Commit Graph

896 Commits (25c952abf30de3498ce51a0d8a71ae20bd500818)

Author SHA1 Message Date
Joey Hess 6b68c6ff72 releasing version 2.47 2008-05-25 14:28:33 -04:00
Joey Hess 5efaed6de6 Avoid unsightly warning message when evaling broken pagespecs.
Also improve error message when a pagespec fails to parse.
2008-05-22 13:11:25 -04:00
Joey Hess f6f25758a8 Perls older than 5.10 need to use the old method of decoding utf-8 in CGI values. Neither method will work for all versions of perl, so check version number at runtime. 2008-05-21 15:30:56 -04:00
Joey Hess 19945b5358 typo 2008-05-15 18:22:01 -04:00
Joey Hess 0438de905b ENV can be used in the setup file to override environment variable setting, such as TZ or PATH. 2008-05-15 18:20:52 -04:00
Joey Hess 0bf5248427 git: Skip over signed-off-by and similar lines in commit messages when generating recentchanges. 2008-05-15 18:03:44 -04:00
Joey Hess 8a888a8fed inline: Display a message if the 'pages' parameter is missing, before it just expanded to nothing. 2008-05-15 17:22:54 -04:00
Joey Hess 833610a5b4 orphans: As a special case, the toplevel index page is never considered an orphaned page. 2008-05-15 16:47:44 -04:00
Joey Hess 2c6f41e59c If PERL5LIB is set to the libdir when building ikiwiki, calculate and hardcode a proper 'use lib' statement anyway. This fixes a gotcha, since PERL5LIB won't work once ikiwiki is running via a wrapper or as a cgi. 2008-05-14 02:42:01 -04:00
Joey Hess fba4a198b5 mdwn: Add a multimarkdown setup file option. 2008-05-13 12:43:25 -04:00
Joey Hess 344b50d783 releasing version 2.46 2008-05-12 20:57:28 -04:00
Joey Hess fb3d5b4800 Fixes for behavior changes in perl 5.10's CGI
Something has changed in CGI.pm in perl 5.10. It used to not care
if STDIN was opened using :utf8, but now it'll mis-encode utf-8 values
when used that way by ikiwiki. Now I have to binmode(STDIN) before
instantiating the CGI object.

In 57bba4dac1, I changed from decoding
CGI::Formbuilder fields to utf-8, to decoding cgi parameters before setting
up the form object. As of perl 5.10, that approach no longer has any effect
(reason unknown). To get correctly encoded values in FormBuilder forms,
they must once again be decoded after the form is set up.

As noted in 57bba4da, this can cause one set of problems for
formbuilder_setup hooks if decode_form_utf8 is called before the hooks, and
a different set if it's called after. To avoid both sets of problems, call
it both before and after. (Only remaining problem is the sheer ugliness and
inefficiency of that..)

I think that these changes will also work with older perl versions, but I
haven't checked.

Also, in the case of the poll plugin, the cgi parameter needs to be
explcitly decoded before it is used to handle utf-8 values. (This may have
always been broken, not sure if it's related to perl 5.10 or not.)
2008-05-12 20:44:22 -04:00
Joey Hess 0850cde5a6 implemented pruning, s3 support now complete-ish 2008-05-07 23:51:25 -04:00
Joey Hess ec866f8370 Optimised file statting code when scanning for modified pages; cut the number of system calls in half. (Still room for improvement.) 2008-05-07 14:11:56 -04:00
Joey Hess b144831e46 pinger/pingee now tested and working 2008-05-06 19:06:53 -04:00
Joey Hess 64f9dfee32 typo 2008-05-05 20:44:18 -04:00
Joey Hess 1f88cad3a2 aggregate: Add support for web-based triggering of aggregation for people stuck on shared hosting without cron. (Sheesh.) Enabled via the `aggregate_webtrigger` configuration optiom. 2008-05-05 20:20:45 -04:00
Joey Hess 545054c356 releasing version 2.45 2008-05-05 15:17:44 -04:00
Joey Hess 3a9dfb8361 enhancesments for shared hosting
* Add a Bundle::Ikiwiki to the source for use with CPAN to install *all*
  the modules ikiwiki can use.
* Add a cpan directory containing a CPAN::MyConfig that can ease use of
  CPAN to install in a home directory on shared hosting providers.
* With these changes, it's pretty easy to install onto nearlyfreespeech.net
  and probably other shared hosting providers like dreamhost. Added
  a tip page documentng the process for nearlyfreespeech.
2008-05-05 14:51:26 -04:00
Joey Hess f06267fc3b git: Put -- before the filename when calling git rev-list to avoid warning message when the file doesn't exist. 2008-05-02 13:03:42 -04:00
Joey Hess b2dea99417 Fix ugly display when editing a page that has vanished.
srcfile now has an optional second parameter to avoid it throwing an error
if the source file does not exist.
2008-05-02 13:02:07 -04:00
Joey Hess 6f852e88e3 anonk: Add anonok_pagespec configuration setting that can be used to allow anonymous users to edit only matching pages. Closes: #478892 2008-05-01 14:58:23 -04:00
Joey Hess bb51e81762 img: Support a title attribute, will be passed through to html. Closes: #478718 2008-04-30 12:58:36 -04:00
Joey Hess 788f83c97d Add missing de.po. Closes: #471540 2008-04-29 16:28:07 -04:00
Joey Hess dbb5d11196 Deal with different paths to perl when removing -T flag. 2008-04-28 15:37:17 -04:00
Joey Hess 9f02ee8634 Add PREFIX/bin to the hardcoded PATH within ikiwiki. 2008-04-28 13:44:37 -04:00
Joey Hess 9652cdfe2e toc: Add the table of contents at sanitize time, rather than at format time. This allows the toc to be displayed when previewing an edit. It also avoids headers in the page template from showing up in the toc. 2008-04-26 15:13:01 -04:00
Joey Hess 7d7f85bbb5 Correct a bug in pagespec matching, where a empty pagespec matched all pages.
This manifested as wikis with no locked pages treating them all as locked.
The bug was introduced in version 2.41.

Medium urgency upload due to above fix.
2008-04-24 13:49:15 -04:00
Joey Hess a46261fec2 Allow libtext-markdown-perl to satisfy dependencies, as a an alternative to the markdown package. 2008-04-21 15:14:39 -04:00
Joey Hess 3912a9f5e9 add CVE link 2008-04-20 15:25:51 -04:00
Joey Hess f1228946bd Bring back the svnrepo setup file option. This is needed for recentchangediff to work with svn repos. 2008-04-17 14:37:55 -04:00
Joey Hess 18cb252e74 releasing version 2.43 2008-04-16 18:44:58 -04:00
Joey Hess 14b59caba3 Recommend a recent git-core for git init. Closes: 475609 2008-04-11 20:06:23 -04:00
Joey Hess 2beb279806 Give the full path to the hyperestraier helpfile in estseek.conf. 2008-04-10 17:50:43 -04:00
Joey Hess b698bf2408 Use bzr --quiet to avoid it outputting stuff and messing up http headers. (Scott Bronson) 2008-04-10 17:44:40 -04:00
Joey Hess e4395a567b Fix broken rcs_update for bzr. (Scott Bronson) 2008-04-10 17:41:43 -04:00
Joey Hess e1d456a86f Fix missing import of escapeHTML in userlink. (Scott Bronson) 2008-04-10 17:39:51 -04:00
Joey Hess 7f51c69491 releasing version 2.42 2008-04-10 17:24:08 -04:00
Joey Hess 72b5ef2c5f Fix CSRF attacks against the preferences and edit forms. Closes: #475445
The fix involved embedding the session id in the forms, and not allowing the
forms to be submitted if the embedded id does not match the session id.

In the case of the preferences form, if the session id is not embedded,
then the CGI parameters are cleared. This avoids a secondary attack where the
link to the preferences form prefills password or other fields, and
the user hits "submit" without noticing these prefilled values.

In the case of the editpage form, the anonok plugin can allow anyone to edit,
and so I chose not to guard against CSRF attacks against users who are not
logged in. Otherwise, it also embeds the session id and checks it.

For page editing, I assume that the user will notice if content or commit
message is changed because of CGI parameters, and won't blndly hit save page.
So I didn't block those CGI paramters. (It's even possible to use those CGI
parameters, for good, not for evil, I guess..)

The only other CSRF attack I can think of in ikiwiki involves the poll plugin.
It's certianly possible to set up a link that causes the user to unknowingly
vote in a poll. However, the poll plugin is not intended to be used for things
that people would want to attack, since anyone can after all edit the poll page
and fill in any values they like. So this "attack" is ignorable.
2008-04-10 16:35:30 -04:00
Joey Hess 04e7467807 need to handle urls to images the same
Also, simplified finding the url to the top of the site.
2008-04-03 16:37:05 -04:00
Joey Hess de8c34df59 aggregate: Correct a mistake in the code that dummy up a guid for feeds lacking one. 2008-04-03 02:36:01 -04:00
Joey Hess 5b8f2742f3 releasing version 2.41 2008-03-29 21:17:15 -04:00
Joey Hess f6bd81db15 Added a hardlink option in the setup file, useful if the source and dest are on the same filesystem and the wiki includes large media files, which would normally be copied, wasting time and space. 2008-03-29 21:02:47 -04:00
Joey Hess d2911a20a6 inline: Allow the "feedshow" parameter to take values greater than the value for "show". 2008-03-23 17:39:03 -04:00
Joey Hess ca8852b434 external: Work around XML RPC's lack of support for null by passing a special sentinal value. 2008-03-21 15:12:15 -04:00
Joey Hess 213eb2e408 Changed to a binary index file, written using Storable, for speed
During refresh of a wiki with 800 files, loadindex was using more total
time than any other function, and saveindex was also in the top ten.
Rewriting them to use Storable makes them three times as fast.

0.7 seconds is saved on my laptop in profiling mode.
2008-03-21 09:07:44 -04:00
Joey Hess bf7360347e Precompile pagespecs, about 10% overall speedup
About 12% of ikiwiki runtime was spent in pagespec_match. It was evaling
the same pagespec code over and over again. This changes pagespec_translate
to return memoized, precompiled functions that can be called to match against
a given pagespec.

This also allows getting rid of the weird variable scoping trick that had
to be in effect for pagespec_translate to be called -- the variables are
now just fed into the function it returns.

On my laptop, this drops build time for the docwiki from about 60 to 50
seconds.
2008-03-21 06:36:07 -04:00
Joey Hess f937c1fb80 crazy optimisation to work around slow markdown
Markdown is slow. Especially if it has to process an enormous page. The
most common enormous page is currently the recentchanges page, which gets
processed a lot, and contains very little actual markdown. Most of it is a
big <div>, which markdown skips ... slowly.

This is a rather sick optimisation to work around markdown's speed issues.
Now inline inserts a small, dummy div, allows markdown to quickly render
the actual page content, then replaces the dummy with the actual inlined
pages later.

Results: Rendering just a recentchanges page, with diffs included, dropped
from 4.5 seconds to 2.7 seconds on my laptop. Building the entire wiki
dropped from 46.6 seconds to 39.5 seconds.

(It would be better if inline were a *post*-processor directive.)
2008-03-21 04:48:26 -04:00
Joey Hess be4e3ad587 typo 2008-03-21 02:43:56 -04:00
Joey Hess 44824dba1b smiley: Detect smileys inside pre and tags, and do not expand. 2008-03-21 02:43:20 -04:00