summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-12-11comments: fix invocation of possibly_foolish_untaintSimon McVittie
2008-12-11comments_form.tmpl: show labels for name, websiteSimon McVittie
2008-12-11comments: avoid warning if there's no subjectSimon McVittie
2008-12-11comments: Optionally allow anonymous commenters to set their name/URL.Simon McVittie
Also provide a way for the comment template to pick up the verified username/IP.
2008-12-11comments: Remove some dead codeSimon McVittie
2008-12-11comments: rename main field to "editcontent" consistent with editpageSimon McVittie
This has the side-effect that Ikiwiki's default style.css gives the text box 100% width.
2008-12-11comments: instead of hard-coding mdwn, allow any supported page formatSimon McVittie
2008-12-11comments: Save comments as a file with one big [[!comment]] directive.Simon McVittie
This delays all comment formatting until the last possible time, allows us to set metadata without worrying that commenters may be able to evade it, and means that changes to how a comment is saved can be handled gracefully. It also gives us somewhere to put the commenter's username or IP address for later reference.
2008-12-11Remove dead code for preprocessing [[!comments]]Simon McVittie
2008-12-11comments: Duplicate logic and CGI hook from recentchanges to link user pages ↵Simon McVittie
correctly
2008-12-11Qualify name of formattime() correctlySimon McVittie
2008-12-11Delay checking for session expiry til we actually post a commentSimon McVittie
2008-12-11comments: record the time at which each comment was postedSimon McVittie
2008-12-11comments: Use a checkconfig hook to get the default value of comments_pagenameSimon McVittie
2008-12-11Remove comments_embed.tmpl (no longer needed)Simon McVittie
2008-12-11comments: render comments/commenturl in page.tmplSimon McVittie
2008-12-11comments: use global config to decide whether commenting is allowed, and for ↵Simon McVittie
name of page Also: * decide comment page name sooner * set permalink on it
2008-12-11comments: use global configuration for allow_directives, commit, and pagenameSimon McVittie
2008-12-11comments: Add some global configurationSimon McVittie
2008-12-11comments: make preprocess a no-opSimon McVittie
2008-12-11page.tmpl: optionally include "add comment" linkSimon McVittie
2008-12-11comments_comment.tmpl: allow permalink, anchor to be passed inSimon McVittie
2008-12-11comments: document what linkuser doesSimon McVittie
2008-12-11comments: add a stub pagetemplate hook to show the commentsSimon McVittie
2008-12-11comments: Use HTML entities to escape directivesSimon McVittie
2008-12-11Embed comments into comments_embed.tmpl rather than concatenating in perlSimon McVittie
2008-12-11comments_embed.tmpl: include the inlined comments if presentSimon McVittie
2008-12-11comments: use CGI module's checksessionexpirySimon McVittie
2008-12-11editpage: factor out checksessionexpiry into IkiWiki::CGISimon McVittie
2008-12-11Add comments to page.tmplSimon McVittie
2008-12-11htmlbalance: don't compact whitespace, and set misc other optionsSimon McVittie
Not compacting whitespace is the most important one: now that we run sanitize hooks on individual posted comments in the comments plugin, whitespace that is significant to Markdown (but not HTML) is lost.
2008-12-11comments: remove allowhtml option, just switch it on all the timeSimon McVittie
Now that posts are individually sanitized, that should be safe.
2008-12-11comments: load inline and mdwn lazilySimon McVittie
2008-12-11comments: don't rely on mdwn getting loaded firstSimon McVittie
2008-12-11comments: sanitize the body of each comment before posting itSimon McVittie
This should ensure that users can't "break out" from the enclosing <div>, making it impossible to forge comments (assuming htmlscrubber is enabled, and so is either htmlbalance or htmltidy).
2008-12-11Fix typo that led to comments being blankedSimon McVittie
2008-12-11postcomment: Rename plugin to comments, use *._comment filesSimon McVittie
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11Rename smcvpostcomment plugin to postcomment to propose for inclusionSimon McVittie
2008-12-11smcvpostcomment: allow commenting to be closedSimon McVittie
2008-12-11smcvpostcomment: import other plugins lazily and remove unnecessary use of CGISimon McVittie
2008-12-11smcvpostcomment_*.tmpl: make class names match template namesSimon McVittie
Also put "posting comments disabled" in [], and change "Page preview" to "Comment preview".
2008-12-11smcvpostcomment: allow inlining to be disabled, and pass through atom etc. ↵Simon McVittie
better
2008-12-11smcvpostcomment: make allowhtml etc. configurable, and don't allow ↵Simon McVittie
commenting on pages where comments have never been allowed
2008-12-11smcvpostcomment: indicate in form whether HTML and directives are allowedSimon McVittie
2008-12-11smcvpostcomment: remove HTML if not allowedSimon McVittie
2008-12-11smcvpostcomment: always allow wikilinks, and do access controlSimon McVittie
wikilinks are harmless, so we might as well allow them. Access control for this plugin is a bit odd, since we specifically don't want to allow comments to be edited - so the check is whether the user is allowed to edit a deliberately invalid page name, page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*) or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec} or the opposite in $config{locked_pages} to allow "editing" (really just posting) comments.
2008-12-11smcvpostcomment: reduce length of subject fieldSimon McVittie
2008-12-11smcvpostcomment: explain what $fake is forSimon McVittie
2008-12-11smcvpostcomment: avoid warnings if form field 'body' is undefSimon McVittie
2008-12-11smcvpostcomment: load inline plugin more forciblySimon McVittie