On 08.07.2012 22:33, Daniel Gruno wrote:
> [ ] +1: Adopt the comments.a.o system in the 2.2 and 2.4 branch of docs
> [ ] 0: I don't care
> [ ] -1: Don't adopt the system, because....
Thanks for enduring your work on this - glad to see that it has become
comments.a.o. in the meantime! I'm in favor of enabling it for 2.2/2.4,
generally speaking, but am having some concerns with regard to the
proposed approval policy: it changed from the "Comments will be
moderated by appointed moderators" to "Comments will, in general, be
allowed through without pre-approval. Comments with hyperlinks in them
will require approval from a moderator before they are shown on the
site" [1].
Auto-approval of comments makes me feel somewhat uneasy - on the one
hand, there's the risk of inappropriate/incorrect content appearing on
httpd.apache.org and going unnoticed for some time, and on the other
hand, this means that input validation ("Name" and "Comment" fields in
particular) has to be very tight... is
http://c.apaste.info/source/add_comment.lua the current version of the
code which validates the input? (If so, it's e.g. missing checks for
https URIs, and at least at first sight, I couldn't spot any further
checks on the POST input you're processing [the "site", "page", "thread"
variables etc.].)
Kaspar
[1] http://wiki.apache.org/httpd/DocsCommentSystem?action=diff&rev1=6&rev2=7
