Blog v1.18

Features:

• automatically fix images orientation from exif data.
• custom bb tags: goal.
• autocomplete attributes for nick & password.
• show loading while parsing page / uploading image.

Bugs:

• csrf-token compatibity bug fixed.
• in debug mode show php errors.
• datepick bug fixed - when month starts with sunday.
• autoresize textarea will expand immediatly.
• drag & drop will accept only one file.
• mcrypt_create_iv replaced by random_bytes.

Security issues:

• image upload only using form data
• logs injection prevention.
• filter data SQL parameters using prepared statements only.
• == replaced by ===.
• instad of md5 is used crc32 on server side session check.
• session cookie is http only.
• load jQuery only localy.
• XSS prevention on clien side - JS will treat data from server as text, not as html.