Merge pull request #920 from vichan-devel/5.2.1

5.2.1 Release

.dockerignore

@@ -0,0 +1,4 @@
+**/.git
+**/.gitignore
+/local-instances
+**/.gitkeep

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,69 @@
+name: Bug Report
+description: File a bug report for Vichan
+title: "[BUG] "
+labels: ["bug"]
+assignees: []
+
+body:
+  - type: markdown
+    attributes:
+      value: |
+        **Thank you for reporting a bug! Please provide as much detail as possible.**
+        
+        Before submitting, check the [Vichan Wiki](https://vichan.info) to see if there's already a solution to your problem.
+
+  - type: textarea
+    id: bug_description
+    attributes:
+      label: "Describe the bug"
+      description: "A clear and concise description of what the bug is."
+      placeholder: "Posting doesn't go through and displays a collation error. The exact error message given is the text below and I've attached a screenshot..."
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps_to_reproduce
+    attributes:
+      label: "Steps to Reproduce"
+      description: "Provide step-by-step instructions to reproduce the issue. If you're unsure on how, that is alright, just try and explain as well as you can."
+      placeholder: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. See error
+      render: markdown
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected_behavior
+    attributes:
+      label: "Expected Behavior"
+      description: "What did you expect to happen?"
+      placeholder: "Expected behavior here..."
+      render: markdown
+    validations:
+      required: true
+
+  - type: textarea
+    id: server_specs
+    attributes:
+      label: "Server Specifications"
+      description: "Provide details about your server environment. If you're unsure about any of this, you might be using shared hosting (Hostinger, HostGator, Serv00, etc). If so, put the name of your hosting provider here."
+      placeholder: |
+        - OS: (Ubuntu, CentOS, Windows Server 2025, etc.)
+        - PHP Version: (e.g., 7.4, 8.0, 8.4)
+        - Web Server: (Apache, NGINX, etc.)
+        - Database: (MySQL, MariaDB, etc.)
+        - Vichan Version: (5.2.0, 5.3.0 (dev branch), etc)
+      render: markdown
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional_context
+    attributes:
+      label: "Additional Context"
+      description: "Any other details we should know?"
+      placeholder: "Add any additional context here..."
+      render: markdown

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.gitignore

@@ -44,5 +44,6 @@ Thumbs.db
 #vichan custom
 favicon.ico
 /static/spoiler.png
+/local-instances
 
 /vendor/

.gitmodules

@@ -7,3 +7,6 @@
 	path = inc/lib/parsedown
 	url = https://github.com/vichan-devel/parsedown.git
 	branch = master
+[submodule "js/twemoji"]
+	path = js/twemoji
+	url = https://github.com/basedgentoo/twemoji

README.md

@@ -1,22 +1,15 @@
 vichan - A lightweight and full featured PHP imageboard.
 ========================================================
 
-**Vichan has next to no active development<!--, however you can still pay for support. Basic support costs $40/hr, and is only payable in BTC. New features depend on what you want. Email COPYPASTE &lt;AT&gt; KITTENS &lt;DOT&gt; PH if you're interested&mdash;Vichan forks such as OpenIB are included in this offer-->.**
+**Please do not contact Fredrick Brennan in regards to vichan issues.**
 
-As of 29 August 2022, though, it supports PHP8.1.
+As of 29 August 2022 it supports PHP8.1.
 
 About
 ------------
 vichan is a free light-weight, fast, highly configurable and user-friendly
 imageboard software package. It is written in PHP and has few dependencies.
 
-*Security problems can be reported to the development team: DEVELOPMENT \<AT\> VICHAN \<DOT\> NET.*
-	
-While there is currently no active development besides fixing security problems, we don't exclude the possibility to refactor the code in order to meet today's standards and continue our work from the point where [@czaks](https://github.com/czaks) retired in 2017.
-Before this milestone is achieved though, we strongly urge you to consider other imageboard packages. It is the opinion of the vichan development team that no new vichan imageboards should be deployed at the moment, and other imageboard packages used instead.
-
-For support, feel free to join our [IRC channel](https://webchat.6an.org/?channels=vichan-dev) at irc.6an.org.
-
 Some documentation may be found on our [wiki](https://github.com/vichan-devel/vichan/wiki). (feel free to contribute)
 
 History
@@ -25,16 +18,19 @@ vichan is a fork of (now defunc'd) [Tinyboard](http://github.com/savetheinternet
 a great imageboard package, actively building on it and adding a lot of features and other
 improvements.
 
+![](static/doc/timeline.svg)
+
 ### Maintainer timeline
-1. [@h00j](https://github.com/h00j) (2021 - present)
-2. [@ctrlcctrlv](https://github.com/ctrlcctrlv) (2017 - 2021)
-3. [@czaks](https://github.com/czaks) (2014 - 2017) (The author of vichan fork)
-4. [@savetheinternet](https://github.com/savetheinternet) (2010 - 2014) (The creator of Tinyboard)
+1. [@perdedora](https://github.com/perdedora) and [@RealAngeleno](https://github.com/RealAngeleno) - 2023-Present.
+2. Development Commission lead by [@basedgentoo](https://github.com/basedgentoo), [@kuz-sysadmin](https://github.com/kuz-sysadmin), and [@RealAngeleno](https://github.com/RealAngeleno). (2023 - 2023)
+3. [@h00j](https://github.com/h00j) (2021 - ???)
+4. [@ctrlcctrlv](https://github.com/ctrlcctrlv) (2017 - 2021)
+5. [@czaks](https://github.com/czaks) (2014 - 2017) (The author of vichan fork)
+6. [@savetheinternet](https://github.com/savetheinternet) (2010 - 2014) (The creator of Tinyboard)
 
 Requirements
 ------------
-1.	PHP >= 5.4 (we still try to keep compatibility with php 5.3 as much as possible)
-        PHP 7.0 is explicitly supported. PHP 7.2 works as well, but may cause as yet unreported bugs.
+1.	PHP >= 7.4
 2.	MySQL/MariaDB server
 3.	[mbstring](http://www.php.net/manual/en/mbstring.installation.php)
 4.	[PHP GD](http://www.php.net/manual/en/intro.image.php)
@@ -46,9 +42,7 @@ We try to make sure vichan is compatible with all major web servers. vichan does
 ### Recommended
 1.	MySQL/MariaDB server >= 5.5.3
 2.	ImageMagick (command-line ImageMagick or GraphicsMagick preferred).
-3.	~~[APC (Alternative PHP Cache)](http://php.net/manual/en/book.apc.php)~~,
-	[APCu (Alternative PHP Cache)](http://php.net/manual/en/book.apcu.php),
-	[XCache](http://xcache.lighttpd.net/),
+3.	[APCu (Alternative PHP Cache)](http://php.net/manual/en/book.apcu.php),
 	[Memcached](http://www.php.net/manual/en/intro.memcached.php) or
 	[Redis](https://redis.io/docs/about/)
 
@@ -61,8 +55,7 @@ You can contribute to vichan by:
 
 Installation
 -------------
-1.	Download and extract vichan to your web directory or get the latest
-	development version with:
+1.	Get the latest development version with:
 
         git clone git://github.com/vichan-devel/vichan.git
 
@@ -126,6 +119,11 @@ WebM support
 ------------
 Read `inc/lib/webm/README.md` for information about enabling webm.
 
+Docker
+------------
+Vichan comes with a Dockerfile and docker-compose configuration, the latter aimed primarily at development and testing.
+See the `docker/doc.md` file for more information.
+
 vichan API
 ----------
 vichan provides by default a 4chan-compatible JSON API. For documentation on this, see:
@@ -134,4 +132,3 @@ https://github.com/vichan-devel/vichan-API/ .
 License
 --------
 See [LICENSE.md](http://github.com/vichan-devel/vichan/blob/master/LICENSE.md).
-

b.php

@@ -1,19 +1,8 @@
 <?php
-$dir = "static/banners/";
-$files = scandir($dir);
-$images = array_diff($files, array('.', '..'));
-$name = $images[array_rand($images)];
-// open the file in a binary mode
-$fp = fopen($dir . $name, 'rb');
 
-// send the right headers
-header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1
-header('Pragma: no-cache'); // HTTP 1.0
-header('Expires: 0'); // Proxies
-header('Content-Type: ' . $fp['type']);
-header('Content-Length: ' . $fp['bytes']);
+$files = scandir('static/banners/', SCANDIR_SORT_NONE);
+$files = array_diff($files, ['.', '..']);
 
-// dump the picture and stop the script
-fpassthru($fp);
-exit;
-?>
+$name = $files[array_rand($files)];
+header("Location: /static/banners/$name", true, 307);
+header('Cache-Control: no-cache');

banned.php

@@ -1,6 +1,4 @@
 <?php
-  require_once 'inc/functions.php';
-  require_once 'inc/bans.php';
   require_once 'inc/bootstrap.php';
   checkBan();
 

compose.yml

@@ -0,0 +1,40 @@
+services:
+  #nginx webserver + php 8.x
+  web:
+    build:
+      context: .
+      dockerfile: ./docker/nginx/Dockerfile
+    ports:
+      - "9090:80"
+    depends_on:
+      - db
+    volumes:
+      - ./local-instances/${INSTANCE:-0}/www:/var/www/html
+      - ./docker/nginx/vichan.conf:/etc/nginx/conf.d/default.conf
+      - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
+    links:
+      - php
+
+  php:
+    build:
+      context: .
+      dockerfile: ./docker/php/Dockerfile
+    volumes:
+      - ./local-instances/${INSTANCE:-0}/www:/var/www
+      - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
+      - ./docker/php/jit.ini:/usr/local/etc/php/conf.d/jit.ini
+
+  #MySQL Service
+  db:
+    image: mysql:8.0.35
+    container_name: db
+    restart: unless-stopped
+    tty: true
+    ports:
+      - "3306:3306"
+    environment:
+      MYSQL_DATABASE: vichan
+      MYSQL_ROOT_PASSWORD: password
+    volumes:
+      - ./local-instances/${INSTANCE:-0}/mysql:/var/lib/mysql

composer.json

@@ -2,16 +2,24 @@
     "name": "vichan-devel/vichan",
     "description": "vichan imageboard",
     "type": "project",
+    "config": {
+        "platform": {
+            "php": "7.4"
+        }
+    },
     "require": {
-        "ext-mbstring": ">=5.4",
-        "ext-gd": ">=5.4",
-        "ext-pdo": ">=5.4",
-        "twig/twig": "^1.44.2",
+        "php": ">=7.4",
+        "ext-mbstring": ">=7.4",
+        "ext-gd": ">=7.4",
+        "ext-pdo": ">=7.4",
+        "twig/twig": "^2.9",
+        "phpmyadmin/twig-i18n-extension": "^4.0",
         "lifo/ip": "^1.0",
-        "gettext/gettext": "^1.0",
+        "gettext/gettext": "^5.5",
         "mrclay/minify": "^2.1.6",
         "geoip/geoip": "^1.17",
-        "dapphp/securimage": "^4.0"
+        "dapphp/securimage": "^4.0",
+        "erusev/parsedown":  "^1.7.4"
     },
     "autoload": {
         "classmap": ["inc/"],
@@ -25,8 +33,14 @@
             "inc/mod/auth.php",
             "inc/lock.php",
             "inc/queue.php",
-            "inc/polyfill.php",
-            "inc/functions.php"
+            "inc/functions.php",
+            "inc/functions/dice.php",
+            "inc/functions/format.php",
+            "inc/functions/net.php",
+            "inc/functions/num.php",
+            "inc/functions/theme.php",
+            "inc/service/captcha-queries.php",
+            "inc/context.php"
         ]
     },
     "license": "Tinyboard + vichan",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "1e3723687369c82eea457d2dded76b74",
+    "content-hash": "72e79f203581eea6e6b0455147b25878",
     "packages": [
         {
             "name": "dapphp/securimage",
@@ -31,12 +31,12 @@
             },
             "type": "library",
             "autoload": {
-                "classmap": [
-                    "securimage.php"
-                ],
                 "psr-4": {
                     "Securimage\\": "./"
-                }
+                },
+                "classmap": [
+                    "securimage.php"
+                ]
             },
             "notification-url": "https://packagist.org/downloads/",
             "license": [
@@ -114,37 +114,43 @@
                 "issues": "https://github.com/maxmind/geoip-api-php/issues",
                 "source": "https://github.com/maxmind/geoip-api-php/tree/master"
             },
+            "abandoned": "geoip2/geoip2",
             "time": "2016-05-16T19:06:50+00:00"
         },
         {
             "name": "gettext/gettext",
-            "version": "v1.1.5",
+            "version": "v5.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-gettext/Gettext.git",
-                "reference": "1bdf755a1b49f0614d6fc29f446df567eb62cd5c"
+                "reference": "8657e580747bb3baacccdcebe69cac094661e404"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-gettext/Gettext/zipball/1bdf755a1b49f0614d6fc29f446df567eb62cd5c",
-                "reference": "1bdf755a1b49f0614d6fc29f446df567eb62cd5c",
+                "url": "https://api.github.com/repos/php-gettext/Gettext/zipball/8657e580747bb3baacccdcebe69cac094661e404",
+                "reference": "8657e580747bb3baacccdcebe69cac094661e404",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.0"
+                "gettext/languages": "^2.3",
+                "php": "^7.2|^8.0"
+            },
+            "require-dev": {
+                "brick/varexporter": "^0.3.5",
+                "friendsofphp/php-cs-fixer": "^3.2",
+                "oscarotero/php-cs-fixer-config": "^2.0",
+                "phpunit/phpunit": "^8.0|^9.0",
+                "squizlabs/php_codesniffer": "^3.0"
             },
             "type": "library",
             "autoload": {
-                "psr-0": {
-                    "Gettext": ""
-                },
-                "files": [
-                    "Gettext/translator_functions.php"
-                ]
+                "psr-4": {
+                    "Gettext\\": "src"
+                }
             },
             "notification-url": "https://packagist.org/downloads/",
             "license": [
-                "AGPL-3.0"
+                "MIT"
             ],
             "authors": [
                 {
@@ -154,33 +160,123 @@
                     "role": "Developer"
                 }
             ],
-            "description": "PHP - JS gettext conversor",
-            "homepage": "https://github.com/oscarotero/Gettext",
+            "description": "PHP gettext manager",
+            "homepage": "https://github.com/php-gettext/Gettext",
             "keywords": [
                 "JS",
                 "gettext",
                 "i18n",
+                "mo",
+                "po",
                 "translation"
             ],
             "support": {
                 "email": "oom@oscarotero.com",
-                "issues": "https://github.com/oscarotero/Gettext/issues",
-                "source": "https://github.com/php-gettext/Gettext/tree/v1.1.5"
+                "issues": "https://github.com/php-gettext/Gettext/issues",
+                "source": "https://github.com/php-gettext/Gettext/tree/v5.7.0"
             },
-            "time": "2014-10-22T15:53:45+00:00"
+            "funding": [
+                {
+                    "url": "https://paypal.me/oscarotero",
+                    "type": "custom"
                 },
                 {
-            "name": "lifo/ip",
-            "version": "v1.1",
+                    "url": "https://github.com/oscarotero",
+                    "type": "github"
+                },
+                {
+                    "url": "https://www.patreon.com/misteroom",
+                    "type": "patreon"
+                }
+            ],
+            "time": "2022-07-27T19:54:55+00:00"
+        },
+        {
+            "name": "gettext/languages",
+            "version": "2.10.0",
             "source": {
                 "type": "git",
-                "url": "https://github.com/lifo101/ip.git",
-                "reference": "b6a36dab288d7aea155698808bfc6649799fe413"
+                "url": "https://github.com/php-gettext/Languages.git",
+                "reference": "4d61d67fe83a2ad85959fe6133d6d9ba7dddd1ab"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/lifo101/ip/zipball/b6a36dab288d7aea155698808bfc6649799fe413",
-                "reference": "b6a36dab288d7aea155698808bfc6649799fe413",
+                "url": "https://api.github.com/repos/php-gettext/Languages/zipball/4d61d67fe83a2ad85959fe6133d6d9ba7dddd1ab",
+                "reference": "4d61d67fe83a2ad85959fe6133d6d9ba7dddd1ab",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "^4.8 || ^5.7 || ^6.5 || ^7.5 || ^8.4"
+            },
+            "bin": [
+                "bin/export-plural-rules"
+            ],
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "Gettext\\Languages\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Michele Locati",
+                    "email": "mlocati@gmail.com",
+                    "role": "Developer"
+                }
+            ],
+            "description": "gettext languages with plural rules",
+            "homepage": "https://github.com/php-gettext/Languages",
+            "keywords": [
+                "cldr",
+                "i18n",
+                "internationalization",
+                "l10n",
+                "language",
+                "languages",
+                "localization",
+                "php",
+                "plural",
+                "plural rules",
+                "plurals",
+                "translate",
+                "translations",
+                "unicode"
+            ],
+            "support": {
+                "issues": "https://github.com/php-gettext/Languages/issues",
+                "source": "https://github.com/php-gettext/Languages/tree/2.10.0"
+            },
+            "funding": [
+                {
+                    "url": "https://paypal.me/mlocati",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/mlocati",
+                    "type": "github"
+                }
+            ],
+            "time": "2022-10-18T15:00:10+00:00"
+        },
+        {
+            "name": "lifo/ip",
+            "version": "v1.1.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/lifo101/ip.git",
+                "reference": "4c4cf5b554884be93f1d0422eaec8d6426993229"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/lifo101/ip/zipball/4c4cf5b554884be93f1d0422eaec8d6426993229",
+                "reference": "4c4cf5b554884be93f1d0422eaec8d6426993229",
                 "shasum": ""
             },
             "require": {
@@ -212,9 +308,9 @@
             ],
             "support": {
                 "issues": "https://github.com/lifo101/ip/issues",
-                "source": "https://github.com/lifo101/ip/tree/master"
+                "source": "https://github.com/lifo101/ip/tree/v1.1.1"
             },
-            "time": "2020-04-02T11:09:10+00:00"
+            "time": "2022-07-12T15:45:54+00:00"
         },
         {
             "name": "mrclay/minify",
@@ -268,29 +364,88 @@
             "time": "2017-11-03T21:04:01+00:00"
         },
         {
-            "name": "symfony/polyfill-ctype",
-            "version": "v1.23.0",
+            "name": "phpmyadmin/twig-i18n-extension",
+            "version": "v4.0.1",
             "source": {
                 "type": "git",
-                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "46cd95797e9df938fdd2b03693b5fca5e64b01ce"
+                "url": "https://github.com/phpmyadmin/twig-i18n-extension.git",
+                "reference": "c0d0dd171cd1c7733bf152fd44b61055843df052"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/46cd95797e9df938fdd2b03693b5fca5e64b01ce",
-                "reference": "46cd95797e9df938fdd2b03693b5fca5e64b01ce",
+                "url": "https://api.github.com/repos/phpmyadmin/twig-i18n-extension/zipball/c0d0dd171cd1c7733bf152fd44b61055843df052",
+                "reference": "c0d0dd171cd1c7733bf152fd44b61055843df052",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.1 || ^8.0",
+                "twig/twig": "^1.42.3|^2.0|^3.0"
+            },
+            "require-dev": {
+                "phpmyadmin/coding-standard": "^3.0.0",
+                "phpmyadmin/motranslator": "^5.2",
+                "phpstan/phpstan": "^0.12.66",
+                "phpunit/phpunit": "^7 || ^8 || ^9"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "PhpMyAdmin\\Twig\\Extensions\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Fabien Potencier",
+                    "email": "fabien@symfony.com"
+                },
+                {
+                    "name": "The phpMyAdmin Team",
+                    "email": "developers@phpmyadmin.net",
+                    "homepage": "https://www.phpmyadmin.net/team/"
+                }
+            ],
+            "description": "Internationalization support for Twig via the gettext library",
+            "keywords": [
+                "gettext",
+                "i18n"
+            ],
+            "support": {
+                "issues": "https://github.com/phpmyadmin/twig-i18n-extension/issues",
+                "source": "https://github.com/phpmyadmin/twig-i18n-extension"
+            },
+            "time": "2021-06-10T15:53:38+00:00"
+        },
+        {
+            "name": "symfony/polyfill-ctype",
+            "version": "v1.27.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-ctype.git",
+                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/5bbc823adecdae860bb64756d639ecfec17b050a",
+                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.1"
             },
+            "provide": {
+                "ext-ctype": "*"
+            },
             "suggest": {
                 "ext-ctype": "For best performance"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.27-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -298,12 +453,12 @@
                 }
             },
             "autoload": {
-                "psr-4": {
-                    "Symfony\\Polyfill\\Ctype\\": ""
-                },
                 "files": [
                     "bootstrap.php"
-                ]
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Ctype\\": ""
+                }
             },
             "notification-url": "https://packagist.org/downloads/",
             "license": [
@@ -328,7 +483,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.23.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.27.0"
             },
             "funding": [
                 {
@@ -344,34 +499,195 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-02-19T12:13:01+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
         },
         {
-            "name": "twig/twig",
-            "version": "v1.44.5",
+            "name": "symfony/polyfill-mbstring",
+            "version": "v1.27.0",
             "source": {
                 "type": "git",
-                "url": "https://github.com/twigphp/Twig.git",
-                "reference": "dd4353357c5a116322e92a00d16043a31881a81e"
+                "url": "https://github.com/symfony/polyfill-mbstring.git",
+                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/dd4353357c5a116322e92a00d16043a31881a81e",
-                "reference": "dd4353357c5a116322e92a00d16043a31881a81e",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
+                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
                 "shasum": ""
             },
             "require": {
-                "php": ">=7.2.5",
-                "symfony/polyfill-ctype": "^1.8"
+                "php": ">=7.1"
             },
-            "require-dev": {
-                "psr/container": "^1.0",
-                "symfony/phpunit-bridge": "^4.4.9|^5.0.9"
+            "provide": {
+                "ext-mbstring": "*"
+            },
+            "suggest": {
+                "ext-mbstring": "For best performance"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.44-dev"
+                    "dev-main": "1.27-dev"
+                },
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Mbstring\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill for the Mbstring extension",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "mbstring",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.27.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2022-11-03T14:55:06+00:00"
+        },
+        {
+            "name": "symfony/polyfill-php72",
+            "version": "v1.27.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php72.git",
+                "reference": "869329b1e9894268a8a61dabb69153029b7a8c97"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/869329b1e9894268a8a61dabb69153029b7a8c97",
+                "reference": "869329b1e9894268a8a61dabb69153029b7a8c97",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "1.27-dev"
+                },
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php72\\": ""
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 7.2+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php72/tree/v1.27.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2022-11-03T14:55:06+00:00"
+        },
+        {
+            "name": "twig/twig",
+            "version": "v2.15.4",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/twigphp/Twig.git",
+                "reference": "3e059001d6d597dd50ea7c74dd2464b4adea48d3"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3e059001d6d597dd50ea7c74dd2464b4adea48d3",
+                "reference": "3e059001d6d597dd50ea7c74dd2464b4adea48d3",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1.3",
+                "symfony/polyfill-ctype": "^1.8",
+                "symfony/polyfill-mbstring": "^1.3",
+                "symfony/polyfill-php72": "^1.8"
+            },
+            "require-dev": {
+                "psr/container": "^1.0",
+                "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.15-dev"
                 }
             },
             "autoload": {
@@ -410,7 +726,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v1.44.5"
+                "source": "https://github.com/twigphp/Twig/tree/v2.15.4"
             },
             "funding": [
                 {
@@ -422,7 +738,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2021-09-17T08:35:19+00:00"
+            "time": "2022-12-27T12:26:20+00:00"
         }
     ],
     "packages-dev": [],
@@ -437,5 +753,5 @@
         "ext-pdo": ">=5.4"
     },
     "platform-dev": [],
-    "plugin-api-version": "2.0.0"
+    "plugin-api-version": "2.3.0"
 }

docker/doc.md

@@ -0,0 +1,20 @@
+The `php-fpm` process runs containerized.
+The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it
+is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`.
+This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;`
+
+The default docker compose settings are intended for development and testing purposes.
+The folder structure expected by compose is as follows
+
+```
+<vichan-project>
+└── local-instances
+    └── 1
+        ├── mysql
+        └── www
+```
+The vichan container is by itself much less rigid.
+
+
+Use `docker compose up --build` to start the docker compose.
+Use `docker compose up --build -d php` to rebuild just the vichan container while the compose is running. Useful for development.

docker/nginx/Dockerfile

@@ -0,0 +1,8 @@
+FROM nginx:1.25.3-alpine
+
+COPY . /code
+RUN adduser --system www-data \
+  && adduser www-data www-data
+
+CMD [ "nginx", "-g", "daemon off;" ]
+EXPOSE 80

docker/nginx/nginx.conf

@@ -0,0 +1,34 @@
+# This and proxy.conf are based on
+# https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf
+
+user www-data;
+worker_processes auto;
+
+error_log /dev/stdout warn;
+pid       /var/run/nginx.pid;
+
+events {
+	worker_connections  1024;
+}
+
+http {
+	include       /etc/nginx/mime.types;
+	default_type  application/octet-stream;
+
+	# Switch logging to console out to view via Docker
+	access_log /dev/stdout;
+	error_log /dev/stdout warn;
+	sendfile        on;
+	keepalive_timeout  5;
+
+	gzip              on;
+	gzip_http_version 1.0;
+	gzip_vary         on;
+	gzip_comp_level   6;
+	gzip_types        text/xml text/plain text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php;
+	gzip_disable      "MSIE [1-6]\.";
+
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-available/*.conf;
+}

docker/nginx/proxy.conf

@@ -0,0 +1,40 @@
+proxy_cache_path  /var/cache/nginx levels=1:2 keys_zone=czone:4m max_size=50m inactive=120m;
+proxy_temp_path   /var/tmp/nginx;
+proxy_cache_key   "$scheme://$host$request_uri";
+
+
+map $http_forwarded_request_id $x_request_id {
+	""          $request_id;
+	default     $http_forwarded_request_id;
+}
+
+map $http_forwarded_forwarded_host $forwardedhost {
+	""          $host;
+	default     $http_forwarded_forwarded_host;
+}
+
+
+map $http_x_forwarded_proto $fcgi_https {
+	default "";
+	https on;
+}
+
+map $http_x_forwarded_proto $real_scheme {
+	default $scheme;
+	https https;
+}
+
+proxy_set_header  Host               $host;
+proxy_set_header  X-Real-IP          $remote_addr;
+proxy_set_header  X-Forwarded-Host   $host;
+proxy_set_header  X-Forwarded-Server $host;
+
+real_ip_header X-Forwarded-For;
+
+set_real_ip_from 10.0.0.0/8;
+set_real_ip_from 172.16.0.0/12;
+set_real_ip_from 172.18.0.0;
+set_real_ip_from 192.168.0.0/24;
+set_real_ip_from 127.0.0.0/8;
+
+real_ip_recursive on;

docker/nginx/vichan.conf

@@ -0,0 +1,66 @@
+upstream php-upstream {
+	server php:9000;
+}
+
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server ipv6only=on;
+	server_name vichan;
+	root /var/www/html;
+	add_header X-Frame-Options "SAMEORIGIN";
+	add_header X-Content-Type-Options "nosniff";
+
+	index index.html index.php;
+
+	charset utf-8;
+
+	location ~ ^([^.\?]*[^\/])$ {
+		try_files $uri @addslash;
+	}
+
+	# Expire rules for static content
+	# Media: images, icons, video, audio, HTC
+	location ~* \.(?:jpg|jpeg|gif|png|webp|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
+		expires 1M;
+		access_log off;
+		log_not_found off;
+		add_header Cache-Control "public";
+	}
+	# CSS and Javascript
+	location ~* \.(?:css|js)$ {
+		expires 1y;
+		access_log off;
+		log_not_found off;
+		add_header Cache-Control "public";
+	}
+
+	location ~* \.(html)$ {
+		expires -1;
+	}
+
+	location @addslash {
+		return 301 $uri/;
+	}
+
+	location / {
+		try_files $uri $uri/ /index.php$is_args$args;
+	}
+
+	client_max_body_size 2G;
+
+	location ~ \.php$ {
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-For $remote_addr;
+		proxy_set_header X-Request-Id $x_request_id;
+		proxy_set_header X-Forwarded-Host $host;
+		proxy_set_header Forwarded-Request-Id $x_request_id;
+		fastcgi_pass php-upstream;
+		fastcgi_index index.php;
+		fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
+		fastcgi_read_timeout 600;
+		include fastcgi_params;
+	}
+
+	location = /favicon.ico { access_log off; log_not_found off; }
+	location = /robots.txt  { access_log off; log_not_found off; }
+}

docker/php/Dockerfile

@@ -0,0 +1,88 @@
+# Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile
+
+FROM composer:lts AS composer
+FROM php:8.1-fpm-alpine
+
+RUN apk add --no-cache \
+    zlib \
+    zlib-dev \
+    libpng \
+    libpng-dev \
+    libjpeg-turbo \
+    libjpeg-turbo-dev \
+    libwebp \
+    libwebp-dev \
+    libcurl \
+    curl-dev \
+    imagemagick \
+    graphicsmagick \
+    gifsicle \
+    ffmpeg \
+    bind-tools \
+    gettext \
+    gettext-dev \
+    icu-dev \
+    oniguruma \
+    oniguruma-dev \
+    libmcrypt \
+    libmcrypt-dev \
+    lz4-libs \
+    lz4-dev \
+    imagemagick-dev \
+    pcre-dev \
+    $PHPIZE_DEPS \
+    && docker-php-ext-configure gd \
+        --with-webp=/usr/include/webp \
+        --with-jpeg=/usr/include \
+    && docker-php-ext-install -j$(nproc) \
+        gd \
+        curl \
+        bcmath \
+        opcache \
+        pdo_mysql \
+        gettext \
+        intl \
+        mbstring \
+    && pecl update-channels \
+    && pecl install -o -f igbinary \
+    && pecl install redis \
+    && pecl install imagick \
+    $$ docker-php-ext-enable \
+        igbinary \
+        redis \
+        imagick \
+    && apk del \
+        zlib-dev \
+        libpng-dev \
+        libjpeg-turbo-dev \
+        libwebp-dev \
+        curl-dev \
+        gettext-dev \
+        oniguruma-dev \
+        libmcrypt-dev \
+        lz4-dev \
+        imagemagick-dev \
+        pcre-dev \
+        $PHPIZE_DEPS \
+    && rm -rf /var/cache/* \
+    && rm -rf /tmp/pear
+RUN rmdir /var/www/html \
+    && install -d -m 744 -o www-data -g www-data /var/www \
+    && install -d -m 700 -o www-data -g www-data /var/tmp/vichan \
+    && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \
+    && install -d -m 700 -o www-data -g www-data /var/cache/template-cache
+
+# Copy the bootstrap script.
+COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh
+
+COPY --from=composer /usr/bin/composer /usr/local/bin/composer
+
+# Copy the actual project (use .dockerignore to exclude stuff).
+COPY . /code
+
+# Install the compose depedencies.
+RUN cd /code && composer install
+
+WORKDIR "/var/www"
+CMD [ "bootstrap.sh" ]
+EXPOSE 9000

docker/php/Dockerfile.profile

@@ -0,0 +1,16 @@
+# syntax = devthefuture/dockerfile-x
+INCLUDE ./docker/php/Dockerfile
+
+RUN apk add --no-cache \
+        linux-headers \
+        $PHPIZE_DEPS \
+    && pecl update-channels \
+    && pecl install xdebug \
+    && docker-php-ext-enable xdebug \
+    && apk del \
+        linux-headers \
+        $PHPIZE_DEPS \
+    && rm -rf /var/cache/*
+
+ENV XDEBUG_OUT_DIR=/var/www/xdebug_out
+CMD [ "bootstrap.sh" ]

docker/php/bootstrap.sh

@@ -0,0 +1,87 @@
+#!/bin/sh
+
+set -eu
+
+function set_cfg() {
+    if [ -L "/var/www/inc/$1" ]; then
+        echo "INFO: Resetting $1"
+        rm "/var/www/inc/$1"
+        cp "/code/inc/$1" "/var/www/inc/$1"
+        chown www-data "/var/www/inc/$1"
+        chgrp www-data "/var/www/inc/$1"
+        chmod 600 "/var/www/inc/$1"
+    else
+        echo "INFO: Using existing $1"
+    fi
+}
+
+if ! mountpoint -q /var/www; then
+    echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!"
+fi
+
+if [ ! -w /var/www ] ; then
+    echo "ERROR: '/var/www' is not writable. Closing."
+    exit 1
+fi
+
+if [ -z  "${XDEBUG_OUT_DIR:-''}" ] ; then
+    echo "INFO: Initializing xdebug out directory at $XDEBUG_OUT_DIR"
+    mkdir -p "$XDEBUG_OUT_DIR"
+    chown www-data "$XDEBUG_OUT_DIR"
+    chgrp www-data "$XDEBUG_OUT_DIR"
+    chmod 755 "$XDEBUG_OUT_DIR"
+fi
+
+# Link the entrypoints from the exposed directory.
+ln -nfs \
+    /code/tools/ \
+    /code/*.php \
+    /code/LICENSE.* \
+    /code/install.sql \
+    /var/www/
+# Static files accessible from the webserver must be copied.
+cp -ur /code/static /var/www/
+cp -ur /code/stylesheets /var/www/
+
+# Ensure correct permissions are set, since this might be bind mount.
+chown www-data /var/www
+chgrp www-data /var/www
+
+# Initialize an empty robots.txt with the default if it doesn't exist.
+touch /var/www/robots.txt
+
+# Link the cache and tmp files directory.
+ln -nfs /var/tmp/vichan /var/www/tmp
+
+# Link the javascript directory.
+ln -nfs /code/js /var/www/
+
+# Link the html templates directory and it's cache.
+ln -nfs /code/templates /var/www/
+ln -nfs -T /var/cache/template-cache /var/www/templates/cache
+chown -h www-data /var/www/templates/cache
+chgrp -h www-data /var/www/templates/cache
+
+# Link the generic cache.
+ln -nfs -T /var/cache/gen-cache /var/www/tmp/cache
+chown -h www-data /var/www/tmp/cache
+chgrp -h www-data /var/www/tmp/cache
+
+# Create the included files directory and link them
+install -d -m 700 -o www-data -g www-data /var/www/inc
+for file in /code/inc/*; do
+    file="${file##*/}"
+    if [ ! -e /var/www/inc/$file ]; then
+        ln -s /code/inc/$file /var/www/inc/
+    fi
+done
+
+# Copy an empty instance configuration if the file is a link (it was linked because it did not exist before).
+set_cfg 'instance-config.php'
+set_cfg 'secrets.php'
+
+# Link the composer dependencies.
+ln -nfs /code/vendor /var/www/
+
+# Start the php-fpm server.
+exec php-fpm

docker/php/jit.ini

@@ -0,0 +1,2 @@
+opcache.jit_buffer_size=192M
+opcache.jit=tracing

docker/php/www.conf

@@ -0,0 +1,13 @@
+[www]
+access.log = /proc/self/fd/2
+
+; Ensure worker stdout and stderr are sent to the main error log.
+catch_workers_output = yes
+decorate_workers_output = no
+
+user = www-data
+group = www-data
+
+listen = 127.0.0.1:9000
+pm = static
+pm.max_children = 16

docker/php/xdebug-prof.ini

@@ -0,0 +1,7 @@
+zend_extension=xdebug
+
+[xdebug]
+xdebug.mode = profile
+xdebug.start_with_request = start
+error_reporting = E_ALL
+xdebug.output_dir = /var/www/xdebug_out

inc/Data/Driver/ApcuCacheDriver.php

@@ -0,0 +1,28 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+class ApcuCacheDriver implements CacheDriver {
+	public function get(string $key): mixed {
+		$success = false;
+		$ret = \apcu_fetch($key, $success);
+		if ($success === false) {
+			return null;
+		}
+		return $ret;
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		\apcu_store($key, $value, (int)$expires);
+	}
+
+	public function delete(string $key): void {
+		\apcu_delete($key);
+	}
+
+	public function flush(): void {
+		\apcu_clear_cache();
+	}
+}

inc/Data/Driver/ArrayCacheDriver.php

@@ -0,0 +1,28 @@
+<?php
+namespace Vichan\Data\Driver;
+
+
+defined('TINYBOARD') or exit;
+
+/**
+ * A simple process-wide PHP array.
+ */
+class ArrayCacheDriver implements CacheDriver {
+	private static $inner = [];
+
+	public function get(string $key) {
+		return isset(self::$inner[$key]) ? self::$inner[$key] : null;
+	}
+
+	public function set(string $key, $value, $expires = false): void {
+		self::$inner[$key] = $value;
+	}
+
+	public function delete(string $key): void {
+		unset(self::$inner[$key]);
+	}
+
+	public function flush(): void {
+		self::$inner = [];
+	}
+}

inc/Data/Driver/CacheDriver.php

@@ -0,0 +1,38 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+interface CacheDriver {
+        /**
+         * Get the value of associated with the key.
+         *
+         * @param string $key The key of the value.
+         * @return mixed|null The value associated with the key, or null if there is none.
+         */
+        public function get(string $key);
+
+        /**
+         * Set a key-value pair.
+         *
+         * @param string $key The key.
+         * @param mixed $value The value.
+         * @param int|false $expires After how many seconds the pair will expire. Use false or ignore this parameter to keep
+         *                           the value until it gets evicted to make space for more items. Some drivers will always
+         *                           ignore this parameter and store the pair until it's removed.
+         */
+        public function set(string $key, $value, $expires = false);
+
+        /**
+         * Delete a key-value pair.
+         *
+         * @param string $key The key.
+         */
+        public function delete(string $key);
+
+        /**
+         * Delete all the key-value pairs.
+         */
+        public function flush();
+}

inc/Data/Driver/ErrorLogLogDriver.php

@@ -0,0 +1,28 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * Log via the php function error_log.
+ */
+class ErrorLogLogDriver implements LogDriver {
+	use LogTrait;
+
+	private string $name;
+	private int $level;
+
+	public function __construct(string $name, int $level) {
+		$this->name = $name;
+		$this->level = $level;
+	}
+
+	public function log(int $level, string $message): void {
+		if ($level <= $this->level) {
+			$lv = $this->levelToString($level);
+			$line = "{$this->name} $lv: $message";
+			\error_log($line, 0, null, null);
+		}
+	}
+}

inc/Data/Driver/FileLogDriver.php

@@ -0,0 +1,61 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * Log to a file.
+ */
+class FileLogDriver implements LogDriver {
+	use LogTrait;
+
+	private string $name;
+	private int $level;
+	private mixed $fd;
+
+	public function __construct(string $name, int $level, string $file_path) {
+		/*
+		 * error_log is slow as hell in it's 3rd mode, so use fopen + file locking instead.
+		 * https://grobmeier.solutions/performance-ofnonblocking-write-to-files-via-php-21082009.html
+		 *
+		 * Whatever file appending is atomic is contentious:
+		 *  - There are no POSIX guarantees: https://stackoverflow.com/a/7237901
+		 *  - But linus suggested they are on linux, on some filesystems: https://web.archive.org/web/20151201111541/http://article.gmane.org/gmane.linux.kernel/43445
+		 *  - But it doesn't seem to be always the case: https://www.notthewizard.com/2014/06/17/are-files-appends-really-atomic/
+		 *
+		 * So we just use file locking to be sure.
+		 */
+
+		$this->fd = \fopen($file_path, 'a');
+		if ($this->fd === false) {
+			throw new \RuntimeException("Unable to open log file at $file_path");
+		}
+
+		$this->name = $name;
+		$this->level = $level;
+
+		// In some cases PHP does not run the destructor.
+		\register_shutdown_function([$this, 'close']);
+	}
+
+	public function __destruct() {
+		$this->close();
+	}
+
+	public function log(int $level, string $message): void {
+		if ($level <= $this->level) {
+			$lv = $this->levelToString($level);
+			$line = "{$this->name} $lv: $message\n";
+			\flock($this->fd, LOCK_EX);
+			\fwrite($this->fd, $line);
+			\fflush($this->fd);
+			\flock($this->fd, LOCK_UN);
+		}
+	}
+
+	public function close() {
+		\flock($this->fd, LOCK_UN);
+		\fclose($this->fd);
+	}
+}

inc/Data/Driver/FsCachedriver.php

@@ -0,0 +1,155 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+class FsCacheDriver implements CacheDriver {
+	private string $prefix;
+	private string $base_path;
+	private mixed $lock_fd;
+	private int|false $collect_chance_den;
+
+
+	private function prepareKey(string $key): string {
+		$key = \str_replace('/', '::', $key);
+		$key = \str_replace("\0", '', $key);
+		return $this->prefix . $key;
+	}
+
+	private function sharedLockCache(): void {
+		\flock($this->lock_fd, LOCK_SH);
+	}
+
+	private function exclusiveLockCache(): void {
+		\flock($this->lock_fd, LOCK_EX);
+	}
+
+	private function unlockCache(): void {
+		\flock($this->lock_fd, LOCK_UN);
+	}
+
+	private function collectImpl(): int {
+		/*
+		 * A read lock is ok, since it's alright if we delete expired items from under the feet of other processes, and
+		 * no other process add new cache items or refresh existing ones.
+		 */
+		$files = \glob($this->base_path . $this->prefix . '*', \GLOB_NOSORT);
+		$count = 0;
+		foreach ($files as $file) {
+			$data = \file_get_contents($file);
+			$wrapped = \json_decode($data, true, 512, \JSON_THROW_ON_ERROR);
+			if ($wrapped['expires'] !== false && $wrapped['expires'] <= \time()) {
+				if (@\unlink($file)) {
+					$count++;
+				}
+			}
+		}
+		return $count;
+	}
+
+	private function maybeCollect(): void {
+		if ($this->collect_chance_den !== false && \mt_rand(0, $this->collect_chance_den - 1) === 0) {
+			$this->collect_chance_den = false; // Collect only once per instance (aka process).
+			$this->collectImpl();
+		}
+	}
+
+	public function __construct(string $prefix, string $base_path, string $lock_file, int|false $collect_chance_den) {
+		if ($base_path[\strlen($base_path) - 1] !== '/') {
+			$base_path = "$base_path/";
+		}
+
+		if (!\is_dir($base_path)) {
+			throw new \RuntimeException("$base_path is not a directory!");
+		}
+
+		if (!\is_writable($base_path)) {
+			throw new \RuntimeException("$base_path is not writable!");
+		}
+
+		$this->lock_fd = \fopen($base_path . $lock_file, 'w');
+		if ($this->lock_fd === false) {
+			throw new \RuntimeException('Unable to open the lock file!');
+		}
+
+		$this->prefix = $prefix;
+		$this->base_path = $base_path;
+		$this->collect_chance_den = $collect_chance_den;
+	}
+
+	public function __destruct() {
+		$this->close();
+	}
+
+	public function get(string $key): mixed {
+		$key = $this->prepareKey($key);
+
+		$this->sharedLockCache();
+
+		// Collect expired items first so if the target key is expired we shortcut to failure in the next lines.
+		$this->maybeCollect();
+
+		$fd = \fopen($this->base_path . $key, 'r');
+		if ($fd === false) {
+			$this->unlockCache();
+			return null;
+		}
+
+		$data = \stream_get_contents($fd);
+		\fclose($fd);
+		$this->unlockCache();
+		$wrapped = \json_decode($data, true, 512, \JSON_THROW_ON_ERROR);
+
+		if ($wrapped['expires'] !== false && $wrapped['expires'] <= \time()) {
+			// Already expired, leave it there since we already released the lock and pretend it doesn't exist.
+			return null;
+		} else {
+			return $wrapped['inner'];
+		}
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		$key = $this->prepareKey($key);
+
+		$wrapped = [
+			'expires' => $expires ? \time() + $expires : false,
+			'inner' => $value
+		];
+
+		$data = \json_encode($wrapped);
+		$this->exclusiveLockCache();
+		$this->maybeCollect();
+		\file_put_contents($this->base_path . $key, $data);
+		$this->unlockCache();
+	}
+
+	public function delete(string $key): void {
+		$key = $this->prepareKey($key);
+
+		$this->exclusiveLockCache();
+		@\unlink($this->base_path . $key);
+		$this->maybeCollect();
+		$this->unlockCache();
+	}
+
+	public function collect(): int {
+		$this->sharedLockCache();
+		$count = $this->collectImpl();
+		$this->unlockCache();
+		return $count;
+	}
+
+	public function flush(): void {
+		$this->exclusiveLockCache();
+		$files = \glob($this->base_path . $this->prefix . '*', \GLOB_NOSORT);
+		foreach ($files as $file) {
+			@\unlink($file);
+		}
+		$this->unlockCache();
+	}
+
+	public function close(): void {
+		\fclose($this->lock_fd);
+	}
+}

inc/Data/Driver/HttpDriver.php

@@ -0,0 +1,131 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * Honestly this is just a wrapper for cURL. Still useful to mock it and have an OOP API on PHP 7.
+ */
+class HttpDriver {
+	private $inner;
+	private int $timeout;
+	private int $max_file_size;
+
+
+	private function resetTowards(string $url, int $timeout): void {
+		\curl_reset($this->inner);
+		\curl_setopt_array($this->inner, [
+			\CURLOPT_URL => $url,
+			\CURLOPT_TIMEOUT => $timeout,
+			\CURLOPT_USERAGENT => 'Tinyboard',
+			\CURLOPT_PROTOCOLS => \CURLPROTO_HTTP | \CURLPROTO_HTTPS,
+		]);
+	}
+
+	public function __construct(int $timeout, int $max_file_size) {
+		$this->inner = \curl_init();
+		$this->timeout = $timeout;
+		$this->max_file_size = $max_file_size;
+	}
+
+	public function __destruct() {
+		\curl_close($this->inner);
+	}
+
+	/**
+	 * Execute a GET request.
+	 *
+	 * @param string $endpoint Uri endpoint.
+	 * @param ?array $data Optional GET parameters.
+	 * @param int $timeout Optional request timeout in seconds. Use the default timeout if 0.
+	 * @return string Returns the body of the response.
+	 * @throws RuntimeException Throws on IO error.
+	 */
+	public function requestGet(string $endpoint, ?array $data, int $timeout = 0): string {
+		if (!empty($data)) {
+			$endpoint .= '?' . \http_build_query($data);
+		}
+		if ($timeout == 0) {
+			$timeout = $this->timeout;
+		}
+
+		$this->resetTowards($endpoint, $timeout);
+		\curl_setopt($this->inner, \CURLOPT_RETURNTRANSFER, true);
+		$ret = \curl_exec($this->inner);
+
+		if ($ret === false) {
+			throw new \RuntimeException(\curl_error($this->inner));
+		}
+		return $ret;
+	}
+
+	/**
+	 * Execute a POST request.
+	 *
+	 * @param string $endpoint Uri endpoint.
+	 * @param ?array $data Optional POST parameters.
+	 * @param int $timeout Optional request timeout in seconds. Use the default timeout if 0.
+	 * @return string Returns the body of the response.
+	 * @throws RuntimeException Throws on IO error.
+	 */
+	public function requestPost(string $endpoint, ?array $data, int $timeout = 0): string {
+		if ($timeout == 0) {
+			$timeout = $this->timeout;
+		}
+
+		$this->resetTowards($endpoint, $timeout);
+		\curl_setopt($this->inner, \CURLOPT_POST, true);
+		if (!empty($data)) {
+			\curl_setopt($this->inner, \CURLOPT_POSTFIELDS, \http_build_query($data));
+		}
+		\curl_setopt($this->inner, \CURLOPT_RETURNTRANSFER, true);
+		$ret = \curl_exec($this->inner);
+
+		if ($ret === false) {
+			throw new \RuntimeException(\curl_error($this->inner));
+		}
+		return $ret;
+	}
+
+	/**
+	 * Download the url's target with curl.
+	 *
+	 * @param string $url Url to the file to download.
+	 * @param ?array $data Optional GET parameters.
+	 * @param resource $fd File descriptor to save the content to.
+	 * @param int $timeout Optional request timeout in seconds. Use the default timeout if 0.
+	 * @return bool Returns true on success, false if the file was too large.
+	 * @throws RuntimeException Throws on IO error.
+	 */
+	public function requestGetInto(string $endpoint, ?array $data, $fd, int $timeout = 0): bool {
+		if (!empty($data)) {
+			$endpoint .= '?' . \http_build_query($data);
+		}
+		if ($timeout == 0) {
+			$timeout = $this->timeout;
+		}
+
+		$this->resetTowards($endpoint, $timeout);
+		// Adapted from: https://stackoverflow.com/a/17642638
+		$opt = (\PHP_MAJOR_VERSION >= 8 && \PHP_MINOR_VERSION >= 2) ? \CURLOPT_XFERINFOFUNCTION : \CURLOPT_PROGRESSFUNCTION;
+		\curl_setopt_array($this->inner, [
+			\CURLOPT_NOPROGRESS => false,
+			$opt => fn($res, $next_dl, $dl, $next_up, $up) => (int)($dl <= $this->max_file_size),
+			\CURLOPT_FAILONERROR => true,
+			\CURLOPT_FOLLOWLOCATION => false,
+			\CURLOPT_FILE => $fd,
+			\CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,
+		]);
+		$ret = \curl_exec($this->inner);
+
+		if ($ret === false) {
+			if (\curl_errno($this->inner) === CURLE_ABORTED_BY_CALLBACK) {
+				return false;
+			}
+
+			throw new \RuntimeException(\curl_error($this->inner));
+		}
+		return true;
+	}
+}

inc/Data/Driver/LogDriver.php

@@ -0,0 +1,22 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+interface LogDriver {
+	public const EMERG = \LOG_EMERG;
+	public const ERROR = \LOG_ERR;
+	public const WARNING = \LOG_WARNING;
+	public const NOTICE = \LOG_NOTICE;
+	public const INFO = \LOG_INFO;
+	public const DEBUG = \LOG_DEBUG;
+
+	/**
+	 * Log a message if the level of relevancy is at least the minimum.
+	 *
+	 * @param int $level Message level. Use Log interface constants.
+	 * @param string $message The message to log.
+	 */
+	public function log(int $level, string $message): void;
+}

inc/Data/Driver/LogTrait.php

@@ -0,0 +1,26 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+trait LogTrait {
+	public static function levelToString(int $level): string {
+		switch ($level) {
+			case LogDriver::EMERG:
+				return 'EMERG';
+			case LogDriver::ERROR:
+				return 'ERROR';
+			case LogDriver::WARNING:
+				return 'WARNING';
+			case LogDriver::NOTICE:
+				return 'NOTICE';
+			case LogDriver::INFO:
+				return 'INFO';
+			case LogDriver::DEBUG:
+				return 'DEBUG';
+			default:
+				throw new \InvalidArgumentException('Not a logging level');
+		}
+	}
+}

inc/Data/Driver/MemcacheCacheDriver.php

@@ -0,0 +1,43 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+class MemcachedCacheDriver implements CacheDriver {
+	private \Memcached $inner;
+
+	public function __construct(string $prefix, string $memcached_server) {
+		$this->inner = new \Memcached();
+		if (!$this->inner->setOption(\Memcached::OPT_BINARY_PROTOCOL, true)) {
+			throw new \RuntimeException('Unable to set the memcached protocol!');
+		}
+		if (!$this->inner->setOption(\Memcached::OPT_PREFIX_KEY, $prefix)) {
+			throw new \RuntimeException('Unable to set the memcached prefix!');
+		}
+		if (!$this->inner->addServers($memcached_server)) {
+			throw new \RuntimeException('Unable to add the memcached server!');
+		}
+	}
+
+	public function get(string $key): mixed {
+		$ret = $this->inner->get($key);
+		// If the returned value is false but the retrival was a success, then the value stored was a boolean false.
+		if ($ret === false && $this->inner->getResultCode() !== \Memcached::RES_SUCCESS) {
+			return null;
+		}
+		return $ret;
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		$this->inner->set($key, $value, (int)$expires);
+	}
+
+	public function delete(string $key): void {
+		$this->inner->delete($key);
+	}
+
+	public function flush(): void {
+		$this->inner->flush();
+	}
+}

inc/Data/Driver/NoneCacheDriver.php

@@ -0,0 +1,26 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * No-op cache. Useful for testing.
+ */
+class NoneCacheDriver implements CacheDriver {
+	public function get(string $key): mixed {
+		return null;
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		// No-op.
+	}
+
+	public function delete(string $key): void {
+		// No-op.
+	}
+
+	public function flush(): void {
+		// No-op.
+	}
+}

inc/Data/Driver/RedisCacheDriver.php

@@ -0,0 +1,48 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+class RedisCacheDriver implements CacheDriver {
+	private string $prefix;
+	private \Redis $inner;
+
+	public function __construct(string $prefix, string $host, int $port, ?string $password, string $database) {
+		$this->inner = new \Redis();
+		$this->inner->connect($host, $port);
+		if ($password) {
+			$this->inner->auth($password);
+		}
+		if (!$this->inner->select($database)) {
+			throw new \RuntimeException('Unable to connect to Redis!');
+		}
+
+		$$this->prefix = $prefix;
+	}
+
+	public function get(string $key): mixed {
+		$ret = $this->inner->get($this->prefix . $key);
+		if ($ret === false) {
+			return null;
+		}
+		return \json_decode($ret, true);
+	}
+
+	public function set(string $key, mixed $value, mixed $expires = false): void {
+		if ($expires === false) {
+			$this->inner->set($this->prefix . $key, \json_encode($value));
+		} else {
+			$expires = $expires * 1000; // Seconds to milliseconds.
+			$this->inner->setex($this->prefix . $key, $expires, \json_encode($value));
+		}
+	}
+
+	public function delete(string $key): void {
+		$this->inner->del($this->prefix . $key);
+	}
+
+	public function flush(): void {
+		$this->inner->flushDB();
+	}
+}

inc/Data/Driver/StderrLogDriver.php

@@ -0,0 +1,27 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+
+/**
+ * Log to php's standard error file stream.
+ */
+class StderrLogDriver implements LogDriver {
+	use LogTrait;
+
+	private string $name;
+	private int $level;
+
+	public function __construct(string $name, int $level) {
+		$this->name = $name;
+		$this->level = $level;
+	}
+
+	public function log(int $level, string $message): void {
+		if ($level <= $this->level) {
+			$lv = $this->levelToString($level);
+			\fwrite(\STDERR, "{$this->name} $lv: $message\n");
+		}
+	}
+}

inc/Data/Driver/SyslogLogDriver.php

@@ -0,0 +1,35 @@
+<?php
+namespace Vichan\Data\Driver;
+
+defined('TINYBOARD') or exit;
+
+/**
+ * Log to syslog.
+ */
+class SyslogLogDriver implements LogDriver {
+	private int $level;
+
+	public function __construct(string $name, int $level, bool $print_stderr) {
+		$flags = \LOG_ODELAY;
+		if ($print_stderr) {
+			$flags |= \LOG_PERROR;
+		}
+
+		if (!\openlog($name, $flags, \LOG_USER)) {
+			throw new \RuntimeException('Unable to open syslog');
+		}
+
+		$this->level = $level;
+	}
+
+	public function log(int $level, string $message): void {
+		if ($level <= $this->level) {
+			if (isset($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI'])) {
+				// CGI
+				\syslog($level, "$message - client: {$_SERVER['REMOTE_ADDR']}, request: \"{$_SERVER['REQUEST_METHOD']} {$_SERVER['REQUEST_URI']}\"");
+			} else {
+				\syslog($level, $message);
+			}
+		}
+	}
+}

inc/anti-bot.php

@@ -1,191 +1,5 @@
 <?php
 
 /*
- *  Copyright (c) 2010-2013 Tinyboard Development Group
+ *  Anti-bot.php has been deprecated and removed due to its functions not being necessary and being easily bypassable, by both customized and uncustomized spambots.
  */
-
-defined('TINYBOARD') or exit;
-
-$hidden_inputs_twig = array();
-
-class AntiBot {
-	public $salt, $inputs = array(), $index = 0;
-	
-	public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
-		$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
-		if ($uppercase)
-			$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-		if ($special_chars)
-			$chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';
-		if ($unicode_chars) {
-			$len = strlen($chars) / 10;
-			for ($n = 0; $n < $len; $n++)
-				$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
-		}
-		
-		$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
-		
-		$ch = array();
-		
-		// fill up $ch until we reach $length
-		while (count($ch) < $length) {
-			$n = $length - count($ch);
-			$keys = array_rand($chars, $n > count($chars) ? count($chars) : $n);
-			if ($n == 1) {
-				$ch[] = $chars[$keys];
-				break;
-			}
-			shuffle($keys);
-			foreach ($keys as $key)
-				$ch[] = $chars[$key];
-		}
-		
-		$chars = $ch;
-		
-		return implode('', $chars);
-	}
-	
-	public static function make_confusing($string) {
-		$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
-		
-		foreach ($chars as &$c) {
-			if (mt_rand(0, 3) != 0)
-				$c = utf8tohtml($c);
-			else
-				$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
-		}
-		
-		return implode('', $chars);
-	}
-	
-	public function __construct(array $salt = array()) {
-		global $config;
-		
-		if (!empty($salt)) {
-			// create a salted hash of the "extra salt"
-			$this->salt = implode(':', $salt);
-		} else { 
-			$this->salt = '';
-		}
-		
-		shuffle($config['spam']['hidden_input_names']);
-		
-		$input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
-		$hidden_input_names_x = 0;
-		
-		for ($x = 0; $x < $input_count ; $x++) {
-			if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
-				// Use an obscure name
-				$name = $this->randomString(mt_rand(10, 40), false, false, $config['spam']['unicode']);
-			} else {
-				// Use a pre-defined confusing name
-				$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
-				if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
-					$hidden_input_names_x = false;
-			}
-			
-			if (mt_rand(0, 2) == 0) {
-				// Value must be null
-				$this->inputs[$name] = '';
-			} elseif (mt_rand(0, 4) == 0) {
-				// Numeric value
-				$this->inputs[$name] = (string)mt_rand(0, 100000);
-			} else {
-				// Obscure value
-				$this->inputs[$name] = $this->randomString(mt_rand(5, 100), true, true, $config['spam']['unicode']);
-			}
-		}
-	}
-	
-	public static function space() {
-		if (mt_rand(0, 3) != 0)
-			return ' ';
-		return str_repeat(' ', mt_rand(1, 3));
-	}
-	
-	public function html($count = false) {
-		global $config;
-		
-		$elements = array(
-			'<input type="hidden" name="%name%" value="%value%">',
-			'<input type="hidden" value="%value%" name="%name%">',
-			'<input name="%name%" value="%value%" type="hidden">',
-			'<input value="%value%" name="%name%" type="hidden">',
-			'<input style="display:none" type="text" name="%name%" value="%value%">',
-			'<input style="display:none" type="text" value="%value%" name="%name%">',
-			'<span style="display:none"><input type="text" name="%name%" value="%value%"></span>',
-			'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
-			'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
-			'<textarea style="display:none" name="%name%">%value%</textarea>',
-			'<textarea name="%name%" style="display:none">%value%</textarea>'
-		);
-		
-		$html = '';
-		
-		if ($count === false) {
-			$count = mt_rand(1, abs(count($this->inputs) / 15) + 1);
-		}
-		
-		if ($count === true) {
-			// all elements
-			$inputs = array_slice($this->inputs, $this->index);
-		} else {
-			$inputs = array_slice($this->inputs, $this->index, $count);
-		}
-		$this->index += count($inputs);
-		
-		foreach ($inputs as $name => $value) {
-			$element = false;
-			while (!$element) {
-				$element = $elements[array_rand($elements)];
-				$element = str_replace(' ', self::space(), $element);
-				if (mt_rand(0, 5) == 0)
-					$element = str_replace('>', self::space() . '>', $element);
-				if (strpos($element, 'textarea') !== false && $value == '') {
-					// There have been some issues with mobile web browsers and empty <textarea>'s.
-					$element = false;
-				}
-			}
-			
-			$element = str_replace('%name%', utf8tohtml($name), $element);
-			
-			if (mt_rand(0, 2) == 0)
-				$value = $this->make_confusing($value);
-			else
-				$value = utf8tohtml($value);
-			
-			if (strpos($element, 'textarea') === false)
-				$value = str_replace('"', '&quot;', $value);
-			
-			$element = str_replace('%value%', $value, $element);
-			
-			$html .= $element;
-		}
-		
-		return $html;
-	}
-	
-	public function reset() {
-		$this->index = 0;
-	}
-	
-	public function hash() {
-		global $config;
-		
-		// This is the tricky part: create a hash to validate it after
-		// First, sort the keys in alphabetical order (A-Z)
-		$inputs = $this->inputs;
-		ksort($inputs);
-		
-		$hash = '';
-		// Iterate through each input
-		foreach ($inputs as $name => $value) {
-			$hash .= $name . '=' . $value;
-		}
-		// Add a salt to the hash
-		$hash .= $config['cookies']['salt'];
-		
-		// Use SHA1 for the hash
-		return sha1($hash . $this->salt);
-	}
-}

inc/api.php

@@ -9,14 +9,49 @@ defined('TINYBOARD') or exit;
  * Class for generating json API compatible with 4chan API
  */
 class Api {
-	function __construct(){
-		global $config;
-		/**
-		 * Translation from local fields to fields in 4chan-style API
-		 */
-		$this->config = $config;
+	private bool $show_filename;
+	private bool $hide_email;
+	private bool $country_flags;
+	private array $postFields;
 
-		$this->postFields = array(
+	private const INTS = [
+		'no' => 1,
+		'resto' => 1,
+		'time' => 1,
+		'tn_w' => 1,
+		'tn_h' => 1,
+		'w' => 1,
+		'h' => 1,
+		'fsize' => 1,
+		'omitted_posts' => 1,
+		'omitted_images' => 1,
+		'replies' => 1,
+		'images' => 1,
+		'sticky' => 1,
+		'locked' => 1,
+		'last_modified' => 1
+	];
+
+	private const THREADS_PAGE_FIELDS = [
+		'id' => 'no',
+		'bump' => 'last_modified'
+	];
+
+	private const FILE_FIELDS = [
+		'thumbheight' => 'tn_h',
+		'thumbwidth' => 'tn_w',
+		'height' => 'h',
+		'width' => 'w',
+		'size' => 'fsize'
+	];
+
+	public function __construct(bool $show_filename, bool $hide_email, bool $country_flags) {
+		// Translation from local fields to fields in 4chan-style API
+		$this->show_filename = $show_filename;
+		$this->hide_email = $hide_email;
+		$this->country_flags = $country_flags;
+
+		$this->postFields = [
 			'id' => 'no',
 			'thread' => 'resto',
 			'subject' => 'sub',
@@ -35,83 +70,65 @@ class Api {
 			'cycle' => 'cyclical',
 			'bump' => 'last_modified',
 			'embed' => 'embed',
-		);
-
-		$this->threadsPageFields = array(
-			'id' => 'no',
-			'bump' => 'last_modified'
-		);
-
-		$this->fileFields = array(
-			'thumbheight' => 'tn_h',
-			'thumbwidth' => 'tn_w',
-			'height' => 'h',
-			'width' => 'w',
-			'size' => 'fsize',
-		);
+		];
 
 		if (isset($config['api']['extra_fields']) && gettype($config['api']['extra_fields']) == 'array'){
 			$this->postFields = array_merge($this->postFields, $config['api']['extra_fields']);
 		}
 	}
 
-	private static $ints = array(
-		'no' => 1,
-		'resto' => 1,
-		'time' => 1,
-		'tn_w' => 1,
-		'tn_h' => 1,
-		'w' => 1,
-		'h' => 1,
-		'fsize' => 1,
-		'omitted_posts' => 1,
-		'omitted_images' => 1,
-		'replies' => 1,
-		'images' => 1,
-		'sticky' => 1,
-		'locked' => 1,
-		'last_modified' => 1
-	);
-
 	private function translateFields($fields, $object, &$apiPost) {
 		foreach ($fields as $local => $translated) {
-			if (!isset($object->$local))
+			if (!isset($object->$local)) {
 				continue;
+			}
 
-			$toInt = isset(self::$ints[$translated]);
+			$toInt = isset(self::INTS[$translated]);
 			$val = $object->$local;
+			if ($this->hide_email && $local === 'email') {
+				$val = '';
+			}
 			if ($val !== null && $val !== '') {
 				$apiPost[$translated] = $toInt ? (int) $val : $val;
 			}
-
 		}
 	}
 
 	private function translateFile($file, $post, &$apiPost) {
-		$this->translateFields($this->fileFields, $file, $apiPost);
-		$apiPost['filename'] = @substr($file->name, 0, strrpos($file->name, '.'));
+		$this->translateFields(self::FILE_FIELDS, $file, $apiPost);
 		$dotPos = strrpos($file->file, '.');
 		$apiPost['ext'] = substr($file->file, $dotPos);
 		$apiPost['tim'] = substr($file->file, 0, $dotPos);
+
+		if ($this->show_filename) {
+			$apiPost['filename'] = @substr($file->name, 0, strrpos($file->name, '.'));
+		} else {
+			$apiPost['filename'] = substr($file->file, 0, $dotPos);
+		}
 		if (isset ($file->hash) && $file->hash) {
 			$apiPost['md5'] = base64_encode(hex2bin($file->hash));
-		}
-		else if (isset ($post->filehash) && $post->filehash) {
+		} elseif (isset ($post->filehash) && $post->filehash) {
 			$apiPost['md5'] = base64_encode(hex2bin($post->filehash));
 		}
 	}
 
-	private function translatePost($post, $threadsPage = false) {
+	private function translatePost($post, bool $threadsPage = false) {
 		global $config, $board;
-		$apiPost = array();
-		$fields = $threadsPage ? $this->threadsPageFields : $this->postFields;
+
+		$apiPost = [];
+		$fields = $threadsPage ? self::THREADS_PAGE_FIELDS : $this->postFields;
 		$this->translateFields($fields, $post, $apiPost);
 
-		if (isset($config['poster_ids']) && $config['poster_ids']) $apiPost['id'] = poster_id($post->ip, $post->thread, $board['uri']);
-		if ($threadsPage) return $apiPost;
+
+		if (isset($config['poster_ids']) && $config['poster_ids']) {
+			$apiPost['id'] = poster_id($post->ip, $post->thread ?? $post->id);
+		}
+		if ($threadsPage) {
+			return $apiPost;
+		}
 
 		// Handle country field
-		if (isset($post->body_nomarkup) && $this->config['country_flags']) {
+		if (isset($post->body_nomarkup) && $this->country_flags) {
 			$modifiers = extract_modifiers($post->body_nomarkup);
 			if (isset($modifiers['flag']) && isset($modifiers['flag alt']) && preg_match('/^[a-z]{2}$/', $modifiers['flag'])) {
 				$country = strtoupper($modifiers['flag']);
@@ -131,12 +148,15 @@ class Api {
 		if (isset($post->files) && $post->files && !$threadsPage) {
 			$file = $post->files[0];
 			$this->translateFile($file, $post, $apiPost);
-			if (sizeof($post->files) > 1) {
-				$extra_files = array();
-				foreach ($post->files as $i => $f) {
-					if ($i == 0) continue;
 
-					$extra_file = array();
+			if (sizeof($post->files) > 1) {
+				$extra_files = [];
+				foreach ($post->files as $i => $f) {
+					if ($i == 0) {
+						continue;
+					}
+
+					$extra_file = [];
 					$this->translateFile($f, $post, $extra_file);
 
 					$extra_files[] = $extra_file;
@@ -148,8 +168,8 @@ class Api {
 		return $apiPost;
 	}
 
-	function translateThread(Thread $thread, $threadsPage = false) {
-		$apiPosts = array();
+	public function translateThread(Thread $thread, bool $threadsPage = false) {
+		$apiPosts = [];
 		$op = $this->translatePost($thread, $threadsPage);
 		if (!$threadsPage) $op['resto'] = 0;
 		$apiPosts['posts'][] = $op;
@@ -161,16 +181,16 @@ class Api {
 		return $apiPosts;
 	}
 
-	function translatePage(array $threads) {
-		$apiPage = array();
+	public function translatePage(array $threads) {
+		$apiPage = [];
 		foreach ($threads as $thread) {
 			$apiPage['threads'][] = $this->translateThread($thread);
 		}
 		return $apiPage;
 	}
 
-	function translateCatalogPage(array $threads, $threadsPage = false) {
-		$apiPage = array();
+	public function translateCatalogPage(array $threads, bool $threadsPage = false) {
+		$apiPage = [];
 		foreach ($threads as $thread) {
 			$ts = $this->translateThread($thread, $threadsPage);
 			$apiPage['threads'][] = current($ts['posts']);
@@ -178,8 +198,8 @@ class Api {
 		return $apiPage;
 	}
 
-	function translateCatalog($catalog, $threadsPage = false) {
-		$apiCatalog = array();
+	public function translateCatalog($catalog, bool $threadsPage = false) {
+		$apiCatalog = [];
 		foreach ($catalog as $page => $threads) {
 			$apiPage = $this->translateCatalogPage($threads, $threadsPage);
 			$apiPage['page'] = $page;

inc/bans.php

@@ -1,8 +1,163 @@
 <?php
 
+use Vichan\Functions\Format;
 use Lifo\IP\CIDR;
 
 class Bans {
+	static private function shouldDelete(array $ban, bool $require_ban_view) {
+		return $ban['expires'] && ($ban['seen'] || !$require_ban_view) && $ban['expires'] < time();
+	}
+
+	static private function deleteBans(array $ban_ids) {
+		$len = count($ban_ids);
+		if ($len === 1) {
+			$query = prepare('DELETE FROM ``bans`` WHERE `id` = :id');
+			$query->bindValue(':id', $ban_ids[0], PDO::PARAM_INT);
+			$query->execute() or error(db_error());
+
+			Vichan\Functions\Theme\rebuild_themes('bans');
+		} elseif ($len >= 1) {
+			// Build the query.
+			$query = 'DELETE FROM ``bans`` WHERE `id` IN (';
+			for ($i = 0; $i < $len; $i++) {
+				$query .= ":id{$i},";
+			}
+			// Substitute the last comma with a parenthesis.
+			substr_replace($query, ')', strlen($query) - 1);
+
+			// Bind the params
+			$query = prepare($query);
+			for ($i = 0; $i < $len; $i++) {
+				$query->bindValue(":id{$i}", (int)$ban_ids[$i], PDO::PARAM_INT);
+			}
+
+			$query->execute() or error(db_error());
+
+			Vichan\Functions\Theme\rebuild_themes('bans');
+		}
+	}
+
+	static private function findSingleAutoGc(string $ip, int $ban_id, bool $require_ban_view) {
+		// Use OR in the query to also garbage collect bans.
+		$query = prepare(
+			'SELECT ``bans``.* FROM ``bans``
+			 WHERE ((`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)) OR (``bans``.id = :id))
+			 ORDER BY `expires` IS NULL, `expires` DESC'
+		);
+
+		$query->bindValue(':id', $ban_id);
+		$query->bindValue(':ip', inet_pton($ip));
+
+		$query->execute() or error(db_error($query));
+
+		$found_ban = null;
+		$to_delete_list = [];
+
+		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
+			if (self::shouldDelete($ban, $require_ban_view)) {
+				$to_delete_list[] = $ban['id'];
+			} elseif ($ban['id'] === $ban_id) {
+				if ($ban['post']) {
+					$ban['post'] = json_decode($ban['post'], true);
+				}
+				$ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
+				$found_ban = $ban;
+			}
+		}
+
+		self::deleteBans($to_delete_list);
+
+		return $found_ban;
+	}
+
+	static private function findSingleNoGc(int $ban_id) {
+		$query = prepare(
+			'SELECT ``bans``.* FROM ``bans``
+			 WHERE ``bans``.id = :id
+			 ORDER BY `expires` IS NULL, `expires` DESC
+			 LIMIT 1'
+		);
+
+		$query->bindValue(':id', $ban_id);
+
+		$query->execute() or error(db_error($query));
+		$ret = $query->fetch(PDO::FETCH_ASSOC);
+		if ($query->rowCount() == 0) {
+			return null;
+		} else {
+			if ($ret['post']) {
+				$ret['post'] = json_decode($ret['post'], true);
+			}
+			$ret['mask'] = self::range_to_string([$ret['ipstart'], $ret['ipend']]);
+
+			return $ret;
+		}
+	}
+
+	static private function findAutoGc(?string $ip, $board, bool $get_mod_info, bool $require_ban_view, ?int $ban_id): array {
+		$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
+		' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
+		WHERE
+			(' . ($board !== false ? '(`board` IS NULL OR `board` = :board) AND' : '') . '
+			(`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)) OR (``bans``.id = :id))
+		ORDER BY `expires` IS NULL, `expires` DESC');
+
+		if ($board !== false) {
+			$query->bindValue(':board', $board, PDO::PARAM_STR);
+		}
+
+		$query->bindValue(':id', $ban_id);
+		$query->bindValue(':ip', inet_pton($ip));
+		$query->execute() or error(db_error($query));
+
+		$ban_list = [];
+		$to_delete_list = [];
+
+		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
+			if (self::shouldDelete($ban, $require_ban_view)) {
+				$to_delete_list[] = $ban['id'];
+			} else {
+				if ($ban['post']) {
+					$ban['post'] = json_decode($ban['post'], true);
+				}
+				$ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
+				$ban_list[] = $ban;
+			}
+		}
+
+		self::deleteBans($to_delete_list);
+
+		return $ban_list;
+	}
+
+	static private function findNoGc(?string $ip, string $board, bool $get_mod_info, ?int $ban_id): array {
+		$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
+		' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
+		WHERE
+			(' . ($board !== false ? '(`board` IS NULL OR `board` = :board) AND' : '') . '
+			(`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)) OR (``bans``.id = :id))
+			AND (`expires` IS NULL OR `expires` >= :curr_time)
+		ORDER BY `expires` IS NULL, `expires` DESC');
+
+		if ($board !== false) {
+			$query->bindValue(':board', $board, PDO::PARAM_STR);
+		}
+
+		$query->bindValue(':id', $ban_id);
+		$query->bindValue(':ip', inet_pton($ip));
+		$query->bindValue(':curr_time', time());
+		$query->execute() or error(db_error($query));
+
+		$ban_list = $query->fetchAll(PDO::FETCH_ASSOC);
+		array_walk($ban_list, function (&$ban, $_index) {
+			if ($ban['post']) {
+				$ban['post'] = json_decode($ban['post'], true);
+			}
+			$ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
+		});
+		return $ban_list;
+	}
+
 	static public function range_to_string($mask) {
 		list($ipstart, $ipend) = $mask;
 
@@ -26,7 +181,7 @@ class Bans {
 		$cidr = new CIDR($mask);
 		$range = $cidr->getRange();
 
-		return array(inet_pton($range[0]), inet_pton($range[1]));
+		return [ inet_pton($range[0]), inet_pton($range[1]) ];
 	}
 
 	public static function parse_time($str) {
@@ -110,42 +265,27 @@ class Bans {
 				return false;
 		}
 
-		return array($ipstart, $ipend);
+		return [$ipstart, $ipend];
 	}
 
-	static public function find($ip, $board = false, $get_mod_info = false) {
+	static public function findSingle(string $ip, int $ban_id, bool $require_ban_view, bool $auto_gc) {
+		if ($auto_gc) {
+			return self::findSingleAutoGc($ip, $ban_id, $require_ban_view);
+		} else {
+			return self::findSingleNoGc($ban_id);
+		}
+	}
+
+	static public function find(?string $ip, $board = false, bool $get_mod_info = false, ?int $ban_id = null, bool $auto_gc = true) {
 		global $config;
 
-		$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
-		' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
-		WHERE
-			(' . ($board !== false ? '(`board` IS NULL OR `board` = :board) AND' : '') . '
-			(`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)))
-		ORDER BY `expires` IS NULL, `expires` DESC');
-		
-		if ($board !== false)
-			$query->bindValue(':board', $board, PDO::PARAM_STR);
-		
-		$query->bindValue(':ip', inet_pton($ip));
-		$query->execute() or error(db_error($query));
-		
-		$ban_list = array();
-		
-		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
-			if ($ban['expires'] && ($ban['seen'] || !$config['require_ban_view']) && $ban['expires'] < time()) {
-				self::delete($ban['id']);
+		if ($auto_gc) {
+			return self::findAutoGc($ip, $board, $get_mod_info, $config['require_ban_view'], $ban_id);
 		} else {
-				if ($ban['post'])
-					$ban['post'] = json_decode($ban['post'], true);
-				$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
-				$ban['cmask'] = cloak_mask($ban['mask']);
-				$ban_list[] = $ban;
+			return self::findNoGc($ip, $board, $get_mod_info, $ban_id);
 		}
 	}
 
-		return $ban_list;
-	}
-
 	static public function stream_json($out = false, $filter_ips = false, $filter_staff = false, $board_access = false) {
 		$query = query("SELECT ``bans``.*, `username` FROM ``bans``
 			LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`
@@ -159,8 +299,7 @@ class Bans {
 		$end = end($bans);
 
 		foreach ($bans as &$ban) {
-			$uncloaked_mask = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
-			$ban['mask'] = cloak_mask($uncloaked_mask);
+			$ban['mask'] = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
 
 			if ($ban['post']) {
 				$post = json_decode($ban['post']);
@@ -204,12 +343,24 @@ class Bans {
 
 	static public function seen($ban_id) {
 		$query = query("UPDATE ``bans`` SET `seen` = 1 WHERE `id` = " . (int)$ban_id) or error(db_error());
-                rebuildThemes('bans');
+                Vichan\Functions\Theme\rebuild_themes('bans');
 	}
 
-	static public function purge() {
-		$query = query("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < " . time() . " AND `seen` = 1") or error(db_error());
-		rebuildThemes('bans');
+	static public function purge($require_seen, $moratorium) {
+		if ($require_seen) {
+			$query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` + :moratorium < :curr_time AND `seen` = 1");
+		} else {
+			$query = prepare("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` + :moratorium < :curr_time");
+		}
+		$query->bindValue(':moratorium', $moratorium);
+		$query->bindValue(':curr_time', time());
+		$query->execute() or error(db_error($query));
+
+		$affected = $query->rowCount();
+		if ($affected > 0) {
+			Vichan\Functions\Theme\rebuild_themes('bans');
+		}
+		return $affected;
 	}
 
 	static public function delete($ban_id, $modlog = false, $boards = false, $dont_rebuild = false) {
@@ -227,8 +378,7 @@ class Bans {
 			if ($boards !== false && !in_array($ban['board'], $boards))
 		                error($config['error']['noaccess']);
 
-			$mask = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
-			$cloaked_mask = cloak_mask($mask);
+			$mask = self::range_to_string([$ban['ipstart'], $ban['ipend']]);
 
 			modLog("Removed ban #{$ban_id} for " .
 				(filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/$cloaked_mask\">$cloaked_mask</a>" : $cloaked_mask));
@@ -236,7 +386,7 @@ class Bans {
 
 		query("DELETE FROM ``bans`` WHERE `id` = " . (int)$ban_id) or error(db_error());
 
-		if (!$dont_rebuild) rebuildThemes('bans');
+		if (!$dont_rebuild) Vichan\Functions\Theme\rebuild_themes('bans');
 
 		return true;
 	}
@@ -289,24 +439,33 @@ class Bans {
 			$query->bindValue(':board', null, PDO::PARAM_NULL);
 
 		if ($post) {
+			if (!isset($board['uri']))
+				openBoard($post['board']);
+
 			$post['board'] = $board['uri'];
+			/*
+			 * The body can be so long to make the json longer than 64KBs, causing the query to fail.
+			 * Truncate it to a safe length (32KBs). It could probably be longer, but if the deleted body is THAT big
+			 * already, the likelihood of it being just assorted spam/garbage is about 101%.
+			 */
+			// We're on UTF-8 only, right...?
+			$post['body'] = mb_strcut($post['body'], 0, 32768);
+
 			$query->bindValue(':post', json_encode($post));
 		} else
 			$query->bindValue(':post', null, PDO::PARAM_NULL);
 
 		$query->execute() or error(db_error($query));
-		if (isset($mod['id']) && $mod['id'] == $mod_id) {
-			modLog('Created a new ' .
-				($length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', until($length)) : 'permanent') .
-				' ban on ' .
-				($ban_board ? '/' . $ban_board . '/' : 'all boards') .
-				' for ' .
-				(filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/$cloaked_mask\">$cloaked_mask</a>" : $cloaked_mask) .
-				' (<small>#' . $pdo->lastInsertId() . '</small>)' .
-				' with ' . ($reason ? 'reason: ' . utf8tohtml($reason) . '' : 'no reason'));
-		}
 
-		rebuildThemes('bans');
+		$ban_len = $length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', Format\until($length)) : 'permanent';
+		$ban_board = $ban_board ? "/$ban_board/" : 'all boards';
+		$ban_ip = filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/$cloaked_mask\">$cloaked_mask</a>" : $cloaked_mask;
+		$ban_id = $pdo->lastInsertId();
+		$ban_reason = $reason ? 'reason: ' . utf8tohtml($reason) : 'no reason';
+
+		modLog("Created a new $ban_len ban on $ban_board for $ban_ip (<small># $ban_id </small>) with $ban_reason");
+
+		Vichan\Functions\Theme\rebuild_themes('bans');
 
 		return $pdo->lastInsertId();
 	}

inc/cache.php

@@ -4,185 +4,89 @@
  *  Copyright (c) 2010-2013 Tinyboard Development Group
  */
 
+use Vichan\Data\Driver\{CacheDriver, ApcuCacheDriver, ArrayCacheDriver, FsCacheDriver, MemcachedCacheDriver, NoneCacheDriver, RedisCacheDriver};
+
 defined('TINYBOARD') or exit;
 
+
 class Cache {
-	private static $cache;
-	public static function init() {
+	private static function buildCache(): CacheDriver {
 		global $config;
 
 		switch ($config['cache']['enabled']) {
 			case 'memcached':
-				self::$cache = new Memcached();
-				self::$cache->addServers($config['cache']['memcached']);
-				break;
+				return new MemcachedCacheDriver(
+					$config['cache']['prefix'],
+					$config['cache']['memcached']
+				);
 			case 'redis':
-				self::$cache = new Redis();
-				self::$cache->connect($config['cache']['redis'][0], $config['cache']['redis'][1]);
-				if ($config['cache']['redis'][2]) {
-					self::$cache->auth($config['cache']['redis'][2]);
-				}
-				self::$cache->select($config['cache']['redis'][3]) or die('cache select failure');
-				break;
+				return new RedisCacheDriver(
+					$config['cache']['prefix'],
+					$config['cache']['redis'][0],
+					$config['cache']['redis'][1],
+					$config['cache']['redis'][2],
+					$config['cache']['redis'][3]
+				);
+			case 'apcu':
+				return new ApcuCacheDriver;
+			case 'fs':
+				return new FsCacheDriver(
+					$config['cache']['prefix'],
+					"tmp/cache/{$config['cache']['prefix']}",
+					'.lock',
+					$config['auto_maintenance'] ? 1000 : false
+				);
+			case 'none':
+				return new NoneCacheDriver();
 			case 'php':
-				self::$cache = array();
-				break;
+			default:
+				return new ArrayCacheDriver();
 		}
 	}
+
+	public static function getCache(): CacheDriver {
+		static $cache;
+		return $cache ??= self::buildCache();
+	}
+
 	public static function get($key) {
 		global $config, $debug;
 
-		$key = $config['cache']['prefix'] . $key;
-		
-		$data = false;
-		switch ($config['cache']['enabled']) {
-			case 'memcached':
-				if (!self::$cache)
-					self::init();
-				$data = self::$cache->get($key);
-				break;
-			case 'apc':
-				$data = apc_fetch($key);
-				break;
-			case 'apcu':
-				$data = apcu_fetch($key);
-				break;
-			case 'xcache':
-				$data = xcache_get($key);
-				break;
-			case 'php':
-				$data = isset(self::$cache[$key]) ? self::$cache[$key] : false;
-				break;
-			case 'fs':
-				$key = str_replace('/', '::', $key);
-				$key = str_replace("\0", '', $key);
-				if (!file_exists('tmp/cache/'.$key)) {
-					$data = false;
-				}
-				else {
-					$data = file_get_contents('tmp/cache/'.$key);
-					$data = json_decode($data, true);
-				}
-				break;
-			case 'redis':
-				if (!self::$cache)
-					self::init();
-				$data = json_decode(self::$cache->get($key), true);
-				break;
+		$ret = self::getCache()->get($key);
+		if ($ret === null) {
+			$ret = false;
 		}
 
-		if ($config['debug'])
-			$debug['cached'][] = $key . ($data === false ? ' (miss)' : ' (hit)');
+		if ($config['debug']) {
+			$debug['cached'][] = $config['cache']['prefix'] . $key . ($ret === false ? ' (miss)' : ' (hit)');
+		}
 
-		return $data;
+		return $ret;
 	}
 	public static function set($key, $value, $expires = false) {
 		global $config, $debug;
 
-		$key = $config['cache']['prefix'] . $key;
-		
-		if (!$expires)
+		if (!$expires) {
 			$expires = $config['cache']['timeout'];
-		
-		switch ($config['cache']['enabled']) {
-			case 'memcached':
-				if (!self::$cache)
-					self::init();
-				self::$cache->set($key, $value, $expires);
-				break;
-			case 'redis':
-				if (!self::$cache)
-					self::init();
-				self::$cache->setex($key, $expires, json_encode($value));
-				break;
-			case 'apc':
-				apc_store($key, $value, $expires);
-				break;
-			case 'apcu':
-				apcu_store($key, $value, $expires);
-				break;
-			case 'xcache':
-				xcache_set($key, $value, $expires);
-				break;
-			case 'fs':
-				$key = str_replace('/', '::', $key);
-				$key = str_replace("\0", '', $key);
-				file_put_contents('tmp/cache/'.$key, json_encode($value));
-				break;
-			case 'php':
-				self::$cache[$key] = $value;
-				break;
 		}
 
-		if ($config['debug'])
-			$debug['cached'][] = $key . ' (set)';
+		self::getCache()->set($key, $value, $expires);
+
+		if ($config['debug']) {
+			$debug['cached'][] = $config['cache']['prefix'] . $key . ' (set)';
+		}
 	}
 	public static function delete($key) {
 		global $config, $debug;
 
-		$key = $config['cache']['prefix'] . $key;
+		self::getCache()->delete($key);
 
-		switch ($config['cache']['enabled']) {
-			case 'memcached':
-				if (!self::$cache)
-					self::init();
-				self::$cache->delete($key);
-				break;
-			case 'redis':
-				if (!self::$cache)
-					self::init();
-				self::$cache->del($key);
-				break;
-			case 'apc':
-				apc_delete($key);
-				break;
-			case 'apcu':
-				apcu_delete($key);
-				break;
-			case 'xcache':
-				xcache_unset($key);
-				break;
-			case 'fs':
-				$key = str_replace('/', '::', $key);
-				$key = str_replace("\0", '', $key);
-				@unlink('tmp/cache/'.$key);
-				break;
-			case 'php':
-				unset(self::$cache[$key]);
-				break;
+		if ($config['debug']) {
+			$debug['cached'][] = $config['cache']['prefix'] . $key . ' (deleted)';
 		}
-		
-		if ($config['debug'])
-			$debug['cached'][] = $key . ' (deleted)';
 	}
 	public static function flush() {
-		global $config;
-		
-		switch ($config['cache']['enabled']) {
-			case 'memcached':
-				if (!self::$cache)
-					self::init();
-				return self::$cache->flush();
-			case 'apc':
-				return apc_clear_cache('user');
-			case 'apcu':
-				return apcu_clear_cache('user');
-			case 'php':
-				self::$cache = array();
-				break;
-			case 'fs':
-				$files = glob('tmp/cache/*');
-				foreach ($files as $file) {
-					unlink($file);
-				}
-				break;
-			case 'redis':
-				if (!self::$cache)
-					self::init();
-				return self::$cache->flushDB();
-		}
-		
+		self::getCache()->flush();
 		return false;
 	}
 }
-

inc/captcha/captcha.php

@@ -41,7 +41,7 @@ class CzaksCaptcha {
   function mutate_sizes() {
     foreach ($this->content as &$v) {
       if (!isset ($v['font-size']))
-        $v['font-size'] = rand($this->height/3 - 4, $this->height/3 + 8);
+        $v['font-size'] = rand(intval($this->height/3) - 4, intval($this->height/3) + 8);
     }
   }
   function mutate_positions() {

inc/captcha/dbschema.sql

@@ -1,9 +0,0 @@
-SET NAMES utf8;
-
-CREATE TABLE `captchas` (
-  `cookie` VARCHAR(50),
-  `extra` VARCHAR(200),
-  `text` VARCHAR(255),
-  `created_at` INT(11),
-  PRIMARY KEY (cookie, extra)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4;

inc/captcha/readme.md

@@ -1,7 +1,5 @@
 I integrated this from: https://github.com/ctrlcctrlv/infinity/commit/62a6dac022cb338f7b719d0c35a64ab3efc64658
 
-<strike>First import the captcha/dbschema.sql in your database</strike> it is no longer required.
-
 In inc/captcha/config.php change the database_name database_user database_password to your own settings.
 
 Add js/captcha.js in your secrets.php or config.php

inc/context.php

@@ -0,0 +1,91 @@
+<?php
+namespace Vichan;
+
+use Vichan\Data\Driver\{CacheDriver, HttpDriver, ErrorLogLogDriver, FileLogDriver, LogDriver, StderrLogDriver, SyslogLogDriver};
+use Vichan\Service\HCaptchaQuery;
+use Vichan\Service\NativeCaptchaQuery;
+use Vichan\Service\ReCaptchaQuery;
+use Vichan\Service\RemoteCaptchaQuery;
+
+defined('TINYBOARD') or exit;
+
+class Context {
+	private array $definitions;
+
+	public function __construct(array $definitions) {
+		$this->definitions = $definitions;
+	}
+
+	public function get(string $name){
+		if (!isset($this->definitions[$name])) {
+			throw new \RuntimeException("Could not find a dependency named $name");
+		}
+
+		$ret = $this->definitions[$name];
+		if (is_callable($ret) && !is_string($ret) && !is_array($ret)) {
+			$ret = $ret($this);
+			$this->definitions[$name] = $ret;
+		}
+		return $ret;
+	}
+}
+
+function build_context(array $config): Context {
+	return new Context([
+		'config' => $config,
+		LogDriver::class => function($c) {
+			$config = $c->get('config');
+
+			$name = $config['log_system']['name'];
+			$level = $config['debug'] ? LogDriver::DEBUG : LogDriver::NOTICE;
+			$backend = $config['log_system']['type'];
+
+			// Check 'syslog' for backwards compatibility.
+			if ((isset($config['syslog']) && $config['syslog']) || $backend === 'syslog') {
+				return new SyslogLogDriver($name, $level, $this->config['log_system']['syslog_stderr']);
+			} elseif ($backend === 'file') {
+				return new FileLogDriver($name, $level, $this->config['log_system']['file_path']);
+			} elseif ($backend === 'stderr') {
+				return new StderrLogDriver($name, $level);
+			} else {
+				return new ErrorLogLogDriver($name, $level);
+			}
+		},
+		HttpDriver::class => function($c) {
+			$config = $c->get('config');
+			return new HttpDriver($config['upload_by_url_timeout'], $config['max_filesize']);
+		},
+		RemoteCaptchaQuery::class => function($c) {
+			$config = $c->get('config');
+			$http = $c->get(HttpDriver::class);
+			switch ($config['captcha']['provider']) {
+				case 'recaptcha':
+					return new ReCaptchaQuery($http, $config['captcha']['recaptcha']['secret']);
+				case 'hcaptcha':
+					return new HCaptchaQuery(
+						$http,
+						$config['captcha']['hcaptcha']['secret'],
+						$config['captcha']['hcaptcha']['sitekey']
+					);
+				default:
+					throw new \RuntimeException('No remote captcha service available');
+			}
+		},
+		NativeCaptchaQuery::class => function($c) {
+			$config = $c->get('config');
+			if ($config['captcha']['provider'] !== 'native') {
+				throw new \RuntimeException('No native captcha service available');
+			}
+			return new NativeCaptchaQuery(
+				$c->get(HttpDriver::class),
+				$config['domain'],
+				$config['captcha']['native']['provider_check'],
+				$config['captcha']['native']['extra']
+			);
+		},
+		CacheDriver::class => function($c) {
+			// Use the global for backwards compatibility.
+			return \cache::getCache();
+		}
+	]);
+}

inc/controller.php

@@ -85,24 +85,24 @@ function sb_api($b) { global $config, $build_pages;
 }
 
 function sb_ukko() {
-  rebuildTheme("ukko", "post-thread");
+  Vichan\Functions\Theme\rebuild_theme("ukko", "post-thread");
   return true;
 }
 
 function sb_catalog($b) {
   if (!openBoard($b)) return false;
 
-  rebuildTheme("catalog", "post-thread", $b); 
+  Vichan\Functions\Theme\rebuild_theme("catalog", "post-thread", $b); 
   return true;
 }
 
 function sb_recent() {
-  rebuildTheme("recent", "post-thread");
+  Vichan\Functions\Theme\rebuild_theme("recent", "post-thread");
   return true;
 }
 
 function sb_sitemap() {
-  rebuildTheme("sitemap", "all");
+  Vichan\Functions\Theme\rebuild_theme("sitemap", "all");
   return true;
 }
 

inc/display.php

@@ -71,7 +71,7 @@ function createBoardlist($mod=false) {
 	);
 }
 
-function error($message, $priority = true, $debug_stuff = false) {
+function error($message, $priority = true, $debug_stuff = []) {
 	global $board, $mod, $config, $db_error;
 
 	if ($config['syslog'] && $priority !== false) {
@@ -348,8 +348,25 @@ class Post {
 			$this->{$key} = $value;
 		}
 
-		if (isset($this->files) && $this->files)
-			$this->files = @json_decode($this->files);
+		if (isset($this->files) && $this->files) {
+			$this->files = is_string($this->files) ? json_decode($this->files) : $this->files;
+			// Compatibility for posts before individual file hashing
+						foreach ($this->files as $i => &$file) {
+				if (empty($file)) {
+					unset($this->files[$i]);
+					continue;
+				}
+				if (is_array($file)) {
+					if (!isset($file['hash'])) {
+						$file['hash'] = $this->filehash;
+					}
+				} else if (is_object($file)) {
+					if (!isset($file->hash)) {
+						$file->hash = $this->filehash;
+					}
+				}
+			}
+		}
 
 		$this->subject = utf8tohtml($this->subject);
 		$this->name = utf8tohtml($this->name);
@@ -384,7 +401,18 @@ class Post {
 	public function build($index=false) {
 		global $board, $config;
 
-		return Element($config['file_post_reply'], array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index, 'mod' => $this->mod));
+		$options = [
+			'config' => $config,
+			'board' => $board,
+			'post' => &$this,
+			'index' => $index,
+			'mod' => $this->mod
+		];
+		if ($this->mod) {
+			$options['pm'] = create_pm_header();
+		}
+
+		return Element($config['file_post_reply'], $options);
 	}
 };
 
@@ -399,7 +427,7 @@ class Thread {
 		}
 
 		if (isset($this->files))
-			$this->files = @json_decode($this->files);
+			$this->files = is_string($this->files) ? json_decode($this->files) : $this->files;
 
 		$this->subject = utf8tohtml($this->subject);
 		$this->name = utf8tohtml($this->name);
@@ -448,10 +476,22 @@ class Thread {
 
 		event('show-thread', $this);
 
+		$options = [
+			'config' => $config,
+			'board' => $board,
+			'post' => &$this,
+			'index' => $index,
+			'hasnoko50' => $hasnoko50,
+			'isnoko50' => $isnoko50,
+			'mod' => $this->mod
+		];
+		if ($this->mod) {
+			$options['pm'] = create_pm_header();
+		}
+
 		$file = ($index && $config['file_board']) ? $config['file_post_thread_fileboard'] : $config['file_post_thread'];
-		$built = Element($file, array('config' => $config, 'board' => $board, 'post' => &$this, 'index' => $index, 'hasnoko50' => $hasnoko50, 'isnoko50' => $isnoko50, 'mod' => $this->mod));
+		$built = Element($file, $options);
 
 		return $built;
 	}
 };
-

inc/filters.php

@@ -11,24 +11,27 @@ class Filter {
 	private $condition;
 	private $post;
 
+
 	public function __construct(array $arr) {
-		foreach ($arr as $key => $value)
+		foreach ($arr as $key => $value) {
 			$this->$key = $value;
 		}
+	}
 
 	public function match($condition, $match) {
 		$condition = strtolower($condition);
-
 		$post = &$this->post;
 
 		switch($condition) {
 			case 'custom':
-				if (!is_callable($match))
+				if (!is_callable($match)) {
 					error('Custom condition for filter is not callable!');
+				}
 				return $match($post);
 			case 'flood-match':
-				if (!is_array($match))
+				if (!is_array($match)) {
 					error('Filter condition "flood-match" must be an array.');
+				}
 
 				// Filter out "flood" table entries which do not match this filter.
 
@@ -38,26 +41,32 @@ class Filter {
 					foreach ($match as $flood_match_arg) {
 						switch ($flood_match_arg) {
 							case 'ip':
-								if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR'])
+								if ($flood_post['ip'] != $_SERVER['REMOTE_ADDR']) {
 									continue 3;
+								}
 								break;
 							case 'body':
-								if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup']))
+								if ($flood_post['posthash'] != make_comment_hex($post['body_nomarkup'])) {
 									continue 3;
+								}
 								break;
 							case 'file':
-								if (!isset($post['filehash']))
+								if (!isset($post['filehash'])) {
 									return false;
-								if ($flood_post['filehash'] != $post['filehash'])
+								}
+								if ($flood_post['filehash'] != $post['filehash']) {
 									continue 3;
+								}
 								break;
 							case 'board':
-								if ($flood_post['board'] != $post['board'])
+								if ($flood_post['board'] != $post['board']) {
 									continue 3;
+								}
 								break;
 							case 'isreply':
-								if ($flood_post['isreply'] == $post['op'])
+								if ($flood_post['isreply'] == $post['op']) {
 									continue 3;
+								}
 								break;
 							default:
 								error('Invalid filter flood condition: ' . $flood_match_arg);
@@ -67,7 +76,6 @@ class Filter {
 				}
 
 				$this->flood_check = $flood_check_matched;
-				
 				return !empty($this->flood_check);
 			case 'flood-time':
 				foreach ($this->flood_check as $flood_post) {
@@ -97,8 +105,9 @@ class Filter {
 			case 'filehash':
 				return $match === $post['filehash'];
 			case 'filename':
-				if (!$post['files'])
+				if (!$post['files']) {
 					return false;
+				}
 
 				foreach ($post['files'] as $file) {
 					if (preg_match($match, $file['filename'])) {
@@ -107,8 +116,9 @@ class Filter {
 				}
 				return false;
 			case 'extension':
-				if (!$post['files'])
+				if (!$post['files']) {
 					return false;
+				}
 
 				foreach ($post['files'] as $file) {
 					if (preg_match($match, $file['extension'])) {
@@ -126,6 +136,14 @@ class Filter {
 				return $post['board'] == $match;
 			case 'password':
 				return $post['password'] == $match;
+			case 'unshorten':
+				$extracted_urls = get_urls($post['body_nomarkup']);
+				foreach ($extracted_urls as $url) {
+					if (preg_match($match, trace_url($url))) {
+						return true;
+					}
+				}
+				return false;
 			default:
 				error('Unknown filter condition: ' . $condition);
 		}
@@ -143,12 +161,14 @@ class Filter {
 			$query->bindValue(':body', "Autoban message: ".$this->post['body']);
 			$query->execute() or error(db_error($query));
 		}
-		if (isset ($this->action)) switch($this->action) {
+		if (isset($this->action)) {
+			switch($this->action) {
 				case 'reject':
 					error(isset($this->message) ? $this->message : 'Posting throttled by filter.');
 				case 'ban':
-				if (!isset($this->reason))
+					if (!isset($this->reason)) {
 						error('The ban action requires a reason.');
+					}
 
 					$this->expires = isset($this->expires) ? $this->expires : false;
 					$this->reject = isset($this->reject) ? $this->reject : true;
@@ -157,8 +177,9 @@ class Filter {
 					Bans::new_ban($_SERVER['REMOTE_ADDR'], $this->reason, $this->expires, $this->all_boards ? false : $board['uri'], -1);
 
 					if ($this->reject) {
-					if (isset($this->message))
+						if (isset($this->message)) {
 							error($message);
+						}
 
 						checkBan($board['uri']);
 						exit;
@@ -169,6 +190,7 @@ class Filter {
 					error('Unknown filter action: ' . $this->action);
 			}
 		}
+	}
 
 	public function check(array $post) {
 		$this->post = $post;
@@ -176,11 +198,14 @@ class Filter {
 			if ($condition[0] == '!') {
 				$NOT = true;
 				$condition = substr($condition, 1);
-			} else $NOT = false;
+			} else {
+				$NOT = false;
+			}
 
-			if ($this->match($condition, $value) == $NOT)
+			if ($this->match($condition, $value) == $NOT) {
 				return false;
 			}
+		}
 		return true;
 	}
 }
@@ -192,15 +217,16 @@ function purge_flood_table() {
 	// aware of flood filters in other board configurations. You can solve this problem by settings the
 	// config variable $config['flood_cache'] (seconds).
 
-	if (isset($config['flood_cache'])) {
+	if ($config['flood_cache'] != -1) {
 		$max_time = &$config['flood_cache'];
 	} else {
 		$max_time = 0;
 		foreach ($config['filters'] as $filter) {
-			if (isset($filter['condition']['flood-time']))
+			if (isset($filter['condition']['flood-time'])) {
 				$max_time = max($max_time, $filter['condition']['flood-time']);
 			}
 		}
+	}
 
 	$time = time() - $max_time;
 
@@ -210,8 +236,9 @@ function purge_flood_table() {
 function do_filters(array $post) {
 	global $config;
 
-	if (!isset($config['filters']) || empty($config['filters']))
+	if (!isset($config['filters']) || empty($config['filters'])) {
 		return;
+	}
 
 	foreach ($config['filters'] as $filter) {
 		if (isset($filter['condition']['flood-match'])) {
@@ -240,10 +267,10 @@ function do_filters(array $post) {
 	foreach ($config['filters'] as $filter_array) {
 		$filter = new Filter($filter_array);
 		$filter->flood_check = $flood_check;
-		if ($filter->check($post))
+		if ($filter->check($post)) {
 			$filter->action();
 		}
+	}
 
 	purge_flood_table();
 }
-

inc/functions.php

@@ -21,9 +21,7 @@ loadConfig();
 
 function init_locale($locale, $error='error') {
 	if (extension_loaded('gettext')) {
-		if (setlocale(LC_ALL, $locale) === false) {
-			//$error('The specified locale (' . $locale . ') does not exist on your platform!');
-		}
+		setlocale(LC_ALL, $locale);
 		bindtextdomain('tinyboard', './inc/locale');
 		bind_textdomain_codeset('tinyboard', 'UTF-8');
 		textdomain('tinyboard');
@@ -56,7 +54,8 @@ function loadConfig() {
 
 	if (isset($config['cache_config']) &&
 		$config['cache_config'] &&
-            $config = Cache::get('config_' . $boardsuffix ) ) {
+		$config = Cache::get('config_' . $boardsuffix))
+	{
 		$events = Cache::get('events_' . $boardsuffix );
 
 		define_groups();
@@ -69,8 +68,7 @@ function loadConfig() {
 					$current_locale = $config['locale'];
 					init_locale($config['locale'], $error);
 			}
-	}
-	else {
+	} else {
 		$config = array();
 
 		reset_events();
@@ -207,6 +205,8 @@ function loadConfig() {
 			$config['image_bumplocked'] = $config['dir']['static'] . 'sage.gif';
 		if (!isset($config['image_deleted']))
 			$config['image_deleted'] = $config['dir']['static'] . 'deleted.png';
+		if (!isset($config['image_cyclical']))
+			$config['image_cyclical'] = $config['dir']['static'] . 'cycle.png';
 
 		if (isset($board)) {
 			if (!isset($config['uri_thumb']))
@@ -240,13 +240,14 @@ function loadConfig() {
 			$__version = file_exists('.installed') ? trim(file_get_contents('.installed')) : false;
 		$config['version'] = $__version;
 
-		if ($config['allow_roll'])
-			event_handler('post', 'diceRoller');
+		if ($config['allow_roll']) {
+			event_handler('post', 'email_dice_roll');
+		}
 
-		if (in_array('webm', $config['allowed_ext_files']) ||
-        	    in_array('mp4',  $config['allowed_ext_files']))
+		if (in_array('webm', $config['allowed_ext_files']) || in_array('mp4',  $config['allowed_ext_files'])) {
 			event_handler('post', 'postHandler');
 		}
+	}
 	// Effectful config processing below:
 
 	date_default_timezone_set($config['timezone']);
@@ -278,8 +279,7 @@ function loadConfig() {
 	if ($config['cache']['enabled'])
 		require_once 'inc/cache.php';
 
-	if (in_array('webm', $config['allowed_ext_files']) ||
-            in_array('mp4',  $config['allowed_ext_files']))
+	if (in_array('webm', $config['allowed_ext_files']) || in_array('mp4',  $config['allowed_ext_files']))
 		require_once 'inc/lib/webm/posthandler.php';
 
 	event('load-config');
@@ -391,114 +391,6 @@ function define_groups() {
 	ksort($config['mod']['groups']);
 }
 
-function create_antibot($board, $thread = null) {
-	require_once dirname(__FILE__) . '/anti-bot.php';
-
-	return _create_antibot($board, $thread);
-}
-
-function rebuildThemes($action, $boardname = false) {
-	global $config, $board, $current_locale;
-
-	// Save the global variables
-	$_config = $config;
-	$_board = $board;
-
-	// List themes
-	if ($themes = Cache::get("themes")) {
-		// OK, we already have themes loaded
-	}
-	else {
-		$query = query("SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
-
-		$themes = array();
-
-		while ($theme = $query->fetch(PDO::FETCH_ASSOC)) {
-			$themes[] = $theme;
-		}
-
-		Cache::set("themes", $themes);
-	}
-
-	foreach ($themes as $theme) {
-		// Restore them
-		$config = $_config;
-		$board = $_board;
-
-		// Reload the locale	
-	        if ($config['locale'] != $current_locale) {
-	                $current_locale = $config['locale'];
-	                init_locale($config['locale']);
-	        }
-
-		if (PHP_SAPI === 'cli') {
-			echo "Rebuilding theme ".$theme['theme']."... ";
-		}
-
-		rebuildTheme($theme['theme'], $action, $boardname);
-
-		if (PHP_SAPI === 'cli') {
-			echo "done\n";
-		}
-	}
-
-	// Restore them again
-	$config = $_config;
-	$board = $_board;
-
-	// Reload the locale	
-	if ($config['locale'] != $current_locale) {
-	        $current_locale = $config['locale'];
-	        init_locale($config['locale']);
-	}
-}
-
-
-function loadThemeConfig($_theme) {
-	global $config;
-
-	if (!file_exists($config['dir']['themes'] . '/' . $_theme . '/info.php'))
-		return false;
-
-	// Load theme information into $theme
-	include $config['dir']['themes'] . '/' . $_theme . '/info.php';
-
-	return $theme;
-}
-
-function rebuildTheme($theme, $action, $board = false) {
-	global $config, $_theme;
-	$_theme = $theme;
-
-	$theme = loadThemeConfig($_theme);
-
-	if (file_exists($config['dir']['themes'] . '/' . $_theme . '/theme.php')) {
-		require_once $config['dir']['themes'] . '/' . $_theme . '/theme.php';
-
-		$theme['build_function']($action, themeSettings($_theme), $board);
-	}
-}
-
-
-function themeSettings($theme) {
-	if ($settings = Cache::get("theme_settings_".$theme)) {
-		return $settings;
-	}
-
-	$query = prepare("SELECT `name`, `value` FROM ``theme_settings`` WHERE `theme` = :theme AND `name` IS NOT NULL");
-	$query->bindValue(':theme', $theme);
-	$query->execute() or error(db_error($query));
-
-	$settings = array();
-	while ($s = $query->fetch(PDO::FETCH_ASSOC)) {
-		$settings[$s['name']] = $s['value'];
-	}
-
-	Cache::set("theme_settings_".$theme, $settings);
-
-	return $settings;
-}
-
 function sprintf3($str, $vars, $delim = '%') {
 	$replaces = array();
 	foreach ($vars as $k => $v) {
@@ -515,12 +407,11 @@ function mb_substr_replace($string, $replacement, $start, $length) {
 function setupBoard($array) {
 	global $board, $config;
 
-	$board = array(
+	$board = [
 		'uri' => $array['uri'],
 		'title' => $array['title'],
 		'subtitle' => $array['subtitle'],
-		#'indexed' => $array['indexed'],
-	);
+	];
 
 	// older versions
 	$board['name'] = &$board['title'];
@@ -634,14 +525,8 @@ function file_write($path, $data, $simple = false, $skip_purge = false) {
 	global $config, $debug;
 
 	if (preg_match('/^remote:\/\/(.+)\:(.+)$/', $path, $m)) {
-		if (isset($config['remote'][$m[1]])) {
-			require_once 'inc/remote.php';
-
-			$remote = new Remote($config['remote'][$m[1]]);
-			$remote->write($data, $m[2]);
-			return;
-		} else {
-			error('Invalid remote server: ' . $m[1]);
+		if (isset($config['remote'])) {
+			error('Remote server support has been removed');
 		}
 	}
 
@@ -722,13 +607,19 @@ function file_unlink($path) {
 		$debug['unlink'][] = $path;
 	}
 
+	if (file_exists($path)) {
 		$ret = @unlink($path);
+	} else {
+		$ret = true;
+	}
 
 	if ($config['gzip_static']) {
 		$gzpath = "$path.gz";
 
+		if (file_exists($gzpath)) {
 			@unlink($gzpath);
 		}
+	}
 
 	if (isset($config['purge']) && $path[0] != '/' && isset($_SERVER['HTTP_HOST'])) {
 		// Purge cache
@@ -801,42 +692,6 @@ function listBoards($just_uri = false) {
 	return $boards;
 }
 
-function until($timestamp) {
-	$difference = $timestamp - time();
-	switch(TRUE){
-	case ($difference < 60):
-		return $difference . ' ' . ngettext('second', 'seconds', $difference);
-	case ($difference < 3600): //60*60 = 3600
-		return ($num = round($difference/(60))) . ' ' . ngettext('minute', 'minutes', $num);
-	case ($difference < 86400): //60*60*24 = 86400
-		return ($num = round($difference/(3600))) . ' ' . ngettext('hour', 'hours', $num);
-	case ($difference < 604800): //60*60*24*7 = 604800
-		return ($num = round($difference/(86400))) . ' ' . ngettext('day', 'days', $num);
-	case ($difference < 31536000): //60*60*24*365 = 31536000
-		return ($num = round($difference/(604800))) . ' ' . ngettext('week', 'weeks', $num);
-	default:
-		return ($num = round($difference/(31536000))) . ' ' . ngettext('year', 'years', $num);
-	}
-}
-
-function ago($timestamp) {
-	$difference = time() - $timestamp;
-	switch(TRUE){
-	case ($difference < 60) :
-		return $difference . ' ' . ngettext('second', 'seconds', $difference);
-	case ($difference < 3600): //60*60 = 3600
-		return ($num = round($difference/(60))) . ' ' . ngettext('minute', 'minutes', $num);
-	case ($difference <  86400): //60*60*24 = 86400
-		return ($num = round($difference/(3600))) . ' ' . ngettext('hour', 'hours', $num);
-	case ($difference < 604800): //60*60*24*7 = 604800
-		return ($num = round($difference/(86400))) . ' ' . ngettext('day', 'days', $num);
-	case ($difference < 31536000): //60*60*24*365 = 31536000
-		return ($num = round($difference/(604800))) . ' ' . ngettext('week', 'weeks', $num);
-	default:
-		return ($num = round($difference/(31536000))) . ' ' . ngettext('year', 'years', $num);
-	}
-}
-
 function displayBan($ban) {
 	global $config, $board;
 
@@ -913,11 +768,13 @@ function checkBan($board = false) {
 	}
 
 	foreach ($ips as $ip) {
-		$bans = Bans::find($ip, $board, $config['show_modname']);
+		$bans = Bans::find($ip, $board, $config['show_modname'], null, $config['auto_maintenance']);
 
 		foreach ($bans as &$ban) {
 			if ($ban['expires'] && $ban['expires'] < time()) {
+				if ($config['auto_maintenance']) {
 					Bans::delete($ban['id']);
+				}
 				if ($config['require_ban_view'] && !$ban['seen']) {
 					if (!isset($_POST['json_response'])) {
 						displayBan($ban);
@@ -937,18 +794,21 @@ function checkBan($board = false) {
 		}
 	}
 
+	if ($config['auto_maintenance']) {
 		// I'm not sure where else to put this. It doesn't really matter where; it just needs to be called every
 		// now and then to keep the ban list tidy.
-	if ($config['cache']['enabled'] && $last_time_purged = cache::get('purged_bans_last')) {
-		if (time() - $last_time_purged < $config['purge_bans'] )
-			return;
-	}
-	
-	Bans::purge();
-	
-	if ($config['cache']['enabled'])
+		if ($config['cache']['enabled']) {
+			$last_time_purged = cache::get('purged_bans_last');
+			if ($last_time_purged !== false && time() - $last_time_purged > $config['purge_bans']) {
+				Bans::purge($config['require_ban_view'], $config['purge_bans']);
 				cache::set('purged_bans_last', time());
 			}
+		} else {
+			// Purge every time.
+			Bans::purge($config['require_ban_view'], $config['purge_bans']);
+		}
+	}
+}
 
 function threadLocked($id) {
 	global $board;
@@ -1435,7 +1295,14 @@ function index($page, $mod=false, $brief = false) {
 	}
 
 	if ($config['file_board']) {
-		$body = Element($config['file_fileboard'], array('body' => $body, 'mod' => $mod));
+		$options = [
+			'body' => $body,
+			'mod' => $mod
+		];
+		if ($mod) {
+			$options['pm'] = create_pm_header();
+		}
+		$body = Element($config['file_fileboard'], $options);
 	}
 
 	return array(
@@ -1618,7 +1485,7 @@ function checkMute() {
 
 	if ($config['cache']['enabled']) {
 		// Cached mute?
-		if (($mute = cache::get("mute_${_SERVER['REMOTE_ADDR']}")) && ($mutetime = cache::get("mutetime_${_SERVER['REMOTE_ADDR']}"))) {
+		if (($mute = cache::get("mute_{$_SERVER['REMOTE_ADDR']}")) && ($mutetime = cache::get("mutetime_{$_SERVER['REMOTE_ADDR']}"))) {
 			error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time()));
 		}
 	}
@@ -1637,8 +1504,8 @@ function checkMute() {
 
 		if ($mute['time'] + $mutetime > time()) {
 			if ($config['cache']['enabled']) {
-				cache::set("mute_${_SERVER['REMOTE_ADDR']}", $mute, $mute['time'] + $mutetime - time());
-				cache::set("mutetime_${_SERVER['REMOTE_ADDR']}", $mutetime, $mute['time'] + $mutetime - time());
+				cache::set("mute_{$_SERVER['REMOTE_ADDR']}", $mute, $mute['time'] + $mutetime - time());
+				cache::set("mutetime_{$_SERVER['REMOTE_ADDR']}", $mutetime, $mute['time'] + $mutetime - time());
 			}
 			// Not expired yet
 			error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time()));
@@ -1649,34 +1516,10 @@ function checkMute() {
 	}
 }
 
-function _create_antibot($board, $thread) {
-	global $config, $purged_old_antispam;
-
-	$antibot = new AntiBot(array($board, $thread));
-
-	if (!isset($purged_old_antispam)) {
-		$purged_old_antispam = true;
-		query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
-	}
-
-	if ($thread)
-		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');
-	else
-		$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL');
-
-	$query->bindValue(':board', $board);
-	if ($thread)
-		$query->bindValue(':thread', $thread);
-	$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
-	$query->execute() or error(db_error($query));
-
-	$query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)');
-	$query->bindValue(':board', $board);
-	$query->bindValue(':thread', $thread);
-	$query->bindValue(':hash', $antibot->hash());
-	$query->execute() or error(db_error($query));
-
-	return $antibot;
+function purge_old_antispam() {
+	$query = prepare('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()');
+	$query->execute() or error(db_error());
+	return $query->rowCount();
 }
 
 function checkSpam(array $extra_salt = array()) {
@@ -1741,15 +1584,18 @@ function incrementSpamHash($hash) {
 }
 
 function buildIndex($global_api = "yes") {
-	global $board, $config, $build_pages;
+	global $board, $config, $build_pages, $mod;
 
 	$catalog_api_action = generation_strategy('sb_api', array($board['uri']));
 
 	$pages = null;
-	$antibot = null;
 
 	if ($config['api']['enabled']) {
-		$api = new Api();
+		$api = new Api(
+			$config['show_filename'],
+			$config['hide_email'],
+			$config['country_flags']
+		);
 		$catalog = array();
 	}
 
@@ -1768,6 +1614,21 @@ function buildIndex($global_api = "yes") {
 			if (!$content)
 				break;
 
+			// Tries to avoid rebuilding if the body is the same as the one in cache.
+			if ($config['cache']['enabled']) {
+				$contentHash = md5(json_encode($content['body']));
+				$contentHashKey = '_index_hashed_'. $board['uri'] . '_' . $page;
+				$cachedHash = cache::get($contentHashKey);
+				if ($cachedHash == $contentHash){
+					if ($config['api']['enabled']) {
+						// this is needed for the thread.json and catalog.json rebuilding below, which includes all pages.
+						$catalog[$page-1] = $content['threads'];
+					}
+					continue;
+				}
+				cache::set($contentHashKey, $contentHash, 3600);
+			}
+
 			// json api
 			if ($config['api']['enabled']) {
 				$threads = $content['threads'];
@@ -1779,21 +1640,15 @@ function buildIndex($global_api = "yes") {
 				if ($wont_build_this_page) continue;
 			}
 
-			if ($config['try_smarter']) {
-				$antibot = create_antibot($board['uri'], 0 - $page);
-				$content['current_page'] = $page;
-			}
-			elseif (!$antibot) {
-				$antibot = create_antibot($board['uri']);
-			}
-			$antibot->reset();
 			if (!$pages) {
 				$pages = getPages();
 			}
 			$content['pages'] = $pages;
 			$content['pages'][$page-1]['selected'] = true;
 			$content['btn'] = getPageButtons($content['pages']);
-			$content['antibot'] = $antibot;
+			if ($mod) {
+				$content['pm'] = create_pm_header();
+			}
 
 			file_write($filename, Element($config['file_board_index'], $content));
 		}
@@ -2018,7 +1873,7 @@ function extract_modifiers($body) {
 }
 
 function remove_modifiers($body) {
-	return preg_replace('@<tinyboard ([\w\s]+)>(.+?)</tinyboard>@usm', '', $body);
+	return $body ? preg_replace('@<tinyboard ([\w\s]+)>(.+?)</tinyboard>@usm', '', $body) : null;
 }
 
 function markup(&$body, $track_cites = false, $op = false) {
@@ -2086,7 +1941,7 @@ function markup(&$body, $track_cites = false, $op = false) {
 	$tracked_cites = array();
 
 	// Cites
-	if (isset($board) && preg_match_all('/(^|\s)&gt;&gt;(\d+?)((?=[\s,.)?!])|$)/m', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
+	if (isset($board) && preg_match_all('/(^|[\s(])&gt;&gt;(\d+?)((?=[\s,.)?!])|$)/m', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
 		if (count($cites[0]) > $config['max_cites']) {
 			error($config['error']['toomanycites']);
 		}
@@ -2133,7 +1988,7 @@ function markup(&$body, $track_cites = false, $op = false) {
 	}
 
 	// Cross-board linking
-	if (preg_match_all('/(^|\s)&gt;&gt;&gt;\/(' . $config['board_regex'] . 'f?)\/(\d+)?((?=[\s,.)?!])|$)/um', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
+	if (preg_match_all('/(^|[\s(])&gt;&gt;&gt;\/(' . $config['board_regex'] . 'f?)\/(\d+)?((?=[\s,.)?!])|$)/um', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
 		if (count($cites[0]) > $config['max_cites']) {
 			error($config['error']['toomanycross']);
 		}
@@ -2287,6 +2142,7 @@ function escape_markup_modifiers($string) {
 }
 
 function defined_flags_accumulate($desired_flags) {
+	global $config;
 	$output_flags = 0x0;
 	foreach ($desired_flags as $flagname) {
 		if (defined($flagname)) {
@@ -2303,8 +2159,8 @@ function defined_flags_accumulate($desired_flags) {
 }
 
 function utf8tohtml($utf8) {
-	$flags = defined_flags_accumulate(['ENT_QUOTES', 'ENT_SUBSTITUTE', 'ENT_DISALLOWED']);
-	return htmlspecialchars($utf8, $flags, 'UTF-8');
+	$flags = defined_flags_accumulate(['ENT_NOQUOTES', 'ENT_SUBSTITUTE', 'ENT_DISALLOWED']);
+	return $utf8 ? htmlspecialchars($utf8, $flags, 'UTF-8') : '';
 }
 
 function ordutf8($string, &$offset) {
@@ -2330,19 +2186,11 @@ function ordutf8($string, &$offset) {
 	return $code;
 }
 
+// Limit Non_Spacing_Mark and Enclosing_Mark characters
 function strip_combining_chars($str) {
-	$chars = preg_split('//u', $str, -1, PREG_SPLIT_NO_EMPTY);
-	$str = '';
-	foreach ($chars as $char) {
-		$o = 0;
-		$ord = ordutf8($char, $o);
-
-		if ( ($ord >= 768 && $ord <= 879) || ($ord >= 1536 && $ord <= 1791) || ($ord >= 3655 && $ord <= 3659) || ($ord >= 7616 && $ord <= 7679) || ($ord >= 8400 && $ord <= 8447) || ($ord >= 65056 && $ord <= 65071))
-			continue;
-
-		$str .= $char;
-	}
-	return $str;
+	global $config;
+	$limit = strval($config['max_combining_chars']+1);
+	return preg_replace('/(\p{Me}|\p{Mn}){'.$limit.',}/u','', $str);
 }
 
 function buildThread($id, $return = false, $mod = false) {
@@ -2381,9 +2229,8 @@ function buildThread($id, $return = false, $mod = false) {
 			error($config['error']['nonexistant']);
 
 		$hasnoko50 = $thread->postCount() >= $config['noko50_min'];
-		$antibot = $mod || $return ? false : create_antibot($board['uri'], $id);
 
-		$body = Element($config['file_thread'], array(
+		$options = [
 			'board' => $board,
 			'thread' => $thread,
 			'body' => $thread->build(),
@@ -2392,14 +2239,22 @@ function buildThread($id, $return = false, $mod = false) {
 			'mod' => $mod,
 			'hasnoko50' => $hasnoko50,
 			'isnoko50' => false,
-			'antibot' => $antibot,
 			'boardlist' => createBoardlist($mod),
 			'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['dir'] . $config['file_index'])
-		));
+		];
+		if ($mod) {
+			$options['pm'] = create_pm_header();
+		}
+
+		$body = Element($config['file_thread'], $options);
 
 		// json api
 		if ($config['api']['enabled'] && !$mod) {
-			$api = new Api();
+			$api = new Api(
+				$config['show_filename'],
+				$config['hide_email'],
+				$config['country_flags']
+			);
 			$json = json_encode($api->translateThread($thread));
 			$jsonFilename = $board['dir'] . $config['dir']['res'] . $id . '.json';
 			file_write($jsonFilename, $json);
@@ -2420,20 +2275,17 @@ function buildThread($id, $return = false, $mod = false) {
 	} elseif ($action == 'rebuild') {
 		$noko50fn = $board['dir'] . $config['dir']['res'] . link_for($thread, true);
 		if ($hasnoko50 || file_exists($noko50fn)) {
-			buildThread50($id, $return, $mod, $thread, $antibot);
+			buildThread50($id, $return, $mod, $thread);
 		}
 
 		file_write($board['dir'] . $config['dir']['res'] . link_for($thread), $body);
 	}
 }
 
-function buildThread50($id, $return = false, $mod = false, $thread = null, $antibot = false) {
-	global $board, $config, $build_pages;
+function buildThread50($id, $return = false, $mod = false, $thread = null) {
+	global $board, $config;
 	$id = round($id);
 
-	if ($antibot)
-		$antibot->reset();
-		
 	if (!$thread) {
 		$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`id` DESC LIMIT :limit", $board['uri']));
 		$query->bindValue(':id', $id, PDO::PARAM_INT);
@@ -2486,7 +2338,7 @@ function buildThread50($id, $return = false, $mod = false, $thread = null, $anti
 
 	$hasnoko50 = $thread->postCount() >= $config['noko50_min'];
 
-	$body = Element($config['file_thread'], array(
+	$options = [
 		'board' => $board,
 		'thread' => $thread,
 		'body' => $thread->build(false, true),
@@ -2495,10 +2347,14 @@ function buildThread50($id, $return = false, $mod = false, $thread = null, $anti
 		'mod' => $mod,
 		'hasnoko50' => $hasnoko50,
 		'isnoko50' => true,
-		'antibot' => $mod ? false : ($antibot ? $antibot : create_antibot($board['uri'], $id)),
 		'boardlist' => createBoardlist($mod),
 		'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['dir'] . $config['file_index'])
-	));	
+	];
+	if ($mod) {
+		$options['pm'] = create_pm_header();
+	}
+
+	$body = Element($config['file_thread'], $options);
 
 	if ($return) {
 		return $body;
@@ -2569,35 +2425,6 @@ function generate_tripcode($name) {
 	return array($name, $trip);
 }
 
-// Highest common factor
-function hcf($a, $b){
-	$gcd = 1;
-	if ($a>$b) {
-		$a = $a+$b;
-		$b = $a-$b;
-		$a = $a-$b;
-	}
-	if ($b==(round($b/$a))*$a) 
-		$gcd=$a;
-	else {
-		for ($i=round($a/2);$i;$i--) {
-			if ($a == round($a/$i)*$i && $b == round($b/$i)*$i) {
-				$gcd = $i;
-				$i = false;
-			}
-		}
-	}
-	return $gcd;
-}
-
-function fraction($numerator, $denominator, $sep) {
-	$gcf = hcf($numerator, $denominator);
-	$numerator = $numerator / $gcf;
-	$denominator = $denominator / $gcf;
-
-	return "{$numerator}{$sep}{$denominator}";
-}
-
 function getPostByHash($hash) {
 	global $board;
 	$query = prepare(sprintf("SELECT `id`,`thread` FROM ``posts_%s`` WHERE `filehash` = :hash", $board['uri']));
@@ -2714,65 +2541,6 @@ function shell_exec_error($command, $suppress_stdout = false) {
 	return $return === 'TB_SUCCESS' ? false : $return;
 }
 
-/* Die rolling:
- * If "dice XdY+/-Z" is in the email field (where X or +/-Z may be
- * missing), X Y-sided dice are rolled and summed, with the modifier Z
- * added on.  The result is displayed at the top of the post.
- */
-function diceRoller($post) {
-	global $config;
-	if(strpos(strtolower($post->email), 'dice%20') === 0) {
-		$dicestr = str_split(substr($post->email, strlen('dice%20')));
-
-		// Get params
-		$diceX = '';
-		$diceY = '';
-		$diceZ = '';
-
-		$curd = 'diceX';
-		for($i = 0; $i < count($dicestr); $i ++) {
-			if(is_numeric($dicestr[$i])) {
-				$$curd .= $dicestr[$i];
-			} else if($dicestr[$i] == 'd') {
-				$curd = 'diceY';
-			} else if($dicestr[$i] == '-' || $dicestr[$i] == '+') {
-				$curd = 'diceZ';
-				$$curd = $dicestr[$i];
-			}
-		}
-
-		// Default values for X and Z
-		if($diceX == '') {
-			$diceX = '1';
-		}
-
-		if($diceZ == '') {
-			$diceZ = '+0';
-		}
-
-		// Intify them
-		$diceX = intval($diceX);
-		$diceY = intval($diceY);
-		$diceZ = intval($diceZ);
-
-		// Continue only if we have valid values
-		if($diceX > 0 && $diceY > 0) {
-			$dicerolls = array();
-			$dicesum = $diceZ;
-			for($i = 0; $i < $diceX; $i++) {
-				$roll = rand(1, $diceY);
-				$dicerolls[] = $roll;
-				$dicesum += $roll;
-			}
-
-			// Prepend the result to the post body
-			$modifier = ($diceZ != 0) ? ((($diceZ < 0) ? ' - ' : ' + ') . abs($diceZ)) : '';
-			$dicesum = ($diceX > 1) ? ' = ' . $dicesum : '';
-			$post->body = '<table class="diceroll"><tr><td><img src="'.$config['dir']['static'].'d10.svg" alt="Dice roll" width="24"></td><td>Rolled ' . implode(', ', $dicerolls) . $modifier . $dicesum . '</td></tr></table><br/>' . $post->body;
-		}
-	}
-}
-
 function slugify($post) {
 	global $config;
 
@@ -2863,24 +2631,6 @@ function prettify_textarea($s){
 	return str_replace("\t", '&#09;', str_replace("\n", '&#13;&#10;', htmlentities($s)));
 }
 
-/*class HTMLPurifier_URIFilter_NoExternalImages extends HTMLPurifier_URIFilter {
-	public $name = 'NoExternalImages';
-	public function filter(&$uri, $c, $context) {
-		global $config;
-		$ct = $context->get('CurrentToken');
-
-		if (!$ct || $ct->name !== 'img') return true;
-
-		if (!isset($uri->host) && !isset($uri->scheme)) return true;
-
-		if (!in_array($uri->scheme . '://' . $uri->host . '/', $config['allowed_offsite_urls'])) {
-			error('No off-site links in board announcement images.');
-		}
-
-		return true;
-	}
-}*/
-
 function purify_html($s) {
 	global $config;
 
@@ -2896,7 +2646,6 @@ function purify_html($s) {
 function markdown($s) {
 	$pd = new Parsedown();
 	$pd->setMarkupEscaped(true);
-	$pd->setimagesEnabled(false);
 
 	return $pd->text($s);
 }
@@ -2915,7 +2664,20 @@ function generation_strategy($fun, $array=array()) { global $config;
 			return 'rebuild';
 		case 'defer':
 			// Ok, it gets interesting here :)
-			get_queue('generate')->push(serialize(array('build', $fun, $array, $action)));
+			$queue = Queues::get_queue($config, 'generate');
+			if ($queue === false) {
+				if ($config['syslog']) {
+					_syslog(LOG_ERR, "Could not initialize generate queue, falling back to immediate rebuild strategy");
+				}
+				return 'rebuild';
+			}
+			$ret = $queue->push(serialize(array('build', $fun, $array, $action)));
+			if ($ret === false) {
+				if ($config['syslog']) {
+					_syslog(LOG_ERR, "Could not push item in the queue, falling back to immediate rebuild strategy");
+				}
+				return 'rebuild';
+			}
 			return 'ignore';
 		case 'build_on_load':
 			return 'delete';
@@ -3014,7 +2776,7 @@ function cloak_ip($ip) {
 	if (strlen($ipbytes) >= 16)
 		$ipbytes = substr($ipbytes, 0, 16);
 
-	$cyphertext = openssl_encrypt($ipbytes, 'rc4-40', $ipcrypt_key, OPENSSL_RAW_DATA);
+	$cyphertext = openssl_encrypt($ipbytes, 'aes-256-ctr', $ipcrypt_key, OPENSSL_RAW_DATA);
 
 	$ret = $config['ipcrypt_prefix'].':' . base32_encode($cyphertext);
 	if (isset($tld) && !empty($tld)) {
@@ -3037,7 +2799,7 @@ function uncloak_ip($ip) {
 	}
 
 	if (substr($ip, 0, strlen($config['ipcrypt_prefix']) + 1) === $config['ipcrypt_prefix'].':') {
-		$plaintext = openssl_decrypt(base32_decode($juice), 'rc4-40', $ipcrypt_key, OPENSSL_RAW_DATA);
+		$plaintext = openssl_decrypt(base32_decode($juice), 'aes-256-ctr', $ipcrypt_key, OPENSSL_RAW_DATA);
 
 		if ($plaintext === false || strlen($plaintext) == 0)
 			return '#ERROR';
@@ -3073,3 +2835,47 @@ function uncloak_mask($mask) {
 
 	return $mask;
 }
+
+function check_thread_limit($post) {
+	global $config, $board;
+	if (!isset($config['max_threads_per_hour']) || !$config['max_threads_per_hour']) return false;
+
+	if ($post['op']) {
+		$query = prepare(sprintf('SELECT COUNT(*) AS `count` FROM ``posts_%s`` WHERE `thread` IS NULL AND FROM_UNIXTIME(`time`) > DATE_SUB(NOW(), INTERVAL 1 HOUR);', $board['uri']));
+		$query->execute() or error(db_error($query));
+		$r = $query->fetch(PDO::FETCH_ASSOC);
+
+		return $r['count'] >= $config['max_threads_per_hour'];
+	}
+}
+
+function hashPassword($password) {
+	global $config;
+
+	return hash('sha3-256', $password . $config['secure_password_salt']);
+}
+
+// Thanks to https://gist.github.com/marijn/3901938
+function trace_url($url) {
+	$ch = curl_init($url);
+	curl_setopt_array($ch, array(
+		CURLOPT_FOLLOWLOCATION => TRUE,  // the magic sauce
+		CURLOPT_RETURNTRANSFER => TRUE,
+		CURLOPT_SSL_VERIFYHOST => FALSE, // suppress certain SSL errors
+		CURLOPT_SSL_VERIFYPEER => FALSE,
+		CURLOPT_TIMEOUT => 30,
+	));
+	curl_exec($ch);
+	$url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
+	curl_close($ch);
+	return $url;
+}
+
+// Thanks to https://stackoverflow.com/questions/10002227/linkify-regex-function-php-daring-fireball-method/10002262#10002262
+function get_urls($body) {
+	$regex = '(?xi)\b((?:https?://|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:\'".,<>?«»“”‘’]))';
+
+	$result = preg_match_all("#$regex#i", $body, $match);
+
+	return $match[0];
+}

inc/functions/dice.php

@@ -0,0 +1,114 @@
+<?php
+namespace Vichan\Functions\Dice;
+
+function _get_or_default_int(array $arr, int $index, int $default) {
+	return (isset($arr[$index]) && is_numeric($arr[$index])) ? (int)$arr[$index] : $default;
+}
+
+
+/* Die rolling:
+ * If "dice XdY+/-Z" is in the email field (where X or +/-Z may be
+ * missing), X Y-sided dice are rolled and summed, with the modifier Z
+ * added on.  The result is displayed at the top of the post.
+ */
+function email_dice_roll($post) {
+	global $config;
+	if(strpos(strtolower($post->email), 'dice%20') === 0) {
+		$dicestr = str_split(substr($post->email, strlen('dice%20')));
+
+		// Get params
+		$diceX = '';
+		$diceY = '';
+		$diceZ = '';
+
+		$curd = 'diceX';
+		for($i = 0; $i < count($dicestr); $i ++) {
+			if(is_numeric($dicestr[$i])) {
+				$$curd .= $dicestr[$i];
+			} else if($dicestr[$i] == 'd') {
+				$curd = 'diceY';
+			} else if($dicestr[$i] == '-' || $dicestr[$i] == '+') {
+				$curd = 'diceZ';
+				$$curd = $dicestr[$i];
+			}
+		}
+
+		// Default values for X and Z
+		if($diceX == '') {
+			$diceX = '1';
+		}
+
+		if($diceZ == '') {
+			$diceZ = '+0';
+		}
+
+		// Intify them
+		$diceX = intval($diceX);
+		$diceY = intval($diceY);
+		$diceZ = intval($diceZ);
+
+		// Continue only if we have valid values
+		if($diceX > 0 && $diceY > 0) {
+			$dicerolls = array();
+			$dicesum = $diceZ;
+			for($i = 0; $i < $diceX; $i++) {
+				$roll = rand(1, $diceY);
+				$dicerolls[] = $roll;
+				$dicesum += $roll;
+			}
+
+			// Prepend the result to the post body
+			$modifier = ($diceZ != 0) ? ((($diceZ < 0) ? ' - ' : ' + ') . abs($diceZ)) : '';
+			$dicesum = ($diceX > 1) ? ' = ' . $dicesum : '';
+			$post->body = '<table class="diceroll"><tr><td><img src="'.$config['dir']['static'].'d10.svg" alt="Dice roll" width="24"></td><td>Rolled ' . implode(', ', $dicerolls) . $modifier . $dicesum . '</td></tr></table><br/>' . $post->body;
+		}
+	}
+}
+
+/**
+ * Rolls a dice and generates the appropriate html from the markup.
+ * @param array $matches The array of the matches according to the default configuration.
+ *                       1 -> The number of dices to roll.
+ *                       3 -> The number faces of the dices.
+ *                       4 -> The offset to apply to the dice.
+ * @param string $img_path Path to the image to use relative to the root. Null if none.
+ * @return string The html to replace the original markup with.
+ */
+function inline_dice_roll_markup(array $matches, ?string $img_path): string {
+	global $config;
+
+	$dice_count = _get_or_default_int($matches, 1, 1);
+	$dice_faces = _get_or_default_int($matches, 3, 6);
+	$dice_offset = _get_or_default_int($matches, 4, 0);
+
+	// Clamp between 1 and max_roll_count.
+	$dice_count = max(min($dice_count, $config['max_roll_count']), 1);
+	// Must be at least 2.
+	if ($dice_faces < 2) {
+		$dice_faces = 6;
+	}
+
+	$tot = 0;
+	for ($i = 0; $i < $dice_count; $i++) {
+		$tot += mt_rand(1, $dice_faces);
+	}
+	// Ensure that final result is at least an integer.
+	$tot = abs((int)($dice_offset + $tot));
+
+
+	if ($img_path !== null) {
+		$img_text = "<img src='{$config['root']}{$img_path}' alt='dice' title='dice' class=\"inline-dice\"/>";
+	} else {
+		$img_text = '';
+	}
+
+	if ($dice_offset === 0) {
+		$dice_offset_text = '';
+	} elseif ($dice_offset > 0) {
+		$dice_offset_text = "+{$dice_offset}";
+	} else {
+		$dice_offset_text = (string)$dice_offset;
+	}
+
+	return "<span>$img_text {$dice_count}d{$dice_faces}{$dice_offset_text} = <b>$tot</b></span>";
+}

inc/functions/format.php

@@ -0,0 +1,28 @@
+<?php
+namespace Vichan\Functions\Format;
+
+
+function format_timestamp(int $delta): string {
+	switch (true) {
+		case $delta < 60:
+			return $delta . ' ' . ngettext('second', 'seconds', $delta);
+		case $delta < 3600: //60*60 = 3600
+			return ($num = round($delta/ 60)) . ' ' . ngettext('minute', 'minutes', $num);
+		case $delta < 86400: //60*60*24 = 86400
+			return ($num = round($delta / 3600)) . ' ' . ngettext('hour', 'hours', $num);
+		case $delta < 604800: //60*60*24*7 = 604800
+			return ($num = round($delta / 86400)) . ' ' . ngettext('day', 'days', $num);
+		case $delta < 31536000: //60*60*24*365 = 31536000
+			return ($num = round($delta / 604800)) . ' ' . ngettext('week', 'weeks', $num);
+		default:
+			return ($num = round($delta / 31536000)) . ' ' . ngettext('year', 'years', $num);
+	}
+}
+
+function until(int $timestamp): string {
+	return format_timestamp($timestamp - time());
+}
+
+function ago(int $timestamp): string {
+	return format_timestamp(time() - $timestamp);
+}

inc/functions/net.php

@@ -0,0 +1,16 @@
+<?php
+namespace Vichan\Functions\Net;
+
+
+/**
+ * @param bool $trust_headers. If true, trust the `HTTP_X_FORWARDED_PROTO` header to check if the connection is HTTPS.
+ * @return bool Returns if the client-server connection is an encrypted one (HTTPS).
+ */
+function is_connection_secure(bool $trust_headers): bool {
+	if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
+		return true;
+	} elseif ($trust_headers && isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
+		return true;
+	}
+	return false;
+}

inc/functions/num.php

@@ -0,0 +1,33 @@
+<?php
+namespace Vichan\Functions\Num;
+
+// Highest common factor
+function hcf($a, $b){
+	$gcd = 1;
+
+	if ($a > $b) {
+		$a = $a+$b;
+		$b = $a-$b;
+		$a = $a-$b;
+	}
+	if ($b == (round($b / $a)) * $a) {
+		$gcd = $a;
+	} else {
+		for ($i = round($a / 2); $i; $i--) {
+			if ($a == round($a / $i) * $i && $b == round($b / $i) * $i) {
+				$gcd = $i;
+				$i = false;
+			}
+		}
+	}
+
+	return $gcd;
+}
+
+function fraction($numerator, $denominator, $sep) {
+	$gcf = hcf($numerator, $denominator);
+	$numerator = $numerator / $gcf;
+	$denominator = $denominator / $gcf;
+
+	return "{$numerator}{$sep}{$denominator}";
+}

inc/functions/theme.php

@@ -0,0 +1,98 @@
+<?php
+namespace Vichan\Functions\Theme;
+
+
+function rebuild_themes(string $action, $boardname = false): void {
+	global $config, $board, $current_locale;
+
+	// Save the global variables
+	$_config = $config;
+	$_board = $board;
+
+	// List themes
+	if ($themes = \Cache::get("themes")) {
+		// OK, we already have themes loaded
+	} else {
+		$query = query("SELECT `theme` FROM ``theme_settings`` WHERE `name` IS NULL AND `value` IS NULL") or error(db_error());
+		$themes = $query->fetchAll(\PDO::FETCH_NUM);
+
+		\Cache::set("themes", $themes);
+	}
+
+	foreach ($themes as $theme) {
+		// Restore them
+		$config = $_config;
+		$board = $_board;
+
+		// Reload the locale
+		if ($config['locale'] != $current_locale) {
+			$current_locale = $config['locale'];
+			init_locale($config['locale']);
+		}
+
+		if (PHP_SAPI === 'cli') {
+			echo "Rebuilding theme ".$theme[0]."... ";
+		}
+
+		rebuild_theme($theme[0], $action, $boardname);
+
+		if (PHP_SAPI === 'cli') {
+			echo "done\n";
+		}
+	}
+
+	// Restore them again
+	$config = $_config;
+	$board = $_board;
+
+	// Reload the locale
+	if ($config['locale'] != $current_locale) {
+		$current_locale = $config['locale'];
+		init_locale($config['locale']);
+	}
+}
+
+function load_theme_config($_theme) {
+	global $config;
+
+	if (!file_exists($config['dir']['themes'] . '/' . $_theme . '/info.php')) {
+		return false;
+	}
+
+	// Load theme information into $theme
+	include $config['dir']['themes'] . '/' . $_theme . '/info.php';
+
+	return $theme;
+}
+
+function rebuild_theme($theme, string $action, $board = false) {
+	global $config, $_theme;
+	$_theme = $theme;
+
+	$theme = load_theme_config($_theme);
+
+	if (file_exists($config['dir']['themes'] . '/' . $_theme . '/theme.php')) {
+		require_once $config['dir']['themes'] . '/' . $_theme . '/theme.php';
+
+		$theme['build_function']($action, theme_settings($_theme), $board);
+	}
+}
+
+function theme_settings($theme): array {
+	if ($settings = \Cache::get("theme_settings_" . $theme)) {
+		return $settings;
+	}
+
+	$query = prepare("SELECT `name`, `value` FROM ``theme_settings`` WHERE `theme` = :theme AND `name` IS NOT NULL");
+	$query->bindValue(':theme', $theme);
+	$query->execute() or error(db_error($query));
+
+	$settings = [];
+	while ($s = $query->fetch(\PDO::FETCH_ASSOC)) {
+		$settings[$s['name']] = $s['value'];
+	}
+
+	\Cache::set("theme_settings_".$theme, $settings);
+
+	return $settings;
+}

inc/image.php

@@ -291,6 +291,7 @@ class ImageConvert extends ImageBase {
 		} else {
 			rename($this->temp, $src);
 			chmod($src, 0664);
+			$this->temp = false;
 		}
 	}
 	public function width() {
@@ -300,9 +301,11 @@ class ImageConvert extends ImageBase {
 		return $this->height;
 	}
 	public function destroy() {
+		if ($this->temp !== false) {
 			@unlink($this->temp);
 			$this->temp = false;
 		}
+	}
 	public function resize() {
 		global $config;
 
@@ -324,11 +327,6 @@ class ImageConvert extends ImageBase {
 					error(_('Failed to resize image!'), null, $error);
 				}
 			} else {
-				if ($config['convert_manual_orient'] && ($this->format == 'jpg' || $this->format == 'jpeg'))
-					$convert_args = str_replace('-auto-orient', ImageConvert::jpeg_exif_orientation($this->src), $config['convert_args']);
-				elseif ($config['convert_manual_orient'])
-					$convert_args = str_replace('-auto-orient', '', $config['convert_args']);
-				else
 				$convert_args = &$config['convert_args'];
 
 				if (($error = shell_exec_error(($this->gm ? 'gm ' : '') . 'convert ' .
@@ -348,12 +346,8 @@ class ImageConvert extends ImageBase {
 				}
 			}
 		} else {
-			if ($config['convert_manual_orient'] && ($this->format == 'jpg' || $this->format == 'jpeg'))
-				$convert_args = str_replace('-auto-orient', ImageConvert::jpeg_exif_orientation($this->src), $config['convert_args']);
-			elseif ($config['convert_manual_orient'])
-				$convert_args = str_replace('-auto-orient', '', $config['convert_args']);
-			else
 			$convert_args = &$config['convert_args'];
+
 			if (($error = shell_exec_error(($this->gm ? 'gm ' : '') . 'convert ' .
 				sprintf($convert_args,
 					$this->width,
@@ -380,69 +374,6 @@ class ImageConvert extends ImageBase {
 			}
 		}
 	}
-	
-	// For when -auto-orient doesn't exist (older versions)
-	static public function jpeg_exif_orientation($src, $exif = false) {
-		if (!$exif) {
-			$exif = @exif_read_data($src);
-			if (!isset($exif['Orientation']))
-				return false;
-		}
-		switch($exif['Orientation']) {
-			case 1:
-				// Normal
-				return false;
-			case 2:
-				// 888888
-				//     88
-				//   8888
-				//     88
-				//     88
-			
-				return '-flop';
-			case 3:
-			
-				//     88
-				//     88
-				//   8888
-				//     88
-				// 888888
-			
-				return '-flip -flop';
-			case 4:
-				// 88
-				// 88
-				// 8888
-				// 88
-				// 888888
-			
-				return '-flip';
-			case 5:
-				// 8888888888
-				// 88  88
-				// 88
-			
-				return '-rotate 90 -flop';
-			case 6:
-				// 88
-				// 88  88
-				// 8888888888
-			
-				return '-rotate 90';
-			case 7:
-				//         88
-				//     88  88
-				// 8888888888
-			
-				return '-rotate "-90" -flop';
-			case 8:
-				// 8888888888
-				//     88  88
-				//         88
-			
-				return '-rotate "-90"';
-		}
-	}
 }
 
 class ImagePNG extends ImageBase {
@@ -497,7 +428,11 @@ class ImageBMP extends ImageBase {
 	}
 }
 
-
-if (PHP_MAJOR_VERSION <= 7 && PHP_MINOR_VERSION < 2) {
-	include 'inc/image/bmp.php';
+class ImageWEBP extends ImageBase {
+	public function from() {
+		$this->image = @imagecreatefromwebp($this->src);
+	}
+	public function to($src) {
+		imagewebp($this->image, $src);
+	}
 }

inc/image/bmp.php

@@ -1,186 +0,0 @@
-<?php
-/*
- * These functions provide a polyfill for old versions of PHP.
- * PHP >= 7.2.0 provides these functions by default.
- *
- * These functions were submitted by user DHKold to the PHP manual in 2005.
- * http://php.net/manual/en/function.imagecreate.php#53879
- *
- * As per http://php.net/manual/en/about.notes.php ("About user notes", PHP
- * Manual), all PHP User Contributed Notes are "...considered part of the PHP
- * manual, and are therefore covered by the same license that covers this 
- * documentation."
- *
- * Therefore, as per http://php.net/manual/en/copyright.php ("Copyright", PHP
- * Manual), the code below is licensed under the terms of the Creative Commons
- * Attribution 3.0 license, AKA CC-BY 3.0. 
- * http://creativecommons.org/licenses/by/3.0/
- */
-
-/*********************************************/
-/* Function: imagecreatefrombmp              */
-/* Author:   DHKold                          */
-/* Contact:  admin@dhkold.com                */
-/* Date:     The 15th of June 2005           */
-/* Version:  2.0B                            */
-/*********************************************/
-function imagecreatefrombmp($filename) {
-   if (! $f1 = fopen($filename,"rb")) return FALSE;
-   $FILE = unpack("vfile_type/Vfile_size/Vreserved/Vbitmap_offset", fread($f1,14));
-   if ($FILE['file_type'] != 19778) return FALSE;
-   $BMP = unpack('Vheader_size/Vwidth/Vheight/vplanes/vbits_per_pixel'.
-				 '/Vcompression/Vsize_bitmap/Vhoriz_resolution'.
-				 '/Vvert_resolution/Vcolors_used/Vcolors_important', fread($f1,40));
-   $BMP['colors'] = pow(2,$BMP['bits_per_pixel']);
-   if ($BMP['size_bitmap'] == 0) $BMP['size_bitmap'] = $FILE['file_size'] - $FILE['bitmap_offset'];
-   $BMP['bytes_per_pixel'] = $BMP['bits_per_pixel']/8;
-   $BMP['bytes_per_pixel2'] = ceil($BMP['bytes_per_pixel']);
-   $BMP['decal'] = ($BMP['width']*$BMP['bytes_per_pixel']/4);
-   $BMP['decal'] -= floor($BMP['width']*$BMP['bytes_per_pixel']/4);
-   $BMP['decal'] = 4-(4*$BMP['decal']);
-   if ($BMP['decal'] == 4) $BMP['decal'] = 0;
-
-   $PALETTE = array();
-   if ($BMP['colors'] < 16777216)
-   {
-	$PALETTE = unpack('V'.$BMP['colors'], fread($f1,$BMP['colors']*4));
-   }
-
-   $IMG = fread($f1,$BMP['size_bitmap']);
-   $VIDE = chr(0);
-
-   $res = imagecreatetruecolor($BMP['width'],$BMP['height']);
-   $P = 0;
-   $Y = $BMP['height']-1;
-   while ($Y >= 0)
-   {
-	$X=0;
-	while ($X < $BMP['width'])
-	{
-	 if ($BMP['bits_per_pixel'] == 24)
-		$COLOR = unpack("V",substr($IMG,$P,3).$VIDE);
-	 elseif ($BMP['bits_per_pixel'] == 16)
-	 {  
-		$COLOR = unpack("n",substr($IMG,$P,2));
-		$COLOR[1] = $PALETTE[$COLOR[1]+1];
-	 }
-	 elseif ($BMP['bits_per_pixel'] == 8)
-	 {  
-		$COLOR = unpack("n",$VIDE.substr($IMG,$P,1));
-		$COLOR[1] = $PALETTE[$COLOR[1]+1];
-	 }
-	 elseif ($BMP['bits_per_pixel'] == 4)
-	 {
-		$COLOR = unpack("n",$VIDE.substr($IMG,floor($P),1));
-		if (($P*2)%2 == 0) $COLOR[1] = ($COLOR[1] >> 4) ; else $COLOR[1] = ($COLOR[1] & 0x0F);
-		$COLOR[1] = $PALETTE[$COLOR[1]+1];
-	 }
-	 elseif ($BMP['bits_per_pixel'] == 1)
-	 {
-		$COLOR = unpack("n",$VIDE.substr($IMG,floor($P),1));
-		if     (($P*8)%8 == 0) $COLOR[1] =  $COLOR[1]        >>7;
-		elseif (($P*8)%8 == 1) $COLOR[1] = ($COLOR[1] & 0x40)>>6;
-		elseif (($P*8)%8 == 2) $COLOR[1] = ($COLOR[1] & 0x20)>>5;
-		elseif (($P*8)%8 == 3) $COLOR[1] = ($COLOR[1] & 0x10)>>4;
-		elseif (($P*8)%8 == 4) $COLOR[1] = ($COLOR[1] & 0x8)>>3;
-		elseif (($P*8)%8 == 5) $COLOR[1] = ($COLOR[1] & 0x4)>>2;
-		elseif (($P*8)%8 == 6) $COLOR[1] = ($COLOR[1] & 0x2)>>1;
-		elseif (($P*8)%8 == 7) $COLOR[1] = ($COLOR[1] & 0x1);
-		$COLOR[1] = $PALETTE[$COLOR[1]+1];
-	 }
-	 else
-		return FALSE;
-	 imagesetpixel($res,$X,$Y,$COLOR[1]);
-	 $X++;
-	 $P += $BMP['bytes_per_pixel'];
-	}
-	$Y--;
-	$P+=$BMP['decal'];
-   }
-   fclose($f1);
-
- return $res;
-}
-
-function imagebmp(&$img, $filename='') {
-	$widthOrig = imagesx($img);
-	$widthFloor = ((floor($widthOrig/16))*16);
-	$widthCeil = ((ceil($widthOrig/16))*16);
-	$height = imagesy($img);
-
-	$size = ($widthCeil*$height*3)+54;
-
-	// Bitmap File Header
-	$result = 'BM';	 // header (2b)
-	$result .= int_to_dword($size); // size of file (4b)
-	$result .= int_to_dword(0); // reserved (4b)
-	$result .= int_to_dword(54); // byte location in the file which is first byte of IMAGE (4b)
-	// Bitmap Info Header
-	$result .= int_to_dword(40); // Size of BITMAPINFOHEADER (4b)
-	$result .= int_to_dword($widthCeil); // width of bitmap (4b)
-	$result .= int_to_dword($height); // height of bitmap (4b)
-	$result .= int_to_word(1);	// biPlanes = 1 (2b)
-	$result .= int_to_word(24); // biBitCount = {1 (mono) or 4 (16 clr ) or 8 (256 clr) or 24 (16 Mil)} (2b
-	$result .= int_to_dword(0); // RLE COMPRESSION (4b)
-	$result .= int_to_dword(0); // width x height (4b)
-	$result .= int_to_dword(0); // biXPelsPerMeter (4b)
-	$result .= int_to_dword(0); // biYPelsPerMeter (4b)
-	$result .= int_to_dword(0); // Number of palettes used (4b)
-	$result .= int_to_dword(0); // Number of important colour (4b)
-
-	// is faster than chr()
-	$arrChr = array();
-	for ($i=0; $i<256; $i++){
-	$arrChr[$i] = chr($i);
-	}
-
-	// creates image data
-	$bgfillcolor = array('red'=>0, 'green'=>0, 'blue'=>0);
-
-	// bottom to top - left to right - attention blue green red !!!
-	$y=$height-1;
-	for ($y2=0; $y2<$height; $y2++) {
-		for ($x=0; $x<$widthFloor;	) {
-			$rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y));
-			$result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']];
-			$rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y));
-			$result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']];
-			$rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y));
-			$result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']];
-			$rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y));
-			$result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']];
-			$rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y));
-			$result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']];
-			$rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y));
-			$result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']];
-			$rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y));
-			$result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']];
-			$rgb = imagecolorsforindex($img, imagecolorat($img, $x++, $y));
-			$result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']];
-		}
-		for ($x=$widthFloor; $x<$widthCeil; $x++) {
-			$rgb = ($x<$widthOrig) ? imagecolorsforindex($img, imagecolorat($img, $x, $y)) : $bgfillcolor;
-			$result .= $arrChr[$rgb['blue']].$arrChr[$rgb['green']].$arrChr[$rgb['red']];
-		}
-		$y--;
-	}
-
-	// see imagegif
-	if ($filename == '') {
-		echo $result;
-	} else {
-		$file = fopen($filename, 'wb');
-		fwrite($file, $result);
-		fclose($file);
-	}
-}
-
-// imagebmp helpers
-function int_to_dword($n) {
-	return chr($n & 255).chr(($n >> 8) & 255).chr(($n >> 16) & 255).chr(($n >> 24) & 255);
-}
-
-function int_to_word($n) {
-	return chr($n & 255).chr(($n >> 8) & 255);
-}
-?>

inc/lib/twig/extensions/Extension/I18n.php

@@ -1,45 +0,0 @@
-<?php
-
-/*
- * This file is part of Twig.
- *
- * (c) 2010 Fabien Potencier
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-class Twig_Extensions_Extension_I18n extends Twig_Extension
-{
-    /**
-     * Returns the token parser instances to add to the existing list.
-     *
-     * @return array An array of Twig_TokenParserInterface or Twig_TokenParserBrokerInterface instances
-     */
-    public function getTokenParsers()
-    {
-        return array(new Twig_Extensions_TokenParser_Trans());
-    }
-
-    /**
-     * Returns a list of filters to add to the existing list.
-     *
-     * @return array An array of filters
-     */
-    public function getFilters()
-    {
-        return array(
-           new Twig_SimpleFilter('trans', 'gettext'),
-        );
-    }
-
-    /**
-     * Returns the name of the extension.
-     *
-     * @return string The extension name
-     */
-    public function getName()
-    {
-        return 'i18n';
-    }
-}
-

inc/lib/twig/extensions/Extension/Tinyboard.php

@@ -1,137 +0,0 @@
-<?php
-
-class Twig_Extensions_Extension_Tinyboard extends Twig_Extension
-{
-	/**
-	* Returns a list of filters to add to the existing list.
-	*
-	* @return array An array of filters
-	*/
-	public function getFilters()
-	{
-		return array(
-			new Twig_SimpleFilter('filesize', 'format_bytes'),
-			new Twig_SimpleFilter('truncate', 'twig_truncate_filter'),
-			new Twig_SimpleFilter('truncate_body', 'truncate'),
-			new Twig_SimpleFilter('truncate_filename', 'twig_filename_truncate_filter'),
-			new Twig_SimpleFilter('extension', 'twig_extension_filter'),
-			new Twig_SimpleFilter('sprintf', 'sprintf'),
-			new Twig_SimpleFilter('capcode', 'capcode'),
-			new Twig_SimpleFilter('remove_modifiers', 'remove_modifiers'),
-			new Twig_SimpleFilter('hasPermission', 'twig_hasPermission_filter'),
-			new Twig_SimpleFilter('date', 'twig_date_filter'),
-			new Twig_SimpleFilter('poster_id', 'poster_id'),
-			new Twig_SimpleFilter('remove_whitespace', 'twig_remove_whitespace_filter'),
-			new Twig_SimpleFilter('count', 'count'),
-			new Twig_SimpleFilter('ago', 'ago'),
-			new Twig_SimpleFilter('until', 'until'),
-			new Twig_SimpleFilter('push', 'twig_push_filter'),
-			new Twig_SimpleFilter('bidi_cleanup', 'bidi_cleanup'),
-			new Twig_SimpleFilter('addslashes', 'addslashes'),
-			new Twig_SimpleFilter('cloak_ip', 'cloak_ip'),
-			new Twig_SimpleFilter('cloak_mask', 'cloak_mask'),
-		);
-	}
-	
-	/**
-	* Returns a list of functions to add to the existing list.
-	*
-	* @return array An array of filters
-	*/
-	public function getFunctions()
-	{
-		return array(
-			new Twig_SimpleFunction('time', 'time'),
-			new Twig_SimpleFunction('floor', 'floor'),
-			new Twig_SimpleFunction('timezone', 'twig_timezone_function'),
-			new Twig_SimpleFunction('hiddenInputs', 'hiddenInputs'),
-			new Twig_SimpleFunction('hiddenInputsHash', 'hiddenInputsHash'),
-			new Twig_SimpleFunction('ratio', 'twig_ratio_function'),
-			new Twig_SimpleFunction('secure_link_confirm', 'twig_secure_link_confirm'),
-			new Twig_SimpleFunction('secure_link', 'twig_secure_link'),
-			new Twig_SimpleFunction('link_for', 'link_for')
-		);
-	}
-	
-	/**
-	* Returns the name of the extension.
-	*
-	* @return string The extension name
-	*/
-	public function getName()
-	{
-		return 'tinyboard';
-	}
-}
-
-function twig_timezone_function() {
-	return 'Z';
-}
-
-function twig_push_filter($array, $value) {
-	array_push($array, $value);
-	return $array;
-}
-
-function twig_remove_whitespace_filter($data) {
-	return preg_replace('/[\t\r\n]/', '', $data);
-}
-
-function twig_date_filter($date, $format) {
-	return gmstrftime($format, $date);
-}
-
-function twig_hasPermission_filter($mod, $permission, $board = null) {
-	return hasPermission($permission, $board, $mod);
-}
-
-function twig_extension_filter($value, $case_insensitive = true) {
-	$ext = mb_substr($value, mb_strrpos($value, '.') + 1);
-	if($case_insensitive)
-		$ext = mb_strtolower($ext);		
-	return $ext;
-}
-
-function twig_sprintf_filter( $value, $var) {
-	return sprintf($value, $var);
-}
-
-function twig_truncate_filter($value, $length = 30, $preserve = false, $separator = '…') {
-	if (mb_strlen($value) > $length) {
-		if ($preserve) {
-			if (false !== ($breakpoint = mb_strpos($value, ' ', $length))) {
-				$length = $breakpoint;
-			}
-		}
-		return mb_substr($value, 0, $length) . $separator;
-	}
-	return $value;
-}
-
-function twig_filename_truncate_filter($value, $length = 30, $separator = '…') {
-	if (mb_strlen($value) > $length) {
-		$value = strrev($value);
-		$array = array_reverse(explode(".", $value, 2));
-		$array = array_map("strrev", $array);
-		
-		$filename = &$array[0];
-		$extension = isset($array[1]) ? $array[1] : false;
-
-		$filename = mb_substr($filename, 0, $length - ($extension ? mb_strlen($extension) + 1 : 0)) . $separator;
-
-		return implode(".", $array);
-	}
-	return $value;
-}
-
-function twig_ratio_function($w, $h) {
-	return fraction($w, $h, ':');
-}
-function twig_secure_link_confirm($text, $title, $confirm_message, $href) {
-	global $config;
-
-	return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlspecialchars(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
-}
-function twig_secure_link($href) {
-	return $href . '/' . make_secure_link_token($href);
-}

inc/lib/twig/extensions/Node/Trans.php

@@ -1,133 +0,0 @@
-<?php
-
-/*
- * This file is part of Twig.
- *
- * (c) 2010 Fabien Potencier
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-/**
- * Represents a trans node.
- *
- * @package    twig
- * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
- */
-class Twig_Extensions_Node_Trans extends Twig_Node
-{
-    public function __construct(Twig_NodeInterface $body, Twig_NodeInterface $plural = null, Twig_Node_Expression $count = null, $lineno, $tag = null)
-    {
-        parent::__construct(array('count' => $count, 'body' => $body, 'plural' => $plural), array(), $lineno, $tag);
-    }
-
-    /**
-     * Compiles the node to PHP.
-     *
-     * @param Twig_Compiler A Twig_Compiler instance
-     */
-    public function compile(Twig_Compiler $compiler)
-    {
-        $compiler->addDebugInfo($this);
-
-        list($msg, $vars) = $this->compileString($this->getNode('body'));
-
-        if (null !== $this->getNode('plural')) {
-            list($msg1, $vars1) = $this->compileString($this->getNode('plural'));
-
-            $vars = array_merge($vars, $vars1);
-        }
-
-        $function = null === $this->getNode('plural') ? 'gettext' : 'ngettext';
-
-        if ($vars) {
-            $compiler
-                ->write('echo strtr('.$function.'(')
-                ->subcompile($msg)
-            ;
-
-            if (null !== $this->getNode('plural')) {
-                $compiler
-                    ->raw(', ')
-                    ->subcompile($msg1)
-                    ->raw(', abs(')
-                    ->subcompile($this->getNode('count'))
-                    ->raw(')')
-                ;
-            }
-
-            $compiler->raw('), array(');
-
-            foreach ($vars as $var) {
-                if ('count' === $var->getAttribute('name')) {
-                    $compiler
-                        ->string('%count%')
-                        ->raw(' => abs(')
-                        ->subcompile($this->getNode('count'))
-                        ->raw('), ')
-                    ;
-                } else {
-                    $compiler
-                        ->string('%'.$var->getAttribute('name').'%')
-                        ->raw(' => ')
-                        ->subcompile($var)
-                        ->raw(', ')
-                    ;
-                }
-            }
-
-            $compiler->raw("));\n");
-        } else {
-            $compiler
-                ->write('echo '.$function.'(')
-                ->subcompile($msg)
-            ;
-
-            if (null !== $this->getNode('plural')) {
-                $compiler
-                    ->raw(', ')
-                    ->subcompile($msg1)
-                    ->raw(', abs(')
-                    ->subcompile($this->getNode('count'))
-                    ->raw(')')
-                ;
-            }
-
-            $compiler->raw(");\n");
-        }
-    }
-
-    protected function compileString(Twig_NodeInterface $body)
-    {
-        if ($body instanceof Twig_Node_Expression_Name || $body instanceof Twig_Node_Expression_Constant || $body instanceof Twig_Node_Expression_TempName) {
-            return array($body, array());
-        }
-
-        $vars = array();
-        if (count($body)) {
-            $msg = '';
-
-            foreach ($body as $node) {
-                if (get_class($node) === 'Twig_Node' && $node->getNode(0) instanceof Twig_Node_SetTemp) {
-                    $node = $node->getNode(1);
-                }
-
-                if ($node instanceof Twig_Node_Print) {
-                    $n = $node->getNode('expr');
-                    while ($n instanceof Twig_Node_Expression_Filter) {
-                        $n = $n->getNode('node');
-                    }
-                    $msg .= sprintf('%%%s%%', $n->getAttribute('name'));
-                    $vars[] = new Twig_Node_Expression_Name($n->getAttribute('name'), $n->getLine());
-                } else {
-                    $msg .= $node->getAttribute('data');
-                }
-            }
-        } else {
-            $msg = $body->getAttribute('data');
-        }
-
-        return array(new Twig_Node(array(new Twig_Node_Expression_Constant(trim($msg), $body->getLine()))), $vars);
-    }
-}

inc/lib/twig/extensions/TokenParser/Trans.php

@@ -1,80 +0,0 @@
-<?php
-
-/*
- * This file is part of Twig.
- *
- * (c) 2010 Fabien Potencier
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-class Twig_Extensions_TokenParser_Trans extends Twig_TokenParser
-{
-    /**
-     * Parses a token and returns a node.
-     *
-     * @param Twig_Token $token A Twig_Token instance
-     *
-     * @return Twig_NodeInterface A Twig_NodeInterface instance
-     */
-    public function parse(Twig_Token $token)
-    {
-        $lineno = $token->getLine();
-        $stream = $this->parser->getStream();
-        $count = null;
-        $plural = null;
-
-        if (!$stream->test(Twig_Token::BLOCK_END_TYPE)) {
-            $body = $this->parser->getExpressionParser()->parseExpression();
-        } else {
-            $stream->expect(Twig_Token::BLOCK_END_TYPE);
-            $body = $this->parser->subparse(array($this, 'decideForFork'));
-            if ('plural' === $stream->next()->getValue()) {
-                $count = $this->parser->getExpressionParser()->parseExpression();
-                $stream->expect(Twig_Token::BLOCK_END_TYPE);
-                $plural = $this->parser->subparse(array($this, 'decideForEnd'), true);
-            }
-        }
-
-        $stream->expect(Twig_Token::BLOCK_END_TYPE);
-
-        $this->checkTransString($body, $lineno);
-
-        return new Twig_Extensions_Node_Trans($body, $plural, $count, $lineno, $this->getTag());
-    }
-
-    public function decideForFork(Twig_Token $token)
-    {
-        return $token->test(array('plural', 'endtrans'));
-    }
-
-    public function decideForEnd(Twig_Token $token)
-    {
-        return $token->test('endtrans');
-    }
-
-    /**
-     * Gets the tag name associated with this token parser.
-     *
-     * @param string The tag name
-     */
-    public function getTag()
-    {
-        return 'trans';
-    }
-
-    protected function checkTransString(Twig_NodeInterface $body, $lineno)
-    {
-        foreach ($body as $i => $node) {
-            if (
-                $node instanceof Twig_Node_Text
-                ||
-                ($node instanceof Twig_Node_Print && $node->getNode('expr') instanceof Twig_Node_Expression_Name)
-            ) {
-                continue;
-            }
-
-            throw new Twig_Error_Syntax(sprintf('The text to be translated with "trans" can only contain references to simple variables'), $lineno);
-        }
-    }
-}

inc/locale/pl_PL/LC_MESSAGES/tinyboard.po

@@ -2287,8 +2287,6 @@ msgstr "usuń"
 msgid "New note"
 msgstr "Nowa notka"
  	
-msgid "New telegram"
-msgstr "Nowa depesza"
 
 #. line 94
 #. line 7

inc/lock.php

@@ -1,39 +1,76 @@
 <?php
-class Lock {
-  function __construct($key) { global $config;
-    if ($config['lock']['enabled'] == 'fs') {
+class Locks {
+    private static function filesystem(string $key) {
         $key = str_replace('/', '::', $key);
         $key = str_replace("\0", '', $key);
 
-      $this->f = fopen("tmp/locks/$key", "w");
-    }
+        $fd = fopen("tmp/locks/$key", "w");
+        if ($fd === false) {
+            return false;
         }
 
-  // Get a shared lock
-  function get($nonblock = false) { global $config;
-    if ($config['lock']['enabled'] == 'fs') {
+        return new class($fd) implements Lock {
+            // Resources have no type in PHP.
+            private $f;
+
+            public function __construct($fd) {
+                $this->f = $fd;
+            }
+
+            public function get(bool $nonblock = false) {
                 $wouldblock = false;
                 flock($this->f, LOCK_SH | ($nonblock ? LOCK_NB : 0), $wouldblock);
-      if ($nonblock && $wouldblock) return false;
+                if ($nonblock && $wouldblock) {
+                    return false;
                 }
                 return $this;
             }
 
-  // Get an exclusive lock
-  function get_ex($nonblock = false) { global $config;
-    if ($config['lock']['enabled'] == 'fs') {
+            public function get_ex(bool $nonblock = false) {
                 $wouldblock = false;
                 flock($this->f, LOCK_EX | ($nonblock ? LOCK_NB : 0), $wouldblock);
-      if ($nonblock && $wouldblock) return false;
+                if ($nonblock && $wouldblock) {
+                    return false;
                 }
                 return $this;
             }
 
-  // Free a lock
-  function free() { global $config;
-    if ($config['lock']['enabled'] == 'fs') {
+            public function free() {
                 flock($this->f, LOCK_UN);
-    }
                 return $this;
             }
+        };
+    }
+
+    public static function none() {
+        return new class() implements Lock {
+            public function get(bool $nonblock = false) {
+                return $this;
+            }
+
+            public function get_ex(bool $nonblock = false) {
+                return $this;
+            }
+
+            public function free() {
+                return $this;
+            }
+        };
+    }
+
+    public static function get_lock(array $config, string $key) {
+        if ($config['lock']['enabled'] == 'fs') {
+            return self::filesystem($key);
+        } else {
+            return self::none();
+        }
+    }
+}
+
+interface Lock {
+    public function get(bool $nonblock = false);
+
+    public function get_ex(bool $nonblock = false);
+
+    public function free();
 }

inc/mod/auth.php

@@ -4,10 +4,13 @@
  *  Copyright (c) 2010-2013 Tinyboard Development Group
  */
 
+use Vichan\Context;
+use Vichan\Functions\Net;
+
 defined('TINYBOARD') or exit;
 
 // create a hash/salt pair for validate logins
-function mkhash($username, $password, $salt = false) {
+function mkhash(string $username, $password = null, $salt = false) {
 	global $config;
 
 	if (!$salt) {
@@ -31,55 +34,52 @@ function mkhash($username, $password, $salt = false) {
 		), 0, 20
 	);
 
-	if (isset($generated_salt))
-		return array($hash, $salt);
-	else
+	if (isset($generated_salt)) {
+		return [ $hash, $salt ];
+	} else {
 		return $hash;
 	}
-
-function crypt_password_old($password) {
-	$salt = generate_salt();
-	$password = hash('sha256', $salt . sha1($password));
-	return array($salt, $password);
 }
 
-function crypt_password($password) {
+function crypt_password(string $password): array {
 	global $config;
 	// `salt` database field is reused as a version value. We don't want it to be 0.
 	$version = $config['password_crypt_version'] ? $config['password_crypt_version'] : 1;
 	$new_salt = generate_salt();
 	$password = crypt($password, $config['password_crypt'] . $new_salt . "$");
-	return array($version, $password);
+	return [ $version, $password ];
 }
 
-function test_password($password, $salt, $test) {
-	global $config;
-
+function test_password(string $password, string $salt, string $test): array {
 	// Version = 0 denotes an old password hashing schema. In the same column, the
 	// password hash was kept previously
-	$version = (strlen($salt) <= 8) ? (int) $salt : 0;
+	$version = strlen($salt) <= 8 ? (int)$salt : 0;
 
 	if ($version == 0) {
 		$comp = hash('sha256', $salt . sha1($test));
-	}
-	else {
+	} else {
 		$comp = crypt($test, $password);
 	}
-	return array($version, hash_equals($password, $comp));
+	return [ $version, hash_equals($password, $comp) ];
 }
 
-function generate_salt() {
-	// mcrypt_create_iv() was deprecated in PHP 7.1.0, only use it if we're below that version number.
-	if (PHP_VERSION_ID < 70100) {
-		// 128 bits of entropy
-		return strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
-	}
-
-	// Otherwise, use random_bytes()
+function generate_salt(): string {
 	return strtr(base64_encode(random_bytes(16)), '+', '.');
 }
 
-function login($username, $password) {
+function calc_cookie_name(bool $is_https, bool $is_path_jailed, string $base_name): string {
+	if ($is_https) {
+		if ($is_path_jailed) {
+			return "__Host-$base_name";
+		} else {
+			return "__Secure-$base_name";
+		}
+	} else {
+		return $base_name;
+	}
+}
+
+function login(string $username, string $password) {
 	global $mod, $config;
 
 	$query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username");
@@ -100,40 +100,83 @@ function login($username, $password) {
 				$query->execute() or error(db_error($query));
 			}
 
-			return $mod = array(
+			return $mod = [
 				'id' => $user['id'],
 				'type' => $user['type'],
 				'username' => $username,
 				'hash' => mkhash($username, $user['password']),
 				'boards' => explode(',', $user['boards'])
-			);
+			];
 		}
 	}
 
 	return false;
 }
 
-function setCookies() {
+function setCookies(): void {
 	global $mod, $config;
-	if (!$mod)
+	if (!$mod) {
 		error('setCookies() was called for a non-moderator!');
-	
-	setcookie($config['cookies']['mod'],
-			$mod['username'] . // username
-			':' . 
-			$mod['hash'][0] . // password
-			':' .
-			$mod['hash'][1], // salt
-		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', $config['cookies']['httponly']);
 	}
 
-function destroyCookies() {
+	$is_https = Net\is_connection_secure($config['cookies']['secure_login_only'] === 1);
+	$is_path_jailed = $config['cookies']['jail'];
+	$name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
+
+	// <username>:<password>:<salt>
+	$value = "{$mod['username']}:{$mod['hash'][0]}:{$mod['hash'][1]}";
+
+	$options = [
+		'expires' => time() + $config['cookies']['expire'],
+		'path' => $is_path_jailed ? $config['cookies']['path'] : '/',
+		'secure' => $is_https,
+		'httponly' => $config['cookies']['httponly'],
+		'samesite' => 'Strict'
+	];
+
+	setcookie($name, $value, $options);
+}
+
+function destroyCookies(): void {
 	global $config;
-	// Delete the cookies
-	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+	$base_name = $config['cookies']['mod'];
+	$del_time = time() - 60 * 60 * 24 * 365; // 1 year.
+	$jailed_path = $config['cookies']['jail'] ? $config['cookies']['path'] : '/';
+	$http_only = $config['cookies']['httponly'];
+
+	$options_multi = [
+		$base_name => [
+			'expires' => $del_time,
+			'path' => $jailed_path ,
+			'secure' => false,
+			'httponly' => $http_only,
+			'samesite' => 'Strict'
+		],
+		"__Host-$base_name" => [
+			'expires' => $del_time,
+			'path' => $jailed_path,
+			'secure' => true,
+			'httponly' => $http_only,
+			'samesite' => 'Strict'
+		],
+		"__Secure-$base_name" => [
+			'expires' => $del_time,
+			'path' => '/',
+			'secure' => true,
+			'httponly' => $http_only,
+			'samesite' => 'Strict'
+		]
+	];
+
+	foreach ($options_multi as $name => $options) {
+		if (isset($_COOKIE[$name])) {
+			setcookie($name, 'deleted', $options);
+			unset($_COOKIE[$name]);
+		}
+	}
 }
 
-function modLog($action, $_board=null) {
+function modLog(string $action, ?string $_board = null): void {
 	global $mod, $board, $config;
 	$query = prepare("INSERT INTO ``modlogs`` VALUES (:id, :ip, :board, :time, :text)");
 	$query->bindValue(':id', (isset($mod['id']) ? $mod['id'] : -1), PDO::PARAM_INT);
@@ -148,16 +191,18 @@ function modLog($action, $_board=null) {
 		$query->bindValue(':board', null, PDO::PARAM_NULL);
 	$query->execute() or error(db_error($query));
 
-	if ($config['syslog'])
+	if ($config['syslog']) {
 		_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
 	}
+}
 
 function create_pm_header() {
 	global $mod, $config;
 
 	if ($config['cache']['enabled'] && ($header = cache::get('pm_unread_' . $mod['id'])) != false) {
-		if ($header === true)
+		if ($header === true) {
 			return false;
+		}
 
 		return $header;
 	}
@@ -166,35 +211,45 @@ function create_pm_header() {
 	$query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
 	$query->execute() or error(db_error($query));
 
-	if ($pm = $query->fetch(PDO::FETCH_ASSOC))
-		$header = array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1);
-	else
+	if ($pm = $query->fetch(PDO::FETCH_ASSOC)) {
+		$header = [ 'id' => $pm['id'], 'waiting' => $query->rowCount() - 1 ];
+	} else {
 		$header = true;
+	}
 
-	if ($config['cache']['enabled'])
+	if ($config['cache']['enabled']) {
 		cache::set('pm_unread_' . $mod['id'], $header);
+	}
 
-	if ($header === true)
+	if ($header === true) {
 		return false;
+	}
 
 	return $header;
 }
 
-function make_secure_link_token($uri) {
+function make_secure_link_token(string $uri): string {
 	global $mod, $config;
 	return substr(sha1($config['cookies']['salt'] . '-' . $uri . '-' . $mod['id']), 0, 8);
 }
 
-function check_login($prompt = false) {
+function check_login(Context $ctx, bool $prompt = false): void {
 	global $config, $mod;
+
+	$is_https = Net\is_connection_secure($config['cookies']['secure_login_only'] === 1);
+	$is_path_jailed = $config['cookies']['jail'];
+	$expected_cookie_name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']);
+
 	// Validate session
-	if (isset($_COOKIE[$config['cookies']['mod']])) {
+	if (isset($_COOKIE[$expected_cookie_name])) {
 		// Should be username:hash:salt
-		$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
+		$cookie = explode(':', $_COOKIE[$expected_cookie_name]);
 		if (count($cookie) != 3) {
 			// Malformed cookies
 			destroyCookies();
-			if ($prompt) mod_login();
+			if ($prompt) {
+				mod_login($ctx);
+			}
 			exit;
 		}
 
@@ -207,7 +262,9 @@ function check_login($prompt = false) {
 		if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
 			// Malformed cookies
 			destroyCookies();
-			if ($prompt) mod_login();
+			if ($prompt) {
+				mod_login($ctx);
+			}
 			exit;
 		}
 

inc/mod/ban.php

@@ -1,10 +0,0 @@
-<?php
-
-/*
- *  Copyright (c) 2010-2013 Tinyboard Development Group
- */
-
-defined('TINYBOARD') or exit;
-
-
-// This file is no longer used.

inc/mod/config-editor.php

@@ -65,6 +65,10 @@ function config_vars() {
 			$temp_comment = false;
 		}
 
+		if (preg_match('!^\s*\$config\[(\'log_system\'|\'captcha\')\]!', $line)) {
+            continue;
+        }
+		
 		if (preg_match('!^\s*// ([^$].*)$!', $line, $matches)) {
 			if ($var['default'] !== false) {
 				$line = '';

inc/polyfill.php

@@ -1,28 +0,0 @@
-<?php
-
-// PHP 5.4
-
-if (!function_exists('hex2bin')) {
-	function hex2bin($data) {
-		return pack("H*" , $hex_string);
-	}
-}
-
-// PHP 5.6
-
-if (!function_exists('hash_equals')) {
-	function hash_equals($ours, $theirs) {
-		$ours = (string)$ours;
-		$theirs = (string)$theirs;
-
-		$tlen = strlen($theirs);
-		$olen = strlen($ours);
-
-		$answer = 0;
-		for ($i = 0; $i < $tlen; $i++) {
-			$answer |= ord($ours[$olen > $i ? $i : 0]) ^ ord($theirs[$i]);
-		}
-
-		return $answer === 0 && $olen === $tlen;
-	}
-}

inc/queue.php

@@ -1,49 +1,98 @@
 <?php
 
-class Queue {
-  function __construct($key) { global $config;
-    if ($config['queue']['enabled'] == 'fs') {
-      $this->lock = new Lock($key);
+class Queues {
+	private static $queues = array();
+
+
+	/**
+	 * This queue implementation isn't actually ordered, so it works more as a "bag".
+	 */
+	private static function filesystem(string $key, Lock $lock): Queue {
 		$key = str_replace('/', '::', $key);
 		$key = str_replace("\0", '', $key);
-      $this->key = "tmp/queue/$key/";
-    }
+		$key = "tmp/queue/$key/";
+
+		return new class($key, $lock) implements Queue {
+			private Lock $lock;
+			private string $key;
+
+
+			function __construct(string $key, Lock $lock) {
+				$this->lock = $lock;
+				$this->key = $key;
 			}
 
-  function push($str) { global $config;
-    if ($config['queue']['enabled'] == 'fs') {
+			public function push(string $str): bool {
 				$this->lock->get_ex();
-      file_put_contents($this->key.microtime(true), $str);
+				$ret = file_put_contents($this->key . microtime(true), $str);
 				$this->lock->free();
-    }
-    return $this;
+				return $ret !== false;
 			}
 
-  function pop($n = 1) { global $config;
-    if ($config['queue']['enabled'] == 'fs') {
+			public function pop(int $n = 1): array {
 				$this->lock->get_ex();
 				$dir = opendir($this->key);
 				$paths = array();
+
 				while ($n > 0) {
 					$path = readdir($dir);
-        if ($path === FALSE) break;
-        elseif ($path == '.' || $path == '..') continue;
-        else { $paths[] = $path; $n--; }
+					if ($path === false) {
+						break;
+					} elseif ($path == '.' || $path == '..') {
+						continue;
+					} else {
+						$paths[] = $path;
+						$n--;
 					}
+				}
+
 				$out = array();
 				foreach ($paths as $v) {
 					$out[] = file_get_contents($this->key . $v);
 					unlink($this->key . $v);
 				}
+
 				$this->lock->free();
 				return $out;
 			}
+		};
+	}
+
+	/**
+	 * No-op. Can be used for mocking.
+	 */
+	public static function none(): Queue {
+		return new class() implements Queue {
+			public function push(string $str): bool {
+				return true;
+			}
+
+			public function pop(int $n = 1): array {
+				return array();
+			}
+		};
+	}
+
+	public static function get_queue(array $config, string $name) {
+		if (!isset(self::$queues[$name])) {
+			if ($config['queue']['enabled'] == 'fs') {
+				$lock = Locks::get_lock($config, $name);
+				if ($lock === false) {
+					return false;
+				}
+				self::$queues[$name] = self::filesystem($name, $lock);
+			} else {
+				self::$queues[$name] = self::none();
+			}
+		}
+		return self::$queues[$name];
 	}
 }
 
-// Don't use the constructor. Use the get_queue function.
-$queues = array();
+interface Queue {
+	// Push a string in the queue.
+	public function push(string $str): bool;
 
-function get_queue($name) { global $queues;
-  return $queues[$name] = isset ($queues[$name]) ? $queues[$name] : new Queue($name);
+	// Get a string from the queue.
+	public function pop(int $n = 1): array;
 }

inc/remote.php

@@ -1,64 +0,0 @@
-<?php
-
-/*
- *  Copyright (c) 2010-2013 Tinyboard Development Group
- */
-
-defined('TINYBOARD') or exit;
-
-class Remote {
-	public function __construct($config) {
-		foreach ($config as $name => $value) {
-			$this->{$name} = $value;
-		}
-		
-		$methods = array();
-		
-		if (!isset($this->auth['method']))
-			error('Unspecified authentication method.');
-		
-		// Connect
-		$this->connection = ssh2_connect($this->host, isset($this->port) ? $this->port : 22, $methods);
-		
-		switch ($this->auth['method']) {
-			case 'pubkey':
-				
-				if (!isset($this->auth['public']))
-					error('Public key filename not specified.');
-				if (!isset($this->auth['private']))
-					error('Private key filename not specified.');
-				
-				if (!ssh2_auth_pubkey_file($this->connection, $this->auth['username'], $this->auth['public'], $this->auth['private'], isset($this->auth['passphrase']) ? $this->auth['passphrase']: null))
-					error('Public key authentication failed.');
-				break;
-			case 'plain':
-				if (!ssh2_auth_password($this->connection, $this->auth['username'], $this->auth['password']))
-					error('Plain-text authentication failed.');
-				break;
-			default:
-				error('Unknown authentication method: "' . $this->auth['method'] . '".');
-		}
-		
-	}
-	
-	public function write($data, $remote_path) {
-		global $config;
-		
-		switch ($this->type) {
-			case 'sftp':
-				$sftp = ssh2_sftp($this->connection);
-				file_write('ssh2.sftp://' . $sftp . $remote_path, $data, true);
-				break;
-			case 'scp':
-				$file = tempnam($config['tmp'], 'tinyboard-scp');
-				// Write to temp file
-				file_write($file, $data);
-				
-				ssh2_scp_send($this->connection, $file, $remote_path, 0755);
-				break;
-			default:
-				error('Unknown send method.');
-		}
-	}
-};
-

inc/secrets.php

@@ -0,0 +1 @@
+<?php

inc/service/captcha-queries.php

@@ -0,0 +1,143 @@
+<?php // Verify captchas server side.
+namespace Vichan\Service;
+
+use Vichan\Data\Driver\HttpDriver;
+
+defined('TINYBOARD') or exit;
+
+
+class ReCaptchaQuery implements RemoteCaptchaQuery {
+	private HttpDriver $http;
+	private string $secret;
+
+	/**
+	 * Creates a new ReCaptchaQuery using the google recaptcha service.
+	 *
+	 * @param HttpDriver $http The http client.
+	 * @param string $secret Server side secret.
+	 * @return ReCaptchaQuery A new ReCaptchaQuery query instance.
+	 */
+	public function __construct(HttpDriver $http, string $secret) {
+		$this->http = $http;
+		$this->secret = $secret;
+	}
+
+	public function responseField(): string {
+		return 'g-recaptcha-response';
+	}
+
+	public function verify(string $response, ?string $remote_ip): bool {
+		$data = [
+			'secret' => $this->secret,
+			'response' => $response
+		];
+
+		if ($remote_ip !== null) {
+			$data['remoteip'] = $remote_ip;
+		}
+
+		$ret = $this->http->requestGet('https://www.google.com/recaptcha/api/siteverify', $data);
+		$resp = json_decode($ret, true, 16, JSON_THROW_ON_ERROR);
+
+		return isset($resp['success']) && $resp['success'];
+	}
+}
+
+class HCaptchaQuery implements RemoteCaptchaQuery {
+	private HttpDriver $http;
+	private string $secret;
+	private string $sitekey;
+
+	/**
+	 * Creates a new HCaptchaQuery using the hCaptcha service.
+	 *
+	 * @param HttpDriver $http The http client.
+	 * @param string $secret Server side secret.
+	 * @return HCaptchaQuery A new hCaptcha query instance.
+	 */
+	public function __construct(HttpDriver $http, string $secret, string $sitekey) {
+		$this->http = $http;
+		$this->secret = $secret;
+		$this->sitekey = $sitekey;
+	}
+
+	public function responseField(): string {
+		return 'h-captcha-response';
+	}
+
+	public function verify(string $response, ?string $remote_ip): bool {
+		$data = [
+			'secret' => $this->secret,
+			'response' => $response,
+			'sitekey' => $this->sitekey
+		];
+
+		if ($remote_ip !== null) {
+			$data['remoteip'] = $remote_ip;
+		}
+
+		$ret = $this->http->requestGet('https://hcaptcha.com/siteverify', $data);
+		$resp = json_decode($ret, true, 16, JSON_THROW_ON_ERROR);
+
+		return isset($resp['success']) && $resp['success'];
+	}
+}
+
+interface RemoteCaptchaQuery {
+	/**
+	 * Name of the response field in the form data expected by the implementation.
+	 *
+	 * @return string The name of the field.
+	 */
+	public function responseField(): string;
+
+	/**
+	 * Checks if the user at the remote ip passed the captcha.
+	 *
+	 * @param string $response User provided response.
+	 * @param ?string $remote_ip User ip. Leave to null to only check the response value.
+	 * @return bool Returns true if the user passed the captcha.
+	 * @throws RuntimeException|JsonException Throws on IO errors or if it fails to decode the answer.
+	 */
+	public function verify(string $response, ?string $remote_ip): bool;
+}
+
+class NativeCaptchaQuery {
+	private HttpDriver $http;
+	private string $domain;
+	private string $provider_check;
+	private string $extra;
+
+	/**
+	 * @param HttpDriver $http The http client.
+	 * @param string $domain The server's domain.
+	 * @param string $provider_check Path to the endpoint.
+	 * @param string $extra Extra http parameters.
+	 */
+	function __construct(HttpDriver $http, string $domain, string $provider_check, string $extra) {
+		$this->http = $http;
+		$this->domain = $domain;
+		$this->provider_check = $provider_check;
+		$this->extra = $extra;
+	}
+
+	/**
+	 * Checks if the user at the remote ip passed the native vichan captcha.
+	 *
+	 * @param string $user_text Remote user's text input.
+	 * @param string $user_cookie Remote user cookie.
+	 * @return bool Returns true if the user passed the check.
+	 * @throws RuntimeException Throws on IO errors.
+	 */
+	public function verify(string $user_text, string $user_cookie): bool {
+		$data = [
+			'mode' => 'check',
+			'text' => $user_text,
+			'extra' => $this->extra,
+			'cookie' => $user_cookie
+		];
+
+		$ret = $this->http->requestGet($this->domain . '/' . $this->provider_check, $data);
+		return $ret === '1';
+	}
+}

inc/template.php

@@ -10,16 +10,22 @@ $twig = false;
 
 function load_twig() {
 	global $twig, $config;
-	$loader = new Twig_Loader_Filesystem($config['dir']['template']);
+
+	$cache_dir = "{$config['dir']['template']}/cache/";
+
+	$loader = new Twig\Loader\FilesystemLoader($config['dir']['template']);
 	$loader->setPaths($config['dir']['template']);
-	$twig = new Twig_Environment($loader, array(
+	$twig = new Twig\Environment($loader, array(
 		'autoescape' => false,
-		'cache' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')) ?
-			"{$config['dir']['template']}/cache" : false,
-		'debug' => $config['debug']
+		'cache' => is_writable('templates/') || (is_dir($cache_dir) && is_writable($cache_dir)) ?
+			new TinyboardTwigCache($cache_dir) : false,
+		'debug' => $config['debug'],
+		'auto_reload' => $config['twig_auto_reload']
 	));
-	$twig->addExtension(new Twig_Extensions_Extension_Tinyboard());
-	$twig->addExtension(new Twig_Extensions_Extension_I18n());
+	if ($config['debug'])
+		$twig->addExtension(new \Twig\Extension\DebugExtension());
+	$twig->addExtension(new Tinyboard());
+	$twig->addExtension(new PhpMyAdmin\Twig\Extensions\I18nExtension());
 }
 
 function Element($templateFile, array $options) {
@@ -28,10 +34,6 @@ function Element($templateFile, array $options) {
 	if (!$twig)
 		load_twig();
 
-	if (function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod'])) && !preg_match('!^mod/!', $templateFile)) {
-		$options['pm'] = create_pm_header();
-	}
-	
 	if (isset($options['body']) && $config['debug']) {
 		$_debug = $debug;
 
@@ -54,7 +56,7 @@ function Element($templateFile, array $options) {
 	}
 
 	// Read the template file
-	if (@file_get_contents("{$config['dir']['template']}/${templateFile}")) {
+	if (@file_get_contents("{$config['dir']['template']}/{$templateFile}")) {
 		$body = $twig->render($templateFile, $options);
 
 		if ($config['minify_html'] && preg_match('/\.html$/', $templateFile)) {
@@ -63,7 +65,163 @@ function Element($templateFile, array $options) {
 
 		return $body;
 	} else {
-		throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
+		throw new Exception("Template file '{$templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
 	}
 }
 
+class TinyboardTwigCache extends Twig\Cache\FilesystemCache {
+	private string $directory;
+
+	public function __construct(string $directory) {
+		parent::__construct($directory);
+		$this->directory = $directory;
+	}
+
+	/**
+	 * This function was removed in Twig 2.x due to developer views on the Twig library.
+	 * Who says we can't keep it for ourselves though?
+	 */
+	public function clear() {
+		$iter = new RecursiveIteratorIterator(
+			new RecursiveDirectoryIterator($this->directory),
+			RecursiveIteratorIterator::LEAVES_ONLY
+		);
+
+		foreach ($iter as $file) {
+			if ($file->isFile()) {
+				@unlink($file->getPathname());
+			}
+		}
+	}
+}
+
+class Tinyboard extends Twig\Extension\AbstractExtension
+{
+	/**
+	* Returns a list of filters to add to the existing list.
+	*
+	* @return array An array of filters
+	*/
+	public function getFilters()
+	{
+		return array(
+			new Twig\TwigFilter('filesize', 'format_bytes'),
+			new Twig\TwigFilter('truncate', 'twig_truncate_filter'),
+			new Twig\TwigFilter('truncate_body', 'truncate'),
+			new Twig\TwigFilter('truncate_filename', 'twig_filename_truncate_filter'),
+			new Twig\TwigFilter('extension', 'twig_extension_filter'),
+			new Twig\TwigFilter('sprintf', 'sprintf'),
+			new Twig\TwigFilter('capcode', 'capcode'),
+			new Twig\TwigFilter('remove_modifiers', 'remove_modifiers'),
+			new Twig\TwigFilter('hasPermission', 'twig_hasPermission_filter'),
+			new Twig\TwigFilter('date', 'twig_date_filter'),
+			new Twig\TwigFilter('poster_id', 'poster_id'),
+			new Twig\TwigFilter('count', 'count'),
+			new Twig\TwigFilter('ago', 'Vichan\Functions\Format\ago'),
+			new Twig\TwigFilter('until', 'Vichan\Functions\Format\until'),
+			new Twig\TwigFilter('push', 'twig_push_filter'),
+			new Twig\TwigFilter('bidi_cleanup', 'bidi_cleanup'),
+			new Twig\TwigFilter('addslashes', 'addslashes'),
+			new Twig\TwigFilter('cloak_ip', 'cloak_ip'),
+			new Twig\TwigFilter('cloak_mask', 'cloak_mask'),
+		);
+	}
+
+	/**
+	* Returns a list of functions to add to the existing list.
+	*
+	* @return array An array of filters
+	*/
+	public function getFunctions()
+	{
+		return array(
+			new Twig\TwigFunction('time', 'time'),
+			new Twig\TwigFunction('floor', 'floor'),
+			new Twig\TwigFunction('hiddenInputs', 'hiddenInputs'),
+			new Twig\TwigFunction('hiddenInputsHash', 'hiddenInputsHash'),
+			new Twig\TwigFunction('ratio', 'twig_ratio_function'),
+			new Twig\TwigFunction('secure_link_confirm', 'twig_secure_link_confirm'),
+			new Twig\TwigFunction('secure_link', 'twig_secure_link'),
+			new Twig\TwigFunction('link_for', 'link_for')
+		);
+	}
+
+	/**
+	* Returns the name of the extension.
+	*
+	* @return string The extension name
+	*/
+	public function getName()
+	{
+		return 'tinyboard';
+	}
+}
+
+function twig_push_filter($array, $value) {
+	array_push($array, $value);
+	return $array;
+}
+
+function twig_date_filter($date, $format) {
+    if (is_numeric($date)) {
+        $date = new DateTime("@$date", new DateTimeZone('UTC'));
+    } else {
+        $date = new DateTime($date, new DateTimeZone('UTC'));
+    }
+    return $date->format($format);
+}
+
+function twig_hasPermission_filter($mod, $permission, $board = null) {
+	return hasPermission($permission, $board, $mod);
+}
+
+function twig_extension_filter($value, $case_insensitive = true) {
+	$ext = mb_substr($value, mb_strrpos($value, '.') + 1);
+	if($case_insensitive)
+		$ext = mb_strtolower($ext);
+	return $ext;
+}
+
+function twig_sprintf_filter( $value, $var) {
+	return sprintf($value, $var);
+}
+
+function twig_truncate_filter($value, $length = 30, $preserve = false, $separator = '…') {
+	if (mb_strlen($value) > $length) {
+		if ($preserve) {
+			if (false !== ($breakpoint = mb_strpos($value, ' ', $length))) {
+				$length = $breakpoint;
+			}
+		}
+		return mb_substr($value, 0, $length) . $separator;
+	}
+	return $value;
+}
+
+function twig_filename_truncate_filter($value, $length = 30, $separator = '…') {
+	if (mb_strlen($value) > $length) {
+		$value = strrev($value);
+		$array = array_reverse(explode(".", $value, 2));
+		$array = array_map("strrev", $array);
+
+		$filename = &$array[0];
+		$extension = isset($array[1]) ? $array[1] : false;
+
+		$filename = mb_substr($filename, 0, $length - ($extension ? mb_strlen($extension) + 1 : 0)) . $separator;
+
+		return implode(".", $array);
+	}
+	return $value;
+}
+
+function twig_ratio_function($w, $h) {
+	return fraction($w, $h, ':');
+}
+function twig_secure_link_confirm($text, $title, $confirm_message, $href) {
+	global $config;
+
+	return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlspecialchars(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
+}
+function twig_secure_link($href) {
+	return $href . '/' . make_secure_link_token($href);
+}

install.php

@@ -1,7 +1,7 @@
 <?php
 
 // Installation/upgrade file
-define('VERSION', '5.1.4');
+define('VERSION', '5.2.1');
 require 'inc/bootstrap.php';
 loadConfig();
 
@@ -142,7 +142,7 @@ if (file_exists($config['has_installed'])) {
 				query(sprintf("ALTER TABLE `posts_%s` CHANGE  `subject` `subject` VARCHAR( 100 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error());
 			}
 		case 'v0.9.3-dev-6':
-			// change to MyISAM
+			// change to InnoDB
 			$tables = array(
 				'bans', 'boards', 'ip_notes', 'modlogs', 'mods', 'mutes', 'noticeboard', 'pms', 'reports', 'robot', 'theme_settings', 'news'
 			);
@@ -151,7 +151,7 @@ if (file_exists($config['has_installed'])) {
 			}
 
 			foreach ($tables as &$table) {
-				query("ALTER TABLE  `{$table}` ENGINE = MYISAM DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci") or error(db_error());
+				query("ALTER TABLE  `{$table}` ENGINE = INNODB DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci") or error(db_error());
 			}
 		case 'v0.9.3-dev-7':
 			foreach ($boards as &$board) {
@@ -212,7 +212,7 @@ if (file_exists($config['has_installed'])) {
 			foreach ($boards as &$board) {
 				query(sprintf("ALTER TABLE  `posts_%s` ADD  `body_nomarkup` TEXT NULL AFTER  `body`", $board['uri'])) or error(db_error());
 			}
-			query("CREATE TABLE IF NOT EXISTS `cites` (  `board` varchar(8) NOT NULL,  `post` int(11) NOT NULL,  `target_board` varchar(8) NOT NULL,  `target` int(11) NOT NULL,  KEY `target` (`target_board`,`target`),  KEY `post` (`board`,`post`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;") or error(db_error());
+			query("CREATE TABLE IF NOT EXISTS `cites` (  `board` varchar(8) NOT NULL,  `post` int(11) NOT NULL,  `target_board` varchar(8) NOT NULL,  `target` int(11) NOT NULL,  KEY `target` (`target_board`,`target`),  KEY `post` (`board`,`post`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;") or error(db_error());
 		case 'v0.9.5-dev-2':
 			query("ALTER TABLE  `boards`
 				CHANGE  `uri`  `uri` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
@@ -235,7 +235,7 @@ if (file_exists($config['has_installed'])) {
 				  `passed` smallint(6) NOT NULL,
 				  PRIMARY KEY (`hash`),
 				  KEY `board` (`board`,`thread`)
-				) ENGINE=MyISAM DEFAULT CHARSET=utf8;") or error(db_error());
+				) ENGINE=InnoDB DEFAULT CHARSET=utf8;") or error(db_error());
 		case 'v0.9.6-dev-2':
 			query("ALTER TABLE `boards`
 				DROP `id`,
@@ -462,7 +462,7 @@ if (file_exists($config['has_installed'])) {
 				  KEY `posthash` (`posthash`),
 				  KEY `filehash` (`filehash`),
 				  KEY `time` (`time`)
-				) ENGINE=MyISAM DEFAULT CHARSET=ascii COLLATE=ascii_bin AUTO_INCREMENT=1 ;") or error(db_error());
+				) ENGINE=InnoDB DEFAULT CHARSET=ascii COLLATE=ascii_bin AUTO_INCREMENT=1 ;") or error(db_error());
 		case 'v0.9.6-dev-19':
 			query("UPDATE ``mods`` SET `type` = 10 WHERE `type` = 0") or error(db_error());
 			query("UPDATE ``mods`` SET `type` = 20 WHERE `type` = 1") or error(db_error());
@@ -483,7 +483,7 @@ if (file_exists($config['has_installed'])) {
 				PRIMARY KEY (`id`),
 				KEY `expires` (`expires`),
 				KEY `ipstart` (`ipstart`,`ipend`)
-				) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1") or error(db_error());
+				) ENGINE=InnoDB  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1") or error(db_error());
 			$listquery = query("SELECT * FROM ``bans`` ORDER BY `id`") or error(db_error());
 			while ($ban = $listquery->fetch(PDO::FETCH_ASSOC)) {
 				$query = prepare("INSERT INTO ``bans_new_temp`` VALUES
@@ -538,7 +538,7 @@ if (file_exists($config['has_installed'])) {
 				  `denied` tinyint(1) NOT NULL,
 				  PRIMARY KEY (`id`),
 				  KEY `ban_id` (`ban_id`)
-				) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;") or error(db_error());
+				) ENGINE=InnoDB  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;") or error(db_error());
 		case 'v0.9.6-dev-22':
 		case 'v0.9.6-dev-22 + <a href="https://int.vichan.net/devel/">vichan-devel-4.4.91</a>':
 		case 'v0.9.6-dev-22 + <a href="https://int.vichan.net/devel/">vichan-devel-4.4.92</a>':
@@ -634,10 +634,10 @@ if (file_exists($config['has_installed'])) {
 			  	`text` varchar(255),
 			  	`created_at` int(11),
 			  	PRIMARY KEY (`cookie`,`extra`)
-				) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;') or error(db_error());
+				) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;') or error(db_error());
 		case false:
 			// TODO: enhance Tinyboard -> vichan upgrade path.
-			query("CREATE TABLE IF NOT EXISTS ``search_queries`` (  `ip` varchar(39) NOT NULL,  `time` int(11) NOT NULL,  `query` text NOT NULL) ENGINE=MyISAM DEFAULT CHARSET=utf8;") or error(db_error());
+			query("CREATE TABLE IF NOT EXISTS ``search_queries`` (  `ip` varchar(39) NOT NULL,  `time` int(11) NOT NULL,  `query` text NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=utf8;") or error(db_error());
 
 			// Update version number
 			file_write($config['has_installed'], VERSION);
@@ -689,6 +689,8 @@ if ($step == 0) {
 
 	echo Element('page.html', $page);
 } elseif ($step == 1) {
+	// The HTTPS check doesn't work properly when in those arrays, so let's run it here and pass along the result during the actual check.
+	$httpsvalue = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off';
 	$page['title'] = 'Pre-installation test';
 
 	$can_exec = true;
@@ -729,17 +731,10 @@ if ($step == 0) {
 	$tests = array(
 		array(
 			'category' => 'PHP',
-			'name' => 'PHP &ge; 5.4',
+			'name' => 'PHP &ge; 7.4',
 			'result' => PHP_VERSION_ID >= 50400,
 			'required' => true,
-			'message' => 'vichan requires PHP 5.4 or better.',
-		),
-		array(
-			'category' => 'PHP',
-			'name' => 'PHP &ge; 5.6',
-			'result' => PHP_VERSION_ID >= 50600,
-			'required' => false,
-			'message' => 'vichan works best on PHP 5.6 or better.',
+			'message' => 'vichan requires PHP 7.4 or better.',
 		),
 		array(
 			'category' => 'PHP',
@@ -856,14 +851,14 @@ if ($step == 0) {
 		array(
 			'category' => 'File permissions',
 			'name' => getcwd() . '/templates/cache',
-			'result' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')),
+			'result' => is_dir('templates/cache/') && is_writable('templates/cache/'),
 			'required' => true,
 			'message' => 'You must give vichan permission to create (and write to) the <code>templates/cache</code> directory or performance will be drastically reduced.'
 		),
 		array(
 			'category' => 'File permissions',
 			'name' => getcwd() . '/tmp/cache',
-			'result' => is_dir('tmp/cache') && is_writable('tmp/cache'),
+			'result' => is_dir('tmp/cache/') && is_writable('tmp/cache/'),
 			'required' => true,
 			'message' => 'You must give vichan permission to write to the <code>tmp/cache</code> directory.'
 		),
@@ -876,12 +871,17 @@ if ($step == 0) {
 		),
 		array(
 			'category' => 'Misc',
-			'name' => 'Caching available (APC(u), XCache, Memcached or Redis)',
-			'result' => extension_loaded('apcu') || extension_loaded('apc') ||
-						extension_loaded('xcache') || extension_loaded('memcached') ||
-						extension_loaded('redis'),
+			'name' => 'HTTPS being used',
+			'result' => $httpsvalue,
 			'required' => false,
-			'message' => 'You will not be able to enable the additional caching system, designed to minimize SQL queries and significantly improve performance. <a href="http://php.net/manual/en/book.apc.php">APC</a> is the recommended method of caching, but <a href="http://xcache.lighttpd.net/">XCache</a>, <a href="http://www.php.net/manual/en/intro.memcached.php">Memcached</a> and <a href="http://pecl.php.net/package/redis">Redis</a> are also supported.'
+			'message' => 'You are not currently using https for vichan, or at least for your backend server. If this intentional, add "$config[\'cookies\'][\'secure_login_only\'] = 0;" (or 1 if using a proxy) on a new line under "Additional configuration" on the next page.'
+		),
+		array(
+			'category' => 'Misc',
+			'name' => 'Caching available (APCu, Memcached or Redis)',
+			'result' => extension_loaded('apcu') || extension_loaded('memcached') || extension_loaded('redis'),
+			'required' => false,
+			'message' => 'You will not be able to enable the additional caching system, designed to minimize SQL queries and significantly improve performance. <a href="https://www.php.net/manual/en/book.apcu.php">APCu</a> is the recommended method of caching, but <a href="http://www.php.net/manual/en/intro.memcached.php">Memcached</a> and <a href="http://pecl.php.net/package/redis">Redis</a> are also supported.'
 		),
 		array(
 			'category' => 'Misc',
@@ -921,6 +921,7 @@ if ($step == 0) {
 	$sg = new SaltGen();
 	$config['cookies']['salt'] = $sg->generate();
 	$config['secure_trip_salt'] = $sg->generate();
+	$config['secure_password_salt'] = $sg->generate();
 
 	echo Element('page.html', array(
 		'body' => Element('installer/config.html', array(
@@ -990,12 +991,16 @@ if ($step == 0) {
 	$queries[] = Element('posts.sql', array('board' => 'b'));
 
 	$sql_errors = '';
+	$sql_err_count = 0;
 	foreach ($queries as $query) {
 		if ($mysql_version < 50503)
 			$query = preg_replace('/(CHARSET=|CHARACTER SET )utf8mb4/', '$1utf8', $query);
 		$query = preg_replace('/^([\w\s]*)`([0-9a-zA-Z$_\x{0080}-\x{FFFF}]+)`/u', '$1``$2``', $query);
-		if (!query($query))
-			$sql_errors .= '<li>' . db_error() . '</li>';
+		if (!query($query)) {
+			$sql_err_count++;
+			$error = db_error();
+			$sql_errors .= "<li>$sql_err_count<ul><li>$query</li><li>$error</li></ul></li>";
+		}
 	}
 
 	$page['title'] = 'Installation complete';
@@ -1034,4 +1039,3 @@ if ($step == 0) {
 
 	echo Element('page.html', $page);
 }
-

install.sql

@@ -31,7 +31,7 @@ CREATE TABLE IF NOT EXISTS `antispam` (
   PRIMARY KEY (`hash`),
   KEY `board` (`board`,`thread`),
   KEY `expires` (`expires`)
-) ENGINE=MyISAM DEFAULT CHARSET=ascii COLLATE=ascii_bin;
+) ENGINE=InnoDB DEFAULT CHARSET=ascii COLLATE=ascii_bin;
 
 -- --------------------------------------------------------
 
@@ -53,7 +53,7 @@ CREATE TABLE IF NOT EXISTS `bans` (
   PRIMARY KEY (`id`),
   KEY `expires` (`expires`),
   KEY `ipstart` (`ipstart`,`ipend`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
 
@@ -67,7 +67,7 @@ CREATE TABLE IF NOT EXISTS `boards` (
   `subtitle` tinytext,
   -- `indexed` boolean default true,
   PRIMARY KEY (`uri`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 --
 -- Dumping data for table `boards`
@@ -89,7 +89,7 @@ CREATE TABLE IF NOT EXISTS `cites` (
   `target` int(11) NOT NULL,
   KEY `target` (`target_board`,`target`),
   KEY `post` (`board`,`post`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 -- --------------------------------------------------------
 
@@ -105,7 +105,7 @@ CREATE TABLE IF NOT EXISTS `ip_notes` (
   `body` text NOT NULL,
   UNIQUE KEY `id` (`id`),
   KEY `ip_lookup` (`ip`, `time`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
 
@@ -121,7 +121,7 @@ CREATE TABLE IF NOT EXISTS `modlogs` (
   `text` text NOT NULL,
   KEY `time` (`time`),
   KEY `mod`(`mod`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- --------------------------------------------------------
 
@@ -138,7 +138,7 @@ CREATE TABLE IF NOT EXISTS `mods` (
   `boards` text CHARACTER SET utf8 NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `id` (`id`,`username`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
 
 --
 -- Dumping data for table `mods`
@@ -157,7 +157,7 @@ CREATE TABLE IF NOT EXISTS `mutes` (
   `ip` varchar(39) NOT NULL,
   `time` int(11) NOT NULL,
   KEY `ip` (`ip`)
-) ENGINE=MyISAM DEFAULT CHARSET=ascii;
+) ENGINE=InnoDB DEFAULT CHARSET=ascii;
 
 -- --------------------------------------------------------
 
@@ -173,7 +173,7 @@ CREATE TABLE IF NOT EXISTS `news` (
   `body` text NOT NULL,
   UNIQUE KEY `id` (`id`),
   KEY `time` (`time`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
 
@@ -189,7 +189,7 @@ CREATE TABLE IF NOT EXISTS `noticeboard` (
   `body` text NOT NULL,
   UNIQUE KEY `id` (`id`),
   KEY `time` (`time`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
 
@@ -206,7 +206,7 @@ CREATE TABLE IF NOT EXISTS `pms` (
   `unread` tinyint(1) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `to` (`to`, `unread`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
 
@@ -222,7 +222,7 @@ CREATE TABLE IF NOT EXISTS `reports` (
   `post` int(11) NOT NULL,
   `reason` text NOT NULL,
   PRIMARY KEY (`id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
 
@@ -233,7 +233,7 @@ CREATE TABLE IF NOT EXISTS `reports` (
 CREATE TABLE IF NOT EXISTS `robot` (
   `hash` varchar(40) COLLATE ascii_bin NOT NULL COMMENT 'SHA1',
   PRIMARY KEY (`hash`)
-) ENGINE=MyISAM DEFAULT CHARSET=ascii COLLATE=ascii_bin;
+) ENGINE=InnoDB DEFAULT CHARSET=ascii COLLATE=ascii_bin;
 
 -- --------------------------------------------------------
 
@@ -245,7 +245,7 @@ CREATE TABLE IF NOT EXISTS `search_queries` (
   `ip` varchar(39) NOT NULL,
   `time` int(11) NOT NULL,
   `query` text NOT NULL
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- --------------------------------------------------------
 
@@ -258,7 +258,7 @@ CREATE TABLE IF NOT EXISTS `theme_settings` (
   `name` varchar(40) DEFAULT NULL,
   `value` text,
   KEY `theme` (`theme`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- --------------------------------------------------------
 
@@ -279,7 +279,7 @@ CREATE TABLE IF NOT EXISTS `flood` (
   KEY `posthash` (`posthash`),
   KEY `filehash` (`filehash`),
   KEY `time` (`time`)
-) ENGINE=MyISAM DEFAULT CHARSET=ascii COLLATE=ascii_bin AUTO_INCREMENT=1 ;
+) ENGINE=InnoDB DEFAULT CHARSET=ascii COLLATE=ascii_bin AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
 
@@ -294,8 +294,9 @@ CREATE TABLE IF NOT EXISTS `ban_appeals` (
   `message` text NOT NULL,
   `denied` tinyint(1) NOT NULL,
   PRIMARY KEY (`id`),
-  KEY `ban_id` (`ban_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
+  KEY `ban_id` (`ban_id`),
+  CONSTRAINT `fk_ban_id` FOREIGN KEY (`ban_id`) REFERENCES `bans`(`id`) ON DELETE CASCADE
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
 
 -- --------------------------------------------------------
 
@@ -312,7 +313,7 @@ CREATE TABLE IF NOT EXISTS `pages` (
   `content` text,
   PRIMARY KEY (`id`),
   UNIQUE KEY `u_pages` (`name`,`board`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- --------------------------------------------------------
 
@@ -330,7 +331,7 @@ CREATE TABLE IF NOT EXISTS `nntp_references` (
   PRIMARY KEY (`message_id_digest`),
   UNIQUE KEY `message_id` (`message_id`),
   UNIQUE KEY `u_board_id` (`board`, `id`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- --------------------------------------------------------
 
@@ -344,23 +345,8 @@ CREATE TABLE IF NOT EXISTS `captchas` (
   `text` VARCHAR(255),
   `created_at` INT(11),
   PRIMARY KEY (`cookie`,`extra`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4;
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8mb4;
 
--- --------------------------------------------------------
-
---
--- Table structure for table `telegrams`
---
-
-CREATE TABLE IF NOT EXISTS `telegrams` (
-    `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
-    `mod_id` int(11) unsigned NOT NULL,
-    `ip` varchar(39) CHARACTER SET ascii NOT NULL,
-    `message` text NOT NULL,
-    `seen` tinyint(1) NOT NULL DEFAULT FALSE,
-    `created_at` INT(11),
-    PRIMARY KEY(`id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4;
 
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;

js/auto-reload.js

@@ -15,6 +15,9 @@
  *   //$config['additional_javascript'][] = 'js/titlebar-notifications.js';
  *   $config['additional_javascript'][] = 'js/auto-reload.js';
  *
+ * You must have boardlinks or else this script will not load.
+ * Search for "$config['boards'] = array(" within your inc/config.php and add something similar to your instance-config.php.
+ *
  */
 
 
@@ -241,4 +244,3 @@ $(document).ready(function(){
 		auto_update(poll_interval_delay);
 	}
 });
-

js/catalog-link.js

@@ -14,28 +14,23 @@
 
 function catalog() {
     var board = $("input[name='board']");
+    var boardValue = board.first().val();
 
-var catalog_url = configRoot + board.first().val() + "/catalog.html";
+    var catalog_url = '';
+    if (window.location.href.includes('mod.php?/')) {
+        catalog_url = configRoot + 'mod.php?/' + boardValue + '/catalog.html';
+    } else {
+        catalog_url = configRoot + boardValue + '/catalog.html';
+    }
 
     var pages = document.getElementsByClassName('pages')[0];
-var bottom = document.getElementsByClassName('boardlist bottom')[0]
+    var bottom = document.getElementsByClassName('boardlist bottom')[0];
     var subtitle = document.getElementsByClassName('subtitle')[0];
 
     var link = document.createElement('a');
     link.href = catalog_url;
 
-if (pages) {
-	link.textContent = _('Catalog');
-	link.style.color = '#F10000';
-	link.style.padding = '4px';
-	link.style.paddingLeft = '9px';
-	link.style.borderLeft = '1px solid'
-	link.style.borderLeftColor = '#A8A8A8';
-	link.style.textDecoration = "underline";
-
-	pages.appendChild(link)
-}
-else {
+    if (!pages) {
         link.textContent = '['+_('Catalog')+']';
         link.style.paddingLeft = '10px';
         link.style.textDecoration = "underline";

js/catalog-search.js

@@ -8,21 +8,21 @@
  *   $config['additional_javascript'][] = 'js/comment-toolbar.js';
  */
 if (active_page == 'catalog') {
-	onready(function () {
+	onReady(function() {
 		'use strict';
 
 		// 'true' = enable shortcuts
-		var useKeybinds = true;
+		let useKeybinds = true;
 
 		// trigger the search 400ms after last keystroke
-		var delay = 400;
-		var timeoutHandle;
+		let delay = 400;
+		let timeoutHandle;
 
 		// search and hide none matching threads
 		function filter(search_term) {
 			$('.replies').each(function () {
-				var subject = $(this).children('.intro').text().toLowerCase();
-				var comment = $(this).clone().children().remove(':lt(2)').end().text().trim().toLowerCase();
+				let subject = $(this).children('.intro').text().toLowerCase();
+				let comment = $(this).clone().children().remove(':lt(2)').end().text().trim().toLowerCase();
 				search_term = search_term.toLowerCase();
 
 				if (subject.indexOf(search_term) == -1 && comment.indexOf(search_term) == -1) {
@@ -34,7 +34,7 @@ if (active_page == 'catalog') {
 		}
 
 		function searchToggle() {
-			var button = $('#catalog_search_button');
+			let button = $('#catalog_search_button');
 
 			if (!button.data('expanded')) {
 				button.data('expanded', '1');

js/download-original.js

@@ -15,9 +15,9 @@
  *
  */
 
-onready(function(){
-	var do_original_filename = function() {
-		var filename, truncated;
+onReady(function() {
+	let doOriginalFilename = function() {
+		let filename, truncated;
 		if ($(this).attr('title')) {
 			filename = $(this).attr('title');
 			truncated = true;
@@ -34,9 +34,9 @@ onready(function(){
 			);
 	};
 
-	$('.postfilename').each(do_original_filename);
+	$('.postfilename').each(doOriginalFilename);
 
 	$(document).on('new_post', function(e, post) {
-		$(post).find('.postfilename').each(do_original_filename);
+		$(post).find('.postfilename').each(doOriginalFilename);
 	});
 });

js/expand-all-images.js

@@ -16,23 +16,26 @@
  *
  */
 
-if (active_page == 'ukko' || active_page == 'thread' || active_page == 'index')
-onready(function(){
+if (active_page == 'ukko' || active_page == 'thread' || active_page == 'index') {
+	onReady(function() {
 		$('hr:first').before('<div id="expand-all-images" style="text-align:right"><a class="unimportant" href="javascript:void(0)"></a></div>');
 		$('div#expand-all-images a')
 			.text(_('Expand all images'))
 			.click(function() {
 				$('a img.post-image').each(function() {
 					// Don't expand YouTube embeds
-				if ($(this).parent().parent().hasClass('video-container'))
+					if ($(this).parent().parent().hasClass('video-container')) {
 						return;
+					}
 
 					// or WEBM
-				if (/^\/player\.php\?/.test($(this).parent().attr('href')))
+					if (/^\/player\.php\?/.test($(this).parent().attr('href'))) {
 						return;
+					}
 
-				if (!$(this).parent().data('expanded'))
+					if (!$(this).parent().data('expanded')) {
 						$(this).parent().click();
+					}
 				});
 
 				if (!$('#shrink-all-images').length) {
@@ -43,10 +46,12 @@ onready(function(){
 					.text(_('Shrink all images'))
 					.click(function() {
 						$('a img.full-image').each(function() {
-						if ($(this).parent().data('expanded'))
+							if ($(this).parent().data('expanded')) {
 								$(this).parent().click();
+							}
 						});
 						$(this).parent().remove();
 					});
 			});
 	});
+}

js/expand-filename.js

@@ -0,0 +1,53 @@
+/*
+ * expand-filename.js
+ * https://github.com/vichan-devel/vichan/blob/master/js/expand-filename.js
+ *
+ * Released under the MIT license
+ * Copyright (c) 2024 Perdedora <weav@anche.no>
+ *
+ * Usage:
+ *   $config['additional_javascript'][] = 'js/expand-filename.js';
+ *
+ */
+
+function doFilename(element) {
+    const filenames = element.querySelectorAll('[data-truncate="true"]');
+    filenames.forEach(filename => {
+        filename.addEventListener('mouseover', event => addHover(event.target));
+        filename.addEventListener('mouseout', event => removeHover(event.target));
+    });
+}
+
+function addHover(element) {
+    element.dataset.truncatedFilename = element.textContent;
+    element.textContent = element.download;
+}
+
+function removeHover(element) {
+    element.textContent = element.dataset.truncatedFilename;
+    delete element.dataset.truncatedFilename;
+}
+
+document.addEventListener('DOMContentLoaded', () => {
+    doFilename(document);
+
+    // Create a MutationObserver to watch for new elements
+    const observer = new MutationObserver(mutationsList => {
+        mutationsList.forEach(mutation => {
+            if (mutation.type === 'childList') {
+                mutation.addedNodes.forEach(addedNode => {
+                    if (addedNode.nodeType === Node.ELEMENT_NODE) {
+                        // Apply `doFilename` to newly added elements
+                        doFilename(addedNode);
+                    }
+                });
+            }
+        });
+    });
+
+    // Start observing the document body for changes
+    observer.observe(document.body, {
+        childList: true,
+        subtree: true
+    });
+});

js/expand-too-long.js

@@ -1,39 +0,0 @@
-/*
- * expand-too-long.js
- * https://github.com/vichan-devel/vichan/blob/master/js/expand-too-long.js
- *
- * Released under the MIT license
- * Copyright (c) 2013-2014 Marcin Łabanowski <marcin@6irc.net>
- *
- * Usage:
- *   $config['additional_javascript'][] = 'js/jquery.min.js';
- *   $config['additional_javascript'][] = 'js/expand-too-long.js';
- *      
- */
-
-$(function() {
-	var do_expand = function() {
-		$(this).find('a').click(function(e) {
-			e.preventDefault();
-
-			var url = $(this).attr('href');
-			var body = $(this).parents('.body');
-
-			$.ajax({
-				url: url,
-				context: document.body,
-				success: function(data) {
-					var content = $(data).find('#'+url.split('#')[1]).parent().parent().find(".body").first().html();
-
-					body.html(content);
-				}
-			});
-		});
-	};
-
-        $('.toolong').each(do_expand);
-                       
-        $(document).on("new_post", function(e, post) {
-		$(post).find('.toolong').each(do_expand)
-	});
-});

js/expand-video.js

@@ -2,26 +2,32 @@
 /* Note: This code expects the global variable configRoot to be set. */
 
 if (typeof _ == 'undefined') {
-  var _ = function(a) { return a; };
+	var _ = function(a) {
+		return a;
+	};
 }
 
 function setupVideo(thumb, url) {
-    if (thumb.videoAlreadySetUp) return;
+	if (thumb.videoAlreadySetUp) {
+		return;
+	}
 	thumb.videoAlreadySetUp = true;
 
-    var video = null;
-    var videoContainer, videoHide;
-    var expanded = false;
-    var hovering = false;
-    var loop = true;
-    var loopControls = [document.createElement("span"), document.createElement("span")];
-    var fileInfo = thumb.parentNode.querySelector(".fileinfo");
-    var mouseDown = false;
+	let video = null;
+	let videoContainer, videoHide;
+	let expanded = false;
+	let hovering = false;
+	let loop = true;
+	let loopControls = [document.createElement("span"), document.createElement("span")];
+	let fileInfo = thumb.parentNode.querySelector(".fileinfo");
+	let mouseDown = false;
 
 	function unexpand() {
 		if (expanded) {
 			expanded = false;
-            if (video.pause) video.pause();
+			if (video.pause) {
+				video.pause();
+			}
 			videoContainer.style.display = "none";
 			thumb.style.display = "inline";
 			video.style.maxWidth = "inherit";
@@ -32,7 +38,9 @@ function setupVideo(thumb, url) {
 	function unhover() {
 		if (hovering) {
 			hovering = false;
-            if (video.pause) video.pause();
+			if (video.pause) {
+				video.pause();
+			}
 			videoContainer.style.display = "none";
 			video.style.maxWidth = "inherit";
 			video.style.maxHeight = "inherit";
@@ -81,6 +89,12 @@ function setupVideo(thumb, url) {
 		}
 	}
 
+	function setVolume() {
+		const volume = setting("videovolume");
+		video.volume = volume;
+		video.muted = (volume === 0);
+	}
+
 	// Clicking on thumbnail expands video
 	thumb.addEventListener("click", function(e) {
 		if (setting("videoexpand") && !e.shiftKey && !e.ctrlKey && !e.altKey && !e.metaKey) {
@@ -97,15 +111,21 @@ function setupVideo(thumb, url) {
 			video.parentNode.parentNode.removeAttribute('style');
 			thumb.style.display = "none";
 
-            video.muted = (setting("videovolume") == 0);
-            video.volume = setting("videovolume");
+			setVolume();
 			video.controls = true;
 			if (video.readyState == 0) {
 				video.addEventListener("loadedmetadata", expand2, false);
 			} else {
 				setTimeout(expand2, 0);
 			}
+			let promise = video.play();
+			if (promise !== undefined) {
+				promise.then(_ => {
+				}).catch(_ => {
+					video.muted = true;
 					video.play();
+				});
+			}
 			e.preventDefault();
 		}
 	}, false);
@@ -129,16 +149,18 @@ function setupVideo(thumb, url) {
 			expanded = false;
 			hovering = true;
 
-            var docRight = document.documentElement.getBoundingClientRect().right;
-            var thumbRight = thumb.querySelector("img, video").getBoundingClientRect().right;
-            var maxWidth = docRight - thumbRight - 20;
-            if (maxWidth < 250) maxWidth = 250;
+			let docRight = document.documentElement.getBoundingClientRect().right;
+			let thumbRight = thumb.querySelector("img, video").getBoundingClientRect().right;
+			let maxWidth = docRight - thumbRight - 20;
+			if (maxWidth < 250) {
+				maxWidth = 250;
+			}
 
 			video.style.position = "fixed";
 			video.style.right = "0px";
 			video.style.top = "0px";
-            var docRight = document.documentElement.getBoundingClientRect().right;
-            var thumbRight = thumb.querySelector("img, video").getBoundingClientRect().right;
+			docRight = document.documentElement.getBoundingClientRect().right;
+			thumbRight = thumb.querySelector("img, video").getBoundingClientRect().right;
 			video.style.maxWidth = maxWidth + "px";
 			video.style.maxHeight = "100%";
 			video.style.pointerEvents = "none";
@@ -148,10 +170,16 @@ function setupVideo(thumb, url) {
 			videoContainer.style.display = "inline";
 			videoContainer.style.position = "fixed";
 
-            video.muted = (setting("videovolume") == 0);
-            video.volume = setting("videovolume");
+			setVolume();
 			video.controls = false;
+			let promise = video.play();
+			if (promise !== undefined) {
+				promise.then(_ => {
+				}).catch(_ => {
+					video.muted = true;
 					video.play();
+				});
+			}
 		}
 	}, false);
 
@@ -161,10 +189,18 @@ function setupVideo(thumb, url) {
 	thumb.addEventListener("wheel", function(e) {
 		if (setting("videohover")) {
 			var volume = setting("videovolume");
-            if (e.deltaY > 0) volume -= 0.1;
-            if (e.deltaY < 0) volume += 0.1;
-            if (volume < 0) volume = 0;
-            if (volume > 1) volume = 1;
+			if (e.deltaY > 0) {
+				volume -= 0.1;
+			}
+			if (e.deltaY < 0) {
+				volume += 0.1;
+			}
+			if (volume < 0) {
+				volume = 0;
+			}
+			if (volume > 1) {
+				volume = 1;
+			}
 			if (video != null) {
 				video.muted = (volume == 0);
 				video.volume = volume;
@@ -202,36 +238,41 @@ function setupVideo(thumb, url) {
 }
 
 function setupVideosIn(element) {
-    var thumbs = element.querySelectorAll("a.file");
-    for (var i = 0; i < thumbs.length; i++) {
+	let thumbs = element.querySelectorAll("a.file");
+	for (let i = 0; i < thumbs.length; i++) {
 		if (/\.webm$|\.mp4$/.test(thumbs[i].pathname)) {
 			setupVideo(thumbs[i], thumbs[i].href);
 		} else {
-            var m = thumbs[i].search.match(/\bv=([^&]*)/);
+			let m = thumbs[i].search.match(/\bv=([^&]*)/);
 			if (m != null) {
-                var url = decodeURIComponent(m[1]);
-                if (/\.webm$|\.mp4$/.test(url)) setupVideo(thumbs[i], url);
+				let url = decodeURIComponent(m[1]);
+				if (/\.webm$|\.mp4$/.test(url)) {
+					setupVideo(thumbs[i], url);
+				}
 			}
 		}
 	}
 }
 
-onready(function(){
+onReady(function(){
 	// Insert menu from settings.js
-    if (typeof settingsMenu != "undefined" && typeof Options == "undefined")
+	if (typeof settingsMenu != "undefined" && typeof Options == "undefined") {
 		document.body.insertBefore(settingsMenu, document.getElementsByTagName("hr")[0]);
+	}
 
 	// Setup Javascript events for videos in document now
 	setupVideosIn(document);
 
 	// Setup Javascript events for videos added by updater
 	if (window.MutationObserver) {
-        var observer = new MutationObserver(function(mutations) {
-            for (var i = 0; i < mutations.length; i++) {
-                var additions = mutations[i].addedNodes;
-                if (additions == null) continue;
-                for (var j = 0; j < additions.length; j++) {
-                    var node = additions[j];
+		let observer = new MutationObserver(function(mutations) {
+			for (let i = 0; i < mutations.length; i++) {
+				let additions = mutations[i].addedNodes;
+				if (additions == null) {
+					continue;
+				}
+				for (let j = 0; j < additions.length; j++) {
+					let node = additions[j];
 					if (node.nodeType == 1) {
 						setupVideosIn(node);
 					}
@@ -241,4 +282,3 @@ onready(function(){
 		observer.observe(document.body, {childList: true, subtree: true});
 	}
 });
-

js/file-selector.js

@@ -8,6 +8,11 @@
  */
 function init_file_selector(max_images) {
 
+	// Temporarily block iOS
+    if (/iPad|iPhone|iPod/.test(navigator.userAgent)) {
+        return;
+    }
+
 $(document).ready(function () {
 	// add options panel item
 	if (window.Options && Options.get_tab('general')) {

js/hide-form.js

@@ -0,0 +1,23 @@
+/*
+ * Adds 4chan-like [Start a New Thread] and [Post a Reply] buttons to pages.
+ *
+ * Usage:
+ * $config['additional_javascript'][] = 'js/jquery.min.js';
+ * $config['additional_javascript'][] = 'js/hide-form.js';
+ *
+ */
+
+$(document).ready(() => {
+ if (active_page !== 'index' && active_page !== 'thread')
+ return;
+
+ let form_el = $('form[name="post"]');
+ let form_msg = active_page === 'index' ? 'Start a New Thread' : 'Post a Reply';
+
+ form_el.hide();
+ form_el.after(`<div id="show-post-form" style="font-size:175%;text-align:center;font-weight:bold">[<a href="#" style="text-decoration:none">${_(form_msg)}</a>]</div>`);
+ $('div#show-post-form').click(() => {
+ $('div#show-post-form').hide();
+ form_el.show();
+ });
+});

js/inline-expanding-filename.js

@@ -13,10 +13,10 @@
  *
  */
 
-onready(function(){
-	var inline_expanding_filename = function() {
+onReady(function() {
+	let inlineExpandingFilename = function() {
 		$(this).find(".fileinfo > a").click(function() {
-			var imagelink = $(this).parent().parent().find('a[target="_blank"]:first');
+			let imagelink = $(this).parent().parent().find('a[target="_blank"]:first');
 			if (imagelink.length > 0) {
 				imagelink.click();
 				return false;
@@ -24,10 +24,10 @@ onready(function(){
 		});
 	};
 
-        $('div[id^="thread_"]').each(inline_expanding_filename);
+	$('div[id^="thread_"]').each(inlineExpandingFilename);
 
 	// allow to work with auto-reload.js, etc.
 	$(document).on('new_post', function(e, post) {
-                inline_expanding_filename.call(post);
+		inlineExpandingFilename.call(post);
 	});
 });

js/local-time.js

@@ -17,29 +17,45 @@ $(document).ready(function(){
 	'use strict';
 
 	var iso8601 = function(s) {
-		s = s.replace(/\.\d\d\d+/,""); // remove milliseconds
-		s = s.replace(/-/,"/").replace(/-/,"/");
-		s = s.replace(/T/," ").replace(/Z/," UTC");
-		s = s.replace(/([\+\-]\d\d)\:?(\d\d)/," $1$2"); // -04:00 -> -0400
+		var parts = s.split('T');
+		if (parts.length === 2) {
+			var timeParts = parts[1].split(':');
+			if (timeParts.length === 3) {
+				var seconds = timeParts[2];
+				if (seconds.length > 2) {
+					seconds = seconds.substr(0, 2) + '.' + seconds.substr(2);
+				}
+				// Ensure seconds part is valid
+				if (parseFloat(seconds) > 59) {
+					seconds = '59';
+				}
+				timeParts[2] = seconds;
+			}
+			parts[1] = timeParts.join(':');
+		}
+		s = parts.join('T');
+
+		if (!s.endsWith('Z')) {
+			s += 'Z';
+		}
 		return new Date(s);
 	};
+
 	var zeropad = function(num, count) {
 		return [Math.pow(10, count - num.toString().length), num].join('').substr(1);
 	};
 
 	var dateformat = (typeof strftime === 'undefined') ? function(t) {
 		return zeropad(t.getMonth() + 1, 2) + "/" + zeropad(t.getDate(), 2) + "/" + t.getFullYear().toString().substring(2) +
-				" (" + [_("Sun"), _("Mon"), _("Tue"), _("Wed"), _("Thu"), _("Fri"), _("Sat"), _("Sun")][t.getDay()]  + ") " +
+				" (" + ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"][t.getDay()] + ") " +
 				// time
 				zeropad(t.getHours(), 2) + ":" + zeropad(t.getMinutes(), 2) + ":" + zeropad(t.getSeconds(), 2);
-
 	} : function(t) {
 		// post_date is defined in templates/main.js
 		return strftime(window.post_date, t, datelocale);
 	};
 
 	function timeDifference(current, previous) {
-
 		var msPerMinute = 60 * 1000;
 		var msPerHour = msPerMinute * 60;
 		var msPerDay = msPerHour * 24;
@@ -69,18 +85,17 @@ $(document).ready(function(){
 
 		for (var i = 0; i < times.length; i++) {
 			var t = times[i].getAttribute('datetime');
-			var postTime = new Date(t);
+			var postTime = iso8601(t);
 
 			times[i].setAttribute('data-local', 'true');
 
 			if (localStorage.show_relative_time === 'false') {
-				times[i].innerHTML = dateformat(iso8601(t));
+				times[i].innerHTML = dateformat(postTime);
 				times[i].setAttribute('title', timeDifference(currentTime, postTime.getTime()));
 			} else {
 				times[i].innerHTML = timeDifference(currentTime, postTime.getTime());
-				times[i].setAttribute('title', dateformat(iso8601(t)));
+				times[i].setAttribute('title', dateformat(postTime));
 			}
-		
 		}
 	};
 
@@ -113,3 +128,4 @@ $(document).ready(function(){
 
 	do_localtime(document);
 });
+

js/mod/ban-list.js

@@ -37,7 +37,7 @@ var banlist_init = function(token, my_boards, inMod) {
 	}
 	return pre+f.mask;
       } },
-      reason: {name: _("Reason"), width: "calc(100% - 715px - 6 * 4px)", fmt: function(f) {
+      reason: {name: _("Reason"), width: "calc(100% - 770px - 6 * 4px)", fmt: function(f) {
 	var add = "", suf = '';
         if (f.seen == 1) add += "<i class='fa fa-check' title='"+_("Seen")+"'></i>";
 	if (f.message) {
@@ -60,8 +60,8 @@ var banlist_init = function(token, my_boards, inMod) {
       // duration?
       expires: {name: _("Expires"), width: "235px", fmt: function(f) {
 	if (!f.expires || f.expires == 0) return "<em>"+_("never")+"</em>";
-        return strftime(window.post_date, new Date((f.expires|0)*1000), datelocale) + 
-          ((f.expires < time()) ? "" : " <small>"+_("in ")+until(f.expires|0)+"</small>");
+  var formattedDate = strftime("%m/%d/%Y (%a) %H:%M:%S", new Date((f.expires|0)*1000), datelocale);
+  return formattedDate + ((f.expires < time()) ? "" : " <small>"+_("in ")+until(f.expires|0)+"</small>");
       } },
       username: {name: _("Staff"), width: "100px", fmt: function(f) {
 	var pre='',suf='',un=f.username;
@@ -73,6 +73,11 @@ var banlist_init = function(token, my_boards, inMod) {
 	  un = "<em>"+_("system")+"</em>";
 	}
 	return pre + un + suf;
+      } },
+      id: {
+         name: (inMod)?_("Edit"):"&nbsp;", width: (inMod)?"35px":"0px", fmt: function(f) {
+	 if (!inMod) return '';
+	 return "<a href='?/edit_ban/"+f.id+"'>Edit</a>";
        } }
     }, {}, t);
 
@@ -124,6 +129,7 @@ var banlist_init = function(token, my_boards, inMod) {
     $(".banform").on("submit", function() { return false; });
 
     $("#unban").on("click", function() {
+      if (confirm('Are you sure you want to unban the selected IPs?')) {
         $(".banform .hiddens").remove();
         $("<input type='hidden' name='unban' value='unban' class='hiddens'>").appendTo(".banform");
     
@@ -132,6 +138,7 @@ var banlist_init = function(token, my_boards, inMod) {
         });
     
         $(".banform").off("submit").submit();
+      }
     });
 
     if (device_type == 'desktop') {

js/mod/mod_snippets.js

@@ -0,0 +1,12 @@
+/*
+ * mod_snippets.js
+ *
+ * Javascript snippets to be loaded when in mod mode
+ *
+ */
+
+function populateFormJQuery(frm, data) {
+	$.each(data, function(key, value){
+		$('[name='+key+']', frm).val(value);
+	});
+}

js/post-filter.js

@@ -375,7 +375,7 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 
 			var list = getList();
 			var postId = $post.find('.post_no').not('[id]').text();
-			var name, trip, uid, subject, comment;
+			var name, trip, uid, subject, comment, flag;
 			var i, length, array, rule, pattern;  // temp variables
 
 			var boardId	      = $post.data('board');
@@ -388,6 +388,7 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 
 			var hasTrip = ($post.find('.trip').length > 0);
 			var hasSub = ($post.find('.subject').length > 0);
+			var hasFlag = ($post.find('.flag').length > 0);
 
 			$post.data('hidden', false);
 			$post.data('hiddenByUid', false);
@@ -396,6 +397,7 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 			$post.data('hiddenByTrip', false);
 			$post.data('hiddenBySubject', false);
 			$post.data('hiddenByComment', false);
+			$post.data('hiddenByFlag', false);
 
 			// add post with matched UID to localList
 			if (hasUID &&
@@ -436,6 +438,8 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 			});
 			comment = array.join(' ');
 
+			if (hasFlag)
+				flag = $post.find('.flag').attr('title')
 
 			for (i = 0, length = list.generalFilter.length; i < length; i++) {
 				rule = list.generalFilter[i];
@@ -467,6 +471,12 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 								hide(post);
 							}
 							break;
+						case 'flag':
+							if (hasFlag && pattern.test(flag)) {
+								$post.data('hiddenByFlag', true);
+								hide(post);
+							}
+							break;
 					}
 				} else {
 					switch (rule.type) {
@@ -496,6 +506,13 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 								hide(post);
 							}
 							break;
+						case 'flag':
+							pattern = new RegExp('\\b'+ rule.value+ '\\b');
+							if (hasFlag && pattern.test(flag)) {
+								$post.data('hiddenByFlag', true);
+								hide(post);
+							}
+							break;
 					}
 				}
 			}
@@ -621,7 +638,8 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 				name: 'name',
 				trip: 'tripcode',
 				sub: 'subject',
-				com: 'comment'
+				com: 'comment',
+				flag: 'flag'
 			};
 
 			$ele.empty();
@@ -660,6 +678,7 @@ if (active_page === 'thread' || active_page === 'index' || active_page === 'cata
 							'<option value="trip">'+_('Tripcode')+'</option>' +
 							'<option value="sub">'+_('Subject')+'</option>' +
 							'<option value="com">'+_('Comment')+'</option>' +
+							'<option value="flag">'+_('Flag')+'</option>' +
 						'</select>' +
 						'<input type="text">' +
 						'<input type="checkbox">' +

js/post-hover.js

@@ -13,59 +13,62 @@
  *
  */
 
-onready(function(){
-	var dont_fetch_again = [];
-	init_hover = function() {
-		var $link = $(this);
+onReady(function() {
+	let dontFetchAgain = [];
+	initHover = function() {
+		let link = $(this);
+		let id;
+		let matches;
 
-		var id;
-		var matches;
-
-                if ($link.is('[data-thread]')) {
-                        id = $link.attr('data-thread');
-                }
-		else if(matches = $link.text().match(/^>>(?:>\/([^\/]+)\/)?(\d+)$/)) {
+		if (link.is('[data-thread]')) {
+			id = link.attr('data-thread');
+		} else if (matches = link.text().match(/^>>(?:>\/([^\/]+)\/)?(\d+)$/)) {
 			id = matches[2];
-		}
-		else {
+		} else {
 			return;
 		}
 
-		var board = $(this);
+		let board = $(this);
 		while (board.data('board') === undefined) {
 			board = board.parent();
 		}
-		var threadid;
-		if ($link.is('[data-thread]')) threadid = 0;
-		else threadid = board.attr('id').replace("thread_", "");
+		let threadid;
+		if (link.is('[data-thread]')) {
+			threadid = 0;
+		} else {
+			threadid = board.attr('id').replace("thread_", "");
+		}
 
 		board = board.data('board');
 
-		var parentboard = board;
+		let parentboard = board;
 
-		if ($link.is('[data-thread]')) parentboard = $('form[name="post"] input[name="board"]').val();
-		else if (matches[1] !== undefined) board = matches[1];
+		if (link.is('[data-thread]')) {
+			parentboard = $('form[name="post"] input[name="board"]').val();
+		} else if (matches[1] !== undefined) {
+			board = matches[1];
+		}
 
-		var $post = false;
-		var hovering = false;
-		var hovered_at;
-		$link.hover(function(e) {
+		let post = false;
+		let hovering = false;
+		let hoveredAt;
+		link.hover(function(e) {
 			hovering = true;
-			hovered_at = {'x': e.pageX, 'y': e.pageY};
+			hoveredAt = {'x': e.pageX, 'y': e.pageY};
 
-			var start_hover = function($link) {
-				if ($post.is(':visible') &&
-						$post.offset().top >= $(window).scrollTop() &&
-						$post.offset().top + $post.height() <= $(window).scrollTop() + $(window).height()) {
+			let startHover = function(link) {
+				if (post.is(':visible') &&
+						post.offset().top >= $(window).scrollTop() &&
+						post.offset().top + post.height() <= $(window).scrollTop() + $(window).height()) {
 					// post is in view
-					$post.addClass('highlighted');
+					post.addClass('highlighted');
 				} else {
-					var $newPost = $post.clone();
-					$newPost.find('>.reply, >br').remove();
-					$newPost.find('span.mentioned').remove();
-					$newPost.find('a.post_anchor').remove();
+					let newPost = post.clone();
+					newPost.find('>.reply, >br').remove();
+					newPost.find('span.mentioned').remove();
+					newPost.find('a.post_anchor').remove();
 
-					$newPost
+					newPost
 						.attr('id', 'post-hover-' + id)
 						.attr('data-board', board)
 						.addClass('post-hover')
@@ -76,28 +79,28 @@ onready(function(){
 						.css('font-style', 'normal')
 						.css('z-index', '100')
 						.addClass('reply').addClass('post')
-						.insertAfter($link.parent())
+						.insertAfter(link.parent())
 
-					$link.trigger('mousemove');
+					link.trigger('mousemove');
 				}
 			};
 
-			$post = $('[data-board="' + board + '"] div.post#reply_' + id + ', [data-board="' + board + '"]div#thread_' + id);
-			if($post.length > 0) {
-				start_hover($(this));
+			post = $('[data-board="' + board + '"] div.post#reply_' + id + ', [data-board="' + board + '"]div#thread_' + id);
+			if (post.length > 0) {
+				startHover($(this));
 			} else {
-				var url = $link.attr('href').replace(/#.*$/, '');
+				let url = link.attr('href').replace(/#.*$/, '');
 
-				if($.inArray(url, dont_fetch_again) != -1) {
+				if ($.inArray(url, dontFetchAgain) != -1) {
 					return;
 				}
-				dont_fetch_again.push(url);
+				dontFetchAgain.push(url);
 
 				$.ajax({
 					url: url,
 					context: document.body,
 					success: function(data) {
-						var mythreadid = $(data).find('div[id^="thread_"]').attr('id').replace("thread_", "");
+						let mythreadid = $(data).find('div[id^="thread_"]').attr('id').replace("thread_", "");
 
 						if (mythreadid == threadid && parentboard == board) {
 							$(data).find('div.post.reply').each(function() {
@@ -105,66 +108,70 @@ onready(function(){
 									$('[data-board="' + board + '"]#thread_' + threadid + " .post.reply:first").before($(this).hide().addClass('hidden'));
 								}
 							});
-						}
-						else if ($('[data-board="' + board + '"]#thread_'+mythreadid).length > 0) {
+						} else if ($('[data-board="' + board + '"]#thread_' + mythreadid).length > 0) {
 							$(data).find('div.post.reply').each(function() {
 								if ($('[data-board="' + board + '"] #' + $(this).attr('id')).length == 0) {
 									$('[data-board="' + board + '"]#thread_' + mythreadid + " .post.reply:first").before($(this).hide().addClass('hidden'));
 								}
 							});
-						}
-						else {
+						} else {
 							$(data).find('div[id^="thread_"]').hide().attr('data-cached', 'yes').prependTo('form[name="postcontrols"]');
 						}
 
-						$post = $('[data-board="' + board + '"] div.post#reply_' + id + ', [data-board="' + board + '"]div#thread_' + id);
+						post = $('[data-board="' + board + '"] div.post#reply_' + id + ', [data-board="' + board + '"]div#thread_' + id);
 
-						if(hovering && $post.length > 0) {
-							start_hover($link);
+						if (hovering && post.length > 0) {
+							startHover(link);
 						}
 					}
 				});
 			}
 		}, function() {
 			hovering = false;
-			if(!$post)
+			if (!post) {
 				return;
+			}
 
-			$post.removeClass('highlighted');
-			if($post.hasClass('hidden') || $post.data('cached') == 'yes')
-				$post.css('display', 'none');
+			post.removeClass('highlighted');
+			if (post.hasClass('hidden') || post.data('cached') == 'yes') {
+				post.css('display', 'none');
+			}
 			$('.post-hover').remove();
 		}).mousemove(function(e) {
-			if(!$post)
+			if (!post) {
 				return;
+			}
 
-			var $hover = $('#post-hover-' + id + '[data-board="' + board + '"]');
-			if($hover.length == 0)
+			let hover = $('#post-hover-' + id + '[data-board="' + board + '"]');
+			if (hover.length == 0) {
 				return;
+			}
 
-			var scrollTop = $(window).scrollTop();
-			if ($link.is("[data-thread]")) scrollTop = 0;
-			var epy = e.pageY;
-			if ($link.is("[data-thread]")) epy -= $(window).scrollTop();			
+			let scrollTop = $(window).scrollTop();
+			if (link.is("[data-thread]")) {
+				scrollTop = 0;
+			}
+			let epy = e.pageY;
+			if (link.is("[data-thread]")) {
+				epy -= $(window).scrollTop();
+			}
 
-			var top = (epy ? epy : hovered_at['y']) - 10;
+			let top = (epy ? epy : hoveredAt['y']) - 10;
 
 			if (epy < scrollTop + 15) {
 				top = scrollTop;
-			} else if(epy > scrollTop + $(window).height() - $hover.height() - 15) {
-				top = scrollTop + $(window).height() - $hover.height() - 15;
+			} else if (epy > scrollTop + $(window).height() - hover.height() - 15) {
+				top = scrollTop + $(window).height() - hover.height() - 15;
 			}
 
-			
-			$hover.css('left', (e.pageX ? e.pageX : hovered_at['x'])).css('top', top);
+			hover.css('left', (e.pageX ? e.pageX : hoveredAt['x'])).css('top', top);
 		});
 	};
 
-	$('div.body a:not([rel="nofollow"])').each(init_hover);
+	$('div.body a:not([rel="nofollow"])').each(initHover);
 
 	// allow to work with auto-reload.js, etc.
 	$(document).on('new_post', function(e, post) {
-		$(post).find('div.body a:not([rel="nofollow"])').each(init_hover);
+		$(post).find('div.body a:not([rel="nofollow"])').each(initHover);
 	});
 });
-

js/quote-selection.js

@@ -10,12 +10,12 @@
  * Usage:
  *   $config['additional_javascript'][] = 'js/jquery.min.js';
  *   $config['additional_javascript'][] = 'js/quote-selection.js';
- *
  */
 
 $(document).ready(function() {
-	if (!window.getSelection)
+	if (!window.getSelection) {
 		return;
+	}
 
 	$.fn.selectRange = function(start, end) {
 		return this.each(function() {
@@ -23,7 +23,7 @@ $(document).ready(function(){
 				this.focus();
 				this.setSelectionRange(start, end);
 			} else if (this.createTextRange) {
-				var range = this.createTextRange();
+				let range = this.createTextRange();
 				range.collapse(true);
 				range.moveEnd('character', end);
 				range.moveStart('character', start);
@@ -32,81 +32,74 @@ $(document).ready(function(){
 		});
 	};
 
-	var altKey = false;
-	var ctrlKey = false;
-	var metaKey = false;
+	let altKey = false;
+	let ctrlKey = false;
+	let metaKey = false;
 
 	$(document).keyup(function(e) {
-		if (e.keyCode == 18)
+		if (e.keyCode == 18) {
 			altKey = false;
-		else if (e.keyCode == 17)
+		} else if (e.keyCode == 17) {
 			ctrlKey = false;
-		else if (e.keyCode == 91)
+		} else if (e.keyCode == 91) {
 			metaKey = false;
+		}
 	});
 
 	$(document).keydown(function(e) {
-		if (e.altKey)
+		if (e.altKey) {
 			altKey = true;
-		else if (e.ctrlKey)
+		} else if (e.ctrlKey) {
 			ctrlKey = true;
-		else if (e.metaKey)
+		} else if (e.metaKey) {
 			metaKey = true;
+		}
 
 		if (altKey || ctrlKey || metaKey) {
-			// console.log('CTRL/ALT/Something used. Ignoring');
 			return;
 		}
 
-		if (e.keyCode < 48 || e.keyCode > 90)
-			return;
-		
-		var selection = window.getSelection();
-		var $post = $(selection.anchorNode).parents('.post');
-		if ($post.length == 0) {
-			// console.log('Start of selection was not post div', $(selection.anchorNode).parent());
+		if (e.keyCode < 48 || e.keyCode > 90) {
 			return;
 		}
 
-		var postID = $post.find('.post_no:eq(1)').text();
+		let selection = window.getSelection();
+		let post = $(selection.anchorNode).parents('.post');
+		if (post.length == 0) {
+			return;
+		}
+
+		let postID = post.find('.post_no:eq(1)').text();
 
 		if (postID != $(selection.focusNode).parents('.post').find('.post_no:eq(1)').text()) {
-			// console.log('Selection left post div', $(selection.focusNode).parent());
 			return;
 		}
 
-		;
-		var selectedText = selection.toString();
-		// console.log('Selected text: ' + selectedText.replace(/\n/g, '\\n').replace(/\r/g, '\\r'));
+		let selectedText = selection.toString();
 
-		if ($('body').hasClass('debug'))
+		if ($('body').hasClass('debug')) {
 			alert(selectedText);
+		}
 
-		if (selectedText.length == 0)
+		if (selectedText.length == 0) {
 			return;
+		}
 
-		var body = $('textarea#body')[0];
+		let body = $('textarea#body')[0];
 
-		var last_quote = body.value.match(/[\S.]*(^|[\S\s]*)>>(\d+)/);
-		if (last_quote)
+		let last_quote = body.value.match(/[\S.]*(^|[\S\s]*)>>(\d+)/);
+		if (last_quote) {
 			last_quote = last_quote[2];
+		}
 
 		/* to solve some bugs on weird browsers, we need to replace \r\n with \n and then undo that after */
-		var quote = (last_quote != postID ? '>>' + postID + '\r\n' : '') + $.trim(selectedText).replace(/\r\n/g, '\n').replace(/^/mg, '>').replace(/\n/g, '\r\n') + '\r\n';
+		let quote = (last_quote != postID ? '>>' + postID + '\r\n' : '') + $.trim(selectedText).replace(/\r\n/g, '\n').replace(/^/mg, '>').replace(/\n/g, '\r\n') + '\r\n';
 
-		// console.log('Deselecting text');
 		selection.removeAllRanges();
 
-		if (document.selection) {
-			// IE
-			body.focus();
-			var sel = document.selection.createRange();
-			sel.text = quote;
-			body.focus();
-		} else if (body.selectionStart || body.selectionStart == '0') {
-			// Mozilla
-			var start = body.selectionStart;
-			var end = body.selectionEnd;
+		if (body.selectionStart || body.selectionStart == '0') {
+			let start = body.selectionStart;
+			let end = body.selectionEnd;
 
 			if (!body.value.substring(0, start).match(/(^|\n)$/)) {
 				quote = '\r\n\r\n' + quote;
@@ -121,4 +114,3 @@ $(document).ready(function(){
 		}
 	});
 });
-

js/show-backlinks.js

@@ -13,38 +13,42 @@
  *
  */
 
-onready(function(){
-	var showBackLinks = function() {
-		var reply_id = $(this).attr('id').replace(/(^reply_)|(^op_)/, '');
+onReady(function() {
+	let showBackLinks = function() {
+		let reply_id = $(this).attr('id').replace(/(^reply_)|(^op_)/, '');
 
 		$(this).find('div.body a:not([rel="nofollow"])').each(function() {
-			var id, post, $mentioned;
+			let id, post, $mentioned;
 
-			if(id = $(this).text().match(/^>>(\d+)$/))
+			if (id = $(this).text().match(/^>>(\d+)$/)) {
 				id = id[1];
-			else
+			} else {
 				return;
+			}
 
 			$post = $('#reply_' + id);
 			if ($post.length == 0){
 				$post = $('#op_' + id);
-				if($post.length == 0)
+				if ($post.length == 0) {
 					return;
 				}
+			}
 
 			$mentioned = $post.find('p.intro span.mentioned');
-			if($mentioned.length == 0)
+			if($mentioned.length == 0) {
 				$mentioned = $('<span class="mentioned unimportant"></span>').appendTo($post.find('p.intro'));
+			}
 
-			if ($mentioned.find('a.mentioned-' + reply_id).length != 0)
+			if ($mentioned.find('a.mentioned-' + reply_id).length != 0) {
 				return;
+			}
 
-			var $link = $('<a class="mentioned-' + reply_id + '" onclick="highlightReply(\'' + reply_id + '\');" href="#' + reply_id + '">&gt;&gt;' +
+			let link = $('<a class="mentioned-' + reply_id + '" onclick="highlightReply(\'' + reply_id + '\');" href="#' + reply_id + '">&gt;&gt;' +
 				reply_id + '</a>');
-			$link.appendTo($mentioned)
+			link.appendTo($mentioned)
 
 			if (window.init_hover) {
-				$link.each(init_hover);
+				link.each(init_hover);
 			}
 		});
 	};
@@ -53,9 +57,10 @@ onready(function(){
 	$('div.post.op').each(showBackLinks);
 
 	$(document).on('new_post', function(e, post) {
-		showBackLinks.call(post);
 		if ($(post).hasClass("op")) {
 			$(post).find('div.post.reply').each(showBackLinks);
+		} else {
+			$(post).parent().find('div.post.reply').each(showBackLinks);
 		}
 	});
 });

js/smartphone-spoiler.js

@@ -12,11 +12,11 @@
  *
  */
 
-onready(function(){
+onReady(function() {
 	if (device_type == 'mobile') {
-		var fix_spoilers = function(where) {
-			var spoilers = where.getElementsByClassName('spoiler');
-			for(var i = 0; i < spoilers.length; i++) {
+		let fix_spoilers = function(where) {
+			let spoilers = where.getElementsByClassName('spoiler');
+			for (let i = 0; i < spoilers.length; i++) {
 				spoilers[i].onmousedown = function() {
 					this.style.color = 'white';
 				};
@@ -31,4 +31,3 @@ onready(function(){
 
 	}
 });
-

js/style-select.js

@@ -14,17 +14,18 @@
  *
  */
 
-onready(function(){
-	var stylesDiv = $('div.styles');
-	var stylesSelect = $('<select></select>');
+onReady(function() {
+	let stylesDiv = $('div.styles');
+	let stylesSelect = $('<select></select>');
 
-	var i = 1;
+	let i = 1;
 	stylesDiv.children().each(function() {
-		var opt = $('<option></option>')
+		let opt = $('<option></option>')
 			.html(this.innerHTML.replace(/(^\[|\]$)/g, ''))
 			.val(i);
-		if ($(this).hasClass('selected'))
+		if ($(this).hasClass('selected')) {
 			opt.attr('selected', true);
+		}
 		stylesSelect.append(opt);
 		$(this).attr('id', 'style-select-' + i);
 		i++;
@@ -42,4 +43,3 @@ onready(function(){
 			.append(stylesSelect)
 	);
 });
-

js/twemoji

@@ -0,0 +1 @@
+Subproject commit 25dc1757783115136a83af34c42c603ac8b470aa

js/youtube.js

@@ -22,11 +22,10 @@
 *
 */
 
-
-onready(function(){
-	var do_embed_yt = function(tag) {
+onReady(function() {
+	let do_embed_yt = function(tag) {
 		$('div.video-container a', tag).click(function() {
-			var videoID = $(this.parentNode).data('video');
+			let videoID = $(this.parentNode).data('video');
 
 			$(this.parentNode).html('<iframe style="float:left;margin: 10px 20px" type="text/html" ' +
 				'width="360" height="270" src="//www.youtube.com/embed/' + videoID +
@@ -42,4 +41,3 @@ onready(function(){
 		do_embed_yt(post);
 	});
 });
-

mod.php

@@ -1,21 +1,24 @@
 <?php
-
 /*
  *  Copyright (c) 2010-2014 Tinyboard Development Group
  */
 
 require_once 'inc/bootstrap.php';
 
-if ($config['debug'])
+if ($config['debug']) {
 	$parse_start_time = microtime(true);
+}
 
 require_once 'inc/mod/pages.php';
 
-check_login(true);
+
+$ctx = Vichan\build_context($config);
+
+check_login($ctx, true);
 
 $query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';
 
-$pages = array(
+$pages = [
 	''					=> ':?/',			// redirect to dashboard
 	'/'					=> 'dashboard',			// dashboard
 	'/confirm/(.+)'				=> 'confirm',			// confirm action (if javascript didn't work)
@@ -55,15 +58,15 @@ $pages = array(
 
 	'/rebuild'				=> 'secure_POST rebuild',	// rebuild static files
 	'/reports'				=> 'reports',			// report queue
-	'/reports/(\d+)/dismiss(all)?'		=> 'secure report_dismiss',	// dismiss a report
+	'/reports/(\d+)/dismiss(&all|&post)?'		=> 'secure report_dismiss',	// dismiss a report
 
 	'/IP/([\w.:]+)'				=> 'secure_POST ip',		// view ip address
 	'/IP/([\w.:]+)/remove_note/(\d+)'	=> 'secure ip_remove_note',	// remove note from ip address
-	'/IP/([\w.:-]+)/remove_telegram/(\d+)'	=> 'secure ip_remove_telegram',	// remove telegram from ip address
 
 	'/ban'					=> 'secure_POST ban',		// new ban
 	'/bans'					=> 'secure_POST bans',		// ban list
 	'/bans.json'				=> 'secure bans_json',		// ban list JSON
+	'/edit_ban/(\d+)'			=> 'secure_POST edit_ban',
 	'/ban-appeals'				=> 'secure_POST ban_appeals',	// view ban appeals
 
 	'/recent/(\d+)'				=> 'recent_posts',		// view recent posts
@@ -96,7 +99,6 @@ $pages = array(
 	// these pages aren't listed in the dashboard without $config['debug']
 	//'/debug/antispam'			=> 'debug_antispam',
 	//'/debug/recent'				=> 'debug_recent_posts',
-	//'/debug/apc'				=> 'debug_apc',
 	//'/debug/sql'				=> 'secure_POST debug_sql',
 
 	// This should always be at the end:
@@ -110,14 +112,14 @@ $pages = array(
 			str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!'))	=> 'view_thread',
 
 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .
-			str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page50_slug'], '!'))	=> 'view_thread50',
+			str_replace([ '%d','%s' ], [ '(\d+)', '[a-z0-9-]+' ], preg_quote($config['file_page50_slug'], '!'))	=> 'view_thread50',
 	'/(\%b)/' . preg_quote($config['dir']['res'], '!') .
-			str_replace(array('%d','%s'), array('(\d+)', '[a-z0-9-]+'), preg_quote($config['file_page_slug'], '!'))	=> 'view_thread',
-);
+			str_replace([ '%d','%s' ], [ '(\d+)', '[a-z0-9-]+' ], preg_quote($config['file_page_slug'], '!'))	=> 'view_thread',
+];
 
 
 if (!$mod) {
-	$pages = array('!^(.+)?$!' => 'login');
+	$pages = [ '!^(.+)?$!' => 'login' ];
 } elseif (isset($_GET['status'], $_GET['r'])) {
 	header('Location: ' . $_GET['r'], true, (int)$_GET['status']);
 	exit;
@@ -127,10 +129,11 @@ if (isset($config['mod']['custom_pages'])) {
 	$pages = array_merge($pages, $config['mod']['custom_pages']);
 }
 
-$new_pages = array();
+$new_pages = [];
 foreach ($pages as $key => $callback) {
-	if (is_string($callback) && preg_match('/^secure /', $callback))
+	if (is_string($callback) && preg_match('/^secure /', $callback)) {
 		$key .= '(/(?P<token>[a-f0-9]{8}))?';
+	}
 	$key = str_replace('\%b', '?P<board>' . sprintf(substr($config['board_path'], 0, -1), $config['board_regex']), $key);
 	$new_pages[(!empty($key) and $key[0] == '!') ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;
 }
@@ -138,7 +141,7 @@ $pages = $new_pages;
 
 foreach ($pages as $uri => $handler) {
 	if (preg_match($uri, $query, $matches)) {
-		$matches = array_slice($matches, 1);
+		$matches[0] = $ctx; // Replace the text captured by the full pattern with a reference to the context.
 
 		if (isset($matches['board'])) {
 			$board_match = $matches['board'];
@@ -158,7 +161,7 @@ foreach ($pages as $uri => $handler) {
 					if ($secure_post_only)
 						error($config['error']['csrf']);
 					else {
-						mod_confirm(substr($query, 1));
+						mod_confirm($ctx, substr($query, 1));
 						exit;
 					}
 				}
@@ -173,24 +176,20 @@ foreach ($pages as $uri => $handler) {
 		}
 
 		if ($config['debug']) {
-			$debug['mod_page'] = array(
+			$debug['mod_page'] = [
 				'req' => $query,
 				'match' => $uri,
 				'handler' => $handler,
-			);
+			];
 			$debug['time']['parse_mod_req'] = '~' . round((microtime(true) - $parse_start_time) * 1000, 2) . 'ms';
 		}
 
-		if (is_array($matches)) {
-			// we don't want to call named parameters (PHP 8)
+		// We don't want to call named parameters (PHP 8).
 		$matches = array_values($matches);
-		}
 
 		if (is_string($handler)) {
 			if ($handler[0] == ':') {
 				header('Location: ' . substr($handler, 1),  true, $config['redirect_http']);
-			} elseif (is_callable("mod_page_$handler")) {
-				call_user_func_array("mod_page_$handler", $matches);
 			} elseif (is_callable("mod_$handler")) {
 				call_user_func_array("mod_$handler", $matches);
 			} else {
@@ -207,4 +206,3 @@ foreach ($pages as $uri => $handler) {
 }
 
 error($config['error']['404']);
-

post.php

@@ -5,7 +5,209 @@
 
 require_once 'inc/bootstrap.php';
 
+use Vichan\{Context, WebDependencyFactory};
+use Vichan\Data\Driver\{LogDriver, HttpDriver};
+use Vichan\Service\{RemoteCaptchaQuery, NativeCaptchaQuery};
+use Vichan\Functions\Format;
+
+/**
+ * Utility functions
+ */
+
+/**
+ * Get the md5 hash of the file.
+ *
+ * @param array $config instance configuration.
+ * @param string $file file to the the md5 of.
+ * @return string|false
+ */
+function md5_hash_of_file($config, $path) {
+	$cmd = false;
+	if ($config['bsd_md5']) {
+		$cmd = '/sbin/md5 -r';
+	}
+	if ($config['gnu_md5']) {
+		$cmd = 'md5sum';
+	}
+
+	if ($cmd) {
+		$output = shell_exec_error($cmd . " " . escapeshellarg($path));
+		$output = explode(' ', $output);
+		return $output[0];
+	} else {
+		return md5_file($path);
+	}
+}
+
+/**
+ * Strip the symbols incompatible with the current database version.
+ *
+ * @param string @input The input string.
+ * @return string The value stripped of incompatible symbols.
+ */
+function strip_symbols($input) {
+	if (mysql_version() >= 50503) {
+		return $input; // Assume we're using the utf8mb4 charset
+	} else {
+		// MySQL's `utf8` charset only supports up to 3-byte symbols
+		// Remove anything >= 0x010000
+
+		$chars = preg_split('//u', $input, -1, PREG_SPLIT_NO_EMPTY);
+		$ret = '';
+		foreach ($chars as $char) {
+			$o = 0;
+			$ord = ordutf8($char, $o);
+			if ($ord >= 0x010000) {
+				continue;
+			}
+			$ret .= $char;
+		}
+		return $ret;
+	}
+}
+
+/**
+ * Download a remote file from the given url.
+ * The file is deleted at shutdown.
+ *
+ * @param HttpDriver $http The http client.
+ * @param string $file_url The url to download the file from.
+ * @param int $request_timeout Timeout to retrieve the file.
+ * @param array $extra_extensions Allowed file extensions.
+ * @param string $tmp_dir Temporary directory to save the file into.
+ * @param array $error_array An array with error codes, used to create exceptions on failure.
+ * @return array|false Returns an array describing the file on success, or false if the file was too large
+ * @throws InvalidArgumentException|RuntimeException Throws on invalid arguments and IO errors.
+ */
+function download_file_from_url(HttpDriver $http, $file_url, $request_timeout, $allowed_extensions, $tmp_dir, &$error_array) {
+	if (!preg_match('@^https?://@', $file_url)) {
+		throw new InvalidArgumentException($error_array['invalidimg']);
+	}
+
+	$param_idx = mb_strpos($file_url, '?');
+	if ($param_idx !== false) {
+		$url_without_params = mb_substr($file_url, 0, $param_idx);
+	} else {
+		$url_without_params = $file_url;
+	}
+
+	$extension = strtolower(mb_substr($url_without_params, mb_strrpos($url_without_params, '.') + 1));
+
+	if (!in_array($extension, $allowed_extensions)) {
+		throw new InvalidArgumentException($error_array['unknownext']);
+	}
+
+	$tmp_file = tempnam($tmp_dir, 'url');
+	function unlink_tmp_file($file) {
+		@unlink($file);
+		fatal_error_handler();
+	}
+	register_shutdown_function('unlink_tmp_file', $tmp_file);
+
+	$fd = fopen($tmp_file, 'w');
+
+	try {
+		$success = $http->requestGetInto($url_without_params, null, $fd, $request_timeout);
+		if (!$success) {
+			return false;
+		}
+	} finally {
+		fclose($fd);
+	}
+
+	return array(
+		'name' => basename($url_without_params),
+		'tmp_name' => $tmp_file,
+		'file_tmp' => true,
+		'error' => 0,
+		'size' => filesize($tmp_file)
+	);
+}
+
+/**
+ * Try extract text from the given image.
+ *
+ * @param array $config Instance configuration.
+ * @param string $img_path The file path to the image.
+ * @return string|false Returns a string with the extracted text on success (if any).
+ * @throws RuntimeException Throws if executing tesseract fails.
+ */
+function ocr_image(array $config, string $img_path): string {
+	// The default preprocess command is an ImageMagick b/w quantization.
+	$ret = shell_exec_error(
+		sprintf($config['tesseract_preprocess_command'], escapeshellarg($img_path))
+		 . ' | tesseract stdin stdout 2>/dev/null'
+		 . $config['tesseract_params']
+	);
+	if ($ret === false) {
+		throw new RuntimeException('Unable to run tesseract');
+	}
+
+	return trim($ret);
+}
+
+
+/**
+ * Trim an image's EXIF metadata
+ *
+ * @param string $img_path The file path to the image.
+ * @return int The size of the stripped file.
+ * @throws RuntimeException Throws on IO errors.
+ */
+function strip_image_metadata(string $img_path): int {
+	$err = shell_exec_error('exiftool -overwrite_original -ignoreMinorErrors -q -q -all= -Orientation ' . escapeshellarg($img_path));
+	if ($err === false) {
+		throw new RuntimeException('Could not strip EXIF metadata!');
+	}
+	clearstatcache(true, $img_path);
+	$ret = filesize($img_path);
+	if ($ret === false) {
+		throw new RuntimeException('Could not calculate file size!');
+	}
+	return $ret;
+}
+
+/**
+ * Delete posts in a cyclical thread.
+ *
+ * @param string $boardUri The URI of the board.
+ * @param int $threadId The ID of the thread.
+ * @param int $cycleLimit The number of most recent posts to retain.
+ */
+function delete_cyclical_posts(string $boardUri, int $threadId, int $cycleLimit): void
+{
+    $query = prepare(sprintf('
+        SELECT p.`id`
+        FROM ``posts_%s`` p
+        LEFT JOIN (
+            SELECT `id`
+            FROM ``posts_%s``
+            WHERE `thread` = :thread
+            ORDER BY `id` DESC
+            LIMIT :limit
+        ) recent_posts ON p.id = recent_posts.id
+        WHERE p.thread = :thread
+        AND recent_posts.id IS NULL',
+        $boardUri, $boardUri
+    ));
+
+    $query->bindValue(':thread', $threadId, PDO::PARAM_INT);
+    $query->bindValue(':limit', $cycleLimit, PDO::PARAM_INT);
+
+    $query->execute() or error(db_error($query));
+    $ids = $query->fetchAll(PDO::FETCH_COLUMN);
+
+    foreach ($ids as $id) {
+        deletePost($id, false);
+    }
+}
+
+/**
+ * Method handling functions
+ */
+
 $dropped_post = false;
+$context = Vichan\build_context($config);
 
 // Is it a post coming from NNTP? Let's extract it and pretend it's a normal post.
 if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
@@ -84,7 +286,7 @@ if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
 		$content = file_get_contents("php://input");
 	}
 	elseif ($ct == 'multipart/mixed' || $ct == 'multipart/form-data') {
-		_syslog(LOG_INFO, "MM: Files: ".print_r($GLOBALS, true)); // Debug
+		$context->get(LogDriver::class)->log(LogDriver::DEBUG, 'MM: Files: ' . print_r($GLOBALS, true));
 
 		$content = '';
 
@@ -151,7 +353,7 @@ if (isset($_GET['Newsgroups']) && $config['nntpchan']['enabled']) {
 					$ret[] = ">>".$v['id'];
 				}
 			}
-			return implode($ret, ", ");
+			return implode(", ", $ret);
 		}
 	}, $content);
 
@@ -180,10 +382,11 @@ if (isset($_POST['delete'])) {
 	if (!isset($_POST['board'], $_POST['password']))
 		error($config['error']['bot']);
 
-	$password = &$_POST['password'];
-	
-	if ($password == '')
+	if (empty($_POST['password'])){
 		error($config['error']['invalidpassword']);
+	}
+
+	$password = hashPassword($_POST['password']);
 
 	$delete = array();
 	foreach ($_POST as $post => $value) {
@@ -227,25 +430,33 @@ if (isset($_POST['delete'])) {
 				$thread = $thread_query->fetch(PDO::FETCH_ASSOC);
 			}
 
-			if ($password != '' && $post['password'] != $password && (!$thread || $thread['password'] != $password))
-				error($config['error']['invalidpassword']);
-			
-			if ($post['time'] > time() - $config['delete_time'] && (!$thread || $thread['password'] != $password)) {
-				error(sprintf($config['error']['delete_too_soon'], until($post['time'] + $config['delete_time'])));
+			if ($post['time'] < time() - $config['max_delete_time'] && $config['max_delete_time'] != false) {
+				error(sprintf($config['error']['delete_too_late'], Format\until($post['time'] + $config['max_delete_time'])));
 			}
 
+			if (!hash_equals($post['password'], $password) && (!$thread || !hash_equals($thread['password'], $password))) {
+				error($config['error']['invalidpassword']);
+			}
+
+
+			if ($post['time'] > time() - $config['delete_time'] && (!$thread || !hash_equals($thread['password'], $password))) {
+				error(sprintf($config['error']['delete_too_soon'], Format\until($post['time'] + $config['delete_time'])));
+			}
+
+			$ip = $_SERVER['REMOTE_ADDR'];
 			if (isset($_POST['file'])) {
 				// Delete just the file
 				deleteFile($id);
-				modLog("User deleted file from his own post #$id");
+				modLog("User at $ip deleted file from their own post #$id");
 			} else {
 				// Delete entire post
 				deletePost($id);
-				modLog("User deleted his own post #$id");
+				modLog("User at $ip deleted their own post #$id");
 			}
 
-			_syslog(LOG_INFO, 'Deleted post: ' .
-				'/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
+			$context->get(LogDriver::class)->log(
+				LogDriver::INFO,
+				'Deleted post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
 			);
 		}
 	}
@@ -266,7 +477,7 @@ if (isset($_POST['delete'])) {
 	if (function_exists('fastcgi_finish_request'))
 		@fastcgi_finish_request();
 
-	rebuildThemes('post-delete', $board['uri']);
+	Vichan\Functions\Theme\rebuild_themes('post-delete', $board['uri']);
 
 } elseif (isset($_POST['report'])) {
 	if (!isset($_POST['board'], $_POST['reason']))
@@ -298,45 +509,61 @@ if (isset($_POST['delete'])) {
 	if (count($report) > $config['report_limit'])
 		error($config['error']['toomanyreports']);
 
-	if ($config['report_captcha'] && !isset($_POST['captcha_text'], $_POST['captcha_cookie'])) {
+
+	if ($config['report_captcha']) {
+		if (!isset($_POST['captcha_text'], $_POST['captcha_cookie'])) {
 			error($config['error']['bot']);
 		}
 
-	if ($config['report_captcha']) {
-		$ch = curl_init($config['domain'].'/'.$config['captcha']['provider_check'] . "?" . http_build_query([
-			'mode' => 'check',
-			'text' => $_POST['captcha_text'],
-			'extra' => $config['captcha']['extra'],
-			'cookie' => $_POST['captcha_cookie']
-		]));
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-		$resp = curl_exec($ch);
+		try {
+			$query = new NativeCaptchaQuery(
+				$context->get(HttpDriver::class),
+				$config['domain'],
+				$config['captcha']['provider_check'],
+				$config['captcha']['extra']
+			);
+			$success = $query->verify(
+				$_POST['captcha_text'],
+				$_POST['captcha_cookie']
+			);
 
-		if ($resp !== '1') {
+			if (!$success) {
 				error($config['error']['captcha']);
 			}
+		} catch (RuntimeException $e) {
+			$context->get(LogDriver::class)->log(LogDriver::ERROR, "Native captcha IO exception: {$e->getMessage()}");
+			error($config['error']['local_io_error']);
+		}
 	}
 
 	$reason = escape_markup_modifiers($_POST['reason']);
 	markup($reason);
 
+	if (mb_strlen($reason) > $config['report_max_length']) {
+		error($config['error']['toolongreport']);
+	}
+
 	foreach ($report as &$id) {
 		$query = prepare(sprintf("SELECT `id`, `thread` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
 		$query->bindValue(':id', $id, PDO::PARAM_INT);
 		$query->execute() or error(db_error($query));
 
 		$post = $query->fetch(PDO::FETCH_ASSOC);
+		if ($post === false) {
+			$context->get(LogDriver::class)->log(LogDriver::INFO, "Failed to report non-existing post #{$id} in {$board['dir']}");
+			error($config['error']['nopost']);
+		}
 
 		$error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason, 'link' => link_for($post)));
-
 		if ($error) {
 			error($error);
 		}
 
-		if ($config['syslog'])
-			_syslog(LOG_INFO, 'Reported post: ' .
-				'/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '') .
-				' for "' . $reason . '"'
+		$context->get(LogDriver::class)->log(
+			LogDriver::INFO,
+			'Reported post: /'
+				 . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
+				 . " for \"$reason\""
 		);
 		$query = prepare("INSERT INTO ``reports`` VALUES (NULL, :time, :ip, :board, :post, :reason)");
 		$query->bindValue(':time', time(), PDO::PARAM_INT);
@@ -391,41 +618,68 @@ if (isset($_POST['delete'])) {
 
 
 	if (!$dropped_post) {
+		if ($config['simple_spam'] && $post['op']) {
+			if (!isset($_POST['simple_spam']) || strtolower($config['simple_spam']['answer']) != strtolower($_POST['simple_spam'])) {
+				error($config['error']['simple_spam']);
+			}
+		}
 
 		// Check if banned
 		checkBan($board['uri']);
 
-		// Check for CAPTCHA right after opening the board so the "return" link is in there
-		if ($config['recaptcha']) {
-			if (!isset($_POST['g-recaptcha-response']))
+		// Check for CAPTCHA right after opening the board so the "return" link is in there.
+		try {
+			$provider = $config['captcha']['provider'];
+			$new_thread_capt = $config['captcha']['native']['new_thread_capt'];
+			$dynamic = $config['captcha']['dynamic'];
+
+			// With our custom captcha provider
+			if (($provider === 'native' && !$new_thread_capt)
+				|| ($provider === 'native' && $new_thread_capt && $post['op'])) {
+				$query = $context->get(NativeCaptchaQuery::class);
+				$success = $query->verify($_POST['captcha_text'], $_POST['captcha_cookie']);
+
+				if (!$success) {
+					error(
+						"{$config['error']['captcha']}
+						<script>
+							if (actually_load_captcha !== undefined)
+								actually_load_captcha(
+									\"{$config['captcha']['provider_get']}\",
+									\"{$config['captcha']['extra']}\"
+								);
+						</script>"
+					);
+				}
+			}
+			// Remote 3rd party captchas.
+			elseif ($provider && (!$dynamic || $dynamic === $_SERVER['REMOTE_ADDR'])) {
+				$query = $content->get(RemoteCaptchaQuery::class);
+				$field = $query->responseField();
+
+				if (!isset($_POST[$field])) {
 					error($config['error']['bot']);
+				}
+				$response = $_POST[$field];
+				/*
+				 * Do not query with the IP if the mode is dynamic. This config is meant for proxies and internal
+				 * loopback addresses.
+				 */
+				$ip = $dynamic ? null : $_SERVER['REMOTE_ADDR'];
 
-			// Check what reCAPTCHA has to say...
-			$resp = json_decode(file_get_contents(sprintf('https://www.recaptcha.net/recaptcha/api/siteverify?secret=%s&response=%s&remoteip=%s',
-				$config['recaptcha_private'],
-				urlencode($_POST['g-recaptcha-response']),
-				$_SERVER['REMOTE_ADDR'])), true);
-
-			if (!$resp['success']) {
+				$success = $query->verify($response, $ip);
+				if (!$success) {
 					error($config['error']['captcha']);
 				}
 			}
-		// Same, but now with our custom captcha provider
- 		if (($config['captcha']['enabled']) || (($post['op']) && ($config['new_thread_capt'])) ) {
-		$ch = curl_init($config['domain'].'/'.$config['captcha']['provider_check'] . "?" . http_build_query([
-			'mode' => 'check',
-			'text' => $_POST['captcha_text'],
-			'extra' => $config['captcha']['extra'],
-			'cookie' => $_POST['captcha_cookie']
-		]));
-		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-		$resp = curl_exec($ch);
+		} catch (RuntimeException $e) {
+			$context->get(LogDriver::class)->log(LogDriver::ERROR, "Captcha IO exception: {$e->getMessage()}");
+			error($config['error']['remote_io_error']);
+		} catch (JsonException $e) {
+			$context->get(LogDriver::class)->log(LogDriver::ERROR, "Bad JSON reply to captcha: {$e->getMessage()}");
+			error($config['error']['remote_io_error']);
+		}
 
-		if ($resp !== '1') {
-                        error($config['error']['captcha'] .
-			'<script>if (actually_load_captcha !== undefined) actually_load_captcha("'.$config['captcha']['provider_get'].'", "'.$config['captcha']['extra'].'");</script>');
-		}
-	}
 
 		if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) ||
 			(!$post['op'] && $_POST['post'] == $config['button_reply'])))
@@ -440,7 +694,7 @@ if (isset($_POST['delete'])) {
 
 
 		if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) {
-			check_login(false);
+			check_login($context, false);
 			if (!$mod) {
 				// Liar. You're not a mod.
 				error($config['error']['notamod']);
@@ -458,12 +712,6 @@ if (isset($_POST['delete'])) {
 				error($config['error']['noaccess']);
 		}
 
-		if (!$post['mod']) {
-			$post['antispam_hash'] = checkSpam(array($board['uri'], isset($post['thread']) ? $post['thread'] : ($config['try_smarter'] && isset($_POST['page']) ? 0 - (int)$_POST['page'] : null)));
-			if ($post['antispam_hash'] === true)
-				error($config['error']['spam']);
-		}
-	
 		if ($config['robot_enable'] && $config['robot_mute']) {
 			checkMute();
 		}
@@ -521,65 +769,39 @@ if (isset($_POST['delete'])) {
 	}
 
 	if ($config['allow_upload_by_url'] && isset($_POST['file_url']) && !empty($_POST['file_url'])) {
-		$post['file_url'] = $_POST['file_url'];
-		if (!preg_match('@^https?://@', $post['file_url']))
-			error($config['error']['invalidimg']);
-		
-		if (mb_strpos($post['file_url'], '?') !== false)
-			$url_without_params = mb_substr($post['file_url'], 0, mb_strpos($post['file_url'], '?'));
-		else
-			$url_without_params = $post['file_url'];
-
-		$post['extension'] = strtolower(mb_substr($url_without_params, mb_strrpos($url_without_params, '.') + 1));
+		$allowed_extensions = $config['allowed_ext_files'];
 
+		// Add allowed extensions for OP, if enabled.
 		if ($post['op'] && $config['allowed_ext_op']) {
-			if (!in_array($post['extension'], $config['allowed_ext_op']))
-				error($config['error']['unknownext']);
+			array_merge($allowed_extensions, $config['allowed_ext_op']);
 		}
-		else if (!in_array($post['extension'], $config['allowed_ext']) && !in_array($post['extension'], $config['allowed_ext_files']))
-			error($config['error']['unknownext']);
 
-		$post['file_tmp'] = tempnam($config['tmp'], 'url');
-		function unlink_tmp_file($file) {
-			@unlink($file);
-			fatal_error_handler();
-		}
-		register_shutdown_function('unlink_tmp_file', $post['file_tmp']);
-		
-		$fp = fopen($post['file_tmp'], 'w');
-		
-		$curl = curl_init();
-		curl_setopt($curl, CURLOPT_URL, $post['file_url']);
-		curl_setopt($curl, CURLOPT_FAILONERROR, true);
-		curl_setopt($curl, CURLOPT_FOLLOWLOCATION, false);
-		curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 5);
-		curl_setopt($curl, CURLOPT_TIMEOUT, $config['upload_by_url_timeout']);
-		curl_setopt($curl, CURLOPT_USERAGENT, 'Tinyboard');
-		curl_setopt($curl, CURLOPT_BINARYTRANSFER, true);
-		curl_setopt($curl, CURLOPT_FILE, $fp);
-		curl_setopt($curl, CURLOPT_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS);
-		
-		if (curl_exec($curl) === false)
-			error($config['error']['nomove'] . '<br/>Curl says: ' . curl_error($curl));
-		
-		curl_close($curl);
-		
-		fclose($fp);
-
-		$_FILES['file'] = array(
-			'name' => basename($url_without_params),
-			'tmp_name' => $post['file_tmp'],
-			'file_tmp' => true,
-			'error' => 0,
-			'size' => filesize($post['file_tmp'])
+		try {
+			$ret = download_file_from_url(
+				$context->get(HttpDriver::class),
+				$_POST['file_url'],
+				$config['upload_by_url_timeout'],
+				$allowed_extensions,
+				$config['tmp'],
+				$config['error']
 			);
+			if ($ret === false) {
+				error(sprintf3($config['error']['filesize'], array(
+					'filesz' => 'more than that',
+					'maxsz' => number_format($config['max_filesize'])
+				)));
+			}
+			$_FILES['file'] = $ret;
+		} catch (Exception $e) {
+			error($e->getMessage());
+		}
 	}
 
 	$post['name'] = $_POST['name'] != '' ? $_POST['name'] : $config['anonymous'];
 	$post['subject'] = $_POST['subject'];
 	$post['email'] = str_replace(' ', '%20', htmlspecialchars($_POST['email']));
 	$post['body'] = $_POST['body'];
-	$post['password'] = $_POST['password'];
+	$post['password'] = hashPassword($_POST['password']);
 	$post['has_file'] = (!isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || count($_FILES) > 0));
 
 	if (!$dropped_post) {
@@ -659,7 +881,12 @@ if (isset($_POST['delete'])) {
 
 	$trip = generate_tripcode($post['name']);
 	$post['name'] = $trip[0];
+	if ($config['disable_tripcodes'] && !$mod) {
+		$post['trip'] = '';
+	}
+	else {
 		$post['trip'] = isset($trip[1]) ? $trip[1] : ''; // XX: Dropped posts and tripcodes
+	}
 
 	$noko = false;
 	if (strtolower($post['email']) == 'noko') {
@@ -730,8 +957,8 @@ if (isset($_POST['delete'])) {
 			error(sprintf($config['error']['toolong'], 'subject'));
 		if (!$mod && mb_strlen($post['body']) > $config['max_body'])
 			error($config['error']['toolong_body']);
-		if (mb_strlen($post['password']) > 20)
-			error(sprintf($config['error']['toolong'], 'password'));
+		if (!$mod && substr_count($post['body'], "\n") >= $config['maximum_lines'])
+			error($config['error']['toomanylines']);
 	}
 	wordfilters($post['body']);
 
@@ -764,13 +991,12 @@ if (isset($_POST['delete'])) {
 		}
 	}
 
-	if ($config['user_flag'] && isset($_POST['user_flag']))
-	if (!empty($_POST['user_flag']) ){
-		
+	if ($config['user_flag'] && isset($_POST['user_flag']) && !empty($_POST['user_flag'])) {
 		$user_flag = $_POST['user_flag'];
 
-		if (!isset($config['user_flags'][$user_flag]))
+		if (!isset($config['user_flags'][$user_flag])) {
 			error(_('Invalid flag selection!'));
+		}
 
 		$flag_alt = isset($user_flag_alt) ? $user_flag_alt : $config['user_flags'][$user_flag];
 
@@ -788,32 +1014,12 @@ if (isset($_POST['delete'])) {
 		$post['body'] .= "\n<tinyboard proxy>".$proxy."</tinyboard>";
 	}
 
-	if (mysql_version() >= 50503) {
-		$post['body_nomarkup'] = $post['body']; // Assume we're using the utf8mb4 charset
-	} else {
-		// MySQL's `utf8` charset only supports up to 3-byte symbols
-		// Remove anything >= 0x010000
-		
-		$chars = preg_split('//u', $post['body'], -1, PREG_SPLIT_NO_EMPTY);
-		$post['body_nomarkup'] = '';
-		foreach ($chars as $char) {
-			$o = 0;
-			$ord = ordutf8($char, $o);
-			if ($ord >= 0x010000)
-				continue;
-			$post['body_nomarkup'] .= $char;
-		}
-	}
+	$post['body_nomarkup'] = strip_symbols($post['body']);
 
 	$post['tracked_cites'] = markup($post['body'], true);
 
 
-	
 	if ($post['has_file']) {
-		$md5cmd = false;
-		if ($config['bsd_md5'])  $md5cmd = '/sbin/md5 -r';
-		if ($config['gnu_md5'])  $md5cmd = 'md5sum';
-
 		$allhashes = '';
 
 		foreach ($post['files'] as $key => &$file) {
@@ -834,14 +1040,7 @@ if (isset($_POST['delete'])) {
 			if (!is_readable($upload))
 				error($config['error']['nomove']);
 
-			if ($md5cmd) {
-				$output = shell_exec_error($md5cmd . " " . escapeshellarg($upload));
-				$output = explode(' ', $output);
-				$hash = $output[0];
-			}
-			else {
-				$hash = md5_file($upload);
-			}
+			$hash = md5_hash_of_file($config, $upload);
 
 			$file['hash'] = $hash;
 			$allhashes .= $hash;
@@ -866,7 +1065,7 @@ if (isset($_POST['delete'])) {
 		if ($file['is_an_image']) {
 			if ($config['ie_mime_type_detection'] !== false) {
 				// Check IE MIME type detection XSS exploit
-				$buffer = file_get_contents($upload, null, null, null, 255);
+				$buffer = file_get_contents($upload, false, null, 0, 255);
 				if (preg_match($config['ie_mime_type_detection'], $buffer)) {
 					undoImage($post);
 					error($config['error']['mime_exploit']);
@@ -879,43 +1078,26 @@ if (isset($_POST['delete'])) {
 			if (!$size = @getimagesize($file['tmp_name'])) {
 				error($config['error']['invalidimg']);
 			}
-			if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
+			if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP, IMAGETYPE_WEBP))) {
 				error($config['error']['invalidimg']);
 			}
 			if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
 				error($config['error']['maxsize']);
 			}
 
+			$file['exif_stripped'] = false;
 
-			if ($config['convert_auto_orient'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) {
+			if ($file_image_has_operable_metadata && $config['convert_auto_orient']) {
 				// The following code corrects the image orientation.
 				// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered.
-				if (!($config['redraw_image'] || (($config['strip_exif'] && !$config['use_exiftool']) && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')))) {
+				if (!($config['redraw_image'] || (($config['strip_exif'] && !$config['use_exiftool'])))) {
 					if (in_array($config['thumb_method'], array('convert', 'convert+gifsicle', 'gm', 'gm+gifsicle'))) {
 						$exif = @exif_read_data($file['tmp_name']);
 						$gm = in_array($config['thumb_method'], array('gm', 'gm+gifsicle'));
 						if (isset($exif['Orientation']) && $exif['Orientation'] != 1) {
-							if ($config['convert_manual_orient']) {
-								$error = shell_exec_error(($gm ? 'gm ' : '') . 'convert ' .
-									escapeshellarg($file['tmp_name']) . ' ' .
-									ImageConvert::jpeg_exif_orientation(false, $exif) . ' ' .
-									($config['strip_exif'] ? '+profile "*"' :
-										($config['use_exiftool'] ? '' : '+profile "*"')
-									) . ' ' .
-									escapeshellarg($file['tmp_name']));
-								if ($config['use_exiftool'] && !$config['strip_exif']) {
-									if ($exiftool_error = shell_exec_error(
-										'exiftool -overwrite_original -q -q -orientation=1 -n ' .
-											escapeshellarg($file['tmp_name'])))
-										error(_('exiftool failed!'), null, $exiftool_error);
-								} else {
-									// TODO: Find another way to remove the Orientation tag from the EXIF profile
-									// without needing `exiftool`.
-								}
-							} else {
 							$error = shell_exec_error(($gm ? 'gm ' : '') . 'convert ' .
 									escapeshellarg($file['tmp_name']) . ' -auto-orient ' . escapeshellarg($upload));
-							}
+
 							if ($error)
 								error(_('Could not auto-orient image!'), null, $error);
 							$size = @getimagesize($file['tmp_name']);
@@ -969,11 +1151,15 @@ if (isset($_POST['delete'])) {
 
 			$dont_copy_file = false;
 
-			if ($config['redraw_image'] || (!@$file['exif_stripped'] && $config['strip_exif'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg'))) {
+			if ($config['redraw_image'] || ($file_image_has_operable_metadata && !$file['exif_stripped'] && $config['strip_exif'])) {
 				if (!$config['redraw_image'] && $config['use_exiftool']) {
-					if($error = shell_exec_error('exiftool -overwrite_original -ignoreMinorErrors -q -q -all= ' .
-						escapeshellarg($file['tmp_name'])))
+					try {
+						$file['size'] = strip_image_metadata($file['tmp_name']);
+					} catch (RuntimeException $e) {
+						$context->get(LogDriver::class)->log(LogDriver::ERROR, "Could not strip image metadata: {$e->getMessage()}");
+						// Since EXIF metadata can countain sensible info, fail the request.
 						error(_('Could not strip EXIF metadata!'), null, $error);
+					}
 				} else {
 					$image->to($file['file']);
 					$dont_copy_file = true;
@@ -982,7 +1168,6 @@ if (isset($_POST['delete'])) {
 			$image->destroy();
 		} else {
 			// not an image
-			//copy($config['file_thumb'], $post['thumb']);
 			$file['thumb'] = 'file';
 
 			$size = @getimagesize(sprintf($config['file_thumb'],
@@ -1000,23 +1185,16 @@ if (isset($_POST['delete'])) {
 				$fname = $file['thumb'];
 			}
 
-			if ($fname == 'spoiler') { // We don't have that much CPU time, do we?
-			}
-			else {
-				$tmpname = "tmp/tesseract/".rand(0,10000000);
-
-				// Preprocess command is an ImageMagick b/w quantization
-				$error = shell_exec_error(sprintf($config['tesseract_preprocess_command'], escapeshellarg($fname)) . " | " .
-                                                          'tesseract stdin '.escapeshellarg($tmpname).' '.$config['tesseract_params']);
-				$tmpname .= ".txt";
-
-				$value = @file_get_contents($tmpname);
-				@unlink($tmpname);
-
-				if ($value && trim($value)) {
+			if ($fname !== 'spoiler') { // We don't have that much CPU time, do we?
+				try {
+					$txt = ocr_image($config, $fname);
+					if ($txt !== '') {
 						// This one has an effect, that the body is appended to a post body. So you can write a correct
 						// spamfilter.
-					$post['body_nomarkup'] .= "<tinyboard ocr image $key>".htmlspecialchars($value)."</tinyboard>";
+						$post['body_nomarkup'] .= "<tinyboard ocr image $key>" . htmlspecialchars($txt) . "</tinyboard>";
+					}
+				} catch (RuntimeException $e) {
+					$context->get(LogDriver::class)->log(LogDriver::ERROR, "Could not OCR image: {$e->getMessage()}");
 				}
 			}
 		}
@@ -1097,8 +1275,6 @@ if (isset($_POST['delete'])) {
 	}
 	$post = (array)$post;
 
-	if ($post['files'])
-		$post['files'] = $post['files'];
 	$post['num_files'] = sizeof($post['files']);
 
 	$post['id'] = $id = post($post);
@@ -1144,11 +1320,7 @@ if (isset($_POST['delete'])) {
 
 	// Handle cyclical threads
 	if (!$post['op'] && isset($thread['cycle']) && $thread['cycle']) {
-		// Query is a bit weird due to "This version of MariaDB doesn't yet support 'LIMIT & IN/ALL/ANY/SOME subquery'" (MariaDB Ver 15.1 Distrib 10.0.17-MariaDB, for Linux (x86_64))
-		$query = prepare(sprintf('DELETE FROM ``posts_%s`` WHERE `thread` = :thread AND `id` NOT IN (SELECT `id` FROM (SELECT `id` FROM ``posts_%s`` WHERE `thread` = :thread ORDER BY `id` DESC LIMIT :limit) i)', $board['uri'], $board['uri']));
-		$query->bindValue(':thread', $post['thread']);
-		$query->bindValue(':limit', $config['cycle_limit'], PDO::PARAM_INT);
-		$query->execute() or error(db_error($query));
+		delete_cyclical_posts($board['uri'], $post['thread'], $config['cycle_limit']);
 	}
 
 	if (isset($post['antispam_hash'])) {
@@ -1171,14 +1343,22 @@ if (isset($_POST['delete'])) {
 
 	if (isset($_SERVER['HTTP_REFERER'])) {
 		// Tell Javascript that we posted successfully
-		if (isset($_COOKIE[$config['cookies']['js']]))
+		if (isset($_COOKIE[$config['cookies']['js']])) {
 			$js = json_decode($_COOKIE[$config['cookies']['js']]);
-		else
+		} else {
 			$js = (object)array();
+		}
 		// Tell it to delete the cached post for referer
 		$js->{$_SERVER['HTTP_REFERER']} = true;
-		// Encode and set cookie
-		setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, false);
+
+		// Encode and set cookie.
+		$options = [
+			'expires' => 0,
+			'path' => $config['cookies']['jail'] ? $config['cookies']['path'] : '/',
+			'httponly' => false,
+			'samesite' => 'Strict'
+		];
+		setcookie($config['cookies']['js'], json_encode($js), $options);
 	}
 
 	$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
@@ -1208,20 +1388,13 @@ if (isset($_POST['delete'])) {
 
 	buildThread($post['op'] ? $id : $post['thread']);
 
-	if ($config['syslog'])
-		_syslog(LOG_INFO, 'New post: /' . $board['dir'] . $config['dir']['res'] .
-			link_for($post) . (!$post['op'] ? '#' . $id : ''));
+	$context->get(LogDriver::class)->log(
+		LogDriver::INFO,
+		'New post: /' . $board['dir'] . $config['dir']['res'] . link_for($post) . (!$post['op'] ? '#' . $id : '')
+	);
 
 	if (!$post['mod']) header('X-Associated-Content: "' . $redirect . '"');
 
-	// Any telegrams to show?
-	$query = prepare('SELECT * FROM ``telegrams`` WHERE ``ip`` = :ip AND ``seen`` = 0');
-	$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
-	$query->execute() or error(db_error($query));
-	$telegrams = $query->fetchAll(PDO::FETCH_ASSOC);
-
-	if (count($telegrams) > 0)
-		goto skip_redirect;
 
 	if (!isset($_POST['json_response'])) {
 		header('Location: ' . $redirect, true, $config['redirect_http']);
@@ -1233,8 +1406,6 @@ if (isset($_POST['delete'])) {
 			'id' => $id
 		));
 	}
-	skip_redirect:
-
 
 	if ($config['try_smarter'] && $post['op'])
 		$build_pages = range(1, $config['max_pages']);
@@ -1246,28 +1417,14 @@ if (isset($_POST['delete'])) {
 
 	buildIndex();
 
-	if (count($telegrams) > 0) {
-		$ids = implode(', ', array_map(function($x) { return (int)$x['id']; }, $telegrams));
-		query("UPDATE ``telegrams`` SET ``seen`` = 1 WHERE ``id`` IN({$ids})") or error(db_error());
-		die(Element('page.html', array(
-			'title' => _('Important message from Moderation'),
-			'config' => $config,
-			'body' => Element('important.html', array(
-				'config' => $config,
-				'redirect' => $redirect,
-				'telegrams' => $telegrams,
-			))
-		)));
-	}
-
 	// We are already done, let's continue our heavy-lifting work in the background (if we run off FastCGI)
 	if (function_exists('fastcgi_finish_request'))
 		@fastcgi_finish_request();
 
 	if ($post['op'])
-		rebuildThemes('post-thread', $board['uri']);
+		Vichan\Functions\Theme\rebuild_themes('post-thread', $board['uri']);
 	else
-		rebuildThemes('post', $board['uri']);
+		Vichan\Functions\Theme\rebuild_themes('post', $board['uri']);
 
 } elseif (isset($_POST['appeal'])) {
 	if (!isset($_POST['ban_id']))
@@ -1275,32 +1432,31 @@ if (isset($_POST['delete'])) {
 
 	$ban_id = (int)$_POST['ban_id'];
 
-	$bans = Bans::find($_SERVER['REMOTE_ADDR']);
-	foreach ($bans as $_ban) {
-		if ($_ban['id'] == $ban_id) {
-			$ban = $_ban;
-			break;
-		}
-	}
+	$ban = Bans::findSingle($_SERVER['REMOTE_ADDR'], $ban_id, $config['require_ban_view'], $config['auto_maintenance']);
 
-	if (!isset($ban)) {
-		error(_("That ban doesn't exist or is not for you."));
+	if (empty($ban)) {
+		error($config['error']['noban']);
 	}
 
 	if ($ban['expires'] && $ban['expires'] - $ban['created'] <= $config['ban_appeals_min_length']) {
-		error(_("You cannot appeal a ban of this length."));
+		error($config['error']['tooshortban']);
 	}
 
 	$query = query("SELECT `denied` FROM ``ban_appeals`` WHERE `ban_id` = $ban_id") or error(db_error());
 	$ban_appeals = $query->fetchAll(PDO::FETCH_COLUMN);
 
 	if (count($ban_appeals) >= $config['ban_appeals_max']) {
-		error(_("You cannot appeal this ban again."));
+		error($config['error']['toomanyappeals']);
 	}
 
 	foreach ($ban_appeals as $is_denied) {
-		if (!$is_denied)
-			error(_("There is already a pending appeal for this ban."));
+		if (!$is_denied) {
+			error($config['error']['pendingappeal']);
+		}
+	}
+
+	if (strlen($_POST['appeal']) > $config['ban_appeal_max_chars']) {
+		error($config['error']['toolongappeal']);
 	}
 
 	$query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)");

search.php

@@ -9,15 +9,22 @@
 	$queries_per_minutes_all = $config['search']['queries_per_minutes_all'];
 	$search_limit = $config['search']['search_limit'];
 	
+	//Is there a whitelist? Let's list those boards and if not, let's list everything.
 	if (isset($config['search']['boards'])) {
 		$boards = $config['search']['boards'];
 	} else {
 		$boards = listBoards(TRUE);
 	}
 
+	//Let's remove any disallowed boards from the above list (the blacklist)
+	if (isset($config['search']['disallowed_boards'])) {
+		$boards = array_values(array_diff($boards, $config['search']['disallowed_boards']));
+	}
+	
 	$body = Element('search_form.html', Array('boards' => $boards, 'board' => isset($_GET['board']) ? $_GET['board'] : false, 'search' => isset($_GET['search']) ? str_replace('"', '"', utf8tohtml($_GET['search'])) : false));
 	
 	if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) {		
+		
 		$phrase = $_GET['search'];
 		$_body = '';