summaryrefslogtreecommitdiff
path: root/IkiWiki
AgeCommit message (Collapse)Author
2008-12-11Qualify name of formattime() correctlySimon McVittie
2008-12-11Delay checking for session expiry til we actually post a commentSimon McVittie
2008-12-11comments: record the time at which each comment was postedSimon McVittie
2008-12-11comments: Use a checkconfig hook to get the default value of comments_pagenameSimon McVittie
2008-12-11comments: render comments/commenturl in page.tmplSimon McVittie
2008-12-11comments: use global config to decide whether commenting is allowed, and for ↵Simon McVittie
name of page Also: * decide comment page name sooner * set permalink on it
2008-12-11comments: use global configuration for allow_directives, commit, and pagenameSimon McVittie
2008-12-11comments: Add some global configurationSimon McVittie
2008-12-11comments: make preprocess a no-opSimon McVittie
2008-12-11comments: document what linkuser doesSimon McVittie
2008-12-11comments: add a stub pagetemplate hook to show the commentsSimon McVittie
2008-12-11comments: Use HTML entities to escape directivesSimon McVittie
2008-12-11Embed comments into comments_embed.tmpl rather than concatenating in perlSimon McVittie
2008-12-11comments: use CGI module's checksessionexpirySimon McVittie
2008-12-11editpage: factor out checksessionexpiry into IkiWiki::CGISimon McVittie
2008-12-11htmlbalance: don't compact whitespace, and set misc other optionsSimon McVittie
Not compacting whitespace is the most important one: now that we run sanitize hooks on individual posted comments in the comments plugin, whitespace that is significant to Markdown (but not HTML) is lost.
2008-12-11comments: remove allowhtml option, just switch it on all the timeSimon McVittie
Now that posts are individually sanitized, that should be safe.
2008-12-11comments: load inline and mdwn lazilySimon McVittie
2008-12-11comments: don't rely on mdwn getting loaded firstSimon McVittie
2008-12-11comments: sanitize the body of each comment before posting itSimon McVittie
This should ensure that users can't "break out" from the enclosing <div>, making it impossible to forge comments (assuming htmlscrubber is enabled, and so is either htmlbalance or htmltidy).
2008-12-11Fix typo that led to comments being blankedSimon McVittie
2008-12-11postcomment: Rename plugin to comments, use *._comment filesSimon McVittie
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11Rename smcvpostcomment plugin to postcomment to propose for inclusionSimon McVittie
2008-12-11smcvpostcomment: allow commenting to be closedSimon McVittie
2008-12-11smcvpostcomment: import other plugins lazily and remove unnecessary use of CGISimon McVittie
2008-12-11smcvpostcomment: allow inlining to be disabled, and pass through atom etc. ↵Simon McVittie
better
2008-12-11smcvpostcomment: make allowhtml etc. configurable, and don't allow ↵Simon McVittie
commenting on pages where comments have never been allowed
2008-12-11smcvpostcomment: indicate in form whether HTML and directives are allowedSimon McVittie
2008-12-11smcvpostcomment: remove HTML if not allowedSimon McVittie
2008-12-11smcvpostcomment: always allow wikilinks, and do access controlSimon McVittie
wikilinks are harmless, so we might as well allow them. Access control for this plugin is a bit odd, since we specifically don't want to allow comments to be edited - so the check is whether the user is allowed to edit a deliberately invalid page name, page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*) or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec} or the opposite in $config{locked_pages} to allow "editing" (really just posting) comments.
2008-12-11smcvpostcomment: reduce length of subject fieldSimon McVittie
2008-12-11smcvpostcomment: explain what $fake is forSimon McVittie
2008-12-11smcvpostcomment: avoid warnings if form field 'body' is undefSimon McVittie
2008-12-11smcvpostcomment: load inline plugin more forciblySimon McVittie
2008-12-11smcvpostcomment: use better names for special comment filesSimon McVittie
2008-12-11smcvpostcomment: use gettext where appropriateSimon McVittie
2008-12-11Add initial version of a postcomment plugin (temporarily namespaced as ↵Simon McVittie
smcvpostcomment)
2008-12-11inline: Support feedfile option to change the filename of the feed generated.Joey Hess
2008-12-11inline: Support emptyfeeds=no option to skip generating empty feeds.Joey Hess
2008-12-11move feedpages application upJoey Hess
I wanted this nearer to the top, but decided to put it after the add_depends. Reasoning: It's possible with a combinaton of feedpages and show options to make @list and @feedlist contain completly differing sets of pages. We want to add_depends all pages in both sets. We could combine the two lists and add_depends that, but it's slightly more efficient to defer reducing @feedlist, and add_depends whichever list is longer.
2008-11-18avoid uninitialized value warningJoey Hess
2008-11-18html escaping complicationJoey Hess
Can't escape things to entities if the template then escapes the entities. (aggregate doesn't have this problem.)
2008-11-18improve escaping of wikilinks and preprocessor directivesJoey Hess
The old method failed for '[' x 3.
2008-11-17call decode_utf8 inside evalJoey Hess
holger reported that decode_utf8 was crashing with perl 5.8.8. Earlier, I thought that passing 0 to the function avoided this with old perls, but that was apparently not enough, it still crashes. So, put it inside the eval, so we can at least recover from it crashing.
2008-11-17use HTML::EntitiesJoey Hess
2008-11-17use perl modules up frontJoey Hess
The old code actually did the same thing, just obfuscated -- since the eval use wasn't quoted, it used the modules on load. Thus, the error (not to mentioned the return) was bypassed, and it just failed on load. But that seems like the right thing to do, really, so just made it clearer that's what happens.
2008-11-17htmlbalance: new plugin that balances tags by parsing and re-serializingSimon McVittie
2008-11-11make unlockwiki drop the cgilockJoey Hess
This is necessary so that things that fork to the background, like pinger, and inline ping, don't block other cgis from running. Note that websetup also calls unlockwiki, before refreshing / rebuilding the wiki. It makes perfect sense for that not to block other cgis.
2008-11-11O_CREATE needs modeJoey Hess
2008-11-11avoid multiple ikiwiki cgi processes piling up, eating all memory, and thrashingJoey Hess
Fixed by making the cgi wrapper wait on a cgilock. If you had to set apache's MaxClients low to avoid ikiwiki thrashing your server, you can now turn it up to a high value. The downside to this is that a cgi call that doesn't need to call lockwiki will be serialised by this so only one can run at a time. (For example, do=search.) There are few such calls, and all of them call loadindex, so each still eats gobs of memory, so serialising them still seems ok.