a9b0b3da5f
comments: use global configuration for allow_directives, commit, and pagename
2008-12-11 21:14:04 +00:00
d35a2bd2de
comments: Add some global configuration
2008-12-11 21:14:04 +00:00
4972baac4d
comments: make preprocess a no-op
2008-12-11 21:14:04 +00:00
c9bb8b03a4
comments: document what linkuser does
2008-12-11 21:14:03 +00:00
404792c618
comments: add a stub pagetemplate hook to show the comments
2008-12-11 21:14:03 +00:00
3abfc1d71c
comments: Use HTML entities to escape directives
2008-12-11 21:14:03 +00:00
430ac61f21
Embed comments into comments_embed.tmpl rather than concatenating in perl
2008-12-11 21:14:03 +00:00
286dbb0541
comments: use CGI module's checksessionexpiry
2008-12-11 21:14:03 +00:00
249ea2ed75
comments: remove allowhtml option, just switch it on all the time
...
Now that posts are individually sanitized, that should be safe.
2008-12-11 21:14:03 +00:00
4663f364bb
comments: load inline and mdwn lazily
2008-12-11 21:14:03 +00:00
9d92fd5eb0
comments: don't rely on mdwn getting loaded first
2008-12-11 21:14:03 +00:00
ebe140201e
comments: sanitize the body of each comment before posting it
...
This should ensure that users can't "break out" from the enclosing
<div>, making it impossible to forge comments (assuming htmlscrubber
is enabled, and so is either htmlbalance or htmltidy).
2008-12-11 21:14:03 +00:00
57e40b9ce5
Fix typo that led to comments being blanked
2008-12-11 21:14:02 +00:00
3d4aa065d6
postcomment: Rename plugin to comments, use *._comment files
...
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11 21:14:02 +00:00
Simon McVittie