classes/artists.class.php

             }
 
             $QueryID = G::$DB->get_query_id();
-            G::$DB->query("
+            G::$DB->prepared_query("
             SELECT
               ta.`GroupID`,
               ta.`ArtistID`,
     public static function delete_artist($ArtistID)
     {
         $QueryID = G::$DB->get_query_id();
-        G::$DB->query("
+        G::$DB->prepared_query("
         SELECT
           `NAME`
         FROM
         list($Name) = G::$DB->next_record(MYSQLI_NUM, false);
 
         // Delete requests
-        G::$DB->query("
+        G::$DB->prepared_query("
         SELECT
           `RequestID`
         FROM
         $Requests = G::$DB->to_array();
         foreach ($Requests as $Request) {
             list($RequestID) = $Request;
-            G::$DB->query("
+            G::$DB->prepared_query("
             DELETE
             FROM
               `requests`
               `ID` = '$RequestID'
             ");
 
-            G::$DB->query("
+            G::$DB->prepared_query("
             DELETE
             FROM
               `requests_votes`
               `RequestID` = '$RequestID'
             ");
 
-            G::$DB->query("
+            G::$DB->prepared_query("
             DELETE
             FROM
               `requests_tags`
               `RequestID` = '$RequestID'
             ");
 
-            G::$DB->query("
+            G::$DB->prepared_query("
             DELETE
             FROM
               `requests_artists`
         }
 
         // Delete artist
-        G::$DB->query("
+        G::$DB->prepared_query("
         DELETE
         FROM
           `artists_group`
         G::$Cache->decrement('stats_artist_count');
 
         // Delete wiki revisions
-        G::$DB->query("
+        G::$DB->prepared_query("
         DELETE
         FROM
           `wiki_artists`
         ");
 
         // Delete tags
-        G::$DB->query("
+        G::$DB->prepared_query("
         DELETE
         FROM
           `artists_tags`

classes/badges.class.php

             return false;
         } else {
             $QueryID = G::$DB->get_query_id();
-            G::$DB->query("
+            G::$DB->prepared_query("
             INSERT INTO `users_badges`(`UserID`, `BadgeID`)
             VALUES($UserID, $BadgeID)
             ");
     {
         $QueryID = G::$DB->get_query_id();
 
-        G::$DB->query("
+        G::$DB->prepared_query("
         SELECT
           `ID`,
           `Icon`,

classes/bookmarks.class.php

             list($Table, $Col) = self::bookmark_schema($Type);
             $QueryID = G::$DB->get_query_id();
 
-            G::$DB->query("
+            G::$DB->prepared_query("
             SELECT `$Col`
             FROM `$Table`
               WHERE UserID = '$UserID'");

classes/collages.class.php

     public static function increase_subscriptions($CollageID)
     {
         $QueryID = G::$DB->get_query_id();
-        G::$DB->query("
+        G::$DB->prepared_query("
         UPDATE
           `collages`
         SET
     public static function decrease_subscriptions($CollageID)
     {
         $QueryID = G::$DB->get_query_id();
-        G::$DB->query("
+        G::$DB->prepared_query("
         UPDATE
           `collages`
         SET
 
     public static function create_personal_collage()
     {
-        G::$DB->query("
+        G::$DB->prepared_query("
         SELECT
           COUNT(`ID`)
         FROM
         $NameStr = db_string(G::$LoggedUser['Username']."'s personal collage".($CollageCount > 0 ? ' no. '.($CollageCount + 1) : ''));
         $Description = db_string('Personal collage for '.G::$LoggedUser['Username'].'. The first 5 albums will appear on his or her [url='.site_url().'user.php?id= '.G::$LoggedUser['ID'].']profile[/url].');
 
-        G::$DB->query("
+        G::$DB->prepared_query("
         INSERT INTO `collages`(
           `Name`,
           `Description`,

classes/text.class.php

       's' => 0,
       '*' => 0,
       '#' => 0,
-      #'ch' => 0,
-      #'uch' => 0,
       'artist' => 0,
       'user' => 0,
       'n' => 0,
      */
     public static $TOC = false;
 
+
+    /**
+     * Fix the links
+     * 
+     * Make it so that internal links are in the form "/section?p=foo"
+     * and that external links are secure and look like Wikipedia.
+     * Takes an already-parsed input, to hit Markdown and BBcode.
+     */
+    public function fix_links($Parsed) {
+            # Replace links to $ENV->SITE_DOMAIN
+            $Parsed = preg_replace(
+                "/<a href=\"$ENV->RESOURCE_REGEX$ENV->SITE_DOMAIN\//",
+                '<a href="/',
+                $Parsed
+            );
+                
+            # Replace external links and add Wikipedia-style CSS class
+            $RelTags = 'external nofollow noopener noreferrer';
+
+            $Parsed = preg_replace(
+                '/<a href="https?:\/\//',
+                '<a class="external" rel="'.$RelTags.'" target="_blank" href="https://',
+                $Parsed
+            );
+
+            $Parsed = preg_replace(
+                '/<a href="ftps?:\/\//',
+                '<a class="external" rel="'.$RelTags.'" target="_blank" href="ftps://',
+                $Parsed
+            );
+
+            return $Parsed;       
+    }
     
+
     /**
      * Output BBCode as XHTML
      *
         )) {
             $Parsedown = new ParsedownExtra();
             $Parsedown->setSafeMode(true);
+
+            # Prepare clean escapes
             $Str = html_entity_decode($Str, ENT_QUOTES | ENT_HTML5, 'UTF-8');
 
+            # Parse early and post-process
+            $Parsed = $Parsedown->text($Str);
+            
+            # Replace links to $ENV->SITE_DOMAIN
+            $Parsed = self::fix_links($Parsed);
+
+            return $Parsed;
+
             # Markdown ToC not happening yet
             # Shouldn't parse_toc() output HTML
             /*
             }
             */
 
-            return $P = $Parsedown->text($Str);
-
         /*
         return $P =
             ((self::$TOC && $OutputTOC)
                 : null)
             . $Parsedown->text($Str);
         */
-        } else {
+        }
+        
+        /**
+         * BBcode formatting
+         */
+        else {
             global $Debug;
             $Debug->set_flag('BBCode start');
 
             self::$Headlines = [];
             $Str = display_str($Str);
 
-            # Checkboxes: broken and stupid
-            /*
-            $Str = preg_replace('/\[\\[(ch|uch)]\]/i', '', $Str);
-            $Str = preg_replace('/\[ch\]/i', '[ch][/ch]', $Str);
-            $Str = preg_replace('/\[uch\]/i', '[uch][/uch]', $Str);
-            */
-
             // Inline links
             $URLPrefix = '(\[url\]|\[url\=|\[img\=|\[img\])';
             $Str = preg_replace('/'.$URLPrefix.'\s+/i', '$1', $Str);
             $Str = preg_replace('/(?<!'.$URLPrefix.')http(s)?:\/\//i', '$1[inlineurl]http$2://', $Str);
             $Str = preg_replace('/\[embed\]\[inlineurl\]/', '[embed]', $Str);
 
-            // For anonym.to and archive.org links, remove any [inlineurl] in the middle of the link
-            /*
-            $Str = preg_replace_callback(
-                '/(?<=\[inlineurl\]|'.$URLPrefix.')(\S*\[inlineurl\]\S*)/m',
-                function ($matches) {
-                    return str_replace("[inlineurl]", "", $matches[0]);
-                },
-                $Str
-            );
-            */
-
             if (self::$TOC) {
                 $Str = preg_replace('/(\={5})([^=].*)\1/i', '[headline=4]$2[/headline]', $Str);
                 $Str = preg_replace('/(\={4})([^=].*)\1/i', '[headline=3]$2[/headline]', $Str);
                 $HTML = self::parse_toc($Min) . $HTML;
             }
 
+            # Rewrite the URLs
+            $HTML = self::fix_links($HTML);
+
             $Debug->set_flag('BBCode end');
             return $HTML;
         }
                   break;
 
 
-                /*
-                case 'ch':
-                  $Str .= '<input type="checkbox" checked="checked" disabled="disabled">';
-                  break;
-                */
-
-
-                /*
-                case 'uch':
-                  $Str .= '<input type="checkbox" disabled="disabled">';
-                  break;
-                */
-
-
                 case 'list':
                   $Str .= "<$Block[ListType] class=\"postlist\">";
                   foreach ($Block['Val'] as $Line) {
                       if ($LocalURL) {
                           $Str .= '<a href="'.$LocalURL.'">'.substr($LocalURL, 1).'</a>';
                       } else {
-                          $Str .= '<a rel="noreferrer" target="_blank" href="'.$Block['Attr'].'">'.$Block['Attr'].'</a>';
+                          $Str .= '<a href="'.$Block['Attr'].'">'.$Block['Attr'].'</a>';
+                          #$Str .= '<a rel="noreferrer" target="_blank" href="'.$Block['Attr'].'">'.$Block['Attr'].'</a>';
                       }
                   }
                   break;

classes/wiki.class.php

         $Aliases = G::$Cache->get_value('wiki_aliases');
         if (!$Aliases) {
             $QueryID = G::$DB->get_query_id();
-            G::$DB->query("
+            G::$DB->prepared_query("
             SELECT Alias, ArticleID
             FROM wiki_aliases");
             $Aliases = G::$DB->to_pair('Alias', 'ArticleID');
         $Contents = G::$Cache->get_value('wiki_article_'.$ArticleID);
         if (!$Contents) {
             $QueryID = G::$DB->get_query_id();
-            G::$DB->query("
+            G::$DB->prepared_query("
             SELECT
               w.Revision,
               w.Title,

design/privateheader.php

           <li id="nav_irc" <?=
             Format::add_class($PageID, ['chat'], 'active', true)?>>
             <a href="https://join.slack.com/t/biotorrents/shared_invite/<?=$ENV->SLACK_INVITE?>"
-              target="_blank">Slack
-              <img src="/static/common/symbols/external.png" style="height: 0.75em; vertical-align: center;" /></a>
+              target="_blank">Slack</a>
           </li>
 
           <li id="nav_top10" <?=
     }
 }
 
-if (check_perms('users_mod')) {
-    $NumDeleteRequests = G::$Cache->get_value('num_deletion_requests');
-    if ($NumDeleteRequests === false) {
-        G::$DB->query("SELECT COUNT(*) FROM deletion_requests");
-        list($NumDeleteRequests) = G::$DB->next_record();
-        G::$Cache->cache_value('num_deletion_requests', $NumDeleteRequests);
-    }
-
-    if ($NumDeleteRequests > 0) {
-        $ModBar[] = '<a href="tools.php?action=expunge_requests">' . $NumDeleteRequests . " Expunge request".($NumDeleteRequests > 1 ? 's' : '')."</a>";
-    }
-}
-
 if (check_perms('users_mod') && FEATURE_EMAIL_REENABLE) {
     $NumEnableRequests = G::$Cache->get_value(AutoEnable::CACHE_KEY_NAME);
     if ($NumEnableRequests === false) {
 if (!empty($Alerts) || !empty($ModBar)) { ?>
     <div id="alerts">
       <?php foreach ($Alerts as $Alert) { ?>
-      <div class="alertbar">
+      <div class="alertbar warning">
         <?=$Alert?>
       </div>
       <?php

design/publicfooter.php

 </main>
 
 <footer>
-  <a href="https://github.com/biotorrents/gazelle" target="_blank">GitHub</a>
-  <a href="https://docs.biotorrents.de" target="_blank">API</a>
   <a href="/legal.php?p=privacy">Privacy</a>
   <a href="/legal.php?p=dmca">DMCA</a>
+  <a class="external" href="https://github.com/biotorrents" target="_blank">GitHub</a>
+  <a class="external" href="https://patreon.com/biotorrents" target="_blank">Patreon</a>
 </footer>
 
 <script src="$ENV->STATIC_SERVER/functions/vendor/instantpage.js" type="module"></script>

design/publicheader.php

     echo '<a href="register.php">Register</a>';
 }
 
-/*
-$Email = $ENV->HELP->Email;
-$Subject = $ENV->HELP->Subject;
-$Body = $ENV->HELP->Body;
-echo "<a href='mailto:$Email?subject=$Subject&body=$Body'>Support</a>";
-*/
-
 echo <<<HTML
-    <a href="https://github.com/biotorrents/gazelle/issues" target="_blank">Support</a>
+    <a href="/legal.php?p=about">About</a>
+    <a class="external" href="https://docs.torrents.bio" target="_blank">Docs</a>
   </header>
 
 <main>

gazelle.sql

 ) ENGINE=InnoDB CHARSET=utf8mb4;
 
 
-CREATE TABLE `deletion_requests` (
-  `UserID` int unsigned NOT NULL,
-  `Value` varchar(255) NOT NULL,
-  `Type` varchar(255) NOT NULL,
-  `Reason` text,
-  `Time` datetime,
-  PRIMARY KEY (`UserID`,`Value`)
-) ENGINE=InnoDB CHARSET=utf8mb4;
-
-
 -- 2020-03-09
 CREATE TABLE `donations` (
   `UserID` int NOT NULL,

sections/artist/artist.php

 // Comments (must be loaded before View::show_header so that subscriptions and quote notifications are handled properly)
 list($NumComments, $Page, $Thread, $LastRead) = Comments::load('artist', $ArtistID);
 
-View::show_header($Name, 'browse,requests,bbcode,comments,recommend,subscriptions');
+View::show_header($Name, 'browse,requests,comments,recommend,subscriptions');
 ?>
 <div>
   <div class="header">

sections/collages/all_comments.php

 // Start printing
 View::show_header(
     "Comments for collage $Name",
-    'comments,bbcode,subscriptions,vendor/easymde.min',
+    'comments,subscriptions,vendor/easymde.min',
     'vendor/easymde.min'
 );
 ?>

sections/collages/artist_collage.php

     $CollagePages[] = $CollagePage;
 }
 
-View::show_header($Name, 'browse,collage,bbcode,recommend');
+View::show_header($Name, 'browse,collage,recommend');
 ?>
 
 <div>

sections/collages/edit.php

 
 View::show_header(
     'Edit',
-    'bbcode,vendor/easymde.min',
+    'vendor/easymde.min',
     'vendor/easymde.min'
 );
 

sections/collages/new.php

 
 View::show_header(
     'Create a collection',
-    'bbcode,vendor/easymde.min',
+    'vendor/easymde.min',
     'vendor/easymde.min'
 );
 

sections/collages/torrent_collage.php

 
 View::show_header(
     $Name,
-    'browse,collage,bbcode,recommend,wall'
+    'browse,collage,recommend,wall'
 );
 ?>
 

sections/comments/comments.php

 }
 $Links = implode(' ', $ActionLinks) . (count($TypeLinks) ? '<br />' . implode(' ', $TypeLinks) : '');
 
-View::show_header($Title, 'bbcode,comments');
+View::show_header($Title, 'comments');
 ?><div>
   <div class="header">
     <h2><?=$Header?></h2>

sections/forums/newthread.php

 $ENV = ENV::go();
 View::show_header(
     "Forums $ENV->CRUMB ".$Forum['Name']." $ENV->CRUMB New Topic",
-    'comments,bbcode,vendor/jquery.validate.min,form_validate,vendor/easymde.min',
+    'comments,vendor/jquery.validate.min,form_validate,vendor/easymde.min',
     'vendor/easymde.min'
 );
 ?>

sections/forums/search.php

 }
 
 // Let's hope we got some results - start printing out the content
-View::show_header('Forums > Search', 'bbcode,forum_search');
+View::show_header('Forums > Search', 'forum_search');
 ?>
 
 <div class="header">

sections/forums/take_warn.php

   Tools::update_user_notes($UserID, $AdminComment);
 }
 
-$DB->query("
+$DB->prepared_query("
   INSERT INTO users_warnings_forums
     (UserID, Comment)
   VALUES
 Misc::send_pm($UserID, $LoggedUser['ID'], $Subject, $PrivateMessage);
 
 //edit the post
-$DB->query("
+$DB->prepared_query("
   SELECT
     p.Body,
     p.AuthorID,
 list($OldBody, $AuthorID, $TopicID, $ForumID, $Page) = $DB->next_record();
 
 // Perform the update
-$DB->query("
+$DB->prepared_query("
   UPDATE forums_posts
   SET Body = '" . db_string($Body) . "',
     EditedUserID = '$UserID',
   $Cache->cache_value("thread_$TopicID" . '_info', $ThreadInfo, 0);
 }
 
-$DB->query("
+$DB->prepared_query("
   INSERT INTO comments_edits
     (Page, PostID, EditUser, EditTime, Body)
   VALUES

sections/forums/thread.php

     if (isset($_GET['topicid']) && is_number($_GET['topicid'])) {
         $ThreadID = $_GET['topicid'];
     } elseif (isset($_GET['postid']) && is_number($_GET['postid'])) {
-        $DB->query("
+        $DB->prepared_query("
       SELECT TopicID
       FROM forums_posts
       WHERE ID = $_GET[postid]");
         if ($ThreadInfo['StickyPostID'] < $_GET['postid']) {
             $SQL .= " AND ID != $ThreadInfo[StickyPostID]";
         }
-        $DB->query($SQL);
+        $DB->prepared_query($SQL);
         list($PostNum) = $DB->next_record();
     } else {
         $PostNum = 1;
 
 // Cache catalogue from which the page is selected, allows block caches and future ability to specify posts per page
 if (!$Catalogue = $Cache->get_value("thread_{$ThreadID}_catalogue_$CatalogueID")) {
-    $DB->query("
+    $DB->prepared_query("
     SELECT
       p.ID,
       p.AuthorID,
 //Why would we skip this on locked or stickied threads?
 //if (!$ThreadInfo['IsLocked'] || $ThreadInfo['IsSticky']) {
 
-  $DB->query("
+  $DB->prepared_query("
     SELECT PostID
     FROM forums_last_read_topics
     WHERE UserID = '$LoggedUser[ID]'
       AND TopicID = '$ThreadID'");
   list($LastRead) = $DB->next_record();
   if ($LastRead < $LastPost) {
-      $DB->query("
+      $DB->prepared_query("
       INSERT INTO forums_last_read_topics
         (UserID, TopicID, PostID)
       VALUES
 
 $QuoteNotificationsCount = $Cache->get_value('notify_quoted_' . $LoggedUser['ID']);
 if ($QuoteNotificationsCount === false || $QuoteNotificationsCount > 0) {
-    $DB->query("
+    $DB->prepared_query("
     UPDATE users_notify_quoted
     SET UnRead = false
     WHERE UserID = '$LoggedUser[ID]'
 // Start printing
 View::show_header(
     $ThreadInfo['Title'].' &rsaquo; '.$Forums[$ForumID]['Name'].' &rsaquo; Forums',
-    'comments,subscriptions,bbcode,vendor/easymde.min',
+    'comments,subscriptions,vendor/easymde.min',
     ($IsDonorForum ?? 'donor,').'vendor/easymde.min'
 );
 ?>
 
 if ($ThreadInfo['NoPoll'] == 0) {
     if (!list($Question, $Answers, $Votes, $Featured, $Closed) = $Cache->get_value("polls_$ThreadID")) {
-        $DB->query("
+        $DB->prepared_query("
       SELECT Question, Answers, Featured, Closed
       FROM forums_polls
       WHERE TopicID = '$ThreadID'");
         list($Question, $Answers, $Featured, $Closed) = $DB->next_record(MYSQLI_NUM, array(1));
         $Answers = unserialize($Answers);
-        $DB->query("
+        $DB->prepared_query("
       SELECT Vote, COUNT(UserID)
       FROM forums_polls_votes
       WHERE TopicID = '$ThreadID'
     #$RevealVoters = in_array($ForumID, FORUMS_TO_REVEAL_VOTERS);
 
     // Polls lose the you voted arrow thingy
-    $DB->query("
+    $DB->prepared_query("
     SELECT Vote
     FROM forums_polls_votes
     WHERE UserID = '".$LoggedUser['ID']."'
             $StaffNames[] = $Staffer['Username'];
         }
 
-        $DB->query("
+        $DB->prepared_query("
         SELECT
           fpv.Vote AS Vote,
           GROUP_CONCAT(um.Username SEPARATOR ', ')
   }
 
 if (check_perms('site_moderate_forums')) {
-    G::$DB->query("
+    G::$DB->prepared_query("
       SELECT ID, AuthorID, AddedTime, Body
       FROM forums_topic_notes
       WHERE TopicID = $ThreadID

sections/forums/warn.php

 $Key = (int) $_POST['key'];
 $UserInfo = Users::user_info($UserID);
 
-$DB->query("
+$DB->prepared_query("
   SELECT p.Body, t.ForumID
   FROM forums_posts AS p
     JOIN forums_topics AS t ON p.TopicID = t.ID
   WHERE p.ID = '$PostID'");
 list($PostBody, $ForumID) = $DB -> next_record();
 
-View::show_header('Warn User');
+View::show_header('Warn');
 ?>
 
 <div>
             <textarea id="body" style="width: 95%;" tabindex="1" onkeyup="resize('body');" name="body" cols="90"
               rows="8"><?=$PostBody?></textarea>
             <br />
-            <input type="submit" id="submit_button" value="Warn user" tabindex="1" />
+            <input type="submit" id="submit_button" class="button-primary" value="Warn user" tabindex="1" />
           </td>
         </tr>
       </table>

sections/friends/add.php

 <?php
+declare(strict_types = 1);
+
 authorize();
-if (!is_number($_GET['friendid'])) {
-  error(404);
-}
-$FriendID = db_string($_GET['friendid']);
+
+$FriendID = (int) $_GET['friendid'];
+Security::checkInt($FriendID);
 
 // Check if the user $FriendID exists
-$DB->query("
-  SELECT 1
-  FROM users_main
-  WHERE ID = '$FriendID'");
+$DB->prepared_query("
+SELECT 1
+FROM `users_main`
+WHERE `ID` = '$FriendID'
+");
+
 if (!$DB->has_results()) {
-  error(404);
+    error(404);
 }
 
-$DB->query("
-  INSERT IGNORE INTO friends
-    (UserID, FriendID)
+$DB->prepared_query("
+  INSERT IGNORE INTO `friends`
+    (`UserID`, `FriendID`)
   VALUES
-    ('$LoggedUser[ID]', '$FriendID')");
+    ('$LoggedUser[ID]', '$FriendID')
+");
 
 header('Location: friends.php');

sections/friends/comment.php

-<?
-$DB->query("
-  UPDATE friends
-  SET Comment='$P[comment]'
-  WHERE UserID='$LoggedUser[ID]'
-    AND FriendID='$P[friendid]'");
+<?php
+declare(strict_types = 1);
+
+$DB->prepared_query("
+  UPDATE `friends`
+  SET `Comment`='$P[comment]'
+  WHERE `UserID`='$LoggedUser[ID]'
+    AND `FriendID`='$P[friendid]'
+");
 
 header('Location: friends.php');
-?>

sections/friends/friends.php

 
 /**
  * Main friends page
- * 
+ *
  * This page lists a user's friends.
  * There's no real point in caching this page.
  * I doubt users load it that much.
 list($Page, $Limit) = Format::page_limit(FRIENDS_PER_PAGE);
 
 // Main query
-$DB->query("
+$DB->prepared_query("
   SELECT
     SQL_CALC_FOUND_ROWS
     f.`FriendID`,
 $Friends = $DB->to_array(false, MYSQLI_BOTH, array(6, 'Paranoia'));
 
 // Number of results (for pagination)
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($Results) = $DB->next_record();
 
-// Start printing stuff ?>
+// Start printing stuff?>
 
 <div>
   <div class="header">

sections/friends/index.php

-<?
-$P = db_array($_POST);
+<?php
+declare(strict_types = 1);
+
 enforce_login();
-if (!empty($_REQUEST['friendid']) && !is_number($_REQUEST['friendid'])) {
-  error(404);
-}
+$P = db_array($_POST);
+
+$FriendID = (int) $_REQUEST['friendid'];
+Security::checkInt($FriendID);
 
 if (!empty($_REQUEST['action'])) {
-  switch ($_REQUEST['action']) {
+    switch ($_REQUEST['action']) {
     case 'add':
-      include(SERVER_ROOT.'/sections/friends/add.php');
+      require_once "$ENV->SERVER_ROOT/sections/friends/add.php";
       break;
+
     case 'Remove friend':
       authorize();
-      include(SERVER_ROOT.'/sections/friends/remove.php');
+      require_once "$ENV->SERVER_ROOT/sections/friends/remove.php";
       break;
+
     case 'Update':
       authorize();
-      include(SERVER_ROOT.'/sections/friends/comment.php');
-      break;
-    case 'whois':
-      include(SERVER_ROOT.'/sections/friends/whois.php');
+      require_once "$ENV->SERVER_ROOT/sections/friends/comment.php";
       break;
+
     case 'Contact':
-      header('Location: inbox.php?action=compose&to='.$_POST['friendid']);
+      header("Location: inbox.php?action=compose&to=$FriendID");
       break;
+      
     default:
       error(404);
   }
 } else {
-  include(SERVER_ROOT.'/sections/friends/friends.php');
+    require_once "$ENV->SERVER_ROOT/sections/friends/friends.php";
 }
-?>

sections/friends/remove.php

-<?
-$DB->query("
-  DELETE FROM friends
-  WHERE UserID='$LoggedUser[ID]'
-    AND FriendID='$P[friendid]'");
+<?php
+declare(strict_types = 1);
+
+$DB->prepared_query("
+  DELETE FROM `friends`
+  WHERE `UserID`='$LoggedUser[ID]'
+    AND `FriendID`='$P[friendid]'
+");
 
 header('Location: friends.php');
-?>

sections/inbox/compose.php

     error(403);
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT Username
   FROM users_main
   WHERE ID='$ToID'");
 }
 View::show_header(
     'Compose',
-    'inbox,bbcode,vendor/jquery.validate.min,form_validate,vendor/easymde.min',
+    'inbox,vendor/jquery.validate.min,form_validate,vendor/easymde.min',
     'vendor/easymde.min'
 );
 ?>
       <div id="preview" class="hidden"></div>
       <div id="buttons" class="center">
         <input type="button" value="Preview" onclick="Quick_Preview();" />
-        <input type="submit" value="Send message" />
+        <input type="submit" class="button-primary" value="Send message" />
       </div>
     </div>
   </form>

sections/inbox/conversation.php

 
 View::show_header(
     "View conversation $Subject",
-    'comments,inbox,bbcode,vendor/jquery.validate.min,form_validate,vendor/easymde.min',
+    'comments,inbox,vendor/jquery.validate.min,form_validate,vendor/easymde.min',
     'vendor/easymde.min'
 );
 

sections/legal/index.php

 $p = $_GET['p'];
 
 switch ($p) {
+    case 'about':
+        View::show_header('About');
+        echo $Twig->render('legal/about.html');
+        View::show_footer();
+        break;
+
     case 'privacy':
         View::show_header('Privacy');
         echo $Twig->render('legal/privacy.html');

sections/reports/compose.php

 if (!$ComposeToUsername) {
   error(404);
 }
-View::show_header('Compose', 'inbox,bbcode');
+View::show_header('Compose', 'inbox');
 
 // $TypeLink is placed directly in the <textarea> when composing a PM
 switch ($Type) {

sections/reports/report.php

 
 View::show_header(
     'Report a '.$Type['title'],
-    'bbcode,vendor/jquery.validate.min,form_validate'
+    'vendor/jquery.validate.min,form_validate'
 );
 ?>
 <div class="thin">

sections/reports/reports.php

 include(SERVER_ROOT . '/sections/reports/array.php');
 
 // Header
-View::show_header('Reports', 'bbcode,reports');
+View::show_header('Reports', 'reports');
 
 if (isset($_GET['id']) && $_GET['id'] && is_number($_GET['id'])) {
   $View = 'Single report';

sections/reportsv2/ajax_create_report.php

   $TorrentID = $_POST['torrentid'];
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT tg.CategoryID
   FROM torrents_group AS tg
     JOIN torrents AS t ON t.GroupID = tg.ID
   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT ID
   FROM reportsv2
   WHERE TorrentID = $TorrentID
   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   INSERT INTO reportsv2
     (ReporterID, TorrentID, Type, UserComment, Status, ReportedTime, ExtraID)
   VALUES

sections/reportsv2/ajax_giveback_report.php

   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT Status
   FROM reportsv2
   WHERE ID = ".$_GET['id']);
 list($Status) = $DB->next_record();
 if (isset($Status)) {
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET Status = 'New', ResolverID = 0
     WHERE ID = ".$_GET['id']);

sections/reportsv2/ajax_grab_report.php

   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   UPDATE reportsv2
   SET Status = 'InProgress',
     ResolverID = " . $LoggedUser['ID'] . "

sections/reportsv2/ajax_new_report.php

 }
 
 
-$DB->query("
+$DB->prepared_query("
   SELECT
     r.ID,
     r.ReporterID,
 
     if (!$GroupID) {
       //Torrent already deleted
-      $DB->query("
+      $DB->prepared_query("
         UPDATE reportsv2
         SET
           Status = 'Resolved',
 <?
       error();
     }
-    $DB->query("
+    $DB->prepared_query("
       UPDATE reportsv2
       SET Status = 'InProgress',
         ResolverID = ".$LoggedUser['ID']."
               uploaded by <a href="user.php?id=<?=$UploaderID?>"><?=$UploaderName?></a> <?=time_diff($Time)?>
               <br />
               <div style="text-align: right;">was reported by <a href="user.php?id=<?=$ReporterID?>"><?=$ReporterName?></a> <?=time_diff($ReportedTime)?> for the reason: <strong><?=$ReportType['title']?></strong></div>
-<?php $DB->query("
+<?php $DB->prepared_query("
             SELECT r.ID
             FROM reportsv2 AS r
               LEFT JOIN torrents AS t ON t.ID = r.TorrentID
               <div style="text-align: right;">
                 <a href="reportsv2.php?view=group&amp;id=<?=$GroupID?>">There <?=(($GroupOthers > 1) ? "are $GroupOthers other reports" : "is 1 other report")?> for torrents in this group</a>
               </div>
-<?php $DB->query("
+<?php $DB->prepared_query("
             SELECT t.UserID
             FROM reportsv2 AS r
               JOIN torrents AS t ON t.ID = r.TorrentID
               </div>
 <?php }
 
-        $DB->query("
+        $DB->prepared_query("
             SELECT DISTINCT req.ID,
               req.FillerID,
               um.Username,
         $First = true;
         $Extras = explode(' ', $ExtraIDs);
         foreach ($Extras as $ExtraID) {
-            $DB->query("
+            $DB->prepared_query("
                 SELECT
                   tg.Name,
                   tg.ID,

sections/reportsv2/ajax_update_comment.php

 $Message = db_string($_POST['comment']);
 //Message can be blank!
 
-$DB->query("
+$DB->prepared_query("
   SELECT ModComment
   FROM reportsv2
   WHERE ID = $ReportID");
 list($ModComment) = $DB->next_record();
 if (isset($ModComment)) {
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET ModComment = '$Message'
     WHERE ID = $ReportID");

sections/reportsv2/ajax_update_resolve.php

   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   UPDATE reportsv2
   SET Type = '$NewType'
   WHERE ID = $ReportID");

sections/reportsv2/report.php

     }
 } else {
     $TorrentID = $_GET['id'];
-    $DB->query("
+    $DB->prepared_query("
     SELECT tg.`category_id`, t.`GroupID`, u.`Username`
     FROM `torrents_group` AS tg
       LEFT JOIN `torrents` AS t ON t.`GroupID` = tg.`id`
     */
 }
 
-View::show_header('Report', 'reportsv2,browse,torrent,bbcode,recommend');
+View::show_header('Report', 'reportsv2,browse,torrent,recommend');
 ?>
 
 <div>

sections/reportsv2/static.php

 } else {
     switch ($View) {
     case 'staff':
-      $DB->query("
+      $DB->prepared_query("
         SELECT `Username`
         FROM `users_main`
         WHERE `ID` = $ID");
       break;
 
     case 'resolver':
-      $DB->query("
+      $DB->prepared_query("
         SELECT `Username`
         FROM `users_main`
         WHERE `ID` = $ID");
       break;
 
     case 'reporter':
-      $DB->query("
+      $DB->prepared_query("
         SELECT `Username`
         FROM `users_main`
         WHERE `ID` = $ID");
       break;
 
     case 'uploader':
-      $DB->query("
+      $DB->prepared_query("
         SELECT `Username`
         FROM `users_main`
         WHERE `ID` = $ID");
 /**
  * The large query
  */
-$DB->query("
+$DB->prepared_query("
   SELECT
     SQL_CALC_FOUND_ROWS
     r.`ID`,
 
 $Reports = $DB->to_array();
 
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($Results) = $DB->next_record();
 $PageLinks = Format::get_pages($Page, $Results, REPORTS_PER_PAGE, 11);
 
-View::show_header('Reports V2!', 'reportsv2,bbcode');
+View::show_header('Reports V2!', 'reportsv2');
 ?>
 <div class="header">
   <h2><?=$Title?></h2>
 
           if (!$GroupID && $Status != 'Resolved') {
               //Torrent already deleted
-              $DB->query("
+              $DB->prepared_query("
         UPDATE `reportsv2`
         SET
           `Status` = 'Resolved',
 } ?>
             <div style="text-align: right;">was reported by <a href="user.php?id=<?=$ReporterID?>"><?=$ReporterName?></a> <?=time_diff($ReportedTime)?> for the reason: <strong><?=$ReportType['title']?></strong></div>
 <?php if ($Status != 'Resolved') {
-    $DB->query("
+    $DB->prepared_query("
             SELECT r.`ID`
             FROM `reportsv2` AS r
               LEFT JOIN `torrents` AS t ON t.`ID` = r.`TorrentID`
             </div>
 <?php }
 
-    $DB->query("
+    $DB->prepared_query("
             SELECT t.`UserID`
             FROM `reportsv2` AS r
               JOIN `torrents` AS t ON t.`ID` = r.`TorrentID`
             </div>
 <?php }
 
-    $DB->query("
+    $DB->prepared_query("
             SELECT DISTINCT req.`ID`,
               req.`FillerID`,
               um.`Username`,
         $First = true;
         $Extras = explode(' ', $ExtraIDs);
         foreach ($Extras as $ExtraID) {
-            $DB->query("
+            $DB->prepared_query("
             SELECT
               COALESCE(NULLIF(tg.`title`, ''), NULLIF(tg.`subject`, ''), tg.`object`) AS Name,
               tg.`id`,

sections/reportsv2/takereport.php

-<?
+<?php
 
 /**
  * This page handles the backend from when a user submits a report.
 
 authorize();
 
-if (!is_number($_POST['torrentid'])) {
-  error(404);
-} else {
-  $TorrentID = $_POST['torrentid'];
-}
-
-if (!is_number($_POST['categoryid'])) {
-  error(404);
-} else {
-  $CategoryID = $_POST['categoryid'];
-}
+$TorrentID = (int) $_POST['torrentid'];
+$CategoryID = (int) $_POST['categoryid'];
+Security::checkInt($TorrentID, $CategoryID);
 
 if (!isset($_POST['type'])) {
-  error(404);
+    error(404);
 } elseif (array_key_exists($_POST['type'], $Types[$CategoryID])) {
-  $Type = $_POST['type'];
-  $ReportType = $Types[$CategoryID][$Type];
+    $Type = $_POST['type'];
+    $ReportType = $Types[$CategoryID][$Type];
 } elseif (array_key_exists($_POST['type'], $Types['master'])) {
-  $Type = $_POST['type'];
-  $ReportType = $Types['master'][$Type];
+    $Type = $_POST['type'];
+    $ReportType = $Types['master'][$Type];
 } else {
-  //There was a type but it wasn't an option!
-  error(403);
+    // There was a type but it wasn't an option!
+    error(403);
 }
 
-
 foreach ($ReportType['report_fields'] as $Field => $Value) {
-  if ($Value == '1') {
-    if (empty($_POST[$Field])) {
-      $Err = "You are missing a required field ($Field) for a ".$ReportType['title'].' report.';
+    if ($Value === '1') {
+        if (empty($_POST[$Field])) {
+            $Err = "You are missing a required field ($Field) for a ".$ReportType['title'].' report.';
+        }
     }
-  }
 }
 
 if (!empty($_POST['sitelink'])) {
-  if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) {
-    $ExtraIDs = implode(' ', $Matches[4]);
-    if (in_array($TorrentID, $Matches[4])) {
-      $Err = "The extra permalinks you gave included the link to the torrent you're reporting!";
+    if (preg_match_all('/'.TORRENT_REGEX.'/i', $_POST['sitelink'], $Matches)) {
+        $ExtraIDs = implode(' ', $Matches[4]);
+
+        if (in_array($TorrentID, $Matches[4])) {
+            $Err = "The extra permalinks you gave included the link to the torrent you're reporting!";
+        }
+    } else {
+        $Err = 'The permalink was incorrect. It should look like '.site_url().'torrents.php?torrentid=12345';
     }
-  } else {
-    $Err = 'The permalink was incorrect. It should look like '.site_url().'torrents.php?torrentid=12345';
-  }
 }
 
 if (!empty($_POST['link'])) {
-  //resource_type://domain:port/filepathname?query_string#anchor
-  //          http://   www     .foo.com                /bar
-  if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) {
-    $Links = implode(' ', $Matches[0]);
-  } else {
-    $Err = "The extra links you provided weren't links...";
-  }
+    // resource_type://domain:port/filepathname?query_string#anchor
+    if (preg_match_all('/'.URL_REGEX.'/is', $_POST['link'], $Matches)) {
+        $Links = implode(' ', $Matches[0]);
+    } else {
+        $Err = "The extra links you provided weren't links...";
+    }
 } else {
-  $Links = '';
+    $Links = '';
 }
 
 if (!empty($_POST['image'])) {
-  if (preg_match("/^(".IMAGE_REGEX.")( ".IMAGE_REGEX.")*$/is", trim($_POST['image']), $Matches)) {
-    $Images = $Matches[0];
-  } else {
-    $Err = "The extra image links you provided weren't links to images...";
-  }
+    if (preg_match("/^(".IMAGE_REGEX.")( ".IMAGE_REGEX.")*$/is", trim($_POST['image']), $Matches)) {
+        $Images = $Matches[0];
+    } else {
+        $Err = "The extra image links you provided weren't links to images...";
+    }
 } else {
-  $Images = '';
+    $Images = '';
 }
 
 if (!empty($_POST['track'])) {
-  if (preg_match('/([0-9]+( [0-9]+)*)|All/is', $_POST['track'], $Matches)) {
-    $Tracks = $Matches[0];
-  } else {
-    $Err = 'Tracks should be given in a space-separated list of numbers with no other characters.';
-  }
+    if (preg_match('/([0-9]+( [0-9]+)*)|All/is', $_POST['track'], $Matches)) {
+        $Tracks = $Matches[0];
+    } else {
+        $Err = 'Tracks should be given in a space-separated list of numbers with no other characters.';
+    }
 } else {
-  $Tracks = '';
+    $Tracks = '';
 }
 
 if (!empty($_POST['extra'])) {
-  $Extra = db_string($_POST['extra']);
+    $Extra = db_string($_POST['extra']);
 } else {
-  $Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
+    $Err = 'As useful as blank reports are, could you be a tiny bit more helpful? (Leave a comment)';
 }
 
-$DB->query("
-  SELECT GroupID
-  FROM torrents
-  WHERE ID = $TorrentID");
+$DB->prepared_query("
+  SELECT `GroupID`
+  FROM `torrents`
+  WHERE `ID` = '$TorrentID'
+  ");
 if (!$DB->has_results()) {
-  $Err = "A torrent with that ID doesn't exist!";
+    $Err = "A torrent with that ID doesn't exist!";
 }
 list($GroupID) = $DB->next_record();
 
 if (!empty($Err)) {
-  error($Error = $Err, $Debug = false);
-  include(SERVER_ROOT.'/sections/reportsv2/report.php');
-  error();
+    error($Error = $Err, $Debug = false);
+    include(SERVER_ROOT.'/sections/reportsv2/report.php');
+    error();
 }
 
-$DB->query("
-  SELECT ID
-  FROM reportsv2
-  WHERE TorrentID = $TorrentID
-    AND ReporterID = ".db_string($LoggedUser['ID'])."
-    AND ReportedTime > '".time_minus(3)."'");
+$DB->prepared_query("
+  SELECT `ID`
+  FROM `reportsv2`
+  WHERE `TorrentID` = '$TorrentID'
+    AND `ReporterID` = ".db_string($LoggedUser['ID'])."
+    AND `ReportedTime` > '".time_minus(3)."'");
 if ($DB->has_results()) {
-  header("Location: torrents.php?torrentid=$TorrentID");
-  error();
+    header("Location: torrents.php?torrentid=$TorrentID");
+    error();
 }
 
-$DB->query("
-  INSERT INTO reportsv2
-    (ReporterID, TorrentID, Type, UserComment, Status, ReportedTime, Track, Image, ExtraID, Link)
+$DB->prepared_query("
+  INSERT INTO `reportsv2`
+    (`ReporterID`, `TorrentID`, `Type`, `UserComment`, `Status`, `ReportedTime`, `Track`, `Image`, `ExtraID`, `Link`)
   VALUES
     (".db_string($LoggedUser['ID']).", $TorrentID, '".db_string($Type)."', '$Extra', 'New', NOW(), '".db_string($Tracks)."', '".db_string($Images)."', '".db_string($ExtraIDs)."', '".db_string($Links)."')");
 
 $ReportID = $DB->inserted_id();
 
-$DB->query("
-  SELECT UserID
-  FROM torrents
-  WHERE ID = $TorrentID");
+$DB->prepared_query("
+  SELECT `UserID`
+  FROM `torrents`
+  WHERE `ID` = $TorrentID");
 list($UploaderID) = $DB->next_record();
-$DB->query("
-  SELECT Name, Title2, NameJP
-  FROM torrents_group
-  WHERE ID = $GroupID");
+$DB->prepared_query("
+  SELECT `title`, `subject`, `object`
+  FROM `torrents_group`
+  WHERE `id` = '$GroupID'
+  ");
 list($GroupNameEng, $GroupTitle2, $GroupNameJP) = $DB->next_record();
 $GroupName = $GroupNameEng ? $GroupNameEng : ($GroupTitle2 ? $GroupTitle2 : $GroupNameJP);
 
 Misc::send_pm($UploaderID, 0, "Torrent Reported: $GroupName", "Your torrent, \"[url=".site_url()."torrents.php?torrentid=$TorrentID]".$GroupName."[/url]\", was reported for the reason \"".$ReportType['title']."\".\n\nThe reporter also said: \"$Extra\"\n\nIf you think this report was in error, please contact staff. Failure to challenge some types of reports in a timely manner will be regarded as a lack of defense and may result in the torrent being deleted.");
 
 $Cache->delete_value("reports_torrent_$TorrentID");
-
 $Cache->increment('num_torrent_reportsv2');
+
 header("Location: torrents.php?torrentid=$TorrentID");
-?>

sections/reportsv2/takeresolve.php

     }
   }
 
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET
       Status = 'Resolved',
   error();
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT ID
   FROM torrents
   WHERE ID = $TorrentID");
 $TorrentExists = ($DB->has_results());
 if (!$TorrentExists) {
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET Status = 'Resolved',
       LastChangeTime = NOW(),
 
 if ($Report) {
   //Resolve with a parallel check
-  $DB->query("
+  $DB->prepared_query("
     UPDATE reportsv2
     SET Status = 'Resolved',
       LastChangeTime = NOW(),
   }
 
   if ($_POST['resolve_type'] == 'tags_lots') {
-    $DB->query("
+    $DB->prepared_query("
       INSERT IGNORE INTO torrents_bad_tags
         (TorrentID, UserID, TimeAdded)
       VALUES
         ($TorrentID, ".$LoggedUser['ID']." , NOW())");
-    $DB->query("
+    $DB->prepared_query("
       SELECT GroupID
       FROM torrents
       WHERE ID = $TorrentID");
   }
 
   if ($_POST['resolve_type'] == 'folders_bad') {
-    $DB->query("
+    $DB->prepared_query("
       INSERT IGNORE INTO torrents_bad_folders
         (TorrentID, UserID, TimeAdded)
       VALUES
         ($TorrentID, ".$LoggedUser['ID'].", NOW())");
-    $DB->query("
+    $DB->prepared_query("
       SELECT GroupID
       FROM torrents
       WHERE ID = $TorrentID");
     $SendPM = true;
   }
   if ($_POST['resolve_type'] == 'filename') {
-    $DB->query("
+    $DB->prepared_query("
       INSERT IGNORE INTO torrents_bad_files
         (TorrentID, UserID, TimeAdded)
       VALUES
         ($TorrentID, ".$LoggedUser['ID'].", NOW())");
-    $DB->query("
+    $DB->prepared_query("
       SELECT GroupID
       FROM torrents
       WHERE ID = $TorrentID");
     $SendPM = true;
   }
   if ($_POST['resolve_type'] == 'trump') {
-    $DB->query("
+    $DB->prepared_query("
       SELECT
         r.ExtraID,
         HEX(t.info_hash)
       $ExtraID = explode(' ', $ExtraID)[0];
 
       $AffectedUsers = [];
-      $DB->query("
+      $DB->prepared_query("
         SELECT UserID
         FROM torrents
         WHERE ID = $TorrentID");
       if ($DB->has_results()) {
         list($AffectedUsers[]) = $DB->next_record();
       }
-      $DB->query("
+      $DB->prepared_query("
         SELECT uid
         FROM xbt_snatched
         WHERE fid = $TorrentID");
       $AffectedUsers = array_unique($AffectedUsers);
       foreach ($AffectedUsers as $UserID) {
         Tracker::update_tracker('add_token', ['info_hash' => substr('%'.chunk_split($InfoHash,2,'%'),0,-1), 'userid' => $UserID]);
-        $DB->query("
+        $DB->prepared_query("
           INSERT INTO users_freeleeches (UserID, TorrentID, Time, Uses)
           VALUES ($UserID, $ExtraID, NOW(), 0)
           ON DUPLICATE KEY UPDATE
 
   //Log and delete
   if (isset($Escaped['delete']) && check_perms('torrents_delete')) {
-    $DB->query("
+    $DB->prepared_query("
       SELECT Username
       FROM users_main
       WHERE ID = $UploaderID");
     if (isset($Escaped['log_message']) && $Escaped['log_message'] != '') {
       $Log .= ' ( '.$Escaped['log_message'].' )';
     }
-    $DB->query("
+    $DB->prepared_query("
       SELECT GroupID, hex(info_hash)
       FROM torrents
       WHERE ID = $TorrentID");
     $Cache->update_row(false, array('DisableUpload' => '1'));
     $Cache->commit_transaction(0);
 
-    $DB->query("
+    $DB->prepared_query("
       UPDATE users_info
       SET DisableUpload = '1'
       WHERE UserID = $UploaderID");
     if ($AdminComment) {
       $AdminComment = date('Y-m-d') . " - $AdminComment\n\n";
 
-      $DB->query("
+      $DB->prepared_query("
         UPDATE users_info
         SET AdminComment = CONCAT('".db_string($AdminComment)."', AdminComment)
         WHERE UserID = '".db_string($UploaderID)."'");
 
   // Now we've done everything, update the DB with values
   if ($Report) {
-    $DB->query("
+    $DB->prepared_query("
       UPDATE reportsv2
       SET
         Type = '".$Escaped['resolve_type']."',

sections/reportsv2/views.php

 
 
 //Grab owner's ID, just for examples
-$DB->query("
+$DB->prepared_query("
   SELECT ID, Username
   FROM users_main
   ORDER BY ID ASC
 <div class="float_clear">
   <div class="two_columns pad">
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     um.ID,
     um.Username,
 ?>
     </table>
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     um.ID,
     um.Username,
 ?>
     </table>
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     um.ID,
     um.Username,
 ?>
     </table>
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     um.ID,
     um.Username,
   </div>
   <div class="two_columns pad">
 <?
-  $DB->query("
+  $DB->prepared_query("
     SELECT
       r.ResolverID,
       um.Username,
     </table>
     <h3>Different view modes by report type</h3>
 <?
-  $DB->query("
+  $DB->prepared_query("
     SELECT
       Type,
       COUNT(ID) AS Count

sections/requests/new_edit.php

 
 View::show_header(
     ($NewRequest ? 'Create Request' : 'Edit Request'),
-    'bbcode,requests,upload,form_validate,vendor/easymde.min',
+    'requests,upload,form_validate,vendor/easymde.min',
     'vendor/easymde.min'
 );
 ?>

sections/requests/request.php

 
 View::show_header(
     "View request: $Title",
-    'comments,requests,bbcode,subscriptions,vendor/easymde.min',
+    'comments,requests,subscriptions,vendor/easymde.min',
     'vendor/easymde.min'
 );
 ?>

sections/staffpm/viewconv.php

 
     View::show_header(
         'Staff PM',
-        'staffpm,bbcode,vendor/easymde.min',
+        'staffpm,vendor/easymde.min',
         'vendor/easymde.min'
     );
 

sections/tools/finances/donation_log.php

 $SQL .= "
   ORDER BY d.Time DESC
   LIMIT $Limit";
-$DB->query($SQL);
+$DB->prepared_query($SQL);
 $Donations = $DB->to_array();
 
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($Results) = $DB->next_record();
 
-$DB->query("SELECT SUM(Amount) FROM donations");
+$DB->prepared_query("SELECT SUM(Amount) FROM donations");
 list($Total) = $DB->next_record();
 
 /*
 if (empty($_GET['email']) && empty($_GET['username']) && empty($_GET['source']) && !isset($_GET['page']) && !$DonationTimeline = $Cache->get_value('donation_timeline')) {
     include(SERVER_ROOT.'/classes/charts.class.php');
 
-    $DB->query("
+    $DB->prepared_query("
     SELECT DATE_FORMAT(Time,'%b \'%y') AS Month, SUM(Amount)
     FROM donations
     GROUP BY Month

sections/tools/finances/donor_rewards.php

 
 $Title = "Donor Rewards";
 
-$DB->query("
+$DB->prepared_query("
   SELECT
     SQL_CALC_FOUND_ROWS
     u.Username,
   LIMIT $Limit");
 
 $Users = $DB->to_array();
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($Results) = $DB->next_record();
 $Pages = Format::get_pages($Page, $Results, USERS_PER_PAGE, 9);
 

sections/tools/index.php

     include SERVER_ROOT.'/sections/tools/managers/enable_requests.php';
     break;
 
-  case 'expunge_requests':
-    include SERVER_ROOT.'/sections/tools/managers/expunge_requests.php';
-    break;
-
   case 'ajax_take_enable_request':
     if (FEATURE_EMAIL_REENABLE) {
         include SERVER_ROOT.'/sections/tools/managers/ajax_take_enable_request.php';

sections/tools/managers/bans.php

     authorize();
 
     $IPA = substr($_POST['start'], 0, strcspn($_POST['start'], '.'));
-    if ($_POST['submit'] == 'Delete') { //Delete
-        if (!is_number($_POST['id']) || $_POST['id'] == '') {
+    if ($_POST['submit'] === 'Delete') { //Delete
+        if (!is_number($_POST['id']) || $_POST['id'] === '') {
             error(0);
         }
         $DB->query('DELETE FROM ip_bans WHERE ID='.$_POST['id']);
         $Start = Tools::ip_to_unsigned($_POST['start']); //Sanitized by Validation regex
     $End = Tools::ip_to_unsigned($_POST['end']); //See above
 
-    if ($_POST['submit'] == 'Edit') { //Edit
+    if ($_POST['submit'] === 'Edit') { //Edit
         if (empty($_POST['id']) || !is_number($_POST['id'])) {
             error(404);
         }

sections/tools/managers/email_blacklist.php

   }
   $Where .= " Comment LIKE '%$Comment%'";
 }
-$DB->query("
+$DB->prepared_query("
   SELECT
     SQL_CALC_FOUND_ROWS
     ID,
   ORDER BY Time DESC
   LIMIT $Limit");
 $Results = $DB->to_array(false, MYSQLI_ASSOC, false);
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list ($NumResults) = $DB->next_record();
 ?>
 <div class="header">

sections/tools/managers/email_blacklist_alter.php

   if (!is_number($_POST['id']) || $_POST['id'] === '') {
     error(0);
   }
-  $DB->query("
+  $DB->prepared_query("
     DELETE FROM email_blacklist
     WHERE ID = $_POST[id]");
 } else { // Edit & Create, Shared Validation
     if (!is_number($_POST['id']) || $_POST['id'] === '') {
       error(0);
     }
-    $DB->query("
+    $DB->prepared_query("
       UPDATE email_blacklist
       SET
         Email = '$P[email]',
         Time = NOW()
       WHERE ID = '$P[id]'");
   } else { // Create
-    $DB->query("
+    $DB->prepared_query("
       INSERT INTO email_blacklist (Email, Comment, UserID, Time)
       VALUES ('$P[email]', '$P[comment]', '$LoggedUser[ID]', NOW())");
   }

sections/tools/managers/email_blacklist_search.php

   $JSON['status'] = 'success';
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT
     ID,
     UserID,

sections/tools/managers/expunge_requests.php

-<?php
-#declare(strict_types=1);
-
-if (!check_perms('users_mod')) {
-  error(403);
-}
-
-$QueryID = $DB->query("
-  SELECT SQL_CALC_FOUND_ROWS *
-  FROM deletion_requests");
-
-$DB->query("SELECT FOUND_ROWS()");
-list($NumResults) = $DB->next_record();
-$DB->set_query_id($QueryID);
-
-$Requests = $DB->to_array();
-
-if (isset($_GET['deny']) && isset($_GET['type']) && isset($_GET['value'])) {
-  authorize();
-
-  $Deny = ($_GET['deny'] == 'true');
-  $Type = $_GET['type'] == 'email' ? 'Email' : ($_GET['type'] == 'ip' ? 'IP' : '');
-  $Value = db_string($_GET['value']);
-
-  $DB->query("
-    DELETE FROM deletion_requests
-    WHERE Value = '$Value'");
-
-  $DB->query("
-    SELECT UserID
-    FROM users_history_".strtolower($Type)."s
-    WHERE $Type = '$Value'");
-  if ($DB->has_results()) {
-    list($UserID) = $DB->next_record();
-    if ($UserID != $_GET['userid']) {
-      $Err = "The specified UserID is incorrect.";
-    }
-  } else {
-    $Err = "That $Type doesn't exist.";
-  }
-
-  if (empty($Err)) {
-    if (!$Deny) {
-      $DB->query("
-        SELECT $Type
-        FROM users_history_".strtolower($Type)."s
-        WHERE UserID = '$UserID'");
-      $ToDelete = [];
-      while (list($EncValue) = $DB->next_record()) {
-        if (Crypto::decrypt($Value) == Crypto::decrypt($EncValue)) {
-          $ToDelete[] = $EncValue;
-        }
-      }
-      forEach ($ToDelete as $DelValue) {
-        $DB->query("
-          DELETE FROM users_history_".strtolower($Type)."s
-          WHERE UserID = $UserID
-            AND $Type = '$DelValue'");
-      }
-      $Succ = "$Type deleted.";
-      Misc::send_pm($UserID, 0, "$Type Deletion Request Accepted.", "Your deletion request has been accepted. What $Type? I don't know! We don't have it anymore!");
-    } else {
-      $Succ = "Request denied.";
-      Misc::send_pm($UserID, 0, "$Type Deletion Request Denied.", "Your deletion request has been denied.\n\nIf you wish to discuss this matter further, please create a staff PM, or join ".HELP_CHAN." on IRC to speak with a staff member.");
-    }
-  }
-
-  $Cache->delete_value('num_deletion_requests');
-}
-
-View::show_header("Expunge Requests");
-
-?>
-
-<div class="header">
-  <h2>Expunge Requests</h2>
-</div>
-
-<? if (isset($Err)) { ?>
-<span>Error: <?=$Err?></span>
-<? } elseif (isset($Succ)) { ?>
-<span>Success: <?=$Succ?></span>
-<? } ?>
-
-<div>
-  <table width="100%">
-    <tr class="colhead">
-      <td>User</td>
-      <td>Type</td>
-      <td>Value</td>
-      <td>Reason</td>
-      <td>Accept</td>
-      <td>Deny</td>
-    </tr>
-<? foreach ($Requests as $Request) { ?>
-    <tr>
-      <td><?=Users::format_username($Request['UserID'])?></td>
-      <td><?=$Request['Type']?></td>
-      <td><?=Crypto::decrypt($Request['Value'])?></td>
-      <td><?=display_str($Request['Reason'])?></td>
-      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=false" class="brackets">Accept</a></td>
-      <td><a href="tools.php?action=expunge_requests&auth=<?=$LoggedUser['AuthKey']?>&type=<?=strtolower($Request['Type'])?>&value=<?=urlencode($Request['Value'])?>&userid=<?=$Request['UserID']?>&deny=true" class="brackets">Deny</a></td>
-    </tr>
-<? } ?>
-  </table>
-</div>
-
-<? View::show_footer(); ?>

sections/tools/managers/mass_pm.php

 
 View::show_header(
     'Compose Mass PM',
-    'inbox,bbcode,vendor/jquery.validate.min,form_validate'
+    'inbox,vendor/jquery.validate.min,form_validate'
 ); ?>
 
 <main>

sections/tools/managers/news.php

 
 View::show_header(
     'Manage news',
-    'bbcode,vendor/easymde.min',
+    'vendor/easymde.min',
     'vendor/easymde.min'
 );
 

sections/tools/misc/create_user.php

     $torrent_pass = Users::make_secret();
 
     //Create the account
-    $DB->query("
+    $DB->prepared_query("
       INSERT INTO users_main
         (Username, Email, PassHash, torrent_pass, Enabled, PermissionID)
       VALUES
     Tracker::update_tracker('add_user', array('id' => $UserID, 'passkey' => $torrent_pass));
 
     //Default stylesheet
-    $DB->query("
+    $DB->prepared_query("
       SELECT ID
       FROM stylesheets");
     list($StyleID) = $DB->next_record();
     $AuthKey = Users::make_secret();
 
     //Give them a row in users_info
-    $DB->query("
+    $DB->prepared_query("
       INSERT INTO users_info
         (UserID, StyleID, AuthKey, JoinDate)
       VALUES
         ('".db_string($UserID)."', '".db_string($StyleID)."', '".db_string($AuthKey)."', NOW())");
 
     // Give the notification settings
-    $DB->query("INSERT INTO users_notifications_settings (UserID) VALUES ('$UserID')");
+    $DB->prepared_query("INSERT INTO users_notifications_settings (UserID) VALUES ('$UserID')");
 
     //Redirect to users profile
     header ("Location: user.php?id=$UserID");

sections/top10/donors.php

 $Limit = in_array($Limit, array(10, 100, 250)) ? $Limit : 10;
 
 $IsMod = check_perms("users_mod");
-$DB->query("
+$DB->prepared_query("
 SELECT
   `UserID`,
   `TotalRank`,

sections/top10/history.php

 
     $Details = $Cache->get_value("top10_history_$SQLTime");
     if ($Details === false) {
-        $DB->query("
+        $DB->prepared_query("
         SELECT
           tht.`Rank`,
           tht.`TitleString`,

sections/top10/tags.php

 
 if ($Details == 'all' || $Details == 'ut') {
     if (!$TopUsedTags = $Cache->get_value('topusedtag_'.$Limit)) {
-        $DB->query("
+        $DB->prepared_query("
         SELECT
           t.ID,
           t.Name,
 
 if ($Details == 'all' || $Details == 'ur') {
     if (!$TopRequestTags = $Cache->get_value('toprequesttag_'.$Limit)) {
-        $DB->query("
+        $DB->prepared_query("
         SELECT
           t.ID,
           t.Name,

sections/top10/torrents.php

               ORDER BY (t.Seeders + t.Leechers) DESC
               LIMIT $Limit;";
 
-            $DB->query($Query);
+            $DB->prepared_query($Query);
             $TopTorrentsActiveLastDay = $DB->to_array(false, MYSQLI_NUM);
             $Cache->cache_value('top10tor_day_'.$Limit.$WhereSum.$GroupBySum, $TopTorrentsActiveLastDay, 3600 * 2);
             $Cache->clear_query_lock('top10');
               ORDER BY (t.Seeders + t.Leechers) DESC
               LIMIT $Limit;";
 
-            $DB->query($Query);
+            $DB->prepared_query($Query);
             $TopTorrentsActiveLastWeek = $DB->to_array(false, MYSQLI_NUM);
             $Cache->cache_value('top10tor_week_'.$Limit.$WhereSum.$GroupBySum, $TopTorrentsActiveLastWeek, 3600 * 6);
             $Cache->clear_query_lock('top10');
               ORDER BY (t.Seeders + t.Leechers) DESC
               LIMIT $Limit;";
 
-            $DB->query($Query);
+            $DB->prepared_query($Query);
             $TopTorrentsActiveLastMonth = $DB->to_array(false, MYSQLI_NUM);
             $Cache->cache_value('top10tor_month_'.$Limit.$WhereSum.$GroupBySum, $TopTorrentsActiveLastMonth, 3600 * 6);
             $Cache->clear_query_lock('top10');
               ORDER BY (t.Seeders + t.Leechers) DESC
               LIMIT $Limit;";
 
-            $DB->query($Query);
+            $DB->prepared_query($Query);
             $TopTorrentsActiveLastYear = $DB->to_array(false, MYSQLI_NUM);
             $Cache->cache_value('top10tor_year_'.$Limit.$WhereSum.$GroupBySum, $TopTorrentsActiveLastYear, 3600 * 6);
             $Cache->clear_query_lock('top10');
               ORDER BY (t.Seeders + t.Leechers) DESC
               LIMIT $Limit;";
 
-            $DB->query($Query);
+            $DB->prepared_query($Query);
             $TopTorrentsActiveAllTime = $DB->to_array(false, MYSQLI_NUM);
             $Cache->cache_value('top10tor_overall_'.$Limit.$WhereSum.$GroupBySum, $TopTorrentsActiveAllTime, 3600 * 6);
             $Cache->clear_query_lock('top10');
               ORDER BY t.Snatched DESC
               LIMIT $Limit;";
 
-            $DB->query($Query);
+            $DB->prepared_query($Query);
             $TopTorrentsSnatched = $DB->to_array(false, MYSQLI_NUM);
             $Cache->cache_value('top10tor_snatched_'.$Limit.$WhereSum.$GroupBySum, $TopTorrentsSnatched, 3600 * 6);
             $Cache->clear_query_lock('top10');
               ORDER BY Data DESC
               LIMIT $Limit;";
 
-            $DB->query($Query);
+            $DB->prepared_query($Query);
             $TopTorrentsTransferred = $DB->to_array(false, MYSQLI_NUM);
             $Cache->cache_value('top10tor_data_'.$Limit.$WhereSum.$GroupBySum, $TopTorrentsTransferred, 3600 * 6);
             $Cache->clear_query_lock('top10');
               ORDER BY t.Seeders DESC
               LIMIT $Limit;";
 
-            $DB->query($Query);
+            $DB->prepared_query($Query);
             $TopTorrentsSeeded = $DB->to_array(false, MYSQLI_NUM);
             $Cache->cache_value('top10tor_seeded_'.$Limit.$WhereSum.$GroupBySum, $TopTorrentsSeeded, 3600 * 6);
             $Cache->clear_query_lock('top10');

sections/top10/users.php

 
   if ($Details == 'all' || $Details == 'ul') {
       if (!$TopUserUploads = $Cache->get_value('topuser_ul_'.$Limit)) {
-          $DB->query("$BaseQuery ORDER BY u.Uploaded DESC LIMIT $Limit;");
+          $DB->prepared_query("$BaseQuery ORDER BY u.Uploaded DESC LIMIT $Limit;");
           $TopUserUploads = $DB->to_array();
           $Cache->cache_value('topuser_ul_'.$Limit, $TopUserUploads, 3600 * 12);
       }
 
   if ($Details == 'all' || $Details == 'dl') {
       if (!$TopUserDownloads = $Cache->get_value('topuser_dl_'.$Limit)) {
-          $DB->query("$BaseQuery ORDER BY u.Downloaded DESC LIMIT $Limit;");
+          $DB->prepared_query("$BaseQuery ORDER BY u.Downloaded DESC LIMIT $Limit;");
           $TopUserDownloads = $DB->to_array();
           $Cache->cache_value('topuser_dl_'.$Limit, $TopUserDownloads, 3600 * 12);
       }
 
   if ($Details == 'all' || $Details == 'numul') {
       if (!$TopUserNumUploads = $Cache->get_value('topuser_numul_'.$Limit)) {
-          $DB->query("$BaseQuery ORDER BY NumUploads DESC LIMIT $Limit;");
+          $DB->prepared_query("$BaseQuery ORDER BY NumUploads DESC LIMIT $Limit;");
           $TopUserNumUploads = $DB->to_array();
           $Cache->cache_value('topuser_numul_'.$Limit, $TopUserNumUploads, 3600 * 12);
       }
 
   if ($Details == 'all' || $Details == 'uls') {
       if (!$TopUserUploadSpeed = $Cache->get_value('topuser_ulspeed_'.$Limit)) {
-          $DB->query("$BaseQuery ORDER BY UpSpeed DESC LIMIT $Limit;");
+          $DB->prepared_query("$BaseQuery ORDER BY UpSpeed DESC LIMIT $Limit;");
           $TopUserUploadSpeed = $DB->to_array();
           $Cache->cache_value('topuser_ulspeed_'.$Limit, $TopUserUploadSpeed, 3600 * 12);
       }
 
   if ($Details == 'all' || $Details == 'dls') {
       if (!$TopUserDownloadSpeed = $Cache->get_value('topuser_dlspeed_'.$Limit)) {
-          $DB->query("$BaseQuery ORDER BY DownSpeed DESC LIMIT $Limit;");
+          $DB->prepared_query("$BaseQuery ORDER BY DownSpeed DESC LIMIT $Limit;");
           $TopUserDownloadSpeed = $DB->to_array();
           $Cache->cache_value('topuser_dlspeed_'.$Limit, $TopUserDownloadSpeed, 3600 * 12);
       }

sections/torrents/details.php

 // Start output
 View::show_header(
     $Title,
-    'browse,comments,torrent,bbcode,recommend,cover_art,subscriptions,vendor/easymde.min',
+    'browse,comments,torrent,recommend,cover_art,subscriptions,vendor/easymde.min',
     'vendor/easymde.min'
 );
 ?>

sections/torrents/edit.php

  * Commenting only to see it better.
  */
 
-View::show_header('Edit torrent', 'upload,torrent,bbcode');
+View::show_header('Edit torrent', 'upload,torrent');
 $TorrentForm = new TorrentForm(
     $Torrent = $Properties,
     $Error = $Err,

sections/torrents/editgroup.php

 
 View::show_header(
     'Edit torrent group',
-    'upload,bbcode,vendor/easymde.min',
+    'upload,vendor/easymde.min',
     'vendor/easymde.min'
 ); ?>
 

sections/torrents/index.php

             break;
             
         case 'fix_group':
-            if ((check_perms('users_mod') || check_perms('torrents_fix_ghosts')) && authorize() && !empty($_GET['groupid']) && is_number($_GET['groupid'])) {
-                $DB->prepare_query("
+            if ((check_perms('users_mod') || check_perms('torrents_fix_ghosts'))
+              && !empty($_GET['groupid'])
+              && is_number($_GET['groupid'])
+                ) {
+                authorize();
+
+                $DB->prepared_query("
                 SELECT
                   COUNT(`ID`)
                 FROM
                 WHERE
                   `GroupID` = '$_GET[groupid]'
                 ");
-                $DB->exec_prepared_query();
                 list($Count) = $DB->next_record();
                 
                 if ($Count === 0) {

sections/upload/upload.php

 
 View::show_header(
     'Upload',
-    'upload,bbcode,vendor/easymde.min',
+    'upload,vendor/easymde.min',
     'vendor/easymde.min'
 );
 

sections/user/edit.php

  */
 View::show_header(
     "$Username $ENV->CRUMB Settings",
-    'user,password_validate,validate,cssgallery,preview_paranoia,bbcode,user_settings,donor_titles,vendor/easymde.min',
+    'user,password_validate,validate,cssgallery,preview_paranoia,user_settings,vendor/easymde.min',
     'vendor/easymde.min'
 );
 

sections/user/user.php

 
 View::show_header(
     $Username,
-    'vendor/imagesloaded.min,user,bbcode,requests,comments,info_paster,wall'
+    'vendor/imagesloaded.min,user,requests,comments,info_paster,wall'
 );
 
 ?>

sections/userhistory/post_history.php

 $UserInfo = Users::user_info($UserID);
 extract(array_intersect_key($UserInfo, array_flip(array('Username', 'Enabled', 'Title', 'Avatar', 'Donor', 'Warned'))));
 
-View::show_header("Post history for $Username", 'subscriptions,comments,bbcode');
+View::show_header("Post history for $Username", 'subscriptions,comments');
 
 $ViewingOwn = ($UserID == $LoggedUser['ID']);
 $ShowUnread = ($ViewingOwn && (!isset($_GET['showunread']) || !!$_GET['showunread']));

sections/userhistory/subscriptions.php

 }
 list($Page, $Limit) = Format::page_limit($PerPage);
 
-View::show_header('Subscriptions', 'subscriptions,bbcode');
+View::show_header('Subscriptions', 'subscriptions');
 
 $ShowUnread = (!isset($_GET['showunread']) && !isset($HeavyInfo['SubscriptionsUnread']) || isset($HeavyInfo['SubscriptionsUnread']) && !!$HeavyInfo['SubscriptionsUnread'] || isset($_GET['showunread']) && !!$_GET['showunread']);
 $ShowCollapsed = (!isset($_GET['collapse']) && !isset($HeavyInfo['SubscriptionsCollapse']) || isset($HeavyInfo['SubscriptionsCollapse']) && !!$HeavyInfo['SubscriptionsCollapse'] || isset($_GET['collapse']) && !!$_GET['collapse']);

sections/wiki/article.php

 $TextBody = Text::full_format($Body, false);
 $TOC = Text::parse_toc(0);
 
-View::show_header($Title, 'wiki,bbcode');
+View::show_header($Title, 'wiki');
 ?>
 
 <div>

sections/wiki/create.php

 
 View::show_header(
     'Create an article',
-    'bbcode,vendor/easymde.min',
+    'vendor/easymde.min',
     'vendor/easymde.min'
 );
 ?>

sections/wiki/edit.php

 
 View::show_header(
     'Edit '.$Title,
-    'bbcode,vendor/easymde.min',
+    'vendor/easymde.min',
     'vendor/easymde.min'
 );
 ?>

static/common/symbols/external-link-ltr-icon.svg

+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" width="12" height="12">
+	<path fill="#fff" stroke="#36c" d="M1.5 4.518h5.982V10.5H1.5z"/>
+	<path fill="#36c" d="M5.765 1H11v5.39L9.427 7.937l-1.31-1.31L5.393 9.35l-2.69-2.688 2.81-2.808L4.2 2.544z"/>
+	<path fill="#fff" d="m9.995 2.004.022 4.885L8.2 5.07 5.32 7.95 4.09 6.723l2.882-2.88-1.85-1.852z"/>
+</svg>

static/functions/bbcode.js

-/**
- * BBSpoiler
- */
-function BBSpoiler(link) {
-  if ($(link.nextSibling).has_class('hidden')) {
-    $(link.nextSibling).gshow();
-    $(link).html('Hide');
-
-    if ($(link).attr("value")) {
-      $(link).attr("value", "Hide" + $(link).attr("value").substring(4))
-    }
-  } else {
-    $(link.nextSibling).ghide();
-    $(link).html('Show');
-
-    if ($(link).attr("value")) {
-      $(link).attr("value", "Show" + $(link).attr("value").substring(4))
-    }
-  }
-}
-
-/**
- * wrapSelected
- */
-function wrapSelected(box, wrap, offset) {
-  if (!Array.isArray(wrap)) wrap = [wrap, wrap]
-  if (wrap.length < 2) wrap[1] = wrap[0]
-
-  var s = box.selectionStart
-  var e = box.selectionEnd
-  var v = box.value
-
-  box.value = v.slice(0, s) + wrap[0] + v.slice(s, e) + wrap[1] + v.slice(e)
-  box.focus()
-  box.selectionEnd = (offset !== undefined ? s + offset : e + wrap[0].length)
-}
-
-/**
- * EmojiBox
- */
-function EmojiBox(box) {
-  /*
-  let opened = false
-  let emojis = ['😀', '😁', '😂', '🤣', '😃', '😄', '😅', '😆', '😉', '😊', '😋', '😎', '😍', '😘', '😗', '😙', '😚', '🙂', '🤗', '🤔', '😐', '😑', '😶', '🙄', '😏', '😣', '😥', '😮', '🤐', '😯', '😪', '😫', '😴', '😌', '😛', '😜', '😝', '🤤', '😒', '😓', '😔', '😕', '🙃', '🤑', '😲', '🙁', '😖', '😞', '😟', '😤', '😢', '😭', '😦', '😧', '😨', '😩', '😬', '😰', '😱', '😳', '😵', '😡', '😠', '😷', '🤒', '🤕', '🤢', '🤧', '😇', '🤠', '🤡', '🤥', '🤓', '\n', '😈', '👿', '👹', '👺', '💀', '👻', '👽', '🤖', '💩', '😺', '😸', '😹', '😻', '😼', '😽', '🙀', '😿', '😾', '\n', '🍇', '🍈', '🍉', '🍊', '🍋', '🍌', '🍍', '🍎', '🍏', '🍐', '🍑', '🍒', '🍓', '🥝', '🍅', '🥑', '🍆', '🥔', '🥕', '🌽', '🌶', '🥒', '🍄', '🥜', '🌰', '🍞', '🥐', '🥖', '🥞', '🧀', '🍖', '🍗', '🥓', '🍔', '🍟', '🍕', '🌭', '🌮', '🌯', '🍳', '🍲', '🥗', '🍿', '🍱', '🍘', '🍙', '🍚', '🍛', '🍜', '🍝', '🍠', '🍢', '🍣', '🍤', '🍥', '🍡', '🍦', '🍧', '🍨', '🍩', '🍪', '🎂', '🍰', '🍫', '🍬', '🍭', '🍮', '🍯', '🍼', '🥛', '🍵', '🍶', '🍾', '🍷', '🍸', '🍹', '🍺', '🍻', '🥂', '🥃', '🍽', '🍴', '🥄', '\n', '🛀', '🛌', '💌', '💣', '🕳', '🛍', '📿', '💎', '🔪', '🏺', '🗺', '💈', '🛢', '🛎', '⌛', '⏳', '⌚', '⏰', '⏱', '⏲', '🕰', '🌡', '⛱', '🎈', '🎉', '🎊', '🎎', '🎏', '🎐', '🎀', '🎁', '🔮', '🕹', '🖼', '📯', '🎙', '🎚', '🎛', '📻', '📱', '📲', '📞', '📟', '📠', '🔋', '🔌', '💻', '🖥', '🖨', '🖱', '🖲', '💽', '💾', '💿', '📀', '🎥', '🎞', '📽', '📺', '📷', '📸', '📹', '📼', '🔍', '🔎', '🕯', '💡', '🔦', '🏮', '📔', '📕', '📖', '📗', '📘', '📙', '📚', '📓', '📃', '📜', '📄', '📰', '🗞', '📑', '🔖', '🏷', '💰', '💴', '💵', '💶', '💷', '💸', '💳', '📧', '📨', '📩', '📤', '📥', '📦', '📫', '📪', '📬', '📭', '📮', '🗳', '🖋', '🖊', '🖌', '🖍', '📝', '📁', '📂', '🗂', '📅', '📆', '🗒', '🗓', '📇', '📈', '📉', '📊', '📋', '📌', '📍', '📎', '🖇', '📏', '📐', '🗃', '🗄', '🗑', '🔒', '🔓', '🔏', '🔐', '🔑', '🗝', '🔨', '⛏', '🛠', '🗡', '🔫', '🛡', '🔧', '🔩', '🗜', '🔗', '⛓', '🔬', '🔭', '📡', '💉', '💊', '🚪', '🛏', '🛋', '🚽', '🚿', '🛁', '🚬', '🗿', '🚰', '\n', '💪', '👈', '👉', '👆', '🖕', '👇', '🤞', '🖖', '🤘', '🖐', '✋', '👌', '👍', '👎', '✊', '👊', '🤛', '🤜', '🤚', '👋', '👏', '👐', '🙌', '🙏', '🤝']
-  let ebox = document.createElement('div')
-  ebox.className = 'emoji_box border'
-
-  for (let emoji of emojis) {
-    if (emoji === '\n') {
-      let br = document.createElement('br')
-      ebox.appendChild(br)
-      continue;
-    }
-
-    let a = document.createElement('a')
-    a.innerHTML = emoji
-    a.addEventListener('click', e => {
-      wrapSelected(box, [emoji, ''])
-      e.stopPropagation()
-    })
-    ebox.appendChild(a)
-  }
-
-  return event => {
-    if (!opened) {
-      event.target.parentElement.appendChild(ebox)
-
-      let f = e => {
-        event.target.nextSibling.remove()
-        opened = false
-        document.removeEventListener('click', f)
-      }
-
-      window.setTimeout(_ => document.addEventListener('click', f), 1)
-      opened = true
-    }
-  }
-  */
-}
-
-/**
- * BBEditor
- */
-function BBEditor(box) {
-  /*
-  // todo: Integrate BioJS functions here
-  if (box.previousSibling && box.previousSibling.className == 'bbcode_bar') return
-
-  let buttons = [
-    { short: 'B', name: 'Bold', wrap: ['[b]', '[/b]'] },
-    { short: 'I', name: 'Italic', wrap: ['[i]', '[/i]'] },
-    { short: 'U', name: 'Underline', wrap: ['[u]', '[/u]'] },
-    { short: 'S', name: 'Strikethrough', wrap: ['[s]', '[/s]'] },
-    { short: 'Left', name: 'Align Left', wrap: ['[align=left]', '[/align]'] },
-    { short: 'Center', name: 'Align Center', wrap: ['[align=center]', '[/align]'] },
-    { short: 'Right', name: 'Align Right', wrap: ['[align=right]', '[/align]'] },
-    { short: 'Pre', name: 'Preformatted', wrap: ['[pre]', '[/pre]'] },
-    { short: 'H1', name: 'Subheading 1', wrap: '==' },
-    { short: 'H2', name: 'Subheading 2', wrap: '===' },
-    { short: 'H3', name: 'Subheading 3', wrap: '====' },
-    { short: 'Color', name: 'Color', wrap: ['[color=]', '[/color]'], offset: 7 },
-    { short: 'TeX', name: 'LaTeX', wrap: ['[tex]', '[/tex]'] },
-    { short: 'Quote', name: 'Quote', wrap: ['[quote]', '[/quote]'] },
-    { short: 'List', name: 'List', wrap: ['[*]', ''] },
-    { short: 'Hide', name: 'Spoiler', wrap: ['[spoiler]', '[/spoiler]'] },
-    { short: 'Img', name: 'Image', wrap: ['[img]', '[/img]'] },
-    { short: 'Vid', name: 'Video', wrap: ['[embed]', '[/embed]'] },
-    { short: 'Link', name: 'Link', wrap: ['[url]', '[/url]'] },
-    { short: 'Torr', name: 'Torrent', wrap: ['[torrent]', '[/torrent]'] },
-    { short: '😃', name: 'Emoji', func: EmojiBox(box) }
-  ]
-
-  let bar = document.createElement('ul')
-  bar.className = "bbcode_bar"
-  bar.style.width = box.offsetWidth + 'px'
-
-  // Let the DOM update and then snap the size again (twice)
-  setTimeout(function () {
-    bar.style.width = box.offsetWidth + 'px'
-    bar.style.width = box.offsetWidth + 'px'
-  }, 1)
-
-  for (let button of buttons) {
-    li = document.createElement('li')
-    b = document.createElement('a')
-    b.setAttribute('title', button.name)
-    b.innerHTML = button.short
-
-    if (button.wrap) b.addEventListener('click', e => wrapSelected(box, button.wrap, button.offset))
-    else if (button.func) b.addEventListener('click', button.func)
-
-    li.appendChild(b)
-    bar.appendChild(li)
-  }
-  box.parentNode.insertBefore(bar, box)
-  */
-}
-
-$(function () {
-  $('.bbcode_editor').each((i, el) => BBEditor(el))
-  $(document).on('click', '.spoilerButton', e => BBSpoiler(e.target))
-})

static/functions/donor_titles.js

-$(document).ready(function() {
-  if ($('#donor_title_prefix_preview').length === 0) {
-    return;
-  }
-  $('#donor_title_prefix_preview').text($('#donor_title_prefix').val().trim() + ' ');
-  $('#donor_title_suffix_preview').text(' ' + $('#donor_title_suffix').val().trim());
-
-  if ($('#donor_title_comma').attr('checked')) {
-    $('#donor_title_comma_preview').text('');
-  } else {
-    $('#donor_title_comma_preview').text(', ');
-  }
-
-  $('#donor_title_prefix').keyup(function() {
-    if ($(this).val().length <= 30) {
-      $('#donor_title_prefix_preview').text($(this).val().trim() + ' ');
-    }
-  });
-
-  $('#donor_title_suffix').keyup(function() {
-    if ($(this).val().length <= 30) {
-      $('#donor_title_suffix_preview').text(' ' + $(this).val().trim());
-    }
-  });
-
-  $('#donor_title_comma').change(function() {
-    if ($(this).attr('checked')) {
-      $('#donor_title_comma_preview').text('');
-    } else {
-      $('#donor_title_comma_preview').text(', ');
-    }
-  });
-});

static/styles/bookish/scss/colors.scss

 }
 
 .alertbar {
-    @include alertbar(silver);
-    /* @include alertbar($lb100); */
+    &.modbar {
+        @include alertbar(silver);
+        /* @include alertbar($lb100); */
+    }
 
-    .warning {
-        background: orange;
+    &.warning {
+        @include alertbar(orange);
         /* background: #ffe0b2; */
     }
 
-    .error {
-        background: red;
+    &.error {
+        @include alertbar(red);
         /* background: #ffcdd2; */
     }
 }

static/styles/global/scss/fonts.scss

     line-height: 1.6;
 }
 
+/* Wikipedia-style external links */
+a.external {
+    background-image: url(/static/common/symbols/external-link-ltr-icon.svg);
+    background-position: center right;
+    background-repeat: no-repeat;
+    padding-right: 13px;
+}
+
 /*
  * Spacing classes
  */

templates/legal/about.html

+<h2>About BioTorrents.de</h2>
+
+<section class="tldr">
+  <p>
+    BioTorrents.de is a functional experiment in comfy data distribution.
+  </p>
+
+  <p>
+    It indexes a wide variety of biology data and serves it on a fast BitTorrent network.
+    The semantic website promotes organic content discovery and community annotations.
+    Other interfaces include a JSON API, RSS feeds, and IRC channels.
+  </p>
+
+  <p>
+    BioTorrents.de provides an open platform for disadvantaged researchers to host their data.
+    More importantly, it provides the necessary tools for others to find and cite it later.
+    It's a place for the Google Drives, FTP folders, and network shares that may not be accepted elsewhere.
+  </p>
+
+  <p>
+    A mature software product and draft publication are expected by Easter 2023.
+    Thank you for your curiosity, patience, and support as we grow the service.
+  </p>
+
+  <p>
+    <strong>
+      Email
+    </strong>
+    <br />
+    help at biotorrents dot de
+  </p>
+
+  <p>
+    Please use
+    <a href="/sections/legal/pubkey.txt">GPG A1D095A5DEC74A8B</a>
+    if you wish.
+  </p>
+</section>

templates/legal/dmca.html

 
   <p>
     Remember that under
-    <a href="https://www.law.cornell.edu/uscode/text/17/512">17 USC 512(f)</a>,
+    <a class="external" href="https://www.law.cornell.edu/uscode/text/17/512">17 USC 512(f)</a>,
     anyone who knowingly materially misrepresents infringement may be subject to liability.
     Also see
-    <a href="https://www.law.cornell.edu/uscode/text/17/107">17 USC 107</a> and
-    <a href="https://www.law.cornell.edu/uscode/text/17/108">17 USC 108</a>.
+    <a class="external" href="https://www.law.cornell.edu/uscode/text/17/107">17 USC 107</a> and
+    <a class="external" href="https://www.law.cornell.edu/uscode/text/17/108">17 USC 108</a>.
   </p>
 
   <p>

templates/legal/privacy.html

   <p>
     We don't collect cross-origin data.
     Also, we don't access
-    <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives">browser features</a>
+    <a class="external" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives">browser features</a>
     such as camera, microphone, and sensors.
   </p>
 
   </h3>
 
   <p>
-    <a href="https://gdpr-info.eu/art-14-gdpr/">Art. 14 GDPR ¶ 5(a) and (b)</a>, and
-    <a href="https://gdpr-info.eu/art-27-gdpr/">Art. 27 ¶ 2</a> apply.
+    <a class="external" href="https://gdpr-info.eu/art-14-gdpr/">Art. 14 GDPR ¶ 5(a) and (b)</a>, and
+    <a class="external" href="https://gdpr-info.eu/art-27-gdpr/">Art. 27 ¶ 2</a> apply.
     Accordingly, we haven't designated an EU representative.
     Generally, we don't collect any personal data as defined in
-    <a href="https://gdpr-info.eu/art-4-gdpr/">Art. 4</a>
+    <a class="external" href="https://gdpr-info.eu/art-4-gdpr/">Art. 4</a>
     except what you voluntarily provide us.
   </p>
 
 
   <p>
     We're exempt from the California Consumer Privacy Act pursuant to
-    <a href="https://ccpa-info.com/home/1798-140-definitions/">CIV 1798.140(c)(1)(A)</a>.
+    <a class="external" href="https://ccpa-info.com/home/1798-140-definitions/">CIV 1798.140(c)(1)(A)</a>.
     Nonetheless, we'll be happy to delete your information
     to the extent you don't enter into a business relationship with us.
   </p>

templates/staffblog/edit.twig

-<div class="box box2 thin">
-    <div class="head">
-        {{ verb|ucfirst }} a staff blog post
-        <span style="float: right;">
-            <a href="#" onclick="$('#postform').gtoggle(); this.innerHTML = (this.innerHTML == 'Hide' ? 'Show' : 'Hide'); return false;" class="brackets">{{
-                show_form ? 'Show' : 'Hide' }}</a>
-        </span>
-    </div>
-    <form class="{{ verb }}_form" name="blog_post" action="staffblog.php" method="post">
-        <div id="postform" class="pad{{ show_form ? ' hidden' : '' }}">
-            <input type="hidden" name="action" value="{{ verb == 'create' ? 'takenewblog' : 'takeeditblog' }}" />
-            <input type="hidden" name="auth" value="{{ auth }}" />
-{% if verb == 'edit' %}
-            <input type="hidden" name="blogid" value="{{ blog.blogId }}" />
-{% endif %}
-            <div class="field_div">
-                <h3>Title</h3>
-                <input type="text" name="title" size="95" value="{{ blog.title }}" />
-            </div>
-            <div class="field_div">
-                <h3>Body</h3>
-                <textarea name="body" cols="95" rows="15">{{ blog.body }}</textarea> <br />
-            </div>
-            <div class="submit_div center">
-                <input type="submit" value="{{ verb|ucfirst }} blog post" />
-            </div>
-        </div>
-    </form>
-</div>

templates/staffblog/list.twig

-<div class="thin">
-{% for entry in list %}
-    <div id="blog{{ entry.id }}" class="box box2 blog_post">
-        <div class="head">
-            <strong>{{ entry.title }}</strong> - posted {{ entry.created|time_diff }} by {{ entry.author }}
-    {% if editor %}
-            - <a href="staffblog.php?action=editblog&amp;id={{ entry.id }}" class="brackets">Edit</a>
-            <a href="staffblog.php?action=deleteblog&amp;id={{ entry.id }}&amp;auth={{ auth }}" onclick="return confirm('Do you want to delete this?');" class="brackets">Delete</a>
-    {% endif %}
-        </div>
-        <div class="pad">
-            {{ entry.body|bb_format }}
-        </div>
-    </div>
-{% endfor %}
-</div>