Several php8.1 fixes

inc/anti-bot.php

@@ -123,7 +123,7 @@ public function html($count = false) {
 		$html = '';
 
 		if ($count === false) {
-			$count = mt_rand(1, abs(count($this->inputs) / 15) + 1);
+			$count = mt_rand(1,  (int) abs(count($this->inputs) / 15) + 1);
 		}
 
 		if ($count === true) {

inc/config.php

@@ -314,6 +314,9 @@
 	$config['recaptcha_public'] = '6LcXTcUSAAAAAKBxyFWIt2SO8jwx4W7wcSMRoN3f';
 	$config['recaptcha_private'] = '6LcXTcUSAAAAAOGVbVdhmEM1_SyRF4xTKe8jbzf_';
 
+
+	// Enable hCaptcha to make spam even harder. Rarely necessary.
+	$config['hcaptcha'] = false;
 	// Public and private key pair for using hCaptcha.
 	$config['hcaptcha_public'] = '7a4b21e0-dc53-46f2-a9f8-91d2e74b63a0';
 	$config['hcaptcha_private'] = '0x4e9A01bE637b51dC41a7Ea9865C3fDe4aB72Cf17';
@@ -941,11 +944,16 @@
 
 	// Timezone to use for displaying dates/times.
 	$config['timezone'] = 'America/Los_Angeles';
-	// The format string passed to strftime() for displaying dates.
-	// http://www.php.net/manual/en/function.strftime.php
-	$config['post_date'] = '%m/%d/%y (%a) %H:%M:%S';
-	// Same as above, but used for "you are banned' pages.
-	$config['ban_date'] = '%A %e %B, %Y';
+	// The format string passed to date() for displaying dates.
+	// https://www.php.net/manual/en/datetime.format.php
+	$config['post_date'] = 'm/d/Y (D) H:i:s';
+	// The format string passed to JavaScript's strfdate() for displaying local dates.
+	// https://www.php.net/manual/en/function.strftime.php
+	$config['post_date_js'] = '%F (%a) %T';
+	// Same as above, but used for catalog tooltips.
+	$config['catalog_date'] = 'M d H:i';
+	// Same as above, but used for 'you are banned' pages.
+	$config['ban_date'] = 'l j F, Y';
 
 	// The names on the post buttons. (On most imageboards, these are both just "Post").
 	$config['button_newtopic'] = _('New Topic');

inc/display.php

@@ -71,7 +71,7 @@ function createBoardlist($mod=false) {
 	);
 }
 
-function error($message, $priority = true, $debug_stuff = false) {
+function error($message, $priority = true, $debug_stuff = []) {
 	global $board, $mod, $config, $db_error;
 
 	if ($config['syslog'] && $priority !== false) {

inc/functions.php

@@ -117,7 +117,7 @@ function loadConfig() {
 		// So, we may store the locale in a tmp/ filesystem.
 
 		if (file_exists($fn = 'tmp/cache/locale_' . $boardsuffix ) ) {
-			$config['locale'] = @file_get_contents($fn);
+			$config['locale'] = file_get_contents($fn);
 		}
 		else {
 			$config['locale'] = 'en';
@@ -689,7 +689,8 @@ function file_write($path, $data, $simple = false, $skip_purge = false) {
 			//	error("Unable to touch file: $gzpath");
 		}
 		else {
-			@unlink($gzpath);
+			if(file_exists($gzpath))
+				unlink($gzpath);
 		}
 	}
 
@@ -724,14 +725,14 @@ function file_unlink($path) {
 		$debug['unlink'][] = $path;
 	}
 
-	$ret = @unlink($path);
-
-        if ($config['gzip_static']) {
-                $gzpath = "$path.gz";
-
-		@unlink($gzpath);
+	$ret = false;
+	if(file_exists($path)){
+		$ret = unlink($path);
 	}
 
+	if ($config['gzip_static'] && file_exists($gzpath = "$path.gz"))
+		unlink($gzpath);
+
 	if (isset($config['purge']) && $path[0] != '/' && isset($_SERVER['HTTP_HOST'])) {
 		// Purge cache
 		if (basename($path) == $config['file_index']) {
@@ -1620,7 +1621,7 @@ function checkMute() {
 
 	if ($config['cache']['enabled']) {
 		// Cached mute?
-		if (($mute = cache::get("mute_${_SERVER['REMOTE_ADDR']}")) && ($mutetime = cache::get("mutetime_${_SERVER['REMOTE_ADDR']}"))) {
+		if (($mute = cache::get("mute_{$_SERVER['REMOTE_ADDR']}")) && ($mutetime = cache::get("mutetime_{$_SERVER['REMOTE_ADDR']}"))) {
 			error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time()));
 		}
 	}
@@ -1639,8 +1640,8 @@ function checkMute() {
 
 		if ($mute['time'] + $mutetime > time()) {
 			if ($config['cache']['enabled']) {
-				cache::set("mute_${_SERVER['REMOTE_ADDR']}", $mute, $mute['time'] + $mutetime - time());
-				cache::set("mutetime_${_SERVER['REMOTE_ADDR']}", $mutetime, $mute['time'] + $mutetime - time());
+				cache::set("mute_{$_SERVER['REMOTE_ADDR']}", $mute, $mute['time'] + $mutetime - time());
+				cache::set("mutetime_{$_SERVER['REMOTE_ADDR']}", $mutetime, $mute['time'] + $mutetime - time());
 			}
 			// Not expired yet
 			error(sprintf($config['error']['youaremuted'], $mute['time'] + $mutetime - time()));
@@ -2289,6 +2290,7 @@ function escape_markup_modifiers($string) {
 }
 
 function defined_flags_accumulate($desired_flags) {
+	global $config;
 	$output_flags = 0x0;
 	foreach ($desired_flags as $flagname) {
 		if (defined($flagname)) {
@@ -2306,7 +2308,7 @@ function defined_flags_accumulate($desired_flags) {
 
 function utf8tohtml($utf8) {
 	$flags = defined_flags_accumulate(['ENT_NOQUOTES', 'ENT_SUBSTITUTE', 'ENT_DISALLOWED']);
-	return htmlspecialchars($utf8, $flags, 'UTF-8');
+	return htmlspecialchars($utf8 ?? '', $flags, 'UTF-8');
 }
 
 function ordutf8($string, &$offset) {
@@ -3080,3 +3082,10 @@ function check_thread_limit($post) {
 		return $r['count'] >= $config['max_threads_per_hour'];
 	}
 }
+
+function unlink_tmp_file($file) {
+	if(file_exists($file)) {
+		unlink($file);
+		fatal_error_handler();
+	}
+}

inc/image.php

@@ -300,7 +300,8 @@ public function height() {
 		return $this->height;
 	}
 	public function destroy() {
-		@unlink($this->temp);
+		if (file_exists($this->temp))
+			unlink($this->temp);
 		$this->temp = false;
 	}
 	public function resize() {

inc/mod/auth.php

@@ -117,20 +117,31 @@ function setCookies() {
 	global $mod, $config;
 	if (!$mod)
 		error('setCookies() was called for a non-moderator!');
-
-	setcookie($config['cookies']['mod'],
-			$mod['username'] . // username
-			':' . 
-			$mod['hash'][0] . // password
-			':' .
-			$mod['hash'][1], // salt
-		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', $config['cookies']['httponly']);
+
+	setcookie($config['cookies']['mod'], $mod['username'] . ':' .$mod['hash'][0] . ':' . $mod['hash'][1], 
+			[
+				'expires' => time() + $config['cookies']['expire'],
+				'path' => $config['cookies']['jail'] ? $config['cookies']['path'] : '/',
+				'domain' => null,
+				'secure' => !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off',
+				'httponly' => true,
+				'samesite' => 'Strict'
+			]
+	);	
 }
 
 function destroyCookies() {
 	global $config;
 	// Delete the cookies
-	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+	setcookie($config['cookies']['mod'], 'deleted', 
+	[
+		'expires' => time() - $config['cookies']['expire'],
+		'path' => $config['cookies']['jail'] ? $config['cookies']['path'] : '/',
+		'domain' => null,
+		'secure' => !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off',
+		'httponly' => true,
+		'samesite' => 'Strict'
+	]);
 }
 
 function modLog($action, $_board=null) {

inc/mod/pages.php

@@ -1279,7 +1279,7 @@ function mod_move_reply($originBoard, $postID) {
 		// trigger themes
 		rebuildThemes('post', $targetBoard);
 		// mod log
-		modLog("Moved post #${postID} to " . sprintf($config['board_abbreviation'], $targetBoard) . " (#${newID})", $originBoard);
+		modLog("Moved post #{$postID} to " . sprintf($config['board_abbreviation'], $targetBoard) . " (#{$newID})", $originBoard);
 
 		// return to original board
 		openBoard($originBoard);
@@ -1456,7 +1456,7 @@ function mod_move($originBoard, $postID) {
 			}
 		}
 
-		modLog("Moved thread #${postID} to " . sprintf($config['board_abbreviation'], $targetBoard) . " (#${newID})", $originBoard);
+		modLog("Moved thread #{$postID} to " . sprintf($config['board_abbreviation'], $targetBoard) . " (#{$newID})", $originBoard);
 
 		// build new thread
 		buildThread($newID);

inc/template.php

@@ -58,7 +58,7 @@ function Element($templateFile, array $options) {
 	}
 
 	// Read the template file
-	if (@file_get_contents("{$config['dir']['template']}/${templateFile}")) {
+	if (@file_get_contents("{$config['dir']['template']}/{$templateFile}")) {
 		$body = $twig->render($templateFile, $options);
 
 		if ($config['minify_html'] && preg_match('/\.html$/', $templateFile)) {
@@ -67,7 +67,7 @@ function Element($templateFile, array $options) {
 
 		return $body;
 	} else {
-		throw new Exception("Template file '${templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
+		throw new Exception("Template file '{$templateFile}' does not exist or is empty in '{$config['dir']['template']}'!");
 	}
 }
 
@@ -134,17 +134,13 @@ public function getName()
 	}
 }
 
-function twig_timezone_function() {
-	return 'Z';
-}
-
 function twig_push_filter($array, $value) {
 	array_push($array, $value);
 	return $array;
 }
 
 function twig_date_filter($date, $format) {
-	return gmstrftime($format, $date);
+	return gmdate($format, $date);
 }
 
 function twig_hasPermission_filter($mod, $permission, $board = null) {

post.php

@@ -565,10 +565,7 @@
 			error($config['error']['unknownext']);
 
 		$post['file_tmp'] = tempnam($config['tmp'], 'url');
-		function unlink_tmp_file($file) {
-			@unlink($file);
-			fatal_error_handler();
-		}
+
 		register_shutdown_function('unlink_tmp_file', $post['file_tmp']);
 
 		$fp = fopen($post['file_tmp'], 'w');
@@ -893,7 +890,7 @@ function ipv4to6($ip) {
 		if ($file['is_an_image']) {
 			if ($config['ie_mime_type_detection'] !== false) {
 				// Check IE MIME type detection XSS exploit
-				$buffer = file_get_contents($upload, null, null, null, 255);
+				$buffer = file_get_contents($upload, false, null, 0, 255);
 				if (preg_match($config['ie_mime_type_detection'], $buffer)) {
 					undoImage($post);
 					error($config['error']['mime_exploit']);
@@ -913,7 +910,8 @@ function ipv4to6($ip) {
 				error($config['error']['maxsize']);
 			}
 
-
+			$file['exif_stripped'] = false;
+
 			if ($config['convert_auto_orient'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) {
 				// The following code corrects the image orientation.
 				// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered.
@@ -996,7 +994,7 @@ function ipv4to6($ip) {
 
 			$dont_copy_file = false;
 
-			if ($config['redraw_image'] || (!@$file['exif_stripped'] && $config['strip_exif'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg'))) {
+			if ($config['redraw_image'] || (!$file['exif_stripped'] && $config['strip_exif'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg'))) {
 				if (!$config['redraw_image'] && $config['use_exiftool']) {
 					if($error = shell_exec_error('exiftool -overwrite_original -ignoreMinorErrors -q -q -all= ' .
 						escapeshellarg($file['tmp_name'])))
@@ -1037,10 +1035,12 @@ function ipv4to6($ip) {
                                                           'tesseract stdin '.escapeshellarg($tmpname).' '.$config['tesseract_params']);
 				$tmpname .= ".txt";
 
-				$value = @file_get_contents($tmpname);
-				@unlink($tmpname);
+				if(file_exists($tmpname)) {
+					$value = file_get_contents($tmpname);
+					unlink($tmpname);
+				}
 
-				if ($value && trim($value)) {
+				if (isset($value) && $value && trim($value)) {
 					// This one has an effect, that the body is appended to a post body. So you can write a correct
 					// spamfilter.
 					$post['body_nomarkup'] .= "<tinyboard ocr image $key>".htmlspecialchars($value)."</tinyboard>";
@@ -1049,11 +1049,11 @@ function ipv4to6($ip) {
 		}
 
 		if (!$dont_copy_file) {
-			if (isset($file['file_tmp'])) {
-				if (!@rename($file['tmp_name'], $file['file']))
+			if (isset($file['file_tmp']) && file_exists($file['tmp_name'])) {
+				if (!rename($file['tmp_name'], $file['file']))
 					error($config['error']['nomove']);
 				chmod($file['file'], 0644);
-			} elseif (!@move_uploaded_file($file['tmp_name'], $file['file']))
+			} elseif (!move_uploaded_file($file['tmp_name'], $file['file']))
 				error($config['error']['nomove']);
 			}
 		}
@@ -1205,7 +1205,14 @@ function ipv4to6($ip) {
 		// Tell it to delete the cached post for referer
 		$js->{$_SERVER['HTTP_REFERER']} = true;
 		// Encode and set cookie
-		setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, false);
+		setcookie($config['cookies']['js'], json_encode($js), [
+			'expires' => 0,
+			'path' => $config['cookies']['jail'] ? $config['cookies']['path'] : '/',
+			'domain' => null,
+			'secure' => !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off',
+			'httponly' => false,
+			'samesite' => 'Strict'
+		]);
 	}
 
 	$root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];

templates/main.js

@@ -388,7 +388,7 @@ function ready() {
 
 {% endverbatim %}
 
-var post_date = "{{ config.post_date }}";
+var post_date = "{{ config.post_date_js }}";
 var max_images = {{ config.max_images }};
 
 onready(init);

templates/post/time.html

@@ -1 +1 @@
- <time datetime="{{ post.time|date('%Y-%m-%dT%H:%M:%S') }}{{ timezone() }}">{{ post.time|date(config.post_date) }}</time>
+ <time datetime="{{ post.time|date('Y-m-d\\TH:i:s') }}Z">{{ post.time|date(config.post_date) }}</time>

templates/themes/basic/index.html

@@ -29,7 +29,7 @@ <h2 id="{{ entry.id }}">
 					{% else %}
 						<em>no subject</em>
 					{% endif %}
-					<span class="unimportant"> &mdash; by {{ entry.name }} at {{ entry.time|date(config.post_date, config.timezone) }}</span>
+					<span class="unimportant"> &mdash; by {{ entry.name }} at {{ entry.time|date(config.post_date, 'Z') }}</span>
 				</h2>
 				<p>{{ entry.body }}</p>
 			{% endfor %}

templates/themes/catalog/catalog.html

@@ -51,7 +51,7 @@ <h1>{{ settings.title }} (<a href="{{link}}">/{{ board }}/</a>)</h1>
 						{% else %}
 							<img src="{{post.file}}" 
 						{% endif %}
-                                                 id="img-{{ post.id }}" data-subject="{% if post.subject %}{{ post.subject|e }}{% endif %}" data-name="{{ post.name|e }}" data-muhdifference="{{ post.muhdifference }}" class="{{post.board}} thread-image" title="{{post.bump|date('%b %d %H:%M')}}">
+                                                 id="img-{{ post.id }}" data-subject="{% if post.subject %}{{ post.subject|e }}{% endif %}" data-name="{{ post.name|e }}" data-muhdifference="{{ post.muhdifference }}" class="{{post.board}} thread-image" title="{{post.bump|date(config.catalog_date)}}">
                                         </a>
                                                 <div class="replies">
                                                         <strong>R: {{ post.reply_count }} / I: {{ post.image_count }}{% if post.sticky %} (sticky){% endif %}</strong>

templates/themes/sitemap/sitemap.xml

@@ -10,7 +10,7 @@
 		{% for thread in thread_list %}
 			<url>
 				<loc>{{ settings.url ~ (config.board_path | format(board)) ~ config.dir.res ~ link_for(thread) }}</loc>
-				<lastmod>{{ thread.lastmod | date('%Y-%m-%dT%H:%M:%S') }}{{ timezone() }}</lastmod>
+				<lastmod>{{ thread.lastmod | date('Y-m-d\\TH:i:s') }}Z</lastmod>
 				<changefreq>{{ settings.changefreq }}</changefreq>
 			</url>
 		{% endfor %}