summaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin/comments.pm
AgeCommit message (Collapse)Author
2011-03-30look up avatar at comment post timeJoey Hess
There is a tension between looking up the avatar at post time and build time. I have not yet decided which is better. Lookup at build time has the benefit that if a user changes their email address, or sets up their own federated libravatar server, on rebuild their new avatar will show up. It also allows getting a https version of the avatar easily if the site was using http but was changed to use https. And it can look up avatars for posts that have already been made. Which is a nice thing, especially as we roll this out, eh? But it has a drawback, that it depends on the sessiondb contents for emails and so rebuilding a site w/o that will lose info. And, it means dns lookups every time a comment is rendered. A page with a lot of comments on it would render them all whenever another is posted or the page is changed, and that could significantly slow things down. (This could be amelorated by caching the lookups.) Since I'm undecided, I have moved it into a function that could be called either way. Currently looking up only at post time.
2011-03-30check site url for httpsJoey Hess
HTTPS won't be set when rebuilding a site at the command line
2011-03-30robustness fixJoey Hess
Don't fail if libravatar fails for some reason. Reasons I can think of: * too old version to do openid lookups (fall back to email lookup) * network problem perhaps
2011-03-30indentationJoey Hess
2011-03-30comments: add OpenID-based avatars (libravatar.org)Francois Marier
This requires version 1.04 or later of Libravatar::URL.
2011-03-30comments: serve avatars over https in https wikisFrancois Marier
2011-03-30comments: add avatar picture of comment authorFrancois Marier
Use Libravatar::URL to pull the avatar picture for the comment author if we have an email address for him/her.
2011-03-28comment: Better fix to avoid showing comments of subpages, while not ↵Joey Hess
breaking manual inlining of comments.
2011-03-28Revert "comment: Don't show comments of subpages on parent pages. (Fixes bug ↵Joey Hess
introduced in version 3.20100505.)" This reverts commit b34d31142b9fed28ec9cf77fe0c5d9f405d48c84. This was the wrong approach. It broke inlining of comment(*) on eg, a toplevel comment page.
2011-02-27comment: Don't show comments of subpages on parent pages. (Fixes bug ↵Joey Hess
introduced in version 3.20100505.)
2011-01-24bleaghJoey Hess
2011-01-22comments: Fix XSS security hole due to missing validation of page name.Joey Hess
Values have to be checked against wiki_file_regexp, not just file_pruned. Audited the rest of the code base for similar problems, found none.
2011-01-05use cgitemplate, remove misctemplateJoey Hess
2011-01-05add cgitemplateJoey Hess
cgitemplate is a modified misctemplate that takes an optional cgi object and uses it to set the baseurl, and also optionally the forcebaseurl, if a page is provided. If no cgi object is provided, it will fall back to using $config{url}. I expect this will only be needed in exceptional cases where that doesn't much matter, such as cgierror(). showform uses cgitemplate, so there is no more need for showform_preview.
2011-01-05better handling of relative permalinksJoey Hess
This way, do=goto will go to the page relative to the current location, while the permalinks in feeds will be absolute (unless an url is not configured at all).
2011-01-05Fix permalinks to recentchanges items and comments, broken by last release.Joey Hess
permalinks always need to be full urls
2011-01-05Fix base url when previewing. Was broken by urlto changes in last release.Joey Hess
Added a showform_preview that is like showform, but sets forcebaseurl to point to the page being previewed.
2010-12-25editpage, comment: Clean up title when editing or creating a page or comment.Joey Hess
Now that page.tmpl is used for cgi, the parentlinks are able to be displayed even when creating or editing a page. So it's redundant to include the path to the page in the title, remove it.
2010-11-29use one-parameter form of urltoJoey Hess
2010-11-23Pass a CGIURL into commentmoderation.tmplSimon McVittie
Omitting this resulted <form action=""> which is in fact a working self-referential form, but is less obvious than it ought to be.
2010-11-23Use local paths for most references to pagesSimon McVittie
2010-11-23Use local paths for the CGI URLSimon McVittie
2010-11-23Use local paths for redirection where possibleSimon McVittie
2010-11-12comments: Make comment() pagespec also match comments that are being posted.Joey Hess
2010-11-12comments: Make postcomment() pagespec work when previewing a comment.Joey Hess
2010-07-12Merge branch 'filter-full'Joey Hess
2010-07-05comments: Added commentmoderation directive for easy linking to the comment ↵Joey Hess
moderation queue.
2010-07-04comment: Fix problem moderating comments of certian pages with utf-8 in ↵Joey Hess
their name.
2010-07-04remove unnecessary and troublesome filter callsJoey Hess
This better defines what the filter hook is passed, to only be the raw, complete text of a page. Not some snippet, or data read in from an unrelated template. Several plugins that filtered text that originates from an (already filtered) page were modified not to do that. Note that this was not done very consistently before; other plugins that receive text from a page called preprocess on it w/o first calling filter. The template plugin gets text from elsewhere, and was also changed not to filter it. That leads to one known regression -- the embed plugin cannot be used to embed stuff in templates now. But that plugin is deprecated anyway. Later we may want to increase the coverage of what is filtered. Perhaps a good goal would be to allow writing a filter plugin that filters out unwanted words, from any input. We're not there yet; not only does the template plugin load unfiltered text from its templates now, but so can the table plugin, and other plugins that use templates (like inline!). I think we can cross that bridge when we come to it. If I wanted such a censoring plugin, I'd probably make it use a sanitize hook instead, for the better coverage. For now I am concentrating on the needs of the two non-deprecated users of filter. This should fix bugs/po_vs_templates, and it probably fixes an obscure bug around txt's use of filter for robots.txt.
2010-06-23finializing openid nickname supportJoey Hess
Renamed usershort => nickname. Note that this means existing user login sessions will not have the nickname recorded, and so it won't be used for those.
2010-06-23rcs_commit and rcs_commit_staged api changesJoey Hess
Using named parameters for these is overdue. Passing the session in a parameter instead of passing username and IP separately will later allow storing other session info, like username or part of the email. Note that these functions are not part of the exported API, and the prototype change will catch (most) skew, so I am not changing API versions. Any third-party plugins that call them will need updated though.
2010-06-23stop using REMOTE_ADDRJoey Hess
Everywhere that REMOTE_ADDR was used, a session object is available, so instead use its remote_addr method. In IkiWiki::Receive, stop setting a dummy REMOTE_ADDR. Note that it's possible for a session cookie to be obtained using one IP address, and then used from another IP. In this case, the first IP will now be used. I think that should be ok.
2010-06-17avoid dying if cannot chdir to an underlaydirJoey Hess
2010-06-15Fix issues with combining unicode srcdirs and source files.Joey Hess
A short story: Once there was a unicode string, let's call him Srcdir. Along came a crufy old File::Find, who went through a tree and pasted each of the leaves in turn onto Srcdir. But this 90's relic didn't decode the leaves -- despite some of them using unicode! Poor Srcdir, with these leaves stuck on him, tainted them with his nice unicode-ness. They didn't look like leaves at all, but instead garbage. (In other words, perl's unicode support sucks mightily, and drives us all to drink and bad storytelling. But we knew that..) So, srcdir is not normally flagged as unicode, because typically it's pure ascii. And in that case, things work ok; File::Find finds filenames, which are not yet decoded to unicode, and appends them to the srcdir, and then decode_utf8 happily converts the whole thing. But, if the srcdir does contain utf8 characters, that breaks. Or, if a Yaml setup file is used, Yaml::Syck's implicitunicode sets the unicode flag of *all* strings, even those containing only ascii. In either case, srcdir has the unicode flag set; a non-decoded filename is appended, and the flag remains set; and decode_utf8 sees the flag and does *nothing*. The result is that the filename is not decoded, so looks valid and gets skipped. File::Find only sticks the directory and filenames together in no_chdir mode .. but we need that mode for security. In order to retain the security, and avoid the problem, I made it not pass srcdir to File::Find. Instead, chdir to the srcdir, and pass ".". Since "." is ascii, the problem is avoided. Note that chdir srcdir is safe because we check for symlinks in the srcdir path. Note that it takes care to chdir back to the starting location. Because the user may have specified relative paths and so staying in the srcdir might break. A relative path could even be specifed for an underlay dir, so it chdirs back after each.
2010-06-14editpage, comments: Fix broken links in sidebar (due to forcebaseurl). ↵Joey Hess
(Thanks, privat)
2010-06-09let's allow comments of "0"Joey Hess
2010-05-21fix uninitalized value warningJoey Hess
2010-05-18Fix a typo in the last release.Joey Hess
2010-05-18Fix a bug that prevented matching deleted comments, and so did not update ↵Joey Hess
pages that had contained them. Problem is that by the time rendering calls render_dependent, %pagesources has had deleted files removed from it. So match_comment's lookup of files in there to see if they had the _comment extension failed. I had to introduce a hash that temporarily holds filenames of deleted pages to fix this. Note that unlike comment(), internal() had avoided this pitfall by being defined to match both internal and non-internal pages.
2010-05-17force scalar contextJoey Hess
2010-05-15Revert "avoid showing comment post stuff on dynamic pages"Joey Hess
This reverts commit 4a6d5330e5b9554f1bd25b9025dd96200c6519c7. That was too ugly, the DYNAMIC test on page.tmpl will avoid the problem anyway -- just needs to be added.
2010-05-15avoid showing comment post stuff on dynamic pagesJoey Hess
If the site is configured to allow comments on *, then the comment post interface was being added to cgi pages like signin and prefs. This fixes it w/o requiring more page.tmpl changes. The pagetemplate hook is called by misctemplate with an empty page name for dynamic pages.
2010-05-07Merge branch 'master' into commentreorgJoey Hess
2010-05-07avoid linking directly to ikiwiki.cgi?do=signinJoey Hess
Instead, add a custom do=commentsignin, that calls cgi_signin. This allows a plugin to inject a custom cgi_signin, that uses a different do= parameter, and have it be used consitently. (This was the only place to hardcode a link to do=signin.)
2010-05-07fix comment matching pagespecsJoey Hess
test isinternal first, because match_glob with internal => 1 also returns non-internal pages that match. This order should also be faster. Remove test to see if pagesources is set. isinternal will not succeed if it is not.
2010-05-07better wordingJoey Hess
2010-05-07bugfixJoey Hess
2010-05-07bugfixesJoey Hess
2010-05-07check that pagesources exists before testingJoey Hess
2010-05-07fix match_commentJoey Hess