]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - IkiWiki/Plugin/comments.pm
po: report bug + test case + proposed fix
[git.ikiwiki.info.git] / IkiWiki / Plugin / comments.pm
index eaa924e517222656233ea7261d58b2f709c51f3b..edf5183a65afeff7ce1804ba69d3a3600e77ecd3 100644 (file)
@@ -126,7 +126,7 @@ sub htmlize {
 sub htmlize_pending {
        my %params = @_;
        return sprintf(gettext("this comment needs %s"),
 sub htmlize_pending {
        my %params = @_;
        return sprintf(gettext("this comment needs %s"),
-               '<a href="'.
+               '<a rel="nofollow" href="'.
                IkiWiki::cgiurl(do => "commentmoderation").'">'.
                gettext("moderation").'</a>');
 }
                IkiWiki::cgiurl(do => "commentmoderation").'">'.
                gettext("moderation").'</a>');
 }
@@ -265,7 +265,7 @@ sub preprocess {
                $pagestate{$page}{meta}{title} = decode_entities($params{subject});
        }
 
                $pagestate{$page}{meta}{title} = decode_entities($params{subject});
        }
 
-       if ($params{page} =~ m/\/\Q$config{comments_pagename}\E\d+_/) {
+       if ($params{page} =~ m/\/\Q$config{comments_pagename}\E\d+/) {
                $pagestate{$page}{meta}{permalink} = urlto(IkiWiki::dirname($params{page})).
                        "#".page_to_id($params{page});
        }
                $pagestate{$page}{meta}{permalink} = urlto(IkiWiki::dirname($params{page})).
                        "#".page_to_id($params{page});
        }
@@ -286,7 +286,7 @@ sub preprocess_moderation {
                unless defined $params{desc};
 
        if (length $config{cgiurl}) {
                unless defined $params{desc};
 
        if (length $config{cgiurl}) {
-               return '<a href="'.
+               return '<a rel="nofollow" href="'.
                        IkiWiki::cgiurl(do => 'commentmoderation').
                        '">'.$params{desc}.'</a>';
        }
                        IkiWiki::cgiurl(do => 'commentmoderation').
                        '">'.$params{desc}.'</a>';
        }
@@ -356,7 +356,8 @@ sub editcomment ($$) {
        my @page_types;
        if (exists $IkiWiki::hooks{htmlize}) {
                foreach my $key (grep { !/^_/ && isallowed($_) } keys %{$IkiWiki::hooks{htmlize}}) {
        my @page_types;
        if (exists $IkiWiki::hooks{htmlize}) {
                foreach my $key (grep { !/^_/ && isallowed($_) } keys %{$IkiWiki::hooks{htmlize}}) {
-                       push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key];
+                       push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key]
+                               unless $IkiWiki::hooks{htmlize}{$key}{nocreate};
                }
        }
        @page_types=sort @page_types;
                }
        }
        @page_types=sort @page_types;
@@ -466,7 +467,7 @@ sub editcomment ($$) {
        my $content = "[[!comment format=$type\n";
 
        if (defined $session->param('name')) {
        my $content = "[[!comment format=$type\n";
 
        if (defined $session->param('name')) {
-               my $username = $session->param('name');
+               my $username = IkiWiki::cloak($session->param('name'));
                $username =~ s/"/&quot;/g;
                $content .= " username=\"$username\"\n";
        }
                $username =~ s/"/&quot;/g;
                $content .= " username=\"$username\"\n";
        }
@@ -479,7 +480,7 @@ sub editcomment ($$) {
 
        if (!(defined $session->param('name') || defined $session->param('nickname')) &&
                defined $session->remote_addr()) {
 
        if (!(defined $session->param('name') || defined $session->param('nickname')) &&
                defined $session->remote_addr()) {
-               $content .= " ip=\"".$session->remote_addr()."\"\n";
+               $content .= " ip=\"".IkiWiki::cloak($session->remote_addr())."\"\n";
        }
 
        if ($config{comments_allowauthor}) {
        }
 
        if ($config{comments_allowauthor}) {
@@ -556,11 +557,12 @@ sub editcomment ($$) {
                }
                
                $postcomment=1;
                }
                
                $postcomment=1;
-               my $ok=IkiWiki::check_content(content => $form->field('editcontent'),
-                       subject => $form->field('subject'),
+               my $ok=IkiWiki::check_content(
+                       content => scalar $form->field('editcontent'),
+                       subject => scalar $form->field('subject'),
                        $config{comments_allowauthor} ? (
                        $config{comments_allowauthor} ? (
-                               author => $form->field('author'),
-                               url => $form->field('url'),
+                               author => scalar $form->field('author'),
+                               url => scalar $form->field('url'),
                        ) : (),
                        page => $location,
                        cgi => $cgi,
                        ) : (),
                        page => $location,
                        cgi => $cgi,
@@ -600,7 +602,7 @@ sub editcomment ($$) {
                                length $form->field('subject')) {
                                $message = sprintf(
                                        gettext("Added a comment: %s"),
                                length $form->field('subject')) {
                                $message = sprintf(
                                        gettext("Added a comment: %s"),
-                                       $form->field('subject'));
+                                       scalar $form->field('subject'));
                        }
 
                        IkiWiki::rcs_add($file);
                        }
 
                        IkiWiki::rcs_add($file);
@@ -919,16 +921,18 @@ sub pagetemplate (@) {
        }
 
        if ($shown) {
        }
 
        if ($shown) {
+               my $absolute = $template->param('wants_absolute_urls');
+
                if ($template->query(name => 'commentsurl')) {
                        $template->param(commentsurl =>
                if ($template->query(name => 'commentsurl')) {
                        $template->param(commentsurl =>
-                               urlto($page).'#comments');
+                               urlto($page, undef, $absolute).'#comments');
                }
 
                if ($template->query(name => 'atomcommentsurl') && $config{usedirs}) {
                        # This will 404 until there are some comments, but I
                        # think that's probably OK...
                        $template->param(atomcommentsurl =>
                }
 
                if ($template->query(name => 'atomcommentsurl') && $config{usedirs}) {
                        # This will 404 until there are some comments, but I
                        # think that's probably OK...
                        $template->param(atomcommentsurl =>
-                               urlto($page).'comments.atom');
+                               urlto($page, undef, $absolute).'comments.atom');
                }
 
                if ($template->query(name => 'commentslink')) {
                }
 
                if ($template->query(name => 'commentslink')) {
@@ -942,7 +946,7 @@ sub pagetemplate (@) {
                                );
                        }
                        elsif (commentsopen($page)) {
                                );
                        }
                        elsif (commentsopen($page)) {
-                               $link = "<a href=\"".addcommenturl($page)."\">".
+                               $link = "<a rel=\"nofollow\" href=\"".addcommenturl($page)."\">".
                                        #translators: Here "Comment" is a verb;
                                        #translators: the user clicks on it to
                                        #translators: post a comment.
                                        #translators: Here "Comment" is a verb;
                                        #translators: the user clicks on it to
                                        #translators: post a comment.