Commit Graph

510 Commits (master)

Author SHA1 Message Date
Simon McVittie 62890d911a cannot reproduce new bug 2019-09-29 18:43:30 +01:00
Amitai Schleier e642784901 Fix inverted footnote config with MultiMarkdown.
Bug spotted and fix from Giuseppe Bilotta <giuseppe.bilotta@gmail.com>.

Extend mdwn tests to cover MultiMarkdown, where applicable.
2019-09-04 19:01:28 -04:00
Simon McVittie d283e4ca1a useragent: Automatically choose whether to use LWPx::ParanoidAgent
The simple implementation of this, which I'd prefer to use, would be:
if we can import LWPx::ParanoidAgent, use it; otherwise, use
LWP::UserAgent.

However, aggregate has historically worked with proxies, and
LWPx::ParanoidAgent quite reasonably refuses to work with proxies
(because it can't know whether those proxies are going to do the same
filtering that LWPx::ParanoidAgent would).

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-26 22:21:27 +00:00
Simon McVittie 67543ce1d6 useragent: Don't allow non-HTTP protocols to be used
This prevents the aggregate plugin from being used to read the contents
of local files via file:/// URLs.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-26 21:44:07 +00:00
Simon McVittie 824cf7db1b po: Always filter .po files
The input to filter hooks is meant to be the content of a source file
on disk. If we only filter once per (page, destpage) pair, and a page
is inlined into the same destpage more than once, then the second
occurrence will render as the result of htmlizing .po source as if
it was Markdown (or whatever the type of the corresponding master page
is), which is never going to end well.

The alreadyfiltered mechanism was added in commit 1e874b3f to avoid
preprocessing loops, but I'm not sure where it could lead to a loop:
filter hooks are only called from IkiWiki::filter, which is only called
on page content from disk or on proposed content being previewed.
According to <https://bugs.debian.org/911356#41>, deleting the
alreadyfiltered mechanism resolves the problem, as well as simplifying
the code.

Closes: #911356
Tested-by: intrigeri
2019-02-24 17:23:34 +00:00
Simon McVittie 278678b42f comments.t: Assert that comments get permalink metadata
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 16:18:18 +00:00
Simon McVittie 4ac930380b comments.t: Exercise post-2009 comment naming
Since commit 6af6c89d, comments are in files whose names contain a hash.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 16:18:18 +00:00
Simon McVittie 4ba3c11592 git-cgi.t: Exercise an alphanumeric, but non-ASCII, root page
My previous attempt to reproduce this bug used a non-alphanumeric
ASCII character. This is not currently considered to be a valid
value for rootpage, although for a "do what I mean" approach, perhaps
we should accept it and pass it through titlepage() or linkpage().

Using Chinese characters (which are considered to match [[:alnum:]]
even though the Chinese script is not, strictly speaking, an alphabet),
as in the original bug report, reproduces the bug.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 13:27:00 +00:00
Simon McVittie 67c7542672 t: Exercise Chinese and Cyrillic page titles
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 13:07:01 +00:00
Simon McVittie 15ddbb1c70 trail: Allow unescaped punctuation in pagenames
By processing the pagenames through linkpage, we let users specify
page names that contain non-alphanumerics in a more natural way.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 12:52:42 +00:00
Simon McVittie fae4cce06a trail.t: Exercise numeric escapes in pagenames parameter
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 12:49:05 +00:00
Simon McVittie 9d1c88adf8 linkpage.t: Assert we can link to pages with literal underscore
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 12:49:05 +00:00
Simon McVittie 2bde54c9dc t: Consistently remove temp directory before testing, not after
When a test fails, it's useful to be able to inspect the output.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 12:34:46 +00:00
Simon McVittie 73cfa618b4 pagetitle.t, linkpage.t, titlepage.t: Exercise Unicode more
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-03 12:10:50 +00:00
Simon McVittie db54e632f4 Add a simple test for non-ASCII in tables
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-01-31 20:37:07 +00:00
Simon McVittie 2bd72cd0e0 git-cgi.t: Add a failing test for a blog with a non-ASCII rootpage
This is one of several possible bug reports on
"doc/bugs/About %2F problem" (I'm not sure what the actual bug being
reported is).

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-01-31 20:37:06 +00:00
Simon McVittie 9c0694b14c git-cgi.t: Add a simple test for blog posts from a root page
This is the working base case for "doc/bugs/About %2F problem".

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-01-31 20:37:06 +00:00
Simon McVittie a10d86bbae git-cgi.t: Print query string as a TAP diagnostic
Signed-off-by: Simon McVittie <smcv@debian.org>
2019-01-31 20:37:06 +00:00
Simon McVittie 8b47046fde po: Improve test coverage
Signed-off-by: Simon McVittie <smcv@debian.org>
2018-12-01 19:30:12 +00:00
Simon McVittie 8503e57916 po: Add failing test for Debian bug #911356
Signed-off-by: Simon McVittie <smcv@debian.org>
2018-12-01 13:56:34 +00:00
Simon McVittie 55cf1f9d9d meta test: Assert that malformed dates are rejected
Signed-off-by: Simon McVittie <smcv@debian.org>
2018-03-21 09:33:04 +00:00
Simon McVittie 3a640455cc meta test: Use syntactically valid dates
I'm about to make invalid dates like 12345 be an error.

Signed-off-by: Simon McVittie <smcv@debian.org>
2018-03-21 09:33:04 +00:00
Simon McVittie f17ed8b1be not-truncated.t: Work correctly as an installed-test
Signed-off-by: Simon McVittie <smcv@debian.org>
2018-03-09 11:24:41 +00:00
Simon McVittie 352d34fb2e Add a test asserting that no plugin is an empty file
I'm still not completely sure how it happened, and I can't reproduce
it myself, but in the Debian build of ikiwiki 3.20180105, wikitext.pm
ended up empty. The build fixes in commits 3aacac3b, efcbeaa0,
b32480f0 hopefully fixed this.

Signed-off-by: Simon McVittie <smcv@debian.org>
2018-03-09 09:12:19 +00:00
Simon McVittie e3279c8b50 mdwn: Automatically detect which libdiscount flags to use
Unconditionally passing arbitrary numbers as flags turns out to be a
bad idea, because some of the "unused" values have historically had
side-effects internal to libdiscount. Detect whether the known flags
work by rendering short Markdown snippets the first time we htmlize,
checking whether each known flag is both necessary and sufficient.

Signed-off-by: Simon McVittie <smcv@debian.org>
2018-03-08 23:36:31 +00:00
http://thm.id.fedoraproject.org/ 7253137b31 rst test: Probe for docutils Python 3 module, not Python 2 2018-03-04 10:56:18 +00:00
Simon McVittie 379d763a21 img test: Exercise a format that is uncommon on the web (BMP)
Signed-off-by: Simon McVittie <smcv@debian.org>
2018-02-28 09:56:08 +00:00
Simon McVittie f446e7ca5f img test: Don't rely on using an empty ImageMagick coder name
This used to work, but has been interpreted as a literal part of
the filename since ImageMagick 6.9.8-3. In newer versions, there does
not seem to be any way to indicate that a filename containing ':' is
to be taken literally without first knowing the decoder to use.

Signed-off-by: Simon McVittie <smcv@debian.org>
2018-02-28 09:56:07 +00:00
Simon McVittie aa02f160cc t/wellformed: Rebuild the docwiki, not everything 2018-01-29 22:35:29 +00:00
Simon McVittie 4126840f8d t: Accept optional file:// prefix on W3m-control 2018-01-29 22:35:29 +00:00
Simon McVittie a147f5349d Don't send relative redirect URLs when behind a reverse proxy 2018-01-08 10:56:12 +00:00
Simon McVittie 263f27c774 t/relativity.t: Add tests for IkiWiki::redirect behaviour
This reproduces [[bugs/cgi_redirecting_to_non-https_URL]].
2018-01-08 10:09:05 +00:00
Joey Hess 9ff9088636
Remove openid provider icons from login selector
Remove openid provider icons from login selector, since openid providers
are increasingly not working. Verisign retired theirs, and aol and
yahoo/flickr are not commonly used for openid. Any users who still  clicked
those icons to login will need to instead enter their openid url.

This commit was sponsored by andrea rota.
2018-01-05 12:27:46 -04:00
Simon McVittie 6e5f320ab8 t/git-untrusted.t: Fix redundant declaration
Signed-off-by: Simon McVittie <smcv@debian.org>
2017-10-01 16:24:48 +01:00
Simon McVittie 76fe7432fb t/git-untrusted.t: New test case for untrusted pushes
This also exercises the typical centralized git repository workflow,
where changes flow from a non-bare clone (for example on a laptop)
to a centralized bare repository, then from the centralized bare
repository to a non-bare clone that is ikiwiki's srcdir.

Signed-off-by: Simon McVittie <smcv@debian.org>
2017-10-01 13:21:56 +01:00
intrigeri 948bc22ae4 t/img.t: test determinism of PNG resizing. 2017-09-01 19:25:44 +00:00
Simon McVittie 4ace7dbb75 t/img.t: Give better diagnostics if we can't load an image 2017-06-22 15:16:07 +01:00
Simon McVittie afdf8c0a8c color, toc: Fix `make test` 2017-05-16 12:08:55 +01:00
Simon McVittie 01f2a84360 color: Use markup for the preserved CSS, not character data
This still smuggles it past the sanitize step, but avoids having
other plugins that want to capture text content without markup
(notably toc) see the CSS as if it was text content.
2017-05-16 12:08:55 +01:00
Simon McVittie 49de9594b7 color: Add a unit test 2017-05-16 12:08:54 +01:00
Simon McVittie 77df914b3a Add a simple unit test for [[!toc]] 2017-05-16 08:55:24 +01:00
Simon McVittie 1b4571acd5 Add a test-case for Markdown options 2017-05-16 08:25:53 +01:00
Simon McVittie 8b5c729b8b t/git-cgi.t: Wait 1 second before doing a revert that should succeed
This hopefully fixes a race condition in which the test failed
around 6% of the time.

If we don't wait, the mtime (which is rounded down to 1 second precision
in the APIs we use) will not necessarily change, so the update will not
necessarily cause the page to be refreshed.

Bug-Debian: https://bugs.debian.org/862494
2017-05-14 15:35:52 +01:00
Simon McVittie 3964787238 t/passwordauth.t: new automated test for passwordauth
In particular this includes an exploit for OVE-20170111-0001.

(cherry picked from commit fbe207212b1f4a395dc297fb274ef07afd7d68f3)
2017-01-11 18:11:06 +00:00
Simon McVittie ca1b06d599 git-cgi.t: when committing directly, make sure we have a valid author
In the environment used on ci.debian.net, we have neither a name nor
an email address.
2017-01-09 13:07:24 +00:00
Simon McVittie 62c9df6721 t/git-cgi.t: fix race condition
We need the changes to take place at least 1 second after the first
rebuild, so that the changed files are seen to have changed.
2017-01-09 13:07:24 +00:00
Simon McVittie 29b91c970b git: Add test coverage for reverting attachments 2016-12-28 21:32:13 +00:00
Simon McVittie ad04dac19b Add automated test for using the CGI with git, including CVE-2016-10026 2016-12-28 21:32:12 +00:00
Simon McVittie 7c34df633d git_revert test: reinstate ikiwiki.setup, and make it work uninstalled
Previously it was relying on running with an installed ikiwiki
and being able to copy in recentchanges.mdwn and wikiicons/ from the
underlay in /usr. The underlay in ./underlays/basewiki can't be used
(yet) because ikiwiki doesn't allow following symlinks, even from
underlays.

I'd like to make ikiwiki follow symlinks whose destinations can be
verified to be safe (for example making it willing to expose
/usr/share/javascript to the web, but not /etc/passwd), at least from
underlays, but this is security-sensitive so I'm not going to rush
into it.
2016-12-28 21:32:11 +00:00
Simon McVittie da395ac33c Add a manual test for reverting git commits
Signed-off-by: Simon McVittie <smcv@debian.org>
2016-12-19 18:21:07 +00:00