I wanted to apprise you of a few updates to the Comments behaviors.

• Revision 15:
  • Turned all create! calls into create, so posting a comment should fail more quietly.
  • Added a modifier to r:comments:count that requires comments to be published to be included in the count
• Revision 16:
  • Removed CGI.escape_html in favor of global string substitutions that convert angle-brackets to their corresponding character entities.

There’s been some big discussion about creating a plugin system. Be aware that these behaviors will change drastically in this new plugin system, perhaps even disappear as we know them. I’ll do my best to make the transition as easy for you as possible. Please keep me updated on how you’re using Commentable and what changes it might need.

John Long, the creator of Radiant, recently invited me to post on the RadiantCMS blog since I have been helpful to people on the mailing list. Officially I write the “How To” column, but I have no intention of losing (or gaining) a guy in 10 days. Just in case you were wondering.

First of all, I want to give a BIG Thank You to the Radiant community. You guys are awesome!

• J. Coppedge – for finding my typographical error resulting in an unclosed tag.
• J. Van Stonecypher – for contributing Akismet code adapted from Typo that I was able to integrate easily, with only a few modifications.

Which brings me to my next item of business. I have tagged/frozen revision 6 (which includes the typographical fix) into tags/comments_behaviors-0.1.3. Upcoming HEAD revisions will technically be incompatible with those previous because I have added Van’s Akismet code. Why 0.1.3, you ask? Because I can!

With these changes and updates, I have added, almost out of necessity and my personal frustration, the ability to set your comments configuration site-wide. That is, you can set a constant in config/environment.rb that will affect the defaults for every page that you make Commentable. For instance, if I wanted all comments to start in Draft state, use the Markdown filter, and be verified with my Akismet key, I’d put something like this at the bottom of environment.rb:

COMMENTS_CONFIG = {
  :status => 1,
  :filter => "Markdown",
  :akismet_key => "myakismetkey" }

As so much has changed and improved with the Behaviors in the last week, I have realized what an egregious lack of tests there are for this code (i.e. none). As a pathetic plea to the community, I would appreciate some hints on how to create proper tests for the code. In the meantime, I will be investigating the tests associated with the built-in Behaviors.

Couple of notes from today about the Commentable/CommentBucket behaviors.

• The code was moved to Subversion. You may get it in all the usual ways, including svn co and script/plugin install.
• Make sure you have the latest from SVN. I went through a couple of iterations today that were just borked, including ones that screwed things up royally. I’m not sure what broke the r:parent tag plugin that I had installed, but it quit working. Be forewarned that it could get ugly. The bugfixes and updates include:
  • Problems with the status field in the config part—now you must specify an integer or the default is “Draft” (1). Maybe in the future I’ll allow text for this field, but it was getting messy trying to futz around with type conversion.
  • The local var comments in Commentable.process was potentially uninitialized. I fixed this although it was highly unlikely that the offending referent code would be reached in a state where comments was not initialized.
  • Because Radiant already includes title and date for tags pages, I thought I’d make use of them instead of re-implementing them. What this means is that those fields do not come auto-wrapped in a span.
• Nolan commented that CAPTCHA is not kind to blind users and some other algorithm, i.e. spam filtering, should be used instead. PDI The interim solution, of course, is to set the default status to “Draft” or 1 in the config part. However, until spam becomes a major problem on my site, I’m leaving it wide open. I reserve the right to remove any comments that are clearly spam.

A long, long time ago in a galaxy far, far away...

COMMENTS WARS

In all seriousness, this post is to officially announce my Luke and Leia, Commentable and CommentBucket, the behaviors that drive my implementation of user-submitted comments for RadiantCMS. As a teaser, here's how I made it look on my testing platform, which is the "Styled Blog" that comes with Radiant.

Now, to satiate your curiosity, you can download the behaviors as a zip file. I haven't put it on a Subversion repository yet, although I'll probably figure out TextDrive's svn and put it up later. In the meantime...

Commentable/CommentBucket HowTo

To use the Commentable/CommentBucket behavior, first download the files and place all three .rb files in your [RADIANT_HOME]/app/behaviors directory. If Radiant is running, restart it.

Load the admin interface. For a page that you wish to have comments, set the behavior to Commentable. Now your page can receive comments once you add the proper tags. I recommend putting the tags into a snippet and including that snippet in your page via a layout or another part. A layout is probably best because you don't have to type it each time. Here's the snippet I used for the screenshot above (not everything is in the screenshot of course).

<r:comments>
  <h4>Comments</h4>
  <r:each>
    <span class="comment-title"><r:title /></span>

    <r:name />
    <r:body />
  </r:each>
  <r:form />
</r:comments>

Here's the CSS styles I used with the above snippet.

.comment-name { 
  color: #ccc;
  font-size: 125%;
}
.comment-title {
  color: #036;
  font-size: 125%;
}
.comment-body {
  display: block;
  color: black;
  font-size: 90%;
  padding: 5px;
}
#comments-form-header, h4 { 
  font-size: 150%; 
  color: #999; 
  border-bottom: 1px dotted #999; 
  margin-bottom: 0.5em;
}
#comments-form-header { 
  display: block; 
}
form span { 
  display: block; 
  margin: 5px; 
}
form label { 
  float: left; 
  width: 20%; 
  text-align: right; 
  padding-right: 1%; 
}
#comments-form-submit { 
  padding-left: 20%; 
}

For more information about what each tag does (although I think they're pretty self-explanatory), please look at commentable_behavior.rb.

Security

All information passed into the behaviors is HTML-escaped to avoid XSS and other nastiness. You can, however, allow any filter available to RadiantCMS on the text via the "config" part. You may also set the initial state of new comments through the "config" part (look at app/models/status.rb for clues on what number to use). Here's a sample:

  status: 100
  filter: Textile

This will make all new comments published immediately, and their message bodies filtered with Textile. Make sure to set this information BEFORE the first comment is posted, otherwise, it will have to be modified in the "Comments" child.

But what about CAPTCHAs?

For this initial release, I didn't include any CAPTCHA, although that is high on my list. I primarily chose not to because

1. Not everyone has the captcha gem. I can't test the gem on win32 anyway. It's also poorly maintained (sorry Jamis!).
2. The validates-captcha plugin doesn't do exactly what I need.
3. I couldn't find any good, reliable, secure algorithms for generating a CAPTCHA with RMagick.

I'd love it if someone can point me to a good algorithm that works with RMagick. In the meantime, we'll have to do without CAPTCHA.

Legal junk

As with any software I have released, I didn't attach a license. I'd appreciate you letting me know when you make any enhancements or squash any bugs. That's all!

Tada!

As a gesture of goodwill to you, my fellow citizens, I have enabled comments on this page. Please contact me or leave a comment if you experience trouble with the plugin or my page. Thanks!