Commit Graph

185 Commits (14909f1d51ddbcf7d14799e06b3c7908f40e9256)

Author SHA1 Message Date
Joey Hess 192ce7a238 remove unnecessary and troublesome filter calls
This better defines what the filter hook is passed, to only be the raw,
complete text of a page. Not some snippet, or data read in from an
unrelated template.

Several plugins that filtered text that originates from an (already
filtered) page were modified not to do that. Note that this was not
done very consistently before; other plugins that receive text from a
page called preprocess on it w/o first calling filter.

The template plugin gets text from elsewhere, and was also changed not to
filter it. That leads to one known regression -- the embed plugin cannot
be used to embed stuff in templates now. But that plugin is deprecated
anyway.

Later we may want to increase the coverage of what is filtered. Perhaps
a good goal would be to allow writing a filter plugin that filters
out unwanted words, from any input. We're not there yet; not only
does the template plugin load unfiltered text from its templates now,
but so can the table plugin, and other plugins that use templates (like
inline!). I think we can cross that bridge when we come to it. If I wanted
such a censoring plugin, I'd probably make it use a sanitize hook instead,
for the better coverage.

For now I am concentrating on the needs of the two non-deprecated users
of filter. This should fix bugs/po_vs_templates, and it probably fixes
an obscure bug around txt's use of filter for robots.txt.
2010-07-04 15:06:48 -04:00
Joey Hess 9a32451986 finializing openid nickname support
Renamed usershort => nickname.

Note that this means existing user login sessions will not have the nickname
recorded, and so it won't be used for those.
2010-06-23 20:16:01 -04:00
Joey Hess ecdfd1b864 rcs_commit and rcs_commit_staged api changes
Using named parameters for these is overdue. Passing the session in a
parameter instead of passing username and IP separately will later allow
storing other session info, like username or part of the email.

Note that these functions are not part of the exported API,
and the prototype change will catch (most) skew, so I am not changing
API versions. Any third-party plugins that call them will need updated
though.
2010-06-23 19:04:36 -04:00
Joey Hess 4292802ee5 stop using REMOTE_ADDR
Everywhere that REMOTE_ADDR was used, a session object is available, so
instead use its remote_addr method.

In IkiWiki::Receive, stop setting a dummy REMOTE_ADDR.

Note that it's possible for a session cookie to be obtained using one IP
address, and then used from another IP. In this case, the first IP will now
be used. I think that should be ok.
2010-06-23 16:35:51 -04:00
Joey Hess cb4b999297 avoid dying if cannot chdir to an underlaydir 2010-06-17 16:54:03 -04:00
Joey Hess 86a43aefb4 Fix issues with combining unicode srcdirs and source files.
A short story:

  Once there was a unicode string, let's call him Srcdir.

  Along came a crufy old File::Find, who went through a tree and pasted each
  of the leaves in turn onto Srcdir. But this 90's relic didn't decode the
  leaves -- despite some of them using unicode! Poor Srcdir, with these
  leaves stuck on him, tainted them with his nice unicode-ness. They didn't
  look like leaves at all, but instead garbage.

(In other words, perl's unicode support sucks mightily, and drives
us all to drink and bad storytelling. But we knew that..)

So, srcdir is not normally flagged as unicode, because typically it's pure
ascii. And in that case, things work ok; File::Find finds filenames, which
are not yet decoded to unicode, and appends them to the srcdir, and then
decode_utf8 happily converts the whole thing.

But, if the srcdir does contain utf8 characters, that breaks. Or, if a Yaml
setup file is used, Yaml::Syck's implicitunicode sets the unicode flag of
*all* strings, even those containing only ascii. In either case, srcdir
has the unicode flag set; a non-decoded filename is appended, and the flag
remains set; and decode_utf8 sees the flag and does *nothing*. The result
is that the filename is not decoded, so looks valid and gets skipped.

File::Find only sticks the directory and filenames together in no_chdir
mode .. but we need that mode for security. In order to retain the
security, and avoid the problem, I made it not pass srcdir to File::Find.
Instead, chdir to the srcdir, and pass ".". Since "." is ascii, the problem
is avoided.

Note that chdir srcdir is safe because we check for symlinks in the srcdir
path.

Note that it takes care to chdir back to the starting location. Because
the user may have specified relative paths and so staying in the srcdir
might break. A relative path could even be specifed for an underlay dir, so
it chdirs back after each.
2010-06-15 17:13:46 -04:00
Joey Hess c0bc2d0839 editpage, comments: Fix broken links in sidebar (due to forcebaseurl). (Thanks, privat) 2010-06-14 14:34:52 -04:00
Joey Hess 1bdf98a4a0 let's allow comments of "0" 2010-06-09 17:47:49 -04:00
Joey Hess 3d769f7849 fix uninitalized value warning 2010-05-21 18:03:21 -04:00
Joey Hess 14de1d87ef Fix a typo in the last release. 2010-05-18 14:16:58 -04:00
Joey Hess 7aa209f1ce Fix a bug that prevented matching deleted comments, and so did not update pages that had contained them.
Problem is that by the time rendering calls render_dependent, %pagesources
has had deleted files removed from it. So match_comment's lookup of
files in there to see if they had the _comment extension failed.

I had to introduce a hash that temporarily holds filenames of deleted pages
to fix this.

Note that unlike comment(), internal() had avoided this pitfall by being
defined to match both internal and non-internal pages.
2010-05-18 13:32:28 -04:00
Joey Hess facc77e109 force scalar context 2010-05-17 17:06:13 -04:00
Joey Hess ff67a31db5 Revert "avoid showing comment post stuff on dynamic pages"
This reverts commit 4a6d5330e5.

That was too ugly, the DYNAMIC test on page.tmpl will avoid the problem
anyway -- just needs to be added.
2010-05-15 22:38:59 -04:00
Joey Hess 4a6d5330e5 avoid showing comment post stuff on dynamic pages
If the site is configured to allow comments on *, then the comment post
interface was being added to cgi pages like signin and prefs. This fixes it
w/o requiring more page.tmpl changes. The pagetemplate hook is called by
misctemplate with an empty page name for dynamic pages.
2010-05-15 22:28:07 -04:00
Joey Hess 937b24e0cf Merge branch 'master' into commentreorg 2010-05-07 22:30:42 -04:00
Joey Hess 2ee820dedd avoid linking directly to ikiwiki.cgi?do=signin
Instead, add a custom do=commentsignin, that calls cgi_signin.

This allows a plugin to inject a custom cgi_signin, that uses a different
do= parameter, and have it be used consitently. (This was the only
place to hardcode a link to do=signin.)
2010-05-07 17:11:23 -04:00
Joey Hess b50b549cab fix comment matching pagespecs
test isinternal first, because match_glob with internal => 1 also returns
non-internal pages that match. This order should also be faster.

Remove test to see if pagesources is set. isinternal will not succeed if it
is not.
2010-05-07 14:02:30 -04:00
Joey Hess fe8f4a7781 better wording 2010-05-07 13:55:08 -04:00
Joey Hess 2dfdadf10c bugfix 2010-05-07 13:47:29 -04:00
Joey Hess 8d3c89f0c7 bugfixes 2010-05-07 13:44:24 -04:00
Joey Hess be0c2df6db check that pagesources exists before testing 2010-05-07 13:28:14 -04:00
Joey Hess 8cd216d748 fix match_comment 2010-05-07 12:55:34 -04:00
Joey Hess d9d910f676 moved comments pending moderation
* comments: Comments pending moderation are now stored in the srcdir
  alongside accepted comments, but with a `._comment_pending` extension.
* This allows easier byhand moderation, as the "_pending" need
  only be stripped off and the comment be committed to version control.
* The `comment_pending()` pagespec can be used to match such unmoderated
  comments, which makes it easy to add a feed of them, or a counter
  indicating how many there are.
* Belatedly added a `comment()` pagespec.
2010-05-06 20:05:53 -04:00
Joey Hess 154732dc42 adapt comment.tmpl to html5
Note that I put comment-header in a <header> despite it being
below the comment. Using a <footer> would be confusing given
the class name. Also, the content is semantically closer to
a header than a footer.
2010-05-02 16:12:08 -04:00
Joey Hess 970373548f Add parameter to displaytime to specify that it is a pubdate, and in html5 mode, use time tag. 2010-05-02 13:44:13 -04:00
Joey Hess c2656f08f3 template() - return params in list context
I forgot CGI::Formbuilder's horrible interface that needs template
parameters instead of a constructed object.
2010-04-24 16:15:47 -04:00
Joey Hess abd2339312 look for templates in srcdir and underlays, first
This entailed changing template_params; it no longer takes the template
filename as its first parameter.

Add template_depends to api and replace calls to template() with
template_depends() in appropriate places, where a dependency should be
added on the template.

Other plugins don't use template(), so will need further work.

Also, includes are disabled for security. Enabling includes only when using
templates from the templatedir would be nice, but would add a lot of
complexity to the implementation.
2010-04-22 15:55:58 -04:00
Joey Hess bfca8345ea bugfix
Avoid file_pruned triggering on absolute paths causing the whole
comments_pending directory being pruned.

Simplify code.
2010-04-20 17:42:36 -04:00
Joey Hess 59bb1f1db3 fix stat to use unmunged filename 2010-04-20 14:23:48 -04:00
Joey Hess 1f56dead00 oops, fix for no_chdir mode
$_ will be absolute then
2010-04-20 14:21:31 -04:00
Joey Hess 5d3f787729 use one parameter form of file_pruned here too
In File::Find, $_ is relative to the current directory, so that is ok.
Also, the directory name doesn't need to be stripped from $_.
2010-04-20 13:54:24 -04:00
Joey Hess a97964688b unfinished file_prune revamp
Many calls to file_prune were incorrectly calling it with 2 parameters.
In cases where the filename being checked is relative to the srcdir,
that is not needed.

Made absolute filenames be pruned. (This won't work for the 2 parameter call
style.)
2010-04-17 19:05:40 -04:00
Simon McVittie 5408279b5f HTML-encode meta title, description, guid on output, but not in the pagestate
This makes them consistent with the rest of the meta keys. A wiki rebuild
will be needed on upgrade to this version; until the wiki is rebuilt,
double-escaping will occur in the titles of pages that have not changed.
2010-04-06 01:31:38 +01:00
Joey Hess 09d4e9d6bb comments: Fix missing entity encoding in title.
The meta title data set by comments needs to be encoded the same way that
meta encodes it. (NB The security implications of the missing encoding
are small.)

Note that meta's encoding of title, description, and guid data, and not
other data, is probably a special case that should be removed. Instead,
these values should be encoded when used. I have avoided doing so here
because that would mean forcing a wiki rebuild on upgrade to have the data
consitently encoded.
2010-04-05 16:34:49 -04:00
Joey Hess edec9514f4 typo 2010-03-12 15:01:24 -05:00
Joey Hess 6eb71547dd typo 2010-03-09 19:55:50 -05:00
Joey Hess 6d27bbd026 Fix utf8 issues in calls to md5_hex.
This prevented comments containing some utf-8, including euro sign, from
being submitted. Since md5_hex is a C implementation, the string has to be
converted from perl's internal encoding to utf-8 when it is called. Some
utf-8 happened to work before, apparently by accident.

Note that this will change the checksums returned.

unique_comment_location is only used when posting comments, so the checksum
does not need to be stable there.

I only changed page_to_id for completeness; it is passed a comment page
name, and they can currently never contain utf-8.

In teximg, the bug could perhaps be triggered if the tex source contained
utf-8. If that happens, the checksum will change, and some extra work might
be performed on upgrade to rebuild the image.
2010-03-09 19:55:19 -05:00
Joey Hess c21eb47e62 comments: Display number of comments in comment action link.
This was not doable before, but when I added transitive dependency handling
in the big dependency rewrite, it became possible to include a comment
count when inlining.

This also improves the action link when a page has no comments. It will
link direct to the cgi to allow posting the first comment. And if the page
is locked to prevent posting new comments, the link is no longer shown.
2010-02-14 19:11:18 -05:00
Joey Hess 9a0b9bdc88 minor refactor/optimisation 2010-02-14 18:09:28 -05:00
Joey Hess 20ba12802b add section information 2010-02-12 04:22:15 -05:00
Joey Hess 8380a9d000 factor out a userpage function
Not yet exported, as only 4 quite core plugins use it.
2010-02-04 18:24:15 -05:00
Joey Hess d78e8ee452 comments: Fix permalinks for comments using new conflict-free filenames. 2010-01-04 20:51:40 -05:00
Joey Hess 6af6c89df3 comments: Add a checksum to the name of comment pages, to avoid merge conflicts when comments are posted to two branches of a site. 2009-12-30 15:41:17 -05:00
Joey Hess 5cdee82ef6 comment: Make comment directives no longer use the internal "_comment" form, and document the comment directive syntax.
Rationalle: Comments need to be user-editable so that they can be posted
via git commit etc.

The _comment directive is still supported, for back-compat.
2009-06-02 17:06:46 -04:00
Joey Hess 27193a2eeb support longname for page types in commands and rename
Also, sort the list of page types.
2009-05-21 15:50:25 -04:00
Joey Hess 527d178c12 comments: Add link to comment post form to allow user to sign in if they wish to, if the configuration makes signin optional for commenting. 2009-04-23 14:56:10 -04:00
Joey Hess 260ee2a283 use md5sum for page_to_id
The munged ids were looking pretty nasty, and were not completly guaranteed
to be unique. So a md5sum seems like a better approach. (Would have used
sha1, but md5 is in perl core.)
2009-03-27 13:44:31 -04:00
Joey Hess 10822a22b3 comments: Fix anchor ids to be legal xhtml. Closes: #521339
Well, that was a PITA.

Luckily, this doesn't break guids to comments in rss feeds,
though it does change the links.

I haven't put in a warning about needing to rebuild to get
this fix. It's probably good enough for new comments to get the
fix, without a lot of mass rebuilding.
2009-03-26 16:45:53 -04:00
Joey Hess 503d83ffbc comments: Fix too loose test for comments pages that matched normal pages with "comment_" in their name. Closes: #521322 2009-03-26 14:04:28 -04:00
Joey Hess b30c1b0c38 comments: Avoid showing comment moderation button in prefs to non-admins. 2009-02-26 02:31:13 -05:00
Simon McVittie c886bea320 Split cgi_goto into a goto plugin 2009-01-31 23:01:10 +00:00
Simon McVittie 4e92548ebc comments: delete cgi hook in favour of the global one 2009-01-31 14:49:12 +00:00
Joey Hess 5dd67723c1 typo 2009-01-26 20:33:55 -05:00
Joey Hess 42b3e13739 format moderation queue only at end, avoid O(N^3) bug
It was calling format hooks for each comment on the page.
When relativedate is enabled, that made it insert <script> tags
for each comment. And the browser loaded the same script over and over,
which was slow on its own. But that was nothing compared to running
the onload even over and over.. especially since the hook system
added a new call to the hook each time it loaded.

For a page with 10 comments, that caused the relativedate DOM parsing
code to run 1000 times, I think. Anyway, it was sloow. Now it runs once.
2009-01-25 22:30:28 -05:00
Joey Hess 9d4f396b13 add reject all marked defer checkbox 2009-01-25 22:25:45 -05:00
Joey Hess 4e21af7671 sort comment queue by time, newest first 2009-01-25 19:45:56 -05:00
Joey Hess 7a7e28c55f add a button to prefs page for comment moderation 2009-01-25 19:04:45 -05:00
Joey Hess 9a5085e512 clean up comment preview
Remove actions from it, and avoid a broken title link.
2009-01-25 18:56:47 -05:00
Joey Hess 731fc9e7a2 comments: Add a moderation web interface. 2009-01-25 18:49:57 -05:00
Joey Hess c154fa5d6c comments: If comment content checks fail, store the comment (in .ikiwiki/comments_pending) for moderator review. 2009-01-25 15:42:13 -05:00
Joey Hess e1ff06b634 fix uninitialized value warnings
I suspect these are only triggered by spammers.
2009-01-22 20:58:49 -05:00
Joey Hess 16c56af605 make postcomment() pagespecs work while in checkcontent 2009-01-16 21:58:05 -05:00
Joey Hess f7b2cfcf50 checkcontent: New hook, can be used to implement arbitrary content filters, including spam filters. 2009-01-16 20:46:55 -05:00
Joey Hess 362a329556 remove xxx comment
IIRC I analised this and the code is right
2009-01-16 19:34:50 -05:00
Simon McVittie 79676ca445 comments: if the remove plugin is enabled, append a "Remove comment" link 2009-01-10 11:31:24 +00:00
Simon McVittie d70b05971f comments: only try to insert commentuser etc. into templates if the page contained [[!_comment]] 2009-01-10 11:29:56 +00:00
Joey Hess 551544663d comments: Fix cache avoidance hack.
The ?updated needs to come before the #anchor or browsers will not follow
the anchor.
2009-01-07 11:12:32 -05:00
Joey Hess 0711c0c548 comments: Add cache avoidance.
This got lost when we added the jump-to-comment anchor.
2008-12-28 22:20:22 -05:00
Joey Hess 6f1539320b Merge branch 'master' into next 2008-12-26 14:07:25 -05:00
Joey Hess 9db06329c9 comments: Deal with users entering unqualified or partial urls.
People seem to be able to expect to enter www.foo.com and get away with it.
The resulting my.wiki/www.foo.com link was not ideal.

To fix it, use URI::Heuristic to expand such things into a real url. It
even looks up hostnames in the DNS if necessary.
2008-12-26 14:07:19 -05:00
Joey Hess 678d467a40 finalise version 3.00 of the plugin api 2008-12-23 16:34:19 -05:00
Simon McVittie d0d598e429 comments: substitute commentsurl and atomcommentsurl for use in feeds 2008-12-21 17:15:49 +00:00
Simon McVittie 95b3bbbf7c comments: run pagetemplate hooks
This fixes the bug that comments are always said to be from an anonymous
user at an unknown IP address.
2008-12-21 15:08:14 +00:00
Simon McVittie bc66a00b90 comments: linkify and preprocess preview with correct 'page' param 2008-12-21 15:07:36 +00:00
Joey Hess c53a3a1d3e avoid storing transient state in pagestate
None of the comment state needs to be stored through the a later run of
ikiwiki, so move it all from pagestate to a more transient storage.

This is assuming that we'll never want to add pagespecs to search against
the comment state. Pagespecs like author() are why the meta plugin does
store its meta data in pagestate -- the data can be needed later to match
against.
2008-12-20 20:55:38 -05:00
Simon McVittie 9e889c39ed comments: Rename COMMENTURL to ADDCOMMENTURL to avoid confusion with COMMENTAUTHORURL
Also refactor page.tmpl to use if/else rather than unless/if.
2008-12-20 17:34:55 +00:00
Simon McVittie 8ed94c0a18 comments: pass COMMENTOPENID to templates 2008-12-20 17:34:55 +00:00
Simon McVittie 8a9f4e225f comments: remove linkuser(), it's been integrated into preprocess() now 2008-12-20 17:34:55 +00:00
Simon McVittie f4e69ed815 _comment directive: if the user looks like an OpenID, store that 2008-12-20 17:34:54 +00:00
Joey Hess 301733ba13 fix comment permalink to always point to comment parent page 2008-12-19 17:33:40 -05:00
Joey Hess 4bdeec4961 remove cruft
wtf does it do? absolutely nothing
2008-12-19 14:09:39 -05:00
Joey Hess 79a787a466 rename comments_form to editcomment 2008-12-19 14:07:22 -05:00
Joey Hess ddabb010b2 rename comments_display to comment 2008-12-19 14:03:26 -05:00
Joey Hess f7fc062a12 replace discussion links on pages with comments link
The thinking here is that having both a Discussion page and comments for
the same page is redundant, and certianly not what you want if you enable
comments for a page. At first I considered making configurable via pagespec
what pages got discussion links. But that would mean testing a new pagespec
for every page, and a redundant config setting to keep in sync. So intead,
take a lead from my previous change to make inlined pages have a comments
link, and change the discussion link at the top of regular pages to link to
their comments.

(Implementation is a bit optimised to avoid redundant pagespec checking.)
2008-12-19 13:55:41 -05:00
Joey Hess 7521dd6c75 jump to comment after posting
Jumping to the just posted comment was the imputus, but I killed a number
of birds here.

Added a INLINEPAGE template variable, which can be used to add anchors to
any inline template.

To keep that sufficiently general, it is the full page name, so the
comment anchors and links changed form.

Got rid of the FIXMEd hardcoded html anchor div.

More importantly, the anchor is now to the very top of the comment, not the
text below. So you can see the title, and how it attributes you.

Avoid changing the permalink of pages that are not really comments, but
happen to contain the _comment directive. I think that behavior was a bug,
though not a likely one to occur since _comment should only really be used
on comment pages.
2008-12-18 20:58:16 -05:00
Joey Hess 81165dd2e0 jump to comments anchor after post
Not ideal, it would be nicer to jump to the actual comment posted, but no
anchor is available.
2008-12-17 20:29:55 -05:00
Joey Hess 339bfbd44a typo 2008-12-17 20:22:42 -05:00
Joey Hess cd7ac8f72a add Comments link when displaying a page inline
This link will supplant the usual Discussion link for pages
that have comments enabled.
2008-12-17 19:38:02 -05:00
Joey Hess 5feffc8b0b fix test when comments_closed_pagespec is empty 2008-12-17 19:06:29 -05:00
Joey Hess 140c0bacba change around comments pagespecs
I think it is clearer to have one pagespec that controls all pages with
comments, and a separate pagespec that can be used to close new comments on
a subset of those pages.
2008-12-17 18:50:04 -05:00
Joey Hess 9b837fd5ed fix default values for config settings
defaults cannot be set in getsetup, do it in checkconfig to avoid
uninitialized value warnings.
2008-12-17 17:05:49 -05:00
Joey Hess bb93fccf06 Coding style change: Remove explcit vim folding markers. 2008-12-17 15:22:16 -05:00
Joey Hess 985b229be6 checksessionexpiry: rework
This function as factored out was a bit confusing, I think this makes more
sense.
2008-12-17 14:26:08 -05:00
Joey Hess 15ec55eff5 elide unnecessary variables 2008-12-12 15:38:23 -05:00
Joey Hess ef972a871b remove fixme
sessioncgi hooks are always called with the wiki locked
2008-12-12 15:25:12 -05:00
Joey Hess 928f6938d2 fix redefinition of $author 2008-12-12 15:22:43 -05:00
Joey Hess 9557c7c890 move related code together 2008-12-12 15:19:01 -05:00
Joey Hess f3735891ca whitespace 2008-12-12 15:13:07 -05:00
Joey Hess 18eeb068a6 don't explicitly use inline
loadplugin("inline") should take care of that
2008-12-12 15:10:17 -05:00
Joey Hess 2a7849b838 avoid unnecessary variable 2008-12-12 15:08:06 -05:00