]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/comments.pm
HTML-escape error messages (OVE-20160505-0012)
[git.ikiwiki.info.git] / IkiWiki / Plugin / comments.pm
index 0d5e3c078a9c229b409950c1e65eb1affa3787ac..c5177833f2430d28860e26bdeca1356c6b7a03eb 100644 (file)
@@ -35,6 +35,7 @@ sub import {
        # Load goto to fix up user page links for logged-in commenters
        IkiWiki::loadplugin("goto");
        IkiWiki::loadplugin("inline");
        # Load goto to fix up user page links for logged-in commenters
        IkiWiki::loadplugin("goto");
        IkiWiki::loadplugin("inline");
+       IkiWiki::loadplugin("transient");
 }
 
 sub getsetup () {
 }
 
 sub getsetup () {
@@ -90,17 +91,31 @@ sub getsetup () {
                        safe => 0,
                        rebuild => 0,
                },
                        safe => 0,
                        rebuild => 0,
                },
+               comments_allowformats => {
+                       type => 'string',
+                       default => '',
+                       example => 'mdwn txt',
+                       description => 'Restrict formats for comments to (no restriction if empty)',
+                       safe => 1,
+                       rebuild => 0,
+               },
+
 }
 
 sub checkconfig () {
        $config{comments_commit} = 1
                unless defined $config{comments_commit};
 }
 
 sub checkconfig () {
        $config{comments_commit} = 1
                unless defined $config{comments_commit};
+       if (! $config{comments_commit}) {
+               $config{only_committed_changes}=0;
+       }
        $config{comments_pagespec} = ''
                unless defined $config{comments_pagespec};
        $config{comments_closed_pagespec} = ''
                unless defined $config{comments_closed_pagespec};
        $config{comments_pagename} = 'comment_'
                unless defined $config{comments_pagename};
        $config{comments_pagespec} = ''
                unless defined $config{comments_pagespec};
        $config{comments_closed_pagespec} = ''
                unless defined $config{comments_closed_pagespec};
        $config{comments_pagename} = 'comment_'
                unless defined $config{comments_pagename};
+       $config{comments_allowformats} = ''
+               unless defined $config{comments_allowformats};
 }
 
 sub htmlize {
 }
 
 sub htmlize {
@@ -128,12 +143,18 @@ sub safeurl ($) {
        }
 }
 
        }
 }
 
+sub isallowed ($) {
+    my $format = shift;
+    return ! $config{comments_allowformats} || $config{comments_allowformats} =~ /\b$format\b/;
+}
+
 sub preprocess {
        my %params = @_;
        my $page = $params{page};
 
        my $format = $params{format};
 sub preprocess {
        my %params = @_;
        my $page = $params{page};
 
        my $format = $params{format};
-       if (defined $format && ! exists $IkiWiki::hooks{htmlize}{$format}) {
+       if (defined $format && (! exists $IkiWiki::hooks{htmlize}{$format} ||
+                               ! isallowed($format))) {
                error(sprintf(gettext("unsupported page format %s"), $format));
        }
 
                error(sprintf(gettext("unsupported page format %s"), $format));
        }
 
@@ -332,7 +353,7 @@ sub editcomment ($$) {
 
        my @page_types;
        if (exists $IkiWiki::hooks{htmlize}) {
 
        my @page_types;
        if (exists $IkiWiki::hooks{htmlize}) {
-               foreach my $key (grep { !/^_/ } keys %{$IkiWiki::hooks{htmlize}}) {
+               foreach my $key (grep { !/^_/ && isallowed($_) } keys %{$IkiWiki::hooks{htmlize}}) {
                        push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key];
                }
        }
                        push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key];
                }
        }
@@ -417,6 +438,16 @@ sub editcomment ($$) {
                        $page));
        }
 
                        $page));
        }
 
+       # There's no UI to get here, but someone might construct the URL,
+       # leading to a comment that exists in the repository but isn't
+       # shown
+       if (!pagespec_match($page, $config{comments_pagespec},
+               location => $page)) {
+               error(sprintf(gettext(
+                       "comments on page '%s' are not allowed"),
+                       $page));
+       }
+
        if (pagespec_match($page, $config{comments_closed_pagespec},
                location => $page)) {
                error(sprintf(gettext(
        if (pagespec_match($page, $config{comments_closed_pagespec},
                location => $page)) {
                error(sprintf(gettext(
@@ -437,16 +468,16 @@ sub editcomment ($$) {
                $username =~ s/"/"/g;
                $content .= " username=\"$username\"\n";
        }
                $username =~ s/"/"/g;
                $content .= " username=\"$username\"\n";
        }
+
        if (defined $session->param('nickname')) {
                my $nickname = $session->param('nickname');
                $nickname =~ s/"/"/g;
                $content .= " nickname=\"$nickname\"\n";
        }
        if (defined $session->param('nickname')) {
                my $nickname = $session->param('nickname');
                $nickname =~ s/"/"/g;
                $content .= " nickname=\"$nickname\"\n";
        }
-       elsif (defined $session->remote_addr()) {
-               my $ip = $session->remote_addr();
-               if ($ip =~ m/^([.0-9]+)$/) {
-                       $content .= " ip=\"$1\"\n";
-               }
+
+       if (!(defined $session->param('name') || defined $session->param('nickname')) &&
+               defined $session->remote_addr()) {
+               $content .= " ip=\"".$session->remote_addr()."\"\n";
        }
 
        if ($config{comments_allowauthor}) {
        }
 
        if ($config{comments_allowauthor}) {
@@ -538,8 +569,8 @@ sub editcomment ($$) {
                $postcomment=0;
 
                if (! $ok) {
                $postcomment=0;
 
                if (! $ok) {
-                       $location=unique_comment_location($page, $content, $config{srcdir}, "._comment_pending");
-                       writefile("$location._comment_pending", $config{srcdir}, $content);
+                       $location=unique_comment_location($page, $content, $IkiWiki::Plugin::transient::transientdir, "._comment_pending");
+                       writefile("$location._comment_pending", $IkiWiki::Plugin::transient::transientdir, $content);
 
                        # Refresh so anything that deals with pending
                        # comments can be updated.
 
                        # Refresh so anything that deals with pending
                        # comments can be updated.
@@ -664,10 +695,17 @@ sub commentmoderation ($$) {
                                }
 
                                my $page=IkiWiki::dirname($f);
                                }
 
                                my $page=IkiWiki::dirname($f);
-                               my $file="$config{srcdir}/$f";
+                               my $filedir=$IkiWiki::Plugin::transient::transientdir;
+                               my $file="$filedir/$f";
                                if (! -e $file) {
                                        # old location
                                if (! -e $file) {
                                        # old location
-                                       $file="$config{wikistatedir}/comments_pending/".$f;
+                                       $file="$config{srcdir}/$f";
+                                       $filedir=$config{srcdir};
+                                       if (! -e $file) {
+                                               # older location
+                                               $file="$config{wikistatedir}/comments_pending/".$f;
+                                               $filedir="$config{wikistatedir}/comments_pending";
+                                       }
                                }
 
                                if ($action eq 'Accept') {
                                }
 
                                if ($action eq 'Accept') {
@@ -682,7 +720,7 @@ sub commentmoderation ($$) {
                                }
 
                                require IkiWiki::Render;
                                }
 
                                require IkiWiki::Render;
-                               IkiWiki::prune($file);
+                               IkiWiki::prune($file, $filedir);
                        }
                }
 
                        }
                }
 
@@ -781,6 +819,8 @@ sub comments_pending () {
                chdir($origdir) || die "chdir $origdir: $!";
        };
        
                chdir($origdir) || die "chdir $origdir: $!";
        };
        
+       $find_comments->($IkiWiki::Plugin::transient::transientdir, "._comment_pending");
+       # old location
        $find_comments->($config{srcdir}, "._comment_pending");
        # old location
        $find_comments->("$config{wikistatedir}/comments_pending/",
        $find_comments->($config{srcdir}, "._comment_pending");
        # old location
        $find_comments->("$config{wikistatedir}/comments_pending/",