diff options
| author | Michal Sojka <sojkam1@fel.cvut.cz> | 2013-03-05 10:54:51 +0100 |
|---|---|---|
| committer | Michal Sojka <sojkam1@fel.cvut.cz> | 2013-03-05 11:00:29 +0100 |
| commit | c42fd7d7580d081f3e3f624fd74219b0435230f6 (patch) | |
| tree | c65ba76cd19c329eeb6e25ea080d4c7a7ef9b65c /IkiWiki | |
| parent | bfc9dc93c9f64a9acfff4683b69995d5a0edb0ea (diff) | |
| download | ikiwiki-c42fd7d7580d081f3e3f624fd74219b0435230f6.tar ikiwiki-c42fd7d7580d081f3e3f624fd74219b0435230f6.tar.gz | |
Add configuration to restrict the formats allowed for comments
I want to write my blog posts in a convenient format (Emacs org mode)
but do not want commenters to be able to use this format for security
reasons. This patch allows to configure which formats are allowed for
writing comments.
Effectively, it restricts the formats enabled with add_plugin to those
mentioned in comments_allowformats. If this is empty, all formats are
allowed, which is the behavior without this patch.
Diffstat (limited to 'IkiWiki')
| -rw-r--r-- | IkiWiki/Plugin/comments.pm | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index 285013e49..151e839d0 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -90,6 +90,15 @@ sub getsetup () { safe => 0, rebuild => 0, }, + comments_allowformats => { + type => 'string', + default => '', + example => 'mdwn txt', + description => 'Restrict formats for comments to (no restriction if empty)', + safe => 1, + rebuild => 0, + }, + } sub checkconfig () { @@ -101,6 +110,8 @@ sub checkconfig () { unless defined $config{comments_closed_pagespec}; $config{comments_pagename} = 'comment_' unless defined $config{comments_pagename}; + $config{comments_allowformats} = '' + unless defined $config{comments_allowformats}; } sub htmlize { @@ -128,12 +139,18 @@ sub safeurl ($) { } } +sub isallowed ($) { + my $format = shift; + return ! $config{comments_allowformats} || $config{comments_allowformats} =~ /\b$format\b/; +} + sub preprocess { my %params = @_; my $page = $params{page}; my $format = $params{format}; - if (defined $format && ! exists $IkiWiki::hooks{htmlize}{$format}) { + if (defined $format && (! exists $IkiWiki::hooks{htmlize}{$format} || + ! isallowed($format))) { error(sprintf(gettext("unsupported page format %s"), $format)); } @@ -332,7 +349,7 @@ sub editcomment ($$) { my @page_types; if (exists $IkiWiki::hooks{htmlize}) { - foreach my $key (grep { !/^_/ } keys %{$IkiWiki::hooks{htmlize}}) { + foreach my $key (grep { !/^_/ && isallowed($_) } keys %{$IkiWiki::hooks{htmlize}}) { push @page_types, [$key, $IkiWiki::hooks{htmlize}{$key}{longname} || $key]; } } |