66,7 @@
 	$config['has_installed'] = '.installed';
 
 	// Deprecated, use 'log_system'.
-	// $config['syslog'] = false;
+	$config['syslog'] = false;
 
 	$config['log_system'] = [];
 	// Log all error messages and unauthorized login attempts.

From ed050497778fb16d9c7f1adf257ca747643d6e20 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 00:28:51 +0200
Subject: [PATCH 106/336] functions.php: fix null parameter

---
 inc/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/functions.php b/inc/functions.php
index 1d98f9cf..53c3b55e 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -2276,7 +2276,7 @@ function defined_flags_accumulate($desired_flags) {
 
 function utf8tohtml($utf8) {
 	$flags = defined_flags_accumulate(['ENT_NOQUOTES', 'ENT_SUBSTITUTE', 'ENT_DISALLOWED']);
-	return htmlspecialchars($utf8, $flags, 'UTF-8');
+	return $utf8 ? htmlspecialchars($utf8, $flags, 'UTF-8') : '';
 }
 
 function ordutf8($string, &$offset) {

From 4c731ba241ca125297082919e13d375de83918a2 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 00:29:46 +0200
Subject: [PATCH 107/336] auth.php: check if cookie exists

---
 inc/mod/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index f95fbb86..46da5cdb 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -240,7 +240,7 @@ function check_login(bool $prompt = false): void {
 	$expected_cookie_name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
 
 	// Validate session
-	if (isset($expected_cookie_name)) {
+	if (isset($_COOKIE[$expected_cookie_name])) {
 		// Should be username:hash:salt
 		$cookie = explode(':', $_COOKIE[$expected_cookie_name]);
 		if (count($cookie) != 3) {

From dd224cea58095733b3baef4d5f1c1db05046c184 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 11:44:43 +0200
Subject: [PATCH 108/336] functions.php: handle null body in remove_modifiers

---
 inc/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/functions.php b/inc/functions.php
index 53c3b55e..5aabdef4 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1990,7 +1990,7 @@ function extract_modifiers($body) {
 }
 
 function remove_modifiers($body) {
-	return preg_replace('@<tinyboard ([\w\s]+)>(.+?)</tinyboard>@usm', '', $body);
+	return $body ? preg_replace('@<tinyboard ([\w\s]+)>(.+?)</tinyboard>@usm', '', $body) : null;
 }
 
 function markup(&$body, $track_cites = false, $op = false) {

From faa43cb8a62141fb4d87a509f6f4c1be60503369 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 12:05:10 +0200
Subject: [PATCH 109/336] image.php: do not delete moved images

---
 inc/image.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/inc/image.php b/inc/image.php
index 2429f682..840c9004 100644
--- a/inc/image.php
+++ b/inc/image.php
@@ -291,6 +291,7 @@ class ImageConvert extends ImageBase {
 		} else {
 			rename($this->temp, $src);
 			chmod($src, 0664);
+			$this->temp = false;
 		}
 	}
 	public function width() {
@@ -300,8 +301,10 @@ class ImageConvert extends ImageBase {
 		return $this->height;
 	}
 	public function destroy() {
-		@unlink($this->temp);
-		$this->temp = false;
+		if ($this->temp !== false) {
+			@unlink($this->temp);
+			$this->temp = false;
+		}
 	}
 	public function resize() {
 		global $config;

From 010ab2bf62f4759a07358e87320faf0370692ad3 Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Fri, 21 Jul 2023 23:26:55 -0300
Subject: [PATCH 110/336] post.php: add default exif_stripped

---
 post.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/post.php b/post.php
index aba6c6be..8fe7354f 100644
--- a/post.php
+++ b/post.php
@@ -1055,9 +1055,11 @@ if (isset($_POST['delete'])) {
 			if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
 				error($config['error']['maxsize']);
 			}
+
 			// If, on the basis of the file extension, the image file has metadata we can operate on.
 			$file_image_has_operable_metadata = $file['extension'] === 'jpg' || $file['extension'] === 'jpeg' || $file['extension'] === 'webp' || $file['extension'] == 'png';
 
+			$file['exif_stripped'] = false;
 
 			if ($file_image_has_operable_metadata && $config['convert_auto_orient']) {
 				// The following code corrects the image orientation.
@@ -1123,7 +1125,7 @@ if (isset($_POST['delete'])) {
 
 			$dont_copy_file = false;
 
-			if ($config['redraw_image'] || ($file_image_has_operable_metadata && !@$file['exif_stripped'] && $config['strip_exif'])) {
+			if ($config['redraw_image'] || ($file_image_has_operable_metadata && !$file['exif_stripped'] && $config['strip_exif'])) {
 				if (!$config['redraw_image'] && $config['use_exiftool']) {
 					try {
 						$file['size'] = strip_image_metadata($file['tmp_name']);

From 1a59e663c65821583bca8099e41bd7b3a7e37d8d Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Fri, 21 Jul 2023 22:50:17 -0300
Subject: [PATCH 111/336] anti-bot.php: fix implicit conversion from float

---
 inc/anti-bot.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/anti-bot.php b/inc/anti-bot.php
index 48150328..29279296 100644
--- a/inc/anti-bot.php
+++ b/inc/anti-bot.php
@@ -123,7 +123,7 @@ class AntiBot {
 		$html = '';
 		
 		if ($count === false) {
-			$count = mt_rand(1, abs(count($this->inputs) / 15) + 1);
+			$count = mt_rand(1, (int)abs(count($this->inputs) / 15) + 1);
 		}
 		
 		if ($count === true) {

From ffa5c018e70df9fcfbd69ae367d99cb6b23df102 Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Fri, 21 Jul 2023 22:30:46 -0300
Subject: [PATCH 112/336] functions.php: add missing global

---
 inc/functions.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inc/functions.php b/inc/functions.php
index 5aabdef4..61b85a96 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -2259,6 +2259,7 @@ function escape_markup_modifiers($string) {
 }
 
 function defined_flags_accumulate($desired_flags) {
+	global $config;
 	$output_flags = 0x0;
 	foreach ($desired_flags as $flagname) {
 		if (defined($flagname)) {

From 827373819f3ea8deb76c4b3ae135f419bb119089 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 12:34:41 +0200
Subject: [PATCH 113/336] docker: add compose documentation notes

---
 docker/doc.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docker/doc.md b/docker/doc.md
index e022f170..051ae56e 100644
--- a/docker/doc.md
+++ b/docker/doc.md
@@ -14,3 +14,7 @@ The folder structure expected by compose is as follows
         └── www
 ```
 The vichan container is by itself much less rigid.
+
+
+Use `docker compose up --build` to start the docker compose.
+Use `docker compose up --build -d php` to rebuild just the vichan container while the compose is running. Useful for development.

From 96bebe8c79914d4a32d5a00d505a845d9cb4ca2b Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 12:44:16 +0200
Subject: [PATCH 114/336] post.php: fix broken JS cookie setting

---
 post.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/post.php b/post.php
index 8fe7354f..7babb04e 100644
--- a/post.php
+++ b/post.php
@@ -1321,14 +1321,22 @@ if (isset($_POST['delete'])) {
 
 	if (isset($_SERVER['HTTP_REFERER'])) {
 		// Tell Javascript that we posted successfully
-		if (isset($_COOKIE[$config['cookies']['js']]))
+		if (isset($_COOKIE[$config['cookies']['js']])) {
 			$js = json_decode($_COOKIE[$config['cookies']['js']]);
-		else
-			$js = (object) array();
+		} else {
+			$js = (object)array();
+		}
 		// Tell it to delete the cached post for referer
 		$js->{$_SERVER['HTTP_REFERER']} = true;
-		// Encode and set cookie
-		setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, false);
+
+		// Encode and set cookie.
+		$options = [
+			'expires' => 0,
+			'path' => $config['cookies']['jail'] ? $config['cookies']['path'] : '/',
+			'httponly' => false,
+			'samesite' => 'Strict'
+		];
+		setcookie($config['cookies']['js'], json_encode($js), $options);
 	}
 
 	$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];

From 091c0442e8d5d0e0641b9be51e00578b9d3220ff Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sat, 11 May 2024 04:42:45 -0700
Subject: [PATCH 115/336] allow cloudflare and other proxies to still count as
 https

---
 inc/functions/net.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/inc/functions/net.php b/inc/functions/net.php
index ab08c3cb..ebf578e7 100644
--- a/inc/functions/net.php
+++ b/inc/functions/net.php
@@ -6,5 +6,13 @@ namespace Vichan\Functions\Net;
  * @return bool Returns if the client-server connection is an encrypted one (HTTPS).
  */
 function is_connection_secure(): bool {
-	return !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
+    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
+        return true;
+    }
+    elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+        return true;
+    }
+    else {
+	return false;
+    }
 }

From 273722dc7eeda8dff9d7feafe8d370d03ea461c1 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sat, 11 May 2024 04:45:39 -0700
Subject: [PATCH 116/336] set to false by default. this'll probably become true
 eventually though

---
 inc/config.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 9568fb0d..aadc4af7 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -194,9 +194,8 @@
 	// Whether or not you can access the mod cookie in JavaScript. Most users should not need to change this.
 	$config['cookies']['httponly'] = true;
 
-	// Do not allow logins via unencrypted HTTP. Should only be changed in testing environments or if you connect to a
-	// load-balancer without encryption.
-	$config['cookies']['secure_login_only'] = true;
+	// Do not allow logins via unencrypted HTTP. If your website uses HTTPS, turn this on.
+	$config['cookies']['secure_login_only'] = false;
 
 	// Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).
 	$config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';

From f9c54dbbbefa73b159cfa37ff883348f66481824 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sat, 11 May 2024 04:46:08 -0700
Subject: [PATCH 117/336] removed redundant message

---
 install.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/install.php b/install.php
index e21e8a30..5fac2eaf 100644
--- a/install.php
+++ b/install.php
@@ -5,11 +5,6 @@ define('VERSION', '5.2.0');
 require 'inc/bootstrap.php';
 loadConfig();
 
-if (!is_writable('inc/secrets.php') || !is_writable('inc/')) {
-	echo 'install.php does not have permission to write to /inc/secrets.php and/or /inc/, without permission the installer cannot continue';
-	exit();
-}
-
 // Salt generators
 class SaltGen {
 	public $salt_length = 128;

From cc5556341178df2b1191c47feaaba34c6e92bb47 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sat, 11 May 2024 04:58:59 -0700
Subject: [PATCH 118/336] let's continue to use current date/time formatting

---
 inc/config.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index aadc4af7..3c0f2ec9 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -997,9 +997,9 @@
 	$config['timezone'] = 'America/Los_Angeles';
 	// The format string passed to DateTime::format() for displaying dates. ISO 8601-like by default.
 	// https://www.php.net/manual/en/datetime.format.php
-	$config['post_date'] = 'd-m-Y (D) H:i:s';
+	$config['post_date'] = '%m/%d/%y (%a) %H:%M:%S';
 	// Same as above, but used for "you are banned' pages.
-	$config['ban_date'] = 'l j F, Y';
+	$config['ban_date'] = '%A %e %B, %Y';
 
 	// The names on the post buttons. (On most imageboards, these are both just "Post").
 	$config['button_newtopic'] = _('New Topic');

From 519dd27221a5f65e7311b548b78bec2d6e7af704 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sat, 11 May 2024 05:03:35 -0700
Subject: [PATCH 119/336] but we're using datetime

---
 inc/config.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 3c0f2ec9..2fd2ba08 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -997,9 +997,9 @@
 	$config['timezone'] = 'America/Los_Angeles';
 	// The format string passed to DateTime::format() for displaying dates. ISO 8601-like by default.
 	// https://www.php.net/manual/en/datetime.format.php
-	$config['post_date'] = '%m/%d/%y (%a) %H:%M:%S';
+	$config['post_date'] = 'm/d/y (D) H:i:s';
 	// Same as above, but used for "you are banned' pages.
-	$config['ban_date'] = '%A %e %B, %Y';
+	$config['ban_date'] = 'l j F, Y';
 
 	// The names on the post buttons. (On most imageboards, these are both just "Post").
 	$config['button_newtopic'] = _('New Topic');

From ba2daa88e6b74471bbb9cef7ec0f2cfe95531f0c Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Sat, 22 Jul 2023 00:00:58 -0300
Subject: [PATCH 120/336] fix conversion of false to array

---
 inc/display.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/display.php b/inc/display.php
index 8a863648..66e4a37f 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -71,7 +71,7 @@ function createBoardlist($mod=false) {
 	);
 }
 
-function error($message, $priority = true, $debug_stuff = false) {
+function error($message, $priority = true, $debug_stuff = []) {
 	global $board, $mod, $config, $db_error;
 	
 	if ($config['syslog'] && $priority !== false) {

From 9f46f0fdd4aa915fab39f91c1e00c36162ecc445 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 15:37:18 +0200
Subject: [PATCH 121/336] functions.php: do not fail fail_unlink if the file
 does not exist

---
 inc/functions.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/inc/functions.php b/inc/functions.php
index 61b85a96..be1eb73c 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -715,12 +715,18 @@ function file_unlink($path) {
 		$debug['unlink'][] = $path;
 	}
 
-	$ret = @unlink($path);
+	if (file_exists($path)) {
+		$ret = @unlink($path);
+	} else {
+		$ret = true;
+	}
 
-		if ($config['gzip_static']) {
-				$gzpath = "$path.gz";
+	if ($config['gzip_static']) {
+		$gzpath = "$path.gz";
 
-		@unlink($gzpath);
+		if (file_exists($gzpath)) {
+			@unlink($gzpath);
+		}
 	}
 
 	if (isset($config['purge']) && $path[0] != '/' && isset($_SERVER['HTTP_HOST'])) {

From d700aa0522000635d3bed58b6b41708f7473fc5c Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 11 May 2024 16:02:15 +0200
Subject: [PATCH 122/336] Rework secure_login_only configuration option to
 allow secure default and header checking

---
 inc/config.php        |  9 +++++++--
 inc/functions/net.php | 16 +++++++---------
 inc/mod/auth.php      |  4 ++--
 inc/mod/pages.php     |  3 ++-
 4 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 2fd2ba08..e7089061 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -194,8 +194,13 @@
 	// Whether or not you can access the mod cookie in JavaScript. Most users should not need to change this.
 	$config['cookies']['httponly'] = true;
 
-	// Do not allow logins via unencrypted HTTP. If your website uses HTTPS, turn this on.
-	$config['cookies']['secure_login_only'] = false;
+	// Do not allow logins via unsecure connections.
+	// 0 = off. Allow logins on unencrypted HTTP connections. Should only be used in testing environments.
+	// 1 = on, trust HTTP headers. Allow logins on (at least reportedly partial) HTTPS connections. Use this only if you
+	// use a proxy, CDN or load balancer via an unencrypted connection. Be sure to filter 'HTTP_X_FORWARDED_PROTO' in
+	// the remote server, since an attacker could inject the header from the client.
+	// 2 = on, do not trust HTTP headers. Secure default, allow logins only on HTTPS connections.
+	$config['cookies']['secure_login_only'] = 2;
 
 	// Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).
 	$config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';
diff --git a/inc/functions/net.php b/inc/functions/net.php
index ebf578e7..e1541046 100644
--- a/inc/functions/net.php
+++ b/inc/functions/net.php
@@ -3,16 +3,14 @@ namespace Vichan\Functions\Net;
 
 
 /**
+ * @param bool $trust_headers. If true, trust the `HTTP_X_FORWARDED_PROTO` header to check if the connection is HTTPS.
  * @return bool Returns if the client-server connection is an encrypted one (HTTPS).
  */
-function is_connection_secure(): bool {
-    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
-        return true;
-    }
-    elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
-        return true;
-    }
-    else {
+function is_connection_secure(bool $trust_headers): bool {
+	if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
+		return true;
+	} elseif ($trust_headers && isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+		return true;
+	}
 	return false;
-    }
 }
diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 46da5cdb..ec9d6057 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -118,7 +118,7 @@ function setCookies(): void {
 		error('setCookies() was called for a non-moderator!');
 	}
 
-	$is_https = Net\is_connection_secure();
+	$is_https = Net\is_connection_secure($config['cookies']['secure_login_only'] === 1);
 	$is_path_jailed = $config['cookies']['jail'];
 	$name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
 
@@ -235,7 +235,7 @@ function make_secure_link_token(string $uri): string {
 function check_login(bool $prompt = false): void {
 	global $config, $mod;
 
-	$is_https = Net\is_connection_secure();
+	$is_https = Net\is_connection_secure($config['cookies']['secure_login_only'] === 1);
 	$is_path_jailed = $config['cookies']['jail'];
 	$expected_cookie_name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
 
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 34f920fd..bfae5bbb 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -35,7 +35,8 @@ function mod_login($redirect = false) {
 
 	$args = [];
 
-	if ($config['cookies']['secure_login_only'] && !Net\is_connection_secure()) {
+	$secure_login_mode = $config['cookies']['secure_login_only'];
+	if ($secure_login_mode !== 0 && !Net\is_connection_secure($secure_login_mode === 1)) {
 		$args['error'] = $config['error']['insecure'];
 	} elseif (isset($_POST['login'])) {
 		// Check if inputs are set and not empty

From 566b04f94e5f69bb16a7ec1617e15f9058883128 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 16 May 2024 21:26:36 -0700
Subject: [PATCH 123/336] add a message for those not using https

---
 install.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/install.php b/install.php
index 5fac2eaf..f5b2415c 100644
--- a/install.php
+++ b/install.php
@@ -867,6 +867,13 @@ if ($step == 0) {
 			'required' => false,
 			'message' => 'vichan does not have permission to make changes to <code>inc/secrets.php</code>. To complete the installation, you will be asked to manually copy and paste code into the file instead.'
 		),
+		array(
+			'category' => 'Misc',
+			'name' => 'HTTPS not being used',
+			'result' => $_SERVER['HTTPS'] == 'off',
+			'required' => false,
+			'message' => 'You are not currently using https for vichan, or at least for your backend server. If this intentional, add "$config[\'cookies\'][\'secure_login_only\'] = 0;" (or 1 if using a proxy) on a new line under "Additional configuration" on the next page.'
+		),
 		array(
 			'category' => 'Misc',
 			'name' => 'Caching available (APCu, Memcached or Redis)',

From 3d797c95ca8463b85efd516df838f5f5cf42f411 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 16 May 2024 22:12:12 -0700
Subject: [PATCH 124/336] The https check doesn't work properly if we run it
 inside the array.

---
 install.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/install.php b/install.php
index f5b2415c..abdd9337 100644
--- a/install.php
+++ b/install.php
@@ -689,6 +689,10 @@ if ($step == 0) {
 
 	echo Element('page.html', $page);
 } elseif ($step == 1) {
+	//The HTTPS check doesn't work properly when in those arrays, so let's run it here and pass along the result during the actual check.
+	if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
+        $httpsvalue = true;
+    }
 	$page['title'] = 'Pre-installation test';
 
 	$can_exec = true;
@@ -870,7 +874,7 @@ if ($step == 0) {
 		array(
 			'category' => 'Misc',
 			'name' => 'HTTPS not being used',
-			'result' => $_SERVER['HTTPS'] == 'off',
+			'result' => $httpsvalue = true,
 			'required' => false,
 			'message' => 'You are not currently using https for vichan, or at least for your backend server. If this intentional, add "$config[\'cookies\'][\'secure_login_only\'] = 0;" (or 1 if using a proxy) on a new line under "Additional configuration" on the next page.'
 		),

From 605f198d8cafee38958a23b7617fd4020ab52fe4 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 16 May 2024 22:51:20 -0700
Subject: [PATCH 125/336] fix bug with datetime

---
 inc/template.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/inc/template.php b/inc/template.php
index e3c4f222..4f30e00c 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -167,8 +167,12 @@ function twig_push_filter($array, $value) {
 }
 
 function twig_date_filter($date, $format) {
-	$date = new DateTime($date, new DateTimeZone('UTC'));
-	return $date->format($format);
+    if (is_numeric($date)) {
+        $date = new DateTime("@$date", new DateTimeZone('UTC'));
+    } else {
+        $date = new DateTime($date, new DateTimeZone('UTC'));
+    }
+    return $date->format($format);
 }
 
 function twig_hasPermission_filter($mod, $permission, $board = null) {

From 00be5e6ced35ceb7a7f496c55e6f383598a1280e Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 17 May 2024 00:51:24 -0700
Subject: [PATCH 126/336] remove redundant second catalog button

---
 js/catalog-link.js | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/js/catalog-link.js b/js/catalog-link.js
index 2a3a8853..2811f025 100644
--- a/js/catalog-link.js
+++ b/js/catalog-link.js
@@ -30,17 +30,7 @@ function catalog() {
     var link = document.createElement('a');
     link.href = catalog_url;
 
-    if (pages) {
-        link.textContent = _('Catalog');
-        link.style.color = '#F10000';
-        link.style.padding = '4px';
-        link.style.paddingLeft = '9px';
-        link.style.borderLeft = '1px solid';
-        link.style.borderLeftColor = '#A8A8A8';
-        link.style.textDecoration = "underline";
-
-        pages.appendChild(link);
-    } else {
+    if (!pages) {
         link.textContent = '['+_('Catalog')+']';
         link.style.paddingLeft = '10px';
         link.style.textDecoration = "underline";

From 37658f18174da959f69bf22329a35bd9d131aee3 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 17 May 2024 14:13:40 +0200
Subject: [PATCH 127/336] install.php: fix HTTPS check

---
 install.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/install.php b/install.php
index abdd9337..b0403420 100644
--- a/install.php
+++ b/install.php
@@ -689,10 +689,8 @@ if ($step == 0) {
 
 	echo Element('page.html', $page);
 } elseif ($step == 1) {
-	//The HTTPS check doesn't work properly when in those arrays, so let's run it here and pass along the result during the actual check.
-	if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
-        $httpsvalue = true;
-    }
+	// The HTTPS check doesn't work properly when in those arrays, so let's run it here and pass along the result during the actual check.
+	$httpsvalue = !empty($_SERVER['HTTPS'] && $_SERVER['HTTPS'] !== 'off';
 	$page['title'] = 'Pre-installation test';
 
 	$can_exec = true;
@@ -874,7 +872,7 @@ if ($step == 0) {
 		array(
 			'category' => 'Misc',
 			'name' => 'HTTPS not being used',
-			'result' => $httpsvalue = true,
+			'result' => $httpsvalue,
 			'required' => false,
 			'message' => 'You are not currently using https for vichan, or at least for your backend server. If this intentional, add "$config[\'cookies\'][\'secure_login_only\'] = 0;" (or 1 if using a proxy) on a new line under "Additional configuration" on the next page.'
 		),

From 9236e10f373bb96266b5f4bd2199a016efff1785 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Mon, 20 May 2024 04:32:30 -0700
Subject: [PATCH 128/336] add )

---
 install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install.php b/install.php
index b0403420..dec53bc6 100644
--- a/install.php
+++ b/install.php
@@ -690,7 +690,7 @@ if ($step == 0) {
 	echo Element('page.html', $page);
 } elseif ($step == 1) {
 	// The HTTPS check doesn't work properly when in those arrays, so let's run it here and pass along the result during the actual check.
-	$httpsvalue = !empty($_SERVER['HTTPS'] && $_SERVER['HTTPS'] !== 'off';
+	$httpsvalue = !empty($_SERVER['HTTPS'] && $_SERVER['HTTPS'] !== 'off');
 	$page['title'] = 'Pre-installation test';
 
 	$can_exec = true;

From 8963ebfce9925b86aa4a945993b93fac58c8ac28 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Wed, 22 May 2024 22:14:08 +0200
Subject: [PATCH 129/336] bans.php: simplify modLog string

---
 inc/bans.php | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index 126d38b8..3f0d0794 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -371,14 +371,13 @@ class Bans {
 
 		$query->execute() or error(db_error($query));
 		if (isset($mod['id']) && $mod['id'] == $mod_id) {
-			modLog('Created a new ' .
-				($length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', Format\until($length)) : 'permanent') .
-				' ban on ' .
-				($ban_board ? '/' . $ban_board . '/' : 'all boards') .
-				' for ' .
-				(filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/$cloaked_mask\">$cloaked_mask</a>" : $cloaked_mask) .
-				' (<small>#' . $pdo->lastInsertId() . '</small>)' .
-				' with ' . ($reason ? 'reason: ' . utf8tohtml($reason) . '' : 'no reason'));
+			$ban_len = $length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', Format\until($length)) : 'permanent';
+			$ban_board = $ban_board ? "/$ban_board/" : 'all boards';
+			$ban_ip = filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/$cloaked_mask\">$cloaked_mask</a>" : $cloaked_mask;
+			$ban_id = $pdo->lastInsertId();
+			$ban_reason = $reason ? 'reason: ' . utf8tohtml($reason) : 'no reason';
+
+			modLog("Created a new $ban_len ban on $ban_board for $ban_ip (<small># $ban_id </small>) with $ban_reason");
 		}
 
 		rebuildThemes('bans');

From 7e4dd5567b9a0974de4a49d3f30ca615dec64287 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Wed, 22 May 2024 22:14:38 +0200
Subject: [PATCH 130/336] bans.php: always print modLog

---
 inc/bans.php | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index 3f0d0794..c6847a4a 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -370,15 +370,14 @@ class Bans {
 			$query->bindValue(':post', null, PDO::PARAM_NULL);
 
 		$query->execute() or error(db_error($query));
-		if (isset($mod['id']) && $mod['id'] == $mod_id) {
-			$ban_len = $length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', Format\until($length)) : 'permanent';
-			$ban_board = $ban_board ? "/$ban_board/" : 'all boards';
-			$ban_ip = filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/$cloaked_mask\">$cloaked_mask</a>" : $cloaked_mask;
-			$ban_id = $pdo->lastInsertId();
-			$ban_reason = $reason ? 'reason: ' . utf8tohtml($reason) : 'no reason';
 
-			modLog("Created a new $ban_len ban on $ban_board for $ban_ip (<small># $ban_id </small>) with $ban_reason");
-		}
+		$ban_len = $length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', Format\until($length)) : 'permanent';
+		$ban_board = $ban_board ? "/$ban_board/" : 'all boards';
+		$ban_ip = filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/$cloaked_mask\">$cloaked_mask</a>" : $cloaked_mask;
+		$ban_id = $pdo->lastInsertId();
+		$ban_reason = $reason ? 'reason: ' . utf8tohtml($reason) : 'no reason';
+
+		modLog("Created a new $ban_len ban on $ban_board for $ban_ip (<small># $ban_id </small>) with $ban_reason");
 
 		rebuildThemes('bans');
 

From 88a48befd400c027b5fdc16e38953a74de2f95af Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Wed, 22 May 2024 23:54:06 +0200
Subject: [PATCH 131/336] pages.php: use link to create hardlinks instead of
 full file copy for thread moving

---
 inc/mod/pages.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index bfae5bbb..0e3c9c99 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -1342,8 +1342,8 @@ function mod_move($originBoard, $postID) {
 		if ($targetBoard === $originBoard)
 			error(_('Target and source board are the same.'));
 
-		// copy() if leaving a shadow thread behind; else, rename().
-		$clone = $shadow ? 'copy' : 'rename';
+		// link() if leaving a shadow thread behind; else, rename().
+		$clone = $shadow ? 'link' : 'rename';
 
 		// indicate that the post is a thread
 		$post['op'] = true;

From 5c99c8395eece3b4147a87ae764b4fa7648744a3 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Wed, 5 Jun 2024 18:00:24 -0700
Subject: [PATCH 132/336] add parsedown

---
 composer.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 4bf9bcc2..80eaf918 100644
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,8 @@
         "gettext/gettext": "^5.5",
         "mrclay/minify": "^2.1.6",
         "geoip/geoip": "^1.17",
-        "dapphp/securimage": "^4.0"
+        "dapphp/securimage": "^4.0",
+        "erusev/parsedown":  "^1.7.4"
     },
     "autoload": {
         "classmap": ["inc/"],

From 809ab99c9bf00fa8cba2ba117fd318847ec5471b Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Wed, 5 Jun 2024 18:02:08 -0700
Subject: [PATCH 133/336] allow images for markdown

---
 inc/functions.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/inc/functions.php b/inc/functions.php
index be1eb73c..c5b256ec 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -2820,7 +2820,6 @@ function purify_html($s) {
 function markdown($s) {
 	$pd = new Parsedown();
 	$pd->setMarkupEscaped(true);
-	$pd->setimagesEnabled(false);
 
 	return $pd->text($s);
 }

From f852172e9b2ca258740d7a053e8db5bbf645827b Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Wed, 5 Jun 2024 18:05:43 -0700
Subject: [PATCH 134/336] no they're not

---
 templates/mod/edit_page.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/mod/edit_page.html b/templates/mod/edit_page.html
index 3d132767..48b0dedf 100644
--- a/templates/mod/edit_page.html
+++ b/templates/mod/edit_page.html
@@ -5,7 +5,7 @@
 		<tr>
 		<th>{% trans %}Markup method{% endtrans %}
 			{% set allowed_html = config.allowed_html %}
-			{% trans %}<p class="unimportant">"markdown" is provided by <a href="http://parsedown.org/">parsedown</a>. Note: images disabled.</p>
+			{% trans %}<p class="unimportant">"markdown" is provided by <a href="http://parsedown.org/">parsedown</a></p>
 			<p class="unimportant">"html" allows the following tags:<br/>{{ allowed_html }}</p>
 			<p class="unimportant">"infinity" is the same as what is used in posts.</p>
 			<p class="unimportant">This page will not convert between formats,<br/>choose it once or do the conversion yourself!</p>{% endtrans %}

From bd7eb130ea4714624f3df5f340a1ed4b1c0b1335 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Wed, 5 Jun 2024 18:08:23 -0700
Subject: [PATCH 135/336] use current website

---
 templates/mod/dashboard.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/mod/dashboard.html b/templates/mod/dashboard.html
index 945b19fe..a5e11f82 100644
--- a/templates/mod/dashboard.html
+++ b/templates/mod/dashboard.html
@@ -166,7 +166,7 @@
 			<li>
 				A newer version of vichan
 				(<strong>v{{ newer_release.massive }}.{{ newer_release.major }}.{{ newer_release.minor }}</strong>) is available!
-				See <a href="https://engine.vichan.net">https://engine.vichan.net/</a> for upgrade instructions.
+				See <a href="https://vichan.info">https://vichan.info/</a> for upgrade instructions.
 			</li>
 		</ul>
 	</fieldset>

From d2f1b7e0e0d7117c62607e20e41102d565c3a447 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 6 Jun 2024 00:02:06 -0700
Subject: [PATCH 136/336] fix local-time somehow

this fixes it. i don't know how. don't ask. i'm not a javascript guy much.
---
 js/local-time.js | 50 +++++++++++++++++++++++++++++-------------------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/js/local-time.js b/js/local-time.js
index 1a05002b..73cee494 100644
--- a/js/local-time.js
+++ b/js/local-time.js
@@ -17,29 +17,40 @@ $(document).ready(function(){
 	'use strict';
 
 	var iso8601 = function(s) {
-		s = s.replace(/\.\d\d\d+/,""); // remove milliseconds
-		s = s.replace(/-/,"/").replace(/-/,"/");
-		s = s.replace(/T/," ").replace(/Z/," UTC");
-		s = s.replace(/([\+\-]\d\d)\:?(\d\d)/," $1$2"); // -04:00 -> -0400
+		var parts = s.split('T');
+		if (parts.length === 2) {
+			var timeParts = parts[1].split(':');
+			if (timeParts.length === 3) {
+				var secondsParts = timeParts[2].split('.');
+				if (secondsParts[0] > 59) {
+					secondsParts[0] = '59';
+				}
+				timeParts[2] = secondsParts.join('.');
+			}
+			parts[1] = timeParts.join(':');
+		}
+		s = parts.join('T');
+		if (!s.endsWith('Z')) {
+			s += 'Z';
+		}
 		return new Date(s);
 	};
+
 	var zeropad = function(num, count) {
 		return [Math.pow(10, count - num.toString().length), num].join('').substr(1);
 	};
 
 	var dateformat = (typeof strftime === 'undefined') ? function(t) {
 		return zeropad(t.getMonth() + 1, 2) + "/" + zeropad(t.getDate(), 2) + "/" + t.getFullYear().toString().substring(2) +
-				" (" + [_("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat"), _("Sun")][t.getDay()]  + ") " +
+				" (" + ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"][t.getDay()] + ") " +
 				// time
 				zeropad(t.getHours(), 2) + ":" + zeropad(t.getMinutes(), 2) + ":" + zeropad(t.getSeconds(), 2);
-
 	} : function(t) {
 		// post_date is defined in templates/main.js
 		return strftime(window.post_date, t, datelocale);
 	};
 
 	function timeDifference(current, previous) {
-
 		var msPerMinute = 60 * 1000;
 		var msPerHour = msPerMinute * 60;
 		var msPerDay = msPerHour * 24;
@@ -51,36 +62,35 @@ $(document).ready(function(){
 		if (elapsed < msPerMinute) {
 			return 'Just now';
 		} else if (elapsed < msPerHour) {
-			return Math.round(elapsed/msPerMinute) + (Math.round(elapsed/msPerMinute)<=1 ? ' minute ago':' minutes ago');
-		} else if (elapsed < msPerDay ) {
-			return Math.round(elapsed/msPerHour ) + (Math.round(elapsed/msPerHour)<=1 ? ' hour ago':' hours ago');
+			return Math.round(elapsed / msPerMinute) + (Math.round(elapsed / msPerMinute) <= 1 ? ' minute ago' : ' minutes ago');
+		} else if (elapsed < msPerDay) {
+			return Math.round(elapsed / msPerHour) + (Math.round(elapsed / msPerHour) <= 1 ? ' hour ago' : ' hours ago');
 		} else if (elapsed < msPerMonth) {
-			return Math.round(elapsed/msPerDay) + (Math.round(elapsed/msPerDay)<=1 ? ' day ago':' days ago');
+			return Math.round(elapsed / msPerDay) + (Math.round(elapsed / msPerDay) <= 1 ? ' day ago' : ' days ago');
 		} else if (elapsed < msPerYear) {
-			return Math.round(elapsed/msPerMonth) + (Math.round(elapsed/msPerMonth)<=1 ? ' month ago':' months ago');
+			return Math.round(elapsed / msPerMonth) + (Math.round(elapsed / msPerMonth) <= 1 ? ' month ago' : ' months ago');
 		} else {
-			return Math.round(elapsed/msPerYear ) + (Math.round(elapsed/msPerYear)<=1 ? ' year ago':' years ago');
+			return Math.round(elapsed / msPerYear) + (Math.round(elapsed / msPerYear) <= 1 ? ' year ago' : ' years ago');
 		}
 	}
 
-	var do_localtime = function(elem) {	
+	var do_localtime = function(elem) {
 		var times = elem.getElementsByTagName('time');
 		var currentTime = Date.now();
 
-		for(var i = 0; i < times.length; i++) {
+		for (var i = 0; i < times.length; i++) {
 			var t = times[i].getAttribute('datetime');
-			var postTime = new Date(t);
+			var postTime = iso8601(t);
 
 			times[i].setAttribute('data-local', 'true');
 
 			if (localStorage.show_relative_time === 'false') {
-				times[i].innerHTML = dateformat(iso8601(t));
+				times[i].innerHTML = dateformat(postTime);
 				times[i].setAttribute('title', timeDifference(currentTime, postTime.getTime()));
 			} else {
 				times[i].innerHTML = timeDifference(currentTime, postTime.getTime());
-				times[i].setAttribute('title', dateformat(iso8601(t)));
+				times[i].setAttribute('title', dateformat(postTime));
 			}
-		
 		}
 	};
 
@@ -101,7 +111,7 @@ $(document).ready(function(){
 		});
 
 		if (localStorage.show_relative_time !== 'false') {
-			$('#show-relative-time>input').attr('checked','checked');
+			$('#show-relative-time>input').attr('checked', 'checked');
 			interval_id = setInterval(do_localtime, 30000, document);
 		}
 

From 991ed657fb8a6b0121b82be605da298e99c6a708 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 15 Jun 2024 00:53:49 +0200
Subject: [PATCH 137/336] install.php: fix https check

---
 install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install.php b/install.php
index dec53bc6..44bbb085 100644
--- a/install.php
+++ b/install.php
@@ -690,7 +690,7 @@ if ($step == 0) {
 	echo Element('page.html', $page);
 } elseif ($step == 1) {
 	// The HTTPS check doesn't work properly when in those arrays, so let's run it here and pass along the result during the actual check.
-	$httpsvalue = !empty($_SERVER['HTTPS'] && $_SERVER['HTTPS'] !== 'off');
+	$httpsvalue = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
 	$page['title'] = 'Pre-installation test';
 
 	$can_exec = true;

From fff9b88c6d15261eaa83f7bc44bcefc6ed9197e6 Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Thu, 20 Jun 2024 10:11:47 -0300
Subject: [PATCH 138/336] hash poster passwords

---
 inc/config.php                  |  3 +++
 inc/functions.php               |  6 ++++++
 install.php                     |  1 +
 post.php                        | 16 ++++++++--------
 templates/installer/config.html |  3 +++
 tools/hash-passwords.php        | 17 +++++++++++++++++
 6 files changed, 38 insertions(+), 8 deletions(-)
 create mode 100644 tools/hash-passwords.php

diff --git a/inc/config.php b/inc/config.php
index 0cece593..664d1710 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -184,6 +184,9 @@
 	// Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).
 	$config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';
 
+	// Used to salt poster passwords.
+	$config['secure_password_salt'] = 'wKJSb7M5SyzMcFWD2gPO3j2RYUSO9B789!@#$%^&*()';
+
 /*
  * ====================
  *  Flood/spam settings
diff --git a/inc/functions.php b/inc/functions.php
index 2f23ef09..adf83e9b 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -3089,3 +3089,9 @@ function check_thread_limit($post) {
 		return $r['count'] >= $config['max_threads_per_hour'];
 	}
 }
+
+function hashPassword($password) {
+	global $config;
+
+	return hash('sha3-256', $password . $config['secure_password_salt']);
+}
\ No newline at end of file
diff --git a/install.php b/install.php
index c174771b..0b25ae02 100644
--- a/install.php
+++ b/install.php
@@ -919,6 +919,7 @@ if ($step == 0) {
 	$sg = new SaltGen();
 	$config['cookies']['salt'] = $sg->generate();
 	$config['secure_trip_salt'] = $sg->generate();
+	$config['secure_password_salt'] = $sg->generate();
 
 	echo Element('page.html', array(
 		'body' => Element('installer/config.html', array(
diff --git a/post.php b/post.php
index 0a0dd94a..b7fd5f71 100644
--- a/post.php
+++ b/post.php
@@ -364,10 +364,11 @@ if (isset($_POST['delete'])) {
 	if (!isset($_POST['board'], $_POST['password']))
 		error($config['error']['bot']);
 
-	$password = &$_POST['password'];
-
-	if ($password == '')
+	if (empty($_POST['password'])){
 		error($config['error']['invalidpassword']);
+	}
+
+	$password = hashPassword($_POST['password']);
 
 	$delete = array();
 	foreach ($_POST as $post => $value) {
@@ -415,10 +416,11 @@ if (isset($_POST['delete'])) {
 				error(sprintf($config['error']['delete_too_late'], until($post['time'] + $config['max_delete_time'])));
 			}
 
-			if ($password != '' && $post['password'] != $password && (!$thread || $thread['password'] != $password))
+			if (!hash_equals($post['password'], $password) && (!$thread || !hash_equals($thread['password'], $password))) {
 				error($config['error']['invalidpassword']);
+			}
 
-			if ($post['time'] > time() - $config['delete_time'] && (!$thread || $thread['password'] != $password)) {
+			if ($post['time'] > time() - $config['delete_time'] && (!$thread || !hash_equals($thread['password'], $password))) {
 				error(sprintf($config['error']['delete_too_soon'], until($post['time'] + $config['delete_time'])));
 			}
 
@@ -767,7 +769,7 @@ if (isset($_POST['delete'])) {
 	$post['subject'] = $_POST['subject'];
 	$post['email'] = str_replace(' ', '%20', htmlspecialchars($_POST['email']));
 	$post['body'] = $_POST['body'];
-	$post['password'] = $_POST['password'];
+	$post['password'] = hashPassword($_POST['password']);
 	$post['has_file'] = (!isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || count($_FILES) > 0));
 
 	if (!$dropped_post) {
@@ -920,8 +922,6 @@ if (isset($_POST['delete'])) {
 			error($config['error']['toolong_body']);
 		if (!$mod && substr_count($post['body'], "\n") >= $config['maximum_lines'])
 			error($config['error']['toomanylines']);
-		if (mb_strlen($post['password']) > 20)
-			error(sprintf($config['error']['toolong'], 'password'));
 	}
 	wordfilters($post['body']);
 
diff --git a/templates/installer/config.html b/templates/installer/config.html
index 973328f5..00a5b241 100644
--- a/templates/installer/config.html
+++ b/templates/installer/config.html
@@ -88,6 +88,9 @@
 		<label for="secure_trip_salt">Secure trip (##) salt:</label> 
 		<input type="text" id="secure_trip_salt" name="secure_trip_salt" value="{{ config.secure_trip_salt }}" size="40">
 
+		<label for="secure_password_salt">Poster password salt:</label>
+		<input type="text" id="secure_password_salt" name="secure_password_salt" value="{{ config.secure_password_salt }}" size="40">
+
 		<label for="more">Additional configuration:</label>
 		<textarea id="more" name="more">{{ more }}</textarea>
 	</fieldset>
diff --git a/tools/hash-passwords.php b/tools/hash-passwords.php
new file mode 100644
index 00000000..3c6463ee
--- /dev/null
+++ b/tools/hash-passwords.php
@@ -0,0 +1,17 @@
+<?php
+
+require_once dirname(__FILE__) . '/inc/cli.php';
+
+$boards = listBoards();
+		foreach ($boards as &$_board) {
+			query(sprintf('ALTER TABLE ``posts_%s`` MODIFY `password` varchar(64) DEFAULT NULL;', $_board['uri'])) or error(db_error());
+		    $query = prepare(sprintf("SELECT DISTINCT `password` FROM ``posts_%s``", $_board['uri']));
+            $query->execute() or error(db_error($query));
+
+		    while($entry = $query->fetch(PDO::FETCH_ASSOC)) {
+		        $update_query = prepare(sprintf("UPDATE ``posts_%s`` SET `password` = :password WHERE `password` = :password_org", $_board['uri']));
+		        $update_query->bindValue(':password', hashPassword($entry['password']));
+		        $update_query->bindValue(':password_org', $entry['password']);
+		        $update_query->execute() or  error(db_error());
+		    }
+		}

From e9f1d59209cf308442e4a1dc4969ad8db8e9e69c Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Thu, 20 Jun 2024 10:32:12 -0300
Subject: [PATCH 139/336] posts.sql: update column password

---
 templates/posts.sql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/posts.sql b/templates/posts.sql
index 9c468c97..71bad994 100644
--- a/templates/posts.sql
+++ b/templates/posts.sql
@@ -13,7 +13,7 @@ CREATE TABLE IF NOT EXISTS ``posts_{{ board }}`` (
    `files` text DEFAULT NULL,
    `num_files` int(11) DEFAULT 0,
    `filehash` text CHARACTER SET ascii,
-   `password` varchar(20) DEFAULT NULL,
+   `password` varchar(64) DEFAULT NULL,
    `ip` varchar(39) CHARACTER SET ascii NOT NULL,
    `sticky` int(1) NOT NULL,
    `locked` int(1) NOT NULL,

From b21865853b64793666e45cd2819245cad9eac2d1 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 20 Jun 2024 20:38:35 -0700
Subject: [PATCH 140/336] fix the rest of local-time.js somehow

---
 js/local-time.js | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/js/local-time.js b/js/local-time.js
index 73cee494..9c39ed78 100644
--- a/js/local-time.js
+++ b/js/local-time.js
@@ -21,15 +21,20 @@ $(document).ready(function(){
 		if (parts.length === 2) {
 			var timeParts = parts[1].split(':');
 			if (timeParts.length === 3) {
-				var secondsParts = timeParts[2].split('.');
-				if (secondsParts[0] > 59) {
-					secondsParts[0] = '59';
+				var seconds = timeParts[2];
+				if (seconds.length > 2) {
+					seconds = seconds.substr(0, 2) + '.' + seconds.substr(2);
 				}
-				timeParts[2] = secondsParts.join('.');
+				// Ensure seconds part is valid
+				if (parseFloat(seconds) > 59) {
+					seconds = '59';
+				}
+				timeParts[2] = seconds;
 			}
 			parts[1] = timeParts.join(':');
 		}
 		s = parts.join('T');
+
 		if (!s.endsWith('Z')) {
 			s += 'Z';
 		}
@@ -123,3 +128,4 @@ $(document).ready(function(){
 
 	do_localtime(document);
 });
+

From 281f39120562d2af157a0302207032b7a4e4f361 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 23 Jun 2024 13:13:45 +0200
Subject: [PATCH 141/336] docker: remove PEAR leftovers

---
 docker/php/Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index 0e2f741d..40383861 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -64,7 +64,8 @@ RUN apk add --no-cache \
         imagemagick-dev \
         pcre-dev \
         $PHPIZE_DEPS \
-    && rm -rf /var/cache/*
+    && rm -rf /var/cache/* \
+    && rm -rf /tmp/pear
 RUN rmdir /var/www/html \
     && install -d -m 744 -o www-data -g www-data /var/www \
     && install -d -m 700 -o www-data -g www-data /var/tmp/vichan \

From 555d14b7ae0638d42182d9d8c0bef278ee938067 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 23 Jun 2024 14:43:13 +0200
Subject: [PATCH 142/336] docker: make the compose local instance folder file
 parametrizable

---
 docker-compose.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index da45b113..c691b303 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,7 +9,7 @@ services:
     depends_on:
       - db
     volumes:
-      - ./local-instances/1/www:/var/www/html
+      - ./local-instances/${LOCAL_INSTANCE_NAME:-0}/www:/var/www/html
       - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf
       - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
       - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
@@ -21,7 +21,7 @@ services:
       context: .
       dockerfile: ./docker/php/Dockerfile
     volumes:
-      - ./local-instances/1/www:/var/www
+      - ./local-instances/${LOCAL_INSTANCE_NAME:-0}/www:/var/www
       - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
 
@@ -37,4 +37,4 @@ services:
       MYSQL_DATABASE: vichan
       MYSQL_ROOT_PASSWORD: password
     volumes:
-      - ./local-instances/1/mysql:/var/lib/mysql
+      - ./local-instances/${LOCAL_INSTANCE_NAME:-0}/mysql:/var/lib/mysql

From ef1939500cf2da891840eea8f9a78d8631eb5bbc Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 23 Jun 2024 14:44:49 +0200
Subject: [PATCH 143/336] docker: use modern compose file naming scheme

---
 docker-compose.yml => compose.yml | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docker-compose.yml => compose.yml (100%)

diff --git a/docker-compose.yml b/compose.yml
similarity index 100%
rename from docker-compose.yml
rename to compose.yml

From fe8fa0da8a481c4dac5176b451874fa1ab8772aa Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 27 Jun 2024 02:13:54 -0700
Subject: [PATCH 144/336] move to the js file

---
 templates/mod/ban_list.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/mod/ban_list.html b/templates/mod/ban_list.html
index de13516c..0c67f269 100644
--- a/templates/mod/ban_list.html
+++ b/templates/mod/ban_list.html
@@ -21,7 +21,7 @@
 			<div class='buttons'>
 				<input type="text" id="search" placeholder="{% trans %}Search{% endtrans %}">
 				{% if mod %}
-				<input type="submit" name="unban" id="unban" onclick="return confirm('Are you sure you want to unban the selected IPs?');" value="{% trans 'Unban selected' %}">
+				<input type="submit" name="unban" id="unban" value="{% trans 'Unban selected' %}">
 				{% endif %}
 			</div>
 

From 1a780ce9cb3cf788def1c444423aaf39ffe2bb10 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 27 Jun 2024 02:18:06 -0700
Subject: [PATCH 145/336] move are you sure prompt to the js file

---
 js/mod/ban-list.js | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/js/mod/ban-list.js b/js/mod/ban-list.js
index d50fb5d2..415934b1 100644
--- a/js/mod/ban-list.js
+++ b/js/mod/ban-list.js
@@ -129,14 +129,16 @@ var banlist_init = function(token, my_boards, inMod) {
     $(".banform").on("submit", function() { return false; });
 
     $("#unban").on("click", function() {
-      $(".banform .hiddens").remove();
-      $("<input type='hidden' name='unban' value='unban' class='hiddens'>").appendTo(".banform");
-
-      $.each(selected, function(e) {
-        $("<input type='hidden' name='ban_"+e+"' value='unban' class='hiddens'>").appendTo(".banform");
-      });
-
-      $(".banform").off("submit").submit();
+      if (confirm('Are you sure you want to unban the selected IPs?')) {
+        $(".banform .hiddens").remove();
+        $("<input type='hidden' name='unban' value='unban' class='hiddens'>").appendTo(".banform");
+    
+        $.each(selected, function(e) {
+          $("<input type='hidden' name='ban_"+e+"' value='unban' class='hiddens'>").appendTo(".banform");
+        });
+    
+        $(".banform").off("submit").submit();
+      }
     });
 
     if (device_type == 'desktop') {

From 89a31794d98645e6b1a226a78648fb3fc7317d32 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 4 Jul 2024 11:29:18 -0700
Subject: [PATCH 146/336] fixing and standardizing something i did at like 4am
 with tripcode disabling

---
 post.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post.php b/post.php
index ba339395..b09cb341 100644
--- a/post.php
+++ b/post.php
@@ -853,7 +853,7 @@ if (isset($_POST['delete'])) {
 
 	$trip = generate_tripcode($post['name']);
 	$post['name'] = $trip[0];
-	if ($config['disable_tripcodes'] = true && !$mod) {
+	if ($config['disable_tripcodes'] && !$mod) {
 		$post['trip'] = '';
 	}
 	else {

From dba38b10d40698c6421cc67c026a95743ff4cdfd Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 14 Jul 2024 03:26:06 -0700
Subject: [PATCH 147/336] allow wildcard for catalog theme

---
 templates/themes/catalog/theme.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/templates/themes/catalog/theme.php b/templates/themes/catalog/theme.php
index 2f0cfe7a..afe2ff90 100644
--- a/templates/themes/catalog/theme.php
+++ b/templates/themes/catalog/theme.php
@@ -1,6 +1,15 @@
 <?php
 	require 'info.php';
 
+	function get_all_boards() {
+		$boards = [];
+		$query = query("SELECT uri FROM ``boards``") or error(db_error());
+		while ($board = $query->fetch(PDO::FETCH_ASSOC)) {
+			$boards[] = $board['uri'];
+		}
+		return $boards;
+	}
+
 	function catalog_build($action, $settings, $board) {
 		global $config;
 
@@ -13,6 +22,11 @@
 
 		$boards = explode(' ', $settings['boards']);
 
+		if (in_array('*', $boards)) {
+			$boards = get_all_boards();
+		}
+
+
 		if ($action == 'all') {
 			foreach ($boards as $board) {
 				$b = new Catalog();

From 9a80ae24348fc1de22302f7d37e0a354bd2361a7 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 14 Jul 2024 03:38:09 -0700
Subject: [PATCH 148/336] make the wildcard the default

---
 templates/themes/catalog/info.php | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/templates/themes/catalog/info.php b/templates/themes/catalog/info.php
index c20a0ca3..a5fa1ddd 100644
--- a/templates/themes/catalog/info.php
+++ b/templates/themes/catalog/info.php
@@ -17,17 +17,12 @@
 		'default' => 'Catalog'
 	);
 	
-	$__boards = listBoards();
-	$__default_boards = Array();
-	foreach ($__boards as $__board)
-		$__default_boards[] = $__board['uri'];
-	
 	$theme['config'][] = Array(
 		'title' => 'Included boards',
 		'name' => 'boards',
 		'type' => 'text',
 		'comment' => '(space seperated)',
-		'default' => implode(' ', $__default_boards)
+		'default' => implode('*')
 	);
 	
 	$theme['config'][] = Array(

From d23d1526e8f2554cf049252a17b735e90a611c42 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 14 Jul 2024 03:41:04 -0700
Subject: [PATCH 149/336] forgot to remove implode()

---
 templates/themes/catalog/info.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/themes/catalog/info.php b/templates/themes/catalog/info.php
index a5fa1ddd..d637069a 100644
--- a/templates/themes/catalog/info.php
+++ b/templates/themes/catalog/info.php
@@ -22,7 +22,7 @@
 		'name' => 'boards',
 		'type' => 'text',
 		'comment' => '(space seperated)',
-		'default' => implode('*')
+		'default' => '*'
 	);
 	
 	$theme['config'][] = Array(

From 409f571955be4cb8b5b52703f0c1ad885b3a3195 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 14 Jul 2024 04:21:21 -0700
Subject: [PATCH 150/336] switch to columns of two. Make it optional for a
 video and other things.

---
 templates/themes/index/index.html | 35 ++++++++++++++++++++-----------
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/templates/themes/index/index.html b/templates/themes/index/index.html
index 953e7bf4..2d037ccc 100644
--- a/templates/themes/index/index.html
+++ b/templates/themes/index/index.html
@@ -23,7 +23,7 @@
 	<div class="box-wrap">
 	    <fieldset>
 		<legend>Boards</legend>
-		<ul>
+		<ul style="columns: 2;">
 			{% for board in boards %}
 				<li class="boardlinksurl">
 					<a href="{{ config.board_path|sprintf(board.uri) }}">
@@ -34,17 +34,28 @@
 		</ul>
 	    </fieldset>
 	    <br>
-	    <div class="mainBox">
-	        <br>
-	        <div class="description">{{ settings.description }}</div>
-	        <br>
-	        <img class="imageofnow" src="{{ settings.imageofnow }}">
-	        <br>
-	        <div class="quoteofnow">{{ settings.quoteofnow }}</div>
-	        <br>
-	        <iframe class ="videoofnow" width="560" height="315" src="{{ settings.videoofnow }}"></iframe>
-	        <br>
-	    </div>
+		{% if settings.description or settings.imageofnow or settings.quoteofnow or settings.videoofnow %}
+			<div class="mainBox">
+				<br>
+				{% if settings.description %}
+					<div class="description">{{ settings.description }}</div>
+					<br>
+				{% endif %}
+				{% if settings.imageofnow %}
+					<img class="imageofnow" src="{{ settings.imageofnow }}">
+					<br>
+				{% endif %}
+				{% if settings.quoteofnow %}
+					<div class="quoteofnow">{{ settings.quoteofnow }}</div>
+					<br>
+				{% endif %}
+				{% if settings.videoofnow %}
+					<iframe class="videoofnow" width="560" height="315" src="{{ settings.videoofnow }}"></iframe>
+					<br>
+				{% endif %}
+			</div>
+		{% endif %}
+	
 	    <div class="ban">
 		{% if news|length == 0 %}
 			<p style="text-align:center" class="unimportant">(No news to show.)</p>

From c223b1c55d3496536d3f7c28bd8123f03a08525d Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 14 Jul 2024 04:37:28 -0700
Subject: [PATCH 151/336] allow board exclusion for the boardlist

---
 templates/themes/index/info.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/templates/themes/index/info.php b/templates/themes/index/info.php
index 4b15023f..2d01cba0 100644
--- a/templates/themes/index/info.php
+++ b/templates/themes/index/info.php
@@ -74,12 +74,19 @@
 	);
 	
 	$theme['config'][] = Array(
-		'title' => 'Excluded boards',
+		'title' => 'Excluded boards (recent posts)',
 		'name' => 'exclude',
 		'type' => 'text',
 		'comment' => '(space seperated)'
 	);
 	
+	$theme['config'][] = Array(
+		'title' => 'Excluded boards (boardlist)',
+		'name' => 'excludeboardlist',
+		'type' => 'text',
+		'comment' => '(space seperated)'
+	);
+	
 	$theme['config'][] = Array(
 		'title' => '# of recent images',
 		'name' => 'limit_images',

From 541f31f4d1a93d0b166f3a1579f05fa77cce053a Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 14 Jul 2024 04:38:11 -0700
Subject: [PATCH 152/336] allow excluding boards from the boardlist

---
 templates/themes/index/theme.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/templates/themes/index/theme.php b/templates/themes/index/theme.php
index f9262b82..fc75b77b 100644
--- a/templates/themes/index/theme.php
+++ b/templates/themes/index/theme.php
@@ -158,6 +158,13 @@
 			$settings['no_recent'] = (int) $settings['no_recent'];
 			$query = query("SELECT * FROM ``news`` ORDER BY `time` DESC" . ($settings['no_recent'] ? ' LIMIT ' . $settings['no_recent'] : '')) or error(db_error());
 			$news = $query->fetchAll(PDO::FETCH_ASSOC);
+
+			// Excluded boards for the boardlist
+			$excluded_boards = isset($settings['excludeboardlist']) ? explode(' ', $settings['excludeboardlist']) : [];
+			$boardlist = array_filter($boards, function($board) use ($excluded_boards) {
+				return !in_array($board['uri'], $excluded_boards);
+			});
+			
 			
 			return Element('themes/index/index.html', Array(
 				'settings' => $settings,
@@ -167,7 +174,7 @@
 				'recent_posts' => $recent_posts,
 				'stats' => $stats,
 				'news' => $news,
-				'boards' => listBoards()
+				'boards' => $boardlist
 			));
 		}
 	};

From a20f618d80543c9fc2adba7011666e9fdf0686a8 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 19 Jul 2024 11:30:08 -0700
Subject: [PATCH 153/336] Create uboachan-gray.css

#777
---
 stylesheets/uboachan-gray.css | 121 ++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100644 stylesheets/uboachan-gray.css

diff --git a/stylesheets/uboachan-gray.css b/stylesheets/uboachan-gray.css
new file mode 100644
index 00000000..c5867f14
--- /dev/null
+++ b/stylesheets/uboachan-gray.css
@@ -0,0 +1,121 @@
+body {
+	background: #1C1C1C;
+	color: #AAA;
+}
+a:link, a:visited, p.intro a.email span.name {
+	color: #8080E0;
+}
+a:hover, a:link:hover, a:visited:hover {
+	color: #f33;
+}
+a.post_no {
+	color: 999;
+}
+div.post.reply {
+	background: #383838;
+	border: 1px solid #000000;
+	transition: 0.3s;
+}
+div.post.reply.highlighted {
+	/*background: #202020;*/
+	border: 1px solid #000000;
+	border-left: 1px solid #D03030;
+	background: #282828;
+	/*border: none;*/
+	transition: 0.3s;
+}
+/*Changed this*/
+div.post.reply div.body a {
+	color: #8080E0;
+}
+p.intro span.subject {
+	color: #8080E0;
+}
+p.intro span.capcode, p.intro a.capcode, p.intro a.nametag {
+        color: #F33;
+        margin-left: 0;
+}
+form table tr th {
+	background: #383838;
+	color: #CCC;
+}
+div.ban h2 {
+	background: #504040;
+	color: inherit;
+}
+div.ban {
+	border-color: #cccccc;
+	background: #404040;
+}
+div.ban p {
+	color: black;
+}
+div.pages {
+	background: #404040;
+	border-color: #000000;
+}
+div.pages a.selected {
+	color: #101010;
+}
+hr {
+	border-color: gray;
+}
+div.boardlist {
+	color: #a0a0a0;
+}
+div.boardlist a {
+	color: #a9a9a9;
+}
+div.report {
+	color: gray;
+}
+table.modlog tr th {
+	background: #555;
+}
+input, input[type="text"], input[type="password"], textarea {
+	color: #AAA;
+	background: #111;
+	border: 1px solid #000;
+}
+div.banner {
+	background-color: #833;
+}
+div.banner, div.banner a {
+	color: #000000;
+}
+div.title, h1 {
+	color: #B03030;
+}
+h2 {
+	color: #B03030;
+}
+div.blotter {
+	color: #D33;
+}
+.category {
+	background: #603030;
+	color: #141414;
+	border-color: #a9a9a9;
+}
+#maintable {
+	background: #404040;
+}
+#announcement {
+	background: #404040;
+	color: #D04040;
+}
+.post_wrap {
+	background: #404040;
+}
+.post_body {
+	background: #303030;
+}
+header div.subtitle {
+	color: #B03030;
+}
+span.heading {
+	color: #D03030;
+}
+#options_div {
+    background-color: #404040;
+}

From 4bc69be4bce4089bfd15476695b4e401fec1e7fb Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 27 Jul 2024 15:21:06 +0200
Subject: [PATCH 154/336] bans.php: fix new_ban failing due to the message body
 being too big

---
 inc/bans.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/inc/bans.php b/inc/bans.php
index c6847a4a..0da89640 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -365,6 +365,14 @@ class Bans {
 				openBoard($post['board']);
 
 			$post['board'] = $board['uri'];
+			/*
+			 * The body can be so long to make the json longer than 64KBs, causing the query to fail.
+			 * Truncate it to a safe length (32KBs). It could probably be longer, but if the deleted body is THAT big
+			 * already, the likelihood of it being just assorted spam/garbage is about 101%.
+			 */
+			// We're on UTF-8 only, right...?
+			$post['body'] = mb_strcut($post['body'], 0, 32768);
+
 			$query->bindValue(':post', json_encode($post));
 		} else
 			$query->bindValue(':post', null, PDO::PARAM_NULL);

From 098edb9cd77e693dfc13c07e72c249d022bc0756 Mon Sep 17 00:00:00 2001
From: seisatsu <seisatsu@seisat.su>
Date: Wed, 31 Jul 2024 12:44:39 -0500
Subject: [PATCH 155/336] Add a spam filter that unshortens urls

---
 inc/config.php    | 11 +++++++++++
 inc/filters.php   |  8 ++++++++
 inc/functions.php | 27 ++++++++++++++++++++++++++-
 3 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/inc/config.php b/inc/config.php
index bf62afb7..c2c25da2 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -511,6 +511,17 @@
 	// 	'action' => 'reject'
 	// );
 
+	// Example: Expand shortened links in a post, looking for and blocking URLs that lead to an unwanted
+        // endpoint. Many botspam posts include a variety of shortened URLs which all point to the same few
+        // webhosts. You can use this filter to block the endpoint webhost instead of just the apparent URL.
+	// $config['filters'][] = array(
+	// 	'condition' => array(
+	// 		'unshorten' => '/endpoint.net/i',
+	// 	),
+	// 	'action' => 'reject',
+	// 	'message' => 'None of that, please.'
+	// );
+
 	// Filter flood prevention conditions ("flood-match") depend on a table which contains a cache of recent
 	// posts across all boards. This table is automatically purged of older posts, determining the maximum
 	// "age" by looking at each filter. However, when determining the maximum age, vichan does not look
diff --git a/inc/filters.php b/inc/filters.php
index ffe87d54..31140919 100644
--- a/inc/filters.php
+++ b/inc/filters.php
@@ -136,6 +136,14 @@ class Filter {
 				return $post['board'] == $match;
 			case 'password':
 				return $post['password'] == $match;
+			case 'unshorten':
+				$extracted_urls = get_urls($post['body_nomarkup']);
+				foreach ($extracted_urls as $url) {
+					if (preg_match($match, trace_url($url))) {
+						return true;
+					}
+				}
+				return false;
 			default:
 				error('Unknown filter condition: ' . $condition);
 		}
diff --git a/inc/functions.php b/inc/functions.php
index 46e03d2a..f1c2c26c 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -3027,4 +3027,29 @@ function hashPassword($password) {
 	global $config;
 
 	return hash('sha3-256', $password . $config['secure_password_salt']);
-}
\ No newline at end of file
+}
+
+// Thanks to https://gist.github.com/marijn/3901938
+function trace_url($url) {
+	$ch = curl_init($url);
+	curl_setopt_array($ch, array(
+		CURLOPT_FOLLOWLOCATION => TRUE,  // the magic sauce
+		CURLOPT_RETURNTRANSFER => TRUE,
+		CURLOPT_SSL_VERIFYHOST => FALSE, // suppress certain SSL errors
+		CURLOPT_SSL_VERIFYPEER => FALSE,
+		CURLOPT_TIMEOUT => 30,
+	));
+	curl_exec($ch);
+	$url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
+	curl_close($ch);
+	return $url;
+}
+
+// Thanks to https://stackoverflow.com/questions/10002227/linkify-regex-function-php-daring-fireball-method/10002262#10002262
+function get_urls($body) {
+	$regex = '(?xi)\b((?:https?://|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:\'".,<>?«»“”‘’]))';
+
+	$result = preg_match_all("#$regex#i", $body, $match);
+
+	return $match[0];
+}

From 8d3bfedc72116ba5e44ccfc588240129e9325c3d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 15 Apr 2024 23:33:12 +0200
Subject: [PATCH 156/336] main.js: trim

---
 templates/main.js | 47 +++++++++++++++++++++++------------------------
 1 file changed, 23 insertions(+), 24 deletions(-)

diff --git a/templates/main.js b/templates/main.js
index 3b32f916..e8dae8d1 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -45,7 +45,7 @@ function ago($timestamp) {
         switch(true){
         case ($difference < 60) :
                 return "" + $difference + ' ' + _('second(s)');
-        case ($difference < 3600): //60*60 = 3600 
+        case ($difference < 3600): //60*60 = 3600
                 return "" + ($num = Math.round($difference/(60))) + ' ' + _('minute(s)');
         case ($difference <  86400): //60*60*24 = 86400
                 return "" + ($num = Math.round($difference/(3600))) + ' ' + _('hour(s)');
@@ -131,7 +131,7 @@ function changeStyle(styleName, link) {
 		localStorage.stylesheet = styleName;
 	{% endif %}
 	{% verbatim %}
-	
+
 	if (!document.getElementById('stylesheet')) {
 		var s = document.createElement('link');
 		s.rel = 'stylesheet';
@@ -140,21 +140,21 @@ function changeStyle(styleName, link) {
 		var x = document.getElementsByTagName('head')[0];
 		x.appendChild(s);
 	}
-	
+
 	document.getElementById('stylesheet').href = styles[styleName];
 	selectedstyle = styleName;
-	
+
 	if (document.getElementsByClassName('styles').length != 0) {
 		var styleLinks = document.getElementsByClassName('styles')[0].childNodes;
 		for (var i = 0; i < styleLinks.length; i++) {
 			styleLinks[i].className = '';
 		}
 	}
-	
+
 	if (link) {
 		link.className = 'selected';
 	}
-	
+
 	if (typeof $ != 'undefined')
 		$(window).trigger('stylesheet', styleName);
 }
@@ -163,11 +163,11 @@ function changeStyle(styleName, link) {
 {% endverbatim %}
 {% if config.stylesheets_board %}
 	{% verbatim %}
-	
+
 	if (!localStorage.board_stylesheets) {
 		localStorage.board_stylesheets = '{}';
 	}
-	
+
 	var stylesheet_choices = JSON.parse(localStorage.board_stylesheets);
 	if (board_name && stylesheet_choices[board_name]) {
 		for (var styleName in styles) {
@@ -195,7 +195,7 @@ function changeStyle(styleName, link) {
 function init_stylechooser() {
 	var newElement = document.createElement('div');
 	newElement.className = 'styles';
-	
+
 	for (styleName in styles) {
 		var style = document.createElement('a');
 		style.innerHTML = '[' + styleName + ']';
@@ -207,8 +207,8 @@ function init_stylechooser() {
 		}
 		style.href = 'javascript:void(0);';
 		newElement.appendChild(style);
-	}	
-	
+	}
+
 	document.getElementsByTagName('body')[0].insertBefore(newElement, document.getElementsByTagName('body')[0].lastChild.nextSibling);
 }
 
@@ -225,7 +225,7 @@ function highlightReply(id) {
 		// don't highlight on middle click
 		return true;
 	}
-	
+
 	var divs = document.getElementsByTagName('div');
 	for (var i = 0; i < divs.length; i++)
 	{
@@ -261,10 +261,10 @@ function dopost(form) {
 	if (form.elements['email'] && form.elements['email'].value != 'sage') {
 		localStorage.email = form.elements['email'].value;
 	}
-	
+
 	saved[document.location] = form.elements['body'].value;
 	sessionStorage.body = JSON.stringify(saved);
-	
+
 	return form.elements['body'].value != "" || (form.elements['file'] && form.elements['file'].value != "") || (form.elements.file_url && form.elements['file_url'].value != "");
 }
 
@@ -272,7 +272,7 @@ function citeReply(id, with_link) {
 	var textarea = document.getElementById('body');
 
 	if (!textarea) return false;
-	
+
 	if (document.selection) {
 		// IE
 		textarea.focus();
@@ -282,7 +282,7 @@ function citeReply(id, with_link) {
 		var start = textarea.selectionStart;
 		var end = textarea.selectionEnd;
 		textarea.value = textarea.value.substring(0, start) + '>>' + id + '\n' + textarea.value.substring(end, textarea.value.length);
-		
+
 		textarea.selectionStart += ('>>' + id).length + 1;
 		textarea.selectionEnd = textarea.selectionStart;
 	} else {
@@ -312,15 +312,15 @@ function rememberStuff() {
 				localStorage.password = generatePassword();
 			document.forms.post.password.value = localStorage.password;
 		}
-		
+
 		if (localStorage.name && document.forms.post.elements['name'])
 			document.forms.post.elements['name'].value = localStorage.name;
 		if (localStorage.email && document.forms.post.elements['email'])
 			document.forms.post.elements['email'].value = localStorage.email;
-		
+
 		if (window.location.hash.indexOf('q') == 1)
 			citeReply(window.location.hash.substring(2), true);
-		
+
 		if (sessionStorage.body) {
 			var saved = JSON.parse(sessionStorage.body);
 			if (get_cookie('{% endverbatim %}{{ config.cookies.js }}{% verbatim %}')) {
@@ -330,14 +330,14 @@ function rememberStuff() {
 					saved[url] = null;
 				}
 				sessionStorage.body = JSON.stringify(saved);
-				
+
 				document.cookie = '{% endverbatim %}{{ config.cookies.js }}{% verbatim %}={};expires=0;path=/;';
 			}
 			if (saved[document.location]) {
 				document.forms.post.body.value = saved[document.location];
 			}
 		}
-		
+
 		if (localStorage.body) {
 			document.forms.post.body.value = localStorage.body;
 			localStorage.body = '';
@@ -359,14 +359,14 @@ var script_settings = function(script_name) {
 function init() {
 	init_stylechooser();
 
-	{% endverbatim %}	
+	{% endverbatim %}
 	{% if config.allow_delete %}
 	if (document.forms.postcontrols) {
 		document.forms.postcontrols.password.value = localStorage.password;
 	}
 	{% endif %}
 	{% verbatim %}
-	
+
 	if (window.location.hash.indexOf('q') != 1 && window.location.hash.substring(1))
 		highlightReply(window.location.hash.substring(1));
 }
@@ -404,4 +404,3 @@ sc.innerHTML = 'var sc_project={{ config.statcounter_project }};var sc_invisible
 var s = document.getElementsByTagName('script')[0];
 s.parentNode.insertBefore(sc, s);
 {% endif %}
-

From 990f27e80bf9819cfb4e09092974322c5c4dca34 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 4 Aug 2024 15:07:56 +0200
Subject: [PATCH 157/336] main.js: format getCookie

---
 templates/main.js | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/templates/main.js b/templates/main.js
index e8dae8d1..cbc68d04 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -212,12 +212,13 @@ function init_stylechooser() {
 	document.getElementsByTagName('body')[0].insertBefore(newElement, document.getElementsByTagName('body')[0].lastChild.nextSibling);
 }
 
-function get_cookie(cookie_name) {
-	var results = document.cookie.match ( '(^|;) ?' + cookie_name + '=([^;]*)(;|$)');
-	if (results)
-		return (unescape(results[2]));
-	else
+function getCookie(cookie_name) {
+	let results = document.cookie.match('(^|;) ?' + cookie_name + '=([^;]*)(;|$)');
+	if (results) {
+		return unescape(results[2]);
+	} else {
 		return null;
+	}
 }
 
 function highlightReply(id) {
@@ -323,9 +324,9 @@ function rememberStuff() {
 
 		if (sessionStorage.body) {
 			var saved = JSON.parse(sessionStorage.body);
-			if (get_cookie('{% endverbatim %}{{ config.cookies.js }}{% verbatim %}')) {
+			if (getCookie('{% endverbatim %}{{ config.cookies.js }}{% verbatim %}')) {
 				// Remove successful posts
-				var successful = JSON.parse(get_cookie('{% endverbatim %}{{ config.cookies.js }}{% verbatim %}'));
+				var successful = JSON.parse(getCookie('{% endverbatim %}{{ config.cookies.js }}{% verbatim %}'));
 				for (var url in successful) {
 					saved[url] = null;
 				}

From eb67076e608f07b653128fc1dd0fb06261705b07 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 4 Aug 2024 15:13:05 +0200
Subject: [PATCH 158/336] main.js: rename dopost to camelCase

---
 templates/main.js        |  2 +-
 templates/post_form.html | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/templates/main.js b/templates/main.js
index cbc68d04..3c7b87c1 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -252,7 +252,7 @@ function generatePassword() {
 	return pass;
 }
 
-function dopost(form) {
+function doPost(form) {
 	if (form.elements['name']) {
 		localStorage.name = form.elements['name'].value.replace(/( |^)## .+$/, '');
 	}
diff --git a/templates/post_form.html b/templates/post_form.html
index b70f2f54..5a6854cf 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -1,4 +1,4 @@
-<form name="post" onsubmit="return dopost(this);" enctype="multipart/form-data" action="{{ config.post_url }}" method="post">
+<form name="post" onsubmit="return doPost(this);" enctype="multipart/form-data" action="{{ config.post_url }}" method="post">
 {{ antibot.html() }}
 {% if id %}<input type="hidden" name="thread" value="{{ id }}">{% endif %}
 {{ antibot.html() }}
@@ -112,7 +112,7 @@
 			</td>
 		</tr>
 			{% elseif config.new_thread_capt %}
- 			{% if not id %} 
+			{% if not id %}
  			<tr class='captcha'>
                         <th>
                                 {% trans %}Verification{% endtrans %}
@@ -165,7 +165,7 @@
 
 				{% if config.allow_upload_by_url %}
 					<div style="float:none;text-align:left" id="upload_url">
-						<label for="file_url">{% trans %}Or URL{% endtrans %}</label>: 
+						<label for="file_url">{% trans %}Or URL{% endtrans %}</label>:
 						<input style="display:inline" type="text" id="file_url" name="file_url" size="35">
 					</div>
 				{% endif %}
@@ -210,7 +210,7 @@
 				{{ antibot.html() }}
 			</th>
 			<td>
-				<input type="text" name="password" value="" size="12" maxlength="18" autocomplete="off"> 
+				<input type="text" name="password" value="" size="12" maxlength="18" autocomplete="off">
 				<span class="unimportant">{% trans %}(For file deletion.){% endtrans %}</span>
 				{{ antibot.html() }}
 			</td>
@@ -221,7 +221,7 @@
 				{{ antibot.html() }}
 			</th>
 			<td>
-				<input type="text" name="simple_spam" value="" size="12" maxlength="18" autocomplete="off"> 
+				<input type="text" name="simple_spam" value="" size="12" maxlength="18" autocomplete="off">
 				{{ antibot.html() }}
 			</td>
 		</tr>{% endif %}

From 4b5e40f575276a4986a6906d1de8ca031bbeae49 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 4 Aug 2024 15:32:12 +0200
Subject: [PATCH 159/336] main.js: format

---
 templates/main.js | 199 ++++++++++++++++++++++++----------------------
 1 file changed, 104 insertions(+), 95 deletions(-)

diff --git a/templates/main.js b/templates/main.js
index 3c7b87c1..9858dfe7 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -18,92 +18,92 @@ function _(s) {
  * > alert(fmt(_("{0} users"), [3]));
  * 3 uzytkownikow
  */
-function fmt(s,a) {
+function fmt(s, a) {
 	return s.replace(/\{([0-9]+)\}/g, function(x) { return a[x[1]]; });
 }
 
-function until($timestamp) {
-        var $difference = $timestamp - Date.now()/1000|0, $num;
-        switch(true){
-        case ($difference < 60):
-                return "" + $difference + ' ' + _('second(s)');
-        case ($difference < 3600): //60*60 = 3600
-                return "" + ($num = Math.round($difference/(60))) + ' ' + _('minute(s)');
-        case ($difference < 86400): //60*60*24 = 86400
-                return "" + ($num = Math.round($difference/(3600))) + ' ' + _('hour(s)');
-        case ($difference < 604800): //60*60*24*7 = 604800
-                return "" + ($num = Math.round($difference/(86400))) + ' ' + _('day(s)');
-        case ($difference < 31536000): //60*60*24*365 = 31536000
-                return "" + ($num = Math.round($difference/(604800))) + ' ' + _('week(s)');
-        default:
-                return "" + ($num = Math.round($difference/(31536000))) + ' ' + _('year(s)');
-        }
+function until(timestamp) {
+	let difference = timestamp - Date.now() / 1000 | 0;
+	switch (true) {
+	case (difference < 60):
+		return "" + difference + ' ' + _('second(s)');
+	case (difference < 3600): // 60 * 60 = 3600
+		return "" + Math.round(difference / 60) + ' ' + _('minute(s)');
+	case (difference < 86400): // 60 * 60 * 24 = 86400
+		return "" + Math.round(difference / 3600) + ' ' + _('hour(s)');
+	case (difference < 604800): // 60 * 60 * 24 * 7 = 604800
+		return "" + Math.round(difference / 86400) + ' ' + _('day(s)');
+	case (difference < 31536000): // 60 * 60 * 24 * 365 = 31536000
+		return "" + Math.round(difference / 604800) + ' ' + _('week(s)');
+	default:
+		return "" + Math.round(difference / 31536000) + ' ' + _('year(s)');
+	}
 }
 
-function ago($timestamp) {
-        var $difference = (Date.now()/1000|0) - $timestamp, $num;
-        switch(true){
-        case ($difference < 60) :
-                return "" + $difference + ' ' + _('second(s)');
-        case ($difference < 3600): //60*60 = 3600
-                return "" + ($num = Math.round($difference/(60))) + ' ' + _('minute(s)');
-        case ($difference <  86400): //60*60*24 = 86400
-                return "" + ($num = Math.round($difference/(3600))) + ' ' + _('hour(s)');
-        case ($difference < 604800): //60*60*24*7 = 604800
-                return "" + ($num = Math.round($difference/(86400))) + ' ' + _('day(s)');
-        case ($difference < 31536000): //60*60*24*365 = 31536000
-                return "" + ($num = Math.round($difference/(604800))) + ' ' + _('week(s)');
-        default:
-                return "" + ($num = Math.round($difference/(31536000))) + ' ' + _('year(s)');
-        }
+function ago(timestamp) {
+	let difference = (Date.now() / 1000 | 0) - timestamp;
+	switch (true) {
+	case (difference < 60):
+		return "" + difference + ' ' + _('second(s)');
+	case (difference < 3600): /// 60 * 60 = 3600
+		return "" + Math.round(difference/(60)) + ' ' + _('minute(s)');
+	case (difference < 86400): // 60 * 60 * 24 = 86400
+		return "" + Math.round(difference/(3600)) + ' ' + _('hour(s)');
+	case (difference < 604800): // 60 * 60 * 24 * 7 = 604800
+		return "" + Math.round(difference/(86400)) + ' ' + _('day(s)');
+	case (difference < 31536000): // 60 * 60 * 24 * 365 = 31536000
+		return "" + Math.round(difference/(604800)) + ' ' + _('week(s)');
+	default:
+		return "" + Math.round(difference/(31536000)) + ' ' + _('year(s)');
+	}
 }
 
 var datelocale =
-        { days: [_('Sunday'), _('Monday'), _('Tuesday'), _('Wednesday'), _('Thursday'), _('Friday'), _('Saturday')]
-        , shortDays: [_("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat")]
-        , months: [_('January'), _('February'), _('March'), _('April'), _('May'), _('June'), _('July'), _('August'), _('September'), _('October'), _('November'), _('December')]
-        , shortMonths: [_('Jan'), _('Feb'), _('Mar'), _('Apr'), _('May'), _('Jun'), _('Jul'), _('Aug'), _('Sep'), _('Oct'), _('Nov'), _('Dec')]
-        , AM: _('AM')
-        , PM: _('PM')
-        , am: _('am')
-        , pm: _('pm')
-        };
+	{ days: [_('Sunday'), _('Monday'), _('Tuesday'), _('Wednesday'), _('Thursday'), _('Friday'), _('Saturday')]
+	, shortDays: [_("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat")]
+	, months: [_('January'), _('February'), _('March'), _('April'), _('May'), _('June'), _('July'), _('August'), _('September'), _('October'), _('November'), _('December')]
+	, shortMonths: [_('Jan'), _('Feb'), _('Mar'), _('Apr'), _('May'), _('Jun'), _('Jul'), _('Aug'), _('Sep'), _('Oct'), _('Nov'), _('Dec')]
+	, AM: _('AM')
+	, PM: _('PM')
+	, am: _('am')
+	, pm: _('pm')
+	};
 
 
 function alert(a, do_confirm, confirm_ok_action, confirm_cancel_action) {
-      var handler, div, bg, closebtn, okbtn;
-      var close = function() {
-              handler.fadeOut(400, function() { handler.remove(); });
-              return false;
-      };
+	var handler, div, bg, closebtn, okbtn;
+	let close = function() {
+		handler.fadeOut(400, function() { handler.remove(); });
+		return false;
+	};
 
-      handler = $("<div id='alert_handler'></div>").hide().appendTo('body');
+	handler = $("<div id='alert_handler'></div>").hide().appendTo('body');
 
-      bg = $("<div id='alert_background'></div>").appendTo(handler);
+	bg = $("<div id='alert_background'></div>").appendTo(handler);
 
-      div = $("<div id='alert_div'></div>").appendTo(handler);
-      closebtn = $("<a id='alert_close' href='javascript:void(0)'><i class='fa fa-times'></i></div>")
-              .appendTo(div);
+	div = $("<div id='alert_div'></div>").appendTo(handler);
+	closebtn = $("<a id='alert_close' href='javascript:void(0)'><i class='fa fa-times'></i></div>")
+		.appendTo(div);
 
-      $("<div id='alert_message'></div>").html(a).appendTo(div);
+	$("<div id='alert_message'></div>").html(a).appendTo(div);
 
-      okbtn = $("<button class='button alert_button'>"+_("OK")+"</button>").appendTo(div);
+	okbtn = $("<button class='button alert_button'>"+_("OK")+"</button>").appendTo(div);
 
-      if (do_confirm) {
-              confirm_ok_action = (typeof confirm_ok_action !== "function") ? function(){} : confirm_ok_action;
-              confirm_cancel_action = (typeof confirm_cancel_action !== "function") ? function(){} : confirm_cancel_action;
-              okbtn.click(confirm_ok_action);
-              $("<button class='button alert_button'>"+_("Cancel")+"</button>").click(confirm_cancel_action).click(close).appendTo(div);
-              bg.click(confirm_cancel_action);
-              okbtn.click(confirm_cancel_action);
-              closebtn.click(confirm_cancel_action);
-      }
+	if (do_confirm) {
+		confirm_ok_action = (typeof confirm_ok_action !== "function") ? function(){} : confirm_ok_action;
+		confirm_cancel_action = (typeof confirm_cancel_action !== "function") ? function(){} : confirm_cancel_action;
+		okbtn.click(confirm_ok_action);
+		$("<button class='button alert_button'>"+_("Cancel")+"</button>").click(confirm_cancel_action).click(close).appendTo(div);
+		bg.click(confirm_cancel_action);
+		okbtn.click(confirm_cancel_action);
+		closebtn.click(confirm_cancel_action);
+	}
 
-      bg.click(close);
-      okbtn.click(close);
-      closebtn.click(close);
+	bg.click(close);
+	okbtn.click(close);
+	closebtn.click(close);
 
-      handler.fadeIn(400);
+	handler.fadeIn(400);
 }
 
 var saved = {};
@@ -155,8 +155,9 @@ function changeStyle(styleName, link) {
 		link.className = 'selected';
 	}
 
-	if (typeof $ != 'undefined')
+	if (typeof $ != 'undefined') {
 		$(window).trigger('stylesheet', styleName);
+	}
 }
 
 
@@ -227,26 +228,28 @@ function highlightReply(id) {
 		return true;
 	}
 
-	var divs = document.getElementsByTagName('div');
+	let divs = document.getElementsByTagName('div');
 	for (var i = 0; i < divs.length; i++)
 	{
-		if (divs[i].className.indexOf('post') != -1)
+		if (divs[i].className.indexOf('post') != -1) {
 			divs[i].className = divs[i].className.replace(/highlighted/, '');
+		}
 	}
 	if (id) {
-		var post = document.getElementById('reply_'+id);
-		if (post)
+		let post = document.getElementById('reply_' + id);
+		if (post) {
 			post.className += ' highlighted';
-			window.location.hash = id;
+		}
+		window.location.hash = id;
 	}
 	return true;
 }
 
 function generatePassword() {
-	var pass = '';
-	var chars = '{% endverbatim %}{{ config.genpassword_chars }}{% verbatim %}';
-	for (var i = 0; i < 8; i++) {
-		var rnd = Math.floor(Math.random() * chars.length);
+	let pass = '';
+	let chars = '{% endverbatim %}{{ config.genpassword_chars }}{% verbatim %}';
+	for (let i = 0; i < 8; i++) {
+		let rnd = Math.floor(Math.random() * chars.length);
 		pass += chars.substring(rnd, rnd + 1);
 	}
 	return pass;
@@ -270,18 +273,19 @@ function doPost(form) {
 }
 
 function citeReply(id, with_link) {
-	var textarea = document.getElementById('body');
-
-	if (!textarea) return false;
+	let textarea = document.getElementById('body');
+	if (!textarea) {
+		return false;
+	}
 
 	if (document.selection) {
 		// IE
 		textarea.focus();
-		var sel = document.selection.createRange();
+		let sel = document.selection.createRange();
 		sel.text = '>>' + id + '\n';
 	} else if (textarea.selectionStart || textarea.selectionStart == '0') {
-		var start = textarea.selectionStart;
-		var end = textarea.selectionEnd;
+		let start = textarea.selectionStart;
+		let end = textarea.selectionEnd;
 		textarea.value = textarea.value.substring(0, start) + '>>' + id + '\n' + textarea.value.substring(end, textarea.value.length);
 
 		textarea.selectionStart += ('>>' + id).length + 1;
@@ -291,10 +295,10 @@ function citeReply(id, with_link) {
 		textarea.value += '>>' + id + '\n';
 	}
 	if (typeof $ != 'undefined') {
-		var select = document.getSelection().toString();
+		let select = document.getSelection().toString();
 		if (select) {
-			var body = $('#reply_' + id + ', #op_' + id).find('div.body');  // TODO: support for OPs
-			var index = body.text().indexOf(select.replace('\n', ''));  // for some reason this only works like this
+			let body = $('#reply_' + id + ', #op_' + id).find('div.body');  // TODO: support for OPs
+			let index = body.text().indexOf(select.replace('\n', ''));  // for some reason this only works like this
 			if (index > -1) {
 				textarea.value += '>' + select + '\n';
 			}
@@ -309,25 +313,29 @@ function citeReply(id, with_link) {
 function rememberStuff() {
 	if (document.forms.post) {
 		if (document.forms.post.password) {
-			if (!localStorage.password)
+			if (!localStorage.password) {
 				localStorage.password = generatePassword();
+			}
 			document.forms.post.password.value = localStorage.password;
 		}
 
-		if (localStorage.name && document.forms.post.elements['name'])
+		if (localStorage.name && document.forms.post.elements['name']) {
 			document.forms.post.elements['name'].value = localStorage.name;
-		if (localStorage.email && document.forms.post.elements['email'])
+		}
+		if (localStorage.email && document.forms.post.elements['email']) {
 			document.forms.post.elements['email'].value = localStorage.email;
+		}
 
-		if (window.location.hash.indexOf('q') == 1)
+		if (window.location.hash.indexOf('q') == 1) {
 			citeReply(window.location.hash.substring(2), true);
+		}
 
 		if (sessionStorage.body) {
-			var saved = JSON.parse(sessionStorage.body);
+			let saved = JSON.parse(sessionStorage.body);
 			if (getCookie('{% endverbatim %}{{ config.cookies.js }}{% verbatim %}')) {
 				// Remove successful posts
-				var successful = JSON.parse(getCookie('{% endverbatim %}{{ config.cookies.js }}{% verbatim %}'));
-				for (var url in successful) {
+				let successful = JSON.parse(getCookie('{% endverbatim %}{{ config.cookies.js }}{% verbatim %}'));
+				for (let url in successful) {
 					saved[url] = null;
 				}
 				sessionStorage.body = JSON.stringify(saved);
@@ -351,8 +359,9 @@ var script_settings = function(script_name) {
 	this.get = function(var_name, default_val) {
 		if (typeof tb_settings == 'undefined' ||
 			typeof tb_settings[this.script_name] == 'undefined' ||
-			typeof tb_settings[this.script_name][var_name] == 'undefined')
+			typeof tb_settings[this.script_name][var_name] == 'undefined') {
 			return default_val;
+		}
 		return tb_settings[this.script_name][var_name];
 	}
 };
@@ -382,7 +391,7 @@ function onready(fnc) {
 }
 
 function ready() {
-	for (var i = 0; i < onready_callbacks.length; i++) {
+	for (let i = 0; i < onready_callbacks.length; i++) {
 		onready_callbacks[i]();
 	}
 }

From c327a0439ee3d812a2ce2aefbec99883395b2a0f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 4 Aug 2024 15:37:36 +0200
Subject: [PATCH 160/336] main.js: rename init_stylechooser to camelCase

---
 templates/main.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/main.js b/templates/main.js
index 9858dfe7..cccf98ea 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -193,7 +193,7 @@ function changeStyle(styleName, link) {
 {% endif %}
 {% verbatim %}
 
-function init_stylechooser() {
+function initStyleChooser() {
 	var newElement = document.createElement('div');
 	newElement.className = 'styles';
 
@@ -367,7 +367,7 @@ var script_settings = function(script_name) {
 };
 
 function init() {
-	init_stylechooser();
+	initStyleChooser();
 
 	{% endverbatim %}
 	{% if config.allow_delete %}

From 8b773b124e1d499690cc71f995596adc827046e1 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:32:11 +0200
Subject: [PATCH 161/336] main.js: rename onready to camelCase

---
 templates/main.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/main.js b/templates/main.js
index cccf98ea..a850787f 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -386,7 +386,7 @@ var RecaptchaOptions = {
 };
 
 onready_callbacks = [];
-function onready(fnc) {
+function onReady(fnc) {
 	onready_callbacks.push(fnc);
 }
 
@@ -401,7 +401,7 @@ function ready() {
 var post_date = "{{ config.post_date }}";
 var max_images = {{ config.max_images }};
 
-onready(init);
+onReady(init);
 
 {% if config.google_analytics %}{% verbatim %}
 

From da0f26485ae449ca036fade98c2062428707ecc5 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:34:55 +0200
Subject: [PATCH 162/336] show-backlinks.js: trim

---
 js/show-backlinks.js | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/js/show-backlinks.js b/js/show-backlinks.js
index fc3125db..13c0d354 100644
--- a/js/show-backlinks.js
+++ b/js/show-backlinks.js
@@ -4,7 +4,7 @@
  *
  * Released under the MIT license
  * Copyright (c) 2012 Michael Save <savetheinternet@tinyboard.org>
- * Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net> 
+ * Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net>
  *
  * Usage:
  *   $config['additional_javascript'][] = 'js/jquery.min.js';
@@ -16,39 +16,39 @@
 onready(function(){
 	var showBackLinks = function() {
 		var reply_id = $(this).attr('id').replace(/(^reply_)|(^op_)/, '');
-		
+
 		$(this).find('div.body a:not([rel="nofollow"])').each(function() {
 			var id, post, $mentioned;
-		
+
 			if(id = $(this).text().match(/^>>(\d+)$/))
 				id = id[1];
 			else
 				return;
-		
+
 			$post = $('#reply_' + id);
 			if($post.length == 0){
 				$post = $('#op_' + id);
 				if($post.length == 0)
 					return;
 			}
-		
+
 			$mentioned = $post.find('p.intro span.mentioned');
 			if($mentioned.length == 0)
 				$mentioned = $('<span class="mentioned unimportant"></span>').appendTo($post.find('p.intro'));
-			
+
 			if ($mentioned.find('a.mentioned-' + reply_id).length != 0)
 				return;
-			
+
 			var $link = $('<a class="mentioned-' + reply_id + '" onclick="highlightReply(\'' + reply_id + '\');" href="#' + reply_id + '">&gt;&gt;' +
 				reply_id + '</a>');
 			$link.appendTo($mentioned)
-			
+
 			if (window.init_hover) {
 				$link.each(init_hover);
 			}
 		});
 	};
-	
+
 	$('div.post.reply').each(showBackLinks);
 	$('div.post.op').each(showBackLinks);
 

From 6daae3ec92106699b3aa02908bb59ce6dd0cd34f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:35:21 +0200
Subject: [PATCH 163/336] show-backlinks.js: onReady

---
 js/show-backlinks.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/show-backlinks.js b/js/show-backlinks.js
index 13c0d354..e6de23c3 100644
--- a/js/show-backlinks.js
+++ b/js/show-backlinks.js
@@ -13,7 +13,7 @@
  *
  */
 
-onready(function(){
+onReady(function(){
 	var showBackLinks = function() {
 		var reply_id = $(this).attr('id').replace(/(^reply_)|(^op_)/, '');
 

From fa341b29d0d5befcb6ecefa8af838cbb30709077 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:36:34 +0200
Subject: [PATCH 164/336] smartphone-spoiler.js: format

---
 js/smartphone-spoiler.js | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/js/smartphone-spoiler.js b/js/smartphone-spoiler.js
index 05273c19..3e2b9bb6 100644
--- a/js/smartphone-spoiler.js
+++ b/js/smartphone-spoiler.js
@@ -4,7 +4,7 @@
  *
  * Released under the MIT license
  * Copyright (c) 2012 Michael Save <savetheinternet@tinyboard.org>
- * Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net> 
+ * Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net>
  *
  * Usage:
  *   $config['additional_javascript'][] = 'js/mobile-style.js';
@@ -12,11 +12,11 @@
  *
  */
 
-onready(function(){
-	if(device_type == 'mobile') {
-		var fix_spoilers = function(where) {
-			var spoilers = where.getElementsByClassName('spoiler');
-			for(var i = 0; i < spoilers.length; i++) {
+onready(function() {
+	if (device_type == 'mobile') {
+		let fix_spoilers = function(where) {
+			let spoilers = where.getElementsByClassName('spoiler');
+			for (let i = 0; i < spoilers.length; i++) {
 				spoilers[i].onmousedown = function() {
 					this.style.color = 'white';
 				};
@@ -24,11 +24,10 @@ onready(function(){
 		};
 		fix_spoilers(document);
 
-	        // allow to work with auto-reload.js, etc.
-	        $(document).on('new_post', function(e, post) {
-	                fix_spoilers(post);
-        	});             
-	
+		// allow to work with auto-reload.js, etc.
+		$(document).on('new_post', function(e, post) {
+			fix_spoilers(post);
+		});
+
 	}
 });
-

From a0187722678d2a5369b44036d8a1ed312cc17d76 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:36:51 +0200
Subject: [PATCH 165/336] show-backlinks.js: onReady

---
 js/smartphone-spoiler.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/smartphone-spoiler.js b/js/smartphone-spoiler.js
index 3e2b9bb6..21ba2284 100644
--- a/js/smartphone-spoiler.js
+++ b/js/smartphone-spoiler.js
@@ -12,7 +12,7 @@
  *
  */
 
-onready(function() {
+onReady(function() {
 	if (device_type == 'mobile') {
 		let fix_spoilers = function(where) {
 			let spoilers = where.getElementsByClassName('spoiler');

From 902c55823757d697cd5f726b48fa920c2ddd276e Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:47:53 +0200
Subject: [PATCH 166/336] style-select.js: format

---
 js/style-select.js | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/js/style-select.js b/js/style-select.js
index f0fe3c16..b87e1b56 100644
--- a/js/style-select.js
+++ b/js/style-select.js
@@ -6,7 +6,7 @@
  *
  * Released under the MIT license
  * Copyright (c) 2013 Michael Save <savetheinternet@tinyboard.org>
- * Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net> 
+ * Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net>
  *
  * Usage:
  *   $config['additional_javascript'][] = 'js/jquery.min.js';
@@ -14,32 +14,32 @@
  *
  */
 
-onready(function(){
-	var stylesDiv = $('div.styles');
-	var stylesSelect = $('<select></select>');
-	
-	var i = 1;
+onready(function() {
+	let stylesDiv = $('div.styles');
+	let stylesSelect = $('<select></select>');
+
+	let i = 1;
 	stylesDiv.children().each(function() {
-		var opt = $('<option></option>')
+		let opt = $('<option></option>')
 			.html(this.innerHTML.replace(/(^\[|\]$)/g, ''))
 			.val(i);
-		if ($(this).hasClass('selected'))
+		if ($(this).hasClass('selected')) {
 			opt.attr('selected', true);
+		}
 		stylesSelect.append(opt);
 		$(this).attr('id', 'style-select-' + i);
 		i++;
 	});
-	
+
 	stylesSelect.change(function() {
 		$('#style-select-' + $(this).val()).click();
 	});
-	
+
 	stylesDiv.hide();
-	
+
 	stylesDiv.after(
 		$('<div id="style-select" style="float:right;margin-bottom:10px"></div>')
 			.text(_('Style: '))
 			.append(stylesSelect)
 	);
 });
-

From b822a76b232b0178e3a763987e4452ef4172d602 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:48:04 +0200
Subject: [PATCH 167/336] style-select.js: onReply

---
 js/style-select.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/style-select.js b/js/style-select.js
index b87e1b56..0b6821b8 100644
--- a/js/style-select.js
+++ b/js/style-select.js
@@ -14,7 +14,7 @@
  *
  */
 
-onready(function() {
+onReady(function() {
 	let stylesDiv = $('div.styles');
 	let stylesSelect = $('<select></select>');
 

From 023e59d88fd66a0d20f22485b18bfd32357bd20c Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:50:08 +0200
Subject: [PATCH 168/336] youtube.js: format

---
 js/youtube.js | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/js/youtube.js b/js/youtube.js
index 9fe81b60..1bbe8fce 100644
--- a/js/youtube.js
+++ b/js/youtube.js
@@ -10,7 +10,7 @@
 *
 * Released under the MIT license
 * Copyright (c) 2013 Michael Save <savetheinternet@tinyboard.org>
-* Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net> 
+* Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net>
 *
 * Usage:
 *	$config['embedding'] = array();
@@ -22,13 +22,12 @@
 *
 */
 
-
-onready(function(){
-	var do_embed_yt = function(tag) {
+onready(function() {
+	let do_embed_yt = function(tag) {
 		$('div.video-container a', tag).click(function() {
-			var videoID = $(this.parentNode).data('video');
-		
-			$(this.parentNode).html('<iframe style="float:left;margin: 10px 20px" type="text/html" '+
+			let videoID = $(this.parentNode).data('video');
+
+			$(this.parentNode).html('<iframe style="float:left;margin: 10px 20px" type="text/html" ' +
 				'width="360" height="270" src="//www.youtube.com/embed/' + videoID +
 				'?autoplay=1&html5=1" allowfullscreen frameborder="0"/>');
 
@@ -37,9 +36,8 @@ onready(function(){
 	};
 	do_embed_yt(document);
 
-        // allow to work with auto-reload.js, etc.
-        $(document).on('new_post', function(e, post) {
-                do_embed_yt(post);
-        });
+	// allow to work with auto-reload.js, etc.
+	$(document).on('new_post', function(e, post) {
+		do_embed_yt(post);
+	});
 });
-

From 6bea01b00b5cfd869781e580c7a0cfaffd2b4d94 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:50:35 +0200
Subject: [PATCH 169/336] youtube.js: onReady

---
 js/youtube.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/youtube.js b/js/youtube.js
index 1bbe8fce..5537b931 100644
--- a/js/youtube.js
+++ b/js/youtube.js
@@ -22,7 +22,7 @@
 *
 */
 
-onready(function() {
+onReady(function() {
 	let do_embed_yt = function(tag) {
 		$('div.video-container a', tag).click(function() {
 			let videoID = $(this.parentNode).data('video');

From 31444d654ae3978d2b1bd6f177ec96b59423978e Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 18:59:44 +0200
Subject: [PATCH 170/336] post-hover.js: format

---
 js/post-hover.js | 189 ++++++++++++++++++++++++-----------------------
 1 file changed, 98 insertions(+), 91 deletions(-)

diff --git a/js/post-hover.js b/js/post-hover.js
index 780f8cff..215e6285 100644
--- a/js/post-hover.js
+++ b/js/post-hover.js
@@ -13,59 +13,62 @@
  *
  */
 
-onready(function(){
-	var dont_fetch_again = [];
-	init_hover = function() {
-		var $link = $(this);
-		
-		var id;
-		var matches;
+onready(function() {
+	let dontFetchAgain = [];
+	initHover = function() {
+		let link = $(this);
+		let id;
+		let matches;
 
-                if ($link.is('[data-thread]')) {
-                        id = $link.attr('data-thread');
-                }
-		else if(matches = $link.text().match(/^>>(?:>\/([^\/]+)\/)?(\d+)$/)) {
+		if (link.is('[data-thread]')) {
+			id = link.attr('data-thread');
+		} else if (matches = link.text().match(/^>>(?:>\/([^\/]+)\/)?(\d+)$/)) {
 			id = matches[2];
-		}
-		else {
+		} else {
 			return;
 		}
-		
-		var board = $(this);
+
+		let board = $(this);
 		while (board.data('board') === undefined) {
 			board = board.parent();
 		}
-		var threadid;
-		if ($link.is('[data-thread]')) threadid = 0;
-		else threadid = board.attr('id').replace("thread_", "");
+		let threadid;
+		if (link.is('[data-thread]')) {
+			threadid = 0;
+		} else {
+			threadid = board.attr('id').replace("thread_", "");
+		}
 
 		board = board.data('board');
 
-		var parentboard = board;
-		
-		if ($link.is('[data-thread]')) parentboard = $('form[name="post"] input[name="board"]').val();
-		else if (matches[1] !== undefined) board = matches[1];
+		let parentboard = board;
 
-		var $post = false;
-		var hovering = false;
-		var hovered_at;
-		$link.hover(function(e) {
+		if (link.is('[data-thread]')) {
+			parentboard = $('form[name="post"] input[name="board"]').val();
+		} else if (matches[1] !== undefined) {
+			board = matches[1];
+		}
+
+		let post = false;
+		let hovering = false;
+		let hoveredAt;
+		link.hover(function(e) {
 			hovering = true;
-			hovered_at = {'x': e.pageX, 'y': e.pageY};
-			
-			var start_hover = function($link) {
-				if ($post.is(':visible') &&
-						$post.offset().top >= $(window).scrollTop() &&
-						$post.offset().top + $post.height() <= $(window).scrollTop() + $(window).height()) {
-					// post is in view
-					$post.addClass('highlighted');
-				} else {
-					var $newPost = $post.clone();
-					$newPost.find('>.reply, >br').remove();
-					$newPost.find('span.mentioned').remove();
-					$newPost.find('a.post_anchor').remove();
+			hoveredAt = {'x': e.pageX, 'y': e.pageY};
 
-					$newPost
+			let startHover = function(link) {
+				if (post.is(':visible') &&
+						post.offset().top >= $(window).scrollTop() &&
+						post.offset().top + post.height() <= $(window).scrollTop() + $(window).height()) {
+					// post is in view
+					post.addClass('highlighted');
+				} else {
+					let newPost = post.clone();
+					newPost.find('>.reply, >br').remove();
+					newPost.find('span.mentioned').remove();
+					newPost.find('a.post_anchor').remove();
+
+					newPost
 						.attr('id', 'post-hover-' + id)
 						.attr('data-board', board)
 						.addClass('post-hover')
@@ -76,95 +79,99 @@ onready(function(){
 						.css('font-style', 'normal')
 						.css('z-index', '100')
 						.addClass('reply').addClass('post')
-						.insertAfter($link.parent())
+						.insertAfter(link.parent())
 
-					$link.trigger('mousemove');
+					link.trigger('mousemove');
 				}
 			};
-			
-			$post = $('[data-board="' + board + '"] div.post#reply_' + id + ', [data-board="' + board + '"]div#thread_' + id);
-			if($post.length > 0) {
-				start_hover($(this));
+
+			post = $('[data-board="' + board + '"] div.post#reply_' + id + ', [data-board="' + board + '"]div#thread_' + id);
+			if (post.length > 0) {
+				startHover($(this));
 			} else {
-				var url = $link.attr('href').replace(/#.*$/, '');
-				
-				if($.inArray(url, dont_fetch_again) != -1) {
+				let url = link.attr('href').replace(/#.*$/, '');
+
+				if ($.inArray(url, dontFetchAgain) != -1) {
 					return;
 				}
-				dont_fetch_again.push(url);
-				
+				dontFetchAgain.push(url);
+
 				$.ajax({
 					url: url,
 					context: document.body,
 					success: function(data) {
-						var mythreadid = $(data).find('div[id^="thread_"]').attr('id').replace("thread_", "");
+						let mythreadid = $(data).find('div[id^="thread_"]').attr('id').replace("thread_", "");
 
 						if (mythreadid == threadid && parentboard == board) {
 							$(data).find('div.post.reply').each(function() {
-								if($('[data-board="' + board + '"] #' + $(this).attr('id')).length == 0) {
+								if ($('[data-board="' + board + '"] #' + $(this).attr('id')).length == 0) {
 									$('[data-board="' + board + '"]#thread_' + threadid + " .post.reply:first").before($(this).hide().addClass('hidden'));
 								}
 							});
-						}
-						else if ($('[data-board="' + board + '"]#thread_'+mythreadid).length > 0) {
+						} else if ($('[data-board="' + board + '"]#thread_' + mythreadid).length > 0) {
 							$(data).find('div.post.reply').each(function() {
-								if($('[data-board="' + board + '"] #' + $(this).attr('id')).length == 0) {
+								if ($('[data-board="' + board + '"] #' + $(this).attr('id')).length == 0) {
 									$('[data-board="' + board + '"]#thread_' + mythreadid + " .post.reply:first").before($(this).hide().addClass('hidden'));
 								}
 							});
-						}
-						else {
+						} else {
 							$(data).find('div[id^="thread_"]').hide().attr('data-cached', 'yes').prependTo('form[name="postcontrols"]');
 						}
 
-						$post = $('[data-board="' + board + '"] div.post#reply_' + id + ', [data-board="' + board + '"]div#thread_' + id);
+						post = $('[data-board="' + board + '"] div.post#reply_' + id + ', [data-board="' + board + '"]div#thread_' + id);
 
-						if(hovering && $post.length > 0) {
-							start_hover($link);
+						if (hovering && post.length > 0) {
+							startHover(link);
 						}
 					}
 				});
 			}
 		}, function() {
 			hovering = false;
-			if(!$post)
+			if (!post) {
 				return;
-			
-			$post.removeClass('highlighted');
-			if($post.hasClass('hidden') || $post.data('cached') == 'yes')
-				$post.css('display', 'none');
+			}
+
+			post.removeClass('highlighted');
+			if (post.hasClass('hidden') || post.data('cached') == 'yes') {
+				post.css('display', 'none');
+			}
 			$('.post-hover').remove();
 		}).mousemove(function(e) {
-			if(!$post)
+			if (!post) {
 				return;
-			
-			var $hover = $('#post-hover-' + id + '[data-board="' + board + '"]');
-			if($hover.length == 0)
-				return;
-
-			var scrollTop = $(window).scrollTop();
-			if ($link.is("[data-thread]")) scrollTop = 0;
-			var epy = e.pageY;
-			if ($link.is("[data-thread]")) epy -= $(window).scrollTop();			
-
-			var top = (epy ? epy : hovered_at['y']) - 10;
-			
-			if(epy < scrollTop + 15) {
-				top = scrollTop;
-			} else if(epy > scrollTop + $(window).height() - $hover.height() - 15) {
-				top = scrollTop + $(window).height() - $hover.height() - 15;
 			}
-			
-			
-			$hover.css('left', (e.pageX ? e.pageX : hovered_at['x'])).css('top', top);
+
+			let hover = $('#post-hover-' + id + '[data-board="' + board + '"]');
+			if (hover.length == 0) {
+				return;
+			}
+
+			let scrollTop = $(window).scrollTop();
+			if (link.is("[data-thread]")) {
+				scrollTop = 0;
+			}
+			let epy = e.pageY;
+			if (link.is("[data-thread]")) {
+				epy -= $(window).scrollTop();
+			}
+
+			let top = (epy ? epy : hoveredAt['y']) - 10;
+
+			if (epy < scrollTop + 15) {
+				top = scrollTop;
+			} else if (epy > scrollTop + $(window).height() - hover.height() - 15) {
+				top = scrollTop + $(window).height() - hover.height() - 15;
+			}
+
+			hover.css('left', (e.pageX ? e.pageX : hoveredAt['x'])).css('top', top);
 		});
 	};
-	
-	$('div.body a:not([rel="nofollow"])').each(init_hover);
-	
+
+	$('div.body a:not([rel="nofollow"])').each(initHover);
+
 	// allow to work with auto-reload.js, etc.
 	$(document).on('new_post', function(e, post) {
-		$(post).find('div.body a:not([rel="nofollow"])').each(init_hover);
+		$(post).find('div.body a:not([rel="nofollow"])').each(initHover);
 	});
 });
-

From ed46907a6c4f028a0b58a0afeebfcf62e86eb6ed Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:00:12 +0200
Subject: [PATCH 171/336] post-hover.js: onReady

---
 js/post-hover.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/post-hover.js b/js/post-hover.js
index 215e6285..d7970871 100644
--- a/js/post-hover.js
+++ b/js/post-hover.js
@@ -13,7 +13,7 @@
  *
  */
 
-onready(function() {
+onReady(function() {
 	let dontFetchAgain = [];
 	initHover = function() {
 		let link = $(this);

From 2728966c1c38a27b0c832ca73e9c3c2e2777c688 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:01:08 +0200
Subject: [PATCH 172/336] show-backlinks.js: format

---
 js/show-backlinks.js | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/js/show-backlinks.js b/js/show-backlinks.js
index e6de23c3..ced55cef 100644
--- a/js/show-backlinks.js
+++ b/js/show-backlinks.js
@@ -13,38 +13,42 @@
  *
  */
 
-onReady(function(){
-	var showBackLinks = function() {
-		var reply_id = $(this).attr('id').replace(/(^reply_)|(^op_)/, '');
+onready(function() {
+	let showBackLinks = function() {
+		let reply_id = $(this).attr('id').replace(/(^reply_)|(^op_)/, '');
 
 		$(this).find('div.body a:not([rel="nofollow"])').each(function() {
-			var id, post, $mentioned;
+			let id, post, $mentioned;
 
-			if(id = $(this).text().match(/^>>(\d+)$/))
+			if (id = $(this).text().match(/^>>(\d+)$/)) {
 				id = id[1];
-			else
+			} else {
 				return;
+			}
 
 			$post = $('#reply_' + id);
-			if($post.length == 0){
+			if ($post.length == 0){
 				$post = $('#op_' + id);
-				if($post.length == 0)
+				if ($post.length == 0) {
 					return;
+				}
 			}
 
 			$mentioned = $post.find('p.intro span.mentioned');
-			if($mentioned.length == 0)
+			if($mentioned.length == 0) {
 				$mentioned = $('<span class="mentioned unimportant"></span>').appendTo($post.find('p.intro'));
+			}
 
-			if ($mentioned.find('a.mentioned-' + reply_id).length != 0)
+			if ($mentioned.find('a.mentioned-' + reply_id).length != 0) {
 				return;
+			}
 
-			var $link = $('<a class="mentioned-' + reply_id + '" onclick="highlightReply(\'' + reply_id + '\');" href="#' + reply_id + '">&gt;&gt;' +
+			let link = $('<a class="mentioned-' + reply_id + '" onclick="highlightReply(\'' + reply_id + '\');" href="#' + reply_id + '">&gt;&gt;' +
 				reply_id + '</a>');
-			$link.appendTo($mentioned)
+			link.appendTo($mentioned)
 
 			if (window.init_hover) {
-				$link.each(init_hover);
+				link.each(init_hover);
 			}
 		});
 	};
@@ -52,7 +56,7 @@ onReady(function(){
 	$('div.post.reply').each(showBackLinks);
 	$('div.post.op').each(showBackLinks);
 
-        $(document).on('new_post', function(e, post) {
+	$(document).on('new_post', function(e, post) {
 		showBackLinks.call(post);
 		if ($(post).hasClass("op")) {
 			$(post).find('div.post.reply').each(showBackLinks);

From b7f46a239d65114cf0e539ec78bd8f61f4910d8d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:01:27 +0200
Subject: [PATCH 173/336] show-backlinks.js: onReady

---
 js/show-backlinks.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/show-backlinks.js b/js/show-backlinks.js
index ced55cef..19a3d5dd 100644
--- a/js/show-backlinks.js
+++ b/js/show-backlinks.js
@@ -13,7 +13,7 @@
  *
  */
 
-onready(function() {
+onReady(function() {
 	let showBackLinks = function() {
 		let reply_id = $(this).attr('id').replace(/(^reply_)|(^op_)/, '');
 

From d9feb5cfa720c789d4f3c1df7ae55adda9b152db Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:03:24 +0200
Subject: [PATCH 174/336] catalog.html: onReady

---
 templates/themes/catalog/catalog.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/themes/catalog/catalog.html b/templates/themes/catalog/catalog.html
index fefaec54..493f47d1 100644
--- a/templates/themes/catalog/catalog.html
+++ b/templates/themes/catalog/catalog.html
@@ -80,7 +80,7 @@
 			{% endverbatim %}
 			{% for name, uri in config.stylesheets %}{% verbatim %}'{% endverbatim %}{{ name|addslashes }}{% verbatim %}' : '{% endverbatim %}/stylesheets/{{ uri|addslashes }}{% verbatim %}',
 			{% endverbatim %}{% endfor %}{% verbatim %}
-		}; onready(init);
+		}; onReady(init);
 	{% endverbatim %}</script>
 
 	<script type="text/javascript">{% verbatim %}

From d9d05ddbf59ce581fc9fe26791230b1b09b101f8 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:08:28 +0200
Subject: [PATCH 175/336] catalog-search.js: format

---
 js/catalog-search.js | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/js/catalog-search.js b/js/catalog-search.js
index ff9af785..1887a1cf 100644
--- a/js/catalog-search.js
+++ b/js/catalog-search.js
@@ -2,27 +2,27 @@
  * catalog-search.js
  *   - Search and filters threads when on catalog view
  *   - Optional shortcuts 's' and 'esc' to open and close the search.
- * 
+ *
  * Usage:
  *   $config['additional_javascript'][] = 'js/jquery.min.js';
  *   $config['additional_javascript'][] = 'js/comment-toolbar.js';
  */
 if (active_page == 'catalog') {
-	onready(function () {
+	onready(function() {
 		'use strict';
 
-		//	'true' = enable shortcuts
-		var useKeybinds = true;
+		// 'true' = enable shortcuts
+		let useKeybinds = true;
 
-		//	trigger the search 400ms after last keystroke
-		var delay = 400;
-		var timeoutHandle;
+		// trigger the search 400ms after last keystroke
+		let delay = 400;
+		let timeoutHandle;
 
-		//search and hide none matching threads
+		// search and hide none matching threads
 		function filter(search_term) {
 			$('.replies').each(function () {
-				var subject = $(this).children('.intro').text().toLowerCase();
-				var comment = $(this).clone().children().remove(':lt(2)').end().text().trim().toLowerCase();
+				let subject = $(this).children('.intro').text().toLowerCase();
+				let comment = $(this).clone().children().remove(':lt(2)').end().text().trim().toLowerCase();
 				search_term = search_term.toLowerCase();
 
 				if (subject.indexOf(search_term) == -1 && comment.indexOf(search_term) == -1) {
@@ -34,7 +34,7 @@ if (active_page == 'catalog') {
 		}
 
 		function searchToggle() {
-			var button = $('#catalog_search_button');
+			let button = $('#catalog_search_button');
 
 			if (!button.data('expanded')) {
 				button.data('expanded', '1');
@@ -59,18 +59,18 @@ if (active_page == 'catalog') {
 		});
 
 		if (useKeybinds) {
-			//	's'
+			// 's'
 			$('body').on('keydown', function (e) {
 				if (e.which === 83 && e.target.tagName === 'BODY' && !(e.ctrlKey || e.altKey || e.shiftKey)) {
 					e.preventDefault();
-					if ($('#search_field').length !== 0) { 
+					if ($('#search_field').length !== 0) {
 						$('#search_field').focus();
 					} else {
 						searchToggle();
 					}
 				}
 			});
-			//	'esc'
+			// 'esc'
 			$('.catalog_search').on('keydown', 'input#search_field', function (e) {
 				if (e.which === 27 && !(e.ctrlKey || e.altKey || e.shiftKey)) {
 					window.clearTimeout(timeoutHandle);

From 5550bc42125be01b61e21d3f9b8d8db792327beb Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:09:05 +0200
Subject: [PATCH 176/336] catalog-search.js: onReady

---
 js/catalog-search.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/catalog-search.js b/js/catalog-search.js
index 1887a1cf..a5405bc3 100644
--- a/js/catalog-search.js
+++ b/js/catalog-search.js
@@ -8,7 +8,7 @@
  *   $config['additional_javascript'][] = 'js/comment-toolbar.js';
  */
 if (active_page == 'catalog') {
-	onready(function() {
+	onReady(function() {
 		'use strict';
 
 		// 'true' = enable shortcuts

From 44e9a5aa5720f49c51505213b78fd721d5a705e6 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:10:25 +0200
Subject: [PATCH 177/336] download-original.js: format

---
 js/download-original.js | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/js/download-original.js b/js/download-original.js
index cf9635ac..06cd1c64 100644
--- a/js/download-original.js
+++ b/js/download-original.js
@@ -15,16 +15,16 @@
  *
  */
 
-onready(function(){
-	var do_original_filename = function() {
-		var filename, truncated;
+onready(function() {
+	let doOriginalFilename = function() {
+		let filename, truncated;
 		if ($(this).attr('title')) {
 			filename = $(this).attr('title');
 			truncated = true;
 		} else {
 			filename = $(this).text();
 		}
-		
+
 		$(this).replaceWith(
 			$('<a></a>')
 				.attr('download', filename)
@@ -34,9 +34,9 @@ onready(function(){
 			);
 	};
 
-	$('.postfilename').each(do_original_filename);
+	$('.postfilename').each(doOriginalFilename);
 
-        $(document).on('new_post', function(e, post) {
-		$(post).find('.postfilename').each(do_original_filename);
+	$(document).on('new_post', function(e, post) {
+		$(post).find('.postfilename').each(doOriginalFilename);
 	});
 });

From 2749567c3fb8edf94daf11e1662cab7b3460ea2d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:11:32 +0200
Subject: [PATCH 178/336] download-original.js: onReply

---
 js/download-original.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/download-original.js b/js/download-original.js
index 06cd1c64..7c0050a0 100644
--- a/js/download-original.js
+++ b/js/download-original.js
@@ -15,7 +15,7 @@
  *
  */
 
-onready(function() {
+onReady(function() {
 	let doOriginalFilename = function() {
 		let filename, truncated;
 		if ($(this).attr('title')) {

From 5306f1d1f9a2f726135c3d7b63d86e0dbf8c6b44 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:13:13 +0200
Subject: [PATCH 179/336] inline-expanding-filename.js: format

---
 js/inline-expanding-filename.js | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/js/inline-expanding-filename.js b/js/inline-expanding-filename.js
index ac79fcf0..d5a0f4d2 100644
--- a/js/inline-expanding-filename.js
+++ b/js/inline-expanding-filename.js
@@ -13,21 +13,21 @@
  *
  */
 
-onready(function(){
-	var inline_expanding_filename = function() {
-		$(this).find(".fileinfo > a").click(function(){
-			var imagelink = $(this).parent().parent().find('a[target="_blank"]:first');
-			if(imagelink.length > 0) {
+onready(function() {
+	let inlineExpandingFilename = function() {
+		$(this).find(".fileinfo > a").click(function() {
+			let imagelink = $(this).parent().parent().find('a[target="_blank"]:first');
+			if (imagelink.length > 0) {
 				imagelink.click();
 				return false;
 			}
 		});
 	};
 
-        $('div[id^="thread_"]').each(inline_expanding_filename);
-                                        
-        // allow to work with auto-reload.js, etc.
-        $(document).on('new_post', function(e, post) {
-                inline_expanding_filename.call(post);
-        });
+	$('div[id^="thread_"]').each(inlineExpandingFilename);
+
+	// allow to work with auto-reload.js, etc.
+	$(document).on('new_post', function(e, post) {
+		inlineExpandingFilename.call(post);
+	});
 });

From 41f9aed606dc36f80bba6c353b1e752747a7edc4 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:13:29 +0200
Subject: [PATCH 180/336] inline-expanding-filename.js: onReady

---
 js/inline-expanding-filename.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/inline-expanding-filename.js b/js/inline-expanding-filename.js
index d5a0f4d2..c5d325e6 100644
--- a/js/inline-expanding-filename.js
+++ b/js/inline-expanding-filename.js
@@ -13,7 +13,7 @@
  *
  */
 
-onready(function() {
+onReady(function() {
 	let inlineExpandingFilename = function() {
 		$(this).find(".fileinfo > a").click(function() {
 			let imagelink = $(this).parent().parent().find('a[target="_blank"]:first');

From e92e9469a8699f0f7bc9ba85d4875d142efcfda7 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:15:26 +0200
Subject: [PATCH 181/336] expand-all-images.js: format

---
 js/expand-all-images.js | 67 ++++++++++++++++++++++-------------------
 1 file changed, 36 insertions(+), 31 deletions(-)

diff --git a/js/expand-all-images.js b/js/expand-all-images.js
index c110f51c..6f446af6 100644
--- a/js/expand-all-images.js
+++ b/js/expand-all-images.js
@@ -16,37 +16,42 @@
  *
  */
 
-if (active_page == 'ukko' || active_page == 'thread' || active_page == 'index')
-onready(function(){
-	$('hr:first').before('<div id="expand-all-images" style="text-align:right"><a class="unimportant" href="javascript:void(0)"></a></div>');
-	$('div#expand-all-images a')
-		.text(_('Expand all images'))
-		.click(function() {
-			$('a img.post-image').each(function() {
-				// Don't expand YouTube embeds
-				if ($(this).parent().parent().hasClass('video-container'))
-					return;
+if (active_page == 'ukko' || active_page == 'thread' || active_page == 'index') {
+	onready(function() {
+		$('hr:first').before('<div id="expand-all-images" style="text-align:right"><a class="unimportant" href="javascript:void(0)"></a></div>');
+		$('div#expand-all-images a')
+			.text(_('Expand all images'))
+			.click(function() {
+				$('a img.post-image').each(function() {
+					// Don't expand YouTube embeds
+					if ($(this).parent().parent().hasClass('video-container')) {
+						return;
+					}
 
-				// or WEBM
-				if (/^\/player\.php\?/.test($(this).parent().attr('href')))
-					return;
+					// or WEBM
+					if (/^\/player\.php\?/.test($(this).parent().attr('href'))) {
+						return;
+					}
 
-				if (!$(this).parent().data('expanded'))
-					$(this).parent().click();
-			});
-
-			if (!$('#shrink-all-images').length) {
-				$('hr:first').before('<div id="shrink-all-images" style="text-align:right"><a class="unimportant" href="javascript:void(0)"></a></div>');
-			}
-
-			$('div#shrink-all-images a')
-				.text(_('Shrink all images'))
-				.click(function(){
-					$('a img.full-image').each(function() {
-						if ($(this).parent().data('expanded'))
-							$(this).parent().click();
-					});
-					$(this).parent().remove();
+					if (!$(this).parent().data('expanded')) {
+						$(this).parent().click();
+					}
 				});
-		});
-});
+
+				if (!$('#shrink-all-images').length) {
+					$('hr:first').before('<div id="shrink-all-images" style="text-align:right"><a class="unimportant" href="javascript:void(0)"></a></div>');
+				}
+
+				$('div#shrink-all-images a')
+					.text(_('Shrink all images'))
+					.click(function() {
+						$('a img.full-image').each(function() {
+							if ($(this).parent().data('expanded')) {
+								$(this).parent().click();
+							}
+						});
+						$(this).parent().remove();
+					});
+			});
+	});
+}
\ No newline at end of file

From d9a333a69f453c3c5441a59dced905059ca57030 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:15:42 +0200
Subject: [PATCH 182/336] expand-all-images.js: onReady

---
 js/expand-all-images.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/expand-all-images.js b/js/expand-all-images.js
index 6f446af6..e313f9bd 100644
--- a/js/expand-all-images.js
+++ b/js/expand-all-images.js
@@ -17,7 +17,7 @@
  */
 
 if (active_page == 'ukko' || active_page == 'thread' || active_page == 'index') {
-	onready(function() {
+	onReady(function() {
 		$('hr:first').before('<div id="expand-all-images" style="text-align:right"><a class="unimportant" href="javascript:void(0)"></a></div>');
 		$('div#expand-all-images a')
 			.text(_('Expand all images'))

From 85b03c0fb0fe808fdefc6eedbc93db1c8cbf4dc8 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:20:55 +0200
Subject: [PATCH 183/336] expand-video.js: format

---
 js/expand-video.js | 438 ++++++++++++++++++++++++---------------------
 1 file changed, 230 insertions(+), 208 deletions(-)

diff --git a/js/expand-video.js b/js/expand-video.js
index 08b474c1..fb4c6b5f 100644
--- a/js/expand-video.js
+++ b/js/expand-video.js
@@ -2,243 +2,265 @@
 /* Note: This code expects the global variable configRoot to be set. */
 
 if (typeof _ == 'undefined') {
-  var _ = function(a) { return a; };
+	var _ = function(a) {
+		return a;
+	};
 }
 
 function setupVideo(thumb, url) {
-    if (thumb.videoAlreadySetUp) return;
-    thumb.videoAlreadySetUp = true;
+	if (thumb.videoAlreadySetUp) {
+		return;
+	}
+	thumb.videoAlreadySetUp = true;
 
-    var video = null;
-    var videoContainer, videoHide;
-    var expanded = false;
-    var hovering = false;
-    var loop = true;
-    var loopControls = [document.createElement("span"), document.createElement("span")];
-    var fileInfo = thumb.parentNode.querySelector(".fileinfo");
-    var mouseDown = false;
+	let video = null;
+	let videoContainer, videoHide;
+	let expanded = false;
+	let hovering = false;
+	let loop = true;
+	let loopControls = [document.createElement("span"), document.createElement("span")];
+	let fileInfo = thumb.parentNode.querySelector(".fileinfo");
+	let mouseDown = false;
 
-    function unexpand() {
-        if (expanded) {
-            expanded = false;
-            if (video.pause) video.pause();
-            videoContainer.style.display = "none";
-            thumb.style.display = "inline";
-            video.style.maxWidth = "inherit";
-            video.style.maxHeight = "inherit";
-        }
-    }
+	function unexpand() {
+		if (expanded) {
+			expanded = false;
+			if (video.pause) {
+				video.pause();
+			}
+			videoContainer.style.display = "none";
+			thumb.style.display = "inline";
+			video.style.maxWidth = "inherit";
+			video.style.maxHeight = "inherit";
+		}
+	}
 
-    function unhover() {
-        if (hovering) {
-            hovering = false;
-            if (video.pause) video.pause();
-            videoContainer.style.display = "none";
-            video.style.maxWidth = "inherit";
-            video.style.maxHeight = "inherit";
-        }
-    }
+	function unhover() {
+		if (hovering) {
+			hovering = false;
+			if (video.pause) {
+				video.pause();
+			}
+			videoContainer.style.display = "none";
+			video.style.maxWidth = "inherit";
+			video.style.maxHeight = "inherit";
+		}
+	}
 
-    // Create video element if does not exist yet
-    function getVideo() {
-        if (video == null) {
-            video = document.createElement("video");
-            video.src = url;
-            video.loop = loop;
-            video.innerText = _("Your browser does not support HTML5 video.");
+	// Create video element if does not exist yet
+	function getVideo() {
+		if (video == null) {
+			video = document.createElement("video");
+			video.src = url;
+			video.loop = loop;
+			video.innerText = _("Your browser does not support HTML5 video.");
 
-            videoHide = document.createElement("img");
-            videoHide.src = configRoot + "static/collapse.gif";
-            videoHide.alt = "[ - ]";
-            videoHide.title = "Collapse video";
-            videoHide.style.marginLeft = "-15px";
-            videoHide.style.cssFloat = "left";
-            videoHide.addEventListener("click", unexpand, false);
+			videoHide = document.createElement("img");
+			videoHide.src = configRoot + "static/collapse.gif";
+			videoHide.alt = "[ - ]";
+			videoHide.title = "Collapse video";
+			videoHide.style.marginLeft = "-15px";
+			videoHide.style.cssFloat = "left";
+			videoHide.addEventListener("click", unexpand, false);
 
-            videoContainer = document.createElement("div");
-            videoContainer.style.paddingLeft = "15px";
-            videoContainer.style.display = "none";
-            videoContainer.appendChild(videoHide);
-            videoContainer.appendChild(video);
-            thumb.parentNode.insertBefore(videoContainer, thumb.nextSibling);
+			videoContainer = document.createElement("div");
+			videoContainer.style.paddingLeft = "15px";
+			videoContainer.style.display = "none";
+			videoContainer.appendChild(videoHide);
+			videoContainer.appendChild(video);
+			thumb.parentNode.insertBefore(videoContainer, thumb.nextSibling);
 
-            // Dragging to the left collapses the video
-            video.addEventListener("mousedown", function(e) {
-                if (e.button == 0) mouseDown = true;
-            }, false);
-            video.addEventListener("mouseup", function(e) {
-                if (e.button == 0) mouseDown = false;
-            }, false);
-            video.addEventListener("mouseenter", function(e) {
-                mouseDown = false;
-            }, false);
-            video.addEventListener("mouseout", function(e) {
-                if (mouseDown && e.clientX - video.getBoundingClientRect().left <= 0) {
-                    unexpand();
-                }
-                mouseDown = false;
-            }, false);
-        }
-    }
+			// Dragging to the left collapses the video
+			video.addEventListener("mousedown", function(e) {
+				if (e.button == 0) mouseDown = true;
+			}, false);
+			video.addEventListener("mouseup", function(e) {
+				if (e.button == 0) mouseDown = false;
+			}, false);
+			video.addEventListener("mouseenter", function(e) {
+				mouseDown = false;
+			}, false);
+			video.addEventListener("mouseout", function(e) {
+				if (mouseDown && e.clientX - video.getBoundingClientRect().left <= 0) {
+					unexpand();
+				}
+				mouseDown = false;
+			}, false);
+		}
+	}
 
-    // Clicking on thumbnail expands video
-    thumb.addEventListener("click", function(e) {
-        if (setting("videoexpand") && !e.shiftKey && !e.ctrlKey && !e.altKey && !e.metaKey) {
-            getVideo();
-            expanded = true;
-            hovering = false;
+	// Clicking on thumbnail expands video
+	thumb.addEventListener("click", function(e) {
+		if (setting("videoexpand") && !e.shiftKey && !e.ctrlKey && !e.altKey && !e.metaKey) {
+			getVideo();
+			expanded = true;
+			hovering = false;
 
-            video.style.position = "static";
-            video.style.pointerEvents = "inherit";
-            video.style.display = "inline";
-            videoHide.style.display = "inline";
-            videoContainer.style.display = "block";
-            videoContainer.style.position = "static";
-            video.parentNode.parentNode.removeAttribute('style');
-            thumb.style.display = "none";
+			video.style.position = "static";
+			video.style.pointerEvents = "inherit";
+			video.style.display = "inline";
+			videoHide.style.display = "inline";
+			videoContainer.style.display = "block";
+			videoContainer.style.position = "static";
+			video.parentNode.parentNode.removeAttribute('style');
+			thumb.style.display = "none";
 
-            video.muted = (setting("videovolume") == 0);
-            video.volume = setting("videovolume");
-            video.controls = true;
-            if (video.readyState == 0) {
-                video.addEventListener("loadedmetadata", expand2, false);
-            } else {
-                setTimeout(expand2, 0);
-            }
-            video.play();
-            e.preventDefault();
-        }
-    }, false);
+			video.muted = (setting("videovolume") == 0);
+			video.volume = setting("videovolume");
+			video.controls = true;
+			if (video.readyState == 0) {
+				video.addEventListener("loadedmetadata", expand2, false);
+			} else {
+				setTimeout(expand2, 0);
+			}
+			video.play();
+			e.preventDefault();
+		}
+	}, false);
 
-    function expand2() {
-        video.style.maxWidth = "100%";
-        video.style.maxHeight = window.innerHeight + "px";
-        var bottom = video.getBoundingClientRect().bottom;
-        if (bottom > window.innerHeight) {
-            window.scrollBy(0, bottom - window.innerHeight);
-        }
-        // work around Firefox volume control bug
-        video.volume = Math.max(setting("videovolume") - 0.001, 0);
-        video.volume = setting("videovolume");
-    }
+	function expand2() {
+		video.style.maxWidth = "100%";
+		video.style.maxHeight = window.innerHeight + "px";
+		var bottom = video.getBoundingClientRect().bottom;
+		if (bottom > window.innerHeight) {
+			window.scrollBy(0, bottom - window.innerHeight);
+		}
+		// work around Firefox volume control bug
+		video.volume = Math.max(setting("videovolume") - 0.001, 0);
+		video.volume = setting("videovolume");
+	}
 
-    // Hovering over thumbnail displays video
-    thumb.addEventListener("mouseover", function(e) {
-        if (setting("videohover")) {
-            getVideo();
-            expanded = false;
-            hovering = true;
+	// Hovering over thumbnail displays video
+	thumb.addEventListener("mouseover", function(e) {
+		if (setting("videohover")) {
+			getVideo();
+			expanded = false;
+			hovering = true;
 
-            var docRight = document.documentElement.getBoundingClientRect().right;
-            var thumbRight = thumb.querySelector("img, video").getBoundingClientRect().right;
-            var maxWidth = docRight - thumbRight - 20;
-            if (maxWidth < 250) maxWidth = 250;
+			let docRight = document.documentElement.getBoundingClientRect().right;
+			let thumbRight = thumb.querySelector("img, video").getBoundingClientRect().right;
+			let maxWidth = docRight - thumbRight - 20;
+			if (maxWidth < 250) {
+				maxWidth = 250;
+			}
 
-            video.style.position = "fixed";
-            video.style.right = "0px";
-            video.style.top = "0px";
-            var docRight = document.documentElement.getBoundingClientRect().right;
-            var thumbRight = thumb.querySelector("img, video").getBoundingClientRect().right;
-            video.style.maxWidth = maxWidth + "px";
-            video.style.maxHeight = "100%";
-            video.style.pointerEvents = "none";
+			video.style.position = "fixed";
+			video.style.right = "0px";
+			video.style.top = "0px";
+			docRight = document.documentElement.getBoundingClientRect().right;
+			thumbRight = thumb.querySelector("img, video").getBoundingClientRect().right;
+			video.style.maxWidth = maxWidth + "px";
+			video.style.maxHeight = "100%";
+			video.style.pointerEvents = "none";
 
-            video.style.display = "inline";
-            videoHide.style.display = "none";
-            videoContainer.style.display = "inline";
-            videoContainer.style.position = "fixed";
+			video.style.display = "inline";
+			videoHide.style.display = "none";
+			videoContainer.style.display = "inline";
+			videoContainer.style.position = "fixed";
 
-            video.muted = (setting("videovolume") == 0);
-            video.volume = setting("videovolume");
-            video.controls = false;
-            video.play();
-        }
-    }, false);
+			video.muted = (setting("videovolume") == 0);
+			video.volume = setting("videovolume");
+			video.controls = false;
+			video.play();
+		}
+	}, false);
 
-    thumb.addEventListener("mouseout", unhover, false);
+	thumb.addEventListener("mouseout", unhover, false);
 
-    // Scroll wheel on thumbnail adjusts default volume
-    thumb.addEventListener("wheel", function(e) {
-        if (setting("videohover")) {
-            var volume = setting("videovolume");
-            if (e.deltaY > 0) volume -= 0.1;
-            if (e.deltaY < 0) volume += 0.1;
-            if (volume < 0) volume = 0;
-            if (volume > 1) volume = 1;
-            if (video != null) {
-                video.muted = (volume == 0);
-                video.volume = volume;
-            }
-            changeSetting("videovolume", volume);
-            e.preventDefault();
-        }
-    }, false);
+	// Scroll wheel on thumbnail adjusts default volume
+	thumb.addEventListener("wheel", function(e) {
+		if (setting("videohover")) {
+			var volume = setting("videovolume");
+			if (e.deltaY > 0) {
+				volume -= 0.1;
+			}
+			if (e.deltaY < 0) {
+				volume += 0.1;
+			}
+			if (volume < 0) {
+				volume = 0;
+			}
+			if (volume > 1) {
+				volume = 1;
+			}
+			if (video != null) {
+				video.muted = (volume == 0);
+				video.volume = volume;
+			}
+			changeSetting("videovolume", volume);
+			e.preventDefault();
+		}
+	}, false);
 
-    // [play once] vs [loop] controls
-    function setupLoopControl(i) {
-        loopControls[i].addEventListener("click", function(e) {
-            loop = (i != 0);
-            thumb.href = thumb.href.replace(/([\?&])loop=\d+/, "$1loop=" + i);
-            if (video != null) {
-                video.loop = loop;
-                if (loop && video.currentTime >= video.duration) {
-                    video.currentTime = 0;
-                }
-            }
-            loopControls[i].style.fontWeight = "bold";
-            loopControls[1-i].style.fontWeight = "inherit";
-        }, false);
-    }
+	// [play once] vs [loop] controls
+	function setupLoopControl(i) {
+		loopControls[i].addEventListener("click", function(e) {
+			loop = (i != 0);
+			thumb.href = thumb.href.replace(/([\?&])loop=\d+/, "$1loop=" + i);
+			if (video != null) {
+				video.loop = loop;
+				if (loop && video.currentTime >= video.duration) {
+					video.currentTime = 0;
+				}
+			}
+			loopControls[i].style.fontWeight = "bold";
+			loopControls[1-i].style.fontWeight = "inherit";
+		}, false);
+	}
 
-    loopControls[0].textContent = _("[play once]");
-    loopControls[1].textContent = _("[loop]");
-    loopControls[1].style.fontWeight = "bold";
-    for (var i = 0; i < 2; i++) {
-        setupLoopControl(i);
-        loopControls[i].style.whiteSpace = "nowrap";
-        fileInfo.appendChild(document.createTextNode(" "));
-        fileInfo.appendChild(loopControls[i]);
-    }
+	loopControls[0].textContent = _("[play once]");
+	loopControls[1].textContent = _("[loop]");
+	loopControls[1].style.fontWeight = "bold";
+	for (var i = 0; i < 2; i++) {
+		setupLoopControl(i);
+		loopControls[i].style.whiteSpace = "nowrap";
+		fileInfo.appendChild(document.createTextNode(" "));
+		fileInfo.appendChild(loopControls[i]);
+	}
 }
 
 function setupVideosIn(element) {
-    var thumbs = element.querySelectorAll("a.file");
-    for (var i = 0; i < thumbs.length; i++) {
-        if (/\.webm$|\.mp4$/.test(thumbs[i].pathname)) {
-            setupVideo(thumbs[i], thumbs[i].href);
-        } else {
-            var m = thumbs[i].search.match(/\bv=([^&]*)/);
-            if (m != null) {
-                var url = decodeURIComponent(m[1]);
-                if (/\.webm$|\.mp4$/.test(url)) setupVideo(thumbs[i], url);
-            }
-        }
-    }
+	let thumbs = element.querySelectorAll("a.file");
+	for (let i = 0; i < thumbs.length; i++) {
+		if (/\.webm$|\.mp4$/.test(thumbs[i].pathname)) {
+			setupVideo(thumbs[i], thumbs[i].href);
+		} else {
+			let m = thumbs[i].search.match(/\bv=([^&]*)/);
+			if (m != null) {
+				let url = decodeURIComponent(m[1]);
+				if (/\.webm$|\.mp4$/.test(url)) {
+					setupVideo(thumbs[i], url);
+				}
+			}
+		}
+	}
 }
 
 onready(function(){
-    // Insert menu from settings.js
-    if (typeof settingsMenu != "undefined" && typeof Options == "undefined")
-      document.body.insertBefore(settingsMenu, document.getElementsByTagName("hr")[0]);
+	// Insert menu from settings.js
+	if (typeof settingsMenu != "undefined" && typeof Options == "undefined") {
+		document.body.insertBefore(settingsMenu, document.getElementsByTagName("hr")[0]);
+	}
 
-    // Setup Javascript events for videos in document now
-    setupVideosIn(document);
+	// Setup Javascript events for videos in document now
+	setupVideosIn(document);
 
-    // Setup Javascript events for videos added by updater
-    if (window.MutationObserver) {
-        var observer = new MutationObserver(function(mutations) {
-            for (var i = 0; i < mutations.length; i++) {
-                var additions = mutations[i].addedNodes;
-                if (additions == null) continue;
-                for (var j = 0; j < additions.length; j++) {
-                    var node = additions[j];
-                    if (node.nodeType == 1) {
-                        setupVideosIn(node);
-                    }
-                }
-            }
-        });
-        observer.observe(document.body, {childList: true, subtree: true});
-    }
+	// Setup Javascript events for videos added by updater
+	if (window.MutationObserver) {
+		let observer = new MutationObserver(function(mutations) {
+			for (let i = 0; i < mutations.length; i++) {
+				let additions = mutations[i].addedNodes;
+				if (additions == null) {
+					continue;
+				}
+				for (let j = 0; j < additions.length; j++) {
+					let node = additions[j];
+					if (node.nodeType == 1) {
+						setupVideosIn(node);
+					}
+				}
+			}
+		});
+		observer.observe(document.body, {childList: true, subtree: true});
+	}
 });
-

From 4445254b00bf8b3270cf957ae0bbd4de74478868 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 5 Aug 2024 19:21:09 +0200
Subject: [PATCH 184/336] expand-video.js: onReady

---
 js/expand-video.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/expand-video.js b/js/expand-video.js
index fb4c6b5f..3aa88a2c 100644
--- a/js/expand-video.js
+++ b/js/expand-video.js
@@ -236,7 +236,7 @@ function setupVideosIn(element) {
 	}
 }
 
-onready(function(){
+onReady(function(){
 	// Insert menu from settings.js
 	if (typeof settingsMenu != "undefined" && typeof Options == "undefined") {
 		document.body.insertBefore(settingsMenu, document.getElementsByTagName("hr")[0]);

From 230cc252c5492117996386d63b5ceaf8e49dca71 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 9 Aug 2024 00:39:08 -0700
Subject: [PATCH 185/336] add changes from #782

---
 post.php | 41 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 36 insertions(+), 5 deletions(-)

diff --git a/post.php b/post.php
index b09cb341..cc45ccb2 100644
--- a/post.php
+++ b/post.php
@@ -167,6 +167,41 @@ function strip_image_metadata(string $img_path): int {
 	return $ret;
 }
 
+/**
+ * Delete posts in a cyclical thread.
+ *
+ * @param string $boardUri The URI of the board.
+ * @param int $threadId The ID of the thread.
+ * @param int $cycleLimit The number of most recent posts to retain.
+ */
+function delete_cyclical_posts(string $boardUri, int $threadId, int $cycleLimit): void
+{
+    $query = prepare(sprintf('
+        SELECT p.`id`
+        FROM ``posts_%s`` p
+        LEFT JOIN (
+            SELECT `id`
+            FROM ``posts_%s``
+            WHERE `thread` = :thread
+            ORDER BY `id` DESC
+            LIMIT :limit
+        ) recent_posts ON p.id = recent_posts.id
+        WHERE p.thread = :thread
+        AND recent_posts.id IS NULL',
+        $boardUri, $boardUri
+    ));
+
+    $query->bindValue(':thread', $threadId, PDO::PARAM_INT);
+    $query->bindValue(':limit', $cycleLimit, PDO::PARAM_INT);
+
+    $query->execute() or error(db_error($query));
+    $ids = $query->fetchAll(PDO::FETCH_COLUMN);
+
+    foreach ($ids as $id) {
+        deletePost($id, false);
+    }
+}
+
 /**
  * Method handling functions
  */
@@ -1292,11 +1327,7 @@ if (isset($_POST['delete'])) {
 
 	// Handle cyclical threads
 	if (!$post['op'] && isset($thread['cycle']) && $thread['cycle']) {
-		// Query is a bit weird due to "This version of MariaDB doesn't yet support 'LIMIT & IN/ALL/ANY/SOME subquery'" (MariaDB Ver 15.1 Distrib 10.0.17-MariaDB, for Linux (x86_64))
-		$query = prepare(sprintf('DELETE FROM ``posts_%s`` WHERE `thread` = :thread AND `id` NOT IN (SELECT `id` FROM (SELECT `id` FROM ``posts_%s`` WHERE `thread` = :thread ORDER BY `id` DESC LIMIT :limit) i)', $board['uri'], $board['uri']));
-		$query->bindValue(':thread', $post['thread']);
-		$query->bindValue(':limit', $config['cycle_limit'], PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
+		delete_cyclical_posts($board['uri'], $post['thread'], $config['cycle_limit']);
 	}
 
 	if (isset($post['antispam_hash'])) {

From e5d423e595f67fb0a49d48d5b3b12688f8ec3cba Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 9 Aug 2024 00:43:43 -0700
Subject: [PATCH 186/336] revert column behavior

---
 templates/themes/index/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/themes/index/index.html b/templates/themes/index/index.html
index 2d037ccc..aafcc2f3 100644
--- a/templates/themes/index/index.html
+++ b/templates/themes/index/index.html
@@ -23,7 +23,7 @@
 	<div class="box-wrap">
 	    <fieldset>
 		<legend>Boards</legend>
-		<ul style="columns: 2;">
+		<ul>
 			{% for board in boards %}
 				<li class="boardlinksurl">
 					<a href="{{ config.board_path|sprintf(board.uri) }}">

From 0c074016e71145671cdf03ec0c94c9cf717492de Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 11 Aug 2024 00:56:16 +0200
Subject: [PATCH 187/336] context.php: much better Dependency Injection
 implementation

---
 inc/context.php | 96 +++++++++++++++++++++++--------------------------
 post.php        | 28 +++++++--------
 2 files changed, 58 insertions(+), 66 deletions(-)

diff --git a/inc/context.php b/inc/context.php
index bb261047..f65c3b0d 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -1,66 +1,58 @@
 <?php
 namespace Vichan;
 
+use RuntimeException;
 use Vichan\Driver\{HttpDriver, HttpDrivers, Log, LogDrivers};
 
 defined('TINYBOARD') or exit;
 
-
-interface DependencyFactory {
-	public function buildLogDriver(): Log;
-	public function buildHttpDriver(): HttpDriver;
-}
-
-class WebDependencyFactory implements DependencyFactory {
-	private array $config;
-
-
-	public function __construct(array $config) {
-		$this->config = $config;
-	}
-
-	public function buildLogDriver(): Log {
-		$name = $this->config['log_system']['name'];
-		$level = $this->config['debug'] ? Log::DEBUG : Log::NOTICE;
-		$backend = $this->config['log_system']['type'];
-
-		// Check 'syslog' for backwards compatibility.
-		if ((isset($this->config['syslog']) && $this->config['syslog']) || $backend === 'syslog') {
-			return LogDrivers::syslog($name, $level, $this->config['log_system']['syslog_stderr']);
-		} elseif ($backend === 'file') {
-			return LogDrivers::file($name, $level, $this->config['log_system']['file_path']);
-		} elseif ($backend === 'stderr') {
-			return LogDrivers::stderr($name, $level);
-		} elseif ($backend === 'none') {
-			return LogDrivers::none();
-		} else {
-			return LogDrivers::error_log($name, $level);
-		}
-	}
-
-	public function buildHttpDriver(): HttpDriver {
-		return HttpDrivers::getHttpDriver(
-			$this->config['upload_by_url_timeout'],
-			$this->config['max_filesize']
-		);
-	}
-}
-
 class Context {
-	private DependencyFactory $factory;
-	private ?Log $log;
-	private ?HttpDriver $http;
+	private array $definitions;
 
-
-	public function __construct(DependencyFactory $factory) {
-		$this->factory = $factory;
+	public function __construct(array $definitions) {
+		$this->definitions = $definitions;
 	}
 
-	public function getLog(): Log {
-		return $this->log ??= $this->factory->buildLogDriver();
-	}
+	public function get(string $name): mixed {
+		if (!isset($this->definitions[$name])) {
+			throw new RuntimeException("Could not find a dependency named $name");
+		}
 
-	public function getHttpDriver(): HttpDriver {
-		return $this->http ??= $this->factory->buildHttpDriver();
+		$ret = $this->definitions[$name];
+		if (is_callable($ret) && !is_string($ret) && !is_array($ret)) {
+			$ret = $ret($this);
+			$this->definitions[$name] = $ret;
+		}
+		return $ret;
 	}
 }
+
+function build_context(array $config): Context {
+	return new Context([
+		'config' => $config,
+		Log::class => function($c) {
+			$config = $c->get('config');
+
+			$name = $config['log_system']['name'];
+			$level = $config['debug'] ? Log::DEBUG : Log::NOTICE;
+			$backend = $config['log_system']['type'];
+
+			// Check 'syslog' for backwards compatibility.
+			if ((isset($config['syslog']) && $config['syslog']) || $backend === 'syslog') {
+				return LogDrivers::syslog($name, $level, $this->config['log_system']['syslog_stderr']);
+			} elseif ($backend === 'file') {
+				return LogDrivers::file($name, $level, $this->config['log_system']['file_path']);
+			} elseif ($backend === 'stderr') {
+				return LogDrivers::stderr($name, $level);
+			} elseif ($backend === 'none') {
+				return LogDrivers::none();
+			} else {
+				return LogDrivers::error_log($name, $level);
+			}
+		},
+		HttpDriver::class => function($c) {
+			$config = $c->get('config');
+			return HttpDrivers::getHttpDriver($config['upload_by_url_timeout'], $config['max_filesize']);
+		}
+	]);
+}
diff --git a/post.php b/post.php
index cc45ccb2..a73c5dfc 100644
--- a/post.php
+++ b/post.php
@@ -207,7 +207,7 @@ function delete_cyclical_posts(string $boardUri, int $threadId, int $cycleLimit)
  */
 
 $dropped_post = false;
-$context = new Context(new WebDependencyFactory($config));
+$context = Vichan\build_context($config);
 
 // Is it a post coming from NNTP? Let's extract it and pretend it's a normal post.
 if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
@@ -286,7 +286,7 @@ if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
 		$content = file_get_contents("php://input");
 	}
 	elseif ($ct == 'multipart/mixed' || $ct == 'multipart/form-data') {
-		$context->getLog()->log(Log::DEBUG, 'MM: Files: ' . print_r($GLOBALS, true));
+		$context->get(Log::class)->log(Log::DEBUG, 'MM: Files: ' . print_r($GLOBALS, true));
 
 		$content = '';
 
@@ -454,7 +454,7 @@ if (isset($_POST['delete'])) {
 				modLog("User at $ip deleted their own post #$id");
 			}
 
-			$context->getLog()->log(
+			$context->get(Log::class)->log(
 				Log::INFO,
 				'Deleted post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
 			);
@@ -517,7 +517,7 @@ if (isset($_POST['delete'])) {
 
 		try {
 			$query = new NativeCaptchaQuery(
-				$context->getHttpDriver(),
+				$context->get(HttpDriver::class),
 				$config['domain'],
 				$config['captcha']['provider_check']
 			);
@@ -531,7 +531,7 @@ if (isset($_POST['delete'])) {
 				error($config['error']['captcha']);
 			}
 		} catch (RuntimeException $e) {
-			$context->getLog()->log(Log::ERROR, "Native captcha IO exception: {$e->getMessage()}");
+			$context->get(Log::class)->log(Log::ERROR, "Native captcha IO exception: {$e->getMessage()}");
 			error($config['error']['local_io_error']);
 		}
 	}
@@ -550,7 +550,7 @@ if (isset($_POST['delete'])) {
 
 		$post = $query->fetch(PDO::FETCH_ASSOC);
 		if ($post === false) {
-			$context->getLog()->log(Log::INFO, "Failed to report non-existing post #{$id} in {$board['dir']}");
+			$context->get(Log::class)->log(Log::INFO, "Failed to report non-existing post #{$id} in {$board['dir']}");
 			error($config['error']['nopost']);
 		}
 
@@ -559,7 +559,7 @@ if (isset($_POST['delete'])) {
 			error($error);
 		}
 
-		$context->getLog()->log(
+		$context->get(Log::class)->log(
 			Log::INFO,
 			'Reported post: /'
 				 . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
@@ -631,7 +631,7 @@ if (isset($_POST['delete'])) {
 		try {
 			// With our custom captcha provider
 			if ($config['captcha']['enabled'] || ($post['op'] && $config['new_thread_capt'])) {
-				$query = new NativeCaptchaQuery($context->getHttpDriver(), $config['domain'], $config['captcha']['provider_check']);
+				$query = new NativeCaptchaQuery($context->get(HttpDriver::class), $config['domain'], $config['captcha']['provider_check']);
 				$success = $query->verify($config['captcha']['extra'], $_POST['captcha_text'], $_POST['captcha_cookie']);
 
 				if (!$success) {
@@ -655,7 +655,7 @@ if (isset($_POST['delete'])) {
 						error($config['error']['bot']);
 					}
 					$response = $_POST['g-recaptcha-response'];
-					$query = RemoteCaptchaQuery::withRecaptcha($context->getHttpDriver(), $config['recaptcha_private']);
+					$query = RemoteCaptchaQuery::withRecaptcha($context->get(HttpDriver::class), $config['recaptcha_private']);
 				}
 				// hCaptcha
 				elseif ($config['hcaptcha']) {
@@ -663,7 +663,7 @@ if (isset($_POST['delete'])) {
 						error($config['error']['bot']);
 					}
 					$response = $_POST['h-captcha-response'];
-					$query = RemoteCaptchaQuery::withHCaptcha($context->getHttpDriver(), $config['hcaptcha_private']);
+					$query = RemoteCaptchaQuery::withHCaptcha($context->get(HttpDriver::class), $config['hcaptcha_private']);
 				}
 
 				if (isset($query, $response)) {
@@ -785,7 +785,7 @@ if (isset($_POST['delete'])) {
 
 		try {
 			$ret = download_file_from_url(
-				$context->getHttpDriver(),
+				$context->get(HttpDriver::class),
 				$_POST['file_url'],
 				$config['upload_by_url_timeout'],
 				$allowed_extensions,
@@ -1163,7 +1163,7 @@ if (isset($_POST['delete'])) {
 					try {
 						$file['size'] = strip_image_metadata($file['tmp_name']);
 					} catch (RuntimeException $e) {
-						$context->getLog()->log(Log::ERROR, "Could not strip image metadata: {$e->getMessage()}");
+						$context->get(Log::class)->log(Log::ERROR, "Could not strip image metadata: {$e->getMessage()}");
 						// Since EXIF metadata can countain sensible info, fail the request.
 						error(_('Could not strip EXIF metadata!'), null, $error);
 					}
@@ -1201,7 +1201,7 @@ if (isset($_POST['delete'])) {
 						$post['body_nomarkup'] .= "<tinyboard ocr image $key>" . htmlspecialchars($value) . "</tinyboard>";
 					}
 				} catch (RuntimeException $e) {
-					$context->getLog()->log(Log::ERROR, "Could not OCR image: {$e->getMessage()}");
+					$context->get(Log::class)->log(Log::ERROR, "Could not OCR image: {$e->getMessage()}");
 				}
 			}
 		}
@@ -1395,7 +1395,7 @@ if (isset($_POST['delete'])) {
 
 	buildThread($post['op'] ? $id : $post['thread']);
 
-	$context->getLog()->log(
+	$context->get(Log::class)->log(
 		Log::INFO,
 		'New post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . (!$post['op'] ? '#' . $id : '')
 	);

From 609da4354824393811ad7f6bff18f25667719620 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 9 Jul 2024 00:17:23 +0200
Subject: [PATCH 188/336] anti-bot.php: trim

---
 inc/anti-bot.php | 68 ++++++++++++++++++++++++------------------------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/inc/anti-bot.php b/inc/anti-bot.php
index 29279296..aa0eeb99 100644
--- a/inc/anti-bot.php
+++ b/inc/anti-bot.php
@@ -10,7 +10,7 @@ $hidden_inputs_twig = array();
 
 class AntiBot {
 	public $salt, $inputs = array(), $index = 0;
-	
+
 	public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
 		$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
 		if ($uppercase)
@@ -22,11 +22,11 @@ class AntiBot {
 			for ($n = 0; $n < $len; $n++)
 				$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
 		}
-		
+
 		$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
-		
+
 		$ch = array();
-		
+
 		// fill up $ch until we reach $length
 		while (count($ch) < $length) {
 			$n = $length - count($ch);
@@ -39,40 +39,40 @@ class AntiBot {
 			foreach ($keys as $key)
 				$ch[] = $chars[$key];
 		}
-		
+
 		$chars = $ch;
-		
+
 		return implode('', $chars);
 	}
-	
+
 	public static function make_confusing($string) {
 		$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
-		
+
 		foreach ($chars as &$c) {
 			if (mt_rand(0, 3) != 0)
 				$c = utf8tohtml($c);
 			else
 				$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
 		}
-		
+
 		return implode('', $chars);
 	}
-	
+
 	public function __construct(array $salt = array()) {
 		global $config;
-		
+
 		if (!empty($salt)) {
 			// create a salted hash of the "extra salt"
 			$this->salt = implode(':', $salt);
-		} else { 
+		} else {
 			$this->salt = '';
 		}
-		
+
 		shuffle($config['spam']['hidden_input_names']);
-		
+
 		$input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
 		$hidden_input_names_x = 0;
-		
+
 		for ($x = 0; $x < $input_count ; $x++) {
 			if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
 				// Use an obscure name
@@ -83,7 +83,7 @@ class AntiBot {
 				if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
 					$hidden_input_names_x = false;
 			}
-			
+
 			if (mt_rand(0, 2) == 0) {
 				// Value must be null
 				$this->inputs[$name] = '';
@@ -96,16 +96,16 @@ class AntiBot {
 			}
 		}
 	}
-	
+
 	public static function space() {
 		if (mt_rand(0, 3) != 0)
 			return ' ';
 		return str_repeat(' ', mt_rand(1, 3));
 	}
-	
+
 	public function html($count = false) {
 		global $config;
-		
+
 		$elements = array(
 			'<input type="hidden" name="%name%" value="%value%">',
 			'<input type="hidden" value="%value%" name="%name%">',
@@ -119,13 +119,13 @@ class AntiBot {
 			'<textarea style="display:none" name="%name%">%value%</textarea>',
 			'<textarea name="%name%" style="display:none">%value%</textarea>'
 		);
-		
+
 		$html = '';
-		
+
 		if ($count === false) {
 			$count = mt_rand(1, (int)abs(count($this->inputs) / 15) + 1);
 		}
-		
+
 		if ($count === true) {
 			// all elements
 			$inputs = array_slice($this->inputs, $this->index);
@@ -133,7 +133,7 @@ class AntiBot {
 			$inputs = array_slice($this->inputs, $this->index, $count);
 		}
 		$this->index += count($inputs);
-		
+
 		foreach ($inputs as $name => $value) {
 			$element = false;
 			while (!$element) {
@@ -146,37 +146,37 @@ class AntiBot {
 					$element = false;
 				}
 			}
-			
+
 			$element = str_replace('%name%', utf8tohtml($name), $element);
-			
+
 			if (mt_rand(0, 2) == 0)
 				$value = $this->make_confusing($value);
 			else
 				$value = utf8tohtml($value);
-			
+
 			if (strpos($element, 'textarea') === false)
 				$value = str_replace('"', '&quot;', $value);
-			
+
 			$element = str_replace('%value%', $value, $element);
-			
+
 			$html .= $element;
 		}
-		
+
 		return $html;
 	}
-	
+
 	public function reset() {
 		$this->index = 0;
 	}
-	
+
 	public function hash() {
 		global $config;
-		
+
 		// This is the tricky part: create a hash to validate it after
 		// First, sort the keys in alphabetical order (A-Z)
 		$inputs = $this->inputs;
 		ksort($inputs);
-		
+
 		$hash = '';
 		// Iterate through each input
 		foreach ($inputs as $name => $value) {
@@ -184,7 +184,7 @@ class AntiBot {
 		}
 		// Add a salt to the hash
 		$hash .= $config['cookies']['salt'];
-		
+
 		// Use SHA1 for the hash
 		return sha1($hash . $this->salt);
 	}

From ee20bf574ae61b28119d9db1823777d35b07b9b2 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 11 Aug 2024 10:14:54 +0200
Subject: [PATCH 189/336] functions.php: format _create_antibot

---
 inc/functions.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/inc/functions.php b/inc/functions.php
index f1c2c26c..3530ab77 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1615,21 +1615,23 @@ function checkMute() {
 function _create_antibot($board, $thread) {
 	global $config, $purged_old_antispam;
 
-	$antibot = new AntiBot(array($board, $thread));
+	$antibot = new AntiBot([$board, $thread]);
 
 	if (!isset($purged_old_antispam)) {
 		$purged_old_antispam = true;
 		query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
 	}
 
-	if ($thread)
+	if ($thread) {
 		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');
-	else
+	} else {
 		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL');
+	}
 
 	$query->bindValue(':board', $board);
-	if ($thread)
+	if ($thread) {
 		$query->bindValue(':thread', $thread);
+	}
 	$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
 	$query->execute() or error(db_error($query));
 

From 00cc1f434d30cd489141d2316876f42cc10ce15f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 11 Jul 2024 21:16:55 +0200
Subject: [PATCH 190/336] anti-bot.php: add comments to _create_antibot

---
 inc/functions.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/inc/functions.php b/inc/functions.php
index 3530ab77..d8943530 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1617,11 +1617,15 @@ function _create_antibot($board, $thread) {
 
 	$antibot = new AntiBot([$board, $thread]);
 
+	// Delete old expired antispam, skipping those with NULL expiration timestamps (infinite lifetime).
 	if (!isset($purged_old_antispam)) {
 		$purged_old_antispam = true;
 		query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
 	}
 
+	// Keep the now invalid timestamps around for a bit to enable users to post if they're still on an old version of
+	// the HTML page.
+	// By virtue of existing, we know that we're making a new version of the page, and the user from now on may just reload.
 	if ($thread) {
 		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');
 	} else {
@@ -1635,6 +1639,7 @@ function _create_antibot($board, $thread) {
 	$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
 	$query->execute() or error(db_error($query));
 
+	// Insert an antispam with infinite life as the HTML page of a thread might last well beyond the expiry date.
 	$query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)');
 	$query->bindValue(':board', $board);
 	$query->bindValue(':thread', $thread);

From e4707ee2a8e8485432e2a1e160bc41a470926c7a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 14 Jul 2024 00:25:52 +0200
Subject: [PATCH 191/336] Delete stale unreferenced ban appeals via foreign key
 constrain

---
 inc/mod/pages.php | 4 ----
 install.sql       | 3 ++-
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 77fba803..e0eeabbc 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -1044,10 +1044,6 @@ function mod_ban_appeals() {
 	if (!hasPermission($config['mod']['view_ban_appeals']))
 		error($config['error']['noaccess']);
 
-	// Remove stale ban appeals
-	query("DELETE FROM ``ban_appeals`` WHERE NOT EXISTS (SELECT 1 FROM ``bans`` WHERE `ban_id` = ``bans``.`id`)")
-		or error(db_error());
-
 	if (isset($_POST['appeal_id']) && (isset($_POST['unban']) || isset($_POST['deny']))) {
 		if (!hasPermission($config['mod']['ban_appeals']))
 			error($config['error']['noaccess']);
diff --git a/install.sql b/install.sql
index ee005a99..fa6d223a 100644
--- a/install.sql
+++ b/install.sql
@@ -294,7 +294,8 @@ CREATE TABLE IF NOT EXISTS `ban_appeals` (
   `message` text NOT NULL,
   `denied` tinyint(1) NOT NULL,
   PRIMARY KEY (`id`),
-  KEY `ban_id` (`ban_id`)
+  KEY `ban_id` (`ban_id`),
+  CONSTRAINT `fk_ban_id` FOREIGN KEY (`ban_id`) REFERENCES `bans`(`id`) ON DELETE CASCADE
 ) ENGINE=InnoDB  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------

From 980b2ef7bf09f5b0e4d6bdfafc683c9537c681aa Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 30 Jun 2024 16:15:47 +0200
Subject: [PATCH 192/336] bans.php: split findSingle implementations

---
 inc/bans.php | 92 +++++++++++++++++++++++++++++++++-------------------
 post.php     |  2 +-
 2 files changed, 59 insertions(+), 35 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index 0da89640..ef9ff6e5 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -33,6 +33,59 @@ class Bans {
 		}
 	}
 
+	static private function findSingleAutoGc(string $ip, int $ban_id, bool $require_ban_view): array|null {
+		// Use OR in the query to also garbage collect bans.
+		$query = prepare(
+			'SELECT ``bans``.* FROM ``bans``
+			 WHERE ((`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)) OR (``bans``.id = :id))
+			 ORDER BY `expires` IS NULL, `expires` DESC'
+		);
+
+		$query->bindValue(':id', $ban_id);
+		$query->bindValue(':ip', inet_pton($ip));
+
+		$query->execute() or error(db_error($query));
+
+		$found_ban = null;
+		$to_delete_list = [];
+
+		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
+			if ($ban['expires'] && ($ban['seen'] || !$require_ban_view) && $ban['expires'] < time()) {
+				$to_delete_list[] = $ban['id'];
+			} elseif ($ban['id'] === $ban_id) {
+				if ($ban['post']) {
+					$ban['post'] = json_decode($ban['post'], true);
+				}
+				$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
+				$found_ban = $ban;
+			}
+		}
+
+		self::deleteBans($to_delete_list);
+
+		return $found_ban;
+	}
+
+	static private function findSingleNoGc(int $ban_id): array|null {
+		$query = prepare(
+			'SELECT ``bans``.* FROM ``bans``
+			 WHERE ``bans``.id = :id
+			 ORDER BY `expires` IS NULL, `expires` DESC
+			 LIMIT 1'
+		);
+
+		$query->bindValue(':id', $ban_id);
+
+		$query->execute() or error(db_error($query));
+		$ret = $query->fetch(PDO::FETCH_ASSOC);
+		if ($query->rowCount() == 0) {
+			return null;
+		} else {
+			$ret['post'] = json_decode($ret['post'], true);
+			return $ret;
+		}
+	}
+
 	static public function range_to_string($mask) {
 		list($ipstart, $ipend) = $mask;
 
@@ -143,41 +196,12 @@ class Bans {
 		return array($ipstart, $ipend);
 	}
 
-	static public function findSingle(string $ip, int $ban_id, bool $require_ban_view): array|null {
-		/**
-		 * Use OR in the query to also garbage collect bans. Ideally we should move the whole GC procedure to a separate
-		 * script, but it will require a more important restructuring.
-		 */
-		$query = prepare(
-			'SELECT ``bans``.* FROM ``bans``
-			 WHERE ((`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)) OR (``bans``.id = :id))
-			 ORDER BY `expires` IS NULL, `expires` DESC'
-		);
-
-		$query->bindValue(':id', $ban_id);
-		$query->bindValue(':ip', inet_pton($ip));
-
-		$query->execute() or error(db_error($query));
-
-		$found_ban = null;
-		$to_delete_list = [];
-
-		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
-			if ($ban['expires'] && ($ban['seen'] || !$require_ban_view) && $ban['expires'] < time()) {
-				$to_delete_list[] = $ban['id'];
-			} elseif ($ban['id'] === $ban_id) {
-				if ($ban['post']) {
-					$ban['post'] = json_decode($ban['post'], true);
-				}
-				$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
-				$ban['cmask'] = cloak_mask($ban['mask']);
-				$found_ban = $ban;
-			}
+	static public function findSingle(string $ip, int $ban_id, bool $require_ban_view, bool $auto_gc): array|null {
+		if ($auto_gc) {
+			return self::findSingleAutoGc($ip, $ban_id, $require_ban_view);
+		} else {
+			return self::findSingleNoGc($ban_id);
 		}
-
-		self::deleteBans($to_delete_list);
-
-		return $found_ban;
 	}
 
 	static public function find($ip, $board = false, $get_mod_info = false, $banid = null) {
diff --git a/post.php b/post.php
index cc45ccb2..9d1c1783 100644
--- a/post.php
+++ b/post.php
@@ -1439,7 +1439,7 @@ if (isset($_POST['delete'])) {
 
 	$ban_id = (int)$_POST['ban_id'];
 
-	$ban = Bans::findSingle($_SERVER['REMOTE_ADDR'], $ban_id, $config['require_ban_view']);
+	$ban = Bans::findSingle($_SERVER['REMOTE_ADDR'], $ban_id, $config['require_ban_view'], true);
 
 	if (empty($ban)) {
 		error($config['error']['noban']);

From 36476f6341871d8f1bbcfc5f9a580c528c3893e4 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 30 Jun 2024 16:34:38 +0200
Subject: [PATCH 193/336] bans.php: split find implementations

---
 inc/bans.php      | 105 +++++++++++++++++++++++++++++++---------------
 inc/functions.php |   2 +-
 inc/mod/pages.php |   4 +-
 3 files changed, 75 insertions(+), 36 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index ef9ff6e5..ee0d086d 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -86,6 +86,73 @@ class Bans {
 		}
 	}
 
+	static private function findAutoGc(?string $ip, string|false $board, bool $get_mod_info, bool $require_ban_view, ?int $ban_id): array {
+		$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
+		' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
+		WHERE
+			(' . ($board !== false ? '(`board` IS NULL OR `board` = :board) AND' : '') . '
+			(`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)) OR (``bans``.id = :id))
+		ORDER BY `expires` IS NULL, `expires` DESC');
+
+		if ($board !== false) {
+			$query->bindValue(':board', $board, PDO::PARAM_STR);
+		}
+
+		$query->bindValue(':id', $ban_id);
+		$query->bindValue(':ip', inet_pton($ip));
+		$query->execute() or error(db_error($query));
+
+		$ban_list = [];
+		$to_delete_list = [];
+
+		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
+			if ($ban['expires'] && ($ban['seen'] || !$require_ban_view) && $ban['expires'] < time()) {
+				$to_delete_list[] = $ban['id'];
+			} else {
+				if ($ban['post']) {
+					$ban['post'] = json_decode($ban['post'], true);
+				}
+				$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
+				$ban_list[] = $ban;
+			}
+		}
+
+		self::deleteBans($to_delete_list);
+
+		return $ban_list;
+	}
+
+	static private function findNoGc(?string $ip, string|false $board, bool $get_mod_info, ?int $ban_id): array {
+		$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
+		' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
+		WHERE
+			(' . ($board !== false ? '(`board` IS NULL OR `board` = :board) AND' : '') . '
+			(`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)) OR (``bans``.id = :id))
+			AND `expires` IS NULL OR `expires` >= :curr_time
+		ORDER BY `expires` IS NULL, `expires` DESC');
+
+		if ($board !== false) {
+			$query->bindValue(':board', $board, PDO::PARAM_STR);
+		}
+
+		$query->bindValue(':id', $ban_id);
+		$query->bindValue(':ip', inet_pton($ip));
+		$query->bindValue(':curr_time', time());
+		$query->execute() or error(db_error($query));
+
+		$ban_list = [];
+
+		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
+			if ($ban['post']) {
+				$ban['post'] = json_decode($ban['post'], true);
+			}
+			$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
+			$ban_list[] = $ban;
+		}
+
+		return $ban_list;
+	}
+
 	static public function range_to_string($mask) {
 		list($ipstart, $ipend) = $mask;
 
@@ -204,42 +271,14 @@ class Bans {
 		}
 	}
 
-	static public function find($ip, $board = false, $get_mod_info = false, $banid = null) {
+	static public function find(?string $ip, string|false $board = false, bool $get_mod_info = false, ?int $ban_id = null, bool $auto_gc = true) {
 		global $config;
 
-		$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
-		' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
-		WHERE
-			(' . ($board !== false ? '(`board` IS NULL OR `board` = :board) AND' : '') . '
-		(`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)) OR (``bans``.id = :id))
-		ORDER BY `expires` IS NULL, `expires` DESC');
-
-		if ($board !== false)
-			$query->bindValue(':board', $board, PDO::PARAM_STR);
-
-		$query->bindValue(':id', $banid);
-		$query->bindValue(':ip', inet_pton($ip));
-
-		$query->execute() or error(db_error($query));
-
-		$ban_list = array();
-		$to_delete_list = [];
-
-		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
-			if ($ban['expires'] && ($ban['seen'] || !$config['require_ban_view']) && $ban['expires'] < time()) {
-				$to_delete_list[] = $ban['id'];
-			} else {
-				if ($ban['post'])
-					$ban['post'] = json_decode($ban['post'], true);
-				$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
-				$ban['cmask'] = cloak_mask($ban['mask']);
-				$ban_list[] = $ban;
-			}
+		if ($auto_gc) {
+			return self::findAutoGc($ip, $board, $get_mod_info, $config['require_ban_view'], $ban_id);
+		} else {
+			return self::findNoGc($ip, $board, $get_mod_info, $ban_id);
 		}
-
-		self::deleteBans($to_delete_list);
-
-		return $ban_list;
 	}
 
 	static public function stream_json($out = false, $filter_ips = false, $filter_staff = false, $board_access = false) {
diff --git a/inc/functions.php b/inc/functions.php
index d8943530..908aff59 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -876,7 +876,7 @@ function checkBan($board = false) {
 	}
 
 	foreach ($ips as $ip) {
-		$bans = Bans::find($ip, $board, $config['show_modname']);
+		$bans = Bans::find($ip, $board, $config['show_modname'], null, true);
 
 		foreach ($bans as &$ban) {
 			if ($ban['expires'] && $ban['expires'] < time()) {
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index e0eeabbc..7483a27d 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -897,7 +897,7 @@ function mod_page_ip($cip) {
 	$args['token'] = make_secure_link_token('ban');
 
 	if (hasPermission($config['mod']['view_ban'])) {
-		$args['bans'] = Bans::find($ip, false, true);
+		$args['bans'] = Bans::find($ip, false, true, null, true);
 	}
 
 	if (hasPermission($config['mod']['view_notes'])) {
@@ -927,7 +927,7 @@ function mod_edit_ban($ban_id) {
 	if (!hasPermission($config['mod']['edit_ban']))
 		error($config['error']['noaccess']);
 
-	$args['bans'] = Bans::find(null, false, true, $ban_id);
+	$args['bans'] = Bans::find(null, false, true, $ban_id, true);
 	$args['ban_id'] = $ban_id;
 	$args['boards'] = listBoards();
 	$args['current_board'] = isset($args['bans'][0]['board']) ? $args['bans'][0]['board'] : false;

From 75714505a0f04b014c9e37dbfaf9939e11037e5f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 30 Jun 2024 16:48:22 +0200
Subject: [PATCH 194/336] config.php: add auto_maintenance configuration option

---
 inc/config.php    | 5 +++++
 inc/functions.php | 2 +-
 inc/mod/pages.php | 4 ++--
 post.php          | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index c2c25da2..880de88b 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -92,6 +92,11 @@
 	// to the environment path (seperated by :).
 	$config['shell_path'] = '/usr/local/bin';
 
+	// Automatically execute some maintenance tasks when some pages are opened, which may result in higher
+	// latencies.
+	// If set to false, ensure to periodically invoke the tools/maintenance.php script.
+	$config['auto_maintenance'] = true;
+
 /*
  * ====================
  *  Database settings
diff --git a/inc/functions.php b/inc/functions.php
index 908aff59..31e5dfac 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -876,7 +876,7 @@ function checkBan($board = false) {
 	}
 
 	foreach ($ips as $ip) {
-		$bans = Bans::find($ip, $board, $config['show_modname'], null, true);
+		$bans = Bans::find($ip, $board, $config['show_modname'], null, $config['auto_maintenance']);
 
 		foreach ($bans as &$ban) {
 			if ($ban['expires'] && $ban['expires'] < time()) {
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 7483a27d..826e7c6f 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -897,7 +897,7 @@ function mod_page_ip($cip) {
 	$args['token'] = make_secure_link_token('ban');
 
 	if (hasPermission($config['mod']['view_ban'])) {
-		$args['bans'] = Bans::find($ip, false, true, null, true);
+		$args['bans'] = Bans::find($ip, false, true, null, $config['auto_maintenance']);
 	}
 
 	if (hasPermission($config['mod']['view_notes'])) {
@@ -927,7 +927,7 @@ function mod_edit_ban($ban_id) {
 	if (!hasPermission($config['mod']['edit_ban']))
 		error($config['error']['noaccess']);
 
-	$args['bans'] = Bans::find(null, false, true, $ban_id, true);
+	$args['bans'] = Bans::find(null, false, true, $ban_id, $config['auto_maintenance']);
 	$args['ban_id'] = $ban_id;
 	$args['boards'] = listBoards();
 	$args['current_board'] = isset($args['bans'][0]['board']) ? $args['bans'][0]['board'] : false;
diff --git a/post.php b/post.php
index 9d1c1783..8eab4da2 100644
--- a/post.php
+++ b/post.php
@@ -1439,7 +1439,7 @@ if (isset($_POST['delete'])) {
 
 	$ban_id = (int)$_POST['ban_id'];
 
-	$ban = Bans::findSingle($_SERVER['REMOTE_ADDR'], $ban_id, $config['require_ban_view'], true);
+	$ban = Bans::findSingle($_SERVER['REMOTE_ADDR'], $ban_id, $config['require_ban_view'], $config['auto_maintenance']);
 
 	if (empty($ban)) {
 		error($config['error']['noban']);

From cbaf19cb7a4294a2c983b5407080dcd2a9845aca Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 30 Jun 2024 17:01:53 +0200
Subject: [PATCH 195/336] bans.php: make the purge configurable

---
 inc/bans.php      | 17 ++++++++++++++---
 inc/functions.php |  2 +-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index ee0d086d..a8f9118d 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -342,9 +342,20 @@ class Bans {
                 rebuildThemes('bans');
 	}
 
-	static public function purge() {
-		$query = query("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < " . time() . " AND `seen` = 1") or error(db_error());
-		rebuildThemes('bans');
+	static public function purge($require_seen) {
+		if ($require_seen) {
+			$query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < :curr_time AND `seen` = 1");
+		} else {
+			$query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < :curr_time");
+		}
+		$query->bindValue(':curr_time', time());
+		$query->execute() or error(db_error($query));
+
+		$affected = $query->rowCount();
+		if ($affected > 0) {
+			rebuildThemes('bans');
+		}
+		return $affected;
 	}
 
 	static public function delete($ban_id, $modlog = false, $boards = false, $dont_rebuild = false) {
diff --git a/inc/functions.php b/inc/functions.php
index 31e5dfac..369242cb 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -907,7 +907,7 @@ function checkBan($board = false) {
 			return;
 	}
 
-	Bans::purge();
+	Bans::purge($config['require_ban_view']);
 
 	if ($config['cache']['enabled'])
 		cache::set('purged_bans_last', time());

From accca93084f004e8782aa0503c777b89809ad4c8 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 30 Jun 2024 17:02:21 +0200
Subject: [PATCH 196/336] Add maintenance.php to the tools

---
 tools/maintenance.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 tools/maintenance.php

diff --git a/tools/maintenance.php b/tools/maintenance.php
new file mode 100644
index 00000000..14de7a94
--- /dev/null
+++ b/tools/maintenance.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Performs maintenance tasks. Invoke this periodically if the auto_maintenance configuration option is turned off.
+ */
+
+require dirname(__FILE__) . '/inc/cli.php';
+
+echo "Clearing expired bans...";
+$start = microtime(true);
+$deleted_count = Bans::purge($config['require_ban_view']);
+$delta = microtime(true) - $start;
+echo "Deleted $deleted_count expired bans in $delta seconds!";
+modLog('Deleted expired bans using tools/maintenance.php');

From 2298d4433f34f0c11099823cee5f3c6792dc9f51 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 1 Jul 2024 21:45:46 +0200
Subject: [PATCH 197/336] bans.php: use modify inplace

---
 inc/bans.php | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index a8f9118d..528f8646 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -140,16 +140,12 @@ class Bans {
 		$query->bindValue(':curr_time', time());
 		$query->execute() or error(db_error($query));
 
-		$ban_list = [];
-
-		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
+		$ban_list = $query->fetchAll(PDO::FETCH_ASSOC);
+		array_walk($ban_list, function (&$ban, $_index) {
 			if ($ban['post']) {
 				$ban['post'] = json_decode($ban['post'], true);
 			}
-			$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
-			$ban_list[] = $ban;
-		}
-
+		});
 		return $ban_list;
 	}
 

From 82b8eb1e74bdede16f3ba7e2b35a1795ccb14867 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 1 Jul 2024 21:52:03 +0200
Subject: [PATCH 198/336] bans.php: group deletion policy

---
 inc/bans.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index 528f8646..bc65ab8f 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -4,6 +4,10 @@ use Vichan\Functions\Format;
 use Lifo\IP\CIDR;
 
 class Bans {
+	static private function shouldDelete(array $ban, bool $require_ban_view) {
+		return $ban['expires'] && ($ban['seen'] || !$require_ban_view) && $ban['expires'] < time();
+	}
+
 	static private function deleteBans(array $ban_ids) {
 		$len = count($ban_ids);
 		if ($len === 1) {
@@ -50,7 +54,7 @@ class Bans {
 		$to_delete_list = [];
 
 		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
-			if ($ban['expires'] && ($ban['seen'] || !$require_ban_view) && $ban['expires'] < time()) {
+			if (self::shouldDelete($ban, $require_ban_view)) {
 				$to_delete_list[] = $ban['id'];
 			} elseif ($ban['id'] === $ban_id) {
 				if ($ban['post']) {
@@ -106,7 +110,7 @@ class Bans {
 		$to_delete_list = [];
 
 		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
-			if ($ban['expires'] && ($ban['seen'] || !$require_ban_view) && $ban['expires'] < time()) {
+			if (self::shouldDelete($ban, $require_ban_view)) {
 				$to_delete_list[] = $ban['id'];
 			} else {
 				if ($ban['post']) {

From cc5e96eb9d5344fe8e8f366dddcf00f50ccb678f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 1 Jul 2024 21:56:35 +0200
Subject: [PATCH 199/336] bans.php: use modern array syntax

---
 inc/bans.php | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index bc65ab8f..0e462a7b 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -60,7 +60,7 @@ class Bans {
 				if ($ban['post']) {
 					$ban['post'] = json_decode($ban['post'], true);
 				}
-				$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
+				$ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
 				$found_ban = $ban;
 			}
 		}
@@ -116,7 +116,7 @@ class Bans {
 				if ($ban['post']) {
 					$ban['post'] = json_decode($ban['post'], true);
 				}
-				$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
+				$ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
 				$ban_list[] = $ban;
 			}
 		}
@@ -176,7 +176,7 @@ class Bans {
 		$cidr = new CIDR($mask);
 		$range = $cidr->getRange();
 
-		return array(inet_pton($range[0]), inet_pton($range[1]));
+		return [ inet_pton($range[0]), inet_pton($range[1]) ];
 	}
 
 	public static function parse_time($str) {
@@ -260,7 +260,7 @@ class Bans {
 				return false;
 		}
 
-		return array($ipstart, $ipend);
+		return [$ipstart, $ipend];
 	}
 
 	static public function findSingle(string $ip, int $ban_id, bool $require_ban_view, bool $auto_gc): array|null {
@@ -294,8 +294,7 @@ class Bans {
 		$end = end($bans);
 
 		foreach ($bans as &$ban) {
-			$uncloaked_mask = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
-			$ban['mask'] = cloak_mask($uncloaked_mask);
+			$ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
 
 			if ($ban['post']) {
 				$post = json_decode($ban['post']);
@@ -373,8 +372,7 @@ class Bans {
 			if ($boards !== false && !in_array($ban['board'], $boards))
 		                error($config['error']['noaccess']);
 
-			$mask = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
-			$cloaked_mask = cloak_mask($mask);
+			$mask = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
 
 			modLog("Removed ban #{$ban_id} for " .
 				(filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/$cloaked_mask\">$cloaked_mask</a>" : $cloaked_mask));

From e5bbdb9d2839e7fa8c10d812c2436db4d9a59fad Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 8 Jul 2024 23:58:54 +0200
Subject: [PATCH 200/336] functions.php: make automated antispam puring
 optional

---
 inc/functions.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/inc/functions.php b/inc/functions.php
index 369242cb..17b11723 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1612,13 +1612,19 @@ function checkMute() {
 	}
 }
 
+function purge_old_antispam() {
+	$query = prepare('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()');
+	$query->execute() or error(db_error());
+	return $query->rowCount();
+}
+
 function _create_antibot($board, $thread) {
 	global $config, $purged_old_antispam;
 
 	$antibot = new AntiBot([$board, $thread]);
 
 	// Delete old expired antispam, skipping those with NULL expiration timestamps (infinite lifetime).
-	if (!isset($purged_old_antispam)) {
+	if (!isset($purged_old_antispam) && $config['auto_maintenance']) {
 		$purged_old_antispam = true;
 		query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
 	}

From 4d97e69620fa1e37e33d08cb0b9eff046620b62f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 8 Jul 2024 23:59:17 +0200
Subject: [PATCH 201/336] maintenance.php: add purging antispam to the tool

---
 tools/maintenance.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tools/maintenance.php b/tools/maintenance.php
index 14de7a94..cdc1089d 100644
--- a/tools/maintenance.php
+++ b/tools/maintenance.php
@@ -10,4 +10,11 @@ $start = microtime(true);
 $deleted_count = Bans::purge($config['require_ban_view']);
 $delta = microtime(true) - $start;
 echo "Deleted $deleted_count expired bans in $delta seconds!";
-modLog('Deleted expired bans using tools/maintenance.php');
+modLog("Deleted expired bans in {$delta}s with tools/maintenance.php");
+
+echo "Clearing old antispam...";
+$start = microtime(true);
+$deleted_count = purge_old_antispam();
+$delta = microtime(true) - $start;
+echo "Deleted $deleted_count expired antispam in $delta seconds!";
+modLog("Deleted expired antispam in {$delta}s with tools/maintenance.php");

From c057c6df298292934cde1c7e1bcacdf07ee918b2 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 11 Jul 2024 22:07:36 +0200
Subject: [PATCH 202/336] functions.php: skip ban deletion on auto_maintenance
 disabled

---
 inc/functions.php | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/inc/functions.php b/inc/functions.php
index 17b11723..386f7b38 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -880,7 +880,9 @@ function checkBan($board = false) {
 
 		foreach ($bans as &$ban) {
 			if ($ban['expires'] && $ban['expires'] < time()) {
-				Bans::delete($ban['id']);
+				if ($config['auto_maintenance']) {
+					Bans::delete($ban['id']);
+				}
 				if ($config['require_ban_view'] && !$ban['seen']) {
 					if (!isset($_POST['json_response'])) {
 						displayBan($ban);
@@ -900,17 +902,20 @@ function checkBan($board = false) {
 		}
 	}
 
-	// I'm not sure where else to put this. It doesn't really matter where; it just needs to be called every
-	// now and then to keep the ban list tidy.
-	if ($config['cache']['enabled'] && $last_time_purged = cache::get('purged_bans_last')) {
-		if (time() - $last_time_purged < $config['purge_bans'] )
-			return;
+	if ($config['auto_maintenance']) {
+		// I'm not sure where else to put this. It doesn't really matter where; it just needs to be called every
+		// now and then to keep the ban list tidy.
+		if ($config['cache']['enabled']) {
+			$last_time_purged = cache::get('purged_bans_last');
+			if ($last_time_purged !== false && time() - $last_time_purged > $config['purge_bans']) {
+				Bans::purge($config['require_ban_view']);
+				cache::set('purged_bans_last', time());
+			}
+		} else {
+			// Purge every time.
+			Bans::purge($config['require_ban_view']);
+		}
 	}
-
-	Bans::purge($config['require_ban_view']);
-
-	if ($config['cache']['enabled'])
-		cache::set('purged_bans_last', time());
 }
 
 function threadLocked($id) {

From ede7591702e0237ce476ae9ecce1424662ee840c Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 11 Jul 2024 22:48:19 +0200
Subject: [PATCH 203/336] bans.php: refactor to expose the moratorium on ban
 deletion from the database. Also fixes the 'purge_bans' configuration for
 non-cache deployments.

---
 inc/bans.php          | 7 ++++---
 inc/config.php        | 3 +--
 inc/functions.php     | 4 ++--
 tools/maintenance.php | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index 0e462a7b..8566eb04 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -341,12 +341,13 @@ class Bans {
                 rebuildThemes('bans');
 	}
 
-	static public function purge($require_seen) {
+	static public function purge($require_seen, $moratorium) {
 		if ($require_seen) {
-			$query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < :curr_time AND `seen` = 1");
+			$query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` + :moratorium < :curr_time AND `seen` = 1");
 		} else {
-			$query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < :curr_time");
+			$query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` + :moratorium < :curr_time");
 		}
+		$query->bindValue(':moratorium', $moratorium);
 		$query->bindValue(':curr_time', time());
 		$query->execute() or error(db_error($query));
 
diff --git a/inc/config.php b/inc/config.php
index 880de88b..7828be88 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1569,8 +1569,7 @@
 	// Enable the moving of single replies
 	$config['move_replies'] = false;
 
-	// How often (minimum) to purge the ban list of expired bans (which have been seen). Only works when
-	//  $config['cache'] is enabled and working.
+	// How often (minimum) to purge the ban list of expired bans (which have been seen).
 	$config['purge_bans'] = 60 * 60 * 12; // 12 hours
 
 	// Do DNS lookups on IP addresses to get their hostname for the moderator IP pages (?/IP/x.x.x.x).
diff --git a/inc/functions.php b/inc/functions.php
index 386f7b38..2cb97c50 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -908,12 +908,12 @@ function checkBan($board = false) {
 		if ($config['cache']['enabled']) {
 			$last_time_purged = cache::get('purged_bans_last');
 			if ($last_time_purged !== false && time() - $last_time_purged > $config['purge_bans']) {
-				Bans::purge($config['require_ban_view']);
+				Bans::purge($config['require_ban_view'], $config['purge_bans']);
 				cache::set('purged_bans_last', time());
 			}
 		} else {
 			// Purge every time.
-			Bans::purge($config['require_ban_view']);
+			Bans::purge($config['require_ban_view'], $config['purge_bans']);
 		}
 	}
 }
diff --git a/tools/maintenance.php b/tools/maintenance.php
index cdc1089d..3db3ea98 100644
--- a/tools/maintenance.php
+++ b/tools/maintenance.php
@@ -7,7 +7,7 @@ require dirname(__FILE__) . '/inc/cli.php';
 
 echo "Clearing expired bans...";
 $start = microtime(true);
-$deleted_count = Bans::purge($config['require_ban_view']);
+$deleted_count = Bans::purge($config['require_ban_view'], $config['purge_bans']);
 $delta = microtime(true) - $start;
 echo "Deleted $deleted_count expired bans in $delta seconds!";
 modLog("Deleted expired bans in {$delta}s with tools/maintenance.php");

From c4e3541b1500d27617361d34fb684cbedce707ab Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 11 Jul 2024 22:52:18 +0200
Subject: [PATCH 204/336] config.php: purge_bans configuration into the proper
 section

---
 inc/config.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 7828be88..7b8b1895 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -752,6 +752,9 @@
 	//);
 	$config['premade_ban_reasons'] = false;
 
+	// How often (minimum) to purge the ban list of expired bans (which have been seen).
+	$config['purge_bans'] = 60 * 60 * 12; // 12 hours
+
 	// Allow users to appeal bans through vichan.
 	$config['ban_appeals'] = false;
 
@@ -1569,9 +1572,6 @@
 	// Enable the moving of single replies
 	$config['move_replies'] = false;
 
-	// How often (minimum) to purge the ban list of expired bans (which have been seen).
-	$config['purge_bans'] = 60 * 60 * 12; // 12 hours
-
 	// Do DNS lookups on IP addresses to get their hostname for the moderator IP pages (?/IP/x.x.x.x).
 	$config['mod']['dns_lookup'] = true;
 	// How many recent posts, per board, to show in ?/IP/x.x.x.x.

From 1e0a95ce832bd68f2ba1631ba3d1827864dee812 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 12 Jul 2024 00:02:15 +0200
Subject: [PATCH 205/336] maintenance.php: fix and update logs

---
 tools/maintenance.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/tools/maintenance.php b/tools/maintenance.php
index 3db3ea98..33c0a4d4 100644
--- a/tools/maintenance.php
+++ b/tools/maintenance.php
@@ -5,16 +5,21 @@
 
 require dirname(__FILE__) . '/inc/cli.php';
 
-echo "Clearing expired bans...";
+echo "Clearing expired bans...\n";
 $start = microtime(true);
 $deleted_count = Bans::purge($config['require_ban_view'], $config['purge_bans']);
 $delta = microtime(true) - $start;
-echo "Deleted $deleted_count expired bans in $delta seconds!";
-modLog("Deleted expired bans in {$delta}s with tools/maintenance.php");
+echo "Deleted $deleted_count expired bans in $delta seconds!\n";
+$time_tot = $delta;
+$deleted_tot = $deleted_count;
 
-echo "Clearing old antispam...";
+echo "Clearing old antispam...\n";
 $start = microtime(true);
 $deleted_count = purge_old_antispam();
 $delta = microtime(true) - $start;
-echo "Deleted $deleted_count expired antispam in $delta seconds!";
-modLog("Deleted expired antispam in {$delta}s with tools/maintenance.php");
+echo "Deleted $deleted_count expired antispam in $delta seconds!\n";
+$time_tot = $delta;
+$deleted_tot = $deleted_count;
+
+$time_tot = number_format((float)$time_tot, 4, '.', '');
+modLog("Deleted $deleted_tot expired entries in {$time_tot}s with maintenance tool");

From ffe855222ecc573c622891104caa2c5fea451fe7 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 14 Jul 2024 19:13:51 +0200
Subject: [PATCH 206/336] bans.php: do not deserialize post that does not exist

---
 inc/bans.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/inc/bans.php b/inc/bans.php
index 8566eb04..8df9ae97 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -85,7 +85,9 @@ class Bans {
 		if ($query->rowCount() == 0) {
 			return null;
 		} else {
-			$ret['post'] = json_decode($ret['post'], true);
+			if ($ret['post']) {
+				$ret['post'] = json_decode($ret['post'], true);
+			}
 			return $ret;
 		}
 	}

From 7e4acbb6d2cf69e797a87dd7948adc96c3820867 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 14 Jul 2024 19:23:14 +0200
Subject: [PATCH 207/336] bans.php: FIX every IP matching to any ban that was
 going to expire eventually

---
 inc/bans.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/bans.php b/inc/bans.php
index 8df9ae97..8f396f0b 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -134,7 +134,7 @@ class Bans {
 		WHERE
 			(' . ($board !== false ? '(`board` IS NULL OR `board` = :board) AND' : '') . '
 			(`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)) OR (``bans``.id = :id))
-			AND `expires` IS NULL OR `expires` >= :curr_time
+			AND (`expires` IS NULL OR `expires` >= :curr_time)
 		ORDER BY `expires` IS NULL, `expires` DESC');
 
 		if ($board !== false) {

From 51e0616eb8beb1542e2aeb77d85f028cfb9df17c Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 14 Jul 2024 20:46:50 +0200
Subject: [PATCH 208/336] bans.php: fix forgot to extract the mask

---
 inc/bans.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/inc/bans.php b/inc/bans.php
index 8f396f0b..a0ea5c76 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -88,6 +88,8 @@ class Bans {
 			if ($ret['post']) {
 				$ret['post'] = json_decode($ret['post'], true);
 			}
+			$ret['mask'] = self::range_to_string([$ret['ipstart'], $ret['ipend']]);
+
 			return $ret;
 		}
 	}
@@ -151,6 +153,7 @@ class Bans {
 			if ($ban['post']) {
 				$ban['post'] = json_decode($ban['post'], true);
 			}
+			$ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
 		});
 		return $ban_list;
 	}

From 80be41f47aedfc328328a3e27353681d6e43e6fb Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 11 Aug 2024 14:39:41 +0200
Subject: [PATCH 209/336] config.php: make config sub-arrays more opcache
 friendly

---
 inc/config.php | 542 ++++++++++++++++++++++++++-----------------------
 1 file changed, 284 insertions(+), 258 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 7b8b1895..319bb8fd 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -68,18 +68,25 @@
 	// Deprecated, use 'log_system'.
 	$config['syslog'] = false;
 
-	$config['log_system'] = [];
-	// Log all error messages and unauthorized login attempts.
-	// Can be "syslog", "error_log" (default), "file", "stderr" or "none".
-	$config['log_system']['type'] = 'error_log';
-	// The application name used by the logging system. Defaults to "tinyboard" for backwards compatibility.
-	$config['log_system']['name'] = 'tinyboard';
-	// Only relevant if 'log_system' is set to "syslog". If true, double print the logs also in stderr.
-	// Defaults to false.
-	$config['log_system']['syslog_stderr'] = false;
-	// Only relevant if "log_system" is set to `file`. Sets the file that vichan will log to.
-	// Defaults to '/var/log/vichan.log'.
-	$config['log_system']['file_path'] = '/var/log/vichan.log';
+	$config['log_system'] = [
+		/*
+		 * Log all error messages and unauthorized login attempts.
+		 * Can be "syslog", "error_log" (default), "file", "stderr" or "none".
+		 */
+		'type' => 'error_log',
+		// The application name used by the logging system. Defaults to "tinyboard" for backwards compatibility.
+		'name' => 'tinyboard',
+		/*
+		 * Only relevant if 'log_system' is set to "syslog". If true, double print the logs also in stderr. Defaults to
+		 * false.
+		 */
+		'syslog_stderr' => false,
+		/*
+		 * Only relevant if "log_system" is set to `file`. Sets the file that vichan will log to. Defaults to
+		 * '/var/log/vichan.log'.
+		 */
+		'file_path' => '/var/log/vichan.log',
+	];
 
 	// Use `host` via shell_exec() to lookup hostnames, avoiding query timeouts. May not work on your system.
 	// Requires safe_mode to be disabled.
@@ -885,12 +892,14 @@
 	$config['ie_mime_type_detection'] = '/<(?:body|head|html|img|plaintext|pre|script|table|title|a href|channel|scriptlet)/i';
 
 	// Allowed image file extensions.
-	$config['allowed_ext'][] = 'jpg';
-	$config['allowed_ext'][] = 'jpeg';
-	$config['allowed_ext'][] = 'bmp';
-	$config['allowed_ext'][] = 'gif';
-	$config['allowed_ext'][] = 'png';
-	$config['allowed_ext'][] = 'webp';
+	$config['allowed_ext'] = [
+		'jpg',
+		'jpeg',
+		'bmp',
+		'gif',
+		'png',
+		'webp'
+	];
 	// $config['allowed_ext'][] = 'svg';
 
 	// Allowed extensions for OP. Inherits from the above setting if set to false. Otherwise, it overrides both allowed_ext and
@@ -908,10 +917,12 @@
 	// };
 
 	// Thumbnail to use for the non-image file uploads.
-	$config['file_icons']['default'] = 'file.png';
-	$config['file_icons']['zip'] = 'zip.png';
-	$config['file_icons']['webm'] = 'video.png';
-	$config['file_icons']['mp4'] = 'video.png';
+	$config['file_icons'] = [
+		'default' => 'file.png',
+		'zip' => 'zip.png',
+		'webm' => 'video.png',
+		'mp4' => 'video.png'
+	];
 	// Example: Custom thumbnail for certain file extension.
 	// $config['file_icons']['extension'] = 'some_file.png';
 
@@ -943,11 +954,13 @@
 	$config['show_filename'] = true;
 
 	// WebM Settings
-	$config['webm']['use_ffmpeg'] = false;
-	$config['webm']['allow_audio'] = false;
-	$config['webm']['max_length'] = 120;
-	$config['webm']['ffmpeg_path'] = 'ffmpeg';
-	$config['webm']['ffprobe_path'] = 'ffprobe';
+	$config['webm'] = [
+		'use_ffmpeg' => false,
+		'allow_audio' => false,
+		'max_length' => 120,
+		'ffmpeg_path' => 'ffmpeg',
+		'ffprobe_path' => 'ffprobe'
+	];
 
 	// Display image identification links for ImgOps, regex.info/exif, Google Images and iqdb.
 	$config['image_identification'] = false;
@@ -1056,8 +1069,11 @@
 
 	// Custom stylesheets available for the user to choose. See the "stylesheets/" folder for a list of
 	// available stylesheets (or create your own).
-	$config['stylesheets']['Yotsuba B'] = ''; // Default; there is no additional/custom stylesheet for this.
-	$config['stylesheets']['Yotsuba'] = 'yotsuba.css';
+	$config['stylesheets'] = [
+		// Default; there is no additional/custom stylesheet for this.
+		'Yotsuba B' => '',
+		'Yotsuba' => 'yotsuba.css'
+	];
 	// $config['stylesheets']['Futaba'] = 'futaba.css';
 	// $config['stylesheets']['Dark'] = 'dark.css';
 
@@ -1187,28 +1203,28 @@
 	// Custom embedding (YouTube, vimeo, etc.)
 	// It's very important that you match the entire input (with ^ and $) or things will not work correctly.
 	// Be careful when creating a new embed, because depending on the URL you end up exposing yourself to an XSS.
-	$config['embedding'] = array(
-		array(
+	$config['embedding'] = [
+		[
 			'/^https?:\/\/(\w+\.)?youtube\.com\/watch\?v=([a-zA-Z0-9\-_]{10,11})?$/i',
 			'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0" id="ytplayer" src="https://www.youtube.com/embed/$2"></iframe>'
-		),
-		array(
+		],
+		[
 			'/^https?:\/\/(\w+\.)?vimeo\.com\/(\d{2,10})(\?.+)?$/i',
 			'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0" src="https://player.vimeo.com/video/$2"></iframe>'
-		),
-		array(
+		],
+		[
 			'/^https?:\/\/(\w+\.)?dailymotion\.com\/video\/([a-zA-Z0-9]{2,10})(_.+)?$/i',
 			'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0" src="https://www.dailymotion.com/embed/video/$2" allowfullscreen></iframe>'
-		),
-		array(
+		],
+		[
 			'/^https?:\/\/(\w+\.)?metacafe\.com\/watch\/(\d+)\/([a-zA-Z0-9_\-.]+)\/(\?[^\'"<>]+)?$/i',
 			'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0"  src="https://www.metacafe.com/embed/$2/$3/" allowfullscreen></iframe>'
-		),
-		array(
-                        '/^https?:\/\/(\w+\.)?vocaroo\.com\/([a-zA-Z0-9]{2,12})$/i',
-                        '<iframe style="float: left; margin: 10px 20px;" width="300" height="60" frameborder="0" src="https://vocaroo.com/embed/$2"></iframe>'
-		)
-	);
+		],
+		[
+			'/^https?:\/\/(\w+\.)?vocaroo\.com\/([a-zA-Z0-9]{2,12})$/i',
+			'<iframe style="float: left; margin: 10px 20px;" width="300" height="60" frameborder="0" src="https://vocaroo.com/embed/$2"></iframe>'
+		]
+	];
 
 	// Embedding width and height.
 	$config['embed_width'] = 300;
@@ -1220,86 +1236,86 @@
  * ====================
  */
 
-	// Error messages
-	$config['error']['bot']			= _('You look like a bot.');
-	$config['error']['referer']		= _('Your browser sent an invalid or no HTTP referer.');
-	$config['error']['toolong']		= _('The %s field was too long.');
-	$config['error']['toolong_body']	= _('The body was too long.');
-	$config['error']['tooshort_body']	= _('The body was too short or empty.');
-	$config['error']['toomanylines']	= _('Your post contains too many lines!');
-	$config['error']['noimage']		= _('You must upload an image.');
-	$config['error']['toomanyimages'] = _('You have attempted to upload too many images!');
-	$config['error']['nomove']		= _('The server failed to handle your upload.');
-	$config['error']['fileext']		= _('Unsupported image format.');
-	$config['error']['noboard']		= _('Invalid board!');
-	$config['error']['nonexistant']		= _('Thread specified does not exist.');
-	$config['error']['nopost']		= _('Post specified does not exist.');
-	$config['error']['locked']		= _('Thread locked. You may not reply at this time.');
-	$config['error']['reply_hard_limit']	= _('Thread has reached its maximum reply limit.');
-	$config['error']['image_hard_limit']	= _('Thread has reached its maximum image limit.');
-	$config['error']['nopost']		= _('You didn\'t make a post.');
-	$config['error']['flood']		= _('Flood detected; Post discarded.');
-	$config['error']['too_many_threads']	= _('The hourly thread limit has been reached. Please post in an existing thread.');
-	$config['error']['spam']		= _('Your request looks automated; Post discarded.');
-	$config['error']['simple_spam']		= _('You must answer the question to make a new thread. See the last field.');
-	$config['error']['unoriginal']		= _('Unoriginal content!');
-	$config['error']['muted']		= _('Unoriginal content! You have been muted for %d seconds.');
-	$config['error']['youaremuted']		= _('You are muted! Expires in %d seconds.');
-	$config['error']['dnsbl']		= _('Your IP address is listed in %s.');
-	$config['error']['toomanylinks']	= _('Too many links; flood detected.');
-	$config['error']['toomanycites']	= _('Too many cites; post discarded.');
-	$config['error']['toomanycross']	= _('Too many cross-board links; post discarded.');
-	$config['error']['nodelete']		= _('You didn\'t select anything to delete.');
-	$config['error']['noreport']		= _('You didn\'t select anything to report.');
-	$config['error']['toolongreport']	= _('The reason was too long.');
-	$config['error']['toomanyreports']	= _('You can\'t report that many posts at once.');
-	$config['error']['noban']			= _('That ban doesn\'t exist or is not for you.');
-	$config['error']['tooshortban']		= _('You cannot appeal a ban of this length.');
-	$config['error']['toolongappeal']	= _('The appeal was too long.');
-	$config['error']['toomanyappeals']	= _('You cannot appeal this ban again.');
-	$config['error']['pendingappeal']	= _('There is already a pending appeal for this ban.');
-	$config['error']['invalidpassword']	= _('Wrong password…');
-	$config['error']['invalidimg']		= _('Invalid image.');
-	$config['error']['phpfileserror']	= _('Upload failure (file #%index%): Error code %code%. Refer to <a href="http://php.net/manual/en/features.file-upload.errors.php">http://php.net/manual/en/features.file-upload.errors.php</a>; post discarded.');
-	$config['error']['unknownext']		= _('Unknown file extension.');
-	$config['error']['filesize']		= _('Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes');
-	$config['error']['maxsize']		= _('The file was too big.');
-	$config['error']['genwebmerror']	= _('There was a problem processing your webm.');
-	$config['error']['webmerror'] 		= _('There was a problem processing your webm.');//Is this error used anywhere ?
-	$config['error']['invalidwebm'] 	= _('Invalid webm uploaded.');
-	$config['error']['webmhasaudio'] 	= _('The uploaded webm contains an audio or another type of additional stream.');
-	$config['error']['webmtoolong']		=_('The uploaded webm is longer than %d seconds.');
-	$config['error']['fileexists']		= _('That file <a href="%s">already exists</a>!');
-	$config['error']['fileexistsinthread']	= _('That file <a href="%s">already exists</a> in this thread!');
-	$config['error']['delete_too_soon']	= _('You\'ll have to wait another %s before deleting that.');
-	$config['error']['delete_too_late']	= _('You cannot delete a post this old.');
-	$config['error']['mime_exploit']	= _('MIME type detection XSS exploit (IE) detected; post discarded.');
-	$config['error']['invalid_embed']	= _('Couldn\'t make sense of the URL of the video you tried to embed.');
-	$config['error']['captcha']		= _('You seem to have mistyped the verification.');
-	$config['error']['flag_undefined']	= _('The flag %s is undefined, your PHP version is too old!');
-	$config['error']['flag_wrongtype']	= _('defined_flags_accumulate(): The flag %s is of the wrong type!');
-	$config['error']['remote_io_error']	= _('IO error while interacting with a remote service.');
-	$config['error']['local_io_error']	= _('IO error while interacting with a local resource or service.');
+	$config['error'] = [
+		// General error messages
+		'bot' 					=> _('You look like a bot.'),
+		'referer'				=> _('Your browser sent an invalid or no HTTP referer.'),
+		'toolong'				=> _('The %s field was too long.'),
+		'toolong_body'			=> _('The body was too long.'),
+		'tooshort_body'			=> _('The body was too short or empty.'),
+		'toomanylines'			=> _('Your post contains too many lines!'),
+		'noimage'				=> _('You must upload an image.'),
+		'toomanyimages' 		=> _('You have attempted to upload too many images!'),
+		'nomove'				=> _('The server failed to handle your upload.'),
+		'fileext'				=> _('Unsupported image format.'),
+		'noboard'				=> _('Invalid board!'),
+		'nonexistant'			=> _('Thread specified does not exist.'),
+		'nopost'				=> _('Post specified does not exist.'),
+		'locked'				=> _('Thread locked. You may not reply at this time.'),
+		'reply_hard_limit'		=> _('Thread has reached its maximum reply limit.'),
+		'image_hard_limit'		=> _('Thread has reached its maximum image limit.'),
+		'nopost'				=> _('You didn\'t make a post.'),
+		'flood'					=> _('Flood detected; Post discarded.'),
+		'too_many_threads'		=> _('The hourly thread limit has been reached. Please post in an existing thread.'),
+		'spam'					=> _('Your request looks automated; Post discarded.'),
+		'simple_spam'			=> _('You must answer the question to make a new thread. See the last field.'),
+		'unoriginal'			=> _('Unoriginal content!'),
+		'muted'					=> _('Unoriginal content! You have been muted for %d seconds.'),
+		'youaremuted'			=> _('You are muted! Expires in %d seconds.'),
+		'dnsbl'					=> _('Your IP address is listed in %s.'),
+		'toomanylinks'			=> _('Too many links; flood detected.'),
+		'toomanycites'			=> _('Too many cites; post discarded.'),
+		'toomanycross'			=> _('Too many cross-board links; post discarded.'),
+		'nodelete'				=> _('You didn\'t select anything to delete.'),
+		'noreport'				=> _('You didn\'t select anything to report.'),
+		'toolongreport'			=> _('The reason was too long.'),
+		'toomanyreports'		=> _('You can\'t report that many posts at once.'),
+		'noban'					=> _('That ban doesn\'t exist or is not for you.'),
+		'tooshortban'			=> _('You cannot appeal a ban of this length.'),
+		'toolongappeal'			=> _('The appeal was too long.'),
+		'toomanyappeals'		=> _('You cannot appeal this ban again.'),
+		'pendingappeal'			=> _('There is already a pending appeal for this ban.'),
+		'invalidpassword'		=> _('Wrong password…'),
+		'invalidimg'			=> _('Invalid image.'),
+		'phpfileserror'			=> _('Upload failure (file #%index%): Error code %code%. Refer to <a href=>"http://php.net/manual/en/features.file-upload.errors.php">http://php.net/manual/en/features.file-upload.errors.php</a>; post discarded.'),
+		'unknownext'			=> _('Unknown file extension.'),
+		'filesize'				=> _('Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes'),
+		'maxsize'				=> _('The file was too big.'),
+		'genwebmerror'			=> _('There was a problem processing your webm.'),
+		'invalidwebm' 			=> _('Invalid webm uploaded.'),
+		'webmhasaudio' 			=> _('The uploaded webm contains an audio or another type of additional stream.'),
+		'webmtoolong'			=>_('The uploaded webm is longer than %d seconds.'),
+		'fileexists'			=> _('That file <a href=>"%s">already exists</a>!'),
+		'fileexistsinthread'	=> _('That file <a href=>"%s">already exists</a> in this thread!'),
+		'delete_too_soon'		=> _('You\'ll have to wait another %s before deleting that.'),
+		'delete_too_late'		=> _('You cannot delete a post this old.'),
+		'mime_exploit'			=> _('MIME type detection XSS exploit (IE) detected; post discarded.'),
+		'invalid_embed'			=> _('Couldn\'t make sense of the URL of the video you tried to embed.'),
+		'captcha'				=> _('You seem to have mistyped the verification.'),
+		'flag_undefined'		=> _('The flag %s is undefined, your PHP version is too old!'),
+		'flag_wrongtype'		=> _('defined_flags_accumulate(): The flag %s is of the wrong type!'),
+		'remote_io_error'		=> _('IO error while interacting with a remote service.'),
+		'local_io_error'		=> _('IO error while interacting with a local resource or service.'),
 
-
-	// Moderator errors
-	$config['error']['toomanyunban']	= _('You are only allowed to unban %s users at a time. You tried to unban %u users.');
-	$config['error']['invalid']		= _('Invalid username and/or password.');
-	$config['error']['insecure']		= _('Login on insecure connections is disabled.');
-	$config['error']['notamod']		= _('You are not a mod…');
-	$config['error']['invalidafter']	= _('Invalid username and/or password. Your user may have been deleted or changed.');
-	$config['error']['malformed']		= _('Invalid/malformed cookies.');
-	$config['error']['missedafield']	= _('Your browser didn\'t submit an input when it should have.');
-	$config['error']['required']		= _('The %s field is required.');
-	$config['error']['invalidfield']	= _('The %s field was invalid.');
-	$config['error']['boardexists']		= _('There is already a %s board.');
-	$config['error']['noaccess']		= _('You don\'t have permission to do that.');
-	$config['error']['invalidpost']		= _('That post doesn\'t exist…');
-	$config['error']['404']			= _('Page not found.');
-	$config['error']['modexists']		= _('That mod <a href="?/users/%d">already exists</a>!');
-	$config['error']['invalidtheme']	= _('That theme doesn\'t exist!');
-	$config['error']['csrf']		= _('Invalid security token! Please go back and try again.');
-	$config['error']['badsyntax']		= _('Your code contained PHP syntax errors. Please go back and correct them. PHP says: ');
+		// Moderator errors
+		'toomanyunban'	=> _('You are only allowed to unban %s users at a time. You tried to unban %u users.'),
+		'invalid'		=> _('Invalid username and/or password.'),
+		'insecure'		=> _('Login on insecure connections is disabled.'),
+		'notamod'		=> _('You are not a mod…'),
+		'invalidafter'	=> _('Invalid username and/or password. Your user may have been deleted or changed.'),
+		'malformed'		=> _('Invalid/malformed cookies.'),
+		'missedafield'	=> _('Your browser didn\'t submit an input when it should have.'),
+		'required'		=> _('The %s field is required.'),
+		'invalidfield'	=> _('The %s field was invalid.'),
+		'boardexists'	=> _('There is already a %s board.'),
+		'noaccess'		=> _('You don\'t have permission to do that.'),
+		'invalidpost'	=> _('That post doesn\'t exist…'),
+		'404'			=> _('Page not found.'),
+		'modexists'		=> _('That mod <a href="?/users/%d">already exists</a>!'),
+		'invalidtheme'	=> _('That theme doesn\'t exist!'),
+		'csrf'			=> _('Invalid security token! Please go back and try again.'),
+		'badsyntax'		=> _('Your code contained PHP syntax errors. Please go back and correct them. PHP says: ')
+	];
 
 /*
  * =========================
@@ -1321,8 +1337,8 @@
 
 	// The scheme and domain. This is used to get the site's absolute URL (eg. for image identification links).
 	// If you use the CLI tools, it would be wise to override this setting.
-	$config['domain'] = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 'https://' : 'http://';
-	$config['domain'] .= isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost';
+	$config['domain'] = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') ? 'https://' : 'http://')
+		 . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : 'localhost');
 
 	// If for some reason the folders and static HTML index files aren't in the current working direcotry,
 	// enter the directory path here. Otherwise, keep it false.
@@ -1402,22 +1418,26 @@
 	// Board directory, followed by a forward-slash (/).
 	$config['board_path'] = '%s/';
 	// Misc directories.
-	$config['dir']['img'] = 'src/';
-	$config['dir']['thumb'] = 'thumb/';
-	$config['dir']['res'] = 'res/';
+	$config['dir'] = [
+		'img' => 'src/',
+		'thumb' => 'thumb/',
+		'res' => 'res/'
+	];
 
 	// For load balancing, having a seperate server (and domain/subdomain) for serving static content is
 	// possible. This can either be a directory or a URL. Defaults to $config['root'] . 'static/'.
 	// $config['dir']['static'] = 'http://static.example.org/';
 
-	// Where to store the .html templates. This folder and the template files must exist.
-	$config['dir']['template'] = getcwd() . '/templates';
-	// Location of vichan "themes".
-	$config['dir']['themes'] = getcwd() . '/templates/themes';
-	// Same as above, but a URI (accessable by web interface).
-	$config['dir']['themes_uri'] = 'templates/themes';
-	// Home directory. Used by themes.
-	$config['dir']['home'] = '';
+	$config['dir'] = [
+		// Where to store the .html templates. This folder and the template files must exist.
+		'template' => getcwd() . '/templates',
+		// Location of vichan "themes".
+		'themes' => getcwd() . '/templates/themes',
+		// Same as above, but a URI (accessable by web interface).
+		'themes_uri' => 'templates/themes',
+		// Home directory. Used by themes.
+		'home' => ''
+	];
 
 	// Location of a blank 1x1 gif file. Only used when country_flags_condensed is enabled
 	// $config['image_blank'] = 'static/blank.gif';
@@ -1490,13 +1510,19 @@
 	// 5. enable smart_build_helper (see below)
 	// 6. edit the strategies (see inc/functions.php for the builtin ones). You can use lambdas. I will test
 	//    various ones and include one that works best for me.
-	$config['generation_strategies'] = array();
-	// Add a sane strategy. It forces to immediately generate a page user is about to land on. Otherwise,
-	// it has no opinion, so it needs a fallback strategy.
-	$config['generation_strategies'][] = 'strategy_sane';
-	// Add an immediate catch-all strategy. This is the default function of imageboards: generate all pages
-	// on post time.
-	$config['generation_strategies'][] = 'strategy_immediate';
+	$config['generation_strategies'] = [
+		/*
+		 * Add a sane strategy. It forces to immediately generate a page user is about to land on. Otherwise,
+		 * it has no opinion, so it needs a fallback strategy.
+		 */
+		'strategy_sane',
+		/*
+		 * Add an immediate catch-all strategy. This is the default function of imageboards: generate all pages
+		 * on post time.
+		 */
+		'strategy_immediate',
+	];
+
 	// NOT RECOMMENDED: Instead of an all-"immediate" strategy, you can use an all-"build_on_load" one (used
 	// to be initialized using $config['smart_build']; ) for all pages instead of those to be build
 	// immediately. A rebuild done in this mode should remove all your static files
@@ -1513,7 +1539,7 @@
 	$config['page_404'] = '/404.html';
 
 	// Extra controller entrypoints. Controller is used only by smart_build and advanced build.
-	$config['controller_entrypoints'] = array();
+	$config['controller_entrypoints'] = [];
 
 /*
  * ====================
@@ -1521,33 +1547,33 @@
  * ====================
  */
 
-	// Limit how many bans can be removed via the ban list. Set to false (or zero) for no limit.
-	$config['mod']['unban_limit'] = false;
-
-	// Whether or not to lock moderator sessions to IP addresses. This makes cookie theft ineffective.
-	$config['mod']['lock_ip'] = true;
-
-	// The page that is first shown when a moderator logs in. Defaults to the dashboard (?/).
-	$config['mod']['default'] = '/';
-
 	// Mod links (full HTML).
-	$config['mod']['link_delete'] = '[D]';
-	$config['mod']['link_ban'] = '[B]';
-	$config['mod']['link_bandelete'] = '[B&amp;D]';
-	$config['mod']['link_deletefile'] = '[F]';
-	$config['mod']['link_spoilerimage'] = '[S]';
-	$config['mod']['link_deletebyip'] = '[D+]';
-	$config['mod']['link_deletebyip_global'] = '[D++]';
-	$config['mod']['link_sticky'] = '[Sticky]';
-	$config['mod']['link_desticky'] = '[-Sticky]';
-	$config['mod']['link_lock'] = '[Lock]';
-	$config['mod']['link_unlock'] = '[-Lock]';
-	$config['mod']['link_bumplock'] = '[Sage]';
-	$config['mod']['link_bumpunlock'] = '[-Sage]';
-	$config['mod']['link_editpost'] = '[Edit]';
-	$config['mod']['link_move'] = '[Move]';
-	$config['mod']['link_cycle'] = '[Cycle]';
-	$config['mod']['link_uncycle'] = '[-Cycle]';
+	$config['mod'] = [
+		// Limit how many bans can be removed via the ban list. Set to false (or zero) for no limit.
+		'unban_limit' => false,
+		// Whether or not to lock moderator sessions to IP addresses. This makes cookie theft less effective.
+		'lock_ip' => true,
+		// The page that is first shown when a moderator logs in. Defaults to the dashboard (?/).
+		'default' => '/',
+
+		'link_delete' => '[D]',
+		'link_ban' => '[B]',
+		'link_bandelete' => '[&amp;D]',
+		'link_deletefile' => '[F]',
+		'link_spoilerimage' => '[S]',
+		'link_deletebyip' => '[D+]',
+		'link_deletebyip_global' => '[D++]',
+		'link_sticky' => '[Sticky]',
+		'link_desticky' => '[-Sticky]',
+		'link_lock' => '[Lock]',
+		'link_unlock' => '[-Lock]',
+		'link_bumplock' => '[Sage]',
+		'link_bumpunlock' => '[-Sage]',
+		'link_editpost' => '[Edit]',
+		'link_move' => '[Move]',
+		'link_cycle' => '[Cycle]',
+		'link_uncycle' => '[-Cycle]'
+	];
 
 	// Moderator capcodes.
 	$config['capcode'] = ' <span class="capcode">## %s</span>';
@@ -1572,58 +1598,59 @@
 	// Enable the moving of single replies
 	$config['move_replies'] = false;
 
-	// Do DNS lookups on IP addresses to get their hostname for the moderator IP pages (?/IP/x.x.x.x).
-	$config['mod']['dns_lookup'] = true;
-	// How many recent posts, per board, to show in ?/IP/x.x.x.x.
-	$config['mod']['ip_recentposts'] = 5;
+	$config['mod'] = [
+		// Do DNS lookups on IP addresses to get their hostname for the moderator IP pages (?/IP/x.x.x.x).
+		'dns_lookup' => true,
+		// How many recent posts, per board, to show in ?/IP/x.x.x.x.
+		'ip_recentposts' => 5,
+		// Number of posts to display on the reports page.
+		'recent_reports' => 10,
+		// Number of actions to show per page in the moderation log.
+		'modlog_page' => 350,
+		// Number of bans to show per page in the ban list.
+		'banlist_page'=> 350,
+		// Number of news entries to display per page.
+		'news_page' => 40,
+		// Number of results to display per page.
+		'search_page' => 200,
+		// Number of entries to show per page in the moderator noticeboard.
+		'noticeboard_page' => 50,
+		// Number of entries to summarize and display on the dashboard.
+		'noticeboard_dashboard' => 5,
 
-	// Number of posts to display on the reports page.
-	$config['mod']['recent_reports'] = 10;
-	// Number of actions to show per page in the moderation log.
-	$config['mod']['modlog_page'] = 350;
-	// Number of bans to show per page in the ban list.
-	$config['mod']['banlist_page'] = 350;
-	// Number of news entries to display per page.
-	$config['mod']['news_page'] = 40;
-	// Number of results to display per page.
-	$config['mod']['search_page'] = 200;
-	// Number of entries to show per page in the moderator noticeboard.
-	$config['mod']['noticeboard_page'] = 50;
-	// Number of entries to summarize and display on the dashboard.
-	$config['mod']['noticeboard_dashboard'] = 5;
+		// Check public ban message by default.
+		'check_ban_message' => false,
+		// Default public ban message. In public ban messages, %length% is replaced with "for x days" or
+		// "permanently" (with %LENGTH% being the uppercase equivalent).
+		'default_ban_message' => _('USER WAS BANNED FOR THIS POST'),
+		// $config['mod']['default_ban_message'] = 'USER WAS BANNED %LENGTH% FOR THIS POST';
+		// HTML to append to post bodies for public bans messages (where "%s" is the message).
+		'ban_message' => '<span class="public_ban">(%s)</span>',
 
-	// Check public ban message by default.
-	$config['mod']['check_ban_message'] = false;
-	// Default public ban message. In public ban messages, %length% is replaced with "for x days" or
-	// "permanently" (with %LENGTH% being the uppercase equivalent).
-	$config['mod']['default_ban_message'] = _('USER WAS BANNED FOR THIS POST');
-	// $config['mod']['default_ban_message'] = 'USER WAS BANNED %LENGTH% FOR THIS POST';
-	// HTML to append to post bodies for public bans messages (where "%s" is the message).
-	$config['mod']['ban_message'] = '<span class="public_ban">(%s)</span>';
+		// When moving a thread to another board and choosing to keep a "shadow thread", an automated post (with
+		// a capcode) will be made, linking to the new location for the thread. "%s" will be replaced with a
+		// standard cross-board post citation (>>>/board/xxx)
+		'shadow_mesage' => _('Moved to %s.'),
+		// Capcode to use when posting the above message.
+		'shadow_capcode' => 'Mod',
+		// Name to use when posting the above message. If false, $config['anonymous'] will be used.
+		'shadow_name' => false,
 
-	// When moving a thread to another board and choosing to keep a "shadow thread", an automated post (with
-	// a capcode) will be made, linking to the new location for the thread. "%s" will be replaced with a
-	// standard cross-board post citation (>>>/board/xxx)
-	$config['mod']['shadow_mesage'] = _('Moved to %s.');
-	// Capcode to use when posting the above message.
-	$config['mod']['shadow_capcode'] = 'Mod';
-	// Name to use when posting the above message. If false, $config['anonymous'] will be used.
-	$config['mod']['shadow_name'] = false;
+		// PHP time limit for ?/rebuild. A value of 0 should cause PHP to wait indefinitely.
+		'rebuild_timelimit' => 0,
 
-	// PHP time limit for ?/rebuild. A value of 0 should cause PHP to wait indefinitely.
-	$config['mod']['rebuild_timelimit'] = 0;
+		// PM snippet (for ?/inbox) length in characters.
+		'snippet_length' => 75,
 
-	// PM snippet (for ?/inbox) length in characters.
-	$config['mod']['snippet_length'] = 75;
+		// Edit raw HTML in posts by default.
+		'raw_html_default' => false,
 
-	// Edit raw HTML in posts by default.
-	$config['mod']['raw_html_default'] = false;
+		// Automatically dismiss all reports regarding a thread when it is locked.
+		'dismiss_reports_on_lock' => true,
 
-	// Automatically dismiss all reports regarding a thread when it is locked.
-	$config['mod']['dismiss_reports_on_lock'] = true;
-
-	// Replace ?/config with a simple text editor for editing inc/instance-config.php.
-	$config['mod']['config_editor_php'] = false;
+		// Replace ?/config with a simple text editor for editing inc/instance-config.php.
+		'config_editor_php' => false
+	];
 
 /*
  * ====================
@@ -1634,13 +1661,13 @@
 	// Probably best not to change this unless you are smart enough to figure out what you're doing. If you
 	// decide to change it, remember that it is impossible to redefinite/overwrite groups; you may only add
 	// new ones.
-	$config['mod']['groups'] = array(
+	$config['mod']['groups'] = [
 		10	=> 'Janitor',
 		20	=> 'Mod',
 		30	=> 'Admin',
 		// 98	=> 'God',
 		99	=> 'Disabled'
-	);
+	];
 
 	// If you add stuff to the above, you'll need to call this function immediately after.
 	define_groups();
@@ -1650,11 +1677,11 @@
 	// define_groups();
 
 	// Capcode permissions.
-	$config['mod']['capcode'] = array(
-	//	JANITOR		=> array('Janitor'),
-		MOD		=> array('Mod'),
+	$config['mod']['capcode'] = [
+		// JANITOR		=> [ 'Janitor' ],
+		MOD		=> [ 'Mod' ],
 		ADMIN		=> true
-	);
+	];
 
 	// Example: Allow mods to post with "## Moderator" as well
 	// $config['mod']['capcode'][MOD][] = 'Moderator';
@@ -1856,23 +1883,20 @@
  */
 
 	// Public post search settings
-	$config['search'] = array();
-
-	// Enable the search form
-	$config['search']['enable'] = false;
+	$config['search'] = [
+		// Enable the search form
+		'enable' => false,
+		// Maximal number of queries per IP address per minutes
+		'queries_per_minutes' => [ 15, 2 ],
+		// Global maximal number of queries per minutes
+		'queries_per_minutes_all' => [ 50, 2 ],
+		// Limit of search results
+		'search_limit' => 100,
+	];
 
 	// Enable search in the board index.
 	$config['board_search'] = false;
 
-	// Maximal number of queries per IP address per minutes
-	$config['search']['queries_per_minutes'] = Array(15, 2);
-
-	// Global maximal number of queries per minutes
-	$config['search']['queries_per_minutes_all'] = Array(50, 2);
-
-	// Limit of search results
-	$config['search']['search_limit'] = 100;
-
 	// Boards for searching
 	//$config['search']['boards'] = array('a', 'b', 'c', 'd', 'e');
 
@@ -1927,31 +1951,33 @@
  * state. Please join #nntpchan on Rizon in order to peer with someone.
  */
 
-	$config['nntpchan'] = array();
-
-	// Enable NNTPChan integration
-	$config['nntpchan']['enabled'] = false;
-
-	// NNTP server
-	$config['nntpchan']['server'] = "localhost:1119";
-
-	// Global dispatch array. Add your boards to it to enable them. Please make
-	// sure that this setting is set in a global context.
-	$config['nntpchan']['dispatch'] = array(); // 'overchan.test' => 'test'
-
-	// Trusted peer - an IP address of your NNTPChan instance. This peer will have
-	// increased capabilities, eg.: will evade spamfilter.
-	$config['nntpchan']['trusted_peer'] = '127.0.0.1';
-
-	// Salt for message ID generation. Keep it long and secure.
-	$config['nntpchan']['salt'] = 'change_me+please';
-
-	// A local message ID domain. Make sure to change it.
-	$config['nntpchan']['domain'] = 'example.vichan.net';
-
-	// An NNTPChan group name.
-	// Please set this setting in your board/config.php, not globally.
-	$config['nntpchan']['group'] = false; // eg. 'overchan.test'
+	$config['nntpchan'] = [
+		// Enable NNTPChan integration
+		'enabled'=> false,
+		// NNTP server
+		'server' => "localhost:1119",
+		/*
+		 * Global dispatch array. Add your boards to it to enable them. Please make
+		 * sure that this setting is set in a global context.
+		 */
+		'dispatch' => [
+			// 'overchan.test' => 'test'
+		],
+		/*
+		 * Trusted peer - an IP address of your NNTPChan instance. This peer will have increased capabilities, eg.: will
+		 * evade spamfilter.
+		 */
+		'trusted_peer' => '127.0.0.1',
+		// Salt for message ID generation. Keep it long and secure.
+		'salt' => 'change_me+please',
+		// A local message ID domain. Make sure to change it.
+		'domain' => 'example.vichan.net',
+		/*
+		 * An NNTPChan group name.
+		 * Please set this setting in your board/config.php, not globally.
+		 */
+		'group' => false, // eg. 'overchan.test'
+	];
 
 
 

From d1b06acbe9e98e106e3b270a47854aa2dc77b308 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 11 Aug 2024 15:45:24 +0200
Subject: [PATCH 210/336] mod.php: remove last mod_page_* handler, use only
 mod_* for mod pages

---
 inc/mod/pages.php | 2 +-
 mod.php           | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 826e7c6f..46e8fc7e 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -818,7 +818,7 @@ function mod_ip_remove_note($cloaked_ip, $id) {
 
 
 
-function mod_page_ip($cip) {
+function mod_ip($cip) {
 	$ip = uncloak_ip($cip);
 	global $config, $mod;
 
diff --git a/mod.php b/mod.php
index 5018992d..20cff8e5 100644
--- a/mod.php
+++ b/mod.php
@@ -188,8 +188,6 @@ foreach ($pages as $uri => $handler) {
 		if (is_string($handler)) {
 			if ($handler[0] == ':') {
 				header('Location: ' . substr($handler, 1),  true, $config['redirect_http']);
-			} elseif (is_callable("mod_page_$handler")) {
-				call_user_func_array("mod_page_$handler", $matches);
 			} elseif (is_callable("mod_$handler")) {
 				call_user_func_array("mod_$handler", $matches);
 			} else {

From 4d8a4db33854f932d0c32197f1f193516601ba69 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 11 Aug 2024 16:14:03 +0200
Subject: [PATCH 211/336] api.php: partially modernize the Api class

---
 inc/api.php | 147 ++++++++++++++++++++++++++++------------------------
 1 file changed, 80 insertions(+), 67 deletions(-)

diff --git a/inc/api.php b/inc/api.php
index 0dd479ac..11f51fe4 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -9,14 +9,51 @@ defined('TINYBOARD') or exit;
  * Class for generating json API compatible with 4chan API
  */
 class Api {
-	function __construct(){
-		global $config;
-		/**
-		 * Translation from local fields to fields in 4chan-style API
-		 */
-		$this->config = $config;
+	private bool $show_filename;
+	private bool $hide_email;
+	private bool $country_flags;
+	private array $postFields;
 
-		$this->postFields = array(
+	private const INTS = [
+		'no' => 1,
+		'resto' => 1,
+		'time' => 1,
+		'tn_w' => 1,
+		'tn_h' => 1,
+		'w' => 1,
+		'h' => 1,
+		'fsize' => 1,
+		'omitted_posts' => 1,
+		'omitted_images' => 1,
+		'replies' => 1,
+		'images' => 1,
+		'sticky' => 1,
+		'locked' => 1,
+		'last_modified' => 1
+	];
+
+	private const THREADS_PAGE_FIELDS = [
+		'id' => 'no',
+		'bump' => 'last_modified'
+	];
+
+	private const FILE_FIELDS = [
+		'thumbheight' => 'tn_h',
+		'thumbwidth' => 'tn_w',
+		'height' => 'h',
+		'width' => 'w',
+		'size' => 'fsize'
+	];
+
+	public function __construct() {
+		global $config;
+
+		// Translation from local fields to fields in 4chan-style API
+		$this->show_filename = $config['show_filename'];
+		$this->hide_email = $config['hide_email'];
+		$this->country_flags = $config['country_flags'];
+
+		$this->postFields = [
 			'id' => 'no',
 			'thread' => 'resto',
 			'subject' => 'sub',
@@ -35,91 +72,64 @@ class Api {
 			'cycle' => 'cyclical',
 			'bump' => 'last_modified',
 			'embed' => 'embed',
-		);
-
-		$this->threadsPageFields = array(
-			'id' => 'no',
-			'bump' => 'last_modified'
-		);
-
-		$this->fileFields = array(
-			'thumbheight' => 'tn_h',
-			'thumbwidth' => 'tn_w',
-			'height' => 'h',
-			'width' => 'w',
-			'size' => 'fsize',
-		);
+		];
 
 		if (isset($config['api']['extra_fields']) && gettype($config['api']['extra_fields']) == 'array'){
 			$this->postFields = array_merge($this->postFields, $config['api']['extra_fields']);
 		}
 	}
 
-	private static $ints = array(
-		'no' => 1,
-		'resto' => 1,
-		'time' => 1,
-		'tn_w' => 1,
-		'tn_h' => 1,
-		'w' => 1,
-		'h' => 1,
-		'fsize' => 1,
-		'omitted_posts' => 1,
-		'omitted_images' => 1,
-		'replies' => 1,
-		'images' => 1,
-		'sticky' => 1,
-		'locked' => 1,
-		'last_modified' => 1
-	);
-
 	private function translateFields($fields, $object, &$apiPost) {
 		foreach ($fields as $local => $translated) {
-			if (!isset($object->$local))
+			if (!isset($object->$local)) {
 				continue;
+			}
 
-			$toInt = isset(self::$ints[$translated]);
+			$toInt = isset(self::INTS[$translated]);
 			$val = $object->$local;
-			if (isset($this->config['hide_email']) && $this->config['hide_email'] && $local === 'email') {
+			if ($this->hide_email && $local === 'email') {
 				$val = '';
 			}
 			if ($val !== null && $val !== '') {
 				$apiPost[$translated] = $toInt ? (int) $val : $val;
 			}
-
 		}
 	}
 
 	private function translateFile($file, $post, &$apiPost) {
-		$this->translateFields($this->fileFields, $file, $apiPost);
+		$this->translateFields(self::FILE_FIELDS, $file, $apiPost);
 		$dotPos = strrpos($file->file, '.');
 		$apiPost['ext'] = substr($file->file, $dotPos);
 		$apiPost['tim'] = substr($file->file, 0, $dotPos);
-		if (isset($this->config['show_filename']) && $this->config['show_filename']) {
+
+		if ($this->show_filename) {
 			$apiPost['filename'] = @substr($file->name, 0, strrpos($file->name, '.'));
-		}
-		else {
+		} else {
 			$apiPost['filename'] = substr($file->file, 0, $dotPos);
 		}
 		if (isset ($file->hash) && $file->hash) {
 			$apiPost['md5'] = base64_encode(hex2bin($file->hash));
-		}
-		else if (isset ($post->filehash) && $post->filehash) {
+		} elseif (isset ($post->filehash) && $post->filehash) {
 			$apiPost['md5'] = base64_encode(hex2bin($post->filehash));
 		}
 	}
 
-	private function translatePost($post, $threadsPage = false) {
+	private function translatePost($post, bool $threadsPage = false) {
 		global $config, $board;
-		$apiPost = array();
-		$fields = $threadsPage ? $this->threadsPageFields : $this->postFields;
+
+		$apiPost = [];
+		$fields = $threadsPage ? self::THREADS_PAGE_FIELDS : $this->postFields;
 		$this->translateFields($fields, $post, $apiPost);
 
-		if (isset($config['poster_ids']) && $config['poster_ids']) $apiPost['id'] = poster_id($post->ip, $post->thread, $board['uri']);
-		if ($threadsPage) return $apiPost;
+		if (isset($config['poster_ids']) && $config['poster_ids']) {
+			$apiPost['id'] = poster_id($post->ip, $post->thread, $board['uri']);
+		}
+		if ($threadsPage) {
+			return $apiPost;
+		}
 
 		// Handle country field
-		if (isset($post->body_nomarkup) && $this->config['country_flags']) {
+		if (isset($post->body_nomarkup) && $this->country_flags) {
 			$modifiers = extract_modifiers($post->body_nomarkup);
 			if (isset($modifiers['flag']) && isset($modifiers['flag alt']) && preg_match('/^[a-z]{2}$/', $modifiers['flag'])) {
 				$country = strtoupper($modifiers['flag']);
@@ -139,12 +149,15 @@ class Api {
 		if (isset($post->files) && $post->files && !$threadsPage) {
 			$file = $post->files[0];
 			$this->translateFile($file, $post, $apiPost);
+
 			if (sizeof($post->files) > 1) {
-				$extra_files = array();
+				$extra_files = [];
 				foreach ($post->files as $i => $f) {
-					if ($i == 0) continue;
-				
-					$extra_file = array();
+					if ($i == 0) {
+						continue;
+					}
+
+					$extra_file = [];
 					$this->translateFile($f, $post, $extra_file);
 
 					$extra_files[] = $extra_file;
@@ -156,8 +169,8 @@ class Api {
 		return $apiPost;
 	}
 
-	function translateThread(Thread $thread, $threadsPage = false) {
-		$apiPosts = array();
+	public function translateThread(Thread $thread, bool $threadsPage = false) {
+		$apiPosts = [];
 		$op = $this->translatePost($thread, $threadsPage);
 		if (!$threadsPage) $op['resto'] = 0;
 		$apiPosts['posts'][] = $op;
@@ -169,16 +182,16 @@ class Api {
 		return $apiPosts;
 	}
 
-	function translatePage(array $threads) {
-		$apiPage = array();
+	public function translatePage(array $threads) {
+		$apiPage = [];
 		foreach ($threads as $thread) {
 			$apiPage['threads'][] = $this->translateThread($thread);
 		}
 		return $apiPage;
 	}
 
-	function translateCatalogPage(array $threads, $threadsPage = false) {
-		$apiPage = array();
+	public function translateCatalogPage(array $threads, bool $threadsPage = false) {
+		$apiPage = [];
 		foreach ($threads as $thread) {
 			$ts = $this->translateThread($thread, $threadsPage);
 			$apiPage['threads'][] = current($ts['posts']);
@@ -186,8 +199,8 @@ class Api {
 		return $apiPage;
 	}
 
-	function translateCatalog($catalog, $threadsPage = false) {
-		$apiCatalog = array();
+	public function translateCatalog($catalog, bool $threadsPage = false) {
+		$apiCatalog = [];
 		foreach ($catalog as $page => $threads) {
 			$apiPage = $this->translateCatalogPage($threads, $threadsPage);
 			$apiPage['page'] = $page;

From d8391eb34ab19dd23211d53e751a753b0a6da9bc Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Mon, 12 Aug 2024 15:23:19 -0300
Subject: [PATCH 212/336] fixes #747 and also fix when loading next page on
 ukko wrong value. e.g >>thread_<cite_id>

---
 js/show-backlinks.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/js/show-backlinks.js b/js/show-backlinks.js
index fc3125db..4c12e572 100644
--- a/js/show-backlinks.js
+++ b/js/show-backlinks.js
@@ -53,9 +53,10 @@ onready(function(){
 	$('div.post.op').each(showBackLinks);
 
         $(document).on('new_post', function(e, post) {
-		showBackLinks.call(post);
 		if ($(post).hasClass("op")) {
 			$(post).find('div.post.reply').each(showBackLinks);
+		} else {
+			$(post).parent().find('div.post.reply').each(showBackLinks);
 		}
 	});
 });

From 3e72171889e80c78c20c1e72e66ac253ce7af443 Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Mon, 12 Aug 2024 15:34:48 -0300
Subject: [PATCH 213/336] download original filename without javascript.

---
 templates/post/fileinfo.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/post/fileinfo.html b/templates/post/fileinfo.html
index 80ddd2a6..ec490129 100644
--- a/templates/post/fileinfo.html
+++ b/templates/post/fileinfo.html
@@ -22,9 +22,9 @@
 			{% if config.show_filename and file.filename %}
 				, 
 				{% if file.filename|length > config.max_filename_display %}
-					<span class="postfilename" title="{{ file.filename|e|bidi_cleanup }}">{{ file.filename|truncate_filename(config.max_filename_display)|e|bidi_cleanup }}</span>
+					<a class="postfilename" href="{{ config.uri_img }}{{ file.file|e|bidi_cleanup }}" download="{{ file.filename|e|bidi_cleanup }}" data-truncate="true" title="{% trans %}Save as original filename{% endtrans %}">{{ file.filename|truncate_filename(config.max_filename_display)|e|bidi_cleanup }}</a>
 				{% else %}
-					<span class="postfilename">{{ file.filename|e|bidi_cleanup }}</span>
+					<a class="postfilename" href="{{ config.uri_img }}{{ file.file|e|bidi_cleanup }}" download="{{ file.filename|e|bidi_cleanup }}" title="{% trans %}Save as original filename{% endtrans %}">{{ file.filename|e|bidi_cleanup }}</a>
 				{% endif %}
 			{% endif %}
 		)

From d4b4cf5825ff120605f1450a5fb5cc69d6d9f56f Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Mon, 12 Aug 2024 15:35:16 -0300
Subject: [PATCH 214/336] script to expand original filename if truncated

---
 js/expand-filename.js | 53 +++++++++++++++++++++++++++++++++++++++++++
 js/expand-too-long.js | 39 -------------------------------
 2 files changed, 53 insertions(+), 39 deletions(-)
 create mode 100644 js/expand-filename.js
 delete mode 100644 js/expand-too-long.js

diff --git a/js/expand-filename.js b/js/expand-filename.js
new file mode 100644
index 00000000..2f3ac0fd
--- /dev/null
+++ b/js/expand-filename.js
@@ -0,0 +1,53 @@
+/*
+ * expand-filename.js
+ * https://github.com/vichan-devel/vichan/blob/master/js/expand-filename.js
+ *
+ * Released under the MIT license
+ * Copyright (c) 2024 Perdedora <weav@anche.no>
+ *
+ * Usage:
+ *   $config['additional_javascript'][] = 'js/expand-filename.js';
+ *
+ */
+
+function doFilename(element) {
+    const filenames = element.querySelectorAll('[data-truncate="true"]');
+    filenames.forEach(filename => {
+        filename.addEventListener('mouseover', event => addHover(event.target));
+        filename.addEventListener('mouseout', event => removeHover(event.target));
+    });
+}
+
+function addHover(element) {
+    element.dataset.truncatedFilename = element.textContent;
+    element.textContent = element.download;
+}
+
+function removeHover(element) {
+    element.textContent = element.dataset.truncatedFilename;
+    delete element.dataset.truncatedFilename;
+}
+
+document.addEventListener('DOMContentLoaded', () => {
+    doFilename(document);
+
+    // Create a MutationObserver to watch for new elements
+    const observer = new MutationObserver(mutationsList => {
+        mutationsList.forEach(mutation => {
+            if (mutation.type === 'childList') {
+                mutation.addedNodes.forEach(addedNode => {
+                    if (addedNode.nodeType === Node.ELEMENT_NODE) {
+                        // Apply `doFilename` to newly added elements
+                        doFilename(addedNode);
+                    }
+                });
+            }
+        });
+    });
+
+    // Start observing the document body for changes
+    observer.observe(document.body, {
+        childList: true,
+        subtree: true
+    });
+});
diff --git a/js/expand-too-long.js b/js/expand-too-long.js
deleted file mode 100644
index bbadb5f1..00000000
--- a/js/expand-too-long.js
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * expand-too-long.js
- * https://github.com/vichan-devel/vichan/blob/master/js/expand-too-long.js
- *
- * Released under the MIT license
- * Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net>
- *
- * Usage:
- *   $config['additional_javascript'][] = 'js/jquery.min.js';
- *   $config['additional_javascript'][] = 'js/expand-too-long.js';
- *      
- */
-
-$(function() {
-	var do_expand = function() {
-		$(this).find('a').click(function(e) {
-			e.preventDefault();
-
-			var url = $(this).attr('href');
-			var body = $(this).parents('.body');
-
-			$.ajax({
-				url: url,
-				context: document.body,
-				success: function(data) {
-					var content = $(data).find('#'+url.split('#')[1]).parent().parent().find(".body").first().html();
-
-					body.html(content);
-				}
-			});
-		});
-	};
-
-        $('.toolong').each(do_expand);
-                       
-        $(document).on("new_post", function(e, post) {
-		$(post).find('.toolong').each(do_expand)
-	});
-});

From e825e7aac52f52c81b32db4a39cc8304d6a5d1a3 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 25 May 2024 00:32:44 +0200
Subject: [PATCH 215/336] Add dynamic captcha support

---
 inc/config.php           |  9 +++++++++
 post.php                 |  2 +-
 templates/main.js        | 30 ++++++++++++++++++++++++++++++
 templates/post_form.html |  4 ++++
 4 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/inc/config.php b/inc/config.php
index 319bb8fd..79181790 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -351,6 +351,15 @@
 	//);
 	$config['simple_spam'] = false;
 
+	/*
+	 * If not flase, the captcha is dynamically injected on the client if the web server set the `captcha-required`
+	 * cookie to 1. The configuration value should be set the IP for which the captcha should be verified.
+	 *
+	 * Example:
+	 * $config['dynamic_captcha'] = '127.0.0.1'; // Verify the captcha for users sending posts from the loopback address.
+	 */
+	$config['dynamic_captcha'] = false;
+
 	// Enable reCaptcha to make spam even harder. Rarely necessary.
 	$config['recaptcha'] = false;
 
diff --git a/post.php b/post.php
index 644ff111..a7f7e88b 100644
--- a/post.php
+++ b/post.php
@@ -648,7 +648,7 @@ if (isset($_POST['delete'])) {
 				}
 			}
 			// Remote 3rd party captchas.
-			else {
+			else if (!$config['dynamic_captcha'] || $config['dynamic_captcha'] === $_SERVER['REMOTE_ADDR']) {
 				// recaptcha
 				if ($config['recaptcha']) {
 					if (!isset($_POST['g-recaptcha-response'])) {
diff --git a/templates/main.js b/templates/main.js
index a850787f..e0819622 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -222,6 +222,36 @@ function getCookie(cookie_name) {
 	}
 }
 
+{% endraw %}
+{% if config.dynamic_captcha %}
+function is_dynamic_captcha_enabled() {
+	let cookie = get_cookie('require-captcha');
+	return cookie === '1';
+}
+
+function get_captcha_pub_key() {
+{% if config.recaptcha %}
+	return "{{ config.recaptcha_public }}";
+{% else %}
+	return null;
+{% endif %}
+}
+
+function init_dynamic_captcha() {
+	if (!is_dynamic_captcha_enabled()) {
+		let pub_key = get_captcha_pub_key();
+		if (!pub_key) {
+			console.error("Missing public captcha key!");
+			return;
+		}
+
+		let captcha_hook = document.getElementById('captcha');
+		captcha_hook.style = "";
+	}
+}
+{% endif %}
+{% raw %}
+
 function highlightReply(id) {
 	if (typeof window.event != "undefined" && event.which == 2) {
 		// don't highlight on middle click
diff --git a/templates/post_form.html b/templates/post_form.html
index 5a6854cf..8220107b 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -73,7 +73,11 @@
 			</td>
 		</tr>
 		{% if config.recaptcha %}
+		{% if config.dynamic_captcha %}
+		<tr id="captcha" style="display: none;">
+		{% else %}
 		<tr>
+		{% endif %}
 			<th>
 				{% trans %}Verification{% endtrans %}
 				{{ antibot.html() }}

From 933594194c477839dfbf02422bbcba62be807709 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 15:11:32 +0200
Subject: [PATCH 216/336] captcha-queries.php: refactor remote captcha queries
 to use DI and abstract the implementation better

---
 inc/context.php                 |  14 ++++
 inc/service/captcha-queries.php | 119 +++++++++++++++++++++-----------
 post.php                        |  34 ++++-----
 3 files changed, 105 insertions(+), 62 deletions(-)

diff --git a/inc/context.php b/inc/context.php
index f65c3b0d..e6604835 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -3,6 +3,9 @@ namespace Vichan;
 
 use RuntimeException;
 use Vichan\Driver\{HttpDriver, HttpDrivers, Log, LogDrivers};
+use Vichan\Service\HCaptchaQuery;
+use Vichan\Service\ReCaptchaQuery;
+use Vichan\Service\RemoteCaptchaQuery;
 
 defined('TINYBOARD') or exit;
 
@@ -53,6 +56,17 @@ function build_context(array $config): Context {
 		HttpDriver::class => function($c) {
 			$config = $c->get('config');
 			return HttpDrivers::getHttpDriver($config['upload_by_url_timeout'], $config['max_filesize']);
+		},
+		RemoteCaptchaQuery::class => function($c) {
+			$config = $c->get('config');
+			$http = $c->get(HttpDriver::class);
+			if ($config['recaptcha']) {
+				return new ReCaptchaQuery($http, $config['recaptcha_private']);
+			} elseif ($config['hcaptcha']) {
+				return new HCaptchaQuery($http, $config['hcaptcha_private'], $config['hcaptcha_public']);
+			} else {
+				throw new RuntimeException('No remote captcha service available');
+			}
 		}
 	]);
 }
diff --git a/inc/service/captcha-queries.php b/inc/service/captcha-queries.php
index d7966501..cbd344a1 100644
--- a/inc/service/captcha-queries.php
+++ b/inc/service/captcha-queries.php
@@ -6,68 +6,107 @@ use Vichan\Driver\HttpDriver;
 defined('TINYBOARD') or exit;
 
 
-class RemoteCaptchaQuery {
+class ReCaptchaQuery implements RemoteCaptchaQuery {
 	private HttpDriver $http;
 	private string $secret;
-	private string $endpoint;
-
 
 	/**
-	 * Creates a new CaptchaRemoteQueries instance using the google recaptcha service.
+	 * Creates a new ReCaptchaQuery using the google recaptcha service.
 	 *
 	 * @param HttpDriver $http The http client.
 	 * @param string $secret Server side secret.
-	 * @return CaptchaRemoteQueries A new captcha query instance.
+	 * @return ReCaptchaQuery A new ReCaptchaQuery query instance.
 	 */
-	public static function withRecaptcha(HttpDriver $http, string $secret): RemoteCaptchaQuery {
-		return new self($http, $secret, 'https://www.google.com/recaptcha/api/siteverify');
-	}
-
-	/**
-	 * Creates a new CaptchaRemoteQueries instance using the hcaptcha service.
-	 *
-	 * @param HttpDriver $http The http client.
-	 * @param string $secret Server side secret.
-	 * @return CaptchaRemoteQueries A new captcha query instance.
-	 */
-	public static function withHCaptcha(HttpDriver $http, string $secret): RemoteCaptchaQuery {
-		return new self($http, $secret, 'https://hcaptcha.com/siteverify');
-	}
-
-	private function __construct(HttpDriver $http, string $secret, string $endpoint) {
+	public function __construct(HttpDriver $http, string $secret) {
 		$this->http = $http;
 		$this->secret = $secret;
-		$this->endpoint = $endpoint;
 	}
 
-	/**
-	 * Checks if the user at the remote ip passed the captcha.
-	 *
-	 * @param string $response User provided response.
-	 * @param string $remote_ip User ip.
-	 * @return bool Returns true if the user passed the captcha.
-	 * @throws RuntimeException|JsonException Throws on IO errors or if it fails to decode the answer.
-	 */
-	public function verify(string $response, string $remote_ip): bool {
-		$data = array(
-			'secret' => $this->secret,
-			'response' => $response,
-			'remoteip' => $remote_ip
-		);
+	public function responseField(): string {
+		return 'g-recaptcha-response';
+	}
 
-		$ret = $this->http->requestGet($this->endpoint, $data);
+	public function verify(string $response, ?string $remote_ip): bool {
+		$data = [
+			'secret' => $this->secret,
+			'response' => $response
+		];
+
+		if ($remote_ip !== null) {
+			$data['remoteip'] = $remote_ip;
+		}
+
+		$ret = $this->http->requestGet('https://www.google.com/recaptcha/api/siteverify', $data);
 		$resp = json_decode($ret, true, 16, JSON_THROW_ON_ERROR);
 
 		return isset($resp['success']) && $resp['success'];
 	}
 }
 
+class HCaptchaQuery implements RemoteCaptchaQuery {
+	private HttpDriver $http;
+	private string $secret;
+	private string $sitekey;
+
+	/**
+	 * Creates a new HCaptchaQuery using the hCaptcha service.
+	 *
+	 * @param HttpDriver $http The http client.
+	 * @param string $secret Server side secret.
+	 * @return HCaptchaQuery A new hCaptcha query instance.
+	 */
+	public function __construct(HttpDriver $http, string $secret, string $sitekey) {
+		$this->http = $http;
+		$this->secret = $secret;
+		$this->sitekey = $sitekey;
+	}
+
+	public function responseField(): string {
+		return 'h-captcha-response';
+	}
+
+	public function verify(string $response, ?string $remote_ip): bool {
+		$data = [
+			'secret' => $this->secret,
+			'response' => $response,
+			'sitekey' => $this->sitekey
+		];
+
+		if ($remote_ip !== null) {
+			$data['remoteip'] = $remote_ip;
+		}
+
+		$ret = $this->http->requestGet('https://hcaptcha.com/siteverify', $data);
+		$resp = json_decode($ret, true, 16, JSON_THROW_ON_ERROR);
+
+		return isset($resp['success']) && $resp['success'];
+	}
+}
+
+interface RemoteCaptchaQuery {
+	/**
+	 * Name of the response field in the form data expected by the implementation.
+	 *
+	 * @return string The name of the field.
+	 */
+	public function responseField(): string;
+
+	/**
+	 * Checks if the user at the remote ip passed the captcha.
+	 *
+	 * @param string $response User provided response.
+	 * @param ?string $remote_ip User ip. Leave to null to only check the response value.
+	 * @return bool Returns true if the user passed the captcha.
+	 * @throws RuntimeException|JsonException Throws on IO errors or if it fails to decode the answer.
+	 */
+	public function verify(string $response, ?string $remote_ip): bool;
+}
+
 class NativeCaptchaQuery {
 	private HttpDriver $http;
 	private string $domain;
 	private string $provider_check;
 
-
 	/**
 	 * @param HttpDriver $http The http client.
 	 * @param string $domain The server's domain.
@@ -89,12 +128,12 @@ class NativeCaptchaQuery {
 	 * @throws RuntimeException Throws on IO errors.
 	 */
 	public function verify(string $extra, string $user_text, string $user_cookie): bool {
-		$data = array(
+		$data = [
 			'mode' => 'check',
 			'text' => $user_text,
 			'extra' => $extra,
 			'cookie' => $user_cookie
-		);
+		];
 
 		$ret = $this->http->requestGet($this->domain . '/' . $this->provider_check, $data);
 		return $ret === '1';
diff --git a/post.php b/post.php
index a7f7e88b..fd78d749 100644
--- a/post.php
+++ b/post.php
@@ -648,29 +648,19 @@ if (isset($_POST['delete'])) {
 				}
 			}
 			// Remote 3rd party captchas.
-			else if (!$config['dynamic_captcha'] || $config['dynamic_captcha'] === $_SERVER['REMOTE_ADDR']) {
-				// recaptcha
-				if ($config['recaptcha']) {
-					if (!isset($_POST['g-recaptcha-response'])) {
-						error($config['error']['bot']);
-					}
-					$response = $_POST['g-recaptcha-response'];
-					$query = RemoteCaptchaQuery::withRecaptcha($context->get(HttpDriver::class), $config['recaptcha_private']);
-				}
-				// hCaptcha
-				elseif ($config['hcaptcha']) {
-					if (!isset($_POST['h-captcha-response'])) {
-						error($config['error']['bot']);
-					}
-					$response = $_POST['h-captcha-response'];
-					$query = RemoteCaptchaQuery::withHCaptcha($context->get(HttpDriver::class), $config['hcaptcha_private']);
-				}
+			elseif (($config['recaptcha'] || $config['hcaptcha'])
+				&& (!$config['dynamic_captcha'] || $config['dynamic_captcha'] === $_SERVER['REMOTE_ADDR'])) {
+				$query = $content->get(RemoteCaptchaQuery::class);
+				$field = $query->responseField();
 
-				if (isset($query, $response)) {
-					$success = $query->verify($response, $_SERVER['REMOTE_ADDR']);
-					if (!$success) {
-						error($config['error']['captcha']);
-					}
+				if (!isset($_POST[$field])) {
+					error($config['error']['bot']);
+				}
+				$response = $_POST[$field];
+
+				$success = $query->verify($response, $_SERVER['REMOTE_ADDR']);
+				if (!$success) {
+					error($config['error']['captcha']);
 				}
 			}
 		} catch (RuntimeException $e) {

From a275d04efa6cb1f4160d3a6d0bd5ee5e494f0f92 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 15:17:54 +0200
Subject: [PATCH 217/336] captcha-queries.php: refactor NativeCaptchaQuery to
 use DI

---
 inc/context.php                 | 10 ++++++++++
 inc/service/captcha-queries.php | 10 ++++++----
 post.php                        |  4 ++--
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/inc/context.php b/inc/context.php
index e6604835..30c9804e 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -4,6 +4,7 @@ namespace Vichan;
 use RuntimeException;
 use Vichan\Driver\{HttpDriver, HttpDrivers, Log, LogDrivers};
 use Vichan\Service\HCaptchaQuery;
+use Vichan\Service\NativeCaptchaQuery;
 use Vichan\Service\ReCaptchaQuery;
 use Vichan\Service\RemoteCaptchaQuery;
 
@@ -67,6 +68,15 @@ function build_context(array $config): Context {
 			} else {
 				throw new RuntimeException('No remote captcha service available');
 			}
+		},
+		NativeCaptchaQuery::class => function($c) {
+			$http = $c->get(HttpDriver::class);
+			$config = $c->get('config');
+			return new NativeCaptchaQuery($http,
+				$config['domain'],
+				$config['captcha']['provider_check'],
+				$config['captcha']['extra']
+			);
 		}
 	]);
 }
diff --git a/inc/service/captcha-queries.php b/inc/service/captcha-queries.php
index cbd344a1..cd9a1b84 100644
--- a/inc/service/captcha-queries.php
+++ b/inc/service/captcha-queries.php
@@ -106,32 +106,34 @@ class NativeCaptchaQuery {
 	private HttpDriver $http;
 	private string $domain;
 	private string $provider_check;
+	private string $extra;
 
 	/**
 	 * @param HttpDriver $http The http client.
 	 * @param string $domain The server's domain.
 	 * @param string $provider_check Path to the endpoint.
+	 * @param string $extra Extra http parameters.
 	 */
-	function __construct(HttpDriver $http, string $domain, string $provider_check) {
+	function __construct(HttpDriver $http, string $domain, string $provider_check, string $extra) {
 		$this->http = $http;
 		$this->domain = $domain;
 		$this->provider_check = $provider_check;
+		$this->extra = $extra;
 	}
 
 	/**
 	 * Checks if the user at the remote ip passed the native vichan captcha.
 	 *
-	 * @param string $extra Extra http parameters.
 	 * @param string $user_text Remote user's text input.
 	 * @param string $user_cookie Remote user cookie.
 	 * @return bool Returns true if the user passed the check.
 	 * @throws RuntimeException Throws on IO errors.
 	 */
-	public function verify(string $extra, string $user_text, string $user_cookie): bool {
+	public function verify(string $user_text, string $user_cookie): bool {
 		$data = [
 			'mode' => 'check',
 			'text' => $user_text,
-			'extra' => $extra,
+			'extra' => $this->extra,
 			'cookie' => $user_cookie
 		];
 
diff --git a/post.php b/post.php
index fd78d749..ea5b1ccf 100644
--- a/post.php
+++ b/post.php
@@ -631,8 +631,8 @@ if (isset($_POST['delete'])) {
 		try {
 			// With our custom captcha provider
 			if ($config['captcha']['enabled'] || ($post['op'] && $config['new_thread_capt'])) {
-				$query = new NativeCaptchaQuery($context->get(HttpDriver::class), $config['domain'], $config['captcha']['provider_check']);
-				$success = $query->verify($config['captcha']['extra'], $_POST['captcha_text'], $_POST['captcha_cookie']);
+				$query = $context->get(NativeCaptchaQuery::class);
+				$success = $query->verify($_POST['captcha_text'], $_POST['captcha_cookie']);
 
 				if (!$success) {
 					error(

From fb92e5fb682df82a265030ae93bf0707f1e2d966 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 16:11:28 +0200
Subject: [PATCH 218/336] config.php: rework captcha configuration

---
 inc/config.php           | 75 ++++++++++++++++++----------------------
 inc/context.php          | 28 +++++++++------
 post.php                 | 10 ++++--
 templates/header.html    |  4 +--
 templates/main.js        |  6 ++--
 templates/post_form.html | 18 +++++-----
 6 files changed, 72 insertions(+), 69 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 79181790..89ea333a 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -351,48 +351,39 @@
 	//);
 	$config['simple_spam'] = false;
 
-	/*
-	 * If not flase, the captcha is dynamically injected on the client if the web server set the `captcha-required`
-	 * cookie to 1. The configuration value should be set the IP for which the captcha should be verified.
-	 *
-	 * Example:
-	 * $config['dynamic_captcha'] = '127.0.0.1'; // Verify the captcha for users sending posts from the loopback address.
-	 */
-	$config['dynamic_captcha'] = false;
-
-	// Enable reCaptcha to make spam even harder. Rarely necessary.
-	$config['recaptcha'] = false;
-
-	// Public and private key pair from https://www.google.com/recaptcha/admin/create
-	$config['recaptcha_public'] = '6LcXTcUSAAAAAKBxyFWIt2SO8jwx4W7wcSMRoN3f';
-	$config['recaptcha_private'] = '6LcXTcUSAAAAAOGVbVdhmEM1_SyRF4xTKe8jbzf_';
-
-	// Enable hCaptcha as an alternative to reCAPTCHA.
-	$config['hcaptcha'] = false;
-
-	// Public and private key pair for using hCaptcha.
-	$config['hcaptcha_public'] = '7a4b21e0-dc53-46f2-a9f8-91d2e74b63a0';
-	$config['hcaptcha_private'] = '0x4e9A01bE637b51dC41a7Ea9865C3fDe4aB72Cf17';
-
-	// Enable Custom Captcha you need to change a couple of settings
-	//Read more at: /inc/captcha/readme.md
-	$config['captcha'] = array();
-
-	// Enable custom captcha provider
-	$config['captcha']['enabled'] = false;
-
-	//New thread captcha
- 	//Require solving a captcha to post a thread.
- 	//Default off.
- 	$config['new_thread_capt'] = false;
-
-	// Custom captcha get provider path (if not working get the absolute path aka your url.)
-	$config['captcha']['provider_get'] = '../inc/captcha/entrypoint.php';
-	// Custom captcha check provider path
-	$config['captcha']['provider_check'] = '../inc/captcha/entrypoint.php';
-
-	// Custom captcha extra field (eg. charset)
-	$config['captcha']['extra'] = 'abcdefghijklmnopqrstuvwxyz';
+	$config['captcha'] = [
+		// Can be false, 'recaptcha', 'hcaptcha' or 'secureimage'.
+		'provider' => false,
+		/*
+		 * If not false, the captcha is dynamically injected on the client if the web server set the `captcha-required`
+		 * cookie to 1. The configuration value should be set the IP for which the captcha should be verified.
+		 *
+		 * Example:
+		 *
+		 * // Verify the captcha for users sending posts from the loopback address.
+		 * $config['captcha']['dynamic'] = '127.0.0.1';
+		 */
+		'dynamic' => false,
+		'recaptcha' => [
+			'sitekey' => '6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI',
+			'secret' => '6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe',
+		],
+		'hcaptcha' => [
+			'sitekey' => '10000000-ffff-ffff-ffff-000000000001',
+			'secret' => '0x0000000000000000000000000000000000000000',
+		],
+		// Enable the secureimage captcha you need to change a couple of settings. Read more at: /inc/captcha/readme.md
+		'secureimage' => [
+			// Custom captcha get provider path (if not working get the absolute path aka your url).
+			'provider_get' => '../inc/captcha/entrypoint.php',
+			// Custom captcha check provider path
+			'provider_check' => '../inc/captcha/entrypoint.php',
+			// Custom captcha extra field (eg. charset)
+			'extra' => 'abcdefghijklmnopqrstuvwxyz',
+			// New thread captcha. Require solving a captcha to post a thread.
+			'new_thread_capt' => false
+		]
+	];
 
 	// Ability to lock a board for normal users and still allow mods to post.  Could also be useful for making an archive board
 	$config['board_locked'] = false;
diff --git a/inc/context.php b/inc/context.php
index 30c9804e..23165377 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -61,21 +61,29 @@ function build_context(array $config): Context {
 		RemoteCaptchaQuery::class => function($c) {
 			$config = $c->get('config');
 			$http = $c->get(HttpDriver::class);
-			if ($config['recaptcha']) {
-				return new ReCaptchaQuery($http, $config['recaptcha_private']);
-			} elseif ($config['hcaptcha']) {
-				return new HCaptchaQuery($http, $config['hcaptcha_private'], $config['hcaptcha_public']);
-			} else {
-				throw new RuntimeException('No remote captcha service available');
+			switch ($config['captcha']['provider']) {
+				case 'recaptcha':
+					return new ReCaptchaQuery($http, $config['captcha']['recaptcha']['secret']);
+				case 'hcaptcha':
+					return new HCaptchaQuery(
+						$http,
+						$config['captcha']['hcaptcha']['secret'],
+						$config['captcha']['hcaptcha']['sitekey']
+					);
+				default:
+					throw new RuntimeException('No remote captcha service available');
 			}
 		},
 		NativeCaptchaQuery::class => function($c) {
-			$http = $c->get(HttpDriver::class);
 			$config = $c->get('config');
-			return new NativeCaptchaQuery($http,
+			if ($config['captcha']['provider'] !== 'secureimage') {
+				throw new RuntimeException('No native captcha service available');
+			}
+			return new NativeCaptchaQuery(
+				$c->get(HttpDriver::class),
 				$config['domain'],
-				$config['captcha']['provider_check'],
-				$config['captcha']['extra']
+				$config['captcha']['secureimage']['provider_check'],
+				$config['captcha']['secureimage']['extra']
 			);
 		}
 	]);
diff --git a/post.php b/post.php
index ea5b1ccf..f937f06c 100644
--- a/post.php
+++ b/post.php
@@ -629,8 +629,13 @@ if (isset($_POST['delete'])) {
 
 		// Check for CAPTCHA right after opening the board so the "return" link is in there.
 		try {
+			$provider = $config['captcha']['provider'];
+			$new_thread_capt = $config['captcha']['secureimage']['new_thread_capt'];
+			$dynamic = $config['captcha']['dynamic'];
+
 			// With our custom captcha provider
-			if ($config['captcha']['enabled'] || ($post['op'] && $config['new_thread_capt'])) {
+			if (($provider === 'secureimage' && !$new_thread_capt)
+				|| ($provider === 'secureimage' && $new_thread_capt && $post['op'])) {
 				$query = $context->get(NativeCaptchaQuery::class);
 				$success = $query->verify($_POST['captcha_text'], $_POST['captcha_cookie']);
 
@@ -648,8 +653,7 @@ if (isset($_POST['delete'])) {
 				}
 			}
 			// Remote 3rd party captchas.
-			elseif (($config['recaptcha'] || $config['hcaptcha'])
-				&& (!$config['dynamic_captcha'] || $config['dynamic_captcha'] === $_SERVER['REMOTE_ADDR'])) {
+			elseif ($provider && (!$dynamic || $dynamic === $_SERVER['REMOTE_ADDR'])) {
 				$query = $content->get(RemoteCaptchaQuery::class);
 				$field = $query->responseField();
 
diff --git a/templates/header.html b/templates/header.html
index d35fabb9..f72b752a 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -20,7 +20,7 @@
                         <script type="text/javascript" src="/js/mod/mod_snippets.js"></script>
                         {% endif %}
                 {% endif %}
-                {% if config.recaptcha %}<script src="//www.recaptcha.net/recaptcha/api.js"></script>
+                {% if config.captcha.provider == 'recaptcha' %}<script src="//www.recaptcha.net/recaptcha/api.js"></script>
                 <style type="text/css">{% verbatim %}
                         #recaptcha_area {
                                 float: none !important;
@@ -50,6 +50,6 @@
                                 padding: 0 !important;
                         }
                 {% endverbatim %}</style>{% endif %}
-                {% if config.hcaptcha %}
+                {% if config.captcha.provider.hcaptcha %}
                 <script src="https://js.hcaptcha.com/1/api.js" async defer></script>
                 {% endif %}
diff --git a/templates/main.js b/templates/main.js
index e0819622..f956f5cf 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -223,15 +223,15 @@ function getCookie(cookie_name) {
 }
 
 {% endraw %}
-{% if config.dynamic_captcha %}
+{% if config.captcha.dynamic %}
 function is_dynamic_captcha_enabled() {
 	let cookie = get_cookie('require-captcha');
 	return cookie === '1';
 }
 
 function get_captcha_pub_key() {
-{% if config.recaptcha %}
-	return "{{ config.recaptcha_public }}";
+{% if config.captcha.provider === 'recaptcha' %}
+	return "{{ config.captcha.recaptcha.sitekey }}";
 {% else %}
 	return null;
 {% endif %}
diff --git a/templates/post_form.html b/templates/post_form.html
index 8220107b..19c69cfb 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -72,8 +72,8 @@
 				{% endif %}
 			</td>
 		</tr>
-		{% if config.recaptcha %}
-		{% if config.dynamic_captcha %}
+		{% if config.captcha.provider == 'recaptcha' %}
+		{% if config.captcha.dynamic %}
 		<tr id="captcha" style="display: none;">
 		{% else %}
 		<tr>
@@ -83,19 +83,19 @@
 				{{ antibot.html() }}
 			</th>
 			<td>
-				<div class="g-recaptcha" data-sitekey="{{ config.recaptcha_public }}"></div>
+				<div class="g-recaptcha" data-sitekey="{{ config.captcha.recaptcha.sitekey }}"></div>
 				{{ antibot.html() }}
 			</td>
 		</tr>
 		{% endif %}
-		{% if config.hcaptcha %}
+		{% if config.captcha.provider == 'hcaptcha' %}
 		<tr>
 			<th>
 				{% trans %}Verification{% endtrans %}
 				{{ antibot.html() }}
 			</th>
 			<td>
-				<div class="h-captcha" data-sitekey="{{ config.hcaptcha_public }}"></div>
+				<div class="h-captcha" data-sitekey="{{ config.captcha.hcaptcha.sitekey }}"></div>
 				{{ antibot.html() }}
 			</td>
 		</tr>
@@ -106,11 +106,11 @@
 				{% trans %}Verification{% endtrans %}
 			</th>
 			<td>
-				<script>load_captcha("{{ config.captcha.provider_get }}", "{{ config.captcha.extra }}");</script>
+				<script>load_captcha("{{ config.captcha.secureimage.provider_get }}", "{{ config.secureimage.captcha.extra }}");</script>
 				<noscript>
 					<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>
 					<div class="captcha_html">
-						<img src="/{{ config.captcha.provider_get }}?mode=get&raw=1">
+						<img src="/{{ config.captcha.secureimage.provider_get }}?mode=get&raw=1">
 					</div>
 				</noscript>
 			</td>
@@ -122,11 +122,11 @@
                                 {% trans %}Verification{% endtrans %}
                         </th>
                         <td>
-                                <script>load_captcha("{{ config.captcha.provider_get }}", "{{ config.captcha.extra }}");</script>
+                                <script>load_captcha("{{ config.captcha.secureimage.provider_get }}", "{{ config.captcha.secureimage.extra }}");</script>
 				<noscript>
 					<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>
 					<div class="captcha_html">
-						<img src="/{{ config.captcha.provider_get }}?mode=get&raw=1">
+						<img src="/{{ config.captcha.secureimage.provider_get }}?mode=get&raw=1">
 					</div>
 				</noscript>
                         </td>

From cb5fb68c5e2c9d28452de72b0817b56d6e7782a2 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 16:12:32 +0200
Subject: [PATCH 219/336] header.html: format

---
 templates/header.html | 110 +++++++++++++++++++++---------------------
 1 file changed, 55 insertions(+), 55 deletions(-)

diff --git a/templates/header.html b/templates/header.html
index f72b752a..14a42952 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -1,55 +1,55 @@
- <link rel="stylesheet" media="screen" href="{{ config.url_stylesheet }}">
-                {% if config.url_favicon %}<link rel="shortcut icon" href="{{ config.url_favicon }}">{% endif %}
-                <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-                <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">
-                {% if config.meta_keywords %}<meta name="keywords" content="{{ config.meta_keywords }}">{% endif %}
-                {% if config.default_stylesheet.1 != '' %}<link rel="stylesheet" type="text/css" id="stylesheet" href="{{ config.uri_stylesheets }}{{ config.default_stylesheet.1 }}">{% endif %}
-                {% if config.font_awesome %}<link rel="stylesheet" href="{{ config.root }}{{ config.font_awesome_css }}">{% endif %}
-                {% if config.country_flags_condensed %}<link rel="stylesheet" href="{{ config.root }}{{ config.country_flags_condensed_css }}">{% endif %}
-                <script type="text/javascript">
-                        var configRoot="{{ config.root }}";
-                        var inMod = {% if mod %}true{% else %}false{% endif %};
-                        var modRoot="{{ config.root }}"+(inMod ? "mod.php?/" : "");
-                </script>
-                {% if not nojavascript %}
-                        <script type="text/javascript" src="{{ config.url_javascript }}"></script>
-                        {% if not config.additional_javascript_compile %}
-                        {% for javascript in config.additional_javascript %}<script type="text/javascript" src="{{ config.additional_javascript_url }}{{ javascript }}"></script>{% endfor %}
-                        {% endif %}
-                        {% if mod %}
-                        <script type="text/javascript" src="/js/mod/mod_snippets.js"></script>
-                        {% endif %}
-                {% endif %}
-                {% if config.captcha.provider == 'recaptcha' %}<script src="//www.recaptcha.net/recaptcha/api.js"></script>
-                <style type="text/css">{% verbatim %}
-                        #recaptcha_area {
-                                float: none !important;
-                                padding: 0 !important;
-                        }
-                        #recaptcha_logo, #recaptcha_privacy {
-                                display: none;
-                        }
-                        #recaptcha_table {
-                                border: none !important;
-                        }
-                        #recaptcha_table tr:first-child {
-                                height: auto;
-                        }
-                        .recaptchatable img {
-                                float: none !important;
-                        }
-                        #recaptcha_response_field {
-                                font-size: 10pt !important;
-                                border: 1px solid #a9a9a9 !important;
-                                padding: 1px !important;
-                        }
-                        td.recaptcha_image_cell {
-                                background: transparent !important;
-                        }
-                        .recaptchatable, #recaptcha_area tr, #recaptcha_area td, #recaptcha_area th {
-                                padding: 0 !important;
-                        }
-                {% endverbatim %}</style>{% endif %}
-                {% if config.captcha.provider.hcaptcha %}
-                <script src="https://js.hcaptcha.com/1/api.js" async defer></script>
-                {% endif %}
+<link rel="stylesheet" media="screen" href="{{ config.url_stylesheet }}">
+{% if config.url_favicon %}<link rel="shortcut icon" href="{{ config.url_favicon }}">{% endif %}
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">
+{% if config.meta_keywords %}<meta name="keywords" content="{{ config.meta_keywords }}">{% endif %}
+{% if config.default_stylesheet.1 != '' %}<link rel="stylesheet" type="text/css" id="stylesheet" href="{{ config.uri_stylesheets }}{{ config.default_stylesheet.1 }}">{% endif %}
+{% if config.font_awesome %}<link rel="stylesheet" href="{{ config.root }}{{ config.font_awesome_css }}">{% endif %}
+{% if config.country_flags_condensed %}<link rel="stylesheet" href="{{ config.root }}{{ config.country_flags_condensed_css }}">{% endif %}
+<script type="text/javascript">
+	var configRoot="{{ config.root }}";
+	var inMod = {% if mod %} true {% else %} false {% endif %};
+	var modRoot = "{{ config.root }}" + (inMod ? "mod.php?/" : "");
+</script>
+{% if not nojavascript %}
+	<script type="text/javascript" src="{{ config.url_javascript }}"></script>
+	{% if not config.additional_javascript_compile %}
+	{% for javascript in config.additional_javascript %}<script type="text/javascript" src="{{ config.additional_javascript_url }}{{ javascript }}"></script>{% endfor %}
+	{% endif %}
+	{% if mod %}
+	<script type="text/javascript" src="/js/mod/mod_snippets.js"></script>
+	{% endif %}
+{% endif %}
+{% if config.captcha.provider == 'recaptcha' %}<script src="//www.recaptcha.net/recaptcha/api.js"></script>
+<style type="text/css">{% verbatim %}
+	#recaptcha_area {
+		float: none !important;
+		padding: 0 !important;
+	}
+	#recaptcha_logo, #recaptcha_privacy {
+		display: none;
+	}
+	#recaptcha_table {
+		border: none !important;
+	}
+	#recaptcha_table tr:first-child {
+		height: auto;
+	}
+	.recaptchatable img {
+		float: none !important;
+	}
+	#recaptcha_response_field {
+		font-size: 10pt !important;
+		border: 1px solid #a9a9a9 !important;
+		padding: 1px !important;
+	}
+	td.recaptcha_image_cell {
+		background: transparent !important;
+	}
+	.recaptchatable, #recaptcha_area tr, #recaptcha_area td, #recaptcha_area th {
+		padding: 0 !important;
+	}
+{% endverbatim %}</style>{% endif %}
+{% if config.captcha.provider.hcaptcha %}
+<script src="https://js.hcaptcha.com/1/api.js" async defer></script>
+{% endif %}

From f7073d5d7ef6c923437ad36df0cb1b90b092d91f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 16:22:58 +0200
Subject: [PATCH 220/336] post.php: do not verify the poster IP if the captcha
 is dynamic

---
 post.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/post.php b/post.php
index f937f06c..b461c47e 100644
--- a/post.php
+++ b/post.php
@@ -661,8 +661,13 @@ if (isset($_POST['delete'])) {
 					error($config['error']['bot']);
 				}
 				$response = $_POST[$field];
+				/*
+				 * Do not query with the IP if the mode is dynamic. This config is meant for proxies and internal
+				 * loopback addresses.
+				 */
+				$ip = $dynamic ? null : $_SERVER['REMOTE_ADDR'];
 
-				$success = $query->verify($response, $_SERVER['REMOTE_ADDR']);
+				$success = $query->verify($response, $ip);
 				if (!$success) {
 					error($config['error']['captcha']);
 				}

From 165ea5308ac7400e785e8322999d316aea43ff5a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 16:33:56 +0200
Subject: [PATCH 221/336] config.php: ops, wrong name for the native captcha

---
 inc/config.php           | 6 +++---
 inc/context.php          | 6 +++---
 post.php                 | 6 +++---
 templates/post_form.html | 8 ++++----
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 89ea333a..b4fc27d8 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -352,7 +352,7 @@
 	$config['simple_spam'] = false;
 
 	$config['captcha'] = [
-		// Can be false, 'recaptcha', 'hcaptcha' or 'secureimage'.
+		// Can be false, 'recaptcha', 'hcaptcha' or 'native'.
 		'provider' => false,
 		/*
 		 * If not false, the captcha is dynamically injected on the client if the web server set the `captcha-required`
@@ -372,8 +372,8 @@
 			'sitekey' => '10000000-ffff-ffff-ffff-000000000001',
 			'secret' => '0x0000000000000000000000000000000000000000',
 		],
-		// Enable the secureimage captcha you need to change a couple of settings. Read more at: /inc/captcha/readme.md
-		'secureimage' => [
+		// To enable the native captcha you need to change a couple of settings. Read more at: /inc/captcha/readme.md
+		'native' => [
 			// Custom captcha get provider path (if not working get the absolute path aka your url).
 			'provider_get' => '../inc/captcha/entrypoint.php',
 			// Custom captcha check provider path
diff --git a/inc/context.php b/inc/context.php
index 23165377..3f8a75d6 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -76,14 +76,14 @@ function build_context(array $config): Context {
 		},
 		NativeCaptchaQuery::class => function($c) {
 			$config = $c->get('config');
-			if ($config['captcha']['provider'] !== 'secureimage') {
+			if ($config['captcha']['provider'] !== 'native') {
 				throw new RuntimeException('No native captcha service available');
 			}
 			return new NativeCaptchaQuery(
 				$c->get(HttpDriver::class),
 				$config['domain'],
-				$config['captcha']['secureimage']['provider_check'],
-				$config['captcha']['secureimage']['extra']
+				$config['captcha']['native']['provider_check'],
+				$config['captcha']['native']['extra']
 			);
 		}
 	]);
diff --git a/post.php b/post.php
index b461c47e..eafb1130 100644
--- a/post.php
+++ b/post.php
@@ -630,12 +630,12 @@ if (isset($_POST['delete'])) {
 		// Check for CAPTCHA right after opening the board so the "return" link is in there.
 		try {
 			$provider = $config['captcha']['provider'];
-			$new_thread_capt = $config['captcha']['secureimage']['new_thread_capt'];
+			$new_thread_capt = $config['captcha']['native']['new_thread_capt'];
 			$dynamic = $config['captcha']['dynamic'];
 
 			// With our custom captcha provider
-			if (($provider === 'secureimage' && !$new_thread_capt)
-				|| ($provider === 'secureimage' && $new_thread_capt && $post['op'])) {
+			if (($provider === 'native' && !$new_thread_capt)
+				|| ($provider === 'native' && $new_thread_capt && $post['op'])) {
 				$query = $context->get(NativeCaptchaQuery::class);
 				$success = $query->verify($_POST['captcha_text'], $_POST['captcha_cookie']);
 
diff --git a/templates/post_form.html b/templates/post_form.html
index 19c69cfb..038395fa 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -106,11 +106,11 @@
 				{% trans %}Verification{% endtrans %}
 			</th>
 			<td>
-				<script>load_captcha("{{ config.captcha.secureimage.provider_get }}", "{{ config.secureimage.captcha.extra }}");</script>
+				<script>load_captcha("{{ config.captcha.native.provider_get }}", "{{ config.native.captcha.extra }}");</script>
 				<noscript>
 					<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>
 					<div class="captcha_html">
-						<img src="/{{ config.captcha.secureimage.provider_get }}?mode=get&raw=1">
+						<img src="/{{ config.captcha.native.provider_get }}?mode=get&raw=1">
 					</div>
 				</noscript>
 			</td>
@@ -122,11 +122,11 @@
                                 {% trans %}Verification{% endtrans %}
                         </th>
                         <td>
-                                <script>load_captcha("{{ config.captcha.secureimage.provider_get }}", "{{ config.captcha.secureimage.extra }}");</script>
+                                <script>load_captcha("{{ config.captcha.native.provider_get }}", "{{ config.captcha.native.extra }}");</script>
 				<noscript>
 					<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>
 					<div class="captcha_html">
-						<img src="/{{ config.captcha.secureimage.provider_get }}?mode=get&raw=1">
+						<img src="/{{ config.captcha.native.provider_get }}?mode=get&raw=1">
 					</div>
 				</noscript>
                         </td>

From e640217a8fc9d7faed57aa5827de6a97c8178eeb Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 16:39:12 +0200
Subject: [PATCH 222/336] post.php: fix DI method call

---
 post.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/post.php b/post.php
index 644ff111..a80c9d8e 100644
--- a/post.php
+++ b/post.php
@@ -674,10 +674,10 @@ if (isset($_POST['delete'])) {
 				}
 			}
 		} catch (RuntimeException $e) {
-			$context->getLog()->log(Log::ERROR, "Captcha IO exception: {$e->getMessage()}");
+			$context->get(Log::class)->log(Log::ERROR, "Captcha IO exception: {$e->getMessage()}");
 			error($config['error']['remote_io_error']);
 		} catch (JsonException $e) {
-			$context->getLog()->log(Log::ERROR, "Bad JSON reply to captcha: {$e->getMessage()}");
+			$context->get(Log::class)->log(Log::ERROR, "Bad JSON reply to captcha: {$e->getMessage()}");
 			error($config['error']['remote_io_error']);
 		}
 

From 19082aec56e4ae677575d362ebb273a68b05f5b8 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 16:52:29 +0200
Subject: [PATCH 223/336] mod.php: use modern array syntax

---
 mod.php | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/mod.php b/mod.php
index 20cff8e5..f1e1245c 100644
--- a/mod.php
+++ b/mod.php
@@ -1,13 +1,13 @@
 <?php
-
 /*
  *  Copyright (c) 2010-2014 Tinyboard Development Group
  */
 
 require_once 'inc/bootstrap.php';
 
-if ($config['debug'])
+if ($config['debug']) {
 	$parse_start_time = microtime(true);
+}
 
 require_once 'inc/mod/pages.php';
 
@@ -15,7 +15,7 @@ check_login(true);
 
 $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';
 
-$pages = array(
+$pages = [
 	''					=> ':?/',			// redirect to dashboard
 	'/'					=> 'dashboard',			// dashboard
 	'/confirm/(.+)'				=> 'confirm',			// confirm action (if javascript didn't work)
@@ -109,14 +109,14 @@ $pages = array(
 			str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!'))	=> 'view_thread',
 
 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .
-			str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page50_slug'], '!'))	=> 'view_thread50',
+			str_replace([ '%d','%s' ], [ '(\d+)', '[a-z0-9-]+' ], preg_quote($config['file_page50_slug'], '!'))	=> 'view_thread50',
 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .
-			str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page_slug'], '!'))	=> 'view_thread',
-);
+			str_replace([ '%d','%s' ], [ '(\d+)', '[a-z0-9-]+' ], preg_quote($config['file_page_slug'], '!'))	=> 'view_thread',
+];
 
 
 if (!$mod) {
-	$pages = array('!^(.+)?$!' => 'login');
+	$pages = [ '!^(.+)?$!' => 'login' ];
 } elseif (isset($_GET['status'], $_GET['r'])) {
 	header('Location: ' . $_GET['r'], true, (int)$_GET['status']);
 	exit;
@@ -126,10 +126,11 @@ if (isset($config['mod']['custom_pages'])) {
 	$pages = array_merge($pages, $config['mod']['custom_pages']);
 }
 
-$new_pages = array();
+$new_pages = [];
 foreach ($pages as $key => $callback) {
-	if (is_string($callback) && preg_match('/^secure /', $callback))
+	if (is_string($callback) && preg_match('/^secure /', $callback)) {
 		$key .= '(/(?P<token>[a-f0-9]{8}))?';
+	}
 	$key = str_replace('\%b', '?P<board>' . sprintf(substr($config['board_path'], 0, -1), $config['board_regex']), $key);
 	$new_pages[(!empty($key) and $key[0] == '!') ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;
 }
@@ -172,11 +173,11 @@ foreach ($pages as $uri => $handler) {
 		}
 
 		if ($config['debug']) {
-			$debug['mod_page'] = array(
+			$debug['mod_page'] = [
 				'req' => $query,
 				'match' => $uri,
 				'handler' => $handler,
-			);
+			];
 			$debug['time']['parse_mod_req'] = '~' . round((microtime(true) - $parse_start_time) * 1000, 2) . 'ms';
 		}
 
@@ -204,4 +205,3 @@ foreach ($pages as $uri => $handler) {
 }
 
 error($config['error']['404']);
-

From 524ae9462411e39140bc5463631fc03eb964cc3a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 17:05:43 +0200
Subject: [PATCH 224/336] mod.php: pass the context to the mod pages

---
 inc/mod/pages.php | 156 +++++++++++++++++++++++-----------------------
 mod.php           |   4 +-
 2 files changed, 80 insertions(+), 80 deletions(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 46e8fc7e..bd5c7c1b 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -1,8 +1,8 @@
 <?php
-
 /*
  *  Copyright (c) 2010-2013 Tinyboard Development Group
  */
+use Vichan\Context;
 use Vichan\Functions\Format;
 
 use Vichan\Functions\Net;
@@ -30,7 +30,7 @@ function mod_page($title, $template, $args, $subtitle = false) {
 	);
 }
 
-function mod_login($redirect = false) {
+function mod_login(Context $ctx, $redirect = false) {
 	global $config;
 
 	$args = [];
@@ -67,19 +67,19 @@ function mod_login($redirect = false) {
 	mod_page(_('Login'), $config['file_mod_login'], $args);
 }
 
-function mod_confirm($request) {
+function mod_confirm(Context $ctx, $request) {
 	global $config;
 	mod_page(_('Confirm action'), $config['file_mod_confim'], array('request' => $request, 'token' => make_secure_link_token($request)));
 }
 
-function mod_logout() {
+function mod_logout(Context $ctx) {
 	global $config;
 	destroyCookies();
 
 	header('Location: ?/', true, $config['redirect_http']);
 }
 
-function mod_dashboard() {
+function mod_dashboard(Context $ctx) {
 	global $config, $mod;
 
 	$args = array();
@@ -173,7 +173,7 @@ function mod_dashboard() {
 	mod_page(_('Dashboard'), $config['file_mod_dashboard'], $args);
 }
 
-function mod_search_redirect() {
+function mod_search_redirect(Context $ctx) {
 	global $config;
 
 	if (!hasPermission($config['mod']['search']))
@@ -196,7 +196,7 @@ function mod_search_redirect() {
 	}
 }
 
-function mod_search($type, $search_query_escaped, $page_no = 1) {
+function mod_search(Context $ctx, $type, $search_query_escaped, $page_no = 1) {
 	global $pdo, $config;
 
 	if (!hasPermission($config['mod']['search']))
@@ -351,7 +351,7 @@ function mod_search($type, $search_query_escaped, $page_no = 1) {
 	));
 }
 
-function mod_edit_board($boardName) {
+function mod_edit_board(Context $ctx, $boardName) {
 	global $board, $config;
 
 	if (!openBoard($boardName))
@@ -453,7 +453,7 @@ function mod_edit_board($boardName) {
 	}
 }
 
-function mod_new_board() {
+function mod_new_board(Context $ctx) {
 	global $config, $board;
 
 	if (!hasPermission($config['mod']['newboard']))
@@ -522,7 +522,7 @@ function mod_new_board() {
 	mod_page(_('New board'), $config['file_mod_board'], array('new' => true, 'token' => make_secure_link_token('new-board')));
 }
 
-function mod_noticeboard($page_no = 1) {
+function mod_noticeboard(Context $ctx, $page_no = 1) {
 	global $config, $pdo, $mod;
 
 	if ($page_no < 1)
@@ -577,7 +577,7 @@ function mod_noticeboard($page_no = 1) {
 	));
 }
 
-function mod_noticeboard_delete($id) {
+function mod_noticeboard_delete(Context $ctx, $id) {
 	global $config;
 
 	if (!hasPermission($config['mod']['noticeboard_delete']))
@@ -595,7 +595,7 @@ function mod_noticeboard_delete($id) {
 	header('Location: ?/noticeboard', true, $config['redirect_http']);
 }
 
-function mod_news($page_no = 1) {
+function mod_news(Context $ctx, $page_no = 1) {
 	global $config, $pdo, $mod;
 
 	if ($page_no < 1)
@@ -642,7 +642,7 @@ function mod_news($page_no = 1) {
 	mod_page(_('News'), $config['file_mod_news'], array('news' => $news, 'count' => $count, 'token' => make_secure_link_token('edit_news')));
 }
 
-function mod_news_delete($id) {
+function mod_news_delete(Context $ctx, $id) {
 	global $config;
 
 	if (!hasPermission($config['mod']['news_delete']))
@@ -657,7 +657,7 @@ function mod_news_delete($id) {
 	header('Location: ?/edit_news', true, $config['redirect_http']);
 }
 
-function mod_log($page_no = 1) {
+function mod_log(Context $ctx, $page_no = 1) {
 	global $config;
 
 	if ($page_no < 1)
@@ -682,7 +682,7 @@ function mod_log($page_no = 1) {
 	mod_page(_('Moderation log'), $config['file_mod_log'], array('logs' => $logs, 'count' => $count));
 }
 
-function mod_user_log($username, $page_no = 1) {
+function mod_user_log(Context $ctx, $username, $page_no = 1) {
 	global $config;
 
 	if ($page_no < 1)
@@ -709,7 +709,7 @@ function mod_user_log($username, $page_no = 1) {
 	mod_page(_('Moderation log'), $config['file_mod_log'], array('logs' => $logs, 'count' => $count, 'username' => $username));
 }
 
-function mod_board_log($board, $page_no = 1, $hide_names = false, $public = false) {
+function mod_board_log(Context $ctx, $board, $page_no = 1, $hide_names = false, $public = false) {
 	global $config;
 
 	if ($page_no < 1)
@@ -745,8 +745,8 @@ function mod_board_log($board, $page_no = 1, $hide_names = false, $public = fals
 	mod_page(_('Board log'), $config['file_mod_log'], array('logs' => $logs, 'count' => $count, 'board' => $board, 'hide_names' => $hide_names, 'public' => $public));
 }
 
-function mod_view_catalog($boardName) {
-	global $config, $mod;
+function mod_view_catalog(Context $ctx, $boardName) {
+	global $config;
 	require_once($config['dir']['themes'].'/catalog/theme.php');
 	$settings = array();
 	$settings['boards'] = $boardName;
@@ -757,7 +757,7 @@ function mod_view_catalog($boardName) {
 	echo $catalog->build($settings, $boardName, true);
 }
 
-function mod_view_board($boardName, $page_no = 1) {
+function mod_view_board(Context $ctx, $boardName, $page_no = 1) {
 	global $config, $mod;
 
 	if (!openBoard($boardName))
@@ -776,7 +776,7 @@ function mod_view_board($boardName, $page_no = 1) {
 	echo Element($config['file_board_index'], $page);
 }
 
-function mod_view_thread($boardName, $thread) {
+function mod_view_thread(Context $ctx, $boardName, $thread) {
 	global $config, $mod;
 
 	if (!openBoard($boardName))
@@ -786,7 +786,7 @@ function mod_view_thread($boardName, $thread) {
 	echo $page;
 }
 
-function mod_view_thread50($boardName, $thread) {
+function mod_view_thread50(Context $ctx, $boardName, $thread) {
 	global $config, $mod;
 
 	if (!openBoard($boardName))
@@ -796,7 +796,7 @@ function mod_view_thread50($boardName, $thread) {
 	echo $page;
 }
 
-function mod_ip_remove_note($cloaked_ip, $id) {
+function mod_ip_remove_note(Context $ctx, $cloaked_ip, $id) {
 	$ip = uncloak_ip($cloaked_ip);
 	global $config, $mod;
 
@@ -818,7 +818,7 @@ function mod_ip_remove_note($cloaked_ip, $id) {
 
 
 
-function mod_ip($cip) {
+function mod_ip(Context $ctx, $cip) {
 	$ip = uncloak_ip($cip);
 	global $config, $mod;
 
@@ -921,8 +921,8 @@ function mod_ip($cip) {
 	mod_page(sprintf('%s: %s', _('IP'), htmlspecialchars($cip)), $config['file_mod_view_ip'], $args, $args['hostname']);
 }
 
-function mod_edit_ban($ban_id) {
-	global $mod, $config;
+function mod_edit_ban(Context $ctx, $ban_id) {
+	global $config;
 
 	if (!hasPermission($config['mod']['edit_ban']))
 		error($config['error']['noaccess']);
@@ -971,8 +971,7 @@ function mod_edit_ban($ban_id) {
 
 }
 
-
-function mod_ban() {
+function mod_ban(Context $ctx) {
 	global $config;
 
 	if (!hasPermission($config['mod']['ban']))
@@ -991,9 +990,8 @@ function mod_ban() {
 		header('Location: ?/', true, $config['redirect_http']);
 }
 
-function mod_bans() {
-	global $config;
-	global $mod;
+function mod_bans(Context $ctx) {
+	global $config, $mod;
 
 	if (!hasPermission($config['mod']['view_banlist']))
 		error($config['error']['noaccess']);
@@ -1026,11 +1024,11 @@ function mod_bans() {
 	));
 }
 
-function mod_bans_json() {
-        global $config, $mod;
+function mod_bans_json(Context $ctx) {
+	global $config, $mod;
 
-        if (!hasPermission($config['mod']['ban']))
-                error($config['error']['noaccess']);
+	if (!hasPermission($config['mod']['ban']))
+		error($config['error']['noaccess']);
 
 	// Compress the json for faster loads
 	if (substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) ob_start("ob_gzhandler");
@@ -1038,7 +1036,7 @@ function mod_bans_json() {
 	Bans::stream_json(false, false, !hasPermission($config['mod']['view_banstaff']), $mod['boards']);
 }
 
-function mod_ban_appeals() {
+function mod_ban_appeals(Context $ctx) {
 	global $config, $board;
 
 	if (!hasPermission($config['mod']['view_ban_appeals']))
@@ -1114,7 +1112,7 @@ function mod_ban_appeals() {
 	));
 }
 
-function mod_lock($board, $unlock, $post) {
+function mod_lock(Context $ctx, $board, $unlock, $post) {
 	global $config;
 
 	if (!openBoard($board))
@@ -1148,7 +1146,7 @@ function mod_lock($board, $unlock, $post) {
 		event('lock', $post);
 }
 
-function mod_sticky($board, $unsticky, $post) {
+function mod_sticky(Context $ctx, $board, $unsticky, $post) {
 	global $config;
 
 	if (!openBoard($board))
@@ -1170,7 +1168,7 @@ function mod_sticky($board, $unsticky, $post) {
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
 }
 
-function mod_cycle($board, $uncycle, $post) {
+function mod_cycle(Context $ctx, $board, $uncycle, $post) {
 	global $config;
 
 	if (!openBoard($board))
@@ -1192,7 +1190,7 @@ function mod_cycle($board, $uncycle, $post) {
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
 }
 
-function mod_bumplock($board, $unbumplock, $post) {
+function mod_bumplock(Context $ctx, $board, $unbumplock, $post) {
 	global $config;
 
 	if (!openBoard($board))
@@ -1214,8 +1212,8 @@ function mod_bumplock($board, $unbumplock, $post) {
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
 }
 
-function mod_move_reply($originBoard, $postID) {
-	global $board, $config, $mod;
+function mod_move_reply(Context $ctx, $originBoard, $postID) {
+	global $board, $config;
 
 	if (!openBoard($originBoard))
 		error($config['error']['noboard']);
@@ -1316,8 +1314,8 @@ function mod_move_reply($originBoard, $postID) {
 
 }
 
-function mod_move($originBoard, $postID) {
-	global $board, $config, $mod, $pdo;
+function mod_move(Context $ctx, $originBoard, $postID) {
+	global $board, $config, $pdo;
 
 	if (!openBoard($originBoard))
 		error($config['error']['noboard']);
@@ -1526,7 +1524,7 @@ function mod_move($originBoard, $postID) {
 	mod_page(_('Move thread'), $config['file_mod_move'], array('post' => $postID, 'board' => $originBoard, 'boards' => $boards, 'token' => $security_token));
 }
 
-function mod_ban_post($board, $delete, $post, $token = false) {
+function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) {
 	global $config, $mod;
 
 	if (!openBoard($board))
@@ -1596,8 +1594,8 @@ function mod_ban_post($board, $delete, $post, $token = false) {
 	mod_page(_('New ban'), $config['file_mod_ban_form'], $args);
 }
 
-function mod_edit_post($board, $edit_raw_html, $postID) {
-	global $config, $mod;
+function mod_edit_post(Context $ctx, $board, $edit_raw_html, $postID) {
+	global $config;
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1673,8 +1671,8 @@ function mod_edit_post($board, $edit_raw_html, $postID) {
 	}
 }
 
-function mod_delete($board, $post) {
-	global $config, $mod;
+function mod_delete(Context $ctx, $board, $post) {
+	global $config;
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1694,8 +1692,8 @@ function mod_delete($board, $post) {
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
 }
 
-function mod_deletefile($board, $post, $file) {
-	global $config, $mod;
+function mod_deletefile(Context $ctx, $board, $post, $file) {
+	global $config;
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1717,8 +1715,8 @@ function mod_deletefile($board, $post, $file) {
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
 }
 
-function mod_spoiler_image($board, $post, $file) {
-	global $config, $mod;
+function mod_spoiler_image(Context $ctx, $board, $post, $file) {
+	global $config;
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1762,8 +1760,8 @@ function mod_spoiler_image($board, $post, $file) {
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
 }
 
-function mod_deletebyip($boardName, $post, $global = false) {
-	global $config, $mod, $board;
+function mod_deletebyip(Context $ctx, $boardName, $post, $global = false) {
+	global $config, $board;
 
 	$global = (bool)$global;
 
@@ -1838,7 +1836,7 @@ function mod_deletebyip($boardName, $post, $global = false) {
 	header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
 }
 
-function mod_user($uid) {
+function mod_user(Context $ctx, $uid) {
 	global $config, $mod;
 
 	if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id']))
@@ -1963,7 +1961,7 @@ function mod_user($uid) {
 	));
 }
 
-function mod_user_new() {
+function mod_user_new(Context $ctx) {
 	global $pdo, $config;
 
 	if (!hasPermission($config['mod']['createusers']))
@@ -2016,7 +2014,7 @@ function mod_user_new() {
 }
 
 
-function mod_users() {
+function mod_users(Context $ctx) {
 	global $config;
 
 	if (!hasPermission($config['mod']['manageusers']))
@@ -2037,7 +2035,7 @@ function mod_users() {
 	mod_page(sprintf('%s (%d)', _('Manage users'), count($users)), $config['file_mod_users'], array('users' => $users));
 }
 
-function mod_user_promote($uid, $action) {
+function mod_user_promote(Context $ctx, $uid, $action) {
 	global $config;
 
 	if (!hasPermission($config['mod']['promoteusers']))
@@ -2080,7 +2078,7 @@ function mod_user_promote($uid, $action) {
 	header('Location: ?/users', true, $config['redirect_http']);
 }
 
-function mod_pm($id, $reply = false) {
+function mod_pm(Context $ctx, $id, $reply = false) {
 	global $mod, $config;
 
 	if ($reply && !hasPermission($config['mod']['create_pm']))
@@ -2135,7 +2133,7 @@ function mod_pm($id, $reply = false) {
 	}
 }
 
-function mod_inbox() {
+function mod_inbox(Context $ctx) {
 	global $config, $mod;
 
 	$query = prepare('SELECT `unread`,``pms``.`id`, `time`, `sender`, `to`, `message`, `username` FROM ``pms`` LEFT JOIN ``mods`` ON ``mods``.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC');
@@ -2159,7 +2157,7 @@ function mod_inbox() {
 }
 
 
-function mod_new_pm($username) {
+function mod_new_pm(Context $ctx, $username) {
 	global $config, $mod;
 
 	if (!hasPermission($config['mod']['create_pm']))
@@ -2207,7 +2205,7 @@ function mod_new_pm($username) {
 	));
 }
 
-function mod_rebuild() {
+function mod_rebuild(Context $ctx) {
 	global $config, $twig;
 
 	if (!hasPermission($config['mod']['rebuild']))
@@ -2279,7 +2277,7 @@ function mod_rebuild() {
 	));
 }
 
-function mod_reports() {
+function mod_reports(Context $ctx) {
 	global $config, $mod;
 
 	if (!hasPermission($config['mod']['reports']))
@@ -2362,7 +2360,7 @@ function mod_reports() {
 	mod_page(sprintf('%s (%d)', _('Report queue'), $count), $config['file_mod_reports'], array('reports' => $body, 'count' => $count));
 }
 
-function mod_report_dismiss($id, $action) {
+function mod_report_dismiss(Context $ctx, $id, $action) {
 	global $config;
 
 	$query = prepare("SELECT `post`, `board`, `ip` FROM ``reports`` WHERE `id` = :id");
@@ -2408,7 +2406,7 @@ function mod_report_dismiss($id, $action) {
 	header('Location: ?/reports', true, $config['redirect_http']);
 }
 
-function mod_recent_posts($lim) {
+function mod_recent_posts(Context $ctx, $lim) {
 	global $config, $mod, $pdo;
 
 	if (!hasPermission($config['mod']['recent']))
@@ -2464,7 +2462,7 @@ function mod_recent_posts($lim) {
 
 }
 
-function mod_config($board_config = false) {
+function mod_config(Context $ctx, $board_config = false) {
 	global $config, $mod, $board;
 
 	if ($board_config && !openBoard($board_config))
@@ -2604,7 +2602,7 @@ function mod_config($board_config = false) {
 	));
 }
 
-function mod_themes_list() {
+function mod_themes_list(Context $ctx) {
 	global $config;
 
 	if (!hasPermission($config['mod']['themes']))
@@ -2638,7 +2636,7 @@ function mod_themes_list() {
 	));
 }
 
-function mod_theme_configure($theme_name) {
+function mod_theme_configure(Context $ctx, $theme_name) {
 	global $config;
 
 	if (!hasPermission($config['mod']['themes']))
@@ -2720,7 +2718,7 @@ function mod_theme_configure($theme_name) {
 	));
 }
 
-function mod_theme_uninstall($theme_name) {
+function mod_theme_uninstall(Context $ctx, $theme_name) {
 	global $config;
 
 	if (!hasPermission($config['mod']['themes']))
@@ -2737,7 +2735,7 @@ function mod_theme_uninstall($theme_name) {
 	header('Location: ?/themes', true, $config['redirect_http']);
 }
 
-function mod_theme_rebuild($theme_name) {
+function mod_theme_rebuild(Context $ctx, $theme_name) {
 	global $config;
 
 	if (!hasPermission($config['mod']['themes']))
@@ -2778,15 +2776,15 @@ function delete_page_base($page = '', $board = false) {
 	header('Location: ?/edit_pages' . ($board ? ('/' . $board) : ''), true, $config['redirect_http']);
 }
 
-function mod_delete_page($page = '') {
-	delete_page_base($page);
+function mod_delete_page(Context $ctx, $page = '') {
+	delete_page_base($ctx, $page);
 }
 
-function mod_delete_page_board($page = '', $board = false) {
-	delete_page_base($page, $board);
+function mod_delete_page_board(Context $ctx, $page = '', $board = false) {
+	delete_page_base($ctx, $page, $board);
 }
 
-function mod_edit_page($id) {
+function mod_edit_page(Context $ctx, $id) {
 	global $config, $mod, $board;
 
 	$query = prepare('SELECT * FROM ``pages`` WHERE `id` = :id');
@@ -2857,7 +2855,7 @@ function mod_edit_page($id) {
 	mod_page(sprintf(_('Editing static page: %s'), $page['name']), $config['file_mod_edit_page'], array('page' => $page, 'token' => make_secure_link_token("edit_page/$id"), 'content' => prettify_textarea($content), 'board' => $board));
 }
 
-function mod_pages($board = false) {
+function mod_pages(Context $ctx, $board = false) {
 	global $config, $mod, $pdo;
 
 	if (empty($board))
@@ -2911,7 +2909,7 @@ function mod_pages($board = false) {
 	mod_page(_('Pages'), $config['file_mod_pages'], array('pages' => $pages, 'token' => make_secure_link_token('edit_pages' . ($board ? ('/' . $board) : '')), 'board' => $board));
 }
 
-function mod_debug_antispam() {
+function mod_debug_antispam(Context $ctx) {
 	global $pdo, $config;
 
 	$args = array();
@@ -2948,7 +2946,7 @@ function mod_debug_antispam() {
 	mod_page(_('Debug: Anti-spam'), $config['file_mod_debug_antispam'], $args);
 }
 
-function mod_debug_recent_posts() {
+function mod_debug_recent_posts(Context $ctx) {
 	global $pdo, $config;
 
 	$limit = 500;
@@ -2982,7 +2980,7 @@ function mod_debug_recent_posts() {
 	mod_page(_('Debug: Recent posts'), $config['file_mod_debug_recent_posts'], array('posts' => $posts, 'flood_posts' => $flood_posts));
 }
 
-function mod_debug_sql() {
+function mod_debug_sql(Context $ctx) {
 	global $config;
 
 	if (!hasPermission($config['mod']['debug_sql']))
diff --git a/mod.php b/mod.php
index f1e1245c..474210cd 100644
--- a/mod.php
+++ b/mod.php
@@ -136,9 +136,11 @@ foreach ($pages as $key => $callback) {
 }
 $pages = $new_pages;
 
+$ctx = Vichan\build_context($config);
+
 foreach ($pages as $uri => $handler) {
 	if (preg_match($uri, $query, $matches)) {
-		$matches = array_slice($matches, 1);
+		$matches[0] = $ctx; // Replace the text captured by the full pattern with a reference to the context.
 
 		if (isset($matches['board'])) {
 			$board_match = $matches['board'];

From b64bac5eb8ea65f8043855566068391e88557c4e Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 17:12:14 +0200
Subject: [PATCH 225/336] pages.php: use the context to access the
 configuration array

---
 inc/mod/pages.php | 125 +++++++++++++++++++++++++++-------------------
 1 file changed, 73 insertions(+), 52 deletions(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index bd5c7c1b..0793ccb4 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -31,7 +31,7 @@ function mod_page($title, $template, $args, $subtitle = false) {
 }
 
 function mod_login(Context $ctx, $redirect = false) {
-	global $config;
+	$config = $ctx->get('config');
 
 	$args = [];
 
@@ -68,19 +68,20 @@ function mod_login(Context $ctx, $redirect = false) {
 }
 
 function mod_confirm(Context $ctx, $request) {
-	global $config;
+	$config = $ctx->get('config');
 	mod_page(_('Confirm action'), $config['file_mod_confim'], array('request' => $request, 'token' => make_secure_link_token($request)));
 }
 
 function mod_logout(Context $ctx) {
-	global $config;
+	$config = $ctx->get('config');
 	destroyCookies();
 
 	header('Location: ?/', true, $config['redirect_http']);
 }
 
 function mod_dashboard(Context $ctx) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	$args = array();
 
@@ -174,7 +175,7 @@ function mod_dashboard(Context $ctx) {
 }
 
 function mod_search_redirect(Context $ctx) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['search']))
 		error($config['error']['noaccess']);
@@ -454,7 +455,8 @@ function mod_edit_board(Context $ctx, $boardName) {
 }
 
 function mod_new_board(Context $ctx) {
-	global $config, $board;
+	global $board;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['newboard']))
 		error($config['error']['noaccess']);
@@ -523,7 +525,8 @@ function mod_new_board(Context $ctx) {
 }
 
 function mod_noticeboard(Context $ctx, $page_no = 1) {
-	global $config, $pdo, $mod;
+	global $pdo, $mod;
+	$config = $ctx->get('config');
 
 	if ($page_no < 1)
 		error($config['error']['404']);
@@ -578,7 +581,7 @@ function mod_noticeboard(Context $ctx, $page_no = 1) {
 }
 
 function mod_noticeboard_delete(Context $ctx, $id) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['noticeboard_delete']))
 			error($config['error']['noaccess']);
@@ -596,7 +599,8 @@ function mod_noticeboard_delete(Context $ctx, $id) {
 }
 
 function mod_news(Context $ctx, $page_no = 1) {
-	global $config, $pdo, $mod;
+	global $pdo, $mod;
+	$config = $ctx->get('config');
 
 	if ($page_no < 1)
 		error($config['error']['404']);
@@ -643,7 +647,7 @@ function mod_news(Context $ctx, $page_no = 1) {
 }
 
 function mod_news_delete(Context $ctx, $id) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['news_delete']))
 			error($config['error']['noaccess']);
@@ -658,7 +662,7 @@ function mod_news_delete(Context $ctx, $id) {
 }
 
 function mod_log(Context $ctx, $page_no = 1) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if ($page_no < 1)
 		error($config['error']['404']);
@@ -683,7 +687,7 @@ function mod_log(Context $ctx, $page_no = 1) {
 }
 
 function mod_user_log(Context $ctx, $username, $page_no = 1) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if ($page_no < 1)
 		error($config['error']['404']);
@@ -710,7 +714,7 @@ function mod_user_log(Context $ctx, $username, $page_no = 1) {
 }
 
 function mod_board_log(Context $ctx, $board, $page_no = 1, $hide_names = false, $public = false) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if ($page_no < 1)
 		error($config['error']['404']);
@@ -746,7 +750,7 @@ function mod_board_log(Context $ctx, $board, $page_no = 1, $hide_names = false,
 }
 
 function mod_view_catalog(Context $ctx, $boardName) {
-	global $config;
+	$config = $ctx->get('config');
 	require_once($config['dir']['themes'].'/catalog/theme.php');
 	$settings = array();
 	$settings['boards'] = $boardName;
@@ -758,7 +762,8 @@ function mod_view_catalog(Context $ctx, $boardName) {
 }
 
 function mod_view_board(Context $ctx, $boardName, $page_no = 1) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	if (!openBoard($boardName))
 		error($config['error']['noboard']);
@@ -777,7 +782,8 @@ function mod_view_board(Context $ctx, $boardName, $page_no = 1) {
 }
 
 function mod_view_thread(Context $ctx, $boardName, $thread) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	if (!openBoard($boardName))
 		error($config['error']['noboard']);
@@ -787,7 +793,8 @@ function mod_view_thread(Context $ctx, $boardName, $thread) {
 }
 
 function mod_view_thread50(Context $ctx, $boardName, $thread) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	if (!openBoard($boardName))
 		error($config['error']['noboard']);
@@ -798,10 +805,10 @@ function mod_view_thread50(Context $ctx, $boardName, $thread) {
 
 function mod_ip_remove_note(Context $ctx, $cloaked_ip, $id) {
 	$ip = uncloak_ip($cloaked_ip);
-	global $config, $mod;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['remove_notes']))
-			error($config['error']['noaccess']);
+		error($config['error']['noaccess']);
 
 	if (filter_var($ip, FILTER_VALIDATE_IP) === false)
 		error("Invalid IP address.");
@@ -820,7 +827,8 @@ function mod_ip_remove_note(Context $ctx, $cloaked_ip, $id) {
 
 function mod_ip(Context $ctx, $cip) {
 	$ip = uncloak_ip($cip);
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	if (filter_var($ip, FILTER_VALIDATE_IP) === false)
 		error("Invalid IP address.");
@@ -922,7 +930,7 @@ function mod_ip(Context $ctx, $cip) {
 }
 
 function mod_edit_ban(Context $ctx, $ban_id) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['edit_ban']))
 		error($config['error']['noaccess']);
@@ -972,7 +980,7 @@ function mod_edit_ban(Context $ctx, $ban_id) {
 }
 
 function mod_ban(Context $ctx) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['ban']))
 		error($config['error']['noaccess']);
@@ -991,7 +999,8 @@ function mod_ban(Context $ctx) {
 }
 
 function mod_bans(Context $ctx) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['view_banlist']))
 		error($config['error']['noaccess']);
@@ -1025,7 +1034,8 @@ function mod_bans(Context $ctx) {
 }
 
 function mod_bans_json(Context $ctx) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['ban']))
 		error($config['error']['noaccess']);
@@ -1037,7 +1047,8 @@ function mod_bans_json(Context $ctx) {
 }
 
 function mod_ban_appeals(Context $ctx) {
-	global $config, $board;
+	global $board;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['view_ban_appeals']))
 		error($config['error']['noaccess']);
@@ -1113,7 +1124,7 @@ function mod_ban_appeals(Context $ctx) {
 }
 
 function mod_lock(Context $ctx, $board, $unlock, $post) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1147,7 +1158,7 @@ function mod_lock(Context $ctx, $board, $unlock, $post) {
 }
 
 function mod_sticky(Context $ctx, $board, $unsticky, $post) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1169,7 +1180,7 @@ function mod_sticky(Context $ctx, $board, $unsticky, $post) {
 }
 
 function mod_cycle(Context $ctx, $board, $uncycle, $post) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1191,7 +1202,7 @@ function mod_cycle(Context $ctx, $board, $uncycle, $post) {
 }
 
 function mod_bumplock(Context $ctx, $board, $unbumplock, $post) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1525,7 +1536,7 @@ function mod_move(Context $ctx, $originBoard, $postID) {
 }
 
 function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) {
-	global $config, $mod;
+	$config = $ctx->get('config');
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1595,7 +1606,7 @@ function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) {
 }
 
 function mod_edit_post(Context $ctx, $board, $edit_raw_html, $postID) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1672,7 +1683,7 @@ function mod_edit_post(Context $ctx, $board, $edit_raw_html, $postID) {
 }
 
 function mod_delete(Context $ctx, $board, $post) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1693,7 +1704,7 @@ function mod_delete(Context $ctx, $board, $post) {
 }
 
 function mod_deletefile(Context $ctx, $board, $post, $file) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1716,7 +1727,7 @@ function mod_deletefile(Context $ctx, $board, $post, $file) {
 }
 
 function mod_spoiler_image(Context $ctx, $board, $post, $file) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!openBoard($board))
 		error($config['error']['noboard']);
@@ -1761,7 +1772,8 @@ function mod_spoiler_image(Context $ctx, $board, $post, $file) {
 }
 
 function mod_deletebyip(Context $ctx, $boardName, $post, $global = false) {
-	global $config, $board;
+	global $board;
+	$config = $ctx->get('config');
 
 	$global = (bool)$global;
 
@@ -1837,7 +1849,8 @@ function mod_deletebyip(Context $ctx, $boardName, $post, $global = false) {
 }
 
 function mod_user(Context $ctx, $uid) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['editusers']) && !(hasPermission($config['mod']['change_password']) && $uid == $mod['id']))
 		error($config['error']['noaccess']);
@@ -2015,7 +2028,7 @@ function mod_user_new(Context $ctx) {
 
 
 function mod_users(Context $ctx) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['manageusers']))
 		error($config['error']['noaccess']);
@@ -2036,7 +2049,7 @@ function mod_users(Context $ctx) {
 }
 
 function mod_user_promote(Context $ctx, $uid, $action) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['promoteusers']))
 		error($config['error']['noaccess']);
@@ -2134,7 +2147,8 @@ function mod_pm(Context $ctx, $id, $reply = false) {
 }
 
 function mod_inbox(Context $ctx) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	$query = prepare('SELECT `unread`,``pms``.`id`, `time`, `sender`, `to`, `message`, `username` FROM ``pms`` LEFT JOIN ``mods`` ON ``mods``.`id` = `sender` WHERE `to` = :mod ORDER BY `unread` DESC, `time` DESC');
 	$query->bindValue(':mod', $mod['id']);
@@ -2158,7 +2172,8 @@ function mod_inbox(Context $ctx) {
 
 
 function mod_new_pm(Context $ctx, $username) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['create_pm']))
 		error($config['error']['noaccess']);
@@ -2206,7 +2221,8 @@ function mod_new_pm(Context $ctx, $username) {
 }
 
 function mod_rebuild(Context $ctx) {
-	global $config, $twig;
+	global $twig;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['rebuild']))
 		error($config['error']['noaccess']);
@@ -2278,7 +2294,8 @@ function mod_rebuild(Context $ctx) {
 }
 
 function mod_reports(Context $ctx) {
-	global $config, $mod;
+	global $mod;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['reports']))
 		error($config['error']['noaccess']);
@@ -2361,7 +2378,7 @@ function mod_reports(Context $ctx) {
 }
 
 function mod_report_dismiss(Context $ctx, $id, $action) {
-	global $config;
+	$config = $ctx->get('config');
 
 	$query = prepare("SELECT `post`, `board`, `ip` FROM ``reports`` WHERE `id` = :id");
 	$query->bindValue(':id', $id);
@@ -2407,7 +2424,8 @@ function mod_report_dismiss(Context $ctx, $id, $action) {
 }
 
 function mod_recent_posts(Context $ctx, $lim) {
-	global $config, $mod, $pdo;
+	global $mod, $pdo;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['recent']))
 		error($config['error']['noaccess']);
@@ -2463,7 +2481,8 @@ function mod_recent_posts(Context $ctx, $lim) {
 }
 
 function mod_config(Context $ctx, $board_config = false) {
-	global $config, $mod, $board;
+	global $mod, $board;
+	$config = $ctx->get('config');
 
 	if ($board_config && !openBoard($board_config))
 		error($config['error']['noboard']);
@@ -2603,7 +2622,7 @@ function mod_config(Context $ctx, $board_config = false) {
 }
 
 function mod_themes_list(Context $ctx) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['themes']))
 		error($config['error']['noaccess']);
@@ -2637,7 +2656,7 @@ function mod_themes_list(Context $ctx) {
 }
 
 function mod_theme_configure(Context $ctx, $theme_name) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['themes']))
 		error($config['error']['noaccess']);
@@ -2719,7 +2738,7 @@ function mod_theme_configure(Context $ctx, $theme_name) {
 }
 
 function mod_theme_uninstall(Context $ctx, $theme_name) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['themes']))
 		error($config['error']['noaccess']);
@@ -2736,7 +2755,7 @@ function mod_theme_uninstall(Context $ctx, $theme_name) {
 }
 
 function mod_theme_rebuild(Context $ctx, $theme_name) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['themes']))
 		error($config['error']['noaccess']);
@@ -2785,7 +2804,8 @@ function mod_delete_page_board(Context $ctx, $page = '', $board = false) {
 }
 
 function mod_edit_page(Context $ctx, $id) {
-	global $config, $mod, $board;
+	global $mod, $board;
+	$config = $ctx->get('config');
 
 	$query = prepare('SELECT * FROM ``pages`` WHERE `id` = :id');
 	$query->bindValue(':id', $id);
@@ -2856,7 +2876,8 @@ function mod_edit_page(Context $ctx, $id) {
 }
 
 function mod_pages(Context $ctx, $board = false) {
-	global $config, $mod, $pdo;
+	global $mod, $pdo;
+	$config = $ctx->get('config');
 
 	if (empty($board))
 		$board = false;
@@ -2981,7 +3002,7 @@ function mod_debug_recent_posts(Context $ctx) {
 }
 
 function mod_debug_sql(Context $ctx) {
-	global $config;
+	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['debug_sql']))
 		error($config['error']['noaccess']);

From 81aebef2f4c89dbc7351e2434888a210df7a6623 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 15 Aug 2024 17:21:41 +0200
Subject: [PATCH 226/336] pages.php: use modern array syntax for new empty
 arrays

---
 inc/mod/pages.php | 56 +++++++++++++++++++++++------------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 0793ccb4..95183246 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -83,7 +83,7 @@ function mod_dashboard(Context $ctx) {
 	global $mod;
 	$config = $ctx->get('config');
 
-	$args = array();
+	$args = [];
 
 	$args['boards'] = listBoards();
 
@@ -223,7 +223,7 @@ function mod_search(Context $ctx, $type, $search_query_escaped, $page_no = 1) {
 	$query = str_replace('`', '!`', $query);
 
 	// Array of phrases to match
-	$match = array();
+	$match = [];
 
 	// Exact phrases ("like this")
 	if (preg_match_all('/"(.+?)"/', $query, $exact_phrases)) {
@@ -752,7 +752,7 @@ function mod_board_log(Context $ctx, $board, $page_no = 1, $hide_names = false,
 function mod_view_catalog(Context $ctx, $boardName) {
 	$config = $ctx->get('config');
 	require_once($config['dir']['themes'].'/catalog/theme.php');
-	$settings = array();
+	$settings = [];
 	$settings['boards'] = $boardName;
 	$settings['update_on_posts'] = true;
 	$settings['title'] = 'Catalog';
@@ -871,9 +871,9 @@ function mod_ip(Context $ctx, $cip) {
 	}
 
 
-	$args = array();
+	$args = [];
 	$args['ip'] = $ip;
-	$args['posts'] = array();
+	$args['posts'] = [];
 
 	if ($config['mod']['dns_lookup'] && empty($config['ipcrypt_key']))
 		$args['hostname'] = rDNS($ip);
@@ -896,7 +896,7 @@ function mod_ip(Context $ctx, $cip) {
 			}
 
 			if (!isset($args['posts'][$board['uri']]))
-				$args['posts'][$board['uri']] = array('board' => $board, 'posts' => array());
+				$args['posts'][$board['uri']] = array('board' => $board, 'posts' => []);
 			$args['posts'][$board['uri']]['posts'][] = $po->build(true);
 		}
 	}
@@ -921,7 +921,7 @@ function mod_ip(Context $ctx, $cip) {
 		$query->execute() or error(db_error($query));
 		$args['logs'] = $query->fetchAll(PDO::FETCH_ASSOC);
 	} else {
-		$args['logs'] = array();
+		$args['logs'] = [];
 	}
 
 	$args['security_token'] = make_secure_link_token('IP/' . $cip);
@@ -1009,7 +1009,7 @@ function mod_bans(Context $ctx) {
 		if (!hasPermission($config['mod']['unban']))
 			error($config['error']['noaccess']);
 
-		$unban = array();
+		$unban = [];
 		foreach ($_POST as $name => $unused) {
 			if (preg_match('/^ban_(\d+)$/', $name, $match))
 				$unban[] = $match[1];
@@ -1094,16 +1094,16 @@ function mod_ban_appeals(Context $ctx) {
 				$query = query(sprintf("SELECT `num_files`, `files` FROM ``posts_%s`` WHERE `id` = " .
 					(int)$ban['post']['id'], $board['uri']));
 				if ($_post = $query->fetch(PDO::FETCH_ASSOC)) {
-					$_post['files'] = $_post['files'] ? json_decode($_post['files']) : array();
+					$_post['files'] = $_post['files'] ? json_decode($_post['files']) : [];
 					$ban['post'] = array_merge($ban['post'], $_post);
 				} else {
-					$ban['post']['files'] = array(array());
+					$ban['post']['files'] = array([]);
 					$ban['post']['files'][0]['file'] = 'deleted';
 					$ban['post']['files'][0]['thumb'] = false;
 					$ban['post']['num_files'] = 1;
 				}
 			} else {
-				$ban['post']['files'] = array(array());
+				$ban['post']['files'] = array([]);
 				$ban['post']['files'][0]['file'] = 'deleted';
 				$ban['post']['files'][0]['thumb'] = false;
 				$ban['post']['num_files'] = 1;
@@ -1395,7 +1395,7 @@ function mod_move(Context $ctx, $originBoard, $postID) {
 		$query->bindValue(':id', $postID, PDO::PARAM_INT);
 		$query->execute() or error(db_error($query));
 
-		$replies = array();
+		$replies = [];
 
 		while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
 			$post['mod'] = true;
@@ -1459,7 +1459,7 @@ function mod_move(Context $ctx, $originBoard, $postID) {
 
 
 			if (!empty($post['tracked_cites'])) {
-				$insert_rows = array();
+				$insert_rows = [];
 				foreach ($post['tracked_cites'] as $cite) {
 					$insert_rows[] = '(' .
 						$pdo->quote($board['uri']) . ', ' . $newPostID . ', ' .
@@ -1810,8 +1810,8 @@ function mod_deletebyip(Context $ctx, $boardName, $post, $global = false) {
 
 	@set_time_limit($config['mod']['rebuild_timelimit']);
 
-	$threads_to_rebuild = array();
-	$threads_deleted = array();
+	$threads_to_rebuild = [];
+	$threads_deleted = [];
 	while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
 		openBoard($post['board']);
 
@@ -1870,7 +1870,7 @@ function mod_user(Context $ctx, $uid) {
 				$board = $board['uri'];
 			}
 
-			$boards = array();
+			$boards = [];
 			foreach ($_POST as $name => $value) {
 				if (preg_match('/^board_(' . $config['board_regex'] . ')$/u', $name, $matches) && in_array($matches[1], $_boards))
 					$boards[] = $matches[1];
@@ -1961,7 +1961,7 @@ function mod_user(Context $ctx, $uid) {
 		$query->execute() or error(db_error($query));
 		$log = $query->fetchAll(PDO::FETCH_ASSOC);
 	} else {
-		$log = array();
+		$log = [];
 	}
 
 	$user['boards'] = explode(',', $user['boards']);
@@ -1994,7 +1994,7 @@ function mod_user_new(Context $ctx) {
 				$board = $board['uri'];
 			}
 
-			$boards = array();
+			$boards = [];
 			foreach ($_POST as $name => $value) {
 				if (preg_match('/^board_(' . $config['board_regex'] . ')$/u', $name, $matches) && in_array($matches[1], $_boards))
 					$boards[] = $matches[1];
@@ -2230,9 +2230,9 @@ function mod_rebuild(Context $ctx) {
 	if (isset($_POST['rebuild'])) {
 		@set_time_limit($config['mod']['rebuild_timelimit']);
 
-		$log = array();
+		$log = [];
 		$boards = listBoards();
-		$rebuilt_scripts = array();
+		$rebuilt_scripts = [];
 
 		if (isset($_POST['rebuild_cache'])) {
 			if ($config['cache']['enabled']) {
@@ -2305,16 +2305,16 @@ function mod_reports(Context $ctx) {
 	$query->execute() or error(db_error($query));
 	$reports = $query->fetchAll(PDO::FETCH_ASSOC);
 
-	$report_queries = array();
+	$report_queries = [];
 	foreach ($reports as $report) {
 		if (!isset($report_queries[$report['board']]))
-			$report_queries[$report['board']] = array();
+			$report_queries[$report['board']] = [];
 		$report_queries[$report['board']][] = $report['post'];
 	}
 
-	$report_posts = array();
+	$report_posts = [];
 	foreach ($report_queries as $board => $posts) {
-		$report_posts[$board] = array();
+		$report_posts[$board] = [];
 
 		$query = query(sprintf('SELECT * FROM ``posts_%s`` WHERE `id` = ' . implode(' OR `id` = ', $posts), $board)) or error(db_error());
 		while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
@@ -2433,7 +2433,7 @@ function mod_recent_posts(Context $ctx, $lim) {
 	$limit = (is_numeric($lim))? $lim : 25;
 	$last_time = (isset($_GET['last']) && is_numeric($_GET['last'])) ? $_GET['last'] : 0;
 
-	$mod_boards = array();
+	$mod_boards = [];
 	$boards = listBoards();
 
 	//if not all boards
@@ -2593,7 +2593,7 @@ function mod_config(Context $ctx, $board_config = false) {
 
 				if ($config['minify_html'])
 					$config_append = str_replace("\n", '&#010;', $config_append);
-				$page = array();
+				$page = [];
 				$page['title'] = 'Cannot write to file!';
 				$page['config'] = $config;
 				$page['body'] = '
@@ -2636,7 +2636,7 @@ function mod_themes_list(Context $ctx) {
 	$themes_in_use = $query->fetchAll(PDO::FETCH_COLUMN);
 
 	// Scan directory for themes
-	$themes = array();
+	$themes = [];
 	while ($file = readdir($dir)) {
 		if ($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) {
 			$themes[$file] = loadThemeConfig($file);
@@ -2933,7 +2933,7 @@ function mod_pages(Context $ctx, $board = false) {
 function mod_debug_antispam(Context $ctx) {
 	global $pdo, $config;
 
-	$args = array();
+	$args = [];
 
 	if (isset($_POST['board'], $_POST['thread'])) {
 		$where = '`board` = ' . $pdo->quote($_POST['board']);

From b2df2ab2a560ca5818bc347630279b72ed9c9a99 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 16 Aug 2024 00:46:35 +0200
Subject: [PATCH 227/336] theme.php: extract theme functions from functions.php

---
 inc/functions.php       | 102 ----------------------------------------
 inc/functions/theme.php |  98 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 98 insertions(+), 102 deletions(-)
 create mode 100644 inc/functions/theme.php

diff --git a/inc/functions.php b/inc/functions.php
index 2cb97c50..e529a955 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -397,108 +397,6 @@ function create_antibot($board, $thread = null) {
 	return _create_antibot($board, $thread);
 }
 
-function rebuildThemes($action, $boardname = false) {
-	global $config, $board, $current_locale;
-
-	// Save the global variables
-	$_config = $config;
-	$_board = $board;
-
-	// List themes
-	if ($themes = Cache::get("themes")) {
-		// OK, we already have themes loaded
-	}
-	else {
-		$query = query("SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
-
-		$themes = array();
-
-		while ($theme = $query->fetch(PDO::FETCH_ASSOC)) {
-			$themes[] = $theme;
-		}
-
-		Cache::set("themes", $themes);
-	}
-
-	foreach ($themes as $theme) {
-		// Restore them
-		$config = $_config;
-		$board = $_board;
-
-		// Reload the locale
-		if ($config['locale'] != $current_locale) {
-			$current_locale = $config['locale'];
-			init_locale($config['locale']);
-		}
-
-		if (PHP_SAPI === 'cli') {
-			echo "Rebuilding theme ".$theme['theme']."... ";
-		}
-
-		rebuildTheme($theme['theme'], $action, $boardname);
-
-		if (PHP_SAPI === 'cli') {
-			echo "done\n";
-		}
-	}
-
-	// Restore them again
-	$config = $_config;
-	$board = $_board;
-
-	// Reload the locale
-	if ($config['locale'] != $current_locale) {
-		$current_locale = $config['locale'];
-		init_locale($config['locale']);
-	}
-}
-
-
-function loadThemeConfig($_theme) {
-	global $config;
-
-	if (!file_exists($config['dir']['themes'] . '/' . $_theme . '/info.php'))
-		return false;
-
-	// Load theme information into $theme
-	include $config['dir']['themes'] . '/' . $_theme . '/info.php';
-
-	return $theme;
-}
-
-function rebuildTheme($theme, $action, $board = false) {
-	global $config, $_theme;
-	$_theme = $theme;
-
-	$theme = loadThemeConfig($_theme);
-
-	if (file_exists($config['dir']['themes'] . '/' . $_theme . '/theme.php')) {
-		require_once $config['dir']['themes'] . '/' . $_theme . '/theme.php';
-
-		$theme['build_function']($action, themeSettings($_theme), $board);
-	}
-}
-
-
-function themeSettings($theme) {
-	if ($settings = Cache::get("theme_settings_".$theme)) {
-		return $settings;
-	}
-
-	$query = prepare("SELECT `name`, `value` FROM ``theme_settings`` WHERE `theme` = :theme AND `name` IS NOT NULL");
-	$query->bindValue(':theme', $theme);
-	$query->execute() or error(db_error($query));
-
-	$settings = array();
-	while ($s = $query->fetch(PDO::FETCH_ASSOC)) {
-		$settings[$s['name']] = $s['value'];
-	}
-
-	Cache::set("theme_settings_".$theme, $settings);
-
-	return $settings;
-}
-
 function sprintf3($str, $vars, $delim = '%') {
 	$replaces = array();
 	foreach ($vars as $k => $v) {
diff --git a/inc/functions/theme.php b/inc/functions/theme.php
new file mode 100644
index 00000000..840f6b29
--- /dev/null
+++ b/inc/functions/theme.php
@@ -0,0 +1,98 @@
+<?php
+namespace Vichan\Functions\Theme;
+
+
+function rebuildThemes(string $action, $boardname = false): void {
+	global $config, $board, $current_locale;
+
+	// Save the global variables
+	$_config = $config;
+	$_board = $board;
+
+	// List themes
+	if ($themes = \Cache::get("themes")) {
+		// OK, we already have themes loaded
+	} else {
+		$query = query("SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
+		$themes = $query->fetchAll(\PDO::FETCH_NUM);
+
+		\Cache::set("themes", $themes);
+	}
+
+	foreach ($themes as $theme) {
+		// Restore them
+		$config = $_config;
+		$board = $_board;
+
+		// Reload the locale
+		if ($config['locale'] != $current_locale) {
+			$current_locale = $config['locale'];
+			init_locale($config['locale']);
+		}
+
+		if (PHP_SAPI === 'cli') {
+			echo "Rebuilding theme ".$theme['theme']."... ";
+		}
+
+		rebuildTheme($theme['theme'], $action, $boardname);
+
+		if (PHP_SAPI === 'cli') {
+			echo "done\n";
+		}
+	}
+
+	// Restore them again
+	$config = $_config;
+	$board = $_board;
+
+	// Reload the locale
+	if ($config['locale'] != $current_locale) {
+		$current_locale = $config['locale'];
+		init_locale($config['locale']);
+	}
+}
+
+function loadThemeConfig($_theme) {
+	global $config;
+
+	if (!file_exists($config['dir']['themes'] . '/' . $_theme . '/info.php')) {
+		return false;
+	}
+
+	// Load theme information into $theme
+	include $config['dir']['themes'] . '/' . $_theme . '/info.php';
+
+	return $theme;
+}
+
+function rebuildTheme($theme, string $action, $board = false) {
+	global $config, $_theme;
+	$_theme = $theme;
+
+	$theme = loadThemeConfig($_theme);
+
+	if (file_exists($config['dir']['themes'] . '/' . $_theme . '/theme.php')) {
+		require_once $config['dir']['themes'] . '/' . $_theme . '/theme.php';
+
+		$theme['build_function']($action, themeSettings($_theme), $board);
+	}
+}
+
+function themeSettings($theme): array {
+	if ($settings = \Cache::get("theme_settings_" . $theme)) {
+		return $settings;
+	}
+
+	$query = prepare("SELECT `name`, `value` FROM ``theme_settings`` WHERE `theme` = :theme AND `name` IS NOT NULL");
+	$query->bindValue(':theme', $theme);
+	$query->execute() or error(db_error($query));
+
+	$settings = [];
+	while ($s = $query->fetch(\PDO::FETCH_ASSOC)) {
+		$settings[$s['name']] = $s['value'];
+	}
+
+	\Cache::set("theme_settings_".$theme, $settings);
+
+	return $settings;
+}

From 453ae795f5647a41163896dec9d67137f0a674aa Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 16 Aug 2024 18:24:48 +0200
Subject: [PATCH 228/336] composer.json: autoload theme.php

---
 composer.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/composer.json b/composer.json
index 80eaf918..92f9c76e 100644
--- a/composer.json
+++ b/composer.json
@@ -37,6 +37,7 @@
             "inc/functions/net.php",
             "inc/functions/num.php",
             "inc/functions/format.php",
+            "inc/functions/theme.php",
             "inc/driver/http-driver.php",
             "inc/driver/log-driver.php",
             "inc/service/captcha-queries.php"

From d408ed04135b365f7d8bb3e3e80cc36940731f2d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 16 Aug 2024 18:32:32 +0200
Subject: [PATCH 229/336] theme.php: rename functions to snake_case

---
 inc/bans.php            | 12 ++++++------
 inc/controller.php      |  8 ++++----
 inc/functions/theme.php | 14 +++++++-------
 inc/mod/pages.php       | 38 +++++++++++++++++++-------------------
 post.php                |  6 +++---
 5 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index a0ea5c76..58b054ec 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -15,7 +15,7 @@ class Bans {
 			$query->bindValue(':id', $ban_ids[0], PDO::PARAM_INT);
 			$query->execute() or error(db_error());
 
-			rebuildThemes('bans');
+			Vichan\Functions\Theme\rebuild_themes('bans');
 		} elseif ($len >= 1) {
 			// Build the query.
 			$query = 'DELETE FROM ``bans`` WHERE `id` IN (';
@@ -33,7 +33,7 @@ class Bans {
 
 			$query->execute() or error(db_error());
 
-			rebuildThemes('bans');
+			Vichan\Functions\Theme\rebuild_themes('bans');
 		}
 	}
 
@@ -343,7 +343,7 @@ class Bans {
 
 	static public function seen($ban_id) {
 		$query = query("UPDATE ``bans`` SET `seen` = 1 WHERE `id` = " . (int)$ban_id) or error(db_error());
-                rebuildThemes('bans');
+                Vichan\Functions\Theme\rebuild_themes('bans');
 	}
 
 	static public function purge($require_seen, $moratorium) {
@@ -358,7 +358,7 @@ class Bans {
 
 		$affected = $query->rowCount();
 		if ($affected > 0) {
-			rebuildThemes('bans');
+			Vichan\Functions\Theme\rebuild_themes('bans');
 		}
 		return $affected;
 	}
@@ -386,7 +386,7 @@ class Bans {
 
 		query("DELETE FROM ``bans`` WHERE `id` = " . (int)$ban_id) or error(db_error());
 
-		if (!$dont_rebuild) rebuildThemes('bans');
+		if (!$dont_rebuild) Vichan\Functions\Theme\rebuild_themes('bans');
 
 		return true;
 	}
@@ -465,7 +465,7 @@ class Bans {
 
 		modLog("Created a new $ban_len ban on $ban_board for $ban_ip (<small># $ban_id </small>) with $ban_reason");
 
-		rebuildThemes('bans');
+		Vichan\Functions\Theme\rebuild_themes('bans');
 
 		return $pdo->lastInsertId();
 	}
diff --git a/inc/controller.php b/inc/controller.php
index 02e33443..0b4e2886 100644
--- a/inc/controller.php
+++ b/inc/controller.php
@@ -85,24 +85,24 @@ function sb_api($b) { global $config, $build_pages;
 }
 
 function sb_ukko() {
-  rebuildTheme("ukko", "post-thread");
+  Vichan\Functions\Theme\rebuild_theme("ukko", "post-thread");
   return true;
 }
 
 function sb_catalog($b) {
   if (!openBoard($b)) return false;
 
-  rebuildTheme("catalog", "post-thread", $b); 
+  Vichan\Functions\Theme\rebuild_theme("catalog", "post-thread", $b); 
   return true;
 }
 
 function sb_recent() {
-  rebuildTheme("recent", "post-thread");
+  Vichan\Functions\Theme\rebuild_theme("recent", "post-thread");
   return true;
 }
 
 function sb_sitemap() {
-  rebuildTheme("sitemap", "all");
+  Vichan\Functions\Theme\rebuild_theme("sitemap", "all");
   return true;
 }
 
diff --git a/inc/functions/theme.php b/inc/functions/theme.php
index 840f6b29..6ac3a95b 100644
--- a/inc/functions/theme.php
+++ b/inc/functions/theme.php
@@ -2,7 +2,7 @@
 namespace Vichan\Functions\Theme;
 
 
-function rebuildThemes(string $action, $boardname = false): void {
+function rebuild_themes(string $action, $boardname = false): void {
 	global $config, $board, $current_locale;
 
 	// Save the global variables
@@ -34,7 +34,7 @@ function rebuildThemes(string $action, $boardname = false): void {
 			echo "Rebuilding theme ".$theme['theme']."... ";
 		}
 
-		rebuildTheme($theme['theme'], $action, $boardname);
+		rebuild_theme($theme['theme'], $action, $boardname);
 
 		if (PHP_SAPI === 'cli') {
 			echo "done\n";
@@ -52,7 +52,7 @@ function rebuildThemes(string $action, $boardname = false): void {
 	}
 }
 
-function loadThemeConfig($_theme) {
+function load_theme_config($_theme) {
 	global $config;
 
 	if (!file_exists($config['dir']['themes'] . '/' . $_theme . '/info.php')) {
@@ -65,20 +65,20 @@ function loadThemeConfig($_theme) {
 	return $theme;
 }
 
-function rebuildTheme($theme, string $action, $board = false) {
+function rebuild_theme($theme, string $action, $board = false) {
 	global $config, $_theme;
 	$_theme = $theme;
 
-	$theme = loadThemeConfig($_theme);
+	$theme = load_theme_config($_theme);
 
 	if (file_exists($config['dir']['themes'] . '/' . $_theme . '/theme.php')) {
 		require_once $config['dir']['themes'] . '/' . $_theme . '/theme.php';
 
-		$theme['build_function']($action, themeSettings($_theme), $board);
+		$theme['build_function']($action, theme_settings($_theme), $board);
 	}
 }
 
-function themeSettings($theme): array {
+function theme_settings($theme): array {
 	if ($settings = \Cache::get("theme_settings_" . $theme)) {
 		return $settings;
 	}
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 46e8fc7e..f2caff32 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -442,7 +442,7 @@ function mod_edit_board($boardName) {
 			cache::delete('all_boards');
 		}
 
-		rebuildThemes('boards');
+		Vichan\Functions\Theme\rebuild_themes('boards');
 
 		header('Location: ?/', true, $config['redirect_http']);
 	} else {
@@ -514,7 +514,7 @@ function mod_new_board() {
 		// Build the board
 		buildIndex();
 
-		rebuildThemes('boards');
+		Vichan\Functions\Theme\rebuild_themes('boards');
 
 		header('Location: ?/' . $board['uri'] . '/' . $config['file_index'], true, $config['redirect_http']);
 	}
@@ -617,7 +617,7 @@ function mod_news($page_no = 1) {
 
 		modLog('Posted a news entry');
 
-		rebuildThemes('news');
+		Vichan\Functions\Theme\rebuild_themes('news');
 
 		header('Location: ?/edit_news#' . $pdo->lastInsertId(), true, $config['redirect_http']);
 	}
@@ -1013,7 +1013,7 @@ function mod_bans() {
 		foreach ($unban as $id) {
 			Bans::delete($id, true, $mod['boards'], true);
 		}
-                rebuildThemes('bans');
+                Vichan\Functions\Theme\rebuild_themes('bans');
 		header('Location: ?/bans', true, $config['redirect_http']);
 		return;
 	}
@@ -1281,7 +1281,7 @@ function mod_move_reply($originBoard, $postID) {
 		buildThread($newID);
 
 		// trigger themes
-		rebuildThemes('post', $targetBoard);
+		Vichan\Functions\Theme\rebuild_themes('post', $targetBoard);
 		// mod log
 		modLog("Moved post #{$postID} to " . sprintf($config['board_abbreviation'], $targetBoard) . " (#{$newID})", $originBoard);
 
@@ -1469,7 +1469,7 @@ function mod_move($originBoard, $postID) {
 		buildIndex();
 
 		// trigger themes
-		rebuildThemes('post', $targetBoard);
+		Vichan\Functions\Theme\rebuild_themes('post', $targetBoard);
 
 		$newboard = $board;
 
@@ -1576,7 +1576,7 @@ function mod_ban_post($board, $delete, $post, $token = false) {
 			// Rebuild board
 			buildIndex();
 			// Rebuild themes
-			rebuildThemes('post-delete', $board);
+			Vichan\Functions\Theme\rebuild_themes('post-delete', $board);
 		}
 
 		header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
@@ -1651,7 +1651,7 @@ function mod_edit_post($board, $edit_raw_html, $postID) {
 
 		buildIndex();
 
-		rebuildThemes('post', $board);
+		Vichan\Functions\Theme\rebuild_themes('post', $board);
 
 		header('Location: ?/' . sprintf($config['board_path'], $board) . $config['dir']['res'] . link_for($post) . '#' . $postID, true, $config['redirect_http']);
 	} else {
@@ -1689,7 +1689,7 @@ function mod_delete($board, $post) {
 	// Rebuild board
 	buildIndex();
 	// Rebuild themes
-	rebuildThemes('post-delete', $board);
+	Vichan\Functions\Theme\rebuild_themes('post-delete', $board);
 	// Redirect
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
 }
@@ -1711,7 +1711,7 @@ function mod_deletefile($board, $post, $file) {
 	// Rebuild board
 	buildIndex();
 	// Rebuild themes
-	rebuildThemes('post-delete', $board);
+	Vichan\Functions\Theme\rebuild_themes('post-delete', $board);
 
 	// Redirect
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
@@ -1756,7 +1756,7 @@ function mod_spoiler_image($board, $post, $file) {
 	buildIndex();
 
 	// Rebuild themes
-	rebuildThemes('post-delete', $board);
+	Vichan\Functions\Theme\rebuild_themes('post-delete', $board);
 
 	// Redirect
 	header('Location: ?/' . sprintf($config['board_path'], $board) . $config['file_index'], true, $config['redirect_http']);
@@ -1807,7 +1807,7 @@ function mod_deletebyip($boardName, $post, $global = false) {
 
 		deletePost($post['id'], false, false);
 
-		rebuildThemes('post-delete', $board['uri']);
+		Vichan\Functions\Theme\rebuild_themes('post-delete', $board['uri']);
 
 		buildIndex();
 
@@ -2233,7 +2233,7 @@ function mod_rebuild() {
 
 		if (isset($_POST['rebuild_themes'])) {
 			$log[] = 'Regenerating theme files';
-			rebuildThemes('all');
+			Vichan\Functions\Theme\rebuild_themes('all');
 		}
 
 		if (isset($_POST['rebuild_javascript'])) {
@@ -2622,7 +2622,7 @@ function mod_themes_list() {
 	$themes = array();
 	while ($file = readdir($dir)) {
 		if ($file[0] != '.' && is_dir($config['dir']['themes'] . '/' . $file)) {
-			$themes[$file] = loadThemeConfig($file);
+			$themes[$file] = Vichan\Functions\Theme\load_theme_config($file);
 		}
 	}
 	closedir($dir);
@@ -2644,7 +2644,7 @@ function mod_theme_configure($theme_name) {
 	if (!hasPermission($config['mod']['themes']))
 		error($config['error']['noaccess']);
 
-	if (!$theme = loadThemeConfig($theme_name)) {
+	if (!$theme = Vichan\Functions\Theme\load_theme_config($theme_name)) {
 		error($config['error']['invalidtheme']);
 	}
 
@@ -2682,7 +2682,7 @@ function mod_theme_configure($theme_name) {
 		$result = true;
 		$message = false;
 		if (isset($theme['install_callback'])) {
-			$ret = $theme['install_callback'](themeSettings($theme_name));
+			$ret = $theme['install_callback'](Vichan\Functions\Theme\theme_settings($theme_name));
 			if ($ret && !empty($ret)) {
 				if (is_array($ret) && count($ret) == 2) {
 					$result = $ret[0];
@@ -2699,7 +2699,7 @@ function mod_theme_configure($theme_name) {
 		}
 
 		// Build themes
-		rebuildThemes('all');
+		Vichan\Functions\Theme\rebuild_themes('all');
 
 		mod_page(sprintf(_($result ? 'Installed theme: %s' : 'Installation failed: %s'), $theme['name']), $config['file_mod_theme_installed'], array(
 			'theme_name' => $theme_name,
@@ -2710,7 +2710,7 @@ function mod_theme_configure($theme_name) {
 		return;
 	}
 
-	$settings = themeSettings($theme_name);
+	$settings = Vichan\Functions\Theme\theme_settings($theme_name);
 
 	mod_page(sprintf(_('Configuring theme: %s'), $theme['name']), $config['file_mod_theme_config'], array(
 		'theme_name' => $theme_name,
@@ -2743,7 +2743,7 @@ function mod_theme_rebuild($theme_name) {
 	if (!hasPermission($config['mod']['themes']))
 		error($config['error']['noaccess']);
 
-	rebuildTheme($theme_name, 'all');
+	Vichan\Functions\Theme\rebuild_theme($theme_name, 'all');
 
 	mod_page(sprintf(_('Rebuilt theme: %s'), $theme_name), $config['file_mod_theme_rebuilt'], array(
 		'theme_name' => $theme_name,
diff --git a/post.php b/post.php
index 644ff111..18022047 100644
--- a/post.php
+++ b/post.php
@@ -477,7 +477,7 @@ if (isset($_POST['delete'])) {
 	if (function_exists('fastcgi_finish_request'))
 		@fastcgi_finish_request();
 
-	rebuildThemes('post-delete', $board['uri']);
+	Vichan\Functions\Theme\rebuild_themes('post-delete', $board['uri']);
 
 } elseif (isset($_POST['report'])) {
 	if (!isset($_POST['board'], $_POST['reason']))
@@ -1429,9 +1429,9 @@ if (isset($_POST['delete'])) {
 		@fastcgi_finish_request();
 
 	if ($post['op'])
-		rebuildThemes('post-thread', $board['uri']);
+		Vichan\Functions\Theme\rebuild_themes('post-thread', $board['uri']);
 	else
-		rebuildThemes('post', $board['uri']);
+		Vichan\Functions\Theme\rebuild_themes('post', $board['uri']);
 
 } elseif (isset($_POST['appeal'])) {
 	if (!isset($_POST['ban_id']))

From 4f68166870f3e86b064189e56cd8a7e7cedce550 Mon Sep 17 00:00:00 2001
From: fowr <weav@anche.no>
Date: Fri, 5 Aug 2022 11:16:53 -0300
Subject: [PATCH 230/336] api.php: using depedency injection instead of globals

---
 inc/api.php       | 10 ++++------
 inc/functions.php | 12 ++++++++++--
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/inc/api.php b/inc/api.php
index 11f51fe4..16844d32 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -45,13 +45,11 @@ class Api {
 		'size' => 'fsize'
 	];
 
-	public function __construct() {
-		global $config;
-
+	public function __construct(bool $show_filename, bool $hide_email, bool $country_flags) {
 		// Translation from local fields to fields in 4chan-style API
-		$this->show_filename = $config['show_filename'];
-		$this->hide_email = $config['hide_email'];
-		$this->country_flags = $config['country_flags'];
+		$this->show_filename = $show_filename;
+		$this->hide_email = $hide_email;
+		$this->country_flags = $country_flags;
 
 		$this->postFields = [
 			'id' => 'no',
diff --git a/inc/functions.php b/inc/functions.php
index 2cb97c50..c76ca10b 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1730,7 +1730,11 @@ function buildIndex($global_api = "yes") {
 	$antibot = null;
 
 	if ($config['api']['enabled']) {
-		$api = new Api();
+		$api = new Api(
+			$config['show_filename'],
+			$config['hide_email'],
+			$config['country_flags']
+		);
 		$catalog = array();
 	}
 
@@ -2388,7 +2392,11 @@ function buildThread($id, $return = false, $mod = false) {
 
 		// json api
 		if ($config['api']['enabled'] && !$mod) {
-			$api = new Api();
+			$api = new Api(
+				$config['show_filename'],
+				$config['hide_email'],
+				$config['country_flags']
+			);
 			$json = json_encode($api->translateThread($thread));
 			$jsonFilename = $board['dir'] . $config['dir']['res'] . $id . '.json';
 			file_write($jsonFilename, $json);

From 1191dfb193ea36f18ba84ad1b546ed0517286c95 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 18 Aug 2024 01:06:45 +0200
Subject: [PATCH 231/336] pages.php: add copy fallback in case of already
 existing file when moving thread.

---
 inc/mod/pages.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index ac5cf35f..a713d8fe 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -10,6 +10,14 @@ use Vichan\Functions\Net;
 defined('TINYBOARD') or exit;
 
 
+function _link_or_copy(string $target, string $link): bool {
+    if (!link($target, $link)) {
+        error_log("Failed to link() $target to $link. Falling back to copy()");
+        return copy($target, $link);
+    }
+    return true;
+}
+
 function mod_page($title, $template, $args, $subtitle = false) {
 	global $config, $mod;
 
@@ -1348,7 +1356,7 @@ function mod_move(Context $ctx, $originBoard, $postID) {
 			error(_('Target and source board are the same.'));
 
 		// link() if leaving a shadow thread behind; else, rename().
-		$clone = $shadow ? 'link' : 'rename';
+		$clone = $shadow ? '_link_or_copy' : 'rename';
 
 		// indicate that the post is a thread
 		$post['op'] = true;

From 13b587cf62aa8caf8826bbf85c9846e287a2e4af Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Tue, 20 Aug 2024 21:27:22 -0300
Subject: [PATCH 232/336] add resource_version to avoid cache.

---
 inc/secrets.php             | 6 ++++++
 templates/header.html       | 6 +++---
 templates/mod/ban_list.html | 2 +-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/inc/secrets.php b/inc/secrets.php
index b3d9bbc7..e7c4efc1 100644
--- a/inc/secrets.php
+++ b/inc/secrets.php
@@ -1 +1,7 @@
 <?php
+
+	$config['db']['type']		= 'mysql';
+	$config['db']['server']		= 'localhost';
+	$config['db']['user']		= 'dev';
+	$config['db']['password']	= 'dev';
+	$config['db']['database']	= 'vichan';
\ No newline at end of file
diff --git a/templates/header.html b/templates/header.html
index 14a42952..b2c0f054 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -1,4 +1,4 @@
-<link rel="stylesheet" media="screen" href="{{ config.url_stylesheet }}">
+<link rel="stylesheet" media="screen" href="{{ config.url_stylesheet }}?v={{ config.resource_version }}">
 {% if config.url_favicon %}<link rel="shortcut icon" href="{{ config.url_favicon }}">{% endif %}
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">
@@ -12,9 +12,9 @@
 	var modRoot = "{{ config.root }}" + (inMod ? "mod.php?/" : "");
 </script>
 {% if not nojavascript %}
-	<script type="text/javascript" src="{{ config.url_javascript }}"></script>
+	<script type="text/javascript" src="{{ config.url_javascript }}?v={{ config.resource_version }}"></script>
 	{% if not config.additional_javascript_compile %}
-	{% for javascript in config.additional_javascript %}<script type="text/javascript" src="{{ config.additional_javascript_url }}{{ javascript }}"></script>{% endfor %}
+	{% for javascript in config.additional_javascript %}<script type="text/javascript" src="{{ config.additional_javascript_url }}{{ javascript }}?v={{ config.resource_version }}"></script>{% endfor %}
 	{% endif %}
 	{% if mod %}
 	<script type="text/javascript" src="/js/mod/mod_snippets.js"></script>
diff --git a/templates/mod/ban_list.html b/templates/mod/ban_list.html
index 0c67f269..f039350b 100644
--- a/templates/mod/ban_list.html
+++ b/templates/mod/ban_list.html
@@ -1,4 +1,4 @@
-<script src='main.js'></script>
+<script src='main.js?v={{ config.resource_version }}'></script>
 <script src='js/jquery.min.js'></script>
 <script src='js/mobile-style.js'></script>
 <script src='js/strftime.min.js'></script>

From 6ea8fd5bf32d83ac1af9e0a54fdce2524ec239c6 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Wed, 21 Aug 2024 14:00:59 +0200
Subject: [PATCH 233/336] config.php: add missing default configuration, remove
 db settings

---
 inc/config.php  | 4 ++++
 inc/secrets.php | 6 ------
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index b4fc27d8..77c3ed57 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1187,6 +1187,10 @@
 	// Minify Javascript using http://code.google.com/p/minify/.
 	$config['minify_js'] = false;
 
+	// Version number for main.js (or $config['url_javascript']).
+	// You can use this to bypass the user's browsers and CDN caches.
+	$config['resource_version'] = 0;
+
 	// Dispatch thumbnail loading and image configuration with JavaScript. It will need a certain javascript
 	// code to work.
 	$config['javascript_image_dispatch'] = false;
diff --git a/inc/secrets.php b/inc/secrets.php
index e7c4efc1..b3d9bbc7 100644
--- a/inc/secrets.php
+++ b/inc/secrets.php
@@ -1,7 +1 @@
 <?php
-
-	$config['db']['type']		= 'mysql';
-	$config['db']['server']		= 'localhost';
-	$config['db']['user']		= 'dev';
-	$config['db']['password']	= 'dev';
-	$config['db']['database']	= 'vichan';
\ No newline at end of file

From cd5c57f7174b922b66e544cf655e76fc97211e85 Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Sun, 25 Aug 2024 17:01:06 -0300
Subject: [PATCH 234/336] fix oversights introduced in captcha;

---
 templates/main.js        | 6 +++---
 templates/post_form.html | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/templates/main.js b/templates/main.js
index f956f5cf..13c80c33 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -222,7 +222,7 @@ function getCookie(cookie_name) {
 	}
 }
 
-{% endraw %}
+{% endverbatim %}
 {% if config.captcha.dynamic %}
 function is_dynamic_captcha_enabled() {
 	let cookie = get_cookie('require-captcha');
@@ -230,7 +230,7 @@ function is_dynamic_captcha_enabled() {
 }
 
 function get_captcha_pub_key() {
-{% if config.captcha.provider === 'recaptcha' %}
+{% if config.captcha.provider == 'recaptcha' %}
 	return "{{ config.captcha.recaptcha.sitekey }}";
 {% else %}
 	return null;
@@ -250,7 +250,7 @@ function init_dynamic_captcha() {
 	}
 }
 {% endif %}
-{% raw %}
+{% verbatim %}
 
 function highlightReply(id) {
 	if (typeof window.event != "undefined" && event.which == 2) {
diff --git a/templates/post_form.html b/templates/post_form.html
index 038395fa..64aff382 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -100,7 +100,7 @@
 			</td>
 		</tr>
 		{% endif %}
-		{% if config.captcha.enabled %}
+		{% if config.captcha.provider == 'native' %}
 		<tr class='captcha'>
 			<th>
 				{% trans %}Verification{% endtrans %}
@@ -115,7 +115,7 @@
 				</noscript>
 			</td>
 		</tr>
-			{% elseif config.new_thread_capt %}
+		{% elseif config.captcha.native.new_thread_capt %}
 			{% if not id %}
  			<tr class='captcha'>
                         <th>

From eeb55133eb22ded86419692bc8070ea9d9aa8599 Mon Sep 17 00:00:00 2001
From: fowr <89118232+perdedora@users.noreply.github.com>
Date: Sun, 25 Aug 2024 17:01:31 -0300
Subject: [PATCH 235/336] add missing context file to composer autoload

---
 composer.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 92f9c76e..a2ddce03 100644
--- a/composer.json
+++ b/composer.json
@@ -40,7 +40,8 @@
             "inc/functions/theme.php",
             "inc/driver/http-driver.php",
             "inc/driver/log-driver.php",
-            "inc/service/captcha-queries.php"
+            "inc/service/captcha-queries.php",
+            "inc/context.php"
         ]
     },
     "license": "Tinyboard + vichan",

From 43b926c41bd5f9d8ec8df9c50e8f9fa700c42cd9 Mon Sep 17 00:00:00 2001
From: seisatsu <seisatsu@seisat.su>
Date: Fri, 6 Sep 2024 15:23:37 -0500
Subject: [PATCH 236/336] Fix typo in post.php that breaks Tesseract OCR

Fixes a typo in post.php that causes an uninitialized variable "$value"
to be referenced instead of the correct variable "$txt". This caused all
attempts to use the Tesseract OCR feature to fail with an error.
---
 post.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post.php b/post.php
index 1f3a2b97..6f29f50c 100644
--- a/post.php
+++ b/post.php
@@ -1197,7 +1197,7 @@ if (isset($_POST['delete'])) {
 					if ($txt !== '') {
 						// This one has an effect, that the body is appended to a post body. So you can write a correct
 						// spamfilter.
-						$post['body_nomarkup'] .= "<tinyboard ocr image $key>" . htmlspecialchars($value) . "</tinyboard>";
+						$post['body_nomarkup'] .= "<tinyboard ocr image $key>" . htmlspecialchars($txt) . "</tinyboard>";
 					}
 				} catch (RuntimeException $e) {
 					$context->get(Log::class)->log(Log::ERROR, "Could not OCR image: {$e->getMessage()}");

From 1db5c788dd8b1f9322eea9700a45a8d7562ac756 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Tue, 17 Sep 2024 21:03:05 -0700
Subject: [PATCH 237/336] lazy loading

---
 inc/config.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/inc/config.php b/inc/config.php
index 77c3ed57..3e183dc1 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1155,6 +1155,10 @@
 	// <tinyboard flag style>.
 	$config['flag_style'] = 'width:16px;height:11px;';
 
+	// Lazy loading
+	// https://developer.mozilla.org/en-US/docs/Web/Performance/Lazy_loading
+	$config['content_lazy_loading'] = false;
+
 /*
  * ====================
  *  Javascript

From 16bb7041544e31ca94030ee1f97b829af6c2d2cf Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Tue, 17 Sep 2024 21:15:43 -0700
Subject: [PATCH 238/336] lazy loading commit

---
 templates/post/image.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/post/image.html b/templates/post/image.html
index 8b845729..6e416502 100644
--- a/templates/post/image.html
+++ b/templates/post/image.html
@@ -20,7 +20,7 @@
 					{{ config.file_thumb|sprintf(config.file_icons.default) }}
 				{% endif %}
 			"
-			 style="width:{{ post.thumbwidth }}px;height:{{ post.thumbheight }}px"
+			 style="width:{{ post.thumbwidth }}px;height:{{ post.thumbheight }}px" {% if config.content_lazy_loading %}loading="lazy"{% endif %}
 		>
 		</video>
 	{% else %}
@@ -39,7 +39,7 @@
 					{{ config.uri_thumb }}{{ post.thumb }}
 				{% endif %}
 			"
-			 style="width:{{ post.thumbwidth }}px;height:{{ post.thumbheight }}px" alt="" 
+			 style="width:{{ post.thumbwidth }}px;height:{{ post.thumbheight }}px" {% if config.content_lazy_loading %}loading="lazy"{% endif %} alt="" 
 		/>
 	{% endif %}
 </a>

From 8c27b5261ca386f60165fc71d621cc1feb50bf0e Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Tue, 17 Sep 2024 21:18:09 -0700
Subject: [PATCH 239/336] lazy loading commit

---
 templates/themes/catalog/catalog.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/themes/catalog/catalog.html b/templates/themes/catalog/catalog.html
index 493f47d1..62ca7147 100644
--- a/templates/themes/catalog/catalog.html
+++ b/templates/themes/catalog/catalog.html
@@ -51,7 +51,7 @@
 						{% else %}
 							<img src="{{post.file}}"
 						{% endif %}
-						 id="img-{{ post.id }}" data-subject="{% if post.subject %}{{ post.subject|e }}{% endif %}" data-name="{{ post.name|e }}" data-muhdifference="{{ post.muhdifference }}" class="{{post.board}} thread-image" title="{{post.bump|date('M d H:i')}}">
+						id="img-{{ post.id }}" data-subject="{% if post.subject %}{{ post.subject|e }}{% endif %}" data-name="{{ post.name|e }}" data-muhdifference="{{ post.muhdifference }}" class="{{post.board}} thread-image" title="{{post.bump|date('%b %d %H:%M')}} {% if config.content_lazy_loading %}loading="lazy"{% endif %}">
 					</a>
 						<div class="replies">
 							<strong>R: {{ post.reply_count }} / I: {{ post.image_count }}{% if post.sticky %} (sticky){% endif %}</strong>

From a457b905bf378cbb05b3b9c205d58881ca04b851 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Tue, 17 Sep 2024 21:44:06 -0700
Subject: [PATCH 240/336] from master branch

---
 js/show-backlinks.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/js/show-backlinks.js b/js/show-backlinks.js
index 19a3d5dd..d80eebaa 100644
--- a/js/show-backlinks.js
+++ b/js/show-backlinks.js
@@ -57,9 +57,10 @@ onReady(function() {
 	$('div.post.op').each(showBackLinks);
 
 	$(document).on('new_post', function(e, post) {
-		showBackLinks.call(post);
 		if ($(post).hasClass("op")) {
 			$(post).find('div.post.reply').each(showBackLinks);
+		} else {
+			$(post).parent().find('div.post.reply').each(showBackLinks);
 		}
 	});
 });

From 36737b77a832f1f36610db5bcebd280c9f9ef105 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Tue, 17 Sep 2024 22:20:36 -0700
Subject: [PATCH 241/336] made https flag make sense

---
 install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install.php b/install.php
index 90d8af57..36151c87 100644
--- a/install.php
+++ b/install.php
@@ -871,7 +871,7 @@ if ($step == 0) {
 		),
 		array(
 			'category' => 'Misc',
-			'name' => 'HTTPS not being used',
+			'name' => 'HTTPS being used',
 			'result' => $httpsvalue,
 			'required' => false,
 			'message' => 'You are not currently using https for vichan, or at least for your backend server. If this intentional, add "$config[\'cookies\'][\'secure_login_only\'] = 0;" (or 1 if using a proxy) on a new line under "Additional configuration" on the next page.'

From 1effe1648b3fdb3dbadc8be28ba42f2943f9e4c8 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Tue, 17 Sep 2024 23:28:21 -0700
Subject: [PATCH 242/336] add some spaces

---
 templates/mod/dashboard.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/mod/dashboard.html b/templates/mod/dashboard.html
index a5e11f82..9d16c159 100644
--- a/templates/mod/dashboard.html
+++ b/templates/mod/dashboard.html
@@ -6,7 +6,7 @@
 		{% for board in boards %}
 			<li>
 				<a href="?/{{ config.board_path|sprintf(board.uri) }}{{ config.file_index }}">{{ config.board_abbreviation|sprintf(board.uri) }}</a>
-					 -
+					 - 
 				{{ board.title|e }}
 				{% if board.subtitle %}
 					<small>&mdash;
@@ -70,7 +70,7 @@
 		<li>
 			<a href="?/inbox">
 				{% trans 'PM inbox' %}
-				{% if unread_pms > 0 %}<strong>{%endif %}({{ unread_pms }} unread){% if unread_pms > 0 %}</strong>{%endif %}
+				{% if unread_pms > 0 %}<strong>{%endif %} ({{ unread_pms }} unread){% if unread_pms > 0 %}</strong>{%endif %}
 			</a>
 		</li>
 	</ul>

From e1a4ae5336fa13e455e9cf0bffe42dd1667cc3ad Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 19 Sep 2024 01:26:50 -0700
Subject: [PATCH 243/336] revert trimming and this somehow fixes the antibot
 issues??????

idk but it works somehow??????
---
 inc/anti-bot.php | 70 ++++++++++++++++++++++++------------------------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/inc/anti-bot.php b/inc/anti-bot.php
index aa0eeb99..48150328 100644
--- a/inc/anti-bot.php
+++ b/inc/anti-bot.php
@@ -10,7 +10,7 @@ $hidden_inputs_twig = array();
 
 class AntiBot {
 	public $salt, $inputs = array(), $index = 0;
-
+	
 	public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
 		$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
 		if ($uppercase)
@@ -22,11 +22,11 @@ class AntiBot {
 			for ($n = 0; $n < $len; $n++)
 				$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
 		}
-
+		
 		$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
-
+		
 		$ch = array();
-
+		
 		// fill up $ch until we reach $length
 		while (count($ch) < $length) {
 			$n = $length - count($ch);
@@ -39,40 +39,40 @@ class AntiBot {
 			foreach ($keys as $key)
 				$ch[] = $chars[$key];
 		}
-
+		
 		$chars = $ch;
-
+		
 		return implode('', $chars);
 	}
-
+	
 	public static function make_confusing($string) {
 		$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
-
+		
 		foreach ($chars as &$c) {
 			if (mt_rand(0, 3) != 0)
 				$c = utf8tohtml($c);
 			else
 				$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
 		}
-
+		
 		return implode('', $chars);
 	}
-
+	
 	public function __construct(array $salt = array()) {
 		global $config;
-
+		
 		if (!empty($salt)) {
 			// create a salted hash of the "extra salt"
 			$this->salt = implode(':', $salt);
-		} else {
+		} else { 
 			$this->salt = '';
 		}
-
+		
 		shuffle($config['spam']['hidden_input_names']);
-
+		
 		$input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
 		$hidden_input_names_x = 0;
-
+		
 		for ($x = 0; $x < $input_count ; $x++) {
 			if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
 				// Use an obscure name
@@ -83,7 +83,7 @@ class AntiBot {
 				if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
 					$hidden_input_names_x = false;
 			}
-
+			
 			if (mt_rand(0, 2) == 0) {
 				// Value must be null
 				$this->inputs[$name] = '';
@@ -96,16 +96,16 @@ class AntiBot {
 			}
 		}
 	}
-
+	
 	public static function space() {
 		if (mt_rand(0, 3) != 0)
 			return ' ';
 		return str_repeat(' ', mt_rand(1, 3));
 	}
-
+	
 	public function html($count = false) {
 		global $config;
-
+		
 		$elements = array(
 			'<input type="hidden" name="%name%" value="%value%">',
 			'<input type="hidden" value="%value%" name="%name%">',
@@ -119,13 +119,13 @@ class AntiBot {
 			'<textarea style="display:none" name="%name%">%value%</textarea>',
 			'<textarea name="%name%" style="display:none">%value%</textarea>'
 		);
-
+		
 		$html = '';
-
+		
 		if ($count === false) {
-			$count = mt_rand(1, (int)abs(count($this->inputs) / 15) + 1);
+			$count = mt_rand(1, abs(count($this->inputs) / 15) + 1);
 		}
-
+		
 		if ($count === true) {
 			// all elements
 			$inputs = array_slice($this->inputs, $this->index);
@@ -133,7 +133,7 @@ class AntiBot {
 			$inputs = array_slice($this->inputs, $this->index, $count);
 		}
 		$this->index += count($inputs);
-
+		
 		foreach ($inputs as $name => $value) {
 			$element = false;
 			while (!$element) {
@@ -146,37 +146,37 @@ class AntiBot {
 					$element = false;
 				}
 			}
-
+			
 			$element = str_replace('%name%', utf8tohtml($name), $element);
-
+			
 			if (mt_rand(0, 2) == 0)
 				$value = $this->make_confusing($value);
 			else
 				$value = utf8tohtml($value);
-
+			
 			if (strpos($element, 'textarea') === false)
 				$value = str_replace('"', '&quot;', $value);
-
+			
 			$element = str_replace('%value%', $value, $element);
-
+			
 			$html .= $element;
 		}
-
+		
 		return $html;
 	}
-
+	
 	public function reset() {
 		$this->index = 0;
 	}
-
+	
 	public function hash() {
 		global $config;
-
+		
 		// This is the tricky part: create a hash to validate it after
 		// First, sort the keys in alphabetical order (A-Z)
 		$inputs = $this->inputs;
 		ksort($inputs);
-
+		
 		$hash = '';
 		// Iterate through each input
 		foreach ($inputs as $name => $value) {
@@ -184,7 +184,7 @@ class AntiBot {
 		}
 		// Add a salt to the hash
 		$hash .= $config['cookies']['salt'];
-
+		
 		// Use SHA1 for the hash
 		return sha1($hash . $this->salt);
 	}

From c1788d079298989bbd17828e147a53ca6ea3bd80 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 19 Sep 2024 01:32:49 -0700
Subject: [PATCH 244/336] Revert "revert trimming and this somehow fixes the
 antibot issues??????"

---
 inc/anti-bot.php | 70 ++++++++++++++++++++++++------------------------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/inc/anti-bot.php b/inc/anti-bot.php
index 48150328..aa0eeb99 100644
--- a/inc/anti-bot.php
+++ b/inc/anti-bot.php
@@ -10,7 +10,7 @@ $hidden_inputs_twig = array();
 
 class AntiBot {
 	public $salt, $inputs = array(), $index = 0;
-	
+
 	public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
 		$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
 		if ($uppercase)
@@ -22,11 +22,11 @@ class AntiBot {
 			for ($n = 0; $n < $len; $n++)
 				$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
 		}
-		
+
 		$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
-		
+
 		$ch = array();
-		
+
 		// fill up $ch until we reach $length
 		while (count($ch) < $length) {
 			$n = $length - count($ch);
@@ -39,40 +39,40 @@ class AntiBot {
 			foreach ($keys as $key)
 				$ch[] = $chars[$key];
 		}
-		
+
 		$chars = $ch;
-		
+
 		return implode('', $chars);
 	}
-	
+
 	public static function make_confusing($string) {
 		$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
-		
+
 		foreach ($chars as &$c) {
 			if (mt_rand(0, 3) != 0)
 				$c = utf8tohtml($c);
 			else
 				$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
 		}
-		
+
 		return implode('', $chars);
 	}
-	
+
 	public function __construct(array $salt = array()) {
 		global $config;
-		
+
 		if (!empty($salt)) {
 			// create a salted hash of the "extra salt"
 			$this->salt = implode(':', $salt);
-		} else { 
+		} else {
 			$this->salt = '';
 		}
-		
+
 		shuffle($config['spam']['hidden_input_names']);
-		
+
 		$input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
 		$hidden_input_names_x = 0;
-		
+
 		for ($x = 0; $x < $input_count ; $x++) {
 			if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
 				// Use an obscure name
@@ -83,7 +83,7 @@ class AntiBot {
 				if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
 					$hidden_input_names_x = false;
 			}
-			
+
 			if (mt_rand(0, 2) == 0) {
 				// Value must be null
 				$this->inputs[$name] = '';
@@ -96,16 +96,16 @@ class AntiBot {
 			}
 		}
 	}
-	
+
 	public static function space() {
 		if (mt_rand(0, 3) != 0)
 			return ' ';
 		return str_repeat(' ', mt_rand(1, 3));
 	}
-	
+
 	public function html($count = false) {
 		global $config;
-		
+
 		$elements = array(
 			'<input type="hidden" name="%name%" value="%value%">',
 			'<input type="hidden" value="%value%" name="%name%">',
@@ -119,13 +119,13 @@ class AntiBot {
 			'<textarea style="display:none" name="%name%">%value%</textarea>',
 			'<textarea name="%name%" style="display:none">%value%</textarea>'
 		);
-		
+
 		$html = '';
-		
+
 		if ($count === false) {
-			$count = mt_rand(1, abs(count($this->inputs) / 15) + 1);
+			$count = mt_rand(1, (int)abs(count($this->inputs) / 15) + 1);
 		}
-		
+
 		if ($count === true) {
 			// all elements
 			$inputs = array_slice($this->inputs, $this->index);
@@ -133,7 +133,7 @@ class AntiBot {
 			$inputs = array_slice($this->inputs, $this->index, $count);
 		}
 		$this->index += count($inputs);
-		
+
 		foreach ($inputs as $name => $value) {
 			$element = false;
 			while (!$element) {
@@ -146,37 +146,37 @@ class AntiBot {
 					$element = false;
 				}
 			}
-			
+
 			$element = str_replace('%name%', utf8tohtml($name), $element);
-			
+
 			if (mt_rand(0, 2) == 0)
 				$value = $this->make_confusing($value);
 			else
 				$value = utf8tohtml($value);
-			
+
 			if (strpos($element, 'textarea') === false)
 				$value = str_replace('"', '&quot;', $value);
-			
+
 			$element = str_replace('%value%', $value, $element);
-			
+
 			$html .= $element;
 		}
-		
+
 		return $html;
 	}
-	
+
 	public function reset() {
 		$this->index = 0;
 	}
-	
+
 	public function hash() {
 		global $config;
-		
+
 		// This is the tricky part: create a hash to validate it after
 		// First, sort the keys in alphabetical order (A-Z)
 		$inputs = $this->inputs;
 		ksort($inputs);
-		
+
 		$hash = '';
 		// Iterate through each input
 		foreach ($inputs as $name => $value) {
@@ -184,7 +184,7 @@ class AntiBot {
 		}
 		// Add a salt to the hash
 		$hash .= $config['cookies']['salt'];
-		
+
 		// Use SHA1 for the hash
 		return sha1($hash . $this->salt);
 	}

From 9fbc816205af457773b0f42ea18f6fb9605885be Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 22 Aug 2024 00:09:28 +0200
Subject: [PATCH 245/336] templates: bust all js caches with resource_version

---
 templates/header.html           |  2 +-
 templates/mod/ban_list.html     | 12 ++++++------
 templates/mod/pages.html        |  4 ++--
 templates/mod/recent_posts.html |  2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/templates/header.html b/templates/header.html
index b2c0f054..b928ff4a 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -17,7 +17,7 @@
 	{% for javascript in config.additional_javascript %}<script type="text/javascript" src="{{ config.additional_javascript_url }}{{ javascript }}?v={{ config.resource_version }}"></script>{% endfor %}
 	{% endif %}
 	{% if mod %}
-	<script type="text/javascript" src="/js/mod/mod_snippets.js"></script>
+	<script type="text/javascript" src="/js/mod/mod_snippets.js?v={{ config.resource_version }}"></script>
 	{% endif %}
 {% endif %}
 {% if config.captcha.provider == 'recaptcha' %}<script src="//www.recaptcha.net/recaptcha/api.js"></script>
diff --git a/templates/mod/ban_list.html b/templates/mod/ban_list.html
index f039350b..4a4586f7 100644
--- a/templates/mod/ban_list.html
+++ b/templates/mod/ban_list.html
@@ -1,9 +1,9 @@
 <script src='main.js?v={{ config.resource_version }}'></script>
-<script src='js/jquery.min.js'></script>
-<script src='js/mobile-style.js'></script>
-<script src='js/strftime.min.js'></script>
-<script src='js/longtable/longtable.js'></script>
-<script src='js/mod/ban-list.js'></script>
+<script src='js/jquery.min.js?v={{ config.resource_version }}'></script>
+<script src='js/mobile-style.js?v={{ config.resource_version }}'></script>
+<script src='js/strftime.min.js?v={{ config.resource_version }}'></script>
+<script src='js/longtable/longtable.js?v={{ config.resource_version }}'></script>
+<script src='js/mod/ban-list.js?v={{ config.resource_version }}'></script>
 <link rel='stylesheet' href='stylesheets/longtable/longtable.css'>
 <link rel='stylesheet' href='stylesheets/mod/ban-list.css'>
 
@@ -32,7 +32,7 @@
 		</table>
 
 
-		
+
 	</form>
 {% if token_json %}
 	<script>$(function(){ banlist_init("{{ token_json }}", {{ boards }}); });</script>
diff --git a/templates/mod/pages.html b/templates/mod/pages.html
index c2395c02..f6be9487 100644
--- a/templates/mod/pages.html
+++ b/templates/mod/pages.html
@@ -1,4 +1,4 @@
-<script type="text/javascript" src="js/jquery.min.js"></script>
+<script type="text/javascript" src="js/jquery.min.js?v={{ config.resource_version }}"></script>
 <div style="text-align:center">
 <p class="unimportant">
 {% if board %}
@@ -27,7 +27,7 @@
 <table>
 <tr><th>{% trans %}URL{% endtrans %}</th><th>{% trans %}Title{% endtrans %}</th></tr>
 <tr><td><input type="text" name="page"></td><td><input type="text" name="title"></td>
-</table>	
+</table>
 <input type="submit" value="{% trans %}Create{% endtrans %}">
 </form>
 
diff --git a/templates/mod/recent_posts.html b/templates/mod/recent_posts.html
index d5e5d83c..55f854b5 100644
--- a/templates/mod/recent_posts.html
+++ b/templates/mod/recent_posts.html
@@ -1,4 +1,4 @@
-<script src="{{ config.additional_javascript_url }}js/mod/recent-posts.js"></script>
+<script src="{{ config.additional_javascript_url }}js/mod/recent-posts.js?v={{ config.resource_version }}"></script>
 {% if not posts|length %}
 	<p style="text-align:center" class="unimportant">({% trans 'There are no active posts.' %})</p>
 {% else %}

From fcf5c3d73afaddc24197b2353718be18f0bb462a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Thu, 22 Aug 2024 00:15:51 +0200
Subject: [PATCH 246/336] templates: bust all css caches with resource_version

---
 templates/header.html               |  6 +++---
 templates/mod/ban_list.html         |  4 ++--
 templates/themes/recent/recent.html | 16 ++++++++--------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/templates/header.html b/templates/header.html
index b928ff4a..335f572e 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -3,9 +3,9 @@
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">
 {% if config.meta_keywords %}<meta name="keywords" content="{{ config.meta_keywords }}">{% endif %}
-{% if config.default_stylesheet.1 != '' %}<link rel="stylesheet" type="text/css" id="stylesheet" href="{{ config.uri_stylesheets }}{{ config.default_stylesheet.1 }}">{% endif %}
-{% if config.font_awesome %}<link rel="stylesheet" href="{{ config.root }}{{ config.font_awesome_css }}">{% endif %}
-{% if config.country_flags_condensed %}<link rel="stylesheet" href="{{ config.root }}{{ config.country_flags_condensed_css }}">{% endif %}
+{% if config.default_stylesheet.1 != '' %}<link rel="stylesheet" type="text/css" id="stylesheet" href="{{ config.uri_stylesheets }}{{ config.default_stylesheet.1 }}?v={{ config.resource_version }}">{% endif %}
+{% if config.font_awesome %}<link rel="stylesheet" href="{{ config.root }}{{ config.font_awesome_css }}?v={{ config.resource_version }}">{% endif %}
+{% if config.country_flags_condensed %}<link rel="stylesheet" href="{{ config.root }}{{ config.country_flags_condensed_css }}?v={{ config.resource_version }}">{% endif %}
 <script type="text/javascript">
 	var configRoot="{{ config.root }}";
 	var inMod = {% if mod %} true {% else %} false {% endif %};
diff --git a/templates/mod/ban_list.html b/templates/mod/ban_list.html
index 4a4586f7..9115ddb3 100644
--- a/templates/mod/ban_list.html
+++ b/templates/mod/ban_list.html
@@ -4,8 +4,8 @@
 <script src='js/strftime.min.js?v={{ config.resource_version }}'></script>
 <script src='js/longtable/longtable.js?v={{ config.resource_version }}'></script>
 <script src='js/mod/ban-list.js?v={{ config.resource_version }}'></script>
-<link rel='stylesheet' href='stylesheets/longtable/longtable.css'>
-<link rel='stylesheet' href='stylesheets/mod/ban-list.css'>
+<link rel='stylesheet' href='stylesheets/longtable/longtable.css?v={{ config.resource_version }}'>
+<link rel='stylesheet' href='stylesheets/mod/ban-list.css?v={{ config.resource_version }}'>
 
 	<form action="?/bans" method="post" class="banform">
 		{% if token %}
diff --git a/templates/themes/recent/recent.html b/templates/themes/recent/recent.html
index 2a4510f8..9fce7ab8 100644
--- a/templates/themes/recent/recent.html
+++ b/templates/themes/recent/recent.html
@@ -4,11 +4,11 @@
 <head>
         <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
 	<title>{{ settings.title }}</title>
-	<link rel="stylesheet" media="screen" href="{{ config.url_stylesheet }}"/>
-	<link rel="stylesheet" media="screen" href="{{ config.root }}{{ settings.css }}"/>
+	<link rel="stylesheet" media="screen" href="{{ config.url_stylesheet }}?v={{ config.resource_version }}"/>
+	<link rel="stylesheet" media="screen" href="{{ config.root }}{{ settings.css }}?v={{ config.resource_version }}"/>
 	{% if config.url_favicon %}<link rel="shortcut icon" href="{{ config.url_favicon }}" />{% endif %}
-	{% if config.default_stylesheet.1 != '' %}<link rel="stylesheet" type="text/css" id="stylesheet" href="{{ config.uri_stylesheets }}{{ config.default_stylesheet.1 }}">{% endif %}
-	{% if config.font_awesome %}<link rel="stylesheet" href="{{ config.root }}{{ config.font_awesome_css }}">{% endif %}
+	{% if config.default_stylesheet.1 != '' %}<link rel="stylesheet" type="text/css" id="stylesheet" href="{{ config.uri_stylesheets }}{{ config.default_stylesheet.1 }}?v={{ config.resource_version }}">{% endif %}
+	{% if config.font_awesome %}<link rel="stylesheet" href="{{ config.root }}{{ config.font_awesome_css }}?v={{ config.resource_version }}">{% endif %}
 	{% include 'header.html' %}
 </head>
 <body>
@@ -17,7 +17,7 @@
 		<h1>{{ settings.title }}</h1>
 		<div class="subtitle">{{ settings.subtitle }}</div>
 	</header>
-	
+
 	<div class="box-wrap">
 		<div class="box left">
 			<h2>Recent Images</h2>
@@ -36,7 +36,7 @@
 			<ul>
 				{% for post in recent_posts %}
 					<li>
-						<strong>{{ post.board_name }}</strong>: 
+						<strong>{{ post.board_name }}</strong>:
 						<a href="{{ post.link }}">
 							{{ post.snippet }}
 						</a>
@@ -53,11 +53,11 @@
 			</ul>
 		</div>
 	</div>
-	
+
 	<hr/>
 
 	{% include 'footer.html' %}
-	
+
 </body>
 </html>
 {% endapply %}

From 3c5484a7c273aaffdf025fc293383ce5f960d3d0 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sat, 24 Aug 2024 01:36:49 +0200
Subject: [PATCH 247/336] main.js: load styles with dyanamically provided
 resource version. This is done because:  - If the version is updated before
 the rebuild, someone might cache the old version in the meanwhile.  - One
 could not rebuild javascript before updating the version. Now it's possible.

---
 templates/main.js | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/templates/main.js b/templates/main.js
index 13c80c33..82c87094 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -141,7 +141,33 @@ function changeStyle(styleName, link) {
 		x.appendChild(s);
 	}
 
-	document.getElementById('stylesheet').href = styles[styleName];
+	let mainStylesheetElement = document.getElementById('stylesheet');
+	let userStylesheetElement = document.getElementById('stylesheet-user');
+
+	// Override main stylesheet with the user selected one.
+	if (!userStylesheetElement) {
+		userStylesheetElement = document.createElement('link');
+		userStylesheetElement.rel = 'stylesheet';
+		userStylesheetElement.media = 'none';
+		userStylesheetElement.type = 'text/css';
+		userStylesheetElement.id = 'stylesheet';
+		let x = document.getElementsByTagName('head')[0];
+		x.appendChild(userStylesheetElement);
+	}
+
+	// When the new one is loaded, disable the old one
+	userStylesheetElement.onload = function() {
+		this.media = 'all';
+		mainStylesheetElement.media = 'none';
+	}
+
+	let style = styles[styleName];
+	if (style !== '') {
+		// Add the version of the resource if the style is not the embedded one.
+		style += `?v=${resourceVersion}`;
+	}
+
+	document.getElementById('stylesheet').href = style;
 	selectedstyle = styleName;
 
 	if (document.getElementsByClassName('styles').length != 0) {
@@ -162,6 +188,7 @@ function changeStyle(styleName, link) {
 
 
 {% endverbatim %}
+var resourceVersion = document.currentScript.getAttribute('data-resource-version');
 {% if config.stylesheets_board %}
 	{% verbatim %}
 

From 6b60f841d4cde117431cd285644d896866af2568 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sat, 24 Aug 2024 01:43:31 +0200
Subject: [PATCH 248/336] template: supply data-resource-version to main.js

---
 templates/header.html       | 2 +-
 templates/mod/ban_list.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/header.html b/templates/header.html
index 335f572e..51a9593c 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -12,7 +12,7 @@
 	var modRoot = "{{ config.root }}" + (inMod ? "mod.php?/" : "");
 </script>
 {% if not nojavascript %}
-	<script type="text/javascript" src="{{ config.url_javascript }}?v={{ config.resource_version }}"></script>
+	<script type="text/javascript" src="{{ config.url_javascript }}?v={{ config.resource_version }} data-resource-version="{{ config.resource_version }}"></script>
 	{% if not config.additional_javascript_compile %}
 	{% for javascript in config.additional_javascript %}<script type="text/javascript" src="{{ config.additional_javascript_url }}{{ javascript }}?v={{ config.resource_version }}"></script>{% endfor %}
 	{% endif %}
diff --git a/templates/mod/ban_list.html b/templates/mod/ban_list.html
index 9115ddb3..ee8753f7 100644
--- a/templates/mod/ban_list.html
+++ b/templates/mod/ban_list.html
@@ -1,4 +1,4 @@
-<script src='main.js?v={{ config.resource_version }}'></script>
+<script src='main.js?v={{ config.resource_version }}' data-resource-version="{{ config.resource_version }}"></script>
 <script src='js/jquery.min.js?v={{ config.resource_version }}'></script>
 <script src='js/mobile-style.js?v={{ config.resource_version }}'></script>
 <script src='js/strftime.min.js?v={{ config.resource_version }}'></script>

From cb6d6f13dde4a511bfdcfe9c3326c077788dd008 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 19 Sep 2024 22:51:01 +0200
Subject: [PATCH 249/336] main.js: use let

---
 templates/main.js | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/templates/main.js b/templates/main.js
index 13c80c33..53150e2f 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -71,7 +71,7 @@ var datelocale =
 
 
 function alert(a, do_confirm, confirm_ok_action, confirm_cancel_action) {
-	var handler, div, bg, closebtn, okbtn;
+	let handler, div, bg, closebtn, okbtn;
 	let close = function() {
 		handler.fadeOut(400, function() { handler.remove(); });
 		return false;
@@ -133,11 +133,11 @@ function changeStyle(styleName, link) {
 	{% verbatim %}
 
 	if (!document.getElementById('stylesheet')) {
-		var s = document.createElement('link');
+		let s = document.createElement('link');
 		s.rel = 'stylesheet';
 		s.type = 'text/css';
 		s.id = 'stylesheet';
-		var x = document.getElementsByTagName('head')[0];
+		let x = document.getElementsByTagName('head')[0];
 		x.appendChild(s);
 	}
 
@@ -145,8 +145,8 @@ function changeStyle(styleName, link) {
 	selectedstyle = styleName;
 
 	if (document.getElementsByClassName('styles').length != 0) {
-		var styleLinks = document.getElementsByClassName('styles')[0].childNodes;
-		for (var i = 0; i < styleLinks.length; i++) {
+		let styleLinks = document.getElementsByClassName('styles')[0].childNodes;
+		for (let i = 0; i < styleLinks.length; i++) {
 			styleLinks[i].className = '';
 		}
 	}
@@ -171,7 +171,7 @@ function changeStyle(styleName, link) {
 
 	var stylesheet_choices = JSON.parse(localStorage.board_stylesheets);
 	if (board_name && stylesheet_choices[board_name]) {
-		for (var styleName in styles) {
+		for (let styleName in styles) {
 			if (styleName == stylesheet_choices[board_name]) {
 				changeStyle(styleName);
 				break;
@@ -182,7 +182,7 @@ function changeStyle(styleName, link) {
 {% else %}
 	{% verbatim %}
 	if (localStorage.stylesheet) {
-		for (var styleName in styles) {
+		for (let styleName in styles) {
 			if (styleName == localStorage.stylesheet) {
 				changeStyle(styleName);
 				break;
@@ -194,11 +194,11 @@ function changeStyle(styleName, link) {
 {% verbatim %}
 
 function initStyleChooser() {
-	var newElement = document.createElement('div');
+	let newElement = document.createElement('div');
 	newElement.className = 'styles';
 
 	for (styleName in styles) {
-		var style = document.createElement('a');
+		let style = document.createElement('a');
 		style.innerHTML = '[' + styleName + ']';
 		style.onclick = function() {
 			changeStyle(this.innerHTML.substring(1, this.innerHTML.length - 1), this);
@@ -259,8 +259,7 @@ function highlightReply(id) {
 	}
 
 	let divs = document.getElementsByTagName('div');
-	for (var i = 0; i < divs.length; i++)
-	{
+	for (let i = 0; i < divs.length; i++) {
 		if (divs[i].className.indexOf('post') != -1) {
 			divs[i].className = divs[i].className.replace(/highlighted/, '');
 		}
@@ -435,7 +434,7 @@ onReady(init);
 
 {% if config.google_analytics %}{% verbatim %}
 
-var _gaq = _gaq || [];_gaq.push(['_setAccount', '{% endverbatim %}{{ config.google_analytics }}{% verbatim %}']);{% endverbatim %}{% if config.google_analytics_domain %}{% verbatim %}_gaq.push(['_setDomainName', '{% endverbatim %}{{ config.google_analytics_domain }}{% verbatim %}']){% endverbatim %}{% endif %}{% if not config.google_analytics_domain %}{% verbatim %}_gaq.push(['_setDomainName', 'none']){% endverbatim %}{% endif %}{% verbatim %};_gaq.push(['_trackPageview']);(function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;ga.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'stats.g.doubleclick.net/dc.js';var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})();{% endverbatim %}{% endif %}
+var _gaq = _gaq || [];_gaq.push(['_setAccount', '{% endverbatim %}{{ config.google_analytics }}{% verbatim %}']);{% endverbatim %}{% if config.google_analytics_domain %}{% verbatim %}_gaq.push(['_setDomainName', '{% endverbatim %}{{ config.google_analytics_domain }}{% verbatim %}']){% endverbatim %}{% endif %}{% if not config.google_analytics_domain %}{% verbatim %}_gaq.push(['_setDomainName', 'none']){% endverbatim %}{% endif %}{% verbatim %};_gaq.push(['_trackPageview']);(function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;ga.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'stats.g.doubleclick.net/dc.js';let s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})();{% endverbatim %}{% endif %}
 
 {% if config.statcounter_project and config.statcounter_security %}
 var sc = document.createElement('script');

From 4332b703630ab73a6e789861dcfa9f02fe64055f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 19 Sep 2024 22:51:31 +0200
Subject: [PATCH 250/336] quote-selection.js: trim

---
 js/quote-selection.js | 41 ++++++++++++++++++++---------------------
 1 file changed, 20 insertions(+), 21 deletions(-)

diff --git a/js/quote-selection.js b/js/quote-selection.js
index 0722c0b1..6f609319 100644
--- a/js/quote-selection.js
+++ b/js/quote-selection.js
@@ -16,7 +16,7 @@
 $(document).ready(function(){
 	if (!window.getSelection)
 		return;
-	
+
 	$.fn.selectRange = function(start, end) {
 		return this.each(function() {
 			if (this.setSelectionRange) {
@@ -31,11 +31,11 @@ $(document).ready(function(){
 			}
 		});
 	};
-	
+
 	var altKey = false;
 	var ctrlKey = false;
 	var metaKey = false;
-	
+
 	$(document).keyup(function(e) {
 		if (e.keyCode == 18)
 			altKey = false;
@@ -44,7 +44,7 @@ $(document).ready(function(){
 		else if (e.keyCode == 91)
 			metaKey = false;
 	});
-	
+
 	$(document).keydown(function(e) {
 		if (e.altKey)
 			altKey = true;
@@ -52,51 +52,51 @@ $(document).ready(function(){
 			ctrlKey = true;
 		else if (e.metaKey)
 			metaKey = true;
-		
+
 		if (altKey || ctrlKey || metaKey) {
 			// console.log('CTRL/ALT/Something used. Ignoring');
 			return;
 		}
-		
+
 		if (e.keyCode < 48 || e.keyCode > 90)
 			return;
-		
+
 		var selection = window.getSelection();
 		var $post = $(selection.anchorNode).parents('.post');
 		if ($post.length == 0) {
 			// console.log('Start of selection was not post div', $(selection.anchorNode).parent());
 			return;
 		}
-		
+
 		var postID = $post.find('.post_no:eq(1)').text();
-		
+
 		if (postID != $(selection.focusNode).parents('.post').find('.post_no:eq(1)').text()) {
 			// console.log('Selection left post div', $(selection.focusNode).parent());
 			return;
 		}
-		
+
 		;
 		var selectedText = selection.toString();
 		// console.log('Selected text: ' + selectedText.replace(/\n/g, '\\n').replace(/\r/g, '\\r'));
-		
+
 		if ($('body').hasClass('debug'))
 			alert(selectedText);
-		
+
 		if (selectedText.length == 0)
 			return;
-		
+
 		var body = $('textarea#body')[0];
-		
+
 		var last_quote = body.value.match(/[\S.]*(^|[\S\s]*)>>(\d+)/);
 		if (last_quote)
 			last_quote = last_quote[2];
-		
+
 		/* to solve some bugs on weird browsers, we need to replace \r\n with \n and then undo that after */
 		var quote = (last_quote != postID ? '>>' + postID + '\r\n' : '') + $.trim(selectedText).replace(/\r\n/g, '\n').replace(/^/mg, '>').replace(/\n/g, '\r\n') + '\r\n';
-		
+
 		// console.log('Deselecting text');
 		selection.removeAllRanges();
-		
+
 		if (document.selection) {
 			// IE
 			body.focus();
@@ -107,12 +107,12 @@ $(document).ready(function(){
 			// Mozilla
 			var start = body.selectionStart;
 			var end = body.selectionEnd;
-			
+
 			if (!body.value.substring(0, start).match(/(^|\n)$/)) {
 				quote = '\r\n\r\n' + quote;
 			}
-			
-			body.value = body.value.substring(0, start) + quote + body.value.substring(end, body.value.length);			
+
+			body.value = body.value.substring(0, start) + quote + body.value.substring(end, body.value.length);
 			$(body).selectRange(start + quote.length, start + quote.length);
 		} else {
 			// ???
@@ -121,4 +121,3 @@ $(document).ready(function(){
 		}
 	});
 });
-

From fd309443ea0a4e4e37033dbf042aa9f7f445dd7a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 19 Sep 2024 22:54:04 +0200
Subject: [PATCH 251/336] js: drop IE support

---
 js/quote-selection.js | 9 +--------
 templates/main.js     | 7 +------
 2 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/js/quote-selection.js b/js/quote-selection.js
index 6f609319..ad7a76ed 100644
--- a/js/quote-selection.js
+++ b/js/quote-selection.js
@@ -97,14 +97,7 @@ $(document).ready(function(){
 		// console.log('Deselecting text');
 		selection.removeAllRanges();
 
-		if (document.selection) {
-			// IE
-			body.focus();
-			var sel = document.selection.createRange();
-			sel.text = quote;
-			body.focus();
-		} else if (body.selectionStart || body.selectionStart == '0') {
-			// Mozilla
+		if (body.selectionStart || body.selectionStart == '0') {
 			var start = body.selectionStart;
 			var end = body.selectionEnd;
 
diff --git a/templates/main.js b/templates/main.js
index 53150e2f..96d2fb3f 100644
--- a/templates/main.js
+++ b/templates/main.js
@@ -307,12 +307,7 @@ function citeReply(id, with_link) {
 		return false;
 	}
 
-	if (document.selection) {
-		// IE
-		textarea.focus();
-		let sel = document.selection.createRange();
-		sel.text = '>>' + id + '\n';
-	} else if (textarea.selectionStart || textarea.selectionStart == '0') {
+	if (textarea.selectionStart || textarea.selectionStart == '0') {
 		let start = textarea.selectionStart;
 		let end = textarea.selectionEnd;
 		textarea.value = textarea.value.substring(0, start) + '>>' + id + '\n' + textarea.value.substring(end, textarea.value.length);

From bdd7090e7588f9b62919e876817dc442455b192d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 19 Sep 2024 22:56:23 +0200
Subject: [PATCH 252/336] quote-selection.js: format

---
 js/quote-selection.js | 70 +++++++++++++++++++++----------------------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/js/quote-selection.js b/js/quote-selection.js
index ad7a76ed..ba67fa7c 100644
--- a/js/quote-selection.js
+++ b/js/quote-selection.js
@@ -10,12 +10,12 @@
  * Usage:
  *   $config['additional_javascript'][] = 'js/jquery.min.js';
  *   $config['additional_javascript'][] = 'js/quote-selection.js';
- *
  */
 
-$(document).ready(function(){
-	if (!window.getSelection)
+$(document).ready(function() {
+	if (!window.getSelection) {
 		return;
+	}
 
 	$.fn.selectRange = function(start, end) {
 		return this.each(function() {
@@ -23,7 +23,7 @@ $(document).ready(function(){
 				this.focus();
 				this.setSelectionRange(start, end);
 			} else if (this.createTextRange) {
-				var range = this.createTextRange();
+				let range = this.createTextRange();
 				range.collapse(true);
 				range.moveEnd('character', end);
 				range.moveStart('character', start);
@@ -32,74 +32,74 @@ $(document).ready(function(){
 		});
 	};
 
-	var altKey = false;
-	var ctrlKey = false;
-	var metaKey = false;
+	let altKey = false;
+	let ctrlKey = false;
+	let metaKey = false;
 
 	$(document).keyup(function(e) {
-		if (e.keyCode == 18)
+		if (e.keyCode == 18) {
 			altKey = false;
-		else if (e.keyCode == 17)
+		} else if (e.keyCode == 17) {
 			ctrlKey = false;
-		else if (e.keyCode == 91)
+		} else if (e.keyCode == 91) {
 			metaKey = false;
+		}
 	});
 
 	$(document).keydown(function(e) {
-		if (e.altKey)
+		if (e.altKey) {
 			altKey = true;
-		else if (e.ctrlKey)
+		} else if (e.ctrlKey) {
 			ctrlKey = true;
-		else if (e.metaKey)
+		} else if (e.metaKey) {
 			metaKey = true;
+		}
 
 		if (altKey || ctrlKey || metaKey) {
-			// console.log('CTRL/ALT/Something used. Ignoring');
 			return;
 		}
 
-		if (e.keyCode < 48 || e.keyCode > 90)
-			return;
-
-		var selection = window.getSelection();
-		var $post = $(selection.anchorNode).parents('.post');
-		if ($post.length == 0) {
-			// console.log('Start of selection was not post div', $(selection.anchorNode).parent());
+		if (e.keyCode < 48 || e.keyCode > 90) {
 			return;
 		}
 
-		var postID = $post.find('.post_no:eq(1)').text();
+		let selection = window.getSelection();
+		let post = $(selection.anchorNode).parents('.post');
+		if (post.length == 0) {
+			return;
+		}
+
+		let postID = post.find('.post_no:eq(1)').text();
 
 		if (postID != $(selection.focusNode).parents('.post').find('.post_no:eq(1)').text()) {
-			// console.log('Selection left post div', $(selection.focusNode).parent());
 			return;
 		}
 
-		;
-		var selectedText = selection.toString();
-		// console.log('Selected text: ' + selectedText.replace(/\n/g, '\\n').replace(/\r/g, '\\r'));
+		let selectedText = selection.toString();
 
-		if ($('body').hasClass('debug'))
+		if ($('body').hasClass('debug')) {
 			alert(selectedText);
+		}
 
-		if (selectedText.length == 0)
+		if (selectedText.length == 0) {
 			return;
+		}
 
-		var body = $('textarea#body')[0];
+		let body = $('textarea#body')[0];
 
-		var last_quote = body.value.match(/[\S.]*(^|[\S\s]*)>>(\d+)/);
-		if (last_quote)
+		let last_quote = body.value.match(/[\S.]*(^|[\S\s]*)>>(\d+)/);
+		if (last_quote) {
 			last_quote = last_quote[2];
+		}
 
 		/* to solve some bugs on weird browsers, we need to replace \r\n with \n and then undo that after */
-		var quote = (last_quote != postID ? '>>' + postID + '\r\n' : '') + $.trim(selectedText).replace(/\r\n/g, '\n').replace(/^/mg, '>').replace(/\n/g, '\r\n') + '\r\n';
+		let quote = (last_quote != postID ? '>>' + postID + '\r\n' : '') + $.trim(selectedText).replace(/\r\n/g, '\n').replace(/^/mg, '>').replace(/\n/g, '\r\n') + '\r\n';
 
-		// console.log('Deselecting text');
 		selection.removeAllRanges();
 
 		if (body.selectionStart || body.selectionStart == '0') {
-			var start = body.selectionStart;
-			var end = body.selectionEnd;
+			let start = body.selectionStart;
+			let end = body.selectionEnd;
 
 			if (!body.value.substring(0, start).match(/(^|\n)$/)) {
 				quote = '\r\n\r\n' + quote;

From 0e8aeca4af75661ca07b813ee1ee7053ea88a8c0 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 19 Sep 2024 23:09:02 +0200
Subject: [PATCH 253/336] anti-bot.php: format

---
 inc/anti-bot.php | 56 ++++++++++++++++++++++++++++--------------------
 1 file changed, 33 insertions(+), 23 deletions(-)

diff --git a/inc/anti-bot.php b/inc/anti-bot.php
index aa0eeb99..cfa05a32 100644
--- a/inc/anti-bot.php
+++ b/inc/anti-bot.php
@@ -6,26 +6,31 @@
 
 defined('TINYBOARD') or exit;
 
-$hidden_inputs_twig = array();
+$hidden_inputs_twig = [];
 
 class AntiBot {
-	public $salt, $inputs = array(), $index = 0;
+	public $salt;
+	public $inputs = [];
+	public $index = 0;
 
 	public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
 		$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
-		if ($uppercase)
+		if ($uppercase) {
 			$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-		if ($special_chars)
+		}
+		if ($special_chars) {
 			$chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';
+		}
 		if ($unicode_chars) {
 			$len = strlen($chars) / 10;
-			for ($n = 0; $n < $len; $n++)
+			for ($n = 0; $n < $len; $n++) {
 				$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
+			}
 		}
 
 		$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
 
-		$ch = array();
+		$ch = [];
 
 		// fill up $ch until we reach $length
 		while (count($ch) < $length) {
@@ -36,8 +41,9 @@ class AntiBot {
 				break;
 			}
 			shuffle($keys);
-			foreach ($keys as $key)
+			foreach ($keys as $key) {
 				$ch[] = $chars[$key];
+			}
 		}
 
 		$chars = $ch;
@@ -49,20 +55,21 @@ class AntiBot {
 		$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
 
 		foreach ($chars as &$c) {
-			if (mt_rand(0, 3) != 0)
+			if (mt_rand(0, 3) != 0) {
 				$c = utf8tohtml($c);
-			else
-				$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
+			} else {
+				$c = mb_encode_numericentity($c, [ 0, 0xffff, 0, 0xffff ], 'UTF-8');
+			}
 		}
 
 		return implode('', $chars);
 	}
 
-	public function __construct(array $salt = array()) {
+	public function __construct(array $salt = []) {
 		global $config;
 
 		if (!empty($salt)) {
-			// create a salted hash of the "extra salt"
+			// Create a salted hash of the "extra salt"
 			$this->salt = implode(':', $salt);
 		} else {
 			$this->salt = '';
@@ -80,8 +87,9 @@ class AntiBot {
 			} else {
 				// Use a pre-defined confusing name
 				$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
-				if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
+				if ($hidden_input_names_x >= count($config['spam']['hidden_input_names'])) {
 					$hidden_input_names_x = false;
+				}
 			}
 
 			if (mt_rand(0, 2) == 0) {
@@ -98,15 +106,14 @@ class AntiBot {
 	}
 
 	public static function space() {
-		if (mt_rand(0, 3) != 0)
+		if (mt_rand(0, 3) != 0) {
 			return ' ';
+		}
 		return str_repeat(' ', mt_rand(1, 3));
 	}
 
 	public function html($count = false) {
-		global $config;
-
-		$elements = array(
+		$elements = [
 			'<input type="hidden" name="%name%" value="%value%">',
 			'<input type="hidden" value="%value%" name="%name%">',
 			'<input name="%name%" value="%value%" type="hidden">',
@@ -118,7 +125,7 @@ class AntiBot {
 			'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
 			'<textarea style="display:none" name="%name%">%value%</textarea>',
 			'<textarea name="%name%" style="display:none">%value%</textarea>'
-		);
+		];
 
 		$html = '';
 
@@ -127,7 +134,7 @@ class AntiBot {
 		}
 
 		if ($count === true) {
-			// all elements
+			// All elements
 			$inputs = array_slice($this->inputs, $this->index);
 		} else {
 			$inputs = array_slice($this->inputs, $this->index, $count);
@@ -139,8 +146,9 @@ class AntiBot {
 			while (!$element) {
 				$element = $elements[array_rand($elements)];
 				$element = str_replace(' ', self::space(), $element);
-				if (mt_rand(0, 5) == 0)
+				if (mt_rand(0, 5) == 0) {
 					$element = str_replace('>', self::space() . '>', $element);
+				}
 				if (strpos($element, 'textarea') !== false && $value == '') {
 					// There have been some issues with mobile web browsers and empty <textarea>'s.
 					$element = false;
@@ -149,13 +157,15 @@ class AntiBot {
 
 			$element = str_replace('%name%', utf8tohtml($name), $element);
 
-			if (mt_rand(0, 2) == 0)
+			if (mt_rand(0, 2) == 0) {
 				$value = $this->make_confusing($value);
-			else
+			} else {
 				$value = utf8tohtml($value);
+			}
 
-			if (strpos($element, 'textarea') === false)
+			if (strpos($element, 'textarea') === false) {
 				$value = str_replace('"', '&quot;', $value);
+			}
 
 			$element = str_replace('%value%', $value, $element);
 

From 65008dec98af0546092592b7ce3fa3340cf6a74d Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 19 Sep 2024 23:13:42 +0200
Subject: [PATCH 254/336] anti-bot.php: remove unused variable

---
 inc/anti-bot.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/inc/anti-bot.php b/inc/anti-bot.php
index cfa05a32..326628af 100644
--- a/inc/anti-bot.php
+++ b/inc/anti-bot.php
@@ -6,8 +6,6 @@
 
 defined('TINYBOARD') or exit;
 
-$hidden_inputs_twig = [];
-
 class AntiBot {
 	public $salt;
 	public $inputs = [];

From 428a686f4739e848c467de644401cd0f71db3564 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sat, 21 Sep 2024 14:39:13 -0700
Subject: [PATCH 255/336] fix minor exploit with banning

---
 inc/mod/pages.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index a713d8fe..e7a8becd 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -1549,7 +1549,7 @@ function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) {
 	if (!openBoard($board))
 		error($config['error']['noboard']);
 
-	if (!hasPermission($config['mod']['delete'], $board))
+	if (!hasPermission($config['mod']['ban'], $board))
 		error($config['error']['noaccess']);
 
 	$security_token = make_secure_link_token($board . '/ban/' . $post);

From e70c087f5f8ede8f22bd73fc8c5a55f8ca2fe522 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 1 Oct 2024 15:01:03 +0200
Subject: [PATCH 256/336] docker: use composer LTS

---
 docker/php/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index 40383861..1882bc9d 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -1,6 +1,6 @@
 # Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile
 
-FROM composer AS composer
+FROM composer:lts AS composer
 FROM php:8.1-fpm-alpine
 
 RUN apk add --no-cache \

From 44b31eff0b9d2dfdeb44db7b49c57d25f812fd92 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 1 Oct 2024 15:16:20 +0200
Subject: [PATCH 257/336] style.css: remove deprecated extensions

---
 stylesheets/style.css | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/stylesheets/style.css b/stylesheets/style.css
index 6991c84c..b7c39b26 100644
--- a/stylesheets/style.css
+++ b/stylesheets/style.css
@@ -917,10 +917,6 @@ pre {
 .poster_id {
   cursor: pointer;
   display: inline-block;
-  -webkit-user-select: none;
-  -moz-user-select: none;
-  -ms-user-select: none;
-  -o-user-select: none;
   user-select: none;
 }
 .poster_id:hover {
@@ -1196,8 +1192,7 @@ table.fileboard .intro a {
 
 #gallery_images img {
   opacity: 0.6;
-  -webkit-transition: all 0.5s;
-          transition: all 0.5s;
+  transition: all 0.5s;
 }
 
 #gallery_images img:hover, #gallery_images img.active {
@@ -1205,9 +1200,7 @@ table.fileboard .intro a {
 }
 
 #gallery_images img.active {
-  -webkit-box-shadow: 0px 0px 29px 2px rgba(255,255,255,1);
-     -moz-box-shadow: 0px 0px 29px 2px rgba(255,255,255,1);
-          box-shadow: 0px 0px 29px 2px rgba(255,255,255,1);
+  box-shadow: 0px 0px 29px 2px rgba(255,255,255,1);
   z-index: 1;
 }
 

From 13ca053e06cc759faf07f113b6a0992d89e0d47a Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 1 Oct 2024 21:52:50 +0200
Subject: [PATCH 258/336] config.php: fix default 'dir' configuration

---
 inc/config.php | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 3e183dc1..43222d31 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1429,14 +1429,10 @@
 	$config['dir'] = [
 		'img' => 'src/',
 		'thumb' => 'thumb/',
-		'res' => 'res/'
-	];
-
-	// For load balancing, having a seperate server (and domain/subdomain) for serving static content is
-	// possible. This can either be a directory or a URL. Defaults to $config['root'] . 'static/'.
-	// $config['dir']['static'] = 'http://static.example.org/';
-
-	$config['dir'] = [
+		'res' => 'res/',
+		// For load balancing, having a seperate server (and domain/subdomain) for serving static content is
+		// possible. This can either be a directory or a URL. Defaults to $config['root'] . 'static/'.
+		// $config['dir']['static'] = 'http://static.example.org/';
 		// Where to store the .html templates. This folder and the template files must exist.
 		'template' => getcwd() . '/templates',
 		// Location of vichan "themes".

From e6133ef00f32060aa58ba0865f21fb9202a9cf70 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 1 Oct 2024 22:14:26 +0200
Subject: [PATCH 259/336] auth.php: passthrough the context

---
 inc/mod/auth.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index ec9d6057..70cf23ff 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -4,6 +4,7 @@
  *  Copyright (c) 2010-2013 Tinyboard Development Group
  */
 
+use Vichan\Context;
 use Vichan\Functions\Net;
 
 defined('TINYBOARD') or exit;
@@ -232,7 +233,7 @@ function make_secure_link_token(string $uri): string {
 	return substr(sha1($config['cookies']['salt'] . '-' . $uri . '-' . $mod['id']), 0, 8);
 }
 
-function check_login(bool $prompt = false): void {
+function check_login(Context $ctx, bool $prompt = false): void {
 	global $config, $mod;
 
 	$is_https = Net\is_connection_secure($config['cookies']['secure_login_only'] === 1);
@@ -246,7 +247,9 @@ function check_login(bool $prompt = false): void {
 		if (count($cookie) != 3) {
 			// Malformed cookies
 			destroyCookies();
-			if ($prompt) mod_login();
+			if ($prompt) {
+				mod_login($ctx);
+			}
 			exit;
 		}
 
@@ -259,7 +262,9 @@ function check_login(bool $prompt = false): void {
 		if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
 			// Malformed cookies
 			destroyCookies();
-			if ($prompt) mod_login();
+			if ($prompt) {
+				mod_login($ctx);
+			}
 			exit;
 		}
 

From f4ff39c876d6e57d1a457a7afc34a6572c63b1f0 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 1 Oct 2024 22:15:03 +0200
Subject: [PATCH 260/336] post.php, mod.php: pass the context to check_login

---
 mod.php  | 7 ++++---
 post.php | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/mod.php b/mod.php
index 474210cd..c9e891ee 100644
--- a/mod.php
+++ b/mod.php
@@ -11,7 +11,10 @@ if ($config['debug']) {
 
 require_once 'inc/mod/pages.php';
 
-check_login(true);
+
+$ctx = Vichan\build_context($config);
+
+check_login($ctx, true);
 
 $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';
 
@@ -136,8 +139,6 @@ foreach ($pages as $key => $callback) {
 }
 $pages = $new_pages;
 
-$ctx = Vichan\build_context($config);
-
 foreach ($pages as $uri => $handler) {
 	if (preg_match($uri, $query, $matches)) {
 		$matches[0] = $ctx; // Replace the text captured by the full pattern with a reference to the context.
diff --git a/post.php b/post.php
index 6f29f50c..b20fdfc9 100644
--- a/post.php
+++ b/post.php
@@ -694,7 +694,7 @@ if (isset($_POST['delete'])) {
 
 
 		if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
-			check_login(false);
+			check_login($context, false);
 			if (!$mod) {
 				// Liar. You're not a mod.
 				error($config['error']['notamod']);

From 3e9ad58e97d6701c156c949ae5c71a8eac957cca Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 1 Oct 2024 23:54:16 +0200
Subject: [PATCH 261/336] config.php: fix mod config array

---
 inc/config.php | 87 ++++++++++++++++++++++++--------------------------
 1 file changed, 42 insertions(+), 45 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 43222d31..15fe3f64 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1559,50 +1559,6 @@
 		'lock_ip' => true,
 		// The page that is first shown when a moderator logs in. Defaults to the dashboard (?/).
 		'default' => '/',
-
-		'link_delete' => '[D]',
-		'link_ban' => '[B]',
-		'link_bandelete' => '[&amp;D]',
-		'link_deletefile' => '[F]',
-		'link_spoilerimage' => '[S]',
-		'link_deletebyip' => '[D+]',
-		'link_deletebyip_global' => '[D++]',
-		'link_sticky' => '[Sticky]',
-		'link_desticky' => '[-Sticky]',
-		'link_lock' => '[Lock]',
-		'link_unlock' => '[-Lock]',
-		'link_bumplock' => '[Sage]',
-		'link_bumpunlock' => '[-Sage]',
-		'link_editpost' => '[Edit]',
-		'link_move' => '[Move]',
-		'link_cycle' => '[Cycle]',
-		'link_uncycle' => '[-Cycle]'
-	];
-
-	// Moderator capcodes.
-	$config['capcode'] = ' <span class="capcode">## %s</span>';
-
-	// "## Custom" becomes lightgreen, italic and bold:
-	//$config['custom_capcode']['Custom'] ='<span class="capcode" style="color:lightgreen;font-style:italic;font-weight:bold"> ## %s</span>';
-
-	// "## Mod" makes everything purple, including the name and tripcode:
-	//$config['custom_capcode']['Mod'] = array(
-	//	'<span class="capcode" style="color:purple"> ## %s</span>',
-	//	'color:purple', // Change name style; optional
-	//	'color:purple' // Change tripcode style; optional
-	//);
-
-	// "## Admin" makes everything red and bold, including the name and tripcode:
-	//$config['custom_capcode']['Admin'] = array(
-	//	'<span class="capcode" style="color:red;font-weight:bold"> ## %s</span>',
-	//	'color:red;font-weight:bold', // Change name style; optional
-	//	'color:red;font-weight:bold' // Change tripcode style; optional
-	//);
-
-	// Enable the moving of single replies
-	$config['move_replies'] = false;
-
-	$config['mod'] = [
 		// Do DNS lookups on IP addresses to get their hostname for the moderator IP pages (?/IP/x.x.x.x).
 		'dns_lookup' => true,
 		// How many recent posts, per board, to show in ?/IP/x.x.x.x.
@@ -1653,9 +1609,50 @@
 		'dismiss_reports_on_lock' => true,
 
 		// Replace ?/config with a simple text editor for editing inc/instance-config.php.
-		'config_editor_php' => false
+		'config_editor_php' => false,
+
+		'link_delete' => '[D]',
+		'link_ban' => '[B]',
+		'link_bandelete' => '[&amp;D]',
+		'link_deletefile' => '[F]',
+		'link_spoilerimage' => '[S]',
+		'link_deletebyip' => '[D+]',
+		'link_deletebyip_global' => '[D++]',
+		'link_sticky' => '[Sticky]',
+		'link_desticky' => '[-Sticky]',
+		'link_lock' => '[Lock]',
+		'link_unlock' => '[-Lock]',
+		'link_bumplock' => '[Sage]',
+		'link_bumpunlock' => '[-Sage]',
+		'link_editpost' => '[Edit]',
+		'link_move' => '[Move]',
+		'link_cycle' => '[Cycle]',
+		'link_uncycle' => '[-Cycle]'
 	];
 
+	// Moderator capcodes.
+	$config['capcode'] = ' <span class="capcode">## %s</span>';
+
+	// "## Custom" becomes lightgreen, italic and bold:
+	//$config['custom_capcode']['Custom'] ='<span class="capcode" style="color:lightgreen;font-style:italic;font-weight:bold"> ## %s</span>';
+
+	// "## Mod" makes everything purple, including the name and tripcode:
+	//$config['custom_capcode']['Mod'] = array(
+	//	'<span class="capcode" style="color:purple"> ## %s</span>',
+	//	'color:purple', // Change name style; optional
+	//	'color:purple' // Change tripcode style; optional
+	//);
+
+	// "## Admin" makes everything red and bold, including the name and tripcode:
+	//$config['custom_capcode']['Admin'] = array(
+	//	'<span class="capcode" style="color:red;font-weight:bold"> ## %s</span>',
+	//	'color:red;font-weight:bold', // Change name style; optional
+	//	'color:red;font-weight:bold' // Change tripcode style; optional
+	//);
+
+	// Enable the moving of single replies
+	$config['move_replies'] = false;
+
 /*
  * ====================
  *  Mod permissions

From 25b2b6bc6efe31d7fa12eaef840f1cb6cf88c88f Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 20 Sep 2024 02:04:32 +0200
Subject: [PATCH 262/336] display.php: trim

---
 inc/display.php | 141 ++++++++++++++++++++++++------------------------
 1 file changed, 70 insertions(+), 71 deletions(-)

diff --git a/inc/display.php b/inc/display.php
index 66e4a37f..929d24c3 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -9,7 +9,7 @@ if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
 	exit;
 }
 
-/* 
+/*
 	joaoptm78@gmail.com
 	http://www.php.net/manual/en/function.filesize.php#100097
 */
@@ -21,7 +21,7 @@ function format_bytes($size) {
 
 function doBoardListPart($list, $root, &$boards) {
 	global $config;
-	
+
 	$body = '';
 	foreach ($list as $key => $board) {
 		if (is_array($board))
@@ -34,21 +34,21 @@ function doBoardListPart($list, $root, &$boards) {
 				if (isset ($boards[$board])) {
 					$title = ' title="'.$boards[$board].'"';
 				}
-				
+
 				$body .= ' <a href="' . $root . $board . '/' . $config['file_index'] . '"'.$title.'>' . $board . '</a> /';
 			}
 		}
 	}
 	$body = preg_replace('/\/$/', '', $body);
-	
+
 	return $body;
 }
 
 function createBoardlist($mod=false) {
 	global $config;
-	
+
 	if (!isset($config['boards'])) return array('top'=>'','bottom'=>'');
-	
+
 	$xboards = listBoards();
 	$boards = array();
 	foreach ($xboards as $val) {
@@ -59,12 +59,12 @@ function createBoardlist($mod=false) {
 
 	if ($config['boardlist_wrap_bracket'] && !preg_match('/\] $/', $body))
 		$body = '[' . $body . ']';
-	
+
 	$body = trim($body);
 
 	// Message compact-boardlist.js faster, so that page looks less ugly during loading
 	$top = "<script type='text/javascript'>if (typeof do_boardlist != 'undefined') do_boardlist();</script>";
-	
+
 	return array(
 		'top' => '<div class="boardlist">' . $body . '</div>' . $top,
 		'bottom' => '<div class="boardlist bottom">' . $body . '</div>'
@@ -73,12 +73,12 @@ function createBoardlist($mod=false) {
 
 function error($message, $priority = true, $debug_stuff = []) {
 	global $board, $mod, $config, $db_error;
-	
+
 	if ($config['syslog'] && $priority !== false) {
 		// Use LOG_NOTICE instead of LOG_ERR or LOG_WARNING because most error message are not significant.
 		_syslog($priority !== true ? $priority : LOG_NOTICE, $message);
 	}
-	
+
 	if (defined('STDIN')) {
 		// Running from CLI
 		echo('Error: ' . $message . "\n");
@@ -113,7 +113,7 @@ function error($message, $priority = true, $debug_stuff = []) {
 	};
 
 
-	if ($debug_stuff) 
+	if ($debug_stuff)
 		$debug_stuff = array_filter($debug_stuff, $debug_callback);
 
 	die(Element($config['file_page_template'], array(
@@ -132,7 +132,7 @@ function error($message, $priority = true, $debug_stuff = []) {
 
 function loginForm($error=false, $username=false, $redirect=false) {
 	global $config;
-	
+
 	die(Element($config['file_page_template'], array(
 		'index' => $config['root'],
 		'title' => _('Login'),
@@ -149,34 +149,34 @@ function loginForm($error=false, $username=false, $redirect=false) {
 
 function pm_snippet($body, $len=null) {
 	global $config;
-	
+
 	if (!isset($len))
 		$len = &$config['mod']['snippet_length'];
-	
+
 	// Replace line breaks with some whitespace
 	$body = preg_replace('@<br/?>@i', '  ', $body);
-	
+
 	// Strip tags
 	$body = strip_tags($body);
-	
+
 	// Unescape HTML characters, to avoid splitting them in half
 	$body = html_entity_decode($body, ENT_COMPAT, 'UTF-8');
-	
+
 	// calculate strlen() so we can add "..." after if needed
 	$strlen = mb_strlen($body);
-	
+
 	$body = mb_substr($body, 0, $len);
-	
+
 	// Re-escape the characters.
 	return '<em>' . utf8tohtml($body) . ($strlen > $len ? '&hellip;' : '') . '</em>';
 }
 
 function capcode($cap) {
 	global $config;
-	
+
 	if (!$cap)
 		return false;
-	
+
 	$capcode = array();
 	if (isset($config['custom_capcode'][$cap])) {
 		if (is_array($config['custom_capcode'][$cap])) {
@@ -191,59 +191,59 @@ function capcode($cap) {
 	} else {
 		$capcode['cap'] = sprintf($config['capcode'], $cap);
 	}
-	
+
 	return $capcode;
 }
 
 function truncate($body, $url, $max_lines = false, $max_chars = false) {
 	global $config;
-	
+
 	if ($max_lines === false)
 		$max_lines = $config['body_truncate'];
 	if ($max_chars === false)
 		$max_chars = $config['body_truncate_char'];
-	
+
 	// We don't want to risk truncating in the middle of an HTML comment.
 	// It's easiest just to remove them all first.
 	$body = preg_replace('/<!--.*?-->/s', '', $body);
-	
+
 	$original_body = $body;
-	
+
 	$lines = substr_count($body, '<br/>');
-	
+
 	// Limit line count
 	if ($lines > $max_lines) {
 		if (preg_match('/(((.*?)<br\/>){' . $max_lines . '})/', $body, $m))
 			$body = $m[0];
 	}
-	
+
 	$body = mb_substr($body, 0, $max_chars);
-	
+
 	if ($body != $original_body) {
 		// Remove any corrupt tags at the end
 		$body = preg_replace('/<([\w]+)?([^>]*)?$/', '', $body);
-		
+
 		// Open tags
 		if (preg_match_all('/<([\w]+)[^>]*>/', $body, $open_tags)) {
-			
+
 			$tags = array();
 			for ($x=0;$x<count($open_tags[0]);$x++) {
 				if (!preg_match('/\/(\s+)?>$/', $open_tags[0][$x]))
 					$tags[] = $open_tags[1][$x];
 			}
-			
+
 			// List successfully closed tags
 			if (preg_match_all('/(<\/([\w]+))>/', $body, $closed_tags)) {
 				for ($x=0;$x<count($closed_tags[0]);$x++) {
 					unset($tags[array_search($closed_tags[2][$x], $tags)]);
 				}
 			}
-			
+
 			// remove broken HTML entity at the end (if existent)
 			$body = preg_replace('/&[^;]+$/', '', $body);
-			
+
 			$tags_no_close_needed = array("colgroup", "dd", "dt", "li", "optgroup", "option", "p", "tbody", "td", "tfoot", "th", "thead", "tr", "br", "img");
-			
+
 			// Close any open tags
 			foreach ($tags as &$tag) {
 				if (!in_array($tag, $tags_no_close_needed))
@@ -253,10 +253,10 @@ function truncate($body, $url, $max_lines = false, $max_chars = false) {
 			// remove broken HTML entity at the end (if existent)
 			$body = preg_replace('/&[^;]*$/', '', $body);
 		}
-		
+
 		$body .= '<span class="toolong">'.sprintf(_('Post too long. Click <a href="%s">here</a> to view the full text.'), $url).'</span>';
 	}
-	
+
 	return $body;
 }
 
@@ -266,21 +266,21 @@ function bidi_cleanup($data) {
 
 	$explicits	= '\xE2\x80\xAA|\xE2\x80\xAB|\xE2\x80\xAD|\xE2\x80\xAE';
 	$pdf		= '\xE2\x80\xAC';
-	
+
 	preg_match_all("!$explicits!",	$data, $m1, PREG_OFFSET_CAPTURE | PREG_SET_ORDER);
 	preg_match_all("!$pdf!", 	$data, $m2, PREG_OFFSET_CAPTURE | PREG_SET_ORDER);
-	
+
 	if (count($m1) || count($m2)){
-	
+
 		$p = array();
 		foreach ($m1 as $m){ $p[$m[0][1]] = 'push'; }
 		foreach ($m2 as $m){ $p[$m[0][1]] = 'pop'; }
 		ksort($p);
-	
+
 		$offset = 0;
 		$stack = 0;
 		foreach ($p as $pos => $type){
-	
+
 			if ($type == 'push'){
 				$stack++;
 			}else{
@@ -294,15 +294,15 @@ function bidi_cleanup($data) {
 				}
 			}
 		}
-	
+
 		# now add some pops if your stack is bigger than 0
 		for ($i=0; $i<$stack; $i++){
 			$data .= "\xE2\x80\xAC";
 		}
-	
+
 		return $data;
 	}
-	
+
 	return $data;
 }
 
@@ -317,24 +317,24 @@ function secure_link($href) {
 
 function embed_html($link) {
 	global $config;
-	
+
 	foreach ($config['embedding'] as $embed) {
 		if ($html = preg_replace($embed[0], $embed[1], $link)) {
 				if ($html == $link)
 					continue; // Nope
-			
+
 			$html = str_replace('%%tb_width%%', $config['embed_width'], $html);
 			$html = str_replace('%%tb_height%%', $config['embed_height'], $html);
-			
+
 			return $html;
 		}
 	}
-	
+
 	if ($link[0] == '<') {
 		// Prior to v0.9.6-dev-8, HTML code for embedding was stored in the database instead of the link.
 		return $link;
 	}
-	
+
 	return 'Embedding error.';
 }
 
@@ -343,7 +343,7 @@ class Post {
 		global $config;
 		if (!isset($root))
 			$root = &$config['root'];
-		
+
 		foreach ($post as $key => $value) {
 			$this->{$key} = $value;
 		}
@@ -367,22 +367,22 @@ class Post {
 				}
 			}
 		}
-		
+
 		$this->subject = utf8tohtml($this->subject);
 		$this->name = utf8tohtml($this->name);
 		$this->mod = $mod;
 		$this->root = $root;
-		
+
 		if ($this->embed)
 			$this->embed = embed_html($this->embed);
-		
+
 		$this->modifiers = extract_modifiers($this->body_nomarkup);
-		
+
 		if ($config['always_regenerate_markup']) {
 			$this->body = $this->body_nomarkup;
 			markup($this->body);
 		}
-		
+
 		if ($this->mod)
 			// Fix internal links
 			// Very complicated regex
@@ -394,13 +394,13 @@ class Post {
 	}
 	public function link($pre = '', $page = false) {
 		global $config, $board;
-		
+
 		return $this->root . $board['dir'] . $config['dir']['res'] . link_for((array)$this, $page == '50') . '#' . $pre . $this->id;
 	}
-	
+
 	public function build($index=false) {
 		global $board, $config;
-		
+
 		return Element($config['file_post_reply'], array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index, 'mod' => $this->mod));
 	}
 };
@@ -410,14 +410,14 @@ class Thread {
 		global $config;
 		if (!isset($root))
 			$root = &$config['root'];
-		
+
 		foreach ($post as $key => $value) {
 			$this->{$key} = $value;
 		}
-		
+
 		if (isset($this->files))
 			$this->files = is_string($this->files) ? json_decode($this->files) : $this->files;
-		
+
 		$this->subject = utf8tohtml($this->subject);
 		$this->name = utf8tohtml($this->name);
 		$this->mod = $mod;
@@ -427,17 +427,17 @@ class Thread {
 		$this->posts = array();
 		$this->omitted = 0;
 		$this->omitted_images = 0;
-		
+
 		if ($this->embed)
 			$this->embed = embed_html($this->embed);
-		
+
 		$this->modifiers = extract_modifiers($this->body_nomarkup);
-		
+
 		if ($config['always_regenerate_markup']) {
 			$this->body = $this->body_nomarkup;
 			markup($this->body);
 		}
-		
+
 		if ($this->mod)
 			// Fix internal links
 			// Very complicated regex
@@ -449,7 +449,7 @@ class Thread {
 	}
 	public function link($pre = '', $page = false) {
 		global $config, $board;
-		
+
 		return $this->root . $board['dir'] . $config['dir']['res'] . link_for((array)$this, $page == '50') . '#' . $pre . $this->id;
 	}
 	public function add(Post $post) {
@@ -460,15 +460,14 @@ class Thread {
 	}
 	public function build($index=false, $isnoko50=false) {
 		global $board, $config, $debug;
-		
+
 		$hasnoko50 = $this->postCount() >= $config['noko50_min'];
-		
+
 		event('show-thread', $this);
 
 		$file = ($index && $config['file_board']) ? $config['file_post_thread_fileboard'] : $config['file_post_thread'];
 		$built = Element($file, array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index, 'hasnoko50' => $hasnoko50, 'isnoko50' => $isnoko50, 'mod' => $this->mod));
-		
+
 		return $built;
 	}
 };
-

From cae85a6a0c4afb31f26b1b74a59bf6f04230a5e1 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 3 Oct 2024 19:57:56 +0200
Subject: [PATCH 263/336] http-driver.php: move to Data

---
 inc/{driver => Data/Driver}/http-driver.php | 60 ++++++++++-----------
 inc/context.php                             |  3 +-
 inc/service/captcha-queries.php             |  2 +-
 post.php                                    |  2 +-
 4 files changed, 33 insertions(+), 34 deletions(-)
 rename inc/{driver => Data/Driver}/http-driver.php (65%)

diff --git a/inc/driver/http-driver.php b/inc/Data/Driver/http-driver.php
similarity index 65%
rename from inc/driver/http-driver.php
rename to inc/Data/Driver/http-driver.php
index cfbedfad..1a714963 100644
--- a/inc/driver/http-driver.php
+++ b/inc/Data/Driver/http-driver.php
@@ -1,7 +1,5 @@
 <?php // Honestly this is just a wrapper for cURL. Still useful to mock it and have an OOP API on PHP 7.
-namespace Vichan\Driver;
-
-use RuntimeException;
+namespace Vichan\Data\Driver;
 
 defined('TINYBOARD') or exit;
 
@@ -25,37 +23,37 @@ class HttpDriver {
 	private function resetTowards(string $url, int $timeout): void {
 		curl_reset($this->inner);
 		curl_setopt_array($this->inner, array(
-			CURLOPT_URL => $url,
-			CURLOPT_TIMEOUT => $this->timeout,
-			CURLOPT_USERAGENT => $this->user_agent,
-			CURLOPT_PROTOCOLS => CURLPROTO_HTTP | CURLPROTO_HTTPS,
+			\CURLOPT_URL => $url,
+			\CURLOPT_TIMEOUT => $timeout,
+			\CURLOPT_USERAGENT => $this->user_agent,
+			\CURLOPT_PROTOCOLS => \CURLPROTO_HTTP | \CURLPROTO_HTTPS,
 		));
 	}
 
 	private function setSizeLimit(): void {
 		// Adapted from: https://stackoverflow.com/a/17642638
-		curl_setopt($this->inner, CURLOPT_NOPROGRESS, false);
+		\curl_setopt($this->inner, \CURLOPT_NOPROGRESS, false);
 
-		if (PHP_MAJOR_VERSION >= 8 && PHP_MINOR_VERSION >= 2) {
-			curl_setopt($this->inner, CURLOPT_XFERINFOFUNCTION, function($res, $next_dl, $dl, $next_up, $up) {
+		if (\PHP_MAJOR_VERSION >= 8 && \PHP_MINOR_VERSION >= 2) {
+			\curl_setopt($this->inner, \CURLOPT_XFERINFOFUNCTION, function($res, $next_dl, $dl, $next_up, $up) {
 				return (int)($dl <= $this->max_file_size);
 			});
 		} else {
-			curl_setopt($this->inner, CURLOPT_PROGRESSFUNCTION, function($res, $next_dl, $dl, $next_up, $up) {
+			\curl_setopt($this->inner, \CURLOPT_PROGRESSFUNCTION, function($res, $next_dl, $dl, $next_up, $up) {
 				return (int)($dl <= $this->max_file_size);
 			});
 		}
 	}
 
-	function __construct($timeout, $user_agent, $max_file_size) {
-		$this->inner = curl_init();
+	function __construct(int $timeout, string $user_agent, int $max_file_size) {
+		$this->inner = \curl_init();
 		$this->timeout = $timeout;
 		$this->user_agent = $user_agent;
 		$this->max_file_size = $max_file_size;
 	}
 
 	function __destruct() {
-		curl_close($this->inner);
+		\curl_close($this->inner);
 	}
 
 	/**
@@ -69,18 +67,18 @@ class HttpDriver {
 	 */
 	public function requestGet(string $endpoint, ?array $data, int $timeout = 0): string {
 		if (!empty($data)) {
-			$endpoint .= '?' . http_build_query($data);
+			$endpoint .= '?' . \http_build_query($data);
 		}
 		if ($timeout == 0) {
 			$timeout = $this->timeout;
 		}
 
 		$this->resetTowards($endpoint, $timeout);
-		curl_setopt($this->inner, CURLOPT_RETURNTRANSFER, true);
-		$ret = curl_exec($this->inner);
+		\curl_setopt($this->inner, \CURLOPT_RETURNTRANSFER, true);
+		$ret = \curl_exec($this->inner);
 
 		if ($ret === false) {
-			throw new \RuntimeException(curl_error($this->inner));
+			throw new \RuntimeException(\curl_error($this->inner));
 		}
 		return $ret;
 	}
@@ -100,15 +98,15 @@ class HttpDriver {
 		}
 
 		$this->resetTowards($endpoint, $timeout);
-		curl_setopt($this->inner, CURLOPT_POST, true);
+		\curl_setopt($this->inner, \CURLOPT_POST, true);
 		if (!empty($data)) {
-			curl_setopt($this->inner, CURLOPT_POSTFIELDS, http_build_query($data));
+			\curl_setopt($this->inner, \CURLOPT_POSTFIELDS, \http_build_query($data));
 		}
-		curl_setopt($this->inner, CURLOPT_RETURNTRANSFER, true);
-		$ret = curl_exec($this->inner);
+		\curl_setopt($this->inner, \CURLOPT_RETURNTRANSFER, true);
+		$ret = \curl_exec($this->inner);
 
 		if ($ret === false) {
-			throw new \RuntimeException(curl_error($this->inner));
+			throw new \RuntimeException(\curl_error($this->inner));
 		}
 		return $ret;
 	}
@@ -125,26 +123,26 @@ class HttpDriver {
 	 */
 	public function requestGetInto(string $endpoint, ?array $data, mixed $fd, int $timeout = 0): bool {
 		if (!empty($data)) {
-			$endpoint .= '?' . http_build_query($data);
+			$endpoint .= '?' . \http_build_query($data);
 		}
 		if ($timeout == 0) {
 			$timeout = $this->timeout;
 		}
 
 		$this->resetTowards($endpoint, $timeout);
-		curl_setopt($this->inner, CURLOPT_FAILONERROR, true);
-		curl_setopt($this->inner, CURLOPT_FOLLOWLOCATION, false);
-		curl_setopt($this->inner, CURLOPT_FILE, $fd);
-		curl_setopt($this->inner, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
+		\curl_setopt($this->inner, \CURLOPT_FAILONERROR, true);
+		\curl_setopt($this->inner, \CURLOPT_FOLLOWLOCATION, false);
+		\curl_setopt($this->inner, \CURLOPT_FILE, $fd);
+		\curl_setopt($this->inner, \CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
 		$this->setSizeLimit();
-		$ret = curl_exec($this->inner);
+		$ret = \curl_exec($this->inner);
 
 		if ($ret === false) {
-			if (curl_errno($this->inner) === CURLE_ABORTED_BY_CALLBACK) {
+			if (\curl_errno($this->inner) === CURLE_ABORTED_BY_CALLBACK) {
 				return false;
 			}
 
-			throw new \RuntimeException(curl_error($this->inner));
+			throw new \RuntimeException(\curl_error($this->inner));
 		}
 		return true;
 	}
diff --git a/inc/context.php b/inc/context.php
index 3f8a75d6..70242502 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -2,7 +2,8 @@
 namespace Vichan;
 
 use RuntimeException;
-use Vichan\Driver\{HttpDriver, HttpDrivers, Log, LogDrivers};
+use Vichan\Driver\{Log, LogDrivers};
+use Vichan\Data\Driver\{HttpDriver, HttpDrivers};
 use Vichan\Service\HCaptchaQuery;
 use Vichan\Service\NativeCaptchaQuery;
 use Vichan\Service\ReCaptchaQuery;
diff --git a/inc/service/captcha-queries.php b/inc/service/captcha-queries.php
index cd9a1b84..76d7acd8 100644
--- a/inc/service/captcha-queries.php
+++ b/inc/service/captcha-queries.php
@@ -1,7 +1,7 @@
 <?php // Verify captchas server side.
 namespace Vichan\Service;
 
-use Vichan\Driver\HttpDriver;
+use Vichan\Data\Driver\HttpDriver;
 
 defined('TINYBOARD') or exit;
 
diff --git a/post.php b/post.php
index b20fdfc9..bfd41639 100644
--- a/post.php
+++ b/post.php
@@ -6,7 +6,7 @@
 require_once 'inc/bootstrap.php';
 
 use Vichan\{Context, WebDependencyFactory};
-use Vichan\Driver\{HttpDriver, Log};
+use Vichan\Data\Driver\{HttpDriver, Log};
 use Vichan\Service\{RemoteCaptchaQuery, NativeCaptchaQuery};
 use Vichan\Functions\Format;
 

From 3eed312b6b5098acd8d52866243cd5f9cc478738 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 00:44:30 +0200
Subject: [PATCH 264/336] http-driver.php: minor refactor

---
 inc/Data/Driver/http-driver.php | 53 ++++++++++-----------------------
 1 file changed, 16 insertions(+), 37 deletions(-)

diff --git a/inc/Data/Driver/http-driver.php b/inc/Data/Driver/http-driver.php
index 1a714963..f2ba9d88 100644
--- a/inc/Data/Driver/http-driver.php
+++ b/inc/Data/Driver/http-driver.php
@@ -4,55 +4,29 @@ namespace Vichan\Data\Driver;
 defined('TINYBOARD') or exit;
 
 
-class HttpDrivers {
-	private const DEFAULT_USER_AGENT = 'Tinyboard';
-
-
-	public static function getHttpDriver(int $timeout, int $max_file_size): HttpDriver {
-		return new HttpDriver($timeout, self::DEFAULT_USER_AGENT, $max_file_size);
-	}
-}
-
 class HttpDriver {
 	private mixed $inner;
 	private int $timeout;
-	private string $user_agent;
 	private int $max_file_size;
 
 
 	private function resetTowards(string $url, int $timeout): void {
-		curl_reset($this->inner);
-		curl_setopt_array($this->inner, array(
+		\curl_reset($this->inner);
+		\curl_setopt_array($this->inner, [
 			\CURLOPT_URL => $url,
 			\CURLOPT_TIMEOUT => $timeout,
-			\CURLOPT_USERAGENT => $this->user_agent,
+			\CURLOPT_USERAGENT => 'Tinyboard',
 			\CURLOPT_PROTOCOLS => \CURLPROTO_HTTP | \CURLPROTO_HTTPS,
-		));
+		]);
 	}
 
-	private function setSizeLimit(): void {
-		// Adapted from: https://stackoverflow.com/a/17642638
-		\curl_setopt($this->inner, \CURLOPT_NOPROGRESS, false);
-
-		if (\PHP_MAJOR_VERSION >= 8 && \PHP_MINOR_VERSION >= 2) {
-			\curl_setopt($this->inner, \CURLOPT_XFERINFOFUNCTION, function($res, $next_dl, $dl, $next_up, $up) {
-				return (int)($dl <= $this->max_file_size);
-			});
-		} else {
-			\curl_setopt($this->inner, \CURLOPT_PROGRESSFUNCTION, function($res, $next_dl, $dl, $next_up, $up) {
-				return (int)($dl <= $this->max_file_size);
-			});
-		}
-	}
-
-	function __construct(int $timeout, string $user_agent, int $max_file_size) {
+	public function __construct(int $timeout, int $max_file_size) {
 		$this->inner = \curl_init();
 		$this->timeout = $timeout;
-		$this->user_agent = $user_agent;
 		$this->max_file_size = $max_file_size;
 	}
 
-	function __destruct() {
+	public function __destruct() {
 		\curl_close($this->inner);
 	}
 
@@ -130,11 +104,16 @@ class HttpDriver {
 		}
 
 		$this->resetTowards($endpoint, $timeout);
-		\curl_setopt($this->inner, \CURLOPT_FAILONERROR, true);
-		\curl_setopt($this->inner, \CURLOPT_FOLLOWLOCATION, false);
-		\curl_setopt($this->inner, \CURLOPT_FILE, $fd);
-		\curl_setopt($this->inner, \CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
-		$this->setSizeLimit();
+		// Adapted from: https://stackoverflow.com/a/17642638
+		$opt = (\PHP_MAJOR_VERSION >= 8 && \PHP_MINOR_VERSION >= 2) ? \CURLOPT_XFERINFOFUNCTION : \CURLOPT_PROGRESSFUNCTION;
+		\curl_setopt_array($this->inner, [
+			\CURLOPT_NOPROGRESS => false,
+			$opt => fn($res, $next_dl, $dl, $next_up, $up) => (int)($dl <= $this->max_file_size),
+			\CURLOPT_FAILONERROR => true,
+			\CURLOPT_FOLLOWLOCATION => false,
+			\CURLOPT_FILE => $fd,
+			\CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,
+		]);
 		$ret = \curl_exec($this->inner);
 
 		if ($ret === false) {

From 1682272f75b9e6b84ac3dd1d2302612c640cd1f9 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 01:01:47 +0200
Subject: [PATCH 265/336] http-driver.php: rename to HttpDriver

---
 inc/Data/Driver/{http-driver.php => HttpDriver.php} | 5 ++++-
 inc/context.php                                     | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)
 rename inc/Data/Driver/{http-driver.php => HttpDriver.php} (97%)

diff --git a/inc/Data/Driver/http-driver.php b/inc/Data/Driver/HttpDriver.php
similarity index 97%
rename from inc/Data/Driver/http-driver.php
rename to inc/Data/Driver/HttpDriver.php
index f2ba9d88..022fcbab 100644
--- a/inc/Data/Driver/http-driver.php
+++ b/inc/Data/Driver/HttpDriver.php
@@ -1,9 +1,12 @@
-<?php // Honestly this is just a wrapper for cURL. Still useful to mock it and have an OOP API on PHP 7.
+<?php
 namespace Vichan\Data\Driver;
 
 defined('TINYBOARD') or exit;
 
 
+/**
+ * Honestly this is just a wrapper for cURL. Still useful to mock it and have an OOP API on PHP 7.
+ */
 class HttpDriver {
 	private mixed $inner;
 	private int $timeout;
diff --git a/inc/context.php b/inc/context.php
index 70242502..c64f6a9c 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -3,7 +3,7 @@ namespace Vichan;
 
 use RuntimeException;
 use Vichan\Driver\{Log, LogDrivers};
-use Vichan\Data\Driver\{HttpDriver, HttpDrivers};
+use Vichan\Data\Driver\HttpDriver;
 use Vichan\Service\HCaptchaQuery;
 use Vichan\Service\NativeCaptchaQuery;
 use Vichan\Service\ReCaptchaQuery;
@@ -57,7 +57,7 @@ function build_context(array $config): Context {
 		},
 		HttpDriver::class => function($c) {
 			$config = $c->get('config');
-			return HttpDrivers::getHttpDriver($config['upload_by_url_timeout'], $config['max_filesize']);
+			return new HttpDriver($config['upload_by_url_timeout'], $config['max_filesize']);
 		},
 		RemoteCaptchaQuery::class => function($c) {
 			$config = $c->get('config');

From 59551a2042b3845e5720c615cb11aae4cc03fe14 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 01:21:21 +0200
Subject: [PATCH 266/336] composer.json: rely on classmap for HttpDriver

---
 composer.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/composer.json b/composer.json
index a2ddce03..5fdb4226 100644
--- a/composer.json
+++ b/composer.json
@@ -38,7 +38,6 @@
             "inc/functions/num.php",
             "inc/functions/format.php",
             "inc/functions/theme.php",
-            "inc/driver/http-driver.php",
             "inc/driver/log-driver.php",
             "inc/service/captcha-queries.php",
             "inc/context.php"

From 5dab17e5f457828c20072151b5556f965b48d54b Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 01:32:14 +0200
Subject: [PATCH 267/336] log-driver.php: move to Data

---
 inc/{driver => Data/Driver}/log-driver.php | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename inc/{driver => Data/Driver}/log-driver.php (100%)

diff --git a/inc/driver/log-driver.php b/inc/Data/Driver/log-driver.php
similarity index 100%
rename from inc/driver/log-driver.php
rename to inc/Data/Driver/log-driver.php

From 36d48951c182da5ad1ad7f2d2c715c32bad48265 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 12:54:49 +0200
Subject: [PATCH 268/336] log-driver.php: split up log driver

---
 inc/Data/Driver/ErrorLogLogDriver.php |  28 ++++
 inc/Data/Driver/FileLogDriver.php     |  60 ++++++++
 inc/Data/Driver/LogDriver.php         |  22 +++
 inc/Data/Driver/LogTrait.php          |  26 ++++
 inc/Data/Driver/StderrLogDriver.php   |  27 ++++
 inc/Data/Driver/SyslogLogDriver.php   |  35 +++++
 inc/Data/Driver/log-driver.php        | 189 --------------------------
 7 files changed, 198 insertions(+), 189 deletions(-)
 create mode 100644 inc/Data/Driver/ErrorLogLogDriver.php
 create mode 100644 inc/Data/Driver/FileLogDriver.php
 create mode 100644 inc/Data/Driver/LogDriver.php
 create mode 100644 inc/Data/Driver/LogTrait.php
 create mode 100644 inc/Data/Driver/StderrLogDriver.php
 create mode 100644 inc/Data/Driver/SyslogLogDriver.php
 delete mode 100644 inc/Data/Driver/log-driver.php

diff --git a/inc/Data/Driver/ErrorLogLogDriver.php b/inc/Data/Driver/ErrorLogLogDriver.php
new file mode 100644
index 00000000..e2050606
--- /dev/null
+++ b/inc/Data/Driver/ErrorLogLogDriver.php
@@ -0,0 +1,28 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * Log via the php function error_log.
+ */
+class ErrorLogLogDriver implements LogDriver {
+	use LogTrait;
+
+	private string $name;
+	private int $level;
+
+	public function __construct(string $name, int $level) {
+		$this->name = $name;
+		$this->level = $level;
+	}
+
+	public function log(int $level, string $message): void {
+		if ($level <= $this->level) {
+			$lv = $this->levelToString($level);
+			$line = "{$this->name} $lv: $message";
+			\error_log($line, 0, null, null);
+		}
+	}
+}
diff --git a/inc/Data/Driver/FileLogDriver.php b/inc/Data/Driver/FileLogDriver.php
new file mode 100644
index 00000000..18423cf1
--- /dev/null
+++ b/inc/Data/Driver/FileLogDriver.php
@@ -0,0 +1,60 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * Log to a file.
+ */
+class FileLogDriver implements LogDriver {
+	use LogTrait;
+
+	private string $name;
+	private int $level;
+	private mixed $fd;
+
+	public function __construct(string $name, int $level, string $file_path) {
+		/*
+		 * error_log is slow as hell in it's 3rd mode, so use fopen + file locking instead.
+		 * https://grobmeier.solutions/performance-ofnonblocking-write-to-files-via-php-21082009.html
+		 *
+		 * Whatever file appending is atomic is contentious:
+		 *  - There are no POSIX guarantees: https://stackoverflow.com/a/7237901
+		 *  - But linus suggested they are on linux, on some filesystems: https://web.archive.org/web/20151201111541/http://article.gmane.org/gmane.linux.kernel/43445
+		 *  - But it doesn't seem to be always the case: https://www.notthewizard.com/2014/06/17/are-files-appends-really-atomic/
+		 *
+		 * So we just use file locking to be sure.
+		 */
+
+		$this->fd = \fopen($file_path, 'a');
+		if ($this->fd === false) {
+			throw new \RuntimeException("Unable to open log file at $file_path");
+		}
+
+		$this->name = $name;
+		$this->level = $level;
+
+		// In some cases PHP does not run the destructor.
+		\register_shutdown_function([$this, 'close']);
+	}
+
+	public function __destruct() {
+		$this->close();
+	}
+
+	public function log(int $level, string $message): void {
+		if ($level <= $this->level) {
+			$lv = $this->levelToString($level);
+			$line = "{$this->name} $lv: $message\n";
+			\flock($this->fd, LOCK_EX);
+			\fwrite($this->fd, $line);
+			\flock($this->fd, LOCK_UN);
+		}
+	}
+
+	public function close() {
+		\flock($this->fd, LOCK_UN);
+		\fclose($this->fd);
+	}
+}
diff --git a/inc/Data/Driver/LogDriver.php b/inc/Data/Driver/LogDriver.php
new file mode 100644
index 00000000..fddc3f27
--- /dev/null
+++ b/inc/Data/Driver/LogDriver.php
@@ -0,0 +1,22 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+interface LogDriver {
+	public const EMERG = \LOG_EMERG;
+	public const ERROR = \LOG_ERR;
+	public const WARNING = \LOG_WARNING;
+	public const NOTICE = \LOG_NOTICE;
+	public const INFO = \LOG_INFO;
+	public const DEBUG = \LOG_DEBUG;
+
+	/**
+	 * Log a message if the level of relevancy is at least the minimum.
+	 *
+	 * @param int $level Message level. Use Log interface constants.
+	 * @param string $message The message to log.
+	 */
+	public function log(int $level, string $message): void;
+}
diff --git a/inc/Data/Driver/LogTrait.php b/inc/Data/Driver/LogTrait.php
new file mode 100644
index 00000000..0664d5c4
--- /dev/null
+++ b/inc/Data/Driver/LogTrait.php
@@ -0,0 +1,26 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+trait LogTrait {
+	public static function levelToString(int $level): string {
+		switch ($level) {
+			case LogDriver::EMERG:
+				return 'EMERG';
+			case LogDriver::ERROR:
+				return 'ERROR';
+			case LogDriver::WARNING:
+				return 'WARNING';
+			case LogDriver::NOTICE:
+				return 'NOTICE';
+			case LogDriver::INFO:
+				return 'INFO';
+			case LogDriver::DEBUG:
+				return 'DEBUG';
+			default:
+				throw new \InvalidArgumentException('Not a logging level');
+		}
+	}
+}
diff --git a/inc/Data/Driver/StderrLogDriver.php b/inc/Data/Driver/StderrLogDriver.php
new file mode 100644
index 00000000..4c766033
--- /dev/null
+++ b/inc/Data/Driver/StderrLogDriver.php
@@ -0,0 +1,27 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * Log to php's standard error file stream.
+ */
+class StderrLogDriver implements LogDriver {
+	use LogTrait;
+
+	private string $name;
+	private int $level;
+
+	public function __construct(string $name, int $level) {
+		$this->name = $name;
+		$this->level = $level;
+	}
+
+	public function log(int $level, string $message): void {
+		if ($level <= $this->level) {
+			$lv = $this->levelToString($level);
+			\fwrite(\STDERR, "{$this->name} $lv: $message\n");
+		}
+	}
+}
diff --git a/inc/Data/Driver/SyslogLogDriver.php b/inc/Data/Driver/SyslogLogDriver.php
new file mode 100644
index 00000000..c0df5304
--- /dev/null
+++ b/inc/Data/Driver/SyslogLogDriver.php
@@ -0,0 +1,35 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+/**
+ * Log to syslog.
+ */
+class SyslogLogDriver implements LogDriver {
+	private int $level;
+
+	public function __construct(string $name, int $level, bool $print_stderr) {
+		$flags = \LOG_ODELAY;
+		if ($print_stderr) {
+			$flags |= \LOG_PERROR;
+		}
+
+		if (!\openlog($name, $flags, \LOG_USER)) {
+			throw new \RuntimeException('Unable to open syslog');
+		}
+
+		$this->level = $level;
+	}
+
+	public function log(int $level, string $message): void {
+		if ($level <= $this->level) {
+			if (isset($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) {
+				// CGI
+				\syslog($level, "$message - client: {$_SERVER['REMOTE_ADDR']}, request: \"{$_SERVER['REQUEST_METHOD']} {$_SERVER['REQUEST_URI']}\"");
+			} else {
+				\syslog($level, $message);
+			}
+		}
+	}
+}
diff --git a/inc/Data/Driver/log-driver.php b/inc/Data/Driver/log-driver.php
deleted file mode 100644
index 0026f009..00000000
--- a/inc/Data/Driver/log-driver.php
+++ /dev/null
@@ -1,189 +0,0 @@
-<?php // Logging
-namespace Vichan\Driver;
-
-use InvalidArgumentException;
-use RuntimeException;
-
-defined('TINYBOARD') or exit;
-
-
-class LogDrivers {
-	public static function levelToString(int $level): string {
-		switch ($level) {
-			case Log::EMERG:
-				return 'EMERG';
-			case Log::ERROR:
-				return 'ERROR';
-			case Log::WARNING:
-				return 'WARNING';
-			case Log::NOTICE:
-				return 'NOTICE';
-			case Log::INFO:
-				return 'INFO';
-			case Log::DEBUG:
-				return 'DEBUG';
-			default:
-				throw new InvalidArgumentException('Not a logging level');
-		}
-	}
-
-	/**
-	 * Log to syslog.
-	 */
-	public static function syslog(string $name, int $level, bool $print_stderr): Log {
-		$flags = LOG_ODELAY;
-		if ($print_stderr) {
-			$flags |= LOG_PERROR;
-		}
-
-		if (!openlog($name, $flags, LOG_USER)) {
-			throw new RuntimeException('Unable to open syslog');
-		}
-
-		return new class($level) implements Log {
-			private $level;
-
-			public function __construct(int $level) {
-				$this->level = $level;
-			}
-
-			public function log(int $level, string $message): void {
-				if ($level <= $this->level) {
-					if (isset($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) {
-						// CGI
-						syslog($level, "$message - client: {$_SERVER['REMOTE_ADDR']}, request: \"{$_SERVER['REQUEST_METHOD']} {$_SERVER['REQUEST_URI']}\"");
-					} else {
-						syslog($level, $message);
-					}
-				}
-			}
-		};
-	}
-
-	/**
-	 * Log via the php function error_log.
-	 */
-	public static function error_log(string $name, int $level): Log {
-		return new class($name, $level) implements Log {
-			private string $name;
-			private int $level;
-
-			public function __construct(string $name, int $level) {
-				$this->name = $name;
-				$this->level = $level;
-			}
-
-			public function log(int $level, string $message): void {
-				if ($level <= $this->level) {
-					$lv = LogDrivers::levelToString($level);
-					$line = "{$this->name} $lv: $message";
-					error_log($line, 0, null, null);
-				}
-			}
-		};
-	}
-
-	/**
-	 * Log to a file.
-	 */
-	public static function file(string $name, int $level, string $file_path): Log {
-		/*
-		 * error_log is slow as hell in it's 3rd mode, so use fopen + file locking instead.
-		 * https://grobmeier.solutions/performance-ofnonblocking-write-to-files-via-php-21082009.html
-		 *
-		 * Whatever file appending is atomic is contentious:
-		 *  - There are no POSIX guarantees: https://stackoverflow.com/a/7237901
-		 *  - But linus suggested they are on linux, on some filesystems: https://web.archive.org/web/20151201111541/http://article.gmane.org/gmane.linux.kernel/43445
-		 *  - But it doesn't seem to be always the case: https://www.notthewizard.com/2014/06/17/are-files-appends-really-atomic/
-		 *
-		 * So we just use file locking to be sure.
-		 */
-
-		$fd = fopen($file_path, 'a');
-		if ($fd === false) {
-			throw new RuntimeException("Unable to open log file at $file_path");
-		}
-
-		$logger = new class($name, $level, $fd) implements Log {
-			private string $name;
-			private int $level;
-			private mixed $fd;
-
-			public function __construct(string $name, int $level, mixed $fd) {
-				$this->name = $name;
-				$this->level = $level;
-				$this->fd = $fd;
-			}
-
-			public function log(int $level, string $message): void {
-				if ($level <= $this->level) {
-					$lv = LogDrivers::levelToString($level);
-					$line = "{$this->name} $lv: $message\n";
-					flock($this->fd, LOCK_EX);
-					fwrite($this->fd, $line);
-					flock($this->fd, LOCK_UN);
-				}
-			}
-
-			public function close() {
-				fclose($this->fd);
-			}
-		};
-
-		// Close the file on shutdown.
-		register_shutdown_function([$logger, 'close']);
-
-		return $logger;
-	}
-
-	/**
-	 * Log to php's standard error file stream.
-	 */
-	public static function stderr(string $name, int $level): Log {
-		return new class($name, $level) implements Log {
-			private $name;
-			private $level;
-
-			public function __construct(string $name, int $level) {
-				$this->name = $name;
-				$this->level = $level;
-			}
-
-			public function log(int $level, string $message): void {
-				if ($level <= $this->level) {
-					$lv = LogDrivers::levelToString($level);
-					fwrite(STDERR, "{$this->name} $lv: $message\n");
-				}
-			}
-		};
-	}
-
-	/**
-	 * No-op logging system.
-	 */
-	public static function none(): Log {
-		return new class() implements Log {
-			public function log($level, $message): void {
-				// No-op.
-			}
-		};
-	}
-}
-
-interface Log {
-	public const EMERG = LOG_EMERG;
-	public const ERROR = LOG_ERR;
-	public const WARNING = LOG_WARNING;
-	public const NOTICE = LOG_NOTICE;
-	public const INFO = LOG_INFO;
-	public const DEBUG = LOG_DEBUG;
-
-
-	/**
-	 * Log a message if the level of relevancy is at least the minimum.
-	 *
-	 * @param int $level Message level. Use Log interface constants.
-	 * @param string $message The message to log.
-	 */
-	public function log(int $level, string $message): void;
-}

From 79af4b34dd12305e78a3ab9108c23ea8bec825c4 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 12:57:37 +0200
Subject: [PATCH 269/336] context.php: update LogDriver

---
 inc/context.php | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/inc/context.php b/inc/context.php
index c64f6a9c..c3ebef04 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -2,8 +2,7 @@
 namespace Vichan;
 
 use RuntimeException;
-use Vichan\Driver\{Log, LogDrivers};
-use Vichan\Data\Driver\HttpDriver;
+use Vichan\Data\Driver\{HttpDriver, ErrorLogLogDriver, FileLogDriver, LogDriver, StderrLogDriver, SyslogLogDriver};
 use Vichan\Service\HCaptchaQuery;
 use Vichan\Service\NativeCaptchaQuery;
 use Vichan\Service\ReCaptchaQuery;
@@ -35,24 +34,22 @@ class Context {
 function build_context(array $config): Context {
 	return new Context([
 		'config' => $config,
-		Log::class => function($c) {
+		LogDriver::class => function($c) {
 			$config = $c->get('config');
 
 			$name = $config['log_system']['name'];
-			$level = $config['debug'] ? Log::DEBUG : Log::NOTICE;
+			$level = $config['debug'] ? LogDriver::DEBUG : LogDriver::NOTICE;
 			$backend = $config['log_system']['type'];
 
 			// Check 'syslog' for backwards compatibility.
 			if ((isset($config['syslog']) && $config['syslog']) || $backend === 'syslog') {
-				return LogDrivers::syslog($name, $level, $this->config['log_system']['syslog_stderr']);
+				return new SyslogLogDriver($name, $level, $this->config['log_system']['syslog_stderr']);
 			} elseif ($backend === 'file') {
-				return LogDrivers::file($name, $level, $this->config['log_system']['file_path']);
+				return new FileLogDriver($name, $level, $this->config['log_system']['file_path']);
 			} elseif ($backend === 'stderr') {
-				return LogDrivers::stderr($name, $level);
-			} elseif ($backend === 'none') {
-				return LogDrivers::none();
+				return new StderrLogDriver($name, $level);
 			} else {
-				return LogDrivers::error_log($name, $level);
+				return new ErrorLogLogDriver($name, $level);
 			}
 		},
 		HttpDriver::class => function($c) {

From 927a8372165442b99b426a9da9025cb8cf696b04 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 13:01:32 +0200
Subject: [PATCH 270/336] post.php: update LogDriver

---
 post.php | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/post.php b/post.php
index bfd41639..47ae9820 100644
--- a/post.php
+++ b/post.php
@@ -6,7 +6,7 @@
 require_once 'inc/bootstrap.php';
 
 use Vichan\{Context, WebDependencyFactory};
-use Vichan\Data\Driver\{HttpDriver, Log};
+use Vichan\Data\Driver\{LogDriver, HttpDriver};
 use Vichan\Service\{RemoteCaptchaQuery, NativeCaptchaQuery};
 use Vichan\Functions\Format;
 
@@ -286,7 +286,7 @@ if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
 		$content = file_get_contents("php://input");
 	}
 	elseif ($ct == 'multipart/mixed' || $ct == 'multipart/form-data') {
-		$context->get(Log::class)->log(Log::DEBUG, 'MM: Files: ' . print_r($GLOBALS, true));
+		$context->get(LogDriver::class)->log(LogDriver::DEBUG, 'MM: Files: ' . print_r($GLOBALS, true));
 
 		$content = '';
 
@@ -454,8 +454,8 @@ if (isset($_POST['delete'])) {
 				modLog("User at $ip deleted their own post #$id");
 			}
 
-			$context->get(Log::class)->log(
-				Log::INFO,
+			$context->get(LogDriver::class)->log(
+				LogDriver::INFO,
 				'Deleted post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
 			);
 		}
@@ -531,7 +531,7 @@ if (isset($_POST['delete'])) {
 				error($config['error']['captcha']);
 			}
 		} catch (RuntimeException $e) {
-			$context->get(Log::class)->log(Log::ERROR, "Native captcha IO exception: {$e->getMessage()}");
+			$context->get(LogDriver::class)->log(LogDriver::ERROR, "Native captcha IO exception: {$e->getMessage()}");
 			error($config['error']['local_io_error']);
 		}
 	}
@@ -550,7 +550,7 @@ if (isset($_POST['delete'])) {
 
 		$post = $query->fetch(PDO::FETCH_ASSOC);
 		if ($post === false) {
-			$context->get(Log::class)->log(Log::INFO, "Failed to report non-existing post #{$id} in {$board['dir']}");
+			$context->get(LogDriver::class)->log(LogDriver::INFO, "Failed to report non-existing post #{$id} in {$board['dir']}");
 			error($config['error']['nopost']);
 		}
 
@@ -559,8 +559,8 @@ if (isset($_POST['delete'])) {
 			error($error);
 		}
 
-		$context->get(Log::class)->log(
-			Log::INFO,
+		$context->get(LogDriver::class)->log(
+			LogDriver::INFO,
 			'Reported post: /'
 				 . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
 				 . " for \"$reason\""
@@ -673,10 +673,10 @@ if (isset($_POST['delete'])) {
 				}
 			}
 		} catch (RuntimeException $e) {
-			$context->get(Log::class)->log(Log::ERROR, "Captcha IO exception: {$e->getMessage()}");
+			$context->get(LogDriver::class)->log(LogDriver::ERROR, "Captcha IO exception: {$e->getMessage()}");
 			error($config['error']['remote_io_error']);
 		} catch (JsonException $e) {
-			$context->get(Log::class)->log(Log::ERROR, "Bad JSON reply to captcha: {$e->getMessage()}");
+			$context->get(LogDriver::class)->log(LogDriver::ERROR, "Bad JSON reply to captcha: {$e->getMessage()}");
 			error($config['error']['remote_io_error']);
 		}
 
@@ -1162,7 +1162,7 @@ if (isset($_POST['delete'])) {
 					try {
 						$file['size'] = strip_image_metadata($file['tmp_name']);
 					} catch (RuntimeException $e) {
-						$context->get(Log::class)->log(Log::ERROR, "Could not strip image metadata: {$e->getMessage()}");
+						$context->get(LogDriver::class)->log(LogDriver::ERROR, "Could not strip image metadata: {$e->getMessage()}");
 						// Since EXIF metadata can countain sensible info, fail the request.
 						error(_('Could not strip EXIF metadata!'), null, $error);
 					}
@@ -1200,7 +1200,7 @@ if (isset($_POST['delete'])) {
 						$post['body_nomarkup'] .= "<tinyboard ocr image $key>" . htmlspecialchars($txt) . "</tinyboard>";
 					}
 				} catch (RuntimeException $e) {
-					$context->get(Log::class)->log(Log::ERROR, "Could not OCR image: {$e->getMessage()}");
+					$context->get(LogDriver::class)->log(LogDriver::ERROR, "Could not OCR image: {$e->getMessage()}");
 				}
 			}
 		}
@@ -1394,8 +1394,8 @@ if (isset($_POST['delete'])) {
 
 	buildThread($post['op'] ? $id : $post['thread']);
 
-	$context->get(Log::class)->log(
-		Log::INFO,
+	$context->get(LogDriver::class)->log(
+		LogDriver::INFO,
 		'New post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . (!$post['op'] ? '#' . $id : '')
 	);
 

From b501852ea49ae5c11355f64523bd65a796706380 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 13:10:38 +0200
Subject: [PATCH 271/336] config.php: update LogDriver configuration

---
 inc/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/config.php b/inc/config.php
index 15fe3f64..11ac8809 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -71,7 +71,7 @@
 	$config['log_system'] = [
 		/*
 		 * Log all error messages and unauthorized login attempts.
-		 * Can be "syslog", "error_log" (default), "file", "stderr" or "none".
+		 * Can be "syslog", "error_log" (default), "file", or "stderr".
 		 */
 		'type' => 'error_log',
 		// The application name used by the logging system. Defaults to "tinyboard" for backwards compatibility.

From 65a668d3a8a7153c96838f2863c735303b949749 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 13:11:08 +0200
Subject: [PATCH 272/336] composer.json: use classmap for LogDriver

---
 composer.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/composer.json b/composer.json
index 5fdb4226..88ee789d 100644
--- a/composer.json
+++ b/composer.json
@@ -38,7 +38,6 @@
             "inc/functions/num.php",
             "inc/functions/format.php",
             "inc/functions/theme.php",
-            "inc/driver/log-driver.php",
             "inc/service/captcha-queries.php",
             "inc/context.php"
         ]

From d88d6c814abb20eb3e3590d98d98cee466401592 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 4 Oct 2024 13:19:27 +0200
Subject: [PATCH 273/336] docker: use shorter name for instance

---
 compose.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/compose.yml b/compose.yml
index c691b303..4b87e0b6 100644
--- a/compose.yml
+++ b/compose.yml
@@ -9,7 +9,7 @@ services:
     depends_on:
       - db
     volumes:
-      - ./local-instances/${LOCAL_INSTANCE_NAME:-0}/www:/var/www/html
+      - ./local-instances/${INSTANCE:-0}/www:/var/www/html
       - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf
       - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
       - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
@@ -21,7 +21,7 @@ services:
       context: .
       dockerfile: ./docker/php/Dockerfile
     volumes:
-      - ./local-instances/${LOCAL_INSTANCE_NAME:-0}/www:/var/www
+      - ./local-instances/${INSTANCE:-0}/www:/var/www
       - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
 
@@ -37,4 +37,4 @@ services:
       MYSQL_DATABASE: vichan
       MYSQL_ROOT_PASSWORD: password
     volumes:
-      - ./local-instances/${LOCAL_INSTANCE_NAME:-0}/mysql:/var/lib/mysql
+      - ./local-instances/${INSTANCE:-0}/mysql:/var/lib/mysql

From 23f3d15a52576736d2a38876be45a6e5e9284ce3 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Fri, 20 Sep 2024 02:03:42 +0200
Subject: [PATCH 274/336] extract create_pm_header

---
 inc/display.php   | 28 ++++++++++++++++++++++++++--
 inc/functions.php | 34 +++++++++++++++++++++++++++-------
 inc/mod/pages.php | 14 ++++++++++++--
 inc/template.php  |  4 ----
 4 files changed, 65 insertions(+), 15 deletions(-)

diff --git a/inc/display.php b/inc/display.php
index 929d24c3..5578ffc1 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -401,7 +401,18 @@ class Post {
 	public function build($index=false) {
 		global $board, $config;
 
-		return Element($config['file_post_reply'], array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index, 'mod' => $this->mod));
+		$options = [
+			'config' => $config,
+			'board' => $board,
+			'post' => &$this,
+			'index' => $index,
+			'mod' => $this->mod
+		];
+		if ($this->mod) {
+			$options['pm'] = create_pm_header();
+		}
+
+		return Element($config['file_post_reply'], $options);
 	}
 };
 
@@ -465,8 +476,21 @@ class Thread {
 
 		event('show-thread', $this);
 
+		$options = [
+			'config' => $config,
+			'board' => $board,
+			'post' => &$this,
+			'index' => $index,
+			'hasnoko50' => $hasnoko50,
+			'isnoko50' => $isnoko50,
+			'mod' => $this->mod
+		];
+		if ($this->mod) {
+			$options['pm'] = create_pm_header();
+		}
+
 		$file = ($index && $config['file_board']) ? $config['file_post_thread_fileboard'] : $config['file_post_thread'];
-		$built = Element($file, array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index, 'hasnoko50' => $hasnoko50, 'isnoko50' => $isnoko50, 'mod' => $this->mod));
+		$built = Element($file, $options);
 
 		return $built;
 	}
diff --git a/inc/functions.php b/inc/functions.php
index 738e63ec..30994b5d 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -1301,7 +1301,14 @@ function index($page, $mod=false, $brief = false) {
 	}
 
 	if ($config['file_board']) {
-		$body = Element($config['file_fileboard'], array('body' => $body, 'mod' => $mod));
+		$options = [
+			'body' => $body,
+			'mod' => $mod
+		];
+		if ($mod) {
+			$options['pm'] = create_pm_header();
+		}
+		$body = Element($config['file_fileboard'], $options);
 	}
 
 	return array(
@@ -1620,7 +1627,7 @@ function incrementSpamHash($hash) {
 }
 
 function buildIndex($global_api = "yes") {
-	global $board, $config, $build_pages;
+	global $board, $config, $build_pages, $mod;
 
 	$catalog_api_action = generation_strategy('sb_api', array($board['uri']));
 
@@ -1692,6 +1699,9 @@ function buildIndex($global_api = "yes") {
 			$content['pages'][$page-1]['selected'] = true;
 			$content['btn'] = getPageButtons($content['pages']);
 			$content['antibot'] = $antibot;
+			if ($mod) {
+				$content['pm'] = create_pm_header();
+			}
 
 			file_write($filename, Element($config['file_board_index'], $content));
 		}
@@ -2274,7 +2284,7 @@ function buildThread($id, $return = false, $mod = false) {
 		$hasnoko50 = $thread->postCount() >= $config['noko50_min'];
 		$antibot = $mod || $return ? false : create_antibot($board['uri'], $id);
 
-		$body = Element($config['file_thread'], array(
+		$options = [
 			'board' => $board,
 			'thread' => $thread,
 			'body' => $thread->build(),
@@ -2286,7 +2296,12 @@ function buildThread($id, $return = false, $mod = false) {
 			'antibot' => $antibot,
 			'boardlist' => createBoardlist($mod),
 			'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['dir'] . $config['file_index'])
-		));
+		];
+		if ($mod) {
+			$options['pm'] = create_pm_header();
+		}
+
+		$body = Element($config['file_thread'], $options);
 
 		// json api
 		if ($config['api']['enabled'] && !$mod) {
@@ -2323,7 +2338,7 @@ function buildThread($id, $return = false, $mod = false) {
 }
 
 function buildThread50($id, $return = false, $mod = false, $thread = null, $antibot = false) {
-	global $board, $config, $build_pages;
+	global $board, $config;
 	$id = round($id);
 
 	if ($antibot)
@@ -2381,7 +2396,7 @@ function buildThread50($id, $return = false, $mod = false, $thread = null, $anti
 
 	$hasnoko50 = $thread->postCount() >= $config['noko50_min'];
 
-	$body = Element($config['file_thread'], array(
+	$options = [
 		'board' => $board,
 		'thread' => $thread,
 		'body' => $thread->build(false, true),
@@ -2393,7 +2408,12 @@ function buildThread50($id, $return = false, $mod = false, $thread = null, $anti
 		'antibot' => $mod ? false : ($antibot ? $antibot : create_antibot($board['uri'], $id)),
 		'boardlist' => createBoardlist($mod),
 		'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['dir'] . $config['file_index'])
-	));
+	];
+	if ($mod) {
+		$options['pm'] = create_pm_header();
+	}
+
+	$body = Element($config['file_thread'], $options);
 
 	if ($return) {
 		return $body;
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index e7a8becd..b9ea20ae 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -28,6 +28,7 @@ function mod_page($title, $template, $args, $subtitle = false) {
 		'title' => $title,
 		'subtitle' => $subtitle,
 		'boardlist' => createBoardlist($mod),
+		'pm' => create_pm_header(),
 		'body' => Element($template,
 				array_merge(
 					array('config' => $config, 'mod' => $mod),
@@ -511,7 +512,7 @@ function mod_new_board(Context $ctx) {
 		if (!openBoard($_POST['uri']))
 			error(_("Couldn't open board after creation."));
 
-		$query = Element('posts.sql', array('board' => $board['uri']));
+		$query = Element('posts.sql', [ 'board' => $board['uri'] ]);
 
 		if (mysql_version() < 50503)
 			$query = preg_replace('/(CHARSET=|CHARACTER SET )utf8mb4/', '$1utf8', $query);
@@ -785,6 +786,7 @@ function mod_view_board(Context $ctx, $boardName, $page_no = 1) {
 	$page['btn'] = getPageButtons($page['pages'], true);
 	$page['mod'] = true;
 	$page['config'] = $config;
+	$page['pm'] = create_pm_header();
 
 	echo Element($config['file_board_index'], $page);
 }
@@ -2358,6 +2360,7 @@ function mod_reports(Context $ctx) {
 			'report' => $report,
 			'config' => $config,
 			'mod' => $mod,
+			'pm' => create_pm_header(),
 			'token' => make_secure_link_token('reports/' . $report['id'] . '/dismiss'),
 			'token_all' => make_secure_link_token('reports/' . $report['id'] . '/dismiss&all'),
 			'token_post' => make_secure_link_token('reports/'. $report['id'] . '/dismiss&post'),
@@ -2609,6 +2612,7 @@ function mod_config(Context $ctx, $board_config = false) {
 					<p style="text-align:center">You may proceed with these changes manually by copying and pasting the following code to the end of <strong>' . $config_file . '</strong>:</p>
 					<textarea style="width:700px;height:370px;margin:auto;display:block;background:white;color:black" readonly>' . $config_append . '</textarea>
 				';
+				$page['pm'] = create_pm_header();
 				echo Element($config['file_page_template'], $page);
 				exit;
 			}
@@ -2869,7 +2873,13 @@ function mod_edit_page(Context $ctx, $id) {
 
 		$fn = (isset($board['uri']) ? ($board['uri'] . '/') : '') . $page['name'] . '.html';
 		$body = "<div class='ban'>$write</div>";
-		$html = Element($config['file_page_template'], array('config' => $config, 'boardlist' => createBoardlist(), 'body' => $body, 'title' => utf8tohtml($page['title'])));
+		$html = Element($config['file_page_template'], [
+			'config' => $config,
+			'boardlist' => createBoardlist(),
+			'body' => $body,
+			'title' => utf8tohtml($page['title']),
+			'pm' => create_pm_header()
+		]);
 		file_write($fn, $html);
 	}
 
diff --git a/inc/template.php b/inc/template.php
index 4f30e00c..17df316b 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -34,10 +34,6 @@ function Element($templateFile, array $options) {
 	if (!$twig)
 		load_twig();
 
-	if (function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod'])) && !preg_match('!^mod/!', $templateFile)) {
-		$options['pm'] = create_pm_header();
-	}
-
 	if (isset($options['body']) && $config['debug']) {
 		$_debug = $debug;
 

From 6c6ec65b021188f56212246686c871ff26b298fe Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 6 Oct 2024 10:40:54 +0200
Subject: [PATCH 275/336] pages.php: extract $mod array

---
 inc/mod/pages.php | 465 +++++++++++++++++++++++++++++++++-------------
 1 file changed, 332 insertions(+), 133 deletions(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index b9ea20ae..c03e1a5e 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -18,28 +18,34 @@ function _link_or_copy(string $target, string $link): bool {
     return true;
 }
 
-function mod_page($title, $template, $args, $subtitle = false) {
-	global $config, $mod;
+function mod_page($title, $template, $args, $mod, $subtitle = false) {
+	global $config;
 
-	echo Element($config['file_page_template'], array(
+	$options = [
 		'config' => $config,
 		'mod' => $mod,
 		'hide_dashboard_link' => $template == $config['file_mod_dashboard'],
 		'title' => $title,
 		'subtitle' => $subtitle,
 		'boardlist' => createBoardlist($mod),
-		'pm' => create_pm_header(),
-		'body' => Element($template,
-				array_merge(
-					array('config' => $config, 'mod' => $mod),
-					$args
-				)
+		'body' => Element(
+			$template,
+			array_merge(
+				[ 'config' => $config, 'mod' => $mod ],
+				$args
 			)
 		)
-	);
+	];
+
+	if ($mod) {
+		$options['pm'] = create_pm_header();
+	}
+
+	echo Element($config['file_page_template'], $options);
 }
 
 function mod_login(Context $ctx, $redirect = false) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	$args = [];
@@ -73,12 +79,21 @@ function mod_login(Context $ctx, $redirect = false) {
 	if (isset($_POST['username']))
 		$args['username'] = $_POST['username'];
 
-	mod_page(_('Login'), $config['file_mod_login'], $args);
+	mod_page(_('Login'), $config['file_mod_login'], $args, $mod);
 }
 
 function mod_confirm(Context $ctx, $request) {
+	global $mod;
 	$config = $ctx->get('config');
-	mod_page(_('Confirm action'), $config['file_mod_confim'], array('request' => $request, 'token' => make_secure_link_token($request)));
+	mod_page(
+		_('Confirm action'),
+		$config['file_mod_confim'],
+		[
+			'request' => $request,
+			'token' => make_secure_link_token($request)
+		],
+		$mod
+	);
 }
 
 function mod_logout(Context $ctx) {
@@ -180,7 +195,7 @@ function mod_dashboard(Context $ctx) {
 
 	$args['logout_token'] = make_secure_link_token('logout');
 
-	mod_page(_('Dashboard'), $config['file_mod_dashboard'], $args);
+	mod_page(_('Dashboard'), $config['file_mod_dashboard'], $args, $mod);
 }
 
 function mod_search_redirect(Context $ctx) {
@@ -207,7 +222,7 @@ function mod_search_redirect(Context $ctx) {
 }
 
 function mod_search(Context $ctx, $type, $search_query_escaped, $page_no = 1) {
-	global $pdo, $config;
+	global $pdo, $config, $mod;
 
 	if (!hasPermission($config['mod']['search']))
 		error($config['error']['noaccess']);
@@ -352,17 +367,22 @@ function mod_search(Context $ctx, $type, $search_query_escaped, $page_no = 1) {
 
 	// $results now contains the search results
 
-	mod_page(_('Search results'), $config['file_mod_search_results'], array(
-		'search_type' => $type,
-		'search_query' => $search_query,
-		'search_query_escaped' => $search_query_escaped,
-		'result_count' => $result_count,
-		'results' => $results
-	));
+	mod_page(
+		_('Search results'),
+		$config['file_mod_search_results'],
+		[
+			'search_type' => $type,
+			'search_query' => $search_query,
+			'search_query_escaped' => $search_query_escaped,
+			'result_count' => $result_count,
+			'results' => $results
+		],
+		$mod
+	);
 }
 
 function mod_edit_board(Context $ctx, $boardName) {
-	global $board, $config;
+	global $board, $config, $mod;
 
 	if (!openBoard($boardName))
 		error($config['error']['noboard']);
@@ -456,15 +476,20 @@ function mod_edit_board(Context $ctx, $boardName) {
 
 		header('Location: ?/', true, $config['redirect_http']);
 	} else {
-		mod_page(sprintf('%s: ' . $config['board_abbreviation'], _('Edit board'), $board['uri']), $config['file_mod_board'], array(
-			'board' => $board,
-			'token' => make_secure_link_token('edit/' . $board['uri'])
-		));
+		mod_page(
+			sprintf('%s: ' . $config['board_abbreviation'], _('Edit board'), $board['uri']),
+			$config['file_mod_board'],
+			[
+				'board' => $board,
+				'token' => make_secure_link_token('edit/' . $board['uri'])
+			],
+			$mod
+		);
 	}
 }
 
 function mod_new_board(Context $ctx) {
-	global $board;
+	global $board, $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['newboard']))
@@ -530,7 +555,15 @@ function mod_new_board(Context $ctx) {
 		header('Location: ?/' . $board['uri'] . '/' . $config['file_index'], true, $config['redirect_http']);
 	}
 
-	mod_page(_('New board'), $config['file_mod_board'], array('new' => true, 'token' => make_secure_link_token('new-board')));
+	mod_page(
+		_('New board'),
+		$config['file_mod_board'],
+		[
+			'new' => true,
+			'token' => make_secure_link_token('new-board')
+		],
+		$mod
+	);
 }
 
 function mod_noticeboard(Context $ctx, $page_no = 1) {
@@ -582,11 +615,16 @@ function mod_noticeboard(Context $ctx, $page_no = 1) {
 	$query->execute() or error(db_error($query));
 	$count = $query->fetchColumn();
 
-	mod_page(_('Noticeboard'), $config['file_mod_noticeboard'], array(
-		'noticeboard' => $noticeboard,
-		'count' => $count,
-		'token' => make_secure_link_token('noticeboard')
-	));
+	mod_page(
+		_('Noticeboard'),
+		$config['file_mod_noticeboard'],
+		[
+			'noticeboard' => $noticeboard,
+			'count' => $count,
+			'token' => make_secure_link_token('noticeboard')
+		],
+		$mod
+	);
 }
 
 function mod_noticeboard_delete(Context $ctx, $id) {
@@ -652,7 +690,16 @@ function mod_news(Context $ctx, $page_no = 1) {
 	$query->execute() or error(db_error($query));
 	$count = $query->fetchColumn();
 
-	mod_page(_('News'), $config['file_mod_news'], array('news' => $news, 'count' => $count, 'token' => make_secure_link_token('edit_news')));
+	mod_page(
+		_('News'),
+		$config['file_mod_news'],
+		[
+			'news' => $news,
+			'count' => $count,
+			'token' => make_secure_link_token('edit_news')
+		],
+		$mod
+	);
 }
 
 function mod_news_delete(Context $ctx, $id) {
@@ -671,6 +718,7 @@ function mod_news_delete(Context $ctx, $id) {
 }
 
 function mod_log(Context $ctx, $page_no = 1) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if ($page_no < 1)
@@ -692,10 +740,11 @@ function mod_log(Context $ctx, $page_no = 1) {
 	$query->execute() or error(db_error($query));
 	$count = $query->fetchColumn();
 
-	mod_page(_('Moderation log'), $config['file_mod_log'], array('logs' => $logs, 'count' => $count));
+	mod_page(_('Moderation log'), $config['file_mod_log'], [ 'logs' => $logs, 'count' => $count ], $mod);
 }
 
 function mod_user_log(Context $ctx, $username, $page_no = 1) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if ($page_no < 1)
@@ -719,10 +768,11 @@ function mod_user_log(Context $ctx, $username, $page_no = 1) {
 	$query->execute() or error(db_error($query));
 	$count = $query->fetchColumn();
 
-	mod_page(_('Moderation log'), $config['file_mod_log'], array('logs' => $logs, 'count' => $count, 'username' => $username));
+	mod_page(_('Moderation log'), $config['file_mod_log'], [ 'logs' => $logs, 'count' => $count, 'username' => $username ], $mod);
 }
 
 function mod_board_log(Context $ctx, $board, $page_no = 1, $hide_names = false, $public = false) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if ($page_no < 1)
@@ -755,7 +805,18 @@ function mod_board_log(Context $ctx, $board, $page_no = 1, $hide_names = false,
 	$query->execute() or error(db_error($query));
 	$count = $query->fetchColumn();
 
-	mod_page(_('Board log'), $config['file_mod_log'], array('logs' => $logs, 'count' => $count, 'board' => $board, 'hide_names' => $hide_names, 'public' => $public));
+	mod_page(
+		_('Board log'),
+		$config['file_mod_log'],
+		[
+			'logs' => $logs,
+			'count' => $count,
+			'board' => $board,
+			'hide_names' => $hide_names,
+			'public' => $public
+		],
+		$mod
+	);
 }
 
 function mod_view_catalog(Context $ctx, $boardName) {
@@ -936,10 +997,11 @@ function mod_ip(Context $ctx, $cip) {
 
 	$args['security_token'] = make_secure_link_token('IP/' . $cip);
 
-	mod_page(sprintf('%s: %s', _('IP'), htmlspecialchars($cip)), $config['file_mod_view_ip'], $args, $args['hostname']);
+	mod_page(sprintf('%s: %s', _('IP'), htmlspecialchars($cip)), $config['file_mod_view_ip'], $args, $mod, $args['hostname']);
 }
 
 function mod_edit_ban(Context $ctx, $ban_id) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['edit_ban']))
@@ -985,18 +1047,18 @@ function mod_edit_ban(Context $ctx, $ban_id) {
 
 	$args['token'] = make_secure_link_token('edit_ban/' . $ban_id);
 
-	mod_page(_('Edit ban'), 'mod/edit_ban.html', $args);
-
+	mod_page(_('Edit ban'), 'mod/edit_ban.html', $args, $mod);
 }
 
 function mod_ban(Context $ctx) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['ban']))
 		error($config['error']['noaccess']);
 
 	if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
-		mod_page(_('New ban'), $config['file_mod_ban_form'], array('token' => make_secure_link_token('ban')));
+		mod_page(_('New ban'), $config['file_mod_ban_form'], [ 'token' => make_secure_link_token('ban') ], $mod);
 		return;
 	}
 
@@ -1035,12 +1097,17 @@ function mod_bans(Context $ctx) {
 		return;
 	}
 
-	mod_page(_('Ban list'), $config['file_mod_ban_list'], array(
-		'mod' => $mod,
-		'boards' => json_encode($mod['boards']),
-		'token' => make_secure_link_token('bans'),
-		'token_json' => make_secure_link_token('bans.json')
-	));
+	mod_page(
+		_('Ban list'),
+		$config['file_mod_ban_list'],
+		[
+			'mod' => $mod,
+			'boards' => json_encode($mod['boards']),
+			'token' => make_secure_link_token('bans'),
+			'token_json' => make_secure_link_token('bans.json')
+		],
+		$mod
+	);
 }
 
 function mod_bans_json(Context $ctx) {
@@ -1057,7 +1124,7 @@ function mod_bans_json(Context $ctx) {
 }
 
 function mod_ban_appeals(Context $ctx) {
-	global $board;
+	global $board, $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['view_ban_appeals']))
@@ -1127,10 +1194,15 @@ function mod_ban_appeals(Context $ctx) {
 		}
 	}
 
-	mod_page(_('Ban appeals'), $config['file_mod_ban_appeals'], array(
-		'ban_appeals' => $ban_appeals,
-		'token' => make_secure_link_token('ban-appeals')
-	));
+	mod_page(
+		_('Ban appeals'),
+		$config['file_mod_ban_appeals'],
+		[
+			'ban_appeals' => $ban_appeals,
+			'token' => make_secure_link_token('ban-appeals')
+		],
+		$mod
+	);
 }
 
 function mod_lock(Context $ctx, $board, $unlock, $post) {
@@ -1234,7 +1306,7 @@ function mod_bumplock(Context $ctx, $board, $unbumplock, $post) {
 }
 
 function mod_move_reply(Context $ctx, $originBoard, $postID) {
-	global $board, $config;
+	global $board, $config, $mod;
 
 	if (!openBoard($originBoard))
 		error($config['error']['noboard']);
@@ -1323,20 +1395,27 @@ function mod_move_reply(Context $ctx, $originBoard, $postID) {
 		// redirect
 		header('Location: ?/' . sprintf($config['board_path'], $board['uri']) . $config['dir']['res'] . link_for($post) . '#' . $newID, true, $config['redirect_http']);
 	}
-
 	else {
 		$boards = listBoards();
 
 		$security_token = make_secure_link_token($originBoard . '/move_reply/' . $postID);
 
-		mod_page(_('Move reply'), $config['file_mod_move_reply'], array('post' => $postID, 'board' => $originBoard, 'boards' => $boards, 'token' => $security_token));
-
+		mod_page(
+			_('Move reply'),
+			$config['file_mod_move_reply'],
+			[
+				'post' => $postID,
+				'board' => $originBoard,
+				'boards' => $boards,
+				'token' => $security_token
+			],
+			$mod
+		);
 	}
-
 }
 
 function mod_move(Context $ctx, $originBoard, $postID) {
-	global $board, $config, $pdo;
+	global $board, $config, $pdo, $mod;
 
 	if (!openBoard($originBoard))
 		error($config['error']['noboard']);
@@ -1542,10 +1621,21 @@ function mod_move(Context $ctx, $originBoard, $postID) {
 
 	$security_token = make_secure_link_token($originBoard . '/move/' . $postID);
 
-	mod_page(_('Move thread'), $config['file_mod_move'], array('post' => $postID, 'board' => $originBoard, 'boards' => $boards, 'token' => $security_token));
+	mod_page(
+		_('Move thread'),
+		$config['file_mod_move'],
+		[
+			'post' => $postID,
+			'board' => $originBoard,
+			'boards' => $boards,
+			'token' => $security_token
+		],
+		$mod
+	);
 }
 
 function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if (!openBoard($board))
@@ -1612,10 +1702,11 @@ function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) {
 		'token' => $security_token
 	);
 
-	mod_page(_('New ban'), $config['file_mod_ban_form'], $args);
+	mod_page(_('New ban'), $config['file_mod_ban_form'], $args, $mod);
 }
 
 function mod_edit_post(Context $ctx, $board, $edit_raw_html, $postID) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if (!openBoard($board))
@@ -1688,7 +1779,17 @@ function mod_edit_post(Context $ctx, $board, $edit_raw_html, $postID) {
 			$post['body'] = str_replace("\t", '&#09;', $post['body']);
 		}
 
-		mod_page(_('Edit post'), $config['file_mod_edit_post_form'], array('token' => $security_token, 'board' => $board, 'raw' => $edit_raw_html, 'post' => $post));
+		mod_page(
+			_('Edit post'),
+			$config['file_mod_edit_post_form'],
+			[
+				'token' => $security_token,
+				'board' => $board,
+				'raw' => $edit_raw_html,
+				'post' => $post
+			],
+			$mod
+		);
 	}
 }
 
@@ -1976,16 +2077,21 @@ function mod_user(Context $ctx, $uid) {
 
 	$user['boards'] = explode(',', $user['boards']);
 
-	mod_page(_('Edit user'), $config['file_mod_user'], array(
-		'user' => $user,
-		'logs' => $log,
-		'boards' => listBoards(),
-		'token' => make_secure_link_token('users/' . $user['id'])
-	));
+	mod_page(
+		_('Edit user'),
+		$config['file_mod_user'],
+		[
+			'user' => $user,
+			'logs' => $log,
+			'boards' => listBoards(),
+			'token' => make_secure_link_token('users/' . $user['id'])
+		],
+		$mod
+	);
 }
 
 function mod_user_new(Context $ctx) {
-	global $pdo, $config;
+	global $pdo, $config, $mod;
 
 	if (!hasPermission($config['mod']['createusers']))
 		error($config['error']['noaccess']);
@@ -2033,11 +2139,21 @@ function mod_user_new(Context $ctx) {
 		return;
 	}
 
-	mod_page(_('New user'), $config['file_mod_user'], array('new' => true, 'boards' => listBoards(), 'token' => make_secure_link_token('users/new')));
+	mod_page(
+		_('New user'),
+		$config['file_mod_user'],
+		[
+			'new' => true,
+			'boards' => listBoards(),
+			'token' => make_secure_link_token('users/new')
+		],
+		$mod
+	);
 }
 
 
 function mod_users(Context $ctx) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['manageusers']))
@@ -2055,7 +2171,7 @@ function mod_users(Context $ctx) {
 		$user['demote_token'] = make_secure_link_token("users/{$user['id']}/demote");
 	}
 
-	mod_page(sprintf('%s (%d)', _('Manage users'), count($users)), $config['file_mod_users'], array('users' => $users));
+	mod_page(sprintf('%s (%d)', _('Manage users'), count($users)), $config['file_mod_users'], [ 'users' => $users ], $mod);
 }
 
 function mod_user_promote(Context $ctx, $uid, $action) {
@@ -2145,14 +2261,19 @@ function mod_pm(Context $ctx, $id, $reply = false) {
 		if (!$pm['to_username'])
 			error($config['error']['404']); // deleted?
 
-		mod_page(sprintf('%s %s', _('New PM for'), $pm['to_username']), $config['file_mod_new_pm'], array(
-			'username' => $pm['username'],
-			'id' => $pm['sender'],
-			'message' => quote($pm['message']),
-			'token' => make_secure_link_token('new_PM/' . $pm['username'])
-		));
+		mod_page(
+			sprintf('%s %s', _('New PM for'), $pm['to_username']),
+			$config['file_mod_new_pm'],
+			[
+				'username' => $pm['username'],
+				'id' => $pm['sender'],
+				'message' => quote($pm['message']),
+				'token' => make_secure_link_token('new_PM/' . $pm['username'])
+			],
+			$mod
+		);
 	} else {
-		mod_page(sprintf('%s &ndash; #%d', _('Private message'), $id), $config['file_mod_pm'], $pm);
+		mod_page(sprintf('%s &ndash; #%d', _('Private message'), $id), $config['file_mod_pm'], $pm, $mod);
 	}
 }
 
@@ -2174,10 +2295,15 @@ function mod_inbox(Context $ctx) {
 		$message['snippet'] = pm_snippet($message['message']);
 	}
 
-	mod_page(sprintf('%s (%s)', _('PM inbox'), count($messages) > 0 ? $unread . ' unread' : 'empty'), $config['file_mod_inbox'], array(
-		'messages' => $messages,
-		'unread' => $unread
-	));
+	mod_page(
+		sprintf('%s (%s)', _('PM inbox'), count($messages) > 0 ? $unread . ' unread' : 'empty'),
+		$config['file_mod_inbox'],
+		[
+			'messages' => $messages,
+			'unread' => $unread
+		],
+		$mod
+	);
 }
 
 
@@ -2223,15 +2349,20 @@ function mod_new_pm(Context $ctx, $username) {
 		header('Location: ?/', true, $config['redirect_http']);
 	}
 
-	mod_page(sprintf('%s %s', _('New PM for'), $username), $config['file_mod_new_pm'], array(
-		'username' => $username,
-		'id' => $id,
-		'token' => make_secure_link_token('new_PM/' . $username)
-	));
+	mod_page(
+		sprintf('%s %s', _('New PM for'), $username),
+		$config['file_mod_new_pm'],
+		[
+			'username' => $username,
+			'id' => $id,
+			'token' => make_secure_link_token('new_PM/' . $username)
+		],
+		$mod
+	);
 }
 
 function mod_rebuild(Context $ctx) {
-	global $twig;
+	global $twig, $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['rebuild']))
@@ -2293,14 +2424,19 @@ function mod_rebuild(Context $ctx) {
 			}
 		}
 
-		mod_page(_('Rebuild'), $config['file_mod_rebuilt'], array('logs' => $log));
+		mod_page(_('Rebuild'), $config['file_mod_rebuilt'], [ 'logs' => $log ], $mod);
 		return;
 	}
 
-	mod_page(_('Rebuild'), $config['file_mod_rebuild'], array(
-		'boards' => listBoards(),
-		'token' => make_secure_link_token('rebuild')
-	));
+	mod_page(
+		_('Rebuild'),
+		$config['file_mod_rebuild'],
+		[
+			'boards' => listBoards(),
+			'token' => make_secure_link_token('rebuild')
+		],
+		$mod
+	);
 }
 
 function mod_reports(Context $ctx) {
@@ -2385,7 +2521,15 @@ function mod_reports(Context $ctx) {
 		$count++;
 	}
 
-	mod_page(sprintf('%s (%d)', _('Report queue'), $count), $config['file_mod_reports'], array('reports' => $body, 'count' => $count));
+	mod_page(
+		sprintf('%s (%d)', _('Report queue'), $count),
+		$config['file_mod_reports'],
+		[
+			'reports' => $body,
+			'count' => $count
+		],
+		$mod
+	);
 }
 
 function mod_report_dismiss(Context $ctx, $id, $action) {
@@ -2482,13 +2626,16 @@ function mod_recent_posts(Context $ctx, $lim) {
 		$last_time = $post['time'];
 	}
 
-	echo mod_page(_('Recent posts'), $config['file_mod_recent_posts'],  array(
+	echo mod_page(
+		_('Recent posts'),
+		$config['file_mod_recent_posts'],
+		[
 			'posts' => $posts,
 			'limit' => $limit,
 			'last_time' => $last_time
-		)
+		],
+		$mod
 	);
-
 }
 
 function mod_config(Context $ctx, $board_config = false) {
@@ -2528,14 +2675,19 @@ function mod_config(Context $ctx, $board_config = false) {
 		}
 		$instance_config = str_replace("\n", '&#010;', utf8tohtml($instance_config));
 
-		mod_page(_('Config editor'), $config['file_mod_config_editor_php'], array(
-			'php' => $instance_config,
-			'readonly' => $readonly,
-			'boards' => listBoards(),
-			'board' => $board_config,
-			'file' => $config_file,
-			'token' => make_secure_link_token('config' . ($board_config ? '/' . $board_config : ''))
-		));
+		mod_page(
+			_('Config editor'),
+			$config['file_mod_config_editor_php'],
+			[
+				'php' => $instance_config,
+				'readonly' => $readonly,
+				'boards' => listBoards(),
+				'board' => $board_config,
+				'file' => $config_file,
+				'token' => make_secure_link_token('config' . ($board_config ? '/' . $board_config : ''))
+			],
+			$mod
+		);
 		return;
 	}
 
@@ -2623,17 +2775,22 @@ function mod_config(Context $ctx, $board_config = false) {
 		exit;
 	}
 
-	mod_page(_('Config editor') . ($board_config ? ': ' . sprintf($config['board_abbreviation'], $board_config) : ''),
-		$config['file_mod_config_editor'], array(
+	mod_page(
+		_('Config editor') . ($board_config ? ': ' . sprintf($config['board_abbreviation'], $board_config) : ''),
+		$config['file_mod_config_editor'],
+		[
 			'boards' => listBoards(),
 			'board' => $board_config,
 			'conf' => $conf,
 			'file' => $config_file,
 			'token' => make_secure_link_token('config' . ($board_config ? '/' . $board_config : ''))
-	));
+		],
+		$mod
+	);
 }
 
 function mod_themes_list(Context $ctx) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['themes']))
@@ -2661,13 +2818,19 @@ function mod_themes_list(Context $ctx) {
 		$theme['uninstall_token'] = make_secure_link_token('themes/' . $theme_name . '/uninstall');
 	}
 
-	mod_page(_('Manage themes'), $config['file_mod_themes'], array(
-		'themes' => $themes,
-		'themes_in_use' => $themes_in_use,
-	));
+	mod_page(
+		_('Manage themes'),
+		$config['file_mod_themes'],
+		[
+			'themes' => $themes,
+			'themes_in_use' => $themes_in_use,
+		],
+		$mod
+	);
 }
 
 function mod_theme_configure(Context $ctx, $theme_name) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['themes']))
@@ -2730,23 +2893,33 @@ function mod_theme_configure(Context $ctx, $theme_name) {
 		// Build themes
 		Vichan\Functions\Theme\rebuild_themes('all');
 
-		mod_page(sprintf(_($result ? 'Installed theme: %s' : 'Installation failed: %s'), $theme['name']), $config['file_mod_theme_installed'], array(
-			'theme_name' => $theme_name,
-			'theme' => $theme,
-			'result' => $result,
-			'message' => $message
-		));
+		mod_page(
+			sprintf(_($result ? 'Installed theme: %s' : 'Installation failed: %s'), $theme['name']),
+			$config['file_mod_theme_installed'],
+			[
+				'theme_name' => $theme_name,
+				'theme' => $theme,
+				'result' => $result,
+				'message' => $message
+			],
+			$mod
+		);
 		return;
 	}
 
 	$settings = Vichan\Functions\Theme\theme_settings($theme_name);
 
-	mod_page(sprintf(_('Configuring theme: %s'), $theme['name']), $config['file_mod_theme_config'], array(
-		'theme_name' => $theme_name,
-		'theme' => $theme,
-		'settings' => $settings,
-		'token' => make_secure_link_token('themes/' . $theme_name)
-	));
+	mod_page(
+		sprintf(_('Configuring theme: %s'), $theme['name']),
+		$config['file_mod_theme_config'],
+		[
+			'theme_name' => $theme_name,
+			'theme' => $theme,
+			'settings' => $settings,
+			'token' => make_secure_link_token('themes/' . $theme_name)
+		],
+		$mod
+	);
 }
 
 function mod_theme_uninstall(Context $ctx, $theme_name) {
@@ -2767,6 +2940,7 @@ function mod_theme_uninstall(Context $ctx, $theme_name) {
 }
 
 function mod_theme_rebuild(Context $ctx, $theme_name) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['themes']))
@@ -2774,9 +2948,14 @@ function mod_theme_rebuild(Context $ctx, $theme_name) {
 
 	Vichan\Functions\Theme\rebuild_theme($theme_name, 'all');
 
-	mod_page(sprintf(_('Rebuilt theme: %s'), $theme_name), $config['file_mod_theme_rebuilt'], array(
-		'theme_name' => $theme_name,
-	));
+	mod_page(
+		sprintf(_('Rebuilt theme: %s'), $theme_name),
+		$config['file_mod_theme_rebuilt'],
+		[
+			'theme_name' => $theme_name,
+		],
+		$mod
+	);
 }
 
 // This needs to be done for `secure` CSRF prevention compatibility, otherwise the $board will be read in as the token if editing global pages.
@@ -2890,7 +3069,17 @@ function mod_edit_page(Context $ctx, $id) {
 		$content = $query->fetchColumn();
 	}
 
-	mod_page(sprintf(_('Editing static page: %s'), $page['name']), $config['file_mod_edit_page'], array('page' => $page, 'token' => make_secure_link_token("edit_page/$id"), 'content' => prettify_textarea($content), 'board' => $board));
+	mod_page(
+		sprintf(_('Editing static page: %s'), $page['name']),
+		$config['file_mod_edit_page'],
+		[
+			'page' => $page,
+			'token' => make_secure_link_token("edit_page/$id"),
+			'content' => prettify_textarea($content),
+			'board' => $board
+		],
+		$mod
+	);
 }
 
 function mod_pages(Context $ctx, $board = false) {
@@ -2945,11 +3134,20 @@ function mod_pages(Context $ctx, $board = false) {
 		$p['delete_token'] = make_secure_link_token('edit_pages/delete/' . $p['name'] . ($board ? ('/' . $board) : ''));
 	}
 
-	mod_page(_('Pages'), $config['file_mod_pages'], array('pages' => $pages, 'token' => make_secure_link_token('edit_pages' . ($board ? ('/' . $board) : '')), 'board' => $board));
+	mod_page(
+		_('Pages'),
+		$config['file_mod_pages'],
+		[
+			'pages' => $pages,
+			'token' => make_secure_link_token('edit_pages' . ($board ? ('/' . $board) : '')),
+			'board' => $board
+		],
+		$mod
+	);
 }
 
 function mod_debug_antispam(Context $ctx) {
-	global $pdo, $config;
+	global $pdo, $config, $mod;
 
 	$args = [];
 
@@ -2982,11 +3180,11 @@ function mod_debug_antispam(Context $ctx) {
 	$query = query('SELECT * FROM ``antispam`` ' . ($where ? "WHERE $where" : '') . ' ORDER BY `created` DESC LIMIT 20') or error(db_error());
 	$args['recent'] = $query->fetchAll(PDO::FETCH_ASSOC);
 
-	mod_page(_('Debug: Anti-spam'), $config['file_mod_debug_antispam'], $args);
+	mod_page(_('Debug: Anti-spam'), $config['file_mod_debug_antispam'], $args, $mod);
 }
 
 function mod_debug_recent_posts(Context $ctx) {
-	global $pdo, $config;
+	global $pdo, $config, $mod;
 
 	$limit = 500;
 
@@ -3016,10 +3214,11 @@ function mod_debug_recent_posts(Context $ctx) {
 		}
 	}
 
-	mod_page(_('Debug: Recent posts'), $config['file_mod_debug_recent_posts'], array('posts' => $posts, 'flood_posts' => $flood_posts));
+	mod_page(_('Debug: Recent posts'), $config['file_mod_debug_recent_posts'], [ 'posts' => $posts, 'flood_posts' => $flood_posts ], $mod);
 }
 
 function mod_debug_sql(Context $ctx) {
+	global $mod;
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['debug_sql']))
@@ -3040,5 +3239,5 @@ function mod_debug_sql(Context $ctx) {
 		}
 	}
 
-	mod_page(_('Debug: SQL'), $config['file_mod_debug_sql'], $args);
+	mod_page(_('Debug: SQL'), $config['file_mod_debug_sql'], $args, $mod);
 }

From f9127dd478f2f28b5e79e205c8a6ab93a005aa1e Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 5 Oct 2024 18:17:36 +0200
Subject: [PATCH 276/336] mod.php: $matches should always be an array

---
 mod.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/mod.php b/mod.php
index c9e891ee..9adf1eb5 100644
--- a/mod.php
+++ b/mod.php
@@ -184,10 +184,8 @@ foreach ($pages as $uri => $handler) {
 			$debug['time']['parse_mod_req'] = '~' . round((microtime(true) - $parse_start_time) * 1000, 2) . 'ms';
 		}
 
-		if (is_array($matches)) {
-			// we don't want to call named parameters (PHP 8)
-			$matches = array_values($matches);
-		}
+		// We don't want to call named parameters (PHP 8).
+		$matches = array_values($matches);
 
 		if (is_string($handler)) {
 			if ($handler[0] == ':') {

From 767b8fd8c32ff8e4f3c6e33117d7696309cf6741 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 6 Oct 2024 11:25:57 +0200
Subject: [PATCH 277/336] mod.php: add missing context parameter

---
 mod.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mod.php b/mod.php
index 9adf1eb5..b23c75de 100644
--- a/mod.php
+++ b/mod.php
@@ -161,7 +161,7 @@ foreach ($pages as $uri => $handler) {
 					if ($secure_post_only)
 						error($config['error']['csrf']);
 					else {
-						mod_confirm(substr($query, 1));
+						mod_confirm($ctx, substr($query, 1));
 						exit;
 					}
 				}

From 0e8909ac4e331b529cadd5c46f49f93a66d005c2 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 20 Sep 2024 22:48:08 +0200
Subject: [PATCH 278/336] pages.php: fix whitespace indentation

---
 inc/mod/pages.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index c03e1a5e..ef41da70 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -11,11 +11,11 @@ defined('TINYBOARD') or exit;
 
 
 function _link_or_copy(string $target, string $link): bool {
-    if (!link($target, $link)) {
-        error_log("Failed to link() $target to $link. Falling back to copy()");
-        return copy($target, $link);
-    }
-    return true;
+	if (!link($target, $link)) {
+		error_log("Failed to link() $target to $link. Falling back to copy()");
+		return copy($target, $link);
+	}
+	return true;
 }
 
 function mod_page($title, $template, $args, $mod, $subtitle = false) {
@@ -1092,7 +1092,7 @@ function mod_bans(Context $ctx) {
 		foreach ($unban as $id) {
 			Bans::delete($id, true, $mod['boards'], true);
 		}
-                Vichan\Functions\Theme\rebuild_themes('bans');
+		Vichan\Functions\Theme\rebuild_themes('bans');
 		header('Location: ?/bans', true, $config['redirect_http']);
 		return;
 	}
@@ -1595,7 +1595,7 @@ function mod_move(Context $ctx, $originBoard, $postID) {
 				'op' => false
 			);
 
-			$spost['body'] = $spost['body_nomarkup'] =  sprintf($config['mod']['shadow_mesage'], '>>>/' . $targetBoard . '/' . $newID);
+			$spost['body'] = $spost['body_nomarkup'] = sprintf($config['mod']['shadow_mesage'], '>>>/' . $targetBoard . '/' . $newID);
 
 			markup($spost['body']);
 

From 3fe44653f27fe824c29018aadf64c0b12b677ded Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sun, 6 Oct 2024 13:08:29 +0200
Subject: [PATCH 279/336] post.php: fix invocation of native captcha

---
 post.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/post.php b/post.php
index bfd41639..3658ed52 100644
--- a/post.php
+++ b/post.php
@@ -519,10 +519,10 @@ if (isset($_POST['delete'])) {
 			$query = new NativeCaptchaQuery(
 				$context->get(HttpDriver::class),
 				$config['domain'],
-				$config['captcha']['provider_check']
+				$config['captcha']['provider_check'],
+				$config['captcha']['extra']
 			);
 			$success = $query->verify(
-				$config['captcha']['extra'],
 				$_POST['captcha_text'],
 				$_POST['captcha_cookie']
 			);

From 82ea1815fd2c24414e207597207d185c3c646c10 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 4 Feb 2024 14:45:32 +0100
Subject: [PATCH 280/336] Refactor cache driver

---
 inc/cache.php               |   2 +-
 inc/driver/cache-driver.php | 266 ++++++++++++++++++++++++++++++++++++
 2 files changed, 267 insertions(+), 1 deletion(-)
 create mode 100644 inc/driver/cache-driver.php

diff --git a/inc/cache.php b/inc/cache.php
index c4053610..ae788bc1 100644
--- a/inc/cache.php
+++ b/inc/cache.php
@@ -25,7 +25,7 @@ class Cache {
 				self::$cache->select($config['cache']['redis'][3]) or die('cache select failure');
 				break;
 			case 'php':
-				self::$cache = array();
+				self::$cache = [];
 				break;
 		}
 	}
diff --git a/inc/driver/cache-driver.php b/inc/driver/cache-driver.php
new file mode 100644
index 00000000..b5279d82
--- /dev/null
+++ b/inc/driver/cache-driver.php
@@ -0,0 +1,266 @@
+<?php
+namespace Vichan\Driver;
+
+use RuntimeException;
+
+defined('TINYBOARD') or exit;
+
+/**
+ * PHP has no nested or private classes support.
+ */
+class CacheDrivers {
+	public static function memcached(string $prefix, string $memcached_server) {
+		$memcached = new Memcached();
+		if (!$memcached->setOption(Memcached::OPT_BINARY_PROTOCOL, true)) {
+			throw new RuntimeException('Unable to set the memcached protocol!');
+		}
+		if (!$memcached->setOption(Memcached::OPT_PREFIX_KEY, $prefix)) {
+			throw new RuntimeException('Unable to set the memcached prefix!');
+		}
+		if (!$memcached->addServers($memcached_server)) {
+			throw new RuntimeException('Unable to add the memcached server!');
+		}
+
+		return new class($memcached) implements CacheDriver {
+			private Memcached $inner;
+
+			public function __construct(Memcached $inner) {
+				$this->inner = $inner;
+			}
+
+			public function get(string $key): mixed {
+				$ret = $this->inner->get($key);
+				// If the returned value is false but the retrival was a success, then the value stored was a boolean false.
+				if ($ret === false && $this->inner->getResultCode() !== Memcached::RES_SUCCESS) {
+					return null;
+				}
+				return $ret;
+			}
+
+			public function set(string $key, mixed $value, mixed $expires = false): void {
+				$this->inner->set($key, $value, (int)$expires);
+			}
+
+			public function delete(string $key): void {
+				$this->inner->delete($key);
+			}
+
+			public function flush(): void {
+				$this->inner->flush();
+			}
+		};
+	}
+
+	public static function redis(string $prefix, string $host, int $port, string $password, string $database) {
+		$redis = new Redis();
+		$redis->connect($host, $port);
+		if ($password) {
+			$redis->auth($password);
+		}
+		if (!$redis->select($database)) {
+			throw new RuntimeException('Unable to connect to Redis!');
+		}
+
+		return new class($prefix, $redis) implements CacheDriver {
+			private string $prefix;
+			private Redis $inner;
+
+			public function __construct(string $prefix, Redis $inner) {
+				$$this->prefix = $prefix;
+				$this->inner = $inner;
+			}
+
+			public function get(string $key): mixed {
+				$ret = $this->inner->get($this->prefix . $key);
+				if ($ret === false) {
+					return null;
+				}
+				return json_decode($ret, true);
+			}
+
+			public function set(string $key, mixed $value, mixed $expires = false): void {
+				if ($expires === false) {
+					$this->inner->set($this->prefix . $key, json_encode($value));
+				} else {
+					$expires = $expires * 1000; // Seconds to milliseconds.
+					$this->inner->setex($this->prefix . $key, $expires, json_encode($value));
+				}
+			}
+
+			public function delete(string $key): void {
+				$this->inner->del($this->prefix . $key);
+			}
+
+			public function flush(): void {
+				$this->inner->flushDB();
+			}
+		};
+	}
+
+	public static function apcu() {
+		return new class implements CacheDriver {
+			public function get(string $key): mixed {
+				$success = false;
+				$ret = apcu_fetch($key, $success);
+				if ($success === false) {
+					return null;
+				}
+				return $ret;
+			}
+
+			public function set(string $key, mixed $value, mixed $expires = false): void {
+				apcu_store($key, $value, (int)$expires);
+			}
+
+			public function delete(string $key): void {
+				apcu_delete($key);
+			}
+
+			public function flush(): void {
+				apcu_clear_cache();
+			}
+		};
+	}
+
+	public static function filesystem(string $prefix, string $base_path) {
+		if ($base_path[strlen($base_path) - 1] !== '/') {
+			$base_path = "$base_path/";
+		}
+
+		if (!is_dir($base_path)) {
+			throw new RuntimeException("$base_path is not a directory!");
+		}
+
+		if (!is_writable($base_path)) {
+			throw new RuntimeException("$base_path is not writable!");
+		}
+
+		return new class($prefix, $base_path) implements CacheDriver {
+			private string $prefix;
+			private string $base_path;
+
+
+			private function prepareKey(string $key): string {
+				$key = str_replace('/', '::', $key);
+				$key = str_replace("\0", '', $key);
+				return $this->prefix . $key;
+			}
+
+			public function __construct(string $prefix, string $base_path) {
+				$this->prefix = $prefix;
+				$this->base_path = $base_path;
+			}
+
+			public function get(string $key): mixed {
+				$key = $this->prepareKey($key);
+
+				$fd = fopen("$this->base_path/$key", 'r');
+				if ($fd === false) {
+					return null;
+				}
+
+				$data = stream_get_contents("$this->base_path/$key");
+				fclose($fd);
+				return json_decode($data, true);
+			}
+
+			public function set(string $key, mixed $value, mixed $expires = false): void {
+				$key = $this->prepareKey($key);
+
+				$data = json_encode($value);
+				file_put_contents("$this->base_path/$key", $data);
+			}
+
+			public function delete(string $key): void {
+				$key = $this->prepareKey($key);
+
+				@unlink("$this->base_path/$key");
+			}
+
+			public function flush(): void {
+				$files = glob("$this->base_path/$this->prefix*");
+				foreach ($files as $file) {
+					@unlink($file);
+				}
+			}
+		};
+	}
+
+	public static function phpArray() {
+		return new class implements CacheDriver {
+			private static array $inner = [];
+
+			public function get(string $key): mixed {
+				return isset(self::$inner[$key]) ? self::$inner[$key] : null;
+			}
+
+			public function set(string $key, mixed $value, mixed $expires = false): void {
+				self::$inner[$key] = $value;
+			}
+
+			public function delete(string $key): void {
+				unset(self::$inner[$key]);
+			}
+
+			public function flush(): void {
+				self::$inner = [];
+			}
+		};
+	}
+
+	/**
+	 * No-op cache. Useful for testing.
+	 */
+	public static function none() {
+		return new class implements CacheDriver {
+			public function get(string $key): mixed {
+				return null;
+			}
+
+			public function set(string $key, mixed $value, mixed $expires = false): void {
+				// No-op.
+			}
+
+			public function delete(string $key): void {
+				// No-op.
+			}
+
+			public function flush(): void {
+				// No-op.
+			}
+		};
+	}
+}
+
+interface CacheDriver {
+	/**
+	 * Get the value of associated with the key.
+	 *
+	 * @param string $key The key of the value.
+	 * @return mixed|null The value associated with the key, or null if there is none.
+	 */
+	public function get(string $key): mixed;
+
+	/**
+	 * Set a key-value pair.
+	 *
+	 * @param string $key The key.
+	 * @param mixed $value The value.
+	 * @param int|false $expires After how many seconds the pair will expire. Use false or ignore this parameter to keep
+	 *                           the value until it gets evicted to make space for more items. Some drivers will always
+	 *                           ignore this parameter and store the pair until it's removed.
+	 */
+	public function set(string $key, mixed $value, mixed $expires = false): void;
+
+	/**
+	 * Delete a key-value pair.
+	 *
+	 * @param string $key The key.
+	 */
+	public function delete(string $key): void;
+
+	/**
+	 * Delete all the key-value pairs.
+	 */
+	public function flush(): void;
+}

From b57d9bfbb3b581cf63f34c831c760b632d903c8c Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 11 Apr 2024 19:20:19 +0200
Subject: [PATCH 281/336] cache: implement cache locking for filesystem cache
 and give it multiprocess support

---
 inc/driver/cache-driver.php | 55 +++++++++++++++++++++++++++++++------
 1 file changed, 47 insertions(+), 8 deletions(-)

diff --git a/inc/driver/cache-driver.php b/inc/driver/cache-driver.php
index b5279d82..0718ad86 100644
--- a/inc/driver/cache-driver.php
+++ b/inc/driver/cache-driver.php
@@ -122,7 +122,7 @@ class CacheDrivers {
 		};
 	}
 
-	public static function filesystem(string $prefix, string $base_path) {
+	public static function filesystem(string $prefix, string $base_path, string $lock_file) {
 		if ($base_path[strlen($base_path) - 1] !== '/') {
 			$base_path = "$base_path/";
 		}
@@ -135,9 +135,17 @@ class CacheDrivers {
 			throw new RuntimeException("$base_path is not writable!");
 		}
 
-		return new class($prefix, $base_path) implements CacheDriver {
+		$lock_file = $base_path . $lock_file;
+
+		$lock_fd = fopen($lock_file, 'w');
+		if ($lock_fd === false) {
+			throw new RuntimeException('Unable to open the lock file!');
+		}
+
+		$ret = new class($prefix, $base_path, $lock_file) implements CacheDriver {
 			private string $prefix;
 			private string $base_path;
+			private mixed $lock_fd;
 
 
 			private function prepareKey(string $key): string {
@@ -146,21 +154,38 @@ class CacheDrivers {
 				return $this->prefix . $key;
 			}
 
-			public function __construct(string $prefix, string $base_path) {
+			private function sharedLockCache(): void {
+				flock($this->lock_fd, LOCK_SH);
+			}
+
+			private function exclusiveLockCache(): void {
+				flock($this->lock_fd, LOCK_EX);
+			}
+
+			private function unlockCache(): void {
+				flock($this->lock_fd, LOCK_UN);
+			}
+
+			public function __construct(string $prefix, string $base_path, mixed $lock_fd) {
 				$this->prefix = $prefix;
 				$this->base_path = $base_path;
+				$this->lock_fd = $lock_fd;
 			}
 
 			public function get(string $key): mixed {
 				$key = $this->prepareKey($key);
 
-				$fd = fopen("$this->base_path/$key", 'r');
+				$this->sharedLockCache();
+
+				$fd = fopen($this->base_path . $key, 'r');
 				if ($fd === false) {
+					$this->unlockCache();
 					return null;
 				}
 
-				$data = stream_get_contents("$this->base_path/$key");
+				$data = stream_get_contents($fd);
 				fclose($fd);
+				$this->unlockCache();
 				return json_decode($data, true);
 			}
 
@@ -168,22 +193,36 @@ class CacheDrivers {
 				$key = $this->prepareKey($key);
 
 				$data = json_encode($value);
-				file_put_contents("$this->base_path/$key", $data);
+				$this->exclusiveLockCache();
+				file_put_contents($this->base_path . $key, $data);
+				$this->unlockCache();
 			}
 
 			public function delete(string $key): void {
 				$key = $this->prepareKey($key);
 
-				@unlink("$this->base_path/$key");
+				$this->exclusiveLockCache();
+				@unlink($this->base_path . $key);
+				$this->unlockCache();
 			}
 
 			public function flush(): void {
-				$files = glob("$this->base_path/$this->prefix*");
+				$this->exclusiveLockCache();
+				$files = glob($this->base_path . $this->prefix . '*', GLOB_NOSORT);
 				foreach ($files as $file) {
 					@unlink($file);
 				}
+				$this->unlockCache();
+			}
+
+			public function close() {
+				fclose($this->lock_fd);
 			}
 		};
+
+		register_shutdown_function([$ret, 'close']);
+
+		return $ret;
 	}
 
 	public static function phpArray() {

From 5ea42fa0e2bb3c61c711a0461774e5d3b1b8f875 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 11 Apr 2024 18:19:18 +0200
Subject: [PATCH 282/336] config.php: update cache documentation

---
 inc/config.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 11ac8809..d958d617 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -139,17 +139,26 @@
 
 	/*
 	 * On top of the static file caching system, you can enable the additional caching system which is
-	 * designed to minimize SQL queries and can significantly increase speed when posting or using the
-	 * moderator interface. APC is the recommended method of caching.
+	 * designed to minimize request processing can significantly increase speed when posting or using
+	 * the moderator interface.
 	 *
 	 * https://github.com/vichan-devel/vichan/wiki/cache
 	 */
 
+	// Uses a PHP array. MUST NOT be used in multiprocess environments.
 	$config['cache']['enabled'] = 'php';
+	// The recommended in-memory method of caching. Requires the extension. Due to how APCu works, this should be
+	// disabled when you run tools from the cli.
 	// $config['cache']['enabled'] = 'apcu';
+	// The Memcache server. Requires the memcached extension, with a final D.
 	// $config['cache']['enabled'] = 'memcached';
+	// The Redis server. Requires the extension.
 	// $config['cache']['enabled'] = 'redis';
+	// Use the local cache folder. Slower than native but available out of the box and compatible with multiprocess
+	// environments. You can mount a ram-based filesystem in the cache directory to improve performance.
 	// $config['cache']['enabled'] = 'fs';
+	// Technically available, offers a no-op fake cache. Don't use this outside of testing or debugging.
+	// $config['cache']['enabled'] = 'none';
 
 	// Timeout for cached objects such as posts and HTML.
 	$config['cache']['timeout'] = 60 * 60 * 48; // 48 hours

From 66d2f901718dcdb3e88cb9683b3cd02e5f9a3100 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 20 Sep 2024 19:44:50 +0200
Subject: [PATCH 283/336] cache-driver.php: filesystem handle expired values.

---
 inc/driver/cache-driver.php | 55 ++++++++++++++++++++++++++++++++++---
 1 file changed, 51 insertions(+), 4 deletions(-)

diff --git a/inc/driver/cache-driver.php b/inc/driver/cache-driver.php
index 0718ad86..672d7b92 100644
--- a/inc/driver/cache-driver.php
+++ b/inc/driver/cache-driver.php
@@ -122,7 +122,7 @@ class CacheDrivers {
 		};
 	}
 
-	public static function filesystem(string $prefix, string $base_path, string $lock_file) {
+	public static function filesystem(string $prefix, string $base_path, string $lock_file, int|false $collect_chance_den) {
 		if ($base_path[strlen($base_path) - 1] !== '/') {
 			$base_path = "$base_path/";
 		}
@@ -146,6 +146,7 @@ class CacheDrivers {
 			private string $prefix;
 			private string $base_path;
 			private mixed $lock_fd;
+			private int|false $collect_chance_den;
 
 
 			private function prepareKey(string $key): string {
@@ -166,10 +167,34 @@ class CacheDrivers {
 				flock($this->lock_fd, LOCK_UN);
 			}
 
-			public function __construct(string $prefix, string $base_path, mixed $lock_fd) {
+			private function collectImpl(): int {
+				// A read lock is ok, since it's alright if we delete expired items from under the feet of other processes.
+				$files = glob($this->base_path . $this->prefix . '*', GLOB_NOSORT);
+				$count = 0;
+				foreach ($files as $file) {
+					$data = file_get_contents($file);
+					$wrapped = json_decode($data, true, 512, JSON_THROW_ON_ERROR);
+					if ($wrapped['expires'] !== false && $wrapped['expires'] <= time()) {
+						if (@unlink($file)) {
+							$count++;
+						}
+					}
+				}
+				return $count;
+			}
+
+			private function maybeCollect() {
+				if ($this->collect_chance_den !== false && rand(0, $this->collect_chance_den) === 0) {
+					$this->collect_chance_den = false; // Collect only once per instance (aka process$this->collect_chance_den !== false$this->collect_chance_den !== false).
+					$this->collectImpl();
+				}
+			}
+
+			public function __construct(string $prefix, string $base_path, mixed $lock_fd, int|false $collect_chance_den) {
 				$this->prefix = $prefix;
 				$this->base_path = $base_path;
 				$this->lock_fd = $lock_fd;
+				$this->collect_chance_den = $collect_chance_den;
 			}
 
 			public function get(string $key): mixed {
@@ -185,16 +210,30 @@ class CacheDrivers {
 
 				$data = stream_get_contents($fd);
 				fclose($fd);
+				$this->maybeCollect();
 				$this->unlockCache();
-				return json_decode($data, true);
+				$wrapped = json_decode($data, true, 512, JSON_THROW_ON_ERROR);
+
+				if ($wrapped['expires'] !== false && $wrapped['expires'] <= time()) {
+					// Already, expired, pretend it doesn't exist.
+					return null;
+				} else {
+					return $wrapped['inner'];
+				}
 			}
 
 			public function set(string $key, mixed $value, mixed $expires = false): void {
 				$key = $this->prepareKey($key);
 
-				$data = json_encode($value);
+				$wrapped = [
+					'expires' => $expires ? time() + $expires : false,
+					'inner' => $value
+				];
+
+				$data = json_encode($wrapped);
 				$this->exclusiveLockCache();
 				file_put_contents($this->base_path . $key, $data);
+				$this->maybeCollect();
 				$this->unlockCache();
 			}
 
@@ -203,9 +242,17 @@ class CacheDrivers {
 
 				$this->exclusiveLockCache();
 				@unlink($this->base_path . $key);
+				$this->maybeCollect();
 				$this->unlockCache();
 			}
 
+			public function collect() {
+				$this->sharedLockCache();
+				$count = $this->collectImpl();
+				$this->unlockCache();
+				return $count;
+			}
+
 			public function flush(): void {
 				$this->exclusiveLockCache();
 				$files = glob($this->base_path . $this->prefix . '*', GLOB_NOSORT);

From 3d406aeab2343c23b694d5d84b20fc359a7254e5 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Wed, 2 Oct 2024 21:36:28 +0200
Subject: [PATCH 284/336] cache-driver.php: move to Data

---
 inc/{driver => Data/Driver}/cache-driver.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename inc/{driver => Data/Driver}/cache-driver.php (99%)

diff --git a/inc/driver/cache-driver.php b/inc/Data/Driver/cache-driver.php
similarity index 99%
rename from inc/driver/cache-driver.php
rename to inc/Data/Driver/cache-driver.php
index 672d7b92..b943ee71 100644
--- a/inc/driver/cache-driver.php
+++ b/inc/Data/Driver/cache-driver.php
@@ -1,5 +1,5 @@
 <?php
-namespace Vichan\Driver;
+namespace Vichan\Data\Driver;
 
 use RuntimeException;
 

From ace2f2e83b21972da252e06b856d8d2a97e5de68 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Wed, 2 Oct 2024 21:49:51 +0200
Subject: [PATCH 285/336] driver: break up cache drivers

---
 inc/Data/Driver/ApcuCacheDriver.php     |  28 ++
 inc/Data/Driver/ArrayCacheDriver.php    |  28 ++
 inc/Data/Driver/CacheDriver.php         |  38 +++
 inc/Data/Driver/FsCachedriver.php       | 150 ++++++++++
 inc/Data/Driver/MemcacheCacheDriver.php |  43 +++
 inc/Data/Driver/NoneCacheDriver.php     |  26 ++
 inc/Data/Driver/RedisCacheDriver.php    |  48 ++++
 inc/Data/Driver/cache-driver.php        | 352 ------------------------
 8 files changed, 361 insertions(+), 352 deletions(-)
 create mode 100644 inc/Data/Driver/ApcuCacheDriver.php
 create mode 100644 inc/Data/Driver/ArrayCacheDriver.php
 create mode 100644 inc/Data/Driver/CacheDriver.php
 create mode 100644 inc/Data/Driver/FsCachedriver.php
 create mode 100644 inc/Data/Driver/MemcacheCacheDriver.php
 create mode 100644 inc/Data/Driver/NoneCacheDriver.php
 create mode 100644 inc/Data/Driver/RedisCacheDriver.php
 delete mode 100644 inc/Data/Driver/cache-driver.php

diff --git a/inc/Data/Driver/ApcuCacheDriver.php b/inc/Data/Driver/ApcuCacheDriver.php
new file mode 100644
index 00000000..a39bb656
--- /dev/null
+++ b/inc/Data/Driver/ApcuCacheDriver.php
@@ -0,0 +1,28 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+class ApcuCacheDriver implements CacheDriver {
+	public function get(string $key): mixed {
+		$success = false;
+		$ret = \apcu_fetch($key, $success);
+		if ($success === false) {
+			return null;
+		}
+		return $ret;
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		\apcu_store($key, $value, (int)$expires);
+	}
+
+	public function delete(string $key): void {
+		\apcu_delete($key);
+	}
+
+	public function flush(): void {
+		\apcu_clear_cache();
+	}
+}
diff --git a/inc/Data/Driver/ArrayCacheDriver.php b/inc/Data/Driver/ArrayCacheDriver.php
new file mode 100644
index 00000000..bb0cd310
--- /dev/null
+++ b/inc/Data/Driver/ArrayCacheDriver.php
@@ -0,0 +1,28 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * A simple process-wide PHP array.
+ */
+class ArrayCacheDriver implements CacheDriver {
+	private static array $inner = [];
+
+	public function get(string $key): mixed {
+		return isset(self::$inner[$key]) ? self::$inner[$key] : null;
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		self::$inner[$key] = $value;
+	}
+
+	public function delete(string $key): void {
+		unset(self::$inner[$key]);
+	}
+
+	public function flush(): void {
+		self::$inner = [];
+	}
+}
diff --git a/inc/Data/Driver/CacheDriver.php b/inc/Data/Driver/CacheDriver.php
new file mode 100644
index 00000000..083ed652
--- /dev/null
+++ b/inc/Data/Driver/CacheDriver.php
@@ -0,0 +1,38 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+interface CacheDriver {
+	/**
+	 * Get the value of associated with the key.
+	 *
+	 * @param string $key The key of the value.
+	 * @return mixed|null The value associated with the key, or null if there is none.
+	 */
+	public function get(string $key): mixed;
+
+	/**
+	 * Set a key-value pair.
+	 *
+	 * @param string $key The key.
+	 * @param mixed $value The value.
+	 * @param int|false $expires After how many seconds the pair will expire. Use false or ignore this parameter to keep
+	 *                           the value until it gets evicted to make space for more items. Some drivers will always
+	 *                           ignore this parameter and store the pair until it's removed.
+	 */
+	public function set(string $key, mixed $value, mixed $expires = false): void;
+
+	/**
+	 * Delete a key-value pair.
+	 *
+	 * @param string $key The key.
+	 */
+	public function delete(string $key): void;
+
+	/**
+	 * Delete all the key-value pairs.
+	 */
+	public function flush(): void;
+}
diff --git a/inc/Data/Driver/FsCachedriver.php b/inc/Data/Driver/FsCachedriver.php
new file mode 100644
index 00000000..f7f0e028
--- /dev/null
+++ b/inc/Data/Driver/FsCachedriver.php
@@ -0,0 +1,150 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+class FsCacheDriver implements CacheDriver {
+	private string $prefix;
+	private string $base_path;
+	private mixed $lock_fd;
+	private int|false $collect_chance_den;
+
+
+	private function prepareKey(string $key): string {
+		$key = \str_replace('/', '::', $key);
+		$key = \str_replace("\0", '', $key);
+		return $this->prefix . $key;
+	}
+
+	private function sharedLockCache(): void {
+		\flock($this->lock_fd, LOCK_SH);
+	}
+
+	private function exclusiveLockCache(): void {
+		\flock($this->lock_fd, LOCK_EX);
+	}
+
+	private function unlockCache(): void {
+		\flock($this->lock_fd, LOCK_UN);
+	}
+
+	private function collectImpl(): int {
+		// A read lock is ok, since it's alright if we delete expired items from under the feet of other processes.
+		$files = \glob($this->base_path . $this->prefix . '*', \GLOB_NOSORT);
+		$count = 0;
+		foreach ($files as $file) {
+			$data = \file_get_contents($file);
+			$wrapped = \json_decode($data, true, 512, \JSON_THROW_ON_ERROR);
+			if ($wrapped['expires'] !== false && $wrapped['expires'] <= \time()) {
+				if (@\unlink($file)) {
+					$count++;
+				}
+			}
+		}
+		return $count;
+	}
+
+	private function maybeCollect(): void {
+		if ($this->collect_chance_den !== false && \mt_rand(0, $this->collect_chance_den - 1) === 0) {
+			$this->collect_chance_den = false; // Collect only once per instance (aka process).
+			$this->collectImpl();
+		}
+	}
+
+	public function __construct(string $prefix, string $base_path, string $lock_file, int|false $collect_chance_den) {
+		if ($base_path[\strlen($base_path) - 1] !== '/') {
+			$base_path = "$base_path/";
+		}
+
+		if (!\is_dir($base_path)) {
+			throw new \RuntimeException("$base_path is not a directory!");
+		}
+
+		if (!\is_writable($base_path)) {
+			throw new \RuntimeException("$base_path is not writable!");
+		}
+
+		$this->lock_fd = \fopen($base_path . $lock_file, 'w');
+		if ($this->lock_fd === false) {
+			throw new \RuntimeException('Unable to open the lock file!');
+		}
+
+		$this->prefix = $prefix;
+		$this->base_path = $base_path;
+		$this->collect_chance_den = $collect_chance_den;
+	}
+
+	public function __destruct() {
+		$this->close();
+	}
+
+	public function get(string $key): mixed {
+		$key = $this->prepareKey($key);
+
+		$this->sharedLockCache();
+
+		$fd = \fopen($this->base_path . $key, 'r');
+		if ($fd === false) {
+			$this->unlockCache();
+			return null;
+		}
+
+		$data = \stream_get_contents($fd);
+		\fclose($fd);
+		$this->maybeCollect();
+		$this->unlockCache();
+		$wrapped = \json_decode($data, true, 512, \JSON_THROW_ON_ERROR);
+
+		if ($wrapped['expires'] !== false && $wrapped['expires'] <= \time()) {
+			// Already expired, leave it there since we already released the lock and pretend it doesn't exist.
+			return null;
+		} else {
+			return $wrapped['inner'];
+		}
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		$key = $this->prepareKey($key);
+
+		$wrapped = [
+			'expires' => $expires ? \time() + $expires : false,
+			'inner' => $value
+		];
+
+		$data = \json_encode($wrapped);
+		$this->exclusiveLockCache();
+		\file_put_contents($this->base_path . $key, $data);
+		$this->maybeCollect();
+		$this->unlockCache();
+	}
+
+	public function delete(string $key): void {
+		$key = $this->prepareKey($key);
+
+		$this->exclusiveLockCache();
+		@\unlink($this->base_path . $key);
+		$this->maybeCollect();
+		$this->unlockCache();
+	}
+
+	public function collect(): int {
+		$this->sharedLockCache();
+		$count = $this->collectImpl();
+		$this->unlockCache();
+		return $count;
+	}
+
+	public function flush(): void {
+		$this->exclusiveLockCache();
+		$files = \glob($this->base_path . $this->prefix . '*', \GLOB_NOSORT);
+		foreach ($files as $file) {
+			@\unlink($file);
+		}
+		$this->unlockCache();
+	}
+
+	public function close(): void {
+		\fclose($this->lock_fd);
+	}
+}
diff --git a/inc/Data/Driver/MemcacheCacheDriver.php b/inc/Data/Driver/MemcacheCacheDriver.php
new file mode 100644
index 00000000..04f62895
--- /dev/null
+++ b/inc/Data/Driver/MemcacheCacheDriver.php
@@ -0,0 +1,43 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+class MemcachedCacheDriver implements CacheDriver {
+	private \Memcached $inner;
+
+	public function __construct(string $prefix, string $memcached_server) {
+		$this->inner = new \Memcached();
+		if (!$this->inner->setOption(\Memcached::OPT_BINARY_PROTOCOL, true)) {
+			throw new \RuntimeException('Unable to set the memcached protocol!');
+		}
+		if (!$this->inner->setOption(\Memcached::OPT_PREFIX_KEY, $prefix)) {
+			throw new \RuntimeException('Unable to set the memcached prefix!');
+		}
+		if (!$this->inner->addServers($memcached_server)) {
+			throw new \RuntimeException('Unable to add the memcached server!');
+		}
+	}
+
+	public function get(string $key): mixed {
+		$ret = $this->inner->get($key);
+		// If the returned value is false but the retrival was a success, then the value stored was a boolean false.
+		if ($ret === false && $this->inner->getResultCode() !== \Memcached::RES_SUCCESS) {
+			return null;
+		}
+		return $ret;
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		$this->inner->set($key, $value, (int)$expires);
+	}
+
+	public function delete(string $key): void {
+		$this->inner->delete($key);
+	}
+
+	public function flush(): void {
+		$this->inner->flush();
+	}
+}
diff --git a/inc/Data/Driver/NoneCacheDriver.php b/inc/Data/Driver/NoneCacheDriver.php
new file mode 100644
index 00000000..8b260a50
--- /dev/null
+++ b/inc/Data/Driver/NoneCacheDriver.php
@@ -0,0 +1,26 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * No-op cache. Useful for testing.
+ */
+class NoneCacheDriver implements CacheDriver {
+	public function get(string $key): mixed {
+		return null;
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		// No-op.
+	}
+
+	public function delete(string $key): void {
+		// No-op.
+	}
+
+	public function flush(): void {
+		// No-op.
+	}
+}
diff --git a/inc/Data/Driver/RedisCacheDriver.php b/inc/Data/Driver/RedisCacheDriver.php
new file mode 100644
index 00000000..46e602d4
--- /dev/null
+++ b/inc/Data/Driver/RedisCacheDriver.php
@@ -0,0 +1,48 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+class RedisCacheDriver implements CacheDriver {
+	private string $prefix;
+	private \Redis $inner;
+
+	public function __construct(string $prefix, string $host, int $port, ?string $password, string $database) {
+		$this->inner = new \Redis();
+		$this->inner->connect($host, $port);
+		if ($password) {
+			$this->inner->auth($password);
+		}
+		if (!$this->inner->select($database)) {
+			throw new \RuntimeException('Unable to connect to Redis!');
+		}
+
+		$$this->prefix = $prefix;
+	}
+
+	public function get(string $key): mixed {
+		$ret = $this->inner->get($this->prefix . $key);
+		if ($ret === false) {
+			return null;
+		}
+		return \json_decode($ret, true);
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		if ($expires === false) {
+			$this->inner->set($this->prefix . $key, \json_encode($value));
+		} else {
+			$expires = $expires * 1000; // Seconds to milliseconds.
+			$this->inner->setex($this->prefix . $key, $expires, \json_encode($value));
+		}
+	}
+
+	public function delete(string $key): void {
+		$this->inner->del($this->prefix . $key);
+	}
+
+	public function flush(): void {
+		$this->inner->flushDB();
+	}
+}
diff --git a/inc/Data/Driver/cache-driver.php b/inc/Data/Driver/cache-driver.php
deleted file mode 100644
index b943ee71..00000000
--- a/inc/Data/Driver/cache-driver.php
+++ /dev/null
@@ -1,352 +0,0 @@
-<?php
-namespace Vichan\Data\Driver;
-
-use RuntimeException;
-
-defined('TINYBOARD') or exit;
-
-/**
- * PHP has no nested or private classes support.
- */
-class CacheDrivers {
-	public static function memcached(string $prefix, string $memcached_server) {
-		$memcached = new Memcached();
-		if (!$memcached->setOption(Memcached::OPT_BINARY_PROTOCOL, true)) {
-			throw new RuntimeException('Unable to set the memcached protocol!');
-		}
-		if (!$memcached->setOption(Memcached::OPT_PREFIX_KEY, $prefix)) {
-			throw new RuntimeException('Unable to set the memcached prefix!');
-		}
-		if (!$memcached->addServers($memcached_server)) {
-			throw new RuntimeException('Unable to add the memcached server!');
-		}
-
-		return new class($memcached) implements CacheDriver {
-			private Memcached $inner;
-
-			public function __construct(Memcached $inner) {
-				$this->inner = $inner;
-			}
-
-			public function get(string $key): mixed {
-				$ret = $this->inner->get($key);
-				// If the returned value is false but the retrival was a success, then the value stored was a boolean false.
-				if ($ret === false && $this->inner->getResultCode() !== Memcached::RES_SUCCESS) {
-					return null;
-				}
-				return $ret;
-			}
-
-			public function set(string $key, mixed $value, mixed $expires = false): void {
-				$this->inner->set($key, $value, (int)$expires);
-			}
-
-			public function delete(string $key): void {
-				$this->inner->delete($key);
-			}
-
-			public function flush(): void {
-				$this->inner->flush();
-			}
-		};
-	}
-
-	public static function redis(string $prefix, string $host, int $port, string $password, string $database) {
-		$redis = new Redis();
-		$redis->connect($host, $port);
-		if ($password) {
-			$redis->auth($password);
-		}
-		if (!$redis->select($database)) {
-			throw new RuntimeException('Unable to connect to Redis!');
-		}
-
-		return new class($prefix, $redis) implements CacheDriver {
-			private string $prefix;
-			private Redis $inner;
-
-			public function __construct(string $prefix, Redis $inner) {
-				$$this->prefix = $prefix;
-				$this->inner = $inner;
-			}
-
-			public function get(string $key): mixed {
-				$ret = $this->inner->get($this->prefix . $key);
-				if ($ret === false) {
-					return null;
-				}
-				return json_decode($ret, true);
-			}
-
-			public function set(string $key, mixed $value, mixed $expires = false): void {
-				if ($expires === false) {
-					$this->inner->set($this->prefix . $key, json_encode($value));
-				} else {
-					$expires = $expires * 1000; // Seconds to milliseconds.
-					$this->inner->setex($this->prefix . $key, $expires, json_encode($value));
-				}
-			}
-
-			public function delete(string $key): void {
-				$this->inner->del($this->prefix . $key);
-			}
-
-			public function flush(): void {
-				$this->inner->flushDB();
-			}
-		};
-	}
-
-	public static function apcu() {
-		return new class implements CacheDriver {
-			public function get(string $key): mixed {
-				$success = false;
-				$ret = apcu_fetch($key, $success);
-				if ($success === false) {
-					return null;
-				}
-				return $ret;
-			}
-
-			public function set(string $key, mixed $value, mixed $expires = false): void {
-				apcu_store($key, $value, (int)$expires);
-			}
-
-			public function delete(string $key): void {
-				apcu_delete($key);
-			}
-
-			public function flush(): void {
-				apcu_clear_cache();
-			}
-		};
-	}
-
-	public static function filesystem(string $prefix, string $base_path, string $lock_file, int|false $collect_chance_den) {
-		if ($base_path[strlen($base_path) - 1] !== '/') {
-			$base_path = "$base_path/";
-		}
-
-		if (!is_dir($base_path)) {
-			throw new RuntimeException("$base_path is not a directory!");
-		}
-
-		if (!is_writable($base_path)) {
-			throw new RuntimeException("$base_path is not writable!");
-		}
-
-		$lock_file = $base_path . $lock_file;
-
-		$lock_fd = fopen($lock_file, 'w');
-		if ($lock_fd === false) {
-			throw new RuntimeException('Unable to open the lock file!');
-		}
-
-		$ret = new class($prefix, $base_path, $lock_file) implements CacheDriver {
-			private string $prefix;
-			private string $base_path;
-			private mixed $lock_fd;
-			private int|false $collect_chance_den;
-
-
-			private function prepareKey(string $key): string {
-				$key = str_replace('/', '::', $key);
-				$key = str_replace("\0", '', $key);
-				return $this->prefix . $key;
-			}
-
-			private function sharedLockCache(): void {
-				flock($this->lock_fd, LOCK_SH);
-			}
-
-			private function exclusiveLockCache(): void {
-				flock($this->lock_fd, LOCK_EX);
-			}
-
-			private function unlockCache(): void {
-				flock($this->lock_fd, LOCK_UN);
-			}
-
-			private function collectImpl(): int {
-				// A read lock is ok, since it's alright if we delete expired items from under the feet of other processes.
-				$files = glob($this->base_path . $this->prefix . '*', GLOB_NOSORT);
-				$count = 0;
-				foreach ($files as $file) {
-					$data = file_get_contents($file);
-					$wrapped = json_decode($data, true, 512, JSON_THROW_ON_ERROR);
-					if ($wrapped['expires'] !== false && $wrapped['expires'] <= time()) {
-						if (@unlink($file)) {
-							$count++;
-						}
-					}
-				}
-				return $count;
-			}
-
-			private function maybeCollect() {
-				if ($this->collect_chance_den !== false && rand(0, $this->collect_chance_den) === 0) {
-					$this->collect_chance_den = false; // Collect only once per instance (aka process$this->collect_chance_den !== false$this->collect_chance_den !== false).
-					$this->collectImpl();
-				}
-			}
-
-			public function __construct(string $prefix, string $base_path, mixed $lock_fd, int|false $collect_chance_den) {
-				$this->prefix = $prefix;
-				$this->base_path = $base_path;
-				$this->lock_fd = $lock_fd;
-				$this->collect_chance_den = $collect_chance_den;
-			}
-
-			public function get(string $key): mixed {
-				$key = $this->prepareKey($key);
-
-				$this->sharedLockCache();
-
-				$fd = fopen($this->base_path . $key, 'r');
-				if ($fd === false) {
-					$this->unlockCache();
-					return null;
-				}
-
-				$data = stream_get_contents($fd);
-				fclose($fd);
-				$this->maybeCollect();
-				$this->unlockCache();
-				$wrapped = json_decode($data, true, 512, JSON_THROW_ON_ERROR);
-
-				if ($wrapped['expires'] !== false && $wrapped['expires'] <= time()) {
-					// Already, expired, pretend it doesn't exist.
-					return null;
-				} else {
-					return $wrapped['inner'];
-				}
-			}
-
-			public function set(string $key, mixed $value, mixed $expires = false): void {
-				$key = $this->prepareKey($key);
-
-				$wrapped = [
-					'expires' => $expires ? time() + $expires : false,
-					'inner' => $value
-				];
-
-				$data = json_encode($wrapped);
-				$this->exclusiveLockCache();
-				file_put_contents($this->base_path . $key, $data);
-				$this->maybeCollect();
-				$this->unlockCache();
-			}
-
-			public function delete(string $key): void {
-				$key = $this->prepareKey($key);
-
-				$this->exclusiveLockCache();
-				@unlink($this->base_path . $key);
-				$this->maybeCollect();
-				$this->unlockCache();
-			}
-
-			public function collect() {
-				$this->sharedLockCache();
-				$count = $this->collectImpl();
-				$this->unlockCache();
-				return $count;
-			}
-
-			public function flush(): void {
-				$this->exclusiveLockCache();
-				$files = glob($this->base_path . $this->prefix . '*', GLOB_NOSORT);
-				foreach ($files as $file) {
-					@unlink($file);
-				}
-				$this->unlockCache();
-			}
-
-			public function close() {
-				fclose($this->lock_fd);
-			}
-		};
-
-		register_shutdown_function([$ret, 'close']);
-
-		return $ret;
-	}
-
-	public static function phpArray() {
-		return new class implements CacheDriver {
-			private static array $inner = [];
-
-			public function get(string $key): mixed {
-				return isset(self::$inner[$key]) ? self::$inner[$key] : null;
-			}
-
-			public function set(string $key, mixed $value, mixed $expires = false): void {
-				self::$inner[$key] = $value;
-			}
-
-			public function delete(string $key): void {
-				unset(self::$inner[$key]);
-			}
-
-			public function flush(): void {
-				self::$inner = [];
-			}
-		};
-	}
-
-	/**
-	 * No-op cache. Useful for testing.
-	 */
-	public static function none() {
-		return new class implements CacheDriver {
-			public function get(string $key): mixed {
-				return null;
-			}
-
-			public function set(string $key, mixed $value, mixed $expires = false): void {
-				// No-op.
-			}
-
-			public function delete(string $key): void {
-				// No-op.
-			}
-
-			public function flush(): void {
-				// No-op.
-			}
-		};
-	}
-}
-
-interface CacheDriver {
-	/**
-	 * Get the value of associated with the key.
-	 *
-	 * @param string $key The key of the value.
-	 * @return mixed|null The value associated with the key, or null if there is none.
-	 */
-	public function get(string $key): mixed;
-
-	/**
-	 * Set a key-value pair.
-	 *
-	 * @param string $key The key.
-	 * @param mixed $value The value.
-	 * @param int|false $expires After how many seconds the pair will expire. Use false or ignore this parameter to keep
-	 *                           the value until it gets evicted to make space for more items. Some drivers will always
-	 *                           ignore this parameter and store the pair until it's removed.
-	 */
-	public function set(string $key, mixed $value, mixed $expires = false): void;
-
-	/**
-	 * Delete a key-value pair.
-	 *
-	 * @param string $key The key.
-	 */
-	public function delete(string $key): void;
-
-	/**
-	 * Delete all the key-value pairs.
-	 */
-	public function flush(): void;
-}

From f138b4b88799f051a5a60bc70c806d600ed25263 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 26 Apr 2024 13:55:58 +0200
Subject: [PATCH 286/336] cache.php: wrap new cache drivers

---
 inc/cache.php | 177 +++++++++++++++-----------------------------------
 1 file changed, 51 insertions(+), 126 deletions(-)

diff --git a/inc/cache.php b/inc/cache.php
index ae788bc1..293660fd 100644
--- a/inc/cache.php
+++ b/inc/cache.php
@@ -4,164 +4,89 @@
  *  Copyright (c) 2010-2013 Tinyboard Development Group
  */
 
+use Vichan\Data\Driver\{CacheDriver, ApcuCacheDriver, ArrayCacheDriver, FsCacheDriver, MemcachedCacheDriver, NoneCacheDriver, RedisCacheDriver};
+
 defined('TINYBOARD') or exit;
 
+
 class Cache {
-	private static $cache;
-	public static function init() {
+	private static function buildCache(): CacheDriver {
 		global $config;
 
 		switch ($config['cache']['enabled']) {
 			case 'memcached':
-				self::$cache = new Memcached();
-				self::$cache->addServers($config['cache']['memcached']);
-				break;
+				return new MemcachedCacheDriver(
+					$config['cache']['prefix'],
+					$config['cache']['memcached']
+				);
 			case 'redis':
-				self::$cache = new Redis();
-				self::$cache->connect($config['cache']['redis'][0], $config['cache']['redis'][1]);
-				if ($config['cache']['redis'][2]) {
-					self::$cache->auth($config['cache']['redis'][2]);
-				}
-				self::$cache->select($config['cache']['redis'][3]) or die('cache select failure');
-				break;
+				return new RedisCacheDriver(
+					$config['cache']['prefix'],
+					$config['cache']['redis'][0],
+					$config['cache']['redis'][1],
+					$config['cache']['redis'][2],
+					$config['cache']['redis'][3]
+				);
+			case 'apcu':
+				return new ApcuCacheDriver;
+			case 'fs':
+				return new FsCacheDriver(
+					$config['cache']['prefix'],
+					"tmp/cache/{$config['cache']['prefix']}",
+					'.lock',
+					$config['auto_maintenance'] ? 1000 : false
+				);
+			case 'none':
+				return new NoneCacheDriver();
 			case 'php':
-				self::$cache = [];
-				break;
+			default:
+				return new ArrayCacheDriver();
 		}
 	}
+
+	public static function getCache(): CacheDriver {
+		static $cache;
+		return $cache ??= self::buildCache();
+	}
+
 	public static function get($key) {
 		global $config, $debug;
 
-		$key = $config['cache']['prefix'] . $key;
-
-		$data = false;
-		switch ($config['cache']['enabled']) {
-			case 'memcached':
-				if (!self::$cache)
-					self::init();
-				$data = self::$cache->get($key);
-				break;
-			case 'apcu':
-				$data = apcu_fetch($key);
-				break;
-			case 'php':
-				$data = isset(self::$cache[$key]) ? self::$cache[$key] : false;
-				break;
-			case 'fs':
-				$key = str_replace('/', '::', $key);
-				$key = str_replace("\0", '', $key);
-				if (!file_exists('tmp/cache/'.$key)) {
-					$data = false;
-				}
-				else {
-					$data = file_get_contents('tmp/cache/'.$key);
-					$data = json_decode($data, true);
-				}
-				break;
-			case 'redis':
-				if (!self::$cache)
-					self::init();
-				$data = json_decode(self::$cache->get($key), true);
-				break;
+		$ret = self::getCache()->get($key);
+		if ($ret === null) {
+			$ret = false;
 		}
 
-		if ($config['debug'])
-			$debug['cached'][] = $key . ($data === false ? ' (miss)' : ' (hit)');
+		if ($config['debug']) {
+			$debug['cached'][] = $config['cache']['prefix'] . $key . ($ret === false ? ' (miss)' : ' (hit)');
+		}
 
-		return $data;
+		return $ret;
 	}
 	public static function set($key, $value, $expires = false) {
 		global $config, $debug;
 
-		$key = $config['cache']['prefix'] . $key;
-
-		if (!$expires)
+		if (!$expires) {
 			$expires = $config['cache']['timeout'];
-
-		switch ($config['cache']['enabled']) {
-			case 'memcached':
-				if (!self::$cache)
-					self::init();
-				self::$cache->set($key, $value, $expires);
-				break;
-			case 'redis':
-				if (!self::$cache)
-					self::init();
-				self::$cache->setex($key, $expires, json_encode($value));
-				break;
-			case 'apcu':
-				apcu_store($key, $value, $expires);
-				break;
-			case 'fs':
-				$key = str_replace('/', '::', $key);
-				$key = str_replace("\0", '', $key);
-				file_put_contents('tmp/cache/'.$key, json_encode($value));
-				break;
-			case 'php':
-				self::$cache[$key] = $value;
-				break;
 		}
 
-		if ($config['debug'])
-			$debug['cached'][] = $key . ' (set)';
+		self::getCache()->set($key, $value, $expires);
+
+		if ($config['debug']) {
+			$debug['cached'][] = $config['cache']['prefix'] . $key . ' (set)';
+		}
 	}
 	public static function delete($key) {
 		global $config, $debug;
 
-		$key = $config['cache']['prefix'] . $key;
+		self::getCache()->delete($key);
 
-		switch ($config['cache']['enabled']) {
-			case 'memcached':
-				if (!self::$cache)
-					self::init();
-				self::$cache->delete($key);
-				break;
-			case 'redis':
-				if (!self::$cache)
-					self::init();
-				self::$cache->del($key);
-				break;
-			case 'apcu':
-				apcu_delete($key);
-				break;
-			case 'fs':
-				$key = str_replace('/', '::', $key);
-				$key = str_replace("\0", '', $key);
-				@unlink('tmp/cache/'.$key);
-				break;
-			case 'php':
-				unset(self::$cache[$key]);
-				break;
+		if ($config['debug']) {
+			$debug['cached'][] = $config['cache']['prefix'] . $key . ' (deleted)';
 		}
-
-		if ($config['debug'])
-			$debug['cached'][] = $key . ' (deleted)';
 	}
 	public static function flush() {
-		global $config;
-
-		switch ($config['cache']['enabled']) {
-			case 'memcached':
-				if (!self::$cache)
-					self::init();
-				return self::$cache->flush();
-			case 'apcu':
-				return apcu_clear_cache('user');
-			case 'php':
-				self::$cache = array();
-				break;
-			case 'fs':
-				$files = glob('tmp/cache/*');
-				foreach ($files as $file) {
-					unlink($file);
-				}
-				break;
-			case 'redis':
-				if (!self::$cache)
-					self::init();
-				return self::$cache->flushDB();
-		}
-
+		self::getCache()->flush();
 		return false;
 	}
 }

From 589435b667626a43c9f79df45621ed23f0b919a8 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 21:10:39 +0200
Subject: [PATCH 287/336] context.php: use shared cache driver

---
 inc/context.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/inc/context.php b/inc/context.php
index c3ebef04..e747a68d 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -83,6 +83,10 @@ function build_context(array $config): Context {
 				$config['captcha']['native']['provider_check'],
 				$config['captcha']['native']['extra']
 			);
+		},
+		CacheDriver::class => function($c) {
+			// Use the global for backwards compatibility.
+			return \cache::getCache();
 		}
 	]);
 }

From 243e4894fa61917bce70dd58409f2a6aa61d09b8 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sun, 7 Apr 2024 23:14:31 +0200
Subject: [PATCH 288/336] Use CacheDriver and Context for mod.php and mod pages

---
 inc/mod/pages.php | 88 ++++++++++++++++++++++++-----------------------
 1 file changed, 45 insertions(+), 43 deletions(-)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index ef41da70..8a549481 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -4,8 +4,8 @@
  */
 use Vichan\Context;
 use Vichan\Functions\Format;
-
 use Vichan\Functions\Net;
+use Vichan\Data\Driver\CacheDriver;
 
 defined('TINYBOARD') or exit;
 
@@ -112,25 +112,23 @@ function mod_dashboard(Context $ctx) {
 	$args['boards'] = listBoards();
 
 	if (hasPermission($config['mod']['noticeboard'])) {
-		if (!$config['cache']['enabled'] || !$args['noticeboard'] = cache::get('noticeboard_preview')) {
+		if (!$args['noticeboard'] = $ctx->get(CacheDriver::class)->get('noticeboard_preview')) {
 			$query = prepare("SELECT ``noticeboard``.*, `username` FROM ``noticeboard`` LEFT JOIN ``mods`` ON ``mods``.`id` = `mod` ORDER BY `id` DESC LIMIT :limit");
 			$query->bindValue(':limit', $config['mod']['noticeboard_dashboard'], PDO::PARAM_INT);
 			$query->execute() or error(db_error($query));
 			$args['noticeboard'] = $query->fetchAll(PDO::FETCH_ASSOC);
 
-			if ($config['cache']['enabled'])
-				cache::set('noticeboard_preview', $args['noticeboard']);
+			$ctx->get(CacheDriver::class)->set('noticeboard_preview', $args['noticeboard']);
 		}
 	}
 
-	if (!$config['cache']['enabled'] || ($args['unread_pms'] = cache::get('pm_unreadcount_' . $mod['id'])) === false) {
+	if ($args['unread_pms'] = $ctx->get(CacheDriver::class)->get('pm_unreadcount_' . $mod['id']) === false) {
 		$query = prepare('SELECT COUNT(*) FROM ``pms`` WHERE `to` = :id AND `unread` = 1');
 		$query->bindValue(':id', $mod['id']);
 		$query->execute() or error(db_error($query));
 		$args['unread_pms'] = $query->fetchColumn();
 
-		if ($config['cache']['enabled'])
-			cache::set('pm_unreadcount_' . $mod['id'], $args['unread_pms']);
+		$ctx->get(CacheDriver::class)->set('pm_unreadcount_' . $mod['id'], $args['unread_pms']);
 	}
 
 	$query = query('SELECT COUNT(*) FROM ``reports``') or error(db_error($query));
@@ -384,6 +382,8 @@ function mod_search(Context $ctx, $type, $search_query_escaped, $page_no = 1) {
 function mod_edit_board(Context $ctx, $boardName) {
 	global $board, $config, $mod;
 
+	$cache = $ctx->get(CacheDriver::class);
+
 	if (!openBoard($boardName))
 		error($config['error']['noboard']);
 
@@ -399,10 +399,8 @@ function mod_edit_board(Context $ctx, $boardName) {
 			$query->bindValue(':uri', $board['uri']);
 			$query->execute() or error(db_error($query));
 
-			if ($config['cache']['enabled']) {
-				cache::delete('board_' . $board['uri']);
-				cache::delete('all_boards');
-			}
+			$cache->delete('board_' . $board['uri']);
+			$cache->delete('all_boards');
 
 			modLog('Deleted board: ' . sprintf($config['board_abbreviation'], $board['uri']), false);
 
@@ -467,10 +465,9 @@ function mod_edit_board(Context $ctx, $boardName) {
 			modLog('Edited board information for ' . sprintf($config['board_abbreviation'], $board['uri']), false);
 		}
 
-		if ($config['cache']['enabled']) {
-			cache::delete('board_' . $board['uri']);
-			cache::delete('all_boards');
-		}
+		$cache->delete('board_' . $board['uri']);
+		$cache->delete('all_boards');
+
 
 		Vichan\Functions\Theme\rebuild_themes('boards');
 
@@ -505,6 +502,8 @@ function mod_new_board(Context $ctx) {
 		if (!preg_match('/^' . $config['board_regex'] . '$/u', $_POST['uri']))
 			error(sprintf($config['error']['invalidfield'], 'URI'));
 
+		$cache = $ctx->get(CacheDriver::class);
+
 		$bytes = 0;
 		$chars = preg_split('//u', $_POST['uri'], -1, PREG_SPLIT_NO_EMPTY);
 		foreach ($chars as $char) {
@@ -544,8 +543,8 @@ function mod_new_board(Context $ctx) {
 
 		query($query) or error(db_error());
 
-		if ($config['cache']['enabled'])
-			cache::delete('all_boards');
+		$cache = $ctx->get(CacheDriver::class);
+		$cache->delete('all_boards');
 
 		// Build the board
 		buildIndex();
@@ -590,8 +589,8 @@ function mod_noticeboard(Context $ctx, $page_no = 1) {
 		$query->bindValue(':body', $_POST['body']);
 		$query->execute() or error(db_error($query));
 
-		if ($config['cache']['enabled'])
-			cache::delete('noticeboard_preview');
+		$cache = $ctx->get(CacheDriver::class);
+		$cache->delete('noticeboard_preview');
 
 		modLog('Posted a noticeboard entry');
 
@@ -631,7 +630,7 @@ function mod_noticeboard_delete(Context $ctx, $id) {
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['noticeboard_delete']))
-			error($config['error']['noaccess']);
+		error($config['error']['noaccess']);
 
 	$query = prepare('DELETE FROM ``noticeboard`` WHERE `id` = :id');
 	$query->bindValue(':id', $id);
@@ -639,8 +638,8 @@ function mod_noticeboard_delete(Context $ctx, $id) {
 
 	modLog('Deleted a noticeboard entry');
 
-	if ($config['cache']['enabled'])
-		cache::delete('noticeboard_preview');
+	$cache = $ctx->get(CacheDriver::class);
+	$cache->delete('noticeboard_preview');
 
 	header('Location: ?/noticeboard', true, $config['redirect_http']);
 }
@@ -706,7 +705,7 @@ function mod_news_delete(Context $ctx, $id) {
 	$config = $ctx->get('config');
 
 	if (!hasPermission($config['mod']['news_delete']))
-			error($config['error']['noaccess']);
+		error($config['error']['noaccess']);
 
 	$query = prepare('DELETE FROM ``news`` WHERE `id` = :id');
 	$query->bindValue(':id', $id);
@@ -843,7 +842,7 @@ function mod_view_board(Context $ctx, $boardName, $page_no = 1) {
 	}
 
 	$page['pages'] = getPages(true);
-	$page['pages'][$page_no-1]['selected'] = true;
+	$page['pages'][$page_no - 1]['selected'] = true;
 	$page['btn'] = getPageButtons($page['pages'], true);
 	$page['mod'] = true;
 	$page['config'] = $config;
@@ -1042,7 +1041,6 @@ function mod_edit_ban(Context $ctx, $ban_id) {
 		Bans::delete($ban_id);
 
 		header('Location: ?/', true, $config['redirect_http']);
-
 	}
 
 	$args['token'] = make_secure_link_token('edit_ban/' . $ban_id);
@@ -2235,10 +2233,9 @@ function mod_pm(Context $ctx, $id, $reply = false) {
 		$query->bindValue(':id', $id);
 		$query->execute() or error(db_error($query));
 
-		if ($config['cache']['enabled']) {
-			cache::delete('pm_unread_' . $mod['id']);
-			cache::delete('pm_unreadcount_' . $mod['id']);
-		}
+		$cache = $ctx->get(CacheDriver::class);
+		$cache->delete('pm_unread_' . $mod['id']);
+		$cache->delete('pm_unreadcount_' . $mod['id']);
 
 		header('Location: ?/', true, $config['redirect_http']);
 		return;
@@ -2249,10 +2246,9 @@ function mod_pm(Context $ctx, $id, $reply = false) {
 		$query->bindValue(':id', $id);
 		$query->execute() or error(db_error($query));
 
-		if ($config['cache']['enabled']) {
-			cache::delete('pm_unread_' . $mod['id']);
-			cache::delete('pm_unreadcount_' . $mod['id']);
-		}
+		$cache = $ctx->get(CacheDriver::class);
+		$cache->delete('pm_unread_' . $mod['id']);
+		$cache->delete('pm_unreadcount_' . $mod['id']);
 
 		modLog('Read a PM');
 	}
@@ -2339,10 +2335,10 @@ function mod_new_pm(Context $ctx, $username) {
 		$query->bindValue(':time', time());
 		$query->execute() or error(db_error($query));
 
-		if ($config['cache']['enabled']) {
-			cache::delete('pm_unread_' . $id);
-			cache::delete('pm_unreadcount_' . $id);
-		}
+		$cache = $ctx->get(CacheDriver::class);
+
+		$cache->delete('pm_unread_' . $id);
+		$cache->delete('pm_unreadcount_' . $id);
 
 		modLog('Sent a PM to ' . utf8tohtml($username));
 
@@ -2368,6 +2364,8 @@ function mod_rebuild(Context $ctx) {
 	if (!hasPermission($config['mod']['rebuild']))
 		error($config['error']['noaccess']);
 
+	$cache = $ctx->get(CacheDriver::class);
+
 	if (isset($_POST['rebuild'])) {
 		@set_time_limit($config['mod']['rebuild_timelimit']);
 
@@ -2378,7 +2376,7 @@ function mod_rebuild(Context $ctx) {
 		if (isset($_POST['rebuild_cache'])) {
 			if ($config['cache']['enabled']) {
 				$log[] = 'Flushing cache';
-				Cache::flush();
+				$cache->flush();
 			}
 
 			$log[] = 'Clearing template cache';
@@ -2840,6 +2838,8 @@ function mod_theme_configure(Context $ctx, $theme_name) {
 		error($config['error']['invalidtheme']);
 	}
 
+	$cache = $ctx->get(CacheDriver::class);
+
 	if (isset($_POST['install'])) {
 		// Check if everything is submitted
 		foreach ($theme['config'] as &$conf) {
@@ -2868,8 +2868,8 @@ function mod_theme_configure(Context $ctx, $theme_name) {
 		$query->execute() or error(db_error($query));
 
 		// Clean cache
-		Cache::delete("themes");
-		Cache::delete("theme_settings_".$theme_name);
+		$cache->delete("themes");
+		$cache->delete("theme_settings_$theme_name");
 
 		$result = true;
 		$message = false;
@@ -2928,13 +2928,15 @@ function mod_theme_uninstall(Context $ctx, $theme_name) {
 	if (!hasPermission($config['mod']['themes']))
 		error($config['error']['noaccess']);
 
+	$cache = $ctx->get(CacheDriver::class);
+
 	$query = prepare("DELETE FROM ``theme_settings`` WHERE `theme` = :theme");
 	$query->bindValue(':theme', $theme_name);
 	$query->execute() or error(db_error($query));
 
 	// Clean cache
-	Cache::delete("themes");
-	Cache::delete("theme_settings_".$theme_name);
+	$cache->delete("themes");
+	$cache->delete("theme_settings_$theme_name");
 
 	header('Location: ?/themes', true, $config['redirect_http']);
 }
@@ -2959,7 +2961,7 @@ function mod_theme_rebuild(Context $ctx, $theme_name) {
 }
 
 // This needs to be done for `secure` CSRF prevention compatibility, otherwise the $board will be read in as the token if editing global pages.
-function delete_page_base($page = '', $board = false) {
+function delete_page_base(Context $ctx, $page = '', $board = false) {
 	global $config, $mod;
 
 	if (empty($board))

From 003e8f6d3b0a645ccaa4b131fee31e7dc8b91278 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Fri, 20 Sep 2024 22:41:51 +0200
Subject: [PATCH 289/336] maintenance.php: delete expired filesystem cache

---
 tools/maintenance.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/tools/maintenance.php b/tools/maintenance.php
index 33c0a4d4..a869e2fa 100644
--- a/tools/maintenance.php
+++ b/tools/maintenance.php
@@ -21,5 +21,20 @@ echo "Deleted $deleted_count expired antispam in $delta seconds!\n";
 $time_tot = $delta;
 $deleted_tot = $deleted_count;
 
+if ($config['cache']['enabled'] === 'fs') {
+	$fs_cache = new Vichan\Data\Driver\FsCacheDriver(
+		$config['cache']['prefix'],
+		"tmp/cache/{$config['cache']['prefix']}",
+		'.lock',
+		false
+	);
+	$start = microtime(true);
+	$fs_cache->collect();
+	$delta = microtime(true) - $start;
+	echo "Deleted $deleted_count expired filesystem cache items in $delta seconds!\n";
+	$time_tot = $delta;
+	$deleted_tot = $deleted_count;
+}
+
 $time_tot = number_format((float)$time_tot, 4, '.', '');
 modLog("Deleted $deleted_tot expired entries in {$time_tot}s with maintenance tool");

From 115f28807a614b816a6f519a1bfa5160ff95cc38 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Sat, 5 Oct 2024 17:31:41 +0200
Subject: [PATCH 290/336] FsCacheDriver.php: collect expired cache items before
 operating on the cache

---
 inc/Data/Driver/FsCachedriver.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/inc/Data/Driver/FsCachedriver.php b/inc/Data/Driver/FsCachedriver.php
index f7f0e028..b543cfa6 100644
--- a/inc/Data/Driver/FsCachedriver.php
+++ b/inc/Data/Driver/FsCachedriver.php
@@ -30,7 +30,10 @@ class FsCacheDriver implements CacheDriver {
 	}
 
 	private function collectImpl(): int {
-		// A read lock is ok, since it's alright if we delete expired items from under the feet of other processes.
+		/*
+		 * A read lock is ok, since it's alright if we delete expired items from under the feet of other processes, and
+		 * no other process add new cache items or refresh existing ones.
+		 */
 		$files = \glob($this->base_path . $this->prefix . '*', \GLOB_NOSORT);
 		$count = 0;
 		foreach ($files as $file) {
@@ -84,6 +87,9 @@ class FsCacheDriver implements CacheDriver {
 
 		$this->sharedLockCache();
 
+		// Collect expired items first so if the target key is expired we shortcut to failure in the next lines.
+		$this->maybeCollect();
+
 		$fd = \fopen($this->base_path . $key, 'r');
 		if ($fd === false) {
 			$this->unlockCache();
@@ -92,7 +98,6 @@ class FsCacheDriver implements CacheDriver {
 
 		$data = \stream_get_contents($fd);
 		\fclose($fd);
-		$this->maybeCollect();
 		$this->unlockCache();
 		$wrapped = \json_decode($data, true, 512, \JSON_THROW_ON_ERROR);
 
@@ -114,8 +119,8 @@ class FsCacheDriver implements CacheDriver {
 
 		$data = \json_encode($wrapped);
 		$this->exclusiveLockCache();
-		\file_put_contents($this->base_path . $key, $data);
 		$this->maybeCollect();
+		\file_put_contents($this->base_path . $key, $data);
 		$this->unlockCache();
 	}
 

From fe7a667441df1806c4131b38e95bd14da935baa9 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sat, 12 Oct 2024 16:16:37 +0200
Subject: [PATCH 291/336] style.css: add diceroll styling

---
 stylesheets/style.css | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/stylesheets/style.css b/stylesheets/style.css
index b7c39b26..ef1abf8b 100644
--- a/stylesheets/style.css
+++ b/stylesheets/style.css
@@ -1042,6 +1042,20 @@ div.boardlist a {
   cursor: pointer;
 }
 
+/* Inline dice */
+.dice-option table {
+    border: 1px dotted black;
+    margin: 0;
+    border-collapse: collapse;
+}
+.dice-option table td {
+    text-align: center;
+    border-left: 1px dotted black;
+    padding-left: 2px;
+    padding-right: 2px;
+    padding-bottom: 2px;
+}
+
 #youtube-size input {
   width: 50px;
 }

From 27e4bd833a1ee5dda75188ca2cbb124a38105692 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 14 Oct 2024 12:18:04 +0200
Subject: [PATCH 292/336] config.php: use op-cache friend array syntax for
 markup config

---
 inc/config.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 11ac8809..fbca7447 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -783,11 +783,13 @@
  * ====================
  */
 
-	// "Wiki" markup syntax ($config['wiki_markup'] in pervious versions):
-	$config['markup'][] = array("/'''(.+?)'''/", "<strong>\$1</strong>");
-	$config['markup'][] = array("/''(.+?)''/", "<em>\$1</em>");
-	$config['markup'][] = array("/\*\*(.+?)\*\*/", "<span class=\"spoiler\">\$1</span>");
-	$config['markup'][] = array("/^[ |\t]*==(.+?)==[ |\t]*$/m", "<span class=\"heading\">\$1</span>");
+	$config['markup'] = [
+		// "Wiki" markup syntax ($config['wiki_markup'] in pervious versions):
+		[ "/'''(.+?)'''/", "<strong>\$1</strong>" ],
+		[ "/''(.+?)''/", "<em>\$1</em>" ],
+		[ "/\*\*(.+?)\*\*/", "<span class=\"spoiler\">\$1</span>" ],
+		[ "/^[ |\t]*==(.+?)==[ |\t]*$/m", "<span class=\"heading\">\$1</span>" ],
+	];
 
 	// Code markup. This should be set to a regular expression, using tags you want to use. Examples:
 	// "/\[code\](.*?)\[\/code\]/is"

From b8c53fbbcdffe50e1548c38ff764cf4cb11e2c50 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 14 Oct 2024 12:21:42 +0200
Subject: [PATCH 293/336] dice.php: extract email dice function from
 functions.php

---
 inc/functions.php      | 61 +-----------------------------------------
 inc/functions/dice.php | 61 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 60 deletions(-)
 create mode 100644 inc/functions/dice.php

diff --git a/inc/functions.php b/inc/functions.php
index 30994b5d..15aa2c0e 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -241,7 +241,7 @@ function loadConfig() {
 		$config['version'] = $__version;
 
 		if ($config['allow_roll']) {
-			event_handler('post', 'diceRoller');
+			event_handler('post', 'email_dice_roll');
 		}
 
 		if (in_array('webm', $config['allowed_ext_files']) || in_array('mp4',  $config['allowed_ext_files'])) {
@@ -2600,65 +2600,6 @@ function shell_exec_error($command, $suppress_stdout = false) {
 	return $return === 'TB_SUCCESS' ? false : $return;
 }
 
-/* Die rolling:
- * If "dice XdY+/-Z" is in the email field (where X or +/-Z may be
- * missing), X Y-sided dice are rolled and summed, with the modifier Z
- * added on.  The result is displayed at the top of the post.
- */
-function diceRoller($post) {
-	global $config;
-	if(strpos(strtolower($post->email), 'dice%20') === 0) {
-		$dicestr = str_split(substr($post->email, strlen('dice%20')));
-
-		// Get params
-		$diceX = '';
-		$diceY = '';
-		$diceZ = '';
-
-		$curd = 'diceX';
-		for($i = 0; $i < count($dicestr); $i ++) {
-			if(is_numeric($dicestr[$i])) {
-				$$curd .= $dicestr[$i];
-			} else if($dicestr[$i] == 'd') {
-				$curd = 'diceY';
-			} else if($dicestr[$i] == '-' || $dicestr[$i] == '+') {
-				$curd = 'diceZ';
-				$$curd = $dicestr[$i];
-			}
-		}
-
-		// Default values for X and Z
-		if($diceX == '') {
-			$diceX = '1';
-		}
-
-		if($diceZ == '') {
-			$diceZ = '+0';
-		}
-
-		// Intify them
-		$diceX = intval($diceX);
-		$diceY = intval($diceY);
-		$diceZ = intval($diceZ);
-
-		// Continue only if we have valid values
-		if($diceX > 0 && $diceY > 0) {
-			$dicerolls = array();
-			$dicesum = $diceZ;
-			for($i = 0; $i < $diceX; $i++) {
-				$roll = rand(1, $diceY);
-				$dicerolls[] = $roll;
-				$dicesum += $roll;
-			}
-
-			// Prepend the result to the post body
-			$modifier = ($diceZ != 0) ? ((($diceZ < 0) ? ' - ' : ' + ') . abs($diceZ)) : '';
-			$dicesum = ($diceX > 1) ? ' = ' . $dicesum : '';
-			$post->body = '<table class="diceroll"><tr><td><img src="'.$config['dir']['static'].'d10.svg" alt="Dice roll" width="24"></td><td>Rolled ' . implode(', ', $dicerolls) . $modifier . $dicesum . '</td></tr></table><br/>' . $post->body;
-		}
-	}
-}
-
 function slugify($post) {
 	global $config;
 
diff --git a/inc/functions/dice.php b/inc/functions/dice.php
new file mode 100644
index 00000000..f3208b33
--- /dev/null
+++ b/inc/functions/dice.php
@@ -0,0 +1,61 @@
+<?php
+namespace Vichan\Functions\Dice;
+
+/* Die rolling:
+ * If "dice XdY+/-Z" is in the email field (where X or +/-Z may be
+ * missing), X Y-sided dice are rolled and summed, with the modifier Z
+ * added on.  The result is displayed at the top of the post.
+ */
+function email_dice_roll($post) {
+	global $config;
+	if(strpos(strtolower($post->email), 'dice%20') === 0) {
+		$dicestr = str_split(substr($post->email, strlen('dice%20')));
+
+		// Get params
+		$diceX = '';
+		$diceY = '';
+		$diceZ = '';
+
+		$curd = 'diceX';
+		for($i = 0; $i < count($dicestr); $i ++) {
+			if(is_numeric($dicestr[$i])) {
+				$$curd .= $dicestr[$i];
+			} else if($dicestr[$i] == 'd') {
+				$curd = 'diceY';
+			} else if($dicestr[$i] == '-' || $dicestr[$i] == '+') {
+				$curd = 'diceZ';
+				$$curd = $dicestr[$i];
+			}
+		}
+
+		// Default values for X and Z
+		if($diceX == '') {
+			$diceX = '1';
+		}
+
+		if($diceZ == '') {
+			$diceZ = '+0';
+		}
+
+		// Intify them
+		$diceX = intval($diceX);
+		$diceY = intval($diceY);
+		$diceZ = intval($diceZ);
+
+		// Continue only if we have valid values
+		if($diceX > 0 && $diceY > 0) {
+			$dicerolls = array();
+			$dicesum = $diceZ;
+			for($i = 0; $i < $diceX; $i++) {
+				$roll = rand(1, $diceY);
+				$dicerolls[] = $roll;
+				$dicesum += $roll;
+			}
+
+			// Prepend the result to the post body
+			$modifier = ($diceZ != 0) ? ((($diceZ < 0) ? ' - ' : ' + ') . abs($diceZ)) : '';
+			$dicesum = ($diceX > 1) ? ' = ' . $dicesum : '';
+			$post->body = '<table class="diceroll"><tr><td><img src="'.$config['dir']['static'].'d10.svg" alt="Dice roll" width="24"></td><td>Rolled ' . implode(', ', $dicerolls) . $modifier . $dicesum . '</td></tr></table><br/>' . $post->body;
+		}
+	}
+}

From ceccbfc5b79cdc0851d48877301aed167ded4083 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@skiff.com>
Date: Sat, 12 Oct 2024 16:20:01 +0200
Subject: [PATCH 294/336] config.php: limit the number of dicerolls

---
 inc/config.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/inc/config.php b/inc/config.php
index fbca7447..2e14555d 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -712,6 +712,9 @@
 	);
 	*/
 
+	// Maximum number inline of dice rolls per markup.
+	$config['max_roll_count'] = 50;
+
 	// Allow dice rolling: an email field of the form "dice XdY+/-Z" will result in X Y-sided dice rolled and summed,
 	// with the modifier Z added, with the result displayed at the top of the post body.
 	$config['allow_roll'] = false;

From ad1d56d0927f22f924d788ad744eb09b3990ae76 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 14 Oct 2024 12:23:38 +0200
Subject: [PATCH 295/336] dice.php: handle inline dice rolling markup

---
 inc/functions/dice.php | 53 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/inc/functions/dice.php b/inc/functions/dice.php
index f3208b33..558257bf 100644
--- a/inc/functions/dice.php
+++ b/inc/functions/dice.php
@@ -1,6 +1,11 @@
 <?php
 namespace Vichan\Functions\Dice;
 
+function _get_or_default_int(array $arr, int $index, int $default) {
+	return (isset($arr[$index]) && is_numeric($arr[$index])) ? (int)$arr[$index] : $default;
+}
+
+
 /* Die rolling:
  * If "dice XdY+/-Z" is in the email field (where X or +/-Z may be
  * missing), X Y-sided dice are rolled and summed, with the modifier Z
@@ -59,3 +64,51 @@ function email_dice_roll($post) {
 		}
 	}
 }
+
+/**
+ * Rolls a dice and generates the appropriate html from the markup.
+ * @param array $matches The array of the matches according to the default configuration.
+ *                       1 -> The number of dices to roll.
+ *                       3 -> The number faces of the dices.
+ *                       4 -> The offset to apply to the dice.
+ * @param string $img_path Path to the image to use relative to the root. Null if none.
+ * @return string The html to replace the original markup with.
+ */
+function inline_dice_roll_markup(array $matches, ?string $img_path): string {
+	global $config;
+
+	$dice_count = _get_or_default_int($matches, 1, 1);
+	$dice_faces = _get_or_default_int($matches, 3, 6);
+	$dice_offset = _get_or_default_int($matches, 4, 0);
+
+	// Clamp between 1 and max_roll_count.
+	$dice_count = max(min($dice_count, $config['max_roll_count']), 1);
+	// Must be at least 2.
+	if ($dice_faces < 2) {
+		$dice_faces = 6;
+	}
+
+	$tot = 0;
+	for ($i = 0; $i < $dice_count; $i++) {
+		$tot += mt_rand(1, $dice_faces);
+	}
+	// Ensure that final result is at least an integer.
+	$tot = abs((int)($dice_offset + $tot));
+
+
+	if ($img_path !== null) {
+		$img_text = "<img src='{$config['root']}{$img_path}' alt='dice' title='dice' class=\"inline-dice\"/>";
+	} else {
+		$img_text = '';
+	}
+
+	if ($dice_offset === 0) {
+		$dice_offset_text = '';
+	} elseif ($dice_offset > 0) {
+		$dice_offset_text = "+{$dice_offset}";
+	} else {
+		$dice_offset_text = (string)$dice_offset;
+	}
+
+	return "<span>$img_text {$dice_count}d{$dice_faces}{$dice_offset_text} = <b>$tot</b></span>";
+}

From fba88643ecda698ca3be13be3ca1b7adf4b691a6 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 14 Oct 2024 12:24:44 +0200
Subject: [PATCH 296/336] config.php: add inline dice rolling markup support to
 the default configuration

---
 inc/config.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inc/config.php b/inc/config.php
index 2e14555d..067bc715 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -787,6 +787,8 @@
  */
 
 	$config['markup'] = [
+		// Inline dice roll markup.
+		[ "/!([-+]?\d+)?([d])([-+]?\d+)([-+]\d+)?/iu", fn($m) => inline_dice_roll_markup($m, 'static/d10.svg') ],
 		// "Wiki" markup syntax ($config['wiki_markup'] in pervious versions):
 		[ "/'''(.+?)'''/", "<strong>\$1</strong>" ],
 		[ "/''(.+?)''/", "<em>\$1</em>" ],

From b67ff982e29759d1349b6f21acc45471d9da158e Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Mon, 14 Oct 2024 13:55:58 +0200
Subject: [PATCH 297/336] composer: add dice.php to autoload

---
 composer.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 88ee789d..a2e906fe 100644
--- a/composer.json
+++ b/composer.json
@@ -34,9 +34,10 @@
             "inc/lock.php",
             "inc/queue.php",
             "inc/functions.php",
+            "inc/functions/dice.php",
+            "inc/functions/format.php",
             "inc/functions/net.php",
             "inc/functions/num.php",
-            "inc/functions/format.php",
             "inc/functions/theme.php",
             "inc/service/captcha-queries.php",
             "inc/context.php"

From 76f6c721e9679ec1c2f58c147f1b06bbf72509cb Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Wed, 16 Oct 2024 22:49:19 +0200
Subject: [PATCH 298/336] context.php: fix missing include file

---
 inc/context.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/inc/context.php b/inc/context.php
index e747a68d..9e5caef0 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -1,8 +1,7 @@
 <?php
 namespace Vichan;
 
-use RuntimeException;
-use Vichan\Data\Driver\{HttpDriver, ErrorLogLogDriver, FileLogDriver, LogDriver, StderrLogDriver, SyslogLogDriver};
+use Vichan\Data\Driver\{CacheDriver, HttpDriver, ErrorLogLogDriver, FileLogDriver, LogDriver, StderrLogDriver, SyslogLogDriver};
 use Vichan\Service\HCaptchaQuery;
 use Vichan\Service\NativeCaptchaQuery;
 use Vichan\Service\ReCaptchaQuery;
@@ -19,7 +18,7 @@ class Context {
 
 	public function get(string $name): mixed {
 		if (!isset($this->definitions[$name])) {
-			throw new RuntimeException("Could not find a dependency named $name");
+			throw new \RuntimeException("Could not find a dependency named $name");
 		}
 
 		$ret = $this->definitions[$name];
@@ -69,13 +68,13 @@ function build_context(array $config): Context {
 						$config['captcha']['hcaptcha']['sitekey']
 					);
 				default:
-					throw new RuntimeException('No remote captcha service available');
+					throw new \RuntimeException('No remote captcha service available');
 			}
 		},
 		NativeCaptchaQuery::class => function($c) {
 			$config = $c->get('config');
 			if ($config['captcha']['provider'] !== 'native') {
-				throw new RuntimeException('No native captcha service available');
+				throw new \RuntimeException('No native captcha service available');
 			}
 			return new NativeCaptchaQuery(
 				$c->get(HttpDriver::class),

From 58f730293650e1a2282a08010c100ae55d601e57 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 20 Oct 2024 12:03:15 -0700
Subject: [PATCH 299/336] minor bugfix relating to auth when changing your own
 username

---
 inc/mod/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 70cf23ff..f6a65db2 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -10,7 +10,7 @@ use Vichan\Functions\Net;
 defined('TINYBOARD') or exit;
 
 // create a hash/salt pair for validate logins
-function mkhash(string $username, string $password, mixed $salt = false): array|string {
+function mkhash(string $username, ?string $password, mixed $salt = false): array|string {
 	global $config;
 
 	if (!$salt) {

From b5a9dc4d1a1ce3173745e2e8e14ce37a25f689a3 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Thu, 31 Oct 2024 14:47:11 +0100
Subject: [PATCH 300/336] bans.php: remove multiple return types for PHP 7.4
 support

---
 inc/bans.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/bans.php b/inc/bans.php
index 8ea3b921..931777a4 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -142,7 +142,7 @@ class Bans {
 		return array($ipstart, $ipend);
 	}
 
-	static public function findSingle(string $ip, int $ban_id, bool $require_ban_view): array|null {
+	static public function findSingle(string $ip, int $ban_id, bool $require_ban_view): ?array {
 		/**
 		 * Use OR in the query to also garbage collect bans. Ideally we should move the whole GC procedure to a separate
 		 * script, but it will require a more important restructuring.

From 9dacdf59b1db3f38aed0018a0ee6caec5cdfc0d3 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Mon, 16 Dec 2024 23:15:23 -0600
Subject: [PATCH 301/336] skip captcha or log settings in mod.php config

relates to multidimensional arrays
---
 inc/mod/config-editor.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/inc/mod/config-editor.php b/inc/mod/config-editor.php
index 0f6dbc9a..688b0910 100644
--- a/inc/mod/config-editor.php
+++ b/inc/mod/config-editor.php
@@ -64,6 +64,10 @@ function config_vars() {
 			$var['comment'][] = $temp_comment;
 			$temp_comment = false;
 		}
+
+		if (preg_match('!^\s*\$config\[(\'log_system\'|\'captcha\')\]!', $line)) {
+            continue;
+        }
 		
 		if (preg_match('!^\s*// ([^$].*)$!', $line, $matches)) {
 			if ($var['default'] !== false) {

From 2e91c1ed3d9cb3091d4c38722be27b529e862d77 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 00:24:46 -0600
Subject: [PATCH 302/336] Update FileLogDriver.php

---
 inc/Data/Driver/FileLogDriver.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inc/Data/Driver/FileLogDriver.php b/inc/Data/Driver/FileLogDriver.php
index 18423cf1..2c9f14a0 100644
--- a/inc/Data/Driver/FileLogDriver.php
+++ b/inc/Data/Driver/FileLogDriver.php
@@ -49,6 +49,7 @@ class FileLogDriver implements LogDriver {
 			$line = "{$this->name} $lv: $message\n";
 			\flock($this->fd, LOCK_EX);
 			\fwrite($this->fd, $line);
+			\fflush($this->fd);
 			\flock($this->fd, LOCK_UN);
 		}
 	}

From 26ffd1aa72aefc309e7074750f450155819996c4 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 01:08:41 -0600
Subject: [PATCH 303/336] remove anti-bot functions

---
 inc/anti-bot.php | 196 +----------------------------------------------
 1 file changed, 1 insertion(+), 195 deletions(-)

diff --git a/inc/anti-bot.php b/inc/anti-bot.php
index 326628af..6f684c55 100644
--- a/inc/anti-bot.php
+++ b/inc/anti-bot.php
@@ -1,199 +1,5 @@
 <?php
 
 /*
- *  Copyright (c) 2010-2013 Tinyboard Development Group
+ *  Anti-bot.php has been deprecated and removed due to its functions not being necessary and being easily bypassable, by both customized and uncustomized spambots.
  */
-
-defined('TINYBOARD') or exit;
-
-class AntiBot {
-	public $salt;
-	public $inputs = [];
-	public $index = 0;
-
-	public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
-		$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
-		if ($uppercase) {
-			$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-		}
-		if ($special_chars) {
-			$chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';
-		}
-		if ($unicode_chars) {
-			$len = strlen($chars) / 10;
-			for ($n = 0; $n < $len; $n++) {
-				$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
-			}
-		}
-
-		$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
-
-		$ch = [];
-
-		// fill up $ch until we reach $length
-		while (count($ch) < $length) {
-			$n = $length - count($ch);
-			$keys = array_rand($chars, $n > count($chars) ? count($chars) : $n);
-			if ($n == 1) {
-				$ch[] = $chars[$keys];
-				break;
-			}
-			shuffle($keys);
-			foreach ($keys as $key) {
-				$ch[] = $chars[$key];
-			}
-		}
-
-		$chars = $ch;
-
-		return implode('', $chars);
-	}
-
-	public static function make_confusing($string) {
-		$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
-
-		foreach ($chars as &$c) {
-			if (mt_rand(0, 3) != 0) {
-				$c = utf8tohtml($c);
-			} else {
-				$c = mb_encode_numericentity($c, [ 0, 0xffff, 0, 0xffff ], 'UTF-8');
-			}
-		}
-
-		return implode('', $chars);
-	}
-
-	public function __construct(array $salt = []) {
-		global $config;
-
-		if (!empty($salt)) {
-			// Create a salted hash of the "extra salt"
-			$this->salt = implode(':', $salt);
-		} else {
-			$this->salt = '';
-		}
-
-		shuffle($config['spam']['hidden_input_names']);
-
-		$input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
-		$hidden_input_names_x = 0;
-
-		for ($x = 0; $x < $input_count ; $x++) {
-			if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
-				// Use an obscure name
-				$name = $this->randomString(mt_rand(10, 40), false, false, $config['spam']['unicode']);
-			} else {
-				// Use a pre-defined confusing name
-				$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
-				if ($hidden_input_names_x >= count($config['spam']['hidden_input_names'])) {
-					$hidden_input_names_x = false;
-				}
-			}
-
-			if (mt_rand(0, 2) == 0) {
-				// Value must be null
-				$this->inputs[$name] = '';
-			} elseif (mt_rand(0, 4) == 0) {
-				// Numeric value
-				$this->inputs[$name] = (string)mt_rand(0, 100000);
-			} else {
-				// Obscure value
-				$this->inputs[$name] = $this->randomString(mt_rand(5, 100), true, true, $config['spam']['unicode']);
-			}
-		}
-	}
-
-	public static function space() {
-		if (mt_rand(0, 3) != 0) {
-			return ' ';
-		}
-		return str_repeat(' ', mt_rand(1, 3));
-	}
-
-	public function html($count = false) {
-		$elements = [
-			'<input type="hidden" name="%name%" value="%value%">',
-			'<input type="hidden" value="%value%" name="%name%">',
-			'<input name="%name%" value="%value%" type="hidden">',
-			'<input value="%value%" name="%name%" type="hidden">',
-			'<input style="display:none" type="text" name="%name%" value="%value%">',
-			'<input style="display:none" type="text" value="%value%" name="%name%">',
-			'<span style="display:none"><input type="text" name="%name%" value="%value%"></span>',
-			'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
-			'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
-			'<textarea style="display:none" name="%name%">%value%</textarea>',
-			'<textarea name="%name%" style="display:none">%value%</textarea>'
-		];
-
-		$html = '';
-
-		if ($count === false) {
-			$count = mt_rand(1, (int)abs(count($this->inputs) / 15) + 1);
-		}
-
-		if ($count === true) {
-			// All elements
-			$inputs = array_slice($this->inputs, $this->index);
-		} else {
-			$inputs = array_slice($this->inputs, $this->index, $count);
-		}
-		$this->index += count($inputs);
-
-		foreach ($inputs as $name => $value) {
-			$element = false;
-			while (!$element) {
-				$element = $elements[array_rand($elements)];
-				$element = str_replace(' ', self::space(), $element);
-				if (mt_rand(0, 5) == 0) {
-					$element = str_replace('>', self::space() . '>', $element);
-				}
-				if (strpos($element, 'textarea') !== false && $value == '') {
-					// There have been some issues with mobile web browsers and empty <textarea>'s.
-					$element = false;
-				}
-			}
-
-			$element = str_replace('%name%', utf8tohtml($name), $element);
-
-			if (mt_rand(0, 2) == 0) {
-				$value = $this->make_confusing($value);
-			} else {
-				$value = utf8tohtml($value);
-			}
-
-			if (strpos($element, 'textarea') === false) {
-				$value = str_replace('"', '&quot;', $value);
-			}
-
-			$element = str_replace('%value%', $value, $element);
-
-			$html .= $element;
-		}
-
-		return $html;
-	}
-
-	public function reset() {
-		$this->index = 0;
-	}
-
-	public function hash() {
-		global $config;
-
-		// This is the tricky part: create a hash to validate it after
-		// First, sort the keys in alphabetical order (A-Z)
-		$inputs = $this->inputs;
-		ksort($inputs);
-
-		$hash = '';
-		// Iterate through each input
-		foreach ($inputs as $name => $value) {
-			$hash .= $name . '=' . $value;
-		}
-		// Add a salt to the hash
-		$hash .= $config['cookies']['salt'];
-
-		// Use SHA1 for the hash
-		return sha1($hash . $this->salt);
-	}
-}

From 0ff0e707d65c336d1581873961bf249d568b0176 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 01:56:57 -0600
Subject: [PATCH 304/336] remove vichan's current antibot system

---
 inc/config.php | 77 --------------------------------------------------
 1 file changed, 77 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index c111b762..812ac89d 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -275,83 +275,6 @@
 	// To prevent bump attacks; returns the thread to last position after the last post is deleted.
 	$config['anti_bump_flood'] = false;
 
-	/*
-	 * Introduction to vichan's spam filter:
-	 *
-	 * In simple terms, whenever a posting form on a page is generated (which happens whenever a
-	 * post is made), vichan will add a random amount of hidden, obscure fields to it to
-	 * confuse bots and upset hackers. These fields and their respective obscure values are
-	 * validated upon posting with a 160-bit "hash". That hash can only be used as many times
-	 * as you specify; otherwise, flooding bots could just keep reusing the same hash.
-	 * Once a new set of inputs (and the hash) are generated, old hashes for the same thread
-	 * and board are set to expire. Because you have to reload the page to get the new set
-	 * of inputs and hash, if they expire too quickly and more than one person is viewing the
-	 * page at a given time, vichan would return false positives (depending on how long the
-	 * user sits on the page before posting). If your imageboard is quite fast/popular, set
-	 * $config['spam']['hidden_inputs_max_pass'] and $config['spam']['hidden_inputs_expire'] to
-	 * something higher to avoid false positives.
-	 *
-	 * See also: https://github.com/vichan-devel/vichan/wiki/your_request_looks_automated
-	 *
-	 */
-
-	// Number of hidden fields to generate.
-	$config['spam']['hidden_inputs_min'] = 4;
-	$config['spam']['hidden_inputs_max'] = 12;
-
-	// How many times can a "hash" be used to post?
-	$config['spam']['hidden_inputs_max_pass'] = 12;
-
-	// How soon after regeneration do hashes expire (in seconds)?
-	$config['spam']['hidden_inputs_expire'] = 60 * 60 * 3; // three hours
-
-	// Whether to use Unicode characters in hidden input names and values.
-	$config['spam']['unicode'] = true;
-
-	// These are fields used to confuse the bots. Make sure they aren't actually used by vichan, or it won't work.
-	$config['spam']['hidden_input_names'] = array(
-		'user',
-		'username',
-		'login',
-		'search',
-		'q',
-		'url',
-		'firstname',
-		'lastname',
-		'text',
-		'message'
-	);
-
-	// Always update this when adding new valid fields to the post form, or EVERYTHING WILL BE DETECTED AS SPAM!
-	$config['spam']['valid_inputs'] = array(
-		'hash',
-		'board',
-		'thread',
-		'mod',
-		'name',
-		'email',
-		'subject',
-		'post',
-		'body',
-		'password',
-		'sticky',
-		'lock',
-		'raw',
-		'embed',
-		'g-recaptcha-response',
-		'h-captcha-response',
-		'captcha_cookie',
-		'captcha_text',
-		'spoiler',
-		'page',
-		'file_url',
-		'json_response',
-		'user_flag',
-		'no_country',
-		'tag',
-		'simple_spam'
-	);
-
 	// Enable simple anti-spam measure. Requires the end-user to answer a question before making a post.
 	// Works very well against uncustomized spam. Answers are case-insensitive.
 	// $config['simple_spam'] = array (

From 5f2f653993d5e14a001a13fb6b55ba10f6cdfed2 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 02:16:59 -0600
Subject: [PATCH 305/336] Update functions.php

---
 inc/functions.php | 63 ++---------------------------------------------
 1 file changed, 2 insertions(+), 61 deletions(-)

diff --git a/inc/functions.php b/inc/functions.php
index 15aa2c0e..43a2b3fa 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -391,12 +391,6 @@ function define_groups() {
 	ksort($config['mod']['groups']);
 }
 
-function create_antibot($board, $thread = null) {
-	require_once dirname(__FILE__) . '/anti-bot.php';
-
-	return _create_antibot($board, $thread);
-}
-
 function sprintf3($str, $vars, $delim = '%') {
 	$replaces = array();
 	foreach ($vars as $k => $v) {
@@ -1528,43 +1522,6 @@ function purge_old_antispam() {
 	return $query->rowCount();
 }
 
-function _create_antibot($board, $thread) {
-	global $config, $purged_old_antispam;
-
-	$antibot = new AntiBot([$board, $thread]);
-
-	// Delete old expired antispam, skipping those with NULL expiration timestamps (infinite lifetime).
-	if (!isset($purged_old_antispam) && $config['auto_maintenance']) {
-		$purged_old_antispam = true;
-		query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
-	}
-
-	// Keep the now invalid timestamps around for a bit to enable users to post if they're still on an old version of
-	// the HTML page.
-	// By virtue of existing, we know that we're making a new version of the page, and the user from now on may just reload.
-	if ($thread) {
-		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');
-	} else {
-		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL');
-	}
-
-	$query->bindValue(':board', $board);
-	if ($thread) {
-		$query->bindValue(':thread', $thread);
-	}
-	$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
-	$query->execute() or error(db_error($query));
-
-	// Insert an antispam with infinite life as the HTML page of a thread might last well beyond the expiry date.
-	$query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)');
-	$query->bindValue(':board', $board);
-	$query->bindValue(':thread', $thread);
-	$query->bindValue(':hash', $antibot->hash());
-	$query->execute() or error(db_error($query));
-
-	return $antibot;
-}
-
 function checkSpam(array $extra_salt = array()) {
 	global $config, $pdo;
 
@@ -1632,7 +1589,6 @@ function buildIndex($global_api = "yes") {
 	$catalog_api_action = generation_strategy('sb_api', array($board['uri']));
 
 	$pages = null;
-	$antibot = null;
 
 	if ($config['api']['enabled']) {
 		$api = new Api(
@@ -1684,21 +1640,12 @@ function buildIndex($global_api = "yes") {
 				if ($wont_build_this_page) continue;
 			}
 
-			if ($config['try_smarter']) {
-				$antibot = create_antibot($board['uri'], 0 - $page);
-				$content['current_page'] = $page;
-			}
-			elseif (!$antibot) {
-				$antibot = create_antibot($board['uri']);
-			}
-			$antibot->reset();
 			if (!$pages) {
 				$pages = getPages();
 			}
 			$content['pages'] = $pages;
 			$content['pages'][$page-1]['selected'] = true;
 			$content['btn'] = getPageButtons($content['pages']);
-			$content['antibot'] = $antibot;
 			if ($mod) {
 				$content['pm'] = create_pm_header();
 			}
@@ -2282,7 +2229,6 @@ function buildThread($id, $return = false, $mod = false) {
 			error($config['error']['nonexistant']);
 
 		$hasnoko50 = $thread->postCount() >= $config['noko50_min'];
-		$antibot = $mod || $return ? false : create_antibot($board['uri'], $id);
 
 		$options = [
 			'board' => $board,
@@ -2293,7 +2239,6 @@ function buildThread($id, $return = false, $mod = false) {
 			'mod' => $mod,
 			'hasnoko50' => $hasnoko50,
 			'isnoko50' => false,
-			'antibot' => $antibot,
 			'boardlist' => createBoardlist($mod),
 			'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['dir'] . $config['file_index'])
 		];
@@ -2330,20 +2275,17 @@ function buildThread($id, $return = false, $mod = false) {
 	} elseif ($action == 'rebuild') {
 		$noko50fn = $board['dir'] . $config['dir']['res'] . link_for($thread, true);
 		if ($hasnoko50 || file_exists($noko50fn)) {
-			buildThread50($id, $return, $mod, $thread, $antibot);
+			buildThread50($id, $return, $mod, $thread);
 		}
 
 		file_write($board['dir'] . $config['dir']['res'] . link_for($thread), $body);
 	}
 }
 
-function buildThread50($id, $return = false, $mod = false, $thread = null, $antibot = false) {
+function buildThread50($id, $return = false, $mod = false, $thread = null) {
 	global $board, $config;
 	$id = round($id);
 
-	if ($antibot)
-		$antibot->reset();
-
 	if (!$thread) {
 		$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`id` DESC LIMIT :limit", $board['uri']));
 		$query->bindValue(':id', $id, PDO::PARAM_INT);
@@ -2405,7 +2347,6 @@ function buildThread50($id, $return = false, $mod = false, $thread = null, $anti
 		'mod' => $mod,
 		'hasnoko50' => $hasnoko50,
 		'isnoko50' => true,
-		'antibot' => $mod ? false : ($antibot ? $antibot : create_antibot($board['uri'], $id)),
 		'boardlist' => createBoardlist($mod),
 		'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['dir'] . $config['file_index'])
 	];

From 6f5b0ae6d5e0dbcc8506984afd64f44bd697b527 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 02:24:18 -0600
Subject: [PATCH 306/336] strip old antibot system

---
 templates/post_form.html | 23 -----------------------
 1 file changed, 23 deletions(-)

diff --git a/templates/post_form.html b/templates/post_form.html
index 64aff382..11f11e74 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -1,9 +1,6 @@
 <form name="post" onsubmit="return doPost(this);" enctype="multipart/form-data" action="{{ config.post_url }}" method="post">
-{{ antibot.html() }}
 {% if id %}<input type="hidden" name="thread" value="{{ id }}">{% endif %}
-{{ antibot.html() }}
 <input type="hidden" name="board" value="{{ board.uri }}">
-{{ antibot.html() }}
 {% if current_page %}
 	<input type="hidden" name="page" value="{{ current_page }}">
 {% endif %}
@@ -12,11 +9,9 @@
 		{% if not config.field_disable_name or (mod and post.mod|hasPermission(config.mod.bypass_field_disable, board.uri)) %}<tr>
 			<th>
 				{% trans %}Name{% endtrans %}
-				{{ antibot.html() }}
 			</th>
 			<td>
 				<input type="text" name="name" size="25" maxlength="35" autocomplete="off"> {% if config.allow_no_country and config.country_flags %}<input id="no_country" name="no_country" type="checkbox"> <label for="no_country">{% trans %}Don't show my flag{% endtrans %}</label>{% endif %}
-				{{ antibot.html() }}
 			</td>
 		</tr>{% endif %}
 		{% if not config.field_disable_email or (mod and post.mod|hasPermission(config.mod.bypass_field_disable, board.uri)) %}<tr>
@@ -26,7 +21,6 @@
 				{% else %}
 				{% trans %}Email{% endtrans %}
 				{% endif %}
-				{{ antibot.html() }}
 			</th>
 			<td>
 				{% if (mod and not post.mod|hasPermission(config.mod.bypass_field_disable, board.uri) and config.field_email_selectbox) or (not mod and config.field_email_selectbox) %}
@@ -39,17 +33,14 @@
 				{% else %}
 				<input type="text" name="email" size="25" maxlength="40" autocomplete="off">
 				{% endif %}
-				{{ antibot.html() }}
 				{% if not (not (config.field_disable_subject or (id and config.field_disable_reply_subject)) or (mod and post.mod|hasPermission(config.mod.bypass_field_disable, board.uri))) %}
 				<input accesskey="s" style="margin-left:2px;" type="submit" name="post" value="{% if id %}{{ config.button_reply }}{% else %}{{ config.button_newtopic }}{% endif %}" />{% if config.spoiler_images %} <input id="spoiler" name="spoiler" type="checkbox"> <label for="spoiler">{% trans %}Spoiler Image{% endtrans %}</label>				{% endif %}
 				{% endif %}
-				{{ antibot.html() }}
 			</td>
 		</tr>{% endif %}
 		{% if not (config.field_disable_subject or (id and config.field_disable_reply_subject)) or (mod and post.mod|hasPermission(config.mod.bypass_field_disable, board.uri)) %}<tr>
 			<th>
 				{% trans %}Subject{% endtrans %}
-				{{ antibot.html() }}
 			</th>
 			<td>
 				<input style="float:left;" type="text" name="subject" size="25" maxlength="100" autocomplete="off">
@@ -60,11 +51,9 @@
 		<tr>
 			<th>
 				{% trans %}Comment{% endtrans %}
-				{{ antibot.html() }}
 			</th>
 			<td>
 				<textarea name="body" id="body" rows="5" cols="35"></textarea>
-				{{ antibot.html() }}
 				{% if not (not (config.field_disable_subject or (id and config.field_disable_reply_subject)) or (mod and post.mod|hasPermission(config.mod.bypass_field_disable, board.uri))) %}
 				{% if not (not config.field_disable_email or (mod and post.mod|hasPermission(config.mod.bypass_field_disable, board.uri))) %}
 				<input accesskey="s" style="margin-left:2px;" type="submit" name="post" value="{% if id %}{{ config.button_reply }}{% else %}{{ config.button_newtopic }}{% endif %}" />{% if config.spoiler_images %} <input id="spoiler" name="spoiler" type="checkbox"> <label for="spoiler">{% trans %}Spoiler Image{% endtrans %}</label>{% endif %}
@@ -80,11 +69,9 @@
 		{% endif %}
 			<th>
 				{% trans %}Verification{% endtrans %}
-				{{ antibot.html() }}
 			</th>
 			<td>
 				<div class="g-recaptcha" data-sitekey="{{ config.captcha.recaptcha.sitekey }}"></div>
-				{{ antibot.html() }}
 			</td>
 		</tr>
 		{% endif %}
@@ -92,11 +79,9 @@
 		<tr>
 			<th>
 				{% trans %}Verification{% endtrans %}
-				{{ antibot.html() }}
 			</th>
 			<td>
 				<div class="h-captcha" data-sitekey="{{ config.captcha.hcaptcha.sitekey }}"></div>
-				{{ antibot.html() }}
 			</td>
 		</tr>
 		{% endif %}
@@ -173,14 +158,12 @@
 						<input style="display:inline" type="text" id="file_url" name="file_url" size="35">
 					</div>
 				{% endif %}
-				{{ antibot.html() }}
 			</td>
 		</tr>
 		{% if config.enable_embedding %}
 		<tr id="upload_embed">
 			<th>
 				{% trans %}Embed{% endtrans %}
-				{{ antibot.html() }}
 			</th>
 			<td>
 				<input type="text" name="embed" value="" size="30" maxlength="120" autocomplete="off">
@@ -211,27 +194,21 @@
 		{% if not config.field_disable_password or (mod and post.mod|hasPermission(config.mod.bypass_field_disable, board.uri)) %}<tr>
 			<th>
 				{% trans %}Password{% endtrans %}
-				{{ antibot.html() }}
 			</th>
 			<td>
 				<input type="text" name="password" value="" size="12" maxlength="18" autocomplete="off">
 				<span class="unimportant">{% trans %}(For file deletion.){% endtrans %}</span>
-				{{ antibot.html() }}
 			</td>
 		</tr>{% endif %}
 		{% if config.simple_spam and not id %}<tr>
 			<th>
 				{{ config.simple_spam.question }}
-				{{ antibot.html() }}
 			</th>
 			<td>
 				<input type="text" name="simple_spam" value="" size="12" maxlength="18" autocomplete="off">
-				{{ antibot.html() }}
 			</td>
 		</tr>{% endif %}
 	</table>
-{{ antibot.html(true) }}
-<input type="hidden" name="hash" value="{{ antibot.hash() }}">
 </form>
 
 <script type="text/javascript">{% verbatim %}

From a376a5a2e3bb7514ca8577327a85aaf6d4d0099f Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 02:31:26 -0600
Subject: [PATCH 307/336] finish stripping current antispam system

---
 post.php | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/post.php b/post.php
index 23593a67..a14beb09 100644
--- a/post.php
+++ b/post.php
@@ -712,12 +712,6 @@ if (isset($_POST['delete'])) {
 				error($config['error']['noaccess']);
 		}
 
-		if (!$post['mod']) {
-			$post['antispam_hash'] = checkSpam(array($board['uri'], isset($post['thread']) ? $post['thread'] : ($config['try_smarter'] && isset($_POST['page']) ? 0 - (int)$_POST['page'] : null)));
-			if ($post['antispam_hash'] === true)
-				error($config['error']['spam']);
-		}
-
 		if ($config['robot_enable'] && $config['robot_mute']) {
 			checkMute();
 		}

From 0ed3513e66314da91cf3a28643182f2d3e2f666e Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 14:43:13 -0600
Subject: [PATCH 308/336] add youtu.be and voca.ro

---
 inc/config.php | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index 812ac89d..697a6fcf 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1150,28 +1150,29 @@
 	// Custom embedding (YouTube, vimeo, etc.)
 	// It's very important that you match the entire input (with ^ and $) or things will not work correctly.
 	// Be careful when creating a new embed, because depending on the URL you end up exposing yourself to an XSS.
-	$config['embedding'] = [
-		[
-			'/^https?:\/\/(\w+\.)?youtube\.com\/watch\?v=([a-zA-Z0-9\-_]{10,11})?$/i',
-			'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0" id="ytplayer" src="https://www.youtube.com/embed/$2"></iframe>'
-		],
-		[
+		$config['embedding'] = array(
+		array(
+			'/^https?:\/\/(\w+\.)?(youtube\.com\/watch\?v=|youtu\.be\/)([a-zA-Z0-9\-_]{10,11})?$/i',
+			'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0" id="ytplayer" src="https://www.youtube.com/embed/$3"></iframe>'
+		),		
+		array(
 			'/^https?:\/\/(\w+\.)?vimeo\.com\/(\d{2,10})(\?.+)?$/i',
 			'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0" src="https://player.vimeo.com/video/$2"></iframe>'
-		],
-		[
+		),
+		array(
 			'/^https?:\/\/(\w+\.)?dailymotion\.com\/video\/([a-zA-Z0-9]{2,10})(_.+)?$/i',
 			'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0" src="https://www.dailymotion.com/embed/video/$2" allowfullscreen></iframe>'
-		],
-		[
+		),
+		array(
 			'/^https?:\/\/(\w+\.)?metacafe\.com\/watch\/(\d+)\/([a-zA-Z0-9_\-.]+)\/(\?[^\'"<>]+)?$/i',
 			'<iframe style="float: left; margin: 10px 20px;" width="%%tb_width%%" height="%%tb_height%%" frameborder="0"  src="https://www.metacafe.com/embed/$2/$3/" allowfullscreen></iframe>'
-		],
-		[
-			'/^https?:\/\/(\w+\.)?vocaroo\.com\/([a-zA-Z0-9]{2,12})$/i',
-			'<iframe style="float: left; margin: 10px 20px;" width="300" height="60" frameborder="0" src="https://vocaroo.com/embed/$2"></iframe>'
-		]
-	];
+		),
+		array(
+			'/^https?:\/\/(\w+\.)?(vocaroo\.com\/|voca\.ro\/)([a-zA-Z0-9]{2,12})$/i',
+			'<iframe style="float: left; margin: 10px 20px;" width="300" height="60" frameborder="0" src="https://vocaroo.com/embed/$3"></iframe>'
+		),
+				
+	);
 
 	// Embedding width and height.
 	$config['embed_width'] = 300;

From f419ae046c62c1a394ef975e4b2930f5da5e5306 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 14:59:46 -0600
Subject: [PATCH 309/336] replace captcha click me image

---
 static/clickme.gif | Bin 3096 -> 5888 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/static/clickme.gif b/static/clickme.gif
index d408bc869936879584d5e5198f68cca268af2d32..c0b94ef8d607fd82c3bb27bcf6508fac60f49bd8 100644
GIT binary patch
literal 5888
zcmWldhhLJ3<HsMy!xHcTaa)0-Tq(E}Ex?5v#XSn#nHpwhW&?10nz&M%n7iwW%7&?Z
zag<u-VK%h7(w5a(X{U{A_`Bcde|W!NulL8>$IHo4_z>U$UjQI1BaV?Dv(NE%h*iem
zetV-}EU&b4Z+DSHAlHczU4T>Bo=j@o#`NuE(}kfYC&j^{B#)SA-@T1N1y*V8DP}B2
zl)wA&cPGOSUt?_cjj!05tlPqCiFjE_PwR0p@z=7;u!vShaZ;qVUeRuGyK|;<1M8`k
z;4?2#Wx-ZA`^($yY{P6yw=#A|w@gV~BRz9%&v0YHyU*Bi8+|+u@OP8?0;H$TWIM%3
zG6K9kt47N_EVqYNU$plZrkvPXe0Epcmv)yFYb(FNm~}O6<$l(if?F?o8iv8LMxEG|
zjy}0{iD#J`yo}ii9xlGYD~GL5KP!%G>bG>^#Ex%qR|+4N*m#wOrj;gpWR|Bj?zOFt
zXYC3$7h*)=ti!PPWw)!X`8+FU-yI>>80;{|prlYm=x>*E?fyvJEX?PZZ_c7z3^tbf
z?Beu}WW*kIV<rS~LPP83s>1f9_BYz?Y(L0O5+55sC}?#R4td%~;^XMY;}0anUrjf6
zW%{HFTsC=L&UNCN?kYn+I`pV;|G=(@>P=y_mmNF;UGp?u!ZVvQos(;GHahv#oN(M^
zl^9ZS_8{ZWeZ*mUO8Bp)jX{M~T|c{;ms)~~+N@*v;*OmO21f^v`Fdq=_MY5Pk?5M(
z6lYVlHKp6R>VBOk$J6Ifm~-g%-Df20eb#J>^Kcju1s-5~m+LV+eD(@EKGax8H*7Kv
zQs3Q}9#zB-JQi-_9=Rua^Y6b4vTD+jOC@&PEftfsrtTJDhNaT}QfAanUUIaZkI$C7
zTO9^6Sqb}<zp=)pwn@S4xIKcnn*#4_S=&rOZf}YU-^<F)H!^EWa$(Y@AiiIHxKl{#
zMn|75a<{79JX@Zgb6jBey}iK&EY)$Fh=#tv_5195)2-syFr=~JSEGG}(P5RFpOo2f
zA|m|{9CJ@AvTINF&tuy*C0H>7y<|RV+FkMXqOHX{_~l7QUL17@4+`#z$~csoe%&d)
z(>3EnzH4fbN2+@@;#J*~ruw0L`wMCGj0gvQfSn8168LZb&jNs11v;<>T*WNQ;q+aF
z&8R{+lpk*3Tert6(p*z5y0C0z*1Kby`SqnKvf$KMttme+k&-sH#?d_C7M?#^sh_ni
z@yL@?wy&DgzQ_Kc+g3hn%Er)FVsCYKO||Pj>Eo2_kpHhE(u8w6ab%)O^0s^QUn9nr
z2NzRy4Y|xeq8uEM=Pm>=KYAC_;ksD6<bYd4j@bycwf;Kq>tm+Ok3GsMZ~ou*BJf<L
zf6s-X6yRUwyMLPhw7MNN)XICg?a0$nXT`PbTuk>A9~9h3Hmuf&eYk#m-Zj{pwUu}~
zoW<#t&;nE{{^VQnJo?M9y5iJO8Xk3yE$BGzm#AucphZkdURjN8w()#`!S875QTdH@
zBYx}F|DpJMloSa^)YYB4xZIse>ywsim^)v%iApn8hN7bGO!=8ChMxM(ASyB<a<hEl
zp^T!r%#az+Xx{YST$8vmW|K+38||y_#5rN)m(+qQ2)dJig`D8Da?^@J_6vcf_!HqE
zu}6YjYg>4=&aHoV3EXL(As@5b-byKsMPx~RgDMt+d3aW+VY^lT^7CTz)3F$w=}D3g
zWWgOan@{wAi>TVPwegg;V8c?4c>T+!dwPkR9W*DbU*e5D)J~N~jcLDBRTn!chwYHe
z4b6OR7+gXtJPJ-4&3CFXRy<8k0a+6D?4l)*xO!|AL<304q|`V*8XjZ~`SVSE(>l)=
z_{?0*((i=daDm*`SLk){(QgvQz^u|!fzhJn_;O}}vud!TK9+^%r=^R@9ps+c)T9<V
z9kTpgGyod5xLhjjW?9CMoeSzoxMldcvoOw|7|D&Q^3`i)XV>RFFEgB?h>+UcQ44c&
zv+E_yA<sAeness6P9@B|e?Y@MKy-=^M(S3ivk(5Lb>IIvOZbe$RSo%v_b<3SglX?<
zzH9%5K8$raZJb_HVy*7=0PW~q$#o0xt1B{VZyJtC!}qVi-LXg)!f|+8b@8pR4iHZl
z`=p<I>@9ymF`7xN)$l#@^?|?OM(gV0u*Rc`ni`iadzt}j)cH^4PG)EAIEHssHJ5#a
zfUWKm#~1UVdhk<56A#z-3yU;8|GYoobYoOCYH*qAGKni1IUr@vC~Df>g>o^Q(&wF3
zW`{773@qv_)8R`xTv3S4s5XuCsmi~Fxm4y<sI-{DhqCW|7JA;XICr&>4F9soB+$c=
zjy#R)H<1`>(5L`O;VoQLuOnz$u@=6W@*oR3Pu!zpgF-BS5I?3$Sal-Si!};^4MM@k
zWAie^CxPCWlVC-Mqmh+ZMO7$**4DLaI9Ss3bD<KxN5>|Kq8YpJn~&y+SzNrJ-~exr
zvK&8HIamfGpZ}fBUM0%`@Sa#7&lrIbgag}sWVvppQcSxke5=Qzn37%!wso*e5(~_U
zG$D3MR1&dVs5>(wy{$v@Dv1=sj!t{%#{!_X>5v~@61RZU#<EC>n6%PDfG~(zyL<@!
zjx_)qqgQV5qLoLM8f#HZWej6D=)htdUU)NVSjVZUFdo&io$e(B7HFk%z1HtvVo1Jn
zY9cZ2W;|I#NMnluxf7uqd$=a#cp(W*FLKkFE9S^KnN7YvL<cr9iN)4Et{6fXT=2Gj
zIiyx<!8I<Xi*Hg|G3dTwJC%q9y4;oY7tGpm6}=|W=c^;T*&p}vWE;&d)WP4vG)S0L
z*FB#y^{<z5mVbO>Z8_zMxTf;fK}m3-ea|yB%#ik>WE69D5mqr>;(kvtvJb;ygSvyJ
zC?)a{RH!v)Fb^wXtGo}*N~Wko4tpK>PlW>H#yg%LQRcVY;}yRdO{Y-O^opL7cI|<`
zG7QM?C>%&1CvPo9&^W<WCXK;{r$@bLyie+V3&M4O+6`@rr;)&6BA+lfZr11^Yxq2Y
zGJk&@6I~wolntq&4TeniMwA>jug>j0Gf&H&8-4dPr_*!V;$z)B_o*9a&HD<t7CB29
zi}6BeD@m@XIf<PmERN80FDz^)CdIr(&uY(KKIVcD>DBsNkx57F+kYRKuCf#c{X<GS
zW7))EJz4J0g}1Ph7`LaNCZOJxZ3*D%si%aNo<8>>ft3u5dlL_h(>vLXStTZR#s*g+
z8`wnHgA{`oy4jOMusPq~Latt+IJu={&`g7lk|}3zS4wGnoS*y(|9ItJLP1u^qr0Yy
zRNcFg+ti6p5z<7eL5i@@${(g~(D@P!wZIr15*F*o5DffV56c5QLP~3HKcU*%U-S28
z+m@*$I%>;-`)1R>p4Z-Ru#y@fVsQFjh-x4f@dxUzR~btlQ8tDH4lLr6##{7|@m%}Y
z!V;bFw#%ZV((?S<&(-vd|A(TNy6oGRVB^hRb7=Uj-CqA>>cyf}_&>^U`xEEU=ad7q
zE7ZU1gDnY^uexBH{C#<T$rJ1ESL+7}bhEq&H?0J5c__ZXC}u3VmlKT~aPwOym7yYc
zy|!$c9zl$Y@bmKJKmJZs$a@y1NV3`c_p@7hW=(I@p4LuI2^c%`d1%sd^xa4bx2=Wx
zm+-6JRQfkox^cVnnS}xT{jcTOH^uQYUb**oANSfHlb(^~LcY?sJ*|@PW6EZo<JrEc
zEJa84>{FkJ&P=b{yPiHk@3_@^4?jZ-Co76+c&oM{(+!t1m;}+4Mr40ZD`uZdW=w9@
z<Izi>9in~NHU_+F#V_LuChs<??|FgocapmQU?Vo^4i6WtVuw-FSsUwIpUa%D=1_Ec
zUZvlTT~iX^<@fjw^Y(*lPp)oRcF@V1R@)sy?Rb6Mc~F#9G8?l&$mNjrltppr?X-$%
zPMZ#Vu8xvtXwNH{_P>z&(;-+%IQG%b^yoyz<_m2JrDt{>wEE}Wk}GaZ#FSN8$uc&_
zD|J%aE+EOpZnLC!7Zrney+v4l&>`(GU+l)ha%Jv=W3#?%&Q6$3#OtXg*2P&~tz0+f
zdVR$1f`uj~3Nu)0F`Q>+N4;U`M0f6}U|}=A#F?Vc270~uAln~D)mqvcTQFn0{9<2E
zfQf47)X575)vqLGpj7=L_9ZS~b;aLC0Uk`f@|n@>xoSAuOUZdD#h0%2Csk-`cvVo#
z@xq~2Bpm%?rBGW^iq(kxTYK^QGy8FcZO{OrPZnT0fK*MQzkfM+H5i#F!?>w-N=T^u
z7GaeUA?>D?1>MpNrhgZv_OnC_vzUV)a2<9J+9s3^)gC~wQMYnqO{tO|vFmWHr(G(h
zN`R<K1nf#(w`ifpH3A1fx4Q+d`gR3wjh=2aa6B9UmEn;R(3gev6%cK*0@H(cTRH`L
z<giexov`~`d%crIpx|c?+fz_%w-P8X37Ue6hc4y&!Pa!h(`i@9*NsV;+Q|$_Q5|1m
z+FS&}qWpHT2DC*#R|2O5$!&|$lvO7}Nz(4Z%Z?-S#idTM<<pc7Uda>$oU|d0i~ZqQ
zm|r}Xj90s>WNLc{Fo`_$D<08wR?YWC$(c9h4s@T6IbBVbnz0Puz$1={rQZs{2B<>H
zg&t^uLp-EMeUi;XX86~<LN9n`t{+MO#O<kc;BiY@iNhnzihIRZ59gsNmB>l;0Gcsl
zP94L-wep~z5$3v!u?|#caIWNb4z`9L@>*3SHi3Gmp*pgB%deHeP%7tD5^6)}^UI~1
za<)tE<2m+Oa9Ci!QDB1(hzl)yaaHE;3Efe`EoI~rLg*O;<fW3Y4`4`asBS}5H8=G6
zt||hu40DgUZ*_F{>MoY#HTPF))j&2&`C@m`XDMo=ggD03uFFO+su9(@f}xnM4Tpji
zY_GCfWHY5vPC*IRv?^hfbV9E}E!T-)37}lggCDt2A~m#%N_YqC7}82bW(8J2QR17m
zW0xYkS)twC8NocHcuaZ-=^B{VpyH+?&U=<<Mo!JvaU(KLC$kIhdzN<XD))hEc!u}^
zdMgVdoPlDy$l<a*`12)GK-{g)Bl;Wm{nL6RReogujreZk&|59rS=u1$?GdFtp~sPM
z?*Vh@fv*+?_4sw8%$X2boEc1yNDi-8j@9OwKuTE+VGjLKaTvwe9V9uTHJ^EU+o8VI
zZ`^0PadXZDYp&m&#_i>K73>+N(unX;GgYJmCa^+(7P9KJ_f`4uGm7HhuWYIL=h%Jz
ziO*#xqdw&vk{u*SJW?b_hCaulDLY=wAcnM#YFrD<Q8ZttW{ZlBesDg~<N#q(wpw$2
z5-$^a8;;!`gOEqk)<0r)Cm**Zd1(wt7E9~3PamQ9Mlg>w1G<G~;Hjyo2F}=Ccvj@(
zP<-a=gko8lWqG_+T5|Cv{=yj3?Gg0BN#{U31ntdo^{xG9xn;8h!BZitHVO22#4OBf
zjhs#KW%&gmBM|L@=t9_a8Kzrq99*83xR@e7Tvz_UGy7UYqa!JXt`^DB?OcsI^%~py
z5$l;)-qw`M&+KS_AJvKo-d+6m<h5i(r)j0{TWAbhA2JppeJ6U|zEz&qhLivosp@t>
zspSl(qP+eK&@PK^uGIs>N8@j0cSSskryV(ZcTt^F6uVT)+H>BMP<?Cw8#6u@5*p=p
z+n28;1q=WpAHsV`k1WZ5?@Vj`r&}=FmG*Y#WM4toeE6AaozzLk<m6)h#4Tvd?A+fj
z1l^u$^)B|;cL}<tE;I-~z-l?XB%MUmzZS^5!<#Q%QlJw(f%a^UN#J9LtV7*L>3VUK
zX)&k2VH#T-R??ucvJ-!qX3xFhCpBQ!>0cOhhIY`wzg)oPt~J2wWkRG(4bv+lM>enj
zI}$a5n7AlQ(oRN|<kpQy_xtec9PvZ#u7^%nborkC)zeipUCEEh4eC7~VgW5da0BYa
zS(zpS08Bf`sHpnj$GhTjo;%(oSSHo_=U0zAhoW20PsuK8>!Ngh{9MX%rKe;5jK0ME
zQnT94zW?aT_FUG{4NxmpeSoU|Y=g%7-FRmffD|E2=PF%Qf%m6M(aVRU!)v#{F0EoU
zOo@|w3t+~|c-wFJj|Ifqn^39<Tb+bCUw7q|4xes+0c2F8+||glr497rpV7XkZAGYe
zc~dH6C*WcZLmk@&<wL0BO5g?y5CaVVW}+K#khoe63sm}fiVpZXK|)AEoa=YnPJYKi
zU1y<ur;Sh~*h`kwoUL}9hufsBgAuF09->SvZt82s9Jx(7043prC09hzBchZF6`Gf7
zl1oyW4`A+yvCmlKlW!<9v#@0u1OFyR$x{mh7&ny^C&-^jQo8~G6NT;_avguwdif-N
z<02tN4ws9FEi)RY#SSYh!tyLC)pn4%go<P7J-KZHi4l4%sFw%(i4J!vbSLwHlg0X$
zGNPp%v{Vh41rH%f!~d1$IhJ}0c;M?%dk=>m8^&QvTf&GO&+y;;ovOc1hTLeTqr1qS
zqO0fLWJ^!E<&1`>8$$uB)Zn!;A)}h0D;g$}Fw|F+5nzNcfMwKa=0=W0?6alP5nlz0
z3IL`j9wWo>eh_Y%rM^w17NLSrOoB=ry=)5|eFGIigL<EHl8uP>SPqCK^a&+~31OUW
zQ5d4j?@Kg4dvm|b@fwQ`pa_=~1<lF8;66(3EX+@JYpo)TAw=ck!TXR#RWFf7Ri70M
zz~@kA!&t}@!m|Lpir63>CbQ9KfsjlC9r?h+Sm=X5{f&gYQ2@;qAgTUggeA2gZ|I7^
zI|2{l_K`0taWoY$Ne4&iBtJRs(|jD5g>aN(ZUC5&LHWcSHcmxZ<)C+p$hcLf0fU!+
zZWw^WW&u<d`i}+j3RMhFVvh?@Z#*FYQq$aj+l-<1q#TcAg2?j-q6=g-hgvJ=fOB+5
z6=;2D-6fvd?^h@!8Hg55${GD2E%@G|8v#bxtR#U;h$h9ou2(sq#CY25<Wm=DJCui%
zprv;pEjh+aHkdgG6nvp{KB0^Q(HcwebF-*ziZNssIHFLWqX&@VCYD=vEYMleIK)1d
z!h{D$3VA<Ngh3gRuyp@l1D$gs^pz<;LKgAraTQ1#M^0kz1K|I7&>cZ=gk=Ui7$Jo$
zi4wIa2+#ZLA$b7zQ$^6Bk=`nRv^9_Kq(hbdgxpnDqT3wcO~aeZLA3!~%mqpX064Yc
z!C()Zj4Cj~EU0i%VztI`OqUGzuwN-q0Ol%qv=So9{=$=B8OJok=)|);kU=8;rrd~>
z;G*I%D}crn6`5+Lp%X&-OAf~Wpp-a5I3-akdqN2I7+ZstPb1SsB+Y6%M*;jrMWz5a
z{Y}uFS-|!EdZB7Ih>pcCB5%-%Hq{`i8rDoVs|ldRm_mnmWB5rzii)5nuqZl@c(4n;
z1(*h#QT7Vhe?Qp|2vAczbB~8o6psc)DCZN}?=>{WmAGRf3)}}>5D&aGi>qb5e4RxW
zRk#Jn2*>2G&*CY>tMhQF9BVNT$(2LVve!k`>cY$bz4aiLNS;@!e?Lw_NwBm$qTVM8
z-HuS1K{iv)2eE*&a!eQ<ixg>D%W*ND#K*DF1`+%lgp~qDL<zQOg7SoisHQSeUtyJB
zVBv=NK^5WqM*I&YWVuKnQr`yAkk6EumI=xW6|7b@|Lhl1OQ2gV`+JKVg`3@xc?$JS
z`Ju@D?MJfyod;0J3F5@lg{j#`b+j7PQ;i$Yhi4yf=qL4VOKNfRkiGKNH`V4b%XNK<
h#fNsxUq(<6W{smS6gs=m#WJKl-FQZcgTVmi{{hANlS=>q

literal 3096
zcmd_qi6heu1Hkd$W^+Yt49nHn5SEvcQu1umG(y9Qgq-Cp$BH7&73OG)$m19pGjiYe
zouk9qAu`KZ(OfBN&-=W8$NT*sKHqa@rY8+u-vMM`sSNlx5C|kGDY<|DenmyaLx&Dw
zFc>v8HFb6M!-o%RYHDJ!SY2J+W5<pe7#J8D8X6fH85<kp@puyx6C#mFB9Y9@%*@Tr
zEi5dotgOgnvbD9ft*!0Fix=(e>@Huv?BL+w=;(O$>QxsP7dJOIcXxMBPfsr|FCQNt
zKR-WzfB%~|Zw3Se1O^5M1qB5M2UDrk+qZ9rgoK2KhTgez=kDFRVPRq6;o<l0-HV8b
zxPSjXjYf-%jEstkijIzsiHV7gjg60wPe@3h)9HzciAhOG$;rtnDJc&hK1@wbee~$j
z<HwKF($dn?)1N$fl97>-nVFfDm6e^HotvA>WHR&f^9u?JSS(giQBiSmF`LaUDJkJ_
zIHjefWo2d0pFb}zFR!SmsI084s;a84uCA%6sjaQ8tE;Q8uWx8*Xl!h3YHDh3Zf<F5
zX>Dz7Yinz7Z|~^n=<Mw5>gww5?(XU7>Fw?9>+9?9?|<>)#o*xJ@bK`<moHzxe*Nan
zn~{-`(b3Vdv9a;-@rj9vw{PFRd-v}B`}ZF{e3+V=`uOqV^z`)1%*>}xpJr!gxm@nt
z+#HX``~3Oy{QUgF!ouR>;?mO6^78V^%F357U%r0*`t94d)z#ItwYBfxzw`P0_4W0Q
zjg8IC&8@Ai?d|O!KYr}&?EL)sb9Z-lZ*TAS@85s^{1FHQ|NI}PB7mC&dAd?PJy0Ru
zR4>#yGfOg{@(ThI2mS%D|KssLD1fK{xGbhfs$_OWi%M%b4pip%#KF+!*`%t1zC`3P
zpXq_BXD=S2Oz4Vc)rEtP58HAa2di1b^b>AF;bt{Oui}89MMOYN@rAroAp%8neOB_b
zv`1QPfwk=MVx?Q<S*I?hTe0nHY|_kcrB7x%^w6CK(!baN?&BO8`}!}Fbpdtt+q(w7
zOfb{{-uib)fl_NB??HB$0rqN}(1ATD7Kxc_wwKZ9Pdv$+1xG4`g-cv2olnX*=DRp>
z@cH#21(Sy<SvA@-uWwuXQrhmiujDdnYa3xIu~Nn?^&J`Kr!H$VZTCgwNMR@q8K{n~
z1M=>qvNF;@(OaKCp`;+ABS2cG@!?Mp(&~*UA<n{TRuPk%^H-kudRw(ffANJ`<KTWF
zVmBV7=F&al$;5W$fg&o84oUu&>5Rh{li;o(IHKFe8$w-H*{{VK6LL1g+L&wQ>W&eS
zJ9UQ{@tCam0y<U@_W>7eM8@qe(5F6?QQp!s*Glaq(}b9!u2CorgCGJ3R(pb>b(Xsg
z!4xycNc*8!)Sx*Fn*LZ)t0^+$;J$nP^sH;Lv?4<7peqh^A)7biDdj~VYwSaGMv3IZ
zC}PfmFp7w?8-h9{0qq5@`8wsOsRJGbh33N0)=KlNU(cV;vYy@$*Kpx@M6%h&yx0eL
zJU2EDFF1mz?8TLalWAfl$X-!r2Ad+U$$}_gF|r6>zbX?NLd=<}Tex_ASat+^EA&>>
zS&&$(_^4+pvX@vVOiW$DrEyvP_);<%P;4joymc(49QC$3L7NwG9uGW~jmw+4f@^;!
z%P)k)k*JrM(5I0ZTEb3vE{?`!&Eb<Sjp_j9ISUT0n_%+yb9cDM6KZlIWP?CxTLmX-
zn}aY4FaDnZm@G6&cVtiuTZsdUA$6C+Yl<jS{TpCzw>k-(94~5d;+3hX0GvHi^NV;7
z<($f(&8h0lW(H&&duPPxkQ<BZ?K{|WrB<@s`lu%IAo28b0_D5*&Sd62aE?GI#&2%}
zrx)j6gJW<PM9FK-=|3sH4S#N%a{S1E1Y4C7;+cBE`4^s(plXtF-)KUS>!NUWlUv3v
zz=PaTDS?GP4_8hCSVy-#MZI1!n;5|6+zj;j;oQjqUB5IGFFYT(Gz*5_Xnrp=XpIw^
zp3$%MO%7QwU{PjLAIr(Hz!2y21DOSK$L}^*?Di#GX#bVO{EHl1jEIzL2~9L@e);BE
z?k*haf|FCW7QdKAkWR#zNYdROeZ8d?M){!pv50pDpnX@}Yhv7gAD6dXr5X*N;x5~)
zLt3*{?h6Mx<E`vqluVAFa<8bC6~0IQZ2)S2p*W;i70;QE1PLVgV98)l_&G-vs8nXB
zcqX7I7dV14JzF64v{CU=lFqG*o#*8Y>=@eBgjk4cK3+#pSiyq^QjU+5UUOllOf%h$
zT!(r356*n>ev{%fYGPGS{@Yl7K6#Ul)(#ptX|yrIupLDMKbK#aR)ZPPlQfK42|!`0
z%EY8%!13yXN-u9j-I;!dRuCH?`B?yNQ<++J2k~di38_hnp8n={hA7n=PeSH%eO)w%
zjmO50vn9lJ;+p8IlP>P9-xho#n)FUdZ9Z*5u#TSVd0Bg8f7Tm|MSTTZ%lA&wfA>r*
z8XO;w&OX_lRUxFI-)Csml_m`=ZCyJxX=ZV|URvjj0NDx1=hGv!ZsczDvd(-zD2EE@
zdkT_a>l;>!mfb7Nhb~_-L1~Q|3%E?aIa^EQE}U*WkuMD`A?oc~CYuJQDzAH)6Psb_
zDYb>_o@(cg@N6DbQ&f&Sy&}5Gk0<L;(T0;GGW_U7|2G8lOxuEmw#`J!Cw&#m<nyu~
z1!;v^2$qZrRNeswI)Lhel?{}r&C?*V6fOwu6?G`y3-&x{veZSAbERc>vN8%G^C%2V
zFw!g5Pg48$+q8@6yW{bc0wK7RiKWQJdigCjD$df+3O#(Nk4|wFW7yzF$bb-)R}raH
zX0dM%W-TEK4hD!?26$m1awO{sU(lt9Sx=xa3Z$;laG*y-*f>G6uGD|k7d`cH9Gp>C
zF5|7SxK$ff*ewJl5gY(*`_bD(gjq?CHD3dMgbRg34JT|51c|nWd!s%b0YW8@=h3TG
z+rBErhbEkcsUuJj33NOPV=yz~&=59TGoVQ=eHT@xdTGm(1QpkfTZ6qviO8<dRv@mB
zmJ{&M6$QLQ?5yC@PDd%53)SR_wgNnqU+5Rrav*vihFLA783?lSV<0r_`}K9=lV@7Q
z5eTj*WDw%~mia^;*~ED(Q$^gRWtb~^z_4eC(k}Ki`=d>Om4RrQboc^R&SQAZvoBww
zGa)htbR{qTyuj3*Gf(H{+X{6BL|tAdXkvKMY@{gF{nsM0n($g?^_UP8yd0HAXz+v$
zXzHM}yUIQk`WKNh@~~qzTblbs0&(dgN4<|E){b9|;FK6Jw2iqe7oSCM0{RSG@tJ+$
z(Q;?Ty3~2QcgVNu5!>0&?)TCrB*?GW;b+H(d=e~>;v#{OB$c7M3V(;uW@0@)Er;u_
z5!Q;{#W#tMJm{AQn*`O9?hcwTj5RW)Lw^zQs8PT{+G853*AO=6wDv<8;|Bc+s@LC_
zQFM<tt7qBQ@fTjCC}&u;JsD7<42vDZguFIh{&w(`3g3`~604`HX-l>9Df++X))r3o
zEGrpL>vo7%g$5G*+bv(Nf`A+H`H-O%=?7Up;O5_>U59aezo1v)#>YEKUZN3OP6sfO
zn+X-y?2RoldK}R=VgZq)k%nwKLE>;gr*J4O&T-xGGdN*)qEtYsvYjb6l^f9D6Tmt}
z@+DuWr|>dT&rfWnt~93YO~VN_P=447=SGuNZhJ^n457i6kN$MCWT*S|3(=gm7+x?T
ze&~u|BlAt`!dKnU7yB^0O~bkQ)26#)OELVghm8=gN|AF}f^8*}wxx4T(NiA<KN{b(
ft@&S#`>-e2={(TRkGt@jr|{3uf$KyZ0G$3WS)?{X


From e7aa695775d51a23e541f046dd106075793e53a8 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 15:04:30 -0600
Subject: [PATCH 310/336] 2025

---
 templates/footer.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/footer.html b/templates/footer.html
index b782a074..2288b013 100644
--- a/templates/footer.html
+++ b/templates/footer.html
@@ -2,6 +2,6 @@
     <p class="unimportant" style="margin-top:20px;text-align:center;">- Tinyboard + 
         <a href="https://github.com/vichan-devel/vichan">vichan</a> {{ config.version }} -
     <br>Tinyboard Copyright &copy; 2010-2014 Tinyboard Development Group    
-    <br><a href="https://github.com/vichan-devel/vichan">vichan</a> Copyright &copy; 2012-2024 vichan-devel</p>
+    <br><a href="https://github.com/vichan-devel/vichan">vichan</a> Copyright &copy; 2012-2025 vichan-devel</p>
     {% for footer in config.footer %}<p class="unimportant" style="text-align:center;">{{ footer }}</p>{% endfor %}
 </footer>

From 9d590eed2aa2a34989a75795f957ab826eb06a6b Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 20 Dec 2024 15:08:24 -0600
Subject: [PATCH 311/336] typo?

---
 inc/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/config.php b/inc/config.php
index 697a6fcf..ccc61fc3 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1553,7 +1553,7 @@
 
 		'link_delete' => '[D]',
 		'link_ban' => '[B]',
-		'link_bandelete' => '[&amp;D]',
+		'link_bandelete' => '[B&amp;D]',
 		'link_deletefile' => '[F]',
 		'link_spoilerimage' => '[S]',
 		'link_deletebyip' => '[D+]',

From 29ee5aeb1dc3976f231ee44ab0b9bbfbf45648d6 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:05:42 -0600
Subject: [PATCH 312/336] For 7.4 compatibility

---
 inc/mod/auth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index f6a65db2..43b5e8fc 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -10,7 +10,7 @@ use Vichan\Functions\Net;
 defined('TINYBOARD') or exit;
 
 // create a hash/salt pair for validate logins
-function mkhash(string $username, ?string $password, mixed $salt = false): array|string {
+function mkhash(string $username, $password = null, $salt = false) {
 	global $config;
 
 	if (!$salt) {
@@ -79,7 +79,7 @@ function calc_cookie_name(bool $is_https, bool $is_path_jailed, string $base_nam
 	}
 }
 
-function login(string $username, string $password): array|false {
+function login(string $username, string $password) {
 	global $mod, $config;
 
 	$query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username");

From f3f7c0c75c0fc61ad51616969a4f78b9a1bf2a66 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:13:37 -0600
Subject: [PATCH 313/336] 7.4 compatibility

---
 inc/lock.php | 124 ++++++++++++++++++++++++---------------------------
 1 file changed, 58 insertions(+), 66 deletions(-)

diff --git a/inc/lock.php b/inc/lock.php
index 5a83562a..9b1522c4 100644
--- a/inc/lock.php
+++ b/inc/lock.php
@@ -1,84 +1,76 @@
 <?php
-
 class Locks {
-	private static function filesystem(string $key): Lock|false {
-		$key = str_replace('/', '::', $key);
-		$key = str_replace("\0", '', $key);
+    private static function filesystem(string $key) {
+        $key = str_replace('/', '::', $key);
+        $key = str_replace("\0", '', $key);
 
-		$fd = fopen("tmp/locks/$key", "w");
-		if ($fd === false) {
-			return false;
-		}
+        $fd = fopen("tmp/locks/$key", "w");
+        if ($fd === false) {
+            return false;
+        }
 
-		return new class($fd) implements Lock {
-			// Resources have no type in php.
-			private mixed $f;
+        return new class($fd) implements Lock {
+            // Resources have no type in PHP.
+            private $f;
 
+            public function __construct($fd) {
+                $this->f = $fd;
+            }
 
-			function __construct($fd) {
-				$this->f = $fd;
-			}
+            public function get(bool $nonblock = false) {
+                $wouldblock = false;
+                flock($this->f, LOCK_SH | ($nonblock ? LOCK_NB : 0), $wouldblock);
+                if ($nonblock && $wouldblock) {
+                    return false;
+                }
+                return $this;
+            }
 
-			public function get(bool $nonblock = false): Lock|false {
-				$wouldblock = false;
-				flock($this->f, LOCK_SH | ($nonblock ? LOCK_NB : 0), $wouldblock);
-				if ($nonblock && $wouldblock) {
-					return false;
-				}
-				return $this;
-			}
+            public function get_ex(bool $nonblock = false) {
+                $wouldblock = false;
+                flock($this->f, LOCK_EX | ($nonblock ? LOCK_NB : 0), $wouldblock);
+                if ($nonblock && $wouldblock) {
+                    return false;
+                }
+                return $this;
+            }
 
-			public function get_ex(bool $nonblock = false): Lock|false {
-				$wouldblock = false;
-				flock($this->f, LOCK_EX | ($nonblock ? LOCK_NB : 0), $wouldblock);
-				if ($nonblock && $wouldblock) {
-					return false;
-				}
-				return $this;
-			}
+            public function free() {
+                flock($this->f, LOCK_UN);
+                return $this;
+            }
+        };
+    }
 
-			public function free(): Lock {
-				flock($this->f, LOCK_UN);
-				return $this;
-			}
-		};
-	}
+    public static function none() {
+        return new class() implements Lock {
+            public function get(bool $nonblock = false) {
+                return $this;
+            }
 
-	/**
-	 * No-op. Can be used for mocking.
-	 */
-	public static function none(): Lock|false {
-		return new class() implements Lock {
-			public function get(bool $nonblock = false): Lock|false {
-				return $this;
-			}
+            public function get_ex(bool $nonblock = false) {
+                return $this;
+            }
 
-			public function get_ex(bool $nonblock = false): Lock|false {
-				return $this;
-			}
+            public function free() {
+                return $this;
+            }
+        };
+    }
 
-			public function free(): Lock {
-				return $this;
-			}
-		};
-	}
-
-	public static function get_lock(array $config, string $key): Lock|false {
-		if ($config['lock']['enabled'] == 'fs') {
-			return self::filesystem($key);
-		} else {
-			return self::none();
-		}
-	}
+    public static function get_lock(array $config, string $key) {
+        if ($config['lock']['enabled'] == 'fs') {
+            return self::filesystem($key);
+        } else {
+            return self::none();
+        }
+    }
 }
 
 interface Lock {
-	// Get a shared lock
-	public function get(bool $nonblock = false): Lock|false;
+    public function get(bool $nonblock = false);
 
-	// Get an exclusive lock
-	public function get_ex(bool $nonblock = false): Lock|false;
+    public function get_ex(bool $nonblock = false);
 
-	// Free a lock
-	public function free(): Lock;
+    public function free();
 }

From 2466a3d859c2dc22d1a486ee9616795a36d6bd2e Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:15:40 -0600
Subject: [PATCH 314/336] 7.4 compatibility

---
 inc/queue.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/queue.php b/inc/queue.php
index a5905c84..7ba255f3 100644
--- a/inc/queue.php
+++ b/inc/queue.php
@@ -73,7 +73,7 @@ class Queues {
 		};
 	}
 
-	public static function get_queue(array $config, string $name): Queue|false {
+	public static function get_queue(array $config, string $name) {
 		if (!isset(self::$queues[$name])) {
 			if ($config['queue']['enabled'] == 'fs') {
 				$lock = Locks::get_lock($config, $name);

From c94ab113de962804c4c8eae8e268d0006c810fe1 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:37:22 -0600
Subject: [PATCH 315/336] continued 7.4 backwards compatibility

---
 inc/Data/Driver/ArrayCacheDriver.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/inc/Data/Driver/ArrayCacheDriver.php b/inc/Data/Driver/ArrayCacheDriver.php
index bb0cd310..8e74c9a5 100644
--- a/inc/Data/Driver/ArrayCacheDriver.php
+++ b/inc/Data/Driver/ArrayCacheDriver.php
@@ -1,20 +1,20 @@
 <?php
 namespace Vichan\Data\Driver;
 
-defined('TINYBOARD') or exit;
 
+defined('TINYBOARD') or exit;
 
 /**
  * A simple process-wide PHP array.
  */
 class ArrayCacheDriver implements CacheDriver {
-	private static array $inner = [];
+	private static $inner = [];
 
-	public function get(string $key): mixed {
+	public function get(string $key) {
 		return isset(self::$inner[$key]) ? self::$inner[$key] : null;
 	}
 
-	public function set(string $key, mixed $value, mixed $expires = false): void {
+	public function set(string $key, $value, $expires = false): void {
 		self::$inner[$key] = $value;
 	}
 

From 762a0edefd16ae868f21547308d6b923d84157ef Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:42:16 -0600
Subject: [PATCH 316/336] continued 7.4 compatibility

---
 inc/Data/Driver/CacheDriver.php | 54 ++++++++++++++++-----------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/inc/Data/Driver/CacheDriver.php b/inc/Data/Driver/CacheDriver.php
index 083ed652..e35232a4 100644
--- a/inc/Data/Driver/CacheDriver.php
+++ b/inc/Data/Driver/CacheDriver.php
@@ -5,34 +5,34 @@ defined('TINYBOARD') or exit;
 
 
 interface CacheDriver {
-	/**
-	 * Get the value of associated with the key.
-	 *
-	 * @param string $key The key of the value.
-	 * @return mixed|null The value associated with the key, or null if there is none.
-	 */
-	public function get(string $key): mixed;
+        /**
+         * Get the value of associated with the key.
+         *
+         * @param string $key The key of the value.
+         * @return mixed|null The value associated with the key, or null if there is none.
+         */
+        public function get(string $key);
 
-	/**
-	 * Set a key-value pair.
-	 *
-	 * @param string $key The key.
-	 * @param mixed $value The value.
-	 * @param int|false $expires After how many seconds the pair will expire. Use false or ignore this parameter to keep
-	 *                           the value until it gets evicted to make space for more items. Some drivers will always
-	 *                           ignore this parameter and store the pair until it's removed.
-	 */
-	public function set(string $key, mixed $value, mixed $expires = false): void;
+        /**
+         * Set a key-value pair.
+         *
+         * @param string $key The key.
+         * @param mixed $value The value.
+         * @param int|false $expires After how many seconds the pair will expire. Use false or ignore this parameter to keep
+         *                           the value until it gets evicted to make space for more items. Some drivers will always
+         *                           ignore this parameter and store the pair until it's removed.
+         */
+        public function set(string $key, $value, $expires = false);
 
-	/**
-	 * Delete a key-value pair.
-	 *
-	 * @param string $key The key.
-	 */
-	public function delete(string $key): void;
+        /**
+         * Delete a key-value pair.
+         *
+         * @param string $key The key.
+         */
+        public function delete(string $key);
 
-	/**
-	 * Delete all the key-value pairs.
-	 */
-	public function flush(): void;
+        /**
+         * Delete all the key-value pairs.
+         */
+        public function flush();
 }

From 58c2f095dc586b70407e2ea3da75c5e46764e0cf Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:49:27 -0600
Subject: [PATCH 317/336] 7.4 compatibility

---
 inc/context.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/context.php b/inc/context.php
index 9e5caef0..e047a782 100644
--- a/inc/context.php
+++ b/inc/context.php
@@ -16,7 +16,7 @@ class Context {
 		$this->definitions = $definitions;
 	}
 
-	public function get(string $name): mixed {
+	public function get(string $name){
 		if (!isset($this->definitions[$name])) {
 			throw new \RuntimeException("Could not find a dependency named $name");
 		}

From 6606c182b58ff4ef1a2ad70d6358a488168990ed Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:51:07 -0600
Subject: [PATCH 318/336] 7.4 compatibility

---
 inc/mod/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index 43b5e8fc..311b9850 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -196,7 +196,7 @@ function modLog(string $action, ?string $_board = null): void {
 	}
 }
 
-function create_pm_header(): mixed {
+function create_pm_header() {
 	global $mod, $config;
 
 	if ($config['cache']['enabled'] && ($header = cache::get('pm_unread_' . $mod['id'])) != false) {

From 00fc21322c5cca3a398f0df9f08964a651f2db81 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:54:48 -0600
Subject: [PATCH 319/336] 7.4 compatibility

---
 inc/Data/Driver/HttpDriver.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/Data/Driver/HttpDriver.php b/inc/Data/Driver/HttpDriver.php
index 022fcbab..d23230df 100644
--- a/inc/Data/Driver/HttpDriver.php
+++ b/inc/Data/Driver/HttpDriver.php
@@ -98,7 +98,7 @@ class HttpDriver {
 	 * @return bool Returns true on success, false if the file was too large.
 	 * @throws RuntimeException Throws on IO error.
 	 */
-	public function requestGetInto(string $endpoint, ?array $data, mixed $fd, int $timeout = 0): bool {
+	public function requestGetInto(string $endpoint, ?array $data, $fd, int $timeout = 0): bool {
 		if (!empty($data)) {
 			$endpoint .= '?' . \http_build_query($data);
 		}

From c4cd4d3c12c43b5f9d542e9e410edcc4d6934dd2 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:55:57 -0600
Subject: [PATCH 320/336] Update HttpDriver.php

---
 inc/Data/Driver/HttpDriver.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/Data/Driver/HttpDriver.php b/inc/Data/Driver/HttpDriver.php
index d23230df..989b47ae 100644
--- a/inc/Data/Driver/HttpDriver.php
+++ b/inc/Data/Driver/HttpDriver.php
@@ -8,7 +8,7 @@ defined('TINYBOARD') or exit;
  * Honestly this is just a wrapper for cURL. Still useful to mock it and have an OOP API on PHP 7.
  */
 class HttpDriver {
-	private mixed $inner;
+	private $inner;
 	private int $timeout;
 	private int $max_file_size;
 

From 40571f20018a6dc9dfb1f34c234d3ed3125b9600 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 14:59:12 -0600
Subject: [PATCH 321/336] 7.4 compatibility

---
 inc/bans.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index 58b054ec..91b21295 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -37,7 +37,7 @@ class Bans {
 		}
 	}
 
-	static private function findSingleAutoGc(string $ip, int $ban_id, bool $require_ban_view): array|null {
+	static private function findSingleAutoGc(string $ip, int $ban_id, bool $require_ban_view) {
 		// Use OR in the query to also garbage collect bans.
 		$query = prepare(
 			'SELECT ``bans``.* FROM ``bans``
@@ -70,7 +70,7 @@ class Bans {
 		return $found_ban;
 	}
 
-	static private function findSingleNoGc(int $ban_id): array|null {
+	static private function findSingleNoGc(int $ban_id) {
 		$query = prepare(
 			'SELECT ``bans``.* FROM ``bans``
 			 WHERE ``bans``.id = :id
@@ -268,7 +268,7 @@ class Bans {
 		return [$ipstart, $ipend];
 	}
 
-	static public function findSingle(string $ip, int $ban_id, bool $require_ban_view, bool $auto_gc): array|null {
+	static public function findSingle(string $ip, int $ban_id, bool $require_ban_view, bool $auto_gc) {
 		if ($auto_gc) {
 			return self::findSingleAutoGc($ip, $ban_id, $require_ban_view);
 		} else {

From 3b9b23035ea719ce19e4d05b19a32138ebb1681c Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 15:02:58 -0600
Subject: [PATCH 322/336] 7.4 compatibility (updated)

---
 inc/bans.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/bans.php b/inc/bans.php
index 91b21295..77b8e7f1 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -94,7 +94,7 @@ class Bans {
 		}
 	}
 
-	static private function findAutoGc(?string $ip, string|false $board, bool $get_mod_info, bool $require_ban_view, ?int $ban_id): array {
+	static private function findAutoGc(?string $ip, $board, bool $get_mod_info, bool $require_ban_view, ?int $ban_id): array {
 		$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
 		' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
 		WHERE

From 0a870ebdb34d22205a3f61b37db8e8d077acaaa5 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 15:05:16 -0600
Subject: [PATCH 323/336] 7.4

---
 inc/bans.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/bans.php b/inc/bans.php
index 77b8e7f1..5f78e54d 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -130,7 +130,7 @@ class Bans {
 		return $ban_list;
 	}
 
-	static private function findNoGc(?string $ip, string|false $board, bool $get_mod_info, ?int $ban_id): array {
+	static private function findNoGc(?string $ip, string $board, bool $get_mod_info, ?int $ban_id): array {
 		$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
 		' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
 		WHERE
@@ -276,7 +276,7 @@ class Bans {
 		}
 	}
 
-	static public function find(?string $ip, string|false $board = false, bool $get_mod_info = false, ?int $ban_id = null, bool $auto_gc = true) {
+	static public function find(?string $ip, string $board = false, bool $get_mod_info = false, ?int $ban_id = null, bool $auto_gc = true) {
 		global $config;
 
 		if ($auto_gc) {

From 0f8a5fa926ce2f85da9a8e1b2a6728fa3fd1f741 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 22 Dec 2024 15:17:22 -0600
Subject: [PATCH 324/336] continued 7.4 compatibility

---
 inc/bans.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/bans.php b/inc/bans.php
index 5f78e54d..b09abda1 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -276,7 +276,7 @@ class Bans {
 		}
 	}
 
-	static public function find(?string $ip, string $board = false, bool $get_mod_info = false, ?int $ban_id = null, bool $auto_gc = true) {
+	static public function find(?string $ip, $board = false, bool $get_mod_info = false, ?int $ban_id = null, bool $auto_gc = true) {
 		global $config;
 
 		if ($auto_gc) {

From 2d9e5009f875f945bbec87a023aa05494b08e93d Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Thu, 26 Dec 2024 22:28:21 -0600
Subject: [PATCH 325/336] fix typo

---
 templates/post_form.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/post_form.html b/templates/post_form.html
index 11f11e74..476ed8d7 100644
--- a/templates/post_form.html
+++ b/templates/post_form.html
@@ -91,7 +91,7 @@
 				{% trans %}Verification{% endtrans %}
 			</th>
 			<td>
-				<script>load_captcha("{{ config.captcha.native.provider_get }}", "{{ config.native.captcha.extra }}");</script>
+				<script>load_captcha("{{ config.captcha.native.provider_get }}", "{{ config.captcha.native.extra }}");</script>
 				<noscript>
 					<input class='captcha_text' type='text' name='captcha_text' size='32' maxlength='6' autocomplete='off'>
 					<div class="captcha_html">

From 47cbbbc97253d18f5eac226b233abff309c37bcb Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Mon, 30 Dec 2024 17:19:42 -0600
Subject: [PATCH 326/336] modify themes to use numeric array #871

---
 inc/functions/theme.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/functions/theme.php b/inc/functions/theme.php
index 6ac3a95b..e4cb1134 100644
--- a/inc/functions/theme.php
+++ b/inc/functions/theme.php
@@ -31,10 +31,10 @@ function rebuild_themes(string $action, $boardname = false): void {
 		}
 
 		if (PHP_SAPI === 'cli') {
-			echo "Rebuilding theme ".$theme['theme']."... ";
+			echo "Rebuilding theme ".$theme[0]."... ";
 		}
 
-		rebuild_theme($theme['theme'], $action, $boardname);
+		rebuild_theme($theme[0], $action, $boardname);
 
 		if (PHP_SAPI === 'cli') {
 			echo "done\n";

From f3cb2552ce0f50bfc7c27c892d280368cf678273 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Fri, 3 Jan 2025 00:25:31 -0600
Subject: [PATCH 327/336] modify default captcha config to work out of the box

---
 inc/config.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inc/config.php b/inc/config.php
index ccc61fc3..b9be9991 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -307,9 +307,9 @@
 		// To enable the native captcha you need to change a couple of settings. Read more at: /inc/captcha/readme.md
 		'native' => [
 			// Custom captcha get provider path (if not working get the absolute path aka your url).
-			'provider_get' => '../inc/captcha/entrypoint.php',
+			'provider_get' => '/inc/captcha/entrypoint.php',
 			// Custom captcha check provider path
-			'provider_check' => '../inc/captcha/entrypoint.php',
+			'provider_check' => '/inc/captcha/entrypoint.php',
 			// Custom captcha extra field (eg. charset)
 			'extra' => 'abcdefghijklmnopqrstuvwxyz',
 			// New thread captcha. Require solving a captcha to post a thread.

From 92096b43b8cdd328482a3e0e3da2e5ce599584a5 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 2 Feb 2025 22:24:06 -0600
Subject: [PATCH 328/336] adding in perdedora's PR to the master branch

---
 js/expand-video.js | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/js/expand-video.js b/js/expand-video.js
index 3aa88a2c..748cf7cd 100644
--- a/js/expand-video.js
+++ b/js/expand-video.js
@@ -89,6 +89,12 @@ function setupVideo(thumb, url) {
 		}
 	}
 
+	function setVolume() {
+		const volume = setting("videovolume");
+		video.volume = volume;
+		video.muted = (volume === 0);
+	}
+
 	// Clicking on thumbnail expands video
 	thumb.addEventListener("click", function(e) {
 		if (setting("videoexpand") && !e.shiftKey && !e.ctrlKey && !e.altKey && !e.metaKey) {
@@ -105,15 +111,21 @@ function setupVideo(thumb, url) {
 			video.parentNode.parentNode.removeAttribute('style');
 			thumb.style.display = "none";
 
-			video.muted = (setting("videovolume") == 0);
-			video.volume = setting("videovolume");
+			setVolume();
 			video.controls = true;
 			if (video.readyState == 0) {
 				video.addEventListener("loadedmetadata", expand2, false);
 			} else {
 				setTimeout(expand2, 0);
 			}
-			video.play();
+			let promise = video.play();
+			if (promise !== undefined) {
+				promise.then(_ => {
+				}).catch(_ => {
+					video.muted = true;
+					video.play();
+				});
+			}
 			e.preventDefault();
 		}
 	}, false);
@@ -158,10 +170,16 @@ function setupVideo(thumb, url) {
 			videoContainer.style.display = "inline";
 			videoContainer.style.position = "fixed";
 
-			video.muted = (setting("videovolume") == 0);
-			video.volume = setting("videovolume");
+			setVolume();
 			video.controls = false;
-			video.play();
+			let promise = video.play();
+			if (promise !== undefined) {
+				promise.then(_ => {
+				}).catch(_ => {
+					video.muted = true;
+					video.play();
+				});
+			}
 		}
 	}, false);
 

From b3f065859499d1b7688d90f531b9222097c1ab08 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 2 Feb 2025 22:42:08 -0600
Subject: [PATCH 329/336] Update issue templates

---
 .github/ISSUE_TEMPLATE/bug_report.md | 90 ++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 00000000..4e79460f
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,90 @@
+---
+name: Bug report
+about: File a bug report
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+name: Bug Report
+description: File a bug report
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Github Issues are for bug reports and feature requests only
+        Please visit https://community.nodebb.org for other support
+        Found a security exploit? Please email us at security@nodebb.org instead for immediate attention
+        ### → DO NOT SUBMIT VULNERABILITIES TO THE PUBLIC BUG TRACKER ←
+  - type: input
+    attributes:
+      label: NodeBB version
+      placeholder: e.g. v2.2.0
+  - type: input
+    attributes:
+      label: NodeBB git hash
+      description: to find your git hash, execute `git rev-parse HEAD` from the main NodeBB directory
+      placeholder: e.g. 783250ee6f8c51cdc243ce3b8d9f1a080517247e
+  - type: input
+    attributes:
+      label: NodeJS version
+      placeholder: e.g. v16.15.1
+  - type: textarea
+    attributes:
+      label: Installed NodeBB plugins
+      description: to find installed plugins run `./nodebb plugins`
+      placeholder: |
+        e.g.
+        * nodebb-plugin-2factor@5.0.1 (installed, disabled)
+        * nodebb-plugin-composer-default@8.0.0 (installed, enabled)
+        * nodebb-plugin-dbsearch@5.1.5 (installed, disabled)
+        * nodebb-plugin-emoji@4.0.4 (installed, enabled)
+        * nodebb-plugin-emoji-android@3.0.0 (installed, enabled)
+        * nodebb-plugin-markdown@10.0.0 (installed, enabled)
+        * nodebb-plugin-mentions@3.0.11 (installed, enabled)
+        * nodebb-plugin-spam-be-gone@1.0.0 (installed, disabled)
+        * nodebb-rewards-essentials@0.2.1 (installed, enabled)
+        * nodebb-theme-lavender@6.0.0 (installed, disabled)
+        * nodebb-theme-persona@12.0.11 (installed, enabled)
+        * nodebb-theme-slick@2.0.2 (installed, disabled)
+        * nodebb-theme-vanilla@12.1.18 (installed, disabled)
+        * nodebb-widget-essentials@6.0.0 (installed, enabled)
+  - type: dropdown
+    attributes:
+      label: Database type
+      multiple: true
+      options:
+        - MongoDB
+        - Redis
+        - PostgreSQL
+  - type: input
+    attributes:
+      label: Database version
+      description: "`mongod --version`, `redis-server --version`, or `postgres --version`"
+      placeholder: e.g. v5.0.9
+  - type: textarea
+    attributes:
+      label: Exact steps to cause this issue
+      placeholder: |
+        1. First I did this...
+        2. Then, I clicked on this item...
+
+        A quick note: MP4 and MOV formatted video files are now allowed to be uploaded to GH.
+        Please upload if reproduction steps are hard to describe or reproduce reliably.
+  - type: textarea
+    attributes:
+      label: What you expected
+      placeholder: e.g. I expected *abc* to *xyz*
+  - type: textarea
+    attributes:
+      label: What happened instead
+      placeholder: e.g. Instead, I got *zyx* and NodeBB set fire to my house
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: Any additional context about the issue you're encountering
+  - type: markdown
+    attributes:
+      value: "**Thank you!**"

From 8c6cf17a97b4c27d7820ac544c634476883094af Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 2 Feb 2025 22:43:03 -0600
Subject: [PATCH 330/336] Delete .github/ISSUE_TEMPLATE/bug_report.md

failed
---
 .github/ISSUE_TEMPLATE/bug_report.md | 90 ----------------------------
 1 file changed, 90 deletions(-)
 delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
deleted file mode 100644
index 4e79460f..00000000
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ /dev/null
@@ -1,90 +0,0 @@
----
-name: Bug report
-about: File a bug report
-title: ''
-labels: ''
-assignees: ''
-
----
-
-name: Bug Report
-description: File a bug report
-labels: ["bug"]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Github Issues are for bug reports and feature requests only
-        Please visit https://community.nodebb.org for other support
-        Found a security exploit? Please email us at security@nodebb.org instead for immediate attention
-        ### → DO NOT SUBMIT VULNERABILITIES TO THE PUBLIC BUG TRACKER ←
-  - type: input
-    attributes:
-      label: NodeBB version
-      placeholder: e.g. v2.2.0
-  - type: input
-    attributes:
-      label: NodeBB git hash
-      description: to find your git hash, execute `git rev-parse HEAD` from the main NodeBB directory
-      placeholder: e.g. 783250ee6f8c51cdc243ce3b8d9f1a080517247e
-  - type: input
-    attributes:
-      label: NodeJS version
-      placeholder: e.g. v16.15.1
-  - type: textarea
-    attributes:
-      label: Installed NodeBB plugins
-      description: to find installed plugins run `./nodebb plugins`
-      placeholder: |
-        e.g.
-        * nodebb-plugin-2factor@5.0.1 (installed, disabled)
-        * nodebb-plugin-composer-default@8.0.0 (installed, enabled)
-        * nodebb-plugin-dbsearch@5.1.5 (installed, disabled)
-        * nodebb-plugin-emoji@4.0.4 (installed, enabled)
-        * nodebb-plugin-emoji-android@3.0.0 (installed, enabled)
-        * nodebb-plugin-markdown@10.0.0 (installed, enabled)
-        * nodebb-plugin-mentions@3.0.11 (installed, enabled)
-        * nodebb-plugin-spam-be-gone@1.0.0 (installed, disabled)
-        * nodebb-rewards-essentials@0.2.1 (installed, enabled)
-        * nodebb-theme-lavender@6.0.0 (installed, disabled)
-        * nodebb-theme-persona@12.0.11 (installed, enabled)
-        * nodebb-theme-slick@2.0.2 (installed, disabled)
-        * nodebb-theme-vanilla@12.1.18 (installed, disabled)
-        * nodebb-widget-essentials@6.0.0 (installed, enabled)
-  - type: dropdown
-    attributes:
-      label: Database type
-      multiple: true
-      options:
-        - MongoDB
-        - Redis
-        - PostgreSQL
-  - type: input
-    attributes:
-      label: Database version
-      description: "`mongod --version`, `redis-server --version`, or `postgres --version`"
-      placeholder: e.g. v5.0.9
-  - type: textarea
-    attributes:
-      label: Exact steps to cause this issue
-      placeholder: |
-        1. First I did this...
-        2. Then, I clicked on this item...
-
-        A quick note: MP4 and MOV formatted video files are now allowed to be uploaded to GH.
-        Please upload if reproduction steps are hard to describe or reproduce reliably.
-  - type: textarea
-    attributes:
-      label: What you expected
-      placeholder: e.g. I expected *abc* to *xyz*
-  - type: textarea
-    attributes:
-      label: What happened instead
-      placeholder: e.g. Instead, I got *zyx* and NodeBB set fire to my house
-  - type: textarea
-    attributes:
-      label: Anything else?
-      description: Any additional context about the issue you're encountering
-  - type: markdown
-    attributes:
-      value: "**Thank you!**"

From 96099945b9927bf40b83a44c03e13f4b78486c58 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 2 Feb 2025 22:51:55 -0600
Subject: [PATCH 331/336] Update issue templates

---
 .github/ISSUE_TEMPLATE/bug_report.md      | 34 +++++++++++++++++++++++
 .github/ISSUE_TEMPLATE/feature_request.md | 20 +++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md
 create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 00000000..ef9e03ab
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,34 @@
+---
+name: Bug report
+about: File a bug report for vichan
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior. Be as detailed as you can:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Server Specs**
+- OS used (Ubuntu, CentOS, Windows Server 2025, etc)
+- PHP version
+- Web server (Apache, NGINX, etc)
+- MySQL or MariaDB?
+- Vichan version
+If you are unsure of your server specs, you might be using shared hosting (Hostinger, HostGator, Serv00, etc). If so, just list which service you are using.
+**Additional context**
+Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
new file mode 100644
index 00000000..bbcbbe7d
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

From 50d57a4464b747cc32bc4fbd46099ed6797894d8 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 2 Feb 2025 23:01:48 -0600
Subject: [PATCH 332/336] Update bug_report.md

---
 .github/ISSUE_TEMPLATE/bug_report.md | 91 +++++++++++++++++++---------
 1 file changed, 63 insertions(+), 28 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index ef9e03ab..27719854 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,34 +1,69 @@
----
-name: Bug report
-about: File a bug report for vichan
-title: ''
-labels: bug
-assignees: ''
+name: Bug Report
+description: File a bug report for Vichan
+title: "[BUG] "
+labels: ["bug"]
+assignees: []
 
----
+body:
+  - type: markdown
+    attributes:
+      value: |
+        **Thank you for reporting a bug! Please provide as much detail as possible.**
+        
+        Before submitting, check the [Vichan Wiki](https://vichan.info) to see if there's already a solution to your problem.
 
-**Describe the bug**
-A clear and concise description of what the bug is.
+  - type: input
+    id: bug_description
+    attributes:
+      label: "Describe the bug"
+      description: "A clear and concise description of what the bug is."
+      placeholder: "Posting doesn't go through and displays a collation error. The exact error message given is the text below and I've attached a screenshot..."
+    validations:
+      required: true
 
-**To Reproduce**
-Steps to reproduce the behavior. Be as detailed as you can:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
+  - type: textarea
+    id: steps_to_reproduce
+    attributes:
+      label: "Steps to Reproduce"
+      description: "Provide step-by-step instructions to reproduce the issue."
+      placeholder: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. See error
+      render: markdown
+    validations:
+      required: true
 
-**Expected behavior**
-A clear and concise description of what you expected to happen.
+  - type: textarea
+    id: expected_behavior
+    attributes:
+      label: "Expected Behavior"
+      description: "What did you expect to happen?"
+      placeholder: "Expected behavior here..."
+      render: markdown
+    validations:
+      required: true
 
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
+  - type: textarea
+    id: server_specs
+    attributes:
+      label: "Server Specifications"
+      description: "Provide details about your server environment. If you're unsure about any of this, you might be using shared hosting (Hostinger, HostGator, Serv00, etc). If so, put the name of your hosting provider here."
+      placeholder: |
+        - OS: (Ubuntu, CentOS, Windows Server 2025, etc.)
+        - PHP Version: (e.g., 7.4, 8.0, 8.1)
+        - Web Server: (Apache, NGINX, etc.)
+        - Database: (MySQL, MariaDB, etc.)
+        - Vichan Version: (5.2.0, 5.3.0 (dev branch), etc)
+      render: markdown
+    validations:
+      required: true
 
-**Server Specs**
-- OS used (Ubuntu, CentOS, Windows Server 2025, etc)
-- PHP version
-- Web server (Apache, NGINX, etc)
-- MySQL or MariaDB?
-- Vichan version
-If you are unsure of your server specs, you might be using shared hosting (Hostinger, HostGator, Serv00, etc). If so, just list which service you are using.
-**Additional context**
-Add any other context about the problem here.
+  - type: textarea
+    id: additional_context
+    attributes:
+      label: "Additional Context"
+      description: "Any other details we should know?"
+      placeholder: "Add any additional context here..."
+      render: markdown

From 8d7608771036a93ff00e5a2b5cb31599a3176361 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 2 Feb 2025 23:02:41 -0600
Subject: [PATCH 333/336] what did I break?


From c026e85b3cbfe52044664fb6ff7756e3ffbe62cd Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 2 Feb 2025 23:03:35 -0600
Subject: [PATCH 334/336] Delete .github/ISSUE_TEMPLATE/bug_report.md

yml
---
 .github/ISSUE_TEMPLATE/bug_report.md | 69 ----------------------------
 1 file changed, 69 deletions(-)
 delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
deleted file mode 100644
index 27719854..00000000
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ /dev/null
@@ -1,69 +0,0 @@
-name: Bug Report
-description: File a bug report for Vichan
-title: "[BUG] "
-labels: ["bug"]
-assignees: []
-
-body:
-  - type: markdown
-    attributes:
-      value: |
-        **Thank you for reporting a bug! Please provide as much detail as possible.**
-        
-        Before submitting, check the [Vichan Wiki](https://vichan.info) to see if there's already a solution to your problem.
-
-  - type: input
-    id: bug_description
-    attributes:
-      label: "Describe the bug"
-      description: "A clear and concise description of what the bug is."
-      placeholder: "Posting doesn't go through and displays a collation error. The exact error message given is the text below and I've attached a screenshot..."
-    validations:
-      required: true
-
-  - type: textarea
-    id: steps_to_reproduce
-    attributes:
-      label: "Steps to Reproduce"
-      description: "Provide step-by-step instructions to reproduce the issue."
-      placeholder: |
-        1. Go to '...'
-        2. Click on '....'
-        3. Scroll down to '....'
-        4. See error
-      render: markdown
-    validations:
-      required: true
-
-  - type: textarea
-    id: expected_behavior
-    attributes:
-      label: "Expected Behavior"
-      description: "What did you expect to happen?"
-      placeholder: "Expected behavior here..."
-      render: markdown
-    validations:
-      required: true
-
-  - type: textarea
-    id: server_specs
-    attributes:
-      label: "Server Specifications"
-      description: "Provide details about your server environment. If you're unsure about any of this, you might be using shared hosting (Hostinger, HostGator, Serv00, etc). If so, put the name of your hosting provider here."
-      placeholder: |
-        - OS: (Ubuntu, CentOS, Windows Server 2025, etc.)
-        - PHP Version: (e.g., 7.4, 8.0, 8.1)
-        - Web Server: (Apache, NGINX, etc.)
-        - Database: (MySQL, MariaDB, etc.)
-        - Vichan Version: (5.2.0, 5.3.0 (dev branch), etc)
-      render: markdown
-    validations:
-      required: true
-
-  - type: textarea
-    id: additional_context
-    attributes:
-      label: "Additional Context"
-      description: "Any other details we should know?"
-      placeholder: "Add any additional context here..."
-      render: markdown

From 0c92315837d2da108651e272738c8ec5edb83ab5 Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 2 Feb 2025 23:03:47 -0600
Subject: [PATCH 335/336] Create bug_report.yml

---
 .github/ISSUE_TEMPLATE/bug_report.yml | 69 +++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml

diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
new file mode 100644
index 00000000..27719854
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,69 @@
+name: Bug Report
+description: File a bug report for Vichan
+title: "[BUG] "
+labels: ["bug"]
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        **Thank you for reporting a bug! Please provide as much detail as possible.**
+        
+        Before submitting, check the [Vichan Wiki](https://vichan.info) to see if there's already a solution to your problem.
+
+  - type: input
+    id: bug_description
+    attributes:
+      label: "Describe the bug"
+      description: "A clear and concise description of what the bug is."
+      placeholder: "Posting doesn't go through and displays a collation error. The exact error message given is the text below and I've attached a screenshot..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps_to_reproduce
+    attributes:
+      label: "Steps to Reproduce"
+      description: "Provide step-by-step instructions to reproduce the issue."
+      placeholder: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. See error
+      render: markdown
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected_behavior
+    attributes:
+      label: "Expected Behavior"
+      description: "What did you expect to happen?"
+      placeholder: "Expected behavior here..."
+      render: markdown
+    validations:
+      required: true
+
+  - type: textarea
+    id: server_specs
+    attributes:
+      label: "Server Specifications"
+      description: "Provide details about your server environment. If you're unsure about any of this, you might be using shared hosting (Hostinger, HostGator, Serv00, etc). If so, put the name of your hosting provider here."
+      placeholder: |
+        - OS: (Ubuntu, CentOS, Windows Server 2025, etc.)
+        - PHP Version: (e.g., 7.4, 8.0, 8.1)
+        - Web Server: (Apache, NGINX, etc.)
+        - Database: (MySQL, MariaDB, etc.)
+        - Vichan Version: (5.2.0, 5.3.0 (dev branch), etc)
+      render: markdown
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional_context
+    attributes:
+      label: "Additional Context"
+      description: "Any other details we should know?"
+      placeholder: "Add any additional context here..."
+      render: markdown

From d1e57290e04cc025f44e85dbf98e894e284d5f5d Mon Sep 17 00:00:00 2001
From: Lorenzo Yario <angeleno@screamer.wiki>
Date: Sun, 2 Feb 2025 23:07:01 -0600
Subject: [PATCH 336/336] Update bug_report.yml

---
 .github/ISSUE_TEMPLATE/bug_report.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
index 27719854..8b1717bf 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -12,7 +12,7 @@ body:
         
         Before submitting, check the [Vichan Wiki](https://vichan.info) to see if there's already a solution to your problem.
 
-  - type: input
+  - type: textarea
     id: bug_description
     attributes:
       label: "Describe the bug"
@@ -25,7 +25,7 @@ body:
     id: steps_to_reproduce
     attributes:
       label: "Steps to Reproduce"
-      description: "Provide step-by-step instructions to reproduce the issue."
+      description: "Provide step-by-step instructions to reproduce the issue. If you're unsure on how, that is alright, just try and explain as well as you can."
       placeholder: |
         1. Go to '...'
         2. Click on '....'
@@ -52,7 +52,7 @@ body:
       description: "Provide details about your server environment. If you're unsure about any of this, you might be using shared hosting (Hostinger, HostGator, Serv00, etc). If so, put the name of your hosting provider here."
       placeholder: |
         - OS: (Ubuntu, CentOS, Windows Server 2025, etc.)
-        - PHP Version: (e.g., 7.4, 8.0, 8.1)
+        - PHP Version: (e.g., 7.4, 8.0, 8.4)
         - Web Server: (Apache, NGINX, etc.)
         - Database: (MySQL, MariaDB, etc.)
         - Vichan Version: (5.2.0, 5.3.0 (dev branch), etc)