From 4e2bfe1e17b3bb142aef116e0731d5a8c36d8179 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Sun, 12 Oct 2014 18:03:28 +0100 Subject: [PATCH] comments: don't log remote IP address for signed-in users The intention was that signed-in users (for instance via httpauth, passwordauth or openid) are already adequately identified, but there's nothing to indicate who an anonymous commenter is unless their IP address is recorded. --- IkiWiki/Plugin/comments.pm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index 98ae13810..c5177833f 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -468,12 +468,15 @@ sub editcomment ($$) { $username =~ s/"/"/g; $content .= " username=\"$username\"\n"; } + if (defined $session->param('nickname')) { my $nickname = $session->param('nickname'); $nickname =~ s/"/"/g; $content .= " nickname=\"$nickname\"\n"; } - elsif (defined $session->remote_addr()) { + + if (!(defined $session->param('name') || defined $session->param('nickname')) && + defined $session->remote_addr()) { $content .= " ip=\"".$session->remote_addr()."\"\n"; } -- 2.39.5