diff options
author | wentasah <wentasah@web> | 2013-03-05 06:44:16 -0400 |
---|---|---|
committer | admin <admin@branchable.com> | 2013-03-05 06:44:16 -0400 |
commit | 42998e226a74a81b68a7e52b983ccdb90f196062 (patch) | |
tree | 2155a73c270a77e09a6691fdad051b854c8ed307 | |
parent | 61de91ae847177e55fa871c4e6a0acb7b1acaf82 (diff) | |
download | ikiwiki-42998e226a74a81b68a7e52b983ccdb90f196062.tar ikiwiki-42998e226a74a81b68a7e52b983ccdb90f196062.tar.gz |
-rw-r--r-- | doc/todo/Restrict_formats_allowed_for_comments.mdwn | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/doc/todo/Restrict_formats_allowed_for_comments.mdwn b/doc/todo/Restrict_formats_allowed_for_comments.mdwn new file mode 100644 index 000000000..cfae38465 --- /dev/null +++ b/doc/todo/Restrict_formats_allowed_for_comments.mdwn @@ -0,0 +1,97 @@ +I want to write my blog posts in a convenient format (Emacs org mode) +but do not want commenters to be able to use this format for security +reasons. This patch allows to configure which formats are allowed for +writing comments. + +Effectively, it restricts the formats enabled with add_plugin to those +mentioned in comments_allowformats. If this is empty, all formats are +allowed, which is the behavior without this patch. + +The patch can be pulled from my repo ([gitweb](https://rtime.felk.cvut.cz/gitweb/sojka/ikiwiki.git/commitdiff/c42fd7d7580d081f3e3f624fd74219b0435230f6?hp=bfc9dc93c9f64a9acfff4683b69995d5a0edb0ea)) + + git pull git://rtime.felk.cvut.cz/sojka/ikiwiki.git restrict-comment-formats +--- + +<pre> +From c42fd7d7580d081f3e3f624fd74219b0435230f6 Mon Sep 17 00:00:00 2001 +From: Michal Sojka <sojkam1@fel.cvut.cz> +Date: Tue, 5 Mar 2013 10:54:51 +0100 +Subject: [PATCH] Add configuration to restrict the formats allowed for + comments + +I want to write my blog posts in a convenient format (Emacs org mode) +but do not want commenters to be able to use this format for security +reasons. This patch allows to configure which formats are allowed for +writing comments. + +Effectively, it restricts the formats enabled with add_plugin to those +mentioned in comments_allowformats. If this is empty, all formats are +allowed, which is the behavior without this patch. +--- + IkiWiki/Plugin/comments.pm | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm +index 285013e..151e839 100644 +--- a/IkiWiki/Plugin/comments.pm ++++ b/IkiWiki/Plugin/comments.pm +@@ -90,6 +90,15 @@ sub getsetup () { + safe => 0, + rebuild => 0, + }, ++ comments_allowformats => { ++ type => 'string', ++ default => '', ++ example => 'mdwn txt', ++ description => 'Restrict formats for comments to (no restriction if empty)', ++ safe => 1, ++ rebuild => 0, ++ }, ++ + } + + sub checkconfig () { +@@ -101,6 +110,8 @@ sub checkconfig () { + unless defined $config{comments_closed_pagespec}; + $config{comments_pagename} = 'comment_' + unless defined $config{comments_pagename}; ++ $config{comments_allowformats} = '' ++ unless defined $config{comments_allowformats}; + } + + sub htmlize { +@@ -128,12 +139,18 @@ sub safeurl ($) { + } + } + ++sub isallowed ($) { ++ my $format = shift; ++ return ! $config{comments_allowformats} || $config{comments_allowformats} =~ /\b$format\b/; ++} ++ + sub preprocess { + my %params = @_; + my $page = $params{page}; + + my $format = $params{format}; +- if (defined $format && ! exists $IkiWiki::hooks{htmlize}{$format}) { ++ if (defined $format && (! exists $IkiWiki::hooks{htmlize}{$format} || ++ ! isallowed($format))) { + error(sprintf(gettext("unsupported page format %s"), $format)); + } + +@@ -332,7 +349,7 @@ sub editcomment ($$) { + + my @page_types; + if (exists $IkiWiki::hooks{htmlize}) { +- foreach my $key (grep { !/^_/ } keys %{$IkiWiki::hooks{htmlize}}) { ++ foreach my $key (grep { !/^_/ && isallowed($_) } keys %{$IkiWiki::hooks{htmlize}}) { + push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key]; + } + } +-- +1.7.10.4 + +</pre> + +[[!tag patch]] |