13331e8243
bit on how inlinability isn't only bad
2014-10-19 17:48:47 -04:00
f49d15649f
Add link to the proposed wrapper generation patch
2014-10-19 17:37:46 -04:00
9a4fab05e0
initial description of signinview plugin
2014-10-19 17:07:15 -04:00
18f41b73da
more on caching behavior
2014-10-19 14:40:02 -04:00
bc509a3119
make formatting more consistent
2014-10-19 14:17:03 -04:00
623b428efe
discuss zoned-ikiwiki implementation approaches, including signinview plugin
2014-10-19 14:12:11 -04:00
c4493533b6
it helps to distinguish some use cases
2014-10-19 13:32:52 -04:00
60188d7280
also search
2014-10-19 13:13:07 -04:00
fea2ec0926
start fleshing out "things that make zoned ikiwiki hard"
2014-10-19 13:09:33 -04:00
f9fe7fd254
sign previous
2014-10-19 13:08:13 -04:00
9f04f8ccc5
Match word boundary (think "/usr/bin/perl5.18").
2014-10-19 13:07:34 -04:00
f47af2b8c4
2014-10-19 12:04:48 -04:00
1cfaacbfb5
[patch], patch
2014-10-19 12:04:02 -04:00
b9558ad3aa
Added a comment
2014-10-17 13:23:13 -04:00
305c91ccfb
Remove space from perl shebang path.
2014-10-17 09:05:00 -04:00
7a2446f798
Disambiguate myself a bit (like that's needed).
2014-10-16 21:51:18 -04:00
d9b1e10d72
reformat
2014-10-17 01:07:50 +01:00
04f9ce457f
news
2014-10-17 01:01:53 +01:00
d922b1897c
Merge remote-tracking branch 'refs/remotes/dgit/dgit/sid'
2014-10-17 00:02:33 +01:00
a89dbd9892
release
2014-10-16 23:28:35 +01:00
44e05edaf4
debian: fix some wrong paths in the copyright file
2014-10-16 23:28:23 +01:00
0e783e915b
debian: rename debian/link to debian/links so the intended symlinks appear
2014-10-16 23:04:11 +01:00
37296bcb5a
close a bug
2014-10-16 23:03:48 +01:00
0c73a825d1
Drop unused python-support dependency
2014-10-16 22:48:09 +01:00
3429e81596
changelog so far
2014-10-16 22:44:29 +01:00
e1deb28e08
build-depend on libcgi-pm-perl too, for tests
2014-10-16 22:40:52 +01:00
edbc54ec6e
Explicitly depend on CGI.pm, which is no longer in Perl core
...
I was going to depend on the version that has CGI->param_fetch,
but that has been supported since 2.37, which is older than oldstable.
2014-10-16 22:24:48 +01:00
09e7c1ad99
IkiWiki::Plugin::openid: as a precaution, do not call non-coderefs
...
We're running under "use strict" here, so if CGI->param's array-context
misbehaviour passes an extra non-ref parameter, it shouldn't be executed
anyway... but it's as well to be safe.
[commit message added by smcv]
2014-10-16 22:24:48 +01:00
cfbcbda0ad
Call CGI->param_fetch instead of CGI->param in array context
...
CGI->param has the misfeature that it is context-sensitive, and in
particular can expand to more than one scalar in function calls.
This led to a security vulnerability in Bugzilla, and recent versions
of CGI.pm will warn when it is used in this way.
In the situations where we do want to cope with more than one parameter
of the same name, CGI->param_fetch (which always returns an
array-reference) makes the intention clearer.
[commit message added by smcv]
2014-10-16 22:24:47 +01:00
f4ec7b06d9
Make sure we do not pass multiple CGI parameters in function calls
...
When CGI->param is called in list context, such as in function
parameters, it expands to all the potentially multiple values
of the parameter: for instance, if we parse query string a=b&a=c&d=e
and call func($cgi->param('a')), that's equivalent to func('b', 'c').
Most of the functions we're calling do not expect that.
I do not believe this is an exploitable security vulnerability in
ikiwiki, but it was exploitable in Bugzilla.
2014-10-16 22:24:47 +01:00
d8943d8668
Added a comment: It was an Apache problem...
2014-10-16 10:57:26 -04:00
99bc12a3ab
branch
2014-10-16 08:11:52 -04:00
6de6479b3c
comment
2014-10-16 07:52:05 -04:00
1561fbb365
Replace PayPal and Flattr buttons with text links
...
In particular, this avoids loading third-party resources from the
offline documentation (see
<https://lintian.debian.org/tags/privacy-breach-donation.html >).
2014-10-16 09:47:07 +01:00
0a6ca5c892
mention pagespec_alias patches
2014-10-15 22:53:41 -04:00
a67e0d212c
Added a comment
2014-10-15 19:30:22 -04:00
12d72abaa3
Added a comment
2014-10-15 19:26:52 -04:00
cbf05056d4
Added a comment
2014-10-15 14:49:16 -04:00
6c4c71c558
Added a comment
2014-10-15 09:43:25 -04:00
a454b4c0f0
Added a comment
2014-10-15 08:33:40 -04:00
9802e98652
2014-10-15 00:18:10 -04:00
3b6674a695
as usual, macports hasn't moved
2014-10-14 18:46:41 -04:00
f5c57d36b9
Added a comment
2014-10-14 18:41:59 -04:00
555dd086ce
2014-10-14 18:31:11 -04:00
cee4c16187
Added a comment
2014-10-14 18:25:13 -04:00
ed35163be0
one report suffices; not yet clear there's a bug
2014-10-14 18:19:09 -04:00
194c0a1084
2014-10-14 09:46:55 -04:00
627ed5f93c
2014-10-14 09:20:24 -04:00
bc6efdd735
clarify
2014-10-13 16:21:15 -04:00
e42b1409b2
findings and questions
2014-10-13 16:13:33 -04:00
http://anastigmatix.net/
Amitai Schlair
https://www.google.com/accounts/o8/id?id=AItOawlGzzISNi9sKsbbqyRjCZEecyypgaFV56U
openmedi
Simon McVittie
https://www.google.com/accounts/o8/id?id=AItOawk8U772S3jDrZJCO0WA5WaDLjJv5mMl6Yw
smcv
https://www.google.com/accounts/o8/id?id=AItOawlcaGfdn9Kye1Gc8aGb67PDVQW4mKbQD7E
https://www.google.com/accounts/o8/id?id=AItOawmbuZI4n1RsTe3Yeaqb5F-yhtR7a8BWEIE
https://www.google.com/accounts/o8/id?id=AItOawlobQ5j7hQVIGkwMWW3yKB_DWqthJcpnsQ