Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-12-11 | Delay checking for session expiry til we actually post a comment | Simon McVittie | |
2008-12-11 | comments: record the time at which each comment was posted | Simon McVittie | |
2008-12-11 | comments: Use a checkconfig hook to get the default value of comments_pagename | Simon McVittie | |
2008-12-11 | comments: render comments/commenturl in page.tmpl | Simon McVittie | |
2008-12-11 | comments: use global config to decide whether commenting is allowed, and for ↵ | Simon McVittie | |
name of page Also: * decide comment page name sooner * set permalink on it | |||
2008-12-11 | comments: use global configuration for allow_directives, commit, and pagename | Simon McVittie | |
2008-12-11 | comments: Add some global configuration | Simon McVittie | |
2008-12-11 | comments: make preprocess a no-op | Simon McVittie | |
2008-12-11 | comments: document what linkuser does | Simon McVittie | |
2008-12-11 | comments: add a stub pagetemplate hook to show the comments | Simon McVittie | |
2008-12-11 | comments: Use HTML entities to escape directives | Simon McVittie | |
2008-12-11 | Embed comments into comments_embed.tmpl rather than concatenating in perl | Simon McVittie | |
2008-12-11 | comments: use CGI module's checksessionexpiry | Simon McVittie | |
2008-12-11 | editpage: factor out checksessionexpiry into IkiWiki::CGI | Simon McVittie | |
2008-12-11 | htmlbalance: don't compact whitespace, and set misc other options | Simon McVittie | |
Not compacting whitespace is the most important one: now that we run sanitize hooks on individual posted comments in the comments plugin, whitespace that is significant to Markdown (but not HTML) is lost. | |||
2008-12-11 | comments: remove allowhtml option, just switch it on all the time | Simon McVittie | |
Now that posts are individually sanitized, that should be safe. | |||
2008-12-11 | comments: load inline and mdwn lazily | Simon McVittie | |
2008-12-11 | comments: don't rely on mdwn getting loaded first | Simon McVittie | |
2008-12-11 | comments: sanitize the body of each comment before posting it | Simon McVittie | |
This should ensure that users can't "break out" from the enclosing <div>, making it impossible to forge comments (assuming htmlscrubber is enabled, and so is either htmlbalance or htmltidy). | |||
2008-12-11 | Fix typo that led to comments being blanked | Simon McVittie | |
2008-12-11 | postcomment: Rename plugin to comments, use *._comment files | Simon McVittie | |
The PageSpec is still called "postcomment" since that's what it means. | |||
2008-12-11 | Rename smcvpostcomment plugin to postcomment to propose for inclusion | Simon McVittie | |
2008-12-11 | smcvpostcomment: allow commenting to be closed | Simon McVittie | |
2008-12-11 | smcvpostcomment: import other plugins lazily and remove unnecessary use of CGI | Simon McVittie | |
2008-12-11 | smcvpostcomment: allow inlining to be disabled, and pass through atom etc. ↵ | Simon McVittie | |
better | |||
2008-12-11 | smcvpostcomment: make allowhtml etc. configurable, and don't allow ↵ | Simon McVittie | |
commenting on pages where comments have never been allowed | |||
2008-12-11 | smcvpostcomment: indicate in form whether HTML and directives are allowed | Simon McVittie | |
2008-12-11 | smcvpostcomment: remove HTML if not allowed | Simon McVittie | |
2008-12-11 | smcvpostcomment: always allow wikilinks, and do access control | Simon McVittie | |
wikilinks are harmless, so we might as well allow them. Access control for this plugin is a bit odd, since we specifically don't want to allow comments to be edited - so the check is whether the user is allowed to edit a deliberately invalid page name, page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*) or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec} or the opposite in $config{locked_pages} to allow "editing" (really just posting) comments. | |||
2008-12-11 | smcvpostcomment: reduce length of subject field | Simon McVittie | |
2008-12-11 | smcvpostcomment: explain what $fake is for | Simon McVittie | |
2008-12-11 | smcvpostcomment: avoid warnings if form field 'body' is undef | Simon McVittie | |
2008-12-11 | smcvpostcomment: load inline plugin more forcibly | Simon McVittie | |
2008-12-11 | smcvpostcomment: use better names for special comment files | Simon McVittie | |
2008-12-11 | smcvpostcomment: use gettext where appropriate | Simon McVittie | |
2008-12-11 | Add initial version of a postcomment plugin (temporarily namespaced as ↵ | Simon McVittie | |
smcvpostcomment) | |||
2008-12-11 | inline: Support feedfile option to change the filename of the feed generated. | Joey Hess | |
2008-12-11 | inline: Support emptyfeeds=no option to skip generating empty feeds. | Joey Hess | |
2008-12-11 | move feedpages application up | Joey Hess | |
I wanted this nearer to the top, but decided to put it after the add_depends. Reasoning: It's possible with a combinaton of feedpages and show options to make @list and @feedlist contain completly differing sets of pages. We want to add_depends all pages in both sets. We could combine the two lists and add_depends that, but it's slightly more efficient to defer reducing @feedlist, and add_depends whichever list is longer. | |||
2008-11-18 | avoid uninitialized value warning | Joey Hess | |
2008-11-18 | html escaping complication | Joey Hess | |
Can't escape things to entities if the template then escapes the entities. (aggregate doesn't have this problem.) | |||
2008-11-18 | improve escaping of wikilinks and preprocessor directives | Joey Hess | |
The old method failed for '[' x 3. | |||
2008-11-17 | call decode_utf8 inside eval | Joey Hess | |
holger reported that decode_utf8 was crashing with perl 5.8.8. Earlier, I thought that passing 0 to the function avoided this with old perls, but that was apparently not enough, it still crashes. So, put it inside the eval, so we can at least recover from it crashing. | |||
2008-11-17 | use HTML::Entities | Joey Hess | |
2008-11-17 | use perl modules up front | Joey Hess | |
The old code actually did the same thing, just obfuscated -- since the eval use wasn't quoted, it used the modules on load. Thus, the error (not to mentioned the return) was bypassed, and it just failed on load. But that seems like the right thing to do, really, so just made it clearer that's what happens. | |||
2008-11-17 | htmlbalance: new plugin that balances tags by parsing and re-serializing | Simon McVittie | |
2008-11-11 | bzr: Fix dates for recentchanges. | Joey Hess | |
2008-11-10 | remove redundant link munge | Joey Hess | |
This is not needed now that tagpage returns a page name starting with a slash. (Also fixes a minor bug that the edit links started with double slashes due to the hack.) | |||
2008-11-10 | tag: Normalize tagbase so leading/trailing slashes in it don't break things. | Joey Hess | |
2008-11-10 | Add rel=nofollow to recentchanges_links for the same (weak) reasons it was ↵ | Joey Hess | |
earlier added to edit links. |