Comments on
I finally bit the bullet, and finished the comments code I had been writing for my blog; it should technically allow for comments again.
My system is fairly simple, really: All HTML is allowed, but all
comments are also moderated; and there's no preview
option. The
idea of that is to prevent cross-site-scripting.
However, there's an issue. I've enabled apache's MultiViews option (a.k.a., Content Negotiation) and am not using any file name extensions, so that a client can send a request like GET /foo HTTP/1.1 and get the output from /foo.php, which I think looks a lot saner; it also allows me to provide multiple versions of the same file. When I use Konqueror, it works perfectly. But when I use Mozilla Firefox on my blog, rather than getting the PHP file's output, it receives the RSS file.
There's something going wrong there. I've been looking for a fair while yesterday night to find out how to tell apache that no, an RSS file is not useful to serve as main content, but I've thus far been unsuccessful.
Hints are certainly welcome (and if you want to try my comments system, it could use some testing
While I'm at it: in response to some criticism of my website, I've also changed some php.ini setting, so that PHP should allow for non-cookie sessions. Let me know if it works (but if it doesn't, I don't see many more options, and you'll have to live with it).