From 5ebd11717ffd9bb84e29ed9a7498698e6156f412 Mon Sep 17 00:00:00 2001
From: William Crandell <william@crandell.ws>
Date: Mon, 26 Oct 2015 09:44:01 -0400
Subject: [PATCH 01/12] Hotfix block id character stripping

  Example problem is ext/blotter uses:

  $page->add_block(
     new Block(
     "Welcome to the Blotter Editor!", <-- SEE --> !
      $html, "main", 10));
---
 core/block.class.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/core/block.class.php b/core/block.class.php
index afdb23db..1fbe0e3f 100644
--- a/core/block.class.php
+++ b/core/block.class.php
@@ -20,7 +20,7 @@ class Block {
 	 */
 	public $body;
 
-	/** 
+	/**
 	 * Where the block should be placed. The default theme supports
 	 * "main" and "left", other themes can add their own areas.
 	 *
@@ -58,7 +58,7 @@ class Block {
 		$this->body = $body;
 		$this->section = $section;
 		$this->position = $position;
-		$this->id = str_replace(' ', '_', is_null($id) ? (is_null($header) ? md5($body) : $header) . $section : $id);
+		$this->id = preg_replace('/[^\w]/', '',str_replace(' ', '_', is_null($id) ? (is_null($header) ? md5($body) : $header) . $section : $id));
 	}
 
 	/**
@@ -94,4 +94,3 @@ class NavBlock extends Block {
 		parent::__construct("Navigation", "<a href='".make_link()."'>Index</a>", "left", 0);
 	}
 }
-

From 7b8d8c2a2dbc7acb7fc57a2f0ecc840270907d94 Mon Sep 17 00:00:00 2001
From: William Crandell <william@crandell.ws>
Date: Mon, 26 Oct 2015 11:22:57 -0400
Subject: [PATCH 02/12] chatbox bugfix

  might cause new bugs checking into this now
---
 ext/chatbox/main.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ext/chatbox/main.php b/ext/chatbox/main.php
index 0f65d31b..1ac474c4 100644
--- a/ext/chatbox/main.php
+++ b/ext/chatbox/main.php
@@ -14,7 +14,7 @@ class Chatbox extends Extension {
 
 		// Adds header to enable chatbox
 		$root = get_base_href();
-		$yPath = make_http("") . "/ext/chatbox/";
+		$yPath = make_http( $root . "/ext/chatbox/");
 		$page->add_html_header("
 				<script src=\"http://code.jquery.com/jquery-migrate-1.2.1.js\" type=\"text/javascript\"></script>
 				<script src=\"$root/ext/chatbox/js/yshout.js\" type=\"text/javascript\"></script>
@@ -27,10 +27,9 @@ class Chatbox extends Extension {
 				</script>
 		", 500);
 
-		// loads the chatbox at the set location    
+		// loads the chatbox at the set location
 		$html = "<div id=\"yshout\"></div>";
 		$chatblock = new Block("Chatbox", $html, "main", 97);
 		$page->add_block($chatblock);
 	}
 }
-

From b24977e110f3223c5765711b272a440751a42457 Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Tue, 16 Aug 2016 11:25:04 -0400
Subject: [PATCH 03/12] Fixed tag corruption bug If there was no newline at the
 end of the input, then the last tag would get corrupted.

---
 ext/upload/bookmarklet.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/upload/bookmarklet.js b/ext/upload/bookmarklet.js
index 26b4766c..98f84540 100644
--- a/ext/upload/bookmarklet.js
+++ b/ext/upload/bookmarklet.js
@@ -66,7 +66,7 @@ if(document.getElementById("post_tag_string") !== null) {
 else if(document.getElementById('tag-sidebar') !== null) {
 	if (typeof tag !== "ftp://ftp." && chk !==1) {
 		if(document.location.href.search("sankakucomplex\\.com") >= 0 || document.location.href.search("gelbooru\\.com")){
-			var tag = document.getElementById('tag-sidebar').innerText.replace(/ /g, "_").replace(/[\?_]*(.*?)_(\(\?\)_)?[0-9]+\n/g, "$1 ");
+			var tag = document.getElementById('tag-sidebar').innerText.replace(/ /g, "_").replace(/[\?_]*(.*?)_(\(\?\)_)?[0-9]+$/gm, "$1 ");
 		}else{
 			var tag = document.getElementById("post_tags").value;
 		}

From 8f974fba73994d6cf59c3b6a5fd96b77fdb9e5f2 Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Tue, 16 Aug 2016 11:26:32 -0400
Subject: [PATCH 04/12] Fixed uploading scaled images from Gelbooru when logged
 in

---
 ext/upload/bookmarklet.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/ext/upload/bookmarklet.js b/ext/upload/bookmarklet.js
index 98f84540..aff5e6d9 100644
--- a/ext/upload/bookmarklet.js
+++ b/ext/upload/bookmarklet.js
@@ -81,9 +81,14 @@ else if(document.getElementById('tag-sidebar') !== null) {
 		var fileinfo = document.getElementById("highres");
 		//NOTE: If highres doesn't exist, post must be flash (only sankakucomplex has flash)
 	}else if(source.search("gelbooru\\.com") >= 0){
-		var fileinfo = document.getElementById('pfd').parentNode.parentNode.getElementsByTagName('a')[0];
-		//gelbooru has no easy way to select the original image link, so we need to double check it is the correct link.
-		fileinfo = (fileinfo.getAttribute('href') === "#" ? document.getElementById('pfd').parentNode.parentNode.getElementsByTagName('a')[1] : fileinfo);
+		// Try to find the "Original image" link in the options sidebar.
+		var fileinfo;
+		var nodes = document.getElementById('pfd').parentNode.parentNode.getElementsByTagName('a');
+		for (var i = 0; i < nodes.length; i++) {
+			if (nodes[i].getAttribute('href') === "#") continue;
+			fileinfo = nodes[i];
+			break;
+		}
 	}
 	fileinfo = fileinfo || document.getElementsByTagName('embed')[0]; //If fileinfo is null then image is most likely flash.
 	var furl = fileinfo.href || fileinfo.src;

From 9ba6e3f7db047b3b777c35d37dfa9e74c935ed5c Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Tue, 16 Aug 2016 11:27:22 -0400
Subject: [PATCH 05/12] Remove trailing variables from image address

---
 ext/upload/bookmarklet.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ext/upload/bookmarklet.js b/ext/upload/bookmarklet.js
index aff5e6d9..c2516438 100644
--- a/ext/upload/bookmarklet.js
+++ b/ext/upload/bookmarklet.js
@@ -92,6 +92,7 @@ else if(document.getElementById('tag-sidebar') !== null) {
 	}
 	fileinfo = fileinfo || document.getElementsByTagName('embed')[0]; //If fileinfo is null then image is most likely flash.
 	var furl = fileinfo.href || fileinfo.src;
+	furl = furl.split('?')[0]; // Remove trailing variables, if present.
 	var fs = (fileinfo.innerText.match(/[0-9]+ (KB|MB)/) || ["0 KB"])[0].split(" ");
 	var filesize = (fs[1] === "MB" ? fs[0] * 1024 : fs[0]);
 

From b10144492a34acd73f454047a0f3fe1281a68a6b Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Tue, 16 Aug 2016 11:28:16 -0400
Subject: [PATCH 06/12] Added supported video file extensions to bookmarklet

---
 ext/upload/theme.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ext/upload/theme.php b/ext/upload/theme.php
index 76c6e438..70c9cca6 100644
--- a/ext/upload/theme.php
+++ b/ext/upload/theme.php
@@ -228,6 +228,7 @@ class UploadTheme extends Themelet {
 		if(class_exists("ICOFileHandler")){$supported_ext .= " ico ani cur";}
 		if(class_exists("MP3FileHandler")){$supported_ext .= " mp3";}
 		if(class_exists("SVGFileHandler")){$supported_ext .= " svg";}
+		if(class_exists("VideoFileHandler")){$supported_ext .= " flv mp4 ogv webm m4v";}
 		$title = "Booru to " . $config->get_string('title');
 		// CA=0: Ask to use current or new tags | CA=1: Always use current tags | CA=2: Always use new tags
 		$html .= '<p><a href="javascript:

From 91d609a4c6c3691da83d31bdc4e31937a129bed1 Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Tue, 16 Aug 2016 11:29:26 -0400
Subject: [PATCH 07/12] Make back button go to page bookmarklet was executed on

---
 ext/upload/bookmarklet.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ext/upload/bookmarklet.js b/ext/upload/bookmarklet.js
index c2516438..326868f6 100644
--- a/ext/upload/bookmarklet.js
+++ b/ext/upload/bookmarklet.js
@@ -49,6 +49,7 @@ if(document.getElementById("post_tag_string") !== null) {
 
 	if(supext.search(furl.match("[a-zA-Z0-9]+$")[0]) !== -1){
 		if(filesize <= maxsize){
+			history.pushState(history.state, document.title, location.href);
 			location.href = ste+furl+"&tags="+tag+"&rating="+rating+"&source="+source;
 		}
 		else{
@@ -98,6 +99,7 @@ else if(document.getElementById('tag-sidebar') !== null) {
 
 	if(supext.search(furl.match("[a-zA-Z0-9]+$")[0]) !== -1){
 		if(filesize <= maxsize){
+			history.pushState(history.state, document.title, location.href);
 			location.href = ste+furl+"&tags="+tag+"&rating="+rating+"&source="+source;
 		}
 		else{
@@ -134,6 +136,7 @@ else if(document.getElementsByTagName("title")[0].innerHTML.search("Image [0-9.-
 	if(tag.search(/\bflash\b/) === -1) {
 		var img = document.getElementById("main_image").src;
 		if(supext.search(img.match(".*\\.([a-z0-9]+)")[1]) !== -1) {
+			history.pushState(history.state, document.title, location.href);
 			location.href = ste+img+"&tags="+tag+"&source="+source;
 		}
 		else{
@@ -143,6 +146,7 @@ else if(document.getElementsByTagName("title")[0].innerHTML.search("Image [0-9.-
 	else{
 		var mov = document.location.hostname+document.getElementsByName("movie")[0].value;
 		if(supext.search("swf") !== -1) {
+			history.pushState(history.state, document.title, location.href);
 			location.href = ste+mov+"&tags="+tag+"&source="+source;
 		}
 		else{

From adf723ad239539a80a5d109cd5f1fc4a6fd3cdd1 Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Tue, 16 Aug 2016 11:30:34 -0400
Subject: [PATCH 08/12] Fixed bookmarklet on Danbooru2

---
 ext/upload/bookmarklet.js | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/ext/upload/bookmarklet.js b/ext/upload/bookmarklet.js
index 326868f6..2a653ff5 100644
--- a/ext/upload/bookmarklet.js
+++ b/ext/upload/bookmarklet.js
@@ -29,18 +29,16 @@ else if(CA === 2) { // New Tags
  * jQuery should always active here, meaning we can use jQuery in this part of the bookmarklet.
  */
 
-if(document.getElementById("post_tag_string") !== null) {
+if(document.getElementById("image-container") !== null) {
+	var imageContainer = $('#image-container')[0];
 	if (typeof tag !== "ftp://ftp." && chk !==1) {
-		var tag = $('#post_tag_string').text().replace(/\n/g, "");
+		var tag = imageContainer.getAttribute('data-tags');
 	}
 	tag = tag.replace(/\+/g, "%2B");
 
 	var source = "http://" + document.location.hostname + document.location.href.match("\/posts\/[0-9]+");
 
-	var rlist = $('[name="post[rating]"]');
-	for( var x=0; x < 3; x++){
-		var rating = (rlist[x].checked === true ? rlist[x].value : rating);
-	}
+	var rating = imageContainer.getAttribute('data-rating');
 
 	var fileinfo = $('#sidebar > section:eq(3) > ul > :contains("Size") > a');
 	var furl = "http://" + document.location.hostname + fileinfo.attr('href');

From 3323a50ea541326664e019b22791b823f1fc7294 Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Tue, 16 Aug 2016 11:32:34 -0400
Subject: [PATCH 09/12] Made a few parts less site-specific

---
 ext/upload/bookmarklet.js | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/ext/upload/bookmarklet.js b/ext/upload/bookmarklet.js
index 2a653ff5..f1e734fa 100644
--- a/ext/upload/bookmarklet.js
+++ b/ext/upload/bookmarklet.js
@@ -60,15 +60,11 @@ if(document.getElementById("image-container") !== null) {
 }
 
 /*
- * konachan | sankakucomplex | gelbooru
+ * konachan | sankakucomplex | gelbooru | etc.
  */
 else if(document.getElementById('tag-sidebar') !== null) {
 	if (typeof tag !== "ftp://ftp." && chk !==1) {
-		if(document.location.href.search("sankakucomplex\\.com") >= 0 || document.location.href.search("gelbooru\\.com")){
-			var tag = document.getElementById('tag-sidebar').innerText.replace(/ /g, "_").replace(/[\?_]*(.*?)_(\(\?\)_)?[0-9]+$/gm, "$1 ");
-		}else{
-			var tag = document.getElementById("post_tags").value;
-		}
+		var tag = document.getElementById('tag-sidebar').innerText.replace(/ /g, "_").replace(/[\?_]*(.*?)_(\(\?\)_)?[0-9]+$/gm, "$1 ");
 	}
 	tag = tag.replace(/\+/g, "%2B");
 
@@ -76,10 +72,9 @@ else if(document.getElementById('tag-sidebar') !== null) {
 
 	var rating = document.getElementById("stats").innerHTML.match("Rating: ([a-zA-Z]+)")[1];
 
-	if(source.search("sankakucomplex\\.com") >= 0 || source.search("konachan\\.com") >= 0){
+	if(document.getElementById('highres') !== null) {
 		var fileinfo = document.getElementById("highres");
-		//NOTE: If highres doesn't exist, post must be flash (only sankakucomplex has flash)
-	}else if(source.search("gelbooru\\.com") >= 0){
+	}else if(document.getElementById('pfd') !== null){
 		// Try to find the "Original image" link in the options sidebar.
 		var fileinfo;
 		var nodes = document.getElementById('pfd').parentNode.parentNode.getElementsByTagName('a');
@@ -89,7 +84,7 @@ else if(document.getElementById('tag-sidebar') !== null) {
 			break;
 		}
 	}
-	fileinfo = fileinfo || document.getElementsByTagName('embed')[0]; //If fileinfo is null then image is most likely flash.
+	fileinfo = fileinfo || document.getElementsByTagName('embed')[0]; //If fileinfo is null then assume that the image is flash.
 	var furl = fileinfo.href || fileinfo.src;
 	furl = furl.split('?')[0]; // Remove trailing variables, if present.
 	var fs = (fileinfo.innerText.match(/[0-9]+ (KB|MB)/) || ["0 KB"])[0].split(" ");

From 85a3cc0a7e198e53c26c1f82bc763e2fa9df544e Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Tue, 16 Aug 2016 11:34:01 -0400
Subject: [PATCH 10/12] Fall back to file extension from path

---
 ext/upload/main.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ext/upload/main.php b/ext/upload/main.php
index 9c7b3fa0..33459700 100644
--- a/ext/upload/main.php
+++ b/ext/upload/main.php
@@ -389,11 +389,14 @@ class Upload extends Extension {
 			$metadata['tags'] = $tags;
 			$metadata['source'] = (($url == $source) && !$config->get_bool('upload_tlsource') ? "" : $source);
 			
+			$ext = false;
 			if (is_array($headers)) {
-				$metadata['extension'] = getExtension(findHeader($headers, 'Content-Type'));
-			} else {
-				$metadata['extension'] = $pathinfo['extension'];
+				$ext = getExtension(findHeader($headers, 'Content-Type'));
 			}
+			if ($ext === false) {
+				$ext = $pathinfo['extension'];
+			}
+			$metadata['extension'] = $ext;
 			
 			/* check for locked > adds to metadata if it has */
 			if(!empty($locked)){

From 1bab0051f1df8011f21e7e22bd0ef1cbaa8d02ae Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Mon, 29 Aug 2016 01:07:44 -0400
Subject: [PATCH 11/12] html_escape tag info link

---
 ext/tag_list/theme.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/tag_list/theme.php b/ext/tag_list/theme.php
index db9bf4af..0e97abb5 100644
--- a/ext/tag_list/theme.php
+++ b/ext/tag_list/theme.php
@@ -216,7 +216,7 @@ class TagListTheme extends Themelet {
 		$count = $row['calc_count'];
 		// if($n++) $display_html .= "\n<br/>";
 		if(!is_null($config->get_string('info_link'))) {
-			$link = str_replace('$tag', $tag, $config->get_string('info_link'));
+			$link = html_escape(str_replace('$tag', $tag, $config->get_string('info_link')));
 			$display_html .= ' <a class="tag_info_link'.$tag_category_css.'" '.$tag_category_style.'href="'.$link.'">?</a>';
 		}
 		$link = $this->tag_link($row['tag']);

From 834bc740a4eeef751f546979e6400fd089db64f8 Mon Sep 17 00:00:00 2001
From: im-mi <im.mi.mail.mi@gmail.com>
Date: Mon, 29 Aug 2016 00:26:55 -0400
Subject: [PATCH 12/12] html_escape data-tags for tags that contain single
 quotes

---
 core/basethemelet.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/basethemelet.class.php b/core/basethemelet.class.php
index 9bfb1a18..7bd6d355 100644
--- a/core/basethemelet.class.php
+++ b/core/basethemelet.class.php
@@ -54,7 +54,7 @@ class BaseThemelet {
 		$h_view_link = make_link('post/view/'.$i_id);
 		$h_thumb_link = $image->get_thumb_link();
 		$h_tip = html_escape($image->get_tooltip());
-		$h_tags = strtolower($image->get_tag_list());
+		$h_tags = html_escape(strtolower($image->get_tag_list()));
 
 		$extArr = array_flip(array('swf', 'svg', 'mp3')); //List of thumbless filetypes
 		if(!isset($extArr[$image->ext])){