X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/9a99c4c6e2228954b27e1e93e2b66c12a74850ac..f5a1550441a9d58652d93deacc333f143a7ecfbd:/IkiWiki/Plugin/comments.pm?ds=inline

diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm
index a0ca9f32e..b47f965e7 100644
--- a/IkiWiki/Plugin/comments.pm
+++ b/IkiWiki/Plugin/comments.pm
@@ -198,7 +198,6 @@ sub preprocess {
 		$commentuser = $params{username};
 
 		my $oiduser = eval { IkiWiki::openiduser($commentuser) };
-
 		if (defined $oiduser) {
 			# looks like an OpenID
 			$commentauthorurl = $commentuser;
@@ -206,10 +205,17 @@ sub preprocess {
 			$commentopenid = $commentuser;
 		}
 		else {
-			$commentauthorurl = IkiWiki::cgiurl(
-				do => 'goto',
-				page => IkiWiki::userpage($commentuser)
-			);
+			my $emailuser = IkiWiki::emailuser($commentuser);
+			if (defined $emailuser) {
+				$commentuser=$emailuser;
+			}
+
+			if (length $config{cgiurl}) {
+				$commentauthorurl = IkiWiki::cgiurl(
+					do => 'goto',
+					page => IkiWiki::userpage($commentuser)
+				);
+			}
 
 			$commentauthor = $commentuser;
 		}
@@ -221,22 +227,9 @@ sub preprocess {
 		$commentauthor = gettext("Anonymous");
 	}
 
-	$commentstate{$page}{commentuser} = $commentuser;
-	$commentstate{$page}{commentopenid} = $commentopenid;
-	$commentstate{$page}{commentip} = $commentip;
-	$commentstate{$page}{commentauthor} = $commentauthor;
-	$commentstate{$page}{commentauthorurl} = $commentauthorurl;
-	$commentstate{$page}{commentauthoravatar} = $params{avatar};
-	if (! defined $pagestate{$page}{meta}{author}) {
-		$pagestate{$page}{meta}{author} = $commentauthor;
-	}
-	if (! defined $pagestate{$page}{meta}{authorurl}) {
-		$pagestate{$page}{meta}{authorurl} = $commentauthorurl;
-	}
-
 	if ($config{comments_allowauthor}) {
 		if (defined $params{claimedauthor}) {
-			$pagestate{$page}{meta}{author} = $params{claimedauthor};
+			$commentauthor = $params{claimedauthor};
 		}
 
 		if (defined $params{url}) {
@@ -248,12 +241,21 @@ sub preprocess {
 			}
 
 			if (safeurl($url)) {
-				$pagestate{$page}{meta}{authorurl} = $url;
+				$commentauthorurl = $url;
 			}
 		}
 	}
-	else {
+
+	$commentstate{$page}{commentuser} = $commentuser;
+	$commentstate{$page}{commentopenid} = $commentopenid;
+	$commentstate{$page}{commentip} = $commentip;
+	$commentstate{$page}{commentauthor} = $commentauthor;
+	$commentstate{$page}{commentauthorurl} = $commentauthorurl;
+	$commentstate{$page}{commentauthoravatar} = $params{avatar};
+	if (! defined $pagestate{$page}{meta}{author}) {
 		$pagestate{$page}{meta}{author} = $commentauthor;
+	}
+	if (! defined $pagestate{$page}{meta}{authorurl}) {
 		$pagestate{$page}{meta}{authorurl} = $commentauthorurl;
 	}
 
@@ -354,7 +356,8 @@ sub editcomment ($$) {
 	my @page_types;
 	if (exists $IkiWiki::hooks{htmlize}) {
 		foreach my $key (grep { !/^_/ && isallowed($_) } keys %{$IkiWiki::hooks{htmlize}}) {
-			push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key];
+			push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key]
+				unless $IkiWiki::hooks{htmlize}{$key}{nocreate};
 		}
 	}
 	@page_types=sort @page_types;
@@ -438,6 +441,16 @@ sub editcomment ($$) {
 			$page));
 	}
 
+	# There's no UI to get here, but someone might construct the URL,
+	# leading to a comment that exists in the repository but isn't
+	# shown
+	if (!pagespec_match($page, $config{comments_pagespec},
+		location => $page)) {
+		error(sprintf(gettext(
+			"comments on page '%s' are not allowed"),
+			$page));
+	}
+
 	if (pagespec_match($page, $config{comments_closed_pagespec},
 		location => $page)) {
 		error(sprintf(gettext(
@@ -454,17 +467,20 @@ sub editcomment ($$) {
 	my $content = "[[!comment format=$type\n";
 
 	if (defined $session->param('name')) {
-		my $username = $session->param('name');
+		my $username = IkiWiki::cloak($session->param('name'));
 		$username =~ s/"/"/g;
 		$content .= " username=\"$username\"\n";
 	}
+
 	if (defined $session->param('nickname')) {
 		my $nickname = $session->param('nickname');
 		$nickname =~ s/"/"/g;
 		$content .= " nickname=\"$nickname\"\n";
 	}
-	elsif (defined $session->remote_addr()) {
-		$content .= " ip=\"".$session->remote_addr()."\"\n";
+
+	if (!(defined $session->param('name') || defined $session->param('nickname')) &&
+		defined $session->remote_addr()) {
+		$content .= " ip=\"".IkiWiki::cloak($session->remote_addr())."\"\n";
 	}
 
 	if ($config{comments_allowauthor}) {
@@ -494,8 +510,7 @@ sub editcomment ($$) {
 		$subject = "comment ".(num_comments($page, $config{srcdir}) + 1);
 	}
 	$content .= " subject=\"$subject\"\n";
-
-	$content .= " date=\"" . strftime_utf8('%Y-%m-%dT%H:%M:%SZ', gmtime) . "\"\n";
+	$content .= " date=\"" . commentdate() . "\"\n";
 
 	my $editcontent = $form->field('editcontent');
 	$editcontent="" if ! defined $editcontent;
@@ -623,6 +638,10 @@ sub editcomment ($$) {
 	exit;
 }
 
+sub commentdate () {
+	strftime_utf8('%Y-%m-%dT%H:%M:%SZ', gmtime);
+}
+
 sub getavatar ($) {
 	my $user=shift;
 	return undef unless defined $user;
@@ -901,16 +920,18 @@ sub pagetemplate (@) {
 	}
 
 	if ($shown) {
+		my $absolute = $template->param('wants_absolute_urls');
+
 		if ($template->query(name => 'commentsurl')) {
 			$template->param(commentsurl =>
-				urlto($page).'#comments');
+				urlto($page, undef, $absolute).'#comments');
 		}
 
 		if ($template->query(name => 'atomcommentsurl') && $config{usedirs}) {
 			# This will 404 until there are some comments, but I
 			# think that's probably OK...
 			$template->param(atomcommentsurl =>
-				urlto($page).'comments.atom');
+				urlto($page, undef, $absolute).'comments.atom');
 		}
 
 		if ($template->query(name => 'commentslink')) {
@@ -999,7 +1020,7 @@ sub num_comments ($$) {
 	return int @comments;
 }
 
-sub unique_comment_location ($$$$) {
+sub unique_comment_location ($$$;$) {
 	my $page=shift;
 	eval q{use Digest::MD5 'md5_hex'};
 	error($@) if $@;