>>103

Noted.

> Better to have a tick-box and explain to people why it is useful. Or an option for it.

Yes, an option. Because I think a tickbox is horrible.

This is a widely used system. There is a very low learning curve here. sage = does not bump thread when replying, that's all there is to know. People can then figure out why it is useful on their own.

And personally, I think sageing should be encouraged more (since the perceptions on it have been pretty much ruined by 4chan). So it helps that it stays in the E-Mail/Link field instead of being purged from the tickbox each time like Shiichan does (interestingly, 4chan's Futallaby does also purge "sage" if written in all minor letters).

Weird, ¦ now stays ¦.
Testing #¦ now.

>>208

> multi-page links (1-, 101-, 201-, etc) at the top of subpages

This is just implemented on some 0ch types. 2channel doesn't use it (at least on no board that I know of).

>Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.

You could take the route that MrVB (I think?) did and generate the strings on first run? openssl, /dev/random, perl's random as last resort. In almost every case you are going to get a better random string than most people will supply, and if they want to change it they can. Or only have them generated if they are not supplied.

Honestly, when people care so much about anonymity they can put up with the changes required to ensure it.

Oh, and I apologize for indirectly causing you too much trouble with this change.

I fixed the Javascript a bit, and uploaded it for these boards. Try shift-reloading to get the new code, and see if cookies work better now that I'm not using cargo-cult code.

You may want to consider releasing Kareha & Wakaba under some sort of license at this point, just to make sure that the scripts always stay free for people to use.

http://en.wikipedia.org/wiki/Free_software_license
http://en.wikipedia.org/wiki/Software_License_Types#Free_software_licenses
http://en.wikipedia.org/wiki/Copyleft

If you want to have a look at what the code actually does to dig out flaws, here is the current version:

sub sanitize_html($%)
{
	my ($html,%tags)=@_;
	my (@stack,$clean);
	my $entity_re=qr/&(?!\#[0-9]+;|\#x[0-9a-fA-F]+;|amp;)/;

	while($html=~/(?:([^<]+)|<([^<>]*)>?)/g)
	{
		my ($text,$tag)=($1,$2);

		if($text)
		{
			$text=~s/$entity_re/&amp;/g;
			$text=~s/>/&gt;/g;
			$clean.=$text;
		}
		else
		{
			if($tag=~m!^\s*(/?)\s*([a-z0-9_:\-\.]+)(?:\s+(.*?)|)\s*(/?)\s*$!si)
			{
				my ($closing,$name,$args,$implicit)=($1,lc($2),$3,$4);

				if($tags{$name})
				{
					if($closing)
					{
						if(grep { $_ eq $name } @stack)
						{
							my $entry;

							do {
								$entry=pop @stack;
								$clean.="</$entry>";
							} until $entry eq $name;
						}
					}
					else
					{
						my %args;

						$args=~s/\s/ /sg;

						while($args=~/([a-z0-9_:\-\.]+)(?:\s*=\s*(?:'([^']*?)'|"([^"]*?)"|['"]?([^'" ]*))|)/gi)
						{
							my ($arg,$value)=(lc($1),defined($2)?$2:defined($3)?$3:$4);
							$value=$arg unless defined($value);

							my $type=$tags{$name}{args}{$arg};

							if($type)
							{
								my $passes=1;

								if($type=~/url/i) { $passes=0 unless $value=~/(?:^$protocol_re:|^[^:]+$)/ }
								if($type=~/number/i) { $passes=0 unless $value=~/^[0-9]+$/  }

								if($passes)
								{
									$value=~s/$entity_re/&amp;/g;

									if($value=~/"/) { $value="'$value'" }
									else { $value="\"$value\"" }

									$args{$arg}=$value;
								}
							}
						}

						my $cleanargs=join " ",map { "$_=$args{$_}" } keys %args;

						$implicit="/" if($tags{$name}{empty});

						push @stack,$name unless $implicit;

						$clean.="<$name";
						$clean.=" $cleanargs" if $cleanargs;
						$clean.=" $implicit" if $implicit;
						$clean.=">";
					}
				}
			}
		}
	}

	my $entry;
	while($entry=pop @stack) { $clean.="</$entry>" }

	return $clean;
}

>>232
Nothing! But since mode_image's footer.html includes a link to Futaba called "Futaba mode," I think mode_message should have the same.

And my post ist a good example for chosing the wrong markup :/

Well, both >>30 and >>31 didn't change the ¦ into ?U so I am out of ideas what happened...

>Most admins probably don't get point of the secret string anyway, and asking them to put in several is just too annoying. In retrospect, I'd like to add a second layer of hashing to these, but that'd mean breaking secure trips AGAIN.

You could take the route that MrVB (I think?) did and generate the strings on first run? openssl, /dev/random, perl's random as last resort. In almost every case you are going to get a better random string than most people will supply, and if they want to change it they can. Or only have them generated if they are not supplied.

Honestly, when people care so much about anonymity they can put up with the changes required to ensure it.

I found this:

fusianasan【ふしあなさん】［名・自ｽﾙ］
２ちゃんねるに書き込みする際に名前欄に「fusianasan」の文字列を入力すると、その書き込みをした人のリモートホストのＩＰアドレスがさらされるようになっている。
本来は「（固定ハンドル)@fusianasan」などとして、まだキャップを取得していない固定ハンドルが自らＩＰをさらすことで騙りを防ぐためのシステムである。
が、裏２ちゃん関係のコピペが横行するに至って、一時期うっかりＩＰをさらしてしまう。
エロな人間が続出し、fusianasan廃止要望まで唱えられるに至った(当然却下されたが)。
ＩＰをさらすことだけによる危険は、そのＩＰから手元で使用中のコンピュータを一意に特定でき
（ex：グローバルＩＰによる常時接続）、かつプロキシ・サーバー、ファイヤーウォールなどの防御策を怠っている場合にしか及ばないので、
fusianasanに引っかかったからといって実はそこまで神経質になることもなかったりする。
……過去にＩＰから仕事中に政府機関から２ちゃんねるにつないで裏２ちゃんに入ろうとしていた愚か者が釣れてさらされたという事例はあるが。
なお、現在では一部の板でデフォルトの名無しさん（名前欄未記入時の名前）が「fusianasanさん」などfusianasanを含む名前となっている場合がある。
また、串の性能を試すために敢えて裏２ちゃんに引っかかっていると思われる強者もちらほら見受けられる。

類義語：mokorikomo
参照：裏２ちゃん、キャップ

"page top" is better imho

> 3) A specific string for ID:Heaven instead of anything in the email field

Isn't that already an option in the config?

> 5) Seperation of sage et al from the email field to something else...

Strong oppose! I am of the (strong! lol) opinion that the current situation is the one working the best and also that it is widely accepted on almost all similiar board scripts (save for Shiichan and one obscure Japanese discussion board script that I once stumbled upon).

Previous discussion of this can be found here:
http://wakaba.c3.cx/sup/kareha.pl/1102984488/

>>255
By replacing it with AN EVEN DUMBER PUN!

Oh okay.

I agree, for Kareha at least.

>>32

Your browser momentarily regressed to an old bug and then got better? Who can tell?

>>22

Running in pure perl would be ideal, portability-wise, but in practice implementing a JPEG loader and saver from scratch in Perl is both a lot more work than anyone wants to do, and the result will also be too slow.

As was already stated, making a statically linked executable lets you distribute pre-compiled binaries that people can just upload along with the script.

>>19

I can't reproduce this on Firefox 1.0.4 nor Safari on the Mac, but that ancient Firebird had a similar problem (but even worse).

Anyone else? Try post with a | in your name.

> More information on the all threads page [...] file size?

If (optional) closing on filesize should be implemented, this would probably be a good idea.

I'm not sure I want to make a ban system. I'd rather just make it easy to interface with a simple banning script that does whatever's needed for the server it's running on.

Another topic: since dynamic pages eat up CPU in order to rebuild pages according to URL parameters, what would be the likelihood of the current dynamic thread subpages having a significantly adverse effect in this aspect if a board were to grow to 2ch-sized proportions? Should there be a consideration to make these pages as static as the front page?

Also, let's put out a partition to kill secure tripcodes (unless they originated from 0ch/Futaba) and captcha (until we find a way to implement similar functionality without requiring it in the form of a GIF/PNG image), and add functionality for multiple uploads in one post.

And is there any practical way that Kareha can be modified to run multiple (even nested) boards in a single installation?

Hey, I just noticed this: where did the admin link go? Or are you working on a separate interface already? :D

>>16

Yes, it's throwing Javascript errors for me if I use that character. Gonna look into that some more.

I don't see what's so bad about >>330. The alternative is to force the table to be full width, which will make it uglier (because in HTML all columns will become wider, including the skinniest ones), and harder to read.

> No need for a database, just a text file. You're right about storing IPs, though, but then how can you implement a banning system? Do you use an encrypted IP like the algorithm to generate ID codes?

Banning is done through Apache, which really makes more sense than doing it in the script. I don't want to re-invent the wheel for that.

> I mean that (for example) if I wanted to replace the permasaging function under the MAX_POSTS condition (permasage after X posts) with the thread-closing function (close after X posts), all it would require is a simple replacement of the proper function references in post_stuff(), correct?

No, they're done at different different places, because they are essentially different functions. The permasage behaviour doesn't actually permasage a thread, it only refrains from bumping it. There's no permsage flag added to the thread. The closing, on the other hand, does add a flag to the thread.

> Making "More options..." an option in the configs.
> Seems sensible, when you already have the ability to turn off WakabaMark as a board admin.

No. And I actually removed the DISABLE_WAKABAMARK option since it's no longer really needed. The replacement will be an option to select the default markup for a board, which makes much more sense overall.

The "Entire thread" link in the top navigation bar of the thread page is still broken.

> metadata

Not sure, that would require a database redesign and I don't want to force people with a current install to do that. Also, it seems something like that would work better for a whole new script, properly designed around the idea.

> config.pl parameter for a generic image that takes the place of a deleted image (ie, Hello Kitty)

Ah, good, been meaning to do, forgot about.

> Fine-grained banning options that let you choose whether or not the user is blocked from reading a board, posting to a board, or both. Another parameter defines the duration of his ban ('0' for permaban), and another defines a reason/message displayed when the user tries to access a board.

None of those seem useful to me, because I'm of the opinion that bans are to prevent abuse, not to punish users.

> Replace HTML error pages with dialog box equivalents using JavaScript.

Would require a bunch of hidden-iframing and such. I'd like to do a complete re-design full of javascript trickery, and this idea would fit better in such a context... That is to say, I'm lazy and the current version is robust, and I'm loathe to go around changing it, since it would introduce new problems.

> Kill user deletion. I can't see any case for when it'd have constructive uses.

On image boards, it has a very definite use - people do fuck up and post in the wrong thread, or create new threads. It's better if they can clean up after themselves. In Kareha, you can already disable deletion.

> Conversion to mod_perl?

As far as I know, it should work in mod_perl already, modulo some prototype bugs. I'll try to get those fixed.

> The standalone thumbnailer project is a great idea too. As a suggestion, how about adding functionality to also read and thumbnail document files like TXT, PDF, and DOC?

That would require a LOT of code, especially when you don't want external dependencies, so it's a bit iffy.