comments: don't log remote IP address for signed-in users
authorSimon McVittie <smcv@debian.org>
Sun, 12 Oct 2014 17:03:28 +0000 (18:03 +0100)
committerSimon McVittie <smcv@debian.org>
Sun, 12 Oct 2014 17:03:28 +0000 (18:03 +0100)
The intention was that signed-in users (for instance via httpauth,
passwordauth or openid) are already adequately identified, but
there's nothing to indicate who an anonymous commenter is unless
their IP address is recorded.

IkiWiki/Plugin/comments.pm

index 98ae13810200269a34fbfb8b24093e26dc5ad4bb..c5177833f2430d28860e26bdeca1356c6b7a03eb 100644 (file)
@@ -468,12 +468,15 @@ sub editcomment ($$) {
                $username =~ s/"/&quot;/g;
                $content .= " username=\"$username\"\n";
        }
+
        if (defined $session->param('nickname')) {
                my $nickname = $session->param('nickname');
                $nickname =~ s/"/&quot;/g;
                $content .= " nickname=\"$nickname\"\n";
        }
-       elsif (defined $session->remote_addr()) {
+
+       if (!(defined $session->param('name') || defined $session->param('nickname')) &&
+               defined $session->remote_addr()) {
                $content .= " ip=\"".$session->remote_addr()."\"\n";
        }