Blog v1.4.1

Add multiarch builds.
Add #sort=reverse.
Add datepicker year decrease increse.

Blog v1.4

Users are encouraged to upgrade to this version because of following security fixes:

• Properly check if uploaded file is image (6f5e59f).
• HTML escape config variables (5e1a72f).

Thanks for finding and reporting vulnerabilities to @mal33 and @bao104.

---

Features

• Added RU and NL languages.
• Added postgres support (#31).
• Added config options for footer (#34, #35).

Bugs

• Fixed implode bug (d5ecdf3).
• Fixed CONCAT() for SQLite (386707c).
• Fixed typos in French translation (#33)

Misc

• Use github actions to build images (b43ca9a).
• Added exif to docker image (477912b).

Blog v1.3

Features

• Improved upload error messages.
• Allow uploading large images.
• Set Friends using ENV variables.
• Document access control in readme.
• Added translations: Czech, Bosnian, Spanish,

Bugs

• Fix directory permissions for images.
• Fix JBBCode class.
• Fixed typo in SK translation.
• Fallback if dictionary does not exist.

Misc

• Visitors renamed to friends, while keeping backwards compatibility.
• Updated highlight.js version to support more languages (like go).

Blog v1.2

Major features:

• new theme (dark mode introduced).
• added Docker & docker-compose support.
• added Timezone support.
• added SQLite support.
• added Proxy support.
• new languages:
  • SK
  • FR by @Phundrak

Minor features:

• upload image from clipboard,
• added README & LICENSE.
• ajax upload progress bar fallback.
• relative links in curl parse links are supported.
• dispaly between dates (#from= and #to=).
• in debug mode check for extensions.
• code cleanup - removed unused files.

Bugs

• force strings to be UTF-8 (not utf8mb4)
• race coddition while processing url (loaded some posts 2x).
• fixed display issue with translation of Feeling
• fixeed datetime 25h day bug.
• turn off listing & disallow certain files in htaccess.

Blog v1.18

Features:

• automatically fix images orientation from exif data.
• custom bb tags: goal.
• autocomplete attributes for nick & password.
• show loading while parsing page / uploading image.

Bugs:

• csrf-token compatibity bug fixed.
• in debug mode show php errors.
• datepick bug fixed - when month starts with sunday.
• autoresize textarea will expand immediatly.
• drag & drop will accept only one file.
• mcrypt_create_iv replaced by random_bytes.

Security issues:

• image upload only using form data
• logs injection prevention.
• filter data SQL parameters using prepared statements only.
• == replaced by ===.
• instad of md5 is used crc32 on server side session check.
• session cookie is http only.
• load jQuery only localy.
• XSS prevention on clien side - JS will treat data from server as text, not as html.

Blog v1.1

• Calendar
• Drag & Drop placeholder
• Fixed bugs

Blog v1.05

• New BBCode Parser
• Some bugs fixed

Blog v1.03

Latest Release

• Highlight
• DB fatal bug fixed

Blog v1.041

• Custom styles, scripts from config (new)
• New login design
• Focus nick input at login (bug)
• Lightbox for images

Blog v1.04

• Highlight captures now multiline (bug)
• 24 hours a day instead of 60 (bug)
• Textarea instead of contenteditable
• Cover header with custom height. If there's no image, auto height.
• Read more is now not cutting text, but just hiding contebt from user. (bug with highlight)

• Autoresize textara (initialization height is still buggy)