arno/isso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,101 Commits 14 Branches 38 Tags 5.8 MiB
8ad5496585
Commit Graph

671 Commits

Author SHA1 Message Date
Martin Zimmermann
e3dedef7ed Merge pull request #167 from albohlabs/feature/ansible 
Add ansible for provisioning
 2015-02-19 22:32:03 +01:00
Martin Zimmermann
4c9a2aba30 fetch polish translation 2015-02-19 18:56:27 +01:00
Daniel Gräber
894086bda2 Fix catch socket timeout and error exceptions 2015-02-19 13:38:48 +01:00
Roland Szabo
2a3075d0fb Catch exception in anonymize function 2015-02-01 17:30:35 +01:00
Martin Zimmermann
26b889d381 Merge remote-tracking branch 'origin/pr/157' 
Conflicts:
	isso/js/app/i18n.js
 2015-01-30 15:43:02 +01:00
Matias
c5496b103d Added spanish translation 
Added spanish translation
 2015-01-29 02:59:52 -03:00
Matias
4d7fc956ab Create es.js 
Added spanish translation
 2015-01-29 02:53:53 -03:00
Martin Zimmermann
e271851b50 fetch greek translation 2015-01-28 23:14:21 +01:00
Jelmer Vernooij
00c4d4149e Import transifex improvements to Dutch translation. 2015-01-21 23:46:50 +01:00
Jelmer Vernooij
dcb7f6457c Add Dutch translations. 2015-01-17 21:54:01 +01:00
Richard Fine
6ac5e8c6d0 Reverted change to demo file; changed web server config to mount the uWSGI app at the root, as it turns out it's capable of serving the demo file itself 2015-01-03 13:07:41 +00:00
Richard Fine
3977a8d00d set up Vagrant support to make it easy to get a dev environment going quickly 2015-01-03 02:00:04 +00:00
Martin Zimmermann
f47df75422 use system's CA certificates for Python 2.7.9 or higher to verify TLS connection 2014-12-25 22:49:28 +01:00
Martin Zimmermann
d70eb160b9 Merge branch 'legacy/0.9' 
Conflicts:
	isso/migrate.py
 2014-12-25 21:53:31 +01:00
Martin Zimmermann
d6602b7fe4 Merge branch 'pr/143' 2014-12-25 21:28:26 +01:00
Martin Zimmermann
7f5ff457c1 integrate swedish translation into Isso 2014-12-25 21:28:15 +01:00
Martin Zimmermann
b45f39e662 resolve when comment is in moderation queue, too 2014-12-25 21:08:10 +01:00
Théo Zimmermann
bba91b3f93 don't lose comment if it failed to create 2014-12-19 15:19:55 +01:00
Gustav Näslund
da47dbd374 Added swedish translation file 2014-12-13 14:29:40 +01:00
Martin Zimmermann
4b97684e22 fix editing when avatars are disabled 2014-11-26 00:06:54 +01:00
Martin Zimmermann
89d6ea076b add --empty-id flag to import weird Disqus exports, fixes #135 2014-11-25 22:59:05 +01:00
Martin Zimmermann
928198f340 update translations 2014-11-16 14:27:42 +01:00
Théo Zimmermann
97015d4034 correct order by in sql request 2014-11-13 13:56:40 +01:00
Martin Zimmermann
4b64615f92 set encoding to UTF-8 for Disqus and WordPress import, also fixes #93 2014-11-12 22:34:07 +01:00
Martin Zimmermann
f0a0f40223 add fallback localStorage implementation if not functional, #134 2014-11-09 22:13:26 +01:00
Martin Zimmermann
d469324392 fix 'undefined name 'buffer'' on Python 3.x 2014-11-09 21:17:36 +01:00
Théo Zimmermann
d0a0ac39b0 bug fixed: was trying to remove an unexisting span.votes 2014-10-17 09:24:53 +02:00
Martin Zimmermann
74363d44ba Merge branch 'legacy/0.9' 
Conflicts:
	CHANGES.rst
	isso/core.py
	setup.py
 2014-10-08 18:06:56 +02:00
Martin Zimmermann
88be07d5de import backports.configparser before configparser, #128 
backports.configparser got a major rewrite and an upgrade from 3.3 to
3.5 imports the wrong configparser module on Python 2.6/2.7.

Hopefully, this commit makes it work again. Alternatively, you can
remove the old configparser module(s):

  rm lib/python2.7/site-packages/configparser*

And re-install configparser from PyPi.
 2014-10-07 12:09:41 +02:00
Martin Zimmermann
9c2a48b388 Merge branch 'legacy/0.9' 
Conflicts:
	CHANGES.rst
	setup.py
 2014-09-25 13:39:47 +02:00
Martin Zimmermann
6a3a9ea114 SMTP authentication uses bytes, not unicode, fixes #126 
Encode configuration variables as ascii, ignoring non-ascii characters
(Python's smtplib is not yet able to support the UTF8SMTP).
 2014-09-25 13:35:39 +02:00
Martin Zimmermann
721e87a843 Merge branch 'legacy/0.9' 
Conflicts:
	CHANGES.rst
	docs/docs/configuration/client.rst
	setup.py
 2014-08-18 13:09:24 +02:00
Martin Zimmermann
c712d196d7 add option to hide voting feature, closes #115 2014-08-18 12:32:16 +02:00
Martin Zimmermann
d21aed83f8 save name, email and website in localStorage, closes #119 2014-08-11 12:48:55 +02:00
Martin Zimmermann
d9098b83f0 use different identifiers to avoid mixin events 2014-08-11 12:48:05 +02:00
Martin Zimmermann
c8acd461d3 do not export email field 2014-08-11 10:39:07 +02:00
Martin Zimmermann
f7e51fd03d Merge branch 'legacy/0.9' 
Conflicts:
	CHANGES.rst
	isso/core.py
	setup.py
 2014-08-10 12:09:11 +02:00
Martin Zimmermann
881788a049 fix <time> semantics and add title attribute, closes #104 
The browser shows a human-readable, absolute timestamp when hovering the
"time ago" element
 2014-08-10 11:33:45 +02:00
Martin Zimmermann
0f1b95a125 add log to file option, closes #103 2014-08-10 10:55:25 +02:00
Martin Zimmermann
8a58afc8e6 fix order of converting HTML back to text 
Fixes a regression introduced by ad9384e, which escapes wanted line
breaks, such as <br /> and <div>.
 2014-08-09 21:01:56 +02:00
Martin Zimmermann
4a8cbcd8f0 limit request size, closes #107 2014-08-09 20:55:02 +02:00
Martin Zimmermann
7008e88314 prevent &nbsp; insertion, closes #112 2014-08-09 20:28:54 +02:00
Martin Zimmermann
7701dafa13 remove old Markup.js module 2014-07-23 19:06:41 +02:00
Martin Zimmermann
57d4380106 fix french 'date-now' 2014-07-16 13:55:49 +02:00
Martin Zimmermann
f0d1958cc0 Merge branch 'legacy/0.9' 
Conflicts:
	CHANGES.rst
	docs/docs/install.rst
	setup.py
 2014-07-13 11:26:23 +02:00
Martin Zimmermann
978d22e77e fix wrong status code type 2014-07-09 23:23:12 +02:00
Martin Zimmermann
ce9781df51 Merge branch 'legacy/0.9' 
Conflicts:
	CHANGES.rst
	isso/core.py
	isso/dispatch.py
	setup.py
 2014-07-09 12:37:53 +02:00
Martin Zimmermann
35acf1e17e from __future__ import unicode_literals 2014-07-09 09:19:48 +02:00
Martin Zimmermann
ad9384e8d7 preserve HTML tags while editing comments 2014-07-06 19:29:42 +02:00
Martin Zimmermann
0c8ec38dda don't scrollIntoView on expanding comments 
A regression introduced in 94ee6a69
 2014-07-06 19:13:58 +02:00
Martin Zimmermann
3975227ada Revert "border-radius only for first and last input" 
If input fields are not close enough to each other, it looks weird. Also
it didn't work in mobile view.

This reverts commit 77d40a99eb.
 2014-07-06 18:39:59 +02:00
Martin Zimmermann
b2b6af24d6 fix clode block generation 
added fenced code blocks to default extension list
 2014-07-06 18:34:06 +02:00
Martin Zimmermann
d386590e57 Merge branch 'legacy/0.9' 2014-06-25 14:35:03 +02:00
Martin Zimmermann
fbb55bf38a add esperanto translation 2014-06-25 14:31:34 +02:00
Martin Zimmermann
221b782157 refactor configuration parsing 
* use a single default configuration, share/isso.conf
* try to use config.new in some tests which are decoupled

A few tests now depend on `isso.dist` to show that they (or the used
objects) have too much dependencies and need to be rewritten.
 2014-06-23 18:03:46 +02:00
Martin Zimmermann
f489ae63d6 Python3.4 now uses system's CA to connect to SMTP via TLS 2014-06-16 19:34:59 +02:00
Martin Zimmermann
396eccfa00 fix error message 2014-06-15 17:04:52 +02:00
Martin Zimmermann
4c697c50fd reuse environment variable 2014-06-15 16:53:33 +02:00
Federico Ceratto
fb28eb85c5 Enable isso settings directory 
Useful to start multiple sites in a simpler way e.g. export ISSO_SETTINGS_DIR=/etc/isso.d/enabled
 2014-06-15 13:54:42 +00:00
Martin Zimmermann
9260e143f1 decouple hash generation from comment view and allow customization 
Tests now use a dummy hash function that does nothing (basically) and
run a bit faster now.
 2014-06-11 14:27:44 +02:00
Martin Zimmermann
91e63c7e5f simplify import format detection 2014-06-11 10:31:44 +02:00
Schoewilliam
ad32243708 Fix issue #97 : Alignment problem with the submission forms fields 2014-05-29 15:52:07 +02:00
Martin Zimmermann
d2644c3ba3 increase Copyright year 2014-05-29 14:16:31 +02:00
Martin Zimmermann
a741c62cd6 use python-passlib fallback on Debian 2014-05-29 13:12:35 +02:00
Martin Zimmermann
211f637569 remove Django's PBKDF2 in favour of werkzeug.security.pbkdf2_hex 2014-05-29 12:38:46 +02:00
Martin Zimmermann
64054ec029 remove unused code, fix pyflakes and jshint hints 2014-05-28 11:05:10 +02:00
Martin Zimmermann
94ee6a6981 use el.on("click") to load more comments and prevent default 2014-05-27 23:18:14 +02:00
Martin Zimmermann
d0a50c7905 fix french translation 2014-05-27 22:41:37 +02:00
Martin Zimmermann
2d37637019 add fr and de translation for postbox-website, fix french translation 2014-05-27 22:32:49 +02:00
Martin Zimmermann
96206b110c fix pagination translations and pluralization 
If a message does not contain '\n', pluralize is not called. Also
replace {{ hidden_replies }} with {{ n }}.
 2014-05-27 22:03:20 +02:00
Martin Zimmermann
8b5462ed2e remove /check-ip 2014-05-27 17:36:03 +02:00
Martin Zimmermann
5d3f178fca remove debug statement 2014-05-27 16:27:42 +02:00
Martin Zimmermann
e00ef92a67 remove now unused parent-hightlight rule 2014-05-27 16:27:02 +02:00
Martin Zimmermann
96620e8cd0 rename .postbox to .isso-postbox 2014-05-27 16:26:05 +02:00
Martin Zimmermann
165caa9620 show all top-level comments (for now) 
There is a bug, when you hide N top-level comments, that shows the wrong
comment count. With a JSON API like data structure, the total comment
count can be sent as a different key, related to #96.
 2014-05-27 16:17:11 +02:00
Martin Zimmermann
8fefe3a616 fix hidden reply to deleted comment (and change a few names) 2014-05-27 16:10:15 +02:00
Martin Zimmermann
6bfd1344ba Merge branch 'remove-avatar-preview' 2014-05-27 14:52:40 +02:00
Martin Zimmermann
e1b4ddb123 remove sha1.js and pbkdf2.js, part of #51 2014-05-27 14:35:29 +02:00
Martin Zimmermann
14fac577df fix syntax 2014-05-27 14:27:35 +02:00
Martin Zimmermann
16663d44f8 hide avatar during editing 2014-05-27 14:27:19 +02:00
Martin Zimmermann
0211322915 remove avatar preview in postbox 2014-05-27 13:56:03 +02:00
Martin Zimmermann
7474be12f0 Merge branch 'add-website-field' 2014-05-27 13:44:45 +02:00
Martin Zimmermann
77d40a99eb border-radius only for first and last input 2014-05-27 13:42:07 +02:00
Martin Zimmermann
065460d78a add tests for website validation 2014-05-27 13:33:29 +02:00
Martin Zimmermann
5b0ce6471a add website input 2014-05-27 13:33:16 +02:00
Martin Zimmermann
fd8465eb1c warn about incorrect notification backends, fix #95 
SMTP is now also recognized as `smtp`backend. You may use multiple
notification backends (separated by comma). Defaults to `stdout`.
 2014-05-27 12:18:40 +02:00
Martin Zimmermann
b60dbd3e42 remove old template 'struct' 2014-05-26 15:50:45 +02:00
Martin Zimmermann
608119e8ce add r.js build optimization for jade plugin 2014-05-26 15:47:09 +02:00
Martin Zimmermann
ccf59fba2a initial support for jade 
Replace Markup.js with Jade [1] for real templating (like expression
evaluation and sane syntax). Jade compiles directly to JavaScript which
makes it possible to only have Jade as build dependency with a tiny
runtime wrapper for the client (around 40% of Markup.js's size).

Templates are rewritten for Jade but do not use all features from Jade
(such as filters, mixins and includes) for now.

A simple requirejs-jade wrapper to compile Jade during runtime is
already included.

i18n
----

I also rewrote the i18n module and moved translation and pluralization
functions back into the module, thus decoupling it from the previous
markup language. The module now exposes:

  * i18n.translate(msgid) -> string
  * i18n.pluralize(msgid, n) -> string

I18n depends on app/config and thus has access to the user's prefered
language and exposes both function with `i18n.lang` already set. If the
msgid was not found, it returns "???" (like Markup.js).

The pluralization function replaces `{{ n }}` with the function argument
just like with Markup.js (to keep the diffs clean).

[1] http://jade-lang.com/
 2014-05-25 23:46:26 +02:00
Martin Zimmermann
7c3bd52821 stub requirejs-text to save ~5kb 2014-05-25 14:59:09 +02:00
Martin Zimmermann
fcc4cd63b4 fix #93 2014-05-24 10:34:46 +02:00
Schoewilliam
dd14bb91db #49 : Comments thread and submission form now support data-isso-avatar="false" 2014-05-22 20:06:31 +04:00
Martin Zimmermann
4f98bca202 hide avatars with data-isso-avatar="false", part of #49 2014-05-21 20:38:29 +02:00
Schoewilliam
34a50910f2 Tweaking the submission form — making it responsive 2014-05-21 21:26:21 +04:00
Schoewilliam
c2dd9d3bb5 getting rid of SCSS 2014-05-21 18:19:11 +04:00
Martin Zimmermann
fb182ae93f Merge branch 'pr-83', closes #83 2014-05-17 11:07:51 +02:00
Martin Zimmermann
e6fdfb03eb do not limit From: field to email address-only, closes #87 
You may now set a full From header, e.g.:

    [smtp]
    from = Foo Bar <spam@local>

If not, the old name "Ich schrei sonst!" is used.
 2014-05-15 10:59:39 +02:00
Martin Zimmermann
5c91a84951 fix uWSGI spooling for Python3 2014-05-15 10:41:33 +02:00
Martin Zimmermann
d5e5e9c7e2 use numerical values in default configuration to match user-provided values 2014-05-03 12:00:46 +02:00
Martin Zimmermann
ed810cdf39 fetch all nested comments when set to 'inf' 2014-05-03 12:00:17 +02:00
Martin Zimmermann
324326c2ba translate Hidden to german and french 2014-05-03 11:58:09 +02:00
Martin Zimmermann
f3a7f65687 remove keyworded function arguments and fix JS hints 2014-05-03 11:23:15 +02:00
Martin Zimmermann
59bfde7c03 idiomatic python 
* make "process_fetched_list" private
* rename fetch_args to args
* a few logic simplifications
 2014-05-03 11:23:12 +02:00
Martin Zimmermann
123ea26ca9 handle WP's query-string "pages" and variable WXR namespaces 
Site links such as /?p=1234 are imported *as is* and maybe do work in
Isso. Do not use a query-based URL structure as permalinks. Ever.

Also, depending on the pages you are going to export, WXR' XML namespace
may change from ../export/1.0/ to ../export/1.2/. Isso tries to import
any WXR 1.x
 2014-05-03 00:16:54 +02:00
Srijan Choudhary
26d26ae71b Add i18n for "Hidden" 2014-05-03 01:37:28 +05:30
Srijan Choudhary
8879db59b8 Show all comments if limit/nested_limit set as inf 2014-05-03 01:17:11 +05:30
Srijan Choudhary
baef73f1e8 Change default values of config params 2014-05-03 01:16:47 +05:30
Srijan Choudhary
ab927e39d0 Add a reveal on click parameter 2014-05-03 01:16:03 +05:30
Srijan Choudhary
2e2fba89a6 Add some tests 2014-05-03 01:14:33 +05:30
Srijan Choudhary
abc0eaaf1d Handle limit/nested_limit zero 
This returns zero comments now
 2014-05-03 01:14:23 +05:30
Martin Zimmermann
346b60a9b3 disqus import imports anonymized IP address now 2014-05-02 11:43:13 +02:00
Martin Zimmermann
39101c2ac7 Disqus import uses Progressbar class as well 2014-05-02 11:40:16 +02:00
Martin Zimmermann
12f8af8434 add initial support to import WordPress comments 2014-04-30 18:57:17 +02:00
Martin Zimmermann
0154113c80 replace assert with assertEqual 2014-04-30 15:24:58 +02:00
Martin Zimmermann
910da2a6c0 refactor disqus migration code into a class 2014-04-30 15:07:11 +02:00
Srijan Choudhary
54b156844b Add max-comments limit for nested replies 2014-04-27 11:44:18 +05:30
Srijan Choudhary
f5da45e525 Correct total comments count 2014-04-26 22:54:55 +05:30
Srijan Choudhary
76d5dbc97f Take max comments to load from config.js 2014-04-25 01:07:40 +05:30
Srijan Choudhary
8dbf4d5337 Client side changes for new API 
* Handle hierarchal comments data format
* New comments fetching parameters: limit, parent, after
* Link to load more comments
 2014-04-25 00:09:48 +05:30
Srijan Choudhary
a5d8a0cfe1 Change in API: hidden_replies field instead of passed_replies 2014-04-25 00:09:48 +05:30
Srijan Choudhary
3c3e83b05c Bug in API: Reply count should also filter by the after value passed 2014-04-25 00:09:48 +05:30
Srijan Choudhary
8fdceeaafb Handle edge cases occuring in tests 2014-04-25 00:09:48 +05:30
Srijan Choudhary
71024cea70 API update - new comments format 2014-04-25 00:09:48 +05:30
Martin Zimmermann
a753efe42d add doctype and charset 2014-04-24 17:38:53 +02:00
Srijan Choudhary
cb0acc5ac0 Add a basic demo page 2014-04-24 01:22:30 +05:30
Martin Zimmermann
b9102b44e2 fix russian translation for "Anonymous" 2014-04-23 10:23:55 +02:00
Martin Zimmermann
344f94e5a0 rm forward (reference) arrow 2014-04-21 10:27:37 +02:00
Martin Zimmermann
1e5878bec3 auto-correct wrong/invalid parent to max nesting level of 1 2014-04-21 10:23:45 +02:00
Martin Zimmermann
ce14726f2f set parent to null if parent is not top-level comment 2014-04-20 18:24:00 +02:00
Martin Zimmermann
24adafa25b increase db version after migration 2014-04-20 16:38:13 +02:00
Martin Zimmermann
9ee0a1a2eb reply to comment now nests to max. level of 1, part of #79 2014-04-20 16:30:18 +02:00
Martin Zimmermann
5d2daa1244 add db migration, part of #79 2014-04-20 15:39:43 +02:00
Martin Zimmermann
f09b6b9bdb preserve line breaks when editing comments, finally closes #77 2014-04-09 10:34:13 +02:00
Martin Zimmermann
5ab3a7bed4 remove white-space: pre, closes #77 2014-03-29 18:47:02 +01:00
Martin Zimmermann
765a91fefb return first item of [general] -> host if origin is hidden 
A minor regression introduced by the latest refactorings. A functional
test is now included. Only affects Firefox users that use non-SSL and
supress their HTTP Referer completely
 2014-03-29 12:58:08 +01:00
Martin Zimmermann
c4430c857c add test for database migration 2014-03-28 13:20:43 +01:00
Martin Zimmermann
0233619d35 mv specs/ to tests/ 2014-03-28 12:20:37 +01:00
Martin Zimmermann
fb68f9a820 adjust coverage generation a bit 2014-03-28 12:18:44 +01:00
Martin Zimmermann
5166e69265 remove doctest-ignore-unicode dependency 2014-03-28 12:09:14 +01:00
Martin Zimmermann
4fa0f0d8ea fix server time offset calculation for IE10 2014-03-28 11:48:29 +01:00
Martin Zimmermann
e393711859 use HTTP_REFERER as fallback if HTTP_ORIGIN is not sent 
Also refactor those function a bit and move doctests into a separate
module.
 2014-03-28 11:48:26 +01:00
Martin Zimmermann
09451ff707 replace textarea with a content-editable div 
Mainly because of the sluggish auto-resize "feature" which comes for
free when using a content-editable div.

If you use a custom CSS, make sure you replace textarea (element with
.textarea (class) and set `white-space: pre`.
 2014-03-27 14:29:56 +01:00
Martin Zimmermann
638ddc6359 pass event through for $.on 2014-03-27 09:53:07 +01:00
Martin Zimmermann
dd0837c0f7 remove superscript extension from Markdown 
Unexpected behavior for popular smileys like "^^" which does not render
properly and thus, needs to be escaped (like \^\^). If you want to
re-enable superscript, add

    [markup]
    options = superscript
    allowed-elements = sup

to your configuration.
 2014-03-25 23:03:33 +01:00
Martin Zimmermann
78b34ecdd2 return only publicely visible comments on /count 
A regression introduced by 5ce48de.
 2014-03-25 19:01:07 +01:00
Martin Zimmermann
5ce48de94a add POST request to get comment counts for multiple URLs 
The old way via `GET /count?uri=...` still works, but is now deprecated
and might be removed in future releases.
The new way is much more efficient especially fore multiple listings.

The internal implemention is improvable though.
 2014-03-25 18:50:21 +01:00
Martin Zimmermann
da782654b2 remove warning when SMTP is not configured as notifcation backend 2014-03-20 17:07:42 +01:00
Martin Zimmermann
e4ad81cde0 exit if no website(s) are configured and remove default host 2014-03-20 17:07:38 +01:00
Martin Zimmermann
d69bfc2511 fix visual update up/downvote 2014-03-20 16:32:28 +01:00
Martin Zimmermann
0b816a0677 store session-key in database (once generated on db creation), #74 
Store a random session key used to sign and verify comment ownership
once the database is initialized, not on every application startup.

Currently fixed session keys in [general] session-key are migrated into
the database on startup. The configuration parser will notice you about
the change and suggest you to remove this option.
 2014-03-20 16:32:25 +01:00
Martin Zimmermann
8f293ad435 configurable avatar colors 
* data-isso-avatar-bg="#f0f0f0" sets the background color
* data-isso-avatar-fg="#0abf99 #5698c4 etc." sets up to 8 different
  forground colors
 2014-03-10 22:02:13 +01:00
Martin Zimmermann
c6e9c7eee4 Revert "run tests without depending on an already installed instance" 
Breaks CLI (and probably other modules that use `dist.version`):

    [*]~/d/isso:master> isso -c sample.cfg run
    Traceback (most recent call last):
    File "/home/.../dev/isso/bin/isso", line 9, in <module>
        load_entry_point('isso==0.8.dev0', 'console_scripts', 'isso')()
    File "/home/.../dev/isso/isso/__init__.py", line 198, in main
        parser.add_argument('--version', action='version', version='%(prog)s ' + dist.version)
    AttributeError: 'module' object has no attribute 'version

This reverts commit 4e5e8c44f7.
 2014-03-09 15:30:33 +01:00
Martin Zimmermann
a94472d062 add BSD license header to crypto.py 2014-03-09 12:18:15 +01:00
eroen
4e5e8c44f7 run tests without depending on an already installed instance 2014-03-08 22:32:21 +01:00
Martin Zimmermann
83361fbdac improve "time from now" helper, based on moment.js 
http://momentjs.com/docs/#/displaying/fromnow/
 2014-03-06 12:05:51 +01:00
Martin Zimmermann
ffd5882810 Merge branch 'fix-time-ago', closes #69 2014-03-06 12:05:05 +01:00
Martin Zimmermann
9a678e4691 an attempt to address #69 
Add a global-like object that stores the delta from server time and
client time in a list and use the resulting average to "correct"
utils.ago diffs.
 2014-03-06 11:44:33 +01:00
Martin Zimmermann
8540d45fae cumtime is only available in Python 2.7.4 or later 2014-03-06 11:32:25 +01:00
Martin Zimmermann
772730dbcd fix make_app logic 2014-03-06 11:05:22 +01:00
Martin Zimmermann
c4b80ff702 make CORS middleware more generic to use 2014-03-04 15:40:21 +01:00
Martin Zimmermann
3b248b293f set SMTP timeout to 10 seconds and make it configurable, ref 9a735e8 2014-03-04 09:47:54 +01:00
Martin Zimmermann
72c38c2312 set day_diff to 0 if negative, related to #69 2014-03-03 23:47:26 +01:00
Martin Zimmermann
9a735e8eac initial SMTP connection now timeouts after 5 seconds, closes #70 2014-03-03 23:42:35 +01:00
Martin Zimmermann
9272e7390f Merge branch 'feature/configurable-markdown', closes #62 2014-02-18 17:36:09 +01:00
Martin Zimmermann
1b0a74e188 expand db path, closes #68 2014-02-18 17:34:14 +01:00
Martin Zimmermann
d93d77c8c7 refactor markup and sanitization code 
This commit introduces a new configuration section [markup] to refine
Misaka's Markdown extensions (by default strikethrough, superscript and
autolink).

Furthermore, you can set custom HTML elements/attributes that are
allowed, e.g. to enable images, set

  [markup]
  allowed-elements = img
  allowed-attributes = src

The refactorization separates HTML sanitization from Markdown -> HTML
and allows to include new markup languages such as BB Code or
reStructuredText.
 2014-02-18 16:59:51 +01:00
Martin Zimmermann
6071a85787 add Config.getlist method 2014-02-18 16:51:04 +01:00
Martin Zimmermann
3d9665b523 remove now obsolete Makefile 2014-02-03 11:00:11 +01:00
Martin Zimmermann
1c3c826ada replace requirejs-domready with a (self-made) HTML5 idiom, #51 
This commit removes yet another dependency. The provided domready
function is compatible with IE9, Firefox and Safari/Chrome.

Inspired by:

* http://stackoverflow.com/a/15580098
* https://github.com/requirejs/domReady/blob/master/domReady.js
 2014-02-03 10:54:54 +01:00
Martin Zimmermann
f3e5d8dc1c add support for html5lib==0.95, fixes #60 
The python-html5lib package in Debian Wheezy does not support
`etree` as tree builder (called `simpletree` back then).
 2014-01-30 20:49:11 +01:00
Martin Zimmermann
14a2f82134 s/tls/starttls/ 2014-01-26 18:35:52 +01:00
Jocelyn Delande
cbf63f5a4e default smtp to port=587 and security=starttls 2014-01-26 17:17:09 +01:00
Martin Zimmermann
baff120800 fix french pluralform 2014-01-25 22:19:59 +01:00
Martin Zimmermann
cbd449dcd0 Merge branch 'transifex' 2014-01-16 12:01:04 +01:00
Martin Zimmermann
3a1f92b8bd use html5lib's sanitizer, supersedes 3713d5e 
Python's HTMLParser is smart enough to filter malicious tags but fails
to repair invalid, user-inputted HTML. Instead of re-inventing the
wheel, Isso now uses html5lib's HTMLSanitizer with a whitelist of all
tags generated by Sundown.

Disallowed tags are discarded from the output to match the previous
unittests. This feature is only available for html5lib 0.99(9) and
later. Earlier releases just escape disallowed tags.
 2014-01-13 19:11:59 +01:00
Martin Zimmermann
3713d5e8ee allow raw HTML markup for a few (whitelisted) tags 
To be compatible with comments from Disqus (and users unfamiliar with
Markdown), Misaka no longer disables user-inputted HTML, but the
generated HTML is now post-processed and all "unsafe" tags (not
possible with Markdown) are discarded.

Whitelist: p, a, pre, blockquote, h1-h6, em, sub, sup, del, ins, math,
           dl, ol, ul, li

This commit also removes an unnecessary newline generated by
Misaka/Sundown.
 2014-01-12 14:44:39 +01:00
Martin Zimmermann
36d702c7bc proper use of Misaka's HTML render flags (fix malicious HTML injection) 
This commit now sanitizes *all* HTML tags written by the user (also
prevents auto-link to "unsafe" web protocols and images) as intended.

Fortunately because of Sundown's typography support, it did not affect
JS injection, but custom style tags and iframes.

PS: thanks to the anonymous submitter of a comment including a style tag
for 24pt, red font ;-)
 2014-01-12 12:58:24 +01:00
Martin Zimmermann
dcd473967b Merge branch 'remove-q-lib' 2014-01-07 14:36:06 +01:00
Martin Zimmermann
6006a12778 fix wrong logic when vote counter stays at zero (e.g. self-vote) 2014-01-07 14:29:51 +01:00
Martin Zimmermann
306d2d9f9e log 5xx errors 
Also, fix console.log usage.
 2014-01-07 14:28:12 +01:00
Martin Zimmermann
a29393ee3f replace kriskowal/q with 50 LoC homebrew implementation, part of #51 
As a result, it is no longer possible to chain promises
(then().then().then(etc.)), but that is actually not an issue for Isso.

The deferred/promise implementation is roughly based on
http://stackoverflow.com/a/17722683 and stackp/promisejs.
 2014-01-07 14:28:10 +01:00
Martin Zimmermann
bfae158bde update translations from Transifex (initial pull) 2014-01-06 18:21:30 +01:00
Martin Zimmermann
9dd066c6a6 reflect security = ... in docs and print warning if used 2014-01-01 22:20:00 +01:00
Thomas Sileo
a322cf673a Bugfix 2013-12-26 22:22:48 +01:00
Thomas Sileo
e50ecc7811 Removed debug info 2013-12-26 19:22:55 +01:00
Thomas Sileo
08313c191c Added reply notification for commenter 2013-12-26 19:19:15 +01:00
Chimo
658e065f23 Adds STARTTLS support to SMTP notifications 2013-12-19 23:36:06 -05:00
Martin Zimmermann
85e637d017 simplify JSON response 2013-12-19 08:56:14 +01:00
Martin Zimmermann
905bd63eee CORS middleware must return bytes 2013-12-19 08:55:53 +01:00
Martin Zimmermann
82da63a81b check if hash is a base-16 string 2013-12-19 08:55:06 +01:00
Martin Zimmermann
e244227f41 convert proxy object to string before passing to urllib 2013-12-19 08:09:09 +01:00
Martin Zimmermann
cbee3f7b2e clarify copyright headers 2013-12-18 16:21:35 +01:00
Martin Zimmermann
a728d3e32d add doctest for IPv6 mapped IPv4 addresses 2013-12-18 13:08:57 +01:00
Martin Zimmermann
2a86b46893 add test for disqus import 2013-12-18 13:08:54 +01:00
Martin Zimmermann
f81b955aa5 use SHA1 instead of MD5 to verify comment owner 2013-12-18 13:01:09 +01:00
Martin Zimmermann
29a825b575 remove unused utility functions 2013-12-18 13:01:05 +01:00
Martin Zimmermann
65f260d0ba show session-key on application startup 
Maybe useful to see that it really changes if unset. Also reduced key
size to 16 bytes form /dev/urandom (cosmetic reason, still enough).
 2013-12-17 13:40:32 +01:00
Martin Zimmermann
a4213e4304 update docstrings for isso.db 2013-12-17 13:30:37 +01:00
Martin Zimmermann
c99fe3d583 remove unused SQLite3.mode attribute 2013-12-17 13:18:43 +01:00
Martin Zimmermann
fcd0a01de3 make_app uses threading.Lock now by default 
Uses keyword arguments to use multiprocessing or uwsgi mixin. This
fixes an issue on exotic *BSDs such as NetBSD where Python comes not
with inter-process semaphores (issue 3307):

     mod_wsgi (pid=14365): Target WSGI script '/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi' cannot be loaded as Python module.
     mod_wsgi (pid=14365): Exception occurred processing WSGI script '/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi'.
     Traceback (most recent call last):
       File "/var/www/vhosts/my.hostname.org/htdocs/isso.wsgi", line 8, in <module>
         application = make_app(Config.load("/var/www/vhosts/my.hostname.org/htdocs/isso.cfg"))
       File "/usr/pkg/lib/python2.7/site-packages/isso/__init__.py", line 155, in make_app
         isso = App(conf)
       File "/usr/pkg/lib/python2.7/site-packages/isso/__init__.py", line 91, in __init__
         super(Isso, self).__init__(conf)
       File "/usr/pkg/lib/python2.7/site-packages/isso/core.py", line 223, in __init__
         self.lock = multiprocessing.Lock()
       File "/usr/pkg/lib/python2.7/multiprocessing/__init__.py", line 175, in Lock
         from multiprocessing.synchronize import Lock
       File "/usr/pkg/lib/python2.7/multiprocessing/synchronize.py", line 59, in <module>
         " function, see issue 3770.")
     ImportError: This platform lacks a functioning sem_open implementation, therefore, the required synchronization primitives needed will not function, see issue 3770.
 2013-12-16 15:40:18 +01:00
Martin Zimmermann
9db762ad5e italian translation by alzeco 2013-12-12 17:30:40 +01:00
Martin Zimmermann
525b2db6f1 fix french pluralization 2013-12-12 17:29:26 +01:00
Martin Zimmermann
150726df13 Merge branch 'feature/27', override thread id 2013-12-12 13:07:57 +01:00
Martin Zimmermann
77df31d06f override thread discovery with data-isso-id="...", close #27 2013-12-12 13:04:29 +01:00
Martin Zimmermann
79112940e6 reduce heading size in comments, fix #26 2013-12-12 12:10:50 +01:00
Martin Zimmermann
c5daa66c82 remove old CSS rule 2013-12-12 12:10:02 +01:00
Martin Zimmermann
990688f6e0 Merge branch 'fix/multsite' 2013-12-08 19:20:46 +01:00
Martin Zimmermann
adc722359d move application export to isso.run 
When using Gunicorn or uWSGI to run `isso.dispatch` it would
automatically initialize and a default Isso instance (and cause
several logging messages), although never used.

If you use uWSGI or Gunicorn, you have to change the module from
`isso` to `isso.run`.
 2013-12-08 19:15:08 +01:00
Martin Zimmermann
b15f17738e isso.dispatch now dispatches multiple sites based on relative URLs 
The previous approach using a custom X-Custom header did work for the
client-side, but not for activation and deletion links. Now, you need
to add a `name = foo` option to the general section. `isso.dispatch`
then binds this configuration to /foo and can distinguish all API
calls without a special HTTP header.
 2013-12-08 19:09:56 +01:00
Martin Zimmermann
ac74418179 move dispatch into isso package 2013-12-08 17:41:07 +01:00
Martin Zimmermann
fc984bb656 add Date header, close #42 2013-12-07 13:17:56 +01:00
Martin Zimmermann
232e2fb474 another approach to fix #40 (return 403 on false Content-Type) 
When an attacker uses a <form> to downvote a comment, the browser
*should* add a `Content-Type: ...` header with three possible values:

    * application/x-www-form-urlencoded
    * multipart/form-data
    * text/plain

If the header is not sent or requests `application/json`, the
request is not forged (XHR is restricted by CORS separately).
 2013-12-04 23:36:48 +01:00
Martin Zimmermann
1db06bbf39 Revert "HTTP Origin is only sent on cross-origin requests in Firefox" 
Revert "use Referer instead of Origin when using IE"
Revert "fix unittests"
Revert "check if Origin matches Host to mitigate CSRF, part of #40"

This reverts commit 9376511485c70deaf908aa67bcdc8f0c9a0b003e.
This reverts commit 9a03cca793.
This reverts commit 4c16ba76cc.
This reverts commit 32e4b70510.
 2013-12-04 17:09:22 +01:00
Martin Zimmermann
b839b2be31 HTTP Origin is only sent on cross-origin requests in Firefox 
Therefore, only raise Forbidden if Origin (or Referer for MSIE) is sent
(which is a protected header and all modern browsers (except IE)).

Also add a basic unit test which asserts the failure for false origins.
 2013-12-04 17:09:22 +01:00
Laurent Arnoud
02db978308 Add check with blank text 2013-12-04 00:35:09 +01:00
Martin Zimmermann
6f504ee8f5 show modal dialog before delete or activate comments, close #36 
The URL sent in the email returns a short HTML document where
JS creates a modal dialog. If continued, the browser sends a
POST request to the same URL.
 2013-12-02 13:07:11 +01:00
Martin Zimmermann
83b48d5db6 use el.getAttribute instead of el.dataset to support IE10 m( 2013-12-02 12:14:26 +01:00
Martin Zimmermann
9a03cca793 use Referer instead of Origin when using IE 
* IE10 (and 11) do not send HTTP_ORIGIN when requesting a URL no in
    the same origin, although recommended by WHATWG [1]
  * if IE10 is used, use the referer. If this header is supressed by the
    user, it won't work (and I don't care).

IE10 needs to die, seriously:

> We have a long-standing interoperability difference with other browsers
> where we treat different ports as same-origin whereas other browsers
> treat them as cross-origin.

via https://connect.microsoft.com/IE/feedback/details/781303/origin-header-is-not-added-to-cors-requests-to-same-domain-but-different-port

[1] http://tools.ietf.org/html/draft-abarth-origin-09
 2013-12-02 12:12:21 +01:00
Martin Zimmermann
4c16ba76cc fix unittests 2013-12-01 13:40:11 +01:00
Martin Zimmermann
32e4b70510 check if Origin matches Host to mitigate CSRF, part of #40 2013-12-01 13:40:08 +01:00
Martin Zimmermann
6e31111554 add application object into ns only when using uwsgi and gunicorn 2013-11-29 14:22:21 +01:00
Martin Zimmermann
baabd30e74 more descriptive logging 2013-11-29 14:21:43 +01:00
Martin Zimmermann
ce950259b4 show traceback when smtp connection failed 2013-11-25 17:02:04 +01:00
Martin Zimmermann
896b4f5e33 support for gunicorn (and other pre-forking wsgi servers) 2013-11-25 13:51:11 +01:00
Martin Zimmermann
aa65873fa6 uWSGI works also with multiprocessing.Lock 2013-11-25 13:50:43 +01:00
Martin Zimmermann
6405f258f3 replace nested middleware calls with reduce and partials 2013-11-25 13:38:51 +01:00
Martin Zimmermann
c9c0df229a Merge branch 'feature/info' 2013-11-21 11:17:24 +01:00
Martin Zimmermann
8dac5375b6 add /info view for debugging purposes 2013-11-21 11:09:33 +01:00
Martin Zimmermann
5449b0cea4 add route for comment activation 2013-11-21 10:17:42 +01:00
Martin Zimmermann
63a7df1099 translate deletion and activation links 2013-11-21 10:17:29 +01:00
Martin Zimmermann
598b08bd1c add russian translation 
http://docs.translatehouse.org/projects/localization-guide/en/latest/l10n/pluralforms.html
 2013-11-18 11:00:33 +01:00
Martin Zimmermann
8196f3f465 remove unnecessary imports 2013-11-17 15:49:25 +01:00
Martin Zimmermann
17aa3e6fc5 use english text for mail notifications 2013-11-17 15:44:40 +01:00
Martin Zimmermann
b9158a660c move SocketHTTPServer to isso/wsgi.py 2013-11-17 11:57:41 +01:00
Martin Zimmermann
9c94e66702 add fr.js to i18n module, appendum to #38 2013-11-17 11:28:24 +01:00
Martin Zimmermann
aeb7c35d8f override useragent's language with data-isso-lang 2013-11-17 11:27:48 +01:00
Martin Zimmermann
2e9c21db15 add X-Origin to GET requests, so isso.dispatch works on a single host 2013-11-17 11:16:46 +01:00
Martin Zimmermann
b21e216b06 mv app/fancy to /app/lib/fancy 2013-11-16 23:41:52 +01:00
Martin Zimmermann
edafc5f88f client configuration for reply-to-self 
also: move data-isso-* configuration to app/config
 2013-11-16 22:21:00 +01:00
Martin Zimmermann
64c0d770c6 remove edit and remove buttons when comment is marked as deleted 2013-11-16 21:42:11 +01:00
Martin Zimmermann
519112a8fc add some documentation 2013-11-16 21:41:54 +01:00
Martin Zimmermann
320cb7313f upgrade notifications for old configuration values 2013-11-16 20:54:21 +01:00
Martin Zimmermann
2446e6ac6a Merge pull request #38 from sploinga/master 
French translation
 2013-11-16 11:36:56 -08:00
Sploinga
5a20a4a4bf French translation 2013-11-16 20:32:21 +01:00
Martin Zimmermann
5e7ee3dffd use <link> tag to extract the relative post url, fixes #37 
The <id> tag does not necessarily contains the full URL, but also
relative URLs:

    <id>http://example.com/foo/bar.html</id>
    <id>/foo/bar.html</id>
    <id>foo/bar.html</id>
 2013-11-16 20:30:48 +01:00
Martin Zimmermann
0be3c69e1d Merge branch 'fix/spam-guard' 2013-11-13 21:30:23 +01:00
Martin Zimmermann
d4e7ee134d add option reply-to-self, defaults to false 2013-11-13 21:20:32 +01:00
Martin Zimmermann
9f2062a900 fix #35 
Also add an option `direct-reply` to control the number of comments
on a thread without referencing a child (to avoid a simple while loop
that `curl -XPOST ...` the url).

Defaults to 3, that means a /24 (or /48 for IPv6) address can only post
3 direct responses on a thread at all.
 2013-11-13 20:42:56 +01:00
Martin Zimmermann
5cbda11158 Merge branch 'fix/bloomfilter' 2013-11-13 20:08:08 +01:00
Martin Zimmermann
6178e93348 add database migration 
Clear voters bloomfilter and initialize with an (almost) empty one.
 2013-11-13 20:07:23 +01:00