>>357
by "including," I mean "plus."

>>64
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeh? You are not the real >>64!!!

If you want to have a look at what the code actually does to dig out flaws, here is the current version:

sub sanitize_html($%)
{
	my ($html,%tags)=@_;
	my (@stack,$clean);
	my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;

	while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
	{
		my ($text,$tag)=($1,$2);

		if($text)
		{
			$text=~s/$entity_re/&amp;/g;
			$text=~s/>/&gt;/g;
			$clean.=$text;
		}
		else
		{
			if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
			{
				my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);

				if($tags{$name})
				{
					if($closing)
					{
						if(grep { $_ eq $name } @stack)
						{
							my $entry;

							do {
								$entry=pop @stack;
								$clean.="</$entry>";
							} until $entry eq $name;
						}
					}
					else
					{
						my %args;

						$args=~s/\s/ /sg;

						while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
						{
							my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
							$value=$arg unless defined($value);

							my $type=$tags{$name}{args}{$arg};

							if($type)
							{
								my $passes=1;

								if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
								if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/  }

								if($passes)
								{
									$value=~s/$entity_re/&amp;/g;

									if($value=~/"/) { $value="'$value'" }
									else { $value="\"$value\"" }

									$args{$arg}=$value;
								}
							}
						}

						my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;

						$implicit="/" if($tags{$name}{empty});

						push @stack,$name unless $implicit;

						$clean.="<$name";
						$clean.=" $cleanargs" if $cleanargs;
						$clean.=" $implicit" if $implicit;
						$clean.=">";
					}
				}
			}
		}
	}

	my $entry;
	while($entry=pop @stack) { $clean.="</$entry>" }

	return $clean;
}

I want a 1001th post! :(

Currently, pruning by age is measured from the time of the newest post in the thread, so it wouldn't really work. I'm not sure if this is the best behaviour or not, but it seems it makes more sense to kill threads nobody cares about than to kill slow-moving threads just because they get old.

>>10
Exactly, but considering a lot of people can't make heads from tails in config.pl, how about a saner default?

>>11
That's true, but if least-popular threads are set to be deleted, instead of oldest-first, you don't have to guess.

Maybe. I just picked something at random.

>>326

>You need to explain what you're talking about before I can do anything about that.?

See attached screenshot. It's in every style but Pseud0ch.

>No. I'm too lazy to figure what that's supposed to do, and I don't think anybody actually wants to use that in the first place.

Well the functionality is already in kareha.pl, right? All you need is some modifications to the mode_message template. You can check out the 2ch-like boards on Futaba for reference, though I'm pretty sure I've seen other 2ch-like boards that implement multi-paged functionality with a different layout. Personally, it isn't all that big a deal if it's just a template issue though.

>There's no database to keep IP data in, and I'd prefer to keep the script completely agnostic to IP addresses.

No need for a database, just a text file. You're right about storing IPs, though, but then how can you implement a banning system? Do you use an encrypted IP like the algorithm to generate ID codes?

>No, because I don't know what you mean.

I mean that (for example) if I wanted to replace the permasaging function under the MAX_POSTS condition (permasage after X posts) with the thread-closing function (close after X posts), all it would require is a simple replacement of the proper function references in post_stuff(), correct?

>>327

>(optional) preview page

Excessive, methinks.

>Is there a reason why the post box is so small and pushed to the side?

Because mode_message is modeled after the 0ch layout. To compensate for the smallness, it expands automatically when you click inside it.

>Forced fusianasan would be fine I think, if they had advanced warning.

This can be easily done manually with rules.html

> statically linked executable

I have to disagree with this. It should run in perl too.

• If you're running wakaba, obviously perl must be there
• Most hosts that library-poor don't provide compilers (or shell) either

Text Art's description about auto-linking URLs and >> references is redundant. Not a bad solution with the layout, though (hiding the menu behind "More options..." still bugs me).

> Frankly, the combinations of many things into unrelated fields is a design flaw.

I don't think so, not in these cases. What's the alternative? Having a different field for fusianasan, a new checkbox for sage, etc.? That's just cluttering up the interface.

> What if you want to use a name/trip and fusianasan?

Then just make one post with your name/trip and one with fusianasan and let your ID show up in both.
fusiansan is just intended for rare or special cases anyway, as is the whole subject of identification on anonymous message boards.

> What if your email address contains the string 'sage'?

Huh?

> What if you want to sage a thread, but have an ID still?

Then the board has to be configurated to just do that (it already can).

> why should I have to remember something so foreign?

It's rarely needed anyway. Also, these things are pretty easy to remember. "sage" and "fusianasan" is all there is, really.

More information on the all threads page, date of the last post? file size?

A quote button that puts >>n and puts the post prefixed by > in the reply box

Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)

> statically linked executable

I have to disagree with this. It should run in perl too.

• If you're running wakaba, obviously perl must be there
• Most hosts that library-poor don't provide compilers (or shell) either

> You don't see the link to the WakabaMark page either?

Nope... ?

> There's just a tiny little link there to let people do this. Is this really a such a huge bother to deal with? It's two words.

It's a link, it screams "Click me!". Most people don't need it most of the time, still it'll be there all of the time. How about style:none or something?

And sorry for being annoying. Strong opinions and all, no offense.

>>348

That's a Firefox bug.

>>Well, then you are out of luck, aren't you? So you want to enter your E-Mail but cannot because then the post wouldn't bump then? Solution: Write it in the comment field, problem fixed.

There is no reason to change well-known keywords for this or even turn this into a frustratingly unconvenient tickbox/checkbox.
Having a specific trigger to trigger ID would also work.

>discussion of only one comment box, then you couldn't talk about sage/fusianasan/whatever

You could only trigger the functions in a specific format, say

:link-sage
:name-blah#faggot

lol comment

I do not believe this was an actual request, but it is obviously possible and usable. Another way would be escaping keywords that you want to post.

> partition to kill secure tripcodes

Why? If you are going to get rid of secure tripcodes you should get rid of tripcodes by the same reasons. On another note, why have I seen partition instead of petition multiple times?

>So I misspelled one word once. Sue me!

My point was that it is unnesessarily obtuse, not nit-picking that you misspelled it.

>This is a widely used system. There is a very low learning curve here. sage = does not bump thread when replying, that's all there is to know. People can then figure out why it is useful on their own.

You would think there is a low learning curve, but that is not really the case. For example, on an imageboard, what effect do you have making a sage post (with no real content) with prune oldest and a permasage limit? What about prune oldest with a permasage limit that excludes sage replies?

>trigger replacements

I'm not sure what to replace sage with, if anything. Down certainly doesn't describe it (to me it implies the reverse of age, which is not the case). don't_bump or dont_bump? show_host or show_ip works for fusianasan imo... show_ID to trigger ID?

> 2channel does not do this either by default. It can make browsing a bit more convenient (and I suspect dedicated 2channel browsers to insert & read these in some kind of standardized way) but I don't think that's reason enough to impose it on users by default.

whoops, I misread "postcount" as "posticon". Nevermind!

Hmmm, I just noticed you still allow <a> tags, which would let posters use inline links. Are you gonna keep that?

>>324
I've heard they use it on a per-IP basis for troublesome posters on 2ch. It could also discourage people from being jisakujien (supposing ID is disabled) or posting in a certain thread unless they're totally willing to have their host revealed.

>>174

>Let people figure out things themselves, if they are so keen on changing their keywords.

If you really want to use your own custom trigger strings, you can easily search kareha.pl for instances where "sage" and "fusianasan" are used in that context and either replace them with those custom strings or append them as secondary strings. It's not something that warrants additional config.pl parameters.

The "Entire thread" link on the thread page is missing a "/" at the end.

>>189

>The effect would be miniscule in comparison to the huge increase in bandwidth that would result from sending the entire static thread pages.

How about a config.pl parameter to split up thread subpages into X posts per page? The navigation links already use 100 posts per page for practically everything except "Last 50 posts".

Hmm, I just remembered: >> links would not work at all with static pages. Not good.

>Why? Even if 0ch or Futaba implemented secure tripcodes, you wouldn't get the same secure tripcode there as on another board. That's the nature of the security.

Right, I guess it was dumb to mention 0ch/Futaba in the first place. The point is, as you said yourself, tripcodes are a gimmick, and if someone wants to maintain a persistent identity across multiple boards and sites (ie, everyone here with a tripcode), they have no choice but to use ordinary tripcodes. Secure tripcodes are useless because they limit your identity to a single board, supposing each board/site's cipher key is different -- which it should be, since that's the point of having a secure tripcode in the first place. No one should be so paranoid about a tripcode that they'd need to have a different one per board/site.

>Not without doing a lot of changes throughout the code, and not without breaking current installations.

Shouldn't we sacrifice some backwards compatibility for a more robust and scalable design? It might even be possible to provide an upgrade.pl for old threads.

>>193

>You could only trigger the functions in a specific format, say...

That's a cool idea, though for now it would have to be left alone if we want to keep Kareha compatible with 2ch/Futaba conventions.

>>195
Exactly. The methods and the effects of saging a thread are separate subjects.

P.S. I recently discovered "rXX-XX" for threads in /soc/. How exactly does this work? From the sound of it, it's supposed to randomize the post order, but when I hit refresh I get the same order.

rel=nofollow for internal links as discussed in http://wakaba.c3.cx/sup/kareha.pl/1127092367/

Oh, and "AA mode" should be changed to "Text art mode" so we won't be incessantly quibbling about the difference between ASCII and SJIS art.

I don't see what's so bad about >>330. The alternative is to force the table to be full width, which will make it uglier (because in HTML all columns will become wider, including the skinniest ones), and harder to read.

> No need for a database, just a text file. You're right about storing IPs, though, but then how can you implement a banning system? Do you use an encrypted IP like the algorithm to generate ID codes?

Banning is done through Apache, which really makes more sense than doing it in the script. I don't want to re-invent the wheel for that.

> I mean that (for example) if I wanted to replace the permasaging function under the MAX_POSTS condition (permasage after X posts) with the thread-closing function (close after X posts), all it would require is a simple replacement of the proper function references in post_stuff(), correct?

No, they're done at different different places, because they are essentially different functions. The permasage behaviour doesn't actually permasage a thread, it only refrains from bumping it. There's no permsage flag added to the thread. The closing, on the other hand, does add a flag to the thread.

> Making "More options..." an option in the configs.
> Seems sensible, when you already have the ability to turn off WakabaMark as a board admin.

No. And I actually removed the DISABLE_WAKABAMARK option since it's no longer really needed. The replacement will be an option to select the default markup for a board, which makes much more sense overall.

>>103

Noted.

>>91 Ohshi-, time paradox!

Uh, kind of a bug. I really should fix it, but, lazy.

>>255
By replacing it with AN EVEN DUMBER PUN!