November 3

Hi all, hope you're doing well. This update is very, very late; I keep meaning to return to a two-weekly schedule or some other consistent schedule, but my health has stopped almost everything for the last several months, and that doesn't look likely to change any time soon. I'll try to make the next update faster if I can, as I don't want the development logs to deteriorate into only being updated once in a blue moon if I can avoid it.

SPA progress

I've mostly finished Deserted Chateau's SPA system, though there are still a few pages I need to change to work with it, and one or two issues to iron out.

DisplayArtwork and UserProfile pages

Making the artwork and user profile pages work with the SPA was something of a challenge, but it's mostly done now. Both pages (and many others) weren't designed to be re-used without page reloads, so I had to figure out ways to both re-use them gracefully without janky loading, and prevent a single browser tab getting too gigantic.

I also had to make sure TinyMCE instances are properly closed and recreated upon e.g. changing from displaying one artwork to another, as otherwise they remain open even if the containing elements are removed from the DOM.

Head Scripts reorganisation

Pre-SPA, each individual page loaded the different scripts it needed, including any scripts that were required by every page, which meant a lot of duplicated code. Instead, scripts are now loaded once the first time the site is loaded; this means a longer load time on the first page, as all scripts required by any page must be loaded, and then shorter load times after that, as is expected for an SPA.

A side effect of this is that the Stripe script is now always loaded, not just on the Subscriptions page. This is preferred by Stripe as it helps them track fraud better, and Stripe's policy regarding what information that script collects means it is still GDPR compliant without needing a cookie consent form.

Browse pages and the Browse Control Panel

Previously, the side panel for changing gallery styles and adjusting the size of images was a static piece of HTML loaded in for a given gallery, but this wouldn't work if multiple galleries are loaded on one page. Each gallery now has its own separate control panel for this purpose.

Apache configuration changes

Making the SPA pages work correctly meant modifying some of the Apache mod_rewrite rules, for two purposes: making all pages go to a central "landing page" with parameters indicating what page should be loaded, and for checking if such a request came from an internal rewrite or was directly requested by a user.

The second situation is important to check for, as these parameters all have to be passed via GET, and a user passing arbitrary values into the special parameters used to determine e.g. which page to load could have security consequences. One way to ensure that doesn't happen is to use the values of the THE_REQUEST and REQUEST_URI variables, which allows us to check whether a parameter came from a rewrite or not.

Text (httpd modification for SPA, security requirements, payments permission policy header)

PHP security improvements

I've installed snuffleupagus, a PHP security extension, onto the test webserver, and also added a list of functions for PHP to disable to prevent their execution. I had to adjust it somewhat, as a few functions are used by some of Deserted Chateau's dependencies such as flow-php, but it's working now. I've added the installation of snuffleupagus to the webserver documentation, and modified the php.ini in the code repository to account for the new changes.

Search improvements

Tag implications have been implemented, so that searching for e.g. "league of legends" will also return artworks that have the tag via implication, such as "miss fortune" or "xayah". Tag implications are only useful if there are many defined, but it should help with future search accuracy.

Form Handling improvements

Until now, every action that required an AJAX request had its own separate PHP class for handling that request. That has proven to make for a cumbersome number of PHP classes in the /forms/ directory, so I've changed how the FormHandler class works to accommodate having multiple requests served by one class.

While there are still many form classes, each one can now handle multiple operations. For example, /forms/artwork/Albums handles all artwork album related AJAX requests. I'm in the process of documenting the new FormHandler standards in the documentation.

Client-side logging improvements

To make client-side logs more readable, I decided to improve the standard logging messages a bit by adding a module name in front of each message. It isn't strictly necessary per se, as the current logging system already means the stack trace is preserved, but it helps with readability and doesn't require more effort to maintain than the previous logging standards.

Bunny video encoding parameters

I've been going back and forth with Bunny about how they encode videos for their CDN behind the scenes, as the encoding settings only allow me to set a given bitrate for a given resolution, like this:

They've told me that the bitrates I enter are the maximum bitrate that a video in that resolution bracket will have. I'm still talking to them about how this behaves when considering e.g. videos with different frame rates or lower-than-maximum resolution, like a 1080x1080 video which would fall under the 1920x1080 bracket, but once I have an answer to that I should be able to make a decision on the bitrates for each resolution, and then do some testing on x264 vs AV1 encoding. The AV1 encoding is a premium option, so the filesize savings would have to be decent to justify the extra cost.

Misc / Bug Fixes

Added an additional type to FormHandler (TYPE_NULLABLE_INTEGER), to more neatly deal with cases where a value passed by AJAX can be null but needs to be an integer, as it is otherwise passed as an empty string.
Fixed a bug with the feed style display's add to bookmarks folder button, which was causing it to not properly update the number of folders an artwork was in when adding a bookmark.
Fixed user profile banner settings not allowing the user to save the "enable NSFW banner" setting when not uploading a new banner to go with it.
Fixed a bug where deleting an artwork with videos could cause a 500 error, due to incorrect handling of the GuzzleHttp ClientException object.
Fixed a bug where an internal server error after trying to submit an artwork would cause the submission to be continually repeated, due to oddities in how Turnstile resets function.

Updates / Upgrades

Updated Redis and PHPRedis to version 6.2. The Redis instance server itself has been upgraded to use Valkey, Redis' more permissively licensed successor (as Redis changed their license terms earlier this year).

November 25

November 3

April 9

January 23

December 12

November 9

October 22

October 8

September 24

September 9

August 24

August 10

July 21

July 3

June 19

June 3

May 16

April 27

April 13

March 29

March 14

February 28

January 30

January 15

December 29

December 16

November 30

November 16

October 27

September 30

September 17

August 31

August 18

July 27

July 17

July 5

June 27

June 24

June 8

May 20

April 23

March 30

March 8

February 17

January 31

January 16

January 3

December 21

December 6

November 22

November 10

October 25

October 12

September 30

September 20

September 5

August 17

July 28

July 15

June 27

June 13

May 28

May 26

May 12

April 26

April 19

April 11

April 4

November 3

SPA progress

DisplayArtwork and UserProfile pages

Head Scripts reorganisation

Browse pages and the Browse Control Panel

Apache configuration changes

PHP security improvements

Search improvements

Form Handling improvements

Client-side logging improvements

Bunny video encoding parameters

Misc / Bug Fixes