Removed it when redesigning the page head, haven't figured out quite what to do about it yet. It needs to be changed, but to what, I'm not yet sure.

>>112
We already have the ID function, so why do we need such an egregious compromise of anonymity (and security) like voluntarily exposing your own IP?

RENZOKU are the flood detection things... even if they are useless MAX_POSTS_PER_MINUTE makes a lot more sense than RENZOKU2

3) was about a string to trigger ID:Heaven, not a constant for the Heaven part (which is already configurable)

Re: email/link field

Just because it works one way on 2ch/whatever does not mean it is the best way. Having 'fusianasan' as the only way to trigger the effect is just narrow-minded. Functions should have descriptive names to the people using them; should we keep the field names in Japanese because the Japanese have them in Japanese? Having all of the applicable things configurable is something that makes sense, and you can easily have both 'fusianasan' and 'show_ip' that work at the same time. Frankly, the combinations of many things into unrelated fields is a design flaw. What if you want to use a name/trip and fusianasan? What if your email address contains the string 'sage'? What if you want to sage a thread, but have an ID still?
I think the confusion of existing users is worth reducing the learning curve and improving the intuitiveness.

I'm not saying that the default behaviour needs to change, but being able to easily configure the strings used allows for easier localization.

I probably misspelled fusianasan too, why should I have to remember something so foreign?

Let's get to 1000 by "I want a pretty pony" only! ヽ(´ー｀)ノ

> change the no-ID-on-email option to no-ID-on-sage
> multi-page links (1-, 101-, 201-, etc) at the top of subpages

Already implemented.

> config.pl parameter to permasage after a certain thread filesize/total number of characters has been reached

Isn't this essentially the same as saying "Please don't talk so much?"

> no EMAIL_ID parameter (most if not everyone uses "Heaven" anyway, and if they really want to change it they can easily find the string in kareha.pl)

The choice of this string is so weird and arbitary, I feel better keeping it as an option so that I can disclaim responsibility!

> better configuration of date and time (with optional timezone offsets), parsing certain characters for individual elements (ie, yyyy/MM/dd(D) hh:mm:ss -5:00:00) and also accepting numerical inputs for fixed dates and times (Eternal September)
> red, bold thread filesize indicator near the bottom of subpages

Pretty useless. I'd rather not waste work and code on something that has no actual use. (Timezone offsets would be useful, but this is such an incredibly hairy issue to get right, I don't want to even try. Just handling Daylight Savings Time would make my head explode, and I can't just leave it out, because then either the admin has to keep changing the offset, or the time will be wrong half the year anyway.)

> non-bolded post numbers
> colons before dates
> colons before names (thread subpages only)

what

>>249
<a href> opens up the possibility of using inline links, and img tags allow bandwidth leeching from other sites (plus the fact that the image itself may be unsanitary).

Nothing specific, just protecting against any possible future ones.

>>180

The one with encoded Javascript that makes you post with fusianasan is cute.

Gah, I am totally confused about what to do about the admin interface. Separate script? Built-in? Javascript? How do I display the data? I have no idea!

>>70

?

> Personally, I find the reverse order listing, as well as the random order listing, to be a bit silly & useless.

Well, no, duh, that's the point. They're jokes.

> The only useful bonus feature here seems to be the comma range seperator, but it seems even in that case there is not much benefit to it (saves 1-3 links in the average case that it is needed, which is rare to begin with).

On the contrary, it's very useful when referring someone to a specific discussion in a thread where several discussions are going on, since you can make a link that only shows the relevant posts. Not just on the board but when linking to threads elsewhere.

Thanks for the links at the top. Previously, I had to search for those threads over and over again if I wanted to find them.

>>46
Well, I haven't checked to see exactly where the ban functionality exists in Kareha, but my idea is something along the lines of: (1) encrypting the offender's IP, (2) writing it to a bans.txt list, and (3) writing a parameter next to the IP specifying the time when the ban should be lifted. Of course, you also need underlying code to check bans.txt every time a user tries to post or reply, and also to remove a ban entry at its specified time.

> the only boards that use them are image boards where you have to load images anyway.

Correction: http://www.akatsukimanga.com/kareha/

Argh, beaten and >>n isn't even implemented. orz

>>333
The whole point of websites is to implement things without the external application. I don't understand the argument for OH NO ANOTHER BUTTON MY WHOLE LIFE IS RUINNED crowd. If you don't like the extra buttons why don't you remove them with an external application and/or preferences? When you are talking about formating options, a preview makes sense. Are you going to set up your thrid-party application for every configuration of tags supported for every board?

If a feature is of a wide enough audience, it should be included. I'm sure nearly everyone could use a preview every once in a while, whereas something like a Bible quotation functionality would not have wide use.

> (albeit edge cases)

Which is the crux of the matter - it mostly doesn't matter to the vast majority of users.

> You still end up with no way to link the fusianasan post with the name/trip one without IDs enabled (unless the ID method is known and no secret data is used).

You can use fusianasan with a tripcode, at least on Kareha. I suspect you can on 0ch too, but I haven't checked.

I almost forgot this:

For thread-closing, it would be nice if Kareha would post a last post, telling the thread is now over and closed (with some default message that can be customized for each board), akin to the 0ch 1001th post behaviour.

I don't see any inconsistencies in >>341 except for the rounded corners.

> You mean requiring SQL software, or just making backwards-incompatible changes that would screw up old threads?

I mean, needing to alter the table that is already in the database. I don't want to try to do that any more than I have to, as it's pretty hard to get right in a database-independent manner.

> Are you only referring to flooding and spamming, or also trolls and flamewars?

Yes, only flooding and spamming. Trolling and flamewars are not a problem one should use banning to try and solve.

> Finally, out of curiosity: how much of the functionality in the .js file do you think could be properly implemented into a new or existing perl script?

Well, if you serve up dynamic pages, you can do the form-filling on the server, but that's about it. The rest is dynamic stuff.

First thought: It would eliminate the concept of sageing as a protest entirely.

I've returned from the world of the dead, with old forgotten...suggestions! http://wakaba.c3.cx/sup/kareha.pl/1109447905/l50

>-Scaleable administration (ie, [variable permissions for different passwords])
>-Forcenick and/or force anon for [specified IPs]

Let's get to 1000 by "I want a pretty pony" only! ヽ(´ー｀)ノ

If you want to have a look at what the code actually does to dig out flaws, here is the current version:

sub sanitize_html($%)
{
	my ($html,%tags)=@_;
	my (@stack,$clean);
	my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;

	while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
	{
		my ($text,$tag)=($1,$2);

		if($text)
		{
			$text=~s/$entity_re/&amp;/g;
			$text=~s/>/&gt;/g;
			$clean.=$text;
		}
		else
		{
			if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
			{
				my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);

				if($tags{$name})
				{
					if($closing)
					{
						if(grep { $_ eq $name } @stack)
						{
							my $entry;

							do {
								$entry=pop @stack;
								$clean.="</$entry>";
							} until $entry eq $name;
						}
					}
					else
					{
						my %args;

						$args=~s/\s/ /sg;

						while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
						{
							my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
							$value=$arg unless defined($value);

							my $type=$tags{$name}{args}{$arg};

							if($type)
							{
								my $passes=1;

								if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
								if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/  }

								if($passes)
								{
									$value=~s/$entity_re/&amp;/g;

									if($value=~/"/) { $value="'$value'" }
									else { $value="\"$value\"" }

									$args{$arg}=$value;
								}
							}
						}

						my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;

						$implicit="/" if($tags{$name}{empty});

						push @stack,$name unless $implicit;

						$clean.="<$name";
						$clean.=" $cleanargs" if $cleanargs;
						$clean.=" $implicit" if $implicit;
						$clean.=">";
					}
				}
			}
		}
	}

	my $entry;
	while($entry=pop @stack) { $clean.="</$entry>" }

	return $clean;
}

test1

> how about having a third party create extensions for those browsers and freeing up the real estate on the actual page?

What's with this obsession on removing the CSS options? It's a single line, and some of us find it useful.

Real estate? Scroll down.

> Put the Entire thread link on the top of the thread, not the bottom.

Well, since the current update has removed almost all links to entire threads, I won't do THAT, but I guess a Last 50 link could be snuck in somewhere... Maybe the thread title should be an l50 link?

rel=nofollow for internal links as discussed in http://wakaba.c3.cx/sup/kareha.pl/1127092367/