Commit Graph

2302 Commits (08485ec444cf81015e39c52e6ce8e7b933a036f6)

Author SHA1 Message Date
Joey Hess edec9514f4 typo 2010-03-12 15:01:24 -05:00
Joey Hess 2ad3e60ee8 htmlscrubber: Security fix: In data:image/* uris, only allow a few whitelisted image types. No svg. 2010-03-12 14:50:26 -05:00
Joey Hess 45dfdcb257 search: Avoid '$' in the wikiname appearing unescaped on omega's query template, where it might crash omega.
Really, a more general fix, this deals with any $ that might appear on the
misctemplate.
2010-03-11 16:10:04 -05:00
Joey Hess ac3aac560f moderatedcomments: Added moderate_pagespec
* moderatedcomments: Added moderate_pagespec that can be used
  to control which users or comment locations are moderated.
  This can be used, just for example, to moderate http://myopenid.com/*
  if you're getting a lot of spammers from one particular openid
  provider (who should perhaps answer your emails about them),
  while not moderating other users.
* moderatedcomments: The moderate_users setting is deprecated. Instead,
  set moderate_pagespec to "!admin()" or "user(*)" instead.
2010-03-11 15:44:10 -05:00
Joey Hess 6eb71547dd typo 2010-03-09 19:55:50 -05:00
Joey Hess 6d27bbd026 Fix utf8 issues in calls to md5_hex.
This prevented comments containing some utf-8, including euro sign, from
being submitted. Since md5_hex is a C implementation, the string has to be
converted from perl's internal encoding to utf-8 when it is called. Some
utf-8 happened to work before, apparently by accident.

Note that this will change the checksums returned.

unique_comment_location is only used when posting comments, so the checksum
does not need to be stable there.

I only changed page_to_id for completeness; it is passed a comment page
name, and they can currently never contain utf-8.

In teximg, the bug could perhaps be triggered if the tex source contained
utf-8. If that happens, the checksum will change, and some extra work might
be performed on upgrade to rebuild the image.
2010-03-09 19:55:19 -05:00
Joey Hess 60d2dd318f Add new --clean option; this makes ikiwiki remove all built files in the destdir, as well as wrappers and the .ikiwiki directory. 2010-02-28 00:12:47 -05:00
Joey Hess 6aaa6e0d24 Fix admin openid detection in setup automator, and avoid prompting for a password. 2010-02-27 16:36:57 -05:00
Joey Hess a12c386c86 Add force_overwrite setting to make setup automator overwrite existing files/directories.
This can be useful if you're driving the setup automator from another
program.
2010-02-27 16:26:18 -05:00
Joey Hess 068e47aa45 catch failure to open the filetypes file 2010-02-24 20:28:52 -05:00
Joey Hess c21eb47e62 comments: Display number of comments in comment action link.
This was not doable before, but when I added transitive dependency handling
in the big dependency rewrite, it became possible to include a comment
count when inlining.

This also improves the action link when a page has no comments. It will
link direct to the cgi to allow posting the first comment. And if the page
is locked to prevent posting new comments, the link is no longer shown.
2010-02-14 19:11:18 -05:00
Joey Hess 9a0b9bdc88 minor refactor/optimisation 2010-02-14 18:09:28 -05:00
Joey Hess 34fff64e7b setup file ordering 2010-02-12 06:35:52 -05:00
Joey Hess 20ba12802b add section information 2010-02-12 04:22:15 -05:00
Joey Hess 805b3afff7 formatting sillyness 2010-02-12 04:09:57 -05:00
Joey Hess 73242f0890 remove unnecessary IkiWiki:: 2010-02-12 04:01:04 -05:00
Joey Hess 2d4b84e45f borders 2010-02-12 01:16:20 -05:00
Joey Hess 9cee2962e0 format plugin categorization 2010-02-12 01:10:36 -05:00
Joey Hess 0ea2f0936b add plugin section, and show which plugins need no configuration 2010-02-12 01:10:27 -05:00
Joey Hess 5b76fc824c reword 2010-02-12 00:22:00 -05:00
Joey Hess 18394f6ba9 improve websetup fieldset display
to handle sections
2010-02-12 00:21:12 -05:00
Joey Hess 8fdc238c8c fix websetup display of unsafe arrays in expert mode 2010-02-11 22:55:35 -05:00
Joey Hess a63929f6cc Group related plugins into sections in the setup file, and drop unused rcs plugins from the setup file. 2010-02-11 22:24:15 -05:00
Joey Hess 7af18f2a1e reorder canedit checks during page creation to have best_loc first
When creating a page, multiple locations are tested to see if they can be
edited. If all fail, one of the failure subs is called, to log the user in
to allow them to proceed with the edit. So far so good.

But, what if some pages fail for one reason, and some for another? This
occurs when httpauth_pagespec is used in conjunction with signinedit (and
openid or something). When the user is not signed in at all
The former will fail to edit a page because the user was not httpauthed.
The latter will fail to edit a different page, because the user was not
signed in. One of their failure methods gets to run first.

The page creation code always ran the failure method corresponding to the
topmost page location. So, when editing a foo/Discussion page, and with
httpauth_pagespec => "*!/Discussion", it ran the httpauth failure method,
which was exactly the wrong thing to do.

I fixed this by making it instead run the failure method for the *best*
page location. In the above example, that's foo/Discussion, so signinedit
runs, as desired, and we get the signin page.

This seems like it will be the right choice, or at least an acceptable
choice. If a user wants to use httpauth they can always choose it on the
signin page.
2010-02-11 20:13:30 -05:00
Joey Hess 6f1d623618 partially fix httpauth canedit hook
My logic was right before. Cleaned up some code.

(Page creation is still a problem.)

Also, I removed the Edit url munging, because that is not
necessary with the canedit hook, since canedit will handle
redirection through cgiauthurl if necessary.
2010-02-11 19:54:40 -05:00
Joey Hess e6678275a9 fix logic error 2010-02-11 18:32:07 -05:00
Joey Hess e11876b700 httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth. 2010-02-11 18:25:10 -05:00
Joey Hess 046095552a httpauth: When cgiauthurl is configured, httpauth can now be used alongside other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it. 2010-02-11 17:26:09 -05:00
Joey Hess f2d6d4f6b2 patch so far 2010-02-11 16:36:19 -05:00
Joey Hess a4ec579d1a amazon_s3: Fix to support the EU S3 datacenter, which is more picky about attempts to create already existing buckets. 2010-02-09 16:24:14 -05:00
Joey Hess 5a2de27947 Fix color and format plugins to appear in the websetup interface. 2010-02-06 16:25:39 -05:00
Joey Hess b384af237d opendiscussion: This plugin will also now allow posting comments
to otherwise locked-down sites.
2010-02-06 16:19:17 -05:00
Joey Hess e33a65719a ensure opendiscussion hook is always called before lockedit
This was only ordered ok due to luck before.
2010-02-06 16:12:29 -05:00
Joey Hess 1af8db763b revert accidental code change 2010-02-05 23:06:29 -05:00
Joey Hess 5541b06de4 response 2010-02-05 15:22:02 -05:00
Joey Hess 8380a9d000 factor out a userpage function
Not yet exported, as only 4 quite core plugins use it.
2010-02-04 18:24:15 -05:00
Joey Hess a2e78ebcf2 Add link to userpage (or creation link) to top of preferences page. 2010-02-04 15:30:41 -05:00
Joey Hess 68f7be91e5 typo 2010-02-04 15:10:55 -05:00
Joey Hess b547170a96 Improve display of openid in preferences page.
Now that openiduser is in IkiWiki core, it's ok to have passwordauth check
for it, and avoid displaying useless password fields when showing
preferences for an openid.

Also improved the styling of the display of the openid in the preferneces
page.
2010-02-04 15:07:10 -05:00
Joey Hess 345b40c652 Allow jumping directly into account registration process by going to ikiwiki.cgi?do=register 2010-02-04 14:51:56 -05:00
Joey Hess 49d8c5b821 setup automator: Configure Term::Readline to use bold for prompt, rather than default underline. Closes: #517656 2010-02-01 15:18:53 -05:00
Joey Hess f91d79f469 img: Fix a bug that could taint @links with undef values. 2010-01-28 21:07:23 -05:00
Joey Hess 73253d6925 template: Preprocess parameters before htmlizing.
Consider a template like:

[[!template type=note text="""
[[!inline pages="*foo*"]]
"""]]

The text parameter is htmlized before being passed into the template (in
case the template wraps it in a <span> that prevents markdown from
htmlizing it later).

But, when markdown sees "*foo*", it turns that into <em>foo</em>.
Later, when preprocessing the inline directive, that leads to suprising
results.

To fix this, I made template parameters be preprocessed (and filtered)
before being htmlized.

Note that I left in the preprocessing (and filtering) of the template
output at the end. That's still relevant when the template itself contains
preprocessor directives.
2010-01-26 22:33:46 -05:00
Joey Hess ee9ae0a314 po: avoid crash when page is empty
Note that there is an associated po4a warning when a page is empty:
  Use of uninitialized value $file in substitution (s///) at /usr/share/perl5/Locale/Po4a/Text.pm line 205.
I've filed a bug with po4a about that, but the important thing is fixing
the crash here.
2010-01-21 15:33:20 -05:00
Joey Hess 8bf2f5a31a handle git-notes breakage
The new git-notes feature in git 1.6.6 changes git log output in a way that
broke ikiwiki's parser if notes are added to commits.

I decided to deal with this by disabling notes when ikiwiki uses git,
by setting GIT_NOTES_REF="". AFAICS, looking up notes when dumping logs
will only waste time, since it does not currently seem to make sense for
ikiwiki to do anything with the notes.
2010-01-19 23:42:04 -05:00
Joey Hess ccf14b185e brace style and layout 2010-01-18 12:34:19 -05:00
Joey Hess 32472c02eb brace style 2010-01-18 12:33:25 -05:00
Joey Hess 461804a5e4 clarify error 2010-01-18 12:09:54 -05:00
Joey Hess 97bc5d8bca typos 2010-01-18 12:08:26 -05:00
Joey Hess 9dc5685de4 linkmap: Simplify and improve browser compatability by using an img, not object tag.
I noticed that chromium was not hyperlinking the areas in the object-based
linkmap, while img works ok. Dunno why, but img based is nicer anyway since
it is allowed right through the htmlscrubber with no workarounds.
2010-01-09 23:10:26 -05:00