Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-12-11 | comments: fix invocation of possibly_foolish_untaint | Simon McVittie | |
2008-12-11 | comments_form.tmpl: show labels for name, website | Simon McVittie | |
2008-12-11 | comments: avoid warning if there's no subject | Simon McVittie | |
2008-12-11 | comments: Optionally allow anonymous commenters to set their name/URL. | Simon McVittie | |
Also provide a way for the comment template to pick up the verified username/IP. | |||
2008-12-11 | comments: Remove some dead code | Simon McVittie | |
2008-12-11 | comments: rename main field to "editcontent" consistent with editpage | Simon McVittie | |
This has the side-effect that Ikiwiki's default style.css gives the text box 100% width. | |||
2008-12-11 | comments: instead of hard-coding mdwn, allow any supported page format | Simon McVittie | |
2008-12-11 | comments: Save comments as a file with one big [[!comment]] directive. | Simon McVittie | |
This delays all comment formatting until the last possible time, allows us to set metadata without worrying that commenters may be able to evade it, and means that changes to how a comment is saved can be handled gracefully. It also gives us somewhere to put the commenter's username or IP address for later reference. | |||
2008-12-11 | Remove dead code for preprocessing [[!comments]] | Simon McVittie | |
2008-12-11 | comments: Duplicate logic and CGI hook from recentchanges to link user pages ↵ | Simon McVittie | |
correctly | |||
2008-12-11 | Qualify name of formattime() correctly | Simon McVittie | |
2008-12-11 | Delay checking for session expiry til we actually post a comment | Simon McVittie | |
2008-12-11 | comments: record the time at which each comment was posted | Simon McVittie | |
2008-12-11 | comments: Use a checkconfig hook to get the default value of comments_pagename | Simon McVittie | |
2008-12-11 | Remove comments_embed.tmpl (no longer needed) | Simon McVittie | |
2008-12-11 | comments: render comments/commenturl in page.tmpl | Simon McVittie | |
2008-12-11 | comments: use global config to decide whether commenting is allowed, and for ↵ | Simon McVittie | |
name of page Also: * decide comment page name sooner * set permalink on it | |||
2008-12-11 | comments: use global configuration for allow_directives, commit, and pagename | Simon McVittie | |
2008-12-11 | comments: Add some global configuration | Simon McVittie | |
2008-12-11 | comments: make preprocess a no-op | Simon McVittie | |
2008-12-11 | page.tmpl: optionally include "add comment" link | Simon McVittie | |
2008-12-11 | comments_comment.tmpl: allow permalink, anchor to be passed in | Simon McVittie | |
2008-12-11 | comments: document what linkuser does | Simon McVittie | |
2008-12-11 | comments: add a stub pagetemplate hook to show the comments | Simon McVittie | |
2008-12-11 | comments: Use HTML entities to escape directives | Simon McVittie | |
2008-12-11 | Embed comments into comments_embed.tmpl rather than concatenating in perl | Simon McVittie | |
2008-12-11 | comments_embed.tmpl: include the inlined comments if present | Simon McVittie | |
2008-12-11 | comments: use CGI module's checksessionexpiry | Simon McVittie | |
2008-12-11 | editpage: factor out checksessionexpiry into IkiWiki::CGI | Simon McVittie | |
2008-12-11 | Add comments to page.tmpl | Simon McVittie | |
2008-12-11 | htmlbalance: don't compact whitespace, and set misc other options | Simon McVittie | |
Not compacting whitespace is the most important one: now that we run sanitize hooks on individual posted comments in the comments plugin, whitespace that is significant to Markdown (but not HTML) is lost. | |||
2008-12-11 | comments: remove allowhtml option, just switch it on all the time | Simon McVittie | |
Now that posts are individually sanitized, that should be safe. | |||
2008-12-11 | comments: load inline and mdwn lazily | Simon McVittie | |
2008-12-11 | comments: don't rely on mdwn getting loaded first | Simon McVittie | |
2008-12-11 | comments: sanitize the body of each comment before posting it | Simon McVittie | |
This should ensure that users can't "break out" from the enclosing <div>, making it impossible to forge comments (assuming htmlscrubber is enabled, and so is either htmlbalance or htmltidy). | |||
2008-12-11 | Fix typo that led to comments being blanked | Simon McVittie | |
2008-12-11 | postcomment: Rename plugin to comments, use *._comment files | Simon McVittie | |
The PageSpec is still called "postcomment" since that's what it means. | |||
2008-12-11 | Rename smcvpostcomment plugin to postcomment to propose for inclusion | Simon McVittie | |
2008-12-11 | smcvpostcomment: allow commenting to be closed | Simon McVittie | |
2008-12-11 | smcvpostcomment: import other plugins lazily and remove unnecessary use of CGI | Simon McVittie | |
2008-12-11 | smcvpostcomment_*.tmpl: make class names match template names | Simon McVittie | |
Also put "posting comments disabled" in [], and change "Page preview" to "Comment preview". | |||
2008-12-11 | smcvpostcomment: allow inlining to be disabled, and pass through atom etc. ↵ | Simon McVittie | |
better | |||
2008-12-11 | smcvpostcomment: make allowhtml etc. configurable, and don't allow ↵ | Simon McVittie | |
commenting on pages where comments have never been allowed | |||
2008-12-11 | smcvpostcomment: indicate in form whether HTML and directives are allowed | Simon McVittie | |
2008-12-11 | smcvpostcomment: remove HTML if not allowed | Simon McVittie | |
2008-12-11 | smcvpostcomment: always allow wikilinks, and do access control | Simon McVittie | |
wikilinks are harmless, so we might as well allow them. Access control for this plugin is a bit odd, since we specifically don't want to allow comments to be edited - so the check is whether the user is allowed to edit a deliberately invalid page name, page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*) or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec} or the opposite in $config{locked_pages} to allow "editing" (really just posting) comments. | |||
2008-12-11 | smcvpostcomment: reduce length of subject field | Simon McVittie | |
2008-12-11 | smcvpostcomment: explain what $fake is for | Simon McVittie | |
2008-12-11 | smcvpostcomment: avoid warnings if form field 'body' is undef | Simon McVittie | |
2008-12-11 | smcvpostcomment: load inline plugin more forcibly | Simon McVittie | |