X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/9a99c4c6e2228954b27e1e93e2b66c12a74850ac..1ef40ff68370aba85e9816221675a8edd7a308f5:/IkiWiki/Plugin/comments.pm

diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm
index a0ca9f32e..c5177833f 100644
--- a/IkiWiki/Plugin/comments.pm
+++ b/IkiWiki/Plugin/comments.pm
@@ -438,6 +438,16 @@ sub editcomment ($$) {
 			$page));
 	}
 
+	# There's no UI to get here, but someone might construct the URL,
+	# leading to a comment that exists in the repository but isn't
+	# shown
+	if (!pagespec_match($page, $config{comments_pagespec},
+		location => $page)) {
+		error(sprintf(gettext(
+			"comments on page '%s' are not allowed"),
+			$page));
+	}
+
 	if (pagespec_match($page, $config{comments_closed_pagespec},
 		location => $page)) {
 		error(sprintf(gettext(
@@ -458,12 +468,15 @@ sub editcomment ($$) {
 		$username =~ s/"/"/g;
 		$content .= " username=\"$username\"\n";
 	}
+
 	if (defined $session->param('nickname')) {
 		my $nickname = $session->param('nickname');
 		$nickname =~ s/"/"/g;
 		$content .= " nickname=\"$nickname\"\n";
 	}
-	elsif (defined $session->remote_addr()) {
+
+	if (!(defined $session->param('name') || defined $session->param('nickname')) &&
+		defined $session->remote_addr()) {
 		$content .= " ip=\"".$session->remote_addr()."\"\n";
 	}