Commit Graph

218 Commits (172f41f6de288814fbd013f3465e658c562b10b1)

Author SHA1 Message Date
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess 52e16d4ec9 * Record new pages in %pagesources temporarily when previewing so that
things that need to know the page source or type can query it from there.
  Fixes previewing of tables when creating a new page.
2008-03-17 21:28:31 -04:00
Joey Hess f7bdc2385d * Use forcebaseurl to make page previews be displayed with the html base
set to the destination page. This avoids need for hacks to munge the urls
  in preview mode, which fixes several bugs.
* Several destpage fixes in plugins.
2008-03-12 14:21:48 -04:00
Joey Hess bd55d276b3 Fix links generated by preprocessor directives when previewing.
As was already done for linkfication, links generated in a prevew page
are relative to the top of the wiki, so it has to be told that the destpage
is there.

I was using "" to indicate this, but that may confuse some preprocessor
plugins, which treat parameters with an empry value specially (sparkline is one
such). Instead, use "/", which is more accurate anyway and works just as well.
2008-02-24 16:37:11 -05:00
Joey Hess 553136ec1f * Preview limits the page dropdown to what's selected previously
(as preserving the full list across preview would be tricky). Userdirs
  were still being offered as an option there, remove them.
* Fix a bug where user A created a page concurrently with user B, and
  when B previewed it would redirect B to A's new page, losing B's work.
  Instead, don't redirect and let conflict handling resolve it.
2008-02-14 15:42:14 -05:00
Joey Hess a3f224cb6c move saveindex call into preview block
This call is only present to handle the case where previewing a page
actually causes files to be rendered.
2008-02-03 19:51:00 -05:00
Joey Hess 408419ca3e remove another commit mail mention 2008-02-03 19:47:01 -05:00
Joey Hess 80915c830a * cgi hooks are now run before ikiwiki state is loaded.
* This allows locking the wiki before loading state, which avoids some
  tricky locking code when saving a web edit.
2008-02-03 00:23:04 -05:00
Joey Hess 21f44880cd non-tabular recentchanges display
Doesn't look as good as the old table, but works as a rss feed.
2008-01-29 01:48:55 -05:00
Joey Hess d7fdd04b5a * Removed support for sending commit notification mails. Along with it went
the svnrepo and notify settings, though both will be ignored if left in
  setup files.
2008-01-29 00:36:58 -05:00
Joey Hess 0d2894711c support for internal-use page types
If a page type starts with an underscore, hide it from the list of page types
in the edit form, and don't allow editing pages of that type. This allows
for plugins to add page types for internal use.
2008-01-28 23:08:48 -05:00
Joey Hess 29f3082772 move userlink to IkiWiki.pm
I have a plugin that needs to use userlink.
2008-01-28 22:58:31 -05:00
Joey Hess 9f25e3436b change rcs_recentchanges when to absolute, not relative, time
No point in using a relative time value in rcs_recentchanges. Different
consumers of the info want different things.
2008-01-28 22:57:22 -05:00
Joey Hess 141d363888 In preferences, allow the subscriptions and email fields to be cleared 2008-01-09 17:59:56 -05:00
Joey Hess dcf342f366 add explicit test for do=postsignin
This happens when openid auth fails in certian ways
2008-01-07 16:39:49 -05:00
Joey Hess c34895364f fixes 2008-01-07 16:35:16 -05:00
Joey Hess c487b847e2 * Improved the canedit hook interface, allowing a callback function to be
returned (and not run in some cases) rather than the plugins directly
  forcing a user to log in.
* opendiscussion: allow editing of the toplevel discussion page,
  and, indirectly, allow creating new discussion pages.
2008-01-07 16:34:13 -05:00
Joey Hess 9dbbbd0efa * Only try postsignin if no other action matched. Fixes a bug where the
user goes back from the signin screen and does something else.
* Improve behavior when trying to sign in with no cookies.
2008-01-07 15:56:39 -05:00
Joey Hess 1fb1d6c183 fix an uninitialised value warning 2008-01-05 01:47:04 -05:00
Joey Hess 57bba4dac1 * Stop testing Encode::is_utf8 in decode_form_utf8: That doesn't work.
* decode_form_utf8 only fixed the utf-8 encoding for fields that were
  registered at the time it was called, which was before the
  formbuilder_setup hook. Fields added by the hook didn't get decoded.
  But it can't be put after the hook either, since plugins using the hook
  need to be able to use form values. To fix this dilemma, it's been changed
  to a decode_cgi_utf8, which is called on the cgi query object, before the
  form is set up, and decodes *all* cgi parameters.
2008-01-01 19:58:45 -05:00
Joey Hess 5b2ab63f78 * Allow editing a page and deleting all content, while still disallowing
creating a new page that's entirely empty.
2007-12-12 19:11:29 -05:00
Joey Hess c06643a435 * Ensure that web edited pages always end in a newline. 2007-12-12 13:41:21 -05:00
Joey Hess 4745391360 * Change formbuilder hook to not be responsible for displaying a form,
so that more than one plugin can use this hook.
  I believe this is a safe change, since only passwordauth uses this hook.
  (If some other plugin already used it, it would have broken passwordauth!)
2007-12-12 03:15:30 -05:00
Joey Hess 7960031135 MAJOR basewiki reorg
Including redir pages for the moved basewiki pages. These will be removed in
a future release.
2007-12-08 15:59:08 -05:00
joey 278b16c79a * In the cgi edit path, reload the index file before rendering. A bug
showed up where a web edit that added a page caused a near-concurrent
  web edit to fail in will_render. While it would be hard to reproduce this,
  my analysis is that the failing cgi started first, loaded the index file
  (prior to locking) then the other cgi created the new page and rendered
  it, and then the failing cgi choked on the new file when _it_ tried to
  render it. Ensuring that the index file is loaded after taking the lock
  will avoid this bug.
2007-10-10 18:40:54 +00:00
joey f9f38ae31c * Save index after previewing page edit, since even previewing can create
files in some situations, and this is appropriate in some cases, such as
  the teximg plugin's error log file.
  Such files will be automatically cleaned up at an appopriate later time.
2007-09-22 18:31:52 +00:00
joey 9c5f4761d8 * Support for looking in multiple directories for underlay files.
* Plugins can add new directories to the search path with the add_underlay
  function.
* Split out smiley underlay files into a separate underlay, so if the plugin
  isn't used, the wiki isn't bloated with all those files.
2007-08-28 01:59:01 +00:00
joey 6c89a635bb * Add an editcontent hook. 2007-08-26 21:33:25 +00:00
joey 2c5fbe844b * Call the formbuilder hook for the edit page.
* Call decode_form_utf8 before running formbuilder_setup hooks.
* Add editdiff plugin contributed by Jeremie Koenig.
* Fix it to not leak path info.
2007-08-22 21:06:13 +00:00
joey ce7596dad9 * Applied Jeremie Koenig's pluggable editpage buttons patch:
- add a title to the editpage form;
  - pass a reference to the list of buttons to the formbuilder_setup
    hooks, so we can add ours;
  - relax asumption about the possible submit values (use "Save Page"
    explicitly);
  - de-hardcode the submit buttons from the editpage template
    (This was needed for compatability with a bug in CGI::FormBuilder
    3.0401, but ikiwiki already needs a newer version.)
* Pass buttons to all other formbuilder_setup hooks too.
2007-08-17 05:34:59 +00:00
joey c8f7b9480e proper fix for adding file, based on jkoenig's patch 2007-08-15 00:06:20 +00:00
joey d392f5776a * Fix bug when editing file from underlaydir, need to rcs_add it even though
a page creation isn't occuring.
2007-08-14 20:11:45 +00:00
joey 69065b8e79 * Fix bug in deletion/move during edit code introduced in 1.44. Need to take
the underlaydir into account.
2007-08-14 19:44:59 +00:00
joey 2e8d5c5ade Remove two header => 1 settings that were overridden by later header => 0 2007-08-14 18:02:10 +00:00
joey 46a80d9cbe * Move blog form code out of CGI.pm and into the inline plugin. 2007-08-05 22:07:32 +00:00
joey 8e2fb374e0 * Add sessioncgi hook. 2007-08-05 21:38:27 +00:00
joey 79947fda81 remove cruft 2007-08-05 21:12:35 +00:00
joey c92ab9cddd * Wrap the editpage template in the standard misctemplate, this allows the
pagetemplate hook to work for that page.
* Above change fixes the favicon plugin to work on edit pages.
2007-07-16 05:24:31 +00:00
joey cf35ee04cd * Add a destpage parameter to the filter hook.
* Fix links to smilies generated by the smiley plugin for inlined pages. The
  old links were often wrong, but often still worked by accident.
2007-05-17 19:55:11 +00:00
joey 190202dd4e * Make all templates have a footer div to ease themeing. Required template
and style sheet updates, and unless you're using customised versions,
  you'll want to rebuild wikis on upgrade to this version to avoid
  inconsistencies.
* Allow WIKINAME to to used in footers, as an example of something to put
  there.
2007-05-11 20:09:58 +00:00
joey 65be0598a9 * Use div layout for the signin and preferences forms, so that they can be
styled using the stylesheet, rather than by creating signin and prefs
  templates.
* Make the openid login form nicely styled.
2007-04-30 21:27:58 +00:00
joey 93c6d2c340 * Use fieldsets in the preferences form to group related options together.
Especially cleans up the ordering of the admin's preferences form.
2007-04-29 21:57:25 +00:00
joey 26213f8ee4 * Detect the case of two people independently creating the same page at the
same time, and let the second person resolve the conflict.
2007-03-17 23:57:03 +00:00
joey 188f1931c2 * Fix some broken logic in cgi creation of a subpage when a toplevel page
with the same name already exists, and generally simplify the edit code.
2007-03-17 23:20:27 +00:00
joey 6003422f45 simplify preview code 2007-03-17 22:33:34 +00:00
joey 43fd7cc0c5 correct dup page name detect in blog posting code 2007-03-08 22:16:03 +00:00
joey c1b698e418 * The underscore escaping support exposed a bug in edit links: Such links
were titlepage escaped in the urls, and then doubly escaped by the CGI
  when editing. To fix this, I removed the titlepage escaping in the edit
  urls.
* That means that *every edit link* on the wiki is potentially changed.
  Rebuilding wikis on upgrade to this version therefore necessary; enabled
  that in postinst.
2007-03-08 06:03:59 +00:00
joey b365d864c5 My fix to support encoded underscores in page titles broke links to pages
with underscores in their filenames, since the link code also used
titlepage. Create a new linkpage function and have the link code use that
instead.
2007-03-07 09:48:59 +00:00
joey c69d6f669a * The slash escaping when adding to a blog from the CGI was not working
since it ended up being double-escaped. Instead, just remove slashes.
* Fix some nasty issues with page name escaping during previewing
  (introduced in 1.44).
2007-03-07 09:23:13 +00:00
joey 1202b4fd7b * Add preview parameter to preprocesser calls, use this rather than the
previous ugly hack used to avoid writing rss feeds in previews.
* Fix the img plugin to avoid overwriting images in previews. Instead it
  does all the work to make sure the resizing works, and dummys up a resized
  image using width and height attributes.
* Also fixes img preview display, the links were wrong in preview before.
2007-03-06 22:37:05 +00:00
joey 072967e62a * Patch from Ethan to improve behavior if a page is deleted or moved while
someone is editing it.
* Some cleanup of field setting in the failed edit and conflict handling
  code.
2007-02-24 00:39:06 +00:00
joey 2dfe3efcb7 * Correct a bug that could lead to infinite looping after signin in some
circumstances.
2007-02-24 00:20:36 +00:00
joey c60477228c * Since the CGI had to drop the wiki lock to avoid deadlocking the
commit hook, it was possible for one CGI to race another one and "win"
  the commit of both their files. This race has been fixed by adding a new
  commitlock, which when locked by the CGI, disables the commit hook
  (except for commit mails). The CGI then takes care of the updates the
  commit hook would have done.
2007-02-21 08:55:28 +00:00
joey 92e5781212 * Elegant patch from Ethan to clean up the display of page names in the
dropdown when creating a new page.
2007-02-21 00:17:50 +00:00
joey fa52a730ff * Changed calling convention for httmllink slightly. The first three
parameters remain the same, but additional options are now passed in using
  named parameters.
* Change plugin interface version to 1.02 to reflect this change.
* Add a new anchor option to htmllink. Thanks Ben for the idea.
* Support anchors in wikilinks.
* Add a "more" plugin based on one contributed by Ben to allow implementing
  those dreaded "Read more" links in blogs.
2007-02-20 03:05:47 +00:00
joey d4c61b7281 * Many changes to make ikiwiki very resistant to write failures
including out of disk space situations. ikiwiki should never leave
  truncated files, and if the error occurs during a web-based file edit,
  the user will be given an opportunity to retry.
  Inspired by the many ways Moin Moin destroys itself when out of disk. :-)
* Fix syslogging of errors.
2007-02-15 02:22:08 +00:00
joey 29e6ff03b0 * Fix a security hole that allowed a web user to edit images and other
non-page format files in the wiki. To exploit this, the file already had
  to exist in the wiki, and the web user would need to somehow use the web
  based editor to replace it with malicious content.
  (Sorry Josh, this means you can't edit style.css directly anymore,
  although I do appreciate your fixes, actually..)
2007-02-10 20:37:36 +00:00
joey 5f162cfd34 * Add canedit hook, allowing arbitrary controls over when a page can be
edited.
* Move code forcing signing before edit to a new "signinedit" plugin, and
  code checking for locked pages into a new "lockedit" plugin. Both are 
  enabled by default.
* Remove the anonok config setting. This is now implemented by a new
  "anonok" plugin. Anyone with a wiki allowing anonymous edits should
  change their configs to enable this new plugin.
* Add an opendiscussion plugin that allows anonymous users to edit
  discussion pages, on a wiki that is otherwise wouldn't allow it.
* Lots of CGI code reorg and cleanup.
2007-02-02 02:33:03 +00:00
joey 4ff60ef1c5 * Always call rcs_update after a commit during a web edit, to work around
the problem described in bugs/svn_fails_to_update. Thanks to Ethan for the
  analysis and patch.
2007-01-28 00:26:55 +00:00
joey c4b1712212 * Change the RecentChanges page to show the path of changed pages. 2007-01-14 04:30:53 +00:00
joey 7ceb5b1f75 Improve error message when postsignin (probably from openid) fails due to
cookies not being enabled. Adds a new translatable string..
2007-01-12 20:56:54 +00:00
joey 8c8ce06a1b * Search in default location for templates as a fallback when templatedir is
pointed elsewhere, so that only modified templates need to be copied into
  a templatedir. Based on work by JeremyReed.
2007-01-12 20:48:19 +00:00
joey 8daaa11baa added some comments for translators 2007-01-04 12:00:23 +00:00
joey e5348d2d70 * Corrected a bum regexp in openid munging. 2007-01-03 05:33:50 +00:00
joey 39d78ce54c deal with http:// part 2006-12-31 22:28:08 +00:00
joey c494e2f974 * Escape shashes in page titles entered in the blog post form.
* Munge openids of the form somehost.com/user (trial, may revert)
2006-12-31 20:50:22 +00:00
joey f62d23f008 * If a userdir is configured, links to pages in it can be made without
specifying the path. This allows for easy signing of comments by linking
  to your page in the userdir.
2006-12-29 05:33:20 +00:00
joey 912521ef07 * Initial work on internationalization of the program code. po/ikiwiki.pot
is available for translation.
* Export gettext() from IkiWiki module.
2006-12-29 04:38:40 +00:00
joey 472dabbb60 * Turn $config{wiki_file_prune_regexps} into an array that is easier to
manipulate.
* Only exclude rss and atom files from processing if the inline plugin
  is enabled and that feed type is enabled. Else it's just a copyable file
  type.
* Move rss and atom option handling code into the inline plugin.
* Applied a rather old patch from Recai to fix the "pruning is too strict"
  issue. Now you can have wiki source directories inside dotdirs and the
  like, if you want.
2006-12-21 19:36:15 +00:00
joey 389ad222ec * Add userdir config setting. 2006-12-19 16:58:55 +00:00
joey 8af8d085d6 * The hack used to make the pagetemplate hook have access to the editpage
template won't work with CGI::FormBuilder 3.0401, so disable it for now.
* CGI::FormBuilder 3.0401 seems to work ok now with ikiwiki, although
  there might still be bugs lurking..
2006-12-02 00:19:55 +00:00
joey d99ce1f9ad session improvements 2006-11-26 19:43:50 +00:00
joey 04a9dbfe7d updates 2006-11-22 14:28:38 +00:00
joey 95e8127405 improve 2006-11-21 17:56:04 +00:00
joey a8c5c8c0ba improve regexp 2006-11-21 03:52:20 +00:00
joey fc0b70e700 formatting 2006-11-21 01:40:47 +00:00
joey d4b4475521 improvement 2006-11-20 21:02:45 +00:00
joey 3e593eb9c0 * Add "last" parameter to hook function. Very basic ordering, and hopefully
nothing more spohisticated will be needed.
* Add formbuilder_setup and formbuilder hooks.
* Split out a passwordauth module, that holds all the traditional password
  based authentication etc code. It's enabled by default, but can be disabled
  if you want only openid or some other auth method.
2006-11-20 20:37:27 +00:00
joey d389b0e4a4 * Avoid locking the wiki at all when handling some basic cgi stuff
(searches, recentchanges).
2006-11-20 12:03:35 +00:00
joey 7cfdb888e5 increase field widths 2006-11-20 09:59:27 +00:00
joey e43cd269d2 * Add openidsignup config option.
* Make the openid plugin support the callbacks from myopenid.com via its 
  affiliate program.
* Change how post signin actions are propigated through the signin process;
  they're now stored in the session.
2006-11-20 09:40:09 +00:00
joey e7ee388ea1 minor improvements 2006-11-20 06:22:19 +00:00
joey 9f60b7f6cd explanation 2006-11-20 03:22:23 +00:00
joey 702b8721d3 * Add an openid plugin to support logging in using OpenID.
* Web commits by OpenID users will record the full OpenID url for the user,
  but in recentchanges, these urls will be converted to a simplified display
  form+link.
* Modified svn, git, tla backends to recognise such web commits.
2006-11-20 02:46:58 +00:00
joey 54cf5a62ca * Make auth methods pluggable.
* Move httpauth support to a plugin.
* Add an openid plugin to support logging in using OpenID.
2006-11-20 01:52:18 +00:00
joey 60aca5e0fe fixes 2006-11-10 07:51:14 +00:00
joey 96eb9bb3fa * Work around a strange bug in CGI::FormBuilder 3.0401 that makes
FORM-SUBMIT unusable on customised formbuilder templates. For now,
  hardcode the submit buttons in editpage.tmpl instead of using the
  template variable, which is ok, since the buttons are static.
2006-11-10 07:46:41 +00:00
joey 35ee7e44a6 * Make sure to check for errors from every eval. 2006-11-08 21:03:33 +00:00
joey cb3f89f429 * Enable utf8 file IO in aggregate plugin.
* Fix some issues with the new registration form.
2006-11-08 20:13:59 +00:00
joey c3a530ab93 * Improve login/register process, the login dialog has only name and
password fields, which allows more web browsers to regognise it as a login
  field, and is less confusing.
2006-10-30 23:28:01 +00:00
joey a1eaeffe5e delete session 2006-10-28 00:36:34 +00:00
joey b6509c74a9 * Add basic spam fighting tool for admins: An admin's prefs page now allows
editing a list of banned users who are not allowed to log in.
2006-10-28 00:35:33 +00:00
joey 3ef0a67811 * Patch from Recai to limit recentchanges to displaying max 10 files for a
given changeset (to avoid large number of file changes excessively
  bloating the page).
2006-10-14 03:12:30 +00:00
joey be55f6fd7c * Atom feed support based on a patch by Clint Adams.
* Add feeds=no option to inline preprocessor directive to turn off all types
  of feeds. feeds=rss will still work, and feeds=atom was also added, for
  fine control.
* $IkiWiki::version now holds the program version, and is accessible to
  plugins.
2006-10-08 23:57:37 +00:00
joey 67b513e8c4 * Patch from Alec Berryman adding a http_auth config item that allows
using HTTP Authentication instead of ikiwiki's built in authentication.
  Useful for eg, large sites with their own previously existing user auth
  setup. Closes: #384534
2006-10-02 22:56:09 +00:00
joey 26774c931c * Patch from James Westby to deal with the case where you're editing a
new page, hit cancel, and need to be redirected to somewhere sane.
2006-09-16 01:23:14 +00:00
joey 0f25ec8eb6 * pagetemplate hooks are now also called when generating cgi pages.
* Add a favicon plugin, which simply adds a link tag for an icon to each
  page (and cgis).
2006-09-16 00:52:26 +00:00
joey 1e7be2d3dd * Patch from Recai to kill utf-8 on the wiki name when generating the
session cookie.
2006-09-11 16:24:05 +00:00
joey dae0f48e91 * Work on firming up the plugin interface:
- Plugins should not need to load IkiWiki::Render to get commonly
    used functions, so moved some functions from there to IkiWiki.
  - Picked out the set of functions and variables that most plugins
    use, documented them, and made IkiWiki export them by default,
    like a proper perl module should.
  - Use the other functions at your own risk.
  - This is not quite complete, I still have to decide whether to
    export some other things.
* Changed all plugins included in ikiwiki to not use "IkiWiki::" when
  referring to stuff now exported by the IkiWiki module.
* Anyone with a third-party ikiwiki plugin is strongly enrouraged
  to make like changes to it and avoid use of non-exported symboles from
  "IkiWiki::".
* Link debian/changelog and debian/news to NEWS and CHANGELOG.
* Support hyperestradier version 1.4.2, which adds a new required phraseform
  setting.
2006-09-09 22:50:27 +00:00
joey f7d95297bb need to import escapeHTML 2006-09-06 20:03:59 +00:00