X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/21add7ffa87a5e622d18bdbb24c638c15bdb3800..b4471d44184a03180ad19a98673d52752ce73b46:/doc/todo/comments.mdwn diff --git a/doc/todo/comments.mdwn b/doc/todo/comments.mdwn index 832441be1..7a113bee3 100644 --- a/doc/todo/comments.mdwn +++ b/doc/todo/comments.mdwn @@ -10,31 +10,21 @@ > it's hard enough to get some people to title their blog posts :-) > --[[smcv]] -* If a spammer posts a comment, it is either impossible or hard to clean - up via the web. Would be nice to have some kind of link on the comment - that allows trusted users to remove it (using the remove plugin of - course). - - > Won't the remove plugin refuse to remove internal pages? This would be - > a good feature to have, though. --[[smcv]] - - > Here, FWIW, is the first ikiwiki comment spam I've seen: - > - > So that took about 10 days... - > --[[Joey]] - -## Patches pending merge - -* There is some common code cargo-culted from other plugins (notably inline and editpage) which - should probably be shared - - > Actually, there's less of this now than there used to be - a lot of simple - > things that were shared have become unshareable as they became more - > complex. --[[smcv]] +## Won't fix - > There's still goto. You have a branch for that. --[[Joey]] +* Because IkiWiki generates static HTML, we can't have a form inlined in + page.tmpl where the user fills in an entire comment and can submit it in + a single button-press, without being vulnerable to cross-site request forgery. + So I'll put this in as wontfix. --[[smcv]] -## Won't fix + > Surely there's a way around that? + > A web 2.0 way comes to mind: The user clicks on a link + > to open the comment post form. While the nasty web 2.0 javascript :) + > is manipulating the page to add the form to it, it looks at the cookie + > and uses that to insert a sid field. + > + > Or, it could have a mandatory preview page and do the CSRF check then. + > --[[Joey]] * It would be useful to have a pagespec that always matches all comments on pages matching a glob. Something like `comment(blog/*)`. @@ -60,6 +50,17 @@ ## Done +* There is some common code cargo-culted from other plugins (notably inline and editpage) which + should probably be shared + + > Actually, there's less of this now than there used to be - a lot of simple + > things that were shared have become unshareable as they became more + > complex. --[[smcv]] + + > There's still goto. You have a branch for that. --[[Joey]] + + >> Now merged --[[smcv]] + * The default template should have a (?) icon next to unauthenticated users (with the IP address as title) and an OpenID icon next to OpenIDs @@ -104,6 +105,7 @@ > and c42f174e fix another `beautify_urlpath` bug and add a regression test > --[[smcv]] + * Now that inline has some comments-specific functionality anyway, it would be good to output `` in Atom and the equivalent in RSS. @@ -147,3 +149,22 @@ first. --[[smcv]] > done --[[Joey]] + +* If a spammer posts a comment, it is either impossible or hard to clean + up via the web. Would be nice to have some kind of link on the comment + that allows trusted users to remove it (using the remove plugin of + course). + + > Won't the remove plugin refuse to remove internal pages? This would be + > a good feature to have, though. --[[smcv]] + + > Here, FWIW, is the first ikiwiki comment spam I've seen: + > + > So that took about 10 days... + > --[[Joey]] + + >> Implemented in my 'comments' branch, please review. It turns out + >> [[plugins/remove]] is happy to remove internal pages, so it was quite + >> easy to do. --[[smcv]] + + >>> done --[[Joey]]