Skip to content

Releases: satopian/poti-kaini-EN

POTI-board EVO EN v6.59.1.1 released. v3.x and earlier all versions have a serious bug.

28 Aug 11:30
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v6.59.1.1 released

2024/12/24 v6.59.1.1

Animation is no longer played on the PaintBBS NEO continue drawing screen

  • Previously, when continuing to draw with NEO, the drawing animation of the steps taken was played, and you had to wait for the playback to finish or tap the screen to skip the playback.
  • With this update, the drawing animation will no longer be played on the continue drawing screen, and only the layer information will be obtained from the animation data and output as a still image on the screen.
  • This eliminates the need to tap to skip when the animation starts playing.
  • This behavior is closer to the original PaintBBS.

Changed files

  • neo.js
  • potiboard.php

Changed template

  • templates/mono_en/mono_paint.blade.php

2024/12/17 v6.58.0

"Share on SNS" Now Support Meta "Threads"

241216_Threads対応

  • You can now create shared links for Meta's SNS "Threads."
    The number of files to be changed is small, but you will need to reconfigure config.php to make it compatible with "Threads."
    If you do not need to make it compatible with "Threads," there is no need to reconfigure config.php.
$servers =
[

	["X","https://x.com"],
	["Bluesky","https://bsky.app"],
	["Threads","https://www.threads.net"],
	["pawoo.net","https://pawoo.net"],
	["fedibird.com","https://fedibird.com"],
	["misskey.io","https://misskey.io"],
	["misskey.design","https://misskey.design"],
	["nijimiss.moe","https://nijimiss.moe"],
	["sushi.ski","https://sushi.ski"],

];

// Width and height of window to open when SNS sharing

//window width initial value 600
define("SNS_WINDOW_WIDTH","600"); 
//window height initial value 600 
define("SNS_WINDOW_HEIGHT","600");

Changed files

  • potiboard.php
  • sns_share.inc.php
  • config.php

2024/12/12 v6.57.1

Issue a warning if layer information has not been saved in PaintBBS NEO

  • If time-lapse data has not been saved in PaintBBS NEO, a confirmation dialog will now be displayed saying "Layer information will not be saved.Are you sure you want to continue?".

Improved Markdown link function

  • Improved Markdown link [string](URL).
    If there is a [] within a [] that specifies a string, escape it with a backslash.
    When escaped, it will become a link like this
    [12345] Petit Note
    Example)
[\[12345\] Petit Note](https://example.com)

Changed files

  • axnos/axnospaint-lib.min.js
  • neo.js
  • potiboard.php
  • search.inc.php

Changed template

  • templates/mono_en/mono_paint.blade.php

2024/12/08 v6.56.6

AXNOS Paint has been updated

  • The UI is now easier to use even on devices with small screens.

Changed files

  • axnos/ Overwrite and update directory
  • potiboard.php

2024/12/04 v6.56.5

ChickenPaint Be has been updated.

  • Displays the HTTP status code more clearly when the network response was not ok.

image

image

Changed files

  • chickenpaint/ Overwrite and update directory
  • potiboard.php

2024/12/03 v6.56.3

Review of user authentication code

  • The user code has been expanded to 64 characters.
  • The password is no longer used as a seed for the hash value of the authentication code when replacing an image.
  • To improve the reliability of authentication, the authentication code when replacing an image now includes the article number and article ID as is.
  • Added identity verification for posted images when replacing an image, and the image is posted only if the user code or IP address matches.

Fixed an issue that occurred when replacing an image/editing an article after deleting an article.

  • An issue occurs when someone deletes an article while an article is continuing, and the password of a new post posted afterwards is the same.
    This is because the "article number" and "password" of the newly posted article are the same.
    In this case, The new post is overwritten by the "continuation" post.
    The same issue occurs if you delete an article you are editing and then post a new post with the same "article number" and "password" as the article you are editing.
  • To avoid this issue, the UNIX time of the article is now used to check whether the article you are overwriting when "continuing" or editing is the same as the original article.

ChickenPaint Be Update

Feature request/proposal: converting brightness to opacity · Issue #4 · satopian/ChickenPaint_Be

  • Added a function to convert brightness to transparency.

  • Based on the prototype created by @SuzuSuzu-HaruHaru, we adjusted the method of calculating opacity and implemented it as a function equivalent to that of general paint software.

image

Changed files

  • chickenpaint/ Overwrite and update directory
  • potiboard.php

Changed template

  • templates/mono_en/mono_other.blade.php

2024/11/26 v6.53.8

Code cleanup

  • The long foreach nest for image replacement has been shortened.

  • Unnecessary basename() has been removed.

  • The function that checked whether GD was available has been simplified and consolidated into a class method in thumbnail_gd.inc.php.

  • In PHP8.4, exit() has become a function instead of a language structure, so exit; without parentheses has been changed to exit();.
    exit; without parentheses may be deprecated in future versions of PHP.

Bug fix

  • Fixed a problem where explode() would fail and cause a PHP error if a non-existent article number was intentionally specified during password authentication processing when drawing a continuation.
    (This did not occur in normal use, but was recorded as a PHP error in the server error log when an invalid process was performed.)

  • Fixed a bug where additional explanations for the bulletin board were not displayed in the new post form even if they were specified in $addinfo in config.php;.
    (Additional explanations were displayed when drawing and replying, but not in the new post form)

Changed files

  • potiboard.php
  • thumbnail_gd.inc.php

Changed template

  • templates/mono_en/mono_other.blade.php

2024/11/21 v6.51.3

5MB limit on log file size removed

When the log file exceeded 5MB, the file was cut off in a way that required items were cut off in the middle of the log file.
Therefore, the 5MB limit when acquiring a log file has been removed.
Instead, a check on the log file size has been added.
If the log file exceeds 15MB, an error message will be displayed. (When writing and pressing the paint button)
However, by the time the log file size reaches 15MB, the bulletin board should be quite heavy.
It has been proven that it works up to about 8,000 posts, but if it exceeds that, it is likely to become unstable.

If you want to store more posts, consider using.
satopian/Petit_Note_EN: Petit Note English ver. PHP script for PaintBBS NEO, tegaki.js,AXNOS Paint,ChickenPaint and Klecks. (PHP5.6 - PHP8.4)
https://github.com/satopian/Petit_Note_EN

This is a one thread, one log file format, so you can operate up to 8000 threads instead of 8000 comments.
With 200 posts per thread, you can have 8000x200=1.6 million posts.

Added new configuration item to config.php

The limit value for the log file size check could be set to 15MB uniformly, but now it is configurable.
If you don't have any particular preference, there is no need to add a configuration item.
If the configuration item does not exist, the default limit value of 15MB will be applied.

// Maximum file size limit for the log file (in MB)
// Setting a large value may cause instability.
define("MAX_LOG_FILESIZE", "15");

Changed files

  • potiboard.php
  • config.php

Changed templates

  • templates/mono_en/paint_axnos.blade.php
  • templates/mono_en/template_ini.php

2024/11/19 v6.50.3

Replacing Functions Marked for Removal in the PHP 8.4 RFC with New Functions

POTI Board EVO previously used functions that were proposed for removal in the PHP 8.4 RFC. Although these functions were not deprecated due to a slightly higher number of votes against their removal, I have decided to replace them proactively to ensure future compatibility.

New Functions for Cryptographic Operations

Deprecation of uniqid()
I will stop using uniqid() and replace it with random_bytes().

Changing the Hash Algorithm for Duplicate Image Detection from md5 to sha256

Deprecation of md5()
Since the deprecation of md5() was proposed in the PHP 8.4 RFC, the method for generating image hash values to prevent duplicate image posts has been changed from md5 to sha256.

// Reject files with the following image hashes.
$badfile = array("dummyhash","dummyhash2");

If you have specified images to reject, you must reconfigure this setting.

Changed files

  • neo.css
  • neo.js
  • picpost.inc.php
  • potiboard.php

Changed template

  • templates/mono_en/mono_other.blade.php

2024/11/11 v6.39.12

The .htaccess description method has been changed to Apache 2.4 format

  • Official support for Apache 2.2 ended in 20...
Read more

POTI-board EVO EN 5.63.9 released. v3.x and earlier all versions have a serious bug.

11 Jul 06:14
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v5.63.9 release

Fixd Bug

  • Fixed issue of color swatches not loading from PC in a customized version of ChickenPaint for POTI-board.

Changed files

  • chickenpaint/ Overwrite directory update
  • potiboard.php
  • picpost.php
  • save.php
  • saveklecks.php
  • saveneo.php

23/08/13 v5.63.8

Added option to hide [Admin mode] link.

Added this option to config.php.

// Display a link to the [Admin mode]  Yes: 1 No: 0
define("USE_ADMIN_LINK", "1");
// No: 0 Hide link to the admin mode.

Changed files

  • config.php
  • potiboard.php

Changed Templates

  • templates/mono_en/mono_catalog.blade.php
  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/mono_paint.blade.php

23/08/07 v5.63.7.1

  • klecks/ (Update directory by overwriting)
  • potiboard.php
  • templates/mono_en/paint_klecks.blade.php
  • templates/mono_en/mono_paint.blade.php

23/08/04 v5.63.6.1

Updated Klecks and Tegaki

  • klecks/ (Update directory by overwriting)
  • tegaki/ (Update directory by overwriting)

23/08/04 v5.63.6

Fixed bug.

  • Fixed a bug that could not be displayed in IE mode of Edge.

Changed files

  • potiboard.php
  • templates/mono_en/js/mono_common.js
  • templates/mono_en/parts/style-switcher.blade.php

23/07/27 v5.63.5

Fixed bugs.

  • potiboard.php
  • search.inc.php
    (Some variables were undefined.)
  • templates/mono_en/mono_main.blade.php
    (There was a part where the search link was still "search.php".)
  • templates/mono_en/paint_tegaki.blade.php
    (When used on an iPad, the screen was being magnified by double-tap zoom.)

23/07/13 v5.63.3

You can now set the width and height of the window that opens when sharing on SNS in config.php.

Added a new setting item to config.php.

""

// Width and height of window to open when SNS sharing

//window width initial value 350
define("SNS_WINDOW_WIDTH","350");
//window height initial value 490
define("SNS_WINDOW_HEIGHT","490");

""

When adding a server for SNS sharing, the height of the shared screen window was insufficient and scrolling was sometimes required.
Solved the problem by making it possible to set the width and height of the shared screen of the server list when sharing with SNS.
If the above setting items do not exist in config.php, the default values of 350px width and 490px height will be applied.

Changed files

  • potiboard.php
  • config.php (Update only if you need new configuration items)

Changed Templates

  • templates/mono_en/js/mono_common.js
  • templates/mono_en/mono_main.blade.php

[2023/07/12] v5.63.2

Improved selection operability of SNS server to share posts

image

Servers to share can be selected not only directly above the label string, but also by tapping the right margin of the label.

  • templates/mono_en/set_share_server.blade.php
    Fixed HTML grammar errors.

Changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/css/ (Update directory by overwriting)
  • templates/mono_en/set_share_server.blade.php

[2023/07/11] v5.63.1

Replace search.php with search.inc.php

The structure of jsearch.php has been fundamentally overhauled, modified and incorporated into potiboard.php.
Search results that were previously displayed with a URL like "search.php?". The URL will be changed like "potiboard.php?mode=search&".

Externalize and standardize CSS switching part of templates MONO

`templates/mono/parts/style-switcher.blade.php` contains the following parts that have been written in many templates so far.
<style>
body{
	visibility: hidden;
}
</style>
<noscript>
	<style>
		body{
			visibility: visible;
		}
	</style>
</noscript>
<link rel="stylesheet" href="{{$skindir}}css/mono_main.css?{{$ver}}">
<link rel="stylesheet" href="{{$skindir}}css/mono_dark.css?{{$ver}}" id="css1" disabled>
<link rel="stylesheet" href="{{$skindir}}css/mono_deep.css?{{$ver}}" id="css2" disabled>
<link rel="stylesheet" href="{{$skindir}}css/mono_mayo.css?{{$ver}}" id="css3" disabled>

Also set CSS visibility: hidden; here to hide the screen until the DOM and JavaScript have finished loading.
This prevents MONO's color settings from temporarily appearing in a different color scheme.

Search is not case sensitive

Name searches are now case insensitive when the exact match option is selected.

Changed files

  • potiboard.php
  • search.inc.php

Changed Templates

  • templates/mono_en/ (Update directory by overwriting)

[2023/07/08] v5.62.2

Bug fixes

Search function was not working.
This bug was introduced in v5.58.10 and fixed in v5.62.2.

From "Tweet button" to "Twitter", "Mastodon" and "Misskey" sharing.

In addition to "Twitter", you can now share posts on short-text posting SNS such as "Mastodon" and "Misskey".

image

You can also change it to a conventional tweet button by setting it in config.php.
You can also edit the list of "Mastodon" and "Misskey" servers.

/* ---------- SNS share function advanced settings ---------- */

//Include Mastodon and Misskey servers in the share function
// (1: Include, 0: Do not include)
define("SWITCH_SNS","1");

// Servers displayed in the list when sharing on SNS
//Example ["Display name","https://example.com (SNS server URL)"], (comma is required at the end)

$servers =
[

	["Twitter","https://twitter.com"],
	["mstdn.jp","https://mstdn.jp"],
	["pawoo.net","https://pawoo.net"],
	["fedibird.com","https://fedibird.com"],
	["misskey.io","https://misskey.io"],
	["misskey.design","https://misskey.design"],
	["nijimiss.moe","https://nijimiss.moe"],
	["sushi.ski","https://sushi.ski"],

];

If this setting item does not exist in config.php, the above setting will be applied by default.
If you do not need detailed settings, please use the config.php you are currently using as it is.

Changed files

  • config.php
  • potiboard.php
  • search.php
  • sns_share.inc.php

Changed templates

  • templates/mono_en/img/share-from-square-solid.svg
  • templates/mono_en/js/mono_common.js
  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/paint_klecks.blade.php
  • templates/mono_en/paint_tegaki.blade.php
  • templates/mono_en/set_share_server.blade.php
  • templates/mono_en/tgkr_view.blade.php

[2023/06/24] v5.61.2

Added support for the drawing application tegaki.js.

230621_tegaki_sukumizu_001

Improved "copy poster name" functionality.

It now add at the cursor position in the text field.
Previously, it was added at the end of the line.

Changed directory

  • chickenpaint/
  • tegaki/

Changed files

  • potiboard.php
  • saveklecks.php
  • config.php

Changed templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_paint.blade.php
  • templates/mono_en/parts/mono_copyright.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/paint_tegaki.blade.php
  • templates/mono_en/tgkr_view.blade.php

[2023/06/11] v5.60.0

Fixed deprecated JavaScript syntax in paint app

  • Updated PaintBBS NEO to v1.6.0.
  • Updated to original modified version of ChickenPaint.

The paint app Klecks has two layers at startup.

Image

Changed directory

  • chickenpaint/ overwrite update chickenpaint/ directory

Changed files

  • neo.js
  • potiboard.php

Changed template

  • templates/mono_en/paint_klecks.blade.php

[2023/05/20] v5.59.0

Bug fixes

  • Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
  • This bug was introduced in v5.58.6 and fixed in v5.59.0.

Updating jQuery

  • Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
  • jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.

Fixed deprecated JavaScript and jQuery syntax

  • templates/mono_en/js/mono_common.js

Fixed deprecated JavaScript and jQuery syntax in each file.

Changed files

  • potiboard.php

Added files

  • lib/jquery-3.7.0.min.js

Changed template

  • templates/mono_en/js/mono_common.js

[2023/05/07] v5.58.9.1

Klecks update

  • Overwrite update of klecks/ directory

Blade One update

  • Update by overwriting BladeOne/ directory

Changed Templates

  • templates/mono_en/js/mono_common.js
  • templates/mono_en/mono_other.blade.php
    (fixes deprecated jQuery syntax)

[2023/05/03] v5.58.9

klecks update

changed directories

  • Overwrite updated klecks/ directory

changed files

  • potiboard.php

[2023/04/25] v5.58.8

ChickenPaint update

  • Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.

changed directories

  • Overwrite updated chickenpaint/ directory

changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_paint.blade.php

[2023/04/13] v5.58.5

ChickenPaint update

  • In order to deal with the problem that the aspect ratio of the drawing area is b...
Read more

POTI-board EVO EN v5.62.3 released. v3.x and earlier all versions have a serious bug.

24 Jun 15:38
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v5.62.2 release

[2023/07/08] v5.62.2

Bug fixes

Search function was not working.
This bug was introduced in v5.58.10 and fixed in v5.62.2.

From "Tweet button" to "Twitter", "Mastodon" and "Misskey" sharing.

In addition to "Twitter", you can now share posts on short-text posting SNS such as "Mastodon" and "Misskey".

image

You can also change it to a conventional tweet button by setting it in config.php.
You can also edit the list of "Mastodon" and "Misskey" servers.

/* ---------- SNS share function advanced settings ---------- */

//Include Mastodon and Misskey servers in the share function
// (1: Include, 0: Do not include)
define("SWITCH_SNS","1");

// Servers displayed in the list when sharing on SNS
//Example ["Display name","https://example.com (SNS server URL)"], (comma is required at the end)

$servers =
[

	["Twitter","https://twitter.com"],
	["mstdn.jp","https://mstdn.jp"],
	["pawoo.net","https://pawoo.net"],
	["fedibird.com","https://fedibird.com"],
	["misskey.io","https://misskey.io"],
	["misskey.design","https://misskey.design"],
	["nijimiss.moe","https://nijimiss.moe"],
	["sushi.ski","https://sushi.ski"],

];

If this setting item does not exist in config.php, the above setting will be applied by default.
If you do not need detailed settings, please use the config.php you are currently using as it is.

Changed files

  • config.php
  • potiboard.php
  • search.php
  • sns_share.inc.php

Changed templates

  • templates/mono_en/img/share-from-square-solid.svg
  • templates/mono_en/js/mono_common.js
  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/paint_klecks.blade.php
  • templates/mono_en/paint_tegaki.blade.php
  • templates/mono_en/set_share_server.blade.php
  • templates/mono_en/tgkr_view.blade.php

[2023/06/24] v5.61.2

Added support for the drawing application tegaki.js.

230621_tegaki_sukumizu_001

Improved "copy poster name" functionality.

It now add at the cursor position in the text field.
Previously, it was added at the end of the line.

Changed directory

  • chickenpaint/
  • tegaki/

Changed files

  • potiboard.php
  • saveklecks.php
  • config.php

Changed templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_paint.blade.php
  • templates/mono_en/parts/mono_copyright.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/paint_tegaki.blade.php
  • templates/mono_en/tgkr_view.blade.php

[2023/06/11] v5.60.0

Fixed deprecated JavaScript syntax in paint app

  • Updated PaintBBS NEO to v1.6.0.
  • Updated to original modified version of ChickenPaint.

The paint app Klecks has two layers at startup.

Image

Changed directory

  • chickenpaint/ overwrite update chickenpaint/ directory

Changed files

  • neo.js
  • potiboard.php

Changed template

  • templates/mono_en/paint_klecks.blade.php

[2023/05/20] v5.59.0

Bug fixes

  • Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
  • This bug was introduced in v5.58.6 and fixed in v5.59.0.

Updating jQuery

  • Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
  • jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.

Fixed deprecated JavaScript and jQuery syntax

  • templates/mono_en/js/mono_common.js

Fixed deprecated JavaScript and jQuery syntax in each file.

Changed files

  • potiboard.php

Added files

  • lib/jquery-3.7.0.min.js

Changed template

  • templates/mono_en/js/mono_common.js

[2023/05/07] v5.58.9.1

Klecks update

  • Overwrite update of klecks/ directory

Blade One update

  • Update by overwriting BladeOne/ directory

Changed Templates

  • templates/mono_en/js/mono_common.js
  • templates/mono_en/mono_other.blade.php
    (fixes deprecated jQuery syntax)

[2023/05/03] v5.58.9

klecks update

changed directories

  • Overwrite updated klecks/ directory

changed files

  • potiboard.php

[2023/04/25] v5.58.8

ChickenPaint update

  • Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.

changed directories

  • Overwrite updated chickenpaint/ directory

changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_paint.blade.php

[2023/04/13] v5.58.5

ChickenPaint update

  • In order to deal with the problem that the aspect ratio of the drawing area is broken when the orientation of the device is changed on the iPad, we have included a version of ChickenPaint that has been customized and built independently. (Temporary measure until the problem is resolved)
  • This issue only occurs when using ChickenPaint in fullscreen mode.
  • Therefore, I stopped starting in full screen mode and started in normal mode.
    You can switch the display to full screen mode by selecting full screen mode from ChickenPaint's menu bar.

Improvements

230307_continue drawing_post in the same thread

Added a "Post in the same thread" checkbox.
However, in the case of "image replacement", there is no choice but to post in the same thread, so this option is unnecessary.

Therefore, I used JavaScript to display the "Post in the same thread" checkbox only when a new post is selected.

  • bad host chek

When a user has the same host name and IP address, we made it possible to specify a few characters from the front of the IP address displayed as the host name and reject it with a prefix match.

$badhost =["example.com","100.100.200"];

If set like this:

"example.com" will be rejected with a suffix match, and "100.100.200" will be rejected with a prefix match.

changed directories

  • Overwrite updated chickenpaint/ directory
  • Update by overwriting BladeOne/ directory

changed files

-potiboard.php
-search.php

Changed Templates

Overwrite updated templates/mono_en/ directory

[2023/02/26] v5.56.3

Updated Klecks to latest version

Image

  • Dark theme is now selectable.
  • Added French language support.
  • Fixed touch gesture freezing issue on iPhone and iPad.

Updated BladeOne to latest version

  • Updated BladeOne to v4.8.

Improvements

  • Fixed that the order of the search screen was not in the latest order.
  • Improved search screen code.

changed directory

  • klecks/ directory
  • BladeOne/ directory

changed files

-potiboard.php
-search.php

changed Templates

  • templates/mono_en/search.blade.php
    Improved translations on the search screen.

[2023/02/11] v5.56.2.3

Bug fix

changed Templates

  • templates/mono_en/paint_klecks.blade.php
    Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.

[2023/02/09] v5.56.2.2

  • Added missing klecks help file.

[2023/02/05] v5.56.2

You can now configure whether or not to use the URL input field in config.php.

// Use URL input field (Yes: 1, No: 0)
define("USE_URL_INPUT_FIELD", "1");
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.

In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http:// is omitted, it should be almost impossible to write URL of advertisement spam.

Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.

It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.

In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.

If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.

NEO_issue_230201

changed files

  • potiboard.php
  • neo.js
  • picpost.php
  • save.php
  • saveklecks.php
  • saveneo.php
  • config.php
    config.php only needs to ...
Read more

POTI-board EVO EN v5.60.0 released. v3.x and earlier all versions have a serious bug.

13 Apr 08:53
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v5.60.0 release

[2023/05/20] v5.60.0

Fixed deprecated JavaScript syntax in paint app

  • Updated PaintBBS NEO to v1.6.0.
  • Updated to original modified version of ChickenPaint.

The paint app Klecks has two layers at startup.

Image

Changed directory

  • chickenpaint/ overwrite update chickenpaint/ directory

Changed files

  • neo.js
  • potiboard.php

Changed template

  • templates/mono_en/paint_klecks.blade.php

[2023/05/20] v5.59.0

Bug fixes

  • Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
  • This bug was introduced in v5.58.6 and fixed in v5.59.0.

Updating jQuery

  • Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
  • jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.

Fixed deprecated JavaScript and jQuery syntax

  • templates/mono_en/js/mono_common.js

Fixed deprecated JavaScript and jQuery syntax in each file.

Changed files

  • potiboard.php

Added files

  • lib/jquery-3.7.0.min.js

Changed template

  • templates/mono_en/js/mono_common.js

[2023/05/07] v5.58.9.1

Klecks update

  • Overwrite update of klecks/ directory

Blade One update

  • Update by overwriting BladeOne/ directory

Changed Templates

  • templates/mono_en/js/mono_common.js
  • templates/mono_en/mono_other.blade.php
    (fixes deprecated jQuery syntax)

[2023/05/03] v5.58.9

klecks update

changed directories

  • Overwrite updated klecks/ directory

changed files

  • potiboard.php

[2023/04/25] v5.58.8

ChickenPaint update

  • Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.

changed directories

  • Overwrite updated chickenpaint/ directory

changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_paint.blade.php

[2023/04/13] v5.58.5

ChickenPaint update

  • In order to deal with the problem that the aspect ratio of the drawing area is broken when the orientation of the device is changed on the iPad, we have included a version of ChickenPaint that has been customized and built independently. (Temporary measure until the problem is resolved)
  • This issue only occurs when using ChickenPaint in fullscreen mode.
  • Therefore, I stopped starting in full screen mode and started in normal mode.
    You can switch the display to full screen mode by selecting full screen mode from ChickenPaint's menu bar.

Improvements

230307_continue drawing_post in the same thread

Added a "Post in the same thread" checkbox.
However, in the case of "image replacement", there is no choice but to post in the same thread, so this option is unnecessary.

Therefore, I used JavaScript to display the "Post in the same thread" checkbox only when a new post is selected.

  • bad host chek

When a user has the same host name and IP address, we made it possible to specify a few characters from the front of the IP address displayed as the host name and reject it with a prefix match.

$badhost =["example.com","100.100.200"];

If set like this:

"example.com" will be rejected with a suffix match, and "100.100.200" will be rejected with a prefix match.

changed directories

  • Overwrite updated chickenpaint/ directory
  • Update by overwriting BladeOne/ directory

changed files

-potiboard.php
-search.php

Changed Templates

Overwrite updated templates/mono_en/ directory

[2023/02/26] v5.56.3

Updated Klecks to latest version

Image

  • Dark theme is now selectable.
  • Added French language support.
  • Fixed touch gesture freezing issue on iPhone and iPad.

Updated BladeOne to latest version

  • Updated BladeOne to v4.8.

Improvements

  • Fixed that the order of the search screen was not in the latest order.
  • Improved search screen code.

changed directory

  • klecks/ directory
  • BladeOne/ directory

changed files

-potiboard.php
-search.php

changed Templates

  • templates/mono_en/search.blade.php
    Improved translations on the search screen.

[2023/02/11] v5.56.2.3

Bug fix

changed Templates

  • templates/mono_en/paint_klecks.blade.php
    Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.

[2023/02/09] v5.56.2.2

  • Added missing klecks help file.

[2023/02/05] v5.56.2

You can now configure whether or not to use the URL input field in config.php.

// Use URL input field (Yes: 1, No: 0)
define("USE_URL_INPUT_FIELD", "1");
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.

In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http:// is omitted, it should be almost impossible to write URL of advertisement spam.

Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.

It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.

In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.

If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.

NEO_issue_230201

changed files

  • potiboard.php
  • neo.js
  • picpost.php
  • save.php
  • saveklecks.php
  • saveneo.php
  • config.php
    config.php only needs to be updated if new configuration items are needed.

changed Templates

  • templates/mono_en/js/mono_common.js
  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/mono_paint.blade.php

[2023/01/19] v5.55.8.5

Bug fixes

  • PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
    Overwrite and update saveneo.php.

changed files

  • saveneo.php

[2023/01/14] v5.55.8.2

Bug fix

Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".

changed files

modified file
picpost.php
save.php
saveklecks.php
saveneo.php

[2023/01/14] v5.55.8.1

  • fixd saveneo.php

Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.

[2023/01/13] v5.55.8

Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.

Important changes

  • Receipt of shi-Painter data is done by picpost.php as before.
    However, the data of PaintBBS NEO is received by newly added saveneo.php.
    If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
    Transfer it to the same directory as potiboard.php.
    Please update

  • Updated Paint screen template

mono_paint.blade.php

A parameter has been added to switch to the formData submit mode.

Changed the config.php

Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that doe...

Read more

POTI-board EVO EN v5.56.3 released. v3.x and earlier all versions have a serious bug.

04 Feb 16:22
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.56.3 release

[2023/02/26] v5.56.3

Updated Klecks to latest version

Image

  • Dark theme is now selectable.
  • Added French language support.
  • Fixed touch gesture freezing issue on iPhone and iPad.

Updated BladeOne to latest version

  • Updated BladeOne to v4.8.

Improvements

  • Fixed that the order of the search screen was not in the latest order.
  • Improved search screen code.

changed directory

  • klecks/ directory
  • BladeOne/ directory

changed files

-potiboard.php
-search.php

changed Templates

  • templates/mono_en/search.blade.php
    Improved translations on the search screen.

[2023/02/11] v5.56.2.3

Bug fix

changed Templates

  • templates/mono_en/paint_klecks.blade.php
    Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.

[2023/02/09] v5.56.2.2

  • Added missing klecks help file.

[2023/02/05] v5.56.2

You can now configure whether or not to use the URL input field in config.php.

// Use URL input field (Yes: 1, No: 0)
define("USE_URL_INPUT_FIELD", "1");
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.

In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http:// is omitted, it should be almost impossible to write URL of advertisement spam.

Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.

It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.

In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.

If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.

NEO_issue_230201

changed files

  • potiboard.php
  • neo.js
  • picpost.php
  • save.php
  • saveklecks.php
  • saveneo.php
  • config.php
    config.php only needs to be updated if new configuration items are needed.

changed Templates

  • templates/mono_en/js/mono_common.js
  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/mono_paint.blade.php

[2023/01/19] v5.55.8.5

Bug fixes

  • PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
    Overwrite and update saveneo.php.

changed files

  • saveneo.php

[2023/01/14] v5.55.8.2

Bug fix

Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".

changed files

modified file
picpost.php
save.php
saveklecks.php
saveneo.php

[2023/01/14] v5.55.8.1

  • fixd saveneo.php

Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.

[2023/01/13] v5.55.8

Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.

Important changes

  • Receipt of shi-Painter data is done by picpost.php as before.
    However, the data of PaintBBS NEO is received by newly added saveneo.php.
    If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
    Transfer it to the same directory as potiboard.php.
    Please update

  • Updated Paint screen template

mono_paint.blade.php

A parameter has been added to switch to the formData submit mode.

Changed the config.php

Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one app to use, the pull-down menu for app selection disappears and the screen becomes clean.

Limited by drawing time

For example, if you want to reject submissions with only lines drawn in less than 1 minute,

// Security timer (unit: seconds). If not set, use ""
define("SECURITY_TIMER", "");

It was possible to specify the minimum required drawing time with , but until now, it was effective only for Shi-Painter and PaintBBS NEO.
With this update, ChickenPaint and Klecks now have this setting enabled.
In the old method, when there was a violation, it was possible to jump to another site (for example, the Metropolitan Police Department site), but instead of that method, an alert will open "Please draw for another 30 seconds.".

changed files

  • neo.js
  • picpost.php
  • potiboard.php
  • save.php
  • saveklecks.php
  • saveneo.php
  • config.php
    Those who do not need new setting items do not need to update.

Changed Templates

MONO

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/mono_paint.blade.php
  • templates/mono_en/paint_klecks.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php

Please update only those who need newly added setting items.

  • You also need to update the parts/ directory, like parts/paint_form.blade.php.
    If you haven't customized the template, it's okay to overwrite the entire templates/ directory.

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

221227_006

Changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

  • It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
    Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
    With v5.52, you can now automatically get the canvas size from the animation file.
    However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
    For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

221227_005

This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

  • potiboard.php

[2022/12/24] v5.51.0

  • PaintBBS NEO update v1.5.16
  • Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
    If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
    POTI-board uses JavaScript to load cookies into static HTML files.
    Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
    I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
    How...
Read more

POTI-board EVO EN v5.55.8.5 released. v3.x and earlier all versions have a serious bug.

13 Jan 12:20
c4fb08a
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.55.8.5 release

[2023/01/19] v5.55.8.5

Bug fixes

  • PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
    Overwrite and update saveneo.php.

changed files

  • saveneo.php

[2023/01/14] v5.55.8.2

Bug fix

Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".

changed files

modified file
picpost.php
save.php
saveklecks.php
saveneo.php

[2023/01/14] v5.55.8.1

  • fixd saveneo.php

Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.

[2023/01/13] v5.55.8

Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.

Important changes

  • Receipt of shi-Painter data is done by picpost.php as before.
    However, the data of PaintBBS NEO is received by newly added saveneo.php.
    If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
    Transfer it to the same directory as potiboard.php.
    Please update

  • Updated Paint screen template

mono_paint.blade.php

A parameter has been added to switch to the formData submit mode.

Changed the config.php

Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one app to use, the pull-down menu for app selection disappears and the screen becomes clean.

Limited by drawing time

For example, if you want to reject submissions with only lines drawn in less than 1 minute,

// Security timer (unit: seconds). If not set, use ""
define("SECURITY_TIMER", "");

It was possible to specify the minimum required drawing time with , but until now, it was effective only for Shi-Painter and PaintBBS NEO.
With this update, ChickenPaint and Klecks now have this setting enabled.
In the old method, when there was a violation, it was possible to jump to another site (for example, the Metropolitan Police Department site), but instead of that method, an alert will open "Please draw for another 30 seconds.".

changed files

  • neo.js
  • picpost.php
  • potiboard.php
  • save.php
  • saveklecks.php
  • saveneo.php
  • config.php
    Those who do not need new setting items do not need to update.

Changed Templates

MONO

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/mono_paint.blade.php
  • templates/mono_en/paint_klecks.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php

Please update only those who need newly added setting items.

  • You also need to update the parts/ directory, like parts/paint_form.blade.php.
    If you haven't customized the template, it's okay to overwrite the entire templates/ directory.

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

221227_006

Changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

  • It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
    Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
    With v5.52, you can now automatically get the canvas size from the animation file.
    However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
    For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

221227_005

This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

  • potiboard.php

[2022/12/24] v5.51.0

  • PaintBBS NEO update v1.5.16

  • Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
    If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
    POTI-board uses JavaScript to load cookies into static HTML files.
    Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
    I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
    However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
    There is also a drawing board that uses httpOnly cookies.
    satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
    Log conversion from POTI-board is also possible.
    satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

  • Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
    So I externalized my JavaScript.
    This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
    We apologize for the inconvenience and the need to update templates frequently.
    A directory for JavaScript has also been added, such as templates/mono_en/js/.
    Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
    Overwrite everything in the templates/ directory if you haven't customized the templates.
    Just upload all new installations.

PaintBBS NEO Update v1.5.16

  • neo.js

changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_catalog.blade.php
  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/search.blade.php

files added

  • templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

  • Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
  • Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
  • Add same-origin check. Illegal posts from different origins are now rejected.
    However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
    This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
    CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
  • Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
  • Rejection when the password is incorrect 5 times in a row.
    If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
    If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove t...

Read more

POTI-board EVO EN v5.52.8 released. v3.x and earlier all versions have a serious bug.

30 Dec 14:18
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.52.8 release

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

221227_006

Changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

  • It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
    Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
    With v5.52, you can now automatically get the canvas size from the animation file.
    However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
    For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

221227_005

This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

  • potiboard.php

[2022/12/24] v5.51.0

  • PaintBBS NEO update v1.5.16

  • Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
    If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
    POTI-board uses JavaScript to load cookies into static HTML files.
    Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
    I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
    However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
    There is also a drawing board that uses httpOnly cookies.
    satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
    Log conversion from POTI-board is also possible.
    satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

  • Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
    So I externalized my JavaScript.
    This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
    We apologize for the inconvenience and the need to update templates frequently.
    A directory for JavaScript has also been added, such as templates/mono_en/js/.
    Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
    Overwrite everything in the templates/ directory if you haven't customized the templates.
    Just upload all new installations.

PaintBBS NEO Update v1.5.16

  • neo.js

changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_catalog.blade.php
  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/search.blade.php

files added

  • templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

  • Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
  • Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
  • Add same-origin check. Illegal posts from different origins are now rejected.
    However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
    This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
    CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
  • Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
  • Rejection when the password is incorrect 5 times in a row.
    If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
    If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

  • Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

  • Use uniqid() to emit user-code repcode. It now changes in micro time units.

  • Increased the replacement code length from 8 to 12 characters.

  • Added original error message for WAF false positive to PaintBBS NEO.

Screen-2022-12-21_14-34-31

changed files

  • noticemail/noticemail.inc
  • neo.js
  • config.php
  • potiboard.php
  • thumbnail_gd.php
  • picpost.php
  • save.php
  • saveklecks.php

Changed Templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/paint_klecks.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/search.blade.php
  • templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

  • Updated Klecks.
  • Fixed brush shortcut key behavior.
    Updated BladeOne to v4.7.1.

improvement

  • Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
    Previously, the working file could be overwritten by another file.

  • An error does not occur when the post time to be compared is in the future.
    In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
    For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

  • BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
    The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

  • Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

  • The types of error messages have increased when posting OEKAKI images fails.

changed directories

  • BladeOne/
  • klecks/

changed files

  • picpost.php
  • potiboard.php

Changed Templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

  • When you click the image file link on the management screen, it now pops up with luminous.
    Previously, images were opened in separate tabs.
  • Corrected [tweet] to [Tweet].
  • Corrected [TOOL] to [Tool].

Template MONO

  • Added back to top page function that is displayed when scrolling to template MONO.
  • Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
    As a result, the left and right margins of the image displayed on the smartphone are the same.
    Previously, the margin on the right side of the screen was larger.
    ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

  • If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
    Subresource Integrity See MDN.
    If you change the version of CheerpJ, it will not work unless you change the hash value.
    However, the calculated hash value is included in the latest version of potiboard.php
    ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When ...

Read more

POTI-board EVO EN v5.52.2 released. v3.x and earlier all versions have a serious bug.

28 Dec 08:15
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.52.2 release

POTI-board EVO v5.52.2 release

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

  • It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
    Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
    With v5.52, you can now automatically get the canvas size from the animation file.
    However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
    For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

221227_005

This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

  • potiboard.php

[2022/12/24] v5.51.0

  • PaintBBS NEO update v1.5.16

  • Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
    If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
    POTI-board uses JavaScript to load cookies into static HTML files.
    Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
    I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
    However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
    There is also a drawing board that uses httpOnly cookies.
    satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
    Log conversion from POTI-board is also possible.
    satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

  • Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
    So I externalized my JavaScript.
    This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
    We apologize for the inconvenience and the need to update templates frequently.
    A directory for JavaScript has also been added, such as templates/mono_en/js/.
    Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
    Overwrite everything in the templates/ directory if you haven't customized the templates.
    Just upload all new installations.

PaintBBS NEO Update v1.5.16

  • neo.js

changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_catalog.blade.php
  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/search.blade.php

files added

  • templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

  • Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
  • Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
  • Add same-origin check. Illegal posts from different origins are now rejected.
    However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
    This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
    CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
  • Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
  • Rejection when the password is incorrect 5 times in a row.
    If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
    If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

  • Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

  • Use uniqid() to emit user-code repcode. It now changes in micro time units.

  • Increased the replacement code length from 8 to 12 characters.

  • Added original error message for WAF false positive to PaintBBS NEO.

Screen-2022-12-21_14-34-31

changed files

  • noticemail/noticemail.inc
  • neo.js
  • config.php
  • potiboard.php
  • thumbnail_gd.php
  • picpost.php
  • save.php
  • saveklecks.php

Changed Templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/paint_klecks.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/search.blade.php
  • templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

  • Updated Klecks.
  • Fixed brush shortcut key behavior.
    Updated BladeOne to v4.7.1.

improvement

  • Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
    Previously, the working file could be overwritten by another file.

  • An error does not occur when the post time to be compared is in the future.
    In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
    For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

  • BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
    The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

  • Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

  • The types of error messages have increased when posting OEKAKI images fails.

changed directories

  • BladeOne/
  • klecks/

changed files

  • picpost.php
  • potiboard.php

Changed Templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

  • When you click the image file link on the management screen, it now pops up with luminous.
    Previously, images were opened in separate tabs.
  • Corrected [tweet] to [Tweet].
  • Corrected [TOOL] to [Tool].

Template MONO

  • Added back to top page function that is displayed when scrolling to template MONO.
  • Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
    As a result, the left and right margins of the image displayed on the smartphone are the same.
    Previously, the margin on the right side of the screen was larger.
    ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

  • If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
    Subresource Integrity See MDN.
    If you change the version of CheerpJ, it will not work unless you change the hash value.
    However, the calculated hash value is included in the latest version of potiboard.php
    ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on t...

Read more

POTI-board EVO EN v5.51.0 released. v3.x and earlier all versions have a serious bug.

25 Dec 04:59
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.51.0 release

[2022/12/24] v5.51.0

  • PaintBBS NEO update v1.5.16

  • Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
    If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
    POTI-board uses JavaScript to load cookies into static HTML files.
    Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
    I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
    However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
    There is also a drawing board that uses httpOnly cookies.
    satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
    Log conversion from POTI-board is also possible.
    satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

  • Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
    So I externalized my JavaScript.
    This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
    We apologize for the inconvenience and the need to update templates frequently.
    A directory for JavaScript has also been added, such as templates/mono_en/js/.
    Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
    Overwrite everything in the templates/ directory if you haven't customized the templates.
    Just upload all new installations.

PaintBBS NEO Update v1.5.16

  • neo.js

changed files

  • potiboard.php

Changed Templates

  • templates/mono_en/mono_catalog.blade.php
  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/search.blade.php

files added

  • templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

  • Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
  • Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
  • Add same-origin check. Illegal posts from different origins are now rejected.
    However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
    This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
    CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
  • Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
  • Rejection when the password is incorrect 5 times in a row.
    If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
    If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

  • Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

  • Use uniqid() to emit user-code repcode. It now changes in micro time units.

  • Increased the replacement code length from 8 to 12 characters.

  • Added original error message for WAF false positive to PaintBBS NEO.

Screen-2022-12-21_14-34-31

changed files

  • noticemail/noticemail.inc
  • neo.js
  • config.php
  • potiboard.php
  • thumbnail_gd.php
  • picpost.php
  • save.php
  • saveklecks.php

Changed Templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/paint_klecks.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/search.blade.php
  • templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

  • Updated Klecks.
  • Fixed brush shortcut key behavior.
    Updated BladeOne to v4.7.1.

improvement

  • Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
    Previously, the working file could be overwritten by another file.

  • An error does not occur when the post time to be compared is in the future.
    In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
    For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

  • BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
    The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

  • Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

  • The types of error messages have increased when posting OEKAKI images fails.

changed directories

  • BladeOne/
  • klecks/

changed files

  • picpost.php
  • potiboard.php

Changed Templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

  • When you click the image file link on the management screen, it now pops up with luminous.
    Previously, images were opened in separate tabs.
  • Corrected [tweet] to [Tweet].
  • Corrected [TOOL] to [Tool].

Template MONO

  • Added back to top page function that is displayed when scrolling to template MONO.
  • Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
    As a result, the left and right margins of the image displayed on the smartphone are the same.
    Previously, the margin on the right side of the screen was larger.
    ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

  • If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
    Subresource Integrity See MDN.
    If you change the version of CheerpJ, it will not work unless you change the hash value.
    However, the calculated hash value is included in the latest version of potiboard.php
    ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the number of steps is low".

221027_002 Issue an alert when the NEO drawing time or number of processes is insufficient.

Compulsory thumbnail function is back

  • Restored the force thumbnail feature that was in v1.3.
    Using the latest thumbnail_gd.php turns this feature on.
    If the file size exceeds 1MB, a thumbnail image in jpeg format will be output.
    Assumed case. If a GIF animation image file that is small in height and width but large in file size exceeds 1 MB, a thumbnail image in JPEG format will be displayed instead of the GIF animation.
    Click the image to view the original GIF animation.

others

  • Changed the initial error message to switch automatically between Japanese and English.
  • Reduce load by avoiding unnecessary processing. For example, if there are no comments, you don't have to check the length of the comment or the bad words, so returning immediately reduces the load.

update Klecks

Fixes an issue where white fills after using distortion tool show lines that follow the shape of the Liquify.
Added how-to video link to help page and added gradient shortcut keys section.

changed directories

  • klecks/

changed files

  • potiboard.php
  • pale...
Read more

POTI-board EVO EN v5.50.11 released. v3.x and earlier all versions have a serious bug.

21 Dec 13:58
Compare
Choose a tag to compare

Serious bugs in older versions

  • POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
    Malicious JavaScript can be executed.

  • POTI-board v3.09.x and earlier all versions have a serious bug.
    You may lose all log files.

  • POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

  • Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
  • Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
  • Add same-origin check. Illegal posts from different origins are now rejected.
    However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
    This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
    CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
  • Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
  • Rejection when the password is incorrect 5 times in a row.
    If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
    If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

  • Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

  • Use uniqid() to emit user-code repcode. It now changes in micro time units.

  • Increased the replacement code length from 8 to 12 characters.

  • Added original error message for WAF false positive to PaintBBS NEO.

Screen-2022-12-21_14-34-31

changed files

  • noticemail/noticemail.inc
  • neo.js
  • config.php
  • potiboard.php
  • thumbnail_gd.php
  • picpost.php
  • save.php
  • saveklecks.php

Changed Templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/mono_other.blade.php
  • templates/mono_en/paint_klecks.blade.php
  • templates/mono_en/parts/mono_paint_form.blade.php
  • templates/mono_en/search.blade.php
  • templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

  • Updated Klecks.
  • Fixed brush shortcut key behavior.
    Updated BladeOne to v4.7.1.

improvement

  • Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
    Previously, the working file could be overwritten by another file.

  • An error does not occur when the post time to be compared is in the future.
    In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
    For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

  • BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
    The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

  • Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

  • The types of error messages have increased when posting OEKAKI images fails.

changed directories

  • BladeOne/
  • klecks/

changed files

  • picpost.php
  • potiboard.php

Changed Templates

  • templates/mono_en/mono_main.blade.php
  • templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

  • When you click the image file link on the management screen, it now pops up with luminous.
    Previously, images were opened in separate tabs.
  • Corrected [tweet] to [Tweet].
  • Corrected [TOOL] to [Tool].

Template MONO

  • Added back to top page function that is displayed when scrolling to template MONO.
  • Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
    As a result, the left and right margins of the image displayed on the smartphone are the same.
    Previously, the margin on the right side of the screen was larger.
    ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

  • If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
    Subresource Integrity See MDN.
    If you change the version of CheerpJ, it will not work unless you change the hash value.
    However, the calculated hash value is included in the latest version of potiboard.php
    ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the number of steps is low".

221027_002 Issue an alert when the NEO drawing time or number of processes is insufficient.

Compulsory thumbnail function is back

  • Restored the force thumbnail feature that was in v1.3.
    Using the latest thumbnail_gd.php turns this feature on.
    If the file size exceeds 1MB, a thumbnail image in jpeg format will be output.
    Assumed case. If a GIF animation image file that is small in height and width but large in file size exceeds 1 MB, a thumbnail image in JPEG format will be displayed instead of the GIF animation.
    Click the image to view the original GIF animation.

others

  • Changed the initial error message to switch automatically between Japanese and English.
  • Reduce load by avoiding unnecessary processing. For example, if there are no comments, you don't have to check the length of the comment or the bad words, so returning immediately reduces the load.

update Klecks

Fixes an issue where white fills after using distortion tool show lines that follow the shape of the Liquify.
Added how-to video link to help page and added gradient shortcut keys section.

changed directories

  • klecks/

changed files

  • potiboard.php
  • palette.txt
  • picpost.php
  • save.php
  • saveklecks.php
  • thumbnail_gd.php

Changed Templates

  • templates/mono_en/

[2022/10/03] v5.26.8

Updated ChickenPaint to the latest version.

ChickenPaint_Chrome106_bug

The attached image is a GIF animation when I did a reproduction test of the problem that the color picker is not displayed.
Updated to the latest version of ChickenPaint to avoid a bug in Google Chrome 105,106 that causes this problem.

Updated klecks to the latest version.

  • Added option to use gradient tool as an eraser.
  • Added vanishing point filter.

Display images using luminous.

luminous

changed directories

  • chickenpaint/
  • klecks/
  • lib/luminous/

changed files

  • potiboard.php
  • search.php

Changed Templates

  • templates/mono_en/

[2022/09/20] v5.26.3

Update

  • Updated Klecks to latest version.
    Gradient tool and pattern filter added.
  • Updated BladeOne to v4.6.

Bug fixes

  • Fixed a bug that an E-WARNING level PHP error occurred when specifying an article number other than the article number of the thread's parent on the reply screen.
    Please update potiboard.php.

Improvements

  • If the password field is blank for password authentication when drawing a continuation or download authentication of pch, chi, psd, the cookie password will be used instead.
    Unified to the same behavior as password authentication during edit function.
  • Fixed function check_password() for password checking. Password authentication will not succeed if no password is entered and the password is not present in the cookie.
  • Fixed the multilingual support of the mail notification function was insufficient.
  • Increased page number spacing for template MONO.
  • Fixed paint screen's clock javascript .
  • Changed the unit of file size on the managed post screen from bytes to kb.

changed directories

  • klecks/
  • BladeOne/

changed files

  • potiboard.php
  • thumbnail_gd.php
  • picpost.php

Changed...

Read more