comment removal question

[ikiwiki] / doc / todo / comments.mdwn

# Known issues with the [[plugins/comments]] plugin

## Unimplemented

* Instead of just a link to add a comment, it could have a form to enter
  the title, similar to the form for adding a new blog post.

  > I'm not sure this is so useful? On Livejournal titles are allowed on
  > comments, but very rarely used (and indeed usually not very useful);
  > it's hard enough to get some people to title their blog posts :-)
  > --[[smcv]]

* Having enabled anonok and leads to the undesirable situation, that everybody is able to remove every comment. Is there an easy workaround, or am I missing something? --[[wiebel]]

## Won't fix

* Because IkiWiki generates static HTML, we can't have a form inlined in
  page.tmpl where the user fills in an entire comment and can submit it in
  a single button-press, without being vulnerable to cross-site request forgery.
  So I'll put this in as wontfix. --[[smcv]]

  > Surely there's a way around that?
  > A web 2.0 way comes to mind: The user clicks on a link
  > to open the comment post form. While the nasty web 2.0 javascript :)
  > is manipulating the page to add the form to it, it looks at the cookie
  > and uses that to insert a sid field.
  > 
  > Or, it could have a mandatory preview page and do the CSRF check then.
  > --[[Joey]]

* It would be useful to have a pagespec that always matches all comments on
  pages matching a glob. Something like `comment(blog/*)`.
  Perhaps postcomment could also be folded into this? Then the pagespec
  would match both existing comments, as well as new comments that are
  being posted.

  > Please see [[plugins/comments/discussion]]. If I've convinced you that
  > internal pages are the way forward, then sure, we can do that, because
  > people who can comment still won't be able to edit others' comments
  > (one of my goals is that commenters can't put words into each other's
  > mouths :-) )
  >
  > On the other hand, if you still want me to switch this plugin to "real"
  > pages, or if internal pages might become editable in future, then
  > configuring lockedit/anonok so a user X can add comments to blog pages
  > would also let X edit/delete comments on blog pages (including those
  > written by others) in arbitrary ways, which doesn't seem good. --[[smcv]]

  > I had a look at implementing comment() and fell afoul of
  > some optimisations that assume only internal() will be used to match
  > internal pages. So probably this isn't worth doing. --[[Joey]]

## Done

* There is some common code cargo-culted from other plugins (notably inline and editpage) which
  should probably be shared

  > Actually, there's less of this now than there used to be - a lot of simple
  > things that were shared have become unshareable as they became more
  > complex. --[[smcv]]

  > There's still goto. You have a branch for that. --[[Joey]] 

  >> Now merged --[[smcv]]

* The default template should have a (?) icon next to unauthenticated users (with the IP address
  as title) and an OpenID icon next to OpenIDs

  > Done in my comments git branch, at least as a mockup (using the (?),
  > {x} and {*} smileys for anonymous, OpenID and login respectively).
  > --[[smcv]]

  >> I've improved this to use independent icons from the wikiicons
  >> directory (untested!) --[[smcv]]

  >>> The new code produces links like /wikiisons/openid.png, which
  >>> fail if ikiwiki is not at the root of the web server. --[[Joey]]

  >>>> Sorry, I should have spotted that (the assumption failed on my demo
  >>>> site, but the push to that site was when I was on the way out, so I
  >>>> didn't have time to investigate). As a note for other ikiwiki hackers,
  >>>> I should have used
  >>>> `<img src="<TMPL_VAR NAME=BASEURL>wikiicons/openid.png" />`. --[[smcv]]

  >>> I got to wondering if the icons are needed. On my comments branch
  >>> (not master), I've dropped the icons and info can be seen by hovering
  >>> over the author's name. Idea being that you probably don't care how
  >>> they authenticated unless something is weird, and in that case you
  >>> can hover to check. Does that make sense, should I merge it?
  >>> --[[Joey]]

  >>>> Yeah, go ahead. I preferred my layout with the author before the
  >>>> comment - perhaps that's Livejournal's influence :-) - but I can always
  >>>> edit the templates for my own site. As long as the default is something
  >>>> reasonable and both layouts are possible, I don't really mind.
  >>>> Minimizing the number of "resource" files in the basewiki also seems
  >>>> a good goal. --[[smcv]]

* Previews always say "unknown IP address"

  > Fixed in my comments branch by commits bc66a00b and 95b3bbbf --[[smcv]]

* The Comments link in the "toolbar" is to `index.html#comments`, not the
  desired `./#comments`

  > Fixed in my comments branch by commit 0844bd0b; commits 5b1cf21a
  > and c42f174e fix another `beautify_urlpath` bug and add a regression test
  > --[[smcv]]


* Now that inline has some comments-specific functionality anyway, it would
  be good to output `<link rel="comments">` in Atom and the equivalent in RSS.

  > Fixed in my comments branch by d0d598e4, 3feebe31, 9e5f504e --[[smcv]]


* Add `COMMENTOPENID`: the authenticated/verified user name, if and only if it was an OpenID

  > Done in my comments git branch --[[smcv]]

  > Not seeing it there, which branch? --[[Joey]]

  >> Bah, git push --all is not the default... 'comments' branch now (I've also rebased it).
  >> Sorry, I'm on mobile Internet at the moment... --[[smcv]]

  >>> merged by [[Joey]] in commit 0f03af38 --[[smcv]]

* Should the comments be visually set off more from the page above?
  Rather than just a horizontal rule, I'm thinking put the comments
  in a box like is used for inlined pages.

  > I did put them in a box in the CSS... I agree the default template
  > could do with visual improvement though. --[[smcv]]

  >> I'll consider this solved by [[Joey]]'s changes. --[[smcv]]

* One can use inline to set up a feed of all comments posted to any page.
  Using template=comment they are displayed right. Only problem
  is there is no indication in that template of what page each comment in the
  feed is a comment on. So, if a comment is inlined into a different page,
  I think it should show a link back to the page commented on.
  (BTW, the rss feed in this situation seems ok; there the link element
  points back to the parent page.

  > done --[[Joey]]

* One of Joey's commit messages says "Not ideal, it would be nicer to jump to
  the actual comment posted, but no anchor is available". In fact there is
  an anchor - the `\[[_comment]]` preprocessing wraps the comment in a `<div>`
  with id="comment_123" or something. I'll fix this, unless Joey gets there
  first. --[[smcv]]

  > done --[[Joey]]

* If a spammer posts a comment, it is either impossible or hard to clean
  up via the web. Would be nice to have some kind of link on the comment
  that allows trusted users to remove it (using the remove plugin of
  course).

  > Won't the remove plugin refuse to remove internal pages? This would be
  > a good feature to have, though. --[[smcv]]

  > Here, FWIW, is the first ikiwiki comment spam I've seen:
  > <http://waldeneffect.org/blog/Snake_bite_information/#blog/Snake_bite_information/comment_1>
  > So that took about 10 days...
  > --[[Joey]] 

  >> Implemented in my 'comments' branch, please review. It turns out
  >> [[plugins/remove]] is happy to remove internal pages, so it was quite
  >> easy to do. --[[smcv]]

  >>> done --[[Joey]]