POTI-board EVO EN v6.37.6 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v6.37.6 released

2024/10/04 v6.37.6

Lightbox Updated

• Lightbox updated to v2.11.5 and changed to a drawing board.

AXNOS Paint Updated

• The background of the layer thumbnail images has been changed from a solid gray to a checkerboard pattern.
  This is a change in the unofficial version of AXNOS Paint. The original AXNOS Paint developer is not responsible for any issues caused by this change, so please do not contact the original AXNOS Paint developer.

Changed files

• axnos/ Overwrite and update directory
• lib/lightbox/ Overwrite and update directory
• potiboard.php

2024/09/30 v6.37.3

PaintBBS NEO has been updated

PaintBBS NEO has a function to restore images when you move to another page or accidentally close the browser tab, but if you accidentally select a small canvas size when restoring, the image will be cropped to fit that small canvas size.
Even if you then select a larger canvas size and reopen the image, the image will remain cropped small.
With this update, you can now restore the image to its original size by selecting a larger canvas size and reopening it.

Changed files

• neo.js
• potiboard.php

2024/09/28 v6.37.2

PaintBBS NEO has been updated

Images can now be restored even if the PC is turned off

PaintBBS NEO has a function to restore images when you move to another page or accidentally close the browser tab, but if the PC is turned off due to a power outage caused by lightning, images cannot be restored.
Backup data was only saved when you moved to another page or closed the tab, so if an unexpected power outage caused by lightning occurred, the data for restoration was not saved.
To address this issue, data for restoration will be saved every 10 strokes.
Data will also be saved if the browser is closed.
The data storage destination has been changed to local storage, similar to mobile devices.
However, this alone will still leave problems.
Test drawing data, etc. will continue to be saved for more than a week and may be restored at unexpected times.
Taking this into consideration, restoration data older than three days will be automatically discarded.
Due to recent climate change, power outages due to thunderstorms are increasing.
With PaintBBS NEO v1.6.5, you can now restore your Drawing bulletin board data even in the event of a sudden power outage.

Operation has been confirmed on PC versions of Chrome, Edge, and Firefox.

Changed files

• neo.js
• potiboard.php

2024/09/27 v6.37.0

Now supports PHP 8.4

We created a test environment for the PHP8.4 RC version, which is scheduled to be released in November 2024, and tested POTI-board.
As a result, we found that a deprecated error occurred in BladeOne.
Since PHP8.4 has not yet been officially released, it will be some time before BladeOne supports PHP8.4.
For this reason, we created an unofficial patched version of BladeOne and included it.

PaintBBS NEO update

Code that mixed substring() and slice() has been unified into slice(). (No change in behavior)

Changed files

• BladeOne/ Overwrite and update directory
• neo.css
• neo.js
• potiboard.php

Changed templates

• templates/mono_en/mono_main.blade.php

2024/09/19 v6.36.3

ChickenPaint Be has been updated

• Removed unnecessary Bootstrap 3 and Bootstrap 4 legacy CSS classes.

The singular "post" and plural "posts" are now displayed correctly.

• "1 post omitted" and "2 posts omitted" now display correctly in singular and plural.

Changed files

• potiboard.php
• chickenpaint/ Overwrite and update directory

Changed templates

• templates/mono_en/mono_main.blade.php

2024/09/07 v6.36.1

Updated the Paint screen template.

• Fixed a bug that caused image files such as PNG and JPEG to fail to load when continuing to draw with Klecks.
• Fixed a bug in template used with Klecks where loading a transparent PNG would result in a white background instead of transparent.
  This issue was discovered late, as it did not occur when a PSD file with layer information was present.
• Fixed the 404 error message that appears when the file to save the image does not exist.
  The error message displayed the file name that was included but not called directly.

Updated AXNOS Paint

The released AXNOS Paint V2.3.0 has been remodeled for POTI-board.

Changed files

• axnos/ Overwrite and update directory
• potiboard.php

Changed templates

• templates/mono_en/paint_axnos.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/paint_tegaki.blade.php

2024/09/05 v6.36.0

AXNOS Paint has been updated.

• The maximum and minimum canvas size set in the bulletin board are now reflected in the maximum and minimum canvas size in the AXNOS Paint Settings tab.
• If the browser's preferred language setting is anything other than Japanese, the UI now launches in English.
• The draft image loading process has been replaced with the official AXNOS Paint one.

Changed files

• axnos/ Overwrite and update directory
• potiboard.php

Changed templates

• templates/mono_en/paint_axnos.blade.php
• templates/mono_en/paint_klecks.blade.php

2024/08/21 v6.35.3

Updates to AXNOS Paint derivatives

• Modified the layer compositing results to be closer to SAI and FireAlpaca.
  This is currently a change to the specifications of AXNOS Paint derivatives, so if any problems with the layer compositing results occur due to this change, it is a problem with the derivative, not the original version.
• Implemented a measure to prevent repeated pressing of the post button in AXNOS Paint and Tegaki
  Fixed an issue where multiple images were sent when the post button was pressed repeatedly, and were added to the list of unposted images.
  Changed the communication process to comply with AXNOS Paint specifications.

Changed files

• axnos/ Overwrite and update directory
• tegaki/ Overwrite and update directory
• potiboard.php
• templates/mono_en/paint_axnos.blade.php

2024/08/09 v6.35.2

AXNOS paint has been updated.

• Resolved an issue when moving the tool palette on Mac Safari browser.
  This issue does not reproduce in the latest versions of Safari. This is an unofficial fix to address an issue occurring in Safari 14.

Changed files

• axnos/ Overwrite and update directory
• potiboard.php

2024/08/08 v6.35.1

Now supports AXNOS Paint.

What is AXNOS Paint (What is Axnos Paint) [Word article] - Niconico Encyclopedia

A new setting item has been added to config.php

//Use Axnos Paint 
// (1: Enabled, 0: Disabled) 
define("USE_AXNOS", "1");

If this setting item does not exist, Axnos Paint will be used.
If you don't want Axnos Paint to appear in the paint app selection list, add the above setting.

Changed files

• axnos/ Overwrite and update directory
• potiboard.php
• config.php

Changed Templates

• templates/mono_en/mono_paint.blade.php
• templates/mono_en/paint_axnos.blade.php
• templates/mono_en/parts/mono_copyright.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

2024/08/04 v6.33.8

ChickenPaint Be Updates

• The Blur tool in the Tool Palette now has a shortcut key set to U.
  This assigns all shortcut keys in the Tool Palette except for rotating the canvas and moving the hand tool.
  Since rotating the canvas is already available with R+drag and the hand tool with Shift+drag, there is no need to set shortcut keys for these functions in the Tool Palette.
• The apply transform button now expands to the full width of the palette, just like in the original ChickenPaint.
  This was an issue we ran into when we changed to Bootstrap 5, which was missing some needed CSS from the original ChickenPaint, so we restored some of the CSS from the original ChickenPaint.

potiboard.php code cleanup

• The code handling matching article numbers and passwords when rendering continuations is now less nested.

Changed files

• potiboard.php
• chickenpaint/ Overwrite and update directory

2024/07/27 v6.33.6

Added error message.

"MSG051", "[Locked due to incorrect password attempts.]"

Changed files

• potiboard.php
• templates/mono_en/template_ini.php

2024/07/27 v6.33.5

Fixed a bug in ChickenPaint Be.

• 2024/07/13 In v6.32.9, ChickenPaint Be starts with two layers, but the transparent layer that is automatically created at that time did not work properly.
  When drawing with a watercolor brush, black was dragged and the screen became black.
  This issue was fixed by setting the layer color correctly.

Changed files

• potiboard.php
• chickenpaint/ Overwrite and update directory

2024/07/24 v6.33.2

Changed files

• potiboard.php
• chickenpaint/ Overwrite and update directory
• klecks/ Overwrite and update directory

2024/07/19 v6.32.11

ChickenPaint Be has been updated.

• Added a duplicate icon to the Layer palette.
  You can now duplicate layers and layer groups with one tap.
  Previously you had to use a shortcut key or select duplicate from the top menu.
• Changed the Merge Down icon.
• The layer group merge icon is now in the same position as the Merge Down icon.
  When you select a layer group folder, it becomes the group merge ico...

POTI-board EVO EN 5.63.9 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v5.63.9 release

Fixd Bug

• Fixed issue of color swatches not loading from PC in a customized version of ChickenPaint for POTI-board.

Changed files

• chickenpaint/ Overwrite directory update
• potiboard.php
• picpost.php
• save.php
• saveklecks.php
• saveneo.php

23/08/13 v5.63.8

Added option to hide [Admin mode] link.

Added this option to config.php.

// Display a link to the [Admin mode]  Yes: 1 No: 0
define("USE_ADMIN_LINK", "1");
// No: 0 Hide link to the admin mode.

Changed files

• config.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php

23/08/07 v5.63.7.1

• klecks/ (Update directory by overwriting)
• potiboard.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/mono_paint.blade.php

23/08/04 v5.63.6.1

Updated Klecks and Tegaki

• klecks/ (Update directory by overwriting)
• tegaki/ (Update directory by overwriting)

23/08/04 v5.63.6

Fixed bug.

• Fixed a bug that could not be displayed in IE mode of Edge.

Changed files

• potiboard.php
• templates/mono_en/js/mono_common.js
• templates/mono_en/parts/style-switcher.blade.php

23/07/27 v5.63.5

Fixed bugs.

• potiboard.php
• search.inc.php
  (Some variables were undefined.)
• templates/mono_en/mono_main.blade.php
  (There was a part where the search link was still "search.php".)
• templates/mono_en/paint_tegaki.blade.php
  (When used on an iPad, the screen was being magnified by double-tap zoom.)

23/07/13 v5.63.3

You can now set the width and height of the window that opens when sharing on SNS in config.php.

Added a new setting item to config.php.

""

// Width and height of window to open when SNS sharing

//window width initial value 350
define("SNS_WINDOW_WIDTH","350");
//window height initial value 490
define("SNS_WINDOW_HEIGHT","490");

""

When adding a server for SNS sharing, the height of the shared screen window was insufficient and scrolling was sometimes required.
Solved the problem by making it possible to set the width and height of the shared screen of the server list when sharing with SNS.
If the above setting items do not exist in config.php, the default values of 350px width and 490px height will be applied.

Changed files

• potiboard.php
• config.php (Update only if you need new configuration items)

Changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php

[2023/07/12] v5.63.2

Improved selection operability of SNS server to share posts

Servers to share can be selected not only directly above the label string, but also by tapping the right margin of the label.

• templates/mono_en/set_share_server.blade.php
  Fixed HTML grammar errors.

Changed files

• potiboard.php

Changed Templates

• templates/mono_en/css/ (Update directory by overwriting)
• templates/mono_en/set_share_server.blade.php

[2023/07/11] v5.63.1

Replace search.php with search.inc.php

The structure of jsearch.php has been fundamentally overhauled, modified and incorporated into potiboard.php.
Search results that were previously displayed with a URL like "search.php?". The URL will be changed like "potiboard.php?mode=search&".

Externalize and standardize CSS switching part of templates MONO

`templates/mono/parts/style-switcher.blade.php` contains the following parts that have been written in many templates so far.
<style>
body{
	visibility: hidden;
}
</style>
<noscript>
	<style>
		body{
			visibility: visible;
		}
	</style>
</noscript>
<link rel="stylesheet" href="{{$skindir}}css/mono_main.css?{{$ver}}">
<link rel="stylesheet" href="{{$skindir}}css/mono_dark.css?{{$ver}}" id="css1" disabled>
<link rel="stylesheet" href="{{$skindir}}css/mono_deep.css?{{$ver}}" id="css2" disabled>
<link rel="stylesheet" href="{{$skindir}}css/mono_mayo.css?{{$ver}}" id="css3" disabled>

Also set CSS visibility: hidden; here to hide the screen until the DOM and JavaScript have finished loading.
This prevents MONO's color settings from temporarily appearing in a different color scheme.

Search is not case sensitive

Name searches are now case insensitive when the exact match option is selected.

Changed files

• potiboard.php
• search.inc.php

Changed Templates

• templates/mono_en/ (Update directory by overwriting)

[2023/07/08] v5.62.2

Bug fixes

Search function was not working.
This bug was introduced in v5.58.10 and fixed in v5.62.2.

From "Tweet button" to "Twitter", "Mastodon" and "Misskey" sharing.

In addition to "Twitter", you can now share posts on short-text posting SNS such as "Mastodon" and "Misskey".

You can also change it to a conventional tweet button by setting it in config.php.
You can also edit the list of "Mastodon" and "Misskey" servers.

/* ---------- SNS share function advanced settings ---------- */

//Include Mastodon and Misskey servers in the share function
// (1: Include, 0: Do not include)
define("SWITCH_SNS","1");

// Servers displayed in the list when sharing on SNS
//Example ["Display name","https://example.com (SNS server URL)"], (comma is required at the end)

$servers =
[

	["Twitter","https://twitter.com"],
	["mstdn.jp","https://mstdn.jp"],
	["pawoo.net","https://pawoo.net"],
	["fedibird.com","https://fedibird.com"],
	["misskey.io","https://misskey.io"],
	["misskey.design","https://misskey.design"],
	["nijimiss.moe","https://nijimiss.moe"],
	["sushi.ski","https://sushi.ski"],

];

If this setting item does not exist in config.php, the above setting will be applied by default.
If you do not need detailed settings, please use the config.php you are currently using as it is.

Changed files

• config.php
• potiboard.php
• search.php
• sns_share.inc.php

Changed templates

• templates/mono_en/img/share-from-square-solid.svg
• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/paint_tegaki.blade.php
• templates/mono_en/set_share_server.blade.php
• templates/mono_en/tgkr_view.blade.php

[2023/06/24] v5.61.2

Added support for the drawing application tegaki.js.

Improved "copy poster name" functionality.

It now add at the cursor position in the text field.
Previously, it was added at the end of the line.

Changed directory

• chickenpaint/
• tegaki/

Changed files

• potiboard.php
• saveklecks.php
• config.php

Changed templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_paint.blade.php
• templates/mono_en/parts/mono_copyright.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/paint_tegaki.blade.php
• templates/mono_en/tgkr_view.blade.php

[2023/06/11] v5.60.0

Fixed deprecated JavaScript syntax in paint app

• Updated PaintBBS NEO to v1.6.0.
• Updated to original modified version of ChickenPaint.

The paint app Klecks has two layers at startup.

Changed directory

• chickenpaint/ overwrite update chickenpaint/ directory

Changed files

• neo.js
• potiboard.php

Changed template

• templates/mono_en/paint_klecks.blade.php

[2023/05/20] v5.59.0

Bug fixes

• Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
• This bug was introduced in v5.58.6 and fixed in v5.59.0.

Updating jQuery

• Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
• jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.

Fixed deprecated JavaScript and jQuery syntax

• templates/mono_en/js/mono_common.js

Fixed deprecated JavaScript and jQuery syntax in each file.

Changed files

• potiboard.php

Added files

• lib/jquery-3.7.0.min.js

Changed template

• templates/mono_en/js/mono_common.js

[2023/05/07] v5.58.9.1

Klecks update

• Overwrite update of klecks/ directory

Blade One update

• Update by overwriting BladeOne/ directory

Changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_other.blade.php
  (fixes deprecated jQuery syntax)

[2023/05/03] v5.58.9

klecks update

changed directories

• Overwrite updated klecks/ directory

changed files

• potiboard.php

[2023/04/25] v5.58.8

ChickenPaint update

• Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.

changed directories

• Overwrite updated chickenpaint/ directory

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_paint.blade.php

[2023/04/13] v5.58.5

ChickenPaint update

• In order to deal with the problem that the aspect ratio of the drawing area is b...

POTI-board EVO EN v5.62.3 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v5.62.2 release

[2023/07/08] v5.62.2

Bug fixes

Search function was not working.
This bug was introduced in v5.58.10 and fixed in v5.62.2.

From "Tweet button" to "Twitter", "Mastodon" and "Misskey" sharing.

In addition to "Twitter", you can now share posts on short-text posting SNS such as "Mastodon" and "Misskey".

You can also change it to a conventional tweet button by setting it in config.php.
You can also edit the list of "Mastodon" and "Misskey" servers.

/* ---------- SNS share function advanced settings ---------- */

//Include Mastodon and Misskey servers in the share function
// (1: Include, 0: Do not include)
define("SWITCH_SNS","1");

// Servers displayed in the list when sharing on SNS
//Example ["Display name","https://example.com (SNS server URL)"], (comma is required at the end)

$servers =
[

	["Twitter","https://twitter.com"],
	["mstdn.jp","https://mstdn.jp"],
	["pawoo.net","https://pawoo.net"],
	["fedibird.com","https://fedibird.com"],
	["misskey.io","https://misskey.io"],
	["misskey.design","https://misskey.design"],
	["nijimiss.moe","https://nijimiss.moe"],
	["sushi.ski","https://sushi.ski"],

];

If this setting item does not exist in config.php, the above setting will be applied by default.
If you do not need detailed settings, please use the config.php you are currently using as it is.

Changed files

• config.php
• potiboard.php
• search.php
• sns_share.inc.php

Changed templates

• templates/mono_en/img/share-from-square-solid.svg
• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/paint_tegaki.blade.php
• templates/mono_en/set_share_server.blade.php
• templates/mono_en/tgkr_view.blade.php

[2023/06/24] v5.61.2

Added support for the drawing application tegaki.js.

Improved "copy poster name" functionality.

It now add at the cursor position in the text field.
Previously, it was added at the end of the line.

Changed directory

• chickenpaint/
• tegaki/

Changed files

• potiboard.php
• saveklecks.php
• config.php

Changed templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_paint.blade.php
• templates/mono_en/parts/mono_copyright.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/paint_tegaki.blade.php
• templates/mono_en/tgkr_view.blade.php

[2023/06/11] v5.60.0

Fixed deprecated JavaScript syntax in paint app

• Updated PaintBBS NEO to v1.6.0.
• Updated to original modified version of ChickenPaint.

The paint app Klecks has two layers at startup.

Changed directory

• chickenpaint/ overwrite update chickenpaint/ directory

Changed files

• neo.js
• potiboard.php

Changed template

• templates/mono_en/paint_klecks.blade.php

[2023/05/20] v5.59.0

Bug fixes

• Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
• This bug was introduced in v5.58.6 and fixed in v5.59.0.

Updating jQuery

• Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
• jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.

Fixed deprecated JavaScript and jQuery syntax

• templates/mono_en/js/mono_common.js

Fixed deprecated JavaScript and jQuery syntax in each file.

Changed files

• potiboard.php

Added files

• lib/jquery-3.7.0.min.js

Changed template

• templates/mono_en/js/mono_common.js

[2023/05/07] v5.58.9.1

Klecks update

• Overwrite update of klecks/ directory

Blade One update

• Update by overwriting BladeOne/ directory

Changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_other.blade.php
  (fixes deprecated jQuery syntax)

[2023/05/03] v5.58.9

klecks update

changed directories

• Overwrite updated klecks/ directory

changed files

• potiboard.php

[2023/04/25] v5.58.8

ChickenPaint update

• Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.

changed directories

• Overwrite updated chickenpaint/ directory

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_paint.blade.php

[2023/04/13] v5.58.5

ChickenPaint update

• In order to deal with the problem that the aspect ratio of the drawing area is broken when the orientation of the device is changed on the iPad, we have included a version of ChickenPaint that has been customized and built independently. (Temporary measure until the problem is resolved)
• This issue only occurs when using ChickenPaint in fullscreen mode.
• Therefore, I stopped starting in full screen mode and started in normal mode.
  You can switch the display to full screen mode by selecting full screen mode from ChickenPaint's menu bar.

Improvements

• Fix WCS dynamic palette script's deprecated JavaScript Rewrote substr() to substring() .
  String.prototype.substr() - JavaScript | MDN MDN

• Added a "Post in the same thread" checkbox.

Added a "Post in the same thread" checkbox.
However, in the case of "image replacement", there is no choice but to post in the same thread, so this option is unnecessary.

Therefore, I used JavaScript to display the "Post in the same thread" checkbox only when a new post is selected.

• bad host chek

When a user has the same host name and IP address, we made it possible to specify a few characters from the front of the IP address displayed as the host name and reject it with a prefix match.

$badhost =["example.com","100.100.200"];

If set like this:

"example.com" will be rejected with a suffix match, and "100.100.200" will be rejected with a prefix match.

changed directories

• Overwrite updated chickenpaint/ directory
• Update by overwriting BladeOne/ directory

changed files

-potiboard.php
-search.php

Changed Templates

Overwrite updated templates/mono_en/ directory

[2023/02/26] v5.56.3

Updated Klecks to latest version

• Dark theme is now selectable.
• Added French language support.
• Fixed touch gesture freezing issue on iPhone and iPad.

Updated BladeOne to latest version

• Updated BladeOne to v4.8.

Improvements

• Fixed that the order of the search screen was not in the latest order.
• Improved search screen code.

changed directory

• klecks/ directory
• BladeOne/ directory

changed files

-potiboard.php
-search.php

changed Templates

• templates/mono_en/search.blade.php
  Improved translations on the search screen.

[2023/02/11] v5.56.2.3

Bug fix

changed Templates

• templates/mono_en/paint_klecks.blade.php
  Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.

[2023/02/09] v5.56.2.2

• Added missing klecks help file.

[2023/02/05] v5.56.2

You can now configure whether or not to use the URL input field in config.php.

// Use URL input field (Yes: 1, No: 0)
define("USE_URL_INPUT_FIELD", "1");
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.

In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http:// is omitted, it should be almost impossible to write URL of advertisement spam.

Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.

It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.

In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.

If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.

changed files

• potiboard.php
• neo.js
• picpost.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  config.php only needs to ...

POTI-board EVO EN v5.60.0 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v5.60.0 release

[2023/05/20] v5.60.0

Fixed deprecated JavaScript syntax in paint app

• Updated PaintBBS NEO to v1.6.0.
• Updated to original modified version of ChickenPaint.

The paint app Klecks has two layers at startup.

Changed directory

• chickenpaint/ overwrite update chickenpaint/ directory

Changed files

• neo.js
• potiboard.php

Changed template

• templates/mono_en/paint_klecks.blade.php

[2023/05/20] v5.59.0

Bug fixes

• Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
• This bug was introduced in v5.58.6 and fixed in v5.59.0.

Updating jQuery

• Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
• jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.

Fixed deprecated JavaScript and jQuery syntax

• templates/mono_en/js/mono_common.js

Fixed deprecated JavaScript and jQuery syntax in each file.

Changed files

• potiboard.php

Added files

• lib/jquery-3.7.0.min.js

Changed template

• templates/mono_en/js/mono_common.js

[2023/05/07] v5.58.9.1

Klecks update

• Overwrite update of klecks/ directory

Blade One update

• Update by overwriting BladeOne/ directory

Changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_other.blade.php
  (fixes deprecated jQuery syntax)

[2023/05/03] v5.58.9

klecks update

changed directories

• Overwrite updated klecks/ directory

changed files

• potiboard.php

[2023/04/25] v5.58.8

ChickenPaint update

• Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.

changed directories

• Overwrite updated chickenpaint/ directory

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_paint.blade.php

[2023/04/13] v5.58.5

ChickenPaint update

• In order to deal with the problem that the aspect ratio of the drawing area is broken when the orientation of the device is changed on the iPad, we have included a version of ChickenPaint that has been customized and built independently. (Temporary measure until the problem is resolved)
• This issue only occurs when using ChickenPaint in fullscreen mode.
• Therefore, I stopped starting in full screen mode and started in normal mode.
  You can switch the display to full screen mode by selecting full screen mode from ChickenPaint's menu bar.

Improvements

• Fix WCS dynamic palette script's deprecated JavaScript Rewrote substr() to substring() .
  String.prototype.substr() - JavaScript | MDN MDN

• Added a "Post in the same thread" checkbox.

Added a "Post in the same thread" checkbox.
However, in the case of "image replacement", there is no choice but to post in the same thread, so this option is unnecessary.

Therefore, I used JavaScript to display the "Post in the same thread" checkbox only when a new post is selected.

• bad host chek

When a user has the same host name and IP address, we made it possible to specify a few characters from the front of the IP address displayed as the host name and reject it with a prefix match.

$badhost =["example.com","100.100.200"];

If set like this:

"example.com" will be rejected with a suffix match, and "100.100.200" will be rejected with a prefix match.

changed directories

• Overwrite updated chickenpaint/ directory
• Update by overwriting BladeOne/ directory

changed files

-potiboard.php
-search.php

Changed Templates

Overwrite updated templates/mono_en/ directory

[2023/02/26] v5.56.3

Updated Klecks to latest version

• Dark theme is now selectable.
• Added French language support.
• Fixed touch gesture freezing issue on iPhone and iPad.

Updated BladeOne to latest version

• Updated BladeOne to v4.8.

Improvements

• Fixed that the order of the search screen was not in the latest order.
• Improved search screen code.

changed directory

• klecks/ directory
• BladeOne/ directory

changed files

-potiboard.php
-search.php

changed Templates

• templates/mono_en/search.blade.php
  Improved translations on the search screen.

[2023/02/11] v5.56.2.3

Bug fix

changed Templates

• templates/mono_en/paint_klecks.blade.php
  Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.

[2023/02/09] v5.56.2.2

• Added missing klecks help file.

[2023/02/05] v5.56.2

You can now configure whether or not to use the URL input field in config.php.

// Use URL input field (Yes: 1, No: 0)
define("USE_URL_INPUT_FIELD", "1");
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.

In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http:// is omitted, it should be almost impossible to write URL of advertisement spam.

Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.

It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.

In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.

If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.

changed files

• potiboard.php
• neo.js
• picpost.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  config.php only needs to be updated if new configuration items are needed.

changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php

[2023/01/19] v5.55.8.5

Bug fixes

• PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
  Overwrite and update saveneo.php.

changed files

• saveneo.php

[2023/01/14] v5.55.8.2

Bug fix

Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".

changed files

modified file
picpost.php
save.php
saveklecks.php
saveneo.php

[2023/01/14] v5.55.8.1

• fixd saveneo.php

Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.

[2023/01/13] v5.55.8

Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.

• In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
  With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
  Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo

Important changes

• Receipt of shi-Painter data is done by picpost.php as before.
  However, the data of PaintBBS NEO is received by newly added saveneo.php.
  If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
  Transfer it to the same directory as potiboard.php.
  Please update

• Updated Paint screen template

mono_paint.blade.php

A parameter has been added to switch to the formData submit mode.

Changed the config.php

Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that doe...

POTI-board EVO EN v5.56.3 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.56.3 release

[2023/02/26] v5.56.3

Updated Klecks to latest version

• Dark theme is now selectable.
• Added French language support.
• Fixed touch gesture freezing issue on iPhone and iPad.

Updated BladeOne to latest version

• Updated BladeOne to v4.8.

Improvements

• Fixed that the order of the search screen was not in the latest order.
• Improved search screen code.

changed directory

• klecks/ directory
• BladeOne/ directory

changed files

-potiboard.php
-search.php

changed Templates

• templates/mono_en/search.blade.php
  Improved translations on the search screen.

[2023/02/11] v5.56.2.3

Bug fix

changed Templates

• templates/mono_en/paint_klecks.blade.php
  Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.

[2023/02/09] v5.56.2.2

• Added missing klecks help file.

[2023/02/05] v5.56.2

You can now configure whether or not to use the URL input field in config.php.

// Use URL input field (Yes: 1, No: 0)
define("USE_URL_INPUT_FIELD", "1");
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.

In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http:// is omitted, it should be almost impossible to write URL of advertisement spam.

Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.

It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.

In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.

If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.

changed files

• potiboard.php
• neo.js
• picpost.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  config.php only needs to be updated if new configuration items are needed.

changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php

[2023/01/19] v5.55.8.5

Bug fixes

• PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
  Overwrite and update saveneo.php.

changed files

• saveneo.php

[2023/01/14] v5.55.8.2

Bug fix

Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".

changed files

modified file
picpost.php
save.php
saveklecks.php
saveneo.php

[2023/01/14] v5.55.8.1

• fixd saveneo.php

Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.

[2023/01/13] v5.55.8

Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.

• In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
  With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
  Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo

Important changes

• Receipt of shi-Painter data is done by picpost.php as before.
  However, the data of PaintBBS NEO is received by newly added saveneo.php.
  If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
  Transfer it to the same directory as potiboard.php.
  Please update

• Updated Paint screen template

mono_paint.blade.php

A parameter has been added to switch to the formData submit mode.

Changed the config.php

Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one app to use, the pull-down menu for app selection disappears and the screen becomes clean.

Limited by drawing time

For example, if you want to reject submissions with only lines drawn in less than 1 minute,

// Security timer (unit: seconds). If not set, use ""
define("SECURITY_TIMER", "");

It was possible to specify the minimum required drawing time with , but until now, it was effective only for Shi-Painter and PaintBBS NEO.
With this update, ChickenPaint and Klecks now have this setting enabled.
In the old method, when there was a violation, it was possible to jump to another site (for example, the Metropolitan Police Department site), but instead of that method, an alert will open "Please draw for another 30 seconds.".

changed files

• neo.js
• picpost.php
• potiboard.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  Those who do not need new setting items do not need to update.

Changed Templates

MONO

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

Please update only those who need newly added setting items.

• You also need to update the parts/ directory, like parts/paint_form.blade.php.
  If you haven't customized the template, it's okay to overwrite the entire templates/ directory.

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

Changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

• It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
  Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
  With v5.52, you can now automatically get the canvas size from the animation file.
  However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
  For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

• potiboard.php

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16
• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  How...

POTI-board EVO EN v5.55.8.5 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.55.8.5 release

[2023/01/19] v5.55.8.5

Bug fixes

• PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
  Overwrite and update saveneo.php.

changed files

• saveneo.php

[2023/01/14] v5.55.8.2

Bug fix

Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".

changed files

modified file
picpost.php
save.php
saveklecks.php
saveneo.php

[2023/01/14] v5.55.8.1

• fixd saveneo.php

Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.

[2023/01/13] v5.55.8

Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.

• In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
  With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
  Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo

Important changes

• Receipt of shi-Painter data is done by picpost.php as before.
  However, the data of PaintBBS NEO is received by newly added saveneo.php.
  If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
  Transfer it to the same directory as potiboard.php.
  Please update

• Updated Paint screen template

mono_paint.blade.php

A parameter has been added to switch to the formData submit mode.

Changed the config.php

Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one app to use, the pull-down menu for app selection disappears and the screen becomes clean.

Limited by drawing time

For example, if you want to reject submissions with only lines drawn in less than 1 minute,

// Security timer (unit: seconds). If not set, use ""
define("SECURITY_TIMER", "");

It was possible to specify the minimum required drawing time with , but until now, it was effective only for Shi-Painter and PaintBBS NEO.
With this update, ChickenPaint and Klecks now have this setting enabled.
In the old method, when there was a violation, it was possible to jump to another site (for example, the Metropolitan Police Department site), but instead of that method, an alert will open "Please draw for another 30 seconds.".

changed files

• neo.js
• picpost.php
• potiboard.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  Those who do not need new setting items do not need to update.

Changed Templates

MONO

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

Please update only those who need newly added setting items.

• You also need to update the parts/ directory, like parts/paint_form.blade.php.
  If you haven't customized the template, it's okay to overwrite the entire templates/ directory.

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

Changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

• It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
  Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
  With v5.52, you can now automatically get the canvas size from the animation file.
  However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
  For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

• potiboard.php

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16

• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
  There is also a drawing board that uses httpOnly cookies.
  satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
  Log conversion from POTI-board is also possible.
  satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

• Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
  So I externalized my JavaScript.
  This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
  We apologize for the inconvenience and the need to update templates frequently.
  A directory for JavaScript has also been added, such as templates/mono_en/js/.
  Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
  Overwrite everything in the templates/ directory if you haven't customized the templates.
  Just upload all new installations.

PaintBBS NEO Update v1.5.16

• neo.js

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php

files added

• templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove t...

POTI-board EVO EN v5.52.8 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.52.8 release

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

Changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

• It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
  Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
  With v5.52, you can now automatically get the canvas size from the animation file.
  However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
  For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

• potiboard.php

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16

• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
  There is also a drawing board that uses httpOnly cookies.
  satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
  Log conversion from POTI-board is also possible.
  satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

• Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
  So I externalized my JavaScript.
  This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
  We apologize for the inconvenience and the need to update templates frequently.
  A directory for JavaScript has also been added, such as templates/mono_en/js/.
  Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
  Overwrite everything in the templates/ directory if you haven't customized the templates.
  Just upload all new installations.

PaintBBS NEO Update v1.5.16

• neo.js

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php

files added

• templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

• Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

• Use uniqid() to emit user-code repcode. It now changes in micro time units.

• Increased the replacement code length from 8 to 12 characters.

• Added original error message for WAF false positive to PaintBBS NEO.

changed files

• noticemail/noticemail.inc
• neo.js
• config.php
• potiboard.php
• thumbnail_gd.php
• picpost.php
• save.php
• saveklecks.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php
• templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

• Updated Klecks.
• Fixed brush shortcut key behavior.
  Updated BladeOne to v4.7.1.

improvement

• Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
  Previously, the working file could be overwritten by another file.

• An error does not occur when the post time to be compared is in the future.
  In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
  For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

• BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
  The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

• Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

• The types of error messages have increased when posting OEKAKI images fails.

changed directories

• BladeOne/
• klecks/

changed files

• picpost.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

• When you click the image file link on the management screen, it now pops up with luminous.
  Previously, images were opened in separate tabs.
• Corrected [tweet] to [Tweet].
• Corrected [TOOL] to [Tool].

Template MONO

• Added back to top page function that is displayed when scrolling to template MONO.
• Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
  As a result, the left and right margins of the image displayed on the smartphone are the same.
  Previously, the margin on the right side of the screen was larger.
  ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

• If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
  Subresource Integrity See MDN.
  If you change the version of CheerpJ, it will not work unless you change the hash value.
  However, the calculated hash value is included in the latest version of potiboard.php
  ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When ...

POTI-board EVO EN v5.52.2 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.52.2 release

POTI-board EVO v5.52.2 release

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

• It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
  Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
  With v5.52, you can now automatically get the canvas size from the animation file.
  However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
  For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

• potiboard.php

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16

• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
  There is also a drawing board that uses httpOnly cookies.
  satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
  Log conversion from POTI-board is also possible.
  satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

• Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
  So I externalized my JavaScript.
  This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
  We apologize for the inconvenience and the need to update templates frequently.
  A directory for JavaScript has also been added, such as templates/mono_en/js/.
  Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
  Overwrite everything in the templates/ directory if you haven't customized the templates.
  Just upload all new installations.

PaintBBS NEO Update v1.5.16

• neo.js

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php

files added

• templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

• Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

• Use uniqid() to emit user-code repcode. It now changes in micro time units.

• Increased the replacement code length from 8 to 12 characters.

• Added original error message for WAF false positive to PaintBBS NEO.

changed files

• noticemail/noticemail.inc
• neo.js
• config.php
• potiboard.php
• thumbnail_gd.php
• picpost.php
• save.php
• saveklecks.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php
• templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

• Updated Klecks.
• Fixed brush shortcut key behavior.
  Updated BladeOne to v4.7.1.

improvement

• Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
  Previously, the working file could be overwritten by another file.

• An error does not occur when the post time to be compared is in the future.
  In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
  For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

• BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
  The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

• Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

• The types of error messages have increased when posting OEKAKI images fails.

changed directories

• BladeOne/
• klecks/

changed files

• picpost.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

• When you click the image file link on the management screen, it now pops up with luminous.
  Previously, images were opened in separate tabs.
• Corrected [tweet] to [Tweet].
• Corrected [TOOL] to [Tool].

Template MONO

• Added back to top page function that is displayed when scrolling to template MONO.
• Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
  As a result, the left and right margins of the image displayed on the smartphone are the same.
  Previously, the margin on the right side of the screen was larger.
  ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

• If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
  Subresource Integrity See MDN.
  If you change the version of CheerpJ, it will not work unless you change the hash value.
  However, the calculated hash value is included in the latest version of potiboard.php
  ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on t...

POTI-board EVO EN v5.51.0 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.51.0 release

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16

• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
  There is also a drawing board that uses httpOnly cookies.
  satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
  Log conversion from POTI-board is also possible.
  satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

• Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
  So I externalized my JavaScript.
  This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
  We apologize for the inconvenience and the need to update templates frequently.
  A directory for JavaScript has also been added, such as templates/mono_en/js/.
  Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
  Overwrite everything in the templates/ directory if you haven't customized the templates.
  Just upload all new installations.

PaintBBS NEO Update v1.5.16

• neo.js

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php

files added

• templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

• Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

• Use uniqid() to emit user-code repcode. It now changes in micro time units.

• Increased the replacement code length from 8 to 12 characters.

• Added original error message for WAF false positive to PaintBBS NEO.

changed files

• noticemail/noticemail.inc
• neo.js
• config.php
• potiboard.php
• thumbnail_gd.php
• picpost.php
• save.php
• saveklecks.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php
• templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

• Updated Klecks.
• Fixed brush shortcut key behavior.
  Updated BladeOne to v4.7.1.

improvement

• Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
  Previously, the working file could be overwritten by another file.

• An error does not occur when the post time to be compared is in the future.
  In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
  For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

• BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
  The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

• Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

• The types of error messages have increased when posting OEKAKI images fails.

changed directories

• BladeOne/
• klecks/

changed files

• picpost.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

• When you click the image file link on the management screen, it now pops up with luminous.
  Previously, images were opened in separate tabs.
• Corrected [tweet] to [Tweet].
• Corrected [TOOL] to [Tool].

Template MONO

• Added back to top page function that is displayed when scrolling to template MONO.
• Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
  As a result, the left and right margins of the image displayed on the smartphone are the same.
  Previously, the margin on the right side of the screen was larger.
  ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

• If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
  Subresource Integrity See MDN.
  If you change the version of CheerpJ, it will not work unless you change the hash value.
  However, the calculated hash value is included in the latest version of potiboard.php
  ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the number of steps is low".

Compulsory thumbnail function is back

• Restored the force thumbnail feature that was in v1.3.
  Using the latest thumbnail_gd.php turns this feature on.
  If the file size exceeds 1MB, a thumbnail image in jpeg format will be output.
  Assumed case. If a GIF animation image file that is small in height and width but large in file size exceeds 1 MB, a thumbnail image in JPEG format will be displayed instead of the GIF animation.
  Click the image to view the original GIF animation.

others

• Changed the initial error message to switch automatically between Japanese and English.
• Reduce load by avoiding unnecessary processing. For example, if there are no comments, you don't have to check the length of the comment or the bad words, so returning immediately reduces the load.

update Klecks

Fixes an issue where white fills after using distortion tool show lines that follow the shape of the Liquify.
Added how-to video link to help page and added gradient shortcut keys section.

changed directories

• klecks/

changed files

• potiboard.php
• pale...

POTI-board EVO EN v5.50.11 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

• Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

• Use uniqid() to emit user-code repcode. It now changes in micro time units.

• Increased the replacement code length from 8 to 12 characters.

• Added original error message for WAF false positive to PaintBBS NEO.

changed files

• noticemail/noticemail.inc
• neo.js
• config.php
• potiboard.php
• thumbnail_gd.php
• picpost.php
• save.php
• saveklecks.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php
• templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

• Updated Klecks.
• Fixed brush shortcut key behavior.
  Updated BladeOne to v4.7.1.

improvement

• Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
  Previously, the working file could be overwritten by another file.

• An error does not occur when the post time to be compared is in the future.
  In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
  For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

• BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
  The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

• Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

• The types of error messages have increased when posting OEKAKI images fails.

changed directories

• BladeOne/
• klecks/

changed files

• picpost.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

• When you click the image file link on the management screen, it now pops up with luminous.
  Previously, images were opened in separate tabs.
• Corrected [tweet] to [Tweet].
• Corrected [TOOL] to [Tool].

Template MONO

• Added back to top page function that is displayed when scrolling to template MONO.
• Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
  As a result, the left and right margins of the image displayed on the smartphone are the same.
  Previously, the margin on the right side of the screen was larger.
  ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

• If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
  Subresource Integrity See MDN.
  If you change the version of CheerpJ, it will not work unless you change the hash value.
  However, the calculated hash value is included in the latest version of potiboard.php
  ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the number of steps is low".

Compulsory thumbnail function is back

• Restored the force thumbnail feature that was in v1.3.
  Using the latest thumbnail_gd.php turns this feature on.
  If the file size exceeds 1MB, a thumbnail image in jpeg format will be output.
  Assumed case. If a GIF animation image file that is small in height and width but large in file size exceeds 1 MB, a thumbnail image in JPEG format will be displayed instead of the GIF animation.
  Click the image to view the original GIF animation.

others

• Changed the initial error message to switch automatically between Japanese and English.
• Reduce load by avoiding unnecessary processing. For example, if there are no comments, you don't have to check the length of the comment or the bad words, so returning immediately reduces the load.

update Klecks

Fixes an issue where white fills after using distortion tool show lines that follow the shape of the Liquify.
Added how-to video link to help page and added gradient shortcut keys section.

changed directories

• klecks/

changed files

• potiboard.php
• palette.txt
• picpost.php
• save.php
• saveklecks.php
• thumbnail_gd.php

Changed Templates

• templates/mono_en/

[2022/10/03] v5.26.8

Updated ChickenPaint to the latest version.

The attached image is a GIF animation when I did a reproduction test of the problem that the color picker is not displayed.
Updated to the latest version of ChickenPaint to avoid a bug in Google Chrome 105,106 that causes this problem.

Updated klecks to the latest version.

• Added option to use gradient tool as an eraser.
• Added vanishing point filter.

Display images using luminous.

changed directories

• chickenpaint/
• klecks/
• lib/luminous/

changed files

• potiboard.php
• search.php

Changed Templates

• templates/mono_en/

[2022/09/20] v5.26.3

Update

• Updated Klecks to latest version.
  Gradient tool and pattern filter added.
• Updated BladeOne to v4.6.

Bug fixes

• Fixed a bug that an E-WARNING level PHP error occurred when specifying an article number other than the article number of the thread's parent on the reply screen.
  Please update potiboard.php.

Improvements

• If the password field is blank for password authentication when drawing a continuation or download authentication of pch, chi, psd, the cookie password will be used instead.
  Unified to the same behavior as password authentication during edit function.
• Fixed function check_password() for password checking. Password authentication will not succeed if no password is entered and the password is not present in the cookie.
• Fixed the multilingual support of the mail notification function was insufficient.
• Increased page number spacing for template MONO.
• Fixed paint screen's clock javascript .
• Changed the unit of file size on the managed post screen from bytes to kb.

changed directories

• klecks/
• BladeOne/

changed files

• potiboard.php
• thumbnail_gd.php
• picpost.php

Changed...