POTI-board EVO EN v5.52.8 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.52.8 release

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

Changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

• It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
  Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
  With v5.52, you can now automatically get the canvas size from the animation file.
  However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
  For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

• potiboard.php

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16

• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
  There is also a drawing board that uses httpOnly cookies.
  satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
  Log conversion from POTI-board is also possible.
  satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

• Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
  So I externalized my JavaScript.
  This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
  We apologize for the inconvenience and the need to update templates frequently.
  A directory for JavaScript has also been added, such as templates/mono_en/js/.
  Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
  Overwrite everything in the templates/ directory if you haven't customized the templates.
  Just upload all new installations.

PaintBBS NEO Update v1.5.16

• neo.js

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php

files added

• templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

• Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

• Use uniqid() to emit user-code repcode. It now changes in micro time units.

• Increased the replacement code length from 8 to 12 characters.

• Added original error message for WAF false positive to PaintBBS NEO.

changed files

• noticemail/noticemail.inc
• neo.js
• config.php
• potiboard.php
• thumbnail_gd.php
• picpost.php
• save.php
• saveklecks.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php
• templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

• Updated Klecks.
• Fixed brush shortcut key behavior.
  Updated BladeOne to v4.7.1.

improvement

• Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
  Previously, the working file could be overwritten by another file.

• An error does not occur when the post time to be compared is in the future.
  In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
  For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

• BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
  The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

• Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

• The types of error messages have increased when posting OEKAKI images fails.

changed directories

• BladeOne/
• klecks/

changed files

• picpost.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

• When you click the image file link on the management screen, it now pops up with luminous.
  Previously, images were opened in separate tabs.
• Corrected [tweet] to [Tweet].
• Corrected [TOOL] to [Tool].

Template MONO

• Added back to top page function that is displayed when scrolling to template MONO.
• Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
  As a result, the left and right margins of the image displayed on the smartphone are the same.
  Previously, the margin on the right side of the screen was larger.
  ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

• If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
  Subresource Integrity See MDN.
  If you change the version of CheerpJ, it will not work unless you change the hash value.
  However, the calculated hash value is included in the latest version of potiboard.php
  ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the number of steps is low".

Compulsory thumbnail function is back

• Restored the force thumbnail feature that was in v1.3.
  Using the latest thumbnail_gd.php turns this feature on.
  If the file size exceeds 1MB, a thumbnail image in jpeg format will be output.
  Assumed case. If a GIF animation image file that is small in height and width but large in file size exceeds 1 MB, a thumbnail image in JPEG format will be displayed instead of the GIF animation.
  Click the image to view the original GIF animation.

others

• Changed the initial error message to switch automatically between Japanese and English.
• Reduce load by avoiding unnecessary processing. For example, if there are no comments, you don't have to check the length of the comment or the bad words, so returning immediately reduces the load.

update Klecks

Fixes an issue where white fills after using distortion tool show lines that follow the shape of the Liquify.
Added how-to video link to help page and added gradient shortcut keys section.

changed directories

• klecks/

changed files

• potiboard.php
• palette.txt
• picpost.php
• save.php
• saveklecks.php
• thumbnail_gd.php

Changed Templates

• templates/mono_en/

[2022/10/03] v5.26.8

Updated ChickenPaint to the latest version.

The attached image is a GIF animation when I did a reproduction test of the problem that the color picker is not displayed.
Updated to the latest version of ChickenPaint to avoid a bug in Google Chrome 105,106 that causes this problem.

Updated klecks to the latest version.

• Added option to use gradient tool as an eraser.
• Added vanishing point filter.

Display images using luminous.

changed directories

• chickenpaint/
• klecks/
• lib/luminous/

changed files

• potiboard.php
• search.php

Changed Templates

• templates/mono_en/

[2022/09/20] v5.26.3

Update

• Updated Klecks to latest version.
  Gradient tool and pattern filter added.
• Updated BladeOne to v4.6.

Bug fixes

• Fixed a bug that an E-WARNING level PHP error occurred when specifying an article number other than the article number of the thread's parent on the reply screen.
  Please update potiboard.php.

Improvements

• If the password field is blank for password authentication when drawing a continuation or download authentication of pch, chi, psd, the cookie password will be used instead.
  Unified to the same behavior as password authentication during edit function.
• Fixed function check_password() for password checking. Password authentication will not succeed if no password is entered and the password is not present in the cookie.
• Fixed the multilingual support of the mail notification function was insufficient.
• Increased page number spacing for template MONO.
• Fixed paint screen's clock javascript .
• Changed the unit of file size on the managed post screen from bytes to kb.

changed directories

• klecks/
• BladeOne/

changed files

• potiboard.php
• thumbnail_gd.php
• picpost.php

Changed Templates

• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php
• templates/mono_en/parts/mono_mainte_form.blade.php
• templates/mono_en/css/mono_dark.css
• templates/mono_en/css/mono_deep.css
• templates/mono_en/css/mono_main.css
• templates/mono_en/css/mono_mayo.css

[2022/08/16] v5.23.8

Update

• Updated Klecks to the latest version.
  Added noise filter.

• Updated BladeOne to v4.5.5.
• Updated jQuery to v3.6.0.
  Since the existence of the file is checked, the program will not run if the included jQuery does not exist.
  The case an error message telling you that the file does not exist.

Improvements

• Fixed clickjacking vulnerability.
  It will not be possible to display in frames or iframes.
  It's more secure, but I know some people want to display it in a frame.
  Therefore, we added a new setting item to config.php so that you can select whether or not to display it in the frame.
  If you do not need to display in the frame, you do not need to add setting items.

// Deny display in iframe:  (1: Deny, 0: Allow)
// We strongly recommend "Deny" to avoid security risks.
define('X_FRAME_OPTIONS_DENY', '1');

I think it is difficult to rewrite config.php from scratch, so if you add the above setting items anywhere, you will be able to display it in the frame.

• Improved mobile usability.
  Optimized tap target size and spacing.

• Improved page loading speed
  Prefetch externally loaded JavaScript such as jQuery and loadcookie.js to avoid rendering blocking.

• JavaScript execution timing to DOMContentLoaded.

• Fixed a fatal error if not written carefully. error() function to built-in function die().

• Enabled to change the jQuery version without touching the template directly.

• Added width and height of image in search screen.

• In order to speed up loading speed, loading="lazy" is not applied to the range displayed from the beginning.

• The JavaScript description of the timer under the PaintBBS startup screen was deprecated, so it has been fixed.
  After setting the content security policy, the clock on the drawing screen of POTI-board stopped working. ｜Satopian｜note

added files

• lib/jquery-3.6.0.min.js

changed files

• thumbnail_gd.php
• potiboard.php
• config.php
• search.php

changed directories

• klecks/

Changed Templates

• templates/mono_en/

All templates have been changed, including CSS.
We have improved the speed of the site and the ease of smartphone operation, and now you can manage the jQuery version.
However, if you have already customized it, you don't have to change the template.
Please note that the jQuery version will remain v3.5.1 in that case.

[2022/07/11] v5.20.2

Improvement

• Reduced the probability of duplicate file names when posting drawing images to 1/1000.
• Even if it is duplicated, 1 second will be added to the posting time.
• Add a process to check if there is a posted image, make sure that the drawn image is sent to the server, and then move from the drawing screen.

Update

• Klecks has been updated. Added a grid to the editing function.
• BladeOne has been updated. A minor bug has been fixed.

Changed file

• potiboard.php
• picpost.php
• save.php
• saveklecks.php

Changed directory

• BladeOne /
• klecks /

POTI-board EVO EN v5.19.1 released

[2022/06/30] v5.19.1

• Since it was confirmed that it does not work with PHP7.1, the required operating environment has been changed to PHP7.2 or higher.
  In the PHP7.1 environment, it will not start and will issue an error message telling you that the PHP version is low.
• The form is not displayed when there is no unposted image.

Files that have changed

• potiboard.php
• picpost.php

Templates that have changed

MONO

• templates/mono_en/mono_other.blade.php
• templates/mono_en/css/

[2022/06/11] v5.18.25

Bug fixes

• Fixed the issue that the layout was broken when posts omitted .

Improvement

• ChickenPaint now launches in full screen.

Files that have changed

• potiboard.php

Templates that have changed

• templates/mono_en/mono_main.blade.php
  Fixed the issue that the layout was broken when posts omitted .
• templates/mono_en/mono_paint.blade.php
  ChickenPaint is now launched in full screen.

[2022/05/25] v5.18.9

Klecks update

Updated Klecks to the latest version.

CheerpJ update to v2.3

Updated CheerpJ, which converts Java applets to JavaScript when using the painter, to v2.3.

Bug fixes

• Fixed a bug that the rejected character string and rejected url for anti-spam could not be processed correctly if they contained / (slash).
• Fixed a minor error when calculating the number of days elapsed for deleting temporary unnecessary files.
• Fixed the problem that the date and time when closing the reply in the specified number of days was not the parent's posting date and time but the latest reply posting date and time.

Improvement

• Reimplemented tripcode function.

Changed directory

• klecks/

Files that have changed

• potiboard.php
• search.php

Templates that have changed

MONO

• potiboard5/templates/mono_en/paint_klecks.blade.php
  (Error alerts now open even when the error from the server is exactly 400)

[2022/04/28] v5.16.8

Klecks has been updated.

• Several issues with the iPad OS have been fixed.
• Traditional Chinese has been added to the available languages.

The template engine BladeOne has been updated.

• BladeOne has been updated to v4.5.3.

Improvement

• If the cause of the transmission failure of klecks is a server error, the error number is displayed as an alert.
  For example, if saveklecks.php does not exist ," Error 404 "will be displayed in the alert.

• Changed the working directory of the PNGtoJPEG process to TEMP_DIR.
  Even if the process fails and the working files are left behind, they are now automatically deleted over time.

Bug fixes

• When the .pch save directory was specified other than'src/', the automatic directory creation function did not work and the required files could not be saved.
  Changed to be created automatically when the directory does not exist.

Changed directory

• klecks/
• BladeOne/

Files that have changed

• potiboard.php
• templates/mono_en/paint_klecks.blade.php

[2022/04/02] v5.16.5.1

• fix search template.
• fix main template.
  Fixed a grammatical error in the HTML of the search screen.
• Corrected incorrect English notation.
• klecks updated
  The number of layers that can be used has been increased from 8 to 16.

Changed directory

• klecks/

Files that have changed

• search.php
• templates/mono_en/search.blade.php
• templates/mono_en/mono_main.blade.php

[2022/03/25] v5.16.5

Improvement

Klecks Japanese translation

• Translated Klecks into Japanese.
  I was able to bundle a Japanese version with POTI-board.
  This new version of Klecks will automatically detect your browser's language priority and switch languages ​​for you.
  You can also specify the language to use regardless of the browser language setting.
  You can select English, German, or Japanese.
  Chinese is only in Simplified Chinese and details are still in English.
  Japanese translation resources have already been merged into the klecks repository.

The download button for the application-specific file has been created.

App-specific format list

• . Pch file (PaintBBS)
• . Chi file (ChickenPaint)
• . Psd file (Klecks)

The file containing the layer information for Klecks is a .psd file in Photoshop format.
The downloaded .psd file can be opened by CSP, SAI and many other apps.
.pch and .chi can be opened with NEO and ChickenPaint, respectively.
If you attach .pch, .chi, .psd from the administrator posting screen and press the paint button, you can load it on the canvas and post it.

Transparent PNG, change the transparent part of the thumbnail of transparent GIF to white

• Fixed the problem that the transparent part of transparent PNG was black when it was converted to JPEG.
  It is not a mistake that the transparent color is black, but since it often results in unintended results, when converting from transparent GIF or transparent PNG to JPEG, the transparent color is converted to white.

Bug fixes

• Fixed the case where a minor error occurred when operating the upload format specific to the paint application used when logging in to the administrator, and the automatic deletion function of unnecessary temporary files such as pch, chi, and psd.

BladeOne update

Updated template engine BladeOne to v4.5.

Files that have changed

• potiboard.php
• thumbnail_gd.php

Changed directory

• BladeOne/
• klecks/
  Overwrite update for each directory.

Templates that have changed

MONO EN

• templates/mono_en/mono_paint.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/template_ini.php

[2022/03/12] v5.12.0

Bug fixes

• Fixed the issues that the menu could not be operated with Apple Pencil.
  Fixed that the menu operation of ChickenPaint and Klecks could not be operated with.
  It was caused by Javascript added to the paint related template in v3.19.5.
  I deleted the corresponding Javascript and confirmed that it works normally.

Updated Klecks

• Updated Klecks to the latest version.
  A new brush has been added. You can now do mirror painting.

Changed directory

• klecks/

Files that have changed

• potiboard.php

Template MONO

• templates/mono_en/mono_paint.blade.php
• templates/mono_en/paint_klecks.blade.php

Download

You can download it from the source code link below.