]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/comments.pm
Rebuild for jessie-backports, no source changes (Closes: #807452)
[git.ikiwiki.info.git] / IkiWiki / Plugin / comments.pm
index a0ca9f32e484090969fbfa605875268cd112e9d8..ad813d19d7e669c189342140c9d166d94968b4e7 100644 (file)
@@ -198,7 +198,6 @@ sub preprocess {
                $commentuser = $params{username};
 
                my $oiduser = eval { IkiWiki::openiduser($commentuser) };
                $commentuser = $params{username};
 
                my $oiduser = eval { IkiWiki::openiduser($commentuser) };
-
                if (defined $oiduser) {
                        # looks like an OpenID
                        $commentauthorurl = $commentuser;
                if (defined $oiduser) {
                        # looks like an OpenID
                        $commentauthorurl = $commentuser;
@@ -206,10 +205,17 @@ sub preprocess {
                        $commentopenid = $commentuser;
                }
                else {
                        $commentopenid = $commentuser;
                }
                else {
-                       $commentauthorurl = IkiWiki::cgiurl(
-                               do => 'goto',
-                               page => IkiWiki::userpage($commentuser)
-                       );
+                       my $emailuser = IkiWiki::emailuser($commentuser);
+                       if (defined $emailuser) {
+                               $commentuser=$emailuser;
+                       }
+
+                       if (length $config{cgiurl}) {
+                               $commentauthorurl = IkiWiki::cgiurl(
+                                       do => 'goto',
+                                       page => IkiWiki::userpage($commentuser)
+                               );
+                       }
 
                        $commentauthor = $commentuser;
                }
 
                        $commentauthor = $commentuser;
                }
@@ -221,22 +227,9 @@ sub preprocess {
                $commentauthor = gettext("Anonymous");
        }
 
                $commentauthor = gettext("Anonymous");
        }
 
-       $commentstate{$page}{commentuser} = $commentuser;
-       $commentstate{$page}{commentopenid} = $commentopenid;
-       $commentstate{$page}{commentip} = $commentip;
-       $commentstate{$page}{commentauthor} = $commentauthor;
-       $commentstate{$page}{commentauthorurl} = $commentauthorurl;
-       $commentstate{$page}{commentauthoravatar} = $params{avatar};
-       if (! defined $pagestate{$page}{meta}{author}) {
-               $pagestate{$page}{meta}{author} = $commentauthor;
-       }
-       if (! defined $pagestate{$page}{meta}{authorurl}) {
-               $pagestate{$page}{meta}{authorurl} = $commentauthorurl;
-       }
-
        if ($config{comments_allowauthor}) {
                if (defined $params{claimedauthor}) {
        if ($config{comments_allowauthor}) {
                if (defined $params{claimedauthor}) {
-                       $pagestate{$page}{meta}{author} = $params{claimedauthor};
+                       $commentauthor = $params{claimedauthor};
                }
 
                if (defined $params{url}) {
                }
 
                if (defined $params{url}) {
@@ -248,12 +241,21 @@ sub preprocess {
                        }
 
                        if (safeurl($url)) {
                        }
 
                        if (safeurl($url)) {
-                               $pagestate{$page}{meta}{authorurl} = $url;
+                               $commentauthorurl = $url;
                        }
                }
        }
                        }
                }
        }
-       else {
+
+       $commentstate{$page}{commentuser} = $commentuser;
+       $commentstate{$page}{commentopenid} = $commentopenid;
+       $commentstate{$page}{commentip} = $commentip;
+       $commentstate{$page}{commentauthor} = $commentauthor;
+       $commentstate{$page}{commentauthorurl} = $commentauthorurl;
+       $commentstate{$page}{commentauthoravatar} = $params{avatar};
+       if (! defined $pagestate{$page}{meta}{author}) {
                $pagestate{$page}{meta}{author} = $commentauthor;
                $pagestate{$page}{meta}{author} = $commentauthor;
+       }
+       if (! defined $pagestate{$page}{meta}{authorurl}) {
                $pagestate{$page}{meta}{authorurl} = $commentauthorurl;
        }
 
                $pagestate{$page}{meta}{authorurl} = $commentauthorurl;
        }
 
@@ -438,6 +440,16 @@ sub editcomment ($$) {
                        $page));
        }
 
                        $page));
        }
 
+       # There's no UI to get here, but someone might construct the URL,
+       # leading to a comment that exists in the repository but isn't
+       # shown
+       if (!pagespec_match($page, $config{comments_pagespec},
+               location => $page)) {
+               error(sprintf(gettext(
+                       "comments on page '%s' are not allowed"),
+                       $page));
+       }
+
        if (pagespec_match($page, $config{comments_closed_pagespec},
                location => $page)) {
                error(sprintf(gettext(
        if (pagespec_match($page, $config{comments_closed_pagespec},
                location => $page)) {
                error(sprintf(gettext(
@@ -454,17 +466,20 @@ sub editcomment ($$) {
        my $content = "[[!comment format=$type\n";
 
        if (defined $session->param('name')) {
        my $content = "[[!comment format=$type\n";
 
        if (defined $session->param('name')) {
-               my $username = $session->param('name');
+               my $username = IkiWiki::cloak($session->param('name'));
                $username =~ s/"/"/g;
                $content .= " username=\"$username\"\n";
        }
                $username =~ s/"/"/g;
                $content .= " username=\"$username\"\n";
        }
+
        if (defined $session->param('nickname')) {
                my $nickname = $session->param('nickname');
                $nickname =~ s/"/"/g;
                $content .= " nickname=\"$nickname\"\n";
        }
        if (defined $session->param('nickname')) {
                my $nickname = $session->param('nickname');
                $nickname =~ s/"/"/g;
                $content .= " nickname=\"$nickname\"\n";
        }
-       elsif (defined $session->remote_addr()) {
-               $content .= " ip=\"".$session->remote_addr()."\"\n";
+
+       if (!(defined $session->param('name') || defined $session->param('nickname')) &&
+               defined $session->remote_addr()) {
+               $content .= " ip=\"".IkiWiki::cloak($session->remote_addr())."\"\n";
        }
 
        if ($config{comments_allowauthor}) {
        }
 
        if ($config{comments_allowauthor}) {
@@ -494,8 +509,7 @@ sub editcomment ($$) {
                $subject = "comment ".(num_comments($page, $config{srcdir}) + 1);
        }
        $content .= " subject=\"$subject\"\n";
                $subject = "comment ".(num_comments($page, $config{srcdir}) + 1);
        }
        $content .= " subject=\"$subject\"\n";
-
-       $content .= " date=\"" . strftime_utf8('%Y-%m-%dT%H:%M:%SZ', gmtime) . "\"\n";
+       $content .= " date=\"" . commentdate() . "\"\n";
 
        my $editcontent = $form->field('editcontent');
        $editcontent="" if ! defined $editcontent;
 
        my $editcontent = $form->field('editcontent');
        $editcontent="" if ! defined $editcontent;
@@ -623,6 +637,10 @@ sub editcomment ($$) {
        exit;
 }
 
        exit;
 }
 
+sub commentdate () {
+       strftime_utf8('%Y-%m-%dT%H:%M:%SZ', gmtime);
+}
+
 sub getavatar ($) {
        my $user=shift;
        return undef unless defined $user;
 sub getavatar ($) {
        my $user=shift;
        return undef unless defined $user;
@@ -999,7 +1017,7 @@ sub num_comments ($$) {
        return int @comments;
 }
 
        return int @comments;
 }
 
-sub unique_comment_location ($$$$) {
+sub unique_comment_location ($$$;$) {
        my $page=shift;
        eval q{use Digest::MD5 'md5_hex'};
        error($@) if $@;
        my $page=shift;
        eval q{use Digest::MD5 'md5_hex'};
        error($@) if $@;