diff options
Diffstat (limited to '')
-rw-r--r-- | _data/comments.json | 26 | ||||
-rw-r--r-- | _data/comments.yml | 20 | ||||
-rw-r--r-- | _data/lang.yml | 4 | ||||
-rw-r--r-- | _includes/commentreplyform.html | 18 | ||||
-rw-r--r-- | _includes/commentsthread.html | 47 | ||||
l--------- | _includes/main.js | 1 | ||||
l--------- | _includes/main.scss | 1 | ||||
-rw-r--r-- | _layouts/default.html | 9 | ||||
-rw-r--r-- | _layouts/post.html | 21 | ||||
-rw-r--r-- | _sass/main.scss | 31 | ||||
-rw-r--r-- | api/c/Makefile (renamed from api/Makefile) | 1 | ||||
-rwxr-xr-x | api/c/api (renamed from api/api) | bin | 17992 -> 17992 bytes | |||
-rw-r--r-- | api/c/api.c (renamed from api/api.c) | 0 | ||||
-rw-r--r-- | api/c/urlcode.c (renamed from api/urlcode.c) | 0 | ||||
-rw-r--r-- | api/php/api.php | 60 | ||||
-rw-r--r-- | assets/js/main.js | 3 |
16 files changed, 173 insertions, 69 deletions
diff --git a/_data/comments.json b/_data/comments.json deleted file mode 100644 index 037f8c4..0000000 --- a/_data/comments.json +++ /dev/null @@ -1,26 +0,0 @@ -[ - { - "author": "Anton Luka Šijanec", - "date": "2020-11-09 22:09:00", - "message": "### komentar\nTo je testiranje funkcije komentiranja. ![foo](bar) <script>alert(1);</script>", - "parent": "post|/blog/test/2020/11/06/druga-objava.html" - }, - { - "author": "Anton Luka Šijanec", - "date": "2020-11-09 22:10:00", - "message": "drugi kometar", - "parent": "comment|Anton Luka Šijanec|2020-11-09 22:09:00" - }, - { - "author": "Anton Luka Šijanec", - "date": "2020-11-10 11:28:00", - "message": "tretji kometar", - "parent": "comment|Anton Luka Šijanec|2020-11-09 22:09:00" - }, - { - "author": "Anton Luka Šijanec", - "date": "2020-11-10 11:29:00", - "message": "četrti kometar", - "parent": "comment|Anton Luka Šijanec|2020-11-09 22:10:00" - } -] diff --git a/_data/comments.yml b/_data/comments.yml new file mode 100644 index 0000000..749a3a9 --- /dev/null +++ b/_data/comments.yml @@ -0,0 +1,20 @@ +- author: "Anton Luka Šijanec" + date: "2020-11-09 22:09:00" + message: "### komentar\nTo je testiranje funkcije komentiranja. ![foo](bar) <script>alert(1);</script>" + parent: "post|/blog/test/2020/11/06/druga-objava.html" + nonce: "a" +- author: "Anton Luka Šijanec" + date: "2020-11-09 22:10:00" + message: "drugi kometar" + parent: "comment|a" + nonce: "b" +- author: "Anton Luka Šijanec" + date: "2020-11-10 11:28:00" + message: "tretji kometar" + parent: "comment|a" + nonce: "c" +- author: "Anton Luka Šijanec" + date: "2020-11-10 11:29:00" + message: "četrti kometar" + parent: "comment|b" + nonce: "d" diff --git a/_data/lang.yml b/_data/lang.yml new file mode 100644 index 0000000..b077785 --- /dev/null +++ b/_data/lang.yml @@ -0,0 +1,4 @@ +comment: + taplaceholder: "Vpišite besedilo komentarja (markdown omogočen)." +basic: + nepodpiraiframe: "Vaš brskalnik ne podpira iframe elementa, ki je potreben za vpogled v status oddaje komentarja." diff --git a/_includes/commentreplyform.html b/_includes/commentreplyform.html new file mode 100644 index 0000000..99ffaf3 --- /dev/null +++ b/_includes/commentreplyform.html @@ -0,0 +1,18 @@ +{% comment %} + argv: thisid,uid + return: html form + langstrings used: comment.taplaceholder, basic.nepodpiraiframe +{% endcomment %} +{% capture return %} + <form target=comstatus{{ argv[1] }} action=/api?m=commentreply method=POST class=commentform > + <input type=text name=vzdevek placeholder="Vzdevek pošiljatelja" /> + <input type=submit name=submit value=Objavi! /> + <textarea placeholder="{{ site.data.lang.comment.taplaceholder }}" name=message ></textarea> + {% comment %} + assign thisid = "comment|" | append: comment.author | append: "|" | append: comment.date <!-- rajši imamo xss-safe nonce !!! thisid se generira prej --> + {% endcomment %} + <input type=hidden name=parent value="{{ argv[0] | replace: '"', """ }}" /> + <input type=hidden name=is-submitter-human value=true /> + <iframe id=comstatus{{ argv[1] }}>{{ site.data.lang.basic.nepodpiraiframe }}</iframe> + </form> +{% endcapture %} diff --git a/_includes/commentsthread.html b/_includes/commentsthread.html index 84647f7..2e1119a 100644 --- a/_includes/commentsthread.html +++ b/_includes/commentsthread.html @@ -1,10 +1,7 @@ {% comment %} argv: id_of_object_whose_posts_you_want,__isinathread - return: nothing. outputs html directly. + return: next UID. outputs html directly. {% endcomment %} -{% capture taplaceholder %}Vpišite besedilo komentarja (markdown omogočen). -POMEMBNO: Zaradi tehničnih razlogov (veriga blokov) dokončen izbris komentarja (niti vzdevka avtorja) iz Interneta ni mogoč!{% endcapture %} -{% capture nepodpiraiframe %}Vaš brskalnik ne podpira <pre>iframe</pre> elementa, ki je potreben za vpogled v status oddaje komentarja.{% endcapture %} {% capture editnotice %} Komentar lahko uredi samo tisti, ki ga je napisal. Komentar uredite v brskalniku, v katerem ste ga napisali. Bodisi piškotek bodisi IP naslov mora biti enak prejšnji oddaji komentarja. Če se objavo uredi še naslednjič, se to lahko stori iz katerega koli IP naslova in piškotka, ki se je uporabil pri predhodnih urejanjih.{% endcapture %} {% assign comments = site.data.comments | where: "parent", argv[0] %} @@ -27,7 +24,8 @@ Komentar lahko uredi samo tisti, ki ga je napisal. Komentar uredite v brskalniku V {{ return }} je {{ comment.author || replace: "<", "<" }} komentiral: </small> <p> - {{ comment.message | replace: "<", "<" | replace: "!", "!" | markdownify }} + {% assign safemsg = comment.message | replace: "<", "<" | replace: "!", "!" %} + {{ safemsg | markdownify }} </p> <small class=dimmedtext> <a href="mailto:anton@sijanec.eu?subject=Prijava%20neprimernega%20komentarja%20na%20blogu."> @@ -38,36 +36,25 @@ Komentar lahko uredi samo tisti, ki ga je napisal. Komentar uredite v brskalniku <a> odgovori</a> </label> - <input type=checkbox id=checkbox{{ uid }} class=commentreplycheckbox > - <div hidden=hidden class=commentform> - <!-- - <form target=comstatus{{ uid }} action=/api?m=commentreply type=POST> - <input type=text name=vzdevek placeholder="Vzdevek pošiljatelja" /> - <input type=submit value=Objavi! /> - <textarea placeholder="{{ taplaceholder }}" name=message ></textarea> - {% assign thisid = "comment|" | append: comment.author | append: "|" | append: comment.date %} - <input type=hidden name=parent value="{{ thisid | replace: '"', """ }}" /> - <iframe id=comstatus{{ uid }}>{{ nepodpiraiframe }}</iframe> - </form> - --> - Objavljanje komentarjev še ni izdelano. + <input type=checkbox id=checkbox{{ uid }} class=showhide-checkbox > + <div class=showhide-hiddenelement> + {% assign thisid = "comment|" | append: comment.nonce %} + {% assign argv = thisid | append: "," | append: uid | split: "," %} + {% include commentreplyform.html %} {{ return }} </div> | <label for=edit{{ uid }}> <a>uredi</a> </label> - <input type=checkbox id=edit{{ uid }} class=commentreplycheckbox > - <div class=commentform > - <!-- - <form action=POST action=/api?m=commentedit target=editstatus{{ uid }} > - <input type=text name=vzdevek value="{{ comment.author | replace: '"', """ }}" /> - <input type=submit value=Uredi! /> - <textarea placeholder="{{ taplaceholder }}{{editnotice}}" name=message ></textarea> - <input type=hidden name=commentid value="{{ thisid | replace: '"', '"' }}"/> - <iframe id=editstatus{{ uid }} >{{ nepodpiraiframe }}</iframe> - </form> - --> - Urejanje komentarjev še ni izdelano. + <input type=checkbox id=edit{{ uid }} class=showhide-checkbox > + <div class=showhide-hiddenelement > + <form class=commentform method=POST action=/api?m=commentedit target=editstatus{{ uid }} > + <input type=text name=vzdevek value="{{ comment.author | replace: '&', "&" | replace: '"', """ }}" /> + <input type=submit value=Uredi! /> + <textarea placeholder="{{ taplaceholder }}{{ editnotice }}" name=message >{{ safemsg | replace: "!", "!" }}</textarea> + <input type=hidden name=commentid value="{{ thisid | replace: '"', '"' }}"/> + <iframe id=editstatus{{ uid }} >{{ nepodpiraiframe }}</iframe> + </form> </div> </small> {% assign argv = "true" | split: "," %} diff --git a/_includes/main.js b/_includes/main.js new file mode 120000 index 0000000..9f673d3 --- /dev/null +++ b/_includes/main.js @@ -0,0 +1 @@ +../assets/js/main.js
\ No newline at end of file diff --git a/_includes/main.scss b/_includes/main.scss new file mode 120000 index 0000000..a47427a --- /dev/null +++ b/_includes/main.scss @@ -0,0 +1 @@ +../_sass/main.scss
\ No newline at end of file diff --git a/_layouts/default.html b/_layouts/default.html index e85e731..8611085 100644 --- a/_layouts/default.html +++ b/_layouts/default.html @@ -5,7 +5,11 @@ <title> {{ page.title }} :: {{ site.name }} </title> - <link rel=stylesheet href=/assets/css/styles.css /> + <!-- <link rel=stylesheet href=/assets/css/styles.css /> --> + {% capture mainscss %} + {% include main.scss %} + {% endcapture %} + <style>{{ mainscss | scssify }}</style> <link rel=alternate hreflang=sl type=application/rss+xml href=/feed.xml /> <meta name=viewport content="width=device-width,initial-scale=1.0" /> <link rel="shortcut icon" type=image/x-icon href=/favicon.ico /> @@ -19,6 +23,7 @@ {% include navigation.html %} {{ content }} {% include footer.html %} - <script src=/assets/js/main.js ></script> + <!-- <script src=/assets/js/main.js ></script> --> + <script>{% include main.js %}</script> </body> </html> diff --git a/_layouts/post.html b/_layouts/post.html index a2b42bd..8ef9181 100644 --- a/_layouts/post.html +++ b/_layouts/post.html @@ -54,12 +54,27 @@ layout: default {% assign postid = "post|" | append: page.url %} {% assign argv = argv | unshift: postid %} <!-- unshift doda na zač. arraya --> {% capture commentsthreadhtml %} - {% include commentsthread.html %} <!-- outputs html directly --> + {% include commentsthread.html %} <!-- outputs html directly and returns next uid / number of comments --> {% endcapture %} +{% assign totalcomments = return %} <h3> - {{ return }} - {% assign argv = ",komentarjev,komentar,komentarja,komentarji" | prepend: return | split: "," %} + {{ totalcomments }} + {% assign argv = ",komentarjev,komentar,komentarja,komentarji" | prepend: totalcomments | split: "," %} {% include slnum.html %} {{ return }} </h3> {{ commentsthreadhtml }} +<label for=checkbox{{ return }} > + <a> + napiši komentar na to objavo + </a> +</label> +<input type=checkbox class=showhide-checkbox id=checkbox{{ return }} /> +<div class=showhide-hiddenelement > + {% assign argv = "" | split: "," %} + {% assign postid = "post|" | append: page.url %} + {% assign argv = argv | unshift: totalcomments %} + {% assign argv = argv | unshift: postid %} <!-- unshift doda na za. arraya --> + {% include commentreplyform.html %} + {{ return }} +</div> diff --git a/_sass/main.scss b/_sass/main.scss index 3f10bf7..b88f35d 100644 --- a/_sass/main.scss +++ b/_sass/main.scss @@ -26,6 +26,19 @@ table, th, td, tr { a { text-decoration: underline; cursor: pointer; + color: blue; +} + +a:visited { + color: purple; +} + +a:hover { + color: darkblue; +} + +a:active { + color: lightblue; } /* comments begin */ @@ -48,31 +61,35 @@ a { background-color: lightgrey; } - .commentreplycheckbox { + .showhide-checkbox { display: none; } - .comment iframe, textarea { + .commentform iframe, .commentform textarea { width: 90%; margin-left: 5%; height: 7em } - .comment iframe { + .commentform iframe { height: 2em; } - .comment input[type=text] { + .commentform input[type=text] { margin-left: 5%; width: 75%; } - .commentform { + .showhide-hiddenelement { display: none; } - .commentreplycheckbox:checked + .commentform { - display: block; + .showhide-checkbox:checked + .showhide-hiddenelement { + display: block; /* such element is shown by default and hidden on click */ + } + + .showhide-checkbox:checked + .showhide-shownelement { + display: none; /* such element is hidden by default and shown on click */ } /* comments end */ diff --git a/api/Makefile b/api/c/Makefile index 7b8ab7d..5f4f70a 100644 --- a/api/Makefile +++ b/api/c/Makefile @@ -4,3 +4,4 @@ prepare: wget http://www.geekhideout.com/downloads/urlcode.c clean: rm urlencode.c api + Binary files differdiff --git a/api/urlcode.c b/api/c/urlcode.c index ecf34e1..ecf34e1 100644 --- a/api/urlcode.c +++ b/api/c/urlcode.c diff --git a/api/php/api.php b/api/php/api.php new file mode 100644 index 0000000..5c5ec82 --- /dev/null +++ b/api/php/api.php @@ -0,0 +1,60 @@ +<?php + // pisal bom v PHPju, ker se mi res ne da zajebavat s Cjem + switch ($_REQUEST["m"]) { + case "commentreply": + if (empty($_REQUEST['vzdevek'])) { + $vzdevek = "anonymous"; + } else { + $vzdevek = $_REQUEST['vzdevek']; + } + if (empty($_REQUESTT['message'])) { + http_response_code(400); + header("Content-Type: text/plain"); + exit("400: Napaka. Niste vnesli sporočila."); + } + if ($_REQUEST['submit'] != 'Objavi!') { + http_response_code(201); // he's obviously automating queries + header("Content-Type: text/plain"); + exit("201: Uspelo! Komentar objavljen."); // lies and deception + } + if (empty($_REQUEST['parent'])) { + http_response_code(400); + header("Content-Type: text/plain"); + exit("400: Napaka. V zahtevi ni določeno, na kaj odgovarjate."); + } + if (empty($_REQUEST["is-submitter-human"] != "true")) { + http_response_code(201); // he's obviously automating queries + header("Content-Type: text/plain"); + exit("201: Uspelo! Komentar objavljen."); // lies and deception + } + $sporocilo = $_REQUEST['message']; + $parent = $_REQUEST['parent']; + if (strlen($sporocilo) > 1024 || strlen($parent) > 7+1+256+1+19 || strlen($vzdevek) > 256) { + http_response_code(400); + header("Content-Type: text/plain"); + exit("400: Napaka. Preveč besedila - vzdevek je lahko dolg 256, sporočilo pa 1024 znakov."); + } + $datum = date("Y-m-d H:i:s"); + $cm = yaml_emit(array( + "author" => $vzdevek, + "date" => $datum, + "message" => $sporocilo, + "parent" => $parent, + "ip" => $_SERVER['REMOTE_ADDR'], + "addedby" => "PHP API 0.0.0", + "nonce" => hash('sha256', $vzdevek."|".$datum."|".random_bytes(69)) + )); + file_put_contents($commentsfile, $cm, FILE_APPEND); // pri append ni locka + break; + case "commentedit": + http_response_code(400); + header("Content-Type: text/plain"); + exit("400: Napaka. Urejanje komentarjev še ni izdelano. Napišite elektronsko sporočilo na anton+blog@sijanec.eu."); + break; + default: + http_response_code(400); + header("Content-Type: text/plain"); + exit("400: Napaka. Izbrali ste neobstoječo API metodo."); + break; + } +?> diff --git a/assets/js/main.js b/assets/js/main.js index 72d0b66..9a7bb1b 100644 --- a/assets/js/main.js +++ b/assets/js/main.js @@ -1,7 +1,8 @@ if (document.location.protocol != "https:" && ( window.location.hostname.endsWith("sijanec.eu") - || window.location.hostname.endsWith("šijanec.eu"))) { + || window.location.hostname.endsWith("šijanec.eu") + || window.location.hostname.endsWith("xn--ijanec-9jb.eu"))) { fetch("/?preveri-https").then((response)=>{ document.getElementById("ponudi-https").hidden = false; }).catch((error)=>{ |