Commit Graph

297 Commits (adf182669dbb82b821216faf643ac5084f252a19)

Author SHA1 Message Date
Joey Hess 12eb056b33 Merge branch 'master' into po 2009-01-26 13:05:38 -05:00
Joey Hess 0c287d85bb typo 2009-01-25 22:44:38 -05:00
Joey Hess 9d4f396b13 add reject all marked defer checkbox 2009-01-25 22:25:45 -05:00
Joey Hess 9a5085e512 clean up comment preview
Remove actions from it, and avoid a broken title link.
2009-01-25 18:56:47 -05:00
Joey Hess 731fc9e7a2 comments: Add a moderation web interface. 2009-01-25 18:49:57 -05:00
intrigeri 82197bd0ea Merge commit 'upstream/master' into prv/po 2009-01-13 12:26:43 +01:00
Simon McVittie 79676ca445 comments: if the remove plugin is enabled, append a "Remove comment" link 2009-01-10 11:31:24 +00:00
Joey Hess 81b088866b repolist: New plugin to support the rel=vcs-* microformat.
* repolist: New plugin to support the rel=vcs-* microformat.
* goodstuff: Include repolist by default. (But it does nothing until
  configured with the repository locations.)
2009-01-07 16:07:46 -05:00
intrigeri f58cb48f1f po(formbuilder_setup): use a template to display the warning
Signed-off-by: intrigeri <intrigeri@boum.org>
2009-01-02 12:27:10 +01:00
Simon McVittie 9e5f504e1a rssitem.tmpl: include comments URL (HTML only) 2008-12-21 17:16:24 +00:00
Simon McVittie 3feebe31b6 atomitem.tmpl: include comments URLs (HTML and Atom versions) 2008-12-21 17:16:12 +00:00
Joey Hess 5c669ab226 comment layout change
I saw a layout similar to this on blogger, and I sorta like it

The dash avoids parens sitting next to each other in some cases.
2008-12-21 01:04:19 -05:00
Joey Hess f8cc87e8ee remove signin icons, use title 2008-12-20 18:46:56 -05:00
Joey Hess b7531acb59 tweak author display
Put the icon after the name, mostly because it scans better on
non-graphical browsers where the alt text is displayed. And because the
name is really the more important part.
2008-12-20 18:36:16 -05:00
Simon McVittie f94665800c comment.tmpl: make anon/OpenID/signed-in icons independent of smileys 2008-12-20 17:39:55 +00:00
Simon McVittie 045cbb2a14 comments_display: display (?) for anon users, {x} for OpenIDs and {*} for local logins
This is a mockup of Joey's idea; to do it properly, the icons should
move to the basewiki or to a comments underlay, and {x} should be
replaced with an OpenID logo (if one with clear licensing even exists).
2008-12-20 17:34:55 +00:00
Simon McVittie 9e889c39ed comments: Rename COMMENTURL to ADDCOMMENTURL to avoid confusion with COMMENTAUTHORURL
Also refactor page.tmpl to use if/else rather than unless/if.
2008-12-20 17:34:55 +00:00
Joey Hess fb8161b845 simplify and compact the comment edit form
Mostly to make it more visually similar to the page edit form.

I'm a bit uncertian about the placement of the page type selector,
and about removing the "Page type". May rethink that.
2008-12-19 14:29:54 -05:00
Joey Hess d0f2ac685b remove 'signed in as foo'
I think users should know who they're signed in as; the edit pages don't
say so there's no reason to here. Also, the user id was not displayed
pretty.
2008-12-19 14:21:48 -05:00
Joey Hess 091c7fd25b add link from comment subject to its permalink 2008-12-19 14:20:07 -05:00
Joey Hess 29cb9027f4 fiddle with comment css classes 2008-12-19 14:14:20 -05:00
Joey Hess 79a787a466 rename comments_form to editcomment 2008-12-19 14:07:22 -05:00
Joey Hess ddabb010b2 rename comments_display to comment 2008-12-19 14:03:26 -05:00
Joey Hess f7fc062a12 replace discussion links on pages with comments link
The thinking here is that having both a Discussion page and comments for
the same page is redundant, and certianly not what you want if you enable
comments for a page. At first I considered making configurable via pagespec
what pages got discussion links. But that would mean testing a new pagespec
for every page, and a redundant config setting to keep in sync. So intead,
take a lead from my previous change to make inlined pages have a comments
link, and change the discussion link at the top of regular pages to link to
their comments.

(Implementation is a bit optimised to avoid redundant pagespec checking.)
2008-12-19 13:55:41 -05:00
Joey Hess 7521dd6c75 jump to comment after posting
Jumping to the just posted comment was the imputus, but I killed a number
of birds here.

Added a INLINEPAGE template variable, which can be used to add anchors to
any inline template.

To keep that sufficiently general, it is the full page name, so the
comment anchors and links changed form.

Got rid of the FIXMEd hardcoded html anchor div.

More importantly, the anchor is now to the very top of the comment, not the
text below. So you can see the title, and how it attributes you.

Avoid changing the permalink of pages that are not really comments, but
happen to contain the _comment directive. I think that behavior was a bug,
though not a likely one to occur since _comment should only really be used
on comment pages.
2008-12-18 20:58:16 -05:00
Joey Hess cd7ac8f72a add Comments link when displaying a page inline
This link will supplant the usual Discussion link for pages
that have comments enabled.
2008-12-17 19:38:02 -05:00
Simon McVittie c038734986 comments_display.tmpl: use less nice formatting to avoid whitespace in output 2008-12-11 21:14:05 +00:00
Simon McVittie 370c1b87c9 comments_display.tmpl: preferentially use confirmed username, but fall back to claimed author if unauthenticated
This still isn't quite right (it displays the IP address twice if the user
doesn't specify a name).
2008-12-11 21:14:05 +00:00
Simon McVittie f29a607025 comments_form.tmpl: show labels for name, website 2008-12-11 21:14:05 +00:00
Simon McVittie a5889912b3 comments: Optionally allow anonymous commenters to set their name/URL.
Also provide a way for the comment template to pick up the verified
username/IP.
2008-12-11 21:14:05 +00:00
Simon McVittie 44a7d77a30 comments: rename main field to "editcontent" consistent with editpage
This has the side-effect that Ikiwiki's default style.css gives the text
box 100% width.
2008-12-11 21:14:05 +00:00
Simon McVittie edb69335f2 comments: instead of hard-coding mdwn, allow any supported page format 2008-12-11 21:14:05 +00:00
Simon McVittie 9af0f04df3 comments: Save comments as a file with one big [[!comment]] directive.
This delays all comment formatting until the last possible time, allows
us to set metadata without worrying that commenters may be able to evade
it, and means that changes to how a comment is saved can be handled
gracefully. It also gives us somewhere to put the commenter's username
or IP address for later reference.
2008-12-11 21:14:05 +00:00
Simon McVittie 24bfc3fdc5 comments: record the time at which each comment was posted 2008-12-11 21:14:04 +00:00
Simon McVittie 8ead8ac857 Remove comments_embed.tmpl (no longer needed) 2008-12-11 21:14:04 +00:00
Simon McVittie 1c1437995c page.tmpl: optionally include "add comment" link 2008-12-11 21:14:04 +00:00
Simon McVittie 8776c76e32 comments_comment.tmpl: allow permalink, anchor to be passed in 2008-12-11 21:14:04 +00:00
Simon McVittie 3a46e7c7f1 comments_embed.tmpl: include the inlined comments if present 2008-12-11 21:14:03 +00:00
Simon McVittie 0df983c5a7 Add comments to page.tmpl 2008-12-11 21:14:03 +00:00
Simon McVittie 249ea2ed75 comments: remove allowhtml option, just switch it on all the time
Now that posts are individually sanitized, that should be safe.
2008-12-11 21:14:03 +00:00
Simon McVittie 3d4aa065d6 postcomment: Rename plugin to comments, use *._comment files
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11 21:14:02 +00:00
Simon McVittie 3c9ccb406b Rename smcvpostcomment plugin to postcomment to propose for inclusion 2008-12-11 21:14:02 +00:00
Simon McVittie 2857b301e7 smcvpostcomment_*.tmpl: make class names match template names
Also put "posting comments disabled" in [], and change "Page preview"
to "Comment preview".
2008-12-11 21:14:02 +00:00
Simon McVittie d18adfb1ad smcvpostcomment: indicate in form whether HTML and directives are allowed 2008-12-11 21:14:02 +00:00
Simon McVittie 7be3a15244 Use a link rather than a button for "post comments" 2008-12-11 21:14:01 +00:00
Simon McVittie f77f7a02a6 Add initial version of a postcomment plugin (temporarily namespaced as smcvpostcomment) 2008-12-11 21:14:01 +00:00
Joey Hess e307eeda3d html escaping complication
Can't escape things to entities if the template then escapes the entities.
(aggregate doesn't have this problem.)
2008-11-18 02:48:24 -05:00
Joey Hess f0e58faefa Add rel=nofollow to recentchanges_links for the same (weak) reasons it was earlier added to edit links. 2008-11-10 18:05:30 -05:00
Joey Hess 2b569f99d9 fix relativedate timezone inclusion
The machine parseable date needs to include a timezone.

Also, simplified the interface for date display.
2008-10-19 19:21:44 -04:00
Joey Hess 3f922abff4 remove old dup div 2008-10-18 19:11:57 -04:00
Joey Hess 35c56622ea tweak recentchanges permalink code
Need to handle the case where url is not set.
2008-10-17 21:54:42 -04:00
Joey Hess fdb5da46b0 Patch for anchor-based change permalinks in recent changes feed
from JasonBlevins
2008-10-17 21:49:55 -04:00
Joey Hess 02ec92c6cb make relativedate work for the dates on the recentchanges page
Having a always current relative date on recentchanges is very, very nice.
2008-10-17 21:21:07 -04:00
Joey Hess 7390a7a072 relativedate: New javascript-alicious plugin that makes all dates display relative, in a very nice way, if I say so myself. 2008-10-17 20:47:32 -04:00
Peter Simons f9957d11ed google plugin: Use google.com to search the local site.
Google allows has a nice feature, sitesearch, that allows anyone to
limit search results to a specific site. Obviously, this feature can be
used to provide a search engine for the local ikiwiki site without the
need to install any additional software. Just enable the 'google' plugin
and make sure that --url uses the proper hostname. Thanks to Joey for
helping to get the Perl implementation right.
2008-10-10 17:05:02 -04:00
Joey Hess 40dc92a67b multiple rename support is working
most edge cases seem handled too
2008-09-23 19:21:05 -04:00
Joey Hess 11550f9593 avoid link fixup if page name stayed the same 2008-08-07 16:17:50 -04:00
Joey Hess 6cfb5c5b59 Added a small icon to the search input box. 2008-08-06 19:34:33 -04:00
Simon McVittie a64dca8356 Escape HTML in Atom feed metadata rather than treating it as XHTML 2008-07-31 22:15:22 +01:00
Simon McVittie 9b901a3364 Escape HTML in RSS feeds, rather than relying on it being valid to stuff into a CDATA section 2008-07-31 22:13:21 +01:00
Simon McVittie 9bc2e316b2 Escape HTML in Atom feeds, rather than relying on it being well-formed XHTML with no named entity references 2008-07-31 22:12:56 +01:00
Joey Hess 054a98647f really rm ;-) 2008-07-29 16:56:25 -04:00
Joey Hess a02c3f46ea initial draft 2008-07-29 15:39:01 -04:00
Joey Hess 7befc6deb3 link fixup on rename working 2008-07-23 19:12:05 -04:00
Joey Hess 29f32d0ba3 add a list of broken links after the rename 2008-07-22 20:30:54 -04:00
Joey Hess 1c9a3cb82b add a rename summary 2008-07-22 20:17:03 -04:00
Joey Hess d76c10cba2 Split out error messages from editpage.tmpl into several separate templates. 2008-07-22 19:58:34 -04:00
Joey Hess 96c529826d skeleton rename plugin 2008-07-21 22:30:43 -04:00
Joey Hess a1df39ed4a simplified confirmation form
also, there's no titlepage conversion issues
2008-07-21 14:22:57 -04:00
Joey Hess 3da279ddd4 editpage: Don't show attachments link when attachments are disabled. 2008-07-21 12:15:55 -04:00
Gabriel McManus e3b0584a49 Use correct term prefixes when searching.
The Z term prefix is for stemming and shouldn't be used here.
X is for custom fields.
2008-07-19 13:23:02 -04:00
Simon McVittie 49fac7fbdb Oops, add missing </span> 2008-07-15 01:14:47 +01:00
Simon McVittie d1eba95cdc More CSS hooks for page.tmpl.
I notice madduck.net already has a similar change :-)
2008-07-15 00:56:19 +01:00
Simon McVittie 879d780603 Add more CSS hooks to inlinepage.tmpl
* Wrap everything before the content in <div class="inlineheader">
* Wrap the inlined content itself in <div class="inlinecontent">
* Wrap everything after the content in <div class="inlinefooter">
2008-07-13 15:13:20 +01:00
Simon McVittie fe242ad996 Add more stylesheet hooks to the page template
* Wrap header stuff, including actions, in <div class="pageheader">
  (there is already a class="header", which is a subset of this, so
  using id="header" would be confusing)
* Add class="pagefooter" to the existing <div id="footer">, for symmetry
2008-07-13 15:09:37 +01:00
Simon McVittie 415c8e0cb5 Rename [[!inline atomid="..."]] to [[!inline guid="..."]] to be consistent with [[!meta guid="..."]], which also outputs an Atom <id> 2008-07-12 17:12:37 +01:00
Simon McVittie 2bd8ada5a6 Accept [[!inline ... atomid="..."]] and use it to populate the feed's Atom <id>.
This is often the same as the feed's <link> (in which case it can be omitted) but sometimes it's a urn:uuid: URN instead.
2008-07-12 17:09:41 +01:00
Simon McVittie 50ec532bba Add MIME type to Atom feeds' <link rel='self'> 2008-07-12 17:09:35 +01:00
Joey Hess ca30d95a78 rename uuid to guid 2008-07-12 10:59:45 -04:00
Simon McVittie fc917fa383 rssitem.tmpl: use UUID as <guid> if supplied 2008-07-11 23:47:00 +01:00
Simon McVittie 9f479a83a7 atomitem.tmpl: use UUID as <id> if supplied 2008-07-11 23:46:48 +01:00
Joey Hess badfb9a5c9 add br at top
firefox 3 smooshed the page location dropdown up to the page title,
obscuring descenders and underscores. Maybe that's a bug, since the CSS
didn't ask it to, but I think adding the extra space of a br at the top
looks better anyway.
2008-07-06 14:54:38 -04:00
Joey Hess edfbd7e1aa toggle: Add javascript to top of page, not to end. This avoids flicker since closed toggles will not be displayed as the page is loading. 2008-07-02 16:14:18 -04:00
Joey Hess 1289beb53b xhtml fixes 2008-07-02 16:08:48 -04:00
Joey Hess d593533af5 attachments interface visibility toggling 2008-07-02 15:42:32 -04:00
Joey Hess c1e9e121b7 basic attachment list 2008-07-01 17:19:38 -04:00
Joey Hess 6643db0cd2 add support for an attachment upload field
FormBuilder makes it annoyingly hard to move a submit button to a
nonstandard place. The button name has to be "_submit" or FormBuilder will
ignore it.
2008-06-30 21:29:37 -04:00
Joey Hess 50542d15ef Add support for the universal edit button
<http://universaleditbutton.org/>

Not forcing a rebuild on upgrade just for this.
2008-06-21 16:56:47 -04:00
Joey Hess 3215b5a982 finishing touches on the new search plugin
- Add a Help link.
- If the pageterm is too long, hash it.
2008-06-04 15:24:28 -04:00
Joey Hess e4119f048c The search interface now allows searching for a page by title ("title:foo"), as well as for pages that contain a given link ("link:bar"). 2008-06-04 14:13:21 -04:00
Joey Hess 18b0aa1f13 prettify page names, and drop the redunadant url display 2008-06-03 22:11:33 -04:00
Joey Hess 8a6a5320ed search: Converted to use xapian-omega.
Everything is done except for the actual indexing. I plan to do incremental
indexing as pages change.
2008-06-03 15:29:54 -04:00
Joey Hess 878bfe008c improve wording 2008-05-30 17:53:10 -04:00
Joey Hess e943812dc9 hashed password support, and empty password security fix
This implements the previously documented hashed password support.

While implementing that, I noticed a security hole, which this commit
also fixes..
2008-05-30 17:35:34 -04:00
Joey Hess 6725413516 Add rel=nofollow to edit links. This may prevent some spiders from pounding on the cgi following edit links. 2008-05-28 03:09:04 -04:00
Joey Hess 2718fc2b25 response 2008-04-10 19:54:38 -04:00
Joey Hess 2beb279806 Give the full path to the hyperestraier helpfile in estseek.conf. 2008-04-10 17:50:43 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess d93aaed791 * Add recentchangesdiff plugin that adds diffs to the recentchanges feeds.
* rcs_diff is a new function that rcs modules should implement.
* Implemented rcs_diff for git, svn, and tla (tla version untested).
  Mercurial and monotone still todo.
2008-03-03 15:53:34 -05:00
Joey Hess 8be2b60aac * The search plugin needs to override <base> to point to the directory
containing ikiwiki.cgi, but this should not change the urls to the style
  sheets etc. Add a new forcebareurl parameter to misctemplate to allow
  it to do that.
2008-02-14 15:20:49 -05:00