Commit Graph

69 Commits (f8baa57a37fe542ef7a8d8609ab4d8acf27016b3)

Author SHA1 Message Date
Simon McVittie 80e84e32bf Delay checking for session expiry til we actually post a comment 2008-12-11 21:14:04 +00:00
Simon McVittie 24bfc3fdc5 comments: record the time at which each comment was posted 2008-12-11 21:14:04 +00:00
Simon McVittie e66e2c2a7e comments: Use a checkconfig hook to get the default value of comments_pagename 2008-12-11 21:14:04 +00:00
Simon McVittie 4ff161ba0b comments: render comments/commenturl in page.tmpl 2008-12-11 21:14:04 +00:00
Simon McVittie 49eabc676a comments: use global config to decide whether commenting is allowed, and for name of page
Also:
* decide comment page name sooner
* set permalink on it
2008-12-11 21:14:04 +00:00
Simon McVittie a9b0b3da5f comments: use global configuration for allow_directives, commit, and pagename 2008-12-11 21:14:04 +00:00
Simon McVittie d35a2bd2de comments: Add some global configuration 2008-12-11 21:14:04 +00:00
Simon McVittie 4972baac4d comments: make preprocess a no-op 2008-12-11 21:14:04 +00:00
Simon McVittie c9bb8b03a4 comments: document what linkuser does 2008-12-11 21:14:03 +00:00
Simon McVittie 404792c618 comments: add a stub pagetemplate hook to show the comments 2008-12-11 21:14:03 +00:00
Simon McVittie 3abfc1d71c comments: Use HTML entities to escape directives 2008-12-11 21:14:03 +00:00
Simon McVittie 430ac61f21 Embed comments into comments_embed.tmpl rather than concatenating in perl 2008-12-11 21:14:03 +00:00
Simon McVittie 286dbb0541 comments: use CGI module's checksessionexpiry 2008-12-11 21:14:03 +00:00
Simon McVittie 249ea2ed75 comments: remove allowhtml option, just switch it on all the time
Now that posts are individually sanitized, that should be safe.
2008-12-11 21:14:03 +00:00
Simon McVittie 4663f364bb comments: load inline and mdwn lazily 2008-12-11 21:14:03 +00:00
Simon McVittie 9d92fd5eb0 comments: don't rely on mdwn getting loaded first 2008-12-11 21:14:03 +00:00
Simon McVittie ebe140201e comments: sanitize the body of each comment before posting it
This should ensure that users can't "break out" from the enclosing
<div>, making it impossible to forge comments (assuming htmlscrubber
is enabled, and so is either htmlbalance or htmltidy).
2008-12-11 21:14:03 +00:00
Simon McVittie 57e40b9ce5 Fix typo that led to comments being blanked 2008-12-11 21:14:02 +00:00
Simon McVittie 3d4aa065d6 postcomment: Rename plugin to comments, use *._comment files
The PageSpec is still called "postcomment" since that's what it means.
2008-12-11 21:14:02 +00:00