From b02442ff2261325c17c936641c04ce0ce432da1e Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 5 May 2015 22:40:35 -0700
Subject: [PATCH 1/8] URL encode filename in API due to new file boards which
 allow filenames that are not just numbers.

---
 inc/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/api.php b/inc/api.php
index b278da96..9972deb6 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -92,7 +92,7 @@ class Api {
 		$apiPost['filename'] = @substr($file->name, 0, strrpos($file->name, '.'));
 		$dotPos = strrpos($file->file, '.');
 		$apiPost['ext'] = substr($file->file, $dotPos);
-		$apiPost['tim'] = substr($file->file, 0, $dotPos);
+		$apiPost['tim'] = urlencode(substr($file->file, 0, $dotPos));
 		if (isset($file->hash))
 			$apiPost['md5'] = base64_encode(hex2bin($file->hash));
 	}

From 6b7311fad263e461f3e78b3226c15057a5ff4797 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 5 May 2015 22:40:51 -0700
Subject: [PATCH 2/8] h1-5 in allowed_html by default

---
 inc/config.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/config.php b/inc/config.php
index 8536ab44..604e146d 100644
--- a/inc/config.php
+++ b/inc/config.php
@@ -1783,4 +1783,4 @@
 	$config['report_captcha'] = false;
 
 	// Allowed HTML tags in ?/edit_pages.
-	$config['allowed_html'] = 'a[href|title],p,br,li,ol,ul,strong,em,u,h2,b,i,tt,div,img[src|alt|title],hr';
+	$config['allowed_html'] = 'a[href|title],p,br,li,ol,ul,strong,em,u,h2,b,i,tt,div,img[src|alt|title],hr,h1,h2,h3,h4,h5';

From 8dd8f9390e9b2390cb359ec524c0e9afb1ec61bf Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 5 May 2015 22:41:21 -0700
Subject: [PATCH 3/8] Prevent bug in enumerating bans when post json is empty

---
 inc/bans.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/inc/bans.php b/inc/bans.php
index 3e9eb9cf..b4f45149 100644
--- a/inc/bans.php
+++ b/inc/bans.php
@@ -187,7 +187,9 @@ class Bans {
 
 			if ($ban['post']) {
 				$post = json_decode($ban['post']);
-				$ban['message'] = $post->body;
+				if ($post) {
+					$ban['message'] = $post->body;
+				}
 			}
 			unset($ban['ipstart'], $ban['ipend'], $ban['post'], $ban['creator']);
 

From 31b9efd51d5baf17e4100831c34c111aca16e412 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 5 May 2015 22:42:05 -0700
Subject: [PATCH 4/8] Fix bad UTF8 handling on boards page, it's already stored
 escaped in the DB...

---
 inc/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/functions.php b/inc/functions.php
index 045cf81b..a9b7e373 100755
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -986,7 +986,7 @@ function fetchBoardTags( $uris ) {
 				$boardTags[ $tagRow['uri'] ] = array();
 			}
 			
-			$boardTags[ $tagRow['uri'] ][] = htmlentities( utf8_encode( $tag ) );
+			$boardTags[ $tagRow['uri'] ][] = $tag;
 		}
 	}
 	

From b84b22c2869775d806c7397b311f8a8bbee5ad7d Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 5 May 2015 22:42:53 -0700
Subject: [PATCH 5/8] SECURITY: New fileboards feature requires thumbnail to be
 escaped or passes raw strings to shell...

---
 inc/lib/webm/ffmpeg.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/lib/webm/ffmpeg.php b/inc/lib/webm/ffmpeg.php
index bf14f7d9..fab60099 100644
--- a/inc/lib/webm/ffmpeg.php
+++ b/inc/lib/webm/ffmpeg.php
@@ -57,17 +57,17 @@ function make_webm_thumbnail($filename, $thumbnail, $width, $height, $duration)
   global $board, $config;
 
   $filename = escapeshellarg($filename);
-  //$thumbnail = escapeshellarg($thumbnail); // Should be safe by default but you
+  $thumbnailfc = escapeshellarg($thumbnail); // Should be safe by default but you
                                            // can never be too safe.
   $ffmpeg = $config['webm']['ffmpeg_path'];
 
   $ret = 0;
   $ffmpeg_out = array();
-  exec("$ffmpeg -strict -2 -ss " . floor($duration / 2) . " -i $filename -v quiet -an -vframes 1 -f mjpeg -vf scale=$width:$height $thumbnail 2>&1", $ffmpeg_out, $ret);
+  exec("$ffmpeg -strict -2 -ss " . floor($duration / 2) . " -i $filename -v quiet -an -vframes 1 -f mjpeg -vf scale=$width:$height $thumbnailfc 2>&1", $ffmpeg_out, $ret);
   // Work around for https://trac.ffmpeg.org/ticket/4362
   if (filesize($thumbnail) === 0) {
     // try again with first frame
-    exec("$ffmpeg -y -strict -2 -ss 0 -i $filename -v quiet -an -vframes 1 -f mjpeg -vf scale=$width:$height $thumbnail 2>&1", $ffmpeg_out, $ret);
+    exec("$ffmpeg -y -strict -2 -ss 0 -i $filename -v quiet -an -vframes 1 -f mjpeg -vf scale=$width:$height $thumbnailfc 2>&1", $ffmpeg_out, $ret);
     clearstatcache();
     // failed if no thumbnail size even if ret code 0, ffmpeg is buggy
     if (filesize($thumbnail) === 0) {

From 25c5ccd2db1781e4af57d29d7faf9f2da27480a0 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 5 May 2015 22:43:16 -0700
Subject: [PATCH 6/8] Fileboards: Open link in new tab

---
 templates/post_thread_fileboard.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/post_thread_fileboard.html b/templates/post_thread_fileboard.html
index 3f17907d..079b5086 100644
--- a/templates/post_thread_fileboard.html
+++ b/templates/post_thread_fileboard.html
@@ -8,7 +8,7 @@
 <td><a class="post_no" onclick="citeReply({{ post.id }})" href="{{ post.link('q') }}">{{ post.id }}</a>
 <td>{% include 'post/name.html' %}
     {% include 'post/flag.html' %}
-<td>[<a href="{{ config.uri_img }}{{ post.files[0].file }}">{{ post.files[0].filename|e|bidi_cleanup }}</a>]
+<td>[<a target="_blank" href="{{ config.uri_img }}{{ post.files[0].file }}">{{ post.files[0].filename|e|bidi_cleanup }}</a>]
 <td>{% if post.modifiers['tag'] %}[{{ post.modifiers['tag']|e }}]{% endif %}
 <td>{% include 'post/subject.html' %}
 	{% if post.sticky %}

From cbc49e2a165f315fafa39e7dcba43ccb299cf120 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 5 May 2015 22:43:39 -0700
Subject: [PATCH 7/8] Handle paperclip icon as OP image

---
 templates/themes/catalog/theme.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/templates/themes/catalog/theme.php b/templates/themes/catalog/theme.php
index 42fad1ea..9354b251 100644
--- a/templates/themes/catalog/theme.php
+++ b/templates/themes/catalog/theme.php
@@ -82,7 +82,11 @@
 							$post['file'] = '/' . $config['spoiler_image'];
 						}
 						else {
-							$post['file'] = $config['uri_thumb'] . $files[0]->thumb;
+							if ($files[0]->thumb == 'file') {
+								$post['file'] = $config['root'] . sprintf($config['file_thumb'], 'file.png');
+							} else {
+								$post['file'] = $config['uri_thumb'] . $files[0]->thumb;
+							}
 							$post['fullimage'] = $config['uri_img']  . $files[0]->file;
 						}
 					}

From a9d0ee1f421e2440b9b40757b9abc81b2ba4902d Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 5 May 2015 22:44:12 -0700
Subject: [PATCH 8/8] Bugfix: Allow blank tag in fileboards, do not show empty
 tinyboard markups

---
 post.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post.php b/post.php
index 7d8a0bc7..576a17bd 100644
--- a/post.php
+++ b/post.php
@@ -664,7 +664,7 @@ elseif (isset($_POST['post'])) {
 		}
 	}
 
-	if ($config['allowed_tags'] && $post['op'] && isset($_POST['tag']) && isset($config['allowed_tags'][$_POST['tag']])) {
+	if ($config['allowed_tags'] && $post['op'] && isset($_POST['tag']) && $_POST['tag'] && isset($config['allowed_tags'][$_POST['tag']])) {
 		$post['body'] .= "\n<tinyboard tag>" . $_POST['tag'] . "</tinyboard>";
 	}