Joey Hess
6321a75e0c
track escaping change in upstream template
...
This is not belived to be XSS exploitable due to other checks in ikiwiki.
Thanks Olly Betts for review.
2011-09-27 11:05:34 -04:00
Joey Hess
97caf03fa0
releasing version 3.20110905
2011-09-05 15:17:15 -04:00
Joey Hess
5cb0ecc000
Fix web revert of a file deletion.
...
When reverting, an add is a remove, and a remove is an add.
2011-09-05 14:51:49 -04:00
Joey Hess
acb0eb78c4
Promote RPC::XML to a Recommends, since it's used by auto-blog.setup. Closes : #637603
2011-09-05 13:25:05 -04:00
Joey Hess
35b69392c8
Avoid warning message when generating setup file if highlight is not installed. Closes : #637606
...
There's a nice message if the plugin is loaded and used and highlight is
not available, and a nice fallback. So no need for this other warning,
which can happen any time all plugins are loaded to generate a setup file.
2011-09-05 13:21:56 -04:00
Joey Hess
f774f20913
Fix comments testsuite to not rely on Date::Parse's ability to parse the date Columbus discovered America. Closes : #640350
...
This is such a pity. smcv had these great dates, but squeeze's Date::Parse
cannot parse them.
Oh well, at least it makes for a great bug closure title.
2011-09-05 13:17:36 -04:00
Joey Hess
7d2b68cd16
inline: When indexing internal pages for searching, use the url of the inlining page.
2011-09-01 11:38:10 -04:00
Joey Hess
4af7b2c14d
search: Fix encoding bug in calculation of maximum term size.
2011-08-30 11:37:38 -04:00
Joey Hess
c8f7dcbc31
Use lockf rather than flock when taking the cgilock, for better portability.
...
This kind of change is scary, but this particular lock is very simply
used and so it seems ok to make it even just for better portability to
SunOS. (People still use that?)
2011-08-24 17:35:53 -04:00
Joey Hess
73eb892ba2
jquery source cleanup
...
* Add unminified jquery js and css files to source.
* Update to jquery 1.6.2, and jquery-ui 1.8.14.
The full files are included in the source but not the binary.
I'm not minifying the files as part of build because I don't want ikiwiki
to build depend on a javascript minifier. (Let alone need one at runtime).
Nor do I want to deal with any breakage caused by the minifier. These
files were taken from the debian packages.
The jquery-tmpl full file was taken from revision
66bb852217c49ae8c9a8f2522150354ae80463de of its git repository, which
matches the minified file I already had. I did not want to deal with possible
breakage in newer versions; this thing claims to need an ancient version of
jquery (1.4.2), and is perhaps only working by luck with the newer versions
as it is.
2011-08-24 16:25:03 -04:00
Joey Hess
1873095484
Put in a workaround for #622591 , by ensuring Search::Xapian gets loaded before Image::Magick.
2011-08-07 11:01:41 -04:00
Joey Hess
e07adcad7a
typo
2011-08-05 17:14:41 -04:00
Joey Hess
d2cf716876
Avoid using named capture groups in heredoc code for oldperl compatability.
...
Also reordered heredoc part of regexp for consistency.
2011-07-30 20:12:33 +02:00
Joey Hess
ed360d045a
Fix escaping of html entities in tag names.
...
Example case was a tag with & in its name, which resulted in a malformed
rss feed.
2011-07-29 12:54:30 +02:00
Joey Hess
65a7bc4e06
Fix escaping of html entities in permalinks.
2011-07-29 12:37:43 +02:00
Joey Hess
f2529edcab
Fix typo in Danish translation of shortcuts page that caused expoentional regexp blowup.
...
Complex regular subexpression recursion limit (32766) exceeded at
/home/joey/src/ikiwiki/IkiWiki.pm line 1532.
This doesn't fix the blowup potential itself, it just fixes the typo. :)
A sample page that causes the blowup is attached below for future
reference. The first directive is not terminated. Contributing are the
additional quotes around the following directives, which mean that they can
each be processed as a parameter to the first directive, or as an
individual directive. In resolving this ambiguity, the regexp blows up.
Happily, perl contains the explosion , so I don't think there is an exploit
here.
"[[!shortcut name=wiktionary url=\"https://secure.wikimedia.org/wiktionary/en/ "
"[[!shortcut name=debss url=\"http://snapshot.debian.net/package/%s \"]]"
"[[!shortcut name=debwiki url=\"http://wiki.debian.org/%s \"]]"
"[[!shortcut name=fdobug url=\"https://bugs.freedesktop.org/show_bug.cgi?id=%s \" desc=\"freedesktop.org bug #%s\"]]"
"[[!shortcut name=fdolist url=\"http://lists.freedesktop.org/mailman/listinfo/%s \" desc=\"%s@lists.freedesktop.org\"]]"
"[[!shortcut name=cpanrt url=\"https://rt.cpan.org/Ticket/Display.html?id=%s \" desc=\"CPAN RT#%s\"]]"
"[[!shortcut name=novellbug url=\"https://bugzilla.novell.com/show_bug.cgi?id=%s \" desc=\"bug %s\"]]"
"[[!shortcut name=fdolist url=\"http://lists.freedesktop.org/mailman/listinfo/%s \" desc=\"%s@lists.freedesktop.org\"]]"
"[[!shortcut name=gnomebug url=\"http://bugzilla.gnome.org/show_bug.cgi?id=%s \" desc=\"GNOME bug #%s\"]]"
"[[!shortcut name=linuxbug url=\"http://bugzilla.kernel.org/show_bug.cgi?id=%s \" desc=\"Linux bug #%s\"]]"
"[[!shortcut name=gmane url=\"http://dir.gmane.org/gmane.%s \" desc=\"gmane.%s\"]]"
"[[!shortcut name=gmanemsg url=\"http://mid.gmane.org/%s \"]]"
"[[!shortcut name=cpan url=\"http://search.cpan.org/search?mode=dist&query=%s \"]]"
"[[!shortcut name=ctan url=\"http://tug.ctan.org/cgi-bin/ctanPackageInformation.py?id=%s \"]]"
"[[!shortcut name=hoogle url=\"http://haskell.org/hoogle/?q=%s \"]]"
"[[!shortcut name=iki url=\"http://ikiwiki.info/%S/ \"]]"
"[[!shortcut name=ljuser url=\"http://%s.livejournal.com/ \"]]"
"[[!shortcut name=rfc url=\"http://www.ietf.org/rfc/rfc%s.txt \" desc=\"RFC %s\"]]"
"[[!shortcut name=c2 url=\"http://c2.com/cgi/wiki?%s \"]]"
"[[!shortcut name=meatballwiki url=\"http://www.usemod.com/cgi-bin/mb.pl?%s \"]]"
"[[!shortcut name=emacswiki url=\"http://www.emacswiki.org/cgi-bin/wiki/%s \"]]"
"[[!shortcut name=haskellwiki url=\"http://haskell.org/haskellwiki/%s \"]]"
"[[!shortcut name=dict url=\"http://www.dict.org/bin/Dict?Form=Dict1&Strategy=*&Database=*&Query=%s \"]]"
"[[!shortcut name=imdb url=\"http://imdb.com/find?q=%s \"]]"
"[[!shortcut name=gpg url=\"http://pgpkeys.mit.edu:11371/pks/lookup?op=vindex&exact=on&search=0x%s \"]]"
"[[!shortcut name=perldoc url=\"http://perldoc.perl.org/search.html?q=%s \"]]"
"[[!shortcut name=whois url=\"http://reports.internic.net/cgi/whois?whois_nic=%s&type=domain \"]]"
"[[!shortcut name=cve url=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=%s \"]]"
"[[!shortcut name=cia url=\"http://cia.vc/stats/project/%s \"]]"
"[[!shortcut name=ciauser url=\"http://cia.vc/stats/user/%s \"]]"
"[[!shortcut name=flickr url=\"http://www.flickr.com/photos/%s \"]]"
"[[!shortcut name=man url=\"http://linux.die.net/man/%s \"]]"
"[[!shortcut name=ohloh url=\"http://www.ohloh.net/projects/%s \"]]"
"[[!shortcut name=cpanrt url=\"https://rt.cpan.org/Ticket/Display.html?id=%s \" desc=\"CPAN RT#%s\"]]"
"[[!shortcut name=novellbug url=\"https://bugzilla.novell.com/show_bug.cgi?id=%s \" desc=\"bug %s\"]]"
2011-07-26 17:29:36 +02:00
Joey Hess
ca435801d9
po: Add `LANG_CODE` and `LANG_NAME` template variables. (intrigeri)
2011-07-19 14:12:45 -04:00
Joey Hess
e04cb1ffd3
mercurial: Implement rcs_diff. (Daniel Andersson)
2011-07-19 11:44:26 -04:00
Joey Hess
339b95e719
rcs_rename and rcs_remove also were in the big mercurial patch
2011-07-19 11:41:11 -04:00
Joey Hess
b4db945b34
mercurial: Make both rcs_getctime and rcs_getmtime fast. (Daniel Andersson)
2011-07-19 11:39:32 -04:00
Joey Hess
86e1dc492f
apply the big mercurial patch
...
* mercurial: openid nicknames are now used when committing. (Daniel Andersson)
* mercurial: implement rcs_commit_staged so comments, attachments, etc
can be used. (Daniel Andersson)
* mercurial: fix viewing of a diff containing non-utf8 changes.
(Daniel Andersson)
2011-07-19 11:26:14 -04:00
Joey Hess
98d2356ad0
releasing version 3.20110715
2011-07-15 18:57:24 -04:00
Joey Hess
4cd2efef8c
fix two recently introduced bugs in rename
...
* rename: Fix logic error that broke renaming pages when the attachment
plugin was disabled.
* rename: Fix logic error that bypassed the usual pagespec checks.
2011-07-15 18:46:16 -04:00
Joey Hess
70ce708b02
releasing version 3.20110712
2011-07-12 12:40:30 -04:00
Joey Hess
20577d8ecb
Display attachment manipulation links always, since attachments can be uploaded via javascript.
...
Could arrange for them to be in a span that is hidden when there are no
attachments and make the javascript upload unhide it; this is a quick fix.
2011-07-11 21:38:48 -04:00
Joey Hess
d23786cb6c
attachment: Bugfix to create directory when moving attachment out of holding area.
2011-07-11 21:35:46 -04:00
Joey Hess
4ce2490e01
releasing version 3.20110711
2011-07-11 18:41:30 -04:00
Joey Hess
258b75c4f7
attachment: Bugfix to move upload attachments out of holding area when saving.
2011-07-11 18:34:17 -04:00
Joey Hess
45a058a2c7
Add build dep on python-support. Closes : #633536
2011-07-11 13:07:28 -04:00
Joey Hess
a40b58c514
releasing version 3.20110707
2011-07-07 20:48:48 -04:00
Joey Hess
9f7d9ab356
Bugfix for trying to attach files to a subpage of the index page.
2011-07-07 20:32:14 -04:00
Joey Hess
a965e02430
Bugfix for wikilink containing an email address not showing up in brokenlinks list.
2011-06-29 18:35:29 -04:00
Joey Hess
a18a62aa30
inline: Handle obfuscated urls, such as the mailto urls generated by markdown when forcing urls absolute.
...
That took me 5 minutes. If anyone thinks obfuscated email urls stops, or
even slows down spammers, think again.
2011-06-29 18:12:58 -04:00
Joey Hess
add72de71a
merged smcv/comments-metadata
2011-06-29 17:57:53 -04:00
Joey Hess
9d7c1d5f7d
Fix ikiwiki-update-wikilist -r to actually work.
2011-06-29 17:38:26 -04:00
Joey Hess
25b01f9404
Preserve mixed case in page creation links, and when creating a page whose title is mixed case, allow selecting between the mixed case and all lower-case names.
2011-06-29 16:38:32 -04:00
Joey Hess
ae1857b43c
img: Generate png format thumbnails for svg images.
...
Imagemagick does not generate svg images very well, but it can convert
them to png quite well.
For browsers that don't yet support displaying svg, this also provides a
workaround; just scale the svg down to get a png. But the workaround is
partial, since scaling the image larger, or leaving it the same size will
cause the original svg to be displayed. Since browsers are actively
improving svg support, this is good enough for me.
2011-06-29 14:40:30 -04:00
Joey Hess
c90bc78d44
Support svg as a inlinable image type
...
svg images can be included on a page by simply linking to them, or by using
the img directive. Note that sanitizing svg files is still not addressed.
2011-06-29 14:17:47 -04:00
Joey Hess
46064d6d63
html5 is not experimental anymore. But not the default either, quite yet.
2011-06-23 09:41:21 -04:00
Joey Hess
886890b82d
move headinganchors out of contrib
2011-06-21 15:22:35 -04:00
Joey Hess
d82fa99426
add JSON dep
2011-06-16 14:34:44 -04:00
Joey Hess
d96edbbe68
Add libtext-multimarkdown-perl to Suggests. Closes : #630705
2011-06-16 13:13:08 -04:00
Joey Hess
6ebb4e262e
show ikiwiki error when attachment is rejected
2011-06-16 13:01:23 -04:00
Joey Hess
d4a0732752
let thru HTTP_ACCEPT
...
Needed for attachment to return json when requested.
I think some browsers send Accept: * , so I made sure to check that json
was explicitly listed as to be accepted, as well as having a high
priority.
2011-06-15 20:02:14 -04:00
Joey Hess
c9781b20bf
added jquery templates
2011-06-15 19:33:22 -04:00
Joey Hess
f3fd7696cf
added jquery-ui for attachment interface
2011-06-15 19:30:34 -04:00
Joey Hess
a695b5b2f8
updated jquery and made it its own underlay
2011-06-15 19:15:06 -04:00
Joey Hess
3a939f05c5
update copyright
2011-06-15 18:56:36 -04:00
Joey Hess
8e15f664c4
aggregate: Improve checking for too long aggregated filenames.
...
Two problems fixed:
1. Files are written with a .ikiwiki-new suffix, which has to be taken into
account.
2. Need to count length of bytes, not of unicode characters.
2011-06-10 18:47:57 -04:00
Joey Hess
cf707d1654
userlist: New plugin, lets admins see a list of users and their info.
2011-06-09 10:10:27 -04:00