Wait up to 10 seconds for a single-char reply to the prompt and if a non-control character was received, use the [TCP:x] (x is the character sent by the user) from the sexpots.ini for the Host and Port values to connect to.

An experimental feature for Nelgin.

When printing a PETSCII Sequence (.seq) file, count the lines/rows and columns similar to how we would if we were using outchar() (but we don't, we use the lower-level outcom() to bypass any translations).

This is related to issue #325:
PETSCII seq files seem to display just fine, the problem I saw was with the auto-pausing (e.g. before a screen-clear) after displaying them.

Oh, QWKnet nodes ('Q' restricted accounts) are impacted by this restriction
since the poster's name isn't taken from the user account anyway.

So some cute user (mine@demon.com) created a new user account on Vertrauen with the alias and real name of "Rob Swindell". Funny.

Now, duplicate user aliases are already and always forbidden (even those that just vaguely match an existing alias) - everyone expects those to be unique. And we already forbid new user real names to match an existing user alias (check_name() enforces this and we use that when checking new user real names too), however, nothing prevented a new user account's alias from matching another existing user's real name. And this is a problem:

1. This new/fake user could post a message or send an email/netmail and it would appear to possibly come from the other/original user (we do have options to send mail and post messages using real names)

2. Received email for real names is supported and if enabled, this second account could be used to intercept mail for the original/first account if it was receiving mail for the original/real user's real name.

So disallowing a new user's real name to match an existing alias fixes one problem. 
However, systems *can* be configured to allow duplicate real names (which is convenient for QWKnet accounts, for example) and so we needed another solution for that problem: meet the 'O' restriction. This restriction flag will prevent a user account from posting messages no sub-boards that require real names. New user accounts that have a duplicate real name (the same as another user account's real name), will automatically be assigned the 'O' restriction flag. Systems that don't allow duplicate real names wouldn't have this issue in the first place.

Scripts that allow the creation of new user accounts might need some updating to match this security logic.

Eliminate some redundant code. Use the userdat lib function provided for this purpose.

Posting restrictions are handled one QWK-message at a time (and have been for a long time). No actual change here.

The system.check_name() check *also* verifies that the username is not
already taken, so we must perform the matchuser() check first in order
to get the appropriate error message here when trying to use an alias
(username) that's already taken.

Fixed a couple sprintf() buffer overflow warnings/issues.

for Nelgin

Default the progress time interval to 500 milliseconds (twice a second).

Don't specify a count/call interval in the call-sites, since we really want to use time-based progress updates now only and the default probably will work fine everywhere.

To send less text over slow (e.g. 4800bps) modems. For Nelgin.

This makes the interval argument unnecessary I think.

system.illegal_filename() - check if contains illegal chars/sequences
system.safest_filename() - check if contains only safest chars
system.allowed_filename() - check if meets criteria from SCFG->File Options
system.check_filename() - check if legal and meets configured criteria and is not in file.can
bbs.check_filename() - ditto, except will display badfile.msg as appropriate

Now scripts can utilize the sysop-controlled filename criteria and security of the BBS.

Also remove "JavaScriptContextStack" (no longer used) and other
wrong or obsolete comments.

to be compliant with FTS-5006 which states "The name must be in 8x3 DOS format".

I'm not converting the filename to ALL CAPS, since that's not explicitly stated
and really should not be a problem.

This also generates an Lfile key if the generated-DOS-compatible filename
does not exactly match the actual filename in any way (not just length).

Only in debug builds.
If this check fails, then we may be producing/using potentially un-terminated strings and need to do something about that. By default, xpdev/genwrap.h redefines snprintf() as safe_snprintf(), so this check *should* always succeed.

The default is 'size' parameter value is 12 characters, not 13.

If an extended description contains nothing but Ctrl-A codes and white-space, don't display it in a file listing (in place of the normal short description).

Based largley on martylake's provided patch set. By default, assumes
all IRC messages are UTF-8 encoded and will translate to CP-437 if
appropriate or send as UTF-8 if the user's terminal supports it.
Set utf8_support=false in the [irc] section of your ctrl/modopts.ini
file if you wish to disable this behavior.

Remove JavaScriptContextStack (no longer used).
Add *Sound keys to the [Global] section.

Apparent copy/paste error in sbbs_set_sound_settings() - I was wondering why the HangupSound key wasn't saving to the sbbs.ini file from SBBSCTRL.

This is an experimental feature that's been in the code for quite a while without any supporting help/docs (there was the original commit message, I'm sure). I'm not sure how much value this feature is without providing automatic access to the *files* within the sub-directories, but there you have it.

"Request for x is outside of the web root" was already logged (with a "NOTICE" log level), but would not sound the hack attempt alarm (on Windows) or log to the hack.log. Now it does.

file_area.web_vpath_prefix
file-metadata-object (return value of FileBase.get()).vpath

These methods also (optionally) accept a file-meta-object as an argument.

Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
/Synchronet/ = /files/main/sbbs/
for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).

Now supports message sub-board & file directory name collapsing

See merge request !134

By setting SCFG->File Options->Web File Virtual Path Prefix to something (e.g. "/files/"), all HTTP or HTTPS requests to the Synchronet Web Server with request paths beginning with this prefix will be interpreted as filebase access requests (with full access control enforcement). This is configured here (in SCFG) rather than, say, the [web] section of sbbs.ini, because I have plans for the terminal server to use this prefix to generate Web-URLs for files to display or email to users.

Currently, only requests to *files* (for download) are supported (no index generation, file information, etc. and definitely no upload support). Full access control (using HTTP auth, not cookies) is used for libraries and directories with controlled access. Credits are deducted and awarded and uploaders are notified of downloads, as one would expect. Requests to any dynamic-web-content files (e.g. .SSJS, .XJS, etc.) will be treated as static file download requests (no script will be executed).

I'm reusing the same virtual path parsing logic from the FTP server (moved to the userdat lib), so the virtual path to a file for download would be, for example, http://yourdomain/files/lib/dir-code/filename.ext

The main motivation for this feature is: FTP-links in email and web pages are just not useful to many users these days and I don't think that sysops should have to rely on a SSJS web UI (e.g. ecWebv4, cool as it is), to provide web-access to the filebases. Using this feature, you can share simpler/shorter web links to your files that will be more enduring.

file directory and message sub-board lists for ones with common groups, adding a 3rd
tier of options.  For example, if you have the following file directory structure:
BBS files
  DOS: BBS software
  DOS: BBS doors
  DOS: BBS utilities
  Windows: BBS software
  Windows: BBS doors
  Windows: BBS utilities

With directory name collapsing, the selection will be come 3 tiers, as follows:
BBS files
  DOS
    BBS software
    BBS doors
    BBS utilities
  Windows
    BBS software
    BBS doors
    BBS utilities

lord2.js line 3168: ReferenceError: bs is not defined

Added a load for 822header.js.  Whoops.

See merge request !133

Version 1.42: Fixed attachment downloading (most importantly).

See merge request !132

So change the (A)dd command to (C)reate here. Leave 'A' as an alias.

Also, the first attempt at converting HTML entities in HTML-formatted messages (not working 100%).
Also, added the ability to sort the message list by date & time written rather than the import date/time.
This is specified in the configuration file via the msgListSort option.

CID 345291
It's actually a false positive because if an extension (".suffix") exists in filespec, it must also exist in newfilespec since it's a copy, but whatever. It's better form to check.

libarchive apparently cannot be used for in-place modification of (e.g. adding files to) existing archives, so if a bundle already exists, this code would over-write it with a new archive containing just the latest packet. Issue reported by acn (IMZADI) via DOVE-Net.

I could and might create an update_archive() function which extracts and re-creates an archive with additional files, but since I don't have that yet, just disable this for now and always use an external archive utility to create or update bundles (so again, an "Archive" configuration is required in your sbbsecho.ini file, which you most likely already have).