Merge branch 'config' into display-appeal-src-ip

.dockerignore

@@ -0,0 +1,4 @@
+**/.git
+**/.gitignore
+/local-www
+**/.gitkeep

.gitignore

@@ -55,6 +55,7 @@ php_errors.log
 #vichan custom
 favicon.ico
 /static/spoiler.png
+local-www
 
 piwik/
 jwplayer/
@@ -70,8 +71,7 @@ tf/
 /random/
 
 # Banners
-banners/*
-!banners/lain-bottom.png
+static/banners/*
 
 #Fonts
 stylesheets/fonts

Dockerfile

@@ -0,0 +1,29 @@
+FROM php:8.1.8-fpm
+
+COPY . /code
+
+RUN docker-php-ext-install pdo pdo_mysql
+RUN apt-get update -y && apt-get install -y libpng-dev libjpeg-dev libonig-dev
+RUN docker-php-ext-install mbstring
+RUN apt-get update -y && apt-get install -y libmcrypt-dev
+# RUN docker-php-ext-install -j$(nproc) mcrypt
+RUN docker-php-ext-install iconv
+RUN apt-get update -y && apt-get install -y imagemagick
+RUN apt-get update -y && apt-get install -y graphicsmagick
+RUN apt-get update -y && apt-get install -y gifsicle
+# RUN docker-php-ext-configure gd
+#         --with-jpeg=/usr/include
+#         --with-png-dir=/usr \
+RUN docker-php-ext-install gd
+RUN apt-get update -y \
+  && apt-get install -y libmemcached11 libmemcachedutil2 build-essential libmemcached-dev libz-dev git \
+  && pecl install memcached \
+  && echo extension=memcached.so >> /usr/local/etc/php/conf.d/memcached.ini \
+  && apt-get remove -y build-essential libmemcached-dev libz-dev \
+  && apt-get autoremove -y \
+  && apt-get clean \
+  && rm -rf /tmp/pear \
+  && curl -sS https://getcomposer.org/installer -o composer-setup.php \
+  && php composer-setup.php --install-dir=/usr/local/bin --filename=composer \
+  && docker-php-ext-install bcmath \
+  && cd /code && composer install

banners.php

@@ -1,16 +1,8 @@
 <?php
-function getBannerSrc(){
-	$files = scandir(__dir__.'/banners/');
-	$files = array_diff($files, array('.', '..'));
-	return $files[array_rand($files)];
-}
 
-$filename = getBannerSrc();
-$filename = "banners/" . $filename;
-$fp = fopen($filename, 'rb');
+$files = scandir(__dir__ . '/static/banners/', SCANDIR_SORT_NONE);
+$files = array_diff($files, ['.', '..']);
 
-header("Content-Type: image/png");
-header("Content-Length: " . filesize($filename)); 
-
-fpassthru($fp);
-?>
+$filename = $files[array_rand($files)];
+header("Location: /static/banners/$filename", true, 307);
+header('Cache-Control: no-cache');

docker-compose.yml

@@ -5,17 +5,17 @@ services:
         context: .
         dockerfile: ./docker/nginx/Dockerfile
       ports:
-        - "8080:80"
+        - "9091:80"
       depends_on:
-        - db
+        - leftypol-db
       volumes:
-          - ./:/code
+          - ./local-www:/var/www/html
           - ./docker/nginx/leftypol.conf:/etc/nginx/conf.d/default.conf
           - ./docker/nginx/nginx.conf:/etc/nginx/nginx.conf
           - ./docker/nginx/proxy.conf:/etc/nginx/conf.d/proxy.conf
       networks:
-        leftchan_net:
-          ipv4_address: 172.20.0.3
+        d_leftypol_org:
+          ipv4_address: 172.21.0.3
       links:
           - php
   php:
@@ -23,30 +23,31 @@ services:
         context: .
         dockerfile: ./docker/php/Dockerfile
       volumes:
-          - ./:/code
+          - ./local-www:/var/www
           - ./docker/php/www.conf:/usr/local/etc/php-fpm.d/www.conf
       networks:
-        leftchan_net:
-          ipv4_address: 172.20.0.4
+        d_leftypol_org:
+          ipv4_address: 172.21.0.4
   #MySQL Service
-  db:
+  leftypol-db:
     image: mysql:8.0.35
-    container_name: db
+    container_name: leftypol-db
     restart: unless-stopped
     tty: true
     ports:
       - "3306:3306"
     environment:
-      MYSQL_DATABASE: lainchan
-      MYSQL_ROOT_PASSWORD: M9q5lO0RxJVh
+      MYSQL_DATABASE: vichan
+      MYSQL_ROOT_PASSWORD: password
+    command: "--default-authentication-plugin=mysql_native_password"
     networks:
-        leftchan_net:
-            ipv4_address: 172.20.0.2
+        d_leftypol_org:
+            ipv4_address: 172.21.0.2
 
 #Docker Networks
 networks:
-    leftchan_net:
+    d_leftypol_org:
         ipam:
             driver: default
             config:
-                - subnet: 172.20.0.0/16
+                - subnet: 172.21.0.0/16

docker/common-setup.sh

@@ -1,27 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol
-ln -s \
-   /code/banners/ \
-   /code/static/ \
-   /code/stylesheets/ \
-   /code/tools/ \
-   /code/walls/ \
-   /code/*.php \
-   /code/404.html \
-   /code/LICENSE.* \
-   /code/robots.txt \
-   /code/install.sql \
-   /var/www-leftypol/
-
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/js
-ln -s /code/js/* /var/www-leftypol/js/
-
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/templates/cache
-ln -s /code/templates/* /var/www-leftypol/templates/
-
-install -m 775 -o leftypol -g leftypol -d /var/www-leftypol/inc
-ln -s /code/inc/* /var/www-leftypol/inc/

docker/doc.md

@@ -0,0 +1,4 @@
+The `php-fpm` process runs containerized.
+The php application always uses `/var/www` as it's work directory and home folder, and if `/var/www` is bind mounted it
+is necessary to adjust the path passed via FastCGI to `php-fpm` by changing the root directory to `/var/www`.
+This can achieved in nginx by setting the `fastcgi_param SCRIPT_FILENAME` to `/var/www/$fastcgi_script_name;`

docker/nginx/Dockerfile

@@ -1,11 +1,8 @@
 FROM nginx:1.25.3-alpine
 
 COPY . /code
-RUN addgroup --system leftypol \
-   && adduser --system leftypol \
-   && adduser leftypol leftypol \
-   && /code/docker/common-setup.sh
+RUN adduser --system www-data \
+  && adduser www-data www-data
 
-
-CMD ["nginx", "-g", "daemon off;"]
-EXPOSE 80 443
+CMD [ "nginx", "-g", "daemon off;" ]
+EXPOSE 80

docker/nginx/leftypol.conf

@@ -6,7 +6,7 @@ server {
 	listen 80 default_server;
 	listen [::]:80 default_server ipv6only=on;
 	server_name leftypol;
-	root /var/www-leftypol;
+	root /var/www/html;
 	add_header X-Frame-Options "SAMEORIGIN";
 	add_header X-Content-Type-Options "nosniff";
 
@@ -15,23 +15,22 @@ server {
 	charset utf-8;
 
 	location ~ ^([^.\?]*[^\/])$ {
-		try_files                 $uri @addslash;
+		try_files $uri @addslash;
 	}
 
 	# Expire rules for static content
 	# Media: images, icons, video, audio, HTC
-	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
-		expires 1M;
-		access_log off;
+	location ~* \.(?:jpg|jpeg|gif|png|webp|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
 		log_not_found off;
-		add_header Cache-Control "public";
+		# Public cache, never changes until max-age expires, max-age of 1 month, can still be served while being
+		# revalidated or if the server is erroring for 1 day.
+		add_header Cache-Control "public, immutable, max-age=2592000, stale-while-revalidate=86400, stale-if-error=86400";
 	}
 	# CSS and Javascript
 	location ~* \.(?:css|js)$ {
-		expires 1y;
-		access_log off;
 		log_not_found off;
-		add_header Cache-Control "public";
+		# Public cache, max-age of 1 year, can still be served while being revalidated or if the server is erroring for 1 day.
+		add_header Cache-Control "public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400";
 	}
 
 	location ~* \.(html)$ {
@@ -39,7 +38,7 @@ server {
 	}
 
 	location @addslash {
-	   return                    301 $uri/;
+		return 301 $uri/;
 	}
 
 	location / {
@@ -56,7 +55,7 @@ server {
 		proxy_set_header Forwarded-Request-Id $x_request_id;
 		fastcgi_pass php-upstream;
 		fastcgi_index index.php;
-		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+		fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
 		fastcgi_read_timeout 600;
 		include fastcgi_params;
 	}

docker/nginx/nginx.conf

@@ -1,15 +1,17 @@
 # This and proxy.conf are based on
 # https://github.com/dead-guru/devichan/blob/master/nginx/nginx.conf
 
-user  leftypol;
+user www-data;
 worker_processes auto;
 # daemon off;
 # error_log  /var/log/nginx/error.log warn;
 error_log /dev/stdout warn;
-pid        /var/run/nginx.pid;
+pid       /var/run/nginx.pid;
+
 events {
 	worker_connections  1024;
 }
+
 http {
 	include       /etc/nginx/mime.types;
 	default_type  application/octet-stream;

docker/nginx/proxy.conf

@@ -33,7 +33,7 @@ real_ip_header X-Forwarded-For;
 
 set_real_ip_from 10.0.0.0/8;
 set_real_ip_from 172.16.0.0/12;
-set_real_ip_from 172.18.0.0/12;
+set_real_ip_from 172.18.0.0;
 set_real_ip_from 192.168.0.0/24;
 set_real_ip_from 127.0.0.0/8;
 

docker/php/Dockerfile

@@ -1,47 +1,89 @@
 # Based on https://github.com/dead-guru/devichan/blob/master/php-fpm/Dockerfile
 
 FROM composer AS composer
-FROM php:8.1-fpm-bullseye
-COPY --from=composer /usr/bin/composer /usr/bin/composer
-COPY . /code
+FROM php:7.2-fpm-alpine
 
-RUN apt-get update && apt-get upgrade -y && apt-get install -y \
-      zlib1g-dev libicu-dev g++ \
-      libjpeg62-turbo-dev \
-      libzip-dev \
-      libpng-dev \
-      libwebp-dev \
-      libfreetype6-dev \
-      libxml2-dev \
-      git \
-      zip \
-      ffmpeg \
-      libonig-dev \
-      unzip \
-      libcurl4-openssl-dev \
-      libmagickwand-dev \
-      gifsicle \
-      graphicsmagick \
-      gettext \
-      imagemagick \
-      locales locales-all \
-      libmagickwand-dev \
-      libmcrypt-dev \
+RUN apk add --no-cache \
+    zlib \
+    zlib-dev \
+    libpng \
+    libpng-dev \
+    libjpeg-turbo \
+    libjpeg-turbo-dev \
+    libwebp \
+    libwebp-dev \
+    libcurl \
+    curl-dev \
+    imagemagick \
+    graphicsmagick \
+    gifsicle \
+    ffmpeg \
+    bind-tools \
+    gettext \
+    gettext-dev \
+    icu-dev \
+    oniguruma \
+    oniguruma-dev \
+    libmcrypt \
+    libmcrypt-dev \
+    lz4-libs \
+    lz4-dev \
+    imagemagick-dev \
+    pcre-dev \
+    $PHPIZE_DEPS \
     && docker-php-ext-configure gd \
-        --with-webp=/usr/include/webp \
-        --with-jpeg=/usr/include \
-        --with-freetype=/usr/include/freetype2/ \
+        --with-webp-dir=/usr/include/webp \
+        --with-jpeg-dir=/usr/include \
+    && docker-php-ext-install -j$(nproc) \
+        gd \
+        curl \
+        bcmath \
+        opcache \
+        pdo_mysql \
+        gettext \
+        intl \
+        mbstring \
+    && pecl update-channels \
+    && pecl install -o -f igbinary \
     && pecl install redis \
     && pecl install imagick \
-    && pecl install -o -f igbinary \
-    && docker-php-ext-install gd zip opcache intl pdo pdo_mysql mysqli bcmath gettext iconv mbstring curl \
-    && docker-php-ext-enable igbinary redis imagick \
-    && useradd -MU leftypol \
-    && /code/docker/common-setup.sh \
-    && ln -s /code/composer.json /code/composer.lock /var/www-leftypol/ \
-    && cd /var/www-leftypol && composer install
+    $$ docker-php-ext-enable \
+        igbinary \
+        redis \
+        imagick \
+    && apk del \
+        zlib-dev \
+        libpng-dev \
+        libjpeg-turbo-dev \
+        libwebp-dev \
+        curl-dev \
+        gettext-dev \
+        oniguruma-dev \
+        libmcrypt-dev \
+        lz4-dev \
+        imagemagick-dev \
+        pcre-dev \
+        $PHPIZE_DEPS \
+    && rm -rf /var/cache/*
+RUN rmdir /var/www/html \
+    && install -d -m 744 -o www-data -g www-data /var/www \
+    && install -d -m 700 -o www-data -g www-data /var/tmp/vichan \
+    && install -d -m 700 -o www-data -g www-data /var/cache/gen-cache \
+    && install -d -m 700 -o www-data -g www-data /var/cache/template-cache
+
+COPY --from=composer /usr/bin/composer /usr/local/bin/composer
+
+# Copy the bootstrap script.
+COPY ./docker/php/bootstrap.sh /usr/local/bin/bootstrap.sh
+
+# Copy the actual project (use .dockerignore to exclude stuff).
+COPY . /code
+
+# Make the instance configuration owned by www-data.
+# Make it writable by php.
+# Install the compose depedencies.
+RUN cd /code && composer install
 
-# RUN /code/docker/common-setup.sh php
-WORKDIR "/var/www-leftypol"
-CMD ["php-fpm"]
-EXPOSE 9000
+WORKDIR "/var/www"
+CMD [ "bootstrap.sh" ]
+EXPOSE 9000

docker/php/bootstrap.sh

@@ -0,0 +1,79 @@
+#!/bin/sh
+
+set -eu
+
+function set_cfg() {
+    if [ ! -f "/var/www/inc/$1" ]; then
+        echo "INFO: Resetting $1"
+        touch "/var/www/inc/$1"
+        chown www-data "/var/www/inc/$1"
+        chgrp www-data "/var/www/inc/$1"
+        chmod 600 "/var/www/inc/$1"
+    else
+        echo "INFO: Using existing $1"
+    fi
+}
+
+if ! mountpoint -q /var/www; then
+    echo "WARNING: '/var/www' is not a mountpoint. All the data will remain inside the container!"
+fi
+
+if [ ! -w /var/www ] ; then
+    echo "ERROR: '/var/www' is not writable. Closing."
+    exit 1
+fi
+
+# Link the entrypoints from the exposed directory.
+ln -nfs \
+    /code/tools/ \
+    /code/walls/ \
+    /code/*.php \
+    /code/LICENSE.* \
+    /code/404.html \
+    /code/install.sql \
+    /var/www/
+# Static files accessible from the webserver must be copied.
+cp -ur /code/static /var/www/
+cp -ur /code/stylesheets /var/www/
+
+# Ensure correct permissions are set, since this might be bind mount.
+chown www-data /var/www
+chgrp www-data /var/www
+
+# Initialize an empty robots.txt with the default if it doesn't exist.
+touch /var/www/robots.txt
+
+# Link the cache and tmp files directory.
+ln -nfs /var/tmp/vichan /var/www/tmp
+
+# Link the javascript directory.
+ln -nfs /code/js /var/www/
+
+# Link the html templates directory and it's cache.
+ln -nfs /code/templates /var/www/
+ln -nfs -T /var/cache/template-cache /var/www/templates/cache
+chown -h www-data /var/www/templates/cache
+chgrp -h www-data /var/www/templates/cache
+
+# Link the generic cache.
+ln -nfs -T /var/cache/gen-cache /var/www/tmp/cache
+chown -h www-data /var/www/tmp/cache
+chgrp -h www-data /var/www/tmp/cache
+
+# Create the included files directory and link them
+install -d -m 700 -o www-data -g www-data /var/www/inc
+for file in /code/inc/*; do
+    file="${file##*/}"
+    if [ ! -e /var/www/inc/$file ]; then
+        ln -s /code/inc/$file /var/www/inc/
+    fi
+done
+
+# Copy an empty instance configuration if the file is a link (it was linked because it did not exist before).
+set_cfg 'instance-config.php'
+
+# Link the composer dependencies.
+ln -nfs /code/vendor /var/www/
+
+# Start the php-fpm server.
+exec php-fpm

docker/php/www.conf

@@ -1,6 +1,12 @@
 [www]
-user = leftypol
-group = leftypol
+access.log = /proc/self/fd/2
+
+; Ensure worker stdout and stderr are sent to the main error log.
+catch_workers_output = yes
+
+user = www-data
+group = www-data
+
 listen = 127.0.0.1:9000
 pm = static
 pm.max_children = 16

inc/bans.php

@@ -5,42 +5,44 @@ use Lifo\IP\CIDR;
 class Bans {
 	static public function range_to_string($mask) {
 		list($ipstart, $ipend) = $mask;
-		
+
 		if (!isset($ipend) || $ipend === false) {
 			// Not a range. Single IP address.
 			$ipstr = inet_ntop($ipstart);
 			return $ipstr;
 		}
-		
-		if (strlen($ipstart) != strlen($ipend))
+
+		if (strlen($ipstart) != strlen($ipend)) {
 			return '???'; // What the fuck are you doing, son?
-		
+		}
+
 		$range = CIDR::range_to_cidr(inet_ntop($ipstart), inet_ntop($ipend));
-		if ($range !== false)
+		if ($range !== false) {
 			return $range;
-		
+		}
+
 		return '???';
 	}
-	
+
 	private static function calc_cidr($mask) {
 		$cidr = new CIDR($mask);
 		$range = $cidr->getRange();
-		
+
 		return array(inet_pton($range[0]), inet_pton($range[1]));
 	}
-	
+
 	public static function parse_time($str) {
 		if (empty($str))
 			return false;
-	
+
 		if (($time = @strtotime($str)) !== false)
 			return $time;
-	
+
 		if (!preg_match('/^((\d+)\s?ye?a?r?s?)?\s?+((\d+)\s?mon?t?h?s?)?\s?+((\d+)\s?we?e?k?s?)?\s?+((\d+)\s?da?y?s?)?((\d+)\s?ho?u?r?s?)?\s?+((\d+)\s?mi?n?u?t?e?s?)?\s?+((\d+)\s?se?c?o?n?d?s?)?$/', $str, $matches))
 			return false;
-	
+
 		$expire = 0;
-	
+
 		if (isset($matches[2])) {
 			// Years
 			$expire += (int)$matches[2]*60*60*24*365;
@@ -69,14 +71,14 @@ class Bans {
 			// Seconds
 			$expire += (int)$matches[14];
 		}
-	
+
 		return time() + $expire;
 	}
-	
+
 	static public function parse_range($mask) {
 		$ipstart = false;
 		$ipend = false;
-		
+
 		if (preg_match('@^(\d{1,3}\.){1,3}([\d*]{1,3})?$@', $mask) && substr_count($mask, '*') == 1) {
 			// IPv4 wildcard mask
 			$parts = explode('.', $mask);
@@ -97,51 +99,52 @@ class Bans {
 			list($ipv4, $bits) = explode('/', $mask);
 			if ($bits > 32)
 				return false;
-			
+
 			list($ipstart, $ipend) = self::calc_cidr($mask);
 		} elseif (preg_match('@^[:a-z\d]+/\d+$@i', $mask)) {
 			list($ipv6, $bits) = explode('/', $mask);
-			if ($bits > 128)
+			if ($bits > 128) {
 				return false;
-			
+			}
+
 			list($ipstart, $ipend) = self::calc_cidr($mask);
-		} else {
-			if (($ipstart = @inet_pton($mask)) === false)
-				return false;
+		} elseif (($ipstart = @inet_pton($mask)) === false) {
+			return false;
 		}
-		
+
 		return array($ipstart, $ipend);
 	}
-	
+
 	static public function find($ip, $board = false, $get_mod_info = false) {
 		global $config;
-		
+
 		$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
 		' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
 		WHERE
 			(' . ($board !== false ? '(`board` IS NULL OR `board` = :board) AND' : '') . '
 			(`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)))
 		ORDER BY `expires` IS NULL, `expires` DESC');
-		
+
 		if ($board !== false)
 			$query->bindValue(':board', $board, PDO::PARAM_STR);
-		
+
 		$query->bindValue(':ip', inet_pton($ip));
 		$query->execute() or error(db_error($query));
-		
+
 		$ban_list = array();
-		
+
 		while ($ban = $query->fetch(PDO::FETCH_ASSOC)) {
 			if ($ban['expires'] && ($ban['seen'] || !$config['require_ban_view']) && $ban['expires'] < time()) {
 				self::delete($ban['id']);
 			} else {
-				if ($ban['post'])
+				if ($ban['post']) {
 					$ban['post'] = json_decode($ban['post'], true);
+				}
 				$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
 				$ban_list[] = $ban;
 			}
 		}
-		
+
 		return $ban_list;
 	}
 
@@ -149,16 +152,18 @@ class Bans {
 		$query = query("SELECT ``bans``.*, `username` FROM ``bans``
 			LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`
  			ORDER BY `created` DESC") or error(db_error());
-                $bans = $query->fetchAll(PDO::FETCH_ASSOC);
+			$bans = $query->fetchAll(PDO::FETCH_ASSOC);
 
-		if ($board_access && $board_access[0] == '*') $board_access = false;
+		if ($board_access && $board_access[0] == '*') {
+			$board_access = false;
+		}
 
 		$out ? fputs($out, "[") : print("[");
 
 		$end = end($bans);
 
-                foreach ($bans as &$ban) {
-                        $ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
+		foreach ($bans as &$ban) {
+			$ban['mask'] = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
 
 			$hide_message = false;
 			foreach ($hide_regexes as $regex) {
@@ -182,7 +187,7 @@ class Bans {
 				$ban['single_addr'] = true;
 			}
 			if ($filter_staff || ($board_access !== false && !in_array($ban['board'], $board_access))) {
-				$ban['username'] = '?';				
+				$ban['username'] = '?';
 			}
 			if ($filter_ips || ($board_access !== false && !in_array($ban['board'], $board_access))) {
 				@list($ban['mask'], $subnet) = explode("/", $ban['mask']);
@@ -204,24 +209,25 @@ class Bans {
 			}
 		}
 
-                $out ? fputs($out, "]") : print("]");
-
+		$out ? fputs($out, "]") : print("]");
 	}
-	
+
 	static public function seen($ban_id) {
-		$query = query("UPDATE ``bans`` SET `seen` = 1 WHERE `id` = " . (int)$ban_id) or error(db_error());
-                rebuildThemes('bans');
+		query("UPDATE ``bans`` SET `seen` = 1 WHERE `id` = " . (int)$ban_id) or error(db_error());
+		rebuildThemes('bans');
 	}
-	
+
 	static public function purge() {
-		$query = query("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < " . time() . " AND `seen` = 1") or error(db_error());
+		query("DELETE FROM ``bans`` WHERE `expires` IS NOT NULL AND `expires` < " . time() . " AND `seen` = 1") or error(db_error());
 		rebuildThemes('bans');
 	}
-	
+
 	static public function delete($ban_id, $modlog = false, $boards = false, $dont_rebuild = false) {
 		global $config;
 
-		if ($boards && $boards[0] == '*') $boards = false;
+		if ($boards && $boards[0] == '*') {
+			$boards = false;
+		}
 
 		if ($modlog) {
 			$query = query("SELECT `ipstart`, `ipend`, `board` FROM ``bans`` WHERE `id` = " . (int)$ban_id) or error(db_error());
@@ -230,50 +236,55 @@ class Bans {
 				return false;
 			}
 
-			if ($boards !== false && !in_array($ban['board'], $boards))
-		                error($config['error']['noaccess']);
-			
+			if ($boards !== false && !in_array($ban['board'], $boards)) {
+				error($config['error']['noaccess']);
+			}
+
 			$mask = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
-			
+
 			modLog("Removed ban #{$ban_id} for " .
 				(filter_var($mask, FILTER_VALIDATE_IP) !== false ? "<a href=\"?/IP/$mask\">$mask</a>" : $mask));
 		}
-		
+
 		query("DELETE FROM ``bans`` WHERE `id` = " . (int)$ban_id) or error(db_error());
 
-		if (!$dont_rebuild) rebuildThemes('bans');
-		
+		if (!$dont_rebuild) {
+			rebuildThemes('bans');
+		}
+
 		return true;
 	}
-	
+
 	static public function new_ban($mask, $reason, $length = false, $ban_board = false, $mod_id = false, $post = false) {
 		global $mod, $pdo, $board;
-		
+
 		if ($mod_id === false) {
 			$mod_id = isset($mod['id']) ? $mod['id'] : -1;
 		}
-				
+
 		$range = self::parse_range($mask);
 		$mask = self::range_to_string($range);
-		
+
 		$query = prepare("INSERT INTO ``bans`` VALUES (NULL, :ipstart, :ipend, :time, :expires, :board, :mod, :reason, 0, :post)");
-		
+
 		$query->bindValue(':ipstart', $range[0]);
-		if ($range[1] !== false && $range[1] != $range[0])
+		if ($range[1] !== false && $range[1] != $range[0]) {
 			$query->bindValue(':ipend', $range[1]);
-		else
+		} else {
 			$query->bindValue(':ipend', null, PDO::PARAM_NULL);
-		
+		}
+
 		$query->bindValue(':mod', $mod_id);
 		$query->bindValue(':time', time());
-		
+
 		if ($reason !== '') {
 			$reason = escape_markup_modifiers($reason);
 			markup($reason);
 			$query->bindValue(':reason', $reason);
-		} else
+		} else {
 			$query->bindValue(':reason', null, PDO::PARAM_NULL);
-		
+		}
+
 		if ($length) {
 			if (is_int($length) || ctype_digit($length)) {
 				$length = time() + $length;
@@ -284,20 +295,22 @@ class Bans {
 		} else {
 			$query->bindValue(':expires', null, PDO::PARAM_NULL);
 		}
-		
-		if ($ban_board)
+
+		if ($ban_board) {
 			$query->bindValue(':board', $ban_board);
-		else
+		} else {
 			$query->bindValue(':board', null, PDO::PARAM_NULL);
-		
+		}
+
 		if ($post) {
 			$post['board'] = $board['uri'];
 			$query->bindValue(':post', json_encode($post));
-		} else
+		} else {
 			$query->bindValue(':post', null, PDO::PARAM_NULL);
-		
+		}
+
 		$query->execute() or error(db_error($query));
-		
+
 		if (isset($mod['id']) && $mod['id'] == $mod_id) {
 			modLog('Created a new ' .
 				($length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', until($length)) : 'permanent') .

inc/config.php

@@ -112,7 +112,7 @@
 
     /*
      * On top of the static file caching system, you can enable the additional caching system which is
-     * designed to minimize SQL queries and can significantly increase speed when posting or using the 
+     * designed to minimize SQL queries and can significantly increase speed when posting or using the
      * moderator interface. APC is the recommended method of caching.
      *
      * http://tinyboard.org/docs/index.php?p=Config/Cache
@@ -209,22 +209,22 @@
     // http://www.projecthoneypot.org/httpbl.php
     // $config['dnsbl'][] = array('<your access key>.%.dnsbl.httpbl.org', function($ip) {
     //  $octets = explode('.', $ip);
-    //  
+    //
     //  // days since last activity
     //  if ($octets[1] > 14)
     //      return false;
-    //  
+    //
     //  // "threat score" (http://www.projecthoneypot.org/threat_info.php)
     //  if ($octets[2] < 5)
     //      return false;
-    //  
+    //
     //  return true;
     // }, 'dnsbl.httpbl.org'); // hide our access key
 
     // Skip checking certain IP addresses against blacklists (for troubleshooting or whatever)
     $config['dnsbl_exceptions'][] = '127.0.0.1';
 
-    // To prevent bump atacks; returns the thread to last position after the last post is deleted. 
+    // To prevent bump atacks; returns the thread to last position after the last post is deleted.
     $config['anti_bump_flood'] = false;
 
     /*
@@ -768,7 +768,7 @@
      *   'gd'          PHP GD (default). Only handles the most basic image formats (GIF, JPEG, PNG).
      *                GD is a prerequisite for Tinyboard no matter what method you choose.
      *
-     *   'imagick'    PHP's ImageMagick bindings. Fast and efficient, supporting many image formats. 
+     *   'imagick'    PHP's ImageMagick bindings. Fast and efficient, supporting many image formats.
      *                A few minor bugs. http://pecl.php.net/package/imagick
      *
      *   'convert'    The command line version of ImageMagick (`convert`). Fixes most of the bugs in
@@ -1170,6 +1170,7 @@
     $config['error']['fileext']     = _('Unsupported image format.');
     $config['error']['noboard']     = _('Invalid board!');
     $config['error']['nonexistant']     = _('Thread specified does not exist.');
+    $config['error']['nopost']     = _('Post specified does not exist.');
     $config['error']['locked']      = _('Thread locked. You may not reply at this time.');
     $config['error']['reply_hard_limit']    = _('Thread has reached its maximum reply limit.');
     $config['error']['image_hard_limit']    = _('Thread has reached its maximum image limit.');
@@ -1776,7 +1777,7 @@
 
     // event_handler('post', function($post) {
     //  // do something else
-    //  
+    //
     //  // return an error (reject post)
     //  return 'Sorry, you cannot post that!';
     // });
@@ -1991,4 +1992,3 @@
 
     //Logo location for themes
     $config['logo'] = 'static/logo.png';
-

inc/functions.php

@@ -57,7 +57,7 @@ function loadConfig() {
 		require_once('tmp/cache/cache_config.php');
 	}
 
-	if (isset($config['cache_config']) && 
+	if (isset($config['cache_config']) &&
 	    $config['cache_config'] &&
             $config = Cache::get('config_' . $boardsuffix ) ) {
 		$events = Cache::get('events_' . $boardsuffix );
@@ -76,7 +76,7 @@ function loadConfig() {
 	else {
 		$config = array();
 
-		reset_events();	
+		reset_events();
 
 		$arrays = array(
 			'db',
@@ -309,7 +309,7 @@ function loadConfig() {
 	else if (is_callable($config['anonymous'])){
 		$config['anonymous'] = $config['anonymous']($boardsuffix);
 	}
-	
+
 	if ($config['debug']) {
 		if (!isset($debug)) {
 			$debug = array(
@@ -350,7 +350,7 @@ function define_groups() {
 			define($group_name, $group_value);
 		}
 	}
-	
+
 	ksort($config['mod']['groups']);
 }
 
@@ -388,7 +388,7 @@ function rebuildThemes($action, $boardname = false) {
 		$config = $_config;
 		$board = $_board;
 
-		// Reload the locale	
+		// Reload the locale
 	        if ($config['locale'] != $current_locale) {
 	                $current_locale = $config['locale'];
 	                init_locale($config['locale']);
@@ -409,7 +409,7 @@ function rebuildThemes($action, $boardname = false) {
 	$config = $_config;
 	$board = $_board;
 
-	// Reload the locale	
+	// Reload the locale
 	if ($config['locale'] != $current_locale) {
 	        $current_locale = $config['locale'];
 	        init_locale($config['locale']);
@@ -561,7 +561,7 @@ function purge($uri) {
 	global $config, $debug;
 
 	// Fix for Unicode
-	$uri = rawurlencode($uri); 
+	$uri = rawurlencode($uri);
 
 	$noescape = "/!~*()+:";
 	$noescape = preg_split('//', $noescape);
@@ -757,7 +757,7 @@ function listBoards($just_uri = false) {
 			$boards[] = $board;
 		}
 	}
- 
+
 	if ($config['cache']['enabled'])
 		cache::set($cache_name, $boards);
 
@@ -823,10 +823,10 @@ function displayBan($ban) {
 			$post = new Thread($ban['post'], null, false, false);
 		}
 	}
-	
+
 	$denied_appeals = array();
 	$pending_appeal = false;
-	
+
 	if ($config['ban_appeals']) {
 		$query = query("SELECT `time`, `denied` FROM ``ban_appeals`` WHERE `ban_id` = " . (int)$ban['id']) or error(db_error());
 		while ($ban_appeal = $query->fetch(PDO::FETCH_ASSOC)) {
@@ -837,7 +837,7 @@ function displayBan($ban) {
 			}
 		}
 	}
-	
+
 	// Show banned page and exit
 	die(
 		Element('page.html', array(
@@ -862,7 +862,7 @@ function checkBan($board = false) {
 	if (!isset($_SERVER['REMOTE_ADDR'])) {
 		// Server misconfiguration
 		return;
-	}		
+	}
 
 	if (event('check-ban', $board))
 		return true;
@@ -877,7 +877,7 @@ function checkBan($board = false) {
 
 	foreach ($ips as $ip) {
 		$bans = Bans::find($_SERVER['REMOTE_ADDR'], $board, $config['show_modname']);
-	
+
 		foreach ($bans as &$ban) {
 			if ($ban['expires'] && $ban['expires'] < time()) {
 				Bans::delete($ban['id']);
@@ -906,9 +906,9 @@ function checkBan($board = false) {
 		if (time() - $last_time_purged < $config['purge_bans'] )
 			return;
 	}
-	
+
 	Bans::purge();
-	
+
 	if ($config['cache']['enabled'])
 		cache::set('purged_bans_last', time());
 }
@@ -965,7 +965,7 @@ function threadExists($id) {
 
 function insertFloodPost(array $post) {
 	global $board;
-	
+
 	$query = prepare("INSERT INTO ``flood`` VALUES (NULL, :ip, :board, :time, :posthash, :filehash, :isreply)");
 	$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
 	$query->bindValue(':board', $board['uri']);
@@ -1006,7 +1006,7 @@ function post(array $post) {
 	$query->bindValue(':body', $post['body']);
 	$query->bindValue(':body_nomarkup', $post['body_nomarkup']);
 	$query->bindValue(':time', isset($post['time']) ? $post['time'] : time(), PDO::PARAM_INT);
-	$query->bindValue(':password', $post['password']);		
+	$query->bindValue(':password', $post['password']);
 	$query->bindValue(':ip', isset($post['ip']) ? $post['ip'] : $_SERVER['REMOTE_ADDR']);
 
 	if ($post['op'] && $post['mod'] && isset($post['sticky']) && $post['sticky']) {
@@ -1186,7 +1186,7 @@ function deletePost($id, $error_if_doesnt_exist=true, $rebuild_after=true) {
 	// Delete posts and maybe replies
 	while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
 		event('delete', $post);
-		
+
 		$thread_id = $post['thread'];
 		if (!$post['thread']) {
 			// Delete thread HTML page
@@ -1287,7 +1287,7 @@ function clean($pid = false) {
 		$query = prepare(sprintf("SELECT `id` AS `thread_id`, (SELECT COUNT(`id`) FROM ``posts_%s`` WHERE `thread` = `thread_id`) AS `reply_count` FROM ``posts_%s`` WHERE `thread` IS NULL ORDER BY `sticky` DESC, `bump` DESC LIMIT :offset, 9001", $board['uri'], $board['uri']));
 		$query->bindValue(':offset', $offset, PDO::PARAM_INT);
 		$query->execute() or error(db_error($query));
-		
+
 		while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
 			if ($post['reply_count'] < $config['early_404_replies']) {
 				deletePost($post['thread_id'], false, false);
@@ -1326,7 +1326,7 @@ function index($page, $mod=false, $brief = false) {
 		return false;
 
 	$threads = array();
-	
+
 	while ($th = $query->fetch(PDO::FETCH_ASSOC)) {
 		$thread = new Thread($th, $mod ? '?/' : $config['root'], $mod);
 
@@ -1377,7 +1377,7 @@ function index($page, $mod=false, $brief = false) {
 			$thread->omitted = $omitted['post_count'] - ($th['sticky'] ? $config['threads_preview_sticky'] : $config['threads_preview']);
 			$thread->omitted_images = $omitted['image_count'] - $num_images;
 		}
-		
+
 		$threads[] = $thread;
 
 		if (!$brief) {
@@ -1594,7 +1594,7 @@ function checkMute() {
 			// Not expired yet
 			error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time()));
 		} else {
-			// Already expired	
+			// Already expired
 			return;
 		}
 	}
@@ -1883,8 +1883,8 @@ function wordfilters(&$body) {
 
         foreach ($config['wordfilters'] as $filter) {
                 if (isset($filter[3]) && $filter[3]) {
-                        $refilter = $filter[0]; 
-                        if (strncmp($filter[0], "/", 1) !== 0) 
+                        $refilter = $filter[0];
+                        if (strncmp($filter[0], "/", 1) !== 0)
                         {
                                 $refilter = "/.*" . $filter[0] .  "/";
                         }
@@ -1895,8 +1895,8 @@ function wordfilters(&$body) {
                                                 return $match;
                                         } else {
                                                 if (isset($filter[2]) && $filter[2]) {
-                                                        $refilter = $filter[0]; 
-                                                        if (strncmp($filter[0], "/", 1) !== 0) 
+                                                        $refilter = $filter[0];
+                                                        if (strncmp($filter[0], "/", 1) !== 0)
                                                         {
                                                                 $refilter = "/.*" . $filter[0] .  "/";
                                                         }
@@ -1912,7 +1912,7 @@ function wordfilters(&$body) {
                                 }
                         }
                         , $body);
-                } else { 
+                } else {
                         if (isset($filter[2]) && $filter[2]) {
                                 if (is_callable($filter[1]))
                                         $body = preg_replace_callback($filter[0], $filter[1], $body);
@@ -1958,7 +1958,7 @@ function markup_url($matches) {
 		'rel' => 'nofollow',
 		'target' => '_blank',
 	);
-	
+
 	event('markup-url', $link);
 	$link = (array)$link;
 
@@ -1993,7 +1993,7 @@ function newline_to_full_stop($body) {
 
 function extract_modifiers($body) {
 	$modifiers = array();
-	
+
 	if (preg_match_all('@<tinyboard ([\w\s]+)>(.*?)</tinyboard>@us', $body, $matches, PREG_SET_ORDER)) {
 		foreach ($matches as $match) {
 			if (preg_match('/^escape /', $match[1]))
@@ -2001,7 +2001,7 @@ function extract_modifiers($body) {
 			$modifiers[$match[1]] = html_entity_decode($match[2]);
 		}
 	}
-		
+
 	return $modifiers;
 }
 
@@ -2024,10 +2024,10 @@ function markup(&$body, $track_cites = false, $op = false) {
 	global $board, $config, $markup_urls;
 
 	$modifiers = extract_modifiers($body);
-	
+
 	$body = preg_replace('@<tinyboard (?!escape )([\w\s]+)>(.+?)</tinyboard>@us', '', $body);
 	$body = preg_replace('@<(tinyboard) escape ([\w\s]+)>@i', '<$1 $2>', $body);
-	
+
 	if (isset($modifiers['raw html']) && $modifiers['raw html'] == '1') {
 		return array();
 	}
@@ -2069,7 +2069,7 @@ function markup(&$body, $track_cites = false, $op = false) {
 			error($config['error']['toomanylinks']);
 		}
 	}
-	
+
 	if ($config['markup_repair_tidy'])
 		$body = str_replace('  ', ' &nbsp;', $body);
 
@@ -2093,21 +2093,21 @@ function markup(&$body, $track_cites = false, $op = false) {
 
 		$skip_chars = 0;
 		$body_tmp = $body;
-		
+
 		$search_cites = array();
 		foreach ($cites as $matches) {
 			$search_cites[] = '`id` = ' . $matches[2][0];
 		}
 		$search_cites = array_unique($search_cites);
-		
+
 		$query = query(sprintf('SELECT `thread`, `id` FROM ``posts_%s`` WHERE ' .
 			implode(' OR ', $search_cites), $board['uri'])) or error(db_error());
-		
+
 		$cited_posts = array();
 		while ($cited = $query->fetch(PDO::FETCH_ASSOC)) {
 			$cited_posts[$cited['id']] = $cited['thread'] ? $cited['thread'] : false;
 		}
-				
+
 		foreach ($cites as $matches) {
 			$cite = $matches[2][0];
 
@@ -2140,34 +2140,34 @@ function markup(&$body, $track_cites = false, $op = false) {
 
 		$skip_chars = 0;
 		$body_tmp = $body;
-		
+
 		if (isset($cited_posts)) {
 			// Carry found posts from local board >>X links
 			foreach ($cited_posts as $cite => $thread) {
 				$cited_posts[$cite] = $config['root'] . $board['dir'] . $config['dir']['res'] .
 					($thread ? $thread : $cite) . '.html#' . $cite;
 			}
-			
+
 			$cited_posts = array(
 				$board['uri'] => $cited_posts
 			);
 		} else
 			$cited_posts = array();
-		
+
 		$crossboard_indexes = array();
 		$search_cites_boards = array();
-		
+
 		foreach ($cites as $matches) {
 			$_board = $matches[2][0];
 			$cite = @$matches[3][0];
-			
+
 			if (!isset($search_cites_boards[$_board]))
 				$search_cites_boards[$_board] = array();
 			$search_cites_boards[$_board][] = $cite;
 		}
-		
+
 		$tmp_board = $board['uri'];
-		
+
 		foreach ($search_cites_boards as $_board => $search_cites) {
 			$clauses = array();
 			foreach ($search_cites as $cite) {
@@ -2176,7 +2176,7 @@ function markup(&$body, $track_cites = false, $op = false) {
 				$clauses[] = '`id` = ' . $cite;
 			}
 			$clauses = array_unique($clauses);
-			
+
 			if ($board['uri'] != $_board) {
 				if (!openBoard($_board)){
 					if (in_array($_board,array_keys($config['boards_alias']))){
@@ -2191,25 +2191,25 @@ function markup(&$body, $track_cites = false, $op = false) {
 					else {
 						continue; // Unknown board
 					}
-						
+
 				}
 			}
-			
+
 			if (!empty($clauses)) {
 				$cited_posts[$_board] = array();
-				
+
 				$query = query(sprintf('SELECT `thread`, `id`, `slug` FROM ``posts_%s`` WHERE ' .
 					implode(' OR ', $clauses), $board['uri'])) or error(db_error());
-				
+
 				while ($cite = $query->fetch(PDO::FETCH_ASSOC)) {
 					$cited_posts[$_board][$cite['id']] = $config['root'] . $board['dir'] . $config['dir']['res'] .
 						link_for($cite) . '#' . $cite['id'];
 				}
 			}
-			
+
 			$crossboard_indexes[$_board] = $config['root'] . $board['dir'] . $config['file_index'];
 		}
-		
+
 		// Restore old board
 		if ($board['uri'] != $tmp_board)
 			openBoard($tmp_board);
@@ -2285,7 +2285,7 @@ function markup(&$body, $track_cites = false, $op = false) {
 			$code = rtrim(ltrim($code, "\r\n"));
 
 			$code = "<pre class='code lang-$code_lang'>".str_replace(array("\n","\t"), array("&#10;","&#9;"), htmlspecialchars($code, ENT_COMPAT, "UTF-8", false))."</pre>";
-			
+
 			$body = str_replace("<code $id>", $code, $body);
 		}
 	}
@@ -2323,7 +2323,7 @@ function utf8tohtml($utf8) {
 }
 
 function ordutf8($string, &$offset) {
-	$code = ord(substr($string, $offset,1)); 
+	$code = ord(substr($string, $offset,1));
 	if ($code >= 128) { // otherwise 0xxxxxxx
 		if ($code < 224)
 			$bytesnumber = 2; // 110xxxxx
@@ -2387,7 +2387,7 @@ function buildThread($id, $return = false, $mod = false) {
 		// Check if any posts were found
 		if (!isset($thread))
 			error($config['error']['nonexistant']);
-	
+
 		$hasnoko50 = $thread->postCount() >= $config['noko50_min'];
 		$antibot = $mod || $return ? false : create_antibot($board['uri'], $id);
 
@@ -2438,16 +2438,16 @@ function buildThread($id, $return = false, $mod = false) {
 function buildThread50($id, $return = false, $mod = false, $thread = null, $antibot = false) {
 	global $board, $config, $build_pages;
 	$id = round($id);
-	
+
 	if ($antibot)
 		$antibot->reset();
-		
+
 	if (!$thread) {
 		$query = prepare(sprintf("SELECT * FROM ``posts_%s`` WHERE (`thread` IS NULL AND `id` = :id) OR `thread` = :id ORDER BY `thread`,`id` DESC LIMIT :limit", $board['uri']));
 		$query->bindValue(':id', $id, PDO::PARAM_INT);
 		$query->bindValue(':limit', $config['noko50_count']+1, PDO::PARAM_INT);
 		$query->execute() or error(db_error($query));
-		
+
 		$num_images = 0;
 		while ($post = $query->fetch(PDO::FETCH_ASSOC)) {
 			if (!isset($thread)) {
@@ -2455,7 +2455,7 @@ function buildThread50($id, $return = false, $mod = false, $thread = null, $anti
 			} else {
 				if ($post['files'])
 					$num_images += $post['num_files'];
-					
+
 				$thread->add(new Post($post, $mod ? '?/' : $config['root'], $mod));
 			}
 		}
@@ -2470,10 +2470,10 @@ function buildThread50($id, $return = false, $mod = false, $thread = null, $anti
 						  SELECT SUM(`num_files`) FROM ``posts_%s`` WHERE `files` IS NOT NULL AND `thread` = :thread", $board['uri'], $board['uri']));
 			$count->bindValue(':thread', $id, PDO::PARAM_INT);
 			$count->execute() or error(db_error($count));
-			
+
 			$c = $count->fetch();
 			$thread->omitted = $c['num'] - $config['noko50_count'];
-			
+
 			$c = $count->fetch();
 			$thread->omitted_images = $c['num'] - $num_images;
 		}
@@ -2486,13 +2486,13 @@ function buildThread50($id, $return = false, $mod = false, $thread = null, $anti
 		$thread->omitted += count($allPosts) - count($thread->posts);
 		foreach ($allPosts as $index => $post) {
 			if ($index == count($allPosts)-count($thread->posts))
-				break;  
+				break;
 			if ($post->files)
 				$thread->omitted_images += $post->num_files;
 		}
 	}
 
-	$hasnoko50 = $thread->postCount() >= $config['noko50_min'];		
+	$hasnoko50 = $thread->postCount() >= $config['noko50_min'];
 
 	$body = Element('thread.html', array(
 		'board' => $board,
@@ -2506,7 +2506,7 @@ function buildThread50($id, $return = false, $mod = false, $thread = null, $anti
 		'antibot' => $mod ? false : ($antibot ? $antibot : create_antibot($board['uri'], $id)),
 		'boardlist' => createBoardlist($mod),
 		'return' => ($mod ? '?' . $board['url'] . $config['file_index'] : $config['root'] . $board['dir'] . $config['file_index'])
-	));	
+	));
 
 	if ($return) {
 		return $body;
@@ -2585,7 +2585,7 @@ function hcf($a, $b){
 		$b = $a-$b;
 		$a = $a-$b;
 	}
-	if ($b==(round($b/$a))*$a) 
+	if ($b==(round($b/$a))*$a)
 		$gcd=$a;
 	else {
 		for ($i=round($a/2);$i;$i--) {
@@ -2880,7 +2880,7 @@ function process_filenames($file, $board_dir, $multiple, $i){
 
 	if ($multiple)
 		$file['file_id'] .= "-$i";
-	
+
 	$file['file'] = $board_dir . $config['dir']['img'] . $file['file_id'] . '.' . $file['extension'];
 	$file['thumb'] = $board_dir . $config['dir']['thumb'] . $file['file_id'] . '.' . ($config['thumb_ext'] ? $config['thumb_ext'] : $file['extension']);
 	return $file;

inc/image.php

@@ -11,7 +11,7 @@ class Image {
 	public $src, $format, $image, $size;
 	public function __construct($src, $format = false, $size = false) {
 		global $config;
-		
+
 		$this->src = $src;
 		$this->format = $format;
 
@@ -25,21 +25,21 @@ class Image {
 				error(_('Unsupported file format: ') . $this->format);
 			}
 		}
-		
+
 		$this->image = new $classname($this, $size);
 
 		if (!$this->image->valid()) {
 			$this->delete();
 			error($config['error']['invalidimg']);
 		}
-		
+
 		$this->size = (object)array('width' => $this->image->_width(), 'height' => $this->image->_height());
 		if ($this->size->width < 1 || $this->size->height < 1) {
 			$this->delete();
 			error($config['error']['invalidimg']);
 		}
 	}
-	
+
 	public function resize($extension, $max_width, $max_height) {
 		global $config;
 
@@ -63,16 +63,16 @@ class Image {
 				error(_('Unsupported file format: ') . $extension);
 			}
 		}
-		
+
 		$thumb = new $classname(false);
 		$thumb->src = $this->src;
 		$thumb->format = $this->format;
 		$thumb->original_width = $this->size->width;
 		$thumb->original_height = $this->size->height;
-		
+
 		$x_ratio = $max_width / $this->size->width;
 		$y_ratio = $max_height / $this->size->height;
-		
+
 		if (($this->size->width <= $max_width) && ($this->size->height <= $max_height)) {
 			$width = $this->size->width;
 			$height = $this->size->height;
@@ -83,16 +83,16 @@ class Image {
 			$width = ceil($y_ratio * $this->size->width);
 			$height = $max_height;
 		}
-		
+
 		$thumb->_resize($this->image->image, $width, $height);
-				
+
 		return $thumb;
 	}
-	
+
 	public function to($dst) {
 		$this->image->to($dst);
 	}
-	
+
 	public function delete() {
 		file_unlink($this->src);
 	}
@@ -115,26 +115,26 @@ class ImageGD {
 }
 
 class ImageBase extends ImageGD {
-	public $image, $src, $original, $original_width, $original_height, $width, $height;		
+	public $image, $src, $original, $original_width, $original_height, $width, $height;
 	public function valid() {
 		return (bool)$this->image;
 	}
-	
+
 	public function __construct($img, $size = false) {
 		if (method_exists($this, 'init'))
 			$this->init();
-		
+
 		if ($size && $size[0] > 0 && $size[1] > 0) {
 			$this->width = $size[0];
 			$this->height = $size[1];
 		}
-		
+
 		if ($img !== false) {
 			$this->src = $img->src;
 			$this->from();
 		}
 	}
-	
+
 	public function _width() {
 		if (method_exists($this, 'width'))
 			return $this->width();
@@ -157,7 +157,7 @@ class ImageBase extends ImageGD {
 		$this->original = &$original;
 		$this->width = $width;
 		$this->height = $height;
-		
+
 		if (method_exists($this, 'resize'))
 			$this->resize();
 		else
@@ -200,31 +200,31 @@ class ImageImagick extends ImageBase {
 	}
 	public function resize() {
 		global $config;
-		
+
 		if ($this->format == 'gif' && ($config['thumb_ext'] == 'gif' || $config['thumb_ext'] == '')) {
 			$this->image = new Imagick();
 			$this->image->setFormat('gif');
-			
+
 			$keep_frames = array();
 			for ($i = 0; $i < $this->original->getNumberImages(); $i += floor($this->original->getNumberImages() / $config['thumb_keep_animation_frames']))
 				$keep_frames[] = $i;
-			
+
 			$i = 0;
 			$delay = 0;
 			foreach ($this->original as $frame) {
 				$delay += $frame->getImageDelay();
-				
+
 				if (in_array($i, $keep_frames)) {
 					// $frame->scaleImage($this->width, $this->height, false);
 					$frame->sampleImage($this->width, $this->height);
 					$frame->setImagePage($this->width, $this->height, 0, 0);
 					$frame->setImageDelay($delay);
 					$delay = 0;
-					
+
 					$this->image->addImage($frame->getImage());
 				}
 				$i++;
-			}		
+			}
 		} else {
 			$this->image = clone $this->original;
 			$this->image->scaleImage($this->width, $this->height, false);
@@ -235,15 +235,15 @@ class ImageImagick extends ImageBase {
 
 class ImageConvert extends ImageBase {
 	public $width, $height, $temp, $gm = false, $gifsicle = false;
-	
+
 	public function init() {
 		global $config;
-		
+
 		if ($config['thumb_method'] == 'gm' || $config['thumb_method'] == 'gm+gifsicle')
 			$this->gm = true;
 		if ($config['thumb_method'] == 'convert+gifsicle' || $config['thumb_method'] == 'gm+gifsicle')
 			$this->gifsicle = true;
-		
+
 		$this->temp = false;
 	}
 	public function get_size($src, $try_gd_first = true) {
@@ -265,7 +265,7 @@ class ImageConvert extends ImageBase {
 		if ($size) {
 			$this->width = $size[0];
 			$this->height = $size[1];
-			
+
 			$this->image = true;
 		} else {
 			// mark as invalid
@@ -274,7 +274,7 @@ class ImageConvert extends ImageBase {
 	}
 	public function to($src) {
 		global $config;
-		
+
 		if (!$this->temp) {
 			if ($config['strip_exif']) {
 				if($error = shell_exec_error(($this->gm ? 'gm ' : '') . 'convert ' .
@@ -306,16 +306,16 @@ class ImageConvert extends ImageBase {
 	}
 	public function resize() {
 		global $config;
-		
+
 		if ($this->temp) {
 			// remove old
 			$this->destroy();
 		}
-		
+
 		$this->temp = tempnam($config['tmp'], 'convert') . ($config['thumb_ext'] == '' ? '' : '.' . $config['thumb_ext']);
-				
+
 		$config['thumb_keep_animation_frames'] = (int)$config['thumb_keep_animation_frames'];
-		
+
 		if ($this->format == 'gif' && ($config['thumb_ext'] == 'gif' || $config['thumb_ext'] == '') && $config['thumb_keep_animation_frames'] > 1) {
 			if ($this->gifsicle) {
 				if (($error = shell_exec("gifsicle -w --unoptimize -O2 --resize {$this->width}x{$this->height} < " .
@@ -380,7 +380,7 @@ class ImageConvert extends ImageBase {
 			}
 		}
 	}
-	
+
 	// For when -auto-orient doesn't exist (older versions)
 	static public function jpeg_exif_orientation($src, $exif = false) {
 		if (!$exif) {
@@ -398,16 +398,16 @@ class ImageConvert extends ImageBase {
 				//   8888
 				//     88
 				//     88
-			
+
 				return '-flop';
 			case 3:
-			
+
 				//     88
 				//     88
 				//   8888
 				//     88
 				// 888888
-			
+
 				return '-flip -flop';
 			case 4:
 				// 88
@@ -415,31 +415,31 @@ class ImageConvert extends ImageBase {
 				// 8888
 				// 88
 				// 888888
-			
+
 				return '-flip';
 			case 5:
 				// 8888888888
 				// 88  88
 				// 88
-			
+
 				return '-rotate 90 -flop';
 			case 6:
 				// 88
 				// 88  88
 				// 8888888888
-			
+
 				return '-rotate 90';
 			case 7:
 				//         88
 				//     88  88
 				// 8888888888
-			
+
 				return '-rotate "-90" -flop';
 			case 8:
 				// 8888888888
 				//     88  88
 				//         88
-			
+
 				return '-rotate "-90"';
 		}
 	}
@@ -497,6 +497,11 @@ class ImageBMP extends ImageBase {
 	}
 }
 
-
-
-
+class ImageWEBP extends ImageBase {
+	public function from() {
+		$this->image = @imagecreatefromwebp($this->src);
+	}
+	public function to($src) {
+		imagewebp($this->image, $src);
+	}
+}

inc/template.php

@@ -13,12 +13,15 @@ $twig = false;
 
 function load_twig() {
 	global $twig, $config;
+
+	$cache_dir = "{$config['dir']['template']}/cache/";
+
 	$loader = new Twig_Loader_Filesystem($config['dir']['template']);
 	$loader->setPaths($config['dir']['template']);
 	$twig = new Twig_Environment($loader, array(
 		'autoescape' => false,
-		'cache' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')) ?
-			"{$config['dir']['template']}/cache" : false,
+		'cache' => is_writable('templates/') || (is_dir($cache_dir) && is_writable($cache_dir)) ?
+			$cache_dir : false,
 		'debug' => $config['debug']
 	));
 	$twig->addExtension(new Twig_Extensions_Extension_Tinyboard());
@@ -27,17 +30,17 @@ function load_twig() {
 
 function Element($templateFile, array $options) {
 	global $config, $debug, $twig, $build_pages;
-	
+
 	if (!$twig)
 		load_twig();
-	
+
 	if (function_exists('create_pm_header') && ((isset($options['mod']) && $options['mod']) || isset($options['__mod'])) && !preg_match('!^mod/!', $templateFile)) {
 		$options['pm'] = create_pm_header();
 	}
-	
+
 	if (isset($options['body']) && $config['debug']) {
 		$_debug = $debug;
-		
+
 		if (isset($debug['start'])) {
 			$_debug['time']['total'] = '~' . round((microtime(true) - $_debug['start']) * 1000, 2) . 'ms';
 			$_debug['time']['init'] = '~' . round(($_debug['start_debug'] - $_debug['start']) * 1000, 2) . 'ms';
@@ -55,18 +58,17 @@ function Element($templateFile, array $options) {
 				str_replace("\n", '<br/>', utf8tohtml(print_r($_debug, true))) .
 			'</pre>';
 	}
-	
+
 	// Read the template file
 	if (@file_get_contents("{$config['dir']['template']}/${templateFile}")) {
 		$body = $twig->render($templateFile, $options);
-		
+
 		if ($config['minify_html'] && preg_match('/\.html$/', $templateFile)) {
 			$body = trim(preg_replace("/[\t\r\n]/", '', $body));
 		}
-		
+
 		return $body;
 	} else {
 		throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
 	}
 }
-

install.php

@@ -1,9 +1,9 @@
 <?php
 
-// Installation/upgrade file	
+// Installation/upgrade file
 define('VERSION', '5.1.3');
 
-if (fopen('inc/instance-config.php' , 'a') === false) {
+if (!is_writable('inc/instance-config.php') || !is_writable('inc/')) {
 	print('install.php does not have permission to write to /inc/, without permission the installer cannot continue');
 	exit();
 }
@@ -39,41 +39,41 @@ function checkGifsicle() {
 }
 
 if (file_exists($config['has_installed'])) {
-	
+
 	// Check the version number
 	$version = trim(file_get_contents($config['has_installed']));
 	if (empty($version))
 		$version = 'v0.9.1';
-	
+
 	function __query($sql) {
 		sql_open();
-		
+
 		if (mysql_version() >= 50503)
 			return query($sql);
 		else
 			return query(str_replace('utf8mb4', 'utf8', $sql));
 	}
-	
+
 	$boards = listBoards();
-	
+
 	switch ($version) {
 		case 'v0.9':
 		case 'v0.9.1':
 			// Upgrade to v0.9.2-dev
-			
+
 			foreach ($boards as &$_board) {
 				// Add `capcode` field after `trip`
 				query(sprintf("ALTER TABLE `posts_%s` ADD  `capcode` VARCHAR( 50 ) NULL AFTER  `trip`", $_board['uri'])) or error(db_error());
-				
+
 				// Resize `trip` to 15 characters
 				query(sprintf("ALTER TABLE `posts_%s` CHANGE  `trip`  `trip` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL", $_board['uri'])) or error(db_error());
 			}
 		case 'v0.9.2-dev':
 			// Upgrade to v0.9.2-dev-1
-			
+
 			// New table: `theme_settings`
 			query("CREATE TABLE IF NOT EXISTS `theme_settings` ( `name` varchar(40) NOT NULL, `value` text, UNIQUE KEY `name` (`name`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;") or error(db_error());
-			
+
 			// New table: `news`
 			query("CREATE TABLE IF NOT EXISTS `news` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` text NOT NULL, `time` int(11) NOT NULL, `subject` text NOT NULL, `body` text NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1;") or error(db_error());
 		case 'v0.9.2.1-dev':
@@ -81,7 +81,7 @@ if (file_exists($config['has_installed'])) {
 			// Fix broken version number/mistake
 			$version = 'v0.9.2-dev-1';
 			// Upgrade to v0.9.2-dev-2
-			
+
 			foreach ($boards as &$_board) {
 				// Increase field sizes
 				query(sprintf("ALTER TABLE `posts_%s` CHANGE  `subject` `subject` VARCHAR( 50 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL", $_board['uri'])) or error(db_error());
@@ -89,7 +89,7 @@ if (file_exists($config['has_installed'])) {
 			}
 		case 'v0.9.2-dev-2':
 			// Upgrade to v0.9.2-dev-3 (v0.9.2)
-			
+
 			foreach ($boards as &$_board) {
 				// Add `custom_fields` field
 				query(sprintf("ALTER TABLE `posts_%s` ADD `embed` TEXT NULL", $_board['uri'])) or error(db_error());
@@ -97,7 +97,7 @@ if (file_exists($config['has_installed'])) {
 		case 'v0.9.2-dev-3': // v0.9.2-dev-3 == v0.9.2
 		case 'v0.9.2':
 			// Upgrade to v0.9.3-dev-1
-			
+
 			// Upgrade `theme_settings` table
 			query("TRUNCATE TABLE `theme_settings`") or error(db_error());
 			query("ALTER TABLE  `theme_settings` ADD  `theme` VARCHAR( 40 ) NOT NULL FIRST") or error(db_error());
@@ -129,7 +129,7 @@ if (file_exists($config['has_installed'])) {
 			foreach ($boards as &$board) {
 				$tables[] = "posts_{$board['uri']}";
 			}
-			
+
 			foreach ($tables as &$table) {
 				query("ALTER TABLE  `{$table}` ENGINE = MYISAM DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci") or error(db_error());
 			}
@@ -153,10 +153,10 @@ if (file_exists($config['has_installed'])) {
 			query("ALTER TABLE  `boards` DROP PRIMARY KEY") or error(db_error());
 			query("ALTER TABLE  `reports` DROP INDEX  `id`") or error(db_error());
 			query("ALTER TABLE  `boards` DROP INDEX `uri`") or error(db_error());
-			
+
 			query("ALTER IGNORE TABLE  `robot` ADD PRIMARY KEY (`hash`)") or error(db_error());
 			query("ALTER TABLE  `bans` ADD FULLTEXT (`ip`)") or error(db_error());
-			query("ALTER TABLE  `ip_notes` ADD INDEX (`ip`)") or error(db_error());	
+			query("ALTER TABLE  `ip_notes` ADD INDEX (`ip`)") or error(db_error());
 			query("ALTER TABLE  `modlogs` ADD INDEX (`time`)") or error(db_error());
 			query("ALTER TABLE  `boards` ADD PRIMARY KEY(`uri`)") or error(db_error());
 			query("ALTER TABLE  `mutes` ADD INDEX (`ip`)") or error(db_error());
@@ -174,9 +174,9 @@ if (file_exists($config['has_installed'])) {
 					<p style="text-align:center">
 						<a href="?confirm=1">I have read and understood the agreement. Proceed to upgrading.</a>
 					</p>';
-				
+
 				file_write($config['has_installed'], 'v0.9.4-dev-2');
-				
+
 				break;
 			}
 		case 'v0.9.4-dev-3':
@@ -194,14 +194,14 @@ if (file_exists($config['has_installed'])) {
 			}
 			query("CREATE TABLE IF NOT EXISTS `cites` (  `board` varchar(8) NOT NULL,  `post` int(11) NOT NULL,  `target_board` varchar(8) NOT NULL,  `target` int(11) NOT NULL,  KEY `target` (`target_board`,`target`),  KEY `post` (`board`,`post`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;") or error(db_error());
 		case 'v0.9.5-dev-2':
-			query("ALTER TABLE  `boards` 
+			query("ALTER TABLE  `boards`
 				CHANGE  `uri`  `uri` VARCHAR( 15 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
 				CHANGE  `title`  `title` VARCHAR( 40 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
 				CHANGE  `subtitle`  `subtitle` VARCHAR( 120 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error());
 		case 'v0.9.5-dev-3':
 			// v0.9.5
 		case 'v0.9.5':
-			query("ALTER TABLE  `boards` 
+			query("ALTER TABLE  `boards`
 				CHANGE  `uri`  `uri` VARCHAR( 50 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
 				CHANGE  `title`  `title` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
 				CHANGE  `subtitle`  `subtitle` TINYTEXT CHARACTER SET utf8 COLLATE utf8_general_ci NULL") or error(db_error());
@@ -228,12 +228,12 @@ if (file_exists($config['has_installed'])) {
 				$query->bindValue(':newboard', $board['uri']);
 				$query->bindValue(':oldboard', $board['id']);
 				$query->execute() or error(db_error($query));
-				
+
 				$query = prepare("UPDATE `modlogs` SET `board` = :newboard WHERE `board` = :oldboard");
 				$query->bindValue(':newboard', $board['uri']);
 				$query->bindValue(':oldboard', $board['id']);
 				$query->execute() or error(db_error($query));
-				
+
 				$query = prepare("UPDATE `reports` SET `board` = :newboard WHERE `board` = :oldboard");
 				$query->bindValue(':newboard', $board['uri']);
 				$query->bindValue(':oldboard', $board['id']);
@@ -271,10 +271,10 @@ if (file_exists($config['has_installed'])) {
 				if (strlen($user['password']) == 40) {
 					mt_srand(microtime(true) * 100000 + memory_get_usage(true));
 					$salt = md5(uniqid(mt_rand(), true));
-			
+
 					$user['salt'] = $salt;
 					$user['password'] = hash('sha256', $user['salt'] . $user['password']);
-			
+
 					$_query = prepare("UPDATE `mods` SET `password` = :password, `salt` = :salt WHERE `id` = :id");
 					$_query->bindValue(':id', $user['id']);
 					$_query->bindValue(':password', $user['password']);
@@ -306,7 +306,7 @@ if (file_exists($config['has_installed'])) {
 					CHANGE `embed` `embed` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
 					DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;", $board['uri'])) or error(db_error());
 			}
-			
+
 			__query("ALTER TABLE  `antispam`
 				CHANGE  `board`  `board` VARCHAR( 120 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL ,
 				CHANGE  `hash`  `hash` CHAR( 40 ) CHARACTER SET ASCII COLLATE ascii_bin NOT NULL ,
@@ -466,44 +466,44 @@ if (file_exists($config['has_installed'])) {
 				) ENGINE=MyISAM  DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1") or error(db_error());
 			$listquery = query("SELECT * FROM ``bans`` ORDER BY `id`") or error(db_error());
 			while ($ban = $listquery->fetch(PDO::FETCH_ASSOC)) {
-				$query = prepare("INSERT INTO ``bans_new_temp`` VALUES 
+				$query = prepare("INSERT INTO ``bans_new_temp`` VALUES
 					(NULL, :ipstart, :ipend, :created, :expires, :board, :creator, :reason, :seen, NULL)");
-				
+
 				$range = Bans::parse_range($ban['ip']);
 				if ($range === false) {
 					// Invalid retard ban; just skip it.
 					continue;
 				}
-				
+
 				$query->bindValue(':ipstart', $range[0]);
 				if ($range[1] !== false && $range[1] != $range[0])
 					$query->bindValue(':ipend', $range[1]);
 				else
 					$query->bindValue(':ipend', null, PDO::PARAM_NULL);
-				
+
 				$query->bindValue(':created', $ban['set']);
-				
+
 				if ($ban['expires'])
 					$query->bindValue(':expires', $ban['expires']);
 				else
 					$query->bindValue(':expires', null, PDO::PARAM_NULL);
-				
+
 				if ($ban['board'])
 					$query->bindValue(':board', $ban['board']);
 				else
 					$query->bindValue(':board', null, PDO::PARAM_NULL);
-				
+
 				$query->bindValue(':creator', $ban['mod']);
-				
+
 				if ($ban['reason'])
 					$query->bindValue(':reason', $ban['reason']);
 				else
 					$query->bindValue(':reason', null, PDO::PARAM_NULL);
-				
+
 				$query->bindValue(':seen', $ban['seen']);
 				$query->execute() or error(db_error($query));
 			}
-			
+
 			// Drop old bans table
 			query("DROP TABLE ``bans``") or error(db_error());
 			// Replace with new table
@@ -535,9 +535,9 @@ if (file_exists($config['has_installed'])) {
 					<p style="text-align:center">
 						<a href="?confirm2=1">I have read and understood the agreement. Proceed to upgrading.</a>
 					</p>';
-				
+
 				file_write($config['has_installed'], '4.4.97');
-				
+
 				break;
 			}
 		case '4.4.98-pre':
@@ -553,9 +553,9 @@ if (file_exists($config['has_installed'])) {
 					<p style="text-align:center">
 						<a href="?confirm3=1">I have read and understood the warning. Proceed to upgrading.</a>
 					</p>';
-				
+
 				file_write($config['has_installed'], '4.5.2');
-				
+
 				break;
 			}
 
@@ -614,7 +614,7 @@ if (file_exists($config['has_installed'])) {
 
 			// Update version number
 			file_write($config['has_installed'], VERSION);
-			
+
 			$page['title'] = 'Upgraded';
 			$page['body'] = '<p style="text-align:center">Successfully upgraded from ' . $version . ' to <strong>' . VERSION . '</strong>.</p>';
 			break;
@@ -626,8 +626,8 @@ if (file_exists($config['has_installed'])) {
 			$page['title'] = 'Already installed';
 			$page['body'] = '<p style="text-align:center">It appears that vichan is already installed (' . $version . ') and there is nothing to upgrade! Delete <strong>' . $config['has_installed'] . '</strong> to reinstall.</p>';
 			break;
-	}			
-	
+	}
+
 	die(Element('page.html', $page));
 }
 
@@ -659,11 +659,11 @@ if ($step == 0) {
 	<p style="text-align:center">
 		<a href="?step=1">I have read and understood the agreement. Proceed to installation.</a>
 	</p>';
-	
+
 	echo Element('page.html', $page);
 } elseif ($step == 1) {
 	$page['title'] = 'Pre-installation test';
-	
+
 	$can_exec = true;
 	if (!function_exists('shell_exec'))
 		$can_exec = false;
@@ -673,12 +673,12 @@ if ($step == 0) {
 		$can_exec = false;
 	elseif (trim(shell_exec('echo "TEST"')) !== 'TEST')
 		$can_exec = false;
-	
+
 	if (!defined('PHP_VERSION_ID')) {
 		$version = explode('.', PHP_VERSION);
 		define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
 	}
-	
+
 	// Required extensions
 	$extensions = array(
 		'PDO' => array(
@@ -818,14 +818,14 @@ if ($step == 0) {
 		array(
 			'category' => 'File permissions',
 			'name' => getcwd() . '/templates/cache',
-			'result' => is_writable('templates') || (is_dir('templates/cache') && is_writable('templates/cache')),
+			'result' => is_dir('templates/cache/') && is_writable('templates/cache/'),
 			'required' => true,
 			'message' => 'You must give vichan permission to create (and write to) the <code>templates/cache</code> directory or performance will be drastically reduced.'
 		),
 		array(
 			'category' => 'File permissions',
 			'name' => getcwd() . '/tmp/cache',
-			'result' => is_dir('tmp/cache') && is_writable('tmp/cache'),
+			'result' => is_dir('tmp/cache/') && is_writable('tmp/cache/'),
 			'required' => true,
 			'message' => 'You must give vichan permission to write to the <code>tmp/cache</code> directory.'
 		),
@@ -854,7 +854,7 @@ if ($step == 0) {
 	);
 
 	$config['font_awesome'] = true;
-	
+
 	$additional_config = array();
 	foreach ($tests as $test) {
 		if ($test['result'] && isset($test['effect'])) {
@@ -877,10 +877,10 @@ if ($step == 0) {
 } elseif ($step == 2) {
 	// Basic config
 	$page['title'] = 'Configuration';
-	
+
 	$config['cookies']['salt'] = substr(base64_encode(sha1(rand())), 0, 30);
-	$config['secure_trip_salt'] = substr(base64_encode(sha1(rand())), 0, 30);	
-	
+	$config['secure_trip_salt'] = substr(base64_encode(sha1(rand())), 0, 30);
+
 	echo Element('page.html', array(
 		'body' => Element('installer/config.html', array(
 			'config' => $config,
@@ -893,7 +893,7 @@ if ($step == 0) {
 	$more = $_POST['more'];
 	unset($_POST['more']);
 
-	$instance_config = 
+	$instance_config =
 '<'.'?php
 
 /*
@@ -905,13 +905,13 @@ if ($step == 0) {
 */
 
 ';
-	
+
 	create_config_from_array($instance_config, $_POST);
-	
+
 	$instance_config .= "\n";
 	$instance_config .= $more;
 	$instance_config .= "\n";
-	
+
 	if (@file_put_contents('inc/instance-config.php', $instance_config)) {
 		header('Location: ?step=4', true, $config['redirect_http']);
 	} else {
@@ -928,34 +928,38 @@ if ($step == 0) {
 	}
 } elseif ($step == 4) {
 	// SQL installation
-	
+
 	buildJavascript();
-	
+
 	$sql = @file_get_contents('install.sql') or error("Couldn't load install.sql.");
-	
+
 	sql_open();
 	$mysql_version = mysql_version();
-	
+
 	// This code is probably horrible, but what I'm trying
 	// to do is find all of the SQL queires and put them
 	// in an array.
 	preg_match_all("/(^|\n)((SET|CREATE|INSERT).+)\n\n/msU", $sql, $queries);
 	$queries = $queries[2];
-	
+
 	$queries[] = Element('posts.sql', array('board' => 'b'));
-	
+
 	$sql_errors = '';
+	$sql_err_count = 0;
 	foreach ($queries as $query) {
 		if ($mysql_version < 50503)
 			$query = preg_replace('/(CHARSET=|CHARACTER SET )utf8mb4/', '$1utf8', $query);
 		$query = preg_replace('/^([\w\s]*)`([0-9a-zA-Z$_\x{0080}-\x{FFFF}]+)`/u', '$1``$2``', $query);
-		if (!query($query))
-			$sql_errors .= '<li>' . db_error() . '</li>';
+		if (!query($query)) {
+			$sql_err_count++;
+			$error = db_error();
+			$sql_errors .= "<li>$sql_err_count<ul><li>$query</li><li>$error</li></ul></li>";
+		}
 	}
-	
+
 	$page['title'] = 'Installation complete';
 	$page['body'] = '<p style="text-align:center">Thank you for using vichan. Please remember to report any bugs you discover. <a href="http://tinyboard.org/docs/?p=Config">How do I edit the config files?</a></p>';
-	
+
 	if (!empty($sql_errors)) {
 		$page['body'] .= '<div class="ban"><h2>SQL errors</h2><p>SQL errors were encountered when trying to install the database. This may be the result of using a database which is already occupied with a vichan installation; if so, you can probably ignore this.</p><p>The errors encountered were:</p><ul>' . $sql_errors . '</ul><p><a href="?step=5">Ignore errors and complete installation.</a></p></div>';
 	} else {
@@ -964,29 +968,28 @@ if ($step == 0) {
 			setupBoard($_board);
 			buildIndex();
 		}
-		
+
 		file_write($config['has_installed'], VERSION);
 		/*if (!file_unlink(__FILE__)) {
 			$page['body'] .= '<div class="ban"><h2>Delete install.php!</h2><p>I couldn\'t remove <strong>install.php</strong>. You will have to remove it manually.</p></div>';
 		}*/
 	}
-	
+
 	echo Element('page.html', $page);
 } elseif ($step == 5) {
 	$page['title'] = 'Installation complete';
 	$page['body'] = '<p style="text-align:center">Thank you for using vichan. Please remember to report any bugs you discover.</p>';
-	
+
 	$boards = listBoards();
 	foreach ($boards as &$_board) {
 		setupBoard($_board);
 		buildIndex();
 	}
-	
+
 	file_write($config['has_installed'], VERSION);
 	if (!file_unlink(__FILE__)) {
 		$page['body'] .= '<div class="ban"><h2>Delete install.php!</h2><p>I couldn\'t remove <strong>install.php</strong>. You will have to remove it manually.</p></div>';
 	}
-	
+
 	echo Element('page.html', $page);
 }
-

install.sql

@@ -313,7 +313,7 @@ CREATE TABLE `pages` (
   `content` text,
   PRIMARY KEY (`id`),
   UNIQUE KEY `u_pages` (`name`,`board`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
 -- --------------------------------------------------------
 

js/hud-pinning.js

@@ -0,0 +1,54 @@
+/*
+ * hud-pinning.js
+ * https://git.leftypol.org/leftypol/leftypol
+ *
+ * Released under the MIT license
+ * Copyright (c) 2024 Zankaria <zankaria (dot) auxa (at) mailu (dot) io>
+ *
+ * Usage:
+ *   $config['additional_javascript'][] = 'js/jquery.min.js';
+ *   $config['additional_javascript'][] = 'js/hud-pinning.js';
+ */
+
+/**
+ * You know the bar on the top of the page that is created if you specify the $config['boards'] array? That one.
+ * Also know the bottom bar with the "Return" button and thread update controls? Also that one.
+ *
+ * Both bars are pinned on the top and bottom of the page. This script adds an option to unpin them.
+ */
+$(document).ready(function() {
+	'use strict';
+
+	if (window.Options && Options.get_tab('general') && window.jQuery) {
+		function setHudPinning(pin) {
+			let style = pin ? '' : 'initial';
+			$('#top-hud').css('position', style);
+			$('#bottom-hud').css('position', style);
+		}
+
+		// Insert the option in the panel.
+		Options.extend_tab('general', '<label id="hud-pinning"><input type="checkbox">' + _('Unpin the top and bottom bars') + '</label>');
+
+		// Trigger if the panel's checkbox is toggled.
+		$('#hud-pinning>input').on('change', function() {
+			if (this.checked) {
+				localStorage.hud_pinning = 'false';
+				setHudPinning(false);
+			} else {
+				localStorage.hud_pinning = 'true';
+				setHudPinning(true);
+			}
+		});
+
+		// Reload on new post: allows it to work with auto-reload.js etc.
+		$(document).on('new_post', function(e, post) {
+			setHudPinning(localStorage.hud_pinning === 'true');
+		});
+
+		// Enforce the setting on loading.
+		if (localStorage.hud_pinning === 'false') {
+			$('#hud-pinning>input').attr('checked', 'checked');
+			setHudPinning(false);
+		}
+	}
+});

post.php

@@ -123,24 +123,24 @@ function db_select_thread_with_attributes($board, $thread_id)
 }
 
 /**
- * Get the threads with the given id in the given board.
+ * Get the post with the given id in the given board.
  *
  * @param string $board Board to search in. MUST ALREADY BE SANITIZED.
- * @param int $thread_id Id of the thread.
- * @return false|array Returns false if no thread exists. Otherwise, an array of arrays with the threads 'id', 'thread'
- * and 'body_nomarkup' properties.
+ * @param int $id Id of the post.
+ * @return false|array Returns false if no post exists. Otherwise, an array with the post's 'id', 'thread' and
+ * 'body_nomarkup' keys.
  */
-function db_select_threads_minimal($board, $thread_id)
+function db_select_post_minimal($board, $id)
 {
     $query = prepare(sprintf("SELECT `id`, `thread`, `body_nomarkup` FROM ``posts_%s`` WHERE `id` = :id", $board));
-    $query->bindValue(':id', $thread_id, PDO::PARAM_INT);
+    $query->bindValue(':id', $id, PDO::PARAM_INT);
     $query->execute() or error(db_error($query));
-    $threads = $query->fetch(PDO::FETCH_ASSOC);
+    $post = $query->fetch(PDO::FETCH_ASSOC);
 
-    if (!$threads) {
+    if (!$post) {
         return false;
     }
-    return $threads;
+    return $post;
 }
 
 /**
@@ -537,9 +537,21 @@ function handle_report()
     markup($reason);
 
     foreach ($report as $id) {
-        $thread = db_select_threads_minimal($board['uri'], $id);
+        $post = db_select_post_minimal($board['uri'], $id);
+        if ($post === false) {
+            if ($config['syslog']) {
+                _syslog(LOG_INFO, "Failed to report non-existing post #{$id} in {$board['dir']}");
+            }
+            error($config['error']['nopost']);
+        }
 
-        $error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason, 'link' => link_for($thread)));
+        $error = event('report', [
+            'ip' => $_SERVER['REMOTE_ADDR'],
+            'board' => $board['uri'],
+            'post' => $post,
+            'reason' => $reason,
+            'link' => link_for($post)
+        ]);
         if ($error) {
             error($error);
         }
@@ -548,7 +560,7 @@ function handle_report()
             _syslog(
                 LOG_INFO,
                 'Reported post: ' .
-                    '/' . $board['dir'] . $config['dir']['res'] . link_for($thread) . ($thread['thread'] ? '#' . $id : '') .
+                    '/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '') .
                     ' for "' . $reason . '"'
             );
 
@@ -579,20 +591,20 @@ function handle_report()
                 return $result;
             }
 
-            $postcontent = mb_substr($thread['body_nomarkup'], 0, 120) . '...  _*(POST TRIMMED)*_';
-            $slackmessage = '<' . $config['domain'] . "/mod.php?/" . $board['dir'] . $config['dir']['res'] . ($thread['thread'] ? $thread['thread'] : $id) . ".html" . ($thread['thread'] ? '#' . $id : '') . '> \n ' . $reason . '\n ' . $postcontent . '\n';
+            $postcontent = mb_substr($post['body_nomarkup'], 0, 120) . '...  _*(POST TRIMMED)*_';
+            $slackmessage = '<' . $config['domain'] . "/mod.php?/" . $board['dir'] . $config['dir']['res'] . ($post['thread'] ? $post['thread'] : $id) . ".html" . ($post['thread'] ? '#' . $id : '') . '> \n ' . $reason . '\n ' . $postcontent . '\n';
 
             $slackresult = slack($slackmessage, $config['slack_channel']);
         }
 
 
         if (isset($config['matrix'])) {
-            $reported_post_url = $config['domain'] . "/mod.php?/" . $board['dir'] . $config['dir']['res'] . ($thread['thread'] ? $thread['thread'] : $id) . ".html";
+            $reported_post_url = $config['domain'] . "/mod.php?/" . $board['dir'] . $config['dir']['res'] . ($post['thread'] ? $post['thread'] : $id) . ".html";
             $post_url = $config['matrix']['host'] . "/_matrix/client/r0/rooms/" . $config['matrix']['room_id'] . "/send/m.room.message?access_token=" . $config['matrix']['access_token'];
 
-            $trimmed_post = strlen($thread['body_nomarkup']) > $config['matrix']['max_message_length'] ? ' [...]' : '';
-            $postcontent = mb_substr($thread['body_nomarkup'], 0, $config['matrix']['max_message_length']) . $trimmed_post;
-            $matrix_message = $reported_post_url . ($thread['thread'] ? '#' . $id : '') . " \nReason:\n" . $reason . " \nPost:\n" . $postcontent . " \n";
+            $trimmed_post = strlen($post['body_nomarkup']) > $config['matrix']['max_message_length'] ? ' [...]' : '';
+            $postcontent = mb_substr($post['body_nomarkup'], 0, $config['matrix']['max_message_length']) . $trimmed_post;
+            $matrix_message = $reported_post_url . ($post['thread'] ? '#' . $id : '') . " \nReason:\n" . $reason . " \nPost:\n" . $postcontent . " \n";
             $post_data = json_encode(
                 array(
                     "msgtype" => "m.text",
@@ -1147,7 +1159,7 @@ function handle_post()
                 if (!$size = @getimagesize($file['tmp_name'])) {
                     error($config['error']['invalidimg']);
                 }
-                if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
+                if (!in_array($size[2], [IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_WEBP, IMAGETYPE_JPEG, IMAGETYPE_BMP])) {
                     error($config['error']['invalidimg']);
                 }
                 if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
@@ -1240,10 +1252,10 @@ function handle_post()
                     $thumb->_destroy();
                 }
 
-                if ($config['redraw_image'] || (!@$file['exif_stripped'] && $config['strip_exif'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg'))) {
+                if ($config['redraw_image'] || (!@$file['exif_stripped'] && $config['strip_exif'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg' || $file['extension'] == 'webp' || $file['extension'] == 'png'))) {
                     if (!$config['redraw_image'] && $config['use_exiftool']) {
                         if (
-                            $error = shell_exec_error('exiftool -overwrite_original -ignoreMinorErrors -q -q -all= ' .
+                            $error = shell_exec_error('exiftool -overwrite_original -ignoreMinorErrors -q -q -all= -Orientation ' .
                                 escapeshellarg($file['tmp_name']))
                         ) {
                             error(_('Could not strip EXIF metadata!'), null, $error);

site.conf

@@ -1,16 +0,0 @@
-server {
-    index index.php index.html;
-    error_log  /var/log/nginx/error.log;
-    access_log /var/log/nginx/access.log;
-    root /code;
-
-    location ~ \.php$ {
-        try_files $uri =404;
-        fastcgi_split_path_info ^(.+\.php)(/.+)$;
-        fastcgi_pass php:9000;
-        fastcgi_index index.php;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param PATH_INFO $fastcgi_path_info;
-    }
-}