summaryrefslogtreecommitdiff
path: root/IkiWiki
AgeCommit message (Collapse)Author
2008-12-12comments: Store dates in GMT and in ISO-8601Simon McVittie
The [[!_comment]] directive is a serialization format, not something for presentation to users, so we should use the least ambiguous possible representation.
2008-12-11simplifiy logicJoey Hess
2008-12-11comments: Change internal-use-only directive from [[!comment]] to [[!_comment]]Simon McVittie
2008-12-11comments: Use new feedfile, emptyfeeds options to inlineSimon McVittie
2008-12-11comments: don't interpolate IP into anonymous user's "name"Simon McVittie
If an admin wants the IP in the comment display template they can still get it (the default template shows it).
2008-12-11comments: fix invocation of possibly_foolish_untaintSimon McVittie
2008-12-11comments: avoid warning if there's no subjectSimon McVittie
2008-12-11comments: Optionally allow anonymous commenters to set their name/URL.Simon McVittie
Also provide a way for the comment template to pick up the verified username/IP.
2008-12-11comments: Remove some dead codeSimon McVittie
2008-12-11comments: rename main field to "editcontent" consistent with editpageSimon McVittie
This has the side-effect that Ikiwiki's default style.css gives the text box 100% width.
2008-12-11comments: instead of hard-coding mdwn, allow any supported page formatSimon McVittie
2008-12-11comments: Save comments as a file with one big [[!comment]] directive.Simon McVittie
This delays all comment formatting until the last possible time, allows us to set metadata without worrying that commenters may be able to evade it, and means that changes to how a comment is saved can be handled gracefully. It also gives us somewhere to put the commenter's username or IP address for later reference.
2008-12-11Remove dead code for preprocessing [[!comments]]Simon McVittie
2008-12-11comments: Duplicate logic and CGI hook from recentchanges to link user pages ↵Simon McVittie
correctly
2008-12-11Qualify name of formattime() correctlySimon McVittie
2008-12-11Delay checking for session expiry til we actually post a commentSimon McVittie
2008-12-11comments: record the time at which each comment was postedSimon McVittie
2008-12-11comments: Use a checkconfig hook to get the default value of comments_pagenameSimon McVittie
2008-12-11comments: render comments/commenturl in page.tmplSimon McVittie
2008-12-11comments: use global config to decide whether commenting is allowed, and for ↵Simon McVittie
name of page Also: * decide comment page name sooner * set permalink on it
2008-12-11comments: use global configuration for allow_directives, commit, and pagenameSimon McVittie
2008-12-11comments: Add some global configurationSimon McVittie
2008-12-11comments: make preprocess a no-opSimon McVittie
2008-12-11comments: document what linkuser doesSimon McVittie
2008-12-11comments: add a stub pagetemplate hook to show the commentsSimon McVittie
2008-12-11comments: Use HTML entities to escape directivesSimon McVittie
2008-12-11Embed comments into comments_embed.tmpl rather than concatenating in perlSimon McVittie
2008-12-11comments: use CGI module's checksessionexpirySimon McVittie
2008-12-11editpage: factor out checksessionexpiry into IkiWiki::CGISimon McVittie
2008-12-11htmlbalance: don't compact whitespace, and set misc other optionsSimon McVittie
Not compacting whitespace is the most important one: now that we run sanitize hooks on individual posted comments in the comments plugin, whitespace that is significant to Markdown (but not HTML) is lost.
2008-12-11comments: remove allowhtml option, just switch it on all the timeSimon McVittie
Now that posts are individually sanitized, that should be safe.
2008-12-11comments: load inline and mdwn lazilySimon McVittie
2008-12-11comments: don't rely on mdwn getting loaded firstSimon McVittie
2008-12-11comments: sanitize the body of each comment before posting itSimon McVittie
This should ensure that users can't "break out" from the enclosing <div>, making it impossible to forge comments (assuming htmlscrubber is enabled, and so is either htmlbalance or htmltidy).
2008-12-11Fix typo that led to comments being blankedSimon McVittie
2008-12-11postcomment: Rename plugin to comments, use *._comment filesSimon McVittie
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11Rename smcvpostcomment plugin to postcomment to propose for inclusionSimon McVittie
2008-12-11smcvpostcomment: allow commenting to be closedSimon McVittie
2008-12-11smcvpostcomment: import other plugins lazily and remove unnecessary use of CGISimon McVittie
2008-12-11smcvpostcomment: allow inlining to be disabled, and pass through atom etc. ↵Simon McVittie
better
2008-12-11smcvpostcomment: make allowhtml etc. configurable, and don't allow ↵Simon McVittie
commenting on pages where comments have never been allowed
2008-12-11smcvpostcomment: indicate in form whether HTML and directives are allowedSimon McVittie
2008-12-11smcvpostcomment: remove HTML if not allowedSimon McVittie
2008-12-11smcvpostcomment: always allow wikilinks, and do access controlSimon McVittie
wikilinks are harmless, so we might as well allow them. Access control for this plugin is a bit odd, since we specifically don't want to allow comments to be edited - so the check is whether the user is allowed to edit a deliberately invalid page name, page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*) or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec} or the opposite in $config{locked_pages} to allow "editing" (really just posting) comments.
2008-12-11smcvpostcomment: reduce length of subject fieldSimon McVittie
2008-12-11smcvpostcomment: explain what $fake is forSimon McVittie
2008-12-11smcvpostcomment: avoid warnings if form field 'body' is undefSimon McVittie
2008-12-11smcvpostcomment: load inline plugin more forciblySimon McVittie
2008-12-11smcvpostcomment: use better names for special comment filesSimon McVittie
2008-12-11smcvpostcomment: use gettext where appropriateSimon McVittie