diff --git a/contrib/bulk_add/test.php b/contrib/bulk_add/test.php
new file mode 100644
index 00000000..6eb23f27
--- /dev/null
+++ b/contrib/bulk_add/test.php
@@ -0,0 +1,15 @@
+<?php
+class BulkAddTest extends ShimmieWebTestCase {
+	function testBulkAdd() {
+		$this->log_in_as_admin();
+
+        $this->get_page('admin');
+		$this->assertTitle("Admin Tools");
+		$this->setField('dir', "contrib/simpletest");
+		$this->click("Add");
+		$this->delete_image($image_id);
+
+		$this->log_out();
+	}
+}
+?>
diff --git a/contrib/pm/main.php b/contrib/pm/main.php
index 5a176a76..437a7af9 100644
--- a/contrib/pm/main.php
+++ b/contrib/pm/main.php
@@ -65,6 +65,7 @@ class PM extends SimpleExtension {
 	}
 
 	public function onPageRequest($event) {
+		global $database, $page, $user;
 		if($event->page_matches("pm")) {
 			if(!$user->is_anonymous()) {
 				switch($event->get_arg(0)) {
@@ -93,7 +94,7 @@ class PM extends SimpleExtension {
 							$database->execute("DELETE FROM private_message WHERE id = ?", array($pm_id));
 							log_info("pm", "Deleted PM #$pm_id");
 							$page->set_mode("redirect");
-							$page->set_redirect(make_link("user"));
+							$page->set_redirect(make_link($_SERVER["REFERER"]));
 						}
 						else {
 							// permission denied
@@ -108,12 +109,16 @@ class PM extends SimpleExtension {
 						$page->set_mode("redirect");
 						$page->set_redirect(make_link($_SERVER["REFERER"]));
 						break;
+					default:
+						$this->theme->display_error($page, "Invalid action", "That's not something you can do with a PM");
+						break;
 				}
 			}
 		}
 	}
 
 	public function onSendPM($event) {
+		global $database;
 		$database->execute("
 				INSERT INTO private_message(
 					from_id, from_ip, to_id,
@@ -122,7 +127,7 @@ class PM extends SimpleExtension {
 			array($event->from_id, $event->from_ip,
 			$event->to_id, $event->subject, $event->message)
 		);
-		log_info("pm", "Sent PM to User #$to_id");
+		log_info("pm", "Sent PM to User #{$event->to_id}");
 	}
 
 
diff --git a/contrib/pm/test.php b/contrib/pm/test.php
new file mode 100644
index 00000000..905f7101
--- /dev/null
+++ b/contrib/pm/test.php
@@ -0,0 +1,42 @@
+<?php
+class PMTest extends ShimmieWebTestCase {
+	function testPM() {
+		$this->log_in_as_admin();
+		$this->get_page("user/test");
+		$this->setField('subject', "message demo to test");
+		$this->setField('message', "message contents");
+		$this->click("Send");
+		$this->log_out();
+
+		$this->log_in_as_user();
+		$this->get_page("user");
+		$this->assertText("message demo to test");
+		$this->click("message demo to test");
+		$this->assertText("message contents");
+		$this->back();
+		$this->click("Delete");
+		$this->assertNoText("message demo to test");
+		$this->log_out();
+	}
+
+	function testAdminAccess() {
+		$this->log_in_as_admin();
+		$this->get_page("user/test");
+		$this->setField('subject', "message demo to test");
+		$this->setField('message', "message contents");
+		$this->click("Send");
+
+		$this->get_page("user/test");
+		$this->assertText("message demo to test");
+		$this->click("message demo to test");
+		$this->assertText("message contents");
+		$this->back();
+		$this->click("Delete");
+		# Test for bug: after an admin deletes a user's PM, they were
+		# redirected to their own (the admin's) PM list
+		$this->assertTitle("test's page");
+		$this->assertNoText("message demo to test");
+		$this->log_out();
+	}
+}
+?>
diff --git a/contrib/pm/theme.php b/contrib/pm/theme.php
index 757ecd11..7454d8f8 100644
--- a/contrib/pm/theme.php
+++ b/contrib/pm/theme.php
@@ -24,7 +24,10 @@ class PMTheme extends Themelet {
 			if($pm["is_read"] == "N") $h_subject = "<b>$h_subject</b>";
 			$html .= "<tr class='$oe'><td><a href='$pm_url'>$h_subject</a></td>
 			<td><a href='$from_url'>$h_from</a></td><td>$h_date</td>
-			<td><form action='$del_url'><input type='submit' value='Delete'></form></td></tr>";
+			<td><form action='$del_url'>
+				<input type='hidden' name='q' value='/pm/delete/{$pm["id"]}'>
+				<input type='submit' value='Delete'>
+			</form></td></tr>";
 		}
 		$html .= "
 				</tbody>
diff --git a/contrib/rating/main.php b/contrib/rating/main.php
index c444b8ed..34f16da1 100644
--- a/contrib/rating/main.php
+++ b/contrib/rating/main.php
@@ -28,7 +28,7 @@ class Ratings implements Extension {
 				$this->install();
 			}
 
-			$config->set_default_string("ext_rating_anon_privs", 'sq');
+			$config->set_default_string("ext_rating_anon_privs", 'squ');
 			$config->set_default_string("ext_rating_user_privs", 'squ');
 			$config->set_default_string("ext_rating_admin_privs", 'sqeu');
 		}
diff --git a/contrib/report_image/test.php b/contrib/report_image/test.php
new file mode 100644
index 00000000..b347dde0
--- /dev/null
+++ b/contrib/report_image/test.php
@@ -0,0 +1,23 @@
+<?php
+class ReportImageTest extends ShimmieWebTestCase {
+	function testReportImage() {
+		$this->log_in_as_user();
+		$image_id = $this->post_image("ext/simpletest/data/pbx_screenshot.jpg", "pbx computer screenshot");
+		$this->get_page("post/view/$image_id");
+		$this->setField('reason', "report details");
+		$this->click("Report");
+		$this->log_out();
+
+		$this->log_in_as_admin();
+		$this->get_page("image_report/list");
+		$this->assertTitle("Reported Images");
+		$this->assertText("report details");
+		$this->click("Remove Report");
+		$this->assertTitle("Reported Images");
+		$this->assertNoText("report details");
+
+		$this->delete_image($image_id);
+		$this->log_out();
+	}
+}
+?>
diff --git a/contrib/report_image/theme.php b/contrib/report_image/theme.php
index 6cfc99f5..0f4cf98c 100755
--- a/contrib/report_image/theme.php
+++ b/contrib/report_image/theme.php
@@ -78,7 +78,7 @@ class ReportImageTheme extends Themelet {
 		$html = "
 			<form action='".make_link("image_report/add")."' method='POST'>
 				<input type='hidden' name='image_id' value='$i_image'>
-				<input type='field' name='reason' value='Please enter a reason' onclick='this.value=\"\";'>
+				<input type='text' name='reason' value='Please enter a reason' onclick='this.value=\"\";'>
 				<input type='submit' value='Report'>
 			</form>
 		";
diff --git a/contrib/res_limit/test.php b/contrib/res_limit/test.php
new file mode 100644
index 00000000..5a10ffb4
--- /dev/null
+++ b/contrib/res_limit/test.php
@@ -0,0 +1,110 @@
+<?php
+class ResLimitTest extends ShimmieWebTestCase {
+	function testResLimitOK() {
+		$this->log_in_as_admin();
+		$this->get_page("setup");
+		$this->setField("_config_upload_min_height", "0");
+		$this->setField("_config_upload_min_width", "0");
+		$this->setField("_config_upload_max_height", "1000");
+		$this->setField("_config_upload_max_width", "1000");
+		$this->setField("_config_upload_ratios", "4:3 16:9");
+		$this->click("Save Settings");
+		$this->log_out();
+
+		$this->log_in_as_user();
+		$image_id = $this->post_image("ext/simpletest/data/pbx_screenshot.jpg", "pbx computer screenshot");
+		$this->assertResponse(302);
+		$this->log_out();
+
+		$this->log_in_as_admin();
+		$this->delete_image($image_id);
+		$this->log_out();
+	}
+
+	function testResLimitSmall() {
+		$this->log_in_as_admin();
+		$this->get_page("setup");
+		$this->setField("_config_upload_min_height", "900");
+		$this->setField("_config_upload_min_width", "900");
+		$this->setField("_config_upload_max_height", "1000");
+		$this->setField("_config_upload_max_width", "1000");
+		$this->setField("_config_upload_ratios", "4:3 16:9");
+		$this->click("Save Settings");
+		$this->log_out();
+
+		$this->log_in_as_user();
+		$image_id = $this->post_image("ext/simpletest/data/pbx_screenshot.jpg", "pbx computer screenshot");
+		$this->assertResponse(200);
+		$this->assertTitle("Upload Status");
+		$this->assertText("Image too small");
+		$this->log_out();
+
+		# hopefully a noop, but just in case
+		$this->log_in_as_admin();
+		$this->delete_image($image_id);
+		$this->log_out();
+	}
+
+	function testResLimitLarge() {
+		$this->log_in_as_admin();
+		$this->get_page("setup");
+		$this->setField("_config_upload_min_height", "0");
+		$this->setField("_config_upload_min_width", "0");
+		$this->setField("_config_upload_max_height", "100");
+		$this->setField("_config_upload_max_width", "100");
+		$this->setField("_config_upload_ratios", "4:3 16:9");
+		$this->click("Save Settings");
+		$this->log_out();
+
+		$this->log_in_as_user();
+		$image_id = $this->post_image("ext/simpletest/data/pbx_screenshot.jpg", "pbx computer screenshot");
+		$this->assertResponse(200);
+		$this->assertTitle("Upload Status");
+		$this->assertText("Image too large");
+		$this->log_out();
+
+		# hopefully a noop, but just in case
+		$this->log_in_as_admin();
+		$this->delete_image($image_id);
+		$this->log_out();
+	}
+
+	function testResLimitRatio() {
+		$this->log_in_as_admin();
+		$this->get_page("setup");
+		$this->setField("_config_upload_min_height", "0");
+		$this->setField("_config_upload_min_width", "0");
+		$this->setField("_config_upload_max_height", "1000");
+		$this->setField("_config_upload_max_width", "1000");
+		$this->setField("_config_upload_ratios", "16:9");
+		$this->click("Save Settings");
+		$this->log_out();
+
+		$this->log_in_as_user();
+		$image_id = $this->post_image("ext/simpletest/data/pbx_screenshot.jpg", "pbx computer screenshot");
+		$this->assertResponse(200);
+		$this->assertTitle("Upload Status");
+		$this->assertText("Image needs to be in one of these ratios");
+		$this->log_out();
+
+		# hopefully a noop, but just in case
+		$this->log_in_as_admin();
+		$this->delete_image($image_id);
+		$this->log_out();
+	}
+
+	# reset to defaults, otherwise this can interfere with
+	# other extensions' test suites
+	public function tearDown() {
+		$this->log_in_as_admin();
+		$this->get_page("setup");
+		$this->setField("_config_upload_min_height", "-1");
+		$this->setField("_config_upload_min_width", "-1");
+		$this->setField("_config_upload_max_height", "-1");
+		$this->setField("_config_upload_max_width", "-1");
+		$this->setField("_config_upload_ratios", "");
+		$this->click("Save Settings");
+		$this->log_out();
+	}
+}
+?>
diff --git a/contrib/tag_history/main.php b/contrib/tag_history/main.php
index b450d840..1375daa5 100644
--- a/contrib/tag_history/main.php
+++ b/contrib/tag_history/main.php
@@ -127,7 +127,7 @@ class Tag_History implements Extension {
 		$stored_tags = $result->fields['tags'];
 		
 		// all should be ok so we can revert by firing the SetUserTags event.
-		send_event(new TagSetEvent($stored_image_id, $stored_tags));
+		send_event(new TagSetEvent(Image::by_id($stored_image_id), $stored_tags));
 		
 		// all should be done now so redirect the user back to the image
 		$page->set_mode("redirect");
diff --git a/contrib/tag_history/test.php b/contrib/tag_history/test.php
new file mode 100644
index 00000000..3f1dfd33
--- /dev/null
+++ b/contrib/tag_history/test.php
@@ -0,0 +1,22 @@
+<?php
+class TagHistoryTest extends ShimmieWebTestCase {
+	function testTagHistory() {
+		$this->log_in_as_user();
+		$image_id = $this->post_image("ext/simpletest/data/pbx_screenshot.jpg", "pbx");
+		$this->get_page("post/view/$image_id");
+		$this->assertTitle("Image $image_id: pbx");
+		$this->setField("tags", "new");
+		$this->click("Set");
+		$this->assertTitle("Image $image_id: new");
+		$this->click("Tag History");
+		$this->assertText("new (Set by test");
+		$this->click("Revert");
+		$this->assertTitle("Image $image_id: pbx");
+		$this->log_out();
+
+		$this->log_in_as_admin();
+		$this->delete_image($image_id);
+		$this->log_out();
+	}
+}
+?>
diff --git a/contrib/tag_history/theme.php b/contrib/tag_history/theme.php
index a1e75929..6853d5d3 100644
--- a/contrib/tag_history/theme.php
+++ b/contrib/tag_history/theme.php
@@ -2,16 +2,18 @@
 
 class Tag_HistoryTheme extends Themelet {
 	public function display_history_page(Page $page, $image_id, $history) {
+		global $user;
 		$start_string = "
 			<div style='text-align: left'>
 				<form enctype='multipart/form-data' action='".make_link("tag_history/revert")."' method='POST'>
 					<ul style='list-style-type:none;'>
 		";
 
-		global $user;
 		$history_list = "";
+		$n = 0;
 		foreach($history as $fields)
 		{
+			$n++;
 			$current_id = $fields['id'];
 			$current_tags = html_escape($fields['tags']);
 			$name = $fields['name'];
@@ -19,7 +21,8 @@ class Tag_HistoryTheme extends Themelet {
 			if($user->is_admin()) {
 				$setter .= " / " . $fields['user_ip'];
 			}
-			$history_list .= "<li><input type='radio' name='revert' value='$current_id'>$current_tags (Set by $setter)</li>\n";
+			$selected = ($n == 2) ? " checked" : "";
+			$history_list .= "<li><input type='radio' name='revert' value='$current_id'$selected>$current_tags (Set by $setter)</li>\n";
 		}
 
 		$end_string = "
diff --git a/contrib/wiki/test.php b/contrib/wiki/test.php
new file mode 100644
index 00000000..26bac072
--- /dev/null
+++ b/contrib/wiki/test.php
@@ -0,0 +1,10 @@
+<?php
+class WikiTest extends ShimmieWebTestCase {
+	function testWiki() {
+		$this->log_in_as_admin();
+		$this->get_page("wiki");
+		$this->assertTitle("Index");
+		$this->log_out();
+	}
+}
+?>
diff --git a/core/extension.class.php b/core/extension.class.php
index 1c498170..7e12242d 100644
--- a/core/extension.class.php
+++ b/core/extension.class.php
@@ -55,6 +55,10 @@ abstract class FormatterExtension implements Extension {
 	abstract public function strip($text);
 }
 
+/*
+ * This too is a common class of extension with many methods in common,
+ * so we have a base class to extend from
+ */
 abstract class DataHandlerExtension implements Extension {
 	var $theme;
 
diff --git a/themes/danbooru/themelet.class.php b/themes/danbooru/themelet.class.php
index 7e0b54e4..1c2d687c 100644
--- a/themes/danbooru/themelet.class.php
+++ b/themes/danbooru/themelet.class.php
@@ -1,7 +1,7 @@
 <?php
 
 class Themelet {
-	public function display_error($page, $title, $message) {
+	public function display_error(Page $page, $title, $message) {
 		$page->set_title($title);
 		$page->set_heading($title);
 		$page->add_block(new NavBlock());
@@ -9,13 +9,13 @@ class Themelet {
 	}
 
 
-	public function display_permission_denied($page) {
+	public function display_permission_denied(Page $page) {
 		header("HTTP/1.0 403 Permission Denied");
 		$this->display_error($page, "Permission Denied", "You do not have permission to access this page");
 	}
 
 
-	public function build_thumb_html($image, $query=null) {
+	public function build_thumb_html(Image $image, $query=null) {
 		global $config;
 		$h_view_link = make_link("post/view/{$image->id}", $query);
 		$h_tip = html_escape($image->get_tooltip());
@@ -26,7 +26,7 @@ class Themelet {
 	}
 
 
-	public function display_paginator($page, $base, $query, $page_number, $total_pages) {
+	public function display_paginator(Page $page, $base, $query, $page_number, $total_pages) {
 		if($total_pages == 0) $total_pages = 1;
 		$body = $this->build_paginator($page_number, $total_pages, $base, $query);
 		$page->add_block(new Block(null, $body, "main", 90));
diff --git a/themes/default/themelet.class.php b/themes/default/themelet.class.php
index 7f749e73..aa31c67d 100644
--- a/themes/default/themelet.class.php
+++ b/themes/default/themelet.class.php
@@ -4,7 +4,7 @@ class Themelet {
 	/**
 	 * Generic error message display
 	 */
-	public function display_error($page, $title, $message) {
+	public function display_error(Page $page, $title, $message) {
 		$page->set_title($title);
 		$page->set_heading($title);
 		$page->add_block(new NavBlock());
@@ -15,7 +15,7 @@ class Themelet {
 	/**
 	 * A specific, common error message
 	 */
-	public function display_permission_denied($page) {
+	public function display_permission_denied(Page $page) {
 		header("HTTP/1.0 403 Permission Denied");
 		$this->display_error($page, "Permission Denied", "You do not have permission to access this page");
 	}
@@ -25,22 +25,20 @@ class Themelet {
 	 * Generic thumbnail code; returns HTML rather than adding
 	 * a block since thumbs tend to go inside blocks...
 	 */
-	public function build_thumb_html($image, $query=null) {
+	public function build_thumb_html(Image $image, $query=null) {
 		global $config;
 		$i_id = int_escape($image->id);
 		$h_view_link = make_link("post/view/$i_id", $query);
 		$h_tip = html_escape($image->get_tooltip());
 		$h_thumb_link = $image->get_thumb_link();
 		$tsize = get_thumbnail_size($image->width, $image->height);
-		$hm8 = $tsize[1]-8;
-		$wm8 = $tsize[0]-8;
 		return "
 			<div class='thumbblock'>
 			<div class='rr thumb'>
 				<div class='rrtop'><div></div></div>
 				<div class='rrcontent'>
 				<a href='$h_view_link' style='position: relative; display: block; height: {$tsize[1]}px; width: {$tsize[0]}px;'>
-					<img id='$i_id' title='$h_tip' alt='$h_tip' style='height: {$tsize[1]}px; width: {$tsize[0]}px;' src='$h_thumb_link'>
+					<img id='thumb_$i_id' title='$h_tip' alt='$h_tip' style='height: {$tsize[1]}px; width: {$tsize[0]}px;' src='$h_thumb_link'>
 				</a>
 				</div>
 				<div class='rrbot'><div></div></div>
@@ -53,7 +51,7 @@ class Themelet {
 	/**
 	 * Add a generic paginator
 	 */
-	public function display_paginator($page, $base, $query, $page_number, $total_pages) {
+	public function display_paginator(Page $page, $base, $query, $page_number, $total_pages) {
 		if($total_pages == 0) $total_pages = 1;
 		$body = $this->build_paginator($page_number, $total_pages, $base, $query);
 		$page->add_block(new Block(null, $body, "main", 90));
diff --git a/themes/futaba/themelet.class.php b/themes/futaba/themelet.class.php
index 79778d86..706f3f1b 100644
--- a/themes/futaba/themelet.class.php
+++ b/themes/futaba/themelet.class.php
@@ -4,7 +4,7 @@ class Themelet {
 	/**
 	 * Generic error message display
 	 */
-	public function display_error($page, $title, $message) {
+	public function display_error(Page $page, $title, $message) {
 		$page->set_title($title);
 		$page->set_heading($title);
 		$page->add_block(new NavBlock());
@@ -16,7 +16,7 @@ class Themelet {
 	 * Generic thumbnail code; returns HTML rather than adding
 	 * a block since thumbs tend to go inside blocks...
 	 */
-	public function build_thumb_html($image, $query=null) {
+	public function build_thumb_html(Image $image, $query=null) {
 		global $config;
 		$h_view_link = make_link("post/view/{$image->id}", $query);
 		$h_tip = html_escape($image->get_tooltip());
@@ -30,7 +30,7 @@ class Themelet {
 	/**
 	 * Add a generic paginator
 	 */
-	public function display_paginator($page, $base, $query, $page_number, $total_pages, $position=90) {
+	public function display_paginator(Page $page, $base, $query, $page_number, $total_pages, $position=90) {
 		if($total_pages == 0) $total_pages = 1;
 		$body = $this->build_paginator($page_number, $total_pages, $base, $query);
 		$page->add_block(new Block(null, $body, "main", $position));
diff --git a/themes/minimal/themelet.class.php b/themes/minimal/themelet.class.php
index 506a1b86..09eb031e 100644
--- a/themes/minimal/themelet.class.php
+++ b/themes/minimal/themelet.class.php
@@ -4,7 +4,7 @@ class Themelet {
 	/**
 	 * Generic error message display
 	 */
-	public function display_error($page, $title, $message) {
+	public function display_error(Page $page, $title, $message) {
 		$page->set_title($title);
 		$page->set_heading($title);
 		$page->add_block(new NavBlock());
@@ -15,7 +15,7 @@ class Themelet {
 	/**
 	 * A specific, common error message
 	 */
-	public function display_permission_denied($page) {
+	public function display_permission_denied(Page $page) {
 		header("HTTP/1.0 403 Permission Denied");
 		$this->display_error($page, "Permission Denied", "You do not have permission to access this page");
 	}
@@ -25,7 +25,7 @@ class Themelet {
 	 * Generic thumbnail code; returns HTML rather than adding
 	 * a block since thumbs tend to go inside blocks...
 	 */
-	public function build_thumb_html($image, $query=null) {
+	public function build_thumb_html(Image $image, $query=null) {
 		global $config;
 		$i_id = int_escape($image->id);
 		$h_view_link = make_link("post/view/$i_id", $query);
@@ -40,7 +40,7 @@ class Themelet {
 	/**
 	 * Add a generic paginator
 	 */
-	public function display_paginator($page, $base, $query, $page_number, $total_pages) {
+	public function display_paginator(Page $page, $base, $query, $page_number, $total_pages) {
 		if($total_pages == 0) $total_pages = 1;
 		$body = $this->build_paginator($page_number, $total_pages, $base, $query);
 		$page->add_block(new Block(null, $body, "main", 90));
diff --git a/themes/old_default/themelet.class.php b/themes/old_default/themelet.class.php
index 506a1b86..09eb031e 100644
--- a/themes/old_default/themelet.class.php
+++ b/themes/old_default/themelet.class.php
@@ -4,7 +4,7 @@ class Themelet {
 	/**
 	 * Generic error message display
 	 */
-	public function display_error($page, $title, $message) {
+	public function display_error(Page $page, $title, $message) {
 		$page->set_title($title);
 		$page->set_heading($title);
 		$page->add_block(new NavBlock());
@@ -15,7 +15,7 @@ class Themelet {
 	/**
 	 * A specific, common error message
 	 */
-	public function display_permission_denied($page) {
+	public function display_permission_denied(Page $page) {
 		header("HTTP/1.0 403 Permission Denied");
 		$this->display_error($page, "Permission Denied", "You do not have permission to access this page");
 	}
@@ -25,7 +25,7 @@ class Themelet {
 	 * Generic thumbnail code; returns HTML rather than adding
 	 * a block since thumbs tend to go inside blocks...
 	 */
-	public function build_thumb_html($image, $query=null) {
+	public function build_thumb_html(Image $image, $query=null) {
 		global $config;
 		$i_id = int_escape($image->id);
 		$h_view_link = make_link("post/view/$i_id", $query);
@@ -40,7 +40,7 @@ class Themelet {
 	/**
 	 * Add a generic paginator
 	 */
-	public function display_paginator($page, $base, $query, $page_number, $total_pages) {
+	public function display_paginator(Page $page, $base, $query, $page_number, $total_pages) {
 		if($total_pages == 0) $total_pages = 1;
 		$body = $this->build_paginator($page_number, $total_pages, $base, $query);
 		$page->add_block(new Block(null, $body, "main", 90));