So, as Xee is almost done, and I'm mostly waiting for external contributions, I decided it was time to start working on the Legendary Next Update for Kareha and Wakaba.
Only problem is, it's been a long time, and I've forgotten most of what needs to be done. Most of it is mentioned SOMEWHERE on the board, though. So this is your chance to pipe up with your pet feature request, or if you're feeling really helpful, to dig out some old posts that mention things that need fixing.
Hop to it!
> people like admins might prefer to use them
but they have capcodes now...
Yeah, no, maybe. Using secure trips for capcodes also adds extra protections against accidentially misspellingyour capcode and leaving it open to attack.
> It's not worth comparing until it doesn't break regularly.
The only problem with it is that it doesn't do paranoid file writes. The fact that the entire server occasionally breaks isn't related to how broken the script itself is.
> the entire server occasionally breaks
Occasionally?
Well, that might be it, except that on world4ch at least one board breaks every week, if not more. Incidentally, as of this writing, 4chan's /dis/ and /sug/ are also toast (third time this month?).
As it is, I can't recall ever seeing kareha break.
If we must discuss Shiichan's bug (which I believe we don't): I like the one where it sometimes turns an existing thread at the end of the All thread list into a thread with no subject, creation date set as 31 Dec 1969: 19:00 and then set to -1 posts (!) - and when you post in it, you 0GET and your IP appears as the subject.
It's a brilliant, better than fusianasan! Try it out: http://dis.4chan.org/read.php/dis/1121735647/
Congratulations to 82.94.251.206!
So the subject line will look like this:
[username]<><>[unix timestamp from now]<>[content of comment box]<> <>[IP]
Recapping, here are the things I'd like to see in the final release:
Some nitpicky template adjustments to mode_message in order to more closely resemble 0ch (see http://f17.aaa.livedoor.jp/~zerotest/jikken and http://0ch.mine.nu/jikken):
More information on the all threads page, date of the last post? file size?
A quote button that puts >>n and puts the post prefixed by > in the reply box
Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)
A trigger for turning wakabamark off and one for forcing a monospace font
> change the no-ID-on-email option to no-ID-on-sage
> multi-page links (1-, 101-, 201-, etc) at the top of subpages
Already implemented.
> config.pl parameter to permasage after a certain thread filesize/total number of characters has been reached
Isn't this essentially the same as saying "Please don't talk so much?"
> no EMAIL_ID parameter (most if not everyone uses "Heaven" anyway, and if they really want to change it they can easily find the string in kareha.pl)
The choice of this string is so weird and arbitary, I feel better keeping it as an option so that I can disclaim responsibility!
> better configuration of date and time (with optional timezone offsets), parsing certain characters for individual elements (ie, yyyy/MM/dd(D) hh:mm:ss -5:00:00) and also accepting numerical inputs for fixed dates and times (Eternal September)
> red, bold thread filesize indicator near the bottom of subpages
Pretty useless. I'd rather not waste work and code on something that has no actual use. (Timezone offsets would be useful, but this is such an incredibly hairy issue to get right, I don't want to even try. Just handling Daylight Savings Time would make my head explode, and I can't just leave it out, because then either the admin has to keep changing the offset, or the time will be wrong half the year anyway.)
> non-bolded post numbers
> colons before dates
> colons before names (thread subpages only)
what
> More information on the all threads page, date of the last post? file size?
That might be somewhat useful, I suppose. I'll have a look at it.
> A quote button that puts >>n and puts the post prefixed by > in the reply box
There's already a way to put in >>n. However, quoting an entire post is seldom something you want to do anyway, so I don't think that's worth cluttering up the page with a million buttons for.
> Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)
Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.
> A trigger for turning wakabamark off and one for forcing a monospace font
I've been trying to work out a more elegant solution for this.
>> config.pl parameter to permasage after a certain thread filesize/total number of characters has been reached
> Isn't this essentially the same as saying "Please don't talk so much?"
I am not >>208 but the first who suggested this here (long ago). I think it may be vital for future, actually popular boards to limit the filesize of a thread so that the board won't get hammered by repeated loads of whole threads without having to limit the size of posts themselves something fierce.
Whoops, sorry. I read "close" instead of "permasage".
Permasage on filesize seems pretty silly, yes.
> multi-page links (1-, 101-, 201-, etc) at the top of subpages
This is just implemented on some 0ch types. 2channel doesn't use it (at least on no board that I know of).
> More information on the all threads page [...] file size?
If (optional) closing on filesize should be implemented, this would probably be a good idea.
>> More information on the all threads page, date of the last post? file size?
Well, I had already proposed the filesize indicator in >>208, but optimally I would actually prefer that subback resemble the one in 0ch (ie, same as the main page thread list, but without CSS).
And single-post links don't include the thread's first post anyway, so there's no need for >>n. Quoting an entire post is not wise either.
>Isn't this essentially the same as saying "Please don't talk so much?"
In a sense, yes. Just like the postcount limit could be interpreted as "Please don't talk so long".
>what
main page -- 161 Name:◆WAHa.06x36:2005/10/21(Fri) 14:44 ID:Heaven
subpage -- 4 :◆WAHa.06x36:2005/10/21 14:44 ID:Heaven
Question: does Kareha have a 1001th post message like "Name: 1001:Over 1000 Thread" for when a thread exceeds its postcount limit?
>>216
I remember at least one or two boards on 2ch that used it, though I can't remember which (moon language and such, you see).
I apologize for the dumb question I made at the end of >>218. I forgot that Kareha permasages (not closes) a thread after the limit is exceeded, so there's no need for a hypothetical 1001th post anyway! orz
Kareha can't use different layouts for posts on different pages, except by CSS trickery. I could add the second colon, though.
Also, I've implemented optional thread closing now, but there's no extra post. That would just be a total mess to implement, and would make re-opening threads annoying, if such a feature was requested. It replaces the posting form with a notice that the thread has been closed, instead.
>>220
I meant only using the extra post for autoclose situations where the thread has exceeded the defined postcount limit in config.pl. As for the implementation, couldn't you just have Kareha use post_stuff() and (somehow) replace the timestamp with "Over XXXX Thread"?
A 1001th post would be a bother.
Okay then, for starters, how about the closing message to exactly look like a post (although it's sad it won't be accesable with >>1001)?
That would be a bother too.
∧∧
( ・ω・) It's late
_| ⊃/(___
/ └-(____/
∧∧
( ・ω・ ) Good night!
_| ⊃/(___
/ └-(____/
<⌒/ヽ-、___
/<_/____/
 ̄ ̄
0ch-PHP had this nifty feature where if it was a certain "high bandwidth" time of day, then you couldn't view the whole thread.
Hm... that is kind of useless on a worldwide forum, huh?
But there should still be an option to keep people from viewing more than 100-200 posts, as an emergency way of saving bandwidth.
I think it'd be a better idea to have some kind of load-balancing/distributed server cluster approach, like what dmpk2k was working on for Wakaba.
How about adding a link to 2ch in footer.html called "2ch mode"?
>>232
Nothing! But since mode_image's footer.html includes a link to Futaba called "Futaba mode," I think mode_message should have the same.
requesting features:
>>n and >>q and anything else that can be used in the url.
In mode_image: shouldn't the board title be in <h1>, and the post headers in <h2>?
>>236
I mean, thread titles in <h2> and post headers in <h3>.
>Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.
You could take the route that MrVB (I think?) did and generate the strings on first run? openssl, /dev/random, perl's random as last resort. In almost every case you are going to get a better random string than most people will supply, and if they want to change it they can. Or only have them generated if they are not supplied.
Honestly, when people care so much about anonymity they can put up with the changes required to ensure it.
Here's a fun little game for you all!
I'm looking into adding support for using HTML markup in addition to WakabaMark, but since most boards use XHTML, I can't just let through any old HTML, and most people can't write well-formed XHTML. Also, I don't want any cross-site scripting going on. So I've tried to write a piece of code that takes any horribly written piece of HTML, sanitizes it by removing all tags and attributes that are not an approved list, checks the attribute values, and turns it into well-formed XML.
Now I'd like to see if anyone can break this. The objective is to get some Javascript onto the page, or making the page break in Firefox (or any other browser that parses XML strictly), or otherwise causing trouble. Have at it!
If you want to have a look at what the code actually does to dig out flaws, here is the current version:
sub sanitize_html($%)
{
my ($html,%tags)=@_;
my (@stack,$clean);
my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;
while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
{
my ($text,$tag)=($1,$2);
if($text)
{
$text=~s/$entity_re/&/g;
$text=~s/>/>/g;
$clean.=$text;
}
else
{
if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
{
my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);
if($tags{$name})
{
if($closing)
{
if(grep { $_ eq $name } @stack)
{
my $entry;
do {
$entry=pop @stack;
$clean.="</$entry>";
} until $entry eq $name;
}
}
else
{
my %args;
$args=~s/\s/ /sg;
while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
{
my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
$value=$arg unless defined($value);
my $type=$tags{$name}{args}{$arg};
if($type)
{
my $passes=1;
if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/ }
if($passes)
{
$value=~s/$entity_re/&/g;
if($value=~/"/) { $value="'$value'" }
else { $value="\"$value\"" }
$args{$arg}=$value;
}
}
}
my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;
$implicit="/" if($tags{$name}{empty});
push @stack,$name unless $implicit;
$clean.="<$name";
$clean.=" $cleanargs" if $cleanargs;
$clean.=" $implicit" if $implicit;
$clean.=">";
}
}
}
}
}
my $entry;
while($entry=pop @stack) { $clean.="</$entry>" }
return $clean;
}
I don't know if this is a bug or not, but could you change the Futaba template so that hovering over/clicking on a post header doesn't count as doing the same to the deletion checkbox next to it? Same goes for the "[File Only]" area at the bottom with its checkbox.
Wow, >>243 sure looks like shit in Safari. What the hell? Looks right in Firefox, though.
Er, that's a feature, not a bug. That's how most GUIs act.
Why would there be any use in writing actual HTML in posts? Seems to me like it's just inviting abuse.
It's also more markup when even the existing one isn't working as well as it should.
Well, you have your chance to try and abuse it over on the test page. Although the list of allowed tags there doesn't exactly match what would be allowed here.
Also, the point is to make the type of markup selectable, so you can pick WakabaMark or HTML or none at all.
>>249
<a href> opens up the possibility of using inline links, and img tags allow bandwidth leeching from other sites (plus the fact that the image itself may be unsanitary).
Plus if you were to allow those tags in HTML, you should do the same for WakabaMark (which actually takes its cue from Markdown, so I don't see why it has a different name).
Again, the list of tags allowed on that page don't correspond to what would be allowed in Kareha. Of course <img> tags wouldn't be allowed, for instance. This is just for testing the actual cleanup engine.
Semantical nitpick: shouldn't the "Page top" link be called "Thread list"?
Maybe. I just picked something at random.
the text
c < d
causes a <d> tag to be opened, which is not on the list, and therefore all the text until the next tag will be deleted. a better behavior in this case would be to just convert that < to <. you even ought to do this for
a < b
too, despite the fact that b is a valid tag, because who the hell leaves the closing angle bracket out of their HTML tag?
creating the correct regexes for this is an exercise left to the reader.
This is the obligatory encoding test ... in <code>
㋋㏡
ゔ〲〰 ゔ〲〲〰〰 ゔ〲〰 ゔ〲〰 ゔ〲〰ゔ 〲〰ゔ 〲〰ゔ〲〲〰ゔゔ
〳〵ヷヷヷヷ〰〰〰〳〵ヷヷヷヷ〰〰〰〳〵ヷヷヷヷ〰〰〰
(♛ฺД)(*゜∀゜)~♡ℳฺℴฺℯฺ❤ℒฺℴฺνℯฺ..._〆(゜▽゜*)㌰㌰ ㍉㍍㌧㌔㌶㍊㌣㌦
㌀㌁㌂㌃㌄㌅㌆㌇㌈㌉㌊㌋㌌☠ฺ ☠ฺ ☠ฺ ☠ฺ ☠ฺ ☠ฺ ☠ฺ ☠ฺ ☠ฺ
☼♭♬♫♨♩♧♦♥♤♣♢♠♡♐ฺ♑ฺ♒ฺ♓ฺ ♔ฺ♕ฺ ♖
ฺ ♗ฺ♘ฺ♙ฺ♚ฺ♛ฺ♜ฺ♝(・∀・)/ヾ~~╋┓!㋦㋸㋭°
|壁|」゜ρ゜)」 ノ ヽ``~ 力㋦㋸㋭°
/ ⌒ヽ
/ ´_ゝ`) I am sorry、 the β α κ α kopipe couldn't be carried out・・・
| /
| /| |
// | |
U .U
Random post: The test thread could use some linking in the notes at the bottom (what's the common nomenclature for that one?).
All right, code updated again. This time, some experimenting! I've implemented a tentative system for changing markup types. This needs a bunch of testing, of course, so here's the test thread link once again: http://wakaba.c3.cx/sup/kareha.pl/1099697376/
Thoughts and comments are welcome. I'm still trying to figure out how exactly to do this.
There's a bunch of other changes and fixes too, so mention if anything breaks, as usual. Also, shift-reload!
ugh "More options..."
too much clickable elements! and it doesn't even do anything (Firefox 1.0.7 here)!
out! out!
I told you to shift-reload!
I hate that blue link next to the reply box! It looks ugly!
Also, there's no "Less options..."
Can't this be somewhere else but the post form?
> Can't this be somewhere else but the post form?
No, because that would be immensely useless and annoying, because nobody would know it's there, and even if they did, they'd have to go somewhere else every time they wanted to post something using a different markup.
Did you ditch customizable capcodes?
How about placing the Formatting menu to the left or right of the "File: " field? I'd also like to see WakabaMark changed to its real name (Markdown).
A few other considerations:
Small details aside, this is seriously shaping up to be an amazing release. Your efforts are much appreciated, WAHa.
Oh, and "AA mode" should be changed to "Text art mode" so we won't be incessantly quibbling about the difference between ASCII and SJIS art.
> Did you ditch customizable capcodes?
No, I removed the dumbass capcode I put in as a demonstration, because I don't like capcodes.
> Using "◆" as the default tripkey character.
I dunno, I always thought that was a kind of big and annoying symbol. Especially when it's so close visually to the question-mark-in-diamond marker some fonts use for characters they don't support.
> How about placing the Formatting menu to the left or right of the "File: " field? I'd also like to see WakabaMark changed to its real name (Markdown).
The File field is almost never there. Also, WakabaMark is similar to, but not the same as Markdown. There are significant differences that make them incompatible (since Markdown is designed to be used when you know you're using it, but WakabaMark tries as best as it can to not do unexpected things if you don't know about it). I might add optional support for real Markdown at some point.
> In Pseud0ch, post numbers should be the same size/format as the rest of the header text
I tried, and it looked much worse than the current solution. Besides, post numbers in Kareha and 0ch aren't the same, since they're clickable here.
> PS. What's "Raw HTML"?
Pretty useless. I'll probably remove it. It's HTML input without turning newlines into <br/>.
> Oh, and "AA mode" should be changed to "Text art mode"
Maybe just "Text art"... hmm.
> The File field is almost never there.
...especially not when I've added a bug that makes it disappear. Where the hell did it go?
>>275
Heh, I thought you had disabled it manually.
>The File field is almost never there.
Right, and when it isn't, the Formatting menu can still reside on the same line.
The error page in mode_message should more closely resemble that of 0ch (complete with "ERROR!" title).
Text Art's description about auto-linking URLs and >> references is redundant. Not a bad solution with the layout, though (hiding the menu behind "More options..." still bugs me).
Hmmm, I just noticed you still allow <a> tags, which would let posters use inline links. Are you gonna keep that?
> The error page in mode_message should more closely resemble that of 0ch (complete with "ERROR!" title).
Signed. And the style selector on the error page is pretty useless.
Oh, and the navigation bar on the error page should probably look like the one on the thread page.
Should be fixed now.
How about appending an estimated (at the time of thread creation) time of pruning to the first post's header, if pruning-by-age is enabled?
Currently, pruning by age is measured from the time of the newest post in the thread, so it wouldn't really work. I'm not sure if this is the best behaviour or not, but it seems it makes more sense to kill threads nobody cares about than to kill slow-moving threads just because they get old.
>>294 Hey I like the new formatting bit. Should it collapse back down if you click away or if you click the "More options..." bit again, like the text box?
Just a thought. This setup is easier and more obvious than using the link field, with "AA" or "Wakabamark". BTW, I just realized that was a pun. Boo! Hiss! Not punny! :)