X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/49eabc676a170bfbd31ee51c27e02c20355554dc..1ef40ff68370aba85e9816221675a8edd7a308f5:/IkiWiki/Plugin/comments.pm

diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm
index 01ee481f5..c5177833f 100644
--- a/IkiWiki/Plugin/comments.pm
+++ b/IkiWiki/Plugin/comments.pm
@@ -7,173 +7,313 @@ package IkiWiki::Plugin::comments;
 
 use warnings;
 use strict;
-use IkiWiki 2.00;
+use IkiWiki 3.00;
+use Encode;
 
 use constant PREVIEW => "Preview";
 use constant POST_COMMENT => "Post comment";
 use constant CANCEL => "Cancel";
 
-sub import { #{{{
+my $postcomment;
+my %commentstate;
+
+sub import {
+	hook(type => "checkconfig", id => 'comments',  call => \&checkconfig);
 	hook(type => "getsetup", id => 'comments',  call => \&getsetup);
-	hook(type => "preprocess", id => 'comments', call => \&preprocess);
+	hook(type => "preprocess", id => 'comment', call => \&preprocess,
+		scan => 1);
+	hook(type => "preprocess", id => 'commentmoderation', call => \&preprocess_moderation);
+	# here for backwards compatability with old comments
+	hook(type => "preprocess", id => '_comment', call => \&preprocess);
 	hook(type => "sessioncgi", id => 'comment', call => \&sessioncgi);
 	hook(type => "htmlize", id => "_comment", call => \&htmlize);
+	hook(type => "htmlize", id => "_comment_pending",
+		call => \&htmlize_pending);
 	hook(type => "pagetemplate", id => "comments", call => \&pagetemplate);
+	hook(type => "formbuilder_setup", id => "comments",
+		call => \&formbuilder_setup);
+	# Load goto to fix up user page links for logged-in commenters
+	IkiWiki::loadplugin("goto");
 	IkiWiki::loadplugin("inline");
-	IkiWiki::loadplugin("mdwn");
-} # }}}
-
-sub htmlize { # {{{
-	eval q{use IkiWiki::Plugin::mdwn};
-	error($@) if ($@);
-	return IkiWiki::Plugin::mdwn::htmlize(@_)
-} # }}}
+	IkiWiki::loadplugin("transient");
+}
 
-sub getsetup () { #{{{
+sub getsetup () {
 	return
 		plugin => {
 			safe => 1,
 			rebuild => 1,
+			section => "web",
 		},
-		# Pages where comments are shown, but new comments are not
-		# allowed, will show "Comments are closed".
-		comments_shown_pagespec => {
+		comments_pagespec => {
 			type => 'pagespec',
-			example => 'blog/*',
-			default => '',
-			description => 'PageSpec for pages where comments will be shown inline',
+			example => 'blog/* and !*/Discussion',
+			description => 'PageSpec of pages where comments are allowed',
 			link => 'ikiwiki/PageSpec',
 			safe => 1,
 			rebuild => 1,
 		},
-		comments_open_pagespec => {
+		comments_closed_pagespec => {
 			type => 'pagespec',
-			example => 'blog/* and created_after(close_old_comments)',
-			default => '',
-			description => 'PageSpec for pages where new comments can be posted',
+			example => 'blog/controversial or blog/flamewar',
+			description => 'PageSpec of pages where posting new comments is not allowed',
 			link => 'ikiwiki/PageSpec',
 			safe => 1,
 			rebuild => 1,
 		},
 		comments_pagename => {
 			type => 'string',
-			example => 'comment_',
 			default => 'comment_',
 			description => 'Base name for comments, e.g. "comment_" for pages like "sandbox/comment_12"',
-			safe => 0, # manual page moving will required
+			safe => 0, # manual page moving required
 			rebuild => undef,
 		},
 		comments_allowdirectives => {
 			type => 'boolean',
-			default => 0,
 			example => 0,
-			description => 'Allow directives in newly posted comments?',
+			description => 'Interpret directives in comments?',
+			safe => 1,
+			rebuild => 0,
+		},
+		comments_allowauthor => {
+			type => 'boolean',
+			example => 0,
+			description => 'Allow anonymous commenters to set an author name?',
 			safe => 1,
 			rebuild => 0,
 		},
 		comments_commit => {
 			type => 'boolean',
 			example => 1,
-			default => 1,
 			description => 'commit comments to the VCS',
 			# old uncommitted comments are likely to cause
 			# confusion if this is changed
 			safe => 0,
 			rebuild => 0,
 		},
-} #}}}
+		comments_allowformats => {
+			type => 'string',
+			default => '',
+			example => 'mdwn txt',
+			description => 'Restrict formats for comments to (no restriction if empty)',
+			safe => 1,
+			rebuild => 0,
+		},
 
-# Somewhat based on IkiWiki::Plugin::inline blog posting support
-sub preprocess (@) { #{{{
-	my %params=@_;
+}
+
+sub checkconfig () {
+	$config{comments_commit} = 1
+		unless defined $config{comments_commit};
+	if (! $config{comments_commit}) {
+		$config{only_committed_changes}=0;
+	}
+	$config{comments_pagespec} = ''
+		unless defined $config{comments_pagespec};
+	$config{comments_closed_pagespec} = ''
+		unless defined $config{comments_closed_pagespec};
+	$config{comments_pagename} = 'comment_'
+		unless defined $config{comments_pagename};
+	$config{comments_allowformats} = ''
+		unless defined $config{comments_allowformats};
+}
+
+sub htmlize {
+	my %params = @_;
+	return $params{content};
+}
+
+sub htmlize_pending {
+	my %params = @_;
+	return sprintf(gettext("this comment needs %s"),
+		'<a href="'.
+		IkiWiki::cgiurl(do => "commentmoderation").'">'.
+		gettext("moderation").'</a>');
+}
+
+# FIXME: copied verbatim from meta
+sub safeurl ($) {
+	my $url=shift;
+	if (exists $IkiWiki::Plugin::htmlscrubber::{safe_url_regexp} &&
+	    defined $IkiWiki::Plugin::htmlscrubber::safe_url_regexp) {
+		return $url=~/$IkiWiki::Plugin::htmlscrubber::safe_url_regexp/;
+	}
+	else {
+		return 1;
+	}
+}
 
-	return "";
+sub isallowed ($) {
+    my $format = shift;
+    return ! $config{comments_allowformats} || $config{comments_allowformats} =~ /\b$format\b/;
+}
 
+sub preprocess {
+	my %params = @_;
 	my $page = $params{page};
-	$pagestate{$page}{comments}{comments} = defined $params{closed}
-		? (not IkiWiki::yesno($params{closed}))
-		: 1;
-	$pagestate{$page}{comments}{allowdirectives} = IkiWiki::yesno($params{allowdirectives});
-	$pagestate{$page}{comments}{commit} = defined $params{commit}
-		? IkiWiki::yesno($params{commit})
-		: 1;
-
-	my $formtemplate = IkiWiki::template("comments_embed.tmpl",
-		blind_cache => 1);
-	$formtemplate->param(cgiurl => $config{cgiurl});
-	$formtemplate->param(page => $params{page});
-
-	if (not $pagestate{$page}{comments}{comments}) {
-		$formtemplate->param("disabled" =>
-			gettext('comments are closed'));
-	}
-	elsif ($params{preview}) {
-		$formtemplate->param("disabled" =>
-			gettext('not available during Preview'));
-	}
-
-	debug("page $params{page} => destpage $params{destpage}");
-
-	unless (defined $params{inline} && !IkiWiki::yesno($params{inline})) {
-		my $posts = '';
-		eval q{use IkiWiki::Plugin::inline};
-		error($@) if ($@);
-		my @args = (
-			pages => "internal($params{page}/_comment_*)",
-			template => "comments_display",
-			show => 0,
-			reverse => "yes",
-			# special stuff passed through
-			page => $params{page},
-			destpage => $params{destpage},
-			preview => $params{preview},
-		);
-		push @args, atom => $params{atom} if defined $params{atom};
-		push @args, rss => $params{rss} if defined $params{rss};
-		push @args, feeds => $params{feeds} if defined $params{feeds};
-		push @args, feedshow => $params{feedshow} if defined $params{feedshow};
-		push @args, timeformat => $params{timeformat} if defined $params{timeformat};
-		push @args, feedonly => $params{feedonly} if defined $params{feedonly};
-		$posts = IkiWiki::preprocess_inline(@args);
-		$formtemplate->param("comments" => $posts);
-	}
-
-	return $formtemplate->output;
-} # }}}
-
-# FIXME: logic taken from editpage, should be common code?
-sub getcgiuser ($) { # {{{
-	my $session = shift;
-	my $user = $session->param('name');
-	$user = $ENV{REMOTE_ADDR} unless defined $user;
-	debug("getcgiuser() -> $user");
-	return $user;
-} # }}}
-
-# FIXME: logic adapted from recentchanges, should be common code?
-# returns (author URL, pretty-printed version)
-sub linkuser ($) { # {{{
-	my $user = shift;
-	my $oiduser = eval { IkiWiki::openiduser($user) };
-
-	if (defined $oiduser) {
-		return ($user, $oiduser);
+
+	my $format = $params{format};
+	if (defined $format && (! exists $IkiWiki::hooks{htmlize}{$format} ||
+				! isallowed($format))) {
+		error(sprintf(gettext("unsupported page format %s"), $format));
+	}
+
+	my $content = $params{content};
+	if (! defined $content) {
+		error(gettext("comment must have content"));
+	}
+	$content =~ s/\\"/"/g;
+
+	if (defined wantarray) {
+		if ($config{comments_allowdirectives}) {
+			$content = IkiWiki::preprocess($page, $params{destpage},
+				$content);
+		}
+
+		# no need to bother with htmlize if it's just HTML
+		$content = IkiWiki::htmlize($page, $params{destpage}, $format, $content)
+			if defined $format;
+
+		IkiWiki::run_hooks(sanitize => sub {
+			$content = shift->(
+				page => $page,
+				destpage => $params{destpage},
+				content => $content,
+			);
+		});
 	}
 	else {
-		my $page = bestlink('', (length $config{userdir}
-				? "$config{userdir}/"
-				: "").$user);
-		return (urlto($page, undef, 1), $user);
+		IkiWiki::preprocess($page, $params{destpage}, $content, 1);
 	}
-} # }}}
 
-# Mostly cargo-culted from IkiWiki::plugin::editpage
-sub sessioncgi ($$) { #{{{
+	# set metadata, possibly overriding [[!meta]] directives from the
+	# comment itself
+
+	my $commentuser;
+	my $commentip;
+	my $commentauthor;
+	my $commentauthorurl;
+	my $commentopenid;
+	if (defined $params{username}) {
+		$commentuser = $params{username};
+
+		my $oiduser = eval { IkiWiki::openiduser($commentuser) };
+
+		if (defined $oiduser) {
+			# looks like an OpenID
+			$commentauthorurl = $commentuser;
+			$commentauthor = (defined $params{nickname} && length $params{nickname}) ? $params{nickname} : $oiduser;
+			$commentopenid = $commentuser;
+		}
+		else {
+			$commentauthorurl = IkiWiki::cgiurl(
+				do => 'goto',
+				page => IkiWiki::userpage($commentuser)
+			);
+
+			$commentauthor = $commentuser;
+		}
+	}
+	else {
+		if (defined $params{ip}) {
+			$commentip = $params{ip};
+		}
+		$commentauthor = gettext("Anonymous");
+	}
+
+	$commentstate{$page}{commentuser} = $commentuser;
+	$commentstate{$page}{commentopenid} = $commentopenid;
+	$commentstate{$page}{commentip} = $commentip;
+	$commentstate{$page}{commentauthor} = $commentauthor;
+	$commentstate{$page}{commentauthorurl} = $commentauthorurl;
+	$commentstate{$page}{commentauthoravatar} = $params{avatar};
+	if (! defined $pagestate{$page}{meta}{author}) {
+		$pagestate{$page}{meta}{author} = $commentauthor;
+	}
+	if (! defined $pagestate{$page}{meta}{authorurl}) {
+		$pagestate{$page}{meta}{authorurl} = $commentauthorurl;
+	}
+
+	if ($config{comments_allowauthor}) {
+		if (defined $params{claimedauthor}) {
+			$pagestate{$page}{meta}{author} = $params{claimedauthor};
+		}
+
+		if (defined $params{url}) {
+			my $url=$params{url};
+
+			eval q{use URI::Heuristic}; 
+			if (! $@) {
+				$url=URI::Heuristic::uf_uristr($url);
+			}
+
+			if (safeurl($url)) {
+				$pagestate{$page}{meta}{authorurl} = $url;
+			}
+		}
+	}
+	else {
+		$pagestate{$page}{meta}{author} = $commentauthor;
+		$pagestate{$page}{meta}{authorurl} = $commentauthorurl;
+	}
+
+	if (defined $params{subject}) {
+		# decode title the same way meta does
+		eval q{use HTML::Entities};
+		$pagestate{$page}{meta}{title} = decode_entities($params{subject});
+	}
+
+	if ($params{page} =~ m/\/\Q$config{comments_pagename}\E\d+_/) {
+		$pagestate{$page}{meta}{permalink} = urlto(IkiWiki::dirname($params{page})).
+			"#".page_to_id($params{page});
+	}
+
+	eval q{use Date::Parse};
+	if (! $@) {
+		my $time = str2time($params{date});
+		$IkiWiki::pagectime{$page} = $time if defined $time;
+	}
+
+	return $content;
+}
+
+sub preprocess_moderation {
+	my %params = @_;
+
+	$params{desc}=gettext("Comment Moderation")
+		unless defined $params{desc};
+
+	if (length $config{cgiurl}) {
+		return '<a href="'.
+			IkiWiki::cgiurl(do => 'commentmoderation').
+			'">'.$params{desc}.'</a>';
+	}
+	else {
+		return $params{desc};
+	}
+}
+
+sub sessioncgi ($$) {
 	my $cgi=shift;
 	my $session=shift;
 
 	my $do = $cgi->param('do');
-	return unless $do eq 'comment';
+	if ($do eq 'comment') {
+		editcomment($cgi, $session);
+	}
+	elsif ($do eq 'commentmoderation') {
+		commentmoderation($cgi, $session);
+	}
+	elsif ($do eq 'commentsignin') {
+		IkiWiki::cgi_signin($cgi, $session);
+		exit;
+	}
+}
+
+# Mostly cargo-culted from IkiWiki::plugin::editpage
+sub editcomment ($$) {
+	my $cgi=shift;
+	my $session=shift;
 
 	IkiWiki::decode_cgi_utf8($cgi);
 
@@ -182,18 +322,17 @@ sub sessioncgi ($$) { #{{{
 
 	my @buttons = (POST_COMMENT, PREVIEW, CANCEL);
 	my $form = CGI::FormBuilder->new(
-		fields => [qw{do sid page subject body}],
+		fields => [qw{do sid page subject editcontent type author
+			email url subscribe anonsubscribe}],
 		charset => 'utf-8',
 		method => 'POST',
-		required => [qw{body}],
+		required => [qw{editcontent}],
 		javascript => 0,
 		params => $cgi,
-		action => $config{cgiurl},
+		action => IkiWiki::cgiurl(),
 		header => 0,
 		table => 0,
-		template => scalar IkiWiki::template_params('comments_form.tmpl'),
-		# wtf does this do in editpage?
-		wikiname => $config{wikiname},
+		template => { template('editcomment.tmpl') },
 	);
 
 	IkiWiki::decode_form_utf8($form);
@@ -203,44 +342,93 @@ sub sessioncgi ($$) { #{{{
 		});
 	IkiWiki::decode_form_utf8($form);
 
+	my $type = $form->param('type');
+	if (defined $type && length $type && $IkiWiki::hooks{htmlize}{$type}) {
+		$type = IkiWiki::possibly_foolish_untaint($type);
+	}
+	else {
+		$type = $config{default_pageext};
+	}
+
+
+	my @page_types;
+	if (exists $IkiWiki::hooks{htmlize}) {
+		foreach my $key (grep { !/^_/ && isallowed($_) } keys %{$IkiWiki::hooks{htmlize}}) {
+			push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key];
+		}
+	}
+	@page_types=sort @page_types;
+
 	$form->field(name => 'do', type => 'hidden');
 	$form->field(name => 'sid', type => 'hidden', value => $session->id,
 		force => 1);
 	$form->field(name => 'page', type => 'hidden');
 	$form->field(name => 'subject', type => 'text', size => 72);
-	$form->field(name => 'body', type => 'textarea', rows => 5,
-		cols => 80);
+	$form->field(name => 'editcontent', type => 'textarea', rows => 10);
+	$form->field(name => "type", value => $type, force => 1,
+		type => 'select', options => \@page_types);
+
+	my $username=$session->param('name');
+	$form->tmpl_param(username => $username);
+		
+	$form->field(name => "subscribe", type => 'hidden');
+	$form->field(name => "anonsubscribe", type => 'hidden');
+	if (IkiWiki::Plugin::notifyemail->can("subscribe")) {
+		if (defined $username) {
+			$form->field(name => "subscribe", type => "checkbox",
+				options => [gettext("email replies to me")]);
+		}
+		elsif (IkiWiki::Plugin::passwordauth->can("anonuser")) {
+			$form->field(name => "anonsubscribe", type => "checkbox",
+				options => [gettext("email replies to me")]);
+		}
+	}
+
+	if ($config{comments_allowauthor} and
+	    ! defined $session->param('name')) {
+		$form->tmpl_param(allowauthor => 1);
+		$form->field(name => 'author', type => 'text', size => '40');
+		$form->field(name => 'email', type => 'text', size => '40');
+		$form->field(name => 'url', type => 'text', size => '40');
+	}
+	else {
+		$form->tmpl_param(allowauthor => 0);
+		$form->field(name => 'author', type => 'hidden', value => '',
+			force => 1);
+		$form->field(name => 'email', type => 'hidden', value => '',
+			force => 1);
+		$form->field(name => 'url', type => 'hidden', value => '',
+			force => 1);
+	}
+
+	if (! defined $session->param('name')) {
+		# Make signinurl work and return here.
+		$form->tmpl_param(signinurl => IkiWiki::cgiurl(do => 'commentsignin'));
+		$session->param(postsignin => $ENV{QUERY_STRING});
+		IkiWiki::cgi_savesession($session);
+	}
 
 	# The untaint is OK (as in editpage) because we're about to pass
-	# it to file_pruned anyway
-	my $page = $form->field('page');
+	# it to file_pruned and wiki_file_regexp anyway.
+	my ($page) = $form->field('page')=~/$config{wiki_file_regexp}/;
 	$page = IkiWiki::possibly_foolish_untaint($page);
-	if (!defined $page || !length $page ||
-		IkiWiki::file_pruned($page, $config{srcdir})) {
+	if (! defined $page || ! length $page ||
+		IkiWiki::file_pruned($page)) {
 		error(gettext("bad page name"));
 	}
 
-	my $allow_directives = $config{comments_allowdirectives};
-	my $commit_comments = $config{comments_commit};
-	my $comments_pagename = $config{comments_pagename};
-
-	# FIXME: is this right? Or should we be using the candidate subpage
-	# (whatever that might mean) as the base URL?
-	my $baseurl = urlto($page, undef, 1);
-
 	$form->title(sprintf(gettext("commenting on %s"),
-			IkiWiki::pagetitle($page)));
+			IkiWiki::pagetitle(IkiWiki::basename($page))));
 
 	$form->tmpl_param('helponformattinglink',
 		htmllink($page, $page, 'ikiwiki/formatting',
 			noimageinline => 1,
 			linktext => 'FormattingHelp'),
-			allowdirectives => $allow_directives);
+			allowdirectives => $config{allow_directives});
 
 	if ($form->submitted eq CANCEL) {
 		# bounce back to the page they wanted to comment on, and exit.
-		# CANCEL need not be considered in future
-		IkiWiki::redirect($cgi, urlto($page, undef, 1));
+		IkiWiki::redirect($cgi, urlto($page));
 		exit;
 	}
 
@@ -250,67 +438,86 @@ sub sessioncgi ($$) { #{{{
 			$page));
 	}
 
-	if (not pagespec_match($page, $config{comments_open_pagespec},
+	# There's no UI to get here, but someone might construct the URL,
+	# leading to a comment that exists in the repository but isn't
+	# shown
+	if (!pagespec_match($page, $config{comments_pagespec},
+		location => $page)) {
+		error(sprintf(gettext(
+			"comments on page '%s' are not allowed"),
+			$page));
+	}
+
+	if (pagespec_match($page, $config{comments_closed_pagespec},
 		location => $page)) {
 		error(sprintf(gettext(
 			"comments on page '%s' are closed"),
 			$page));
 	}
 
-	IkiWiki::checksessionexpiry($session, $cgi->param('sid'));
-	IkiWiki::check_canedit($page . "[postcomment]", $cgi, $session);
+	# Set a flag to indicate that we're posting a comment,
+	# so that postcomment() can tell it should match.
+	$postcomment=1;
+	IkiWiki::check_canedit($page, $cgi, $session);
+	$postcomment=0;
 
-	my ($authorurl, $author) = linkuser(getcgiuser($session));
+	my $content = "[[!comment format=$type\n";
 
-	my $body = $form->field('body') || '';
-	$body =~ s/\r\n/\n/g;
-	$body =~ s/\r/\n/g;
-	$body .= "\n" if $body !~ /\n$/;
+	if (defined $session->param('name')) {
+		my $username = $session->param('name');
+		$username =~ s/"/&quot;/g;
+		$content .= " username=\"$username\"\n";
+	}
 
-	unless ($allow_directives) {
-		# don't allow new-style directives at all
-		$body =~ s/(^|[^\\])\[\[!/$1&#91;&#91;!/g;
+	if (defined $session->param('nickname')) {
+		my $nickname = $session->param('nickname');
+		$nickname =~ s/"/&quot;/g;
+		$content .= " nickname=\"$nickname\"\n";
+	}
 
-		# don't allow [[ unless it begins an old-style
-		# wikilink, if prefix_directives is off
-		$body =~ s/(^|[^\\])\[\[(?![^\n\s\]+]\]\])/$1&#91;&#91;!/g
-			unless $config{prefix_directives};
+	if (!(defined $session->param('name') || defined $session->param('nickname')) &&
+		defined $session->remote_addr()) {
+		$content .= " ip=\"".$session->remote_addr()."\"\n";
 	}
 
-	# FIXME: check that the wiki is locked right now, because
-	# if it's not, there are mad race conditions!
+	if ($config{comments_allowauthor}) {
+		my $author = $form->field('author');
+		if (defined $author && length $author) {
+			$author =~ s/"/&quot;/g;
+			$content .= " claimedauthor=\"$author\"\n";
+		}
+		my $url = $form->field('url');
+		if (defined $url && length $url) {
+			$url =~ s/"/&quot;/g;
+			$content .= " url=\"$url\"\n";
+		}
+	}
 
-	# FIXME: rather a simplistic way to make the comments...
-	my $i = 0;
-	my $file;
-	my $location;
-	do {
-		$i++;
-		$location = "$page/${comments_pagename}${i}";
-	} while (-e "$config{srcdir}/$location._comment");
+	my $avatar=getavatar($session->param('name'));
+	if (defined $avatar && length $avatar) {
+		$avatar =~ s/"/&quot;/g;
+		$content .= " avatar=\"$avatar\"\n";
+	}
 
-	my $anchor = "${comments_pagename}${i}";
+	my $subject = $form->field('subject');
+	if (defined $subject && length $subject) {
+		$subject =~ s/"/&quot;/g;
+	}
+	else {
+		$subject = "comment ".(num_comments($page, $config{srcdir}) + 1);
+	}
+	$content .= " subject=\"$subject\"\n";
 
-	IkiWiki::run_hooks(sanitize => sub {
-		$body=shift->(
-			page => $location,
-			destpage => $location,
-			content => $body,
-		);
-	});
+	$content .= " date=\"" . strftime_utf8('%Y-%m-%dT%H:%M:%SZ', gmtime) . "\"\n";
 
-	# In this template, the [[!meta]] directives should stay at the end,
-	# so that they will override anything the user specifies. (For
-	# instance, [[!meta author="I can fake the author"]]...)
-	my $content_tmpl = template('comments_comment.tmpl');
-	$content_tmpl->param(author => $author);
-	$content_tmpl->param(authorurl => $authorurl);
-	$content_tmpl->param(subject => $form->field('subject'));
-	$content_tmpl->param(body => $body);
-	$content_tmpl->param(anchor => "$anchor");
-	$content_tmpl->param(permalink => "$baseurl#$anchor");
+	my $editcontent = $form->field('editcontent');
+	$editcontent="" if ! defined $editcontent;
+	$editcontent =~ s/\r\n/\n/g;
+	$editcontent =~ s/\r/\n/g;
+	$editcontent =~ s/"/\\"/g;
+	$content .= " content=\"\"\"\n$editcontent\n\"\"\"]]\n";
 
-	my $content = $content_tmpl->output;
+	my $location=unique_comment_location($page, $content, $config{srcdir});
 
 	# This is essentially a simplified version of editpage:
 	# - the user does not control the page that's created, only the parent
@@ -319,40 +526,74 @@ sub sessioncgi ($$) { #{{{
 	# - this means that if they do, rocks fall and everyone dies
 
 	if ($form->submitted eq PREVIEW) {
-		my $preview = IkiWiki::htmlize($location, $page, 'mdwn',
-				IkiWiki::linkify($page, $page,
-					IkiWiki::preprocess($page, $page,
-						IkiWiki::filter($location,
-							$page, $content),
-						0, 1)));
+		my $preview=previewcomment($content, $location, $page, time);
 		IkiWiki::run_hooks(format => sub {
-				$preview = shift->(page => $page,
-					content => $preview);
-			});
-
-		my $template = template("comments_display.tmpl");
-		$template->param(content => $preview);
-		$template->param(title => $form->field('subject'));
-		$template->param(ctime => displaytime(time));
-		$template->param(author => $author);
-		$template->param(authorurl => $authorurl);
-
-		$form->tmpl_param(page_preview => $template->output);
+			$preview = shift->(page => $page,
+				content => $preview);
+		});
+		$form->tmpl_param(page_preview => $preview);
 	}
 	else {
 		$form->tmpl_param(page_preview => "");
 	}
 
 	if ($form->submitted eq POST_COMMENT && $form->validate) {
-		my $file = "$location._comment";
+		IkiWiki::checksessionexpiry($cgi, $session);
+
+		if (IkiWiki::Plugin::notifyemail->can("subscribe")) {
+			my $subspec="comment($page)";
+			if (defined $username &&
+			    length $form->field("subscribe")) {
+				IkiWiki::Plugin::notifyemail::subscribe(
+					$username, $subspec);
+			}
+			elsif (length $form->field("email") &&
+			       length $form->field("anonsubscribe")) {
+				IkiWiki::Plugin::notifyemail::anonsubscribe(
+					$form->field("email"), $subspec);
+			}
+		}
+		
+		$postcomment=1;
+		my $ok=IkiWiki::check_content(content => $form->field('editcontent'),
+			subject => $form->field('subject'),
+			$config{comments_allowauthor} ? (
+				author => $form->field('author'),
+				url => $form->field('url'),
+			) : (),
+			page => $location,
+			cgi => $cgi,
+			session => $session,
+			nonfatal => 1,
+		);
+		$postcomment=0;
+
+		if (! $ok) {
+			$location=unique_comment_location($page, $content, $IkiWiki::Plugin::transient::transientdir, "._comment_pending");
+			writefile("$location._comment_pending", $IkiWiki::Plugin::transient::transientdir, $content);
+
+			# Refresh so anything that deals with pending
+			# comments can be updated.
+			require IkiWiki::Render;
+			IkiWiki::refresh();
+			IkiWiki::saveindex();
+
+			IkiWiki::printheader($session);
+			print IkiWiki::cgitemplate($cgi, gettext(gettext("comment stored for moderation")),
+				"<p>".
+				gettext("Your comment will be posted after moderator review").
+				"</p>");
+			exit;
+		}
 
 		# FIXME: could probably do some sort of graceful retry
 		# on error? Would require significant unwinding though
+		my $file = "$location._comment";
 		writefile($file, $config{srcdir}, $content);
 
 		my $conflict;
 
-		if ($config{rcs} and $commit_comments) {
+		if ($config{rcs} and $config{comments_commit}) {
 			my $message = gettext("Added a comment");
 			if (defined $form->field('subject') &&
 				length $form->field('subject')) {
@@ -363,8 +604,10 @@ sub sessioncgi ($$) { #{{{
 
 			IkiWiki::rcs_add($file);
 			IkiWiki::disable_commit_hook();
-			$conflict = IkiWiki::rcs_commit_staged($message,
-				$session->param('name'), $ENV{REMOTE_ADDR});
+			$conflict = IkiWiki::rcs_commit_staged(
+				message => $message,
+				session => $session,
+			);
 			IkiWiki::enable_commit_hook();
 			IkiWiki::rcs_update();
 		}
@@ -378,43 +621,471 @@ sub sessioncgi ($$) { #{{{
 		# breaks it or something
 		error($conflict) if defined $conflict;
 
-		# Bounce back to where we were, but defeat broken caches
-		my $anticache = "?updated=$page/${comments_pagename}${i}";
-		IkiWiki::redirect($cgi, urlto($page, undef, 1).$anticache);
+		# Jump to the new comment on the page.
+		# The trailing question mark tries to avoid broken
+		# caches and get the most recent version of the page.
+		IkiWiki::redirect($cgi, urlto($page).
+			"?updated#".page_to_id($location));
+
 	}
 	else {
-		IkiWiki::showform ($form, \@buttons, $session, $cgi,
-			forcebaseurl => $baseurl);
+		IkiWiki::showform($form, \@buttons, $session, $cgi,
+			page => $page);
 	}
 
 	exit;
-} #}}}
+}
+
+sub getavatar ($) {
+	my $user=shift;
+	return undef unless defined $user;
+
+	my $avatar;
+	eval q{use Libravatar::URL};
+	if (! $@) {
+		my $oiduser = eval { IkiWiki::openiduser($user) };
+		my $https=defined $config{url} && $config{url}=~/^https:/;
+
+		if (defined $oiduser) {
+			eval {
+				$avatar = libravatar_url(openid => $user, https => $https);
+			}
+		}
+		if (! defined $avatar &&
+		    (my $email = IkiWiki::userinfo_get($user, 'email'))) {
+			eval {
+				$avatar = libravatar_url(email => $email, https => $https);
+			}
+		}
+	}
+	return $avatar;
+}
 
-sub pagetemplate (@) { #{{{
+
+sub commentmoderation ($$) {
+	my $cgi=shift;
+	my $session=shift;
+
+	IkiWiki::needsignin($cgi, $session);
+	if (! IkiWiki::is_admin($session->param("name"))) {
+		error(gettext("you are not logged in as an admin"));
+	}
+
+	IkiWiki::decode_cgi_utf8($cgi);
+	
+	if (defined $cgi->param('sid')) {
+		IkiWiki::checksessionexpiry($cgi, $session);
+
+		my $rejectalldefer=$cgi->param('rejectalldefer');
+
+		my %vars=$cgi->Vars;
+		my $added=0;
+		foreach my $id (keys %vars) {
+			if ($id =~ /(.*)\._comment(?:_pending)?$/) {
+				$id=decode_utf8($id);
+				my $action=$cgi->param($id);
+				next if $action eq 'Defer' && ! $rejectalldefer;
+
+				# Make sure that the id is of a legal
+				# pending comment.
+				my ($f) = $id =~ /$config{wiki_file_regexp}/;
+				if (! defined $f || ! length $f ||
+				    IkiWiki::file_pruned($f)) {
+					error("illegal file");
+				}
+
+				my $page=IkiWiki::dirname($f);
+				my $filedir=$IkiWiki::Plugin::transient::transientdir;
+				my $file="$filedir/$f";
+				if (! -e $file) {
+					# old location
+					$file="$config{srcdir}/$f";
+					$filedir=$config{srcdir};
+					if (! -e $file) {
+						# older location
+						$file="$config{wikistatedir}/comments_pending/".$f;
+						$filedir="$config{wikistatedir}/comments_pending";
+					}
+				}
+
+				if ($action eq 'Accept') {
+					my $content=eval { readfile($file) };
+					next if $@; # file vanished since form was displayed
+					my $dest=unique_comment_location($page, $content, $config{srcdir})."._comment";
+					writefile($dest, $config{srcdir}, $content);
+					if ($config{rcs} and $config{comments_commit}) {
+						IkiWiki::rcs_add($dest);
+					}
+					$added++;
+				}
+
+				require IkiWiki::Render;
+				IkiWiki::prune($file, $filedir);
+			}
+		}
+
+		if ($added) {
+			my $conflict;
+			if ($config{rcs} and $config{comments_commit}) {
+				my $message = gettext("Comment moderation");
+				IkiWiki::disable_commit_hook();
+				$conflict=IkiWiki::rcs_commit_staged(
+					message => $message,
+					session => $session,
+				);
+				IkiWiki::enable_commit_hook();
+				IkiWiki::rcs_update();
+			}
+		
+			# Now we need a refresh
+			require IkiWiki::Render;
+			IkiWiki::refresh();
+			IkiWiki::saveindex();
+		
+			error($conflict) if defined $conflict;
+		}
+	}
+
+	my @comments=map {
+		my ($id, $dir, $ctime)=@{$_};
+		my $content=readfile("$dir/$id");
+		my $preview=previewcomment($content, $id,
+			$id, $ctime);
+		{
+			id => $id,
+			view => $preview,
+		}
+	} sort { $b->[2] <=> $a->[2] } comments_pending();
+
+	my $template=template("commentmoderation.tmpl");
+	$template->param(
+		sid => $session->id,
+		comments => \@comments,
+		cgiurl => IkiWiki::cgiurl(),
+	);
+	IkiWiki::printheader($session);
+	my $out=$template->output;
+	IkiWiki::run_hooks(format => sub {
+		$out = shift->(page => "", content => $out);
+	});
+	print IkiWiki::cgitemplate($cgi, gettext("comment moderation"), $out);
+	exit;
+}
+
+sub formbuilder_setup (@) {
+	my %params=@_;
+
+	my $form=$params{form};
+	if ($form->title eq "preferences" &&
+	    IkiWiki::is_admin($params{session}->param("name"))) {
+		push @{$params{buttons}}, "Comment Moderation";
+		if ($form->submitted && $form->submitted eq "Comment Moderation") {
+			commentmoderation($params{cgi}, $params{session});
+		}
+	}
+}
+
+sub comments_pending () {
+	my @ret;
+
+	eval q{use File::Find};
+	error($@) if $@;
+	eval q{use Cwd};
+	error($@) if $@;
+	my $origdir=getcwd();
+
+	my $find_comments=sub {
+		my $dir=shift;
+		my $extension=shift;
+		return unless -d $dir;
+
+		chdir($dir) || die "chdir $dir: $!";
+
+		find({
+			no_chdir => 1,
+			wanted => sub {
+				my $file=decode_utf8($_);
+				$file=~s/^\.\///;
+				return if ! length $file || IkiWiki::file_pruned($file)
+					|| -l $_ || -d _ || $file !~ /\Q$extension\E$/;
+				my ($f) = $file =~ /$config{wiki_file_regexp}/; # untaint
+				if (defined $f) {
+					my $ctime=(stat($_))[10];
+					push @ret, [$f, $dir, $ctime];
+				}
+			}
+		}, ".");
+
+		chdir($origdir) || die "chdir $origdir: $!";
+	};
+	
+	$find_comments->($IkiWiki::Plugin::transient::transientdir, "._comment_pending");
+	# old location
+	$find_comments->($config{srcdir}, "._comment_pending");
+	# old location
+	$find_comments->("$config{wikistatedir}/comments_pending/",
+		"._comment");
+
+	return @ret;
+}
+
+sub previewcomment ($$$) {
+	my $content=shift;
+	my $location=shift;
+	my $page=shift;
+	my $time=shift;
+
+	# Previewing a comment should implicitly enable comment posting mode.
+	my $oldpostcomment=$postcomment;
+	$postcomment=1;
+
+	my $preview = IkiWiki::htmlize($location, $page, '_comment',
+			IkiWiki::linkify($location, $page,
+			IkiWiki::preprocess($location, $page,
+			IkiWiki::filter($location, $page, $content), 0, 1)));
+
+	my $template = template("comment.tmpl");
+	$template->param(content => $preview);
+	$template->param(ctime => displaytime($time, undef, 1));
+	$template->param(html5 => $config{html5});
+
+	IkiWiki::run_hooks(pagetemplate => sub {
+		shift->(page => $location,
+			destpage => $page,
+			template => $template);
+	});
+
+	$template->param(have_actions => 0);
+
+	$postcomment=$oldpostcomment;
+
+	return $template->output;
+}
+
+sub commentsshown ($) {
+	my $page=shift;
+
+	return pagespec_match($page, $config{comments_pagespec},
+		location => $page);
+}
+
+sub commentsopen ($) {
+	my $page = shift;
+
+	return length $config{cgiurl} > 0 &&
+	       (! length $config{comments_closed_pagespec} ||
+	        ! pagespec_match($page, $config{comments_closed_pagespec},
+	                         location => $page));
+}
+
+sub pagetemplate (@) {
 	my %params = @_;
 
 	my $page = $params{page};
 	my $template = $params{template};
+	my $shown = ($template->query(name => 'commentslink') ||
+	             $template->query(name => 'commentsurl') ||
+	             $template->query(name => 'atomcommentsurl') ||
+	             $template->query(name => 'comments')) &&
+	            commentsshown($page);
 
 	if ($template->query(name => 'comments')) {
 		my $comments = undef;
+		if ($shown) {
+			$comments = IkiWiki::preprocess_inline(
+				pages => "comment($page) and !comment($page/*)",
+				template => 'comment',
+				show => 0,
+				reverse => 'yes',
+				page => $page,
+				destpage => $params{destpage},
+				feedfile => 'comments',
+				emptyfeeds => 'no',
+			);
+		}
 
 		if (defined $comments && length $comments) {
-			$template->param(name => $comments);
+			$template->param(comments => $comments);
 		}
+
+		if ($shown && commentsopen($page)) {
+			$template->param(addcommenturl => addcommenturl($page));
+		}
+	}
+
+	if ($shown) {
+		if ($template->query(name => 'commentsurl')) {
+			$template->param(commentsurl =>
+				urlto($page).'#comments');
+		}
+
+		if ($template->query(name => 'atomcommentsurl') && $config{usedirs}) {
+			# This will 404 until there are some comments, but I
+			# think that's probably OK...
+			$template->param(atomcommentsurl =>
+				urlto($page).'comments.atom');
+		}
+
+		if ($template->query(name => 'commentslink')) {
+			my $num=num_comments($page, $config{srcdir});
+			my $link;
+			if ($num > 0) {
+				$link = htmllink($page, $params{destpage}, $page,
+					linktext => sprintf(ngettext("%i comment", "%i comments", $num), $num),
+					anchor => "comments",
+					noimageinline => 1
+				);
+			}
+			elsif (commentsopen($page)) {
+				$link = "<a href=\"".addcommenturl($page)."\">".
+					#translators: Here "Comment" is a verb;
+					#translators: the user clicks on it to
+					#translators: post a comment.
+					gettext("Comment").
+					"</a>";
+			}
+			$template->param(commentslink => $link)
+				if defined $link;
+		}
+	}
+
+	# everything below this point is only relevant to the comments
+	# themselves
+	if (!exists $commentstate{$page}) {
+		return;
+	}
+	
+	if ($template->query(name => 'commentid')) {
+		$template->param(commentid => page_to_id($page));
+	}
+
+	if ($template->query(name => 'commentuser')) {
+		$template->param(commentuser =>
+			$commentstate{$page}{commentuser});
+	}
+
+	if ($template->query(name => 'commentopenid')) {
+		$template->param(commentopenid =>
+			$commentstate{$page}{commentopenid});
+	}
+
+	if ($template->query(name => 'commentip')) {
+		$template->param(commentip =>
+			$commentstate{$page}{commentip});
+	}
+
+	if ($template->query(name => 'commentauthor')) {
+		$template->param(commentauthor =>
+			$commentstate{$page}{commentauthor});
+	}
+
+	if ($template->query(name => 'commentauthorurl')) {
+		$template->param(commentauthorurl =>
+			$commentstate{$page}{commentauthorurl});
+	}
+
+	if ($template->query(name => 'commentauthoravatar')) {
+		$template->param(commentauthoravatar =>
+			$commentstate{$page}{commentauthoravatar});
 	}
-} # }}}
 
+	if ($template->query(name => 'removeurl') &&
+	    IkiWiki::Plugin::remove->can("check_canremove") &&
+	    length $config{cgiurl}) {
+		$template->param(removeurl => IkiWiki::cgiurl(do => 'remove',
+			page => $page));
+		$template->param(have_actions => 1);
+	}
+}
+
+sub addcommenturl ($) {
+	my $page=shift;
+
+	return IkiWiki::cgiurl(do => 'comment', page => $page);
+}
+
+sub num_comments ($$) {
+	my $page=shift;
+	my $dir=shift;
+
+	my @comments=glob("$dir/$page/$config{comments_pagename}*._comment");
+	return int @comments;
+}
+
+sub unique_comment_location ($$$$) {
+	my $page=shift;
+	eval q{use Digest::MD5 'md5_hex'};
+	error($@) if $@;
+	my $content_md5=md5_hex(Encode::encode_utf8(shift));
+	my $dir=shift;
+	my $ext=shift || "._comment";
+
+	my $location;
+	my $i = num_comments($page, $dir);
+	do {
+		$i++;
+		$location = "$page/$config{comments_pagename}${i}_${content_md5}";
+	} while (-e "$dir/$location$ext");
+
+	return $location;
+}
+
+sub page_to_id ($) {
+	# Converts a comment page name into a unique, legal html id
+	# attribute value, that can be used as an anchor to link to the
+	# comment.
+	my $page=shift;
+
+	eval q{use Digest::MD5 'md5_hex'};
+	error($@) if $@;
+
+	return "comment-".md5_hex(Encode::encode_utf8(($page)));
+}
+	
 package IkiWiki::PageSpec;
 
 sub match_postcomment ($$;@) {
 	my $page = shift;
 	my $glob = shift;
 
-	unless ($page =~ s/\[postcomment\]$//) {
+	if (! $postcomment) {
 		return IkiWiki::FailReason->new("not posting a comment");
 	}
-	return match_glob($page, $glob);
+	return match_glob($page, $glob, @_);
+}
+
+sub match_comment ($$;@) {
+	my $page = shift;
+	my $glob = shift;
+
+	if (! $postcomment) {
+		# To see if it's a comment, check the source file type.
+		# Deal with comments that were just deleted.
+		my $source=exists $IkiWiki::pagesources{$page} ?
+			$IkiWiki::pagesources{$page} :
+			$IkiWiki::delpagesources{$page};
+		my $type=defined $source ? IkiWiki::pagetype($source) : undef;
+		if (! defined $type || $type ne "_comment") {
+			return IkiWiki::FailReason->new("$page is not a comment");
+		}
+	}
+
+	return match_glob($page, "$glob/*", internal => 1, @_);
+}
+
+sub match_comment_pending ($$;@) {
+	my $page = shift;
+	my $glob = shift;
+	
+	my $source=exists $IkiWiki::pagesources{$page} ?
+		$IkiWiki::pagesources{$page} :
+		$IkiWiki::delpagesources{$page};
+	my $type=defined $source ? IkiWiki::pagetype($source) : undef;
+	if (! defined $type || $type ne "_comment_pending") {
+		return IkiWiki::FailReason->new("$page is not a pending comment");
+	}
+
+	return match_glob($page, "$glob/*", internal => 1, @_);
 }
 
 1