Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-12-11 | comments: Save comments as a file with one big [[!comment]] directive. | Simon McVittie | |
This delays all comment formatting until the last possible time, allows us to set metadata without worrying that commenters may be able to evade it, and means that changes to how a comment is saved can be handled gracefully. It also gives us somewhere to put the commenter's username or IP address for later reference. | |||
2008-12-11 | Remove dead code for preprocessing [[!comments]] | Simon McVittie | |
2008-12-11 | comments: Duplicate logic and CGI hook from recentchanges to link user pages ↵ | Simon McVittie | |
correctly | |||
2008-12-11 | Qualify name of formattime() correctly | Simon McVittie | |
2008-12-11 | Delay checking for session expiry til we actually post a comment | Simon McVittie | |
2008-12-11 | comments: record the time at which each comment was posted | Simon McVittie | |
2008-12-11 | comments: Use a checkconfig hook to get the default value of comments_pagename | Simon McVittie | |
2008-12-11 | comments: render comments/commenturl in page.tmpl | Simon McVittie | |
2008-12-11 | comments: use global config to decide whether commenting is allowed, and for ↵ | Simon McVittie | |
name of page Also: * decide comment page name sooner * set permalink on it | |||
2008-12-11 | comments: use global configuration for allow_directives, commit, and pagename | Simon McVittie | |
2008-12-11 | comments: Add some global configuration | Simon McVittie | |
2008-12-11 | comments: make preprocess a no-op | Simon McVittie | |
2008-12-11 | comments: document what linkuser does | Simon McVittie | |
2008-12-11 | comments: add a stub pagetemplate hook to show the comments | Simon McVittie | |
2008-12-11 | comments: Use HTML entities to escape directives | Simon McVittie | |
2008-12-11 | Embed comments into comments_embed.tmpl rather than concatenating in perl | Simon McVittie | |
2008-12-11 | comments: use CGI module's checksessionexpiry | Simon McVittie | |
2008-12-11 | comments: remove allowhtml option, just switch it on all the time | Simon McVittie | |
Now that posts are individually sanitized, that should be safe. | |||
2008-12-11 | comments: load inline and mdwn lazily | Simon McVittie | |
2008-12-11 | comments: don't rely on mdwn getting loaded first | Simon McVittie | |
2008-12-11 | comments: sanitize the body of each comment before posting it | Simon McVittie | |
This should ensure that users can't "break out" from the enclosing <div>, making it impossible to forge comments (assuming htmlscrubber is enabled, and so is either htmlbalance or htmltidy). | |||
2008-12-11 | Fix typo that led to comments being blanked | Simon McVittie | |
2008-12-11 | postcomment: Rename plugin to comments, use *._comment files | Simon McVittie | |
The PageSpec is still called "postcomment" since that's what it means. |