>>244

Er, that's a feature, not a bug. That's how most GUIs act.

> That's what I thought, but then why is it in the Reply pages?

Er, that's a bug I guess.

> 1) rename the RENZOKU constants to something that makes sense

I dunno, they're pretty useless anyway, as has been pointed out, so I don't know if I care enough to change them.

> 2) Have the string to sage and fusianasan defined as a constant in config

I dunno, if different boards use different strings, that will only make for immense confusion.

> 3) A specific string for ID:Heaven instead of anything in the email field

Well, the only string that makes sense is sage, but yes, I should implement the Heaven-on-sage behaviour.

> 4) Cookie preferences such as "Don't use expanding textarea" which leaves it small or big.. or another option for that choice as well; an option to not save Name/Email automatically; anything else that is useful?

Maybe, but I'm not sure it's worth the effort (I'd have to implement a preferences page for it, too).

ugh "More options..."

too much clickable elements! and it doesn't even do anything (Firefox 1.0.7 here)!

out! out!

>>348

That's a Firefox bug.

>>275
Heh, I thought you had disabled it manually.

>The File field is almost never there.

Right, and when it isn't, the Formatting menu can still reside on the same line.

The error page in mode_message should more closely resemble that of 0ch (complete with "ERROR!" title).

>>48-50
First of all, I don't believe it would make bumps more valuable in any way. People bump threads all the time with worthless replies since most don't even know what "sage" is or means or what it is good for. They will simply continue to do this, no matter whether the sage function is changed in this way.

Even at this stage, years after its introduction to a major western userbase, people are still clueless about the main basic functions of image- and discussionboards in the Futaba/0ch style. There are some signs of improvement, but they are rare.
I doubt people would be willing or eager to learn a new, different behaviour at this point in time.

The only real change is what >>50 points out (though I want to mention that even that point is mostly misunderstood: if people want to protest against a certain thread, they should post as many sage posts as it needs to get permasaged (although it's arguably counterproductive, considering the default prune behaviour of imgboards). If threads are still bumpable and trolls find that they have been flamed with a sage, they will just bump it once more). And I don't think that's enough to justify a pretty major function change.

More information on the all threads page, date of the last post? file size?

A quote button that puts >>n and puts the post prefixed by > in the reply box

Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)

If you want to have a look at what the code actually does to dig out flaws, here is the current version:

sub sanitize_html($%)
{
	my ($html,%tags)=@_;
	my (@stack,$clean);
	my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;

	while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
	{
		my ($text,$tag)=($1,$2);

		if($text)
		{
			$text=~s/$entity_re/&amp;/g;
			$text=~s/>/&gt;/g;
			$clean.=$text;
		}
		else
		{
			if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
			{
				my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);

				if($tags{$name})
				{
					if($closing)
					{
						if(grep { $_ eq $name } @stack)
						{
							my $entry;

							do {
								$entry=pop @stack;
								$clean.="</$entry>";
							} until $entry eq $name;
						}
					}
					else
					{
						my %args;

						$args=~s/\s/ /sg;

						while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
						{
							my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
							$value=$arg unless defined($value);

							my $type=$tags{$name}{args}{$arg};

							if($type)
							{
								my $passes=1;

								if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
								if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/  }

								if($passes)
								{
									$value=~s/$entity_re/&amp;/g;

									if($value=~/"/) { $value="'$value'" }
									else { $value="\"$value\"" }

									$args{$arg}=$value;
								}
							}
						}

						my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;

						$implicit="/" if($tags{$name}{empty});

						push @stack,$name unless $implicit;

						$clean.="<$name";
						$clean.=" $cleanargs" if $cleanargs;
						$clean.=" $implicit" if $implicit;
						$clean.=">";
					}
				}
			}
		}
	}

	my $entry;
	while($entry=pop @stack) { $clean.="</$entry>" }

	return $clean;
}

If you want to have a look at what the code actually does to dig out flaws, here is the current version:

sub sanitize_html($%)
{
	my ($html,%tags)=@_;
	my (@stack,$clean);
	my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;

	while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
	{
		my ($text,$tag)=($1,$2);

		if($text)
		{
			$text=~s/$entity_re/&amp;/g;
			$text=~s/>/&gt;/g;
			$clean.=$text;
		}
		else
		{
			if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
			{
				my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);

				if($tags{$name})
				{
					if($closing)
					{
						if(grep { $_ eq $name } @stack)
						{
							my $entry;

							do {
								$entry=pop @stack;
								$clean.="</$entry>";
							} until $entry eq $name;
						}
					}
					else
					{
						my %args;

						$args=~s/\s/ /sg;

						while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
						{
							my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
							$value=$arg unless defined($value);

							my $type=$tags{$name}{args}{$arg};

							if($type)
							{
								my $passes=1;

								if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
								if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/  }

								if($passes)
								{
									$value=~s/$entity_re/&amp;/g;

									if($value=~/"/) { $value="'$value'" }
									else { $value="\"$value\"" }

									$args{$arg}=$value;
								}
							}
						}

						my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;

						$implicit="/" if($tags{$name}{empty});

						push @stack,$name unless $implicit;

						$clean.="<$name";
						$clean.=" $cleanargs" if $cleanargs;
						$clean.=" $implicit" if $implicit;
						$clean.=">";
					}
				}
			}
		}
	}

	my $entry;
	while($entry=pop @stack) { $clean.="</$entry>" }

	return $clean;
}

> More information on the all threads page, date of the last post? file size?

That might be somewhat useful, I suppose. I'll have a look at it.

> A quote button that puts >>n and puts the post prefixed by > in the reply box

There's already a way to put in >>n. However, quoting an entire post is seldom something you want to do anyway, so I don't think that's worth cluttering up the page with a million buttons for.

> Different secret strings for different functions (e.g. one for ID generation and one for secure tripcodes)

Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.

> A trigger for turning wakabamark off and one for forcing a monospace font

I've been trying to work out a more elegant solution for this.

> The error page in mode_message should more closely resemble that of 0ch (complete with "ERROR!" title).

Signed. And the style selector on the error page is pretty useless.

Plus if you were to allow those tags in HTML, you should do the same for WakabaMark (which actually takes its cue from Markdown, so I don't see why it has a different name).

Oh yeah, regarding the CSS selector: HTML dropdowns aren't styleable, and will look like shit. I'll look into using some other trickery for that, though.

>>249
<a href> opens up the possibility of using inline links, and img tags allow bandwidth leeching from other sites (plus the fact that the image itself may be unsanitary).

http://wakaba.c3.cx/sup/kareha.pl/1114201493/l50

Or use some sort of filter to replace them characters with underscores on upload.
This offcourse for files that keep their original filename.

> (albeit edge cases)

Which is the crux of the matter - it mostly doesn't matter to the vast majority of users.

> You still end up with no way to link the fusianasan post with the name/trip one without IDs enabled (unless the ID method is known and no secret data is used).

You can use fusianasan with a tripcode, at least on Kareha. I suspect you can on 0ch too, but I haven't checked.

>>19

I can't reproduce this on Firefox 1.0.4 nor Safari on the Mac, but that ancient Firebird had a similar problem (but even worse).

Anyone else? Try post with a | in your name.

Removed it when redesigning the page head, haven't figured out quite what to do about it yet. It needs to be changed, but to what, I'm not yet sure.

And my post ist a good example for chosing the wrong markup :/

>>220
I meant only using the extra post for autoclose situations where the thread has exceeded the defined postcount limit in config.pl. As for the implementation, couldn't you just have Kareha use post_stuff() and (somehow) replace the timestamp with "Over XXXX Thread"?

> You mean requiring SQL software, or just making backwards-incompatible changes that would screw up old threads?

I mean, needing to alter the table that is already in the database. I don't want to try to do that any more than I have to, as it's pretty hard to get right in a database-independent manner.

> Are you only referring to flooding and spamming, or also trolls and flamewars?

Yes, only flooding and spamming. Trolling and flamewars are not a problem one should use banning to try and solve.

> Finally, out of curiosity: how much of the functionality in the .js file do you think could be properly implemented into a new or existing perl script?

Well, if you serve up dynamic pages, you can do the form-filling on the server, but that's about it. The rest is dynamic stuff.

Getting back to inconsequential nitpicking: I find the "___ image replies omitted" phrase to be a bit redundant, and for one it confuses me as to whether or not those image replies are separate from text-only replies. How about simply calling it "images"?

How about appending an estimated (at the time of thread creation) time of pruning to the first post's header, if pruning-by-age is enabled?

I thought fusianasan was supposed to be a mod-only function to weed out bad posters. And what would be the difference between revealing the persons's IP and his ISP's domain?

>>99
I didn't mean to include Forcenick in there, sorry.
Adding to that, however, how about forced sage for specificed IPs? It'd make for a great slogan: Remember kids, tripcodes and aging are privileges, not rights!

Thought of something else: can there be the ability to separately place a title on a board and what the head <title> element says?

Like "Music" for the header but "foolchan - music" for the title in the browser window.

> metadata

Not sure, that would require a database redesign and I don't want to force people with a current install to do that. Also, it seems something like that would work better for a whole new script, properly designed around the idea.

> config.pl parameter for a generic image that takes the place of a deleted image (ie, Hello Kitty)

Ah, good, been meaning to do, forgot about.

> Fine-grained banning options that let you choose whether or not the user is blocked from reading a board, posting to a board, or both. Another parameter defines the duration of his ban ('0' for permaban), and another defines a reason/message displayed when the user tries to access a board.

None of those seem useful to me, because I'm of the opinion that bans are to prevent abuse, not to punish users.

> Replace HTML error pages with dialog box equivalents using JavaScript.

Would require a bunch of hidden-iframing and such. I'd like to do a complete re-design full of javascript trickery, and this idea would fit better in such a context... That is to say, I'm lazy and the current version is robust, and I'm loathe to go around changing it, since it would introduce new problems.

> Kill user deletion. I can't see any case for when it'd have constructive uses.

On image boards, it has a very definite use - people do fuck up and post in the wrong thread, or create new threads. It's better if they can clean up after themselves. In Kareha, you can already disable deletion.

> Conversion to mod_perl?

As far as I know, it should work in mod_perl already, modulo some prototype bugs. I'll try to get those fixed.

> The standalone thumbnailer project is a great idea too. As a suggestion, how about adding functionality to also read and thumbnail document files like TXT, PDF, and DOC?

That would require a LOT of code, especially when you don't want external dependencies, so it's a bit iffy.