The Legendary Next Update (365)
263 Name: &height=16)
2005-10-22 16:55 ID:Heaven
202 Name: 2005-10-20 19:06 ID:Heaven
Yeah, no, maybe. Using secure trips for capcodes also adds extra protections against accidentially misspellingyour capcode and leaving it open to attack.
275 Name: !WAHa.06x36 : 2005-10-23 16:53 ID:Heaven
> The File field is almost never there.
...especially not when I've added a bug that makes it disappear. Where the hell did it go?
259 Name: coda 2005-10-22 15:01 ID:1jzeBBcT
the text
c < dcauses a <d> tag to be opened, which is not on the list, and therefore all the text until the next tag will be deleted. a better behavior in this case would be to just convert that < to <. you even ought to do this for
a < btoo, despite the fact that b is a valid tag, because who the hell leaves the closing angle bracket out of their HTML tag?
creating the correct regexes for this is an exercise left to the reader.
252 Name: Anonymous 2005-10-22 13:11 ID:Heaven
Plus if you were to allow those tags in HTML, you should do the same for WakabaMark (which actually takes its cue from Markdown, so I don't see why it has a different name).
280 Name: Anonymous : 2005-10-23 18:15 ID:Heaven
Hmmm, I just noticed you still allow <a> tags, which would let posters use inline links. Are you gonna keep that?
357 Name: Anonymous : 2005-10-31 11:19 ID:Heaven
>>354
admin.pl with a separate HTML page in ./admin (so it can be accessed simply by appending "/admin" to the board URL). It should have every possible admin feature available in kareha.pl, including rebuilding caches, modifying the spamlist, and nuking the board.
243 Name: 2005-10-22 10:54 ID:Heaven
If you want to have a look at what the code actually does to dig out flaws, here is the current version:
sub sanitize_html($%)
{
my ($html,%tags)=@_;
my (@stack,$clean);
my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;
while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
{
my ($text,$tag)=($1,$2);
if($text)
{
$text=~s/$entity_re/&/g;
$text=~s/>/>/g;
$clean.=$text;
}
else
{
if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
{
my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);
if($tags{$name})
{
if($closing)
{
if(grep { $_ eq $name } @stack)
{
my $entry;
do {
$entry=pop @stack;
$clean.="</$entry>";
} until $entry eq $name;
}
}
else
{
my %args;
$args=~s/\s/ /sg;
while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
{
my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
$value=$arg unless defined($value);
my $type=$tags{$name}{args}{$arg};
if($type)
{
my $passes=1;
if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/ }
if($passes)
{
$value=~s/$entity_re/&/g;
if($value=~/"/) { $value="'$value'" }
else { $value="\"$value\"" }
$args{$arg}=$value;
}
}
}
my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;
$implicit="/" if($tags{$name}{empty});
push @stack,$name unless $implicit;
$clean.="<$name";
$clean.=" $cleanargs" if $cleanargs;
$clean.=" $implicit" if $implicit;
$clean.=">";
}
}
}
}
}
my $entry;
while($entry=pop @stack) { $clean.="</$entry>" }
return $clean;
} 224 Name: 2005-10-21 16:59 ID:Heaven
A 1001th post would be a bother.
326 Name: !WAHa.06x36 : 2005-10-26 19:08 ID:SjmelPTB
> Wait, why should l50 links be indexed/cached?
Because the only way for the search engine to find the old threads is to go through the l50 links. I'm taking the advice of >>322 though.
> The CSS in the All threads page is unsightly. Is there a way to properly wrap the outer color border(s) around the table of threads?
You need to explain what you're talking about before I can do anything about that. What style, and what does "wrap the outer color border(s) around" mean?
> I still say that the "Navigation: " text is extraneous when people can clearly see what the links do. Also still partitioning for 0ch-style error pages (with displayed user host and all).
It's there because freefloating unlabelled links look weird.
> Now that we do have filesize indicators in the backlog page of mode_message, do you still find it useless to have the red bold filesizes near the bottom of thread subpages?
They're there, but only if you enable pruning by size.
> Does mode_message now work in PAGE_GENERATION => 'paged'?
No. I'm too lazy to figure what that's supposed to do, and I don't think anybody actually wants to use that in the first place.
> Idea: forced anonymous/sage/ID/fusianasan by IP/thread/board/whole site (some of these combinations already exist, I know)?
There's no database to keep IP data in, and I'd prefer to keep the script completely agnostic to IP addresses.
> Finally, I imagine that the permasage/close/delete functions in kareha.pl will be easily interchangeable among the conditions in post_stuff(). Can you confirm this?
No, because I don't know what you mean.
102 Name: Anonymous 2005-10-17 15:04 ID:Heaven
> Maybe the thread title should be an l50 link?
That's what I've been saying in >>3!
> If anything, the role of capcodes should be minimized or altogether eradicated, in favor of ninja moderation.
It's up to the administration of the site how to use them. I am advocating that if they are used at all (and yes, there are useful instances for this and yes, these are and should be rare) then it would be helpful to be able to differentiate between site owner/admin/supermod/mod/maid/etc
183 Name: Anonymous 2005-10-20 09:32 ID:Heaven
>>182
That's not what I meant. What I meant was: If people want to change keywords to something, let them figure out at appropriate places what this something should be. Whether it should be "down", "stay_down" or "stay_put" is not really a discussion belongs here, not at this point anyway.
106 Name: qube3.mackey.miyazaki.miyazaki.jp 2005-10-17 15:49 ID:JzjmoL7r
test
301 Name: Anonymous : 2005-10-24 00:56 ID:Heaven
301 Name: Anonymous : 2005-10-24 00:56 ID:Heaven
338 Name: Anonymous : 2005-10-27 05:06 ID:Heaven
> I don't understand the argument for OH NO ANOTHER BUTTON MY WHOLE LIFE IS RUINNED crowd
It's all a design & layout question. I'd like to have the interface reduced to what is absolutely neccessary, esp. since I do not think many people really want to even bother or bother very often with the whole markup question.
> The replacement will be an option to select the default markup for a board, which makes much more sense overall.
I agree, this seems to make the most sense. I understand the "More options..." will not be showing up on boards with fixed settings, so I'll shut my mouth from now on. Apologies to all who I've been bothering.
337 Name: !WAHa.06x36 : 2005-10-27 04:53 ID:Heaven
I don't see what's so bad about >>330. The alternative is to force the table to be full width, which will make it uglier (because in HTML all columns will become wider, including the skinniest ones), and harder to read.
> No need for a database, just a text file. You're right about storing IPs, though, but then how can you implement a banning system? Do you use an encrypted IP like the algorithm to generate ID codes?
Banning is done through Apache, which really makes more sense than doing it in the script. I don't want to re-invent the wheel for that.
> I mean that (for example) if I wanted to replace the permasaging function under the MAX_POSTS condition (permasage after X posts) with the thread-closing function (close after X posts), all it would require is a simple replacement of the proper function references in post_stuff(), correct?
No, they're done at different different places, because they are essentially different functions. The permasage behaviour doesn't actually permasage a thread, it only refrains from bumping it. There's no permsage flag added to the thread. The closing, on the other hand, does add a flag to the thread.
> Making "More options..." an option in the configs.
> Seems sensible, when you already have the ability to turn off WakabaMark as a board admin.
No. And I actually removed the DISABLE_WAKABAMARK option since it's no longer really needed. The replacement will be an option to select the default markup for a board, which makes much more sense overall.
259 Name: coda 2005-10-22 15:01 ID:1jzeBBcT
the text
c < dcauses a <d> tag to be opened, which is not on the list, and therefore all the text until the next tag will be deleted. a better behavior in this case would be to just convert that < to <. you even ought to do this for
a < btoo, despite the fact that b is a valid tag, because who the hell leaves the closing angle bracket out of their HTML tag?
creating the correct regexes for this is an exercise left to the reader.
242 Name: 2005-10-22 10:53 ID:Heaven
Here's a fun little game for you all!
I'm looking into adding support for using HTML markup in addition to WakabaMark, but since most boards use XHTML, I can't just let through any old HTML, and most people can't write well-formed XHTML. Also, I don't want any cross-site scripting going on. So I've tried to write a piece of code that takes any horribly written piece of HTML, sanitizes it by removing all tags and attributes that are not an approved list, checks the attribute values, and turns it into well-formed XML.
Now I'd like to see if anyone can break this. The objective is to get some Javascript onto the page, or making the page break in Firefox (or any other browser that parses XML strictly), or otherwise causing trouble. Have at it!
311 Name: !WAHa.06x36 : 2005-10-24 17:24 ID:Heaven
> Why not make None or Text Art the default?
Because >>309. I don't want to implement half of WakabaMark for the None mode, and without it you don't get stuff like quote highlighting.
> Also, can you make >> links into anchors('#') when you're on the reply/entire thread page, especially in Wakaba?
Er, that is exactly how Wakaba works right now? And Kareha can't change the contents of posts dynamically, so it'll never do it.
268 Name: Anonymous : 2005-10-23 15:00 ID:Heaven
I hate that blue link next to the reply box! It looks ugly!
Also, there's no "Less options..."
Can't this be somewhere else but the post form?
33 Name: !WAHa.06x36 2005-10-14 05:01 ID:gBva8ggI
Your browser momentarily regressed to an old bug and then got better? Who can tell?
Running in pure perl would be ideal, portability-wise, but in practice implementing a JPEG loader and saver from scratch in Perl is both a lot more work than anyone wants to do, and the result will also be too slow.
As was already stated, making a statically linked executable lets you distribute pre-compiled binaries that people can just upload along with the script.
133 Name: c-24-91-21-117.hsd1.ma.comcast.net 2005-10-18 17:36 ID:z/kxsMjQ
test2. looks good!
214 Name: Anonymous 2005-10-21 15:00 ID:Heaven
>> config.pl parameter to permasage after a certain thread filesize/total number of characters has been reached
> Isn't this essentially the same as saying "Please don't talk so much?"
I am not >>208 but the first who suggested this here (long ago). I think it may be vital for future, actually popular boards to limit the filesize of a thread so that the board won't get hammered by repeated loads of whole threads without having to limit the size of posts themselves something fierce.
5 Name: Anonymous 2005-10-12 17:15 ID:Heaven
Additionally, I'd like WakabaMark to be fixed somehow.
I don't know how, though. You know my resentments.
Finally, thanks for your fine work throughout all this time.
It is appreciated!
197 Name: Anonymous 2005-10-20 14:02 ID:Heaven
>>196
Actually, a solution to >> links with static pages is to simply make them reference a certain point on a certain page number for that thread (ie, http://wakaba.c3.cx/sup/1129153864/index2.html#197).