From 57d43801062844c27da75f48c184a684aaa74d75 Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Wed, 16 Jul 2014 13:55:49 +0200
Subject: [PATCH 01/10] fix french 'date-now'

---
 isso/js/app/i18n/fr.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/isso/js/app/i18n/fr.js b/isso/js/app/i18n/fr.js
index cb0c006..e29d024 100644
--- a/isso/js/app/i18n/fr.js
+++ b/isso/js/app/i18n/fr.js
@@ -17,7 +17,7 @@ define({
     "comment-queued": "Commentaire en attente de modération.",
     "comment-anonymous": "Anonyme",
     "comment-hidden": "1 caché\n{{ n }} cachés",
-    "date-now": "À l'instant'",
+    "date-now": "À l'instant",
     "date-minute": "Il y a une minute\nIl y a {{ n }} minutes",
     "date-hour": "Il y a une heure\nIl y a {{ n }} heures ",
     "date-day": "Hier\nIl y a {{ n }} jours",

From 7008e88314b6d86e640e7e96e4886bc0d6e8492f Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Sat, 9 Aug 2014 20:28:54 +0200
Subject: [PATCH 02/10] prevent &nbsp; insertion, closes #112

---
 isso/js/app/utils.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/isso/js/app/utils.js b/isso/js/app/utils.js
index f5f4992..2e3943a 100644
--- a/isso/js/app/utils.js
+++ b/isso/js/app/utils.js
@@ -57,7 +57,8 @@ define(["app/i18n"], function(i18n) {
         var _ = document.createElement("div");
         _.innerHTML = html.replace(/<div><br><\/div>/gi, '<br>')
                           .replace(/<div>/gi,'<br>')
-                          .replace(/<br>/gi, '\n');
+                          .replace(/<br>/gi, '\n')
+                          .replace(/&nbsp;/gi, ' ');
         return _.textContent.trim();
     };
 

From 4a8cbcd8f05c2e6e2eac403651bdce1787036623 Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Sat, 9 Aug 2014 20:55:02 +0200
Subject: [PATCH 03/10] limit request size, closes #107

---
 isso/utils/__init__.py | 4 +++-
 isso/views/comments.py | 3 +++
 isso/wsgi.py           | 9 +++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/isso/utils/__init__.py b/isso/utils/__init__.py
index 1dfb517..924e9a1 100644
--- a/isso/utils/__init__.py
+++ b/isso/utils/__init__.py
@@ -8,9 +8,11 @@ werkzeug = pkg_resources.get_distribution("werkzeug")
 import json
 import hashlib
 
-from werkzeug.wrappers import Request, Response
+from werkzeug.wrappers import Response
 from werkzeug.exceptions import BadRequest
 
+from isso.wsgi import Request
+
 try:
     import ipaddress
 except ImportError:
diff --git a/isso/views/comments.py b/isso/views/comments.py
index 04910b7..5008d27 100644
--- a/isso/views/comments.py
+++ b/isso/views/comments.py
@@ -142,6 +142,9 @@ class API(object):
         if len(comment["text"].rstrip()) < 3:
             return False, "text is too short (minimum length: 3)"
 
+        if len(comment["text"]) > 65535:
+            return False, "text is too long (maximum length: 65535)"
+
         if len(comment.get("email") or "") > 254:
             return False, "http://tools.ietf.org/html/rfc5321#section-4.5.3"
 
diff --git a/isso/wsgi.py b/isso/wsgi.py
index a2753f9..50214f3 100644
--- a/isso/wsgi.py
+++ b/isso/wsgi.py
@@ -17,6 +17,7 @@ except ImportError:
     from BaseHTTPServer import HTTPServer
 
 from werkzeug.serving import WSGIRequestHandler
+from werkzeug.wrappers import Request as _Request
 from werkzeug.datastructures import Headers
 
 from isso.compat import string_types
@@ -148,6 +149,14 @@ class CORSMiddleware(object):
         return self.app(environ, add_cors_headers)
 
 
+class Request(_Request):
+
+    # Assuming UTF-8, comments with 65536 characters would consume
+    # 128 kb memory. The remaining 128 kb cover additional parameters
+    # and WSGI headers.
+    max_content_length = 256 * 1024
+
+
 class SocketWSGIRequestHandler(WSGIRequestHandler):
 
     def run_wsgi(self):

From 8a58afc8e6633008356259ff368862a273248f7e Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Sat, 9 Aug 2014 21:01:56 +0200
Subject: [PATCH 04/10] fix order of converting HTML back to text

Fixes a regression introduced by ad9384e, which escapes wanted line
breaks, such as <br /> and <div>.
---
 isso/js/app/utils.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/isso/js/app/utils.js b/isso/js/app/utils.js
index 2e3943a..d7bddf4 100644
--- a/isso/js/app/utils.js
+++ b/isso/js/app/utils.js
@@ -63,8 +63,9 @@ define(["app/i18n"], function(i18n) {
     };
 
     var detext = function(text) {
-        return escape(text.replace(/\n\n/gi, '<br><div><br></div>')
-                          .replace(/\n/gi, '<br>'));
+        text = escape(text);
+        return text.replace(/\n\n/gi, '<br><div><br></div>')
+                   .replace(/\n/gi, '<br>');
     };
 
     return {

From 0f1b95a1255f47ad9aafeb0d21bf9fadbd26a178 Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Sun, 10 Aug 2014 10:55:25 +0200
Subject: [PATCH 05/10] add log to file option, closes #103

---
 docs/docs/configuration/server.rst |  4 ++++
 isso/__init__.py                   | 11 ++++++++++-
 isso/core.py                       |  1 +
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/docs/docs/configuration/server.rst b/docs/docs/configuration/server.rst
index 16ba15c..6faf61f 100644
--- a/docs/docs/configuration/server.rst
+++ b/docs/docs/configuration/server.rst
@@ -44,6 +44,7 @@ session key and hostname. Here are the default values for this section:
     host =
     max-age = 15m
     notify = stdout
+    log-file =
 
 dbpath
     file location to the SQLite3 database, highly recommended to change this
@@ -86,6 +87,9 @@ notify
         Send notifications via SMTP on new comments with activation (if
         moderated) and deletion links.
 
+log-file
+    Log console messages to file instead of standard out.
+
 
 .. _CORS: https://developer.mozilla.org/en/docs/HTTP/Access_control_CORS
 
diff --git a/isso/__init__.py b/isso/__init__.py
index f2745c6..527e480 100644
--- a/isso/__init__.py
+++ b/isso/__init__.py
@@ -70,7 +70,7 @@ from isso.views import comments
 
 from isso.ext.notifications import Stdout, SMTP
 
-logging.getLogger('werkzeug').setLevel(logging.ERROR)
+logging.getLogger('werkzeug').setLevel(logging.WARN)
 logging.basicConfig(
     level=logging.INFO,
     format="%(asctime)s %(levelname)s: %(message)s")
@@ -232,6 +232,15 @@ def main():
 
         sys.exit(0)
 
+    if conf.get("general", "log-file"):
+        handler = logging.FileHandler(conf.get("general", "log-file"))
+
+        logger.addHandler(handler)
+        logging.getLogger("werkzeug").addHandler(handler)
+
+        logger.propagate = False
+        logging.getLogger("werkzeug").propagate = False
+
     if not any(conf.getiter("general", "host")):
         logger.error("No website(s) configured, Isso won't work.")
         sys.exit(1)
diff --git a/isso/core.py b/isso/core.py
index af85054..0672f54 100644
--- a/isso/core.py
+++ b/isso/core.py
@@ -96,6 +96,7 @@ class Config:
         "host = ",
         "max-age = 15m",
         "notify = stdout",
+        "log-file = ",
         "[moderation]",
         "enabled = false",
         "purge-after = 30d",

From 881788a0496d96ac69873914872c1e985ad17e5e Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Sun, 10 Aug 2014 11:33:45 +0200
Subject: [PATCH 06/10] fix <time> semantics and add title attribute, closes
 #104

The browser shows a human-readable, absolute timestamp when hovering the
"time ago" element
---
 isso/js/app/isso.js           |  2 +-
 isso/js/app/jade.js           | 13 ++++++++++++-
 isso/js/app/text/comment.jade |  2 +-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/isso/js/app/isso.js b/isso/js/app/isso.js
index 4312d45..168e3ea 100644
--- a/isso/js/app/isso.js
+++ b/isso/js/app/isso.js
@@ -101,7 +101,7 @@ define(["app/dom", "app/utils", "app/config", "app/api", "app/jade", "app/i18n",
 
         // update datetime every 60 seconds
         var refresh = function() {
-            $(".permalink > date", el).textContent = utils.ago(
+            $(".permalink > time", el).textContent = utils.ago(
                 globals.offset.localTime(), new Date(parseInt(comment.created, 10) * 1000));
             setTimeout(refresh, 60*1000);
         };
diff --git a/isso/js/app/jade.js b/isso/js/app/jade.js
index 805338c..46d6269 100644
--- a/isso/js/app/jade.js
+++ b/isso/js/app/jade.js
@@ -21,6 +21,13 @@ define(["libjs-jade-runtime", "app/utils", "jade!app/text/postbox", "jade!app/te
     load("comment-loader", tt_comment_loader);
 
     set("bool", function(arg) { return arg ? true : false; });
+    set("humanize", function(date) {
+        if (typeof date !== "object") {
+            date = new Date(parseInt(date, 10) * 1000);
+        }
+
+        return date.toString();
+    });
     set("datetime", function(date) {
         if (typeof date !== "object") {
             date = new Date(parseInt(date, 10) * 1000);
@@ -30,7 +37,11 @@ define(["libjs-jade-runtime", "app/utils", "jade!app/text/postbox", "jade!app/te
             date.getUTCFullYear(),
             utils.pad(date.getUTCMonth(), 2),
             utils.pad(date.getUTCDay(), 2)
-        ].join("-");
+        ].join("-") + "T" + [
+            utils.pad(date.getUTCHours(), 2),
+            utils.pad(date.getUTCMinutes(), 2),
+            utils.pad(date.getUTCSeconds(), 2)
+        ].join(":") + "Z";
     });
 
     return {
diff --git a/isso/js/app/text/comment.jade b/isso/js/app/text/comment.jade
index 1167d5b..cbbb245 100644
--- a/isso/js/app/text/comment.jade
+++ b/isso/js/app/text/comment.jade
@@ -12,7 +12,7 @@ div(class='isso-comment' id='isso-#{comment.id}')
                     = bool(comment.author) ? comment.author : i18n('comment-anonymous')
             span(class="spacer") •
             a(class='permalink' href='#isso-#{comment.id}')
-                date(datetime='#{datetime(comment.created)}')
+                time(title='#{humanize(comment.created)}' datetime='#{datetime(comment.created)}')
             span(class='note')
                 = comment.mode == 2 ? i18n('comment-queued') : comment.mode == 4 ? i18n('comment-deleted') : ''
 

From 5e76d406dcc4c960f0746595e83b6911fc16f421 Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Sun, 10 Aug 2014 11:45:12 +0200
Subject: [PATCH 07/10] add link to Docker image

---
 docs/docs/install.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/docs/install.rst b/docs/docs/install.rst
index 21657fb..c0b4518 100644
--- a/docs/docs/install.rst
+++ b/docs/docs/install.rst
@@ -139,6 +139,8 @@ Prebuilt Packages
 * Arch Linux: https://aur.archlinux.org/packages/isso/
   – install with `yaourt isso`.
 
+* Docker Image: https://registry.hub.docker.com/u/bl4n/isso/
+
 Install from Source
 -------------------
 

From 77508ffb3a090c92c8729777ad16b0ccacabbef1 Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Sun, 10 Aug 2014 11:59:40 +0200
Subject: [PATCH 08/10] add changes for 0.9.5

---
 CHANGES.rst | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 2d9943f..620f52b 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -4,7 +4,24 @@ Changelog for Isso
 0.9.5 (unreleased)
 ------------------
 
-- Nothing changed yet.
+- prevent no-break space (&nbsp;) insertion to enable manual line breaks using
+  two trailing spaces (as per Markdown convention), #112
+
+- limit request size to 256 kb, #107
+
+  Previously unlimited or limited by proxy server). 256 kb is a rough
+  approximation of the next database schema with comments limited to 65535
+  characters and additional fields.
+
+- add support for logging to file, #103
+
+    [general]
+    log-file =
+
+- show timestamp when hovering <time>, #104
+
+- fix a regression when editing comments with multiple paragraphs introduced
+  in 0.9.3 which would HTML escape manually inserted linebreaks.
 
 
 0.9.4 (2014-07-09)

From 3e8d8f0122917d59738d8565899d18f5e1059f99 Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Sun, 10 Aug 2014 11:59:47 +0200
Subject: [PATCH 09/10] Preparing release 0.9.5

---
 CHANGES.rst | 2 +-
 setup.py    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 620f52b..2ef7254 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,7 +1,7 @@
 Changelog for Isso
 ==================
 
-0.9.5 (unreleased)
+0.9.5 (2014-08-10)
 ------------------
 
 - prevent no-break space (&nbsp;) insertion to enable manual line breaks using
diff --git a/setup.py b/setup.py
index d7ce269..c83df59 100644
--- a/setup.py
+++ b/setup.py
@@ -18,7 +18,7 @@ else:
 
 setup(
     name='isso',
-    version='0.9.5.dev0',
+    version='0.9.5',
     author='Martin Zimmermann',
     author_email='info@posativ.org',
     packages=find_packages(),

From 1a4b252bfe788b7dda88d9771e9a0498aafdd928 Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Sun, 10 Aug 2014 12:00:18 +0200
Subject: [PATCH 10/10] Back to development: 0.9.6

---
 CHANGES.rst | 6 ++++++
 setup.py    | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 2ef7254..42b6282 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,6 +1,12 @@
 Changelog for Isso
 ==================
 
+0.9.6 (unreleased)
+------------------
+
+- Nothing changed yet.
+
+
 0.9.5 (2014-08-10)
 ------------------
 
diff --git a/setup.py b/setup.py
index c83df59..0f505ae 100644
--- a/setup.py
+++ b/setup.py
@@ -18,7 +18,7 @@ else:
 
 setup(
     name='isso',
-    version='0.9.5',
+    version='0.9.6.dev0',
     author='Martin Zimmermann',
     author_email='info@posativ.org',
     packages=find_packages(),