===========================
Wax Poteto Revision History
===========================
=====================================================================
v5.9.1 - August 21, 2015:
CHANGES:
- Wax Poteto now requires PHP 5.3 or higher.
- Updated NiftyToo (BBCode) system to be PHP7 compatible:
Replaced deprecated preg_replace /e modifier with callbacks.
Removed $mode function parameter as it was always > 0.
- Performance improvement for NiftyToo system (about 3-4 times faster).
- Support for the "_target" HTML attribute in autolinks dropped.
- Some minor cleanup to the database layer and its error masking.
BUGFIXES:
- NiftyToo now handles the [s] BBCode tag corectly, and this tag is now case insensitive.
- Fixed NiftyToo so autolinked URLs may contain apostrophes. Many valid URLs still will not work.
- SQL time in footer wasn't actually being set, always resulting in a time of zero.
- Fixed two untranslated error messages in functions.php.
- Moved password field in register.php to avoid the Firefox password auto-complete bug.
=====================================================================
v5.9.0 - May 12, 2015:
NOTES:
- Last major version. WaxPoteto is officially discontinued, but may get a few bugfixes.
- Upgrade to Wacintaki recommended.
CHANGES:
- Upload access is enabled by default in the installer.
- Finally converted BBS to use OekakiID rather than OekakiU for all authorization and cookies.
- Updated all applet code to eliminate $OekakiU and updated boot to salvage login details from multiple sources.
- Some syntactic cleanup, such as removing trailing "?>", fixing capitalization, alignment issues, etc.
- $user and $flags arrays now cascade, allowing for cleaner defaults.
- Finally using SQL LEFT JOINS for avatars on index page. Cuts number of SQL queries roughly in half.
- Replaced badly-written PHP version detection with version_compare().
- Microtime handling improved with proper string casting.
- New password hashing using Blowfish if available and Extended DES as a fallback.
- Oekaki automatically updates old password hashes to the strength defined in boot.php.
- Random salt generator for passwords. Uses mcrypt, openssl, or /dev/urandom/ if available and a decent fallback for Windows.
- Password detection no longer relies on config salt, so salt may be changed.
- Salt removed from installer and is now set automatically during installation (and is virtually useless).
- report_err() now includes "error.php" rather than using a HTTP redirect. This solves many technical and usability problems compared to passing error messages via CGI.
- Added experimental "X_DISABLE_REPORT_ERR_HACK" to boot to disable the report_err() hack. Use this if your custom header isn't working with the new error reporting.
- Removed multiple tries from applet picture save code -- potential DDoS vector.
- Added constants to replace mailbox status numbers.
- Debug config no longer overlaps with NineChime.com specific hacks.
BUGFIXES:
- Fixed undeclared debug variable in the updater.
- age_to_date(): fixed problem with $_GLOBALS being confused with $GLOBALS.
- Fixed ability to log in through alternate interface if browser JavaScript is disabled.
FEATURES:
- Many PHP 5.3+ enhancements.
- Page load time now shows SQL time.
- Diagnostics page now shows avatar stats as well as deprecated salt setting.
- Board now recognizes (but does not support) WebP image uploads.
=====================================================================
v5.8.10 - June 5, 2013:
CHANGES:
- Changed "MSN" field in profile to "Skype".
- Fixed password recovery allowing blank password.
=====================================================================
v5.8.9 - October 20, 2012
CHANGES:
- Fixed profile viewer trying to show a user name that does not exist.
- Fixed unclosed HTML anchor tag in error.php.
FEATURES:
- Finally added GZip compression which should help considerably with bandwidth and download speed.
- Added hacks options to disable and configure GZip compression.
- Superadmins and owners may now change the user names of accounts.
=====================================================================
v5.8.8 - May 4, 2012
CHANGES:
- Made sanity checks in functions.php file slightly longer and return more specific error messages.
- Fixed strange bug where picture titles consisting of all numbers would fail to submit.
=====================================================================
v5.8.7 - November 13, 2011
CHANGES:
- Finally fixed problem with animation viewer showing corruption. This was yet another DirectX accleration issue.
- Fixed undeclared config and guest variables in chatbox.php, as well as missing URL field.
- Fixed cookie handling for guest comments in chat room.
- Fixed installer to make MySQL 5.5 happy (removed display width suffix on TIMESTAMP).
- Fixed new board not redirecting to the installer in some cases.
- Added permissions check to installer for "avatars" folder.
- Updated .htaccess files in documentation folder to help with JAR file issues.
=====================================================================
v5.8.6 - September 6, 2011
CHANGES:
- Database layer now supports field names in db_result(). Works ONLY with mysql, not mysqli. Use ONLY for legacy support!
- Fixed rare problem with partial update when doing a manual update (mixing Wacintaki and Wax config files).
- Fixed problem with debugger in updater ($wactest).
- The profile editor will now ignore the adult flag if the submitted age is less than MIN_AGE_ADULT.
FEATURES:
- New hacks file option to force a specific MySQL API. Useful for when you need to import database code from another part of your web site into the banner/notice/etc.
=====================================================================
v5.8.5 - May 6, 2011
CHANGES:
- PaintBBS and ShiPainter are now un-broken and can actually post pictures. A massive bug in the save code caused the board to recieve a NULL from the applet parameters, rather than the proper value.
=====================================================================
v5.8.4 - April 23, 2011
CHANGES:
- Reworked logic for flag and rank modification (from Wacintaki).
=====================================================================
v5.8.3 - April 1, 2011
CHANGES:
- Finally disabled DNS host lookup by default. Almost nobody needs it, and it can severely affect load times for some members.
- ENABLE_DNS_HOST_LOOKUP added to hacks file to re-enable DNS lookup. Use with caution.
- Manual registration approval will no longer return an e-mail warning if e-mails are turned off in the cpanel.
- Fixed problem with procedural-style MySQLi string escapement not finding the link resource.
- Fixed db_error() backtrace to be strict compliant (cannot use next() with function references).
- db_error() and db_history() now store more than one value.
- Fixed db_close() to give a proper return value.
- Fixed undefined index issue when modflags.php sends checkbox values to functions.php.
- Fixed improper exit() in humanity test in functions.php.
- Removed mod version number from boot.php.
- Fixed a few undeclared variable issues with $user.
- Memberlist will no longer search for e-mails members have masked (the memberlist would always hide results, though).
- Fixed error reporting in viewani.php to not check the size of missing animations.
- Fixed undeclared parameters in paintbbsget.php and shiget.php.
- The chat system finally sorts messages top to bottom, rather than bottom to top.
- Quoted text in comments will now parse correctly so blockquotes will always be closed.
- Fixed how Java command line options for DirectX are being passed through the applet parameters.
- Fixed an XSS vulnerability with the memberlist.
- Fixed some HTML encoding issues with stored URLs.
=====================================================================
v5.8.2 - December 28, 2010
CHANGES:
- New config file format, database file format, and database fields.
- New database layer supports updated MySQL 5 authentication (mysqli). MySQL compatibility should now be better in the future.
- New database error reporting makes diagnostics and installation easier. Moving towards PostgreSQL support.
- Moved regular maintenance into "maint.php". Todo: refactor into a cron manager.
- "hacks.php" option CUT_EMAIL moved to config file.
- Fixed bug in viewani.php where a missing animation number would not return an error message.
- Fixed "flase" param spelling error in viewani.php. Doesn't appear to affect anything, though.
- Updated all repair scripts in documentation folder.
FEATURES:
- Finally, the board logs IP addresses properly when people register/login (database updated).
=====================================================================
v5.8.1 - December 12, 2010
CHANGES:
- Fixed all PHP short tags.
- Adjusted HTML links in rollovers when JavaScript is disabled.
- Added separate login script if JavaScript is disabled.
- Fixed HTML parsing issues with register.php.
- Fixed incorrect count of active members in memberlist.
- Fixed dimensions not being checked when uploading files (not the applets).
- Fixed smilies code so smilies at the start of a multi-line comment will now work correctly.
- Removed PHP unserialize() function from draw preferences. Not secure when used with user input.
FEATURES:
- Comments now allowed in ban list, to help identify users and reasons for banning.
=====================================================================
v5.8.0 - October 25, 2009
CHANGES:
- Applet code now disables DirectDraw support with Java. Hopefully, this will fix the zoom, erase, and Bezier curve problems with PaintBBS and ShiPainter.
- Fixed very strange problem with duplicate names being added to online list if pages are refreshed very quickly, particularly with the mailbox (?!)
- Removed some "windows-1252" charset codes from comments (PHP may output garbage even when it is commented out).
- Deleting safety saves no longer reduces a member's picture count.
- Adjusted for bug in Firefox 3.5 where windows smaller than ~680 pixels will have no scrollbar. Windows are 700px minimum for Mozilla browsers.
- By request, some of the max values allowed for control panel settings have been increased.
FEATURES:
- PHP 6 compatible.
- At long last, all post comments now show up on the comment screen.
- Draw screen now remembers settings in a web browser cookie.
- Window close confirmation helps prevent applets from being closed accidentally.
=====================================================================
v5.7.2 - August 12, 2008
CHANGES:
- Memberlist now filters out blank results when calculating search totals.
- Fixed username escape issue with mass mail.
- Fixed modflags not displaying usernames properly.
- Age code now shows birthdays properly (USA Eastern Standard Time only).
=====================================================================
v5.7.1 - August 12, 2008
CHANGES:
- Fixed Chibi Paint layers file not always being read into applet with regular image.
- Old Chibi Paint layer files will now be removed from the pictures folder if not updated when retouching.
- Profile viewer will now hide location and chat information from non-members.
- Slight XHTML update for URLs shown in profile viewer.
=====================================================================
v5.7.0 - August 2, 2008
CHANGES:
- Corrected a number of old HTML/CSS compliance issues w/HTML Tidy.
- Rewrote all applet parameters to be properly URL/HTML encoded.
- New template format. Old templates will still work, but should be updated ASAP.
- Fixed templates and template editor to use pixel units with borders (necessary to include HTML DOCTYPE).
- Optimized built-in templates and restyled borders on elements.
- Significantly reduced the glare of the Hentai-Fire template.
- Fixed badly positioned table tag and bad URL formats in profile viewer.
- Fixed table parsing bugs in addusr, editprofile, memberlist, mailbox, mailout, and upload.
- Added more bad characters to the badChars() filter.
- E-mail address and URL filters integrated into w_gcp().
- Removed logging of empty functions.php requests.
- Closed several XSS attacks.
- Size cap for comments and titles, so pages won't break. Needs to be expanded.
- Stand-alone scripts (which do not use header.php) now set charset server headers.
- Fixed log issue when archiving pictures.
- Finally fixed bug that prevented members from deleting their own comments.
- Spam link count marker changed from "h://" to "://" to allow for video links and SSL.
- Fixed SQL filtering in memberlist to only allow fields in database.
- Fixed member count in memberlist when searching by username.
- Default sorting in memberlist fixed.
- Chat now prints guest IP/host only for admins.
- Chat comments limited to 200 characters.
- Added email_code() to index and memberlist to obscure e-mails from non-registerd members.
- Changed subject line from nifty2_convert() to w_html_chars() in mailread.php.
- Changed HTML filtering in functions to prevent double-encoding of comments.
- DB rowcount added to editpic.php and comment.php.
- Cleaned up NiftyToo markup system to handle HTML encoding without breaking URLs.
- Corrected anti-spam test to handle/count BBCode links.
- Owners can now change profiles without having to change age statement.
- Birth year capped to >1900 || <3000.
- Fixed PaintBBSCallback() issue with noteBBS.php and paintBBS.php.
- Minor NoteBBS JavaScript cleanup
- Removed some error masking in paintsave.php to help diagnose GDlib problems with large picture uploads.
- Increased cutoff in clean_picture_slots() from 10 to 30.
- Owners may now change permissions of other owners directly in modflags.php (for diagnostic reasons).
FEATURES:
- Chibi Paint support! Yes, a new applet! Caution: some people are having trouble when using JTablet with Chibi Paint.
- Diagnostics screen now shows statistics about pictures folder, including space used.
- Wax Poteto is now XHTML Transitional, so Lightbox/Slimbox mods are supported.
- Board now allows custom background color with thumbnails (in the hacks file) so images with an alpha channel won't be black.
- New template editor. Old templates, both basic and advanced, should be updated by loading and re-saving them in the editor.
- Purge button added to View Pending list.
- Confirmation when deleting comments on index page.
- Hacks override for comment delete dialog.
- Memberlist now allows selectable result page quantity.
- Memberlist now supports sort by e-mail and rank.
- Current picture now added to editpic.php.
- NiftyToo now works more like BBcode, so you can use both '=' and ':'.
- NiftyToo now supports quoted, big, and small text, and double brackets.
- Save routine now checks for truncated PNG files.
=====================================================================
v5.6.4 - May 31, 2008
CHANGES:
- Started converting board to be PHP6 compatible.
- New hacks.php file (still 5.6.0 compatible).
- Wax now uses Wacintaki config file and version numbers (yay - updaters can be merged)
- Fixed bug in profile viewer where links to JPG files did not work.
- index.php, memberlist.php: profile viewer dimmentions increased to 400x600.
- Picture count now works correctly when deleting unrecovered pictures.
- Adjusted humanity test so first option (the default) will never be the correct answer.
- Corrected JavaScript error with Maximize applet (no CSS units).
- Small change to "comment.php" to allow control over how many smilies are displayed.
- Updated error reporting when trying to post a comment on a picture that does not exist.
- Updated ban code to ignore hosts file if host lookup fails.
- Confirmation for install and update script removal.
- Changed variable reference usage in common.php and paintsave.php.
- Fixed cookie corruption issue when changing password in profile editor.
- Finally fixed the "new window" code so pop-ups have toolbars, since Firefox's tabbed browsing feature causes flow issues.
- Changed cookie/login handling in paint capture code (again) to help prevent PHP errors from interfering with return codes for applets.
- 404 returned when posting comment on non-existant picture to help kick spambots.
- Updated the .htaccess file to include short tag support.
- Added more testing for troublesome passwords when editing profiles.
- Fixed some HTML encoding issues with the pending registration list, memberlist, and profile viewer.
- Updated statistics reporting in memberlist.
- Installer/updater will now use the "secure" mode in boot.php to remove themselves.
- Installer now uses apostrophes correctly on BBS title.
FEATURES:
- New resize buttons on paint screens allow applets to be bigger than the screen.
- Admins may now edit member profiles and avatars via the Modify Permissions menu, and the profile viewer.
- Profile viewer now (finally) shows thumbnails.
- Animation uploads (requires matching picture as well as animation access).
- Profile option to hide e-mail.
- Smilies option added to control panel.
- Profile option to disable smilies.
- Clickable smilies (finally) added to comment page.
- New logging system tracks system/admin/member activity, including deletes, edits, bumps, archives, and more.
- Registration form now enforces age declaration.
- Minimum age for adult browsing is now adjustable in hacks.php file. Default is still 18.
- Registrations may now be rejected without sending rejection e-mail (anti-spam measure).
=====================================================================
v5.6.3 - January 2, 2008
CHANGES:
- Added cpanel option to change thumbnail filesize cutoff.
- Forced registration will now login properly before redirecting to profile editor.
- Fixed stupid bug where new comments were echoing the first post's comment.
- Fixed installer so database removal will now delete the chat room properly.
- Adjusted orphaned file cleanup in updater for better accuracy with JPEGs.
- "Time invested" on upload screen now allows values higher than just 3 hours (bug).
- Updated credits in footer to correct a spelling error.
- Corrected some variable scope issues with noteBBS.js.
- 5.6.0b2: header.php now uses updated JavaScript