diff --git a/inc/api.php b/inc/api.php
index b278da96..9972deb6 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -92,7 +92,7 @@ class Api {
 		$apiPost['filename'] = @substr($file->name, 0, strrpos($file->name, '.'));
 		$dotPos = strrpos($file->file, '.');
 		$apiPost['ext'] = substr($file->file, $dotPos);
-		$apiPost['tim'] = substr($file->file, 0, $dotPos);
+		$apiPost['tim'] = urlencode(substr($file->file, 0, $dotPos));
 		if (isset($file->hash))
 			$apiPost['md5'] = base64_encode(hex2bin($file->hash));
 	}
diff --git a/inc/bans.php b/inc/bans.php
index 3e9eb9cf..b4f45149 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -187,7 +187,9 @@ class Bans {
 
 			if ($ban['post']) {
 				$post = json_decode($ban['post']);
-				$ban['message'] = $post->body;
+				if ($post) {
+					$ban['message'] = $post->body;
+				}
 			}
 			unset($ban['ipstart'], $ban['ipend'], $ban['post'], $ban['creator']);
 
diff --git a/inc/config.php b/inc/config.php
index 8536ab44..604e146d 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1783,4 +1783,4 @@
 	$config['report_captcha'] = false;
 
 	// Allowed HTML tags in ?/edit_pages.
-	$config['allowed_html'] = 'a[href|title],p,br,li,ol,ul,strong,em,u,h2,b,i,tt,div,img[src|alt|title],hr';
+	$config['allowed_html'] = 'a[href|title],p,br,li,ol,ul,strong,em,u,h2,b,i,tt,div,img[src|alt|title],hr,h1,h2,h3,h4,h5';
diff --git a/inc/functions.php b/inc/functions.php
index 5281a231..ec32f1e7 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -986,7 +986,7 @@ function fetchBoardTags( $uris ) {
 				$boardTags[ $tagRow['uri'] ] = array();
 			}
 			
-			$boardTags[ $tagRow['uri'] ][] = htmlentities( utf8_encode( $tag ) );
+			$boardTags[ $tagRow['uri'] ][] = $tag;
 		}
 	}
 	
diff --git a/inc/lib/webm/ffmpeg.php b/inc/lib/webm/ffmpeg.php
index bf14f7d9..fab60099 100644
--- a/inc/lib/webm/ffmpeg.php
+++ b/inc/lib/webm/ffmpeg.php
@@ -57,17 +57,17 @@ function make_webm_thumbnail($filename, $thumbnail, $width, $height, $duration)
   global $board, $config;
 
   $filename = escapeshellarg($filename);
-  //$thumbnail = escapeshellarg($thumbnail); // Should be safe by default but you
+  $thumbnailfc = escapeshellarg($thumbnail); // Should be safe by default but you
                                            // can never be too safe.
   $ffmpeg = $config['webm']['ffmpeg_path'];
 
   $ret = 0;
   $ffmpeg_out = array();
-  exec("$ffmpeg -strict -2 -ss " . floor($duration / 2) . " -i $filename -v quiet -an -vframes 1 -f mjpeg -vf scale=$width:$height $thumbnail 2>&1", $ffmpeg_out, $ret);
+  exec("$ffmpeg -strict -2 -ss " . floor($duration / 2) . " -i $filename -v quiet -an -vframes 1 -f mjpeg -vf scale=$width:$height $thumbnailfc 2>&1", $ffmpeg_out, $ret);
   // Work around for https://trac.ffmpeg.org/ticket/4362
   if (filesize($thumbnail) === 0) {
     // try again with first frame
-    exec("$ffmpeg -y -strict -2 -ss 0 -i $filename -v quiet -an -vframes 1 -f mjpeg -vf scale=$width:$height $thumbnail 2>&1", $ffmpeg_out, $ret);
+    exec("$ffmpeg -y -strict -2 -ss 0 -i $filename -v quiet -an -vframes 1 -f mjpeg -vf scale=$width:$height $thumbnailfc 2>&1", $ffmpeg_out, $ret);
     clearstatcache();
     // failed if no thumbnail size even if ret code 0, ffmpeg is buggy
     if (filesize($thumbnail) === 0) {
diff --git a/post.php b/post.php
index 7d8a0bc7..576a17bd 100644
--- a/post.php
+++ b/post.php
@@ -664,7 +664,7 @@ elseif (isset($_POST['post'])) {
 		}
 	}
 
-	if ($config['allowed_tags'] && $post['op'] && isset($_POST['tag']) && isset($config['allowed_tags'][$_POST['tag']])) {
+	if ($config['allowed_tags'] && $post['op'] && isset($_POST['tag']) && $_POST['tag'] && isset($config['allowed_tags'][$_POST['tag']])) {
 		$post['body'] .= "\n<tinyboard tag>" . $_POST['tag'] . "</tinyboard>";
 	}
 
diff --git a/templates/post_thread_fileboard.html b/templates/post_thread_fileboard.html
index 3f17907d..079b5086 100644
--- a/templates/post_thread_fileboard.html
+++ b/templates/post_thread_fileboard.html
@@ -8,7 +8,7 @@
 <td><a class="post_no" onclick="citeReply({{ post.id }})" href="{{ post.link('q') }}">{{ post.id }}</a>
 <td>{% include 'post/name.html' %}
     {% include 'post/flag.html' %}
-<td>[<a href="{{ config.uri_img }}{{ post.files[0].file }}">{{ post.files[0].filename|e|bidi_cleanup }}</a>]
+<td>[<a target="_blank" href="{{ config.uri_img }}{{ post.files[0].file }}">{{ post.files[0].filename|e|bidi_cleanup }}</a>]
 <td>{% if post.modifiers['tag'] %}[{{ post.modifiers['tag']|e }}]{% endif %}
 <td>{% include 'post/subject.html' %}
 	{% if post.sticky %}
diff --git a/templates/themes/catalog/theme.php b/templates/themes/catalog/theme.php
index 42fad1ea..9354b251 100644
--- a/templates/themes/catalog/theme.php
+++ b/templates/themes/catalog/theme.php
@@ -82,7 +82,11 @@
 							$post['file'] = '/' . $config['spoiler_image'];
 						}
 						else {
-							$post['file'] = $config['uri_thumb'] . $files[0]->thumb;
+							if ($files[0]->thumb == 'file') {
+								$post['file'] = $config['root'] . sprintf($config['file_thumb'], 'file.png');
+							} else {
+								$post['file'] = $config['uri_thumb'] . $files[0]->thumb;
+							}
 							$post['fullimage'] = $config['uri_img']  . $files[0]->file;
 						}
 					}