urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

misc changes

master
joey 2006-08-05 21:15:50 +00:00
parent 7a05087f47
commit 2ea8fbe2d9
5 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
IkiWiki/Plugin/aggregate.pm
View File

@ -98,7 +98,7 @@ sub preprocess (@) { #{{{
return "<a href=\"".$feed->{url}."\">".$feed->{name}."</a>: ".
"<i>".$feed->{message}."</i> (".$feed->{numposts}.
" stored posts; ".$feed->{newposts}." new)<br />";
" stored posts; ".$feed->{newposts}." new)";
} # }}}
sub delete (@) { #{{{

1
basewiki/style.css
View File

@ -3,6 +3,7 @@
font-size: 22px;
font-weight: bold;
line-height: 1em;
display: block;
}
.author {

3
debian/changelog vendored
View File

@ -6,8 +6,9 @@ ikiwiki (1.17) UNRELEASED; urgency=low
* Turn on HTML::Template loop_context_vars; not actually used in stock
templates but can be useful for things like making comma-delimited lists
of tags or what have you.
* Remove <br> from end of aggregate preprocessor directive output.
-- Joey Hess <joeyh@debian.org> Fri, 4 Aug 2006 23:04:12 -0400
-- Joey Hess <joeyh@debian.org> Sat, 5 Aug 2006 17:15:12 -0400
ikiwiki (1.16) unstable; urgency=low

1
doc/ikiwikiusers.mdwn
View File

@ -16,6 +16,7 @@ Sites that are using ikiwiki include:
* Kelly Clowers' [personal website](http://www.clowersnet.net/)
* Anna's [nature features](http://kitenet.net/~anna/nature-feature/)
* [Planet Debian upstream](http://updo.kitenet.net/)
* Roland Mas's [blog](http://roland.entierement.nu/categories/geek-en.html)
Please feel free to add your own ikiwiki site!

17
doc/security.mdwn
View File

@ -18,14 +18,6 @@ Anyone with direct commit access can forge "web commit from foo" and
make it appear on [[RecentChanges]] like foo committed. One way to avoid
this would be to limit web commits to those done by a certian user.
## XML::Parser
XML::Parser is used by the aggregation plugin, and has some security holes
that are still open in Debian unstable as of this writing. #378411 does not
seem to affect our use, since the data is not encoded as utf-8 at that
point. #378412 could affect us, although it doesn't seem very exploitable.
It has a simple fix, which should be NMUed or something..
## other stuff to look at
I need to audit the git backend a bit, and have been meaning to
@ -246,3 +238,12 @@ have come just before yours, by forging svn log output. This was
guarded against by using svn log --xml.
ikiwiki escapes any html in svn commit logs to prevent other mischief.
## XML::Parser
XML::Parser is used by the aggregation plugin, and has some security holes.
#[378411](http://bugs.debian.org/378411) does not
seem to affect our use, since the data is not encoded as utf-8 at that
point. #[378412](http://bugs.debian.org/378412) could affect us, although it
doesn't seem very exploitable. It has a simple fix, and has been fixed in
Debian unstable.