> partition to kill secure tripcodes

signed

> add functionality for multiple uploads in one post.

I think this was decided against before.

I'll sign that partition for a separate admin script and XHTML interface (one that includes the banning, board nuking, and spamlist-changing functions in Wakaba).

How about adding flexibility to the DELETE_FIRST option in config.pl, using booleans to define when to keep or remove a thread (including AND/OR/NOT arguments)?

Also, options for both automated permasaging and pruning by postcount, creation date/time, and board position (all configurable in config.pl of course).

Some other layout points:

• The Title field should go above the Name and Link fields in 2ch mode.

• 2ch's "new thread" post box is at the bottom of the main page. From every practical standpoint, the current solution in Kareha is a lot more convenient, but you may want to go over that just in case.

• Futaba now uses "..." instead of ">>>" to prefix repy blocks.

If you want to have a look at what the code actually does to dig out flaws, here is the current version:

sub sanitize_html($%)
{
	my ($html,%tags)=@_;
	my (@stack,$clean);
	my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;

	while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
	{
		my ($text,$tag)=($1,$2);

		if($text)
		{
			$text=~s/$entity_re/&amp;/g;
			$text=~s/>/&gt;/g;
			$clean.=$text;
		}
		else
		{
			if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
			{
				my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);

				if($tags{$name})
				{
					if($closing)
					{
						if(grep { $_ eq $name } @stack)
						{
							my $entry;

							do {
								$entry=pop @stack;
								$clean.="</$entry>";
							} until $entry eq $name;
						}
					}
					else
					{
						my %args;

						$args=~s/\s/ /sg;

						while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
						{
							my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
							$value=$arg unless defined($value);

							my $type=$tags{$name}{args}{$arg};

							if($type)
							{
								my $passes=1;

								if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
								if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/  }

								if($passes)
								{
									$value=~s/$entity_re/&amp;/g;

									if($value=~/"/) { $value="'$value'" }
									else { $value="\"$value\"" }

									$args{$arg}=$value;
								}
							}
						}

						my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;

						$implicit="/" if($tags{$name}{empty});

						push @stack,$name unless $implicit;

						$clean.="<$name";
						$clean.=" $cleanargs" if $cleanargs;
						$clean.=" $implicit" if $implicit;
						$clean.=">";
					}
				}
			}
		}
	}

	my $entry;
	while($entry=pop @stack) { $clean.="</$entry>" }

	return $clean;
}

>>232
Nothing! But since mode_image's footer.html includes a link to Futaba called "Futaba mode," I think mode_message should have the same.

WAHa, WAHa, it's a bug!

Pressed back after creating an error message in karaha (trying to reply to this thread, forgetting to type something in here), refresh does nothing!

>>249
<a href> opens up the possibility of using inline links, and img tags allow bandwidth leeching from other sites (plus the fact that the image itself may be unsanitary).

PS: I always wanted to say this: The # anchors on the TiddlyWiki automatically scroll me (FF, 1.0.7) just below the actual text box of the entry. Is that a bug, a feature or... ?

>>249 Then the default should be no markup.

>>216
I remember at least one or two boards on 2ch that used it, though I can't remember which (moon language and such, you see).

I apologize for the dumb question I made at the end of >>218. I forgot that Kareha permasages (not closes) a thread after the limit is exceeded, so there's no need for a hypothetical 1001th post anyway! orz

The test thread seems to be broken too.

>>184
If people are going to decide to use custom names for paramaters, then there isn't much you can do about it anyway, or is there?

Oh, and the navigation bar on the error page should probably look like the one on the thread page.

>>189

>The effect would be miniscule in comparison to the huge increase in bandwidth that would result from sending the entire static thread pages.

How about a config.pl parameter to split up thread subpages into X posts per page? The navigation links already use 100 posts per page for practically everything except "Last 50 posts".

Hmm, I just remembered: >> links would not work at all with static pages. Not good.

>Why? Even if 0ch or Futaba implemented secure tripcodes, you wouldn't get the same secure tripcode there as on another board. That's the nature of the security.

Right, I guess it was dumb to mention 0ch/Futaba in the first place. The point is, as you said yourself, tripcodes are a gimmick, and if someone wants to maintain a persistent identity across multiple boards and sites (ie, everyone here with a tripcode), they have no choice but to use ordinary tripcodes. Secure tripcodes are useless because they limit your identity to a single board, supposing each board/site's cipher key is different -- which it should be, since that's the point of having a secure tripcode in the first place. No one should be so paranoid about a tripcode that they'd need to have a different one per board/site.

>Not without doing a lot of changes throughout the code, and not without breaking current installations.

Shouldn't we sacrifice some backwards compatibility for a more robust and scalable design? It might even be possible to provide an upgrade.pl for old threads.

>>193

>You could only trigger the functions in a specific format, say...

That's a cool idea, though for now it would have to be left alone if we want to keep Kareha compatible with 2ch/Futaba conventions.

>>195
Exactly. The methods and the effects of saging a thread are separate subjects.

P.S. I recently discovered "rXX-XX" for threads in /soc/. How exactly does this work? From the sound of it, it's supposed to randomize the post order, but when I hit refresh I get the same order.

Let's get to 1000 by "I want a pretty pony" only! ヽ(´ー｀)ノ

(Lots of stuff in here, click "whole post"!)

> How about listing what dmpk2k or you have done already?

Truth be told, I haven't even looked over his contributions yet. I'm doing some work on Kareha first. He did bandwidth load balancing for Wakaba across several servers, and image file archiving, at least. Plus some proxy checking and other goodies.

> Split threads and posts into separate tables. You're repeating the lasthit and parent column over and over.

Bad idea. Adds a lot of code complexity without adding any new functionality. The current solution is simple and robust.

> Automatic closing and moving of threads that do not get any activity in a certain timeframe (based on average activity frequency of the board)

This is nearly impossible to get right, and I don't think I'm going to try unless someone can think up a reliable algorithm that uses the data that is availble (not much).

> Reintroduction of "Marked for deletion (old)" (it's just handy to have that)

I tried several times, and concluded it wasn't worth the code and database overhead it would take. This feature is relatively easy to implement for Futaba-style post number limited boards (and Futaba implements it really stupidly), but it gets tricky when you have different deletion modes and want to do it right.

> Prune-limit mode that is defined by number of files or size sum of files on a board

Size limit is already implemented. I might add file limit, but I'm not sure it's all that useful, when you already have the size limit.

The rest, I agree with, and I will try to get most of it done. I'm sure there's some more stuff hidden in old threads, though!

I meant Remote host adress instead of IP.

durr hurr

>>108
fusianasan is a voluntary function to show identity without having to memorize a tripcode. Works on all boards. Reveals your IP, of course...

Another feature I'd like is keyboard shortcuts like Wikipedia. Although you'd have to avoid stuff like Alt-D.

I've been meaning to change some of the defaults away from Futaba-style to saner behaviours. Any suggestions for what to change are welcome. So far:

• Pruning set to furthest-back instead of oldest.
• Size limit instead of post number limit, maybe?
• I'll add thread closing to Kareha, but I was thinking of setting the default behaviour to never permasage or close threads.

I notice some weirdness with the CSS changes sometimes. For example, the first post on a -100 page will sometimes have the first character of the post enlarged. >>2 looks something like
\
/>2 until it is mouse-overed or you change the CSS, but then it goes back to large again on refresh. Also can happen with lowercase letters. Some of the field labels also change size from refreshing in a certain CSS versus just switching to it.

>It's all a design & layout question. I'd like to have the interface reduced to what is absolutely neccessary, esp. since I do not think many people really want to even bother or bother very often with the whole markup question.

Why have a name field or link field? For the majority of posts they are not used, or only used for sage. As stated earlier, they are not even needed for the bare minimum of usage. You want to prove it is you posting? Use a gpg signature or something and a third-party extension, it is just fluff that is not needed at all!

I'm all for having a system that is easy to modify to the end-user's wants and needs. However, there are going to be plenty of users that are not hardcore enough to make or use such options. Therefore, the normal functionality should be pretty usable.

People seem to pop-up whenever something that would change the interface to shout it down. They seem to fear any change and normally give no reason other than it would clutter things up or some nonsense. Does the CSS selector -really- get in your way? It is probably a whole ten pixels! Is having the More options thing really ruining your experience, or are you just against it on some principle? Personally, I would move it below the comment text-area or something, as now the tab amounts between the main fields has changed.

All right, code updated again. This time, some experimenting! I've implemented a tentative system for changing markup types. This needs a bunch of testing, of course, so here's the test thread link once again: http://wakaba.c3.cx/sup/kareha.pl/1099697376/

Thoughts and comments are welcome. I'm still trying to figure out how exactly to do this.

There's a bunch of other changes and fixes too, so mention if anything breaks, as usual. Also, shift-reload!

Thanks. I did it the hard way and put in the proper transformations everywhere so filenames can be kept intact, though.

>>184
If people are going to decide to use custom names for paramaters, then there isn't much you can do about it anyway, or is there?

I want a 1001th post! :(

> I'd like to have the interface reduced to what is absolutely neccessary

That's why there is a "More options..." link, instead of putting the controls there on every single thread everywhere.

I want a 1001th post! :(

I thought fusianasan was supposed to be a mod-only function to weed out bad posters. And what would be the difference between revealing the persons's IP and his ISP's domain?

>>99
I didn't mean to include Forcenick in there, sorry.
Adding to that, however, how about forced sage for specificed IPs? It'd make for a great slogan: Remember kids, tripcodes and aging are privileges, not rights!