📰 News & Updates

We added secure 3D model uploads, gated downloads, daily-unique view tracking, better category pages (with pagination & quick-post), and safer deletion that also cleans up files. Lots of security hardening under the hood, too. Fixed a bunch of bugs. In preperation for Android Release.

Highlights

1) New thread creation (revamped)

• Fresh New Thread page with validation and a modern editor.

• Auto-generates a unique slug and enforces title & length limits.

• Sanitizes post content with a safe HTML allow-list.

• Supports meta description/keywords for nicer search snippets.

2) 3D Prints category (Cat 10) — purpose-built flow

• Upload .zip model packs (STL/OBJ/3MF/STEP/IGES + README/PNG/JPG/PDF).

• Strict checks: MIME validation, ZIP integrity, max file count, uncompressed size budget, and blocked extensions (no scripts/executables).

• Requires a rights/permission checkbox to upload.

• The thread automatically includes a Download .zip button.

3) Gated downloads (do******.php)

• Downloads go through a gate that:

  • Validates file names and types.

  • Sends safe headers (no-sniff, ETag/Last-Modified, etc.).

  • Can be switched to private storage (outside webroot) or stay in /&&&SHHH.

  • Supports X-Sendfile / X-Accel-Redirect for high-performance serving.

  • Require login to download.

4) Attachments tracked in the database

• New table: forum_******* records each stored file (original name, stored name, size, hash, owner).

• When a thread is removed, we unlink the files on disk and delete the DB rows to keep storage tidy.

5) Category page upgrades (fo******ry.php)

• Clean, fast pagination with total thread counts.

• Quick Thread composer (for all categories except 3D Prints).

• Shows the first post excerpt, author/avatar, and timestamps.

• Admin delete button does a full cleanup:

  • Deletes replies.

  • Deletes attached files safely (realpath-guarded).

  • Deletes the thread.

6) Real view counts (daily-unique)

• New table: vie**(***um logs views as 1 per thread, per day, per visitor fingerprint (IP + User-Agent).

• Category listing can display:

  • Total views per thread.

  • Last 7 days views.

• Prevents inflation from repeated refreshes the same day by the same device/browser.

Security & reliability hardening

• CSRF tokens on all state-changing forms.

• Consistent prepared statements everywhere.

• Output escaped by default , plus safe excerpting.

• ZIP uploads: path traversal blocked, null bytes rejected, and forbidden extensions filtered.

• Robust error handling and defensive fallbacks.

Quality of life

• Mobile-friendly styling with improved cards and buttons.

• Dedicated “Upload 3D Model (.zip)” action for Cat 10.

• Cleaner success redirects and rotated CSRF tokens post-submit.

Patches..

PM system is now working.