path: root/doc/todo/comments.mdwn

Known issues with the [[plugins/comments]] plugin
Unimplemented


Instead of just a link to add a comment, it could have a form to enter
the title, similar to the form for adding a new blog post.

I'm not sure this is so useful? On Livejournal titles are allowed on
comments, but very rarely used (and indeed usually not very useful);
it's hard enough to get some people to title their blog posts :-)
--[[smcv]]



Won't fix


Because IkiWiki generates static HTML, we can't have a form inlined in
page.tmpl where the user fills in an entire comment and can submit it in
a single button-press, without being vulnerable to cross-site request forgery.
So I'll put this in as wontfix. --[[smcv]]

Surely there's a way around that?
A web 2.0 way comes to mind: The user clicks on a link
to open the comment post form. While the nasty web 2.0 javascript :)
is manipulating the page to add the form to it, it looks at the cookie
and uses that to insert a sid field.
Or, it could have a mandatory preview page and do the CSRF check then.
--[[Joey]]



It would be useful to have a pagespec that always matches all comments on
pages matching a glob. Something like comment(blog/*).
Perhaps postcomment could also be folded into this? Then the pagespec
would match both existing comments, as well as new comments that are
being posted.

Please see [[plugins/comments/discussion]]. If I've convinced you that
internal pages are the way forward, then sure, we can do that, because
people who can comment still won't be able to edit others' comments
(one of my goals is that commenters can't put words into each other's
mouths :-) )
On the other hand, if you still want me to switch this plugin to "real"
pages, or if internal pages might become editable in future, then
configuring lockedit/anonok so a user X can add comments to blog pages
would also let X edit/delete comments on blog pages (including those
written by others) in arbitrary ways, which doesn't seem good. --[[smcv]]


I had a look at implementing comment() and fell afoul of
some optimisations that assume only internal() will be used to match
internal pages. So probably this isn't worth doing. --[[Joey]]



Done


There is some common code cargo-culted from other plugins (notably inline and editpage) which
should probably be shared

Actually, there's less of this now than there used to be - a lot of simple
things that were shared have become unshareable as they became more
complex. --[[smcv]]


There's still goto. You have a branch for that. --[[Joey]]



Now merged --[[smcv]]




The default template should have a (?) icon next to unauthenticated users (with the IP address
as title) and an OpenID icon next to OpenIDs

Done in my comments git branch, at least as a mockup (using the (?),
{x} and {*} smileys for anonymous, OpenID and login respectively).
--[[smcv]]



I've improved this to use independent icons from the wikiicons
directory (untested!) --[[smcv]]





The new code produces links like /wikiisons/openid.png, which
fail if ikiwiki is not at the root of the web server. --[[Joey]]







Sorry, I should have spotted that (the assumption failed on my demo
site, but the push to that site was when I was on the way out, so I
didn't have time to investigate). As a note for other ikiwiki hackers,
I should have used
<img src="<TMPL_VAR NAME=BASEURL>wikiicons/openid.png" />. --[[smcv]]







I got to wondering if the icons are needed. On my comments branch
(not master), I've dropped the icons and info can be seen by hovering
over the author's name. Idea being that you probably don't care how
they authenticated unless something is weird, and in that case you
can hover to check. Does that make sense, should I merge it?
--[[Joey]]







Yeah, go ahead. I preferred my layout with the author before the
comment - perhaps that's Livejournal's influence :-) - but I can always
edit the templates for my own site. As long as the default is something
reasonable and both layouts are possible, I don't really mind.
Minimizing the number of "resource" files in the basewiki also seems
a good goal. --[[smcv]]






Previews always say "unknown IP address"

Fixed in my comments branch by commits bc66a00b and 95b3bbbf --[[smcv]]



The Comments link in the "toolbar" is to index.html#comments, not the
desired ./#comments

Fixed in my comments branch by commit 0844bd0b; commits 5b1cf21a
and c42f174e fix another beautify_urlpath bug and add a regression test
--[[smcv]]



Now that inline has some comments-specific functionality anyway, it would
be good to output <link rel="comments"> in Atom and the equivalent in RSS.

Fixed in my comments branch by d0d598e4, 3feebe31, 9e5f504e --[[smcv]]



Add COMMENTOPENID: the authenticated/verified user name, if and only if it was an OpenID

Done in my comments git branch --[[smcv]]


Not seeing it there, which branch? --[[Joey]]



Bah, git push --all is not the default... 'comments' branch now (I've also rebased it).
Sorry, I'm on mobile Internet at the moment... --[[smcv]]





merged by [[Joey]] in commit 0f03af38 --[[smcv]]





Should the comments be visually set off more from the page above?
Rather than just a horizontal rule, I'm thinking put the comments
in a box like is used for inlined pages.

I did put them in a box in the CSS... I agree the default template
could do with visual improvement though. --[[smcv]]



I'll consider this solved by [[Joey]]'s changes. --[[smcv]]




One can use inline to set up a feed of all comments posted to any page.
Using template=comment they are displayed right. Only problem
is there is no indication in that template of what page each comment in the
feed is a comment on. So, if a comment is inlined into a different page,
I think it should show a link back to the page commented on.
(BTW, the rss feed in this situation seems ok; there the link element
points back to the parent page.

done --[[Joey]]



One of Joey's commit messages says "Not ideal, it would be nicer to jump to
the actual comment posted, but no anchor is available". In fact there is
an anchor - the \[[_comment]] preprocessing wraps the comment in a <div>
with id="comment_123" or something. I'll fix this, unless Joey gets there
first. --[[smcv]]

done --[[Joey]]



If a spammer posts a comment, it is either impossible or hard to clean
up via the web. Would be nice to have some kind of link on the comment
that allows trusted users to remove it (using the remove plugin of
course).

Won't the remove plugin refuse to remove internal pages? This would be
a good feature to have, though. --[[smcv]]


Here, FWIW, is the first ikiwiki comment spam I've seen:
http://waldeneffect.org/blog/Snake_bite_information/#blog/Snake_bite_information/comment_1
So that took about 10 days...
--[[Joey]]



Implemented in my 'comments' branch, please review. It turns out
[[plugins/remove]] is happy to remove internal pages, so it was quite
easy to do. --[[smcv]]





done --[[Joey]]