23 Commits

Author SHA1 Message Date
Damian Mooyman
9087261654 Better XSS Protection via hashed token
Allows moderation links to be generated for users other than the currently logged in user, as it doesn't rely on the current session.
2015-03-30 14:56:28 +13:00
catcher
a5e00eccd7 -added config option 'require_moderation_nonmembers' - when set, only comments posted by non-members will require moderation
-comment bodies now populate with previous value after validation errors (i.e. spam protection)
2013-06-04 14:12:16 -06:00
Ingo Schommer
ea3fc6ad2b 3.1 compat 2013-04-11 14:23:03 +02:00
Ingo Schommer
25561d17a8 API Removed ajax comment submission
The JS logic didn't account for edge cases like scrolling
to the inserted comment, or attaching the comment in the right sorting logic,
on the right pagination page. It also doesn't show any "loading" indication,
so is bad usability for the majority of users. A standard form submission
does the same job better in this case. Note that this doesn't affect
the ability to moderate/delete comments via ajax.

Replaced 'use_ajax_commenting' with 'include_js',
since its important for behaviour other than comment submission itself,
e.g. showing previews (doesn't work without JS)
2013-03-19 11:21:29 +01:00
Will Rossiter
3a4a1dd4b4 FIX Ensure comments are escaped in RSS feeds.
FIX Also fix up preview to only output the comment content rather than the whole template.

FIX Hide preview after posting comment.

API Move AllowHtml to field to prevent issues with altering Html configuration after comments have been posted.

FIX If moderation is turned on for commenting, still render comments in preview mode.
2013-03-05 22:01:42 +13:00
Ingo Schommer
0cf5f66783 NEW Comment previews 2013-03-04 12:10:59 +01:00
Shea Dawson
ca638e367a ENHANCEMENT clientside validation messages sourced from customisable serverside code. Several small bugfixes also 2013-02-20 19:40:53 +13:00
Shea Dawson
6a0323415b Completed the ajax commenting functionality 2013-02-20 19:40:53 +13:00
Simon Welsh
dda00c5452 Update to use filter() instead of where() 2012-12-16 17:31:53 +13:00
Gordon Anderson
3b321bcabc BUGFIX: Added missing onAfterPostComment hook 2012-11-27 19:56:21 +07:00
Kirk Mayo
7689623503 BUG: Fixing moderation on the comments module 2012-08-09 23:13:02 +12:00
Will Rossiter
6d3597095f FIX: Implement paginated list for RSS feed. Fixes #31.
Includes functional tests for the RSSFeed but currently commented out until that feature lands in the main framework.
2012-07-31 20:45:29 +12:00
Ruud Arentsen
d606187ab7 fixed the issue that the form wouldn't submit
fixed the issue that the form wouldn't submit on require_login = true.
E-mail field needed to be hidden as well.
2012-07-26 09:12:05 +02:00
Will Rossiter
a3328641e7 FIX: use template for storing pending comment message. 2012-07-22 13:50:17 +12:00
Will Rossiter
c50740846c FIX: exclude pending comments in RSS feed. 2012-07-22 13:43:42 +12:00
Will Rossiter
95667fdf41 FIX: restore spam, rss, delete, approve and ham controller actions on the front end. 2012-07-22 13:30:33 +12:00
Will Rossiter
6d1c5f2b30 MINOR: updated isAjax() calls to 3.0 compatible api 2012-06-02 09:34:35 +12:00
Shea
0adf17d363 fixed some api compatibility issues, added a basic comment gridfield to comment admin 2012-06-01 16:34:31 +10:00
Ingo Schommer
5b014b8496 SECURITY Using JSON instead of serialize() to stringify user data in PageCommentsInterface 2011-09-15 16:37:10 +02:00
Lamin Barrow
56109bb860 Fixed typo in
static $allowed_actions = array(
		'delete',
		'CommentsForm',
		'doPostCommentz'
	);

to

static $allowed_actions = array(
		'delete',
		'CommentsForm',
		'doPostComment'
	);
2011-02-05 14:48:48 -08:00
Will Rossiter
d9580ed600 FEATURE: added delete comment functionality. MINOR: added documentation 2010-12-11 18:01:19 +13:00
Will Rossiter
008e2c0143 BUGFIX: use the commenting configuration for getting correct comment permalinks. BUGFIX: perserve the correct ordering of comments in the front end 2010-12-07 13:34:17 +13:00
Will Rossiter
d06a9a12bc ENHANCEMENT: allow comment area ids to be set in the configuration class allowing multiple forms on a single page. APICHANGE: migrated Comment::moderation() to the per type setting in the Commenting class 2010-12-06 23:08:38 +13:00