Releases: satopian/poti-kaini-zh-TW
POTI-board EVO zh-TW v6.62.9 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v6.x or higher.
POTI-board EVO zh-TW v6.62.9 Release
2025/01/15 v6.62.9
NEO Has Been Updated
- PaintBBS NEO has been updated to move the scroll control processing when touching the grid area around the canvas to NEO itself.
- Previously, external JavaScript was used to prevent scrolling when touching the grid area of PaintBBS NEO.
- In v6.62.7, a feature to skip the drawing timelapse when continuing a drawing was added, but undoing immediately after fetching the image caused the canvas to become blank.
- To solve this issue, the undo history from before skipping the timelapse is not saved when you continue drawing.
Bug Fixes
- Fixed an undefined variable issue in the MONO template.
- Resolved an issue where an undefined variable error could occur due to the processing added in v6.62.7.
Changed Files
- neo.js
- potiboard.php
Changed Templates
- templates/basic_tw/paint.blade.php
2025/01/13 v6.62.8
Function Return Type Checking Implemented
- Using features introduced in PHP 7.1, function return types are now specified, and a fatal error will occur if a function does not return the expected type.
Previously, the application would continue to operate even if the returned type was not as expected.
This change makes it easier to detect bugs.
Hide "Save Playback" Checkbox for Tools Without Save Animation Functionality
- Previously, the "Save Playback" checkbox was displayed even when using paint tools like ChickenPaint that do not support Save Animation .
- The "Save Playback" checkbox will now only be displayed if the selected paint tool is PaintBBS NEO, Shi-Painter, or Tegaki.
Layout Changes for Wide Canvas in Template MONO with Shi-Painter and NEO
- When opening a wide canvas with tools like Shi-Painter, the header and footer will now adjust to the canvas width.
- Previously, only the applet would extend horizontally.
- The dynamic palette placement for NEO and Shi-Painter in the MONO template will now always be aligned to the right.
- Previously, when the browser window was narrow, the palette would wrap beneath the applet.
Return Destination from "Continue Drawing" and "Replay" Now Individual Posts
- The "Back" link from "Continue Drawing" and "Replay" now leads to the individual post.
- Previously, it would return to the top of the board.
ChickenPaint Has Been Updated
- It is now possible to merge layers while maintaining the clipping mask.
- Previously, merging a clipping layer with the lower layer would disable the clipping mask, causing the paint to spill outside the intended area.
Changed files
- BladeOne/ Overwrite and update directory
- chickenpaint/ Overwrite and update directory
- picpost.inc.php
- potiboard.php
- save.inc.php
- search.inc.php
- sns_share.inc.php
- thumbnail_gd.inc.php
Changed templates
- templates/basic_tw/basic.css
- templates/basic_tw/js/basic_common.js
- templates/basic_tw/main.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
2024/12/24 v6.59.1.1
Animation is no longer played on the PaintBBS NEO continue drawing screen
- Previously, when continuing to draw with NEO, the drawing animation of the steps taken was played, and you had to wait for the playback to finish or tap the screen to skip the playback.
- With this update, the drawing animation will no longer be played on the continue drawing screen, and only the layer information will be obtained from the animation data and output as a still image on the screen.
- This eliminates the need to tap to skip when the animation starts playing.
- This behavior is closer to the original PaintBBS.
Changed files
- neo.js
- potiboard.php
Changed template
- templates/basic_tw/paint.blade.php
2024/12/17 v6.58.0
"Share on SNS" Now Support Meta "Threads"
- You can now create shared links for Meta's SNS "Threads."
The number of files to be changed is small, but you will need to reconfigureconfig.php
to make it compatible with "Threads."
If you do not need to make it compatible with "Threads," there is no need to reconfigureconfig.php
.
$servers =
[
["X","https://x.com"],
["Bluesky","https://bsky.app"],
["Threads","https://www.threads.net"],
["pawoo.net","https://pawoo.net"],
["fedibird.com","https://fedibird.com"],
["misskey.io","https://misskey.io"],
["misskey.design","https://misskey.design"],
["nijimiss.moe","https://nijimiss.moe"],
["sushi.ski","https://sushi.ski"],
];
// Width and height of window to open when SNS sharing
//window width initial value 600
define("SNS_WINDOW_WIDTH","600");
//window height initial value 600
define("SNS_WINDOW_HEIGHT","600");
Changed files
- potiboard.php
- sns_share.inc.php
- config.php
2024/12/12 v6.57.1
Issue a warning if layer information has not been saved in PaintBBS NEO
- If time-lapse data has not been saved in PaintBBS NEO, a confirmation dialog will now be displayed saying "Layer information will not be saved.Are you sure you want to continue?".
Improved Markdown link function
- Improved Markdown link
[string](URL)
.
If there is a[]
within a[]
that specifies a string, escape it with a backslash.
When escaped, it will become a link like this
[12345] Petit Note
Example)
[\[12345\] Petit Note](https://example.com)
Changed files
- axnos/axnospaint-lib.min.js
- neo.js
- potiboard.php
- search.inc.php
Changed template
- templates/basic_tw/paint.blade.php
2024/12/08 v6.56.6
AXNOS Paint has been updated
- The UI is now easier to use even on devices with small screens.
Changed files
- axnos/ Overwrite and update directory
- potiboard.php
2024/12/04 v6.56.5
ChickenPaint Be has been updated.
- Displays the HTTP status code more clearly when the network response was not ok.
Changed files
- chickenpaint/ Overwrite and update directory
- potiboard.php
2024/12/03 v6.56.3
Review of user authentication code
- The user code has been expanded to 64 characters.
- The password is no longer used as a seed for the hash value of the authentication code when replacing an image.
- To improve the reliability of authentication, the authentication code when replacing an image now includes the article number and article ID as is.
- Added identity verification for posted images when replacing an image, and the image is posted only if the user code or IP address matches.
Fixed an issue that occurred when replacing an image/editing an article after deleting an article.
- An issue occurs when someone deletes an article while an article is continuing, and the password of a new post posted afterwards is the same.
This is because the "article number" and "password" of the newly posted article are the same.
In this case, The new post is overwritten by the "continuation" post.
The same issue occurs if you delete an article you are editing and then post a new post with the same "article number" and "password" as the article you are editing. - To avoid this issue, the UNIX time of the article is now used to check whether the article you are overwriting when "continuing" or editing is the same as the original article.
ChickenPaint Be Update
Feature request/proposal: converting brightness to opacity · Issue #4 · satopian/ChickenPaint_Be
-
Added a function to convert brightness to transparency.
-
Based on the prototype created by @SuzuSuzu-HaruHaru, we adjusted the method of calculating opacity and implemented it as a function equivalent to that of general paint software.
Changed files
- chickenpaint/ Overwrite and update directory
- potiboard.php
Changed template
- templates/basic_tw/other.blade.php
2024/11/26 v6.53.8
Code cleanup
-
The long foreach nest for image replacement has been shortened.
-
Unnecessary basename() has been removed.
-
The function that checked whether GD was available has been simplified and consolidated into a class method in thumbnail_gd.inc.php.
-
Fixed a problem where explode() would fail and cause a PHP error if a non-existent article number was intentionally specified during password authentication processing when drawing a continuation.
(This did not occur in normal use, but was recorded as a PHP error in the server error log when an invalid process was performed.) -
In PHP8.4, exit() has become a function instead of a language structure, so
exit;
without parentheses has been changed toexit();
.
exit;
without parentheses may be deprecated in future versions of PHP.
Bug fix
- Fixed a bug where additional explanations for the bulletin board were not displayed in the new post form even if they were ...
POTI-board EVO zh-TW v5.63.9 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v5.x or higher.
POTI board zh-TW v5.63.9 release
23/08/13 v5.63.9
Fixd Bug
- Fixed issue of color swatches not loading from PC in a customized version of ChickenPaint for POTI-board.
Changed files
- chickenpaint/ Overwrite directory update
- potiboard.php
- picpost.php
- save.php
- saveklecks.php
- saveneo.php
23/08/13 v5.63.8
Added option to hide [Admin mode] link.
Added this option to config.php.
// 顯示[管理模式]的鏈接 是:1 否:0
define("USE_ADMIN_LINK", "1");
// 否:0 在管理模式下隱藏鏈接。
Changed files
- config.php
- potiboard.php
Changed Templates
- templates/basic_tw/main.blade.php
23/08/07 v5.63.7
- klecks/ (Update directory by overwriting)
- potiboard.php
- templates/basic_tw/paint_klecks.blade.php
23/08/04 v5.63.6.1
Updated Klecks and Tegaki
- klecks/ (Update directory by overwriting)
- tegaki/ (Update directory by overwriting)
23/07/28 v5.63.6
Bug fix
- potiboard.php
- search.inc.php
(Some variables were undefined.) - templates/basic_tw/paint_tegaki.blade.php
(When used on an iPad, the screen was being magnified by double-tap zoom.)
23/07/13 v5.63.3
You can now set the width and height of the window that opens when sharing on SNS in config.php.
Added a new setting item to config.php.
""
// Width and height of window to open when SNS sharing
//window width initial value 350
define("SNS_WINDOW_WIDTH","350");
//window height initial value 490
define("SNS_WINDOW_HEIGHT","490");
""
When adding a server for SNS sharing, the height of the shared screen window was insufficient and scrolling was sometimes required.
Solved the problem by making it possible to set the width and height of the shared screen of the server list when sharing with SNS.
If the above setting items do not exist in config.php, the default values of 350px width and 490px height will be applied.
Changed files
- potiboard.php
- config.php (Update only if you need new configuration items)
Changed Templates
- templates/basic_tw/js/basic_common.js
- templates/basic_tw/main.blade.php
- templates/basic_tw/res.blade.php
[2023/07/12] v5.63.2
Improved selection operability of SNS server to share posts
Servers to share can be selected not only directly above the label string, but also by tapping the right margin of the label.
- set_share_server.blade.php
Fixed HTML grammar errors.
Changed file
- potiboard.php
Changed Template
- templates/basic_tw/set_share_server.blade.php
[2023/07/11] v5.63.1
Replace search.php with search.inc.php
The structure of jsearch.php has been fundamentally overhauled, modified and incorporated into potiboard.php.
Search results that were previously displayed with a URL like search.php?
. The URL will be changed like potiboard.php?mode=search&
.
Search is not case sensitive
Name searches are now case insensitive when the exact match option is selected.
Changed files
- potiboard.php
- search.inc.php
Changed Templates
- templates/basic_tw/main.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
- templates/basic_tw/search.css
[2023/07/08] v5.62.3
Bug fixes
Search function was not working.
This bug was introduced in v5.58.10 and fixed in v5.62.2.
From "Tweet button" to "Twitter", "Mastodon" and "Misskey" sharing.
In addition to "Twitter", you can now share posts on short-text posting SNS such as "Mastodon" and "Misskey".
You can also change it to a conventional tweet button by setting it in config.php.
You can also edit the list of "Mastodon" and "Misskey" servers.
/* ---------- SNS share function advanced settings ---------- */
//Include Mastodon and Misskey servers in the share function
// (1: Include, 0: Do not include)
define("SWITCH_SNS","1");
// Servers displayed in the list when sharing on SNS
//Example ["Display name","https://example.com (SNS server URL)"], (comma is required at the end)
$servers =
[
["Twitter","https://twitter.com"],
["mstdn.jp","https://mstdn.jp"],
["pawoo.net","https://pawoo.net"],
["fedibird.com","https://fedibird.com"],
["misskey.io","https://misskey.io"],
["misskey.design","https://misskey.design"],
["nijimiss.moe","https://nijimiss.moe"],
["sushi.ski","https://sushi.ski"],
];
If this setting item does not exist in config.php, the above setting will be applied by default.
If you do not need detailed settings, please use the config.php you are currently using as it is.
Changed files
- config.php
- potiboard.php
- search.php
- sns_share.inc.php
Changed template
Changed directory
- templates/basic_tw/icomoon/
Changed files
- templates/basic_tw/basic.css
- templates/basic_tw/catalog.blade.php
- templates/basic_tw/js/basic_common.js
- templates/basic_tw/main.blade.php
- templates/basic_tw/other.blade.php
- templates/basic_tw/paint_klecks.blade.php
- templates/basic_tw/paint_tegaki.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
- templates/basic_tw/set_share_server.blade.php
- templates/basic_tw/tgkr_view.blade.php
POTI board EVO EN v5.61.2 release
[2023/06/24] v5.61.2
Added support for the drawing application tegaki.js.
Improved "copy poster name" functionality.
It now add at the cursor position in the text field.
Previously, it was added at the end of the line.
Changed directory
- chickenpaint/
- tegaki/
Changed files
- potiboard.php
- saveklecks.php
- config.php
Changed templates
Changed directory
- templates/basic_tw/icomoon/ Update by overwriting directory
Changed files
- templates/basic_tw/main.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/paint_tegaki.blade.php
- templates/basic_tw/parts/copyright.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/tgkr_view.blade.php
[2023/06/11] v5.60.0
Fixed deprecated JavaScript syntax in paint app
- Updated PaintBBS NEO to v1.6.0.
- Updated to original modified version of ChickenPaint.
- The paint app Klecks has two layers at startup.
Changed directory
- chickenpaint/ overwrite update chickenpaint/ directory
Changed files
- neo.js
- potiboard.php
Changed template
- templates/basic_tw/paint_klecks.blade.php
POTI-board EVO zh-TW v5.59.0 release
[2023/05/20] v5.59.0
Bug fixes
- Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
- This bug was introduced in v5.58.6 and fixed in v5.59.0.
Updating jQuery
- Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
- jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.
Fixed deprecated JavaScript and jQuery syntax
- templates/basic_tw/js/basic_common.js
Fixed deprecated JavaScript and jQuery syntax in each file.
changed files
- potiboard.php
added files
- lib/jquery-3.7.0.min.js
Changed template
- templates/basic_tw/js/basic_common.js
[2023/05/07] v5.58.9.1
Klecks update
- Overwrite update of klecks/ directory
Blade One update
- Update by overwriting BladeOne/ directory
Changed Templates
- templates/basic_tw/js/basic_common.js
- templates/basic_tw/other.blade.php
(fixes deprecated jQuery syntax)
[2023/05/03] v5.58.9
klecks update
changed directories
- Overwrite updated klecks/ directory
changed files
- potiboard.php
[2023/04/25] v5.58.8
ChickenPaint update
- Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.
changed directories
- Overwrite updated chickenpaint/ directory
changed files
- potiboard.php
Changed Templates
- templates/basic_tw/paint.blade.php
[2023/04/13] v5.58.5
ChickenPaint update
- In order to deal with the problem that the aspect ratio of the drawing area is broken when the orientation of the device is changed on the iPad, we have included a version of ChickenPaint that has been customized and built independently. (Temporary measure until the problem is resolved)
- This issue only occurs when using ChickenPaint in fullscreen mode.
- Therefore, I stopped starting in full screen mode and started in normal mode.
Improvements
-
Fix WCS dynamic palette script's deprecated JavaScript Rewrote substr() to substring() .
String.prototype.substr() - JavaScript | MDN MDN -
Added a "Post in the same thread" checkbox.
Added a "Post in the same thread" checkbox.
However, in the case of "image replacement", there is no choice but to post in the same thread, so this ...
POTI-board EVO zh-TW v5.60.0 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v5.x or higher.
POTI board EVO v5.60.0 release
[2023/06/11] v5.60.0
Fixed deprecated JavaScript syntax in paint app
- Updated PaintBBS NEO to v1.6.0.
- Updated to original modified version of ChickenPaint.
- The paint app Klecks has two layers at startup.
Changed directory
- chickenpaint/ overwrite update chickenpaint/ directory
Changed files
- neo.js
- potiboard.php
Changed template
- templates/basic_tw/paint_klecks.blade.php
POTI-board EVO zh-TW v5.59.0 release
[2023/05/20] v5.59.0
Bug fixes
- Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
- This bug was introduced in v5.58.6 and fixed in v5.59.0.
Updating jQuery
- Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
- jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.
Fixed deprecated JavaScript and jQuery syntax
- templates/basic_tw/js/basic_common.js
Fixed deprecated JavaScript and jQuery syntax in each file.
changed files
- potiboard.php
added files
- lib/jquery-3.7.0.min.js
Changed template
- templates/basic_tw/js/basic_common.js
[2023/05/07] v5.58.9.1
Klecks update
- Overwrite update of klecks/ directory
Blade One update
- Update by overwriting BladeOne/ directory
Changed Templates
- templates/basic_tw/js/basic_common.js
- templates/basic_tw/other.blade.php
(fixes deprecated jQuery syntax)
[2023/05/03] v5.58.9
klecks update
changed directories
- Overwrite updated klecks/ directory
changed files
- potiboard.php
[2023/04/25] v5.58.8
ChickenPaint update
- Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.
changed directories
- Overwrite updated chickenpaint/ directory
changed files
- potiboard.php
Changed Templates
- templates/basic_tw/paint.blade.php
[2023/04/13] v5.58.5
ChickenPaint update
- In order to deal with the problem that the aspect ratio of the drawing area is broken when the orientation of the device is changed on the iPad, we have included a version of ChickenPaint that has been customized and built independently. (Temporary measure until the problem is resolved)
- This issue only occurs when using ChickenPaint in fullscreen mode.
- Therefore, I stopped starting in full screen mode and started in normal mode.
Improvements
-
Fix WCS dynamic palette script's deprecated JavaScript Rewrote substr() to substring() .
String.prototype.substr() - JavaScript | MDN MDN -
Added a "Post in the same thread" checkbox.
Added a "Post in the same thread" checkbox.
However, in the case of "image replacement", there is no choice but to post in the same thread, so this option is unnecessary.
Therefore, I used JavaScript to display the "Post in the same thread" checkbox only when a new post is selected.
- bad host chek
When a user has the same host name and IP address, we made it possible to specify a few characters from the front of the IP address displayed as the host name and reject it with a prefix match.
$badhost =["example.com","100.100.200"];
If set like this:
"example.com" will be rejected with a suffix match, and "100.100.200" will be rejected with a prefix match.
changed directories
- Overwrite updated chickenpaint/ directory
- Update by overwriting BladeOne/ directory
changed files
-potiboard.php
-search.php
Changed Templates
Overwrite updated templates/basic_tw/ directory
[2023/02/26] v5.56.3
Updated Klecks to latest version
- Dark theme is now selectable.
- Added French language support.
- Fixed touch gesture freezing issue on iPhone and iPad.
Updated BladeOne to latest version
- Updated BladeOne to v4.8.
Improvements
- Fixed that the order of the search screen was not in the latest order.
- Improved search screen code.
changed directory
- klecks/ directory
- BladeOne/ directory
changed files
-potiboard.php
-search.php
changed Templates
- templates/basic_tw/search.blade.php
Improved translations on the search screen.
[2023/02/11] v5.56.2.3
Bug fix
changed Templates
- templates/basic_tw/paint_klecks.blade.php
Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.
[2023/02/09] v5.56.2.2
- Added missing klecks help file.
[2023/02/05] v5.56.2
You can now configure whether or not to use the URL input field in config.php.
//使用 URL 輸入字段 是:1 否:0
define("USE_URL_INPUT_FIELD", "1");
//否:0,URL字段從表單輸入字段中消失。
// 即使表單是偽造的,也不會輸入 URL。
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.
In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http://
is omitted, it should be almost impossible to write URL of advertisement spam.
Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.
It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.
In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.
If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.
changed files
- neo.js
- potiboard.php
- config.php
config.php only needs to be updated if new configuration items are needed.
changed Templates
- templates/basic_tw/js/basic_common.js
- templates/basic_tw/other.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/res.blade.php
[2023/01/19] v5.55.8.5
Bug fixes
- PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
Overwrite and updatesaveneo.php
.
changed files
- saveneo.php
[2023/01/14] v5.55.8.2
Bug fix
Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".
changed files
modified file
picpost.php
save.php
saveklecks.php
saveneo.php
[2023/01/14] v5.55.8.1
- fixd saveneo.php
Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.
[2023/01/13] v5.55.8
Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.
- In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo
Important changes
-
Receipt of shi-Painter data is done by
picpost.php
as before.
However, the data of PaintBBS NEO is received by newly addedsaveneo.php
.
If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
Transfer it to the same directory as potiboard.php.
Please update -
Updated Paint screen template
mono_paint.blade.php
A parameter has been added to switch to the formData submit mode.
Changed the config.php
Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one ap...
POTI-board EVO zh-TW v5.58.6 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v5.x or higher.
POTI-board EVO zh-TW v5.58.6 release
[2023/04/25] v5.58.6
Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.
changed files
-potiboard.php
changed directories
-
Overwrite updated chickenpaint/ directory
-
Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.
[2023/04/13] v5.58.5
ChickenPaint update
- In order to deal with the problem that the aspect ratio of the drawing area is broken when the orientation of the device is changed on the iPad, we have included a version of ChickenPaint that has been customized and built independently. (Temporary measure until the problem is resolved)
- This issue only occurs when using ChickenPaint in fullscreen mode.
- Therefore, I stopped starting in full screen mode and started in normal mode.
You can switch the display to full screen mode by selecting full screen mode from ChickenPaint's menu bar.
Improvements
-
Fix WCS dynamic palette script's deprecated JavaScript Rewrote substr() to substring() .
String.prototype.substr() - JavaScript | MDN MDN -
Added a "Post in the same thread" checkbox.
Added a "Post in the same thread" checkbox.
However, in the case of "image replacement", there is no choice but to post in the same thread, so this option is unnecessary.
Therefore, I used JavaScript to display the "Post in the same thread" checkbox only when a new post is selected.
- bad host chek
When a user has the same host name and IP address, we made it possible to specify a few characters from the front of the IP address displayed as the host name and reject it with a prefix match.
$badhost =["example.com","100.100.200"];
If set like this:
"example.com" will be rejected with a suffix match, and "100.100.200" will be rejected with a prefix match.
changed directories
- Overwrite updated chickenpaint/ directory
- Update by overwriting BladeOne/ directory
changed files
-potiboard.php
-search.php
Changed Templates
Overwrite updated templates/basic_tw/ directory
[2023/02/26] v5.56.3
Updated Klecks to latest version
- Dark theme is now selectable.
- Added French language support.
- Fixed touch gesture freezing issue on iPhone and iPad.
Updated BladeOne to latest version
- Updated BladeOne to v4.8.
Improvements
- Fixed that the order of the search screen was not in the latest order.
- Improved search screen code.
changed directory
- klecks/ directory
- BladeOne/ directory
changed files
-potiboard.php
-search.php
changed Templates
- templates/basic_tw/search.blade.php
Improved translations on the search screen.
[2023/02/11] v5.56.2.3
Bug fix
changed Templates
- templates/basic_tw/paint_klecks.blade.php
Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.
[2023/02/09] v5.56.2.2
- Added missing klecks help file.
[2023/02/05] v5.56.2
You can now configure whether or not to use the URL input field in config.php.
//使用 URL 輸入字段 是:1 否:0
define("USE_URL_INPUT_FIELD", "1");
//否:0,URL字段從表單輸入字段中消失。
// 即使表單是偽造的,也不會輸入 URL。
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.
In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http://
is omitted, it should be almost impossible to write URL of advertisement spam.
Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.
It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.
In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.
If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.
changed files
- neo.js
- potiboard.php
- config.php
config.php only needs to be updated if new configuration items are needed.
changed Templates
- templates/basic_tw/js/basic_common.js
- templates/basic_tw/other.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/res.blade.php
[2023/01/19] v5.55.8.5
Bug fixes
- PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
Overwrite and updatesaveneo.php
.
changed files
- saveneo.php
[2023/01/14] v5.55.8.2
Bug fix
Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".
changed files
modified file
picpost.php
save.php
saveklecks.php
saveneo.php
[2023/01/14] v5.55.8.1
- fixd saveneo.php
Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.
[2023/01/13] v5.55.8
Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.
- In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo
Important changes
-
Receipt of shi-Painter data is done by
picpost.php
as before.
However, the data of PaintBBS NEO is received by newly addedsaveneo.php
.
If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
Transfer it to the same directory as potiboard.php.
Please update -
Updated Paint screen template
mono_paint.blade.php
A parameter has been added to switch to the formData submit mode.
Changed the config.php
Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one app to use, the pull-down menu for app selection disappears and the screen becomes clean.
Limited by drawing time
For example, if you want to reject submissions with only lines drawn in less than 1 minute,
// Security timer (unit: seconds). If not set, use ""
define("SECURITY_TIMER", "");
It was possible to specify the minimum required drawing time with , but until now, it was effective only for Shi-Painter and PaintBBS NEO.
With this update, ChickenPaint and Klecks now have this setting enabled.
In the old method, when there was a violation, it was possible to jump to another site (for example, the Metropolitan Police Department site), but instead of that method, an alert will open "Please draw for another 30 seconds.".
changed files
- neo.js
- picpost.php
- potiboard.php
- save.php
- saveklecks.php
- saveneo.php
- config.php
Those who do not need new setting items do not need to update.
Changed Templates
MONO
- templates/mono_en/mono_main.blade.php
- templates/mono_en/mono_other.blade.php
- templates/mono_en/mono_paint.blade.php
- templates/mono_en/paint_klecks.blade.php
- templates/mono_en/parts/mono_paint_form.blade.php
Please update only those who need newly added setting items.
- You also need to update the parts/ directory, like parts/paint_form.blade.php.
If you haven't customized the template, it's okay to overwrite the entire templates/ directory.
[2022/12/30] v5.52.8
It is now possible to extract the width and height from the old Java version ...
POTI-board EVO zh-TW v5.56.3 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v5.x or higher.
POTI-board EVO zh-TW v5.56.3 release
[2023/02/26] v5.56.3
Updated Klecks to latest version
- Dark theme is now selectable.
- Added French language support.
- Fixed touch gesture freezing issue on iPhone and iPad.
Updated BladeOne to latest version
- Updated BladeOne to v4.8.
Improvements
- Fixed that the order of the search screen was not in the latest order.
- Improved search screen code.
changed directory
- klecks/ directory
- BladeOne/ directory
changed files
-potiboard.php
-search.php
changed Templates
- templates/basic_tw/search.blade.php
Improved translations on the search screen.
[2023/02/11] v5.56.2.3
Bug fix
changed Templates
- templates/basic_tw/paint_klecks.blade.php
Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.
[2023/02/09] v5.56.2.2
- Added missing klecks help file.
[2023/02/05] v5.56.2
You can now configure whether or not to use the URL input field in config.php.
//使用 URL 輸入字段 是:1 否:0
define("USE_URL_INPUT_FIELD", "1");
//否:0,URL字段從表單輸入字段中消失。
// 即使表單是偽造的,也不會輸入 URL。
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.
In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http://
is omitted, it should be almost impossible to write URL of advertisement spam.
Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.
It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.
In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.
If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.
changed files
- neo.js
- potiboard.php
- config.php
config.php only needs to be updated if new configuration items are needed.
changed Templates
- templates/basic_tw/js/basic_common.js
- templates/basic_tw/other.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/res.blade.php
[2023/01/19] v5.55.8.5
Bug fixes
- PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
Overwrite and updatesaveneo.php
.
changed files
- saveneo.php
[2023/01/14] v5.55.8.2
Bug fix
Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".
changed files
modified file
picpost.php
save.php
saveklecks.php
saveneo.php
[2023/01/14] v5.55.8.1
- fixd saveneo.php
Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.
[2023/01/13] v5.55.8
Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.
- In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo
Important changes
-
Receipt of shi-Painter data is done by
picpost.php
as before.
However, the data of PaintBBS NEO is received by newly addedsaveneo.php
.
If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
Transfer it to the same directory as potiboard.php.
Please update -
Updated Paint screen template
mono_paint.blade.php
A parameter has been added to switch to the formData submit mode.
Changed the config.php
Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one app to use, the pull-down menu for app selection disappears and the screen becomes clean.
Limited by drawing time
For example, if you want to reject submissions with only lines drawn in less than 1 minute,
// Security timer (unit: seconds). If not set, use ""
define("SECURITY_TIMER", "");
It was possible to specify the minimum required drawing time with , but until now, it was effective only for Shi-Painter and PaintBBS NEO.
With this update, ChickenPaint and Klecks now have this setting enabled.
In the old method, when there was a violation, it was possible to jump to another site (for example, the Metropolitan Police Department site), but instead of that method, an alert will open "Please draw for another 30 seconds.".
changed files
- neo.js
- picpost.php
- potiboard.php
- save.php
- saveklecks.php
- saveneo.php
- config.php
Those who do not need new setting items do not need to update.
Changed Templates
MONO
- templates/mono_en/mono_main.blade.php
- templates/mono_en/mono_other.blade.php
- templates/mono_en/mono_paint.blade.php
- templates/mono_en/paint_klecks.blade.php
- templates/mono_en/parts/mono_paint_form.blade.php
Please update only those who need newly added setting items.
- You also need to update the parts/ directory, like parts/paint_form.blade.php.
If you haven't customized the template, it's okay to overwrite the entire templates/ directory.
[2022/12/30] v5.52.8
It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.
All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.
Changed files
- potiboard.php
Changed Templates
- templates/mono_en/mono_other.blade.php
- templates/mono_en/parts/mono_paint_form.blade.php
[2022/12/28] v5.52.2
Improved. PaintBBS NEO animation file upload painting made easy.
- It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
With v5.52, you can now automatically get the canvas size from the animation file.
However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.
↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi
file and the Klecks .psd
file (Photoshop format). I created this GIF animation for description.
changed files
- potiboard.php
[2022/12/24] v5.51.0
- PaintBBS NEO update v1.5.16
- Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
POTI-board uses JavaScript to load cookies into static HTML files.
Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
However, it is safer to use httpOnly co...
POTI-board EVO zh-TW v5.55.8.5 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v5.x or higher.
POTI-board EVO zh-TW v5.55.8.5 release
[2023/01/19] v5.55.8.5
Bug fixes
- PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
Overwrite and updatesaveneo.php
.
changed files
- saveneo.php
[2023/01/14] v5.55.8.2
Bug fix
Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".
changed files
- picpost.php
- save.php
- saveklecks.php
- saveneo.php
[2022/01/14] v5.55.8.1
- fixd saveneo.php
Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.
[2022/01/13] v5.55.8
Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.
- In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo
Important changes
-
Receipt of shi-Painter data is done by
picpost.php
as before.
However, the data of PaintBBS NEO is received by newly addedsaveneo.php
.
If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
Transfer it to the same directory as potiboard.php.
Please update -
Updated Paint screen template
paint.blade.php
A parameter has been added to switch to the formData submit mode.
Changed the config.php
Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one app to use, the pull-down menu for app selection disappears and the screen becomes clean.
Limited by drawing time
For example, if you want to reject submissions with only lines drawn in less than 1 minute,
// Security timer (unit: seconds). If not set, use ""
define("SECURITY_TIMER", "");
It was possible to specify the minimum required drawing time with , but until now, it was effective only for Shi-Painter and PaintBBS NEO.
With this update, ChickenPaint and Klecks now have this setting enabled.
In the old method, when there was a violation, it was possible to jump to another site (for example, the Metropolitan Police Department site), but instead of that method, an alert will open "Please draw for another 30 seconds.".
changed files
- neo.js
- picpost.php
- potiboard.php
- save.php
- saveklecks.php
- saveneo.php
- config.php
Those who do not need new setting items do not need to update.
Changed Templates
- templates/basic_tw/main.blade.php
- templates/basic_tw/other.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/paint_klecks.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- You also need to update the parts/ directory, like parts/paint_form.blade.php.
If you haven't customized the template, it's okay to overwrite the entire templates/ directory.
[2022/12/30] v5.52.8
It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.
All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.
Changed files
- potiboard.php
Changed Templates
- templates/basic_tw/other.blade.php
- templates/basic_tw/parts/paint_form.blade.php
[2022/12/28] v5.52.2
Improved. PaintBBS NEO animation file upload painting made easy.
- It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
With v5.52, you can now automatically get the canvas size from the animation file.
However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.
↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi
file and the Klecks .psd
file (Photoshop format). I created this GIF animation for description.
changed files
- potiboard.php
[2022/12/24] v5.51.0
-
PaintBBS NEO update v1.5.16
-
Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
POTI-board uses JavaScript to load cookies into static HTML files.
Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
There is also a drawing board that uses httpOnly cookies.
satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
Log conversion from POTI-board is also possible.
satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board -
Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
So I externalized my JavaScript.
This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
We apologize for the inconvenience and the need to update templates frequently.
A directory for JavaScript has also been added, such astemplates/mono_en/js/
.
Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
Overwrite everything in thetemplates/
directory if you haven't customized the templates.
Just upload all new installations.
PaintBBS NEO Update v1.5.16
- neo.js
changed files
- potiboard.php
Changed Templates
- templates/basic_tw/catalog.blade.php
- templates/basic_tw/main.blade.php
- templates/basic_tw/other.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
files added
- templates/basic_tw/js/basic_common.js
[2022/12/21] v5.50.11
Improvements
- Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
- Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
- Add same-origin check. Illegal posts from different origins are now rejected.
However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started. - Protection against directory traversal attacks. Invalidate hierarchies such as
../../
in basename() when variables are entered in fopen(). - Rejection when the password is incorrect 5 times in a row.
If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
If you want to use this function, please add the following setting items anywhere in config.php.
/safety/
//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");
// Access via ftp etc.
// Remove thetemplates/errorlog/error.log
and you should be able to login again.
//This file contains the IP addresses of clien...
POTI-board EVO zh-TW v5.52.8 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v5.x or higher.
POTI-board EVO zh-TW v5.52.8 release
[2022/12/30] v5.52.8
It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.
All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.
Changed files
- potiboard.php
Changed Templates
- templates/basic_tw/other.blade.php
- templates/basic_tw/parts/paint_form.blade.php
[2022/12/28] v5.52.2
Improved. PaintBBS NEO animation file upload painting made easy.
- It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
With v5.52, you can now automatically get the canvas size from the animation file.
However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.
↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi
file and the Klecks .psd
file (Photoshop format). I created this GIF animation for description.
changed files
- potiboard.php
[2022/12/24] v5.51.0
-
PaintBBS NEO update v1.5.16
-
Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
POTI-board uses JavaScript to load cookies into static HTML files.
Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
There is also a drawing board that uses httpOnly cookies.
satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
Log conversion from POTI-board is also possible.
satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board -
Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
So I externalized my JavaScript.
This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
We apologize for the inconvenience and the need to update templates frequently.
A directory for JavaScript has also been added, such astemplates/mono_en/js/
.
Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
Overwrite everything in thetemplates/
directory if you haven't customized the templates.
Just upload all new installations.
PaintBBS NEO Update v1.5.16
- neo.js
changed files
- potiboard.php
Changed Templates
- templates/basic_tw/catalog.blade.php
- templates/basic_tw/main.blade.php
- templates/basic_tw/other.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
files added
- templates/basic_tw/js/basic_common.js
[2022/12/21] v5.50.11
Improvements
- Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
- Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
- Add same-origin check. Illegal posts from different origins are now rejected.
However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started. - Protection against directory traversal attacks. Invalidate hierarchies such as
../../
in basename() when variables are entered in fopen(). - Rejection when the password is incorrect 5 times in a row.
If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
If you want to use this function, please add the following setting items anywhere in config.php.
/safety/
//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");
// Access via ftp etc.
// Remove thetemplates/errorlog/error.log
and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.
-
Changed the method to get IP address and host name because some servers cannot get IP address with getenv().
-
Use uniqid() to emit user-code repcode. It now changes in micro time units.
-
Increased the replacement code length from 8 to 12 characters.
-
Added original error message for WAF false positive to PaintBBS NEO.
changed files
- noticemail/noticemail.inc
- potiboard.php
- config.php
- neo.js
- thumbnail_gd.php
- picpost.php
- save.php
- saveklecks.php
Changed Templates
- templates/basic_tw/main.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/paint_klecks.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
- templates/basic_tw/template_ini.php
[2022/11/30] v5.36.8
update
- Updated Klecks.
Fixed brush shortcut key behavior. - Updated BladeOne to v4.7.1.
improvement
-
Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
Previously, the working file could be overwritten by another file. -
An error does not occur when the post time to be compared is in the future.
In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error. -
BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php. -
Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).
-
The types of error messages have increased when posting OEKAKI images fails.
changed directories
- BladeOne/
- klecks/
changed files
- picpost.php
- potiboard.php
Changed Templates
- templates/basic_tw/paint_klecks.blade.php
[2022/10/29] v5.35.3
Improvements
Template Common
- When you click the image file link on the management screen, it now pops up with luminous.
Previously, images were opened in separate tabs. - Corrected [tweet] to [Tweet].
- Corrected [TOOL] to [Tool].
Template MONO
- Added back to top page function that is displayed when scrolling to template MONO.
- Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
As a result, the left and right margins of the image displayed on the smartphone are the same.
Previously, the margin on the right side of the screen was larger.
・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.
Security
- If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
Subresource Integrity See MDN.
If you change the version of CheerpJ, it will not work unless you change the hash value.
However, the calculated hash value is included in the latest version of potiboard.php
・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.
When using Shii applet and PaintBBS ...
POTI-board EVO zh-TW v5.52.2 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v5.x or higher.
POTI-board EVO zh-TW v5.52.2 release
[2022/12/28] v5.52.2
Improved. PaintBBS NEO animation file upload painting made easy.
- It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
With v5.52, you can now automatically get the canvas size from the animation file.
However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.
↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi
file and the Klecks .psd
file (Photoshop format). I created this GIF animation for description.
changed files
- potiboard.php
[2022/12/24] v5.51.0
-
PaintBBS NEO update v1.5.16
-
Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
POTI-board uses JavaScript to load cookies into static HTML files.
Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
There is also a drawing board that uses httpOnly cookies.
satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
Log conversion from POTI-board is also possible.
satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board -
Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
So I externalized my JavaScript.
This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
We apologize for the inconvenience and the need to update templates frequently.
A directory for JavaScript has also been added, such astemplates/mono_en/js/
.
Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
Overwrite everything in thetemplates/
directory if you haven't customized the templates.
Just upload all new installations.
PaintBBS NEO Update v1.5.16
- neo.js
changed files
- potiboard.php
Changed Templates
- templates/basic_tw/catalog.blade.php
- templates/basic_tw/main.blade.php
- templates/basic_tw/other.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
files added
- templates/basic_tw/js/basic_common.js
[2022/12/21] v5.50.11
Improvements
- Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
- Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
- Add same-origin check. Illegal posts from different origins are now rejected.
However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started. - Protection against directory traversal attacks. Invalidate hierarchies such as
../../
in basename() when variables are entered in fopen(). - Rejection when the password is incorrect 5 times in a row.
If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
If you want to use this function, please add the following setting items anywhere in config.php.
/safety/
//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");
// Access via ftp etc.
// Remove thetemplates/errorlog/error.log
and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.
-
Changed the method to get IP address and host name because some servers cannot get IP address with getenv().
-
Use uniqid() to emit user-code repcode. It now changes in micro time units.
-
Increased the replacement code length from 8 to 12 characters.
-
Added original error message for WAF false positive to PaintBBS NEO.
changed files
- noticemail/noticemail.inc
- potiboard.php
- config.php
- neo.js
- thumbnail_gd.php
- picpost.php
- save.php
- saveklecks.php
Changed Templates
- templates/basic_tw/main.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/paint_klecks.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
- templates/basic_tw/template_ini.php
[2022/11/30] v5.36.8
update
- Updated Klecks.
Fixed brush shortcut key behavior. - Updated BladeOne to v4.7.1.
improvement
-
Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
Previously, the working file could be overwritten by another file. -
An error does not occur when the post time to be compared is in the future.
In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error. -
BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php. -
Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).
-
The types of error messages have increased when posting OEKAKI images fails.
changed directories
- BladeOne/
- klecks/
changed files
- picpost.php
- potiboard.php
Changed Templates
- templates/basic_tw/paint_klecks.blade.php
[2022/10/29] v5.35.3
Improvements
Template Common
- When you click the image file link on the management screen, it now pops up with luminous.
Previously, images were opened in separate tabs. - Corrected [tweet] to [Tweet].
- Corrected [TOOL] to [Tool].
Template MONO
- Added back to top page function that is displayed when scrolling to template MONO.
- Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
As a result, the left and right margins of the image displayed on the smartphone are the same.
Previously, the margin on the right side of the screen was larger.
・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.
Security
- If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
Subresource Integrity See MDN.
If you change the version of CheerpJ, it will not work unless you change the hash value.
However, the calculated hash value is included in the latest version of potiboard.php
・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.
When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.
・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the ...
POTI-board EVO zh-TW v5.51.0 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v5.x or higher.
POTI-board EVO zh-TW v5.51.0 release
[2022/12/24] v5.51.0
-
PaintBBS NEO update v1.5.16
-
Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
POTI-board uses JavaScript to load cookies into static HTML files.
Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
There is also a drawing board that uses httpOnly cookies.
satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
Log conversion from POTI-board is also possible.
satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board -
Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
So I externalized my JavaScript.
This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
We apologize for the inconvenience and the need to update templates frequently.
A directory for JavaScript has also been added, such astemplates/mono_en/js/
.
Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
Overwrite everything in thetemplates/
directory if you haven't customized the templates.
Just upload all new installations.
PaintBBS NEO Update v1.5.16
- neo.js
changed files
- potiboard.php
Changed Templates
- templates/basic_tw/catalog.blade.php
- templates/basic_tw/main.blade.php
- templates/basic_tw/other.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
files added
- templates/basic_tw/js/basic_common.js
[2022/12/21] v5.50.11
Improvements
- Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
- Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
- Add same-origin check. Illegal posts from different origins are now rejected.
However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started. - Protection against directory traversal attacks. Invalidate hierarchies such as
../../
in basename() when variables are entered in fopen(). - Rejection when the password is incorrect 5 times in a row.
If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
If you want to use this function, please add the following setting items anywhere in config.php.
/safety/
//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");
// Access via ftp etc.
// Remove thetemplates/errorlog/error.log
and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.
-
Changed the method to get IP address and host name because some servers cannot get IP address with getenv().
-
Use uniqid() to emit user-code repcode. It now changes in micro time units.
-
Increased the replacement code length from 8 to 12 characters.
-
Added original error message for WAF false positive to PaintBBS NEO.
changed files
- noticemail/noticemail.inc
- potiboard.php
- config.php
- neo.js
- thumbnail_gd.php
- picpost.php
- save.php
- saveklecks.php
Changed Templates
- templates/basic_tw/main.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/paint_klecks.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
- templates/basic_tw/template_ini.php
[2022/11/30] v5.36.8
update
- Updated Klecks.
Fixed brush shortcut key behavior. - Updated BladeOne to v4.7.1.
improvement
-
Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
Previously, the working file could be overwritten by another file. -
An error does not occur when the post time to be compared is in the future.
In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error. -
BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php. -
Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).
-
The types of error messages have increased when posting OEKAKI images fails.
changed directories
- BladeOne/
- klecks/
changed files
- picpost.php
- potiboard.php
Changed Templates
- templates/basic_tw/paint_klecks.blade.php
[2022/10/29] v5.35.3
Improvements
Template Common
- When you click the image file link on the management screen, it now pops up with luminous.
Previously, images were opened in separate tabs. - Corrected [tweet] to [Tweet].
- Corrected [TOOL] to [Tool].
Template MONO
- Added back to top page function that is displayed when scrolling to template MONO.
- Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
As a result, the left and right margins of the image displayed on the smartphone are the same.
Previously, the margin on the right side of the screen was larger.
・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.
Security
- If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
Subresource Integrity See MDN.
If you change the version of CheerpJ, it will not work unless you change the hash value.
However, the calculated hash value is included in the latest version of potiboard.php
・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.
When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.
・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the number of steps is low".
Compulsory thumbnail function is back
- Restored the force thumbnail feature that was in v1.3.
Using the latestthumbnail_gd.php
turns this feature on.
If the file size exceeds 1MB, a thumbnail image in jpeg format will be output.
Assumed case. If a GIF animation image file that is small in height and width but large in file size exceeds 1 MB, a thumbnail image in JPEG format will be displayed instead of the GIF animation.
Click the image to view the original GIF animation.
others
- Changed the initial error message to switch automatically between Japanese and English.
- Reduce load by avoiding unnecessary processing. For example, if there are no comments, you don't have to check the length of the comment or the bad words, so returning immediately reduces the load.
update Klecks
Fixes an issue where white fills after using distortion tool show lines that follow the shape of the Liquify.
Added how-to video link to help page and added gradient shortcut keys section.
changed directories
- klecks/
changed files
- potiboard.php
- picpost.php
- save.php
- sa...
POTI-board EVO zh-TW v5.50.11 released. v3.x and earlier all versions have a serious bug.
Serious bugs in older versions
-
POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
Malicious JavaScript can be executed. -
POTI-board v3.09.x and earlier all versions have a serious bug.
You may lose all log files. -
POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.
Please update to v5.x or higher.
POTI-board EVO v5.50.11 release
[2022/12/21] v5.50.11
Improvements
- Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
- Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
- Add same-origin check. Illegal posts from different origins are now rejected.
However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started. - Protection against directory traversal attacks. Invalidate hierarchies such as
../../
in basename() when variables are entered in fopen(). - Rejection when the password is incorrect 5 times in a row.
If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
If you want to use this function, please add the following setting items anywhere in config.php.
/safety/
//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");
// Access via ftp etc.
// Remove thetemplates/errorlog/error.log
and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.
-
Changed the method to get IP address and host name because some servers cannot get IP address with getenv().
-
Use uniqid() to emit user-code repcode. It now changes in micro time units.
-
Increased the replacement code length from 8 to 12 characters.
-
Added original error message for WAF false positive to PaintBBS NEO.
changed files
- noticemail/noticemail.inc
- potiboard.php
- config.php
- neo.js
- thumbnail_gd.php
- picpost.php
- save.php
- saveklecks.php
Changed Templates
- templates/basic_tw/main.blade.php
- templates/basic_tw/paint.blade.php
- templates/basic_tw/paint_klecks.blade.php
- templates/basic_tw/parts/paint_form.blade.php
- templates/basic_tw/res.blade.php
- templates/basic_tw/search.blade.php
- templates/basic_tw/template_ini.php
[2022/11/30] v5.36.8
update
- Updated Klecks.
Fixed brush shortcut key behavior. - Updated BladeOne to v4.7.1.
improvement
-
Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
Previously, the working file could be overwritten by another file. -
An error does not occur when the post time to be compared is in the future.
In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error. -
BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php. -
Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).
-
The types of error messages have increased when posting OEKAKI images fails.
changed directories
- BladeOne/
- klecks/
changed files
- picpost.php
- potiboard.php
Changed Templates
- templates/basic_tw/paint_klecks.blade.php
[2022/10/29] v5.35.3
Improvements
Template Common
- When you click the image file link on the management screen, it now pops up with luminous.
Previously, images were opened in separate tabs. - Corrected [tweet] to [Tweet].
- Corrected [TOOL] to [Tool].
Template MONO
- Added back to top page function that is displayed when scrolling to template MONO.
- Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
As a result, the left and right margins of the image displayed on the smartphone are the same.
Previously, the margin on the right side of the screen was larger.
・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.
Security
- If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
Subresource Integrity See MDN.
If you change the version of CheerpJ, it will not work unless you change the hash value.
However, the calculated hash value is included in the latest version of potiboard.php
・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.
When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.
・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the number of steps is low".
Compulsory thumbnail function is back
- Restored the force thumbnail feature that was in v1.3.
Using the latestthumbnail_gd.php
turns this feature on.
If the file size exceeds 1MB, a thumbnail image in jpeg format will be output.
Assumed case. If a GIF animation image file that is small in height and width but large in file size exceeds 1 MB, a thumbnail image in JPEG format will be displayed instead of the GIF animation.
Click the image to view the original GIF animation.
others
- Changed the initial error message to switch automatically between Japanese and English.
- Reduce load by avoiding unnecessary processing. For example, if there are no comments, you don't have to check the length of the comment or the bad words, so returning immediately reduces the load.
update Klecks
Fixes an issue where white fills after using distortion tool show lines that follow the shape of the Liquify.
Added how-to video link to help page and added gradient shortcut keys section.
changed directories
- klecks/
changed files
- potiboard.php
- picpost.php
- save.php
- saveklecks.php
- thumbnail_gd.php
Changed Templates
- templates/basic_tw/
[2022/10/03] v5.26.8
Updated ChickenPaint to the latest version.
The attached image is a GIF animation when I did a reproduction test of the problem that the color picker is not displayed.
Updated to the latest version of ChickenPaint to avoid a bug in Google Chrome 105,106 that causes this problem.
Updated klecks to the latest version.
- Added option to use gradient tool as an eraser.
- Added vanishing point filter.
Display images using luminous.
changed directories
- chickenpaint/
- klecks/
- lib/luminous/
changed files
- potiboard.php
- search.php
Changed Templates
- templates/basic_tw/
[2022/09/20] v5.26.3
Update
- Updated Klecks to latest version.
Gradient tool and pattern filter added. - Updated BladeOne to v4.6.
Bug fixes
- Fixed a bug that an E-WARNING level PHP error occurred when specifying an article number other than the article number of the thread's parent on the reply screen.
Please updatepotiboard.php
.
Improvements
- If the password field is blank for password authentication when drawing a continuation or download authentication of pch, chi, psd, the cookie password will be used instead.
Unified to the same behavior as password authentication during edit function. - Fixed function
check_password()
for password checking. Password authentication will not succeed if no password is entered and the password is not present in the cookie. - Fixed the multilingual support of the mail notification function was insufficient.
- Fixed paint screen's clock javascript .
- Changed the unit of file size on the managed post screen from bytes to kb.
changed directories
- klecks/
- BladeOne/
changed files
- potiboard.php
- thumbnail_gd.php
- picpost.php
Changed Templates
- templates/basic_tw/other.blade.php
- templates/basic_tw/paint.bl...