]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/comments.pm
po: Add failing test for Debian bug #911356
[git.ikiwiki.info.git] / IkiWiki / Plugin / comments.pm
old mode 100755 (executable)
new mode 100644 (file)
index 3ad2a0e..46e1b26
@@ -9,7 +9,6 @@ use warnings;
 use strict;
 use IkiWiki 3.00;
 use Encode;
-use POSIX qw(strftime);
 
 use constant PREVIEW => "Preview";
 use constant POST_COMMENT => "Post comment";
@@ -36,6 +35,7 @@ sub import {
        # Load goto to fix up user page links for logged-in commenters
        IkiWiki::loadplugin("goto");
        IkiWiki::loadplugin("inline");
+       IkiWiki::loadplugin("transient");
 }
 
 sub getsetup () {
@@ -91,17 +91,31 @@ sub getsetup () {
                        safe => 0,
                        rebuild => 0,
                },
+               comments_allowformats => {
+                       type => 'string',
+                       default => '',
+                       example => 'mdwn txt',
+                       description => 'Restrict formats for comments to (no restriction if empty)',
+                       safe => 1,
+                       rebuild => 0,
+               },
+
 }
 
 sub checkconfig () {
        $config{comments_commit} = 1
                unless defined $config{comments_commit};
+       if (! $config{comments_commit}) {
+               $config{only_committed_changes}=0;
+       }
        $config{comments_pagespec} = ''
                unless defined $config{comments_pagespec};
        $config{comments_closed_pagespec} = ''
                unless defined $config{comments_closed_pagespec};
        $config{comments_pagename} = 'comment_'
                unless defined $config{comments_pagename};
+       $config{comments_allowformats} = ''
+               unless defined $config{comments_allowformats};
 }
 
 sub htmlize {
@@ -112,7 +126,7 @@ sub htmlize {
 sub htmlize_pending {
        my %params = @_;
        return sprintf(gettext("this comment needs %s"),
-               '<a href="'.
+               '<a rel="nofollow" href="'.
                IkiWiki::cgiurl(do => "commentmoderation").'">'.
                gettext("moderation").'</a>');
 }
@@ -129,12 +143,18 @@ sub safeurl ($) {
        }
 }
 
+sub isallowed ($) {
+    my $format = shift;
+    return ! $config{comments_allowformats} || $config{comments_allowformats} =~ /\b$format\b/;
+}
+
 sub preprocess {
        my %params = @_;
        my $page = $params{page};
 
        my $format = $params{format};
-       if (defined $format && ! exists $IkiWiki::hooks{htmlize}{$format}) {
+       if (defined $format && (! exists $IkiWiki::hooks{htmlize}{$format} ||
+                               ! isallowed($format))) {
                error(sprintf(gettext("unsupported page format %s"), $format));
        }
 
@@ -178,7 +198,6 @@ sub preprocess {
                $commentuser = $params{username};
 
                my $oiduser = eval { IkiWiki::openiduser($commentuser) };
-
                if (defined $oiduser) {
                        # looks like an OpenID
                        $commentauthorurl = $commentuser;
@@ -186,10 +205,17 @@ sub preprocess {
                        $commentopenid = $commentuser;
                }
                else {
-                       $commentauthorurl = IkiWiki::cgiurl(
-                               do => 'goto',
-                               page => IkiWiki::userpage($commentuser)
-                       );
+                       my $emailuser = IkiWiki::emailuser($commentuser);
+                       if (defined $emailuser) {
+                               $commentuser=$emailuser;
+                       }
+
+                       if (length $config{cgiurl}) {
+                               $commentauthorurl = IkiWiki::cgiurl(
+                                       do => 'goto',
+                                       page => IkiWiki::userpage($commentuser)
+                               );
+                       }
 
                        $commentauthor = $commentuser;
                }
@@ -201,22 +227,9 @@ sub preprocess {
                $commentauthor = gettext("Anonymous");
        }
 
-       $commentstate{$page}{commentuser} = $commentuser;
-       $commentstate{$page}{commentopenid} = $commentopenid;
-       $commentstate{$page}{commentip} = $commentip;
-       $commentstate{$page}{commentauthor} = $commentauthor;
-       $commentstate{$page}{commentauthorurl} = $commentauthorurl;
-       $commentstate{$page}{commentauthoravatar} = $params{avatar};
-       if (! defined $pagestate{$page}{meta}{author}) {
-               $pagestate{$page}{meta}{author} = $commentauthor;
-       }
-       if (! defined $pagestate{$page}{meta}{authorurl}) {
-               $pagestate{$page}{meta}{authorurl} = $commentauthorurl;
-       }
-
        if ($config{comments_allowauthor}) {
                if (defined $params{claimedauthor}) {
-                       $pagestate{$page}{meta}{author} = $params{claimedauthor};
+                       $commentauthor = $params{claimedauthor};
                }
 
                if (defined $params{url}) {
@@ -228,12 +241,21 @@ sub preprocess {
                        }
 
                        if (safeurl($url)) {
-                               $pagestate{$page}{meta}{authorurl} = $url;
+                               $commentauthorurl = $url;
                        }
                }
        }
-       else {
+
+       $commentstate{$page}{commentuser} = $commentuser;
+       $commentstate{$page}{commentopenid} = $commentopenid;
+       $commentstate{$page}{commentip} = $commentip;
+       $commentstate{$page}{commentauthor} = $commentauthor;
+       $commentstate{$page}{commentauthorurl} = $commentauthorurl;
+       $commentstate{$page}{commentauthoravatar} = $params{avatar};
+       if (! defined $pagestate{$page}{meta}{author}) {
                $pagestate{$page}{meta}{author} = $commentauthor;
+       }
+       if (! defined $pagestate{$page}{meta}{authorurl}) {
                $pagestate{$page}{meta}{authorurl} = $commentauthorurl;
        }
 
@@ -264,7 +286,7 @@ sub preprocess_moderation {
                unless defined $params{desc};
 
        if (length $config{cgiurl}) {
-               return '<a href="'.
+               return '<a rel="nofollow" href="'.
                        IkiWiki::cgiurl(do => 'commentmoderation').
                        '">'.$params{desc}.'</a>';
        }
@@ -302,7 +324,8 @@ sub editcomment ($$) {
 
        my @buttons = (POST_COMMENT, PREVIEW, CANCEL);
        my $form = CGI::FormBuilder->new(
-               fields => [qw{do sid page subject editcontent type author url}],
+               fields => [qw{do sid page subject editcontent type author
+                       email url subscribe anonsubscribe}],
                charset => 'utf-8',
                method => 'POST',
                required => [qw{editcontent}],
@@ -332,8 +355,9 @@ sub editcomment ($$) {
 
        my @page_types;
        if (exists $IkiWiki::hooks{htmlize}) {
-               foreach my $key (grep { !/^_/ } keys %{$IkiWiki::hooks{htmlize}}) {
-                       push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key];
+               foreach my $key (grep { !/^_/ && isallowed($_) } keys %{$IkiWiki::hooks{htmlize}}) {
+                       push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key]
+                               unless $IkiWiki::hooks{htmlize}{$key}{nocreate};
                }
        }
        @page_types=sort @page_types;
@@ -347,18 +371,35 @@ sub editcomment ($$) {
        $form->field(name => "type", value => $type, force => 1,
                type => 'select', options => \@page_types);
 
-       $form->tmpl_param(username => $session->param('name'));
+       my $username=$session->param('name');
+       $form->tmpl_param(username => $username);
+               
+       $form->field(name => "subscribe", type => 'hidden');
+       $form->field(name => "anonsubscribe", type => 'hidden');
+       if (IkiWiki::Plugin::notifyemail->can("subscribe")) {
+               if (defined $username) {
+                       $form->field(name => "subscribe", type => "checkbox",
+                               options => [gettext("email replies to me")]);
+               }
+               elsif (IkiWiki::Plugin::passwordauth->can("anonuser")) {
+                       $form->field(name => "anonsubscribe", type => "checkbox",
+                               options => [gettext("email replies to me")]);
+               }
+       }
 
        if ($config{comments_allowauthor} and
            ! defined $session->param('name')) {
                $form->tmpl_param(allowauthor => 1);
                $form->field(name => 'author', type => 'text', size => '40');
+               $form->field(name => 'email', type => 'text', size => '40');
                $form->field(name => 'url', type => 'text', size => '40');
        }
        else {
                $form->tmpl_param(allowauthor => 0);
                $form->field(name => 'author', type => 'hidden', value => '',
                        force => 1);
+               $form->field(name => 'email', type => 'hidden', value => '',
+                       force => 1);
                $form->field(name => 'url', type => 'hidden', value => '',
                        force => 1);
        }
@@ -400,6 +441,16 @@ sub editcomment ($$) {
                        $page));
        }
 
+       # There's no UI to get here, but someone might construct the URL,
+       # leading to a comment that exists in the repository but isn't
+       # shown
+       if (!pagespec_match($page, $config{comments_pagespec},
+               location => $page)) {
+               error(sprintf(gettext(
+                       "comments on page '%s' are not allowed"),
+                       $page));
+       }
+
        if (pagespec_match($page, $config{comments_closed_pagespec},
                location => $page)) {
                error(sprintf(gettext(
@@ -416,20 +467,20 @@ sub editcomment ($$) {
        my $content = "[[!comment format=$type\n";
 
        if (defined $session->param('name')) {
-               my $username = $session->param('name');
+               my $username = IkiWiki::cloak($session->param('name'));
                $username =~ s/"/&quot;/g;
                $content .= " username=\"$username\"\n";
        }
+
        if (defined $session->param('nickname')) {
                my $nickname = $session->param('nickname');
                $nickname =~ s/"/&quot;/g;
                $content .= " nickname=\"$nickname\"\n";
        }
-       elsif (defined $session->remote_addr()) {
-               my $ip = $session->remote_addr();
-               if ($ip =~ m/^([.0-9]+)$/) {
-                       $content .= " ip=\"$1\"\n";
-               }
+
+       if (!(defined $session->param('name') || defined $session->param('nickname')) &&
+               defined $session->remote_addr()) {
+               $content .= " ip=\"".IkiWiki::cloak($session->remote_addr())."\"\n";
        }
 
        if ($config{comments_allowauthor}) {
@@ -459,8 +510,7 @@ sub editcomment ($$) {
                $subject = "comment ".(num_comments($page, $config{srcdir}) + 1);
        }
        $content .= " subject=\"$subject\"\n";
-
-       $content .= " date=\"" . decode_utf8(strftime('%Y-%m-%dT%H:%M:%SZ', gmtime)) . "\"\n";
+       $content .= " date=\"" . commentdate() . "\"\n";
 
        my $editcontent = $form->field('editcontent');
        $editcontent="" if ! defined $editcontent;
@@ -491,13 +541,28 @@ sub editcomment ($$) {
 
        if ($form->submitted eq POST_COMMENT && $form->validate) {
                IkiWiki::checksessionexpiry($cgi, $session);
+
+               if (IkiWiki::Plugin::notifyemail->can("subscribe")) {
+                       my $subspec="comment($page)";
+                       if (defined $username &&
+                           length $form->field("subscribe")) {
+                               IkiWiki::Plugin::notifyemail::subscribe(
+                                       $username, $subspec);
+                       }
+                       elsif (length $form->field("email") &&
+                              length $form->field("anonsubscribe")) {
+                               IkiWiki::Plugin::notifyemail::anonsubscribe(
+                                       $form->field("email"), $subspec);
+                       }
+               }
                
                $postcomment=1;
-               my $ok=IkiWiki::check_content(content => $form->field('editcontent'),
-                       subject => $form->field('subject'),
+               my $ok=IkiWiki::check_content(
+                       content => scalar $form->field('editcontent'),
+                       subject => scalar $form->field('subject'),
                        $config{comments_allowauthor} ? (
-                               author => $form->field('author'),
-                               url => $form->field('url'),
+                               author => scalar $form->field('author'),
+                               url => scalar $form->field('url'),
                        ) : (),
                        page => $location,
                        cgi => $cgi,
@@ -507,8 +572,8 @@ sub editcomment ($$) {
                $postcomment=0;
 
                if (! $ok) {
-                       $location=unique_comment_location($page, $content, $config{srcdir}, "._comment_pending");
-                       writefile("$location._comment_pending", $config{srcdir}, $content);
+                       $location=unique_comment_location($page, $content, $IkiWiki::Plugin::transient::transientdir, "._comment_pending");
+                       writefile("$location._comment_pending", $IkiWiki::Plugin::transient::transientdir, $content);
 
                        # Refresh so anything that deals with pending
                        # comments can be updated.
@@ -537,7 +602,7 @@ sub editcomment ($$) {
                                length $form->field('subject')) {
                                $message = sprintf(
                                        gettext("Added a comment: %s"),
-                                       $form->field('subject'));
+                                       scalar $form->field('subject'));
                        }
 
                        IkiWiki::rcs_add($file);
@@ -574,9 +639,14 @@ sub editcomment ($$) {
        exit;
 }
 
+sub commentdate () {
+       strftime_utf8('%Y-%m-%dT%H:%M:%SZ', gmtime);
+}
+
 sub getavatar ($) {
        my $user=shift;
-       
+       return undef unless defined $user;
+
        my $avatar;
        eval q{use Libravatar::URL};
        if (! $@) {
@@ -632,10 +702,17 @@ sub commentmoderation ($$) {
                                }
 
                                my $page=IkiWiki::dirname($f);
-                               my $file="$config{srcdir}/$f";
+                               my $filedir=$IkiWiki::Plugin::transient::transientdir;
+                               my $file="$filedir/$f";
                                if (! -e $file) {
                                        # old location
-                                       $file="$config{wikistatedir}/comments_pending/".$f;
+                                       $file="$config{srcdir}/$f";
+                                       $filedir=$config{srcdir};
+                                       if (! -e $file) {
+                                               # older location
+                                               $file="$config{wikistatedir}/comments_pending/".$f;
+                                               $filedir="$config{wikistatedir}/comments_pending";
+                                       }
                                }
 
                                if ($action eq 'Accept') {
@@ -650,7 +727,7 @@ sub commentmoderation ($$) {
                                }
 
                                require IkiWiki::Render;
-                               IkiWiki::prune($file);
+                               IkiWiki::prune($file, $filedir);
                        }
                }
 
@@ -749,6 +826,8 @@ sub comments_pending () {
                chdir($origdir) || die "chdir $origdir: $!";
        };
        
+       $find_comments->($IkiWiki::Plugin::transient::transientdir, "._comment_pending");
+       # old location
        $find_comments->($config{srcdir}, "._comment_pending");
        # old location
        $find_comments->("$config{wikistatedir}/comments_pending/",
@@ -842,16 +921,18 @@ sub pagetemplate (@) {
        }
 
        if ($shown) {
+               my $absolute = $template->param('wants_absolute_urls');
+
                if ($template->query(name => 'commentsurl')) {
                        $template->param(commentsurl =>
-                               urlto($page).'#comments');
+                               urlto($page, undef, $absolute).'#comments');
                }
 
                if ($template->query(name => 'atomcommentsurl') && $config{usedirs}) {
                        # This will 404 until there are some comments, but I
                        # think that's probably OK...
                        $template->param(atomcommentsurl =>
-                               urlto($page).'comments.atom');
+                               urlto($page, undef, $absolute).'comments.atom');
                }
 
                if ($template->query(name => 'commentslink')) {
@@ -865,7 +946,7 @@ sub pagetemplate (@) {
                                );
                        }
                        elsif (commentsopen($page)) {
-                               $link = "<a href=\"".addcommenturl($page)."\">".
+                               $link = "<a rel=\"nofollow\" href=\"".addcommenturl($page)."\">".
                                        #translators: Here "Comment" is a verb;
                                        #translators: the user clicks on it to
                                        #translators: post a comment.
@@ -940,7 +1021,7 @@ sub num_comments ($$) {
        return int @comments;
 }
 
-sub unique_comment_location ($$$$) {
+sub unique_comment_location ($$$;$) {
        my $page=shift;
        eval q{use Digest::MD5 'md5_hex'};
        error($@) if $@;