Simon McVittie
3abfc1d71c
comments: Use HTML entities to escape directives
2008-12-11 21:14:03 +00:00
Simon McVittie
430ac61f21
Embed comments into comments_embed.tmpl rather than concatenating in perl
2008-12-11 21:14:03 +00:00
Simon McVittie
286dbb0541
comments: use CGI module's checksessionexpiry
2008-12-11 21:14:03 +00:00
Simon McVittie
9a6005a212
editpage: factor out checksessionexpiry into IkiWiki::CGI
2008-12-11 21:14:03 +00:00
Simon McVittie
cb5aaa3cee
htmlbalance: don't compact whitespace, and set misc other options
...
Not compacting whitespace is the most important one: now that we run
sanitize hooks on individual posted comments in the comments plugin,
whitespace that is significant to Markdown (but not HTML) is lost.
2008-12-11 21:14:03 +00:00
Simon McVittie
249ea2ed75
comments: remove allowhtml option, just switch it on all the time
...
Now that posts are individually sanitized, that should be safe.
2008-12-11 21:14:03 +00:00
Simon McVittie
4663f364bb
comments: load inline and mdwn lazily
2008-12-11 21:14:03 +00:00
Simon McVittie
9d92fd5eb0
comments: don't rely on mdwn getting loaded first
2008-12-11 21:14:03 +00:00
Simon McVittie
ebe140201e
comments: sanitize the body of each comment before posting it
...
This should ensure that users can't "break out" from the enclosing
<div>, making it impossible to forge comments (assuming htmlscrubber
is enabled, and so is either htmlbalance or htmltidy).
2008-12-11 21:14:03 +00:00
Simon McVittie
57e40b9ce5
Fix typo that led to comments being blanked
2008-12-11 21:14:02 +00:00
Simon McVittie
3d4aa065d6
postcomment: Rename plugin to comments, use *._comment files
...
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11 21:14:02 +00:00
Simon McVittie
3c9ccb406b
Rename smcvpostcomment plugin to postcomment to propose for inclusion
2008-12-11 21:14:02 +00:00
Simon McVittie
b7db3444a5
smcvpostcomment: allow commenting to be closed
2008-12-11 21:14:02 +00:00
Simon McVittie
f49603bf86
smcvpostcomment: import other plugins lazily and remove unnecessary use of CGI
2008-12-11 21:14:02 +00:00
Simon McVittie
442e4e7e12
smcvpostcomment: allow inlining to be disabled, and pass through atom etc. better
2008-12-11 21:14:02 +00:00
Simon McVittie
bb4eb07bdd
smcvpostcomment: make allowhtml etc. configurable, and don't allow commenting on pages where comments have never been allowed
2008-12-11 21:14:02 +00:00
Simon McVittie
d18adfb1ad
smcvpostcomment: indicate in form whether HTML and directives are allowed
2008-12-11 21:14:02 +00:00
Simon McVittie
1bd1b03766
smcvpostcomment: remove HTML if not allowed
2008-12-11 21:14:02 +00:00
Simon McVittie
660a4ef151
smcvpostcomment: always allow wikilinks, and do access control
...
wikilinks are harmless, so we might as well allow them.
Access control for this plugin is a bit odd, since we specifically
don't want to allow comments to be edited - so the check is whether the
user is allowed to edit a deliberately invalid page name,
page/commented/on[smcvpostcomment]. You can put smcvpostcomment(*)
or smcvpostcomment(some/subdir/*) in $config{anonok_pagespec}
or the opposite in $config{locked_pages} to allow "editing" (really
just posting) comments.
2008-12-11 21:14:02 +00:00
Simon McVittie
798dea2033
smcvpostcomment: reduce length of subject field
2008-12-11 21:14:02 +00:00
Simon McVittie
29862a8cc8
smcvpostcomment: explain what $fake is for
2008-12-11 21:14:01 +00:00
Simon McVittie
42b15f7633
smcvpostcomment: avoid warnings if form field 'body' is undef
2008-12-11 21:14:01 +00:00
Simon McVittie
e65c7b73af
smcvpostcomment: load inline plugin more forcibly
2008-12-11 21:14:01 +00:00
Simon McVittie
49835784d8
smcvpostcomment: use better names for special comment files
2008-12-11 21:14:01 +00:00
Simon McVittie
bd8c4674a8
smcvpostcomment: use gettext where appropriate
2008-12-11 21:14:01 +00:00
Simon McVittie
f77f7a02a6
Add initial version of a postcomment plugin (temporarily namespaced as smcvpostcomment)
2008-12-11 21:14:01 +00:00
Joey Hess
b67632cdcd
inline: Support feedfile option to change the filename of the feed generated.
2008-12-11 15:01:26 -05:00
Joey Hess
63eb9d834e
inline: Support emptyfeeds=no option to skip generating empty feeds.
2008-12-11 14:04:38 -05:00
Joey Hess
38f5e3ba69
move feedpages application up
...
I wanted this nearer to the top, but decided to put it after the
add_depends. Reasoning: It's possible with a combinaton of feedpages and
show options to make @list and @feedlist contain completly differing sets
of pages. We want to add_depends all pages in both sets. We could combine
the two lists and add_depends that, but it's slightly more efficient to
defer reducing @feedlist, and add_depends whichever list is longer.
2008-12-11 13:58:40 -05:00
Joey Hess
a990afd2f7
avoid uninitialized value warning
2008-11-18 13:46:03 -05:00
Joey Hess
e307eeda3d
html escaping complication
...
Can't escape things to entities if the template then escapes the entities.
(aggregate doesn't have this problem.)
2008-11-18 02:48:24 -05:00
Joey Hess
15269fed64
improve escaping of wikilinks and preprocessor directives
...
The old method failed for '[' x 3.
2008-11-18 02:43:17 -05:00
Joey Hess
75f262f44d
call decode_utf8 inside eval
...
holger reported that decode_utf8 was crashing with perl 5.8.8. Earlier, I
thought that passing 0 to the function avoided this with old perls, but
that was apparently not enough, it still crashes. So, put it inside the
eval, so we can at least recover from it crashing.
2008-11-17 15:56:15 -05:00
Joey Hess
181bdbe1a9
use HTML::Entities
2008-11-17 14:27:11 -05:00
Joey Hess
e8a945845b
use perl modules up front
...
The old code actually did the same thing, just obfuscated -- since the eval
use wasn't quoted, it used the modules on load. Thus, the error (not to
mentioned the return) was bypassed, and it just failed on load.
But that seems like the right thing to do, really, so just made it clearer
that's what happens.
2008-11-17 14:19:15 -05:00
Simon McVittie
e7a840ed9a
htmlbalance: new plugin that balances tags by parsing and re-serializing
2008-11-17 10:46:21 +00:00
Joey Hess
6611f3a2d9
bzr: Fix dates for recentchanges.
2008-11-11 13:44:47 -05:00
Joey Hess
53752bcb5d
remove redundant link munge
...
This is not needed now that tagpage returns a page name starting with a
slash.
(Also fixes a minor bug that the edit links started with double slashes due
to the hack.)
2008-11-10 21:47:29 -05:00
Joey Hess
f8a09ba105
tag: Normalize tagbase so leading/trailing slashes in it don't break things.
2008-11-10 19:48:58 -05:00
Joey Hess
f0e58faefa
Add rel=nofollow to recentchanges_links for the same (weak) reasons it was earlier added to edit links.
2008-11-10 18:05:30 -05:00
Joey Hess
11d377af81
txt: Do not encode quotes when filtering the txt, as that broke later parsing of any directives on the page.
2008-11-06 20:49:18 -05:00
Joey Hess
db5ea4d4f0
meta: Plugin is now enabled by default since the basewiki uses it.
2008-11-06 16:08:11 -05:00
Joey Hess
ecf2399f4f
aggregate: Try to query XML::Feed for the base url when derelevatising links. Since this needs the just released XML::Feed 0.3, as well as a not yet released XML::RSS, it will fall back to the old method if no xml:base info is available.
2008-11-06 16:05:10 -05:00
Joey Hess
42b4abee1d
use error for two messages
2008-11-05 01:38:36 -05:00
Joey Hess
d71caffb7b
preprocess text before htmlizing it
2008-11-02 12:21:15 -05:00
Joey Hess
bb841f94f4
format: New plugin, allows embedding differntly formatted text inside a page (ie, otl inside a mdwn page, or syntax highlighted code inside a page).
2008-10-31 16:42:20 -04:00
Joey Hess
354d22e27b
don't rely on plugin load order when determining generated directives
...
Instead, shortcuts will explicitly be marked as such when registered, and
listdirectives can filter them out.
2008-10-30 13:41:19 -04:00
Joey Hess
33a0e84ddb
fix preview of shortcuts
...
Move shortcut processing back to checkconfig, and avoid it failing if the
srcdir is not defined.
2008-10-29 14:20:31 -04:00
Joey Hess
8530e827b0
git: Allow [[sha1_commit]] to be used in the diffurl, to support cgit.
2008-10-27 14:45:54 -04:00
Joey Hess
146192d5b0
the pre-receive wrapper needs to be suid after all
...
It needs to write to the user db.
2008-10-24 15:47:42 -04:00