Update express-fileupload dependency to clean tempfiles on numFilesLimitHandler
Add a proper error message for max num files instead of allowing unlimited and limiting in board post method
If a user is board owner/mod, use higher capcode only if explicitly entered, else use board owner/mod capcode
Strip extra repititions
Default back to stafflevel for perm if theres a mismatch
***DO NOT USE***
This still has some issues and needs testing.
- needs updated nginx configs added, expects "TOR" in the x-country-code header under a separate vhost
- need to make sure bans work properly still
- need to implement system to prevent captcha ddos, since i cant just to IP ratelimit now
- im 99% sure post history of tor users is broken if viewed by non-global staff
- manual input ban form will also be broken for non-global staff
- could still use some improvement on the middleware having a little more complicated flor for tor users
But for the most part it works. Basically it will use the bypass id of a tor user as their "ip".
This prevents prolems like `/` giving 404 in devel mode (when
`static/html/index.html` is missing) or `/captcha` redirecting to
`/captcha/` (then breaking).
authenticated: same as `user != null`
user.authLevel, user.ownedBoards, user.modBoards: refreshed by sessionrefresh on
each request anyways, so it doesn't make much sense to store them in the session
store too.
* properly escape goto parameter
* do not redirect to anywhere, only to the same server, no query parameters
This should still allow valid targets, like `/account.html`,
`/boardname/manage/whatever` while disallow things like `https://othersite.com`.
* dev-auto-reset-triggers to test auto resetting trigger action at end of each hour references #130
* migration and comment change
* migrateVersion change