The value of the macro is INT_MIN, not zero to protect agains weird
edge cases.

I considered INT_MAX, but figured you could get there in sane ways.

The file_list[] parameter was expected to contain only files, but the directory() function (used to create that file_list[]) returns a list of all directory entries, including sub-directories. I could (and maybe will) add an option to directory() to only include files or dirs, but this seemed the more direct fix for the problem reported by DesotoFireflite (VALHALLA):

TickIT's nodelist_handler.js appears to be creating and leaving behind a sub-directory of the temp directory, triggering this error:
 1/23  11:36:56a  QNET libarchive error -1 (13 opening c:\SBBS\temp\event\nodelist_handler/) creating c:\SBBS\data\VERT.REP 

Why isn't the temp directory fully cleaned up after/between events? That's another thing to look into.

To address CID 345626

We need to re-parse the default sexpots.ini [TCP] section for every new session (when using the Prompt feature) or else there's no way to connect to the default host.

Also, telnet to be enabled or disabled (e.g. by setting Telnet=false) in any [TCP] or [TCP:x] section to support a mix of Telnet and non-Telnet hosts.

Also log a warning if a control character is received in response to the prompt, or log a notice if there's a timeout waiting for a response to the prompt. Change the non-control character response value to a debug-level log message.

Set CLS=true in the root section of sexpots.ini to enable. Sends a ^L ASCII 12 0x0c FF CS whatever you want to call it to the remote terminal before sending the carriage return and copyright banner. For Nelgin.

Set to number of seconds to timeout, if desired.
Log the received character in response to the prompt.

Wait up to 10 seconds for a single-char reply to the prompt and if a non-control character was received, use the [TCP:x] (x is the character sent by the user) from the sexpots.ini for the Host and Port values to connect to.

An experimental feature for Nelgin.

When printing a PETSCII Sequence (.seq) file, count the lines/rows and columns similar to how we would if we were using outchar() (but we don't, we use the lower-level outcom() to bypass any translations).

This is related to issue #325:
PETSCII seq files seem to display just fine, the problem I saw was with the auto-pausing (e.g. before a screen-clear) after displaying them.

Oh, QWKnet nodes ('Q' restricted accounts) are impacted by this restriction
since the poster's name isn't taken from the user account anyway.

So some cute user (mine@demon.com) created a new user account on Vertrauen with the alias and real name of "Rob Swindell". Funny.

Now, duplicate user aliases are already and always forbidden (even those that just vaguely match an existing alias) - everyone expects those to be unique. And we already forbid new user real names to match an existing user alias (check_name() enforces this and we use that when checking new user real names too), however, nothing prevented a new user account's alias from matching another existing user's real name. And this is a problem:

1. This new/fake user could post a message or send an email/netmail and it would appear to possibly come from the other/original user (we do have options to send mail and post messages using real names)

2. Received email for real names is supported and if enabled, this second account could be used to intercept mail for the original/first account if it was receiving mail for the original/real user's real name.

So disallowing a new user's real name to match an existing alias fixes one problem. 
However, systems *can* be configured to allow duplicate real names (which is convenient for QWKnet accounts, for example) and so we needed another solution for that problem: meet the 'O' restriction. This restriction flag will prevent a user account from posting messages no sub-boards that require real names. New user accounts that have a duplicate real name (the same as another user account's real name), will automatically be assigned the 'O' restriction flag. Systems that don't allow duplicate real names wouldn't have this issue in the first place.

Scripts that allow the creation of new user accounts might need some updating to match this security logic.

Eliminate some redundant code. Use the userdat lib function provided for this purpose.

Posting restrictions are handled one QWK-message at a time (and have been for a long time). No actual change here.

The system.check_name() check *also* verifies that the username is not
already taken, so we must perform the matchuser() check first in order
to get the appropriate error message here when trying to use an alias
(username) that's already taken.

Fixed a couple sprintf() buffer overflow warnings/issues.

for Nelgin

Default the progress time interval to 500 milliseconds (twice a second).

Don't specify a count/call interval in the call-sites, since we really want to use time-based progress updates now only and the default probably will work fine everywhere.

To send less text over slow (e.g. 4800bps) modems. For Nelgin.

This makes the interval argument unnecessary I think.

system.illegal_filename() - check if contains illegal chars/sequences
system.safest_filename() - check if contains only safest chars
system.allowed_filename() - check if meets criteria from SCFG->File Options
system.check_filename() - check if legal and meets configured criteria and is not in file.can
bbs.check_filename() - ditto, except will display badfile.msg as appropriate

Now scripts can utilize the sysop-controlled filename criteria and security of the BBS.

Also remove "JavaScriptContextStack" (no longer used) and other
wrong or obsolete comments.

to be compliant with FTS-5006 which states "The name must be in 8x3 DOS format".

I'm not converting the filename to ALL CAPS, since that's not explicitly stated
and really should not be a problem.

This also generates an Lfile key if the generated-DOS-compatible filename
does not exactly match the actual filename in any way (not just length).

Only in debug builds.
If this check fails, then we may be producing/using potentially un-terminated strings and need to do something about that. By default, xpdev/genwrap.h redefines snprintf() as safe_snprintf(), so this check *should* always succeed.

The default is 'size' parameter value is 12 characters, not 13.

If an extended description contains nothing but Ctrl-A codes and white-space, don't display it in a file listing (in place of the normal short description).

Based largley on martylake's provided patch set. By default, assumes
all IRC messages are UTF-8 encoded and will translate to CP-437 if
appropriate or send as UTF-8 if the user's terminal supports it.
Set utf8_support=false in the [irc] section of your ctrl/modopts.ini
file if you wish to disable this behavior.

Remove JavaScriptContextStack (no longer used).
Add *Sound keys to the [Global] section.

Apparent copy/paste error in sbbs_set_sound_settings() - I was wondering why the HangupSound key wasn't saving to the sbbs.ini file from SBBSCTRL.

This is an experimental feature that's been in the code for quite a while without any supporting help/docs (there was the original commit message, I'm sure). I'm not sure how much value this feature is without providing automatic access to the *files* within the sub-directories, but there you have it.

"Request for x is outside of the web root" was already logged (with a "NOTICE" log level), but would not sound the hack attempt alarm (on Windows) or log to the hack.log. Now it does.

file_area.web_vpath_prefix
file-metadata-object (return value of FileBase.get()).vpath

These methods also (optionally) accept a file-meta-object as an argument.

Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
/Synchronet/ = /files/main/sbbs/
for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).

Now supports message sub-board & file directory name collapsing

See merge request !134