POTI-board EVO EN v6.39.11 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v6.39.11 released

2024/11/08 v6.39.11

Display detailed error message when file size is too large in Klecks

• Display error message in format like "File size is too large. Limit size: 20MB Current size:30MB".
  When the total size of PNG format image file and PSD format layer information output by Klecks exceeds the server's allowable size, it displays detailed information on why posting is not possible.
  Until now, it only displayed "Your picture upload failed!\nPlease try again!"
  Since the file size includes layer information, the more layers there are, the easier it is to exceed the limit.
  The file size will be smaller if you combine layers.

When displaying Japanese.

When displayed in English.

Changed file

• potiboard.php

Changed template

• templates/mono_en/paint_klecks.blade.php

2024/11/06 v6.39.9

ChickenPaint Be has been updated

• Displays a more detailed error message when the file size exceeds the server's allowable value.
  Displays the current file size and displays the error message "The file size exceeds the server limit."
  Previously, it only displayed "Sorry, your drawing could not be saved, please try again later."
  If you merge and organize ChickenPaint Be's layers, the file size at the time of posting will be smaller. If you are unable to post because this error message appears, merging the layers may enable posting.

If you have a rental server that has a default limit of 5MB and you want to allow file sizes larger than that, edit php.ini.
POTI-board looks at both post_max_size and upload_max_filesize and ​​uses the smaller of them as the limit value, so you need to adjust the following two upper limits.
Please check the server manual for instructions on how to edit php.ini.

The units in the following setting examples are MB.
Please note that if you set the limit too high, you may be more vulnerable to DDoS attacks.
Considering the stability of JavaScript apps, I think a maximum of 25MB is appropriate.

Example settings

; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; https://php.net/post-max-size
post_max_size = 20M

; Maximum allowed size for uploaded files.
; https://php.net/upload-max-filesize
upload_max_filesize = 20M

Changed files

• Chickenpaint/ Overwrite and update directory
• potiboard.php

Changed template

• templates/mono_en/mono_paint.blade.php

2024/11/03 v6.39.8

ChickenPaint Be has been updated

• Fixed an issue where the ChickenPaint Be texture palette could not be scrolled.
  (Scrolling the texture palette is necessary on devices with small screens such as smartphones.)

Changed files

• Chickenpaint/ Overwrite and update directory
• potiboard.php

2024/11/03 v6.39.7

Classify the series of GD processes for thumbnail creation to make the source code more readable

• As a result of cramming functions into thumbnail_gd.php, the readability of the source code significantly decreased, so we reorganized it into a static class.
  thumbnail_gd.php has been deleted.
  Use thumbnail_gd.inc.php instead.
  thumbnail_gd.php is no longer necessary, but there is no problem if it remains on the server.
  Please be careful when deleting, as you may delete a necessary file when trying to delete an unnecessary file.
  thumbnail_gd.inc.php` is now a common class with Petit Note.
  There is no longer a need to maintain two types of files, one for Petit Note and one for POTI-board.

Fixed a bug that reduced the actual size of drawing images.

// The maximum size for width and height during upload, any larger will be resized.
define("MAX_W_PX", "1024"); //Width
define("MAX_H_PX", "1024"); //Height

Fixed a bug that reduced the image size when the size set with MAX_W_PX or MAX_H_PX was smaller than the maximum size that can be drawn.
The image size limit for drawing images should have been specified as the maximum size that can be drawn, and it was unintended that the image would become smaller than the initial image after posting.

When posting, the screen now scrolls to the posted reply

• Because there is an input field at the top, previously the top of the reply screen was displayed once posting was completed.
  However, this could make it difficult to tell if the reply comment was posted, so we've made it so that the screen scrolls to a position where the reply comment is visible.

Changed file

• potiboard.php

Added file

• thumbnail_gd.inc.php

Deleted file

• thumbnail_gd.php

Changed templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_paint.blade.php

2024/11/01 v6.39.3

• I have improved the function to convert PNG images to JPEG when they exceed MAX_KB, and moved the GD processing that was processed in potiboard.php to thumbnail_gd.php.
  By utilizing the existing GD processing, the code in potiboard.php has been shortened.

• When drawing, even if the image file size exceeds the value specified in MAX_KB, the post will be completed without an error.
  As before, images attached from the posting form will result in an error when they exceed MAX_KB.
  This specification has existed until now, but even if the original file size is very large, it will be reduced due to the vertical and horizontal limitations, and if the file size is larger than MAX_KB, PNG will be converted to JPEG, and if the final file size is within the MAX_KB range, the post will be successful.

Changed files

• potiboard.php
• thumbnail_gd.php

2024/10/26 v6.38.1

ChickenPaint Be has been updated.

You can now change the brush size by dragging the circle in the brush preview screen with the pen

• The process that was optimized for the mouse has been rewritten as PointerEvent so that it can be operated with the pen.
  In addition, to prevent malfunctions, the default behavior of touchmoveEvent for each palette and the main menu has been canceled.
  Fixed an issue where a dragged object would continue to move even if the pen was removed from the screen.

Changed files

• Chickenpaint/ Overwrite and update directory
• potiboard.php

2024/10/25 v6.38.0

ChickenPaint Be has been updated.

Added noise texture to texture palette

• Added "Noise Texture" to "Texture Palette".
  Previously, you could add noise by using the "Monochrome Noise" option in the Effects menu in combination with layer effects, but the addition of "Noise Texture" allows you to create a slightly different type of noise.
  By using it in combination with a pen or pencil, you can draw more pencil-like lines.
  It is also effective when applying thick paint with a watercolor brush.

Disable texture when using eraser

• Added a process to disable texture when using eraser.
  You can now erase with the eraser even if a texture is selected.
  Previously, if you selected a texture and used the eraser, you could not erase it completely.
• Textures are applied when using the soft eraser. Please use the soft eraser when creating patterns by combining textures with the eraser.

Changed files

• Chickenpaint/ Overwrite and update directory
• potiboard.php

2024/10/23 v6.37.8

Search code optimization

• To improve code readability, the same process was made into a function.
  By making it a function, 16 lines that repeated the same process were reduced to 4 lines.

ChickenPaint Be updated

• Bootstrap is no longer declared globally, but is imported where necessary.
  In addition, processes that can be reduced were deleted.
  The build date is now listed in "About ChickenPaint Be".
  This makes it possible to see at a glance when ChickenPaint Be was built.

Changed files

• Chickenpaint/ Overwrite and update directory
• potiboard.php
• search.inc.php

2024/10/15 v6.37.7

ChickenPaint Be has been updated.

• The shortcut keys for zooming in and out in ChickenPaint Be have been changed to "+" and "-", the same as Klecks and AXNOS Paint.
  Previously, it was necessary to press the "ctrl key" at the same time, such as "ctrl + +" or "ctrl + -".

• The file size of ChickenPaint Be has been reduced by 23.7%.
  By changing the build tool and removing the polyfill package used for IE compatibility, the file size, which was 779KB, has been reduced to 594KB.
  This weight reduction has made startup faster.

Changed files

• chickenpaint/ Overwrite and update directory
• potiboard.php

2024/10/04 v6.37.6

Lightbox Updated

• Lightbox updated to v2.11.5 and changed to a drawing board.

AXNOS Paint Updated

• The background of the layer thumbnail images has been changed from a solid gray to a checkerboard pattern.
  This is a change in the unofficial version of AXNOS Paint. The original AXNOS Paint developer is no...

POTI-board EVO EN 5.63.9 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v5.63.9 release

Fixd Bug

• Fixed issue of color swatches not loading from PC in a customized version of ChickenPaint for POTI-board.

Changed files

• chickenpaint/ Overwrite directory update
• potiboard.php
• picpost.php
• save.php
• saveklecks.php
• saveneo.php

23/08/13 v5.63.8

Added option to hide [Admin mode] link.

Added this option to config.php.

// Display a link to the [Admin mode]  Yes: 1 No: 0
define("USE_ADMIN_LINK", "1");
// No: 0 Hide link to the admin mode.

Changed files

• config.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php

23/08/07 v5.63.7.1

• klecks/ (Update directory by overwriting)
• potiboard.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/mono_paint.blade.php

23/08/04 v5.63.6.1

Updated Klecks and Tegaki

• klecks/ (Update directory by overwriting)
• tegaki/ (Update directory by overwriting)

23/08/04 v5.63.6

Fixed bug.

• Fixed a bug that could not be displayed in IE mode of Edge.

Changed files

• potiboard.php
• templates/mono_en/js/mono_common.js
• templates/mono_en/parts/style-switcher.blade.php

23/07/27 v5.63.5

Fixed bugs.

• potiboard.php
• search.inc.php
  (Some variables were undefined.)
• templates/mono_en/mono_main.blade.php
  (There was a part where the search link was still "search.php".)
• templates/mono_en/paint_tegaki.blade.php
  (When used on an iPad, the screen was being magnified by double-tap zoom.)

23/07/13 v5.63.3

You can now set the width and height of the window that opens when sharing on SNS in config.php.

Added a new setting item to config.php.

""

// Width and height of window to open when SNS sharing

//window width initial value 350
define("SNS_WINDOW_WIDTH","350");
//window height initial value 490
define("SNS_WINDOW_HEIGHT","490");

""

When adding a server for SNS sharing, the height of the shared screen window was insufficient and scrolling was sometimes required.
Solved the problem by making it possible to set the width and height of the shared screen of the server list when sharing with SNS.
If the above setting items do not exist in config.php, the default values of 350px width and 490px height will be applied.

Changed files

• potiboard.php
• config.php (Update only if you need new configuration items)

Changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php

[2023/07/12] v5.63.2

Improved selection operability of SNS server to share posts

Servers to share can be selected not only directly above the label string, but also by tapping the right margin of the label.

• templates/mono_en/set_share_server.blade.php
  Fixed HTML grammar errors.

Changed files

• potiboard.php

Changed Templates

• templates/mono_en/css/ (Update directory by overwriting)
• templates/mono_en/set_share_server.blade.php

[2023/07/11] v5.63.1

Replace search.php with search.inc.php

The structure of jsearch.php has been fundamentally overhauled, modified and incorporated into potiboard.php.
Search results that were previously displayed with a URL like "search.php?". The URL will be changed like "potiboard.php?mode=search&".

Externalize and standardize CSS switching part of templates MONO

`templates/mono/parts/style-switcher.blade.php` contains the following parts that have been written in many templates so far.
<style>
body{
	visibility: hidden;
}
</style>
<noscript>
	<style>
		body{
			visibility: visible;
		}
	</style>
</noscript>
<link rel="stylesheet" href="{{$skindir}}css/mono_main.css?{{$ver}}">
<link rel="stylesheet" href="{{$skindir}}css/mono_dark.css?{{$ver}}" id="css1" disabled>
<link rel="stylesheet" href="{{$skindir}}css/mono_deep.css?{{$ver}}" id="css2" disabled>
<link rel="stylesheet" href="{{$skindir}}css/mono_mayo.css?{{$ver}}" id="css3" disabled>

Also set CSS visibility: hidden; here to hide the screen until the DOM and JavaScript have finished loading.
This prevents MONO's color settings from temporarily appearing in a different color scheme.

Search is not case sensitive

Name searches are now case insensitive when the exact match option is selected.

Changed files

• potiboard.php
• search.inc.php

Changed Templates

• templates/mono_en/ (Update directory by overwriting)

[2023/07/08] v5.62.2

Bug fixes

Search function was not working.
This bug was introduced in v5.58.10 and fixed in v5.62.2.

From "Tweet button" to "Twitter", "Mastodon" and "Misskey" sharing.

In addition to "Twitter", you can now share posts on short-text posting SNS such as "Mastodon" and "Misskey".

You can also change it to a conventional tweet button by setting it in config.php.
You can also edit the list of "Mastodon" and "Misskey" servers.

/* ---------- SNS share function advanced settings ---------- */

//Include Mastodon and Misskey servers in the share function
// (1: Include, 0: Do not include)
define("SWITCH_SNS","1");

// Servers displayed in the list when sharing on SNS
//Example ["Display name","https://example.com (SNS server URL)"], (comma is required at the end)

$servers =
[

	["Twitter","https://twitter.com"],
	["mstdn.jp","https://mstdn.jp"],
	["pawoo.net","https://pawoo.net"],
	["fedibird.com","https://fedibird.com"],
	["misskey.io","https://misskey.io"],
	["misskey.design","https://misskey.design"],
	["nijimiss.moe","https://nijimiss.moe"],
	["sushi.ski","https://sushi.ski"],

];

If this setting item does not exist in config.php, the above setting will be applied by default.
If you do not need detailed settings, please use the config.php you are currently using as it is.

Changed files

• config.php
• potiboard.php
• search.php
• sns_share.inc.php

Changed templates

• templates/mono_en/img/share-from-square-solid.svg
• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/paint_tegaki.blade.php
• templates/mono_en/set_share_server.blade.php
• templates/mono_en/tgkr_view.blade.php

[2023/06/24] v5.61.2

Added support for the drawing application tegaki.js.

Improved "copy poster name" functionality.

It now add at the cursor position in the text field.
Previously, it was added at the end of the line.

Changed directory

• chickenpaint/
• tegaki/

Changed files

• potiboard.php
• saveklecks.php
• config.php

Changed templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_paint.blade.php
• templates/mono_en/parts/mono_copyright.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/paint_tegaki.blade.php
• templates/mono_en/tgkr_view.blade.php

[2023/06/11] v5.60.0

Fixed deprecated JavaScript syntax in paint app

• Updated PaintBBS NEO to v1.6.0.
• Updated to original modified version of ChickenPaint.

The paint app Klecks has two layers at startup.

Changed directory

• chickenpaint/ overwrite update chickenpaint/ directory

Changed files

• neo.js
• potiboard.php

Changed template

• templates/mono_en/paint_klecks.blade.php

[2023/05/20] v5.59.0

Bug fixes

• Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
• This bug was introduced in v5.58.6 and fixed in v5.59.0.

Updating jQuery

• Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
• jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.

Fixed deprecated JavaScript and jQuery syntax

• templates/mono_en/js/mono_common.js

Fixed deprecated JavaScript and jQuery syntax in each file.

Changed files

• potiboard.php

Added files

• lib/jquery-3.7.0.min.js

Changed template

• templates/mono_en/js/mono_common.js

[2023/05/07] v5.58.9.1

Klecks update

• Overwrite update of klecks/ directory

Blade One update

• Update by overwriting BladeOne/ directory

Changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_other.blade.php
  (fixes deprecated jQuery syntax)

[2023/05/03] v5.58.9

klecks update

changed directories

• Overwrite updated klecks/ directory

changed files

• potiboard.php

[2023/04/25] v5.58.8

ChickenPaint update

• Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.

changed directories

• Overwrite updated chickenpaint/ directory

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_paint.blade.php

[2023/04/13] v5.58.5

ChickenPaint update

• In order to deal with the problem that the aspect ratio of the drawing area is b...

POTI-board EVO EN v5.62.3 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v5.62.2 release

[2023/07/08] v5.62.2

Bug fixes

Search function was not working.
This bug was introduced in v5.58.10 and fixed in v5.62.2.

From "Tweet button" to "Twitter", "Mastodon" and "Misskey" sharing.

In addition to "Twitter", you can now share posts on short-text posting SNS such as "Mastodon" and "Misskey".

You can also change it to a conventional tweet button by setting it in config.php.
You can also edit the list of "Mastodon" and "Misskey" servers.

/* ---------- SNS share function advanced settings ---------- */

//Include Mastodon and Misskey servers in the share function
// (1: Include, 0: Do not include)
define("SWITCH_SNS","1");

// Servers displayed in the list when sharing on SNS
//Example ["Display name","https://example.com (SNS server URL)"], (comma is required at the end)

$servers =
[

	["Twitter","https://twitter.com"],
	["mstdn.jp","https://mstdn.jp"],
	["pawoo.net","https://pawoo.net"],
	["fedibird.com","https://fedibird.com"],
	["misskey.io","https://misskey.io"],
	["misskey.design","https://misskey.design"],
	["nijimiss.moe","https://nijimiss.moe"],
	["sushi.ski","https://sushi.ski"],

];

If this setting item does not exist in config.php, the above setting will be applied by default.
If you do not need detailed settings, please use the config.php you are currently using as it is.

Changed files

• config.php
• potiboard.php
• search.php
• sns_share.inc.php

Changed templates

• templates/mono_en/img/share-from-square-solid.svg
• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/paint_tegaki.blade.php
• templates/mono_en/set_share_server.blade.php
• templates/mono_en/tgkr_view.blade.php

[2023/06/24] v5.61.2

Added support for the drawing application tegaki.js.

Improved "copy poster name" functionality.

It now add at the cursor position in the text field.
Previously, it was added at the end of the line.

Changed directory

• chickenpaint/
• tegaki/

Changed files

• potiboard.php
• saveklecks.php
• config.php

Changed templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_paint.blade.php
• templates/mono_en/parts/mono_copyright.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/paint_tegaki.blade.php
• templates/mono_en/tgkr_view.blade.php

[2023/06/11] v5.60.0

Fixed deprecated JavaScript syntax in paint app

• Updated PaintBBS NEO to v1.6.0.
• Updated to original modified version of ChickenPaint.

The paint app Klecks has two layers at startup.

Changed directory

• chickenpaint/ overwrite update chickenpaint/ directory

Changed files

• neo.js
• potiboard.php

Changed template

• templates/mono_en/paint_klecks.blade.php

[2023/05/20] v5.59.0

Bug fixes

• Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
• This bug was introduced in v5.58.6 and fixed in v5.59.0.

Updating jQuery

• Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
• jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.

Fixed deprecated JavaScript and jQuery syntax

• templates/mono_en/js/mono_common.js

Fixed deprecated JavaScript and jQuery syntax in each file.

Changed files

• potiboard.php

Added files

• lib/jquery-3.7.0.min.js

Changed template

• templates/mono_en/js/mono_common.js

[2023/05/07] v5.58.9.1

Klecks update

• Overwrite update of klecks/ directory

Blade One update

• Update by overwriting BladeOne/ directory

Changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_other.blade.php
  (fixes deprecated jQuery syntax)

[2023/05/03] v5.58.9

klecks update

changed directories

• Overwrite updated klecks/ directory

changed files

• potiboard.php

[2023/04/25] v5.58.8

ChickenPaint update

• Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.

changed directories

• Overwrite updated chickenpaint/ directory

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_paint.blade.php

[2023/04/13] v5.58.5

ChickenPaint update

• In order to deal with the problem that the aspect ratio of the drawing area is broken when the orientation of the device is changed on the iPad, we have included a version of ChickenPaint that has been customized and built independently. (Temporary measure until the problem is resolved)
• This issue only occurs when using ChickenPaint in fullscreen mode.
• Therefore, I stopped starting in full screen mode and started in normal mode.
  You can switch the display to full screen mode by selecting full screen mode from ChickenPaint's menu bar.

Improvements

• Fix WCS dynamic palette script's deprecated JavaScript Rewrote substr() to substring() .
  String.prototype.substr() - JavaScript | MDN MDN

• Added a "Post in the same thread" checkbox.

Added a "Post in the same thread" checkbox.
However, in the case of "image replacement", there is no choice but to post in the same thread, so this option is unnecessary.

Therefore, I used JavaScript to display the "Post in the same thread" checkbox only when a new post is selected.

• bad host chek

When a user has the same host name and IP address, we made it possible to specify a few characters from the front of the IP address displayed as the host name and reject it with a prefix match.

$badhost =["example.com","100.100.200"];

If set like this:

"example.com" will be rejected with a suffix match, and "100.100.200" will be rejected with a prefix match.

changed directories

• Overwrite updated chickenpaint/ directory
• Update by overwriting BladeOne/ directory

changed files

-potiboard.php
-search.php

Changed Templates

Overwrite updated templates/mono_en/ directory

[2023/02/26] v5.56.3

Updated Klecks to latest version

• Dark theme is now selectable.
• Added French language support.
• Fixed touch gesture freezing issue on iPhone and iPad.

Updated BladeOne to latest version

• Updated BladeOne to v4.8.

Improvements

• Fixed that the order of the search screen was not in the latest order.
• Improved search screen code.

changed directory

• klecks/ directory
• BladeOne/ directory

changed files

-potiboard.php
-search.php

changed Templates

• templates/mono_en/search.blade.php
  Improved translations on the search screen.

[2023/02/11] v5.56.2.3

Bug fix

changed Templates

• templates/mono_en/paint_klecks.blade.php
  Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.

[2023/02/09] v5.56.2.2

• Added missing klecks help file.

[2023/02/05] v5.56.2

You can now configure whether or not to use the URL input field in config.php.

// Use URL input field (Yes: 1, No: 0)
define("USE_URL_INPUT_FIELD", "1");
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.

In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http:// is omitted, it should be almost impossible to write URL of advertisement spam.

Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.

It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.

In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.

If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.

changed files

• potiboard.php
• neo.js
• picpost.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  config.php only needs to ...

POTI-board EVO EN v5.60.0 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI board EVO EN v5.60.0 release

[2023/05/20] v5.60.0

Fixed deprecated JavaScript syntax in paint app

• Updated PaintBBS NEO to v1.6.0.
• Updated to original modified version of ChickenPaint.

The paint app Klecks has two layers at startup.

Changed directory

• chickenpaint/ overwrite update chickenpaint/ directory

Changed files

• neo.js
• potiboard.php

Changed template

• templates/mono_en/paint_klecks.blade.php

[2023/05/20] v5.59.0

Bug fixes

• Fixed an issue where the URL of the fixed link of the article was not set correctly when the tweet button was pressed.
• This bug was introduced in v5.58.6 and fixed in v5.59.0.

Updating jQuery

• Updated jQuery from jQuery3.6.0 to jQuery3.7.0.
• jQuery versioning is done inside potiboard.php, so you don't have to change individual templates.

Fixed deprecated JavaScript and jQuery syntax

• templates/mono_en/js/mono_common.js

Fixed deprecated JavaScript and jQuery syntax in each file.

Changed files

• potiboard.php

Added files

• lib/jquery-3.7.0.min.js

Changed template

• templates/mono_en/js/mono_common.js

[2023/05/07] v5.58.9.1

Klecks update

• Overwrite update of klecks/ directory

Blade One update

• Update by overwriting BladeOne/ directory

Changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_other.blade.php
  (fixes deprecated jQuery syntax)

[2023/05/03] v5.58.9

klecks update

changed directories

• Overwrite updated klecks/ directory

changed files

• potiboard.php

[2023/04/25] v5.58.8

ChickenPaint update

• Fixed an issue where the canvas aspect ratio was incorrect when ChickenPaint was launched in full screen mode on an iPad.

changed directories

• Overwrite updated chickenpaint/ directory

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_paint.blade.php

[2023/04/13] v5.58.5

ChickenPaint update

• In order to deal with the problem that the aspect ratio of the drawing area is broken when the orientation of the device is changed on the iPad, we have included a version of ChickenPaint that has been customized and built independently. (Temporary measure until the problem is resolved)
• This issue only occurs when using ChickenPaint in fullscreen mode.
• Therefore, I stopped starting in full screen mode and started in normal mode.
  You can switch the display to full screen mode by selecting full screen mode from ChickenPaint's menu bar.

Improvements

• Fix WCS dynamic palette script's deprecated JavaScript Rewrote substr() to substring() .
  String.prototype.substr() - JavaScript | MDN MDN

• Added a "Post in the same thread" checkbox.

Added a "Post in the same thread" checkbox.
However, in the case of "image replacement", there is no choice but to post in the same thread, so this option is unnecessary.

Therefore, I used JavaScript to display the "Post in the same thread" checkbox only when a new post is selected.

• bad host chek

When a user has the same host name and IP address, we made it possible to specify a few characters from the front of the IP address displayed as the host name and reject it with a prefix match.

$badhost =["example.com","100.100.200"];

If set like this:

"example.com" will be rejected with a suffix match, and "100.100.200" will be rejected with a prefix match.

changed directories

• Overwrite updated chickenpaint/ directory
• Update by overwriting BladeOne/ directory

changed files

-potiboard.php
-search.php

Changed Templates

Overwrite updated templates/mono_en/ directory

[2023/02/26] v5.56.3

Updated Klecks to latest version

• Dark theme is now selectable.
• Added French language support.
• Fixed touch gesture freezing issue on iPhone and iPad.

Updated BladeOne to latest version

• Updated BladeOne to v4.8.

Improvements

• Fixed that the order of the search screen was not in the latest order.
• Improved search screen code.

changed directory

• klecks/ directory
• BladeOne/ directory

changed files

-potiboard.php
-search.php

changed Templates

• templates/mono_en/search.blade.php
  Improved translations on the search screen.

[2023/02/11] v5.56.2.3

Bug fix

changed Templates

• templates/mono_en/paint_klecks.blade.php
  Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.

[2023/02/09] v5.56.2.2

• Added missing klecks help file.

[2023/02/05] v5.56.2

You can now configure whether or not to use the URL input field in config.php.

// Use URL input field (Yes: 1, No: 0)
define("USE_URL_INPUT_FIELD", "1");
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.

In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http:// is omitted, it should be almost impossible to write URL of advertisement spam.

Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.

It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.

In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.

If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.

changed files

• potiboard.php
• neo.js
• picpost.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  config.php only needs to be updated if new configuration items are needed.

changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php

[2023/01/19] v5.55.8.5

Bug fixes

• PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
  Overwrite and update saveneo.php.

changed files

• saveneo.php

[2023/01/14] v5.55.8.2

Bug fix

Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".

changed files

modified file
picpost.php
save.php
saveklecks.php
saveneo.php

[2023/01/14] v5.55.8.1

• fixd saveneo.php

Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.

[2023/01/13] v5.55.8

Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.

• In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
  With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
  Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo

Important changes

• Receipt of shi-Painter data is done by picpost.php as before.
  However, the data of PaintBBS NEO is received by newly added saveneo.php.
  If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
  Transfer it to the same directory as potiboard.php.
  Please update

• Updated Paint screen template

mono_paint.blade.php

A parameter has been added to switch to the formData submit mode.

Changed the config.php

Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that doe...

POTI-board EVO EN v5.56.3 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.56.3 release

[2023/02/26] v5.56.3

Updated Klecks to latest version

• Dark theme is now selectable.
• Added French language support.
• Fixed touch gesture freezing issue on iPhone and iPad.

Updated BladeOne to latest version

• Updated BladeOne to v4.8.

Improvements

• Fixed that the order of the search screen was not in the latest order.
• Improved search screen code.

changed directory

• klecks/ directory
• BladeOne/ directory

changed files

-potiboard.php
-search.php

changed Templates

• templates/mono_en/search.blade.php
  Improved translations on the search screen.

[2023/02/11] v5.56.2.3

Bug fix

changed Templates

• templates/mono_en/paint_klecks.blade.php
  Fixed an issue where illustrations that were drawn when the server status was 502 Bad Gateway disappeared.

[2023/02/09] v5.56.2.2

• Added missing klecks help file.

[2023/02/05] v5.56.2

You can now configure whether or not to use the URL input field in config.php.

// Use URL input field (Yes: 1, No: 0)
define("USE_URL_INPUT_FIELD", "1");
//No: 0, the URL field disappears from the form input fields.
// Even if the form is faked, the URL will not be entered.

In addition to prohibiting the writing of URLs in the text, if you can also make it impossible to write URLs in the URL field, you can eliminate advertisement spam whose purpose is to write URLs.
URL judgment of URL writing prohibition in the text is quite strict, so even if http:// is omitted, it should be almost impossible to write URL of advertisement spam.

Fixed an issue where the template could not be sent due to a JavaScript error when the URL or subject fields did not exist.

It's not a bug, but I've rewritten the JavaScript so that it works fine even if the template is modified by the user.

In PaintBBS NEO, improved so that the screen does not move up and down when manipulating the canvas area such as copy and layer combination.

If the width of the terminal is large compared to the canvas size, it will not scroll even if you grab the mesh of NEO.
This is because the screen moves up and down when copying, layer merging, and Bz curve operations.
However, you can now grab and scroll the mesh when zooming in with pinch zoom.
This is to avoid inoperability.
These are implemented with inline JavaScript in NEO's paint screen, so you'll need to update the paint screen template.

changed files

• potiboard.php
• neo.js
• picpost.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  config.php only needs to be updated if new configuration items are needed.

changed Templates

• templates/mono_en/js/mono_common.js
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php

[2023/01/19] v5.55.8.5

Bug fixes

• PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
  Overwrite and update saveneo.php.

changed files

• saveneo.php

[2023/01/14] v5.55.8.2

Bug fix

Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".

changed files

modified file
picpost.php
save.php
saveklecks.php
saveneo.php

[2023/01/14] v5.55.8.1

• fixd saveneo.php

Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.

[2023/01/13] v5.55.8

Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.

• In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
  With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
  Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo

Important changes

• Receipt of shi-Painter data is done by picpost.php as before.
  However, the data of PaintBBS NEO is received by newly added saveneo.php.
  If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
  Transfer it to the same directory as potiboard.php.
  Please update

• Updated Paint screen template

mono_paint.blade.php

A parameter has been added to switch to the formData submit mode.

Changed the config.php

Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one app to use, the pull-down menu for app selection disappears and the screen becomes clean.

Limited by drawing time

For example, if you want to reject submissions with only lines drawn in less than 1 minute,

// Security timer (unit: seconds). If not set, use ""
define("SECURITY_TIMER", "");

It was possible to specify the minimum required drawing time with , but until now, it was effective only for Shi-Painter and PaintBBS NEO.
With this update, ChickenPaint and Klecks now have this setting enabled.
In the old method, when there was a violation, it was possible to jump to another site (for example, the Metropolitan Police Department site), but instead of that method, an alert will open "Please draw for another 30 seconds.".

changed files

• neo.js
• picpost.php
• potiboard.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  Those who do not need new setting items do not need to update.

Changed Templates

MONO

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

Please update only those who need newly added setting items.

• You also need to update the parts/ directory, like parts/paint_form.blade.php.
  If you haven't customized the template, it's okay to overwrite the entire templates/ directory.

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

Changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

• It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
  Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
  With v5.52, you can now automatically get the canvas size from the animation file.
  However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
  For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

• potiboard.php

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16
• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  How...

POTI-board EVO EN v5.55.8.5 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.55.8.5 release

[2023/01/19] v5.55.8.5

Bug fixes

• PaintBBS NEO data was not received at all in the environment of PHP5.6 to PHP7.x. Since it works without causing an error in PHP8.1 and PHP8.2, the discovery was delayed.
  Overwrite and update saveneo.php.

changed files

• saveneo.php

[2023/01/14] v5.55.8.2

Bug fix

Fixed a bug where setting the minimum number of seconds required to draw would cause all alerts that should have been displayed as "15 sec" to be displayed as "0 seconds".
Even if this bug exists, if you set it to 60 seconds, you can post normally when it exceeds 60 seconds.
The problem was that the remaining time was not displayed accurately, and it was all "remaining 0 sec".

changed files

modified file
picpost.php
save.php
saveklecks.php
saveneo.php

[2023/01/14] v5.55.8.1

• fixd saveneo.php

Fixed an issue where depending on the content of the error that occurred, it would not be displayed as an alert and the screen would transition and fail to post.

[2023/01/13] v5.55.8

Changed communication of PaintBBS NEO from raw data to formData to avoid false positive error by WAF.

• In order to be able to post to the conventional oekaki bulletin board, we modified NEO, which used to send raw data, and made it possible to send header, image, and timelapse animetion data with formData.
  With this change, the probability that the conventional WAF will detect NEO transmission data as an attack and block it will be greatly reduced, and the probability of successful posting will be dramatically increased.
  Added an option to send data individually with formData so that WAF does not judge it as an attack. by satopian Pull Request #94 funige/neo

Important changes

• Receipt of shi-Painter data is done by picpost.php as before.
  However, the data of PaintBBS NEO is received by newly added saveneo.php.
  If you forget to upload this file, you will not be able to post from NEO, so be sure to update it.
  Transfer it to the same directory as potiboard.php.
  Please update

• Updated Paint screen template

mono_paint.blade.php

A parameter has been added to switch to the formData submit mode.

Changed the config.php

Until now, it was not possible to remove PaintBBS NEO from apps that use it, but now you can choose to use or not use NEO.
If you set it to not use all, it will be a setting that does not use the drawing function.
You can also set it to use only Klecks or only ChickenPaint.
When there is only one app to use, the pull-down menu for app selection disappears and the screen becomes clean.

Limited by drawing time

For example, if you want to reject submissions with only lines drawn in less than 1 minute,

// Security timer (unit: seconds). If not set, use ""
define("SECURITY_TIMER", "");

It was possible to specify the minimum required drawing time with , but until now, it was effective only for Shi-Painter and PaintBBS NEO.
With this update, ChickenPaint and Klecks now have this setting enabled.
In the old method, when there was a violation, it was possible to jump to another site (for example, the Metropolitan Police Department site), but instead of that method, an alert will open "Please draw for another 30 seconds.".

changed files

• neo.js
• picpost.php
• potiboard.php
• save.php
• saveklecks.php
• saveneo.php
• config.php
  Those who do not need new setting items do not need to update.

Changed Templates

MONO

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/mono_paint.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

Please update only those who need newly added setting items.

• You also need to update the parts/ directory, like parts/paint_form.blade.php.
  If you haven't customized the template, it's okay to overwrite the entire templates/ directory.

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

Changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

• It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
  Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
  With v5.52, you can now automatically get the canvas size from the animation file.
  However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
  For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

• potiboard.php

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16

• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
  There is also a drawing board that uses httpOnly cookies.
  satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
  Log conversion from POTI-board is also possible.
  satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

• Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
  So I externalized my JavaScript.
  This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
  We apologize for the inconvenience and the need to update templates frequently.
  A directory for JavaScript has also been added, such as templates/mono_en/js/.
  Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
  Overwrite everything in the templates/ directory if you haven't customized the templates.
  Just upload all new installations.

PaintBBS NEO Update v1.5.16

• neo.js

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php

files added

• templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove t...

POTI-board EVO EN v5.52.8 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.52.8 release

[2022/12/30] v5.52.8

It is now possible to extract the width and height from the old Java version pch file and load it into the canvas.

All apps no longer require canvas size input when uploading an app specific file and loading it into the canvas.

Changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

• It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
  Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
  With v5.52, you can now automatically get the canvas size from the animation file.
  However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
  For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

• potiboard.php

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16

• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
  There is also a drawing board that uses httpOnly cookies.
  satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
  Log conversion from POTI-board is also possible.
  satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

• Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
  So I externalized my JavaScript.
  This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
  We apologize for the inconvenience and the need to update templates frequently.
  A directory for JavaScript has also been added, such as templates/mono_en/js/.
  Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
  Overwrite everything in the templates/ directory if you haven't customized the templates.
  Just upload all new installations.

PaintBBS NEO Update v1.5.16

• neo.js

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php

files added

• templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

• Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

• Use uniqid() to emit user-code repcode. It now changes in micro time units.

• Increased the replacement code length from 8 to 12 characters.

• Added original error message for WAF false positive to PaintBBS NEO.

changed files

• noticemail/noticemail.inc
• neo.js
• config.php
• potiboard.php
• thumbnail_gd.php
• picpost.php
• save.php
• saveklecks.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php
• templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

• Updated Klecks.
• Fixed brush shortcut key behavior.
  Updated BladeOne to v4.7.1.

improvement

• Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
  Previously, the working file could be overwritten by another file.

• An error does not occur when the post time to be compared is in the future.
  In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
  For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

• BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
  The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

• Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

• The types of error messages have increased when posting OEKAKI images fails.

changed directories

• BladeOne/
• klecks/

changed files

• picpost.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

• When you click the image file link on the management screen, it now pops up with luminous.
  Previously, images were opened in separate tabs.
• Corrected [tweet] to [Tweet].
• Corrected [TOOL] to [Tool].

Template MONO

• Added back to top page function that is displayed when scrolling to template MONO.
• Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
  As a result, the left and right margins of the image displayed on the smartphone are the same.
  Previously, the margin on the right side of the screen was larger.
  ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

• If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
  Subresource Integrity See MDN.
  If you change the version of CheerpJ, it will not work unless you change the hash value.
  However, the calculated hash value is included in the latest version of potiboard.php
  ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When ...

POTI-board EVO EN v5.52.2 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.52.2 release

POTI-board EVO v5.52.2 release

[2022/12/28] v5.52.2

Improved. PaintBBS NEO animation file upload painting made easy.

• It has become easier and more convenient to upload and paint PaintBBS NEO and Java Shi Painter videos from the administrator screen.
  Until now, it was necessary to specify the canvas size before loading the pch animation file into the canvas.
  With v5.52, you can now automatically get the canvas size from the animation file.
  However, it is necessary to specify the canvas size when uploading the animation file of the Java version of PaintBBS.
  For HTML5 version PaintBBS NEO, you can automatically get the canvas size when uploading animation files.

↑
This is a GIF animation created to introduce the operation when uploading files in specific formats for shi-Painter, PaintBBS NEO, Klecks, and ChickenPaint from the administrator screen.
The canvas size is still 300x300, but the canvas is open at its original size.
If you can download a PSD file, why not upload it? Including the meaning of the explanation for those who were wondering, I also uploaded the ChickenPaint .chi file and the Klecks .psd file (Photoshop format). I created this GIF animation for description.

changed files

• potiboard.php

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16

• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
  There is also a drawing board that uses httpOnly cookies.
  satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
  Log conversion from POTI-board is also possible.
  satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

• Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
  So I externalized my JavaScript.
  This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
  We apologize for the inconvenience and the need to update templates frequently.
  A directory for JavaScript has also been added, such as templates/mono_en/js/.
  Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
  Overwrite everything in the templates/ directory if you haven't customized the templates.
  Just upload all new installations.

PaintBBS NEO Update v1.5.16

• neo.js

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php

files added

• templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

• Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

• Use uniqid() to emit user-code repcode. It now changes in micro time units.

• Increased the replacement code length from 8 to 12 characters.

• Added original error message for WAF false positive to PaintBBS NEO.

changed files

• noticemail/noticemail.inc
• neo.js
• config.php
• potiboard.php
• thumbnail_gd.php
• picpost.php
• save.php
• saveklecks.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php
• templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

• Updated Klecks.
• Fixed brush shortcut key behavior.
  Updated BladeOne to v4.7.1.

improvement

• Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
  Previously, the working file could be overwritten by another file.

• An error does not occur when the post time to be compared is in the future.
  In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
  For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

• BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
  The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

• Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

• The types of error messages have increased when posting OEKAKI images fails.

changed directories

• BladeOne/
• klecks/

changed files

• picpost.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

• When you click the image file link on the management screen, it now pops up with luminous.
  Previously, images were opened in separate tabs.
• Corrected [tweet] to [Tweet].
• Corrected [TOOL] to [Tool].

Template MONO

• Added back to top page function that is displayed when scrolling to template MONO.
• Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
  As a result, the left and right margins of the image displayed on the smartphone are the same.
  Previously, the margin on the right side of the screen was larger.
  ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

• If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
  Subresource Integrity See MDN.
  If you change the version of CheerpJ, it will not work unless you change the hash value.
  However, the calculated hash value is included in the latest version of potiboard.php
  ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on t...

POTI-board EVO EN v5.51.0 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO EN v5.51.0 release

[2022/12/24] v5.51.0

• PaintBBS NEO update v1.5.16

• Solved the problem that cookies could not be read with JavaScript when WAF (Web Application Firewall) was turned on.
  If WAF is turned on, cookies are encrypted and have the httpOnly attribute.
  POTI-board uses JavaScript to load cookies into static HTML files.
  Therefore, with the conventional POTI-board, it was not possible to read the cookie of the form input content when the WAF was turned on.
  I solved this problem by issuing a form input cookie not only in PHP programs, but also in JavaScript.
  However, it is safer to use httpOnly cookies, which prevent JavaScript from reading the cookie.
  There is also a drawing board that uses httpOnly cookies.
  satopian/Petit_Note_EN: Petit Note English ver.PHP script for PaintBBS,ChickenPaint, and Klecks PHP5.6-PHP8.2
  Log conversion from POTI-board is also possible.
  satopian/PetitNote_plugin: Petit Note Plugin for Drawing Board

• Adding JavaScript to HTML files to emit cookies for form inputs increases the number of lines of inline JavaScript.
  So I externalized my JavaScript.
  This externalized JavaScript also includes the back to top button JavaScript and the Luminous image popup JavaScript.
  We apologize for the inconvenience and the need to update templates frequently.
  A directory for JavaScript has also been added, such as templates/mono_en/js/.
  Please note that if you forget to upload this directory, things like the back button that appears when you scroll down or the JavaScript that appears on the same screen when you click on an image will not work.
  Overwrite everything in the templates/ directory if you haven't customized the templates.
  Just upload all new installations.

PaintBBS NEO Update v1.5.16

• neo.js

changed files

• potiboard.php

Changed Templates

• templates/mono_en/mono_catalog.blade.php
• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php

files added

• templates/mono_en/js/mono_common.js

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

• Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

• Use uniqid() to emit user-code repcode. It now changes in micro time units.

• Increased the replacement code length from 8 to 12 characters.

• Added original error message for WAF false positive to PaintBBS NEO.

changed files

• noticemail/noticemail.inc
• neo.js
• config.php
• potiboard.php
• thumbnail_gd.php
• picpost.php
• save.php
• saveklecks.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php
• templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

• Updated Klecks.
• Fixed brush shortcut key behavior.
  Updated BladeOne to v4.7.1.

improvement

• Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
  Previously, the working file could be overwritten by another file.

• An error does not occur when the post time to be compared is in the future.
  In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
  For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

• BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
  The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

• Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

• The types of error messages have increased when posting OEKAKI images fails.

changed directories

• BladeOne/
• klecks/

changed files

• picpost.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

• When you click the image file link on the management screen, it now pops up with luminous.
  Previously, images were opened in separate tabs.
• Corrected [tweet] to [Tweet].
• Corrected [TOOL] to [Tool].

Template MONO

• Added back to top page function that is displayed when scrolling to template MONO.
• Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
  As a result, the left and right margins of the image displayed on the smartphone are the same.
  Previously, the margin on the right side of the screen was larger.
  ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

• If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
  Subresource Integrity See MDN.
  If you change the version of CheerpJ, it will not work unless you change the hash value.
  However, the calculated hash value is included in the latest version of potiboard.php
  ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the number of steps is low".

Compulsory thumbnail function is back

• Restored the force thumbnail feature that was in v1.3.
  Using the latest thumbnail_gd.php turns this feature on.
  If the file size exceeds 1MB, a thumbnail image in jpeg format will be output.
  Assumed case. If a GIF animation image file that is small in height and width but large in file size exceeds 1 MB, a thumbnail image in JPEG format will be displayed instead of the GIF animation.
  Click the image to view the original GIF animation.

others

• Changed the initial error message to switch automatically between Japanese and English.
• Reduce load by avoiding unnecessary processing. For example, if there are no comments, you don't have to check the length of the comment or the bad words, so returning immediately reduces the load.

update Klecks

Fixes an issue where white fills after using distortion tool show lines that follow the shape of the Liquify.
Added how-to video link to help page and added gradient shortcut keys section.

changed directories

• klecks/

changed files

• potiboard.php
• pale...

POTI-board EVO EN v5.50.11 released. v3.x and earlier all versions have a serious bug.

Serious bugs in older versions

• POTI-board v2.26.0 and earlier all versions is vulnerable to XSS.
  Malicious JavaScript can be executed.

• POTI-board v3.09.x and earlier all versions have a serious bug.
  You may lose all log files.

• POTI-board v3.x gives a deprecated error in PHP8.1 It will not work with future versions of PHP.

Please update to v5.x or higher.

POTI-board EVO v5.50.11 release

[2022/12/21] v5.50.11

Improvements

• Changed the format of the canvas size pull-down menu formula generation loop to prevent XSS.
• Removed self-closing tag due to warnings when checked by W3C Markup Validation Service.
• Add same-origin check. Illegal posts from different origins are now rejected.
  However, for browsers that do not support Orijin headers, such as Edge's IE mode, Orijin headers are not checked.
  This is because if this check becomes mandatory, it will not be possible to start the shi-painter using Java.
  CheerpJ, for example, cannot smoothly play Shi-Painter's drawing animation, so Java must be started.
• Protection against directory traversal attacks. Invalidate hierarchies such as ../../ in basename() when variables are entered in fopen().
• Rejection when the password is incorrect 5 times in a row.
  If you enter the wrong administrator password five times in a row, you can now refuse to enter it any more.
  If you want to use this function, please add the following setting items anywhere in config.php.

/safety/

//Reject if admin password is wrong for her 5 times in a row
// (1: Enabled, 0: Disabled)
// 1: Enabled for more security, but if the login page is locked it will take more effort to unlock it.

define("CHECK_PASSWORD_INPUT_ERROR_COUNT", "0");

// Access via ftp etc.
// Remove the templates/errorlog/error.log and you should be able to login again.
//This file contains the IP addresses of clients who entered an incorrect admin password.

• Changed the method to get IP address and host name because some servers cannot get IP address with getenv().

• Use uniqid() to emit user-code repcode. It now changes in micro time units.

• Increased the replacement code length from 8 to 12 characters.

• Added original error message for WAF false positive to PaintBBS NEO.

changed files

• noticemail/noticemail.inc
• neo.js
• config.php
• potiboard.php
• thumbnail_gd.php
• picpost.php
• save.php
• saveklecks.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/mono_other.blade.php
• templates/mono_en/paint_klecks.blade.php
• templates/mono_en/parts/mono_paint_form.blade.php
• templates/mono_en/search.blade.php
• templates/mono_en/template_ini.php

[2022/11/30] v5.36.8

update

• Updated Klecks.
• Fixed brush shortcut key behavior.
  Updated BladeOne to v4.7.1.

improvement

• Even if the timestamps used in the working files overlap, advance the post time by 1 second so that the timestamps do not overlap.
  Previously, the working file could be overwritten by another file.

• An error does not occur when the post time to be compared is in the future.
  In the post waiting time calculation process, even if the post time after the current time is detected, it will not be an error.
  For example, if the posting time is delayed by one year due to some mistake, the next posting will not be possible until one year has passed. To avoid this, if the waiting time is a negative value, it will pass without generating an error.

• BladeOne v4.7.1. Along with that, I changed potiboard.php to automatically generate the cache directory.
  The cache directory auto-generation feature has been removed from BladeOne. As an alternative function, added a cache directory auto-creation function to potiboard.php.

• Change the permission of files that need to be written in advance to 0606 (606). The log file that cannot be viewed externally is 0600 (600).

• The types of error messages have increased when posting OEKAKI images fails.

changed directories

• BladeOne/
• klecks/

changed files

• picpost.php
• potiboard.php

Changed Templates

• templates/mono_en/mono_main.blade.php
• templates/mono_en/paint_klecks.blade.php

[2022/10/29] v5.35.3

Improvements

Template Common

• When you click the image file link on the management screen, it now pops up with luminous.
  Previously, images were opened in separate tabs.
• Corrected [tweet] to [Tweet].
• Corrected [TOOL] to [Tool].

Template MONO

• Added back to top page function that is displayed when scrolling to template MONO.
• Display optimized for smartphones. If the resolution is iPad (768px) , unfloat the image. Set the image margins to 0.
  As a result, the left and right margins of the image displayed on the smartphone are the same.
  Previously, the margin on the right side of the screen was larger.
  ・The administrator can now edit the article by clicking the article number on the MONO administrator deletion screen.

Security

• If the script content of CheerpJ Applet Runner has been tampered with by hacking, etc., it will be detected and the script will not be executed.
  Subresource Integrity See MDN.
  If you change the version of CheerpJ, it will not work unless you change the hash value.
  However, the calculated hash value is included in the latest version of potiboard.php
  ・If the image file received by picpost.php, which receives data from the Shi applet or PaintBBS NEO, is not jpeg, png, etc. image, it will be judged as illegal and deleted.

When using Shii applet and PaintBBS NEO, the behavior of rejection due to the time required for drawing or the number of steps required has been changed.

・shi-chan has developed a function to redirect the drawing screen to the police site when the drawing time is short or the number of drawing processes is small.
However, this feature was impractical and of no use.
Therefore, instead of suddenly jumping to the specified URL from the drawing screen, we changed the specification to display an alert on the drawing screen that "drawing time is too short" and "the number of steps is low".

Compulsory thumbnail function is back

• Restored the force thumbnail feature that was in v1.3.
  Using the latest thumbnail_gd.php turns this feature on.
  If the file size exceeds 1MB, a thumbnail image in jpeg format will be output.
  Assumed case. If a GIF animation image file that is small in height and width but large in file size exceeds 1 MB, a thumbnail image in JPEG format will be displayed instead of the GIF animation.
  Click the image to view the original GIF animation.

others

• Changed the initial error message to switch automatically between Japanese and English.
• Reduce load by avoiding unnecessary processing. For example, if there are no comments, you don't have to check the length of the comment or the bad words, so returning immediately reduces the load.

update Klecks

Fixes an issue where white fills after using distortion tool show lines that follow the shape of the Liquify.
Added how-to video link to help page and added gradient shortcut keys section.

changed directories

• klecks/

changed files

• potiboard.php
• palette.txt
• picpost.php
• save.php
• saveklecks.php
• thumbnail_gd.php

Changed Templates

• templates/mono_en/

[2022/10/03] v5.26.8

Updated ChickenPaint to the latest version.

The attached image is a GIF animation when I did a reproduction test of the problem that the color picker is not displayed.
Updated to the latest version of ChickenPaint to avoid a bug in Google Chrome 105,106 that causes this problem.

Updated klecks to the latest version.

• Added option to use gradient tool as an eraser.
• Added vanishing point filter.

Display images using luminous.

changed directories

• chickenpaint/
• klecks/
• lib/luminous/

changed files

• potiboard.php
• search.php

Changed Templates

• templates/mono_en/

[2022/09/20] v5.26.3

Update

• Updated Klecks to latest version.
  Gradient tool and pattern filter added.
• Updated BladeOne to v4.6.

Bug fixes

• Fixed a bug that an E-WARNING level PHP error occurred when specifying an article number other than the article number of the thread's parent on the reply screen.
  Please update potiboard.php.

Improvements

• If the password field is blank for password authentication when drawing a continuation or download authentication of pch, chi, psd, the cookie password will be used instead.
  Unified to the same behavior as password authentication during edit function.
• Fixed function check_password() for password checking. Password authentication will not succeed if no password is entered and the password is not present in the cookie.
• Fixed the multilingual support of the mail notification function was insufficient.
• Increased page number spacing for template MONO.
• Fixed paint screen's clock javascript .
• Changed the unit of file size on the managed post screen from bytes to kb.

changed directories

• klecks/
• BladeOne/

changed files

• potiboard.php
• thumbnail_gd.php
• picpost.php

Changed...