On 08.07.2012 22:33, Daniel Gruno wrote: > [ ] +1: Adopt the comments.a.o system in the 2.2 and 2.4 branch of docs > [ ] 0: I don't care > [ ] -1: Don't adopt the system, because....
Thanks for enduring your work on this - glad to see that it has become comments.a.o. in the meantime! I'm in favor of enabling it for 2.2/2.4, generally speaking, but am having some concerns with regard to the proposed approval policy: it changed from the "Comments will be moderated by appointed moderators" to "Comments will, in general, be allowed through without pre-approval. Comments with hyperlinks in them will require approval from a moderator before they are shown on the site" [1]. Auto-approval of comments makes me feel somewhat uneasy - on the one hand, there's the risk of inappropriate/incorrect content appearing on httpd.apache.org and going unnoticed for some time, and on the other hand, this means that input validation ("Name" and "Comment" fields in particular) has to be very tight... is http://c.apaste.info/source/add_comment.lua the current version of the code which validates the input? (If so, it's e.g. missing checks for https URIs, and at least at first sight, I couldn't spot any further checks on the POST input you're processing [the "site", "page", "thread" variables etc.].) Kaspar [1] http://wiki.apache.org/httpd/DocsCommentSystem?action=diff&rev1=6&rev2=7